- ;
};
-export type OnDimensionChange = (
- index: number,
+export type OnExpandCallback = (
path: string,
- expandedState: Record
{t('Next Steps')}
--
- {nextSteps.map(step => (
-
+ The maximumValue prop allows setting the maximum displayable value.
+ e.g., imagine a widget that displays a count. A count of more than a million is
+ too expensive for the API to compute, so the API returns a maximum of 1,000,000.
+ If the API returns exactly 1,000,000, that means the actual number is unknown,
+ something higher than the max. Setting{' '}
+
+ The preferredPolarity prop controls the color of the comparison
+ string. Setting
{{ token_type }} exposed
+Your Sentry {{ token_type }} was found publicly on the internet. We recommend revoking this token immediately, as exposed tokens pose a security risk to your account.
+
+Name: {{ token_name }}
+Token: {{ token_redacted }}
+SHA256: {{ hashed_token }}
+
+Source: {{ exposed_source }}
+URL: {{ exposed_url }}
+Date: {{ datetime|date:"N j, Y, P e" }}
+ Read more about Sentry Auth Tokens.
+{% endblock %} diff --git a/src/sentry/templates/sentry/emails/secret-scanning/body.txt b/src/sentry/templates/sentry/emails/secret-scanning/body.txt new file mode 100644 index 00000000000000..4f0c01d488ac75 --- /dev/null +++ b/src/sentry/templates/sentry/emails/secret-scanning/body.txt @@ -0,0 +1,15 @@ +{{ token_type }} exposed + +Your Sentry {{ token_type }} was found publicly on the internet. We recommend revoking this token immediately, as exposed tokens pose a security risk to your account: +{{ revoke_url }} + +Name: {{ token_name }} +Token: {{ token_redacted }} +SHA256: {{ hashed_token }} + +Source: {{ exposed_source }} +URL: {{ exposed_url }} +Date: {{ datetime|date:"N j, Y, P e" }} + +Read more about Sentry Auth Tokens: +https://docs.sentry.io/account/auth-tokens/ diff --git a/src/sentry/utils/github.py b/src/sentry/utils/github.py new file mode 100644 index 00000000000000..9c8eab15f11717 --- /dev/null +++ b/src/sentry/utils/github.py @@ -0,0 +1,45 @@ +import base64 +import binascii +from typing import Any + +from cryptography.exceptions import InvalidSignature +from cryptography.hazmat.primitives import hashes, serialization +from cryptography.hazmat.primitives.asymmetric import ec +from pydantic import BaseModel + +from sentry import options + +from .github_client import GitHubClient + + +class GitHubKeysPayload(BaseModel): + public_keys: list[dict[str, Any]] + + +def verify_signature(payload: str, signature: str, key_id: str, subpath: str) -> None: + if not payload or not signature or not key_id: + raise ValueError("Invalid payload, signature, or key_id") + + client_id = options.get("github-login.client-id") + client_secret = options.get("github-login.client-secret") + client = GitHubClient(client_id=client_id, client_secret=client_secret) + response = client.get(f"/meta/public_keys/{subpath}") + keys = GitHubKeysPayload.parse_obj(response) + + public_key = next((k for k in keys.public_keys if k["key_identifier"] == key_id), None) + if not public_key: + raise ValueError("No public key found matching key identifier") + + key = serialization.load_pem_public_key(public_key["key"].encode()) + + if not isinstance(key, ec.EllipticCurvePublicKey): + raise ValueError("Invalid public key type") + + try: + # Decode the base64 signature to bytes + signature_bytes = base64.b64decode(signature) + key.verify(signature_bytes, payload.encode(), ec.ECDSA(hashes.SHA256())) + except InvalidSignature: + raise ValueError("Signature does not match payload") + except binascii.Error: + raise ValueError("Invalid signature encoding") diff --git a/src/sentry/utils/github_client.py b/src/sentry/utils/github_client.py new file mode 100644 index 00000000000000..37a079c545338f --- /dev/null +++ b/src/sentry/utils/github_client.py @@ -0,0 +1,80 @@ +from requests.exceptions import HTTPError + +from sentry.http import build_session +from sentry.utils import json + + +class ApiError(Exception): + code = None + json = None + xml = None + + def __init__(self, text, code=None): + if code is not None: + self.code = code + self.text = text + # TODO(dcramer): pull in XML support from Jira + if text: + try: + self.json = json.loads(text) + except (json.JSONDecodeError, ValueError): + self.json = None + else: + self.json = None + super().__init__(text[:128]) + + @classmethod + def from_response(cls, response): + if response.status_code == 401: + return ApiUnauthorized(response.text) + return cls(response.text, response.status_code) + + +class ApiUnauthorized(ApiError): + code = 401 + + +class GitHubClient: + ApiError = ApiError + + url = "https://api.github.com" + + def __init__(self, url=None, token=None, client_id=None, client_secret=None): + if url is not None: + self.url = url.rstrip("/") + self.token = token + self.client_id = client_id + self.client_secret = client_secret + + def _request(self, method, path, headers=None, data=None, params=None, auth=None): + with build_session() as session: + try: + resp = getattr(session, method.lower())( + url=f"{self.url}{path}", + headers=headers, + json=data, + params=params, + allow_redirects=True, + auth=auth, + ) + resp.raise_for_status() + except HTTPError as e: + raise ApiError.from_response(e.response) + return resp.json() + + def request(self, method, path, data=None, params=None, auth=None): + headers = {"Accept": "application/vnd.github.valkyrie-preview+json"} + + if self.token: + headers.setdefault("Authorization", f"token {self.token}") + + elif auth is None and self.client_id and self.client_secret: + auth = (self.client_id, self.client_secret) + + return self._request(method, path, headers=headers, data=data, params=params, auth=auth) + + def get(self, *args, **kwargs): + return self.request("GET", *args, **kwargs) + + def post(self, *args, **kwargs): + return self.request("POST", *args, **kwargs) diff --git a/static/app/data/controlsiloUrlPatterns.ts b/static/app/data/controlsiloUrlPatterns.ts index a1d35367955068..f0e1959803be80 100644 --- a/static/app/data/controlsiloUrlPatterns.ts +++ b/static/app/data/controlsiloUrlPatterns.ts @@ -136,6 +136,7 @@ const patterns: RegExp[] = [ new RegExp('^api/0/internal/integration-proxy/$'), new RegExp('^api/0/internal/rpc/[^/]+/[^/]+/$'), new RegExp('^api/0/internal/feature-flags/$'), + new RegExp('^api/0/secret-scanning/github/$'), new RegExp('^api/hooks/mailgun/inbound/'), new RegExp('^oauth/authorize/$'), new RegExp('^oauth/token/$'), diff --git a/tests/sentry/api/endpoints/secret_scanning/test_github.py b/tests/sentry/api/endpoints/secret_scanning/test_github.py new file mode 100644 index 00000000000000..902e61e4eb7299 --- /dev/null +++ b/tests/sentry/api/endpoints/secret_scanning/test_github.py @@ -0,0 +1,196 @@ +from unittest.mock import patch + +from django.core import mail +from django.urls import reverse +from django.utils import timezone + +from sentry.models.apitoken import ApiToken +from sentry.models.orgauthtoken import OrgAuthToken +from sentry.testutils.cases import TestCase +from sentry.testutils.helpers import override_options +from sentry.testutils.silo import control_silo_test +from sentry.types.token import AuthTokenType +from sentry.utils import json +from sentry.utils.security.orgauthtoken_token import generate_token, hash_token + + +@control_silo_test +class SecretScanningGitHubTest(TestCase): + path = reverse("sentry-api-0-secret-scanning-github") + + def test_invalid_content_type(self): + response = self.client.post(self.path, content_type="application/x-www-form-urlencoded") + assert response.status_code == 400 + assert response.content == b'{"details":"invalid content type specified"}' + + def test_invalid_signature(self): + response = self.client.post(self.path, content_type="application/json") + assert response.status_code == 400 + assert response.content == b'{"details":"invalid signature"}' + + @override_options({"secret-scanning.github.enable-signature-verification": False}) + def test_false_positive(self): + payload = [ + { + "source": "commit", + "token": "some_token", + "type": "some_type", + "url": "https://example.com/base-repo-url/", + } + ] + response = self.client.post(self.path, content_type="application/json", data=payload) + assert response.status_code == 200 + assert ( + response.content + == b'[{"token_hash":"9a45520a1213f15016d2d768b5fb3d904492a44ee274b44d4de8803e00fb536a","token_type":"some_type","label":"false_positive"}]' + ) + + @override_options({"secret-scanning.github.enable-signature-verification": False}) + def test_false_positive_deactivated_user_token(self): + user = self.create_user() + token = ApiToken.objects.create(user=user, name="test user token", scope_list=[]) + + # revoke token + token.delete() + + payload = [ + { + "source": "commit", + "token": str(token), + "type": "sentry_user_auth_token", + "url": "https://example.com/base-repo-url/", + } + ] + + with self.tasks(): + response = self.client.post(self.path, content_type="application/json", data=payload) + assert response.status_code == 200 + expected = [ + { + "token_hash": hash_token(str(token)), + "token_type": "sentry_user_auth_token", + "label": "false_positive", + } + ] + assert json.loads(response.content.decode("utf-8")) == expected + + assert len(mail.outbox) == 0 + + @override_options({"secret-scanning.github.enable-signature-verification": False}) + def test_false_positive_deactivated_org_token(self): + token_str = generate_token("test-org", "https://test-region.sentry.io") + hash_digest = hash_token(token_str) + token = OrgAuthToken.objects.create( + organization_id=self.organization.id, + name="test org token", + scope_list=["org:ci"], + token_hashed=hash_digest, + ) + + # revoke token + token.update(date_deactivated=timezone.now()) + + payload = [ + { + "source": "commit", + "token": token_str, + "type": "sentry_org_auth_token", + "url": "https://example.com/base-repo-url/", + } + ] + + with self.tasks(): + response = self.client.post(self.path, content_type="application/json", data=payload) + assert response.status_code == 200 + expected = [ + { + "token_hash": hash_digest, + "token_type": "sentry_org_auth_token", + "label": "false_positive", + } + ] + assert json.loads(response.content.decode("utf-8")) == expected + + assert len(mail.outbox) == 0 + + @override_options({"secret-scanning.github.enable-signature-verification": False}) + @patch("sentry.api.endpoints.secret_scanning.github.logger") + def test_true_positive_user_token(self, mock_logger): + user = self.create_user() + token = ApiToken.objects.create(user=user, name="test user token", scope_list=[]) + + payload = [ + { + "source": "commit", + "token": str(token), + "type": "sentry_user_auth_token", + "url": "https://example.com/base-repo-url/", + } + ] + + with self.tasks(): + response = self.client.post(self.path, content_type="application/json", data=payload) + assert response.status_code == 200 + assert response.content == b"[]" + + extra = { + "exposed_source": "commit", + "exposed_url": "https://example.com/base-repo-url/", + "hashed_token": token.hashed_token, + "token_type": AuthTokenType.USER, + } + mock_logger.info.assert_called_with("found an exposed auth token", extra=extra) + + assert len(mail.outbox) == 1 + assert mail.outbox[0].to == [user.username] + assert mail.outbox[0].subject == "[Sentry]Action Required: User Auth Token Exposed" + assert ( + "Your Sentry User Auth Token was found publicly on the internet" in mail.outbox[0].body + ) + assert "http://testserver/settings/account/api/auth-tokens" in mail.outbox[0].body + assert "test user token" in mail.outbox[0].body + assert token.hashed_token in mail.outbox[0].body + + @override_options({"secret-scanning.github.enable-signature-verification": False}) + @patch("sentry.api.endpoints.secret_scanning.github.logger") + def test_true_positive_org_token(self, mock_logger): + token_str = generate_token("test-org", "https://test-region.sentry.io") + token = OrgAuthToken.objects.create( + organization_id=self.organization.id, + name="test