aspera-cli 4.24.1 → 4.25.0.pre

data/lib/aspera/api/aoc.rb

@@ -8,11 +8,10 @@ require 'aspera/data_repository'
 require 'aspera/transfer/spec'
 require 'aspera/api/node'
 require 'base64'
-require 'cgi'
 
 module Aspera
   module Api
-    class AoC < Aspera::Rest
+    class AoC < Rest
       PRODUCT_NAME = 'Aspera on Cloud'
       # use default workspace if it is set, else none
       DEFAULT_WORKSPACE = ''
@@ -74,7 +73,7 @@ module Aspera
         # split host of URL into organization and domain
         def split_org_domain(uri)
           Aspera.assert_type(uri, URI)
-          raise "No host found in URL.Please check URL format: https://myorg.#{SAAS_DOMAIN_PROD}" if uri.host.nil?
+          Aspera.assert(!uri.host.nil?){"No host found in URL. Please check URL format: https://myorg.#{SAAS_DOMAIN_PROD}"}
           parts = uri.host.split('.', 2)
           Aspera.assert(parts.length == 2){"expecting a public FQDN for #{PRODUCT_NAME}"}
           parts[0] = nil if parts[0].eql?('api')
@@ -90,7 +89,7 @@ module Aspera
         # @param url [String] URL of AoC public link
         # @return [Hash] information about public link, or nil if not a public link
         def link_info(url)
-          final_uri = Rest.new(base_url: url, redirect_max: MAX_AOC_URL_REDIRECT).call(operation: 'GET')[:http].uri
+          final_uri = Rest.new(base_url: url, redirect_max: MAX_AOC_URL_REDIRECT).call(operation: 'GET', ret: :resp).uri
           Log.dump(:final_uri, final_uri, level: :trace1)
           org_domain = split_org_domain(final_uri)
           if (m = final_uri.path.match(%r{/oauth2/([^/]+)/login$}))
@@ -98,7 +97,7 @@ module Aspera
           else
             Log.log.debug{"path=#{final_uri.path} does not end with /login"}
           end
-          raise Error, 'AoC shall redirect to login page with a query' if final_uri.query.nil?
+          Aspera.assert(!final_uri.query.nil?, 'AoC shall redirect to login page with a query', type: Error)
           query = Rest.query_to_h(final_uri.query)
           Log.dump(:query, query, level: :trace1)
           # is that a public link ?
@@ -140,15 +139,82 @@ module Aspera
             organization:    org_domain[:organization]
           }
         end
+
+        # Call block with same query using paging and response information.
+        # Block must return an Array with data and http response
+        # @return [Hash] {items: , total: }
+        def call_paging(query: nil, formatter: nil)
+          query = {} if query.nil?
+          Aspera.assert_type(query, Hash){'query'}
+          Aspera.assert(block_given?)
+          # set default large page if user does not specify own parameters. AoC Caps to 1000 anyway
+          query['per_page'] = 1000 unless query.key?('per_page')
+          max_items = query.delete(Rest::MAX_ITEMS)
+          max_pages = query.delete(Rest::MAX_PAGES)
+          item_list = []
+          total_count = nil
+          current_page = query['page']
+          current_page = 1 if current_page.nil?
+          page_count = 0
+          loop do
+            new_query = query.clone
+            new_query['page'] = current_page
+            result_data, result_http = yield(new_query)
+            Aspera.assert(result_http)
+            total_count = result_http['X-Total-Count']&.to_i
+            page_count += 1
+            current_page += 1
+            add_items = result_data
+            break if add_items.nil?
+            break if add_items.empty?
+            # append new items to full list
+            item_list += add_items
+            break if !max_items.nil? && item_list.count >= max_items
+            break if !max_pages.nil? && page_count >= max_pages
+            break if total_count&.<=(item_list.count)
+            formatter&.long_operation_running("#{item_list.count} / #{total_count}") unless total_count.eql?(item_list.count.to_s)
+          end
+          formatter&.long_operation_terminated
+          item_list = item_list[0..max_items - 1] if !max_items.nil? && item_list.count > max_items
+          return {items: item_list, total: total_count}
+        end
+
+        # @param id [String] Identifier or workspace
+        # @return [Hash] suitable for permission filtering
+        def workspace_access(id)
+          {
+            'access_type' => 'user',
+            'access_id'   => "#{ID_AK_ADMIN}_WS_#{id}"
+          }
+        end
+
+        # @param permission [Hash] Shared folder information
+        # @return [Boolean] `true` if internal access
+        def workspace_access?(permission)
+          permission['access_id'].start_with?("#{ID_AK_ADMIN}_WS_")
+        end
       end
 
       attr_reader :private_link
 
-      def initialize(url:, auth:, subpath: API_V1, client_id: nil, client_secret: nil, scope: nil, redirect_uri: nil, private_key: nil, passphrase: nil, username: nil,
-        password: nil, workspace: nil, secret_finder: nil)
-        # test here because link may set url
-        raise ArgumentError, 'Missing mandatory option: url' if url.nil?
-        raise ArgumentError, 'Missing mandatory option: scope' if scope.nil?
+      def initialize(
+        url:,
+        auth:,
+        subpath: API_V1,
+        client_id: nil,
+        client_secret: nil,
+        scope: nil,
+        redirect_uri: nil,
+        private_key: nil,
+        passphrase: nil,
+        username: nil,
+        password: nil,
+        workspace: nil,
+        secret_finder: nil
+      )
+        # Test here because link may set url
+        Aspera.assert(url, 'Missing mandatory option: url', type: ParameterError)
+        Aspera.assert(scope, 'Missing mandatory option: scope', type: ParameterError)
         # default values for client id
         client_id, client_secret = self.class.get_client_info if client_id.nil?
         # access key secrets are provided out of band to get node api access
@@ -173,22 +239,21 @@ module Aspera
         auth_params[:grant_method] = if url_info.key?(:token)
           :url_json
         else
-          raise ArgumentError, 'Missing mandatory option: auth' if auth.nil?
+          Aspera.assert(auth, 'Missing mandatory option: auth', type: ParameterError)
           auth
         end
         # this is the base API url
         api_url_base = self.class.api_base_url(api_domain: url_info[:instance_domain])
         # auth URL
         auth_params[:base_url] = "#{api_url_base}/#{OAUTH_API_SUBPATH}/#{url_info[:organization]}"
-
         # fill other auth parameters based on OAuth method
         case auth_params[:grant_method]
         when :web
-          raise ArgumentError, 'Missing mandatory option: redirect_uri' if redirect_uri.nil?
+          Aspera.assert(redirect_uri, 'Missing mandatory option: redirect_uri', type: ParameterError)
           auth_params[:redirect_uri] = redirect_uri
         when :jwt
-          raise ArgumentError, 'Missing mandatory option: private_key' if private_key.nil?
-          raise ArgumentError, 'Missing mandatory option: username' if username.nil?
+          Aspera.assert(private_key, 'Missing mandatory option: private_key', type: ParameterError)
+          Aspera.assert(username, 'Missing mandatory option: username', type: ParameterError)
           auth_params[:private_key_obj] = OpenSSL::PKey::RSA.new(private_key, passphrase)
           auth_params[:payload] = {
             iss: auth_params[:client_id], # issuer
@@ -205,7 +270,7 @@ module Aspera
           auth_params[:json][:password] = password unless password.nil?
           # basic auth required for /token
           auth_params[:auth] = {type: :basic, username: auth_params[:client_id], password: auth_params[:client_secret]}
-        else Aspera.error_unexpected_value(auth_params[:grant_method])
+        else Aspera.error_unexpected_value(auth_params[:grant_method]){'auth, use one of: :web, :jwt'}
         end
         super(
           base_url: "#{api_url_base}/#{subpath}",
@@ -213,12 +278,12 @@ module Aspera
           )
       end
 
-      def public_link
-        return unless auth_params[:grant_method].eql?(:url_json)
-        return @cache_url_token_info unless @cache_url_token_info.nil?
-        # TODO: can there be several in list ?
-        @cache_url_token_info = read('url_tokens').first
-        return @cache_url_token_info
+      # read using the query and paging
+      # @return [Hash] {items: , total: }
+      def read_with_paging(subpath, query = nil, formatter: nil)
+        return self.class.call_paging(query: query, formatter: formatter) do |paged_query|
+          read(subpath, query: paged_query, ret: :both)
+        end
       end
 
       def assert_public_link_types(expected)
@@ -230,7 +295,17 @@ module Aspera
         return [] # TODO : public_link['id'] ?
       end
 
