Search
Search

How to limit (Flutter) string min/max length with security rules in Firebase

Carleton Y Published at Dev
12
Carleton Y

I'm using Firestore Database and I'm now trying to add security rules after building many of the pages without security rules. That was definitely a huge mistake. I have reviewed a lot of the documentation and watched a bunch of the Firebase security rules videos which are all clear but as a beginner I still need guidance. I have also reviewed SO threads which have helped get me to this point.

My goal is to have client side validation and server side validation that requires a minimum of 3 characters and allows a maximum of 20 characters when a user creates a new account and adds their userName. And the same rules should apply when they update their userName. Here is an image of the database.

enter image description here

My security rules are:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /users/{uid} {
    allow read, write, update: if request.auth != null
    && request.auth.uid == userId
    && resource.data.username.length >= 3
    && resource.data.username.length <= 30
    && resource.data.undername is string;
    }

In the Rules Playground I get an error message:

Error running simulation — Error: simulator.rules line [10], column [28]. Null value error.

And in the console I get a similar error message:

Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}

I can't figure out where I am going wrong with my rules code. Any help would be greatly appreciated. Thanks

Dharmaraj

You must be checking request.resource.data which contains incoming data and not resource.data which holds existing data from the document. Also try using size() instead of .length to check string length:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /users/{uid} {
      allow read, write, update: if request.auth != null
        && request.auth.uid == userId
        && request.resource.data.username.size() >= 3
        && request.resource.data.username.size() <= 30
        && request.resource.data.undername is string;
    }
  }
}

For example, if current value of username is 'Jim' in the document and you are trying to update it to 'James', value of resource.data.username.size() would be 3 (length of existing name) and request.resource.data.username.size() would be 5 (length of new name). It's length of the new name that you are supposed to measure so you need to use request.resource.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

Basic security rules with Firebase

How to validate this data structure with Firebase security rules?

How to limit a string length

Firebase security rules with wildcards

Firebase Security Rules for Storage

How to limit string output length in php DOM

Flutter - How to limit text length

How to debug Firestore security rules in Flutter

Firebase security rules like this?

flutter app - firebase public access security rules

How to limit in Cloud Firestore security rules

How can I limit the string builder length

Firebase Security Rules

AWS Security Group Rules Limit

Firebase security and rules

Security rules based on time limit in Firebase

firebase - security rules REST

Firebase security rules not working

How to increase Security Group Rules Limit for an EC2 (AWS)

how to set firebase cloud firestore security rules with firebase authentication

Firebase (Firestore) security rules, limit access to object for specific users

Firebase security rules confusion

Firebase security rules for Firebase events

How can I limit the geofire quarry's range with security rules?

Firebase, Security Rules, how to check a item of array String size

Firestore, Security Rules, how to limit a size of array of map field content

Importance of security rules in firebase

How to add firebase security rules for Flutter collection that hasn't been created yet

Firebase RTDB Security Rules limit overall size of user data?

TOP Ranking

  1. 1

    pump.io port in URL

  2. 2

    How to import an asset in swift using Bundle.main.path() in a react-native native module

  3. 3

    Failed to listen on localhost:8000 (reason: Cannot assign requested address)

  4. 4

    Inner Loop design for webscrapping

  5. 5

    Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

  6. 6

    mysql.connector.errors.InterfaceError: 2003: Can't connect to MySQL server on '127.0.0.1:3306' (111 Connection refused)

  7. 7

    Removed zsh, but forgot to change shell back to bash, and now Ubuntu crashes (wsl)

  8. 8

    ggplotly no applicable method for 'plotly_build' applied to an object of class "NULL" if statements

  9. 9

    How to run blender on webserver?

  10. 10

    Resetting Value of <input type="time"> in Firefox

  11. 11

    Converting a class method to a property with a backing field

  12. 12

    Ambiguous use of 'init' with CFStringTransform and Swift 3

  13. 13

    Execute ./script.sh with a crontab

  14. 14

    How to set tab order for array of cluster,where cluster elements have different data types in LabVIEW?

  15. 15

    How to pass data to the ng2-bs3-modal?

  16. 16

    Retrieve Element Tag Value XML Using Bash

  17. 17

    Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

  18. 18

    SQL Server : need add a dot before two last character

  19. 19

    Making Array From Page Elements in jQuery

  20. 20

    Laravel's ORM sync with timestamps doesn't update timestamps

  21. 21

    Do animations stop css changes after animation completion?

HotTag

Archive