feat(altcha): add altcha validation layer to login

src/Altcha/AltchaTransformer.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace App\Altcha;
+
+use App\Altcha\Form\AltchaModel;
+use Symfony\Component\Form\DataTransformerInterface;
+
+class AltchaTransformer implements DataTransformerInterface
+{
+    /**
+     * {@inheritDoc}
+     */
+    public function reverseTransform($value): AltchaModel
+    {
+        if (empty($value)) {
+            return new AltchaModel();
+        }
+
+        $decodedValue = base64_decode($value);
+        $data = json_decode($decodedValue);
+
+        $model = new AltchaModel();
+
+        foreach ($data as $property => $value) {
+            $model->{$property} = $value;
+        }
+
+        return $model;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function transform($value): string
+    {
+        if (empty($value)) {
+            return '';
+        }
+
+        $json = json_encode($value);
+
+        if (false === $json) {
+            return '';
+        }
+
+        return base64_encode($json);
+    }
+}

src/Altcha/AltchaValidator.php

@@ -0,0 +1,52 @@
+<?php
+
+namespace App\Altcha;
+
+use Symfony\Component\Form\FormError;
+use Symfony\Component\Form\FormEvent;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Contracts\HttpClient\HttpClientInterface;
+use Symfony\Contracts\Translation\TranslatorInterface;
+
+class AltchaValidator
+{
+    public function __construct(
+        private readonly string $altchaHost,
+        private readonly string $altchaBaseUrl,
+        private readonly HttpClientInterface $httpClient,
+        private readonly TranslatorInterface $translator
+    ) {
+    }
+
+    public function validate(FormEvent $formEvent): void
+    {
+        $form = $formEvent->getForm();
+        $data = $form->getData();
+
+        $response = $this->httpClient->request(
+            'POST',
+            $this->altchaHost.$this->altchaBaseUrl.'/verify',
+            [
+                'body' => json_encode($data),
+                'headers' => [
+                    'Content-Type' => 'application/json',
+                ],
+            ],
+        );
+
+        if (Response::HTTP_OK !== $response->getStatusCode()) {
+            $form->addError(new FormError($this->translator->trans('altcha.validator.server_validation_error', [], 'form')));
+
+            return;
+        }
+
+        $content = $response->getContent();
+        $parsedResponse = json_decode($content);
+
+        if (true !== $parsedResponse->success) {
+            $form->addError(new FormError($this->translator->trans('altcha.validator.server_validation_error', [], 'form')));
+
+            return;
+        }
+    }
+}

src/Altcha/Form/AltchaModel.php

@@ -0,0 +1,39 @@
+<?php
+
+namespace App\Altcha\Form;
+
+use Symfony\Component\Validator\Constraints as Assert;
+
+class AltchaModel
+{
+    /**
+     * @Assert\NotBlank()
+     * @Assert\Regex("/^(SHA-1|SHA-256|SHA-512)$/")
+     */
+    public string $algorithm;
+
+    /**
+     * @Assert\NotBlank()
+     */
+    public string $challenge;
+
+    /**
+     * @Assert\NotBlank()
+     */
+    public string $salt;
+
+    /**
+     * @Assert\NotBlank()
+     */
+    public int $number;
+
+    /**
+     * @Assert\NotBlank()
+     */
+    public string $signature;
+
+    /**
+     * @Assert\NotBlank()
+     */
+    public int $took;
+}

src/Altcha/Form/AltchaType.php

@@ -0,0 +1,81 @@
+<?php
+
+namespace App\Altcha\Form;
+
+use App\Altcha\AltchaValidator;
+use App\Altcha\AltchaTransformer;
+use Symfony\Component\Form\FormView;
+use Symfony\Component\Form\FormEvents;
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\FormInterface;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Contracts\HttpClient\HttpClientInterface;
+use Symfony\Contracts\Translation\TranslatorInterface;
+use Symfony\Component\Form\Extension\Core\Type\TextType;
+
+class AltchaType extends AbstractType
+{
+    public function __construct(
+        private readonly string $altchaHost,
+        private readonly string $altchaBaseUrl,
+        private readonly string $altchaDebug,
+        private readonly string $altchaWorkers,
+        private readonly string $altchaDelay,
+        private readonly string $altchaMockError,
+        private readonly AltchaValidator $altchaValidator,
+        private readonly HttpClientInterface $httpClient,
+        private readonly TranslatorInterface $translator
+    ) {
+    }
+
+    public function buildForm(FormBuilderInterface $builder, array $options): void
+    {
+        $builder->addModelTransformer(new AltchaTransformer());
+
+        $builder->addEventListener(FormEvents::POST_SUBMIT, [$this->altchaValidator, 'validate']);
+    }
+
+    public function buildView(FormView $view, FormInterface $form, array $options)
+    {
+        $translations = [
+            'label' => $this->translator->trans('altcha.widget.label', [], 'form'),
+            'verified' => $this->translator->trans('altcha.widget.verified', [], 'form'),
+            'verifying' => $this->translator->trans('altcha.widget.verifying', [], 'form'),
+            'waitAlert' => $this->translator->trans('altcha.widget.waitalert', [], 'form'),
+            'error' => $this->translator->trans('altcha.widget.error', [], 'form'),
+            'expired' => $this->translator->trans('altcha.widget.expired', [], 'form'),
+        ];
+        $view->vars['translations'] = json_encode($translations);
+        $view->vars['challengeJson'] = $this->requestChallenge();
+        $view->vars['debug'] = $this->altchaDebug;
+        $view->vars['workers'] = $this->altchaWorkers;
+        $view->vars['delay'] = $this->altchaDelay;
+        $view->vars['mockError'] = $this->altchaMockError;
+    }
+
+    private function requestChallenge(): string
+    {
+        $resp = $this->httpClient->request('GET', $this->altchaHost.$this->altchaBaseUrl.'/request');
+        if (Response::HTTP_OK === $resp->getStatusCode()) {
+            return $resp->getContent();
+        }
+
+        return '';
+    }
+
+    public function getParent(): string
+    {
+        return TextType::class;
+    }
+
+    public function getName(): string
+    {
+        return $this->getBlockPrefix();
+    }
+
+    public function getBlockPrefix(): string
+    {
+        return 'altcha';
+    }
+}

src/Flag/Controller/FlagController.php

@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Flag\Controller;
+
+use App\Flag\FlagEnum;
+use Predis\ClientInterface;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+
+class FlagController extends AbstractController
+{
+    #[Route('/flag', name: 'flag_update', methods: ['PUT'])]
+    public function updateFlag(ClientInterface $redis, FlagEnum $flagName, bool $flagValue): Response
+    {
+        $redis->set($flagName->value, $flagValue);
+
+        return new JsonResponse(
+            [\sprintf('flag %s has been %s.', $flagName->value, $flagValue ? 'enabled' : 'disabled')]
+        );
+    }
+}

src/Flag/FlagAccessor.php

@@ -0,0 +1,24 @@
+<?php
+
+namespace App\Flag;
+
+use Predis\ClientInterface;
+
+class FlagAccessor
+{
+    public function __construct(
+        private readonly ClientInterface $redis
+    ) {
+    }
+
+    public function isFlagEnabled(FlagEnum $flagName, bool $fallbackValue = false): bool
+    {
+        $flagValue = $this->redis->get($flagName->value);
+
+        if (null === $flagValue) {
+            return $fallbackValue;
+        }
+
+        return (bool) $flagValue;
+    }
+}

src/Flag/FlagEnum.php

@@ -0,0 +1,8 @@
+<?php
+
+namespace App\Flag;
+
+enum FlagEnum: string
+{
+    case Altcha = 'altcha';
+}

src/Form/LoginType.php

@@ -2,15 +2,25 @@
 
 namespace App\Form;
 
+use App\Flag\FlagEnum;
+use Predis\Client;
+use App\Flag\FlagAccessor;
+use App\Altcha\Form\AltchaType;
 use Symfony\Component\Form\AbstractType;
-use Symfony\Component\Form\Extension\Core\Type\CheckboxType;
-use Symfony\Component\Form\Extension\Core\Type\PasswordType;
-use Symfony\Component\Form\Extension\Core\Type\TextType;
 use Symfony\Component\Form\FormBuilderInterface;
 use Symfony\Component\OptionsResolver\OptionsResolver;
+use Symfony\Component\Form\Extension\Core\Type\TextType;
+use Symfony\Component\Form\Extension\Core\Type\CheckboxType;
+use Symfony\Component\Form\Extension\Core\Type\PasswordType;
 
 class LoginType extends AbstractType
 {
+    public function __construct(
+        private readonly FlagAccessor $flagAccessor,
+        private readonly bool $altchaEnabled
+    ) {
+    }
+
     public function buildForm(FormBuilderInterface $builder, array $options): void
     {
         $builder
@@ -28,6 +38,13 @@ class LoginType extends AbstractType
                 'label' => 'form.label.remember_me',
             ])
         ;
+
+        if ($this->flagAccessor->isFlagEnabled(FlagEnum::Altcha, $this->altchaEnabled)) {
+            $builder->add('altcha', AltchaType::class, [
+                'label' => false,
+                'translation_domain' => 'form',
+            ]);
+        };
     }
 
     public function configureOptions(OptionsResolver $resolver): void

src/Hydra/Client.php

@@ -9,19 +9,17 @@ use Symfony\Contracts\HttpClient\ResponseInterface;
 
 class Client
 {
-    private HttpClientInterface $client;
     private const MAX_RETRY = 3;
     private const SLEEP_TIME = [
         5,
         500,
         5000,
     ];
-    private string $hydraAdminBaseUrl;
 
-    public function __construct(HttpClientInterface $client, string $hydraAdminBaseUrl)
-    {
-        $this->client = $client;
-        $this->hydraAdminBaseUrl = $hydraAdminBaseUrl;
+    public function __construct(
+        private readonly HttpClientInterface $client,
+        private readonly string $hydraAdminBaseUrl
+    ) {
     }
 
     public function fetchLoginRequestInfo(string $loginChallenge): ResponseInterface

src/Hydra/Exception/InvalidIssuerException.php

@@ -6,4 +6,4 @@ use Symfony\Component\HttpFoundation\Exception\BadRequestException;
 
 class InvalidIssuerException extends BadRequestException
 {
-}
+}