[AC-2959] ACH Direct Debit POC (#4703)

* Refactor: Rename some methods and models for consistency This commit contains no logic changes at all. It's entirely comprised of renames of existing models and methods to bring our codebase more in line with our app's functionality and terminology. * Add feature flag: AC-2476-deprecate-stripe-sources-api * Standardize error responses from applicable billing controllers During my work on CB, I found that just using the built-in TypedResults errors results in the client choking on the response because it's looking for the ErrroResponseModel. The new BaseBillingController provides Error utilities to return TypedResults wrapping that model so the client can process it. * Add feature flagged payment method endoints to OrganizationBillingController * Run dotnet format
2025-06-30 15:42:48 -05:00 · 2024-08-28 10:48:14 -04:00
parent 20478949d8
commit 3c86ec6a35
31 changed files with 391 additions and 197 deletions
--- a/src/Api/Billing/Controllers/BaseBillingController.cs
+++ b/src/Api/Billing/Controllers/BaseBillingController.cs
@ -0,0 +1,30 @@
+using Bit.Core.Models.Api;
+using Microsoft.AspNetCore.Http.HttpResults;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Bit.Api.Billing.Controllers;
+
+public abstract class BaseBillingController : Controller
+{
+    protected static class Error
+    {
+        public static BadRequest<ErrorResponseModel> BadRequest(Dictionary<string, IEnumerable<string>> errors) =>
+            TypedResults.BadRequest(new ErrorResponseModel(errors));
+
+        public static BadRequest<ErrorResponseModel> BadRequest(string message) =>
+            TypedResults.BadRequest(new ErrorResponseModel(message));
+
+        public static NotFound<ErrorResponseModel> NotFound() =>
+            TypedResults.NotFound(new ErrorResponseModel("Resource not found."));
+
+        public static JsonHttpResult<ErrorResponseModel> ServerError(string message = "Something went wrong with your request. Please contact support.") =>
+            TypedResults.Json(
+                new ErrorResponseModel(message),
+                statusCode: StatusCodes.Status500InternalServerError);
+
+        public static JsonHttpResult<ErrorResponseModel> Unauthorized() =>
+            TypedResults.Json(
+                new ErrorResponseModel("Unauthorized."),
+                statusCode: StatusCodes.Status401Unauthorized);
+    }
+}
--- a/src/Api/Billing/Controllers/BaseProviderController.cs
+++ b/src/Api/Billing/Controllers/BaseProviderController.cs
@ -3,10 +3,7 @@ using Bit.Core.AdminConsole.Entities.Provider;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Billing.Extensions;
 using Bit.Core.Context;
-using Bit.Core.Models.Api;
 using Bit.Core.Services;
-using Microsoft.AspNetCore.Http.HttpResults;
-using Microsoft.AspNetCore.Mvc;

 namespace Bit.Api.Billing.Controllers;

@ -15,23 +12,10 @@ public abstract class BaseProviderController(
    IFeatureService featureService,
    ILogger<BaseProviderController> logger,
    IProviderRepository providerRepository,
-    IUserService userService) : Controller
+    IUserService userService) : BaseBillingController
 {
    protected readonly IUserService UserService = userService;

-    protected static NotFound<ErrorResponseModel> NotFoundResponse() =>
-        TypedResults.NotFound(new ErrorResponseModel("Resource not found."));
-
-    protected static JsonHttpResult<ErrorResponseModel> ServerErrorResponse(string errorMessage) =>
-        TypedResults.Json(
-            new ErrorResponseModel(errorMessage),
-            statusCode: StatusCodes.Status500InternalServerError);
-
-    protected static JsonHttpResult<ErrorResponseModel> UnauthorizedResponse() =>
-        TypedResults.Json(
-            new ErrorResponseModel("Unauthorized."),
-            statusCode: StatusCodes.Status401Unauthorized);
-
    protected Task<(Provider, IResult)> TryGetBillableProviderForAdminOperation(
        Guid providerId) => TryGetBillableProviderAsync(providerId, currentContext.ProviderProviderAdmin);

