Firebase Error:The photoURL field must be a valid URL - javascript

I am uploading images to firebase storage and would like to save their images as the photoURL in Firebase authentication. However when I go to upload the image URL after using get signed URL I receive the error
Error: The photoURL field must be a valid URL.
I know that the URL is valid as I have checked it from the console out put. I have tried using decodeURI and even gone so far as to look into the source code for the firebase-admin-node tracking all the way down to a file called auth-api-requests.ts which on line 252 checks the URL in a function named validator.isURL(request.photoUrl) this led me to the file where the function is defined validator.ts which defines .isURL() on line 152 in this function checks are performed against a string of forbidden characters. I dont want to tamper with the Firebase source code, but I am unable to find any solution. There should be an easier solution for the return from one google function .getSignedURL() to be used as a parameter in another .updateUser({photoURL:}) especially considering that one can no longer call on firebase.getDownloadURL() from the google cloud functions node. Thank you for any assistance you provide in solving this.
var downloadURL = "";
await admin.storage().bucket("gs://****firebase.appspot.com").file(storageRef).getSignedUrl({"action":"read","expires":Date.now() + 500*365*24*3600000}).then((value) => {
console.log("value after requesting signed URL: " + JSON.stringify(value));
downloadURL = value;
return value;
}).catch((error) => {
console.log("error perfoming signed URL: " + error);
return error;
})
const url = decodeURI(downloadURL)
console.log("\nThe decodeURI url: " + url + "\n");
await admin.auth().updateUser(userID,{photoURL:url}).then((user) => {
console.log("User update ran a success: " + JSON.stringify(user));
return true;
}).catch((error) => {
console.log("An error occured in getting the user: " + error);
return error;
});

It is not a good idea to hard code the users photoURL (which is only populated for federated sign in users) as it may change. In other words, a Twitter user might change their profile photo. firebase.auth() provides you fresh user metadata upon user sign in.
It only adds maintenance overhead to save this type of metadata - there's no need to bother with this.

You should use the Authenticated URL which is definitely a valid URL, instead of the gsutil URI - gs://~
https://storage.cloud.google.com/${PROJECT_ID}.appspot.com/${pathToFile}

Related

How do I fix 'Permission Denied' when I'm downloading a file from Firebase?

My project uses Firebase authentication and storage, and is built using React JS.
I have a file which is in the storage bucket at:
gs://myproject.appspot.com/myfolder/fileId
The download URL with token is:
https://firebasestorage.googleapis.com/v0/b/myproject.appspot.com/o/myfolder%2FfileId?alt=media&token=myToken
I want to be able to download the file in my app, so I have the following function within the Firebase class:
doDownloadFile = (path: string) => {
app
.storage()
.ref()
.child(path)
.getDownloadURL()
.then((url) => {
console.log(url);
})
.catch((error) => {
console.log('Error: ', error);
});
};
(at the moment I'm just getting the URL, not downloading it).
The value of path is the downloadURL as given above (I've checked this by logging it at the top of the doDownloadFile function, and it's being passed in ok).
When I run this code, I get the following error:
Firebase Storage: User does not have permission to access 'https:/firebasestorage.googleapis.com/v0/b/myproject.appspot.com/o/myfolder%2FfileId?alt=media&token=myToken'. (storage/unauthorized)
On Googling I found 2 general solutions to this, but neither have worked for me.
The first is to set the security rules on the storage in the Firebase console. I've set this to:
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth!=null;
}
}
}
The second is to add the user firebase-storage#system.gserviceaccount.com as Storage Admin in the GCP console. This has been done.
Neither of these has made any difference, though. I still get the same error.
Where am I going wrong?

