add math captcha type (#514)

Author: solverat

README.md

@@ -21,7 +21,7 @@
 ## Installation
 
 ```bash
-composer require "dachcom-digital/formbuilder":"~5.2.0"
+composer require "dachcom-digital/formbuilder":"~5.3.0"
 ```
 
 Add Bundle to `bundles.php`:
@@ -56,6 +56,7 @@ Nothing to tell here, it's just [Symfony](https://symfony.com/doc/current/templa
   - [FriendlyCaptcha](docs/03_SpamProtection.md#friendly-captcha)
   - [Honeypot](docs/03_SpamProtection.md#honeypot)
   - [ReCaptcha V3](docs/03_SpamProtection.md#recaptcha-v3)
+  - [Math Captcha](docs/03_SpamProtection.md#math-captcha)
   - [Email Checker](docs/03_SpamProtection.md#email-checker)
   - [Double-Opt-In Feature](docs/04_DoubleOptIn.md)
 - [Output Workflows](docs/OutputWorkflow/0_Usage.md)

UPGRADE.md

@@ -3,6 +3,7 @@
 ## 5.3.0
 - **[IMPROVEMENT]** New field added to `form_builder_form_attributes`: `autocomplete`
 - **[BUGFIX]** Solidify check for empty value in output transformer [#486](https://github.com/dachcom-digital/pimcore-formbuilder/issues/508)
+- **[SECURITY FEATURE]** Math CAPTCHA Field [#511](https://github.com/dachcom-digital/pimcore-formbuilder/issues/511), read more about it [here](./docs/03_SpamProtection.md#math-captcha)
 
 ## 5.2.0
 - **[LICENSE]** Dual-License with GPL and Dachcom Commercial License (DCL) added

config/install/translations/admin.csv

@@ -62,6 +62,9 @@
 "form_builder_type.time_type","Time Type","Uhrzeit Element"
 "form_builder_type.birthday_type","Birthday Type","Geburtstag Element"
 "form_builder_type.recaptcha_v3","reCAPTCHA v3 Field","reCAPTCHA v3 Feld"
+"form_builder_type.math_captcha","Math Captcha Field","Mathematisches Captcha Feld"
+"form_builder_type_field.math_captcha.validation_message_trans_note","Validation messages will be translated via pimcore translation manager: 'The given answer is not correct', 'Captcha has expired due to inactivity. Please refresh the page and try again.'","Validierungsmeldungen werden mit dem Pimcore Translation-Manager übersetzt: 'The given answer is not correct', 'Captcha has expired due to inactivity. Please refresh the page and try again.'"
+"form_builder_type_field.math_captcha.difficulty","Difficulty","Schwierigkeit"
 "form_builder_type.friendly_captcha","Friendly Captcha Field","Friendly Captcha Feld"
 "form_builder_type.cloudflare_turnstile","Cloudflare Turnstile Field","Cloudflare Turnstile Feld"
 "form_builder_type_tab.default","Default","Standard"

config/services/forms/forms.yaml

@@ -22,6 +22,13 @@ services:
         tags:
             - { name: form.type }
 
+    FormBuilderBundle\Form\Type\MathCaptchaType:
+        public: false
+        arguments:
+            - '@FormBuilderBundle\Tool\MathCaptchaProcessor'
+        tags:
+            - { name: form.type }
+
     FormBuilderBundle\Form\Type\DynamicFormType:
         public: false
         arguments:

config/services/system.yaml

@@ -31,6 +31,13 @@ services:
     FormBuilderBundle\Tool\CloudflareTurnstileProcessorInterface: '@FormBuilderBundle\Tool\CloudflareTurnstileProcessor'
     FormBuilderBundle\Tool\CloudflareTurnstileProcessor: ~
 
+    # tool: math captcha processor
+    FormBuilderBundle\Tool\MathCaptchaProcessorInterface: '@FormBuilderBundle\Tool\MathCaptchaProcessor'
+    FormBuilderBundle\Tool\MathCaptchaProcessor:
+        arguments:
+            - '%pimcore.encryption.secret%'
+            - '@FormBuilderBundle\Configuration\Configuration'
+
     # configuration
     FormBuilderBundle\Configuration\Configuration: ~
 

config/services/validator.yaml

@@ -14,6 +14,11 @@ services:
         tags:
             - { name: validator.constraint_validator }
 