org token", + scope_list=["org:ci"], + token_hashed=hash_token(token_str), + ) + + payload = [ + { + "source": "commit", + "token": token_str, + "type": "sentry_org_auth_token", + "url": "https://example.com/base-repo-url/", + } + ] + + with self.tasks(): + response = self.client.post(self.path, content_type="application/json", data=payload) + assert response.status_code == 200 + assert response.content == b"[]" + + extra = { + "exposed_source": "commit", + "exposed_url": "https://example.com/base-repo-url/", + "hashed_token": token.token_hashed, + "token_type": AuthTokenType.ORG, + } + mock_logger.info.assert_called_with("found an exposed auth token", extra=extra) + + assert len(mail.outbox) == 1 + assert mail.outbox[0].to == [self.user.username] + assert mail.outbox[0].subject == "[Sentry]Action Required: Organization Auth Token Exposed" + assert ( + "Your Sentry Organization Auth Token was found publicly on the internet" + in mail.outbox[0].body + ) + assert "http://baz.testserver/settings/auth-tokens/" in mail.outbox[0].body + assert "test org token" in mail.outbox[0].body + assert token.token_hashed in mail.outbox[0].body diff --git a/tests/sentry/utils/test_github.py b/tests/sentry/utils/test_github.py new file mode 100644 index 00000000000000..79212823ab51ea --- /dev/null +++ b/tests/sentry/utils/test_github.py @@ -0,0 +1,68 @@ +from unittest import TestCase + +import pytest +import responses + +from sentry.utils.github import verify_signature + +GITHUB_META_PUBLIC_KEYS_RESPONSE = { + "public_keys": [ + { + "key_identifier": "90a421169f0a406205f1563a953312f0be898d3c7b6c06b681aa86a874555f4a", + "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9MJJHnMfn2+H4xL4YaPDA4RpJqUq\nkCmRCBnYERxZanmcpzQSXs1X/AljlKkbJ8qpVIW4clayyef9gWhFbNHWAA==\n-----END PUBLIC KEY-----\n", + "is_current": False, + }, + { + "key_identifier": "bcb53661c06b4728e59d897fb6165d5c9cda0fd9cdf9d09ead458168deb7518c", + "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYAGMWO8XgCamYKMJS6jc/qgvSlAd\nAjPuDPRcXU22YxgBrz+zoN19MzuRyW87qEt9/AmtoNP5GrobzUvQSyJFVw==\n-----END PUBLIC KEY-----\n", + "is_current": True, + }, + ] +} + + +class TestGitHub(TestCase): + def setUp(self): + # https://docs.github.com/en/code-security/secret-scanning/secret-scanning-partner-program#implement-signature-verification-in-your-secret-alert-service + self.payload = """[{"source":"commit","token":"some_token","type":"some_type","url":"https://example.com/base-repo-url/"}]""" + self.signature = "MEQCIQDaMKqrGnE27S0kgMrEK0eYBmyG0LeZismAEz/BgZyt7AIfXt9fErtRS4XaeSt/AO1RtBY66YcAdjxji410VQV4xg==" + self.key_id = "bcb53661c06b4728e59d897fb6165d5c9cda0fd9cdf9d09ead458168deb7518c" + self.subpath = "secret_scanning" + + @responses.activate + def _verify(self): + responses.add( + responses.GET, + "https://api.github.com/meta/public_keys/secret_scanning", + json=GITHUB_META_PUBLIC_KEYS_RESPONSE, + status=200, + ) + + verify_signature(self.payload, self.signature, self.key_id, self.subpath) + + def test_verify_signature_success(self): + self._verify() + + def test_verify_signature_missing_key(self): + self.key_id = "" + with pytest.raises(ValueError) as excinfo: + self._verify() + assert "Invalid payload, signature, or key_id" in str(excinfo.value) + + def test_verify_signature_invalid_key(self): + self.key_id = "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08" + with pytest.raises(ValueError) as excinfo: + self._verify() + assert "No public key found matching key identifier" in str(excinfo.value) + + def test_verify_signature_invalid_signature(self): + self.payload = "[]" + with pytest.raises(ValueError) as excinfo: + self._verify() + assert "Signature does not match payload" in str(excinfo.value) + + def test_verify_signature_invalid_encoding(self): + self.signature = "fakesignature" + with pytest.raises(ValueError) as excinfo: + self._verify() + assert "Invalid signature encoding" in str(excinfo.value) From 15fe55530b5c8a4e505293ce1a9200979e9ed711 Mon Sep 17 00:00:00 2001 From: Matej Minar{t('Next Steps')}
