jwt 2.4.1 → 2.6.0

data/lib/jwt/jwk/rsa.rb

@@ -2,16 +2,33 @@
 
 module JWT
   module JWK
-    class RSA < KeyBase
+    class RSA < KeyBase # rubocop:disable Metrics/ClassLength
       BINARY = 2
       KTY    = 'RSA'
-      KTYS   = [KTY, OpenSSL::PKey::RSA].freeze
-      RSA_KEY_ELEMENTS = %i[n e d p q dp dq qi].freeze
+      KTYS   = [KTY, OpenSSL::PKey::RSA, JWT::JWK::RSA].freeze
+      RSA_PUBLIC_KEY_ELEMENTS  = %i[kty n e].freeze
+      RSA_PRIVATE_KEY_ELEMENTS = %i[d p q dp dq qi].freeze
+      RSA_KEY_ELEMENTS = (RSA_PRIVATE_KEY_ELEMENTS + RSA_PUBLIC_KEY_ELEMENTS).freeze
 
-      def initialize(keypair, kid = nil)
-        raise ArgumentError, 'keypair must be of type OpenSSL::PKey::RSA' unless keypair.is_a?(OpenSSL::PKey::RSA)
+      RSA_OPT_PARAMS    = %i[p q dp dq qi].freeze
+      RSA_ASN1_SEQUENCE = (%i[n e d] + RSA_OPT_PARAMS).freeze # https://www.rfc-editor.org/rfc/rfc3447#appendix-A.1.2
 
-        super(keypair, kid || generate_kid(keypair.public_key))
+      def initialize(key, params = nil, options = {})
+        params ||= {}
+
+        # For backwards compatibility when kid was a String
+        params = { kid: params } if params.is_a?(String)
+
+        key_params = extract_key_params(key)
+
+        params = params.transform_keys(&:to_sym)
+        check_jwk(key_params, params)
+
+        super(options, key_params.merge(params))
+      end
+
+      def keypair
+        @keypair ||= self.class.create_rsa_key(jwk_attributes(*(RSA_KEY_ELEMENTS - [:kty])))
       end
 
       def private?
@@ -23,75 +40,124 @@ module JWT
       end
 
       def export(options = {})
-        exported_hash = {
-          kty: KTY,
-          n: encode_open_ssl_bn(public_key.n),
-          e: encode_open_ssl_bn(public_key.e),
-          kid: kid
-        }
-
-        return exported_hash unless private? && options[:include_private] == true
-
-        append_private_parts(exported_hash)
+        exported = parameters.clone
+        exported.reject! { |k, _| RSA_PRIVATE_KEY_ELEMENTS.include? k } unless private? && options[:include_private] == true
+        exported
       end
 
-      private
+      def members
+        RSA_PUBLIC_KEY_ELEMENTS.each_with_object({}) { |i, h| h[i] = self[i] }
+      end
 
-      def generate_kid(public_key)
+      def key_digest
         sequence = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::Integer.new(public_key.n),
                                             OpenSSL::ASN1::Integer.new(public_key.e)])
         OpenSSL::Digest::SHA256.hexdigest(sequence.to_der)
       end
 
-      def append_private_parts(the_hash)
-        the_hash.merge(
-          d: encode_open_ssl_bn(keypair.d),
-          p: encode_open_ssl_bn(keypair.p),
-          q: encode_open_ssl_bn(keypair.q),
-          dp: encode_open_ssl_bn(keypair.dmp1),
-          dq: encode_open_ssl_bn(keypair.dmq1),
-          qi: encode_open_ssl_bn(keypair.iqmp)
-        )
+      def []=(key, value)
+        if RSA_KEY_ELEMENTS.include?(key.to_sym)
+          raise ArgumentError, 'cannot overwrite cryptographic key attributes'
+        end
+
+        super(key, value)
+      end
+
+      private
+
+      def extract_key_params(key)
+        case key
+        when JWT::JWK::RSA
+          key.export(include_private: true)
+        when OpenSSL::PKey::RSA # Accept OpenSSL key as input
+          @keypair = key # Preserve the object to avoid recreation
+          parse_rsa_key(key)
+        when Hash
+          key.transform_keys(&:to_sym)
+        else
+          raise ArgumentError, 'key must be of type OpenSSL::PKey::RSA or Hash with key parameters'
+        end
+      end
+
+      def check_jwk(keypair, params)
+        raise ArgumentError, 'cannot overwrite cryptographic key attributes' unless (RSA_KEY_ELEMENTS & params.keys).empty?
+        raise JWT::JWKError, "Incorrect 'kty' value: #{keypair[:kty]}, expected #{KTY}" unless keypair[:kty] == KTY
+        raise JWT::JWKError, 'Key format is invalid for RSA' unless keypair[:n] && keypair[:e]
+      end
+
+      def parse_rsa_key(key)
+        {
+          kty: KTY,
+          n: encode_open_ssl_bn(key.n),
+          e: encode_open_ssl_bn(key.e),
+          d: encode_open_ssl_bn(key.d),
+          p: encode_open_ssl_bn(key.p),
+          q: encode_open_ssl_bn(key.q),
+          dp: encode_open_ssl_bn(key.dmp1),
+          dq: encode_open_ssl_bn(key.dmq1),
+          qi: encode_open_ssl_bn(key.iqmp)
+        }.compact
+      end
+
+      def jwk_attributes(*attributes)
+        attributes.each_with_object({}) do |attribute, hash|
+          hash[attribute] = decode_open_ssl_bn(self[attribute])
+        end
       end
 
       def encode_open_ssl_bn(key_part)
-        Base64.urlsafe_encode64(key_part.to_s(BINARY), padding: false)
+        return unless key_part
+
+        ::JWT::Base64.url_encode(key_part.to_s(BINARY))
+      end
+
+      def decode_open_ssl_bn(jwk_data)
+        self.class.decode_open_ssl_bn(jwk_data)
       end
 
       class << self
         def import(jwk_data)
-          pkey_params = jwk_attributes(jwk_data, *RSA_KEY_ELEMENTS) do |value|
-            decode_open_ssl_bn(value)
-          end
-          kid = jwk_attributes(jwk_data, :kid)[:kid]
-          new(rsa_pkey(pkey_params), kid)
+          new(jwk_data)
         end
 
-        private
+        def decode_open_ssl_bn(jwk_data)
+          return nil unless jwk_data
 
-        def jwk_attributes(jwk_data, *attributes)
-          attributes.each_with_object({}) do |attribute, hash|
-            value = jwk_data[attribute] || jwk_data[attribute.to_s]
-            value = yield(value) if block_given?
-            hash[attribute] = value
-          end
+          OpenSSL::BN.new(::JWT::Base64.url_decode(jwk_data), BINARY)
         end
 
-        def rsa_pkey(rsa_parameters)
-          raise JWT::JWKError, 'Key format is invalid for RSA' unless rsa_parameters[:n] && rsa_parameters[:e]
+        def create_rsa_key_using_der(rsa_parameters)
+          validate_rsa_parameters!(rsa_parameters)
+
+          sequence = RSA_ASN1_SEQUENCE.each_with_object([]) do |key, arr|
+            next if rsa_parameters[key].nil?
+
+            arr << OpenSSL::ASN1::Integer.new(rsa_parameters[key])
+          end
+
+          if sequence.size > 2 # Append "two-prime" version for private key
+            sequence.unshift(OpenSSL::ASN1::Integer.new(0))
+
+            raise JWT::JWKError, 'Creating a RSA key with a private key requires the CRT parameters to be defined' if sequence.size < RSA_ASN1_SEQUENCE.size
+          end
 
-          populate_key(OpenSSL::PKey::RSA.new, rsa_parameters)
+          OpenSSL::PKey::RSA.new(OpenSSL::ASN1::Sequence(sequence).to_der)
         end
 
-        if OpenSSL::PKey::RSA.new.respond_to?(:set_key)
-          def populate_key(rsa_key, rsa_parameters)
+        def create_rsa_key_using_sets(rsa_parameters)
+          validate_rsa_parameters!(rsa_parameters)
+
+          OpenSSL::PKey::RSA.new.tap do |rsa_key|
             rsa_key.set_key(rsa_parameters[:n], rsa_parameters[:e], rsa_parameters[:d])
             rsa_key.set_factors(rsa_parameters[:p], rsa_parameters[:q]) if rsa_parameters[:p] && rsa_parameters[:q]
             rsa_key.set_crt_params(rsa_parameters[:dp], rsa_parameters[:dq], rsa_parameters[:qi]) if rsa_parameters[:dp] && rsa_parameters[:dq] && rsa_parameters[:qi]
-            rsa_key
           end
-        else
-          def populate_key(rsa_key, rsa_parameters)
+        end
+
+        def create_rsa_key_using_accessors(rsa_parameters) # rubocop:disable Metrics/AbcSize
+          validate_rsa_parameters!(rsa_parameters)
+
+          OpenSSL::PKey::RSA.new.tap do |rsa_key|
             rsa_key.n = rsa_parameters[:n]
             rsa_key.e = rsa_parameters[:e]
             rsa_key.d = rsa_parameters[:d] if rsa_parameters[:d]
@@ -100,15 +166,24 @@ module JWT
             rsa_key.dmp1 = rsa_parameters[:dp] if rsa_parameters[:dp]
             rsa_key.dmq1 = rsa_parameters[:dq] if rsa_parameters[:dq]
             rsa_key.iqmp = rsa_parameters[:qi] if rsa_parameters[:qi]
-
-            rsa_key
           end
         end
 
-        def decode_open_ssl_bn(jwk_data)
-          return nil unless jwk_data
+        def validate_rsa_parameters!(rsa_parameters)
+          return unless rsa_parameters.key?(:d)
+
+          parameters = RSA_OPT_PARAMS - rsa_parameters.keys
+          return if parameters.empty? || parameters.size == RSA_OPT_PARAMS.size
 
-          OpenSSL::BN.new(Base64.urlsafe_decode64(jwk_data), BINARY)
+          raise JWT::JWKError, 'When one of p, q, dp, dq or qi is given all the other optimization parameters also needs to be defined' # https://www.rfc-editor.org/rfc/rfc7518.html#section-6.3.2
+        end
+
+        if ::JWT.openssl_3?
+          alias create_rsa_key create_rsa_key_using_der
+        elsif OpenSSL::PKey::RSA.new.respond_to?(:set_key)
+          alias create_rsa_key create_rsa_key_using_sets
+        else
+          alias create_rsa_key create_rsa_key_using_accessors
         end
       end
     end

