@blackcode_sa/metaestetics-api 1.15.14 → 1.15.17-staging.0

package/src/services/auth/auth.v2.service.ts

@@ -1,961 +1,961 @@
-import {
-  Auth,
-  User as FirebaseUser,
-  signInWithEmailAndPassword,
-  createUserWithEmailAndPassword,
-  signInAnonymously as firebaseSignInAnonymously,
-  signOut as firebaseSignOut,
-  GoogleAuthProvider,
-  FacebookAuthProvider,
-  OAuthProvider,
-  signInWithPopup,
-  signInWithRedirect,
-  getRedirectResult,
-  linkWithCredential,
-  EmailAuthProvider,
-  onAuthStateChanged,
-  sendPasswordResetEmail,
-  verifyPasswordResetCode,
-  confirmPasswordReset,
-  linkWithPopup,
-} from "firebase/auth";
-import {
-  doc,
-  setDoc,
-  getDoc,
-  serverTimestamp,
-  collection,
-  query,
-  where,
-  getDocs,
-  Timestamp,
-  updateDoc,
-  Firestore,
-} from "firebase/firestore";
-import { FirebaseApp } from "firebase/app";
-import { User, UserRole, USERS_COLLECTION } from "../../types";
-import { z } from "zod";
-import {
-  emailSchema,
-  passwordSchema,
-  userRoleSchema,
-} from "../../validations/schemas";
-import { AuthError, AUTH_ERRORS } from "../../errors/auth.errors";
-import { FirebaseErrorCode } from "../../errors/firebase.errors";
-import { FirebaseError } from "../../errors/firebase.errors";
-import { BaseService } from "../base.service";
-import { UserService } from "../user/user.service";
-import { throws } from "assert";
-import {
-  ClinicGroup,
-  AdminToken,
-  AdminTokenStatus,
-  CreateClinicGroupData,
-  CreateClinicAdminData,
-  ContactPerson,
-  ClinicAdminSignupData,
-  SubscriptionModel,
-  CLINIC_GROUPS_COLLECTION,
-  ClinicAdmin,
-} from "../../types/clinic";
-import { clinicAdminSignupSchema } from "../../validations/clinic.schema";
-import { ClinicGroupService } from "../clinic/clinic-group.service";
-import { ClinicAdminService } from "../clinic/clinic-admin.service";
-import { ClinicService } from "../clinic/clinic.service";
-import {
-  Practitioner,
-  CreatePractitionerData,
-  PractitionerStatus,
-  PractitionerBasicInfo,
-  PractitionerCertification,
-} from "../../types/practitioner";
-import { PractitionerService } from "../practitioner/practitioner.service";
-import { practitionerSignupSchema } from "../../validations/practitioner.schema";
-import { CertificationLevel } from "../../backoffice/types/static/certification.types";
-import { getFirebaseFunctions } from "../../config/firebase";
-import {
-  httpsCallable,
-  HttpsCallableResult,
-  Functions,
-} from "firebase/functions";
-
-// Define types for our cloud function responses
-interface PatientProfileResponse {
-  user: User;
-  patientProfile: any;
-}
-
-interface ClinicAdminResponse {
-  user: User;
-  clinicGroup: ClinicGroup;
-  clinicAdmin: ClinicAdmin;
-}
-
-interface PractitionerResponse {
-  user: User;
-  practitioner: Practitioner;
-}
-
-export class AuthServiceV2 extends BaseService {
-  private googleProvider = new GoogleAuthProvider();
-  private facebookProvider = new FacebookAuthProvider();
-  private appleProvider = new OAuthProvider("apple.com");
-  private userService: UserService;
-  private functions!: Functions;
-
-  constructor(
-    db: Firestore,
-    auth: Auth,
-    app: FirebaseApp,
-    userService?: UserService
-  ) {
-    super(db, auth, app);
-
-    // Initialize UserService if not provided
-    if (!userService) {
-      userService = new UserService(db, auth, app);
-    }
-    this.userService = userService;
-
-    // Initialize functions
-    getFirebaseFunctions().then((functions) => {
-      this.functions = functions;
-    });
-  }
-
-  // Make sure to handle the case where this.functions is not yet initialized
-  private async getFunctions(): Promise<Functions> {
-    if (!this.functions) {
-      this.functions = await getFirebaseFunctions();
-    }
-    return this.functions;
-  }
-
-  /**
-   * Registruje novog korisnika sa email-om i lozinkom
-   */
-  async signUp(
-    email: string,
-    password: string,
-    initialRole: UserRole = UserRole.PATIENT
-  ): Promise<User> {
-    // Create Firebase Auth user
-    const { user: firebaseUser } = await createUserWithEmailAndPassword(
-      this.auth,
-      email,
-      password
-    );
-
-    if (initialRole === UserRole.PATIENT) {
-      // For patient role, we now use cloud function
-      const functions = await this.getFunctions();
-      const createAnonymousPatientProfile = httpsCallable<
-        {},
-        PatientProfileResponse
-      >(functions, "createAnonymousPatientProfile");
-
-      const result = await createAnonymousPatientProfile({});
-      return (result.data as PatientProfileResponse).user;
-    } else {
-      // For other roles, we still use the local service for now
-      // This will be updated in future PRs
-      return this.userService.createUser(firebaseUser, [initialRole]);
-    }
-  }
-
-  /**
-   * Registers a new clinic admin user with email and password
-   * Can either create a new clinic group or join an existing one with a token
-   *
-   * @param data - Clinic admin signup data
-   * @returns Object containing the created user, clinic group, and clinic admin
-   */
-  async signUpClinicAdmin(data: ClinicAdminSignupData): Promise<{
-    user: User;
-    clinicGroup: ClinicGroup;
-    clinicAdmin: ClinicAdmin;
-  }> {
-    try {
-      console.log("[AUTH] Starting clinic admin signup process", {
-        email: data.email,
-      });
-
-      // Create Firebase user
-      console.log("[AUTH] Creating Firebase user");
-      let firebaseUser;
-      try {
-        const result = await createUserWithEmailAndPassword(
-          this.auth,
-          data.email,
-          data.password
-        );
-        firebaseUser = result.user;
-        console.log("[AUTH] Firebase user created successfully", {
-          uid: firebaseUser.uid,
-        });
-      } catch (firebaseError) {
-        console.error("[AUTH] Firebase user creation failed:", firebaseError);
-        throw firebaseError;
-      }
-
-      // Prepare contact person info
-      const contactPerson: ContactPerson = {
-        firstName: data.firstName,
-        lastName: data.lastName,
-        title: data.title,
-        email: data.email,
-        phoneNumber: data.phoneNumber,
-      };
-
-      if (data.isCreatingNewGroup) {
-        // Creating new group - call cloud function
-        const functions = await this.getFunctions();
-        const createClinicGroupWithAdmin = httpsCallable<
-          {
-            groupData: any;
-            contactInfo: ContactPerson;
-          },
-          ClinicAdminResponse
-        >(functions, "createClinicGroupWithAdmin");
-
-        // Call cloud function
-        const result = await createClinicGroupWithAdmin({
-          groupData: data.clinicGroupData,
-          contactInfo: contactPerson,
-        });
-
-        return result.data as ClinicAdminResponse;
-      } else {
-        // Joining existing group with token
-        if (!data.inviteToken) {
-          throw new Error(
-            "Invite token is required when joining an existing group"
-          );
-        }
-
-        // Call cloud function
-        const functions = await this.getFunctions();
-        const joinClinicGroupWithToken = httpsCallable<
-          {
-            token: string;
-            contactInfo: ContactPerson;
-          },
