aspera-cli 4.2.2 → 4.3.0

data/lib/aspera/fasp/local.rb

@@ -21,11 +21,12 @@ module Aspera
     ACCESS_KEY_TRANSFER_USER='xfer'
     # executes a local "ascp", connects mgt port, equivalent of "Fasp Manager"
     class Local < Manager
-      # options for initialize
+      # options for initialize (same as values in option transfer_info)
       DEFAULT_OPTIONS = {
         :spawn_timeout_sec => 3,
         :spawn_delay_sec   => 2,
         :wss               => false,
+        :multi_incr_udp    => true,
         :resume            => {}
       }
       DEFAULT_UDP_PORT=33001
@@ -64,21 +65,27 @@ module Aspera
           transfer_spec['EX_ssh_key_paths'] = Installation.instance.bypass_keys
         end
 
-        # TODO: check if changing fasp(UDP) port is really necessary, not clear from doc
-        # compute this before using transfer spec, even if the var is not used in single session
-        multi_session_udp_port_base=DEFAULT_UDP_PORT
-        multi_session_number=0
+        # Compute this before using transfer spec because it potentially modifies the transfer spec
+        # (even if the var is not used in single session)
+        multi_session_info=nil
         if transfer_spec.has_key?('multi_session')
-          multi_session_number=transfer_spec['multi_session'].to_i
-          if multi_session_number < 0
+          multi_session_info={
+            count: transfer_spec['multi_session'].to_i,
+          }
+          # Managed by multi-session, so delete from transfer spec
+          transfer_spec.delete('multi_session')
+          if multi_session_info[:count] < 0
             Log.log.error("multi_session(#{transfer_spec['multi_session']}) shall be integer >= 0")
-            multi_session_number = 0
-          end
-          if multi_session_number > 0
-            # managed here, so delete from transfer spec
-            transfer_spec.delete('multi_session')
-            if transfer_spec.has_key?('fasp_port')
-              multi_session_udp_port_base=transfer_spec['fasp_port']
+            multi_session_info = nil
+          elsif multi_session_info[:count].eql?(0)
+            Log.log.debug("multi_session  count is zero: no multisession")
+            multi_session_info = nil
+          else # multi_session_info[:count] > 0
+            # if option not true: keep default udp port for all sessions
+            if @options[:multi_incr_udp]
+              # override if specified, else use default value
+              multi_session_info[:udp_base]=transfer_spec.has_key?('fasp_port') ? transfer_spec['fasp_port'] : DEFAULT_UDP_PORT
+              # delete from original transfer spec, as we will increment values
               transfer_spec.delete('fasp_port')
             end
           end
@@ -111,22 +118,23 @@ module Aspera
           :options  => job_options  # [Hash]
         }
 
-        if multi_session_number <= 1
+        if multi_session_info.nil?
           Log.log.debug('Starting single session thread')
           # single session for transfer : simple
           session[:thread] = Thread.new(session) {|s|transfer_thread_entry(s)}
           xfer_job[:sessions].push(session)
         else
           Log.log.debug('Starting multi session threads')
-          1.upto(multi_session_number) do |i|
+          1.upto(multi_session_info[:count]) do |i|
+            # do not delay the first session
             sleep(@options[:spawn_delay_sec]) unless i.eql?(1)
             # do deep copy (each thread has its own copy because it is modified here below and in thread)
             this_session=session.clone()
             this_session[:env_args]=this_session[:env_args].clone()
             this_session[:env_args][:args]=this_session[:env_args][:args].clone()
-            this_session[:env_args][:args].unshift("-C#{i}:#{multi_session_number}")
-            # necessary only if server is not linux, i.e. server does not support port re-use
-            this_session[:env_args][:args].unshift('-O',"#{multi_session_udp_port_base+i-1}")
+            this_session[:env_args][:args].unshift("-C#{i}:#{multi_session_info[:count]}")
+            # option: increment (default as per ascp manual) or not (cluster on other side ?)
+            this_session[:env_args][:args].unshift('-O',"#{multi_session_info[:udp_base]+i-1}") if @options[:multi_incr_udp]
             this_session[:thread] = Thread.new(this_session) {|s|transfer_thread_entry(s)}
             xfer_job[:sessions].push(this_session)
           end
@@ -260,6 +268,7 @@ module Aspera
                 Log.log.error('need to regenerate token'.red)
                 if session[:options].is_a?(Hash) and session[:options].has_key?(:regenerate_token)
                   # regenerate token here, expired, or error on it
+                  # Note: in multi-session, each session will have a different one.
                   env_args[:env]['ASPERA_SCP_TOKEN']=session[:options][:regenerate_token].call(true)
                 end
               end
@@ -323,7 +332,7 @@ module Aspera
 
