[Feature Request] Password to lock Pythonista App for Parental Control

JonB

See https://forum.omz-software.com/topic/3434/delete-module for some similar ideas.

You can use os.chmod to make some scripts read only. A custom webbrowser.py and ui.py might be able to allow some filtering, though a router based filter is better.If these are youngish kids without a mischevious streak, that might basically work, along with a clear talk re:what is allowed....

Phuket2

@henryaukc , here is another forum thread to look at. A script for Touch ID Authentication, might be also helpful

henryaukc

Thanks a lot for all suggestions. I will try to implement it. I certainly agree that education is the most important part but I just want to set a protective fence for SOME kids. Wandering on the web can be as dangerous as wandering on the streets IMO. I just wanna protect those innocent ones but not the criminals :)

Beside Parental Control, it maybe helpful for devices used by the guests or employees...

henryaukc

@Phuket2 Oh, it is great to know we can add Touch ID authentication in our script. Though the iPad for my kids is a quite old one (ipad 4) and have no touch ID support. But I can try to write a script to request password if the pythonista_startup.py method works.

Phuket2

@henryaukc , something like the below in your pythonista_startup.py might be ok. But you have to remember Pythonista needs to be closed down by swiping it out of the list of Apps for it to work. The startup file is only run when Pythonista is not in memory.
I think this is ok for accidental use. But it's not secure. You can go into safari and enter pythonista3:// in the URL bar and Pythonista will open bypassing the startup sequence. I am not sure exactly what it does, but it's a sort of Hail Mary to get back into Pythonista if something goes wrong when it's loading. Just by passes some code, the pythonista_startup.py being one of those things.
Also you don't have to have your password as plain text as I have done in the example. You could use Pythonista's keychain module to store and retrieve your password. It's very easy to use.
Then the print msg in my example is just to scare kids 😱But there is no reason why on each bad attempt you couldn't send yourself an email or something more sophisticated.

while True:
    x= console.input_alert('please enter password', hide_cancel_button=True)
    if x != 'dad':
        print('failed, sending sms to dad')
    else:
        break

JonB

For this example I'd use hashlib rather than a cleartext pw or keychain, since it is still easy for the user to access in either case.

for the goal of "protecting scripts", just use chmod to remove write access to a folder of important scripts for example.

For the goal of protecting what the little ones see on the web, consider a router based filtering approach. even if your router does not directly support parental controls, most let you specify a dns server, and you could use the ironically named OpenDNS which provides dns based blocking.

That's better than trying to restrict access to a specific modules, as was discussed in the other thread, since you can't really do this robustly.

henryaukc

@Phuket2 @jonbThanks a lot! I will search about the hashlib thing. I agree the OpenDNS is a better solution but I just want give a more easier solutions to less technical parents to do it themselves.

JonB

ok, I totally misread your original question -- these are your students, not your own kids!

The Restrictions menu in the settings app lets you filter websites. This does turn out to restrict access in a webview inside pythonista as well (anything based on a WebView). You can provide either a "whitelist", or blacklist based in what Apple thinks is adult, or provide your own list.

Now, the restrictions do not apply to urllib/requests or the like. so a kid could in theory make their own "browser" from scratch. That sort of kid will figure out a way around whatever restriction you put in place, and probably gas his own computer/phone at home anyway...

henryaukc

I try to write an authentication script and put it in 'site-packages' as pythonista_startup.py. But it is easily by-passed even I typed the wrong password, it gave me some time to press the stop button for the script in-between the validating process. Seems like this is not a possible method to lock the pythonista environment with password.

from passlib.hash import pbkdf2_sha256
import dialogs
import os

file = './.passwd'

if not os.path.isfile(file):
	p1 = None
	p2 = 'password'

	while p1 != p2:
		p1 = dialogs.password_alert('Create a password:\nPleaes enter your password', hide_cancel_button=True)
		
		if len(p1) == 0:
			dialogs.hud_alert('Password can\'t be empty!')
			continue
		p2 = dialogs.password_alert('Pleaes enter your password again to confirm', hide_cancel_button=True)
	
		if p1 != p2:
			dialogs.hud_alert('The password you entered does not match. Try again')	
		
	hash = pbkdf2_sha256.encrypt(p1, rounds=200000, salt_size=16)
	
	with open(file, 'w+') as F:
		F.write(hash)
		
	if os.path.isfile(file) and os.path.getsize(file) > 0:
		dialogs.hud_alert('Your password has been saved successfully!')	
	else:
		dialogs.hud_alert('Error! Password has not been saved!')
else:
	p1 = None
	trial = 0
	success = False
	
	while not success: 
		p1 = dialogs.password_alert('Pleaes enter your password', hide_cancel_button=True)
		with open(file, 'r') as F:
			hash = F.read()
		success = pbkdf2_sha256.verify(p1, hash)
		if success:
			dialogs.hud_alert('Login Success!')
		else:
			dialogs.hud_alert('Login Failed! Try again!')
			trial += 1

henryaukc

Any method can be called to quit Pythonista if too many failed attempt?

JonB

you should be able to wrap the script in a try/except KeyboardInterrupt and then force quit if a KeyboardInterrupt happens.
you can use

import objc_util
ObjCInstance(1)

to force a crash.

Alternatively, we could use objc to remove the X button.

henryaukc

@jonB really? We can even remove that 'X' button? That's so powerful... Can we just stop responding to the touch events outside the dialog box? Then no one can stop the script or modify any codes when running the login script.

dgelessus

os.abort() is the "safer" way to force-quit Pythonista, by the way. It should be somewhat cleaner than os._exit(0) or accessing bad memory at least.

henryaukc

Thanks. I am thinking to open a full-screen window so that the user can't press the stop script button or modify the scripts...

henryaukc

@JonB Hi, may I know how to use objc to remove the X button?

ccc

https://omz-software.com/pythonista/docs/ios/ui.html#ui.View.present View.present(hide_close_button=True)

cvp

@ccc I guess he wants to hide, not the close button, but the start/stop button for a non fullscreen script.

cvp

@henryaukc said

how to use objc to remove the X button?

Please, for the fun, try this script and you will see the start/stop button disappear

from objc_util import *
import ui

w=ObjCClass('UIApplication').sharedApplication().keyWindow()
main_view=w.rootViewController().view()

def get_toolbar(view, indent):
	#get main editor toolbar, by recursively walking the view
	sv=view.subviews()
	for v in sv:
		#print(indent,v._get_objc_classname())
		if 'UIImageView' in str(v._get_objc_classname()):  
			# <UIImage:0x281108240 named(main: Stop2) {28, 28}>
			#print(v.image())
			o = v.image()
			if o:
				with ui.ImageContext(32,32) as ctx:
					o.drawAtPoint_(CGPoint(0,0))
					ui_image = ctx.get_image()					
					#ui_image.show()
					#print()
				if 'Stop2' in str(o):
					#print('+'*40)
					OMBarButton = v.superview().superview()
					OMBarButton.removeFromSuperview()
		tb= get_toolbar(v, indent+'  ')
get_toolbar(main_view, '')