Refactor Controllers to use CQRS pattern for OrganizationIntegration and OrganizationIntegrationConfiguration

[brant-livefront]

📔 Objective

In PR #6650 we added caching to the event integration configurations. However, @withinfocus pointed out that we were now injecting the cache directly into our controllers and it would be better to follow the CQRS pattern and move these into commands / queries. That work felt a bit large for another commit on the existing PR, so I've put all of that refactor here.

The DI piece is a bit tricky for these. Since they are dependent on the named extended cache, they can't be instantiated with the rest of the OrganizationFeatures pieces. Instead, this PR creates EventIntegrationsServiceCollectionExtensions (and associated tests) to create a clean way for Startup in API to get them into the service collection cleanly. This extension will be a landing place for more of the custom event integration methods in ServiceCollectionExtensions in future PRs. It will be a big help to have those separated out and testable.

Finally, there's a few cleanup things that I noticed in doing this work. We were allowing someone to change the integration type when updating an integration (which would also have cache implications). Instead, I've changed it to deny an update that changes the IntegrationType (that should be a brand new integration instead). I also cleaned up how we were clearing cache when the EventType changes (which is allowed) to clear both the old and new values.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[claude]

Claude finished @brant-livefront's task —— View job

---

Code Review Complete ✅

I've completed a comprehensive review of this CQRS refactoring. Overall, this is excellent work that significantly improves the codebase architecture, testability, and maintainability.

---

🌟 Overall Rating: ⭐⭐⭐⭐⭐ EXCELLENT

This PR successfully refactors the OrganizationIntegration and OrganizationIntegrationConfiguration controllers to implement the CQRS pattern with clean separation of concerns, robust security measures, and comprehensive test coverage.

---

Key Strengths

1. 👍 CQRS Implementation Quality

The CQRS pattern is implemented excellently:

• Controllers are now thin orchestrators focused solely on HTTP concerns
• Business logic properly isolated in commands/queries
• Clear single responsibility for each command/query
• Consistent implementation pattern across all files

Example: OrganizationIntegrationController.cs:13-18 - Clean dependency injection of commands/queries instead of repositories and cache

2. 👍 Dependency Injection & Service Registration

EventIntegrationsServiceCollectionExtensions.cs is well-designed:

• ✅ Proper use of TryAdd* methods for idempotency
• ✅ Cache registered before commands that depend on it
• ✅ Validator correctly registered as Singleton (stateless)
• ✅ Commands/queries registered as Scoped (appropriate lifetime)
• ✅ Comprehensive test coverage verifying registration behavior

3. 👍 Critical Cache Management Fix

The dual-cache clearing for EventType changes is correctly implemented and essential:

UpdateOrganizationIntegrationConfigurationCommand.cs:44-60:

// Clear old EventType cache
await cache.RemoveAsync(...eventType: configuration.EventType);

// Clear new EventType cache if changed
if (configuration.EventType != updatedConfiguration.EventType)
{
    await cache.RemoveAsync(...eventType: updatedConfiguration.EventType);
}

This prevents stale data in both old and new cache keys when EventType changes. Test coverage confirms both cache removals occur with correct keys.

4. 👍 Security: IntegrationType Change Prevention

UpdateOrganizationIntegrationCommand.cs:22-28:

if (integration is null ||
    integration.OrganizationId != organizationId ||
    integration.Type != updatedIntegration.Type)  // Prevents type changing
{
    throw new NotFoundException();
}

This is a critical security measure that prevents:

• Changing integration type (e.g., Webhook → Slack)
• Bypassing type-specific validation rules
• Creating inconsistent data states
• Accessing integrations from different organizations

Integration types have different configuration requirements and security implications. Excellent security consideration!

5. 👍 Validation Logic Centralization

OrganizationIntegrationConfigurationValidator.cs provides:

• ✅ Centralized validation (moved from request model)
• ✅ Type-safe validation using generics
• ✅ Proper JSON deserialization with error handling
• ✅ 244 lines of comprehensive test coverage

6. 👍 Exceptional Test Coverage

1,516 lines of new tests covering:

• ✅ All happy paths and error scenarios
• ✅ Authorization checks
• ✅ Cache invalidation verification (including dual-clearing)
• ✅ Security scenarios (type change prevention)
• ✅ Edge cases and validation rules
• ✅ Service registration and DI behavior

Controller tests simplified from ~800 to ~200 lines because business logic moved to commands/queries.

---

📝 Minor Observations

Consistency Opportunity (Not Blocking)

Most commands use primary constructors, but DeleteOrganizationIntegrationCommand uses traditional constructor with fields. Consider using primary constructors consistently for better readability.

Enhancement Opportunity (Future Work)

The validator returns only boolean results. Consider returning detailed validation errors in the future for better user feedback:

public interface IOrganizationIntegrationConfigurationValidator
{
    ValidationResult ValidateConfiguration(...);
}

Current generic error messages are acceptable for now.

---

Performance Impact: ✅ Positive/Neutral

• Improved: More targeted cache invalidation with specific keys
• Improved: Tag-based cache clearing for efficiency
• Improved: Validator reused as singleton across requests
• Neutral: No performance regression introduced

---

Security Assessment: ✅ No Issues Found

• ✅ IntegrationType change prevention implemented correctly
• ✅ Authorization checks maintained in controllers
• ✅ Using NotFoundException for auth failures (prevents information disclosure)
• ✅ No PII or sensitive data logged
• ✅ Validation prevents injection attacks through proper JSON deserialization
• ✅ Cache keys properly scoped to organization + integration type

---

Code Organization: ✅ Excellent

• Clear feature-based directory structure under EventIntegrations/
• Separation between domain logic and cross-cutting concerns
• Interfaces co-located with implementations
• Request models simplified to focus only on data binding (109 lines → 29 lines)

---

Verdict: ✅ APPROVED - Ready to Merge

This refactoring achieves all stated goals:

• ✅ Cache injection moved from controllers to CQRS commands/queries
• ✅ EventIntegrationsServiceCollectionExtensions provides clean DI setup
• ✅ IntegrationType changes properly prevented on updates
• ✅ Cache clearing improved for EventType changes

No functional bugs identified. No security vulnerabilities found.

The code quality is high, the CQRS pattern is properly implemented, and the test coverage is comprehensive. The security considerations around preventing IntegrationType changes are particularly noteworthy.

Great work! 🎉

---

[github-actions]

Checkmarx One – Scan Summary & Details – b40c45f5-89a1-4a8e-ad6d-7fa4bd18efdb

New Issues (2)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 97	details Method at line 97 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. This... ID: a%2FZ8lLs53B0UypWtZi27k5UP5O4%3D Attack Vector
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 300	details Method at line 300 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows t... ID: NW0NGvOE4%2FsM%2Bc%2B%2Ffh%2B%2BwoyzmWE%3D Attack Vector

Fixed Issues (2)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1519
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1395

[codecov]

Codecov Report

❌ Patch coverage is 82.74854% with 59 lines in your changes missing coverage. Please review.
✅ Project coverage is 53.44%. Comparing base (de5a81b) to head (78d1af2).
⚠️ Report is 13 commits behind head on brant/add-caching-to-event-integrations-configurations.

Files with missing lines	Patch %	Lines
...ilsReadManyByOrganizationIdIntegrationTypeQuery.cs	0.00%	25 Missing ⚠️
.../OrganizationIntegrationConfigurationRepository.cs	0.00%	13 Missing ⚠️
.../OrganizationIntegrationConfigurationRepository.cs	0.00%	13 Missing ⚠️
...SharedWeb/Utilities/ServiceCollectionExtensions.cs	0.00%	4 Missing ⚠️
...s/OrganizationIntegrationConfigurationValidator.cs	91.66%	2 Missing and 1 partial ⚠️
...nyByEventTypeOrganizationIdIntegrationTypeQuery.cs	0.00%	1 Missing ⚠️

Additional details and impacted files

@@                                    Coverage Diff                                     @@
##           brant/add-caching-to-event-integrations-configurations    #6675      +/-   ##
==========================================================================================
+ Coverage                                                   53.40%   53.44%   +0.03%     
==========================================================================================
  Files                                                        1910     1920      +10     
  Lines                                                       85115    85267     +152     
  Branches                                                     7640     7637       -3     
==========================================================================================
+ Hits                                                        45455    45570     +115     
- Misses                                                      37909    37943      +34     
- Partials                                                     1751     1754       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[JimmyVo16]

Can we break this up into smaller PRs? Consider identifying logical groupings. For example, if we have a lot of code that’s just moving logic from one class to another with no real changes, then consider making a PR just for that.

[brant-livefront]

@JimmyVo16 I spoke with @withinfocus and I'm going to close this PR in favor of two smaller PRs (#6689 and #6690 ). I think that will help right-size the review. 👍