Beispiel #1
0
        public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            var allowedOrigin = context.OwinContext.Get <string>(Constants.KEY_CLIENT_ALLOWED_ORIGIN);

            context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });

            string hashedTokenId = Helper.GetHash(context.Token);

            //TODO: replace with IoC instead of OwinContext
            var repo = new AuthService(context.OwinContext.Get <ApplicationDbContext>());

            var formCollection = await context.Request.ReadFormAsync();

            var originToken  = formCollection[Constants.KEY_ORIGIN_TOKEN];
            var hashedOrigin = string.IsNullOrWhiteSpace(originToken) ? null : Helper.GetHash(originToken);

            var refreshToken = await repo.FindRefreshToken(hashedTokenId, hashedOrigin);

            if (refreshToken != null)
            {
                //Get protectedTicket from refreshToken class
                context.DeserializeTicket(refreshToken.ProtectedTicket);
                await repo.RemoveRefreshToken(hashedTokenId);
            }
        }
Beispiel #2
0
        public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            using (var requestScope = _ioc.BeginLifetimeScope("AutofacWebRequest"))
            {
                var          tokenService   = requestScope.Resolve(typeof(IRefreshTokenService)) as IRefreshTokenService;
                const string corsHeaderName = "Access-Control-Allow-Origin";
                var          allowedOrigin  = context.OwinContext.Get <string>("as:clientAllowedOrigin");
                if (!context.OwinContext.Response.Headers.ContainsKey(corsHeaderName))
                {
                    context.OwinContext.Response.Headers.Add(corsHeaderName, new[] { allowedOrigin });
                }

                var hashedTokenId = CryptoHelper.GetHash(context.Token);

                if (tokenService != null)
                {
                    var refreshToken = await tokenService.GetTokenTicketByIdAsync(hashedTokenId);

                    if (refreshToken != null)
                    {
                        context.DeserializeTicket(refreshToken.ProtectedTicket);
                        await tokenService.RemoveTokenByIdAsync(hashedTokenId);
                    }
                }
            }

            await Task.CompletedTask;
        }
Beispiel #3
0
        public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            try
            {
                logger.Debug("ReceiveAsync - Inicio");
                using (var refreshTokenStore = this.refreshTokenStoreFactory.Create())
                {
                    var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");

                    Helper.AddCORSHeades(context.OwinContext, allowedOrigin);

                    string hashedTokenId = CryptographyUtils.GetSHA256Hash(context.Token);

                    var refreshToken = await refreshTokenStore.FindAsync(hashedTokenId);

                    if (refreshToken != null)
                    {
                        logger.Debug("ReceiveAsync - Existe Token");
                        //Get protectedTicket from refreshToken class
                        context.DeserializeTicket(refreshToken.ProtectedTicket);
                        var result = await refreshTokenStore.Remove(hashedTokenId);

                        if (!result.Succeeded)
                        {
                            throw new Exception(string.Join(" - ", result.Errors));
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                logger.Error(ex, "ReceiveAsync");
            }
        }
Beispiel #4
0
 public override void Receive(AuthenticationTokenReceiveContext context)
 {
     if (RefreshTokens.TryRemove(context.Token, out var value))
     {
         context.DeserializeTicket(value);
     }
 }
Beispiel #5
0
 public override void Receive(AuthenticationTokenReceiveContext context)
 {
     if (_refreshTokens.TryRemove(context.Token, out string str))
     {
         context.DeserializeTicket(str);
     }
 }
Beispiel #6
0
        private static async Task <Account> GrantResourceOwnerCredentialsToken(OAuthGrantResourceOwnerCredentialsContext context, AuthRepository auth)
        {
            var token = context.OwinContext.Get <string>("token");

            if (!string.IsNullOrEmpty(token))
            {
                Guid parentRefreshToken;
                if (Guid.TryParse(token, out parentRefreshToken))
                {
                    var sessionToken = await auth.SessionTokenGetAsync(parentRefreshToken);

                    if (!object.Equals(sessionToken, null))
                    {
                        context.OwinContext.Set("parentSessionToken", sessionToken);
                        return(await auth.AccountGetAsync(sessionToken.AccountId));
                    }
                }
                else
                {
                    var tokenContext        = new OAuthRequestTokenContext(context.OwinContext, token);
                    var tokenReceiveContext = new AuthenticationTokenReceiveContext(context.OwinContext, Startup.OAuthBearerOptions.AccessTokenFormat, tokenContext.Token);
                    tokenReceiveContext.DeserializeTicket(tokenReceiveContext.Token);

                    var ticket = tokenReceiveContext.Ticket;
                    if (!object.Equals(ticket, null) && ticket.Properties.ExpiresUtc.HasValue && ticket.Properties.ExpiresUtc.Value > Startup.OAuthBearerOptions.SystemClock.UtcNow)
                    {
                        return(await auth.AccountGetAsync(ticket.Identity.Name));
                    }
                }
            }

            return(null);
        }
Beispiel #7
0
        private async Task CreateAuthenticationTicket(AuthenticationTokenReceiveContext context)
        {
            var token = await this.options.TokenManager.FindAccessTokenAsync(context.Token);

            OAuthValidateTokenContext <IAccessToken> validateContext = new OAuthValidateTokenContext <IAccessToken>(
                context.OwinContext, options, context, token);

            await options.TokenProvider.ValidateAccessToken(validateContext);

            if (validateContext.IsValidated)
            {
                context.DeserializeTicket(token.Ticket);
            }

            //var identity = await options.TokenManager.AuthenticateAccessTokenAsync(context.Token);
            //if (identity.IsAuthenticated)
            //{

            //    var props = new AuthenticationProperties
            //    {
            //        ExpiresUtc = DateTimeOffset.UtcNow.Add(this.options.AccessTokenLifetime)
            //    };

            //    if (identity.HasClaim(x => x.Type == Constants.ClaimType.Client))
            //    {
            //        props.Dictionary.Add("client_id", identity.Claims.First(x => x.Type == Constants.ClaimType.Client).Value);
            //    }

            //    return new AuthenticationTicket(identity, props);
            //}
            //else
            //{
            //    return null;
            //}
        }
Beispiel #8
0
        public override void Receive(AuthenticationTokenReceiveContext context)
        {
            //允許CORS
            context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });

            context.DeserializeTicket(context.Token);
        }
Beispiel #9
0
        public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");

            try
            {
                context.OwinContext.Response.Headers.Remove("Access-Control-Allow-Origin");
            }
            catch (Exception exception)
            {
            }
            context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });

            string hashedTokenId = WITU.API.Helper.Helper.GetHash(context.Token);


            var refreshToken = _repo.FindRefreshToken(hashedTokenId);

            if (refreshToken != null)
            {
                //Get protectedTicket from refreshToken class
                context.DeserializeTicket(refreshToken.ProtectedTicket);
                var result = _repo.RemoveRefreshToken(hashedTokenId);
            }
        }
Beispiel #10
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="context"></param>
        public void Receive(AuthenticationTokenReceiveContext context)
        {
            var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");

            if (context.OwinContext.Response.Headers.ContainsKey("Access-Control-Allow-Origin"))
            {
                context.OwinContext.Response.Headers["Access-Control-Allow-Origin"] = allowedOrigin;
            }
            else
            {
                context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
            }

            var hashedTokenId = HelperMethods.GetHash(context.Token);

            var refreshToken = AuthenticationRefreshTokenService.Get(hashedTokenId);

            if (refreshToken != null)
            {
                //Get protectedTicket from refreshToken class
                context.DeserializeTicket(refreshToken.Protectedticket);

                // TODO: Eliminar token en tarea cron
                //RefreshTokenService.Delete(refreshToken);
            }
        }
Beispiel #11
0
        public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            var allowedOrigin = context.OwinContext.Get <string>(OAuthServerProvider.Client_AllowedOriginKey);

            if (allowedOrigin == null)
            {
                allowedOrigin = "*";                        // TODO: investigate why this value is null.
            }
            context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });

            string hashedTokenId = Encryptor.GetHash(context.Token);

            using (var dbContext = new AppDatabaseContext())
            {
                var repo = new RefreshTokenRepo(dbContext);
                {
                    var refreshToken = repo.GetById(hashedTokenId);
                    if (refreshToken != null)
                    {
                        //Get protectedTicket from refreshToken class
                        context.DeserializeTicket(refreshToken.ProtectedTicket);
                        repo.Delete(hashedTokenId);
                        repo.SaveChanges();
                    }
                }
            }

            await Task.FromResult <object>(null);
        }
Beispiel #12
0
        public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");

            if (allowedOrigin == null)
            {
                allowedOrigin = "*";
            }

            context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });

            string hashedTokenId = Helper.GetHash(context.Token);

            //using (AuthService _repo = new AuthService(_configurationManager))
            //{
            var refreshToken = await _authService.FindRefreshToken(hashedTokenId);

            if (refreshToken != null)
            {
                //Get protectedTicket from refreshToken class
                context.DeserializeTicket(refreshToken.ProtectedTicket);
                var result = await _authService.RemoveRefreshToken(hashedTokenId);
            }
            //}
        }
Beispiel #13
0
        public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            //throw new NotImplementedException();
            string token = context.Token;

            context.DeserializeTicket(token);
        }
Beispiel #14
0
        public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });

            string hashedTokenId = context.Token;

            var container          = (IUnityContainer)GlobalConfiguration.Configuration.DependencyResolver.GetService(typeof(IUnityContainer));
            var refreshTokenFacade = container.Resolve <IRefreshTokenFacade>();
            var unit = container.Resolve <IUnitOfWorkAsync>();
            ////to get refresh token and not expired
            var refreshToken = refreshTokenFacade.FindRefreshTokenNotExpired(hashedTokenId);

            ////to get refresh token without validatation to the date
            //var refreshToken = await auth.FindRefreshToken(hashedTokenId);

            if (refreshToken != null)
            {
                //Get protectedTicket from refreshToken class
                context.DeserializeTicket(refreshToken.ProtectedTicket);
                //var result =  refreshTokenFacade.RemoveRefreshToken(hashedTokenId);
                //if (context.Ticket != null)
                //{
                //    context.SetTicket(context.Ticket);
                //}
            }
            else
            {
                //Add your flag to the header of the response
                context.Response.Headers.Add("X-Challenge",
                                             new[] { ((int)HttpStatusCode.NotAcceptable).ToString() });
            }
        }
Beispiel #15
0
        public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            context.AssertNotNull("context");

            var allowedOrigin = context.OwinContext.Get <string>(Core.Constants.TokenAllowedOriginKey);

            if (allowedOrigin == null)
            {
                throw new InvalidOperationException("Allowed origin not found.");
            }

            Helper.SetAccessControlAllowOrigin(context.OwinContext, allowedOrigin);

            var suppliedRefreshTokenId  = context.Token;
            var encryptedrefreshTokenId = this.encryptionService.EncryptRefreshTokenId(new RefreshTokenId(suppliedRefreshTokenId));

            var refreshToken = await this.tryGetRefreshTokenByEncryptedId.HandleAsync(new TryGetRefreshTokenByEncryptedIdQuery(encryptedrefreshTokenId));

            if (refreshToken != null)
            {
                // Get protectedTicket from refreshToken class
                context.DeserializeTicket(refreshToken.ProtectedTicket);
            }
            else
            {
                Trace.TraceWarning("Refresh token not found: " + encryptedrefreshTokenId);
            }
        }
Beispiel #16
0
        public void Receive(AuthenticationTokenReceiveContext context)
        {
            try
            {
                var refreshTokenApp = context.OwinContext.Resolve <IRefreshTokenApplication>();
                var appStore        = context.OwinContext.Get <ApplicationStore>("ApplicationStore");

                if (appStore != null)
                {
                    if (appStore.ClientAuthType == ClientAuthType.JavaScript)
                    {
                        if (!context.OwinContext.Response.Headers.ContainsKey("Access-Control-Allow-Origin"))
                        {
                            context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new string[] { context.Request.Headers["Origin"] });
                        }
                    }
                }

                var token = refreshTokenApp.Get(context.Token.URLDecode());

                if (token != null &&
                    ((token.ApplicationStoreCode.HasValue && token.ApplicationStoreCode.Value == appStore.Code) ||
                     (!appStore.Store.IsNull() && appStore.Store.IsMain)))
                {
                    context.DeserializeTicket(token.Ticket);
                    refreshTokenApp.Delete(token);
                }
            }
            catch (Exception ex)
            {
                context.Response.Set("Exception", ex);
            }
        }
Beispiel #17
0
        public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");

            context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });

            string tokenString = context.Token;
            //string tokenString = FWUtils.SecurityUtils.CreateHashString(context.Token);
            Guid tokenId = new Guid(tokenString);

            var service      = WebApiTokenEN.GetService("");
            var refreshToken = service.GetByIDT(tokenId, new GetByIDParameters());

