Security Panel 2.0

[Hexagon]

As a totally new domoticz user, one of the first things i noticed (besides that it is awesome) is that the security panel isn't as polished as the rest of the system. A good thing is that I have years and years of experience with HTML5/JavaScript and C++, so I've started to look into some potential improvements.

First, some questions to the developers:

1. Why is the js sources gzipped in the source tree (www/secpanel)?
2. Is anyone currently working on the security panel. I see some unused JS mainly regarding zones that doesnt seem to be backed by the API.
3. The contribution guidelines tells me to contribute using master branch, that's fine for me, but is it equally ok to start from development branch?

Second, my proposed improvements, most important one first:

1. JavaScript
1.1 Removing evals
1.2 Scoping
1.3 Replacing (scattered) refreshs with an delayable and contious heartbeat
1.4 Moving event handling from DOM to JS (AddDigit etc.)
1.5 Removing dependency on less.js, i see no point in using less for this simple interface. The site would probably load quicker without it (css is far less code than less.js + less source). An additional win is that we get rid of a setInterval used internally in less.js.
1.6 Making it not freeze the browser when left open for some time
1.7 Make the ajax calls async (async: false is just wrong )
1.8 Make touch response faster (with onClick there is a ~350ms delay between lifting your finger and getting stuff done)

2. Stylesheets
2.1 Removing less, se 1.5
2.2 Adding support for themes, moving current styles/fonts/images into themes/default/[js/css/img]*

3. Security
3.1 Access to security panel API without being authenticated. Currently you have to log in to domoticz to be able to use the security panel(?). I believe it would be more secure to be able to arm/disarm without actually being logged in.
3.2 Possibility to arm without entering code, maybe after opt-out via configuration. Many real world security panels has this option.

Any thoughts? Am i on the right track? More ideas on improvements from users or developers?

Edit: Excuse and/or ignore my grammar, I'm a swede

Edit2: Screenshots of the new themes "light" and "dark"

[Hexagon]

Point 1 and 2 are done.

About point 3:

The security panel uses four API calls, which all require authentication right now.

Code: Select all

?type=command&param=setsecstatus // For getting security status
?type=command&param=getsecstatus // For getting security status
?type=command&param=getuservariables // Gets 'secpanel-autorefresh' ???
?type=settings // Gets SecOnDelay

Obviously we cannot allow ?type=settings without authentication. But wouldn't it be possible to add SecOnDelay to getsecstatus and allow getsecstatus and setsetstatus outside authentication? That would make the security panel usable without having a logged in session.

[Dnpwwo]

@Hexagon,

I haven't seen any work on the security panel for a while so you won't be treading on anyone's toes.

The best way to talk to the active devs is using the Domoticz slack channel: https://domoticz.slack.com/

I think the guidence is out of date. Devs are supposed to work off the development branch. For minor fixes I push direct to that and for bigger things I create a feature branch and submit a pull request.

I haven't usd the security panel so might not be the best to comment (I plan to in the next month or so which makes it great that someone is going to refresh it ) but from a first principles perspective, if you can walk into the house and turn off the alarm directly using just the code then making Domoticz require additional security is pointless IMHO.

[DewGew]

Did manage to add translations?
Today the security panel is only in english. Translated strings are already in the language files.

[Hexagon]

No additional translations yet. Can have a look at it later, should be a pretty simple fix if the translations are already in place

[furriephillips]

This activity makes me happy - I do use the keypad and I would like to use it for 3rd-party contractors, too. I love the light and dark themes - I'd probably levitate towards dark, but we could use the time of day to choose - maybe if we have an actual physical keypad).

I can see some room for further improvement, as follows: -

1. auto-adjust keypad size to fill the screen (see image below, for the current state - not fat-finger friendly)
2. add alphabetical letters to the digit buttons, under the numbers - a la phone keypad, allowing for longer passcodes, using a memorised word
3. add 2 more buttons (* and #) to the bottom row, either side of the 0 key, and allow more complex passcodes than just numbers
4. change the status display from "Arm", to "Armed" (arm is an action & armed is a state)
5. implement multiple codes, allowing Domoticz to identify & log the user who has armed/disarmed the system
6. if unauthenticated access to the keypad is possible (I reckon it should be), we should hide the "home/away" state from unauthed viewers, as it leaks very important info - it should show either "ARMED" or "DISARMED"

Keypad size as displayed

keypadsmall.png (52.12 KiB) Viewed 6331 times

Keypad zoomed to fill available screen

keypadzoomed.png (70.52 KiB) Viewed 6331 times

Traditional alpha-numeric phone-style keypad

phonekeys.png (23.32 KiB) Viewed 6331 times

I think I'd likely place a QR code by my door-bell, to allow access to the keypad

[Hexagon]

Great feeback! I'll probably fix most of it

I've actually already started renaming stuff

In display:

ARM AWAY => ARMED
ARM HOME => ARMED HOME
NO CONNECT => DISCONNECTED
NO DATA =>

Buttons
Arm Home => Home
Arm Away => Away
(i think the button colors is sufficient to differ disarm from arm buttons(?))

[furriephillips]

Brilliant

I’m on the beta track, but I have no idea how long it takes changes to get pushed out to live systems so that we can test.

[Hexagon]

a, c and d fixed

You can follow progress here -> https://github.com/domoticz/domoticz/pull/2045

Do you think that the dark theme is so much better, that it should be the default?

Edit: About ETA, i have no idea, first it has to be pulled into development, then a new beta has to be released. Guess it could take a couple of weeks.

[furriephillips]

This is very cool.

As for the Keypad skin, perhaps keep the default as the current theme (to minimise any pain for existing users), but provide options for the adventurous. Speaking as a spec ops sailor (I sort of jest), if there was an option to have red “LEDs” in the
character display, I’d choose that over green, simply for night-vision preservation. My word, that sounds pretentious AF!

[Xztraz]

One high security feature (that probably requires quite a rewrite) would be a scrambling numbers pad as on the highest security type panels. that combined with a narrow angle privacy protector on screen makes code invisible to by-standers.

scrambling numbers mean that the numbers show up at a random order. either just at first or even a new order after every entered number. this should of course be a setting. not all people will enjoy learning the actual number.

This makes fingerprints on the screen a lot less of a problem too.

Like this thing
https://progeny.co.uk/scramble-keypad/

The panel could also be re-usable for passage system(without the arm stuff maybe) or thats maybe better done in the app.

[TheJuice]

Hi,

I see in the Git Pull Request a year ago that it is almost ready to be merged... But nothing has happened since then.
Any news ?

Thanks.

[furriephillips]

From a UI/UX perspective, although the current Keypad has a darker theme, it seems less than responsive (it appears to be >100% width of my phone’s screen, and cannot be changed/zoomed), and the promised additional * & # buttons are not there. They say that the Pull Request was merged in, but I am unconvinced; please see the comments here https://github.com/domoticz/domoticz/pu ... -451634615