-      # cached user information
+      # Cached public link information
+      # @return [Hash, nil] token info if public link or nil
+      def public_link
+        return unless auth_params[:grant_method].eql?(:url_json)
+        return @cache_url_token_info unless @cache_url_token_info.nil?
+        # TODO: can there be several in list ?
+        @cache_url_token_info = read('url_tokens').first
+        return @cache_url_token_info
+      end
+
+      # Cached user information
       def current_user_info(exception: false)
         return @cache_user_info unless @cache_user_info.nil?
         # get our user's default information
@@ -246,21 +321,9 @@ module Aspera
         return @cache_user_info
       end
 
+      # Cached workspace information
       def workspace
-        Aspera.assert(!@workspace_info.nil?){'AoC workspace context is not set'}
-        @workspace_info
-      end
-
-      def home
-        Aspera.assert(!@home_info.nil?){'AoC home context is not set'}
-        @home_info
-      end
-
-      # Set the application context
-      # @param application [Symbol,NilClass] :files or :packages
-      # @return [Hash] current context information: workspace, and home node/file if app is "Files"
-      def context=(application)
-        Aspera.assert_values(application, %i[files packages])
+        return @workspace_info unless @workspace_info.nil?
         ws_id =
           if !public_link.nil?
             Log.log.debug('Using workspace of public link')
@@ -278,26 +341,21 @@ module Aspera
           else
             lookup_by_name('workspaces', @workspace_name)['id']
           end
-        ws_info =
-          if ws_id.nil?
-            nil
-          else
-            read("workspaces/#{ws_id}")
-          end
         @workspace_info =
-          if ws_info.nil?
+          if ws_id.nil?
             {
-              id:   nil,
-              name: "Shared #{application}"
+              name: 'Shared (no workspace)'
             }
           else
-            {
-              id:   ws_info['id'],
-              name: ws_info['name']
-            }
+            read("workspaces/#{ws_id}").slice('id', 'name', 'home_node_id', 'home_file_id').symbolize_keys
           end
-        Log.dump(:context, @workspace_info)
-        return unless application.eql?(:files)
+        Log.dump(:workspace_info, @workspace_info)
+        @workspace_info
+      end
+
+      # Cached Home information for current user in Files app
+      def home
+        return @home_info unless @home_info.nil?
         @home_info =
           if !public_link.nil?
             assert_public_link_types(['view_shared_file'])
@@ -310,10 +368,10 @@ module Aspera
               node_id: private_link[:node_id],
               file_id: private_link[:file_id]
             }
-          elsif ws_info
+          elsif workspace[:home_node_id] && workspace[:home_file_id]
             {
-              node_id: ws_info['home_node_id'],
-              file_id: ws_info['home_file_id']
+              node_id: workspace[:home_node_id],
+              file_id: workspace[:home_file_id]
             }
           else
             # not part of any workspace, but has some folder shared
@@ -323,8 +381,9 @@ module Aspera
               file_id: user_info['read_only_home_file_id']
             }
           end
-        raise "Cannot get user's home node id, check your default workspace or specify one" if @home_info[:node_id].to_s.empty?
+        Aspera.assert(!@home_info[:node_id].to_s.empty?, "Cannot get user's home node id, check your default workspace or specify one", type: Error)
         Log.dump(:context, @home_info)
+        @home_info
       end
 
       # @param node_id [String] identifier of node in AoC
@@ -393,37 +452,38 @@ module Aspera
         end
         meta_schema.each do |field|
           provided = pkg_meta.select{ |i| i['name'].eql?(field['name'])}
-          raise "only one field with name #{field['name']} allowed" if provided.count > 1
-          raise "missing mandatory field: #{field['name']}" if field['required'] && provided.empty?
+          Aspera.assert(provided.count <= 1, type: Error){"only one field with name #{field['name']} allowed"}
+          Aspera.assert(!provided.empty?, type: Error){"missing mandatory field: #{field['name']}"} if field['required']
         end
       end
 
       # Normalize package creation recipient lists as expected by AoC API
       # AoC expects {type: , id: }, but ascli allows providing either the native values or just a name
       # in that case, the name is resolved and replaced with {type: , id: }
-      # @param package_data The whole package creation payload
-      # @param recipient_list_field The field in structure, i.e. recipients or bcc_recipients
-      # @return nil package_data is modified
-      def resolve_package_recipients(package_data, ws_id, recipient_list_field, new_user_option)
-        return unless package_data.key?(recipient_list_field)
-        Aspera.assert_type(package_data[recipient_list_field], Array){recipient_list_field}
+      # @param package_data    [Hash]   The whole package creation payload
+      # @param rcpt_lst_field  [String] The field in structure, i.e. recipients or bcc_recipients
+      # @param new_user_option [Hash]   Additionnal fields for contact creation
+      # @return nil, `package_data` is modified
+      def resolve_package_recipients(package_data, rcpt_lst_field, new_user_option)
+        return unless package_data.key?(rcpt_lst_field)
+        Aspera.assert_type(package_data[rcpt_lst_field], Array){rcpt_lst_field}
         new_user_option = {'package_contact' => true} if new_user_option.nil?
         Aspera.assert_type(new_user_option, Hash){'new_user_option'}
+        ws_id = package_data['workspace_id']
         # list with resolved elements
         resolved_list = []
-        package_data[recipient_list_field].each do |short_recipient_info|
+        package_data[rcpt_lst_field].each do |short_recipient_info|
           case short_recipient_info
           when Hash # native API information, check keys
-            Aspera.assert(short_recipient_info.keys.sort.eql?(%w[id type])){"#{recipient_list_field} element shall have fields: id and type"}
+            Aspera.assert(short_recipient_info.keys.sort.eql?(%w[id type])){"#{rcpt_lst_field} element shall have fields: id and type"}
           when String # CLI helper: need to resolve provided name to type/id
             # email: user, else dropbox
             entity_type = short_recipient_info.include?('@') ? 'contacts' : 'dropboxes'
             begin
               full_recipient_info = lookup_by_name(entity_type, short_recipient_info, query: {'current_workspace_id' => ws_id})
-            rescue RuntimeError => e
-              raise e unless e.message.start_with?(ENTITY_NOT_FOUND)
+            rescue EntityNotFound
               # dropboxes cannot be created on the fly
-              raise "No such shared inbox in workspace #{ws_id}" if entity_type.eql?('dropboxes')
+              Aspera.assert_values(entity_type, 'contacts', type: Error){"No such shared inbox in workspace #{ws_id}"}
               # unknown user: create it as external user
               full_recipient_info = create('contacts', {
                 'current_workspace_id' => ws_id,
@@ -435,14 +495,13 @@ module Aspera
             else
               {'id' => full_recipient_info['source_id'], 'type' => full_recipient_info['source_type']}
             end
-          else # unexpected extended value, must be String or Hash
-            raise "#{recipient_list_field} item must be a String (email, shared inbox) or Hash (id,type)"
+          else Aspera.error_unexpected_value(short_recipient_info.class.name){"#{rcpt_lst_field} item must be a String (email, shared inbox) or Hash (id,type)"}
           end
           # add original or resolved recipient info
           resolved_list.push(short_recipient_info)
         end
         # replace with resolved elements
-        package_data[recipient_list_field] = resolved_list
+        package_data[rcpt_lst_field] = resolved_list
         return
       end
 
@@ -475,8 +534,8 @@ module Aspera
         # package_data['file_names']||=[..list of filenames to transfer...]
 
         # lookup users
-        resolve_package_recipients(package_data, package_data['workspace_id'], 'recipients', new_user_option)
-        resolve_package_recipients(package_data, package_data['workspace_id'], 'bcc_recipients', new_user_option)
+        resolve_package_recipients(package_data, 'recipients', new_user_option)
+        resolve_package_recipients(package_data, 'bcc_recipients', new_user_option)
 
         validate_metadata(package_data) if validate_meta
 
@@ -592,8 +651,7 @@ module Aspera
         when NilClass
         when ''
           # workspace shared folder
-          perm_data['access_type'] = 'user'
-          perm_data['access_id'] = "#{ID_AK_ADMIN}_WS_#{app_info[:workspace_id]}"
+          perm_data.merge!(self.class.workspace_access(app_info[:workspace_id]))
           tag_workspace['shared_with_name'] = perm_data['access_id']
         else
           entity_info = lookup_by_name('contacts', shared_with, query: {'current_workspace_id' => app_info[:workspace_id]})