            //string hashedTokenId = FWUtils.SecurityUtils.CreateHashString(context.Token);

            //using (AuthRepository _repo = new AuthRepository())
            //{
            //    var refreshToken = await _repo.FindRefreshToken(hashedTokenId);

            if (refreshToken != null)
            {
                //Get protectedTicket from refreshToken class
                context.DeserializeTicket(refreshToken.ProtectedTicket);
                service.Delete(refreshToken, new DeleteParameters());
            }
            //}
        }
Beispiel #18
0
        public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            string header = context.OwinContext.Request.Headers["Authorization"];

            context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });

            var token = Uri.UnescapeDataString(context.Token);

            var tokenIdHashed = HashTokenId(token);

            using (EntityFrameworkContext efContext = new EntityFrameworkContext())
            {
                var refreshToken = efContext.RefreshTokens.SingleOrDefault(rt => rt.id == tokenIdHashed); //&& rt.clientId == ""
                if (refreshToken != null)
                {
                    efContext.RefreshTokens.Remove(refreshToken);
                    efContext.SaveChanges();
                    context.DeserializeTicket(refreshToken.protectedTicket);
                }
                else
                {
                    context.Response.StatusCode   = 400;
                    context.Response.ContentType  = "application/json";
                    context.Response.ReasonPhrase = "invalid token";
                    return;
                }
            }
        }
Beispiel #19
0
        public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            try
            {
                var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin") ?? "*";
                context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });

                var hashedTokenId = Helper.GetHash(context.Token);
                using (IRepository rep = new ApplicationRepository())
                {
                    var refreshToken = await rep.RefreshTokens.FindAsync(hashedTokenId);

                    if (refreshToken != null)
                    {
                        //Get protectedTicket from refreshToken class
                        context.DeserializeTicket(refreshToken.ProtectedTicket);
                        var result = await rep.RefreshTokens.RemoveAsync(hashedTokenId);
                    }
                }
            }
            catch (Exception e)
            {
                throw e;
            }
        }
Beispiel #20
0
        public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            var allowedOrigins = context.OwinContext.Get <string>("as:clientAllowedOrigin").Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries);

            if (allowedOrigins.Any())
            {
                if (!allowedOrigins.Contains(context.OwinContext.Response.Headers["Access-Control-Allow-Origin"]))
                {
                    context.OwinContext.Response.Headers.Remove("Access-Control-Allow-Origin");
                }
            }

            using (var authenticationRepository = new AuthenticationRepository())
            {
                var refreshTokenId = context.Token.Hash();

                var refreshToken = await authenticationRepository.FindRefreshTokenAsync(refreshTokenId);

                if (refreshToken != null)
                {
                    if (refreshToken.HasExpired())
                    {
                        context.OwinContext.Set("as:refreshTokenExpired", true);
                    }

                    context.DeserializeTicket(refreshToken.ProtectedTicket);
                    await authenticationRepository.RemoveRefreshTokenAsync(refreshTokenId);
                }
            }
        }
Beispiel #21
0
        Task IAuthenticationTokenProvider.ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            /*
             *   var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin");
             * context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
             */

            // context.DeserializeTicket(context.Token);
            //  AuthenticationTicket ticket;
            string header = context.OwinContext.Request.Headers["Authorization"];

            var userid = Convert.ToInt32(context.OwinContext.Get <string>("as:user_id"));

            using (AuthRepository _repo = new AuthRepository())
            {
                var protectedTicket = _repo.Findticket(userid);

                if (protectedTicket != null)
                {
                    context.DeserializeTicket(protectedTicket);
                }
                // }
            }
            return(Task.FromResult <object>(null));
        }
Beispiel #22
0
        public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            var          tokenId = context.Token;
            RefreshToken storedToken;

            repo.TryGetValue(tokenId, out storedToken);

            var allowedOrigins = context.OwinContext.Get <List <string> >("as:clientAllowedOrigins");

            context.OwinContext.Response.Headers.Add(
                "Access-Control-Allow-Origin", allowedOrigins.ToArray());

            await Task.Delay(2);

