The goal for this exercise is to add authentication and authorization to the People app.
Create a new component App that calls useAuthState, and, if the user is not signed in, includes a new component, SignIn, in App that has a button to sign in via Google.
If the user is signed in, display their email address.
Test to ensure that the SignIn component is displayed, and that when the user signs in via Google, they are signed in and their email address is displayed.
Hint:
import { useAuthState } from 'react-firebase-hooks/auth';
Test to ensure it works.
Modify the App component to display either:
Test to ensure signing up works.
Hint:
import { useCreateUserWithEmailAndPassword } from 'react-firebase-hooks/auth';
Test to ensure signing in by email works.
Hint:
import { useSignInWithEmailAndPassword } from 'react-firebase-hooks/auth';
Test to verifying email works.
Hint: user.sendEmailVerification() will send an email.
Here are the rules for the database we're using:
rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { function signedIn() { return request.auth.uid != null; } function isDocOwner() { return request.auth.uid == resource.data.owner; } function updatedDocHasCorrectOwner() { return request.auth.uid == request.resource.data.owner; } function updatedDocHasSameOwner() { return resource.data.owner == request.resource.data.owner; } function updatedDocHasSameSharing() { return resource.data.sharedWith == request.resource.data.sharedWith; } function isSharedWithMe() { return request.auth.token.email in resource.data.sharedWith; } match /People-NoAuthenticationNeeded/{person} { allow read, write: if request.time >u timestamp.date(2022, 6, 1); } match /People-AuthenticationRequired/{person} { allow read: if signedIn() && isDocOwner(); allow create: if signedIn() && updatedDocHasCorrectOwner(); allow update: if signedIn() && isDocOwner() && updatedDocHasCorrectOwner(); allow delete: if signedIn() && isDocOwner(); } match /People-SharingAllowed/{person} { allow read: if signedIn() && isSharedWithMe(); allow create: if signedIn() && updatedDocHasCorrectOwner(); allow update: if signedIn() && isSharedWithMe() && updatedDocHasSameOwner() && updateDocHasSameSharing(); allow delete: if signedIn() && isDocOwner(); } } }Note that the People-NoAuthenticationNeeded collection has very lax rules.
Try the app.
Why do you get a Missing or insufficient permissions error?
Verify that there is no error when you display the empty list of people.
Why do you get a Missing or insufficient permissions error (check the console)?
Verify that there is no error when you create a new person.
What part of the Firestore rules prevents your client from editing data not created by your app?
If that rule weren't there, how could your client modify some other user's data?
What part of the Firestore rules prevents your client from deleting data not created by your app?
If that rule weren't there, how could your client delete some other user's data?
Hints:
What's in the array?