[WORKING] Attendance with Biometric Integration through API

revant_one · November 16, 2017, 11:25pm

It’s possible. You can use frappe.publish_realtime() to show pop-up or page when the endpoint gets called.

refer:

mntechnique/awfis_erpnext/blob/develop/awfis_erpnext/awfis_erpnext/awf.py#L121


      
          	notif.reference_name = ld.name
          
          	notif.insert(ignore_permissions=True)
          	frappe.db.commit()
          
          	#Display the actual popup to all sales users.
          	#Display popup to agent
          	# for u in frappe.get_all("User", fields=['name'], filters={"role": "Sales User"}):
          	# 	frappe.async.publish_realtime(event="msgprint", message=popup_content, user=u.name)
          
          	frappe.async.publish_realtime(event="msgprint", message=popup_content, user=agent_id)
          
          
          #Uses regex to match and extract a 10 digit mobile no from the caller_number parameter.
          #'+' must be encoded if received from URL.
          def process_mobile_no(caller_number):
          	# matched_extracted_mobno = re.search(r"^\+?(91|0)\d{10}$", caller_number)
          
          	# if matched_extracted_mobno:
          	# 	mobno = matched_extracted_mobno.group(0)
          	# 	return mobno[-10:]

Concerns :

@frappe.whitelist(allow_guest=True) will allow you to bypass Authorization but it’s a little bit insecure as anyone could send data to this method You cannot configure anything about headers?

https://discuss.frappe.io/t/doubt-in-rest-api/44/10?u=revant

what it means is, if your employee or student knows to make a post request with right parameters to the whitlisted endpoint, they can bypass bio-metric device and make a post request directly.

Workaround:
restrict request from specific IP(s)
https://discuss.frappe.io/t/doubt-in-rest-api/44/15?u=revant
Not as secure if someone manages to spoof IP