QR Code password rotate/expiry

[danmarsden]

It should be possible for the QR code password to expire/rotate.

eg - each qr code password could be valid for 30seconds, and every 15seconds the qr code would refresh. (values possibly configurable at the site admin level) We'd need to be careful about how to deal with attendances where the user is able to select their own attendance level and make sure the code is validated on the first page load - not on the save of the attendance session form.

We would need to modify the code to store multiple passwords for each session (instead of just a single password as is currently stored) - each password hidden in the QR code would need an expiry time and the page would ideally use ajax to update the qr code image.

[danmarsden]

For more context this was also mentioned here:
#323 (comment)

and here:
https://moodle.org/mod/forum/discuss.php?d=378173

[danmarsden]

NOTE: if an external pull request is submitted with this we'll need some form of automated tests to cover it. As this relies on timing values I suspect unit tests would be better than Behat but I'm open to either.

[danmarsden]

Note to GSOC students - please make sure you have read:
https://docs.moodle.org/dev/GSOC#Applying_to_be_a_GSoC_student_with_Moodle

If you have any questions about the attendance module in general please use the Attendance forum here:
https://moodle.org/mod/forum/view.php?id=741

If you have any GSOC specific questions, the best place to ask them is here:
https://moodle.org/mod/forum/view.php?id=8360

Please do not contact me privately - all communication from potential GSOC students must be done using the public communication channels - this helps to maintain a fair and transparent process for all students.

[ScSherifTarek]

Hi Mr. Dan, I'm Sherif Tarek third year student of Computer Science. I'm preparing to join with you in the "Attendance password rotation/expiry" project s a part of GSOC 2019. what I understand that you need to make the validation just in the first step then he can go on the other attendance steps. what I can't understand is what I assigned to do should I implement that or you have already done it?!

[danmarsden]

@ScSherifTarek - it sounds like you need to do some more research - you should get a local Moodle installation running with the attendance plugin, read some of the (unfortunately limited) documentation on the attendance activity and see how the existing QR code functionality currently works. This may help you to better understand what is required. Good luck!

[abhimanyuZ]

Hello sir,

We would need to modify the code to store multiple passwords for each session

Number of passwords to be stored for each session should be configurable by teacher/admin, right?

[danmarsden]

The teacher/admin shouldn't need to know how many passwords will be generated - the code should just take care of generating as many as it needs. It would be good to put some thought into how this process would work though - when should the passwords be created etc.

The normal situation is that an attendance is only "open" during the session time, but a global setting allows the attendance sessions to be entered at any time for sites that use the attendance slightly differently. This means we'd need to generate passwords that can be used that don't necessarily occur during the session time, so the password generation might need to be linked to the page/functions that display the QR Code on screen. Eg Teacher logs in, finds screen to display QR Code, and then at that point, we generate a bunch of QR codes/passwords to rotate.

thanks!

[abhimanyuZ]

Thanks a lot sir.
It made lots of things clear. I'll start figuring it out right away.

[danmarsden]

Hi @abhimanyuZ, yes you can include other tasks within your project, just make sure you can demonstrate you understand them - It's good to see you having other ideas on improvements!

[abhimanyuZ]

Hello sir,
Currently, in a very big lecture hall (approx 1000 students) if a student want to submit attendance using QR code, how will he do that?
Will teacher display the QR code on a large Projection Screen and student have to scan that QR code?

[danmarsden]

Yes - the teacher logins into Moodle, finds the relevant session and then display the QR code on screen.

[abhimanyuZ]

Hello sir,
I went through the changes made by @Bellangelo. It updates the password on every 15 seconds(by default) and solves this issue. Although it can be further optimized to reduce the server load.
I don't think "QR Code password rotate/expiry" project will still be available for GSoC.
Your thoughts?

[danmarsden]

The QR Code rotation functionality is one "idea" that should probably be included in a larger project - there are many other things that could be included in your GSOC project to improve the attendance plugin so that you have enough to work on during the full project life cycle.

[abhimanyuZ]

Hello sir,
I kept this in mind while writing the proposal. Requested review of the proposal in GSoC forum.
It would be great if you have a look on that.

Thanking you in anticipation.

[danmarsden]

Hi @abhimanyuZ, We do not normally provide feedback on individual submissions. Your project proposal will be reviewed together with all others after the submission deadline. Usually the best thing you can do is to continue to improve your Moodle knowledge and contribute to fixing issues in the Moodle tracker on tracker.moodle.org to help demonstrate your ability. Even if your proposal is not accepted, having public examples of code contributions can help with future employment opportunities.

Good luck!

[danmarsden]

qr code rotation has been part of the main branch for a while now - closing this one off.