angular-firebase | LMS system using Angular Material and Firebase | Authentication library
kandi X-RAY | angular-firebase Summary
kandi X-RAY | angular-firebase Summary
LMS system using Angular Material and Firebase
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of angular-firebase
angular-firebase Key Features
angular-firebase Examples and Code Snippets
Community Discussions
Trending Discussions on angular-firebase
QUESTION
I am creating some kind of quiz where I ask the user questions, which she needs to answer and if all are answered correctly, I want to display a success-message with instructions for where to get a reward.
My application is an Angular-Firebase-Application (Progressive Web App, PWA) and entirely writtein in TypeScript. Serverside is a Firebase-Hosted Web-App with FireStore Database.
Because "clients are evil", I don't want to simultaneously download the correct answers (and the success message) to the client and check the validity of the user's answers on the client - I'd rather send the user's answers to the server, which checks them and only if right, sends back the success-message.
How is this accomplished in firebase?
Sidenote: My users are not logged-in in any form and are therefore completely anonymous.
...ANSWER
Answered 2021-Aug-30 at 14:07If you're using one of Firebase's databases (Realtime Database or Firestore) to store the answers, you can use security rules to protect access to the data on the server. If the answers are write-in (as opposed to multiple choice), you can then combine those two to implement the use-case.
An example of the data structure in Realtime Database could be:
QUESTION
Recently i started with a Twitter Integration.
The callback is working as it should.
but when i press the Authorize App i keep receiving this error.
unable to process request due to missing initial state. this may happen if browser sessionstorage is inaccesible or accidentally cleared
This is the function where i call the twitter_login.
...ANSWER
Answered 2021-Jan-11 at 00:01After some hours trying to figure out the problem, i found that the issue was on the AndroidManifest.xml
Basically on the intent-filter, the scheme was missing, and i need to remove the https from the host and the function call. After that it work :)
QUESTION
I read that since Angular is client based it can't be trusted alone for securing routes, etc. However, I could not find a way to hack it.
Can anyone explain in detail how one might edit the local js files to bypass route guard (or whatever method is used)? How about Firebase Auth, can someone trick Angular into thinking you are another logged in user?
I have example site that uses both. Source code is at this GitHub repo and it's hosted via Firebase at this: URL.
I added some secret messages (obviously not shown in GitHub repo) in the main-page component which is protected by Guard that uses FirebaseUI auth to authenticate users. They will be shown as these statements:
- "Secret message if broke Angular Guard: <secret-msg>"
- This one shows for anyone that can view the component html
- "Secret message if broke Firebase Auth: <secret-msg>"
- This one shows for anyone that can impersonate being logged in as 'admin@nowhere.com'
Can someone see those or explain how hacker might do it? I hope it's clear this post is not trying to encourage hacking, but simply to understand the security model behind Angular & Firebase Auth utilization (I know OAuth itself is secure, but not sure if how I'm using it in the auth.service.ts is).
...ANSWER
Answered 2020-Dec-17 at 23:39Secret message if broke Angular Guard: 8ef80ecb-7439-4cc3-8263-89afcd012d1c
Secret message if broke Firebase Auth: f380cb1a-aaec-4898-81fb-98aff2863765
Is this what you were expecting?
So there's no hacking involved here. I can just open developer tools in my browser and look at the minified js code. The Idea of front-end security is never send anything to the front-end that you don't want users to see. Auth guard is really just a way to stop nosy users from seeing parts of your UI they don't have the role/privilege to see. It's not going to stop you from downloading the javascript and poking around inside the code.
As far as impersonating another user you have (wisely) handed off your authentication to third party providers. Unless I can get hold of someone else's account credentials or access the authentication tokens from their browser you are pretty safe.
What I would do if I was a hacker (which I'm not) is poke around in the code to find back-end interface calls and see if any of them were unsecured or available to a bogus user I have signed up as. I could do that by calling them directly (bypassing your UI) and messing with the input parameters. This is where a lot of leaked information comes from, misconfigured security on backend resources or badly designed APIs.
QUESTION
I'm trying to setup Angular (v11) app with FirebaseUI auth via different providers, following steps provided here.
The only one that works for me is Google. Others I'm trying all give various errors:
- Twitter: "Callback URL not approved for this client application. Approved callback URLs can be adjusted in your application settings"
- GitHub: "Unable to process request due to missing initial state. This may happen if browser sessionStorage is inaccessible or accidentally cleared"
- Microsoft: "The provided value for the input parameter 'redirect_uri' is not valid"
However, I followed the steps & configured API keys & callback URL in the respective platforms per Firebase instructions (using the callback Firebase shows when you enable each sign-in method). The only one not so sure I did properly is Microsoft, but the others were pretty straight forward.
