I get this error :
E/StorageUtil(21342): error getting token java.util.concurrent.ExecutionException: com.google.firebase.internal.api.FirebaseNoSignedInUserException: Please sign in before trying to get a token.
W/NetworkRequest(21342): no auth token for request
When I execute this code from https://stackoverflow.com/a/50877590/9272698 (to get the download url from an image with Firestore Storage) :
Future _getImageUrl() async {
final ref = FirebaseStorage.instance.ref().child('lake');
var url = await ref.getDownloadURL();
return url;
}
This is not due to my firestore rules since, I enabled it to be public like this :
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write;
}
}
}
Moreover I don't think it is due to internet connection since I'm able to load fields from Firebase Cloud Database.
Do you have a solution? Thanks a lot
I managed to get my url images.
Here's how :
Add SAH-1 certification to your project firebase and upload new google-service file to your project
Make your users sign-in anonymously (and enable it in your firebase project) before calling .getDownloadUrl()
Related
I am trying to access my firebase project with a cross-platform app made in Xamarin for Visual Studio. I am using the Plugin.CloudFirestore NuGet package for accessing the database and the FirebaseAuthentication.net NuGet package for handling authentication. I am able to sign up and login users, which works properly. I am able to access the Cloud Firestore database when the rules are open:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if true;
}
}
}
However when I try to use the rules provided by Google to check for authenticated users:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;
}
}
}
I am given the error:
Plugin.CloudFirestore.CloudFirestoreException: 'PERMISSION_DENIED: Missing or insufficient permissions.'
I believe this is because I am not sending an authentication token with my requests, but I can't seem to figure out how to send this token using Plugin.CloudFirestore.
According to Cherry Bu:
You could need to use FirebaseAuth.Instance.SignInWithCredentialAsync to pass e-mail and password as parameters and call a method to authenticate the user and then we return a token. I find one similar thread that you can take a look.
I'm writing an app which has user profiles in it. The user is allowed to take a photo or choose from their photo library.
Once the photo is taken, I use this function:
Future<String> uploadFile(File image, String directory, String imageName) async {
assert(image.existsSync());
StorageReference storageReference = FirebaseStorage.instance.ref().child('$directory/$imageName');
StorageUploadTask uploadTask = storageReference.putFile(image);
await uploadTask.onComplete;
var dowurl = await storageReference.getDownloadURL();
return dowurl.toString();
}
to upload the image to firebase. The image appears in the Firebase storage area fine, and the URL is generated, and added to the user's profile as I've defined in the database.
The rules of firebase are set as follows:
Database
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;
}
}
}
Storage
rules_version = '2';
service firebase.storage {
match /b/myappname.com/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
which I believe should allow access for any user as long as they're authenticated (they are!)
I'm uploading the URLs generated by uploadFile() to the users profile, but about 1/6 of them gives a URL which, when accessed gives the following error:
{
"error": {
"code": 403,
"message": "Permission denied. Could not perform this operation"
}
}
I'm at a loss as to what is going on here, as the rest of the code works fine, and the 'choice' of file which causes the problem seems completely random.
The URLs generated have different token IDs at the end of each, but I'm not generating them - they're coming from the getDownloadURL() function. I'm keen to stress that the process is the same for each file, but for some reason, randomly, one of the generated URLs doesn't work.
Any help would be much appreciated.
I use flutter with firebase to save my images, and I use my app as an authenticated firebase user.
Rules first use case:
rules_version = '2';
firebase.storage service {
match / b / {bucket} / o {
match / {allPaths = **} {
allow read, write: if true;
}
}
}
Here, to display the images I can use the download url of the photos using:
await ref.getDownloadURL ();
example:
https://firebasestorage.googleapis.com/v0/b/project_name/o/images%2Fimage_name.jpg?alt=media&token=TOKEN
But also I can use the direct url of the photo (without token) and it works perfectly.
example:
https://firebasestorage.googleapis.com/v0/b/project_name/o/images%2Fimage_name.jpg?alt=media
Rules second use case:
rules_version = '2';
firebase.storage service {
match / b / {bucket} / o {
match / {allPaths = **} {
allow read, write: if request.auth! = null;
}
}
}
here I can use await ref.getDownloadURL ();
but i can't use the image url (hard coded)
My question :
why we use the rules of firebase storage (if request.auth! = null;) if the ref.getDownloadURL () is accessible even in a private browser and it does not require an authenticated user, however the url of the image (without token) is not accessible even if you are a firebase authenticated user?
