Validation not working

[tjjos]

I have a very simple firebase DB with rules preventing read access from certain nodes, but no matter what validation (.read, .write, .validate) I apply, none of them are being checked, cause I get access to the data either way. I even went ahead and prevented any type of access (.read is false for the top rules node) but I still can access every node no matter what.

Note: If I check the validation rules on the firebase rule simulator, I get the desired effect.

Is your code bypassing/overwriting the validation rules in any way? Do you have any idea about what may be causing this problem?

[dkrprasetya]

If you read the code you will see that my code is just creating the REST request and then calls it as it is with Unity's WWW. I'm not sure if it is possible to bypass the validation rule. If it is overwriting the validation rules, the rule on your Firebase console should have been modified too. Could you help me check on that?

And could you help me with providing an example of your rule and what kind of REST request did you do to reproduce the problem?

Thanks for reporting by the way!

[rami-amar]

@tjjos I guess that you are using CreateNew with the secret key this will give you full access no matter what the rules are. you need to add "auth=USER_TOKEN".

the way that i found to get the token is:

auth.CurrentUser.TokenAsync(true).ContinueWith(result =>{ string param = "auth=" + result.Result; firebase.Child("users", true).Child(firebaseUser.UserId, true).SetValue(json, true, param); });

but it looks like a bad practice to request a token every time. storing it as static might cause problems when token will be refreshed.

@dkrprasetya any idea how to handle the token correctly?

Thanks.