0

Before creating a new user I want to check if creating username property already exists in Firebase Database.

Checking function is:

let databaseRef = Database.database().reference()
databaseRef.child("users").queryOrdered(byChild: "username").queryEqual(toValue: loginRegisterTextField.text).observeSingleEvent(of: .value, with: { (snapshot: DataSnapshot) in
   if snapshot.exists() {
       print("Login exists") 
   } else {
       print("Login does not exist")
  }
})

JSON is:

enter image description here

Rules are for node users:

{
  "rules": {
        
    "users" : { 
      ".read": "auth != null",

          "$uid" : {
            ".write": "auth != null && auth.uid == $uid",
        }
    },

Is it possible to write a rules to check existing of username without a new uid?

Improve this question
2
  • 1
    The username child node you're using has nothing to do with a UID, and in fact, doesn't have anything to do with rules either. The problem with this code flow is that, in order to check to see if a username exists, the user must be authenticated, but if this is a new user, they are not yet authenticated, so that won't work. One option is to create the firebase account first (which authenticates the user) then ask them to create a username. In that scenario, your code will work pretty much as is. Otherwise you can keep a publicly accessible username list, or leverage cloud functions. Commented Dec 24, 2021 at 17:53
  • @Jay Thanks, I've the same thought to create a new readable branch with usernames but I hoped until the last don't do it) Commented Dec 24, 2021 at 18:22

1 Answer 1

Reset to default
1

There is no way to check for a specific value across a JSON branch in security rules. This has been covered quite a few times before, so I recommend checking some of these search results.

But you can make your query on /users more secure, by only allowing that specific query, and not allowing people to read all of /users. To secure the query you could some something like:

{
  "rules": {     
    "users" : { 
      ".read": "auth != null && 
                query.orderByChild == 'username' &&
                query.equalTo !== null",
      ...

This is the first time I've used query.equalTo !== null, so there may be some small mistakes in that part, but the flow should be clear.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

I think the OP wants to check if the username exists before creating the Firebase user (they mentioned no uid) and if that's the case, the user won't be auth'd yet. I may be reading the question wrong though.
Ah, that's a good point Jay. In that case, they can remove the auth != null part from the .read rule on /users and still only allow the specific query that they code uses.
@Jay you are right, I want to check if the username exists before creating the Firebase user
@FrankvanPuffelen thanks for another point of view to my problem.
@StanislavPutilov As said in my comment above, if you remove auth != null && from the rules I shared, even unauthenticated users can perform the username query - but that's all they can do then.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.