Merge branch 'main' of github.com:bitwarden/server into arch/seeder-api

# Conflicts:
#	util/Seeder/Recipes/OrganizationWithUsersRecipe.cs

test/Core.Test/AdminConsole/AutoFixture/OrganizationUserPolicyDetailsFixtures.cs

@@ -2,6 +2,7 @@
 using AutoFixture;
 using AutoFixture.Xunit2;
 using Bit.Core.AdminConsole.Enums;
+using Bit.Core.Enums;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 
 namespace Bit.Core.Test.AdminConsole.AutoFixture;
@@ -9,10 +10,16 @@ namespace Bit.Core.Test.AdminConsole.AutoFixture;
 internal class OrganizationUserPolicyDetailsCustomization : ICustomization
 {
     public PolicyType Type { get; set; }
+    public OrganizationUserStatusType Status { get; set; }
+    public OrganizationUserType UserType { get; set; }
+    public bool IsProvider { get; set; }
 
-    public OrganizationUserPolicyDetailsCustomization(PolicyType type)
+    public OrganizationUserPolicyDetailsCustomization(PolicyType type, OrganizationUserStatusType status, OrganizationUserType userType, bool isProvider)
     {
         Type = type;
+        Status = status;
+        UserType = userType;
+        IsProvider = isProvider;
     }
 
     public void Customize(IFixture fixture)
@@ -20,6 +27,9 @@ internal class OrganizationUserPolicyDetailsCustomization : ICustomization
         fixture.Customize<OrganizationUserPolicyDetails>(composer => composer
             .With(o => o.OrganizationId, Guid.NewGuid())
             .With(o => o.PolicyType, Type)
+            .With(o => o.OrganizationUserStatus, Status)
+            .With(o => o.OrganizationUserType, UserType)
+            .With(o => o.IsProvider, IsProvider)
             .With(o => o.PolicyEnabled, true));
     }
 }
@@ -27,14 +37,25 @@ internal class OrganizationUserPolicyDetailsCustomization : ICustomization
 public class OrganizationUserPolicyDetailsAttribute : CustomizeAttribute
 {
     private readonly PolicyType _type;
+    private readonly OrganizationUserStatusType _status;
+    private readonly OrganizationUserType _userType;
+    private readonly bool _isProvider;
 
-    public OrganizationUserPolicyDetailsAttribute(PolicyType type)
+    public OrganizationUserPolicyDetailsAttribute(PolicyType type) : this(type, OrganizationUserStatusType.Accepted, OrganizationUserType.User, false)
     {
         _type = type;
     }
 
+    public OrganizationUserPolicyDetailsAttribute(PolicyType type, OrganizationUserStatusType status, OrganizationUserType userType, bool isProvider)
+    {
+        _type = type;
+        _status = status;
+        _userType = userType;
+        _isProvider = isProvider;
+    }
+
     public override ICustomization GetCustomization(ParameterInfo parameter)
     {
-        return new OrganizationUserPolicyDetailsCustomization(_type);
+        return new OrganizationUserPolicyDetailsCustomization(_type, _status, _userType, _isProvider);
     }
 }

test/Core.Test/AdminConsole/EventIntegrations/EventIntegrationServiceCollectionExtensionsTests.cs

@@ -0,0 +1,866 @@
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrationConfigurations.Interfaces;
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrations.Interfaces;
+using Bit.Core.AdminConsole.Models.Data.EventIntegrations;
+using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.AdminConsole.Services;
+using Bit.Core.AdminConsole.Services.NoopImplementations;
+using Bit.Core.Repositories;
+using Bit.Core.Services;
+using Bit.Core.Settings;
+using Bit.Core.Utilities;
+using Microsoft.Bot.Builder;
+using Microsoft.Bot.Builder.Integration.AspNet.Core;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection.Extensions;
+using Microsoft.Extensions.Hosting;
+using NSubstitute;
+using StackExchange.Redis;
+using Xunit;
+using ZiggyCreatures.Caching.Fusion;
+
+namespace Bit.Core.Test.AdminConsole.EventIntegrations;
+
+public class EventIntegrationServiceCollectionExtensionsTests
+{
+    private readonly IServiceCollection _services;
+    private readonly GlobalSettings _globalSettings;
+
+    public EventIntegrationServiceCollectionExtensionsTests()
+    {
+        _services = new ServiceCollection();
+        _globalSettings = CreateGlobalSettings([]);
+
+        // Add required infrastructure services
+        _services.TryAddSingleton(_globalSettings);
+        _services.TryAddSingleton<IGlobalSettings>(_globalSettings);
+        _services.AddLogging();
+
+        // Mock Redis connection for cache
+        _services.AddSingleton(Substitute.For<IConnectionMultiplexer>());
+
+        // Mock required repository dependencies for commands
+        _services.TryAddScoped(_ => Substitute.For<IOrganizationIntegrationRepository>());
+        _services.TryAddScoped(_ => Substitute.For<IOrganizationIntegrationConfigurationRepository>());
+        _services.TryAddScoped(_ => Substitute.For<IOrganizationRepository>());
+    }
+
+    [Fact]
+    public void AddEventIntegrationsCommandsQueries_RegistersAllServices()
+    {
+        _services.AddEventIntegrationsCommandsQueries(_globalSettings);
+
+        using var provider = _services.BuildServiceProvider();
+
+        var cache = provider.GetRequiredKeyedService<IFusionCache>(EventIntegrationsCacheConstants.CacheName);
+        Assert.NotNull(cache);
+
+        var validator = provider.GetRequiredService<IOrganizationIntegrationConfigurationValidator>();
+        Assert.NotNull(validator);
+
+        using var scope = provider.CreateScope();
+        var sp = scope.ServiceProvider;
+
+        Assert.NotNull(sp.GetService<ICreateOrganizationIntegrationCommand>());
+        Assert.NotNull(sp.GetService<IUpdateOrganizationIntegrationCommand>());
+        Assert.NotNull(sp.GetService<IDeleteOrganizationIntegrationCommand>());
+        Assert.NotNull(sp.GetService<IGetOrganizationIntegrationsQuery>());
+
+        Assert.NotNull(sp.GetService<ICreateOrganizationIntegrationConfigurationCommand>());
+        Assert.NotNull(sp.GetService<IUpdateOrganizationIntegrationConfigurationCommand>());
+        Assert.NotNull(sp.GetService<IDeleteOrganizationIntegrationConfigurationCommand>());
+        Assert.NotNull(sp.GetService<IGetOrganizationIntegrationConfigurationsQuery>());
+    }
+
+    [Fact]
+    public void AddEventIntegrationsCommandsQueries_CommandsQueries_AreRegisteredAsScoped()
+    {
+        _services.AddEventIntegrationsCommandsQueries(_globalSettings);
+
+        var createIntegrationDescriptor = _services.First(s =>
+            s.ServiceType == typeof(ICreateOrganizationIntegrationCommand));
+        var createConfigDescriptor = _services.First(s =>
+            s.ServiceType == typeof(ICreateOrganizationIntegrationConfigurationCommand));
+
+        Assert.Equal(ServiceLifetime.Scoped, createIntegrationDescriptor.Lifetime);
+        Assert.Equal(ServiceLifetime.Scoped, createConfigDescriptor.Lifetime);
+    }
+
+    [Fact]
+    public void AddEventIntegrationsCommandsQueries_CommandsQueries_DifferentInstancesPerScope()
+    {
+        _services.AddEventIntegrationsCommandsQueries(_globalSettings);
+
+        var provider = _services.BuildServiceProvider();
+
+        ICreateOrganizationIntegrationCommand? instance1, instance2, instance3;
+        using (var scope1 = provider.CreateScope())
+        {
+            instance1 = scope1.ServiceProvider.GetService<ICreateOrganizationIntegrationCommand>();
+        }
+        using (var scope2 = provider.CreateScope())
+        {
+            instance2 = scope2.ServiceProvider.GetService<ICreateOrganizationIntegrationCommand>();
+        }
+        using (var scope3 = provider.CreateScope())
+        {
+            instance3 = scope3.ServiceProvider.GetService<ICreateOrganizationIntegrationCommand>();
+        }
+
+        Assert.NotNull(instance1);
+        Assert.NotNull(instance2);
+        Assert.NotNull(instance3);
+        Assert.NotSame(instance1, instance2);
+        Assert.NotSame(instance2, instance3);
+        Assert.NotSame(instance1, instance3);
+    }
+
+    [Fact]
+    public void AddEventIntegrationsCommandsQueries_CommandsQueries__SameInstanceWithinScope()
+    {
+        _services.AddEventIntegrationsCommandsQueries(_globalSettings);
+        var provider = _services.BuildServiceProvider();
+
+        using var scope = provider.CreateScope();
+        var instance1 = scope.ServiceProvider.GetService<ICreateOrganizationIntegrationCommand>();
+        var instance2 = scope.ServiceProvider.GetService<ICreateOrganizationIntegrationCommand>();
+
+        Assert.NotNull(instance1);
+        Assert.NotNull(instance2);
+        Assert.Same(instance1, instance2);
+    }
+
+    [Fact]
+    public void AddEventIntegrationsCommandsQueries_MultipleCalls_IsIdempotent()
+    {
+        _services.AddEventIntegrationsCommandsQueries(_globalSettings);
+        _services.AddEventIntegrationsCommandsQueries(_globalSettings);
+        _services.AddEventIntegrationsCommandsQueries(_globalSettings);
+
+        var createConfigCmdDescriptors = _services.Where(s =>
+            s.ServiceType == typeof(ICreateOrganizationIntegrationConfigurationCommand)).ToList();
+        Assert.Single(createConfigCmdDescriptors);
+
+        var updateIntegrationCmdDescriptors = _services.Where(s =>
+            s.ServiceType == typeof(IUpdateOrganizationIntegrationCommand)).ToList();
+        Assert.Single(updateIntegrationCmdDescriptors);
+    }
+
+    [Fact]
+    public void AddOrganizationIntegrationCommandsQueries_RegistersAllIntegrationServices()
+    {
+        _services.AddOrganizationIntegrationCommandsQueries();
+
+        Assert.Contains(_services, s => s.ServiceType == typeof(ICreateOrganizationIntegrationCommand));
+        Assert.Contains(_services, s => s.ServiceType == typeof(IUpdateOrganizationIntegrationCommand));
+        Assert.Contains(_services, s => s.ServiceType == typeof(IDeleteOrganizationIntegrationCommand));
+        Assert.Contains(_services, s => s.ServiceType == typeof(IGetOrganizationIntegrationsQuery));
+    }
+
+    [Fact]
+    public void AddOrganizationIntegrationCommandsQueries_MultipleCalls_IsIdempotent()
+    {
+        _services.AddOrganizationIntegrationCommandsQueries();
+        _services.AddOrganizationIntegrationCommandsQueries();
+        _services.AddOrganizationIntegrationCommandsQueries();
+
+        var createCmdDescriptors = _services.Where(s =>
+            s.ServiceType == typeof(ICreateOrganizationIntegrationCommand)).ToList();
+        Assert.Single(createCmdDescriptors);
+    }
+
+    [Fact]
+    public void AddOrganizationIntegrationConfigurationCommandsQueries_RegistersAllConfigurationServices()
+    {
+        _services.AddOrganizationIntegrationConfigurationCommandsQueries();
+
+        Assert.Contains(_services, s => s.ServiceType == typeof(ICreateOrganizationIntegrationConfigurationCommand));
+        Assert.Contains(_services, s => s.ServiceType == typeof(IUpdateOrganizationIntegrationConfigurationCommand));
+        Assert.Contains(_services, s => s.ServiceType == typeof(IDeleteOrganizationIntegrationConfigurationCommand));
+        Assert.Contains(_services, s => s.ServiceType == typeof(IGetOrganizationIntegrationConfigurationsQuery));
+    }
+
+    [Fact]
+    public void AddOrganizationIntegrationConfigurationCommandsQueries_MultipleCalls_IsIdempotent()
+    {
+        _services.AddOrganizationIntegrationConfigurationCommandsQueries();
+        _services.AddOrganizationIntegrationConfigurationCommandsQueries();
+        _services.AddOrganizationIntegrationConfigurationCommandsQueries();
+
+        var createCmdDescriptors = _services.Where(s =>
+            s.ServiceType == typeof(ICreateOrganizationIntegrationConfigurationCommand)).ToList();
+        Assert.Single(createCmdDescriptors);
+    }
+
+    [Fact]
+    public void IsRabbitMqEnabled_AllSettingsPresent_ReturnsTrue()
+    {
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:EventLogging:RabbitMq:HostName"] = "localhost",
+            ["GlobalSettings:EventLogging:RabbitMq:Username"] = "user",
+            ["GlobalSettings:EventLogging:RabbitMq:Password"] = "pass",
+            ["GlobalSettings:EventLogging:RabbitMq:EventExchangeName"] = "exchange"
+        });
+
+        Assert.True(EventIntegrationsServiceCollectionExtensions.IsRabbitMqEnabled(globalSettings));
+    }
+
+    [Fact]
+    public void IsRabbitMqEnabled_MissingHostName_ReturnsFalse()
+    {
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:EventLogging:RabbitMq:HostName"] = null,
+            ["GlobalSettings:EventLogging:RabbitMq:Username"] = "user",
+            ["GlobalSettings:EventLogging:RabbitMq:Password"] = "pass",
+            ["GlobalSettings:EventLogging:RabbitMq:EventExchangeName"] = "exchange"
+        });
+
+        Assert.False(EventIntegrationsServiceCollectionExtensions.IsRabbitMqEnabled(globalSettings));
+    }
+
+    [Fact]
+    public void IsRabbitMqEnabled_MissingUsername_ReturnsFalse()
+    {
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:EventLogging:RabbitMq:HostName"] = "localhost",
+            ["GlobalSettings:EventLogging:RabbitMq:Username"] = null,
+            ["GlobalSettings:EventLogging:RabbitMq:Password"] = "pass",
+            ["GlobalSettings:EventLogging:RabbitMq:EventExchangeName"] = "exchange"
+        });
+
+        Assert.False(EventIntegrationsServiceCollectionExtensions.IsRabbitMqEnabled(globalSettings));
+    }
+
+    [Fact]
+    public void IsRabbitMqEnabled_MissingPassword_ReturnsFalse()
+    {
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:EventLogging:RabbitMq:HostName"] = "localhost",
+            ["GlobalSettings:EventLogging:RabbitMq:Username"] = "user",
+            ["GlobalSettings:EventLogging:RabbitMq:Password"] = null,
+            ["GlobalSettings:EventLogging:RabbitMq:EventExchangeName"] = "exchange"
+        });
+
+        Assert.False(EventIntegrationsServiceCollectionExtensions.IsRabbitMqEnabled(globalSettings));
+    }
+
+    [Fact]
+    public void IsRabbitMqEnabled_MissingExchangeName_ReturnsFalse()
+    {
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:EventLogging:RabbitMq:HostName"] = "localhost",
+            ["GlobalSettings:EventLogging:RabbitMq:Username"] = "user",
+            ["GlobalSettings:EventLogging:RabbitMq:Password"] = "pass",
+            ["GlobalSettings:EventLogging:RabbitMq:EventExchangeName"] = null
+        });
+
+        Assert.False(EventIntegrationsServiceCollectionExtensions.IsRabbitMqEnabled(globalSettings));
+    }
+
+    [Fact]
+    public void IsAzureServiceBusEnabled_AllSettingsPresent_ReturnsTrue()
+    {
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:EventLogging:AzureServiceBus:ConnectionString"] = "Endpoint=sb://test.servicebus.windows.net/;SharedAccessKeyName=test;SharedAccessKey=test",
+            ["GlobalSettings:EventLogging:AzureServiceBus:EventTopicName"] = "events"
+        });
+
+        Assert.True(EventIntegrationsServiceCollectionExtensions.IsAzureServiceBusEnabled(globalSettings));
+    }
+
+    [Fact]
+    public void IsAzureServiceBusEnabled_MissingConnectionString_ReturnsFalse()
+    {
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:EventLogging:AzureServiceBus:ConnectionString"] = null,
+            ["GlobalSettings:EventLogging:AzureServiceBus:EventTopicName"] = "events"
+        });
+
+        Assert.False(EventIntegrationsServiceCollectionExtensions.IsAzureServiceBusEnabled(globalSettings));
+    }
+
+    [Fact]
+    public void IsAzureServiceBusEnabled_MissingTopicName_ReturnsFalse()
+    {
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:EventLogging:AzureServiceBus:ConnectionString"] = "Endpoint=sb://test.servicebus.windows.net/;SharedAccessKeyName=test;SharedAccessKey=test",
+            ["GlobalSettings:EventLogging:AzureServiceBus:EventTopicName"] = null
+        });
+
+        Assert.False(EventIntegrationsServiceCollectionExtensions.IsAzureServiceBusEnabled(globalSettings));
+    }
+
+    [Fact]
+    public void AddSlackService_AllSettingsPresent_RegistersSlackService()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:Slack:ClientId"] = "test-client-id",
+            ["GlobalSettings:Slack:ClientSecret"] = "test-client-secret",
+            ["GlobalSettings:Slack:Scopes"] = "test-scopes"
+        });
+
+        services.TryAddSingleton(globalSettings);
+        services.AddLogging();
+        services.AddSlackService(globalSettings);
+
+        var provider = services.BuildServiceProvider();
+        var slackService = provider.GetService<ISlackService>();
+
+        Assert.NotNull(slackService);
+        Assert.IsType<SlackService>(slackService);
+
+        var httpClientDescriptor = services.FirstOrDefault(s =>
+            s.ServiceType == typeof(IHttpClientFactory));
+        Assert.NotNull(httpClientDescriptor);
+    }
+
+    [Fact]
+    public void AddSlackService_SettingsMissing_RegistersNoopService()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:Slack:ClientId"] = null,
+            ["GlobalSettings:Slack:ClientSecret"] = null,
+            ["GlobalSettings:Slack:Scopes"] = null
+        });
+
+        services.AddSlackService(globalSettings);
+
+        var provider = services.BuildServiceProvider();
+        var slackService = provider.GetService<ISlackService>();
+
+        Assert.NotNull(slackService);
+        Assert.IsType<NoopSlackService>(slackService);
+    }
+
+    [Fact]
+    public void AddTeamsService_AllSettingsPresent_RegistersTeamsServices()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:Teams:ClientId"] = "test-client-id",
+            ["GlobalSettings:Teams:ClientSecret"] = "test-client-secret",
+            ["GlobalSettings:Teams:Scopes"] = "test-scopes"
+        });
+
+        services.TryAddSingleton(globalSettings);
+        services.AddLogging();
+        services.TryAddScoped(_ => Substitute.For<IOrganizationIntegrationRepository>());
+        services.AddTeamsService(globalSettings);
+
+        var provider = services.BuildServiceProvider();
+
+        var teamsService = provider.GetService<ITeamsService>();
+        Assert.NotNull(teamsService);
+        Assert.IsType<TeamsService>(teamsService);
+
+        var bot = provider.GetService<IBot>();
+        Assert.NotNull(bot);
+        Assert.IsType<TeamsService>(bot);
+
+        var adapter = provider.GetService<IBotFrameworkHttpAdapter>();
+        Assert.NotNull(adapter);
+        Assert.IsType<BotFrameworkHttpAdapter>(adapter);
+
+        var httpClientDescriptor = services.FirstOrDefault(s =>
+            s.ServiceType == typeof(IHttpClientFactory));
+        Assert.NotNull(httpClientDescriptor);
+    }
+
+    [Fact]
+    public void AddTeamsService_SettingsMissing_RegistersNoopService()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:Teams:ClientId"] = null,
+            ["GlobalSettings:Teams:ClientSecret"] = null,
+            ["GlobalSettings:Teams:Scopes"] = null
+        });
+
+        services.AddTeamsService(globalSettings);
+
+        var provider = services.BuildServiceProvider();
+        var teamsService = provider.GetService<ITeamsService>();
+
+        Assert.NotNull(teamsService);
+        Assert.IsType<NoopTeamsService>(teamsService);
+    }
+
+    [Fact]
+    public void AddRabbitMqIntegration_RegistersEventIntegrationHandler()
+    {
+        var services = new ServiceCollection();
+        var listenerConfig = new TestListenerConfiguration();
+
+        // Add required dependencies
+        services.TryAddSingleton(Substitute.For<IEventIntegrationPublisher>());
+        services.TryAddSingleton(Substitute.For<IIntegrationFilterService>());
+        services.TryAddKeyedSingleton(EventIntegrationsCacheConstants.CacheName, Substitute.For<IFusionCache>());
+        services.TryAddSingleton(Substitute.For<IOrganizationIntegrationConfigurationRepository>());
+        services.TryAddSingleton(Substitute.For<IGroupRepository>());
+        services.TryAddSingleton(Substitute.For<IOrganizationRepository>());
+        services.TryAddSingleton(Substitute.For<IOrganizationUserRepository>());
+        services.AddLogging();
+
+        services.AddRabbitMqIntegration<WebhookIntegrationConfigurationDetails, TestListenerConfiguration>(listenerConfig);
+
+        var provider = services.BuildServiceProvider();
+        var handler = provider.GetRequiredKeyedService<IEventMessageHandler>(listenerConfig.RoutingKey);
+
+        Assert.NotNull(handler);
+    }
+
+    [Fact]
+    public void AddRabbitMqIntegration_RegistersEventListenerService()
+    {
+        var services = new ServiceCollection();
+        var listenerConfig = new TestListenerConfiguration();
+
+        // Add required dependencies
+        services.TryAddSingleton(Substitute.For<IEventIntegrationPublisher>());
+        services.TryAddSingleton(Substitute.For<IIntegrationFilterService>());
+        services.TryAddKeyedSingleton(EventIntegrationsCacheConstants.CacheName, Substitute.For<IFusionCache>());
+        services.TryAddSingleton(Substitute.For<IOrganizationIntegrationConfigurationRepository>());
+        services.TryAddSingleton(Substitute.For<IGroupRepository>());
+        services.TryAddSingleton(Substitute.For<IOrganizationRepository>());
+        services.TryAddSingleton(Substitute.For<IOrganizationUserRepository>());
+        services.TryAddSingleton(Substitute.For<IRabbitMqService>());
+        services.AddLogging();
+
+        var beforeCount = services.Count(s => s.ServiceType == typeof(IHostedService));
+        services.AddRabbitMqIntegration<WebhookIntegrationConfigurationDetails, TestListenerConfiguration>(listenerConfig);
+        var afterCount = services.Count(s => s.ServiceType == typeof(IHostedService));
+
+        // AddRabbitMqIntegration should register 2 hosted services (Event + Integration listeners)
+        Assert.Equal(2, afterCount - beforeCount);
+    }
+
+    [Fact]
+    public void AddRabbitMqIntegration_RegistersIntegrationListenerService()
+    {
+        var services = new ServiceCollection();
+        var listenerConfig = new TestListenerConfiguration();
+
+        // Add required dependencies
+        services.TryAddSingleton(Substitute.For<IEventIntegrationPublisher>());
+        services.TryAddSingleton(Substitute.For<IIntegrationFilterService>());
+        services.TryAddKeyedSingleton(EventIntegrationsCacheConstants.CacheName, Substitute.For<IFusionCache>());
+        services.TryAddSingleton(Substitute.For<IOrganizationIntegrationConfigurationRepository>());
+        services.TryAddSingleton(Substitute.For<IGroupRepository>());
+        services.TryAddSingleton(Substitute.For<IOrganizationRepository>());
+        services.TryAddSingleton(Substitute.For<IOrganizationUserRepository>());
+        services.TryAddSingleton(Substitute.For<IRabbitMqService>());
+        services.TryAddSingleton(Substitute.For<IIntegrationHandler<WebhookIntegrationConfigurationDetails>>());
+        services.TryAddSingleton(TimeProvider.System);
+        services.AddLogging();
+
+        var beforeCount = services.Count(s => s.ServiceType == typeof(IHostedService));
+        services.AddRabbitMqIntegration<WebhookIntegrationConfigurationDetails, TestListenerConfiguration>(listenerConfig);
+        var afterCount = services.Count(s => s.ServiceType == typeof(IHostedService));
+
+        // AddRabbitMqIntegration should register 2 hosted services (Event + Integration listeners)
+        Assert.Equal(2, afterCount - beforeCount);
+    }
+
+    [Fact]
+    public void AddAzureServiceBusIntegration_RegistersEventIntegrationHandler()
+    {
+        var services = new ServiceCollection();
+        var listenerConfig = new TestListenerConfiguration();
+
+        // Add required dependencies
+        services.TryAddSingleton(Substitute.For<IEventIntegrationPublisher>());
+        services.TryAddSingleton(Substitute.For<IIntegrationFilterService>());
+        services.TryAddKeyedSingleton(EventIntegrationsCacheConstants.CacheName, Substitute.For<IFusionCache>());
+        services.TryAddSingleton(Substitute.For<IOrganizationIntegrationConfigurationRepository>());
+        services.TryAddSingleton(Substitute.For<IGroupRepository>());
+        services.TryAddSingleton(Substitute.For<IOrganizationRepository>());
+        services.TryAddSingleton(Substitute.For<IOrganizationUserRepository>());
+        services.AddLogging();
+
+        services.AddAzureServiceBusIntegration<WebhookIntegrationConfigurationDetails, TestListenerConfiguration>(listenerConfig);
+
+        var provider = services.BuildServiceProvider();
+        var handler = provider.GetRequiredKeyedService<IEventMessageHandler>(listenerConfig.RoutingKey);
+
+        Assert.NotNull(handler);
+    }
+
+    [Fact]
+    public void AddAzureServiceBusIntegration_RegistersEventListenerService()
+    {
+        var services = new ServiceCollection();
+        var listenerConfig = new TestListenerConfiguration();
+
+        // Add required dependencies
+        services.TryAddSingleton(Substitute.For<IEventIntegrationPublisher>());
+        services.TryAddSingleton(Substitute.For<IIntegrationFilterService>());
+        services.TryAddKeyedSingleton(EventIntegrationsCacheConstants.CacheName, Substitute.For<IFusionCache>());
+        services.TryAddSingleton(Substitute.For<IOrganizationIntegrationConfigurationRepository>());
+        services.TryAddSingleton(Substitute.For<IGroupRepository>());
+        services.TryAddSingleton(Substitute.For<IOrganizationRepository>());
+        services.TryAddSingleton(Substitute.For<IOrganizationUserRepository>());
+        services.TryAddSingleton(Substitute.For<IAzureServiceBusService>());
+        services.AddLogging();
+
+        var beforeCount = services.Count(s => s.ServiceType == typeof(IHostedService));
+        services.AddAzureServiceBusIntegration<WebhookIntegrationConfigurationDetails, TestListenerConfiguration>(listenerConfig);
+        var afterCount = services.Count(s => s.ServiceType == typeof(IHostedService));
+
+        // AddAzureServiceBusIntegration should register 2 hosted services (Event + Integration listeners)
+        Assert.Equal(2, afterCount - beforeCount);
+    }
+
+    [Fact]
+    public void AddAzureServiceBusIntegration_RegistersIntegrationListenerService()
+    {
+        var services = new ServiceCollection();
+        var listenerConfig = new TestListenerConfiguration();
+
+        // Add required dependencies
+        services.TryAddSingleton(Substitute.For<IEventIntegrationPublisher>());
+        services.TryAddSingleton(Substitute.For<IIntegrationFilterService>());
+        services.TryAddKeyedSingleton(EventIntegrationsCacheConstants.CacheName, Substitute.For<IFusionCache>());
+        services.TryAddSingleton(Substitute.For<IOrganizationIntegrationConfigurationRepository>());
+        services.TryAddSingleton(Substitute.For<IGroupRepository>());
+        services.TryAddSingleton(Substitute.For<IOrganizationRepository>());
+        services.TryAddSingleton(Substitute.For<IOrganizationUserRepository>());
+        services.TryAddSingleton(Substitute.For<IAzureServiceBusService>());
+        services.TryAddSingleton(Substitute.For<IIntegrationHandler<WebhookIntegrationConfigurationDetails>>());
+        services.AddLogging();
+
+        var beforeCount = services.Count(s => s.ServiceType == typeof(IHostedService));
+        services.AddAzureServiceBusIntegration<WebhookIntegrationConfigurationDetails, TestListenerConfiguration>(listenerConfig);
+        var afterCount = services.Count(s => s.ServiceType == typeof(IHostedService));
+
+        // AddAzureServiceBusIntegration should register 2 hosted services (Event + Integration listeners)
+        Assert.Equal(2, afterCount - beforeCount);
+    }
+
+    [Fact]
+    public void AddEventIntegrationServices_RegistersCommonServices()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings([]);
+
+        // Add prerequisites
+        services.TryAddSingleton(globalSettings);
+        services.TryAddSingleton(Substitute.For<IConnectionMultiplexer>());
+        services.AddLogging();
+
+        services.AddEventIntegrationServices(globalSettings);
+
+        // Verify common services are registered
+        Assert.Contains(services, s => s.ServiceType == typeof(IIntegrationFilterService));
+        Assert.Contains(services, s => s.ServiceType == typeof(TimeProvider));
+
+        // Verify HttpClients for handlers are registered
+        var httpClientDescriptors = services.Where(s => s.ServiceType == typeof(IHttpClientFactory)).ToList();
+        Assert.NotEmpty(httpClientDescriptors);
+    }
+
+    [Fact]
+    public void AddEventIntegrationServices_RegistersIntegrationHandlers()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings([]);
+
+        // Add prerequisites
+        services.TryAddSingleton(globalSettings);
+        services.TryAddSingleton(Substitute.For<IConnectionMultiplexer>());
+        services.AddLogging();
+
+        services.AddEventIntegrationServices(globalSettings);
+
+        // Verify integration handlers are registered
+        Assert.Contains(services, s => s.ServiceType == typeof(IIntegrationHandler<SlackIntegrationConfigurationDetails>));
+        Assert.Contains(services, s => s.ServiceType == typeof(IIntegrationHandler<WebhookIntegrationConfigurationDetails>));
+        Assert.Contains(services, s => s.ServiceType == typeof(IIntegrationHandler<DatadogIntegrationConfigurationDetails>));
+        Assert.Contains(services, s => s.ServiceType == typeof(IIntegrationHandler<TeamsIntegrationConfigurationDetails>));
+    }
+
+    [Fact]
+    public void AddEventIntegrationServices_RabbitMqEnabled_RegistersRabbitMqListeners()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:EventLogging:RabbitMq:HostName"] = "localhost",
+            ["GlobalSettings:EventLogging:RabbitMq:Username"] = "user",
+            ["GlobalSettings:EventLogging:RabbitMq:Password"] = "pass",
+            ["GlobalSettings:EventLogging:RabbitMq:EventExchangeName"] = "exchange"
+        });
+
+        // Add prerequisites
+        services.TryAddSingleton(globalSettings);
+        services.TryAddSingleton(Substitute.For<IConnectionMultiplexer>());
+        services.AddLogging();
+
+        var beforeCount = services.Count(s => s.ServiceType == typeof(IHostedService));
+        services.AddEventIntegrationServices(globalSettings);
+        var afterCount = services.Count(s => s.ServiceType == typeof(IHostedService));
+
+        // Should register 11 hosted services for RabbitMQ: 1 repository + 5*2 integration listeners (event+integration)
+        Assert.Equal(11, afterCount - beforeCount);
+    }
+
+    [Fact]
+    public void AddEventIntegrationServices_AzureServiceBusEnabled_RegistersAzureListeners()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:EventLogging:AzureServiceBus:ConnectionString"] = "Endpoint=sb://test.servicebus.windows.net/;SharedAccessKeyName=test;SharedAccessKey=test",
+            ["GlobalSettings:EventLogging:AzureServiceBus:EventTopicName"] = "events"
+        });
+
+        // Add prerequisites
+        services.TryAddSingleton(globalSettings);
+        services.TryAddSingleton(Substitute.For<IConnectionMultiplexer>());
+        services.AddLogging();
+
+        var beforeCount = services.Count(s => s.ServiceType == typeof(IHostedService));
+        services.AddEventIntegrationServices(globalSettings);
+        var afterCount = services.Count(s => s.ServiceType == typeof(IHostedService));
+
+        // Should register 11 hosted services for Azure Service Bus: 1 repository + 5*2 integration listeners (event+integration)
+        Assert.Equal(11, afterCount - beforeCount);
+    }
+
+    [Fact]
+    public void AddEventIntegrationServices_BothEnabled_AzureServiceBusTakesPrecedence()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:EventLogging:RabbitMq:HostName"] = "localhost",
+            ["GlobalSettings:EventLogging:RabbitMq:Username"] = "user",
+            ["GlobalSettings:EventLogging:RabbitMq:Password"] = "pass",
+            ["GlobalSettings:EventLogging:RabbitMq:EventExchangeName"] = "exchange",
+            ["GlobalSettings:EventLogging:AzureServiceBus:ConnectionString"] = "Endpoint=sb://test.servicebus.windows.net/;SharedAccessKeyName=test;SharedAccessKey=test",
+            ["GlobalSettings:EventLogging:AzureServiceBus:EventTopicName"] = "events"
+        });
+
+        // Add prerequisites
+        services.TryAddSingleton(globalSettings);
+        services.TryAddSingleton(Substitute.For<IConnectionMultiplexer>());
+        services.AddLogging();
+
+        var beforeCount = services.Count(s => s.ServiceType == typeof(IHostedService));
+        services.AddEventIntegrationServices(globalSettings);
+        var afterCount = services.Count(s => s.ServiceType == typeof(IHostedService));
+
+        // Should register 11 hosted services for Azure Service Bus: 1 repository + 5*2 integration listeners (event+integration)
+        // NO RabbitMQ services should be enabled because ASB takes precedence
+        Assert.Equal(11, afterCount - beforeCount);
+    }
+
+    [Fact]
+    public void AddEventIntegrationServices_NeitherEnabled_RegistersNoListeners()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings([]);
+
+        // Add prerequisites
+        services.TryAddSingleton(globalSettings);
+        services.TryAddSingleton(Substitute.For<IConnectionMultiplexer>());
+        services.AddLogging();
+
+        var beforeCount = services.Count(s => s.ServiceType == typeof(IHostedService));
+        services.AddEventIntegrationServices(globalSettings);
+        var afterCount = services.Count(s => s.ServiceType == typeof(IHostedService));
+
+        // Should register no hosted services when neither RabbitMQ nor Azure Service Bus is enabled
+        Assert.Equal(0, afterCount - beforeCount);
+    }
+
+    [Fact]
+    public void AddEventWriteServices_AzureServiceBusEnabled_RegistersAzureServices()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:EventLogging:AzureServiceBus:ConnectionString"] = "Endpoint=sb://test.servicebus.windows.net/;SharedAccessKeyName=test;SharedAccessKey=test",
+            ["GlobalSettings:EventLogging:AzureServiceBus:EventTopicName"] = "events"
+        });
+
+        services.AddEventWriteServices(globalSettings);
+
+        Assert.Contains(services, s => s.ServiceType == typeof(IEventIntegrationPublisher) && s.ImplementationType == typeof(AzureServiceBusService));
+        Assert.Contains(services, s => s.ServiceType == typeof(IEventWriteService) && s.ImplementationType == typeof(EventIntegrationEventWriteService));
+    }
+
+    [Fact]
+    public void AddEventWriteServices_RabbitMqEnabled_RegistersRabbitMqServices()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:EventLogging:RabbitMq:HostName"] = "localhost",
+            ["GlobalSettings:EventLogging:RabbitMq:Username"] = "user",
+            ["GlobalSettings:EventLogging:RabbitMq:Password"] = "pass",
+            ["GlobalSettings:EventLogging:RabbitMq:EventExchangeName"] = "exchange"
+        });
+
+        services.AddEventWriteServices(globalSettings);
+
+        Assert.Contains(services, s => s.ServiceType == typeof(IEventIntegrationPublisher) && s.ImplementationType == typeof(RabbitMqService));
+        Assert.Contains(services, s => s.ServiceType == typeof(IEventWriteService) && s.ImplementationType == typeof(EventIntegrationEventWriteService));
+    }
+
+    [Fact]
+    public void AddEventWriteServices_EventsConnectionStringPresent_RegistersAzureQueueService()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:Events:ConnectionString"] = "DefaultEndpointsProtocol=https;AccountName=test;AccountKey=test;EndpointSuffix=core.windows.net",
+            ["GlobalSettings:Events:QueueName"] = "event"
+        });
+
+        services.AddEventWriteServices(globalSettings);
+
+        Assert.Contains(services, s => s.ServiceType == typeof(IEventWriteService) && s.ImplementationType == typeof(AzureQueueEventWriteService));
+    }
+
+    [Fact]
+    public void AddEventWriteServices_SelfHosted_RegistersRepositoryService()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:SelfHosted"] = "true"
+        });
+
+        services.AddEventWriteServices(globalSettings);
+
+        Assert.Contains(services, s => s.ServiceType == typeof(IEventWriteService) && s.ImplementationType == typeof(RepositoryEventWriteService));
+    }
+
+    [Fact]
+    public void AddEventWriteServices_NothingEnabled_RegistersNoopService()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings([]);
+
+        services.AddEventWriteServices(globalSettings);
+
+        Assert.Contains(services, s => s.ServiceType == typeof(IEventWriteService) && s.ImplementationType == typeof(NoopEventWriteService));
+    }
+
+    [Fact]
+    public void AddEventWriteServices_AzureTakesPrecedenceOverRabbitMq()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:EventLogging:AzureServiceBus:ConnectionString"] = "Endpoint=sb://test.servicebus.windows.net/;SharedAccessKeyName=test;SharedAccessKey=test",
+            ["GlobalSettings:EventLogging:AzureServiceBus:EventTopicName"] = "events",
+            ["GlobalSettings:EventLogging:RabbitMq:HostName"] = "localhost",
+            ["GlobalSettings:EventLogging:RabbitMq:Username"] = "user",
+            ["GlobalSettings:EventLogging:RabbitMq:Password"] = "pass",
+            ["GlobalSettings:EventLogging:RabbitMq:EventExchangeName"] = "exchange"
+        });
+
+        services.AddEventWriteServices(globalSettings);
+
+        // Should use Azure Service Bus, not RabbitMQ
+        Assert.Contains(services, s => s.ServiceType == typeof(IEventIntegrationPublisher) && s.ImplementationType == typeof(AzureServiceBusService));
+        Assert.DoesNotContain(services, s => s.ServiceType == typeof(IEventIntegrationPublisher) && s.ImplementationType == typeof(RabbitMqService));
+    }
+
+    [Fact]
+    public void AddAzureServiceBusListeners_AzureServiceBusEnabled_RegistersAzureServiceBusServices()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:EventLogging:AzureServiceBus:ConnectionString"] = "Endpoint=sb://test.servicebus.windows.net/;SharedAccessKeyName=test;SharedAccessKey=test",
+            ["GlobalSettings:EventLogging:AzureServiceBus:EventTopicName"] = "events"
+        });
+
+        // Add prerequisites
+        services.TryAddSingleton(globalSettings);
+        services.TryAddSingleton(Substitute.For<IConnectionMultiplexer>());
+        services.AddLogging();
+
+        services.AddAzureServiceBusListeners(globalSettings);
+
+        Assert.Contains(services, s => s.ServiceType == typeof(IAzureServiceBusService));
+        Assert.Contains(services, s => s.ServiceType == typeof(IEventRepository));
+        Assert.Contains(services, s => s.ServiceType == typeof(AzureTableStorageEventHandler));
+    }
+
+    [Fact]
+    public void AddAzureServiceBusListeners_AzureServiceBusDisabled_ReturnsEarly()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings([]);
+
+        var initialCount = services.Count;
+        services.AddAzureServiceBusListeners(globalSettings);
+        var finalCount = services.Count;
+
+        Assert.Equal(initialCount, finalCount);
+    }
+
+    [Fact]
+    public void AddRabbitMqListeners_RabbitMqEnabled_RegistersRabbitMqServices()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings(new Dictionary<string, string?>
+        {
+            ["GlobalSettings:EventLogging:RabbitMq:HostName"] = "localhost",
+            ["GlobalSettings:EventLogging:RabbitMq:Username"] = "user",
+            ["GlobalSettings:EventLogging:RabbitMq:Password"] = "pass",
+            ["GlobalSettings:EventLogging:RabbitMq:EventExchangeName"] = "exchange"
+        });
+
+        // Add prerequisites
+        services.TryAddSingleton(globalSettings);
+        services.TryAddSingleton(Substitute.For<IConnectionMultiplexer>());
+        services.AddLogging();
+
+        services.AddRabbitMqListeners(globalSettings);
+
+        Assert.Contains(services, s => s.ServiceType == typeof(IRabbitMqService));
+        Assert.Contains(services, s => s.ServiceType == typeof(EventRepositoryHandler));
+    }
+
+    [Fact]
+    public void AddRabbitMqListeners_RabbitMqDisabled_ReturnsEarly()
+    {
+        var services = new ServiceCollection();
+        var globalSettings = CreateGlobalSettings([]);
+
+        var initialCount = services.Count;
+        services.AddRabbitMqListeners(globalSettings);
+        var finalCount = services.Count;
+
+        Assert.Equal(initialCount, finalCount);
+    }
+
+    private static GlobalSettings CreateGlobalSettings(Dictionary<string, string?> data)
+    {
+        var config = new ConfigurationBuilder()
+            .AddInMemoryCollection(data)
+            .Build();
+
+        var settings = new GlobalSettings();
+        config.GetSection("GlobalSettings").Bind(settings);
+        return settings;
+    }
+}

test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrationConfigurations/CreateOrganizationIntegrationConfigurationCommandTests.cs

@@ -0,0 +1,179 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrationConfigurations;
+using Bit.Core.AdminConsole.Services;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Core.Utilities;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+using ZiggyCreatures.Caching.Fusion;
+
+namespace Bit.Core.Test.AdminConsole.EventIntegrations.OrganizationIntegrationConfigurations;
+
+[SutProviderCustomize]
+public class CreateOrganizationIntegrationConfigurationCommandTests
+{
+    [Theory, BitAutoData]
+    public async Task CreateAsync_Success_CreatesConfigurationAndInvalidatesCache(
+        SutProvider<CreateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration configuration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        integration.Type = IntegrationType.Webhook;
+        configuration.OrganizationIntegrationId = integrationId;
+        configuration.EventType = EventType.User_LoggedIn;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .CreateAsync(configuration)
+            .Returns(configuration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationValidator>()
+            .ValidateConfiguration(Arg.Any<IntegrationType>(), Arg.Any<OrganizationIntegrationConfiguration>())
+            .Returns(true);
+
+        var result = await sutProvider.Sut.CreateAsync(organizationId, integrationId, configuration);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .CreateAsync(configuration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveAsync(EventIntegrationsCacheConstants.BuildCacheKeyForOrganizationIntegrationConfigurationDetails(
+                organizationId,
+                integration.Type,
+                configuration.EventType.Value));
+        // Also verify RemoveByTagAsync was NOT called
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+        Assert.Equal(configuration, result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task CreateAsync_WildcardSuccess_CreatesConfigurationAndInvalidatesCache(
+        SutProvider<CreateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration configuration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        integration.Type = IntegrationType.Webhook;
+        configuration.OrganizationIntegrationId = integrationId;
+        configuration.EventType = null;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .CreateAsync(configuration)
+            .Returns(configuration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationValidator>()
+            .ValidateConfiguration(Arg.Any<IntegrationType>(), Arg.Any<OrganizationIntegrationConfiguration>())
+            .Returns(true);
+
+        var result = await sutProvider.Sut.CreateAsync(organizationId, integrationId, configuration);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .CreateAsync(configuration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveByTagAsync(EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+                organizationId,
+                integration.Type));
+        // Also verify RemoveAsync was NOT called
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        Assert.Equal(configuration, result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task CreateAsync_IntegrationDoesNotExist_ThrowsNotFound(
+        SutProvider<CreateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegrationConfiguration configuration)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns((OrganizationIntegration)null);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.CreateAsync(organizationId, integrationId, configuration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .CreateAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task CreateAsync_IntegrationDoesNotBelongToOrganization_ThrowsNotFound(
+        SutProvider<CreateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration configuration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = Guid.NewGuid(); // Different organization
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.CreateAsync(organizationId, integrationId, configuration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .CreateAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task CreateAsync_ValidationFails_ThrowsBadRequest(
+        SutProvider<CreateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration configuration)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationValidator>()
+            .ValidateConfiguration(Arg.Any<IntegrationType>(), Arg.Any<OrganizationIntegrationConfiguration>())
+            .Returns(false);
+
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        configuration.OrganizationIntegrationId = integrationId;
+        configuration.Template = "template";
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+
+        await Assert.ThrowsAsync<BadRequestException>(
+            () => sutProvider.Sut.CreateAsync(organizationId, integrationId, configuration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .CreateAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+}

test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrationConfigurations/DeleteOrganizationIntegrationConfigurationCommandTests.cs

@@ -0,0 +1,211 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrationConfigurations;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Core.Utilities;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+using ZiggyCreatures.Caching.Fusion;
+
+namespace Bit.Core.Test.AdminConsole.EventIntegrations.OrganizationIntegrationConfigurations;
+
+[SutProviderCustomize]
+public class DeleteOrganizationIntegrationConfigurationCommandTests
+{
+    [Theory, BitAutoData]
+    public async Task DeleteAsync_Success_DeletesConfigurationAndInvalidatesCache(
+        SutProvider<DeleteOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration configuration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        integration.Type = IntegrationType.Webhook;
+        configuration.Id = configurationId;
+        configuration.OrganizationIntegrationId = integrationId;
+        configuration.EventType = EventType.User_LoggedIn;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns(configuration);
+
+        await sutProvider.Sut.DeleteAsync(organizationId, integrationId, configurationId);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .GetByIdAsync(configurationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .DeleteAsync(configuration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveAsync(EventIntegrationsCacheConstants.BuildCacheKeyForOrganizationIntegrationConfigurationDetails(
+                organizationId,
+                integration.Type,
+                configuration.EventType.Value));
+        // Also verify RemoveByTagAsync was NOT called
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task DeleteAsync_WildcardSuccess_DeletesConfigurationAndInvalidatesCache(
+        SutProvider<DeleteOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration configuration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        integration.Type = IntegrationType.Webhook;
+        configuration.Id = configurationId;
+        configuration.OrganizationIntegrationId = integrationId;
+        configuration.EventType = null;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns(configuration);
+
+        await sutProvider.Sut.DeleteAsync(organizationId, integrationId, configurationId);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .GetByIdAsync(configurationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .DeleteAsync(configuration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveByTagAsync(EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+                organizationId,
+                integration.Type));
+        // Also verify RemoveAsync was NOT called
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task DeleteAsync_IntegrationDoesNotExist_ThrowsNotFound(
+        SutProvider<DeleteOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns((OrganizationIntegration)null);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.DeleteAsync(organizationId, integrationId, configurationId));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .GetByIdAsync(Arg.Any<Guid>());
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .DeleteAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task DeleteAsync_IntegrationDoesNotBelongToOrganization_ThrowsNotFound(
+        SutProvider<DeleteOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = Guid.NewGuid(); // Different organization
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.DeleteAsync(organizationId, integrationId, configurationId));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .GetByIdAsync(Arg.Any<Guid>());
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .DeleteAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task DeleteAsync_ConfigurationDoesNotExist_ThrowsNotFound(
+        SutProvider<DeleteOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns((OrganizationIntegrationConfiguration)null);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.DeleteAsync(organizationId, integrationId, configurationId));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .DeleteAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task DeleteAsync_ConfigurationDoesNotBelongToIntegration_ThrowsNotFound(
+        SutProvider<DeleteOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration configuration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        configuration.Id = configurationId;
+        configuration.OrganizationIntegrationId = Guid.NewGuid(); // Different integration
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns(configuration);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.DeleteAsync(organizationId, integrationId, configurationId));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .DeleteAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+}

test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrationConfigurations/GetOrganizationIntegrationConfigurationsQueryTests.cs

@@ -0,0 +1,101 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrationConfigurations;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.AdminConsole.EventIntegrations.OrganizationIntegrationConfigurations;
+
+[SutProviderCustomize]
+public class GetOrganizationIntegrationConfigurationsQueryTests
+{
+    [Theory, BitAutoData]
+    public async Task GetManyByIntegrationAsync_Success_ReturnsConfigurations(
+        SutProvider<GetOrganizationIntegrationConfigurationsQuery> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration,
+        List<OrganizationIntegrationConfiguration> configurations)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetManyByIntegrationAsync(integrationId)
+            .Returns(configurations);
+
+        var result = await sutProvider.Sut.GetManyByIntegrationAsync(organizationId, integrationId);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .GetManyByIntegrationAsync(integrationId);
+        Assert.Equal(configurations.Count, result.Count);
+    }
+
+    [Theory, BitAutoData]
+    public async Task GetManyByIntegrationAsync_NoConfigurations_ReturnsEmptyList(
+        SutProvider<GetOrganizationIntegrationConfigurationsQuery> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetManyByIntegrationAsync(integrationId)
+            .Returns([]);
+
+        var result = await sutProvider.Sut.GetManyByIntegrationAsync(organizationId, integrationId);
+
+        Assert.Empty(result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task GetManyByIntegrationAsync_IntegrationDoesNotExist_ThrowsNotFound(
+        SutProvider<GetOrganizationIntegrationConfigurationsQuery> sutProvider,
+        Guid organizationId,
+        Guid integrationId)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns((OrganizationIntegration)null);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.GetManyByIntegrationAsync(organizationId, integrationId));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .GetManyByIntegrationAsync(Arg.Any<Guid>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task GetManyByIntegrationAsync_IntegrationDoesNotBelongToOrganization_ThrowsNotFound(
+        SutProvider<GetOrganizationIntegrationConfigurationsQuery> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = Guid.NewGuid(); // Different organization
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.GetManyByIntegrationAsync(organizationId, integrationId));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .GetManyByIntegrationAsync(Arg.Any<Guid>());
+    }
+}

test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrationConfigurations/UpdateOrganizationIntegrationConfigurationCommandTests.cs

@@ -0,0 +1,390 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrationConfigurations;
+using Bit.Core.AdminConsole.Services;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Core.Utilities;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+using ZiggyCreatures.Caching.Fusion;
+
+namespace Bit.Core.Test.AdminConsole.EventIntegrations.OrganizationIntegrationConfigurations;
+
+[SutProviderCustomize]
+public class UpdateOrganizationIntegrationConfigurationCommandTests
+{
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_Success_UpdatesConfigurationAndInvalidatesCache(
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration existingConfiguration,
+        OrganizationIntegrationConfiguration updatedConfiguration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        integration.Type = IntegrationType.Webhook;
+        existingConfiguration.Id = configurationId;
+        existingConfiguration.OrganizationIntegrationId = integrationId;
+        existingConfiguration.EventType = EventType.User_LoggedIn;
+        updatedConfiguration.Id = configurationId;
+        updatedConfiguration.OrganizationIntegrationId = integrationId;
+        existingConfiguration.EventType = EventType.User_LoggedIn;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns(existingConfiguration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationValidator>()
+            .ValidateConfiguration(Arg.Any<IntegrationType>(), Arg.Any<OrganizationIntegrationConfiguration>())
+            .Returns(true);
+
+        var result = await sutProvider.Sut.UpdateAsync(organizationId, integrationId, configurationId, updatedConfiguration);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .GetByIdAsync(configurationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .ReplaceAsync(updatedConfiguration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveAsync(EventIntegrationsCacheConstants.BuildCacheKeyForOrganizationIntegrationConfigurationDetails(
+                organizationId,
+                integration.Type,
+                existingConfiguration.EventType.Value));
+        // Also verify RemoveByTagAsync was NOT called
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+        Assert.Equal(updatedConfiguration, result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_WildcardSuccess_UpdatesConfigurationAndInvalidatesCache(
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration existingConfiguration,
+        OrganizationIntegrationConfiguration updatedConfiguration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        integration.Type = IntegrationType.Webhook;
+        existingConfiguration.Id = configurationId;
+        existingConfiguration.OrganizationIntegrationId = integrationId;
+        existingConfiguration.EventType = null;
+        updatedConfiguration.Id = configurationId;
+        updatedConfiguration.OrganizationIntegrationId = integrationId;
+        updatedConfiguration.EventType = null;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns(existingConfiguration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationValidator>()
+            .ValidateConfiguration(Arg.Any<IntegrationType>(), Arg.Any<OrganizationIntegrationConfiguration>())
+            .Returns(true);
+
+        var result = await sutProvider.Sut.UpdateAsync(organizationId, integrationId, configurationId, updatedConfiguration);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .GetByIdAsync(configurationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .ReplaceAsync(updatedConfiguration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveByTagAsync(EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+                organizationId,
+                integration.Type));
+        // Also verify RemoveAsync was NOT called
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        Assert.Equal(updatedConfiguration, result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_ChangedEventType_UpdatesConfigurationAndInvalidatesCacheForBothTypes(
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration existingConfiguration,
+        OrganizationIntegrationConfiguration updatedConfiguration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        integration.Type = IntegrationType.Webhook;
+        existingConfiguration.Id = configurationId;
+        existingConfiguration.OrganizationIntegrationId = integrationId;
+        existingConfiguration.EventType = EventType.User_LoggedIn;
+        updatedConfiguration.Id = configurationId;
+        updatedConfiguration.OrganizationIntegrationId = integrationId;
+        updatedConfiguration.EventType = EventType.Cipher_Created;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns(existingConfiguration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationValidator>()
+            .ValidateConfiguration(Arg.Any<IntegrationType>(), Arg.Any<OrganizationIntegrationConfiguration>())
+            .Returns(true);
+
+        var result = await sutProvider.Sut.UpdateAsync(organizationId, integrationId, configurationId, updatedConfiguration);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .GetByIdAsync(configurationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .ReplaceAsync(updatedConfiguration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveAsync(EventIntegrationsCacheConstants.BuildCacheKeyForOrganizationIntegrationConfigurationDetails(
+                organizationId,
+                integration.Type,
+                existingConfiguration.EventType.Value));
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveAsync(EventIntegrationsCacheConstants.BuildCacheKeyForOrganizationIntegrationConfigurationDetails(
+                organizationId,
+                integration.Type,
+                updatedConfiguration.EventType.Value));
+        // Verify RemoveByTagAsync was NOT called since both are specific event types
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+        Assert.Equal(updatedConfiguration, result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_IntegrationDoesNotExist_ThrowsNotFound(
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegrationConfiguration updatedConfiguration)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns((OrganizationIntegration)null);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.UpdateAsync(organizationId, integrationId, configurationId, updatedConfiguration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .GetByIdAsync(Arg.Any<Guid>());
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .ReplaceAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_IntegrationDoesNotBelongToOrganization_ThrowsNotFound(
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration updatedConfiguration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = Guid.NewGuid(); // Different organization
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.UpdateAsync(organizationId, integrationId, configurationId, updatedConfiguration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .GetByIdAsync(Arg.Any<Guid>());
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .ReplaceAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_ConfigurationDoesNotExist_ThrowsNotFound(
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration updatedConfiguration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns((OrganizationIntegrationConfiguration)null);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.UpdateAsync(organizationId, integrationId, configurationId, updatedConfiguration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .ReplaceAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_ConfigurationDoesNotBelongToIntegration_ThrowsNotFound(
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration existingConfiguration,
+        OrganizationIntegrationConfiguration updatedConfiguration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        existingConfiguration.Id = configurationId;
+        existingConfiguration.OrganizationIntegrationId = Guid.NewGuid(); // Different integration
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns(existingConfiguration);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.UpdateAsync(organizationId, integrationId, configurationId, updatedConfiguration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .ReplaceAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_ValidationFails_ThrowsBadRequest(
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration existingConfiguration,
+        OrganizationIntegrationConfiguration updatedConfiguration)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationValidator>()
+            .ValidateConfiguration(Arg.Any<IntegrationType>(), Arg.Any<OrganizationIntegrationConfiguration>())
+            .Returns(false);
+
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        existingConfiguration.Id = configurationId;
+        existingConfiguration.OrganizationIntegrationId = integrationId;
+        updatedConfiguration.Id = configurationId;
+        updatedConfiguration.OrganizationIntegrationId = integrationId;
+        updatedConfiguration.Template = "template";
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns(existingConfiguration);
+
+        await Assert.ThrowsAsync<BadRequestException>(
+            () => sutProvider.Sut.UpdateAsync(organizationId, integrationId, configurationId, updatedConfiguration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .ReplaceAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_ChangedFromWildcardToSpecific_InvalidatesAllCaches(
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration existingConfiguration,
+        OrganizationIntegrationConfiguration updatedConfiguration,
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider)
+    {
+        integration.OrganizationId = organizationId;
+        existingConfiguration.OrganizationIntegrationId = integrationId;
+        existingConfiguration.EventType = null; // Wildcard
+        updatedConfiguration.EventType = EventType.User_LoggedIn; // Specific
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId).Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(existingConfiguration.Id).Returns(existingConfiguration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationValidator>()
+            .ValidateConfiguration(Arg.Any<IntegrationType>(), Arg.Any<OrganizationIntegrationConfiguration>())
+            .Returns(true);
+
+        await sutProvider.Sut.UpdateAsync(organizationId, integrationId, existingConfiguration.Id, updatedConfiguration);
+
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveByTagAsync(EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+                organizationId,
+                integration.Type));
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_ChangedFromSpecificToWildcard_InvalidatesAllCaches(
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration existingConfiguration,
+        OrganizationIntegrationConfiguration updatedConfiguration,
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider)
+    {
+        integration.OrganizationId = organizationId;
+        existingConfiguration.OrganizationIntegrationId = integrationId;
+        existingConfiguration.EventType = EventType.User_LoggedIn; // Specific
+        updatedConfiguration.EventType = null; // Wildcard
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId).Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(existingConfiguration.Id).Returns(existingConfiguration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationValidator>()
+            .ValidateConfiguration(Arg.Any<IntegrationType>(), Arg.Any<OrganizationIntegrationConfiguration>())
+            .Returns(true);
+
+        await sutProvider.Sut.UpdateAsync(organizationId, integrationId, existingConfiguration.Id, updatedConfiguration);
+
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveByTagAsync(EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+                organizationId,
+                integration.Type));
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+    }
+}

test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrations/CreateOrganizationIntegrationCommandTests.cs

