ref: handle AnonymousUser in some views (#91884)

this is needed to upgrade django-stubs. I think in every place here
these are superfluous but are helpful to teach the type checker what is
going on

<!-- Describe your PR here. -->

Author: asottile-sentry

src/sentry/api/endpoints/accept_project_transfer.py

@@ -19,6 +19,7 @@
 from sentry.models.organization import Organization
 from sentry.models.project import Project
 from sentry.signals import project_transferred
+from sentry.users.models.user import User
 from sentry.utils import metrics
 from sentry.utils.signing import unsign
 
@@ -36,7 +37,7 @@ class AcceptProjectTransferEndpoint(Endpoint):
     authentication_classes = (SessionAuthentication,)
     permission_classes = (SentryIsAuthenticated,)
 
-    def get_validated_data(self, data, user):
+    def get_validated_data(self, data, user: User):
         try:
             data = unsign(force_str(data), salt=SALT)
         except SignatureExpired:
@@ -64,6 +65,9 @@ def get_validated_data(self, data, user):
 
     @sudo_required
     def get(self, request: Request) -> Response:
+        if not request.user.is_authenticated:
+            return Response(status=400)
+
         try:
             data = request.GET["data"]
         except KeyError:
@@ -92,6 +96,9 @@ def get(self, request: Request) -> Response:
 
     @sudo_required
     def post(self, request: Request) -> Response:
+        if not request.user.is_authenticated:
+            return Response(status=400)
+
         try:
             data = request.data["data"]
         except KeyError:

src/sentry/api/endpoints/api_authorizations.py

@@ -27,6 +27,9 @@ class ApiAuthorizationsEndpoint(Endpoint):
     permission_classes = (SentryIsAuthenticated,)
 
     def get(self, request: Request) -> Response:
+        if not request.user.is_authenticated:
+            return Response(status=400)
+
         queryset = ApiAuthorization.objects.filter(
             user_id=request.user.id, application__status=ApiApplicationStatus.active
         ).select_related("application")
@@ -40,6 +43,9 @@ def get(self, request: Request) -> Response:
         )
 
     def delete(self, request: Request) -> Response:
+        if not request.user.is_authenticated:
+            return Response(status=400)
+
         authorization = request.data.get("authorization")
         if not authorization:
             return Response({"authorization": ""}, status=400)

src/sentry/api/endpoints/api_tokens.py

@@ -39,6 +39,8 @@ def get_appropriate_user_id(request: Request) -> int:
     For GET endpoints, the GET dict is used.
     For all others, the DATA dict is used.
     """
+    assert request.user.is_authenticated
+
     # Get the user id for the user that made the current request as a baseline default
     user_id = request.user.id
     if has_elevated_mode(request):

src/sentry/api/endpoints/assistant.py

@@ -65,6 +65,9 @@ class AssistantEndpoint(Endpoint):
 
     def get(self, request: Request) -> Response:
         """Return all the guides with a 'seen' attribute if it has been 'viewed' or 'dismissed'."""
+        if not request.user.is_authenticated:
+            return Response(status=400)
+
         seen_ids = set(
             AssistantActivity.objects.filter(user_id=request.user.id).values_list(
                 "guide_id", flat=True
@@ -85,6 +88,9 @@ def put(self, request: Request):
             'useful' (optional): true / false,
         }
         """
+        if not request.user.is_authenticated:
+            return Response(status=400)
+
         serializer = AssistantSerializer(data=request.data)
 
         if not serializer.is_valid():

src/sentry/api/endpoints/broadcast_details.py

@@ -60,6 +60,9 @@ def get(self, request: Request, broadcast_id) -> Response:
         return self._serialize_response(request, broadcast)
 
     def put(self, request: Request, broadcast_id) -> Response:
+        if not request.user.is_authenticated:
+            return Response(status=400)
+
         broadcast = self._get_broadcast(request, broadcast_id)
         validator = self._get_validator(request)(data=request.data, partial=True)
         if not validator.is_valid():

src/sentry/api/endpoints/broadcast_index.py

@@ -132,7 +132,10 @@ def get(
             paginator_cls=paginator_cls,
         )
 
-    def put(self, request: Request):
+    def put(self, request: Request) -> Response:
+        if not request.user.is_authenticated:
+            return Response(status=401)
+
         validator = BroadcastValidator(data=request.data, partial=True)
         if not validator.is_valid():
             return self.respond(validator.errors, status=400)
@@ -146,9 +149,6 @@ def put(self, request: Request):
             queryset = queryset.filter(id__in=ids)
 
         if result.get("hasSeen"):
-            if not request.user.is_authenticated:
-                return self.respond(status=401)
-
             if ids:
                 unseen_queryset = queryset
             else:
@@ -166,6 +166,8 @@ def put(self, request: Request):
         return self.respond(result)
 
     def post(self, request: Request) -> Response:
+        if not request.user.is_authenticated:
+            return Response(status=400)
         if not request.access.has_permission("broadcasts.admin"):
             return self.respond(status=401)
 

