How to simulate the firebase database rule with firebase auth that have a registered email

3
votes

I am new to firebase and I am trying the firebase database rule and firebase auth.
I trying to use the firebase auth for firebase database rule.
So I have create a demo email to test this the database rule.
email : [email protected]
uid : WfipZwUuNvTIkRYvPxsFqzd1rag2
My database rule (followed the firebase site) https://firebase.google.com/docs/database/security/user-security
Firebase Database Rule : 

{
  "rules": {
    "users": {
      "$user_id": {
        // grants write access to the owner of this user account
        // whose uid must exactly match the key ($user_id)
        ".write": "$user_id == auth.uid",
        ".read" : "$user_id == auth.uid"
      }
    }
  }
}


I have tried to use the simulator for the database rule with the below custom payload with authenticated and couldn't access the read or write.
Payload :

{
  "provider": "password",
  "uid": "WfipZwUuNvTIkRYvPxsFqzd1rag2"
}


So what am I missing in this point?

Updates
What I need is use the firebase authenticate email to give a read and write access to the database.
I am currently trying on the firebase database rule simulator.
I keep getting access denied. So maybe is my payload is not right for the authentication. Need HELP!!!

3
firebasefirebase-realtime-databasefirebase-authenticationfirebase-security

3 Answers

2
votes

i tried the rules that you specified in ths simulator and i got simulated write allowed the only difference is i didn't use the uid that you specified. See Below Images for result enter image description here enter image description here

0
votes

As per documentation you should implement:

{
  "rules": {
    "users": {
      "$user_id": {
        // grants write access to the owner of this user account
        // whose uid must exactly match the key ($user_id)
        ".write": "$user_id === auth.uid",
        ".read" : "$user_id === auth.uid"
      }
    }
  }
}

Notice you should implement '===' instead of '=='

The above implementation will allow only user WfipZwUuNvTIkRYvPxsFqzd1rag2 to read and write on that specific location "/users/{user_id}"

0
votes

Updates

I tested and it works this time. Last time i tried the rule did not work that is very weird.
Ok, I assume the simulator's authenticated means if any of my firebase auth user is logged in.
So, my path and my rules have problems during the test and is not my payload
If I want to allow the database access by the firebase auth user then my rule should be like this (I presume).

Rule: for fire base auth to access the whole database with read and write permission. 

{
  "rules": {
        ".write": "auth.uid != null",
        ".read" : "auth.uid != null"
      }
}


Thanks @d.mares and @MuruGan