This is the forum archive of Homey. For more information about Homey, visit the Official Homey website.
The Homey Community has been moved to https://community.athom.com.
This forum is now read-only for archive purposes.
The Homey Community has been moved to https://community.athom.com.
This forum is now read-only for archive purposes.
Local logon not possible when there is no internet connection
DaneeDeKruyff
Member
So we had a power outage this morning that lasted roughly 2 minutes (Yes, 2 minutes before the Formula 1 race started! 
)
When the power was restored however, we had no internet and it took Ziggo till 16:00 to get it working again. During that time it was not possible to (locally) logon to my Homey:
Seems the local logon page needs the Athom servers, I can't say I'm really happy with that! We need to be able to logon locally and use our Homeys without an internet connection!
)When the power was restored however, we had no internet and it took Ziggo till 16:00 to get it working again. During that time it was not possible to (locally) logon to my Homey:
Seems the local logon page needs the Athom servers, I can't say I'm really happy with that! We need to be able to logon locally and use our Homeys without an internet connection!
Comments
Or is it still working but you can't reach it.
As you can see in the address bar it shows a local IP and I'm connected localy to my Homey, yet there is an iframe that tries to connect my.athom.com which can be seen in the 2nd screenshot. Since there is no internet connection, that name can not be resolved, hence the error in the 1st screenshot.
Thanks, Just checked that, that works. But that is not really user friendly!
Will there be a local logon page/mechanism in Homey itself? It shouldn't be to hard to do the hash calculation on a user entered password and compare that to the bearer_token in Homey itself.
AND after every password change a Geek should again lookup the url with bearer token and save it?
Worst case scenario;
I loose my laptop (without login pass) and in my Chrome is the link to my Homey saved and now the person who has my Laptop can take control over Homey?
My Favorites in Chrome are saved in my GoogleAccount in the Google Cloud.
So if my Account is hacked(yes yes i have 2 step auth enabled), that person also has access to my secured Homey.
Its just so insecure to save a link to "secured" environment.
And for every user it should be possible to locally logon to Homey without to use of background saved (nerdy/geek) data.
Well, do not allow password changes when it is not possible to synchronise the password to homey.
The big question here is where the primary authentication DB is stored. Is it on the users device or on your cloud servers. What happens when the cloud servers are gone, for example?
I'm not saying this: http://tweakers.net/nieuws/109975/smarthome-hub-revolv-van-nest-stopt-volgende-maand-met-werken.html will happen, but I also have no certainty this won't happen.
You're free to duplicate the key and store it in a drawer, if you'd like.
1. If you have an active internet connection and are able to log in, then update the cookie with the bearer_token. That way, after a password change with an active internet connection, the bearer_token should always be up-to-date.
2. If there is no active connection, but the current bearer_token matches with the calculated hash from the local login, then allow it and continue. If it doesn't match, fall back to the current functionality.
Not many people will consider changing their password when they are offline, but even if they do, I doubt they will complain that they are able to login to Homey when technically they shouldn't.
Beside that, what problems does your feature request solve vs what complexities does it introduce.
Fe what current functionality would fail like mobile devices... how to reset lost password, or how to secure see https://github.com/athombv/homey/issues/1505