[PM-14613] Remove account deprovisioning feature flag (#5676)

* Remove flag * Remove old tests * Remove old xmldoc referencing the flag * Remove old emails
2025-06-30 15:42:48 -05:00 · 2025-05-13 07:17:54 +10:00
parent 952967b8b3
commit a1b22e66e5
31 changed files with 49 additions and 1120 deletions
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationDomains/VerifyOrganizationDomainCommandTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationDomains/VerifyOrganizationDomainCommandTests.cs
@ -166,7 +166,7 @@ public class VerifyOrganizationDomainCommandTests
    }

    [Theory, BitAutoData]
-    public async Task UserVerifyOrganizationDomainAsync_GivenOrganizationDomainWithAccountDeprovisioningEnabled_WhenDomainIsVerified_ThenSingleOrgPolicyShouldBeEnabled(
+    public async Task UserVerifyOrganizationDomainAsync_WhenDomainIsVerified_ThenSingleOrgPolicyShouldBeEnabled(
        OrganizationDomain domain, Guid userId, SutProvider<VerifyOrganizationDomainCommand> sutProvider)
    {
        sutProvider.GetDependency<IOrganizationDomainRepository>()
@ -177,10 +177,6 @@ public class VerifyOrganizationDomainCommandTests
            .ResolveAsync(domain.DomainName, domain.Txt)
            .Returns(true);

-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
-            .Returns(true);
-
        sutProvider.GetDependency<ICurrentContext>()
            .UserId.Returns(userId);

@ -196,33 +192,7 @@ public class VerifyOrganizationDomainCommandTests
    }

    [Theory, BitAutoData]
-    public async Task UserVerifyOrganizationDomainAsync_GivenOrganizationDomainWithAccountDeprovisioningDisabled_WhenDomainIsVerified_ThenSingleOrgPolicyShouldBeNotBeEnabled(
-        OrganizationDomain domain, SutProvider<VerifyOrganizationDomainCommand> sutProvider)
-    {
-        sutProvider.GetDependency<IOrganizationDomainRepository>()
-            .GetClaimedDomainsByDomainNameAsync(domain.DomainName)
-            .Returns([]);
-
-        sutProvider.GetDependency<IDnsResolverService>()
-            .ResolveAsync(domain.DomainName, domain.Txt)
-            .Returns(true);
-
-        sutProvider.GetDependency<ICurrentContext>()
-            .UserId.Returns(Guid.NewGuid());
-
-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
-            .Returns(false);
-
-        _ = await sutProvider.Sut.UserVerifyOrganizationDomainAsync(domain);
-
-        await sutProvider.GetDependency<ISavePolicyCommand>()
-            .DidNotReceive()
-            .SaveAsync(Arg.Any<PolicyUpdate>());
-    }
-
-    [Theory, BitAutoData]
-    public async Task UserVerifyOrganizationDomainAsync_GivenOrganizationDomainWithAccountDeprovisioningEnabled_WhenDomainIsNotVerified_ThenSingleOrgPolicyShouldNotBeEnabled(
+    public async Task UserVerifyOrganizationDomainAsync_WhenDomainIsNotVerified_ThenSingleOrgPolicyShouldNotBeEnabled(
        OrganizationDomain domain, SutProvider<VerifyOrganizationDomainCommand> sutProvider)
    {
        sutProvider.GetDependency<IOrganizationDomainRepository>()
@ -236,10 +206,6 @@ public class VerifyOrganizationDomainCommandTests
        sutProvider.GetDependency<ICurrentContext>()
            .UserId.Returns(Guid.NewGuid());

-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
-            .Returns(true);
-
        _ = await sutProvider.Sut.UserVerifyOrganizationDomainAsync(domain);

        await sutProvider.GetDependency<ISavePolicyCommand>()
@ -248,33 +214,7 @@ public class VerifyOrganizationDomainCommandTests
    }

    [Theory, BitAutoData]
-    public async Task UserVerifyOrganizationDomainAsync_GivenOrganizationDomainWithAccountDeprovisioningDisabled_WhenDomainIsNotVerified_ThenSingleOrgPolicyShouldBeNotBeEnabled(
-        OrganizationDomain domain, SutProvider<VerifyOrganizationDomainCommand> sutProvider)
-    {
-        sutProvider.GetDependency<IOrganizationDomainRepository>()
-            .GetClaimedDomainsByDomainNameAsync(domain.DomainName)
-            .Returns([]);
-
-        sutProvider.GetDependency<IDnsResolverService>()
-            .ResolveAsync(domain.DomainName, domain.Txt)
-            .Returns(false);
-
-        sutProvider.GetDependency<ICurrentContext>()
-            .UserId.Returns(Guid.NewGuid());
-
-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
-            .Returns(true);
-
-        _ = await sutProvider.Sut.UserVerifyOrganizationDomainAsync(domain);
-
-        await sutProvider.GetDependency<ISavePolicyCommand>()
-            .DidNotReceive()
-            .SaveAsync(Arg.Any<PolicyUpdate>());
-    }
-
-    [Theory, BitAutoData]
-    public async Task UserVerifyOrganizationDomainAsync_GivenOrganizationDomainWithAccountDeprovisioningEnabled_WhenDomainIsVerified_ThenEmailShouldBeSentToUsersWhoBelongToTheDomain(
+    public async Task UserVerifyOrganizationDomainAsync_WhenDomainIsVerified_ThenEmailShouldBeSentToUsersWhoBelongToTheDomain(
        ICollection<OrganizationUserUserDetails> organizationUsers,
        OrganizationDomain domain,
        Organization organization,
@ -306,10 +246,6 @@ public class VerifyOrganizationDomainCommandTests
        sutProvider.GetDependency<ICurrentContext>()
            .UserId.Returns(Guid.NewGuid());

