aspera-cli 4.14.0 → 4.15.0

data/bin/ascli

@@ -1,29 +1,38 @@
-#!/usr/bin/env ruby -EUTF-8:UTF-8
+#!/usr/bin/env ruby
 # frozen_string_literal: true
 
-require 'rubygems'
-require 'securerandom'
-# compute gem root based on  this script location
-GEM_ROOT = File.realpath(File.join(File.dirname(File.realpath(__FILE__)), '..'))
+Encoding.default_internal = Encoding::UTF_8
+Encoding.default_external = Encoding::UTF_8
 # coverage for tests
 if ENV.key?('ENABLE_COVERAGE')
   require 'simplecov'
-  SimpleCov.root(GEM_ROOT)
+  require 'securerandom'
+  # compute gem source root based on this script location, assuming it is in bin/
+  # use dirname instead of gsub, in case folder separator is not /
+  development_root = File.dirname(File.dirname(File.realpath(__FILE__)))
+  SimpleCov.root(development_root)
   SimpleCov.enable_for_subprocesses if SimpleCov.respond_to?(:enable_for_subprocesses)
   # keep cache data for 1 day (must be longer that time to run the whole test suite)
   SimpleCov.merge_timeout(86400)
   SimpleCov.command_name(SecureRandom.uuid)
   SimpleCov.at_exit do
     original_file_descriptor = $stdout
-    $stdout.reopen(File.join(GEM_ROOT, 'simplecov.log'))
+    $stdout.reopen(File.join(development_root, 'simplecov.log'))
     SimpleCov.result.format!
     $stdout.reopen(original_file_descriptor)
   end
   SimpleCov.start
 end
 # if in development, add path to gem
-$LOAD_PATH.unshift(File.join(GEM_ROOT, 'lib'))
-require 'aspera/cli/main'
+#
+begin
+  require 'aspera/cli/main'
+rescue LoadError
+  # development environment
+  development_root = File.dirname(File.dirname(File.realpath(__FILE__)))
+  $LOAD_PATH.unshift(File.join(development_root, 'lib'))
+  require 'aspera/cli/main'
+end
 require 'aspera/environment'
 Aspera::Environment.fix_home
 Aspera::Cli::Main.new(ARGV).process_command_line

data/bin/asession

@@ -2,16 +2,16 @@
 # frozen_string_literal: true
 
 # Laurent Martin/2017
-$LOAD_PATH.unshift(File.dirname(__FILE__) + '/../lib')
+$LOAD_PATH.unshift("#{File.dirname(__FILE__)}/../lib")
 require 'aspera/fasp/agent_direct'
-require 'aspera/cli/listener/line_dump'
 require 'aspera/cli/extended_value'
 require 'aspera/log'
 require 'json'
-# extended transfer spec parameter to change log level
-TS_LOGLEVEL = 'EX_loglevel'
+# extended transfer spec parameter (only used in asession)
+# Change log level
+TS_LOG_LEVEL = 'EX_loglevel'
 # by default go to /tmp/username.filelist
-TS_TMP_FILELIST_FOLDER = 'EX_file_list_folder'
+TS_TMP_FILE_LIST_FOLDER = 'EX_file_list_folder'
 
 SAMPLE_DEMO = '"remote_host":"demo.asperasoft.com","remote_user":"asperaweb","ssh_port":33001,"remote_password":"demoaspera"'
 SAMPLE_DEMO2 = '"direction":"receive","destination_root":"./test.dir"'
@@ -34,7 +34,7 @@ def assert_usage(assertion, error_message)
   $stderr.puts('       {"type":"START","source":"/aspera-test-dir-tiny/200KB.2"}')
   $stderr.puts('       {"type":"START","source":"xx","destination":"yy"}')
   $stderr.puts('       {"type":"DONE"}')
-  $stderr.puts(%Q(Note: debug information can be placed on STDERR, using the "#{TS_LOGLEVEL}" parameter in transfer spec (debug=0)))
+  $stderr.puts(%Q(Note: debug information can be placed on STDERR, using the "#{TS_LOG_LEVEL}" parameter in transfer spec (debug=0)))
   $stderr.puts('EXAMPLES')
   $stderr.puts(%Q(    asession @json:'{#{SAMPLE_DEMO},#{SAMPLE_DEMO2},"paths":[{"source":"/aspera-test-dir-tiny/200KB.1"}]}'))
   $stderr.puts(%q(    echo '{"remote_host":...}'|asession @json:@stdin))
@@ -60,19 +60,17 @@ end
 # ensure right type
 assert_usage(transfer_spec.is_a?(Hash), "the value must be a hash table#{parameter_source_err_msg}")
 # additional debug capability
-if transfer_spec.key?(TS_LOGLEVEL)
-  Aspera::Log.instance.level = transfer_spec[TS_LOGLEVEL]
-  transfer_spec.delete(TS_LOGLEVEL)
+if transfer_spec.key?(TS_LOG_LEVEL)
+  Aspera::Log.instance.level = transfer_spec[TS_LOG_LEVEL]
+  transfer_spec.delete(TS_LOG_LEVEL)
 end
 # possibly override temp folder
-if transfer_spec.key?(TS_TMP_FILELIST_FOLDER)
-  Aspera::Fasp::Parameters.file_list_folder = transfer_spec[TS_TMP_FILELIST_FOLDER]
-  transfer_spec.delete(TS_TMP_FILELIST_FOLDER)
+if transfer_spec.key?(TS_TMP_FILE_LIST_FOLDER)
+  Aspera::Fasp::Parameters.file_list_folder = transfer_spec[TS_TMP_FILE_LIST_FOLDER]
+  transfer_spec.delete(TS_TMP_FILE_LIST_FOLDER)
 end
 # get local agent (ascp), disable ascp output on stdout to not mix with JSON events
 client = Aspera::Fasp::AgentDirect.new({quiet: true})
-# display JSON instead of legacy Lines
-client.add_listener(Aspera::Cli::Listener::LineDump.new)
 # start transfer (asynchronous)
 job_id = client.start_transfer(transfer_spec)
 # async commands

data/examples/proxy.pac

@@ -1,4 +1,4 @@
-/* demo proxy pac for ascli */
+/* demo proxy pac for `ascli` */
 function FindProxyForURL(url, host) {
 	/* Normalize the URL for pattern matching */
 	url = url.toLowerCase();

data/lib/aspera/aoc.rb

@@ -5,6 +5,7 @@ require 'aspera/rest'
 require 'aspera/hash_ext'
 require 'aspera/data_repository'
 require 'aspera/fasp/transfer_spec'
+require 'aspera/node'
 require 'base64'
 require 'cgi'
 
@@ -27,9 +28,9 @@ module Aspera
   class AoC < Aspera::Rest
     PRODUCT_NAME = 'Aspera on Cloud'
     # Production domain of AoC
-    PROD_DOMAIN = 'ibmaspera.com'
+    PROD_DOMAIN = 'ibmaspera.com' # cspell:disable-line
     # to avoid infinite loop in pub link redirection
-    MAX_REDIRECT = 10
+    MAX_AOC_URL_REDIRECT = 10
     # Well-known AoC globals client apps
     GLOBAL_CLIENT_APPS = %w[aspera.global-cli-client aspera.drive].freeze
     # index offset in data repository of client app
@@ -37,7 +38,7 @@ module Aspera
     # cookie prefix so that console can decode identity
     COOKIE_PREFIX_CONSOLE_AOC = 'aspera.aoc'
     # path in URL of public links
-    PUBLIC_LINK_PATHS = %w[/packages/public/receive /packages/public/send /files/public].freeze
+    PUBLIC_LINK_PATHS = %w[/packages/public/receive /packages/public/send /files/public /public/files /public/send].freeze
     JWT_AUDIENCE = 'https://api.asperafiles.com/api/v1/oauth2/token'
     OAUTH_API_SUBPATH = 'api/v1/oauth2'
     # minimum fields for user info if retrieval fails
@@ -45,8 +46,9 @@ module Aspera
     # types of events for shared folder creation
     # Node events: permission.created permission.modified permission.deleted
     PERMISSIONS_CREATED = ['permission.created'].freeze
+    DEFAULT_WORKSPACE = ''
 
-    private_constant :MAX_REDIRECT,
+    private_constant :MAX_AOC_URL_REDIRECT,
       :GLOBAL_CLIENT_APPS,
       :DATA_REPO_INDEX_START,
       :COOKIE_PREFIX_CONSOLE_AOC,
@@ -62,8 +64,6 @@ module Aspera
     SCOPE_FILES_ADMIN = 'admin:all'
     SCOPE_FILES_ADMIN_USER = 'admin-user:all'
     SCOPE_FILES_ADMIN_USER_USER = "#{SCOPE_FILES_ADMIN_USER}+#{SCOPE_FILES_USER}"
-    SCOPE_NODE_USER = 'user:all'
-    SCOPE_NODE_ADMIN = 'admin:all'
     FILES_APP = 'files'
     PACKAGES_APP = 'packages'
     API_V1 = 'api/v1'
@@ -77,20 +77,6 @@ module Aspera
         return client_name, Base64.urlsafe_encode64(DataRepository.instance.data(DATA_REPO_INDEX_START + client_index))
       end
 
-      # @param url of AoC instance
-      # @return organization id in url and AoC domain: ibmaspera.com, asperafiles.com or qa.asperafiles.com, etc...
-      def parse_url(aoc_org_url)
-        uri = URI.parse(aoc_org_url.gsub(%r{/+$}, ''))
-        instance_fqdn = uri.host
-        Log.log.debug{"instance_fqdn=#{instance_fqdn}"}
-        raise "No host found in URL.Please check URL format: https://myorg.#{PROD_DOMAIN}" if instance_fqdn.nil?
-        organization, instance_domain = instance_fqdn.split('.', 2)
-        Log.log.debug{"instance_domain=#{instance_domain}"}
-        Log.log.debug{"organization=#{organization}"}
-        raise "expecting a public FQDN for #{PRODUCT_NAME}" if instance_domain.nil?
-        return organization, instance_domain
-      end
-
       # base API url depends on domain, which could be "qa.xxx"
       def api_base_url(organization: 'api', api_domain: PROD_DOMAIN)
         return "https://#{organization}.#{api_domain}"
@@ -99,118 +85,131 @@ module Aspera
       def metering_api(entitlement_id, customer_id, api_domain=PROD_DOMAIN)
         return Rest.new({
           base_url: "#{api_base_url(api_domain: api_domain)}/metering/v1",
-          headers:  {'X-Aspera-Entitlement-Authorization' => Rest.basic_creds(entitlement_id, customer_id)}
+          headers:  {'X-Aspera-Entitlement-Authorization' => Rest.basic_token(entitlement_id, customer_id)}
         })
       end
 
-      # node API scopes
-      def node_scope(access_key, scope)
-        return "node.#{access_key}:#{scope}"
+      # split host of http://myorg.asperafiles.com in org and domain
+      def url_parts(uri)
+        raise "No host found in URL.Please check URL format: https://myorg.#{PROD_DOMAIN}" if uri.host.nil?
+        parts = uri.host.split('.', 2)
+        raise "expecting a public FQDN for #{PRODUCT_NAME}" unless parts.length == 2
+        return parts
       end
 
-      # check option "link"
-      # if present try to get token value (resolve redirection if short links used)
-      # then set options url/token/auth
-      def resolve_pub_link(a_auth, a_opt)
-        public_link_url = a_opt[:link]
-        return if public_link_url.nil?
-        raise 'do not use both link and url options' unless a_opt[:url].nil?
-        redirect_count = 0
-        while redirect_count <= MAX_REDIRECT
-          uri = URI.parse(public_link_url)
-          # detect if it's an expected format
-          if PUBLIC_LINK_PATHS.include?(uri.path)
-            url_param_token_pair = URI.decode_www_form(uri.query).find{|e|e.first.eql?('token')}
-            raise ArgumentError, 'link option must be URL with "token" parameter' if url_param_token_pair.nil?
-            # ok we get it !
-            a_opt[:url] = 'https://' + uri.host
-            a_auth[:grant_method] = :aoc_pub_link
-            a_auth[:aoc_pub_link] = {
-              url:  {grant_type: 'url_token'}, # URL args
-              json: {url_token: url_param_token_pair.last} # JSON body
-            }
-            # password protection of link
-            a_auth[:aoc_pub_link][:json][:password] = a_opt[:password] unless a_opt[:password].nil?
-            return # SUCCESS
+      # @param url [String] URL of AoC public link
+      # @return [Hash] information about public link, or nil if not a public link
+      def link_info(url)
+        final_uri = Rest.new({base_url: url, redirect_max: MAX_AOC_URL_REDIRECT}).read('')[:http].uri
+        raise 'AoC shall redirect to login page' if final_uri.query.nil?
+        decoded_query = Rest.decode_query(final_uri.query)
+        # is that a public link ?
+        if decoded_query.key?('token')
+          Log.log.warn{"Unknown pub link path: #{final_uri.path}"} unless PUBLIC_LINK_PATHS.include?(final_uri.path)
+          # ok we get it !
+          return {
+            instance_domain: url_parts(final_uri)[1],
+            url:             'https://' + final_uri.host,
+            token:           decoded_query['token']
+          }
+        end
+        Log.log.debug{"path=#{final_uri.path} does not end with /login"} unless final_uri.path.end_with?('/login')
+        if decoded_query['state']
+          # can be a private link
+          state_uri = URI.parse(decoded_query['state'])
+          if state_uri.query && decoded_query['redirect_uri']
+            decoded_state = Rest.decode_query(state_uri.query)
+            if decoded_state.key?('short_link_url')
+              if (m = state_uri.path.match(%r{/files/workspaces/([0-9]+)/all/([0-9]+):([0-9]+)}))
+                redirect_uri = URI.parse(decoded_query['redirect_uri'])
+                parts = url_parts(redirect_uri)
+                return {
+                  instance_domain: parts[1],
+                  organization:    parts[0],
+                  url:             'https://' + redirect_uri.host,
+                  private_link:    {
+                    workspace_id: m[1],
+                    node_id:      m[2],
+                    file_id:      m[3]
+                  }
+                }
+              end
+            end
           end
-          Log.log.debug{"no expected format: #{public_link_url}"}
-          r = Net::HTTP.get_response(uri)
-          # not a redirection
-          raise ArgumentError, 'link option must be redirect or have token parameter' unless r.code.start_with?('3')
-          public_link_url = r['location']
-          raise 'no location in redirection' if public_link_url.nil?
-          Log.log.debug{"redirect to: #{public_link_url}"}
-        end # loop
-        raise "exceeded max redirection: #{MAX_REDIRECT}"
+        end
+        parts = url_parts(URI.parse(url))
+        return {
+          instance_domain: parts[1],
+          organization:    parts[0]
+        }
       end
     end # static methods
 
-    # CLI options that are also options to initialize
-    OPTIONS_NEW = %i[link url auth client_id client_secret scope redirect_uri private_key passphrase username password].freeze
-
-    # @param any of OPTIONS_NEW + subpath
-    def initialize(opt)
-      raise ArgumentError, 'Missing mandatory option: scope' if opt[:scope].nil?
+    attr_reader :private_link
 
