1. Create a new customer from the Administration screen (fill in all fields)
* Note, there's no explicit field for the user name. nopCommerce doesn't use the email address. It is null in the database. (separate bug).
2. Assign the customer to the Registered role
3. Impersonate (place order) as the new customer
4. Abandon the cart before payment (do not log out)
5. Log back in as the original administrator by going to www.xxxxxx.com/admin
You'll notice you can't get to the administration screen, because you're still impersonating the user even though you're explicitly trying to log in as an administrator.
When I first saw this bug I had just copied a fresh copy of the database from the production site onto my development box. I was wondering why I kept seeing another customer's shopping cart, instead of my own. I couldn't figure out why I couldn't log back into the administrator screen. I stepped through the code and found the culprit (WebWorkContext.cs, Line 79):
protected Customer GetCurrentCustomer()
{
....
//impersonate user if required (currently used for 'phone order' support)
if (customer != null && !customer.Deleted && customer.Active)
{
int? impersonatedCustomerId = customer.GetAttribute<int?>(SystemCustomerAttributeNames.ImpersonatedCustomerId);
if (impersonatedCustomerId.HasValue && impersonatedCustomerId.Value > 0)
{
var impersonatedCustomer = _customerService.GetCustomerById(impersonatedCustomerId.Value);
if (impersonatedCustomer != null && !impersonatedCustomer.Deleted && impersonatedCustomer.Active)
{
//set impersonated customer
_originalCustomerIfImpersonated = customer;
customer = impersonatedCustomer;
}
}
}
....
}
My first thought is to clear the impersonatedCustomerId when ever you successfully log in as an administrator, but I can't confirm how it would effect other areas of the software.