Fixed UID accidently changed after auth token expired and access deni…

…ed in Firebase.setReadWriteRules issues.
mobizt · Dec 2, 2021 · fa98e29 · fa98e29
1 parent be2a06e
commit fa98e29
Show file tree

Hide file tree

Showing 11 changed files with 95 additions and 176 deletions.
diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@
 [![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.4390794.svg)](https://doi.org/10.5281/zenodo.4390794)
 
 
-Google's Firebase Realtime Database Arduino Library for ESP8266 v3.7.0
+Google's Firebase Realtime Database Arduino Library for ESP8266 v3.7.1
 
 
 This library supports ESP8266 MCU from Espressif. The following are platforms in which libraries are also available.

diff --git a/library.json b/library.json
@@ -1,6 +1,6 @@
 {
   "name": "Firebase ESP8266 Client",
-  "version": "3.7.0",
+  "version": "3.7.1",
   "keywords": "communication, REST, esp8266, arduino",
   "description": "The secure, fast and reliable Firebase Realtime database library to read, store, update, delete, listen, backup, and restore data. You can also read and modify the database security rules with this library.",
   "repository": {

diff --git a/library.properties b/library.properties
@@ -1,6 +1,6 @@
 name=Firebase ESP8266 Client
 
-version=3.7.0
+version=3.7.1
 
 author=Mobizt
 

diff --git a/src/FirebaseESP8266.h b/src/FirebaseESP8266.h
@@ -1,16 +1,16 @@
 
 #ifndef FIREBASE_CLIENT_VERSION
-#define FIREBASE_CLIENT_VERSION "3.7.0"
+#define FIREBASE_CLIENT_VERSION "3.7.1"
 #endif
 
 /**
- * Google's Firebase Realtime Database Arduino Library for ESP8266, v3.7.0
+ * Google's Firebase Realtime Database Arduino Library for ESP8266, v3.7.1
  * 
- * Created November 23, 2021
+ * Created December 2, 2021
  *
  *   Updates:
- * - Fixed compilation error in FirebaseJson due to multiple sources of cJSON.
- * - Add support ESP8266 external virtual RAM (SRAM or PSRAM).
+ * - Fixed UID accidently changed after auth token expired.
+ * - Fixed access denied in Firebase.setReadWriteRules.
  * 
  *
  * This library provides ESP8266 to perform REST API by GET PUT, POST, PATCH, DELETE data from/to with Google's Firebase database using get, set, update

diff --git a/src/README.md b/src/README.md
@@ -1,7 +1,7 @@
 # Firebase Realtime Database Arduino Library for ESP8266
 
 
-Google's Firebase Realtime Database Arduino Library for ESP8266 v3.7.0
+Google's Firebase Realtime Database Arduino Library for ESP8266 v3.7.1
 
 
 

diff --git a/src/common.h b/src/common.h
@@ -1,6 +1,6 @@
 
 /**
- * Created November 19, 2021
+ * Created December 2, 2021
  * 
  * This work is a part of Firebase ESP Client library
  * Copyright (c) 2021 K. Suwatchai (Mobizt)
@@ -31,7 +31,6 @@
 #define FB_COMMON_H_
 
 #include <Arduino.h>
-#include <SPI.h>
 #include <time.h>
 #include <vector>
 #include <functional>
@@ -1689,7 +1688,7 @@ static const char fb_esp_pgm_str_183[] PROGMEM = "file";
 static const char fb_esp_pgm_str_184[] PROGMEM = "/fb_bin_0.tmp";
 static const char fb_esp_pgm_str_185[] PROGMEM = "The backup data should be the JSON object";
 static const char fb_esp_pgm_str_186[] PROGMEM = "object";
-//static const char fb_esp_pgm_str_187[] PROGMEM = "";
+static const char fb_esp_pgm_str_187[] PROGMEM = "user_id";
 //static const char fb_esp_pgm_str_188[] PROGMEM = "";
 static const char fb_esp_pgm_str_189[] PROGMEM = "payload too large";
 static const char fb_esp_pgm_str_190[] PROGMEM = "cannot config time";

diff --git a/src/json/MB_String.h b/src/json/MB_String.h
@@ -54,7 +54,7 @@
 
 #define MB_STRING_MAJOR 1
 #define MB_STRING_MINOR 1
-#define MB_STRING_PATCH 0
+#define MB_STRING_PATCH 2
 
 #if defined(ESP8266) && defined(MMU_EXTERNAL_HEAP) && defined(MB_STRING_USE_PSRAM)
 #include <umm_malloc/umm_malloc.h>

diff --git a/src/rtdb/FB_RTDB.cpp b/src/rtdb/FB_RTDB.cpp
@@ -1,9 +1,9 @@
 /**
- * Google's Firebase Realtime Database class, FB_RTDB.cpp version 1.2.8
+ * Google's Firebase Realtime Database class, FB_RTDB.cpp version 1.2.9
  * 
  * This library supports Espressif ESP8266 and ESP32
  * 
- * Created November 20, 2021
+ * Created December 2, 2021
  * 
  * This work is a part of Firebase ESP Client library
  * Copyright (c) 2021 K. Suwatchai (Mobizt)
@@ -102,6 +102,29 @@ bool FB_RTDB::mSetRules(FirebaseData *fbdo, const char *rules)
     return ret;
 }
 
+void FB_RTDB::storeToken(MBSTRING &atok, const char *databaseSecret)
+{
+    atok = Signer.config->_int.auth_token;
+    Signer.setTokenType(token_type_legacy_token);
+    Signer.config->signer.tokens.legacy_token = databaseSecret;
+    ut->storeS(Signer.config->_int.auth_token, Signer.config->signer.tokens.legacy_token, false);
+    Signer.config->_int.ltok_len = strlen(databaseSecret);
+    Signer.config->_int.rtok_len = 0;
+    Signer.config->_int.atok_len = 0;
+    Signer.handleToken();
+}
+
+void FB_RTDB::restoreToken(MBSTRING &atok, fb_esp_auth_token_type tk)
+{
+    ut->storeS(Signer.config->_int.auth_token, atok.c_str(), false);
+    ut->clearS(atok);
+    Signer.config->signer.tokens.legacy_token = "";
+    Signer.config->signer.tokens.token_type = tk;
+    Signer.config->_int.atok_len = Signer.config->_int.auth_token.length();
+    Signer.config->_int.ltok_len = 0;
+    Signer.handleToken();
+}
+
 bool FB_RTDB::mSetQueryIndex(FirebaseData *fbdo, const char *path, const char *node, const char *databaseSecret)
 {
     if (fbdo->_ss.rtdb.pause)
@@ -117,16 +140,7 @@ bool FB_RTDB::mSetQueryIndex(FirebaseData *fbdo, const char *path, const char *n
     fb_esp_auth_token_type tk = Signer.getTokenType();
 
     if (strlen(databaseSecret) && tk != token_type_oauth2_access_token && tk != token_type_legacy_token)
-    {
-        atok = Signer.config->_int.auth_token;
-        Signer.setTokenType(token_type_legacy_token);
-        Signer.config->signer.tokens.legacy_token = databaseSecret;
-        ut->storeS(Signer.config->_int.auth_token, Signer.config->signer.tokens.legacy_token, false);
-        Signer.config->_int.ltok_len = strlen(databaseSecret);
-        Signer.config->_int.rtok_len = 0;
-        Signer.config->_int.atok_len = 0;
-        Signer.handleToken();
-    }
+        storeToken(atok, databaseSecret);
 
     if (getRules(fbdo))
     {
@@ -171,15 +185,7 @@ bool FB_RTDB::mSetQueryIndex(FirebaseData *fbdo, const char *path, const char *n
     }
 
     if (strlen(databaseSecret) && tk != token_type_oauth2_access_token && tk != token_type_legacy_token)
-    {
-        ut->storeS(Signer.config->_int.auth_token, atok.c_str(), false);
-        ut->clearS(atok);
-        Signer.config->signer.tokens.legacy_token = "";
-        Signer.config->signer.tokens.token_type = tk;
-        Signer.config->_int.atok_len = Signer.config->_int.auth_token.length();
-        Signer.config->_int.ltok_len = 0;
-        Signer.handleToken();
-    }
+        restoreToken(atok, tk);
 
     ut->clearS(s);
     return ret;
@@ -195,15 +201,12 @@ bool FB_RTDB::mSetReadWriteRules(FirebaseData *fbdo, const char *path, const cha
 
     MBSTRING s;
     bool ret = false;
+    MBSTRING atok;
 
     fb_esp_auth_token_type tk = Signer.getTokenType();
 
     if (strlen(databaseSecret) && tk != token_type_oauth2_access_token && tk != token_type_legacy_token)
-    {
-        Signer.config->signer.tokens.legacy_token = databaseSecret;
-        Signer.config->signer.tokens.token_type = token_type_legacy_token;
-        Signer.handleToken();
-    }
+        storeToken(atok, databaseSecret);
 
     if (getRules(fbdo))
     {
@@ -267,10 +270,7 @@ bool FB_RTDB::mSetReadWriteRules(FirebaseData *fbdo, const char *path, const cha
     }
 
     if (strlen(databaseSecret) && tk != token_type_oauth2_access_token && tk != token_type_legacy_token)
-    {
-        Signer.config->signer.tokens.token_type = tk;
-        Signer.handleToken();
-    }
+        restoreToken(atok, tk);
 
     ut->clearS(s);
     return ret;

diff --git a/src/rtdb/FB_RTDB.h b/src/rtdb/FB_RTDB.h
@@ -1,9 +1,9 @@
 /**
- * Google's Firebase Realtime Database class, FB_RTDB.h version 1.2.8
+ * Google's Firebase Realtime Database class, FB_RTDB.h version 1.2.9
  * 
  * This library supports Espressif ESP8266 and ESP32
  * 
- * Created November 20, 2021
+ * Created December 2, 2021
  * 
  * This work is a part of Firebase ESP Client library
  * Copyright (c) 2021 K. Suwatchai (Mobizt)
@@ -1765,6 +1765,8 @@ class FB_RTDB
   void sendCB(FirebaseData *fbdo);
   void splitStreamPayload(const char *payloads, std::vector<MBSTRING> &payload);
   void parseStreamPayload(FirebaseData *fbdo, const char *payload);
+  void storeToken(MBSTRING &atok, const char *databaseSecret);
+  void restoreToken(MBSTRING &atok, fb_esp_auth_token_type tk);
   bool mSetQueryIndex(FirebaseData *fbdo, const char *path, const char *node, const char *databaseSecret);
   bool mBeginStream(FirebaseData *fbdo, const char *path);
   void mSetReadTimeout(FirebaseData *fbdo, const char *millisec);