aspera-cli 4.18.0 → 4.19.0

data/lib/aspera/cli/plugins/shares.rb

@@ -7,7 +7,10 @@ module Aspera
     module Plugins
       # Plugin for Aspera Shares v1
       class Shares < Cli::BasicAuthPlugin
-        NODE_API_PREFIX = 'node_api'
+        # path for node API after base url
+        NODE_API_PATH = 'node_api'
+        # path for node admin after base url
+        ADMIN_API_PATH = 'api/v1'
         class << self
           def detect(address_or_url)
             address_or_url = "https://#{address_or_url}" unless address_or_url.match?(%r{^[a-z]{1,6}://})
@@ -16,7 +19,7 @@ module Aspera
             begin
               # shall fail: shares requires auth, but we check error message
               # TODO: use ping instead ?
-              api.read("#{NODE_API_PREFIX}/app")
+              api.read("#{NODE_API_PATH}/app")
             rescue RestCallError => e
               if e.response.code.to_s.eql?('401') && e.response.body.eql?('{"error":{"user_message":"API user authentication failed"}}')
                 found = true
@@ -65,7 +68,7 @@ module Aspera
             nagios = Nagios.new
             begin
               res = Rest
-                .new(base_url: "#{options.get_option(:url, mandatory: true)}/#{NODE_API_PREFIX}")
+                .new(base_url: "#{options.get_option(:url, mandatory: true)}/#{NODE_API_PATH}")
                 .call(
                   operation: 'GET',
                   subpath: 'ping',
@@ -77,13 +80,13 @@ module Aspera
             end
             return nagios.result
           when :repository, :files
-            api_shares_node = basic_auth_api(NODE_API_PREFIX)
+            api_shares_node = basic_auth_api(NODE_API_PATH)
             repo_command = options.get_next_command(Node::COMMANDS_SHARES)
             return Node
                 .new(**init_params, api: api_shares_node)
                 .execute_action(repo_command)
           when :admin
-            api_shares_admin = basic_auth_api('api/v1')
+            api_shares_admin = basic_auth_api(ADMIN_API_PATH)
             admin_command = options.get_next_command(%i[node share transfer_settings user group].freeze)
             case admin_command
             when :node
@@ -92,8 +95,9 @@ module Aspera
               share_command = options.get_next_command(%i[user_permissions group_permissions].concat(Plugin::ALL_OPS))
               case share_command
               when *Plugin::ALL_OPS
-                return entity_command(share_command, api_shares_admin, 'data/shares')
-                # return {type: :object_list, data: all_shares, fields: %w[id name status status_message]}
+                return entity_command(
+                  share_command, api_shares_admin, 'data/shares',
+                  display_fields: %w[id name node_id directory percent_free])
               when :user_permissions, :group_permissions
                 share_id = instance_identifier
                 return entity_action(api_shares_admin, "data/shares/#{share_id}/#{share_command}")

data/lib/aspera/cli/special_values.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Aspera
+  module Cli
+    # base class for plugins modules
+    module SpecialValues
+      # special values
+      INIT = 'INIT'
+      ALL = 'ALL'
+      DEF = 'DEF'
+    end
+  end
+end

data/lib/aspera/cli/sync_actions.rb

@@ -7,11 +7,30 @@ module Aspera
   module Cli
     # Module for sync actions
     module SyncActions
-      SIMPLE_ARGUMENTS_SYNC = {
-        direction:  Transfer::Sync::DIRECTIONS,
-        local_dir:  String,
-        remote_dir: String
-      }.stringify_keys.freeze
+      # optional simple command line arguments for sync
+      # in Array to keep option order
+      # conf: key in option --conf
+      # args: key for command line args
+      # values: possible values for argument
+      # type: type for validation
+      SYNC_ARGUMENTS_INFO = [
+        {
+          conf:   'direction',
+          args:   'direction',
+          values: Transfer::Sync::DIRECTIONS
+        }, {
+          conf: 'remote.path',
+          args: 'remote_dir',
+          type: String
+        }, {
+          conf: 'local.path',
+          args: 'local_dir',
+          type: String
+        }
+      ].freeze
+      # name of minimal arguments required, also used to generate a session name
+      SYNC_SIMPLE_ARGS = SYNC_ARGUMENTS_INFO.map{|i|i[:conf]}.freeze
+      private_constant :SYNC_ARGUMENTS_INFO, :SYNC_SIMPLE_ARGS
 
       class << self
         def declare_options(options)
@@ -19,45 +38,67 @@ module Aspera
         end
       end
 
+      # Read command line arguments (3) and converts to sync_info format
+      def sync_args_to_params(async_params)
+        # sync session parameters can be provided on command line instead of sync_info
+        arguments = {}
+        SYNC_ARGUMENTS_INFO.each do |info|
+          value = options.get_next_argument(
+            info[:conf],
+            mandatory: false,
+            validation: info[:type],
+            accept_list: info[:values])
+          break if value.nil?
+          arguments[info[:conf]] = value.to_s
+        end
+        Log.log.debug{Log.dump('arguments', arguments)}
+        raise Cli::BadArgument, "Provide 0 or 3 arguments, not #{arguments.keys.length} for: #{SYNC_SIMPLE_ARGS.join(', ')}" unless
+          [0, 3].include?(arguments.keys.length)
+        if !arguments.empty?
+          session_info = async_params
+          param_path = :conf
+          if async_params.key?('sessions') || async_params.key?('instance')
+            async_params['sessions'] ||= [{}]
+            Aspera.assert(async_params['sessions'].length == 1){'Only one session is supported with arguments'}
+            session_info = async_params['sessions'][0]
+            param_path = :args
+          end
+          SYNC_ARGUMENTS_INFO.each do |info|
+            key_path = info[param_path].split('.')
+            hash_for_key = session_info
+            if key_path.length > 1
+              first = key_path.shift
+              async_params[first] ||= {}
+              hash_for_key = async_params[first]
+            end
+            raise "Parameter #{info[:conf]} is also set in sync_info, remove from sync_info" if hash_for_key.key?(key_path.last)
+            hash_for_key[key_path.last] = arguments[info[:conf]]
+          end
+          if !session_info.key?('name')
+            # if no name is specified, generate one from simple arguments
+            session_info['name'] = SYNC_SIMPLE_ARGS.map do |arg_name|
+              arguments[arg_name]&.gsub(/[^a-zA-Z0-9]/, '')
+            end.compact.reject(&:empty?).join('_')
+          end
+        end
+      end
+
       def execute_sync_action(&block)
         Aspera.assert(block){'No block given'}
         command = options.get_next_command(%i[start admin])
         # try to get 3 arguments as simple arguments
         case command
         when :start
-          simple_session_args = {}
-          SIMPLE_ARGUMENTS_SYNC.each do |arg, check|
-            value = options.get_next_argument(
-              arg,
-              type: check.is_a?(Class) ? check : nil,
-              expected: check.is_a?(Class) ? :single : check,
-              mandatory: false)
-            break if value.nil?
-            simple_session_args[arg] = value.to_s
-          end
-          async_params = nil
-          if simple_session_args.empty?
-            async_params = options.get_option(:sync_info, mandatory: true)
-          else
-            raise Cli::BadArgument,
-              "Provide zero or 3 arguments: #{SIMPLE_ARGUMENTS_SYNC.keys.join(',')}" unless simple_session_args.keys.sort == SIMPLE_ARGUMENTS_SYNC.keys.sort
-            async_params = options.get_option(
-              :sync_info,
-              mandatory: false,
-              default: {'sessions' => [{'name' => File.basename(simple_session_args['local_dir'])}]})
-            Aspera.assert_type(async_params, Hash){'sync_info'}
-            Aspera.assert_type(async_params['sessions'], Array){'sync_info[sessions]'}
-            Aspera.assert_type(async_params['sessions'].first, Hash){'sync_info[sessions][0]'}
-            async_params['sessions'].first.merge!(simple_session_args)
-          end
-          Log.log.debug{Log.dump('async_params', async_params)}
+          # possibilities are:
+          async_params = options.get_option(:sync_info, default: {})
+          sync_args_to_params(async_params)
           Transfer::Sync.start(async_params, &block)
           return Main.result_success
         when :admin
           command2 = options.get_next_command([:status])
           case command2
           when :status
-            sync_session_name = options.get_next_argument('name of sync session', mandatory: false, type: String)
+            sync_session_name = options.get_next_argument('name of sync session', mandatory: false, validation: String)
             async_params = options.get_option(:sync_info, mandatory: true)
             return {type: :single_object, data: Transfer::Sync.admin_status(async_params, sync_session_name)}
           end

