diff --git a/CTFd/api/v1/challenges.py b/CTFd/api/v1/challenges.py
index 0a6f5348..521f83fd 100644
--- a/CTFd/api/v1/challenges.py
+++ b/CTFd/api/v1/challenges.py
@@ -266,8 +266,15 @@ class Challenge(Resource):
 class ChallengeAttempt(Resource):
     @during_ctf_time_only
     @require_verified_emails
-    @authed_only
     def post(self):
+        if authed() is False:
+            return {
+                'success': True,
+                'data': {
+                    'status': "authentication_required",
+                }
+            }, 403
+
         if request.content_type != 'application/json':
             request_data = request.form
         else:
diff --git a/tests/users/test_challenges.py b/tests/users/test_challenges.py
index d107a069..d6f83355 100644
--- a/tests/users/test_challenges.py
+++ b/tests/users/test_challenges.py
@@ -317,13 +317,6 @@ def test_that_view_challenges_unregistered_works():
         r = client.get('/api/v1/challenges')
         assert r.get_json()['data']
 
-        # r = client.get('/chals/solves')
-        # data = r.get_data(as_text=True)
-        # assert json.loads(data) == json.loads('''{
-        #       "1": 0
-        #     }
-        #     ''')
-
         r = client.get('/api/v1/challenges/1/solves')
         assert r.get_json().get('data') is not None
 
@@ -333,7 +326,8 @@ def test_that_view_challenges_unregistered_works():
         }
         r = client.post('/api/v1/challenges/attempt'.format(chal_id), json=data)
         assert r.status_code == 403
-        resp = r.get_json().get('data') is None
+        assert r.get_json().get('data').get('status') == "authentication_required"
+        assert r.get_json().get('data').get('message') is None
     destroy_ctfd(app)