Skip to content

fix(cells): Invalid invitation token or context always 404s#112633

Merged
lynnagara merged 2 commits intomasterfrom
fix-org-invite-redirect
Apr 10, 2026
Merged

fix(cells): Invalid invitation token or context always 404s#112633
lynnagara merged 2 commits intomasterfrom
fix-org-invite-redirect

Conversation

@lynnagara
Copy link
Copy Markdown
Member

@lynnagara lynnagara commented Apr 9, 2026

Invalid or expired invite links now return 404 rather than falling through to handle_react. Since the old React route is being removed, the fallback would have silently broken anyway — 404 is the semantically correct response for a link that doesn't resolve to a valid invite.

We never want to reveal the org if the token or invite context is not valid

@lynnagara
fix(cells): Invalid invitation token or context always 404s
c26e560 
Invalid or expired invite links now return 404 rather than falling through to handle_react.
Since the old React route is being removed, the fallback would have silently broken anyway — 404
is the semantically correct response for a link that doesn't resolve to a valid invite.

We never want to reveal the org if the token or invite context is not valid
@lynnagara lynnagara requested a review from a team as a code owner April 9, 2026 21:59
@github-actions github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Apr 9, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 9, 2026

Backend Test Failures

Failures on e32837f in this run:

tests/sentry/web/frontend/test_accept_organization_invite_redirect.py::AcceptOrganizationInviteRedirectViewTest::test_invalid_token_does_not_leak_org_sluglog 
[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/web/frontend/test_accept_organization_invite_redirect.py:40: in test_invalid_token_does_not_leak_org_slug
    assert response.status_code == 200
E   assert 404 == 200
E    +  where 404 = <HttpResponseNotFound status_code=404, "text/html; charset=utf-8">.status_code
tests/sentry/web/frontend/test_accept_organization_invite_redirect.py::AcceptOrganizationInviteRedirectViewTest::test_unresolved_legacy_invite_falls_back_to_react_pagelog 
[gw0] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/web/frontend/test_accept_organization_invite_redirect.py:46: in test_unresolved_legacy_invite_falls_back_to_react_page
    assert response.status_code == 200
E   assert 404 == 200
E    +  where 404 = <HttpResponseNotFound status_code=404, "text/html; charset=utf-8">.status_code

@lynnagara lynnagara merged commit e5b1933 into master Apr 10, 2026
56 checks passed
@lynnagara lynnagara deleted the fix-org-invite-redirect branch April 10, 2026 19:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@markstory markstory markstory approved these changes

Assignees

No one assigned

Labels

Scope: Backend Automatically applied to PRs that change backend components

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lynnagara @markstory