Merge branch 'main' into ac/pm-22434/remove-create-default-location-ff-refs

Author: vincentsalucci

.github/workflows/review-code.yml

@@ -2,7 +2,7 @@ name: Code Review
 
 on:
   pull_request:
-    types: [opened, labeled]
+    types: [opened, synchronize, reopened]
 
 permissions: {}
 

bitwarden_license/src/Sso/Controllers/AccountController.cs

@@ -680,22 +680,10 @@ await _organizationService.AdjustSeatsAsync(organization.Id,
             ApiKey = CoreHelpers.SecureRandomString(30)
         };
 
-        /*
-            The feature flag is checked here so that we can send the new MJML welcome email templates.
-            The other organization invites flows have an OrganizationUser allowing the RegisterUserCommand the ability
-            to fetch the Organization. The old method RegisterUser(User) here does not have that context, so we need
-            to use a new method RegisterSSOAutoProvisionedUserAsync(User, Organization) to send the correct email.
-            [PM-28057]: Prefer RegisterSSOAutoProvisionedUserAsync for SSO auto-provisioned users.
-            TODO: Remove Feature flag: PM-28221
-        */
-        if (_featureService.IsEnabled(FeatureFlagKeys.MjmlWelcomeEmailTemplates))
-        {
-            await _registerUserCommand.RegisterSSOAutoProvisionedUserAsync(newUser, organization);
-        }
-        else
-        {
-            await _registerUserCommand.RegisterUser(newUser);
-        }
+        // Always use RegisterSSOAutoProvisionedUserAsync to ensure organization context is available
+        // for domain validation (BlockClaimedDomainAccountCreation policy) and welcome emails.
+        // The feature flag logic for welcome email templates is handled internally by RegisterUserCommand.
+        await _registerUserCommand.RegisterSSOAutoProvisionedUserAsync(newUser, organization);
 
         // If the organization has 2fa policy enabled, make sure to default jit user 2fa to email
         var twoFactorPolicy =

bitwarden_license/test/SSO.Test/Controllers/AccountControllerTest.cs

@@ -6,7 +6,6 @@
 using Bit.Core.Auth.Models.Business.Tokenables;
 using Bit.Core.Auth.Models.Data;
 using Bit.Core.Auth.Repositories;
-using Bit.Core.Auth.UserFeatures.Registration;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Repositories;
@@ -21,7 +20,6 @@
 using Duende.IdentityServer.Services;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.DependencyInjection;
 using NSubstitute;
@@ -1013,133 +1011,6 @@ public async Task ExternalCallback_Measurements_FlagOnVsOff_Comparisons(
         }
     }
 
