Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions rest_framework_simplejwt/authentication.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
from typing import Optional, TypeVar
from typing import Any, Optional, TypeVar

from django.contrib.auth import get_user_model
from django.contrib.auth.models import AbstractBaseUser
Expand Down Expand Up @@ -121,6 +121,9 @@ def get_validated_token(self, raw_token: bytes) -> Token:
}
)

def get_user_queryset(self, user_id: Any = None) -> AuthUser | None:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's a bit nitty, but would the better method name here be get_user_object?

It would immediately be clear from the name that an object is fetched, and not a queryset, and it would be similar to DRF method: https://www.django-rest-framework.org/api-guide/generic-views/#get_objectself

return self.user_model.objects.get(**{api_settings.USER_ID_FIELD: user_id})

def get_user(self, validated_token: Token) -> AuthUser:
"""
Attempts to find and return a user using the given validated token.
Expand All @@ -133,7 +136,9 @@ def get_user(self, validated_token: Token) -> AuthUser:
) from e

try:
user = self.user_model.objects.get(**{api_settings.USER_ID_FIELD: user_id})
user = self.get_user_queryset(user_id)
if not user:
Comment on lines +139 to +140
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

DRF has a get_object method but they never check if really only one object is returned from the method, so i guess we shouldn't too. Just wanted to raise this so that we are aware of this problem if someone does a filter instead of get in get_user_queryset

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should be ensuring that only a single object is returned, otherwise we can raise a dev internal error for multiple objects returned or an iterable is returned as a helpful guide.

raise AuthenticationFailed(_("User not found"), code="user_not_found")
except self.user_model.DoesNotExist as e:
raise AuthenticationFailed(
_("User not found"), code="user_not_found"
Expand Down