Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docRef.get() fails with FirebaseError: false for 'get' @ L5 #3686

Closed
rdinkel opened this issue Aug 26, 2020 · 4 comments
Closed

docRef.get() fails with FirebaseError: false for 'get' @ L5 #3686

rdinkel opened this issue Aug 26, 2020 · 4 comments
Assignees
@rdinkel
Labels
api: firestore needs-attention question

Comments

@rdinkel
Copy link

rdinkel commented Aug 26, 2020
edited

Describe your environment

  • Operating System version: Fedora 32
  • Browser version: Firefox 79
  • Firebase SDK version: 0.20.11
  • Firebase Product: Firestore, Emulator
  • node: v14.8.0
  • npm: 6.14.7

Describe the problem

Running Security Rules Tests fail both with
FirebaseError: false for 'get' @ L5 at new FirestoreError (node_modules/@firebase/firestore/dist/index.node.cjs.js:1205:28) at fromRpcStatus (node_modules/@firebase/firestore/dist/index.node.cjs.js:5240:12) at fromWatchChange (node_modules/@firebase/firestore/dist/index.node.cjs.js:5476:35) at PersistentListenStream.onMessage (node_modules/@firebase/firestore/dist/index.node.cjs.js:15743:27) at /home/roman/projects/asd/test/security_rules/node_modules/@firebase/firestore/dist/index.node.cjs.js:15676:30 at /home/roman/projects/asd/test/security_rules/node_modules/@firebase/firestore/dist/index.node.cjs.js:15712:28 at /home/roman/projects/asd/test/security_rules/node_modules/@firebase/firestore/dist/index.node.cjs.js:14143:20 at processTicksAndRejections (internal/process/task_queues.js:93:5)

Steps to reproduce:

firebase emulators:start

npm test

Relevant Code:

package.json

{
  "name": "security_rules",
  "version": "1.0.0",
  "description": "Unit testing for security rules",
  "main": "test.js",
  "scripts": {
    "test": "mocha --exit"
  },
  "author": "me",
  "license": "ISC",
  "devDependencies": {
    "@firebase/testing": "^0.20.11",
    "mocha": "^8.1.1"
  }
}

test,js

const assert = require('assert');
const firebase = require("@firebase/testing");

const PROJECT_ID = "asd";
const myId = "user_abc";
const theirId = "user_xyz";
const myAuth = {uid: myId, email: "abc@example.com"};

function getFireStore(myAuth){
    return firebase.initializeTestApp({projectId: PROJECT_ID, auth: myAuth}).firestore();
}

function getFireStoreAdmin(){
    return firebase.initializeAdminApp({projectId: PROJECT_ID}).firestore();
}

beforeEach(async() => {
    await firebase.clearFirestoreData({projectId: PROJECT_ID});
});

describe("asd app", () => {

    it("Understands basic addition", async() => {
        const db = getFireStore(null);
        const testDoc = db.collection("readonly").doc("testDoc");
        await firebase.assertSucceeds(testDoc.get());
    });

    it("Can't read private post belonging to another user", async() => {
        const admin = getFireStoreAdmin();
        const postId = "private_post";
        const setupDoc = admin.collection("posts").doc(postId);
        await setupDoc.set({authorId: myId, visibility: "private"});

        const db = getFireStore(myAuth);
        const testRead = db.collection("posts").doc(postId);
        await firebase.assertSucceeds(testRead.get());
    });
})
@yuchenshi
Copy link
Member

Your tests look good. The second test case name is misleading though -- based on the test you wrote, I assume you're asserting that a user can read their own private post instead.

But either way, the issue should be within your security rules. Would you mind posting your security rules here? And to get your started, can you verify that your rules has been updated to allow reads from anyone in the readonly collection? What about the private post rules logic? If you have a blanket deny match-statement for all documents by default, that's fine too, just make sure you add more match-statements for the collections you do want to allow.

@yuchenshi yuchenshi assigned rdinkel and unassigned yuchenshi Aug 26, 2020
@rdinkel
Copy link
Author

rdinkel commented Aug 26, 2020

@yuchenshi Thank you very much. I changed the rule for verifying your suggestion to

match /{document=**} { allow read: if true; allow write: if true; }

Please make the error handling for issues like this more clear to the dev because it is not clear where to look and I spent a lot of time trying different setup's with firebase versions and so on.

PS: the above tests are of course just for getting started but now I can start developing real tests :) Thank you!

@yuchenshi
Copy link
Member

I think the error message can definitely be improved here. It's FirebaseError: false for 'get' @ L5 for now, but if we can change it to something like FirebaseError: PERMISSION_DENIED because security rules returned false for 'get' @ L5 it will be much more understandable.

Would you mind filing a bug against the Firestore Emulator at https://github.com/firebase/firebase-tools and describe what information / error message would make it more actionable for you? I'm going to close this one since there is no action on the JS SDK itself, only Firestore Emulator.

@rdinkel
Copy link
Author

rdinkel commented Aug 26, 2020

Sure. Here we go firebase/firebase-tools#2577 :)

@firebase firebase locked and limited conversation to collaborators Sep 26, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@rdinkel rdinkel

Labels
api: firestore needs-attention question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rdinkel @yuchenshi @google-oss-bot