@@ -0,0 +1,92 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrations;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Core.Utilities;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+using ZiggyCreatures.Caching.Fusion;
+
+namespace Bit.Core.Test.AdminConsole.EventIntegrations.OrganizationIntegrations;
+
+[SutProviderCustomize]
+public class CreateOrganizationIntegrationCommandTests
+{
+    [Theory, BitAutoData]
+    public async Task CreateAsync_Success_CreatesIntegrationAndInvalidatesCache(
+        SutProvider<CreateOrganizationIntegrationCommand> sutProvider,
+        OrganizationIntegration integration)
+    {
+        integration.Type = IntegrationType.Webhook;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetManyByOrganizationAsync(integration.OrganizationId)
+            .Returns([]);
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .CreateAsync(integration)
+            .Returns(integration);
+
+        var result = await sutProvider.Sut.CreateAsync(integration);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetManyByOrganizationAsync(integration.OrganizationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .CreateAsync(integration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveByTagAsync(EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+                integration.OrganizationId,
+                integration.Type));
+        Assert.Equal(integration, result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task CreateAsync_DuplicateType_ThrowsBadRequest(
+        SutProvider<CreateOrganizationIntegrationCommand> sutProvider,
+        OrganizationIntegration integration,
+        OrganizationIntegration existingIntegration)
+    {
+        integration.Type = IntegrationType.Webhook;
+        existingIntegration.Type = IntegrationType.Webhook;
+        existingIntegration.OrganizationId = integration.OrganizationId;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetManyByOrganizationAsync(integration.OrganizationId)
+            .Returns([existingIntegration]);
+
+        var exception = await Assert.ThrowsAsync<BadRequestException>(
+            () => sutProvider.Sut.CreateAsync(integration));
+
+        Assert.Contains("An integration of this type already exists", exception.Message);
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().DidNotReceive()
+            .CreateAsync(Arg.Any<OrganizationIntegration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task CreateAsync_DifferentType_Success(
+        SutProvider<CreateOrganizationIntegrationCommand> sutProvider,
+        OrganizationIntegration integration,
+        OrganizationIntegration existingIntegration)
+    {
+        integration.Type = IntegrationType.Webhook;
+        existingIntegration.Type = IntegrationType.Slack;
+        existingIntegration.OrganizationId = integration.OrganizationId;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetManyByOrganizationAsync(integration.OrganizationId)
+            .Returns([existingIntegration]);
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .CreateAsync(integration)
+            .Returns(integration);
+
+        var result = await sutProvider.Sut.CreateAsync(integration);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .CreateAsync(integration);
+        Assert.Equal(integration, result);
+    }
+}

test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrations/DeleteOrganizationIntegrationCommandTests.cs

@@ -0,0 +1,86 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrations;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Core.Utilities;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+using ZiggyCreatures.Caching.Fusion;
+
+namespace Bit.Core.Test.AdminConsole.EventIntegrations.OrganizationIntegrations;
+
+[SutProviderCustomize]
+public class DeleteOrganizationIntegrationCommandTests
+{
+    [Theory, BitAutoData]
+    public async Task DeleteAsync_Success_DeletesIntegrationAndInvalidatesCache(
+        SutProvider<DeleteOrganizationIntegrationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        integration.Type = IntegrationType.Webhook;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+
+        await sutProvider.Sut.DeleteAsync(organizationId, integrationId);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .DeleteAsync(integration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveByTagAsync(EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+                organizationId,
+                integration.Type));
+    }
+
+    [Theory, BitAutoData]
+    public async Task DeleteAsync_IntegrationDoesNotExist_ThrowsNotFound(
+        SutProvider<DeleteOrganizationIntegrationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns((OrganizationIntegration)null);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.DeleteAsync(organizationId, integrationId));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().DidNotReceive()
+            .DeleteAsync(Arg.Any<OrganizationIntegration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task DeleteAsync_IntegrationDoesNotBelongToOrganization_ThrowsNotFound(
+        SutProvider<DeleteOrganizationIntegrationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = Guid.NewGuid(); // Different organization
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.DeleteAsync(organizationId, integrationId));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().DidNotReceive()
+            .DeleteAsync(Arg.Any<OrganizationIntegration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+}

test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrations/GetOrganizationIntegrationsQueryTests.cs

@@ -0,0 +1,44 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrations;
+using Bit.Core.Repositories;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.AdminConsole.EventIntegrations.OrganizationIntegrations;
+
+[SutProviderCustomize]
+public class GetOrganizationIntegrationsQueryTests
+{
+    [Theory, BitAutoData]
+    public async Task GetManyByOrganizationAsync_CallsRepository(
+        SutProvider<GetOrganizationIntegrationsQuery> sutProvider,
+        Guid organizationId,
+        List<OrganizationIntegration> integrations)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetManyByOrganizationAsync(organizationId)
+            .Returns(integrations);
+
+        var result = await sutProvider.Sut.GetManyByOrganizationAsync(organizationId);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetManyByOrganizationAsync(organizationId);
+        Assert.Equal(integrations.Count, result.Count);
+    }
+
+    [Theory, BitAutoData]
+    public async Task GetManyByOrganizationAsync_NoIntegrations_ReturnsEmptyList(
+        SutProvider<GetOrganizationIntegrationsQuery> sutProvider,
+        Guid organizationId)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetManyByOrganizationAsync(organizationId)
+            .Returns([]);
+
+        var result = await sutProvider.Sut.GetManyByOrganizationAsync(organizationId);
+
+        Assert.Empty(result);
+    }
+}

test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrations/UpdateOrganizationIntegrationCommandTests.cs

@@ -0,0 +1,121 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrations;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Core.Utilities;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+using ZiggyCreatures.Caching.Fusion;
+
+namespace Bit.Core.Test.AdminConsole.EventIntegrations.OrganizationIntegrations;
+
+[SutProviderCustomize]
+public class UpdateOrganizationIntegrationCommandTests
+{
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_Success_UpdatesIntegrationAndInvalidatesCache(
+        SutProvider<UpdateOrganizationIntegrationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration existingIntegration,
+        OrganizationIntegration updatedIntegration)
+    {
+        existingIntegration.Id = integrationId;
+        existingIntegration.OrganizationId = organizationId;
+        existingIntegration.Type = IntegrationType.Webhook;
+        updatedIntegration.Id = integrationId;
+        updatedIntegration.OrganizationId = organizationId;
+        updatedIntegration.Type = IntegrationType.Webhook;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(existingIntegration);
+
+        var result = await sutProvider.Sut.UpdateAsync(organizationId, integrationId, updatedIntegration);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .ReplaceAsync(updatedIntegration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveByTagAsync(EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+                organizationId,
+                existingIntegration.Type));
+        Assert.Equal(updatedIntegration, result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_IntegrationDoesNotExist_ThrowsNotFound(
+        SutProvider<UpdateOrganizationIntegrationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration updatedIntegration)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns((OrganizationIntegration)null);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.UpdateAsync(organizationId, integrationId, updatedIntegration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().DidNotReceive()
+            .ReplaceAsync(Arg.Any<OrganizationIntegration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_IntegrationDoesNotBelongToOrganization_ThrowsNotFound(
+        SutProvider<UpdateOrganizationIntegrationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration existingIntegration,
+        OrganizationIntegration updatedIntegration)
+    {
+        existingIntegration.Id = integrationId;
+        existingIntegration.OrganizationId = Guid.NewGuid(); // Different organization
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(existingIntegration);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.UpdateAsync(organizationId, integrationId, updatedIntegration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().DidNotReceive()
+            .ReplaceAsync(Arg.Any<OrganizationIntegration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_IntegrationIsDifferentType_ThrowsNotFound(
+        SutProvider<UpdateOrganizationIntegrationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration existingIntegration,
+        OrganizationIntegration updatedIntegration)
+    {
+        existingIntegration.Id = integrationId;
+        existingIntegration.OrganizationId = organizationId;
+        existingIntegration.Type = IntegrationType.Webhook;
+        updatedIntegration.Id = integrationId;
+        updatedIntegration.OrganizationId = organizationId;
+        updatedIntegration.Type = IntegrationType.Hec; // Different Type
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(existingIntegration);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.UpdateAsync(organizationId, integrationId, updatedIntegration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().DidNotReceive()
+            .ReplaceAsync(Arg.Any<OrganizationIntegration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+}

test/Core.Test/AdminConsole/Models/Data/EventIntegrations/TestListenerConfiguration.cs

@@ -17,4 +17,5 @@ public class TestListenerConfiguration : IIntegrationListenerConfiguration
     public int EventPrefetchCount => 0;
     public int IntegrationMaxConcurrentCalls => 1;
     public int IntegrationPrefetchCount => 0;
+    public string RoutingKey => IntegrationType.ToRoutingKey();
 }

test/Core.Test/AdminConsole/OrganizationFeatures/Import/ImportOrganizationUsersAndGroupsCommandTests.cs

@@ -1,6 +1,7 @@
 using Bit.Core.AdminConsole.Models.Business;
 using Bit.Core.AdminConsole.OrganizationFeatures.Import;
 using Bit.Core.Auth.Models.Business.Tokenables;
+using Bit.Core.Billing.Services;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
@@ -57,7 +58,7 @@ public class ImportOrganizationUsersAndGroupsCommandTests
         var organizationUserRepository = sutProvider.GetDependency<IOrganizationUserRepository>();
         SetupOrgUserRepositoryCreateManyAsyncMock(organizationUserRepository);
 
-        sutProvider.GetDependency<IPaymentService>().HasSecretsManagerStandalone(org).Returns(true);
+        sutProvider.GetDependency<IStripePaymentService>().HasSecretsManagerStandalone(org).Returns(true);
         sutProvider.GetDependency<IOrganizationUserRepository>().GetManyDetailsByOrganizationAsync(org.Id).Returns(existingUsers);
         sutProvider.GetDependency<IOrganizationRepository>().GetOccupiedSeatCountByOrganizationIdAsync(org.Id).Returns(
             new OrganizationSeatCounts

test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationDomains/VerifyOrganizationDomainCommandTests.cs

@@ -2,7 +2,6 @@
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Models.Data;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains;
-using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyUpdateEvents.Interfaces;
 using Bit.Core.Context;
@@ -183,17 +182,17 @@ public class VerifyOrganizationDomainCommandTests
 
         _ = await sutProvider.Sut.UserVerifyOrganizationDomainAsync(domain);
 
-        await sutProvider.GetDependency<ISavePolicyCommand>()
+        await sutProvider.GetDependency<IVNextSavePolicyCommand>()
             .Received(1)
-            .SaveAsync(Arg.Is<PolicyUpdate>(x => x.Type == PolicyType.SingleOrg &&
-                x.OrganizationId == domain.OrganizationId &&
-                x.Enabled &&
+            .SaveAsync(Arg.Is<SavePolicyModel>(x => x.PolicyUpdate.Type == PolicyType.SingleOrg &&
+                                                    x.PolicyUpdate.OrganizationId == domain.OrganizationId &&
+                                                    x.PolicyUpdate.Enabled &&
                 x.PerformedBy is StandardUser &&
                 x.PerformedBy.UserId == userId));
     }
 
     [Theory, BitAutoData]
-    public async Task UserVerifyOrganizationDomainAsync_WhenPolicyValidatorsRefactorFlagEnabled_UsesVNextSavePolicyCommand(
+    public async Task UserVerifyOrganizationDomainAsync_UsesVNextSavePolicyCommand(
         OrganizationDomain domain, Guid userId, SutProvider<VerifyOrganizationDomainCommand> sutProvider)
     {
         sutProvider.GetDependency<IOrganizationDomainRepository>()
@@ -207,10 +206,6 @@ public class VerifyOrganizationDomainCommandTests
         sutProvider.GetDependency<ICurrentContext>()
             .UserId.Returns(userId);
 
-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.PolicyValidatorsRefactor)
-            .Returns(true);
-
         _ = await sutProvider.Sut.UserVerifyOrganizationDomainAsync(domain);
 
         await sutProvider.GetDependency<IVNextSavePolicyCommand>()
@@ -240,9 +235,9 @@ public class VerifyOrganizationDomainCommandTests
 
         _ = await sutProvider.Sut.UserVerifyOrganizationDomainAsync(domain);
 
-        await sutProvider.GetDependency<ISavePolicyCommand>()
+        await sutProvider.GetDependency<IVNextSavePolicyCommand>()
             .DidNotReceive()
-            .SaveAsync(Arg.Any<PolicyUpdate>());
+            .SaveAsync(Arg.Any<SavePolicyModel>());
     }
 
     [Theory, BitAutoData]

test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/AcceptOrgUserCommandTests.cs

@@ -1,7 +1,9 @@
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.AutoConfirmUser;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Enforcement.AutoConfirm;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
 using Bit.Core.AdminConsole.Services;
 using Bit.Core.Auth.Models.Business.Tokenables;
@@ -24,6 +26,7 @@ using Bit.Test.Common.Fakes;
 using Microsoft.AspNetCore.DataProtection;
 using NSubstitute;
 using Xunit;
+using static Bit.Core.AdminConsole.Utilities.v2.Validation.ValidationResultHelpers;
 
 namespace Bit.Core.Test.OrganizationFeatures.OrganizationUsers;
 
@@ -673,6 +676,79 @@ public class AcceptOrgUserCommandTests
         Assert.Equal("User not found within organization.", exception.Message);
     }
 
+    // Auto-confirm policy validation tests --------------------------------------------------------------------------
+
+    [Theory]
+    [BitAutoData]
+    public async Task AcceptOrgUserAsync_WithAutoConfirmIsNotEnabled_DoesNotCheckCompliance(
+        SutProvider<AcceptOrgUserCommand> sutProvider,
+        User user, Organization org, OrganizationUser orgUser, OrganizationUserUserDetails adminUserDetails)
+    {
+        // Arrange
+        SetupCommonAcceptOrgUserMocks(sutProvider, user, org, orgUser, adminUserDetails);
+
+        // Act
+        var resultOrgUser = await sutProvider.Sut.AcceptOrgUserAsync(orgUser, user, _userService);
+
+        // Assert
+        AssertValidAcceptedOrgUser(resultOrgUser, orgUser, user);
+
+        await sutProvider.GetDependency<IAutomaticUserConfirmationPolicyEnforcementValidator>().DidNotReceiveWithAnyArgs()
+            .IsCompliantAsync(Arg.Any<AutomaticUserConfirmationPolicyEnforcementRequest>());
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task AcceptOrgUserAsync_WithUserThatIsCompliantWithAutoConfirm_AcceptsUser(
+        SutProvider<AcceptOrgUserCommand> sutProvider,
+        User user, Organization org, OrganizationUser orgUser, OrganizationUserUserDetails adminUserDetails)
+    {
+        // Arrange
+        SetupCommonAcceptOrgUserMocks(sutProvider, user, org, orgUser, adminUserDetails);
+
+        // Mock auto-confirm enforcement query to return valid (no auto-confirm restrictions)
+        sutProvider.GetDependency<IAutomaticUserConfirmationPolicyEnforcementValidator>()
+            .IsCompliantAsync(Arg.Any<AutomaticUserConfirmationPolicyEnforcementRequest>())
+            .Returns(Valid(new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser], user)));
+
+        // Act
+        var resultOrgUser = await sutProvider.Sut.AcceptOrgUserAsync(orgUser, user, _userService);
+
+        // Assert
+        AssertValidAcceptedOrgUser(resultOrgUser, orgUser, user);
+
+        await sutProvider.GetDependency<IOrganizationUserRepository>().Received(1).ReplaceAsync(
+            Arg.Is<OrganizationUser>(ou => ou.Id == orgUser.Id && ou.Status == OrganizationUserStatusType.Accepted));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task AcceptOrgUserAsync_WithAutoConfirmIsEnabledAndFailsCompliance_ThrowsBadRequestException(
+        SutProvider<AcceptOrgUserCommand> sutProvider,
+        User user, Organization org, OrganizationUser orgUser, OrganizationUserUserDetails adminUserDetails,
+        OrganizationUser otherOrgUser)
+    {
+        // Arrange
+        SetupCommonAcceptOrgUserMocks(sutProvider, user, org, orgUser, adminUserDetails);
+
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)
+            .Returns(true);
+
+        sutProvider.GetDependency<IAutomaticUserConfirmationPolicyEnforcementValidator>()
+            .IsCompliantAsync(Arg.Any<AutomaticUserConfirmationPolicyEnforcementRequest>())
+            .Returns(Invalid(
+                new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser, otherOrgUser], user),
+                new UserCannotBelongToAnotherOrganization()));
+
+        // Act & Assert
+        var exception = await Assert.ThrowsAsync<BadRequestException>(() =>
+            sutProvider.Sut.AcceptOrgUserAsync(orgUser, user, _userService));
+
+        // Should get auto-confirm error
+        Assert.Equal(new UserCannotBelongToAnotherOrganization().Message, exception.Message);
+    }
+
     // Private helpers -------------------------------------------------------------------------------------------------
 
     /// <summary>
@@ -716,7 +792,7 @@ public class AcceptOrgUserCommandTests
     /// - Provides mock data for an admin to validate email functionality.
     /// - Returns the corresponding organization for the given org ID.
     /// </summary>
-    private void SetupCommonAcceptOrgUserMocks(SutProvider<AcceptOrgUserCommand> sutProvider, User user,
+    private static void SetupCommonAcceptOrgUserMocks(SutProvider<AcceptOrgUserCommand> sutProvider, User user,
         Organization org,
         OrganizationUser orgUser, OrganizationUserUserDetails adminUserDetails)
     {
@@ -729,18 +805,12 @@ public class AcceptOrgUserCommandTests
         // User is not part of any other orgs
         sutProvider.GetDependency<IOrganizationUserRepository>()
             .GetManyByUserAsync(user.Id)
-            .Returns(
-                Task.FromResult<ICollection<OrganizationUser>>(new List<OrganizationUser>())
-            );
+            .Returns([]);
 
         // Org they are trying to join does not have single org policy
         sutProvider.GetDependency<IPolicyService>()
             .GetPoliciesApplicableToUserAsync(user.Id, PolicyType.SingleOrg, OrganizationUserStatusType.Invited)
-            .Returns(
-                Task.FromResult<ICollection<OrganizationUserPolicyDetails>>(
-                    new List<OrganizationUserPolicyDetails>()
-                )
-            );
+            .Returns([]);
 
         // User is not part of any organization that applies the single org policy
         sutProvider.GetDependency<IPolicyService>()
@@ -750,20 +820,24 @@ public class AcceptOrgUserCommandTests
         // Org does not require 2FA
         sutProvider.GetDependency<IPolicyService>().GetPoliciesApplicableToUserAsync(user.Id,
                 PolicyType.TwoFactorAuthentication, OrganizationUserStatusType.Invited)
-            .Returns(Task.FromResult<ICollection<OrganizationUserPolicyDetails>>(
-                new List<OrganizationUserPolicyDetails>()));
+            .Returns([]);
 
         // Provide at least 1 admin to test email functionality
         sutProvider.GetDependency<IOrganizationUserRepository>()
             .GetManyByMinimumRoleAsync(orgUser.OrganizationId, OrganizationUserType.Admin)
-            .Returns(Task.FromResult<IEnumerable<OrganizationUserUserDetails>>(
-                new List<OrganizationUserUserDetails>() { adminUserDetails }
-            ));
+            .Returns([adminUserDetails]);
 
         // Return org
         sutProvider.GetDependency<IOrganizationRepository>()
             .GetByIdAsync(org.Id)
-            .Returns(Task.FromResult(org));
+            .Returns(org);
+
+        // Auto-confirm enforcement query returns valid by default (no restrictions)
+        var request = new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser], user);
+
+        sutProvider.GetDependency<IAutomaticUserConfirmationPolicyEnforcementValidator>()
+            .IsCompliantAsync(request)
+            .Returns(Valid(request));
     }
 
 

test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUsers/AutomaticallyConfirmOrganizationUsersValidatorTests.cs

@@ -5,6 +5,7 @@ using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.AutoConfirmUser;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.DeleteClaimedAccount;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Enforcement.AutoConfirm;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Auth.UserFeatures.TwoFactorAuth.Interfaces;
@@ -12,6 +13,7 @@ using Bit.Core.Billing.Enums;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Repositories;
+using Bit.Core.Services;
 using Bit.Core.Test.AdminConsole.AutoFixture;
 using Bit.Core.Test.AutoFixture.OrganizationFixtures;
 using Bit.Core.Test.AutoFixture.OrganizationUserFixtures;
@@ -19,6 +21,7 @@ using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using NSubstitute;
 using Xunit;
+using static Bit.Core.AdminConsole.Utilities.v2.Validation.ValidationResultHelpers;
 
 namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.OrganizationUsers.AutoConfirmUsers;
 
@@ -116,11 +119,11 @@ public class AutomaticallyConfirmOrganizationUsersValidatorTests
         SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
         [Organization(useAutomaticUserConfirmation: true, planType: PlanType.EnterpriseAnnually)] Organization organization,
         [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
-        Guid userId,
+        User user,
         [Policy(PolicyType.AutomaticUserConfirmation)] Policy autoConfirmPolicy)
     {
         // Arrange
-        organizationUser.UserId = userId;
+        organizationUser.UserId = user.Id;
         organizationUser.OrganizationId = organization.Id;
 
         var request = new AutomaticallyConfirmOrganizationUserValidationRequest
@@ -140,12 +143,23 @@ public class AutomaticallyConfirmOrganizationUsersValidatorTests
 
         sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
             .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
-            .Returns([(userId, true)]);
+            .Returns([(user.Id, true)]);
 
         sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyByUserAsync(userId)
+            .GetManyByUserAsync(user.Id)
             .Returns([organizationUser]);
 
+        sutProvider.GetDependency<IUserService>()
+            .GetUserByIdAsync(user.Id)
+            .Returns(user);
+
+        sutProvider.GetDependency<IAutomaticUserConfirmationPolicyEnforcementValidator>()
+            .IsCompliantAsync(Arg.Any<AutomaticUserConfirmationPolicyEnforcementRequest>())
+            .Returns(Valid(
+                new AutomaticUserConfirmationPolicyEnforcementRequest(organization.Id,
+                    [organizationUser],
+                    user)));
+
         // Act
         var result = await sutProvider.Sut.ValidateAsync(request);
 
@@ -319,11 +333,11 @@ public class AutomaticallyConfirmOrganizationUsersValidatorTests
         SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
         [Organization(useAutomaticUserConfirmation: true)] Organization organization,
         [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
-        Guid userId,
+        User user,
         [Policy(PolicyType.AutomaticUserConfirmation)] Policy autoConfirmPolicy)
     {
         // Arrange
-        organizationUser.UserId = userId;
+        organizationUser.UserId = user.Id;
         organizationUser.OrganizationId = organization.Id;
 
         var request = new AutomaticallyConfirmOrganizationUserValidationRequest
@@ -343,12 +357,24 @@ public class AutomaticallyConfirmOrganizationUsersValidatorTests
 
         sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
             .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
-            .Returns([(userId, true)]);
+            .Returns([(user.Id, true)]);
 
         sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyByUserAsync(userId)
+            .GetManyByUserAsync(user.Id)
             .Returns([organizationUser]);
 
+        sutProvider.GetDependency<IUserService>()
+            .GetUserByIdAsync(user.Id)
+            .Returns(user);
+
+        sutProvider.GetDependency<IAutomaticUserConfirmationPolicyEnforcementValidator>()
+            .IsCompliantAsync(Arg.Any<AutomaticUserConfirmationPolicyEnforcementRequest>())
+            .Returns(Valid(
+                new AutomaticUserConfirmationPolicyEnforcementRequest(organization.Id,
+                    [organizationUser],
+                    user)));
+
+
         // Act
         var result = await sutProvider.Sut.ValidateAsync(request);
 
@@ -362,11 +388,11 @@ public class AutomaticallyConfirmOrganizationUsersValidatorTests
         SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
         [Organization(useAutomaticUserConfirmation: true)] Organization organization,
         [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
-        Guid userId,
+        User user,
         [Policy(PolicyType.AutomaticUserConfirmation)] Policy autoConfirmPolicy)
     {
         // Arrange
-        organizationUser.UserId = userId;
+        organizationUser.UserId = user.Id;
         organizationUser.OrganizationId = organization.Id;
 
         var request = new AutomaticallyConfirmOrganizationUserValidationRequest
@@ -386,16 +412,28 @@ public class AutomaticallyConfirmOrganizationUsersValidatorTests
 
         sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
             .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
-            .Returns([(userId, false)]);
+            .Returns([(user.Id, false)]);
 
         sutProvider.GetDependency<IPolicyRequirementQuery>()
-            .GetAsync<RequireTwoFactorPolicyRequirement>(userId)
+            .GetAsync<RequireTwoFactorPolicyRequirement>(user.Id)
             .Returns(new RequireTwoFactorPolicyRequirement([])); // No 2FA policy
 
         sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyByUserAsync(userId)
+            .GetManyByUserAsync(user.Id)
             .Returns([organizationUser]);
 
+        sutProvider.GetDependency<IUserService>()
+            .GetUserByIdAsync(user.Id)
+            .Returns(user);
+
+        sutProvider.GetDependency<IAutomaticUserConfirmationPolicyEnforcementValidator>()
+            .IsCompliantAsync(Arg.Any<AutomaticUserConfirmationPolicyEnforcementRequest>())
+            .Returns(Valid(
+                new AutomaticUserConfirmationPolicyEnforcementRequest(organization.Id,
+                    [organizationUser],
+                    user)));
+
+
         // Act
         var result = await sutProvider.Sut.ValidateAsync(request);
 
@@ -403,128 +441,17 @@ public class AutomaticallyConfirmOrganizationUsersValidatorTests
         Assert.True(result.IsValid);
     }
 
-    [Theory]
-    [BitAutoData]
-    public async Task ValidateAsync_UserInMultipleOrgs_WithSingleOrgPolicyOnThisOrg_ReturnsError(
-        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
-        [Organization(useAutomaticUserConfirmation: true)] Organization organization,
-        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
-        OrganizationUser otherOrgUser,
-        Guid userId,
-        [Policy(PolicyType.AutomaticUserConfirmation)] Policy autoConfirmPolicy)
-    {
-        // Arrange
-        organizationUser.UserId = userId;
-        organizationUser.OrganizationId = organization.Id;
-
-        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
-        {
-            PerformedBy = Substitute.For<IActingUser>(),
-            DefaultUserCollectionName = "test-collection",
-            OrganizationUser = organizationUser,
-            OrganizationUserId = organizationUser.Id,
-            Organization = organization,
-            OrganizationId = organization.Id,
-            Key = "test-key"
-        };
-
-        var singleOrgPolicyDetails = new PolicyDetails
-        {
-            OrganizationId = organization.Id,
-            PolicyType = PolicyType.SingleOrg
-        };
-
-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(organization.Id, PolicyType.AutomaticUserConfirmation)
-            .Returns(autoConfirmPolicy);
-
-        sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
-            .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
-            .Returns([(userId, true)]);
-
-        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyByUserAsync(userId)
-            .Returns([organizationUser, otherOrgUser]);
-
-        sutProvider.GetDependency<IPolicyRequirementQuery>()
-            .GetAsync<SingleOrganizationPolicyRequirement>(userId)
-            .Returns(new SingleOrganizationPolicyRequirement([singleOrgPolicyDetails]));
-
-        // Act
-        var result = await sutProvider.Sut.ValidateAsync(request);
-
-        // Assert
-        Assert.True(result.IsError);
-        Assert.IsType<OrganizationEnforcesSingleOrgPolicy>(result.AsError);
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task ValidateAsync_UserInMultipleOrgs_WithSingleOrgPolicyOnOtherOrg_ReturnsError(
-        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
-        [Organization(useAutomaticUserConfirmation: true)] Organization organization,
-        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
-        OrganizationUser otherOrgUser,
-        Guid userId,
-        [Policy(PolicyType.AutomaticUserConfirmation)] Policy autoConfirmPolicy)
-    {
-        // Arrange
-        organizationUser.UserId = userId;
-        organizationUser.OrganizationId = organization.Id;
-
-        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
-        {
-            PerformedBy = Substitute.For<IActingUser>(),
-            DefaultUserCollectionName = "test-collection",
-            OrganizationUser = organizationUser,
-            OrganizationUserId = organizationUser.Id,
-            Organization = organization,
-            OrganizationId = organization.Id,
-            Key = "test-key"
-        };
-
-        var otherOrgId = Guid.NewGuid(); // Different org
-        var singleOrgPolicyDetails = new PolicyDetails
-        {
-            OrganizationId = otherOrgId,
-            PolicyType = PolicyType.SingleOrg,
-        };
-
-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(organization.Id, PolicyType.AutomaticUserConfirmation)
-            .Returns(autoConfirmPolicy);
-
-        sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
-            .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
-            .Returns([(userId, true)]);
-
-        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyByUserAsync(userId)
-            .Returns([organizationUser, otherOrgUser]);
-
-        sutProvider.GetDependency<IPolicyRequirementQuery>()
-            .GetAsync<SingleOrganizationPolicyRequirement>(userId)
-            .Returns(new SingleOrganizationPolicyRequirement([singleOrgPolicyDetails]));
-
-        // Act
-        var result = await sutProvider.Sut.ValidateAsync(request);
-
-        // Assert
-        Assert.True(result.IsError);
-        Assert.IsType<OtherOrganizationEnforcesSingleOrgPolicy>(result.AsError);
-    }
-
     [Theory]
     [BitAutoData]
     public async Task ValidateAsync_UserInSingleOrg_ReturnsValidResult(
         SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
         [Organization(useAutomaticUserConfirmation: true)] Organization organization,
         [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
-        Guid userId,
+        User user,
         [Policy(PolicyType.AutomaticUserConfirmation)] Policy autoConfirmPolicy)
     {
         // Arrange
-        organizationUser.UserId = userId;
+        organizationUser.UserId = user.Id;
         organizationUser.OrganizationId = organization.Id;
 
         var request = new AutomaticallyConfirmOrganizationUserValidationRequest
@@ -544,61 +471,22 @@ public class AutomaticallyConfirmOrganizationUsersValidatorTests
 
         sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
             .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
-            .Returns([(userId, true)]);
+            .Returns([(user.Id, true)]);
 
         sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyByUserAsync(userId)
+            .GetManyByUserAsync(user.Id)
             .Returns([organizationUser]); // Single org
 
-        // Act
-        var result = await sutProvider.Sut.ValidateAsync(request);
+        sutProvider.GetDependency<IUserService>()
+            .GetUserByIdAsync(user.Id)
+            .Returns(user);
 
-        // Assert
-        Assert.True(result.IsValid);
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task ValidateAsync_UserInMultipleOrgs_WithNoSingleOrgPolicy_ReturnsValidResult(
-        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
-        [Organization(useAutomaticUserConfirmation: true)] Organization organization,
-        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
-        OrganizationUser otherOrgUser,
-        Guid userId,
-        Policy autoConfirmPolicy)
-    {
-        // Arrange
-        organizationUser.UserId = userId;
-        organizationUser.OrganizationId = organization.Id;
-        autoConfirmPolicy.Type = PolicyType.AutomaticUserConfirmation;
-        autoConfirmPolicy.Enabled = true;
-
-        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
-        {
-            PerformedBy = Substitute.For<IActingUser>(),
-            DefaultUserCollectionName = "test-collection",
-            OrganizationUser = organizationUser,
-            OrganizationUserId = organizationUser.Id,
-            Organization = organization,
-            OrganizationId = organization.Id,
-            Key = "test-key"
-        };
-
-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(organization.Id, PolicyType.AutomaticUserConfirmation)
-            .Returns(autoConfirmPolicy);
-
-        sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
-            .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
-            .Returns([(userId, true)]);
-
-        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyByUserAsync(userId)
-            .Returns([organizationUser, otherOrgUser]);
-
-        sutProvider.GetDependency<IPolicyRequirementQuery>()
-            .GetAsync<SingleOrganizationPolicyRequirement>(userId)
-            .Returns(new SingleOrganizationPolicyRequirement([]));
+        sutProvider.GetDependency<IAutomaticUserConfirmationPolicyEnforcementValidator>()
+            .IsCompliantAsync(Arg.Any<AutomaticUserConfirmationPolicyEnforcementRequest>())
+            .Returns(Valid(
+                new AutomaticUserConfirmationPolicyEnforcementRequest(organization.Id,
+                    [organizationUser],
+                    user)));
 
         // Act
         var result = await sutProvider.Sut.ValidateAsync(request);
@@ -693,4 +581,59 @@ public class AutomaticallyConfirmOrganizationUsersValidatorTests
         Assert.True(result.IsError);
         Assert.IsType<AutomaticallyConfirmUsersPolicyIsNotEnabled>(result.AsError);
     }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WithNonProviderUser_ReturnsValidResult(
+        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
+        [Organization(useAutomaticUserConfirmation: true)] Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        User user,
+        [Policy(PolicyType.AutomaticUserConfirmation)] Policy autoConfirmPolicy)
+    {
+        // Arrange
+        organizationUser.UserId = user.Id;
+        organizationUser.OrganizationId = organization.Id;
+
+        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
+        {
+            PerformedBy = Substitute.For<IActingUser>(),
+            DefaultUserCollectionName = "test-collection",
+            OrganizationUser = organizationUser,
+            OrganizationUserId = organizationUser.Id,
+            Organization = organization,
+            OrganizationId = organization.Id,
+            Key = "test-key"
+        };
+
+        sutProvider.GetDependency<IPolicyRepository>()
+            .GetByOrganizationIdTypeAsync(organization.Id, PolicyType.AutomaticUserConfirmation)
+            .Returns(autoConfirmPolicy);
+
+        sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
+            .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
+            .Returns([(user.Id, true)]);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(user.Id)
+            .Returns([organizationUser]);
+
+        sutProvider.GetDependency<IUserService>()
+            .GetUserByIdAsync(user.Id)
+            .Returns(user);
+
+        sutProvider.GetDependency<IAutomaticUserConfirmationPolicyEnforcementValidator>()
+            .IsCompliantAsync(Arg.Any<AutomaticUserConfirmationPolicyEnforcementRequest>())
+            .Returns(Valid(
+                new AutomaticUserConfirmationPolicyEnforcementRequest(organization.Id,
+                    [organizationUser],
+                    user)));
+
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(request);
+
+        // Assert
+        Assert.True(result.IsValid);
+    }
 }

test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/ConfirmOrganizationUserCommandTests.cs

@@ -2,7 +2,9 @@
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.AutoConfirmUser;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Enforcement.AutoConfirm;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
 using Bit.Core.AdminConsole.Services;
 using Bit.Core.Auth.UserFeatures.TwoFactorAuth.Interfaces;
@@ -21,6 +23,7 @@ using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using NSubstitute;
 using Xunit;
+using static Bit.Core.AdminConsole.Utilities.v2.Validation.ValidationResultHelpers;
 
 namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.OrganizationUsers;
 
@@ -559,4 +562,256 @@ public class ConfirmOrganizationUserCommandTests
             .DidNotReceive()
             .UpsertDefaultCollectionsAsync(Arg.Any<Guid>(), Arg.Any<IEnumerable<Guid>>(), Arg.Any<string>());
     }
+
+    [Theory, BitAutoData]
+    public async Task ConfirmUserAsync_WithAutoConfirmEnabledAndUserBelongsToAnotherOrg_ThrowsBadRequest(
+        Organization org, OrganizationUser confirmingUser,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser orgUser, User user,
+        OrganizationUser otherOrgUser, string key, SutProvider<ConfirmOrganizationUserCommand> sutProvider)
+    {
+        org.PlanType = PlanType.EnterpriseAnnually;
+        orgUser.OrganizationId = confirmingUser.OrganizationId = org.Id;
+        orgUser.UserId = user.Id;
+        otherOrgUser.UserId = user.Id;
+        otherOrgUser.OrganizationId = Guid.NewGuid(); // Different org
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyAsync([]).ReturnsForAnyArgs([orgUser]);
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByManyUsersAsync([])
+            .ReturnsForAnyArgs([orgUser, otherOrgUser]);
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(org.Id).Returns(org);
+        sutProvider.GetDependency<IUserRepository>().GetManyAsync([]).ReturnsForAnyArgs([user]);
+
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)
+            .Returns(true);
+
+        sutProvider.GetDependency<IAutomaticUserConfirmationPolicyEnforcementValidator>()
+            .IsCompliantAsync(Arg.Any<AutomaticUserConfirmationPolicyEnforcementRequest>())
+            .Returns(Invalid(
+                new AutomaticUserConfirmationPolicyEnforcementRequest(orgUser.Id, [orgUser, otherOrgUser], user),
+                new UserCannotBelongToAnotherOrganization()));
+
+        var exception = await Assert.ThrowsAsync<BadRequestException>(
+            () => sutProvider.Sut.ConfirmUserAsync(orgUser.OrganizationId, orgUser.Id, key, confirmingUser.Id));
+
+        Assert.Equal(new UserCannotBelongToAnotherOrganization().Message, exception.Message);
+    }
+
+    [Theory, BitAutoData]
+    public async Task ConfirmUserAsync_WithAutoConfirmEnabledForOtherOrg_ThrowsBadRequest(
+        Organization org, OrganizationUser confirmingUser,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser orgUser, User user,
+        OrganizationUser otherOrgUser, string key, SutProvider<ConfirmOrganizationUserCommand> sutProvider)
+    {
+        // Arrange
+        org.PlanType = PlanType.EnterpriseAnnually;
+        orgUser.OrganizationId = confirmingUser.OrganizationId = org.Id;
+        orgUser.UserId = user.Id;
+        otherOrgUser.UserId = user.Id;
+        otherOrgUser.OrganizationId = Guid.NewGuid();
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyAsync([]).ReturnsForAnyArgs([orgUser]);
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByManyUsersAsync([])
+            .ReturnsForAnyArgs([orgUser, otherOrgUser]);
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(org.Id).Returns(org);
+        sutProvider.GetDependency<IUserRepository>().GetManyAsync([]).ReturnsForAnyArgs([user]);
+
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)
+            .Returns(true);
+
+        sutProvider.GetDependency<IAutomaticUserConfirmationPolicyEnforcementValidator>()
+            .IsCompliantAsync(Arg.Any<AutomaticUserConfirmationPolicyEnforcementRequest>())
+            .Returns(Invalid(
+                new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser, otherOrgUser], user),
+                new OtherOrganizationDoesNotAllowOtherMembership()));
+
+        // Act & Assert
+        var exception = await Assert.ThrowsAsync<BadRequestException>(
+            () => sutProvider.Sut.ConfirmUserAsync(orgUser.OrganizationId, orgUser.Id, key, confirmingUser.Id));
+
+        Assert.Equal(new OtherOrganizationDoesNotAllowOtherMembership().Message, exception.Message);
+    }
+
+    [Theory, BitAutoData]
+    public async Task ConfirmUserAsync_WithAutoConfirmEnabledAndUserIsProvider_ThrowsBadRequest(
+        Organization org, OrganizationUser confirmingUser,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser orgUser, User user,
+        string key, SutProvider<ConfirmOrganizationUserCommand> sutProvider)
+    {
+        // Arrange
+        org.PlanType = PlanType.EnterpriseAnnually;
+        orgUser.OrganizationId = confirmingUser.OrganizationId = org.Id;
+        orgUser.UserId = user.Id;
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyAsync([]).ReturnsForAnyArgs([orgUser]);
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByManyUsersAsync([])
+            .ReturnsForAnyArgs([orgUser]);
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(org.Id).Returns(org);
+        sutProvider.GetDependency<IUserRepository>().GetManyAsync([]).ReturnsForAnyArgs([user]);
+
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)
+            .Returns(true);
+
+        sutProvider.GetDependency<IAutomaticUserConfirmationPolicyEnforcementValidator>()
+            .IsCompliantAsync(Arg.Any<AutomaticUserConfirmationPolicyEnforcementRequest>())
+            .Returns(Invalid(
+                new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser], user),
+                new ProviderUsersCannotJoin()));
+
+        // Act & Assert
+        var exception = await Assert.ThrowsAsync<BadRequestException>(
+            () => sutProvider.Sut.ConfirmUserAsync(orgUser.OrganizationId, orgUser.Id, key, confirmingUser.Id));
+
+        Assert.Equal(new ProviderUsersCannotJoin().Message, exception.Message);
+    }
+
+    [Theory, BitAutoData]
+    public async Task ConfirmUserAsync_WithAutoConfirmNotApplicable_Succeeds(
+        Organization org, OrganizationUser confirmingUser,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser orgUser, User user,
+        string key, SutProvider<ConfirmOrganizationUserCommand> sutProvider)
+    {
+        // Arrange
+        org.PlanType = PlanType.EnterpriseAnnually;
+        orgUser.OrganizationId = confirmingUser.OrganizationId = org.Id;
+        orgUser.UserId = user.Id;
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyAsync([]).ReturnsForAnyArgs([orgUser]);
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByManyUsersAsync([])
+            .ReturnsForAnyArgs([orgUser]);
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(org.Id).Returns(org);
+        sutProvider.GetDependency<IUserRepository>().GetManyAsync([]).ReturnsForAnyArgs([user]);
+
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)
+            .Returns(true);
+
+        sutProvider.GetDependency<IAutomaticUserConfirmationPolicyEnforcementValidator>()
+            .IsCompliantAsync(Arg.Any<AutomaticUserConfirmationPolicyEnforcementRequest>())
+            .Returns(Valid(new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser], user)));
+
+        // Act
+        await sutProvider.Sut.ConfirmUserAsync(orgUser.OrganizationId, orgUser.Id, key, confirmingUser.Id);
+
+        // Assert
+        await sutProvider.GetDependency<IEventService>()
+            .Received(1).LogOrganizationUserEventAsync(orgUser, EventType.OrganizationUser_Confirmed);
+        await sutProvider.GetDependency<IMailService>()
+            .Received(1).SendOrganizationConfirmedEmailAsync(org.DisplayName(), user.Email, orgUser.AccessSecretsManager);
+    }
+
+    [Theory, BitAutoData]
+    public async Task ConfirmUserAsync_WithAutoConfirmValidationBeforeSingleOrgPolicy_ChecksAutoConfirmFirst(
+        Organization org, OrganizationUser confirmingUser,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser orgUser, User user,
+        OrganizationUser otherOrgUser,
+        [OrganizationUserPolicyDetails(PolicyType.SingleOrg)] OrganizationUserPolicyDetails singleOrgPolicy,
+        string key, SutProvider<ConfirmOrganizationUserCommand> sutProvider)
+    {
+        // Arrange - Setup conditions that would fail BOTH auto-confirm AND single org policy
+        org.PlanType = PlanType.EnterpriseAnnually;
+        orgUser.OrganizationId = confirmingUser.OrganizationId = org.Id;
+        orgUser.UserId = user.Id;
+        otherOrgUser.UserId = user.Id;
+        otherOrgUser.OrganizationId = Guid.NewGuid();
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyAsync([]).ReturnsForAnyArgs([orgUser]);
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByManyUsersAsync([])
+            .ReturnsForAnyArgs([orgUser, otherOrgUser]);
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(org.Id).Returns(org);
+        sutProvider.GetDependency<IUserRepository>().GetManyAsync([]).ReturnsForAnyArgs([user]);
+
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)
+            .Returns(true);
+
+        singleOrgPolicy.OrganizationId = org.Id;
+        sutProvider.GetDependency<IPolicyService>()
+            .GetPoliciesApplicableToUserAsync(user.Id, PolicyType.SingleOrg)
+            .Returns([singleOrgPolicy]);
+
+        sutProvider.GetDependency<IAutomaticUserConfirmationPolicyEnforcementValidator>()
+            .IsCompliantAsync(Arg.Any<AutomaticUserConfirmationPolicyEnforcementRequest>())
+            .Returns(Invalid(
+                new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser, otherOrgUser], user),
+                new UserCannotBelongToAnotherOrganization()));
+
+        // Act & Assert
+        var exception = await Assert.ThrowsAsync<BadRequestException>(
+            () => sutProvider.Sut.ConfirmUserAsync(orgUser.OrganizationId, orgUser.Id, key, confirmingUser.Id));
+
+        Assert.Equal(new UserCannotBelongToAnotherOrganization().Message, exception.Message);
+        Assert.NotEqual("Cannot confirm this member to the organization until they leave or remove all other organizations.",
+            exception.Message);
+    }
+
+    [Theory, BitAutoData]
+    public async Task ConfirmUsersAsync_WithAutoConfirmEnabled_MixedResults(
+        Organization org, OrganizationUser confirmingUser,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser orgUser1,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser orgUser2,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser orgUser3,
+        OrganizationUser otherOrgUser, User user1, User user2, User user3,
+        string key, SutProvider<ConfirmOrganizationUserCommand> sutProvider)
+    {
+        // Arrange
+        org.PlanType = PlanType.EnterpriseAnnually;
+        orgUser1.OrganizationId = orgUser2.OrganizationId = orgUser3.OrganizationId = confirmingUser.OrganizationId = org.Id;
+        orgUser1.UserId = user1.Id;
+        orgUser2.UserId = user2.Id;
+        orgUser3.UserId = user3.Id;
+        otherOrgUser.UserId = user3.Id;
+        otherOrgUser.OrganizationId = Guid.NewGuid();
+
+        var orgUsers = new[] { orgUser1, orgUser2, orgUser3 };
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyAsync([]).ReturnsForAnyArgs(orgUsers);
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(org.Id).Returns(org);
+        sutProvider.GetDependency<IUserRepository>()
+            .GetManyAsync([]).ReturnsForAnyArgs([user1, user2, user3]);
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByManyUsersAsync([])
+            .ReturnsForAnyArgs([orgUser1, orgUser2, orgUser3, otherOrgUser]);
+
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)
+            .Returns(true);
+
+        sutProvider.GetDependency<IAutomaticUserConfirmationPolicyEnforcementValidator>()
+            .IsCompliantAsync(Arg.Is<AutomaticUserConfirmationPolicyEnforcementRequest>(r => r.User.Id == user1.Id))
+            .Returns(Valid(new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser1], user1)));
+
+        sutProvider.GetDependency<IAutomaticUserConfirmationPolicyEnforcementValidator>()
+            .IsCompliantAsync(Arg.Is<AutomaticUserConfirmationPolicyEnforcementRequest>(r => r.User.Id == user2.Id))
+            .Returns(Valid(new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser2], user2)));
+
+        sutProvider.GetDependency<IAutomaticUserConfirmationPolicyEnforcementValidator>()
+            .IsCompliantAsync(Arg.Is<AutomaticUserConfirmationPolicyEnforcementRequest>(r => r.User.Id == user3.Id))
+            .Returns(Invalid(
+                new AutomaticUserConfirmationPolicyEnforcementRequest(org.Id, [orgUser3, otherOrgUser], user3),
+                new OtherOrganizationDoesNotAllowOtherMembership()));
+
+        var keys = orgUsers.ToDictionary(ou => ou.Id, _ => key);
+
+        // Act
+        var result = await sutProvider.Sut.ConfirmUsersAsync(confirmingUser.OrganizationId, keys, confirmingUser.Id);
+
+        // Assert
+        Assert.Equal(3, result.Count);
+        Assert.Empty(result[0].Item2);
+        Assert.Empty(result[1].Item2);
+        Assert.Equal(new OtherOrganizationDoesNotAllowOtherMembership().Message, result[2].Item2);
+    }
 }

test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/BulkResendOrganizationInvitesCommandTests.cs

@@ -0,0 +1,113 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Models;
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers;
+
+[SutProviderCustomize]
+public class BulkResendOrganizationInvitesCommandTests
+{
+    [Theory]
+    [BitAutoData]
+    public async Task BulkResendInvitesAsync_ValidatesUsersAndSendsBatchInvite(
+        Organization organization,
+        OrganizationUser validUser1,
+        OrganizationUser validUser2,
+        OrganizationUser acceptedUser,
+        OrganizationUser wrongOrgUser,
+        SutProvider<BulkResendOrganizationInvitesCommand> sutProvider)
+    {
+        validUser1.OrganizationId = organization.Id;
+        validUser1.Status = OrganizationUserStatusType.Invited;
+        validUser2.OrganizationId = organization.Id;
+        validUser2.Status = OrganizationUserStatusType.Invited;
+        acceptedUser.OrganizationId = organization.Id;
+        acceptedUser.Status = OrganizationUserStatusType.Accepted;
+        wrongOrgUser.OrganizationId = Guid.NewGuid();
+        wrongOrgUser.Status = OrganizationUserStatusType.Invited;
+
+        var users = new List<OrganizationUser> { validUser1, validUser2, acceptedUser, wrongOrgUser };
+        var userIds = users.Select(u => u.Id).ToList();
+
+        sutProvider.GetDependency<IOrganizationUserRepository>().GetManyAsync(userIds).Returns(users);
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
+
+        var result = (await sutProvider.Sut.BulkResendInvitesAsync(organization.Id, null, userIds)).ToList();
+
+        Assert.Equal(4, result.Count);
+        Assert.Equal(2, result.Count(r => string.IsNullOrEmpty(r.Item2)));
+        Assert.Equal(2, result.Count(r => r.Item2 == "User invalid."));
+
+        await sutProvider.GetDependency<ISendOrganizationInvitesCommand>()
+            .Received(1)
+            .SendInvitesAsync(Arg.Is<SendInvitesRequest>(req =>
+                req.Organization == organization &&
+                req.Users.Length == 2 &&
+                req.InitOrganization == false));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task BulkResendInvitesAsync_AllInvalidUsers_DoesNotSendInvites(
+        Organization organization,
+        List<OrganizationUser> organizationUsers,
+        SutProvider<BulkResendOrganizationInvitesCommand> sutProvider)
+    {
+        foreach (var user in organizationUsers)
+        {
+            user.OrganizationId = organization.Id;
+            user.Status = OrganizationUserStatusType.Confirmed;
+        }
+
+        var userIds = organizationUsers.Select(u => u.Id).ToList();
+        sutProvider.GetDependency<IOrganizationUserRepository>().GetManyAsync(userIds).Returns(organizationUsers);
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
+
+        var result = (await sutProvider.Sut.BulkResendInvitesAsync(organization.Id, null, userIds)).ToList();
+
+        Assert.Equal(organizationUsers.Count, result.Count);
+        Assert.All(result, r => Assert.Equal("User invalid.", r.Item2));
+        await sutProvider.GetDependency<ISendOrganizationInvitesCommand>().DidNotReceive()
+            .SendInvitesAsync(Arg.Any<SendInvitesRequest>());
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task BulkResendInvitesAsync_OrganizationNotFound_ThrowsNotFoundException(
+        Guid organizationId,
+        List<Guid> userIds,
+        List<OrganizationUser> organizationUsers,
+        SutProvider<BulkResendOrganizationInvitesCommand> sutProvider)
+    {
+        sutProvider.GetDependency<IOrganizationUserRepository>().GetManyAsync(userIds).Returns(organizationUsers);
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organizationId).Returns((Organization?)null);
+
+        await Assert.ThrowsAsync<NotFoundException>(() =>
+            sutProvider.Sut.BulkResendInvitesAsync(organizationId, null, userIds));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task BulkResendInvitesAsync_EmptyUserList_ReturnsEmpty(
+        Organization organization,
+        SutProvider<BulkResendOrganizationInvitesCommand> sutProvider)
+    {
+        var emptyUserIds = new List<Guid>();
+        sutProvider.GetDependency<IOrganizationUserRepository>().GetManyAsync(emptyUserIds).Returns(new List<OrganizationUser>());
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
+
+        var result = await sutProvider.Sut.BulkResendInvitesAsync(organization.Id, null, emptyUserIds);
+
+        Assert.Empty(result);
+        await sutProvider.GetDependency<ISendOrganizationInvitesCommand>().DidNotReceive()
+            .SendInvitesAsync(Arg.Any<SendInvitesRequest>());
+    }
+}

test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Validation/InviteOrganizationUsersValidatorTests.cs

@@ -3,11 +3,11 @@ using Bit.Core.AdminConsole.Models.Business;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Models;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Validation;
 using Bit.Core.AdminConsole.Utilities.Validation;
+using Bit.Core.Billing.Services;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Business;
 using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface;
 using Bit.Core.Repositories;
-using Bit.Core.Services;
 using Bit.Core.Test.Billing.Mocks.Plans;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
@@ -50,7 +50,7 @@ public class InviteOrganizationUsersValidatorTests
             OccupiedSmSeats = 9
         };
 
-        sutProvider.GetDependency<IPaymentService>()
+        sutProvider.GetDependency<IStripePaymentService>()
             .HasSecretsManagerStandalone(request.InviteOrganization)
             .Returns(true);
 
@@ -96,7 +96,7 @@ public class InviteOrganizationUsersValidatorTests
             OccupiedSmSeats = 9
         };
 
-        sutProvider.GetDependency<IPaymentService>()
+        sutProvider.GetDependency<IStripePaymentService>()
             .HasSecretsManagerStandalone(request.InviteOrganization)
             .Returns(true);
 
@@ -140,7 +140,7 @@ public class InviteOrganizationUsersValidatorTests
             OccupiedSmSeats = 4
         };
 
-        sutProvider.GetDependency<IPaymentService>()
+        sutProvider.GetDependency<IStripePaymentService>()
             .HasSecretsManagerStandalone(request.InviteOrganization)
             .Returns(true);
 

test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RevokeOrganizationUserCommandTests.cs

@@ -1,6 +1,6 @@
 using Bit.Core.AdminConsole.Entities;
-using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.RevokeUser.v1;
 using Bit.Core.Context;
 using Bit.Core.Entities;
 using Bit.Core.Enums;

test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RevokeUser/v2/RevokeOrganizationUserCommandTests.cs

@@ -0,0 +1,215 @@
+using Bit.Core.AdminConsole.Models.Data;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.RevokeUser.v2;
+using Bit.Core.AdminConsole.Utilities.v2.Validation;
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Platform.Push;
+using Bit.Core.Repositories;
+using Bit.Core.Services;
+using Bit.Core.Test.AutoFixture.OrganizationUserFixtures;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using Microsoft.Extensions.Logging;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.OrganizationUsers.RevokeUser.v2;
+
+[SutProviderCustomize]
+public class RevokeOrganizationUserCommandTests
+{
+    [Theory]
+    [BitAutoData]
+    public async Task RevokeUsersAsync_WithValidUsers_RevokesUsersAndLogsEvents(
+        SutProvider<RevokeOrganizationUserCommand> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser orgUser1,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser orgUser2)
+    {
+        // Arrange
+        orgUser1.OrganizationId = orgUser2.OrganizationId = organizationId;
+        orgUser1.UserId = Guid.NewGuid();
+        orgUser2.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(actingUserId, false, null);
+        var request = new RevokeOrganizationUsersRequest(
+            organizationId,
+            [orgUser1.Id, orgUser2.Id],
+            actingUser);
+
+        SetupRepositoryMocks(sutProvider, [orgUser1, orgUser2]);
+        SetupValidatorMock(sutProvider, [
+            ValidationResultHelpers.Valid(orgUser1),
+            ValidationResultHelpers.Valid(orgUser2)
+        ]);
+
+        // Act
+        var results = (await sutProvider.Sut.RevokeUsersAsync(request)).ToList();
+
+        // Assert
+        Assert.Equal(2, results.Count);
+        Assert.All(results, r => Assert.True(r.Result.IsSuccess));
+
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
+            .Received(1)
+            .RevokeManyByIdAsync(Arg.Is<IEnumerable<Guid>>(ids =>
+                ids.Contains(orgUser1.Id) && ids.Contains(orgUser2.Id)));
+
+        await sutProvider.GetDependency<IEventService>()
+            .Received(1)
+            .LogOrganizationUserEventsAsync(Arg.Is<IEnumerable<(OrganizationUser, EventType, DateTime?)>>(
+                events => events.Count() == 2));
+
+        await sutProvider.GetDependency<IPushNotificationService>()
+            .Received(1)
+            .PushSyncOrgKeysAsync(orgUser1.UserId!.Value);
+
+        await sutProvider.GetDependency<IPushNotificationService>()
+            .Received(1)
+            .PushSyncOrgKeysAsync(orgUser2.UserId!.Value);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task RevokeUsersAsync_WithSystemUser_LogsEventsWithSystemUserType(
+        SutProvider<RevokeOrganizationUserCommand> sutProvider,
+        Guid organizationId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser orgUser)
+    {
+        // Arrange
+        orgUser.OrganizationId = organizationId;
+        orgUser.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(null, false, EventSystemUser.SCIM);
+
+        var request = new RevokeOrganizationUsersRequest(
+            organizationId,
+            [orgUser.Id],
+            actingUser);
+
+        SetupRepositoryMocks(sutProvider, [orgUser]);
+        SetupValidatorMock(sutProvider, [ValidationResultHelpers.Valid(orgUser)]);
+
+        // Act
+        await sutProvider.Sut.RevokeUsersAsync(request);
+
+        // Assert
+        await sutProvider.GetDependency<IEventService>()
+            .Received(1)
+            .LogOrganizationUserEventsAsync(Arg.Is<IEnumerable<(OrganizationUser, EventType, EventSystemUser, DateTime?)>>(
+                events => events.All(e => e.Item3 == EventSystemUser.SCIM)));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task RevokeUsersAsync_WithValidationErrors_ReturnsErrorResults(
+        SutProvider<RevokeOrganizationUserCommand> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Revoked, OrganizationUserType.User)] OrganizationUser orgUser1,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser orgUser2)
+    {
+        // Arrange
+        orgUser1.OrganizationId = orgUser2.OrganizationId = organizationId;
+
+        var actingUser = CreateActingUser(actingUserId, false, null);
+
+        var request = new RevokeOrganizationUsersRequest(
+            organizationId,
+            [orgUser1.Id, orgUser2.Id],
+            actingUser);
+
+        SetupRepositoryMocks(sutProvider, [orgUser1, orgUser2]);
+        SetupValidatorMock(sutProvider, [
+            ValidationResultHelpers.Invalid(orgUser1, new UserAlreadyRevoked()),
+            ValidationResultHelpers.Valid(orgUser2)
+        ]);
+
+        // Act
+        var results = (await sutProvider.Sut.RevokeUsersAsync(request)).ToList();
+
+        // Assert
+        Assert.Equal(2, results.Count);
+        var result1 = results.Single(r => r.Id == orgUser1.Id);
+        var result2 = results.Single(r => r.Id == orgUser2.Id);
+
+        Assert.True(result1.Result.IsError);
+        Assert.True(result2.Result.IsSuccess);
+
+        // Only the valid user should be revoked
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
+            .Received(1)
+            .RevokeManyByIdAsync(Arg.Is<IEnumerable<Guid>>(ids =>
+                ids.Count() == 1 && ids.Contains(orgUser2.Id)));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task RevokeUsersAsync_WhenPushNotificationFails_ContinuesProcessing(
+        SutProvider<RevokeOrganizationUserCommand> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser orgUser)
+    {
+        // Arrange
+        orgUser.OrganizationId = organizationId;
+        orgUser.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(actingUserId, false, null);
+
+        var request = new RevokeOrganizationUsersRequest(
+            organizationId,
+            [orgUser.Id],
+            actingUser);
+
+        SetupRepositoryMocks(sutProvider, [orgUser]);
+        SetupValidatorMock(sutProvider, [ValidationResultHelpers.Valid(orgUser)]);
+
+        sutProvider.GetDependency<IPushNotificationService>()
+            .PushSyncOrgKeysAsync(orgUser.UserId!.Value)
+            .Returns(Task.FromException(new Exception("Push notification failed")));
+
+        // Act
+        var results = (await sutProvider.Sut.RevokeUsersAsync(request)).ToList();
+
+        // Assert
+        Assert.Single(results);
+        Assert.True(results[0].Result.IsSuccess);
+
+        // Should log warning but continue
+        sutProvider.GetDependency<ILogger<RevokeOrganizationUserCommand>>()
+            .Received()
+            .Log(
+                LogLevel.Warning,
+                Arg.Any<EventId>(),
+                Arg.Any<object>(),
+                Arg.Any<Exception>(),
+                Arg.Any<Func<object, Exception?, string>>());
+    }
+
+    private static IActingUser CreateActingUser(Guid? userId, bool isOwnerOrProvider, EventSystemUser? systemUserType) =>
+        (userId, systemUserType) switch
+        {
+            ({ } id, _) => new StandardUser(id, isOwnerOrProvider),
+            (null, { } type) => new SystemUser(type)
+        };
+
+    private static void SetupRepositoryMocks(
+        SutProvider<RevokeOrganizationUserCommand> sutProvider,
+        ICollection<OrganizationUser> organizationUsers)
+    {
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyAsync(Arg.Any<IEnumerable<Guid>>())
+            .Returns(organizationUsers);
+    }
+
+    private static void SetupValidatorMock(
+        SutProvider<RevokeOrganizationUserCommand> sutProvider,
+        ICollection<ValidationResult<OrganizationUser>> validationResults)
+    {
+        sutProvider.GetDependency<IRevokeOrganizationUserValidator>()
+            .ValidateAsync(Arg.Any<RevokeOrganizationUsersValidationRequest>())
+            .Returns(validationResults);
+    }
+}

test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RevokeUser/v2/RevokeOrganizationUsersValidatorTests.cs

@@ -0,0 +1,325 @@
+using Bit.Core.AdminConsole.Models.Data;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.RevokeUser.v2;
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Test.AutoFixture.OrganizationUserFixtures;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.OrganizationUsers.RevokeUser.v2;
+
+[SutProviderCustomize]
+public class RevokeOrganizationUsersValidatorTests
+{
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WithValidUsers_ReturnsSuccess(
+        SutProvider<RevokeOrganizationUsersValidator> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser orgUser1,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser orgUser2)
+    {
+        // Arrange
+        orgUser1.OrganizationId = orgUser2.OrganizationId = organizationId;
+        orgUser1.UserId = Guid.NewGuid();
+        orgUser2.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(actingUserId, false, null);
+        var request = CreateValidationRequest(
+            organizationId,
+            [orgUser1, orgUser2],
+            actingUser);
+
+        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
+            .HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>())
+            .Returns(true);
+
+        // Act
+        var results = (await sutProvider.Sut.ValidateAsync(request)).ToList();
+
+        // Assert
+        Assert.Equal(2, results.Count);
+        Assert.All(results, r => Assert.True(r.IsValid));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WithRevokedUser_ReturnsErrorForThatUser(
+        SutProvider<RevokeOrganizationUsersValidator> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Revoked, OrganizationUserType.User)] OrganizationUser revokedUser)
+    {
+        // Arrange
+        revokedUser.OrganizationId = organizationId;
+        revokedUser.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(actingUserId, false, null);
+        var request = CreateValidationRequest(
+            organizationId,
+            [revokedUser],
+            actingUser);
+
+        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
+            .HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>())
+            .Returns(true);
+
+        // Act
+        var results = (await sutProvider.Sut.ValidateAsync(request)).ToList();
+
+        // Assert
+        Assert.Single(results);
+        Assert.True(results.First().IsError);
+        Assert.IsType<UserAlreadyRevoked>(results.First().AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WhenRevokingSelf_ReturnsErrorForThatUser(
+        SutProvider<RevokeOrganizationUsersValidator> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser orgUser)
+    {
+        // Arrange
+        orgUser.OrganizationId = organizationId;
+        orgUser.UserId = actingUserId;
+
+        var actingUser = CreateActingUser(actingUserId, false, null);
+        var request = CreateValidationRequest(
+            organizationId,
+            [orgUser],
+            actingUser);
+
+        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
+            .HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>())
+            .Returns(true);
+
+        // Act
+        var results = (await sutProvider.Sut.ValidateAsync(request)).ToList();
+
+        // Assert
+        Assert.Single(results);
+        Assert.True(results.First().IsError);
+        Assert.IsType<CannotRevokeYourself>(results.First().AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WhenNonOwnerRevokesOwner_ReturnsErrorForThatUser(
+        SutProvider<RevokeOrganizationUsersValidator> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.Owner)] OrganizationUser ownerUser)
+    {
+        // Arrange
+        ownerUser.OrganizationId = organizationId;
+        ownerUser.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(actingUserId, false, null);
+        var request = CreateValidationRequest(
+            organizationId,
+            [ownerUser],
+            actingUser);
+
+        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
+            .HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>())
+            .Returns(true);
+
+        // Act
+        var results = (await sutProvider.Sut.ValidateAsync(request)).ToList();
+
+        // Assert
+        Assert.Single(results);
+        Assert.True(results.First().IsError);
+        Assert.IsType<OnlyOwnersCanRevokeOwners>(results.First().AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WhenOwnerRevokesOwner_ReturnsSuccess(
+        SutProvider<RevokeOrganizationUsersValidator> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.Owner)] OrganizationUser ownerUser)
+    {
+        // Arrange
+        ownerUser.OrganizationId = organizationId;
+        ownerUser.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(actingUserId, true, null);
+        var request = CreateValidationRequest(
+            organizationId,
+            [ownerUser],
+            actingUser);
+
+        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
+            .HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>())
+            .Returns(true);
+
+        // Act
+        var results = (await sutProvider.Sut.ValidateAsync(request)).ToList();
+
+        // Assert
+        Assert.Single(results);
+        Assert.True(results.First().IsValid);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WithMultipleUsers_SomeValid_ReturnsMixedResults(
+        SutProvider<RevokeOrganizationUsersValidator> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser validUser,
+        [OrganizationUser(OrganizationUserStatusType.Revoked, OrganizationUserType.User)] OrganizationUser revokedUser)
+    {
+        // Arrange
+        validUser.OrganizationId = revokedUser.OrganizationId = organizationId;
+        validUser.UserId = Guid.NewGuid();
+        revokedUser.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(actingUserId, false, null);
+        var request = CreateValidationRequest(
+            organizationId,
+            [validUser, revokedUser],
+            actingUser);
+
+        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
+            .HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>())
+            .Returns(true);
+
+        // Act
+        var results = (await sutProvider.Sut.ValidateAsync(request)).ToList();
+
+        // Assert
+        Assert.Equal(2, results.Count);
+
+        var validResult = results.Single(r => r.Request.Id == validUser.Id);
+        var errorResult = results.Single(r => r.Request.Id == revokedUser.Id);
+
+        Assert.True(validResult.IsValid);
+        Assert.True(errorResult.IsError);
+        Assert.IsType<UserAlreadyRevoked>(errorResult.AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WithSystemUser_DoesNotRequireActingUserId(
+        SutProvider<RevokeOrganizationUsersValidator> sutProvider,
+        Guid organizationId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser orgUser)
+    {
+        // Arrange
+        orgUser.OrganizationId = organizationId;
+        orgUser.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(null, false, EventSystemUser.SCIM);
+        var request = CreateValidationRequest(
+            organizationId,
+            [orgUser],
+            actingUser);
+
+        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
+            .HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>())
+            .Returns(true);
+
+        // Act
+        var results = (await sutProvider.Sut.ValidateAsync(request)).ToList();
+
+        // Assert
+        Assert.Single(results);
+        Assert.True(results.First().IsValid);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WhenRevokingLastOwner_ReturnsErrorForThatUser(
+        SutProvider<RevokeOrganizationUsersValidator> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.Owner)] OrganizationUser lastOwner)
+    {
+        // Arrange
+        lastOwner.OrganizationId = organizationId;
+        lastOwner.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(actingUserId, true, null); // Is an owner
+        var request = CreateValidationRequest(
+            organizationId,
+            [lastOwner],
+            actingUser);
+
+        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
+            .HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>())
+            .Returns(false);
+
+        // Act
+        var results = (await sutProvider.Sut.ValidateAsync(request)).ToList();
+
+        // Assert
+        Assert.Single(results);
+        Assert.True(results.First().IsError);
+        Assert.IsType<MustHaveConfirmedOwner>(results.First().AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WithMultipleValidationErrors_ReturnsAllErrors(
+        SutProvider<RevokeOrganizationUsersValidator> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Revoked, OrganizationUserType.User)] OrganizationUser revokedUser,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.Owner)] OrganizationUser ownerUser)
+    {
+        // Arrange
+        revokedUser.OrganizationId = ownerUser.OrganizationId = organizationId;
+        revokedUser.UserId = Guid.NewGuid();
+        ownerUser.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(actingUserId, false, null); // Not an owner
+        var request = CreateValidationRequest(
+            organizationId,
+            [revokedUser, ownerUser],
+            actingUser);
+
+        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
+            .HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>())
+            .Returns(true);
+
+        // Act
+        var results = (await sutProvider.Sut.ValidateAsync(request)).ToList();
+
+        // Assert
+        Assert.Equal(2, results.Count);
+        Assert.All(results, r => Assert.True(r.IsError));
+
+        Assert.Contains(results, r => r.AsError is UserAlreadyRevoked);
+        Assert.Contains(results, r => r.AsError is OnlyOwnersCanRevokeOwners);
+    }
+
+    private static IActingUser CreateActingUser(Guid? userId, bool isOwnerOrProvider, EventSystemUser? systemUserType) =>
+        (userId, systemUserType) switch
+        {
+            ({ } id, _) => new StandardUser(id, isOwnerOrProvider),
+            (null, { } type) => new SystemUser(type)
+        };
+
+
+    private static RevokeOrganizationUsersValidationRequest CreateValidationRequest(
+        Guid organizationId,
+        ICollection<OrganizationUser> organizationUsers,
+        IActingUser actingUser)
+    {
+        return new RevokeOrganizationUsersValidationRequest(
+            organizationId,
+            organizationUsers.Select(u => u.Id).ToList(),
+            actingUser,
+            organizationUsers
+        );
+    }
+}

test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/OrganizationSignUp/ResellerClientOrganizationSignUpCommandTests.cs

@@ -2,6 +2,7 @@
 using Bit.Core.AdminConsole.OrganizationFeatures.Organizations;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Models;
+using Bit.Core.Billing.Services;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Repositories;
@@ -172,7 +173,7 @@ public class ResellerClientOrganizationSignUpCommandTests
 
     private static async Task AssertCleanupIsPerformed(SutProvider<ResellerClientOrganizationSignUpCommand> sutProvider)
     {
-        await sutProvider.GetDependency<IPaymentService>()
+        await sutProvider.GetDependency<IStripePaymentService>()
             .Received(1)
             .CancelAndRecoverChargesAsync(Arg.Any<Organization>());
         await sutProvider.GetDependency<IOrganizationRepository>()

test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/OrganizationUpdateCommandTests.cs

@@ -30,7 +30,7 @@ public class OrganizationUpdateCommandTests
         var organizationBillingService = sutProvider.GetDependency<IOrganizationBillingService>();
 
         organization.Id = organizationId;
-        organization.GatewayCustomerId = null; // No Stripe customer, so no billing update
+        organization.GatewayCustomerId = null; // No Stripe customer, but billing update is still called
 
         organizationRepository
             .GetByIdAsync(organizationId)
@@ -61,8 +61,8 @@ public class OrganizationUpdateCommandTests
                 result,
                 EventType.Organization_Updated);
         await organizationBillingService
-            .DidNotReceiveWithAnyArgs()
-            .UpdateOrganizationNameAndEmail(Arg.Any<Organization>());
+            .Received(1)
+            .UpdateOrganizationNameAndEmail(result);
     }
 
     [Theory, BitAutoData]
@@ -93,7 +93,7 @@ public class OrganizationUpdateCommandTests
     [Theory]
     [BitAutoData("")]
     [BitAutoData((string)null)]
-    public async Task UpdateAsync_WhenGatewayCustomerIdIsNullOrEmpty_SkipsBillingUpdate(
+    public async Task UpdateAsync_WhenGatewayCustomerIdIsNullOrEmpty_CallsBillingUpdateButHandledGracefully(
         string gatewayCustomerId,
         Guid organizationId,
         Organization organization,
@@ -133,8 +133,8 @@ public class OrganizationUpdateCommandTests
                 result,
                 EventType.Organization_Updated);
         await organizationBillingService
-            .DidNotReceiveWithAnyArgs()
-            .UpdateOrganizationNameAndEmail(Arg.Any<Organization>());
+            .Received(1)
+            .UpdateOrganizationNameAndEmail(result);
     }
 
     [Theory, BitAutoData]

test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/UpdateOrganizationSubscriptionCommandTests.cs

@@ -2,9 +2,9 @@
 using Bit.Core.AdminConsole.Models.Data.Organizations;
 using Bit.Core.AdminConsole.OrganizationFeatures.Organizations;
 using Bit.Core.Billing.Enums;
+using Bit.Core.Billing.Services;
 using Bit.Core.Models.StaticStore;
 using Bit.Core.Repositories;
-using Bit.Core.Services;
 using Bit.Core.Test.Billing.Mocks.Plans;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
@@ -28,7 +28,7 @@ public class UpdateOrganizationSubscriptionCommandTests
         // Act
         await sutProvider.Sut.UpdateOrganizationSubscriptionAsync(subscriptionsToUpdate);
 
-        await sutProvider.GetDependency<IPaymentService>()
+        await sutProvider.GetDependency<IStripePaymentService>()
             .DidNotReceive()
             .AdjustSeatsAsync(Arg.Any<Organization>(), Arg.Any<Plan>(), Arg.Any<int>());
 
@@ -53,7 +53,7 @@ public class UpdateOrganizationSubscriptionCommandTests
         // Act
         await sutProvider.Sut.UpdateOrganizationSubscriptionAsync(subscriptionsToUpdate);
 
-        await sutProvider.GetDependency<IPaymentService>()
+        await sutProvider.GetDependency<IStripePaymentService>()
             .Received(1)
             .AdjustSeatsAsync(
                 Arg.Is<Organization>(x => x.Id == organization.Id),
@@ -81,7 +81,7 @@ public class UpdateOrganizationSubscriptionCommandTests
         OrganizationSubscriptionUpdate[] subscriptionsToUpdate =
             [new() { Organization = organization, Plan = new Enterprise2023Plan(true) }];
 
-        sutProvider.GetDependency<IPaymentService>()
+        sutProvider.GetDependency<IStripePaymentService>()
             .AdjustSeatsAsync(
                 Arg.Is<Organization>(x => x.Id == organization.Id),
                 Arg.Is<Plan>(x => x.Type == organization.PlanType),
@@ -115,7 +115,7 @@ public class UpdateOrganizationSubscriptionCommandTests
             new() { Organization = failedOrganization, Plan = new Enterprise2023Plan(true) }
         ];
 
-        sutProvider.GetDependency<IPaymentService>()
+        sutProvider.GetDependency<IStripePaymentService>()
             .AdjustSeatsAsync(
                 Arg.Is<Organization>(x => x.Id == failedOrganization.Id),
                 Arg.Is<Plan>(x => x.Type == failedOrganization.PlanType),
@@ -124,7 +124,7 @@ public class UpdateOrganizationSubscriptionCommandTests
         // Act
         await sutProvider.Sut.UpdateOrganizationSubscriptionAsync(subscriptionsToUpdate);
 
-        await sutProvider.GetDependency<IPaymentService>()
+        await sutProvider.GetDependency<IStripePaymentService>()
             .Received(1)
             .AdjustSeatsAsync(
                 Arg.Is<Organization>(x => x.Id == successfulOrganization.Id),

test/Core.Test/AdminConsole/OrganizationFeatures/Policies/Enforcement/AutoConfirm/AutomaticUserConfirmationPolicyEnforcementValidatorTests.cs

@@ -0,0 +1,306 @@
+using Bit.Core.AdminConsole.Entities.Provider;
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.AutoConfirmUser;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Enforcement.AutoConfirm;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
+using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.Entities;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies.Enforcement.AutoConfirm;
+
+[SutProviderCustomize]
+public class AutomaticUserConfirmationPolicyEnforcementValidatorTests
+{
+    [Theory]
+    [BitAutoData]
+    public async Task IsCompliantAsync_WithPolicyEnabledAndUserIsProviderMember_ReturnsProviderUsersCannotJoinError(
+        SutProvider<AutomaticUserConfirmationPolicyEnforcementValidator> sutProvider,
+        OrganizationUser organizationUser,
+        ProviderUser providerUser,
+        User user)
+    {
+        // Arrange
+        organizationUser.UserId = providerUser.UserId = user.Id;
+
+        var policyDetails = new PolicyDetails
+        {
+            OrganizationId = organizationUser.OrganizationId,
+            PolicyType = PolicyType.AutomaticUserConfirmation
+        };
+
+        var request = new AutomaticUserConfirmationPolicyEnforcementRequest(
+            organizationUser.OrganizationId,
+            [organizationUser],
+            user);
+
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetAsync<AutomaticUserConfirmationPolicyRequirement>(user.Id)
+            .Returns(new AutomaticUserConfirmationPolicyRequirement([policyDetails]));
+
+        sutProvider.GetDependency<IProviderUserRepository>()
+            .GetManyByUserAsync(user.Id)
+            .Returns([providerUser]);
+
+        // Act
+        var result = await sutProvider.Sut.IsCompliantAsync(request);
+
+        // Assert
+        Assert.True(result.IsError);
+        Assert.IsType<ProviderUsersCannotJoin>(result.AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task IsCompliantAsync_WithPolicyEnabledOnOtherOrganization_ReturnsOtherOrganizationDoesNotAllowOtherMembershipError(
+        SutProvider<AutomaticUserConfirmationPolicyEnforcementValidator> sutProvider,
+        OrganizationUser organizationUser,
+        OrganizationUser otherOrganizationUser,
+        User user)
+    {
+        // Arrange
+        organizationUser.UserId = user.Id;
+        otherOrganizationUser.UserId = user.Id;
+
+        var otherOrgId = Guid.NewGuid();
+        var policyDetails = new PolicyDetails
+        {
+            OrganizationId = otherOrgId, // Different from organizationUser.OrganizationId
+            PolicyType = PolicyType.AutomaticUserConfirmation
+        };
+
+        var request = new AutomaticUserConfirmationPolicyEnforcementRequest(
+            organizationUser.OrganizationId,
+            [organizationUser, otherOrganizationUser],
+            user);
+
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetAsync<AutomaticUserConfirmationPolicyRequirement>(user.Id)
+            .Returns(new AutomaticUserConfirmationPolicyRequirement([policyDetails]));
+
+        sutProvider.GetDependency<IProviderUserRepository>()
+            .GetManyByUserAsync(user.Id)
+            .Returns([]);
+
+        // Act
+        var result = await sutProvider.Sut.IsCompliantAsync(request);
+
+        // Assert
+        Assert.True(result.IsError);
+        Assert.IsType<OtherOrganizationDoesNotAllowOtherMembership>(result.AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task IsCompliantAsync_WithPolicyDisabledUserIsAMemberOfAnotherOrgReturnsValid(
+        SutProvider<AutomaticUserConfirmationPolicyEnforcementValidator> sutProvider,
+        OrganizationUser organizationUser,
+        OrganizationUser otherOrgUser,
+        User user)
+    {
+        // Arrange
+        organizationUser.UserId = user.Id;
+        otherOrgUser.UserId = user.Id;
+
+        var request = new AutomaticUserConfirmationPolicyEnforcementRequest(
+            organizationUser.OrganizationId,
+            [organizationUser, otherOrgUser],
+            user);
+
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetAsync<AutomaticUserConfirmationPolicyRequirement>(user.Id)
+            .Returns(new AutomaticUserConfirmationPolicyRequirement([]));
+
+        sutProvider.GetDependency<IProviderUserRepository>()
+            .GetManyByUserAsync(user.Id)
+            .Returns([]);
+
+        // Act
+        var result = await sutProvider.Sut.IsCompliantAsync(request);
+
+        // Assert
+        Assert.True(result.IsValid);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task IsCompliantAsync_WithPolicyEnabledUserIsAMemberOfAnotherOrg_ReturnsCannotBeMemberOfAnotherOrgError(
+        SutProvider<AutomaticUserConfirmationPolicyEnforcementValidator> sutProvider,
+        OrganizationUser organizationUser,
+        OrganizationUser otherOrgUser,
+        User user)
+    {
+        // Arrange
+        organizationUser.UserId = user.Id;
+        otherOrgUser.UserId = user.Id;
+
+        var request = new AutomaticUserConfirmationPolicyEnforcementRequest(
+            organizationUser.OrganizationId,
+            [organizationUser, otherOrgUser],
+            user);
+
+        var policyDetails = new PolicyDetails
+        {
+            OrganizationId = organizationUser.OrganizationId,
+            PolicyType = PolicyType.AutomaticUserConfirmation
+        };
+
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetAsync<AutomaticUserConfirmationPolicyRequirement>(user.Id)
+            .Returns(new AutomaticUserConfirmationPolicyRequirement([policyDetails]));
+
+        sutProvider.GetDependency<IProviderUserRepository>()
+            .GetManyByUserAsync(user.Id)
+            .Returns([]);
+
+        // Act
+        var result = await sutProvider.Sut.IsCompliantAsync(request);
+
+        // Assert
+        Assert.True(result.IsError);
+        Assert.IsType<UserCannotBelongToAnotherOrganization>(result.AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task IsCompliantAsync_WithPolicyEnabledAndChecksConditionsInCorrectOrder_ReturnsFirstFailure(
+        SutProvider<AutomaticUserConfirmationPolicyEnforcementValidator> sutProvider,
+        OrganizationUser organizationUser,
+        OrganizationUser otherOrgUser,
+        ProviderUser providerUser,
+        User user)
+    {
+        // Arrange
+        var policyDetails = new PolicyDetails
+        {
+            OrganizationId = organizationUser.OrganizationId,
+            PolicyType = PolicyType.AutomaticUserConfirmation,
+            OrganizationUserId = organizationUser.Id
+        };
+
+        var request = new AutomaticUserConfirmationPolicyEnforcementRequest(
+            organizationUser.OrganizationId,
+            [organizationUser, otherOrgUser],
+            user);
+
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetAsync<AutomaticUserConfirmationPolicyRequirement>(user.Id)
+            .Returns(new AutomaticUserConfirmationPolicyRequirement([policyDetails]));
+
+        sutProvider.GetDependency<IProviderUserRepository>()
+            .GetManyByUserAsync(user.Id)
+            .Returns([providerUser]);
+
+        // Act
+        var result = await sutProvider.Sut.IsCompliantAsync(request);
+
+        // Assert
+        Assert.True(result.IsError);
+        Assert.IsType<CurrentOrganizationUserIsNotPresentInRequest>(result.AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task IsCompliantAsync_WithPolicyIsEnabledNoOtherOrganizationsAndNotAProvider_ReturnsValid(
+        SutProvider<AutomaticUserConfirmationPolicyEnforcementValidator> sutProvider,
+        OrganizationUser organizationUser,
+        User user)
+    {
+        // Arrange
+        organizationUser.UserId = user.Id;
+
+        var request = new AutomaticUserConfirmationPolicyEnforcementRequest(
+            organizationUser.OrganizationId,
+            [organizationUser],
+            user);
+
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetAsync<AutomaticUserConfirmationPolicyRequirement>(user.Id)
+            .Returns(new AutomaticUserConfirmationPolicyRequirement([
+                new PolicyDetails
+                {
+                    OrganizationUserId = organizationUser.Id,
+                    OrganizationId = organizationUser.OrganizationId,
+                    PolicyType = PolicyType.AutomaticUserConfirmation,
+                }
+            ]));
+
+        sutProvider.GetDependency<IProviderUserRepository>()
+            .GetManyByUserAsync(user.Id)
+            .Returns([]);
+
+        // Act
+        var result = await sutProvider.Sut.IsCompliantAsync(request);
+
+        // Assert
+        Assert.True(result.IsValid);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task IsCompliantAsync_WithPolicyDisabledForCurrentAndOtherOrg_ReturnsValid(
+        SutProvider<AutomaticUserConfirmationPolicyEnforcementValidator> sutProvider,
+        OrganizationUser organizationUser,
+        OrganizationUser otherOrgUser,
+        User user)
+    {
+        // Arrange
+        otherOrgUser.UserId = organizationUser.UserId = user.Id;
+
+        var request = new AutomaticUserConfirmationPolicyEnforcementRequest(
+            organizationUser.OrganizationId,
+            [organizationUser],
+            user);
+
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetAsync<AutomaticUserConfirmationPolicyRequirement>(user.Id)
+            .Returns(new AutomaticUserConfirmationPolicyRequirement([]));
+
+        sutProvider.GetDependency<IProviderUserRepository>()
+            .GetManyByUserAsync(user.Id)
+            .Returns([]);
+
+        // Act
+        var result = await sutProvider.Sut.IsCompliantAsync(request);
+
+        // Assert
+        Assert.True(result.IsValid);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task IsCompliantAsync_WithPolicyDisabledForCurrentAndOtherOrgAndIsProvider_ReturnsValid(
+        SutProvider<AutomaticUserConfirmationPolicyEnforcementValidator> sutProvider,
+        OrganizationUser organizationUser,
+        OrganizationUser otherOrgUser,
+        ProviderUser providerUser,
+        User user)
+    {
+        // Arrange
+        providerUser.UserId = otherOrgUser.UserId = organizationUser.UserId = user.Id;
+
+        var request = new AutomaticUserConfirmationPolicyEnforcementRequest(
+            organizationUser.OrganizationId,
+            [organizationUser],
+            user);
+
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetAsync<AutomaticUserConfirmationPolicyRequirement>(user.Id)
+            .Returns(new AutomaticUserConfirmationPolicyRequirement([]));
+
+        sutProvider.GetDependency<IProviderUserRepository>()
+            .GetManyByUserAsync(user.Id)
+            .Returns([providerUser]);
+
+        // Act
+        var result = await sutProvider.Sut.IsCompliantAsync(request);
+
+        // Assert
+        Assert.True(result.IsValid);
+    }
+}

test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/AutomaticUserConfirmationPolicyEventHandlerTests.cs

@@ -21,52 +21,23 @@ namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies.PolicyValidat
 public class AutomaticUserConfirmationPolicyEventHandlerTests
 {
     [Theory, BitAutoData]
-    public async Task ValidateAsync_EnablingPolicy_SingleOrgNotEnabled_ReturnsError(
-        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
+    public void RequiredPolicies_IncludesSingleOrg(
         SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
     {
-        // Arrange
-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns((Policy?)null);
-
         // Act
-        var result = await sutProvider.Sut.ValidateAsync(policyUpdate, null);
+        var requiredPolicies = sutProvider.Sut.RequiredPolicies;
 
         // Assert
-        Assert.Contains("Single organization policy must be enabled", result, StringComparison.OrdinalIgnoreCase);
-    }
-
-    [Theory, BitAutoData]
-    public async Task ValidateAsync_EnablingPolicy_SingleOrgPolicyDisabled_ReturnsError(
-        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg, false)] Policy singleOrgPolicy,
-        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
-    {
-        // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
-        // Act
-        var result = await sutProvider.Sut.ValidateAsync(policyUpdate, null);
-
-        // Assert
-        Assert.Contains("Single organization policy must be enabled", result, StringComparison.OrdinalIgnoreCase);
+        Assert.Contains(PolicyType.SingleOrg, requiredPolicies);
     }
 
     [Theory, BitAutoData]
     public async Task ValidateAsync_EnablingPolicy_UsersNotCompliantWithSingleOrg_ReturnsError(
         [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
         Guid nonCompliantUserId,
         SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
     {
         // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
         var orgUser = new OrganizationUserUserDetails
         {
             Id = Guid.NewGuid(),
@@ -85,10 +56,6 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
             Status = OrganizationUserStatusType.Confirmed
         };
 
-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
         sutProvider.GetDependency<IOrganizationUserRepository>()
             .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
             .Returns([orgUser]);
@@ -107,13 +74,10 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
     [Theory, BitAutoData]
     public async Task ValidateAsync_EnablingPolicy_UserWithInvitedStatusInOtherOrg_ValidationPasses(
         [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
         Guid userId,
         SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
     {
         // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
         var orgUser = new OrganizationUserUserDetails
         {
             Id = Guid.NewGuid(),
@@ -121,7 +85,6 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
             Type = OrganizationUserType.User,
             Status = OrganizationUserStatusType.Confirmed,
             UserId = userId,
-            Email = "test@email.com"
         };
 
         var otherOrgUser = new OrganizationUser
@@ -133,10 +96,6 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
             Email = orgUser.Email
         };
 
-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
         sutProvider.GetDependency<IOrganizationUserRepository>()
             .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
             .Returns([orgUser]);
@@ -146,7 +105,7 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
             .Returns([otherOrgUser]);
 
         sutProvider.GetDependency<IProviderUserRepository>()
-            .GetManyByOrganizationAsync(policyUpdate.OrganizationId)
+            .GetManyByManyUsersAsync(Arg.Any<IEnumerable<Guid>>())
             .Returns([]);
 
         // Act
@@ -159,30 +118,37 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
     [Theory, BitAutoData]
     public async Task ValidateAsync_EnablingPolicy_ProviderUsersExist_ReturnsError(
         [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
+        Guid userId,
         SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
     {
         // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
+        var orgUser = new OrganizationUserUserDetails
+        {
+            Id = Guid.NewGuid(),
+            OrganizationId = policyUpdate.OrganizationId,
+            Type = OrganizationUserType.User,
+            Status = OrganizationUserStatusType.Confirmed,
+            UserId = userId
+        };
 
         var providerUser = new ProviderUser
         {
             Id = Guid.NewGuid(),
             ProviderId = Guid.NewGuid(),
-            UserId = Guid.NewGuid(),
+            UserId = userId,
             Status = ProviderUserStatusType.Confirmed
         };
 
-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
         sutProvider.GetDependency<IOrganizationUserRepository>()
             .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
+            .Returns([orgUser]);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByManyUsersAsync(Arg.Any<IEnumerable<Guid>>())
             .Returns([]);
 
         sutProvider.GetDependency<IProviderUserRepository>()
-            .GetManyByOrganizationAsync(policyUpdate.OrganizationId)
+            .GetManyByManyUsersAsync(Arg.Any<IEnumerable<Guid>>())
             .Returns([providerUser]);
 
         // Act
@@ -196,26 +162,18 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
     [Theory, BitAutoData]
     public async Task ValidateAsync_EnablingPolicy_AllValidationsPassed_ReturnsEmptyString(
         [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
         SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
     {
         // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
         var orgUser = new OrganizationUserUserDetails
         {
             Id = Guid.NewGuid(),
             OrganizationId = policyUpdate.OrganizationId,
             Type = OrganizationUserType.User,
             Status = OrganizationUserStatusType.Confirmed,
-            UserId = Guid.NewGuid(),
-            Email = "user@example.com"
+            UserId = Guid.NewGuid()
         };
 
-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
         sutProvider.GetDependency<IOrganizationUserRepository>()
             .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
             .Returns([orgUser]);
@@ -225,7 +183,7 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
             .Returns([]);
 
         sutProvider.GetDependency<IProviderUserRepository>()
-            .GetManyByOrganizationAsync(policyUpdate.OrganizationId)
+            .GetManyByManyUsersAsync(Arg.Any<IEnumerable<Guid>>())
             .Returns([]);
 
         // Act
@@ -249,9 +207,10 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
 
         // Assert
         Assert.True(string.IsNullOrEmpty(result));
-        await sutProvider.GetDependency<IPolicyRepository>()
+
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
             .DidNotReceive()
-            .GetByOrganizationIdTypeAsync(Arg.Any<Guid>(), Arg.Any<PolicyType>());
+            .GetManyDetailsByOrganizationAsync(Arg.Any<Guid>());
     }
 
     [Theory, BitAutoData]
@@ -268,21 +227,18 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
 
         // Assert
         Assert.True(string.IsNullOrEmpty(result));
-        await sutProvider.GetDependency<IPolicyRepository>()
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
             .DidNotReceive()
-            .GetByOrganizationIdTypeAsync(Arg.Any<Guid>(), Arg.Any<PolicyType>());
+            .GetManyDetailsByOrganizationAsync(Arg.Any<Guid>());
     }
 
     [Theory, BitAutoData]
     public async Task ValidateAsync_EnablingPolicy_IncludesOwnersAndAdmins_InComplianceCheck(
         [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
         Guid nonCompliantOwnerId,
         SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
     {
         // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
         var ownerUser = new OrganizationUserUserDetails
         {
             Id = Guid.NewGuid(),
@@ -290,7 +246,6 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
             Type = OrganizationUserType.Owner,
             Status = OrganizationUserStatusType.Confirmed,
             UserId = nonCompliantOwnerId,
-            Email = "owner@example.com"
         };
 
         var otherOrgUser = new OrganizationUser
@@ -301,10 +256,6 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
             Status = OrganizationUserStatusType.Confirmed
         };
 
-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
         sutProvider.GetDependency<IOrganizationUserRepository>()
             .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
             .Returns([ownerUser]);
@@ -323,12 +274,9 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
     [Theory, BitAutoData]
     public async Task ValidateAsync_EnablingPolicy_InvitedUsersExcluded_FromComplianceCheck(
         [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
         SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
     {
         // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
         var invitedUser = new OrganizationUserUserDetails
         {
             Id = Guid.NewGuid(),
@@ -339,16 +287,12 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
             Email = "invited@example.com"
         };
 
-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
         sutProvider.GetDependency<IOrganizationUserRepository>()
             .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
             .Returns([invitedUser]);
 
         sutProvider.GetDependency<IProviderUserRepository>()
-            .GetManyByOrganizationAsync(policyUpdate.OrganizationId)
+            .GetManyByManyUsersAsync(Arg.Any<IEnumerable<Guid>>())
             .Returns([]);
 
         // Act
@@ -359,14 +303,11 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
     }
 
     [Theory, BitAutoData]
-    public async Task ValidateAsync_EnablingPolicy_RevokedUsersExcluded_FromComplianceCheck(
+    public async Task ValidateAsync_EnablingPolicy_RevokedUsersIncluded_InComplianceCheck(
         [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
         SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
     {
         // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
         var revokedUser = new OrganizationUserUserDetails
         {
             Id = Guid.NewGuid(),
@@ -374,38 +315,44 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
             Type = OrganizationUserType.User,
             Status = OrganizationUserStatusType.Revoked,
             UserId = Guid.NewGuid(),
-            Email = "revoked@example.com"
         };
 
-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
+        var additionalOrgUser = new OrganizationUser
+        {
+            Id = Guid.NewGuid(),
+            OrganizationId = Guid.NewGuid(),
+            Type = OrganizationUserType.User,
+            Status = OrganizationUserStatusType.Revoked,
+            UserId = revokedUser.UserId,
+        };
 
-        sutProvider.GetDependency<IOrganizationUserRepository>()
+        var orgUserRepository = sutProvider.GetDependency<IOrganizationUserRepository>();
+
+        orgUserRepository
             .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
             .Returns([revokedUser]);
 
+        orgUserRepository.GetManyByManyUsersAsync(Arg.Any<IEnumerable<Guid>>())
+            .Returns([additionalOrgUser]);
+
         sutProvider.GetDependency<IProviderUserRepository>()
-            .GetManyByOrganizationAsync(policyUpdate.OrganizationId)
+            .GetManyByManyUsersAsync(Arg.Any<IEnumerable<Guid>>())
             .Returns([]);
 
         // Act
         var result = await sutProvider.Sut.ValidateAsync(policyUpdate, null);
 
         // Assert
-        Assert.True(string.IsNullOrEmpty(result));
+        Assert.Contains("compliant with the Single organization policy", result, StringComparison.OrdinalIgnoreCase);
     }
 
     [Theory, BitAutoData]
     public async Task ValidateAsync_EnablingPolicy_AcceptedUsersIncluded_InComplianceCheck(
         [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
         Guid nonCompliantUserId,
         SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
     {
         // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
         var acceptedUser = new OrganizationUserUserDetails
         {
             Id = Guid.NewGuid(),
@@ -413,7 +360,6 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
             Type = OrganizationUserType.User,
             Status = OrganizationUserStatusType.Accepted,
             UserId = nonCompliantUserId,
-            Email = "accepted@example.com"
         };
 
         var otherOrgUser = new OrganizationUser
@@ -424,10 +370,6 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
             Status = OrganizationUserStatusType.Confirmed
         };
 
-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
         sutProvider.GetDependency<IOrganizationUserRepository>()
             .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
             .Returns([acceptedUser]);
@@ -443,186 +385,22 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
         Assert.Contains("compliant with the Single organization policy", result, StringComparison.OrdinalIgnoreCase);
     }
 
-    [Theory, BitAutoData]
-    public async Task ValidateAsync_EnablingPolicy_EmptyOrganization_ReturnsEmptyString(
-        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
-        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
-    {
-        // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
-        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
-            .Returns([]);
-
-        sutProvider.GetDependency<IProviderUserRepository>()
-            .GetManyByOrganizationAsync(policyUpdate.OrganizationId)
-            .Returns([]);
-
-        // Act
-        var result = await sutProvider.Sut.ValidateAsync(policyUpdate, null);
-
-        // Assert
-        Assert.True(string.IsNullOrEmpty(result));
-    }
-
     [Theory, BitAutoData]
     public async Task ValidateAsync_WithSavePolicyModel_CallsValidateWithPolicyUpdate(
         [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
         SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
     {
         // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
         var savePolicyModel = new SavePolicyModel(policyUpdate);
 
-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
         sutProvider.GetDependency<IOrganizationUserRepository>()
             .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
             .Returns([]);
 
-        sutProvider.GetDependency<IProviderUserRepository>()
-            .GetManyByOrganizationAsync(policyUpdate.OrganizationId)
-            .Returns([]);
-
         // Act
         var result = await sutProvider.Sut.ValidateAsync(savePolicyModel, null);
 
         // Assert
         Assert.True(string.IsNullOrEmpty(result));
     }
-
-    [Theory, BitAutoData]
-    public async Task OnSaveSideEffectsAsync_EnablingPolicy_SetsUseAutomaticUserConfirmationToTrue(
-        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        Organization organization,
-        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
-    {
-        // Arrange
-        organization.Id = policyUpdate.OrganizationId;
-        organization.UseAutomaticUserConfirmation = false;
-
-        sutProvider.GetDependency<IOrganizationRepository>()
-            .GetByIdAsync(policyUpdate.OrganizationId)
-            .Returns(organization);
-
-        // Act
-        await sutProvider.Sut.OnSaveSideEffectsAsync(policyUpdate, null);
-
-        // Assert
-        await sutProvider.GetDependency<IOrganizationRepository>()
-            .Received(1)
-            .UpsertAsync(Arg.Is<Organization>(o =>
-                o.Id == organization.Id &&
-                o.UseAutomaticUserConfirmation == true &&
-                o.RevisionDate > DateTime.MinValue));
-    }
-
-    [Theory, BitAutoData]
-    public async Task OnSaveSideEffectsAsync_DisablingPolicy_SetsUseAutomaticUserConfirmationToFalse(
-        [PolicyUpdate(PolicyType.AutomaticUserConfirmation, false)] PolicyUpdate policyUpdate,
-        Organization organization,
-        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
-    {
-        // Arrange
-        organization.Id = policyUpdate.OrganizationId;
-        organization.UseAutomaticUserConfirmation = true;
-
-        sutProvider.GetDependency<IOrganizationRepository>()
-            .GetByIdAsync(policyUpdate.OrganizationId)
-            .Returns(organization);
-
-        // Act
-        await sutProvider.Sut.OnSaveSideEffectsAsync(policyUpdate, null);
-
-        // Assert
-        await sutProvider.GetDependency<IOrganizationRepository>()
-            .Received(1)
-            .UpsertAsync(Arg.Is<Organization>(o =>
-                o.Id == organization.Id &&
-                o.UseAutomaticUserConfirmation == false &&
-                o.RevisionDate > DateTime.MinValue));
-    }
-
-    [Theory, BitAutoData]
-    public async Task OnSaveSideEffectsAsync_OrganizationNotFound_DoesNotThrowException(
-        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
-    {
-        // Arrange
-        sutProvider.GetDependency<IOrganizationRepository>()
-            .GetByIdAsync(policyUpdate.OrganizationId)
-            .Returns((Organization?)null);
-
-        // Act
-        await sutProvider.Sut.OnSaveSideEffectsAsync(policyUpdate, null);
-
-        // Assert
-        await sutProvider.GetDependency<IOrganizationRepository>()
-            .DidNotReceive()
-            .UpsertAsync(Arg.Any<Organization>());
-    }
-
-    [Theory, BitAutoData]
-    public async Task ExecutePreUpsertSideEffectAsync_CallsOnSaveSideEffectsAsync(
-        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.AutomaticUserConfirmation)] Policy currentPolicy,
-        Organization organization,
-        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
-    {
-        // Arrange
-        organization.Id = policyUpdate.OrganizationId;
-        currentPolicy.OrganizationId = policyUpdate.OrganizationId;
-
-        var savePolicyModel = new SavePolicyModel(policyUpdate);
-
-        sutProvider.GetDependency<IOrganizationRepository>()
-            .GetByIdAsync(policyUpdate.OrganizationId)
-            .Returns(organization);
-
-        // Act
-        await sutProvider.Sut.ExecutePreUpsertSideEffectAsync(savePolicyModel, currentPolicy);
-
-        // Assert
-        await sutProvider.GetDependency<IOrganizationRepository>()
-            .Received(1)
-            .UpsertAsync(Arg.Is<Organization>(o =>
-                o.Id == organization.Id &&
-                o.UseAutomaticUserConfirmation == policyUpdate.Enabled));
-    }
-
-    [Theory, BitAutoData]
-    public async Task OnSaveSideEffectsAsync_UpdatesRevisionDate(
-        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        Organization organization,
-        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
-    {
-        // Arrange
-        organization.Id = policyUpdate.OrganizationId;
-        var originalRevisionDate = DateTime.UtcNow.AddDays(-1);
-        organization.RevisionDate = originalRevisionDate;
-
-        sutProvider.GetDependency<IOrganizationRepository>()
-            .GetByIdAsync(policyUpdate.OrganizationId)
-            .Returns(organization);
-
-        // Act
-        await sutProvider.Sut.OnSaveSideEffectsAsync(policyUpdate, null);
-
-        // Assert
-        await sutProvider.GetDependency<IOrganizationRepository>()
-            .Received(1)
-            .UpsertAsync(Arg.Is<Organization>(o =>
-                o.Id == organization.Id &&
-                o.RevisionDate > originalRevisionDate));
-    }
 }

test/Core.Test/AdminConsole/OrganizationFeatures/Policies/SavePolicyCommandTests.cs

@@ -6,8 +6,11 @@ using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Implementations;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models;
 using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.Enums;
 using Bit.Core.Exceptions;
+using Bit.Core.Models;
 using Bit.Core.Models.Data.Organizations;
+using Bit.Core.Platform.Push;
 using Bit.Core.Services;
 using Bit.Core.Test.AdminConsole.AutoFixture;
 using Bit.Test.Common.AutoFixture;
@@ -95,7 +98,8 @@ public class SavePolicyCommandTests
                 Substitute.For<IPolicyRepository>(),
                 [new FakeSingleOrgPolicyValidator(), new FakeSingleOrgPolicyValidator()],
                 Substitute.For<TimeProvider>(),
-                Substitute.For<IPostSavePolicySideEffect>()));
+                Substitute.For<IPostSavePolicySideEffect>(),
+                Substitute.For<IPushNotificationService>()));
         Assert.Contains("Duplicate PolicyValidator for SingleOrg policy", exception.Message);
     }
 
@@ -360,6 +364,103 @@ public class SavePolicyCommandTests
             .ExecuteSideEffectsAsync(default!, default!, default!);
     }
 
+    [Theory, BitAutoData]
+    public async Task VNextSaveAsync_SendsPushNotification(
+        [PolicyUpdate(PolicyType.SingleOrg)] PolicyUpdate policyUpdate,
+        [Policy(PolicyType.SingleOrg, false)] Policy currentPolicy)
+    {
+        // Arrange
+        var fakePolicyValidator = new FakeSingleOrgPolicyValidator();
+        fakePolicyValidator.ValidateAsyncMock(policyUpdate, null).Returns("");
+        var sutProvider = SutProviderFactory([fakePolicyValidator]);
+        var savePolicyModel = new SavePolicyModel(policyUpdate);
+
+        currentPolicy.OrganizationId = policyUpdate.OrganizationId;
+        sutProvider.GetDependency<IPolicyRepository>()
+            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, policyUpdate.Type)
+            .Returns(currentPolicy);
+
+        ArrangeOrganization(sutProvider, policyUpdate);
+        sutProvider.GetDependency<IPolicyRepository>()
+            .GetManyByOrganizationIdAsync(policyUpdate.OrganizationId)
+            .Returns([currentPolicy]);
+
+        // Act
+        var result = await sutProvider.Sut.VNextSaveAsync(savePolicyModel);
+
+        // Assert
+        await sutProvider.GetDependency<IPushNotificationService>().Received(1)
+            .PushAsync(Arg.Is<PushNotification<SyncPolicyPushNotification>>(p =>
+                p.Type == PushType.PolicyChanged &&
+                p.Target == NotificationTarget.Organization &&
+                p.TargetId == policyUpdate.OrganizationId &&
+                p.ExcludeCurrentContext == false &&
+                p.Payload.OrganizationId == policyUpdate.OrganizationId &&
+                p.Payload.Policy.Id == result.Id &&
+                p.Payload.Policy.Type == policyUpdate.Type &&
+                p.Payload.Policy.Enabled == policyUpdate.Enabled &&
+                p.Payload.Policy.Data == policyUpdate.Data));
+    }
+
+    [Theory, BitAutoData]
+    public async Task SaveAsync_SendsPushNotification([PolicyUpdate(PolicyType.SingleOrg)] PolicyUpdate policyUpdate)
+    {
+        var fakePolicyValidator = new FakeSingleOrgPolicyValidator();
+        fakePolicyValidator.ValidateAsyncMock(policyUpdate, null).Returns("");
+        var sutProvider = SutProviderFactory([fakePolicyValidator]);
+
+        ArrangeOrganization(sutProvider, policyUpdate);
+        sutProvider.GetDependency<IPolicyRepository>().GetManyByOrganizationIdAsync(policyUpdate.OrganizationId).Returns([]);
+
+        var result = await sutProvider.Sut.SaveAsync(policyUpdate);
+
+        await sutProvider.GetDependency<IPushNotificationService>().Received(1)
+            .PushAsync(Arg.Is<PushNotification<SyncPolicyPushNotification>>(p =>
+                p.Type == PushType.PolicyChanged &&
+                p.Target == NotificationTarget.Organization &&
+                p.TargetId == policyUpdate.OrganizationId &&
+                p.ExcludeCurrentContext == false &&
+                p.Payload.OrganizationId == policyUpdate.OrganizationId &&
+                p.Payload.Policy.Id == result.Id &&
+                p.Payload.Policy.Type == policyUpdate.Type &&
+                p.Payload.Policy.Enabled == policyUpdate.Enabled &&
+                p.Payload.Policy.Data == policyUpdate.Data));
+    }
+
+    [Theory, BitAutoData]
+    public async Task SaveAsync_ExistingPolicy_SendsPushNotificationWithUpdatedPolicy(
+        [PolicyUpdate(PolicyType.SingleOrg)] PolicyUpdate policyUpdate,
+        [Policy(PolicyType.SingleOrg, false)] Policy currentPolicy)
+    {
+        var fakePolicyValidator = new FakeSingleOrgPolicyValidator();
+        fakePolicyValidator.ValidateAsyncMock(policyUpdate, null).Returns("");
+        var sutProvider = SutProviderFactory([fakePolicyValidator]);
+
+        currentPolicy.OrganizationId = policyUpdate.OrganizationId;
+        sutProvider.GetDependency<IPolicyRepository>()
+            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, policyUpdate.Type)
+            .Returns(currentPolicy);
+
+        ArrangeOrganization(sutProvider, policyUpdate);
+        sutProvider.GetDependency<IPolicyRepository>()
+            .GetManyByOrganizationIdAsync(policyUpdate.OrganizationId)
+            .Returns([currentPolicy]);
+
+        var result = await sutProvider.Sut.SaveAsync(policyUpdate);
+
+        await sutProvider.GetDependency<IPushNotificationService>().Received(1)
+            .PushAsync(Arg.Is<PushNotification<SyncPolicyPushNotification>>(p =>
+                p.Type == PushType.PolicyChanged &&
+                p.Target == NotificationTarget.Organization &&
+                p.TargetId == policyUpdate.OrganizationId &&
+                p.ExcludeCurrentContext == false &&
+                p.Payload.OrganizationId == policyUpdate.OrganizationId &&
+                p.Payload.Policy.Id == result.Id &&
+                p.Payload.Policy.Type == policyUpdate.Type &&
+                p.Payload.Policy.Enabled == policyUpdate.Enabled &&
+                p.Payload.Policy.Data == policyUpdate.Data));
+    }
+
     /// <summary>
     /// Returns a new SutProvider with the PolicyValidators registered in the Sut.
     /// </summary>

test/Core.Test/AdminConsole/Services/EventIntegrationHandlerTests.cs

@@ -1,4 +1,6 @@
-using System.Text.Json;
+#nullable enable
+
+using System.Text.Json;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Models.Data.EventIntegrations;
 using Bit.Core.AdminConsole.Repositories;
@@ -8,6 +10,7 @@ using Bit.Core.Models.Data.Organizations;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
+using Bit.Core.Utilities;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using Bit.Test.Common.Helpers;
@@ -36,12 +39,16 @@ public class EventIntegrationHandlerTests
     private SutProvider<EventIntegrationHandler<WebhookIntegrationConfigurationDetails>> GetSutProvider(
         List<OrganizationIntegrationConfigurationDetails> configurations)
     {
-        var configurationCache = Substitute.For<IIntegrationConfigurationDetailsCache>();
-        configurationCache.GetConfigurationDetails(Arg.Any<Guid>(),
-            IntegrationType.Webhook, Arg.Any<EventType>()).Returns(configurations);
+        var cache = Substitute.For<IFusionCache>();
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<object, CancellationToken, Task<List<OrganizationIntegrationConfigurationDetails>>>>(),
+            options: Arg.Any<FusionCacheEntryOptions>(),
+            tags: Arg.Any<IEnumerable<string>>()
+        ).Returns(configurations);
 
         return new SutProvider<EventIntegrationHandler<WebhookIntegrationConfigurationDetails>>()
-            .SetDependency(configurationCache)
+            .SetDependency(cache)
             .SetDependency(_eventIntegrationPublisher)
             .SetDependency(IntegrationType.Webhook)
             .SetDependency(_logger)
@@ -173,6 +180,37 @@ public class EventIntegrationHandlerTests
         Assert.Null(context.ActingUser);
     }
 
+    [Theory, BitAutoData]
+    public async Task BuildContextAsync_ActingUserFactory_CallsOrganizationUserRepository(EventMessage eventMessage, OrganizationUserUserDetails actingUser)
+    {
+        var sutProvider = GetSutProvider(OneConfiguration(_templateWithActingUser));
+        var cache = sutProvider.GetDependency<IFusionCache>();
+        var organizationUserRepository = sutProvider.GetDependency<IOrganizationUserRepository>();
+
+        eventMessage.OrganizationId ??= Guid.NewGuid();
+        eventMessage.ActingUserId ??= Guid.NewGuid();
+        organizationUserRepository.GetDetailsByOrganizationIdUserIdAsync(
+            eventMessage.OrganizationId.Value,
+            eventMessage.ActingUserId.Value).Returns(actingUser);
+
+        // Capture the factory function passed to the cache
+        Func<FusionCacheFactoryExecutionContext<OrganizationUserUserDetails?>, CancellationToken, Task<OrganizationUserUserDetails?>>? capturedFactory = null;
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Do<Func<FusionCacheFactoryExecutionContext<OrganizationUserUserDetails?>, CancellationToken, Task<OrganizationUserUserDetails?>>>(f => capturedFactory = f)
+        ).Returns(actingUser);
+
+        await sutProvider.Sut.BuildContextAsync(eventMessage, _templateWithActingUser);
+
+        Assert.NotNull(capturedFactory);
+        var result = await capturedFactory(null!, CancellationToken.None);
+
+        await organizationUserRepository.Received(1).GetDetailsByOrganizationIdUserIdAsync(
+            eventMessage.OrganizationId.Value,
+            eventMessage.ActingUserId.Value);
+        Assert.Equal(actingUser, result);
+    }
+
     [Theory, BitAutoData]
     public async Task BuildContextAsync_GroupIdPresent_UsesCache(EventMessage eventMessage, Group group)
     {
@@ -211,6 +249,32 @@ public class EventIntegrationHandlerTests
         Assert.Null(context.Group);
     }
 
+    [Theory, BitAutoData]
+    public async Task BuildContextAsync_GroupFactory_CallsGroupRepository(EventMessage eventMessage, Group group)
+    {
+        var sutProvider = GetSutProvider(OneConfiguration(_templateWithGroup));
+        var cache = sutProvider.GetDependency<IFusionCache>();
+        var groupRepository = sutProvider.GetDependency<IGroupRepository>();
+
+        eventMessage.GroupId ??= Guid.NewGuid();
+        groupRepository.GetByIdAsync(eventMessage.GroupId.Value).Returns(group);
+
+        // Capture the factory function passed to the cache
+        Func<FusionCacheFactoryExecutionContext<Group?>, CancellationToken, Task<Group?>>? capturedFactory = null;
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Do<Func<FusionCacheFactoryExecutionContext<Group?>, CancellationToken, Task<Group?>>>(f => capturedFactory = f)
+        ).Returns(group);
+
+        await sutProvider.Sut.BuildContextAsync(eventMessage, _templateWithGroup);
+
+        Assert.NotNull(capturedFactory);
+        var result = await capturedFactory(null!, CancellationToken.None);
+
+        await groupRepository.Received(1).GetByIdAsync(eventMessage.GroupId.Value);
+        Assert.Equal(group, result);
+    }
+
     [Theory, BitAutoData]
     public async Task BuildContextAsync_OrganizationIdPresent_UsesCache(EventMessage eventMessage, Organization organization)
     {
@@ -250,6 +314,32 @@ public class EventIntegrationHandlerTests
         Assert.Null(context.Organization);
     }
 
+    [Theory, BitAutoData]
+    public async Task BuildContextAsync_OrganizationFactory_CallsOrganizationRepository(EventMessage eventMessage, Organization organization)
+    {
+        var sutProvider = GetSutProvider(OneConfiguration(_templateWithOrganization));
+        var cache = sutProvider.GetDependency<IFusionCache>();
+        var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
+
+        eventMessage.OrganizationId ??= Guid.NewGuid();
+        organizationRepository.GetByIdAsync(eventMessage.OrganizationId.Value).Returns(organization);
+
+        // Capture the factory function passed to the cache
+        Func<FusionCacheFactoryExecutionContext<Organization?>, CancellationToken, Task<Organization?>>? capturedFactory = null;
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Do<Func<FusionCacheFactoryExecutionContext<Organization?>, CancellationToken, Task<Organization?>>>(f => capturedFactory = f)
+        ).Returns(organization);
+
+        await sutProvider.Sut.BuildContextAsync(eventMessage, _templateWithOrganization);
+
+        Assert.NotNull(capturedFactory);
+        var result = await capturedFactory(null!, CancellationToken.None);
+
+        await organizationRepository.Received(1).GetByIdAsync(eventMessage.OrganizationId.Value);
+        Assert.Equal(organization, result);
+    }
+
     [Theory, BitAutoData]
     public async Task BuildContextAsync_UserIdPresent_UsesCache(EventMessage eventMessage, OrganizationUserUserDetails userDetails)
     {
@@ -313,6 +403,38 @@ public class EventIntegrationHandlerTests
         Assert.Null(context.User);
     }
 
+
+    [Theory, BitAutoData]
+    public async Task BuildContextAsync_UserFactory_CallsOrganizationUserRepository(EventMessage eventMessage, OrganizationUserUserDetails userDetails)
+    {
+        var sutProvider = GetSutProvider(OneConfiguration(_templateWithUser));
+        var cache = sutProvider.GetDependency<IFusionCache>();
+        var organizationUserRepository = sutProvider.GetDependency<IOrganizationUserRepository>();
+
+        eventMessage.OrganizationId ??= Guid.NewGuid();
+        eventMessage.UserId ??= Guid.NewGuid();
+        organizationUserRepository.GetDetailsByOrganizationIdUserIdAsync(
+            eventMessage.OrganizationId.Value,
+            eventMessage.UserId.Value).Returns(userDetails);
+
+        // Capture the factory function passed to the cache
+        Func<FusionCacheFactoryExecutionContext<OrganizationUserUserDetails?>, CancellationToken, Task<OrganizationUserUserDetails?>>? capturedFactory = null;
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Do<Func<FusionCacheFactoryExecutionContext<OrganizationUserUserDetails?>, CancellationToken, Task<OrganizationUserUserDetails?>>>(f => capturedFactory = f)
+        ).Returns(userDetails);
+
+        await sutProvider.Sut.BuildContextAsync(eventMessage, _templateWithUser);
+
+        Assert.NotNull(capturedFactory);
+        var result = await capturedFactory(null!, CancellationToken.None);
+
+        await organizationUserRepository.Received(1).GetDetailsByOrganizationIdUserIdAsync(
+            eventMessage.OrganizationId.Value,
+            eventMessage.UserId.Value);
+        Assert.Equal(userDetails, result);
+    }
+
     [Theory, BitAutoData]
     public async Task BuildContextAsync_NoSpecialTokens_DoesNotCallAnyCache(EventMessage eventMessage)
     {
@@ -344,6 +466,12 @@ public class EventIntegrationHandlerTests
     public async Task HandleEventAsync_BaseTemplateNoConfigurations_DoesNothing(EventMessage eventMessage)
     {
         var sutProvider = GetSutProvider(NoConfigurations());
+        var cache = sutProvider.GetDependency<IFusionCache>();
+        cache.GetOrSetAsync<List<OrganizationIntegrationConfigurationDetails>>(
+            Arg.Any<string>(),
+            Arg.Any<Func<object, CancellationToken, Task<List<OrganizationIntegrationConfigurationDetails>>>>(),
+            Arg.Any<FusionCacheEntryOptions>()
+        ).Returns(NoConfigurations());
 
         await sutProvider.Sut.HandleEventAsync(eventMessage);
         Assert.Empty(_eventIntegrationPublisher.ReceivedCalls());
@@ -362,8 +490,8 @@ public class EventIntegrationHandlerTests
     [Theory, BitAutoData]
     public async Task HandleEventAsync_BaseTemplateOneConfiguration_PublishesIntegrationMessage(EventMessage eventMessage)
     {
-        var sutProvider = GetSutProvider(OneConfiguration(_templateBase));
         eventMessage.OrganizationId = _organizationId;
+        var sutProvider = GetSutProvider(OneConfiguration(_templateBase));
 
         await sutProvider.Sut.HandleEventAsync(eventMessage);
 
@@ -382,8 +510,8 @@ public class EventIntegrationHandlerTests
     [Theory, BitAutoData]
     public async Task HandleEventAsync_BaseTemplateTwoConfigurations_PublishesIntegrationMessages(EventMessage eventMessage)
     {
-        var sutProvider = GetSutProvider(TwoConfigurations(_templateBase));
         eventMessage.OrganizationId = _organizationId;
+        var sutProvider = GetSutProvider(TwoConfigurations(_templateBase));
 
         await sutProvider.Sut.HandleEventAsync(eventMessage);
 
@@ -405,6 +533,7 @@ public class EventIntegrationHandlerTests
     [Theory, BitAutoData]
     public async Task HandleEventAsync_FilterReturnsFalse_DoesNothing(EventMessage eventMessage)
     {
+        eventMessage.OrganizationId = _organizationId;
         var sutProvider = GetSutProvider(ValidFilterConfiguration());
         sutProvider.GetDependency<IIntegrationFilterService>().EvaluateFilterGroup(
             Arg.Any<IntegrationFilterGroup>(), Arg.Any<EventMessage>()).Returns(false);
@@ -416,10 +545,10 @@ public class EventIntegrationHandlerTests
     [Theory, BitAutoData]
     public async Task HandleEventAsync_FilterReturnsTrue_PublishesIntegrationMessage(EventMessage eventMessage)
     {
+        eventMessage.OrganizationId = _organizationId;
         var sutProvider = GetSutProvider(ValidFilterConfiguration());
         sutProvider.GetDependency<IIntegrationFilterService>().EvaluateFilterGroup(
             Arg.Any<IntegrationFilterGroup>(), Arg.Any<EventMessage>()).Returns(true);
-        eventMessage.OrganizationId = _organizationId;
 
         await sutProvider.Sut.HandleEventAsync(eventMessage);
 
@@ -435,6 +564,7 @@ public class EventIntegrationHandlerTests
     [Theory, BitAutoData]
     public async Task HandleEventAsync_InvalidFilter_LogsErrorDoesNothing(EventMessage eventMessage)
     {
+        eventMessage.OrganizationId = _organizationId;
         var sutProvider = GetSutProvider(InvalidFilterConfiguration());
 
         await sutProvider.Sut.HandleEventAsync(eventMessage);
@@ -444,12 +574,13 @@ public class EventIntegrationHandlerTests
             Arg.Any<EventId>(),
             Arg.Any<object>(),
             Arg.Any<JsonException>(),
-            Arg.Any<Func<object, Exception, string>>());
+            Arg.Any<Func<object, Exception?, string>>());
     }
 
     [Theory, BitAutoData]
     public async Task HandleManyEventsAsync_BaseTemplateNoConfigurations_DoesNothing(List<EventMessage> eventMessages)
     {
+        eventMessages.ForEach(e => e.OrganizationId = _organizationId);
         var sutProvider = GetSutProvider(NoConfigurations());
 
         await sutProvider.Sut.HandleManyEventsAsync(eventMessages);
@@ -459,13 +590,14 @@ public class EventIntegrationHandlerTests
     [Theory, BitAutoData]
     public async Task HandleManyEventsAsync_BaseTemplateOneConfiguration_PublishesIntegrationMessages(List<EventMessage> eventMessages)
     {
+        eventMessages.ForEach(e => e.OrganizationId = _organizationId);
         var sutProvider = GetSutProvider(OneConfiguration(_templateBase));
 
         await sutProvider.Sut.HandleManyEventsAsync(eventMessages);
 
         foreach (var eventMessage in eventMessages)
         {
-            var expectedMessage = EventIntegrationHandlerTests.ExpectedMessage(
+            var expectedMessage = ExpectedMessage(
                 $"Date: {eventMessage.Date}, Type: {eventMessage.Type}, UserId: {eventMessage.UserId}"
             );
             await _eventIntegrationPublisher.Received(1).PublishAsync(Arg.Is(
@@ -477,13 +609,14 @@ public class EventIntegrationHandlerTests
     public async Task HandleManyEventsAsync_BaseTemplateTwoConfigurations_PublishesIntegrationMessages(
         List<EventMessage> eventMessages)
     {
+        eventMessages.ForEach(e => e.OrganizationId = _organizationId);
         var sutProvider = GetSutProvider(TwoConfigurations(_templateBase));
 
         await sutProvider.Sut.HandleManyEventsAsync(eventMessages);
 
         foreach (var eventMessage in eventMessages)
         {
-            var expectedMessage = EventIntegrationHandlerTests.ExpectedMessage(
+            var expectedMessage = ExpectedMessage(
                 $"Date: {eventMessage.Date}, Type: {eventMessage.Type}, UserId: {eventMessage.UserId}"
             );
             await _eventIntegrationPublisher.Received(1).PublishAsync(Arg.Is(AssertHelper.AssertPropertyEqual(
@@ -494,4 +627,84 @@ public class EventIntegrationHandlerTests
                 expectedMessage, new[] { "MessageId", "OrganizationId" })));
         }
     }
+
+    [Theory, BitAutoData]
+    public async Task HandleEventAsync_CapturedFactories_CallConfigurationRepository(EventMessage eventMessage)
+    {
+        eventMessage.OrganizationId = _organizationId;
+        var sutProvider = GetSutProvider(NoConfigurations());
+        var cache = sutProvider.GetDependency<IFusionCache>();
+        var configurationRepository = sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>();
+
+        var configs = OneConfiguration(_templateBase);
+
+        configurationRepository.GetManyByEventTypeOrganizationIdIntegrationType(eventType: eventMessage.Type, organizationId: _organizationId, integrationType: IntegrationType.Webhook).Returns(configs);
+
+        // Capture the factory function - there will be 1 call that returns both specific and wildcard matches
+        Func<FusionCacheFactoryExecutionContext<List<OrganizationIntegrationConfigurationDetails>>, CancellationToken, Task<List<OrganizationIntegrationConfigurationDetails>>>? capturedFactory = null;
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Do<Func<FusionCacheFactoryExecutionContext<List<OrganizationIntegrationConfigurationDetails>>, CancellationToken, Task<List<OrganizationIntegrationConfigurationDetails>>>>(f
+                => capturedFactory = f),
+            options: Arg.Any<FusionCacheEntryOptions>(),
+            tags: Arg.Any<IEnumerable<string>>()
+        ).Returns(new List<OrganizationIntegrationConfigurationDetails>());
+
+        await sutProvider.Sut.HandleEventAsync(eventMessage);
+
+        // Verify factory was captured
+        Assert.NotNull(capturedFactory);
+
+        // Execute the captured factory to trigger repository call
+        await capturedFactory(null!, CancellationToken.None);
+
+        await configurationRepository.Received(1).GetManyByEventTypeOrganizationIdIntegrationType(eventType: eventMessage.Type, organizationId: _organizationId, integrationType: IntegrationType.Webhook);
+    }
+
+    [Theory, BitAutoData]
+    public async Task HandleEventAsync_ConfigurationCacheOptions_SetsDurationToConstant(EventMessage eventMessage)
+    {
+        eventMessage.OrganizationId = _organizationId;
+        var sutProvider = GetSutProvider(NoConfigurations());
+        var cache = sutProvider.GetDependency<IFusionCache>();
+
+        FusionCacheEntryOptions? capturedOption = null;
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<List<OrganizationIntegrationConfigurationDetails>>, CancellationToken, Task<List<OrganizationIntegrationConfigurationDetails>>>>(),
+            options: Arg.Do<FusionCacheEntryOptions>(opt => capturedOption = opt),
+            tags: Arg.Any<IEnumerable<string>?>()
+        ).Returns(new List<OrganizationIntegrationConfigurationDetails>());
+
+        await sutProvider.Sut.HandleEventAsync(eventMessage);
+
+        Assert.NotNull(capturedOption);
+        Assert.Equal(EventIntegrationsCacheConstants.DurationForOrganizationIntegrationConfigurationDetails,
+                     capturedOption.Duration);
+    }
+
+    [Theory, BitAutoData]
+    public async Task HandleEventAsync_ConfigurationCache_AddsOrganizationIntegrationTag(EventMessage eventMessage)
+    {
+        eventMessage.OrganizationId = _organizationId;
+        var sutProvider = GetSutProvider(NoConfigurations());
+        var cache = sutProvider.GetDependency<IFusionCache>();
+
+        IEnumerable<string>? capturedTags = null;
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<List<OrganizationIntegrationConfigurationDetails>>, CancellationToken, Task<List<OrganizationIntegrationConfigurationDetails>>>>(),
+            options: Arg.Any<FusionCacheEntryOptions>(),
+            tags: Arg.Do<IEnumerable<string>>(t => capturedTags = t)
+        ).Returns(new List<OrganizationIntegrationConfigurationDetails>());
+
+        await sutProvider.Sut.HandleEventAsync(eventMessage);
+
+        var expectedTag = EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+            _organizationId,
+            IntegrationType.Webhook
+        );
+        Assert.NotNull(capturedTags);
+        Assert.Contains(expectedTag, capturedTags);
+    }
 }

test/Core.Test/AdminConsole/Services/IntegrationConfigurationDetailsCacheServiceTests.cs

@@ -1,173 +0,0 @@
-#nullable enable
-
-using System.Text.Json;
-using Bit.Core.Enums;
-using Bit.Core.Models.Data.Organizations;
-using Bit.Core.Repositories;
-using Bit.Core.Services;
-using Bit.Test.Common.AutoFixture;
-using Bit.Test.Common.AutoFixture.Attributes;
-using Microsoft.Extensions.Logging;
-using NSubstitute;
-using NSubstitute.ExceptionExtensions;
-using Xunit;
-
-namespace Bit.Core.Test.Services;
-
-[SutProviderCustomize]
-public class IntegrationConfigurationDetailsCacheServiceTests
-{
-    private SutProvider<IntegrationConfigurationDetailsCacheService> GetSutProvider(
-        List<OrganizationIntegrationConfigurationDetails> configurations)
-    {
-        var configurationRepository = Substitute.For<IOrganizationIntegrationConfigurationRepository>();
-        configurationRepository.GetAllConfigurationDetailsAsync().Returns(configurations);
-
-        return new SutProvider<IntegrationConfigurationDetailsCacheService>()
-            .SetDependency(configurationRepository)
-            .Create();
-    }
-
-    [Theory, BitAutoData]
-    public async Task GetConfigurationDetails_SpecificKeyExists_ReturnsExpectedList(OrganizationIntegrationConfigurationDetails config)
-    {
-        config.EventType = EventType.Cipher_Created;
-        var sutProvider = GetSutProvider([config]);
-        await sutProvider.Sut.RefreshAsync();
-        var result = sutProvider.Sut.GetConfigurationDetails(
-            config.OrganizationId,
-            config.IntegrationType,
-            EventType.Cipher_Created);
-        Assert.Single(result);
-        Assert.Same(config, result[0]);
-    }
-
-    [Theory, BitAutoData]
-    public async Task GetConfigurationDetails_AllEventsKeyExists_ReturnsExpectedList(OrganizationIntegrationConfigurationDetails config)
-    {
-        config.EventType = null;
-        var sutProvider = GetSutProvider([config]);
-        await sutProvider.Sut.RefreshAsync();
-        var result = sutProvider.Sut.GetConfigurationDetails(
-            config.OrganizationId,
-            config.IntegrationType,
-            EventType.Cipher_Created);
-        Assert.Single(result);
-        Assert.Same(config, result[0]);
-    }
-
-    [Theory, BitAutoData]
-    public async Task GetConfigurationDetails_BothSpecificAndAllEventsKeyExists_ReturnsExpectedList(
-        OrganizationIntegrationConfigurationDetails specificConfig,
-        OrganizationIntegrationConfigurationDetails allKeysConfig
-        )
-    {
-        specificConfig.EventType = EventType.Cipher_Created;
-        allKeysConfig.EventType = null;
-        allKeysConfig.OrganizationId = specificConfig.OrganizationId;
-        allKeysConfig.IntegrationType = specificConfig.IntegrationType;
-
-        var sutProvider = GetSutProvider([specificConfig, allKeysConfig]);
-        await sutProvider.Sut.RefreshAsync();
-        var result = sutProvider.Sut.GetConfigurationDetails(
-            specificConfig.OrganizationId,
-            specificConfig.IntegrationType,
-            EventType.Cipher_Created);
-        Assert.Equal(2, result.Count);
-        Assert.Contains(result, r => r.Template == specificConfig.Template);
-        Assert.Contains(result, r => r.Template == allKeysConfig.Template);
-    }
-
-    [Theory, BitAutoData]
-    public async Task GetConfigurationDetails_KeyMissing_ReturnsEmptyList(OrganizationIntegrationConfigurationDetails config)
-    {
-        var sutProvider = GetSutProvider([config]);
-        await sutProvider.Sut.RefreshAsync();
-        var result = sutProvider.Sut.GetConfigurationDetails(
-            Guid.NewGuid(),
-            config.IntegrationType,
-            config.EventType ?? EventType.Cipher_Created);
-        Assert.Empty(result);
-    }
-
-
-
-    [Theory, BitAutoData]
-    public async Task GetConfigurationDetails_ReturnsCachedValue_EvenIfRepositoryChanges(OrganizationIntegrationConfigurationDetails config)
-    {
-        var sutProvider = GetSutProvider([config]);
-        await sutProvider.Sut.RefreshAsync();
-
-        var newConfig = JsonSerializer.Deserialize<OrganizationIntegrationConfigurationDetails>(JsonSerializer.Serialize(config));
-        Assert.NotNull(newConfig);
-        newConfig.Template = "Changed";
-        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().GetAllConfigurationDetailsAsync()
-            .Returns([newConfig]);
-
-        var result = sutProvider.Sut.GetConfigurationDetails(
-            config.OrganizationId,
-            config.IntegrationType,
-            config.EventType ?? EventType.Cipher_Created);
-        Assert.Single(result);
-        Assert.NotEqual("Changed", result[0].Template); // should not yet pick up change from repository
-
-        await sutProvider.Sut.RefreshAsync();  // Pick up changes
-
-        result = sutProvider.Sut.GetConfigurationDetails(
-            config.OrganizationId,
-            config.IntegrationType,
-            config.EventType ?? EventType.Cipher_Created);
-        Assert.Single(result);
-        Assert.Equal("Changed", result[0].Template); // Should have the new value
-    }
-
-    [Theory, BitAutoData]
-    public async Task RefreshAsync_GroupsByCompositeKey(OrganizationIntegrationConfigurationDetails config1)
-    {
-        var config2 = JsonSerializer.Deserialize<OrganizationIntegrationConfigurationDetails>(
-            JsonSerializer.Serialize(config1))!;
-        config2.Template = "Another";
-
-        var sutProvider = GetSutProvider([config1, config2]);
-        await sutProvider.Sut.RefreshAsync();
-
-        var results = sutProvider.Sut.GetConfigurationDetails(
-            config1.OrganizationId,
-            config1.IntegrationType,
-            config1.EventType ?? EventType.Cipher_Created);
-
-        Assert.Equal(2, results.Count);
-        Assert.Contains(results, r => r.Template == config1.Template);
-        Assert.Contains(results, r => r.Template == config2.Template);
-    }
-
-    [Theory, BitAutoData]
-    public async Task RefreshAsync_LogsInformationOnSuccess(OrganizationIntegrationConfigurationDetails config)
-    {
-        var sutProvider = GetSutProvider([config]);
-        await sutProvider.Sut.RefreshAsync();
-
-        sutProvider.GetDependency<ILogger<IntegrationConfigurationDetailsCacheService>>().Received().Log(
-            LogLevel.Information,
-            Arg.Any<EventId>(),
-            Arg.Is<object>(o => o.ToString()!.Contains("Refreshed successfully")),
-            null,
-            Arg.Any<Func<object, Exception?, string>>());
-    }
-
-    [Fact]
-    public async Task RefreshAsync_OnException_LogsError()
-    {
-        var sutProvider = GetSutProvider([]);
-        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().GetAllConfigurationDetailsAsync()
-            .Throws(new Exception("Database failure"));
-        await sutProvider.Sut.RefreshAsync();
-
-        sutProvider.GetDependency<ILogger<IntegrationConfigurationDetailsCacheService>>().Received(1).Log(
-            LogLevel.Error,
-            Arg.Any<EventId>(),
-            Arg.Is<object>(o => o.ToString()!.Contains("Refresh failed")),
-            Arg.Any<Exception>(),
-            Arg.Any<Func<object, Exception?, string>>());
-    }
-}

test/Core.Test/AdminConsole/Services/OrganizationIntegrationConfigurationValidatorTests.cs

@@ -0,0 +1,244 @@
+using System.Text.Json;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Models.Data.EventIntegrations;
+using Bit.Core.AdminConsole.Services;
+using Bit.Core.Enums;
+using Xunit;
+
+namespace Bit.Core.Test.AdminConsole.Services;
+
+public class OrganizationIntegrationConfigurationValidatorTests
+{
+    private readonly OrganizationIntegrationConfigurationValidator _sut = new();
+
+    [Fact]
+    public void ValidateConfiguration_CloudBillingSyncIntegration_ReturnsFalse()
+    {
+        var configuration = new OrganizationIntegrationConfiguration
+        {
+            Configuration = "{}",
+            Template = "template"
+        };
+
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.CloudBillingSync, configuration));
+    }
+
+    [Theory]
+    [InlineData(null)]
+    [InlineData("")]
+    [InlineData("    ")]
+    public void ValidateConfiguration_EmptyTemplate_ReturnsFalse(string? template)
+    {
+        var config1 = new OrganizationIntegrationConfiguration
+        {
+            Configuration = JsonSerializer.Serialize(new SlackIntegrationConfiguration(ChannelId: "C12345")),
+            Template = template
+        };
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Slack, config1));
+
+        var config2 = new OrganizationIntegrationConfiguration
+        {
+            Configuration = JsonSerializer.Serialize(new WebhookIntegrationConfiguration(Uri: new Uri("https://example.com"))),
+            Template = template
+        };
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Webhook, config2));
+    }
+
+    [Theory]
+    [InlineData("")]
+    [InlineData("    ")]
+    public void ValidateConfiguration_EmptyNonNullConfiguration_ReturnsFalse(string? config)
+    {
+        var config1 = new OrganizationIntegrationConfiguration
+        {
+            Configuration = config,
+            Template = "template"
+        };
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Hec, config1));
+
+        var config2 = new OrganizationIntegrationConfiguration
+        {
+            Configuration = config,
+            Template = "template"
+        };
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Datadog, config2));
+
+        var config3 = new OrganizationIntegrationConfiguration
+        {
+            Configuration = config,
+            Template = "template"
+        };
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Teams, config3));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_NullConfiguration_ReturnsTrue()
+    {
+        var config1 = new OrganizationIntegrationConfiguration
+        {
+            Configuration = null,
+            Template = "template"
+        };
+        Assert.True(_sut.ValidateConfiguration(IntegrationType.Hec, config1));
+
+        var config2 = new OrganizationIntegrationConfiguration
+        {
+            Configuration = null,
+            Template = "template"
+        };
+        Assert.True(_sut.ValidateConfiguration(IntegrationType.Datadog, config2));
+
+        var config3 = new OrganizationIntegrationConfiguration
+        {
+            Configuration = null,
+            Template = "template"
+        };
+        Assert.True(_sut.ValidateConfiguration(IntegrationType.Teams, config3));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_InvalidJsonConfiguration_ReturnsFalse()
+    {
+        var config = new OrganizationIntegrationConfiguration
+        {
+            Configuration = "{not valid json}",
+            Template = "template"
+        };
+
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Slack, config));
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Webhook, config));
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Hec, config));
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Datadog, config));
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Teams, config));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_InvalidJsonFilters_ReturnsFalse()
+    {
+        var configuration = new OrganizationIntegrationConfiguration
+        {
+            Configuration = JsonSerializer.Serialize(new WebhookIntegrationConfiguration(Uri: new Uri("https://example.com"))),
+            Template = "template",
+            Filters = "{Not valid json}"
+        };
+
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Webhook, configuration));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_ScimIntegration_ReturnsFalse()
+    {
+        var configuration = new OrganizationIntegrationConfiguration
+        {
+            Configuration = "{}",
+            Template = "template"
+        };
+
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Scim, configuration));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_ValidSlackConfiguration_ReturnsTrue()
+    {
+        var configuration = new OrganizationIntegrationConfiguration
+        {
+            Configuration = JsonSerializer.Serialize(new SlackIntegrationConfiguration(ChannelId: "C12345")),
+            Template = "template"
+        };
+
+        Assert.True(_sut.ValidateConfiguration(IntegrationType.Slack, configuration));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_ValidSlackConfigurationWithFilters_ReturnsTrue()
+    {
+        var configuration = new OrganizationIntegrationConfiguration
+        {
+            Configuration = JsonSerializer.Serialize(new SlackIntegrationConfiguration("C12345")),
+            Template = "template",
+            Filters = JsonSerializer.Serialize(new IntegrationFilterGroup()
+            {
+                AndOperator = true,
+                Rules = [
+                    new IntegrationFilterRule()
+                    {
+                        Operation = IntegrationFilterOperation.Equals,
+                        Property = "CollectionId",
+                        Value = Guid.NewGuid()
+                    }
+                ],
+                Groups = []
+            })
+        };
+
+        Assert.True(_sut.ValidateConfiguration(IntegrationType.Slack, configuration));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_ValidNoAuthWebhookConfiguration_ReturnsTrue()
+    {
+        var configuration = new OrganizationIntegrationConfiguration
+        {
+            Configuration = JsonSerializer.Serialize(new WebhookIntegrationConfiguration(Uri: new Uri("https://localhost"))),
+            Template = "template"
+        };
+
+        Assert.True(_sut.ValidateConfiguration(IntegrationType.Webhook, configuration));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_ValidWebhookConfiguration_ReturnsTrue()
+    {
+        var configuration = new OrganizationIntegrationConfiguration
+        {
+            Configuration = JsonSerializer.Serialize(new WebhookIntegrationConfiguration(
+                Uri: new Uri("https://localhost"),
+                Scheme: "Bearer",
+                Token: "AUTH-TOKEN")),
+            Template = "template"
+        };
+
+        Assert.True(_sut.ValidateConfiguration(IntegrationType.Webhook, configuration));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_ValidWebhookConfigurationWithFilters_ReturnsTrue()
+    {
+        var configuration = new OrganizationIntegrationConfiguration
+        {
+            Configuration = JsonSerializer.Serialize(new WebhookIntegrationConfiguration(
+                Uri: new Uri("https://example.com"),
+                Scheme: "Bearer",
+                Token: "AUTH-TOKEN")),
+            Template = "template",
+            Filters = JsonSerializer.Serialize(new IntegrationFilterGroup()
+            {
+                AndOperator = true,
+                Rules = [
+                    new IntegrationFilterRule()
+                    {
+                        Operation = IntegrationFilterOperation.Equals,
+                        Property = "CollectionId",
+                        Value = Guid.NewGuid()
+                    }
+                ],
+                Groups = []
+            })
+        };
+
+        Assert.True(_sut.ValidateConfiguration(IntegrationType.Webhook, configuration));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_UnknownIntegrationType_ReturnsFalse()
+    {
+        var unknownType = (IntegrationType)999;
+        var configuration = new OrganizationIntegrationConfiguration
+        {
+            Configuration = "{}",
+            Template = "template"
+        };
+
+        Assert.False(_sut.ValidateConfiguration(unknownType, configuration));
+    }
+}

test/Core.Test/AdminConsole/Services/OrganizationServiceTests.cs

@@ -9,6 +9,7 @@ using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Auth.Models.Business.Tokenables;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Billing.Pricing;
+using Bit.Core.Billing.Services;
 using Bit.Core.Context;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
@@ -1142,7 +1143,7 @@ public class OrganizationServiceTests
             .GetByIdentifierAsync(Arg.Is<string>(id => id == organization.Identifier));
         await stripeAdapter
             .Received(1)
-            .CustomerUpdateAsync(
+            .UpdateCustomerAsync(
                 Arg.Is<string>(id => id == organization.GatewayCustomerId),
                 Arg.Is<CustomerUpdateOptions>(options => options.Email == requestOptionsReturned.Email
                                                          && options.Description == requestOptionsReturned.Description
@@ -1182,7 +1183,7 @@ public class OrganizationServiceTests
             .GetByIdentifierAsync(Arg.Is<string>(id => id == organization.Identifier));
         await stripeAdapter
             .DidNotReceiveWithAnyArgs()
-            .CustomerUpdateAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>());
+            .UpdateCustomerAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>());
         await organizationRepository
             .Received(1)
             .ReplaceAsync(Arg.Is<Organization>(org => org == organization));

test/Core.Test/Auth/Entities/AuthRequestTests.cs

@@ -0,0 +1,224 @@
+using Bit.Core.Auth.Entities;
+using Bit.Core.Auth.Enums;
+using Xunit;
+
+namespace Bit.Core.Test.Auth.Entities;
+
+public class AuthRequestTests
+{
+    [Fact]
+    public void IsValidForAuthentication_WithValidRequest_ReturnsTrue()
+    {
+        // Arrange
+        var userId = Guid.NewGuid();
+        var accessCode = "test-access-code";
+        var authRequest = new AuthRequest
+        {
+            UserId = userId,
+            Type = AuthRequestType.AuthenticateAndUnlock,
+            ResponseDate = DateTime.UtcNow,
+            Approved = true,
+            CreationDate = DateTime.UtcNow,
+            AuthenticationDate = null,
+            AccessCode = accessCode
+        };
+
+        // Act
+        var result = authRequest.IsValidForAuthentication(userId, accessCode);
+
+        // Assert
+        Assert.True(result);
+    }
+
+    [Fact]
+    public void IsValidForAuthentication_WithWrongUserId_ReturnsFalse()
+    {
+        // Arrange
+        var userId = Guid.NewGuid();
+        var differentUserId = Guid.NewGuid();
+        var accessCode = "test-access-code";
+        var authRequest = new AuthRequest
+        {
+            UserId = userId,
+            Type = AuthRequestType.AuthenticateAndUnlock,
+            ResponseDate = DateTime.UtcNow,
+            Approved = true,
+            CreationDate = DateTime.UtcNow,
+            AuthenticationDate = null,
+            AccessCode = accessCode
+        };
+
+        // Act
+        var result = authRequest.IsValidForAuthentication(differentUserId, accessCode);
+
+        // Assert
+        Assert.False(result, "Auth request should not validate for a different user");
+    }
+
+    [Fact]
+    public void IsValidForAuthentication_WithWrongAccessCode_ReturnsFalse()
+    {
+        // Arrange
+        var userId = Guid.NewGuid();
+        var authRequest = new AuthRequest
+        {
+            UserId = userId,
+            Type = AuthRequestType.AuthenticateAndUnlock,
+            ResponseDate = DateTime.UtcNow,
+            Approved = true,
+            CreationDate = DateTime.UtcNow,
+            AuthenticationDate = null,
+            AccessCode = "correct-code"
+        };
+
+        // Act
+        var result = authRequest.IsValidForAuthentication(userId, "wrong-code");
+
+        // Assert
+        Assert.False(result);
+    }
+
+    [Fact]
+    public void IsValidForAuthentication_WithoutResponseDate_ReturnsFalse()
+    {
+        // Arrange
+        var userId = Guid.NewGuid();
+        var accessCode = "test-access-code";
+        var authRequest = new AuthRequest
+        {
+            UserId = userId,
+            Type = AuthRequestType.AuthenticateAndUnlock,
+            ResponseDate = null, // Not responded to
+            Approved = true,
+            CreationDate = DateTime.UtcNow,
+            AuthenticationDate = null,
+            AccessCode = accessCode
+        };
+
+        // Act
+        var result = authRequest.IsValidForAuthentication(userId, accessCode);
+
+        // Assert
+        Assert.False(result, "Unanswered auth requests should not be valid");
+    }
+
+    [Fact]
+    public void IsValidForAuthentication_WithApprovedFalse_ReturnsFalse()
+    {
+        // Arrange
+        var userId = Guid.NewGuid();
+        var accessCode = "test-access-code";
+        var authRequest = new AuthRequest
+        {
+            UserId = userId,
+            Type = AuthRequestType.AuthenticateAndUnlock,
+            ResponseDate = DateTime.UtcNow,
+            Approved = false, // Denied
+            CreationDate = DateTime.UtcNow,
+            AuthenticationDate = null,
+            AccessCode = accessCode
+        };
+
+        // Act
+        var result = authRequest.IsValidForAuthentication(userId, accessCode);
+
+        // Assert
+        Assert.False(result, "Denied auth requests should not be valid");
+    }
+
+    [Fact]
+    public void IsValidForAuthentication_WithApprovedNull_ReturnsFalse()
+    {
+        // Arrange
+        var userId = Guid.NewGuid();
+        var accessCode = "test-access-code";
+        var authRequest = new AuthRequest
+        {
+            UserId = userId,
+            Type = AuthRequestType.AuthenticateAndUnlock,
+            ResponseDate = DateTime.UtcNow,
+            Approved = null, // Pending
+            CreationDate = DateTime.UtcNow,
+            AuthenticationDate = null,
+            AccessCode = accessCode
+        };
+
+        // Act
+        var result = authRequest.IsValidForAuthentication(userId, accessCode);
+
+        // Assert
+        Assert.False(result, "Pending auth requests should not be valid");
+    }
+
+    [Fact]
+    public void IsValidForAuthentication_WithExpiredRequest_ReturnsFalse()
+    {
+        // Arrange
+        var userId = Guid.NewGuid();
+        var accessCode = "test-access-code";
+        var authRequest = new AuthRequest
+        {
+            UserId = userId,
+            Type = AuthRequestType.AuthenticateAndUnlock,
+            ResponseDate = DateTime.UtcNow,
+            Approved = true,
+            CreationDate = DateTime.UtcNow.AddMinutes(-20), // Expired (15 min timeout)
+            AuthenticationDate = null,
+            AccessCode = accessCode
+        };
+
+        // Act
+        var result = authRequest.IsValidForAuthentication(userId, accessCode);
+
+        // Assert
+        Assert.False(result, "Expired auth requests should not be valid");
+    }
+
+    [Fact]
+    public void IsValidForAuthentication_WithWrongType_ReturnsFalse()
+    {
+        // Arrange
+        var userId = Guid.NewGuid();
+        var accessCode = "test-access-code";
+        var authRequest = new AuthRequest
+        {
+            UserId = userId,
+            Type = AuthRequestType.Unlock, // Wrong type
+            ResponseDate = DateTime.UtcNow,
+            Approved = true,
+            CreationDate = DateTime.UtcNow,
+            AuthenticationDate = null,
+            AccessCode = accessCode
+        };
+
+        // Act
+        var result = authRequest.IsValidForAuthentication(userId, accessCode);
+
+        // Assert
+        Assert.False(result, "Only AuthenticateAndUnlock type should be valid");
+    }
+
+    [Fact]
+    public void IsValidForAuthentication_WithAlreadyUsed_ReturnsFalse()
+    {
+        // Arrange
+        var userId = Guid.NewGuid();
+        var accessCode = "test-access-code";
+        var authRequest = new AuthRequest
+        {
+            UserId = userId,
+            Type = AuthRequestType.AuthenticateAndUnlock,
+            ResponseDate = DateTime.UtcNow,
+            Approved = true,
+            CreationDate = DateTime.UtcNow,
+            AuthenticationDate = DateTime.UtcNow, // Already used
+            AccessCode = accessCode
+        };
+
+        // Act
+        var result = authRequest.IsValidForAuthentication(userId, accessCode);
+
+        // Assert
+        Assert.False(result, "Auth requests should only be valid for one-time use");
+    }
+}

test/Core.Test/Auth/Services/SsoConfigServiceTests.cs

@@ -2,7 +2,6 @@
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Models.Data;
 using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
-using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyUpdateEvents.Interfaces;
 using Bit.Core.AdminConsole.Repositories;
@@ -14,7 +13,6 @@ using Bit.Core.Auth.Services;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Repositories;
-using Bit.Core.Services;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using NSubstitute;
@@ -342,26 +340,26 @@ public class SsoConfigServiceTests
 
         await sutProvider.Sut.SaveAsync(ssoConfig, organization);
 
-        await sutProvider.GetDependency<ISavePolicyCommand>().Received(1)
+        await sutProvider.GetDependency<IVNextSavePolicyCommand>().Received(1)
             .SaveAsync(
-                Arg.Is<PolicyUpdate>(t => t.Type == PolicyType.SingleOrg &&
-                    t.OrganizationId == organization.Id &&
-                    t.Enabled)
+                Arg.Is<SavePolicyModel>(t => t.PolicyUpdate.Type == PolicyType.SingleOrg &&
+                                             t.PolicyUpdate.OrganizationId == organization.Id &&
+                                             t.PolicyUpdate.Enabled)
             );
 
-        await sutProvider.GetDependency<ISavePolicyCommand>().Received(1)
+        await sutProvider.GetDependency<IVNextSavePolicyCommand>().Received(1)
             .SaveAsync(
-                Arg.Is<PolicyUpdate>(t => t.Type == PolicyType.ResetPassword &&
-                    t.GetDataModel<ResetPasswordDataModel>().AutoEnrollEnabled &&
-                    t.OrganizationId == organization.Id &&
-                    t.Enabled)
+                Arg.Is<SavePolicyModel>(t => t.PolicyUpdate.Type == PolicyType.ResetPassword &&
+                                             t.PolicyUpdate.GetDataModel<ResetPasswordDataModel>().AutoEnrollEnabled &&
+                                             t.PolicyUpdate.OrganizationId == organization.Id &&
+                                             t.PolicyUpdate.Enabled)
             );
 
-        await sutProvider.GetDependency<ISavePolicyCommand>().Received(1)
+        await sutProvider.GetDependency<IVNextSavePolicyCommand>().Received(1)
             .SaveAsync(
-                Arg.Is<PolicyUpdate>(t => t.Type == PolicyType.RequireSso &&
-                    t.OrganizationId == organization.Id &&
-                    t.Enabled)
+                Arg.Is<SavePolicyModel>(t => t.PolicyUpdate.Type == PolicyType.RequireSso &&
+                                             t.PolicyUpdate.OrganizationId == organization.Id &&
+                                             t.PolicyUpdate.Enabled)
             );
 
         await sutProvider.GetDependency<ISsoConfigRepository>().ReceivedWithAnyArgs()
@@ -369,7 +367,7 @@ public class SsoConfigServiceTests
     }
 
     [Theory, BitAutoData]
-    public async Task SaveAsync_Tde_WhenPolicyValidatorsRefactorEnabled_UsesVNextSavePolicyCommand(
+    public async Task SaveAsync_Tde_UsesVNextSavePolicyCommand(
         SutProvider<SsoConfigService> sutProvider, Organization organization)
     {
         var ssoConfig = new SsoConfig
@@ -383,10 +381,6 @@ public class SsoConfigServiceTests
             OrganizationId = organization.Id,
         };
 
-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.PolicyValidatorsRefactor)
-            .Returns(true);
-
         await sutProvider.Sut.SaveAsync(ssoConfig, organization);
 
         await sutProvider.GetDependency<IVNextSavePolicyCommand>()

test/Core.Test/Auth/UserFeatures/Registration/RegisterUserCommandTests.cs

@@ -1017,6 +1017,7 @@ public class RegisterUserCommandTests
     [Theory]
     [BitAutoData(PlanType.FamiliesAnnually)]
     [BitAutoData(PlanType.FamiliesAnnually2019)]
+    [BitAutoData(PlanType.FamiliesAnnually2025)]
     [BitAutoData(PlanType.Free)]
     public async Task SendWelcomeEmail_FamilyOrg_SendsFamilyWelcomeEmail(
         PlanType planType,
@@ -1381,4 +1382,90 @@ public class RegisterUserCommandTests
             .Received(1)
             .SendOrganizationUserWelcomeEmailAsync(user, organization.DisplayName());
     }
+
+    [Theory, BitAutoData]
+    public async Task RegisterSSOAutoProvisionedUserAsync_WithBlockedDomain_ThrowsException(
+        User user,
+        Organization organization,
+        SutProvider<RegisterUserCommand> sutProvider)
+    {
+        // Arrange
+        user.Email = "user@blocked-domain.com";
+
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation)
+            .Returns(true);
+
+        sutProvider.GetDependency<IOrganizationDomainRepository>()
+            .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync("blocked-domain.com", organization.Id)
+            .Returns(true);
+
+        // Act & Assert
+        var exception = await Assert.ThrowsAsync<BadRequestException>(() =>
+            sutProvider.Sut.RegisterSSOAutoProvisionedUserAsync(user, organization));
+        Assert.Equal("This email address is claimed by an organization using Bitwarden.", exception.Message);
+    }
+
+    [Theory, BitAutoData]
+    public async Task RegisterSSOAutoProvisionedUserAsync_WithOwnClaimedDomain_Succeeds(
+        User user,
+        Organization organization,
+        SutProvider<RegisterUserCommand> sutProvider)
+    {
+        // Arrange
+        user.Email = "user@company-domain.com";
+
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation)
+            .Returns(true);
+
+        // Domain is claimed by THIS organization, so it should be allowed
+        sutProvider.GetDependency<IOrganizationDomainRepository>()
+            .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync("company-domain.com", organization.Id)
+            .Returns(false); // Not blocked because organization.Id is excluded
+
+        sutProvider.GetDependency<IUserService>()
+            .CreateUserAsync(user)
+            .Returns(IdentityResult.Success);
+
+        // Act
+        var result = await sutProvider.Sut.RegisterSSOAutoProvisionedUserAsync(user, organization);
+
+        // Assert
+        Assert.True(result.Succeeded);
+        await sutProvider.GetDependency<IUserService>()
+            .Received(1)
+            .CreateUserAsync(user);
+    }
+
+    [Theory, BitAutoData]
+    public async Task RegisterSSOAutoProvisionedUserAsync_WithNonClaimedDomain_Succeeds(
+        User user,
+        Organization organization,
+        SutProvider<RegisterUserCommand> sutProvider)
+    {
+        // Arrange
+        user.Email = "user@unclaimed-domain.com";
+
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation)
+            .Returns(true);
+
+        sutProvider.GetDependency<IOrganizationDomainRepository>()
+            .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync("unclaimed-domain.com", organization.Id)
+            .Returns(false); // Domain is not claimed by any org
+
+        sutProvider.GetDependency<IUserService>()
+            .CreateUserAsync(user)
+            .Returns(IdentityResult.Success);
+
+        // Act
+        var result = await sutProvider.Sut.RegisterSSOAutoProvisionedUserAsync(user, organization);
+
+        // Assert
+        Assert.True(result.Succeeded);
+        await sutProvider.GetDependency<IUserService>()
+            .Received(1)
+            .CreateUserAsync(user);
+    }
 }

test/Core.Test/Auth/UserFeatures/Sso/UserSsoOrganizationIdentifierQueryTests.cs

@@ -0,0 +1,275 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.Auth.Sso;
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Repositories;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.Auth.UserFeatures.Sso;
+
+[SutProviderCustomize]
+public class UserSsoOrganizationIdentifierQueryTests
+{
+    [Theory, BitAutoData]
+    public async Task GetSsoOrganizationIdentifierAsync_UserHasSingleConfirmedOrganization_ReturnsIdentifier(
+        SutProvider<UserSsoOrganizationIdentifierQuery> sutProvider,
+        Guid userId,
+        Organization organization,
+        OrganizationUser organizationUser)
+    {
+        // Arrange
+        organizationUser.UserId = userId;
+        organizationUser.OrganizationId = organization.Id;
+        organizationUser.Status = OrganizationUserStatusType.Confirmed;
+        organization.Identifier = "test-org-identifier";
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(userId)
+            .Returns([organizationUser]);
+
+        sutProvider.GetDependency<IOrganizationRepository>()
+            .GetByIdAsync(organization.Id)
+            .Returns(organization);
+
+        // Act
+        var result = await sutProvider.Sut.GetSsoOrganizationIdentifierAsync(userId);
+
+        // Assert
+        Assert.Equal("test-org-identifier", result);
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
+            .Received(1)
+            .GetManyByUserAsync(userId);
+        await sutProvider.GetDependency<IOrganizationRepository>()
+            .Received(1)
+            .GetByIdAsync(organization.Id);
+    }
+
+    [Theory, BitAutoData]
+    public async Task GetSsoOrganizationIdentifierAsync_UserHasNoOrganizations_ReturnsNull(
+        SutProvider<UserSsoOrganizationIdentifierQuery> sutProvider,
+        Guid userId)
+    {
+        // Arrange
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(userId)
+            .Returns(Array.Empty<OrganizationUser>());
+
+        // Act
+        var result = await sutProvider.Sut.GetSsoOrganizationIdentifierAsync(userId);
+
+        // Assert
+        Assert.Null(result);
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
+            .Received(1)
+            .GetManyByUserAsync(userId);
+        await sutProvider.GetDependency<IOrganizationRepository>()
+            .DidNotReceive()
+            .GetByIdAsync(Arg.Any<Guid>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task GetSsoOrganizationIdentifierAsync_UserHasMultipleConfirmedOrganizations_ReturnsNull(
+        SutProvider<UserSsoOrganizationIdentifierQuery> sutProvider,
+        Guid userId,
+        OrganizationUser organizationUser1,
+        OrganizationUser organizationUser2)
+    {
+        // Arrange
+        organizationUser1.UserId = userId;
+        organizationUser1.Status = OrganizationUserStatusType.Confirmed;
+        organizationUser2.UserId = userId;
+        organizationUser2.Status = OrganizationUserStatusType.Confirmed;
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(userId)
+            .Returns([organizationUser1, organizationUser2]);
+
+        // Act
+        var result = await sutProvider.Sut.GetSsoOrganizationIdentifierAsync(userId);
+
+        // Assert
+        Assert.Null(result);
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
+            .Received(1)
+            .GetManyByUserAsync(userId);
+        await sutProvider.GetDependency<IOrganizationRepository>()
+            .DidNotReceive()
+            .GetByIdAsync(Arg.Any<Guid>());
+    }
+
+    [Theory]
+    [BitAutoData(OrganizationUserStatusType.Invited)]
+    [BitAutoData(OrganizationUserStatusType.Accepted)]
+    [BitAutoData(OrganizationUserStatusType.Revoked)]
+    public async Task GetSsoOrganizationIdentifierAsync_UserHasOnlyInvitedOrganization_ReturnsNull(
+        OrganizationUserStatusType status,
+        SutProvider<UserSsoOrganizationIdentifierQuery> sutProvider,
+        Guid userId,
+        OrganizationUser organizationUser)
+    {
+        // Arrange
+        organizationUser.UserId = userId;
+        organizationUser.Status = status;
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(userId)
+            .Returns([organizationUser]);
+
+        // Act
+        var result = await sutProvider.Sut.GetSsoOrganizationIdentifierAsync(userId);
+
+        // Assert
+        Assert.Null(result);
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
+            .Received(1)
+            .GetManyByUserAsync(userId);
+        await sutProvider.GetDependency<IOrganizationRepository>()
+            .DidNotReceive()
+            .GetByIdAsync(Arg.Any<Guid>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task GetSsoOrganizationIdentifierAsync_UserHasMixedStatusOrganizations_OnlyOneConfirmed_ReturnsIdentifier(
+        SutProvider<UserSsoOrganizationIdentifierQuery> sutProvider,
+        Guid userId,
+        Organization organization,
+        OrganizationUser confirmedOrgUser,
+        OrganizationUser invitedOrgUser,
+        OrganizationUser revokedOrgUser)
+    {
+        // Arrange
+        confirmedOrgUser.UserId = userId;
+        confirmedOrgUser.OrganizationId = organization.Id;
+        confirmedOrgUser.Status = OrganizationUserStatusType.Confirmed;
+
+        invitedOrgUser.UserId = userId;
+        invitedOrgUser.Status = OrganizationUserStatusType.Invited;
+
+        revokedOrgUser.UserId = userId;
+        revokedOrgUser.Status = OrganizationUserStatusType.Revoked;
+
+        organization.Identifier = "mixed-status-org";
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(userId)
+            .Returns(new[] { confirmedOrgUser, invitedOrgUser, revokedOrgUser });
+
+        sutProvider.GetDependency<IOrganizationRepository>()
+            .GetByIdAsync(organization.Id)
+            .Returns(organization);
+
+        // Act
+        var result = await sutProvider.Sut.GetSsoOrganizationIdentifierAsync(userId);
+
+        // Assert
+        Assert.Equal("mixed-status-org", result);
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
+            .Received(1)
+            .GetManyByUserAsync(userId);
+        await sutProvider.GetDependency<IOrganizationRepository>()
+            .Received(1)
+            .GetByIdAsync(organization.Id);
+    }
+
+    [Theory, BitAutoData]
+    public async Task GetSsoOrganizationIdentifierAsync_OrganizationNotFound_ReturnsNull(
+        SutProvider<UserSsoOrganizationIdentifierQuery> sutProvider,
+        Guid userId,
+        OrganizationUser organizationUser)
+    {
+        // Arrange
+        organizationUser.UserId = userId;
+        organizationUser.Status = OrganizationUserStatusType.Confirmed;
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(userId)
+            .Returns([organizationUser]);
+
+        sutProvider.GetDependency<IOrganizationRepository>()
+            .GetByIdAsync(organizationUser.OrganizationId)
+            .Returns((Organization)null);
+
+        // Act
+        var result = await sutProvider.Sut.GetSsoOrganizationIdentifierAsync(userId);
+
+        // Assert
+        Assert.Null(result);
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
+            .Received(1)
+            .GetManyByUserAsync(userId);
+        await sutProvider.GetDependency<IOrganizationRepository>()
+            .Received(1)
+            .GetByIdAsync(organizationUser.OrganizationId);
+    }
+
+    [Theory, BitAutoData]
+    public async Task GetSsoOrganizationIdentifierAsync_OrganizationIdentifierIsNull_ReturnsNull(
+        SutProvider<UserSsoOrganizationIdentifierQuery> sutProvider,
+        Guid userId,
+        Organization organization,
+        OrganizationUser organizationUser)
+    {
+        // Arrange
+        organizationUser.UserId = userId;
+        organizationUser.OrganizationId = organization.Id;
+        organizationUser.Status = OrganizationUserStatusType.Confirmed;
+        organization.Identifier = null;
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(userId)
+            .Returns(new[] { organizationUser });
+
+        sutProvider.GetDependency<IOrganizationRepository>()
+            .GetByIdAsync(organization.Id)
+            .Returns(organization);
+
+        // Act
+        var result = await sutProvider.Sut.GetSsoOrganizationIdentifierAsync(userId);
+
+        // Assert
+        Assert.Null(result);
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
+            .Received(1)
+            .GetManyByUserAsync(userId);
+        await sutProvider.GetDependency<IOrganizationRepository>()
+            .Received(1)
+            .GetByIdAsync(organization.Id);
+    }
+
+    [Theory, BitAutoData]
+    public async Task GetSsoOrganizationIdentifierAsync_OrganizationIdentifierIsEmpty_ReturnsEmpty(
+        SutProvider<UserSsoOrganizationIdentifierQuery> sutProvider,
+        Guid userId,
+        Organization organization,
+        OrganizationUser organizationUser)
+    {
+        // Arrange
+        organizationUser.UserId = userId;
+        organizationUser.OrganizationId = organization.Id;
+        organizationUser.Status = OrganizationUserStatusType.Confirmed;
+        organization.Identifier = string.Empty;
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(userId)
+            .Returns(new[] { organizationUser });
+
+        sutProvider.GetDependency<IOrganizationRepository>()
+            .GetByIdAsync(organization.Id)
+            .Returns(organization);
+
+        // Act
+        var result = await sutProvider.Sut.GetSsoOrganizationIdentifierAsync(userId);
+
+        // Assert
+        Assert.Equal(string.Empty, result);
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
+            .Received(1)
+            .GetManyByUserAsync(userId);
+        await sutProvider.GetDependency<IOrganizationRepository>()
+            .Received(1)
+            .GetByIdAsync(organization.Id);
+    }
+}

test/Core.Test/Auth/UserFeatures/TwoFactorAuth/TwoFactorIsEnabledQueryTests.cs

@@ -1,10 +1,13 @@
 using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models;
 using Bit.Core.Auth.UserFeatures.TwoFactorAuth;
+using Bit.Core.Billing.Premium.Queries;
 using Bit.Core.Entities;
+using Bit.Core.Exceptions;
 using Bit.Core.Models.Data;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Repositories;
+using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
@@ -404,6 +407,277 @@ public class TwoFactorIsEnabledQueryTests
             .GetCalculatedPremiumAsync(default);
     }
 
+    [Theory]
+    [BitAutoData((IEnumerable<Guid>)null)]
+    [BitAutoData([])]
+    public async Task TwoFactorIsEnabledAsync_WhenPremiumAccessQueryEnabled_WithNoUserIds_ReturnsEmpty(
+        IEnumerable<Guid> userIds,
+        SutProvider<TwoFactorIsEnabledQuery> sutProvider)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.PremiumAccessQuery)
+            .Returns(true);
+
+        // Act
+        var result = await sutProvider.Sut.TwoFactorIsEnabledAsync(userIds);
+
+        // Assert
+        Assert.Empty(result);
+    }
+
+    [Theory]
+    [BitAutoData(TwoFactorProviderType.Duo)]
+    [BitAutoData(TwoFactorProviderType.YubiKey)]
+    public async Task TwoFactorIsEnabledAsync_WhenPremiumAccessQueryEnabled_WithMixedScenarios_ReturnsCorrectResults(
+        TwoFactorProviderType premiumProviderType,
+        SutProvider<TwoFactorIsEnabledQuery> sutProvider,
+        User user1,
+        User user2,
+        User user3)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.PremiumAccessQuery)
+            .Returns(true);
+
+        var users = new List<User> { user1, user2, user3 };
+        var userIds = users.Select(u => u.Id).ToList();
+
+        // User 1: Non-premium provider → 2FA enabled
+        user1.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
+        {
+            { TwoFactorProviderType.Authenticator, new TwoFactorProvider { Enabled = true } }
+        });
+
+        // User 2: Premium provider + has premium → 2FA enabled
+        user2.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
+        {
+            { premiumProviderType, new TwoFactorProvider { Enabled = true } }
+        });
+
+        // User 3: Premium provider + no premium → 2FA disabled
+        user3.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
+        {
+            { premiumProviderType, new TwoFactorProvider { Enabled = true } }
+        });
+
+        var premiumStatus = new Dictionary<Guid, bool>
+        {
+            { user2.Id, true },
+            { user3.Id, false }
+        };
+
+        sutProvider.GetDependency<IUserRepository>()
+            .GetManyAsync(Arg.Is<IEnumerable<Guid>>(ids => ids.SequenceEqual(userIds)))
+            .Returns(users);
+
+        sutProvider.GetDependency<IHasPremiumAccessQuery>()
+            .HasPremiumAccessAsync(Arg.Is<IEnumerable<Guid>>(ids =>
+                ids.Count() == 2 && ids.Contains(user2.Id) && ids.Contains(user3.Id)))
+            .Returns(premiumStatus);
+
+        // Act
+        var result = await sutProvider.Sut.TwoFactorIsEnabledAsync(userIds);
+
+        // Assert
+        Assert.Contains(result, res => res.userId == user1.Id && res.twoFactorIsEnabled == true);  // Non-premium provider
+        Assert.Contains(result, res => res.userId == user2.Id && res.twoFactorIsEnabled == true);  // Premium + has premium
+        Assert.Contains(result, res => res.userId == user3.Id && res.twoFactorIsEnabled == false); // Premium + no premium
+    }
+
+    [Theory]
+    [BitAutoData(TwoFactorProviderType.Duo)]
+    [BitAutoData(TwoFactorProviderType.YubiKey)]
+    public async Task TwoFactorIsEnabledAsync_WhenPremiumAccessQueryEnabled_OnlyChecksPremiumAccessForUsersWhoNeedIt(
+        TwoFactorProviderType premiumProviderType,
+        SutProvider<TwoFactorIsEnabledQuery> sutProvider,
+        User user1,
+        User user2,
+        User user3)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.PremiumAccessQuery)
+            .Returns(true);
+
+        var users = new List<User> { user1, user2, user3 };
+        var userIds = users.Select(u => u.Id).ToList();
+
+        // User 1: Has non-premium provider - should NOT trigger premium check
+        user1.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
+        {
+            { TwoFactorProviderType.Authenticator, new TwoFactorProvider { Enabled = true } }
+        });
+
+        // User 2 & 3: Have only premium providers - SHOULD trigger premium check
+        user2.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
+        {
+            { premiumProviderType, new TwoFactorProvider { Enabled = true } }
+        });
+        user3.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
+        {
+            { premiumProviderType, new TwoFactorProvider { Enabled = true } }
+        });
+
+        var premiumStatus = new Dictionary<Guid, bool>
+        {
+            { user2.Id, true },
+            { user3.Id, false }
+        };
+
+        sutProvider.GetDependency<IUserRepository>()
+            .GetManyAsync(Arg.Is<IEnumerable<Guid>>(ids => ids.SequenceEqual(userIds)))
+            .Returns(users);
+
+        sutProvider.GetDependency<IHasPremiumAccessQuery>()
+            .HasPremiumAccessAsync(Arg.Is<IEnumerable<Guid>>(ids =>
+                ids.Count() == 2 && ids.Contains(user2.Id) && ids.Contains(user3.Id)))
+            .Returns(premiumStatus);
+
+        // Act
+        var result = await sutProvider.Sut.TwoFactorIsEnabledAsync(userIds);
+
+        // Assert - Verify optimization: premium checked ONLY for users 2 and 3 (not user 1)
+        await sutProvider.GetDependency<IHasPremiumAccessQuery>()
+            .Received(1)
+            .HasPremiumAccessAsync(Arg.Is<IEnumerable<Guid>>(ids =>
+                ids.Count() == 2 && ids.Contains(user2.Id) && ids.Contains(user3.Id)));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task TwoFactorIsEnabledAsync_WhenPremiumAccessQueryEnabled_WithNoUserIds_ReturnsAllTwoFactorDisabled(
+        SutProvider<TwoFactorIsEnabledQuery> sutProvider,
+        List<OrganizationUserUserDetails> users)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.PremiumAccessQuery)
+            .Returns(true);
+
+        foreach (var user in users)
+        {
+            user.UserId = null;
+        }
+
+        // Act
+        var result = await sutProvider.Sut.TwoFactorIsEnabledAsync(users);
+
+        // Assert
+        foreach (var user in users)
+        {
+            Assert.Contains(result, res => res.user.Equals(user) && res.twoFactorIsEnabled == false);
+        }
+
+        // No UserIds were supplied so no calls to the UserRepository should have been made
+        await sutProvider.GetDependency<IUserRepository>()
+            .DidNotReceiveWithAnyArgs()
+            .GetManyAsync(default);
+    }
+
+    [Theory]
+    [BitAutoData(TwoFactorProviderType.Authenticator, true)]  // Non-premium provider
+    [BitAutoData(TwoFactorProviderType.Duo, true)]            // Premium provider with premium access
+    [BitAutoData(TwoFactorProviderType.YubiKey, false)]       // Premium provider without premium access
+    public async Task TwoFactorIsEnabledAsync_WhenPremiumAccessQueryEnabled_SingleUser_VariousScenarios(
+        TwoFactorProviderType providerType,
+        bool hasPremiumAccess,
+        SutProvider<TwoFactorIsEnabledQuery> sutProvider,
+        User user)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.PremiumAccessQuery)
+            .Returns(true);
+
+        user.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
+        {
+            { providerType, new TwoFactorProvider { Enabled = true } }
+        });
+
+        sutProvider.GetDependency<IHasPremiumAccessQuery>()
+            .HasPremiumAccessAsync(user.Id)
+            .Returns(hasPremiumAccess);
+
+        // Act
+        var result = await sutProvider.Sut.TwoFactorIsEnabledAsync(user);
+
+        // Assert
+        var requiresPremium = TwoFactorProvider.RequiresPremium(providerType);
+        var expectedResult = !requiresPremium || hasPremiumAccess;
+        Assert.Equal(expectedResult, result);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task TwoFactorIsEnabledAsync_WhenPremiumAccessQueryEnabled_WithNoEnabledProviders_ReturnsFalse(
+        SutProvider<TwoFactorIsEnabledQuery> sutProvider,
+        User user)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.PremiumAccessQuery)
+            .Returns(true);
+
+        user.SetTwoFactorProviders(new Dictionary<TwoFactorProviderType, TwoFactorProvider>
+        {
+            { TwoFactorProviderType.Email, new TwoFactorProvider { Enabled = false } }
+        });
+
+        // Act
+        var result = await sutProvider.Sut.TwoFactorIsEnabledAsync(user);
+
+        // Assert
+        Assert.False(result);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task TwoFactorIsEnabledAsync_WhenPremiumAccessQueryEnabled_WithNullProviders_ReturnsFalse(
+        SutProvider<TwoFactorIsEnabledQuery> sutProvider,
+        User user)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.PremiumAccessQuery)
+            .Returns(true);
+
+        user.TwoFactorProviders = null;
+
+        // Act
+        var result = await sutProvider.Sut.TwoFactorIsEnabledAsync(user);
+
+        // Assert
+        Assert.False(result);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task TwoFactorIsEnabledAsync_WhenPremiumAccessQueryEnabled_UserNotFound_ThrowsNotFoundException(
+        SutProvider<TwoFactorIsEnabledQuery> sutProvider,
+        Guid userId)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.PremiumAccessQuery)
+            .Returns(true);
+
+        var testUser = new TestTwoFactorProviderUser
+        {
+            Id = userId,
+            TwoFactorProviders = null
+        };
+
+        sutProvider.GetDependency<IUserRepository>()
+            .GetByIdAsync(userId)
+            .Returns((User)null);
+
+        // Act & Assert
+        await Assert.ThrowsAsync<NotFoundException>(
+            async () => await sutProvider.Sut.TwoFactorIsEnabledAsync(testUser));
+    }
+
     private class TestTwoFactorProviderUser : ITwoFactorProvidersUser
     {
         public Guid? Id { get; set; }
@@ -418,10 +692,5 @@ public class TwoFactorIsEnabledQueryTests
         {
             return Id;
         }
-
-        public bool GetPremium()
-        {
-            return Premium;
-        }
     }
 }

test/Core.Test/Billing/Extensions/InvoiceExtensionsTests.cs

@@ -1,4 +1,5 @@
-using Bit.Core.Billing.Extensions;
+using System.Globalization;
+using Bit.Core.Billing.Extensions;
 using Stripe;
 using Xunit;
 
@@ -356,9 +357,18 @@ public class InvoiceExtensionsTests
     [Fact]
     public void FormatForProvider_ComplexScenario_HandlesAllLineTypes()
     {
-        // Arrange
-        var lineItems = new StripeList<InvoiceLineItem>();
-        lineItems.Data = new List<InvoiceLineItem>
+        // Set culture to en-US to ensure consistent decimal formatting in tests
+        // This ensures tests pass on all machines regardless of system locale
+        var originalCulture = Thread.CurrentThread.CurrentCulture;
+        var originalUICulture = Thread.CurrentThread.CurrentUICulture;
+        try
+        {
+            Thread.CurrentThread.CurrentCulture = new CultureInfo("en-US");
+            Thread.CurrentThread.CurrentUICulture = new CultureInfo("en-US");
+
+            // Arrange
+            var lineItems = new StripeList<InvoiceLineItem>();
+            lineItems.Data = new List<InvoiceLineItem>
         {
             new InvoiceLineItem
             {
@@ -372,23 +382,29 @@ public class InvoiceExtensionsTests
             new InvoiceLineItem { Description = "Custom Service", Quantity = 2, Amount = 2000 }
         };
 
-        var invoice = new Invoice
+            var invoice = new Invoice
+            {
+                Lines = lineItems,
+                TotalTaxes = [new InvoiceTotalTax { Amount = 200 }] // Additional $2.00 tax
+            };
+            var subscription = new Subscription();
+
+            // Act
+            var result = invoice.FormatForProvider(subscription);
+
+            // Assert
+            Assert.Equal(5, result.Count);
+            Assert.Equal("5 × Manage service provider (at $6.00 / month)", result[0]);
+            Assert.Equal("10 × Manage service provider (at $4.00 / month)", result[1]);
+            Assert.Equal("1 × Tax (at $8.00 / month)", result[2]);
+            Assert.Equal("Custom Service", result[3]);
+            Assert.Equal("1 × Tax (at $2.00 / month)", result[4]);
+        }
+        finally
         {
-            Lines = lineItems,
-            TotalTaxes = [new InvoiceTotalTax { Amount = 200 }] // Additional $2.00 tax
-        };
-        var subscription = new Subscription();
-
-        // Act
-        var result = invoice.FormatForProvider(subscription);
-
-        // Assert
-        Assert.Equal(5, result.Count);
-        Assert.Equal("5 × Manage service provider (at $6.00 / month)", result[0]);
-        Assert.Equal("10 × Manage service provider (at $4.00 / month)", result[1]);
-        Assert.Equal("1 × Tax (at $8.00 / month)", result[2]);
-        Assert.Equal("Custom Service", result[3]);
-        Assert.Equal("1 × Tax (at $2.00 / month)", result[4]);
+            Thread.CurrentThread.CurrentCulture = originalCulture;
+            Thread.CurrentThread.CurrentUICulture = originalUICulture;
+        }
     }
 
     #endregion

test/Core.Test/Billing/Models/Business/OrganizationLicenseTests.cs

@@ -213,7 +213,8 @@ If you believe you need to change the version for a valid reason, please discuss
             LimitCollectionDeletion = true,
             AllowAdminAccessToAllCollectionItems = true,
             UseOrganizationDomains = true,
-            UseAdminSponsoredFamilies = false
+            UseAdminSponsoredFamilies = false,
+            UsePhishingBlocker = false,
         };
     }
 

test/Core.Test/Billing/Organizations/Commands/PreviewOrganizationTaxCommandTests.cs

@@ -4,7 +4,7 @@ using Bit.Core.Billing.Organizations.Commands;
 using Bit.Core.Billing.Organizations.Models;
 using Bit.Core.Billing.Payment.Models;
 using Bit.Core.Billing.Pricing;
-using Bit.Core.Services;
+using Bit.Core.Billing.Services;
 using Bit.Core.Test.Billing.Mocks.Plans;
 using Microsoft.Extensions.Logging;
 using NSubstitute;
@@ -58,7 +58,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 5500
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(purchase, billingAddress);
 
@@ -68,7 +68,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(55.00m, total);
 
         // Verify the correct Stripe API call for sponsored subscription
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "US" &&
@@ -116,7 +116,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 8250
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(purchase, billingAddress);
 
@@ -126,7 +126,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(82.50m, total);
 
         // Verify the correct Stripe API call for standalone secrets manager
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "CA" &&
@@ -179,7 +179,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 12200
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(purchase, billingAddress);
 
@@ -189,7 +189,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(122.00m, total);
 
         // Verify the correct Stripe API call for comprehensive purchase with storage and service accounts
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "GB" &&
@@ -240,7 +240,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 3300
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(purchase, billingAddress);
 
@@ -250,7 +250,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(33.00m, total);
 
         // Verify the correct Stripe API call for Families tier (non-seat-based plan)
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "US" &&
@@ -292,7 +292,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 2700
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(purchase, billingAddress);
 
@@ -302,7 +302,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(27.00m, total);
 
         // Verify the correct Stripe API call for business use in non-US country (tax exempt reverse)
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "DE" &&
@@ -345,7 +345,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 12100
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(purchase, billingAddress);
 
@@ -355,7 +355,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(121.00m, total);
 
         // Verify the correct Stripe API call for Spanish NIF that adds both Spanish NIF and EU VAT tax IDs
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "ES" &&
@@ -405,7 +405,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 1320
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(organization, planChange, billingAddress);
 
@@ -415,7 +415,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(13.20m, total);
 
         // Verify the correct Stripe API call for free organization upgrade to Teams
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "US" &&
@@ -458,7 +458,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 4400
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(organization, planChange, billingAddress);
 
@@ -468,7 +468,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(44.00m, total);
 
         // Verify the correct Stripe API call for free organization upgrade to Families (no SM for Families)
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "CA" &&
@@ -522,7 +522,7 @@ public class PreviewOrganizationTaxCommandTests
             Customer = new Customer { Discount = null }
         };
 
-        _stripeAdapter.SubscriptionGetAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
+        _stripeAdapter.GetSubscriptionAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
 
         var invoice = new Invoice
         {
@@ -534,7 +534,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 9900
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(organization, planChange, billingAddress);
 
@@ -543,7 +543,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(9.00m, tax);
         Assert.Equal(99.00m, total);
 
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "US" &&
@@ -597,7 +597,7 @@ public class PreviewOrganizationTaxCommandTests
             Customer = new Customer { Discount = null }
         };
 
-        _stripeAdapter.SubscriptionGetAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
+        _stripeAdapter.GetSubscriptionAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
 
         var invoice = new Invoice
         {
@@ -609,7 +609,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 13200
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(organization, planChange, billingAddress);
 
@@ -618,7 +618,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(12.00m, tax);
         Assert.Equal(132.00m, total);
 
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "US" &&
@@ -661,7 +661,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 8800
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(organization, planChange, billingAddress);
 
@@ -671,7 +671,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(88.00m, total);
 
         // Verify the correct Stripe API call for free organization with SM to Enterprise
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "GB" &&
@@ -730,7 +730,7 @@ public class PreviewOrganizationTaxCommandTests
             Customer = new Customer { Discount = null }
         };
 
-        _stripeAdapter.SubscriptionGetAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
+        _stripeAdapter.GetSubscriptionAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
 
         var invoice = new Invoice
         {
@@ -738,7 +738,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 16500
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(organization, planChange, billingAddress);
 
@@ -748,7 +748,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(165.00m, total);
 
         // Verify the correct Stripe API call for existing subscription upgrade
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "DE" &&
@@ -814,7 +814,7 @@ public class PreviewOrganizationTaxCommandTests
             }
         };
 
-        _stripeAdapter.SubscriptionGetAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
+        _stripeAdapter.GetSubscriptionAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
 
         var invoice = new Invoice
         {
@@ -822,7 +822,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 6600
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(organization, planChange, billingAddress);
 
@@ -832,7 +832,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(66.00m, total);
 
         // Verify the correct Stripe API call preserves existing discount
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "US" &&
@@ -876,8 +876,8 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal("Organization does not have a subscription.", badRequest.Response);
 
         // Verify no Stripe API calls were made
-        await _stripeAdapter.DidNotReceive().InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>());
-        await _stripeAdapter.DidNotReceive().SubscriptionGetAsync(Arg.Any<string>(), Arg.Any<SubscriptionGetOptions>());
+        await _stripeAdapter.DidNotReceive().CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>());
+        await _stripeAdapter.DidNotReceive().GetSubscriptionAsync(Arg.Any<string>(), Arg.Any<SubscriptionGetOptions>());
     }
 
     #endregion
@@ -919,7 +919,7 @@ public class PreviewOrganizationTaxCommandTests
             Customer = customer
         };
 
-        _stripeAdapter.SubscriptionGetAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
+        _stripeAdapter.GetSubscriptionAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
 
         var invoice = new Invoice
         {
@@ -927,7 +927,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 6600
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(organization, update);
 
@@ -937,7 +937,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(66.00m, total);
 
         // Verify the correct Stripe API call for PM seats only
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "US" &&
@@ -984,7 +984,7 @@ public class PreviewOrganizationTaxCommandTests
             Customer = customer
         };
 
-        _stripeAdapter.SubscriptionGetAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
+        _stripeAdapter.GetSubscriptionAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
 
         var invoice = new Invoice
         {
@@ -992,7 +992,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 13200
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(organization, update);
 
@@ -1002,7 +1002,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(132.00m, total);
 
         // Verify the correct Stripe API call for PM seats + storage
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "CA" &&
@@ -1051,7 +1051,7 @@ public class PreviewOrganizationTaxCommandTests
             Customer = customer
         };
 
-        _stripeAdapter.SubscriptionGetAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
+        _stripeAdapter.GetSubscriptionAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
 
         var invoice = new Invoice
         {
@@ -1059,7 +1059,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 8800
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(organization, update);
 
@@ -1069,7 +1069,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(88.00m, total);
 
         // Verify the correct Stripe API call for SM seats only
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "DE" &&
@@ -1119,7 +1119,7 @@ public class PreviewOrganizationTaxCommandTests
             Customer = customer
         };
 
-        _stripeAdapter.SubscriptionGetAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
+        _stripeAdapter.GetSubscriptionAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
 
         var invoice = new Invoice
         {
@@ -1127,7 +1127,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 16500
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(organization, update);
 
@@ -1137,7 +1137,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(165.00m, total);
 
         // Verify the correct Stripe API call for SM seats + service accounts with tax ID
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "GB" &&
@@ -1200,7 +1200,7 @@ public class PreviewOrganizationTaxCommandTests
             Customer = customer
         };
 
-        _stripeAdapter.SubscriptionGetAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
+        _stripeAdapter.GetSubscriptionAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
 
         var invoice = new Invoice
         {
@@ -1208,7 +1208,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 27500
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(organization, update);
 
@@ -1218,7 +1218,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(275.00m, total);
 
         // Verify the correct Stripe API call for comprehensive update with discount and Spanish tax ID
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "ES" &&
@@ -1276,7 +1276,7 @@ public class PreviewOrganizationTaxCommandTests
             Customer = customer
         };
 
-        _stripeAdapter.SubscriptionGetAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
+        _stripeAdapter.GetSubscriptionAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
 
         var invoice = new Invoice
         {
@@ -1284,7 +1284,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 5500
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(organization, update);
 
@@ -1294,7 +1294,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(55.00m, total);
 
         // Verify the correct Stripe API call for Families tier (personal usage, no business tax exemption)
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "AU" &&
@@ -1334,8 +1334,8 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal("Organization does not have a subscription.", badRequest.Response);
 
         // Verify no Stripe API calls were made
-        await _stripeAdapter.DidNotReceive().InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>());
-        await _stripeAdapter.DidNotReceive().SubscriptionGetAsync(Arg.Any<string>(), Arg.Any<SubscriptionGetOptions>());
+        await _stripeAdapter.DidNotReceive().CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>());
+        await _stripeAdapter.DidNotReceive().GetSubscriptionAsync(Arg.Any<string>(), Arg.Any<SubscriptionGetOptions>());
     }
 
     [Fact]
@@ -1378,7 +1378,7 @@ public class PreviewOrganizationTaxCommandTests
             Customer = customer
         };
 
-        _stripeAdapter.SubscriptionGetAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
+        _stripeAdapter.GetSubscriptionAsync("sub_test123", Arg.Any<SubscriptionGetOptions>()).Returns(subscription);
 
         var invoice = new Invoice
         {
@@ -1386,7 +1386,7 @@ public class PreviewOrganizationTaxCommandTests
             Total = 3300
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(organization, update);
 
@@ -1396,7 +1396,7 @@ public class PreviewOrganizationTaxCommandTests
         Assert.Equal(33.00m, total);
 
         // Verify only PM seats are included (storage=0 excluded, SM seats=0 so entire SM excluded)
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "US" &&

test/Core.Test/Billing/Organizations/Commands/UpdateOrganizationLicenseCommandTests.cs

@@ -88,7 +88,7 @@ public class UpdateOrganizationLicenseCommandTests
                         "Hash", "Signature", "SignatureBytes", "InstallationId", "Expires",
                         "ExpirationWithoutGracePeriod", "Token", "LimitCollectionCreationDeletion",
                         "LimitCollectionCreation", "LimitCollectionDeletion", "AllowAdminAccessToAllCollectionItems",
-                        "UseOrganizationDomains", "UseAdminSponsoredFamilies", "UseAutomaticUserConfirmation") &&
+                        "UseOrganizationDomains", "UseAdminSponsoredFamilies", "UseAutomaticUserConfirmation", "UsePhishingBlocker") &&
                          // Same property but different name, use explicit mapping
                          org.ExpirationDate == license.Expires));
         }

test/Core.Test/Billing/Organizations/Queries/GetCloudOrganizationLicenseQueryTests.cs

@@ -8,7 +8,6 @@ using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Business;
 using Bit.Core.Platform.Installations;
-using Bit.Core.Services;
 using Bit.Core.Test.AutoFixture;
 using Bit.Core.Test.Billing.AutoFixture;
 using Bit.Test.Common.AutoFixture;
@@ -59,7 +58,7 @@ public class GetCloudOrganizationLicenseQueryTests
     {
         installation.Enabled = true;
         sutProvider.GetDependency<IInstallationRepository>().GetByIdAsync(installationId).Returns(installation);
-        sutProvider.GetDependency<IPaymentService>().GetSubscriptionAsync(organization).Returns(subInfo);
+        sutProvider.GetDependency<IStripePaymentService>().GetSubscriptionAsync(organization).Returns(subInfo);
         sutProvider.GetDependency<ILicensingService>().SignLicense(Arg.Any<ILicense>()).Returns(licenseSignature);
 
         var result = await sutProvider.Sut.GetLicenseAsync(organization, installationId);
@@ -80,7 +79,7 @@ public class GetCloudOrganizationLicenseQueryTests
     {
         installation.Enabled = true;
         sutProvider.GetDependency<IInstallationRepository>().GetByIdAsync(installationId).Returns(installation);
-        sutProvider.GetDependency<IPaymentService>().GetSubscriptionAsync(organization).Returns(subInfo);
+        sutProvider.GetDependency<IStripePaymentService>().GetSubscriptionAsync(organization).Returns(subInfo);
         sutProvider.GetDependency<ILicensingService>().SignLicense(Arg.Any<ILicense>()).Returns(licenseSignature);
         sutProvider.GetDependency<ILicensingService>()
             .CreateOrganizationTokenAsync(organization, installationId, subInfo)
@@ -119,7 +118,7 @@ public class GetCloudOrganizationLicenseQueryTests
         installation.Enabled = true;
         sutProvider.GetDependency<IInstallationRepository>().GetByIdAsync(installationId).Returns(installation);
         sutProvider.GetDependency<IProviderRepository>().GetByOrganizationIdAsync(organization.Id).Returns(provider);
-        sutProvider.GetDependency<IPaymentService>().GetSubscriptionAsync(provider).Returns(subInfo);
+        sutProvider.GetDependency<IStripePaymentService>().GetSubscriptionAsync(provider).Returns(subInfo);
         sutProvider.GetDependency<ILicensingService>().SignLicense(Arg.Any<ILicense>()).Returns(licenseSignature);
 
         var result = await sutProvider.Sut.GetLicenseAsync(organization, installationId);

test/Core.Test/Billing/Organizations/Queries/GetOrganizationWarningsQueryTests.cs

@@ -8,7 +8,6 @@ using Bit.Core.Billing.Organizations.Queries;
 using Bit.Core.Billing.Payment.Queries;
 using Bit.Core.Billing.Services;
 using Bit.Core.Context;
-using Bit.Core.Services;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using NSubstitute;
@@ -382,7 +381,7 @@ public class GetOrganizationWarningsQueryTests
 
         var dueDate = now.AddDays(-10);
 
-        sutProvider.GetDependency<IStripeAdapter>().InvoiceSearchAsync(Arg.Is<InvoiceSearchOptions>(options =>
+        sutProvider.GetDependency<IStripeAdapter>().SearchInvoiceAsync(Arg.Is<InvoiceSearchOptions>(options =>
             options.Query == $"subscription:'{subscriptionId}' status:'open'")).Returns([
             new Invoice { DueDate = dueDate, Created = dueDate.AddDays(-30) }
         ]);
@@ -542,7 +541,7 @@ public class GetOrganizationWarningsQueryTests
             .Returns(true);
 
         sutProvider.GetDependency<IStripeAdapter>()
-            .TaxRegistrationsListAsync(Arg.Any<RegistrationListOptions>())
+            .ListTaxRegistrationsAsync(Arg.Any<RegistrationListOptions>())
             .Returns(new StripeList<Registration>
             {
                 Data = new List<Registration>
@@ -583,7 +582,7 @@ public class GetOrganizationWarningsQueryTests
             .Returns(true);
 
         sutProvider.GetDependency<IStripeAdapter>()
-            .TaxRegistrationsListAsync(Arg.Any<RegistrationListOptions>())
+            .ListTaxRegistrationsAsync(Arg.Any<RegistrationListOptions>())
             .Returns(new StripeList<Registration>
             {
                 Data = new List<Registration>
@@ -635,7 +634,7 @@ public class GetOrganizationWarningsQueryTests
             .Returns(true);
 
         sutProvider.GetDependency<IStripeAdapter>()
-            .TaxRegistrationsListAsync(Arg.Any<RegistrationListOptions>())
+            .ListTaxRegistrationsAsync(Arg.Any<RegistrationListOptions>())
             .Returns(new StripeList<Registration>
             {
                 Data = new List<Registration>
@@ -687,7 +686,7 @@ public class GetOrganizationWarningsQueryTests
             .Returns(true);
 
         sutProvider.GetDependency<IStripeAdapter>()
-            .TaxRegistrationsListAsync(Arg.Any<RegistrationListOptions>())
+            .ListTaxRegistrationsAsync(Arg.Any<RegistrationListOptions>())
             .Returns(new StripeList<Registration>
             {
                 Data = new List<Registration>
@@ -739,7 +738,7 @@ public class GetOrganizationWarningsQueryTests
             .Returns(true);
 
         sutProvider.GetDependency<IStripeAdapter>()
-            .TaxRegistrationsListAsync(Arg.Any<RegistrationListOptions>())
+            .ListTaxRegistrationsAsync(Arg.Any<RegistrationListOptions>())
             .Returns(new StripeList<Registration>
             {
                 Data = new List<Registration>
@@ -785,7 +784,7 @@ public class GetOrganizationWarningsQueryTests
             .Returns(true);
 
         sutProvider.GetDependency<IStripeAdapter>()
-            .TaxRegistrationsListAsync(Arg.Any<RegistrationListOptions>())
+            .ListTaxRegistrationsAsync(Arg.Any<RegistrationListOptions>())
             .Returns(new StripeList<Registration>
             {
                 Data = new List<Registration>

test/Core.Test/Billing/Payment/Commands/UpdateBillingAddressCommandTests.cs

@@ -4,7 +4,6 @@ using Bit.Core.Billing.Enums;
 using Bit.Core.Billing.Payment.Commands;
 using Bit.Core.Billing.Payment.Models;
 using Bit.Core.Billing.Services;
-using Bit.Core.Services;
 using Bit.Core.Test.Billing.Extensions;
 using Microsoft.Extensions.Logging;
 using NSubstitute;
@@ -73,7 +72,7 @@ public class UpdateBillingAddressCommandTests
             }
         };
 
-        _stripeAdapter.CustomerUpdateAsync(organization.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(options =>
+        _stripeAdapter.UpdateCustomerAsync(organization.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(options =>
             options.Address.Matches(input) &&
             options.HasExpansions("subscriptions")
         )).Returns(customer);
@@ -84,7 +83,7 @@ public class UpdateBillingAddressCommandTests
         var output = result.AsT0;
         Assert.Equivalent(input, output);
 
-        await _stripeAdapter.Received(1).SubscriptionUpdateAsync(organization.GatewaySubscriptionId,
+        await _stripeAdapter.Received(1).UpdateSubscriptionAsync(organization.GatewaySubscriptionId,
             Arg.Is<SubscriptionUpdateOptions>(options => options.AutomaticTax.Enabled == true));
     }
 
@@ -131,7 +130,7 @@ public class UpdateBillingAddressCommandTests
             }
         };
 
-        _stripeAdapter.CustomerUpdateAsync(organization.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(options =>
+        _stripeAdapter.UpdateCustomerAsync(organization.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(options =>
             options.Address.Matches(input) &&
             options.HasExpansions("subscriptions")
         )).Returns(customer);
@@ -144,7 +143,7 @@ public class UpdateBillingAddressCommandTests
 
         await _subscriberService.Received(1).CreateStripeCustomer(organization);
 
-        await _stripeAdapter.Received(1).SubscriptionUpdateAsync(organization.GatewaySubscriptionId,
+        await _stripeAdapter.Received(1).UpdateSubscriptionAsync(organization.GatewaySubscriptionId,
             Arg.Is<SubscriptionUpdateOptions>(options => options.AutomaticTax.Enabled == true));
     }
 
@@ -192,7 +191,7 @@ public class UpdateBillingAddressCommandTests
             }
         };
 
-        _stripeAdapter.CustomerUpdateAsync(organization.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(options =>
+        _stripeAdapter.UpdateCustomerAsync(organization.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(options =>
             options.Address.Matches(input) &&
             options.HasExpansions("subscriptions", "tax_ids") &&
             options.TaxExempt == TaxExempt.None
@@ -204,7 +203,7 @@ public class UpdateBillingAddressCommandTests
         var output = result.AsT0;
         Assert.Equivalent(input, output);
 
-        await _stripeAdapter.Received(1).SubscriptionUpdateAsync(organization.GatewaySubscriptionId,
+        await _stripeAdapter.Received(1).UpdateSubscriptionAsync(organization.GatewaySubscriptionId,
             Arg.Is<SubscriptionUpdateOptions>(options => options.AutomaticTax.Enabled == true));
     }
 
@@ -260,7 +259,7 @@ public class UpdateBillingAddressCommandTests
             }
         };
 
-        _stripeAdapter.CustomerUpdateAsync(organization.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(options =>
+        _stripeAdapter.UpdateCustomerAsync(organization.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(options =>
             options.Address.Matches(input) &&
             options.HasExpansions("subscriptions", "tax_ids") &&
             options.TaxExempt == TaxExempt.None
@@ -272,10 +271,10 @@ public class UpdateBillingAddressCommandTests
         var output = result.AsT0;
         Assert.Equivalent(input, output);
 
-        await _stripeAdapter.Received(1).SubscriptionUpdateAsync(organization.GatewaySubscriptionId,
+        await _stripeAdapter.Received(1).UpdateSubscriptionAsync(organization.GatewaySubscriptionId,
             Arg.Is<SubscriptionUpdateOptions>(options => options.AutomaticTax.Enabled == true));
 
-        await _stripeAdapter.Received(1).TaxIdDeleteAsync(customer.Id, "tax_id_123");
+        await _stripeAdapter.Received(1).DeleteTaxIdAsync(customer.Id, "tax_id_123");
     }
 
     [Fact]
@@ -322,7 +321,7 @@ public class UpdateBillingAddressCommandTests
             }
         };
 
-        _stripeAdapter.CustomerUpdateAsync(organization.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(options =>
+        _stripeAdapter.UpdateCustomerAsync(organization.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(options =>
             options.Address.Matches(input) &&
             options.HasExpansions("subscriptions", "tax_ids") &&
             options.TaxExempt == TaxExempt.Reverse
@@ -334,7 +333,7 @@ public class UpdateBillingAddressCommandTests
         var output = result.AsT0;
         Assert.Equivalent(input, output);
 
-        await _stripeAdapter.Received(1).SubscriptionUpdateAsync(organization.GatewaySubscriptionId,
+        await _stripeAdapter.Received(1).UpdateSubscriptionAsync(organization.GatewaySubscriptionId,
             Arg.Is<SubscriptionUpdateOptions>(options => options.AutomaticTax.Enabled == true));
     }
 
@@ -384,14 +383,14 @@ public class UpdateBillingAddressCommandTests
             }
         };
 
-        _stripeAdapter.CustomerUpdateAsync(organization.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(options =>
+        _stripeAdapter.UpdateCustomerAsync(organization.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(options =>
             options.Address.Matches(input) &&
             options.HasExpansions("subscriptions", "tax_ids") &&
             options.TaxExempt == TaxExempt.Reverse
         )).Returns(customer);
 
         _stripeAdapter
-            .TaxIdCreateAsync(customer.Id,
+            .CreateTaxIdAsync(customer.Id,
                 Arg.Is<TaxIdCreateOptions>(options => options.Type == TaxIdType.EUVAT))
             .Returns(new TaxId { Type = TaxIdType.EUVAT, Value = "ESA12345678" });
 
@@ -401,10 +400,10 @@ public class UpdateBillingAddressCommandTests
         var output = result.AsT0;
         Assert.Equivalent(input with { TaxId = new TaxID(TaxIdType.EUVAT, "ESA12345678") }, output);
 
-        await _stripeAdapter.Received(1).SubscriptionUpdateAsync(organization.GatewaySubscriptionId,
+        await _stripeAdapter.Received(1).UpdateSubscriptionAsync(organization.GatewaySubscriptionId,
             Arg.Is<SubscriptionUpdateOptions>(options => options.AutomaticTax.Enabled == true));
 
-        await _stripeAdapter.Received(1).TaxIdCreateAsync(organization.GatewayCustomerId, Arg.Is<TaxIdCreateOptions>(
+        await _stripeAdapter.Received(1).CreateTaxIdAsync(organization.GatewayCustomerId, Arg.Is<TaxIdCreateOptions>(
             options => options.Type == TaxIdType.SpanishNIF &&
                        options.Value == input.TaxId.Value));
     }

test/Core.Test/Billing/Payment/Commands/UpdatePaymentMethodCommandTests.cs

@@ -4,7 +4,6 @@ using Bit.Core.Billing.Constants;
 using Bit.Core.Billing.Payment.Commands;
 using Bit.Core.Billing.Payment.Models;
 using Bit.Core.Billing.Services;
-using Bit.Core.Services;
 using Bit.Core.Settings;
 using Bit.Core.Test.Billing.Extensions;
 using Braintree;
@@ -82,7 +81,7 @@ public class UpdatePaymentMethodCommandTests
             Status = "requires_action"
         };
 
-        _stripeAdapter.SetupIntentList(Arg.Is<SetupIntentListOptions>(options =>
+        _stripeAdapter.ListSetupIntentsAsync(Arg.Is<SetupIntentListOptions>(options =>
             options.PaymentMethod == token && options.HasExpansions("data.payment_method"))).Returns([setupIntent]);
 
         var result = await _command.Run(organization,
@@ -144,7 +143,7 @@ public class UpdatePaymentMethodCommandTests
             Status = "requires_action"
         };
 
-        _stripeAdapter.SetupIntentList(Arg.Is<SetupIntentListOptions>(options =>
+        _stripeAdapter.ListSetupIntentsAsync(Arg.Is<SetupIntentListOptions>(options =>
             options.PaymentMethod == token && options.HasExpansions("data.payment_method"))).Returns([setupIntent]);
 
         var result = await _command.Run(organization,
@@ -213,7 +212,7 @@ public class UpdatePaymentMethodCommandTests
             Status = "requires_action"
         };
 
-        _stripeAdapter.SetupIntentList(Arg.Is<SetupIntentListOptions>(options =>
+        _stripeAdapter.ListSetupIntentsAsync(Arg.Is<SetupIntentListOptions>(options =>
             options.PaymentMethod == token && options.HasExpansions("data.payment_method"))).Returns([setupIntent]);
 
         var result = await _command.Run(organization,
@@ -232,7 +231,7 @@ public class UpdatePaymentMethodCommandTests
         Assert.Equal("https://example.com", maskedBankAccount.HostedVerificationUrl);
 
         await _setupIntentCache.Received(1).Set(organization.Id, setupIntent.Id);
-        await _stripeAdapter.Received(1).CustomerUpdateAsync(customer.Id, Arg.Is<CustomerUpdateOptions>(options =>
+        await _stripeAdapter.Received(1).UpdateCustomerAsync(customer.Id, Arg.Is<CustomerUpdateOptions>(options =>
             options.Metadata[MetadataKeys.BraintreeCustomerId] == string.Empty &&
             options.Metadata[MetadataKeys.RetiredBraintreeCustomerId] == "braintree_customer_id"));
     }
@@ -262,7 +261,7 @@ public class UpdatePaymentMethodCommandTests
         const string token = "TOKEN";
 
         _stripeAdapter
-            .PaymentMethodAttachAsync(token,
+            .AttachPaymentMethodAsync(token,
                 Arg.Is<PaymentMethodAttachOptions>(options => options.Customer == customer.Id))
             .Returns(new PaymentMethod
             {
@@ -291,7 +290,7 @@ public class UpdatePaymentMethodCommandTests
         Assert.Equal("9999", maskedCard.Last4);
         Assert.Equal("01/2028", maskedCard.Expiration);
 
-        await _stripeAdapter.Received(1).CustomerUpdateAsync(customer.Id,
+        await _stripeAdapter.Received(1).UpdateCustomerAsync(customer.Id,
             Arg.Is<CustomerUpdateOptions>(options => options.InvoiceSettings.DefaultPaymentMethod == token));
     }
 
@@ -315,7 +314,7 @@ public class UpdatePaymentMethodCommandTests
         const string token = "TOKEN";
 
         _stripeAdapter
-            .PaymentMethodAttachAsync(token,
+            .AttachPaymentMethodAsync(token,
                 Arg.Is<PaymentMethodAttachOptions>(options => options.Customer == customer.Id))
             .Returns(new PaymentMethod
             {
@@ -344,10 +343,10 @@ public class UpdatePaymentMethodCommandTests
         Assert.Equal("9999", maskedCard.Last4);
         Assert.Equal("01/2028", maskedCard.Expiration);
 
-        await _stripeAdapter.Received(1).CustomerUpdateAsync(customer.Id,
+        await _stripeAdapter.Received(1).UpdateCustomerAsync(customer.Id,
             Arg.Is<CustomerUpdateOptions>(options => options.InvoiceSettings.DefaultPaymentMethod == token));
 
-        await _stripeAdapter.Received(1).CustomerUpdateAsync(customer.Id,
+        await _stripeAdapter.Received(1).UpdateCustomerAsync(customer.Id,
             Arg.Is<CustomerUpdateOptions>(options => options.Address.Country == "US" && options.Address.PostalCode == "12345"));
     }
 
@@ -468,7 +467,7 @@ public class UpdatePaymentMethodCommandTests
         var maskedPayPalAccount = maskedPaymentMethod.AsT2;
         Assert.Equal("user@gmail.com", maskedPayPalAccount.Email);
 
-        await _stripeAdapter.Received(1).CustomerUpdateAsync(customer.Id,
+        await _stripeAdapter.Received(1).UpdateCustomerAsync(customer.Id,
             Arg.Is<CustomerUpdateOptions>(options =>
                 options.Metadata[MetadataKeys.BraintreeCustomerId] == "braintree_customer_id"));
     }

test/Core.Test/Billing/Payment/Queries/GetPaymentMethodQueryTests.cs

@@ -3,7 +3,6 @@ using Bit.Core.Billing.Caches;
 using Bit.Core.Billing.Constants;
 using Bit.Core.Billing.Payment.Queries;
 using Bit.Core.Billing.Services;
-using Bit.Core.Services;
 using Bit.Core.Test.Billing.Extensions;
 using Braintree;
 using Microsoft.Extensions.Logging;
@@ -166,7 +165,7 @@ public class GetPaymentMethodQueryTests
         _setupIntentCache.GetSetupIntentIdForSubscriber(organization.Id).Returns("seti_123");
 
         _stripeAdapter
-            .SetupIntentGet("seti_123",
+            .GetSetupIntentAsync("seti_123",
                 Arg.Is<SetupIntentGetOptions>(options => options.HasExpansions("payment_method"))).Returns(
                 new SetupIntent
                 {

test/Core.Test/Billing/Payment/Queries/HasPaymentMethodQueryTests.cs

@@ -3,7 +3,6 @@ using Bit.Core.Billing.Caches;
 using Bit.Core.Billing.Constants;
 using Bit.Core.Billing.Payment.Queries;
 using Bit.Core.Billing.Services;
-using Bit.Core.Services;
 using Bit.Core.Test.Billing.Extensions;
 using NSubstitute;
 using NSubstitute.ReturnsExtensions;
@@ -57,7 +56,7 @@ public class HasPaymentMethodQueryTests
         _setupIntentCache.GetSetupIntentIdForSubscriber(organization.Id).Returns("seti_123");
 
         _stripeAdapter
-            .SetupIntentGet("seti_123",
+            .GetSetupIntentAsync("seti_123",
                 Arg.Is<SetupIntentGetOptions>(options => options.HasExpansions("payment_method")))
             .Returns(new SetupIntent
             {
@@ -162,7 +161,7 @@ public class HasPaymentMethodQueryTests
         _setupIntentCache.GetSetupIntentIdForSubscriber(organization.Id).Returns("seti_123");
 
         _stripeAdapter
-            .SetupIntentGet("seti_123",
+            .GetSetupIntentAsync("seti_123",
                 Arg.Is<SetupIntentGetOptions>(options => options.HasExpansions("payment_method")))
             .Returns(new SetupIntent
             {
@@ -246,7 +245,7 @@ public class HasPaymentMethodQueryTests
         _setupIntentCache.GetSetupIntentIdForSubscriber(organization.Id).Returns("seti_123");
 
         _stripeAdapter
-            .SetupIntentGet("seti_123",
+            .GetSetupIntentAsync("seti_123",
                 Arg.Is<SetupIntentGetOptions>(options => options.HasExpansions("payment_method")))
             .Returns(new SetupIntent
             {

test/Core.Test/Billing/Premium/Commands/CreatePremiumCloudHostedSubscriptionCommandTests.cs

@@ -146,11 +146,11 @@ public class CreatePremiumCloudHostedSubscriptionCommandTests
         var mockSetupIntent = Substitute.For<SetupIntent>();
         mockSetupIntent.Id = "seti_123";
 
-        _stripeAdapter.CustomerCreateAsync(Arg.Any<CustomerCreateOptions>()).Returns(mockCustomer);
-        _stripeAdapter.CustomerUpdateAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>()).Returns(mockCustomer);
-        _stripeAdapter.SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
-        _stripeAdapter.InvoiceUpdateAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
-        _stripeAdapter.SetupIntentList(Arg.Any<SetupIntentListOptions>()).Returns(Task.FromResult(new List<SetupIntent> { mockSetupIntent }));
+        _stripeAdapter.CreateCustomerAsync(Arg.Any<CustomerCreateOptions>()).Returns(mockCustomer);
+        _stripeAdapter.UpdateCustomerAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>()).Returns(mockCustomer);
+        _stripeAdapter.CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
+        _stripeAdapter.UpdateInvoiceAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
+        _stripeAdapter.ListSetupIntentsAsync(Arg.Any<SetupIntentListOptions>()).Returns(Task.FromResult(new List<SetupIntent> { mockSetupIntent }));
         _subscriberService.GetCustomerOrThrow(Arg.Any<User>(), Arg.Any<CustomerGetOptions>()).Returns(mockCustomer);
 
         // Act
@@ -158,8 +158,8 @@ public class CreatePremiumCloudHostedSubscriptionCommandTests
 
         // Assert
         Assert.True(result.IsT0);
-        await _stripeAdapter.Received(1).CustomerCreateAsync(Arg.Any<CustomerCreateOptions>());
-        await _stripeAdapter.Received(1).SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>());
+        await _stripeAdapter.Received(1).CreateCustomerAsync(Arg.Any<CustomerCreateOptions>());
+        await _stripeAdapter.Received(1).CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>());
         await _userService.Received(1).SaveUserAsync(user);
         await _pushNotificationService.Received(1).PushSyncVaultAsync(user.Id);
     }
@@ -200,10 +200,10 @@ public class CreatePremiumCloudHostedSubscriptionCommandTests
 
         var mockInvoice = Substitute.For<Invoice>();
 
-        _stripeAdapter.CustomerCreateAsync(Arg.Any<CustomerCreateOptions>()).Returns(mockCustomer);
-        _stripeAdapter.CustomerUpdateAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>()).Returns(mockCustomer);
-        _stripeAdapter.SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
-        _stripeAdapter.InvoiceUpdateAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
+        _stripeAdapter.CreateCustomerAsync(Arg.Any<CustomerCreateOptions>()).Returns(mockCustomer);
+        _stripeAdapter.UpdateCustomerAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>()).Returns(mockCustomer);
+        _stripeAdapter.CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
+        _stripeAdapter.UpdateInvoiceAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
         _subscriberService.GetCustomerOrThrow(Arg.Any<User>(), Arg.Any<CustomerGetOptions>()).Returns(mockCustomer);
 
         // Act
@@ -211,8 +211,8 @@ public class CreatePremiumCloudHostedSubscriptionCommandTests
 
         // Assert
         Assert.True(result.IsT0);
-        await _stripeAdapter.Received(1).CustomerCreateAsync(Arg.Any<CustomerCreateOptions>());
-        await _stripeAdapter.Received(1).SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>());
+        await _stripeAdapter.Received(1).CreateCustomerAsync(Arg.Any<CustomerCreateOptions>());
+        await _stripeAdapter.Received(1).CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>());
         await _userService.Received(1).SaveUserAsync(user);
         await _pushNotificationService.Received(1).PushSyncVaultAsync(user.Id);
     }
@@ -243,10 +243,10 @@ public class CreatePremiumCloudHostedSubscriptionCommandTests
 
         var mockInvoice = Substitute.For<Invoice>();
 
-        _stripeAdapter.CustomerCreateAsync(Arg.Any<CustomerCreateOptions>()).Returns(mockCustomer);
-        _stripeAdapter.CustomerUpdateAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>()).Returns(mockCustomer);
-        _stripeAdapter.SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
-        _stripeAdapter.InvoiceUpdateAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
+        _stripeAdapter.CreateCustomerAsync(Arg.Any<CustomerCreateOptions>()).Returns(mockCustomer);
+        _stripeAdapter.UpdateCustomerAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>()).Returns(mockCustomer);
+        _stripeAdapter.CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
+        _stripeAdapter.UpdateInvoiceAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
         _subscriberService.GetCustomerOrThrow(Arg.Any<User>(), Arg.Any<CustomerGetOptions>()).Returns(mockCustomer);
         _subscriberService.CreateBraintreeCustomer(Arg.Any<User>(), Arg.Any<string>()).Returns("bt_customer_123");
 
@@ -255,8 +255,8 @@ public class CreatePremiumCloudHostedSubscriptionCommandTests
 
         // Assert
         Assert.True(result.IsT0);
-        await _stripeAdapter.Received(1).CustomerCreateAsync(Arg.Any<CustomerCreateOptions>());
-        await _stripeAdapter.Received(1).SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>());
+        await _stripeAdapter.Received(1).CreateCustomerAsync(Arg.Any<CustomerCreateOptions>());
+        await _stripeAdapter.Received(1).CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>());
         await _subscriberService.Received(1).CreateBraintreeCustomer(user, paymentMethod.Token);
         await _userService.Received(1).SaveUserAsync(user);
         await _pushNotificationService.Received(1).PushSyncVaultAsync(user.Id);
@@ -299,10 +299,10 @@ public class CreatePremiumCloudHostedSubscriptionCommandTests
 
         var mockInvoice = Substitute.For<Invoice>();
 
-        _stripeAdapter.CustomerCreateAsync(Arg.Any<CustomerCreateOptions>()).Returns(mockCustomer);
-        _stripeAdapter.CustomerUpdateAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>()).Returns(mockCustomer);
-        _stripeAdapter.SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
-        _stripeAdapter.InvoiceUpdateAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
+        _stripeAdapter.CreateCustomerAsync(Arg.Any<CustomerCreateOptions>()).Returns(mockCustomer);
+        _stripeAdapter.UpdateCustomerAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>()).Returns(mockCustomer);
+        _stripeAdapter.CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
+        _stripeAdapter.UpdateInvoiceAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
         _subscriberService.GetCustomerOrThrow(Arg.Any<User>(), Arg.Any<CustomerGetOptions>()).Returns(mockCustomer);
 
         // Act
@@ -356,8 +356,8 @@ public class CreatePremiumCloudHostedSubscriptionCommandTests
         // Mock that the user has a payment method (this is the key difference from the credit purchase case)
         _hasPaymentMethodQuery.Run(Arg.Any<User>()).Returns(true);
         _subscriberService.GetCustomerOrThrow(Arg.Any<User>(), Arg.Any<CustomerGetOptions>()).Returns(mockCustomer);
-        _stripeAdapter.SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
-        _stripeAdapter.InvoiceUpdateAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
+        _stripeAdapter.CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
+        _stripeAdapter.UpdateInvoiceAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
 
         // Act
         var result = await _command.Run(user, paymentMethod, billingAddress, 0);
@@ -365,7 +365,7 @@ public class CreatePremiumCloudHostedSubscriptionCommandTests
         // Assert
         Assert.True(result.IsT0);
         await _subscriberService.Received(1).GetCustomerOrThrow(Arg.Any<User>(), Arg.Any<CustomerGetOptions>());
-        await _stripeAdapter.DidNotReceive().CustomerCreateAsync(Arg.Any<CustomerCreateOptions>());
+        await _stripeAdapter.DidNotReceive().CreateCustomerAsync(Arg.Any<CustomerCreateOptions>());
         await _updatePaymentMethodCommand.DidNotReceive().Run(Arg.Any<User>(), Arg.Any<TokenizedPaymentMethod>(), Arg.Any<BillingAddress>());
     }
 
@@ -415,8 +415,8 @@ public class CreatePremiumCloudHostedSubscriptionCommandTests
         _updatePaymentMethodCommand.Run(Arg.Any<User>(), Arg.Any<TokenizedPaymentMethod>(), Arg.Any<BillingAddress>())
             .Returns(mockMaskedPaymentMethod);
         _subscriberService.GetCustomerOrThrow(Arg.Any<User>(), Arg.Any<CustomerGetOptions>()).Returns(mockCustomer);
-        _stripeAdapter.SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
-        _stripeAdapter.InvoiceUpdateAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
+        _stripeAdapter.CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
+        _stripeAdapter.UpdateInvoiceAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
 
         // Act
         var result = await _command.Run(user, paymentMethod, billingAddress, 0);
@@ -428,9 +428,9 @@ public class CreatePremiumCloudHostedSubscriptionCommandTests
         // Verify GetCustomerOrThrow was called after updating payment method
         await _subscriberService.Received(1).GetCustomerOrThrow(Arg.Any<User>(), Arg.Any<CustomerGetOptions>());
         // Verify no new customer was created
-        await _stripeAdapter.DidNotReceive().CustomerCreateAsync(Arg.Any<CustomerCreateOptions>());
+        await _stripeAdapter.DidNotReceive().CreateCustomerAsync(Arg.Any<CustomerCreateOptions>());
         // Verify subscription was created
-        await _stripeAdapter.Received(1).SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>());
+        await _stripeAdapter.Received(1).CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>());
         // Verify user was updated correctly
         Assert.True(user.Premium);
         await _userService.Received(1).SaveUserAsync(user);
@@ -474,10 +474,10 @@ public class CreatePremiumCloudHostedSubscriptionCommandTests
 
         var mockInvoice = Substitute.For<Invoice>();
 
-        _stripeAdapter.CustomerCreateAsync(Arg.Any<CustomerCreateOptions>()).Returns(mockCustomer);
-        _stripeAdapter.CustomerUpdateAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>()).Returns(mockCustomer);
-        _stripeAdapter.SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
-        _stripeAdapter.InvoiceUpdateAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
+        _stripeAdapter.CreateCustomerAsync(Arg.Any<CustomerCreateOptions>()).Returns(mockCustomer);
+        _stripeAdapter.UpdateCustomerAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>()).Returns(mockCustomer);
+        _stripeAdapter.CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
+        _stripeAdapter.UpdateInvoiceAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
         _subscriberService.CreateBraintreeCustomer(Arg.Any<User>(), Arg.Any<string>()).Returns("bt_customer_123");
 
         // Act
@@ -525,10 +525,10 @@ public class CreatePremiumCloudHostedSubscriptionCommandTests
 
         var mockInvoice = Substitute.For<Invoice>();
 
-        _stripeAdapter.CustomerCreateAsync(Arg.Any<CustomerCreateOptions>()).Returns(mockCustomer);
-        _stripeAdapter.CustomerUpdateAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>()).Returns(mockCustomer);
-        _stripeAdapter.SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
-        _stripeAdapter.InvoiceUpdateAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
+        _stripeAdapter.CreateCustomerAsync(Arg.Any<CustomerCreateOptions>()).Returns(mockCustomer);
+        _stripeAdapter.UpdateCustomerAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>()).Returns(mockCustomer);
+        _stripeAdapter.CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
+        _stripeAdapter.UpdateInvoiceAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
         _subscriberService.GetCustomerOrThrow(Arg.Any<User>(), Arg.Any<CustomerGetOptions>()).Returns(mockCustomer);
 
         // Act
@@ -577,10 +577,10 @@ public class CreatePremiumCloudHostedSubscriptionCommandTests
 
         var mockInvoice = Substitute.For<Invoice>();
 
-        _stripeAdapter.CustomerCreateAsync(Arg.Any<CustomerCreateOptions>()).Returns(mockCustomer);
-        _stripeAdapter.CustomerUpdateAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>()).Returns(mockCustomer);
-        _stripeAdapter.SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
-        _stripeAdapter.InvoiceUpdateAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
+        _stripeAdapter.CreateCustomerAsync(Arg.Any<CustomerCreateOptions>()).Returns(mockCustomer);
+        _stripeAdapter.UpdateCustomerAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>()).Returns(mockCustomer);
+        _stripeAdapter.CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
+        _stripeAdapter.UpdateInvoiceAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
         _subscriberService.CreateBraintreeCustomer(Arg.Any<User>(), Arg.Any<string>()).Returns("bt_customer_123");
 
         // Act
@@ -628,13 +628,13 @@ public class CreatePremiumCloudHostedSubscriptionCommandTests
 
         var mockInvoice = Substitute.For<Invoice>();
 
-        _stripeAdapter.CustomerCreateAsync(Arg.Any<CustomerCreateOptions>()).Returns(mockCustomer);
-        _stripeAdapter.CustomerUpdateAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>()).Returns(mockCustomer);
-        _stripeAdapter.SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
-        _stripeAdapter.InvoiceUpdateAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
+        _stripeAdapter.CreateCustomerAsync(Arg.Any<CustomerCreateOptions>()).Returns(mockCustomer);
+        _stripeAdapter.UpdateCustomerAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>()).Returns(mockCustomer);
+        _stripeAdapter.CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
+        _stripeAdapter.UpdateInvoiceAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
         _subscriberService.GetCustomerOrThrow(Arg.Any<User>(), Arg.Any<CustomerGetOptions>()).Returns(mockCustomer);
 
-        _stripeAdapter.SetupIntentList(Arg.Any<SetupIntentListOptions>())
+        _stripeAdapter.ListSetupIntentsAsync(Arg.Any<SetupIntentListOptions>())
             .Returns(Task.FromResult(new List<SetupIntent>())); // Empty list - no setup intent found
 
         // Act
@@ -681,8 +681,8 @@ public class CreatePremiumCloudHostedSubscriptionCommandTests
         var mockInvoice = Substitute.For<Invoice>();
 
         _subscriberService.GetCustomerOrThrow(Arg.Any<User>(), Arg.Any<CustomerGetOptions>()).Returns(mockCustomer);
-        _stripeAdapter.SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
-        _stripeAdapter.InvoiceUpdateAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
+        _stripeAdapter.CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
+        _stripeAdapter.UpdateInvoiceAsync(Arg.Any<string>(), Arg.Any<InvoiceUpdateOptions>()).Returns(mockInvoice);
 
         // Act
         var result = await _command.Run(user, paymentMethod, billingAddress, 0);
@@ -690,7 +690,7 @@ public class CreatePremiumCloudHostedSubscriptionCommandTests
         // Assert
         Assert.True(result.IsT0);
         await _subscriberService.Received(1).GetCustomerOrThrow(Arg.Any<User>(), Arg.Any<CustomerGetOptions>());
-        await _stripeAdapter.DidNotReceive().CustomerCreateAsync(Arg.Any<CustomerCreateOptions>());
+        await _stripeAdapter.DidNotReceive().CreateCustomerAsync(Arg.Any<CustomerCreateOptions>());
         Assert.True(user.Premium);
         Assert.Equal(mockSubscription.GetCurrentPeriodEnd(), user.PremiumExpirationDate);
     }
@@ -716,8 +716,8 @@ public class CreatePremiumCloudHostedSubscriptionCommandTests
         Assert.True(result.IsT3); // Assuming T3 is the Unhandled result
         Assert.IsType<BillingException>(result.AsT3.Exception);
         // Verify no customer was created or subscription attempted
-        await _stripeAdapter.DidNotReceive().CustomerCreateAsync(Arg.Any<CustomerCreateOptions>());
-        await _stripeAdapter.DidNotReceive().SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>());
+        await _stripeAdapter.DidNotReceive().CreateCustomerAsync(Arg.Any<CustomerCreateOptions>());
+        await _stripeAdapter.DidNotReceive().CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>());
         await _userService.DidNotReceive().SaveUserAsync(Arg.Any<User>());
     }
 
@@ -767,8 +767,8 @@ public class CreatePremiumCloudHostedSubscriptionCommandTests
             ]
         };
 
-        _stripeAdapter.CustomerCreateAsync(Arg.Any<CustomerCreateOptions>()).Returns(mockCustomer);
-        _stripeAdapter.SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
+        _stripeAdapter.CreateCustomerAsync(Arg.Any<CustomerCreateOptions>()).Returns(mockCustomer);
+        _stripeAdapter.CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(mockSubscription);
 
         // Act
         var result = await _command.Run(user, paymentMethod, billingAddress, additionalStorage);

test/Core.Test/Billing/Premium/Commands/PreviewPremiumTaxCommandTests.cs

@@ -1,7 +1,7 @@
 using Bit.Core.Billing.Payment.Models;
 using Bit.Core.Billing.Premium.Commands;
 using Bit.Core.Billing.Pricing;
-using Bit.Core.Services;
+using Bit.Core.Billing.Services;
 using Microsoft.Extensions.Logging;
 using NSubstitute;
 using Stripe;
@@ -50,7 +50,7 @@ public class PreviewPremiumTaxCommandTests
             Total = 3300
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(0, billingAddress);
 
@@ -59,7 +59,7 @@ public class PreviewPremiumTaxCommandTests
         Assert.Equal(3.00m, tax);
         Assert.Equal(33.00m, total);
 
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "US" &&
@@ -84,7 +84,7 @@ public class PreviewPremiumTaxCommandTests
             Total = 5500
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(5, billingAddress);
 
@@ -93,7 +93,7 @@ public class PreviewPremiumTaxCommandTests
         Assert.Equal(5.00m, tax);
         Assert.Equal(55.00m, total);
 
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "CA" &&
@@ -120,7 +120,7 @@ public class PreviewPremiumTaxCommandTests
             Total = 2750
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(0, billingAddress);
 
@@ -129,7 +129,7 @@ public class PreviewPremiumTaxCommandTests
         Assert.Equal(2.50m, tax);
         Assert.Equal(27.50m, total);
 
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "GB" &&
@@ -154,7 +154,7 @@ public class PreviewPremiumTaxCommandTests
             Total = 8800
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(20, billingAddress);
 
@@ -163,7 +163,7 @@ public class PreviewPremiumTaxCommandTests
         Assert.Equal(8.00m, tax);
         Assert.Equal(88.00m, total);
 
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "DE" &&
@@ -190,7 +190,7 @@ public class PreviewPremiumTaxCommandTests
             Total = 4950
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(10, billingAddress);
 
@@ -199,7 +199,7 @@ public class PreviewPremiumTaxCommandTests
         Assert.Equal(4.50m, tax);
         Assert.Equal(49.50m, total);
 
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "AU" &&
@@ -226,7 +226,7 @@ public class PreviewPremiumTaxCommandTests
             Total = 3000
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(0, billingAddress);
 
@@ -235,7 +235,7 @@ public class PreviewPremiumTaxCommandTests
         Assert.Equal(0.00m, tax);
         Assert.Equal(30.00m, total);
 
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "US" &&
@@ -260,7 +260,7 @@ public class PreviewPremiumTaxCommandTests
             Total = 6600
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(-5, billingAddress);
 
@@ -269,7 +269,7 @@ public class PreviewPremiumTaxCommandTests
         Assert.Equal(6.00m, tax);
         Assert.Equal(66.00m, total);
 
-        await _stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
+        await _stripeAdapter.Received(1).CreateInvoicePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
             options.AutomaticTax.Enabled == true &&
             options.Currency == "usd" &&
             options.CustomerDetails.Address.Country == "FR" &&
@@ -295,7 +295,7 @@ public class PreviewPremiumTaxCommandTests
             Total = 3123 // $31.23
         };
 
-        _stripeAdapter.InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
+        _stripeAdapter.CreateInvoicePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>()).Returns(invoice);
 
         var result = await _command.Run(0, billingAddress);
 

test/Core.Test/Billing/Premium/Queries/HasPremiumAccessQueryTests.cs

@@ -0,0 +1,234 @@
+using Bit.Core.Billing.Premium.Models;
+using Bit.Core.Billing.Premium.Queries;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.Billing.Premium.Queries;
+
+[SutProviderCustomize]
+public class HasPremiumAccessQueryTests
+{
+    [Theory, BitAutoData]
+    public async Task HasPremiumAccessAsync_WhenUserHasPersonalPremium_ReturnsTrue(
+        UserPremiumAccess user,
+        SutProvider<HasPremiumAccessQuery> sutProvider)
+    {
+        // Arrange
+        user.PersonalPremium = true;
+        user.OrganizationPremium = false;
+
+        sutProvider.GetDependency<IUserRepository>()
+            .GetPremiumAccessAsync(user.Id)
+            .Returns(user);
+
+        // Act
+        var result = await sutProvider.Sut.HasPremiumAccessAsync(user.Id);
+
+        // Assert
+        Assert.True(result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task HasPremiumAccessAsync_WhenUserHasNoPersonalPremiumButHasOrgPremium_ReturnsTrue(
+        UserPremiumAccess user,
+        SutProvider<HasPremiumAccessQuery> sutProvider)
+    {
+        // Arrange
+        user.PersonalPremium = false;
+        user.OrganizationPremium = true; // Has org premium
+
+        sutProvider.GetDependency<IUserRepository>()
+            .GetPremiumAccessAsync(user.Id)
+            .Returns(user);
+
+        // Act
+        var result = await sutProvider.Sut.HasPremiumAccessAsync(user.Id);
+
+        // Assert
+        Assert.True(result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task HasPremiumAccessAsync_WhenUserHasNoPersonalPremiumAndNoOrgPremium_ReturnsFalse(
+        UserPremiumAccess user,
+        SutProvider<HasPremiumAccessQuery> sutProvider)
+    {
+        // Arrange
+        user.PersonalPremium = false;
+        user.OrganizationPremium = false;
+
+        sutProvider.GetDependency<IUserRepository>()
+            .GetPremiumAccessAsync(user.Id)
+            .Returns(user);
+
+        // Act
+        var result = await sutProvider.Sut.HasPremiumAccessAsync(user.Id);
+
+        // Assert
+        Assert.False(result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task HasPremiumAccessAsync_WhenUserNotFound_ThrowsNotFoundException(
+        Guid userId,
+        SutProvider<HasPremiumAccessQuery> sutProvider)
+    {
+        // Arrange
+        sutProvider.GetDependency<IUserRepository>()
+            .GetPremiumAccessAsync(userId)
+            .Returns((UserPremiumAccess?)null);
+
+        // Act & Assert
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.HasPremiumAccessAsync(userId));
+    }
+
+    [Theory, BitAutoData]
+    public async Task HasPremiumFromOrganizationAsync_WhenUserHasNoOrganizations_ReturnsFalse(
+        UserPremiumAccess user,
+        SutProvider<HasPremiumAccessQuery> sutProvider)
+    {
+        // Arrange
+        user.PersonalPremium = false;
+        user.OrganizationPremium = false; // No premium from anywhere
+
+        sutProvider.GetDependency<IUserRepository>()
+            .GetPremiumAccessAsync(user.Id)
+            .Returns(user);
+
+        // Act
+        var result = await sutProvider.Sut.HasPremiumFromOrganizationAsync(user.Id);
+
+        // Assert
+        Assert.False(result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task HasPremiumFromOrganizationAsync_WhenUserHasPremiumFromOrg_ReturnsTrue(
+        UserPremiumAccess user,
+        SutProvider<HasPremiumAccessQuery> sutProvider)
+    {
+        // Arrange
+        user.PersonalPremium = false; // No personal premium
+        user.OrganizationPremium = true; // But has premium from org
+
+        sutProvider.GetDependency<IUserRepository>()
+            .GetPremiumAccessAsync(user.Id)
+            .Returns(user);
+
+        // Act
+        var result = await sutProvider.Sut.HasPremiumFromOrganizationAsync(user.Id);
+
+        // Assert
+        Assert.True(result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task HasPremiumFromOrganizationAsync_WhenUserHasOnlyPersonalPremium_ReturnsFalse(
+        UserPremiumAccess user,
+        SutProvider<HasPremiumAccessQuery> sutProvider)
+    {
+        // Arrange
+        user.PersonalPremium = true; // Has personal premium
+        user.OrganizationPremium = false; // Not in any org that grants premium
+
+        sutProvider.GetDependency<IUserRepository>()
+            .GetPremiumAccessAsync(user.Id)
+            .Returns(user);
+
+        // Act
+        var result = await sutProvider.Sut.HasPremiumFromOrganizationAsync(user.Id);
+
+        // Assert
+        Assert.False(result); // Should return false because user is not in an org that grants premium
+    }
+
+    [Theory, BitAutoData]
+    public async Task HasPremiumFromOrganizationAsync_WhenUserHasBothPersonalAndOrgPremium_ReturnsTrue(
+        UserPremiumAccess user,
+        SutProvider<HasPremiumAccessQuery> sutProvider)
+    {
+        // Arrange
+        user.PersonalPremium = true; // Has personal premium
+        user.OrganizationPremium = true; // Also in an org that grants premium
+
+        sutProvider.GetDependency<IUserRepository>()
+            .GetPremiumAccessAsync(user.Id)
+            .Returns(user);
+
+        // Act
+        var result = await sutProvider.Sut.HasPremiumFromOrganizationAsync(user.Id);
+
+        // Assert
+        Assert.True(result); // Should return true because user IS in an org that grants premium (regardless of personal premium)
+    }
+
+    [Theory, BitAutoData]
+    public async Task HasPremiumFromOrganizationAsync_WhenUserNotFound_ThrowsNotFoundException(
+        Guid userId,
+        SutProvider<HasPremiumAccessQuery> sutProvider)
+    {
+        // Arrange
+        sutProvider.GetDependency<IUserRepository>()
+            .GetPremiumAccessAsync(userId)
+            .Returns((UserPremiumAccess?)null);
+
+        // Act & Assert
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.HasPremiumFromOrganizationAsync(userId));
+    }
+
+    [Theory, BitAutoData]
+    public async Task HasPremiumAccessAsync_Bulk_WhenEmptyList_ReturnsEmptyDictionary(
+        SutProvider<HasPremiumAccessQuery> sutProvider)
+    {
+        // Arrange
+        var userIds = new List<Guid>();
+
+        sutProvider.GetDependency<IUserRepository>()
+            .GetPremiumAccessByIdsAsync(userIds)
+            .Returns(new List<UserPremiumAccess>());
+
+        // Act
+        var result = await sutProvider.Sut.HasPremiumAccessAsync(userIds);
+
+        // Assert
+        Assert.Empty(result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task HasPremiumAccessAsync_Bulk_ReturnsCorrectStatus(
+        UserPremiumAccess user1,
+        UserPremiumAccess user2,
+        UserPremiumAccess user3,
+        SutProvider<HasPremiumAccessQuery> sutProvider)
+    {
+        // Arrange
+        user1.PersonalPremium = true;
+        user1.OrganizationPremium = false;
+        user2.PersonalPremium = false;
+        user2.OrganizationPremium = false;
+        user3.PersonalPremium = false;
+        user3.OrganizationPremium = true;
+
+        var users = new List<UserPremiumAccess> { user1, user2, user3 };
+        var userIds = users.Select(u => u.Id).ToList();
+
+        sutProvider.GetDependency<IUserRepository>()
+            .GetPremiumAccessByIdsAsync(Arg.Is<IEnumerable<Guid>>(ids => ids.SequenceEqual(userIds)))
+            .Returns(users);
+
+        // Act
+        var result = await sutProvider.Sut.HasPremiumAccessAsync(userIds);
+
+        // Assert
+        Assert.Equal(3, result.Count);
+        Assert.True(result[user1.Id]);  // Personal premium
+        Assert.False(result[user2.Id]); // No premium
+        Assert.True(result[user3.Id]);  // Organization premium
+    }
+}

test/Core.Test/Billing/Services/OrganizationBillingServiceTests.cs

@@ -1,5 +1,4 @@
 using Bit.Core.AdminConsole.Entities;
-using Bit.Core.Billing;
 using Bit.Core.Billing.Constants;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Billing.Models.Sales;
@@ -10,7 +9,6 @@ using Bit.Core.Billing.Pricing;
 using Bit.Core.Billing.Services;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Repositories;
-using Bit.Core.Services;
 using Bit.Core.Test.Billing.Mocks;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
@@ -179,7 +177,7 @@ public class OrganizationBillingServiceTests
 
         SubscriptionCreateOptions capturedOptions = null;
         sutProvider.GetDependency<IStripeAdapter>()
-            .SubscriptionCreateAsync(Arg.Do<SubscriptionCreateOptions>(options => capturedOptions = options))
+            .CreateSubscriptionAsync(Arg.Do<SubscriptionCreateOptions>(options => capturedOptions = options))
             .Returns(new Subscription
             {
                 Id = "sub_test123",
@@ -196,7 +194,7 @@ public class OrganizationBillingServiceTests
         // Assert
         await sutProvider.GetDependency<IStripeAdapter>()
             .Received(1)
-            .SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>());
+            .CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>());
 
         Assert.NotNull(capturedOptions);
         Assert.Equal(7, capturedOptions.TrialPeriodDays);
@@ -255,7 +253,7 @@ public class OrganizationBillingServiceTests
 
         SubscriptionCreateOptions capturedOptions = null;
         sutProvider.GetDependency<IStripeAdapter>()
-            .SubscriptionCreateAsync(Arg.Do<SubscriptionCreateOptions>(options => capturedOptions = options))
+            .CreateSubscriptionAsync(Arg.Do<SubscriptionCreateOptions>(options => capturedOptions = options))
             .Returns(new Subscription
             {
                 Id = "sub_test123",
@@ -272,7 +270,7 @@ public class OrganizationBillingServiceTests
         // Assert
         await sutProvider.GetDependency<IStripeAdapter>()
             .Received(1)
-            .SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>());
+            .CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>());
 
         Assert.NotNull(capturedOptions);
         Assert.Equal(0, capturedOptions.TrialPeriodDays);
@@ -329,7 +327,7 @@ public class OrganizationBillingServiceTests
 
         SubscriptionCreateOptions capturedOptions = null;
         sutProvider.GetDependency<IStripeAdapter>()
-            .SubscriptionCreateAsync(Arg.Do<SubscriptionCreateOptions>(options => capturedOptions = options))
+            .CreateSubscriptionAsync(Arg.Do<SubscriptionCreateOptions>(options => capturedOptions = options))
             .Returns(new Subscription
             {
                 Id = "sub_test123",
@@ -346,7 +344,7 @@ public class OrganizationBillingServiceTests
         // Assert
         await sutProvider.GetDependency<IStripeAdapter>()
             .Received(1)
-            .SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>());
+            .CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>());
 
         Assert.NotNull(capturedOptions);
         Assert.Equal(7, capturedOptions.TrialPeriodDays);
@@ -364,7 +362,7 @@ public class OrganizationBillingServiceTests
 
         CustomerUpdateOptions capturedOptions = null;
         sutProvider.GetDependency<IStripeAdapter>()
-            .CustomerUpdateAsync(
+            .UpdateCustomerAsync(
                 Arg.Is<string>(id => id == organization.GatewayCustomerId),
                 Arg.Do<CustomerUpdateOptions>(options => capturedOptions = options))
             .Returns(new Customer());
@@ -375,7 +373,7 @@ public class OrganizationBillingServiceTests
         // Assert
         await sutProvider.GetDependency<IStripeAdapter>()
             .Received(1)
-            .CustomerUpdateAsync(
+            .UpdateCustomerAsync(
                 organization.GatewayCustomerId,
                 Arg.Any<CustomerUpdateOptions>());
 
@@ -392,16 +390,17 @@ public class OrganizationBillingServiceTests
     }
 
     [Theory, BitAutoData]
-    public async Task UpdateOrganizationNameAndEmail_WhenNameIsLong_TruncatesTo30Characters(
+    public async Task UpdateOrganizationNameAndEmail_WhenNameIsLong_UsesFullName(
         Organization organization,
         SutProvider<OrganizationBillingService> sutProvider)
     {
         // Arrange
-        organization.Name = "This is a very long organization name that exceeds thirty characters";
+        var longName = "This is a very long organization name that exceeds thirty characters";
+        organization.Name = longName;
 
         CustomerUpdateOptions capturedOptions = null;
         sutProvider.GetDependency<IStripeAdapter>()
-            .CustomerUpdateAsync(
+            .UpdateCustomerAsync(
                 Arg.Is<string>(id => id == organization.GatewayCustomerId),
                 Arg.Do<CustomerUpdateOptions>(options => capturedOptions = options))
             .Returns(new Customer());
@@ -412,7 +411,7 @@ public class OrganizationBillingServiceTests
         // Assert
         await sutProvider.GetDependency<IStripeAdapter>()
             .Received(1)
-            .CustomerUpdateAsync(
+            .UpdateCustomerAsync(
                 organization.GatewayCustomerId,
                 Arg.Any<CustomerUpdateOptions>());
 
@@ -421,14 +420,11 @@ public class OrganizationBillingServiceTests
         Assert.NotNull(capturedOptions.InvoiceSettings.CustomFields);
 
         var customField = capturedOptions.InvoiceSettings.CustomFields.First();
-        Assert.Equal(30, customField.Value.Length);
-
-        var expectedCustomFieldDisplayName = "This is a very long organizati";
-        Assert.Equal(expectedCustomFieldDisplayName, customField.Value);
+        Assert.Equal(longName, customField.Value);
     }
 
     [Theory, BitAutoData]
-    public async Task UpdateOrganizationNameAndEmail_WhenGatewayCustomerIdIsNull_ThrowsBillingException(
+    public async Task UpdateOrganizationNameAndEmail_WhenGatewayCustomerIdIsNull_LogsWarningAndReturns(
         Organization organization,
         SutProvider<OrganizationBillingService> sutProvider)
     {
@@ -436,15 +432,93 @@ public class OrganizationBillingServiceTests
         organization.GatewayCustomerId = null;
         organization.Name = "Test Organization";
         organization.BillingEmail = "billing@example.com";
+        var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
 
-        // Act & Assert
-        var exception = await Assert.ThrowsAsync<BillingException>(
-            () => sutProvider.Sut.UpdateOrganizationNameAndEmail(organization));
+        // Act
+        await sutProvider.Sut.UpdateOrganizationNameAndEmail(organization);
 
-        Assert.Contains("Cannot update an organization in Stripe without a GatewayCustomerId.", exception.Response);
+        // Assert
+        await stripeAdapter.DidNotReceive().UpdateCustomerAsync(
+            Arg.Any<string>(),
+            Arg.Any<CustomerUpdateOptions>());
+    }
 
-        await sutProvider.GetDependency<IStripeAdapter>()
-            .DidNotReceiveWithAnyArgs()
-            .CustomerUpdateAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>());
+    [Theory, BitAutoData]
+    public async Task UpdateOrganizationNameAndEmail_WhenGatewayCustomerIdIsEmpty_LogsWarningAndReturns(
+        Organization organization,
+        SutProvider<OrganizationBillingService> sutProvider)
+    {
+        // Arrange
+        organization.GatewayCustomerId = "";
+        organization.Name = "Test Organization";
+        var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
+
+        // Act
+        await sutProvider.Sut.UpdateOrganizationNameAndEmail(organization);
+
+        // Assert
+        await stripeAdapter.DidNotReceive().UpdateCustomerAsync(
+            Arg.Any<string>(),
+            Arg.Any<CustomerUpdateOptions>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateOrganizationNameAndEmail_WhenNameIsNull_LogsWarningAndReturns(
+        Organization organization,
+        SutProvider<OrganizationBillingService> sutProvider)
+    {
+        // Arrange
+        organization.Name = null;
+        organization.GatewayCustomerId = "cus_test123";
+        var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
+
+        // Act
+        await sutProvider.Sut.UpdateOrganizationNameAndEmail(organization);
+
+        // Assert
+        await stripeAdapter.DidNotReceive().UpdateCustomerAsync(
+            Arg.Any<string>(),
+            Arg.Any<CustomerUpdateOptions>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateOrganizationNameAndEmail_WhenNameIsEmpty_LogsWarningAndReturns(
+        Organization organization,
+        SutProvider<OrganizationBillingService> sutProvider)
+    {
+        // Arrange
+        organization.Name = "";
+        organization.GatewayCustomerId = "cus_test123";
+        var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
+
+        // Act
+        await sutProvider.Sut.UpdateOrganizationNameAndEmail(organization);
+
+        // Assert
+        await stripeAdapter.DidNotReceive().UpdateCustomerAsync(
+            Arg.Any<string>(),
+            Arg.Any<CustomerUpdateOptions>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateOrganizationNameAndEmail_WhenBillingEmailIsNull_UpdatesWithNull(
+        Organization organization,
+        SutProvider<OrganizationBillingService> sutProvider)
+    {
+        // Arrange
+        organization.Name = "Test Organization";
+        organization.BillingEmail = null;
+        organization.GatewayCustomerId = "cus_test123";
+        var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
+
+        // Act
+        await sutProvider.Sut.UpdateOrganizationNameAndEmail(organization);
+
+        // Assert
+        await stripeAdapter.Received(1).UpdateCustomerAsync(
+            organization.GatewayCustomerId,
+            Arg.Is<CustomerUpdateOptions>(options =>
+                options.Email == null &&
+                options.Description == organization.Name));
     }
 }

test/Core.Test/Billing/Services/PaymentHistoryServiceTests.cs

@@ -1,9 +1,9 @@
 using Bit.Core.AdminConsole.Entities;
+using Bit.Core.Billing.Services;
 using Bit.Core.Billing.Services.Implementations;
 using Bit.Core.Entities;
 using Bit.Core.Models.BitStripe;
 using Bit.Core.Repositories;
-using Bit.Core.Services;
 using NSubstitute;
 using Stripe;
 using Xunit;
@@ -19,7 +19,7 @@ public class PaymentHistoryServiceTests
         var subscriber = new Organization { GatewayCustomerId = "cus_id", GatewaySubscriptionId = "sub_id" };
         var invoices = new List<Invoice> { new() { Id = "in_id" } };
         var stripeAdapter = Substitute.For<IStripeAdapter>();
-        stripeAdapter.InvoiceListAsync(Arg.Any<StripeInvoiceListOptions>()).Returns(invoices);
+        stripeAdapter.ListInvoicesAsync(Arg.Any<StripeInvoiceListOptions>()).Returns(invoices);
         var transactionRepository = Substitute.For<ITransactionRepository>();
         var paymentHistoryService = new PaymentHistoryService(stripeAdapter, transactionRepository);
 
@@ -29,7 +29,7 @@ public class PaymentHistoryServiceTests
         // Assert
         Assert.NotEmpty(result);
         Assert.Single(result);
-        await stripeAdapter.Received(1).InvoiceListAsync(Arg.Any<StripeInvoiceListOptions>());
+        await stripeAdapter.Received(1).ListInvoicesAsync(Arg.Any<StripeInvoiceListOptions>());
     }
 
     [Fact]

test/Core.Test/Billing/Services/StripePaymentServiceTests.cs

@@ -0,0 +1,411 @@
+using Bit.Core.Billing.Constants;
+using Bit.Core.Billing.Services;
+using Bit.Core.Billing.Services.Implementations;
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Stripe;
+using Xunit;
+
+namespace Bit.Core.Test.Services;
+
+[SutProviderCustomize]
+public class StripePaymentServiceTests
+{
+    [Theory]
+    [BitAutoData]
+    public async Task GetSubscriptionAsync_WithCustomerDiscount_ReturnsDiscountFromCustomer(
+        SutProvider<StripePaymentService> sutProvider,
+        User subscriber)
+    {
+        // Arrange
+        subscriber.Gateway = GatewayType.Stripe;
+        subscriber.GatewayCustomerId = "cus_test123";
+        subscriber.GatewaySubscriptionId = "sub_test123";
+
+        var customerDiscount = new Discount
+        {
+            Coupon = new Coupon
+            {
+                Id = StripeConstants.CouponIDs.Milestone2SubscriptionDiscount,
+                PercentOff = 20m,
+                AmountOff = 1400
+            },
+            End = null
+        };
+
+        var subscription = new Subscription
+        {
+            Id = "sub_test123",
+            Status = "active",
+            CollectionMethod = "charge_automatically",
+            Customer = new Customer
+            {
+                Discount = customerDiscount
+            },
+            Discounts = new List<Discount>(), // Empty list
+            Items = new StripeList<SubscriptionItem> { Data = [] }
+        };
+
+        sutProvider.GetDependency<IStripeAdapter>()
+            .GetSubscriptionAsync(
+                subscriber.GatewaySubscriptionId,
+                Arg.Any<SubscriptionGetOptions>())
+            .Returns(subscription);
+
+        // Act
+        var result = await sutProvider.Sut.GetSubscriptionAsync(subscriber);
+
+        // Assert
+        Assert.NotNull(result.CustomerDiscount);
+        Assert.Equal(StripeConstants.CouponIDs.Milestone2SubscriptionDiscount, result.CustomerDiscount.Id);
+        Assert.Equal(20m, result.CustomerDiscount.PercentOff);
+        Assert.Equal(14.00m, result.CustomerDiscount.AmountOff); // Converted from cents
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task GetSubscriptionAsync_WithoutCustomerDiscount_FallsBackToSubscriptionDiscounts(
+        SutProvider<StripePaymentService> sutProvider,
+        User subscriber)
+    {
+        // Arrange
+        subscriber.Gateway = GatewayType.Stripe;
+        subscriber.GatewayCustomerId = "cus_test123";
+        subscriber.GatewaySubscriptionId = "sub_test123";
+
+        var subscriptionDiscount = new Discount
+        {
+            Coupon = new Coupon
+            {
+                Id = StripeConstants.CouponIDs.Milestone2SubscriptionDiscount,
+                PercentOff = 15m,
+                AmountOff = null
+            },
+            End = null
+        };
+
+        var subscription = new Subscription
+        {
+            Id = "sub_test123",
+            Status = "active",
+            CollectionMethod = "charge_automatically",
+            Customer = new Customer
+            {
+                Discount = null // No customer discount
+            },
+            Discounts = new List<Discount> { subscriptionDiscount },
+            Items = new StripeList<SubscriptionItem> { Data = [] }
+        };
+
+        sutProvider.GetDependency<IStripeAdapter>()
+            .GetSubscriptionAsync(
+                subscriber.GatewaySubscriptionId,
+                Arg.Any<SubscriptionGetOptions>())
+            .Returns(subscription);
+
+        // Act
+        var result = await sutProvider.Sut.GetSubscriptionAsync(subscriber);
+
+        // Assert - Should use subscription discount as fallback
+        Assert.NotNull(result.CustomerDiscount);
+        Assert.Equal(StripeConstants.CouponIDs.Milestone2SubscriptionDiscount, result.CustomerDiscount.Id);
+        Assert.Equal(15m, result.CustomerDiscount.PercentOff);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task GetSubscriptionAsync_WithBothDiscounts_PrefersCustomerDiscount(
+        SutProvider<StripePaymentService> sutProvider,
+        User subscriber)
+    {
+        // Arrange
+        subscriber.Gateway = GatewayType.Stripe;
+        subscriber.GatewayCustomerId = "cus_test123";
+        subscriber.GatewaySubscriptionId = "sub_test123";
+
+        var customerDiscount = new Discount
+        {
+            Coupon = new Coupon
+            {
+                Id = StripeConstants.CouponIDs.Milestone2SubscriptionDiscount,
+                PercentOff = 25m
+            },
+            End = null
+        };
+
+        var subscriptionDiscount = new Discount
+        {
+            Coupon = new Coupon
+            {
+                Id = "different-coupon-id",
+                PercentOff = 10m
+            },
+            End = null
+        };
+
+        var subscription = new Subscription
+        {
+            Id = "sub_test123",
+            Status = "active",
+            CollectionMethod = "charge_automatically",
+            Customer = new Customer
+            {
+                Discount = customerDiscount // Should prefer this
+            },
+            Discounts = new List<Discount> { subscriptionDiscount },
+            Items = new StripeList<SubscriptionItem> { Data = [] }
+        };
+
+        sutProvider.GetDependency<IStripeAdapter>()
+            .GetSubscriptionAsync(
+                subscriber.GatewaySubscriptionId,
+                Arg.Any<SubscriptionGetOptions>())
+            .Returns(subscription);
+
+        // Act
+        var result = await sutProvider.Sut.GetSubscriptionAsync(subscriber);
+
+        // Assert - Should prefer customer discount over subscription discount
+        Assert.NotNull(result.CustomerDiscount);
+        Assert.Equal(StripeConstants.CouponIDs.Milestone2SubscriptionDiscount, result.CustomerDiscount.Id);
+        Assert.Equal(25m, result.CustomerDiscount.PercentOff);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task GetSubscriptionAsync_WithNoDiscounts_ReturnsNullDiscount(
+        SutProvider<StripePaymentService> sutProvider,
+        User subscriber)
+    {
+        // Arrange
+        subscriber.Gateway = GatewayType.Stripe;
+        subscriber.GatewayCustomerId = "cus_test123";
+        subscriber.GatewaySubscriptionId = "sub_test123";
+
+        var subscription = new Subscription
+        {
+            Id = "sub_test123",
+            Status = "active",
+            CollectionMethod = "charge_automatically",
+            Customer = new Customer
+            {
+                Discount = null
+            },
+            Discounts = new List<Discount>(), // Empty list, no discounts
+            Items = new StripeList<SubscriptionItem> { Data = [] }
+        };
+
+        sutProvider.GetDependency<IStripeAdapter>()
+            .GetSubscriptionAsync(
+                subscriber.GatewaySubscriptionId,
+                Arg.Any<SubscriptionGetOptions>())
+            .Returns(subscription);
+
+        // Act
+        var result = await sutProvider.Sut.GetSubscriptionAsync(subscriber);
+
+        // Assert
+        Assert.Null(result.CustomerDiscount);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task GetSubscriptionAsync_WithMultipleSubscriptionDiscounts_SelectsFirstDiscount(
+        SutProvider<StripePaymentService> sutProvider,
+        User subscriber)
+    {
+        // Arrange - Multiple subscription-level discounts, no customer discount
+        subscriber.Gateway = GatewayType.Stripe;
+        subscriber.GatewayCustomerId = "cus_test123";
+        subscriber.GatewaySubscriptionId = "sub_test123";
+
+        var firstDiscount = new Discount
+        {
+            Coupon = new Coupon
+            {
+                Id = "coupon-10-percent",
+                PercentOff = 10m
+            },
+            End = null
+        };
+
+        var secondDiscount = new Discount
+        {
+            Coupon = new Coupon
+            {
+                Id = "coupon-20-percent",
+                PercentOff = 20m
+            },
+            End = null
+        };
+
+        var subscription = new Subscription
+        {
+            Id = "sub_test123",
+            Status = "active",
+            CollectionMethod = "charge_automatically",
+            Customer = new Customer
+            {
+                Discount = null // No customer discount
+            },
+            // Multiple subscription discounts - FirstOrDefault() should select the first one
+            Discounts = new List<Discount> { firstDiscount, secondDiscount },
+            Items = new StripeList<SubscriptionItem> { Data = [] }
+        };
+
+        sutProvider.GetDependency<IStripeAdapter>()
+            .GetSubscriptionAsync(
+                subscriber.GatewaySubscriptionId,
+                Arg.Any<SubscriptionGetOptions>())
+            .Returns(subscription);
+
+        // Act
+        var result = await sutProvider.Sut.GetSubscriptionAsync(subscriber);
+
+        // Assert - Should select the first discount from the list (FirstOrDefault() behavior)
+        Assert.NotNull(result.CustomerDiscount);
+        Assert.Equal("coupon-10-percent", result.CustomerDiscount.Id);
+        Assert.Equal(10m, result.CustomerDiscount.PercentOff);
+        // Verify the second discount was not selected
+        Assert.NotEqual("coupon-20-percent", result.CustomerDiscount.Id);
+        Assert.NotEqual(20m, result.CustomerDiscount.PercentOff);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task GetSubscriptionAsync_WithNullCustomer_HandlesGracefully(
+        SutProvider<StripePaymentService> sutProvider,
+        User subscriber)
+    {
+        // Arrange - Subscription with null Customer (defensive null check scenario)
+        subscriber.Gateway = GatewayType.Stripe;
+        subscriber.GatewayCustomerId = "cus_test123";
+        subscriber.GatewaySubscriptionId = "sub_test123";
+
+        var subscription = new Subscription
+        {
+            Id = "sub_test123",
+            Status = "active",
+            CollectionMethod = "charge_automatically",
+            Customer = null, // Customer not expanded or null
+            Discounts = new List<Discount>(), // Empty discounts
+            Items = new StripeList<SubscriptionItem> { Data = [] }
+        };
+
+        sutProvider.GetDependency<IStripeAdapter>()
+            .GetSubscriptionAsync(
+                subscriber.GatewaySubscriptionId,
+                Arg.Any<SubscriptionGetOptions>())
+            .Returns(subscription);
+
+        // Act
+        var result = await sutProvider.Sut.GetSubscriptionAsync(subscriber);
+
+        // Assert - Should handle null Customer gracefully without throwing NullReferenceException
+        Assert.Null(result.CustomerDiscount);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task GetSubscriptionAsync_WithNullDiscounts_HandlesGracefully(
+        SutProvider<StripePaymentService> sutProvider,
+        User subscriber)
+    {
+        // Arrange - Subscription with null Discounts (defensive null check scenario)
+        subscriber.Gateway = GatewayType.Stripe;
+        subscriber.GatewayCustomerId = "cus_test123";
+        subscriber.GatewaySubscriptionId = "sub_test123";
+
+        var subscription = new Subscription
+        {
+            Id = "sub_test123",
+            Status = "active",
+            CollectionMethod = "charge_automatically",
+            Customer = new Customer
+            {
+                Discount = null // No customer discount
+            },
+            Discounts = null, // Discounts not expanded or null
+            Items = new StripeList<SubscriptionItem> { Data = [] }
+        };
+
+        sutProvider.GetDependency<IStripeAdapter>()
+            .GetSubscriptionAsync(
+                subscriber.GatewaySubscriptionId,
+                Arg.Any<SubscriptionGetOptions>())
+            .Returns(subscription);
+
+        // Act
+        var result = await sutProvider.Sut.GetSubscriptionAsync(subscriber);
+
+        // Assert - Should handle null Discounts gracefully without throwing NullReferenceException
+        Assert.Null(result.CustomerDiscount);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task GetSubscriptionAsync_VerifiesCorrectExpandOptions(
+        SutProvider<StripePaymentService> sutProvider,
+        User subscriber)
+    {
+        // Arrange
+        subscriber.Gateway = GatewayType.Stripe;
+        subscriber.GatewayCustomerId = "cus_test123";
+        subscriber.GatewaySubscriptionId = "sub_test123";
+
+        var subscription = new Subscription
+        {
+            Id = "sub_test123",
+            Status = "active",
+            CollectionMethod = "charge_automatically",
+            Customer = new Customer { Discount = null },
+            Discounts = new List<Discount>(), // Empty list
+            Items = new StripeList<SubscriptionItem> { Data = [] }
+        };
+
+        var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
+        stripeAdapter
+            .GetSubscriptionAsync(
+                Arg.Any<string>(),
+                Arg.Any<SubscriptionGetOptions>())
+            .Returns(subscription);
+
+        // Act
+        await sutProvider.Sut.GetSubscriptionAsync(subscriber);
+
+        // Assert - Verify expand options are correct
+        await stripeAdapter.Received(1).GetSubscriptionAsync(
+            subscriber.GatewaySubscriptionId,
+            Arg.Is<SubscriptionGetOptions>(o =>
+                o.Expand.Contains("customer.discount.coupon.applies_to") &&
+                o.Expand.Contains("discounts.coupon.applies_to") &&
+                o.Expand.Contains("test_clock")));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task GetSubscriptionAsync_WithEmptyGatewaySubscriptionId_ReturnsEmptySubscriptionInfo(
+        SutProvider<StripePaymentService> sutProvider,
+        User subscriber)
+    {
+        // Arrange
+        subscriber.GatewaySubscriptionId = null;
+
+        // Act
+        var result = await sutProvider.Sut.GetSubscriptionAsync(subscriber);
+
+        // Assert
+        Assert.NotNull(result);
+        Assert.Null(result.Subscription);
+        Assert.Null(result.CustomerDiscount);
+        Assert.Null(result.UpcomingInvoice);
+
+        // Verify no Stripe API calls were made
+        await sutProvider.GetDependency<IStripeAdapter>()
+            .DidNotReceive()
+            .GetSubscriptionAsync(Arg.Any<string>(), Arg.Any<SubscriptionGetOptions>());
+    }
+}

test/Core.Test/Billing/Services/SubscriberServiceTests.cs

@@ -3,10 +3,10 @@ using Bit.Core.AdminConsole.Entities.Provider;
 using Bit.Core.Billing.Caches;
 using Bit.Core.Billing.Constants;
 using Bit.Core.Billing.Models;
+using Bit.Core.Billing.Services;
 using Bit.Core.Billing.Services.Implementations;
 using Bit.Core.Billing.Tax.Models;
 using Bit.Core.Enums;
-using Bit.Core.Services;
 using Bit.Core.Settings;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
@@ -44,7 +44,7 @@ public class SubscriberServiceTests
         var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
 
         stripeAdapter
-            .SubscriptionGetAsync(organization.GatewaySubscriptionId)
+            .GetSubscriptionAsync(organization.GatewaySubscriptionId)
             .Returns(subscription);
 
         await ThrowsBillingExceptionAsync(() =>
@@ -52,11 +52,11 @@ public class SubscriberServiceTests
 
         await stripeAdapter
             .DidNotReceiveWithAnyArgs()
-            .SubscriptionUpdateAsync(Arg.Any<string>(), Arg.Any<SubscriptionUpdateOptions>());
+            .UpdateSubscriptionAsync(Arg.Any<string>(), Arg.Any<SubscriptionUpdateOptions>());
 
         await stripeAdapter
             .DidNotReceiveWithAnyArgs()
-            .SubscriptionCancelAsync(Arg.Any<string>(), Arg.Any<SubscriptionCancelOptions>());
+            .CancelSubscriptionAsync(Arg.Any<string>(), Arg.Any<SubscriptionCancelOptions>());
     }
 
     [Theory, BitAutoData]
@@ -81,7 +81,7 @@ public class SubscriberServiceTests
         var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
 
         stripeAdapter
-            .SubscriptionGetAsync(organization.GatewaySubscriptionId)
+            .GetSubscriptionAsync(organization.GatewaySubscriptionId)
             .Returns(subscription);
 
         var offboardingSurveyResponse = new OffboardingSurveyResponse
@@ -95,12 +95,12 @@ public class SubscriberServiceTests
 
         await stripeAdapter
             .Received(1)
-            .SubscriptionUpdateAsync(subscriptionId, Arg.Is<SubscriptionUpdateOptions>(
+            .UpdateSubscriptionAsync(subscriptionId, Arg.Is<SubscriptionUpdateOptions>(
                 options => options.Metadata["cancellingUserId"] == userId.ToString()));
 
         await stripeAdapter
             .Received(1)
-            .SubscriptionCancelAsync(subscriptionId, Arg.Is<SubscriptionCancelOptions>(options =>
+            .CancelSubscriptionAsync(subscriptionId, Arg.Is<SubscriptionCancelOptions>(options =>
                 options.CancellationDetails.Comment == offboardingSurveyResponse.Feedback &&
                 options.CancellationDetails.Feedback == offboardingSurveyResponse.Reason));
     }
@@ -127,7 +127,7 @@ public class SubscriberServiceTests
         var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
 
         stripeAdapter
-            .SubscriptionGetAsync(organization.GatewaySubscriptionId)
+            .GetSubscriptionAsync(organization.GatewaySubscriptionId)
             .Returns(subscription);
 
         var offboardingSurveyResponse = new OffboardingSurveyResponse
@@ -141,11 +141,11 @@ public class SubscriberServiceTests
 
         await stripeAdapter
             .DidNotReceiveWithAnyArgs()
-            .SubscriptionUpdateAsync(Arg.Any<string>(), Arg.Any<SubscriptionUpdateOptions>());
+            .UpdateSubscriptionAsync(Arg.Any<string>(), Arg.Any<SubscriptionUpdateOptions>());
 
         await stripeAdapter
             .Received(1)
-            .SubscriptionCancelAsync(subscriptionId, Arg.Is<SubscriptionCancelOptions>(options =>
+            .CancelSubscriptionAsync(subscriptionId, Arg.Is<SubscriptionCancelOptions>(options =>
                 options.CancellationDetails.Comment == offboardingSurveyResponse.Feedback &&
                 options.CancellationDetails.Feedback == offboardingSurveyResponse.Reason));
     }
@@ -170,7 +170,7 @@ public class SubscriberServiceTests
         var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
 
         stripeAdapter
-            .SubscriptionGetAsync(organization.GatewaySubscriptionId)
+            .GetSubscriptionAsync(organization.GatewaySubscriptionId)
             .Returns(subscription);
 
         var offboardingSurveyResponse = new OffboardingSurveyResponse
@@ -184,7 +184,7 @@ public class SubscriberServiceTests
 
         await stripeAdapter
             .Received(1)
-            .SubscriptionUpdateAsync(subscriptionId, Arg.Is<SubscriptionUpdateOptions>(options =>
+            .UpdateSubscriptionAsync(subscriptionId, Arg.Is<SubscriptionUpdateOptions>(options =>
                 options.CancelAtPeriodEnd == true &&
                 options.CancellationDetails.Comment == offboardingSurveyResponse.Feedback &&
                 options.CancellationDetails.Feedback == offboardingSurveyResponse.Reason &&
@@ -192,7 +192,7 @@ public class SubscriberServiceTests
 
         await stripeAdapter
             .DidNotReceiveWithAnyArgs()
-            .SubscriptionCancelAsync(Arg.Any<string>(), Arg.Any<SubscriptionCancelOptions>());
+            .CancelSubscriptionAsync(Arg.Any<string>(), Arg.Any<SubscriptionCancelOptions>());
     }
 