-    [Theory, BitAutoData]
-    public async Task AutoProvisionUserAsync_WithFeatureFlagEnabled_CallsRegisterSSOAutoProvisionedUser(
-        SutProvider<AccountController> sutProvider)
-    {
-        // Arrange
-        var orgId = Guid.NewGuid();
-        var providerUserId = "ext-new-user";
-        var email = "newuser@example.com";
-        var organization = new Organization { Id = orgId, Name = "Test Org", Seats = null };
-
-        // No existing user (JIT provisioning scenario)
-        sutProvider.GetDependency<IUserRepository>().GetByEmailAsync(email).Returns((User?)null);
-        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(orgId).Returns(organization);
-        sutProvider.GetDependency<IOrganizationUserRepository>().GetByOrganizationEmailAsync(orgId, email)
-            .Returns((OrganizationUser?)null);
-
-        // Feature flag enabled
-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.MjmlWelcomeEmailTemplates)
-            .Returns(true);
-
-        // Mock the RegisterSSOAutoProvisionedUserAsync to return success
-        sutProvider.GetDependency<IRegisterUserCommand>()
-            .RegisterSSOAutoProvisionedUserAsync(Arg.Any<User>(), Arg.Any<Organization>())
-            .Returns(IdentityResult.Success);
-
-        var claims = new[]
-        {
-            new Claim(JwtClaimTypes.Email, email),
-            new Claim(JwtClaimTypes.Name, "New User")
-        } as IEnumerable<Claim>;
-        var config = new SsoConfigurationData();
-
-        var method = typeof(AccountController).GetMethod(
-            "CreateUserAndOrgUserConditionallyAsync",
-            BindingFlags.Instance | BindingFlags.NonPublic);
-        Assert.NotNull(method);
-
-        // Act
-        var task = (Task<(User user, Organization organization, OrganizationUser orgUser)>)method!.Invoke(
-            sutProvider.Sut,
-            new object[]
-            {
-                orgId.ToString(),
-                providerUserId,
-                claims,
-                null!,
-                config
-            })!;
-
-        var result = await task;
-
-        // Assert
-        await sutProvider.GetDependency<IRegisterUserCommand>().Received(1)
-            .RegisterSSOAutoProvisionedUserAsync(
-                Arg.Is<User>(u => u.Email == email && u.Name == "New User"),
-                Arg.Is<Organization>(o => o.Id == orgId && o.Name == "Test Org"));
-
-        Assert.NotNull(result.user);
-        Assert.Equal(email, result.user.Email);
-        Assert.Equal(organization.Id, result.organization.Id);
-    }
-
-    [Theory, BitAutoData]
-    public async Task AutoProvisionUserAsync_WithFeatureFlagDisabled_CallsRegisterUserInstead(
-        SutProvider<AccountController> sutProvider)
-    {
-        // Arrange
-        var orgId = Guid.NewGuid();
-        var providerUserId = "ext-legacy-user";
-        var email = "legacyuser@example.com";
-        var organization = new Organization { Id = orgId, Name = "Test Org", Seats = null };
-
-        // No existing user (JIT provisioning scenario)
-        sutProvider.GetDependency<IUserRepository>().GetByEmailAsync(email).Returns((User?)null);
-        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(orgId).Returns(organization);
-        sutProvider.GetDependency<IOrganizationUserRepository>().GetByOrganizationEmailAsync(orgId, email)
-            .Returns((OrganizationUser?)null);
-
-        // Feature flag disabled
-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.MjmlWelcomeEmailTemplates)
-            .Returns(false);
-
-        // Mock the RegisterUser to return success
-        sutProvider.GetDependency<IRegisterUserCommand>()
-            .RegisterUser(Arg.Any<User>())
-            .Returns(IdentityResult.Success);
-
-        var claims = new[]
-        {
-            new Claim(JwtClaimTypes.Email, email),
-            new Claim(JwtClaimTypes.Name, "Legacy User")
-        } as IEnumerable<Claim>;
-        var config = new SsoConfigurationData();
-
-        var method = typeof(AccountController).GetMethod(
-            "CreateUserAndOrgUserConditionallyAsync",
-            BindingFlags.Instance | BindingFlags.NonPublic);
-        Assert.NotNull(method);
-
-        // Act
-        var task = (Task<(User user, Organization organization, OrganizationUser orgUser)>)method!.Invoke(
-            sutProvider.Sut,
-            new object[]
-            {
-                orgId.ToString(),
-                providerUserId,
-                claims,
-                null!,
-                config
-            })!;
-
-        var result = await task;
-
-        // Assert
-        await sutProvider.GetDependency<IRegisterUserCommand>().Received(1)
-            .RegisterUser(Arg.Is<User>(u => u.Email == email && u.Name == "Legacy User"));
-
-        // Verify the new method was NOT called
-        await sutProvider.GetDependency<IRegisterUserCommand>().DidNotReceive()
-            .RegisterSSOAutoProvisionedUserAsync(Arg.Any<User>(), Arg.Any<Organization>());
-
-        Assert.NotNull(result.user);
-        Assert.Equal(email, result.user.Email);
-    }
-
     [Theory, BitAutoData]
     public void ExternalChallenge_WithMatchingOrgId_Succeeds(
         SutProvider<AccountController> sutProvider,

