omniauth-cas 1.0.4 → 2.0.0

data/lib/omniauth/strategies/cas/logout_request.rb

@@ -0,0 +1,58 @@
+module OmniAuth
+  module Strategies
+    class CAS
+      class LogoutRequest
+        def initialize(strategy, request)
+          @strategy, @request = strategy, request
+        end
+
+        def call(options = {})
+          @options = options
+
+          begin
+            result = single_sign_out_callback.call(*logout_request)
+          rescue StandardError => err
+            return @strategy.fail! :logout_request, err
+          else
+            result = [200,{},'OK'] if result == true || result.nil?
+          ensure
+            return unless result
+
+            # TODO: Why does ActionPack::Response return [status,headers,body]
+            # when Rack::Response#new wants [body,status,headers]? Additionally,
+            # why does Rack::Response differ in argument order from the usual
+            # Rack-like [status,headers,body] array?
+            return Rack::Response.new(result[2],result[0],result[1]).finish
+          end
+        end
+
+      private
+
+        def logout_request
+          @logout_request ||= begin
+            saml = Nokogiri.parse(@request.params['logoutRequest'])
+            name_id = saml.xpath('//saml:NameID').text
+            sess_idx = saml.xpath('//samlp:SessionIndex').text
+            inject_params(name_id:name_id, session_index:sess_idx)
+            @request
+          end
+        end
+
+        def inject_params(new_params)
+          rack_input = @request.env['rack.input'].read
+          params = Rack::Utils.parse_query(rack_input, '&').merge new_params
+          @request.env['rack.input'] = StringIO.new(Rack::Utils.build_query(params))
+        rescue
+          # A no-op intended to ensure that the ensure block is run
+          raise
+        ensure
+          @request.env['rack.input'].rewind
+        end
+
+        def single_sign_out_callback
+          @options[:on_single_sign_out]
+        end
+      end
+    end
+  end
+end

data/lib/omniauth/strategies/cas/service_ticket_validator.rb

@@ -6,9 +6,10 @@ module OmniAuth
   module Strategies
     class CAS
       class ServiceTicketValidator
-
         VALIDATION_REQUEST_HEADERS = { 'Accept' => '*/*' }
 
+        attr_reader :success_body
+
         # Build a validator from a +configuration+, a
         # +return_to+ URL, and a +ticket+.
         #
@@ -20,6 +21,13 @@ module OmniAuth
           @uri = URI.parse(strategy.service_validate_url(return_to_url, ticket))
         end
 
+        # Executes a network request to process the CAS Service Response
+        def call
+          @response_body = get_service_response_body
+          @success_body = find_authentication_success(@response_body)
+          self
+        end
+
         # Request validation of the ticket from the CAS server's
         # serviceValidate (CAS 2.0) function.
         #
@@ -29,31 +37,39 @@ module OmniAuth
         #
         # @raise any connection errors encountered.
         def user_info
-          parse_user_info( find_authentication_success( get_service_response_body ) )
+          parse_user_info(@success_body)
         end
 
       private
 
+        # Merges attributes with multiple values into an array if support is
+        # enabled (disabled by default)
+        def attribute_value(user_info, attribute, value)
+          if @options.merge_multivalued_attributes && user_info.key?(attribute)
+            Array(user_info[attribute]).push(value)
+          else
+            value
+          end
+        end
+
         # turns an `<cas:authenticationSuccess>` node into a Hash;
         # returns nil if given nil
         def parse_user_info(node)
           return nil if node.nil?
-
           {}.tap do |hash|
             node.children.each do |e|
               node_name = e.name.sub(/^cas:/, '')
-              unless e.kind_of?(Nokogiri::XML::Text) ||
-                     node_name == 'proxies'
+              unless e.kind_of?(Nokogiri::XML::Text) || node_name == 'proxies'
                 # There are no child elements
                 if e.element_children.count == 0
-                  hash[node_name] = e.content
+                  hash[node_name] = attribute_value(hash, node_name, e.content)
                 elsif e.element_children.count
                   # JASIG style extra attributes
                   if node_name == 'attributes'
-                    hash.merge! parse_user_info e
+                    hash.merge!(parse_user_info(e))
                   else
                     hash[node_name] = [] if hash[node_name].nil?
-                    hash[node_name].push parse_user_info e
+                    hash[node_name].push(parse_user_info(e))
                   end
                 end
               end
@@ -93,7 +109,6 @@ module OmniAuth
           end
           result
         end
-
       end
     end
   end

data/omniauth-cas.gemspec

@@ -4,8 +4,8 @@ require File.expand_path('../lib/omniauth/cas/version', __FILE__)
 Gem::Specification.new do |gem|
   gem.authors       = ["Derek Lindahl"]
   gem.email         = ["dlindahl@customink.com"]
-  # gem.description   = %q{TODO: Write a gem description}
   gem.summary       = %q{CAS Strategy for OmniAuth}
+  gem.description   = gem.summary
   gem.homepage      = "https://github.com/dlindahl/omniauth-cas"
 
   gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
@@ -15,16 +15,14 @@ Gem::Specification.new do |gem|
   gem.require_paths = ["lib"]
   gem.version       = Omniauth::Cas::VERSION
 
-  gem.add_dependency 'omniauth',                '~> 1.1.0'
-  gem.add_dependency 'nokogiri',                '~> 1.6'
+  gem.add_dependency 'omniauth',                '~> 1.2'
+  gem.add_dependency 'nokogiri',                '~> 1.5'
   gem.add_dependency 'addressable',             '~> 2.3'
 
-  gem.add_development_dependency 'rake',        '~> 0.9'
-  gem.add_development_dependency 'webmock',     '~> 1.8.11'
-  gem.add_development_dependency 'simplecov',   '~> 0.7.1'
-  gem.add_development_dependency 'rspec',       '~> 2.11'
-  gem.add_development_dependency 'rack-test',   '~> 0.6'
+  gem.add_development_dependency 'rake'
+  gem.add_development_dependency 'webmock'
+  gem.add_development_dependency 'rspec'
+  gem.add_development_dependency 'rack-test'
 
   gem.add_development_dependency 'awesome_print'
-
 end

data/spec/fixtures/cas_success.xml

@@ -10,5 +10,8 @@
     <cas:image>/images/user.jpg</cas:image>
     <cas:phone>555-555-5555</cas:phone>
     <cas:hire_date>2004-07-13</cas:hire_date>
+    <cas:roles>senator</cas:roles>
+    <cas:roles>lobbyist</cas:roles>
+    <cas:roles>financier</cas:roles>
   </cas:authenticationSuccess>
 </cas:serviceResponse>

data/spec/fixtures/cas_success_jasig.xml

@@ -11,6 +11,9 @@
       <cas:image>/images/user.jpg</cas:image>
       <cas:phone>555-555-5555</cas:phone>
       <cas:hire_date>2004-07-13</cas:hire_date>
+      <cas:roles>senator</cas:roles>
+      <cas:roles>lobbyist</cas:roles>
+      <cas:roles>financier</cas:roles>
     </cas:attributes>
   </cas:authenticationSuccess>
 </cas:serviceResponse>

data/spec/omniauth/strategies/cas/logout_request_spec.rb

@@ -0,0 +1,105 @@
+require 'spec_helper'
+
+describe OmniAuth::Strategies::CAS::LogoutRequest do
+  let(:strategy) { double('strategy') }
+  let(:env) do
+    { 'rack.input' => StringIO.new('','r') }
+  end
+  let(:request) { double('request', params:params, env:env) }
+  let(:params) { { 'url' => url, 'logoutRequest' => logoutRequest } }
+  let(:url) { 'http://notes.dev/signed_in' }
+  let(:logoutRequest) do
+    %Q[
+      <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion\" ID="123abc-1234-ab12-cd34-1234abcd" Version="2.0" IssueInstant="#{Time.now.to_s}">
+        <saml:NameID>@NOT_USED@</saml:NameID>
+        <samlp:SessionIndex>ST-123456-123abc456def</samlp:SessionIndex>
+      </samlp:LogoutRequest>
+    ]
+  end
+
+  subject { described_class.new(strategy, request).call(options) }
+
+  describe 'SAML attributes' do
+    let(:callback) { Proc.new{} }
+    let(:options) do
+      { on_single_sign_out: callback }
+    end
+
+    before do
+      @rack_input = nil
+      allow(callback).to receive(:call) do |req|
+        @rack_input = req.env['rack.input'].read
+        true
+      end
+      subject
+    end
+
+    it 'are parsed and injected into the Rack Request parameters' do
+      expect(@rack_input).to eq 'name_id=%40NOT_USED%40&session_index=ST-123456-123abc456def'
+    end
+
+    context 'that raise when parsed' do
+      let(:env) { { 'rack.input' => nil } }
+
+      before do
+        allow(strategy).to receive(:fail!)
+        subject
+        expect(strategy).to have_received(:fail!)
+      end
+
+      it 'responds with an error' do
+        expect(strategy).to have_received(:fail!)
+      end
+    end
+  end
+
+  describe 'with a configured callback' do
+    let(:options) do
+      { on_single_sign_out: callback }
+    end
+
+    let(:response_body) { subject[2].respond_to?(:body) ? subject[2].body : subject[2] }
+
+    context 'that returns TRUE' do
+      let(:callback) { Proc.new{true} }
+
+      it 'responds with OK' do
+        expect(subject[0]).to eq 200
+        expect(response_body).to eq ['OK']
+      end
+    end
+
+    context 'that returns Nil' do
+      let(:callback) { Proc.new{} }
+
+      it 'responds with OK' do
+        expect(subject[0]).to eq 200
+        expect(response_body).to eq ['OK']
+      end
+    end
+
+    context 'that returns a tuple' do
+      let(:callback) { Proc.new{ [400,{},'Bad Request'] } }
+
+      it 'responds with OK' do
+        expect(subject[0]).to eq 400
+        expect(response_body).to eq ['Bad Request']
+      end
+    end
+
+    context 'that raises an error' do
+      let(:exception) { RuntimeError.new('error' )}
+      let(:callback) { Proc.new{raise exception} }
+
+      before do
+        allow(strategy).to receive(:fail!)
+        subject
+      end
+
+      it 'responds with an error' do
+        expect(strategy).to have_received(:fail!)
+          .with(:logout_request, exception)
+      end
+    end
+  end
+end

data/spec/omniauth/strategies/cas/service_ticket_validator_spec.rb

@@ -1,33 +1,74 @@
 require 'spec_helper'
 
 describe OmniAuth::Strategies::CAS::ServiceTicketValidator do
-  let(:strategy_stub) do
-    stub('strategy stub',
+  let(:strategy) do
+    double('strategy',
       service_validate_url: 'https://example.org/serviceValidate'
     )
   end
-
   let(:provider_options) do
-    stub('provider options',
+    double('provider_options',
       disable_ssl_verification?: false,
+      merge_multivalued_attributes: false,
       ca_path: '/etc/ssl/certsZOMG'
     )
   end
-
   let(:validator) do
-    OmniAuth::Strategies::CAS::ServiceTicketValidator.new( strategy_stub, provider_options, '/foo', nil )
+    OmniAuth::Strategies::CAS::ServiceTicketValidator.new( strategy, provider_options, '/foo', nil )
   end
 
-  describe '#user_info' do
-    subject do
-      stub_request(:get, 'https://example.org/serviceValidate?').to_return(status: 200, body: '')
-      validator.user_info
+  describe '#call' do
+    before do
+      stub_request(:get, 'https://example.org/serviceValidate?')
+        .to_return(status: 200, body: '')
     end
 
-    it 'should use the configured CA path' do
-      provider_options.should_receive :ca_path
+    subject { validator.call }
+
+    it 'returns itself' do
+      expect(subject).to eq validator
+    end
 
+    it 'uses the configured CA path' do
       subject
+      expect(provider_options).to have_received :ca_path
+    end
+  end
+
+  describe '#user_info' do
+    let(:ok_fixture) do
+      File.expand_path(File.join(File.dirname(__FILE__), '../../../fixtures/cas_success.xml'))
+    end
+    let(:service_response) { File.read(ok_fixture) }
+
+    before do
+      stub_request(:get, 'https://example.org/serviceValidate?')
+        .to_return(status: 200, body:service_response)
+      validator.call
+    end
+
+    subject { validator.user_info }
+
+    context 'with default settings' do
+      it 'parses user info from the response' do
+        expect(subject).to include 'user' => 'psegel'
+        expect(subject).to include 'roles' => 'financier'
+      end
+    end
+
+    context 'when merging multivalued attributes' do
+      let(:provider_options) do
+        double('provider_options',
+          disable_ssl_verification?: false,
+          merge_multivalued_attributes: true,
+          ca_path: '/etc/ssl/certsZOMG'
+        )
+      end
+
+      it 'parses multivalued user info from the response' do
+        expect(subject).to include 'user' => 'psegel'
+        expect(subject).to include 'roles' => %w[senator lobbyist financier]
+      end
     end
   end
-end
+end

data/spec/omniauth/strategies/cas_spec.rb

@@ -3,11 +3,24 @@ require 'spec_helper'
 describe OmniAuth::Strategies::CAS, type: :strategy do
   include Rack::Test::Methods
 
-  class MyCasProvider < OmniAuth::Strategies::CAS; end # TODO: Not really needed. just an alias but it requires the :name option which might confuse users...
-  def app
+  let(:my_cas_provider) { Class.new(OmniAuth::Strategies::CAS) }
+  before do
+    stub_const 'MyCasProvider', my_cas_provider
+  end
+  let(:app) do
     Rack::Builder.new {
       use OmniAuth::Test::PhonySession
-      use MyCasProvider, name: :cas, host: 'cas.example.org', ssl: false, port: 8080, uid_key: :employeeid
+      use MyCasProvider,
+        name: :cas,
+        host: 'cas.example.org',
+        ssl: false,
+        port: 8080,
+        uid_field: :employeeid,
+        fetch_raw_info: Proc.new { |v, opts, ticket, info, node|
+          info.empty? ? {} : {
+            "roles" => node.xpath('//cas:roles').map(&:text),
+          }
+        }
       run lambda { |env| [404, {'Content-Type' => 'text/plain'}, [env.key?('omniauth.auth').to_s]] }
     }.to_app
   end
@@ -22,13 +35,56 @@ describe OmniAuth::Strategies::CAS, type: :strategy do
 
     it { should be_redirect }
 
-    it 'should redirect to the CAS server' do
-      subject.headers['Location'].should == 'http://cas.example.org:8080/login?' + redirect_params
+    it 'redirects to the CAS server' do
+      expect(subject.headers).to include 'Location' => "http://cas.example.org:8080/login?#{redirect_params}"
+    end
+  end
+
+  describe '#cas_url' do
+    let(:params) { Hash.new }
+    let(:provider) { MyCasProvider.new(nil, params) }
+
+    subject { provider.cas_url }
+
+    it 'raises an ArgumentError' do
+      expect{subject}.to raise_error ArgumentError, %r{:host and :login_url MUST be provided}
+    end
+
+    context 'with an explicit :url option' do
+      let(:url) { 'https://example.org:8080/my_cas' }
+      let(:params) { super().merge url:url }
+
+      before { subject }
+
+      it { should eq url }
+
+      it 'parses the URL into it the appropriate strategy options' do
+        expect(provider.options).to include ssl:true
+        expect(provider.options).to include host:'example.org'
+        expect(provider.options).to include port:8080
+        expect(provider.options).to include path:'/my_cas'
+      end
+    end
+
+    context 'with explicit URL component' do
+      let(:params) { super().merge host:'example.org', port:1234, ssl:true, path:'/a/path' }
+
+      before { subject }
+
+      it { should eq 'https://example.org:1234/a/path' }
+
+      it 'parses the URL into it the appropriate strategy options' do
+        expect(provider.options).to include ssl:true
+        expect(provider.options).to include host:'example.org'
+        expect(provider.options).to include port:1234
+        expect(provider.options).to include path:'/a/path'
+      end
     end
   end
 
   describe 'defaults' do
     subject { MyCasProvider.default_options.to_hash }
+
     it { should include('ssl' => true) }
   end
 
@@ -52,114 +108,154 @@ describe OmniAuth::Strategies::CAS, type: :strategy do
     end
   end
 
-  describe 'GET /auth/cas/callback without a ticket' do
-    before { get '/auth/cas/callback' }
-
-    subject { last_response }
-
-    it { should be_redirect }
+  describe 'GET /auth/cas/callback' do
+    context 'without a ticket' do
+      before { get '/auth/cas/callback' }
 
