Fix error in throttling when request.user is None (#8370)

Check to see if request.user is set before proceeding with further authentication checks.
encode · Jun 24, 2022 · 129890a · 129890a
1 parent 2051a79
commit 129890a
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/rest_framework/throttling.py b/rest_framework/throttling.py
@@ -171,7 +171,7 @@ class AnonRateThrottle(SimpleRateThrottle):
  scope = 'anon'
 
  def get_cache_key(self, request, view):
- if request.user.is_authenticated:
+ if request.user and request.user.is_authenticated:
  return None # Only throttle unauthenticated requests.
 
  return self.cache_format % {
@@ -191,7 +191,7 @@ class UserRateThrottle(SimpleRateThrottle):
  scope = 'user'
 
  def get_cache_key(self, request, view):
- if request.user.is_authenticated:
+ if request.user and request.user.is_authenticated:
  ident = request.user.pk
  else:
  ident = self.get_ident(request)
@@ -239,7 +239,7 @@ def get_cache_key(self, request, view):
  Otherwise generate the unique cache key by concatenating the user id
  with the `.throttle_scope` property of the view.
  """
- if request.user.is_authenticated:
+ if request.user and request.user.is_authenticated:
  ident = request.user.pk
  else:
  ident = self.get_ident(request)