Incorrect Organization Membership Assignment on Invitation Acceptance

Issue:
When a user is logged in with their account from organization X (with email X), and they receive an invitation to join organization Y via email Y, upon accepting the invitation, the system adds the user to organization Y with their email X instead of email Y.

Steps to Reproduce:

Log in to your account using organization X with email X.
Receive an invitation to join organization Y at email Y.
Follow the invitation link to join organization Y.
The system initially displays the error message:
There was an error loading the data.
Refresh the page.
Observe that you have been added as a member of organization Y, but using your email X (from organization X), not the invited email Y.

Expected Behavior:

Upon accepting an invitation to organization Y using email Y, the system should either:
- Prompt the user to log out from the current account (if they are logged in with a different email), and then require them to log in with email Y to complete the invitation process.
- OR automatically associate the user with organization Y using email Y, even if they are currently logged in with a different email.

In either case, the system should prevent membership to organization Y being created under the incorrect email X.

Actual Behavior:

The user is added to organization Y using the logged-in email X (from organization X) instead of the invited email Y, leading to incorrect account associations.

Severity:

High: This bug results in incorrect organizational membership and potential access control issues.

getsantry[bot] commented 1 month ago

Assigning to @getsentry/support for routing ⏲️

Het4304 commented 1 month ago

Hi i am interested in solving the issue can you assign it to me?? @umairahmed515 @getsentry-bot

getsantry[bot] commented 1 month ago

Routing to @getsentry/product-owners-settings-members for triage ⏲️

leedongwei commented 1 month ago

Thanks for the bug report, this is definitely a footgun that we should fix.

getsentry / sentry