Upgrade bundled JS lib to latest ALTCHA v2.2.4 release

django_altcha/__init__.py

@@ -137,9 +137,22 @@ def get_context(self, name, value, attrs):
             )
             self.options["challengejson"] = json.dumps(challenge.__dict__)
 
-        context["widget"]["altcha_options"] = self.options
+        # JSON-encode list/dict values before setting in context
+        encoded_options = self.encode_values(self.options)
+        context["widget"]["altcha_options"] = encoded_options
+
         return context
 
+    @staticmethod
+    def encode_values(data):
+        """Return a shallow copy of `data` where lists and dicts are JSON encoded."""
+        encoded = {}
+        for key, value in data.items():
+            if isinstance(value, (list, dict)):
+                value = json.dumps(value)
+            encoded[key] = value
+        return encoded
+
 
 class AltchaField(forms.Field):
     widget = AltchaWidget
@@ -150,16 +163,30 @@ class AltchaField(forms.Field):
         "replay": _("Challenge has already been used."),
     }
     default_options = {
+        ## Required options:
+        #
         # URL of your server to fetch the challenge from.
         "challengeurl": None,
-        # JSON-encoded challenge data
-        # (use instead of challengeurl to avoid HTTP request).
+        # JSON-encoded challenge data.
+        # If avoiding an HTTP request to challengeurl, provide the data here.
         "challengejson": None,
+        ## Additional options:
+        #
         # Automatically verify without user interaction.
         # Possible values: "off", "onfocus", "onload", "onsubmit".
         "auto": None,
+        # Whether to include credentials with the challenge request
+        # Possible values: "omit", "same-origin", "include".
+        "credentials": None,
+        # A custom fetch function for retrieving the challenge.
+        # Accepts `url: string` and `init: RequestInit` as arguments and must return a
+        # `Response`.
+        "customfetch": None,
         # Artificial delay before verification (in milliseconds, default: 0).
         "delay": None,
+        # If true, prevents the code-challenge input from automatically receiving
+        # focus on render (defaults to "false").
+        "disableautofocus": None,
         # Challenge expiration duration (in milliseconds).
         "expire": ALTCHA_CHALLENGE_EXPIRE,
         # Enable floating UI.
@@ -172,14 +199,27 @@ class AltchaField(forms.Field):
         "floatingoffset": None,
         # Enable a “persistent” mode to keep the widget visible under specific
         # conditions.
-        # Possible values: "true", "focus".
+        # Possible values: "true", "false", "focus".
         "floatingpersist": None,
         # Hide the footer (ALTCHA link).
         "hidefooter": None,
         # Hide the ALTCHA logo.
         "hidelogo": None,
+        # The checkbox id attribute.
+        # Useful for multiple instances of the widget on the same page.
+        "id": None,
+        # The ISO alpha-2 code of the language to use
+        # (the language file be imported from `altcha/i18n/*`).
+        "language": None,
         # Max number to iterate to (default: 1,000,000).
         "maxnumber": None,
+        # Name of the hidden field containing the payload (defaults to "altcha").
+        "name": None,
+        # Enables overlay UI mode (automatically sets `auto="onsubmit"`).
+        "overlay": None,
+        # CSS selector of the HTML element to display in the overlay modal before the
+        # widget.
+        "overlaycontent": None,
         # JSON-encoded translation strings for customization.
         "strings": None,
         # Automatically re-fetch and re-validate when the challenge expires
@@ -190,6 +230,14 @@ class AltchaField(forms.Field):
         "workers": None,
         # URL of the Worker script (default: ./worker.js, only for external builds).
         "workerurl": None,
+        # Data Obfuscation options:
+        #
+        # The obfuscated data provided as a base64-encoded string (requires
+        # altcha/obfuscation plugin).
+        # Use only without challengeurl/challengejson.
+        "obfuscated": None,
+        ## Development / testing options:
+        #
         # Print log messages in the console (for debugging).
         "debug": None,
         # Causes verification to always fail with a "mock" error.

django_altcha/static/altcha/altcha.min.js.ABOUT

@@ -1,7 +1,7 @@
 about_resource: altcha.min.js
 name: altcha
-version: 1.4.2
-download_url: https://github.com/altcha-org/altcha/archive/refs/tags/v1.4.2.tar.gz
-package_url: pkg:github/altcha-org/altcha@1.4.2
+version: 2.2.4
+download_url: https://github.com/altcha-org/altcha/archive/refs/tags/v2.2.4.tar.gz
+package_url: pkg:github/altcha-org/altcha@2.2.4
 license_expression: mit
 copyright: Copyright (c) 2023 Daniel Regeci

tests/test_widget.py

@@ -38,3 +38,18 @@ def test_widget_generates_challengejson_if_no_challengeurl(self):
         self.assertEqual("SHA-256", challengejson["algorithm"])
         self.assertEqual(64, len(challengejson["challenge"]))
         self.assertIn("?expires=", challengejson.get("salt"))
+
+    def test_widget_rendering_with_complex_options(self):
+        options = {
+            "strings": {
+                "label": "Label",
+                "verified": "Verified",
+            }
+        }
+        widget = AltchaWidget(options)
+        rendered_widget_html = widget.render("name", "value")
+        expected = (
+            'strings="{"label": "Label", '
+            '"verified": "Verified"}"'
+        )
+        self.assertIn(expected, rendered_widget_html)