user.emailVerified does not change to 'true' in response to sendEmailVerification link (firebase auth)

someone please help, what am I missing? I send verification email (using firebase sendEmailVerification) succesfully and when I click on the link on the email it does not work, so i end up copying the link and paste in on the browser and hit enter. that way I'm able to get back to my web app and the continue URL does work. This just does not change user.emaiVerified to true.
const user = firebase.auth().currentUser
if(user) {
user.sendEmailVerification(actionCodeSettings)
.then( () => {
console.log("UnpSignUpForm: Verification email sent SUCCESSFULLY");
})
.catch( (error) => {
console.log('UnpSignUpForm: Verification email sending error: ', error)
});
} else {
console.log('no user')
}
I tried using user.reload() in onAuthStateChanged (see below) but I still cannot get user.emailVerified changed to "true".
firebase.auth().onAuthStateChanged( user => {
// console.log('onAuthStateChanged user', user)
if (user) {
console.log('onAuthStateChanged: user is signed IN')
console.log('onAuthStateChanged user', user)
user.reload()
console.log(`user ${user.email} reloaded`)
// User is signed in.
if(user.emailVerified) {
console.log('onAuthStateChanged:email Verified', user.emailVerified)
} else {
console.log('onAuthStateChanged:email NOT Verified', user.emailVerified)
}
} else {
console.log('onAuthStateChanged: onAuthStateChanged: user is signed OUT')
}
});
After the user clicks the link, emailVerified is not automatically updated. It will be updated when the user is reloaded, eg. user.reload().
In addition, the email_verified field in the token claims will be either updated when the token is naturally refreshed after expiration or if you force token refresh after the user email is verified, eg. user.getIdToken(true).
I hope you found out what might have been the problem. I just figured it out. I'm using React.
When you got the email to verify your password, you will have noticed the link looked something like this:
https://yourappname.firebaseapp.com/__/auth/action?mode=verifyEmail&oobCode=p-s8GYqQN9AxuwyVFc7FDe3R3d4O-SIf_6_H4vRMiZtcAAAF3RIT1CA&apiKey=llllllllRLl2LsK842iT9797yHciGBtTuuVVKzs&lang=en
If you inspect the URL, you'll notice 4 parameters:
mode
oobCode
apiKey
lang
When you click on the link, you'll be forwarded to the url you set in your firebase console.
When you access the url in the verification email, you'll need to find a way to parse the query parameters. There's a nice npm package for this called query string which does all the dirty work for you. It also has easy-to-read documentation and I found it easy to implement on React.
Once I parsed the oobCode from the url parameters, I used it as an argument for the following method:
firebase.auth().applyActionCode(<add the oobCode here>)
.then(() => {
// handle success here
}).catch(err => {
//handle failure here
});
For React, I executed the above code in a useEffect hook (for when the page mounts). I can imagine there are similar types of features on Vue and Angular.
As correctly stated above, you can access the new emailVerified property using:
firebase.auth().currentUser.reload().then(() => {
console.log(firebase.auth().currentUser.emailVerified) // should now be 'true'
})

How to create Microsoft Account Sign-in to my website, similar to Google?

