Merge pull request #75 from monarc-project/feature/captcha

Captcha

Author: ruslanbaidan

composer.json

@@ -60,10 +60,11 @@
         "symfony/console": "^5.0",
         "guzzlehttp/guzzle": "^6.5",
         "phpoffice/phpword": "^0.18.1",
-        "laminas/laminas-mvc-middleware": "^2.2"
+        "laminas/laminas-mvc-middleware": "^2.2",
+        "laminas/laminas-captcha": "^2.18"
     },
     "require-dev": {
-        "roave/security-advisories": "dev-master"
+        "roave/security-advisories": "dev-latest"
     },
     "autoload": {
         "psr-4": {

config/module.config.php

@@ -45,6 +45,16 @@
 return [
     'router' => [
         'routes' => [
+            'captcha' => [
+                'type' => 'segment',
+                'options' => [
+                    'route' => '/api/captcha',
+                    'defaults' => [
+                        'controller' => PipeSpec::class,
+                        'middleware' => new PipeSpec(Controller\ApiCaptchaController::class),
+                    ],
+                ],
+            ],
             'monarc_api_admin_users_roles' => [
                 'type' => 'segment',
                 'options' => [
@@ -1475,6 +1485,7 @@
             DeprecatedTable\RecordTable::class => AutowireFactory::class,
             DeprecatedTable\QuestionTable::class => AutowireFactory::class,
             DeprecatedTable\QuestionChoiceTable::class => AutowireFactory::class,
+            Table\ActionHistoryTable::class => ClientEntityManagerFactory::class,
             Table\AnrTable::class => ClientEntityManagerFactory::class,
             Table\AnrInstanceMetadataFieldTable::class => ClientEntityManagerFactory::class,
             Table\AmvTable::class => ClientEntityManagerFactory::class,
@@ -1613,7 +1624,8 @@
             AdapterAuthentication::class => static function (ContainerInterface $container) {
                 return new AdapterAuthentication(
                     $container->get(Table\UserTable::class),
-                    $container->get(ConfigService::class)
+                    $container->get(ConfigService::class),
+                    $container->get(Service\ActionHistoryService::class),
                 );
             },
             ConnectedUserService::class => static function (ContainerInterface $container) {
@@ -1794,6 +1806,9 @@
             'routes' => [],
         ],
     ],
+    'permissions' => [
+        'captcha',
+    ],
     'roles' => [
         // Super Admin : Management of users (and guides, models, referentials, etc.)
         Entity\UserRole::SUPER_ADMIN_FO => [

migrations/db/20250129110600_create_actions_history_table.php

@@ -0,0 +1,27 @@
+<?php declare(strict_types=1);
+/**
+ * @link      https://github.com/monarc-project for the canonical source repository
+ * @copyright Copyright (c) 2016-2025 Luxembourg House of Cybersecurity LHC.lu - Licensed under GNU Affero GPL v3
+ * @license   MONARC is licensed under GNU Affero General Public License version 3
+ */
+
+use Phinx\Migration\AbstractMigration;
+
+class CreateActionsHistoryTable extends AbstractMigration
+{
+    public function change()
+    {
+        $this->execute(
+            'CREATE TABLE IF NOT EXISTS `actions_history` (
+                `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
+                `user_id` int(11) unsigned DEFAULT NULL,
+                `action` varchar(100) NOT NULL,
+                `data` TEXT,
+                `status` smallint(3) unsigned NOT NULL DEFAULT 0,
+                `creator` varchar(255) NOT NULL,
+                `created_at` datetime DEFAULT CURRENT_TIMESTAMP,
+                PRIMARY KEY (`id`),
+                CONSTRAINT `actions_history_user_id_id_fk1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE SET NULL);'
+        );
+    }
+}

