From 301b16a036ed2e713103fc5015abfbff3bc79f63 Mon Sep 17 00:00:00 2001
From: Stephan <stephane@umbraco.dk>
Date: Fri, 10 May 2019 09:06:16 +0200
Subject: [PATCH] Fix user for v7 migration

---
 .../Compose/AuditEventsComponent.cs           |  5 ++--
 .../InstallSteps/SetUmbracoVersionStep.cs     | 26 ++++++++++++++-----
 2 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/src/Umbraco.Core/Compose/AuditEventsComponent.cs b/src/Umbraco.Core/Compose/AuditEventsComponent.cs
index 15fdfeacff..e76c13b0fe 100644
--- a/src/Umbraco.Core/Compose/AuditEventsComponent.cs
+++ b/src/Umbraco.Core/Compose/AuditEventsComponent.cs
@@ -49,9 +49,8 @@ namespace Umbraco.Core.Compose
             get
             {
                 var identity = Thread.CurrentPrincipal?.GetUmbracoIdentity();
-                return identity == null
-                    ? new User { Id = 0, Name = "SYSTEM", Email = "" }
-                    : _userService.GetUserById(Convert.ToInt32(identity.Id));
+                var user = identity == null ? null : _userService.GetUserById(Convert.ToInt32(identity.Id));
+                return user ?? new User { Id = 0, Name = "SYSTEM", Email = "" };
             }
         }
 
diff --git a/src/Umbraco.Web/Install/InstallSteps/SetUmbracoVersionStep.cs b/src/Umbraco.Web/Install/InstallSteps/SetUmbracoVersionStep.cs
index c1268ca675..b5fdea32b7 100644
--- a/src/Umbraco.Web/Install/InstallSteps/SetUmbracoVersionStep.cs
+++ b/src/Umbraco.Web/Install/InstallSteps/SetUmbracoVersionStep.cs
@@ -34,18 +34,32 @@ namespace Umbraco.Web.Install.InstallSteps
 
         public override Task<InstallSetupResult> ExecuteAsync(object model)
         {
-            //During a new install we'll log the default user in (which is id = 0).
-            // During an upgrade, the user will already need to be logged in order to run the installer.
-
             var security = new WebSecurity(_httpContext, _userService, _globalSettings);
-            //we do this check here because for upgrades the user will already be logged in, for brand new installs,
-            // they will not be logged in, however we cannot check the current installation status because it will tell
-            // us that it is in 'upgrade' because we already have a database conn configured and a database.
+
             if (security.IsAuthenticated() == false && _globalSettings.ConfigurationStatus.IsNullOrWhiteSpace())
             {
                 security.PerformLogin(-1);
             }
 
+            if (security.IsAuthenticated())
+            {
+                // when a user is already logged in, we need to check whether it's user 'zero'
+                // which is the legacy super user from v7 - and then we need to actually log the
+                // true super user in - but before that we need to log off, else audit events
+                // will try to reference user zero and fail
+                var userIdAttempt = security.GetUserId();
+                if (userIdAttempt && userIdAttempt.Result == 0)
+                {
+                    security.ClearCurrentLogin();
+                    security.PerformLogin(Constants.Security.SuperUserId);
+                }
+            }
+            else if (_globalSettings.ConfigurationStatus.IsNullOrWhiteSpace())
+            {
+                // for installs, we need to log the super user in
+                security.PerformLogin(Constants.Security.SuperUserId);
+            }
+
             // Update configurationStatus
             _globalSettings.ConfigurationStatus = UmbracoVersion.SemanticVersion.ToSemanticString();