From 2359ae86ace1c3a48f6c63e8ef7bcfc284aab216 Mon Sep 17 00:00:00 2001
From: "Include caleb.fun" <70612830+oasisMystre@users.noreply.github.com>
Date: Fri, 12 May 2023 08:59:06 +0100
Subject: [PATCH] run middleware after authentication

---
 rest_framework/views.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rest_framework/views.py b/rest_framework/views.py
index a4c53b60d..e6598ad8e 100644
--- a/rest_framework/views.py
+++ b/rest_framework/views.py
@@ -430,11 +430,11 @@ class APIView(View):
 
         # Ensure that the incoming request is permitted
         self.perform_authentication(request)
+        # only authentication before, other task ran after mutation
+        self.initialize_middleware_classes(request)
         self.check_permissions(request)
         self.check_throttles(request)
 
-        # authentication and other task ran before final mutation
-        self.initialize_middleware_classes(request)
 
     def finalize_response(self, request, response, *args, **kwargs):
         """