I am trying to configure my G4 Doorbell Pro NFC’s reader to accept NFC cards. I was able to get it to work with the basic template found here, however this method poses a great security risk the way it works. Right now the way it works is through a scanned event (state_changed) and nfc_id.
The problem with this is the nfc_id is just the serial number of the NFC card, which anyone could clone and gain entry. Chances of this happening are slim, but I don’t want to keep it this way knowing there is a possibility.
The NFC cards, whether they be the official Ubiquiti card or a 3rd party can be added to the UniFi Protect app, but with that template they are completely disregarded. I can get the “No Access” message on the doorbell if the card isn’t registered in Protect, but the door will still open because of nfc_id in my YAML file.
I am fairly new to Home Assistant so Google has been a good friend of mine these past few days. Unfortunately, it is super hard to find anything online for this specific setup. I have tried using AI to help me configure my YAML file, but I tend to find most of the time the code is either wrong and broken or it still bypasses everything in it and unlocks the door with just nfc_id.
I did find this one comment on GitHub that I tried, of course replacing the required information with mine. Unfortunately that didn’t work either; the code works, but it poses the same risk as before with opening the door without an NFC card registered and even worse without the nfc_id even in the YAML.
I am looking for a little help to steer me in the right direction. I have read that I might need to add a condition to the YAML but I don’t know what I would need to add/change. The fingerprint scanner uses ulp_id but it doens’t seem like the NFC card does based on the UniFI Protect Integration page. Is this something that can be updated by the integrator, or is it a limitation of UniFi and the G4 Doorbell Pro.
Edit: If I go to Developer tools in HA> Actions> unifiprotect: Get user keyring info. I can still see the NFC associated with the original user even if I switch users or remove it completely. I waited 5 minutes and nfc_id was still showing linked to a user. I ended up reloading the Protect integration and its removed. API limitation? To also add I only have one NFC card right now but I am getting more today so this may not be an issue once I have them linked to an account they will stay with that account indefinitely. My main concern is I just don’t want some random NFC opening the door.
Can you just set up the NFC card in the Unify Protect app, and set up a webhook in the Unifi Alarm Manager? That way all the security happens inside the Unifi ecosystem, and then you can just use a local webhook to trigger the HA automation.
The Unify Protect integration isn’t even required if you do it this way.
So the webhook does work but the issue with that is latency its 5-7 seconds after scanning the NFC before the door opens vs the Protect integrations 1-3 seconds.
I have a webhook set up in Protect so when I scan my fingerprint at my doorbell, it triggers a webhook automation which unlocks my zwave lock.
When I watch the automation to see when it is triggered after a successful fingerprint scan, it is instant. My HA app shows “triggered” at the same time as the doorbell starts sounding the “successful scan” chime and shows the image on the doorbell’s display.
If you are experiencing a 5-7 second delay I would start debugging that. Something is seriously wrong if it takes 5-7 seconds for two things on the same network to communicate with each other.
Did you specify a local network address for the webhook?
With the webhook I ended up reducing that delay by rebooting the G4 Doorbell Pro. However I was able to get the YAML configuration working. For this who may come across this in the future.
alias: Doorbell NFC Scan
description: >-
Automation that triggers when an NFC card is successfully identified on the G4
Doorbell Pro
triggers:
- event_type: state_changed
event_data:
entity_id: event.g4_doorbell_pro_nfc #Replace with your entity_id
trigger: event
conditions:
- condition: template
value_template: |
{{
not trigger.event.data.old_state.attributes.get('restored', false) and
trigger.event.data.old_state.state != 'unavailable' and
trigger.event.data.new_state is not none and
trigger.event.data.new_state.attributes.event_type == 'scanned'
}}
actions:
- data:
device_id: <Place Holder> #Remove <> and replace with your G4 Doorbell Pro's device_id
response_variable: keyring
action: unifiprotect.get_user_keyring_info
- variables:
name: >
{% set ns = namespace(name="Unknown") %} {% for user in keyring.users if
user['keys'] |
selectattr('key_type', 'eq', 'nfc') |
selectattr('nfc_id', 'eq', trigger.event.data.new_state.attributes.nfc_id) |
list | first | default %}
{% set ns.name = user.full_name %}
{% endfor %} {{ ns.name }}
is_valid: >
{% set ns = namespace(is_valid="false") %} {% for user in keyring.users
| selectattr('user_status', 'eq', 'ACTIVE')
if user['keys'] |
selectattr('key_type', 'eq', 'nfc') |
selectattr('nfc_id', 'eq', trigger.event.data.new_state.attributes.nfc_id) |
list | first | default %}
{% set ns.is_valid = "true" %}
{% endfor %} {{ ns.is_valid }}
- choose:
- conditions:
- condition: template
value_template: "{{ is_valid == 'true' }}"
sequence:
- data:
name: NFC Scan
message: Front Door unlocked by {{ name }}
entity_id: lock.front_door_lock
action: logbook.log
- target:
entity_id: lock.front_door_lock #Replace with your smartlock's entity_id
action: lock.unlock
data: {}
default:
- data:
name: NFC Scan
message: "Scan rejected: User {{ name }} is marked INACTIVE"
action: logbook.log
mode: single