As shown below, I want to set up a security rule when a user exists in the "users" node, the user can access the "email" node. Meeting the case, I used builtin exists() function but it doesn't seem working correctly. I've just been getting "Missing or insufficient permissions." Just in case, the user exists under the "users" node for sure.
This issue still occurs when using the get() function, where incorporating this issue(Firestore security rule get() not work)
I'm totally not sure why this rule doesn't work. Would be appreciated if you could give me any help.
service cloud.firestore {
match /databases/{database}/documents {
match /emails/{email} {
allow read, write: if exists(/databases/$(database)/documents/users/$(request.auth.uid));
}
match /users/{userId} {
allow read, write: if request.auth != null;
}
}
}
Did you try use get() instead of exists()?
For me this is working
allow read, write: if get(/databases/$(database)/documents/users/$(request.auth.uid)).data != null
When you creating signIn options, you also should set "requestIdToken" to options builder to then use it in Firestore Rules like "request.auth.uid":
GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken(getString(R.string.default_web_client_id))
.requestEmail()
.build()
When you get GoogleSignInAccount(for example) in your activity's onActivityResult, then you have to set it to Firestore singleton instance:
private fun firebaseAuthWithGoogle(acct: GoogleSignInAccount) {
AppState.googleAccount = acct
val mAuth = FirebaseAuth.getInstance()
val credential = GoogleAuthProvider.getCredential(acct.idToken, null)
mAuth.signInWithCredential(credential)
.addOnCompleteListener(this, object : OnCompleteListener<AuthResult> {
override fun onComplete(#NonNull task: Task<AuthResult>) {
when (task.isSuccessful) {
true -> // good, continue from this line
false -> showError("error sign in with google account")
}
}
})
}
Related
I am building a Kotlin app and am using FirebaseAuth for login. I activated Facebook login via Firebase and it works fine. My problem is that the created Firebase user's photoUrl: (https://graph.facebook.com/<UserId>/picture) is pointing to a tiny version of it's Facebook profile picture, instead of a normal sized one.
I found this solution: https://stackoverflow.com/a/52099896/13674106. The Google part of this answer worked perfectly for me, but in the Facebook case I am now getting a default avatar image (in the right resolution). My code looks like this:
fun handleSignInSucceeded(dataIntent: Intent?) {
val response = IdpResponse.fromResultIntent(dataIntent)
// For new created users, check if a photo is available from the auth provider
if (response?.isNewUser == true) {
// All users have a default FirebaseAuth provider data - we want to check which is the
// other one
currentUser.value?.providerData
?.find { it.providerId != FirebaseAuthProvider.PROVIDER_ID }?.apply {
val photoUrl = when (providerId) {
GoogleAuthProvider.PROVIDER_ID ->
photoUrl.toString().replace("s96-c", "s400-c").toUri()
FacebookAuthProvider.PROVIDER_ID ->
photoUrl.toString().plus("?type=large").toUri()
else -> null
}
photoUrl?.let { updatePhotoUri(it, false) }
}
}
}
fun updatePhotoUri(photoUrl: Uri, uploadToStorage: Boolean = true): Task<Void>? {
val profileUpdates = UserProfileChangeRequest.Builder()
return if (uploadToStorage) ...
else updateProfile(profileUpdates.setPhotoUri(photoUrl).build())
}
private fun updateProfile(profileUpdates: UserProfileChangeRequest): Task<Void>? {
return currentUser.value?.updateProfile(profileUpdates)
?.addOnCompleteListener {
if (it.isSuccessful) {
Log.d(TAG, "User profile updated.")
_currentUser.value = firebaseAuth.currentUser
}
}
}
Where _currentUser is a private MutableLiveData<FirebaseUser?> shadowed by a public LiveData<FirebaseUser?> called user which is binded to my ImageView on the fragment:
<ImageView
android:id="#+id/image_profile_picture"
...
app:userPhotoSrc="#{profileViewModel.user}" />
Where userPhotoSrc is implemented by the following BindingAdapter using Glide:
#BindingAdapter("userPhotoSrc")
fun ImageView.setUserPhotoSrc(user: FirebaseUser?) {
Glide.with(context)
.load(user?.photoUrl)
.circleCrop()
.fallback(R.drawable.ic_profile_black_24)
.into(this)
}
I checked in debug and the value of user?.photoUrl at that point is https://graph.facebook.com/<UserId>/picture?type=large as expected.
I found this thread: Retrieving Default Image All Url Profile Picture from Facebook Graph API, Which shows a problem similar to mine, but according to the answers there, my code should work by now. I also tried to use the height parameter instead of type, like stated in this answer: https://stackoverflow.com/a/50710161/13674106, But I got the same result.
Please help me solve it,
Omer
I need to limit the concurrent sessions allowed per user in an apache SshServer. I found two references to this functionality, but they seem to be obsolete.
Here's the original patch back in 2010:
https://issues.apache.org/jira/browse/SSHD-95
I also found this reference to its usage:
http://apache-mina.10907.n7.nabble.com/How-to-set-max-count-connections-in-sshd-service-td44764.html
Which refers to a SshServer.setProperty() method.
I'm using sshd-core 2.4.0, and this method is absent from SshServer, I can't see any obvious replacement, and I can't find any documentation on what has happened to it or how I'm supposed to do this now.
I still see the MAX_CONCURRENT_SESSIONS key in ServerFactoryManager, so I assume the functionality is still in there somewhere, but I can't find where I need to set it.
Here's what the setup of the server looks like (it's for an SFTP server, but that shouldn't matter for the problem at ahnd, I thnk):
private val server = SshServer.setUpDefaultServer().apply {
val sftpSubsystemFactory = SftpSubsystemFactory().apply {
addSftpEventListener(sftpEventListener)
}
port = sftpPort
host = "localhost"
keyPairProvider = when {
sftpKeyname.isEmpty() -> throw IllegalStateException("No key name for SFTP, aborting!")
sftpKeyname == "NO_RSA" -> {
log.warn("Explicitly using NO_RSA, sftp encryption is insecure!")
SimpleGeneratorHostKeyProvider(File("host.ser").toPath())
}
else -> KeyPairProvider.wrap(loadKeyPair(sftpKeyname))
}
setPasswordAuthenticator { username, password, _ ->
// current evil hack to prevent users from opening more than one session
if (activeSessions.any { it.username == username }) {
log.warn("User attempted multiple concurrent sessions!")
throw IllegalUserStateException("User already has a session!")
} else {
log.debug("new session for user $username")
// throws AuthenticationException
authenticationService.checkCredentials(username, password)
true
}
}
subsystemFactories = listOf(sftpSubsystemFactory)
fileSystemFactory = YellowSftpFilesystemFactory(ftpHome)
start()
log.info("SFTP server started on port $port")
}
(From my comment) you can set the property directly:
server.apply {
properties[ServerFactoryManager.MAX_CONCURRENT_SESSIONS] = 50L
}
I have a YII2 advanced template application with a function:
public function isVisible()
{
if ($return = \Yii::$app->getUser()->can($this->getWidgetPermission())) {
return true;
} else {
return false;
}
}
This function is not behaving the expected way with a specific permission, if I add the following code to print all user permissions and the involved permission:
public function isVisible()
{
if ($return = \Yii::$app->getUser()->can($this->getWidgetPermission())) {
return true;
} else {
pr($this->getWidgetPermission() ,'NON ALLOWED!');
pr(\Yii::$app->authManager->getPermissionsByUser(\Yii::$app->getUser()->getId()));
return false;
}
}
I get the name of the permission with the first pr() and an array of permissions with the second pr().
What is odd: the array of permissions INCLUDES the first one.
For example:
output of first pr():
backend\modules\m3p2\widgets\icons\WidgetIconProjects
output of second pr():
[
..,
[name] => backend\modules\m3p2\widgets\icons\WidgetIconProjects
..,
]
So IN THEORY:
\Yii::$app->getUser()->can($this->getWidgetPermission()
should return TRUE, but it's not!
Am I missing something obvious here?
BTW: I flushed permissions and nothing changed
Turned out the problem was in the cache.
I don't know why but both:
php yii cache/flush rbacCache and
php yii cache/flush-all
didn't clean the cache at all.
I had to manually delete the Cache files (in my case inside /runtime/rbacCache/rb/)
The plugin play-reactivemongo offers an easy way to upload a file:
def upload = Action(gridFSBodyParser(gridFS)) { request =>
val futureFile: Future[ReadFile[BSONValue]] = request.body.files.head.ref
futureFile.map { file =>
// do something
Ok
}.recover { case e: Throwable => InternalServerError(e.getMessage) }
}
Unfortunately this solution doesn't suit me because:
I would like only my DAO layer to depend on reactive-mongo.
I need to save the file only if a user is authenticated (with SecureSocial) and use some user's properties as checks and metadata.
If no user is authenticated the request body shouldn't be parsed at all (see also this question).
It would be something along the lines
def upload = SecuredAction { request =>
val user = request.user
val enumerator = an enumrator from the body parsing ???
myDAO.saveFile(user, enumerator)
object myDAO {
def saveFile(user:User, enumerator:Enumerator[Array[Byte]]) = {
...
val fileToSave = DefaultFileToSave(...)
gridfs.save(enumerator, fileToSave)
...
}
}
Unfortunately it seems there is no way to get an enumerator from the parsing of the request body. The only way seems to provide the Action with a parser and an Iteratee that will be fed with the the body being parsed.
I couldn't figure out how to achieve it in a reactive way (without using a temporary file or storing the body in memory). Is it at all possible?
Actually, you might consider not using girdFS built-in parser at all:
val gfs = new GridFS(db)
// the controller method, Authenticated here is custom object extending ActionBuilder
def upload = Authenticated.async(parse.multipartFormData) { request =>
...
request.body.file("photo") match {
// handle error cases
...
case Some(photo) =>
val fileToSave = DefaultFileToSave(photo.filename, photo.contentType)
// here some more operations, basically you don't need the and need only photo.ref.file
val enumerator = Enumerator(Image(photo.ref.file).fitToWidth(120).write)
gfs.save(enumerator, fileToSave) map {
//handle responses and stuff
...
}
}
}
}
I am new to smack API. I am trying to develop a chat application where I was trying for setting and getting the presence.
When I change the presence of a user, its working perfectly fine and it is getting reflected in the Openfire Server.
But when I tries to get the Presence of a user, I am always getting the status as 'unavailable' even if his presence in openfire is showing as 'available'.
I am using the following code to set the status.
Presence presence = new Presence(Presence.Type.available);
presence.setStatus("Online, Programmatically!");
presence.setPriority(24);
presence.setMode(Presence.Mode.available);
user.getConnection().sendPacket(presence);
I am using the Roster class to get the presence as follows.
Roster roster = avatar.getRoster();
Collection<RosterEntry> entries = roster.getEntries();
for(RosterEntry rosterEntry: entries) {
String user = rosterEntry.getUser();
Presence presence = roster.getPresence(user);
System.out.println("Presence : "+presence); // 1
System.out.println("Presence type: "+presence.getType()); // 2
System.out.println("Presence mode: "+presence.getMode()); // 3
}
Line No 1 alwasys gives 'unavailable' while line number 2 and 3 always give null
I am not able to figure out the cause of this problem. Please help me to resolve this issue.
Thanks in advance.
Using RosterListener is the proper solution to this problem. There is no reason that code should have a Thread.sleep() in order to make it work properly.
Roster roster = con.getRoster();
roster.addRosterListener(new RosterListener() {
// Ignored events public void entriesAdded(Collection<String> addresses) {}
public void entriesDeleted(Collection<String> addresses) {}
public void entriesUpdated(Collection<String> addresses) {}
public void presenceChanged(Presence presence) {
System.out.println("Presence changed: " + presence.getFrom() + " " + presence);
}
});
(source: http://www.igniterealtime.org/builds/smack/docs/latest/documentation/roster.html)
the problem is that after logging in immediately, it is gonna take some time for the presence of users to get updated.So between logging in and calling the online buddies function there should be a thread.sleep() for a few seconds.Then the online contacts will be retrieved. I did that and was able to retrieve them.
after login use
Thread.sleep(5000);
use in the beginiing of the method also
I had the same problem and searched for a while before finding what the problem was. In fact, you don't need to do a Thread.sleep(). The problem is that you don't have the "permission" to get the Presence of other users.
To solve the problem, just go in Openfire admin -> your user options -> Roster // Then just set the subscription of the buddy you wanna get the presence to "both" (both users can view each other presence).
Hope that is helps.
Edit : In fact you need to add a Thread.sleep() before getting the roster from the connection. Without the Thread.sleep(), sometimes it works, sometimes not...
I fixed it adding:
if (!roster.isLoaded())
roster.reloadAndWait();
after:
Roster roster = Roster.getInstanceFor(connection);
Ref: Smack 4.1.0 android Roster not displaying
This full code
public void getRoaster(final Callback<List<HashMap<String, String>>> callback) {
final Roster roster = Roster.getInstanceFor(connection);
boolean success = true;
if (!roster.isLoaded())
try {
roster.reloadAndWait();
} catch (SmackException.NotLoggedInException | SmackException.NotConnectedException | InterruptedException e) {
android.util.Log.e(AppConstant.PUBLIC_TAG, TAG + " " + e.getMessage());
success = false;
}
if (!success) {
if (callback != null) {
callback.onError(new Throwable());
}
}
Collection<RosterEntry> entries = roster.getEntries();
List<HashMap<String, String>> maps = new ArrayList<HashMap<String, String>>(entries.size());
for (RosterEntry entry : entries) {
HashMap<String, String> map = new HashMap<String, String>(3);
Presence presence = roster.getPresence(entry.getUser());
map.put(ROASTER_KEY, entry.getName());
map.put(ROASTER_BARE_JID, entry.getUser());
map.put(PRESENCE_TYPE, presence.isAvailable() == true ? PRESENCE_ONLINE : PRESENCE_OFFLINE);
maps.add(map);
}
if (maps != null && maps.size() > 0 && callback != null) {
callback.onSuccess(maps);
} else {
callback.onError(new Throwable());
}
}