Ac/ac 2646/remove fc mvp code

[vincentsalucci]

🎟️ Tracking

📔 Objective

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – a73f422a-3858-415c-b921-3b1721fe7d2b

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	CSRF	/src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 110	Attack Vector
	CSRF	/src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 133	Attack Vector
	Privacy_Violation	/src/Api/Auth/Controllers/WebAuthnController.cs: 178	Attack Vector
	Privacy_Violation	/src/Api/Auth/Controllers/AccountsController.cs: 828	Attack Vector
	Privacy_Violation	/src/Api/Auth/Controllers/AccountsController.cs: 846	Attack Vector
	Privacy_Violation	/src/Api/Vault/Controllers/CiphersController.cs: 961	Attack Vector
	Privacy_Violation	/src/Api/Controllers/DevicesController.cs: 129	Attack Vector
	Privacy_Violation	/src/Api/Auth/Controllers/AccountsController.cs: 411	Attack Vector
	Privacy_Violation	/src/Api/Auth/Controllers/AccountsController.cs: 548	Attack Vector
	Privacy_Violation	/src/Api/Auth/Controllers/TwoFactorController.cs: 444	Attack Vector
	Privacy_Violation	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: 260	Attack Vector
	Privacy_Violation	/src/Api/Controllers/DevicesController.cs: 155	Attack Vector
	Privacy_Violation	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: 429	Attack Vector
	Privacy_Violation	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: 376	Attack Vector
	Log_Forging	/src/Billing/Controllers/StripeController.cs: 117	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/WebAuthnController.cs: 153	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/WebAuthnController.cs: 85	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/WebAuthnController.cs: 68	Attack Vector
	Log_Forging	/src/Billing/Controllers/StripeController.cs: 117	Attack Vector
	Log_Forging	/src/Billing/Controllers/StripeController.cs: 117	Attack Vector
	Log_Forging	/src/Billing/Controllers/StripeController.cs: 117	Attack Vector
	Log_Forging	/src/Billing/Controllers/StripeController.cs: 117	Attack Vector
	Log_Forging	/src/Billing/Controllers/StripeController.cs: 117	Attack Vector
	Log_Forging	/src/Billing/Controllers/StripeController.cs: 117	Attack Vector
	Log_Forging	/src/Billing/Controllers/StripeController.cs: 117	Attack Vector
	Log_Forging	/src/Billing/Controllers/StripeController.cs: 117	Attack Vector
	Log_Forging	/src/Billing/Controllers/StripeController.cs: 117	Attack Vector
	Log_Forging	/src/Billing/Controllers/StripeController.cs: 117	Attack Vector
	Log_Forging	/src/Api/Vault/Controllers/CiphersController.cs: 222	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/TwoFactorController.cs: 131	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/TwoFactorController.cs: 148	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/TwoFactorController.cs: 157	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/TwoFactorController.cs: 188	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/TwoFactorController.cs: 206	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/TwoFactorController.cs: 245	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/TwoFactorController.cs: 254	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/TwoFactorController.cs: 263	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/TwoFactorController.cs: 280	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/TwoFactorController.cs: 289	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/TwoFactorController.cs: 297	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/TwoFactorController.cs: 350	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/TwoFactorController.cs: 369	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/TwoFactorController.cs: 380	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/TwoFactorController.cs: 402	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/AccountsController.cs: 403	Attack Vector
	Log_Forging	/src/Api/Controllers/DevicesController.cs: 120	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/AccountsController.cs: 540	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/AccountsController.cs: 820	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/AccountsController.cs: 838	Attack Vector
	Log_Forging	/src/Api/Vault/Controllers/CiphersController.cs: 953	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/TwoFactorController.cs: 94	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/TwoFactorController.cs: 104	Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/TwoFactorController.cs: 122	Attack Vector
	Log_Forging	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: 240	Attack Vector
	Log_Forging	/src/Api/Controllers/DevicesController.cs: 146	Attack Vector
	Log_Forging	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: 404	Attack Vector
	Log_Forging	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: 341	Attack Vector

Fixed Issues

Severity	Issue	Source File / Package
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 360
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 360
	CSRF	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 98
	CSRF	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 88
	CSRF	/src/Identity/Controllers/AccountsController.cs: 72
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 265
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 248
	CSRF	/src/Api/AdminConsole/Public/Controllers/MembersController.cs: 184
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 583
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 583
	CSRF	/bitwarden_license/src/Sso/Controllers/AccountController.cs: 100
	Log_Forging	/src/Billing/Controllers/StripeController.cs: 117
	Log_Forging	/src/Billing/Controllers/StripeController.cs: 117
	Log_Forging	/src/Billing/Controllers/StripeController.cs: 117
	Log_Forging	/src/Billing/Controllers/StripeController.cs: 117
	Log_Forging	/src/Billing/Controllers/StripeController.cs: 117
	Log_Forging	/src/Api/Vault/Controllers/CiphersController.cs: 583

[eliykat]

A few code review comments, I have also fixed various tests here: #4467

[eliykat]

FlexibleCollections should actually default to false, as the goal of these changes is to enable us to drop the FlexibleCollections column; the new FC code should be executed for all organizations. Best to remove it from here altogether.

Suggested change

	[Theory, OrganizationCustomize(UseGroups = true, FlexibleCollections = true), BitAutoData]
	[Theory, OrganizationCustomize(UseGroups = true), BitAutoData]

Same for all other uses of this customization.

[eliykat]

Remove references to FC being enabled/disabled:

Suggested change

	public async Task ImportCiphersAsync_IntoOrganization_WithFlexibleCollectionsEnabled_Success(
	public async Task ImportCiphersAsync_IntoOrganization_Success(

Please check all other tests to see if there are any other tests that need to be renamed or deleted. (e.g. if there are tests for with & without FC enabled, they'll now both be running the same code)

[vincentsalucci]

WithFlexibleCollectionsEnabled
WithFlexibleCollections
FlexibleCollectionsDisabled
WithoutFlexibleCollections

[codecov]

Codecov Report

Attention: Patch coverage is 62.74510% with 19 lines in your changes missing coverage. Please review.

Project coverage is 41.17%. Comparing base (9c8a9f4) to head (4942598).

Files	Patch %	Lines
.../OrganizationFeatures/Groups/CreateGroupCommand.cs	33.33%	2 Missing and 2 partials ⚠️
.../OrganizationFeatures/Groups/UpdateGroupCommand.cs	33.33%	2 Missing and 2 partials ⚠️
...le/Services/Implementations/OrganizationService.cs	77.77%	1 Missing and 3 partials ⚠️
...Core/Services/Implementations/CollectionService.cs	60.00%	1 Missing and 3 partials ⚠️
...OrganizationUsers/UpdateOrganizationUserCommand.cs	50.00%	1 Missing and 1 partial ⚠️
...cial.Core/AdminConsole/Services/ProviderService.cs	0.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4281      +/-   ##
==========================================
- Coverage   41.20%   41.17%   -0.03%     
==========================================
  Files        1265     1265              
  Lines       60333    60295      -38     
  Branches     5516     5510       -6     
==========================================
- Hits        24861    24829      -32     
+ Misses      34325    34314      -11     
- Partials     1147     1152       +5     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.