[PM-29598] Create Subscription Upgrade Endpoint

[cyprain-okeke]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-29598

📔 Objective

Objective: Create a backend endpoint to process the upgrade from a Premium subscription to a new Organization plan, ensuring the existing subscription is modified rather than creating a new one.

• Endpoint: POST account/billing/vnext/upgrade
• Command: UpgradePremiumToOrganizationCommand
• Implementation Details:
  1. The command will receive the user's ID and the details of the target organization plan.
  2. It will first validate that the user has an active, valid Premium subscription.
  3. Using the Stripe API, it will fetch the user's current subscription.
  4. It will then add new subscription items (the same currently added for creating the new organization subscription) and marking premium subscription items for delete
  5. A trial period will be applied to the updated subscription by setting the trial_end property date
  6. premium_upgrade_metadata will be added to the Stripe subscription object. This metadata should store the ID of the original Premium plan to facilitate a potential reversion.

Given a user has an active Premium subscription

When they submit a request to upgrade to an organization

Then the system updates their Stripe subscription, applies a trial, and adds reversion metadata.

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – 52f19c2f-ee42-4eba-b50f-db9f9785cacb

New Issues (2)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1527	details Method at line 1527 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
2		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1403	details Method at line 1403 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector

Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 293

[amorask-bitwarden]

❌ Our newer client-side code is not operating off of PlanType. Let's send Tier and Cadence like we do here: https://github.com/bitwarden/server/blob/main/src/Api/Billing/Models/Requests/Organizations/OrganizationSubscriptionPurchaseRequest.cs

[amorask-bitwarden]

❌ When upgrading from Premium, we're only going to have 1 seat. The designs do not support seat increases at the moment.

[amorask-bitwarden]

❓ What current plan still has premium access?

[amorask-bitwarden]

❌ This can be removed as the designs also don't support storage selection in the upgrade modal.

[amorask-bitwarden]

❓ Why are we passing this in?

[amorask-bitwarden]

⛏️ if (user is { Premium: true, GatewaySubscriptionId: not null and not "" })

[amorask-bitwarden]

❌ This is not expandable: https://docs.stripe.com/api/subscriptions/object?api-version=2025-08-27.basil&lang=cli#subscription_object-items-data-price

[amorask-bitwarden]

⛏️ If this is the only use of the SubscriberService you can use StripeAdapter since that will automatically throw an exception if the subscription does not exist.

[amorask-bitwarden]

❌ This results in a User record being attached to an Organization subscription, which would not be renderable or usable on the client. The idea is to create an Organization record and attach the modified subscription to that Organization while removing the subscription from the User.

[codecov]

Codecov Report

❌ Patch coverage is 89.44724% with 21 lines in your changes missing coverage. Please review.
✅ Project coverage is 55.28%. Comparing base (b1cf59b) to head (d2f197a).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...sts/Premium/UpgradePremiumToOrganizationRequest.cs	0.00%	16 Missing ⚠️
...Controllers/VNext/AccountBillingVNextController.cs	28.57%	5 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6787      +/-   ##
==========================================
+ Coverage   55.19%   55.28%   +0.08%     
==========================================
  Files        1937     1939       +2     
  Lines       86026    86224     +198     
  Branches     7702     7705       +3     
==========================================
+ Hits        47481    47665     +184     
- Misses      36754    36767      +13     
- Partials     1791     1792       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sbrown-livefront]

A few questions and changes

[sbrown-livefront]

❓ Would we not include seats in the request(even though we assume it will be 1 for now)?

[amorask-bitwarden]

@sbrown-livefront I recommended not doing so - since the business requirements are for a 1-seat upgrade, I feel like that would primarily just give the client extra, unnecessary responsibility.

[sbrown-livefront]

❌ We may need to be more precise in identifying subscription items by narrowing our search specifically to the items we want to delete related to premium (plan id, etc.) I'm not sure if there are some items we'd want to retain.

[sbrown-livefront]

❓ Shouldn't this date be calculated using the TrialPeriodDays property of the target plan?

[sbrown-livefront]

📝 Alex made some great helper methods that are more descriptive here. This is out of scope for this PR, but I wonder if we could clean up command logic a bit with it.

[amorask-bitwarden]

Last thing: This needs to be Stripe in order for the Admin Portal links to the Customer and Subscription to work.

[amorask-bitwarden]

❌ I missed this, but what happens if the User is not on the currently available premium plan?

[cyprain-okeke]

This is an excellent catch

[amorask-bitwarden]

I don't think this is necessary. Really what we're trying to do here is find the specific Premium plan the user is on. We do that by looking for the subscription item for Password Manager that matches one of the premium plans. Then, when we have that subscription item, we can delete it because it will be transitioning to an organization. Let me know if this makes sense. I think you did something similar on your recent storage command you can reference.

[amorask-bitwarden]

This is what I mean: The user might not actually have been on this plan. We need the plan the user was on from the premium plans that come back from the Pricing service.

[sbrown-livefront]

✅