[PM-31140] Consolidate unpaid subscription handling

[amorask-bitwarden]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-31140

📔 Objective

Consolidates the handling of subscriptions that transition to unpaid status across all entity types (Premium users, Organizations, and Providers).

Previously, each entity type was handled differently:

• Premium users: Subscription was immediately canceled
• Organizations: A Quartz job was scheduled to cancel the subscription after 7 days
• Providers: cancel_at was set on the subscription to 7 days in the future

This PR standardizes on the Provider approach for all entity types:

1. Disable the subscriber (user premium, organization, or provider)
2. Set the subscription's cancel_at to 7 days in the future

This gives customers a consistent 7-day grace period to resolve payment issues before their subscription is canceled, regardless of subscription type.

Additional improvements:

• Removes the Quartz scheduler dependency for organization cancellation
• Adds ProrationBehavior.None to prevent unintended proration charges during cancellation/reactivation
• Includes CancellationDetails.Comment for better audit trail when setting cancellation

Testing: Unit tests in SubscriptionUpdatedHandlerTests.cs were updated to reflect the consolidated behavior and verify the new subscription update options.

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – 76569426-dba4-4ed2-b194-2c2b8d3bb4c8

New Issues (4)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 291	details Method at line 291 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
2		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 452	details Method at line 452 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
3		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1527	details Method at line 1527 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
4		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1403	details Method at line 1403 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector

Fixed Issues (3)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 847
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 847
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 293

[codecov]

Codecov Report

❌ Patch coverage is 96.73913% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 56.20%. Comparing base (26b62bc) to head (3755b1f).

Files with missing lines	Patch %	Lines
...ices/Implementations/SubscriptionUpdatedHandler.cs	96.73%	1 Missing and 2 partials ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #6918   +/-   ##
=======================================
  Coverage   56.19%   56.20%           
=======================================
  Files        1976     1976           
  Lines       87523    87459   -64     
  Branches     7809     7787   -22     
=======================================
- Hits        49187    49158   -29     
+ Misses      36507    36475   -32     
+ Partials     1829     1826    -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[kdenney]

Nice job!! 🎉 This is way cleaner. I have just a couple of non-blocking questions.