src/Controller/ApiCaptchaController.php

@@ -0,0 +1,42 @@
+<?php declare(strict_types=1);
+/**
+ * @link      https://github.com/monarc-project for the canonical source repository
+ * @copyright Copyright (c) 2016-2025 Luxembourg House of Cybersecurity LHC.lu - Licensed under GNU Affero GPL v3
+ * @license   MONARC is licensed under GNU Affero General Public License version 3
+ */
+
+namespace Monarc\FrontOffice\Controller;
+
+use Monarc\Core\Controller\Handler\AbstractRestfulControllerRequestHandler;
+use Monarc\Core\Controller\Handler\ControllerRequestResponseHandlerTrait;
+use Monarc\FrontOffice\Service\CaptchaService;
+
+class ApiCaptchaController extends AbstractRestfulControllerRequestHandler
+{
+    use ControllerRequestResponseHandlerTrait;
+
+    public function __construct(private CaptchaService $captchaService)
+    {
+    }
+
+    public function getList()
+    {
+        if ($this->captchaService->isActivated()) {
+            return $this->getPreparedJsonResponse(
+                array_merge(['isCaptchaActivated' => true], $this->captchaService->generate())
+            );
+        }
+
+        return $this->getPreparedJsonResponse(['isCaptchaActivated' => false]);
+    }
+
+    /**
+     * @param array $data
+     */
+    public function create($data)
+    {
+        return $this->getSuccessfulJsonResponse(
+            ['isCaptchaValid' => $this->captchaService->isValid($data['captchaId'], $data['captchaInput'])]
+        );
+    }
+}

src/Controller/ApiConfigController.php

@@ -19,13 +19,16 @@ public function __construct(private ConfigService $configService)
 
     public function getList()
     {
+        $isExportDefaultWithEval = $this->configService->getConfigOption('export', [])['defaultWithEval'] ?? false;
+
         return new JsonModel(array_merge(
             $this->configService->getLanguage(),
             $this->configService->getAppVersion(),
             $this->configService->getCheckVersion(),
             $this->configService->getAppCheckingURL(),
             $this->configService->getMospApiUrl(),
-            $this->configService->getTerms()
+            $this->configService->getTerms(),
+            ['isExportDefaultWithEval' => $isExportDefaultWithEval],
         ));
     }
 }

src/Entity/ActionHistory.php

@@ -0,0 +1,21 @@
+<?php declare(strict_types=1);
+/**
+ * @link      https://github.com/monarc-project for the canonical source repository
+ * @copyright Copyright (c) 2016-2025 Luxembourg House of Cybersecurity LHC.lu - Licensed under GNU Affero GPL v3
+ * @license   MONARC is licensed under GNU Affero General Public License version 3
+ */
+
+namespace Monarc\FrontOffice\Entity;
+
+use Doctrine\ORM\Mapping as ORM;
+use Monarc\Core\Entity\ActionHistorySuperClass;
+
+/**
+ * @ORM\Table(name="actions_history", indexes={
+ *      @ORM\Index(name="action", columns={"action"}),
+ * })
+ * @ORM\Entity
+ */
+class ActionHistory extends ActionHistorySuperClass
+{
+}

src/Service/ActionHistoryService.php

@@ -0,0 +1,19 @@
+<?php declare(strict_types=1);
+/**
+ * @link      https://github.com/monarc-project for the canonical source repository
+ * @copyright Copyright (c) 2016-2025 Luxembourg House of Cybersecurity LHC.lu - Licensed under GNU Affero GPL v3
+ * @license   MONARC is licensed under GNU Affero General Public License version 3
+ */
+
+namespace Monarc\FrontOffice\Service;
+
+use Monarc\Core\Service\ActionHistoryService as CoreActionHistoryService;
+use Monarc\FrontOffice\Table\ActionHistoryTable;
+
+class ActionHistoryService extends CoreActionHistoryService
+{
+    public function __construct(ActionHistoryTable $actionHistoryTable)
+    {
+        parent::__construct($actionHistoryTable);
+    }
+}

src/Service/AnrObjectService.php

@@ -161,6 +161,7 @@ public function createList(Entity\Anr $anr, array $data): array
             $object = $this->create($anr, $objectData, false);
             $createdObjectsUuids[] = $object->getUuid();
         }
+        $this->monarcObjectTable->flush();
 
