feat(member merge): merge account endpoint GET (#91100)

GET request for the user merge account endpoint. Fetches a list of user
accounts with the same primary email as the authenticated requesting
user + fetches their organization information.

---------

Co-authored-by: Cathy Teng <70817427+cathteng@users.noreply.github.com>
Co-authored-by: Mark Story <mark@mark-story.com>

Author: 3 people

src/sentry/api/endpoints/auth_merge_user_accounts.py

@@ -0,0 +1,47 @@
+from django.contrib.auth.models import AnonymousUser
+from rest_framework.request import Request
+from rest_framework.response import Response
+
+from sentry.api.api_owners import ApiOwner
+from sentry.api.api_publish_status import ApiPublishStatus
+from sentry.api.base import Endpoint, control_silo_endpoint
+from sentry.api.paginator import OffsetPaginator
+from sentry.api.permissions import SentryIsAuthenticated
+from sentry.api.serializers import serialize
+from sentry.users.api.serializers.user import UserSerializerWithOrgMemberships
+from sentry.users.models.user import User
+
+
+@control_silo_endpoint
+class AuthMergeUserAccountsEndpoint(Endpoint):
+    publish_status = {
+        "GET": ApiPublishStatus.PRIVATE,
+        "POST": ApiPublishStatus.PRIVATE,
+    }
+    owner = ApiOwner.ENTERPRISE
+    permission_classes = (SentryIsAuthenticated,)
+    """
+    List and merge user accounts with the same primary email address.
+    """
+
+    def get(self, request: Request) -> Response:
+        user = request.user
+        if isinstance(user, AnonymousUser):
+            return Response(
+                status=401,
+                data={"error": "You must be authenticated to use this endpoint"},
+            )
+
+        shared_email = user.email
+        if not shared_email:
+            return Response(
+                status=400,
+                data={"error": "Shared email is empty or null"},
+            )
+        queryset = User.objects.filter(email=shared_email).order_by("last_active")
+        return self.paginate(
+            request=request,
+            queryset=queryset,
+            on_results=lambda x: serialize(x, user, UserSerializerWithOrgMemberships()),
+            paginator_cls=OffsetPaginator,
+        )

src/sentry/api/urls.py

@@ -3,6 +3,7 @@
 from django.conf.urls import include
 from django.urls import URLPattern, URLResolver, re_path
 
+from sentry.api.endpoints.auth_merge_user_accounts import AuthMergeUserAccountsEndpoint
 from sentry.api.endpoints.group_ai_summary import GroupAiSummaryEndpoint
 from sentry.api.endpoints.group_autofix_setup_check import GroupAutofixSetupCheck
 from sentry.api.endpoints.group_integration_details import GroupIntegrationDetailsEndpoint
@@ -929,6 +930,11 @@ def create_group_urls(name_prefix: str) -> list[URLPattern | URLResolver]:
         AuthValidateEndpoint.as_view(),
         name="sentry-api-0-auth-test",
     ),
+    re_path(
+        r"^merge-accounts/$",
+        AuthMergeUserAccountsEndpoint.as_view(),
+        name="sentry-api-0-auth-merge-accounts",
+    ),
 ]
 
 BROADCAST_URLS = [

src/sentry/users/api/serializers/user.py

@@ -324,6 +324,10 @@ class DetailedSelfUserSerializerResponse(UserSerializerResponse):
     permissions: Sequence[str]
 
