From 129890ab1bbbba2deb96b8e30675dfb1060d7615 Mon Sep 17 00:00:00 2001
From: Felix Viernickel <57354511+4nickel@users.noreply.github.com>
Date: Fri, 24 Jun 2022 14:02:11 +0200
Subject: [PATCH] Fix error in throttling when request.user is None (#8370)

Check to see if request.user is set before proceeding with further
authentication checks.
---
 rest_framework/throttling.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rest_framework/throttling.py b/rest_framework/throttling.py
index aee83b567..c0d6cf42f 100644
--- a/rest_framework/throttling.py
+++ b/rest_framework/throttling.py
@@ -171,7 +171,7 @@ class AnonRateThrottle(SimpleRateThrottle):
     scope = 'anon'
 
     def get_cache_key(self, request, view):
-        if request.user.is_authenticated:
+        if request.user and request.user.is_authenticated:
             return None  # Only throttle unauthenticated requests.
 
         return self.cache_format % {
@@ -191,7 +191,7 @@ class UserRateThrottle(SimpleRateThrottle):
     scope = 'user'
 
     def get_cache_key(self, request, view):
-        if request.user.is_authenticated:
+        if request.user and request.user.is_authenticated:
             ident = request.user.pk
         else:
             ident = self.get_ident(request)
@@ -239,7 +239,7 @@ class ScopedRateThrottle(SimpleRateThrottle):
         Otherwise generate the unique cache key by concatenating the user id
         with the `.throttle_scope` property of the view.
         """
-        if request.user.is_authenticated:
+        if request.user and request.user.is_authenticated:
             ident = request.user.pk
         else:
             ident = self.get_ident(request)