Out of Band Scoring #221
Comments
thebeanogamer
added
enhancement
|
we already have an API endpoint for creating a score, in theory this could already be achieved within the current API, we definitely do need better support though, because the current API wouldn't interact with a challenge or anything, other than just adding score. I think your idea for the implementation should work, an 8 digit code isn't the nicest thing usability wise and it'd be nice to have a better way, but I assume at some point a physical challenge could want to not give users all the points so we can't have users solving for other users. |
|
Yeah, I think a bodged version of this is possible within our existing endpoints but I think we can do better. The 8 character approach was the best I could come up as a midpoint between fully authenticating the user (not really practical) and just presenting a list of users and the user selecting themselves (or inputting user ID). I'm open to better suggestions here. Letting the challenge define to what extent the user was successful could also be useful. Maybe we could do two endpoints, one to lookup a user's details by code if the challenge wants to display that information, and one to score it. I'm imagining some kind of escape room where the team input the code before entering so their team name and details get shown and then when they get out of the room a score is sent back to core along with some metadata (for example how fast they solved the room) which gets displayed on shell. |
|
@rak1507 has suggested QR codes as an alternative method of user identity, which could be an interesting approach |
This could work, but we'd be restricting the type of physical and other out of band challenges we can support, and also requiring the user be signed in on the device that scans the qr codes. Not saying we should support it but it's got a very limited use case IMO |
|
Yeah, either we have to have the challenge be capable of displaying the QR code (and either build a scanner into shell like the Gov.uk COVID test reporter, or just make it link to a page on shell which makes an XHR and that comes with all the usual problems of linking to a non-index page on a React app) or the user displays a QR code and the challenge has to be capable of scanning it. It'd be really slick if we could get it working, but it feels more temperamental and like one more thing to break. |
|
Codes are simple, can't really go wrong, and requires a few LEDs at a bare minimum, qr codes are asking for problems imo |
We're currently in discussions to use RACTF for events which feature physical challenges. It would be good if we had a way for a flag solve to be submitted out of band so the experience is as smooth as possible. I'm imagining something like this:
OOB.This allows users to authenticate to physical challenges without needing to input their full credentials. It'll probably be worth expiring the codes after a certain amount of time (might have to wait for celery).
Realistically, we can get by without this and either administratively solving the challenges or just getting the physical challenge to hand out a flag, but I think it'd be really cool.
The text was updated successfully, but these errors were encountered: