Removed remaining methods out of org and user licenses

src/Core/AdminConsole/Services/Implementations/OrganizationService.cs

@@ -17,6 +17,7 @@ using Bit.Core.Auth.Repositories;
 using Bit.Core.Billing.Constants;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Billing.Extensions;
+using Bit.Core.Billing.Licenses.Extensions;
 using Bit.Core.Billing.Pricing;
 using Bit.Core.Context;
 using Bit.Core.Entities;

src/Core/Billing/Licenses/Extensions/LicenseExtensions.cs

@@ -7,7 +7,9 @@ using Bit.Core.AdminConsole.Entities;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Billing.Licenses.Attributes;
 using Bit.Core.Entities;
+using Bit.Core.Enums;
 using Bit.Core.Models.Business;
+using Bit.Core.Settings;
 using Bit.Core.Utilities;
 
 namespace Bit.Core.Billing.Licenses.Extensions;
@@ -223,6 +225,116 @@ public static class OrganizationLicenseExtensions
         subscriptionInfo?.Subscription == null
             ? org.PlanType != PlanType.Custom || !org.ExpirationDate.HasValue
             : subscriptionInfo.Subscription.TrialEndDate.HasValue && subscriptionInfo.Subscription.TrialEndDate.Value > DateTime.UtcNow;
+
+    public static bool CanUse(
+        this OrganizationLicense license,
+        IGlobalSettings globalSettings,
+        ClaimsPrincipal claimsPrincipal,
+        out string exception)
+    {
+        var errorMessages = new StringBuilder();
+
+        var enabled = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.Enabled));
+        if (!enabled)
+        {
+            errorMessages.AppendLine("Your cloud-hosted organization is currently disabled.");
+        }
+
+        var installationId = claimsPrincipal.GetValue<Guid>(nameof(OrganizationLicense.InstallationId));
+        if (installationId != globalSettings.Installation.Id)
+        {
+            errorMessages.AppendLine("The installation ID does not match the current installation.");
+        }
+
+        var selfHost = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.SelfHost));
+        if (!selfHost)
+        {
+            errorMessages.AppendLine("The license does not allow for on-premise hosting of organizations.");
+        }
+
+        var licenseType = claimsPrincipal.GetValue<LicenseType>(nameof(OrganizationLicense.LicenseType));
+        if (licenseType != LicenseType.Organization)
+        {
+            errorMessages.AppendLine("Premium licenses cannot be applied to an organization. " +
+                                     "Upload this license from your personal account settings page.");
+        }
+
+        if (errorMessages.Length > 0)
+        {
+            exception = $"Invalid license. {errorMessages.ToString().TrimEnd()}";
+            return false;
+        }
+
+        exception = "";
+        return true;
+    }
+
+    public static bool VerifyData(
+        this OrganizationLicense license,
+        Organization organization,
+        ClaimsPrincipal claimsPrincipal,
+        IGlobalSettings globalSettings)
+    {
+        var issued = claimsPrincipal.GetValue<DateTime>(nameof(OrganizationLicense.Issued));
+        var expires = claimsPrincipal.GetValue<DateTime>(nameof(OrganizationLicense.Expires));
+        var installationId = claimsPrincipal.GetValue<Guid>(nameof(OrganizationLicense.InstallationId));
+        var licenseKey = claimsPrincipal.GetValue<string>(nameof(OrganizationLicense.LicenseKey));
+        var enabled = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.Enabled));
+        var planType = claimsPrincipal.GetValue<PlanType>(nameof(OrganizationLicense.PlanType));
+        var seats = claimsPrincipal.GetValue<int?>(nameof(OrganizationLicense.Seats));
+        var maxCollections = claimsPrincipal.GetValue<short?>(nameof(OrganizationLicense.MaxCollections));
+        var useGroups = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseGroups));
+        var useDirectory = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseDirectory));
+        var useTotp = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseTotp));
+        var selfHost = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.SelfHost));
+        var name = claimsPrincipal.GetValue<string>(nameof(OrganizationLicense.Name));
+        var usersGetPremium = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UsersGetPremium));
+        var useEvents = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseEvents));
+        var use2fa = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.Use2fa));
+        var useApi = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseApi));
+        var usePolicies = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UsePolicies));
+        var useSso = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseSso));
+        var useResetPassword = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseResetPassword));
+        var useKeyConnector = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseKeyConnector));
+        var useScim = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseScim));
+        var useCustomPermissions = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseCustomPermissions));
+        var useSecretsManager = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseSecretsManager));
+        var usePasswordManager = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UsePasswordManager));
+        var smSeats = claimsPrincipal.GetValue<int?>(nameof(OrganizationLicense.SmSeats));
+        var smServiceAccounts = claimsPrincipal.GetValue<int?>(nameof(OrganizationLicense.SmServiceAccounts));
+        var useAdminSponsoredFamilies = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseAdminSponsoredFamilies));
+        var useOrganizationDomains = claimsPrincipal.GetValue<bool>(nameof(OrganizationLicense.UseOrganizationDomains));
+
+        return issued <= DateTime.UtcNow &&
+               expires >= DateTime.UtcNow &&
+               installationId == globalSettings.Installation.Id &&
+               licenseKey == organization.LicenseKey &&
+               enabled == organization.Enabled &&
+               planType == organization.PlanType &&
+               seats == organization.Seats &&
+               maxCollections == organization.MaxCollections &&
+               useGroups == organization.UseGroups &&
+               useDirectory == organization.UseDirectory &&
+               useTotp == organization.UseTotp &&
+               selfHost == organization.SelfHost &&
+               name == organization.Name &&
+               usersGetPremium == organization.UsersGetPremium &&
+               useEvents == organization.UseEvents &&
+               use2fa == organization.Use2fa &&
+               useApi == organization.UseApi &&
+               usePolicies == organization.UsePolicies &&
+               useSso == organization.UseSso &&
+               useResetPassword == organization.UseResetPassword &&
+               useKeyConnector == organization.UseKeyConnector &&
+               useScim == organization.UseScim &&
+               useCustomPermissions == organization.UseCustomPermissions &&
+               useSecretsManager == organization.UseSecretsManager &&
+               usePasswordManager == organization.UsePasswordManager &&
+               smSeats == organization.SmSeats &&
+               smServiceAccounts == organization.SmServiceAccounts &&
+               useAdminSponsoredFamilies == organization.UseAdminSponsoredFamilies &&
+               useOrganizationDomains == organization.UseOrganizationDomains;
+    }
 }
 
