xref: /webtrees/app/Services/CaptchaService.php (revision 10e0649788c8d7d4974d81c048ca2b225df8f22e) 
1<?php
2
3/**
4 * webtrees: online genealogy
5 * Copyright (C) 2022 webtrees development team
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 */
17
18declare(strict_types=1);
19
20namespace Fisharebest\Webtrees\Services;
21
22use Fisharebest\Webtrees\Registry;
23use Fisharebest\Webtrees\Session;
24use Fisharebest\Webtrees\Validator;
25use Psr\Http\Message\ServerRequestInterface;
26
27use function assert;
28use function is_float;
29use function is_string;
30use function view;
31
32/**
33 * Completely Automated Public Turing test to tell Computers and Humans Apart.
34 */
35class CaptchaService
36{
37    // If the form is completed faster than this, then suspect a robot.
38    private const MINIMUM_FORM_TIME = 3.0;
39
40    /**
41     * Create the captcha
42     *
43     * @return string
44     */
45    public function createCaptcha(): string
46    {
47        $x = Registry::idFactory()->uuid();
48        $y = Registry::idFactory()->uuid();
49        $z = Registry::idFactory()->uuid();
50
51        Session::put('captcha-t', Registry::timeFactory()->now());
52        Session::put('captcha-x', $x);
53        Session::put('captcha-y', $y);
54        Session::put('captcha-z', $z);
55
56        return view('captcha', [
57            'x' => $x,
58            'y' => $y,
59            'z' => $z,
60        ]);
61    }
62
63    /**
64     * Check the user's response.
65     *
66     * @param ServerRequestInterface $request
67     *
68     * @return bool
69     */
70    public function isRobot(ServerRequestInterface $request): bool
71    {
72        $t = Session::pull('captcha-t');
73        $x = Session::pull('captcha-x');
74        $y = Session::pull('captcha-y');
75        $z = Session::pull('captcha-z');
76
77        assert(is_float($t));
78        assert(is_string($x));
79        assert(is_string($y));
80        assert(is_string($z));
81
82        $value_x = Validator::parsedBody($request)->string($x, '');
83        $value_y = Validator::parsedBody($request)->string($y, '');
84
85        // The captcha uses javascript to copy value z from field y to field x.
86        // Expect it in both fields.
87        if ($value_x !== $z || $value_y !== $z) {
88            return true;
89        }
90
91        // If the form was returned too quickly, then probably a robot.
92        return Registry::timeFactory()->now() < $t + self::MINIMUM_FORM_TIME;
93    }
94}
95