Skip to content

feat(auth): Add signup email verification endpoint#117893

Draft
nora-shap wants to merge 1 commit into
nora/auth/ID-1604from
nora/auth/ID-1603
Draft

feat(auth): Add signup email verification endpoint#117893
nora-shap wants to merge 1 commit into
nora/auth/ID-1604from
nora/auth/ID-1603

Conversation

@nora-shap

@nora-shap nora-shap commented Jun 17, 2026

Copy link
Copy Markdown
Member
  • Adds SignupEmailVerificationView at /auth/signup/verify-email/<signed_data>/ to handle email verification link clicks during (new, inactive) signup flow
  • Enforces same-session binding: the email in the signed link must match the email stored in the session when signup began, with a user-friendly error for cross-browser attempts
  • Registers auth.email-verification-at-signup option to gate the feature
  • Renders a static error page (extends sentry/bases/auth.html) for expired, tampered, or session-mismatched links with a "Start over" button

Here's what the error page looks like:
Screenshot 2026-06-15 at 5 33 41 PM

@linear-code

linear-code Bot commented Jun 17, 2026

Copy link
Copy Markdown

ID-1603

@github-actions github-actions Bot added the Scope: Backend Automatically applied to PRs that change backend components label Jun 17, 2026
@github-actions

github-actions Bot commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Backend Test Failures

Failures on 9cf702f in this run:

tests/sentry/management/commands/test_generate_controlsilo_urls.py::TestGenerateControlsiloUrls::test_no_missing_urlslog 
[gw1] linux -- Python 3.13.1 /home/runner/work/sentry/sentry/.venv/bin/python3
tests/sentry/management/commands/test_generate_controlsilo_urls.py:74: in test_no_missing_urls
    assert line in current_state, msg
E   AssertionError: 
E                 New control silo URL patterns detected!
E     
E                 The pattern:   new RegExp('^auth/signup/verify-email/[^/]+/$'),
E     
E                 Does not exist in the current pattern inventory. You should regenerate
E                 the pattern inventory with:
E     
E                 cd ../getsentry
E                 getsentry django generate_controlsilo_urls --format=js --output=../sentry/static/app/data/controlsiloUrlPatterns.ts
E     
E                 This command needs to be run in a getsentry environment
E                 in order to not lose patterns that are important for sentry.io
E                 
E   assert "  new RegExp('^auth/signup/verify-email/[^/]+/$')," in "// This is generated code.\n// To update it run `getsentry django generate_controlsilo_urls --format=js --output=/pat...gExp('^extensions/discord/link-identity/[^/]+/$'),\n  new RegExp('^extensions/discord/unlink-identity/[^/]+/$'),\n];\n"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michelletran-sentry michelletran-sentry Awaiting requested review from michelletran-sentry

Assignees

No one assigned

Labels

Scope: Backend Automatically applied to PRs that change backend components

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nora-shap