-          ClinicAdminResponse
-        >(functions, "joinClinicGroupWithToken");
-
-        const result = await joinClinicGroupWithToken({
-          token: data.inviteToken,
-          contactInfo: contactPerson,
-        });
-
-        return result.data as ClinicAdminResponse;
-      }
-    } catch (error) {
-      if (error instanceof z.ZodError) {
-        console.error(
-          "[AUTH] Zod validation error in signUpClinicAdmin:",
-          JSON.stringify(error.errors, null, 2)
-        );
-        throw AUTH_ERRORS.VALIDATION_ERROR;
-      }
-
-      const firebaseError = error as FirebaseError;
-      if (firebaseError.code === FirebaseErrorCode.EMAIL_ALREADY_IN_USE) {
-        console.error("[AUTH] Email already in use:", data.email);
-        throw AUTH_ERRORS.EMAIL_ALREADY_EXISTS;
-      }
-
-      console.error("[AUTH] Unhandled error in signUpClinicAdmin:", error);
-      throw error;
-    }
-  }
-
-  /**
-   * Prijavljuje korisnika sa email-om i lozinkom
-   */
-  async signIn(email: string, password: string): Promise<User> {
-    const { user: firebaseUser } = await signInWithEmailAndPassword(
-      this.auth,
-      email,
-      password
-    );
-
-    // Update login timestamp via UserService
-    return this.userService.updateUserLoginTimestamp(firebaseUser.uid);
-  }
-
-  /**
-   * Prijavljuje korisnika sa email-om i lozinkom samo za clinic_admin role
-   * @param email - Email korisnika
-   * @param password - Lozinka korisnika
-   * @returns Objekat koji sadrži korisnika, admin profil i grupu klinika
-   * @throws {AUTH_ERRORS.INVALID_ROLE} Ako korisnik nema clinic_admin rolu
-   * @throws {AUTH_ERRORS.NOT_FOUND} Ako admin profil nije pronađen
-   */
-  async signInClinicAdmin(
-    email: string,
-    password: string
-  ): Promise<{
-    user: User;
-    clinicAdmin: ClinicAdmin;
-    clinicGroup: ClinicGroup;
-  }> {
-    try {
-      // Sign in with email/password
-      const { user: firebaseUser } = await signInWithEmailAndPassword(
-        this.auth,
-        email,
-        password
-      );
-
-      // Get user
-      const user = await this.userService.getUserById(firebaseUser.uid);
-
-      // Check if user has clinic_admin role
-      if (!user.roles?.includes(UserRole.CLINIC_ADMIN)) {
-        console.error("[AUTH] User is not a clinic admin:", user.uid);
-        // Sign out the user immediately for security
-        await this.auth.signOut();
-        throw AUTH_ERRORS.UNAUTHORIZED_ROLE;
-      }
-
-      // Check and get admin profile
-      if (!user.adminProfile) {
-        console.error("[AUTH] User has no admin profile:", user.uid);
-        throw AUTH_ERRORS.NOT_FOUND;
-      }
-
-      // This part would ideally use cloud functions to get the admin profile and clinic group
-      // But for now, we'll continue using the existing services
-
-      // Initialize services
-      const clinicAdminService = new ClinicAdminService(
-        this.db,
-        this.auth,
-        this.app
-      );
-      const clinicGroupService = new ClinicGroupService(
-        this.db,
-        this.auth,
-        this.app,
-        clinicAdminService
-      );
-      clinicAdminService.setServices(clinicGroupService, null as any);
-
-      // Get admin profile
-      const adminProfile = await clinicAdminService.getClinicAdmin(
-        user.adminProfile
-      );
-      if (!adminProfile) {
-        console.error("[AUTH] Admin profile not found:", user.adminProfile);
-        throw AUTH_ERRORS.NOT_FOUND;
-      }
-
-      // Get clinic group
-      const clinicGroup = await clinicGroupService.getClinicGroup(
-        adminProfile.clinicGroupId
-      );
-      if (!clinicGroup) {
-        console.error(
-          "[AUTH] Clinic group not found:",
-          adminProfile.clinicGroupId
-        );
-        throw AUTH_ERRORS.NOT_FOUND;
-      }
-
-      return {
-        user,
-        clinicAdmin: adminProfile,
-        clinicGroup,
-      };
-    } catch (error) {
-      console.error("[AUTH] Error in signInClinicAdmin:", error);
-      throw error;
-    }
-  }
-
-  /**
-   * Prijavljuje korisnika sa Facebook-om
-   */
-  async signInWithFacebook(): Promise<User> {
-    const provider = new FacebookAuthProvider();
-    provider.addScope("email");
-    const { user: firebaseUser } = await signInWithPopup(this.auth, provider);
-
-    // Check for existing user
-    try {
-      const existingUser = await this.userService.getUserById(firebaseUser.uid);
-      return this.userService.updateUserLoginTimestamp(firebaseUser.uid);
-    } catch (error) {
-      // User doesn't exist, create anonymous patient
-      const functions = await this.getFunctions();
-      const createAnonymousPatientProfile = httpsCallable<
-        {},
-        PatientProfileResponse
-      >(functions, "createAnonymousPatientProfile");
-
-      const result = await createAnonymousPatientProfile({});
-      return (result.data as PatientProfileResponse).user;
-    }
-  }
-
-  /**
-   * Prijavljuje korisnika sa Google nalogom
-   */
-  async signInWithGoogle(
-    initialRole: UserRole = UserRole.PATIENT
-  ): Promise<User> {
-    this.googleProvider.addScope("email");
-    const { user: firebaseUser } = await signInWithPopup(
-      this.auth,
-      this.googleProvider
-    );
-
-    // Check for existing user
-    try {
-      const existingUser = await this.userService.getUserById(firebaseUser.uid);
-      return this.userService.updateUserLoginTimestamp(firebaseUser.uid);
-    } catch (error) {
-      // User doesn't exist, create anonymous patient
-      const functions = await this.getFunctions();
-      const createAnonymousPatientProfile = httpsCallable<
-        {},
-        PatientProfileResponse
-      >(functions, "createAnonymousPatientProfile");
-
-      const result = await createAnonymousPatientProfile({});
-      return (result.data as any).user;
-    }
-  }
-
-  /**
-   * Prijavljuje korisnika sa Apple-om
-   */
-  async signInWithApple(): Promise<User> {
-    const provider = new OAuthProvider("apple.com");
-    provider.addScope("email");
-    provider.addScope("name");
-    const { user: firebaseUser } = await signInWithPopup(this.auth, provider);
-
-    // Check for existing user
-    try {
-      const existingUser = await this.userService.getUserById(firebaseUser.uid);
-      return this.userService.updateUserLoginTimestamp(firebaseUser.uid);
-    } catch (error) {
-      // User doesn't exist, create anonymous patient
-      const functions = await this.getFunctions();
-      const createAnonymousPatientProfile = httpsCallable(
-        functions,
-        "createAnonymousPatientProfile"
-      );
-
-      const result = await createAnonymousPatientProfile({});
-      return (result.data as any).user;
-    }
-  }
-
-  /**
-   * Prijavljuje korisnika anonimno
-   */
-  async signInAnonymously(): Promise<User> {
-    const { user: firebaseUser } = await firebaseSignInAnonymously(this.auth);
-
-    // Create anonymous patient profile using cloud function
-    const functions = await this.getFunctions();
-    const createAnonymousPatientProfile = httpsCallable(
-      functions,
-      "createAnonymousPatientProfile"
-    );
-
-    const result = await createAnonymousPatientProfile({});
-    return (result.data as any).user;
-  }
-
-  /**
-   * Odjavljuje trenutnog korisnika
-   */
-  async signOut(): Promise<void> {
-    await firebaseSignOut(this.auth);
-  }
-
-  /**
-   * Vraća trenutno prijavljenog korisnika
-   */
-  async getCurrentUser(): Promise<User | null> {
-    const firebaseUser = this.auth.currentUser;
-    if (!firebaseUser) return null;
-
-    try {
-      return this.userService.getUserById(firebaseUser.uid);
-    } catch (error) {
-      console.error("Error getting current user:", error);
-      return null;
-    }
-  }
-
-  /**
-   * Registruje callback za promene stanja autentifikacije
-   */
-  onAuthStateChange(callback: (user: FirebaseUser | null) => void): () => void {
-    return onAuthStateChanged(this.auth, callback);
-  }
-
-  /**
-   * Upgrades an anonymous user to a regular user with email and password
-   */
-  async upgradeAnonymousUser(email: string, password: string): Promise<User> {
-    try {
-      await emailSchema.parseAsync(email);
-      await passwordSchema.parseAsync(password);
-
-      const currentUser = this.auth.currentUser;
-      if (!currentUser) {
-        throw AUTH_ERRORS.NOT_AUTHENTICATED;
-      }
-      if (!currentUser.isAnonymous) {
-        throw new AuthError(
-          "User is not anonymous",
-          "AUTH/NOT_ANONYMOUS_USER",
-          400
-        );
-      }
-
-      // Create email credential
-      const credential = EmailAuthProvider.credential(email, password);
-
-      // Link credential to current user
-      await linkWithCredential(currentUser, credential);
-
-      // Call cloud function to update backend
-      const functions = await this.getFunctions();
-      const upgradeAnonymousPatient = httpsCallable<
-        {
-          email: string;
-          profileData: {
-            email: string;
-          };
-        },
-        PatientProfileResponse
-      >(functions, "upgradeAnonymousPatient");
-
-      const result = await upgradeAnonymousPatient({
-        email,
-        profileData: {
-          email,
-        },
-      });
-
-      return (result.data as any).user;
-    } catch (error) {
-      if (error instanceof z.ZodError) {
-        throw AUTH_ERRORS.VALIDATION_ERROR;
-      }
-      const firebaseError = error as FirebaseError;
-      if (firebaseError.code === FirebaseErrorCode.EMAIL_ALREADY_IN_USE) {
-        throw AUTH_ERRORS.EMAIL_ALREADY_EXISTS;
-      }
-      throw error;
-    }
-  }
-
-  /**
-   * Upgrades an anonymous user to a regular user by signing in with a Google account.
-   */
-  async upgradeAnonymousUserWithGoogle(): Promise<User> {
-    try {
-      const currentUser = this.auth.currentUser;
-      if (!currentUser) {
-        throw AUTH_ERRORS.NOT_AUTHENTICATED;
-      }
-      if (!currentUser.isAnonymous) {
-        throw new AuthError(
-          "User is not anonymous",
-          "AUTH/NOT_ANONYMOUS_USER",
-          400
-        );
-      }
-
-      this.googleProvider.addScope("email");
-      const userCredential = await linkWithPopup(
-        currentUser,
-        this.googleProvider
-      );
-
-      if (!userCredential) throw AUTH_ERRORS.INVALID_CREDENTIAL;
-      if (!userCredential.user.email) throw AUTH_ERRORS.INVALID_CREDENTIAL;
-
-      // Call cloud function to update backend
-      const functions = await this.getFunctions();
-      const upgradeAnonymousPatient = httpsCallable(
-        functions,
-        "upgradeAnonymousPatient"
-      );
-
-      const result = await upgradeAnonymousPatient({
-        email: userCredential.user.email,
-        profileData: {
-          email: userCredential.user.email,
-        },
-      });
-
-      return (result.data as any).user;
-    } catch (error: unknown) {
-      const firebaseError = error as FirebaseError;
-      if (firebaseError.code === FirebaseErrorCode.POPUP_CLOSED_BY_USER) {
-        throw AUTH_ERRORS.POPUP_CLOSED;
-      }
-      throw error;
-    }
-  }
-
-  async upgradeAnonymousUserWithFacebook(): Promise<User> {
-    try {
-      const currentUser = this.auth.currentUser;
-      if (!currentUser) {
-        throw AUTH_ERRORS.NOT_AUTHENTICATED;
-      }
-      if (!currentUser.isAnonymous) {
-        throw new AuthError(
-          "User is not anonymous",
-          "AUTH/NOT_ANONYMOUS_USER",
-          400
-        );
-      }
-
-      this.facebookProvider.addScope("email");
-      const userCredential = await linkWithPopup(
-        currentUser,
-        this.facebookProvider
-      );
-
-      if (!userCredential) throw AUTH_ERRORS.INVALID_CREDENTIAL;
-      if (!userCredential.user.email) throw AUTH_ERRORS.INVALID_CREDENTIAL;
-
-      // Call cloud function to update backend
-      const functions = await this.getFunctions();
-      const upgradeAnonymousPatient = httpsCallable(
-        functions,
-        "upgradeAnonymousPatient"
-      );
-
-      const result = await upgradeAnonymousPatient({
-        email: userCredential.user.email,
-        profileData: {
-          email: userCredential.user.email,
-        },
-      });
-
-      return (result.data as any).user;
-    } catch (error: unknown) {
-      const firebaseError = error as FirebaseError;
-      if (firebaseError.code === FirebaseErrorCode.POPUP_CLOSED_BY_USER) {
-        throw AUTH_ERRORS.POPUP_CLOSED;
-      }
-      throw error;
-    }
-  }
-
-  async upgradeAnonymousUserWithApple(): Promise<User> {
-    try {
-      const currentUser = this.auth.currentUser;
-      if (!currentUser) {
-        throw AUTH_ERRORS.NOT_AUTHENTICATED;
-      }
-      if (!currentUser.isAnonymous) {
-        throw new AuthError(
-          "User is not anonymous",
-          "AUTH/NOT_ANONYMOUS_USER",
-          400
-        );
-      }
-
-      this.appleProvider.addScope("email");
-      this.appleProvider.addScope("name");
-      const userCredential = await linkWithPopup(
-        currentUser,
-        this.appleProvider
-      );
-
-      if (!userCredential) throw AUTH_ERRORS.INVALID_CREDENTIAL;
-      if (!userCredential.user.email) throw AUTH_ERRORS.INVALID_CREDENTIAL;
-
-      // Call cloud function to update backend
-      const functions = await this.getFunctions();
-      const upgradeAnonymousPatient = httpsCallable(
-        functions,
-        "upgradeAnonymousPatient"
-      );
-
-      const result = await upgradeAnonymousPatient({
-        email: userCredential.user.email,
-        profileData: {
-          email: userCredential.user.email,
-        },
-      });
-
-      return (result.data as any).user;
-    } catch (error: unknown) {
-      const firebaseError = error as FirebaseError;
-      if (firebaseError.code === FirebaseErrorCode.POPUP_CLOSED_BY_USER) {
-        throw AUTH_ERRORS.POPUP_CLOSED;
-      }
-      throw error;
-    }
-  }
-
-  /**
-   * Šalje email za resetovanje lozinke korisniku
-   * @param email Email adresa korisnika
-   * @returns Promise koji se razrešava kada je email poslat
-   */
-  async sendPasswordResetEmail(email: string): Promise<void> {
-    try {
-      await emailSchema.parseAsync(email);
-      const functions = await this.getFunctions();
-      await sendPasswordResetEmail(this.auth, email);
-    } catch (error) {
-      if (error instanceof z.ZodError) {
-        throw AUTH_ERRORS.VALIDATION_ERROR;
-      }
-
-      const firebaseError = error as FirebaseError;
-      if (firebaseError.code === FirebaseErrorCode.USER_NOT_FOUND) {
