firebase-security-rules

Setting firestore security rules without using Firebase Authentication

三世轮回 提交于 2019-12-10 18:09:59
问题 I have an angular web application and I am not using Firebase Authentication, for logging in my users, as it's done via a service. Right now, my firestore account has full access, anyone can perform any operation. I read the documentation of security rules and everywhere it mentioned firebase auth. Is there a way to define rules, without using firebase auth? 回答1: You can certainly use security rules without Firebase Auth, but you won't be able to write any rules that depend on identifying the

How to validate user with respect to my Realtime Database along with OTP verification?

非 Y 不嫁゛ 提交于 2019-12-08 09:07:23
问题 I have created an Android app in Android Studio and linked it with Firebase Realtime database. I have used Firebase's Authentication by phone and Notification Services to send OTP to the CUG phone no. and then verify it(The code is given below). public class PhoneLogin extends AppCompatActivity { private static final String TAG = "PhoneLogin"; private boolean mVerificationInProgress = false; private String mVerificationId; private PhoneAuthProvider.ForceResendingToken mResendToken; private

Firestore Rules: validate data does not have field

旧城冷巷雨未停 提交于 2019-12-08 08:24:42
问题 So I currently have two roles for all users: isAdmin and isReader. An Admin is allowed to read and write data and an Reader is allowed to read data. When someone creates an account he has no rights. Not even isReader . Only an Admin can change rules. This is how I planned to do it: Once someone creates an account I create an Document in the Users Collection like this: uid: user.uid, email: user.email, role: { isAdmin: false, isReader: false, } On each login I update 'email' and uid but keep

request.auth.token.email not present in the rules

邮差的信 提交于 2019-12-08 08:16:28
Our app uses Firebase as the back end database. Firebase provides authentication for our app with google as the only provider. The authentication works fine. I am getting a "SUCCESS" in the authentication result. I would like to change my firebase rules so only the users that are present in a collection can access the data. For it, I have the rules in firebase to control access to the data. The rules are not working when I use any variables from request.auth.(where as the same works from a simulator) Below rule working in both app and simulator: match /restaurants/{$rId}/addresses/{document=**

How to track down source of “Missing or insufficient permissions” in Firestore?

眉间皱痕 提交于 2019-12-08 07:23:06
问题 NOTE: This question is not about how to resolve any particular "Missing or insufficient permissions" Firestore error. This question is about tracking down the source of the error. Every other question on S.O. that I've been able to find that references this error in Firestore is asking a different question, so please read through the entire question and check creation dates on any other questions you find before you try to mark this as a duplicate. tl;dr: Is there a good way to track down

request.auth.token.email not present in the rules

烂漫一生 提交于 2019-12-08 06:32:18
问题 Our app uses Firebase as the back end database. Firebase provides authentication for our app with google as the only provider. The authentication works fine. I am getting a "SUCCESS" in the authentication result. I would like to change my firebase rules so only the users that are present in a collection can access the data. For it, I have the rules in firebase to control access to the data. The rules are not working when I use any variables from request.auth.(where as the same works from a

Firebase Security rules to restrict access on all paths but one?

亡梦爱人 提交于 2019-12-08 06:14:58
问题 Question: For the different top-level firestore collections below, how to restrict access to all but one of the paths? We are building a data schema in Firestore to support a chat app for teachers across multiple schools. The top-level firestore collections include: /siteAdminUsers /schools /schools/{schoolId}/teachers /schools/{schoolId}/chats Below is the security rules setup we are trying now - where we check for: valid user auth expected value exists in userClaim variable request.auth

Firestore auth rule to test reference value in list

泪湿孤枕 提交于 2019-12-08 05:11:17
问题 I'm trying to create a Firestore auth rule that checks the current user against a list of team members in a team document. The members are stored as document references so I've been trying things like this: match /teams/{document=**} { allow read: if path("/users/" + request.auth.uid) in resource.data.members; } But when I try and access the team document I get told there is an Auth failure. Each team member has their own document in /users using their UID as a key. So a user might be /users

How do you keep your custom claims in sync with roles stored in Firebase database

試著忘記壹切 提交于 2019-12-08 03:29:53
问题 This question is lifted from a comment on another thread and I figued that it was a good question that yet didn't have any answer on SO. How would i link my users in auth, to their specific profiles in the database? (profile contains, full name, usertype, etc.) The context of the question is referring to the different strategies of storing user auth access logic in the database and/or as custom claims. And how do you maintain those two to be in sync (Is there any function in User

Authentication for firebase hosting

不羁的心 提交于 2019-12-07 02:32:23
问题 I have a static app hosted on Firebase hosting whose backend is also on Firebase(communicating using firebase JS api). I want to add a simple auth page to all pages of this website so that only users I want can access this site. Is this possible? Looked at the docs but didn't find anything that helps me in this regard. 回答1: You can do this using Firebase Functions, and an Express call. Put all of your static files into a folder named functions/admin and put this function into functions/index
订阅 firebase-security-rules