errhammr
/
Lucia-App
5
16
Fork 1
Code Issues 4 Pull Requests Projects Releases 2 Wiki Activity
Labels Milestones
New Issue

Add a fake QR scanner feature #6

Open
opened 2 years ago by Flixbox · 7 comments
Flixbox commented 2 years ago

The real Luca App has a Self Check In feature that allows the user to scan a QR code. It would be nifty if we could use an existing QR scanner library to easily implement our own QR scanner.

Screenshots
http://imgur.com/a/Jk1E5ZE

The real Luca App has a Self Check In feature that allows the user to scan a QR code. It would be nifty if we could use an existing QR scanner library to easily implement our own QR scanner. Screenshots http://imgur.com/a/Jk1E5ZE
errhammr added the Status: Help wanted label 2 years ago
errhammr commented 2 years ago
Owner

Thanks for the suggestion. This feature might be a little more tricky to implement.

When the location staff scan the QR-Code that is shown in the Lucia app, some software at the location communicates with the checkin servers. When the Lucia app scans a QR-Code at a location, the Lucia app would need to communicate with the checkin servers. I don't think any app can just send any checkin data to the servers.

In the real app the user needs to provide their personal details before being able to use the app. I assume that this registration procedure contains some sort of authentication/authorisation part that makes sure that only properly registered users can check into locations by scanning a QR-Code with the app.

I don't want to write code that circumvents security mechanisms on the checkin servers. That could get me in trouble.

If I find the time to look into the checkin procedure specification and I find an easy way to send fake checkins without breaking security mechanisms, I might add this feature. But please don't get your hopes up too high.

If anyone wants to help out and implement this feature, PRs welcome

Thanks for the suggestion. This feature might be a little more tricky to implement. When the location staff scan the QR-Code that is shown in the Lucia app, some software at the location communicates with the checkin servers. When the Lucia app scans a QR-Code at a location, the Lucia app would need to communicate with the checkin servers. I don't think any app can just send any checkin data to the servers. In the real app the user needs to provide their personal details before being able to use the app. I assume that this registration procedure contains some sort of authentication/authorisation part that makes sure that only properly registered users can check into locations by scanning a QR-Code with the app. I don't want to write code that circumvents security mechanisms on the checkin servers. That could get me in trouble. If I find the time to look into the checkin procedure specification and I find an easy way to send fake checkins without breaking security mechanisms, I might add this feature. But please don't get your hopes up too high. **If anyone wants to help out and implement this feature, PRs welcome**
errhammr added the Kind: Feature Priority: Low labels 2 years ago
Flixbox commented 2 years ago
Poster

I don't think there's a need to communicate with any servers. The few places I've been at so far have not verified the check-in at all. It would be sufficient to display a generic QR scan process

I don't think there's a need to communicate with any servers. The few places I've been at so far have not verified the check-in at all. It would be sufficient to display a generic QR scan process
errhammr commented 2 years ago
Owner

So it would be good enugh to scan a QR code and then show a fake "all good" screen? What does the original app display after scanning a QR code? Can you provide a screenshot of that, please? If personal details are displayed, please redact them in the screenshot ;)

So it would be good enugh to scan a QR code and then show a fake "all good" screen? What does the original app display after scanning a QR code? Can you provide a screenshot of that, please? If personal details are displayed, please redact them in the screenshot ;)
Flixbox commented 2 years ago
Poster

Sure! I even found the QR code for a random OBI market online.

image

Here's a gallery, I even took a video of the sign-out process.

https://imgur.com/a/JyR12ET

Sure! I even found the QR code for a random OBI market online. ![image](/attachments/881eed11-6361-4a47-8ed9-d42434935d15) Here's a gallery, I even took a video of the sign-out process. https://imgur.com/a/JyR12ET
image.png
94 KiB
Caine commented 2 years ago

https://gitlab.com/lucaapp/web/-/issues/1

Is this helpful? It seems that it is currently possible without a problem. But as soon as phone numbers are used, it would not be possible anymore.

https://gitlab.com/lucaapp/web/-/issues/1 Is this helpful? It seems that it is currently possible without a problem. But as soon as phone numbers are used, it would not be possible anymore.
chbmeyer commented 2 years ago

I thought that JavaScript from luci-app.de does the job, the names of the embeded js-files looks promising and AFAICS it works.
Perhaps someone could check whether the locations-luca-counter counts up:

https://luci-app.de/js/html5-qrcode.min.js from https://github.com/mebjas/html5-qrcode
https://luci-app.de/js/rv-crypto.min.js
https://luci-app.de/js/elliptic.min.js from https://github.com/indutny/elliptic
https://luci-app.de/js/sha256.min.js
https://luci-app.de/js/forge.min.js

I thought that JavaScript from luci-app.de does the job, the names of the embeded js-files looks promising and AFAICS it works. Perhaps someone could check whether the locations-luca-counter counts up: https://luci-app.de/js/html5-qrcode.min.js from https://github.com/mebjas/html5-qrcode https://luci-app.de/js/rv-crypto.min.js https://luci-app.de/js/elliptic.min.js from https://github.com/indutny/elliptic https://luci-app.de/js/sha256.min.js https://luci-app.de/js/forge.min.js
lm41 commented 2 years ago

This would be a great idea. I'm currently in the Vacation and here works everything with these QR-codes, so Lucia is not a help here anymore.

This would be a great idea. I'm currently in the Vacation and here works everything with these QR-codes, so Lucia is not a help here anymore.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
Labels
Apply labels
Clear labels
Kind: Breaking Kind: Bug Kind: Documentation Kind: Enhancement Kind: Feature Kind: Maintenance Kind: Question Kind: Security Kind: Testing Priority: Critical
The priority is critical Priority: High
The priority is high Priority: Low
The priority is low Priority: Medium
The priority is medium Reviewed: Confirmed
Something has been confirmed Reviewed: Duplicate
Something exists already Reviewed: Invalid
Something was marked as invalid Reviewed: Wontfix
Something won't be fixed Status: Blocked Status: Completed
Work is complete Status: Help wanted Status: In progress
Work is in progress Status: Needs feedback
Feedback is needed Status: Stale
No Label Kind: Breaking Kind: Bug Kind: Documentation Kind: Enhancement Kind: Feature Kind: Maintenance Kind: Question Kind: Security Kind: Testing Priority: Critical Priority: High Priority: Low Priority: Medium Reviewed: Confirmed Reviewed: Duplicate Reviewed: Invalid Reviewed: Wontfix Status: Blocked Status: Completed Status: Help wanted Status: In progress Status: Needs feedback Status: Stale
Milestone
Set milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Assign users
Clear assignees
No Assignees
5 Participants
Notifications
Due Date

No due date set.

Dependencies

No dependencies set.

Reference: errhammr/Lucia-App#6
Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch '%!s(<nil>)'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes