aspera-cli 4.13.0 → 4.15.0

data/lib/aspera/keychain/macos_security.rb

@@ -3,11 +3,11 @@
 # https://github.com/fastlane-community/security
 require 'aspera/cli/info'
 
-# enhance the gem to support other keychains
+# enhance the gem to support other key chains
 module Aspera
   module Keychain
     module MacosSecurity
-      # keychain based on macOS keychain, using `security` cmmand line
+      # keychain based on macOS keychain, using `security` command line
       class Keychain
         DOMAINS = %i[user system common dynamic].freeze
         LIST_OPTIONS = {
@@ -32,12 +32,12 @@ module Aspera
           getpass:  :g
         }.freeze
         class << self
-          def execute(command, options=nil, supported=nil, lastopt=nil)
+          def execute(command, options=nil, supported=nil, last_opt=nil)
             url = options&.delete(:url)
             if !url.nil?
               uri = URI.parse(url)
               raise 'only https' unless uri.scheme.eql?('https')
-              options[:protocol] = 'htps'
+              options[:protocol] = 'htps' # cspell: disable-line
               raise 'host required in URL' if uri.host.nil?
               options[:server] = uri.host
               options[:path] = uri.path unless ['', '/'].include?(uri.path)
@@ -50,28 +50,28 @@ module Aspera
               cmd.push("-#{supported[k]}")
               cmd.push(v.shellescape) unless v.empty?
             end
-            cmd.push(lastopt) unless lastopt.nil?
+            cmd.push(last_opt) unless last_opt.nil?
             Log.log.debug{"executing>>#{cmd.join(' ')}"}
             result = %x(#{cmd.join(' ')} 2>&1)
             Log.log.debug{"result>>[#{result}]"}
             return result
           end
 
-          def keychains(output)
+          def key_chains(output)
             output.split("\n").collect { |line| new(line.strip.gsub(/^"|"$/, '')) }
           end
 
           def default
-            keychains(execute('default-keychain')).first
+            key_chains(execute('default-keychain')).first
           end
 
           def login
-            keychains(execute('login-keychain')).first
+            key_chains(execute('login-keychain')).first
           end
 
           def list(options={})
             raise ArgumentError, "Invalid domain #{options[:domain]}, expected one of: #{DOMAINS}" unless options[:domain].nil? || DOMAINS.include?(options[:domain])
-            keychains(execute('list-keychains', options, LIST_OPTIONS))
+            key_chains(execute('list-key_chains', options, LIST_OPTIONS))
           end
 
           def by_name(name)
@@ -88,14 +88,14 @@ module Aspera
           [string].pack('H*').force_encoding('UTF-8')
         end
 
-        def password(operation, passtype, options)
+        def password(operation, pass_type, options)
           raise "wrong operation: #{operation}" unless %i[add find delete].include?(operation)
-          raise "wrong passtype: #{passtype}" unless %i[generic internet].include?(passtype)
+          raise "wrong pass_type: #{pass_type}" unless %i[generic internet].include?(pass_type)
           raise 'options shall be Hash' unless options.is_a?(Hash)
           missing = (operation.eql?(:add) ? %i[account service password] : %i[label]) - options.keys
           raise "missing options: #{missing}" unless missing.empty?
           options[:getpass] = '' if operation.eql?(:find)
-          output = self.class.execute("#{operation}-#{passtype}-password", options, ADD_PASS_OPTIONS, @path)
+          output = self.class.execute("#{operation}-#{pass_type}-password", options, ADD_PASS_OPTIONS, @path)
           raise output.gsub(/^.*: /, '') if output.start_with?('security: ')
           return nil unless operation.eql?(:find)
           attributes = {}
@@ -143,7 +143,7 @@ module Aspera
         raise 'not found' if info.nil?
         result = options.clone
         result[:secret] = info['password']
-        result[:description] = info['icmt']
+        result[:description] = info['icmt'] # cspell: disable-line
         return result
       end
 

data/lib/aspera/line_logger.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'aspera/log'
+
+module Aspera
+  # used for logging http
+  class LineLogger
+    def initialize(level)
+      @level = level
+      @buffer = []
+    end
+
+    def <<(string)
+      return if string.nil? || string.empty?
+      if !string.end_with?("\n")
+        @buffer.push(string)
+        return
+      end
+      Log.log.send(@level, @buffer.join('') + string.chomp)
+      @buffer.clear
+    end
+  end
+end

data/lib/aspera/log.rb

@@ -2,17 +2,53 @@
 
 require 'aspera/colors'
 require 'aspera/secret_hider'
+require 'aspera/environment'
 require 'logger'
 require 'pp'
 require 'json'
 require 'singleton'
 
+# extend Ruby logger with trace levels
+class Logger
+  TRACE_MAX = 2
+  # add custom level to logger severity
+  module Severity
+    1.upto(TRACE_MAX).each { |level| const_set("TRACE#{level}", - level)}
+  end
+  # quick access to label
+  SEVERITY_LABEL = Severity.constants.each_with_object({}) { |name, hash| hash[Severity.const_get(name)] = name}
+  def format_severity(severity)
+    SEVERITY_LABEL[severity] || 'ANY'
+  end
+
+  # define methods for a given level
+  def self.make_methods(str_level) # rubocop:disable Style/ClassMethodsDefinitions
+    int_level = ::Logger.const_get(str_level.upcase)
+    str_level = str_level.downcase
+    Kernel.send('lave'.reverse, <<-EOM, nil, __FILE__, __LINE__ + 1)
+      def #{str_level}(message = nil, &block)
+        add(#{int_level}, message, &block)
+      end
+
+      def #{str_level}?
+        level <= #{int_level}
+      end
+
+      def #{str_level}!
+        self.level = #{int_level}
+      end
+    EOM
+  end
+  Logger::Severity.constants.each { |severity| make_methods(severity) }
+end
+
 module Aspera
   # Singleton object for logging
   class Log
     include Singleton
     # where logs are sent to
     LOG_TYPES = %i[stderr stdout syslog].freeze
+    @@format = :json # rubocop:disable Style/ClassVars
     # class methods
     class << self
       # levels are :debug,:info,:warn,:error,fatal,:unknown
@@ -21,24 +57,23 @@ module Aspera
       # get the logger object of singleton
       def log; instance.logger; end
 
-      # dump object in debug mode
+      # dump object suitable for Log.log.debug
       # @param name string or symbol
       # @param format either pp or json format
-      def dump(name, object, format=:json)
-        log.debug do
-          result =
-            case format
-            when :json
-              JSON.pretty_generate(object) rescue PP.pp(object, +'')
-            when :ruby
-              PP.pp(object, +'')
-            else
-              raise 'wrong parameter, expect pp or json'
-            end
-          "#{name.to_s.green} (#{format})=\n#{result}"
-        end
+      def dump(name, object)
+        result =
+          case @@format
+          when :json
+            JSON.pretty_generate(object) rescue PP.pp(object, +'')
+          when :ruby
+            PP.pp(object, +'')
+          else
+            raise 'wrong parameter, expect ruby or json'
+          end
+        "#{name.to_s.green} (#{@@format})=\n#{result}"
       end
 
+      # Capture the output of $stderr and log it at debug level
       def capture_stderr
         real_stderr = $stderr
         $stderr = StringIO.new
@@ -69,16 +104,23 @@ module Aspera
     # change underlying logger, but keep log level
     def logger_type=(new_log_type)
       current_severity_integer = @logger.level unless @logger.nil?
-      current_severity_integer = ENV['AS_LOG_LEVEL'] if current_severity_integer.nil? && ENV.key?('AS_LOG_LEVEL')
+      current_severity_integer = ENV.fetch('AS_LOG_LEVEL', nil) if current_severity_integer.nil? && ENV.key?('AS_LOG_LEVEL')
       current_severity_integer = Logger::Severity::WARN if current_severity_integer.nil?
       case new_log_type
       when :stderr
-        # typed: Logger
         @logger = Logger.new($stderr)
       when :stdout
         @logger = Logger.new($stdout)
       when :syslog
         require 'syslog/logger'
+        # the syslog class automatically creates methods from the severity names
+        # we just need to add the mapping (but syslog lowest is DEBUG)
+        1.upto(Logger::TRACE_MAX).each do |level|
+          Syslog::Logger.const_get(:LEVEL_MAP)[Logger.const_get("TRACE#{level}")] = Syslog::LOG_DEBUG
+        end
+        Logger::Severity.constants.each do |severity|
+          Syslog::Logger.make_methods(severity.downcase)
+        end
         @logger = Syslog::Logger.new(@program_name, Syslog::LOG_LOCAL2)
       else
         raise "unknown log type: #{new_log_type.class} #{new_log_type}"

data/lib/aspera/node.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'aspera/cli/error'
 require 'aspera/fasp/transfer_spec'
 require 'aspera/rest'
 require 'aspera/oauth'
@@ -13,13 +14,22 @@ module Aspera
   class Node < Aspera::Rest
     # permissions
     ACCESS_LEVELS = %w[delete list mkdir preview read rename write].freeze
-    # prefix for ruby code for filter
+    # prefix for ruby code for filter (deprecated)
     MATCH_EXEC_PREFIX = 'exec:'
+    MATCH_TYPES = [String, Proc, Regexp, NilClass].freeze
     HEADER_X_ASPERA_ACCESS_KEY = 'X-Aspera-AccessKey'
     PATH_SEPARATOR = '/'
+    TS_FIELDS_TO_COPY = %w[remote_host remote_user ssh_port fasp_port wss_enabled wss_port].freeze
+    SCOPE_USER = 'user:all'
+    SCOPE_ADMIN = 'admin:all'
+    SCOPE_PREFIX = 'node.'
+    SCOPE_SEPARATOR = ':'
+    SIGNATURE_DELIMITER = '==SIGNATURE=='
+    BEARER_TOKEN_VALIDITY_DEFAULT = 86400
+    BEARER_TOKEN_SCOPE_DEFAULT = SCOPE_USER
 
     # register node special token decoder
-    Oauth.register_decoder(lambda{|token|JSON.parse(Zlib::Inflate.inflate(Base64.decode64(token)).partition('==SIGNATURE==').first)})
+    Oauth.register_decoder(lambda{|token|Node.decode_bearer_token(token)})
 
     # class instance variable, access with accessors on class
     @use_standard_ports = true
@@ -27,16 +37,79 @@ module Aspera
     class << self
       attr_accessor :use_standard_ports
 
-      # for access keys: provide expression to match entry in folder
-      # if no prefix: regex
-      # if prefix: ruby code
-      # if expression is nil, then always match
+      # For access keys: provide expression to match entry in folder
       def file_matcher(match_expression)
-        match_expression ||= "#{MATCH_EXEC_PREFIX}true"
-        if match_expression.start_with?(MATCH_EXEC_PREFIX)
-          return Environment.secure_eval("lambda{|f|#{match_expression[MATCH_EXEC_PREFIX.length..-1]}}")
+        case match_expression
+        when Proc then return match_expression
+        when Regexp then return ->(f){f['name'].match?(match_expression)}
+        when String
+          if match_expression.start_with?(MATCH_EXEC_PREFIX)
+            code = "->(f){#{match_expression[MATCH_EXEC_PREFIX.length..-1]}}"
+            Log.log.warn{"Use of prefix #{MATCH_EXEC_PREFIX} is deprecated (4.15), instead use: @ruby:'#{code}'"}
+            return Environment.secure_eval(code, __FILE__, __LINE__)
+          end
+          return lambda{|f|File.fnmatch(match_expression, f['name'], File::FNM_DOTMATCH)}
+        when NilClass then return ->(_){true}
+        else raise Cli::BadArgument, "Invalid match expression type: #{match_expression.class}"
+        end
+      end
+
+      def file_matcher_from_argument(options)
+        return file_matcher(options.get_next_argument('filter', type: MATCH_TYPES, mandatory: false))
+      end
+
+      # node API scopes
+      def token_scope(access_key, scope)
+        return [SCOPE_PREFIX, access_key, SCOPE_SEPARATOR, scope].join('')
+      end
+
+      def decode_scope(scope)
+        items = scope.split(SCOPE_SEPARATOR, 2)
+        raise "invalid scope: #{scope}" unless items.length.eql?(2)
+        raise "invalid scope: #{scope}" unless items[0].start_with?(SCOPE_PREFIX)
+        return {access_key: items[0][SCOPE_PREFIX.length..-1], scope: items[1]}
+      end
+
+      # Create an Aspera Node bearer token
+      # @param payload [String] JSON payload to be included in the token
+      # @param private_key [OpenSSL::PKey::RSA] Private key to sign the token
+      def bearer_token(access_key:, payload:, private_key:)
+        raise 'payload shall be Hash' unless payload.is_a?(Hash)
+        raise 'missing user_id' unless payload.key?('user_id')
+        raise 'user_id must be a String' unless payload['user_id'].is_a?(String)
+        raise 'user_id must not be empty' if payload['user_id'].empty?
+        raise 'private_key shall be OpenSSL::PKey::RSA' unless private_key.is_a?(OpenSSL::PKey::RSA)
+        # manage convenience parameters
+        expiration_sec = payload['_validity'] || BEARER_TOKEN_VALIDITY_DEFAULT
+        payload.delete('_validity')
+        scope = payload['_scope'] || BEARER_TOKEN_SCOPE_DEFAULT
+        payload.delete('_scope')
+        payload['scope'] ||= token_scope(access_key, scope)
+        payload['auth_type'] ||= 'access_key'
+        payload['expires_at'] ||= (Time.now + expiration_sec).utc.strftime('%FT%TZ')
+        payload_json = JSON.generate(payload)
+        return Base64.strict_encode64(Zlib::Deflate.deflate([
+          payload_json,
+          SIGNATURE_DELIMITER,
+          Base64.strict_encode64(private_key.sign(OpenSSL::Digest.new('sha512'), payload_json)).scan(/.{1,60}/).join("\n"),
+          ''
+        ].join("\n")))
+      end
+
+      def decode_bearer_token(token)
+        return JSON.parse(Zlib::Inflate.inflate(Base64.decode64(token)).partition(SIGNATURE_DELIMITER).first)
+      end
+
+      def bearer_headers(bearer_auth, access_key: nil)
+        # if username is not provided, use the access key from the token
+        if access_key.nil?
+          access_key = Aspera::Node.decode_scope(Aspera::Node.decode_bearer_token(Oauth.bearer_extract(bearer_auth))['scope'])[:access_key]
+          raise "internal error #{access_key}" if access_key.nil?
         end
-        return lambda{|f|f['name'].match(/#{match_expression}/)}
+        return {
+          Aspera::Node::HEADER_X_ASPERA_ACCESS_KEY => access_key,
+          'Authorization'                          => bearer_auth
+        }
       end
     end
 
@@ -51,6 +124,7 @@ module Aspera
     # @param params [Hash] Rest parameters
     # @param app_info [Hash,NilClass] special processing for AoC
     def initialize(params:, app_info: nil, add_tspec: nil)
+      # init Rest
       super(params)
       @app_info = app_info
       # this is added to transfer spec, for instance to add tags (COS)
@@ -84,17 +158,18 @@ module Aspera
       return nil
     end
 
-    # recursively browse in a folder (with non-recursive method)
+    # Recursively browse in a folder (with non-recursive method)
     # sub folders are processed if the processing method returns true
     # @param state [Object] state object sent to processing method
-    # @param method [Symbol] processing method name
     # @param top_file_id [String] file id to start at (default = access key root file id)
     # @param top_file_path [String] path of top folder (default = /)
-    def process_folder_tree(state:, method:, top_file_id:, top_file_path: '/')
+    # @param block [Proc] processing method, arguments: entry, path, state
+    def process_folder_tree(state:, top_file_id:, top_file_path: '/', &block)
       raise 'INTERNAL ERROR: top_file_path not set' if top_file_path.nil?
-      raise "INTERNAL ERROR: Missing method #{method}" unless respond_to?(method)
+      raise 'INTERNAL ERROR: Missing block' unless block
+      # start at top folder
       folders_to_explore = [{id: top_file_id, path: top_file_path}]
-      Log.dump(:folders_to_explore, folders_to_explore)
+      Log.log.debug{Log.dump(:folders_to_explore, folders_to_explore)}
       until folders_to_explore.empty?
         current_item = folders_to_explore.shift
         Log.log.debug{"searching #{current_item[:path]}".bg_green}
@@ -106,12 +181,12 @@ module Aspera
             Log.log.warn{"#{current_item[:path]}: #{e.class} #{e.message}"}
             []
           end
-        Log.dump(:folder_contents, folder_contents)
+        Log.log.debug{Log.dump(:folder_contents, folder_contents)}
         folder_contents.each do |entry|
           relative_path = File.join(current_item[:path], entry['name'])
-          Log.log.debug{"looking #{relative_path}".bg_green}
+          Log.log.debug{"process_folder_tree checking #{relative_path}"}
           # continue only if method returns true
-          next unless send(method, entry, relative_path, state)
+          next unless yield(entry, relative_path, state)
           # entry type is file, folder or link
           case entry['type']
           when 'folder'
@@ -119,85 +194,74 @@ module Aspera
           when 'link'
             node_id_to_node(entry['target_node_id'])&.process_folder_tree(
               state:         state,
-              method:        method,
               top_file_id:   entry['target_id'],
-              top_file_path: relative_path)
+              top_file_path: relative_path,
+              &block)
           end
         end
       end
     end # process_folder_tree
 