+{t('Additional Information')}
-
{nextSteps
.filter((step): step is Exclude
-
+
+ {t('Sentry SDK documentation')} + +
+ )}
+ {platformDocsLink && (
+ -
+
+ {t('Platform documentation')} + +
+ )}
+
{configureAdditionalInfo}
+, - } - ), + label: 'Dart', + value: 'dart', + language: 'dart', + code: getVerifySnippet(), + }, + ], }, ], }, @@ -279,10 +307,16 @@ const onboarding: OnboardingConfig = { ), configurations: [ { - language: 'dart', - code: getPerformanceSnippet(), + code: [ + { + label: 'Dart', + value: 'dart', + language: 'dart', + code: getPerformanceSnippet(), + }, + ], additionalInfo: tct( - 'To learn more about the API and automatic instrumentations, check out the [perfDocs: performance documentation].', + 'To learn more about the API and automatic instrumentations, check out the [perfDocs: tracing documentation].', { perfDocs: (
+ {status.formattedValue ?? '-'}{' '}
+ {status.score !== PerformanceScore.NONE && (
+ {status.description}
+ )}
+
+ )}
+ {vital.docs}
+ {vital.setup &&{vital.setup}
} + {(platformDocsLink || sdkDocsLink) && ( +-
+ {sdkDocsLink && (
+
-
+ {
+ onOptionalToggleClick?.(!showOptionalConfig);
+ setShowOptionalConfig(!showOptionalConfig);
+ }}
+ >
+
{showOptionalConfig ? config : null}
@@ -307,13 +308,15 @@ const GeneralAdditionalInfo = styled(Description)`
margin-top: ${space(2)};
`;
-const OptionalConfigWrapper = styled('div')`
+const OptionalConfigWrapper = styled('div')<{expanded: boolean}>`
display: flex;
+ gap: ${space(1)};
+ margin-bottom: ${p => (p.expanded ? space(2) : 0)};
cursor: pointer;
- margin-bottom: 0.5em;
`;
const ToggleButton = styled(Button)`
+ padding: 0;
&,
:hover {
color: ${p => p.theme.gray500};
diff --git a/static/app/gettingStartedDocs/javascript/astro.tsx b/static/app/gettingStartedDocs/javascript/astro.tsx
index abc538d2595b07..1c20b807619d07 100644
--- a/static/app/gettingStartedDocs/javascript/astro.tsx
+++ b/static/app/gettingStartedDocs/javascript/astro.tsx
@@ -218,7 +218,7 @@ const replayOnboarding: OnboardingConfig = {
],
configure: (params: Params) => [
{
- type: StepType.CONFIGURE,
+ title: 'Configure Session Replay (Optional)',
description: tct(
'There are several privacy and sampling options available. Learn more about configuring Session Replay by reading the [link:configuration docs].',
{
@@ -297,7 +297,7 @@ import * as Sentry from "@sentry/astro";`,
},
],
additionalInfo: {title ?? StepTitle[type]}
- {title ?? StepTitle[type]} - {t(' (Optional)')} -
- + />
+ {tct(
+ 'Alternatively, you can also [manualSetupLink:set up the SDK manually], by following these steps:',
+ {
+ manualSetupLink: (
+
-
+
+ {tct(
+ 'Start your development server and visit [code:/sentry-example-page] if you have set it up. Click the button to trigger a test error.',
+ {
+ code: ,
+ }
+ )}
+
{t( - 'The Sentry wizard will automatically patch your application to configure the Sentry SDK:' + 'Or, trigger a sample error by calling a function that does not exist somewhere in your application.' )}
--
-
-
- {tct(
- 'Alternatively, you can also [manualSetupLink:set up the SDK manually].',
- {
- manualSetupLink: (
-
+
{tct(
@@ -162,8 +208,6 @@ const onboarding: OnboardingConfig = {
),
},
],
- configure: () => [],
- verify: () => [],
};
const replayOnboarding: OnboardingConfig = {
@@ -388,13 +432,17 @@ const DSNText = styled('div')`
margin-bottom: ${space(0.5)};
`;
-const ManualSetupTitle = styled('p')`
- font-size: ${p => p.theme.fontSizeLarge};
- font-weight: ${p => p.theme.fontWeightBold};
-`;
-
const AdditionalInfoWrapper = styled('div')`
display: flex;
flex-direction: column;
gap: ${space(2)};
`;
+
+const Divider = styled('hr')`
+ height: 1px;
+ width: 100%;
+ background: ${p => p.theme.border};
+ border: none;
+ margin-top: ${space(1)};
+ margin-bottom: ${space(2)};
+`;
diff --git a/static/app/gettingStartedDocs/javascript/remix.spec.tsx b/static/app/gettingStartedDocs/javascript/remix.spec.tsx
index 6112ddb2683976..58c7e0a303dadb 100644
