From e2ec1c4950ca8dfbdb819c5f0859e088e68175c3 Mon Sep 17 00:00:00 2001
From: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
Date: Mon, 26 Aug 2024 14:12:58 +0100
Subject: [PATCH] [PM-1635] Invalid license error is inaccurate (#4631)

* Resolve the unclear error messages

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Refactor to return the errormessage from userLicense

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Resolve the pr comments

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* resolve the error returned message

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

* Add period at the end of error messages

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>

---------

Signed-off-by: Cy Okeke <cokeke@bitwarden.com>
---
 .../Models/Business/OrganizationLicense.cs    | 49 ++++++++++++-------
 src/Core/Models/Business/UserLicense.cs       | 40 +++++++++++----
 .../Services/Implementations/UserService.cs   |  8 +--
 3 files changed, 66 insertions(+), 31 deletions(-)

diff --git a/src/Core/Models/Business/OrganizationLicense.cs b/src/Core/Models/Business/OrganizationLicense.cs
index d5c54ef3e..ebc1a083f 100644
--- a/src/Core/Models/Business/OrganizationLicense.cs
+++ b/src/Core/Models/Business/OrganizationLicense.cs
@@ -230,35 +230,52 @@ public class OrganizationLicense : ILicense
 
     public bool CanUse(IGlobalSettings globalSettings, ILicensingService licensingService, out string exception)
     {
-        if (!Enabled || Issued > DateTime.UtcNow || Expires < DateTime.UtcNow)
+        var errorMessages = new StringBuilder();
+
+        if (!Enabled)
         {
-            exception = "Invalid license. Your organization is disabled or the license has expired.";
-            return false;
+            errorMessages.AppendLine("Your cloud-hosted organization is currently disabled.");
+        }
+
+        if (Issued > DateTime.UtcNow)
+        {
+            errorMessages.AppendLine("The license hasn't been issued yet.");
+        }
+
+        if (Expires < DateTime.UtcNow)
+        {
+            errorMessages.AppendLine("The license has expired.");
         }
 
         if (!ValidLicenseVersion)
         {
-            exception = $"Version {Version} is not supported.";
-            return false;
+            errorMessages.AppendLine($"Version {Version} is not supported.");
         }
 
-        if (InstallationId != globalSettings.Installation.Id || !SelfHost)
+        if (InstallationId != globalSettings.Installation.Id)
         {
-            exception = "Invalid license. Make sure your license allows for on-premise " +
-                        "hosting of organizations and that the installation id matches your current installation.";
-            return false;
+            errorMessages.AppendLine("The installation ID does not match the current installation.");
+        }
+
+        if (!SelfHost)
+        {
+            errorMessages.AppendLine("The license does not allow for on-premise hosting of organizations.");
         }
 
         if (LicenseType != null && LicenseType != Enums.LicenseType.Organization)
         {
-            exception = "Premium licenses cannot be applied to an organization. "
-                        + "Upload this license from your personal account settings page.";
-            return false;
+            errorMessages.AppendLine("Premium licenses cannot be applied to an organization. " +
+                                     "Upload this license from your personal account settings page.");
         }
 
         if (!licensingService.VerifyLicense(this))
         {
-            exception = "Invalid license.";
+            errorMessages.AppendLine("The license verification failed.");
+        }
+
+        if (errorMessages.Length > 0)
+        {
+            exception = $"Invalid license. {errorMessages.ToString().TrimEnd()}";
             return false;
         }
 
@@ -358,10 +375,8 @@ public class OrganizationLicense : ILicense
 
             return valid;
         }
-        else
-        {
-            throw new NotSupportedException($"Version {Version} is not supported.");
-        }
+
+        throw new NotSupportedException($"Version {Version} is not supported.");
     }
 
     public bool VerifySignature(X509Certificate2 certificate)
diff --git a/src/Core/Models/Business/UserLicense.cs b/src/Core/Models/Business/UserLicense.cs
index f079a7183..0f1b191a1 100644
--- a/src/Core/Models/Business/UserLicense.cs
+++ b/src/Core/Models/Business/UserLicense.cs
@@ -113,21 +113,43 @@ public class UserLicense : ILicense
         }
     }
 
-    public bool CanUse(User user)
+    public bool CanUse(User user, out string exception)
     {
-        if (Issued > DateTime.UtcNow || Expires < DateTime.UtcNow)
+        var errorMessages = new StringBuilder();
+
+        if (Issued > DateTime.UtcNow)
         {
-            return false;
+            errorMessages.AppendLine("The license hasn't been issued yet.");
         }
 
-        if (Version == 1)
+        if (Expires < DateTime.UtcNow)
         {
-            return user.EmailVerified && user.Email.Equals(Email, StringComparison.InvariantCultureIgnoreCase);
+            errorMessages.AppendLine("The license has expired.");
         }
-        else
+
+        if (Version != 1)
         {
             throw new NotSupportedException($"Version {Version} is not supported.");
         }
+
+        if (!user.EmailVerified)
+        {
+            errorMessages.AppendLine("The user's email is not verified.");
+        }
+
+        if (!user.Email.Equals(Email, StringComparison.InvariantCultureIgnoreCase))
+        {
+            errorMessages.AppendLine("The user's email does not match the license email.");
+        }
+
+        if (errorMessages.Length > 0)
+        {
+            exception = $"Invalid license. {errorMessages.ToString().TrimEnd()}";
+            return false;
+        }
+
+        exception = "";
+        return true;
     }
 
     public bool VerifyData(User user)
@@ -144,10 +166,8 @@ public class UserLicense : ILicense
                 user.Premium == Premium &&
                 user.Email.Equals(Email, StringComparison.InvariantCultureIgnoreCase);
         }
-        else
-        {
-            throw new NotSupportedException($"Version {Version} is not supported.");
-        }
+
+        throw new NotSupportedException($"Version {Version} is not supported.");
     }
 
     public bool VerifySignature(X509Certificate2 certificate)
diff --git a/src/Core/Services/Implementations/UserService.cs b/src/Core/Services/Implementations/UserService.cs
index 7751aff16..cd1d58acd 100644
--- a/src/Core/Services/Implementations/UserService.cs
+++ b/src/Core/Services/Implementations/UserService.cs
@@ -891,9 +891,9 @@ public class UserService : UserManager<User>, IUserService, IDisposable
                 throw new BadRequestException("Invalid license.");
             }
 
-            if (!license.CanUse(user))
+            if (!license.CanUse(user, out var exceptionMessage))
             {
-                throw new BadRequestException("This license is not valid for this user.");
+                throw new BadRequestException(exceptionMessage);
             }
 
             var dir = $"{_globalSettings.LicenseDirectory}/user";
@@ -960,9 +960,9 @@ public class UserService : UserManager<User>, IUserService, IDisposable
             throw new BadRequestException("Invalid license.");
         }
 
-        if (!license.CanUse(user))
+        if (!license.CanUse(user, out var exceptionMessage))
         {
-            throw new BadRequestException("This license is not valid for this user.");
+            throw new BadRequestException(exceptionMessage);
         }
 
         var dir = $"{_globalSettings.LicenseDirectory}/user";