feat: log warning if token is being created for inactive user (#873)

As per [discussion](#779 (comment)), this PR adds a warning if a developer tries to create the token for the non-active user.

Part of #779

Author: vgrozdanic

rest_framework_simplejwt/tokens.py

@@ -23,6 +23,7 @@
     datetime_to_epoch,
     format_lazy,
     get_md5_hash_password,
+    logger,
 )
 
 if TYPE_CHECKING:
@@ -235,6 +236,12 @@ def for_user(cls: type[T], user: AuthUser) -> T:
         Returns an authorization token for the given user that will be provided
         after authenticating the user's credentials.
         """
+
+        if hasattr(user, "is_active") and not user.is_active:
+            logger.warning(
+                f"Creating token for inactive user: {user.id}. If this is not intentional, consider checking the user's status before calling the `for_user` method."
+            )
+
         user_id = getattr(user, api_settings.USER_ID_FIELD)
         if not isinstance(user_id, int):
             user_id = str(user_id)

rest_framework_simplejwt/utils.py

@@ -1,4 +1,5 @@
 import hashlib
+import logging
 from calendar import timegm
 from datetime import datetime, timezone
 from typing import Callable
@@ -46,3 +47,5 @@ def format_lazy(s: str, *args, **kwargs) -> str:
 
 
 format_lazy: Callable = lazy(format_lazy, str)
+
+logger = logging.getLogger("rest_framework_simplejwt")