Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(sign-in): Fix redirect correct org after accepting invite #82005

Open
wants to merge 21 commits into
base: master
Choose a base branch
from

Conversation

priscilawebdev
Copy link
Member

@priscilawebdev priscilawebdev commented Dec 12, 2024

closes #43745
closes #67690

@github-actions github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Dec 12, 2024
@priscilawebdev priscilawebdev requested review from markstory and a team December 12, 2024 10:10
Copy link

codecov bot commented Dec 12, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

✅ All tests successful. No failed tests found.

Additional details and impacted files
@@            Coverage Diff             @@
##           master   #82005      +/-   ##
==========================================
+ Coverage   84.95%   87.57%   +2.62%     
==========================================
  Files        9487     9420      -67     
  Lines      539524   535697    -3827     
  Branches    21177    20799     -378     
==========================================
+ Hits       458357   469152   +10795     
+ Misses      80726    66150   -14576     
+ Partials      441      395      -46     

…correct-org' of github.com:getsentry/sentry into priscila/fix/sign-in/after-accepting-not-redirected-to-correct-org
@priscilawebdev priscilawebdev marked this pull request as ready for review December 12, 2024 12:19
@priscilawebdev priscilawebdev requested a review from a team as a code owner December 12, 2024 12:19
Comment on lines 674 to 676
organization_id=organization.id,
default_org_role=organization.default_role,
user_id=user.id,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't this bypass the membership invite acceptance views? We would also be skipping important steps of that process like enforcing MFA and SSO.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't this bypass the membership invite acceptance views?

No, it doesn't. If the user is not logged in and clicks on the invitation, they will first see the invitation view, where they can either "Create a new account" or "Login using an existing account."

Currently, after submitting the form to create a new account, the invitation is accepted, and the user is redirected to the organization associated with the invite. However, this doesn't happen when the user chooses to login using an existing account. This is what this PR is trying to fix

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We would also be skipping important steps of that process like enforcing MFA and SSO.

I’ve moved the code to what I believe is a more appropriate location, and I was wondering if we have existing tests for the use cases you mentioned. The only tests I could find are these, which are still passing.

Could you confirm if these cover the scenarios we need?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just pulled your branch and tested things out. I think that we do bypass some of the member invite acceptance views by taking the user directly to the org. What I think should happen instead is that after the user logs in, they are redirected back to the initial member invite screen, where they have an active session and can accept the invitation with their currently signed-in account.

We're planning to implement this new member invite flow as part of our upcoming refactor of the authentication system.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The scenario I'm thinking of is:

  1. An existing sentry user is invited to a new org.
  2. The user visits the organization login page
  3. If the user logs in, they'll implicitly accept the membership invite (via these changes) and bypass SSO setup and MFA setup requirements to gain membership.

@getsantry
Copy link
Contributor

getsantry bot commented Jan 8, 2025

This pull request has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you add the label WIP, I will leave it alone unless WIP is removed ... forever!


"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

@getsantry getsantry bot added the Stale label Jan 8, 2025
@getsantry getsantry bot removed the Stale label Jan 9, 2025
…correct-org' of github.com:getsentry/sentry into priscila/fix/sign-in/after-accepting-not-redirected-to-correct-org
@priscilawebdev
Copy link
Member Author

priscilawebdev commented Jan 13, 2025

Hi @markstory and @mifu67 . Thanks for the valuable feedback! 🙏 I've updated the code to check if the user is not already a member of a specific organization and has an invitation link. If both conditions are met, they are redirected to the invitation page to explicitly accept the invite. Would this work until we get everything refactored? The tests are passing now

…correct-org' of github.com:getsentry/sentry into priscila/fix/sign-in/after-accepting-not-redirected-to-correct-org
@mifu67
Copy link
Contributor

mifu67 commented Jan 14, 2025

Since the 2FA test is passing, this looks okay to me! @markstory is there anything I might have missed?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Scope: Backend Automatically applied to PRs that change backend components
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Bugs in Invite Flow Organization invite does not work if the user already has an organization
4 participants