"FirebaseError: Missing or Insufficient permissions" thrown any time user is logged on

mundanelunacy commented 3 years ago

What is the current behavior?

When I apply Firestore rules to a collection like so:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /experts/{expert} {
      allow read: if true;
    }
  }
}

Firebase throws the following error: FirebaseError: Missing or insufficient permissions. This occurs on any component that uses useFirebase, useFirestoreConnect or the firestoreConnect regardless of whether the user is reading the "experts" collection

If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem via codesandbox or similar.

Code pen - https://codesandbox.io/s/react-redux-firebase-permissions-problem-09pqg

How to reproduce:

Open code pen preview in new window (Oauth popup doesn't work in embedded preview sometimes)
Click "Login with Google" button
Log into an account
Error
Refresh page to see auth data

The Codepen is connected to a firestore instance with the rules above. App, Store, and LoginPage are implemented according to react-redux-firestore doc examples.

What is the expected behavior?

No error is thrown.

Which versions of dependencies, and which browser and OS are affected by this issue? Did this work in previous versions or setups?

Environment:

Mac OSX Catalina 10.15
Chrome 87

Dependencies:

react 17.0.0
firebase 8.2.1
react-redux-firebase: 3.8.1
redux-firestore: 0.14.0

Cases that worked:

No errors are thrown when user is logged out

No errors are thrown with default insecure Firestore rules, i.e.

rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
  allow read, write: if true;
}
}
}

prescottprue commented 3 years ago

This is potentially because of a query associated with the user profile - are you using the userProfile setting?

prescottprue commented 3 years ago

Yeah, it appears that in the code sandbox you are using the following in your config:

  userProfile: "users",
  useFirestoreForProfile: true,

This means you will need the following rules in order for the user account matching the user's UID in users like so:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /experts/{expert} {
      allow read: if true;
    }
    match /users/{userId} {
      allow read, write: if request.auth.uid == userId;
    }
  }
}

Please reach out if that ends up not fixing your issue - I have updated the docs to include a note about the required rules when using this setting (will go out with v3.9.0)

mundanelunacy commented 3 years ago

seems to have fixed the issue. Thanks !!!

prescottprue / react-redux-firebase