@blackcode_sa/metaestetics-api 1.6.16 → 1.6.18

package/src/services/auth.v2.service.ts

@@ -0,0 +1,959 @@
+import {
+  Auth,
+  User as FirebaseUser,
+  signInWithEmailAndPassword,
+  createUserWithEmailAndPassword,
+  signInAnonymously as firebaseSignInAnonymously,
+  signOut as firebaseSignOut,
+  GoogleAuthProvider,
+  FacebookAuthProvider,
+  OAuthProvider,
+  signInWithPopup,
+  signInWithRedirect,
+  getRedirectResult,
+  linkWithCredential,
+  EmailAuthProvider,
+  onAuthStateChanged,
+  sendPasswordResetEmail,
+  verifyPasswordResetCode,
+  confirmPasswordReset,
+  linkWithPopup,
+} from "firebase/auth";
+import {
+  doc,
+  setDoc,
+  getDoc,
+  serverTimestamp,
+  collection,
+  query,
+  where,
+  getDocs,
+  Timestamp,
+  updateDoc,
+  Firestore,
+} from "firebase/firestore";
+import { FirebaseApp } from "firebase/app";
+import { User, UserRole, USERS_COLLECTION } from "../types";
+import { z } from "zod";
+import {
+  emailSchema,
+  passwordSchema,
+  userRoleSchema,
+} from "../validations/schemas";
+import { AuthError, AUTH_ERRORS } from "../errors/auth.errors";
+import { FirebaseErrorCode } from "../errors/firebase.errors";
+import { FirebaseError } from "../errors/firebase.errors";
+import { BaseService } from "./base.service";
+import { UserService } from "./user.service";
+import { throws } from "assert";
+import {
+  ClinicGroup,
+  AdminToken,
+  AdminTokenStatus,
+  CreateClinicGroupData,
+  CreateClinicAdminData,
+  ContactPerson,
+  ClinicAdminSignupData,
+  SubscriptionModel,
+  CLINIC_GROUPS_COLLECTION,
+  ClinicAdmin,
+} from "../types/clinic";
+import { clinicAdminSignupSchema } from "../validations/clinic.schema";
+import { ClinicGroupService } from "./clinic/clinic-group.service";
+import { ClinicAdminService } from "./clinic/clinic-admin.service";
+import { ClinicService } from "./clinic/clinic.service";
+import {
+  Practitioner,
+  CreatePractitionerData,
+  PractitionerStatus,
+  PractitionerBasicInfo,
+  PractitionerCertification,
+} from "../types/practitioner";
+import { PractitionerService } from "./practitioner/practitioner.service";
+import { practitionerSignupSchema } from "../validations/practitioner.schema";
+import { CertificationLevel } from "../backoffice/types/static/certification.types";
+import { getFirebaseFunctions } from "../config/firebase";
+import {
+  httpsCallable,
+  HttpsCallableResult,
+  Functions,
+} from "firebase/functions";
+
+// Define types for our cloud function responses
+interface PatientProfileResponse {
+  user: User;
+  patientProfile: any;
+}
+
+interface ClinicAdminResponse {
+  user: User;
+  clinicGroup: ClinicGroup;
+  clinicAdmin: ClinicAdmin;
+}
+
+interface PractitionerResponse {
+  user: User;
+  practitioner: Practitioner;
+}
+
+export class AuthServiceV2 extends BaseService {
+  private googleProvider = new GoogleAuthProvider();
+  private facebookProvider = new FacebookAuthProvider();
+  private appleProvider = new OAuthProvider("apple.com");
+  private userService: UserService;
+  private functions!: Functions;
+
+  constructor(
+    db: Firestore,
+    auth: Auth,
+    app: FirebaseApp,
+    userService?: UserService
+  ) {
+    super(db, auth, app);
+
+    // Initialize UserService if not provided
+    if (!userService) {
+      userService = new UserService(db, auth, app);
+    }
+    this.userService = userService;
+
+    // Initialize functions
+    getFirebaseFunctions().then((functions) => {
+      this.functions = functions;
+    });
+  }
+
+  // Make sure to handle the case where this.functions is not yet initialized
+  private async getFunctions(): Promise<Functions> {
+    if (!this.functions) {
+      this.functions = await getFirebaseFunctions();
+    }
+    return this.functions;
+  }
+
+  /**
+   * Registruje novog korisnika sa email-om i lozinkom
+   */
+  async signUp(
+    email: string,
+    password: string,
+    initialRole: UserRole = UserRole.PATIENT
+  ): Promise<User> {
+    // Create Firebase Auth user
+    const { user: firebaseUser } = await createUserWithEmailAndPassword(
+      this.auth,
+      email,
+      password
+    );
+
+    if (initialRole === UserRole.PATIENT) {
+      // For patient role, we now use cloud function
+      const functions = await this.getFunctions();
+      const createAnonymousPatientProfile = httpsCallable<
+        {},
+        PatientProfileResponse
+      >(functions, "createAnonymousPatientProfile");
+
+      const result = await createAnonymousPatientProfile({});
+      return (result.data as PatientProfileResponse).user;
+    } else {
+      // For other roles, we still use the local service for now
+      // This will be updated in future PRs
+      return this.userService.createUser(firebaseUser, [initialRole]);
+    }
+  }
+
+  /**
+   * Registers a new clinic admin user with email and password
+   * Can either create a new clinic group or join an existing one with a token
+   *
+   * @param data - Clinic admin signup data
+   * @returns Object containing the created user, clinic group, and clinic admin
+   */
+  async signUpClinicAdmin(data: ClinicAdminSignupData): Promise<{
+    user: User;
+    clinicGroup: ClinicGroup;
+    clinicAdmin: ClinicAdmin;
+  }> {
+    try {
+      console.log("[AUTH] Starting clinic admin signup process", {
+        email: data.email,
+      });
+
+      // Create Firebase user
+      console.log("[AUTH] Creating Firebase user");
+      let firebaseUser;
+      try {
+        const result = await createUserWithEmailAndPassword(
+          this.auth,
+          data.email,
+          data.password
+        );
+        firebaseUser = result.user;
+        console.log("[AUTH] Firebase user created successfully", {
+          uid: firebaseUser.uid,
+        });
+      } catch (firebaseError) {
+        console.error("[AUTH] Firebase user creation failed:", firebaseError);
+        throw firebaseError;
+      }
+
+      // Prepare contact person info
+      const contactPerson: ContactPerson = {
+        firstName: data.firstName,
+        lastName: data.lastName,
+        title: data.title,
+        email: data.email,
+        phoneNumber: data.phoneNumber,
+      };
+
+      if (data.isCreatingNewGroup) {
+        // Creating new group - call cloud function
+        const functions = await this.getFunctions();
+        const createClinicGroupWithAdmin = httpsCallable<
+          {
+            groupData: any;
+            contactInfo: ContactPerson;
+          },
+          ClinicAdminResponse
+        >(functions, "createClinicGroupWithAdmin");
+
+        // Call cloud function
+        const result = await createClinicGroupWithAdmin({
+          groupData: data.clinicGroupData,
+          contactInfo: contactPerson,
+        });
+
+        return result.data as ClinicAdminResponse;
+      } else {
+        // Joining existing group with token
+        if (!data.inviteToken) {
+          throw new Error(
+            "Invite token is required when joining an existing group"
+          );
+        }
+
+        // Call cloud function
+        const functions = await this.getFunctions();
+        const joinClinicGroupWithToken = httpsCallable<
+          {
+            token: string;
+            contactInfo: ContactPerson;
+          },
+          ClinicAdminResponse
+        >(functions, "joinClinicGroupWithToken");
+
+        const result = await joinClinicGroupWithToken({
+          token: data.inviteToken,
+          contactInfo: contactPerson,
+        });
+
+        return result.data as ClinicAdminResponse;
+      }
+    } catch (error) {
+      if (error instanceof z.ZodError) {
+        console.error(
+          "[AUTH] Zod validation error in signUpClinicAdmin:",
+          JSON.stringify(error.errors, null, 2)
+        );
+        throw AUTH_ERRORS.VALIDATION_ERROR;
+      }
+
+      const firebaseError = error as FirebaseError;
+      if (firebaseError.code === FirebaseErrorCode.EMAIL_ALREADY_IN_USE) {
+        console.error("[AUTH] Email already in use:", data.email);
+        throw AUTH_ERRORS.EMAIL_ALREADY_EXISTS;
+      }
+
+      console.error("[AUTH] Unhandled error in signUpClinicAdmin:", error);
+      throw error;
+    }
+  }
+
+  /**
+   * Prijavljuje korisnika sa email-om i lozinkom
+   */
+  async signIn(email: string, password: string): Promise<User> {
+    const { user: firebaseUser } = await signInWithEmailAndPassword(
+      this.auth,
+      email,
+      password
+    );
+
+    // Update login timestamp via UserService
+    return this.userService.updateUserLoginTimestamp(firebaseUser.uid);
+  }
+
+  /**
+   * Prijavljuje korisnika sa email-om i lozinkom samo za clinic_admin role
+   * @param email - Email korisnika
+   * @param password - Lozinka korisnika
+   * @returns Objekat koji sadrži korisnika, admin profil i grupu klinika
+   * @throws {AUTH_ERRORS.INVALID_ROLE} Ako korisnik nema clinic_admin rolu
+   * @throws {AUTH_ERRORS.NOT_FOUND} Ako admin profil nije pronađen
+   */
+  async signInClinicAdmin(
+    email: string,
+    password: string
+  ): Promise<{
+    user: User;
+    clinicAdmin: ClinicAdmin;
+    clinicGroup: ClinicGroup;
+  }> {
+    try {
+      // Sign in with email/password
+      const { user: firebaseUser } = await signInWithEmailAndPassword(
+        this.auth,
+        email,
+        password
+      );
+
+      // Get user
+      const user = await this.userService.getUserById(firebaseUser.uid);
+
+      // Check if user has clinic_admin role
+      if (!user.roles?.includes(UserRole.CLINIC_ADMIN)) {
+        console.error("[AUTH] User is not a clinic admin:", user.uid);
+        throw AUTH_ERRORS.INVALID_ROLE;
+      }
+
+      // Check and get admin profile
+      if (!user.adminProfile) {
+        console.error("[AUTH] User has no admin profile:", user.uid);
+        throw AUTH_ERRORS.NOT_FOUND;
+      }
+
+      // This part would ideally use cloud functions to get the admin profile and clinic group
+      // But for now, we'll continue using the existing services
+
+      // Initialize services
+      const clinicAdminService = new ClinicAdminService(
+        this.db,
+        this.auth,
+        this.app
+      );
+      const clinicGroupService = new ClinicGroupService(
+        this.db,
+        this.auth,
+        this.app,
+        clinicAdminService
+      );
+      clinicAdminService.setServices(clinicGroupService, null as any);
+
+      // Get admin profile
+      const adminProfile = await clinicAdminService.getClinicAdmin(
+        user.adminProfile
+      );
+      if (!adminProfile) {
+        console.error("[AUTH] Admin profile not found:", user.adminProfile);
+        throw AUTH_ERRORS.NOT_FOUND;
+      }
+
+      // Get clinic group
+      const clinicGroup = await clinicGroupService.getClinicGroup(
+        adminProfile.clinicGroupId
+      );
+      if (!clinicGroup) {
+        console.error(
+          "[AUTH] Clinic group not found:",
+          adminProfile.clinicGroupId
+        );
+        throw AUTH_ERRORS.NOT_FOUND;
+      }
+
+      return {
+        user,
+        clinicAdmin: adminProfile,
+        clinicGroup,
+      };
+    } catch (error) {
+      console.error("[AUTH] Error in signInClinicAdmin:", error);
+      throw error;
+    }
+  }
+
+  /**
+   * Prijavljuje korisnika sa Facebook-om
+   */
+  async signInWithFacebook(): Promise<User> {
+    const provider = new FacebookAuthProvider();
+    provider.addScope("email");
+    const { user: firebaseUser } = await signInWithPopup(this.auth, provider);
+
+    // Check for existing user
+    try {
+      const existingUser = await this.userService.getUserById(firebaseUser.uid);
+      return this.userService.updateUserLoginTimestamp(firebaseUser.uid);
+    } catch (error) {
+      // User doesn't exist, create anonymous patient
+      const functions = await this.getFunctions();
+      const createAnonymousPatientProfile = httpsCallable<
+        {},
+        PatientProfileResponse
+      >(functions, "createAnonymousPatientProfile");
+
+      const result = await createAnonymousPatientProfile({});
+      return (result.data as PatientProfileResponse).user;
+    }
+  }
+
+  /**
+   * Prijavljuje korisnika sa Google nalogom
+   */
+  async signInWithGoogle(
+    initialRole: UserRole = UserRole.PATIENT
+  ): Promise<User> {
+    this.googleProvider.addScope("email");
+    const { user: firebaseUser } = await signInWithPopup(
+      this.auth,
+      this.googleProvider
+    );
+
+    // Check for existing user
+    try {
+      const existingUser = await this.userService.getUserById(firebaseUser.uid);
+      return this.userService.updateUserLoginTimestamp(firebaseUser.uid);
+    } catch (error) {
+      // User doesn't exist, create anonymous patient
+      const functions = await this.getFunctions();
+      const createAnonymousPatientProfile = httpsCallable<
+        {},
+        PatientProfileResponse
+      >(functions, "createAnonymousPatientProfile");
+
+      const result = await createAnonymousPatientProfile({});
+      return result.data.user;
+    }
+  }
+
+  /**
+   * Prijavljuje korisnika sa Apple-om
+   */
+  async signInWithApple(): Promise<User> {
+    const provider = new OAuthProvider("apple.com");
+    provider.addScope("email");
+    provider.addScope("name");
+    const { user: firebaseUser } = await signInWithPopup(this.auth, provider);
+
+    // Check for existing user
+    try {
+      const existingUser = await this.userService.getUserById(firebaseUser.uid);
+      return this.userService.updateUserLoginTimestamp(firebaseUser.uid);
+    } catch (error) {
+      // User doesn't exist, create anonymous patient
+      const functions = await this.getFunctions();
+      const createAnonymousPatientProfile = httpsCallable(
+        functions,
+        "createAnonymousPatientProfile"
+      );
+
+      const result = await createAnonymousPatientProfile({});
+      return result.data.user;
+    }
+  }
+
+  /**
+   * Prijavljuje korisnika anonimno
+   */
+  async signInAnonymously(): Promise<User> {
+    const { user: firebaseUser } = await firebaseSignInAnonymously(this.auth);
+
+    // Create anonymous patient profile using cloud function
+    const functions = await this.getFunctions();
+    const createAnonymousPatientProfile = httpsCallable(
+      functions,
+      "createAnonymousPatientProfile"
+    );
+
+    const result = await createAnonymousPatientProfile({});
+    return result.data.user;
+  }
+
+  /**
+   * Odjavljuje trenutnog korisnika
+   */
+  async signOut(): Promise<void> {
+    await firebaseSignOut(this.auth);
+  }
+
+  /**
+   * Vraća trenutno prijavljenog korisnika
+   */
+  async getCurrentUser(): Promise<User | null> {
+    const firebaseUser = this.auth.currentUser;
+    if (!firebaseUser) return null;
+
+    try {
+      return this.userService.getUserById(firebaseUser.uid);
+    } catch (error) {
+      console.error("Error getting current user:", error);
+      return null;
+    }
+  }
+
+  /**
+   * Registruje callback za promene stanja autentifikacije
+   */
+  onAuthStateChange(callback: (user: FirebaseUser | null) => void): () => void {
+    return onAuthStateChanged(this.auth, callback);
+  }
+
+  /**
+   * Upgrades an anonymous user to a regular user with email and password
+   */
+  async upgradeAnonymousUser(email: string, password: string): Promise<User> {
+    try {
+      await emailSchema.parseAsync(email);
+      await passwordSchema.parseAsync(password);
+
+      const currentUser = this.auth.currentUser;
+      if (!currentUser) {
+        throw AUTH_ERRORS.NOT_AUTHENTICATED;
+      }
+      if (!currentUser.isAnonymous) {
+        throw new AuthError(
+          "User is not anonymous",
+          "AUTH/NOT_ANONYMOUS_USER",
+          400
+        );
+      }
+
+      // Create email credential
+      const credential = EmailAuthProvider.credential(email, password);
+
+      // Link credential to current user
+      await linkWithCredential(currentUser, credential);
+
+      // Call cloud function to update backend
+      const functions = await this.getFunctions();
+      const upgradeAnonymousPatient = httpsCallable<
+        {
+          email: string;
+          profileData: {
+            email: string;
+          };
+        },
+        PatientProfileResponse
+      >(functions, "upgradeAnonymousPatient");
+
+      const result = await upgradeAnonymousPatient({
+        email,
+        profileData: {
+          email,
+        },
+      });
+
+      return result.data.user;
+    } catch (error) {
+      if (error instanceof z.ZodError) {
+        throw AUTH_ERRORS.VALIDATION_ERROR;
+      }
+      const firebaseError = error as FirebaseError;
+      if (firebaseError.code === FirebaseErrorCode.EMAIL_ALREADY_IN_USE) {
+        throw AUTH_ERRORS.EMAIL_ALREADY_EXISTS;
+      }
+      throw error;
+    }
+  }
+
+  /**
+   * Upgrades an anonymous user to a regular user by signing in with a Google account.
+   */
+  async upgradeAnonymousUserWithGoogle(): Promise<User> {
+    try {
+      const currentUser = this.auth.currentUser;
+      if (!currentUser) {
+        throw AUTH_ERRORS.NOT_AUTHENTICATED;
+      }
+      if (!currentUser.isAnonymous) {
+        throw new AuthError(
+          "User is not anonymous",
+          "AUTH/NOT_ANONYMOUS_USER",
+          400
+        );
+      }
+
+      this.googleProvider.addScope("email");
+      const userCredential = await linkWithPopup(
+        currentUser,
+        this.googleProvider
+      );
+
+      if (!userCredential) throw AUTH_ERRORS.INVALID_CREDENTIAL;
+      if (!userCredential.user.email) throw AUTH_ERRORS.INVALID_CREDENTIAL;
+
+      // Call cloud function to update backend
+      const functions = await this.getFunctions();
+      const upgradeAnonymousPatient = httpsCallable(
+        functions,
+        "upgradeAnonymousPatient"
+      );
+
+      const result = await upgradeAnonymousPatient({
+        email: userCredential.user.email,
+        profileData: {
+          email: userCredential.user.email,
+        },
+      });
+
+      return result.data.user;
+    } catch (error: unknown) {
+      const firebaseError = error as FirebaseError;
+      if (firebaseError.code === FirebaseErrorCode.POPUP_CLOSED_BY_USER) {
+        throw AUTH_ERRORS.POPUP_CLOSED;
+      }
+      throw error;
+    }
+  }
+
+  async upgradeAnonymousUserWithFacebook(): Promise<User> {
+    try {
+      const currentUser = this.auth.currentUser;
+      if (!currentUser) {
+        throw AUTH_ERRORS.NOT_AUTHENTICATED;
+      }
+      if (!currentUser.isAnonymous) {
+        throw new AuthError(
+          "User is not anonymous",
+          "AUTH/NOT_ANONYMOUS_USER",
+          400
+        );
+      }
+
+      this.facebookProvider.addScope("email");
+      const userCredential = await linkWithPopup(
+        currentUser,
+        this.facebookProvider
+      );
+
+      if (!userCredential) throw AUTH_ERRORS.INVALID_CREDENTIAL;
+      if (!userCredential.user.email) throw AUTH_ERRORS.INVALID_CREDENTIAL;
+
+      // Call cloud function to update backend
+      const functions = await this.getFunctions();
+      const upgradeAnonymousPatient = httpsCallable(
+        functions,
+        "upgradeAnonymousPatient"
+      );
+
+      const result = await upgradeAnonymousPatient({
+        email: userCredential.user.email,
+        profileData: {
+          email: userCredential.user.email,
+        },
+      });
+
+      return result.data.user;
+    } catch (error: unknown) {
+      const firebaseError = error as FirebaseError;
+      if (firebaseError.code === FirebaseErrorCode.POPUP_CLOSED_BY_USER) {
+        throw AUTH_ERRORS.POPUP_CLOSED;
+      }
+      throw error;
+    }
+  }
+
+  async upgradeAnonymousUserWithApple(): Promise<User> {
+    try {
+      const currentUser = this.auth.currentUser;
+      if (!currentUser) {
+        throw AUTH_ERRORS.NOT_AUTHENTICATED;
+      }
+      if (!currentUser.isAnonymous) {
+        throw new AuthError(
+          "User is not anonymous",
+          "AUTH/NOT_ANONYMOUS_USER",
+          400
+        );
+      }
+
+      this.appleProvider.addScope("email");
+      this.appleProvider.addScope("name");
+      const userCredential = await linkWithPopup(
+        currentUser,
+        this.appleProvider
+      );
+
+      if (!userCredential) throw AUTH_ERRORS.INVALID_CREDENTIAL;
+      if (!userCredential.user.email) throw AUTH_ERRORS.INVALID_CREDENTIAL;
+
+      // Call cloud function to update backend
+      const functions = await this.getFunctions();
+      const upgradeAnonymousPatient = httpsCallable(
+        functions,
+        "upgradeAnonymousPatient"
+      );
+
+      const result = await upgradeAnonymousPatient({
+        email: userCredential.user.email,
+        profileData: {
+          email: userCredential.user.email,
+        },
+      });
+
+      return result.data.user;
+    } catch (error: unknown) {
+      const firebaseError = error as FirebaseError;
+      if (firebaseError.code === FirebaseErrorCode.POPUP_CLOSED_BY_USER) {
+        throw AUTH_ERRORS.POPUP_CLOSED;
+      }
+      throw error;
+    }
+  }
+
+  /**
+   * Šalje email za resetovanje lozinke korisniku
+   * @param email Email adresa korisnika
+   * @returns Promise koji se razrešava kada je email poslat
+   */
+  async sendPasswordResetEmail(email: string): Promise<void> {
+    try {
+      await emailSchema.parseAsync(email);
+      const functions = await this.getFunctions();
+      await sendPasswordResetEmail(this.auth, email);
+    } catch (error) {
+      if (error instanceof z.ZodError) {
+        throw AUTH_ERRORS.VALIDATION_ERROR;
+      }
+
+      const firebaseError = error as FirebaseError;
+      if (firebaseError.code === FirebaseErrorCode.USER_NOT_FOUND) {
+        throw AUTH_ERRORS.USER_NOT_FOUND;
+      }
+
+      throw error;
+    }
+  }
+
+  /**
+   * Verifikuje kod za resetovanje lozinke iz email linka
+   * @param oobCode Kod iz URL-a za resetovanje lozinke
+   * @returns Promise koji se razrešava sa email adresom korisnika ako je kod validan
+   */
+  async verifyPasswordResetCode(oobCode: string): Promise<string> {
+    try {
+      const functions = await this.getFunctions();
+      return await verifyPasswordResetCode(this.auth, oobCode);
+    } catch (error) {
+      const firebaseError = error as FirebaseError;
+      if (firebaseError.code === FirebaseErrorCode.EXPIRED_ACTION_CODE) {
+        throw AUTH_ERRORS.EXPIRED_ACTION_CODE;
+      } else if (firebaseError.code === FirebaseErrorCode.INVALID_ACTION_CODE) {
+        throw AUTH_ERRORS.INVALID_ACTION_CODE;
+      }
+
+      throw error;
+    }
+  }
+
+  /**
+   * Potvrđuje resetovanje lozinke i postavlja novu lozinku
+   * @param oobCode Kod iz URL-a za resetovanje lozinke
+   * @param newPassword Nova lozinka
+   * @returns Promise koji se razrešava kada je lozinka promenjena
+   */
+  async confirmPasswordReset(
+    oobCode: string,
+    newPassword: string
+  ): Promise<void> {
+    try {
+      await passwordSchema.parseAsync(newPassword);
+      const functions = await this.getFunctions();
+      await confirmPasswordReset(this.auth, oobCode, newPassword);
+    } catch (error) {
+      if (error instanceof z.ZodError) {
+        throw AUTH_ERRORS.VALIDATION_ERROR;
+      }
+
+      const firebaseError = error as FirebaseError;
+      if (firebaseError.code === FirebaseErrorCode.EXPIRED_ACTION_CODE) {
+        throw AUTH_ERRORS.EXPIRED_ACTION_CODE;
+      } else if (firebaseError.code === FirebaseErrorCode.INVALID_ACTION_CODE) {
+        throw AUTH_ERRORS.INVALID_ACTION_CODE;
+      } else if (firebaseError.code === FirebaseErrorCode.WEAK_PASSWORD) {
+        throw AUTH_ERRORS.WEAK_PASSWORD;
+      }
+
+      throw error;
+    }
+  }
+
+  /**
+   * Registers a new practitioner user with email and password
+   * Can either create a new practitioner profile or claim an existing draft profile with a token
+   */
+  async signUpPractitioner(data: {
+    email: string;
+    password: string;
+    firstName: string;
+    lastName: string;
+    token?: string;
+    profileData?: Partial<CreatePractitionerData>;
+  }): Promise<{
+    user: User;
+    practitioner: Practitioner;
+  }> {
+    try {
+      console.log("[AUTH] Starting practitioner signup process", {
+        email: data.email,
+        hasToken: !!data.token,
+      });
+
+      // Create Firebase user
+      console.log("[AUTH] Creating Firebase user");
+      let firebaseUser;
+      try {
+        const result = await createUserWithEmailAndPassword(
+          this.auth,
+          data.email,
+          data.password
+        );
+        firebaseUser = result.user;
+        console.log("[AUTH] Firebase user created successfully", {
+          uid: firebaseUser.uid,
+        });
+      } catch (firebaseError) {
+        console.error("[AUTH] Firebase user creation failed:", firebaseError);
+        throw firebaseError;
+      }
+
+      if (data.token) {
+        // Claiming existing profile with token
+        console.log("[AUTH] Claiming draft profile with token");
