[PM-32508] Remove plan-type endpoint which is no longer used

[JaredScar]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-32508

📔 Objective

Removes the plan-type endpoint from OrganizationsController which is no longer used by AdminConsole team or any teams to resolve vulnerability where this endpoint could be used to find out organization's plan type if the ID is known...

[claude]

Claude finished @JaredScar's task in 1m 28s —— View job

---

Summary

PR: PM-32508 Remove plan-type endpoint which is no longer used

No issues found. This PR cleanly removes the GetPlanType endpoint from OrganizationsController, which is a security-positive change.

What changed

A single endpoint was deleted from /src/Api/AdminConsole/Controllers/OrganizationsController.cs (12 lines removed, 0 lines added):

• Removed: [HttpGet("{id}/plan-type")] - The GetPlanType method that returned an organization's PlanType by ID.

Why this is correct

The removed endpoint had no authorization check beyond the controller-level [Authorize("Application")] attribute. Any authenticated user who knew an organization's GUID could query its plan type -- an information disclosure vulnerability. Other endpoints in the same controller (e.g., Get, Put, Delete) correctly verify the caller's relationship to the organization via _currentContext.OrganizationOwner() or similar checks.

Verification

• No references to GetPlanType or the /plan-type route remain anywhere in src/ or test/.
• The --plan-type CLI flag in util/SeederUtility/ is unrelated (a local tooling argument, not an API route).
• No test files covered this endpoint, consistent with it being unused.

Verdict: Clean removal of dead code that closed an information disclosure vulnerability. Low risk, no concerns.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Checkmarx One – Scan Summary & Details – 08fa50ea-ca8a-4d32-97f8-817aed6da489

Great job! No new security vulnerabilities introduced in this pull request

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.89%. Comparing base (7667789) to head (a604f55).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #7177   +/-   ##
=======================================
  Coverage   56.88%   56.89%           
=======================================
  Files        2028     2028           
  Lines       88830    88822    -8     
  Branches     7918     7917    -1     
=======================================
  Hits        50532    50532           
+ Misses      36468    36460    -8     
  Partials     1830     1830           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.