1
00:00:00,000 --> 00:00:01,527
‫Instructor: Hi. Within this lecture

2
00:00:01,527 --> 00:00:06,210
‫we are going to test to see if our application works.

3
00:00:06,210 --> 00:00:07,500
‫But before we do that,

4
00:00:07,500 --> 00:00:10,290
‫we need to do some final configuration

5
00:00:10,290 --> 00:00:12,420
‫on the Firebase dashboard.

6
00:00:12,420 --> 00:00:16,241
‫So make sure you open your Firebase dashboard, okay?

7
00:00:16,241 --> 00:00:18,570
‫And if you closed it for a reason,

8
00:00:18,570 --> 00:00:22,380
‫you can reach it through firebase.google.com.

9
00:00:22,380 --> 00:00:27,330
‫And we need to enable the database and authentication first.

10
00:00:27,330 --> 00:00:32,330
‫If we had used storage in our application,

11
00:00:32,347 --> 00:00:35,670
‫we would've enabled it as well,

12
00:00:35,670 --> 00:00:37,337
‫but right now we are not using it,

13
00:00:37,337 --> 00:00:41,100
‫we are only going to enable database and authentication,

14
00:00:41,100 --> 00:00:43,410
‫and this is one time only.

15
00:00:43,410 --> 00:00:47,160
‫If you do that for an application, then it's done.

16
00:00:47,160 --> 00:00:49,530
‫Just click on the authentication

17
00:00:49,530 --> 00:00:53,610
‫and come over here to set up sign in method.

18
00:00:53,610 --> 00:00:55,470
‫So there are a couple of sign in methods

19
00:00:55,470 --> 00:00:57,960
‫like Google, Facebook, Twitter,

20
00:00:57,960 --> 00:01:01,140
‫but if you remember we're using email and password

21
00:01:01,140 --> 00:01:05,580
‫in order to create users and in order to log them in.

22
00:01:05,580 --> 00:01:06,720
‫So what we are gonna do,

23
00:01:06,720 --> 00:01:09,510
‫we are going to enable email and password.

24
00:01:09,510 --> 00:01:11,610
‫So make sure you click on it

25
00:01:11,610 --> 00:01:14,580
‫and just hit this enable button.

26
00:01:14,580 --> 00:01:17,070
‫We're not enabling the email link.

27
00:01:17,070 --> 00:01:21,360
‫We're only enabling the username and password.

28
00:01:21,360 --> 00:01:22,193
‫Okay?

29
00:01:22,193 --> 00:01:24,480
‫So after you click save, it's done.

30
00:01:24,480 --> 00:01:26,640
‫Now you enabled authentication.

31
00:01:26,640 --> 00:01:30,570
‫Now let's move to database, which is very important.

32
00:01:30,570 --> 00:01:34,650
‫So over here we are going to choose Cloud Firestore.

33
00:01:34,650 --> 00:01:38,940
‫Actually, there are two databases in Firebase right now,

34
00:01:38,940 --> 00:01:40,710
‫one of which is Cloud Firestore,

35
00:01:40,710 --> 00:01:43,350
‫and the other one is Realtime Database.

36
00:01:43,350 --> 00:01:46,620
‫So Realtime database is the older version.

37
00:01:46,620 --> 00:01:49,320
‫We're going to go with the latest technology,

38
00:01:49,320 --> 00:01:52,110
‫and the newer technology, which is Cloud Firestore.

39
00:01:52,110 --> 00:01:56,190
‫And as you can see, it's realtime as well.

40
00:01:56,190 --> 00:01:59,040
‫So it has much more powerful queries,

41
00:01:59,040 --> 00:02:02,040
‫much more powerful operations,

42
00:02:02,040 --> 00:02:04,500
‫when we compare to the real time database.

43
00:02:04,500 --> 00:02:08,130
‫So that's why we are using Cloud Firestore.

44
00:02:08,130 --> 00:02:10,440
‫So I'm going to say create database.

45
00:02:10,440 --> 00:02:12,900
‫And over here we get two options,

46
00:02:12,900 --> 00:02:15,930
‫which is production mode and test mode.

