'AnonymousUser' object is not iterable

django django-authentication
artem picture artem · May 26, 2016 · Viewed 12k times · Source 
if not request.user.is_authenticated:
    return None

try:
    return ClientProfile.objects.get(user=request.user)
except ClientProfile.DoesNotExist:
    return None

This code should return None, if I'm not logged in and trying to call it. But as I see from stacktrace, it crashes with error "'AnonymousUser' object is not iterable" on this line:

return ClientProfile.objects.get(user=request.user)

I'm browsing the following page in private mode, so I'm 100% not authenticated.

How to fix this issue?

Answer

Alasdair picture Alasdair · May 26, 2016

In Django 1.9 and earlier, is_authenticated() is a method, you must call it.

if not request.user.is_authenticated():
    ...

It's an easy mistake to forget to call the method. In your case it's causing an error, but in other cases it might allow users to have access to data that they shouldn't. From Django 1.10, is_authenticated is changing to a property to prevent this.

Related questions

Extending the User model with custom fields in Django

What's the best way to extend the User model (bundled with Django's authentication app) with custom fields? I would also possibly like to use the email as the username (for authentication purposes). I've already seen a few ways to do …

Read More
How to get the currently logged in user's user id in Django?

How to get the currently logged-in user's id? in models.py: class Game(models.model): name = models.CharField(max_length=255) owner = models.ForeignKey(User, related_name='game_user', verbose_name='Owner') in views.py: gta = Game.objects.create(name="gta", …

Read More
Having Django serve downloadable files

I want users on the site to be able to download files whose paths are obscured so they cannot be directly downloaded. For instance, I'd like the URL to be something like this: http://example.com/download/?f=somefile.txt …

Read More