bitwarden · voommen-livefront · Apr 13, 2026 · Apr 13, 2026
@@ -2,7 +2,6 @@
 using Bit.Api.Dirt.Models.Response;
 using Bit.Core.Context;
 using Bit.Core.Dirt.EventIntegrations.OrganizationIntegrations.Interfaces;
-using Bit.Core.Exceptions;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
@@ -18,17 +17,17 @@ public class OrganizationIntegrationController(
     IGetOrganizationIntegrationsQuery getQuery) : Controller
 {
     [HttpGet("")]
-    public async Task<List<OrganizationIntegrationResponseModel>> GetAsync(Guid organizationId)
+    public async Task<ActionResult<List<OrganizationIntegrationResponseModel>>> GetAsync(Guid organizationId)
     {
         if (!await HasPermission(organizationId))
         {
-            throw new NotFoundException();
+            return Forbid();
         }
 
         var integrations = await getQuery.GetManyByOrganizationAsync(organizationId);
-        return integrations
+        return Ok(integrations
             .Select(integration => new OrganizationIntegrationResponseModel(integration))
-            .ToList();
+            .ToList());
     }
 
     /// <summary>
@@ -38,7 +37,7 @@ public async Task<List<OrganizationIntegrationResponseModel>> GetAsync(Guid orga
     /// <param name="organizationId"></param>
     /// <param name="model"></param>
     /// <returns></returns>
-    /// <exception cref="NotFoundException">Not enough permissions to access the organization.</exception>
+    /// <exception cref="ForbidResult">Not enough permissions to access the organization.</exception>
     /// <exception cref="ConflictResult">When an integration of the same type already exists for the organization.</exception>
     [HttpPost("")]
     public async Task<ActionResult<OrganizationIntegrationResponseModel>> CreateAsync(Guid organizationId, [FromBody] OrganizationIntegrationRequestModel model)
@@ -50,7 +49,7 @@ public async Task<ActionResult<OrganizationIntegrationResponseModel>> CreateAsyn
 
         if (!await HasPermission(organizationId))
         {
-            throw new NotFoundException();
+            return Forbid();
         }
 
         var integration = model.ToOrganizationIntegration(organizationId);
@@ -67,35 +66,36 @@ public async Task<ActionResult<OrganizationIntegrationResponseModel>> CreateAsyn
     }
 
     [HttpPut("{integrationId:guid}")]
-    public async Task<OrganizationIntegrationResponseModel> UpdateAsync(Guid organizationId, Guid integrationId, [FromBody] OrganizationIntegrationRequestModel model)
+    public async Task<ActionResult<OrganizationIntegrationResponseModel>> UpdateAsync(Guid organizationId, Guid integrationId, [FromBody] OrganizationIntegrationRequestModel model)
     {
         if (!await HasPermission(organizationId))
         {
-            throw new NotFoundException();
+            return Forbid();
         }
 
         var integration = model.ToOrganizationIntegration(organizationId);
         var updated = await updateCommand.UpdateAsync(organizationId, integrationId, integration);
 
-        return new OrganizationIntegrationResponseModel(updated);
+        return Ok(new OrganizationIntegrationResponseModel(updated));
     }
 
     [HttpDelete("{integrationId:guid}")]
-    public async Task DeleteAsync(Guid organizationId, Guid integrationId)
+    public async Task<IActionResult> DeleteAsync(Guid organizationId, Guid integrationId)
     {
         if (!await HasPermission(organizationId))
         {
-            throw new NotFoundException();
+            return Forbid();
         }
 
         await deleteCommand.DeleteAsync(organizationId, integrationId);
+        return NoContent();
     }
 
     [HttpPost("{integrationId:guid}/delete")]
     [Obsolete("This endpoint is deprecated. Use DELETE method instead")]
-    public async Task PostDeleteAsync(Guid organizationId, Guid integrationId)
+    public async Task<IActionResult> PostDeleteAsync(Guid organizationId, Guid integrationId)
     {
-        await DeleteAsync(organizationId, integrationId);
+        return await DeleteAsync(organizationId, integrationId);
     }
 
     private async Task<bool> HasPermission(Guid organizationId)

@@ -5,7 +5,6 @@
 using Bit.Core.Dirt.Entities;
 using Bit.Core.Dirt.Enums;
 using Bit.Core.Dirt.EventIntegrations.OrganizationIntegrations.Interfaces;
-using Bit.Core.Exceptions;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using Microsoft.AspNetCore.Mvc;
@@ -34,7 +33,8 @@ public async Task GetAsync_UserIsNotOrganizationAdmin_ThrowsNotFound(
             .OrganizationOwner(organizationId)
             .Returns(false);
 
-        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetAsync(organizationId));
+        var result = await sutProvider.Sut.GetAsync(organizationId);
+        Assert.IsType<ForbidResult>(result.Result);
     }
 
     [Theory, BitAutoData]
@@ -56,8 +56,11 @@ public async Task GetAsync_IntegrationsExist_ReturnsIntegrations(
         await sutProvider.GetDependency<IGetOrganizationIntegrationsQuery>().Received(1)
             .GetManyByOrganizationAsync(organizationId);
 
-        Assert.Equal(integrations.Count, result.Count);
-        Assert.All(result, r => Assert.IsType<OrganizationIntegrationResponseModel>(r));
+        Assert.IsType<OkObjectResult>(result.Result);
+        var okResult = result.Result as OkObjectResult;
+        var returnedIntegrations = okResult.Value as List<OrganizationIntegrationResponseModel>;
+        Assert.Equal(integrations.Count, returnedIntegrations.Count);
+        Assert.All(returnedIntegrations, r => Assert.IsType<OrganizationIntegrationResponseModel>(r));
     }
 
     [Theory, BitAutoData]
@@ -71,11 +74,13 @@ public async Task GetAsync_NoIntegrations_ReturnsEmptyList(
             .Returns(true);
         sutProvider.GetDependency<IGetOrganizationIntegrationsQuery>()
             .GetManyByOrganizationAsync(organizationId)
-            .Returns([]);
+            .Returns(new List<OrganizationIntegration>());
 
         var result = await sutProvider.Sut.GetAsync(organizationId);
 
-        Assert.Empty(result);
+        var okResult = result.Result as OkObjectResult;
+        var returnedIntegrations = okResult.Value as List<OrganizationIntegrationResponseModel>;
+        Assert.Empty(returnedIntegrations);
     }
 
     [Theory, BitAutoData]
@@ -129,7 +134,7 @@ public async Task CreateAsync_TheTypeAlreadyExists_ThrowsConflict(
     }
 
     [Theory, BitAutoData]
-    public async Task CreateAsync_UserIsNotOrganizationAdmin_ThrowsNotFound(
+    public async Task CreateAsync_UserIsNotOrganizationAdmin_ReturnsForbid(
         SutProvider<OrganizationIntegrationController> sutProvider,
         Guid organizationId)
     {
@@ -138,8 +143,9 @@ public async Task CreateAsync_UserIsNotOrganizationAdmin_ThrowsNotFound(
             .OrganizationOwner(organizationId)
             .Returns(false);
 
-        await Assert.ThrowsAsync<NotFoundException>(async () =>
-            await sutProvider.Sut.CreateAsync(organizationId, _webhookRequestModel));
+        var response = await sutProvider.Sut.CreateAsync(organizationId, _webhookRequestModel);
+
+        Assert.IsType<ForbidResult>(response.Result);
     }
 
     [Theory, BitAutoData]
@@ -178,7 +184,7 @@ await sutProvider.GetDependency<IDeleteOrganizationIntegrationCommand>().Receive
     }
 
     [Theory, BitAutoData]
-    public async Task DeleteAsync_UserIsNotOrganizationAdmin_ThrowsNotFound(
+    public async Task DeleteAsync_UserIsNotOrganizationAdmin_ReturnsForbid(
         SutProvider<OrganizationIntegrationController> sutProvider,
         Guid organizationId,
         Guid integrationId)
@@ -188,8 +194,9 @@ public async Task DeleteAsync_UserIsNotOrganizationAdmin_ThrowsNotFound(
             .OrganizationOwner(organizationId)
             .Returns(false);
 
-        await Assert.ThrowsAsync<NotFoundException>(async () =>
-            await sutProvider.Sut.DeleteAsync(organizationId, integrationId));
+        var response = await sutProvider.Sut.DeleteAsync(organizationId, integrationId);
+
+        Assert.IsType<ForbidResult>(response);
     }
 
     [Theory, BitAutoData]
@@ -217,12 +224,16 @@ await sutProvider.GetDependency<IUpdateOrganizationIntegrationCommand>().Receive
             .UpdateAsync(organizationId, integrationId, Arg.Is<OrganizationIntegration>(i =>
                 i.OrganizationId == organizationId &&
                 i.Type == IntegrationType.Webhook));
-        Assert.IsType<OrganizationIntegrationResponseModel>(response);
-        Assert.Equal(IntegrationType.Webhook, response.Type);
+        Assert.IsType<OkObjectResult>(response.Result);
+        var okResult = response.Result as OkObjectResult;
+        Assert.NotNull(okResult);
+        var resultValue = okResult!.Value as OrganizationIntegrationResponseModel;
+        Assert.NotNull(resultValue);
+        Assert.Equal(IntegrationType.Webhook, resultValue!.Type);
     }
 
     [Theory, BitAutoData]
-    public async Task UpdateAsync_UserIsNotOrganizationAdmin_ThrowsNotFound(
+    public async Task UpdateAsync_UserIsNotOrganizationAdmin_ReturnsForbid(
         SutProvider<OrganizationIntegrationController> sutProvider,
         Guid organizationId,
         Guid integrationId)
@@ -232,7 +243,8 @@ public async Task UpdateAsync_UserIsNotOrganizationAdmin_ThrowsNotFound(
             .OrganizationOwner(organizationId)
             .Returns(false);
 
-        await Assert.ThrowsAsync<NotFoundException>(async () =>
-            await sutProvider.Sut.UpdateAsync(organizationId, integrationId, _webhookRequestModel));
+        var response = await sutProvider.Sut.UpdateAsync(organizationId, integrationId, _webhookRequestModel);
+
+        Assert.IsType<ForbidResult>(response.Result);
     }
 }