firebase · joehan · Sep 24, 2025 · Sep 23, 2025 · Sep 23, 2025 · Sep 23, 2025
diff --git a/src/gcp/auth.spec.ts b/src/gcp/auth.spec.ts
@@ -189,7 +189,7 @@ describe("auth", () => {
         })
         .reply(200, {});
 
-      const result = await auth.disableUser(PROJECT_ID, "test-uid", true);
+      const result = await auth.toggleUserEnablement(PROJECT_ID, "test-uid", true);
 
       expect(result).to.be.true;
       expect(nock.isDone()).to.be.true;
@@ -204,7 +204,9 @@ describe("auth", () => {
         })
         .reply(404, { error: { message: "Not Found" } });
 
-      await expect(auth.disableUser(PROJECT_ID, "test-uid", true)).to.be.rejectedWith("Not Found");
+      await expect(auth.toggleUserEnablement(PROJECT_ID, "test-uid", true)).to.be.rejectedWith(
+        "Not Found",
+      );
       expect(nock.isDone()).to.be.true;
     });
   });

diff --git a/src/gcp/auth.ts b/src/gcp/auth.ts
@@ -200,7 +200,7 @@ export async function listUsers(project: string, limit: number): Promise<UserInf
  * @param disabled sets whether the user is marked as disabled (true) or enabled (false).
  * @return the call succeeded (true).
  */
-export async function disableUser(
+export async function toggleUserEnablement(
   project: string,
   uid: string,
   disabled: boolean,

diff --git a/src/mcp/tools/auth/disable_user.spec.ts b/src/mcp/tools/auth/disable_user.spec.ts
diff --git a/src/mcp/tools/auth/disable_user.ts b/src/mcp/tools/auth/disable_user.ts
diff --git a/src/mcp/tools/auth/index.ts b/src/mcp/tools/auth/index.ts
@@ -1,7 +1,6 @@
 import { ServerTool } from "../../tool";
+import { update_user } from "./update_user";
 import { get_users } from "./get_users";
-import { disable_user } from "./disable_user";
-import { set_claim } from "./set_claims";
 import { set_sms_region_policy } from "./set_sms_region_policy";
 
-export const authTools: ServerTool[] = [get_users, disable_user, set_claim, set_sms_region_policy];
+export const authTools: ServerTool[] = [get_users, update_user, set_sms_region_policy];
diff --git a/src/mcp/tools/auth/set_claims.spec.ts b/src/mcp/tools/auth/set_claims.spec.ts
diff --git a/src/mcp/tools/auth/set_claims.ts b/src/mcp/tools/auth/set_claims.ts
diff --git a/src/mcp/tools/auth/update_user.spec.ts b/src/mcp/tools/auth/update_user.spec.ts
@@ -0,0 +1,106 @@
+import { expect } from "chai";
+import * as sinon from "sinon";
+import { update_user } from "./update_user";
+import * as auth from "../../../gcp/auth";
+import { McpContext } from "../../types";
+import * as util from "../../util";
+
+describe("update_user tool", () => {
+  const projectId = "test-project";
+  let setCustomClaimsStub: sinon.SinonStub;
+  let toggleuserEnablementStub: sinon.SinonStub;
+  let mcpErrorStub: sinon.SinonStub;
+
+  beforeEach(() => {
+    setCustomClaimsStub = sinon.stub(auth, "setCustomClaim");
+    toggleuserEnablementStub = sinon.stub(auth, "toggleUserEnablement");
+    mcpErrorStub = sinon.stub(util, "mcpError");
+  });
+
+  afterEach(() => {
+    sinon.restore();
+  });
+
+  it("should disable a user", async () => {
+    toggleuserEnablementStub.resolves(true);
+
+    const result = await update_user.fn({ uid: "123", disabled: true }, {
+      projectId,
+    } as McpContext);
+
+    expect(result).to.deep.equal({
+      content: [
+        {
+          text: "Successfully updated user 123. User disabled.",
+          type: "text",
+        },
+      ],
+    });
+    expect(toggleuserEnablementStub).to.have.been.calledWith(projectId, "123", true);
+    expect(setCustomClaimsStub).to.not.have.been.called;
+  });
+
+  it("should enable a user", async () => {
+    toggleuserEnablementStub.resolves(true);
+
+    const result = await update_user.fn({ uid: "123", disabled: false }, {
+      projectId,
+    } as McpContext);
+
+    expect(result).to.deep.equal({
+      content: [
+        {
+          text: "Successfully updated user 123. User enabled.",
+          type: "text",
+        },
+      ],
+    });
+    expect(toggleuserEnablementStub).to.have.been.calledWith(projectId, "123", false);
+    expect(setCustomClaimsStub).to.not.have.been.called;
+  });
+
+  it("should set a custom claim", async () => {
+    setCustomClaimsStub.resolves({ uid: "123", customClaims: { admin: true } });
+
+    const result = await update_user.fn(
+      {
+        uid: "123",
+        claim: { key: "admin", value: true },
+      },
+      {
+        projectId,
+      } as McpContext,
+    );
+
+    expect(result).to.deep.equal({
+      content: [
+        {
+          text: "Successfully updated user 123. Claim 'admin' set.",
+          type: "text",
+        },
+      ],
+    });
+    expect(setCustomClaimsStub).to.have.been.calledWith(projectId, "123", { admin: true });
+    expect(toggleuserEnablementStub).to.not.have.been.called;
+  });
+
+  it("should fail to set a custom claim and disable a user", async () => {
+    setCustomClaimsStub.resolves({ uid: "123", customClaims: { admin: true } });
+    toggleuserEnablementStub.resolves(true);
+
+    await update_user.fn(
+      {
+        uid: "123",
+        claim: { key: "admin", value: true },
+        disabled: true,
+      },
+      {
+        projectId,
+      } as McpContext,
+    );
+
+    expect(mcpErrorStub).to.be.calledWith(
+      "Can only enable/disable a user or set a claim, not both.",
+    );
+  });
+});