I am building this app that makes use of cloud firestore. The problem is that firestore is not working. Here is what code I am using
Db.dart
class Db{
// collection reference
static final CollectionReference _collectionReference = Firestore.instance.collection("codes");
static Future addOrUpdateCode(String code , double lat , double long) async {
return await _collectionReference.document(code).setData({
'lat':lat,
'long':long
});
}
}
I have added this line in pubspec.yaml
cloud_firestore: ^0.13.7
I am getting these errors
I/BiChannelGoogleApi(13145): [FirebaseAuth: ] getGoogleApiForMethod() returned Gms: com.google.firebase.auth.api.internal.zzaq#b61eba8
W/Firestore(13145): (21.3.0) [FirestoreCallCredentials]: Failed to get token: com.google.firebase.FirebaseException: An internal error has occurred. [ yRequests to this API securetoken.googleapis.com method google.identity.securetoken.v1.SecureToken.GrantToken are blocked.�
W/Firestore(13145): #type.googleapis.com/google.rpc.Helpq
W/Firestore(13145): o
W/Firestore(13145): Google developer console API keyKhttps://console.developers.google.com/project/280924879656/apiui/credential ].
I/BiChannelGoogleApi(13145): [FirebaseAuth: ] getGoogleApiForMethod() returned Gms: com.google.firebase.auth.api.internal.zzaq#b61eba8
W/Firestore(13145): (21.3.0) [FirestoreCallCredentials]: Failed to get token: com.google.firebase.FirebaseException: An internal error has occurred. [ yRequests to this API securetoken.googleapis.com method google.identity.securetoken.v1.SecureToken.GrantToken are blocked.�
W/Firestore(13145): #type.googleapis.com/google.rpc.Helpq
W/Firestore(13145): o
W/Firestore(13145): Google developer console API keyKhttps://console.developers.google.com/project/280924879656/apiui/credential ].
I/BiChannelGoogleApi(13145): [FirebaseAuth: ] getGoogleApiForMethod() returned Gms: com.google.firebase.auth.api.internal.zzaq#b61eba8
The following APIs are enabled in the cloud console
Register through email/password also enabled in firebase
I am using these rules
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false;
}
}
}
I believe that is enough information. Thank you for your time.
Firestore security rules are not properly configured. See Get started with Cloud Firestore Security Rules.
Since you mentioned you are implementing Firebase Authentication, you're going to want something like the example they provide:
// Allow read/write access on all documents to any user signed in to the application
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;
}
}
}
But note that you're probably also going to want to have multi-level administration which is done via Custom Tokens. See Create Custom Tokens and you'll probably end up with something like a rule allowing admin access to everything and then you'll narrow access from there, e.g.:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth.token.admin == true;
}
match /users/{userId} {
allow read, write: if request.auth.uid == userId;
}
}
}
These rules:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false;
}
}
}
are denying read/write access to all users under any conditions. You have to change them to the following:
// Allow read/write access to all users under any conditions
// Warning: **NEVER** use this rule set in production; it allows
// anyone to overwrite your entire database.
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if true;
}
}
}
or use timestamp.date:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.time < timestamp.date(2020, 07, 28);
}
}
}
which will allow read and write until the specified time.
https://firebase.google.com/docs/firestore/security/get-started#allow-all
Related
I am fairly new to Firebase Firestore, and this email states that my database will expire. I modified my rules one day ago, however, I still receive this email.
Here is the email sent to me:
Over here are the rules I updated for Firestore:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /dishes/{dish} {
allow write: if request.auth != null;
allow read: if true;
}
}
}
And over here are the test mode rules (before the update):
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if
request.time < timestamp.date(2023, 1, 27);
}
}
}
I don't understand, I have already updated my Firestore Rules, but I still receive that my database will expire soon. Any help would be great!
PS:
I am still new to Firebase/Firestore
I know that questions about Firestore permission errors have been asked a lot, but my situation may be unique. This is because of three things:
my database is in test mode which should allow access to anyone (right?)
I am getting the error while simulating my app with an authenticated firebase user
I am able to write data--the error only happened while reading it.
Here are my security rules:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if
request.time < timestamp.date(2021, 12, 31);
}
}
}
Here is a screenshot of a description of Firestore's test database mode:
The actual error I got was this:
Error: Error Domain=FIRStorageErrorDomain Code=-13021 "User does not have permission
to access gs://zimmerfour.appspot.com/senderID." UserInfo={object=senderID,
ResponseBody={
"error": {
"code": 403,
"message": "Permission denied. Please enable Firebase Storage for your bucket by visiting the Storage tab in the Firebase Console and ensure that you have sufficient permission to properly provision resources."
EDIT:
I haven't changed the overall Cloud Storage rules. They are still set to the default of:
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
The error message is coming from Cloud Storage for Firebase (as indicated by FIRStorageErrorDomain and the error message), which is protected by its own set of security rules in your project.
Try this method, it worked for me :)
// if you want to allow for all to read, write
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write;
}
}
}
// if you want to allow for all to read, and authenticated users to write
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read;
allow write: if request.auth != null;
}
}
}
// if you want to allow for only authenticated users to write or read
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;
}
}
}
Firebase keep telling me
We've detected the following issue(s) with your security rules:
any user can read your entire database
I have changed the rules but that rules doesn’t work in my app because all user can read from db and only authenticate user can write to db.
Firebase says that write and read should be performed until we login. But in my case every user can read and only login user can write.
Any ideas how to solve this ? or I'm I doing it wrong ?
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read;
allow write: if request.auth != null;
}
}
}
Can you set your read to false explicitly?
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read: if false;
allow write: if request.auth != null;
}
}
}
That should do it. Let me know if it persists.
The root cause is that even though you are allowing only authenticated users to read or write but they have access to the whole database as mentioned in the Google Cloud Firestore Documentation. That also means any authenticated user can write anything in your database.
If you database has a separate document for each user, I would suggest using the following rules which allows users to write/read their own data only.
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userId} {
allow read, write: if request.auth.uid === userId;
}
}
}
I have some firebase projects.
Auth project for sign. And firestore project for storing.
Rules for firestore project is
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false;
}
}
}
Previously, I used firebase admin sdk via firebase functions to get whole controls of firestore project.
Is it possible to use auth for firestore on client when rules are like below
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;;
}
}
}
Briefly, I've implemented...
if (!this.auth && !_auth) {
this.authApp = firebase.initializeApp(Env.FirebaseAuthConfig, 'auth')
this.auth = this.authApp.auth()
}
if (!this.firestore && !_firestore) {
this.firestoreApp = firebase.initializeApp(Env.FirebaseFirestoreConfig, 'firestore')
this.firestoreApp.auth(this.authApp)
this.firestore = this.firestoreApp.firestore()
}
But FirebaseError: Missing or insufficient permissions occurred on request
Please give me some advices
Why not use Auth and Firestore in the same project? If you setup Auth in the same project as your firestore then yes, you can use the if request.auth != null; security rule.
Also, the beginning of this video explains how auth works so it can be used by clients.
I Don't know why I am getting this mail, I never used Firebase Database in my flutter project,
After clicking on the hyperlink it redirects to this code
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if true;
}
}
}
If you do not intend to to use Cloud Firestore Database at all in your project, I'd suggest turning off all read/writes. That will also stop the email-reminders of the insecure rules.
Simply change the allow read, write: if true; to allow read, write: if false;
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false;
}
}
}