-        throw AUTH_ERRORS.USER_NOT_FOUND;
-      }
-
-      throw error;
-    }
-  }
-
-  /**
-   * Verifikuje kod za resetovanje lozinke iz email linka
-   * @param oobCode Kod iz URL-a za resetovanje lozinke
-   * @returns Promise koji se razrešava sa email adresom korisnika ako je kod validan
-   */
-  async verifyPasswordResetCode(oobCode: string): Promise<string> {
-    try {
-      const functions = await this.getFunctions();
-      return await verifyPasswordResetCode(this.auth, oobCode);
-    } catch (error) {
-      const firebaseError = error as FirebaseError;
-      if (firebaseError.code === FirebaseErrorCode.EXPIRED_ACTION_CODE) {
-        throw AUTH_ERRORS.EXPIRED_ACTION_CODE;
-      } else if (firebaseError.code === FirebaseErrorCode.INVALID_ACTION_CODE) {
-        throw AUTH_ERRORS.INVALID_ACTION_CODE;
-      }
-
-      throw error;
-    }
-  }
-
-  /**
-   * Potvrđuje resetovanje lozinke i postavlja novu lozinku
-   * @param oobCode Kod iz URL-a za resetovanje lozinke
-   * @param newPassword Nova lozinka
-   * @returns Promise koji se razrešava kada je lozinka promenjena
-   */
-  async confirmPasswordReset(
-    oobCode: string,
-    newPassword: string
-  ): Promise<void> {
-    try {
-      await passwordSchema.parseAsync(newPassword);
-      const functions = await this.getFunctions();
-      await confirmPasswordReset(this.auth, oobCode, newPassword);
-    } catch (error) {
-      if (error instanceof z.ZodError) {
-        throw AUTH_ERRORS.VALIDATION_ERROR;
-      }
-
-      const firebaseError = error as FirebaseError;
-      if (firebaseError.code === FirebaseErrorCode.EXPIRED_ACTION_CODE) {
-        throw AUTH_ERRORS.EXPIRED_ACTION_CODE;
-      } else if (firebaseError.code === FirebaseErrorCode.INVALID_ACTION_CODE) {
-        throw AUTH_ERRORS.INVALID_ACTION_CODE;
-      } else if (firebaseError.code === FirebaseErrorCode.WEAK_PASSWORD) {
-        throw AUTH_ERRORS.WEAK_PASSWORD;
-      }
-
-      throw error;
-    }
-  }
-
-  /**
-   * Registers a new practitioner user with email and password
-   * Can either create a new practitioner profile or claim an existing draft profile with a token
-   */
-  async signUpPractitioner(data: {
-    email: string;
-    password: string;
-    firstName: string;
-    lastName: string;
-    token?: string;
-    profileData?: Partial<CreatePractitionerData>;
-  }): Promise<{
-    user: User;
-    practitioner: Practitioner;
-  }> {
-    try {
-      console.log("[AUTH] Starting practitioner signup process", {
-        email: data.email,
-        hasToken: !!data.token,
-      });
-
-      // Create Firebase user
-      console.log("[AUTH] Creating Firebase user");
-      let firebaseUser;
-      try {
-        const result = await createUserWithEmailAndPassword(
-          this.auth,
-          data.email,
-          data.password
-        );
-        firebaseUser = result.user;
-        console.log("[AUTH] Firebase user created successfully", {
-          uid: firebaseUser.uid,
-        });
-      } catch (firebaseError) {
-        console.error("[AUTH] Firebase user creation failed:", firebaseError);
-        throw firebaseError;
-      }
-
-      if (data.token) {
-        // Claiming existing profile with token
-        console.log("[AUTH] Claiming draft profile with token");
-
-        const functions = await this.getFunctions();
-        const validateTokenAndClaimProfile = httpsCallable<
-          {
-            token: string;
-          },
-          PractitionerResponse
-        >(functions, "validateTokenAndClaimProfile");
-
-        const result = await validateTokenAndClaimProfile({
-          token: data.token,
-        });
-
-        return result.data as PractitionerResponse;
-      } else {
-        // Creating new profile
-        console.log("[AUTH] Creating new practitioner profile");
-
-        // Prepare basic info based on form data
-        const profileData = data.profileData || {};
-        if (!profileData.basicInfo) {
-          profileData.basicInfo = {
-            firstName: data.firstName,
-            lastName: data.lastName,
-            email: data.email,
-            phoneNumber: "",
-            title: "Practitioner",
-            profileImageUrl: "",
-            dateOfBirth: new Date(),
-            gender: "other",
-            languages: ["English"],
-            bio: "",
-          };
-        }
-
-        const functions = await this.getFunctions();
-        const createPractitionerProfile = httpsCallable<
-          {
-            profileData: Partial<CreatePractitionerData>;
-          },
-          PractitionerResponse
-        >(functions, "createPractitionerProfile");
-
-        const result = await createPractitionerProfile({
-          profileData,
-        });
-
-        return result.data as PractitionerResponse;
-      }
-    } catch (error) {
-      if (error instanceof z.ZodError) {
-        console.error(
-          "[AUTH] Zod validation error in signUpPractitioner:",
-          JSON.stringify(error.errors, null, 2)
-        );
-        throw AUTH_ERRORS.VALIDATION_ERROR;
-      }
-
-      const firebaseError = error as FirebaseError;
-      if (firebaseError.code === FirebaseErrorCode.EMAIL_ALREADY_IN_USE) {
-        console.error("[AUTH] Email already in use:", data.email);
-        throw AUTH_ERRORS.EMAIL_ALREADY_EXISTS;
-      }
-
-      console.error("[AUTH] Unhandled error in signUpPractitioner:", error);
-      throw error;
-    }
-  }
-
-  /**
-   * Signs in a user with email and password specifically for practitioner role
-   */
-  async signInPractitioner(
-    email: string,
-    password: string
-  ): Promise<{
-    user: User;
-    practitioner: Practitioner;
-  }> {
-    try {
-      console.log("[AUTH] Starting practitioner signin process", {
-        email: email,
-      });
-
-      // Sign in with email/password
-      const { user: firebaseUser } = await signInWithEmailAndPassword(
-        this.auth,
-        email,
-        password
-      );
-
-      // Get user data
-      const user = await this.userService.getUserById(firebaseUser.uid);
-      console.log("[AUTH] User retrieved", { uid: user.uid });
-
-      // Check if user has practitioner role
-      if (!user.roles?.includes(UserRole.PRACTITIONER)) {
-        console.error("[AUTH] User is not a practitioner:", user.uid);
-        throw AUTH_ERRORS.INVALID_ROLE;
-      }
-
-      // Check and get practitioner profile
-      if (!user.practitionerProfile) {
-        console.error("[AUTH] User has no practitioner profile:", user.uid);
-        throw AUTH_ERRORS.NOT_FOUND;
-      }
-
-      // Get practitioner profile using local service
-      // This will be updated to use cloud functions in future PRs
-      const practitionerService = new PractitionerService(
-        this.db,
-        this.auth,
-        this.app
-      );
-
-      const practitioner = await practitionerService.getPractitioner(
-        user.practitionerProfile
-      );
-
-      if (!practitioner) {
-        console.error(
-          "[AUTH] Practitioner profile not found:",
-          user.practitionerProfile
-        );
-        throw AUTH_ERRORS.NOT_FOUND;
-      }
-
-      return {
-        user,
-        practitioner,
-      };
-    } catch (error) {
-      console.error("[AUTH] Error in signInPractitioner:", error);