 public static class UserLicenseExtensions
@@ -243,4 +355,40 @@ public static class UserLicenseExtensions
         subscriptionInfo != null &&
             (subscriptionInfo?.Subscription?.TrialEndDate.HasValue ?? false) &&
             subscriptionInfo.Subscription.TrialEndDate.Value > DateTime.UtcNow;
+
+    public static bool CanUse(this UserLicense license, User user, ClaimsPrincipal claimsPrincipal, out string exception)
+    {
+        var errorMessages = new StringBuilder();
+
+        if (!user.EmailVerified)
+        {
+            errorMessages.AppendLine("The user's email is not verified.");
+        }
+
+        var email = claimsPrincipal.GetValue<string>(nameof(UserLicense.Email));
+        if (!email.Equals(user.Email, StringComparison.InvariantCultureIgnoreCase))
+        {
+            errorMessages.AppendLine("The user's email does not match the license email.");
+        }
+
+        if (errorMessages.Length > 0)
+        {
+            exception = $"Invalid license. {errorMessages.ToString().TrimEnd()}";
+            return false;
+        }
+
+        exception = "";
+        return true;
+    }
+
+    public static bool VerifyData(this UserLicense license, User user, ClaimsPrincipal claimsPrincipal)
+    {
+        var licenseKey = claimsPrincipal.GetValue<string>(nameof(UserLicense.LicenseKey));
+        var premium = claimsPrincipal.GetValue<bool>(nameof(UserLicense.Premium));
+        var email = claimsPrincipal.GetValue<string>(nameof(UserLicense.Email));
+
+        return licenseKey == user.LicenseKey &&
+               premium == user.Premium &&
+               email.Equals(user.Email, StringComparison.InvariantCultureIgnoreCase);
+    }
 }

