Android App on Tablet as Home Lighting Control for Visitors

An issue report on GitHub would be helpful, if only for focussed discussion of the matter at hand. But…

… don’t hold your breath for this happening immediately. What complicates things a lot here for the apps (both Android and iOS) is that they need to support two completely distinct, but equally valid, modes of operation: sitemaps and MainUI. The former needs the apps’ hamburger menu, while the latter has its own. Integrating both completely in the latter case is really complicated, so I don’t see this happening anytime soon.
Your described case of the exit button without configured aitemaps is somewhat ugly UX though, so I’d like to see this fixed, but as described above I’m not entirely sure how while still keeping the app settings (plus NFC, plus notification list, plus maybe other UIs like HabPanel) reachable.

Thanks Danny. I am grateful for you taking the time to pay attention to this.
I am focussed on Android.
Key for me is that we assume the non-admin user is not savvy and potentially mischievous, and is therefore never able to see options which should only really be used by an admin.

I see two routes to do this - defer to you as to which is best. (I personally would prefer 1 from a usage perspective - the Overview page is good - it would be a shame to hide it if this were avoidable).

Option 1: Allow non-authenticated users to see Overview page - but change Overview page accordingly
A: This means changing the exit button to do just that - exit Openhab completely.
B: The (useful) ‘Settings’ tab which is lost (from the now-removed-exit-page can be moved to the sidenav tabs on the Overview page.
C: I suggest that this Settings tab is either still subject to a device lock (as it is currently) so it can’t be messed with by a non-admin (but the user knows it’s there and it takes up valuable screen real estate), or it can be hidden to non-admins . Or both.
D: Same for NFC - it can presumably also appear in the sidebar on the Overview page (having been removed from Exit page). However is it also important that this is an option which can be disabled and hidden. NFC scan is not going to be useful for a tablet screwed to a wall, but may be useful for the admin using their phone, for example); it may also introduce problems if a mischievous user scans something they shouldn’t.

Option 2: Definitively Hide Overview page from Unauthenticated Users and leave Overview page as is
A: I can hide the overview page from unauthenticated users myself (no change to app needed) - but in the app they can unfortunately find a way back to this supposedly-hidden-page through clicking the logo (see below). So the app change would be to make the logo unclickable for them.

For both options:
The “Help and About” button also offers a number of customizations which should really only be available to an an admin… this should also be hidden or hideable.
I do not want an unauthenticated user using my installed tablet to view Openhab Documentation, the forum or the website (and, unlike the admin, they wouldn’t need to). Ditto for the Appearance and Miscellaneous options. Reload/restart app not a bad idea to keep available to all - but not critical.


Cheers

Hi Mark,
I’m using such set-up around my house with several tablets available on wall for use by my family as well as visitors. All being regular users without any technical knowledge of OH and my system set-up. It is now working in the set-up below for more than a year with no complain from the users.

Here is how I have overcome the issues you describe:
1. Multi-user support
This is something that took me the most effort. For that I have reworked the openhab-multiuser-proxy project to be compatible with OH3+ as well as contributed some changes to the OH MainUI. My working multiuser-proxy solution is here: GitHub - Davek145/openhab-multiuser-proxy: openHAB Multi-User support for the REST API v 2.0.2

What it does is that it adds real and fully working user authenthication using mTLS certificates and NGINX reverse proxy. Based on this authentication, back-end NodeJS package is getting data from OH Rest API and performs filtering of Items, MainUI Pages and Sitemaps. Items/Pages and Sitemaps are having specific ACL Tag that is than used for the filtering. I’m having hierarchy or user roles and groups of OH objects defined (i.e. authorization definition) that using a rule is than populating these ACL Tags to individual Items.

So, at back-end OH access for normal users is not using any authentication. However, using the proxy I’m able to differentiate between them and every user gets only those Items and Pages that they should get. It is much more bullet-proof and secure than the visibleTo property in OH itself, as this proxy really filters the Rest API. So the user cannot work with any Item he does not have access right defined. Not only hidden in MainUI as the visibleTo property in OH. Actually, with correctly set-up proxy and firewall I do have full control over who and to what does have access in the Rest API itself, regardless what way they access it (i.e. not only using MainUI, but also direct API request as well). Even if they would know the Item name and want to “hack it” by calling Rest API, such action would be forbiden by the proxy. I do have additional security measures set at the NGINX (e.g. WAF), but that is not important for this description.

In my set-up I do have specific PKI certificate generated for each wall tablet and other user device having specific CN and OU used by NGINX for the mTLS authentication.

2. OH Set-up
As described above, for all Items in my set-up I do have specific ACL Tag assiged that is than used by the NodeJS for filtering. This way, I do have defined subset of Items that are available at Wall tablets or for other users. As described earlier, due to full scale RestAPI filtering my guests really see only Items I want them to see. All other items are not available to them.

Similar way, I do have specific MainUI Pages prepared for them, that they do have available. And oposite, there are Pages I use, that are not visible to my Guests at all similar to Items.
What is very nice on filtering of Items provided by RestAPI is, that for standard control we all use the MainUI including Overview and Location tabs. But every user is having different set of Locations, Equipments and Points (and Pages in Menu) based on what ACL Tag is set at it. E.g. we all see “Living room”, but guests can see and control only lights. My wife can also adjust room temperature. But I can control also power sockets and other technologies in the room. And so on.

3. UI used on tablets
I have experienced exactly the same issues you are describing for the OH Android app. For that reason, I’m using this app only on phones of my family members, which know how to use it.
For wall tablets I’m not using it.
Instead, I use Fully Kiosk Browser as Android launcher at all my wall tablets. This application is able to lock the tablet to allow only specific interations with it and at the same this it is fully capable web browser including ability to use PKI certificates mTLS proxy authentication. It is able to limit even external links etc., so the user cannot leave the space you want them to be in.
I use my filtered OH MainUI as the web page provided by Fully to users. It works well and, in my view, is sufficiently bullet prove for non technical users.

I know it may all sound quite complicated and it took me a while to make it working. But vast majority was the time needed to develop the Multi-user Proxy working with OH3+ and MainUI. Now, it is ready and available to everybody as NodeJS package including documentation and guidance for installation and set-up. So, shall not be complicated and time consuming any more.
For sure credit goes also toe Florian, as he made the original Multi-user Proxy for Sitemaps that I have used as the start for my work.

Hope this helps.

1 Like

I agree with this. Expecially the ability to “sniff” Item commands is not something you want users to have access to. Using they NGINX Proxy described above you can restrict access to this page as it has distinguised address.

Thank you for sharing.
These steps are impressive.
However I fear some of them - even in their latest, simplified form, are beyond what I would be able to do (in terms of both time and ability!).

Nonetheless - I am comforted that it is not just me who has been looking for solutions to these issues.

I would still propose that the (unauthenticated) app is where we should focus our efforts to make the user experience as simple and dummy-proof as possible.

Cheers