This is the published page in case you want to see the behavior.
This is the code repo -- the main files where I implemented the logic are in auth.service.ts & login.component.ts (I hid the apiKey/appId in firebaseConfig, since not sure if it's sensitive).
Anyone had luck with it & perhaps has some tip? Thanks!!
...ANSWER
Answered 2020-Dec-12 at 18:31QUESTION
I follow some howto (https://morioh.com/p/5ba92d70416f https://www.techiediaries.com/angular-firebase/angular-9-firebase-authentication-email-google-and-password/ ...)
But none talk about auth with firebase rules
I can't let allow read, write: if true; for security reason
If I switch to allow read, write: if request.auth != null; (not the best for security but better) it only works just after the log in and when I refresh homepage it didn't works anymore...
FirebaseError: [code=permission-denied]: Missing or insufficient permissions.
I want to know what is the "request.auth" thing used by firebase rules ? How can I send credentials from Angular when I send a request like getAll() ?
Thank you
...ANSWER
Answered 2020-Jul-25 at 03:04When using the provided web and mobile client SDKs, you don't "send" anything for authentication. The SDKs automatically use the currently signed in user managed by the Firebase Auth SDK. If you're not using Firebase Auth in any way, then request.auth will never get populated.
QUESTION
When trying to 'ng serve' after configuring angular with firebase, I got the error. Even though I googled this error message but could not find anything. In the error message, this issue is related to the library itself.
...ANSWER
Answered 2020-Feb-10 at 06:35This error is due to TypeScript type checking the definitions file of the AngularFire library.
Notice the errors are from node_modules/@angular/fire/angularfire2.d.ts:37:49.
To avoid this error you have to set some options in tsconfig.json.
tsconfig:
QUESTION
I am building an Angular app which will store the data in Firebase. samples show that the apps are directly connecting to the backend by putting the Firebase connection info right in the app's environment. I started browser debugger and I am able to see the info to my Firebase database in the debugger. I understand that I can restrict the users to only my app users with Firebase auth and rules, but is this how everyone develops using Firebase?
Wouldn't it be more secure to have the Firebase DB hidden behind a Web API and have the Angular app call the Web API?
...ANSWER
Answered 2020-May-17 at 05:48Yes it is ok that you can find your Firebase configuration in the debugger when examining your front-end. This is how Firebase is meant to be used and it is the most common approach.
Would it be more secure to have your Firebase database hidden behind a Web API? In my opinion no. As long as you set up the security rules correctly your data is secure. But that depends on you understanding how the security rules work and configuring them correctly of course.
I would recommend staying with the approach of connecting directly to the database, and not through an API. Some of the reason that Firebase is so easy to work with is the fact that you can connect directly to it, you don't need to build your own API.
QUESTION
I am trying to fetch all orders from firebase database, and then fetch detailed info about customers using customerId from order. This is my database schema:
orders:
customer
customers:
name
surname
My html template:
...ANSWER
Answered 2020-May-16 at 12:58It is happening because you are return a array of streams but not subscribing to them. To do that, you can use mergeAll.
As documentation says, mergeAll subscribes to an Observable that emits Observables. Each time it observes one of these emitted inner Observables, it subscribes to that and delivers all the values from the inner Observable on the output Observable.
QUESTION
If i try to do my code with onRequest this is the problem that i get and since someone sugested me to try onCall i get this error
Property 'send' does not exist on type 'CallableContext'.
This is the code im using
...ANSWER
Answered 2020-May-02 at 16:28onCall functions work very different onRequest functions. Please read the documentation to understand how to write them.
Callable functions do not use request and response objects. They take two arguments, an input data argument, and a context:
QUESTION
Final Goal: create a Firebase Custom Token with local NodeJs, post such Custom Token to googleapis/.../verifyCustomToken and get back an idToken that allow me to post a new document to Firestore as explained in other question
Current achivement: I can successfuly create a Custon Token with this Cloud Function and follow successfully next steps (get an idToken from googleapis/.../verifyCustomToken and post successfully a docuemtn to Firestore). But I need the same from a local server (we are not going to use Cloud Function this time).
Current issue: I get this issue when I try to post the Custom Token generated by local NodeJs to googleapis/.../verifyCustomToken:
...ANSWER
Answered 2020-Apr-21 at 20:42Make sure the API key sent in the URL came from the same project as the service account used to mint the custom token.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install angular-firebase
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