src/Core/Models/Business/OrganizationLicense.cs

@@ -1,13 +1,9 @@
-using System.Security.Claims;
-using System.Text;
-using System.Text.Json.Serialization;
+using System.Text.Json.Serialization;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Billing.Licenses.Attributes;
 using Bit.Core.Billing.Licenses.Extensions;
-using Bit.Core.Enums;
 using Bit.Core.Services;
-using Bit.Core.Settings;
 
 namespace Bit.Core.Models.Business;
 
@@ -17,34 +13,6 @@ public class OrganizationLicense : BaseLicense
     {
     }
 
-    /// <summary>
-    /// Initializes a new instance of the <see cref="OrganizationLicense"/> class.
-    /// </summary>
-    /// <remarks>
-    /// <para>
-    /// ⚠️ DEPRECATED: This constructor and the entire property-based licensing system is deprecated.
-    /// Do not add new properties to this constructor or extend its functionality.
-    /// </para>
-    /// <para>
-    /// This implementation has been replaced by a new claims-based licensing system that provides better security
-    /// and flexibility. The new system uses JWT claims to store and validate license information, making it more
-    /// secure and easier to extend without requiring changes to the license format.
-    /// </para>
-    /// <para>
-    /// For new license-related features or modifications:
-    /// 1. Use the claims-based system instead of adding properties here
-    /// 2. Add new claims to the license token
-    /// 3. Validate claims in the <see cref="CanUse"/> and <see cref="VerifyData"/> methods
-    /// </para>
-    /// <para>
-    /// This constructor is maintained only for backward compatibility with existing licenses.
-    /// </para>
-    /// </remarks>
-    /// <param name="org">The organization to create the license for.</param>
-    /// <param name="subscriptionInfo">Information about the organization's subscription.</param>
-    /// <param name="installationId">The ID of the current installation.</param>
-    /// <param name="licenseService">The service used to sign the license.</param>
-    /// <param name="version">Optional version number for the license format.</param>
     public OrganizationLicense(Organization org, SubscriptionInfo subscriptionInfo, Guid installationId,
         ILicensingService licenseService, int? version = null)
     {
@@ -217,111 +185,5 @@ public class OrganizationLicense : BaseLicense
 
 
 
-    public bool CanUse(
-        IGlobalSettings globalSettings,
-        ClaimsPrincipal claimsPrincipal,
-        out string exception)
-    {
-        var errorMessages = new StringBuilder();
 
