NativeFirebaseError: [storage/unauthorized] User is not authorized to perform the desired action

Question

I'm having problems uploading an image to Firebase Storage. I'm using React Native's @react-native-firebase/storage and the installation and connectivity seem to be fine because I'm able to reference images just fine:

const ref = firebase.storage().ref('myImage.png');

The problem is definitely permissions based because when I temporarily remove:

: if request.auth != null

from Firebase console Storage Rules:

rules_version = '2';
service firebase.storage {
  match /b/{bucket}/o {
    match /{allPaths=**} {
      allow read, write: if request.auth != null;
    }
  }
}

This worked just fine:

firebase.storage()
    .ref('images/test.jpg')
    .putFile(myImage[0].path)
    .then((successCb) => {
        console.log('successCb');
        console.log(successCb);
    })
    .catch((failureCb) => {
        console.log('failureCb');
        console.log(failureCb);
    });

So how do I authenticate to use putFile securely?

EDIT: I'm using "@react-native-firebase/storage": "^6.2.0"

Thanks in advance!

Answer 1

I was getting the same error and I resolved it using below solution.

Before:

  match /b/{bucket}/o {
    match /users/{userId}/videos/{videoId} {
      allow read, write: if request.auth != null && request.auth.uid == userId;
    }
  }
}

initially I was uploading videos only so there was only security rules for videos only but later I wanted to upload images as well. So you just need to change few lines in firebase storage security rules.

After:

  match /b/{bucket}/o {
    match /users/{userId}/videos/{videoId} {
      allow read, write: if request.auth != null && request.auth.uid == userId;
    }
    match /users/{userId}/images/{imageId} {
      allow read, write: if request.auth != null && request.auth.uid == userId;
    }
  }
}

I hope it will be helpful. Let me know If you need more help from me.

Thank you!!!

Answer 2

I'm new in coding, but i face same problem. In my Situation, It did not work with Ananymous SignIn. I had to change the Directory location to make it work.

Original Rule:

rules_version = '2';
service firebase.storage {
  match /b/{bucket}/o {  => Change here
    match /{allPaths=**} {
      allow read, write: if request.auth != null;
    }
  }
}

Change to:

rules_version = '2';
service firebase.storage {
  match /b/Your_APP_Name.appspot.com/o {
    match /{allPaths=**} {
      allow read, write: if request.auth != null;
    }
  }
}

Answer 3

we can over come this in two ways. either we need to authenticate the user while uploading the files to the database. or if it is only for the testing purpose i recommend to go to storage in firebase and click on rules and change "allow read, write: if request.auth != null" to "allow read, write: if request.auth == null". i recommend to autheticate the user for safe and secure files.

I hope your problem solved.

Answer 4

Edit Firebase storage rules to allow uploads without the need of installing @react-native-firebase/auth.

1. Navigate to Firebase console
2. In Sidebar under Develop open Storage
3. Open Rules tab
4. replace below rule

rules_version = '2';
service firebase.storage {
  match /b/{bucket}/o {
    match /{allPaths=**} {
      allow read, write
    }
  }
}

5. And Publish

Done

Answer 5

That's it Frank!

I wrongly thought of the app as a user that was already authenticated through the GoogleService-Info.plist file and not that the user of the app needs to be authenticated.

My steps to fix:

1. install @react-native-firebase/auth

2. go into the Authentication section of your firebase console and Enabling the Anonymous Signin method

3. call firebase.auth().signInAnonymously() in componentDidMount()

   And...finally able submit the putFile to storage successfully!

Big thanks @FrankvanPuffelen !!