omniauth-facebook 1.4.0 → 1.4.1

data/Rakefile

@@ -1,6 +1,8 @@
 require 'bundler/gem_tasks'
-require 'rspec/core/rake_task'
+require 'rake/testtask'
 
-RSpec::Core::RakeTask.new(:spec)
+Rake::TestTask.new do |task|
+  task.libs << 'test'
+end
 
-task :default => :spec
+task :default => :test

data/example/Gemfile.lock

@@ -1,27 +1,32 @@
 PATH
   remote: ../
   specs:
-    omniauth-facebook (1.3.0)
-      omniauth-oauth2 (~> 1.0.2)
+    omniauth-facebook (1.4.0)
+      omniauth-oauth2 (~> 1.1.0)
 
 GEM
   remote: http://rubygems.org/
   specs:
-    faraday (0.8.0)
+    faraday (0.8.1)
       multipart-post (~> 1.1)
     hashie (1.2.0)
     httpauth (0.1)
-    multi_json (1.3.4)
+    json (1.7.3)
+    jwt (0.1.4)
+      json (>= 1.2.4)
+    multi_json (1.3.6)
     multipart-post (1.1.5)
-    oauth2 (0.6.1)
-      faraday (~> 0.7)
+    oauth2 (0.8.0)
+      faraday (~> 0.8)
       httpauth (~> 0.1)
-      multi_json (~> 1.3)
+      jwt (~> 0.1.4)
+      multi_json (~> 1.0)
+      rack (~> 1.2)
     omniauth (1.1.0)
       hashie (~> 1.2)
       rack
-    omniauth-oauth2 (1.0.2)
-      oauth2 (~> 0.6.0)
+    omniauth-oauth2 (1.1.0)
+      oauth2 (~> 0.8.0)
       omniauth (~> 1.0)
     rack (1.4.1)
     rack-protection (1.2.0)

data/lib/omniauth/facebook/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module Facebook
-    VERSION = "1.4.0"
+    VERSION = "1.4.1"
   end
 end

data/lib/omniauth/strategies/facebook.rb

@@ -120,7 +120,15 @@ module OmniAuth
       #
       def authorize_params
         super.tap do |params|
-          %w[display state scope].each { |v| params[v.to_sym] = request.params[v] if request.params[v] }
+          %w[display state scope].each do |v|
+            if request.params[v]
+              params[v.to_sym] = request.params[v]
+
+              # to support omniauth-oauth2's auto csrf protection
+              session['omniauth.state'] = params[:state] if v == 'state'
+            end
+          end
+
           params[:scope] ||= DEFAULT_SCOPE
         end
       end

data/omniauth-facebook.gemspec

@@ -15,8 +15,9 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
   s.require_paths = ['lib']
 
-  s.add_runtime_dependency 'omniauth-oauth2', '~> 1.0.2'
+  s.add_runtime_dependency 'omniauth-oauth2', '~> 1.1.0'
 
-  s.add_development_dependency 'rspec', '~> 2'
+  s.add_development_dependency 'minitest'
+  s.add_development_dependency 'mocha'
   s.add_development_dependency 'rake'
 end

data/test/helper.rb

@@ -0,0 +1,54 @@
+require 'bundler/setup'
+require 'minitest/autorun'
+require 'mocha'
+require 'omniauth/strategies/facebook'
+
+OmniAuth.config.test_mode = true
+
+module BlockTestHelper
+  def test(name, &blk)
+    method_name = "test_#{name.gsub(/\s+/, '_')}"
+    raise "Method already defined: #{method_name}" if instance_methods.include?(method_name.to_sym)
+    define_method method_name, &blk
+  end
+end
+
+module CustomAssertions
+  def assert_has_key(key, hash, msg = nil)
+    msg = message(msg) { "Expected #{hash.inspect} to have key #{key.inspect}" }
+    assert hash.has_key?(key), msg
+  end
+
+  def refute_has_key(key, hash, msg = nil)
+    msg = message(msg) { "Expected #{hash.inspect} not to have key #{key.inspect}" }
+    refute hash.has_key?(key), msg
+  end
+end
+
+class TestCase < MiniTest::Unit::TestCase
+  extend BlockTestHelper
+  include CustomAssertions
+end
+
+class StrategyTestCase < TestCase
+  def setup
+    @request = stub('Request')
+    @request.stubs(:params).returns({})
+    @request.stubs(:cookies).returns({})
+    @request.stubs(:env).returns({})
+
+    @client_id = '123'
+    @client_secret = '53cr3tz'
+  end
+
+  def strategy
+    @strategy ||= begin
+      args = [@client_id, @client_secret, @options].compact
+      OmniAuth::Strategies::Facebook.new(nil, *args).tap do |strategy|
+        strategy.stubs(:request).returns(@request)
+      end
+    end
+  end
+end
+
+Dir[File.expand_path('../support/**/*', __FILE__)].each &method(:require)

data/test/support/shared_examples.rb

@@ -0,0 +1,85 @@
+# NOTE it would be useful if this lived in omniauth-oauth2 eventually
+module OAuth2StrategyTests
+  def self.included(base)
+    base.class_eval do
+      include ClientTests
+      include AuthorizeParamsTests
+      include CSRFAuthorizeParamsTests
+      include TokenParamsTests
+    end
+  end
+  
+  module ClientTests
+    extend BlockTestHelper
+    
+    test 'should be initialized with symbolized client_options' do
+      @options = { :client_options => { 'authorize_url' => 'https://example.com' } }
+      assert_equal 'https://example.com', strategy.client.options[:authorize_url]
+    end
+  end
+
+  module AuthorizeParamsTests
+    extend BlockTestHelper
+    
+    test 'should include any authorize params passed in the :authorize_params option' do
+      @options = { :authorize_params => { :foo => 'bar', :baz => 'zip' } }
+      assert_equal 'bar', strategy.authorize_params['foo']
+      assert_equal 'zip', strategy.authorize_params['baz']
+    end
+
+    test 'should include top-level options that are marked as :authorize_options' do
+      @options = { :authorize_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
+      assert_equal 'bar', strategy.authorize_params['scope']
+      assert_equal 'baz', strategy.authorize_params['foo']
+    end
+    
+    test 'should exclude top-level options that are not passed' do
+      @options = { :authorize_options => [:bar] }
+      refute_has_key :bar, strategy.authorize_params
+      refute_has_key 'bar', strategy.authorize_params
+    end
+  end
+
+  module CSRFAuthorizeParamsTests
+    extend BlockTestHelper
+
+    test 'should store random state in the session when none is present in authorize or request params' do
+      assert_includes strategy.authorize_params.keys, 'state'
+      refute_empty strategy.authorize_params['state']
+      refute_empty strategy.session['omniauth.state']
+      assert_equal strategy.authorize_params['state'], strategy.session['omniauth.state']
+    end
+
+    test 'should store state in the session when present in authorize params vs. a random one' do
+      @options = { :authorize_params => { :state => 'bar' } }
+      refute_empty strategy.authorize_params['state']
+      assert_equal 'bar', strategy.authorize_params[:state]
+      refute_empty strategy.session['omniauth.state']
+      assert_equal 'bar', strategy.session['omniauth.state']
+    end
+
+    test 'should store state in the session when present in request params vs. a random one' do
+      @request.stubs(:params).returns({ 'state' => 'foo' })
+      refute_empty strategy.authorize_params['state']
+      assert_equal 'foo', strategy.authorize_params[:state]
+      refute_empty strategy.session['omniauth.state']
+      assert_equal 'foo', strategy.session['omniauth.state']
+    end
+  end
+
+  module TokenParamsTests
+    extend BlockTestHelper
+    
+    test 'should include any authorize params passed in the :token_params option' do
+      @options = { :token_params => { :foo => 'bar', :baz => 'zip' } }
+      assert_equal 'bar', strategy.token_params['foo']
+      assert_equal 'zip', strategy.token_params['baz']
+    end
+
+    test 'should include top-level options that are marked as :token_options' do
+      @options = { :token_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
+      assert_equal 'bar', strategy.token_params['scope']
+      assert_equal 'baz', strategy.token_params['foo']
+    end
+  end
+end

data/test/test.rb

@@ -0,0 +1,494 @@
+require 'helper'
+require 'omniauth-facebook'
+require 'openssl'
+require 'base64'
+
+class StrategyTest < StrategyTestCase
+  include OAuth2StrategyTests
+end
+
+class ClientTest < StrategyTestCase
+  test 'has correct Facebook site' do
+    assert_equal 'https://graph.facebook.com', strategy.client.site
+  end
+
+  test 'has correct authorize url' do
+    assert_equal '/oauth/authorize', strategy.client.options[:authorize_url]
+  end
+
+  test 'has correct token url' do
+    assert_equal '/oauth/access_token', strategy.client.options[:token_url]
+  end
+end
+
+class CallbackUrlTest < StrategyTestCase
+  test "returns the default callback url" do
+    url_base = 'http://auth.request.com'
+    @request.stubs(:url).returns("#{url_base}/some/page")
+    strategy.stubs(:script_name).returns('') # as not to depend on Rack env
+    assert_equal "#{url_base}/auth/facebook/callback", strategy.callback_url
+  end
+
+  test "returns path from callback_path option" do
+    @options = { :callback_path => "/auth/FB/done"}
+    url_base = 'http://auth.request.com'
+    @request.stubs(:url).returns("#{url_base}/page/path")
+    strategy.stubs(:script_name).returns('') # as not to depend on Rack env
+    assert_equal "#{url_base}/auth/FB/done", strategy.callback_url
+  end
+
+  test "returns url from callback_url option" do
+    url = 'https://auth.myapp.com/auth/fb/callback'
+    @options = { :callback_url => url }
+    assert_equal url, strategy.callback_url
+  end
+end
+
+class AuthorizeParamsTest < StrategyTestCase
+  test 'includes default scope for email' do
+    assert strategy.authorize_params.is_a?(Hash)
+    assert_equal 'email', strategy.authorize_params[:scope]
+  end
+
+  test 'includes display parameter from request when present' do
+    @request.stubs(:params).returns({ 'display' => 'touch' })
+    assert strategy.authorize_params.is_a?(Hash)
+    assert_equal 'touch', strategy.authorize_params[:display]
+  end
+
+  test 'includes state parameter from request when present' do
+    @request.stubs(:params).returns({ 'state' => 'some_state' })
+    assert strategy.authorize_params.is_a?(Hash)
+    assert_equal 'some_state', strategy.authorize_params[:state]
+  end
+
+  test 'overrides default scope with parameter passed from request' do
+    @request.stubs(:params).returns({ 'scope' => 'email' })
+    assert strategy.authorize_params.is_a?(Hash)
+    assert_equal 'email', strategy.authorize_params[:scope]
+  end
+end
+
+class TokeParamsTest < StrategyTestCase
+  test 'has correct parse strategy' do
+    assert_equal :query, strategy.token_params[:parse]
+  end
+end
+
+class AccessTokenOptionsTest < StrategyTestCase
+  test 'has correct param name by default' do
+    assert_equal 'access_token', strategy.access_token_options[:param_name]
+  end
+
+  test 'has correct header format by default' do
+    assert_equal 'OAuth %s', strategy.access_token_options[:header_format]
+  end
+end
+
+class UidTest < StrategyTestCase
+  def setup
+    super
+    strategy.stubs(:raw_info).returns({ 'id' => '123' })
+  end
+
+  test 'returns the id from raw_info' do
+    assert_equal '123', strategy.uid
+  end
+end
+
+class InfoTest < StrategyTestCase
+  test 'returns the secure facebook avatar url when `secure_image_url` option is specified' do
+    @options = { :secure_image_url => true }
+    raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
+    strategy.stubs(:raw_info).returns(raw_info)
+    assert_equal 'https://graph.facebook.com/321/picture?type=square', strategy.info['image']
+  end
+
+  test 'returns the image size specified in the `image_size` option' do
+    @options = { :image_size => 'normal' }
+    raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
+    strategy.stubs(:raw_info).returns(raw_info)
+    assert_equal 'http://graph.facebook.com/321/picture?type=normal', strategy.info['image']
+  end
+end
+
+class InfoTestOptionalDataPresent < StrategyTestCase
+  def setup
+    super
+    @raw_info ||= { 'name' => 'Fred Smith' }
+    strategy.stubs(:raw_info).returns(@raw_info)
+  end
+
+  test 'returns the name' do
+    assert_equal 'Fred Smith', strategy.info['name']
+  end
+
+  test 'returns the email' do
+    @raw_info['email'] = 'fred@smith.com'
+    assert_equal 'fred@smith.com', strategy.info['email']
+  end
+
+  test 'returns the username as nickname' do
+    @raw_info['username'] = 'fredsmith'
+    assert_equal 'fredsmith', strategy.info['nickname']
+  end
+
+  test 'returns the first name' do
+    @raw_info['first_name'] = 'Fred'
+    assert_equal 'Fred', strategy.info['first_name']
+  end
+
+  test 'returns the last name' do
+    @raw_info['last_name'] = 'Smith'
+    assert_equal 'Smith', strategy.info['last_name']
+  end
+
+  test 'returns the location name as location' do
+    @raw_info['location'] = { 'id' => '104022926303756', 'name' => 'Palo Alto, California' }
+    assert_equal 'Palo Alto, California', strategy.info['location']
+  end
+
+  test 'returns bio as description' do
+    @raw_info['bio'] = 'I am great'
+    assert_equal 'I am great', strategy.info['description']
+  end
+
+  test 'returns the square format facebook avatar url' do
+    @raw_info['id'] = '321'
+    assert_equal 'http://graph.facebook.com/321/picture?type=square', strategy.info['image']
+  end
+
+  test 'returns the Facebook link as the Facebook url' do
+    @raw_info['link'] = 'http://www.facebook.com/fredsmith'
+    assert_kind_of Hash, strategy.info['urls']
+    assert_equal 'http://www.facebook.com/fredsmith', strategy.info['urls']['Facebook']
+  end
+
+  test 'returns website url' do
+    @raw_info['website'] = 'https://my-wonderful-site.com'
+    assert_kind_of Hash, strategy.info['urls']
+    assert_equal 'https://my-wonderful-site.com', strategy.info['urls']['Website']
+  end
+
+  test 'return both Facebook link and website urls' do
+    @raw_info['link'] = 'http://www.facebook.com/fredsmith'
+    @raw_info['website'] = 'https://my-wonderful-site.com'
+    assert_kind_of Hash, strategy.info['urls']
+    assert_equal 'http://www.facebook.com/fredsmith', strategy.info['urls']['Facebook']
+    assert_equal 'https://my-wonderful-site.com', strategy.info['urls']['Website']
+  end
+
+  test 'returns the positive verified status' do
+    @raw_info['verified'] = true
+    assert strategy.info['verified']
+  end
+
+  test 'returns the negative verified status' do
+    @raw_info['verified'] = false
+    refute strategy.info['verified']
+  end
+end
+
+class InfoTestOptionalDataNotPresent < StrategyTestCase
+  def setup
+    super
+    @raw_info ||= { 'name' => 'Fred Smith' }
+    strategy.stubs(:raw_info).returns(@raw_info)
+  end
+
+  test 'has no email key' do
+    refute_has_key 'email', strategy.info
+  end
+
+  test 'has no nickname key' do
+    refute_has_key 'nickname', strategy.info
+  end
+
+  test 'has no first name key' do
+    refute_has_key 'first_name', strategy.info
+  end
+
+  test 'has no last name key' do
+    refute_has_key 'last_name', strategy.info
+  end
+
+  test 'has no location key' do
+    refute_has_key 'location', strategy.info
+  end
+
+  test 'has no description key' do
+    refute_has_key 'description', strategy.info
+  end
+
+  test 'has no urls' do
+    refute_has_key 'urls', strategy.info
+  end
+
+  test 'has no verified key' do
+    refute_has_key 'verified', strategy.info
+  end
+end
+
+class RawInfoTest < StrategyTestCase
+  def setup
+    super
+    @access_token = stub('OAuth2::AccessToken')
+  end
+
+  test 'performs a GET to https://graph.facebook.com/me' do
+    strategy.stubs(:access_token).returns(@access_token)
+    @access_token.expects(:get).with('/me').returns(stub_everything('OAuth2::Response'))
+    strategy.raw_info
+  end
+
+  test 'returns a Hash' do
+    strategy.stubs(:access_token).returns(@access_token)
+    raw_response = stub('Faraday::Response')
+    raw_response.stubs(:body).returns('{ "ohai": "thar" }')
+    raw_response.stubs(:status).returns(200)
+    raw_response.stubs(:headers).returns({'Content-Type' => 'application/json' })
+    oauth2_response = OAuth2::Response.new(raw_response)
+    @access_token.stubs(:get).with('/me').returns(oauth2_response)
+    assert_kind_of Hash, strategy.raw_info
+    assert_equal 'thar', strategy.raw_info['ohai']
+  end
+
+  test 'returns an empty hash when the response is false' do
+    strategy.stubs(:access_token).returns(@access_token)
+    oauth2_response = stub('OAuth2::Response', :parsed => false)
+    @access_token.stubs(:get).with('/me').returns(oauth2_response)
+    assert_kind_of Hash, strategy.raw_info
+  end
+
+  test 'should not include raw_info in extras hash when skip_info is specified' do
+    @options = { :skip_info => true }
+    strategy.stubs(:raw_info).returns({:foo => 'bar' })
+    refute_has_key 'raw_info', strategy.extra
+  end
+end
+
+class CredentialsTest < StrategyTestCase
+  def setup
+    super
+    @access_token = stub('OAuth2::AccessToken')
+    @access_token.stubs(:token)
+    @access_token.stubs(:expires?)
+    @access_token.stubs(:expires_at)
+    @access_token.stubs(:refresh_token)
+    strategy.stubs(:access_token).returns(@access_token)
+  end
+
+  test 'returns a Hash' do
+    assert_kind_of Hash, strategy.credentials
+  end
+
+  test 'returns the token' do
+    @access_token.stubs(:token).returns('123')
+    assert_equal '123', strategy.credentials['token']
+  end
+
+  test 'returns the expiry status' do
+    @access_token.stubs(:expires?).returns(true)
+    assert strategy.credentials['expires']
+
+    @access_token.stubs(:expires?).returns(false)
+    refute strategy.credentials['expires']
+  end
+
+  test 'returns the refresh token and expiry time when expiring' do
+    ten_mins_from_now = (Time.now + 600).to_i
+    @access_token.stubs(:expires?).returns(true)
+    @access_token.stubs(:refresh_token).returns('321')
+    @access_token.stubs(:expires_at).returns(ten_mins_from_now)
+    assert_equal '321', strategy.credentials['refresh_token']
+    assert_equal ten_mins_from_now, strategy.credentials['expires_at']
+  end
+
+  test 'does not return the refresh token when test is nil and expiring' do
+    @access_token.stubs(:expires?).returns(true)
+    @access_token.stubs(:refresh_token).returns(nil)
+    assert_nil strategy.credentials['refresh_token']
+    refute_has_key 'refresh_token', strategy.credentials
+  end
+
+  test 'does not return the refresh token when not expiring' do
+    @access_token.stubs(:expires?).returns(false)
+    @access_token.stubs(:refresh_token).returns('XXX')
+    assert_nil strategy.credentials['refresh_token']
+    refute_has_key 'refresh_token', strategy.credentials
+  end
+end
+
+class ExtraTest < StrategyTestCase
+  def setup
+    super
+    @raw_info = { 'name' => 'Fred Smith' }
+    strategy.stubs(:raw_info).returns(@raw_info)
+  end
+
+  test 'returns a Hash' do
+    assert_kind_of Hash, strategy.extra
+  end
+
+  test 'contains raw info' do
+    assert_equal({ 'raw_info' => @raw_info }, strategy.extra)
+  end
+end
+
+module SignedRequestHelpers
+  def signed_request(payload, secret)
+    encoded_payload = base64_encode_url(MultiJson.encode(payload))
+    encoded_signature = base64_encode_url(signature(encoded_payload, secret))
+    [encoded_signature, encoded_payload].join('.')
+  end
+
+  def base64_encode_url(value)
+    Base64.encode64(value).tr('+/', '-_').gsub(/\n/, '')
+  end
+
+  def signature(payload, secret, algorithm = OpenSSL::Digest::SHA256.new)
+    OpenSSL::HMAC.digest(algorithm, secret, payload)
+  end
+end
+
+module SignedRequestTests
+  class TestCase < StrategyTestCase
+    include SignedRequestHelpers
+  end
+
+  class CookieAndParamNotPresentTest < TestCase
+    test 'is nil' do
+      assert_nil strategy.send(:signed_request)
+    end
+  end
+
+  class CookiePresentTest < TestCase
+    def setup
+      super
+      @payload = {
+        'algorithm' => 'HMAC-SHA256',
+        'code' => 'm4c0d3z',
+        'issued_at' => Time.now.to_i,
+        'user_id' => '123456'
+      }
+
+      @request.stubs(:cookies).returns({"fbsr_#{@client_id}" => signed_request(@payload, @client_secret)})
+    end
+
+    test 'parses the access code out from the cookie' do
+      assert_equal @payload, strategy.send(:signed_request)
+    end
+  end
+
+  class ParamPresentTest < TestCase
+    def setup
+      super
+      @payload = {
+        'algorithm' => 'HMAC-SHA256',
+        'oauth_token' => 'XXX',
+        'issued_at' => Time.now.to_i,
+        'user_id' => '123456'
+      }
+
+      @request.stubs(:params).returns({'signed_request' => signed_request(@payload, @client_secret)})
+    end
+
+    test 'parses the access code out from the param' do
+      assert_equal @payload, strategy.send(:signed_request)
+    end
+  end
+
+  class CookieAndParamPresentTest < TestCase
+    def setup
+      super
+      @payload_from_cookie = {
+        'algorithm' => 'HMAC-SHA256',
+        'from' => 'cookie'
+      }
+
+      @request.stubs(:cookies).returns({"fbsr_#{@client_id}" => signed_request(@payload_from_cookie, @client_secret)})
+
+      @payload_from_param = {
+        'algorithm' => 'HMAC-SHA256',
+        'from' => 'param'
+      }
+
+      @request.stubs(:params).returns({'signed_request' => signed_request(@payload_from_param, @client_secret)})
+    end
+
+    test 'picks param over cookie' do
+      assert_equal @payload_from_param, strategy.send(:signed_request)
+    end
+  end
+end
+
+class RequestPhaseWithSignedRequestTest < StrategyTestCase
+  include SignedRequestHelpers
+
+  def setup
+    super
+
+    payload = {
+      'algorithm' => 'HMAC-SHA256',
+      'oauth_token' => 'm4c0d3z'
+    }
+    @raw_signed_request = signed_request(payload, @client_secret)
+    @request.stubs(:params).returns("signed_request" => @raw_signed_request)
+
+    strategy.stubs(:callback_url).returns('/')
+  end
+
+  test 'redirects to callback passing along signed request' do
+    strategy.expects(:redirect).with("/?signed_request=#{Rack::Utils.escape(@raw_signed_request)}").once
+    strategy.request_phase
+  end
+end
+
+module BuildAccessTokenTests
+  class TestCase < StrategyTestCase
+    include SignedRequestHelpers
+  end
+
+  class ParamsContainSignedRequestWithAccessTokenTest < TestCase
+    def setup
+      super
+
+      @payload = {
+        'algorithm' => 'HMAC-SHA256',
+        'oauth_token' => 'm4c0d3z',
+        'expires' => Time.now.to_i
+      }
+      @raw_signed_request = signed_request(@payload, @client_secret)
+      @request.stubs(:params).returns({"signed_request" => @raw_signed_request})
+
+      strategy.stubs(:callback_url).returns('/')
+    end
+
+    test 'returns a new access token from the signed request' do
+      result = strategy.build_access_token
+      assert_kind_of ::OAuth2::AccessToken, result
+      assert_equal @payload['oauth_token'], result.token
+    end
+
+    test 'returns an access token with the correct expiry time' do
+      result = strategy.build_access_token
+      assert_equal @payload['expires'], result.expires_at
+    end
+  end
+
+  class ParamsContainAccessTokenStringTest < TestCase
+    def setup
+      super
+
+      @request.stubs(:params).returns({'access_token' => 'm4c0d3z'})
+
+      strategy.stubs(:callback_url).returns('/')
+    end
+
+    test 'returns a new access token' do
+      result = strategy.build_access_token
+      assert_kind_of ::OAuth2::AccessToken, result
+      assert_equal 'm4c0d3z', result.token
+    end
+  end
+end