GDPR: customer ip addresses saved in logs

[Manuel-Innovapps]

nopCommerce version: 4.60.x +

Steps to reproduce the problem:

1. Disable setting customersettings.storeipaddresses
2. visit the store, and produce a log message that is associated to a customer. (i.e. with the following http status codes: 400, 404, 500)
3. visit the logs in the backend, open the details page of the produced log message
4. You will see the email of the customer with a link to the customer detail page and additionally the IP address of the customer.

Based on the GDPR this is not allowed, as with this log file the displayed IP address can be directly associated with the customer.

Proposed solution:
If customersettings.storeipaddresses is disabled, IP addresses in the logs should not be stored for registered customers (or even any customers).

nopCommerce/src/Libraries/Nop.Services/Logging/DefaultLogger.cs

Lines 191 to 201 in 8ad98f3

	var log = new Log
	{
	LogLevel = logLevel,
	ShortMessage = shortMessage,
	FullMessage = fullMessage,
	IpAddress = _webHelper.GetCurrentIpAddress(),
	CustomerId = customer?.Id,
	PageUrl = _webHelper.GetThisPageUrl(true),
	ReferrerUrl = _webHelper.GetUrlReferrer(),
	CreatedOnUtc = DateTime.UtcNow
	};

[AndreiMaz]

@Manuel-Innovapps You've written "1. Enable setting customersettings.storeipaddresses". But in this case IP addresses will be store in the [Customer] table as well. Did you mean "1. Disable setting customersettings.storeipaddresses"? So when disabled, then IP address should not be stored in [Customer] and [Log] tables?

[Manuel-Innovapps]

@AndreiMaz I'm sorry for the confision, this is exactly what I meant.

They should especially not be stored in logs, if a customerId is passed. But I think generalizing to all logs should work out just fine.