This is the forum archive of Homey. For more information about Homey, visit the Official Homey website.

The Homey Community has been moved to https://community.athom.com.

This forum is now read-only for archive purposes.

Local logon not possible when there is no internet connection

So we had a power outage this morning that lasted roughly 2 minutes (Yes, 2 minutes before the Formula 1 race started!  >:) )
When the power was restored however, we had no internet and it took Ziggo till 16:00 to get it working again. During that time it was not possible to (locally) logon to my Homey:
 
Seems the local logon page needs the Athom servers, I can't say I'm really happy with that! We need to be able to logon locally and use our Homeys without an internet connection!




Comments

  • Ough, that should be redesigned...
  • Thats strange. Am i getting this right? No internet connection means no Homey?
    Or is it still working but you can't reach it.
  • EmileEmile Administrator, Athom
    If you save the link my.athom.com redirects you to when you click a Homey, you can log-in without an active Internet connection.
  • Thanx Emile.   :)
  • @emile can you please explain my screenshots to me?
    As you can see in the address bar it shows a local IP and I'm connected localy to my Homey, yet there is an iframe that tries to connect my.athom.com which can be seen in the 2nd screenshot. Since there is no internet connection, that name can not be resolved, hence the error in the 1st screenshot.
  • When you're online, go to https://my.athom.com/ and you'll see a link to your Homey. Save this url somewhere. URL should contain bearer_token which is your login token.
  • would be nice if Homey could cache/use this URL automatically...
  • EmileEmile Administrator, Athom
    It does in your cookies. 
  • +1 on UX!
  • MatjaLipu said:
    When you're online, go to https://my.athom.com/ and you'll see a link to your Homey. Save this url somewhere. URL should contain bearer_token which is your login token.

    Thanks, Just checked that, that works. But that is not really user friendly!

    Will there be a local logon page/mechanism in Homey itself? It shouldn't be to hard to do the hash calculation on a user entered password and compare that to the bearer_token in Homey itself.

  • EmileEmile Administrator, Athom
    That's pretty hard. What if the user changed it's password in the meantime, for example?
  • MarcoFMarcoF Member
    edited April 2016
    So for a normal user it's "impossible" to get that special url from a cookie/developer screen and so a Homey will be inaccessible for a normal user if (s)he has a internet outage? (because (s)he don't have the special token and/url noted/saved)

    AND after every password change a Geek should again lookup the url with bearer token and save it? 

    Worst case scenario;
    I loose my laptop (without login pass) and in my Chrome is the link to my Homey saved and now the person who has my Laptop can take control over Homey?
  • MarcoF said:
    So for a normal user it's "impossible" to get that special url from a cookie/developer screen and so a Homey will be inaccessible for a normal user if (s)he has a internet outage? (because (s)he don't have the special token and/url noted/saved)

    AND after every password change a Geek should again lookup the url with bearer token and save it? 

    Worst case scenario;
    I loose my laptop (without login pass) and in my Chrome is the link to my Homey saved and now the person who has my Laptop can take control over Homey?
    Just don't loose your laptop
  • MarcoFMarcoF Member
    edited April 2016
    +1 on not loosing the laptop suggestion!!

    My Favorites in Chrome are saved in my GoogleAccount in the Google Cloud.
    So if my Account is hacked(yes yes i have 2 step auth enabled), that person also has access to my secured Homey.

    Its just so insecure to save a link to "secured" environment.

    And for every user it should be possible to locally logon to Homey without to use of background saved (nerdy/geek) data.
  • Well, do not allow password changes when it is not possible to synchronise the password to homey.

    The big question here is where the primary authentication DB is stored. Is it on the users device or on your cloud servers. What happens when the cloud servers are gone, for example?

    I'm not saying this: http://tweakers.net/nieuws/109975/smarthome-hub-revolv-van-nest-stopt-volgende-maand-met-werken.html will happen, but I also have no certainty this won't happen.

  • EmileEmile Administrator, Athom
    Homey is the 'boss', but your Athom account is stored on our servers, and is your 'keychain' to your Homeys.

    You're free to duplicate the key and store it in a drawer, if you'd like.
  • I don't like it, but have to as it's the only way to get into my  Homey when your servers are not reachable.
  • Emile said:
    That's pretty hard. What if the user changed it's password in the meantime, for example?
    How about:
    1. If you have an active internet connection and are able to log in, then update the cookie with the bearer_token. That way, after a password change with an active internet connection, the bearer_token should always be up-to-date.
    2. If there is no active connection, but the current bearer_token matches with the calculated hash from the local login, then allow it and continue. If it doesn't match, fall back to the current functionality.
    Not many people will consider changing their password when they are offline, but even if they do, I doubt they will complain that they are able to login to Homey when technically they shouldn't.

  • A possibility to create "local only" accounts would be nice. 
  • GeurtDijkerGeurtDijker Member
    edited January 2018
    megardt said:
    A possibility to create "local only" accounts would be nice. 
    Good idea, only feature requests needs to be made at GitHub because this is a community forum (please read the welcome on the forum message) and athom doesn't actively monitori these messages. So if you want Athom to do something with above you need to do that on GitHub. 

    Beside that, what problems does your feature request solve vs what complexities does it introduce. 

    Fe what current functionality would fail like mobile devices...  how to reset lost password, or  how to secure see https://github.com/athombv/homey/issues/1505
Sign In or Register to comment.