fix(integrations): Disallow modifying a repo's integration#111739
Merged
fix(integrations): Disallow modifying a repo's integration#111739
Conversation
github-actions
bot
added
the
Scope: Backend
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Autofix Details
Bugbot Autofix prepared a fix for the issue found in the latest run.
- ✅ Fixed: Repository migration silently fails due to ignored integrationId
- The repository details PUT endpoint now returns a 400 error when no valid updatable fields are provided, so integrationId-only migration requests no longer succeed silently.
Or push these changes by commenting:
@cursor push 4d3895d645
Preview (4d3895d645)
diff --git a/src/sentry/integrations/api/endpoints/organization_repository_details.py b/src/sentry/integrations/api/endpoints/organization_repository_details.py
--- a/src/sentry/integrations/api/endpoints/organization_repository_details.py
+++ b/src/sentry/integrations/api/endpoints/organization_repository_details.py
@@ -81,28 +81,27 @@
update_kwargs["status"] = ObjectStatus.HIDDEN
else:
raise NotImplementedError
- if update_kwargs:
- old_status = repo.status
- with transaction.atomic(router.db_for_write(Repository)):
- repo.update(**update_kwargs)
- if (
- old_status == ObjectStatus.PENDING_DELETION
- and repo.status == ObjectStatus.ACTIVE
- ):
- repo.reset_pending_deletion_field_names()
- repo.delete_pending_deletion_option()
- elif repo.status == ObjectStatus.HIDDEN and old_status != repo.status:
- repository_cascade_delete_on_hide.apply_async(kwargs={"repo_id": repo.id})
+ if not update_kwargs:
+ return Response({"detail": "No valid update fields were provided"}, status=400)
- if repo.external_id and repo.provider:
- cleanup_seer_repository_preferences.apply_async(
- kwargs={
- "organization_id": repo.organization_id,
- "repo_external_id": repo.external_id,
- "repo_provider": repo.provider,
- }
- )
+ old_status = repo.status
+ with transaction.atomic(router.db_for_write(Repository)):
+ repo.update(**update_kwargs)
+ if old_status == ObjectStatus.PENDING_DELETION and repo.status == ObjectStatus.ACTIVE:
+ repo.reset_pending_deletion_field_names()
+ repo.delete_pending_deletion_option()
+ elif repo.status == ObjectStatus.HIDDEN and old_status != repo.status:
+ repository_cascade_delete_on_hide.apply_async(kwargs={"repo_id": repo.id})
+ if repo.external_id and repo.provider:
+ cleanup_seer_repository_preferences.apply_async(
+ kwargs={
+ "organization_id": repo.organization_id,
+ "repo_external_id": repo.external_id,
+ "repo_provider": repo.provider,
+ }
+ )
+
return Response(serialize(repo, request.user))
def delete(self, request: Request, organization, repo_id) -> Response:
diff --git a/tests/sentry/integrations/api/endpoints/test_organization_repository_details.py b/tests/sentry/integrations/api/endpoints/test_organization_repository_details.py
--- a/tests/sentry/integrations/api/endpoints/test_organization_repository_details.py
+++ b/tests/sentry/integrations/api/endpoints/test_organization_repository_details.py
@@ -323,7 +323,7 @@
}
)
- def test_put_does_not_change_provider(self) -> None:
+ def test_put_rejects_integration_id(self) -> None:
self.login_as(user=self.user)
org = self.create_organization(owner=self.user, name="baz")
@@ -339,9 +339,10 @@
)
url = reverse("sentry-api-0-organization-repository-details", args=[org.slug, repo.id])
- response = self.client.put(url, data={"status": "visible", "integrationId": integration.id})
+ response = self.client.put(url, data={"integrationId": integration.id})
- assert response.status_code == 200
+ assert response.status_code == 400
+ assert response.data["detail"] == "No valid update fields were provided"
repo = Repository.objects.get(id=repo.id)
assert repo.provider == "integrations:github"This Bugbot Autofix run was free. To enable autofix for future PRs, go to the Cursor dashboard.
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
billyvg
approved these changes
Mar 27, 2026
GabeVillalobos
approved these changes
Mar 27, 2026
geoffg-sentry
added a commit
that referenced
this pull request
Mar 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.