PM-34033 - Add individual user seeding to preset pipeline

[theMickster]

🎟️ Tracking

PM-34033

📔 Objective

Adds individual user seeding to the preset pipeline — standalone user accounts with no organization, for testing personal vault features without org overhead. Also includes a maintainability refactor extracting SeederDependencies, SeederServiceFactory, and PresetCatalogService to reduce duplication across CLI commands.

What's new

• individual CLI command — seed individual users programmatically with --subscription, --first-name, --last-name, --vault flags. Random Faker names auto-enable mangling.
• Individual presets (free, premium) — fixture-based individual user presets with ciphers: { count: 0 } (cipher fixtures TBD).
• PresetValidator — validates mutual exclusivity of organization and user keys, rejects org-only fields on individual presets.
• PresetCatalogService — catalog listing extracted from OrganizationRecipe into a dedicated public service.
• SeederDependencies — bundles DatabaseContext, IMapper, IPasswordHasher<User>, IManglerService into a single record. Recipes and the orchestrator accept this instead of 4 loose parameters.
• SeederServiceFactory — shared DI setup for CLI commands, replacing duplicated ServiceCollection boilerplate in each command.
• Schema change — ciphers.count minimum lowered from 1 to 0 to support empty-vault presets.

🧪 Testing

Expand for testing instructions

Step 1: Seed individual presets

From util/SeederUtility/:

# Free individual user (no vault data)
dotnet run -- seed --preset individual.free --mangle

# Premium individual user (no vault data)
dotnet run -- seed --preset individual.premium --mangle

Step 2: Seed via the individual CLI command

# Named user — predictable email (john.doe@individual.example)
dotnet run -- individual --subscription free --first-name John --last-name Doe

# Premium named user with personal vault (~75 ciphers, 5 folders)
dotnet run -- individual --subscription premium --first-name Jane --last-name Smith --vault

# Random name — mangling auto-enabled
dotnet run -- individual --subscription premium --vault --mangle

Step 3: Verify login

Preset / Command	Login Email	Password	Premium
individual.free	freeuser@individual.example	asdfasdfasdf	No
individual.premium	premuser@individual.example	asdfasdfasdf	Yes
individual --subscription free --first-name John --last-name Doe	john.doe@individual.example	asdfasdfasdf	No

Step 4: Verify backward compatibility

Seed existing org presets and confirm identical behavior:

dotnet run -- seed --preset qa.enterprise-basic --mangle
dotnet run -- seed --preset scale.sm-balanced-planet-express --mangle

Step 5: Verify --list shows both categories

dotnet run -- seed --list

Should show "Organization Presets:" and "Individual User Presets:" sections.

[github-actions]

Overall Assessment: APPROVE

Adds individual user seeding to the preset pipeline with CreateIndividualUserStep, CreateNamedFoldersStep, IndividualUserRecipe, and supporting infrastructure. The PresetValidator enforces mutual exclusivity between organization and individual presets at load time, and the JSON schema uses oneOf for fixture-level validation. Infrastructure consolidation via SeederDependencies and SeederServiceFactory reduces DI boilerplate across CLI commands. Previous findings (null-forgiving operators, error message accuracy) have been addressed in resolved threads.

Code Review Details

No findings.

[github-actions]

Checkmarx One – Scan Summary & Details – 593cf9bc-7302-4218-88ac-aa579e6c2b07

---

New Issues (2)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1562	details Method at line 1562 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
2		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1389	details Method at line 1389 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector

---

Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 287

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.91%. Comparing base (54c3e4a) to head (ad01b46).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #7304   +/-   ##
=======================================
  Coverage   57.91%   57.91%           
=======================================
  Files        2045     2045           
  Lines       90235    90235           
  Branches     8024     8024           
=======================================
  Hits        52264    52264           
  Misses      36104    36104           
  Partials     1867     1867           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
7.3% Duplication on New Code

See analysis details on SonarQube Cloud

[nthompson-bitwarden]

nice!