improve filter_regex

- Had a mistake (unquoted '.') and missing '-' as an allowed character. Also '_' already in '\w'
- Don't be so exhaustive in testing for invalid filters; let JSONAPIQueryValidationFilter (when available)
  deal with that.

Author: n2ygk

example/tests/test_filters.py

@@ -314,17 +314,6 @@ def test_filter_missing_right_bracket(self):
         self.assertEqual(dja_response['errors'][0]['detail'],
                          "invalid filter: filter[headline")
 
-    def test_filter_incorrect_brackets(self):
-        """
-        test for filter with incorrect brackets
-        """
-        response = self.client.get(self.url, data={'filter{headline}': 'foobar'})
-        self.assertEqual(response.status_code, 400,
-                         msg=response.content.decode("utf-8"))
-        dja_response = response.json()
-        self.assertEqual(dja_response['errors'][0]['detail'],
-                         "invalid filter: filter{headline}")
-
     def test_filter_missing_rvalue(self):
         """
         test for filter with missing value to test against

rest_framework_json_api/filters/filter.py

@@ -57,13 +57,19 @@ class JSONAPIDjangoFilter(DjangoFilterBackend):
         `filter[<something>]` to comply with the jsonapi spec requirement to use the filter
         keyword. The default is "search" unless overriden but it's used here just to make sure
         we don't complain about it being an invalid filter.
-
-        TODO: find a better way to deal with search_param.
         """
+        # TODO: find a better way to deal with search_param.
         search_param = api_settings.SEARCH_PARAM
-        # since 'filter' passes query parameter validation but is still invalid,
-        # make this regex check for it but not set `filter` regex group.
-        filter_regex = re.compile(r'^filter(?P<ldelim>\W*)(?P<assoc>[\w._]*)(?P<rdelim>\W*$)')
+
+        # Make this regex check for 'filter' as well as 'filter[...]'
+        # Leave other incorrect usages of 'filter' to JSONAPIQueryValidationFilter.
+        # See http://jsonapi.org/format/#document-member-names for allowed characters
+        # and http://jsonapi.org/format/#document-member-names-reserved-characters for reserved
+        # characters (for use in paths, lists or as delimiters).
+        # regex `\w` matches [a-zA-Z0-9_].
+        # TODO: U+0080 and above allowed but not recommended. Leave them out for now. Fix later?
+        #       Also, ' ' (space) is allowed within a member name but not recommended.
+        filter_regex = re.compile(r'^filter(?P<ldelim>\[?)(?P<assoc>[\w\.\-]*)(?P<rdelim>\]?$)')
 
         def validate_filter(self, keys, filterset_class):
             for k in keys: