Skip to Content
Odoo Menu
  • Sign in
  • Try it free
  • Apps
    Finance
    • Accounting
    • Invoicing
    • Expenses
    • Spreadsheet (BI)
    • Documents
    • Sign
    Sales
    • CRM
    • Sales
    • POS Shop
    • POS Restaurant
    • Subscriptions
    • Rental
    Websites
    • Website Builder
    • eCommerce
    • Blog
    • Forum
    • Live Chat
    • eLearning
    Supply Chain
    • Inventory
    • Manufacturing
    • PLM
    • Purchase
    • Maintenance
    • Quality
    Human Resources
    • Employees
    • Recruitment
    • Time Off
    • Appraisals
    • Referrals
    • Fleet
    Marketing
    • Social Marketing
    • Email Marketing
    • SMS Marketing
    • Events
    • Marketing Automation
    • Surveys
    Services
    • Project
    • Timesheets
    • Field Service
    • Helpdesk
    • Planning
    • Appointments
    Productivity
    • Discuss
    • Approvals
    • IoT
    • VoIP
    • Knowledge
    • WhatsApp
    Third party apps Odoo Studio Odoo Cloud Platform
  • Industries
    Retail
    • Book Store
    • Clothing Store
    • Furniture Store
    • Grocery Store
    • Hardware Store
    • Toy Store
    Food & Hospitality
    • Bar and Pub
    • Restaurant
    • Fast Food
    • Guest House
    • Beverage Distributor
    • Hotel
    Real Estate
    • Real Estate Agency
    • Architecture Firm
    • Construction
    • Property Management
    • Gardening
    • Property Owner Association
    Consulting
    • Accounting Firm
    • Odoo Partner
    • Marketing Agency
    • Law firm
    • Talent Acquisition
    • Audit & Certification
    Manufacturing
    • Textile
    • Metal
    • Furnitures
    • Food
    • Brewery
    • Corporate Gifts
    Health & Fitness
    • Sports Club
    • Eyewear Store
    • Fitness Center
    • Wellness Practitioners
    • Pharmacy
    • Hair Salon
    Trades
    • Handyman
    • IT Hardware & Support
    • Solar Energy Systems
    • Shoe Maker
    • Cleaning Services
    • HVAC Services
    Others
    • Nonprofit Organization
    • Environmental Agency
    • Billboard Rental
    • Photography
    • Bike Leasing
    • Software Reseller
    Browse all Industries
  • Community
    Learn
    • Tutorials
    • Documentation
    • Certifications
    • Training
    • Blog
    • Podcast
    Empower Education
    • Education Program
    • Scale Up! Business Game
    • Visit Odoo
    Get the Software
    • Download
    • Compare Editions
    • Releases
    Collaborate
    • Github
    • Forum
    • Events
    • Translations
    • Become a Partner
    • Services for Partners
    • Register your Accounting Firm
    Get Services
    • Find a Partner
    • Find an Accountant
      • Get a Tailored Demo
    • Implementation Services
    • Customer References
    • Support
    • Upgrades
    Github Youtube Twitter Linkedin Instagram Facebook Spotify
    +32 2 290 34 90
    • Get a Tailored Demo
  • Pricing
  • Help
  1. APPS
  2. Attendances
  3. Mobile Geofence Clock-in v 19.0
  4. Sales Conditions FAQ

Mobile Geofence Clock-in

by ERP Heritage https://www.erpheritage.com.au/
Odoo
v 19.0 Third Party 71
Download for v 19.0 Deploy on Odoo.sh
Apps purchases are linked to your Odoo account, please sign in or sign up first.
Versions 16.0 17.0 18.0 19.0
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies • Attendances (hr_attendance)
• Discuss (mail)
• Employees (hr)
Community Apps Dependencies Show
• Attendance Suite Base
• EH HR Platform Core
• EH HR Compatibility
Lines of code 3205
Technical Name eh_hr_attendance_geofence
LicenseLGPL-3
Websitehttps://www.erpheritage.com.au/
Versions 16.0 17.0 18.0 19.0
ERP Heritage · HR Platform
ERP Heritage / HR Attendance

Mobile Geofence Clock-in

Field and remote staff clock in from their own phone, and the server only accepts the punch when GPS puts them inside one of your work sites.

