I have a react site that uses firebase to authenticate users. I'm writing e2e tests using playwright (same results with selenium) and really struggling to get login to work, to the point that I gave up doing it using any of the suggestions I've seen online
My question is, is there a security issue to have the following code in my login page?
const [searchParams] = useSearchParams();
if(searchParams.get('user') && searchParams.get('pass')) {
handleLogin(searchParams.get('user') as string, searchParams.get('pass') as string);
}
This will allow playwright to access all pages by first going to http://localhost:3000/?user=username&pass=password
Since all the login logic is happening in the ui I figure that this shouldn't be an issue. Am I wrong?
As long as you are still using firebase authentication and not storing passwords in a firestore. It will be secure. If you are using firestore, you can secure it further by adding read/write rules that only allow users to access their own data.