[PM-29555] Add self-revoke endpoint for declining organization data ownership policy#6739
Merged
[PM-29555] Add self-revoke endpoint for declining organization data ownership policy#6739
Conversation
…r user self-revocation from organizations
… self-revocation logic, including success scenarios and various failure conditions.
…rviceCollectionExtensions for user self-revocation functionality
…h new endpoint for user-initiated revocation
…ersController, covering scenarios for eligible users, non-members, and users with owner/admin roles.
Contributor
|
New Issues (3)Checkmarx found the following issues in this Pull Request
|
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #6739 +/- ##
==========================================
+ Coverage 54.93% 54.96% +0.03%
==========================================
Files 1927 1930 +3
Lines 85457 85507 +50
Branches 7648 7654 +6
==========================================
+ Hits 46949 47003 +54
+ Misses 36723 36717 -6
- Partials 1785 1787 +2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
…ior when a user attempts to self-revoke without confirmation. This test checks for a BadRequestException with an appropriate message.
Contributor
eliykat
requested changes
Dec 20, 2025
- Implemented MemberRequirement to check if a user is a member of the organization. - Added unit tests for MemberRequirement to validate authorization logic for different user types.
…egration test for provider users - Changed authorization attribute from MemberOrProviderRequirement to MemberRequirement in the RevokeSelfAsync method. - Added a new integration test to verify that provider users who are not members receive a forbidden response when attempting to revoke themselves.
…quirement - Implemented the EligibleForSelfRevoke method to determine if a user can self-revoke their data ownership based on their membership status and policy state. - Added unit tests to validate the eligibility logic for confirmed, invited, and non-policy users, as well as for different organization IDs.
- Updated the SelfRevokeOrganizationUserCommand to utilize policy requirements for determining user eligibility for self-revocation. - Implemented checks to prevent the last owner from revoking themselves, ensuring organizational integrity. - Modified unit tests to reflect changes in eligibility logic and added scenarios for confirmed owners and admins. - Removed deprecated policy checks and streamlined the command's dependencies.
eliykat
previously approved these changes
Dec 30, 2025
Member
eliykat
left a comment
eliykat
left a comment
There was a problem hiding this comment.
Some non-blocking comments on comments. 😀
Comment on lines
+76
to
+77
| /// <summary> | ||
| /// Determines if a user is eligible for self-revocation under the Organization Data Ownership policy. |
Member
There was a problem hiding this comment.
Worth noting something like: "Self-revoke is used to opt out of migrating the user's personal vault to the organization pursuant to this policy." Just to explain how self-revoke relates to this policy.
Comment on lines
+13
to
+14
| /// Validates the OrganizationDataOwnership policy is enabled and applies to the user (currently Owners/Admins are exempt), | ||
| /// the user is a confirmed member, and prevents the last owner from revoking themselves. |
Member
There was a problem hiding this comment.
I worry about including this much implementation detail in the xmldoc; generally callers don't need to know what checks are done internally. However if you think they're useful to include, I think the <remarks> section is better for this.
eliykat
approved these changes
Jan 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-29555
📔 Objective
Adds
PUT /organizations/{orgId}/users/revoke-selfendpoint that allows organization users to self-revoke when declining theOrganizationDataOwnershippolicy.The endpoint verifies that the policy is enabled, requires the user to be in a Confirmed state, and blocks Owners and Admins from self-revoking. Adds a new
OrganizationUser_SelfRevokedevent for audit logging.⏰ Reminders before review
🦮 Reviewer guidelines
:+1:) or similar for great changes:memo:) or ℹ️ (:information_source:) for notes or general info:question:) for questions:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion:art:) for suggestions / improvements:x:) or:warning:) for more significant problems or concerns needing attention:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt:pick:) for minor or nitpick changes