Skip to content

Commit

Permalink
fix(setup-wizard): Always create a new user API token (#69388)
Browse files Browse the repository at this point in the history
In the wizard endpoint, we’d reuse existing user auth tokens of the
authenticated user if:
1. the user was part of multiple orgs (==> we can't create an org-based
token)
2. AND we found one that satisfied the necessary permissions for
sourcemap upload.
 
With #68148 being merged, we
cannot do this anymore. Plain user auth token values are only gonna be
available directly after the token was created.

For the fix, this PR makes a change to the wizard endpoint to always
create a new user API token. This now works just like when we create an
org token for single-org users.

Closes: #69381

---------

Co-authored-by: Daniel Griesser <daniel.griesser.86@gmail.com>
  • Loading branch information
Lms24 and HazAT authored Apr 22, 2024
1 parent 57cb0dd commit 64cd872
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 19 deletions.
15 changes: 6 additions & 9 deletions src/sentry/web/frontend/setup_wizard.py
Original file line number Diff line number Diff line change
Expand Up @@ -154,15 +154,12 @@ def get_token(mappings: list[OrganizationMapping], user: RpcUser):
return token

# Otherwise, generate a user token
tokens = ApiToken.objects.filter(user_id=user.id)
token = next((token for token in tokens if "project:releases" in token.get_scopes()), None)
if token is None:
token = ApiToken.objects.create(
user_id=user.id,
scope_list=["project:releases"],
token_type=AuthTokenType.USER,
expires_at=None,
)
token = ApiToken.objects.create(
user_id=user.id,
scope_list=["project:releases"],
token_type=AuthTokenType.USER,
expires_at=None,
)
return serialize(token)


Expand Down
14 changes: 4 additions & 10 deletions tests/sentry/web/frontend/test_setup_wizard.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,7 @@
from django.urls import reverse

from sentry.api.endpoints.setup_wizard import SETUP_WIZARD_CACHE_KEY
from sentry.api.serializers import serialize
from sentry.cache import default_cache
from sentry.models.apitoken import ApiToken
from sentry.models.projectkey import ProjectKey
from sentry.silo.base import SiloMode
from sentry.testutils.cases import PermissionTestCase
Expand Down Expand Up @@ -90,13 +88,6 @@ def test_project_multiple_keys(self):
assert len(cached.get("projects")[0].get("keys")) == 2

def test_return_user_auth_token_if_multiple_orgs(self):
user_api_token = ApiToken.objects.create_or_update(
user=self.user,
scope_list=["project:releases"],
refresh_token=None,
expires_at=None,
)[0]

self.org = self.create_organization(name="org1", owner=self.user)
self.org2 = self.create_organization(name="org2", owner=self.user)
self.team = self.create_team(organization=self.org, name="Mariachi Band")
Expand All @@ -116,7 +107,10 @@ def test_return_user_auth_token_if_multiple_orgs(self):
self.assertTemplateUsed(resp, "sentry/setup-wizard.html")
cached = default_cache.get(key)

assert cached.get("apiKeys") == serialize(user_api_token)
assert cached.get("apiKeys") is not None

token = cached.get("apiKeys")["token"]
assert token.startswith("sntryu_")

def test_return_org_auth_token_if_one_org(self):
self.org = self.create_organization(owner=self.user)
Expand Down

0 comments on commit 64cd872

Please sign in to comment.