Free · LGPL-3FreeLGPL-3v1.0.0
Mobile clock-in
GPS geofence
One-shot PIN pairing
Per-employee override
Audit trail

Why this module

Mobile Geofence Clock-in

01 / ENFORCEMENT

The fence is on the server

Distance is computed server-side with the haversine formula against every active geofence-enabled site in the employee company, then compared to each site radius. The phone cannot grant itself an in-fence result; an out-of-range punch is refused and logged, never quietly accepted.

02 / IDENTITY

Pair once, opaque token after

A manager issues a six-digit PIN that is one-shot and expires in five minutes. Redeeming it issues a long random token bound to that one employee. The PIN row is claimed atomically, so a race cannot pair the same PIN to two devices, and it is stored in the database so pairing survives a restart and works across workers.

03 / HONESTY

Hours assurance, not anti-fraud

Browser geolocation is reasonably hard to fake on a stock phone but is possible with developer tools or rooted hardware. This module anchors hours and flags out-of-fence attempts; it does not claim tamper-proof location, and it deliberately keeps no face or biometric capture on mobile.

Day in the life

A site supervisor pairs a new labourer and the punches start flowing

The supervisor opens the labourer employee record and clicks Issue mobile pairing PIN. A sticky notification shows a six-digit code valid for five minutes. The labourer opens the mobile page on their phone, types the PIN, and the server binds a device token to them. At the depot gate next morning they tap Clock in; the phone asks for location once, sends the coordinates, and the server measures the distance to each fenced site. They are eleven metres inside the yard, so the punch posts as a check-in and a geofence_pass event lands in the audit trail. That afternoon the same tap from the car park two hundred metres away is refused with you are not inside any of your work sites, a geofence_fail event is logged, and an attendance exception is raised for the manager to review. A field technician flagged as not geofence-required can still clock from a client site; their location is recorded for audit but does not block the punch.

Edge cases

The cases most modules quietly ignore.

In the shipped code today, each one a place where a cheaper module silently does the wrong thing.

PAIRING / ONE-SHOT

The pairing PIN is claimed atomically and marked used before the token is returned, so a second redeem of the same PIN fails. Issuing a new PIN expires any prior active one, and a daily cron expires lapsed PINs and purges terminal rows older than a day.

CONCURRENCY / WORKERS

Pairing PINs and rate-limit counters live in database rows, not a process dictionary, so they are correct across multiple gunicorn workers and survive a restart. The rate-limit increment is a single atomic SQL upsert with no Python lock.

GEOFENCE / MULTI-SITE

A punch passes if the phone is inside the radius of any one active geofence-enabled site in the employee company. Each site can carry its own radius; if it does not, the company default radius applies. The closest-site distance is recorded on a miss so a manager can see how far out the attempt was.

GEOFENCE / REQUIRED OFF

When an employee is marked not geofence-required, the clock posts even with no location, and the coordinates are still stored for audit. When it is required and the browser returns no location, the punch is refused with geofence_required rather than posted blind.

MULTI-COMPANY / SCOPING

Device records carry the employee company and are isolated by record rules: a normal user sees only their own paired devices, a manager sees the company set. Geofence checks only ever consider sites belonging to the employee own company.

RATE LIMIT / BRUTE FORCE

The public pair, clock, and whoami routes are throttled per IP or per token in fixed one-minute windows. The pair budget is deliberately tight because a six-digit PIN is otherwise brute-forceable online; over-budget callers get a 429.

AUDIT / TRACE

Device pairing, every geofence pass and fail, and every check-in and check-out are written to the shared attendance audit trail with IP, user agent, and the site or distance. Out-of-fence attempts also raise a typed attendance exception.

TOKEN / REVOCATION

A device token is a long random server-issued string with a uniqueness guard. A manager can rotate the token or revoke the device, after which the old token is rejected and the phone is dropped back to the pairing screen.

