Unit testing with firebase auth emulator requires real service account? - javascript

We are using the firebase emulators to write integration tests. One of our functions modifies the claims on a user. As such, our test checks to see if the claim has been added. In our test, we call the following function:
admin.auth().getUser(user.userId)
Our intention is to then check the claims. Unfortunately, when this function is called, we get an error.
(node:96985) UnhandledPromiseRejectionWarning: Error: Credential
implementation provided to initializeApp() via the "credential"
property failed to fetch a valid Google OAuth2 access token with the
following error: "Error fetching access token: Error while making
request: getaddrinfo ENOTFOUND metadata.google.internal. Error code:
ENOTFOUND".
Keep in mind we are running against the local auth emulator, not a cloud service. We found an issue on github which seems to be related: https://github.com/firebase/firebase-tools/issues/1708
Unfortunately, the recommended course of action in that issue is to use an actual service account file from an actual cloud service. We do not check such files into our repos as this would be a security hazard. Does anyone know of a better way to deal with this situation?
In case it is relevant, we also get the following warning:
{"severity":"WARNING","message":"Warning, FIREBASE_CONFIG and
GCLOUD_PROJECT environment variables are missing. Initializing
firebase-admin will fail"}

Related

Trying to use Amplify withAuthenticator, throwing error?

I am trying to sign in on AWS amplify using the withAuthenticator. I am able to make an account but as soon as I try to log in with the correct credentials I always encounter this error.
I am running the app on Expo ios device and the user is saved in cognito. It won't let me sign in and I keep getting this error though.
[ERROR] 49:25.730 AuthClass - Failed to get the signed in user, [Error: Failed to create storage directory.Error Domain=NSCocoaErrorDomain Code=512 "The file “ExponentExperienceData” couldn’t be saved in the folder “Documents”." UserInfo={NSFilePath=/Users/****/Library/Developer/CoreSimulator/Devices/A8619F07-3B7B-47DE-BD92-21B3E8FAB9CE/data/Containers/Data/Application/7CAFFBF4-B523-4E2F-B108-94B0940675C1/Documents/ExponentExperienceData, NSUnderlyingError=0x600002749dd0 {Error Domain=NSPOSIXErrorDomain Code=20 "Not a directory"}}]
at node_modules/#aws-amplify/core/lib-esm/Logger/ConsoleLogger.js:99:15 in prototype._log
at node_modules/#aws-amplify/core/lib-esm/Logger/ConsoleLogger.js:170:23 in prototype.error
at node_modules/#aws-amplify/auth/lib-esm/Auth.js:520:40 in __generator$argument_1
at node_modules/#aws-amplify/auth/node_modules/tslib/tslib.js:141:30 in step
at node_modules/#aws-amplify/auth/node_modules/tslib/tslib.js:122:60 in <anonymous>
at node_modules/#aws-amplify/auth/node_modules/tslib/tslib.js:113:68 in rejected
I have tried creating new accounts as well as trying to use another device. I get the same error.

Google Cloud Storage - "Error: Could not load the default credentials"

While developing my app in Node.js, I decided to persist my data by using the Google Cloud Storage client libraries.
I came across the error mentioned in the title when uploading to storage:
Error: Could not load the default credentials
I did some digging, and figured out how to solve the issue:
Navigating to google cloud console credentials and creating a service account.
Setting the role for the service account to have full object permissions across my project and my buckets
Creating a key for the service account and downloading the associated .json file
Installing Cloud SDK and running the commands:
gcloud auth application-default login
gcloud config set project [MY_PROJECT_ID]
gcloud auth activate-service-account --key-file=C:/path/to/json/file
In my code passing in the .json credentials file into my new client instance:
const storage = new Storage({keyFileName: "auth.json"})
These steps described fixed the issue... in development. When I deployed my app to production the same error message comes back
I tried a few things to solve the issue. I assumed it was an issue with my web host: A2. After talking with their tech support they reassured me my file paths are correct inside their file structure, but they would not help me troubleshoot the credentials error otherwise.
So, why would my credentials be working just fine in development, but then suddenly stop working in production? Is it because I had the localhost as the callback URI instead of the domain name (or something)? Do I need to specify the domain somewhere in SDK or in the cloud console?
The error message points me to https://cloud.google.com/docs/authentication/getting-started, but I have read and reread the documentation many times, so if someone can point me to the specific place in the docs that says what I need to do that would be appreciated, but be aware that I have done my homework and I RTFM, but I am still unable to solve this issue.

Access Firestore from Google Functions - Getting metadata from plugin failed with error: Could not refresh access token

