CODEWITHSUNDEEP
firebasegoogle-cloud-firestorefirebase-authenticationfirebase-security
Adar Wallerstein
Adar Wallerstein

Reputation: 119

How to check if doc exist in a collection as unauthenticated user, when only authenticated users can read the document

I have a collection of users, each doc's id is the user's email. when user login, I want to check if there is a document in the users collection that already contains this email as the document id (if the user is really registered).

I use firebase firestore and I have security rules that only allow authenticated users to read the document's data.

my rule for that collection read:

match /collection/{docId} {
      allow read: if request.auth != null;
      ...
    }

the code in the logging in page:

firebase.firestore().collection('collection').doc('docId').get()
        .then(doc => {
            if (doc.exists) {
                firebase.auth().signInWithEmailAndPassword(email, password);
            }
            else {
                this.setState({ error: 'user does not exist' });
            }
        })
        .catch(() => this.setState({ error: 'you don't have permission' }));
    }

When I run this check I get the error 'you don't have permission' but when I change the rules for allow read: if true it works just fine. All I want is to check that the document exists.

Upvotes: 0

Views: 184

Answers (1)

Doug Stevenson
Doug Stevenson

Reputation: 317392

There is no special permission for checking the existence of a document. A client must be able to fully read the document entirely in order to check if it exists, so security rules will not help you with this.

What you can do instead is make a separate collection with only the data that unauthenticated users should be able to access, and copy just the minimal amount of data into those documents for your feature to work correctly. Your rules can then allow full access to this other collection.

Upvotes: 2

Related Questions