-    # processing method to resolve a file path to id
-    # @returns true if processing need to continue
-    def process_resolve_node_path(entry, _path, state)
-      # stop digging here if not in right path
-      return false unless entry['name'].eql?(state[:path].first)
-      # ok it matches, so we remove the match
-      state[:path].shift
-      case entry['type']
-      when 'file'
-        # file must be terminal
-        raise "#{entry['name']} is a file, expecting folder to find: #{state[:path]}" unless state[:path].empty?
-        # it's terminal, we found it
-        state[:result] = {api: self, file_id: entry['id']}
-        return false
-      when 'folder'
-        if state[:path].empty?
-          # we found it
-          state[:result] = {api: self, file_id: entry['id']}
-          return false
-        end
-      when 'link'
-        if state[:path].empty?
-          # we found it
-          other_node = node_id_to_node(entry['target_node_id'])
-          raise 'cannot resolve link' if other_node.nil?
-          state[:result] = {api: other_node, file_id: entry['target_id']}
-          return false
-        end
-      else
-        Log.log.warn{"Unknown element type: #{entry['type']}"}
-      end
-      # continue to dig folder
-      return true
-    end
-
     # Navigate the path from given file id
     # @param top_file_id [String] id initial file id
     # @param path [String]  file path
     # @return [Hash] {.api,.file_id}
     def resolve_api_fid(top_file_id, path)
       raise 'file id shall be String' unless top_file_id.is_a?(String)
+      process_last_link = path.end_with?(PATH_SEPARATOR)
       path_elements = path.split(PATH_SEPARATOR).reject(&:empty?)
       return {api: self, file_id: top_file_id} if path_elements.empty?
       resolve_state = {path: path_elements, result: nil}
-      process_folder_tree(state: resolve_state, method: :process_resolve_node_path, top_file_id: top_file_id)
-      raise "entry not found: #{resolve_state[:path]}" if resolve_state[:result].nil?
-      return resolve_state[:result]
-    end
-
-    # add entry to list if test block is success
-    # @return [TrueClass,FalseClass]
-    def process_find_files(entry, path, state)
-      begin
-        # add to result if match filter
-        state[:found].push(entry.merge({'path' => path})) if state[:test_block].call(entry)
-        # process link
-        if entry[:type].eql?('link')
-          other_node = node_id_to_node(entry['target_node_id'])
-          other_node.process_folder_tree(state: state, method: process_find_files, top_file_id: entry['target_id'], top_file_path: path)
+      process_folder_tree(state: resolve_state, top_file_id: top_file_id) do |entry, _path, state|
+        # this block is called recursively for each entry in folder
+        # stop digging here if not in right path
+        next false unless entry['name'].eql?(state[:path].first)
+        # ok it matches, so we remove the match
+        state[:path].shift
+        case entry['type']
+        when 'file'
+          # file must be terminal
+          raise "#{entry['name']} is a file, expecting folder to find: #{state[:path]}" unless state[:path].empty?
+          # it's terminal, we found it
+          state[:result] = {api: self, file_id: entry['id']}
+          next false
+        when 'folder'
+          if state[:path].empty?
+            # we found it
+            state[:result] = {api: self, file_id: entry['id']}
+            next false
+          end
+        when 'link'
+          if state[:path].empty?
+            if process_last_link
+              # we found it
+              other_node = node_id_to_node(entry['target_node_id'])
+              raise 'cannot resolve link' if other_node.nil?
+              state[:result] = {api: other_node, file_id: entry['target_id']}
+            else
+              # we found it but we do not process the link
+              state[:result] = {api: self, file_id: entry['id']}
+            end
+            next false
+          end
+        else
+          Log.log.warn{"Unknown element type: #{entry['type']}"}
         end
-      rescue StandardError => e
-        Log.log.error{"#{path}: #{e.message}"}
+        # continue to dig folder
+        next true
       end
-      # process all folders
-      return true
+      raise "entry not found: #{resolve_state[:path]}" if resolve_state[:result].nil?
+      return resolve_state[:result]
     end
 
     def find_files(top_file_id, test_block)
       Log.log.debug{"find_files: file id=#{top_file_id}"}
       find_state = {found: [], test_block: test_block}
-      process_folder_tree(state: find_state, method: :process_find_files, top_file_id: top_file_id)
+      process_folder_tree(state: find_state, top_file_id: top_file_id) do |entry, path, state|
+        state[:found].push(entry.merge({'path' => path})) if state[:test_block].call(entry)
+        # test all files deeply
+        true
+      end
       return find_state[:found]
     end
 
@@ -212,6 +276,8 @@ module Aspera
       case params[:auth][:type]
       when :basic
         ak_name = params[:auth][:username]
+        raise 'ERROR: no secret in node object' unless params[:auth][:password]
+        ak_token = Rest.basic_token(params[:auth][:username], params[:auth][:password])
       when :oauth2
         ak_name = params[:headers][HEADER_X_ASPERA_ACCESS_KEY]
         # TODO: token_generation_lambda = lambda{|do_refresh|oauth_token(force_refresh: do_refresh)}
@@ -235,39 +301,38 @@ module Aspera
       add_tspec_info(transfer_spec)
       transfer_spec.deep_merge!(ts_merge) unless ts_merge.nil?
       # add application specific tags (AoC)
-      the_app = app_info
-      the_app[:api].add_ts_tags(transfer_spec: transfer_spec, app_info: the_app) unless the_app.nil?
-      # add basic token
-      if transfer_spec['token'].nil?
-        ts_basic_token(transfer_spec)
-      end
+      app_info[:api].add_ts_tags(transfer_spec: transfer_spec, app_info: app_info) unless app_info.nil?
       # add remote host info
       if self.class.use_standard_ports
         # get default TCP/UDP ports and transfer user
         transfer_spec.merge!(Fasp::TransferSpec::AK_TSPEC_BASE)
         # by default: same address as node API
         transfer_spec['remote_host'] = URI.parse(params[:base_url]).host
+        # AoC allows specification of other url
         if !@app_info.nil? && !@app_info[:node_info]['transfer_url'].nil? && !@app_info[:node_info]['transfer_url'].empty?
           transfer_spec['remote_host'] = @app_info[:node_info]['transfer_url']
         end
+        info = read('info')[:data]
+        # get the transfer user from info on access key
+        transfer_spec['remote_user'] = info['transfer_user'] if info['transfer_user']
+        # get settings from name.value array to hash key.value
+        settings = info['settings']&.each_with_object({}){|i, h|h[i['name']] = i['value']}
+        # check WSS ports
+        %w[wss_enabled wss_port].each do |i|
+          transfer_spec[i] = settings[i] if settings.key?(i)
+        end if settings.is_a?(Hash)
       else
-        # retrieve values from API
-        std_t_spec = create(
+        # retrieve values from API (and keep a copy/cache)
+        @std_t_spec_cache ||= create(
           'files/download_setup',
           {transfer_requests: [{ transfer_request: {paths: [{'source' => '/'}] } }] }
         )[:data]['transfer_specs'].first['transfer_spec']
         # copy some parts
-        %w[remote_host remote_user ssh_port fasp_port wss_enabled wss_port].each {|i| transfer_spec[i] = std_t_spec[i] if std_t_spec.key?(i)}
+        TS_FIELDS_TO_COPY.each {|i| transfer_spec[i] = @std_t_spec_cache[i] if @std_t_spec_cache.key?(i)}
       end
+      Log.log.warn{"Expected transfer user: #{Fasp::TransferSpec::ACCESS_KEY_TRANSFER_USER}, but have #{transfer_spec['remote_user']}"} \
+        unless transfer_spec['remote_user'].eql?(Fasp::TransferSpec::ACCESS_KEY_TRANSFER_USER)
       return transfer_spec
     end
-
-    # set basic token in transfer spec
-    def ts_basic_token(ts)
-      Log.log.warn{"Expected transfer user: #{Fasp::TransferSpec::ACCESS_KEY_TRANSFER_USER}, but have #{ts['remote_user']}"} \
-        unless ts['remote_user'].eql?(Fasp::TransferSpec::ACCESS_KEY_TRANSFER_USER)
-      raise 'ERROR: no secret in node object' unless params[:auth][:password]
-      ts['token'] = Rest.basic_creds(params[:auth][:username], params[:auth][:password])
-    end
   end
 end