+    FormBuilderBundle\Validator\Constraints\MathCaptchaValidator:
+        public: false
+        tags:
+            - { name: validator.constraint_validator }
+
     FormBuilderBundle\Validator\Constraints\CloudflareTurnstileValidator:
         public: false
         tags:

config/types/type/math_captcha.yaml

@@ -0,0 +1,27 @@
+form_builder:
+    types:
+        math_captcha:
+            class: FormBuilderBundle\Form\Type\MathCaptchaType
+            backend:
+                form_type_group: security_fields
+                label: 'form_builder_type.math_captcha'
+                icon_class: 'form_builder_icon_math_captcha'
+                constraints: false
+                fields:
+                    optional.email_label: ~
+                    options.help_text: ~
+                    options.data: ~
+                    options.value: ~
+                    options.difficulty:
+                        display_group_id: base
+                        type: select
+                        label: 'form_builder_type_field.math_captcha.difficulty'
+                        config:
+                            options:
+                                - ['easy','easy']
+                                - ['normal','normal']
+                                - ['hard','hard']
+                    options.validation_message_trans_note:
+                        display_group_id: base
+                        type: label
+                        label: 'form_builder_type_field.math_captcha.validation_message_trans_note'

docs/03_SpamProtection.md

@@ -60,6 +60,8 @@ form_builder:
 4. Enable the FriendlyCaptcha [javascript module](./91_Javascript.md)
 4. Done
 
+***
+
 ## Cloudflare Turnstile
 Turnstile delivers frustration-free, CAPTCHA-free web experiences to website visitors - with just a simple snippet of free code.
 Moreover, Turnstile stops abuse and confirms visitors are real without the data privacy concerns or awful user experience of CAPTCHAs.
@@ -80,6 +82,47 @@ form_builder:
 4. Enable the CloudFlareTurnstile [javascript module](./91_Javascript.md)
 4. Done
 
+***
+
+## Math Captcha
+This simple math captcha form provides a lightweight and session-free way to prevent automated submissions.
+It offers three difficulty levels, allowing customization based on security needs.
+The captcha generates random math problems that users must solve before submitting the form.
+Since no session storage is required, it can be easily integrated with minimal overhead.
+
+> [!CAUTION]  
+> The Math captcha doesn't solve the problem of figuring out that a user has previously solved the captcha.
+> It only protects individual requests and might help if you're in the middle of a spam attack.
+> However, it will give you time, to set up stronger spam protection like 
+> recaptcha, turnstile or friendly captcha (which are all supported by this bundle) to get rid of smart bots!
+
+### Encryption Secret
+
+> [!IMPORTANT]  
+> Math Captcha requires a valid encryption key!
+> It uses the `%pimcore.encryption.secret%` as default, but you're able to set a dedicated one:
+
+```yaml
+form_builder:
+    spam_protection:
+        math_captcha:
+            encryption_secret: 'my-very-long-encryption-secret'
+```
+
+### Math Captcha TTL | Expiration
+To prevent replay attacks in a long-term view, a math captcha gets invalided after 30 minutes.
+
+If you want to change the value, you need to update the configuration
+
+```yaml
+form_builder:
+    spam_protection:
+        math_captcha:
+            hash_ttl: 30 # 30 minutes (default value)
+```
+
+***
+
 ## Email Checker
 The Email Checker Validator is available, if you've added at least one service. Per default, no service is registered by default. 
 

public/css/admin.css

@@ -202,6 +202,10 @@
     background: url(/bundles/formbuilder/img/friendly_captcha.svg) left center no-repeat !important;
 }
 
+.form_builder_icon_math_captcha {
+    background: url(/bundles/formbuilder/img/math_captcha.svg) left center no-repeat !important;
+}
+
 /*
     Conditional Logic
 */