I was looking at the Audit Log and noticed that Admin login events are getting saved with an anonymous UserId in the UserId field instead of the actual Admin UserId. The actual Admin UserId is getting put in the Comment field. I think the following line of code in the AuditLogin_Success method in CommercBuilder\Users\AbleCommerceMembershipProvider.cs:
Code: Select all
Logger.Audit(AuditEventType.Login, true, user.Id.ToString());
Code: Select all
Logger.Audit(AuditEventType.Login, true, user.Id.ToString(), user);
I can't think of a reason why you'd want the anonymous UserId there, am I missing something?
I believe similar code changes should be made to the other AuditLogin_* methods, except for AuditLogin_InvalidUsername.
If someone from AbleCommerce can confirm this is a bug, I'll file it using the Feedback button.