#257 Refine database security rules and write more tests #633
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 tasks
HalcyonJAC
requested review from
tomlovesgithub,
warrensearle and
mbrookeswebdev
mbrookeswebdev
approved these changes
Aug 20, 2021
tomlovesgithub
approved these changes
Sep 10, 2021
| @@ -17,6 +17,33 @@ See [database/firestore.indexes.json](database/firestore.indexes.json) for our c | |||
|
|
|||
| See [storage/storage.rules](storage/storage.rules) for our current rules. | |||
|
|
|||
|
|
|||
| To run the emulator on your local machine, create a `./data/firestore.json` file with the contents of `[]`. | |||
There was a problem hiding this comment.
👀 This is super helpful! - thanks!
warrensearle
added a commit
that referenced
this pull request
Sep 14, 2021
warrensearle
added a commit
that referenced
this pull request
Sep 14, 2021
This was referenced Sep 15, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Author checklist
What's included?
This work fixes the email verification issue with third party (specifically Microsoft) authenticated accounts to the admin platform. The security rules require for all users that an email address is verified, and there is no way of telling on firestore where the request originated from.
Microsoft accounts do not set the email verified flag to true. It is a requirements that these are set to true if logging in via the admin platform, as users from the JAC and other government departments logging into the platform should not have to verify their email address.
This pull request is the other half connected with jac-uk/admin#1476 and contains a re-instantiation of the email validation for security rules, fixes for some firestore rules, addition of field validation for some documents and fixing of all current firestore tests, as well as adding some new ones.
Who should test?
How to test?
Login using a microsoft account once merged, as per jac-uk/admin#1476.
To run the tests, follow the instructions in the README.md file. You will need to change the file referenced in the package.json file for
npm run test:rulesRisk - how likely is this to impact other areas?
🟠 Medium risk - this does change code that is shared with other areas
Additional context
Include screen grabs, video demo, notes etc.
PREVIEW:DEVELOP
can be OFF, DEVELOP or STAGING