            if (DateTime.UtcNow > storedToken.ExpiresUtc)
            {
                //    context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
                //    context.Response.ReasonPhrase = "The rtoken has expired";
                //    return;
                var a = 1;
            }
            context.DeserializeTicket(storedToken.ProtectedTicket);
            var aasd = context.Ticket;
            //context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
            //repo.Remove(tokenId);
        }
Beispiel #23
0
        /// <summary>The receive async.</summary>
        /// <param name="context">The context.</param>
        /// <returns>The <see cref="Task"/>.</returns>
        /// <exception cref="Exception"></exception>
        public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            try
            {
                var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");
                if (!context.OwinContext.Response.Headers.ContainsKey("Access-Control-Allow-Origin"))
                {
                    context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
                }

                var hashedTokenId = AuthenticationUtility.GetHash(context.Token);

                var refreshTokenController = AuthHelper.FindRefreshTokenController(hashedTokenId);
                var refreshTokenDict       = await this.authFacade.SelectAll(refreshTokenController);

                var refreshToken = refreshTokenDict.Values.FirstOrDefault();

                if (refreshToken != null)
                {
                    // Get protectedTicket from refreshToken class
                    context.DeserializeTicket(refreshToken.ProtectedTicket);

                    // var expires = context.Ticket.Properties.ExpiresUtc;
                    await this.authFacade.Delete(new List <long> {
                        refreshToken.Id
                    });
                }
            }
            catch (System.Exception ex)
            {
                throw new System.Exception("some error occured while reading the refersh token", ex);
            }
        }
Beispiel #24
0
 public Task ReceiveAsync(AuthenticationTokenReceiveContext context)
 {
     if (!string.IsNullOrEmpty(this.inMemoryProtectedData))
     {
         context.DeserializeTicket(this.inMemoryProtectedData);
     }
     return(Task.FromResult <object>(null));
 }
Beispiel #25
0
 /// <summary>
 /// 验证code
 /// </summary>
 /// <param name="authenticationTokenReceiveContext"></param>
 public void ReciveCode(AuthenticationTokenReceiveContext authenticationTokenReceiveContext)
 {
     string value;
     if (_authenticationCodes.TryRemove(authenticationTokenReceiveContext.Token, out value))
     {
         authenticationTokenReceiveContext.DeserializeTicket(value);
     }
 }
Beispiel #26
0
 public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
 {
     context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
     await Task.Run(() =>
     {
         context.DeserializeTicket(context.Token);
     });
 }
Beispiel #27
0
        protected override async Task <AuthenticationTicket> AuthenticateCoreAsync()
        {
            try
            {
                // Find token in default location
                string requestToken = Request.Query.Get("token");

                // Call provider to process the token into data
                var tokenReceiveContext = new AuthenticationTokenReceiveContext(
                    Context,
                    Options.AccessTokenFormat,
                    requestToken);

                await Options.AccessTokenProvider.ReceiveAsync(tokenReceiveContext);

                if (tokenReceiveContext.Ticket == null)
                {
                    tokenReceiveContext.DeserializeTicket(tokenReceiveContext.Token);
                }

                AuthenticationTicket ticket = tokenReceiveContext.Ticket;
                if (ticket == null)
                {
                    return(null);
                }

                // Validate expiration time if present
                DateTimeOffset currentUtc = Options.SystemClock.UtcNow;

                if (ticket.Properties.ExpiresUtc.HasValue &&
                    ticket.Properties.ExpiresUtc.Value < currentUtc)
                {
                    return(null);
                }

                // Give application final opportunity to override results
                bool validated = false;
                if (ticket != null &&
                    ticket.Identity != null &&
                    ticket.Identity.IsAuthenticated)
                {
                    // bearer token with identity starts validated
                    validated = true;
                }

                if (!validated)
                {
                    return(null);
                }

                // resulting identity values go back to caller
                return(ticket);
            }
            catch (Exception ex)
            {
                return(null);
            }
        }
Beispiel #28
0
        /// <summary>
        /// access_token
        /// </summary>
        /// <param name="context"></param>
        /// <returns></returns>
        public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {
            string value;

            if (_authenticationCodes.TryRemove(context.Token, out value))
            {
                context.DeserializeTicket(value);
            }
        }
Beispiel #29
0
        private void ReceiveAuthenticationCode(AuthenticationTokenReceiveContext context)
        {
            string value;

            if (mAuthenticationCodes.TryRemove(context.Token, out value))
            {
                context.DeserializeTicket(value);
            }
        }
Beispiel #30
0
            public override void Receive(AuthenticationTokenReceiveContext context)
            {
                string value;

                if (_database.TryRemove(context.Token, out value))
                {
                    context.DeserializeTicket(value);
                }
            }