Reapply "ref: code is non-null (#85871)" (#86139)

getsentry · Mar 3, 2025 · 50768b1 · 50768b1
1 parent 8a92705
commit 50768b1
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 7 deletions.
diff --git a/src/sentry/auth/providers/oauth2.py b/src/sentry/auth/providers/oauth2.py
@@ -113,6 +113,9 @@ def dispatch(self, request: HttpRequest, helper) -> HttpResponse:
         if state != helper.fetch_state("state"):
             return helper.error(ERR_INVALID_STATE)
 
+        if code is None:
+            return helper.error("no code was provided")
+
         data = self.exchange_token(request, helper, code)
 
         if "error_description" in data:

diff --git a/src/sentry/identity/oauth2.py b/src/sentry/identity/oauth2.py
@@ -387,6 +387,9 @@ def dispatch(self, request: HttpRequest, pipeline: Pipeline) -> HttpResponseBase
                 )
                 return pipeline.error(ERR_INVALID_STATE)
 
+            if code is None:
+                return pipeline.error("no code was provided")
+
         # separate lifecycle event inside exchange_token
         data = self.exchange_token(request, pipeline, code)
 

diff --git a/src/sentry/identity/vsts/provider.py b/src/sentry/identity/vsts/provider.py
@@ -8,6 +8,7 @@
 from django.http.request import HttpRequest
 
 from sentry import http, options
+from sentry.http import safe_urlopen, safe_urlread
 from sentry.identity.oauth2 import OAuth2CallbackView, OAuth2LoginView, OAuth2Provider, record_event
 from sentry.integrations.utils.metrics import IntegrationPipelineViewType
 from sentry.pipeline.base import Pipeline
@@ -125,8 +126,6 @@ def build_identity(self, data):
 
 class VSTSOAuth2CallbackView(OAuth2CallbackView):
     def exchange_token(self, request: HttpRequest, pipeline: Pipeline, code: str) -> dict[str, str]:
-        from sentry.http import safe_urlopen, safe_urlread
-
         with record_event(
             IntegrationPipelineViewType.TOKEN_EXCHANGE, pipeline.provider.key
         ).capture():
@@ -242,11 +241,6 @@ def get_authorize_params(self, state, redirect_uri):
 
 class VSTSNewOAuth2CallbackView(OAuth2CallbackView):
     def exchange_token(self, request: HttpRequest, pipeline: Pipeline, code: str) -> dict[str, str]:
-        from urllib.parse import parse_qsl
-
-        from sentry.http import safe_urlopen, safe_urlread
-        from sentry.utils.http import absolute_uri
-
         with record_event(
             IntegrationPipelineViewType.TOKEN_EXCHANGE, pipeline.provider.key
         ).capture():