Fix error in throttling when request.user is None (#8370)

Check to see if request.user is set before proceeding with further
authentication checks.
This commit is contained in:
Felix Viernickel 2022-06-24 14:02:11 +02:00 committed by GitHub
parent 2051a79da3
commit 129890ab1b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -171,7 +171,7 @@ class AnonRateThrottle(SimpleRateThrottle):
scope = 'anon'
def get_cache_key(self, request, view):
if request.user.is_authenticated:
if request.user and request.user.is_authenticated:
return None # Only throttle unauthenticated requests.
return self.cache_format % {
@ -191,7 +191,7 @@ class UserRateThrottle(SimpleRateThrottle):
scope = 'user'
def get_cache_key(self, request, view):
if request.user.is_authenticated:
if request.user and request.user.is_authenticated:
ident = request.user.pk
else:
ident = self.get_ident(request)
@ -239,7 +239,7 @@ class ScopedRateThrottle(SimpleRateThrottle):
Otherwise generate the unique cache key by concatenating the user id
with the `.throttle_scope` property of the view.
"""
if request.user.is_authenticated:
if request.user and request.user.is_authenticated:
ident = request.user.pk
else:
ident = self.get_ident(request)