That's just the way that download URLs work. They are designed to bypass all security rules. Rules only apply the code running in web and mobile apps that use the Firebase SDK to read and write data in the storage bucket. If you don't want full public access to a file, then don't use a download URL.
I'm trying to allow users to read and write to my Firestore videoFeedback collection from a web app and getting a "Missing or insufficient permissions" error. How do I make sure that my request to Firestore is sent with the correct user authentication (or any authentication at all)?
This is for an Angular app using Firestore and anonymous Firebase authentication. I have already set up an anonymous user. I would like to add a document to my videoFeedback collection from the web app, not the backend. I've already read the official pages on Firestore docs:
Authenticate Anonymously with Firebase
Get Started with Firebase Authentication on Websites
and many more, plus read all SO questions on this topic.
My Firestore object is already set up correctly (I know because I can read/write to the DB if my security rules don't require a non-null request.auth).
Your help is greatly appreciated.
private db: AngularFirestore;
public initFirebaseApp() {
firebase.initializeApp(this.firebaseConfig);
}
public anonymousAuth() {
firebase.auth().signInAnonymously().catch(function(error) {
console.log("ERROR: " + String(error.errorCode) +
" " + String(error.errorMessage))
});
console.log("User is authorized");
}
this.initFirebaseApp();
this.anonymousAuth();
let date_created = new Date().toLocaleString();
let feedback = {
"feedback": "FAKE_FEEDBACK",
"rating": -1,
'created': date_created,
};
firebase.auth().onAuthStateChanged(function(user) {
if (user) {
console.log(user.uid)
this.db.collection('videoFeedback').add(feedback);
}
}.bind(this));
And my security rules look like this
service cloud.firestore {
match /databases/{database}/documents {
match /videoFeedback/{feedback} {
allow read, write: if request.auth != null;
}
}
}
With this configuration, I get the following output:
User is authorized
JAZe9dsIMtdyNe2dhndleIcn9nd2
ERROR Error: Uncaught (in promise): FirebaseError: [code=permission-denied]: Missing or insufficient permissions.
FirebaseError: Missing or insufficient permissions.
at new FirestoreError (index.cjs.js:352)
at index.cjs.js:7274
at Y.<anonymous> (index.cjs.js:7219)
...
When I replace my security rule with
service cloud.firestore {
match /databases/{database}/documents {
match /videoFeedback/{feedback} {
allow read, write;
}
}
}
I get the same, minus the permissions error. This makes me think that it's an issue with the way my request is being sent, not with the data I'm sending or with the setup of the Firestore database.
User is authorized
JAZe9dsIMtdyNe2dhndleIcn9nd2 (or some random string)
What do I need to do to send my request with a non-null request.auth.uid?
I am trying to download images from Firebase storage but I am getting errors.
E/StorageUtil: error getting token java.util.concurrent.ExecutionException: com.google.android.gms.internal.zzanu: Please sign in before trying to get a token.
W/NetworkRequest: no auth token for request
However, I have my rules set up like this:
service firebase.storage {
match /b/<myappnameredacted>.appspot.com/o {
match /{allPaths=**} {
allow read, write;
}
}
}
Your rules are not like in the Firebase Storage Security Rules Documentation.
For make all your files public (for anyone), use :
// Anyone can read or write to the bucket, even non-users of your app.
// Because it is shared with Google App Engine, this will also make
// files uploaded via Google App Engine public.
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write;
}
}
}
For make all your files readable (for anyone), use :
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read;
}
}
}
You can also make only your image readable / writable, see the Firebase Storage Security Rules Documentation.