-    it 'should have a failure message' do
-      subject.headers['Location'].should == '/auth/failure?message=no_ticket&strategy=cas'
-    end
-  end
+      subject { last_response }
 
-  describe 'GET /auth/cas/callback with an invalid ticket' do
-    before do
-      stub_request(:get, /^http:\/\/cas.example.org:8080?\/serviceValidate\?([^&]+&)?ticket=9391d/).
-         to_return( body: File.read('spec/fixtures/cas_failure.xml') )
-      get '/auth/cas/callback?ticket=9391d'
-    end
-
-    subject { last_response }
+      it { should be_redirect }
 
-    it { should be_redirect }
-
-    it 'should have a failure message' do
-      subject.headers['Location'].should == '/auth/failure?message=invalid_ticket&strategy=cas'
+      it 'redirects with a failure message' do
+        expect(subject.headers).to include 'Location' => '/auth/failure?message=no_ticket&strategy=cas'
+      end
     end
-  end
 
-  describe 'GET /auth/cas/callback with a valid ticket' do
-    shared_examples :successful_validation do
+    context 'with an invalid ticket' do
       before do
-        stub_request(:get, /^http:\/\/cas.example.org:8080?\/serviceValidate\?([^&]+&)?ticket=593af/)
-          .with { |request| @request_uri = request.uri.to_s }
-          .to_return( body: File.read("spec/fixtures/#{xml_file_name}") )
-
-        get "/auth/cas/callback?ticket=593af&url=#{return_url}"
+        stub_request(:get, /^http:\/\/cas.example.org:8080?\/serviceValidate\?([^&]+&)?ticket=9391d/).
+           to_return( body: File.read('spec/fixtures/cas_failure.xml') )
+        get '/auth/cas/callback?ticket=9391d'
       end
 
-      it 'should strip the ticket parameter from the callback URL' do
-        @request_uri.scan('ticket=').length.should == 1
-      end
+      subject { last_response }
 
-      it 'should properly encode the service URL' do
-        WebMock.should have_requested(:get, 'http://cas.example.org:8080/serviceValidate')
-          .with(query: {
-            ticket:  '593af',
-            service: 'http://example.org/auth/cas/callback?url=' + Rack::Utils.escape('http://127.0.0.10/?some=parameter')
-          })
-      end
+      it { should be_redirect }
 
-      context "request.env['omniauth.auth']" do
-        subject { last_request.env['omniauth.auth'] }
+      it 'redirects with a failure message' do
+        expect(subject.headers).to include 'Location' => '/auth/failure?message=invalid_ticket&strategy=cas'
+      end
+    end
 
-        it { should be_kind_of Hash }
+    describe 'with a valid ticket' do
+      shared_examples :successful_validation do
+        before do
+          stub_request(:get, /^http:\/\/cas.example.org:8080?\/serviceValidate\?([^&]+&)?ticket=593af/)
+            .with { |request| @request_uri = request.uri.to_s }
+            .to_return( body: File.read("spec/fixtures/#{xml_file_name}") )
 
-        its(:provider) { should == :cas }
+          get "/auth/cas/callback?ticket=593af&url=#{return_url}"
+        end
 
-        its(:uid) { should == '54'}
+        it 'strips the ticket parameter from the callback URL' do
+          expect(@request_uri.scan('ticket=').size).to eq 1
+        end
 
-        context 'the info hash' do
-          subject { last_request.env['omniauth.auth']['info'] }
+        it 'properly encodes the service URL' do
+          expect(WebMock).to have_requested(:get, 'http://cas.example.org:8080/serviceValidate')
+            .with(query: {
+              ticket:  '593af',
+              service: 'http://example.org/auth/cas/callback?url=' + Rack::Utils.escape('http://127.0.0.10/?some=parameter')
+            })
+        end
 
