[PM-26429] Add validation to policy data and metadata

[r-tome]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-26429

📔 Objective

Add server-side validation to the request body and return the appropriate HTTP status code and error message.
For Policy.Data and SavePolicyModel.Metadata in PUT organizations/{orgId}/policies/{type} > For Policy.Data in PUT organizations/{orgId}/policies/{type}

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[codecov]

Codecov Report

❌ Patch coverage is 96.72131% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 52.02%. Comparing base (ff4b3eb) to head (f957c91).

Files with missing lines	Patch %	Lines
...Core/AdminConsole/Utilities/PolicyDataValidator.cs	94.28%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6460      +/-   ##
==========================================
+ Coverage   51.99%   52.02%   +0.02%     
==========================================
  Files        1876     1877       +1     
  Lines       82633    82651      +18     
  Branches     7316     7316              
==========================================
+ Hits        42969    42997      +28     
+ Misses      38008    37995      -13     
- Partials     1656     1659       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Checkmarx One – Scan Summary & Details – 54a486f7-0ae1-434f-83f0-41c3f5240dfe

New Issues (3)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 427	details Method at line 427 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... ID: qB2Oh4bvPkc2tAsuqY%2B%2FiPKPcCE%3D Attack Vector
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1537	details Method at line 1537 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... ID: oS5I%2FDxqQus8L80ybnB6qqHIyTo%3D Attack Vector
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1408	details Method at line 1408 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... ID: siIZQHKaoXC15rRHhlVxewk6xUo%3D Attack Vector

Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 300

[jrmccannon]

You can remove the nullable and null check now.

[jrmccannon]

Save as above

Didn't see the tests were failing

[jrmccannon]

🚀

[r-tome]

@jrmccannon, I have updated the error message to explicitly say which field had the wrong type.