Skip to content

[PM-31905] Remove m2 flag definition#7353

Merged
cturnbull-bitwarden merged 9 commits intomainfrom
billing/PM-31905/remove-m2-flag-definition-server
Apr 2, 2026
Merged

[PM-31905] Remove m2 flag definition#7353
cturnbull-bitwarden merged 9 commits intomainfrom
billing/PM-31905/remove-m2-flag-definition-server

Conversation

@cturnbull-bitwarden
Copy link
Copy Markdown
Contributor

@cturnbull-bitwarden cturnbull-bitwarden commented Mar 30, 2026
edited
Loading

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-31905
https://bitwarden.atlassian.net/browse/PM-31891

📔 Objective

Remove the PM23341_Milestone_2 constant from FeatureFlagKeys in Constants.cs. All flagged logic was removed in the parent PR.

@cturnbull-bitwarden
Remove pm-23341-milestone-2 flag from UpcomingInvoiceHandler.HandleFo…
a228b50 
…rUserAsync

Always call AlignPremiumUsersSubscriptionConcernsAsync instead of gating
it behind the feature flag.
@cturnbull-bitwarden
Remove pm-23341-milestone-2 flag from AccountsController and Subscrip…
1229016 
…tionResponseModel

Remove includeMilestone2Discount parameter from both SubscriptionResponseModel
constructors. Rename ShouldIncludeMilestone2Discount to ShouldIncludeDiscount
and always evaluate the discount (coupon ID match + active check).
@cturnbull-bitwarden
Update AccountsControllerTests after pm-23341-milestone-2 removal
a0d204c 
Remove feature flag mock setup lines and delete test methods that
verified flag-disabled behavior. Rename tests to remove flag references.
@cturnbull-bitwarden
Update SubscriptionResponseModelTests after pm-23341-milestone-2 removal
d085f30 
Remove includeMilestone2Discount parameter from all constructor calls.
Delete tests that verified flag-disabled behavior.
@cturnbull-bitwarden
Update UpcomingInvoiceHandlerTests after pm-23341-milestone-2 removal
7b95fbf 
Remove all feature flag mock setup lines for PM23341_Milestone_2.
@cturnbull-bitwarden
Remove IFeatureService from AccountsController constructor and tests
e499bfa 
The constructor parameter became unused after removing the flag check.
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 30, 2026
edited
Loading

Logo
Checkmarx One – Scan Summary & Details48b18f15-d280-4326-bbb5-9fa80b26d35e

New Issues (121) Checkmarx found the following issues in this Pull Request
# Severity Issue Source File / Package Checkmarx Insight
1 CRITICAL Stored_XSS /src/SharedWeb/Health/HealthCheckServiceExtensions.cs: 61
detailsThe method embeds untrusted data in generated output with WriteAsync, at line 60 of /src/SharedWeb/Health/HealthCheckServiceExtensions.cs. This ...
Attack Vector
2 CRITICAL Stored_XSS /util/Server/Startup.cs: 57
detailsThe method embeds untrusted data in generated output with WriteAsync, at line 59 of /util/Server/Startup.cs. This untrusted data is embedded int...
Attack Vector
3 MEDIUM CSRF /src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs: 55
detailsMethod at line 55 of /src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs gets a parameter from a user request from user. This pa...
Attack Vector
4 MEDIUM CSRF /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 145
detailsMethod at line 145 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from request. T...
Attack Vector
5 MEDIUM CSRF /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 145
detailsMethod at line 145 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from request. T...
Attack Vector
6 MEDIUM CSRF /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 97
detailsMethod at line 97 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. This...
Attack Vector
7 MEDIUM CSRF /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 97
detailsMethod at line 97 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. This...
Attack Vector
8 MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 534
detailsMethod at line 534 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from model. This par...
Attack Vector
9 MEDIUM CSRF /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 229
detailsMethod at line 229 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. Thi...
Attack Vector
10 MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1558
detailsMethod at line 1558 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...
Attack Vector
11 MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1558
detailsMethod at line 1558 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...
Attack Vector
12 MEDIUM CSRF /src/Api/Tools/Controllers/SendsController.cs: 73
detailsMethod at line 73 of /src/Api/Tools/Controllers/SendsController.cs gets a parameter from a user request from id. This parameter value flows thro...
Attack Vector
13 MEDIUM CSRF /src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs: 145
detailsMethod at line 145 of /src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs gets a parameter from a user request from user. This p...
Attack Vector
14 MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 217
detailsMethod at line 217 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow...
Attack Vector
15 MEDIUM CSRF /src/Api/Public/Controllers/CollectionsController.cs: 91
detailsMethod at line 91 of /src/Api/Public/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value ...
Attack Vector
16 MEDIUM CSRF /src/Api/Public/Controllers/CollectionsController.cs: 91
detailsMethod at line 91 of /src/Api/Public/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value ...
Attack Vector
17 MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 176
detailsMethod at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ...
Attack Vector
18 MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 176
detailsMethod at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ...
Attack Vector
19 MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 176
detailsMethod at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ...
Attack Vector
20 MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 176
detailsMethod at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ...
Attack Vector
21 MEDIUM CSRF /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 173
detailsMethod at line 173 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. Thi...
Attack Vector
22 MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 452
detailsMethod at line 452 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow...
Attack Vector
23 MEDIUM CSRF /src/Api/Dirt/Controllers/OrganizationReportsController.cs: 189
detailsMethod at line 189 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet...
Attack Vector
24 MEDIUM CSRF /src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs: 104
detailsMethod at line 104 of /src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs gets a parameter from a user request from user. This p...
Attack Vector
25 MEDIUM CSRF /src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs: 107
detailsMethod at line 107 of /src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs gets a parameter from a user request from organiza...
Attack Vector
26 MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1417
detailsMethod at line 1417 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...
Attack Vector
27 MEDIUM CSRF /src/Api/Dirt/Controllers/OrganizationReportsController.cs: 233
detailsMethod at line 233 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet...
Attack Vector
28 MEDIUM CSRF /src/Api/Dirt/Controllers/OrganizationReportsController.cs: 286
detailsMethod at line 286 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet...
Attack Vector
29 MEDIUM CSRF /src/Api/Dirt/Controllers/OrganizationReportsController.cs: 189
detailsMethod at line 189 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet...
Attack Vector
30 MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1417
detailsMethod at line 1417 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...
Attack Vector
31 MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1417
detailsMethod at line 1417 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...
Attack Vector
32 MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 289
detailsMethod at line 289 of /src/Api/AdminConsole/Controllers/GroupsController.cs gets a parameter from a user request from orgUserId. This parameter ...
Attack Vector
33 MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1385
detailsMethod at line 1385 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...
Attack Vector
34 MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1446
detailsMethod at line 1446 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...
Attack Vector
35 MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1148
detailsMethod at line 1148 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...
Attack Vector
36 MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1032
detailsMethod at line 1032 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...
Attack Vector
37 MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1281
detailsMethod at line 1281 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from organizationId. This parameter ...
Attack Vector
38 MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 394
detailsMethod at line 394 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from model. This par...
Attack Vector

More results are available on the CxOne platform

Fixed Issues (1) Great job! The following issues were fixed in this Pull Request
Severity Issue Source File / Package
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 287

@cturnbull-bitwarden cturnbull-bitwarden changed the title Remove PM23341_Milestone_2 flag definition from server [PM-31905] Remove m2 flag definition Mar 30, 2026
@cturnbull-bitwarden
Add default ListPremiumPlans mock for UpcomingInvoiceHandler tests
0435ee9 
After removing the m2 flag guard, AlignPremiumUsersSubscriptionConcernsAsync
is always called and needs ListPremiumPlans to return a non-null value.
Add a default empty list in the test constructor setup.
@cturnbull-bitwarden
Remove PM23341_Milestone_2 flag definition from FeatureFlagKeys
924b9c6
@cturnbull-bitwarden cturnbull-bitwarden force-pushed the billing/PM-31905/remove-m2-flag-definition-server branch from 7b5f1b2 to 924b9c6 Compare March 30, 2026 16:18
@codecov
Copy link
Copy Markdown

codecov bot commented Mar 30, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 58.22%. Comparing base (aced376) to head (bdf5b1e).
⚠️ Report is 10 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #7353   +/-   ##
=======================================
  Coverage   58.22%   58.22%           
=======================================
  Files        2060     2060           
  Lines       90945    90945           
  Branches     8080     8080           
=======================================
  Hits        52954    52954           
  Misses      36119    36119           
  Partials     1872     1872

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Base automatically changed from billing/PM-31902/remove-m2-flagged-logic-server to main April 1, 2026 18:05
@cturnbull-bitwarden cturnbull-bitwarden dismissed amorask-bitwarden’s stale review April 1, 2026 18:05

The base branch was changed.

@cturnbull-bitwarden
Merge remote-tracking branch 'origin/main' into billing/PM-31905/remo…
bdf5b1e 
…ve-m2-flag-definition-server

# Conflicts:
#	src/Api/Billing/Controllers/AccountsController.cs
#	test/Api.Test/Billing/Controllers/AccountsControllerTests.cs
@cturnbull-bitwarden cturnbull-bitwarden marked this pull request as ready for review April 1, 2026 18:13
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Apr 1, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@cturnbull-bitwarden cturnbull-bitwarden enabled auto-merge (squash) April 1, 2026 18:45
@cturnbull-bitwarden cturnbull-bitwarden merged commit 2b49ddb into main Apr 2, 2026
41 checks passed
@cturnbull-bitwarden cturnbull-bitwarden deleted the billing/PM-31905/remove-m2-flag-definition-server branch April 2, 2026 14:06
@djsmith85 djsmith85 added the t:feature Change Type - Feature Development label Apr 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amorask-bitwarden amorask-bitwarden amorask-bitwarden approved these changes

Assignees

No one assigned

Labels

t:feature Change Type - Feature Development

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cturnbull-bitwarden @amorask-bitwarden @djsmith85