Merge branch 'main' into auth/pm-27084/register-accepts-new-data-types

Author: Patrick-Pimentel-Bitwarden

bitwarden_license/src/Sso/Controllers/AccountController.cs

@@ -680,22 +680,10 @@ await _organizationService.AdjustSeatsAsync(organization.Id,
             ApiKey = CoreHelpers.SecureRandomString(30)
         };
 
-        /*
-            The feature flag is checked here so that we can send the new MJML welcome email templates.
-            The other organization invites flows have an OrganizationUser allowing the RegisterUserCommand the ability
-            to fetch the Organization. The old method RegisterUser(User) here does not have that context, so we need
-            to use a new method RegisterSSOAutoProvisionedUserAsync(User, Organization) to send the correct email.
-            [PM-28057]: Prefer RegisterSSOAutoProvisionedUserAsync for SSO auto-provisioned users.
-            TODO: Remove Feature flag: PM-28221
-        */
-        if (_featureService.IsEnabled(FeatureFlagKeys.MjmlWelcomeEmailTemplates))
-        {
-            await _registerUserCommand.RegisterSSOAutoProvisionedUserAsync(newUser, organization);
-        }
-        else
-        {
-            await _registerUserCommand.RegisterUser(newUser);
-        }
+        // Always use RegisterSSOAutoProvisionedUserAsync to ensure organization context is available
+        // for domain validation (BlockClaimedDomainAccountCreation policy) and welcome emails.
+        // The feature flag logic for welcome email templates is handled internally by RegisterUserCommand.
+        await _registerUserCommand.RegisterSSOAutoProvisionedUserAsync(newUser, organization);
 
         // If the organization has 2fa policy enabled, make sure to default jit user 2fa to email
         var twoFactorPolicy =

bitwarden_license/test/SSO.Test/Controllers/AccountControllerTest.cs

@@ -6,7 +6,6 @@
 using Bit.Core.Auth.Models.Business.Tokenables;
 using Bit.Core.Auth.Models.Data;
 using Bit.Core.Auth.Repositories;
-using Bit.Core.Auth.UserFeatures.Registration;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Repositories;
@@ -21,7 +20,6 @@
 using Duende.IdentityServer.Services;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.DependencyInjection;
 using NSubstitute;
@@ -1013,133 +1011,6 @@ public async Task ExternalCallback_Measurements_FlagOnVsOff_Comparisons(
         }
     }
 
-    [Theory, BitAutoData]
-    public async Task AutoProvisionUserAsync_WithFeatureFlagEnabled_CallsRegisterSSOAutoProvisionedUser(
-        SutProvider<AccountController> sutProvider)
-    {
-        // Arrange
-        var orgId = Guid.NewGuid();
-        var providerUserId = "ext-new-user";
-        var email = "[email protected]";
-        var organization = new Organization { Id = orgId, Name = "Test Org", Seats = null };
-
-        // No existing user (JIT provisioning scenario)
-        sutProvider.GetDependency<IUserRepository>().GetByEmailAsync(email).Returns((User?)null);
-        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(orgId).Returns(organization);
-        sutProvider.GetDependency<IOrganizationUserRepository>().GetByOrganizationEmailAsync(orgId, email)
-            .Returns((OrganizationUser?)null);
-
-        // Feature flag enabled
-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.MjmlWelcomeEmailTemplates)
-            .Returns(true);
-
-        // Mock the RegisterSSOAutoProvisionedUserAsync to return success
-        sutProvider.GetDependency<IRegisterUserCommand>()
-            .RegisterSSOAutoProvisionedUserAsync(Arg.Any<User>(), Arg.Any<Organization>())
-            .Returns(IdentityResult.Success);
-
-        var claims = new[]
-        {
-            new Claim(JwtClaimTypes.Email, email),
-            new Claim(JwtClaimTypes.Name, "New User")
-        } as IEnumerable<Claim>;
-        var config = new SsoConfigurationData();
-
-        var method = typeof(AccountController).GetMethod(
-            "CreateUserAndOrgUserConditionallyAsync",
-            BindingFlags.Instance | BindingFlags.NonPublic);
-        Assert.NotNull(method);
-
-        // Act
-        var task = (Task<(User user, Organization organization, OrganizationUser orgUser)>)method!.Invoke(
-            sutProvider.Sut,
-            new object[]
-            {
-                orgId.ToString(),
-                providerUserId,
-                claims,
-                null!,
-                config
-            })!;
-
-        var result = await task;
-
-        // Assert
-        await sutProvider.GetDependency<IRegisterUserCommand>().Received(1)
-            .RegisterSSOAutoProvisionedUserAsync(
-                Arg.Is<User>(u => u.Email == email && u.Name == "New User"),
-                Arg.Is<Organization>(o => o.Id == orgId && o.Name == "Test Org"));
-
-        Assert.NotNull(result.user);
-        Assert.Equal(email, result.user.Email);
-        Assert.Equal(organization.Id, result.organization.Id);
-    }
-
-    [Theory, BitAutoData]
-    public async Task AutoProvisionUserAsync_WithFeatureFlagDisabled_CallsRegisterUserInstead(
-        SutProvider<AccountController> sutProvider)
-    {
-        // Arrange
-        var orgId = Guid.NewGuid();
-        var providerUserId = "ext-legacy-user";
-        var email = "[email protected]";
-        var organization = new Organization { Id = orgId, Name = "Test Org", Seats = null };
-
-        // No existing user (JIT provisioning scenario)
-        sutProvider.GetDependency<IUserRepository>().GetByEmailAsync(email).Returns((User?)null);
-        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(orgId).Returns(organization);
-        sutProvider.GetDependency<IOrganizationUserRepository>().GetByOrganizationEmailAsync(orgId, email)
-            .Returns((OrganizationUser?)null);
-
-        // Feature flag disabled
-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.MjmlWelcomeEmailTemplates)
-            .Returns(false);
-
-        // Mock the RegisterUser to return success
-        sutProvider.GetDependency<IRegisterUserCommand>()
-            .RegisterUser(Arg.Any<User>())
-            .Returns(IdentityResult.Success);
-
-        var claims = new[]
-        {
-            new Claim(JwtClaimTypes.Email, email),
-            new Claim(JwtClaimTypes.Name, "Legacy User")
-        } as IEnumerable<Claim>;
-        var config = new SsoConfigurationData();
-
-        var method = typeof(AccountController).GetMethod(
-            "CreateUserAndOrgUserConditionallyAsync",
-            BindingFlags.Instance | BindingFlags.NonPublic);
-        Assert.NotNull(method);
-
-        // Act
-        var task = (Task<(User user, Organization organization, OrganizationUser orgUser)>)method!.Invoke(
-            sutProvider.Sut,
-            new object[]
-            {
-                orgId.ToString(),
-                providerUserId,
-                claims,
-                null!,
-                config
-            })!;
-
-        var result = await task;
-
-        // Assert
-        await sutProvider.GetDependency<IRegisterUserCommand>().Received(1)
-            .RegisterUser(Arg.Is<User>(u => u.Email == email && u.Name == "Legacy User"));
-
-        // Verify the new method was NOT called
-        await sutProvider.GetDependency<IRegisterUserCommand>().DidNotReceive()
-            .RegisterSSOAutoProvisionedUserAsync(Arg.Any<User>(), Arg.Any<Organization>());
-
-        Assert.NotNull(result.user);
-        Assert.Equal(email, result.user.Email);
-    }
-
     [Theory, BitAutoData]
     public void ExternalChallenge_WithMatchingOrgId_Succeeds(
         SutProvider<AccountController> sutProvider,

src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs

@@ -1,6 +1,7 @@
 using Bit.Api.Billing.Attributes;
 using Bit.Api.Billing.Models.Requests.Payment;
 using Bit.Api.Billing.Models.Requests.Premium;
+using Bit.Api.Billing.Models.Requests.Storage;
 using Bit.Core;
 using Bit.Core.Billing.Licenses.Queries;
 using Bit.Core.Billing.Payment.Commands;
@@ -23,7 +24,8 @@ public class AccountBillingVNextController(
     IGetCreditQuery getCreditQuery,
     IGetPaymentMethodQuery getPaymentMethodQuery,
     IGetUserLicenseQuery getUserLicenseQuery,
-    IUpdatePaymentMethodCommand updatePaymentMethodCommand) : BaseBillingController
+    IUpdatePaymentMethodCommand updatePaymentMethodCommand,
+    IUpdatePremiumStorageCommand updatePremiumStorageCommand) : BaseBillingController
 {
     [HttpGet("credit")]
     [InjectUser]
@@ -88,4 +90,15 @@ public async Task<IResult> GetLicenseAsync(
         var response = await getUserLicenseQuery.Run(user);
         return TypedResults.Ok(response);
     }
+
+    [HttpPut("storage")]
+    [RequireFeature(FeatureFlagKeys.PM29594_UpdateIndividualSubscriptionPage)]
+    [InjectUser]
+    public async Task<IResult> UpdateStorageAsync(
+        [BindNever] User user,
+        [FromBody] StorageUpdateRequest request)
+    {
+        var result = await updatePremiumStorageCommand.Run(user, request.AdditionalStorageGb);
+        return Handle(result);
+    }
 }