       private
 
-      # @param options : keys(symbol): wss, resume
+      # @param options : keys(symbol): see DEFAULT_OPTIONS
       def initialize(options=nil)
         super()
         # by default no interactive progress bar
@@ -332,7 +341,7 @@ module Aspera
         @jobs={}
         # mutex protects global data accessed by threads
         @mutex=Mutex.new
-        # manage options
+        # set default options and override if specified
         @options=DEFAULT_OPTIONS.clone
         if !options.nil?
           raise "expecting Hash (or nil), but have #{options.class}" unless options.is_a?(Hash)
@@ -340,7 +349,7 @@ module Aspera
             if DEFAULT_OPTIONS.has_key?(k)
               @options[k]=v
             else
-              raise "unknown local agent parameter: #{k}, expect one of #{DEFAULT_OPTIONS.keys.map{|i|i.to_s}.join(",")}"
+              raise "Unknown local agent parameter: #{k}, expect one of #{DEFAULT_OPTIONS.keys.map{|i|i.to_s}.join(",")}"
             end
           end
         end

data/lib/aspera/fasp/node.rb

@@ -7,9 +7,12 @@ module Aspera
     # this singleton class is used by the CLI to provide a common interface to start a transfer
     # before using it, the use must set the `node_api` member.
     class Node < Manager
-      def initialize(node_api)
+      # option include: root_id if the node is an access key
+      attr_writer :options
+      def initialize(node_api,options={})
         super()
         @node_api=node_api
+        @options=options
         # TODO: currently only supports one transfer. This is bad shortcut. but ok for CLI.
         @transfer_id=nil
       end
@@ -32,6 +35,25 @@ module Aspera
 
       # generic method
       def start_transfer(transfer_spec,options=nil)
+        # add root id if access key
+        if @options.has_key?(:root_id)
+          case transfer_spec['direction']
+          when 'send';transfer_spec['source_root_id']=@options[:root_id]
+          when 'receive';transfer_spec['destination_root_id']=@options[:root_id]
+          else raise "unexpected direction in ts: #{transfer_spec['direction']}"
+          end
+        end
+        # manage special additional parameter
+        if transfer_spec.has_key?('EX_ssh_key_paths') and transfer_spec['EX_ssh_key_paths'].is_a?(Array) and !transfer_spec['EX_ssh_key_paths'].empty?
+          # not standard, so place standard field
+          if transfer_spec.has_key?('ssh_private_key')
+            Log.log.warn('Both ssh_private_key and EX_ssh_key_paths are present, using ssh_private_key')
+          else
+            Log.log.warn('EX_ssh_key_paths has multiple keys, using first one only') unless transfer_spec['EX_ssh_key_paths'].length.eql?(1)
+            transfer_spec['ssh_private_key']=File.read(transfer_spec['EX_ssh_key_paths'].first)
+            transfer_spec.delete('EX_ssh_key_paths')
+          end
+        end
         if transfer_spec['tags'].is_a?(Hash) and transfer_spec['tags']['aspera'].is_a?(Hash)
           transfer_spec['tags']['aspera']['xfer_retry']||=150
         end

