minimal fix

Author: phenobarbital

navigator/version.py

@@ -4,7 +4,7 @@
 __description__ = (
     "Navigator Web Framework based on aiohttp, " "with batteries included."
 )
-__version__ = "2.14.8"
+__version__ = "2.14.9"
 __copyright__ = "Copyright (c) 2020-2024 Jesus Lara"
 __author__ = "Jesus Lara"
 __author_email__ = "jesuslarag@gmail.com"

navigator/views/abstract.py

@@ -378,7 +378,7 @@ def service_auth(fn: Union[Any, Any]) -> Any:
         async def _wrap(self, *args, **kwargs):
             ## get User Session:
             await self.session()
-            if self._session:
+            if self._session and self.request.get("authenticated", False):
                 self._userid = await self.get_userid(self._session)
             # TODO: Checking User Permissions:
             ## Calling post-authorization Model:
@@ -401,6 +401,10 @@ async def session(self):
                 exception=err
             )
         if not self._session:
+            # If the request was not marked as authenticated by middleware
+            # (e.g., excluded endpoint), allow anonymous access.
+            if not self.request.get("authenticated", False):
+                return None
             # TODO: add support for service tokens
             if hasattr(self.model.Meta, 'allowed_methods'):
                 if self.request.method in self.model.Meta.allowed_methods:

navigator/views/model.py

@@ -107,7 +107,7 @@ def service_auth(fn: Union[Any, Any]) -> Any:
         async def _wrap(self, *args, **kwargs):
             ## get User Session:
             await self.session()
-            if self._session:
+            if self._session and self.request.get("authenticated", False):
                 self._userid = await self.get_userid(self._session)
             # TODO: Checking User Permissions:
             ## Calling post-authorization Model: