Skip to content

[PM-32216] Create Stripe Checkout Session Endpoint#7246

Open
sbrown-livefront wants to merge 12 commits intomainfrom
billing/pm-32216/create-stripe-checkout-session-endpoint
Open

[PM-32216] Create Stripe Checkout Session Endpoint#7246
sbrown-livefront wants to merge 12 commits intomainfrom
billing/pm-32216/create-stripe-checkout-session-endpoint

Conversation

@sbrown-livefront
Copy link
Collaborator

@sbrown-livefront sbrown-livefront commented Mar 18, 2026

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-32216

📔 Objective

This pull request introduces a new API endpoint to enable users to initiate a Stripe Checkout Session for purchasing a premium subscription via mobile platforms (iOS/Android). It adds the necessary request/response models, command, and service integration with Stripe, along with platform and app version tracking for analytics.

New Premium Checkout Session Flow:

  • Added a new POST endpoint /premium/checkout in AccountBillingVNextController for creating a Stripe Checkout Session, requiring the Bitwarden-Client-Version header and a platform (iOS/Android).
  • Introduced the CreatePremiumCheckoutSessionRequest model with validation to ensure only supported platforms are accepted.
  • Implemented ICreatePremiumCheckoutSessionCommand and its handler to orchestrate the creation of a Stripe Checkout Session, including customer creation if needed, and returning the session URL.
  • Added PremiumCheckoutSessionResponseModel to encapsulate the session URL response.

📸 Screenshots

CheckoutSession-Recording.mp4

@sbrown-livefront sbrown-livefront self-assigned this Mar 18, 2026
@sbrown-livefront sbrown-livefront added the ai-review Request a Claude code review label Mar 18, 2026
@claude
Copy link
Contributor

claude bot commented Mar 18, 2026
edited
Loading

Claude finished @sbrown-livefront's task in 2m 26s —— View job

I'll analyze this and get back to you.

@github-actions
Copy link
Contributor

github-actions bot commented Mar 18, 2026
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailse5468a62-10de-4c11-817c-1598a585c589

New Issues (3) Checkmarx found the following issues in this Pull Request
# Severity Issue Source File / Package Checkmarx Insight
1 MEDIUM CSRF /src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs: 55
detailsMethod at line 55 of /src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs gets a parameter from a user request from user. This pa...
Attack Vector
2 MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1592
detailsMethod at line 1592 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...
Attack Vector
3 MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1419
detailsMethod at line 1419 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...
Attack Vector
Fixed Issues (1) Great job! The following issues were fixed in this Pull Request
Severity Issue Source File / Package
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 293

@sbrown-livefront sbrown-livefront marked this pull request as ready for review March 18, 2026 16:54
@sbrown-livefront sbrown-livefront requested a review from a team as a code owner March 18, 2026 16:54
@codecov
Copy link

codecov bot commented Mar 18, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 89.00000% with 11 lines in your changes missing coverage. Please review.
✅ Project coverage is 57.70%. Comparing base (212a060) to head (c985187).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
...sts/Premium/CreatePremiumCheckoutSessionRequest.cs 10.00% 9 Missing ⚠️
.../Billing/Services/Implementations/StripeAdapter.cs 50.00% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7246      +/-   ##
==========================================
+ Coverage   57.66%   57.70%   +0.03%     
==========================================
  Files        2037     2040       +3     
  Lines       89701    89799      +98     
  Branches     7979     7981       +2     
==========================================
+ Hits        51728    51817      +89     
- Misses      36117    36126       +9     
  Partials     1856     1856

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

cyprain-okeke
cyprain-okeke reviewed Mar 20, 2026
View reviewed changes
Copy link
Contributor

@cyprain-okeke cyprain-okeke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice Work, it seem you have some conflict. I will review after you resolve them

cyprain-okeke
cyprain-okeke requested changes Mar 20, 2026
View reviewed changes
src/Core/Billing/Premium/Commands/CreatePremiumCheckoutSessionCommand.cs
{
Metadata = new Dictionary<string, string>
{
[StripeConstants.MetadataKeys.UserId] = user.Id.ToString(),
Copy link
Contributor

@cyprain-okeke cyprain-okeke Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How does the subscription get activated after the user completes checkout?
The metadata is properly attached, but I want to confirm the end-to-end flow works. Have you tested this in Stripe test mode to verify the user's premium status gets activated correctly?

Copy link
Collaborator Author

@sbrown-livefront sbrown-livefront Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The user's premium is activated by the webhook after the checkout is complete. That's the next PR for this story.

I've tested that the checkout session is usable above, the webhook will complete the upgrade.

claude[bot]
claude bot reviewed Mar 20, 2026
View reviewed changes
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 20, 2026

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@cyprain-okeke cyprain-okeke self-requested a review March 20, 2026 17:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

@cyprain-okeke cyprain-okeke cyprain-okeke approved these changes

Assignees

@sbrown-livefront sbrown-livefront

Labels

ai-review Request a Claude code review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sbrown-livefront @cyprain-okeke