You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The unit test "should not let anyone write a singed_reports" fails which means anyone can write into the database. This is considering that in the code Firestore is initiated with null credentials. Maybe there's an issue in the way assertion interprets the response (i.e 200 but with fail message). I'm looking into it now.
The text was updated successfully, but these errors were encountered:
Ok I got it. I suppose the expected behavior is that authenticated users have write access and non-auth users don't. The storage rules defined in firebase.rules technically allowed anyone write access.
I updated the rules and cleaned up the test suites to separate the tests and the setup. The fix is included in the PR #4 .
Having said that, it's important to check auth in production. The auth in test literally works by passing a non-null json.
The unit test "should not let anyone write a singed_reports" fails which means anyone can write into the database. This is considering that in the code Firestore is initiated with null credentials. Maybe there's an issue in the way assertion interprets the response (i.e 200 but with fail message). I'm looking into it now.
The text was updated successfully, but these errors were encountered: