diff --git a/.awsbox.json b/.awsbox.json deleted file mode 100644 index cfc9d72..0000000 --- a/.awsbox.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "processes": [ - "server/bin/clortho" - ], - "env": { - "CONFIG_FILES": "$HOME/config.json" - }, - "hooks": { - "postdeploy": "scripts/gen_keys.js" - } -} diff --git a/.gitignore b/.gitignore deleted file mode 100644 index b0c0a1f..0000000 --- a/.gitignore +++ /dev/null @@ -1,10 +0,0 @@ -.DS_Store -/server/config/*.json -/server/config/*.pem -/server/config/*.csr -/server/var -*~ -#*# -locale -/node_modules -/rpmbuild diff --git a/.jshintrc b/.jshintrc deleted file mode 100644 index 9c4f7ea..0000000 --- a/.jshintrc +++ /dev/null @@ -1,27 +0,0 @@ -{ - "passfail": false, - "maxerr": 100, - "node": true, - "forin": false, - "boss": true, - "noarg": true, - "undef": true, - "unused": true, - "browser": true, - "laxbreak": true, - "laxcomma": true, - "eqeqeq": true, - "eqnull": true, - "expr": true, - "indent": 2, - "white": false, - "predef": [ - "exports", - "require", - "process" - ], - "esnext": true, - "shadow": false, - "supernew": false, - "strict": false -} diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index f0e1a7f..0000000 --- a/.travis.yml +++ /dev/null @@ -1,16 +0,0 @@ -language: node_js - -before_install: - - sudo apt-get install libgmp3-dev - -before_script: - - scripts/gen_keys.js - -node_js: - - "0.8" - - "0.10" - -notifications: - email: - - lloyd@hilaiel.com - - bwong@mozilla.com diff --git a/ChangeLog b/ChangeLog deleted file mode 100644 index fd88ab2..0000000 --- a/ChangeLog +++ /dev/null @@ -1,31 +0,0 @@ -rel2014_06_20.19.26.40: - - * b75c6ba Get rid of merge commits in the changelog - * 6688d8b Add a Do Not Track policy - * 0c2612f Adding some missing properties to the package.json file - * c032b4b remove superfluous argument to getUserData() - * 2246335 refactor auth.js, improved command line testing tool, removed unneccesary LDAP reconnection - * 34c6637 fix unit tests, update pwdChangeTime to pwdChangedTime - * d734bc5 Fix for issue #114 - -rel2013_08_28.15.22.40: - - * 7129101 changed pwdChangeTime to pwdChangedTime - * 29fa434 Improve documentation on new release process, #111 - * 25f4285 Remove old train/stage tag create scripts #111 - * eb8979b update useragent to 2.0.7 to detect IE11 - * 6140471 added bigint lockdown dependency back in - * fd8f2dc Detect 3rd party cookies and show an error screen - * 85f61de Make email address field read only after password manager runs. Fixes Issue #104 - * e89639b #91 old session destroyed on password change - * 5657e90 fixes #91 User should be logged out when LDAP password changes - -rel2013_08_06.15.01.46: - - * 9a8ad5e Fix bugs in create-release.sh #111 - * b41df8c Rename create-release-tag.sh to create-release.sh #111 - * 737770d Add ChangeLog creation to create-release-tag.sh - * 5ea2b29 update readme - * ec24abf fix i18n-abide lockdown issues - * 794c302 #105 add P3P cookie if talking to IE browsers - diff --git a/README.md b/README.md index 44e7863..4a19ab6 100644 --- a/README.md +++ b/README.md @@ -1,36 +1 @@ -[![Build -Status](https://travis-ci.org/mozilla/vinz-clortho.png?branch=master)](https://travis-ci.org/mozilla/vinz-clortho) - -# Mozilla IdP - -``mozilla-idp`` is a server that implements support for Persona on the -mozilla.com domain. - -When deployed, this will allow mozillans with `mozilla.com` or -`mozillafoundation.org` email addresses to authenticate with Persona enabled -websites using their Mozilla (LDAP) password. - -## Getting Code to Production - -This is the process for getting new code into Production - -1. Do features and bug fixes in branches. Create a pull request to have new - code merged into the `master` branch -1. Create a new release tag with `scripts/create-release.sh` -1. Create an RPM from the tag -1. Create a new staging server based on the new RPM -1. Have QA test to make sure everything is OK -1. *if* tests pass, create new production systems from same version. Otherwise - go back to step 1. to fix issues. - -## Why the RPM? - -This is a quick introduction to how the Service Ops. team deploys Mozilla IdP. -For security and operational reasons we turn the application into an RPM and -deploy from our private RPM repository. - -This allows us to maintain a package that can be audited as well as very -specific versioning using RPMs. - -The scripts and processes for building the RPM exists in the -mozilla-services/svcops-oompaloompas repository. +Moved to [mozilla-services/mozilla-idp](https://github.com/mozilla-services/mozilla-idp) diff --git a/docs/DEV_NOTES.md b/docs/DEV_NOTES.md deleted file mode 100644 index 9699af3..0000000 --- a/docs/DEV_NOTES.md +++ /dev/null @@ -1,40 +0,0 @@ -# Developer Notes - -## Running locally - -### Set up Configuration - -copy server/config/local.json-dist to local.json and edit a few fields: - - ... - "ldap_bind_dn": "mail=USERNAME@mozilla.com,o=com,dc=mozilla", - ... - "ldap_server_url": "ldap://localhost:1389", - ... - -### Starting the Mock LDAP server - - $ QAUser=test QAPass=test node mock-ldap-server/server.js - -This mock server runs LDAP on localhost:1389 and a status HTTP server on localhost:3001. - -### Starting Vinz Clortho - - $ PORT=3002 ADDRESS=0.0.0.0 npm start - -### One Time Setup - -We need our well-known to be on the file system. You can put this anywhere, but we'll use this when starting BrowserID servers. - - $ curl http://localhost:3002/.well-known/browserid > [LOCAL_PATH_TO_WELL_KNOWN_FILE] - -### Starting BrowserID - -In your local browserid, set `SHIMMED_PRIMARIES`. Example: - - $ cd ../browserid - $ SHIMMED_PRIMARIES="mozilla.com|http://127.0.0.1:3002|[LOCAL_PATH_TO_WELL_KNOWN_FILE]" npm start - -You can now use `user1@mozilla.com` with password testtest and Vinz Clortho will handle the sign in flow. - -Note: 127.0.0.1 should be an IP address that your web browser can use to hit your instance of Vinz Clortho. If your using VMs, then make it an IP for the VM. \ No newline at end of file diff --git a/docs/aws-infrastructure.png b/docs/aws-infrastructure.png deleted file mode 100644 index aafd441..0000000 Binary files a/docs/aws-infrastructure.png and /dev/null differ diff --git a/docs/statsd_design.md b/docs/statsd_design.md deleted file mode 100644 index 0008cd7..0000000 --- a/docs/statsd_design.md +++ /dev/null @@ -1,32 +0,0 @@ -This project uses statsd to report application level metrics. - -The goal of statsd is to help you verify the application is -running correctly, and to facilitate problem isolation when -it's not. - -Here is the statsd hierarchy: - - * `mozillaidp` - top level bucket for all stats - * `ldap` - stats related to communication with LDAP - * `error` - counter of specific types of LDAP errors - * `auth` - counter of authentication attempts (success & failure) - * `timing` - granular timing for interactions with LDAP - * `server` - high level application events - * `uncaught_exception` - a js exception was thrown that wasn't caught - * `started` - the server started up - * `healthcheck` - status of health check when requested by load balancers - * `ok` - * `error` - * `provision` - stats about certificate provisioning - * `attempt` - HTML provisioning content was served - * `success` - certificate provisioning succeeded - * `auth` - stats about user authenticatoin - * `attempt` - HTML authentication content was served - * `throttle` - authentication failed due to throttling - * `success` - authentication succeeded and session was established - - -The ultimate source of truth is always the code, but an effort -should be made to keep this document up to date to describe the general -hierarchy so that statsd data is discoverable and easy to use as a -problem isolation tool. diff --git a/lockdown.json b/lockdown.json deleted file mode 100644 index dca275e..0000000 --- a/lockdown.json +++ /dev/null @@ -1,474 +0,0 @@ -{ - "JSONSelect": { - "0.4.0": "a08edcc67eb3fcbe99ed630855344a0cf282bb8d" - }, - "abbrev": { - "1.0.4": "bd55ae5e413ba1722ee4caba1f6ea10414a59ecd" - }, - "amdefine": { - "0.0.5": "86b6e9470f8cde955ef7daa3cf5d544ba81aa3db" - }, - "ansi": { - "0.1.2": "2627e29498f06e2a1c2ece9c21e28fd494430827" - }, - "asn1": { - "0.1.11": "559be18376d08a4ec4dbe80877d27818639b2df7" - }, - "assert-plus": { - "0.1.2": "d93ffdbb67ac5507779be316a7d65146417beef8" - }, - "async": { - "0.1.22": "0fc1aaa088a0e3ef0ebe2d8831bab0dcf8845061", - "0.2.9": "df63060fbf3d33286a76aaf6d55a2986d9ff8619" - }, - "aws-lib": { - "0.0.5": "971b8995078d83c80f2372f134c496e71b293a46" - }, - "aws-sign": { - "0.2.0": "c55013856c8194ec854a0cbec90aab5a04ce3ac5" - }, - "awsbox": { - "0.4.5": "027a9998955f09f3d6b0a10d38ea37ae381b6358" - }, - "bigint": { - "0.4.2": "5bccafb5af3924cc71eb59942fb3a64a12906e49" - }, - "boom": { - "0.3.8": "c8cdb041435912741628c044ecc732d1d17c09ea" - }, - "browserify": { - "1.13.5": "b5f0a160733779d27547885dfb598a65ef6fdaad" - }, - "buffertools": { - "1.1.0": "c1bc946a3cce722c9adaaed505e9896aa171be9c" - }, - "bunyan": { - "0.21.1": "ea00a0d5223572e31e1e71efba2237cb1915942a" - }, - "cef": { - "0.3.3": "74a521e3c5c702fe1dc240e6250a2583f885227f" - }, - "character-parser": { - "1.0.2": "55384d6afcf8c6b9dd483e8347646a790e4545e7" - }, - "cjson": { - "0.2.1": "73cd8aad65d9e1505f9af1744d3b79c1527682a5" - }, - "cli": { - "0.4.4-2": "a38c8f991df22eea0179ec16dd90fa3f3c85fa4a" - }, - "client-sessions": { - "0.3.0": "6c9993858b2009416247ae70051b88a1d5e6ee7d" - }, - "coffee-script": { - "1.6.3": "6355d32cf1b04cdff6b484e5e711782b2f0c39be" - }, - "colors": { - "0.5.1": "7d0023eaeb154e8ee9fce75dcb923d0ed1667774", - "0.6.0-1": "6dbb68ceb8bc60f2b313dcc5ce1599f06d19e67a" - }, - "combined-stream": { - "0.0.4": "2d1a43347dbe9515a4a2796732e5b88473840b22" - }, - "commander": { - "0.6.1": "fa68a14f6a945d54dbbe50d8cdb3320e9e3b1a06", - "1.1.1": "50d1651868ae60eccff0a2d9f34595376bc6b041" - }, - "commondir": { - "0.0.1": "89f00fdcd51b519c578733fec563e6a6da7f5be2" - }, - "connect": { - "1.9.2": "42880a22e9438ae59a8add74e437f58ae8e52807" - }, - "connect-fonts": { - "0.0.9": "3233b93bb78b6c7c1818892b90fd779c83447d84" - }, - "connect-fonts-opensans": { - "0.0.4": "184ce9f26b681a10a916268b1f80c4b6c9450e71" - }, - "console-browserify": { - "0.1.6": "d128a3c0bb88350eb5626c6e7c71a6f0fd48983c" - }, - "convict": { - "0.1.0": "d4b1948235196091855aaedc175374c58ae212d8" - }, - "cookie-jar": { - "0.2.0": "64ecc06ac978db795e4b5290cbe48ba3781400fa" - }, - "cookies": { - "0.2.1": "fee635ef023704893ac30387899f3dc448a52840" - }, - "cryptiles": { - "0.1.3": "1a556734f06d24ba34862ae9cb9e709a3afbff1c" - }, - "crypto-browserify": { - "0.2.3": "c98141505d90e31a1e456cb97343dc3b0f4a1a2a" - }, - "css": { - "1.0.8": "9386811ca82bccc9ee7fb5a732b1e2a317c8a3e7" - }, - "css-parse": { - "1.0.4": "38b0503fbf9da9f54e9c1dbda60e145c77117bdd" - }, - "css-stringify": { - "1.0.5": "b0d042946db2953bb9d292900a6cb5f6d0122031" - }, - "cycle": { - "1.0.2": "269aca6f1b8d2baeefc8ccbc888b459f322c4e60" - }, - "dateformat": { - "1.0.2-1.2.3": "b0220c02de98617433b72851cf47de3df2cdbee9" - }, - "debug": { - "0.7.2": "056692c86670977f115de82917918b8e8b9a10f0" - }, - "delayed-stream": { - "0.0.5": "d4b1f43a93e8296dfe02694f4680bc37a313c73f" - }, - "deputy": { - "0.0.4": "edc00a9ef5c53527c405328534c99795ada41cbf" - }, - "detective": { - "0.1.1": "f1e04fe973754c8907ae51edd3e230e380d76fe9", - "0.2.1": "9ce92601fd223810c29432ad034f8c62d8b8654f" - }, - "diff": { - "1.0.2": "4ae73f1aee8d6fcf484f1a1ce77ce651d9b7f0c9" - }, - "dtrace-provider": { - "0.2.8": "e243f19219aa95fbf0d8f2ffb07f5bd64e94fe20" - }, - "ejs": { - "0.6.1": "16ccc98eeeac166982927fa67eb3fca8865f6871" - }, - "escodegen": { - "0.0.23": "9acf978164368e42276571f18839c823b3a844df" - }, - "esprima": { - "0.9.9": "1b90925c975d632d7282939c3bb9c3a423c30490", - "1.0.3": "7bdb544f95526d424808654d3b8fbe928650c0fe" - }, - "estraverse": { - "0.0.4": "01a0932dfee574684a598af5a67c3bf9b6428db2", - "1.1.2-1": "28ff59bb3cf1272a2027e1c1541f94b23226b311" - }, - "express": { - "2.5.11": "4ce8ea1f3635e69e49f0ebb497b6a4b0a51ce6f0" - }, - "extsprintf": { - "1.0.0": "4d58b815ace5bebfc4ebf03cf98b0a7604a99b86" - }, - "eyes": { - "0.1.8": "62cf120234c683785d902348a800ef3e0cc20bc0" - }, - "filed": { - "0.1.0": "b0f626472a2366dc1194537a4eea7e7a89f3c735" - }, - "forEachAsync": { - "2.2.0": "093b32ce868cb69f5166dcf331fae074adc71cee" - }, - "forever-agent": { - "0.2.0": "e1c25c7ad44e09c38f233876c76fcc24ff843b1f" - }, - "form-data": { - "0.0.10": "db345a5378d86aeeb1ed5d553b869ac192d2f5ed" - }, - "formidable": { - "1.0.14": "2b3f4c411cbb5fdd695c44843e2a23514a43231a" - }, - "github-url-from-git": { - "1.1.1": "1f89623453123ef9623956e264c60bf4c3cf5ccf" - }, - "glob": { - "3.2.6": "28c805b47bc6c19ba3059cbdf079b98ff62442f2" - }, - "gobbledygook": { - "0.0.3": "437bb23d3ade04dd26b49e7c21e4026c6b086234" - }, - "graceful-fs": { - "1.1.14": "07078db5f6377f6321fceaaedf497de124dc9465", - "1.2.3": "15a4806a57547cb2d2dbf27f42e89a8c3451b364" - }, - "growl": { - "1.7.0": "de2d66136d002e112ba70f3f10c31cf7c350b2da" - }, - "hawk": { - "0.10.2": "9b361dee95a931640e6d504e05609a8fc3ac45d2" - }, - "hoek": { - "0.7.6": "60fbd904557541cd2b8795abf308a1b3770e155a" - }, - "http-browserify": { - "0.1.1": "d9d82735a5f85f950761ac3909ba9485ec0af4f1" - }, - "i18n-abide": { - "0.0.11": "0335f84ab550de1fc211b3169a105ac573f6efcc" - }, - "inherits": { - "2.0.0": "76c81b3b1c10ddee3a60bf2c247162bc369f8ba8" - }, - "is-promise": { - "1.0.0": "b998d17551f16f69f7bd4828f58f018cc81e064f" - }, - "jade": { - "0.26.3": "8f10d7977d8d79f2f6ff862a81b0513ccb25686c", - "0.30.0": "9ea816da61bea6fef4709b4d9f6b442f1e205ba3" - }, - "jshint": { - "2.1.2": "1fb7b77df7b8620c17d4f807945bb2d24990969e" - }, - "json-schema": { - "0.2.2": "50354f19f603917c695f70b85afa77c3b0f23506" - }, - "json-stringify-safe": { - "3.0.0": "9db7b0e530c7f289c5e8c8432af191c2ff75a5b3" - }, - "jsprim": { - "0.3.0": "cd13466ea2480dbd8396a570d47d31dda476f8b1" - }, - "jsxgettext": { - "0.1.3": "db9dd0bedd531606cdd5fd978dd75d383fd99327" - }, - "jwcrypto": { - "0.4.3": "b48ef3db136b09df0933bfa09c717fd738b56038" - }, - "keypress": { - "0.1.0": "4a3188d4291b66b4f65edb99f806aa9ae293592a" - }, - "ldapjs": { - "0.6.3": "*" - }, - "lockdown": { - "0.0.5": "6bbcc01b7d2a3894a712f135b2675a078ede24c7" - }, - "lru-cache": { - "2.2.4": "6c658619becf14031d0d0b594b16042ce4dc063d", - "2.3.0": "1cee12d5a9f28ed1ee37e9c332b8888e6b85412a" - }, - "mersenne": { - "0.0.3": "c39a3d45fee6091189ccd329107312ea8fe14d8a" - }, - "mime": { - "1.2.10": "066380acbc3d78d4f4a51004d8988425dc68b9b1", - "1.2.4": "11b5fdaf29c2509255176b80ad520294f5de92b7", - "1.2.9": "009cd40867bd35de521b3b966f04e2f8d4d13d09" - }, - "minimatch": { - "0.2.12": "ea82a012ac662c7ddfaa144f1c147e6946f5dafb" - }, - "minimist": { - "0.0.2": "3297e0500be195b8fcb56668c45b925bc9bca7ab" - }, - "mkdirp": { - "0.3.0": "1bbf5ab1ba827af23575143490426455f481fe1e", - "0.3.3": "595e251c1370c3a68bab2136d0e348b8105adf13", - "0.3.5": "de3e5f8961c88c787ee1368df849ac4413eca8d7" - }, - "mocha": { - "1.9.0": "141054b13cb03ce5ce59aece3d65d5ca01b8df0a" - }, - "moment": { - "1.7.2": "e66be344be2e9ec1d12f1e16a8ca49bf63417f4f" - }, - "monocle": { - "0.1.50": "9a7cbd0ccc10de95fd78a04b9beb2482ae4940b7" - }, - "ms": { - "0.3.0": "03edc348d613e66a56486cfdac53bcbe899cbd61" - }, - "mv": { - "0.0.5": "15eac759479884df1131d6de56bce20b654f5391" - }, - "negotiator": { - "0.2.6": "28db6bc2e442c8655325d156ff74055dc0db289c" - }, - "node-font-face-generator": { - "0.1.0-dev1": "778430ea7fb61ed9de61e8a51e0aadda29007193" - }, - "node-proxy": { - "0.6.0": "41e64712dbd947aa9d9f466b5c0b5ee020bbcbbb" - }, - "node-statsd": { - "0.0.2": "*" - }, - "node-uuid": { - "1.4.0": "07f9b2337572ff6275c775e1d48513f3a45d7a65" - }, - "nomnom": { - "1.5.2": "f4345448a853cfbd5c0d26320f2477ab0526fe2f" - }, - "nopt": { - "2.1.1": "91eb7c4b017e7c00adcad1fd6d63944d0fdb75c1" - }, - "normalize-package-data": { - "0.1.7": "f216a318a868214892e89ad80a944cddc1a79615" - }, - "npmlog": { - "0.0.4": "a12a7418606b7e0183a2851d97a8729b9a0f3837" - }, - "nub": { - "0.0.0": "b369bd32bdde66af59605c3b0520bc219dccc04f" - }, - "oauth-sign": { - "0.2.0": "a0e6a1715daed062f322b622b7fe5afd1035b6e2" - }, - "once": { - "1.1.1": "9db574933ccb08c3a7614d154032c09ea6f339e7" - }, - "oppressor": { - "0.0.1": "84b2058c9121c4c6fe632566b31ed39618bd8feb" - }, - "optimist": { - "0.2.6": "c15b750c98274ea175d241b745edf4ddc88f177b", - "0.3.1": "6680d30560193af5a55eb64394883ed7bcb98f2e", - "0.3.4": "4d6d0bd71ffad0da4ba4f6d876d5eeb04e07480b", - "0.3.7": "c90941ad59e4273328923074d2cf2e7cbc6ec0d9", - "0.6.0": "69424826f3405f79f142e6fc3d9ae58d4dbb9200" - }, - "osenv": { - "0.0.3": "cd6ad8ddb290915ad9e22765576025d411f29cb6" - }, - "pkginfo": { - "0.3.0": "726411401039fe9b009eea86614295d5f3a54276" - }, - "plist": { - "0.4.3": "812842a873aa57f98d0050bee6aaf3549b9d5798" - }, - "pooling": { - "0.4.4": "d06d7f565e9a1eec8b60bfa259c1e958a9e6ba03" - }, - "promise": { - "2.0.0": "46648aa9d605af5d2e70c3024bf59436da02b80e" - }, - "qs": { - "0.4.2": "3cac4c861e371a8c9c4770ac23cda8de639b8e5f", - "0.5.6": "31b1ad058567651c526921506b9a8793911a0384" - }, - "read-installed": { - "0.0.1": "2d9b9086ae33ae42793210f519701169edabd2e2" - }, - "read-package-json": { - "0.4.1": "a0e917cce8333444889543de9db2b1a4606baaa2" - }, - "readdirp": { - "0.2.5": "c4c276e52977ae25db5191fe51d008550f15d9bb" - }, - "relative-date": { - "1.1.1": "75c97c5446fa1146c1d250c47ca3629fb9a2e764" - }, - "request": { - "2.16.6": "872fe445ae72de266b37879d6ad7dc948fa01cad" - }, - "resolve": { - "0.2.8": "fdb17d4abb0ecaf6f80d67ac03cf290088f6c0d0" - }, - "response-stream": { - "0.0.0": "da4b17cc7684c98c962beb4d95f668c8dcad09d5" - }, - "rimraf": { - "2.1.4": "5a6eb62eeda068f51ede50f29b3e5cd22f3d9bb2" - }, - "sax": { - "0.1.5": "d1829a6120fa01665eb4dbff6c43f29fd6d61471", - "0.5.4": "a3a4e1a9cf182bb547156c5232a49a1c3732ff7d" - }, - "semver": { - "1.0.14": "cac5e2d55a6fbf958cb220ae844045071c78f676" - }, - "sequence": { - "2.2.1": "7f5617895d44351c0a047e764467690490a16b03" - }, - "shelljs": { - "0.1.4": "dfbbe78d56c3c0168d2fb79e10ecd1dbcb07ec0e" - }, - "should": { - "1.2.2": "0f03f775066d9ea2632690c917b12824fcc1d582" - }, - "sigmund": { - "1.0.0": "66a2b3a749ae8b5fb89efd4fcc01dc94fbe02296" - }, - "slide": { - "1.1.4": "2b23f1949b369ed61d22bd6570ff0320302fc8df" - }, - "sntp": { - "0.1.4": "5ef481b951a7b29affdf4afd7f26838fc1120f84" - }, - "source-map": { - "0.1.27": "f114e06a8b5c05cbc51aa1fa600e728162455eda" - }, - "stack-trace": { - "0.0.7": "c72e089744fc3659f508cdce3621af5634ec0fff" - }, - "temp": { - "0.4.0": "671ad63d57be0fe9d7294664b3fc400636678a60", - "0.5.1": "77ab19c79aa7b593cbe4fac2441768cad987b8df" - }, - "through": { - "0.1.4": "8059576d833089b3c18eccd37580bf9cc5b59130" - }, - "tmp": { - "0.0.16": "704ea0513c15375389ef5b6dde865730528f2245" - }, - "transformers": { - "2.0.1": "352131dfceb93a7532dc7535a4f142510435a394" - }, - "tunnel-agent": { - "0.2.0": "6853c2afb1b2109e45629e492bde35f459ea69e8" - }, - "ua-parser": { - "0.2.4": "c25ef577be95350d0fe1d3361597282da4e9ba71" - }, - "uglify-js": { - "1.0.6": "f0d3aafd463f26a437b9ebc19f4947ab7e8078aa", - "1.2.6": "d354b2d3c1cf10ebc18fa78c11a28bdd9ce1580d", - "2.2.5": "a6e02a70d839792b9780488b7b8b184c095c99c7" - }, - "underscore": { - "1.1.7": "40bab84bad19d230096e8d6ef628bff055d83db0", - "1.4.4": "61a6a32010622afa07963bf325203cf12239d604" - }, - "urlparse": { - "0.0.1": "d171ec4681fcd0d8bd00b64345637d89a9700876" - }, - "useragent": { - "2.0.7": "a44c07d157a15e13d73d4af4ece6aab70f298224" - }, - "validator": { - "0.4.24": "9d88e88809114a861ec69bc0ddcb85322c98499a", - "1.1.3": "0ed8cb7c3b0b8852bb853b09ef8fcde1d1d4545b" - }, - "vasync": { - "1.3.3": "84917680717020b67e043902e63bc143174c8728" - }, - "verror": { - "1.1.0": "2a4b4eb14a207051e75a6f94ee51315bf173a1b0", - "1.3.3": "8a6a4ac3a8c774b6f687fece49bdffd78552e2cd" - }, - "vm-browserify": { - "0.0.1": "51d25979366ab219dfe35a3fc65ecd6af3631d54" - }, - "vows": { - "0.5.13": "f6fd9ee9c36d3f20bd6680455cff8090c4b29cde" - }, - "walk": { - "2.2.1": "5ada1f8e49e47d4b7445d8be7a2e1e631ab43016" - }, - "winston": { - "0.7.1": "e291ab24eddbf79ea40ff532619277a0d30b0eb3" - }, - "wordwrap": { - "0.0.2": "b79669bb42ecb409f83d583cad52ca17eaa1643f" - }, - "xml2js": { - "0.1.13": "438ff3b1d85a51ad659ffc2ebe83403e10c98722" - }, - "xmlbuilder": { - "0.4.2": "1776d65f3fdbad470a08d8604cdeb1c4e540ff83" - }, - "xmldom": { - "0.1.16": "cf2602832b1ab5c3e6813fca08fe70196ba15e8c" - }, - "yamlparser": { - "0.0.2": "32393e6afc70c8ca066b6650ac6738b481678ebc" - } -} diff --git a/mock-ldap-server/README.md b/mock-ldap-server/README.md deleted file mode 100644 index 303c143..0000000 --- a/mock-ldap-server/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# About - -This is a fake LDAP server that makes it convenient to test the LDAP connection and -binding functionality without spinning up and populating a real ldap server. - -## Usage - - > node mock-ldap-server/server.js - -This will start the server and have it listen on the default LDAP port: 1389 diff --git a/mock-ldap-server/server.js b/mock-ldap-server/server.js deleted file mode 100644 index 76780b2..0000000 --- a/mock-ldap-server/server.js +++ /dev/null @@ -1,197 +0,0 @@ -#!/usr/bin/env node - -const util = require("util"), - path = require("path"), - express = require('express'); - - - -/** - * This provides *TWO*, yes *TWO* servers. - * - * 1. the Mock LDAP server that provides some basic - * users for testing - * - * 2. a HTTP server that provides an interface for changing - * LDAP data and various other tweaks to make Q/A easier - */ - -var ldap = require("ldapjs"); -var createLdapMock = require("../server/lib/ldapMock"); -var ldapMock = createLdapMock(); - - -var fakeLatency = 1; -var LDAP_LISTENING = false; -var ldapServer = null; - -function resetServer() { - - if (ldapServer && ldapServer.close) { - try { ldapServer.close(); } catch (e) {} - } - - ldapServer = ldap.createServer(); - ldapServer.bind('dc=mozilla', function(req, res, next) { - if (fakeLatency == -1 ) return; - - setTimeout(function() { - ldapMock.bindHandler.call(ldapServer, req, res, next); - }, fakeLatency); - }); - - ldapServer.search('dc=mozilla', function(req, res, next) { - if (fakeLatency == -1 ) return; - - setTimeout(function() { - ldapMock.searchHandler.call(ldapServer, req, res, next); - }, fakeLatency); - }); - - ldapServer.on('bind', function(bindEvent) { - console.log(util.format("Bind Event: Success - %s, dn: %s, credentials: %s", - bindEvent.success, bindEvent.dn, bindEvent.credentials)); - }); - - ldapServer.on('authorize', function(e) { - console.log(util.format("Auth %s, dn: %s", (e.success) ? "OK" : "FAIL", e.dn)); - }); - - - ldapServer.on('listening', function() { - console.log("LDAP SERVER LISTENING on port: " + ldapServer.port); - }); - - ldapServer.on('close', function() { - LDAP_LISTENING = false; - console.log("LDAP SERVER STOPPED LISTENING"); - }); -} - -function startLDAP() { - if (LDAP_LISTENING === true) { - return; - } - LDAP_LISTENING = true; - ldapServer.listen(1389, function() { - ldapServer.emit("listening"); - }); -} - -resetServer(); -startLDAP(); - -/** - * HTTP Back-channel server for mucking w/ things ;) - */ -if (!process.env.QAUser || !process.env.QAPass) { - console.log("NO QAUser/QAPass set"); - process.exit(1) -} else { - var QAUser = process.env.QAUser, - QAPass = process.env.QAPass; -} -app = express.createServer(); -app.use(express.basicAuth(QAUser, QAPass)); -app.use(express.bodyParser()); -app.configure(function() { - app.set('views', __dirname + '/views'); - app.set('view engine', 'ejs'); -}); - -app.get('/', function(req, res, next) { - res.render("main", { - latency: fakeLatency, - state: LDAP_LISTENING, - directory: ldapMock.directory - }); -}); - -app.post('/reset', function(req, res, next) { - fakeLatency = 1; - ldapMock = createLdapMock(); - resetServer(); - startLDAP(); - res.redirect('/'); -}); - -// Updates the LDAP database of users -app.post('/update-users', function(req, res, next) { - var dir = ldapMock.directory; - for (var email in req.body) { - for(var i=0; i ldapsearch -H ldap://localhost:1389 -x \ - -D mail=user@mozilla.com,o=com,dc=mozilla -w testtest \ - -LLL -b "dc=mozilla, o=com" mail=* - - Search by email - --------------- - > ldapsearch -H ldap://localhost:1389 -x \ - -D mail=user@mozilla.com,o=com,dc=mozilla -w testtest \ - -LLL -b "dc=mozilla, o=com" mail=user@mozilla.org - - Bind wrong w/ invalid user - -------------------------- - > ldapsearch -H ldap://localhost:1389 -x \ - -D cn=not_here,o=com,dc=mozilla -w testtest \ - -LLL -b "dc=mozilla, o=com" mail=user@mozilla.org - - Bind wrong w/ bad password - -------------------------- - > ldapsearch -H ldap://localhost:1389 -x \ - -D cn=vinz,o=com,dc=mozilla -w OOPS \ - -LLL -b "dc=mozilla, o=com" mail=user@mozilla.org - - Don't bind at all - -------------------------- - > ldapsearch -H ldap://localhost:1389 -x \ - -LLL -b "dc=mozilla, o=com" mail=* - -*/ diff --git a/mock-ldap-server/views/layout.ejs b/mock-ldap-server/views/layout.ejs deleted file mode 100644 index 7b1b1c0..0000000 --- a/mock-ldap-server/views/layout.ejs +++ /dev/null @@ -1,14 +0,0 @@ - - - - - LDAP Debugger - - - - -
- <%- body %> -
- - diff --git a/mock-ldap-server/views/main.ejs b/mock-ldap-server/views/main.ejs deleted file mode 100644 index 3d202be..0000000 --- a/mock-ldap-server/views/main.ejs +++ /dev/null @@ -1,64 +0,0 @@ -

LDAP Server Q/A Tool

- -

RESET!

- -
- -
- -

Server Status

- -
-

Current State: <%=((state==true)? "UP" : "DOWN")%>

- - - -
- - - -
- - -
- -
- -

User Editor

-
- - - - - - <% for(var i=1; i - <% if(directory[i].attributes.mail.indexOf("mozilla") == -1) { continue;} %> - - - - - <% } %> -
Email AddressPassword
<%=directory[i].attributes.mail%>
-
- -
- -
- -

Response Latency

- -
-

Current Latency: <%=((latency == -1)? "Blackhole" : latency + "ms")%>

- - - -
- - diff --git a/package.json b/package.json deleted file mode 100644 index 6f12811..0000000 --- a/package.json +++ /dev/null @@ -1,53 +0,0 @@ -{ - "author": "Ozten (http://ozten.com)", - "name": "clortho", - "description": "A server that provides Persona support for mozilla.{com,org} emails.", - "version": "0.0.0", - "licenses" : [{ - "type": "MPL 2.0", - "url": "https://mozilla.org/MPL/2.0/" - }], - "homepage": "https://github.com/mozilla/vinz-clortho", - "bugs": "https://github.com/mozilla/vinz-clortho/issues", - "repository": { - "type": "git", - "url": "https://github.com/mozilla/vinz-clortho" - }, - "main": "clortho", - "engines": { - "node": "~0.6.10" - }, - "dependencies": { - "client-sessions": "0.3.0", - "convict": "0.1.0", - "ejs": "0.6.1", - "express": "2.5.11", - "i18n-abide": "0.0.11", - "jwcrypto": "0.4.3", - "ldapjs": "https://github.com/lloyd/node-ldapjs/archive/ephemeral_port.tar.gz", - "node-statsd": "https://github.com/downloads/lloyd/node-statsd/0509f85.tgz", - "winston": "0.7.1", - "cef": "0.3.3", - "connect-fonts": "0.0.9", - "connect-fonts-opensans": "0.0.4", - "lockdown": "0.0.5", - "validator": "1.1.3", - "underscore": "1.4.4", - "useragent": "2.0.7" - }, - "devDependencies": { - "awsbox": "0.4.5", - "mocha": "1.9.0", - "should": "1.2.2", - "request": "2.16.6", - "jshint": "2.1.2", - "walk": "2.2.1", - "temp": "0.5.1", - "optimist": "0.6.0" - }, - "scripts": { - "start": "LOCAL_DEV=true node ./server/bin/clortho", - "test": "LOCAL_DEV=true mocha -R spec tests/", - "preinstall": "node ./scripts/lockdown.js" - } -} diff --git a/scripts/create-release.sh b/scripts/create-release.sh deleted file mode 100755 index 1c0f4d8..0000000 --- a/scripts/create-release.sh +++ /dev/null @@ -1,67 +0,0 @@ -# -# so all of our tags are in a consistent naming format -# -# -# Make sure everything is clean -# - -cd $(dirname $0)/../ -BASE=$PWD - -# Make sure there are no uncommited changes -# src: http://stackoverflow.com/a/3879077/445792 -git update-index -q --ignore-submodules --refresh -err=0 - -# Disallow unstaged changes in the working tree -if ! git diff-files --quiet --ignore-submodules -- -then - echo >&2 "cannot $1: you have unstaged changes." - git diff-files --name-status -r --ignore-submodules -- >&2 - err=1 -fi - -# Disallow uncommitted changes in the index -if ! git diff-index --cached --quiet HEAD --ignore-submodules -- -then - echo >&2 "cannot $1: your index contains uncommitted changes." - git diff-index --cached --name-status -r --ignore-submodules HEAD -- >&2 - err=1 -fi - -if [ $err = 1 ] -then - echo >&2 "Please commit or stash them." - exit 1 -fi - -RDATE=$(date '+%Y_%m_%d.%H.%M.%S') -TAG="rel$RDATE" -LAST_RELEASE=$(git tag --list | grep ^rel | sort -r | head -1) - -if [ ! -e $BASE/ChangeLog ]; then - touch $BASE/ChangeLog -fi - -if [ -z "$LAST_RELEASE" ]; then - echo "Error: No last release found." >&2 - exit 1 -fi - -if [ -z $(git log --pretty=format:%s "$LAST_RELEASE..HEAD") ]; then - echo "Abort: No changes since $LAST_RELEASE" >&2 - exit 1 -fi - -TMPFILE=$(mktemp /tmp/idpchangelog.XXXXX) -echo "$TAG:" > $TMPFILE -echo >> $TMPFILE -git log --no-merges --pretty=" * %h %s" "$LAST_RELEASE..HEAD" >> $TMPFILE - -echo >> $TMPFILE -cat $BASE/ChangeLog >> $TMPFILE -cat $TMPFILE -cat $TMPFILE > $BASE/ChangeLog -git add $BASE/ChangeLog -git commit -am "Create Release: $TAG" -git tag $TAG diff --git a/scripts/create-srpm.sh b/scripts/create-srpm.sh deleted file mode 100755 index dad43af..0000000 --- a/scripts/create-srpm.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/sh -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -# About: -# -# This script generates a SRPM of the source + rpm spec file to be passed -# the mock RPM build tool. See: http://fedoraproject.org/wiki/Projects/Mock -# - -set -e - -progname=$(basename $0) -TOP="$(cd $(dirname $0)/..; pwd)" # top level of the checkout -cd $TOP - -if [ $# -ne 1 ]; then - echo "Usage: $(basename $0) (GIT_SHA | GIT_TAG | GIT_BRANCH)" - exit 1 -else - VER=$1 -fi - -rm -rf rpmbuild -mkdir -p rpmbuild/SRPM rpmbuild/SOURCES rpmbuild/SPECS rpmbuild/BUILD rpmbuild/TMP -git fetch -git clone . rpmbuild/TMP &>/dev/null -cd rpmbuild/TMP -git checkout $VER &>/dev/null - -export GIT_REVISION=$(git log -1 --oneline) -export GIT_HASH=$(echo $GIT_REVISION | cut -d ' ' -f1) -export MOZIDP_VER="$(echo $VER | sed 's/-/_/g').$GIT_HASH" - -# build a tarball so we can create the source RPM correctly -tar --exclude .git \ - -czf "$TOP/rpmbuild/SOURCES/mozidp-$MOZIDP_VER.tar.gz" . - -cd $TOP -set +e - -# generate a new spec file with the version baked in -TMPFILE=$TOP/rpmbuild/SPECS/mozidp.spec -sed "s/__VERSION__/$MOZIDP_VER/g" scripts/mozidp.spec.template > $TMPFILE - -echo "Building Source RPM" -mock --root epel-6-x86_64 \ - --buildsrpm \ - --spec $TMPFILE \ - --sources $TOP/rpmbuild/SOURCES - -FILENAME=mozilla-idp-server-${MOZIDP_VER}-1.el6.src.rpm -SRPM_SOURCE=/var/lib/mock/epel-6-x86_64/result/$FILENAME - -if [ ! -e $SRPM_SOURCE ]; then - echo "Failed building SRPM" >&2 - exit 1 -fi - -mv /var/lib/mock/epel-6-x86_64/result/$FILENAME $TOP/rpmbuild/SRPM/ -echo "Wrote: $TOP/rpmbuild/SRPM/$FILENAME" diff --git a/scripts/gen_keys.js b/scripts/gen_keys.js deleted file mode 100755 index 9df85f5..0000000 --- a/scripts/gen_keys.js +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/env node -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -/* scripts/gen_keys.js creates public and private keys suitable for - key signing Persona Primary IdP's. - - Usage: - scripts/gen_keys.js - - Will create these files - - server/config/public-key.json - server/config/secret-key.json - - If these files already exist, this script will show an error message - and exit. You must remove both keys if you want to generate a new - keypair. -*/ -const jwcrypto = require("jwcrypto") - , fs = require('fs') - , assert = require("assert") - , configDir = fs.realpathSync(__dirname + "/../server/config") - , pubKeyFile = configDir + "/public-key.json" - , secretKeyFile = configDir + "/secret-key.json" ; - -require("jwcrypto/lib/algs/rs"); - -try { - assert(fs.existsSync(configDir), "Config dir" + configDir + " not found"); - assert(! fs.existsSync(pubKeyFile), "public key file: ["+pubKeyFile+"] already exists"); - assert(! fs.existsSync(secretKeyFile), "public key file: ["+secretKeyFile+"] already exists"); -} catch(e) { - console.error("Error: " + e.message); - process.exit(1); -} - -console.log("Generating keypair. (install libgmp if this takes more than a second)"); - -// wondering about `keysize: 256`? -// well, 257 = 2048bit key -// still confused? see: https://github.com/mozilla/jwcrypto/blob/master/lib/algs/ds.js#L37-L57 -jwcrypto.generateKeypair( - {algorithm: 'RS', keysize: 256}, - function(err, keypair) { - - var pubKey = keypair.publicKey.serialize() - var secretKey = keypair.secretKey.serialize() - - - fs.writeFileSync(pubKeyFile, pubKey); - console.log("Public Key saved:", pubKeyFile); - - fs.writeFileSync(secretKeyFile, secretKey); - console.log("Secret Key saved:", pubKeyFile); - } -); diff --git a/scripts/lockdown.js b/scripts/lockdown.js deleted file mode 100755 index 96b7a13..0000000 --- a/scripts/lockdown.js +++ /dev/null @@ -1,192 +0,0 @@ -#!/usr/bin/env node - -if (process.env['NPM_LOCKDOWN_RUNNING']) process.exit(0); - -console.log("NPM Lockdown is here to check your dependencies! Never fear!"); - -var http = require('http'), - crypto = require('crypto'), - exec = require('child_process').exec, - fs = require('fs'), - path = require('path'); - -try { - var lockdownJson = JSON.parse(fs.readFileSync(path.join(process.cwd(), 'lockdown.json'))); -} catch(e) { - console.log("\nERROR: I cannot read lockdown.json! run node_modules/.bin/lockdown-relock to generate!\n"); - process.exit(1); -} - -var boundPort; - -// during execution fatal errors will be appended to this list -var errors = []; - -// during execution non-fatal warnings will be appended to this list -var warn = []; - -function rewriteURL(u) { - return u.replace('registry.npmjs.org', '127.0.0.1:' + boundPort); -} - -function packageOk(name, ver, sha, required) { - if (!lockdownJson[name]) { - if (required) { - errors.push("package '" + name + "' not in lockdown.json!"); - } - return false; - } - - if (lockdownJson[name][ver] === undefined) { - if (required) { - errors.push("package version " + name + "@" + ver + " not in lockdown.json!"); - } - return false; - } - - // a '*' shasum is not checked - var wantSHA = lockdownJson[name][ver]; - if (wantSHA !== '*' && wantSHA !== sha) { - if (required) { - errors.push("package " + name + "@" + ver + " has a different checksum (" + - wantSHA + " v. " + sha + ")"); - } - return false; - } - - if (wantSHA === '*') { - warn.push("Lockdown cannot guarantee your saftey! No sha for pkg " + name + "@" + ver + - " in lockdown.json"); - } - - return true; -} - - -function rewriteVersionMD(json) { - if (typeof json === 'string') json = JSON.parse(json); - if (!json.error) { - json.dist.tarball = rewriteURL(json.dist.tarball); - - // is the name/version/sha in our lockdown.json? - if (!packageOk(json.name, json.version, json.dist.shasum, true)) return null; - } - return JSON.stringify(json); -} - -function rewritePackageMD(json) { - if (typeof json === 'string') json = JSON.parse(json); - if (!json.error) { - Object.keys(json.versions).forEach(function(ver) { - var data = json.versions[ver]; - var name = data.name; - var sha = data.dist ? data.dist.shasum : undefined; - - if (packageOk(name, ver, sha, false)) { - data.dist.tarball = rewriteURL(data.dist.tarball); - } else { - delete json.versions[ver]; - } - }); - } - return JSON.stringify(json); -} - -var server = http.createServer(function (req, res) { - if (req.method !== 'GET') { - return res.end('non GET requests not supported', 501); - } - - // what type of request is this? - // 1. specific version json metadata (when explicit dependency is expressed) - // - for these requests we should verify the name/version/sha advertised is allowed - // 2. package version json metadata (when version range is expressed - including '*') - // XXX: for these requests we should prune all versions that are not allowed - // 3. tarball - actual bits - // XXX: for these requests we should verify the name/version/sha matches something - // allowed, otherwise block the transaction - var arr = req.url.substr(1).split('/'); - var type = [ '', 'package_metadata', 'version_metadata', 'tarball' ][arr.length]; - - // let's extract pkg name and version sensitive to the type of request being performed. - var pkgname, pkgver; - if (type === 'tarball') { - pkgname = arr[0]; - var getVer = new RegExp("^" + pkgname + "-(.