-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
-            .Returns(true);
-
        sutProvider.GetDependency<IOrganizationUserRepository>()
            .GetManyDetailsByOrganizationAsync(domain.OrganizationId)
            .Returns(mockedUsers);
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RemoveOrganizationUserCommandTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RemoveOrganizationUserCommandTests.cs
@ -40,43 +40,6 @@ public class RemoveOrganizationUserCommandTests
        // Act
        await sutProvider.Sut.RemoveUserAsync(deletingUser.OrganizationId, organizationUser.Id, deletingUser.UserId);

-        // Assert
-        await sutProvider.GetDependency<IGetOrganizationUsersClaimedStatusQuery>()
-            .DidNotReceiveWithAnyArgs()
-            .GetUsersOrganizationClaimedStatusAsync(default, default);
-        await sutProvider.GetDependency<IOrganizationUserRepository>()
-            .Received(1)
-            .DeleteAsync(organizationUser);
-        await sutProvider.GetDependency<IEventService>()
-            .Received(1)
-            .LogOrganizationUserEventAsync(organizationUser, EventType.OrganizationUser_Removed);
-    }
-
-    [Theory, BitAutoData]
-    public async Task RemoveUser_WithDeletingUserId_WithAccountDeprovisioningEnabled_Success(
-        [OrganizationUser(type: OrganizationUserType.User)] OrganizationUser organizationUser,
-        [OrganizationUser(type: OrganizationUserType.Owner)] OrganizationUser deletingUser,
-        SutProvider<RemoveOrganizationUserCommand> sutProvider)
-    {
-        // Arrange
-        organizationUser.OrganizationId = deletingUser.OrganizationId;
-
-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
-            .Returns(true);
-        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetByIdAsync(organizationUser.Id)
-            .Returns(organizationUser);
-        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetByIdAsync(deletingUser.Id)
-            .Returns(deletingUser);
-        sutProvider.GetDependency<ICurrentContext>()
-            .OrganizationOwner(deletingUser.OrganizationId)
-            .Returns(true);
-
-        // Act
-        await sutProvider.Sut.RemoveUserAsync(deletingUser.OrganizationId, organizationUser.Id, deletingUser.UserId);
-
        // Assert
        await sutProvider.GetDependency<IGetOrganizationUsersClaimedStatusQuery>()
            .Received(1)
@ -235,15 +198,12 @@ public class RemoveOrganizationUserCommandTests
    }

    [Theory, BitAutoData]
-    public async Task RemoveUserAsync_WithDeletingUserId_WithAccountDeprovisioningEnabled_WhenUserIsManaged_ThrowsException(
+    public async Task RemoveUserAsync_WithDeletingUserId_WhenUserIsManaged_ThrowsException(
        [OrganizationUser(status: OrganizationUserStatusType.Confirmed)] OrganizationUser orgUser,
        Guid deletingUserId,
        SutProvider<RemoveOrganizationUserCommand> sutProvider)
    {
        // Arrange
-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
-            .Returns(true);
        sutProvider.GetDependency<IOrganizationUserRepository>()
            .GetByIdAsync(orgUser.Id)
            .Returns(orgUser);
@ -285,34 +245,6 @@ public class RemoveOrganizationUserCommandTests
            .LogOrganizationUserEventAsync(organizationUser, EventType.OrganizationUser_Removed, eventSystemUser);
    }

-    [Theory, BitAutoData]
-    public async Task RemoveUser_WithEventSystemUser_WithAccountDeprovisioningEnabled_Success(
-        [OrganizationUser(type: OrganizationUserType.User)] OrganizationUser organizationUser,
-        EventSystemUser eventSystemUser, SutProvider<RemoveOrganizationUserCommand> sutProvider)
-    {
-        // Arrange
-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
-            .Returns(true);
-        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetByIdAsync(organizationUser.Id)
-            .Returns(organizationUser);
-
-        // Act
-        await sutProvider.Sut.RemoveUserAsync(organizationUser.OrganizationId, organizationUser.Id, eventSystemUser);
-
-        // Assert
-        await sutProvider.GetDependency<IGetOrganizationUsersClaimedStatusQuery>()
-            .DidNotReceiveWithAnyArgs()
-            .GetUsersOrganizationClaimedStatusAsync(default, default);
-        await sutProvider.GetDependency<IOrganizationUserRepository>()
-            .Received(1)
-            .DeleteAsync(organizationUser);
-        await sutProvider.GetDependency<IEventService>()
-            .Received(1)
-            .LogOrganizationUserEventAsync(organizationUser, EventType.OrganizationUser_Removed, eventSystemUser);
-    }
-
    [Theory]
    [BitAutoData]
    public async Task RemoveUser_WithEventSystemUser_NotFound_ThrowsException(
@ -474,7 +406,6 @@ public class RemoveOrganizationUserCommandTests
        var sutProvider = SutProviderFactory();
        var eventDate = sutProvider.GetDependency<FakeTimeProvider>().GetUtcNow().UtcDateTime;
        orgUser1.OrganizationId = orgUser2.OrganizationId = deletingUser.OrganizationId;
-
        var organizationUsers = new[] { orgUser1, orgUser2 };
        var organizationUserIds = organizationUsers.Select(u => u.Id);

@ -499,60 +430,6 @@ public class RemoveOrganizationUserCommandTests
        // Act
        var result = await sutProvider.Sut.RemoveUsersAsync(deletingUser.OrganizationId, organizationUserIds, deletingUser.UserId);

-        // Assert
-        Assert.Equal(2, result.Count());
-        Assert.All(result, r => Assert.Empty(r.ErrorMessage));
-        await sutProvider.GetDependency<IGetOrganizationUsersClaimedStatusQuery>()
-            .DidNotReceiveWithAnyArgs()
-            .GetUsersOrganizationClaimedStatusAsync(default, default);
-        await sutProvider.GetDependency<IOrganizationUserRepository>()
-            .Received(1)
-            .DeleteManyAsync(Arg.Is<IEnumerable<Guid>>(i => i.Contains(orgUser1.Id) && i.Contains(orgUser2.Id)));
-        await sutProvider.GetDependency<IEventService>()
-            .Received(1)
-            .LogOrganizationUserEventsAsync(
-                Arg.Is<IEnumerable<(OrganizationUser OrganizationUser, EventType EventType, DateTime? DateTime)>>(i =>
-                    i.First().OrganizationUser.Id == orgUser1.Id
-                    && i.Last().OrganizationUser.Id == orgUser2.Id
-                    && i.All(u => u.DateTime == eventDate)));
-    }
-
-    [Theory, BitAutoData]
-    public async Task RemoveUsers_WithDeletingUserId_WithAccountDeprovisioningEnabled_Success(
-        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.Owner)] OrganizationUser deletingUser,
-        [OrganizationUser(type: OrganizationUserType.Owner)] OrganizationUser orgUser1, OrganizationUser orgUser2)
-    {
-        // Arrange
-        var sutProvider = SutProviderFactory();
-        var eventDate = sutProvider.GetDependency<FakeTimeProvider>().GetUtcNow().UtcDateTime;
-        orgUser1.OrganizationId = orgUser2.OrganizationId = deletingUser.OrganizationId;
-        var organizationUsers = new[] { orgUser1, orgUser2 };
-        var organizationUserIds = organizationUsers.Select(u => u.Id);
-
-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
-            .Returns(true);
-        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyAsync(default)
-            .ReturnsForAnyArgs(organizationUsers);
-        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetByIdAsync(deletingUser.Id)
-            .Returns(deletingUser);
-        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
-            .HasConfirmedOwnersExceptAsync(deletingUser.OrganizationId, Arg.Any<IEnumerable<Guid>>())
-            .Returns(true);
-        sutProvider.GetDependency<ICurrentContext>()
-            .OrganizationOwner(deletingUser.OrganizationId)
-            .Returns(true);
-        sutProvider.GetDependency<IGetOrganizationUsersClaimedStatusQuery>()
-            .GetUsersOrganizationClaimedStatusAsync(
-                deletingUser.OrganizationId,
-                Arg.Is<IEnumerable<Guid>>(i => i.Contains(orgUser1.Id) && i.Contains(orgUser2.Id)))
-            .Returns(new Dictionary<Guid, bool> { { orgUser1.Id, false }, { orgUser2.Id, false } });
-
-        // Act
-        var result = await sutProvider.Sut.RemoveUsersAsync(deletingUser.OrganizationId, organizationUserIds, deletingUser.UserId);
-
        // Assert
        Assert.Equal(2, result.Count());
        Assert.All(result, r => Assert.Empty(r.ErrorMessage));
@ -638,7 +515,7 @@ public class RemoveOrganizationUserCommandTests
    }