-        var enabled = claimsPrincipal.GetValue<bool>(nameof(Enabled));
-        if (!enabled)
-        {
-            errorMessages.AppendLine("Your cloud-hosted organization is currently disabled.");
-        }
-
-        var installationId = claimsPrincipal.GetValue<Guid>(nameof(InstallationId));
-        if (installationId != globalSettings.Installation.Id)
-        {
-            errorMessages.AppendLine("The installation ID does not match the current installation.");
-        }
-
-        var selfHost = claimsPrincipal.GetValue<bool>(nameof(SelfHost));
-        if (!selfHost)
-        {
-            errorMessages.AppendLine("The license does not allow for on-premise hosting of organizations.");
-        }
-
-        var licenseType = claimsPrincipal.GetValue<LicenseType>(nameof(LicenseType));
-        if (licenseType != LicenseType.Organization)
-        {
-            errorMessages.AppendLine("Premium licenses cannot be applied to an organization. " +
-                                     "Upload this license from your personal account settings page.");
-        }
-
-        if (errorMessages.Length > 0)
-        {
-            exception = $"Invalid license. {errorMessages.ToString().TrimEnd()}";
-            return false;
-        }
-
-        exception = "";
-        return true;
-    }
-
-    public bool VerifyData(
-        Organization organization,
-        ClaimsPrincipal claimsPrincipal,
-        IGlobalSettings globalSettings)
-    {
-        var issued = claimsPrincipal.GetValue<DateTime>(nameof(Issued));
-        var expires = claimsPrincipal.GetValue<DateTime>(nameof(Expires));
-        var installationId = claimsPrincipal.GetValue<Guid>(nameof(InstallationId));
-        var licenseKey = claimsPrincipal.GetValue<string>(nameof(LicenseKey));
-        var enabled = claimsPrincipal.GetValue<bool>(nameof(Enabled));
-        var planType = claimsPrincipal.GetValue<PlanType>(nameof(PlanType));
-        var seats = claimsPrincipal.GetValue<int?>(nameof(Seats));
-        var maxCollections = claimsPrincipal.GetValue<short?>(nameof(MaxCollections));
-        var useGroups = claimsPrincipal.GetValue<bool>(nameof(UseGroups));
-        var useDirectory = claimsPrincipal.GetValue<bool>(nameof(UseDirectory));
-        var useTotp = claimsPrincipal.GetValue<bool>(nameof(UseTotp));
-        var selfHost = claimsPrincipal.GetValue<bool>(nameof(SelfHost));
-        var name = claimsPrincipal.GetValue<string>(nameof(Name));
-        var usersGetPremium = claimsPrincipal.GetValue<bool>(nameof(UsersGetPremium));
-        var useEvents = claimsPrincipal.GetValue<bool>(nameof(UseEvents));
-        var use2fa = claimsPrincipal.GetValue<bool>(nameof(Use2fa));
-        var useApi = claimsPrincipal.GetValue<bool>(nameof(UseApi));
-        var usePolicies = claimsPrincipal.GetValue<bool>(nameof(UsePolicies));
-        var useSso = claimsPrincipal.GetValue<bool>(nameof(UseSso));
-        var useResetPassword = claimsPrincipal.GetValue<bool>(nameof(UseResetPassword));
-        var useKeyConnector = claimsPrincipal.GetValue<bool>(nameof(UseKeyConnector));
-        var useScim = claimsPrincipal.GetValue<bool>(nameof(UseScim));
-        var useCustomPermissions = claimsPrincipal.GetValue<bool>(nameof(UseCustomPermissions));
-        var useSecretsManager = claimsPrincipal.GetValue<bool>(nameof(UseSecretsManager));
-        var usePasswordManager = claimsPrincipal.GetValue<bool>(nameof(UsePasswordManager));
-        var smSeats = claimsPrincipal.GetValue<int?>(nameof(SmSeats));
-        var smServiceAccounts = claimsPrincipal.GetValue<int?>(nameof(SmServiceAccounts));
-        var useAdminSponsoredFamilies = claimsPrincipal.GetValue<bool>(nameof(UseAdminSponsoredFamilies));
-        var useOrganizationDomains = claimsPrincipal.GetValue<bool>(nameof(UseOrganizationDomains));
-
-        return issued <= DateTime.UtcNow &&
-               expires >= DateTime.UtcNow &&
-               installationId == globalSettings.Installation.Id &&
-               licenseKey == organization.LicenseKey &&
-               enabled == organization.Enabled &&
-               planType == organization.PlanType &&
-               seats == organization.Seats &&
-               maxCollections == organization.MaxCollections &&
-               useGroups == organization.UseGroups &&
-               useDirectory == organization.UseDirectory &&
-               useTotp == organization.UseTotp &&
-               selfHost == organization.SelfHost &&
-               name == organization.Name &&
-               usersGetPremium == organization.UsersGetPremium &&
-               useEvents == organization.UseEvents &&
-               use2fa == organization.Use2fa &&
-               useApi == organization.UseApi &&
-               usePolicies == organization.UsePolicies &&
-               useSso == organization.UseSso &&
-               useResetPassword == organization.UseResetPassword &&
-               useKeyConnector == organization.UseKeyConnector &&
-               useScim == organization.UseScim &&
-               useCustomPermissions == organization.UseCustomPermissions &&
-               useSecretsManager == organization.UseSecretsManager &&
-               usePasswordManager == organization.UsePasswordManager &&
-               smSeats == organization.SmSeats &&
-               smServiceAccounts == organization.SmServiceAccounts &&
-               useAdminSponsoredFamilies == organization.UseAdminSponsoredFamilies &&
-               useOrganizationDomains == organization.UseOrganizationDomains;
-    }
 }