What is inside

Built to do the job, end to end.

  • Mobile shell and clock endpoints. A vanilla-JavaScript mobile page served at /eh_hr/mobile with large touch targets and a dark mint theme, backed by public pair, clock, and whoami endpoints. No Odoo web framework dependency, so it runs on locked-down corporate browsers and basic Android and iOS WebViews.
  • Registered device model. eh.hr.mobile.device stores the opaque token, paired employee, related company, registered-on and last-seen timestamps, last IP, user agent, and last coordinates, with manager actions to rotate the token or revoke the device.
  • One-shot pairing PIN model. eh.hr.mobile.pairing issues a six-digit, five-minute, one-shot PIN per employee, with atomic redeem, automatic expiry of prior PINs, and a daily garbage-collection cron.
  • Per-employee controls and settings. The employee form gains an Issue mobile pairing PIN button, a paired-device count, a View paired devices action, and a Require mobile geofence toggle. A company setting sets the default mobile geofence radius used when a site declares none.

Honest about the edges

What this does not do, so nothing surprises you.

  • Location comes from the device browser geolocation API. It is reasonably hard to fake on a stock phone but can be spoofed with developer tools or rooted hardware, so treat this as hours assurance, not tamper-proof anti-fraud location.
  • There is no on-device face match or biometric on mobile. Device pairing is the identity binding; if a phone is shared or handed over, punches are attributed to the paired employee.
  • Location is read only at the moment of clock-in and clock-out. There is no background or continuous tracking, and no breadcrumb trail between punches.
  • Geofences are circular, defined by a site latitude, longitude, and radius. Arbitrary polygon boundaries are not supported.
  • Geofence-enabled work sites are defined in the attendance base module, which this module requires. With no fenced sites configured, a geofence-required employee cannot clock in.
  • A formal geolocation consent record is not created automatically by the page. The browser shows its own permission prompt; capturing a stored consent record is a manual manager step on the employee.
Search

Odoo 19 mobile attendance, GPS clock in, geofence attendance, field worker attendance, remote clock in, home based attendance, mobile clock in out, location based attendance, Odoo Community attendance, PIN device pairing, off site time tracking, geofenced check in

Work with ERP Heritage

Need this fitted to the way you work?

ERP Heritage delivers end to end Odoo work: Odoo Implementation, Customization and Development, Integration, Migration, Consultation, Support and Training. We help teams put this module into production, shape it to their process, and keep it running.

Build and tailor
Odoo Implementation, Customization and Development, scoped to your workflow.
Connect and move
Odoo Integration and Migration across systems and Odoo versions.
Run and support
Odoo Support and Training so your team stays productive after go live.
Plan and advise
Odoo Consultation and ERP Consulting, from discovery to roadmap.

We work with businesses across Australia (Melbourne, Sydney, Brisbane, Perth, Adelaide, Canberra) and the Middle East (Dubai, Abu Dhabi, Riyadh, Jeddah, Doha, Kuwait City, Muscat). Start a conversation at erpheritage.com.au or email info@erpheritage.com.au.

ERP Heritage

Production-grade Odoo HR, built to an engineering bar and documented honestly. Support: info@erpheritage.com.au
Developed by ERP Heritage - Odoo Implementation

v1.0.0 · LGPL-3 · Odoo 19 Community

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author, please use the developer contact information. They can usually be found in the description.
Community
  • Tutorials
  • Documentation
  • Forum
Open Source
  • Download
  • Github
  • Runbot
  • Translations
Services
  • Odoo.sh Hosting
  • Support
  • Upgrade
  • Custom Developments
  • Education
  • Find an Accountant
  • Find a Partner
  • Become a Partner
About us
  • Our company
  • Brand Assets
  • Contact us
  • Jobs
  • Events
  • Podcast
  • Blog
  • Customers
  • Legal • Privacy
  • Security

Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project management, etc.

Odoo's unique value proposition is to be at the same time very easy to use and fully integrated.

Website made with