     #endregion
@@ -223,7 +223,7 @@ public class SubscriberServiceTests
         SutProvider<SubscriberService> sutProvider)
     {
         sutProvider.GetDependency<IStripeAdapter>()
-            .CustomerGetAsync(organization.GatewayCustomerId)
+            .GetCustomerAsync(organization.GatewayCustomerId)
             .ReturnsNull();
 
         var customer = await sutProvider.Sut.GetCustomer(organization);
@@ -237,7 +237,7 @@ public class SubscriberServiceTests
         SutProvider<SubscriberService> sutProvider)
     {
         sutProvider.GetDependency<IStripeAdapter>()
-            .CustomerGetAsync(organization.GatewayCustomerId)
+            .GetCustomerAsync(organization.GatewayCustomerId)
             .ThrowsAsync<StripeException>();
 
         var customer = await sutProvider.Sut.GetCustomer(organization);
@@ -253,7 +253,7 @@ public class SubscriberServiceTests
         var customer = new Customer();
 
         sutProvider.GetDependency<IStripeAdapter>()
-            .CustomerGetAsync(organization.GatewayCustomerId)
+            .GetCustomerAsync(organization.GatewayCustomerId)
             .Returns(customer);
 
         var gotCustomer = await sutProvider.Sut.GetCustomer(organization);
@@ -287,7 +287,7 @@ public class SubscriberServiceTests
         SutProvider<SubscriberService> sutProvider)
     {
         sutProvider.GetDependency<IStripeAdapter>()
-            .CustomerGetAsync(organization.GatewayCustomerId)
+            .GetCustomerAsync(organization.GatewayCustomerId)
             .ReturnsNull();
 
         await ThrowsBillingExceptionAsync(async () => await sutProvider.Sut.GetCustomerOrThrow(organization));
@@ -301,7 +301,7 @@ public class SubscriberServiceTests
         var stripeException = new StripeException();
 
         sutProvider.GetDependency<IStripeAdapter>()
-            .CustomerGetAsync(organization.GatewayCustomerId)
+            .GetCustomerAsync(organization.GatewayCustomerId)
             .ThrowsAsync(stripeException);
 
         await ThrowsBillingExceptionAsync(
@@ -318,7 +318,7 @@ public class SubscriberServiceTests
         var customer = new Customer();
 
         sutProvider.GetDependency<IStripeAdapter>()
-            .CustomerGetAsync(organization.GatewayCustomerId)
+            .GetCustomerAsync(organization.GatewayCustomerId)
             .Returns(customer);
 
         var gotCustomer = await sutProvider.Sut.GetCustomerOrThrow(organization);
@@ -328,157 +328,6 @@ public class SubscriberServiceTests
 
     #endregion
 
-    #region GetPaymentMethod
-
-    [Theory, BitAutoData]
-    public async Task GetPaymentMethod_NullSubscriber_ThrowsArgumentNullException(
-        SutProvider<SubscriberService> sutProvider) =>
-        await Assert.ThrowsAsync<ArgumentNullException>(() => sutProvider.Sut.GetPaymentSource(null));
-
-    [Theory, BitAutoData]
-    public async Task GetPaymentMethod_WithNegativeStripeAccountBalance_ReturnsCorrectAccountCreditAmount(Organization organization,
-        SutProvider<SubscriberService> sutProvider)
-    {
-        // Arrange
-        // Stripe reports balance in cents as a negative number for credit
-        const int stripeAccountBalance = -593; // $5.93 credit (negative cents)
-        const decimal creditAmount = 5.93M;    // Same value in dollars
-
-
-        var customer = new Customer
-        {
-            Balance = stripeAccountBalance,
-            Subscriptions = new StripeList<Subscription>()
-            {
-                Data =
-                [new Subscription { Id = organization.GatewaySubscriptionId, Status = "active" }]
-            },
-            InvoiceSettings = new CustomerInvoiceSettings
-            {
-                DefaultPaymentMethod = new PaymentMethod
-                {
-                    Type = StripeConstants.PaymentMethodTypes.USBankAccount,
-                    UsBankAccount = new PaymentMethodUsBankAccount { BankName = "Chase", Last4 = "9999" }
-                }
-            }
-        };
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(organization.GatewayCustomerId,
-                Arg.Is<CustomerGetOptions>(options => options.Expand.Contains("default_source") &&
-                                                      options.Expand.Contains("invoice_settings.default_payment_method")
-                                                      && options.Expand.Contains("subscriptions")
-                                                      && options.Expand.Contains("tax_ids")))
-            .Returns(customer);
-
-        // Act
-        var result = await sutProvider.Sut.GetPaymentMethod(organization);
-
-        // Assert
-        Assert.NotNull(result);
-        Assert.Equal(creditAmount, result.AccountCredit);
-        await sutProvider.GetDependency<IStripeAdapter>().Received(1).CustomerGetAsync(
-            organization.GatewayCustomerId,
-            Arg.Is<CustomerGetOptions>(options =>
-                options.Expand.Contains("default_source") &&
-                options.Expand.Contains("invoice_settings.default_payment_method") &&
-                options.Expand.Contains("subscriptions") &&
-                options.Expand.Contains("tax_ids")));
-
-    }
-
-    [Theory, BitAutoData]
-    public async Task GetPaymentMethod_WithZeroStripeAccountBalance_ReturnsCorrectAccountCreditAmount(
-        Organization organization, SutProvider<SubscriberService> sutProvider)
-    {
-        // Arrange
-        const int stripeAccountBalance = 0;
-
-        var customer = new Customer
-        {
-            Balance = stripeAccountBalance,
-            Subscriptions = new StripeList<Subscription>()
-            {
-                Data =
-                [new Subscription { Id = organization.GatewaySubscriptionId, Status = "active" }]
-            },
-            InvoiceSettings = new CustomerInvoiceSettings
-            {
-                DefaultPaymentMethod = new PaymentMethod
-                {
-                    Type = StripeConstants.PaymentMethodTypes.USBankAccount,
-                    UsBankAccount = new PaymentMethodUsBankAccount { BankName = "Chase", Last4 = "9999" }
-                }
-            }
-        };
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(organization.GatewayCustomerId,
-                Arg.Is<CustomerGetOptions>(options => options.Expand.Contains("default_source") &&
-                                                      options.Expand.Contains("invoice_settings.default_payment_method")
-                                                      && options.Expand.Contains("subscriptions")
-                                                      && options.Expand.Contains("tax_ids")))
-            .Returns(customer);
-
-        // Act
-        var result = await sutProvider.Sut.GetPaymentMethod(organization);
-
-        // Assert
-        Assert.NotNull(result);
-        Assert.Equal(0, result.AccountCredit);
-        await sutProvider.GetDependency<IStripeAdapter>().Received(1).CustomerGetAsync(
-            organization.GatewayCustomerId,
-            Arg.Is<CustomerGetOptions>(options =>
-                options.Expand.Contains("default_source") &&
-                options.Expand.Contains("invoice_settings.default_payment_method") &&
-                options.Expand.Contains("subscriptions") &&
-                options.Expand.Contains("tax_ids")));
-    }
-
-    [Theory, BitAutoData]
-    public async Task GetPaymentMethod_WithPositiveStripeAccountBalance_ReturnsCorrectAccountCreditAmount(
-        Organization organization, SutProvider<SubscriberService> sutProvider)
-    {
-        // Arrange
-        const int stripeAccountBalance = 593; // $5.93 charge balance
-        const decimal accountBalance = -5.93M;    // account balance
-        var customer = new Customer
-        {
-            Balance = stripeAccountBalance,
-            Subscriptions = new StripeList<Subscription>()
-            {
-                Data =
-                [new Subscription { Id = organization.GatewaySubscriptionId, Status = "active" }]
-            },
-            InvoiceSettings = new CustomerInvoiceSettings
-            {
-                DefaultPaymentMethod = new PaymentMethod
-                {
-                    Type = StripeConstants.PaymentMethodTypes.USBankAccount,
-                    UsBankAccount = new PaymentMethodUsBankAccount { BankName = "Chase", Last4 = "9999" }
-                }
-            }
-        };
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(organization.GatewayCustomerId,
-                Arg.Is<CustomerGetOptions>(options => options.Expand.Contains("default_source") &&
-                                                      options.Expand.Contains("invoice_settings.default_payment_method")
-                                                      && options.Expand.Contains("subscriptions")
-                                                      && options.Expand.Contains("tax_ids")))
-            .Returns(customer);
-
-        // Act
-        var result = await sutProvider.Sut.GetPaymentMethod(organization);
-
-        // Assert
-        Assert.NotNull(result);
-        Assert.Equal(accountBalance, result.AccountCredit);
-        await sutProvider.GetDependency<IStripeAdapter>().Received(1).CustomerGetAsync(
-            organization.GatewayCustomerId,
-            Arg.Is<CustomerGetOptions>(options =>
-                options.Expand.Contains("default_source") &&
-                options.Expand.Contains("invoice_settings.default_payment_method") &&
-                options.Expand.Contains("subscriptions") &&
-                options.Expand.Contains("tax_ids")));
-
-    }
-    #endregion
-
     #region GetPaymentSource
 
     [Theory, BitAutoData]
@@ -502,7 +351,7 @@ public class SubscriberServiceTests
             }
         };
 
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(provider.GatewayCustomerId,
+        sutProvider.GetDependency<IStripeAdapter>().GetCustomerAsync(provider.GatewayCustomerId,
                 Arg.Is<CustomerGetOptions>(
                     options => options.Expand.Contains("default_source") &&
                                options.Expand.Contains("invoice_settings.default_payment_method")))
@@ -539,7 +388,7 @@ public class SubscriberServiceTests
             }
         };
 
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(provider.GatewayCustomerId,
+        sutProvider.GetDependency<IStripeAdapter>().GetCustomerAsync(provider.GatewayCustomerId,
                 Arg.Is<CustomerGetOptions>(
                     options => options.Expand.Contains("default_source") &&
                                options.Expand.Contains("invoice_settings.default_payment_method")))
@@ -593,7 +442,7 @@ public class SubscriberServiceTests
             }
         };
 
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(provider.GatewayCustomerId,
+        sutProvider.GetDependency<IStripeAdapter>().GetCustomerAsync(provider.GatewayCustomerId,
                 Arg.Is<CustomerGetOptions>(
                     options => options.Expand.Contains("default_source") &&
                                options.Expand.Contains("invoice_settings.default_payment_method")))
@@ -629,7 +478,7 @@ public class SubscriberServiceTests
             }
         };
 
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(provider.GatewayCustomerId,
+        sutProvider.GetDependency<IStripeAdapter>().GetCustomerAsync(provider.GatewayCustomerId,
                 Arg.Is<CustomerGetOptions>(
                     options => options.Expand.Contains("default_source") &&
                                options.Expand.Contains("invoice_settings.default_payment_method")))
@@ -649,7 +498,7 @@ public class SubscriberServiceTests
     {
         var customer = new Customer { Id = provider.GatewayCustomerId };
 
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(provider.GatewayCustomerId,
+        sutProvider.GetDependency<IStripeAdapter>().GetCustomerAsync(provider.GatewayCustomerId,
                 Arg.Is<CustomerGetOptions>(options => options.Expand.Contains("default_source") &&
                                                       options.Expand.Contains(
                                                           "invoice_settings.default_payment_method")))
@@ -672,7 +521,7 @@ public class SubscriberServiceTests
 
         sutProvider.GetDependency<ISetupIntentCache>().GetSetupIntentIdForSubscriber(provider.Id).Returns(setupIntent.Id);
 
-        sutProvider.GetDependency<IStripeAdapter>().SetupIntentGet(setupIntent.Id,
+        sutProvider.GetDependency<IStripeAdapter>().GetSetupIntentAsync(setupIntent.Id,
             Arg.Is<SetupIntentGetOptions>(options => options.Expand.Contains("payment_method"))).Returns(setupIntent);
 
         var paymentMethod = await sutProvider.Sut.GetPaymentSource(provider);
@@ -692,7 +541,7 @@ public class SubscriberServiceTests
             DefaultSource = new BankAccount { Status = "verified", BankName = "Chase", Last4 = "9999" }
         };
 
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(provider.GatewayCustomerId,
+        sutProvider.GetDependency<IStripeAdapter>().GetCustomerAsync(provider.GatewayCustomerId,
                 Arg.Is<CustomerGetOptions>(options => options.Expand.Contains("default_source") &&
                                                       options.Expand.Contains(
                                                           "invoice_settings.default_payment_method")))
@@ -715,7 +564,7 @@ public class SubscriberServiceTests
             DefaultSource = new Card { Brand = "Visa", Last4 = "9999", ExpMonth = 9, ExpYear = 2028 }
         };
 
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(provider.GatewayCustomerId,
+        sutProvider.GetDependency<IStripeAdapter>().GetCustomerAsync(provider.GatewayCustomerId,
                 Arg.Is<CustomerGetOptions>(options => options.Expand.Contains("default_source") &&
                                                       options.Expand.Contains(
                                                           "invoice_settings.default_payment_method")))
@@ -747,7 +596,7 @@ public class SubscriberServiceTests
             }
         };
 
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(provider.GatewayCustomerId,
+        sutProvider.GetDependency<IStripeAdapter>().GetCustomerAsync(provider.GatewayCustomerId,
                 Arg.Is<CustomerGetOptions>(
                     options => options.Expand.Contains("default_source") &&
                                options.Expand.Contains("invoice_settings.default_payment_method")))
@@ -787,7 +636,7 @@ public class SubscriberServiceTests
         SutProvider<SubscriberService> sutProvider)
     {
         sutProvider.GetDependency<IStripeAdapter>()
-            .SubscriptionGetAsync(organization.GatewaySubscriptionId)
+            .GetSubscriptionAsync(organization.GatewaySubscriptionId)
             .ReturnsNull();
 
         var subscription = await sutProvider.Sut.GetSubscription(organization);
@@ -801,7 +650,7 @@ public class SubscriberServiceTests
         SutProvider<SubscriberService> sutProvider)
     {
         sutProvider.GetDependency<IStripeAdapter>()
-            .SubscriptionGetAsync(organization.GatewaySubscriptionId)
+            .GetSubscriptionAsync(organization.GatewaySubscriptionId)
             .ThrowsAsync<StripeException>();
 
         var subscription = await sutProvider.Sut.GetSubscription(organization);
@@ -817,7 +666,7 @@ public class SubscriberServiceTests
         var subscription = new Subscription();
 
         sutProvider.GetDependency<IStripeAdapter>()
-            .SubscriptionGetAsync(organization.GatewaySubscriptionId)
+            .GetSubscriptionAsync(organization.GatewaySubscriptionId)
             .Returns(subscription);
 
         var gotSubscription = await sutProvider.Sut.GetSubscription(organization);
@@ -849,7 +698,7 @@ public class SubscriberServiceTests
         SutProvider<SubscriberService> sutProvider)
     {
         sutProvider.GetDependency<IStripeAdapter>()
-            .SubscriptionGetAsync(organization.GatewaySubscriptionId)
+            .GetSubscriptionAsync(organization.GatewaySubscriptionId)
             .ReturnsNull();
 
         await ThrowsBillingExceptionAsync(async () => await sutProvider.Sut.GetSubscriptionOrThrow(organization));
@@ -863,7 +712,7 @@ public class SubscriberServiceTests
         var stripeException = new StripeException();
 
         sutProvider.GetDependency<IStripeAdapter>()
-            .SubscriptionGetAsync(organization.GatewaySubscriptionId)
+            .GetSubscriptionAsync(organization.GatewaySubscriptionId)
             .ThrowsAsync(stripeException);
 
         await ThrowsBillingExceptionAsync(
@@ -880,7 +729,7 @@ public class SubscriberServiceTests
         var subscription = new Subscription();
 
         sutProvider.GetDependency<IStripeAdapter>()
-            .SubscriptionGetAsync(organization.GatewaySubscriptionId)
+            .GetSubscriptionAsync(organization.GatewaySubscriptionId)
             .Returns(subscription);
 
         var gotSubscription = await sutProvider.Sut.GetSubscriptionOrThrow(organization);
@@ -889,65 +738,6 @@ public class SubscriberServiceTests
     }
     #endregion
 
-    #region GetTaxInformation
-
-    [Theory, BitAutoData]
-    public async Task GetTaxInformation_NullSubscriber_ThrowsArgumentNullException(
-        SutProvider<SubscriberService> sutProvider) =>
-        await Assert.ThrowsAsync<ArgumentNullException>(() => sutProvider.Sut.GetTaxInformation(null));
-
-    [Theory, BitAutoData]
-    public async Task GetTaxInformation_NullAddress_ReturnsNull(
-        Organization organization,
-        SutProvider<SubscriberService> sutProvider)
-    {
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(organization.GatewayCustomerId, Arg.Any<CustomerGetOptions>())
-            .Returns(new Customer());
-
-        var taxInformation = await sutProvider.Sut.GetTaxInformation(organization);
-
-        Assert.Null(taxInformation);
-    }
-
-    [Theory, BitAutoData]
-    public async Task GetTaxInformation_Success(
-        Organization organization,
-        SutProvider<SubscriberService> sutProvider)
-    {
-        var address = new Address
-        {
-            Country = "US",
-            PostalCode = "12345",
-            Line1 = "123 Example St.",
-            Line2 = "Unit 1",
-            City = "Example Town",
-            State = "NY"
-        };
-
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(organization.GatewayCustomerId, Arg.Any<CustomerGetOptions>())
-            .Returns(new Customer
-            {
-                Address = address,
-                TaxIds = new StripeList<TaxId>
-                {
-                    Data = [new TaxId { Value = "tax_id" }]
-                }
-            });
-
-        var taxInformation = await sutProvider.Sut.GetTaxInformation(organization);
-
-        Assert.NotNull(taxInformation);
-        Assert.Equal(address.Country, taxInformation.Country);
-        Assert.Equal(address.PostalCode, taxInformation.PostalCode);
-        Assert.Equal("tax_id", taxInformation.TaxId);
-        Assert.Equal(address.Line1, taxInformation.Line1);
-        Assert.Equal(address.Line2, taxInformation.Line2);
-        Assert.Equal(address.City, taxInformation.City);
-        Assert.Equal(address.State, taxInformation.State);
-    }
-
-    #endregion
-
     #region RemovePaymentMethod
     [Theory, BitAutoData]
     public async Task RemovePaymentMethod_NullSubscriber_ThrowsArgumentNullException(
@@ -970,7 +760,7 @@ public class SubscriberServiceTests
         };
 
         sutProvider.GetDependency<IStripeAdapter>()
-            .CustomerGetAsync(organization.GatewayCustomerId, Arg.Any<CustomerGetOptions>())
+            .GetCustomerAsync(organization.GatewayCustomerId, Arg.Any<CustomerGetOptions>())
             .Returns(stripeCustomer);
 
         var (braintreeGateway, customerGateway, paymentMethodGateway) = SetupBraintree(sutProvider.GetDependency<IBraintreeGateway>());
@@ -1005,7 +795,7 @@ public class SubscriberServiceTests
         };
 
         sutProvider.GetDependency<IStripeAdapter>()
-            .CustomerGetAsync(organization.GatewayCustomerId, Arg.Any<CustomerGetOptions>())
+            .GetCustomerAsync(organization.GatewayCustomerId, Arg.Any<CustomerGetOptions>())
             .Returns(stripeCustomer);
 
         var (_, customerGateway, paymentMethodGateway) = SetupBraintree(sutProvider.GetDependency<IBraintreeGateway>());
@@ -1042,7 +832,7 @@ public class SubscriberServiceTests
         };
 
         sutProvider.GetDependency<IStripeAdapter>()
-            .CustomerGetAsync(organization.GatewayCustomerId, Arg.Any<CustomerGetOptions>())
+            .GetCustomerAsync(organization.GatewayCustomerId, Arg.Any<CustomerGetOptions>())
             .Returns(stripeCustomer);
 
         var (_, customerGateway, paymentMethodGateway) = SetupBraintree(sutProvider.GetDependency<IBraintreeGateway>());
@@ -1097,7 +887,7 @@ public class SubscriberServiceTests
         };
 
         sutProvider.GetDependency<IStripeAdapter>()
-            .CustomerGetAsync(organization.GatewayCustomerId, Arg.Any<CustomerGetOptions>())
+            .GetCustomerAsync(organization.GatewayCustomerId, Arg.Any<CustomerGetOptions>())
             .Returns(stripeCustomer);
 
         var (_, customerGateway, paymentMethodGateway) = SetupBraintree(sutProvider.GetDependency<IBraintreeGateway>());
@@ -1156,21 +946,21 @@ public class SubscriberServiceTests
         var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
 
         stripeAdapter
-            .CustomerGetAsync(organization.GatewayCustomerId, Arg.Any<CustomerGetOptions>())
+            .GetCustomerAsync(organization.GatewayCustomerId, Arg.Any<CustomerGetOptions>())
             .Returns(stripeCustomer);
 
         stripeAdapter
-            .PaymentMethodListAutoPagingAsync(Arg.Any<PaymentMethodListOptions>())
+            .ListPaymentMethodsAutoPagingAsync(Arg.Any<PaymentMethodListOptions>())
             .Returns(GetPaymentMethodsAsync(new List<PaymentMethod>()));
 
         await sutProvider.Sut.RemovePaymentSource(organization);
 
-        await stripeAdapter.Received(1).BankAccountDeleteAsync(stripeCustomer.Id, bankAccountId);
+        await stripeAdapter.Received(1).DeleteBankAccountAsync(stripeCustomer.Id, bankAccountId);
 
-        await stripeAdapter.Received(1).CardDeleteAsync(stripeCustomer.Id, cardId);
+        await stripeAdapter.Received(1).DeleteCardAsync(stripeCustomer.Id, cardId);
 
         await stripeAdapter.DidNotReceiveWithAnyArgs()
-            .PaymentMethodDetachAsync(Arg.Any<string>(), Arg.Any<PaymentMethodDetachOptions>());
+            .DetachPaymentMethodAsync(Arg.Any<string>(), Arg.Any<PaymentMethodDetachOptions>());
     }
 
     [Theory, BitAutoData]
@@ -1188,11 +978,11 @@ public class SubscriberServiceTests
         var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
 
         stripeAdapter
-            .CustomerGetAsync(organization.GatewayCustomerId, Arg.Any<CustomerGetOptions>())
+            .GetCustomerAsync(organization.GatewayCustomerId, Arg.Any<CustomerGetOptions>())
             .Returns(stripeCustomer);
 
         stripeAdapter
-            .PaymentMethodListAutoPagingAsync(Arg.Any<PaymentMethodListOptions>())
+            .ListPaymentMethodsAutoPagingAsync(Arg.Any<PaymentMethodListOptions>())
             .Returns(GetPaymentMethodsAsync(new List<PaymentMethod>
             {
                 new ()
@@ -1207,15 +997,15 @@ public class SubscriberServiceTests
 
         await sutProvider.Sut.RemovePaymentSource(organization);
 
-        await stripeAdapter.DidNotReceiveWithAnyArgs().BankAccountDeleteAsync(Arg.Any<string>(), Arg.Any<string>());
+        await stripeAdapter.DidNotReceiveWithAnyArgs().DeleteBankAccountAsync(Arg.Any<string>(), Arg.Any<string>());
 
-        await stripeAdapter.DidNotReceiveWithAnyArgs().CardDeleteAsync(Arg.Any<string>(), Arg.Any<string>());
+        await stripeAdapter.DidNotReceiveWithAnyArgs().DeleteCardAsync(Arg.Any<string>(), Arg.Any<string>());
 
         await stripeAdapter.Received(1)
-            .PaymentMethodDetachAsync(bankAccountId);
+            .DetachPaymentMethodAsync(bankAccountId);
 
         await stripeAdapter.Received(1)
-            .PaymentMethodDetachAsync(cardId);
+            .DetachPaymentMethodAsync(cardId);
     }
 
     private static async IAsyncEnumerable<PaymentMethod> GetPaymentMethodsAsync(
@@ -1260,7 +1050,7 @@ public class SubscriberServiceTests
         Provider provider,
         SutProvider<SubscriberService> sutProvider)
     {
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(provider.GatewayCustomerId)
+        sutProvider.GetDependency<IStripeAdapter>().GetCustomerAsync(provider.GatewayCustomerId)
             .Returns(new Customer());
 
         await ThrowsBillingExceptionAsync(() =>
@@ -1272,7 +1062,7 @@ public class SubscriberServiceTests
         Provider provider,
         SutProvider<SubscriberService> sutProvider)
     {
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(provider.GatewayCustomerId)
+        sutProvider.GetDependency<IStripeAdapter>().GetCustomerAsync(provider.GatewayCustomerId)
             .Returns(new Customer());
 
         await ThrowsBillingExceptionAsync(() =>
@@ -1286,10 +1076,10 @@ public class SubscriberServiceTests
     {
         var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
 
-        stripeAdapter.CustomerGetAsync(provider.GatewayCustomerId)
+        stripeAdapter.GetCustomerAsync(provider.GatewayCustomerId)
             .Returns(new Customer());
 
-        stripeAdapter.SetupIntentList(Arg.Is<SetupIntentListOptions>(options => options.PaymentMethod == "TOKEN"))
+        stripeAdapter.ListSetupIntentsAsync(Arg.Is<SetupIntentListOptions>(options => options.PaymentMethod == "TOKEN"))
             .Returns([new SetupIntent(), new SetupIntent()]);
 
         await ThrowsBillingExceptionAsync(() =>
@@ -1303,7 +1093,7 @@ public class SubscriberServiceTests
     {
         var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
 
-        stripeAdapter.CustomerGetAsync(
+        stripeAdapter.GetCustomerAsync(
                 provider.GatewayCustomerId,
                 Arg.Is<CustomerGetOptions>(p => p.Expand.Contains("tax") || p.Expand.Contains("tax_ids")))
             .Returns(new Customer
@@ -1317,10 +1107,10 @@ public class SubscriberServiceTests
 
         var matchingSetupIntent = new SetupIntent { Id = "setup_intent_1" };
 
-        stripeAdapter.SetupIntentList(Arg.Is<SetupIntentListOptions>(options => options.PaymentMethod == "TOKEN"))
+        stripeAdapter.ListSetupIntentsAsync(Arg.Is<SetupIntentListOptions>(options => options.PaymentMethod == "TOKEN"))
             .Returns([matchingSetupIntent]);
 
-        stripeAdapter.CustomerListPaymentMethods(provider.GatewayCustomerId).Returns([
+        stripeAdapter.ListCustomerPaymentMethodsAsync(provider.GatewayCustomerId).Returns([
             new PaymentMethod { Id = "payment_method_1" }
         ]);
 
@@ -1329,12 +1119,12 @@ public class SubscriberServiceTests
 
         await sutProvider.GetDependency<ISetupIntentCache>().Received(1).Set(provider.Id, "setup_intent_1");
 
-        await stripeAdapter.DidNotReceive().SetupIntentCancel(Arg.Any<string>(),
+        await stripeAdapter.DidNotReceive().CancelSetupIntentAsync(Arg.Any<string>(),
             Arg.Any<SetupIntentCancelOptions>());
 
-        await stripeAdapter.Received(1).PaymentMethodDetachAsync("payment_method_1");
+        await stripeAdapter.Received(1).DetachPaymentMethodAsync("payment_method_1");
 
-        await stripeAdapter.Received(1).CustomerUpdateAsync(provider.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(
+        await stripeAdapter.Received(1).UpdateCustomerAsync(provider.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(
             options => options.Metadata[Core.Billing.Utilities.BraintreeCustomerIdKey] == null));
     }
 
@@ -1345,7 +1135,7 @@ public class SubscriberServiceTests
     {
         var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
 
-        stripeAdapter.CustomerGetAsync(
+        stripeAdapter.GetCustomerAsync(
                 provider.GatewayCustomerId,
                 Arg.Is<CustomerGetOptions>(p => p.Expand.Contains("tax") || p.Expand.Contains("tax_ids"))
                 )
@@ -1358,22 +1148,22 @@ public class SubscriberServiceTests
                 }
             });
 
-        stripeAdapter.CustomerListPaymentMethods(provider.GatewayCustomerId).Returns([
+        stripeAdapter.ListCustomerPaymentMethodsAsync(provider.GatewayCustomerId).Returns([
             new PaymentMethod { Id = "payment_method_1" }
         ]);
 
         await sutProvider.Sut.UpdatePaymentSource(provider,
             new TokenizedPaymentSource(PaymentMethodType.Card, "TOKEN"));
 
-        await stripeAdapter.DidNotReceive().SetupIntentCancel(Arg.Any<string>(),
+        await stripeAdapter.DidNotReceive().CancelSetupIntentAsync(Arg.Any<string>(),
             Arg.Any<SetupIntentCancelOptions>());
 
-        await stripeAdapter.Received(1).PaymentMethodDetachAsync("payment_method_1");
+        await stripeAdapter.Received(1).DetachPaymentMethodAsync("payment_method_1");
 
-        await stripeAdapter.Received(1).PaymentMethodAttachAsync("TOKEN", Arg.Is<PaymentMethodAttachOptions>(
+        await stripeAdapter.Received(1).AttachPaymentMethodAsync("TOKEN", Arg.Is<PaymentMethodAttachOptions>(
             options => options.Customer == provider.GatewayCustomerId));
 
-        await stripeAdapter.Received(1).CustomerUpdateAsync(provider.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(
+        await stripeAdapter.Received(1).UpdateCustomerAsync(provider.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(
             options =>
                 options.InvoiceSettings.DefaultPaymentMethod == "TOKEN" &&
                 options.Metadata[Core.Billing.Utilities.BraintreeCustomerIdKey] == null));
@@ -1386,7 +1176,7 @@ public class SubscriberServiceTests
     {
         const string braintreeCustomerId = "braintree_customer_id";
 
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(provider.GatewayCustomerId)
+        sutProvider.GetDependency<IStripeAdapter>().GetCustomerAsync(provider.GatewayCustomerId)
             .Returns(new Customer
             {
                 Id = provider.GatewayCustomerId,
@@ -1412,7 +1202,7 @@ public class SubscriberServiceTests
     {
         const string braintreeCustomerId = "braintree_customer_id";
 
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(provider.GatewayCustomerId)
+        sutProvider.GetDependency<IStripeAdapter>().GetCustomerAsync(provider.GatewayCustomerId)
             .Returns(new Customer
             {
                 Id = provider.GatewayCustomerId,
@@ -1450,7 +1240,7 @@ public class SubscriberServiceTests
     {
         const string braintreeCustomerId = "braintree_customer_id";
 
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(
+        sutProvider.GetDependency<IStripeAdapter>().GetCustomerAsync(
                 provider.GatewayCustomerId,
                 Arg.Is<CustomerGetOptions>(p => p.Expand.Contains("tax") || p.Expand.Contains("tax_ids")))
             .Returns(new Customer
@@ -1504,7 +1294,7 @@ public class SubscriberServiceTests
     {
         const string braintreeCustomerId = "braintree_customer_id";
 
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(
+        sutProvider.GetDependency<IStripeAdapter>().GetCustomerAsync(
                 provider.GatewayCustomerId,
                 Arg.Is<CustomerGetOptions>(p => p.Expand.Contains("tax") || p.Expand.Contains("tax_ids")))
             .Returns(new Customer
@@ -1573,7 +1363,7 @@ public class SubscriberServiceTests
     {
         const string braintreeCustomerId = "braintree_customer_id";
 
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(provider.GatewayCustomerId)
+        sutProvider.GetDependency<IStripeAdapter>().GetCustomerAsync(provider.GatewayCustomerId)
             .Returns(new Customer
             {
                 Id = provider.GatewayCustomerId
@@ -1605,7 +1395,7 @@ public class SubscriberServiceTests
                 new TokenizedPaymentSource(PaymentMethodType.PayPal, "TOKEN")));
 
         await sutProvider.GetDependency<IStripeAdapter>().DidNotReceiveWithAnyArgs()
-            .CustomerUpdateAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>());
+            .UpdateCustomerAsync(Arg.Any<string>(), Arg.Any<CustomerUpdateOptions>());
     }
 
     [Theory, BitAutoData]
@@ -1615,7 +1405,7 @@ public class SubscriberServiceTests
     {
         const string braintreeCustomerId = "braintree_customer_id";
 
-        sutProvider.GetDependency<IStripeAdapter>().CustomerGetAsync(
+        sutProvider.GetDependency<IStripeAdapter>().GetCustomerAsync(
                 provider.GatewayCustomerId,
                 Arg.Is<CustomerGetOptions>(p => p.Expand.Contains("tax") || p.Expand.Contains("tax_ids")))
             .Returns(new Customer
@@ -1652,7 +1442,7 @@ public class SubscriberServiceTests
         await sutProvider.Sut.UpdatePaymentSource(provider,
             new TokenizedPaymentSource(PaymentMethodType.PayPal, "TOKEN"));
 
-        await sutProvider.GetDependency<IStripeAdapter>().Received(1).CustomerUpdateAsync(provider.GatewayCustomerId,
+        await sutProvider.GetDependency<IStripeAdapter>().Received(1).UpdateCustomerAsync(provider.GatewayCustomerId,
             Arg.Is<CustomerUpdateOptions>(
                 options => options.Metadata[Core.Billing.Utilities.BraintreeCustomerIdKey] == braintreeCustomerId));
     }
@@ -1683,7 +1473,7 @@ public class SubscriberServiceTests
 
         var customer = new Customer { Id = provider.GatewayCustomerId, TaxIds = new StripeList<TaxId> { Data = [new TaxId { Id = "tax_id_1", Type = "us_ein" }] } };
 
-        stripeAdapter.CustomerGetAsync(provider.GatewayCustomerId, Arg.Is<CustomerGetOptions>(
+        stripeAdapter.GetCustomerAsync(provider.GatewayCustomerId, Arg.Is<CustomerGetOptions>(
             options => options.Expand.Contains("tax_ids"))).Returns(customer);
 
         var taxInformation = new TaxInformation(
@@ -1697,7 +1487,7 @@ public class SubscriberServiceTests
             "NY");
 
         sutProvider.GetDependency<IStripeAdapter>()
-            .CustomerUpdateAsync(
+            .UpdateCustomerAsync(
                 Arg.Is<string>(p => p == provider.GatewayCustomerId),
                 Arg.Is<CustomerUpdateOptions>(options =>
                     options.Address.Country == "US" &&
@@ -1732,12 +1522,12 @@ public class SubscriberServiceTests
             });
 
         var subscription = new Subscription { Items = new StripeList<SubscriptionItem>() };
-        sutProvider.GetDependency<IStripeAdapter>().SubscriptionGetAsync(Arg.Any<string>())
+        sutProvider.GetDependency<IStripeAdapter>().GetSubscriptionAsync(Arg.Any<string>())
             .Returns(subscription);
 
         await sutProvider.Sut.UpdateTaxInformation(provider, taxInformation);
 
-        await stripeAdapter.Received(1).CustomerUpdateAsync(provider.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(
+        await stripeAdapter.Received(1).UpdateCustomerAsync(provider.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(
             options =>
                 options.Address.Country == taxInformation.Country &&
                 options.Address.PostalCode == taxInformation.PostalCode &&
@@ -1746,13 +1536,13 @@ public class SubscriberServiceTests
                 options.Address.City == taxInformation.City &&
                 options.Address.State == taxInformation.State));
 
-        await stripeAdapter.Received(1).TaxIdDeleteAsync(provider.GatewayCustomerId, "tax_id_1");
+        await stripeAdapter.Received(1).DeleteTaxIdAsync(provider.GatewayCustomerId, "tax_id_1");
 
-        await stripeAdapter.Received(1).TaxIdCreateAsync(provider.GatewayCustomerId, Arg.Is<TaxIdCreateOptions>(
+        await stripeAdapter.Received(1).CreateTaxIdAsync(provider.GatewayCustomerId, Arg.Is<TaxIdCreateOptions>(
             options => options.Type == "us_ein" &&
                        options.Value == taxInformation.TaxId));
 
-        await stripeAdapter.Received(1).SubscriptionUpdateAsync(provider.GatewaySubscriptionId,
+        await stripeAdapter.Received(1).UpdateSubscriptionAsync(provider.GatewaySubscriptionId,
             Arg.Is<SubscriptionUpdateOptions>(options => options.AutomaticTax.Enabled == true));
     }
 
@@ -1765,7 +1555,7 @@ public class SubscriberServiceTests
 
         var customer = new Customer { Id = provider.GatewayCustomerId, TaxIds = new StripeList<TaxId> { Data = [new TaxId { Id = "tax_id_1", Type = "us_ein" }] } };
 
-        stripeAdapter.CustomerGetAsync(provider.GatewayCustomerId, Arg.Is<CustomerGetOptions>(
+        stripeAdapter.GetCustomerAsync(provider.GatewayCustomerId, Arg.Is<CustomerGetOptions>(
             options => options.Expand.Contains("tax_ids"))).Returns(customer);
 
         var taxInformation = new TaxInformation(
@@ -1779,7 +1569,7 @@ public class SubscriberServiceTests
             "NY");
 
         sutProvider.GetDependency<IStripeAdapter>()
-            .CustomerUpdateAsync(
+            .UpdateCustomerAsync(
                 Arg.Is<string>(p => p == provider.GatewayCustomerId),
                 Arg.Is<CustomerUpdateOptions>(options =>
                     options.Address.Country == "CA" &&
@@ -1815,12 +1605,12 @@ public class SubscriberServiceTests
             });
 
         var subscription = new Subscription { Items = new StripeList<SubscriptionItem>() };
-        sutProvider.GetDependency<IStripeAdapter>().SubscriptionGetAsync(Arg.Any<string>())
+        sutProvider.GetDependency<IStripeAdapter>().GetSubscriptionAsync(Arg.Any<string>())
             .Returns(subscription);
 
         await sutProvider.Sut.UpdateTaxInformation(provider, taxInformation);
 
-        await stripeAdapter.Received(1).CustomerUpdateAsync(provider.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(
+        await stripeAdapter.Received(1).UpdateCustomerAsync(provider.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(
             options =>
                 options.Address.Country == taxInformation.Country &&
                 options.Address.PostalCode == taxInformation.PostalCode &&
@@ -1829,63 +1619,21 @@ public class SubscriberServiceTests
                 options.Address.City == taxInformation.City &&
                 options.Address.State == taxInformation.State));
 
-        await stripeAdapter.Received(1).TaxIdDeleteAsync(provider.GatewayCustomerId, "tax_id_1");
+        await stripeAdapter.Received(1).DeleteTaxIdAsync(provider.GatewayCustomerId, "tax_id_1");
 
-        await stripeAdapter.Received(1).TaxIdCreateAsync(provider.GatewayCustomerId, Arg.Is<TaxIdCreateOptions>(
+        await stripeAdapter.Received(1).CreateTaxIdAsync(provider.GatewayCustomerId, Arg.Is<TaxIdCreateOptions>(
             options => options.Type == "us_ein" &&
                        options.Value == taxInformation.TaxId));
 
-        await stripeAdapter.Received(1).CustomerUpdateAsync(provider.GatewayCustomerId,
+        await stripeAdapter.Received(1).UpdateCustomerAsync(provider.GatewayCustomerId,
             Arg.Is<CustomerUpdateOptions>(options => options.TaxExempt == StripeConstants.TaxExempt.Reverse));
 
-        await stripeAdapter.Received(1).SubscriptionUpdateAsync(provider.GatewaySubscriptionId,
+        await stripeAdapter.Received(1).UpdateSubscriptionAsync(provider.GatewaySubscriptionId,
             Arg.Is<SubscriptionUpdateOptions>(options => options.AutomaticTax.Enabled == true));
     }
 
     #endregion
 
-    #region VerifyBankAccount
-
-    [Theory, BitAutoData]
-    public async Task VerifyBankAccount_NoSetupIntentId_ThrowsBillingException(
-        Provider provider,
-        SutProvider<SubscriberService> sutProvider) => await ThrowsBillingExceptionAsync(() => sutProvider.Sut.VerifyBankAccount(provider, ""));
-
-    [Theory, BitAutoData]
-    public async Task VerifyBankAccount_MakesCorrectInvocations(
-        Provider provider,
-        SutProvider<SubscriberService> sutProvider)
-    {
-        const string descriptorCode = "SM1234";
-
-        var setupIntent = new SetupIntent
-        {
-            Id = "setup_intent_id",
-            PaymentMethodId = "payment_method_id"
-        };
-
-        sutProvider.GetDependency<ISetupIntentCache>().GetSetupIntentIdForSubscriber(provider.Id).Returns(setupIntent.Id);
-
-        var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
-
-        stripeAdapter.SetupIntentGet(setupIntent.Id).Returns(setupIntent);
-
-        await sutProvider.Sut.VerifyBankAccount(provider, descriptorCode);
-
-        await stripeAdapter.Received(1).SetupIntentVerifyMicroDeposit(setupIntent.Id,
-            Arg.Is<SetupIntentVerifyMicrodepositsOptions>(
-                options => options.DescriptorCode == descriptorCode));
-
-        await stripeAdapter.Received(1).PaymentMethodAttachAsync(setupIntent.PaymentMethodId,
-            Arg.Is<PaymentMethodAttachOptions>(
-                options => options.Customer == provider.GatewayCustomerId));
-
-        await stripeAdapter.Received(1).CustomerUpdateAsync(provider.GatewayCustomerId, Arg.Is<CustomerUpdateOptions>(
-            options => options.InvoiceSettings.DefaultPaymentMethod == setupIntent.PaymentMethodId));
-    }
-
-    #endregion
-
     #region IsValidGatewayCustomerIdAsync
 
     [Theory, BitAutoData]
@@ -1907,7 +1655,7 @@ public class SubscriberServiceTests
 
         Assert.True(result);
         await sutProvider.GetDependency<IStripeAdapter>().DidNotReceiveWithAnyArgs()
-            .CustomerGetAsync(Arg.Any<string>());
+            .GetCustomerAsync(Arg.Any<string>());
     }
 
     [Theory, BitAutoData]
@@ -1921,7 +1669,7 @@ public class SubscriberServiceTests
 
         Assert.True(result);
         await sutProvider.GetDependency<IStripeAdapter>().DidNotReceiveWithAnyArgs()
-            .CustomerGetAsync(Arg.Any<string>());
+            .GetCustomerAsync(Arg.Any<string>());
     }
 
     [Theory, BitAutoData]
@@ -1930,12 +1678,12 @@ public class SubscriberServiceTests
         SutProvider<SubscriberService> sutProvider)
     {
         var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
-        stripeAdapter.CustomerGetAsync(organization.GatewayCustomerId).Returns(new Customer());
+        stripeAdapter.GetCustomerAsync(organization.GatewayCustomerId).Returns(new Customer());
 
         var result = await sutProvider.Sut.IsValidGatewayCustomerIdAsync(organization);
 
         Assert.True(result);
-        await stripeAdapter.Received(1).CustomerGetAsync(organization.GatewayCustomerId);
+        await stripeAdapter.Received(1).GetCustomerAsync(organization.GatewayCustomerId);
     }
 
     [Theory, BitAutoData]
@@ -1945,12 +1693,12 @@ public class SubscriberServiceTests
     {
         var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
         var stripeException = new StripeException { StripeError = new StripeError { Code = "resource_missing" } };
-        stripeAdapter.CustomerGetAsync(organization.GatewayCustomerId).Throws(stripeException);
+        stripeAdapter.GetCustomerAsync(organization.GatewayCustomerId).Throws(stripeException);
 
         var result = await sutProvider.Sut.IsValidGatewayCustomerIdAsync(organization);
 
         Assert.False(result);
-        await stripeAdapter.Received(1).CustomerGetAsync(organization.GatewayCustomerId);
+        await stripeAdapter.Received(1).GetCustomerAsync(organization.GatewayCustomerId);
     }
 
     #endregion
@@ -1976,7 +1724,7 @@ public class SubscriberServiceTests
 
         Assert.True(result);
         await sutProvider.GetDependency<IStripeAdapter>().DidNotReceiveWithAnyArgs()
-            .SubscriptionGetAsync(Arg.Any<string>());
+            .GetSubscriptionAsync(Arg.Any<string>());
     }
 
     [Theory, BitAutoData]
@@ -1990,7 +1738,7 @@ public class SubscriberServiceTests
 
         Assert.True(result);
         await sutProvider.GetDependency<IStripeAdapter>().DidNotReceiveWithAnyArgs()
-            .SubscriptionGetAsync(Arg.Any<string>());
+            .GetSubscriptionAsync(Arg.Any<string>());
     }
 
     [Theory, BitAutoData]
@@ -1999,12 +1747,12 @@ public class SubscriberServiceTests
         SutProvider<SubscriberService> sutProvider)
     {
         var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
-        stripeAdapter.SubscriptionGetAsync(organization.GatewaySubscriptionId).Returns(new Subscription());
+        stripeAdapter.GetSubscriptionAsync(organization.GatewaySubscriptionId).Returns(new Subscription());
 
         var result = await sutProvider.Sut.IsValidGatewaySubscriptionIdAsync(organization);
 
         Assert.True(result);
-        await stripeAdapter.Received(1).SubscriptionGetAsync(organization.GatewaySubscriptionId);
+        await stripeAdapter.Received(1).GetSubscriptionAsync(organization.GatewaySubscriptionId);
     }
 
     [Theory, BitAutoData]
@@ -2014,12 +1762,12 @@ public class SubscriberServiceTests
     {
         var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
         var stripeException = new StripeException { StripeError = new StripeError { Code = "resource_missing" } };
-        stripeAdapter.SubscriptionGetAsync(organization.GatewaySubscriptionId).Throws(stripeException);
+        stripeAdapter.GetSubscriptionAsync(organization.GatewaySubscriptionId).Throws(stripeException);
 
         var result = await sutProvider.Sut.IsValidGatewaySubscriptionIdAsync(organization);
 
         Assert.False(result);
-        await stripeAdapter.Received(1).SubscriptionGetAsync(organization.GatewaySubscriptionId);
+        await stripeAdapter.Received(1).GetSubscriptionAsync(organization.GatewaySubscriptionId);
     }
 
     #endregion

test/Core.Test/Billing/Subscriptions/RestartSubscriptionCommandTests.cs

@@ -6,7 +6,6 @@ using Bit.Core.Billing.Services;
 using Bit.Core.Billing.Subscriptions.Commands;
 using Bit.Core.Entities;
 using Bit.Core.Repositories;
-using Bit.Core.Services;
 using NSubstitute;
 using Stripe;
 using Xunit;
@@ -98,13 +97,13 @@ public class RestartSubscriptionCommandTests
         };
 
         _subscriberService.GetSubscription(organization).Returns(existingSubscription);
-        _stripeAdapter.SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(newSubscription);
+        _stripeAdapter.CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(newSubscription);
 
         var result = await _command.Run(organization);
 
         Assert.True(result.IsT0);
 
-        await _stripeAdapter.Received(1).SubscriptionCreateAsync(Arg.Is((SubscriptionCreateOptions options) =>
+        await _stripeAdapter.Received(1).CreateSubscriptionAsync(Arg.Is((SubscriptionCreateOptions options) =>
             options.AutomaticTax.Enabled == true &&
             options.CollectionMethod == CollectionMethod.ChargeAutomatically &&
             options.Customer == "cus_123" &&
@@ -154,13 +153,13 @@ public class RestartSubscriptionCommandTests
         };
 
         _subscriberService.GetSubscription(provider).Returns(existingSubscription);
-        _stripeAdapter.SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(newSubscription);
+        _stripeAdapter.CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(newSubscription);
 
         var result = await _command.Run(provider);
 
         Assert.True(result.IsT0);
 
-        await _stripeAdapter.Received(1).SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>());
+        await _stripeAdapter.Received(1).CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>());
 
         await _providerRepository.Received(1).ReplaceAsync(Arg.Is<Provider>(prov =>
             prov.Id == providerId &&
@@ -199,13 +198,13 @@ public class RestartSubscriptionCommandTests
         };
 
         _subscriberService.GetSubscription(user).Returns(existingSubscription);
-        _stripeAdapter.SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(newSubscription);
+        _stripeAdapter.CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>()).Returns(newSubscription);
 
         var result = await _command.Run(user);
 
         Assert.True(result.IsT0);
 
-        await _stripeAdapter.Received(1).SubscriptionCreateAsync(Arg.Any<SubscriptionCreateOptions>());
+        await _stripeAdapter.Received(1).CreateSubscriptionAsync(Arg.Any<SubscriptionCreateOptions>());
 
         await _userRepository.Received(1).ReplaceAsync(Arg.Is<User>(u =>
             u.Id == userId &&

test/Core.Test/Context/CurrentContextTests.cs

@@ -107,30 +107,6 @@ public class CurrentContextTests
         Assert.Equal(deviceType, sutProvider.Sut.DeviceType);
     }
 
-    [Theory, BitAutoData]
-    public async Task BuildAsync_HttpContext_SetsCloudflareFlags(
-        SutProvider<CurrentContext> sutProvider)
-    {
-        var httpContext = new DefaultHttpContext();
-        var globalSettings = new Core.Settings.GlobalSettings();
-        sutProvider.Sut.BotScore = null;
-        // Arrange
-        var botScore = 85;
-        httpContext.Request.Headers["X-Cf-Bot-Score"] = botScore.ToString();
-        httpContext.Request.Headers["X-Cf-Worked-Proxied"] = "1";
-        httpContext.Request.Headers["X-Cf-Is-Bot"] = "1";
-        httpContext.Request.Headers["X-Cf-Maybe-Bot"] = "1";
-
-        // Act
-        await sutProvider.Sut.BuildAsync(httpContext, globalSettings);
-
-        // Assert
-        Assert.True(sutProvider.Sut.CloudflareWorkerProxied);
-        Assert.True(sutProvider.Sut.IsBot);
-        Assert.True(sutProvider.Sut.MaybeBot);
-        Assert.Equal(botScore, sutProvider.Sut.BotScore);
-    }
-
     [Theory, BitAutoData]
     public async Task BuildAsync_HttpContext_SetsClientVersion(
         SutProvider<CurrentContext> sutProvider)

test/Core.Test/KeyManagement/Queries/KeyConnectorConfirmationDetailsQueryTests.cs

@@ -0,0 +1,86 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.Entities;
+using Bit.Core.Exceptions;
+using Bit.Core.KeyManagement.Queries;
+using Bit.Core.Repositories;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.KeyManagement.Queries;
+
+[SutProviderCustomize]
+public class KeyConnectorConfirmationDetailsQueryTests
+{
+    [Theory]
+    [BitAutoData]
+    public async Task Run_OrganizationNotFound_Throws(SutProvider<KeyConnectorConfirmationDetailsQuery> sutProvider,
+        Guid userId, string orgSsoIdentifier)
+    {
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.Run(orgSsoIdentifier, userId));
+
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
+            .ReceivedWithAnyArgs(0)
+            .GetByOrganizationAsync(Arg.Any<Guid>(), Arg.Any<Guid>());
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task Run_OrganizationNotKeyConnector_Throws(
+        SutProvider<KeyConnectorConfirmationDetailsQuery> sutProvider,
+        Guid userId, string orgSsoIdentifier, Organization org)
+    {
+        org.Identifier = orgSsoIdentifier;
+        org.UseKeyConnector = false;
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdentifierAsync(orgSsoIdentifier).Returns(org);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.Run(orgSsoIdentifier, userId));
+
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
+            .ReceivedWithAnyArgs(0)
+            .GetByOrganizationAsync(Arg.Any<Guid>(), Arg.Any<Guid>());
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task Run_OrganizationUserNotFound_Throws(SutProvider<KeyConnectorConfirmationDetailsQuery> sutProvider,
+        Guid userId, string orgSsoIdentifier
+        , Organization org)
+    {
+        org.Identifier = orgSsoIdentifier;
+        org.UseKeyConnector = true;
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdentifierAsync(orgSsoIdentifier).Returns(org);
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetByOrganizationAsync(Arg.Any<Guid>(), Arg.Any<Guid>()).Returns(Task.FromResult<OrganizationUser>(null));
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.Run(orgSsoIdentifier, userId));
+
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
+            .Received(1)
+            .GetByOrganizationAsync(org.Id, userId);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task Run_Success(SutProvider<KeyConnectorConfirmationDetailsQuery> sutProvider, Guid userId,
+        string orgSsoIdentifier
+        , Organization org, OrganizationUser orgUser)
+    {
+        org.Identifier = orgSsoIdentifier;
+        org.UseKeyConnector = true;
+        orgUser.OrganizationId = org.Id;
+        orgUser.UserId = userId;
+
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdentifierAsync(orgSsoIdentifier).Returns(org);
+        sutProvider.GetDependency<IOrganizationUserRepository>().GetByOrganizationAsync(org.Id, userId)
+            .Returns(orgUser);
+
+        var result = await sutProvider.Sut.Run(orgSsoIdentifier, userId);
+
+        Assert.Equal(org.Name, result.OrganizationName);
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
+            .Received(1)
+            .GetByOrganizationAsync(org.Id, userId);
+    }
+}

test/Core.Test/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/CancelSponsorshipCommandTestsBase.cs

@@ -1,4 +1,5 @@
 using Bit.Core.AdminConsole.Entities;
+using Bit.Core.Billing.Services;
 using Bit.Core.Entities;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@@ -12,7 +13,7 @@ public abstract class CancelSponsorshipCommandTestsBase : FamiliesForEnterpriseT
     protected async Task AssertRemovedSponsoredPaymentAsync<T>(Organization sponsoredOrg,
 OrganizationSponsorship sponsorship, SutProvider<T> sutProvider)
     {
-        await sutProvider.GetDependency<IPaymentService>().Received(1)
+        await sutProvider.GetDependency<IStripePaymentService>().Received(1)
             .RemoveOrganizationSponsorshipAsync(sponsoredOrg, sponsorship);
         await sutProvider.GetDependency<IOrganizationRepository>().Received(1).UpsertAsync(sponsoredOrg);
         if (sponsorship != null)
@@ -46,7 +47,7 @@ OrganizationSponsorship sponsorship, SutProvider<T> sutProvider)
 
     protected static async Task AssertDidNotRemoveSponsoredPaymentAsync<T>(SutProvider<T> sutProvider)
     {
-        await sutProvider.GetDependency<IPaymentService>().DidNotReceiveWithAnyArgs()
+        await sutProvider.GetDependency<IStripePaymentService>().DidNotReceiveWithAnyArgs()
             .RemoveOrganizationSponsorshipAsync(default, default);
         await sutProvider.GetDependency<IOrganizationRepository>().DidNotReceiveWithAnyArgs()
             .UpsertAsync(default);

test/Core.Test/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/Cloud/SetUpSponsorshipCommandTests.cs

@@ -1,10 +1,10 @@
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.Billing.Enums;
+using Bit.Core.Billing.Services;
 using Bit.Core.Entities;
 using Bit.Core.Exceptions;
 using Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnterprise.Cloud;
 using Bit.Core.Repositories;
-using Bit.Core.Services;
 using Bit.Core.Test.AutoFixture.OrganizationSponsorshipFixtures;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
@@ -82,7 +82,7 @@ public class SetUpSponsorshipCommandTests : FamiliesForEnterpriseTestsBase
 
     private static async Task AssertDidNotSetUpAsync(SutProvider<SetUpSponsorshipCommand> sutProvider)
     {
-        await sutProvider.GetDependency<IPaymentService>()
+        await sutProvider.GetDependency<IStripePaymentService>()
             .DidNotReceiveWithAnyArgs()
             .SponsorOrganizationAsync(default, default);
         await sutProvider.GetDependency<IOrganizationRepository>()

test/Core.Test/OrganizationFeatures/OrganizationSubscriptionUpdate/AddSecretsManagerSubscriptionCommandTests.cs

