firebase-tools Upgrade from firebase-js-sdk 9.9.1 to 9.9.4 starts to give "Missing or insufficient permissions" on non-modular firestore reads in emulator

[REQUIRED] Describe your environment

Operating System version: windows 11
Browser version: chrome 105
Firebase SDK version: firebase-js-sdk 9.9.1 => 9.9.4+ firebase-tools 11.X.0
Firebase Product: firestore

[REQUIRED] Describe the problem

When upgrading from firebase-js-sdk 9.9.1 to 9.9.4 we starts to have "Missing or insufficient permissions" on on non-modular firestore reads in emulator. Downgrading back to 9.9.1 solves it.

Sep 06 '22 16:09 LanderBeeuwsaert

Hi @LanderBeeuwsaert, thank you for filing this issue! Is this issue only when using the emulator, or do you also encounter this when running against production?

Sep 12 '22 23:09 rosalyntan

Hi @rosalyntan , it's only on the emulator. The exact same code & rules works if I run it (locally) against a real firebase environment. The code and rules have not changed meaningfully in regards to authentication for quite some time. So I would think it's a new bug in the emulator.

Sep 13 '22 08:09 LanderBeeuwsaert

Thanks for the information! Based on this, I've transferred this issue to the firebase/firebase-tools repo.

Sep 13 '22 20:09 rosalyntan

What operations are failing with "Missing or insufficient permissions"? Is it Firestore, or other services depend on Auth?

If possible, could you please create a minimal repro with some code snippets showing how authentication and other API calls are done?

Sep 19 '22 21:09 yuchenshi

Hi @yuchenshi , seems we found the culprit. Moving from "old non-modular" angularFire code: to newer angularFire code

solved it. So IMO it seems to be a bug there? We have it on all get/subscription queries that make use of non-modular AngularFire/Firebase, even if we change the rules to allow all reads/writes/deletes

Sep 27 '22 12:09 LanderBeeuwsaert

Hi LanderBeeuwsaert,

What version of AngularFire are you using in this example?

Oct 03 '22 22:10 christhompsongoogle

7.4.0 ; the latest one

Oct 03 '22 22:10 LanderBeeuwsaert

S.O. question that could be related: https://stackoverflow.com/questions/73928476/firebaseerror-missing-or-insufficient-permissions-using-default-firestore-rules

Oct 04 '22 00:10 christhompsongoogle

I believe I am running into the same issue for my project. I am using Auth (using signInCustomToken) for users. I have a valid auth and tried to send a read and write to firestore. Bot hattempts returned with a Missing or insufficient permissions even though the firestore rules are read/write if true for all documents

match /{document=**} {
    allow read, write: if true; 
}

Here are the version of firebase I am using:

// package.json
{
  "name": "functions",
  "scripts": {
    "lint": "eslint --ext .js,.ts .",
    "build": "tsc",
    "build:watch": "tsc --watch",
    "serve": "npm run build && firebase emulators:start --only functions",
    "serve-all": "npm run build && firebase emulators:start",
    "shell": "npm run build && firebase functions:shell",
    "start": "npm run shell",
    "deploy": "firebase deploy --only functions",
    "logs": "firebase functions:log"
  },
  "engines": {
    "node": "16"
  },
  "main": "lib/index.js",
  "dependencies": {
    "@metamask/eth-sig-util": "^4.0.0",
    "firebase-admin": "^10.0.2",
    "firebase-functions": "^3.18.0"
  },
  "devDependencies": {
    "@typescript-eslint/eslint-plugin": "^5.12.0",
    "@typescript-eslint/parser": "^5.12.0",
    "eslint": "^8.9.0",
    "eslint-config-google": "^0.14.0",
    "eslint-plugin-import": "^2.25.4",
    "firebase-functions-test": "^0.2.0",
    "typescript": "^4.5.4"
  },
  "private": true
}

// File to setup firebase services (app, auth, and firestore)
// firebase.js 
const app = initializeApp({
  apiKey: process.env.REACT_APP_API_KEY,
  authDomain: process.env.REACT_APP_AUTH_DOMAIN,
  projectId: process.env.REACT_APP_PROJECT_ID,
  storageBucket: process.env.REACT_APP_STORAGE_BUCKET,
  messagingSenderId: process.env.REACT_APP_MESSAGING_SENDER_ID,
  appId: process.env.REACT_APP_APP_ID,
  measurementId: process.env.REACT_APP_MEASUREMENT_ID,
});

// Initialize Firebase
const auth = getAuth(app);
connectAuthEmulator(auth, "http://localhost:9099");
import React, { useRef } from "react";
import { collection, getDocs, addDoc, Timestamp } from "firebase/firestore";
import { db } from "../services/Firebase";

// Send request.js
// imports
import Firebase 
 const handleProposalSubmit = async (event) => {
    event.preventDefault();
    var data = {
      author: getCurrentUser().uid,
      timestamp: Timestamp.now(),
      tokenid: tokenid,
      type: "frenbio",
      description: referenceDescriptionTextArea.current.value,
    };

    console.log("Storing: " + data);
    getDocs(proposalsCollectionReference).then(
      (snapshot) => {
        console.log(snapshot.docs);
      },
      (err) => {
        console.log(err);
      }
    );
    console.log("Reading:");
    addDoc(proposalsCollectionReference, data).then(
      (docRef) => {
        console.log(docRef.id); //p4eZcO5QV43IYnigxALJ
        showProposalWindow(false);
      },
      (err) => {
        console.log(err);
      }
    );
  };

Oct 04 '22 02:10 advra

Hello are there any updates to this?

Oct 07 '22 08:10 advra

Hi @christhompsongoogle @jhuleatt Would it be possible to give an update on this issue? It keeps blocking us from upgrading to newer versions.

Nov 11 '22 12:11 LanderBeeuwsaert

James is the expert here, I'll defer to him on this issue

Nov 11 '22 23:11 christhompsongoogle

Hi @jamesdaniels , would it be possible to have a look at this? This still happens even with firebase 9.14.0 and angularFire 7.5.0.

Dec 03 '22 13:12 LanderBeeuwsaert

ah found it, for unknown reason, when updating to 9.9.4 and using both modular and compat library, it's necessary to have both the "newer/modular" override for firestore emulator and the "older" override. So adding this back: in app module fixed it.

Dec 03 '22 16:12 LanderBeeuwsaert