data/lib/jwt/jwk/set.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+require 'forwardable'
+
+module JWT
+  module JWK
+    class Set
+      include Enumerable
+      extend Forwardable
+
+      attr_reader :keys
+
+      def initialize(jwks = nil, options = {}) # rubocop:disable Metrics/CyclomaticComplexity
+        jwks ||= {}
+
+        @keys = case jwks
+                when JWT::JWK::Set # Simple duplication
+                  jwks.keys
+                when JWT::JWK::KeyBase # Singleton
+                  [jwks]
+                when Hash
+                  jwks = jwks.transform_keys(&:to_sym)
+                  [*jwks[:keys]].map { |k| JWT::JWK.new(k, nil, options) }
+                when Array
+                  jwks.map { |k| JWT::JWK.new(k, nil, options) }
+                else
+                  raise ArgumentError, 'Can only create new JWKS from Hash, Array and JWK'
+        end
+      end
+
+      def export(options = {})
+        { keys: @keys.map { |k| k.export(options) } }
+      end
+
+      def_delegators :@keys, :each, :size, :delete, :dig
+
+      def select!(&block)
+        return @keys.select! unless block
+
+        self if @keys.select!(&block)
+      end
+
+      def reject!(&block)
+        return @keys.reject! unless block
+
+        self if @keys.reject!(&block)
+      end
+
+      def uniq!(&block)
+        self if @keys.uniq!(&block)
+      end
+
+      def merge(enum)
+        @keys += JWT::JWK::Set.new(enum.to_a).keys
+        self
+      end
+
+      def union(enum)
+        dup.merge(enum)
+      end
+
+      def add(key)
+        @keys << JWT::JWK.new(key)
+        self
+      end
+
+      def ==(other)
+        other.is_a?(JWT::JWK::Set) && keys.sort == other.keys.sort
+      end
+
+      alias eql? ==
+      alias filter! select!
+      alias length size
+      # For symbolic manipulation
+      alias | union
+      alias + union
+      alias << add
+    end
+  end
+end

data/lib/jwt/jwk/thumbprint.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWK
+    # https://tools.ietf.org/html/rfc7638
+    class Thumbprint
+      attr_reader :jwk
+
+      def initialize(jwk)
+        @jwk = jwk
+      end
+
+      def generate
+        ::Base64.urlsafe_encode64(
+          Digest::SHA256.digest(
+            JWT::JSON.generate(
+              jwk.members.sort.to_h
+            )
+          ), padding: false
+        )
+      end
+
+      alias to_s generate
+    end
+  end
+end

data/lib/jwt/jwk.rb

@@ -1,23 +1,24 @@
 # frozen_string_literal: true
 
 require_relative 'jwk/key_finder'
+require_relative 'jwk/set'
 
 module JWT
   module JWK
     class << self
-      def import(jwk_data)
-        jwk_kty = jwk_data[:kty] || jwk_data['kty']
-        raise JWT::JWKError, 'Key type (kty) not provided' unless jwk_kty
-
-        mappings.fetch(jwk_kty.to_s) do |kty|
-          raise JWT::JWKError, "Key type #{kty} not supported"
-        end.import(jwk_data)
-      end
+      def create_from(key, params = nil, options = {})
+        if key.is_a?(Hash)
+          jwk_kty = key[:kty] || key['kty']
+          raise JWT::JWKError, 'Key type (kty) not provided' unless jwk_kty
+
+          return mappings.fetch(jwk_kty.to_s) do |kty|
+            raise JWT::JWKError, "Key type #{kty} not supported"
+          end.new(key, params, options)
+        end
 
-      def create_from(keypair, kid = nil)
-        mappings.fetch(keypair.class) do |klass|
+        mappings.fetch(key.class) do |klass|
           raise JWT::JWKError, "Cannot create JWK from a #{klass.name}"
-        end.new(keypair, kid)
+        end.new(key, params, options)
       end
 
       def classes
@@ -26,6 +27,7 @@ module JWT
       end
 
       alias new create_from
+      alias import create_from
 
       private
 

data/lib/jwt/security_utils.rb

@@ -7,17 +7,6 @@ module JWT
   module SecurityUtils
     module_function
 
-    def secure_compare(left, right)
-      left_bytesize = left.bytesize
-
-      return false unless left_bytesize == right.bytesize
-
-      unpacked_left = left.unpack "C#{left_bytesize}"
-      result = 0
-      right.each_byte { |byte| result |= byte ^ unpacked_left.shift }
-      result.zero?
-    end
-
     def verify_rsa(algorithm, public_key, signing_input, signature)
       public_key.verify(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input)
     end
@@ -39,21 +28,5 @@ module JWT
       sig_char = signature[byte_size..-1] || ''
       OpenSSL::ASN1::Sequence.new([sig_bytes, sig_char].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
     end
-
-    def rbnacl_fixup(algorithm, key)
-      algorithm = algorithm.sub('HS', 'SHA').to_sym
-
-      return [] unless defined?(RbNaCl) && RbNaCl::HMAC.constants(false).include?(algorithm)
-
-      authenticator = RbNaCl::HMAC.const_get(algorithm)
-
-      # Fall back to OpenSSL for keys larger than 32 bytes.
-      return [] if key.bytesize > authenticator.key_bytes
-
-      [
-        authenticator,
-        key.bytes.fill(0, key.bytesize...authenticator.key_bytes).pack('C*')
-      ]
-    end
   end
 end

data/lib/jwt/version.rb

@@ -11,13 +11,34 @@ module JWT
     # major version
     MAJOR = 2
     # minor version
-    MINOR = 4
+    MINOR = 6
     # tiny version
-    TINY  = 1
+    TINY  = 0
     # alpha, beta, etc. tag
     PRE   = nil
 
     # Build version string
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
   end
+
+  def self.openssl_3?
+    return false if OpenSSL::OPENSSL_VERSION.include?('LibreSSL')
+    return true if OpenSSL::OPENSSL_VERSION_NUMBER >= 3 * 0x10000000
+  end
+
+  def self.rbnacl?
+    defined?(::RbNaCl)
+  end
+
+  def self.rbnacl_6_or_greater?
+    rbnacl? && ::Gem::Version.new(::RbNaCl::VERSION) >= ::Gem::Version.new('6.0.0')
+  end
+
+  def self.openssl_3_hmac_empty_key_regression?
+    openssl_3? && openssl_version <= ::Gem::Version.new('3.0.0')
+  end
+
+  def self.openssl_version
+    @openssl_version ||= ::Gem::Version.new(OpenSSL::VERSION)
+  end
 end

data/lib/jwt/x5c_key_finder.rb

@@ -47,7 +47,7 @@ module JWT
         x5c_header_or_certificates
       else
         x5c_header_or_certificates.map do |encoded|
-          OpenSSL::X509::Certificate.new(::Base64.strict_decode64(encoded))
+          OpenSSL::X509::Certificate.new(::JWT::Base64.url_decode(encoded))
         end
       end
     end

data/lib/jwt.rb

@@ -1,9 +1,10 @@
 # frozen_string_literal: true
 
-require 'base64'
+require 'jwt/version'
+require 'jwt/base64'
 require 'jwt/json'
 require 'jwt/decode'
-require 'jwt/default_options'
+require 'jwt/configuration'
 require 'jwt/encode'
 require 'jwt/error'
 require 'jwt/jwk'
@@ -13,7 +14,7 @@ require 'jwt/jwk'
 # Should be up to date with the latest spec:
 # https://tools.ietf.org/html/rfc7519
 module JWT
-  include JWT::DefaultOptions
+  extend ::JWT::Configuration
 
   module_function
 
@@ -25,6 +26,6 @@ module JWT
   end
 
   def decode(jwt, key = nil, verify = true, options = {}, &keyfinder) # rubocop:disable Style/OptionalBooleanParameter
-    Decode.new(jwt, key, verify, DEFAULT_OPTIONS.merge(options), &keyfinder).decode_segments
+    Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments
   end
 end

data/ruby-jwt.gemspec

@@ -18,18 +18,22 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 2.5'
   spec.metadata = {
     'bug_tracker_uri' => 'https://github.com/jwt/ruby-jwt/issues',
-    'changelog_uri' => "https://github.com/jwt/ruby-jwt/blob/v#{JWT.gem_version}/CHANGELOG.md"
+    'changelog_uri' => "https://github.com/jwt/ruby-jwt/blob/v#{JWT.gem_version}/CHANGELOG.md",
+    'rubygems_mfa_required' => 'true'
   }
 
