fix(slack): Validate user org membership in Seer org resolution

Address PR review feedback:
- Change SLACK_PROVIDERS from set to list to match the RPC method's
  expected `list[str]` parameter type, preventing serialization errors
- Check org status before calling get_installation to avoid unnecessary
  queries for inactive orgs
- Verify the requesting Slack user belongs to the resolved org when
  their identity is linked, preventing cross-org data access when
  multiple orgs share a Slack workspace
- Fix inaccurate comments about DM fallback behavior

Refs ISWF-2388
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: leeandher

src/sentry/integrations/slack/webhooks/event.py

@@ -55,7 +55,7 @@
     "Hold on, I've seen this one before...",
     "It worked on my machine...",
 ]
-SLACK_PROVIDERS = {IntegrationProviderSlug.SLACK, IntegrationProviderSlug.SLACK_STAGING}
+SLACK_PROVIDERS = [IntegrationProviderSlug.SLACK, IntegrationProviderSlug.SLACK_STAGING]
 
 
 @all_silo_endpoint  # Only challenge verification is handled at control
@@ -351,6 +351,8 @@ def _resolve_seer_organization(
         Returns ``(organization_id, installation)`` or ``None`` when the
         event should be halted (the halt reason is already recorded).
 
+        We also check that the requesting user is a member of the organization that Seer is accessing.
+
         Note: There is a limitation here of only grabbing the first organization with access to Seer.
         If a Slack installation corresponds to multiple organizations with Seer access, this will not work,
         and must be revisited.
@@ -364,6 +366,8 @@ def _resolve_seer_organization(
             lifecycle.record_halt(SeerSlackHaltReason.NO_VALID_INTEGRATION)
             return None
 
+        identity_user = slack_request.get_identity_user()
+
         lifecycle.add_extra("organization_ids", [oi.organization_id for oi in ois])
         for oi in ois:
             organization_id = oi.organization_id
@@ -372,17 +376,22 @@ def _resolve_seer_organization(
             except Organization.DoesNotExist:
                 continue
 
-            installation = slack_request.integration.get_installation(
-                organization_id=organization_id
-            )
-            assert isinstance(installation, SlackIntegration)
-
             if organization.status != OrganizationStatus.ACTIVE:
                 continue
 
             if not SlackExplorerEntrypoint.has_access(organization):
                 continue
 
+            # When the user's identity is linked, verify they belong to this
+            # org. If not linked the downstream task will prompt to link.
+            if identity_user and not organization.has_access(identity_user):
+                continue
+
+            installation = slack_request.integration.get_installation(
+                organization_id=organization_id
+            )
+            assert isinstance(installation, SlackIntegration)
+
             return organization_id, installation
         lifecycle.record_halt(SeerSlackHaltReason.NO_VALID_ORGANIZATION)
         return None
@@ -394,7 +403,7 @@ def _handle_seer_mention(
     ) -> Response | None:
         """Shared handler for app mentions and DMs that trigger the Seer workflow.
 
-        Returns ``None`` when the feature flag is off (DM messages only),
+        Returns ``None`` when org resolution fails (DM messages only),
         allowing the caller to fall back to alternative handling.
         """
         with MessagingInteractionEvent(
@@ -411,8 +420,8 @@ def _handle_seer_mention(
 
             result = self._resolve_seer_organization(slack_request, lifecycle)
             if result is None:
-                # For DMs, return None on feature-flag halt so caller can
-                # fall back to the help message.
+                # For DMs, return None on org resolution failure so caller
+                # can fall back to the help message.
                 if interaction_type == MessagingInteractionType.DM_MESSAGE:
                     return None
                 return self.respond()

tests/sentry/integrations/slack/webhooks/events/test_app_mention.py

@@ -2,7 +2,10 @@
 
 from sentry.integrations.messaging.metrics import SeerSlackHaltReason
 from sentry.models.organization import Organization
+from sentry.silo.base import SiloMode
 from sentry.testutils.asserts import assert_halt_metric
+from sentry.testutils.silo import assume_test_silo_mode
+from sentry.users.models.identity import Identity, IdentityStatus
 
 from . import SEER_EXPLORER_FEATURES, BaseEventTest
 
@@ -116,3 +119,50 @@ def test_app_mention_org_not_found(self, mock_apply_async, mock_record):
         assert resp.status_code == 200
         mock_apply_async.assert_not_called()
         assert_halt_metric(mock_record, SeerSlackHaltReason.NO_VALID_ORGANIZATION)
+
+    @patch("sentry.integrations.utils.metrics.EventLifecycle.record_event")
+    @patch("sentry.seer.entrypoints.slack.tasks.process_mention_for_slack.apply_async")
+    def test_app_mention_linked_user_not_org_member(self, mock_apply_async, mock_record):
+        """When the Slack user has a linked identity but is not a member of the
+        org with Seer access, the task should not be dispatched."""
+        other_user = self.create_user()
+        with assume_test_silo_mode(SiloMode.CONTROL):
+            idp = self.create_identity_provider(type="slack", external_id="TXXXXXXX1")
+            Identity.objects.create(
+                external_id="U1234567890",
+                idp=idp,
+                user=other_user,
+                status=IdentityStatus.VALID,
+                scopes=[],
+            )
+
+        with self.feature(SEER_EXPLORER_FEATURES):
+            resp = self.post_webhook(event_data=APP_MENTION_EVENT)
+
+        assert resp.status_code == 200
+        mock_apply_async.assert_not_called()
+        assert_halt_metric(mock_record, SeerSlackHaltReason.NO_VALID_ORGANIZATION)
+
+    @patch("sentry.seer.entrypoints.slack.tasks.process_mention_for_slack.apply_async")
+    def test_app_mention_linked_user_is_org_member(self, mock_apply_async):
+        """When the Slack user has a linked identity and IS a member of the
+        org with Seer access, the task should be dispatched normally."""
+        with assume_test_silo_mode(SiloMode.CONTROL):
+            idp = self.create_identity_provider(type="slack", external_id="TXXXXXXX1")
+            Identity.objects.create(
+                external_id="U1234567890",
+                idp=idp,
+                user=self.user,
+                status=IdentityStatus.VALID,
+                scopes=[],
+            )
+
+        with self.feature(SEER_EXPLORER_FEATURES):
+            resp = self.post_webhook(
+                event_data=THREADED_APP_MENTION_EVENT, data=AUTHORIZATIONS_DATA
+            )
+
+        assert resp.status_code == 200
+        mock_apply_async.assert_called_once()
+        kwargs = mock_apply_async.call_args[1]["kwargs"]
+        assert kwargs["organization_id"] == self.organization.id