[PM-16777] Fix exception when bulk restoring revoked users who never accepted invitations

[r-tome]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-16777

📔 Objective

When attempting to bulk restore users who were invited to an organization but revoked before accepting the invitation, an exception is thrown. This prevents the restore process from completing successfully.

This is caused by trying to check if those users have 2FA enabled which requires a UserId which they have as null.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 44.07%. Comparing base (5423e5d) to head (5e46d51).
Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5224      +/-   ##
==========================================
+ Coverage   44.02%   44.07%   +0.05%     
==========================================
  Files        1476     1476              
  Lines       68260    68262       +2     
  Branches     6179     6180       +1     
==========================================
+ Hits        30052    30089      +37     
+ Misses      36902    36864      -38     
- Partials     1306     1309       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

Checkmarx One – Scan Summary & Details – 276d109a-7c4d-44f9-8500-fe4dba1b0270

New Issues (9)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CSRF	/src/Billing/Controllers/PayPalController.cs: 66	details Method PostIpn at line 66 of /src/Billing/Controllers/PayPalController.cs gets a parameter from a user request from Body. This parameter value flow... Attack Vector
	Privacy_Violation	/src/Core/AdminConsole/OrganizationAuth/UpdateOrganizationAuthRequestCommand.cs: 84	details Method UpdateAsync at line 84 of /src/Core/AdminConsole/OrganizationAuth/UpdateOrganizationAuthRequestCommand.cs sends user information outside the... Attack Vector
	Privacy_Violation	/src/Core/NotificationHub/NotificationHubPushNotificationService.cs: 195	details Method PushAuthRequestAsync at line 195 of /src/Core/NotificationHub/NotificationHubPushNotificationService.cs sends user information outside the a... Attack Vector
	Privacy_Violation	/src/Api/Vault/Models/Request/CipherRequestModel.cs: 173	details Method ToCipherLoginData at line 173 of /src/Api/Vault/Models/Request/CipherRequestModel.cs sends user information outside the application. This ma... Attack Vector
	Privacy_Violation	/src/Api/Vault/Models/Request/CipherRequestModel.cs: 202	details Method ToCipherIdentityData at line 202 of /src/Api/Vault/Models/Request/CipherRequestModel.cs sends user information outside the application. This... Attack Vector
	Log_Forging	/src/Api/Vault/Controllers/CiphersController.cs: 220	details Method PutAdmin at line 220 of /src/Api/Vault/Controllers/CiphersController.cs gets user input from element model. This element’s value flows throu... Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/AuthRequestsController.cs: 87	details Method PostAdminRequest at line 87 of /src/Api/Auth/Controllers/AuthRequestsController.cs gets user input from element model. This element’s value ... Attack Vector
	Log_Forging	/src/Api/Auth/Controllers/AuthRequestsController.cs: 75	details Method Post at line 75 of /src/Api/Auth/Controllers/AuthRequestsController.cs gets user input from element model. This element’s value flows throug... Attack Vector
	Missing_CSP_Header	/src/Core/MailTemplates/Handlebars/AdminConsole/DomainClaimedByOrganization.html.hbs: 7	details A Content Security Policy is not explicitly defined within the web-application. Attack Vector

Fixed Issues (10)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	/src/Api/Tools/Controllers/OrganizationExportController.cs: 53
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 470
	CSRF	/src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: 65
	CSRF	/src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: 46
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 121
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 80
	CSRF	/src/Admin/AdminConsole/Controllers/OrganizationsController.cs: 371
	Privacy_Violation	/src/Api/Auth/Models/Request/Accounts/SetPasswordRequestModel.cs: 28
	Log_Forging	/src/Api/Auth/Controllers/AccountsController.cs: 927
	Log_Forging	/src/Api/Auth/Controllers/AccountsController.cs: 261