-      throw error;
-    }
-  }
-}
+import {
+  Auth,
+  User as FirebaseUser,
+  signInWithEmailAndPassword,
+  createUserWithEmailAndPassword,
+  signInAnonymously as firebaseSignInAnonymously,
+  signOut as firebaseSignOut,
+  GoogleAuthProvider,
+  FacebookAuthProvider,
+  OAuthProvider,
+  signInWithPopup,
+  signInWithRedirect,
+  getRedirectResult,
+  linkWithCredential,
+  EmailAuthProvider,
+  onAuthStateChanged,
+  sendPasswordResetEmail,
+  verifyPasswordResetCode,
+  confirmPasswordReset,
+  linkWithPopup,
+} from "firebase/auth";
+import {
+  doc,
+  setDoc,
+  getDoc,
+  serverTimestamp,
+  collection,
+  query,
+  where,
+  getDocs,
+  Timestamp,
+  updateDoc,
+  Firestore,
+} from "firebase/firestore";
+import { FirebaseApp } from "firebase/app";
+import { User, UserRole, USERS_COLLECTION } from "../../types";
+import { z } from "zod";
+import {
+  emailSchema,
+  passwordSchema,
+  userRoleSchema,
+} from "../../validations/schemas";
+import { AuthError, AUTH_ERRORS } from "../../errors/auth.errors";
+import { FirebaseErrorCode } from "../../errors/firebase.errors";
+import { FirebaseError } from "../../errors/firebase.errors";
+import { BaseService } from "../base.service";
+import { UserService } from "../user/user.service";
+import { throws } from "assert";
+import {
+  ClinicGroup,
+  AdminToken,
+  AdminTokenStatus,
+  CreateClinicGroupData,
+  CreateClinicAdminData,
+  ContactPerson,
+  ClinicAdminSignupData,
+  SubscriptionModel,
+  CLINIC_GROUPS_COLLECTION,
+  ClinicAdmin,
+} from "../../types/clinic";
+import { clinicAdminSignupSchema } from "../../validations/clinic.schema";
+import { ClinicGroupService } from "../clinic/clinic-group.service";
+import { ClinicAdminService } from "../clinic/clinic-admin.service";
+import { ClinicService } from "../clinic/clinic.service";
+import {
+  Practitioner,
+  CreatePractitionerData,
+  PractitionerStatus,
+  PractitionerBasicInfo,
+  PractitionerCertification,
+} from "../../types/practitioner";
+import { PractitionerService } from "../practitioner/practitioner.service";
+import { practitionerSignupSchema } from "../../validations/practitioner.schema";
+import { CertificationLevel } from "../../backoffice/types/static/certification.types";
+import { getFirebaseFunctions } from "../../config/firebase";
+import {
+  httpsCallable,
+  HttpsCallableResult,
+  Functions,
+} from "firebase/functions";
+
+// Define types for our cloud function responses
+interface PatientProfileResponse {
+  user: User;
+  patientProfile: any;
+}
+
+interface ClinicAdminResponse {
+  user: User;
+  clinicGroup: ClinicGroup;
+  clinicAdmin: ClinicAdmin;
+}
+
+interface PractitionerResponse {
+  user: User;
+  practitioner: Practitioner;
+}
+
+export class AuthServiceV2 extends BaseService {
+  private googleProvider = new GoogleAuthProvider();
+  private facebookProvider = new FacebookAuthProvider();
+  private appleProvider = new OAuthProvider("apple.com");
+  private userService: UserService;
+  private functions!: Functions;
+
+  constructor(
+    db: Firestore,
+    auth: Auth,
+    app: FirebaseApp,
+    userService?: UserService
+  ) {
+    super(db, auth, app);
+
+    // Initialize UserService if not provided
+    if (!userService) {
+      userService = new UserService(db, auth, app);
+    }
+    this.userService = userService;
+
+    // Initialize functions
+    getFirebaseFunctions().then((functions) => {
+      this.functions = functions;
+    });
+  }
+
+  // Make sure to handle the case where this.functions is not yet initialized
+  private async getFunctions(): Promise<Functions> {
+    if (!this.functions) {
+      this.functions = await getFirebaseFunctions();
+    }
+    return this.functions;
+  }
+
+  /**
+   * Registruje novog korisnika sa email-om i lozinkom
+   */
+  async signUp(
+    email: string,
+    password: string,
+    initialRole: UserRole = UserRole.PATIENT
+  ): Promise<User> {
+    // Create Firebase Auth user
+    const { user: firebaseUser } = await createUserWithEmailAndPassword(
+      this.auth,
+      email,
+      password
+    );
+
+    if (initialRole === UserRole.PATIENT) {
+      // For patient role, we now use cloud function
+      const functions = await this.getFunctions();
+      const createAnonymousPatientProfile = httpsCallable<
+        {},
+        PatientProfileResponse
+      >(functions, "createAnonymousPatientProfile");
+
+      const result = await createAnonymousPatientProfile({});
+      return (result.data as PatientProfileResponse).user;
+    } else {
+      // For other roles, we still use the local service for now
+      // This will be updated in future PRs
+      return this.userService.createUser(firebaseUser, [initialRole]);
+    }
+  }
+
+  /**
+   * Registers a new clinic admin user with email and password
+   * Can either create a new clinic group or join an existing one with a token
+   *
+   * @param data - Clinic admin signup data
+   * @returns Object containing the created user, clinic group, and clinic admin
+   */
+  async signUpClinicAdmin(data: ClinicAdminSignupData): Promise<{
+    user: User;
+    clinicGroup: ClinicGroup;
+    clinicAdmin: ClinicAdmin;
+  }> {
+    try {
+      console.log("[AUTH] Starting clinic admin signup process", {
+        email: data.email,
+      });
+
+      // Create Firebase user
+      console.log("[AUTH] Creating Firebase user");
+      let firebaseUser;
+      try {
+        const result = await createUserWithEmailAndPassword(
+          this.auth,
+          data.email,
+          data.password
+        );
+        firebaseUser = result.user;
+        console.log("[AUTH] Firebase user created successfully", {
+          uid: firebaseUser.uid,
+        });
+      } catch (firebaseError) {
+        console.error("[AUTH] Firebase user creation failed:", firebaseError);
+        throw firebaseError;
+      }
+
+      // Prepare contact person info
+      const contactPerson: ContactPerson = {
+        firstName: data.firstName,
+        lastName: data.lastName,
+        title: data.title,
+        email: data.email,
+        phoneNumber: data.phoneNumber,
+      };
+
+      if (data.isCreatingNewGroup) {
+        // Creating new group - call cloud function
+        const functions = await this.getFunctions();
+        const createClinicGroupWithAdmin = httpsCallable<
+          {
+            groupData: any;
+            contactInfo: ContactPerson;
+          },
+          ClinicAdminResponse
+        >(functions, "createClinicGroupWithAdmin");
+
+        // Call cloud function
+        const result = await createClinicGroupWithAdmin({
+          groupData: data.clinicGroupData,
+          contactInfo: contactPerson,
+        });
+
+        return result.data as ClinicAdminResponse;
+      } else {
+        // Joining existing group with token
+        if (!data.inviteToken) {
+          throw new Error(
+            "Invite token is required when joining an existing group"
+          );
+        }
+
+        // Call cloud function
+        const functions = await this.getFunctions();
+        const joinClinicGroupWithToken = httpsCallable<
+          {
+            token: string;
+            contactInfo: ContactPerson;
+          },
+          ClinicAdminResponse
+        >(functions, "joinClinicGroupWithToken");