src/Api/Billing/Models/Requests/Storage/StorageUpdateRequest.cs

@@ -0,0 +1,35 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace Bit.Api.Billing.Models.Requests.Storage;
+
+/// <summary>
+/// Request model for updating storage allocation on a user's premium subscription.
+/// Allows for both increasing and decreasing storage in an idempotent manner.
+/// </summary>
+public class StorageUpdateRequest : IValidatableObject
+{
+    /// <summary>
+    /// The additional storage in GB beyond the base storage.
+    /// Must be between 0 and the maximum allowed (minus base storage).
+    /// </summary>
+    [Required]
+    [Range(0, 99)]
+    public short AdditionalStorageGb { get; set; }
+
+    public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
+    {
+        if (AdditionalStorageGb < 0)
+        {
+            yield return new ValidationResult(
+                "Additional storage cannot be negative.",
+                new[] { nameof(AdditionalStorageGb) });
+        }
+
+        if (AdditionalStorageGb > 99)
+        {
+            yield return new ValidationResult(
+                "Maximum additional storage is 99 GB.",
+                new[] { nameof(AdditionalStorageGb) });
+        }
+    }
+}

…ata/Organizations/OrganizationAbility.cs …ganizationAbility/OrganizationAbility.cssrc/Core/AdminConsole/Models/Data/Organizations/OrganizationAbility.cs renamed to src/Core/AdminConsole/OrganizationFeatures/OrganizationAbility/OrganizationAbility.cs src/Core/AdminConsole/Models/Data/Organizations/OrganizationAbility.cs renamed to src/Core/AdminConsole/OrganizationFeatures/OrganizationAbility/OrganizationAbility.cs