data/lib/aspera/api/cos_node.rb

@@ -55,8 +55,9 @@ module Aspera
           operation: 'GET',
           subpath:   bucket,
           headers:   {'Accept' => 'application/xml'},
-          query:     {'faspConnectionInfo' => nil}
-        )[:http].body
+          query:     {'faspConnectionInfo' => nil},
+          ret:       :resp
+        ).body
         ats_info = XmlSimple.xml_in(xml_result_text, {'ForceArray' => false})
         Log.dump(:ats_info, ats_info)
         @storage_credentials = {

data/lib/aspera/api/faspex.rb

@@ -0,0 +1,213 @@
+# frozen_string_literal: true
+
+require 'aspera/rest'
+require 'aspera/oauth/base'
+require 'digest'
+
+module Aspera
+  # Implement OAuth for Faspex public link
+  class FaspexPubLink < OAuth::Base
+    class << self
+      attr_accessor :additional_info
+    end
+    # @param context         The `context` query parameter in public link
+    # @param redirect_uri    URI of web UI login
+    # @param path_authorize  Path to provide passcode
+    def initialize(
+      context:,
+      redirect_uri:,
+      path_authorize: 'authorize_public_link',
+      **base_params
+    )
+      # a unique identifier could also be the passcode inside
+      super(**base_params, cache_ids: [Digest::SHA256.hexdigest(context)[0..23]])
+      @context = context
+      @redirect_uri = redirect_uri
+      @path_authorize = path_authorize
+    end
+
+    def create_token
+      # Exchange context (passcode) for code
+      http = api.call(
+        operation: 'GET',
+        subpath:   @path_authorize,
+        query: {
+          response_type: :code,
+          state:         @context,
+          client_id:     client_id,
+          redirect_uri:  @redirect_uri
+        },
+        exception: false,
+        ret:       :resp
+      )
+      # code / state located in redirected URL query
+      info = Rest.query_to_h(URI.parse(http['Location']).query)
+      Log.dump(:info, info)
+      raise Error, info['action_message'] if info['action_message']
+      Aspera.assert(info['code']){'Missing code in answer'}
+      # Exchange code for token
+      return create_token_call(optional_scope_client_id.merge(
+        grant_type:   'authorization_code',
+        code:         info['code'],
+        redirect_uri: @redirect_uri
+      ))
+    end
+  end
+  OAuth::Factory.instance.register_token_creator(FaspexPubLink)
+  module Api
+    class Faspex < Aspera::Rest
+      # endpoint for authentication API
+      PATH_AUTH = 'auth'
+      PATH_API_V5 = 'api/v5'
+      PATH_HEALTH = 'configuration/ping'
+      private_constant :PATH_API_V5,
+        :PATH_HEALTH,
+        :PATH_AUTH
+      RECIPIENT_TYPES = %w[user workgroup external_user distribution_list shared_inbox].freeze
+      PACKAGE_TERMINATED = %w[completed failed].freeze
+      # list of supported mailbox types (to list packages)
+      API_LIST_MAILBOX_TYPES = %w[inbox inbox_history inbox_all inbox_all_history outbox outbox_history pending pending_history all].freeze
+      # PACKAGE_SEND_FROM_REMOTE_SOURCE = 'remote_source'
+      # Faspex API v5: get transfer spec for connect
+      TRANSFER_CONNECT = 'connect'
+      ADMIN_RESOURCES = %i[
+        accounts distribution_lists contacts jobs workgroups shared_inboxes nodes oauth_clients registrations saml_configs
+        metadata_profiles email_notifications alternate_addresses webhooks
+      ].freeze
+      # states for jobs not in final state
+      JOB_RUNNING = %w[queued working].freeze
+      PATH_STANDARD_ROOT = '/aspera/faspex'
+      PATH_API_DETECT = "#{PATH_API_V5}/#{PATH_HEALTH}"
+      HEADER_ITERATION_TOKEN = 'X-Aspera-Next-Iteration-Token'
+      HEADER_FASPEX_VERSION = 'X-IBM-Aspera'
+      EMAIL_NOTIF_LIST = %w[
+        welcome_email
+        forgot_password
+        package_received
+        package_received_cc
+        package_sent_cc
+        package_downloaded
+        package_downloaded_cc
+        workgroup_package
+        upload_result
+        upload_result_cc
+        relay_started_cc
+        relay_finished_cc
+        relay_error_cc
+        shared_inbox_invitation
+        shared_inbox_submit
+        personal_invitation
+        personal_submit
+        account_approved
+        account_denied
+        package_file_processing_failed_sender
+        package_file_processing_failed_recipient
+        relay_failed_admin
+        relay_failed
+        admin_sync_failed
