android icon indicating copy to clipboard operation
android copied to clipboard

Published 20 hours ago verified publisher icon home-assistant

PIN / Biometrics for widgets

Open jandeschuttere opened this issue 3 years ago • 10 comments

Is your feature request related to a problem? Please describe.

I want to have an easy way in opening the garage door and the front door from the main Android home screen using widgets. These should by all time always require an additional action to prevent accidental triggers, kids randomly triggering apps or third persons having undesired access to the device. Definitely for widgets, if possible even on a per-button basis in the main app.

Describe the solution you'd like

I'd like to have the possibility via the widgets App-Settings page, or the widget standard form when creating, to mark a widget to be secure and in need of a biometric / PIN unlock.

Describe alternatives you've considered, if any

I enabled biometrics in the app, this locks the app but the widgets keep being usable

Additional context

I could not re-open https://github.com/home-assistant/android/issues/1055 so I created a new one, feel free to mark-as-duplicate, close and re-open that one.

jandeschuttere avatar Oct 28 '21 17:10 jandeschuttere

if possible even on a per-button basis in the main app.

This has to happen with the HA frontend team as the app is just a webview, we can prevent access like the other request but thats not the same as intercepting a button press like so. For now look into something like the Lock custom card or something similar?

dshokouhi avatar Oct 28 '21 18:10 dshokouhi

I understand and I'll definitely have a look at that card, thanks for the suggestion! The widget protection would not be solved through this I suppose, is there a way to trigger the unlock request (biometric/pin) via a service? If so, a possible workaround would be creating a script that first triggers this service and afterwards does the required action.

jandeschuttere avatar Oct 28 '21 18:10 jandeschuttere

no the widget will need to trigger the biometric prompt, will need to investigate if we can do it through the service itself or not.

dshokouhi avatar Oct 28 '21 18:10 dshokouhi

thank you for looking into this!

jandeschuttere avatar Oct 28 '21 18:10 jandeschuttere

did you have a chance in investigating whether or not this has a feasible solution?

jandeschuttere avatar Jan 31 '22 10:01 jandeschuttere

I'm also very much interested in this feature, for the same reason: garage door and front door should be protected.

@dshokouhi could you give me some starting points how to best implement this?

andyboeh avatar Aug 02 '22 21:08 andyboeh

@andyboeh we first need to research if we can add biometric prompt to the widget. Biometric prompt requires an activity to be loaded so not sure how that will work with the widget. You can read more about how the prompt works here: https://developer.android.com/training/sign-in/biometric-auth

dshokouhi avatar Aug 02 '22 21:08 dshokouhi

I had a look into this but I'm not deep enough into Android and Kotlin in order to implement it. It requires quite some changes to the code as an activity is needed like you already mentioned. It is possible to start an activity from the AppWidget by calling

intent = Intent(context, myActivity::class.java)
intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK)
context.startActivity(intent)

However, I don't know how to handle the communication between this new Activity doing the authentication and the ButtonWidget I'm trying to implement it on. Moving the service call to the activity doesn't make sense if the authentication is not configured. The new Activity should then re-use the already implemented Authenticator.kt.

Does that make sense?

andyboeh avatar Aug 04 '22 16:08 andyboeh

However, I don't know how to handle the communication between this new Activity doing the authentication and the ButtonWidget I'm trying to implement it on. Moving the service call to the activity doesn't make sense if the authentication is not configured. The new Activity should then re-use the already implemented Authenticator.kt.

After you get the authentication result, send an intent to the button widget to perform the service call like the widget does itself:

https://github.com/home-assistant/android/blob/master/app/src/main/java/io/homeassistant/companion/android/widgets/button/ButtonWidget.kt#L156-L159

dshokouhi avatar Aug 04 '22 16:08 dshokouhi

@andyboeh if you find yourself getting stuck feel free to jump on Discord #devs_mobile_app and we can help out too.

dshokouhi avatar Aug 04 '22 17:08 dshokouhi

OK, so I got the basics working, currently only for the ButtonWidget. What's missing is a check box to enable authentication for a specific button and all strings are hard coded - once I get it cleaned up I'll open a PR.

WiP: https://github.com/andyboeh/home-assistant-android/commit/b0fa9c241e0ddcfd341f0887a45835a642f58eff

andyboeh avatar Aug 15 '22 20:08 andyboeh

I think I'm done - see https://github.com/andyboeh/home-assistant-android/commit/f012e0f7f739c2ffd2ec275c9c4a6965941a20ab. The service button configuration dialog has a new check box "Require Authentication". If it is set, the device credentials are asked before calling the service.

Before opening a PR, could I get some early feedback from @dshokouhi if I've done something completely stupid? I've never done anything in Kotlin before and I was unable to properly test the database migration.

andyboeh avatar Aug 15 '22 21:08 andyboeh

Really appreciate you taking time and effort on getting a solution, thank you!

jandeschuttere avatar Aug 16 '22 07:08 jandeschuttere

Before opening a PR, could I get some early feedback from @dshokouhi if I've done something completely stupid? I've never done anything in Kotlin before and I was unable to properly test the database migration.

To properly test the database migration you need to do the following:

  1. First deploy a fresh copy of master branch
  2. Login to the app and create a button widget
  3. Deploy the new branch
  4. Ensure the app does not crash when opening the app

I would also check that you can edit a widget after the migration and also add a widget after the migration using both the launcher and from Companion App > Manage Widgets screen. I would also check the behavior if the device does not have any credentials/lock screen configured and the widget requires authentication.

Asides from that I don't see any glaring issues based on a quick peak. You can submit a PR and once it builds the app will create some debug APKs and you can get feedback from other users on the functionality

Thank you for taking this on!!!

dshokouhi avatar Aug 16 '22 16:08 dshokouhi

Hello,

thanks for implementing this Feature.

My concern is only that it is always possible to disable this (safety) check again. You only have to edit the Widget and uncheck it.

Would it be possible to only make this checkbox changeable on creation of the widget (or at least visible)?

n4rrOx avatar Mar 06 '23 23:03 n4rrOx

@n4rrOx this is a closed issue and has not had activity for some time. Please file a new issue or request

dshokouhi avatar Mar 06 '23 23:03 dshokouhi