Log invalid user account status to Sentry with detailed user information

Ostap-Zherebetskyi · Ostap-Zherebetskyi · commit f0e6ad35331a · 2026-05-13T15:36:44.000+03:00
diff --git a/api/base/authentication/drf.py b/api/base/authentication/drf.py
@@ -21,6 +21,7 @@
 from osf.models import OSFUser
 from osf.utils.fields import ensure_str
 from website import settings
+from framework import sentry
 
 SessionStore = import_module(api_settings.SESSION_ENGINE).SessionStore
 
@@ -92,6 +93,20 @@ def check_user(user):
     # For all other cases, the user status is invalid. Although such status can't be reached with
     # normal user-facing web application flow, it is still possible as a result of direct database
     # access, coding bugs, database corruption, etc.
+    extra_data = {
+        'user_id': user.id,
+        'user_guid': user._id,
+        'is_active': user.is_active,
+        'is_disabled': user.is_disabled,
+        'is_merged': user.is_merged,
+        'date_disabled': user.date_disabled,
+        'is_confirmed': user.is_confirmed,
+        'is_registered': user.is_registered,
+        'can_login': user.has_usable_password() or (
+            'VERIFIED' in sum([list(each.values()) for each in user.external_identity.values()], [])
+        ),
+    }
+    sentry.log_message(f'Invalid user account status detected: user_id={user._id}', extra_data=extra_data)
     raise InvalidAccountError
 
 
