Getting Unauthenticated warnings despite using permissions.AllowAny

Question

This is my APIView:

class VerifyEmail(APIView):
    serializer_class = EmailVerificationSerializer
    token_param_config = openapi.Parameter(
        'token',
        in_=openapi.IN_QUERY,
        description='Description',
        type=openapi.TYPE_STRING
    )
    @permission_classes([permissions.AllowAny])
    @swagger_auto_schema(manual_parameters=[token_param_config])
    def get(self, request):
        token = request.GET.get('token')
        try:
            payload = get_payload(request)
            user = User.objects.get(id=payload['user_id'])
            if not user.is_verified:
                user.is_verified = True
                user.save()
            return Response({'email': 'Successfully activated'}, status=status.HTTP_200_OK)
        except jwt.ExpiredSignatureError as identifier:
            return Response({'error': 'Activation Expired'}, status=status.HTTP_400_BAD_REQUEST)
        except jwt.exceptions.DecodeError as identifier:
            return Response({'error': 'Invalid token'}, status=status.HTTP_400_BAD_REQUEST)

It is asking for authentication despite me mentioning AllowAny. I don't want this apiview to require authentication. The complete code is hosted here

Answer 1

Comment the following lines:

     # user = get_user_obj(request)
            # if not user.is_verified:
            #     user.is_verified = True
            #     user.save()

in the get method.

get_user_obj is calling the get_payload method. Which is raising the "Unauthenticated!" error.

Here is the 200 response if I comment the lines.

Please change your logic for verifying emails. Here is a good guide. https://www.rockandnull.com/django-email-verification/