    [Theory, BitAutoData]
-    public async Task RemoveUsers_WithDeletingUserId_RemovingClaimedUser_WithAccountDeprovisioningEnabled_ThrowsException(
+    public async Task RemoveUsers_WithDeletingUserId_RemovingClaimedUser_ThrowsException(
        [OrganizationUser(status: OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser orgUser,
        OrganizationUser deletingUser,
        SutProvider<RemoveOrganizationUserCommand> sutProvider)
@ -646,10 +523,6 @@ public class RemoveOrganizationUserCommandTests
        // Arrange
        orgUser.OrganizationId = deletingUser.OrganizationId;

-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
-            .Returns(true);
-
        sutProvider.GetDependency<IOrganizationUserRepository>()
            .GetManyAsync(Arg.Is<IEnumerable<Guid>>(i => i.Contains(orgUser.Id)))
            .Returns(new[] { orgUser });
@ -739,51 +612,6 @@ public class RemoveOrganizationUserCommandTests
                            && u.DateTime == eventDate)));
    }

-    [Theory, BitAutoData]
-    public async Task RemoveUsers_WithEventSystemUser_WithAccountDeprovisioningEnabled_Success(
-        EventSystemUser eventSystemUser,
-        [OrganizationUser(type: OrganizationUserType.Owner)] OrganizationUser orgUser1,
-        OrganizationUser orgUser2)
-    {
-        // Arrange
-        var sutProvider = SutProviderFactory();
-        var eventDate = sutProvider.GetDependency<FakeTimeProvider>().GetUtcNow().UtcDateTime;
-        orgUser1.OrganizationId = orgUser2.OrganizationId;
-        var organizationUsers = new[] { orgUser1, orgUser2 };
-        var organizationUserIds = organizationUsers.Select(u => u.Id);
-
-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
-            .Returns(true);
-        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyAsync(default)
-            .ReturnsForAnyArgs(organizationUsers);
-        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
-            .HasConfirmedOwnersExceptAsync(orgUser1.OrganizationId, Arg.Any<IEnumerable<Guid>>())
-            .Returns(true);
-
-        // Act
-        var result = await sutProvider.Sut.RemoveUsersAsync(orgUser1.OrganizationId, organizationUserIds, eventSystemUser);
-
-        // Assert
-        Assert.Equal(2, result.Count());
-        Assert.All(result, r => Assert.Empty(r.ErrorMessage));
-        await sutProvider.GetDependency<IGetOrganizationUsersClaimedStatusQuery>()
-            .DidNotReceiveWithAnyArgs()
-            .GetUsersOrganizationClaimedStatusAsync(default, default);
-        await sutProvider.GetDependency<IOrganizationUserRepository>()
-            .Received(1)
-            .DeleteManyAsync(Arg.Is<IEnumerable<Guid>>(i => i.Contains(orgUser1.Id) && i.Contains(orgUser2.Id)));
-        await sutProvider.GetDependency<IEventService>()
-            .Received(1)
-            .LogOrganizationUserEventsAsync(
-                Arg.Is<IEnumerable<(OrganizationUser OrganizationUser, EventType EventType, EventSystemUser EventSystemUser, DateTime? DateTime)>>(
-                    i => i.First().OrganizationUser.Id == orgUser1.Id
-                        && i.Last().OrganizationUser.Id == orgUser2.Id
-                        && i.All(u => u.EventSystemUser == eventSystemUser
-                            && u.DateTime == eventDate)));
-    }
-
    [Theory, BitAutoData]
    public async Task RemoveUsers_WithEventSystemUser_WithMismatchingOrganizationId_ThrowsException(
        EventSystemUser eventSystemUser,
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/SingleOrgPolicyValidatorTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/SingleOrgPolicyValidatorTests.cs
@ -122,9 +122,6 @@ public class SingleOrgPolicyValidatorTests
        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(savingUserId);
        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(policyUpdate.OrganizationId).Returns(organization);

-        sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
-            .Returns(true);
-
        sutProvider.GetDependency<IRevokeNonCompliantOrganizationUserCommand>()
            .RevokeNonCompliantOrganizationUsersAsync(Arg.Any<RevokeOrganizationUsersRequest>())
            .Returns(new CommandResult());
@ -148,161 +145,4 @@ public class SingleOrgPolicyValidatorTests
            .Received(1)
            .SendOrganizationUserRevokedForPolicySingleOrgEmailAsync(organization.DisplayName(), nonCompliantUser.Email);
    }
-
-    [Theory, BitAutoData]
-    public async Task OnSaveSideEffectsAsync_RemovesNonCompliantUsers(
-        [PolicyUpdate(PolicyType.SingleOrg)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg, false)] Policy policy,
-        Guid savingUserId,
-        Guid nonCompliantUserId,
-        Organization organization, SutProvider<SingleOrgPolicyValidator> sutProvider)
-    {
-        policy.OrganizationId = organization.Id = policyUpdate.OrganizationId;
-
-        var compliantUser1 = new OrganizationUserUserDetails
-        {
-            Id = Guid.NewGuid(),
-            OrganizationId = organization.Id,
-            Type = OrganizationUserType.User,
-            Status = OrganizationUserStatusType.Confirmed,
-            UserId = new Guid(),
-            Email = "user1@example.com"
-        };
-
-        var compliantUser2 = new OrganizationUserUserDetails
-        {
-            Id = Guid.NewGuid(),
-            OrganizationId = organization.Id,
-            Type = OrganizationUserType.User,
-            Status = OrganizationUserStatusType.Confirmed,
-            UserId = new Guid(),
-            Email = "user2@example.com"
-        };
-
-        var nonCompliantUser = new OrganizationUserUserDetails
-        {
-            Id = Guid.NewGuid(),
-            OrganizationId = organization.Id,
-            Type = OrganizationUserType.User,
-            Status = OrganizationUserStatusType.Confirmed,
-            UserId = nonCompliantUserId,
-            Email = "user3@example.com"
-        };
-
-        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
-            .Returns([compliantUser1, compliantUser2, nonCompliantUser]);
-
-        var otherOrganizationUser = new OrganizationUser
-        {
-            Id = Guid.NewGuid(),
-            OrganizationId = new Guid(),
-            UserId = nonCompliantUserId,
-            Status = OrganizationUserStatusType.Confirmed
-        };
-
-        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyByManyUsersAsync(Arg.Is<IEnumerable<Guid>>(ids => ids.Contains(nonCompliantUserId)))
-            .Returns([otherOrganizationUser]);
-
-        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(savingUserId);
-        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(policyUpdate.OrganizationId).Returns(organization);
-
-        sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
-            .Returns(false);
-
-        sutProvider.GetDependency<IRevokeNonCompliantOrganizationUserCommand>()
-            .RevokeNonCompliantOrganizationUsersAsync(Arg.Any<RevokeOrganizationUsersRequest>())
-            .Returns(new CommandResult());
-
-        await sutProvider.Sut.OnSaveSideEffectsAsync(policyUpdate, policy);
-
-        await sutProvider.GetDependency<IRemoveOrganizationUserCommand>()
-            .DidNotReceive()
-            .RemoveUserAsync(policyUpdate.OrganizationId, compliantUser1.Id, savingUserId);
-        await sutProvider.GetDependency<IRemoveOrganizationUserCommand>()
-            .DidNotReceive()
-            .RemoveUserAsync(policyUpdate.OrganizationId, compliantUser2.Id, savingUserId);
-        await sutProvider.GetDependency<IRemoveOrganizationUserCommand>()
-            .Received(1)
-            .RemoveUserAsync(policyUpdate.OrganizationId, nonCompliantUser.Id, savingUserId);
-        await sutProvider.GetDependency<IMailService>()
-            .DidNotReceive()
-            .SendOrganizationUserRemovedForPolicySingleOrgEmailAsync(organization.DisplayName(), compliantUser1.Email);
-        await sutProvider.GetDependency<IMailService>()
-            .DidNotReceive()
-            .SendOrganizationUserRemovedForPolicySingleOrgEmailAsync(organization.DisplayName(), compliantUser2.Email);
-        await sutProvider.GetDependency<IMailService>()
-            .Received(1)
-            .SendOrganizationUserRemovedForPolicySingleOrgEmailAsync(organization.DisplayName(), nonCompliantUser.Email);
-    }
-
-    [Theory, BitAutoData]
-    public async Task OnSaveSideEffectsAsync_WhenAccountDeprovisioningIsEnabled_ThenUsersAreRevoked(
-        [PolicyUpdate(PolicyType.SingleOrg)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg, false)] Policy policy,
-        Guid savingUserId,
-        Guid nonCompliantUserId,
-        Organization organization, SutProvider<SingleOrgPolicyValidator> sutProvider)
-    {
-        policy.OrganizationId = organization.Id = policyUpdate.OrganizationId;
-
-        var compliantUser1 = new OrganizationUserUserDetails
-        {
-            OrganizationId = organization.Id,
-            Type = OrganizationUserType.User,
-            Status = OrganizationUserStatusType.Confirmed,
-            UserId = new Guid(),
-            Email = "user1@example.com"
-        };
-
-        var compliantUser2 = new OrganizationUserUserDetails
-        {
-            OrganizationId = organization.Id,
-            Type = OrganizationUserType.User,
-            Status = OrganizationUserStatusType.Confirmed,
-            UserId = new Guid(),
-            Email = "user2@example.com"
-        };
-
-        var nonCompliantUser = new OrganizationUserUserDetails
-        {
-            OrganizationId = organization.Id,
-            Type = OrganizationUserType.User,
-            Status = OrganizationUserStatusType.Confirmed,
-            UserId = nonCompliantUserId,
-            Email = "user3@example.com"
-        };
-
-        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
-            .Returns([compliantUser1, compliantUser2, nonCompliantUser]);
-
-        var otherOrganizationUser = new OrganizationUser
-        {
-            OrganizationId = new Guid(),
-            UserId = nonCompliantUserId,
-            Status = OrganizationUserStatusType.Confirmed
-        };
-
-        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyByManyUsersAsync(Arg.Is<IEnumerable<Guid>>(ids => ids.Contains(nonCompliantUserId)))
-            .Returns([otherOrganizationUser]);
-
-        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(savingUserId);
-        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(policyUpdate.OrganizationId)
-            .Returns(organization);
-
-        sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.AccountDeprovisioning).Returns(true);
-
-        sutProvider.GetDependency<IRevokeNonCompliantOrganizationUserCommand>()
-            .RevokeNonCompliantOrganizationUsersAsync(Arg.Any<RevokeOrganizationUsersRequest>())
-            .Returns(new CommandResult());
-
-        await sutProvider.Sut.OnSaveSideEffectsAsync(policyUpdate, policy);
-
-        await sutProvider.GetDependency<IRevokeNonCompliantOrganizationUserCommand>()
-            .Received()
-            .RevokeNonCompliantOrganizationUsersAsync(Arg.Any<RevokeOrganizationUsersRequest>());
-    }
 }
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/TwoFactorAuthenticationPolicyValidatorTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/TwoFactorAuthenticationPolicyValidatorTests.cs
@ -6,7 +6,6 @@ using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyValidators;
 using Bit.Core.AdminConsole.Utilities.Commands;
 using Bit.Core.Auth.UserFeatures.TwoFactorAuth.Interfaces;
-using Bit.Core.Context;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
@ -24,7 +23,7 @@ namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies.PolicyValidat
 public class TwoFactorAuthenticationPolicyValidatorTests
 {
    [Theory, BitAutoData]
-    public async Task OnSaveSideEffectsAsync_RemovesNonCompliantUsers(
+    public async Task OnSaveSideEffectsAsync_GivenNonCompliantUsersWithoutMasterPassword_Throws(
        Organization organization,
        [PolicyUpdate(PolicyType.TwoFactorAuthentication)] PolicyUpdate policyUpdate,
        [Policy(PolicyType.TwoFactorAuthentication, false)] Policy policy,
@ -33,249 +32,6 @@ public class TwoFactorAuthenticationPolicyValidatorTests
        policy.OrganizationId = organization.Id = policyUpdate.OrganizationId;
        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);

-        var orgUserDetailUserInvited = new OrganizationUserUserDetails
-        {
-            Id = Guid.NewGuid(),
-            Status = OrganizationUserStatusType.Invited,
-            Type = OrganizationUserType.User,
-            // Needs to be different from what is passed in as the savingUserId to Sut.SaveAsync
-            Email = "user1@test.com",
-            Name = "TEST",
-            UserId = Guid.NewGuid(),
-            HasMasterPassword = false
-        };
-        var orgUserDetailUserAcceptedWith2FA = new OrganizationUserUserDetails
-        {
-            Id = Guid.NewGuid(),
-            Status = OrganizationUserStatusType.Accepted,
-            Type = OrganizationUserType.User,
-            // Needs to be different from what is passed in as the savingUserId to Sut.SaveAsync
-            Email = "user2@test.com",
-            Name = "TEST",
-            UserId = Guid.NewGuid(),
-            HasMasterPassword = true
-        };
-        var orgUserDetailUserAcceptedWithout2FA = new OrganizationUserUserDetails
-        {
-            Id = Guid.NewGuid(),
-            Status = OrganizationUserStatusType.Accepted,
-            Type = OrganizationUserType.User,
-            // Needs to be different from what is passed in as the savingUserId to Sut.SaveAsync
-            Email = "user3@test.com",
-            Name = "TEST",
-            UserId = Guid.NewGuid(),
-            HasMasterPassword = true
-        };
-        var orgUserDetailAdmin = new OrganizationUserUserDetails
-        {
-            Id = Guid.NewGuid(),
-            Status = OrganizationUserStatusType.Confirmed,
-            Type = OrganizationUserType.Admin,
-            // Needs to be different from what is passed in as the savingUserId to Sut.SaveAsync
-            Email = "admin@test.com",
-            Name = "ADMIN",
-            UserId = Guid.NewGuid(),
-            HasMasterPassword = false
-        };
-
-        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
-            .Returns(new List<OrganizationUserUserDetails>
-            {
-                orgUserDetailUserInvited,
-                orgUserDetailUserAcceptedWith2FA,
-                orgUserDetailUserAcceptedWithout2FA,
-                orgUserDetailAdmin
-            });
-
-        sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
-            .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<OrganizationUserUserDetails>>())
-            .Returns(new List<(OrganizationUserUserDetails user, bool hasTwoFactor)>()
-            {
-                (orgUserDetailUserInvited, false),
-                (orgUserDetailUserAcceptedWith2FA, true),
-                (orgUserDetailUserAcceptedWithout2FA, false),
-                (orgUserDetailAdmin, false),
-            });
-
-        var savingUserId = Guid.NewGuid();
-        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(savingUserId);
-
-        await sutProvider.Sut.OnSaveSideEffectsAsync(policyUpdate, policy);
-
-        var removeOrganizationUserCommand = sutProvider.GetDependency<IRemoveOrganizationUserCommand>();
-
-        await removeOrganizationUserCommand.Received()
-            .RemoveUserAsync(policy.OrganizationId, orgUserDetailUserAcceptedWithout2FA.Id, savingUserId);
-        await sutProvider.GetDependency<IMailService>().Received()
-            .SendOrganizationUserRemovedForPolicyTwoStepEmailAsync(organization.DisplayName(), orgUserDetailUserAcceptedWithout2FA.Email);
-
-        await removeOrganizationUserCommand.DidNotReceive()
-            .RemoveUserAsync(policy.OrganizationId, orgUserDetailUserInvited.Id, savingUserId);
-        await sutProvider.GetDependency<IMailService>().DidNotReceive()
-            .SendOrganizationUserRemovedForPolicyTwoStepEmailAsync(organization.DisplayName(), orgUserDetailUserInvited.Email);
-        await removeOrganizationUserCommand.DidNotReceive()
-            .RemoveUserAsync(policy.OrganizationId, orgUserDetailUserAcceptedWith2FA.Id, savingUserId);
-        await sutProvider.GetDependency<IMailService>().DidNotReceive()
-            .SendOrganizationUserRemovedForPolicyTwoStepEmailAsync(organization.DisplayName(), orgUserDetailUserAcceptedWith2FA.Email);
-        await removeOrganizationUserCommand.DidNotReceive()
-            .RemoveUserAsync(policy.OrganizationId, orgUserDetailAdmin.Id, savingUserId);
-        await sutProvider.GetDependency<IMailService>().DidNotReceive()
-            .SendOrganizationUserRemovedForPolicyTwoStepEmailAsync(organization.DisplayName(), orgUserDetailAdmin.Email);
-    }
-
-    [Theory, BitAutoData]
-    public async Task OnSaveSideEffectsAsync_UsersToBeRemovedDontHaveMasterPasswords_Throws(
-        Organization organization,
-        [PolicyUpdate(PolicyType.TwoFactorAuthentication)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.TwoFactorAuthentication, false)] Policy policy,
-        SutProvider<TwoFactorAuthenticationPolicyValidator> sutProvider)
-    {
-        policy.OrganizationId = organization.Id = policyUpdate.OrganizationId;
-
-        var orgUserDetailUserWith2FAAndMP = new OrganizationUserUserDetails
-        {
-            Id = Guid.NewGuid(),
-            Status = OrganizationUserStatusType.Confirmed,
-            Type = OrganizationUserType.User,
-            // Needs to be different from what is passed in as the savingUserId to Sut.SaveAsync
-            Email = "user1@test.com",
-            Name = "TEST",
-            UserId = Guid.NewGuid(),
-            HasMasterPassword = true
-        };
-        var orgUserDetailUserWith2FANoMP = new OrganizationUserUserDetails
-        {
-            Id = Guid.NewGuid(),
-            Status = OrganizationUserStatusType.Confirmed,
-            Type = OrganizationUserType.User,
-            // Needs to be different from what is passed in as the savingUserId to Sut.SaveAsync
-            Email = "user2@test.com",
-            Name = "TEST",
-            UserId = Guid.NewGuid(),
-            HasMasterPassword = false
-        };
-        var orgUserDetailUserWithout2FA = new OrganizationUserUserDetails
-        {
-            Id = Guid.NewGuid(),
-            Status = OrganizationUserStatusType.Confirmed,
-            Type = OrganizationUserType.User,
-            // Needs to be different from what is passed in as the savingUserId to Sut.SaveAsync
-            Email = "user3@test.com",
-            Name = "TEST",
-            UserId = Guid.NewGuid(),
-            HasMasterPassword = false
-        };
-        var orgUserDetailAdmin = new OrganizationUserUserDetails
-        {
-            Id = Guid.NewGuid(),
-            Status = OrganizationUserStatusType.Confirmed,
-            Type = OrganizationUserType.Admin,
-            // Needs to be different from what is passed in as the savingUserId to Sut.SaveAsync
-            Email = "admin@test.com",
-            Name = "ADMIN",
-            UserId = Guid.NewGuid(),
-            HasMasterPassword = false
-        };
-
-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
-            .Returns(false);
-
-        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyDetailsByOrganizationAsync(policy.OrganizationId)
-            .Returns(new List<OrganizationUserUserDetails>
-            {
-                orgUserDetailUserWith2FAAndMP,
-                orgUserDetailUserWith2FANoMP,
-                orgUserDetailUserWithout2FA,
-                orgUserDetailAdmin
-            });
-
-        sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
-            .TwoFactorIsEnabledAsync(Arg.Is<IEnumerable<Guid>>(ids =>
-                ids.Contains(orgUserDetailUserWith2FANoMP.UserId.Value)
-                && ids.Contains(orgUserDetailUserWithout2FA.UserId.Value)
-                && ids.Contains(orgUserDetailAdmin.UserId.Value)))
-            .Returns(new List<(Guid userId, bool hasTwoFactor)>()
-            {
-                (orgUserDetailUserWith2FANoMP.UserId.Value, true),
-                (orgUserDetailUserWithout2FA.UserId.Value, false),
-                (orgUserDetailAdmin.UserId.Value, false),
-            });
-
-        var badRequestException = await Assert.ThrowsAsync<BadRequestException>(
-            () => sutProvider.Sut.OnSaveSideEffectsAsync(policyUpdate, policy));
-
-        Assert.Equal(TwoFactorAuthenticationPolicyValidator.NonCompliantMembersWillLoseAccessMessage, badRequestException.Message);
-
-        await sutProvider.GetDependency<IRemoveOrganizationUserCommand>().DidNotReceiveWithAnyArgs()
-            .RemoveUserAsync(organizationId: default, organizationUserId: default, deletingUserId: default);
-    }
-
-    [Theory, BitAutoData]
-    public async Task OnSaveSideEffectsAsync_GivenUpdateTo2faPolicy_WhenAccountProvisioningIsDisabled_ThenRevokeUserCommandShouldNotBeCalled(
-            Organization organization,
-            [PolicyUpdate(PolicyType.TwoFactorAuthentication)]
-            PolicyUpdate policyUpdate,
-            [Policy(PolicyType.TwoFactorAuthentication, false)]
-            Policy policy,
-            SutProvider<TwoFactorAuthenticationPolicyValidator> sutProvider)
-    {
-        policy.OrganizationId = organization.Id = policyUpdate.OrganizationId;
-        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
-
-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
-            .Returns(false);
-
-        var orgUserDetailUserAcceptedWithout2Fa = new OrganizationUserUserDetails
-        {
-            Id = Guid.NewGuid(),
-            Status = OrganizationUserStatusType.Accepted,
-            Type = OrganizationUserType.User,
-            Email = "user3@test.com",
-            Name = "TEST",
-            UserId = Guid.NewGuid(),
-            HasMasterPassword = true
-        };
-
-        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
-            .Returns(new List<OrganizationUserUserDetails>
-            {
-                orgUserDetailUserAcceptedWithout2Fa
-            });
-
-
-        sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
-            .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<OrganizationUserUserDetails>>())
-            .Returns(new List<(OrganizationUserUserDetails user, bool hasTwoFactor)>()
-            {
-                (orgUserDetailUserAcceptedWithout2Fa, false),
-            });
-
-        await sutProvider.Sut.OnSaveSideEffectsAsync(policyUpdate, policy);
-
-        await sutProvider.GetDependency<IRevokeNonCompliantOrganizationUserCommand>()
-            .DidNotReceive()
-            .RevokeNonCompliantOrganizationUsersAsync(Arg.Any<RevokeOrganizationUsersRequest>());
-    }
-
-    [Theory, BitAutoData]
-    public async Task OnSaveSideEffectsAsync_GivenUpdateTo2faPolicy_WhenAccountProvisioningIsEnabledAndUserDoesNotHaveMasterPassword_ThenNonCompliantMembersErrorMessageWillReturn(
-        Organization organization,
-        [PolicyUpdate(PolicyType.TwoFactorAuthentication)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.TwoFactorAuthentication, false)] Policy policy,
-        SutProvider<TwoFactorAuthenticationPolicyValidator> sutProvider)
-    {
-        policy.OrganizationId = organization.Id = policyUpdate.OrganizationId;
-        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
-
-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
-            .Returns(true);
-
        var orgUserDetailUserWithout2Fa = new OrganizationUserUserDetails
        {
            Id = Guid.NewGuid(),
@ -304,7 +60,7 @@ public class TwoFactorAuthenticationPolicyValidatorTests
    }

    [Theory, BitAutoData]
-    public async Task OnSaveSideEffectsAsync_WhenAccountProvisioningIsEnabledAndUserHasMasterPassword_ThenUserWillBeRevoked(
+    public async Task OnSaveSideEffectsAsync_RevokesNonCompliantUsers(
        Organization organization,
        [PolicyUpdate(PolicyType.TwoFactorAuthentication)] PolicyUpdate policyUpdate,
        [Policy(PolicyType.TwoFactorAuthentication, false)] Policy policy,
@ -313,10 +69,6 @@ public class TwoFactorAuthenticationPolicyValidatorTests
        policy.OrganizationId = organization.Id = policyUpdate.OrganizationId;
        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);

-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.AccountDeprovisioning)
-            .Returns(true);
-
        var orgUserDetailUserWithout2Fa = new OrganizationUserUserDetails
        {
            Id = Guid.NewGuid(),