[PM-33866] Revocation Reasons: DDL Edition

[sven-bitwarden]

🎟️ Tracking

PM-33866

📔 Objective

We're interested in tracking why a user is revoked, in order to enhance UX and unlock the capability to automate restoration of users.

This PR adds RevocationReason with an initial list of reasons based on existing flows and applicable policies, and then executes the painful task of adding the column everywhere.

Notable Modifications

Restoration and revocation are now implemented by a pair of sprocs that handle it in bulk. The difference between the single and bulk path is negligible, so we're condensing the needed scripts down.

The old sprocs are now being 🗑️ 'd.

Testing

I have ran the migration on MSSQL and the other 4 databases (MySql, Sqlite, Postgres, MariaDB) with EF using our migrate DB script. I then also ran the integration tests, which exercise the new RevocationReason parameter, as well as revoking/restoring through the new sprocs.

[github-actions]

Checkmarx One – Scan Summary & Details – 2fc0a719-e410-40f9-95df-2427fb9c3790

---

New Issues (3)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		Path_Traversal	/src/Api/Controllers/SelfHosted/SelfHostedOrganizationLicensesController.cs: 56	details Method at line 56 of /src/Api/Controllers/SelfHosted/SelfHostedOrganizationLicensesController.cs gets dynamic data from the model element. This ... Attack Vector
2		CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 289	details Method at line 289 of /src/Api/AdminConsole/Controllers/GroupsController.cs gets a parameter from a user request from orgUserId. This parameter ... Attack Vector
3		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 452	details Method at line 452 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector

---

Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 275

[codecov]

Codecov Report

❌ Patch coverage is 95.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 63.20%. Comparing base (0618444) to head (30aba33).
⚠️ Report is 14 commits behind head on main.

Files with missing lines	Patch %	Lines
...Console/Repositories/OrganizationUserRepository.cs	86.66%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7432      +/-   ##
==========================================
+ Coverage   58.49%   63.20%   +4.71%     
==========================================
  Files        2066     2069       +3     
  Lines       91141    91203      +62     
  Branches     8111     8122      +11     
==========================================
+ Hits        53309    57643    +4334     
+ Misses      35924    31562    -4362     
- Partials     1908     1998      +90     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
5 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
63.0% Duplication on New Code

See analysis details on SonarQube Cloud