Trying to get my Ubquiti G4 Doorbell pro to work with Schlage Smart Lock x Home Assistant. My Current setup works with the NFC scanner however its not secure. For reasons I don't understand the Unifi Protect integration with Home Assistant only uses the nfc_id which is the serial number of the NFC card, anyone can clone that and gain entry if they really wanted. Yes I understand that it is a very low chance of happening but knowing that it is a possibility leaves me uncomfortable. I am trying to get a more secure setup but it is hard to find any documentation on this specific setup. With the current template on the Home Assistant website the NFC Card doesn't even have to be added to your Unifi account, you can get the, "no permission" message on the doorbell and the lock will still unlock if the nfc_id is filled in within your YAML file. I want it to be more secure and check that the NFC Card is linked to a Unifi account before validating the nfc_id and then passing it on to the smart lock to open. If the card is not linked then I want it to be denied and not run the rest of the trigger. I have tried using ChatGPT, searching Reddit, Home Assistant forums, and GitHub. ChatGPT tends to be wrong/broken a lot so for the most part that was no help, however I did find this one comment on a GitHub reply that seems promising however I cant get it to work properply. Would someone be able to take a look at this YAML config and steer me in the right direction? Also worth noting all the personal data fields entered in this file are not mine and the original commenters, However I did alter them on my end to reflect my setup. Edit: Had to cut the code into 2 pieces due to Discord's character limit.
#Need help getting G4 Doorbell Pro NFC to work properly with a Smart Lock
main jewel
boreal depot
I'm probably not able to help you, but it would help for others if you open a bit why this approach does not work
main jewel
The issue I am having with this YAML is the door still unlocking even with the NFC not associated with anything. Here's what I did.
1: Setup new automation with the code above (minor alters due to Message malformed: extra keys not allowed @ data['0'] error)
2: Went to the door bell and scanned the NFC, got the message: User {{ name }} is marked INACTIVE and door didnt open, great!
3: Added NFC Card to my UniFi Protect app by linking it with the doorbell.
4: Scanned NFC card got notification message: Front Door unlocked by {{ name }} and front door unlocked.
5: Switched the NFC card to a different user via the UniFi Protect app .
6: Scanned NFC card again Front Door unlocked by {{ name }} and front door unlocked. However it showed the name of the original person even though I switched the user the NFC was associated with.
7: Removed the NFC card from my UniFi Protect account completely.
8: Scanned NFC card again, no permission message on doorbell screen as expected but what went wrong here is I got the notification (Home Assistant) Front Door unlocked by {{ name }} and the lock opened....
It looks like the root cause of this is my data not updating in real time from the API. If I go to Developer tools in HA> Actions> unifiprotect: Get user keyring info. I can still see the NFC associated with the original user even if I switch users or remove it completely. I waited 5 minutes and nfc_id was still showing linked to a user. I ended up reloading the Protect integration and its removed.
Edit: To also add I only have one NFC card right now but I am getting more today so this may not be an issue once I have them linked to an account they will stay with that account indefinitely. My main concern is I just don't want some random NFC opening the door.
main jewel
description: >-
Automation that triggers when an NFC card is successfully identified on the G4
Doorbell Pro
triggers:
- event_type: state_changed
event_data:
entity_id: event.g4_doorbell_pro_nfc #Replace with your entity_id
trigger: event
conditions:
- condition: template
value_template: |
{{
not trigger.event.data.old_state.attributes.get('restored', false) and
trigger.event.data.old_state.state != 'unavailable' and
trigger.event.data.new_state is not none and
trigger.event.data.new_state.attributes.event_type == 'scanned'
}}
actions:
- data:
device_id: <Place Holder> #Remove <> and replace with your G4 Doorbell Pro's device_id
response_variable: keyring
action: unifiprotect.get_user_keyring_info
- variables:
name: >
{% set ns = namespace(name="Unknown") %} {% for user in keyring.users if
user['keys'] |
selectattr('key_type', 'eq', 'nfc') |
selectattr('nfc_id', 'eq', trigger.event.data.new_state.attributes.nfc_id) |
list | first | default %}
{% set ns.name = user.full_name %}
{% endfor %} {{ ns.name }}
is_valid: >
{% set ns = namespace(is_valid="false") %} {% for user in keyring.users
| selectattr('user_status', 'eq', 'ACTIVE')
if user['keys'] |
selectattr('key_type', 'eq', 'nfc') |
selectattr('nfc_id', 'eq', trigger.event.data.new_state.attributes.nfc_id) |
list | first | default %}
{% set ns.is_valid = "true" %}
{% endfor %} {{ ns.is_valid }}
- conditions:
- condition: template
value_template: "{{ is_valid == 'true' }}"
sequence:
- data:
name: NFC Scan
message: Front Door unlocked by {{ name }}
entity_id: lock.front_door_lock
action: logbook.log
- target:
entity_id: lock.front_door_lock #Replace with your smartlock's entity_id
action: lock.unlock
data: {}
default:
- data:
name: NFC Scan
message: "Scan rejected: User {{ name }} is marked INACTIVE"
action: logbook.log
mode: single```