47
00:02:15,930 --> 00:02:17,827
‫So in the production mode,

48
00:02:17,827 --> 00:02:22,320
‫we don't get to see the database and write the database.

49
00:02:22,320 --> 00:02:25,050
‫So in test mode, we can read the database

50
00:02:25,050 --> 00:02:27,240
‫and write to database as well.

51
00:02:27,240 --> 00:02:31,350
‫So most of the time, like 99% of the time,

52
00:02:31,350 --> 00:02:34,890
‫developers will go with the test mode because they want

53
00:02:34,890 --> 00:02:37,800
‫to test the database, they want to write datas in it,

54
00:02:37,800 --> 00:02:40,350
‫and they want to read those datas,

55
00:02:40,350 --> 00:02:42,060
‫so we're gonna do that as well.

56
00:02:42,060 --> 00:02:44,370
‫We're going to continue with test mode,

57
00:02:44,370 --> 00:02:48,300
‫but the problem is they don't configure this properly

58
00:02:48,300 --> 00:02:51,750
‫after their application is done, most of the time.

59
00:02:51,750 --> 00:02:54,840
‫So that's what we are going to work on, okay?

60
00:02:54,840 --> 00:02:58,020
‫We're going to actually start in test mode,

61
00:02:58,020 --> 00:03:02,100
‫and we're going to see what happens if we leave it as it is.

62
00:03:02,100 --> 00:03:05,910
‫And then we're going to see how to fix this problem as well.

63
00:03:05,910 --> 00:03:08,880
‫Now I'm going to say start in test mode.

64
00:03:08,880 --> 00:03:10,470
‫So this is important, make sure

65
00:03:10,470 --> 00:03:14,310
‫you choose the test mode over here and click next.

66
00:03:14,310 --> 00:03:18,570
‫And then you have to choose a location for your server.

67
00:03:18,570 --> 00:03:21,840
‫So this is physical computer location, Okay?

68
00:03:21,840 --> 00:03:24,720
‫So what we do over here is to generally

69
00:03:24,720 --> 00:03:28,086
‫choose the country that we are targeting.

70
00:03:28,086 --> 00:03:30,990
‫For example, if you're in Europe, go for Europe.

71
00:03:30,990 --> 00:03:33,450
‫If you're in USA, go for USA.

72
00:03:33,450 --> 00:03:35,790
‫If you're in Asia, go for Asia.

73
00:03:35,790 --> 00:03:38,640
‫It really doesn't matter what you choose,

74
00:03:38,640 --> 00:03:40,560
‫it will work anyhow.

75
00:03:40,560 --> 00:03:44,190
‫But if you choose something closer to your country,

76
00:03:44,190 --> 00:03:47,250
‫then it might perform a little bit faster,

77
00:03:47,250 --> 00:03:50,130
‫like maybe less than a second, okay?

78
00:03:50,130 --> 00:03:53,700
‫And if you're targeting whole world in your app,

79
00:03:53,700 --> 00:03:57,330
‫just choose somewhere in between, like Europe.

80
00:03:57,330 --> 00:04:00,030
‫And the important thing over here is that

81
00:04:00,030 --> 00:04:03,150
‫once you choose it, you cannot change it.

82
00:04:03,150 --> 00:04:08,084
‫So I'm going to, I chose Europe, as you can see right now,

83
00:04:08,084 --> 00:04:11,040
‫and I have clicked on done,

84
00:04:11,040 --> 00:04:15,300
‫and I'm not going to be able to change it afterwards.

85
00:04:15,300 --> 00:04:17,583
‫And again, it will work as fine,

86
00:04:18,605 --> 00:04:20,700
‫even if I'm in United States,

87
00:04:20,700 --> 00:04:24,900
‫it will still work, but it's always logical

88
00:04:24,900 --> 00:04:29,900
‫to choose one that is near to my target country.

89
00:04:31,560 --> 00:04:35,700
‫So let me open the Android Studio over here.

90
00:04:35,700 --> 00:04:39,690
‫And what we gonna do, we are going to run this application.

91
00:04:39,690 --> 00:04:43,770
‫And then after the Firestore setup is done,

92
00:04:43,770 --> 00:04:48,270
‫we are going to test to see if everything works as expected.

93
00:04:48,270 --> 00:04:50,640
‫Please make sure before you do that,

94
00:04:50,640 --> 00:04:52,680
‫please make sure before you type in

95
00:04:52,680 --> 00:04:55,083
‫your email and password to sign up,

96
00:04:56,190 --> 00:05:00,480
‫wait until the Firestore setup is completed.

97
00:05:00,480 --> 00:05:02,340
‫It may take a little bit of time,

98
00:05:02,340 --> 00:05:05,010
‫like one and a half minute maybe,

99
00:05:05,010 --> 00:05:06,780
‫maybe two or three minutes,

100
00:05:06,780 --> 00:05:09,390
‫but it will be done eventually.

101
00:05:09,390 --> 00:05:12,000
‫And even though you see the screen,

102
00:05:12,000 --> 00:05:14,550
‫make sure you wait until it's done.

103
00:05:14,550 --> 00:05:15,660
‫So I'm gonna do that.

104
00:05:15,660 --> 00:05:18,600
‫I'm going to wait until my Firestore is done,

105
00:05:18,600 --> 00:05:22,683
‫and I'm gonna check to see if it's completed right now.

106
00:05:23,850 --> 00:05:26,820
‫Yep, it seems that it's completed,

107
00:05:26,820 --> 00:05:30,180
‫and it took me to this database.

108
00:05:30,180 --> 00:05:32,430
‫So this is our database, okay?

109
00:05:32,430 --> 00:05:36,390
‫This is Firestore database in Firebase.

110
00:05:36,390 --> 00:05:39,390
‫So how does this work?

111
00:05:39,390 --> 00:05:41,490
‫I'm going to show you, it's actually

112
00:05:41,490 --> 00:05:44,130
‫a little bit different than SQL or ESQL.

113
00:05:44,130 --> 00:05:48,810
‫So if you're used to SQL, just try to forget it.

114
00:05:48,810 --> 00:05:52,500
‫It's not structured like SQL, it's a little bit different.

115
00:05:52,500 --> 00:05:54,780
‫I'm going to show you how it works.

116
00:05:54,780 --> 00:05:59,670
‫So let me just sign in with james@metallica.com.

117
00:05:59,670 --> 00:06:03,510
‫And for password, I'm just gonna write 123456.

118
00:06:03,510 --> 00:06:06,690
‫And I'm going to say sign in,

119
00:06:06,690 --> 00:06:09,150
‫but it doesn't make sense to say sign in

120
00:06:09,150 --> 00:06:11,940
‫because I don't have any account right now.

121
00:06:11,940 --> 00:06:13,860
‫As you can see, when I say sign in,

122
00:06:13,860 --> 00:06:16,830
‫it says that there is no user record like that.

123
00:06:16,830 --> 00:06:20,280
‫So what I'm going to do, I'm going to hit on sign up,

124
00:06:20,280 --> 00:06:23,130
‫and it will sign me up, it will register my app.

125
00:06:23,130 --> 00:06:24,360
‫And as you can see,

126
00:06:24,360 --> 00:06:28,560
‫it actually took me to the feed,

127
00:06:28,560 --> 00:06:32,070
‫feed weave controller, feed activity, I mean.

128
00:06:32,070 --> 00:06:34,290
‫And over here in the authentication,

129
00:06:34,290 --> 00:06:35,550
‫if you come to this section,

130
00:06:35,550 --> 00:06:38,790
‫you can see james@metallica.com is actually

131
00:06:38,790 --> 00:06:41,760
‫registered right now in the authentication module.

132
00:06:41,760 --> 00:06:45,300
‫We get to see its created date, sign in date,

133
00:06:45,300 --> 00:06:49,920
‫email, password is not shown for security reasons.

134
00:06:49,920 --> 00:06:51,750
‫And if I sign out right now,

135
00:06:51,750 --> 00:06:55,020
‫I can create another email and other account,

136
00:06:55,020 --> 00:06:57,571
‫but I'm gonna go for adding a tweet.

137
00:06:57,571 --> 00:07:01,560
‫And over here I'm going to say something

138
00:07:01,560 --> 00:07:06,000
‫like tweet tweet test, and some gibberish things, like that.

139
00:07:06,000 --> 00:07:08,190
‫And I'm going to say tweet,

140
00:07:08,190 --> 00:07:10,410
‫and it will upload it to the Firestore,

141
00:07:10,410 --> 00:07:12,630
‫and we get to see the result like this.

142
00:07:12,630 --> 00:07:14,880
‫So if I go to database,

143
00:07:14,880 --> 00:07:18,330
‫then I will see the the structure of my database.

144
00:07:18,330 --> 00:07:23,330
‫So as you can see, my tweets are actually stored over here.

145
00:07:23,730 --> 00:07:25,260
‫So we get to see the date,

146
00:07:25,260 --> 00:07:29,130
‫we get to see the tweet itself, and the user email.

147
00:07:29,130 --> 00:07:34,130
‫So, I believe there some kind of a bug over here.

148
00:07:34,230 --> 00:07:37,590
‫It shows like two times, it's not very important.

149
00:07:37,590 --> 00:07:39,030
‫We can fix it.

150
00:07:39,030 --> 00:07:41,340
‫And let me try this one more time.

151
00:07:41,340 --> 00:07:44,100
‫If everything shows like a duplicate value,

152
00:07:44,100 --> 00:07:46,350
‫then it should be a real problem.

153
00:07:46,350 --> 00:07:48,630
‫Nope, I believe it was a temporary bug.

154
00:07:48,630 --> 00:07:51,930
‫Now we see the actual result over here.

155
00:07:51,930 --> 00:07:55,620
‫So let me try one more time to just make sure of it.

156
00:07:55,620 --> 00:07:56,820
‫Okay.

157
00:07:56,820 --> 00:07:58,050
‫And here you go.

158
00:07:58,050 --> 00:07:59,400
‫Yeah, it works.

159
00:07:59,400 --> 00:08:03,420
‫So as you can see, we have a tweet collection,

160
00:08:03,420 --> 00:08:07,170
‫and we have different documents under that collection.

161
00:08:07,170 --> 00:08:10,620
‫Whenever I add a tweet, it will add over here.

162
00:08:10,620 --> 00:08:15,390
‫So let me create another user like lars@metallica.com,

163
00:08:15,390 --> 00:08:19,260
‫and come over here to give some password and sign it up.

164
00:08:19,260 --> 00:08:22,410
‫And as you can see, even though I'm actually

165
00:08:22,410 --> 00:08:27,030
‫signed in with Lars, I can still see the James tweets.

166
00:08:27,030 --> 00:08:31,440
‫Now let me add a tweet with Lars and see if it shows up.

167
00:08:31,440 --> 00:08:32,400
‫Yeah, here we go.

168
00:08:32,400 --> 00:08:34,086
‫It shows up over here.

169
00:08:34,086 --> 00:08:38,490
‫Now we get to see the Lars and James tweets

170
00:08:38,490 --> 00:08:41,130
‫and we can add as many as we want,

171
00:08:41,130 --> 00:08:44,013
‫like Lars Lars Lars, and say tweet.

172
00:08:45,090 --> 00:08:47,160
‫Yep, it works.

173
00:08:47,160 --> 00:08:49,230
‫Now we are certain that it works.

174
00:08:49,230 --> 00:08:52,020
‫So just add couple of tweets over here

175
00:08:52,020 --> 00:08:55,374
‫just to have some database,

176
00:08:55,374 --> 00:08:58,860
‫like some stuff on our database, right?

177
00:08:58,860 --> 00:09:02,280
‫Because we are going to see if our database works or not,

178
00:09:02,280 --> 00:09:05,460
‫and if our database actually has

179
00:09:05,460 --> 00:09:07,200
‫some vulnerabilities or not.

180
00:09:07,200 --> 00:09:09,870
‫So I'm going to fill this up a little bit

181
00:09:09,870 --> 00:09:11,640
‫with gibberish things, like that.