data/lib/aspera/id_generator.rb

@@ -0,0 +1,22 @@
+require 'uri'
+
+module Aspera
+  class IdGenerator
+    ID_SEPARATOR='_'
+    WINDOWS_PROTECTED_CHAR=%r{[/:"<>\\\*\?]}
+    PROTECTED_CHAR_REPLACE='_'
+    private_constant :ID_SEPARATOR,:PROTECTED_CHAR_REPLACE,:WINDOWS_PROTECTED_CHAR
+    def self.from_list(object_id)
+      if object_id.is_a?(Array)
+        object_id=object_id.select{|i|!i.nil?}.map do |i|
+          (i.is_a?(String) and i.start_with?('https://')) ? URI.parse(i).host : i.to_s
+        end.join(ID_SEPARATOR)
+      end
+      raise "id must be a String" unless object_id.is_a?(String)
+      return object_id.
+      gsub(WINDOWS_PROTECTED_CHAR,PROTECTED_CHAR_REPLACE). # remove windows forbidden chars
+      gsub('.',PROTECTED_CHAR_REPLACE).  # keep dot for extension only (nicer)
+      downcase
+    end
+  end
+end

data/lib/aspera/node.rb

@@ -10,10 +10,8 @@ module Aspera
     ACCESS_LEVELS=['delete','list','mkdir','preview','read','rename','write']
     MATCH_EXEC_PREFIX='exec:'
 
-    # for information only
-    def self.decode_bearer_token(token)
-      return JSON.parse(Zlib::Inflate.inflate(Base64.decode64(token)).partition('==SIGNATURE==').first)
-    end
+    # register node special token decoder
+    Oauth.register_decoder(lambda{|token|JSON.parse(Zlib::Inflate.inflate(Base64.decode64(token)).partition('==SIGNATURE==').first)})
 
     # for access keys: provide expression to match entry in folder
     # if no prefix: regex

data/lib/aspera/oauth.rb

@@ -1,5 +1,6 @@
 require 'aspera/open_application'
 require 'aspera/web_auth'
+require 'aspera/id_generator'
 require 'base64'
 require 'date'
 require 'socket'
@@ -9,8 +10,14 @@ module Aspera
   # Implement OAuth 2 for the REST client and generate a bearer token
   # call get_authorization() to get a token.
   # bearer tokens are kept in memory and also in a file cache for later re-use
-  # if a token is expired (api returns 4xx), call again get_authorization({:refresh=>true})
+  # if a token is expired (api returns 4xx), call again get_authorization({refresh: true})
   class Oauth
+    # used for code exchange
+    DEFAULT_PATH_AUTHORIZE='authorize'
+    # to generate token
+    DEFAULT_PATH_TOKEN='token'
+    # field with token in result
+    DEFAULT_TOKEN_FIELD='access_token'
     private
     # remove 5 minutes to account for time offset (TODO: configurable?)
     JWT_NOTBEFORE_OFFSET_SEC=300
@@ -20,7 +27,9 @@ module Aspera
     TOKEN_CACHE_EXPIRY_SEC=1800
     # a prefix for persistency of tokens (garbage collect)
     PERSIST_CATEGORY_TOKEN='token'
-    private_constant :JWT_NOTBEFORE_OFFSET_SEC,:JWT_EXPIRY_OFFSET_SEC,:PERSIST_CATEGORY_TOKEN,:TOKEN_CACHE_EXPIRY_SEC
+    ONE_HOUR_AS_DAY_FRACTION=Rational(1,24)
+
+    private_constant :JWT_NOTBEFORE_OFFSET_SEC,:JWT_EXPIRY_OFFSET_SEC,:PERSIST_CATEGORY_TOKEN,:TOKEN_CACHE_EXPIRY_SEC,:ONE_HOUR_AS_DAY_FRACTION
     class << self
       # OAuth methods supported
       def auth_types
@@ -45,8 +54,25 @@ module Aspera
       def flush_tokens
         persist_mgr.garbage_collect(PERSIST_CATEGORY_TOKEN,nil)
       end
+
+      def register_decoder(method)
+        @decoders||=[]
+        @decoders.push(method)
+      end
+
+      def decode_token(token)
+        Log.log.debug(">>>> #{token} : #{@decoders.length}")
+        @decoders.each do |decoder|
+          result=decoder.call(token) rescue nil
+          return result unless result.nil?
+        end
+        return nil
+      end
     end
 
+    # seems to be quite standard token encoding (RFC?)
+    self.register_decoder lambda { |token| parts=token.split('.'); raise "not aoc token" unless parts.length.eql?(3); JSON.parse(Base64.decode64(parts[1]))}
+
     # for supported parameters, look in the code for @params
     # parameters are provided all with oauth_ prefix :
     # :base_url
@@ -56,8 +82,8 @@ module Aspera
     # :jwt_audience
     # :jwt_private_key_obj
     # :jwt_subject
-    # :path_authorize (default: 'authorize')
-    # :path_token (default: 'token')
+    # :path_authorize (default: DEFAULT_PATH_AUTHORIZE)
+    # :path_token (default: DEFAULT_PATH_TOKEN)
     # :scope (optional)
     # :grant (one of returned by self.auth_types)
     # :url_token
@@ -65,21 +91,21 @@ module Aspera
     # :user_pass
     # :token_type
     def initialize(auth_params)
-      Log.log.debug "auth=#{auth_params}"
+      Log.log.debug("auth=#{auth_params}")
       @params=auth_params.clone
       # default values
       # name of field to take as token from result of call to /token
-      @params[:token_field]||='access_token'
+      @params[:token_field]||=DEFAULT_TOKEN_FIELD
       # default endpoint for /token
-      @params[:path_token]||='token'
+      @params[:path_token]||=DEFAULT_PATH_TOKEN
       # default endpoint for /authorize
-      @params[:path_authorize]||='authorize'
-      rest_params={:base_url => @params[:base_url]}
+      @params[:path_authorize]||=DEFAULT_PATH_AUTHORIZE
+      rest_params={base_url: @params[:base_url]}
       if @params.has_key?(:client_id)
-        rest_params.merge!({:auth     => {
-          :type     => :basic,
-          :username => @params[:client_id],
-          :password => @params[:client_secret]
+        rest_params.merge!({auth: {
+          type:     :basic,
+          username: @params[:client_id],
+          password: @params[:client_secret]
           }})
       end
       @token_auth_api=Rest.new(rest_params)
@@ -107,28 +133,20 @@ module Aspera
       return code
     end
 
-    def create_token_advanced(rest_params)
+    def create_token(rest_params)
       return @token_auth_api.call({
-        :operation => 'POST',
-        :subpath   => @params[:path_token],
-        :headers   => {'Accept'=>'application/json'}}.merge(rest_params))
-    end
-
-    # shortcut for create_token_advanced
-    def create_token_www_body(creation_params)
-      return create_token_advanced({:www_body_params=>creation_params})
+        operation: 'POST',
+        subpath:   @params[:path_token],
+        headers:   {'Accept'=>'application/json'}}.merge(rest_params))
     end
 
-    # @return Array list of unique identifiers of token
-    def token_cache_ids(api_scope)
+    # @return unique identifier of token
+    def token_cache_id(api_scope)
       oauth_uri=URI.parse(@params[:base_url])
-      parts=[PERSIST_CATEGORY_TOKEN,oauth_uri.host.downcase.gsub(/[^a-z]+/,'_'),oauth_uri.path.downcase.gsub(/[^a-z]+/,'_'),@params[:grant]]
-      parts.push(api_scope) unless api_scope.nil?
-      parts.push(@params[:jwt_subject]) if @params.has_key?(:jwt_subject)
-      parts.push(@params[:user_name]) if @params.has_key?(:user_name)
-      parts.push(@params[:url_token]) if @params.has_key?(:url_token)
-      parts.push(@params[:api_key]) if @params.has_key?(:api_key)
-      return parts
+      parts=[PERSIST_CATEGORY_TOKEN,api_scope,oauth_uri.host,oauth_uri.path]
+      # add some of the parameters that uniquely define the token
+      [:grant,:jwt_subject,:user_name,:url_token,:api_key].inject(parts){|p,i|p.push(@params[i])}
+      return IdGenerator.from_list(parts)
     end
 
     public
@@ -148,22 +166,23 @@ module Aspera
       use_refresh_token=options[:refresh]
 
