PHPackages                             tito10047/altcha-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. tito10047/altcha-bundle

ActiveSymfony-bundle[Authentication &amp; Authorization](/categories/authentication)

tito10047/altcha-bundle
=======================

A simple package to help integrate Altcha on Symfony.

2.1.3(4mo ago)1610.9k—2%7[1 issues](https://github.com/tito10047/altcha-bundle/issues)1MITPHPPHP &gt;=8.2CI passing

Since Nov 24Pushed 2mo ago1 watchersCompare

[ Source](https://github.com/tito10047/altcha-bundle)[ Packagist](https://packagist.org/packages/tito10047/altcha-bundle)[ RSS](/packages/tito10047-altcha-bundle/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (10)Dependencies (23)Versions (39)Used By (1)

A simple package to help integrate ALTCHA on Symfony Form.
==========================================================

[](#a-simple-package-to-help-integrate-altcha-on-symfony-form)

[![Packagist Version](https://camo.githubusercontent.com/6c71bc3975aeac0e4dcf2c8b60a56fe82371d426550230af659921be3914c069/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f7469746f31303034372f616c746368612d62756e646c65)](https://camo.githubusercontent.com/6c71bc3975aeac0e4dcf2c8b60a56fe82371d426550230af659921be3914c069/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f7469746f31303034372f616c746368612d62756e646c65)[![Packagist License](https://camo.githubusercontent.com/e8840e93b62ee511f89158744bb5569daacb47e2889a9a7c88a7795921b2cef5/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f7469746f31303034372f616c746368612d62756e646c65)](https://camo.githubusercontent.com/e8840e93b62ee511f89158744bb5569daacb47e2889a9a7c88a7795921b2cef5/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f7469746f31303034372f616c746368612d62756e646c65)[![Packagist Downloads](https://camo.githubusercontent.com/9af3ee81924570cf449b6324af91c50dce3c5298df78b4767479dbc29df7ac41/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f7469746f31303034372f616c746368612d62756e646c65)](https://camo.githubusercontent.com/9af3ee81924570cf449b6324af91c50dce3c5298df78b4767479dbc29df7ac41/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f7469746f31303034372f616c746368612d62756e646c65)[![Tests](https://github.com/Tito10047/altcha-bundle/actions/workflows/ci.yml/badge.svg)](https://github.com/Tito10047/altcha-bundle/actions/workflows/ci.yml)

This packages integrates [ALTCHA](https://altcha.org/), a privacy-friendly Captcha alternative, with Symfony forms. Simply add an `AltchaType` field to your form and this package will automatically check the challenge issue.

> ALTCHA uses a proof-of-work mechanism to protect your website, APIs, and online services from spam and unwanted content.
>
> Unlike other solutions, ALTCHA is free, open-source and self-hosted, does not use cookies nor fingerprinting, does not track users, and is fully compliant with GDPR.
>
> Say goodbye to tedious puzzle-solving and improve your website's UX by integrating a fully automated proof-of-work mechanism.

Support
-------

[](#support)

- Symfony 6.4 | 7.4 | 8.0+
- PHP 8.2+
- Webpack | Asset Mapper | Twig

Installation
------------

[](#installation)

You can install the package via Composer:

```
composer require tito10047/altcha-bundle
```

Add bundle into config/bundles.php file:

```
Tito10047\AltchaBundle\AltchaBundle::class => ['all' => true]
```

Add a config file:

### YML

[](#yml)

`config/packages/altcha.yaml`

```
altcha:
    enable: true
    hmacKey: '%env(APP_SECRET)%'
    floating: true
    overlay: false
    use_stimulus: false
    include_script: true
    hide_logo: false
    hide_footer: false

when@test:
    altcha:
        enable: false
```

### PHP

[](#php)

`config/packages/altcha.php`:

```
use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;

return static function (ContainerConfigurator $containerConfigurator): void {
    $containerConfigurator->extension('altcha', [
        'enable' => true,
        'hmacKey' => 'RANDOM_SECRET_KEY',
        'floating' => true,
        'overlay' => true,
        'use_stimulus' => false,
        'include_script' => true,
        'hide_logo' => false,
        'hide_footer' => false
    ]);

    if ('test' === $containerConfigurator->env()) {
        // Disable captcha in test environment
        $containerConfigurator->extension('altcha', [
            'enable' => false,
        ]);
    }
};
```

Import bundle routes:

### YML

[](#yml-1)

```
altcha:
    resource: '@AltchaBundle/config/routes.yml'
    type: yaml
```

### PHP

[](#php-1)

```
$routingConfigurator->import('@AltchaBundle/config/routes.yml');
```

⚠️ **Important – Security Configuration**

If your application restricts access globally using a rule like:

```
access_control:
    - { path: ^/, roles: ROLE_USER }
```

Then the Altcha challenge endpoint (`/altcha/challenge`) will also be protected by default.

To allow it to be publicly accessible (as intended for the challenge mechanism to work), **you must explicitly add the following rule before the global one**:

```
access_control:
    - { path: ^/altcha/challenge, roles: PUBLIC_ACCESS }
    - { path: ^/, roles: ROLE_USER }
```

This ensures that the challenge endpoint is reachable by unauthenticated users, while keeping the rest of your app secure.

### Use with your Symfony Form

[](#use-with-your-symfony-form)

Create a form type and insert an AltchaType to add the captcha:

```