0

From the documentation, I am doing this:

    var currentUser;
    firebase.auth().onAuthStateChanged(function(user) {
      if (user && user.emailVerified) {
        currentUser = user;
        setPresence();
      }
    });

    function setPresence() {
      var myConnectionsRef = firebase.database().ref('users/' + currentUser.uid + '/connections');
      var connectedRef = firebase.database().ref('.info/connected');
      connectedRef.on('value', function(snap) {
        if (snap.val() === true) {
          var con = myConnectionsRef.push();
          con.onDisconnect().remove();
          con.set("profile");
        }
      });
    }

I do this on every page, but it does not seem to be working on the profile page. Here is what I see in the DB: enter image description here

And this is not a one-off. Almost all users have something like that. What could be the cause of this? Why would onDisconnect not trigger?

Here is the webpage if needed: magicconnects.com/profile.

Thanks so much for your help!

EDIT: Adding security rules:

{
  "rules": {
    "users": {
      "$uid": {
        ".read": "auth != null",
        ".write": "auth != null && auth.uid == $uid"
      }
    }
  }
}
Student
  • 89
  • 1
  • 8
  • 1) It may take a few minutes before the `onDisconnect` handler executes, as it often depends on the server to detect that the client is gone. 2) Do you have security rules that prevent the `remove()` from executing? – Frank van Puffelen Feb 18 '21 at 04:30
  • Added them to the post - they don't seem to be the issue. 90% of users still have similar status as in the picture. I just followed the documentation. Any tips on how I can debug this? Just to be sure, it is def me, right? Or could it be a Firebase issue? – Student Feb 18 '21 at 07:42
  • I recall seeing issues with authentication in `onDisconnect` handlers a while ago. Can you try allowing unauthenticated writes or (if that is too dangerous for your database) at the very least unauthenticated deletes of data? If that works, at least we know what's causing the problem. – Frank van Puffelen Feb 18 '21 at 15:29
  • "read, write if true" version of security rules work but obv that isn't ideal. What would you suggest I do? Also, how can I allow unauthenticated deletes of data? I wasn't able to find something like .delete. Thanks! – Student Feb 19 '21 at 03:21

1 Answers1

1

The problem seems to be that the token may be expired by the time the onDisconnect code runs. So you'll need to allow unauthenticated deleted of the relevant data.

The safest way I can think of is to do that on the level of the individual connection nodes (those starting with -M...), so that one can only delete a node by knowing the key.

That'd look like this:

{
  "rules": {
    "users": {
      "$uid": {
        ".read": "auth != null",
        ".write": "auth != null && auth.uid == $uid"
        "$pushid": {
          ".write": "!newData.exists()"
        }
      }
    }
  }
}

Since rules are OR'ed together, the ".write": "!newData.exists()" is an extra allowance for when somebody knows the $pushid.

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807