search

LiterateInk / Pawnote

A purrfect API wrapper for PRONOTE.
https://docs.literate.ink/pawnote
GNU General Public License v3.0
55 stars 12 forks source link

feat: support PIN login on accounts #56

Closed Vexcited closed 2 months ago

Vexcited commented 2 months ago

For now, we're only able to login to accounts if "2FA" is not enabled. This most of the time involves a PIN code to enter.

Implementation details

We might throw an error in the login credentials method where the user have to call another method to provide PIN (using the same session probably)

Roadmap

Gabriel29306 commented 2 months ago

There is only a PIN as 2FA which is 4 digits for students. Other protection possibilities are just a notification.

Vexcited commented 2 months ago

Since we also support other accounts (parents and teachers for now), it could be great to know what are the protection possibilities for anyone

Gabriel29306 commented 2 months ago
Every account can have PIN code, or no. Account type PIN rules
Student 4 digits (not less, not more)
Teacher min 4 digits (there doesn't seem to be a limit)
Parent 4 digits (not less, not more)
Direction min 4 digits (there doesn't seem to be a limit)
School life (Is it the good translation ?) min 4 digits (there doesn't seem to be a limit)
Academie 4 digits (not less, not more)
Student companion min 4 digits (there doesn't seem to be a limit)
LeGeek01 commented 2 months ago

There is only a PIN as 2FA which is 4 digits for students. Other protection possibilities are just a notification.

all depending from the school, which can force a certain level of protection

Gabriel29306 commented 2 months ago

Yes, there are 3 levels of account protection.

The school can force one of them or just offer the choice of the account protection level.

Vexcited commented 2 months ago

Yes, there are 3 levels of account protection.

  • 1: Nothing
  • 2: Notification
  • 3: PIN

The school can force one of them or just offer the choice of the account protection level.

What does Notification looks like ?

Gabriel29306 commented 2 months ago

Screenshot_20240903_195550_Discord.jpg

(Not my screenshot, i don't have my instance up)

Vexcited commented 2 months ago

Oh so there's no extra API calls to do, it's just a simple notification that you can ignore that doesn't affect the login ?

Gabriel29306 commented 2 months ago

I think no

Gabriel29306 commented 2 months ago

Correction: even when there is only the notification, you have to register the device

LeGeek01 commented 2 months ago

Correction: even when there is only the notification, you have to register the device

you have to register the device if you want so, if not you'll need to enter the pin after the session expires

LeGeek01 commented 2 months ago

Oh so there's no extra API calls to do, it's just a simple notification that you can ignore that doesn't affect the login ?

@Vexcited if level 2, yes it's just a notification sent to the mail indicated on the account (but seems like this doesn't work, I didn't receive any mail from pronote when I first setup my pin and registered my phone, only works when resetting the password)

Gabriel29306 commented 2 months ago

Yes, so with pawnote we need to save the device to don't have to send pin each time

LeGeek01 commented 2 months ago

Yes, so with pawnote we need to save the device to don't have to send pin each time

note that pawnote is not only for Papillon, so maybe add a option to register the device

Gabriel29306 commented 2 months ago

I think the better way is to automatically register the device with a given name at the auth process.

Vexcited commented 2 months ago

I think the better way is to automatically register the device with a given name at the auth process.

Why give it a specific name when we can probably re-use the device UUID (just a suggestion)

Gabriel29306 commented 2 months ago

It's not stupid, but it might look weird to the user, a device named "dheh-273v-8ed8-3736" could easily be confusing, and make people think that the account has been compromised.

LeGeek01 commented 2 months ago

I think the better way is to automatically register the device with a given name at the auth process.

I don't think so, by this you must register the device via pawnote, that can't be okay for everyone (who ? idk bruh)

Gabriel29306 commented 2 months ago

Why people can be not okay ? For Papillon, for example, the app can register as Papillon, if y have a custom script on my computer, I can register as My cool program.

LeGeek01 commented 2 months ago

Yeah but don't think only for Papillon, some users doesn't want to register the device