+
+        const result = await joinClinicGroupWithToken({
+          token: data.inviteToken,
+          contactInfo: contactPerson,
+        });
+
+        return result.data as ClinicAdminResponse;
+      }
+    } catch (error) {
+      if (error instanceof z.ZodError) {
+        console.error(
+          "[AUTH] Zod validation error in signUpClinicAdmin:",
+          JSON.stringify(error.errors, null, 2)
+        );
+        throw AUTH_ERRORS.VALIDATION_ERROR;
+      }
+
+      const firebaseError = error as FirebaseError;
+      if (firebaseError.code === FirebaseErrorCode.EMAIL_ALREADY_IN_USE) {
+        console.error("[AUTH] Email already in use:", data.email);
+        throw AUTH_ERRORS.EMAIL_ALREADY_EXISTS;
+      }
+
+      console.error("[AUTH] Unhandled error in signUpClinicAdmin:", error);
+      throw error;
+    }
+  }
+
+  /**
+   * Prijavljuje korisnika sa email-om i lozinkom
+   */
+  async signIn(email: string, password: string): Promise<User> {
+    const { user: firebaseUser } = await signInWithEmailAndPassword(
+      this.auth,
+      email,
+      password
+    );
+
+    // Update login timestamp via UserService
+    return this.userService.updateUserLoginTimestamp(firebaseUser.uid);
+  }
+
+  /**
+   * Prijavljuje korisnika sa email-om i lozinkom samo za clinic_admin role
+   * @param email - Email korisnika
+   * @param password - Lozinka korisnika
+   * @returns Objekat koji sadrži korisnika, admin profil i grupu klinika
+   * @throws {AUTH_ERRORS.INVALID_ROLE} Ako korisnik nema clinic_admin rolu
+   * @throws {AUTH_ERRORS.NOT_FOUND} Ako admin profil nije pronađen
+   */
+  async signInClinicAdmin(
+    email: string,
+    password: string
+  ): Promise<{
+    user: User;
+    clinicAdmin: ClinicAdmin;
+    clinicGroup: ClinicGroup;
+  }> {
+    try {
+      // Sign in with email/password
+      const { user: firebaseUser } = await signInWithEmailAndPassword(
+        this.auth,
+        email,
+        password
+      );
+
+      // Get user
+      const user = await this.userService.getUserById(firebaseUser.uid);
+
+      // Check if user has clinic_admin role
+      if (!user.roles?.includes(UserRole.CLINIC_ADMIN)) {
+        console.error("[AUTH] User is not a clinic admin:", user.uid);
+        // Sign out the user immediately for security
+        await this.auth.signOut();
+        throw AUTH_ERRORS.UNAUTHORIZED_ROLE;
+      }
+
+      // Check and get admin profile
+      if (!user.adminProfile) {
+        console.error("[AUTH] User has no admin profile:", user.uid);
+        throw AUTH_ERRORS.NOT_FOUND;
+      }
+
+      // This part would ideally use cloud functions to get the admin profile and clinic group
+      // But for now, we'll continue using the existing services
+
+      // Initialize services
+      const clinicAdminService = new ClinicAdminService(
+        this.db,
+        this.auth,
+        this.app
+      );
+      const clinicGroupService = new ClinicGroupService(
+        this.db,
+        this.auth,
+        this.app,
+        clinicAdminService
+      );
+      clinicAdminService.setServices(clinicGroupService, null as any);
+
+      // Get admin profile
+      const adminProfile = await clinicAdminService.getClinicAdmin(
+        user.adminProfile
+      );
+      if (!adminProfile) {
+        console.error("[AUTH] Admin profile not found:", user.adminProfile);
+        throw AUTH_ERRORS.NOT_FOUND;
+      }
+
+      // Get clinic group
+      const clinicGroup = await clinicGroupService.getClinicGroup(
+        adminProfile.clinicGroupId
+      );
+      if (!clinicGroup) {
+        console.error(
+          "[AUTH] Clinic group not found:",
+          adminProfile.clinicGroupId
+        );
+        throw AUTH_ERRORS.NOT_FOUND;
+      }
+
+      return {
+        user,
+        clinicAdmin: adminProfile,
+        clinicGroup,
+      };
+    } catch (error) {
+      console.error("[AUTH] Error in signInClinicAdmin:", error);
+      throw error;
+    }
+  }
+
+  /**
+   * Prijavljuje korisnika sa Facebook-om
+   */
+  async signInWithFacebook(): Promise<User> {
+    const provider = new FacebookAuthProvider();
+    provider.addScope("email");
+    const { user: firebaseUser } = await signInWithPopup(this.auth, provider);
+
+    // Check for existing user
+    try {
+      const existingUser = await this.userService.getUserById(firebaseUser.uid);
+      return this.userService.updateUserLoginTimestamp(firebaseUser.uid);
+    } catch (error) {
+      // User doesn't exist, create anonymous patient
+      const functions = await this.getFunctions();
+      const createAnonymousPatientProfile = httpsCallable<
+        {},
+        PatientProfileResponse
+      >(functions, "createAnonymousPatientProfile");
+
+      const result = await createAnonymousPatientProfile({});
+      return (result.data as PatientProfileResponse).user;
+    }
+  }
+
+  /**
+   * Prijavljuje korisnika sa Google nalogom
+   */
+  async signInWithGoogle(
+    initialRole: UserRole = UserRole.PATIENT
+  ): Promise<User> {
+    this.googleProvider.addScope("email");
+    const { user: firebaseUser } = await signInWithPopup(
+      this.auth,
+      this.googleProvider
+    );
+
+    // Check for existing user
+    try {
+      const existingUser = await this.userService.getUserById(firebaseUser.uid);
+      return this.userService.updateUserLoginTimestamp(firebaseUser.uid);
+    } catch (error) {
+      // User doesn't exist, create anonymous patient
+      const functions = await this.getFunctions();
+      const createAnonymousPatientProfile = httpsCallable<
+        {},
+        PatientProfileResponse
+      >(functions, "createAnonymousPatientProfile");
+
+      const result = await createAnonymousPatientProfile({});
+      return (result.data as any).user;
+    }
+  }
+
+  /**
+   * Prijavljuje korisnika sa Apple-om
+   */
+  async signInWithApple(): Promise<User> {
+    const provider = new OAuthProvider("apple.com");
+    provider.addScope("email");
+    provider.addScope("name");
+    const { user: firebaseUser } = await signInWithPopup(this.auth, provider);
+
+    // Check for existing user
+    try {
+      const existingUser = await this.userService.getUserById(firebaseUser.uid);
+      return this.userService.updateUserLoginTimestamp(firebaseUser.uid);
+    } catch (error) {
+      // User doesn't exist, create anonymous patient
+      const functions = await this.getFunctions();
+      const createAnonymousPatientProfile = httpsCallable(
+        functions,
+        "createAnonymousPatientProfile"
+      );
+
+      const result = await createAnonymousPatientProfile({});
+      return (result.data as any).user;
+    }
+  }
+
+  /**
+   * Prijavljuje korisnika anonimno
+   */
+  async signInAnonymously(): Promise<User> {
+    const { user: firebaseUser } = await firebaseSignInAnonymously(this.auth);
+
+    // Create anonymous patient profile using cloud function
+    const functions = await this.getFunctions();
+    const createAnonymousPatientProfile = httpsCallable(
+      functions,
+      "createAnonymousPatientProfile"
+    );
+
+    const result = await createAnonymousPatientProfile({});
+    return (result.data as any).user;
+  }
+
+  /**
+   * Odjavljuje trenutnog korisnika
+   */
+  async signOut(): Promise<void> {
+    await firebaseSignOut(this.auth);
+  }
+
+  /**
+   * Vraća trenutno prijavljenog korisnika
+   */
+  async getCurrentUser(): Promise<User | null> {
+    const firebaseUser = this.auth.currentUser;
+    if (!firebaseUser) return null;
+
+    try {
+      return this.userService.getUserById(firebaseUser.uid);
+    } catch (error) {
+      console.error("Error getting current user:", error);
+      return null;
+    }
+  }
+
+  /**
+   * Registruje callback za promene stanja autentifikacije
+   */
+  onAuthStateChange(callback: (user: FirebaseUser | null) => void): () => void {
+    return onAuthStateChanged(this.auth, callback);
+  }
+
+  /**
+   * Upgrades an anonymous user to a regular user with email and password
+   */
+  async upgradeAnonymousUser(email: string, password: string): Promise<User> {
+    try {
+      await emailSchema.parseAsync(email);
+      await passwordSchema.parseAsync(password);
+
+      const currentUser = this.auth.currentUser;
+      if (!currentUser) {
+        throw AUTH_ERRORS.NOT_AUTHENTICATED;
+      }
+      if (!currentUser.isAnonymous) {
+        throw new AuthError(
+          "User is not anonymous",
+          "AUTH/NOT_ANONYMOUS_USER",
+          400
+        );
+      }
+
+      // Create email credential
+      const credential = EmailAuthProvider.credential(email, password);
+
+      // Link credential to current user
+      await linkWithCredential(currentUser, credential);
+
+      // Call cloud function to update backend
+      const functions = await this.getFunctions();
+      const upgradeAnonymousPatient = httpsCallable<
+        {
+          email: string;
+          profileData: {
+            email: string;
+          };
+        },
+        PatientProfileResponse
+      >(functions, "upgradeAnonymousPatient");
+
+      const result = await upgradeAnonymousPatient({
+        email,
+        profileData: {
+          email,
+        },
+      });
+
+      return (result.data as any).user;
+    } catch (error) {
+      if (error instanceof z.ZodError) {
+        throw AUTH_ERRORS.VALIDATION_ERROR;
+      }
+      const firebaseError = error as FirebaseError;
+      if (firebaseError.code === FirebaseErrorCode.EMAIL_ALREADY_IN_USE) {
+        throw AUTH_ERRORS.EMAIL_ALREADY_EXISTS;
+      }
+      throw error;
+    }
+  }
+
+  /**
+   * Upgrades an anonymous user to a regular user by signing in with a Google account.
+   */
+  async upgradeAnonymousUserWithGoogle(): Promise<User> {
+    try {
+      const currentUser = this.auth.currentUser;
+      if (!currentUser) {
+        throw AUTH_ERRORS.NOT_AUTHENTICATED;
+      }
+      if (!currentUser.isAnonymous) {
+        throw new AuthError(
+          "User is not anonymous",
+          "AUTH/NOT_ANONYMOUS_USER",
+          400
+        );
+      }
+
+      this.googleProvider.addScope("email");
+      const userCredential = await linkWithPopup(
+        currentUser,
+        this.googleProvider
+      );
+
+      if (!userCredential) throw AUTH_ERRORS.INVALID_CREDENTIAL;
+      if (!userCredential.user.email) throw AUTH_ERRORS.INVALID_CREDENTIAL;
+
+      // Call cloud function to update backend
+      const functions = await this.getFunctions();
+      const upgradeAnonymousPatient = httpsCallable(
+        functions,
+        "upgradeAnonymousPatient"
+      );
+
+      const result = await upgradeAnonymousPatient({
+        email: userCredential.user.email,
+        profileData: {
+          email: userCredential.user.email,
+        },
+      });
+
+      return (result.data as any).user;
+    } catch (error: unknown) {
+      const firebaseError = error as FirebaseError;
+      if (firebaseError.code === FirebaseErrorCode.POPUP_CLOSED_BY_USER) {
+        throw AUTH_ERRORS.POPUP_CLOSED;
+      }
+      throw error;
+    }
+  }
+
+  async upgradeAnonymousUserWithFacebook(): Promise<User> {
+    try {
+      const currentUser = this.auth.currentUser;
+      if (!currentUser) {
+        throw AUTH_ERRORS.NOT_AUTHENTICATED;
+      }
+      if (!currentUser.isAnonymous) {
+        throw new AuthError(
+          "User is not anonymous",
+          "AUTH/NOT_ANONYMOUS_USER",
+          400
+        );
+      }
+
+      this.facebookProvider.addScope("email");
+      const userCredential = await linkWithPopup(
+        currentUser,
+        this.facebookProvider
+      );
+
+      if (!userCredential) throw AUTH_ERRORS.INVALID_CREDENTIAL;
+      if (!userCredential.user.email) throw AUTH_ERRORS.INVALID_CREDENTIAL;
+
+      // Call cloud function to update backend
+      const functions = await this.getFunctions();
+      const upgradeAnonymousPatient = httpsCallable(
+        functions,
+        "upgradeAnonymousPatient"
+      );
+
+      const result = await upgradeAnonymousPatient({
+        email: userCredential.user.email,
+        profileData: {
+          email: userCredential.user.email,
+        },
+      });
+
+      return (result.data as any).user;
+    } catch (error: unknown) {
+      const firebaseError = error as FirebaseError;
+      if (firebaseError.code === FirebaseErrorCode.POPUP_CLOSED_BY_USER) {
+        throw AUTH_ERRORS.POPUP_CLOSED;
+      }
+      throw error;
+    }
+  }
+
+  async upgradeAnonymousUserWithApple(): Promise<User> {
+    try {
+      const currentUser = this.auth.currentUser;
+      if (!currentUser) {
+        throw AUTH_ERRORS.NOT_AUTHENTICATED;
+      }
+      if (!currentUser.isAnonymous) {
+        throw new AuthError(
+          "User is not anonymous",
+          "AUTH/NOT_ANONYMOUS_USER",
+          400
+        );
+      }
+
+      this.appleProvider.addScope("email");
+      this.appleProvider.addScope("name");
+      const userCredential = await linkWithPopup(
+        currentUser,
+        this.appleProvider
+      );
+
+      if (!userCredential) throw AUTH_ERRORS.INVALID_CREDENTIAL;
+      if (!userCredential.user.email) throw AUTH_ERRORS.INVALID_CREDENTIAL;
+
+      // Call cloud function to update backend
+      const functions = await this.getFunctions();
+      const upgradeAnonymousPatient = httpsCallable(
+        functions,
+        "upgradeAnonymousPatient"
+      );
+
+      const result = await upgradeAnonymousPatient({
+        email: userCredential.user.email,
+        profileData: {
+          email: userCredential.user.email,
+        },
+      });
+
+      return (result.data as any).user;
+    } catch (error: unknown) {
+      const firebaseError = error as FirebaseError;
+      if (firebaseError.code === FirebaseErrorCode.POPUP_CLOSED_BY_USER) {
+        throw AUTH_ERRORS.POPUP_CLOSED;
+      }
+      throw error;
+    }
+  }
+
+  /**
+   * Šalje email za resetovanje lozinke korisniku
+   * @param email Email adresa korisnika
+   * @returns Promise koji se razrešava kada je email poslat
+   */
+  async sendPasswordResetEmail(email: string): Promise<void> {
+    try {
+      await emailSchema.parseAsync(email);
+      const functions = await this.getFunctions();
+      await sendPasswordResetEmail(this.auth, email);
+    } catch (error) {
+      if (error instanceof z.ZodError) {
+        throw AUTH_ERRORS.VALIDATION_ERROR;
+      }
+
+      const firebaseError = error as FirebaseError;
+      if (firebaseError.code === FirebaseErrorCode.USER_NOT_FOUND) {
+        throw AUTH_ERRORS.USER_NOT_FOUND;