src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs

@@ -1,7 +1,9 @@
 using Bit.Api.Billing.Attributes;
 using Bit.Api.Billing.Models.Requests.Payment;
 using Bit.Api.Billing.Models.Requests.Premium;
+using Bit.Api.Billing.Models.Requests.Storage;
 using Bit.Core;
+using Bit.Core.Billing.Licenses.Queries;
 using Bit.Core.Billing.Payment.Commands;
 using Bit.Core.Billing.Payment.Queries;
 using Bit.Core.Billing.Premium.Commands;
@@ -21,7 +23,9 @@ public class AccountBillingVNextController(
     ICreatePremiumCloudHostedSubscriptionCommand createPremiumCloudHostedSubscriptionCommand,
     IGetCreditQuery getCreditQuery,
     IGetPaymentMethodQuery getPaymentMethodQuery,
-    IUpdatePaymentMethodCommand updatePaymentMethodCommand) : BaseBillingController
+    IGetUserLicenseQuery getUserLicenseQuery,
+    IUpdatePaymentMethodCommand updatePaymentMethodCommand,
+    IUpdatePremiumStorageCommand updatePremiumStorageCommand) : BaseBillingController
 {
     [HttpGet("credit")]
     [InjectUser]
@@ -77,4 +81,24 @@ public async Task<IResult> CreateSubscriptionAsync(
             user, paymentMethod, billingAddress, additionalStorageGb);
         return Handle(result);
     }
+
+    [HttpGet("license")]
+    [InjectUser]
+    public async Task<IResult> GetLicenseAsync(
+        [BindNever] User user)
+    {
+        var response = await getUserLicenseQuery.Run(user);
+        return TypedResults.Ok(response);
+    }
+
+    [HttpPut("storage")]
+    [RequireFeature(FeatureFlagKeys.PM29594_UpdateIndividualSubscriptionPage)]
+    [InjectUser]
+    public async Task<IResult> UpdateStorageAsync(
+        [BindNever] User user,
+        [FromBody] StorageUpdateRequest request)
+    {
+        var result = await updatePremiumStorageCommand.Run(user, request.AdditionalStorageGb);
+        return Handle(result);
+    }
 }

src/Api/Billing/Models/Requests/Storage/StorageUpdateRequest.cs

@@ -0,0 +1,35 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace Bit.Api.Billing.Models.Requests.Storage;
+
+/// <summary>
+/// Request model for updating storage allocation on a user's premium subscription.
+/// Allows for both increasing and decreasing storage in an idempotent manner.
+/// </summary>
+public class StorageUpdateRequest : IValidatableObject
+{
+    /// <summary>
+    /// The additional storage in GB beyond the base storage.
+    /// Must be between 0 and the maximum allowed (minus base storage).
+    /// </summary>
+    [Required]
+    [Range(0, 99)]
+    public short AdditionalStorageGb { get; set; }
+
+    public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
+    {
+        if (AdditionalStorageGb < 0)
+        {
+            yield return new ValidationResult(
+                "Additional storage cannot be negative.",
+                new[] { nameof(AdditionalStorageGb) });
+        }
+
+        if (AdditionalStorageGb > 99)
+        {
+            yield return new ValidationResult(
+                "Maximum additional storage is 99 GB.",
+                new[] { nameof(AdditionalStorageGb) });
+        }
+    }
+}

src/Api/KeyManagement/Validators/SendRotationValidator.cs

@@ -44,7 +44,7 @@ public async Task<IReadOnlyList<Send>> ValidateAsync(User user, IEnumerable<Send
                 throw new BadRequestException("All existing sends must be included in the rotation.");
             }
 
-            result.Add(send.ToSend(existing, _sendAuthorizationService));
+            result.Add(send.UpdateSend(existing, _sendAuthorizationService));
         }
 
         return result;