--- a/static/app/gettingStartedDocs/javascript/remix.spec.tsx
+++ b/static/app/gettingStartedDocs/javascript/remix.spec.tsx
@@ -9,13 +9,11 @@ describe('javascript-remix onboarding docs', function () {
renderWithOnboardingLayout(docs);
// Renders main headings
- expect(screen.getByRole('heading', {name: 'Install'})).toBeInTheDocument();
- expect(screen.getByRole('heading', {name: 'Configure SDK'})).toBeInTheDocument();
-
- // Includes minimum required Astro version
- expect(screen.getByText(textWithMarkupMatcher(/Remix 1.0.0/))).toBeInTheDocument();
+ expect(
+ screen.getByRole('heading', {name: 'Automatic Configuration (Recommended)'})
+ ).toBeInTheDocument();
- // Includes wizard command statement
+ // Includes configure statement
expect(
screen.getByText(textWithMarkupMatcher(/npx @sentry\/wizard@latest -i remix/))
).toBeInTheDocument();
diff --git a/static/app/gettingStartedDocs/javascript/remix.tsx b/static/app/gettingStartedDocs/javascript/remix.tsx
index 1ef810dfb412f5..0aa14e7fd28674 100644
--- a/static/app/gettingStartedDocs/javascript/remix.tsx
+++ b/static/app/gettingStartedDocs/javascript/remix.tsx
@@ -31,10 +31,11 @@ type Params = DocsParams;
const getConfigStep = ({isSelfHosted, organization, projectSlug}: Params) => {
const urlParam = isSelfHosted ? '' : '--saas';
+
return [
{
description: tct(
- 'Configure your app automatically with the [wizardLink:Sentry wizard].',
+ 'Configure your app automatically by running the [wizardLink:Sentry wizard] in the root of your project.',
{
wizardLink: (
+ {tct(
+ 'Start your development server and visit [code:/sentry-example-page] if you have set it up. Click the button to trigger a test error.',
+ {
+ code: ,
+ }
+ )}
+
+ {t( + 'Or, trigger a sample error by calling a function that does not exist somewhere in your application.' + )} +
+
+ {tct(
+ 'Start your development server and visit [code:/sentry-example-page] if you have set it up. Click the button to trigger a test error.',
+ {
+ code: ,
+ }
+ )}
+
+ {t( + 'Or, trigger a sample error by calling a function that does not exist somewhere in your application.' + )} +
+
- ForwardedValue: {props.forwardedValue}
- {'is: ' + props.tags?.is?.values?.[0]}
- {'mechanism: ' + props.tags?.mechanism?.values?.join(', ')}
- {'bookmarks: ' + props.tags?.bookmarks?.values?.join(', ')}
- {'assigned: ' +
- (props.tags?.assigned?.values as SearchGroup[])
- .flatMap(x => x.children)
- .map(x => x.desc)
- ?.join(', ')}
- {'stack filename: ' + props.tags?.['stack.filename'].name}
-
- );
-}
-
-describe('withIssueTags HoC', function () {
- beforeEach(() => {
- TeamStore.reset();
- TagStore.reset();
- MemberListStore.loadInitialData([]);
- });
-
- it('forwards loaded tags to the wrapped component', async function () {
- const Container = withIssueTags(MyComponent);
- render(
+ {/* TODO(mia): remove these props and use InviteMemberContext once old modal is removed */}
+
+
+ Email addresses
+
+ ValueComponent(props, inviteStatus),
+ DropdownIndicator: () => null,
+ }}
+ options={mapToOptions(emails)}
+ onBlur={(e: React.ChangeEvent) => {
+ handleInput(e.target.value);
+ }}
+ styles={getStyles(theme, inviteStatus)}
+ onInputChange={setInputValue}
+ onKeyDown={handleKeyDown}
+ onChange={onChangeEmails}
+ multiple
+ creatable
+ clearable
+ onClear={reset}
+ menuIsOpen={false}
+ />
+
+
+
+ Role
+ {
+ onChangeRole(roleOption);
+ if (!isTeamRolesAllowedForRole(roleOption.value)) {
+ onChangeTeams([]);
+ }
+ }}
+ />
+
+
+ Add to team
+
+
+ {sentCount > 0 && (
+
+
+ )}
+ {errorCount > 0 && (
+
+
+ )}
+
+ );
+}
+
+interface InviteStatusMessageProps {
complete: boolean;
hasDuplicateEmails: boolean;
inviteStatus: InviteStatus;
@@ -21,7 +74,10 @@ export default function InviteStatusMessage({
inviteStatus,
sendingInvites,
willInvite,
-}: Props) {
+}: InviteStatusMessageProps) {
+ const organization = useOrganization();
+ const isNewInviteModal = organization.features.includes('invite-members-new-modal');
+
if (sendingInvites) {
return (