@ -48,7 +32,7 @@ public abstract class BaseProviderController(
                "Cannot run Consolidated Billing operation for provider ({ProviderID}) while feature flag is disabled",
                providerId);

-            return (null, NotFoundResponse());
+            return (null, Error.NotFound());
        }

        var provider = await providerRepository.GetByIdAsync(providerId);
@ -59,7 +43,7 @@ public abstract class BaseProviderController(
                "Cannot find provider ({ProviderID}) for Consolidated Billing operation",
                providerId);

-            return (null, NotFoundResponse());
+            return (null, Error.NotFound());
        }

        if (!checkAuthorization(providerId))
@ -70,7 +54,7 @@ public abstract class BaseProviderController(
                "User ({UserID}) is not authorized to perform Consolidated Billing operation for provider ({ProviderID})",
                user?.Id, providerId);

-            return (null, UnauthorizedResponse());
+            return (null, Error.Unauthorized());
        }

        if (!provider.IsBillable())
@ -79,7 +63,7 @@ public abstract class BaseProviderController(
                "Cannot run Consolidated Billing operation for provider ({ProviderID}) that is not billable",
                providerId);

-            return (null, UnauthorizedResponse());
+            return (null, Error.Unauthorized());
        }

        if (provider.IsStripeEnabled())
@ -91,6 +75,6 @@ public abstract class BaseProviderController(
            "Cannot run Consolidated Billing operation for provider ({ProviderID}) that is missing Stripe configuration",
            providerId);

-        return (null, ServerErrorResponse("Something went wrong with your request. Please contact support."));
+        return (null, Error.ServerError());
    }
 }
--- a/src/Api/Billing/Controllers/OrganizationBillingController.cs
+++ b/src/Api/Billing/Controllers/OrganizationBillingController.cs
@ -1,4 +1,6 @@
-using Bit.Api.Billing.Models.Responses;
+using Bit.Api.Billing.Models.Requests;
+using Bit.Api.Billing.Models.Responses;
+using Bit.Core;
 using Bit.Core.Billing.Services;
 using Bit.Core.Context;
 using Bit.Core.Repositories;
@ -13,23 +15,25 @@ namespace Bit.Api.Billing.Controllers;
 [Authorize("Application")]
 public class OrganizationBillingController(
    ICurrentContext currentContext,
+    IFeatureService featureService,
    IOrganizationBillingService organizationBillingService,
    IOrganizationRepository organizationRepository,
-    IPaymentService paymentService) : Controller
+    IPaymentService paymentService,
+    ISubscriberService subscriberService) : BaseBillingController
 {
    [HttpGet("metadata")]
    public async Task<IResult> GetMetadataAsync([FromRoute] Guid organizationId)
    {
        if (!await currentContext.AccessMembersTab(organizationId))
        {
-            return TypedResults.Unauthorized();
+            return Error.Unauthorized();
        }

        var metadata = await organizationBillingService.GetMetadata(organizationId);

        if (metadata == null)
        {
-            return TypedResults.NotFound();
+            return Error.NotFound();
        }

        var response = OrganizationMetadataResponse.From(metadata);
@ -42,14 +46,14 @@ public class OrganizationBillingController(
    {
        if (!await currentContext.ViewBillingHistory(organizationId))
        {
-            return TypedResults.Unauthorized();
+            return Error.Unauthorized();
        }

        var organization = await organizationRepository.GetByIdAsync(organizationId);

        if (organization == null)
        {
-            return TypedResults.NotFound();
+            return Error.NotFound();
        }

        var billingInfo = await paymentService.GetBillingHistoryAsync(organization);
@ -63,14 +67,14 @@ public class OrganizationBillingController(
    {
        if (!await currentContext.ViewBillingHistory(organizationId))
        {
-            return TypedResults.Unauthorized();
+            return Error.Unauthorized();
        }

        var organization = await organizationRepository.GetByIdAsync(organizationId);

        if (organization == null)
        {
-            return TypedResults.NotFound();
+            return Error.NotFound();
        }

        var billingInfo = await paymentService.GetBillingAsync(organization);
@ -79,4 +83,147 @@ public class OrganizationBillingController(

        return TypedResults.Ok(response);
    }
+
+    [HttpGet("payment-method")]
+    public async Task<IResult> GetPaymentMethodAsync([FromRoute] Guid organizationId)
+    {
+        if (!featureService.IsEnabled(FeatureFlagKeys.AC2476_DeprecateStripeSourcesAPI))
+        {
+            return Error.NotFound();
+        }
+
+        if (!await currentContext.EditPaymentMethods(organizationId))
+        {
+            return Error.Unauthorized();
+        }
+
+        var organization = await organizationRepository.GetByIdAsync(organizationId);
+
+        if (organization == null)
+        {
+            return Error.NotFound();
+        }
+
+        var paymentMethod = await subscriberService.GetPaymentMethod(organization);
+
+        var response = PaymentMethodResponse.From(paymentMethod);
+
+        return TypedResults.Ok(response);
+    }
+
+    [HttpPut("payment-method")]
+    public async Task<IResult> UpdatePaymentMethodAsync(
+        [FromRoute] Guid organizationId,
+        [FromBody] UpdatePaymentMethodRequestBody requestBody)
+    {
+        if (!featureService.IsEnabled(FeatureFlagKeys.AC2476_DeprecateStripeSourcesAPI))
+        {
+            return Error.NotFound();
+        }
+
+        if (!await currentContext.EditPaymentMethods(organizationId))
+        {
+            return Error.Unauthorized();
+        }
+
+        var organization = await organizationRepository.GetByIdAsync(organizationId);
+
+        if (organization == null)
+        {
+            return Error.NotFound();
+        }
+
+        var tokenizedPaymentSource = requestBody.PaymentSource.ToDomain();
+
+        await subscriberService.UpdatePaymentSource(organization, tokenizedPaymentSource);
+
+        var taxInformation = requestBody.TaxInformation.ToDomain();
+
+        await subscriberService.UpdateTaxInformation(organization, taxInformation);
+
+        return TypedResults.Ok();
+    }
+
+    [HttpPost("payment-method/verify-bank-account")]
+    public async Task<IResult> VerifyBankAccountAsync(
+        [FromRoute] Guid organizationId,
+        [FromBody] VerifyBankAccountRequestBody requestBody)
+    {
+        if (!featureService.IsEnabled(FeatureFlagKeys.AC2476_DeprecateStripeSourcesAPI))
+        {
+            return Error.NotFound();
+        }
+
+        if (!await currentContext.EditPaymentMethods(organizationId))
+        {
+            return Error.Unauthorized();
+        }
+
+        var organization = await organizationRepository.GetByIdAsync(organizationId);
+
+        if (organization == null)
+        {
+            return Error.NotFound();
+        }
+
+        await subscriberService.VerifyBankAccount(organization, (requestBody.Amount1, requestBody.Amount2));
+
+        return TypedResults.Ok();
+    }
+
+    [HttpGet("tax-information")]
+    public async Task<IResult> GetTaxInformationAsync([FromRoute] Guid organizationId)
+    {
+        if (!featureService.IsEnabled(FeatureFlagKeys.AC2476_DeprecateStripeSourcesAPI))
+        {
+            return Error.NotFound();
+        }
+
+        if (!await currentContext.EditPaymentMethods(organizationId))
+        {
+            return Error.Unauthorized();
+        }
+
+        var organization = await organizationRepository.GetByIdAsync(organizationId);
+
+        if (organization == null)
+        {
+            return Error.NotFound();
+        }
+
+        var taxInformation = await subscriberService.GetTaxInformation(organization);
+
+        var response = TaxInformationResponse.From(taxInformation);
+
+        return TypedResults.Ok(response);
+    }
+
+    [HttpPut("tax-information")]
+    public async Task<IResult> UpdateTaxInformationAsync(
+        [FromRoute] Guid organizationId,
+        [FromBody] TaxInformationRequestBody requestBody)
+    {
+        if (!featureService.IsEnabled(FeatureFlagKeys.AC2476_DeprecateStripeSourcesAPI))
+        {
+            return Error.NotFound();
+        }
+
+        if (!await currentContext.EditPaymentMethods(organizationId))
+        {
+            return Error.Unauthorized();
+        }
+
+        var organization = await organizationRepository.GetByIdAsync(organizationId);
+
+        if (organization == null)
+        {
+            return Error.NotFound();
+        }
+
+        var taxInformation = requestBody.ToDomain();
+
+        await subscriberService.UpdateTaxInformation(organization, taxInformation);
+
+        return TypedResults.Ok();
+    }
 }
--- a/src/Api/Billing/Controllers/ProviderBillingController.cs
+++ b/src/Api/Billing/Controllers/ProviderBillingController.cs
@ -5,7 +5,6 @@ using Bit.Core.Billing.Models;
 using Bit.Core.Billing.Repositories;
 using Bit.Core.Billing.Services;
 using Bit.Core.Context;
-using Bit.Core.Models.Api;
 using Bit.Core.Models.BitStripe;
 using Bit.Core.Services;
 using Microsoft.AspNetCore.Authorization;
@ -63,7 +62,7 @@ public class ProviderBillingController(

        if (reportContent == null)
        {
-            return ServerErrorResponse("We had a problem generating your invoice CSV. Please contact support.");
+            return Error.ServerError("We had a problem generating your invoice CSV. Please contact support.");
        }

        return TypedResults.File(
@ -113,8 +112,7 @@ public class ProviderBillingController(

        if (requestBody is not { Country: not null, PostalCode: not null })
        {
-            return TypedResults.BadRequest(
-                new ErrorResponseModel("Country and postal code are required to update your tax information."));
+            return Error.BadRequest("Country and postal code are required to update your tax information.");
        }

        var taxInformation = new TaxInformation(
--- a/src/Api/Billing/Controllers/ProviderClientsController.cs
+++ b/src/Api/Billing/Controllers/ProviderClientsController.cs
@ -39,7 +39,7 @@ public class ProviderClientsController(

        if (user == null)
        {
-            return UnauthorizedResponse();
+            return Error.Unauthorized();
        }

        var organizationSignup = new OrganizationSignup
@ -96,7 +96,7 @@ public class ProviderClientsController(

        if (providerOrganization == null)
        {
-            return NotFoundResponse();
+            return Error.NotFound();
        }

        var clientOrganization = await organizationRepository.GetByIdAsync(providerOrganization.OrganizationId);
--- a/src/Api/Billing/Models/Requests/TaxInformationRequestBody.cs
+++ b/src/Api/Billing/Models/Requests/TaxInformationRequestBody.cs
@ -1,4 +1,5 @@
 using System.ComponentModel.DataAnnotations;
+using Bit.Core.Billing.Models;

 namespace Bit.Api.Billing.Models.Requests;

@ -13,4 +14,13 @@ public class TaxInformationRequestBody
    public string Line2 { get; set; }
    public string City { get; set; }
    public string State { get; set; }
+
+    public TaxInformation ToDomain() => new(
+        Country,
+        PostalCode,
+        TaxId,
+        Line1,
+        Line2,
+        City,
+        State);
 }
--- a/src/Api/Billing/Models/Requests/TokenizedPaymentSourceRequestBody.cs
+++ b/src/Api/Billing/Models/Requests/TokenizedPaymentSourceRequestBody.cs
@ -1,10 +1,11 @@
 using System.ComponentModel.DataAnnotations;
 using Bit.Api.Utilities;
+using Bit.Core.Billing.Models;
 using Bit.Core.Enums;

 namespace Bit.Api.Billing.Models.Requests;

-public class TokenizedPaymentMethodRequestBody
+public class TokenizedPaymentSourceRequestBody
 {
    [Required]
    [EnumMatches<PaymentMethodType>(
@ -13,6 +14,9 @@ public class TokenizedPaymentMethodRequestBody
        PaymentMethodType.PayPal,
        ErrorMessage = "'type' must be BankAccount, Card or PayPal")]
    public PaymentMethodType Type { get; set; }
+
    [Required]
    public string Token { get; set; }
+
+    public TokenizedPaymentSource ToDomain() => new(Type, Token);
 }
--- a/src/Api/Billing/Models/Requests/UpdatePaymentMethodRequestBody.cs
+++ b/src/Api/Billing/Models/Requests/UpdatePaymentMethodRequestBody.cs
@ -0,0 +1,12 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace Bit.Api.Billing.Models.Requests;
+
+public class UpdatePaymentMethodRequestBody
+{
+    [Required]
+    public TokenizedPaymentSourceRequestBody PaymentSource { get; set; }
+
+    [Required]
+    public TaxInformationRequestBody TaxInformation { get; set; }
+}
--- a/src/Api/Billing/Models/Responses/MaskedPaymentMethodResponse.cs
+++ b/src/Api/Billing/Models/Responses/MaskedPaymentMethodResponse.cs
@ -1,16 +0,0 @@
-using Bit.Core.Billing.Models;
-using Bit.Core.Enums;
-
-namespace Bit.Api.Billing.Models.Responses;
-
-public record MaskedPaymentMethodResponse(
-    PaymentMethodType Type,
-    string Description,
-    bool NeedsVerification)
-{
-    public static MaskedPaymentMethodResponse From(MaskedPaymentMethodDTO maskedPaymentMethod)
-        => new(
-            maskedPaymentMethod.Type,
-            maskedPaymentMethod.Description,
-            maskedPaymentMethod.NeedsVerification);
-}
--- a/src/Api/Billing/Models/Responses/OrganizationMetadataResponse.cs
+++ b/src/Api/Billing/Models/Responses/OrganizationMetadataResponse.cs
@ -5,6 +5,6 @@ namespace Bit.Api.Billing.Models.Responses;
 public record OrganizationMetadataResponse(
    bool IsOnSecretsManagerStandalone)
 {
-    public static OrganizationMetadataResponse From(OrganizationMetadataDTO metadataDTO)
-        => new(metadataDTO.IsOnSecretsManagerStandalone);
+    public static OrganizationMetadataResponse From(OrganizationMetadata metadata)
+        => new(metadata.IsOnSecretsManagerStandalone);
 }
--- a/src/Api/Billing/Models/Responses/PaymentInformationResponse.cs
+++ b/src/Api/Billing/Models/Responses/PaymentInformationResponse.cs
@ -1,15 +0,0 @@
-using Bit.Core.Billing.Models;
-
-namespace Bit.Api.Billing.Models.Responses;
-
-public record PaymentInformationResponse(
-    long AccountCredit,
-    MaskedPaymentMethodDTO PaymentMethod,
-    TaxInformation TaxInformation)
-{
-    public static PaymentInformationResponse From(PaymentInformationDTO paymentInformation) =>
-        new(
-            paymentInformation.AccountCredit,
-            paymentInformation.PaymentMethod,
-            paymentInformation.TaxInformation);
-}
--- a/src/Api/Billing/Models/Responses/PaymentMethodResponse.cs
+++ b/src/Api/Billing/Models/Responses/PaymentMethodResponse.cs
@ -0,0 +1,17 @@
+using Bit.Core.Billing.Models;
+
+namespace Bit.Api.Billing.Models.Responses;
+
+public record PaymentMethodResponse(
+    long AccountCredit,
+    PaymentSource PaymentSource,
+    string SubscriptionStatus,
+    TaxInformation TaxInformation)
+{
+    public static PaymentMethodResponse From(PaymentMethod paymentMethod) =>
+        new(
+            paymentMethod.AccountCredit,
+            paymentMethod.PaymentSource,
+            paymentMethod.SubscriptionStatus,
+            paymentMethod.TaxInformation);
+}
--- a/src/Api/Billing/Models/Responses/PaymentSourceResponse.cs
+++ b/src/Api/Billing/Models/Responses/PaymentSourceResponse.cs
@ -0,0 +1,16 @@
+using Bit.Core.Billing.Models;
+using Bit.Core.Enums;
+
+namespace Bit.Api.Billing.Models.Responses;
+
+public record PaymentSourceResponse(
+    PaymentMethodType Type,
+    string Description,
+    bool NeedsVerification)
+{
+    public static PaymentSourceResponse From(PaymentSource paymentMethod)
+        => new(
+            paymentMethod.Type,
+            paymentMethod.Description,
+            paymentMethod.NeedsVerification);
+}