ipulse-shared-core-ftredge 22.1.1__tar.gz → 24.1.1__tar.gz

{ipulse_shared_core_ftredge-22.1.1/src/ipulse_shared_core_ftredge.egg-info → ipulse_shared_core_ftredge-24.1.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ipulse_shared_core_ftredge
-Version: 22.1.1
+Version: 24.1.1
 Summary: Shared Core models and Logger util for the Pulse platform project. Using AI for financial advisory and investment management.
 Home-page: https://github.com/TheFutureEdge/ipulse_shared_core
 Author: Russlan Ramdowar

{ipulse_shared_core_ftredge-22.1.1 → ipulse_shared_core_ftredge-24.1.1}/setup.py

@@ -3,7 +3,7 @@ from setuptools import setup, find_packages
 
 setup(
     name='ipulse_shared_core_ftredge',
-    version='22.1.1',
+    version='24.1.1',
     package_dir={'': 'src'},  # Specify the source directory
     packages=find_packages(where='src'),  # Look for packages in 'src'
     install_requires=[

ipulse_shared_core_ftredge-24.1.1/src/ipulse_shared_core_ftredge/dependencies/auth_firebase_token_validation.py

@@ -0,0 +1,96 @@
+from typing import Optional, Annotated
+from fastapi import Request, HTTPException, Depends, Header
+from firebase_admin import auth
+from ..models.user.userauth import UserAuth
+
+async def verify_firebase_token(
+    request: Request,
+    x_forwarded_authorization: Optional[str] = Header(None),
+    authorization: Optional[str] = Header(None)
+) -> UserAuth:
+    """
+    Verify Firebase ID token and return a UserAuth instance with authenticated user data.
+
+    Args:
+        request: FastAPI request object
+        x_forwarded_authorization: Authorization header from proxy/load balancer
+        authorization: Standard authorization header
+
+    Returns:
+        UserAuth instance with verified user data
+
+    Raises:
+        HTTPException: 401 if token is missing or invalid
+    """
+    # Get token from either x-forwarded-authorization or authorization header
+    token = x_forwarded_authorization or authorization
+
+    if not token or token == "None" or not token.strip():
+        raise HTTPException(
+            status_code=401,
+            detail="Authorization token is missing"
+        )
+
+    try:
+        # Handle potential Header object or string
+        if hasattr(token, '__str__') and not isinstance(token, str):
+            # If it's a Header object or similar, convert to string
+            token_str = str(token)
+            # Check if the string representation looks like a Header object's repr
+            if 'annotation=' in token_str or 'required=' in token_str:
+                # This means we got the internal representation of a Header object
+                # In this case, we need to extract the actual value
+                if hasattr(token, 'default'):
+                    token_str = str(token.default) if token.default is not None else ""
+                else:
+                    token_str = ""
+            elif token_str == "None":
+                token_str = ""
+        else:
+            # It's already a string
+            token_str = token if isinstance(token, str) else str(token)
+
+        # Check if we still have an empty or None token
+        if not token_str or token_str == "None":
+            raise HTTPException(
+                status_code=401,
+                detail="Authorization token is missing"
+            )
+
+        # Remove 'Bearer ' prefix if present
+        token_str = token_str.replace("Bearer ", "")
+
+        # Verify the token
+        decoded_token = auth.verify_id_token(token_str)
+
+        # Create UserAuth instance from decoded token
+        email = decoded_token.get('email')
+        if not email:
+            raise ValueError("Token must contain user email")
+
+        user_auth = UserAuth(
+            email=email,
+            password=None,  # No password for token-based auth
+            display_name=decoded_token.get('name'),
+            user_uid=decoded_token.get('uid'),
+            email_verified=decoded_token.get('email_verified', False),
+            custom_claims=decoded_token.get('custom_claims', {}),
+            phone_number=decoded_token.get('phone_number'),
+            # Note: provider_data, metadata, and timestamps would come from getUserRecord() if needed
+        )
+
+        # Store the full decoded token in request state for use in authorization middleware
+        # This maintains backward compatibility with existing authorization code
+        request.state.user = decoded_token
+
+        return user_auth
+
+    except Exception as e:
+        raise HTTPException(
+            status_code=401,
+            detail=f"Invalid token: {str(e)}"
+        ) from e
+
+# Type alias for dependency injection
+AuthUser = Annotated[UserAuth, Depends(verify_firebase_token)]
+

