search

Suffro / InoWifiProvisioning

Wifi provisioning for WiFiNina and EEPROM supported boards.
https://suffro.github.io/InoWifiProvisioning/
MIT License
2 stars 1 forks source link

Could you make a proper library out of this and maybe apply the following suggestions? #1

Open SirPytan opened 1 year ago

SirPytan commented 1 year ago

It would be nice if this would be a proper library that can be used. But then you need to fix and improve some things.

  1. Password has a spelling mistake on the website that gets hosted.
  2. The SSID and Password should not be hard coded.
  3. For security reasons the password should never be printed to serial.
  4. On boards with a crypto chip, it would be good to use that to store the wifi password. (But I am not sure where to save the crypto key maybe it is a hardcoded key or this key is actually stored on the flash memory, not sure.)
  5. It would be good if it is not necessary to know the IP address to connect to the arduino, maybe it could have a fixed web address and uses it's own DNS resolver? Or when connecting to the wifi, it automatically redirects you to the page. So the created wifi does not use a password.
  6. It would be nice, if the website to connect to your wifi, would actually scan for all wifi's in reach, so you can just select one, instead of typing the SSID by hand, which can be annoying to do, if it is a long one, here is an example on how to do that: Example
  7. Using HTTPS for the login page, to make sure the password is not stolen on the way.

I am new to arduino programming, but I am trying to solve some of the things myself, but due to time constraints, I wish you could help me with some parts. The most important thing would be to get to the webpage without knowing the IP address.

Suffro commented 1 year ago

It would be nice if this would be a proper library that can be used. But then you need to fix and improve some things.

  1. Password has a spelling mistake on the website that gets hosted.
  2. The SSID and Password should not be hard coded.
  3. For security reasons the password should never be printed to serial.
  4. On boards with a crypto chip, it would be good to use that to store the wifi password. (But I am not sure where to save the crypto key maybe it is a hardcoded key or this key is actually stored on the flash memory, not sure.)
  5. It would be good if it is not necessary to know the IP address to connect to the arduino, maybe it could have a fixed web address and uses it's own DNS resolver? Or when connecting to the wifi, it automatically redirects you to the page. So the created wifi does not use a password.
  6. It would be nice, if the website to connect to your wifi, would actually scan for all wifi's in reach, so you can just select one, instead of typing the SSID by hand, which can be annoying to do, if it is a long one, here is an example on how to do that: Example
  7. Using HTTPS for the login page, to make sure the password is not stolen on the way.

I am new to arduino programming, but I am trying to solve some of the things myself, but due to time constraints, I wish you could help me with some parts. The most important thing would be to get to the webpage without knowing the IP address.

Hi, those are legit and good suggestions, let me work on it

Suffro commented 1 year ago

In the meanwhile, since this project is open source, feel free to make contributions to improve it yourself

SirPytan commented 1 year ago

I also found an older project, but it works on the WifiNina Chip of the Arduino Nano 33 IoT as well: EasyWifi-for-MKR1010 It does a few things worse and a few things better, maybe we can combine some things because there are still some wifi or network-related things I do not fully understand yet.

The best of the other project is, that it creates an Access Point with a Captive Portal, so it forces you onto the website, when connecting via Android for example. So you do not need a password at first and also do not need to know the IP address, which makes it more user-friendly when built into an inaccessible location. It also shows the scanned networks, but the website refreshes in intervals and does not show the strength of the scanned networks. The refreshing gives you only a small time window for entering the wifi password, which is bad, but with copy-paste, doable. It also scrambles the password a bit before storing it, so it is not directly readable if hacked. I will look into that project and will see what I can combine.

What I like on your website, is that it works good on smartphones, looks professional and it gives you feedback, even tho the feedback could be a bit improved. By first showing: "Trying to connect..." and then "Connected!" or "Could not create a connection, check password and try again!" And I like that it does not constantly refresh, so you have enough time to enter your password. So if showing the scanned networks it would be good to only refresh those, instead of the full website. Maybe that's possible with a POST Method, not sure.

I am not so familiar with Github itself, so I am not sure how to create a pull-request yet, I also need to setup my project first with github, I will do that a bit later.

SirPytan commented 1 year ago

A little bit unrelated, but I have the Arduino only for a couple of days yet, so I mainly do learning by doing currently. I have calibrated a distance sensor and I want it to use it to control the lights of my Phillips Hue Bridge. So for this I got the sensor part working, now I work on the easy wifi setup part and then I still need to figure out how to find and connect to the hue bridge and control a light with it, but luckily I found an example for it on the WifiWebServer repo. I only have a few days left to accomplish this. I should also try to get over-the-air updates working, to allow a firmware update from my PC when I need to improve things or if some parts are not done at this point, but I am not sure how to realize that yet.