Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Avoid DoesNotExist exception in TokenRefreshSerializer #861

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

fix: Avoid DoesNotExist exception in TokenRefreshSerializer #861

wants to merge 3 commits into from

Conversation

yuekui
Copy link

@yuekui yuekui commented Feb 6, 2025
edited
Loading

#860
For deleted users, they should be treated the same as when no active user is found. This DoesNotExist exception was introduced in the previous version.

@vgrozdanic vgrozdanic mentioned this pull request Feb 26, 2025
Open
3 tasks
vgrozdanic
vgrozdanic approved these changes Feb 26, 2025
View reviewed changes
Copy link
Contributor

@vgrozdanic vgrozdanic left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, thank you for the contribution!

I added this PR on a checklist for next major release since it does some breaking changes: #871

Andrew-Chen-Wang
Andrew-Chen-Wang requested changes Feb 27, 2025
View reviewed changes
rest_framework_simplejwt/serializers.py
Comment on lines +116 to +119
user = (
get_user_model()
.objects.filter(**{api_settings.USER_ID_FIELD: user_id})
.first()
Copy link
Member

@Andrew-Chen-Wang Andrew-Chen-Wang Feb 27, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this may not be expected since the USER_AUTHENTICATION_RULE expects a user object, not None

djangorestframework-simplejwt/rest_framework_simplejwt/authentication.py

Line 170 in faeea49

def default_user_authentication_rule(user: AuthUser) -> bool:

suggestion: simply check if the user exists OR check authentication rule does not pass rather than solely rely on the authentication rule

Copy link
Author

@yuekui yuekui Feb 27, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the USER_AUTHENTICATION_RULE method already performs the user is not None check, would adding another check outside the method introduce unnecessary code duplication?

djangorestframework-simplejwt/rest_framework_simplejwt/authentication.py

Line 178 in faeea49

return user is not None and (

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yea, the problem is the initial typing was typed assuming the user object is valid...

I mean that's my fault for not checking that. I guess this is fine, but we should also update the typing for the authentication rule?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense, updated

Andrew-Chen-Wang
Andrew-Chen-Wang approved these changes Feb 27, 2025
View reviewed changes
Copy link
Member

@Andrew-Chen-Wang Andrew-Chen-Wang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

awesome thank you!

@vgrozdanic vgrozdanic self-assigned this Mar 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vgrozdanic vgrozdanic

@Andrew-Chen-Wang Andrew-Chen-Wang

Assignees

@vgrozdanic vgrozdanic

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@yuekui @vgrozdanic @Andrew-Chen-Wang