src/sentry/api/endpoints/group_autofix_setup_check.py

@@ -99,6 +99,9 @@ def get(self, request: Request, group: Group) -> Response:
         """
         Checks if we are able to run Autofix on the given group.
         """
+        if not request.user.is_authenticated:
+            return Response(status=400)
+
         org: Organization = request.organization
 
         integration_check = None

src/sentry/api/endpoints/organization_dashboards.py

@@ -96,6 +96,9 @@ def get(self, request: Request, organization) -> Response:
         """
         Retrieve a list of custom dashboards that are associated with the given organization.
         """
+        if not request.user.is_authenticated:
+            return Response(status=400)
+
         if not features.has("organizations:dashboards-basic", organization, actor=request.user):
             return Response(status=404)
 

src/sentry/api/endpoints/organization_events_trace.py

@@ -1058,6 +1058,9 @@ def record_analytics(
             set_span_data("trace_view.projects", len_projects)
 
     def get(self, request: Request, organization: Organization, trace_id: str) -> HttpResponse:
+        if not request.user.is_authenticated:
+            return Response(status=400)
+
         if not self.has_feature(organization, request):
             return Response(status=404)
 
@@ -1118,7 +1121,7 @@ def get(self, request: Request, organization: Organization, trace_id: str) -> Ht
                     False,
                     query_source=query_source,
                 )
-            self.record_analytics(transactions, trace_id, self.request.user.id, organization.id)
+            self.record_analytics(transactions, trace_id, request.user.id, organization.id)
 
         warning_extra: dict[str, str] = {"trace": trace_id, "organization": organization.slug}
 

src/sentry/api/endpoints/organization_fork.py

@@ -70,6 +70,9 @@ def post(self, request: Request, organization_id_or_slug) -> Response:
 
         logger.info("relocations.fork.post.start", extra={"caller": request.user.id})
 
+        if not request.user.is_authenticated:
+            return Response(status=status.HTTP_400_BAD_REQUEST)
+
         org_mapping = (
             organization_mapping_service.get(organization_id=organization_id_or_slug)
             if str(organization_id_or_slug).isdecimal()
@@ -147,7 +150,7 @@ def post(self, request: Request, organization_id_or_slug) -> Response:
         # duplicate from the foreign region.
         provenance = Relocation.Provenance.SAAS_TO_SAAS
         with atomic_transaction(using=(router.db_for_write(Relocation))):
-            new_relocation: Relocation = Relocation.objects.create(
+            new_relocation = Relocation.objects.create(
                 creator_id=request.user.id,
                 owner_id=owner.id,
                 step=Relocation.Step.UPLOADING.value,

src/sentry/api/endpoints/organization_pinned_searches.py

@@ -40,6 +40,9 @@ class OrganizationPinnedSearchEndpoint(OrganizationEndpoint):
     permission_classes = (OrganizationPinnedSearchPermission,)
 
     def put(self, request: Request, organization) -> Response:
+        if not request.user.is_authenticated:
+            return Response(status=400)
+
         serializer = OrganizationSearchSerializer(data=request.data)
 
         if not serializer.is_valid():
@@ -91,6 +94,9 @@ def put(self, request: Request, organization) -> Response:
         return Response(serialize(pinned_search, request.user), status=201)
 
     def delete(self, request: Request, organization) -> Response:
+        if not request.user.is_authenticated:
+            return Response(status=400)
+
         try:
             search_type = SearchType(int(request.data.get("type", 0)))
         except ValueError as e:

src/sentry/api/endpoints/project_details.py

@@ -569,6 +569,8 @@ def put(self, request: Request, project) -> Response:
         Note that solely having the **`project:read`** scope restricts updatable settings to
         `isBookmarked`.
         """
+        if not request.user.is_authenticated:
+            return Response(status=status.HTTP_400_BAD_REQUEST)
 
         old_data = serialize(project, request.user, DetailedProjectSerializer())
         has_elevated_scopes = request.access and (

src/sentry/api/endpoints/prompts_activity.py

@@ -46,6 +46,9 @@ class PromptsActivityEndpoint(Endpoint):
     def get(self, request: Request, **kwargs) -> Response:
         """Return feature prompt status if dismissed or in snoozed period"""
 
+        if not request.user.is_authenticated:
+            return Response(status=400)
+
         features = request.GET.getlist("feature")
         if len(features) == 0:
             return Response({"details": "No feature specified"}, status=400)

src/sentry/api/endpoints/trace_explorer_ai_query.py

@@ -65,6 +65,9 @@ def post(request: Request, organization: Organization) -> Response:
         """
         Checks if we are able to run Autofix on the given group.
         """
+        if not request.user.is_authenticated:
+            return Response(status=status.HTTP_400_BAD_REQUEST)
+
         project_ids = [int(x) for x in request.data.get("project_ids", [])]
         natural_language_query = request.data.get("natural_language_query")
 

src/sentry/api/endpoints/trace_explorer_ai_setup.py

@@ -68,6 +68,9 @@ def post(request: Request, organization: Organization) -> Response:
         """
         Checks if we are able to run Autofix on the given group.
         """
+        if not request.user.is_authenticated:
+            return Response(status=status.HTTP_400_BAD_REQUEST)
+
         project_ids = [int(x) for x in request.data.get("project_ids", [])]
 
         if organization.get_option("sentry:hide_ai_features", False):

src/sentry/explore/endpoints/explore_saved_queries.py

@@ -302,6 +302,9 @@ def get(self, request: Request, organization) -> Response:
         Retrieve a list of saved queries that are associated with the given organization.
         """
 
