From 6b9ef3762b303283d711d3b92cd26abc38fe4557 Mon Sep 17 00:00:00 2001 From: Imre Farkas Date: Sat, 23 Feb 2019 19:18:44 +0100 Subject: [PATCH 1/2] Filter active sessions belonging to an admin impersonating the user --- .../profiles/active_sessions_controller.rb | 2 +- app/models/active_session.rb | 6 +++-- .../features/profiles/active_sessions_spec.rb | 23 +++++++++++++++++++ spec/models/active_session_spec.rb | 5 +++- 4 files changed, 32 insertions(+), 4 deletions(-) diff --git a/app/controllers/profiles/active_sessions_controller.rb b/app/controllers/profiles/active_sessions_controller.rb index efe7ede5efa..6cf7a120449 100644 --- a/app/controllers/profiles/active_sessions_controller.rb +++ b/app/controllers/profiles/active_sessions_controller.rb @@ -2,7 +2,7 @@ class Profiles::ActiveSessionsController < Profiles::ApplicationController def index - @sessions = ActiveSession.list(current_user) + @sessions = ActiveSession.list(current_user).reject(&:is_impersonated) end def destroy diff --git a/app/models/active_session.rb b/app/models/active_session.rb index 0d9c6a4a1f0..1e01f1d17e6 100644 --- a/app/models/active_session.rb +++ b/app/models/active_session.rb @@ -5,7 +5,8 @@ class ActiveSession attr_accessor :created_at, :updated_at, :session_id, :ip_address, - :browser, :os, :device_name, :device_type + :browser, :os, :device_name, :device_type, + :is_impersonated def current?(session) return false if session_id.nil? || session.id.nil? @@ -31,7 +32,8 @@ class ActiveSession device_type: client.device_type, created_at: user.current_sign_in_at || timestamp, updated_at: timestamp, - session_id: session_id + session_id: session_id, + is_impersonated: request.session[:impersonator_id].present? ) redis.pipelined do diff --git a/spec/features/profiles/active_sessions_spec.rb b/spec/features/profiles/active_sessions_spec.rb index d3050760c06..3fd3222fa0a 100644 --- a/spec/features/profiles/active_sessions_spec.rb +++ b/spec/features/profiles/active_sessions_spec.rb @@ -7,6 +7,8 @@ describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state do end end + let(:admin) { create(:admin) } + around do |example| Timecop.freeze(Time.zone.parse('2018-03-12 09:06')) do example.run @@ -16,6 +18,7 @@ describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state do it 'User sees their active sessions' do Capybara::Session.new(:session1) Capybara::Session.new(:session2) + Capybara::Session.new(:session3) # note: headers can only be set on the non-js (aka. rack-test) driver using_session :session1 do @@ -37,9 +40,27 @@ describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state do gitlab_sign_in(user) end + # set an admin session impersonating the user + using_session :session3 do + Capybara.page.driver.header( + 'User-Agent', + 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36' + ) + + gitlab_sign_in(admin) + + visit admin_user_path(user) + + click_link 'Impersonate' + end + using_session :session1 do visit profile_active_sessions_path + expect(page).to( + have_selector('ul.list-group li.list-group-item', { text: 'Signed in on', + count: 2 })) + expect(page).to have_content( '127.0.0.1 ' \ 'This is your current session ' \ @@ -57,6 +78,8 @@ describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state do ) expect(page).to have_selector '[title="Smartphone"]', count: 1 + + expect(page).not_to have_content('Chrome on Windows') end end diff --git a/spec/models/active_session_spec.rb b/spec/models/active_session_spec.rb index 129b2f92683..e128fe8a4b7 100644 --- a/spec/models/active_session_spec.rb +++ b/spec/models/active_session_spec.rb @@ -7,7 +7,10 @@ RSpec.describe ActiveSession, :clean_gitlab_redis_shared_state do end end - let(:session) { double(:session, id: '6919a6f1bb119dd7396fadc38fd18d0d') } + let(:session) do + double(:session, { id: '6919a6f1bb119dd7396fadc38fd18d0d', + '[]': {} }) + end let(:request) do double(:request, { -- GitLab From 1e7ffc9673bdfe8034ab674eed506ed5b8ba2590 Mon Sep 17 00:00:00 2001 From: Imre Farkas Date: Mon, 25 Feb 2019 14:52:40 +0100 Subject: [PATCH 2/2] Remove ability to revoke active session Session ID is used as a parameter for the revoke session endpoint but it should never be included in the HTML as an attacker could obtain it via XSS. --- .../profiles/active_sessions_controller.rb | 9 ------ .../active_sessions/_active_session.html.haml | 6 ---- .../57534_filter_impersonated_sessions.yml | 6 ++++ doc/user/profile/active_sessions.md | 8 +----- doc/user/profile/img/active_sessions_list.png | Bin 22266 -> 19360 bytes .../features/profiles/active_sessions_spec.rb | 27 ------------------ 6 files changed, 7 insertions(+), 49 deletions(-) create mode 100644 changelogs/unreleased/57534_filter_impersonated_sessions.yml diff --git a/app/controllers/profiles/active_sessions_controller.rb b/app/controllers/profiles/active_sessions_controller.rb index 6cf7a120449..c473023cacb 100644 --- a/app/controllers/profiles/active_sessions_controller.rb +++ b/app/controllers/profiles/active_sessions_controller.rb @@ -4,13 +4,4 @@ class Profiles::ActiveSessionsController < Profiles::ApplicationController def index @sessions = ActiveSession.list(current_user).reject(&:is_impersonated) end - - def destroy - ActiveSession.destroy(current_user, params[:id]) - - respond_to do |format| - format.html { redirect_to profile_active_sessions_url, status: :found } - format.js { head :ok } - end - end end diff --git a/app/views/profiles/active_sessions/_active_session.html.haml b/app/views/profiles/active_sessions/_active_session.html.haml index 23ef31a0c85..2bf514d72a5 100644 --- a/app/views/profiles/active_sessions/_active_session.html.haml +++ b/app/views/profiles/active_sessions/_active_session.html.haml @@ -23,9 +23,3 @@ %strong Signed in on = l(active_session.created_at, format: :short) - - - unless is_current_session - .float-right - = link_to profile_active_session_path(active_session.session_id), data: { confirm: 'Are you sure? The device will be signed out of GitLab.' }, method: :delete, class: "btn btn-danger prepend-left-10" do - %span.sr-only Revoke - Revoke diff --git a/changelogs/unreleased/57534_filter_impersonated_sessions.yml b/changelogs/unreleased/57534_filter_impersonated_sessions.yml new file mode 100644 index 00000000000..80aea0ab1bc --- /dev/null +++ b/changelogs/unreleased/57534_filter_impersonated_sessions.yml @@ -0,0 +1,6 @@ +--- +title: Do not display impersonated sessions under active sessions and remove ability + to revoke session +merge_request: +author: +type: security diff --git a/doc/user/profile/active_sessions.md b/doc/user/profile/active_sessions.md index 5119c0e30d0..28e3f4904a9 100644 --- a/doc/user/profile/active_sessions.md +++ b/doc/user/profile/active_sessions.md @@ -4,7 +4,7 @@ > in GitLab 10.8. GitLab lists all devices that have logged into your account. This allows you to -review the sessions and revoke any of it that you don't recognize. +review the sessions. ## Listing all active sessions @@ -12,9 +12,3 @@ review the sessions and revoke any of it that you don't recognize. 1. Navigate to the **Active Sessions** tab. ![Active sessions list](img/active_sessions_list.png) - -## Revoking a session - -1. Navigate to your [profile's](#profile-settings) **Settings > Active Sessions**. -1. Click on **Revoke** besides a session. The current session cannot be - revoked, as this would sign you out of GitLab. diff --git a/doc/user/profile/img/active_sessions_list.png b/doc/user/profile/img/active_sessions_list.png index 5d94dca69ccfded5543a6d1fc7413230faab0018..1e242ac47103c93d3f857db3ade6a05525317cb9 100644 GIT binary patch literal 19360 zcmeAS@N?(olHy`uVBq!ia0y~yU}|AtV6x(1W?*3GT)DD>fq{V~-O<;Pfnj4m_n$;o z1_lO&WRDzkdDt^yyQ5ef|6Q?;k#VXm4-d-``(QQ1I&2tH#F0YuBzFK76>ixVWXI<@`0?XKix#!D zcf5W3_U6r-yLa#Y_U&73ZSCU4ix(_dU|?Y2<>h5-Ying?_2kKufPjFXKY!}$>)Y7a zxVX67y?giR)2B<9F0HJr+PZb?%9Sh4&CMGc8j_NeH*DB&3r`Sa&nw{De|mbSIExx2eJH#cwGxbfJrW5&kDPEJnQ zIXMv#5x%~@9-f}o*4CFVU!FaC_VMG#Z{NP{?Cjjv*B2HRmYA4$^ytyNy!^|2Nt-B8|U%z$#(X+2V|DL^YdDYtWAHV+G zuzBm+4Vw-eKGrv3($kmkmakgV-P?co*vVrj&zwGYv9Y;TLPBEe_FW4XFMaj)C@-c7m}D57#J9nyxm{n!6~joIAYHmofiU0se*saKs^G7496?`SY$5n1Hg)X zid=g7X-8q$%&_c>m+oxfZQ1CS#H)Jfi|EmQd&jVKT6!~GFL{4{X6smdI%r4di8)iJ zObIzBF6ue;XJ_T=&6!7!W#M`}5YLcf!JN~2tTryWmg3oKo6YQbFJp7wtkql-Bb+)5K3|T$v~9`q zGyTyUr-rB;&0jc4;da;d{DtB16D_q@?%UU=zk)-1l9bqc4b`vK+uz@^?fM{DiobfJw) zuKkX_m2GwFc}kP<$*lDvH$8k7x>%^MZ=AqfS^6ZwP&9F=hRu%Bd&X0Zj0-HEDXmfA zo%_Tg-Oh8KdqwQrW9rPW+ZS}dDK?$B^Mdb_r!!7z$vq2=;=g?6%?>>)g`g^#3;(v9 zdeJIX#jh~!N|oN)tK6D7K5yDwm83g0FHH`+^mN|cCHnckMUj{GRDPcH?X}X9=7+14 zjf&@RysWwzc*y0%>sPvFa@V?Pd?<=S1F1aQex8m!;R86Oex!*jU)u#V>JU4yal8I;M zuAXn_8@5jK-06$1J8XWRdAw9RRZa5L>o-rk8#qoj9(we~CeoZIbVG;U_XCzjF;8CJ zaQwA*o|2kc5!&N^y29W%4)*gC0_VP=a6L-$3?*K02CTA9+eVg}EIqe08=J2<+&OxXH3Xnta= zsgo|3c+}pTIum|>T;(Vqn`U(dgdCk1juIa`AAzdyE)#Tk^gDgaOat<|HjiF zTkqYwSF>(@q?As=sg2K#&!(JT&oo1Om7PCpig$`AGwWBq9Z`1MD^n9(J0?Vhtli;u z_D0#)Z=%W!>^x>Cwx~%bSkB}R@LIoGub|7l<3O{gc65Z6*4hc~X%P$B_!{IYqC$N2 z7xM3W5Gfdv(C(`wvS!~QshjzY2dg&SXEVE*A-JV#`w zqtYF|3C^LnPM>1+T=i|+v)Yo)*CQNUd0$@>I?R>b5>;~fs!D^&#TOa}lG&tFtS+zq z!aUn^SpXNO;6pL(GdgW8HDT|HjCL`9eI3Sl##ro%to)K*Q|T}sr9JDq4MY>xA7q<( zuH=Yh1gm5yxnqZ^R{>VYfiXrTWYbEoBMJ{U<>2y8%r1-Y`A&6!6*LFHOGcS4>sw&Ep+PZ zUi4VYRAi#?QO<2wa~r2znjZaj&Rj7A&LwS&b}Ze{rLx>&_1^4DXYCj}eu^|rWO6>4 zS@qoc>E-t&R>BO|R$U30V#nYo{bqHz=EMCNH-B#Rn)PDk!j3D~nM5Blo_%^GUPj=Q z>5Gfk8G?9Kn-eB}QnX&U?A(k~i!MJnm+#e}s!`bGP?<`d!Ik;Q{6~}qM^UD^j~Z0dWrH*ohTs4CSE9bPQEyj zefy*StH`D7iN70?U%boZetvK3%V|e)%X6(CZuF_>DX&iWUK(;@%Hz5o^_Sk;**`Uz z@!aT>?mi{$)U|!i%MJ4pec+T(dLv)mgd6t`Z=uw(u4()$gGSwC&(&2QH}WL?*#sl2_Q=3et#+fSZ) zU#r+|x@y`ly}HpYRj*z7Va`(DWfIetNLTJJo$7*&3Y6-ms5PWaIaXDx2SY5t_Z)qF3xh!Yhqe{V^-Psj&v7F6;BE+hZFi zo*(?iC3K#b+%gXDs#C$Y{DmiF%)g&(t7hDt-_ugPcIB3p5pE|1{F-)`WgYmHI&=Ag z1qzi~{#_yuXI>P~)!dWZmUwj0KZ|*pcOtGtPka7&uCA*_x6RqZhyOUI{@!Mu)_Ya( z`>KbDW~#R5H`Y2E+S<3y{#A4*{bbGQx}fye&tvD`{dK1DR)-Gf8|N)c`&{1z-ghk6 zm*sD^h|fpXbU~um^R$dhLmoXAEHAI@S9X0H89L8v3CB}&ohRKo#ZRZ3yeSXW zIb5^+in&MadX}HJx>fG`>HD=7&CA|YTC9D!ro8*8`Q&+D-#B_Zsc~*Pxzf(#QjYeC z;H|YWEqjCi_3>yr-BQ%Itc+S$zp=?oqj19s1*ga*`;JbPnIk#$Y|I=N-dSAnS@ zSFf`D_P;CmUF3g`;7*Z+Kh#?5CO-Y{SLb=SHaxZ0;J#+9z=ZqSen+|Pdj%bMHt8ut zeJ=OTAQ!Hi4$tou|NC*M*W|4C+iWFAv+()L=3d@7{mSGDy+dDT-&$4?=I79oZ94Cq z#wXi)r>|8Biwn;@Z&PgMNS%1;MA193XLX*P1(MdLTXvs5@c3iI!X}xzSyMzl&YFI7 z_7#x383i{bPpsw#;^yQhjMW>0?a@}Gm>v8APcveUj3 zM&WgyhwH+R8l5TE$`IJ0bbOsML;H<8Z-w6+o||S_s;hsA>*J%z@7v<8#Ac$yZIJkTaRZg=HUIg$ab$_VZtkopqqLteuS(#b0tvH z^@N@I{my@aa!njZ%{5VzLK7R~x4lU@)nb|x4Le0f_3kAy(UTOF_*o)8inmW@; z>*~B;cWTssxzF%w;kat9`2&(x|CCSFKU}jMOZLR$C@Oq^FuFQvFS7RAx zbA>*D6b z*u1^}yuG%q-dV$HYkz+0I|-{JYX8(C^-kF?-LkG?(ej|FEM*$ECLLe&ZN+;9mH2It z$aekM`tP2WRya6~Dk_Os2Tolc*V6cY%SVVaFO^T#gE+I9<8xOJzpU>%^_P?LEbkf{ zM@vc=Gnp0N{<>VMnPYzS4ke%5i&p1WEPs5!ZF=}-{ipMIEV<81cEw3--V*anK6&b4 zqx`T3&-Z*;>-W0#R-{V(S=RpP_hw!YtZ%*({7-APSw+B9mT!u;f{rVFM{(gD&*Qy3 z-U^{kvI={&{q(QJ`Vu3`7}f2#6+kDY3IsAhRjbAv$Q#nYF)zPt2x%tJ%T8<#fdJ zcWAFu`|h@Wd0J}1nG3mAKXn&6w*0(qt@FFg=j~TTGs`KPUmWFjXVw%twD(Uh&rbV! zyB~gBw~Awl2Zx5!k&=KGXoco9Z}$I!Z^ioij2Rcz9{OYQEKY5u|FO+CW$%WneF)!a ze9olvy`(H+M8!7WoYmDkOhux8ED!tb~5Fg)>b z(!SWevAsCl-uhQfwWrJNmH(%{3KV@f>5<^-?=N_2tIaaR_1I?5VcQ|Iva0Bm)9S_B z`YQuBSkLPIAawG%}`tzpGExEJs{7*jnyEa!W zZumPNc;5ADhLdjoT5{3R<(-$=GQOS(6MnuqX8EorDEY*aZ@WK-cYfLF znQ-Wj$j{j!6^yqcE8<<7W;_=^a<3!NWNqHd)FG<!s+%F1S5td z+0Pa}f2VbD@~!um;#Ds_S8L?_9Q-6di0zu{SKjkNMP)AD8aYZYeS-T}uidpdvh2Fw zDy@HlhbnrnG#IC!?)=GnXZ{&!bHA3zkcOa^HB*1F#)W@9_Ebf(A$DbZ-vQGg%SF2T z-yfdO^=QrB6u;_OcBV1cLmz0FUh8OQv4I~3+h$hsU^ z7n1zxfX9oPvd1#zY0_3J|LXk>RjPg0kbNfP=WHJ4l8@PiA9>faE%niw&9<30TJ~Fx z>YDF`nVe%9J$FgdQbS82(AVVwtO!%u0fO-~F}P<;NYy z>oYVzo4;IUb$XtwsZsJ%ODjFkgOb~|QsN}mPb^}nYV6XEKH_rYeT%rWOT;OsMJ(M0 zdS}_sYY9#|9o263W5wC$FLnjQf2~Q#+Ob;Qqa|_q>~_;@e@#?&9%b#lW!$#&~*GYoBS^8@OEn2g5^SQ6oq=)PTa_%Fo$7YLSU4g|TI(e`lq63bN&U z3buWeTBx*ULRGPI{>*2mdBqfWOSN}RNO4%K=TsE3@7}M#MVIcS-;|jlW%naw0>@!L zbN=i#zcW2<*gl;2szT^dV$zJ}eLJgG7e3oH>-{<@VRkixGwJGWmhbLVm;71sZTF|} z&JR18g`X|Ibbm>%;+`w~=N^Zb++>AVY&CKnn`iVRrroFdc?_!ZWq1!-QFVEV7&2vc$y9T$iQxNadn3m%Uu7%Id z-1fpr@|j`7l`9{X%`EHQZBgJaQMap7BKfZWVFjm8I(xhMJ{lOFb6kIFt+_?ViP)Fw zF)|X02S49zezt?VeCh(vx8<+b3q33rZq7b)<;UzCwhIimPPaKopT3YPzGtbN&#~&> z33u22QJ2zm5=)=fwW0s{R(UF&0YnL(OxZ&_qx4k_PWP#Q^$NNKpOX}yQUfy_t zK}E1>>WUL8n?K2z?`n;9z41epU);1frhHpKozk7tE|z627SmVUP*}C;x8bD2c8%Q< zbKNEsys%Rfu592C^n0UGbgDYlgf*y{X@Uz+*dnFLDo^v|zMgv)nfPeBP0p1wg?Dc{ z@k<@r<1>ZZqocU9i+7RM=FD%052vo(+&sr^LV*ivYncz0?+>-tR$DswmvdVM*eq8D|;=ES`gNvZuuc%Gd3sF2RR z*8%3vUt5X|KW4{;xvsd(VZ`?|`H*Xc(5mZ^3*sxACTxBn)i}{Bh&4?5h0>L7&z1z$ zB|+yT(iuH01e>P5nCQ95>h-HhR*@SfUHGAzrjXvpZW;Z8_0&e?BRgG=vKg}3E2ivC zx44nX!rA@BF!7ZY$J^aEU9_KaUb^;fMyNUexueadlWp=u6!p~vo2FjyF4yBPTgvDNzE*s2KwExdOd-z6Fdy$g_o_dli=u>u&nk$gsbE&hTq3J zKS;5({x&>Uth-b2{ACA*NgfBiIz$p@EuB6=+3s5M!^hKYVy?6Y8lP-#YI~ulpmU@bO@FsH_ldE4H4QttsI9 zn$bgvO(ge3ld(H2^?Pk;`j}P$u8@TzHIak-q9=}rfB53 z!CtxC|LN?`Kv=s5o(sVY{)rY(;tY20P7<~+(w}iRc4Ozwy;7+I#_*gW{CCsr{k0$d z?@cP}w{HSD#B+wQt-?JA-t}zh`;UD(_UGUA?>B1i=6_gYzCO&_f8W#Z`)kz>PW$2) zFl|%V?K$OJlj;xL3ee61d1~^<=RZXm)~QwKThy!f?D=0e>Hd6{FkY+3bG{7L7p~Ux zG+bu$wl_%8%&wjNDUp{!bm1nmD_wGD-mSZ#@(wY0?_Y5JPXEELC#|Dizi!h>U7H`g?@yAp@WM@eD@A2NzCF3)@*h8k zW@bm$H(`aB)k{{q`SM$Qh4it0{R6Y>{s&&DDY%?}X417^+d?dMtA|{3+`5Qm^KNZ3 z$?{qD<~=Qrtorp|-!WW$sMF_FE69mM^^ae!q&|@%MKYq`k>}ve$qA$F7flX`0!Ow}~v= zWOl7f3KTFYcQWgauH|oW+<$S8<9q)7Ot07aANX|6J?zJI>-2wb|JQ%e)vglHvitkR z_Q#xa7+gnSack;`zmu3q$a=dv6BbtCNAD(VXg zK5Q=6dGNLAeXjGgO?B>hmlydj<(RtF>+Chrt_vmaetoH*pSb! zn^abQRE__d`hD9AQ?B?coKpL~m}7a{hv&cUvOfO2?w!p1=amayvQKpVG3&bV4^`j% zzc*e*EH$!kzErU7(lh0c>`s=(Z@6Ep*RW5?4{YhTdT3hl`&)&mU5H@azq|c!<$wLX zf2;o2onP`ZE1wu2}*wse*Sb?-~Sa4Cn(-K7aTOunxa&5 zGR(H%^85e&w_p7|@_wQ6+1qV*_`UK%;%l8%x9=-eds7*Evuo+8>c{T8*Sd9lkY9f@ zCjH*0-=FvBU7z`X)!n<7_I~kkY6uJslbu2mfQEQ6QpNG%B&)s+3zA?Q1$0O1G>95u2 z-{E@ltAE?S=g;>4)w;R!<=Odn?SHkdU8DH<&)mNH{grMVA6C4-Z=c#*`>K5YpLfN_ z`-}4P_q_T&{eNo3OfBwx4=wlad4B&Sn^pO}v-SFSJT9Mmf3N1Se9GoNxku5m>wnpQ zs6XTSUe~n5tUpiMDEY#wO>5Ffa-zWUbFs?82UA=A2t5xx8`I+~B{{8RwfjfF* zNag(tg?@2;@#)v(xBq`re);t~{h~KojApmLs!6BWH}glHTmHV@Q~Scg{+YEL=9RDb zH|@;4s=wE%Wxlm(_`@Z?rp&q-hTmKXt#a+t>a6{Ox~T z`1fr4*iSnju9k0MUhcDxz5jS}t9jnu=fA(@?vGftM}Ee?77qKz*WShNSXFn)rTYG# z&(Uwy6*tJYaO~fFx%rO5ICSGrH(a4#k_bN$HX$kWy@pal7huph$ul=67K**J}u}<=iW%we)NGB38uX`Xi(8?>|!w*B`&-OAfl6 zFs}O>8?$-;hYPGVU#ESuyglip`K{fn-rL=X(3z(7e*d-dsT}{a|JoE-nssdWZ2Q>x z`0I7$FDJh%{~&7qd%DSYX?dTzyzBF`c$DV!D%BimU>AD$Uc^l3-_PUk>o3)ZwCw-; z>-zIIc5j?De!gMXnjjw?|M%7B>!C)o)#7X3|9|mWKCi00Yw4-a@};?d--Q|`iIvs- zdv@R|KaWz)-`Df=_8oijYpwrZm(NRE_y1Gde);{mzmJx$ZvG#j#B<}%rv7^7ob|7i zVq9l$+*h^U$yv}(mw$m{mH3H-=@0Ge{!Z3?dE&?O_4Rws?{&HNHS62b`9Je(b1$>q z=Ts55xu^f<{@(SaXR2LwLg)RL-*2&2oUi`y@lESxr(M1OgIB3$_qBJYs=fz<#u^@H z|5Iw8^*V-S|Bkrw^c}Wa|9^U|bS1Y-zpdlLwI;sPm%=|Dd?NVR(M6*1 zO_zYH#nu;>cE)|2bM|*d$2_fX2XCC(tl=c`aLS@7pUXeV&6~H{$8XQy?`=<(spuV= zczb*Q9*ynM&zDWTzvJ%Yir?QRt+~B#+5TPs^1Uy;ZCUt#b~bN_gP_v)zMykXN@|xa z6jmSl89q1q_k0n>H+ApK?*FUaapdclQ~TxSS4+PN%8Q>9ZSCItZ9l(=)AjD{sjc_x z{yx5*Ah>Vd)-U^-=kpvmKluVz*N2Plogac)>nv^KzlP79b1!sbcHu9f9cQ;sfA?$l zJryxat^e!h8vp;6oPOLd=EvLc_=EY|bN{RJLH&Qx2cEIlvGUm$3uf+pDrU7OSUW8l6kJ}FafU+w?#|h>^i!2X3vh!a`AZ2DO>vAxUXgVb~U*l z+Rx7%yuH2tf9};gjjHvVR)2Wkoq03YZ0^JDxA*sEa9ZF0Q2#4=+TGG=tGePn4ub|S zK0n`n@86?jHK&68M)1)Ke!Z&LtJ3zL_n*CY&yFE}>Y?g?*WI_A4`{jAUne;4dda6_ zCuUw{y|%wc=}c2=yI=Rj33r9x#r(Yfc1><^etBN?%WX%${%*RmUs_04@5k5gPweZH zmHtfieYWf2)d!|(bNGG-g2yRBd|pjE&+8Ww5i{8b_agZxczBSU>SSL)`b@@jw5u*ZIF_(RX$^ zv3M~{_lK$5Yd-j^I{oJdjZL)OlyVXDWBUHfyF_6BX7`EqH-ZQ zce-l+U#eN9(3DTzsowOertri11=qs=PK0=d--zqe&A;`3{#jQm81}T>x)HI0<8Vdq z5Br>__7^<_HwkRnzoB4T&$sh`ymvx+<|h>d=P{nW$rryjw|wtk`5Qkpy9|C+3JCr? zHpjbVz54&DQFny@z1v!K@4ul7xJ!QGMy2Cso_AA}zNi}t{;H3AzAt@hpNV*j3?{-|4YX;lu69F!R*pekmNq`e^vd?pUO4jA`L1@8-zq>KKXUE{@$0e z&ua`mdIz*zJQ+Lx-}{5VKC;XI5B3S#@pV@4=Dpu%eq#A}|JSu=tABQ6sh)gVP$VcN z>nf3W$8W|Bp&bd83_^Y_393~oLgKo2tRTH}7FUVAcfP*-&+_1IbWrR++W^~yM*S)3 z9sk`6dJmj<{ZDGcEeG+1ac}ws)*Sg?wRML0X1~_u9Rh1y`h7O7|9shhefg#Y)rDXe zoxVH&|6~SP_x%rFRk7c)PZ3@_Mg4^J+rE6eSl;+LmTUcgj=BkcN~&*3P~CEN_5XxU zxdxS>4MO{?xWDrEd7DPYR6Kks;OM;kiJi3OpaHJ zNv*Ihr`71M{hZ3uHpi<50qRa2~zi#BN`2mlM<@5Ky ztoEWtC9H>+?GxMi)Lj49l z`TZ=e61|`>Rc~Os@Xt2;jlTHd?$S7YKi>|a8<%=aH;X1_b1=wfm2 z?Gt8g;ZMKoL>rFOFHcZ?HSfdZ!&m!QmFDGm{1FmK{8Ch3`|%w6zwOo!p00eI6C8iB zo*kS#|NVNj>gdbHJDP8DL>`tr`uD5pujJ1s=D{~^Y8-mmLi;Z9$@+=a2j9GN!n%?W zB$zTwpj<+vHBFw|$XBz4fi+E@$H;ak+sen+RAO&EF1ZO_YT?$$Jy$NBb*lQ?eK&no zQbI!=CRD2|;_we=4Djt`y21F#WB=usJ`543yCxl2b#cvv&`3tdcT+o*WLUT_hupnf ze8Mu~#O5+5Us>Nr2REfeG*3OadKFXC9c@9^9sBl2W@g!?Y)I)`c64)z^%bEa&R@;p zy`ln7;&vRieHgcLWgGW}@ zKPk0iuQ!-iOkKb+@wdvms3Z3|TbJF+bI`mm)9S0VzdN@1_z%+?8@vKqPB0%RnPFuY zo$<=RM&FG4r&sjHkBJ+$q(&vCe$a9hRQm4SDaBEntEd_ioXeow+}vEuar4A`9^r#g zkkRT?_VN7(f*oKd_lDRezE|7{*utgE0B2Y3hsP6i+C zQ{3FoF!S3E`Ny8WF1>Bsv!K^=@t#Db?v*$7KdqRg_%EhBwsXRn(}q*na(%?+{p0jq zma_lE;!{r-F7)2&?7X{F(9gD9(J5tD;Nj)UJNA}^f7C3Dgsu`uT>RM}R^+Y9OI5S* z!dVwC6|yVdY@XKQ6BSbb#H}>XwZJU?j7N#uoHZ&b{nw9vf3Q$F-zYnF%bKpE(;_zg zUG;ZGmWPhAYem`@*J!TmcMaA=T#-L+%q#tQwYJB;r4v&iGx;yGik~n2W|)5A&9(G% z^6Cd~)&%ZYsein7+Ov}B-z{Fqfu{X`ZfVMi6zkTVdE8~ix5cXzH};4qzWqLZj*Tw6 z>Fv`y1k>ND7T>z8WgC+D@oh14mhknD!E*0b%gi||7QLlt)?@{S1YU*pZNZVQ^}ZFx;^+r*Xk5YokUjs)~*jm=lPWn8GWd*30raD z`vMn@sIa3+-tT&6z4{$^bwY%i!XX)f%wM-+uBT01nO_pSVtv)TuHL_goQ^(x#VPbq z$ufy8b@Nf97iX7Td0o9Cj9+a}>fVSq?m8=1?voGY?Myw^J;5$D=S|4WUv5kHp5HWc z&ZeNLrdys*IJmsYWyZ3vA51i6>!xMKCfR54Z_}&2z9n^U#M^dVkZzHOB?)sljH~tL zf0vs&vypewqdfusCocBQ<9%K9+H+BUb)}a>i^|f{qr$dR58kZ#81uSsp>t}ZZAk1} z+v9p4Hl;@DY)g?d4*l&Y=*NDn(_pLXYm3G6`k1A^Fq+NQ`y6hm^EplMlF8+~LUDGN z8T(Hy$f|A3IXsk;|aTyw(LCg#@S)fos3JI=>T zIUaksM(<7zyK7^izHT+|+qd19#5ZsVP2b9wJHh@(Tj75Wp@&IPdv7Zo+F>GZqpf#b z!%2nb(Yy`5;);>lcOH5lxmI&RX^G%BL9vwfy_aSQ9s8^NWZnk(t{x>7$qOAyE=oc* zmdiH1Wnz8%60Ya}5)%(<@*PxDJXCD3jWuDv-l6OZ{`31@b3i?nG>1dl zVX@^$m)JhXxW0bJwd-e9?rbmpf10xzE?-uOe>&^$%8Bk> zg-R-w40he#f3ICSE9bLn`UJ?t%!xzwZN>jzJih+n+tW3-c)54@O-Q;h=Pje)B&8K{ zGuIZK{deVr^3e*xXVa}r<8vq9ib~y_b|x_?#`ROQOUlNAck-6uw$l~`I=vFNSi4Tj zDruQ*-gk>^<5EGhn9aYqLf74#FXaeNG+;)j*Q4rFXY5#1j&VLt7CPfo@iOm>z>|BC zK{iQW<>m?=JFX(3c!={X$IJNinO!;#2h6l?B(V)iFA-#^!kMJFj^Y=U;ji zAsi*!nW?ph;q8VgEguaz-8u@KjG>b%o=1(mjwQ~Fu1QvzGq3FJm4;3O&GOGH%FWJu zZ8`sbqa63jz9S~739&)~MH9d3o0F9UQS+HdIbnax?77?Ukpv_a3}D@kW}& zf^4>l?+&RiteV^E|MxN2(2&NfY`ZwVCJAZY@K{=7{_E=U)MHbXf=;-ZexLXGxOg7V z5xbS@A7fe~=a!aw&Q0+?eve5b!MM1LHPk(6PF_Rbo5+}0_Jy_E=hUCN>ojG%r%ifW}+IrA7R9&+v5xN1#qPPK^N2I~`- zkG=9ZV>~ORb>dNy0!|v~CS+&5=v4EB5$$s2^bUw-9XmY$kbnahJ72__~ynwQII-Xcs8b z?BAjP)%=;BFTW^k4y4*jt#jYj=WF^US1WHk*J$jwda;JPjcoXoYbv@eZn3GCZnvD# zD9lWNr4GxaYBDQg&h0gG(as7+gDiSbiH9ecz^ehp|flEqj2uPZWjP z?{KG;i=#FT;B5qsPX!&;JY7zk`&nl$6LD(Lta&WhD2eSFV7gg>ct~ z2c7EIH!iSLxy+fJ(z$P!s`Q=|TN%||9Ik;1rvtRNII;-(XgHmkR@R}MYrY^vOd_nD z@y&Xn{YGihU0-yXGeI7n>Cxi*<>h0}4bLVY{$O)DN84^)82_d0Eb$v2(1oi!u3D!f zK!#1c^YD1qx|xa_ZZo7!Hfxx6@Zdqq&V<|vtE~@QWOPdTb1PdTD6%c8RFPMy;}Ku| zw#TzHPj86c6!unq<)I}xC(7N{LKdlhl3%^^5y(`q69bRL9_HjhL?|etZA`YQ_@!=% zN|_aK?}NhD_JwEP@He=K?@avH@aSdz1Tp3A4Od=E+PGi-GbOCu?qjy43}?D_uF=u> z$|p7*b*~NXGpb&EBi!yI#~<9HYWr04?Q%{}aA`Mr=23IEL%v%lnu(s)kZiBKwr;MJ zfuP=J5fKrU*|m=*oOJHm09rljb;5A_Rcjxck|myIPp--D44fOiaFS%_xt7UOPlf4( z#<_Og4O4cR5tmdfx?FJ6@z+J7^MiJuz8(be^wmT2C9{DQ~I!k7EAA?L1-(vL}Yae7z z3%>qIX{~_&j+=Qeo@#P#vdp(#$miCv;rPm(eb->22wGjaP||hZbAJgJjUxTSLfaH4 zL)x4I+mcp(nr8TyQ&8{uwRh8Zth$!9Xm9R$wXEJH(>dR45=dM%m#;e6pHpzs#2{6t z=CiL@e;wo!6uMM$V(V3Kq&l^*Z@JWDB%uUeBk8$SWZ{`um1FKRb(-(_cNNm_S>8ROF#Ol1X`4%akPCUJS_>|uIw0J9Z zP}^779lWM6tyO9Ill7Z2o7umnoMr9*E+DvVQ`;Hkm(g>tac|umaraLs-|0P(M-))k z?$uj6UoEW@2#@i7*Bj@5)@xCB!1k9Sk|cI;=}IR z0pHtW!!%|6ii!tjZnM9dy*ig_KJ)Ly2^z}sa(`NSI<7)yT-)(?dr!SD?c!8Ief`u?fuDyLSL^OXgzjx zW^D9|484kDWs@PR+9uVdEZLP|uK4x(Ub*X!-S^DP&TWA-ub*6<#9(%H^4Sp8^FnuL zY@7J>Mn((|7B_LjTtY&H~XR$+efLG;$gwR#25 zE^j$J&o_u6CLuHVrkQr^_Csz?kS6!cO2In|M9*JHl{b_Mw`O?uLWw6NVRlJ;G3V@A zy!t%MB`Z(Au1KF^Eun1aVaXsa`u>N7yv^yO!51&w+ow^>_~hdoSBB*)1RmYGCA<06 zGse#{YQGb-LsX-WhaE0VGKury-8GeiSM-M3UGeIQb(W^PFn z6)#@@Bs7Du_fcG)U5el(j^7n!vDPZW)<@Qh_PtO&bBB$6Qv&~-*_>w&9$O;cHHCv$ zv}N6`o7QV~t~-%2Nz_ej@`iI76MH8{EOCtax`boBW4(l+5dRt#z7ublk85!iGcAZb z8OzYeB^IJ{;-1 zptLFc6jONg0;cn)N{gQ{`7E%(A`l_DWvKrG+2CYqwP9 zpFVE6_|8EIM{u(qPR=}caB=jxY##CbES;Gp|9PKXD^zdcP&ZLtz9-x*Siw|-!ShIhs+N&w(7R`W z?{nsfs?~7{J=XZoYnR?|)_g;3blm;}uUFmMVe=q(Q}))=51%Ndq*WPmO0Q|@)P2Ym zp9){46a#9k@8vW$spB-_4frP=(*kLvFY(;aU>;vCxRPl#Z;9Zmqbg1tgn~5h?>Wab zp+Jd6`=avXl+tTgRZAgbsuNx|e7T&FUDJM+awl%9(df5TDF((Cfug z>*?&fFEUSX;Rh~B_wey_1w;PN_XYG6!OiWR9XSoPk6k>#E3s6~f3(y& zGoY+NDr@AI2ZiR8|7^iwYFm~c<7IJK5#u7oaO!ZkLCl6pJEt*S+#&}a!d7yPIKXx# zdQGLfGsi*r7PTktjAF+$0bp9m2Z)I%-N<5F{ov<$<>K7Ii+RrkRP2)fB!_RS1 zleYxyk~5yFDLzqB)o<-rq2f;*q7N(nPpHxsF5(Vk^f)oMY3hpVLl19d9sg>kcWA;7 z)e|L;6Kp--H8icf&A4xo{LGG+?#s;6mld#UIHf4vm_Kp%cHf75@U_sOHWIwNRe-G- zLQQ?}Wav1d-SxiJzjJF}=cdVX80C7hp0wKB&oXnHh!dyxqdOC_zAaR^JT*J0=K8VD z4c^srCOl4>VY4pCS@7lQwPol0xR>su#iX+k_ZR^qx;R#Y+uDV)3mToxproY$5 z%SGtnOD%>~GwYULp2@HwY-!t~Kn81vdGn0E#k0Ja;eKn?!L-)AX^W?yifXxXovBN} zP{^~TIYDriVv72eE0V#HA&{2yD@|qAb!QiPYN}k--I%5Gsv~Zdc}2@AA=eIx4wXY+ z|DFwM@ix)DH$$rHM9m3PpS{?4a#(X zx)kJ=Htq}QKEHqVK92ZRxl7~IhY4zJL2;||e5w@%T{|RZ2DJRH-Ee1yRF~1*4aa6o zN{hH4^1el;C~svcOG#WMAkDDP|!UA1C@zTYeO|11(gI}N*};zU#pZ2HaY8`S-K{0 z=IMtX7SWlLHUCM?&^P+M_HYgR6qn8ZGDej)K7!M}Oj*8VzM9HKyZy(jeA2}3OPu6S z*3Q+M7HGuxc}=XfX@XMBGffQ*53}D#6eqWfByL_?l`v&Oa^C9l85J))Cg+@3YhSe3 zYP*xFvCv#jb?vEZBUbI{5&^A>G1z5fT}$G4wXeRq7tr6)H^SsntmuntucTmghw{3Cr zCMnED-W{~}raIqDnpLTQ$3ZEH|yHr zZ7D|HuY*cw>c+3y6MRj5Du;jM%2MZQzZDo8Xf)4uemt0xxBFj6vcSV)jYASj=9wKv z?0q`%EY6VqK9g3h-uwJU?Tx&N-a%2}HW!0ePI?|y&LgX(d?@VNgi4j$S7Y`$^~`X$ zt}HW#4*NLg1Jv(zJ-&#~Ur&C$KCo)QJv(rTHPvJMW9Bi)I^sMQ4bq6FxLHF;h z$@{0(o_bFwNg%PP_pa%O6xrX3x9)9h+n>1vd2fvBMb{O#OFl(AHFJDkUmo%8?E!Y- zluLn+oCPjB2r4aWR&s%t?sBG&s!zRJtYOyAWY{_LLy(7G>a|NdI9v_uL{2y-NFHdr zu;*iKjnsop8#5f6u0EP;S*hpyy{9%Us;E&)9OQn0Z`_ zih97H_?3Ilx>voYId5*g^|auScWL_OH|yrA{5|1OdNI%G6XT;0!PUnOP0lTLsO*U3 zeWUufpzlpXcgkUht#4HnjpuFunPt>zqVjOB|GUo`6K*`;zQ_%f4-j&ZvL2XR;B;*yMAR+-nXD3Xa_m{FxNHnX8SX0t0<-| zPZXAHVBExMB;L4o(v!*C%8swuRaxLC0XC~z#KY$U%M&3Zw!cokk{5O~vM!#hxqJSZ zb{!|FM0v0=(woex7TT&G>9I)k+`YG!bISxZ^AeR~6Sp3!-Rpud<$|V3km|1gQeW~D zg1WB!{mrA~qnctC(%MyE_T-@8ul*D5JwLn6A*@c`A}p}2M6m6%-Ol@q9g-T=#B-!% z?y%g_yZV=x;c4T${EYSktpTDNyL?)FxuM zT_ukFezLEhsgw2B!IRG}?0zVD^>0qdt_Oj4{de6|cKj-|P%+Y_<5wr!v-TMiCGCD? z1hH-_30lXS=2$9IyyA0Y45MJ%N4uTxK`waxX5tjq&@&fy*SmEFXYWL6U@kT|(^z>sX>7}kq{mzEp77=(@@qY4eJ1+2~2Rtzf zq(n9P$({&VY@P4o^k-w4lQGNA@@XRd5qsU!U!0SkD4;awLeGSMrPF+mJ26ji;Q%e~ zKXa=1&Wm+VBojf6Ip0?C1+vrF=9nufE??`D;^tSmzGs<3Rsh4Kj)PtyDU+7mIlK7Y zO&e{WKSCx>&h>pp~vHM9sT zMs&)}JmShdoBif&1Lw!n6)ra^g7#JZ zeRbJL*=d82t&wL~dTeZvI(L|m)P9zkd?m~!Dd!)7+qpMQw4Od+xCdlsP|KbfE*xP_ z`geEQ+~|d@6sDuT^Z1vH@}$3mKQoI;l&n^|^j68j+NExr(J zSxbjO&u$LLsBs8`P|@-P)u0y9bF0p-l-z0K=i>24C`GE^LC@t^8k5#3i7qwu3=FCzt`Q|Ei6yC4$wjG& zC8-QX28Ncp21dF@<{<`_Rt5%EMuyr3hE@g!K@vh7C>nC}Q!>*kacfX^UA2XQfq}u( L)z4*}Q$iB}(TNx& literal 22266 zcmeAS@N?(olHy`uVBq!ia0y~yU_Q&hz+}b2%)r2))e&`xfq|JJz$e7@+pm8IOk`iZ z{pjxQ{^`>v2?>d(PoMt(|NpkNqMn}K@87?dEn8+_U|?iqWNd6~Zf?G9+qMG-4tRKa zy12O9zJ1%&)YRJA+SbC(-{1e|&)@3m z>c@{CpFDYTFJJol`YvC-eD2)2A3uJ)eEIU$ty?K6 zDUnf8m6cTm1qG$0rJuk5wzs!`|Ni~w&!4@#ybd2e{P5w!kdTnKZ{Pm<_3P55OE2Gk zoHlLRh7B8>ot@LuGnOn_vU26hmX?<2=;-?T`rO>yix)3myLPRut*y4UHa0Gfg@wh> z-~Y;$D^5;M2?+@e4GnMJyjied!O^2flaiCqo;^E#`t3v?Hg7$9;qun4TQ6U~Ra;lz(b2)q&i>-Xi{;Cg7Znu+1O)W- z^c*;R?ET7lbLY*QK6Cc_&)@(3{CVr{!^XzOZ{NPX>Z`wS;lgcO<%o!gckkYvzjFOS zr1QK5i+Ff=_8mMTC?xdd$Dc<}U*5fY_wcckZ$5mvcJuCv6)Se`+_`G)`oEt)E?Ttc zhLysrSFgVQ{M+2z9G{RlY09+hoSeM8{5yBqLWCr3&hKYruGnai1{`?;owU0^smb&vaU`)fX+^>(wch)90eJe2SU~XVhvYZcf9( z6eYPAN~P<(KBb=6^GB$O^4Hv+ za`$;ybf7Qm-FcVVr^uAtOppGm!jRxS`@HSk)iXbTUl+N~W_iGpT)!Qz+V@Uc7H$Y@ zK0EPI()LRnvz;eSR$hN>#gB_A$D1uQi@&nIpII9B&E@z{wuz-3iyvOhj=5DI@T=Y#kK0k)eRuV= z%Wo$pW~N>`#{Fp7uWJ)u%zmF5yLxf$g>#Fe5`LWvQr#aA9VmP1Q32ooxXqEgkCm7< zbe_F7sqNTr(~@N7g`d2W|)SR8KCdJ=>Hrw%6?1F>KP1??GiF)hHvSsJ&faBs% z4d?k^Uby1%8SPUiid>dXy>eptljW{EbgXBovn?*~o388ksxfN$+amFmYuDs)SBqtP zZjR(-W-!}W>3)V?SMvKuVb+BAx8JPG%9#;$&|jpXc7r*VtOv<~4QCk`ZtyT5D3m<= zV0(J86hlIP(_Tr2Ia?SRAbLO)Zatvvj>zYr>^|GRv9n}-_3`{2+T9Ecb_bt*F4K#S zl&^ZZchwiZXHES&rW+G{AIAcWm}wPvuM%w zjXxiEGcc5$efBgaamnRfE6-lbKDbs~Yv0i~d+YbED4%Wq=YGIlbtAppxNYM+;Q7u+735%Te`|p-a1#v;q ztH<9&a&}8hy%PGYA5)2!-&Gsp)4 z`=5T+gt;C`la8OtRkbE)-;pTU;?-7P*BD$3ow_V)rE1sZpR)3KAC#@%<5%Q3zceW~HPVo1Go4*;g3P-hFi1n+MBZ zh15@X{_$qVCcTFbZ;E@FnNH|_l3JW<_;lxurMkBk%e)IVWoVGS9aA&2{m9?d7rIvT z{^ZQvQaQ;o_{F=)l~X(Hs#UjX#Qi$M`SIle+8Hs;xe=+*BeetBSL`&)k()iHdz=!uv$&k&fN&cT3jZ%F$y>kpH}X?kSy;y8XRpA9c)~t+^w8 zay^UEwsZS#oWB12sqt#{^5s@0v+sM}2)T-NpZb*4cK1qTexb=j9jyGC_x z+Ii_bTU^7c=6*}QYMQd`=8Bv1dyMZNd~f(;X%5?b&eJ^7A?we7y}>6ub;U}dz2-|_ z?Ad;D>xBF-O)nQ2JrC*)O!~5HN@|C;#?99{r)Pb5EOa1kgLla0nT5g2;_h7G;5VM* zmo8kq_TKEEe`RI6DmF&E_x$N}e({`nTPB6%dj%HGXg#}nTZ#HU^@g(v-z^SK4^nfx`g5|rQ$xCzwOkW*$^2CPr!I!+ z22a`9w7U<4W3S|G`N7Nn)-+g{73iE(`QO}?+3Vtt_bxMj}OYSrKuPdIPgNi!{-E(BS~%j*BUpTD8<{D!aQA)4~+SAQq0U7xf&I^1OT=1msrE59q1 ze)|7rZnjUzb+P02JTL8}&!0KKW9&0?TDL++vj%@DoAG?GqIlf9Va_pWX}d%D2Uh0O1! z8XVvJ-7b6W+d22Gs?VMI!+z+fq@-l_858N;@ESH=9-c2`a1 zYwf4@=ih0Z>a9L?df)T62eexnL@6TR7A@a0+?J52JuQK*sDi6O7u`%A<{)OGznD;+= z&0^kH+$)UTd96@>{TBVj*U$Fvme1HbDJ}ETp;^y_f5&T_+W)(5Z|!@-eGC7-;oWC= zt^B{yUhZW!?|%fp23vN{Ur5GiMDQ6vCtt$5aJ`PaE87rWm~_FzbvIq5{;hD+;I9Cv?X@`LHL z6st*;_&?oMb(`Aa9u})TU#xd!gVbB`@ZYslU${iid#U$xnZTLjpQgG`IyuqvZEoX{ zq+qEf`g$K+`)!0_wPdT1u74gZ@Vr}zr*vujt;RVU^d)?Y22L*{?FkwEqmh9OJCWl}4d1*G{dPn|g6^zu3{v=}K`6Zm5RWGAaGd*g54m z3(v2&n=ci9ys_iPDEItNdFNc;|_7$O@3%@I|M+$wG z({0;!N$$OvAg^}r+POa;`$Z(#bRRk($*|0t;XcU0j>f-kze$^TRK%?zEo#yk(TSo4 zVQ<%T$ypy-WYL**ic4hUBdzy|7n=4@lH@(9&)azRs{(&~RqpFDpBY=^ayP5Lf5+Hn zSiRrX-|wKy1eR$+v&`TA^r=(N-g40>zeo?ywdl{F8jFL+dQqk*37@{Qp~%sxpO@yod|R-Hd%6e&CAYnk$Wb-{}Y^> zmuYn2%r2%kJ~~a8c}&C~2D8o0Se+PUvq`1kr0n(_CCg1c^A0a^XW?;qS@cklxoTGF z+bi=6oP-}o`W#afI9hYM{o|T1CXXv8D<`H*NwDYdN~muznK z>mB*bx2d{I^z5IPmwGKXaYV|5BUbw*L0D^Vjo~F3;8Y za!WX1*6nRCch_jIobURrh+&zk%je6<6aVs9Ui1nzdoZQ8>6fadQM~T*?2l7zIK?LX zO4|9M!=_>9++UY14|aakNjt3JWC)ISy6l>3zfF{gy0hug z;78_rmq~R_jhX-^qO+mwQVGzqw=5kjAiY{X`eOCe}pe|N2utiD`y^3NU@AQ1syF@SD*-zB!;<=^seQjHo8j4k% z+w5`mWvKmB@lSHP3SW;FJrs0h2)6zViR+W4ftkhv-@(D@V{%#H&w~q>*ND2;x~8mM zbBk5G>IFEiSN1)7Q}tJNo!s-8)22<65s~D#ULzWxduCFLtC-3B$tL{5&zB$mWBP4* z{(sXl?pf;kVccS$s&Cyo=QaJ+eTOT{7pXsewX1H<^T-&NbL}fP&Wl}o>-M3@<9EL8 z+PPGr$b0VL(hi+xWt%)E2G?dCQ{Us>?O6LUCc;JVz?E}&VTVczjgBR)XD7~Z|9$3+cr6H zZKw36BbQZ=<@hNsJrb^(anES)#+!D5Op(mX|7&u3jHxJ1{N ziMjU6CI-&=a&^k3JMk~e^{j>4?Ij=S-*CEDF}tww-i@+vH?HlLncBYfk@m4O@u`a} zKRGo%mrs8hYvB1gKCOMx>3LU5v!XNAs;B$^_nd6LIZO5IB^5AQ z;yKyGd$OAEB^}>cOCo2PWKMeaeM|9PW#Q+sU(T6KzGZXCu58wQSN`YDcLHTYlHTY_ zB{$E$@@(R_jhEN_kGsz*dhFViMkIjSDJx5!Jx&O|&c+(O&eS5sQ)-u1gi5`P)@ zcuY2V9pGtGw5KrbP}hY^HZ3`a`k$Sjto>%)xu;40t5;l`YtA>5IWcg<;oqy(Zzex~ zcdW_x$I(-j7IH3568sKYJ*+<#&vq7%A%0(ca7a@n!m#MR7VJ#m9u152(ytJpHm_{3f%P&v|^4b#Clw zTy|Disdqz?cnfDi^R)n{{pC3uI(ZNB{a@2mb4I$}UeYRy{n8!2=ge-O72=lkdd{k5 zKB{o(vQ|jOkI1u6QrAq)W#ci+$bOme?hE5)tr-(`ONQ@SF7?87Z-mCP9(A^cK&#^l z%bit@_58AQz9PYGmcJnLbBl-a8qQnx{E83hC z(V4POYoYb818?qSy7*iaHEeh$;$pN|vf4B1X%XAC>rHhWAC+vj%K9<3ie{}nlAv=* zCefccTj*0OS1&_I^a8$sZ5w5DwrpiNTiEJdBi-mJ>N9zFX2gCi?ia3mGc?}ysIr~8 zWLae?YjbVQd}Ej1jR~KxJvrmFR8Wlhq1UD}etE?!H%J<9S6}SCJ^aD@M<)Csznnro z_2gXOEuWd$=gysLd-lcpBh0ZA=R7+hGGn&-(URk@UO!vE%JFKPZ|gCi%~Ln^K22D- z_Gsp@>2qGmB?Pfvev-}Lo!p3r2S6MIZ8H&4iH z$#pqUHdX1yH2HI`;a+a*>ekQL8mUqH)S+XVkDzbrjAt6=HA#zhN~SRjpB4NWS25=@ zPuCSDQ|CI))SgRwHtA&^^YLvx7MZu;X3))JMH?<$dt{=%eaoupB}Nt@N4+QSj(l;J zttwDoZ>_Qlr$lX2t$$HHXqjlO1uVT3t z-`sILV_U#4Clhhwf?R{Oo?q3ZGLLcR8lPRjwvB6+qk4<4P?Moo@xuD;>C=`uO)k9P zuz4xO`%A0u-jR#o@>!K&wR3i4V{+9*8NIcK=l-3)x0tbS(Z0t&j2!>{Zr*+RanbY{ z$p&hZoIDg776?RNvC-gSd2&@~#R-Q6tervv0rNNwnjU=6uwYrJVBqsK(X+K_nr7Jq zCTGWc@3S1)1u8Z6tvYw(@Bi}u)w|2Z9SK_xw*JFr_gFou0!3q-n5?3 z&%0*Y&sO)5Ow`<4cV6z?f@#WI4GR~&Twi-`gJsC2a6{ECJIm*6*;(DU!Ls*W<>ELy z(M|Je7Ra7To93C@a<*9W{Op??VpoD@3%~3?Gv8_RlKJO_FW;!Y19FN>vT^k3B;()0 zrJO#jn~&XnvTSLz)83xtM)o^@H5sP$pWAr!r=gZM!Dc#y3ZD(_4Y^ZF~@RmLEjJrQsqno_?Lq;$`BuDxbB_Q?0Ua#)1NH=yz{`>i(AFt^)Z-kzFBG-)Sm(0N!Ic;(Xf z>2c?FGTwCzxuxTrb*4dQ=3CWC2UBvw9TXx?->Cmnyz2D*nd-k()a+*e-KG12yT$2Q zQ|E8RSN#RnlV-Rs{FQ=~RI zb93ZbC)d_a)8v#@K6O_$BrIEOk9^;3c)q84!ApnwtYoX#S~=%5JUlgZ5-#8Vzi5ir zPu{4zId>hu+`4lvk^h8|c8Wx}gTjpjxoyh1&p6EwJ$oM0`E7x|fRM6yPj*y)(D4ty zMN_N74_{fL9&{}D_PQrIN8W9|rL!vX#0mpLE&uGJ>W}AC2{C)W{IhV|%@?cI&osPp zX40({xBr9$)#bJQD4m!1MIwH4fAsEVjcu0m{wy?|88$l=WMzcd{HbQ2f9L(&5?yU~ zV>3%_W7dV@gF6;|oN{ok-jbN_^Stj4>WGqy*zU7K+*GU@N>8=$1WYxCq&UAAVk z-8=R+O5SIkz1sO%6Q}F%?((x+X1)*JJ1^oGSBF>3!W=$P(P{Uig3EdBzfMiGIbJMR zcdT1C|7_B<yJKvCz5uNt#Np#D(TZ@@0@67(aZbnZ}tdOz6 z!K>+f+*WyhXHNT6ZC|)yXI*^!??BCK?;fn%^mFQu<#swVyS8sScEvkg`gU;Uk9i7z z?2mFTy8CSZ)SW_6541wgdVby!yJgP7w1RZ^TMxtz?B8Vjh4%(ef-z{u05si)cmCku z6;|_;lPkFM#BRu}%T;06E`5V%He(Lk2FU|yH+UFw+Rie77zxG=XBo^6r!gcL=dghp zAVu3}>aV-DQZoEM@9ae54vv}jRncoD^XtE`=CqwvVEU2on|iHe9~VfD;nfP$<$NI1 z%$lWc?NM_3WA(Y;_Cp}s2Fp{qdP;Lczdh33qZ1!^&GzwUzF3v6d-LbKoL3tWc<;>( z&7B+WgsDWIt~@B`o_zHFtxMbo(ggTsR||0JW^UeF!}Zm!d|f~w*U6U)nBq3gI^lln zaJ=|L>zQnSZw9GE&;BgM{#zi^?DVy1aSUe71~<-pUpbq1<;m>3#bOu!|46Z|6gyvZ z;rOk?zQJi)(koULO-MSY_sXSP*LBlY%k>kTPc>BXnNHf)WnTXyli8zCPar`^1Djr%}a!Rg$42{+Ae z`TdBp=sy7R5TqD=@Z#jK>OWL0+*Pr>O3w^QO5U3Iz{hW7pYIe4MfOd}DUJ;N^ z+oUtGo8JmuReCE?#b|l{oRa^~D)ri!dmrsj^_O_WR4lTaZI-)Ca+=c3sB@pS4yWCW z@>BG=a%0clrnkTUS>*IB(hgzWa?Q*%!eL*^qJ>?PPOlFz4da_wYD7GyX_EJOUGVg?Q8##IJG$K7Q~ds&_N$X!e^*u2%%73B)?(-8Pfe@pW^D?Wt$p-6 z`}7&GI+ojK>$uUH1u2YJMjC>cuLp+=kq1hth8FC|!TH z>xL{dY%RcI`cL-5ul{I=wH<{{N|@&)-%po(4A6Mc#b=ikOw}R{e<5zY$uv zFlqX(&5tbPGxIO^&GrwU_u)F Pl&FYB#(H9a)`t$o?7`4{Z!d*@56w%X@w&%G>e z#gBvW+@NgsqWIP=hp5KE7q<-kjOr%5V17KHvWS(t7jw+0WLup4}knvg+)P z*Gy*Nryn|}CvfMm2_}8MC6&s1M(GL1!8C!q+26nL>&>=N-EqcL*~Tp2v*2mXGT-xc z6XsrV5<9mO6rd<^5{qu0qi!%)Dg|qv2gsq8ayls{6`EJf;wPKFBytCi? zpVNt2tD%3);{W-3cmHiEy<5m&e`we2y1QHV-rDN>SS@vJ5^speq>{5Po4Q2K9OiaW z3tDW}Ju6{~uCUhif)e3tnB67Urh_0{G`A9n$>h=f_DDoC8ZN4@HM~S$SC)^IotjI zw3BzPdw7J;T&d@?>Dx=amnt6*1sYwKdOEAt?Mlb2`24dnpYzUjJ!{E7oX7X|P{yIF z9wp6t_ns`#f2p!yX8mkzeYoz1+TRcM_1_TY;4l()t0|MZWYc0Va0`E1tq_hr`> zxnKDsl^tgA{?VLyndVMP8VYIWwq)iv_FYv`@DiTh+_L7H;KubgR@G*gJPA#^rMT^T zL7@4?3z}ai7|n`f2|IS+INLwDh&0>D(YL=aSV?TYJMG}{=t*1q{b$b#;Q?WFwyPu_D`A`%}||Spu_~!>sJr&k~;1nQY~~`Ns09wv_B; z&U?J;xn1QvKJVwR3*UKs#m~wo^THJIBWt-A2merlSWuYb_em}@``S*`6wwGrvTYfWC zwWvS%$&-%>gM|;(#vL+@A#W!_3qL|UY;XQ3k{DxJ3DL73cK3mv&WByz16;; zw`vymmd7t=mbIn*4tXZJZbDsQN{R{xbItbB)bdG{qHA`qQ0RY_AMp9$r}f9#_elRv z-Xs0{GpCHl=J{>CX9btrJN*wl8&{q)XYOjf!$;?_Ox+e@Wn~~2G&?`z@hydiA6w2} zP~4U!|MC()oBL6Tx@9#sw=URCTWD#r{lV2`>04$pe*ynuS=R~r(E*$9jsdLXxw7x62ZE14pk+*jqP2DTTyJ_pv zc9rK`PdA+_DfUe-nD}5?%)ijZH&)dyDLb)Z@3m9UFPyaOetA&pYP4|Db^(8adz=E?!?M1y;>Ljc-IM$c(q|(*6=I7oc_4jIC zFZ!4NJ^B4L?