- Resolved an error attempting to decode a prohibited impersonation t…

…oken.
SparkDevNetwork · Nov 3, 2023 · 23e4981 · 23e4981
1 parent 75ad4d9
commit 23e4981
Showing 1 changed file with 16 additions and 3 deletions.
diff --git a/Rock/Model/Core/PersonToken/PersonTokenService.cs b/Rock/Model/Core/PersonToken/PersonTokenService.cs
@@ -33,17 +33,30 @@ public partial class PersonTokenService
         /// <returns></returns>
         public PersonToken GetByImpersonationToken( string impersonationToken )
         {
+            if ( impersonationToken == "TokenProhibited" )
+            {
+                // This indicates that there was an attempt to generate a token for a person whose security settings do not permit it.  Exit here, before attempting to decrypt the token.
+                return null;
+            }
+
             // the impersonationToken should normally be a UrlEncoded string, but it is possible that the caller already UrlDecoded it, so first try without UrlDecoding it
             var decryptedToken = Rock.Security.Encryption.DecryptString( impersonationToken );
 
             if ( decryptedToken == null )
             {
                 // do a Replace('!', '%') on the token before UrlDecoding because we did a Replace('%', '!') after we UrlEncoded it (to make it embeddable in HTML and cross browser compatible)
-                string urlDecodedKey = System.Web.HttpUtility.UrlDecode( impersonationToken.Replace( '!', '%' ) );
-                decryptedToken = Rock.Security.Encryption.DecryptString( urlDecodedKey );
+                string urlDecodedToken = System.Web.HttpUtility.UrlDecode( impersonationToken.Replace( '!', '%' ) );
+
+                if ( urlDecodedToken == "TokenProhibited" )
+                {
+                    // This indicates that there was an attempt to generate a token for a person whose security settings do not permit it.  Exit here, before attempting to decrypt the token.
+                    return null;
+                }
+
+                decryptedToken = Rock.Security.Encryption.DecryptString( urlDecodedToken );
             }
 
-            var personToken = this.Queryable().Include(pt => pt.PersonAlias).FirstOrDefault( a => a.Token == decryptedToken );
+            var personToken = this.Queryable().Include( pt => pt.PersonAlias ).FirstOrDefault( a => a.Token == decryptedToken );
             if ( personToken == null )
             {
                 bool tokenUseLegacyFallback = GlobalAttributesCache.Get().GetValue( "core.PersonTokenUseLegacyFallback" ).AsBoolean();