search

JMU-CIME / CPR-Music-Backend

MIT License
4 stars 25 forks source link

anonymous user in api view? #36

Open hcientist opened 1 year ago

hcientist commented 1 year ago

Is there a way to (should we implement) guard against reaching an api view without the prereqs?

I'm not entirely sure how this happened, perhaps the person logged out in a different tab or something?

Internal Server Error: /api/courses/esm-test-september-2022/assignments/339/

AttributeError at /api/courses/esm-test-september-2022/assignments/339/
'AnonymousUser' object has no attribute 'enrollment_set'

Request Method: GET
Request URL: https://urldefense.proofpoint.com/v2/url?u=https-3A__dev-2Dapi.musiccpr.org_api_courses_esm-2Dtest-2Dseptember-2D2022_assignments_339_&d=DwIFaQ&c=eLbWYnpnzycBCgmb7vCI4uqNEB9RSjOdn_5nBEmmeq0&r=rrC3cfqvgBRASm9KpaFU7YZ-QoJM8uRBU44WMDnq2Ro&m=5MQipzdN53ctEjBF8_n6Ki3SasKEp-yczbVuLYgebwgUVqqpiUn7WzRY8NikqvuE&s=kLWMR9wHi50wvaQ9ETc5lR88ALuYCa7wa3z0oF1EU_c&e=
Django Version: 3.2.11
Python Executable: /home/ec2-user/venv-dev/bin/python3
Python Version: 3.7.10
Python Path: ['/home/ec2-user/venv-dev/bin', '/home/ec2-user/dev-versions/live', '/home/ec2-user/dev-versions/v0.2.2', '/usr/lib64/python37.zip', '/usr/lib64/python3.7', '/usr/lib64/python3.7/lib-dynload', '/home/ec2-user/venv-dev/lib64/python3.7/site-packages', '/home/ec2-user/venv-dev/lib/python3.7/site-packages', '/home/ec2-user/dev-versions/v0.2.2/teleband']
Server time: Fri, 07 Oct 2022 21:00:27 -0400
Installed Applications:
['collectfast',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.sites',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django.contrib.admin',
 'django.forms',
 'crispy_forms',
 'crispy_bootstrap5',
 'allauth',
 'allauth.account',
 'allauth.socialaccount',
 'rest_framework',
 'rest_framework.authtoken',
 'corsheaders',
 'reversion',
 'invitations',
 'drf_spectacular',
 'teleband.users',
 'teleband.assignments',
 'teleband.courses',
 'teleband.instruments',
 'teleband.musics',
 'teleband.submissions',
 'storages',
 'anymail']
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
 'corsheaders.middleware.CorsMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.locale.LocaleMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.common.BrokenLinkEmailsMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'reversion.middleware.RevisionMiddleware']

Traceback (most recent call last):
  File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/asgiref/sync.py", line 472, in thread_handler
    raise exc_info[1]
  File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/django/core/handlers/exception.py", line 38, in inner
    response = await get_response(request)
  File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/django/core/handlers/base.py", line 233, in _get_response_async
    response = await wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/asgiref/sync.py", line 435, in __call__
    ret = await asyncio.wait_for(future, timeout=None)
  File "/usr/lib64/python3.7/asyncio/tasks.py", line 414, in wait_for
    return await fut
  File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/asgiref/current_thread_executor.py", line 22, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/asgiref/sync.py", line 476, in thread_handler
    return func(*args, **kwargs)
  File "/usr/lib64/python3.7/contextlib.py", line 74, in inner
    return func(*args, **kwds)
  File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/rest_framework/viewsets.py", line 125, in view
    return self.dispatch(request, *args, **kwargs)
  File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/rest_framework/views.py", line 509, in dispatch
    response = self.handle_exception(exc)
  File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/rest_framework/views.py", line 469, in handle_exception
    self.raise_uncaught_exception(exc)
  File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
    raise exc
  File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/rest_framework/views.py", line 506, in dispatch
    response = handler(request, *args, **kwargs)
  File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/rest_framework/mixins.py", line 54, in retrieve
    instance = self.get_object()
  File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/rest_framework/generics.py", line 83, in get_object
    queryset = self.filter_queryset(self.get_queryset())
  File "/home/ec2-user/dev-versions/live/teleband/assignments/api/views.py", line 69, in get_queryset
    role = self.request.user.enrollment_set.get(course=course).role

Exception Type: AttributeError at /api/courses/esm-test-september-2022/assignments/339/
Exception Value: 'AnonymousUser' object has no attribute 'enrollment_set'
Request information:
USER: AnonymousUser
nwself commented 1 year ago

Either this viewset or the global default permission classes should include IsAuthenticated https://www.django-rest-framework.org/api-guide/permissions/