[AC-1937] Server: Implement endpoint to retrieve provider payment information

[cyprain-okeke]

Type of change

- [ ] Bug fix
- [x] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

Implement an Admin Console endpoint that retrieves a provider’s payment information. This endpoint should only be accessible to the ProviderAdmin.

Data Required

How much account credit the provider has

The provider’s truncated payment method information

Card type

Last 4

Expiration MM/YYYY

The provider’s tax information (same as paid organizations)

{
  "paymentMethod": {
    "type": 0,
    "description": "VISA, *4242, 04/2029",
    "cardBrand": "visa"
  },
  "taxInformation": {
    "country": "FR",
    "postalCode": "95600",
    "taxId": "FRAB123456789",
    "line1": "64 Avenue Millies Lacroix",
    "line2": null,
    "city": "Eaubonne",
    "state": "Île-de-France"
  }
}

Code changes

• file.ext: Description of what was changed and why

Before you submit

• Please check for formatting errors (dotnet format --verify-no-changes) (required)
• If making database changes - make sure you also update Entity Framework queries and/or migrations
• Please add unit tests where it makes sense to do so (encouraged but not required)
• If this change requires a documentation update - notify the documentation team
• If this change has particular deployment requirements - notify the DevOps team

[github-actions]

Checkmarx One – Scan Summary & Details – eed54c68-4e6f-4382-adb0-8be5cea9cad8

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 190	Attack Vector
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 333	Attack Vector
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 333	Attack Vector
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: 169	Attack Vector
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 707	Attack Vector
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 118	Attack Vector
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: 327	Attack Vector
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 81	Attack Vector
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 93	Attack Vector

[amorask-bitwarden]

GetBillingAsync is the method we discussed in our Dev Sync that we determined does a little too much work for what's asked of it. We'd also like to try and phase out the StripePaymentService as much as possible. What do you think about adding two new methods to the SubscriberService?

SubscriberService.GetTaxInformation and SubscriberService.GetPaymentMethod. You could add new DTOs representing tax information and a payment method in our Core/Billing folder so we'd have ownership of them. Then, the ProviderPaymentInfoDTO could use those two new DTOs.

[amorask-bitwarden]

Sorry might have missed something, but I think I got pinged for a re-review. Did we have an update here?

[amorask-bitwarden]

Not sure what happened here, but it looks like a bunch of unrelated commits got pulled in.