       # generate token identifier to use with cache
-      token_ids=token_cache_ids(api_scope)
+      token_id=token_cache_id(api_scope)
 
       # get token_data from cache (or nil), token_data is what is returned by /token
-      token_data=self.class.persist_mgr.get(token_ids)
+      token_data=self.class.persist_mgr.get(token_id)
       token_data=JSON.parse(token_data) unless token_data.nil?
-
       # Optional optimization: check if node token is expired, then force refresh
       # in case the transfer agent cannot refresh himself
       # else, anyway, faspmanager is equipped with refresh code
       if !token_data.nil?
-        decoded_node_token = Node.decode_bearer_token(token_data['access_token']) rescue nil
+        # TODO: use @params[:token_field] ?
+        decoded_node_token = self.class.decode_token(token_data['access_token'])
+        Log.dump('decoded_node_token',decoded_node_token) unless decoded_node_token.nil?
         if decoded_node_token.is_a?(Hash) and decoded_node_token['expires_at'].is_a?(String)
-          Log.dump('decoded_node_token',decoded_node_token)
           expires_at=DateTime.parse(decoded_node_token['expires_at'])
-          one_hour_as_day_fraction=Rational(1,24)
-          use_refresh_token=true if DateTime.now > (expires_at-one_hour_as_day_fraction)
+          # Time.at(decoded_node_token['exp'])
+          # does it seem expired, with one hour of security
+          use_refresh_token=true if DateTime.now > (expires_at-ONE_HOUR_AS_DAY_FRACTION)
         end
       end
 
@@ -174,7 +193,7 @@ module Aspera
           refresh_token=token_data['refresh_token']
         end
         # delete caches
-        self.class.persist_mgr.delete(token_ids)
+        self.class.persist_mgr.delete(token_id)
         token_data=nil
         # lets try the existing refresh token
         if !refresh_token.nil?
@@ -182,14 +201,14 @@ module Aspera
           # try to refresh
           # note: admin token has no refresh, and lives by default 1800secs
           # Note: scope is mandatory in Files, and we can either provide basic auth, or client_Secret in data
-          resp=create_token_www_body(p_client_id_and_scope.merge({
-            :grant_type   =>'refresh_token',
-            :refresh_token=>refresh_token}))
+          resp=create_token(www_body_params: p_client_id_and_scope.merge({
+            grant_type:    'refresh_token',
+            refresh_token: refresh_token}))
           if resp[:http].code.start_with?('2') then
-            # save only if success ?
+            # save only if success
             json_data=resp[:http].body
             token_data=JSON.parse(json_data)
-            self.class.persist_mgr.put(token_ids,json_data)
+            self.class.persist_mgr.put(token_id,json_data)
           else
             Log.log.debug("refresh failed: #{resp[:http].body}".bg_red)
           end
@@ -204,19 +223,19 @@ module Aspera
           # AoC Web based Auth
           check_code=SecureRandom.uuid
           auth_params=p_client_id_and_scope.merge({
-            :response_type => 'code',
-            :redirect_uri  => @params[:redirect_uri],
-            :state         => check_code
+            response_type: 'code',
+            redirect_uri:  @params[:redirect_uri],
+            state:         check_code
           })
           auth_params[:client_secret]=@params[:client_secret] if @params.has_key?(:client_secret)
           login_page_url=Rest.build_uri("#{@params[:base_url]}/#{@params[:path_authorize]}",auth_params)
           # here, we need a human to authorize on a web page
           code=goto_page_and_get_code(login_page_url,check_code)
           # exchange code for token
-          resp=create_token_www_body(p_client_id_and_scope.merge({
-            :grant_type   => 'authorization_code',
-            :code         => code,
-            :redirect_uri => @params[:redirect_uri]
+          resp=create_token(www_body_params: p_client_id_and_scope.merge({
+            grant_type:   'authorization_code',
+            code:         code,
+            redirect_uri: @params[:redirect_uri]
           }))
         when :jwt
           # https://tools.ietf.org/html/rfc7519
@@ -226,18 +245,18 @@ module Aspera
           Log.log.info("seconds=#{seconds_since_epoch}")
 
           payload = {
-            :iss => @params[:client_id],    # issuer
-            :sub => @params[:jwt_subject],  # subject
-            :aud => @params[:jwt_audience], # audience
-            :nbf => seconds_since_epoch-JWT_NOTBEFORE_OFFSET_SEC, # not before
-            :exp => seconds_since_epoch+JWT_EXPIRY_OFFSET_SEC # expiration
+            iss: @params[:client_id],    # issuer
+            sub: @params[:jwt_subject],  # subject
+            aud: @params[:jwt_audience], # audience
+            nbf: seconds_since_epoch-JWT_NOTBEFORE_OFFSET_SEC, # not before
+            exp: seconds_since_epoch+JWT_EXPIRY_OFFSET_SEC # expiration
           }
           # Hum.. compliant ? TODO: remove when Faspex5 API is clarified
           if @params.has_key?(:f5_username)
             payload[:jti] = SecureRandom.uuid # JWT id
             payload[:iat] = seconds_since_epoch # issued at
-            payload.delete(:nbf)
-            p_scope[:redirect_uri]="https://127.0.0.1:5000/token"
+            payload.delete(:nbf) # not used in f5
+            p_scope[:redirect_uri]="https://127.0.0.1:5000/token" # used ?
             p_scope[:state]=SecureRandom.uuid
             p_scope[:client_id]=@params[:client_id]
             @token_auth_api.params[:auth]={type: :basic,username: @params[:f5_username], password: @params[:f5_password]}
@@ -245,65 +264,62 @@ module Aspera
 
           # non standard, only for global ids
           payload.merge!(@params[:jwt_add]) if @params.has_key?(:jwt_add)
+          Log.log.debug("JWT payload=[#{payload}]")
 
           rsa_private=@params[:jwt_private_key_obj]  # type: OpenSSL::PKey::RSA
-
           Log.log.debug("private=[#{rsa_private}]")
 
-          Log.log.debug("JWT payload=[#{payload}]")
-          assertion = JWT.encode(payload, rsa_private, 'RS256',@params[:jwt_headers]||{})
-
+          assertion = JWT.encode(payload, rsa_private, 'RS256', @params[:jwt_headers]||{})
           Log.log.debug("assertion=[#{assertion}]")
 
