Firestore rules not working using displayName, Android

1
votes

I have firestore rules like this:

 match /{document=**} {

      allow read, write: if request.auth.token.name == "dummyUser";

}

Now when I createUserWithEmailAndPassword, after I created the user, I set the displayName to "dummyUser" like this, with method setUsersSecureName() that I made:

fun setUsersSecureName(myCallback: (Boolean?) -> Unit) {

val user = FirebaseAuth.getInstance().currentUser

val profileUpdates = UserProfileChangeRequest.Builder()
    .setDisplayName("dummyUser")
    .build()

user?.updateProfile(profileUpdates)
    ?.addOnCompleteListener { task ->
        if (task.isSuccessful) {
            Log.d(TAG_HELPER_METHODS, "Secure user profile updated.")
            myCallback(true)

        }
    }

}

I do the same for anonymous logins also. So I create anonymous log in like this:

auth.signInAnonymously()
            .addOnCompleteListener(this) { task ->
                if (task.isSuccessful) {
                    // Sign in success, update UI with the signed-in user's information
                    Log.d(TAG_MAIN, "signInAnonymously:success")
                    val user = auth.currentUser

                    setUsersSecureName(){
                        makeRequest()
                    }

As you see, after login is successful with anonymous user, I change the users name. Now it seems to be changed, when I check it, the users displayName is "dummyUser". However, the firestore request doesn't work, and I get the message in the log:

PERMISSION_DENIED: Missing or insufficient permissions.

This is also not working when users are signed in with email and password. Why would this be?

Thanks

1
androidfirebasegoogle-cloud-firestorefirebase-authenticationfirebase-security
Edited, doesn't work also on new users with email and password sign in. - RJB

1 Answers

2
votes

Security rules work by receiving a user ID token from Firebase Authentication at the time of the request. The Firestore SDK does this automatically. You normally don't have to do anything special.

However, in this specific case, after you update the user's profile, Firebase Authentication is still holding on to a user ID token that doesn't know about the change of name. You will probably also have to tell Firebase Authentication to fetch a new one by calling user.getIdToken(true) after the profile is successfully updated, in order to force a refresh of the ID token. After the refresh succeeds, then you can try the Firestore query to see if it works. user.reload() might work as well. Both of those methods are asynchronous and return a Task that you should use to track the completion of the request.