doorkeeper-grants_assertion 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +3 -0
- data/.travis.yml +1 -6
- data/Gemfile +6 -9
- data/README.md +71 -2
- data/Rakefile +8 -6
- data/doorkeeper-grants_assertion.gemspec +27 -8
- data/gemfiles/rails_4_2.gemfile +0 -3
- data/gemfiles/rails_4_2.gemfile.lock +68 -17
- data/gemfiles/rails_5_0.gemfile +0 -3
- data/gemfiles/rails_5_0.gemfile.lock +68 -17
- data/gemfiles/rails_latest_and_doorkeeper_latest.gemfile +0 -3
- data/gemfiles/rails_latest_and_doorkeeper_latest.gemfile.lock +68 -17
- data/lib/doorkeeper/grants_assertion.rb +5 -0
- data/lib/doorkeeper/grants_assertion/devise/omniauth.rb +33 -0
- data/lib/doorkeeper/grants_assertion/omniauth.rb +35 -0
- data/lib/doorkeeper/grants_assertion/railtie.rb +6 -0
- data/lib/doorkeeper/grants_assertion/version.rb +7 -0
- data/lib/doorkeeper/request/assertion.rb +2 -0
- metadata +115 -58
- data/spec/dummy/Rakefile +0 -7
- data/spec/dummy/app/controllers/application_controller.rb +0 -3
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -11
- data/spec/dummy/app/controllers/home_controller.rb +0 -17
- data/spec/dummy/app/controllers/metal_controller.rb +0 -11
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
- data/spec/dummy/app/helpers/application_helper.rb +0 -5
- data/spec/dummy/app/models/user.rb +0 -9
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config.ru +0 -4
- data/spec/dummy/config/application.rb +0 -47
- data/spec/dummy/config/boot.rb +0 -4
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -29
- data/spec/dummy/config/environments/production.rb +0 -62
- data/spec/dummy/config/environments/test.rb +0 -53
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -92
- data/spec/dummy/config/initializers/secret_token.rb +0 -9
- data/spec/dummy/config/initializers/session_store.rb +0 -8
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -74
- data/spec/dummy/config/routes.rb +0 -52
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -10
- data/spec/dummy/db/migrate/20130902165751_create_doorkeeper_tables.rb +0 -41
- data/spec/dummy/db/migrate/20130902175349_add_owner_to_application.rb +0 -7
- data/spec/dummy/db/schema.rb +0 -66
- data/spec/dummy/script/rails +0 -6
- data/spec/factories/access_grant.rb +0 -9
- data/spec/factories/access_token.rb +0 -11
- data/spec/factories/application.rb +0 -6
- data/spec/requests/flows/assertion_spec.rb +0 -127
- data/spec/spec_helper.rb +0 -2
- data/spec/spec_helper_integration.rb +0 -28
- data/spec/support/dependencies/factory_girl.rb +0 -2
- data/spec/support/helpers/config_helper.rb +0 -9
- data/spec/support/helpers/model_helper.rb +0 -45
- data/spec/support/helpers/request_spec_helper.rb +0 -76
- data/spec/support/helpers/url_helper.rb +0 -19
- data/spec/support/shared/controllers_shared_context.rb +0 -60
- data/spec/support/shared/models_shared_examples.rb +0 -52
@@ -1,9 +0,0 @@
|
|
1
|
-
# Be sure to restart your server when you modify this file.
|
2
|
-
|
3
|
-
# Your secret key for verifying the integrity of signed cookies.
|
4
|
-
# If you change this key, all old signed cookies will become invalid!
|
5
|
-
# Make sure the secret is at least 30 characters and all random,
|
6
|
-
# no regular words or you'll be exposed to dictionary attacks.
|
7
|
-
Dummy::Application.config.secret_key_base =
|
8
|
-
Dummy::Application.config.secret_token =
|
9
|
-
'c00157b5a1bb6181792f0f4a8a080485de7bab9987e6cf159dc74c4f0573345c1bfa713b5d756e1491fc0b098567e8a619e2f8d268eda86a20a720d05d633780'
|
@@ -1,8 +0,0 @@
|
|
1
|
-
# Be sure to restart your server when you modify this file.
|
2
|
-
|
3
|
-
Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'
|
4
|
-
|
5
|
-
# Use the database for sessions instead of the cookie-based default,
|
6
|
-
# which shouldn't be used to store highly confidential information
|
7
|
-
# (create the session table with "rails generate session_migration")
|
8
|
-
# Dummy::Application.config.session_store :active_record_store
|
@@ -1,14 +0,0 @@
|
|
1
|
-
# Be sure to restart your server when you modify this file.
|
2
|
-
#
|
3
|
-
# This file contains settings for ActionController::ParamsWrapper which
|
4
|
-
# is enabled by default.
|
5
|
-
|
6
|
-
# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
|
7
|
-
ActiveSupport.on_load(:action_controller) do
|
8
|
-
wrap_parameters format: [:json]
|
9
|
-
end
|
10
|
-
|
11
|
-
# Disable root element in JSON by default.
|
12
|
-
ActiveSupport.on_load(:active_record) do
|
13
|
-
self.include_root_in_json = false
|
14
|
-
end
|
@@ -1,74 +0,0 @@
|
|
1
|
-
en:
|
2
|
-
activerecord:
|
3
|
-
errors:
|
4
|
-
models:
|
5
|
-
application:
|
6
|
-
attributes:
|
7
|
-
redirect_uri:
|
8
|
-
fragment_present: 'cannot contain a fragment.'
|
9
|
-
has_query_parameter: 'cannot contain a query parameter.'
|
10
|
-
invalid_uri: 'must be a valid URI.'
|
11
|
-
relative_uri: 'must be an absolute URI.'
|
12
|
-
mongoid:
|
13
|
-
errors:
|
14
|
-
models:
|
15
|
-
application:
|
16
|
-
attributes:
|
17
|
-
redirect_uri:
|
18
|
-
fragment_present: 'cannot contain a fragment.'
|
19
|
-
has_query_parameter: 'cannot contain a query parameter.'
|
20
|
-
invalid_uri: 'must be a valid URI.'
|
21
|
-
relative_uri: 'must be an absolute URI.'
|
22
|
-
mongo_mapper:
|
23
|
-
errors:
|
24
|
-
models:
|
25
|
-
application:
|
26
|
-
attributes:
|
27
|
-
redirect_uri:
|
28
|
-
fragment_present: 'cannot contain a fragment.'
|
29
|
-
has_query_parameter: 'cannot contain a query parameter.'
|
30
|
-
invalid_uri: 'must be a valid URI.'
|
31
|
-
relative_uri: 'must be an absolute URI.'
|
32
|
-
doorkeeper:
|
33
|
-
errors:
|
34
|
-
messages:
|
35
|
-
# Common error messages
|
36
|
-
invalid_request: 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.'
|
37
|
-
invalid_redirect_uri: 'The redirect uri included is not valid.'
|
38
|
-
unauthorized_client: 'The client is not authorized to perform this request using this method.'
|
39
|
-
access_denied: 'The resource owner or authorization server denied the request.'
|
40
|
-
invalid_scope: 'The requested scope is invalid, unknown, or malformed.'
|
41
|
-
server_error: 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.'
|
42
|
-
temporarily_unavailable: 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.'
|
43
|
-
|
44
|
-
#configuration error messages
|
45
|
-
credential_flow_not_configured: 'Resource Owner Password Credentials flow failed due to Doorkeeper.configure.resource_owner_from_credentials being unconfigured.'
|
46
|
-
resource_owner_authenticator_not_configured: 'Resource Owner find failed due to Doorkeeper.configure.resource_owner_authenticator being unconfiged.'
|
47
|
-
|
48
|
-
# Access grant errors
|
49
|
-
unsupported_response_type: 'The authorization server does not support this response type.'
|
50
|
-
|
51
|
-
# Access token errors
|
52
|
-
invalid_client: 'Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.'
|
53
|
-
invalid_grant: 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.'
|
54
|
-
unsupported_grant_type: 'The authorization grant type is not supported by the authorization server.'
|
55
|
-
|
56
|
-
# Password Access token errors
|
57
|
-
invalid_resource_owner: 'The provided resource owner credentials are not valid, or resource owner cannot be found'
|
58
|
-
|
59
|
-
invalid_token:
|
60
|
-
revoked: "The access token was revoked"
|
61
|
-
expired: "The access token expired"
|
62
|
-
unknown: "The access token is invalid"
|
63
|
-
|
64
|
-
flash:
|
65
|
-
applications:
|
66
|
-
create:
|
67
|
-
notice: 'Application created.'
|
68
|
-
destroy:
|
69
|
-
notice: 'Application deleted.'
|
70
|
-
update:
|
71
|
-
notice: 'Application updated.'
|
72
|
-
authorized_applications:
|
73
|
-
destroy:
|
74
|
-
notice: 'Application revoked.'
|
data/spec/dummy/config/routes.rb
DELETED
@@ -1,52 +0,0 @@
|
|
1
|
-
Rails.application.routes.draw do
|
2
|
-
use_doorkeeper
|
3
|
-
use_doorkeeper scope: 'scope'
|
4
|
-
|
5
|
-
scope 'inner_space' do
|
6
|
-
use_doorkeeper scope: 'scope' do
|
7
|
-
controllers authorizations: 'custom_authorizations',
|
8
|
-
tokens: 'custom_authorizations',
|
9
|
-
applications: 'custom_authorizations',
|
10
|
-
token_info: 'custom_authorizations'
|
11
|
-
|
12
|
-
as authorizations: 'custom_auth',
|
13
|
-
tokens: 'custom_token',
|
14
|
-
token_info: 'custom_token_info'
|
15
|
-
end
|
16
|
-
end
|
17
|
-
|
18
|
-
scope 'space' do
|
19
|
-
use_doorkeeper do
|
20
|
-
controllers authorizations: 'custom_authorizations',
|
21
|
-
tokens: 'custom_authorizations',
|
22
|
-
applications: 'custom_authorizations',
|
23
|
-
token_info: 'custom_authorizations'
|
24
|
-
|
25
|
-
as authorizations: 'custom_auth',
|
26
|
-
tokens: 'custom_token',
|
27
|
-
token_info: 'custom_token_info'
|
28
|
-
end
|
29
|
-
end
|
30
|
-
|
31
|
-
scope 'outer_space' do
|
32
|
-
use_doorkeeper do
|
33
|
-
controllers authorizations: 'custom_authorizations',
|
34
|
-
tokens: 'custom_authorizations',
|
35
|
-
token_info: 'custom_authorizations'
|
36
|
-
|
37
|
-
as authorizations: 'custom_auth',
|
38
|
-
tokens: 'custom_token',
|
39
|
-
token_info: 'custom_token_info'
|
40
|
-
|
41
|
-
skip_controllers :tokens, :applications, :token_info
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
get 'metal.json' => 'metal#index'
|
46
|
-
|
47
|
-
get '/callback', to: 'home#callback'
|
48
|
-
get '/sign_in', to: 'home#sign_in'
|
49
|
-
resources :semi_protected_resources
|
50
|
-
resources :full_protected_resources
|
51
|
-
root to: 'home#index'
|
52
|
-
end
|
@@ -1,41 +0,0 @@
|
|
1
|
-
class CreateDoorkeeperTables < ActiveRecord::Migration
|
2
|
-
def change
|
3
|
-
create_table :oauth_applications do |t|
|
4
|
-
t.string :name, null: false
|
5
|
-
t.string :uid, null: false
|
6
|
-
t.string :secret, null: false
|
7
|
-
t.string :redirect_uri, null: false, limit: 2048
|
8
|
-
t.timestamps
|
9
|
-
end
|
10
|
-
|
11
|
-
add_index :oauth_applications, :uid, unique: true
|
12
|
-
|
13
|
-
create_table :oauth_access_grants do |t|
|
14
|
-
t.integer :resource_owner_id, null: false
|
15
|
-
t.integer :application_id, null: false
|
16
|
-
t.string :token, null: false
|
17
|
-
t.integer :expires_in, null: false
|
18
|
-
t.string :redirect_uri, null: false, limit: 2048
|
19
|
-
t.datetime :created_at, null: false
|
20
|
-
t.datetime :revoked_at
|
21
|
-
t.string :scopes
|
22
|
-
end
|
23
|
-
|
24
|
-
add_index :oauth_access_grants, :token, unique: true
|
25
|
-
|
26
|
-
create_table :oauth_access_tokens do |t|
|
27
|
-
t.integer :resource_owner_id
|
28
|
-
t.integer :application_id
|
29
|
-
t.string :token, null: false
|
30
|
-
t.string :refresh_token
|
31
|
-
t.integer :expires_in
|
32
|
-
t.datetime :revoked_at
|
33
|
-
t.datetime :created_at, null: false
|
34
|
-
t.string :scopes
|
35
|
-
end
|
36
|
-
|
37
|
-
add_index :oauth_access_tokens, :token, unique: true
|
38
|
-
add_index :oauth_access_tokens, :resource_owner_id
|
39
|
-
add_index :oauth_access_tokens, :refresh_token, unique: true
|
40
|
-
end
|
41
|
-
end
|
@@ -1,7 +0,0 @@
|
|
1
|
-
class AddOwnerToApplication < ActiveRecord::Migration
|
2
|
-
def change
|
3
|
-
add_column :oauth_applications, :owner_id, :integer, null: true
|
4
|
-
add_column :oauth_applications, :owner_type, :string, null: true
|
5
|
-
add_index :oauth_applications, [:owner_id, :owner_type]
|
6
|
-
end
|
7
|
-
end
|
data/spec/dummy/db/schema.rb
DELETED
@@ -1,66 +0,0 @@
|
|
1
|
-
# encoding: UTF-8
|
2
|
-
# This file is auto-generated from the current state of the database. Instead
|
3
|
-
# of editing this file, please use the migrations feature of Active Record to
|
4
|
-
# incrementally modify your database, and then regenerate this schema definition.
|
5
|
-
#
|
6
|
-
# Note that this schema.rb definition is the authoritative source for your
|
7
|
-
# database schema. If you need to create the application database on another
|
8
|
-
# system, you should be using db:schema:load, not running all the migrations
|
9
|
-
# from scratch. The latter is a flawed and unsustainable approach (the more migrations
|
10
|
-
# you'll amass, the slower it'll run and the greater likelihood for issues).
|
11
|
-
#
|
12
|
-
# It's strongly recommended that you check this file into your version control system.
|
13
|
-
|
14
|
-
ActiveRecord::Schema.define(version: 20130902175349) do
|
15
|
-
|
16
|
-
create_table "oauth_access_grants", force: true do |t|
|
17
|
-
t.integer "resource_owner_id", null: false
|
18
|
-
t.integer "application_id", null: false
|
19
|
-
t.string "token", null: false
|
20
|
-
t.integer "expires_in", null: false
|
21
|
-
t.string "redirect_uri", limit: 2048, null: false
|
22
|
-
t.datetime "created_at", null: false
|
23
|
-
t.datetime "revoked_at"
|
24
|
-
t.string "scopes"
|
25
|
-
end
|
26
|
-
|
27
|
-
add_index "oauth_access_grants", ["token"], name: "index_oauth_access_grants_on_token", unique: true
|
28
|
-
|
29
|
-
create_table "oauth_access_tokens", force: true do |t|
|
30
|
-
t.integer "resource_owner_id"
|
31
|
-
t.integer "application_id"
|
32
|
-
t.string "token", null: false
|
33
|
-
t.string "refresh_token"
|
34
|
-
t.integer "expires_in"
|
35
|
-
t.datetime "revoked_at"
|
36
|
-
t.datetime "created_at", null: false
|
37
|
-
t.string "scopes"
|
38
|
-
end
|
39
|
-
|
40
|
-
add_index "oauth_access_tokens", ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
|
41
|
-
add_index "oauth_access_tokens", ["resource_owner_id"], name: "index_oauth_access_tokens_on_resource_owner_id"
|
42
|
-
add_index "oauth_access_tokens", ["token"], name: "index_oauth_access_tokens_on_token", unique: true
|
43
|
-
|
44
|
-
create_table "oauth_applications", force: true do |t|
|
45
|
-
t.string "name", null: false
|
46
|
-
t.string "uid", null: false
|
47
|
-
t.string "secret", null: false
|
48
|
-
t.string "redirect_uri", limit: 2048, null: false
|
49
|
-
t.datetime "created_at"
|
50
|
-
t.datetime "updated_at"
|
51
|
-
t.integer "owner_id"
|
52
|
-
t.string "owner_type"
|
53
