Quantcast
Channel: Active questions tagged rest - Stack Overflow
Viewing all articles
Browse latest Browse all 4797

Why are my Firebase RTDB Rules Always Returning Unauthorized

$
0
0

Rules

{"rules": {"Accounts": {".read": "true","$user_id": {        // Check if object has all required values after operation".validate": "newData.child('Username').isString() &&                       newData.child('Password').isString() &&                       newData.child('Salt').isString() &&                       newData.child('ExpirationDate').isString()",        // Only allow username update if:        //  * There is a provided username AND        //  * There is no existing username (new account) OR        //  * It is the same as the existing username (patches)"Username": {".write": "(!data.exists() || data.val() === newData.val())"        },"Password":         {".write": "newData.exists()"},"Salt":             {".write": "newData.exists()"},"ExpirationDate":   {".write": "newData.exists()", ".validate": "newData.isString()"},"IsVerified":       {".write": "newData.exists()", ".validate": "newData.isBoolean()"},"Domains":          {".write": "true"},"ActiveDomain":     {".write": "true"},"VerificationCode": {".write": "!data.exists() || newData.exists()", ".validate": "newData.isString()"}      },    }  }}

The POST Sent

Sent to [FIREBASEURL]/Accounts/blmvyubcyhislpquhj@ytnhy,com.json

{"Username": "blmvyubcyhislpquhj@ytnhy,com","Password": "lR3lh7BcXU0=","Salt": "0sFEiXUsUpQ=","ExpirationDate": "8/1/2024","ActiveDomain": null,"Domains": null,"IsVerified": false,"VerificationCode": "327761"}

This POST always returns Unauthorized.

From what I've found, the rules work if I remove all the "Username" level rules and replace it with a dummy ".write":"true".

I've tried with lowercase field names.I've tried just the username rule at that level.The playground seems to show that the request is valid.

I'd like to avoid using Firebase Authentication if possible. I realize it'll be less secure this way.


Viewing all articles
Browse latest Browse all 4797

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>