}8`AnalQl;+E_(+i%T0|F423d&OP9@@>y1tX=vsa{fcM7j`Y~2NyiM z?)Q0d*A<_i`svB;Q$i<+im#h*#U=EA=hH)KwiEyDeR?PDsrdg1b!AIm{V`pCyXLaC zsGXp-N8Iwsx<^jbOq<3yuZsQpfuN1oE=j4n9L_&bC)Va6bffAi;|77SYpYFG3NEOB z6KJqPa`NJv3df$EwfDPYZ9e*b$c zKa_VUt+p+#>Ryhe(R@oY?`HM=-FqWH3wwU5_P=5-)4PFl+y7r`(PA%Cxb^q&?Ob=* zS#5ew*k938lh0559P%rRDY@L{fmGTo$ICmsH}`slnQV5KoNf5RdsejvLxb-j_Phfk zoR&}IrZmhl+yGr|6PBM zW!92amYL0O`E-_b&ocaJm!J3R$#(HNyZ;w=Zoj{C%B7k&S5|heUwbOEF!S$Z{&g3> zIqz24pFcrMKW4@H;;h&6W9)U0%DLU~F}By(xzG2w@4Fj|GtLFS)aDRST2iQd@ciuF z4RaS)&hpz*Y+`=w?1sfzYMeV`^gb)FTN8yMH|`S!Po0{o>{Z-;A(r zKecKD&&si`W2=$gw9_`a*uHtr;+Zi`ty9v9*bbLAoE7v$*^jS4C?NY6Kde*m#7w7tJxtShra&y+><7=&wvv=@6^C;qu0UPvu&(F%W zyDSc>-;%h}Q~A|&`ck`|V++#GXs@k|^x0y#Lh^Gw3!kj|s;Bwar&n z-YcD)>Qo#&W6|ns(LFK6X@&aJY?dCHamz|?e#!KbuKhw6-c8xGRJ1l)tyq5Us`9Bb zU)``evGbb7^)<`)%jhI;kMWOsdE2#J@pl2pv%fv`4IvuTa5UBg?0jKfbVmZkm6p0qtg zqW;XcsB1sAoO*r@)H29b*0~m>*R20I?W|Mrp-(GL9%KEjaNyjg>BjuW7o=U;v;Rlh z)(0F0i|!^UuSyHso9!6WIjhg9x$54W$UEInbVZM`=Kt?~y9orzu>@DZ6~9 zuzh;5eX4!J^Y>hCfm>Td?w`6UWB!w4XJT6M_b)!ywH9oqi=X{XDY9{R^moIdj<$sw zH!{4l<=A%4o?sx#{y*{gow`LQK3VuJ>)ijR>KD`967$QvH;RO#4@}$L(807z^CZtPV)F~E;Ls=c6ZIJoU-_5sq)_v@2lUOdv@O& zdxQMyb1SW`il1Wb?U?XheWBmn`GN!Cpje^Pj?sN18KCWe%j>*rQXIRA%V@f2~OEx^)Yuo&7XR zil@T(h^_JbFE?)HOxIeo*Lj8Z`g8k#UYhfGKjT!x-5Zn-2mUzyKK-%1_x7LK^_Tto z+tZ#JzwN1KxoRHbd6+S$?d<7C-^2gDyKo}cnE&7WU-3B)-|NOcH4i(uZGA{&V8!iY z&yKDWG3^QiXct*q74U!C?(FqXaK-!0IKN%Xzd2`qjY}axYav`mzWB?6Z zuz|){p$nl=S4Jj$&YEa>a#qzGUWVD%jlRx#z~jf>a5j5}mtOpqbfX8iG`1PH8vb9* zre)TmKaKb7ccp{wpQmhF&Cb9u`@Zq)?)FmwQLS+ot^&a{wAAMkDf2Rs$Wt3N-u|PL*>+yYigc;Kif8^@^Vd7sQQmxg7Oni zzb@Ol$M06_Sq8KH;;VE0;#1Y1%y}~RmzG}nC$FwziwWTmp8a0AdxPYGXIGcG$Ioi6 zEHis8D0dFa}+qQ!+>8YlE!H|Xr>H?md| zef$|L4~jq7N^|fERK(KNO4(0ac%CyHc=omNv2$q1+#M4-mWJGu+G^_kHDYEZV@}+2 z9?AVLY8K`$TYb}Wt>)D2t?Jn)^|X!j8_vF-Gi}qR{9C6^=|!2Xw>iB*@<7@Lw=b*9 zHDva6Y=6?Q@loA_g5O17K1GLHsU1yw!xsAWNtL%0k7l>COYujC^u`RWT_&>HIljEB z&n|rX?_Bj+m-)Z;WU=)}aNA6FH}6|ByLZ;csh?j}elcK}eXuC^p7}@TcMF6p+WTeB zoifSYrsbcs_6g6Nr8^(AZeIE}(L36`^k>hRv)17spPxQDMJjCeuh+&m`yMM9#od+` zGOqA@`o!WW!{-xen*)uLFQwV`%dsUGN31*Rw7|D6^xCGnOrxEXUf%OMe6cO9KVX~n zug@*pjtTv3SbihQJvwpc&ZnzHC;BZeIyXNeQ`-I7S+}!ud`q@IyLgx(hi!f0XTIrL z{JpH@@2;7tYfWx0Ntxzm8E=;3wSA}S(cGMQN&UwkKMTud%iUabi# z2hu)BnWb+I4125b<=rL6)kX!IR%9;Uu@k~TVK9sH6O02ddbIOJO?`I4CqZ1cfIBvO(M^&4laq>@SBFp4Ox$_%z0`(j zZ?oF&FlJ{JrmT)Uue^QHYE%B4wzCh;=IXu3-T7vBCY!LR)R*}>O1o~}sD2uiD45G1 zw?fwEhEKDo`@dVa=SYRkwhyz>-EBQ}#=^|9?71Rt_jyTe)896( z6B9J=&oPrWHCEgGsuDDEnLpp>z4sgzhS}E{)7$31KOD)hq0%-$>SlX<3L|Er5fSb) zC+nzZ!`TGUOg-C)Gv%b-eEzooTjQKFGq>@6K5TJ%gX9_wzNzAGUdTP0wq=_88>^o+ zKl#K3rWU@KY9^oZ$4c0&dFr;C(Sd=5&1Unx@?So&U0>`Pcj#F<$VZ~vEu-}(96s)? zd{4S0BRy}!{)SagOskbcV_$Xm#;WW(GWE)x=TcMWiZ6fTwQ=W_$FmLJ{GD;StMBKY zjS~YS)8AbToKt>-C+tev$LkU^7e9XU_VK>7z}<557dxiuvwu1fd8+j5p4i^VIh(YP zK8xt6jHuRrHJ9<5rK_#ne*v?@X&WwmKYMrC*_l^niSxeYkAG^Fd@@G3S8kovv8yh+ z>)gU)Y}ak`yg4=Lb9&N`ib-c@@;d&z6_I&3?FLWSuYH#1H_a@Q`1z^2=a#UZs@3WE zu6gD&mtPT>Jta2t``JjFX*tHcA0uz@%s#j~Hj}$P-C~Pxz_h&L9lbwSN+nI-qhk zcV;=x)91`Icc)$XWMie(?#q5-_iV2lPy5w!mKpYawY>xmzk97`&t0wy-;f)3ecRJr z?QKi1-ac{js8;p5*i-A?MEWP>G_80sXl*Hk)zwo`jV$Pkm3n1eFD*pS*wF**CjA=Tpy^}h&IhLYVIp-FA7=y>5}B37Z05CPpr?Gc6UwMrqcp$mu{Ua&N8>&c5ueinbqN~HSx)N zv;}OmroAfu=&-!z^CQ38J)3T7OZgvNsrbFaSjkTBRqe{dj5%zl71}EwOjxOT_wkLb z4OOC%OF?F@=)Ai#=Vp%Sot!rpFSGx<`NleXRQCq z^~%~Dy|*0g-^(tnJ$5$zM^BCZ>x5GUpt4vZJ#WtK^(J=@TL?TebApOgftSJ#VqxyI+nqIVIBT1LB^nU1egBV<(f9uk|t*r~N9v`?vqd-fK0lqqAq*{yZC1ZM^w=&`urG?W?R$OtKeUbLy;D#xKYC*`ISy zy3Cz;>DJxdm%f#;Z;;%>+jq)$%KQV8lNK4u%od7yxHWRObA(xOU;XUAcNKFw&#vX! zs}i8u*tp%sv<$cqk{KFL#<~tnT@R zaTDRmqUxIOkwx8Yxsl{e3+Sj*uN3VMB|JxQ!l zUs`r#tZ2CVKA%0Vn=yy&{ZxzDSC1U$Fk`-9^Kjz6O?y9DfTp)VjYPx-91st&Y3=~D zDbqZWrMW!CkniAbrrC@K?%>?918VIg7&APW`{Vp+&*aBXO>gixIGp(Nc>AFnKfWE$ z-XPh)@Ze%Zs#s|q=j`L14|LZ|Y+uZ%#+jThlq0A9=|;D7JG0s0XPjqv)_u7WRA7-{ zoHOr&+44Q-o<$uNDcl`2Yiqb*=~2~4{->vTvr1Q-o0XDze#-UNymOZ2e`+b&Tf@$> zL9#|+_Hz*<|B2Hdg+6_H|3X@tdhxU?i$eXS&V)TvGki4bbl2H?I;u-vKebk9IQzi) z=A3h8k^6M?CdOIqi}K!SQyXF0vZCK!PLq&GB?$TK8k$zj^kx%nR59` z-z-zF7!UQyi_d(hZ9AT}(^LG?*H5wn2hu(`=9a}10es!0c?vmF} zKS&C&>^WPlKX3QXGliUH{u1{-ob`*`_bk*e+UeHuDT|hvsJrQ1Shf80nPXp?XUfek z^^Nkle!AR2;D?#KfVsXE%foA%@8|E?p>wBB%lF3i*2UA;+3l;1-}dv!gZwD%9J%_Y z^atVM4|vVwcWC{qF8Eh-y!c`N@$D=RU&%ha`Czhr{XOlQHBS!~`)lX0DJ;m{SM&E3 z_rtpHzK%Ppo%PO_-rs-czl%U!QH;3NyT4ywtynH<#w>8a%)9aV_LlZ5_wV2L-QKdC zy~W$VwfM{Al1nxIFC=6{#Ba1JA{qOQ!|FV+8>tsiy2E{VG%x3}c+ z$D`V(?$3^Y`xUI_YTBPyOnau?>v?R!u|blB!}4bGOWA`LEm}56_AnP#Dkm@7@IAS> z`{M$k zFmIhn-CDNC+e3f;UO07D@GiHMt74X0a{3!pXJ4OjC-1w!J*yi$e{SDN@n3br=S%5? zi$acSh3}*WeZaRB1Y)|e6 z$vyX;iJm+gInh-xX0wvc3?E-X!G-rUzApV&{XFDS*Pgqv4;^27oD8jAVR)+R*1yO- zNyYI`zHMtUVrR`gv$AJZ@b|DN;hppETw1^5P~}XSo4Xo6Em>*);_}?!<=4AY!@RCD z@SgtpM|;t|rpzacmTo$`cK2fAkH-$CeQ29nX0ZN5pv#r@TaLa+nq0!q6x1E(%y;oh z>yjs0(Yo7CTv)YsOZSpDOE-FJyig8|EH!(Za!>v4{_<@lyKLOMEKb!6SnH@-=CZ4w zR^>f?Gjq<`zv&{gwb!y0_jBjV=CJ+C&C~AYd35Bdv{L%nYd6=pbXRWr;-ow4W{Q#I z&XAL#+oE!MRW>DkuCla#A-`#!G4H90~@zQr2dv*o9|qWNmDl zoa_>lwQkSVq@$N~R^Ny@b2D!C;hUTH|ByT!b}{mkYW8aHjTOHf&!*-3t=w7Ka@M8& zgGjGoA+LYU-~U@J_N%MbiT)->0MD{YNPS#kB3*UnF2-MVJ;F6G4K zh-}`Re7H9E+^q%s51A&|JuTZ^e8ko}^Y_(~OYyAHLc4GDpS^$Znc=HH89n~V^)1Uc zvM)IMS=jYj(eq!Tb0mTz_guc@+&W+Vx!3bm)>AaDF1;4BLg!M~`=IkG@3PfY!