firebase / firebase-functions

Firebase SDK for Cloud Functions
https://firebase.google.com/docs/functions/
MIT License
1.03k stars 203 forks source link

onCall function returning cors on web and "UNAUTHENTICATED" on mobile #645

Closed alexstroukov closed 4 years ago

alexstroukov commented 4 years ago

Related issues

https://github.com/firebase/firebase-functions/issues/432

[REQUIRED] Version info

"firebase-admin": "8.0.0",
"firebase-functions": "3.3.0", // have tried "firebase-functions": "3.5.0",
"firebase-tools": "7.0.0", // have tried "firebase-tools": "7.16.1",

node:

"engines": {
  "node": "8" // have tried "node": "10"
},

[REQUIRED] Test case

node:

export const cheerCommunityDiscussionMessage = functions
  .region("europe-west2") // have tried us-central1 default
  .https
  .onCall((data, context) => {
    return Promise.resolve({ success: true })
  })

web:

const firebase = firebase.initializeApp({ ... })
const cheerCommunityDiscussionMessage = firebase
  .app()
  .functions("europe-west2") // have tried us-central1 default
  .httpsCallable("cheerCommunityDiscussionMessage");

return cheerCommunityDiscussionMessage({ messageId: 'test' })

react-native-firebase

const cheerCommunityDiscussionMessage = firebase
  .app()
  .functions('europe-west2') // have tried us-central1 default
  .httpsCallable('cheerCommunityDiscussionMessage');

return cheerCommunityDiscussionMessage({ messageId: 'test' })

[REQUIRED] Steps to reproduce

  1. deploy function
  2. call function from web
  3. call function from react-native using react-native-firebase library

[REQUIRED] Expected behavior

The function should return { success: true } as it does in the cloud function test below:

Screenshot 2020-03-27 at 09 45 02

[REQUIRED] Actual behavior

On mobile the function returns a "UNAUTHENTICATED" error and on web it returns a CORS error. There are no logs firebase which i guess means the function is never reached.

Screenshot 2020-03-27 at 10 36 41 Screenshot 2020-03-27 at 10 32 02

p.s. almost identical functions deployed more than 4 days ago are working fine

Were you able to successfully deploy your functions?

successfull deploy no errors

google-oss-bot commented 4 years ago

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

iskenz commented 4 years ago

Hi,

Similar problem here also since this morning when I tried to deploy a new onCall function. Tried to delete, redeploy, try with a new different name, still the same. On Gcloud platform the test run well.

todorone commented 4 years ago

Have a similar situation, interesting that I have 2 firebase projects - staging and production, and while the same functions work perfectly on one of firebase projects, they throw Error: UNAUTHENTICATED on another one.

UPDATE: Another super-strange fact - some of the functions being executed, and some are not, functions started to deploy 1.5x faster then yesterday, maybe deployment system was upgraded that resulted in issues?

FrankFundel commented 4 years ago

I noticed exactly the same as you guys. onCall functions return Error: UNAUTHENTICATED, other firebase services like database work fine.

iskenz commented 4 years ago

Anyone tried to update existing one ? I don't want to break others functions that works :/

FrankFundel commented 4 years ago

No, maybe someone wants to make an issue on https://github.com/invertase/react-native-firebase ?

todorone commented 4 years ago

@FrankFundel It's not react-native-firebase related, I have 2 firebase projects and absolutely same functions for them. It works perfectly on one of them and does not on another... Any help @mbleigh ?

Does anybody found any workaround?

todorone commented 4 years ago

Hey everybody, there is an update from support. The issue is probably with GCloud functions permissions not set for Cloud Functions Invoker -> allUsers. Please follow the instructions and let me know if it helped - https://cloud.google.com/functions/docs/securing/managing-access-iam#allowing_unauthenticated_function_invocation

alexstroukov commented 4 years ago

Manual instructions from the tutorial linked by @todorone:

1. Go to the Google Cloud Console: https://console.cloud.google.com/functions/

2. Click the checkbox next to the function on which you want to grant access.

3. Click Show Info Panel in the top right corner to show the Permissions tab.

4. Click Add member.

5. In the New members field, type allUsers.

6. Select the role Cloud Functions > Cloud Functions Invoker from the Select a role drop-down menu.

7. Click Save.

Note: As of January 15, 2020, HTTP functions require authentication by default. You can specify whether a function allows unauthenticated invocation at or after deployment. - this note is posted above the instructions in the tutorial. Anyone know if its possible to do as part of firebase deploy or if it's supposed to happen automatically?

todorone commented 4 years ago

@alexstroukov Thanks! This definitely should be done automatically by firebase-cli, otherwise it can become a nightmare to deploy, waiting feedback from a Firebase team...

mbleigh commented 4 years ago

The Firebase CLI ought to be automatically adjusting IAM to allUsers for functions it creates. If that's not happening, it's a bug. We'll investigate.

mbleigh commented 4 years ago

Hey folks on this thread -- the behavior to add proper IAM policy was added in firebase-tools@7.7.0 released 2019-11-07. The policy is only applied to new functions so if you created the function in a pre-7.7.0 CLI it won't get updated (since we can't know if you intentionally altered the policy after creation).

Can anyone confirm if they're seeing this behavior on new functions created with >= 7.7.0 of firebase-tools?

FrankFundel commented 4 years ago

@mbleigh I am on 7.8.1 and it happend to me.

mbleigh commented 4 years ago

@FrankFundel can you try adding a new HTTP function (let's call it iamTest) and deploy it with:

firebase deploy --only functions:iamTest --debug

then share the debug log if the newly created function is not publicly accessible?

FrankFundel commented 4 years ago

@mbleigh I created: exports.iamTest = functions.https.onCall(async (data, context) => { console.log("iamTest"); });

On first try I got:

PS C:\Users\frank\Desktop\SOUNDSQUAD\firebase> firebase deploy --only functions:iamTest --debug
[2020-03-30T15:34:13.167Z] ----------------------------------------------------------------------
[2020-03-30T15:34:13.170Z] Command:       C:\Program Files\nodejs\node.exe C:\Users\frank\AppData\Roaming\npm\node_modules\firebase-tools\lib\bin\firebase.js deploy --only functions:iamTest --debug
[2020-03-30T15:34:13.171Z] CLI Version:   7.8.1
[2020-03-30T15:34:13.171Z] Platform:      win32
[2020-03-30T15:34:13.171Z] Node Version:  v10.16.0
[2020-03-30T15:34:13.173Z] Time:          Mon Mar 30 2020 17:34:13 GMT+0200 (GMT+02:00)
[2020-03-30T15:34:13.173Z] ----------------------------------------------------------------------
[2020-03-30T15:34:13.176Z]
[2020-03-30T15:34:13.203Z] > command requires scopes: ["email","openid","https://www.googleapis.com/auth/cloudplatformprojects.readonly","https://www.googleapis.com/auth/firebase","https://www.googleapis.com/auth/cloud-platform"]
[2020-03-30T15:34:13.216Z] > authorizing via signed-in user
[2020-03-30T15:34:13.217Z] [iam] checking project soundsquad-com for permissions ["cloudfunctions.functions.create","cloudfunctions.functions.delete","cloudfunctions.functions.get","cloudfunctions.functions.list","cloudfunctions.functions.update","cloudfunctions.operations.get","firebase.projects.get"]
[2020-03-30T15:34:13.220Z] > refreshing access token with scopes: ["email","https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/cloudplatformprojects.readonly","https://www.googleapis.com/auth/firebase","openid"]
[2020-03-30T15:34:13.222Z] >>> HTTP REQUEST POST https://www.googleapis.com/oauth2/v3/token
 <request body omitted>
[2020-03-30T15:34:13.475Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=utf-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:34:13 GMT, server=scaffolding on HTTPServer2, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:34:13.481Z] >>> HTTP REQUEST POST https://cloudresourcemanager.googleapis.com/v1/projects/soundsquad-com:testIamPermissions  
 permissions=[cloudfunctions.functions.create, cloudfunctions.functions.delete, cloudfunctions.functions.get, cloudfunctions.functions.list, cloudfunctions.functions.update, cloudfunctions.operations.get, firebase.projects.get]
[2020-03-30T15:34:13.780Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:34:13 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, server-timing=gfet4t7; dur=135, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked

=== Deploying to 'soundsquad-com'...

i  deploying functions
[2020-03-30T15:34:16.144Z] > [functions] package.json contents: {
  "name": "functions",
  "description": "Cloud Functions for Firebase",
  "scripts": {
    "serve": "firebase serve --only functions",
    "shell": "firebase functions:shell",
    "start": "npm run shell",
    "deploy": "firebase deploy --only functions",
    "logs": "firebase functions:log"
  },
  "engines": {
    "node": "8"
  },
  "dependencies": {
    "firebase-admin": "^8.6.0",
    "firebase-functions": "^3.3.0"
  },
  "devDependencies": {
    "firebase-functions-test": "^0.1.6"
  },
  "private": true
}
i  functions: ensuring necessary APIs are enabled...
[2020-03-30T15:34:16.152Z] >>> HTTP REQUEST GET https://serviceusage.googleapis.com/v1/projects/soundsquad-com/services/cloudfunctions.googleapis.com  

[2020-03-30T15:34:16.153Z] >>> HTTP REQUEST GET https://serviceusage.googleapis.com/v1/projects/soundsquad-com/services/runtimeconfig.googleapis.com   

[2020-03-30T15:34:17.242Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:34:17 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
+  functions: all necessary APIs are enabled
[2020-03-30T15:34:17.249Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:34:17 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:34:17.251Z] >>> HTTP REQUEST GET https://firebase.googleapis.com/v1beta1/projects/soundsquad-com/adminSdkConfig

[2020-03-30T15:34:17.527Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:34:17 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
i  functions: preparing functions directory for uploading...
[2020-03-30T15:34:17.543Z] >>> HTTP REQUEST GET https://runtimeconfig.googleapis.com/v1beta1/projects/soundsquad-com/configs  

[2020-03-30T15:34:17.877Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:34:17 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
i  functions: packaged functions (27.2 KB) for uploading
[2020-03-30T15:34:18.142Z] >>> HTTP REQUEST POST https://cloudfunctions.googleapis.com/v1/projects/soundsquad-com/locations/us-central1/functions:generateUploadUrl

[2020-03-30T15:34:19.069Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:34:19 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:34:19.072Z] >>> HTTP REQUEST PUT https://storage.googleapis.com/gcf-upload-us-central1-c13fb1e0-89a8-4743-8659-e448afbf2a36/143c8234-d224-447b-b6eb-ff7776835d2e.zip?GoogleAccessId=service-650099482351@gcf-admin-robot.iam.gserviceaccount.com&Expires=1585584258&Signature=Y%2BoTImbK58yXE6HGvqngQm7B%2FMZXhrb0kMiFIwBFwqQMuLNJJJ%2FlwpeyCI4xYbhoFphGf%2BdfpKa8w4OOv8qa0uvrk8ir7ousfZ0AqWVXdDpasamBIGL%2BKqlEpioskA0D%2FhyNkyrsNi70WcUn1QfDk%2FHhQurENzOn9Vr2s7mvN2ymCkZfztPkh8XKjPg8jfuG3GyVHDyG%2Ff%2Bqne74BJK%2BByp0xueT4O8lrUG1nfZGLGTSRv1b2X6fKwu9p0XtGluFv%2B4gHDcVou%2FfQdFA1MCIb79Q3QR%2FXgiKIkYuU3RDNe5HWt7ovXDNxl6yGrsemzcQg1HJzufoEXO3QxFJq6jdXQ%3D%3D
 <request body omitted>
[2020-03-30T15:34:19.575Z] <<< HTTP RESPONSE 200 x-guploader-uploadid=AEnB2UpfMtopnjvUUeIrrya-HK0Ctojd2jGOO6Zmadt9A89YjVhYBgJV7gpMzETTCV_PMUpkwFeSDKiSPwIzAq3ZD74g-GJGzA, etag="0b3ff5e3d740eba36b6d22f0cadc150d", x-goog-generation=1585582459557559, x-goog-metageneration=1, x-goog-hash=crc32c=QDPSFA==, md5=Cz/149dA66NrbSLwytwVDQ==, x-goog-stored-content-length=27855, x-goog-stored-content-encoding=identity, vary=Origin, content-length=0, date=Mon, 30 Mar 2020 15:34:19 GMT, server=UploadServer, content-type=text/html; charset=UTF-8, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
+  functions: functions folder uploaded successfully
[2020-03-30T15:34:19.594Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/projects/soundsquad-com/locations/-/functions

[2020-03-30T15:34:20.059Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:34:20 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:34:20.061Z] > [functions] filtering triggers to: [
  "projects/soundsquad-com/locations/us-central1/functions/iamTest"
]
i  functions: current functions in project: acceptFriendRequest(us-central1), newUser(us-central1), sendFriendRequest(us-central1)
i  functions: uploading functions in project: iamTest(us-central1)
i  functions: creating Node.js 8 function iamTest(us-central1)...
[2020-03-30T15:34:20.090Z] Trigger is:  {"httpsTrigger":{}}
[2020-03-30T15:34:20.091Z] >>> HTTP REQUEST GET https://serviceusage.googleapis.com/v1/projects/soundsquad-com/services/cloudscheduler.googleapis.com  

[2020-03-30T15:34:21.079Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:34:21 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:34:21.082Z] >>> HTTP REQUEST POST https://cloudfunctions.googleapis.com/v1/projects/soundsquad-com/locations/us-central1/functions  
 sourceUploadUrl=https://storage.googleapis.com/gcf-upload-us-central1-c13fb1e0-89a8-4743-8659-e448afbf2a36/143c8234-d224-447b-b6eb-ff7776835d2e.zip?GoogleAccessId=service-650099482351@gcf-admin-robot.iam.gserviceaccount.com&Expires=1585584258&Signature=Y%2BoTImbK58yXE6HGvqngQm7B%2FMZXhrb0kMiFIwBFwqQMuLNJJJ%2FlwpeyCI4xYbhoFphGf%2BdfpKa8w4OOv8qa0uvrk8ir7ousfZ0AqWVXdDpasamBIGL%2BKqlEpioskA0D%2FhyNkyrsNi70WcUn1QfDk%2FHhQurENzOn9Vr2s7mvN2ymCkZfztPkh8XKjPg8jfuG3GyVHDyG%2Ff%2Bqne74BJK%2BByp0xueT4O8lrUG1nfZGLGTSRv1b2X6fKwu9p0XtGluFv%2B4gHDcVou%2FfQdFA1MCIb79Q3QR%2FXgiKIkYuU3RDNe5HWt7ovXDNxl6yGrsemzcQg1HJzufoEXO3QxFJq6jdXQ%3D%3D, name=projects/soundsquad-com/locations/us-central1/functions/iamTest, entryPoint=iamTest, deployment-tool=cli-firebase, deployment-callable=true, runtime=nodejs8,
[2020-03-30T15:34:21.688Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:34:21 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:34:21.691Z] Setting public policy for function iamTest
[2020-03-30T15:34:21.706Z] >>> HTTP REQUEST POST https://cloudfunctions.googleapis.com/v1/projects/soundsquad-com/locations/us-central1/functions/iamTest:setIamPolicy
 version=3, bindings=[role=roles/cloudfunctions.invoker, members=[allUsers]], updateMask=version,bindings
[2020-03-30T15:34:22.039Z] <<< HTTP RESPONSE 403 vary=X-Origin, Referer, Origin,Accept-Encoding, content-type=application/json; charset=UTF-8, date=Mon, 30 Mar 2020 15:34:22 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:34:22.041Z] <<< HTTP RESPONSE BODY code=403, message=Permission 'cloudfunctions.functions.setIamPolicy' denied on resource 'projects/soundsquad-com/locations/us-central1/functions/iamTest' (or resource may not exist)., status=PERMISSION_DENIED

Functions deploy had errors with the following functions:

To try redeploying those functions, run:
    firebase deploy --only functions:

To continue deploying other features (such as database), run:
    firebase deploy --except functions

Error: Functions did not deploy properly.

on second try it uploaded:

PS C:\Users\frank\Desktop\SOUNDSQUAD\firebase> firebase deploy --only functions:iamTest --debug
[2020-03-30T15:34:55.128Z] ----------------------------------------------------------------------
[2020-03-30T15:34:55.132Z] Command:       C:\Program Files\nodejs\node.exe C:\Users\frank\AppData\Roaming\npm\node_modules\firebase-tools\lib\bin\firebase.js deploy --only functions:iamTest --debug
[2020-03-30T15:34:55.140Z] CLI Version:   7.8.1
[2020-03-30T15:34:55.141Z] Platform:      win32
[2020-03-30T15:34:55.141Z] Node Version:  v10.16.0
[2020-03-30T15:34:55.143Z] Time:          Mon Mar 30 2020 17:34:55 GMT+0200 (GMT+02:00)
[2020-03-30T15:34:55.144Z] ----------------------------------------------------------------------
[2020-03-30T15:34:55.144Z]
[2020-03-30T15:34:55.155Z] > command requires scopes: ["email","openid","https://www.googleapis.com/auth/cloudplatformprojects.readonly","https://www.googleapis.com/auth/firebase","https://www.googleapis.com/auth/cloud-platform"]
[2020-03-30T15:34:55.156Z] > authorizing via signed-in user
[2020-03-30T15:34:55.165Z] [iam] checking project soundsquad-com for permissions ["cloudfunctions.functions.create","cloudfunctions.functions.delete","cloudfunctions.functions.get","cloudfunctions.functions.list","cloudfunctions.functions.update","cloudfunctions.operations.get","firebase.projects.get"]
[2020-03-30T15:34:55.169Z] >>> HTTP REQUEST POST https://cloudresourcemanager.googleapis.com/v1/projects/soundsquad-com:testIamPermissions
 permissions=[cloudfunctions.functions.create, cloudfunctions.functions.delete, cloudfunctions.functions.get, cloudfunctions.functions.list, cloudfunctions.functions.update, cloudfunctions.operations.get, firebase.projects.get]
[2020-03-30T15:34:55.451Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:34:55 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, server-timing=gfet4t7; dur=128, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked

=== Deploying to 'soundsquad-com'...

i  deploying functions
[2020-03-30T15:34:57.725Z] > [functions] package.json contents: {
  "name": "functions",
  "description": "Cloud Functions for Firebase",
  "scripts": {
    "serve": "firebase serve --only functions",
    "shell": "firebase functions:shell",
    "start": "npm run shell",
    "deploy": "firebase deploy --only functions",
    "logs": "firebase functions:log"
  },
  "engines": {
    "node": "8"
  },
  "dependencies": {
    "firebase-admin": "^8.6.0",
    "firebase-functions": "^3.3.0"
  },
  "devDependencies": {
    "firebase-functions-test": "^0.1.6"
  },
  "private": true
}
i  functions: ensuring necessary APIs are enabled...
[2020-03-30T15:34:57.751Z] >>> HTTP REQUEST GET https://serviceusage.googleapis.com/v1/projects/soundsquad-com/services/cloudfunctions.googleapis.com  

