React-native-firebase: Error: User is not authorized to perform the desired action.

@shekharskamble how did you solve this?

👍 1

@shekharskamble how did you manage to solve and close this issue? I am having the same issue and I bet others too ! A feedback would be real appreciative

Extremely sorry for replying late, I don't exactly remember how did I solve this one but can you please try putting file in a folder like this

.ref(foldername/${fileName}).putFile(uploadUri)

you can set any file name you want.

@shekharskamble This still doesn't work for me. Can this issue be re-opened?

reopened...

@perrosnk
I encountered the same error, and I solve error now!
How is the rule of your Fire base storage?
I change the rule below, so I can solve the error.
I want you to try it!

service firebase.storage {
  match /b/{bucket}/o {
    match /{allPaths=**} {
      allow read, write;
    }
  }
}

@gcyagyu That opens the security rules to anyone.

@gcyagyu - agreed to @Ehesp its bad...

@gcyagyu this is not safe

I want to enable each user to upload ONLY his profile photo. My rules look like this:

service firebase.storage {
  match /b/{bucket}/o {
    match /users/{userId}/{filename} {
      allow read;
      allow write: if request.auth.uid == userId
                             && filename == "profilePicture.jpeg"
                             && request.resource.size < 300 * 1024
                             && request.resource.contentType.matches('image/.*')
                             && request.resource.contentType == resource.contentType
    }
  }
}

If I deactivate the last 2 lines:

&& request.resource.contentType.matches('image/.*')
&& request.resource.contentType == resource.contentType

it works. But I need this two lines for security reasons. Is anyone else facing this kind of problem?

@perrosnk looks like you're running into a side effect of https://github.com/invertase/react-native-firebase/issues/739 with your security rules.

We plan on addressing this as part of the 4.1.x release stream - we don't yet have a timescale I'm afraid, but in the meantime you may need to lower the security rules.

I'm going to close this issue, as we now understand the reasoning. Track #739 for updates.

@perrosnk have implemented a fix for mime/content types as part of the upcoming v4.3.0 release, mime types are automatically detected correctly now when uploading and can also be overridden using custom metadata. Should fix your rules issue.

Thanks for reporting!

We are facing the same issue and keep seeing this error : [storage/unauthorized] User is not authorized to perform the desired action. The user is authenticated and these are our storage rules: rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}. From the usage stats i can see that this rule is accepted half the times and denied half the times, but we always make a check if the user is authenticated and then upload. How did you resolve this issue?

I don't think that will have anything to do with react-native-firebase, i.e., it will not be a problem with this module. I think firebase storage has a rules simulator that can be used to try out different scenarios real time, maybe that would point out the problem in combo with the documentation.

All I can suggest if you want to come at it from react-native-firebase's direction is to put console logs with arguments and results of each API call logged out before it goes down to the firebase-android-sdk and firebase-ios-sdk layers in Java and Objective-C to see exactly what is going in and coming out when things aren't behaving the way you want. That's usually how I find my project-specific coding errors when working with firebase. Hope this helps

@minuhariharan Could it be related to this? https://github.com/invertase/react-native-firebase/issues/4690