I am deploying a google function that does some server computation and writes results in the Firestore DB in the same project.
I follow the how-tos and configure the function by
const functions = require('firebase-functions');
const admin = require('firebase-admin');
admin.initializeApp();
and access the Firestore db by using:
admin.firestore().collection('COLLECTION_NAME').add({data: value});
The IAM user ...#gcf-admin-robot.iam.gserviceaccount.com has the role of the Google Cloud Functions Service Agent assigned.
I get the following error:
Error: 500 undefined: Getting metadata from plugin failed with error: Could not refresh access token: Unsuccessful response status code. Request failed with status code 500
at Object.callErrorFromStatus (/workspace/node_modules/#grpc/grpc-js/build/src/call.js:30:26)
at Object.onReceiveStatus (/workspace/node_modules/#grpc/grpc-js/build/src/client.js:175:52)
at Object.onReceiveStatus (/workspace/node_modules/#grpc/grpc-js/build/src/client-interceptors.js:341:141)
at Object.onReceiveStatus (/workspace/node_modules/#grpc/grpc-js/build/src/client-interceptors.js:304:181)
at Http2CallStream.outputStatus (/workspace/node_modules/#grpc/grpc-js/build/src/call-stream.js:116:74)
at Http2CallStream.maybeOutputStatus (/workspace/node_modules/#grpc/grpc-js/build/src/call-stream.js:155:22)
at Http2CallStream.endCall (/workspace/node_modules/#grpc/grpc-js/build/src/call-stream.js:141:18)
at Http2CallStream.cancelWithStatus (/workspace/node_modules/#grpc/grpc-js/build/src/call-stream.js:457:14)
at callStream.filterStack.sendMetadata.then (/workspace/node_modules/#grpc/grpc-js/build/src/channel.js:225:36)
at process._tickCallback (internal/process/next_tick.js:68:7)
Caused by: Error
at WriteBatch.commit (/workspace/node_modules/#google-cloud/firestore/build/src/write-batch.js:415:23)
at DocumentReference.create (/workspace/node_modules/#google-cloud/firestore/build/src/reference.js:283:14)
at CollectionReference.add (/workspace/node_modules/#google-cloud/firestore/build/src/reference.js:2011:28)
at exports.parseProduct.functions.region.https.onRequest (/workspace/index.js:55:56)
at process._tickCallback (internal/process/next_tick.js:68:7)
code: '500',
details:
'Getting metadata from plugin failed with error: Could not refresh access token: Unsuccessful response status code. Request failed with status
metadata: Metadata { internalRepr: Map {}, options: {} },
note:
'Exception occurred in retry method that was not classified as transient'
What am I doing wrong?
For anyone seeing the above error message. It is connected (at least in this case) to permissions of service accounts.
I was adjusting some permissions and deactivated some accounts that I thought I would not need.
Among them was "projectname"#appspot.gserviceaccount.com
Reactivating it solved my problem.
It would be really good, if Google would show more meaningful error messages in such cases!
It seems to be an internal issue rather than maybe something you're doing. Making a quick search I found a very similar issue in GitHub and SO. From those links, I noticed that it was more about a library and I would suggest to reach Firebase Support since they can check the internals of the environment since it is possible some strange magic could be happening behind the scenes.

Error while login into AWS through google in react native

I working on AWS login through google. I'm following this link https://github.com/patw0929/react-native-cognito-login-example but I'm getting problem with AWS. I have added the lib for aws-sdk-react-native-core as in the link But I'm getting error while running the app.
java:45: error: method does not override or implement a method from a supertype
#Override
^
Note: C:\Users\krishna21\Awsslogin\node_modules\aws-sdk-react-native-core\android\src\main\java\com\amazonaws\reactnative\core\BackgroundRunner.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
1 error
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':aws-sdk-react-native-core:compileDebugJavaWithJavac'.
> Compilation failed; see the compiler error output for details.
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
I have added aws-sdk-react-native-core manually.
John,
1. First of all, the library which you are using is old and try using AWS Amplify instead, which is far superior in features and it been tested for security and errors.
2. In AWS Federated Login can be done in 2 ways, one using Cognito User
Pool as well as using Cognito Identity Pool. I hope you are using
Cognito Identity Pool.
3. Please add the Google Client ID in Edit identity pool->Authentication providers->Google+
4. Whitelist the domain which you are hitting in Google Developer
account.
Full documention is here https://itnext.io/google-sign-in-using-aws-amplify-and-amazon-cognito-69cc3bf219ad
https://aws.amazon.com/blogs/mobile/amplify-framework-adds-authentication-features-and-enhancements-for-ios-and-android-mobile-sdks/

'firebase deploy' compilation error in storage.rules

I am trying to deploy the firebase app from here and I am following this tutorial. I would like to deploy my firebase app. However, when I enter
firebase deploy
I get an error. Here are my logs:
egaumbp:web gg$ firebase deploy
=== Deploying to 'friendlychat-6e4c3'...
i deploying database, storage, hosting
i storage: checking rules for compilation errors...
Error: Compilation error in storage.rules:
[E] 3:12 - Unexpected '<'.
egaumbp:web gg$
I am logged in, and I have version 3.0.0 of the firebase toolkit, and I am doing this from a MacBook Pro (Retina, 13-inch, Late 2012), on OSX EL Capitan Version 10.11.2.
Many of the examples in the getting started guide use a convention of <placeholder> where the developer needs to provide some additional information to make the example function. In the first example from Understanding Firebase Storage Security Rules, the following code snippet is presented with the placeholder <your-firebase-storage-bucket>.
service firebase.storage {
match /b/<your-firebase-storage-bucket>/o {
// ... more rules ...
}
}
To fix the Unexpected '<' error in this case, replace the placeholder with friendlychat-6e4c3.appspot.com like so:
service firebase.storage {
match /b/friendlychat-6e4c3.appspot.com/o {
// ... more rules ...
}
}
A detailed overview of the supported syntax and functions is available at Learn to Secure Files. It's a good reference if you encounter more compilation errors.

Categories

Resources