[PM-332124] Finalize PolicyRequirement + 2FA Feature Flag

[sven-bitwarden]

🎟️ Tracking

PM-33213

📔 Objective

AC is moving on from the PolicyRequirements feature flag, and committing to its removal (and subsequent enablement).

This PR handles the code around the 2FA flag, and is now using PolicyRequirements where it can. The majority of this PR was spent removing tests that are no longer applicable.

[claude]

Claude finished @sven-bitwarden's task in 3m 15s —— View job

---

I'll analyze this and get back to you.

[claude]

Review Summary

Clean feature flag removal for the PolicyRequirements flag as it relates to 2FA policy enforcement. The PR removes the legacy IPolicyService code paths from four source files (AcceptOrgUserCommand, ConfirmOrganizationUserCommand, RestoreOrganizationUserCommand, UserService), keeping only the already-tested RequireTwoFactorPolicyRequirement path that was behind the flag.

Risk Assessment: Low

• All 2FA policy enforcement logic is preserved through the RequireTwoFactorPolicyRequirement path
• The kept code paths were already production-exercised behind the feature flag
• Unused dependencies (IPolicyService, IFido2, IApplicationCacheService) are properly cleaned up
• Tests are correctly consolidated: duplicate flag-on/flag-off tests are merged, legacy-only tests are removed, and RequireTwoFactorPolicyRequirement mocks are added where the new code path now requires them

No security, correctness, or breaking change concerns identified. The net deletion of ~375 lines is consistent with a well-scoped flag removal.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Checkmarx One – Scan Summary & Details – 6a308c84-85e0-4210-b1d9-8955cd4783a6

Great job! No new security vulnerabilities introduced in this pull request

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.44%. Comparing base (8688cfc) to head (171629c).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7209      +/-   ##
==========================================
- Coverage   57.44%   57.44%   -0.01%     
==========================================
  Files        2032     2032              
  Lines       89410    89370      -40     
  Branches     7951     7945       -6     
==========================================
- Hits        51366    51335      -31     
+ Misses      36201    36195       -6     
+ Partials     1843     1840       -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[jrmccannon]

Looks good to me.