sentry icon indicating copy to clipboard operation
sentry copied to clipboard

Published 20 hours ago verified publisher icon getsentry

Use a more secure approach to the invite flow

Open mdtro opened this issue 1 year ago • 1 comments

Our invite flow does not behave in a way that users generally expect. Accepting invites with an already logged in Sentry user account is not expected by most of our users. Our original intent was to make it easy for a single Sentry account to be a part of multiple organizations.

Currently, if you're already logged in to Sentry and visit the unique invite link -- you are added to that organization regardless of whether your Sentry account uses the email address that the invite was sent to. This is the unexpected behavior users have raised concern over.

I'm going to revisit our invite flow and use a more secure/expected pattern.

### Tasks
- [ ] When accepting an invite while logged in, only allow the invite to be accepted if the email it was sent to is a verified email on the account
- [ ] When registering an account via an invite, only allow the intended email to signup
- [ ] Only allow sending invites if the user has a verified email on their account
- [ ] Update email template to indicate that the link needs to be kept secure (e.g. do not share it)
- [ ] Update our documentation to align with the new flow

mdtro avatar Feb 06 '24 21:02 mdtro

I believe the work done as a part of this issue will resolve https://github.com/getsentry/sentry/issues/30065 as well.

mdtro avatar Apr 05 '24 20:04 mdtro

Routing to @getsentry/product-owners-sign-in for triage ⏲️

getsantry[bot] avatar Dec 11 '24 10:12 getsantry[bot]

Related to: https://sentry.zendesk.com/agent/tickets/144390

joemartinezsentry avatar Feb 06 '25 22:02 joemartinezsentry

The current behaviour will be changed. Please see internal discussions on member invite.

leedongwei avatar Feb 07 '25 17:02 leedongwei

Another: https://sentry.zendesk.com/agent/tickets/168212

Use case:

We are experiencing this problem for quite some time already, but we just came to understand what's happening: when a user accepts an organization invite while logged into Sentry with a different account, the system incorrectly adds the currently logged-in account to the organization instead of the email address that received the invite. Steps to Reproduce:

  • User A has an existing Sentry account (e.g., [email protected]) User A receives an organization invite sent to a different email address (e.g., [email protected])
  • User A clicks the invite link while logged into Sentry as [email protected] User A accepts the invite Expected Behavior:
  • The invited email address ([email protected]) should be added to the organization, regardless of which account is currently logged in. Ideally, Sentry should prompt the user to log in with the invited email or create an account for it. Actual Behavior:
  • The currently logged-in account ([email protected]) is added to the organization instead of the invited email address. Impact:
  • Unintended accounts gain access to organizations they weren't explicitly invited to Creates potential security/access control issues Users must remove incorrect accounts and re-send invites, temporarily losing access

Melinakos avatar Nov 24 '25 12:11 Melinakos

Another: https://sentry.zendesk.com/agent/tickets/168305

Melinakos avatar Nov 25 '25 10:11 Melinakos