Reduce dependency to rbnacl fixes jwt#549, jwt#550

anakinj · May 7, 2023 · fcb8540 · fcb8540
1 parent 62f5fdb
commit fcb8540
Show file tree

Hide file tree

Showing 8 changed files with 24 additions and 213 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,20 @@
 
 # Changelog
 
+## [v3.0.0](https://github.com/jwt/ruby-jwt/tree/v3.0.0) (FUTURE)
+
+[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.7.0...v3.0.0)
+
+**Features:**
+
+- [**Breaking change**] Removed support for the HMAC algorithm HS512256 (HMAC-SHA-512 truncated to 256-bits) [#549](https://github.com/jwt/ruby-jwt/issues/549) ([@anakinj](https://github.com/anakinj))
+- Only use openssl for HMAC algorithms [#550](https://github.com/jwt/ruby-jwt/issues/550) ([@anakinj](https://github.com/anakinj))
+- Your contribution here
+
+**Fixes and enhancements:**
+
+- Your contribution here
+
 ## [v2.8.0](https://github.com/jwt/ruby-jwt/tree/v2.8.0) (NEXT)
 
 [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.7.0...v2.8.0)

diff --git a/lib/jwt.rb b/lib/jwt.rb
@@ -1,5 +1,11 @@
 # frozen_string_literal: true
 
+begin
+  require 'rbnacl'
+rescue LoadError
+  raise if defined?(RbNaCl)
+end
+
 require 'jwt/version'
 require 'jwt/base64'
 require 'jwt/json'

diff --git a/lib/jwt/algos.rb b/lib/jwt/algos.rb
@@ -1,12 +1,6 @@
 # frozen_string_literal: true
 
-begin
-  require 'rbnacl'
-rescue LoadError
-  raise if defined?(RbNaCl)
-end
 require 'openssl'
-
 require 'jwt/algos/hmac'
 require 'jwt/algos/eddsa'
 require 'jwt/algos/ecdsa'
@@ -20,22 +14,13 @@ module JWT
   module Algos
     extend self
 
-    ALGOS = [Algos::Ecdsa,
+    ALGOS = [Algos::Hmac,
+             Algos::Ecdsa,
              Algos::Rsa,
              Algos::Eddsa,
              Algos::Ps,
              Algos::None,
-             Algos::Unsupported].tap do |l|
-      if ::JWT.rbnacl_6_or_greater?
-        require_relative 'algos/hmac_rbnacl'
-        l.unshift(Algos::HmacRbNaCl)
-      elsif ::JWT.rbnacl?
-        require_relative 'algos/hmac_rbnacl_fixed'
-        l.unshift(Algos::HmacRbNaClFixed)
-      else
-        l.unshift(Algos::Hmac)
-      end
-    end.freeze
+             Algos::Unsupported].freeze
 
     def find(algorithm)
       indexed[algorithm && algorithm.downcase]

diff --git a/lib/jwt/algos/hmac_rbnacl.rb b/lib/jwt/algos/hmac_rbnacl.rb
diff --git a/lib/jwt/algos/hmac_rbnacl_fixed.rb b/lib/jwt/algos/hmac_rbnacl_fixed.rb
diff --git a/spec/jwt/algos/hmac_rbnacl_fixed_spec.rb b/spec/jwt/algos/hmac_rbnacl_fixed_spec.rb
diff --git a/spec/jwt/algos/hmac_rbnacl_spec.rb b/spec/jwt/algos/hmac_rbnacl_spec.rb
diff --git a/spec/jwt_spec.rb b/spec/jwt_spec.rb
@@ -124,10 +124,7 @@
     end
   end
 
-  algorithms = %w[HS256 HS384 HS512]
-  algorithms << 'HS512256' if ::JWT.rbnacl?
-
-  algorithms.each do |alg|
+  %w[HS256 HS384 HS512].each do |alg|
     context "alg: #{alg}" do
       it 'should generate a valid token' do
         token = JWT.encode payload, data[:secret], alg