require verified email to send invites

mdtro · mdtro · commit 6b73d0a26679 · 2025-02-07T11:14:33.000-06:00
diff --git a/src/sentry/api/endpoints/organization_member/requests/invite/index.py b/src/sentry/api/endpoints/organization_member/requests/invite/index.py
@@ -7,6 +7,7 @@
 from sentry.api.api_publish_status import ApiPublishStatus
 from sentry.api.base import region_silo_endpoint
 from sentry.api.bases.organization import OrganizationEndpoint, OrganizationPermission
+from sentry.api.decorators import email_verification_required
 from sentry.api.endpoints.organization_member.index import OrganizationMemberRequestSerializer
 from sentry.api.paginator import OffsetPaginator
 from sentry.api.serializers import serialize
@@ -54,6 +55,7 @@ def get(self, request: Request, organization) -> Response:
             paginator_cls=OffsetPaginator,
         )
 
+    @email_verification_required
     def post(self, request: Request, organization) -> Response:
         """
         Add a invite request to Organization
diff --git a/tests/sentry/api/endpoints/test_organization_invite_request_index.py b/tests/sentry/api/endpoints/test_organization_invite_request_index.py
@@ -8,6 +8,8 @@
 from sentry.models.options.organization_option import OrganizationOption
 from sentry.models.organizationmember import InviteStatus, OrganizationMember
 from sentry.models.organizationmemberteam import OrganizationMemberTeam
+from sentry.models.useremail import UserEmail
+from sentry.silo.base import SiloMode
 from sentry.testutils.cases import APITestCase, SlackActivityNotificationTest
 from sentry.testutils.hybrid_cloud import HybridCloudTestMixin
 from sentry.testutils.outbox import outbox_runner
@@ -115,6 +117,18 @@ def test_simple(self):
 
         self.assert_org_member_mapping(org_member=member)
 
+    def test_inviter_must_have_verified_email(self):
+        with assume_test_silo_mode(SiloMode.CONTROL):
+            UserEmail.objects.filter(user=self.user).update(is_verified=False)
+
+        self.login_as(user=self.user)
+
+        response = self.client.post(
+            self.url, {"email": "eric@localhost", "role": "member", "teams": [self.team.slug]}
+        )
+
+        assert response.status_code == 401
+
     def test_higher_role(self):
         self.login_as(user=self.user)
         response = self.client.post(