-          it { should have(6).items }
+        context "request.env['omniauth.auth']" do
+          subject { last_request.env['omniauth.auth'] }
+
+          it { should be_kind_of Hash }
+
+          it 'identifes the provider' do
+            expect(subject.provider).to eq :cas
+          end
+
+          it 'returns the UID of the user' do
+            expect(subject.uid).to eq '54'
+          end
+
+          context 'the info hash' do
+            subject { last_request.env['omniauth.auth']['info'] }
+
+            it 'includes user info attributes' do
+              expect(subject.name).to eq 'Peter Segel'
+              expect(subject.first_name).to eq 'Peter'
+              expect(subject.last_name).to eq 'Segel'
+              expect(subject.nickname).to eq 'psegel'
+              expect(subject.email).to eq 'psegel@intridea.com'
+              expect(subject.location).to eq 'Washington, D.C.'
+              expect(subject.image).to eq '/images/user.jpg'
+              expect(subject.phone).to eq '555-555-5555'
+            end
+          end
+
+          context 'the extra hash' do
+            subject { last_request.env['omniauth.auth']['extra'] }
+
+            it 'includes additional user attributes' do
+              expect(subject.user).to eq 'psegel'
+              expect(subject.employeeid).to eq '54'
+              expect(subject.hire_date).to eq '2004-07-13'
+              expect(subject.roles).to eq %w(senator lobbyist financier)
+            end
+          end
+
+          context 'the credentials hash' do
+            subject { last_request.env['omniauth.auth']['credentials'] }
+
+            it 'has a ticket value' do
+              expect(subject.ticket).to eq '593af'
+            end
+          end
+        end
 
-          its(:name)       { should == 'Peter Segel' }
-          its(:first_name) { should == 'Peter' }
-          its(:last_name)  { should == 'Segel' }
-          its(:email)      { should == 'psegel@intridea.com' }
-          its(:location)   { should == 'Washington, D.C.' }
-          its(:image)      { should == '/images/user.jpg' }
-          its(:phone)      { should == '555-555-5555' }
+        it 'calls through to the master app' do
+          expect(last_response.body).to eq 'true'
         end
+      end
 
-        context 'the extra hash' do
-          subject { last_request.env['omniauth.auth']['extra'] }
+      let(:return_url) { 'http://127.0.0.10/?some=parameter' }
 
-          it { should have(3).items }
+      context 'with JASIG flavored XML' do
+        let(:xml_file_name) { 'cas_success_jasig.xml' }
 
-          its(:user)       { should == 'psegel' }
-          its(:employeeid) { should == '54' }
-          its(:hire_date)  { should == '2004-07-13' }
-        end
+        it_behaves_like :successful_validation
+      end
 
-        context 'the credentials hash' do
-          subject { last_request.env['omniauth.auth']['credentials'] }
+      context 'with classic XML' do
+        let(:xml_file_name) { 'cas_success.xml' }
 
-          it { should have(1).items }
+        it_behaves_like :successful_validation
+      end
+    end
+  end
 
-          its(:ticket) { should == '593af' }
-        end
+  describe 'POST /auth/cas/callback' do
+    describe 'with a Single Sign-Out logoutRequest' do
+      let(:logoutRequest) do
+        %Q[
+          <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion\" ID="123abc-1234-ab12-cd34-1234abcd" Version="2.0" IssueInstant="#{Time.now.to_s}">
+            <saml:NameID>@NOT_USED@</saml:NameID>
+            <samlp:SessionIndex>ST-123456-123abc456def</samlp:SessionIndex>
+          </samlp:LogoutRequest>
+        ]
       end
 
-      it 'should call through to the master app' do
-        last_response.body.should == 'true'
+      let(:logout_request) { double('logout_request', call:[200,{},'OK']) }
+
+      subject do
+        post 'auth/cas/callback', logoutRequest:logoutRequest
       end
-    end
 
-    let(:return_url) { 'http://127.0.0.10/?some=parameter' }
+      before do
+        allow_any_instance_of(MyCasProvider)
+          .to receive(:logout_request_service)
+          .and_return double('LogoutRequest', new:logout_request)
 
-    context 'with JASIG flavored XML' do
-      let(:xml_file_name) { 'cas_success_jasig.xml' }
-      it_behaves_like :successful_validation
-    end
+        subject
+      end
 
-    context 'with classic XML' do
-      let(:xml_file_name) { 'cas_success.xml' }
-      it_behaves_like :successful_validation
+      it 'initializes a LogoutRequest' do
+        expect(logout_request).to have_received :call
+      end
     end
   end
-
 end