Merge branch 'main' into billing/aspire

Author: sbrown-livefront

.github/workflows/build.yml

@@ -126,7 +126,7 @@ jobs:
         with:
           cache: "npm"
           cache-dependency-path: "**/package-lock.json"
-          node-version: "16"
+          node-version: "24"
 
       - name: Print environment
         run: |

.github/workflows/release.yml

@@ -99,4 +99,3 @@ jobs:
           name: "Version ${{ needs.setup.outputs.release_version }}"
           body: "<insert release notes here>"
           token: ${{ secrets.GITHUB_TOKEN }}
-          draft: true

bitwarden_license/src/Commercial.Core/Billing/Providers/Services/ProviderBillingService.cs

@@ -9,19 +9,16 @@
 using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Billing;
-using Bit.Core.Billing.Caches;
 using Bit.Core.Billing.Constants;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Billing.Extensions;
-using Bit.Core.Billing.Models;
 using Bit.Core.Billing.Payment.Models;
 using Bit.Core.Billing.Pricing;
 using Bit.Core.Billing.Providers.Entities;
 using Bit.Core.Billing.Providers.Models;
 using Bit.Core.Billing.Providers.Repositories;
 using Bit.Core.Billing.Providers.Services;
 using Bit.Core.Billing.Services;
-using Bit.Core.Billing.Tax.Models;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
@@ -51,7 +48,6 @@ public class ProviderBillingService(
     IProviderOrganizationRepository providerOrganizationRepository,
     IProviderPlanRepository providerPlanRepository,
     IProviderUserRepository providerUserRepository,
-    ISetupIntentCache setupIntentCache,
     IStripeAdapter stripeAdapter,
     ISubscriberService subscriberService)
     : IProviderBillingService
@@ -518,6 +514,7 @@ public async Task<Customer> SetupCustomer(
         }
 
         var braintreeCustomerId = "";
+        var setupIntentId = "";
 
         // ReSharper disable once SwitchStatementMissingSomeEnumCasesNoDefault
         switch (paymentMethod.Type)
@@ -539,7 +536,7 @@ public async Task<Customer> SetupCustomer(
                         throw new BillingException();
                     }
 
-                    await setupIntentCache.Set(provider.Id, setupIntent.Id);
+                    setupIntentId = setupIntent.Id;
                     break;
                 }
             case TokenizablePaymentMethodType.Card:
@@ -558,7 +555,15 @@ public async Task<Customer> SetupCustomer(
 
         try
         {
-            return await stripeAdapter.CreateCustomerAsync(options);
+            var customer = await stripeAdapter.CreateCustomerAsync(options);
+
+            if (!string.IsNullOrEmpty(setupIntentId))
+            {
+                await stripeAdapter.UpdateSetupIntentAsync(setupIntentId,
+                    new SetupIntentUpdateOptions { Customer = customer.Id });
+            }
+
+            return customer;
         }
         catch (StripeException stripeException) when (stripeException.StripeError?.Code == ErrorCodes.TaxIdInvalid)
         {
@@ -577,12 +582,10 @@ async Task Revert()
             // ReSharper disable once SwitchStatementMissingSomeEnumCasesNoDefault
             switch (paymentMethod.Type)
             {
-                case TokenizablePaymentMethodType.BankAccount:
+                case TokenizablePaymentMethodType.BankAccount when !string.IsNullOrEmpty(setupIntentId):
                     {
-                        var setupIntentId = await setupIntentCache.GetSetupIntentIdForSubscriber(provider.Id);
                         await stripeAdapter.CancelSetupIntentAsync(setupIntentId,
                             new SetupIntentCancelOptions { CancellationReason = "abandoned" });
-                        await setupIntentCache.RemoveSetupIntentForSubscriber(provider.Id);
                         break;
                     }
                 case TokenizablePaymentMethodType.PayPal when !string.IsNullOrEmpty(braintreeCustomerId):
@@ -635,17 +638,18 @@ public async Task<Subscription> SetupSubscription(
             });
         }
 