data/lib/aspera/cli/transfer_agent.rb

@@ -116,6 +116,7 @@ module Aspera
           # by default do not display ascp native progress bar
           agent_options[:quiet] = true unless agent_options.key?(:quiet)
           agent_options[:check_ignore_cb] = ->(host, port){@config.ignore_cert?(host, port)}
+          # JRuby
           agent_options[:trusted_certs] = @config.trusted_cert_locations unless agent_options.key?(:trusted_certs)
         when :httpgw
           unless agent_options.key?(:url) || @httpgw_url_lambda.nil?
@@ -175,7 +176,7 @@ module Aspera
         when nil, FILE_LIST_FROM_ARGS
           Log.log.debug('getting file list as parameters')
           # get remaining arguments
-          file_list = @opt_mgr.get_next_argument('source file list', expected: :multiple)
+          file_list = @opt_mgr.get_next_argument('source file list', multiple: true)
           raise Cli::BadArgument, 'specify at least one file on command line or use ' \
             "--sources=#{FILE_LIST_FROM_TRANSFER_SPEC} to use transfer spec" if !file_list.is_a?(Array) || file_list.empty?
         when FILE_LIST_FROM_TRANSFER_SPEC
@@ -244,7 +245,7 @@ module Aspera
         updated_ts(transfer_spec)
         # if TS from app has content_protection (e.g. F5), that means content is protected: ask password if not provided
         if transfer_spec['content_protection'].eql?('decrypt') && !transfer_spec.key?('content_protection_password')
-          transfer_spec['content_protection_password'] = @opt_mgr.prompt_user_input('content protection password', true)
+          transfer_spec['content_protection_password'] = @opt_mgr.prompt_user_input('content protection password', sensitive: true)
         end
         # create transfer agent
         agent_instance.start_transfer(transfer_spec, token_regenerator: rest_token)

data/lib/aspera/cli/transfer_progress.rb

@@ -25,7 +25,7 @@ module Aspera
       end
 
       def event(session_id:, type:, info: nil)
-        Log.log.debug{"progress: #{type} #{session_id} #{info}"}
+        Log.log.trace1{"progress: #{type} #{session_id} #{info}"}
         Aspera.assert(!session_id.nil? || type.eql?(:pre_start)){'session_id is nil'}
         return if @completed
         if @progress_bar.nil?

data/lib/aspera/cli/version.rb

@@ -4,6 +4,6 @@ module Aspera
   module Cli
     # for beta add extension : .beta1
     # for dev version add extension : .pre
-    VERSION = '4.18.0'
+    VERSION = '4.19.0'
   end
 end

data/lib/aspera/environment.rb

@@ -4,17 +4,22 @@
 require 'aspera/log'
 require 'aspera/assert'
 require 'rbconfig'
+require 'singleton'
+require 'English'
 
 # cspell:words MEBI mswin bccwin
 
 module Aspera
   # detect OS, architecture, and specific stuff
   class Environment
+    include Singleton
+    USER_INTERFACES = %i[text graphical].freeze
+
     OS_WINDOWS = :windows
-    OS_X = :osx
+    OS_MACOS = :osx
     OS_LINUX = :linux
     OS_AIX = :aix
-    OS_LIST = [OS_WINDOWS, OS_X, OS_LINUX, OS_AIX].freeze
+    OS_LIST = [OS_WINDOWS, OS_MACOS, OS_LINUX, OS_AIX].freeze
     CPU_X86_64 = :x86_64
     CPU_ARM64 = :arm64
     CPU_PPC64 = :ppc64
@@ -27,7 +32,6 @@ module Aspera
     BYTES_PER_MEBIBIT = MEBI / BITS_PER_BYTE
 
     class << self
-      @terminal_supports_unicode = nil
       def ruby_version
         return RbConfig::CONFIG['RUBY_PROGRAM_VERSION']
       end
@@ -37,7 +41,7 @@ module Aspera
         when /mswin/, /msys/, /mingw/, /cygwin/, /bccwin/, /wince/, /emc/
           return OS_WINDOWS
         when /darwin/, /mac os/
-          return OS_X
+          return OS_MACOS
         when /linux/
           return OS_LINUX
         when /aix/
@@ -62,10 +66,13 @@ module Aspera
         raise "Unknown CPU: #{RbConfig::CONFIG['host_cpu']}"
       end
 
+      # normalized architecture name
+      # see constants: OS_* and CPU_*
       def architecture
         return "#{os}-#{cpu}"
       end
 
+      # executable file extension for current OS
       def exe_extension
         return '.exe' if os.eql?(OS_WINDOWS)
         return ''
@@ -79,6 +86,7 @@ module Aspera
         Log.log.debug{"Windows: set HOME to USERPROFILE: #{Dir.home}"}
       end
 
+      # empty variable binding for secure eval
       def empty_binding
         return Kernel.binding
       end
@@ -88,7 +96,29 @@ module Aspera
         Kernel.send('lave'.reverse, code, empty_binding, file, line)
       end
 
-      # value is provided in block
+      # start process in background, or raise exception
+      # caller can call Process.wait on returned value
+      def secure_spawn(env:, exec:, args:, log_only: false)
+        Log.log.debug do
+          [
+            'execute:'.red,
+            env.map{|k, v| "#{k}=#{Shellwords.shellescape(v)}"},
+            Shellwords.shellescape(exec),
+            args.map{|a|Shellwords.shellescape(a)}
+          ].flatten.join(' ')
+        end
+        return if log_only
+        # start ascp in separate process
+        ascp_pid = Process.spawn(env, [exec, exec], *args, close_others: true)
+        Log.log.debug{"pid: #{ascp_pid}"}
+        return ascp_pid
+      end
+
+      # Write content to a file, with restricted access
+      # @param path [String] the file path
+      # @param force [Boolean] if true, overwrite the file
+      # @param mode [Integer] the file mode (permissions)
+      # @block [Proc] return the content to write to the file
       def write_file_restricted(path, force: false, mode: nil)
         Aspera.assert(block_given?, exception_class: Aspera::InternalError)
         if force || !File.exist?(path)
@@ -101,6 +131,7 @@ module Aspera
         return path
       end
 
+      # restrict access to a file or folder to user only
       def restrict_file_access(path, mode: nil)
         if mode.nil?
           # or FileUtils ?
@@ -117,15 +148,77 @@ module Aspera
         Log.log.warn(e.message)
       end
 
+      # @return true if we are in a terminal
       def terminal?
         $stdout.tty?
       end
 
-      # @return true if we can display Unicode characters
+      # @return :text or :graphical depending on the environment
+      def default_gui_mode
+        # assume not remotely connected on macos and windows
+        return :graphical if [Environment::OS_WINDOWS, Environment::OS_MACOS].include?(Environment.os)
+        # unix family
+        return :graphical if ENV.key?('DISPLAY') && !ENV['DISPLAY'].empty?
+        return :text
+      end
+
+      # open a URI in a graphical browser
+      # command must be non blocking
+      def open_uri_graphical(uri)
+        case Environment.os
+        when Environment::OS_MACOS then return system('open', uri.to_s)
+        when Environment::OS_WINDOWS then return system('start', 'explorer', %Q{"#{uri}"})
+        when Environment::OS_LINUX   then return system('xdg-open', uri.to_s)
+        else
+          raise "no graphical open method for #{Environment.os}"
+        end
+      end
+
+      # open a file in an editor
+      def open_editor(file_path)
+        if ENV.key?('EDITOR')
+          system(ENV['EDITOR'], file_path.to_s)
+        elsif Environment.os.eql?(Environment::OS_WINDOWS)
+          system('notepad.exe', %Q{"#{file_path}"})
+        else
+          open_uri_graphical(file_path.to_s)
+        end
+      end
+    end
+    attr_accessor :url_method
+
+    def initialize
+      @url_method = self.class.default_gui_mode
+      @terminal_supports_unicode = nil
+    end
+
+          # @return true if we can display Unicode characters
+      # https://www.gnu.org/software/libc/manual/html_node/Locale-Categories.html
+      # https://pubs.opengroup.org/onlinepubs/7908799/xbd/envvar.html
       def terminal_supports_unicode?
-        @terminal_supports_unicode = terminal? && ENV.values_at('LC_ALL', 'LC_CTYPE', 'LANG').compact.first.include?('UTF-8') if @terminal_supports_unicode.nil?
+        @terminal_supports_unicode = self.class.terminal? && %w(LC_ALL LC_CTYPE LANG).any?{|var|ENV[var]&.include?('UTF-8')} if @terminal_supports_unicode.nil?
         return @terminal_supports_unicode
       end
+
+
+    # Allows a user to open a Url
+    # if method is "text", then URL is displayed on terminal
+    # if method is "graphical", then the URL will be opened with the default browser.
+    # this is non blocking
+    def open_uri(the_url)
+      case @url_method
+      when :graphical
+        self.class.open_uri_graphical(the_url)
+      when :text
+        case the_url.to_s
+        when /^http/
+          puts "USER ACTION: please enter this url in a browser:\n#{the_url.to_s.red}\n"
+        else
+          puts "USER ACTION: open this:\n#{the_url.to_s.red}\n"
+        end
+      else
+        raise StandardError, "unsupported url open method: #{@url_method}"
+      end
     end
   end
 end

