Scanning qrcode for result

[MarcusCoding]

Describe the bug

One of my colleagues tried to scan a simple QR Code with the url "https://forum.test-test.de/forum/qrcode/index.php?id=22" inside.

Example qr-code with the provided url from above inside ;)
https://imgur.com/a/GYJtnJJ

PS:
The number behind id=X can only be registered once.

Expected behaviour

A error should come up, that the qrcode is not valid. But it was registered as a valid test result.

Steps to reproduce the issue

1. Open the app
2. Go to "have you been tested?"
3. Choose the otpion "document with qr-code"
4. Scan the provided qr-code

Technical details

• Huawei Mate 20 Pro running Android 10 on EMUI 10.0.0 (app version 1.0.0)

[IndianaDschones]

I cannot reproduce this. I get the following error message:

Error
The QR code/TAN is invalid [...]

Nokia 6.1, Android 10

[MarcusCoding]

Hello @IndianaDschones ,

could you try it again with this qr-code?

https://imgur.com/a/XpZuw46

Thanks, the qr-code with the id=22 was already tested by us, this one should work.

[IndianaDschones]

You´re right. Now it is indeed recognized as an valid QR code. It states that my result is not available

[MarcusCoding]

Hello @IndianaDschones ,

I have the same message:
"Ergebnis liegt noch nicht vor".

So it is registered as a valid qr-code but without a result.

[kolyaopahle]

Hey,
this is actually intended behaviour to mitigate brute force attacks against the backend. You are able to register any kind of id as a "valid" test but the result will always return as peding without resolving.

[daimpi]

@kolyaopahle : Could you elaborate a bit more, how this behavior mitigates against brute-force?
Would there be an option to at least show an error, if the QR Code is fundamentally not CWA compatible?
B/c if this relies solely on the user, using the right app they will get confused. (See e.g. here: https://twitter.com/TristanKretsch1/status/1290315954304495618)