The JWTStatelessUserAuthentication backend’s authenticate method does not perform a database lookup to obtain a user instance.
Instead, it returns a rest_framework_simplejwt.models.TokenUser instance which acts as a stateless user object backed only by a validated token instead of a record in a database.
This is not taken into account in the user and password endpoints of dj-rest-auth causing either incomplete information to be returned for the user or, in the worst case, a full crash due to invocation of methods that are not implemented for TokenUser.
This PR fixes it by checking whether the current user is a TokenUser and fetching the proper User before applying any changes.
The JWTStatelessUserAuthentication backend’s authenticate method does not perform a database lookup to obtain a user instance.
Instead, it returns a rest_framework_simplejwt.models.TokenUser instance which acts as a stateless user object backed only by a validated token instead of a record in a database.
This is not taken into account in the user and password endpoints of dj-rest-auth causing either incomplete information to be returned for the user or, in the worst case, a full crash due to invocation of methods that are not implemented for TokenUser.
This PR fixes it by checking whether the current user is a TokenUser and fetching the proper User before applying any changes.