Faced this error while working on a new React-Native project and using React-Native-Firebase library. Followed all tutorial setup steps and got this error. It's likely that this error can be faced in not react-native projects as well.
I've spent so many hours trying to fix it and didn't find a solution to my problem on stackoverflow.
Turns out, the solution was as simple as going to Firebase Console => Storage => click Getting started which creates default Storage rules.
It was a new project and no storage rules existed.
Solution was found by running
adb logcat command, output showed something like
check security rules for firebase storage and
no permission for storage
Hope this will save you hours debugging I wasted!
In my case the problem was that I had a wrong storage bucket URL set up (something.firebaseapp.com) when it should have been something.appspot.com
Just make the rules of your firebase storage to be true i.e. allow read and write to be true. That will do the trick. Like this
rules version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if true;
}
}
}
Related
I'm quite new to Firebase, but either I misunderstand something completely or there's something wrong with my Firebase account.
I added a Firestore Database to my Firebase app, and initially I chose it to be created in test mode. As far as I've read in the docs, test mode differs from production mode only by the default security rules.
I wanted to configure my rules properly, so the users can only access their own data.
However, I couldn't make it work, so I tried to configure my Firestore security rules to not allow any read or write operations to anyone. This is what I have currently set in Firestore Database -> Rules:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false;
}
}
}
As I understand, these rules should not allow any read or writes in any collection in my database.
The rules playground tells me exactly that when I try to run any request:
However, from my NextJS app I'm still able to get the data as follows:
import {
getFirebaseAdmin
} from 'next-firebase-auth';
// ...
const categoriesDocument = await getFirebaseAdmin()
.firestore()
.collection('categories')
.doc('D47pV7TxNpDNYNkHgfU0')
.get();
and it all works just fine. I'm also sure the data is fetched from exactly this Firestore db, because when I alter some documents it's reflected in the data fetched.
I also noticed that in Firebase in Firestore Database -> Rules -> Monitor rules I see no results at all (total allows: 0, total denies: 0, total errors: 0).
Any idea what could be wrong here? What am I missing?
On the server, you're using firestore as admin. Rules don't apply there.
I am new to firebase and i have an error in console that i really don't know its source:
redux-firestore listener error: FirebaseError: Missing or insufficient permissions.
I don't know is this sufficient to explain my problem, but because i am new to firebase and firestore i can't explain more or bring some piece of code, everything was working fine but suddenly i got this error, what can be the source of that error?? how to fix it??
One reason you can suddenly be denied access to your Firebase database without having changed anything is that database access rules can have expiry dates, and the default Open Access rules do. E.g., if you examine your database rules at https://console.firebase.google.com/, you may see a line similar to this:
match /{document=**} {
allow read, write: if request.time < timestamp.date(2020, 7, 4);
}
Try changing the date into the future (and click Publish), and see if that helps.
Note: You should set up proper rules that do not expire ASAP (unless expiry is part of your design). See Avoid insecure rules for more details.
I'm trying to get request.auth.uid == userId to be tested but I'm getting 'Simulated read denied'.
I checked all of the basic questions before inputting this issue -
Did you deploy security rules?
I deployed the rules via the fireconsole (clicking the publish button and waiting for a min).
Did you have loggedin using Firebase Authentication?
I haven't implemented this work, I'm trying to test the security rules via using simulator in console.
I tried basic rule below and it works fine.
if request.auth.uid != null;
Here are the screenshots of my testing -
When using the security rules simulator, you need to enter the exact, full path of the document to read. You can't use wildcards. Right now, you're trying to using a wildcard in the document path: "/users/{userId}" This isn't going to work. This makes the userId variable in your rules become literally the string "{userId}". What you need to do instead is paste the actual ID of the document you want to test for reading into the form. This is going to be the UID starting with "JoF".
BTW: You are not required to deploy rules in order to test them in the simulator. You can choose to deploy them only after you've tested them.
Looking at the doc pages for Firestore security rules, I am seeing that they're deployable via the CLI.
I am wondering if anyone knows a way to deploy the contents of the .rules file without using the CLI.
I dug around and found this firebase rules REST API but that turned out to be a very different thing.
Short of studying their CLI code and writing some script to import their functions, does anyone know of a lib or already have code to do this?
I would like to be able to deploy these rules as part of the app deploy on an AWS CodePipeline, so the CLI is just not a good fit here. Shelling out is not preferable either.
You can use firebase admin sdk in your ci pipeline to deploy rules for firestore/storage/RTDB. Below is an example snippet from Official Documentation
const source = `service cloud.firestore {
match /databases/{database}/documents {
match /carts/{cartID} {
allow create: if request.auth.uid == request.resource.data.ownerUID;
allow read, update, delete: if request.auth.uid == resource.data.ownerUID;
}
}
}`;
// Alternatively, load rules from a file
// const fs = require('fs');
// const source = fs.readFileSync('path/to/firestore.rules', 'utf8');
await admin.securityRules().releaseFirestoreRulesetFromSource(source);
Given that the firestore rules structure allows for functions, is there some way to add debug logs to those rule-functions ? .. in order to verify that the function you expect, is in fact being called.
I see that with the simulator it shows a red X at the line in the rules sturcture, where access is denied for a given simulation-request. However, am curious for verification in production mode so it can be communicated to parties concerned about the rules integrity.
In the example below, I was thinking it might be implemented with that commented-out line:
console.log('ENTER: isAccessOn()');
However this does not work. Asking here in case there's any option for something like this in the platform.. or if not, if there's a suggestion for how to make such verifications with a production deployment. Thanks
service cloud.firestore {
match /databases/{database}/documents {
// block client access
function isAccessOn() {
// console.log('ENTER: isAccessOn()');
return false;
}
match /{document=**} {
allow read, write: if isAccessOn();
}
}
}
You may want to look into local rules emulation using the Firebase CLI, which is a brand new feature of the CLI. You can do simple logging with the emulator with the debug() function.
However, there is no way to log anything in security rules in production. If you want to verify that your rules work as expected, you should write some integration tests for those and run your tests to make sure access is rejected or allowed according to your specifications.
Firestore rules now have a
debug() function
It's still not brilliant but better than before.
You can use the debug function in rules like this:
match /databases/{database}/documents {
match /{document=**} {
// show paths being requested
allow create, read, update, delete: if debug(request.path);
}
}
Then watch the log file:
tail -f firestore-debug.log