-        var setupIntentId = await setupIntentCache.GetSetupIntentIdForSubscriber(provider.Id);
+        var setupIntents = await stripeAdapter.ListSetupIntentsAsync(new SetupIntentListOptions
+        {
+            Customer = customer.Id,
+            Expand = ["data.payment_method"]
+        });
 
-        var setupIntent = !string.IsNullOrEmpty(setupIntentId)
-            ? await stripeAdapter.GetSetupIntentAsync(setupIntentId,
-                new SetupIntentGetOptions { Expand = ["payment_method"] })
-            : null;
+        var hasUnverifiedBankAccount = setupIntents?.Any(si => si.IsUnverifiedBankAccount()) ?? false;
 
         var usePaymentMethod =
             !string.IsNullOrEmpty(customer.InvoiceSettings?.DefaultPaymentMethodId) ||
             customer.Metadata?.ContainsKey(BraintreeCustomerIdKey) == true ||
-            setupIntent?.IsUnverifiedBankAccount() == true;
+            hasUnverifiedBankAccount;
 
         int? trialPeriodDays = provider.Type switch
         {
@@ -699,19 +703,6 @@ public async Task<Subscription> SetupSubscription(
         }
     }
 
-    public async Task UpdatePaymentMethod(
-        Provider provider,
-        TokenizedPaymentSource tokenizedPaymentSource,
-        TaxInformation taxInformation)
-    {
-        await Task.WhenAll(
-            subscriberService.UpdatePaymentSource(provider, tokenizedPaymentSource),
-            subscriberService.UpdateTaxInformation(provider, taxInformation));
-
-        await stripeAdapter.UpdateSubscriptionAsync(provider.GatewaySubscriptionId,
-            new SubscriptionUpdateOptions { CollectionMethod = CollectionMethod.ChargeAutomatically });
-    }
-
     public async Task UpdateSeatMinimums(UpdateProviderSeatMinimumsCommand command)
     {
         var (provider, updatedPlanConfigurations) = command;

bitwarden_license/src/Scim/Controllers/v2/UsersController.cs

@@ -1,17 +1,22 @@
 // FIXME: Update this file to be null safe and then delete the line below
 #nullable disable
 
+using Bit.Core;
+using Bit.Core.AdminConsole.Models.Data;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.RestoreUser.v1;
-using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.RevokeUser.v1;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.RevokeUser.v2;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
+using Bit.Core.Services;
 using Bit.Scim.Models;
 using Bit.Scim.Users.Interfaces;
 using Bit.Scim.Utilities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using IRevokeOrganizationUserCommand = Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.RevokeUser.v1.IRevokeOrganizationUserCommand;
+using IRevokeOrganizationUserCommandV2 = Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.RevokeUser.v2.IRevokeOrganizationUserCommand;
 
 namespace Bit.Scim.Controllers.v2;
 
@@ -28,14 +33,18 @@ public class UsersController : Controller
     private readonly IPostUserCommand _postUserCommand;
     private readonly IRestoreOrganizationUserCommand _restoreOrganizationUserCommand;
     private readonly IRevokeOrganizationUserCommand _revokeOrganizationUserCommand;
+    private readonly IFeatureService _featureService;
+    private readonly IRevokeOrganizationUserCommandV2 _revokeOrganizationUserCommandV2;
 