|
-
end
|
54
|
-
|
55
|
-
add_index "oauth_applications", ["owner_id", "owner_type"], name: "index_oauth_applications_on_owner_id_and_owner_type"
|
56
|
-
add_index "oauth_applications", ["uid"], name: "index_oauth_applications_on_uid", unique: true
|
57
|
-
|
58
|
-
create_table "users", force: true do |t|
|
59
|
-
t.string "name"
|
60
|
-
t.string "password"
|
61
|
-
t.string "assertion"
|
62
|
-
t.datetime "created_at"
|
63
|
-
t.datetime "updated_at"
|
64
|
-
end
|
65
|
-
|
66
|
-
end
|
data/spec/dummy/script/rails
DELETED
@@ -1,6 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
|
3
|
-
|
4
|
-
APP_PATH = File.expand_path('../../config/application', __FILE__)
|
5
|
-
require File.expand_path('../../config/boot', __FILE__)
|
6
|
-
require 'rails/commands'
|
@@ -1,127 +0,0 @@
|
|
1
|
-
require 'spec_helper_integration'
|
2
|
-
|
3
|
-
describe 'Resource Owner Assertion Flow inproperly set up', type: :request do
|
4
|
-
before do
|
5
|
-
config_is_set(:resource_owner_from_assertion) { nil }
|
6
|
-
client_exists
|
7
|
-
create_resource_owner
|
8
|
-
end
|
9
|
-
|
10
|
-
context 'with valid user assertion' do
|
11
|
-
it "should not issue new token" do
|
12
|
-
expect {
|
13
|
-
post assertion_endpoint_url(client: @client, resource_owner: @resource_owner)
|
14
|
-
}.to_not change { Doorkeeper::AccessToken.count }
|
15
|
-
|
16
|
-
should_have_json 'error', 'invalid_grant'
|
17
|
-
should_have_json 'error_description', translated_error_message(:invalid_grant)
|
18
|
-
expect(response.status).to eq(401)
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
describe 'Resource Owner Assertion Flow', type: :request do
|
24
|
-
before do
|
25
|
-
config_is_set(:resource_owner_from_assertion) { User.where(assertion: params[:assertion]).first }
|
26
|
-
client_exists
|
27
|
-
create_resource_owner
|
28
|
-
end
|
29
|
-
|
30
|
-
context "with invalid client/application information" do
|
31
|
-
|
32
|
-
it "should not create an access token" do
|
33
|
-
expect {
|
34
|
-
post assertion_endpoint_url(
|
35
|
-
client_id: 'not-real',
|
36
|
-
client_secret: 'not-real',
|
37
|
-
redirect_uri: 'http://fake-redirect.com'
|
38
|
-
)
|
39
|
-
}.to_not change { Doorkeeper::AccessToken.count }
|
40
|
-
end
|
41
|
-
end
|
42
|
-
|
43
|
-
context "with missing client/application information" do
|
44
|
-
let(:no_client_params) {
|
45
|
-
{
|
46
|
-
grant_type: "assertion",
|
47
|
-
assertion: @resource_owner.assertion
|
48
|
-
}
|
49
|
-
}
|
50
|
-
|
51
|
-
it "should create an access token" do
|
52
|
-
expect {
|
53
|
-
post "/oauth/token?#{build_query(no_client_params)}"
|
54
|
-
