[PM-28423] Add latest_invoice expansion / logging to SubscriptionCancellationJob

[amorask-bitwarden]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-28423

📔 Objective

The SubscriptionCancellationJob was never running because it was checking for a billing_reason on the incoming subscription's latest_invoice while never expanding latest_invoice in the request to retrieve the subscription.

This PR resolves that as well as adds logging and unit tests.

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[claude]

Claude finished @amorask-bitwarden's task —— View job

---

Code Review Complete

I've reviewed the changes in this PR that fix the SubscriptionCancellationJob bug. Here's my comprehensive analysis:

---

🎯 Summary

The PR successfully fixes the root cause: the job was checking LatestInvoice.BillingReason without expanding latest_invoice in the Stripe API request, causing it to be null and the job to skip cancellations. The fix is correct and well-tested.

---

✅ What's Good

1. Root Cause Fix: Properly adds Expand = ["latest_invoice"] to SubscriptionGetOptions (line 32 in SubscriptionCancellationJob.cs:30-33)

2. Constants Migration: Moved magic strings to StripeConstants.BillingReasons for maintainability - great improvement!

3. Logging: Added comprehensive structured logging at all decision points, which will significantly help with debugging

4. Null Safety: Removed #nullable disable and uses proper null-safe patterns

5. Test Coverage: Excellent test suite with 10 comprehensive test cases covering:

   • All skip conditions (null org, enabled org, wrong status, wrong billing reason)
   • Happy path scenarios
   • Pagination handling
   • Parameter verification

6. Modern C# Patterns: Uses pattern matching effectively in the subscription validation check

---

🔍 Observations & Suggestions

📝 Type Consistency (Minor)

The production code uses SubscriptionStatus.Unpaid (Stripe SDK enum) at line 37, while the test code uses StripeSubscriptionStatus.Unpaid (string constant) at line 86.

Analysis: Looking at the codebase, I see both patterns are used:

• SubscriptionStatus enum is from Stripe.net SDK
• StripeConstants.SubscriptionStatus is Bitwarden's string constants

The production code correctly uses the Stripe SDK enum for type-safe comparison, while tests use string constants for mock setup. This is actually acceptable - the Stripe SDK will convert the enum to string when making API calls, and tests mock string values. However, for maximum consistency, consider using the SDK enum in tests too when setting up mocks.

Recommendation: This is acceptable as-is, but for future consistency you could use Stripe.SubscriptionStatus.Unpaid in tests instead of the string constant.

🎨 Pattern Matching Safety

The pattern at lines 35-39 uses nested property patterns:

if (subscription is not
    {
        Status: SubscriptionStatus.Unpaid,
        LatestInvoice: { BillingReason: BillingReasons.SubscriptionCreate or BillingReasons.SubscriptionCycle }
    })

This pattern implicitly checks that LatestInvoice is not null before accessing BillingReason, which is exactly what you want. The nested property pattern LatestInvoice: { BillingReason: ... } ensures null-safety. ✅ This is correct and safe.

🔐 Security Considerations

• ✅ No PII or sensitive data logged (only IDs)
• ✅ Uses parameterized Stripe API options
• ✅ Structured logging with proper parameter names
• ✅ No SQL injection vectors (uses repository pattern)

---

📊 Test Coverage Analysis

The test suite is comprehensive and covers:

• Boundary conditions: Null/enabled organization checks
• Business logic: Status and billing reason validation
• Happy path: Successful cancellation and invoice voiding
• Edge cases: Pagination, no invoices, different billing reasons
• Integration verification: Correct API parameter passing

Test Quality: Excellent use of NSubstitute for mocking, clear AAA pattern, descriptive test names following conventions.

---

🚀 Impact Assessment

Criticality: High - This fixes a production bug where subscriptions that should be automatically cancelled were not being processed.

Risk: Low - The change is minimal, well-tested, and defensive (multiple validation checks before taking action).

Performance: Negligible - Adds one expansion parameter to an existing API call.

---

✅ Final Verdict

Approve - This PR successfully fixes the bug, adds appropriate logging and test coverage, and follows Bitwarden coding standards. The previous Claude review comments have been addressed by extracting constants. The code is production-ready.

Checklist:

• ✅ Bug fix correctly addresses root cause
• ✅ Constants used instead of magic strings
• ✅ Comprehensive logging added
• ✅ Null-safe code patterns
• ✅ Excellent test coverage (10 test cases)
• ✅ No security concerns
• ✅ Follows Bitwarden code style
• ✅ CI checks passing/in progress

---

Note: The Checkmarx findings for CSRF in CiphersController.cs are unrelated to this PR (they appear to be false positives from other recent changes merged into main).

[github-actions]

Checkmarx One – Scan Summary & Details – 647d2a6f-5e38-4f6e-b1cb-6f9fbe58b083

New Issues (2)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1519	details Method at line 1519 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... ID: dMGF5qNfAN72zlvQcA1MgbhHv%2Fc%3D Attack Vector
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1395	details Method at line 1395 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... ID: iOCFr11iI9znjDnv46yLfiS4aDY%3D Attack Vector

Fixed Issues (2)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 97
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 300

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 53.45%. Comparing base (655054a) to head (c63e8b8).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6603      +/-   ##
==========================================
+ Coverage   53.40%   53.45%   +0.05%     
==========================================
  Files        1917     1917              
  Lines       85466    85478      +12     
  Branches     7667     7667              
==========================================
+ Hits        45643    45694      +51     
+ Misses      38056    38017      -39     
  Partials     1767     1767              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sbrown-livefront]

✅