qq @yuekui @mjbogusz : are you facing 500 error exceptions with this? In other words, are you having to manually catch this edge case? I noticed that the DRF exception does not inherit from the user not found exception, making this a breaking change

I didn't get as far as getting 500s, as I was upgrading from 5.0 and our unit tests failed on previously unexpected UserNotFound.

AuthenticationFailed is already handled by DRF's APIView:handle_exception() and it's consistent with neighboring behavior for a not active account, so I've added handling this edge case by raising the same type of error and our tests passed again without any additional error handling.

qq @yuekui @mjbogusz : are you facing 500 error exceptions with this? In other words, are you having to manually catch this edge case? I noticed that the DRF exception does not inherit from the user not found exception, making this a breaking change

Yes, it's a 500 error and a breaking change for me. That's why I opened the issue and submitted the patch right after v5.4.0 was released.

Got it, it sounds like a patch release is necessary rather than a minor/major version upgrade.

I'd say this sounds like a minor-release-level change, as it shouldn't require immediate code adjustments whether or not someone has implemented a workaround like my example in #860; the behavior will change slightly though.

The exception thrown is the same as previously and is handled by DRF already so I wouldn't say it's a breaking change either.

But of course the final decision is up to the maintainers - I'm just hoping the fix will land soon ;)