feat(cells): Remove legacy non-org-scoped accept invite API route#112767
Merged
feat(cells): Remove legacy non-org-scoped accept invite API route#112767
Conversation
The /api/0/accept-invite/{member_id}/{token}/ endpoint required no organization
context, relying on a cell mapping lookup to determine the org. The org-scoped
/api/0/accept-invite/{organization_id_or_slug}/{member_id}/{token}/ is now the
only supported cell-safe route.
This PR removes the legacy API route and any references to it:
- Remove the URL pattern from api/urls.py
- Remove the legacy pattern from controlsiloUrlPatterns.ts (regenerated)
- Remove the legacy type from knownSentryApiUrls.generated.ts (regenerated)
- Remove entries from the apidocs ownership and publish status allowlists
Removing this route is harmless as the web UI has been updated to always use the
new url in #112634. This is not a public
URL that requires a formal deprecation process.
github-actions
bot
added
Scope: Frontend
Contributor
|
🚨 Warning: This pull request contains Frontend and Backend changes! It's discouraged to make changes to Sentry's Frontend and Backend in a single pull request. The Frontend and Backend are not atomically deployed. If the changes are interdependent of each other, they must be separated into two pull requests and be made forward or backwards compatible, such that the Backend or Frontend can be safely deployed independently. Have questions? Please ask in the |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix prepared a fix for the issue found in the latest run.
- ✅ Fixed: Tests reference removed URL name causing NoReverseMatch failures
- Updated the invite acceptance tests to remove all
reverse()calls to the deleted route and consistently use the remaining organization-scoped URL pattern.
- Updated the invite acceptance tests to remove all
Or push these changes by commenting:
@cursor push 7de1168e85
Preview (7de1168e85)
diff --git a/tests/sentry/api/endpoints/test_accept_organization_invite.py b/tests/sentry/api/endpoints/test_accept_organization_invite.py
--- a/tests/sentry/api/endpoints/test_accept_organization_invite.py
+++ b/tests/sentry/api/endpoints/test_accept_organization_invite.py
@@ -36,7 +36,6 @@
def _get_paths(self, args):
return (
- reverse("sentry-api-0-accept-organization-invite", args=args),
reverse(
"sentry-api-0-organization-accept-organization-invite",
args=[self.organization.slug] + args,
@@ -49,15 +48,16 @@
def _get_urls(self):
return (
- "sentry-api-0-accept-organization-invite",
+ self.organization.slug,
+ self.organization.id,
+ )
+
+ def _get_path(self, organization_id_or_slug, args):
+ return reverse(
"sentry-api-0-organization-accept-organization-invite",
+ args=[organization_id_or_slug] + args,
)
- def _get_path(self, url, args):
- if url == self._get_urls()[0]:
- return reverse(url, args=args)
- return reverse(url, args=[self.organization.slug] + args)
-
def _require_2fa_for_organization(self):
with assume_test_silo_mode_of(Organization):
self.organization.update(flags=F("flags").bitor(Organization.flags.require_2fa))
@@ -205,7 +205,10 @@
with override_settings(SILO_MODE=SiloMode.CONTROL, SENTRY_MONOLITH_REGION="something-else"):
resp = self.client.get(
- reverse("sentry-api-0-accept-organization-invite", args=[om.id, om.token])
+ reverse(
+ "sentry-api-0-organization-accept-organization-invite",
+ args=[self.organization.id, om.id, om.token],
+ )
)
assert resp.status_code == 400This Bugbot Autofix run was free. To enable autofix for future PRs, go to the Cursor dashboard.
Reviewed by Cursor Bugbot for commit e04da93. Configure here.
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
Comment on lines
3783
to
3787
| name="sentry-api-0-data-export-notifications", | ||
| ), | ||
| re_path( | ||
| r"^accept-invite/(?P<member_id>[^/]+)/(?P<token>[^/]+)/$", | ||
| AcceptOrganizationInvite.as_view(), | ||
| name="sentry-api-0-accept-organization-invite", | ||
| ), | ||
| re_path( | ||
| r"^notification-defaults/$", | ||
| NotificationDefaultsEndpoints.as_view(), |
Contributor
There was a problem hiding this comment.
Bug: The removal of the sentry-api-0-accept-organization-invite URL pattern will cause tests to fail, as they still try to reverse this URL name.
Severity: CRITICAL
Suggested Fix
Update the tests in tests/sentry/api/endpoints/test_accept_organization_invite.py that rely on the removed URL name sentry-api-0-accept-organization-invite. They should be modified to use the new URL pattern's name or structure to generate the correct URLs, ensuring they align with the updated routing configuration.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: src/sentry/api/urls.py#L3783-L3787
Potential issue: The removal of the URL pattern named
`sentry-api-0-accept-organization-invite` will cause a
`django.urls.exceptions.NoReverseMatch` exception during test execution. Multiple tests
in `tests/sentry/api/endpoints/test_accept_organization_invite.py` still use
`reverse("sentry-api-0-accept-organization-invite", ...)` to generate URLs for API
calls. This affects the `_get_paths` method and the
`test_multi_region_organizationmember_id__non_monolith` test, among others, which will
lead to widespread test failures and block the CI pipeline.
Did we get this right? 👍 / 👎 to inform future reviews.
The /api/0/accept-invite/{member_id}/{token}/ endpoint required no organization
context, relying on a cell mapping lookup to determine the org. The org-scoped
/api/0/accept-invite/{organization_id_or_slug}/{member_id}/{token}/ is now the
only supported cell-safe route.
This PR removes the legacy API route and any references to it:
- Remove the URL pattern from api/urls.py
- Remove the legacy pattern from controlsiloUrlPatterns.ts (regenerated)
- Remove the legacy type from knownSentryApiUrls.generated.ts (regenerated)
- Remove entries from the apidocs ownership and publish status allowlists
Removing this route is harmless as the web UI has been updated to always use the
new url in #112634. This is not a public
URL that requires a formal deprecation process.
Contributor
Backend Test FailuresFailures on
|
markstory
approved these changes
Apr 13, 2026
Comment on lines
-270
to
+271
| elif not request.user.is_authenticated or not helper.valid_request: | ||
| elif not helper.valid_request: |
Member
There was a problem hiding this comment.
For others - helper.valid_request contains a user.is_authenticated check as well.
Member
Author
There was a problem hiding this comment.
This function also returns early a few lines above if not request.user.is_authenticated
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The
/api/0/accept-invite/{member_id}/{token}/required no organization context, relying on a cell mapping lookup to determine the org. The org-scoped/api/0/accept-invite/{organization_id_or_slug}/{member_id}/{token}/is now the only supported route.This PR removes the legacy API route and any references to it:
It also cleans up
AcceptOrganizationInviteandget_invite_statenow thatorganization_id_or_slugis always provided:int | strfromorganization_id_or_slugsince no caller ever passes an integerRemoving this route is harmless as the web UI has been previously updated to always
use the new url in #112634. This is effectively dead code.
This is not a public URL that requires a formal deprecation process.