         return $createdObjectsUuids;
     }

src/Service/CaptchaService.php

@@ -0,0 +1,81 @@
+<?php declare(strict_types=1);
+/**
+ * @link      https://github.com/monarc-project for the canonical source repository
+ * @copyright Copyright (c) 2016-2025 Luxembourg House of Cybersecurity LHC.lu - Licensed under GNU Affero GPL v3
+ * @license   MONARC is licensed under GNU Affero General Public License version 3
+ */
+
+namespace Monarc\FrontOffice\Service;
+
+use Laminas\Captcha\Image as CaptchaImage;
+use Laminas\Session\Container;
+use Monarc\Core\Entity\ActionHistorySuperClass;
+use Monarc\Core\Service\ConfigService;
+
+final class CaptchaService
+{
+    private const DEFAULT_FAILED_LOGIN_ATTEMPTS = 3;
+
+    private array $params;
+
+    public function __construct(private ActionHistoryService $actionHistoryService, ConfigService $config)
+    {
+        $this->params = $config->getCaptchaConfig();
+    }
+
+    public function isActivated(): bool
+    {
+        $isEnabled = (bool)($this->params['enabled'] ?? false);
+        if (!$isEnabled) {
+            return false;
+        }
+
+        $failedLoginAttemptsLimit = (int)($this->params['failedLoginAttempts'] ?? self::DEFAULT_FAILED_LOGIN_ATTEMPTS);
+        if ($failedLoginAttemptsLimit > 0) {
+            /* Login attempt number validation from the logs. */
+            $lastLoginsHistory = $this->actionHistoryService->getActionsHistoryByAction(
+                ActionHistorySuperClass::ACTION_LOGIN_ATTEMPT,
+                $failedLoginAttemptsLimit
+            );
+            if (\count($lastLoginsHistory) < $failedLoginAttemptsLimit) {
+                return false;
+            }
+            foreach ($lastLoginsHistory as $lastLoginHistory) {
+                if ($lastLoginHistory->getStatus() === ActionHistorySuperClass::STATUS_SUCCESS) {
+                    return false;
+                }
+            }
+        }
+
+        return true;
+    }
+
+    public function generate(): array
+    {
+        $captcha = new CaptchaImage($this->params['params']);
+
+        $captchaId = $captcha->generate();
+
+        /* Store the captcha ID for validation. */
+        $session = new Container('captcha');
+        $session->offsetSet('captchaId', $captchaId);
+
+        return [
+            'captchaId' => $captchaId,
+            'captchaUrl' => $captcha->getImgUrl() . $captcha->getId() . $captcha->getSuffix(),
+        ];
+    }
+
+    public function isValid(string $captchaId, string $inputText): bool
+    {
+        $captcha = new CaptchaImage($this->params['params']);
+
+        $session = new Container('captcha');
+        $storedCaptchaId = $session->offsetGet('captchaId');
+        if ($captchaId !== $storedCaptchaId) {
+            return false;
+        }
+
+        return $captcha->isValid(['input' => $inputText, 'id' => $storedCaptchaId]);
+    }
+}

src/Table/ActionHistoryTable.php

@@ -0,0 +1,20 @@
+<?php declare(strict_types=1);
+/**
+ * @link      https://github.com/monarc-project for the canonical source repository
+ * @copyright Copyright (c) 2016-2025 Luxembourg House of Cybersecurity LHC.lu - Licensed under GNU Affero GPL v3
+ * @license   MONARC is licensed under GNU Affero General Public License version 3
+ */
+
+namespace Monarc\FrontOffice\Table;
+
+use Doctrine\ORM\EntityManager;
+use Monarc\Core\Table\ActionHistoryTable as CoreActionHistoryTable;
+use Monarc\FrontOffice\Entity\ActionHistory;
+
+class ActionHistoryTable extends CoreActionHistoryTable
+{
+    public function __construct(EntityManager $entityManager, string $entityName = ActionHistory::class)
+    {
+        parent::__construct($entityManager, $entityName);
+    }
+}