src/Core/Models/Business/UserLicense.cs

@@ -1,6 +1,4 @@
-using System.Security.Claims;
-using System.Text;
-using System.Text.Json.Serialization;
+using System.Text.Json.Serialization;
 using Bit.Core.Billing.Licenses.Attributes;
 using Bit.Core.Billing.Licenses.Extensions;
 using Bit.Core.Entities;
@@ -68,39 +66,5 @@ public class UserLicense : BaseLicense
         get => Version == 1;
     }
 
-    public bool CanUse(User user, ClaimsPrincipal claimsPrincipal, out string exception)
-    {
-        var errorMessages = new StringBuilder();
 
-        if (!user.EmailVerified)
-        {
-            errorMessages.AppendLine("The user's email is not verified.");
-        }
-
-        var email = claimsPrincipal.GetValue<string>(nameof(Email));
-        if (!email.Equals(user.Email, StringComparison.InvariantCultureIgnoreCase))
-        {
-            errorMessages.AppendLine("The user's email does not match the license email.");
-        }
-
-        if (errorMessages.Length > 0)
-        {
-            exception = $"Invalid license. {errorMessages.ToString().TrimEnd()}";
-            return false;
-        }
-
-        exception = "";
-        return true;
-    }
-
-    public bool VerifyData(User user, ClaimsPrincipal claimsPrincipal)
-    {
-        var licenseKey = claimsPrincipal.GetValue<string>(nameof(LicenseKey));
-        var premium = claimsPrincipal.GetValue<bool>(nameof(Premium));
-        var email = claimsPrincipal.GetValue<string>(nameof(Email));
-
-        return licenseKey == user.LicenseKey &&
-               premium == user.Premium &&
-               email.Equals(user.Email, StringComparison.InvariantCultureIgnoreCase);
-    }
 }

src/Core/OrganizationFeatures/OrganizationLicenses/UpdateOrganizationLicenseCommand.cs

@@ -2,6 +2,7 @@
 
 using System.Text.Json;
 using Bit.Core.AdminConsole.Entities;
+using Bit.Core.Billing.Licenses.Extensions;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Business;
 using Bit.Core.Models.Data.Organizations;

src/Core/Services/Implementations/UserService.cs

@@ -15,6 +15,7 @@ using Bit.Core.Auth.Models;
 using Bit.Core.Auth.Models.Business.Tokenables;
 using Bit.Core.Auth.UserFeatures.TwoFactorAuth.Interfaces;
 using Bit.Core.Billing.Constants;
+using Bit.Core.Billing.Licenses.Extensions;
 using Bit.Core.Billing.Models;
 using Bit.Core.Billing.Models.Sales;
 using Bit.Core.Billing.Services;

test/Core.Test/Models/Business/OrganizationLicenseTests.cs

@@ -1,4 +1,5 @@
 using System.Security.Claims;
+using Bit.Core.Billing.Licenses.Extensions;
 using Bit.Core.Models.Business;
 using Bit.Core.Settings;
 using Bit.Test.Common.AutoFixture.Attributes;