data/lib/aspera/faspex_gw.rb

@@ -29,7 +29,7 @@ module Aspera
         'recipients'   => faspex_pkg_delivery['recipients'],
         'workspace_id' => @app_context
       }
-      created_package = @app_api.create_package_simple(package_data, true, @new_user_option)
+      created_package = @app_api.create_package_simple(package_data, true, nil)
       # but we place it in a Faspex package creation response
       return {
         'links'         => { 'status' => 'unused' },

data/lib/aspera/keychain/encrypted_hash.rb

@@ -16,10 +16,12 @@ module Aspera
       FILE_TYPE = 'encrypted_hash_vault'
       CONTENT_KEYS = %i[label username password url description].freeze
       FILE_KEYS = %w[version type cipher data].sort.freeze
+      private_constant :LEGACY_CIPHER_NAME, :DEFAULT_CIPHER_NAME, :FILE_TYPE, :CONTENT_KEYS, :FILE_KEYS
       def initialize(path, current_password)
         Aspera.assert_type(path, String){'path to vault file'}
         @path = path
         @all_secrets = {}
+        @cipher_name = DEFAULT_CIPHER_NAME
         vault_encrypted_data = nil
         if File.exist?(@path)
           vault_file = File.read(@path)

data/lib/aspera/log.rb

@@ -6,6 +6,7 @@ require 'logger'
 require 'pp'
 require 'json'
 require 'singleton'
+require 'stringio'
 
 old_verbose = $VERBOSE
 $VERBOSE = nil

data/lib/aspera/node_simulator.rb

@@ -39,7 +39,7 @@ module Aspera
         set_json_response(response, {
           application:                           'node',
           current_time:                          Time.now.utc.iso8601(0),
-          version:                               info['ascp_version'].gsub(/ .*$/, ''),
+          version:                               info['sdk_ascp_version'].gsub(/ .*$/, ''),
           license_expiration_date:               info['expiration_date'],
           license_max_rate:                      info['maximum_bandwidth'],
           os:                                    %x(uname -srv).chomp,

data/lib/aspera/oauth/jwt.rb

@@ -35,7 +35,7 @@ module Aspera
       def create_token
         require 'jwt'
         seconds_since_epoch = Time.new.to_i
-        Log.log.info{"seconds=#{seconds_since_epoch}"}
+        Log.log.debug{"seconds_since_epoch=#{seconds_since_epoch}"}
         jwt_payload = {
           exp: seconds_since_epoch + OAuth::Factory.instance.parameters[:jwt_expiry_offset_sec], # expiration time
           nbf: seconds_since_epoch - OAuth::Factory.instance.parameters[:jwt_accepted_offset_sec], # not before

data/lib/aspera/oauth/url_json.rb

@@ -6,6 +6,8 @@ module Aspera
   module OAuth
     # This class is used to create a token using a JSON body and a URL
     class UrlJson < Base
+      # @param url  URL to send the JSON body
+      # @param json JSON body to send
       def initialize(
         url:,
         json:,

data/lib/aspera/oauth/web.rb

@@ -1,15 +1,15 @@
 # frozen_string_literal: true
 
 require 'aspera/oauth/base'
-require 'aspera/open_application'
+require 'aspera/environment'
 require 'aspera/web_auth'
 require 'aspera/assert'
 module Aspera
   module OAuth
     # Authentication using Web browser
     class Web < Base
-      # @param g_o:redirect_uri    [M] for type :web
-      # @param g_o:path_authorize  [D] for type :web
+      # @param redirect_uri    url to receive the code after auth (to be exchanged for token)
+      # @param path_authorize  path to login page on web app
       def initialize(
         redirect_uri:,
         path_authorize: 'authorize',
@@ -21,11 +21,12 @@ module Aspera
         uri = URI.parse(@redirect_uri)
         Aspera.assert(%w[http https].include?(uri.scheme)){'redirect_uri scheme must be http or https'}
         Aspera.assert(!uri.port.nil?){'redirect_uri must have a port'}
-        # TODO: we could check that host is localhost or local address
+        # TODO: we could check that host is localhost or local address, as we are going to listen locally
       end
 
       def create_token
-        random_state = SecureRandom.uuid # used to check later
+        # generate secure state to check later
+        random_state = SecureRandom.uuid
         login_page_url = Rest.build_uri(
           "#{@base_url}/#{@path_authorize}",
           optional_scope_client_id.merge(response_type: 'code', redirect_uri: @redirect_uri, state: random_state))
@@ -34,7 +35,7 @@ module Aspera
         # start a web server to receive request code
         web_server = WebAuth.new(@redirect_uri)
         # start browser on login page
-        OpenApplication.instance.uri(login_page_url)
+        Environment.instance.open_uri(login_page_url)
         # wait for code in request
         received_params = web_server.received_request
         Aspera.assert(random_state.eql?(received_params['state'])){'wrong received state'}

data/lib/aspera/rest.rb

@@ -12,7 +12,7 @@ require 'json'
 require 'base64'
 require 'cgi'
 
-# add cancel method to http
+# Cancel method for HTTP
 class Net::HTTP::Cancel < Net::HTTPRequest # rubocop:disable Style/ClassAndModuleChildren
   METHOD = 'CANCEL'
   REQUEST_HAS_BODY  = false
@@ -24,12 +24,16 @@ module Aspera
   # rest call errors are raised as exception RestCallError
   # and error are analyzed in RestErrorAnalyzer
   class Rest
-    # global settings also valid for any subclass
+    # Global settings also valid for any subclass
+    # @param user_agent [String] HTTP request header: 'User-Agent'
+    # @param download_partial_suffix [String] suffix for partial download
+    # @param session_cb [lambda] lambda called on new HTTP session. Takes the Net::HTTP as arg. Used to change parameters on creation.
+    # @param progress_bar [Object] progress bar object
     @@global = { # rubocop:disable Style/ClassVars
-      user_agent:              'Ruby',          # goes to HTTP request header: 'User-Agent'
-      download_partial_suffix: '.http_partial', # suffix for partial download
-      session_cb:              nil,             # a lambda which takes the Net::HTTP as arg, use this to change parameters
-      progress_bar:            nil # progress bar object
+      user_agent:              'RubyAsperaRest',
+      download_partial_suffix: '.http_partial',
+      session_cb:              nil,
+      progress_bar:            nil
     }
 
     # flag for array parameters prefixed with []
@@ -44,9 +48,10 @@ module Aspera
     JSON_DECODE = ['application/json', 'application/vnd.api+json', 'application/x-javascript'].freeze
 
     class << self
+      # @return [String] Basic auth token
       def basic_token(user, pass); return "Basic #{Base64.strict_encode64("#{user}:#{pass}")}"; end
 
-      # used to build a parameter list prefixed with "[]"
+      # Build a parameter list prefixed with "[]"
       # @param values [Array] list of values
       def array_params(values)
         return [ARRAY_PARAMS].concat(values)
@@ -56,7 +61,7 @@ module Aspera
         return values.first.eql?(ARRAY_PARAMS)
       end
 
