No ability to unit test cloud functions as a simulated authenticated user

[bocodez]

Operating System

Any

Browser Version

Any

Firebase SDK Version

9.14.0

Firebase SDK Product:

Firestore, Functions

Describe your project's tooling

VS Code set up as a generic project

Describe the problem

firebase/rules-unit-testing is a great way to test security rules, it allows easy switching between simulated users to check security from various users perspectives.

However, when your test involves calling a cloud function as such a simulated user, there is no way to do this. An example workflow:

• Use authenticatedContext to switch to "Alice"
• Call secured cloud function, which Alice is allowed to call
• Unit test can expect "success"
• Use authenticatedContext to switch to "Bob"
• Call same secured cloud function, but Bob isn't on the list of allowed callees
• Unit test can expect "failure"

I have searched around looking for a way to do this, but there is no mention out there on the internet.

So if it is possible, I would suggest that the documentation is updated.
If it is not possible, I would suggest adding this to firebase/rules-unit-testing which has a nice environment in place already.

I am not sure how major deployments of firebase are out there without automated testing for their security, and I feel that this is something that should not be overlooked.

Steps and code to reproduce issue

Make a new project with a cloud function that returns the authentication data.
Make a unit test that creates a simulated user with rules-unit-testing.
Hack the rules-unit-testing library to return a function object, and injected the authentication parameters into it.
Call the cloud function.

Expect to see authentication in the returned data.

It wasn't there.

[Vanethos]

Any news regarding this issue?