-
Notifications
You must be signed in to change notification settings - Fork 0
Kiosk
sarmakska edited this page Jun 1, 2026
·
1 revision
The kiosk at /kiosk is a public, no-login surface for shared devices on site. It supports clocking in, clocking out, and walk-in visitor sign-in. There are no cookies or sessions: every action is one POST.
An admin sets a per-user 4-digit PIN in Admin then Kiosk Settings. The PIN is stored in user_profiles.kiosk_pin as a bcrypt hash. PINs are not retrievable: a forgotten PIN must be reset by an admin.
- The page is rate-limited per IP and per PIN to make brute force impractical.
- A PIN is validated server-side against the bcrypt hash; the user is identified only by the PIN match.
- The kiosk has no session, so a successful action does not grant access to any other route.
- Kiosk actions are written to
audit_logso admins can see who did what from the kiosk. - The kiosk does not show user lists or any roster, so an attacker cannot enumerate accounts.
- Clock In and Clock Out: same effect as the dashboard buttons, attributed to the PIN holder.
- Walk-in visitor: a reception attendant fills in the visitor's name, company, and host, and the system creates a
visitorsrow, generates a reference code, and emails the host.
Pin the kiosk page on a wall-mounted tablet, set the browser to kiosk mode, and disable other URLs. Use a separate Wi-Fi for the kiosk so it cannot reach internal admin pages.