Affects Version/s: 7.3.X, Master
In the case of certain users, when impersonating them and writing a comment in an asset publisher, the comment is saved with author Test Test (the impersonator) and a warning like "Unable to impersonate jtP9LViCzpjvR ip/Dr1Ng== because the string cannot be decrypted" in the logs.
The ecrypted userid string is created based on the company's key (companyinfo table) and the user's userid:
It can happen that this encryption adds a + sign.
In our example it's: http://localhost:8080/web/guest?doAsUserId=jtP9LViCzpjvR%2Bip%2FDr1Ng%3D%3D
The jtP9LViCzpjvR%2Bip%2FDr1Ng%3D%3D userid is created based on
Preparation for the reproduction:
Run this script to create the user with the above mentioned userid:
Run this script to change the company's key (don't forget to change the companyInfoId if needed):
1) Add a web content
2) Add an Asset Publisher to a page and enable comments
3) Add the user to the site
4) Impersonate the user and add a comment
The comment is created under the admin's name, and there is a WARN in the log:
Unable to impersonate jtP9LViCzpjvR ip/Dr1Ng== because the string cannot be decrypted
Notice the missing plus sign.
Master: reproduced (in addition to the warning, there was also a long stack trace logged)