-  spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec|gemfiles|coverage|bin)/}) }
+  spec.files = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(spec|gemfiles|coverage|bin)/}) || # Irrelevant folders
+      f.match(/^\.+/) || # Files and folders starting with .
+      f.match(/^(Appraisals|Gemfile|Rakefile)$/) # Irrelevant files
+  end
+
   spec.executables = []
-  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = %w[lib]
 
   spec.add_development_dependency 'appraisal'
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake'
-  spec.add_development_dependency 'reek'
   spec.add_development_dependency 'rspec'
   spec.add_development_dependency 'simplecov'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 2.4.1
+  version: 2.6.0
 platform: ruby
 authors:
 - Tim Rudat
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-06-07 00:00:00.000000000 Z
+date: 2022-12-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: appraisal
@@ -52,20 +52,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: reek
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -101,35 +87,31 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".codeclimate.yml"
-- ".github/workflows/coverage.yml"
-- ".github/workflows/test.yml"
-- ".gitignore"
-- ".reek.yml"
-- ".rspec"
-- ".rubocop.yml"
-- ".sourcelevel.yml"
 - AUTHORS
-- Appraisals
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
-- Gemfile
 - LICENSE
 - README.md
-- Rakefile
 - lib/jwt.rb
 - lib/jwt/algos.rb
+- lib/jwt/algos/algo_wrapper.rb
 - lib/jwt/algos/ecdsa.rb
 - lib/jwt/algos/eddsa.rb
 - lib/jwt/algos/hmac.rb
+- lib/jwt/algos/hmac_rbnacl.rb
+- lib/jwt/algos/hmac_rbnacl_fixed.rb
 - lib/jwt/algos/none.rb
 - lib/jwt/algos/ps.rb
 - lib/jwt/algos/rsa.rb
 - lib/jwt/algos/unsupported.rb
+- lib/jwt/base64.rb
 - lib/jwt/claims_validator.rb
+- lib/jwt/configuration.rb
+- lib/jwt/configuration/container.rb
+- lib/jwt/configuration/decode_configuration.rb
+- lib/jwt/configuration/jwk_configuration.rb
 - lib/jwt/decode.rb
-- lib/jwt/default_options.rb
 - lib/jwt/encode.rb
 - lib/jwt/error.rb
 - lib/jwt/json.rb
@@ -138,9 +120,11 @@ files:
 - lib/jwt/jwk/hmac.rb
 - lib/jwt/jwk/key_base.rb
 - lib/jwt/jwk/key_finder.rb
+- lib/jwt/jwk/kid_as_key_digest.rb
 - lib/jwt/jwk/rsa.rb
+- lib/jwt/jwk/set.rb
+- lib/jwt/jwk/thumbprint.rb
 - lib/jwt/security_utils.rb
-- lib/jwt/signature.rb
 - lib/jwt/verify.rb
 - lib/jwt/version.rb
 - lib/jwt/x5c_key_finder.rb
@@ -150,7 +134,8 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/jwt/ruby-jwt/issues
-  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.4.1/CHANGELOG.md
+  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.6.0/CHANGELOG.md
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths:

data/.codeclimate.yml

@@ -1,8 +0,0 @@
-plugins:
-  fixme:
-    enabled: true
-  shellcheck:
-    enabled: true
-  rubocop:
-    enabled: true
-    channel: rubocop-1-23-0

data/.github/workflows/coverage.yml

@@ -1,27 +0,0 @@
----
-name: coverage
-on:
-  push:
-    branches:
-      - "master"
-jobs:
- coverage:
-    name: coverage
-    runs-on: ubuntu-20.04
-    env:
-      BUNDLE_GEMFILE: 'gemfiles/rbnacl.gemfile'
-      CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
-    steps:
-      - uses: actions/checkout@v2
-      - name: Install libsodium
-        run: |
-          sudo apt-get update -q
-          sudo apt-get install libsodium-dev -y
-      - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: "2.7"
-          bundler-cache: true
-      - uses: paambaati/codeclimate-action@v3.0.0
-        with:
-          coverageCommand: bundle exec rspec