-      # build URI from URL and parameters and check it is http or https, encode array [] parameters
+      # Build URI from URL and parameters and check it is http or https, encode array [] parameters
       def build_uri(url, query_hash=nil)
         uri = URI.parse(url)
         Aspera.assert(%w[http https].include?(uri.scheme)){"REST endpoint shall be http/s not #{uri.scheme}"}
@@ -82,8 +87,16 @@ module Aspera
         return uri
       end
 
+      # decode query string as hash
+      # Does not support arrays in query string, no standard, e.g. PHP's way is p[]=1&p[]=2
+      # @param query [String] query string
+      # @return [Hash] decoded query
       def decode_query(query)
-        URI.decode_www_form(query).each_with_object({}){|v, h|h[v.first] = v.last }
+        URI.decode_www_form(query).each_with_object({}) do |pair, h|
+          key = pair.first
+          raise "Array not supported in query string: #{key}" if key.include?('[]') || h.key?(key)
+          h[key] = pair.last
+        end
       end
 
       # Start a HTTP/S session, also used for web sockets
@@ -141,6 +154,17 @@ module Aspera
       def user_agent
         return @@global[:user_agent]
       end
+
+      def parse_header(header)
+        type, *params = header.split(/;\s*/)
+        parameters = params.map do |param|
+          one = param.split(/=\s*/)
+          one[0] = one[0].to_sym
+          one[1] = one[1].gsub(/\A"|"\z/, '')
+          one
+        end.to_h
+        { type: type.downcase, parameters: parameters }
+      end
     end
 
     private
@@ -185,8 +209,12 @@ module Aspera
       headers: nil
     )
       Aspera.assert_type(base_url, String)
-      # base url with max one trailing slashes (note: string may be frozen)
-      @base_url = base_url.gsub(%r{//+$}, '/')
+      # base url with no trailing slashes (note: string may be frozen)
+      @base_url = base_url.gsub(%r{/+$}, '')
+      # remove trailing port if it is 443 and scheme is https
+      @base_url = @base_url.gsub(/:443$/, '') if @base_url.start_with?('https://')
+      @base_url = @base_url.gsub(/:80$/, '') if @base_url.start_with?('http://')
+      Log.log.debug{"Rest.new(#{@base_url})"}
       # default is no auth
       @auth_params = auth.nil? ? {type: :none} : auth
       Aspera.assert_type(@auth_params, Hash)
@@ -265,7 +293,7 @@ module Aspera
       begin
         # TODO: shall we percent encode subpath (spaces) test with access key delete with space in id
         # URI.escape()
-        separator = !['', '/'].include?(subpath) || @base_url.end_with?('/') ? '/' : ''
+        separator = ['', '/'].include?(subpath) ? '' : '/'
         uri = self.class.build_uri("#{@base_url}#{separator}#{subpath}", query)
         Log.log.debug{"URI=#{uri}"}
         begin
@@ -305,7 +333,7 @@ module Aspera
         # make http request (pipelined)
         http_session.request(req) do |response|
           result[:http] = response
-          result_mime = (result[:http]['Content-Type'] || 'text/plain').split(';').first.downcase
+          result_mime = self.class.parse_header(result[:http]['Content-Type'] || 'text/plain')[:type]
           # JSON data needs to be parsed, in case it contains an error code
           if !save_to_file.nil? &&
               result[:http].code.to_s.start_with?('2') &&
@@ -315,8 +343,11 @@ module Aspera
             Log.log.debug('before write file')
             target_file = save_to_file
             # override user's path to path in header
-            if !response['Content-Disposition'].nil? && (m = response['Content-Disposition'].match(/filename="([^"]+)"/))
-              target_file = File.join(File.dirname(target_file), m[1])
+            if !response['Content-Disposition'].nil?
+              disposition = self.class.parse_header(response['Content-Disposition'])
+              if disposition[:parameters].key?(:filename)
+                target_file = File.join(File.dirname(target_file), disposition[:parameters][:filename])
+              end
             end
             # download with temp filename
             target_file_tmp = "#{target_file}#{@@global[:download_partial_suffix]}"