phase 1 of tutorial

ryanpbrewster · ryanpbrewster · commit 681669b9bf64 · 2019-06-12T13:33:41.000-07:00
diff --git a/TUTORIAL.md b/TUTORIAL.md
@@ -18,3 +18,47 @@ Now we're ready to actually run the tests:
 ```
 firebase emulators:exec "npm test"
 ```
+
+If all goes well, you should see
+```
+> mocha
+
+  ✓ a random user can write a random document
+```
+
+## Securing your data
+
+Open `firestore.rules` and you'll see that your rules are currently allowing
+all reads and writes. Let's start by locking down the database.
+
+Set your security rules to
+```
+service cloud.firestore {
+  match /databases/{db}/documents {
+    match /{doc=**} {
+      allow read, write: if false;
+    }
+  }
+}
+```
+
+Re-run your test and you should see
+
+```
+> mocha
+
+
+
+  1) a random user can write a random document
+
+  0 passing (787ms)
+  1 failing
+
+  1) a random user can write a random document:
+     FirebaseError: 7 PERMISSION_DENIED: 
+false for 'create' @ L4
+```
+
+which verifies that our rules are no longer allowing random users to write to
+random documents. Let's update the test. Open `test/test.js` and change
+`firebase.assertSucceeds` to `firebase.assertFails`.
diff --git a/firestore.rules b/firestore.rules
@@ -1,15 +1,7 @@
 service cloud.firestore {
-  match /databases/{database}/documents {
-    match /users/{userId} {
-      allow read;
-      allow create: if request.auth.uid == userId && request.resource.data.createdAt == request.time;
-    }
-    match /rooms/{roomId} {
-      allow read;
-      // If you create a room, you must set yourself as the owner.
-      allow create: if request.resource.data.owner == request.auth.uid;
-      // Only the room owner is allowed to modify it.
-      allow update: if resource.data.owner == request.auth.uid;
+  match /databases/{db}/documents {
+    match /{doc=**} {
+      allow read, write: if true;
     }
   }
 }
diff --git a/package.json b/package.json
@@ -4,7 +4,7 @@
   "description": "Cloud Firestore emulator testing",
   "scripts": {
     "format": "prettier --write **/*.js",
-    "test": "mocha"
+    "test": "mocha --exit"
   },
   "devDependencies": {
     "@firebase/testing": "^0.10.1",
diff --git a/test/test.js b/test/test.js
@@ -1,138 +1,10 @@
 const firebase = require("@firebase/testing");
 const fs = require("fs");
+const projectId = "rules-codelab";
 
-/*
- * ============
- *    Setup
- * ============
- */
-const projectId = "firestore-emulator-example";
-const coverageUrl = `http://localhost:8080/emulator/v1/projects/${projectId}:ruleCoverage.html`;
-
-const rules = fs.readFileSync("firestore.rules", "utf8");
-
-/**
- * Creates a new app with authentication data matching the input.
- *
- * @param {object} auth the object to use for authentication (typically {uid: some-uid})
- * @return {object} the app.
- */
-function authedApp(auth) {
-  return firebase
-    .initializeTestApp({ projectId, auth })
-    .firestore();
-}
-
-/*
- * ============
- *  Test Cases
- * ============
- */
-beforeEach(async () => {
-  // Clear the database between tests
-  await firebase.clearFirestoreData({ projectId });
-});
-
-before(async () => {
-  await firebase.loadFirestoreRules({ projectId, rules });
-});
-
-after(async () => {
-  await Promise.all(firebase.apps().map(app => app.delete()));
-  console.log(`View rule coverage information at ${coverageUrl}\n`);
-});
-
-describe("My app", () => {
-  it("require users to log in before creating a profile", async () => {
-    const db = authedApp(null);
-    const profile = db.collection("users").doc("alice");
-    await firebase.assertFails(profile.set({ birthday: "January 1" }));
-  });
-
-  it("should enforce the createdAt date in user profiles", async () => {
-    const db = authedApp({ uid: "alice" });
-    const profile = db.collection("users").doc("alice");
-    await firebase.assertFails(profile.set({ birthday: "January 1" }));
-    await firebase.assertSucceeds(
-      profile.set({
-        birthday: "January 1",
-        createdAt: firebase.firestore.FieldValue.serverTimestamp()
-      })
-    );
-  });
-
-  it("should only let users create their own profile", async () => {
-    const db = authedApp({ uid: "alice" });
-    await firebase.assertSucceeds(
-      db
-        .collection("users")
-        .doc("alice")
-        .set({
-          birthday: "January 1",
-          createdAt: firebase.firestore.FieldValue.serverTimestamp()
-        })
-    );
-    await firebase.assertFails(
-      db
-        .collection("users")
-        .doc("bob")
-        .set({
-          birthday: "January 1",
-          createdAt: firebase.firestore.FieldValue.serverTimestamp()
-        })
-    );
-  });
-
-  it("should let anyone read any profile", async () => {
-    const db = authedApp(null);
-    const profile = db.collection("users").doc("alice");
-    await firebase.assertSucceeds(profile.get());
-  });
-
-  it("should let anyone create a room", async () => {
-    const db = authedApp({ uid: "alice" });
-    const room = db.collection("rooms").doc("firebase");
-    await firebase.assertSucceeds(
-      room.set({
-        owner: "alice",
-        topic: "All Things Firebase"
-      })
-    );
-  });
-
-  it("should force people to name themselves as room owner when creating a room", async () => {
-    const db = authedApp({ uid: "alice" });
-    const room = db.collection("rooms").doc("firebase");
-    await firebase.assertFails(
-      room.set({
-        owner: "scott",
-        topic: "Firebase Rocks!"
-      })
-    );
-  });
-
-  it("should not let one user steal a room from another user", async () => {
-    const alice = authedApp({ uid: "alice" });
-    const bob = authedApp({ uid: "bob" });
-
-    await firebase.assertSucceeds(
-      bob
-        .collection("rooms")
-        .doc("snow")
-        .set({
-          owner: "bob",
-          topic: "All Things Snowboarding"
-        })
-    );
-
-    await firebase.assertFails(
-      alice
-        .collection("rooms")
-        .doc("snow")
-        .set({
-          owner: "alice",
-          topic: "skiing > snowboarding"
-        })
-    );
-  });
+it("a random user can write a random document", async () => {
+  const db = firebase.initializeTestApp({ projectId, auth: null }).firestore();
+  await firebase.assertSucceeds(
+    db.collection("random-collection").doc("random-document").set({ hello: "world" })
+  );
 });

Original file line number	Diff line number	Diff line change
`@@ -1,15 +1,7 @@`
`1`	`1`	`service cloud.firestore {`
`2`		`- match /databases/{database}/documents {`
`3`		`- match /users/{userId} {`
`4`		`- allow read;`
`5`		`- allow create: if request.auth.uid == userId && request.resource.data.createdAt == request.time;`
`6`		`- }`
`7`		`- match /rooms/{roomId} {`
`8`		`- allow read;`
`9`		`- // If you create a room, you must set yourself as the owner.`
`10`		`- allow create: if request.resource.data.owner == request.auth.uid;`
`11`		`- // Only the room owner is allowed to modify it.`
`12`		`- allow update: if resource.data.owner == request.auth.uid;`
	`2`	`+ match /databases/{db}/documents {`
	`3`	`+ match /{doc=**} {`
	`4`	`+ allow read, write: if true;`
`13`	`5`	`}`
`14`	`6`	`}`
`15`	`7`	`}`