i have android app with used Firebase as database, there are security rules should be added in Firebase platform, i tried to them, but when i added the below code, the app dont work good with Facebook/Twitter get friends permission, that is no friends shown in my app.
So i think there are special code which be there so it will work good.
My database tree is attached in the picture.
there are folders inside MYCONTACTS and myfriends folders, is this need to be added? here is the picture
{
"rules": {
// Allow anyone to read data in User folder, but only authenticated content owners can
// make changes to their data
"USER": {
".read": "auth != null",
"$uid": {
".write": "auth.uid == $uid"
}
},
// Allow anyone authenticated to read data in MyApps folder, but only authenticated content owners can
// make changes to their data
"MYAPPS": {
".read": "auth != null",
"$uid": {
".write": "auth.uid == $uid"
}
},
// Allow anyone log in to read data in APPICONS folder,
"APPICONS": {
".read": "auth.uid != null",
".write": "auth.uid != null"
},
// Allow anyone authenticated to read data in MYFRIENDS folder, but only authenticated content owners can
// make changes to their data
"MYFRIENDS": {
".read": "auth != null",
".write": "auth != null"
},
// Allow only authenticated content owners can to read data in MYCONTACTS folder
// make changes to their data
"MYCONTACTS": {
".read": "auth != null",
"$uid": {
".write": "auth.uid == $uid"
}
},
// Allow anyone authenticated to read data in NOTIFICATION folder, but only authenticated content owners can
// make changes to their data
"NOTIFICATION": {
".read": "auth != null",
".write": "auth != null"
}
},
// Allow anyone authenticated to read data in Tokens folder, but only authenticated content owners can
// make changes to their data
"Tokens": {
".read": "auth != null",
"$uid": {
".write": "auth.uid == $uid"
}
}
}
}
Related
I have a Firebase emulator set up on my local machine, and I've connected JS client and admin SDKs to test the security rules. Reading/writing data seems to be working properly, and requests are allowed/denied in accordance with my local firestore.rules file. However, nothing is being added to firestore-debug.log after data is modified in Firestore, despite debug being added to the rules file. Is there any reason this function wouldn't be working?
firestore.rules (simplified for testing)
rules_version = '2'
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read;
allow write: if debug(request.auth) != null;
}
}
}
firebase.json
{
"firestore": {
"rules": "firestore.rules",
"indexes": "firestore.indexes.json"
},
"emulators": {
"auth": {
"port": 9099
},
"firestore": {
"port": 8080
},
"ui": {
"enabled": true
}
}
}
I'm trying to list collaborators for all repos in an organization. My query looks like this.
query($login: String!, $cursor: String) {
organization(login: $login) {
url
login
repositories(first: 100, after: $cursor) {
pageInfo {
endCursor
hasNextPage
}
nodes {
name
collaborators(affiliation: OUTSIDE, first: 100) {
edges {
permission
}
nodes {
url
login
name
email
company
}
}
}
}
}
}
This works fine in the GraphQL Explorer. No permissions errors as my user has the necessary permissions.
However if I try to do this from the GraphQL API endpoint directly, I get:
[
{
"type": "FORBIDDEN",
"path": [
"organization",
"repositories",
"nodes",
0,
"collaborators"
],
"locations": [
{
"line": 18,
"column": 21
}
],
"message": "Must have push access to view repository collaborators."
},
I have given my personal access token all possible scopes to debug, the issue persists.
Since my user is org admin and can list all collaborators from the GraphQL Explorer, I would expect this to work.
I have given my personal access token all possible scopes to debug, the issue persists.
Nevertheless, if you don't have push/write access to those repositories, you would get that error message, irrespective of the scopes you gave to your token.
(as illustrated here)
See also isaacs/github issue 444 for confirmation.
I am newbe at firebase and want filter the following Data
Adresse
{
"-Kx92hLOJ_rRCxOIlmn7": {
"Name": "Käppeler",
"Nr": "1026",
"Ort": "-",
"STRASSE": "-",
"Vorname": "Simon"
},
"-Kx92mv2Hk5lr7Ay7X9h": {
"Name": "Müller",
"Nr": "1040",
"Ort": "-",
"STRASSE": "-",
"Vorname": "Madlene"
}
}
I want filter only the dataset with the Nr 1040
For this i try to use the follow Get command at Postman:
https://<my database>.firebaseio.com/Adresse.json?orderBy="Nr"&equalTo="1040"
I try all:
?orderBy="Nr"&startAt=1040&print=pretty
?orderBy="Adress/Nr"&startAt=1040&print=pretty
?orderBy="$key"&startAt="10"&endAt="40"&print=pretty
but nothing work. can anyone help me?
You must use roles for search. Like this;
{
"rules": {
".read": true,
".write": true,
"Adresse": {
".indexOn": ["Name","Nr"]
}
}
}
after you can use like this:
https://<my database>.firebaseio.com/Adresse.json?orderBy="Nr"&startAt=1040&limitToFirst=1
I am using REST API to query Firebase.
Rule is set as below :
{
"rules": {
".read": true,
".write": true,
"user": {
".indexOn": "type"
}
}
}
When querying the below URL using GET method
https://exampleurl.firebaseio.com/user/9001.json
Response :
{
"name": "Rohit",
"person": {
"-KLk3p3kUWg2j9p16kTw": {
"mobile": "9002",
"name": "Adarsh",
"type": "D"
},
"-KLk4x2V_hfZwlsh6PMo": {
"mobile": "9003",
"name": "Manas",
"type": "D"
},
"-KLk5-UPefdSMarC5VCQ": {
"mobile": "9004",
"name": "Sagar",
"place": "thane",
"type": "C"
}
}
}
I get error when using filtering query in GET method
https://exampleurl.firebaseio.com/user/9001.json?orderBy="type"&startAt="D"
Response :
{
"error": "Index not defined, add \".indexOn\": \"type\", for path \"/user/9001\", to the rules"
}
I tried using below rule. But firebase does not allow me to save.
{
"rules": {
".read": true,
".write": true,
"user/9001": {
".indexOn": "type"
}
}
}
Another question speaks about listening on change. While my question is on Indexing.
After searching and spending quite a time on the problem, was able to figure out the solution for indexing 2nd node in Firebase.
Firebase supports wild card for indexing.
New Rule, which solved my problem:
{
"rules": {
".read": true,
".write": true,
"user": {
"$person":{
".indexOn": "type"
}
}
}
}
I would like to implement a simple "change password" so that an authorised user can do so.
Experimenting with the explorer, I managed to write an ACL for the user model (my extension of the default User) that allow a user to change its data:
{
"principalType": "ROLE",
"principalId": "$owner",
"accessType": "WRITE",
"permission": "ALLOW"
}
However, when I try from explorer the endpoint PUT /users/{id} with new credentials, it fails silently, i.e., it returns ok, but perform no password change:
REQUEST:
http://localhost:3000/api/users/6?access_token=6CVOuMZCLB8deH7e5t8xJtzDlWjU98WUCRCSGO6zdjW0bhSR6Z20vddl7dIWepF8
DATA:
{
"credentials":
{"email":"pepito#example.com", "password": "ppito"}
}
(User 6 is already authenticated).
RESPONSE:
{
"realm": null,
"username": "pepito",
"credentials": {
"email": "pepito#example.com",
"password": "ppito"
},
"challenges": null,
"email": "pepito#example.com",
"emailVerified": true,
"verificationToken": "2a9c25fa6e858db5894f98cd3f0be3694041f148781896cb5775ff30da1f367c7843ac4b60013fd47c34c6f1a862a5cabb77cf2807c101da7f2acfcdd8853ec7",
"status": null,
"created": null,
"lastUpdated": null,
"id": 6
}
However, the password remain unchanged (tried with logout/login from the explorer).
Could you help me?
Dealing with password is different game. In order to change the password use the following code:
var AccessToken = Customer.app.models.AccessToken;
AccessToken.findById(access_token, function (err, token) {
if (err) cb(err);
else {
Customer.findById(token.userId, function (err, user) {
if (err) {
cb(err);
}
if (user == null || user == undefined) cb(new Error('user is undefined'));
user.updateAttribute('password', password, function (err, user) {
if (err) {
cb(err);
}
cb(null, 'success');
});
});
}
})
updateAttribute is what allows you to make the updates.
I've never been able to change password from swagger.