{07E zw&MJqDZz`+JhWw#IA{5pRn@g zo3l4(Db!E7k!@qP{rsIfNpsq^>oGK*eVns-&lTNOTP5c3W(S|*W#w*q`P(SEa^sa1 zE}AB1^E~)JioESrJ8c(KbX6{^$A~|wx3^gQQ9`)9HRdWJWnQ!oz zv|Wqr32fC|yk%$S+e=rZ&uv_&oICGu%p2o*B1*TmsGrEVE1|S+o=kk|mM=Qr?SHJ8 z#F)dTbusjl_}1}vgECrM4UQKbe(fe7YSeJn zVc{(4+h#|veCzsVI_p%~gyh(!%X`|5tXEGmd!tY^ck7HZ!B)D8`j%r zXk60iJDy-udLvIN<9AXs5A&fDu21;7b}x$I={g{BMAXGinYrnb(xxo8Ii@QEmX@EF-DfkMm~MUN($Nn;V_>Eb;a4RjYP4$5ves1N~ zjYV>I9o~o@WiV?_cw(skVeO>lRzJNn6ASZd{&c-@J2&yL_KfK(-F$m{%XPoLNxCRF zyYGXcp46ska?c`D^zN+?+ahH)TdiaIt8GU#^ZT2vSBCz*^kQ^?B_YZL6PU&V7~bx^wn^@pxl!`aDAhS7y6A@A~J{ zGLD*VJDWW1;-(jC-+rCrcQiXx%IxK0&)Cw&BWrFZPZYPArmmCI|Idjp_2`_~Ok0yA ztA?`)IX&~DKRK}%PHeGWY`M|!*0f#wZr*2K^K8S})ahp3M)9+lzJ5_k%sm?R(?lyY zpV1;E)ASq}Pub%| zC!EylGq-$Qm6R>BH+@^=GR*{k{heC=C&Ut$mrne4EBNQyUt0s0#(vo`_p*<9_O+b2 zhg!N`cB*mPKPweZ*?YqVGHidhce(Ew8z* zT=ssm;VpZr&7BqeOOCIwesqcXm+tk~R&F=v$Zz|#!TH_!%PnW?Cz}0U#(ab4Soe#a zOSgVp_3ic=x5aC(tJkDVIh!?$>Dw2jRc|NlZC-I>o9lgtzCU3bvfsLDJiXyDn_D*1 z#d=QC+jsGqzn6myXueqNts!;%YFGLd_2|i8b8`w$>~@`ZX5og(6X$YDZ*spClcOIse8%7Clp9&n z9MST!8(%5(TIJ1)oAk;`TsxOKXaOg^XHqtznMMQE^#33Lzrj5 z4dovy2h$j4tJ^+OzrA)jci4fav+A6F!snKYo1^bBeu~kt<8la| zVxG>GGf(4EWV*Q>H^XdobJiH`Lsty^j<+)=d|smFyxk&s%GuSr?*-3ZD!a3}C&Mey z-)Ys~Zl`*Y3M*-QJ*B9?tkUcJ8QPWcVY8Rk73VzI`Qt&NaYeeBzFtz;)9x*|--@33 z+>_z8)%du<^B;>6j_sfE{QaUEA!X4!LwkN~`lYkzh)~td+{6#f>A6*@7(@j<`Y(8ykymp$@r|_Tm3))wigNA|c-rS?Q$#;9@vZFz%eal4V zK4mMG*>q(3eCsfu+8FJRo|^G=tI8YD`m{ZlA3x(SN&Wt6b%ye+pq=u?{g!U0 znqOafGxwFVH%s}Y4O*6`gR?B>v(8R5p20CY-D2lW8Q+x_*7?TnS&xr3YFWDn{$tCQ zef|E$=~I!>75WFC{pX%t|3}o!-)#2npTS1%^;+Aytxt$_{yWy|;`wK5h1}6;sfRZg zg-t9g+QUEp&ywvse_Q0t%P|xGF#n`{^5nFiL9@T~$X&gXR>r5>@$9L~!?~Y#`h-b` z{#x_v)vGM?-TyoN?VjZByW(wLx1W2qx*+SZ{DVz5_rzJhxSA{$ZCj-^ZKsj3@#d2q zN>>l?sjH_4w>4WX3ilt6A4ip*KXX;&MwC$IT2*+Jl_Tr(#q3x6*~RtC?1SrSOS}Wu-3^?_ zXZP=Id+niTtNG{s+_XWmVZyebr@m&NpZa^Rx#-h(ypsA~?(M(yKO%77_n7cq@BjY$ z)S}Nln~@`N_R#~Iqfa@%djJ0Y(&$r@7oU2nev0*1oQ%o+;9czOS6R1#mBr4^|Nk-i zeWB~s@4qrdT`lje{qte+$!Ffp+kGQJsb1dv{%iZSF>n7yO7FP!d&l=xMN7Z0i^z-* z>7OnC?f&QVL}LcU+|Ql0{vuD0ADo|euTsM=!@f$>uZQ>E-W79MgXO;edwBj(8iUi# zw2c$O{9^ts{eMvQ>(SC(E9~a&sCj&G>FQhm&G+AV4pwtDEvA&QX_NhH5j&O}JWefp z?wHTCo%@kl^ahVwQ%lpuWWkB~$Dj4R=r~hj+IIbXVXiUT>`M0qQG3<=ejm)(VJ49| zSI>OGq*i;`95&&M;T>9>4Re(|=!f*>?P+xaz-8ugh*-x-{)J zQyACO_C*er6AmeH?O@!xyyiX9nAJ)MzQ~L=qP;Ko&9d(Ac&E-6+%jp_S?<@aUn?Fb82>mi zvrLZP%u8@>`mL<@najo2uQmTJ+v}2QtCIb6^~LM2BMi=Mx$RPFRMVDof90uHt6v&@ zcAl75YtCsc)9()0RSmOV1S7A1>8z+RkUze8)_`>}PI_ zp~2h#|5}cw-MoG7Xp(dOvl}lb+96ZlF}qXW z_Ih+{&zCYw&$5c)et*;FOO8zb-Q^$jZ9aazz4hkXkob_P{@KFZ=oH*3kuTRDWM|a(~OXd1v9(mz5ry!sajh9{4wSebLs<;nA`EY&F}f zP9}Z+=5gZce=UuFMk-TwEVPwb{&j7cfcLsBxtAWx+*G)nws~2#(&@C{w_Dzyl)l5- zeD;C&(G3y@(ilMd8bFiG;6v0P$EJZ>%%89O6lLVeJKuj6$Z+FNX>lWe>enr<%Rku} zeCd^EZ8#gxFFrH8{QC=);@zbgi`+j}>WS1oTg3{De32o+m@U)tP*^1 zY|SP?JD+bh=DRZ{7;o5c=JWF(6V<%>`)$jz zQkPEnIbqjaj@(NUo4adWFDci0Y`HANx)}~ek-X%4-fw0?8`oUY{Hhv3qFyl z>XmbU?VNvYXUYWb+b8^7A3EfJ5HmmNbZV}|w)-F-ru=C3?%Z`lcdN|vqoMoO#!kz+ z{bkl-m+n6<(q?T-&R+E7Z~wgc)QQta9|r80@mnMJu}iGn))O_qi#JUuQg3_vU4tQq zO>)=LoVAx0E5C^o^{YFvSY2#(vdj4$rnjG^%REp08o#+p_s^N*fxo5L`&Na_FnjLB zbNhWD!wnvvOL}qZ*T$wFk377X?b)#&cizNva~?}Mx1D{-c{puz&#Ie(8O2stF7B6I zoGUJFvOziCcC*^$XEL3MzwNjfW;b@u-s^bw?0w$;BUY7HGb>z-AN>ms-8dysev(=D z|AmjPN2Z!Qc;0;FRO{C(FIMyxh0g1E`sH_wg zk8G#~B`Vl4VW_Q7aH{-qzd=EdVfKEZGY8i4EB-gAx^BcU`(XOw9W@aj??@XkZ@0_) zye`${-R*r}<2${cY+v+d(`PRI`UO#f{weQz+1H)lk}3ObR(@OOT)pqt%1e(o&r6RAkA3lV!l&$O zpw7>`GaG|sGAs1Q#|VJ6vX3`dBLOYuRe+eXIXxDEpJRZBrkc z=53w(^7Bvq70X}E-nvij>-S5|=S9k~oZb-012U}i;J3Vtw~smZDvJe)KU&BBOZj^H z^ZT23o-F&f(Leh9>ejPwXPtcp3c)zdRZ}G8v+vB`7@6DaqVFv*J##aM$O+kxuFu!0 zZ{2oy>w@uR+sQg3mD+MV6@bH@5v88`LM-8D|XH4_wjdj({Eb@sXL^wWqs^e`f> z{#Y8=S5s4q`#SWk9($jRuT@*4et&uF`k<8|%HbKQ(p5W;KARHpD7hy7&4E4KX`n9q zo6g5)_?~^3v+PC7wzgSj(xAXzr!%|Qr6w>uCiMH#Ux$N2?jLXRuikeyY)($}yQ7y@ z{>qtcy=U$5h0&>-#?=l@1 z%9?`f@A4Ue#uxtudDX_L=L_brZTPv`{m;p7XShLY!x*p(XMjc^86ZdIq2?dh^d2+x gXv`1)Pt-F!FVdQ&MBb@0FcgTs{jB1 diff --git a/spec/features/profiles/active_sessions_spec.rb b/spec/features/profiles/active_sessions_spec.rb index 3fd3222fa0a..2aa0177af5d 100644 --- a/spec/features/profiles/active_sessions_spec.rb +++ b/spec/features/profiles/active_sessions_spec.rb @@ -82,31 +82,4 @@ describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state do expect(page).not_to have_content('Chrome on Windows') end end - - it 'User can revoke a session', :js, :redis_session_store do - Capybara::Session.new(:session1) - Capybara::Session.new(:session2) - - # set an additional session in another browser - using_session :session2 do - gitlab_sign_in(user) - end - - using_session :session1 do - gitlab_sign_in(user) - visit profile_active_sessions_path - - expect(page).to have_link('Revoke', count: 1) - - accept_confirm { click_on 'Revoke' } - - expect(page).not_to have_link('Revoke') - end - - using_session :session2 do - visit profile_active_sessions_path - - expect(page).to have_content('You need to sign in or sign up before continuing.') - end - end end -- GitLab