182
00:09:11,640 --> 00:09:14,880
‫And as you can see, we get to scroll down

183
00:09:14,880 --> 00:09:19,880
‫once the screen reaches its limits like this

184
00:09:19,890 --> 00:09:21,720
‫because it's a recycler view.

185
00:09:21,720 --> 00:09:23,580
‫So that's a recycler view.

186
00:09:23,580 --> 00:09:27,960
‫We use a recycler row in order to display the data

187
00:09:27,960 --> 00:09:31,290
‫that we are populating from Firestore,

188
00:09:31,290 --> 00:09:35,370
‫and it goes as long as we need it.

189
00:09:35,370 --> 00:09:38,995
‫So as you can see, our tweets are stored

190
00:09:38,995 --> 00:09:43,995
‫in the collection of tweets under individual documents.

191
00:09:44,520 --> 00:09:49,110
‫And over here now we have a fully working app.

192
00:09:49,110 --> 00:09:50,160
‫Okay?

193
00:09:50,160 --> 00:09:53,100
‫So if you see an app,

194
00:09:53,100 --> 00:09:57,020
‫and if you get suspicious that it works with Firebase.

195
00:09:57,020 --> 00:09:59,934
‫So, there are a couple of steps to be done

196
00:09:59,934 --> 00:10:02,760
‫in order to make sure it works with Firebase.

197
00:10:02,760 --> 00:10:05,790
‫And then later on, you are gonna have

198
00:10:05,790 --> 00:10:08,670
‫to find the Firebase id of that app,

199
00:10:08,670 --> 00:10:11,280
‫which we are going to see how it's done.

200
00:10:11,280 --> 00:10:15,330
‫And then later we are going to see if it has some kind

201
00:10:15,330 --> 00:10:19,830
‫of misconfiguration regarding to Firestore security rules,

202
00:10:19,830 --> 00:10:23,190
‫or database security rules in general.

203
00:10:23,190 --> 00:10:24,750
‫And then we are going to see

204
00:10:24,750 --> 00:10:29,160
‫if we can exploit this vulnerability or not.

205
00:10:29,160 --> 00:10:32,160
‫We're going to use a lot of different methods

206
00:10:32,160 --> 00:10:36,630
‫in order to get this datas, get this information.

207
00:10:36,630 --> 00:10:39,090
‫We're going to use reverse engineering

208
00:10:39,090 --> 00:10:43,230
‫as well as network listening in this section.

209
00:10:43,230 --> 00:10:47,460
‫So if you can get the information with reverse engineering,

210
00:10:47,460 --> 00:10:50,070
‫then it's great, but if you cannot get it,

211
00:10:50,070 --> 00:10:52,500
‫I'm going to show you some alternative ways

212
00:10:52,500 --> 00:10:54,870
‫in order to obtain that information.

213
00:10:54,870 --> 00:10:58,170
‫And with these alternative ways, actually,

214
00:10:58,170 --> 00:11:00,990
‫you can do much more If you're working

215
00:11:00,990 --> 00:11:05,520
‫with another database structure or another backend service,

216
00:11:05,520 --> 00:11:09,210
‫you can still use what I'm about to teach you.

217
00:11:09,210 --> 00:11:12,270
‫So that's what we are going to do within this section.

218
00:11:12,270 --> 00:11:15,030
‫And also we are going to talk about certificates.

219
00:11:15,030 --> 00:11:17,610
‫We are going to talk about SSL, we're going to

220
00:11:17,610 --> 00:11:20,580
‫talk about network sniffing, and every stuff

221
00:11:20,580 --> 00:11:24,780
‫that you can think of to hack into this database,

222
00:11:24,780 --> 00:11:27,870
‫and get the data and delete the data,

223
00:11:27,870 --> 00:11:30,330
‫and then fix it as well.

224
00:11:30,330 --> 00:11:32,850
‫So if you have come to that point,

225
00:11:32,850 --> 00:11:35,010
‫then it's great you have a working app.

226
00:11:35,010 --> 00:11:39,063
‫Now it's time to stop and continue within the next lecture.