PHPackages                             huluti/altcha-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. huluti/altcha-bundle

Abandoned → [tito10047/altcha-bundle](/?search=tito10047%2Faltcha-bundle)Symfony-bundle[Authentication &amp; Authorization](/categories/authentication)

huluti/altcha-bundle
====================

A simple package to help integrate Altcha on Symfony.

3.1.0(1mo ago)1912.0k↓76.6%8[1 issues](https://github.com/tito10047/altcha-bundle/issues)1MITPHPPHP &gt;=8.2CI passing

Since Nov 24Pushed 3w ago1 watchersCompare

[ Source](https://github.com/tito10047/altcha-bundle)[ Packagist](https://packagist.org/packages/huluti/altcha-bundle)[ RSS](/packages/huluti-altcha-bundle/feed)WikiDiscussions main Synced 3w ago

READMEChangelog (10)Dependencies (69)Versions (45)Used By (1)

A simple package to help integrate ALTCHA on Symfony Form.
==========================================================

[](#a-simple-package-to-help-integrate-altcha-on-symfony-form)

[![Packagist Version](https://camo.githubusercontent.com/6c71bc3975aeac0e4dcf2c8b60a56fe82371d426550230af659921be3914c069/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f7469746f31303034372f616c746368612d62756e646c65)](https://camo.githubusercontent.com/6c71bc3975aeac0e4dcf2c8b60a56fe82371d426550230af659921be3914c069/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f7469746f31303034372f616c746368612d62756e646c65)[![Packagist License](https://camo.githubusercontent.com/e8840e93b62ee511f89158744bb5569daacb47e2889a9a7c88a7795921b2cef5/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f7469746f31303034372f616c746368612d62756e646c65)](https://camo.githubusercontent.com/e8840e93b62ee511f89158744bb5569daacb47e2889a9a7c88a7795921b2cef5/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f7469746f31303034372f616c746368612d62756e646c65)[![Packagist Downloads](https://camo.githubusercontent.com/9af3ee81924570cf449b6324af91c50dce3c5298df78b4767479dbc29df7ac41/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f7469746f31303034372f616c746368612d62756e646c65)](https://camo.githubusercontent.com/9af3ee81924570cf449b6324af91c50dce3c5298df78b4767479dbc29df7ac41/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f7469746f31303034372f616c746368612d62756e646c65)[![Tests](https://github.com/Tito10047/altcha-bundle/actions/workflows/ci.yml/badge.svg)](https://github.com/Tito10047/altcha-bundle/actions/workflows/ci.yml)

This packages integrates [ALTCHA](https://altcha.org/), a privacy-friendly Captcha alternative, with Symfony forms. Simply add an `AltchaType` field to your form and this package will automatically check the challenge issue.

> ALTCHA uses a proof-of-work mechanism to protect your website, APIs, and online services from spam and unwanted content.
>
> Unlike other solutions, ALTCHA is free, open-source and self-hosted, does not use cookies nor fingerprinting, does not track users, and is fully compliant with GDPR.
>
> Say goodbye to tedious puzzle-solving and improve your website's UX by integrating a fully automated proof-of-work mechanism.

Support
-------

[](#support)

- Symfony 6.4 | 7.4 | 8.0+
- PHP 8.2+
- Webpack | Asset Mapper | Twig

Installation
------------

[](#installation)

You can install the package via Composer:

```
composer require tito10047/altcha-bundle
```

Add bundle into config/bundles.php file:

```
Tito10047\AltchaBundle\AltchaBundle::class => ['all' => true]
```

Add a config file:

### YML

[](#yml)

`config/packages/altcha.yaml`

```
altcha:
    enable: true
    hmacSignature: '%env(APP_SECRET)%' # Replaces deprecated hmacKey
    hmacAlgorithm: 'SHA-256'
    hmacKeySignature: ~ # Optional signature key
    cost: 5000
    counter_min: 5000
    counter_max: 10000
    timeout: 30.0
    floating: true
    overlay: false
    use_stimulus: false
    include_script: true
    hide_logo: false
    hide_footer: false

when@test:
    altcha:
        enable: false
```

Import bundle routes:

### YML

[](#yml-1)

```
altcha:
    resource: '@AltchaBundle/config/routes.yml'
    type: yaml
```

⚠️ **Important – Security Configuration**

If your application restricts access globally using a rule like:

```
access_control:
    - { path: ^/, roles: ROLE_USER }
```

Then the Altcha challenge endpoint (`/altcha/challenge`) will also be protected by default.

To allow it to be publicly accessible (as intended for the challenge mechanism to work), **you must explicitly add the following rule before the global one**:

```
access_control:
    - { path: ^/altcha/challenge, roles: PUBLIC_ACCESS }
    - { path: ^/, roles: ROLE_USER }
```

This ensures that the challenge endpoint is reachable by unauthenticated users, while keeping the rest of your app secure.

### Use with your Symfony Form

[](#use-with-your-symfony-form)

Create a form type and insert an AltchaType to add the captcha:

```