Check keypad code

[jkrenzer]

Hi!

After setting a key-code it would be helpful if there was an endpoint for checking a given 6-digit code against a codeId. This way an external interface updating the code could afterwards verify, that the new code is now set without publishing all codes in the mqtt permanently.

Something like:

Request:

{
  "action": "check",
  "codeId": 1234,
  "code": 654321
}

Response:

{
  "valid": true
}

Kind regards,
Jörn

[iranl]

If the mqtt topic keypad/commandResultJson reports success after adding or updating a code you can be assured the just updated keypad code is valid with the used code. You can also watch the keypad/json for new codes, again if it is there it was accepted by the keypad and is valid with the chosen code and optional (time)constraints.

Adding a function as requested would almost be as much of a security risk as publishing the codes themselves without proper brute force mitigations.

[jkrenzer]

Problem is, I cannot always catch the success response, as the system managing the PIN (for people renting the house) might not always be connected and thus the state is just assumed. Changes in the mean-time, e.g. manual pin reset by someone on premise, might get lost on me. Having someone standing outside in the rain is rather a bad situation when renting out, so I wanted to assert the code given to the user is the working one.

A rate limit or other mitigation regarding brute force would be necessary, I agree to get a somewhat secure solution.

On the other hand, currently I only have the choice to publish all codes or none, if I want to assert the state. A middle ground, like allowing checking or publishing only explicitly allowed codes in MQTT would be helpful.

So much my current thoughts, thanks for your input and considerations!

[technyon]

When creating a new code, you can assign it a name. You can be sure if you create a code with a certain name it appears in the list of created codes with that same name, the code has been created. You could just use a counter and keep a mapping to the code. This would almost cover your solution, the only case not covered is that someone update an existing code with a new PIN.

[jkrenzer]

...the only case not covered is that someone update an existing code with a new PIN

And that is exactly what our booking system is doing. It updates an existing, particular guest pincode with new codes and/or enables/disables it. So when the house is not booked, there is no chance to enter with a guest pin and when it is rented out, people are supplied with a dedicated code which is active during their stay.
Nice feature is, that this way any time restrictions etc. set for the code by an on-premise user's app are retained.

I mean, after inspecting the MQTT structure more closely, I saw the dateCreated attribute of the codes. Is there also information on last update retained? This way I could try to determine manual changes by checking this datetime against the last changed datetime used by the system. 🤔 I assume there is no such thing like a change counter?

[iranl]

Moving to issues