+        sync_failed
+        account_exist
+        mfa_code
+      ]
+      class << self
+        # @return true if the URL is a public link
+        def public_link?(url)
+          url.include?('?context=')
+        end
+      end
+      attr_reader :pub_link_context
+
+      def initialize(
+        url:,
+        auth:,
+        password: nil,
+        client_id: nil,
+        client_secret: nil,
+        redirect_uri: nil,
+        username: nil,
+        private_key: nil,
+        passphrase: nil
+      )
+        auth = :public_link if self.class.public_link?(url)
+        @pub_link_context = nil
+        super(**
+          case auth
+          when :public_link
+            # Get URL of final redirect of public link
+            redir_url = Rest.new(base_url: url, redirect_max: 3).call(operation: 'GET', ret: :resp).uri.to_s
+            Log.dump(:redir_url, redir_url, level: :trace1)
+            # get context from query
+            encoded_context = Rest.query_to_h(URI.parse(redir_url).query)['context']
+            raise ParameterError, 'Bad faspex5 public link, missing context in query' if encoded_context.nil?
+            # public link information (contains passcode and allowed usage)
+            @pub_link_context = JSON.parse(Base64.decode64(encoded_context))
+            Log.dump(:pub_link_context, @pub_link_context, level: :trace1)
+            # Get the base url, i.e. .../aspera/faspex
+            base_url = redir_url.gsub(%r{/public/.*}, '').gsub(/\?.*/, '')
+            # Get web UI client_id and redirect_uri
+            # TODO: change this for something more reliable
+            config = JSON.parse(Rest.new(base_url: "#{base_url}/config.js", redirect_max: 3).call(operation: 'GET').sub(/^[^=]+=/, '').gsub(/([a-z_]+):/, '"\1":').delete("\n ").tr("'", '"')).symbolize_keys
+            Log.dump(:configjs, config)
+            {
+              base_url: "#{base_url}/#{PATH_API_V5}",
+              auth:     {
+                type:         :oauth2,
+                base_url:     "#{base_url}/#{PATH_AUTH}",
+                grant_method: :faspex_pub_link,
+                context:      encoded_context,
+                client_id:    config[:client_id],
+                redirect_uri: config[:redirect_uri]
+              }
+            }
+          # old: headers:  {'Passcode' => @pub_link_context['passcode']}
+          when :boot
+            Aspera.assert(password, type: ParameterError){'Missing password'}
+            # the password here is the token copied directly from browser in developer mode
+            {
+              base_url: "#{url}/#{PATH_API_V5}",
+              headers:  {'Authorization' => password}
+            }
+          when :web
+            Aspera.assert(client_id, type: ParameterError){'Missing client_id'}
+            Aspera.assert(redirect_uri, type: ParameterError){'Missing redirect_uri'}
+            # opens a browser and ask user to auth using web
+            {
+              base_url: "#{url}/#{PATH_API_V5}",
+              auth:     {
+                type:         :oauth2,
+                base_url:     "#{url}/#{PATH_AUTH}",
+                grant_method: :web,
+                client_id:    client_id,
+                redirect_uri: redirect_uri
+              }
+            }
+          when :jwt
+            Aspera.assert(client_id, type: ParameterError){'Missing client_id'}
+            Aspera.assert(private_key, type: ParameterError){'Missing private_key'}
+            {
+              base_url: "#{url}/#{PATH_API_V5}",
+              auth:     {
+                type:            :oauth2,
+                base_url:        "#{url}/#{PATH_AUTH}",
+                grant_method:    :jwt,
+                client_id:       client_id,
+                payload:         {
+                  iss: client_id, # issuer
+                  aud: client_id, # audience (this field is not clear...)
+                  sub: "user:#{username}" # subject is a user
+                },
+                private_key_obj: OpenSSL::PKey::RSA.new(private_key, passphrase),
+                headers:         {typ: 'JWT'}
+              }
+            }
+          else Aspera.error_unexpected_value(auth, type: ParameterError){'auth'}
+          end
+        )
+      end
+
+      def auth_api
+        Rest.new(**params, base_url: base_url.sub(PATH_API_V5, PATH_AUTH))
+      end
+    end
+  end
+end