0

Cloud Firestore and Remote config services are using in my app. In debug mode all works fine. But the app release build istalled from Play Store (internal testing) doesn't work.

Google sign-in (using OAuth) in my app works as expected after adding another one SHA-1 key (taken from Play Console) to Firebase app release config. But Cloud Firestore and Remote config still don't.

Log: Stream closed with status: b1 {code=PERMISSION_DENIED...}

It looks like I had missing something. Also, how can I get release logs of the app? Any thoughts, thanks.

UPD It seems the problem in rules, so my rules are:

Remote config rules: enter image description here

Firestore DB rules:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /stories/{storyId}{
      allow read, write: if resource.data.userId == request.auth.uid || request.resource.data.userId == request.auth.uid;
        match /sentences/{itemId}{
        allow read, write: if request.auth != null;
      }
    }
  }
}

Query to read look like this:

Firebase.auth.uid?.let { userId ->
            db.collection("stories")
                .whereEqualTo("userId", userId)
                .whereEqualTo("hasBookmarks", true)
                .orderBy("createdAt", Query.Direction.DESCENDING)
                .addSnapshotListener { value, e ->
        //result handling code
    }
}
Konstantin Konopko
  • 5,229
  • 4
  • 36
  • 62
  • Any exceptions in the logs? – levi Jul 13 '23 at 20:35
  • @levi log only saying `Stream closed with status: b1{code=PERMISSION_DENIED` – Konstantin Konopko Jul 13 '23 at 21:04
  • That's the entire error message, "PERMISSION_DENIED"? – Alex Mamo Jul 14 '23 at 06:06
  • @AlexMamo the message is `Stream closed with status: b1{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}. 23:39:46.290 Firestore W (24.6.1) [Firestore]: Write failed at users/GiWj2F4EUIZZvJLMM6LhalrQTtF2: b1{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}`. But read data also doesn't work – Konstantin Konopko Jul 14 '23 at 08:39
  • I guess possibly something wrong with signed in users in my app: Firebase doesn't recognize them as signed in and as a resuld restrict access to Firestore DB and Remote confic — this cloud services are using rules with signed-in-users-only to manage data access. So here I have another question: are release- and debug-created Firebase users the same? Or not? – Konstantin Konopko Jul 14 '23 at 08:50
  • I've checked the case above with newly created user in release build: the same problem, this user also can't get access to Firebase services – Konstantin Konopko Jul 14 '23 at 08:59
  • 1
    Please also show us the rules you're using. – Alex Mamo Jul 14 '23 at 09:14
  • @AlexMamo please look at post update – Konstantin Konopko Jul 14 '23 at 09:53
  • And what are the exact queries that you perform against these rules? – Alex Mamo Jul 15 '23 at 13:40
  • @AlexMamo post was updated with exact querie to read some data from Firestore DB, it works as expected for debug build – Konstantin Konopko Jul 15 '23 at 19:19
  • I'm sorry Konstantin, but I cannot see why you're having this behavior in the release build. – Alex Mamo Jul 16 '23 at 06:03

1 Answers1

0

The issue was in ProGuard obfuscation for Kotlin Data classes in release builds. Solved by using @Keep annotation for sensitive Data classes, see details.

Konstantin Konopko
  • 5,229
  • 4
  • 36
  • 62