chore(auth-v2): record analytics for rotating csrf token (#96677)

cathteng · web-flow · commit d7c61116e9ca · 2025-07-29T11:34:41.000-07:00
diff --git a/src/sentry/analytics/events/__init__.py b/src/sentry/analytics/events/__init__.py
@@ -6,6 +6,7 @@
 from .alert_sent import *  # noqa: F401,F403
 from .api_token_created import *  # noqa: F401,F403
 from .api_token_deleted import *  # noqa: F401,F403
+from .auth_v2 import *  # noqa: F401,F403
 from .checkin_processing_error_stored import *  # noqa: F401,F403
 from .codeowners_assignment import *  # noqa: F401,F403
 from .codeowners_created import *  # noqa: F401,F403
diff --git a/src/sentry/analytics/events/auth_v2.py b/src/sentry/analytics/events/auth_v2.py
@@ -0,0 +1,16 @@
+from sentry import analytics
+from sentry.analytics import Event, eventclass
+
+
+@eventclass("auth_v2.csrf_token.rotated")
+class AuthV2CsrfTokenRotated(Event):
+    event: str
+
+
+@eventclass("auth_v2.csrf_token.delete_login")
+class AuthV2DeleteLogin(Event):
+    event: str
+
+
+analytics.register(AuthV2CsrfTokenRotated)
+analytics.register(AuthV2DeleteLogin)
diff --git a/src/sentry/api/endpoints/auth_index.py b/src/sentry/api/endpoints/auth_index.py
@@ -10,6 +10,8 @@
 from rest_framework.request import Request
 from rest_framework.response import Response
 
+from sentry import analytics
+from sentry.analytics.events.auth_v2 import AuthV2DeleteLogin
 from sentry.api.api_owners import ApiOwner
 from sentry.api.api_publish_status import ApiPublishStatus
 from sentry.api.authentication import QuietBasicAuthentication
@@ -328,6 +330,13 @@ def delete(self, request: Request, *args, **kwargs) -> Response:
         response.delete_cookie(settings.CSRF_COOKIE_NAME, domain=settings.CSRF_COOKIE_DOMAIN)
         response.delete_cookie(settings.SESSION_COOKIE_NAME, domain=settings.SESSION_COOKIE_DOMAIN)
 
+        if referrer := request.GET.get("referrer"):
+            analytics.record(
+                AuthV2DeleteLogin(
+                    event=referrer,
+                )
+            )
+
         if slo_url:
             response.status_code = status.HTTP_200_OK
             response.data = {"sloUrl": slo_url}
diff --git a/src/sentry/auth_v2/endpoints/csrf.py b/src/sentry/auth_v2/endpoints/csrf.py
@@ -4,6 +4,8 @@
 from drf_spectacular.utils import extend_schema
 from rest_framework import status
 
+from sentry import analytics
+from sentry.analytics.events.auth_v2 import AuthV2CsrfTokenRotated
 from sentry.api.api_owners import ApiOwner
 from sentry.api.api_publish_status import ApiPublishStatus
 from sentry.api.base import Endpoint, control_silo_endpoint
@@ -65,6 +67,13 @@ def get(self, request, *args, **kwargs):
     @method_decorator(ensure_csrf_cookie)
     def put(self, request, *args, **kwargs):
         rotate_token(request)
+        if referrer := request.GET.get("referrer"):
+            analytics.record(
+                AuthV2CsrfTokenRotated(
+                    event=referrer,
+                )
+            )
+
         return self.respond(
             {
                 "detail": "Rotated CSRF cookie",