[2020-03-30T15:34:57.752Z] >>> HTTP REQUEST GET https://serviceusage.googleapis.com/v1/projects/soundsquad-com/services/runtimeconfig.googleapis.com   

[2020-03-30T15:34:58.753Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:34:58 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:34:58.925Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:34:58 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
+  functions: all necessary APIs are enabled
[2020-03-30T15:34:58.937Z] >>> HTTP REQUEST GET https://firebase.googleapis.com/v1beta1/projects/soundsquad-com/adminSdkConfig  

[2020-03-30T15:34:59.211Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:34:59 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
i  functions: preparing functions directory for uploading...
[2020-03-30T15:34:59.216Z] >>> HTTP REQUEST GET https://runtimeconfig.googleapis.com/v1beta1/projects/soundsquad-com/configs

[2020-03-30T15:35:00.141Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:00 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
i  functions: packaged functions (27.2 KB) for uploading
[2020-03-30T15:35:00.366Z] >>> HTTP REQUEST POST https://cloudfunctions.googleapis.com/v1/projects/soundsquad-com/locations/us-central1/functions:generateUploadUrl

[2020-03-30T15:35:00.993Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:01 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:00.995Z] >>> HTTP REQUEST PUT https://storage.googleapis.com/gcf-upload-us-central1-c13fb1e0-89a8-4743-8659-e448afbf2a36/1ded80dd-dac8-440a-a7eb-c174e6492546.zip?GoogleAccessId=service-650099482351@gcf-admin-robot.iam.gserviceaccount.com&Expires=1585584300&Signature=pjtGisn8WEFqCCLIP8jfFS51wHO9SZH4bCWwLYIczkudswbMMOHoCMIZFpdgKkgOOOyaJBeU8tvfeVobjnK%2B8nkdiXQOTRIUxeuwfXQYevlYQbff4LjBd%2Fw70UyRMgZcXUNyYB8AWDJB2Y5ky%2FSvTOM3hr67OSg1xNvYiNVNZRuRnM61u83J8x341XarhxYJbqyJTm0EQ0tRU12xWPqtMs23ew46ilIOkdyw%2FoJ9EbDAaLfC1fdm5R5R80XaCNRfwzz5q8t3gzthbd0IFnE9W4%2BjXDqcOk97sJDYK%2FiRm9qhEi32%2BvIhddL3c%2BB%2BbxoaGfiI0nbZX9ov3y%2BeNavh3g%3D%3D
 <request body omitted>
[2020-03-30T15:35:01.537Z] <<< HTTP RESPONSE 200 x-guploader-uploadid=AEnB2Up13d0PYhw7FNgErDJ2GuASdjmU1mhFTC3vkWuv36pTPHBxiI4GmTaBU1L2UDlI4P_kSe8HcQuSfm_RF-AFASmmYVkscA, etag="efd5bc1822bf1a0b03ecf92d93f1119c", x-goog-generation=1585582501522012, x-goog-metageneration=1, x-goog-hash=crc32c=ozVOpw==, md5=79W8GCK/GgsD7Pktk/ERnA==, x-goog-stored-content-length=27855, x-goog-stored-content-encoding=identity, vary=Origin, content-length=0, date=Mon, 30 Mar 2020 15:35:01 GMT, server=UploadServer, content-type=text/html; charset=UTF-8, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
+  functions: functions folder uploaded successfully
[2020-03-30T15:35:01.554Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/projects/soundsquad-com/locations/-/functions  

[2020-03-30T15:35:01.987Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:02 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:01.990Z] > [functions] filtering triggers to: [
  "projects/soundsquad-com/locations/us-central1/functions/iamTest"
]
i  functions: current functions in project: acceptFriendRequest(us-central1), iamTest(us-central1), newUser(us-central1), sendFriendRequest(us-central1)
i  functions: uploading functions in project: iamTest(us-central1)
i  functions: updating Node.js 8 function iamTest(us-central1)...
[2020-03-30T15:35:02.006Z] Trigger is:  {"httpsTrigger":{}}
[2020-03-30T15:35:02.019Z] >>> HTTP REQUEST GET https://serviceusage.googleapis.com/v1/projects/soundsquad-com/services/cloudscheduler.googleapis.com  

[2020-03-30T15:35:03.092Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:03 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:03.095Z] >>> HTTP REQUEST PATCH https://cloudfunctions.googleapis.com/v1/projects/soundsquad-com/locations/us-central1/functions/iamTest {"updateMask":"sourceUploadUrl,name,labels,runtime,httpsTrigger"}
 sourceUploadUrl=https://storage.googleapis.com/gcf-upload-us-central1-c13fb1e0-89a8-4743-8659-e448afbf2a36/1ded80dd-dac8-440a-a7eb-c174e6492546.zip?GoogleAccessId=service-650099482351@gcf-admin-robot.iam.gserviceaccount.com&Expires=1585584300&Signature=pjtGisn8WEFqCCLIP8jfFS51wHO9SZH4bCWwLYIczkudswbMMOHoCMIZFpdgKkgOOOyaJBeU8tvfeVobjnK%2B8nkdiXQOTRIUxeuwfXQYevlYQbff4LjBd%2Fw70UyRMgZcXUNyYB8AWDJB2Y5ky%2FSvTOM3hr67OSg1xNvYiNVNZRuRnM61u83J8x341XarhxYJbqyJTm0EQ0tRU12xWPqtMs23ew46ilIOkdyw%2FoJ9EbDAaLfC1fdm5R5R80XaCNRfwzz5q8t3gzthbd0IFnE9W4%2BjXDqcOk97sJDYK%2FiRm9qhEi32%2BvIhddL3c%2BB%2BbxoaGfiI0nbZX9ov3y%2BeNavh3g%3D%3D, name=projects/soundsquad-com/locations/us-central1/functions/iamTest, deployment-tool=cli-firebase, deployment-callable=true, , runtime=nodejs8
[2020-03-30T15:35:03.503Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:03 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:03.515Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/projects/soundsquad-com/locations/-/functions  

[2020-03-30T15:35:03.964Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:03 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:03.967Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:04.284Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:04 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:06.298Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:06.597Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:06 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:08.604Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:08.919Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:08 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:10.922Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:11.222Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:11 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:13.244Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:13.535Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:13 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:15.550Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:15.855Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:15 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:17.858Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:18.128Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:18 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:20.144Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:20.437Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:20 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:22.441Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:22.803Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:22 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:24.806Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:25.141Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:25 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:27.170Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:27.444Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:27 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:29.446Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:29.720Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:29 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:31.722Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:31.984Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:32 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:33.996Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:34.273Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:34 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:36.275Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:36.558Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:36 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:38.566Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:38.837Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:38 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:40.838Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:41.105Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:41 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:43.119Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:43.399Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:43 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:45.405Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:45.689Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:45 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
[2020-03-30T15:35:47.692Z] >>> HTTP REQUEST GET https://cloudfunctions.googleapis.com/v1/operations/c291bmRzcXVhZC1jb20vdXMtY2VudHJhbDEvaWFtVGVzdC9JVUpRZEdsZ0RFRQ

[2020-03-30T15:35:48.024Z] <<< HTTP RESPONSE 200 content-type=application/json; charset=UTF-8, vary=X-Origin, Referer, Origin,Accept-Encoding, date=Mon, 30 Mar 2020 15:35:48 GMT, server=ESF, cache-control=private, x-xss-protection=0, x-frame-options=SAMEORIGIN, x-content-type-options=nosniff, alt-svc=quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000, accept-ranges=none, transfer-encoding=chunked
+  functions[iamTest(us-central1)]: Successful update operation.

+  Deploy complete!

Project Console: https://console.firebase.google.com/project/soundsquad-com/overview

When I try to call iamTest I get: Error: UNAUTHENTICATED] and no logs in firebase console. Maybe [2020-03-30T15:34:22.041Z] <<< HTTP RESPONSE BODY code=403, message=Permission 'cloudfunctions.functions.setIamPolicy' denied on resource 'projects/soundsquad-com/locations/us-central1/functions/iamTest' (or resource may not exist)., status=PERMISSION_DENIED has something to do with it.

Hope it helps :)

mbleigh commented 4 years ago

What are your permissions on the project in question, are you the owner? Yes, that line is the cause of the failure. Here's what seems to be happening:

  1. First deploy tries to create the function (which succeeds) then tries to apply the allUsers IAM policy (which fails). This leaves the function in a state where it exists but with the default locked-down policy.
  2. Second deploy detects that the function already exists, so no IAM policy is applied (as we only do so on create). It succeeds, but doesn't change the still-locked-down IAM policy.

A 403 typically means that you don't have permission to perform the action in question, which may be the case if you have an unusual set of permissions on the project.

FrankFundel commented 4 years ago

The project was created on another account, but I have the permissions owner, apparently that isn't enough. What are the right permissions then?

mbleigh commented 4 years ago

owner should definitely take care of it. Thanks for the additional information, we'll do some more digging on our end and see what we can turn up.

mbleigh commented 4 years ago

@FrankFundel we're having a hard time reproducing the same issue on our end. Can you try creating a new project and trying the same iamTest again? I'm curious if it's project-specific or something that can be reproduced at-will.

todorone commented 4 years ago

@mbleigh Thanks for Your help. FYI This issue with incorrect applying of rights was introduced recently. Last 3 months I was able to publish functions without any issue even not being an owner of the account, but about 3 days ago it started to fail for one of the projects. And as You can see by multiple feedbacks, it affects some particular group of users, it's not a unique case. If any further info required, please ping me...

FrankFundel commented 4 years ago

@mbleigh I created a new Project called iamtest-abe13, installed functions, added exports.iamTest = functions.https.onCall(async (data, context) => { console.log("iamTest"); }); same result when deploying, first try fails with Error 403, second try works. But now it has the allUsers. And new functions will deploy on first try.

tudormarze commented 4 years ago

After reading the suggestion in #646, updating the cli worked for me: npm update -g firebase-tools

I had 7.3.2 before, it updated to 7.16.1 and it's working fine now

mbleigh commented 4 years ago

@todorone please make sure your CLI is updated. While the CLI change was pushed out several months ago, it's only very recently that Cloud Functions started defaulting newly created functions to restricted access (which is why it only just started failing).

If you're on the latest version of the CLI and it's still failing, please provide as many details as you can. So far @FrankFundel is the only documented case of a non-version-related issue.

Rowansdabomb commented 4 years ago

So only Project Owners can create cloud functions with Cloud Function Invokers set as allUsers?

pdemilly commented 4 years ago

Having same problem here. Getting Access to fetch at 'https://xxxx.com/xxxx-3da7f/us-central1/reportFn-generateReportUrl' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled

However after different testing I think the message is misleading. The problem is a redirection problem. The URL is not rewritten to access the cloud function and therefore tries to access the main site

mbleigh commented 4 years ago

@Rowansdabomb unfortunately that's (kind of) the case. You need to have cloudfunctions.functions.setIamPolicy permissions on the project, which comes with the owner role but also comes with the Cloud Functions Admin role.

This wasn't something we anticipated when building this solution, but it's something I think we're going to have to do a better job warning about. Unfortunately since this is driven by the underlying Cloud Functions infrastructure, we probably won't be able to work around it at least in the short term.

I just filed firebase/firebase-tools#2086 to document our need to be more clear, and I'm separately going to follow up internally to see if there's more we can do.

todorone commented 4 years ago

@mbleigh Thanks for Your efforts. It's very unfortunate, as it's a very common scenario when functions being published by a developer account, which is very dangerous to give Owner permission. Hopefully, you will come up with some workaround to overcome it...

mbleigh commented 4 years ago

@pdemilly I'm not sure exactly what you're encountering. Cloud Functions are deployed at URLs like https://us-central1-project-name-here.cloudfunctions.net/functionName -- they are not on custom domains, and the URL structure you're posting looks more like the emulators than deployed functions.

It might make more sense for you to open a separate issue detailing exactly what your setup is, what was working before, and what changed.

jbohman commented 4 years ago

So I've run into this issue as well, tried firebase-tools version 7.16.0, 7.16.2 and 8.0.0 and same result. I'm the owner of the firebase project.

When I run with debug flag I see this (with version 8.0.0):

[2020-04-02T05:55:42.229Z] Setting public policy for function organiserActions
[2020-04-02T05:55:42.230Z] >>> HTTP REQUEST POST https://cloudfunctions.googleapis.com/v1/projects/hidden-project/locations/us-central1/functions/organiserActions:setIamPolicy
 {"policy":{"version":3,"bindings":[{"role":"roles/cloudfunctions.invoker","members":["allUsers"]}]},"updateMask":"version,bindings"}
[2020-04-02T05:55:42.846Z] <<< HTTP RESPONSE 200 {"content-type":"application/json; charset=UTF-8","vary":"X-Origin, Referer, Origin,Accept-Encoding","date":"Thu, 02 Apr 2020 05:55:42 GMT","server":"ESF","cache-control":"private","x-xss-protection":"0","x-frame-options":"SAMEORIGIN","x-content-type-options":"nosniff","alt-svc":"quic=\":443\"; ma=2592000; v=\"46,43\",h3-Q050=\":443\"; ma=2592000,h3-Q049=\":443\"; ma=2592000,h3-Q048=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,h3-T050=\":443\"; ma=2592000","accept-ranges":"none","transfer-encoding":"chunked"}

Which I assume is correct and in the full log I don't see any errors. In the end the function deployed successfully.

But when I go into Google Cloud console I don't see the invoker permission or the allUsers member:

image

Should there be a permission there? I have other functions deployed and all of them show it, and they have been created weeks or even months ago:

image

AmrKafina commented 4 years ago

Any updates here? I'm encountering this issue as well, exactly as described by @jbohman.

mbleigh commented 4 years ago

These issues are likely a consequence of what's described in another issue. I'm going to close this as a duplicate of firebase/firebase-tools#2086, please follow along there for updates.

kkusanagi commented 4 years ago

I'm using Firebase auth and still get ERROR UNAUTHENTICATED. @jbohman method is the only way to fix this. After use his method, i check the context argument and boom, it got all the auth info. This is surely a bug in firebase functions.

Firebase-tools 8.4.2 react-native-firebase:5.6.0

IOS Pod Firebase 6.13.0 FirebaseFunctions (2.5.1)

vojdan commented 3 years ago

I just had this issue when I had to stop (CTRL + C) the CLI process mid-deploy and did not completely finish. Deploy process continued in the background and eventually succeeded. The result was I didn't have "allUsers | Cloud Functions Invoker" in the permissions. Delete and redeploy fixed the issue and now the role is present.

