[PM-16921] Improve validation tax information when subscribing to pre…

[jonashendrickx]

…mium

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-16921

📔 Objective

• Passes line 1, line 2, state, city to Stripe.
• Correctly requires both postal code and country when submitting the payment.
• Depends on: [PM-16921] Verify tax information is being passed correctly and valid… clients#12800
• Removes endpoints and code paths that are no longer being used to update payment methods.

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[codecov]

Codecov Report

Attention: Patch coverage is 6.66667% with 14 lines in your changes missing coverage. Please review.

Project coverage is 46.88%. Comparing base (c9a42d8) to head (f3b3b6c).
Report is 6 commits behind head on main.

Files with missing lines	Patch %	Lines
src/Api/Billing/Controllers/AccountsController.cs	0.00%	10 Missing ⚠️
...Api/Models/Request/Accounts/PremiumRequestModel.cs	20.00%	4 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5247      +/-   ##
==========================================
+ Coverage   46.69%   46.88%   +0.18%     
==========================================
  Files        1609     1609              
  Lines       73195    72905     -290     
  Branches     6560     6522      -38     
==========================================
  Hits        34181    34181              
+ Misses      37578    37288     -290     
  Partials     1436     1436              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Checkmarx One – Scan Summary & Details – 9712d5ea-e570-4a28-ad97-dd782136959b

New Issues (3)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationDomainController.cs: 94	details Method Verify at line 94 of /src/Api/AdminConsole/Controllers/OrganizationDomainController.cs gets a parameter from a user request from orgId. This... ID: T3s4Spy2%2BYNmmyxwb16mjxjKe6k%3D Attack Vector
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationDomainController.cs: 94	details Method Verify at line 94 of /src/Api/AdminConsole/Controllers/OrganizationDomainController.cs gets a parameter from a user request from id. This pa... ID: zYvEEYpPId7m9lgEpRbyJ%2BvSLNk%3D Attack Vector
	Missing_CSP_Header	/src/Core/MailTemplates/Handlebars/Billing/BusinessUnitConversionInvite.html.hbs: 12	details A Content Security Policy is not explicitly defined within the web-application. ID: IIshHvFH05usl0d7kdglsEkC7i8%3D Attack Vector

Fixed Issues (6)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	/src/Api/Controllers/DevicesController.cs: 75
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 164
	CSRF	/src/Api/Controllers/DevicesController.cs: 62
	CSRF	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 86
	CSRF	/src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 133
	CSRF	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 96

[amorask-bitwarden]

I don't think there's any path left that actually invokes StripePaymentService.UpdatePaymentMethod. I've done a bad job of starting to remove this old stuff after it's been left unused, but I'll try to get around to it during BEEEP time - that's on me.

You're going to want to look in:

• OrganizationBillingService
• PremiumUserBillingService

[amorask-bitwarden]

Accidentally approved, please see comment.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud