Skip to content

[PM-39815] feat: Surface org name on invite-link status when links unavailable#7928

Draft
r-tome wants to merge 1 commit into
mainfrom
pm-39815-invite-link-status-org-name
Draft

[PM-39815] feat: Surface org name on invite-link status when links unavailable#7928
r-tome wants to merge 1 commit into
mainfrom
pm-39815-invite-link-status-org-name

Conversation

@r-tome

@r-tome r-tome commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

🎟️ Tracking

Resolves PM-39815

📔 Objective

The anonymous POST /organizations/invite-link/status endpoint (GetOrganizationInviteLinkStatusQuery) previously returned 400 InviteLinkNotAvailable when organization.UseInviteLinks is false. Because the v2 error pipeline only serializes ErrorResponseModel.Message, the client couldn't display the organization's name in that case.

This change:

  • Converts the UseInviteLinks == false case into a success 200 OK carrying OrganizationName, a new LinksEnabled: false flag, and SeatsAvailable: false, so the client can render an org-specific message.
  • Adds OrganizationId to the invite-link status and validate-email-domain responses ("expose orgId across the board"). The CRUD (OrganizationInviteLinkResponseModel) and policies (PolicyResponseModel) responses already exposed it.
  • Updates the IGetOrganizationInviteLinkStatusQuery XML doc to match the new contract.

Intentional divergence (re: keeping status/accept returns aligned): status now represents UseInviteLinks == false as a success (linksEnabled: false), while the authenticated accept endpoint continues to return InviteLinkNotAvailable (400) for the same condition. This is deliberate — status is a pre-flight read used to render a message, whereas accept is a guarded mutation that must reject. The shared error records/messages otherwise remain aligned.

Tests

  • Core.Test, Api.Test, and Api.IntegrationTest invite-link suites updated and passing.
  • AcceptOrganizationInviteLinkCommandTests confirm the accept endpoint's behavior is unchanged.

…available

Convert the UseInviteLinks=false case on the invite-link status endpoint from a
400 InviteLinkNotAvailable error into a 200 success carrying the org name and a
new LinksEnabled flag, so the client can show an org-specific message. Also
expose OrganizationId on the status and validate-email-domain responses.
@r-tome r-tome added the ai-review Request a Claude code review label Jul 6, 2026
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

🤖 Bitwarden Claude Code Review

Overall Assessment: APPROVE

Reviewed the change converting the anonymous POST /organizations/invite-link/status UseInviteLinks == false case from a 400 InviteLinkNotAvailable error into a 200 OK carrying OrganizationName and a new LinksEnabled: false flag, plus the addition of OrganizationId to the status and validate-email-domain responses. The LinksEnabled flag is threaded correctly through the query, OrganizationInviteLinkStatus record, response model, and controller, and the query short-circuits before touching seats/SSO when links are disabled. The internal return-type change on IValidateOrganizationInviteLinkEmailDomainQuery (bool → record) has a single production caller, which is updated; the external JSON contract change is additive. Core.Test, Api.Test, and Api.IntegrationTest suites are updated in lockstep and cover the new success path.

Code Review Details

No blocking findings.

Notes considered and cleared during review:

  • Anonymous-endpoint exposure: reaching the disabled-links branch already requires a valid invite link code resolving to an existing, enabled org, and OrganizationName was already returned on the pre-existing success path. OrganizationId is a non-secret identifier already exposed on the sibling CRUD and policies responses. No new sensitive-data exposure; zero-knowledge invariant unaffected (no vault data involved).
  • Behavior divergence between status (now 200 with linksEnabled: false) and accept (still 400) is intentional and documented in the PR description.
  • The removed GetStatus_WithNotAvailableError_ReturnsBadRequest test correctly reflects that this path no longer errors.

@codecov

codecov Bot commented Jul 6, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 61.33%. Comparing base (5b4ac6e) to head (bedb8f4).

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #7928   +/-   ##
=======================================
  Coverage   61.33%   61.33%           
=======================================
  Files        2242     2243    +1     
  Lines       98630    98645   +15     
  Branches     8911     8911           
=======================================
+ Hits        60490    60506   +16     
+ Misses      36004    36003    -1     
  Partials     2136     2136           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@r-tome r-tome added the t:feature Change Type - Feature Development label Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ai-review Request a Claude code review t:feature Change Type - Feature Development

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant