feat(firestore-rules): add test for reads

packages/firestore/package.json

@@ -6,7 +6,7 @@
     "test:local": "npx env-cmd -f .env mocha -r ts-node/register test/*.spec.ts --timeout 5000"
   },
   "devDependencies": {
-    "@firebase/rules-unit-testing": "^1.1.6",
+    "@firebase/rules-unit-testing": "^1.1.10",
     "@pipeline/common": "^0.2.0",
     "@types/mocha": "^8.2.0",
     "env-cmd": "^10.1.0",

packages/firestore/test/read-cards.spec.ts

@@ -0,0 +1,42 @@
+import * as firebase from "@firebase/rules-unit-testing";
+import {getAuthedFirestore, reinitializeFirestore} from "./utils";
+import {FirebaseCollection} from '@pipeline/common/build/cjs';
+
+const PROJECT_ID = "firestore-emulator-example-" + Math.floor(Math.random() * 1000);
+
+const COVERAGE_URL = `http://${process.env.FIRESTORE_EMULATOR_HOST}/emulator/v1/projects/${PROJECT_ID}:ruleCoverage.html`;
+
+beforeEach(async () => {
+  await reinitializeFirestore(PROJECT_ID);
+});
+
+after(async () => {
+  await Promise.all(firebase.apps().map((app) => app.delete()));
+  console.log(`View firestore rule coverage information at ${COVERAGE_URL}\n`);
+});
+
+describe("Cards read", () => {
+
+  it("should not allow cards read if not authenticated", async () => {
+    const db = getAuthedFirestore(PROJECT_ID, undefined);
+    const cardsRef = db.collection(FirebaseCollection.Cards);
+    await firebase.assertFails(cardsRef.get());
+  });
+
+  it("should not allow cards read if authenticated but email not verified", async () => {
+    const userUID = 'id1';
+    const email = 'test@email.com';
+    const db = getAuthedFirestore(PROJECT_ID, {uid: userUID, email, email_verified: false});
+    const cardsRef = db.collection(FirebaseCollection.Cards);
+    await firebase.assertFails(cardsRef.get());
+  });
+
+  it("should allow deck cards if authenticated and email verified", async () => {
+    const userUID = 'id1';
+    const email = 'test@email.com';
+    const db = getAuthedFirestore(PROJECT_ID, {uid: userUID, email, email_verified: true});
+    const cardsRef = db.collection(FirebaseCollection.Cards);
+    await firebase.assertSucceeds(cardsRef.get());
+  });
+
+});

packages/firestore/test/read-deck.spec.ts

@@ -0,0 +1,44 @@
+import * as firebase from "@firebase/rules-unit-testing";
+import {getAuthedFirestore, reinitializeFirestore} from "./utils";
+import {FirebaseCollection} from '@pipeline/common/build/cjs';
+
+const PROJECT_ID = "firestore-emulator-example-" + Math.floor(Math.random() * 1000);
+
+const COVERAGE_URL = `http://${process.env.FIRESTORE_EMULATOR_HOST}/emulator/v1/projects/${PROJECT_ID}:ruleCoverage.html`;
+
+const DEFAULT_DECK_ID = '7p5qqvE8kCV9WWysVc2n';
+
+beforeEach(async () => {
+  await reinitializeFirestore(PROJECT_ID);
+});
+
+after(async () => {
+  await Promise.all(firebase.apps().map((app) => app.delete()));
+  console.log(`View firestore rule coverage information at ${COVERAGE_URL}\n`);
+});
+
+describe("Deck read", () => {
+
+  it("should not allow deck read if not authenticated", async () => {
+    const db = getAuthedFirestore(PROJECT_ID, undefined);
+    const deckRef = db.collection(FirebaseCollection.Decks).doc(DEFAULT_DECK_ID);
+    await firebase.assertFails(deckRef.get());
+  });
+
+  it("should not allow deck read if authenticated but email not verified", async () => {
+    const userUID = 'id1';
+    const email = 'test@email.com';
+    const db = getAuthedFirestore(PROJECT_ID, {uid: userUID, email, email_verified: false});
+    const deckRef = db.collection(FirebaseCollection.Decks).doc(DEFAULT_DECK_ID);
+    await firebase.assertFails(deckRef.get());
+  });
+
+  it("should allow deck read if authenticated and email verified", async () => {
+    const userUID = 'id1';
+    const email = 'test@email.com';
+    const db = getAuthedFirestore(PROJECT_ID, {uid: userUID, email, email_verified: true});
+    const deckRef = db.collection(FirebaseCollection.Decks).doc(DEFAULT_DECK_ID);
+    await firebase.assertSucceeds(deckRef.get());
+  });
+
+});

packages/firestore/test/read-dynamic-data-devops-maturities.spec.ts

@@ -0,0 +1,44 @@
+import * as firebase from "@firebase/rules-unit-testing";
+import {getAuthedFirestore, reinitializeFirestore} from "./utils";
+import {FirebaseCollection, FirebaseDoc} from '@pipeline/common/build/cjs';
+
+const PROJECT_ID = "firestore-emulator-example-" + Math.floor(Math.random() * 1000);
+
+const COVERAGE_URL = `http://${process.env.FIRESTORE_EMULATOR_HOST}/emulator/v1/projects/${PROJECT_ID}:ruleCoverage.html`;
+
+const GAME_ID = 'randomId';
+
+beforeEach(async () => {
+  await reinitializeFirestore(PROJECT_ID);
+});
+
+after(async () => {
+  await Promise.all(firebase.apps().map((app) => app.delete()));
+  console.log(`View firestore rule coverage information at ${COVERAGE_URL}\n`);
+});
+
+describe("Dynamic data devops maturities read", () => {
+
+  it("should allow devops maturities read if not authenticated", async () => {
+    const db = getAuthedFirestore(PROJECT_ID, undefined);
+    const gameRolesRef = db.collection(FirebaseCollection.DynamicData).doc(FirebaseDoc.DevOpsMaturities);
+    await firebase.assertSucceeds(gameRolesRef.get());
+  });
+
+  it("should allow devops maturities read if authenticated but email not verified", async () => {
+    const userUID = 'id1';
+    const email = 'test@email.com';
+    const db = getAuthedFirestore(PROJECT_ID, {uid: userUID, email, email_verified: false});
+    const gameRolesRef = db.collection(FirebaseCollection.DynamicData).doc(FirebaseDoc.DevOpsMaturities);
+    await firebase.assertSucceeds(gameRolesRef.get());
+  });
+
+  it("should allow devops maturities read if authenticated and email verified", async () => {
+    const userUID = 'id1';
+    const email = 'test@email.com';
+    const db = getAuthedFirestore(PROJECT_ID, {uid: userUID, email, email_verified: true});
+    const gameRolesRef = db.collection(FirebaseCollection.DynamicData).doc(FirebaseDoc.DevOpsMaturities);
+    await firebase.assertSucceeds(gameRolesRef.get());
+  });
+
+});