chore: Add PR's requested changes

Author: matiasperrone-exo

app/Services/TurnstileClient.php

@@ -1,4 +1,5 @@
-<?php namespace App\Services;
+<?php
+namespace App\Services;
 /**
  * Copyright 2026 OpenStack Foundation
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -23,31 +24,33 @@
  */
 final class TurnstileClient implements ClientInterface
 {
-    public function __construct(private string $secret) {}
+    public function __construct(private string $secret)
+    {
+    }
 
     public function siteverify(string $token): SiteverifyResponse
     {
         $response = Http::retry(3, 100)
             ->asForm()
             ->acceptJson()
             ->post('https://challenges.cloudflare.com/turnstile/v0/siteverify', [
-                'secret'   => $this->secret,
+                'secret' => $this->secret,
                 'response' => $token,
             ]);
 
-        if (! $response->ok()) {
+        if (!$response->ok()) {
             return SiteverifyResponse::failure(['http-error']);
         }
 
         if ($response->json('success') === true) {
             return SiteverifyResponse::success();
         }
 
-        return SiteverifyResponse::failure($response->json('error-codes') ?? []);
+        return SiteverifyResponse::failure($response->json('error-codes') ?: ['internal-error']);
     }
 
     public function dummy(): string
     {
         return self::RESPONSE_DUMMY_TOKEN;
     }
-}
+}

tests/UserLoginTurnstileTest.php

@@ -1,4 +1,5 @@
-<?php namespace Tests;
+<?php
+namespace Tests;
 /**
  * Copyright 2026 OpenStack Foundation
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -24,23 +25,23 @@
  *  - cf-turnstile-response required when login_attempts (from request body) >= threshold
  *  - threshold gating (before / at boundary / above boundary)
  *  - omitted login_attempts field defaults to zero (no captcha required)
- *  - captcha is gated on the request-body counter, not on DB state
+ *  - captcha is gated on the request-body counter
  *  - login screen emits Turnstile JS config after a failed attempt
  *  - expired or unsolved token is rejected
  */
 final class UserLoginTurnstileTest extends BrowserKitTestCase
 {
     private const LOGIN_URL = '/auth/login';
     // Matches ServerConfigurationService::DefaultMaxFailedLoginAttempts2ShowCaptcha
-    private const CAPTCHA_THRESHOLD        = 3;
+    private const CAPTCHA_THRESHOLD = 3;
 
     private string $testEmail;
     private string $testPassword;
 
     protected function prepareForTests(): void
     {
         parent::prepareForTests();
-        $this->testEmail    = env('TEST_USER_EMAIL');
+        $this->testEmail = env('TEST_USER_EMAIL');
         $this->testPassword = env('TEST_USER_PASSWORD');
         if (empty($this->testEmail) || empty($this->testPassword)) {
             $this->markTestSkipped('TEST_USER_EMAIL and TEST_USER_PASSWORD env vars are required.');
@@ -67,8 +68,8 @@ private function postLogin(array $overrides = [])
         return $this->call('POST', self::LOGIN_URL, array_merge([
             'username' => $this->testEmail,
             'password' => $this->testPassword,
-            'flow'     => 'password',
-            '_token'   => Session::token(),
+            'flow' => 'password',
+            '_token' => Session::token(),
         ], $overrides));
     }
 
@@ -138,7 +139,7 @@ public function testLoginAtThresholdWithValidTokenPassesValidation(): void
 
         $this->postLogin([
             'cf-turnstile-response' => 'dummy-token-accepted-by-mock',
-            'login_attempts' => 1
+            'login_attempts' => self::CAPTCHA_THRESHOLD
         ]);
 
         $this->assertFalse(
@@ -162,23 +163,6 @@ public function testOmittedLoginAttemptsFieldDefaultsToZeroNoCaptchaRequired():
         );
     }
 
-    public function testCaptchaGatingUsesRequestBodyCounterNotDbState(): void
-    {
-        // Even for a username that doesn't exist in the DB, if the request body
-        // carries login_attempts >= threshold the captcha rule must fire.
-        // This proves gating is driven by the request-body counter, not by DB lookup.
-        $this->postLogin([
-            'username'       => 'nobody@doesnotexist.example',
-            'password'       => 'irrelevant',
-            'login_attempts' => self::CAPTCHA_THRESHOLD,
-        ]); // no cf-turnstile-response
-
-        $this->assertTrue(
-            $this->sessionHasValidationError('cf-turnstile-response'),
-            'Turnstile must be required when login_attempts >= threshold, regardless of whether the user exists'
-        );
-    }
-
     // -------------------------------------------------------------------------
     // 4. Rendering of Turnstile on the thresholded login screen
     // -------------------------------------------------------------------------
@@ -241,4 +225,4 @@ public function testUnsolvedCaptchaEmptyTokenFailsValidation(): void
             'An empty Turnstile response must be rejected by the required rule'
         );
     }
-}
+}