Avoid DoesNotExist exception in TokenRefreshSerializer

Author: yuekui

rest_framework_simplejwt/serializers.py

@@ -112,11 +112,12 @@ def validate(self, attrs: dict[str, Any]) -> dict[str, str]:
         refresh = self.token_class(attrs["refresh"])
 
         user_id = refresh.payload.get(api_settings.USER_ID_CLAIM, None)
-        if user_id and (
-            user := get_user_model().objects.get(
-                **{api_settings.USER_ID_FIELD: user_id}
+        if user_id:
+            user = (
+                get_user_model()
+                .objects.filter(**{api_settings.USER_ID_FIELD: user_id})
+                .first()
             )
-        ):
             if not api_settings.USER_AUTHENTICATION_RULE(user):
                 raise AuthenticationFailed(
                     self.error_messages["no_active_account"],

tests/test_serializers.py

@@ -4,7 +4,6 @@
 
 from django.conf import settings
 from django.contrib.auth import get_user_model
-from django.core import exceptions as django_exceptions
 from django.test import TestCase, override_settings
 from rest_framework import exceptions as drf_exceptions
 
@@ -286,10 +285,10 @@ def test_it_should_raise_error_for_deleted_users(self):
 
         s = TokenRefreshSerializer(data={"refresh": str(refresh)})
 
-        with self.assertRaises(django_exceptions.ObjectDoesNotExist) as e:
+        with self.assertRaises(drf_exceptions.AuthenticationFailed) as e:
             s.is_valid()
 
-        self.assertIn("does not exist", str(e.exception))
+        self.assertIn("No active account", str(e.exception))
 
     def test_it_should_raise_error_for_inactive_users(self):
         refresh = RefreshToken.for_user(self.user)