Only attempt to process session key if user is authenticated

netbox/secrets/api/views.py

@@ -64,8 +64,10 @@ class SecretViewSet(WritableSerializerMixin, ModelViewSet):
 
         super(SecretViewSet, self).initial(request, *args, **kwargs)
 
-        # Read session key from HTTP cookie or header if it has been provided. The session key must be provided in order
-        # to encrypt/decrypt secrets.
+        if request.user.is_authenticated():
+
+            # Read session key from HTTP cookie or header if it has been provided. The session key must be provided in
+            # order to encrypt/decrypt secrets.
             if 'session_key' in request.COOKIES:
                 session_key = base64.b64decode(request.COOKIES['session_key'])
             elif 'HTTP_X_SESSION_KEY' in request.META:
@@ -74,7 +76,6 @@ class SecretViewSet(WritableSerializerMixin, ModelViewSet):
                 session_key = None
 
             # We can't encrypt secret plaintext without a session key.
-        # assert False, self.action
             if self.action in ['create', 'update'] and session_key is None:
                 raise ValidationError("A session key must be provided when creating or updating secrets.")