fix: check user in helper (#83407)

getsentry · Jan 22, 2025 · 47a791b · 47a791b
1 parent 814dfa5
commit 47a791b
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/src/sentry/auth/helper.py b/src/sentry/auth/helper.py
@@ -547,7 +547,7 @@ def handle_unknown_identity(
         elif not self._has_usable_password():
             is_new_account = True
 
-        if op == "confirm" and self.user.is_authenticated or is_account_verified:
+        if op == "confirm" and (self.request.user.id == self.user.id) or is_account_verified:
             auth_identity = self.handle_attach_identity()
         elif op == "newuser":
             auth_identity = self.handle_new_user()

diff --git a/tests/sentry/web/frontend/test_auth_saml2.py b/tests/sentry/web/frontend/test_auth_saml2.py
@@ -295,3 +295,14 @@ def test_logout_request(self):
 
         updated = type(self.user).objects.get(pk=self.user.id)
         assert updated.session_nonce != self.user.session_nonce
+
+    def test_verify_email(self, follow=False, **kwargs):
+        assert AuthIdentity.objects.filter(user_id=self.user.id).count() == 0
+
+        response = self.accept_auth()
+        assert response.status_code == 200
+
+        response = self.client.post(self.acs_path, {"op": "confirm"})
+
+        # expect no linking before verification
+        assert AuthIdentity.objects.filter(user_id=self.user.id).count() == 0