+    def initialize(subpath: API_V1, url:, auth:, client_id: nil, client_secret: nil, scope: nil, redirect_uri: nil, private_key: nil, passphrase: nil, username: nil,
+      password: nil, workspace: nil, secret_finder: nil)
+      # test here because link may set url
+      raise ArgumentError, 'Missing mandatory option: url' if url.nil?
+      raise ArgumentError, 'Missing mandatory option: scope' if scope.nil?
+      # default values for client id
+      client_id, client_secret = self.class.get_client_info if client_id.nil?
       # access key secrets are provided out of band to get node api access
       # key: access key
       # value: associated secret
-      @secret_finder = nil
+      @secret_finder = secret_finder
+      @workspace_name = workspace
       @cache_user_info = nil
       @cache_url_token_info = nil
-
       # init rest params
       aoc_rest_p = {auth: {type: :oauth2}}
       # shortcut to auth section
       aoc_auth_p = aoc_rest_p[:auth]
-
-      # sets opt[:url], aoc_rest_p[:auth][:grant_method], [:auth][:aoc_pub_link] if there is a link
-      self.class.resolve_pub_link(aoc_auth_p, opt)
-
-      # test here because link may set url
-      raise ArgumentError, 'Missing mandatory option: url' if opt[:url].nil?
-
-      # get org name and domain from url
-      organization, instance_domain = self.class.parse_url(opt[:url])
+      # analyze type of url
+      url_info = AoC.link_info(url)
+      Log.log.debug{Log.dump(:url_info, url_info)}
+      @private_link = url_info[:private_link]
+      aoc_auth_p[:grant_method] = if url_info.key?(:token)
+        :aoc_pub_link
+      else
+        raise ArgumentError, 'Missing mandatory option: auth' if auth.nil?
+        auth
+      end
       # this is the base API url
-      api_url_base = self.class.api_base_url(api_domain: instance_domain)
+      api_url_base = self.class.api_base_url(api_domain: url_info[:instance_domain])
       # API URL, including subpath (version ...)
-      aoc_rest_p[:base_url] = "#{api_url_base}/#{opt[:subpath]}"
-      # base auth URL
-      aoc_auth_p[:base_url] = "#{api_url_base}/#{OAUTH_API_SUBPATH}/#{organization}"
-      aoc_auth_p[:client_id] = opt[:client_id]
-      aoc_auth_p[:client_secret] = opt[:client_secret]
-      aoc_auth_p[:scope] = opt[:scope]
-
-      # filled if pub link
-      if !aoc_auth_p.key?(:grant_method)
-        raise ArgumentError, 'Missing mandatory option: auth' if opt[:auth].nil?
-        aoc_auth_p[:grant_method] = opt[:auth]
-      end
-
-      if aoc_auth_p[:client_id].nil?
-        aoc_auth_p[:client_id], aoc_auth_p[:client_secret] = self.class.get_client_info
-      end
+      aoc_rest_p[:base_url] = "#{api_url_base}/#{subpath}"
+      # auth URL
+      aoc_auth_p[:base_url] = "#{api_url_base}/#{OAUTH_API_SUBPATH}/#{url_info[:organization]}"
+      aoc_auth_p[:client_id] = client_id
+      aoc_auth_p[:client_secret] = client_secret
+      aoc_auth_p[:scope] = scope
 
       # fill other auth parameters based on Oauth method
       case aoc_auth_p[:grant_method]
       when :web
-        raise ArgumentError, 'Missing mandatory option: redirect_uri' if opt[:redirect_uri].nil?
-        aoc_auth_p[:web] = {redirect_uri: opt[:redirect_uri]}
+        raise ArgumentError, 'Missing mandatory option: redirect_uri' if redirect_uri.nil?
+        aoc_auth_p[:web] = {redirect_uri: redirect_uri}
       when :jwt
-        raise ArgumentError, 'Missing mandatory option: private_key' if opt[:private_key].nil?
-        raise ArgumentError, 'Missing mandatory option: username' if opt[:username].nil?
+        raise ArgumentError, 'Missing mandatory option: private_key' if private_key.nil?
+        raise ArgumentError, 'Missing mandatory option: username' if username.nil?
         aoc_auth_p[:jwt] = {
-          private_key_obj: OpenSSL::PKey::RSA.new(opt[:private_key], opt[:passphrase]),
+          private_key_obj: OpenSSL::PKey::RSA.new(private_key, passphrase),
           payload:         {
-            iss: aoc_auth_p[:client_id],  # issuer
-            sub: opt[:username],          # subject
+            iss: aoc_auth_p[:client_id], # issuer
+            sub: username, # subject
             aud: JWT_AUDIENCE
           }
         }
         # add jwt payload for global ids
-        aoc_auth_p[:jwt][:payload][:org] = organization if GLOBAL_CLIENT_APPS.include?(aoc_auth_p[:client_id])
+        aoc_auth_p[:jwt][:payload][:org] = url_info[:organization] if GLOBAL_CLIENT_APPS.include?(aoc_auth_p[:client_id])
       when :aoc_pub_link
+        aoc_auth_p[:aoc_pub_link] = {
+          url:  {grant_type: 'url_token'}, # URL arguments
+          json: {url_token: url_info[:token]} # JSON body
+        }
+        # password protection of link
+        aoc_auth_p[:aoc_pub_link][:json][:password] = password unless password.nil?
         # basic auth required for /token
         aoc_auth_p[:auth] = {type: :basic, username: aoc_auth_p[:client_id], password: aoc_auth_p[:client_secret]}
       else raise "ERROR: unsupported auth method: #{aoc_auth_p[:grant_method]}"
@@ -218,7 +217,7 @@ module Aspera
       super(aoc_rest_p)
     end
 
-    def url_token_data
+    def public_link
       return nil unless params[:auth][:grant_method].eql?(:aoc_pub_link)
       return @cache_url_token_info unless @cache_url_token_info.nil?
       # TODO: can there be several in list ?
@@ -226,41 +225,104 @@ module Aspera
       return @cache_url_token_info
     end
 
-    def additional_persistence_ids
-      return [current_user_info['id']] if url_token_data.nil?
-      return [] # TODO : url_token_data['id'] ?
+    def assert_public_link_types(expected)
+      raise "public link type is #{public_link['purpose']} but action requires one of #{expected.join(',')}" unless expected.include?(public_link['purpose'])
     end
 
-    def secret_finder=(secret_finder)
-      raise 'secret finder already set' unless @secret_finder.nil?
-      raise 'secret finder must have lookup_secret' unless secret_finder.respond_to?(:lookup_secret)
-      @secret_finder = secret_finder
+    def additional_persistence_ids
+      return [current_user_info['id']] if public_link.nil?
+      return [] # TODO : public_link['id'] ?
     end
 
+    # def secret_finder=(secret_finder)
+    #  raise 'secret finder already set' unless @secret_finder.nil?
+    #  raise 'secret finder must have lookup_secret' unless secret_finder.respond_to?(:lookup_secret)
+    #  @secret_finder = secret_finder
+    # end
+
     # cached user information
     def current_user_info(exception: false)
-      if @cache_user_info.nil?
-        # get our user's default information
-        @cache_user_info =
-          begin
-            read('self')[:data]
-          rescue StandardError => e
-            raise e if exception
-            Log.log.debug{"ignoring error: #{e}"}
-            {}
-          end
-        USER_INFO_FIELDS_MIN.each{|f|@cache_user_info[f] = 'unknown' if @cache_user_info[f].nil?}
-      end
+      return @cache_user_info unless @cache_user_info.nil?
+      # get our user's default information
+      @cache_user_info =
+        begin
+          read('self')[:data]
+        rescue StandardError => e
+          raise e if exception
+          Log.log.debug{"ignoring error: #{e}"}
+          {}
+        end
+      USER_INFO_FIELDS_MIN.each{|f|@cache_user_info[f] = 'unknown' if @cache_user_info[f].nil?}
       return @cache_user_info
     end
 
+    # @param application [Symbol] :files or :packages
+    # @return [Hash] current context information: workspace, and home node/file if app is "Files"
+    def context(application = nil)
+      return @context_cache unless @context_cache.nil?
+      raise 'context must be initialized with application' if application.nil?
+      ws_id =
+        if !public_link.nil?
+          Log.log.debug('Using workspace of public link')
+          public_link['data']['workspace_id']
+        elsif !private_link.nil?
+          Log.log.debug('Using workspace of private link')
+          private_link[:workspace_id]
+        elsif @workspace_name.eql?(DEFAULT_WORKSPACE)
+          Log.log.debug('Using default workspace'.green)
+          raise 'User does not have default workspace, please specify workspace' if current_user_info['default_workspace_id'].nil?
+          current_user_info['default_workspace_id']
+        elsif @workspace_name.nil?
+          nil
+        else
+          lookup_by_name('workspaces', @workspace_name)['id']
+        end
+      ws_info =
+        if ws_id.nil?
+          nil
+        else
+          read("workspaces/#{ws_id}")[:data]
+        end
+      @context_cache = if ws_info.nil?
+        {
+          workspace_id:   nil,
+          workspace_name: 'Shared folders'
+        }
+      else
+        {
+          workspace_id:   ws_info['id'],
+          workspace_name: ws_info['name']
+        }
+      end
+      return @context_cache unless application.eql?(:files)
+      if !public_link.nil?
+        assert_public_link_types(['view_shared_file'])
+        @context_cache[:home_node_id] = public_link['data']['node_id']
+        @context_cache[:home_file_id] = public_link['data']['file_id']
+      elsif !private_link.nil?
+        @context_cache[:home_node_id] = private_link[:node_id]
+        @context_cache[:home_file_id] = private_link[:file_id]
+      elsif ws_info
+        @context_cache[:home_node_id] = ws_info['home_node_id']
+        @context_cache[:home_file_id] = ws_info['home_file_id']
+      else
+        # not part of any workspace, but has some folder shared
+        user_info = current_user_info(exception: true) rescue {'read_only_home_node_id' => nil, 'read_only_home_file_id' => nil}
+        @context_cache[:home_node_id] = user_info['read_only_home_node_id']
+        @context_cache[:home_file_id] = user_info['read_only_home_file_id']
+      end
+      raise "Cannot get user's home node id, check your default workspace or specify one" if @context_cache[:home_node_id].to_s.empty?
+      Log.log.debug{Log.dump(:context, @context_cache)}
+      return @context_cache
+    end
+
     # @param node_id [String] identifier of node in AoC
     # @param workspace_id [String] workspace identifier
     # @param workspace_name [String] workspace name
-    # @param scope e.g. SCOPE_NODE_USER, or nil (requires secret)
+    # @param scope e.g. Aspera::Node::SCOPE_USER, or nil (requires secret)
     # @param package_info [Hash] created package information
     # @returns [Aspera::Node] a node API for access key
-    def node_api_from(node_id:, workspace_id: nil, workspace_name: nil, scope: SCOPE_NODE_USER, package_info: nil)
+    def node_api_from(node_id:, workspace_id: nil, workspace_name: nil, scope: Aspera::Node::SCOPE_USER, package_info: nil)
       raise 'invalid type for node_id' unless node_id.is_a?(String)
       node_info = read("nodes/#{node_id}")[:data]
       if workspace_name.nil? && !workspace_id.nil?
@@ -289,7 +351,7 @@ module Aspera
       else
         # OAuth bearer token
         node_rest_params[:auth] = params[:auth].clone
-        node_rest_params[:auth][:scope] = self.class.node_scope(node_info['access_key'], scope)
+        node_rest_params[:auth][:scope] = Aspera::Node.token_scope(node_info['access_key'], scope)
         # special header required for bearer token only
         node_rest_params[:headers] = {Aspera::Node::HEADER_X_ASPERA_ACCESS_KEY => node_info['access_key']}
       end
@@ -311,7 +373,7 @@ module Aspera
       pkg_meta = pkg_data['metadata']
       raise "package requires metadata: #{meta_schema}" unless pkg_data.key?('metadata')
       raise 'metadata must be an Array' unless pkg_meta.is_a?(Array)
-      Log.dump(:metadata, pkg_meta)
+      Log.log.debug{Log.dump(:metadata, pkg_meta)}
       pkg_meta.each do |field|
         raise 'metadata field must be Hash' unless field.is_a?(Hash)
         raise 'metadata field must have name' unless field.key?('name')
@@ -355,7 +417,8 @@ module Aspera
             # unknown user: create it as external user
             full_recipient_info = create('contacts', {
               'current_workspace_id' => ws_id,
-              'email'                => short_recipient_info}.merge(new_user_option))[:data]
+              'email'                => short_recipient_info
+            }.merge(new_user_option))[:data]
           end
           short_recipient_info = if entity_type.eql?('dropboxes')
             {'id' => full_recipient_info['id'], 'type' => 'dropbox'}
@@ -428,7 +491,7 @@ module Aspera
       }
     end
 
-    # Add transferspec
+    # Add transfer spec
     # callback in Aspera::Node (transfer_spec_gen4)
     def add_ts_tags(transfer_spec:, app_info:)
       # translate transfer direction to upload/download
@@ -468,7 +531,10 @@ module Aspera
                 'package_id'        => app_info[:package_id],
                 'package_name'      => app_info[:package_name],
                 'package_operation' => transfer_type
-              }}}})
+              }
+            }
+          }
+        })
       end
       transfer_spec['tags'][Fasp::TransferSpec::TAG_RESERVED]['files']['node_id'] = app_info[:node_info]['id']
       transfer_spec['tags'][Fasp::TransferSpec::TAG_RESERVED]['app'] = app_info[:app]
@@ -497,7 +563,12 @@ module Aspera
                 'shared_by_email'   => current_user_info['email'],
                 # 'shared_with_name'  => access_id,
                 'access_key'        => app_info[:node_info]['access_key'],
-                'node'              => app_info[:node_info]['name']}}}}}
+                'node'              => app_info[:node_info]['name']
+              }
+            }
+          }
+        }
+      }
       create_param.deep_merge!(default_params)
       if create_param.key?('with')
         contact_info = lookup_by_name(