nuki_hub icon indicating copy to clipboard operation
nuki_hub copied to clipboard

[Feature Request] Check if keypad code and codeId combination is valid

Open iranl opened this issue 1 year ago • 4 comments

Discussed in https://github.com/technyon/nuki_hub/discussions/479

Originally posted by jkrenzer October 3, 2024 Hi!

After setting a key-code it would be helpful if there was an endpoint for checking a given 6-digit code against a codeId. This way an external interface updating the code could afterwards verify, that the new code is now set without publishing all codes in the mqtt permanently.

Something like:

Request:

{
  "action": "check",
  "codeId": 1234,
  "code": 654321
}

Response:

{
  "valid": true
}

Kind regards, Jörn

iranl avatar Oct 11 '24 18:10 iranl

I'm really thinking if we shouldn't just add that option to publish the keypad codes. It should be clearly marked it in the web interface as safety relevant. If someone takes the necessary precautions to secure their system like using SSL encryption, it maybe is not that big of a safety issue, but we should communicate that clearly. Having such an option to just verify a code is a good thing to have too though. @iranl Are you looking into this already?

technyon avatar Oct 14 '24 03:10 technyon

Nevermind, I just realized we have the "Also publish keypad codes (Disadvised for security reasons)" already.

technyon avatar Oct 14 '24 05:10 technyon

I'll work on this for 9.02 as an optional (disabled by default) feature

iranl avatar Oct 14 '24 19:10 iranl

I've added the code in #488 with some basic brute force prevention and a toggle in de Web configurator that needs to be set to allow checking codes at all.

I have not been able to test as I'm somewhat limited by my home remoddeling in what I can test on my main Nuki 4.0 pro + keypad 2.

Format should be as suggested to the nukihub/keypad/actionJson topic:

{
  "action": "check",
  "codeId": 1234,
  "code": 654321
}

Result will be in the keypad/commandResultJson topic (checkingKeypadCodesDisabled, codeValid, codeInvalid, checkingCodesBlockedTooManyInvalid)

PR still needs a README update and testing

iranl avatar Oct 15 '24 20:10 iranl