1 files changed, 3 insertions, 2 deletions

diff --git a/djangorestframework/authentication.py b/djangorestframework/authentication.py
index e326c15a..00a61e3d 100644
--- a/djangorestframework/authentication.py
+++ b/djangorestframework/authentication.py
@@ -88,13 +88,14 @@ class UserLoggedInAuthentication(BaseAuthentication):
         Otherwise returns :const:`None`.
         """
         request.DATA  # Make sure our generic parsing runs first
+        user = getattr(request.request, 'user', None)
 
-        if getattr(request, 'user', None) and request.user.is_active:
+        if user and user.is_active:
             # Enforce CSRF validation for session based authentication.
             resp = CsrfViewMiddleware().process_view(request, None, (), {})
 
             if resp is None:  # csrf passed
-                return request.user
+                return user
         return None