+        if not request.user.is_authenticated:
+            return Response(status=400)
+
         if not self.has_feature(organization, request):
             return self.respond(status=404)
 
@@ -464,6 +467,9 @@ def post(self, request: Request, organization) -> Response:
         """
         Create a new trace explorersaved query for the given organization.
         """
+        if not request.user.is_authenticated:
+            return Response(status=400)
+
         if not self.has_feature(organization, request):
             return self.respond(status=404)
 

src/sentry/explore/endpoints/explore_saved_query_starred.py

@@ -44,6 +44,9 @@ def post(self, request: Request, organization: Organization, id: int) -> Respons
         """
         Update the starred status of a saved Explore query for the current organization member.
         """
+        if not request.user.is_authenticated:
+            return Response(status=status.HTTP_400_BAD_REQUEST)
+
         if not self.has_feature(organization, request):
             return self.respond(status=404)
 

src/sentry/explore/endpoints/explore_saved_query_starred_order.py

@@ -41,6 +41,9 @@ def has_feature(self, organization, request):
         )
 
     def put(self, request: Request, organization: Organization) -> Response:
+        if not request.user.is_authenticated:
+            return Response(status=status.HTTP_400_BAD_REQUEST)
+
         if not self.has_feature(organization, request):
             return self.respond(status=404)
 

src/sentry/insights/endpoints/starred_segments.py

@@ -69,6 +69,9 @@ def delete(self, request: Request, organization: Organization) -> Response:
         """
         Delete a starred segment for the current organization member.
         """
+        if not request.user.is_authenticated:
+            return Response(status=status.HTTP_400_BAD_REQUEST)
+
         if not self.has_feature(organization, request):
             return self.respond(status=404)
 

src/sentry/integrations/messaging/linkage.py

@@ -280,12 +280,11 @@ def persist_identity(
         if idp is None:
             raise ValueError('idp is required for linking (params must include "integration_id")')
 
-        user = request.user
-        if isinstance(user, AnonymousUser):
+        if isinstance(request.user, AnonymousUser):
             raise TypeError("Cannot link identity without a logged-in user")
 
         try:
-            Identity.objects.link_identity(user=user, idp=idp, external_id=external_id)
+            Identity.objects.link_identity(user=request.user, idp=idp, external_id=external_id)
         except IntegrityError:
             event = self.capture_metric("failure.integrity_error")
             logger.exception(event)
@@ -314,6 +313,8 @@ def metrics_operation_key(self) -> str:
     def persist_identity(
         self, idp: IdentityProvider | None, external_id: str, request: HttpRequest
     ) -> HttpResponse | None:
+        if isinstance(request.user, AnonymousUser):
+            raise TypeError("Cannot link identity without a logged-in user")
         try:
             identities = Identity.objects.filter(external_id=external_id)
             if idp is not None:

src/sentry/issues/endpoints/organization_group_search_view_details_starred.py

@@ -40,6 +40,9 @@ def post(self, request: Request, organization: Organization, view_id: int) -> Re
         """
         Update the starred status of a group search view for the current organization member.
         """
+        if not request.user.is_authenticated:
+            return Response(status=status.HTTP_400_BAD_REQUEST)
+
         if not features.has(
             "organizations:issue-stream-custom-views", organization, actor=request.user
         ):

src/sentry/issues/endpoints/organization_group_search_view_starred_order.py

@@ -35,6 +35,9 @@ class OrganizationGroupSearchViewStarredOrderEndpoint(OrganizationEndpoint):
     permission_classes = (MemberPermission,)
 
     def put(self, request: Request, organization: Organization) -> Response:
+        if not request.user.is_authenticated:
+            return Response(status=status.HTTP_400_BAD_REQUEST)
+
         if not features.has(
             "organizations:issue-stream-custom-views", organization, actor=request.user
         ):

src/sentry/issues/endpoints/organization_group_search_views.py

@@ -73,6 +73,9 @@ def get(self, request: Request, organization: Organization) -> Response:
 
         Retrieve a list of custom views for the current organization member.
         """
+        if not request.user.is_authenticated:
+            return Response(status=status.HTTP_400_BAD_REQUEST)
+
         if not features.has(
             "organizations:issue-stream-custom-views", organization, actor=request.user
         ):
@@ -178,6 +181,9 @@ def post(self, request: Request, organization: Organization) -> Response:
         """
         Create a new custom view for the current organization member.
         """
+        if not request.user.is_authenticated:
+            return Response(status=status.HTTP_400_BAD_REQUEST)
+
         if not features.has(
             "organizations:issue-stream-custom-views", organization, actor=request.user
         ):