 
+class UserSerializerWithOrgMembershipsResponse(UserSerializerResponse):
+    organizations: Sequence[str]
+
+
 class DetailedSelfUserSerializer(UserSerializer):
     """
     Return additional information for operating on behalf of a user, like their permissions.
@@ -396,3 +400,49 @@ def serialize(
                 "Incorrectly calling `DetailedSelfUserSerializer`. See docstring for details."
             )
         return d
+
+
+class UserSerializerWithOrgMemberships(UserSerializer):
+    def get_attrs(
+        self,
+        item_list: Sequence[User],
+        user: User | AnonymousUser | RpcUser,
+        **kwargs: Any,
+    ) -> MutableMapping[User, Any]:
+        attrs = super().get_attrs(item_list, user, **kwargs)
+
+        memberships = OrganizationMemberMapping.objects.filter(
+            user_id__in={u.id for u in item_list}
+        ).values_list("user_id", "organization_id", named=True)
+        active_org_id_to_name = dict(
+            OrganizationMapping.objects.filter(
+                organization_id__in={m.organization_id for m in memberships},
+                status=OrganizationStatus.ACTIVE,
+            ).values_list("organization_id", "name")
+        )
+        active_organization_ids = active_org_id_to_name.keys()
+
+        user_org_memberships: DefaultDict[int, list[str]] = defaultdict(list)
+        for membership in memberships:
+            if membership.organization_id in active_organization_ids:
+                user_org_memberships[membership.user_id].append(
+                    active_org_id_to_name[membership.organization_id]
+                )
+        for item in item_list:
+            attrs[item]["organizations"] = user_org_memberships[item.id]
+
+        return attrs
+
+    def serialize(
+        self,
+        obj: User,
+        attrs: Mapping[str, Any],
+        user: User | AnonymousUser | RpcUser,
+        **kwargs: Any,
+    ) -> UserSerializerWithOrgMembershipsResponse:
+        response = cast(
+            UserSerializerWithOrgMembershipsResponse, super().serialize(obj, attrs, user)
+        )
+
+        response["organizations"] = sorted(attrs["organizations"])
+        return response

static/app/data/controlsiloUrlPatterns.ts

@@ -116,6 +116,7 @@ const patterns: RegExp[] = [
   new RegExp('^api/0/auth/config/$'),
   new RegExp('^api/0/auth/login/$'),
   new RegExp('^api/0/auth/validate/$'),
+  new RegExp('^api/0/auth/merge-accounts/$'),
   new RegExp('^api/0/auth-v2/login/$'),
   new RegExp('^api/0/broadcasts/$'),
   new RegExp('^api/0/broadcasts/[^/]+/$'),

tests/sentry/api/endpoints/test_auth_merge_user_accounts.py

@@ -0,0 +1,40 @@
+from sentry.testutils.cases import APITestCase
+from sentry.testutils.silo import control_silo_test
+
+
+@control_silo_test
+class ListUserAccountsWithSharedEmailTest(APITestCase):
+    endpoint = "sentry-api-0-auth-merge-accounts"
+    method = "get"
+
+    def test_simple(self):
+        user1 = self.create_user(username="mifu1", email="mifu@example.com")
+        user2 = self.create_user(username="mifu2", email="mifu@example.com")
+        # unrelated user
+        self.create_user(username="unrelated-mifu", email="michelle@email.com")
+
+        self.login_as(user1)
+        response = self.get_success_response()
+        assert len(response.data) == 2
+        assert response.data[0]["username"] == user1.username
+        assert response.data[1]["username"] == user2.username
+
+    def test_with_orgs(self):
+        user1 = self.create_user(username="powerful mifu", email="mifu@example.com")
+        user2 = self.create_user(username="transcendent mifu", email="mifu@example.com")
+        self.create_user(username="garden variety mifu", email="mifu@example.com")
+
+        org1 = self.create_organization(name="hojicha")
+        org2 = self.create_organization(name="matcha")
+        org3 = self.create_organization(name="oolong")
+
+        self.create_member(user=user1, organization=org1)
+        self.create_member(user=user1, organization=org2)
+        self.create_member(user=user2, organization=org3)
+
+        self.login_as(user1)
+        response = self.get_success_response()
+
+        assert response.data[0]["organizations"] == [org1.name, org2.name]
+        assert response.data[1]["organizations"] == [org3.name]
+        assert response.data[2]["organizations"] == []