{ipulse_shared_core_ftredge-22.1.1 → ipulse_shared_core_ftredge-24.1.1}/src/ipulse_shared_core_ftredge/dependencies/authz_for_apis.py

@@ -1,55 +1,52 @@
 import os
 import logging
-import json
 import asyncio
-from concurrent.futures import ThreadPoolExecutor
 from typing import Optional, Iterable, Dict, Any, List
 from datetime import datetime, timedelta, timezone
-import json
 import httpx
 from fastapi import HTTPException, Request
-from google.cloud import firestore
-from ipulse_shared_core_ftredge.exceptions import ServiceError, AuthorizationError, ResourceNotFoundError
+from ipulse_shared_core_ftredge.exceptions import ServiceError, ResourceNotFoundError
 from ipulse_shared_core_ftredge.models import UserStatus
-from ipulse_shared_core_ftredge.utils.json_encoder import convert_to_json_serializable
+from ipulse_shared_core_ftredge.services import UserCoreService
+from ipulse_shared_base_ftredge import ApprovalStatus
 
-# Constants derived from UserStatus model
-USERS_STATUS_COLLECTION_NAME = UserStatus.COLLECTION_NAME
-USERS_STATUS_DOC_REF = f"{UserStatus.OBJ_REF}_" # Use OBJ_REF and append underscore
+# Cache TTL constant
 USERSTATUS_CACHE_TTL = 60 # 60 seconds
 
 class UserStatusCache:
     """Manages user status caching with dynamic invalidation"""
     def __init__(self):
-        self._cache: Dict[str, Dict[str, Any]] = {}
+        self._cache: Dict[str, UserStatus] = {}
         self._timestamps: Dict[str, datetime] = {}
 
-    def get(self, user_uid: str) -> Optional[Dict[str, Any]]:
+    def get(self, user_uid: str) -> Optional[UserStatus]:
         """
         Retrieves user status from cache if available and valid.
 
         Args:
             user_uid (str): The user ID.
 
+        Returns:
+            UserStatus object if cached and valid, None otherwise
         """
         if user_uid in self._cache:
-            status_data = self._cache[user_uid]
+            status_obj = self._cache[user_uid]
             # Force refresh for credit-consuming or sensitive operations
             # Check TTL for normal operations
             if datetime.now() - self._timestamps[user_uid] < timedelta(seconds=USERSTATUS_CACHE_TTL):
-                return status_data
+                return status_obj
             self.invalidate(user_uid)
         return None
 
-    def set(self, user_uid: str, data: Dict[str, Any]) -> None:
+    def set(self, user_uid: str, status: UserStatus) -> None:
         """
-        Sets user status data in the cache.
+        Sets user status object in the cache.
 
         Args:
             user_uid (str): The user ID.
-            data (Dict[str, Any]): The user status data to cache.
+            status (UserStatus): The user status object to cache.
         """
-        self._cache[user_uid] = data
+        self._cache[user_uid] = status
         self._timestamps[user_uid] = datetime.now()
 
     def invalidate(self, user_uid: str) -> None:
@@ -68,61 +65,26 @@ userstatus_cache = UserStatusCache()
 # Replace the logger dependency with a standard logger
 logger = logging.getLogger(__name__)
 
-# Create a custom FirestoreTimeoutError class that can be identified in middlewares
-class FirestoreTimeoutError(TimeoutError):
-    """Custom exception for Firestore timeout errors to make them more identifiable."""
-    pass
-
-
-# Define a function to get a Firestore document with a strict timeout
-async def get_with_strict_timeout(doc_ref, timeout_seconds: float):
-    """
-    Get a Firestore document with a strictly enforced timeout.
-
-    Args:
-        doc_ref: Firestore document reference
-        timeout_seconds: Maximum time to wait in seconds
-
-    Returns:
-        Document snapshot
-
-    Raises:
-        FirestoreTimeoutError: If the operation takes longer than timeout_seconds
-    """
-    loop = asyncio.get_running_loop()
-    with ThreadPoolExecutor() as executor:
-        try:
-            # Run the blocking Firestore get() operation in a thread and apply a strict timeout
-            logger.debug(f"Starting Firestore get with strict timeout of {timeout_seconds}s")
-            return await asyncio.wait_for(
-                loop.run_in_executor(executor, doc_ref.get),
-                timeout=timeout_seconds
-            )
-        except asyncio.TimeoutError:
-            error_message = f"User Status fetching for Authz timed out after {timeout_seconds} seconds, perhaps issue with Firestore Connectivity"
-            logger.error(error_message)
-            raise FirestoreTimeoutError(error_message)
-
-# Update get_userstatus to use our new strict timeout function
 async def get_userstatus(
     user_uid: str,
-    db: firestore.Client,
-    force_fresh: bool = False,
-    timeout: float = 12.0  # Default timeout but allow override
-) -> tuple[Dict[str, Any], bool]:
+    user_core_service: UserCoreService,
+    force_fresh: bool = False
+) -> tuple[UserStatus, bool]:
     """
-    Fetch user status with intelligent caching and configurable timeout
+    Lightweight fetch of user status with caching.
+    Returns UserStatus objects directly for better performance.
 
     Args:
         user_uid: User ID to fetch status for
-        db: Firestore client
+        user_core_service: UserCoreService for data retrieval
         force_fresh: Whether to bypass cache
-        timeout: Timeout for Firestore operations in seconds
 
     Returns:
-        Tuple of (user status data, whether cache was used)
+        Tuple of (UserStatus object, whether cache was used)
     """
     cache_used = False
+
+    # Check cache first unless forced fresh
     if not force_fresh:
         cached_status = userstatus_cache.get(user_uid)
         if cached_status:
@@ -130,60 +92,37 @@ async def get_userstatus(
             return cached_status, cache_used
 
     try:
-        # Get reference to the document
-        userstatus_id = USERS_STATUS_DOC_REF + user_uid
-        user_ref = db.collection(USERS_STATUS_COLLECTION_NAME).document(userstatus_id)
-
-        logger.debug(f"Fetching user status for {user_uid} with strict timeout {timeout}s")
-
-        # Use our strict timeout wrapper instead of the native timeout parameter
-        snapshot = await get_with_strict_timeout(user_ref, timeout)
-
-        if not snapshot.exists:
-            # Log at DEBUG level since this might be expected for new users
-            logger.debug(f"User status document not found for user {user_uid} (document: {userstatus_id})")
+        status_obj = await user_core_service.get_userstatus(user_uid)
+        if not status_obj:
             raise ResourceNotFoundError(
-                resource_type="authz_for_apis>userstatus",
-                resource_id=userstatus_id,
-                additional_info={"user_uid": user_uid, "context": "authorization"}
+                resource_type="UserStatus",
+                resource_id=user_uid,
+                additional_info={"message": "User status not found"}
             )
 
-        status_data = snapshot.to_dict()
-
-        # Only cache if not forced fresh
-        if not force_fresh:
-            userstatus_cache.set(user_uid, status_data)
-        return status_data, cache_used
+        # Ensure we have a UserStatus object
+        if not isinstance(status_obj, UserStatus):
+            # If it's a dict, convert to UserStatus
+            if isinstance(status_obj, dict):
+                status_obj = UserStatus(**status_obj)
+            else:
+                raise ValueError(f"Expected UserStatus object or dict, got {type(status_obj)}")
 
-    except ResourceNotFoundError:
-        # Re-raise ResourceNotFoundError as-is - don't wrap in ServiceError
-        raise
-    except (TimeoutError, FirestoreTimeoutError) as e:
-        logger.error(f"Timeout while fetching user status for {user_uid}: {str(e)}")
-        raise ServiceError(
-            operation="fetching user status for authz",
-            error=e,
-            resource_type="userstatus",
-            resource_id=user_uid,
-            additional_info={
-                "force_fresh": force_fresh,
-                "collection": USERS_STATUS_COLLECTION_NAME,
-                "timeout_seconds": timeout
-            }
-        )
     except Exception as e:
-        logger.error(f"Error fetching user status for {user_uid}: {str(e)}")
+        logger.error(f"Error fetching user status via UserCoreService: {str(e)}")
         raise ServiceError(
-            operation=f"fetching user status",
+            operation="fetching user status for authz via UserCoreService",
             error=e,
-            resource_type="userstatus",
-            resource_id=user_uid,
-            additional_info={
-                "force_fresh": force_fresh,
-                "collection": USERS_STATUS_COLLECTION_NAME
-            }
+            resource_type="UserStatus",
+            resource_id=user_uid
         ) from e
 
+    # Cache the UserStatus object
+    if not force_fresh:
+        userstatus_cache.set(user_uid, status_obj)
+
+    return status_obj, cache_used
+
 def _validate_resource_fields(fields: Dict[str, Any]) -> List[str]:
     """
     Filter out invalid fields similar to BaseFirestoreService validation.
@@ -228,19 +167,18 @@ async def extract_request_fields(request: Request) -> Optional[List[str]]:
 # Main authorization function with configurable timeout
 async def authorizeAPIRequest(
     request: Request,
-    db: firestore.Client,
+    user_core_service: UserCoreService,  # UserCoreService instance for better integration
     request_resource_fields: Optional[Iterable[str]] = None,
-    firestore_timeout: float = 15.0  # Allow specifying timeout
+
 ) -> Dict[str, Any]:
     """
     Authorize API request based on user status and OPA policies.
-    Enhanced with credit check information and proper exception handling.
+    Enhanced to use UserCoreService when available and fetch usertype from Firebase custom claims.
 
     Args:
         request: The incoming request
-        db: Firestore client
+        user_core_service: UserCoreService instance for better integration
         request_resource_fields: Fields being accessed/modified in the request
-        firestore_timeout: Timeout for Firestore operations in seconds
 
     Returns:
         Authorization result containing decision details
@@ -254,34 +192,76 @@ async def authorizeAPIRequest(
         if not request_resource_fields:
             request_resource_fields = await extract_request_fields(request)
 
-        # Extract request context
-        user_uid = request.state.user.get('uid')
+        # Extract request context and Firebase user claims
+        firebase_user = request.state.user
+        user_uid = firebase_user.get('uid')
         if not user_uid:
-            # Log authorization failures at DEBUG level, not ERROR
             logger.debug(f"Authorization denied for {request.method} {request.url.path}: No user UID found")
             raise HTTPException(
                 status_code=403,
                 detail="Not authorized to access this resource"
             )
 
-        # Determine if we need fresh status
+        # Get usertype information from Firebase custom claims (primary source)
+        custom_claims = firebase_user.get('custom_claims', {}) or firebase_user.get('claims', {})
+        primary_usertype = custom_claims.get('primary_usertype')
+        secondary_usertypes = custom_claims.get('secondary_usertypes', [])
+        user_approval_status = custom_claims.get('user_approval_status', str(ApprovalStatus.UNKNOWN))
+
+        # Determine if we need fresh status for permissions and credits
         force_fresh = _should_force_fresh_status(request)
-        userstatus, cache_used = await get_userstatus(
-            user_uid,
-            db,
+        user_status_obj, cache_used = await get_userstatus(
+            user_uid=user_uid,
+            user_core_service=user_core_service,
             force_fresh=force_fresh,
-            timeout=firestore_timeout  # Pass the specified timeout
         )
 
-        # Prepare authorization input that matches OPA expectations
-        # Extract required values from user status
-        primary_usertype = userstatus.get("primary_usertype")
-        secondary_usertypes = userstatus.get("secondary_usertypes", [])
+        # Perform comprehensive review and cleanup synchronously to ensure accurate auth data
+        if user_core_service:
+            try:
+                review_result = await user_core_service.review_and_clean_active_subscription_credits_and_permissions(
+                    user_uid=user_uid,
+                    updater_uid="Auto-AuthzMiddlewareDependency",
+                    review_auto_renewal=True,
+                    apply_fallback=True,
+                    clean_expired_permissions=True,
+                    review_credits=True
+                )
+
+                # Refresh user status after comprehensive review if any actions were taken
+                if review_result.get('actions_taken'):
+                    logger.info(f"Auth middleware performed comprehensive review for user {user_uid}: {review_result['actions_taken']}")
+                    # Use the updated UserStatus returned from the review function
+                    if 'updated_userstatus' in review_result:
+                        user_status_obj = review_result['updated_userstatus']
+                        # Invalidate cache since we updated the user status
+                        userstatus_cache.invalidate(user_uid)
+                        # Update cache with the new status
+                        userstatus_cache.set(user_uid, user_status_obj)
+
+            except Exception as e:
+                logger.warning(f"Comprehensive review failed for user {user_uid} during auth: {str(e)}")
+                # Continue with existing status if review fails
+
+        # Get valid permissions after comprehensive review
+        valid_permissions_objs = user_status_obj.get_valid_permissions()
+
+        # Convert UserPermission objects to minimal serializable format for OPA
+        valid_permissions = [
+            {
+                "domain": perm.domain,
+                "iam_unit_type": str(perm.iam_unit_type),  # Convert enum to string
+                "permission_ref": perm.permission_ref
+            }
+            for perm in valid_permissions_objs
+        ]
 
-        # Extract IAM permissions
-        iam_permissions = userstatus.get("iam_permissions", {})
+        # Extract active subscription plan ID
+        active_subscription_plan_id = None
+        if user_status_obj.active_subscription is not None:
+            active_subscription_plan_id = user_status_obj.active_subscription.plan_id
 
-        # Format the authz_input to match what the OPA policies expect
+        # Format the authz_input for OPA (optimized for speed)
         authz_input = {
             "api_url": request.url.path,
             "requestor": {
@@ -289,39 +269,34 @@ async def authorizeAPIRequest(
                 "primary_usertype": primary_usertype,
                 "secondary_usertypes": secondary_usertypes,
                 "usertypes": [primary_usertype] + secondary_usertypes if primary_usertype else secondary_usertypes,
-                "email_verified": request.state.user.get("email_verified", False),
-                "iam_permissions": iam_permissions,
-                "sbscrptn_based_insight_credits": userstatus.get("sbscrptn_based_insight_credits", 0),
-                "extra_insight_credits": userstatus.get("extra_insight_credits", 0)
+                "email_verified": firebase_user.get("email_verified", False),
+                "user_approval_status": user_approval_status,
+                "iam_permissions": valid_permissions,
+                "sbscrptn_based_insight_credits": user_status_obj.sbscrptn_based_insight_credits or 0,
+                "extra_insight_credits": user_status_obj.extra_insight_credits or 0,
+                "active_subscription_plan_id": active_subscription_plan_id
             },
             "method": request.method.lower(),
             "request_resource_fields": request_resource_fields
         }
 
-        # Convert any non-serializable objects to JSON serializable format
-        # Using the unified utility from utils
-        json_safe_authz_input = convert_to_json_serializable(authz_input)
+        # PERFORMANCE OPTIMIZATION: Skip convert_to_json_serializable() and json.dumps()
+        # The authz_input structure above contains only JSON-safe types:
+        # - strings, integers, booleans, lists of strings, and simple dicts
+        # - No datetime objects, enums, or complex Pydantic models
+        # - httpx.post(json=...) handles serialization efficiently
+        # This saves ~2-5ms per request on a high-frequency auth endpoint
 
-        # Query OPA
+        # Query OPA (optimized for speed - no unnecessary serialization)
         opa_url = f"{os.getenv('OPA_SERVER_URL', 'http://localhost:8181')}{os.getenv('OPA_DECISION_PATH', '/v1/data/http/authz/ingress/decision')}"
-        logger.debug(f"Attempting to connect to OPA at: {opa_url}")
-
-        # Debug: Print raw JSON payload to identify any potential issues
-        try:
-            payload_json = json.dumps({"input": json_safe_authz_input})
-            logger.debug(f"OPA Request JSON payload: {payload_json}")
-        except Exception as json_err:
-            logger.error(f"Error serializing OPA request payload: {json_err}")
 
         async with httpx.AsyncClient() as client:
             try:
                 response = await client.post(
                     opa_url,
-                    json={"input": json_safe_authz_input},
-                    timeout=5.0  # 5 seconds timeout
+                    json={"input": authz_input},
+                    timeout=5.0
                 )
-                logger.debug(f"OPA Response Status: {response.status_code}")
-                # logger.debug(f"OPA Response Body: {response.text}")
 
                 if response.status_code != 200:
                     logger.error(f"OPA authorization failed: {response.text}")
@@ -331,36 +306,32 @@ async def authorizeAPIRequest(
                     )
 
                 result = response.json()
-                logger.debug(f"Parsed OPA response: {result}")
 
-                # Handle unusual OPA response formats
-                if "result" in result:
-                    opa_decision = result["result"]
-                else:
-                    logger.warning(f"OPA response missing 'result' field, using default")
+                # Handle OPA response format
+                if "result" not in result:
+                    logger.warning("OPA response missing 'result' field")
                     raise HTTPException(
                         status_code=500,
                         detail="Authorization service error: OPA response format unexpected"
                     )
 
-                # Extract key fields from result with better default handling
+                opa_decision = result["result"]
                 allow = opa_decision.get("allow", False)
 
-                # Handle authorization denial - log at DEBUG level, not ERROR
+                # Handle authorization denial
                 if not allow:
-                    logger.debug(f"Authorization denied for {request.method} {request.url.path}: insufficient permissions")
+                    logger.debug(f"Authorization denied for {request.method} {request.url.path}")
                     raise HTTPException(
                         status_code=403,
                         detail=f"Not authorized to {request.method} {request.url.path}"
                     )
 
             except httpx.RequestError as e:
-                # Only log actual system errors at ERROR level
                 logger.error(f"Failed to connect to OPA: {str(e)}")
                 raise HTTPException(
                     status_code=500,
                     detail="Authorization service temporarily unavailable"
-                )
+                ) from e
 
         # More descriptive metadata about the data freshness
         return {

{ipulse_shared_core_ftredge-22.1.1 → ipulse_shared_core_ftredge-24.1.1}/src/ipulse_shared_core_ftredge/exceptions/base_exceptions.py

@@ -21,7 +21,7 @@ class BaseServiceException(HTTPException):
         self.original_error = original_error
 
         # Get full traceback if there's an original error
-        if original_error:
+        if original_error and hasattr(original_error, '__traceback__'):
             self.traceback = ''.join(traceback.format_exception(
                 type(original_error),
                 original_error,
@@ -69,18 +69,26 @@ class ServiceError(BaseServiceException):
     def __init__(
         self,
         operation: str,
-        error: Exception,
+        error: Any,  # Allow string or exception
         resource_type: str,
         resource_id: Optional[str] = None,
         additional_info: Optional[Dict[str, Any]] = None
     ):
+        # If a string is passed as an error, wrap it in a generic Exception
+        if isinstance(error, str):
+            original_error = Exception(error)
+            error_detail = error
+        else:
+            original_error = error
+            error_detail = str(error)
+
         super().__init__(
             status_code=500,
-            detail=f"Error during {operation}: {str(error)}",
+            detail=f"Error during {operation}: {error_detail}",
             resource_type=resource_type,
             resource_id=resource_id,
             additional_info=additional_info,
-            original_error=error
+            original_error=original_error
         )
 
 

{ipulse_shared_core_ftredge-22.1.1 → ipulse_shared_core_ftredge-24.1.1}/src/ipulse_shared_core_ftredge/models/__init__.py

@@ -1,4 +1,4 @@
 from .base_data_model import BaseDataModel
 from .base_api_response import BaseAPIResponse , CustomJSONResponse, CreditChargeableAPIResponse, UserCreditBalance, UpdatedUserCreditInfo
-from .user import UserProfile, UserSubscription, UserStatus, UserAuth, UserPermission
+from .user import UserProfile, UserSubscription, UserStatus, UserAuth, UserAuthCreateNew, UserPermission
 from .catalog import SubscriptionPlan, ProrationMethod, PlanUpgradePath, UserType

{ipulse_shared_core_ftredge-22.1.1 → ipulse_shared_core_ftredge-24.1.1}/src/ipulse_shared_core_ftredge/models/catalog/subscriptionplan.py

@@ -7,6 +7,7 @@ These templates are used to create actual user subscriptions with consistent set
 
 from typing import Dict, Any, Optional, ClassVar, List
 from enum import StrEnum
+from datetime import datetime, timezone, timedelta
 from pydantic import Field, ConfigDict, field_validator,model_validator, BaseModel
 from ipulse_shared_base_ftredge import (Layer, Module, list_enums_as_lower_strings,
                                         Subject, SubscriptionPlanName,ObjectOverallStatus,
@@ -187,8 +188,8 @@ class SubscriptionPlan(BaseDataModel):
     )
 
     # Default settings
-    plan_default_auto_renewal: bool = Field(
-        ...,
+    plan_default_auto_renewal_end: Optional[datetime] = Field(
+        default=None,
         description="Default auto-renewal setting for new subscriptions",
         frozen=True
     )
@@ -201,7 +202,7 @@ class SubscriptionPlan(BaseDataModel):
 
     # Fallback configuration
     fallback_plan_id_if_current_plan_expired: Optional[str] = Field(
-        ...,
+        None,
         description="Plan to fall back to when this plan expires (None for no fallback)",
         frozen=True
     )

{ipulse_shared_core_ftredge-22.1.1 → ipulse_shared_core_ftredge-24.1.1}/src/ipulse_shared_core_ftredge/models/catalog/usertype.py

@@ -7,6 +7,7 @@ based on their user type (superadmin, admin, internal, authenticated, anonymous)
 """
 
 from typing import Dict, Any, Optional, ClassVar, List
+from datetime import datetime
 from pydantic import Field, ConfigDict, field_validator, model_validator
 from ipulse_shared_base_ftredge import Layer, Module, list_enums_as_lower_strings, Subject, ObjectOverallStatus
 from ipulse_shared_base_ftredge.enums.enums_iam import IAMUserType
@@ -97,12 +98,18 @@ class UserType(BaseDataModel):
     )
 
     # Subscription defaults
-    default_subscription_plan_if_unpaid: Optional[str] = Field(
+    default_subscriptionplan_if_unpaid: Optional[str] = Field(
         default=None,
         description="Default subscription plan ID to assign if user has no active subscription",
         frozen=True
     )
 
+    default_subscriptionplan_auto_renewal_end: Optional[datetime] = Field(
+        default=None,
+        description="Default auto-renewal end date to apply when assigning default_subscriptionplan_if_unpaid",
+        frozen=True
+    )
+
     # Additional metadata
     metadata: Dict[str, Any] = Field(
         default_factory=dict,

{ipulse_shared_core_ftredge-22.1.1 → ipulse_shared_core_ftredge-24.1.1}/src/ipulse_shared_core_ftredge/models/user/__init__.py

@@ -2,4 +2,4 @@ from .userprofile import UserProfile
 from .user_subscription import UserSubscription
 from .user_permissions import UserPermission
 from .userstatus import UserStatus
-from .userauth import UserAuth
+from .userauth import UserAuth, UserAuthCreateNew