From 2f283db82348420c2ec5e12699db8db3c0246554 Mon Sep 17 00:00:00 2001
From: Maxime Alves LIRMM <maxime.alves@lirmm.fr>
Date: Fri, 10 Jul 2020 12:53:25 +0200
Subject: [PATCH] [acl] more checks in connected decorator

---
 halfapi/acl.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/halfapi/acl.py b/halfapi/acl.py
index 4377cf2..8228986 100644
--- a/halfapi/acl.py
+++ b/halfapi/acl.py
@@ -1,5 +1,7 @@
 #!/usr/bin/env python3
 from functools import wraps
+from starlette.authentication import UnauthenticatedUser
+
 """ Base ACL module that contains generic functions for domains ACL
 """
 
@@ -8,7 +10,9 @@ def connected(func):
     """
     @wraps(func)
     def caller(req, *args, **kwargs):
-        if not hasattr(req.user, 'is_authenticated'):
+        if (not hasattr(req, 'user')
+          or type(req.user) == UnauthenticatedUser
+          or not hasattr(req.user, 'is_authenticated')):
             return False
         return func(req, **kwargs)