From 339ede6daab6f7e69f563329d58bb4f21936be48 Mon Sep 17 00:00:00 2001 From: Dan Fuller Date: Fri, 17 Apr 2026 17:36:22 -0700 Subject: [PATCH] ref(flags): Remove organizations:revoke-org-auth-on-slug-rename The flag scanner classified this as flagpole-disabled. The flag gated revoking OrgAuthTokens when a slug is renamed; with it always False the revocation block never ran. Removes the dead block, now-unused imports, and the corresponding test. Co-Authored-By: Claude Opus 4.7 (1M context) --- src/sentry/features/temporary.py | 2 -- .../control_organization_provisioning/impl.py | 17 +------------ .../test_control_organization_provisioning.py | 25 ------------------- 3 files changed, 1 insertion(+), 43 deletions(-) diff --git a/src/sentry/features/temporary.py b/src/sentry/features/temporary.py index 83c6cedf3fe8c0..67408208031f46 100644 --- a/src/sentry/features/temporary.py +++ b/src/sentry/features/temporary.py @@ -291,8 +291,6 @@ def register_temporary_features(manager: FeatureManager) -> None: manager.add("organizations:replay-details-eap-query", OrganizationFeature, FeatureHandlerStrategy.FLAGPOLE, api_expose=False) # Add build code and build number to semver ordering manager.add("organizations:semver-ordering-with-build-code", OrganizationFeature, FeatureHandlerStrategy.FLAGPOLE, api_expose=False) - # Enable revocation of org auth keys when a user renames an org slug - manager.add("organizations:revoke-org-auth-on-slug-rename", OrganizationFeature, FeatureHandlerStrategy.FLAGPOLE, api_expose=True) # Enable detecting SDK crashes during event processing manager.add("organizations:sdk-crash-detection", OrganizationFeature, FeatureHandlerStrategy.FLAGPOLE, api_expose=False) # Enable Seer PR code review for GitHub Enterprise Server organizations diff --git a/src/sentry/hybridcloud/services/control_organization_provisioning/impl.py b/src/sentry/hybridcloud/services/control_organization_provisioning/impl.py index 5190e0c030e341..2f9159e4679d83 100644 --- a/src/sentry/hybridcloud/services/control_organization_provisioning/impl.py +++ b/src/sentry/hybridcloud/services/control_organization_provisioning/impl.py @@ -2,9 +2,8 @@ from copy import deepcopy from django.db import IntegrityError, router, transaction -from django.utils import timezone as django_timezone -from sentry import features, roles +from sentry import roles from sentry.constants import RESERVED_ORGANIZATION_SLUGS from sentry.db.models.utils import slugify_instance from sentry.hybridcloud.models.outbox import CellOutbox, ControlOutbox, outbox_context @@ -15,7 +14,6 @@ RpcOrganizationSlugReservation, serialize_slug_reservation, ) -from sentry.hybridcloud.services.organization_mapping.serial import serialize_organization_mapping from sentry.models.organization import Organization from sentry.models.organizationmapping import OrganizationMapping from sentry.models.organizationmember import OrganizationMember @@ -24,7 +22,6 @@ OrganizationSlugReservation, OrganizationSlugReservationType, ) -from sentry.models.orgauthtoken import OrgAuthToken from sentry.organizations.services.organization import RpcOrganization from sentry.services.organization import OrganizationProvisioningOptions from sentry.utils import json @@ -226,18 +223,6 @@ def update_organization_slug( reservation_type=OrganizationSlugReservationType.TEMPORARY_RENAME_ALIAS.value, ).save(unsafe_write=True) - org_mapping = OrganizationMapping.objects.filter( - organization_id=organization_id - ).first() - org = ( - serialize_organization_mapping(org_mapping) if org_mapping is not None else None - ) - if org and features.has("organizations:revoke-org-auth-on-slug-rename", org): - # Changing a slug invalidates all org tokens, so revoke them all. - auth_tokens = OrgAuthToken.objects.filter( - organization_id=organization_id, date_deactivated__isnull=True - ) - auth_tokens.update(date_deactivated=django_timezone.now()) except IntegrityError as e: # Check if this is a unique constraint violation on the slug if "sentry_organizationslugreservation_slug_key" in str(e): diff --git a/tests/sentry/hybridcloud/services/test_control_organization_provisioning.py b/tests/sentry/hybridcloud/services/test_control_organization_provisioning.py index 395ebfc54f4fc8..3eefb51fc32c2c 100644 --- a/tests/sentry/hybridcloud/services/test_control_organization_provisioning.py +++ b/tests/sentry/hybridcloud/services/test_control_organization_provisioning.py @@ -25,7 +25,6 @@ from sentry.testutils.cases import TestCase from sentry.testutils.silo import all_silo_test, assume_test_silo_mode, create_test_cells from sentry.types.cell import get_local_cell -from sentry.utils.security.orgauthtoken_token import hash_token class TestControlOrganizationProvisioningBase(TestCase): @@ -382,27 +381,3 @@ def test_swap_with_same_slug(self) -> None: with assume_test_silo_mode(SiloMode.CELL): org.refresh_from_db() assert org.slug == desired_slug - - def test_update_slug_revokes_auth_tokens(self) -> None: - self.organization = self.create_organization( - slug="old-slug", name="org", owner=self.create_user() - ) - token_str = "sntrys_abc123_xyz" - token = self.create_org_auth_token( - organization_id=self.organization.id, - scope_list=[], - name="test_token", - token_hashed=hash_token(token_str), - date_last_used=None, - ) - assert token.date_deactivated is None - with self.feature("organizations:revoke-org-auth-on-slug-rename"): - control_organization_provisioning_rpc_service.update_organization_slug( - organization_id=self.organization.id, - desired_slug="new-slug", - require_exact=True, - cell_name=self.cell_name, - ) - - token.refresh_from_db() - assert token.date_deactivated is not None