Looking through our Audit log I noticed that it shows random users as the actor when a user is automatically created from a new AD login. In the last 10 user creation events (and the subsequent event adding the new user to ‘Everyone’), only 1 showed system as the actor. I’ve verified these users were created automatically by a first time AD login, not manually by the actors listed. We’re running Octopus 3.7.15.
Last ten creation events and the userId listed in audit (taken from a SQL query as the UI Audit list can’t be filtered on User Created events).
Thanks for getting in touch! It seems you have found a bug in the user handling during login. From what I can see the issue occurs because the user login is by nature an unauthenticated call. We have code that determines the user at the beginning of each request, but in this case the user is unknown at that point and it isn’t correctly handling falling back to something like “system user”. The result currently seems to be that it’s leaving the thread’s user as the one from the last request that happened to get processed on that thread, which is why it appears somewhat random.
I have created an issue, which you can track on GitHub, and we’ll address this as soon as we can.
Thank you too for the detail and data you provided, it’s certainly a huge help to us in tracking issues like this to have detailed information to work from. If I can assist further with anything just let me know.