@@ -0,0 +1,141 @@
+# Organization Ability Flags
+
+## Overview
+
+Many Bitwarden features are tied to specific subscription plans. For example, SCIM and SSO are Enterprise features,
+while Event Logs are available to Teams and Enterprise plans. When developing features that require plan-based access
+control, we use **Organization Ability Flags** (or simply _abilities_) — explicit boolean properties on the Organization
+entity that indicate whether an organization can use a specific feature.
+
+## The Rule
+
+**Never check plan types to control feature access.** Always use a dedicated ability flag on the Organization entity.
+
+### ❌ Don't Do This
+
+```csharp
+// Checking plan type directly
+if (organization.PlanType == PlanType.Enterprise ||
+    organization.PlanType == PlanType.Teams ||
+    organization.PlanType == PlanType.Family)
+{
+    // allow feature...
+}
+```
+
+### ❌ Don't Do This
+
+```csharp
+// Piggybacking off another feature's ability
+if (organization.PlanType == PlanType.Enterprise && organization.UseEvents)
+{
+    // assume they can use some other feature...
+}
+```
+
+### ✅ Do This Instead
+
+```csharp
+// Check the explicit ability flag
+if (organization.UseEvents)
+{
+    // allow UseEvents feature...
+}
+```
+
+## Why This Pattern Matters
+
+Using explicit ability flags instead of plan type checks provides several benefits:
+
+1. **Simplicity** — A single boolean check is cleaner and less error-prone than maintaining lists of plan types.
+
+2. **Centralized Control** — Feature access is managed in one place: the ability assignment during organization
+   creation/upgrade. No need to hunt through the codebase for scattered plan type checks.
+
+3. **Flexibility** — Abilities can be set independently of plan type, enabling:
+
+    - Early access programs for features not yet tied to a plan
+    - Trial access to help customers evaluate a feature before upgrading
+    - Custom arrangements for specific customers
+    - A/B testing of features across different cohorts
+
+4. **Safe Refactoring** — When plans change (e.g., adding a new plan tier, renaming plans, or moving features between
+   tiers), we only update the ability assignment logic—not every place the feature is used.
+
+5. **Graceful Downgrades** — When an organization downgrades, we update their abilities. All feature checks
+   automatically respect the new access level.
+
+## How It Works
+
+### Ability Assignment at Signup/Upgrade
+
+When an organization is created or changes plans, the ability flags are set based on the plan's capabilities:
+
+```csharp
+// During organization creation or plan change
+organization.UseGroups = plan.HasGroups;
+organization.UseSso = plan.HasSso;
+organization.UseScim = plan.HasScim;
+organization.UsePolicies = plan.HasPolicies;
+organization.UseEvents = plan.HasEvents;
+// ... etc
+```
+
+### Modifying Abilities for Existing Organizations
+
+To change abilities for existing organizations (e.g., rolling out a feature to a new plan tier), create a database
+migration that updates the relevant flag:
+
+```sql
+-- Example: Enable UseEvents for all Teams organizations
+UPDATE [dbo].[Organization]
+SET UseEvents = 1
+WHERE PlanType IN (17, 18) -- TeamsMonthly = 17, TeamsAnnually = 18
+```
+
+Then update the plan-to-ability assignment code so new organizations get the correct value.
+
+## Adding a New Ability
+
+When developing a new plan-gated feature:
+
+1. **Add the ability to the Organization and OrganizationAbility entities** — Create a `Use[FeatureName]` boolean
+   property.
+
+2. **Add a database migration** — Add the new column to the Organization table.
+
+3. **Update plan definitions** — Add a corresponding `Has[FeatureName]` property to the Plan model and configure which
+   plans include it.
+
+4. **Update organization creation/upgrade logic** — Ensure the ability is set based on the plan.
+
+5. **Update the organization license claims** (if applicable) - to make the feature available on self-hosted instances.
+
+6. **Implement checks throughout client and server** — Use the ability consistently everywhere the feature is accessed.
+    - Clients: get the organization object from `OrganizationService`.
+    - Server: if you already have the full `Organization` object in scope, you can use it directly. If not, use the
+      `IApplicationCacheService` to retrieve the `OrganizationAbility`, which is a simplified, cached representation
+      of the organization ability flags. Note that some older flags may be missing from `OrganizationAbility` but
+      can be added if needed.
+
+## Existing Abilities
+
+For reference, here are some current organization ability flags (not a complete list):
+
+| Ability                  | Description                   | Plans             |
+|--------------------------|-------------------------------|-------------------|
+| `UseGroups`              | Group-based collection access | Teams, Enterprise |
+| `UseDirectory`           | Directory Connector sync      | Teams, Enterprise |
+| `UseEvents`              | Event logging                 | Teams, Enterprise |
+| `UseTotp`                | Authenticator (TOTP)          | Teams, Enterprise |
+| `UseSso`                 | Single Sign-On                | Enterprise        |
+| `UseScim`                | SCIM provisioning             | Teams, Enterprise |
+| `UsePolicies`            | Enterprise policies           | Enterprise        |
+| `UseResetPassword`       | Admin password reset          | Enterprise        |
+| `UseOrganizationDomains` | Domain verification/claiming  | Enterprise        |
+
+## Questions?
+
+If you're unsure whether your feature needs a new ability or which existing ability to use, reach out to your team lead
+or members of the Admin Console or Architecture teams. When in doubt, adding an explicit ability is almost always the
+right choice—it's easy to do and keeps our access control clean and maintainable.

src/Core/AdminConsole/OrganizationFeatures/OrganizationAbility/README.md

@@ -53,6 +53,7 @@ private static void AddPremiumCommands(this IServiceCollection services)
         services.AddScoped<ICreatePremiumCloudHostedSubscriptionCommand, CreatePremiumCloudHostedSubscriptionCommand>();
         services.AddScoped<ICreatePremiumSelfHostedSubscriptionCommand, CreatePremiumSelfHostedSubscriptionCommand>();
         services.AddTransient<IPreviewPremiumTaxCommand, PreviewPremiumTaxCommand>();
+        services.AddScoped<IUpdatePremiumStorageCommand, UpdatePremiumStorageCommand>();
     }
 
     private static void AddPremiumQueries(this IServiceCollection services)