Skip to content

[PM-39815] feat: Surface org name on invite-link status when links unavailable#7928

Merged
r-tome merged 3 commits into
mainfrom
pm-39815-invite-link-status-org-name
Jul 14, 2026
Merged

[PM-39815] feat: Surface org name on invite-link status when links unavailable#7928
r-tome merged 3 commits into
mainfrom
pm-39815-invite-link-status-org-name

Conversation

@r-tome

@r-tome r-tome commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

🎟️ Tracking

Resolves PM-39815
Clients PR: bitwarden/clients#21820

📔 Objective

The anonymous POST /organizations/invite-link/status endpoint (GetOrganizationInviteLinkStatusQuery) previously returned 400 InviteLinkNotAvailable when organization.UseInviteLinks is false. Because the v2 error pipeline only serializes ErrorResponseModel.Message, the client couldn't display the organization's name in that case.

This change:

  • Converts the UseInviteLinks == false case into a success 200 OK carrying OrganizationName, a new LinksEnabled: false flag, and SeatsAvailable: false, so the client can render an org-specific message.
  • Updates the IGetOrganizationInviteLinkStatusQuery XML doc to match the new contract.

Intentional divergence (re: keeping status/accept returns aligned): status now represents UseInviteLinks == false as a success (linksEnabled: false), while the authenticated accept endpoint continues to return InviteLinkNotAvailable (400) for the same condition. This is deliberate — status is a pre-flight read used to render a message, whereas accept is a guarded mutation that must reject. The shared error records/messages otherwise remain aligned.

Tests

  • Core.Test, Api.Test, and Api.IntegrationTest invite-link suites updated and passing.
  • AcceptOrganizationInviteLinkCommandTests confirm the accept endpoint's behavior is unchanged.

…available

Convert the UseInviteLinks=false case on the invite-link status endpoint from a
400 InviteLinkNotAvailable error into a 200 success carrying the org name and a
new LinksEnabled flag, so the client can show an org-specific message. Also
expose OrganizationId on the status and validate-email-domain responses.
@r-tome r-tome added the ai-review Request a Claude code review label Jul 6, 2026
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

🤖 Bitwarden Claude Code Review

Overall Assessment: APPROVE

Reviewed the change converting the anonymous POST /organizations/invite-link/status endpoint's UseInviteLinks == false case from a 400 InviteLinkNotAvailable error into a 200 OK success carrying OrganizationName, a new LinksEnabled: false flag, and SeatsAvailable: false. Verified the OrganizationInviteLinkStatus record, response model, controller mapping, XML doc, and all four call sites are updated consistently. The intentional divergence between status (pre-flight read, returns 200) and accept (guarded mutation, still returns 400) is clearly documented.

Code Review Details

No findings. Notes considered during review:

  • Data exposure: the endpoint is anonymous, but returning OrganizationName when links are disabled is not a new disclosure class — a valid invite-link code (a GUID that must exist) is required, and the org name is already returned on the existing success path. The organization is null or { Enabled: false } case still returns InviteLinkNotFound and leaks nothing.
  • All positional constructor call sites for OrganizationInviteLinkStatus and OrganizationInviteLinkStatusResponseModel were updated for the inserted LinksEnabled parameter; no argument-order mismatch remains.
  • Test coverage is aligned: Core.Test asserts the new links-disabled success path, Api.Test asserts the flag propagates and removes the now-invalid bad-request test, and Api.IntegrationTest asserts LinksEnabled on the happy path.
  • The prior CRITICAL thread referencing result.OrganizationId is against an outdated diff and does not apply to the current change set.

@codecov

codecov Bot commented Jul 6, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 61.57%. Comparing base (5b4ac6e) to head (32ee1d2).
⚠️ Report is 51 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #7928      +/-   ##
==========================================
+ Coverage   61.33%   61.57%   +0.24%     
==========================================
  Files        2242     2256      +14     
  Lines       98630    99397     +767     
  Branches     8911     8984      +73     
==========================================
+ Hits        60490    61200     +710     
- Misses      36004    36045      +41     
- Partials     2136     2152      +16     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@r-tome r-tome added the t:feature Change Type - Feature Development label Jul 6, 2026
@r-tome r-tome marked this pull request as ready for review July 7, 2026 09:43
@r-tome r-tome requested a review from a team as a code owner July 7, 2026 09:43
@r-tome r-tome requested a review from jrmccannon July 7, 2026 09:43
jrmccannon
jrmccannon previously approved these changes Jul 8, 2026

@jrmccannon jrmccannon left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes sense to me. Returning a 200 on the status endpoint works with the addition of the links enabled property. 👍

…-email-domain responses

OrganizationId is now part of the invite link URL and sent by the client on every
request, so returning it in the response is redundant.
@r-tome r-tome requested a review from jrmccannon July 13, 2026 16:22

@JaredSnider-Bitwarden JaredSnider-Bitwarden left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

src/Api/AdminConsole/Models/Response/Organizations/OrganizationInviteLinkStatusResponseModel.cs LGTM!

r-tome added a commit to bitwarden/clients that referenced this pull request Jul 14, 2026
#21820)

Mirrors the server's new LinksEnabled flag (bitwarden/server#7928) so the
client can distinguish an org with invite links disabled from one with no
seats available, both surfaced as a success response rather than an error.
@r-tome r-tome merged commit 697cbf3 into main Jul 14, 2026
46 checks passed
@r-tome r-tome deleted the pm-39815-invite-link-status-org-name branch July 14, 2026 09:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ai-review Request a Claude code review t:feature Change Type - Feature Development

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants