Is it possible to throw an Auth Error from HTTPs callble functions?
I mean, instead of this
if (err.code === "auth/email-already-exists") {
throw new functions.https.HttpsError(
"invalid-argument",
"The email address is already in use by other account"
);
}
something like
exports.signUp = functions
.region("us-central1")
.runWith({ memory: "2GB", timeoutSeconds: 120 })
.https.onCall(async (data, context) => {
...
if (err.code === "auth/email-already-exists") {
throw err;
}
...
}
Callable Functions should return an instance of HttpsError which requires gRPC error codes so the details of the error are properly transmitted to calling clients. If you throw a different error type, the client will only see a HttpsError with the code and message "internal" - no specifics will be sent to the client for safety.
If you want to pass through the error code of a Firebase Error, you can do so using the third argument. Also consider using "failed-precondition" (preferred) or "already-exists" (if it's a resource) instead.
if (err.code === "auth/email-already-exists") {
throw new functions.https.HttpsError(
"invalid-argument",
"The email address is already in use by other account",
{ code: err.code }
);
}
Related
I've made firebase cloud function which adds the claim to a user that he or she has paid (set paid to true for user):
const admin = require("firebase-admin");
exports.addPaidClaim = functions.https.onCall(async (data, context) => {
// add custom claim (paid)
return admin.auth().setCustomUserClaims(data.uid, {
paid: true,
}).then(() => {
return {
message: `Succes! ${data.email} has paid for the course`,
};
}).catch((err) => {
return err;
});
});
However, when I'm running this function: I'm receiving the following error: "Unhandled Rejection (RangeError): Maximum call stack size exceeded". I really don't understand why this is happening. Does somebody see what could cause what's getting recalled which in turn causes the function to never end?
Asynchronous operations need to return a promise as stated in the documentation. Therefore, Cloud Functions is trying to serialize the data contained by promise returned by transaction, then send it in JSON format to the client. I believe your setCustomClaims does not send any object to consider it as an answer to the promise to finish the process so it keeps in a waiting loop that throws the Range Error.
To avoid this error I can think of two different options:
Add a paid parameter to be able to send a JSON response (and remove the setCustomUserClaim if it there isn’t any need to change the user access control because they are not designed to store additional data) .
Insert a promise that resolves and sends any needed information to the client. Something like:
return new Promise(function(resolve, reject) {
request({
url: URL,
method: "POST",
json: true,
body: queryJSON //A json variable I've built previously
}, function (error, response, body) {
if (error) {
reject(error);
}
else {
resolve(body)
}
});
});
I've just upgraded to using Firebase Cloud Functions v1.x. According to this answer
Callable functions are exactly the same as HTTP functions
With that in mind, I've tried to convert my pre-1.x mock-code:
export const myHttpAction = functions.https.onRequest((req, res) => {
try {
const result = await myHttpActionWorker(req.body);
return res.send({ status: 'OK' });
} catch (err) {
console.error(err);
return res.status(500).send({ status: 'Server error' });
}
});
to the following:
export const myHttpAction = functions.https.onCall(async (data, context) => {
console.log(context.auth);
try {
const result = await myHttpActionWorker(data);
return { status: 'OK' };
} catch (err) {
console.error(err);
return { status: 'Server error' };
}
});
But upon submission to my endpoint, /myHttpAction, with the same data that I used in pre-1.x, I get the following back:
{
"error": {
"status": "INVALID_ARGUMENT",
"message": "Bad Request"
}
}
I'm not sure why the request is "bad" since it's exactly the same and Callable functions are "exactly the same". Any idea what gives?
My package.json specifies "firebase-functions": "^1.0.1".
You're misunderstanding what was meant by "exactly the same" (and omitting the entire remainder of the answer!). They're the same in terms of security (as the original question was asking), because a callable function is an HTTP function, with extra stuff going on behind the scenes that managed by the callable client SDK. The answer lists out those differences. Those differences don't have any effect on security. But you can't simply swap in a callable for an HTTP function and expect everything to be the same for existing callers.
If you want to invoke a callable function without using the client SDK, you'll have to follow its protocol specification. The documentation on that is forthcoming, but you can get the basics here:
How to call Firebase Callable Functions with HTTP?
I am following the example in the docs:
ref.authWithCustomToken(authToken, function(error, authData) {
if (error) {
console.log("Authentication Failed!", error);
} else {
console.log("Authenticated successfully with payload:", authData);
}
});
If I pass an invalid token to authWithCustomToken (e.g. authToken is undefined) , it throws an Error, rather than passing an error code to the callback. In other words, neither console.log is executed, but this error is thrown:
First argument must be a valid credential (a string).
Wrapping it in try catch solves the problem easily enough, but I didn't see any mention in the docs. Is it the intended behaviour?
In my use-case the token is passed through a url, so an undefined parameter is a possible error condition.
From firebase-debug.js:
if (!goog.isString(cred)) {
throw new Error(fb.util.validation.errorPrefix(fnName, argumentNumber, optional) + "must be a valid credential (a string).");
}
What probably happened:
You passed a non-string value as authToken so the error not happened in the Firebase (server) side, it happened in the client side (your side) so it will be not reported on the callback function but as Javascript exception in your code.
Possible workaround (I don't know why, but if you want)
If you want to pass a variable as authToken and it could not be a string, and you still want to get the "Wrong credentials" error, instead of type validation, then you need to force string conversion using:
var ref = new Firebase("https://<YOUR-FIREBASE-APP>.firebaseio.com");
var numberAuthToken = 212312312312312; // number
var stringAuthToken = String(numberAuthToken);
ref.authWithCustomToken(stringAuthToken, function(error, authData) {
if (error) {
console.log("Authentication Failed!", error);
} else {
console.log("Authenticated successfully with payload:", authData);
}
});
But it not makes sense for me. :)
I am building user authentication in my website using Angular and Firebase's Email & Password authentication framework. This is NOT using the Firebase Simple Login Framework but the newly introduced native framework.
My code links to Firebase using:
<script src="https://cdn.firebase.com/js/client/1.1.0/firebase.js"></script>
I can create users, login and so on but the ResetPassword call fails with the following error.
Error: Firebase.resetPassword failed: First argument must be a valid object.
at Error (native)
at E (https://cdn.firebase.com/js/client/1.1.0/firebase.js:15:73)
at F.G.td (https://cdn.firebase.com/js/client/1.1.0/firebase.js:192:79)
at Object.resetPassword (http://localhost:8000/src/js/services/loginservice.js:78:27)
at k.$scope.resetPassword (http://localhost:8000/src/js/controllers.js:35:20)
at http://ajax.googleapis.com/ajax/libs/angularjs/1.2.26/angular.min.js:177:68
at http://ajax.googleapis.com/ajax/libs/angularjs/1.2.26/angular.min.js:171:237
at f (http://ajax.googleapis.com/ajax/libs/angularjs/1.2.26/angular.min.js:194:174)
at k.$eval (http://ajax.googleapis.com/ajax/libs/angularjs/1.2.26/angular.min.js:112:68)
at k.$apply (http://ajax.googleapis.com/ajax/libs/angularjs/1.2.26/angular.min.js:112:346)
The code I use is from the firebase example as follows:
ref.resetPassword(email, function(error) {
if (error === null) {
console.log("Password reset email sent successfully");
} else {
console.log("Error sending password reset email:", error);
}
});
I have verified that a valid email id is being passed in.
Can you please let me know what the issue is?
Thanks in advance
vm
According to the firebase documentation, you should be passing in an object not a string.
https://www.firebase.com/docs/web/api/firebase/resetPassword.html
var credentials = {email: email};
ref.resetPassword(credentials, function(error) {
if (error === null) {
console.log("Password reset email sent successfully");
} else {
console.log("Error sending password reset email:", error);
}
}
I have found that using an object no longer works, it would keep giving me "First argument must contain the key "email", even then the object was as the answer above.
After much frustration i got it working passing the email parameter as per the firebase docs.
$scope.resetPassword = function(email){
console.log("made in to auth method for reset passowrd with email - " + email);
ref.resetPassword({
email: email
}, function(error) {
if (error) {
switch (error.code) {
case "INVALID_USER":
console.log("The specified user account does not exist.");
break;
default:
console.log("Error resetting password:", error);
}
} else {
console.log("Password reset email sent successfully!");
}
});
}
I'm hoping to be able to customise the error objects that are passed to the client if an exception occurs on the server.
I'm using the 'then' function on the client to handle success and failure:
hub.server.login(username, password).then(function(result) {
// use 'result'
}, function(error) {
// use 'error'
});
If the login succeeds, 'result' is the return value of the Login method on the server. If the login fails, I throw an exception of 'CustomException'. This is an exception with a 'Code' property.
if (!IsValidLogin(username, password))
throw new CustomException { Code: "BADLOGIN", Message: "Invalid login details" };
If I have detailed exceptions enabled, the 'error' argument on the client is 'Invalid login details' - the Message property of the exception.
Is there any way I can selectively change the error result from a string to a complex object? i.e. if 'CustomException' is thrown in a hub method, return a {Code:[...], Message:[...]} object for the client-side fail handler?
This should demonstrate what I'd like to see on the client:
hub.server.login(username, password).then(function(userInfo) {
alert("Hello " + userInfo.Name);
}, function(err) {
if (err.Code === "BADLOGIN.USERNAME")
alert("Unrecognised user name");
else if (err.Code === "BADLOGIN.PASSWORD");
alert("Invalid password");
else
alert("Unknown error: " + err.Message);
});
(Note the 'Code' and 'Message' properties on 'err').
When you call MapHubs with EnabledDetailedErrors set to true as follows:
RouteTable.Routes.MapHubs(new HubConfiguration { EnableDetailedErrors = true });
you will receive your Exception's Message string as the parameter to your fail handler.
I see that you have already figured this out, but I'm including the server side code to enable detailed errors for anyone else who might find this question later.
Unfortunately there is no easy way to send a complex object to the fail handler.
You could do something like this though:
if (!IsValidUsername(username))
{
var customEx = new CustomException { Code: "BADLOGIN.USERNAME", Message: "Invalid login details" };
throw new Exception(JsonConvert.SerializeObject(customEx));
}
if (!IsValidPassword(username, password))
{
var customEx = new CustomException { Code: "BADLOGIN.PASSWORD", Message: "Invalid login details" };
throw new Exception(JsonConvert.SerializeObject(customEx));
}
Then on the client:
hub.server.login(username, password).then(function(userInfo) {
alert("Hello " + userInfo.Name);
}, function(errJson) {
var err = JSON.parse(errJson);
if (err.Code === "BADLOGIN.USERNAME")
alert("Unrecognised user name");
else if (err.Code === "BADLOGIN.PASSWORD");
alert("Invalid password");
else
alert("Unknown error: " + err.Message);
});
I know this is ugly, but it should work.