}.to change { Doorkeeper::AccessToken.count }.by(1)
|
55
|
-
end
|
56
|
-
|
57
|
-
context "when client is required as part of assertion lookup" do
|
58
|
-
|
59
|
-
before do
|
60
|
-
config_is_set(:resource_owner_from_assertion) {
|
61
|
-
Doorkeeper::Application.find_by!(uid: params[:client_id])
|
62
|
-
User.where(assertion: params[:assertion]).first
|
63
|
-
}
|
64
|
-
end
|
65
|
-
|
66
|
-
it "should not create an access token" do
|
67
|
-
expect {
|
68
|
-
post "/oauth/token?#{build_query(no_client_params)}"
|
69
|
-
}.to raise_error(ActiveRecord::RecordNotFound)
|
70
|
-
end
|
71
|
-
end
|
72
|
-
end
|
73
|
-
|
74
|
-
context 'with valid user assertion' do
|
75
|
-
it "should issue new token" do
|
76
|
-
expect {
|
77
|
-
post assertion_endpoint_url(client: @client, resource_owner: @resource_owner)
|
78
|
-
}.to change { Doorkeeper::AccessToken.count }.by(1)
|
79
|
-
|
80
|
-
token = Doorkeeper::AccessToken.first
|
81
|
-
|
82
|
-
should_have_json 'access_token', token.token
|
83
|
-
end
|
84
|
-
|
85
|
-
it "should associate the token with the appropriate application" do
|
86
|
-
post assertion_endpoint_url(client: @client, resource_owner: @resource_owner)
|
87
|
-
|
88
|
-
token = Doorkeeper::AccessToken.first
|
89
|
-
|
90
|
-
expect(token.application_id).to eq(@client.id)
|
91
|
-
end
|
92
|
-
|
93
|
-
it "should issue a refresh token if enabled" do
|
94
|
-
config_is_set(:refresh_token_enabled, true)
|
95
|
-
|
96
|
-
post assertion_endpoint_url(client: @client, resource_owner: @resource_owner)
|
97
|
-
|
98
|
-
token = Doorkeeper::AccessToken.first
|
99
|
-
|
100
|
-
should_have_json 'refresh_token', token.refresh_token
|
101
|
-
end
|
102
|
-
|
103
|
-
end
|
104
|
-
|
105
|
-
context "with invalid user assertion" do
|
106
|
-
it "should not issue new token with bad assertion" do
|
107
|
-
expect {
|
108
|
-
post assertion_endpoint_url( client: @client, assertion: 'i_dont_exist' )
|
109
|
-
}.to_not change { Doorkeeper::AccessToken.count }
|
110
|
-
|
111
|
-
should_have_json 'error', 'invalid_grant'
|
112
|
-
should_have_json 'error_description', translated_error_message(:invalid_grant)
|
113
|
-
expect(response.status).to eq(401)
|
114
|
-
end
|
115
|
-
|
116
|
-
it "should not issue new token without assertion" do
|
117
|
-
expect {
|
118
|
-
post assertion_endpoint_url( client: @client )
|
119
|
-
}.to_not change { Doorkeeper::AccessToken.count }
|
120
|
-
|
121
|
-
should_have_json 'error', 'invalid_grant'
|
122
|
-
should_have_json 'error_description', translated_error_message(:invalid_grant)
|
123
|
-
expect(response.status).to eq(401)
|
124
|
-
end
|
125
|
-
|
126
|
-
end
|
127
|
-
end
|