-          resp=create_token_www_body(p_scope.merge({
-            :grant_type => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
-            :assertion  => assertion
+          resp=create_token(www_body_params: p_scope.merge({
+            grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
+            assertion:  assertion
           }))
         when :url_token
           # AoC Public Link
-          params={:url_token=>@params[:url_token]}
+          params={url_token: @params[:url_token]}
           params[:password]=@params[:password] if @params.has_key?(:password)
-          resp=create_token_advanced({
-            :json_params => params,
-            :url_params  => p_scope.merge({
-            :grant_type    => 'url_token'
-            })})
+          resp=create_token({
+            json_params: params,
+            url_params:  p_scope.merge({grant_type: 'url_token'})
+          })
         when :ibm_apikey
           # ATS
-          resp=create_token_www_body({
-            'grant_type'    => 'urn:ibm:params:oauth:grant-type:apikey',
-            'response_type' => 'cloud_iam',
-            'apikey'        => @params[:api_key]
+          resp=create_token(www_body_params: {
+            grant_type:    'urn:ibm:params:oauth:grant-type:apikey',
+            response_type: 'cloud_iam',
+            apikey:        @params[:api_key]
           })
         when :delegated_refresh
           # COS
-          resp=create_token_www_body({
-            'grant_type'          => 'urn:ibm:params:oauth:grant-type:apikey',
-            'response_type'       => 'delegated_refresh_token',
-            'apikey'              => @params[:api_key],
-            'receiver_client_ids' => 'aspera_ats'
+          resp=create_token(www_body_params: {
+            grant_type:          'urn:ibm:params:oauth:grant-type:apikey',
+            response_type:       'delegated_refresh_token',
+            apikey:              @params[:api_key],
+            receiver_client_ids: 'aspera_ats'
           })
         when :header_userpass
           # used in Faspex apiv4 and shares2
-          resp=create_token_advanced({
-            :auth        => {
-            :type          => :basic,
-            :username      => @params[:user_name],
-            :password      => @params[:user_pass]},
-            :json_params => p_client_id_and_scope.merge({:grant_type => 'password'}), #:www_body_params also works
-          })
+          resp=create_token(
+          json_params: p_client_id_and_scope.merge({grant_type: 'password'}), #:www_body_params also works
+          auth:        {
+            type:     :basic,
+            username: @params[:user_name],
+            password: @params[:user_pass]}
+          )
         when :body_userpass
           # legacy, not used
-          resp=create_token_www_body(p_client_id_and_scope.merge({
-            :grant_type => 'password',
-            :username   => @params[:user_name],
-            :password   => @params[:user_pass]
+          resp=create_token(www_body_params: p_client_id_and_scope.merge({
+            grant_type: 'password',
+            username:   @params[:user_name],
+            password:   @params[:user_pass]
           }))
         when :body_data
           # used in Faspex apiv5
-          resp=create_token_advanced({
-            :auth        => {:type => :none},
-            :json_params => @params[:userpass_body],
+          resp=create_token({
+            auth:        {type: :none},
+            json_params: @params[:userpass_body],
           })
         else
           raise "auth grant type unknown: #{@params[:grant]}"
@@ -311,9 +327,9 @@ module Aspera
         # TODO: test return code ?
         json_data=resp[:http].body
         token_data=JSON.parse(json_data)
-        self.class.persist_mgr.put(token_ids,json_data)
+        self.class.persist_mgr.put(token_id,json_data)
       end # if ! in_cache
-
+      raise "API error: No such field in answer: #{@params[:token_field]}" unless token_data.has_key?(@params[:token_field])
       # ok we shall have a token here
       return 'Bearer '+token_data[@params[:token_field]]
     end

data/lib/aspera/persistency_action_once.rb

@@ -6,7 +6,7 @@ module Aspera
   class PersistencyActionOnce
     # @param :manager  Mandatory Database
     # @param :data     Mandatory object to persist, must be same object from begin to end (assume array by default)
-    # @param :ids      Mandatory identifiers
+    # @param :id      Mandatory identifiers
     # @param :delete   Optional  delete persistency condition
     # @param :parse    Optional  parse method (default to JSON)
     # @param :format   Optional  dump method (default to JSON)
@@ -16,27 +16,31 @@ module Aspera
       raise "options shall be Hash" unless options.is_a?(Hash)
       raise "mandatory :manager" if options[:manager].nil?
       raise "mandatory :data" if options[:data].nil?
-      raise "mandatory :ids (Array)" unless options[:ids].is_a?(Array)
-      raise "mandatory 1 element in :ids" unless options[:ids].length >= 1
+      raise "mandatory :id (String)" unless options[:id].is_a?(String)
+      raise "mandatory 1 element in :id" unless options[:id].length >= 1
       @manager=options[:manager]
       @persisted_object=options[:data]
-      @object_ids=options[:ids]
+      @object_id=options[:id]
       # by default , at save time, file is deleted if data is nil
       @delete_condition=options[:delete] || lambda{|d|d.empty?}
       @persist_format=options[:format] || lambda {|h| JSON.generate(h)}
       persist_parse=options[:parse] || lambda {|t| JSON.parse(t)}
       persist_merge=options[:merge] || lambda {|current,file| current.concat(file).uniq rescue current}
-      value=@manager.get(@object_ids)
+      value=@manager.get(@object_id)
       persist_merge.call(@persisted_object,persist_parse.call(value)) unless value.nil?
     end
 
     def save
       if @delete_condition.call(@persisted_object)
-        @manager.delete(@object_ids)
+        @manager.delete(@object_id)
       else
-        @manager.put(@object_ids,@persist_format.call(@persisted_object))
+        @manager.put(@object_id,@persist_format.call(@persisted_object))
       end
     end
 
+    def data
+      return @persisted_object
+    end
+
   end
 end