Address review comments

Author: cyprain-okeke

src/Api/Billing/Controllers/AccountsController.cs

@@ -24,7 +24,8 @@ public class AccountsController(
     IUserService userService,
     ITwoFactorIsEnabledQuery twoFactorIsEnabledQuery,
     IUserAccountKeysQuery userAccountKeysQuery,
-    IFeatureService featureService) : Controller
+    IFeatureService featureService,
+    ILicensingService licensingService) : Controller
 {
     // TODO: Remove when pm-24996-implement-upgrade-from-free-dialog is removed
     [HttpPost("premium")]
@@ -86,6 +87,11 @@ public async Task<SubscriptionResponseModel> GetSubscriptionAsync(
             throw new UnauthorizedAccessException();
         }
 
+        // Check if the new premium subscription page feature flag is enabled
+        // When enabled, clients should use the separate /license endpoint
+        // When disabled, include license in subscription response for backward compatibility
+        var useNewPremiumPage = featureService.IsEnabled(FeatureFlagKeys.PM24996ImplementUpgradeFromFreeDialog);
+
         // Only cloud-hosted users with payment gateways have subscription and discount information
         if (!globalSettings.SelfHosted)
         {
@@ -96,11 +102,34 @@ public async Task<SubscriptionResponseModel> GetSubscriptionAsync(
                 // The feature flag controls the broader Milestone 2 feature set, not just this specific task.
                 var includeMilestone2Discount = featureService.IsEnabled(FeatureFlagKeys.PM23341_Milestone_2);
                 var subscriptionInfo = await paymentService.GetSubscriptionAsync(user);
-                return new SubscriptionResponseModel(user, subscriptionInfo, includeMilestone2Discount);
+
+                if (useNewPremiumPage)
+                {
+                    // New flow: Don't include license, clients should call /license endpoint
+                    return new SubscriptionResponseModel(user, subscriptionInfo, includeMilestone2Discount);
+                }
+                else
+                {
+                    // Old flow: Include license for backward compatibility
+                    var license = await userService.GenerateLicenseAsync(user, subscriptionInfo);
+                    var claimsPrincipal = licensingService.GetClaimsPrincipalFromLicense(license);
+                    return new SubscriptionResponseModel(user, subscriptionInfo, license, claimsPrincipal, includeMilestone2Discount);
+                }
             }
             else
             {
-                return new SubscriptionResponseModel(user, null);
+                if (useNewPremiumPage)
+                {
+                    // New flow: Don't include license
+                    return new SubscriptionResponseModel(user, null);
+                }
+                else
+                {
+                    // Old flow: Include license for backward compatibility
+                    var license = await userService.GenerateLicenseAsync(user);
+                    var claimsPrincipal = licensingService.GetClaimsPrincipalFromLicense(license);
+                    return new SubscriptionResponseModel(user, null, license, claimsPrincipal);
+                }
             }
         }
         else

src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs

@@ -1,14 +1,12 @@
 using Bit.Api.Billing.Attributes;
 using Bit.Api.Billing.Models.Requests.Payment;
 using Bit.Api.Billing.Models.Requests.Premium;
-using Bit.Api.Models.Response;
 using Bit.Core;
+using Bit.Core.Billing.Licenses.Queries;
 using Bit.Core.Billing.Payment.Commands;
 using Bit.Core.Billing.Payment.Queries;
 using Bit.Core.Billing.Premium.Commands;
-using Bit.Core.Billing.Services;
 using Bit.Core.Entities;
-using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
@@ -24,9 +22,8 @@ public class AccountBillingVNextController(
     ICreatePremiumCloudHostedSubscriptionCommand createPremiumCloudHostedSubscriptionCommand,
     IGetCreditQuery getCreditQuery,
     IGetPaymentMethodQuery getPaymentMethodQuery,
-    IUpdatePaymentMethodCommand updatePaymentMethodCommand,
-    IUserService userService,
-    ILicensingService licensingService) : BaseBillingController
+    IGetUserLicenseQuery getUserLicenseQuery,
+    IUpdatePaymentMethodCommand updatePaymentMethodCommand) : BaseBillingController
 {
     [HttpGet("credit")]
     [InjectUser]
@@ -93,10 +90,7 @@ public async Task<IResult> GetLicenseAsync(
             throw new UnauthorizedAccessException();
         }
 
-        var license = await userService.GenerateLicenseAsync(user);
-        var claimsPrincipal = licensingService.GetClaimsPrincipalFromLicense(license);
-        var response = new LicenseResponseModel(license, claimsPrincipal);
-
+        var response = await getUserLicenseQuery.Run(user);
         return TypedResults.Ok(response);
     }
 }

src/Api/Models/Response/SubscriptionResponseModel.cs

@@ -1,4 +1,8 @@
-using Bit.Core.Billing.Constants;
+using System.Security.Claims;
+using Bit.Core.Billing.Constants;
+using Bit.Core.Billing.Licenses;
+using Bit.Core.Billing.Licenses.Extensions;
+using Bit.Core.Billing.Models.Business;
 using Bit.Core.Entities;
 using Bit.Core.Models.Api;
 using Bit.Core.Models.Business;
@@ -41,6 +45,51 @@ public SubscriptionResponseModel(User user)
         MaxStorageGb = user.MaxStorageGb;
     }
 
+    /// <summary>
+    /// BACKWARD COMPATIBILITY CONSTRUCTOR
+    /// This constructor is used when the PM24996ImplementUpgradeFromFreeDialog feature flag is NOT enabled.
+    /// When the feature flag is enabled, clients should use the new separate /license endpoint.
+    /// </summary>
+    /// <param name="user">The user entity containing storage and premium subscription information</param>
+    /// <param name="subscription">Subscription information retrieved from the payment provider (Stripe/Braintree)</param>
+    /// <param name="license">The user's license containing expiration and feature entitlements</param>
+    /// <param name="claimsPrincipal">The claims principal containing cryptographically secure token claims</param>
+    /// <param name="includeMilestone2Discount">
+    /// Whether to include discount information in the response.
+    /// Set to true when the PM23341_Milestone_2 feature flag is enabled AND
+    /// you want to expose Milestone 2 discount information to the client.
+    /// The discount will only be included if it matches the specific Milestone 2 coupon ID.
+    /// </param>
+    public SubscriptionResponseModel(User user, SubscriptionInfo? subscription, UserLicense license, ClaimsPrincipal? claimsPrincipal, bool includeMilestone2Discount = false)
+        : base("subscription")
+    {
+        Subscription = subscription?.Subscription != null ? new BillingSubscription(subscription.Subscription) : null;
+        UpcomingInvoice = subscription?.UpcomingInvoice != null ?
+            new BillingSubscriptionUpcomingInvoice(subscription.UpcomingInvoice) : null;
+        StorageName = user.Storage.HasValue ? CoreHelpers.ReadableBytesSize(user.Storage.Value) : null;
+        StorageGb = user.Storage.HasValue ? Math.Round(user.Storage.Value / 1073741824D, 2) : 0; // 1 GB
+        MaxStorageGb = user.MaxStorageGb;
+        License = license;
+
+        // CRITICAL: When a license has a Token (JWT), ALWAYS use the expiration from the token claim
+        // The token's expiration is cryptographically secured and cannot be tampered with
+        // The file's Expires property can be manually edited and should NOT be trusted for display
+        if (claimsPrincipal != null)
+        {
+            Expiration = claimsPrincipal.GetValue<DateTime?>(UserLicenseConstants.Expires);
+        }
+        else
+        {
+            // No token - use the license file expiration (for older licenses without tokens)
+            Expiration = license.Expires;
+        }
+
+        // Only display the Milestone 2 subscription discount on the subscription page.
+        CustomerDiscount = ShouldIncludeMilestone2Discount(includeMilestone2Discount, subscription?.CustomerDiscount)
+            ? new BillingCustomerDiscount(subscription!.CustomerDiscount!)
+            : null;
+    }
+
     public string? StorageName { get; set; }
     public double? StorageGb { get; set; }
     public short? MaxStorageGb { get; set; }
@@ -61,6 +110,24 @@ public SubscriptionResponseModel(User user)
     /// </summary>
     public BillingCustomerDiscount? CustomerDiscount { get; set; }
 
+    /// <summary>
+    /// BACKWARD COMPATIBILITY PROPERTY
+    /// The user's license containing feature entitlements and metadata.
+    /// Only populated when the PM24996ImplementUpgradeFromFreeDialog feature flag is NOT enabled.
+    /// When the feature flag is enabled, clients should use the separate /license endpoint.
+    /// </summary>
+    public UserLicense? License { get; set; }
+
+    /// <summary>
+    /// BACKWARD COMPATIBILITY PROPERTY
+    /// The license expiration date.
+    /// Extracted from the cryptographically secured JWT token when available,
+    /// otherwise falls back to the license file's expiration date.
+    /// Only populated when the PM24996ImplementUpgradeFromFreeDialog feature flag is NOT enabled.
+    /// When the feature flag is enabled, clients should use the separate /license endpoint.
+    /// </summary>
+    public DateTime? Expiration { get; set; }
+
     /// <summary>
     /// Determines whether the Milestone 2 discount should be included in the response.
     /// </summary>

src/Core/Billing/Extensions/ServiceCollectionExtensions.cs

@@ -1,5 +1,6 @@
 using Bit.Core.Billing.Caches;
 using Bit.Core.Billing.Caches.Implementations;
+using Bit.Core.Billing.Licenses;
 using Bit.Core.Billing.Licenses.Extensions;
 using Bit.Core.Billing.Organizations.Commands;
 using Bit.Core.Billing.Organizations.Queries;
@@ -28,6 +29,7 @@ public static void AddBillingOperations(this IServiceCollection services)
         services.AddTransient<ISetupIntentCache, SetupIntentDistributedCache>();
         services.AddTransient<ISubscriberService, SubscriberService>();
         services.AddLicenseServices();
+        services.AddLicenseOperations();
         services.AddPricingClient();
         services.AddPaymentOperations();
         services.AddOrganizationLicenseCommandsQueries();

…/Models/Response/LicenseResponseModel.cs …els/Api/Response/LicenseResponseModel.cssrc/Api/Models/Response/LicenseResponseModel.cs renamed to src/Core/Billing/Licenses/Models/Api/Response/LicenseResponseModel.cs src/Api/Models/Response/LicenseResponseModel.cs renamed to src/Core/Billing/Licenses/Models/Api/Response/LicenseResponseModel.cs

@@ -1,10 +1,9 @@
 using System.Security.Claims;
-using Bit.Core.Billing.Licenses;
 using Bit.Core.Billing.Licenses.Extensions;
 using Bit.Core.Billing.Models.Business;
 using Bit.Core.Models.Api;
 
-namespace Bit.Api.Models.Response;
+namespace Bit.Core.Billing.Licenses.Models.Api.Response;
 
 /// <summary>
 /// Response model containing user license information.

src/Core/Billing/Licenses/Queries/GetUserLicenseQuery.cs

@@ -0,0 +1,23 @@
+using Bit.Core.Billing.Licenses.Models.Api.Response;
+using Bit.Core.Billing.Services;
+using Bit.Core.Entities;
+using Bit.Core.Services;
+
+namespace Bit.Core.Billing.Licenses.Queries;
+
+public interface IGetUserLicenseQuery
+{
+    Task<LicenseResponseModel> Run(User user);
+}
+
+public class GetUserLicenseQuery(
+    IUserService userService,
+    ILicensingService licensingService) : IGetUserLicenseQuery
+{
+    public async Task<LicenseResponseModel> Run(User user)
+    {
+        var license = await userService.GenerateLicenseAsync(user);
+        var claimsPrincipal = licensingService.GetClaimsPrincipalFromLicense(license);
+        return new LicenseResponseModel(license, claimsPrincipal);
+    }
+}

src/Core/Billing/Licenses/Registrations.cs

@@ -0,0 +1,13 @@
+using Bit.Core.Billing.Licenses.Queries;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Bit.Core.Billing.Licenses;
+
+public static class Registrations
+{
+    public static void AddLicenseOperations(this IServiceCollection services)
+    {
+        // Queries
+        services.AddTransient<IGetUserLicenseQuery, GetUserLicenseQuery>();
+    }
+}