+      }
+
+      throw error;
+    }
+  }
+
+  /**
+   * Verifikuje kod za resetovanje lozinke iz email linka
+   * @param oobCode Kod iz URL-a za resetovanje lozinke
+   * @returns Promise koji se razrešava sa email adresom korisnika ako je kod validan
+   */
+  async verifyPasswordResetCode(oobCode: string): Promise<string> {
+    try {
+      const functions = await this.getFunctions();
+      return await verifyPasswordResetCode(this.auth, oobCode);
+    } catch (error) {
+      const firebaseError = error as FirebaseError;
+      if (firebaseError.code === FirebaseErrorCode.EXPIRED_ACTION_CODE) {
+        throw AUTH_ERRORS.EXPIRED_ACTION_CODE;
+      } else if (firebaseError.code === FirebaseErrorCode.INVALID_ACTION_CODE) {
+        throw AUTH_ERRORS.INVALID_ACTION_CODE;
+      }
+
+      throw error;
+    }
+  }
+
+  /**
+   * Potvrđuje resetovanje lozinke i postavlja novu lozinku
+   * @param oobCode Kod iz URL-a za resetovanje lozinke
+   * @param newPassword Nova lozinka
+   * @returns Promise koji se razrešava kada je lozinka promenjena
+   */
+  async confirmPasswordReset(
+    oobCode: string,
+    newPassword: string
+  ): Promise<void> {
+    try {
+      await passwordSchema.parseAsync(newPassword);
+      const functions = await this.getFunctions();
+      await confirmPasswordReset(this.auth, oobCode, newPassword);
+    } catch (error) {
+      if (error instanceof z.ZodError) {
+        throw AUTH_ERRORS.VALIDATION_ERROR;
+      }
+
+      const firebaseError = error as FirebaseError;
+      if (firebaseError.code === FirebaseErrorCode.EXPIRED_ACTION_CODE) {
+        throw AUTH_ERRORS.EXPIRED_ACTION_CODE;
+      } else if (firebaseError.code === FirebaseErrorCode.INVALID_ACTION_CODE) {
+        throw AUTH_ERRORS.INVALID_ACTION_CODE;
+      } else if (firebaseError.code === FirebaseErrorCode.WEAK_PASSWORD) {
+        throw AUTH_ERRORS.WEAK_PASSWORD;
+      }
+
+      throw error;
+    }
+  }
+
+  /**
+   * Registers a new practitioner user with email and password
+   * Can either create a new practitioner profile or claim an existing draft profile with a token
+   */
+  async signUpPractitioner(data: {
+    email: string;
+    password: string;
+    firstName: string;
+    lastName: string;
+    token?: string;
+    profileData?: Partial<CreatePractitionerData>;
+  }): Promise<{
+    user: User;
+    practitioner: Practitioner;
+  }> {
+    try {
+      console.log("[AUTH] Starting practitioner signup process", {
+        email: data.email,
+        hasToken: !!data.token,
+      });
+
+      // Create Firebase user
+      console.log("[AUTH] Creating Firebase user");
+      let firebaseUser;
+      try {
+        const result = await createUserWithEmailAndPassword(
+          this.auth,
+          data.email,
+          data.password
+        );
+        firebaseUser = result.user;
+        console.log("[AUTH] Firebase user created successfully", {
+          uid: firebaseUser.uid,
+        });
+      } catch (firebaseError) {
+        console.error("[AUTH] Firebase user creation failed:", firebaseError);
+        throw firebaseError;
+      }
+
+      if (data.token) {
+        // Claiming existing profile with token
+        console.log("[AUTH] Claiming draft profile with token");
+
+        const functions = await this.getFunctions();
+        const validateTokenAndClaimProfile = httpsCallable<
+          {
+            token: string;
+          },
+          PractitionerResponse
+        >(functions, "validateTokenAndClaimProfile");
+
+        const result = await validateTokenAndClaimProfile({
+          token: data.token,
+        });
+
+        return result.data as PractitionerResponse;
+      } else {
+        // Creating new profile
+        console.log("[AUTH] Creating new practitioner profile");
+
+        // Prepare basic info based on form data
+        const profileData = data.profileData || {};
+        if (!profileData.basicInfo) {
+          profileData.basicInfo = {
+            firstName: data.firstName,
+            lastName: data.lastName,
+            email: data.email,
+            phoneNumber: "",
+            title: "Practitioner",
+            profileImageUrl: "",
+            dateOfBirth: new Date(),
+            gender: "other",
+            languages: ["English"],
+            bio: "",
+          };
+        }
+
+        const functions = await this.getFunctions();
+        const createPractitionerProfile = httpsCallable<
+          {
+            profileData: Partial<CreatePractitionerData>;
+          },
+          PractitionerResponse
+        >(functions, "createPractitionerProfile");
+
+        const result = await createPractitionerProfile({
+          profileData,
+        });
+
+        return result.data as PractitionerResponse;
+      }
+    } catch (error) {
+      if (error instanceof z.ZodError) {
+        console.error(
+          "[AUTH] Zod validation error in signUpPractitioner:",
+          JSON.stringify(error.errors, null, 2)
+        );
+        throw AUTH_ERRORS.VALIDATION_ERROR;
+      }
+
+      const firebaseError = error as FirebaseError;
+      if (firebaseError.code === FirebaseErrorCode.EMAIL_ALREADY_IN_USE) {
+        console.error("[AUTH] Email already in use:", data.email);
+        throw AUTH_ERRORS.EMAIL_ALREADY_EXISTS;
+      }
+
+      console.error("[AUTH] Unhandled error in signUpPractitioner:", error);
+      throw error;
+    }
+  }
+
+  /**
+   * Signs in a user with email and password specifically for practitioner role
+   */
+  async signInPractitioner(
+    email: string,
+    password: string
+  ): Promise<{
+    user: User;
+    practitioner: Practitioner;
+  }> {
+    try {
+      console.log("[AUTH] Starting practitioner signin process", {
+        email: email,
+      });
+
+      // Sign in with email/password
+      const { user: firebaseUser } = await signInWithEmailAndPassword(
+        this.auth,
+        email,
+        password
+      );
+
+      // Get user data
+      const user = await this.userService.getUserById(firebaseUser.uid);
+      console.log("[AUTH] User retrieved", { uid: user.uid });
+
+      // Check if user has practitioner role
+      if (!user.roles?.includes(UserRole.PRACTITIONER)) {
+        console.error("[AUTH] User is not a practitioner:", user.uid);
+        throw AUTH_ERRORS.INVALID_ROLE;
+      }
+
+      // Check and get practitioner profile
+      if (!user.practitionerProfile) {
+        console.error("[AUTH] User has no practitioner profile:", user.uid);
+        throw AUTH_ERRORS.NOT_FOUND;
+      }
+
+      // Get practitioner profile using local service
+      // This will be updated to use cloud functions in future PRs
+      const practitionerService = new PractitionerService(
+        this.db,
+        this.auth,
+        this.app
+      );
+
+      const practitioner = await practitionerService.getPractitioner(
+        user.practitionerProfile
+      );
+
+      if (!practitioner) {
+        console.error(
+          "[AUTH] Practitioner profile not found:",
+          user.practitionerProfile
+        );
+        throw AUTH_ERRORS.NOT_FOUND;
+      }
+
+      return {
+        user,
+        practitioner,
+      };
+    } catch (error) {
+      console.error("[AUTH] Error in signInPractitioner:", error);
+      throw error;
+    }
+  }
+}