@@ -4,6 +4,7 @@ using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Billing.Pricing;
+using Bit.Core.Billing.Services;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Business;
 using Bit.Core.Models.StaticStore;
@@ -54,7 +55,7 @@ public class AddSecretsManagerSubscriptionCommandTests
                 c.AdditionalServiceAccounts == additionalServiceAccounts &&
                 c.AdditionalSeats == organization.Seats.GetValueOrDefault()));
 
-        await sutProvider.GetDependency<IPaymentService>().Received()
+        await sutProvider.GetDependency<IStripePaymentService>().Received()
             .AddSecretsManagerToSubscription(organization, plan, additionalSmSeats, additionalServiceAccounts);
 
         // TODO: call ReferenceEventService - see AC-1481
@@ -150,7 +151,7 @@ public class AddSecretsManagerSubscriptionCommandTests
 
     private static async Task VerifyDependencyNotCalledAsync(SutProvider<AddSecretsManagerSubscriptionCommand> sutProvider)
     {
-        await sutProvider.GetDependency<IPaymentService>().DidNotReceive()
+        await sutProvider.GetDependency<IStripePaymentService>().DidNotReceive()
             .AddSecretsManagerToSubscription(Arg.Any<Organization>(), Arg.Any<Plan>(), Arg.Any<int>(), Arg.Any<int>());
 
         // TODO: call ReferenceEventService - see AC-1481

test/Core.Test/OrganizationFeatures/OrganizationSubscriptionUpdate/UpdateSecretsManagerSubscriptionCommandTests.cs

@@ -1,5 +1,6 @@
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.Billing.Enums;
+using Bit.Core.Billing.Services;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Business;
@@ -86,9 +87,9 @@ public class UpdateSecretsManagerSubscriptionCommandTests
 
         await sutProvider.Sut.UpdateSubscriptionAsync(update);
 
-        await sutProvider.GetDependency<IPaymentService>().Received(1)
+        await sutProvider.GetDependency<IStripePaymentService>().Received(1)
             .AdjustSmSeatsAsync(organization, plan, update.SmSeatsExcludingBase);
-        await sutProvider.GetDependency<IPaymentService>().Received(1)
+        await sutProvider.GetDependency<IStripePaymentService>().Received(1)
             .AdjustServiceAccountsAsync(organization, plan, update.SmServiceAccountsExcludingBase);
 
         // TODO: call ReferenceEventService - see AC-1481
@@ -136,9 +137,9 @@ public class UpdateSecretsManagerSubscriptionCommandTests
 
         await sutProvider.Sut.UpdateSubscriptionAsync(update);
 
-        await sutProvider.GetDependency<IPaymentService>().Received(1)
+        await sutProvider.GetDependency<IStripePaymentService>().Received(1)
             .AdjustSmSeatsAsync(organization, plan, update.SmSeatsExcludingBase);
-        await sutProvider.GetDependency<IPaymentService>().Received(1)
+        await sutProvider.GetDependency<IStripePaymentService>().Received(1)
             .AdjustServiceAccountsAsync(organization, plan, update.SmServiceAccountsExcludingBase);
 
         // TODO: call ReferenceEventService - see AC-1481
@@ -258,7 +259,7 @@ public class UpdateSecretsManagerSubscriptionCommandTests
 
         await sutProvider.Sut.UpdateSubscriptionAsync(update);
 
-        await sutProvider.GetDependency<IPaymentService>().Received(1).AdjustServiceAccountsAsync(
+        await sutProvider.GetDependency<IStripePaymentService>().Received(1).AdjustServiceAccountsAsync(
             Arg.Is<Organization>(o => o.Id == organizationId),
             plan,
             expectedSmServiceAccountsExcludingBase);
@@ -779,9 +780,9 @@ public class UpdateSecretsManagerSubscriptionCommandTests
 
     private static async Task VerifyDependencyNotCalledAsync(SutProvider<UpdateSecretsManagerSubscriptionCommand> sutProvider)
     {
-        await sutProvider.GetDependency<IPaymentService>().DidNotReceive()
+        await sutProvider.GetDependency<IStripePaymentService>().DidNotReceive()
             .AdjustSmSeatsAsync(Arg.Any<Organization>(), Arg.Any<Plan>(), Arg.Any<int>());
-        await sutProvider.GetDependency<IPaymentService>().DidNotReceive()
+        await sutProvider.GetDependency<IStripePaymentService>().DidNotReceive()
             .AdjustServiceAccountsAsync(Arg.Any<Organization>(), Arg.Any<Plan>(), Arg.Any<int>());
         // TODO: call ReferenceEventService - see AC-1481
         await sutProvider.GetDependency<IMailService>().DidNotReceive()

test/Core.Test/OrganizationFeatures/OrganizationSubscriptionUpdate/UpgradeOrganizationPlanCommandTests.cs

@@ -1,5 +1,6 @@
 using Bit.Core.Billing.Enums;
 using Bit.Core.Billing.Pricing;
+using Bit.Core.Billing.Services;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Business;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
@@ -121,7 +122,7 @@ public class UpgradeOrganizationPlanCommandTests
                 Users = 1
             });
         await sutProvider.Sut.UpgradePlanAsync(organization.Id, organizationUpgrade);
-        await sutProvider.GetDependency<IPaymentService>().Received(1).AdjustSubscription(
+        await sutProvider.GetDependency<IStripePaymentService>().Received(1).AdjustSubscription(
             organization,
             MockPlans.Get(planType),
             organizationUpgrade.AdditionalSeats,

test/Core.Test/Services/SendGridMailDeliveryServiceTests.cs

@@ -74,7 +74,7 @@ public class SendGridMailDeliveryServiceTests : IDisposable
                 Assert.Equal(mailMessage.HtmlContent, msg.HtmlContent);
                 Assert.Equal(mailMessage.TextContent, msg.PlainTextContent);
 
-                Assert.Contains("type:Cateogry", msg.Categories);
+                Assert.Contains("type:Category", msg.Categories);
                 Assert.Contains(msg.Categories, x => x.StartsWith("env:"));
                 Assert.Contains(msg.Categories, x => x.StartsWith("sender:"));
 

test/Core.Test/Services/StripePaymentServiceTests.cs

@@ -1,914 +0,0 @@
-using Bit.Core.Billing.Constants;
-using Bit.Core.Billing.Enums;
-using Bit.Core.Billing.Pricing;
-using Bit.Core.Billing.Tax.Requests;
-using Bit.Core.Entities;
-using Bit.Core.Enums;
-using Bit.Core.Services;
-using Bit.Core.Test.Billing.Mocks.Plans;
-using Bit.Test.Common.AutoFixture;
-using Bit.Test.Common.AutoFixture.Attributes;
-using NSubstitute;
-using Stripe;
-using Xunit;
-
-namespace Bit.Core.Test.Services;
-
-[SutProviderCustomize]
-public class StripePaymentServiceTests
-{
-    [Theory]
-    [BitAutoData]
-    public async Task
-        PreviewInvoiceAsync_ForOrganization_CalculatesSalesTaxCorrectlyForFamiliesWithoutAdditionalStorage(
-            SutProvider<StripePaymentService> sutProvider)
-    {
-        var familiesPlan = new FamiliesPlan();
-        sutProvider.GetDependency<IPricingClient>()
-            .GetPlanOrThrow(Arg.Is<PlanType>(p => p == PlanType.FamiliesAnnually))
-            .Returns(familiesPlan);
-
-        var parameters = new PreviewOrganizationInvoiceRequestBody
-        {
-            PasswordManager =
-                new OrganizationPasswordManagerRequestModel
-                {
-                    Plan = PlanType.FamiliesAnnually,
-                    AdditionalStorage = 0
-                },
-            TaxInformation = new TaxInformationRequestModel { Country = "FR", PostalCode = "12345" }
-        };
-
-        sutProvider.GetDependency<IStripeAdapter>()
-            .InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(p =>
-                p.Currency == "usd" &&
-                p.SubscriptionDetails.Items.Any(x =>
-                    x.Plan == familiesPlan.PasswordManager.StripePlanId &&
-                    x.Quantity == 1) &&
-                p.SubscriptionDetails.Items.Any(x =>
-                    x.Plan == familiesPlan.PasswordManager.StripeStoragePlanId &&
-                    x.Quantity == 0)))
-            .Returns(new Invoice
-            {
-                TotalExcludingTax = 4000,
-                TotalTaxes = [new InvoiceTotalTax { Amount = 800 }],
-                Total = 4800
-            });
-
-        var actual = await sutProvider.Sut.PreviewInvoiceAsync(parameters, null, null);
-
-        Assert.Equal(8M, actual.TaxAmount);
-        Assert.Equal(48M, actual.TotalAmount);
-        Assert.Equal(40M, actual.TaxableBaseAmount);
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task PreviewInvoiceAsync_ForOrganization_CalculatesSalesTaxCorrectlyForFamiliesWithAdditionalStorage(
-        SutProvider<StripePaymentService> sutProvider)
-    {
-        var familiesPlan = new FamiliesPlan();
-        sutProvider.GetDependency<IPricingClient>()
-            .GetPlanOrThrow(Arg.Is<PlanType>(p => p == PlanType.FamiliesAnnually))
-            .Returns(familiesPlan);
-
-        var parameters = new PreviewOrganizationInvoiceRequestBody
-        {
-            PasswordManager =
-                new OrganizationPasswordManagerRequestModel
-                {
-                    Plan = PlanType.FamiliesAnnually,
-                    AdditionalStorage = 1
-                },
-            TaxInformation = new TaxInformationRequestModel { Country = "FR", PostalCode = "12345" }
-        };
-
-        sutProvider.GetDependency<IStripeAdapter>()
-            .InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(p =>
-                p.Currency == "usd" &&
-                p.SubscriptionDetails.Items.Any(x =>
-                    x.Plan == familiesPlan.PasswordManager.StripePlanId &&
-                    x.Quantity == 1) &&
-                p.SubscriptionDetails.Items.Any(x =>
-                    x.Plan == familiesPlan.PasswordManager.StripeStoragePlanId &&
-                    x.Quantity == 1)))
-            .Returns(new Invoice { TotalExcludingTax = 4000, TotalTaxes = [new InvoiceTotalTax { Amount = 800 }], Total = 4800 });
-
-        var actual = await sutProvider.Sut.PreviewInvoiceAsync(parameters, null, null);
-
-        Assert.Equal(8M, actual.TaxAmount);
-        Assert.Equal(48M, actual.TotalAmount);
-        Assert.Equal(40M, actual.TaxableBaseAmount);
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task
-        PreviewInvoiceAsync_ForOrganization_CalculatesSalesTaxCorrectlyForFamiliesForEnterpriseWithoutAdditionalStorage(
-            SutProvider<StripePaymentService> sutProvider)
-    {
-        var familiesPlan = new FamiliesPlan();
-        sutProvider.GetDependency<IPricingClient>()
-            .GetPlanOrThrow(Arg.Is<PlanType>(p => p == PlanType.FamiliesAnnually))
-            .Returns(familiesPlan);
-
-        var parameters = new PreviewOrganizationInvoiceRequestBody
-        {
-            PasswordManager = new OrganizationPasswordManagerRequestModel
-            {
-                Plan = PlanType.FamiliesAnnually,
-                SponsoredPlan = PlanSponsorshipType.FamiliesForEnterprise,
-                AdditionalStorage = 0
-            },
-            TaxInformation = new TaxInformationRequestModel { Country = "FR", PostalCode = "12345" }
-        };
-
-        sutProvider.GetDependency<IStripeAdapter>()
-            .InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(p =>
-                p.Currency == "usd" &&
-                p.SubscriptionDetails.Items.Any(x =>
-                    x.Plan == "2021-family-for-enterprise-annually" &&
-                    x.Quantity == 1) &&
-                p.SubscriptionDetails.Items.Any(x =>
-                    x.Plan == familiesPlan.PasswordManager.StripeStoragePlanId &&
-                    x.Quantity == 0)))
-            .Returns(new Invoice { TotalExcludingTax = 0, TotalTaxes = [new InvoiceTotalTax { Amount = 0 }], Total = 0 });
-
-        var actual = await sutProvider.Sut.PreviewInvoiceAsync(parameters, null, null);
-
-        Assert.Equal(0M, actual.TaxAmount);
-        Assert.Equal(0M, actual.TotalAmount);
-        Assert.Equal(0M, actual.TaxableBaseAmount);
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task
-        PreviewInvoiceAsync_ForOrganization_CalculatesSalesTaxCorrectlyForFamiliesForEnterpriseWithAdditionalStorage(
-            SutProvider<StripePaymentService> sutProvider)
-    {
-        var familiesPlan = new FamiliesPlan();
-        sutProvider.GetDependency<IPricingClient>()
-            .GetPlanOrThrow(Arg.Is<PlanType>(p => p == PlanType.FamiliesAnnually))
-            .Returns(familiesPlan);
-
-        var parameters = new PreviewOrganizationInvoiceRequestBody
-        {
-            PasswordManager = new OrganizationPasswordManagerRequestModel
-            {
-                Plan = PlanType.FamiliesAnnually,
-                SponsoredPlan = PlanSponsorshipType.FamiliesForEnterprise,
-                AdditionalStorage = 1
-            },
-            TaxInformation = new TaxInformationRequestModel { Country = "FR", PostalCode = "12345" }
-        };
-
-        sutProvider.GetDependency<IStripeAdapter>()
-            .InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(p =>
-                p.Currency == "usd" &&
-                p.SubscriptionDetails.Items.Any(x =>
-                    x.Plan == "2021-family-for-enterprise-annually" &&
-                    x.Quantity == 1) &&
-                p.SubscriptionDetails.Items.Any(x =>
-                    x.Plan == familiesPlan.PasswordManager.StripeStoragePlanId &&
-                    x.Quantity == 1)))
-            .Returns(new Invoice { TotalExcludingTax = 400, TotalTaxes = [new InvoiceTotalTax { Amount = 8 }], Total = 408 });
-
-        var actual = await sutProvider.Sut.PreviewInvoiceAsync(parameters, null, null);
-
-        Assert.Equal(0.08M, actual.TaxAmount);
-        Assert.Equal(4.08M, actual.TotalAmount);
-        Assert.Equal(4M, actual.TaxableBaseAmount);
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task PreviewInvoiceAsync_USBased_PersonalUse_SetsAutomaticTaxEnabled(SutProvider<StripePaymentService> sutProvider)
-    {
-        // Arrange
-        var familiesPlan = new FamiliesPlan();
-        sutProvider.GetDependency<IPricingClient>()
-            .GetPlanOrThrow(Arg.Is<PlanType>(p => p == PlanType.FamiliesAnnually))
-            .Returns(familiesPlan);
-
-        var parameters = new PreviewOrganizationInvoiceRequestBody
-        {
-            PasswordManager = new OrganizationPasswordManagerRequestModel
-            {
-                Plan = PlanType.FamiliesAnnually
-            },
-            TaxInformation = new TaxInformationRequestModel
-            {
-                Country = "US",
-                PostalCode = "12345"
-            }
-        };
-
-        var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
-        stripeAdapter
-            .InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>())
-            .Returns(new Invoice
-            {
-                TotalExcludingTax = 400,
-                TotalTaxes = [new InvoiceTotalTax { Amount = 8 }],
-                Total = 408
-            });
-
-        // Act
-        await sutProvider.Sut.PreviewInvoiceAsync(parameters, null, null);
-
-        // Assert
-        await stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
-            options.AutomaticTax.Enabled == true
-        ));
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task PreviewInvoiceAsync_USBased_BusinessUse_SetsAutomaticTaxEnabled(SutProvider<StripePaymentService> sutProvider)
-    {
-        // Arrange
-        var plan = new EnterprisePlan(true);
-        sutProvider.GetDependency<IPricingClient>()
-            .GetPlanOrThrow(Arg.Is<PlanType>(p => p == PlanType.EnterpriseAnnually))
-            .Returns(plan);
-
-        var parameters = new PreviewOrganizationInvoiceRequestBody
-        {
-            PasswordManager = new OrganizationPasswordManagerRequestModel
-            {
-                Plan = PlanType.EnterpriseAnnually
-            },
-            TaxInformation = new TaxInformationRequestModel
-            {
-                Country = "US",
-                PostalCode = "12345"
-            }
-        };
-
-        var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
-        stripeAdapter
-            .InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>())
-            .Returns(new Invoice
-            {
-                TotalExcludingTax = 400,
-                TotalTaxes = [new InvoiceTotalTax { Amount = 8 }],
-                Total = 408
-            });
-
-        // Act
-        await sutProvider.Sut.PreviewInvoiceAsync(parameters, null, null);
-
-        // Assert
-        await stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
-            options.AutomaticTax.Enabled == true
-        ));
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task PreviewInvoiceAsync_NonUSBased_PersonalUse_SetsAutomaticTaxEnabled(SutProvider<StripePaymentService> sutProvider)
-    {
-        // Arrange
-        var familiesPlan = new FamiliesPlan();
-        sutProvider.GetDependency<IPricingClient>()
-            .GetPlanOrThrow(Arg.Is<PlanType>(p => p == PlanType.FamiliesAnnually))
-            .Returns(familiesPlan);
-
-        var parameters = new PreviewOrganizationInvoiceRequestBody
-        {
-            PasswordManager = new OrganizationPasswordManagerRequestModel
-            {
-                Plan = PlanType.FamiliesAnnually
-            },
-            TaxInformation = new TaxInformationRequestModel
-            {
-                Country = "FR",
-                PostalCode = "12345"
-            }
-        };
-
-        var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
-        stripeAdapter
-            .InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>())
-            .Returns(new Invoice
-            {
-                TotalExcludingTax = 400,
-                TotalTaxes = [new InvoiceTotalTax { Amount = 8 }],
-                Total = 408
-            });
-
-        // Act
-        await sutProvider.Sut.PreviewInvoiceAsync(parameters, null, null);
-
-        // Assert
-        await stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
-            options.AutomaticTax.Enabled == true
-        ));
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task PreviewInvoiceAsync_NonUSBased_BusinessUse_SetsAutomaticTaxEnabled(SutProvider<StripePaymentService> sutProvider)
-    {
-        // Arrange
-        var plan = new EnterprisePlan(true);
-        sutProvider.GetDependency<IPricingClient>()
-            .GetPlanOrThrow(Arg.Is<PlanType>(p => p == PlanType.EnterpriseAnnually))
-            .Returns(plan);
-
-        var parameters = new PreviewOrganizationInvoiceRequestBody
-        {
-            PasswordManager = new OrganizationPasswordManagerRequestModel
-            {
-                Plan = PlanType.EnterpriseAnnually
-            },
-            TaxInformation = new TaxInformationRequestModel
-            {
-                Country = "FR",
-                PostalCode = "12345"
-            }
-        };
-
-        var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
-        stripeAdapter
-            .InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>())
-            .Returns(new Invoice
-            {
-                TotalExcludingTax = 400,
-                TotalTaxes = [new InvoiceTotalTax { Amount = 8 }],
-                Total = 408
-            });
-
-        // Act
-        await sutProvider.Sut.PreviewInvoiceAsync(parameters, null, null);
-
-        // Assert
-        await stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
-            options.AutomaticTax.Enabled == true
-        ));
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task PreviewInvoiceAsync_USBased_PersonalUse_DoesNotSetTaxExempt(SutProvider<StripePaymentService> sutProvider)
-    {
-        // Arrange
-        var familiesPlan = new FamiliesPlan();
-        sutProvider.GetDependency<IPricingClient>()
-            .GetPlanOrThrow(Arg.Is<PlanType>(p => p == PlanType.FamiliesAnnually))
-            .Returns(familiesPlan);
-
-        var parameters = new PreviewOrganizationInvoiceRequestBody
-        {
-            PasswordManager = new OrganizationPasswordManagerRequestModel
-            {
-                Plan = PlanType.FamiliesAnnually
-            },
-            TaxInformation = new TaxInformationRequestModel
-            {
-                Country = "US",
-                PostalCode = "12345"
-            }
-        };
-
-        var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
-        stripeAdapter
-            .InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>())
-            .Returns(new Invoice
-            {
-                TotalExcludingTax = 400,
-                TotalTaxes = [new InvoiceTotalTax { Amount = 8 }],
-                Total = 408
-            });
-
-        // Act
-        await sutProvider.Sut.PreviewInvoiceAsync(parameters, null, null);
-
-        // Assert
-        await stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
-            options.CustomerDetails.TaxExempt == null
-        ));
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task PreviewInvoiceAsync_USBased_BusinessUse_DoesNotSetTaxExempt(SutProvider<StripePaymentService> sutProvider)
-    {
-        // Arrange
-        var plan = new EnterprisePlan(true);
-        sutProvider.GetDependency<IPricingClient>()
-            .GetPlanOrThrow(Arg.Is<PlanType>(p => p == PlanType.EnterpriseAnnually))
-            .Returns(plan);
-
-        var parameters = new PreviewOrganizationInvoiceRequestBody
-        {
-            PasswordManager = new OrganizationPasswordManagerRequestModel
-            {
-                Plan = PlanType.EnterpriseAnnually
-            },
-            TaxInformation = new TaxInformationRequestModel
-            {
-                Country = "US",
-                PostalCode = "12345"
-            }
-        };
-
-        var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
-        stripeAdapter
-            .InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>())
-            .Returns(new Invoice
-            {
-                TotalExcludingTax = 400,
-                TotalTaxes = [new InvoiceTotalTax { Amount = 8 }],
-                Total = 408
-            });
-
-        // Act
-        await sutProvider.Sut.PreviewInvoiceAsync(parameters, null, null);
-
-        // Assert
-        await stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
-            options.CustomerDetails.TaxExempt == null
-        ));
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task PreviewInvoiceAsync_NonUSBased_PersonalUse_DoesNotSetTaxExempt(SutProvider<StripePaymentService> sutProvider)
-    {
-        // Arrange
-        var familiesPlan = new FamiliesPlan();
-        sutProvider.GetDependency<IPricingClient>()
-            .GetPlanOrThrow(Arg.Is<PlanType>(p => p == PlanType.FamiliesAnnually))
-            .Returns(familiesPlan);
-
-        var parameters = new PreviewOrganizationInvoiceRequestBody
-        {
-            PasswordManager = new OrganizationPasswordManagerRequestModel
-            {
-                Plan = PlanType.FamiliesAnnually
-            },
-            TaxInformation = new TaxInformationRequestModel
-            {
-                Country = "FR",
-                PostalCode = "12345"
-            }
-        };
-
-        var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
-        stripeAdapter
-            .InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>())
-            .Returns(new Invoice
-            {
-                TotalExcludingTax = 400,
-                TotalTaxes = [new InvoiceTotalTax { Amount = 8 }],
-                Total = 408
-            });
-
-        // Act
-        await sutProvider.Sut.PreviewInvoiceAsync(parameters, null, null);
-
-        // Assert
-        await stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
-            options.CustomerDetails.TaxExempt == null
-        ));
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task PreviewInvoiceAsync_NonUSBased_BusinessUse_SetsTaxExemptReverse(SutProvider<StripePaymentService> sutProvider)
-    {
-        // Arrange
-        var plan = new EnterprisePlan(true);
-        sutProvider.GetDependency<IPricingClient>()
-            .GetPlanOrThrow(Arg.Is<PlanType>(p => p == PlanType.EnterpriseAnnually))
-            .Returns(plan);
-
-        var parameters = new PreviewOrganizationInvoiceRequestBody
-        {
-            PasswordManager = new OrganizationPasswordManagerRequestModel
-            {
-                Plan = PlanType.EnterpriseAnnually
-            },
-            TaxInformation = new TaxInformationRequestModel
-            {
-                Country = "FR",
-                PostalCode = "12345"
-            }
-        };
-
-        var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
-        stripeAdapter
-            .InvoiceCreatePreviewAsync(Arg.Any<InvoiceCreatePreviewOptions>())
-            .Returns(new Invoice
-            {
-                TotalExcludingTax = 400,
-                TotalTaxes = [new InvoiceTotalTax { Amount = 8 }],
-                Total = 408
-            });
-
-        // Act
-        await sutProvider.Sut.PreviewInvoiceAsync(parameters, null, null);
-
-        // Assert
-        await stripeAdapter.Received(1).InvoiceCreatePreviewAsync(Arg.Is<InvoiceCreatePreviewOptions>(options =>
-            options.CustomerDetails.TaxExempt == StripeConstants.TaxExempt.Reverse
-        ));
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task GetSubscriptionAsync_WithCustomerDiscount_ReturnsDiscountFromCustomer(
-        SutProvider<StripePaymentService> sutProvider,
-        User subscriber)
-    {
-        // Arrange
-        subscriber.Gateway = GatewayType.Stripe;
-        subscriber.GatewayCustomerId = "cus_test123";
-        subscriber.GatewaySubscriptionId = "sub_test123";
-
-        var customerDiscount = new Discount
-        {
-            Coupon = new Coupon
-            {
-                Id = StripeConstants.CouponIDs.Milestone2SubscriptionDiscount,
-                PercentOff = 20m,
-                AmountOff = 1400
-            },
-            End = null
-        };
-
-        var subscription = new Subscription
-        {
-            Id = "sub_test123",
-            Status = "active",
-            CollectionMethod = "charge_automatically",
-            Customer = new Customer
-            {
-                Discount = customerDiscount
-            },
-            Discounts = new List<Discount>(), // Empty list
-            Items = new StripeList<SubscriptionItem> { Data = [] }
-        };
-
-        sutProvider.GetDependency<IStripeAdapter>()
-            .SubscriptionGetAsync(
-                subscriber.GatewaySubscriptionId,
-                Arg.Any<SubscriptionGetOptions>())
-            .Returns(subscription);
-
-        // Act
-        var result = await sutProvider.Sut.GetSubscriptionAsync(subscriber);
-
-        // Assert
-        Assert.NotNull(result.CustomerDiscount);
-        Assert.Equal(StripeConstants.CouponIDs.Milestone2SubscriptionDiscount, result.CustomerDiscount.Id);
-        Assert.Equal(20m, result.CustomerDiscount.PercentOff);
-        Assert.Equal(14.00m, result.CustomerDiscount.AmountOff); // Converted from cents
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task GetSubscriptionAsync_WithoutCustomerDiscount_FallsBackToSubscriptionDiscounts(
-        SutProvider<StripePaymentService> sutProvider,
-        User subscriber)
-    {
-        // Arrange
-        subscriber.Gateway = GatewayType.Stripe;
-        subscriber.GatewayCustomerId = "cus_test123";
-        subscriber.GatewaySubscriptionId = "sub_test123";
-
-        var subscriptionDiscount = new Discount
-        {
-            Coupon = new Coupon
-            {
-                Id = StripeConstants.CouponIDs.Milestone2SubscriptionDiscount,
-                PercentOff = 15m,
-                AmountOff = null
-            },
-            End = null
-        };
-
-        var subscription = new Subscription
-        {
-            Id = "sub_test123",
-            Status = "active",
-            CollectionMethod = "charge_automatically",
-            Customer = new Customer
-            {
-                Discount = null // No customer discount
-            },
-            Discounts = new List<Discount> { subscriptionDiscount },
-            Items = new StripeList<SubscriptionItem> { Data = [] }
-        };
-
-        sutProvider.GetDependency<IStripeAdapter>()
-            .SubscriptionGetAsync(
-                subscriber.GatewaySubscriptionId,
-                Arg.Any<SubscriptionGetOptions>())
-            .Returns(subscription);
-
-        // Act
-        var result = await sutProvider.Sut.GetSubscriptionAsync(subscriber);
-
-        // Assert - Should use subscription discount as fallback
-        Assert.NotNull(result.CustomerDiscount);
-        Assert.Equal(StripeConstants.CouponIDs.Milestone2SubscriptionDiscount, result.CustomerDiscount.Id);
-        Assert.Equal(15m, result.CustomerDiscount.PercentOff);
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task GetSubscriptionAsync_WithBothDiscounts_PrefersCustomerDiscount(
-        SutProvider<StripePaymentService> sutProvider,
-        User subscriber)
-    {
-        // Arrange
-        subscriber.Gateway = GatewayType.Stripe;
-        subscriber.GatewayCustomerId = "cus_test123";
-        subscriber.GatewaySubscriptionId = "sub_test123";
-
-        var customerDiscount = new Discount
-        {
-            Coupon = new Coupon
-            {
-                Id = StripeConstants.CouponIDs.Milestone2SubscriptionDiscount,
-                PercentOff = 25m
-            },
-            End = null
-        };
-
-        var subscriptionDiscount = new Discount
-        {
-            Coupon = new Coupon
-            {
-                Id = "different-coupon-id",
-                PercentOff = 10m
-            },
-            End = null
-        };
-
-        var subscription = new Subscription
-        {
-            Id = "sub_test123",
-            Status = "active",
-            CollectionMethod = "charge_automatically",
-            Customer = new Customer
-            {
-                Discount = customerDiscount // Should prefer this
-            },
-            Discounts = new List<Discount> { subscriptionDiscount },
-            Items = new StripeList<SubscriptionItem> { Data = [] }
-        };
-
-        sutProvider.GetDependency<IStripeAdapter>()
-            .SubscriptionGetAsync(
-                subscriber.GatewaySubscriptionId,
-                Arg.Any<SubscriptionGetOptions>())
-            .Returns(subscription);
-
-        // Act
-        var result = await sutProvider.Sut.GetSubscriptionAsync(subscriber);
-
-        // Assert - Should prefer customer discount over subscription discount
-        Assert.NotNull(result.CustomerDiscount);
-        Assert.Equal(StripeConstants.CouponIDs.Milestone2SubscriptionDiscount, result.CustomerDiscount.Id);
-        Assert.Equal(25m, result.CustomerDiscount.PercentOff);
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task GetSubscriptionAsync_WithNoDiscounts_ReturnsNullDiscount(
-        SutProvider<StripePaymentService> sutProvider,
-        User subscriber)
-    {
-        // Arrange
-        subscriber.Gateway = GatewayType.Stripe;
-        subscriber.GatewayCustomerId = "cus_test123";
-        subscriber.GatewaySubscriptionId = "sub_test123";
-
-        var subscription = new Subscription
-        {
-            Id = "sub_test123",
-            Status = "active",
-            CollectionMethod = "charge_automatically",
-            Customer = new Customer
-            {
-                Discount = null
-            },
-            Discounts = new List<Discount>(), // Empty list, no discounts
-            Items = new StripeList<SubscriptionItem> { Data = [] }
-        };
-
-        sutProvider.GetDependency<IStripeAdapter>()
-            .SubscriptionGetAsync(
-                subscriber.GatewaySubscriptionId,
-                Arg.Any<SubscriptionGetOptions>())
-            .Returns(subscription);
-
-        // Act
-        var result = await sutProvider.Sut.GetSubscriptionAsync(subscriber);
-
-        // Assert
-        Assert.Null(result.CustomerDiscount);
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task GetSubscriptionAsync_WithMultipleSubscriptionDiscounts_SelectsFirstDiscount(
-        SutProvider<StripePaymentService> sutProvider,
-        User subscriber)
-    {
-        // Arrange - Multiple subscription-level discounts, no customer discount
-        subscriber.Gateway = GatewayType.Stripe;
-        subscriber.GatewayCustomerId = "cus_test123";
-        subscriber.GatewaySubscriptionId = "sub_test123";
-
-        var firstDiscount = new Discount
-        {
-            Coupon = new Coupon
-            {
-                Id = "coupon-10-percent",
-                PercentOff = 10m
-            },
-            End = null
-        };
-
-        var secondDiscount = new Discount
-        {
-            Coupon = new Coupon
-            {
-                Id = "coupon-20-percent",
-                PercentOff = 20m
-            },
-            End = null
-        };
-
-        var subscription = new Subscription
-        {
-            Id = "sub_test123",
-            Status = "active",
-            CollectionMethod = "charge_automatically",
-            Customer = new Customer
-            {
-                Discount = null // No customer discount
-            },
-            // Multiple subscription discounts - FirstOrDefault() should select the first one
-            Discounts = new List<Discount> { firstDiscount, secondDiscount },
-            Items = new StripeList<SubscriptionItem> { Data = [] }
-        };
-
-        sutProvider.GetDependency<IStripeAdapter>()
-            .SubscriptionGetAsync(
-                subscriber.GatewaySubscriptionId,
-                Arg.Any<SubscriptionGetOptions>())
-            .Returns(subscription);
-
-        // Act
-        var result = await sutProvider.Sut.GetSubscriptionAsync(subscriber);
-
-        // Assert - Should select the first discount from the list (FirstOrDefault() behavior)
-        Assert.NotNull(result.CustomerDiscount);
-        Assert.Equal("coupon-10-percent", result.CustomerDiscount.Id);
-        Assert.Equal(10m, result.CustomerDiscount.PercentOff);
-        // Verify the second discount was not selected
-        Assert.NotEqual("coupon-20-percent", result.CustomerDiscount.Id);
-        Assert.NotEqual(20m, result.CustomerDiscount.PercentOff);
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task GetSubscriptionAsync_WithNullCustomer_HandlesGracefully(
-        SutProvider<StripePaymentService> sutProvider,
-        User subscriber)
-    {
-        // Arrange - Subscription with null Customer (defensive null check scenario)
-        subscriber.Gateway = GatewayType.Stripe;
-        subscriber.GatewayCustomerId = "cus_test123";
-        subscriber.GatewaySubscriptionId = "sub_test123";
-
-        var subscription = new Subscription
-        {
-            Id = "sub_test123",
-            Status = "active",
-            CollectionMethod = "charge_automatically",
-            Customer = null, // Customer not expanded or null
-            Discounts = new List<Discount>(), // Empty discounts
-            Items = new StripeList<SubscriptionItem> { Data = [] }
-        };
-
-        sutProvider.GetDependency<IStripeAdapter>()
-            .SubscriptionGetAsync(
-                subscriber.GatewaySubscriptionId,
-                Arg.Any<SubscriptionGetOptions>())
-            .Returns(subscription);
-
-        // Act
-        var result = await sutProvider.Sut.GetSubscriptionAsync(subscriber);
-
-        // Assert - Should handle null Customer gracefully without throwing NullReferenceException
-        Assert.Null(result.CustomerDiscount);
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task GetSubscriptionAsync_WithNullDiscounts_HandlesGracefully(
-        SutProvider<StripePaymentService> sutProvider,
-        User subscriber)
-    {
-        // Arrange - Subscription with null Discounts (defensive null check scenario)
-        subscriber.Gateway = GatewayType.Stripe;
-        subscriber.GatewayCustomerId = "cus_test123";
-        subscriber.GatewaySubscriptionId = "sub_test123";
-
-        var subscription = new Subscription
-        {
-            Id = "sub_test123",
-            Status = "active",
-            CollectionMethod = "charge_automatically",
-            Customer = new Customer
-            {
-                Discount = null // No customer discount
-            },
-            Discounts = null, // Discounts not expanded or null
-            Items = new StripeList<SubscriptionItem> { Data = [] }
-        };
-
-        sutProvider.GetDependency<IStripeAdapter>()
-            .SubscriptionGetAsync(
-                subscriber.GatewaySubscriptionId,
-                Arg.Any<SubscriptionGetOptions>())
-            .Returns(subscription);
-
-        // Act
-        var result = await sutProvider.Sut.GetSubscriptionAsync(subscriber);
-
-        // Assert - Should handle null Discounts gracefully without throwing NullReferenceException
-        Assert.Null(result.CustomerDiscount);
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task GetSubscriptionAsync_VerifiesCorrectExpandOptions(
-        SutProvider<StripePaymentService> sutProvider,
-        User subscriber)
-    {
-        // Arrange
-        subscriber.Gateway = GatewayType.Stripe;
-        subscriber.GatewayCustomerId = "cus_test123";
-        subscriber.GatewaySubscriptionId = "sub_test123";
-
-        var subscription = new Subscription
-        {
-            Id = "sub_test123",
-            Status = "active",
-            CollectionMethod = "charge_automatically",
-            Customer = new Customer { Discount = null },
-            Discounts = new List<Discount>(), // Empty list
-            Items = new StripeList<SubscriptionItem> { Data = [] }
-        };
-
-        var stripeAdapter = sutProvider.GetDependency<IStripeAdapter>();
-        stripeAdapter
-            .SubscriptionGetAsync(
-                Arg.Any<string>(),
-                Arg.Any<SubscriptionGetOptions>())
-            .Returns(subscription);
-
-        // Act
-        await sutProvider.Sut.GetSubscriptionAsync(subscriber);
-
-        // Assert - Verify expand options are correct
-        await stripeAdapter.Received(1).SubscriptionGetAsync(
-            subscriber.GatewaySubscriptionId,
-            Arg.Is<SubscriptionGetOptions>(o =>
-                o.Expand.Contains("customer.discount.coupon.applies_to") &&
-                o.Expand.Contains("discounts.coupon.applies_to") &&
-                o.Expand.Contains("test_clock")));
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task GetSubscriptionAsync_WithEmptyGatewaySubscriptionId_ReturnsEmptySubscriptionInfo(
-        SutProvider<StripePaymentService> sutProvider,
-        User subscriber)
-    {
-        // Arrange
-        subscriber.GatewaySubscriptionId = null;
-
-        // Act
-        var result = await sutProvider.Sut.GetSubscriptionAsync(subscriber);
-
-        // Assert
-        Assert.NotNull(result);
-        Assert.Null(result.Subscription);
-        Assert.Null(result.CustomerDiscount);
-        Assert.Null(result.UpcomingInvoice);
-
-        // Verify no Stripe API calls were made
-        await sutProvider.GetDependency<IStripeAdapter>()
-            .DidNotReceive()
-            .SubscriptionGetAsync(Arg.Any<string>(), Arg.Any<SubscriptionGetOptions>());
-    }
-}

test/Core.Test/Utilities/EventIntegrationsCacheConstantsTests.cs

@@ -1,4 +1,5 @@
-using Bit.Core.Utilities;
+using Bit.Core.Enums;
+using Bit.Core.Utilities;
 using Bit.Test.Common.AutoFixture.Attributes;
 using Xunit;
 
@@ -11,8 +12,12 @@ public class EventIntegrationsCacheConstantsTests
     {
         var expected = $"Group:{groupId:N}";
         var key = EventIntegrationsCacheConstants.BuildCacheKeyForGroup(groupId);
+        var keyWithDifferentGroup = EventIntegrationsCacheConstants.BuildCacheKeyForGroup(Guid.NewGuid());
+        var keyWithSameGroup = EventIntegrationsCacheConstants.BuildCacheKeyForGroup(groupId);
 
         Assert.Equal(expected, key);
+        Assert.NotEqual(key, keyWithDifferentGroup);
+        Assert.Equal(key, keyWithSameGroup);
     }
 
     [Theory, BitAutoData]
@@ -20,8 +25,55 @@ public class EventIntegrationsCacheConstantsTests
     {
         var expected = $"Organization:{orgId:N}";
         var key = EventIntegrationsCacheConstants.BuildCacheKeyForOrganization(orgId);
+        var keyWithDifferentOrg = EventIntegrationsCacheConstants.BuildCacheKeyForOrganization(Guid.NewGuid());
+        var keyWithSameOrg = EventIntegrationsCacheConstants.BuildCacheKeyForOrganization(orgId);
 
         Assert.Equal(expected, key);
+        Assert.NotEqual(key, keyWithDifferentOrg);
+        Assert.Equal(key, keyWithSameOrg);
+    }
+
+    [Theory, BitAutoData]
+    public void BuildCacheKeyForOrganizationIntegrationConfigurationDetails_ReturnsExpectedKey(Guid orgId)
+    {
+        var integrationType = IntegrationType.Hec;
+
+        var expectedWithEvent = $"OrganizationIntegrationConfigurationDetails:{orgId:N}:Hec:User_LoggedIn";
+        var keyWithEvent = EventIntegrationsCacheConstants.BuildCacheKeyForOrganizationIntegrationConfigurationDetails(
+            orgId, integrationType, EventType.User_LoggedIn);
+        var keyWithDifferentEvent = EventIntegrationsCacheConstants.BuildCacheKeyForOrganizationIntegrationConfigurationDetails(
+            orgId, integrationType, EventType.Cipher_Created);
+        var keyWithDifferentIntegration = EventIntegrationsCacheConstants.BuildCacheKeyForOrganizationIntegrationConfigurationDetails(
+            orgId, IntegrationType.Webhook, EventType.User_LoggedIn);
+        var keyWithDifferentOrganization = EventIntegrationsCacheConstants.BuildCacheKeyForOrganizationIntegrationConfigurationDetails(
+            Guid.NewGuid(), integrationType, EventType.User_LoggedIn);
+        var keyWithSameDetails = EventIntegrationsCacheConstants.BuildCacheKeyForOrganizationIntegrationConfigurationDetails(
+            orgId, integrationType, EventType.User_LoggedIn);
+
+        Assert.Equal(expectedWithEvent, keyWithEvent);
+        Assert.NotEqual(keyWithEvent, keyWithDifferentEvent);
+        Assert.NotEqual(keyWithEvent, keyWithDifferentIntegration);
+        Assert.NotEqual(keyWithEvent, keyWithDifferentOrganization);
+        Assert.Equal(keyWithEvent, keyWithSameDetails);
+    }
+
+    [Theory, BitAutoData]
+    public void BuildCacheTagForOrganizationIntegration_ReturnsExpectedKey(Guid orgId)
+    {
+        var expected = $"OrganizationIntegration:{orgId:N}:Hec";
+        var tag = EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+            orgId, IntegrationType.Hec);
+        var tagWithDifferentOrganization = EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+            Guid.NewGuid(), IntegrationType.Hec);
+        var tagWithDifferentIntegrationType = EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+            orgId, IntegrationType.Webhook);
+        var tagWithSameDetails = EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+            orgId, IntegrationType.Hec);
+
+        Assert.Equal(expected, tag);
+        Assert.NotEqual(tag, tagWithDifferentOrganization);
+        Assert.NotEqual(tag, tagWithDifferentIntegrationType);
+        Assert.Equal(tag, tagWithSameDetails);
     }
 
     [Theory, BitAutoData]
@@ -29,8 +81,14 @@ public class EventIntegrationsCacheConstantsTests
     {
         var expected = $"OrganizationUserUserDetails:{orgId:N}:{userId:N}";
         var key = EventIntegrationsCacheConstants.BuildCacheKeyForOrganizationUser(orgId, userId);
+        var keyWithDifferentOrg = EventIntegrationsCacheConstants.BuildCacheKeyForOrganizationUser(Guid.NewGuid(), userId);
+        var keyWithDifferentUser = EventIntegrationsCacheConstants.BuildCacheKeyForOrganizationUser(orgId, Guid.NewGuid());
+        var keyWithSameDetails = EventIntegrationsCacheConstants.BuildCacheKeyForOrganizationUser(orgId, userId);
 
         Assert.Equal(expected, key);
+        Assert.NotEqual(key, keyWithDifferentOrg);
+        Assert.NotEqual(key, keyWithDifferentUser);
+        Assert.Equal(key, keyWithSameDetails);
     }
 
     [Fact]
@@ -38,4 +96,13 @@ public class EventIntegrationsCacheConstantsTests
     {
         Assert.Equal("EventIntegrations", EventIntegrationsCacheConstants.CacheName);
     }
+
+    [Fact]
+    public void DurationForOrganizationIntegrationConfigurationDetails_ReturnsExpected()
+    {
+        Assert.Equal(
+            TimeSpan.FromDays(1),
+            EventIntegrationsCacheConstants.DurationForOrganizationIntegrationConfigurationDetails
+        );
+    }
 }

test/Core.Test/Utilities/ExtendedCacheServiceCollectionExtensionsTests.cs

@@ -7,6 +7,7 @@ using NSubstitute;
 using StackExchange.Redis;
 using Xunit;
 using ZiggyCreatures.Caching.Fusion;
+using ZiggyCreatures.Caching.Fusion.Backplane;
 
 namespace Bit.Core.Test.Utilities;
 
@@ -167,7 +168,7 @@ public class ExtendedCacheServiceCollectionExtensionsTests
         var settings = CreateGlobalSettings(new()
         {
             { "GlobalSettings:DistributedCache:Redis:ConnectionString", "localhost:6379" },
-            { "GlobalSettings:DistributedCache:DefaultExtendedCache:UseSharedRedisCache", "true" }
+            { "GlobalSettings:DistributedCache:DefaultExtendedCache:UseSharedDistributedCache", "true" }
         });
 
         // Provide a multiplexer (shared)
@@ -187,7 +188,7 @@ public class ExtendedCacheServiceCollectionExtensionsTests
     {
         var settings = new GlobalSettings.ExtendedCacheSettings
         {
-            UseSharedRedisCache = false,
+            UseSharedDistributedCache = false,
             Redis = new GlobalSettings.ConnectionStringSettings { ConnectionString = "invalid:9999" }
         };
 
@@ -242,7 +243,7 @@ public class ExtendedCacheServiceCollectionExtensionsTests
     {
         var settings = new GlobalSettings.ExtendedCacheSettings
         {
-            UseSharedRedisCache = false,
+            UseSharedDistributedCache = false,
             // No Redis connection string
         };
 
@@ -261,13 +262,13 @@ public class ExtendedCacheServiceCollectionExtensionsTests
         var settingsA = new GlobalSettings.ExtendedCacheSettings
         {
             EnableDistributedCache = true,
-            UseSharedRedisCache = false,
+            UseSharedDistributedCache = false,
             Redis = new GlobalSettings.ConnectionStringSettings { ConnectionString = "localhost:6379" }
         };
         var settingsB = new GlobalSettings.ExtendedCacheSettings
         {
             EnableDistributedCache = true,
-            UseSharedRedisCache = false,
+            UseSharedDistributedCache = false,
             Redis = new GlobalSettings.ConnectionStringSettings { ConnectionString = "localhost:6380" }
         };
 
@@ -294,7 +295,7 @@ public class ExtendedCacheServiceCollectionExtensionsTests
 
         var settings = new GlobalSettings.ExtendedCacheSettings
         {
-            UseSharedRedisCache = false,
+            UseSharedDistributedCache = false,
             Redis = new GlobalSettings.ConnectionStringSettings { ConnectionString = "localhost:6379" }
         };
 
@@ -306,6 +307,180 @@ public class ExtendedCacheServiceCollectionExtensionsTests
         Assert.Same(existingCache, resolved);
     }
 
+    [Fact]
+    public void AddExtendedCache_SharedNonRedisCache_UsesDistributedCacheWithoutBackplane()
+    {
+        var settings = new GlobalSettings.ExtendedCacheSettings
+        {
+            UseSharedDistributedCache = true,
+            EnableDistributedCache = true,
+            // No Redis.ConnectionString
+        };
+
+        // Register non-Redis distributed cache
+        _services.AddSingleton(Substitute.For<IDistributedCache>());
+
+        _services.AddExtendedCache(_cacheName, _globalSettings, settings);
+
+        using var provider = _services.BuildServiceProvider();
+        var cache = provider.GetRequiredKeyedService<IFusionCache>(_cacheName);
+
+        Assert.True(cache.HasDistributedCache);
+        Assert.False(cache.HasBackplane); // No backplane for non-Redis
+    }
+
+    [Fact]
+    public void AddExtendedCache_SharedRedisWithMockedMultiplexer_ReusesExistingMultiplexer()
+    {
+        // Override GlobalSettings to include Redis connection string
+        var globalSettings = CreateGlobalSettings(new()
+        {
+            { "GlobalSettings:DistributedCache:Redis:ConnectionString", "localhost:6379" }
+        });
+
+        // Custom settings for this cache
+        var settings = new GlobalSettings.ExtendedCacheSettings
+        {
+            UseSharedDistributedCache = true,
+            EnableDistributedCache = true,
+        };
+
+        // Pre-register mocked multiplexer (simulates AddDistributedCache already called)
+        var mockMultiplexer = Substitute.For<IConnectionMultiplexer>();
+        _services.AddSingleton(mockMultiplexer);
+
+        _services.AddExtendedCache(_cacheName, globalSettings, settings);
+
+        using var provider = _services.BuildServiceProvider();
+        var cache = provider.GetRequiredKeyedService<IFusionCache>(_cacheName);
+
+        Assert.True(cache.HasDistributedCache);
+        Assert.True(cache.HasBackplane);
+
+        // Verify same multiplexer was reused (TryAdd didn't replace it)
+        var resolvedMux = provider.GetRequiredService<IConnectionMultiplexer>();
+        Assert.Same(mockMultiplexer, resolvedMux);
+    }
+
+    [Fact]
+    public void AddExtendedCache_KeyedNonRedisCache_UsesKeyedDistributedCacheWithoutBackplane()
+    {
+        var settings = new GlobalSettings.ExtendedCacheSettings
+        {
+            UseSharedDistributedCache = false,
+            EnableDistributedCache = true,
+            // No Redis.ConnectionString
+        };
+
+        // Register keyed non-Redis distributed cache
+        _services.AddKeyedSingleton(_cacheName, Substitute.For<IDistributedCache>());
+
+        _services.AddExtendedCache(_cacheName, _globalSettings, settings);
+
+        using var provider = _services.BuildServiceProvider();
+        var cache = provider.GetRequiredKeyedService<IFusionCache>(_cacheName);
+
+        Assert.True(cache.HasDistributedCache);
+        Assert.False(cache.HasBackplane);
+    }
+
+    [Fact]
+    public void AddExtendedCache_KeyedRedisWithConnectionString_CreatesIsolatedInfrastructure()
+    {
+        var settings = new GlobalSettings.ExtendedCacheSettings
+        {
+            UseSharedDistributedCache = false,
+            EnableDistributedCache = true,
+            Redis = new GlobalSettings.ConnectionStringSettings
+            {
+                ConnectionString = "localhost:6379"
+            }
+        };
+
+        // Pre-register mocked keyed multiplexer to avoid connection attempt
+        _services.AddKeyedSingleton(_cacheName, Substitute.For<IConnectionMultiplexer>());
+
+        _services.AddExtendedCache(_cacheName, _globalSettings, settings);
+
+        using var provider = _services.BuildServiceProvider();
+        var cache = provider.GetRequiredKeyedService<IFusionCache>(_cacheName);
+
+        Assert.True(cache.HasDistributedCache);
+        Assert.True(cache.HasBackplane);
+
+        // Verify keyed services exist
+        var keyedMux = provider.GetRequiredKeyedService<IConnectionMultiplexer>(_cacheName);
+        Assert.NotNull(keyedMux);
+        var keyedRedis = provider.GetRequiredKeyedService<IDistributedCache>(_cacheName);
+        Assert.NotNull(keyedRedis);
+        var keyedBackplane = provider.GetRequiredKeyedService<IFusionCacheBackplane>(_cacheName);
+        Assert.NotNull(keyedBackplane);
+    }
+
+    [Fact]
+    public void AddExtendedCache_NoDistributedCacheRegistered_WorksWithMemoryOnly()
+    {
+        var settings = new GlobalSettings.ExtendedCacheSettings
+        {
+            UseSharedDistributedCache = true,
+            EnableDistributedCache = true,
+            // No Redis connection string, no IDistributedCache registered
+            // This is technically a misconfiguration, but we handle it without failing
+        };
+
+        _services.AddExtendedCache(_cacheName, _globalSettings, settings);
+
+        using var provider = _services.BuildServiceProvider();
+        var cache = provider.GetRequiredKeyedService<IFusionCache>(_cacheName);
+
+        Assert.False(cache.HasDistributedCache);
+        Assert.False(cache.HasBackplane);
+
+        // Verify L1 memory cache still works
+        cache.Set("key", "value");
+        var result = cache.GetOrDefault<string>("key");
+        Assert.Equal("value", result);
+    }
+
+    [Fact]
+    public void AddExtendedCache_MultipleKeyedCachesWithDifferentTypes_EachHasCorrectConfig()
+    {
+        var redisSettings = new GlobalSettings.ExtendedCacheSettings
+        {
+            UseSharedDistributedCache = false,
+            EnableDistributedCache = true,
+            Redis = new GlobalSettings.ConnectionStringSettings { ConnectionString = "localhost:6379" }
+        };
+
+        var nonRedisSettings = new GlobalSettings.ExtendedCacheSettings
+        {
+            UseSharedDistributedCache = false,
+            EnableDistributedCache = true,
+            // No Redis connection string
+        };
+
+        // Setup Cache1 (Redis)
+        _services.AddKeyedSingleton("Cache1", Substitute.For<IConnectionMultiplexer>());
+        _services.AddExtendedCache("Cache1", _globalSettings, redisSettings);
+
+        // Setup Cache2 (non-Redis)
+        _services.AddKeyedSingleton("Cache2", Substitute.For<IDistributedCache>());
+        _services.AddExtendedCache("Cache2", _globalSettings, nonRedisSettings);
+
+        using var provider = _services.BuildServiceProvider();
+
+        var cache1 = provider.GetRequiredKeyedService<IFusionCache>("Cache1");
+        var cache2 = provider.GetRequiredKeyedService<IFusionCache>("Cache2");
+
+        Assert.True(cache1.HasDistributedCache);
+        Assert.True(cache1.HasBackplane);
+
+        Assert.True(cache2.HasDistributedCache);
+        Assert.False(cache2.HasBackplane);
+
+        Assert.NotSame(cache1, cache2);
+    }
+
     private static GlobalSettings CreateGlobalSettings(Dictionary<string, string?> data)
     {
         var config = new ConfigurationBuilder()

test/Core.Test/Vault/Authorization/Permissions/NormalCipherPermissionTests.cs

@@ -74,7 +74,7 @@ public class NormalCipherPermissionTests
         var cipherDetails = new CipherDetails { UserId = null, OrganizationId = Guid.NewGuid() };
 
         // Act
-        var exception = Assert.Throws<Exception>(() => NormalCipherPermissions.CanDelete(user, cipherDetails, organizationAbility));
+        var exception = Assert.Throws<Exception>(() => NormalCipherPermissions.CanRestore(user, cipherDetails, organizationAbility));
 
         // Assert
         Assert.Equal("Cipher does not belong to the input organization.", exception.Message);
@@ -92,11 +92,11 @@ public class NormalCipherPermissionTests
         // Arrange
         var user = new User { Id = Guid.Empty };
         var organizationId = Guid.NewGuid();
-        var cipherDetails = new CipherDetails { Manage = manage, Edit = edit, UserId = null, OrganizationId = organizationId };
+        var cipherDetails = new CipherDetails { Manage = manage, Edit = edit, UserId = user.Id, OrganizationId = organizationId };
         var organizationAbility = new OrganizationAbility { Id = organizationId, LimitItemDeletion = limitItemDeletion };
 
         // Act
-        var result = NormalCipherPermissions.CanRestore(user, cipherDetails, organizationAbility);
+        var result = NormalCipherPermissions.CanDelete(user, cipherDetails, organizationAbility);
 
         // Assert
         Assert.Equal(result, expectedResult);