     public UsersController(IOrganizationUserRepository organizationUserRepository,
         IGetUsersListQuery getUsersListQuery,
         IRemoveOrganizationUserCommand removeOrganizationUserCommand,
         IPatchUserCommand patchUserCommand,
         IPostUserCommand postUserCommand,
         IRestoreOrganizationUserCommand restoreOrganizationUserCommand,
-        IRevokeOrganizationUserCommand revokeOrganizationUserCommand)
+        IRevokeOrganizationUserCommand revokeOrganizationUserCommand,
+        IFeatureService featureService,
+        IRevokeOrganizationUserCommandV2 revokeOrganizationUserCommandV2)
     {
         _organizationUserRepository = organizationUserRepository;
         _getUsersListQuery = getUsersListQuery;
@@ -44,6 +53,8 @@ public UsersController(IOrganizationUserRepository organizationUserRepository,
         _postUserCommand = postUserCommand;
         _restoreOrganizationUserCommand = restoreOrganizationUserCommand;
         _revokeOrganizationUserCommand = revokeOrganizationUserCommand;
+        _featureService = featureService;
+        _revokeOrganizationUserCommandV2 = revokeOrganizationUserCommandV2;
     }
 
     [HttpGet("{id}")]
@@ -100,7 +111,33 @@ public async Task<IActionResult> Put(Guid organizationId, Guid id, [FromBody] Sc
         }
         else if (!model.Active && orgUser.Status != OrganizationUserStatusType.Revoked)
         {
-            await _revokeOrganizationUserCommand.RevokeUserAsync(orgUser, EventSystemUser.SCIM);
+            if (_featureService.IsEnabled(FeatureFlagKeys.ScimRevokeV2))
+            {
+                var results = await _revokeOrganizationUserCommandV2.RevokeUsersAsync(
+                    new RevokeOrganizationUsersRequest(
+                        organizationId,
+                        [id],
+                        new SystemUser(EventSystemUser.SCIM)));
+
+                var errors = results.Select(x => x.Result.Match(
+                    y => $"{y.Message} for user {x.Id}",
+                    _ => null))
+                    .Where(x => !string.IsNullOrWhiteSpace(x))
+                    .ToList();
+
+                if (errors.Count != 0)
+                {
+                    return new BadRequestObjectResult(new ScimErrorResponseModel
+                    {
+                        Status = 400,
+                        Detail = string.Join(", ", errors)
+                    });
+                }
+            }
+            else
+            {
+                await _revokeOrganizationUserCommand.RevokeUserAsync(orgUser, EventSystemUser.SCIM);
+            }
         }
 
         // Have to get full details object for response model

bitwarden_license/test/Commercial.Core.Test/Billing/Providers/Services/ProviderBillingServiceTests.cs

@@ -6,7 +6,6 @@
 using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.AdminConsole.Models.Data.Provider;
 using Bit.Core.AdminConsole.Repositories;
-using Bit.Core.Billing.Caches;
 using Bit.Core.Billing.Constants;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Billing.Payment.Models;
@@ -934,17 +933,11 @@ public async Task SetupCustomer_WithBankAccount_Error_Reverts(
                 o.TaxIdData.FirstOrDefault().Value == billingAddress.TaxId.Value))
             .Throws<StripeException>();
 
-        sutProvider.GetDependency<ISetupIntentCache>().GetSetupIntentIdForSubscriber(provider.Id).Returns("setup_intent_id");
-
         await Assert.ThrowsAsync<StripeException>(() =>
             sutProvider.Sut.SetupCustomer(provider, tokenizedPaymentMethod, billingAddress));
 
-        await sutProvider.GetDependency<ISetupIntentCache>().Received(1).Set(provider.Id, "setup_intent_id");
-
         await stripeAdapter.Received(1).CancelSetupIntentAsync("setup_intent_id", Arg.Is<SetupIntentCancelOptions>(options =>
             options.CancellationReason == "abandoned"));
-
-        await sutProvider.GetDependency<ISetupIntentCache>().Received(1).RemoveSetupIntentForSubscriber(provider.Id);
     }
 
     [Theory, BitAutoData]
@@ -1031,7 +1024,8 @@ public async Task SetupCustomer_WithBankAccount_Success(
 
         Assert.Equivalent(expected, actual);
 
-        await sutProvider.GetDependency<ISetupIntentCache>().Received(1).Set(provider.Id, "setup_intent_id");
+        await stripeAdapter.Received(1).UpdateSetupIntentAsync("setup_intent_id",
+            Arg.Is<SetupIntentUpdateOptions>(options => options.Customer == expected.Id));
     }
 
     [Theory, BitAutoData]
@@ -1532,15 +1526,12 @@ public async Task SetupSubscription_ChargeAutomatically_HasBankAccount_Succeeds(
 
         var expected = new Subscription { Id = "subscription_id", Status = StripeConstants.SubscriptionStatus.Active };
 
-
-        const string setupIntentId = "seti_123";
-
-        sutProvider.GetDependency<ISetupIntentCache>().GetSetupIntentIdForSubscriber(provider.Id).Returns(setupIntentId);
-
-        sutProvider.GetDependency<IStripeAdapter>().GetSetupIntentAsync(setupIntentId, Arg.Is<SetupIntentGetOptions>(options =>
-            options.Expand.Contains("payment_method"))).Returns(new SetupIntent
+        sutProvider.GetDependency<IStripeAdapter>().ListSetupIntentsAsync(Arg.Is<SetupIntentListOptions>(options =>
+            options.Customer == customer.Id &&
+            options.Expand.Contains("data.payment_method"))).Returns([
+            new SetupIntent
             {
-                Id = setupIntentId,
+                Id = "seti_123",
                 Status = "requires_action",
                 NextAction = new SetupIntentNextAction
                 {
@@ -1550,7 +1541,8 @@ public async Task SetupSubscription_ChargeAutomatically_HasBankAccount_Succeeds(
                 {
                     UsBankAccount = new PaymentMethodUsBankAccount()
                 }
-            });
+            }
+        ]);
 
         sutProvider.GetDependency<IStripeAdapter>().CreateSubscriptionAsync(Arg.Is<SubscriptionCreateOptions>(
             sub =>

bitwarden_license/test/Scim.IntegrationTest/Controllers/v2/UsersControllerTests.cs

@@ -394,9 +394,18 @@ public async Task Post_ExistingData_Conflict(string email, string externalId)
         Assert.Equal(_initialUserCount, databaseContext.OrganizationUsers.Count());
     }
 
-    [Fact]
-    public async Task Put_RevokeUser_Success()
+    [Theory]
+    [InlineData(true)]
+    [InlineData(false)]
+    public async Task Put_RevokeUser_Success(bool scimRevokeV2Enabled)
     {
+        var localFactory = new ScimApplicationFactory();
+        localFactory.SubstituteService((IFeatureService featureService)
+            => featureService.IsEnabled(FeatureFlagKeys.ScimRevokeV2)
+                .Returns(scimRevokeV2Enabled));
+
+        localFactory.ReinitializeDbForTests(localFactory.GetDatabaseContext());
+
         var organizationUserId = ScimApplicationFactory.TestOrganizationUserId2;
         var inputModel = new ScimUserRequestModel
         {
@@ -418,13 +427,13 @@ public async Task Put_RevokeUser_Success()
             Schemas = new List<string> { ScimConstants.Scim2SchemaUser }
         };
 
-        var context = await _factory.UsersPutAsync(ScimApplicationFactory.TestOrganizationId1, organizationUserId, inputModel);
+        var context = await localFactory.UsersPutAsync(ScimApplicationFactory.TestOrganizationId1, organizationUserId, inputModel);
 
         var responseModel = JsonSerializer.Deserialize<ScimUserResponseModel>(context.Response.Body, new JsonSerializerOptions { PropertyNamingPolicy = JsonNamingPolicy.CamelCase });
         Assert.Equal(StatusCodes.Status200OK, context.Response.StatusCode);
         AssertHelper.AssertPropertyEqual(expectedResponse, responseModel);
 
-        var databaseContext = _factory.GetDatabaseContext();
+        var databaseContext = localFactory.GetDatabaseContext();
         var revokedUser = databaseContext.OrganizationUsers.FirstOrDefault(g => g.Id == organizationUserId);
         Assert.Equal(OrganizationUserStatusType.Revoked, revokedUser.Status);
     }