getsentry · priscilawebdev · Dec 12, 2024 · Dec 12, 2024 · Dec 12, 2024 · Dec 12, 2024
@@ -660,6 +660,22 @@ def handle_basic_auth(self, request: Request, **kwargs) -> HttpResponseBase:
             elif login_form.is_valid():
                 user = login_form.get_user()
 
+                # Check if the user is a member of the provided organization based on their email
+                membership = organization_service.check_membership_by_email(
+                    email=user.email, organization_id=organization.id
+                )
+
+                # If the user is in a "pending invite acceptance" state and user_id is None,
+                # they are not yet fully associated with the organization.
+                # To ensure they are redirected to the correct organization after accepting the invite,
+                # they need to be added as a member.
+                if membership and membership.user_id is None and membership.is_pending:
+                    organization_service.add_organization_member(
+                        organization_id=organization.id,
+                        default_org_role=organization.default_role,
+                        user_id=user.id,
+                    )
+
                 self._handle_login(request, user, organization)
                 metrics.incr(
                     "login.attempt", instance="success", skip_internal=True, sample_rate=1.0

diff --git a/tests/acceptance/test_accept_organization_invite.py b/tests/acceptance/test_accept_organization_invite.py
@@ -1,4 +1,6 @@
 from django.db.models import F
+from django.test import override_settings
+from selenium.webdriver.common.by import By
 
 from sentry.models.authprovider import AuthProvider
 from sentry.models.organization import Organization
@@ -23,6 +25,14 @@ def setUp(self):
             teams=[self.team],
         )
 
+    def _sign_in_user(self, email, password):
+        """
+        Helper method to sign in a user with given email and password.
+        """
+        self.browser.find_element(By.ID, "id_username").send_keys(email)
+        self.browser.find_element(By.ID, "id_password").send_keys(password)
+        self.browser.find_element(By.XPATH, "//button[contains(text(), 'Sign In')]").click()
+
     def test_invite_simple(self):
         self.login_as(self.user)
         self.browser.get(self.member.get_invite_link().split("/", 3)[-1])
@@ -52,3 +62,78 @@ def test_invite_sso_org(self):
         self.browser.wait_until('[data-test-id="accept-invite"]')
         assert self.browser.element_exists_by_test_id("action-info-sso")
         assert self.browser.element_exists('[data-test-id="sso-login"]')
+
+    @override_settings(SENTRY_SINGLE_ORGANIZATION=True)
+    def test_authenticated_user_already_member_of_an_org_accept_invite_other_org(self):
+        """
+        Test that an authenticated user already part of an organization can accept an invite to another organization.
+        """
+
+        # Setup: Create a second user and make them a member of an organization
+        email = "[email protected]"
+        password = "dummy"
+        user2 = self.create_user(email=email)
+        user2.set_password(password)
+        user2.save()
+        self.create_organization(name="Second Org", owner=user2)
+
+        # Action: Invite User2 to the first organization
+        new_member = self.create_member(
+            user=None,
+            email=user2.email,
+            organization=self.org,
+            role="owner",
+            teams=[self.team],
+        )
+
+        self.login_as(user2)
+
+        # Simulate the user accessing the invite link
+        self.browser.get(new_member.get_invite_link().split("/", 3)[-1])
+        self.browser.wait_until('[data-test-id="accept-invite"]')
+
+        self.browser.click('button[data-test-id="join-organization"]')
+        assert self.browser.wait_until('[aria-label="Create project"]')
+
+    @override_settings(SENTRY_SINGLE_ORGANIZATION=True)
+    def test_not_authenticated_user_already_member_of_an_org_accept_invite_other_org(self):
+        """
+        Test that a not authenticated user already part of an organization can accept an invite to another organization.
+        """
+
+        # Setup: Create a second user and make them a member of an organization
+        email = "[email protected]"
+        password = "dummy"
+        user2 = self.create_user(email=email)
+        user2.set_password(password)
+        user2.save()
+        self.create_organization(name="Second Org", owner=user2)
+
+        # Action: Invite User2 to the first organization
+        new_member = self.create_member(
+            user=None,
+            email=user2.email,
+            organization=self.org,
+            role="member",
+            teams=[self.team],
+        )
+
+        # Simulate the user accessing the invite link
+        self.browser.get(new_member.get_invite_link().split("/", 3)[-1])
+        self.browser.wait_until('[data-test-id="accept-invite"]')
+
+        # Accept the invitation using the existing account
+        self.browser.click('a[data-test-id="link-with-existing"]')
+        self.browser.wait_until_not('[data-test-id="loading-indicator"]')
+
+        # Handle form validation: Prevent default invalid event blocking
+        self.browser.driver.execute_script(
+            "document.addEventListener('invalid', function(e) { e.preventDefault(); }, true);"
+        )
+
+        # Login using existing credentials
+        self._sign_in_user(email, password)
+        assert self.browser.wait_until('[aria-label="Create project"]')
+
+        # Check if the user is redirected to the correct organization
+        self.browser.find_element(By.XPATH, f"//*[text() = '{self.org.name}']")
diff --git a/tests/sentry/web/frontend/test_auth_organization_login.py b/tests/sentry/web/frontend/test_auth_organization_login.py
@@ -880,9 +880,8 @@ def test_flow_as_authenticated_user_with_invite_joining(self):
 
     @override_settings(SENTRY_SINGLE_ORGANIZATION=True)
     @with_feature({"organizations:create": False})
-    def test_basic_auth_flow_as_invited_user(self):
+    def test_basic_auth_flow_as_not_invited_user(self):
         user = self.create_user("[email protected]")
-        self.create_member(organization=self.organization, email="[email protected]")
 
         self.session["_next"] = reverse(
             "sentry-organization-settings", args=[self.organization.slug]
@@ -892,13 +891,12 @@ def test_basic_auth_flow_as_invited_user(self):
         resp = self.client.post(
             self.path, {"username": user, "password": "admin", "op": "login"}, follow=True
         )
-        assert resp.redirect_chain == [("/auth/login/", 302)]
+        assert resp.redirect_chain == [("/auth/login/", 302), ("/organizations/foo/issues/", 302)]
         assert resp.status_code == 403
         self.assertTemplateUsed(resp, "sentry/no-organization-access.html")
 
-    def test_basic_auth_flow_as_invited_user_not_single_org_mode(self):
+    def test_basic_auth_flow_as_not_invited_user_not_single_org_mode(self):
         user = self.create_user("[email protected]")
-        self.create_member(organization=self.organization, email="[email protected]")
         resp = self.client.post(
             self.path, {"username": user, "password": "admin", "op": "login"}, follow=True
         )