+
+        const functions = await this.getFunctions();
+        const validateTokenAndClaimProfile = httpsCallable<
+          {
+            token: string;
+          },
+          PractitionerResponse
+        >(functions, "validateTokenAndClaimProfile");
+
+        const result = await validateTokenAndClaimProfile({
+          token: data.token,
+        });
+
+        return result.data as PractitionerResponse;
+      } else {
+        // Creating new profile
+        console.log("[AUTH] Creating new practitioner profile");
+
+        // Prepare basic info based on form data
+        const profileData = data.profileData || {};
+        if (!profileData.basicInfo) {
+          profileData.basicInfo = {
+            firstName: data.firstName,
+            lastName: data.lastName,
+            email: data.email,
+            phoneNumber: "",
+            title: "Practitioner",
+            profileImageUrl: "",
+            dateOfBirth: new Date(),
+            gender: "other",
+            languages: ["English"],
+            bio: "",
+          };
+        }
+
+        const functions = await this.getFunctions();
+        const createPractitionerProfile = httpsCallable<
+          {
+            profileData: Partial<CreatePractitionerData>;
+          },
+          PractitionerResponse
+        >(functions, "createPractitionerProfile");
+
+        const result = await createPractitionerProfile({
+          profileData,
+        });
+
+        return result.data as PractitionerResponse;
+      }
+    } catch (error) {
+      if (error instanceof z.ZodError) {
+        console.error(
+          "[AUTH] Zod validation error in signUpPractitioner:",
+          JSON.stringify(error.errors, null, 2)
+        );
+        throw AUTH_ERRORS.VALIDATION_ERROR;
+      }
+
+      const firebaseError = error as FirebaseError;
+      if (firebaseError.code === FirebaseErrorCode.EMAIL_ALREADY_IN_USE) {
+        console.error("[AUTH] Email already in use:", data.email);
+        throw AUTH_ERRORS.EMAIL_ALREADY_EXISTS;
+      }
+
+      console.error("[AUTH] Unhandled error in signUpPractitioner:", error);
+      throw error;
+    }
+  }
+
+  /**
+   * Signs in a user with email and password specifically for practitioner role
+   */
+  async signInPractitioner(
+    email: string,
+    password: string
+  ): Promise<{
+    user: User;
+    practitioner: Practitioner;
+  }> {
+    try {
+      console.log("[AUTH] Starting practitioner signin process", {
+        email: email,
+      });
+
+      // Sign in with email/password
+      const { user: firebaseUser } = await signInWithEmailAndPassword(
+        this.auth,
+        email,
+        password
+      );
+
+      // Get user data
+      const user = await this.userService.getUserById(firebaseUser.uid);
+      console.log("[AUTH] User retrieved", { uid: user.uid });
+
+      // Check if user has practitioner role
+      if (!user.roles?.includes(UserRole.PRACTITIONER)) {
+        console.error("[AUTH] User is not a practitioner:", user.uid);
+        throw AUTH_ERRORS.INVALID_ROLE;
+      }
+
+      // Check and get practitioner profile
+      if (!user.practitionerProfile) {
+        console.error("[AUTH] User has no practitioner profile:", user.uid);
+        throw AUTH_ERRORS.NOT_FOUND;
+      }
+
+      // Get practitioner profile using local service
+      // This will be updated to use cloud functions in future PRs
+      const practitionerService = new PractitionerService(
+        this.db,
+        this.auth,
+        this.app
+      );
+
+      const practitioner = await practitionerService.getPractitioner(
+        user.practitionerProfile
+      );
+
+      if (!practitioner) {
+        console.error(
+          "[AUTH] Practitioner profile not found:",
+          user.practitionerProfile
+        );
+        throw AUTH_ERRORS.NOT_FOUND;
+      }
+
+      return {
+        user,
+        practitioner,
+      };
+    } catch (error) {
+      console.error("[AUTH] Error in signInPractitioner:", error);
+      throw error;
+    }
+  }
+}