Skip to content

Commit

Permalink
Fix error in throttling when request.user is None (#8370)
Browse files Browse the repository at this point in the history
Check to see if request.user is set before proceeding with further
authentication checks.
  • Loading branch information
4nickel authored Jun 24, 2022
1 parent 2051a79 commit 129890a
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions rest_framework/throttling.py
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ class AnonRateThrottle(SimpleRateThrottle):
scope = 'anon'

def get_cache_key(self, request, view):
if request.user.is_authenticated:
if request.user and request.user.is_authenticated:
return None # Only throttle unauthenticated requests.

return self.cache_format % {
Expand All @@ -191,7 +191,7 @@ class UserRateThrottle(SimpleRateThrottle):
scope = 'user'

def get_cache_key(self, request, view):
if request.user.is_authenticated:
if request.user and request.user.is_authenticated:
ident = request.user.pk
else:
ident = self.get_ident(request)
Expand Down Expand Up @@ -239,7 +239,7 @@ def get_cache_key(self, request, view):
Otherwise generate the unique cache key by concatenating the user id
with the `.throttle_scope` property of the view.
"""
if request.user.is_authenticated:
if request.user and request.user.is_authenticated:
ident = request.user.pk
else:
ident = self.get_ident(request)
Expand Down

0 comments on commit 129890a

Please sign in to comment.