Fix error in throttling when request.user is None (#8370)

4nickel · web-flow · commit 129890ab1bbb · 2022-06-24T13:02:11.000+01:00
Check to see if request.user is set before proceeding with further
authentication checks.
diff --git a/rest_framework/throttling.py b/rest_framework/throttling.py
@@ -171,7 +171,7 @@ class AnonRateThrottle(SimpleRateThrottle):
     scope = 'anon'
 
     def get_cache_key(self, request, view):
-        if request.user.is_authenticated:
+        if request.user and request.user.is_authenticated:
             return None  # Only throttle unauthenticated requests.
 
         return self.cache_format % {
@@ -191,7 +191,7 @@ class UserRateThrottle(SimpleRateThrottle):
     scope = 'user'
 
     def get_cache_key(self, request, view):
-        if request.user.is_authenticated:
+        if request.user and request.user.is_authenticated:
             ident = request.user.pk
         else:
             ident = self.get_ident(request)
@@ -239,7 +239,7 @@ def get_cache_key(self, request, view):
         Otherwise generate the unique cache key by concatenating the user id
         with the `.throttle_scope` property of the view.
         """
-        if request.user.is_authenticated:
+        if request.user and request.user.is_authenticated:
             ident = request.user.pk
         else:
             ident = self.get_ident(request)
