Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(auth): add 401 response to member invite #80800

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

fix(auth): add 401 response to member invite #80800

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
29759ff
add unauthorized response
mifu67 Nov 15, 2024
3f3e054
failing test
mifu67 Nov 15, 2024
66a23f3
pass email to frontend
mifu67 Nov 15, 2024
6ff3823
a more elegant solution
mifu67 Nov 15, 2024
ac2b226
mypy :/
mifu67 Nov 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 15 additions & 1 deletion src/sentry/api/endpoints/accept_organization_invite.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,13 @@ class AcceptOrganizationInvite(Endpoint):
def respond_invalid() -> Response:
return Response(status=status.HTTP_400_BAD_REQUEST, data={"details": "Invalid invite code"})

@staticmethod
def respond_unauthorized() -> Response:
mifu67 marked this conversation as resolved.
Show resolved Hide resolved
return Response(
status=status.HTTP_401_UNAUTHORIZED,
data={"details": "Active session account is not authorized to accept invite"},
)

def get_helper(
self, request: Request, token: str, invite_context: RpcUserOrganizationContext
) -> ApiInviteHelper:
Expand Down Expand Up @@ -142,6 +149,13 @@ def get(
or not helper.valid_token
or not organization_member.invite_approved
):
# XXX (mifu67): If organization_member.user_id is not None, then it means that there
# exists an active session. If the token is not expired, then while it is possible that
# other issues are causing the invite to be invalid, a probable cause is the session user
# not matching the invited user, and the token is definitely not expired (which is what the
# error message suggests). Prompt the user to sign out and try again.
if organization_member.user_id and not organization_member.token_expired:
return self.respond_unauthorized()
return self.respond_invalid()

# Keep track of the invite details in the request session
Expand All @@ -158,7 +172,7 @@ def get(
"needsSso": auth_provider is not None,
"hasAuthProvider": auth_provider is not None,
"requireSso": auth_provider is not None and not auth_provider.flags.allow_unlinked,
# If they're already a member of the organization its likely
# If they're already a member of the organization it's likely
# they're using a shared account and either previewing this invite
# or are incorrectly expecting this to create a new account.
"existingMember": helper.member_already_exists,
Expand Down
2 changes: 1 addition & 1 deletion tests/sentry/api/endpoints/test_accept_organization_invite.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ def test_invite_not_pending(self):
om = Factories.create_member(token="abc", organization=self.organization, user=user)
for path in self._get_paths([om.id, om.token]):
resp = self.client.get(path)
assert resp.status_code == 400
assert resp.status_code == 401

def test_invite_unapproved(self):
om = Factories.create_member(
Expand Down
Loading