Home > Software design >  Bypassing Firestore Security Rules in jest tests
Bypassing Firestore Security Rules in jest tests

Time:03-25

Currently working on a React/Typescript/Firebase Firestore project. When writing Jest-tests for some actions/functions that are called from the UI, I ran into the following problem:

In the test file I'm able to setup the firestore client using the v9 api and make it talk to emulator

const app = initializeApp(config.firebase); 
const firestore = getFirestore(app); 
connectFirestoreEmulator(firestore, "localhost", 8080);

In addition I also found out how to setup the admin client and make it talk to emulator

process.env.FIRESTORE_EMULATOR_HOST = "localhost:8080";
const serviceAccount = require("../../../my-key.json");
admin.initializeApp({
    credential: admin.credential.cert(serviceAccount),
    ...config.firebase
});

The test itself looks something like this:

describe("createCompanyAndRating action", () => {
    test("call createCompanyAndRating and make sure it creates a proper rating entity", async () => {
        // omitted: set testRatingFormState and other test data that are passed as args and
        // pass in the firestore db client
        const {
            ratingId,
            companyId,
        } = await createCompanyAndRating({
            ratingFormState: testRatingFormState,
            visitorId: testVisitorId,
            firestore,
        });
        // verify result by fetching the rating entity from the emulator db using the admin client
        const ratingPath = `companies/${companyId}/ratings/${ratingId}`;
        const ratingSnap = await admin.firestore().doc(ratingPath).withConverter(ratingConverter).get();
        const rating: Rating | undefined = ratingSnap.data();
        // omitted: verify result with some Jest expect-statetments...
    });
})

My problem is now that the Firestore security rules apply and only authenticated users can write docs in the collections used in the createCompanyAndRating function, so the test already throws an error when calling that function.

In this scenario I'm not interested in testing the security rules per se.

  • Is there a way to bypass the security rules for the test?
  • If yes, how do I have to setup the firestore client?
  • Is there even the possibility to somehow impersonate a user in the test?

In addition, please note that I can't to pass the admin client into the createCompanyAndRating function as the admin client API is different from the v9 firebase API that I'm relying on in the createCompanyAndRating function implementation (tried and it didn't work and not only because some type errors in the way).

Maybe my whole approach is a little misguided and I should rather concentrate on testing the internals of the createCompanyAndRating function where I do a lot of factory stuff that could be tested without db interaction.

Anyway, any help/guidance is much appreciated.

CodePudding user response:

Thanks for confirming that I was looking in the right place (i.e. @firebase/rules-unit-testing). Finally figured out what the problem was, missed an "await" in createCompanyAndRating, so the firestore admin instance wasn't getting the data (and I though it was a admin config issue...) Thanks!

  • Related