Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The test allows anyone to write into database #5

Closed
inmyth opened this issue Apr 28, 2020 · 1 comment
Closed

The test allows anyone to write into database #5

inmyth opened this issue Apr 28, 2020 · 1 comment

Comments

@inmyth
Copy link
Collaborator

inmyth commented Apr 28, 2020

The unit test "should not let anyone write a singed_reports" fails which means anyone can write into the database. This is considering that in the code Firestore is initiated with null credentials. Maybe there's an issue in the way assertion interprets the response (i.e 200 but with fail message). I'm looking into it now.
@inmyth
Copy link
Collaborator Author

inmyth commented Apr 29, 2020

Ok I got it. I suppose the expected behavior is that authenticated users have write access and non-auth users don't. The storage rules defined in firebase.rules technically allowed anyone write access.
I updated the rules and cleaned up the test suites to separate the tests and the setup. The fix is included in the PR #4 .
Having said that, it's important to check auth in production. The auth in test literally works by passing a non-null json.

@inmyth inmyth closed this as completed Apr 29, 2020
@inmyth inmyth mentioned this issue Apr 29, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@inmyth