ipulse-shared-core-ftredge 22.1.1__py3-none-any.whl → 23.1.1__py3-none-any.whl

ipulse_shared_core_ftredge/services/user/user_core_service.py

@@ -17,7 +17,7 @@ from typing import Any, Dict, List, Optional, Tuple, Union
 from datetime import datetime
 from google.cloud import firestore
 from firebase_admin.auth import UserRecord
-from ipulse_shared_base_ftredge import ApprovalStatus, IAMUnit
+from ipulse_shared_base_ftredge import ApprovalStatus, IAMUnit, IAMUserType
 from ...models import UserProfile, UserStatus, UserAuth, UserSubscription, UserType, SubscriptionPlan, UserPermission
 
 
@@ -133,7 +133,8 @@ class UserCoreService:
         userprofile: UserProfile,
         userstatus: UserStatus,
         userauth: Optional[UserAuth] = None,
-        custom_claims: Optional[Dict[str, Any]] = None
+        validate_userauth_consistency: bool = False,
+        validate_userauth_exists: bool = False
     ) -> Tuple[str, UserProfile, UserStatus]:
         """
         Create a complete user from ready UserAuth, UserProfile, and UserStatus models.
@@ -144,7 +145,8 @@ class UserCoreService:
             userprofile=userprofile,
             userstatus=userstatus,
             userauth=userauth,
-            custom_claims=custom_claims
+            validate_userauth_consistency=validate_userauth_consistency,
+            validate_userauth_exists=validate_userauth_exists
         )
 
     async def create_user_from_manual_usertype(
@@ -152,13 +154,13 @@ class UserCoreService:
         userprofile: UserProfile,
         usertype: UserType,
         userauth: Optional[UserAuth] = None,
-        custom_claims: Optional[Dict[str, Any]] = None,
-        user_approval_status: ApprovalStatus = ApprovalStatus.PENDING,
-        user_notes: str = "Created with manual usertype configuration",
         extra_insight_credits_override: Optional[int] = None,
         voting_credits_override: Optional[int] = None,
         subscriptionplan_id_override: Optional[str] = None,
-        created_by: Optional[str] = None
+        created_by: Optional[str] = None,
+        apply_usertype_associated_subscriptionplan: bool = True,
+        validate_userauth_consistency: bool = False,
+        validate_userauth_exists: bool = False
     ) -> Tuple[str, UserProfile, UserStatus]:
         """
         Create a complete user with manual UserType configuration.
@@ -169,13 +171,13 @@ class UserCoreService:
             userprofile=userprofile,
             usertype=usertype,
             userauth=userauth,
-            custom_claims=custom_claims,
-            user_approval_status=user_approval_status,
-            user_notes=user_notes,
             extra_insight_credits_override=extra_insight_credits_override,
             voting_credits_override=voting_credits_override,
             subscriptionplan_id_override=subscriptionplan_id_override,
-            creator_uid=created_by
+            creator_uid=created_by,
+            apply_usertype_associated_subscriptionplan=apply_usertype_associated_subscriptionplan,
+            validate_userauth_consistency=validate_userauth_consistency,
+            validate_userauth_exists=validate_userauth_exists
         )
 
     async def create_user_from_catalog_usertype(
@@ -183,13 +185,13 @@ class UserCoreService:
         usertype_id: str,
         userprofile: UserProfile,
         userauth: Optional[UserAuth] = None,
-        custom_claims: Optional[Dict[str, Any]] = None,
-        user_approval_status: ApprovalStatus = ApprovalStatus.PENDING,
-        user_notes: str = "Created from catalog usertype configuration",
         extra_insight_credits_override: Optional[int] = None,
         voting_credits_override: Optional[int] = None,
         subscriptionplan_id_override: Optional[str] = None,
-        created_by: Optional[str] = None
+        created_by: Optional[str] = None,
+        apply_usertype_associated_subscriptionplan: bool = True,
+        validate_userauth_consistency: bool = False,
+        validate_userauth_exists: bool = False
     ) -> Tuple[str, UserProfile, UserStatus]:
         """
         Create a complete user based on UserType catalog configuration.
@@ -200,13 +202,13 @@ class UserCoreService:
             usertype_id=usertype_id,
             userprofile=userprofile,
             userauth=userauth,
-            custom_claims=custom_claims,
-            user_approval_status=user_approval_status,
-            user_notes=user_notes,
             extra_insight_credits_override=extra_insight_credits_override,
             voting_credits_override=voting_credits_override,
             subscriptionplan_id_override=subscriptionplan_id_override,
-            creator_uid=created_by
+            creator_uid=created_by,
+            apply_usertype_associated_subscriptionplan=apply_usertype_associated_subscriptionplan,
+            validate_userauth_consistency=validate_userauth_consistency,
+            validate_userauth_exists=validate_userauth_exists
         )
 
     ######################################################################
@@ -351,6 +353,71 @@ class UserCoreService:
         """Set user approval status in custom claims"""
         return await self.userauth_ops.set_user_approval_status(user_uid=user_uid, approval_status=status, updated_by=notes)
 
+    # Token and Security Operations
+
+    async def create_custom_token(
+        self,
+        user_uid: str,
+        additional_claims: Optional[Dict[str, Any]] = None
+    ) -> str:
+        """Creates a custom token for a user with optional additional claims"""
+        return await self.userauth_ops.create_custom_token(
+            user_uid=user_uid,
+            additional_claims=additional_claims
+        )
+
+    async def verify_id_token(
+        self,
+        token: str,
+        check_revoked: bool = False
+    ) -> Dict[str, Any]:
+        """Verifies an ID token and returns the token claims"""
+        return await self.userauth_ops.verify_id_token(
+            token=token,
+            check_revoked=check_revoked
+        )
+
+    async def get_user_auth_token(
+        self,
+        email: str,
+        password: str,
+        api_key: str
+    ) -> Optional[str]:
+        """
+        Gets a user authentication token using the Firebase REST API.
+
+        Note: This method requires the Firebase Web API key and should be used
+        for testing or specific admin scenarios. For production authentication,
+        prefer using the Firebase client SDKs.
+        """
+        return await self.userauth_ops.get_user_auth_token(
+            email=email,
+            password=password,
+            api_key=api_key
+        )
+
+    async def generate_password_reset_link(
+        self,
+        email: str,
+        action_code_settings: Optional[Dict[str, Any]] = None
+    ) -> str:
+        """Generates a password reset link for a user"""
+        return await self.userauth_ops.generate_password_reset_link(
+            email=email,
+            action_code_settings=action_code_settings
+        )
+
+    async def generate_email_verification_link(
+        self,
+        email: str,
+        action_code_settings: Optional[Dict[str, Any]] = None
+    ) -> str:
+        """Generates an email verification link for a user"""
+        return await self.userauth_ops.generate_email_verification_link(
+            email=email,
+            action_code_settings=action_code_settings
+        )
+
     ######################################################################
     ######################### UserProfile Operations ####################
     ######################################################################
@@ -432,7 +499,7 @@ class UserCoreService:
         updater_uid: str,
         source: str = "user_core_service",
         granted_at: Optional[datetime] = None,
-        auto_renewal: Optional[bool] = None
+        auto_renewal_end: Optional[datetime] = None
     ) -> UserSubscription:
         """Fetch a subscription plan from catalog and apply to user"""
         return await self.subscription_ops.fetch_subscriptionplan_and_apply_subscription_to_user(
@@ -441,7 +508,7 @@ class UserCoreService:
             updater_uid=updater_uid,
             source=source,
             granted_at=granted_at,
-            auto_renewal=auto_renewal
+            auto_renewal_end=auto_renewal_end
         )
 
     async def apply_subscriptionplan_to_user(
@@ -451,7 +518,7 @@ class UserCoreService:
         updater_uid: str,
         source: str = "user_core_service",
         granted_at: Optional[datetime] = None,
-        auto_renewal: Optional[bool] = None
+        auto_renewal_end: Optional[datetime] = None
     ) -> UserSubscription:
         """Apply a subscription plan directly to user (plan already fetched)"""
         return await self.subscription_ops.apply_subscriptionplan(
@@ -460,7 +527,7 @@ class UserCoreService:
             updater_uid=updater_uid,
             source=source,
             granted_at=granted_at,
-            auto_renewal=auto_renewal
+            auto_renewal_end=auto_renewal_end
         )
 
     async def cancel_user_subscription(self, user_uid: str, updater_uid: str) -> bool:
@@ -556,4 +623,55 @@ class UserCoreService:
             valid_only=valid_only
         )
 
+    async def update_user_usertype(
+        self,
+        user_uid: str,
+        primary_usertype: Optional['IAMUserType'] = None,
+        secondary_usertypes: Optional[List['IAMUserType']] = None,
+        updater_uid: str = "system_usertype_update"
+    ) -> Tuple[UserProfile, Dict[str, Any]]:
+        """
+        Update user's primary and/or secondary usertypes efficiently across UserProfile and Firebase Auth.
+
+        Args:
+            user_uid: The UID of the user to update
+            primary_usertype: New primary usertype (optional, keeps existing if None)
+            secondary_usertypes: New secondary usertypes list (optional, keeps existing if None)
+            updater_uid: Who is performing this update
+
+        Returns:
+            Tuple of (updated_userprofile, updated_custom_claims)
+        """
+        return await self.usermultistep_ops.update_user_usertype(
+            user_uid=user_uid,
+            primary_usertype=primary_usertype,
+            secondary_usertypes=secondary_usertypes,
+            updater_uid=updater_uid
+        )
+
+    ######################################################################
+    ####################### User Subscription/Status Review #############
+    ######################################################################
+
+    async def review_and_clean_active_subscription_credits_and_permissions(
+        self,
+        user_uid: str,
+        updater_uid: str = "system_review",
+        review_auto_renewal: bool = True,
+        apply_fallback: bool = True,
+        clean_expired_permissions: bool = True,
+        review_credits: bool = True
+    ) -> Dict[str, Any]:
+        """
+        Orchestrate a comprehensive review and cleanup of a user's active subscription, credits, and permissions.
+        Delegates to UserstatusOperations for the actual logic.
+        """
+        return await self.userstatus_ops.review_and_clean_active_subscription_credits_and_permissions(
+            user_uid=user_uid,
+            updater_uid=updater_uid,
+            review_auto_renewal=review_auto_renewal,
+            apply_fallback=apply_fallback,
+            clean_expired_permissions=clean_expired_permissions,
+            review_credits=review_credits
+        )
 

ipulse_shared_core_ftredge/services/user/user_multistep_operations.py

@@ -7,7 +7,7 @@ Firebase Auth, UserProfile, and UserStatus in coordinated transactions.
 import asyncio
 import logging
 from typing import Dict, Any, Optional, List, Tuple, cast
-from ipulse_shared_base_ftredge.enums import ApprovalStatus
+from ipulse_shared_base_ftredge.enums import IAMUserType
 from ...models import UserProfile, UserStatus, UserAuth, UserType
 from .userauth_operations import UserauthOperations
 from .userprofile_operations import UserprofileOperations
@@ -50,9 +50,6 @@ class UsermultistepOperations:
 
 
 
-
-
-
     async def _rollback_user_creation(
         self,
         user_uid: Optional[str],
@@ -134,7 +131,8 @@ class UsermultistepOperations:
         userprofile: UserProfile,
         userstatus: UserStatus,
         userauth: Optional[UserAuth] = None,
-        custom_claims: Optional[Dict[str, Any]] = None
+        validate_userauth_consistency: bool = False,
+        validate_userauth_exists: bool = False
     ) -> Tuple[str, UserProfile, UserStatus]:
         """
         Create a complete user from ready UserAuth, UserProfile, and UserStatus models.
@@ -154,7 +152,8 @@ class UsermultistepOperations:
             userprofile: Complete UserProfile model (template for new user, or ready for existing user)
             userstatus: Complete UserStatus model (template for new user, or ready for existing user)
             userauth: Optional UserAuth model. If provided, creates new Firebase Auth user
-            custom_claims: Optional custom claims to set (will be merged with userauth.custom_claims)
+            validate_userauth_consistency: If True, validates userauth is consistent with userprofile
+            validate_userauth_exists: If True, validates userauth exists in Firebase Auth
 
         Returns:
             Tuple of (user_uid, userprofile, userstatus)
@@ -167,17 +166,14 @@ class UsermultistepOperations:
         if userprofile.user_uid != userstatus.user_uid:
             raise UserCreationError(f"UserProfile and UserStatus user_uid mismatch: {userprofile.user_uid} != {userstatus.user_uid}")
 
-        # Validate usertype consistency between UserProfile and UserAuth if userauth is provided
         try:
             # Step 1: Handle Firebase Auth user creation or validation
             if userauth:
                 # Creating new user - Firebase will generate UID
-                # Merge custom claims into UserAuth model
-                if custom_claims:
-                    userauth.custom_claims.update(custom_claims)
 
-                # Validate usertype consistency
-                self._validate_usertype_consistency(userprofile, userauth.custom_claims)
+                # Validate usertype consistency if requested
+                if validate_userauth_consistency:
+                    self._validate_usertype_consistency(userprofile, userauth.custom_claims)
 
                 # Create Firebase Auth user with all configuration
                 self.logger.info("Creating Firebase Auth user with custom claims for email: %s", userauth.email)
@@ -204,33 +200,17 @@ class UsermultistepOperations:
                 final_userprofile = userprofile
                 final_userstatus = userstatus
 
-                # Validate existing user and apply custom claims if provided
-                if not await self.userauth_ops.userauth_exists(user_uid):
-                    raise UserCreationError(f"Firebase Auth user {user_uid} does not exist")
+                # Validate userauth exists if requested (only if validate_userauth_exists is True)
+                if validate_userauth_exists:
+                    if not await self.userauth_ops.userauth_exists(user_uid):
+                        raise UserCreationError(f"Firebase Auth user {user_uid} does not exist")
 
-                if custom_claims:
-                    # Check if custom_claims contain usertype information
-                    claims_have_usertype_info = (
-                        "primary_usertype" in custom_claims or
-                        "secondary_usertypes" in custom_claims
-                    )
-
-                    if claims_have_usertype_info:
-                        # Validate usertype consistency with provided custom claims
-                        self._validate_usertype_consistency(userprofile, custom_claims)
-                    else:
-                        # Custom claims don't have usertype info, validate against existing auth claims
+                    # Validate userauth consistency if requested
+                    if validate_userauth_consistency:
                         existing_userauth = await self.userauth_ops.get_userauth(user_uid, get_model=True)
                         if existing_userauth and existing_userauth.custom_claims:
                             self._validate_usertype_consistency(userprofile, existing_userauth.custom_claims)
 
-                    await self.userauth_ops.set_userauth_custom_claims(user_uid, custom_claims)
-                else:
-                    # No custom claims provided - validate against existing userauth custom claims
-                    existing_userauth = await self.userauth_ops.get_userauth(user_uid, get_model=True)
-                    if existing_userauth and existing_userauth.custom_claims:
-                        self._validate_usertype_consistency(userprofile, existing_userauth.custom_claims)
-
             # Step 2: Create UserProfile and UserStatus in database (2 operations only)
             self.logger.info("Creating UserProfile for user: %s", user_uid)
             await self.userprofile_ops.create_userprofile(final_userprofile)
@@ -263,13 +243,13 @@ class UsermultistepOperations:
         userprofile: UserProfile,
         usertype: UserType,
         userauth: Optional[UserAuth] = None,
-        custom_claims: Optional[Dict[str, Any]] = None,
-        user_approval_status: ApprovalStatus = ApprovalStatus.PENDING,
-        user_notes: str = "Created with manual usertype configuration",
         extra_insight_credits_override: Optional[int] = None,
         voting_credits_override: Optional[int] = None,
         subscriptionplan_id_override: Optional[str] = None,
-        creator_uid: Optional[str] = None
+        creator_uid: Optional[str] = None,
+        apply_usertype_associated_subscriptionplan: bool = True,
+        validate_userauth_consistency: bool = False,
+        validate_userauth_exists: bool = False
     ) -> Tuple[str, UserProfile, UserStatus]:
         """
         Create a complete user with manual UserType configuration.
@@ -281,13 +261,13 @@ class UsermultistepOperations:
             userprofile: Complete UserProfile model (mandatory)
             usertype: Manual UserType configuration (mandatory)
             userauth: Optional UserAuth model. If not provided, assumes user exists
-            custom_claims: Optional custom claims to set
-            user_approval_status: User approval status (for custom claims)
-            user_notes: User notes to set in custom claims
-            extra_insight_credits: Override extra credits from usertype
-            voting_credits: Override voting credits from usertype
-            subscription_plan_id: Override subscription plan from usertype default
+            extra_insight_credits_override: Override extra credits from usertype
+            voting_credits_override: Override voting credits from usertype
+            subscriptionplan_id_override: Override subscription plan from usertype default
             creator_uid: Who is creating this user
+            apply_usertype_associated_subscriptionplan: Whether to apply the usertype's default subscription plan
+            validate_userauth_consistency: If True, validates userauth is consistent with userprofile
+            validate_userauth_exists: If True, validates userauth exists in Firebase Auth
 
         Returns:
             Tuple of (user_uid, userprofile, userstatus)
@@ -311,28 +291,49 @@ class UsermultistepOperations:
             )
 
             # Apply subscription to UserStatus in memory if plan specified
-            plan_to_apply = subscriptionplan_id_override or usertype.default_subscription_plan_if_unpaid
-            if plan_to_apply:
-                # For now, we'll apply subscription after UserStatus is created
-                # Future enhancement: Apply subscription directly to UserStatus in memory
-                self.logger.info("Subscription plan %s will be applied after user creation", plan_to_apply)
-
-            # Generate custom claims if not provided
-            if not custom_claims:
-                custom_claims = {
-                    "primary_usertype": str(userprofile.primary_usertype),
-                    "secondary_usertypes": [str(ut) for ut in userprofile.secondary_usertypes],
-                    "organizations_uids": list(final_organizations),
-                    "user_approval_status": str(user_approval_status),
-                    "user_notes": user_notes
-                }
+            plan_to_apply = subscriptionplan_id_override or usertype.default_subscriptionplan_if_unpaid
+            if plan_to_apply and apply_usertype_associated_subscriptionplan:
+                try:
+                    self.logger.info("Applying subscription plan %s to UserStatus", plan_to_apply)
+
+                    # Fetch subscription plan from catalog
+                    subscription_plan = await self.catalog_subscriptionplan_service.get_subscriptionplan(plan_to_apply)
+                    if not subscription_plan:
+                        self.logger.warning("Subscription plan %s not found in catalog, skipping application", plan_to_apply)
+                    else:
+                        # Create UserSubscription using the helper method from subscription operations
+                        # Pass usertype's default auto-renewal end if specified, otherwise use plan default
+                        usertype_auto_renewal_end = getattr(usertype, 'default_subscriptionplan_auto_renewal_end', None)
+                        user_subscription = self.usersubscription_ops.create_subscription_from_subscriptionplan(
+                            plan=subscription_plan,
+                            source=f"usertype_default_{creator_uid or 'system'}",
+                            granted_at=None,  # Will use current time
+                            auto_renewal_end=usertype_auto_renewal_end  # Usertype override or None for plan default
+                        )
+
+                        # Apply subscription to UserStatus (this updates credits and permissions)
+                        userstatus.apply_subscription(
+                            subscription=user_subscription,
+                            add_associated_permissions=True,
+                            remove_previous_subscription_permissions=False,  # First subscription, no existing ones
+                            granted_by=creator_uid or f"system_manual_usertype_{userprofile.user_uid}"
+                        )
+
+                        self.logger.info("Successfully applied subscription plan %s to UserStatus", plan_to_apply)
+
+                except Exception as e:
+                    self.logger.error("Failed to apply subscription plan %s to UserStatus: %s", plan_to_apply, e)
+                    # Don't fail user creation if subscription application fails
+            elif plan_to_apply:
+                self.logger.info("Subscription plan %s will be applied after user creation (apply_usertype_associated_subscriptionplan=False)", plan_to_apply)
 
             # Create user from ready models
             return await self.create_user_from_models(
                 userprofile=userprofile,
                 userstatus=userstatus,
                 userauth=userauth,
-                custom_claims=custom_claims
+                validate_userauth_consistency=validate_userauth_consistency,
+                validate_userauth_exists=validate_userauth_exists
             )
 
         except Exception as e:
@@ -344,13 +345,13 @@ class UsermultistepOperations:
         usertype_id: str,
         userprofile: UserProfile,
         userauth: Optional[UserAuth] = None,
-        custom_claims: Optional[Dict[str, Any]] = None,
-        user_approval_status: ApprovalStatus = ApprovalStatus.PENDING,
-        user_notes: str = "Created from catalog usertype configuration",
         extra_insight_credits_override: Optional[int] = None,
         voting_credits_override: Optional[int] = None,
         subscriptionplan_id_override: Optional[str] = None,
-        creator_uid: Optional[str] = None
+        creator_uid: Optional[str] = None,
+        apply_usertype_associated_subscriptionplan: bool = True,
+        validate_userauth_consistency: bool = False,
+        validate_userauth_exists: bool = False
     ) -> Tuple[str, UserProfile, UserStatus]:
         """
         Create a complete user based on UserType catalog configuration.
@@ -362,13 +363,13 @@ class UsermultistepOperations:
             usertype_id: ID of the UserType configuration to fetch from catalog (mandatory)
             userprofile: Complete UserProfile model (mandatory)
             userauth: Optional UserAuth model. If not provided, assumes user exists
-            custom_claims: Optional custom claims to set
-            user_approval_status: User approval status (for custom claims)
-            user_notes: User notes to set in custom claims
-            extra_insight_credits: Override extra credits from usertype
-            voting_credits: Override voting credits from usertype
-            subscriptionplan_id: Override subscription plan from usertype default
+            extra_insight_credits_override: Override extra credits from usertype
+            voting_credits_override: Override voting credits from usertype
+            subscriptionplan_id_override: Override subscription plan from usertype default
             creator_uid: Who is creating this user
+            apply_usertype_associated_subscriptionplan: Whether to apply the usertype's default subscription plan
+            validate_userauth_consistency: If True, validates userauth is consistent with userprofile
+            validate_userauth_exists: If True, validates userauth exists in Firebase Auth
 
         Returns:
             Tuple of (user_uid, userprofile, userstatus)
@@ -385,13 +386,13 @@ class UsermultistepOperations:
                 userprofile=userprofile,
                 usertype=usertype_config,
                 userauth=userauth,
-                custom_claims=custom_claims,
-                user_approval_status=user_approval_status,
-                user_notes=user_notes,
                 extra_insight_credits_override=extra_insight_credits_override,
                 voting_credits_override=voting_credits_override,
                 subscriptionplan_id_override=subscriptionplan_id_override,
-                creator_uid=creator_uid
+                creator_uid=creator_uid,
+                apply_usertype_associated_subscriptionplan=apply_usertype_associated_subscriptionplan,
+                validate_userauth_consistency=validate_userauth_consistency,
+                validate_userauth_exists=validate_userauth_exists
             )
 
         except Exception as e:
@@ -724,3 +725,72 @@ class UsermultistepOperations:
             validation_results["validation_errors"].append(f"Validation process error: {str(e)}")
 
         return validation_results
+
+    async def update_user_usertype(
+        self,
+        user_uid: str,
+        primary_usertype: Optional['IAMUserType'] = None,
+        secondary_usertypes: Optional[List['IAMUserType']] = None,
+        updater_uid: str = "system_usertype_update"
+    ) -> Tuple[UserProfile, Dict[str, Any]]:
+        """
+        Update user's primary and/or secondary usertypes efficiently across UserProfile and Firebase Auth.
+
+        This method leverages existing operations to update usertypes efficiently without
+        unnecessary fetching and model conversions.
+
+        Args:
+            user_uid: The UID of the user to update
+            primary_usertype: New primary usertype (optional, keeps existing if None)
+            secondary_usertypes: New secondary usertypes list (optional, keeps existing if None)
+            updater_uid: Who is performing this update
+
+        Returns:
+            Tuple of (updated_userprofile, updated_custom_claims)
+        """
+        try:
+            self.logger.info("Updating usertypes for user: %s", user_uid)
+
+            # Build update payloads
+            profile_update_data = {}
+            claims_update_data = {}
+
+            if primary_usertype is not None:
+                profile_update_data['primary_usertype'] = primary_usertype
+                claims_update_data['primary_usertype'] = str(primary_usertype)
+
+            if secondary_usertypes is not None:
+                profile_update_data['secondary_usertypes'] = secondary_usertypes
+                claims_update_data['secondary_usertypes'] = [str(ut) for ut in secondary_usertypes]
+
+            # Nothing to update
+            if not profile_update_data:
+                current_profile = await self.userprofile_ops.get_userprofile(user_uid)
+                if not current_profile:
+                    raise UserCreationError(f"User profile not found: {user_uid}")
+                user_record = await self.userauth_ops.get_userauth(user_uid)
+                return current_profile, user_record.custom_claims if user_record else {}
+
+            # Update both in parallel for efficiency
+            await asyncio.gather(
+                self.userprofile_ops.update_userprofile(user_uid, profile_update_data, updater_uid),
+                self.userauth_ops.set_userauth_custom_claims(user_uid, claims_update_data)
+            )
+
+            # Get updated data for return
+            updated_profile, user_record = await asyncio.gather(
+                self.userprofile_ops.get_userprofile(user_uid),
+                self.userauth_ops.get_userauth(user_uid)
+            )
+
+            if not updated_profile:
+                raise UserCreationError(f"Failed to retrieve updated user profile: {user_uid}")
+
+            updated_claims = user_record.custom_claims if user_record else {}
+
+            self.logger.info("Successfully updated usertypes for user: %s", user_uid)
+            return updated_profile, updated_claims
+
+        except Exception as e:
+            self.logger.error("Failed to update usertypes for user %s: %s", user_uid, e)
+            raise UserCreationError(f"Failed to update usertypes for user {user_uid}: {str(e)}") from e