Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"FirebaseError: Missing or Insufficient permissions" thrown any time user is logged on #1049

Closed
mundanelunacy opened this issue Jan 1, 2021 · 3 comments
Closed

"FirebaseError: Missing or Insufficient permissions" thrown any time user is logged on #1049

mundanelunacy opened this issue Jan 1, 2021 · 3 comments

Comments

@mundanelunacy
Copy link

What is the current behavior?

When I apply Firestore rules to a collection like so:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /experts/{expert} {
      allow read: if true;
    }
  }
}

Firebase throws the following error: FirebaseError: Missing or insufficient permissions.
This occurs on any component that uses useFirebase, useFirestoreConnect or the firestoreConnect regardless of whether the user is reading the "experts" collection

If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem via codesandbox or similar.

Code pen - https://codesandbox.io/s/react-redux-firebase-permissions-problem-09pqg

How to reproduce:

  • Open code pen preview in new window (Oauth popup doesn't work in embedded preview sometimes)
  • Click "Login with Google" button
  • Log into an account
  • Error
  • Refresh page to see auth data

The Codepen is connected to a firestore instance with the rules above. App, Store, and LoginPage are implemented according to react-redux-firestore doc examples.

What is the expected behavior?

No error is thrown.

Which versions of dependencies, and which browser and OS are affected by this issue? Did this work in previous versions or setups?

Environment:

  • Mac OSX Catalina 10.15
  • Chrome 87

Dependencies:

  • react 17.0.0
  • firebase 8.2.1
  • react-redux-firebase: 3.8.1
  • redux-firestore: 0.14.0

Cases that worked:

  • No errors are thrown when user is logged out
  • No errors are thrown with default insecure Firestore rules, i.e.
rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if true;
    }
  }
}
@prescottprue
Copy link
Owner

This is potentially because of a query associated with the user profile - are you using the userProfile setting?

@prescottprue
Copy link
Owner

prescottprue commented Jan 4, 2021
edited
Loading

Yeah, it appears that in the code sandbox you are using the following in your config:

  userProfile: "users",
  useFirestoreForProfile: true,

This means you will need the following rules in order for the user account matching the user's UID in users like so:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /experts/{expert} {
      allow read: if true;
    }
    match /users/{userId} {
      allow read, write: if request.auth.uid == userId;
    }
  }
}

Please reach out if that ends up not fixing your issue - I have updated the docs to include a note about the required rules when using this setting (will go out with v3.9.0)

prescottprue added a commit that referenced this issue Jan 4, 2021
@prescottprue
chore(docs): add note about required rules for profile settings - #1049
13c5172
@prescottprue prescottprue mentioned this issue Jan 5, 2021
Merged
3 tasks
prescottprue added a commit that referenced this issue Jan 5, 2021
@prescottprue @MatthewDailey
@AlexanderArvidsson @ssdns
v3.9.0 (#1050)
092e394 
* fix(auth): prevent throw in `logout` when database is not setup (#1042) - @ssdns
* fix(types): fix `reloadAuth` argument type and duplicate of `endBefore` (#1031) - @ MatthewDailey
* fix(types): fix argument type for `login` with credentials (#1045) - @AlexanderArvidsson
* fix(types): add back `FirestoreStatics` to `ExtendedFirestoreInstance` (#1030)
* fix(core): add deprecation message `enableLogging` config option
* chore(docs): add note about required rules for profile settings (#1049)

Co-authored-by: Matthew Dailey <interactivexrobot@gmail.com>
Co-authored-by: Alexander Arvidsson <alexander@arvidson.nu>
Co-authored-by: shishido <ssdns@users.noreply.github.com>
@mundanelunacy
Copy link
Author

seems to have fixed the issue. Thanks !!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@prescottprue @mundanelunacy