Using firebase-tools 9.9.0.

gOzaru commented 3 years ago

I'm using Firebase auth and still get ERROR UNAUTHENTICATED. @jbohman method is the only way to fix this. After use his method, i check the context argument and boom, it got all the auth info. This is surely a bug in firebase functions.

Firebase-tools 8.4.2 react-native-firebase:5.6.0

IOS Pod Firebase 6.13.0 FirebaseFunctions (2.5.1)

Hello @kkusanagi May I know how do you check the context argument??? Teach me, please. I had done this to get the data, but it was all UNDEFINED...

functions.firestore.document("Felix/Server/Users/{uid}").onCreate(async (snaps, context) => {
    const uid = context.auth.uid; //this is FAIL too => UNDEFINED
    const uid = snaps.uid; //this is FAIL => UNDEFINED
    const uid = context.params.uid; //this is FAIL too => UNDEFINED

    const email = context.auth.token.email; //this is FAIL too => UNDEFINED 
    const email = context.params.email; //this is FAIL => UNDEFINED
    const email = context.resource.email; //this is FAIL => UNDEFINED
    const email = snaps.email; //this is FAIL too => UNDEFINED

    const code = snaps.data["code"]; //this is FAIL => UNDEFINED
    const code = snaps.code; //this is FAIL too => UNDEFINED
    const code = snaps.data().code //this is FAIL too => UNDEFINED
}
kkusanagi commented 3 years ago

@gOzaru hi, below is the example of my script. if you meet the issue, you better go to firebase and remove the functions. Then make sure you have update your nodejs or npm and firebase-tools to latest version and then start deploy the functions again. Should be fix.

export const createRewardSystem = functions.firestore.document("/reward_system/{reward_id}").onCreate((snap,context) => {
  const reward_id = context.params.reward_id;
  // const creator_id = snap.data().user_id;
  return dbFireStore.collection("reward_system").doc(reward_id).update({
    point_limit:150,
    point_remain:150,
  });
});
gOzaru commented 3 years ago

@gOzaru hi, below is the example of my script. if you meet the issue, you better go to firebase and remove the functions. Then make sure you have update your nodejs or npm and firebase-tools to latest version and then start deploy the functions again. Should be fix.

Hello @kkusanagi The bug is named as UNAUTHENTICATED. I had tried your suggestion and it still returned as undefined. I have checked on the Auth in Firebase and it worked fine for other Cloud Functions, except for Firestore Triggers Beta. I have been on this for more than 10 days. [sigh] Really frustrating. I searched all over the stackoverflow.com and it returned nothing at all. The bug won't go away.

kkusanagi commented 3 years ago

try firebase --version to check the version. currently should be over 9.10.2 And make sure firebase.auth().onAuthStateChanged got sign in.

IF still cannot, you have to upgrade your library. Maybe old library do not support. It is hard work, but worth it. react-native-firebase to @react-native-firebase/app and @react-native-firebase/firestore....

May be current firebase only support newer version only. cause authentication in library had slightly changed during newer version.

gOzaru commented 3 years ago

Thank you for your suggestion, @kkusanagi But nothing works. I am gonna search for another clue. Anyway, I am using Flutter.

chadlyalan commented 2 years ago

@gOzaru did you find a solution to this? I'm in the same boat, just starting my research as many before me have...

JoelKronander commented 2 years ago

@mbleigh So this issue actually currently exists, with latest firebase-tools (as of 2022-08-15) if one is not a Project Owner when deploying the function.

Ie if one has e.g. these permissions: Delegate deployment of functions to a project member who has the following two roles: Cloud Functions Admin role (roles/cloudfunctions.admin) Service Account User role (roles/iam.serviceAccountUser) but is not a project owner, one still has to manually add the allUsers cloud function invoke role permission.

Took me a while to figure out.... Very annoying, add docs on the homepage at least to clarify this.

juokavom commented 1 year ago

If you still have issue(s) with firebase denying your function invocations due to CORS errors, THIS IS HOW TO SOLVE THEM:

  1. Error: cors_err Solution: Set region in your client where your function is hosted. For example: When importing function package: export const functions = getFunctions(app, "europe-central2") <--- region of your function; Then you can call your function: const doSomething= await httpsCallable(functions, 'doSomething');
  2. Error: cors_err_2 Solution: Set all users principal in google cloud console for this particular function. More here: https://github.com/firebase/firebase-functions/issues/645#issuecomment-605835353
cliffhall commented 2 months ago

Can anyone confirm if they're seeing this behavior on new functions created with >= 7.7.0 of firebase-tools?

@mbleigh Yes, I'm on 13.16.0 and it just happened to me. and the above solution fixed it for me.

I had two nearly identical onCall functions, removed them both from Firebase console, redeployed them, and one got a CORS error the other worked fine. In the GCP console screen for the function, I had to add "allUsers" as "Cloud Function Invoker" to the one with the errors. The other one had it. They are both v1 functions, node 20.