I'm working on a web project (HTML, CSS, JavaScript, with back-end in PHP). I've successfully got a Google Sign-in working, using their simple API, but can't get the Microsoft equivalent to function. The official online solutions to this seem to rely on .NET or PHP Composer. I'll try composer if that's the only way but a pure JS/PHP method would be easiest.
I've tried to use the following:
https://github.com/microsoftgraph/msgraph-sdk-javascript
https://github.com/AzureAD/microsoft-authentication-library-for-js
The code below is the closest I've come to a working solution. I can get some kind of user ID (which appears to be unique and constant for each user). This might be enough to set up the login system I want, but it would be ideal if I could also fetch their name and profile picture.
<script class="pre">
var userAgentApplication = new Msal.UserAgentApplication("MY CLIENT ID", null, function (errorDes, token, error, tokenType) {
// this callback is called after loginRedirect OR acquireTokenRedirect (not used for loginPopup/aquireTokenPopup)
})
userAgentApplication.loginPopup(["user.read"]).then(function (token) {
var user = userAgentApplication.getUser(); //this is good
//user.userIdentifier seems to be a unique ID
//I will store this and use it for future verification
console.log(user);
//START
// get an access token
userAgentApplication.acquireTokenSilent(["user.read"]).then(function (token) {
console.log("ATS promise resolved");
}, function (error) {
console.log(error);
// interaction required
if (error.indexOf("interaction_required") != -1) {
userAgentApplication.acquireTokenPopup(["user.read"]).then(function (token) {
// success
console.log("s2");
}, function (error) {
console.log("e2");
// error
});
}
});
//END
// signin successful
}, function (error) {
console.log(error);
// handle error
});
</script>
(this code won't run as I've pasted it because it relies on the MSAL script from the second github link, and needs an application client ID)
After getting the access token with scope user.read , you could call microsoft graph api to get sign-in user's profile information such as displayName , businessPhones :
https://graph.microsoft.com/v1.0/me
Content-Type:application/json
Authorization:Bearer {token}
To get user's profile photo :
GET https://graph.microsoft.com/v1.0/me/photo/$value
In addition , if you are using Microsoft Graph JavaScript Client Library in first link , you could get user's displayName and profile photo by :
client
.api('/me')
.select("displayName")
.get((err, res) => {
if (err) {
console.log(err);
return;
}
console.log(res);
});
// Example of downloading the user's profile photo and displaying it in an img tag
client
.api('/me/photo/$value')
.responseType('blob')
.get((err, res, rawResponse) => {
if (err) throw err;
const url = window.URL;
const blobUrl = url.createObjectURL(rawResponse.xhr.response);
document.getElementById("profileImg").setAttribute("src", blobUrl);
});
Please refer to code sample here .

How to send Facebook authentication details to Firebase using a Cordova plugin & Firebase template

Sorry this question is kind of long, it's because I've been trying to solve this problem for a while and want to make sure I don't leave any info out. I'm building a Cordova app and using Firebase for the authentication/database back end. I've been trying to authenticate users into Firebase using a Log in with Facebook button for almost a week now, but I haven't been able to get it to work.
Originally I tried following Firebase's example here: https://firebase.google.com/docs/auth/web/facebook-login (I need to use the "Advanced: Handle the sign in flow manually" as it is a Cordova Android & iOS app), this example didn't work for me as the link to Facebook's SDK script (//connect.facebook.net/en_US/sdk.js) kept throwing the error:
file://connect.facebook.net/en_US/sdk.js Failed to load resource: net::ERR_FILE_NOT_FOUND
I tried to fix this error in several ways, such as:
Changing it to https://connect.facebook.net/en_US/sdk.js (this resulted in the error: Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings. )
Added the links in question to the list of "Valid OAuth redirect URIs" and domains in the Facebook app settings
Storing the file in my local file system (and locally inside the app on my phone)
Including the entire SDK inside the head of my index.html file
None of these attempts worked. So instead I decided to use the plugin cordova-plugin-facebook from here: https://github.com/bisrael/cordova-plugin-facebook
This is the code I'm using to get the user's information from Facebook with the plugin:
function logInWithFacebook(){
CordovaFacebook.login({
onSuccess: function(result) {
console.log(result);
console.log(result.authToken);
// Store or send the user auth/access key here?
// Get user's name
retrieveUserDetails();
if(result.declined.length > 0) {
alert("The User declined something!");
}
},
onFailure: function(result) {
if(result.cancelled) {
alert("The user doesn't like my app");
} else if(result.error) {
alert("There was an error:" + result.errorLocalized);
}
}
});
}
function retrieveUserDetails(){
// Now that the user has authroised the app, make request to CordovaFacebook plugin to get user's name
CordovaFacebook.graphRequest({
path: '/me',
params: { fields: 'name' },
onSuccess: function (userData) {
console.log(userData);
console.log(userData.name);
// Here somehow send the retrieved username and send it to the Firebase function so that it's linked with the auth key.
},
onFailure: function (result) {
if (result.error) {
Error.log('error', 'There was an error in graph request:' + result.errorLocalized);
}
}
});
}
I'm now able to click on a log in button and log in successfully through Facebook. That process is returning a user auth/access key and the user's name from Facebook.
As I understand it, the manual log in flow example in Firebase's docs (https://firebase.google.com/docs/auth/web/facebook-login) takes the key returned from Facebook, converts it into a Firebase key, and then enters the user's newly created Firebase key and their username into Firebase's servers.
This seems pretty straight forward in the following sample code:
function checkLoginState(event) {
if (event.authResponse) {
// User is signed-in Facebook.
var unsubscribe = firebase.auth().onAuthStateChanged(function(firebaseUser) {
unsubscribe();
// Check if we are already signed-in Firebase with the correct user.
if (!isUserEqual(event.authResponse, firebaseUser)) {
// Build Firebase credential with the Facebook auth token.
var credential = firebase.auth.FacebookAuthProvider.credential(
event.authResponse.accessToken);
// Sign in with the credential from the Facebook user.
firebase.auth().signInWithCredential(credential).catch(function(error) {
// Handle Errors here.
var errorCode = error.code;
var errorMessage = error.message;
// The email of the user's account used.
var email = error.email;
// The firebase.auth.AuthCredential type that was used.
var credential = error.credential;
// ...
});
} else {
// User is already signed-in Firebase with the correct user.
}
});
} else {
// User is signed-out of Facebook.
firebase.auth().signOut();
}
}
function isUserEqual(facebookAuthResponse, firebaseUser) {
if (firebaseUser) {
var providerData = firebaseUser.providerData;
for (var i = 0; i < providerData.length; i++) {
if (providerData[i].providerId === firebase.auth.FacebookAuthProvider.PROVIDER_ID &&
providerData[i].uid === facebookAuthResponse.userID) {
// We don't need to re-auth the Firebase connection.
return true;
}
}
}
return false;
}
FB.Event.subscribe('auth.authResponseChange', checkLoginState);
My question is, how can I send the auth key and username returned from the Cordova plugin code, to Firebase's example code so that it works smoothly?
Firebase's example code includes this listener which listens for any change in the Facebook authorization status: FB.Event.subscribe('auth.authResponseChange', checkLoginState); but as this uses Facebook's SDK it won't work with my current set up.
I'm using the following Firebase chat app as a template to work from: https://gist.github.com/puf/8f67d3376d80ed2d02670d20bfc4ec7d as you can see it has a Login with Facebook button, but no code for handling the process, I'm trying to apply parts of the manual log in flow example in Firebase's docs (https://firebase.google.com/docs/auth/web/facebook-login) with data returned from the cordova-plugin-facebook queries, and integrate both with Firebase's chat app template.
I'm really at a loss as to what to do next, I've tried everything I can think of. Any help in solving this problem would be really, really appreciated.
Thank you in advance!
UPDATE
Questions and answers:
How does it work at the moment?
Right now I have a "Facebook Login" button - when this is clicked it runs logInWithFacebook(). This function uses the CordovaFacebook plugin, it also runs the function retrieveUserDetails() after the user signs in with Facebook. retrieveUserDetails() gets some user info from Facebook which I hope to then insert into my Firebase database.
logInWithFacebook() works correctly (it opens up a Facebook login page, and when the user logs in, I'm able to console.log the user's Facebook ID, and the Facebook access Token.
retrieveUserDetails() also works correctly (I'm able to console.log the user's name taken from Facebook).
How do you want it to work?
I'm happy with how the first half of the process is working (the logging in with Facebook and retrieving user details is working correctly). However I want this log in to trigger Firebase's auth state change listener, so that Firebase detects and confirms that the user has logged in:
firebase.auth().onAuthStateChanged(function(user) {
if (user) {
console.log("User is signed in.");
} else {
console.log("User is not signed in.");
}
});
What is not working the way you want?
The first half of the process is working correctly, but I'm lost when it comes to what to do with the accessToken returned from Facebook. From reading the docs I think that Firebase is supposed to convert this token into a Firebase access token, and then that is used to log the user into Firebase (this would also trigger the above AuthStateChanged function). From there I want to be able to insert any data I've retrieved from Facebook (the user's name etc) into my Firebase database. But the main problem is getting the Facebook accessToken converted into a Firebase login (the second block of code in my original question is where I'm trying to perform the conversion/sign into Firebase).
Because I'm using Cordova, this method (logging into Facebook with a plugin and then handling the conversion of the accessToken) seems to be the only way to log in with Facebook. But I'm totally lost on how to complete the second half.
UPDATE 2
I've trimmed parts from the sample convert-Facebook-token-to-Firebase-token code from the docs so that the Facebook SDK isn't required. And it appears to be working. This is the code after cutting away the SDK related parts:
// First, define the Facebook accessToken:
var FBaccessToken = result.accessToken;
// Build Firebase credential with the Facebook auth token.
var credential = firebase.auth.FacebookAuthProvider.credential(
FBaccessToken);
// Sign in with the credential from the Facebook user.
firebase.auth().signInWithCredential(credential).then(function(user){
console.log("It looks like we signed into Firebase with the Facebook token correctly.");
}, function(error) {
console.log("Something went wrong, user isn't signed into Firebase with the FB token.");
// Handle Errors here.
var errorCode = error.code;
var errorMessage = error.message;
// The email of the user's account used.
var email = error.email;
// The firebase.auth.AuthCredential type that was used.
var credential = error.credential;
// ...
});
I still need to add the user's email from Facebook and try to send that while logging into Firebase too - so that I'll have some identifier for the user in the Firebase console, but this is a good start.
2nd UPDATE
The below code successfully gets user data from Facebook after the user authorizes the app:
CordovaFacebook.graphRequest({
path: '/me',
params: { fields: 'first_name,last_name,email,locale,gender,age_range,picture.width(200).height(200)' },
onSuccess: function (userData) {
console.log(userData)
var first_name = userData.first_name;
var last_name = userData.last_name;
var email = userData.email;
var locale = userData.locale;
var gender = userData.gender;
var min_age = userData.age_range.min;
var profile_picture = userData.picture.data.url;
// Enter user details into the Firebase database:
firebase.database().ref('users/' + uid).set({
first_name: first_name,
last_name: last_name,
email: email,
locale: locale,
gender: gender,
min_age: min_age,
profile_picture : profile_picture
});
console.log("Facebook user data should now be in the database!");
},
onFailure: function (result) {
if (result.error) {
Error.log('error', 'There was an error in graph request:' + result.errorLocalized);
}
}
});
(Just an answer to the last update, as you figured out the rest :))
How to get user email from CordovaFacebook.login()
Looking at the CordovaFacebook documentation you can add a permissions property on the object passed to the login method.
According to the Facebook API documentation the permission name for email is just "email".
I haven't tested, but I think this should work:
CordovaFacebook.login({
permissions: [ 'email' ],
onSuccess: function(result) {
console.log('email:', result.email);
...
},
onFailure: function(result) {
...
}
});

Parse.com CloudCode add user to existing role not working

Here is the Parse javascript cloud code I am trying to use. As a new _User is created I want to add them to my 'Client' Role.
Parse.Cloud.afterSave(Parse.User, function(request) {
Parse.Cloud.useMasterKey();
query = new Parse.Query(Parse.Role);
query.equalTo("name", "Client");
query.first ({
success: function(role) {
role.getUsers().add(request.user);
role.save();
},
error: function(error) {
throw "Got an error " + error.code + " : " + error.message;
}
});
});
This is taking code directly from Parse.com's Role example. The code runs happily when a new _User is saved, returning Result: Success, but when I check the "users" tied to that Role in the Data Browser, nothing has happened.
I have also tried substituting role.getUsers().add(request.user); for role.relation("users").add(request.user); as per an example on Parse.com's old forum, but no difference. This seems like it should be really straight forward, so I'm not sure what I'm doing wrong.
(I have manually used the REST API, using curl, to add _Users to the Client Role, and this does work, so I know it should work.)
Turns out you need to use request.object instead of request.user. Now it works!

Categories