*)\\.tgz$"); - pkgver = getVer.exec(arr[2])[1]; - } else if (type === 'version_metadata') { - pkgname = arr[0]; - pkgver = arr[1]; - } else if (type === 'package_metadata') { - pkgname = arr[0]; - } - - var hash = crypto.createHash('sha1'); - - var r = http.request({ - host: 'registry.npmjs.org', - port: 80, - method: req.method, - path: req.url, - agent: false - }, function(rres) { - res.setHeader('Content-Type', rres.headers['content-type']); - if (type === 'tarball') res.setHeader('Content-Length', rres.headers['content-length']); - var b = ""; - rres.on('data', function(d) { - hash.update(d); - if (type != 'tarball') b += d; - else res.write(d); - }); - rres.on('end', function() { - if (type === 'tarball') { - res.end(); - } else { - if (type === 'package_metadata') { - b = rewritePackageMD(b); - } else if (type === 'version_metadata') { - b = rewriteVersionMD(b); - } - if (b === null) { - res.writeHead(404); - res.end("package installation disallowed by lockdown"); - } else { - res.setHeader('Content-Length', Buffer.byteLength(b)); - res.writeHead(rres.statusCode); - res.end(b); - } - } - }); - }); - r.end(); -}); - -server.listen(process.env['LOCKDOWN_PORT'] || 0, '127.0.0.1', function() { - boundPort = server.address().port; - - var child = exec('npm install', { - env: { - NPM_CONFIG_REGISTRY: 'http://127.0.0.1:' + boundPort, - NPM_LOCKDOWN_RUNNING: "true", - PATH: process.env['PATH'], - HOME: process.env['HOME'] - }, - cwd: process.cwd() - }, function(e) { - if (warn.length) { - console.log(); - console.log("LOCKDOWN WARNINGS:"); - warn.forEach(function(e) { console.log(" ", e); }); - console.log(); - } - if (errors.length) { - console.log(); - console.log("LOCKDOWN ERRORS:"); - errors.forEach(function(e) { console.log(" ", e); }); - console.log(); - } - process.exit(e ? 1 : 0); - }); - child.stdout.pipe(process.stdout); - child.stderr.pipe(process.stderr); -}); diff --git a/scripts/mozidp.spec.template b/scripts/mozidp.spec.template deleted file mode 100644 index 0d7160e..0000000 --- a/scripts/mozidp.spec.template +++ /dev/null @@ -1,42 +0,0 @@ -%define _rootdir /opt/mozilla-idp-server -%define version __VERSION__ - -Name: mozilla-idp-server -Version: %{version} -Release: 1%{?dist} -Summary: Mozilla IdP Server -Packager: Benson Wong -Group: Development/Libraries -License: MPL 2.0 -URL: https://github.com/mozilla/vinz-clortho -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root -AutoReqProv: no -Requires: openssl, nodejs == 0.8.24, gmp-devel -BuildRequires: gmp-devel, gcc-c++, git, make, npm, nodejs == 0.8.24 -Source: mozidp-%{version}.tar.gz - -%description -Mozilla IdP Server - -%prep -%setup -q -c - -%build -npm install -export PATH=$PWD/node_modules/.bin:$PATH -echo "$GIT_REVISION" > static/ver.txt - -%install -rm -rf %{buildroot} -mkdir -p %{buildroot}%{_rootdir} -for f in node_modules docs mock-ldap-server scripts server static tests *.json *.md; do - cp -rp $f %{buildroot}%{_rootdir}/ -done -mkdir -p %{buildroot}%{_rootdir}/config - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root,-) -%{_rootdir} diff --git a/scripts/test-auth.js b/scripts/test-auth.js deleted file mode 100755 index 201ea82..0000000 --- a/scripts/test-auth.js +++ /dev/null @@ -1,75 +0,0 @@ -#!/usr/bin/env node - -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -process.on('uncaughtException', function(err) { - console.error('uncaught exception', err); -}); - -const ldap = require('ldapjs'), - config = require('../server/lib/configuration'), - path = require('path'); - -var argv = require('optimist') -.usage('Test authentication against LDAP.\nUsage: $0') -.alias('h', 'help') -.describe('h', 'display this usage message') -.alias('u', 'url') -.describe('u', 'LDAP server url') -.default('u', 'ldaps://addressbook.mozilla.com:636') -.alias('a', 'address') -.describe('a', 'email address to authenticate (may be an alias)') -.demand('a') -.alias('p', 'password') -.describe('p', 'LDAP account password') -.demand('p') -.alias('c', 'canonical') -.describe('c', 'canonical LDAP password (required when email is an alias)'); - -var args = argv.argv; - -// request context (cookie jar, etc) -var ctx = {}; - -if (args.h) { - argv.showHelp(); - process.exit(0); -} - -var auth = require('../server/lib/auth'); - -var dn = auth.convertEmailToDN(args.c || args.a); - -auth.canonicalAddress({ - email: args.a, - dn: dn, - pass: args.p, - url: args.u -}, function(err, canonicalAddress) { - if (err) { - console.log(util.format("communication with LDAP failed (%s): %s", - err.name, err.message)); - } else { - if (canonicalAddress == args.a) { - console.log(args.a, "is canonical"); - } else { - console.log(util.format("canonical address for %s is %s", - args.a, canonicalAddress)); - } - - auth.authUser({ - url: args.u, - email: canonicalAddress, - pass: args.p - }, function (err, passed) { - if (err) { - console.log(util.format("authentication with LDAP failed (%s): %s", - err.name, err.message)); - } else { - console.log(passed); - } - }); - } -}); diff --git a/server/bin/clortho b/server/bin/clortho deleted file mode 100755 index 5692260..0000000 --- a/server/bin/clortho +++ /dev/null @@ -1,179 +0,0 @@ -#!/usr/bin/env node - -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -const path = require('path'); - - // ./server is our current working directory -process.chdir(path.dirname(__dirname)); - -const config = require('../lib/configuration'), - crypto = require('crypto'), - express = require('express'), - fs = require('fs'), - http = require('http'), - i18n = require('i18n-abide'), - p3p = require('../lib/p3p'), - routes = require('../routes').routes(), - sessions = require('client-sessions'), - statsd = require('../lib/statsd'), - util = require('util'), - logger = require('../lib/logging').logger, - font_middleware = require("connect-fonts"), - opensans = require("connect-fonts-opensans"), - validate = require('../lib/validate'); - -// log uncaught exceptions -process.on('uncaughtException', function(err) { - if (statsd) statsd.increment('server.uncaught_exception'); - logger.error(err.stack || err); -}); - -var app; - -app = express.createServer(); - -app.use(express.errorHandler()); - -app.set('views', path.join(process.cwd(), 'views')); -app.set('view engine', 'ejs'); - -// send web log messages to our logging abstraction -app.use(express.logger({ - stream: { - write: function(message){ - // trim newlines as our logger inserts them for us. - if (typeof message === 'string') message = message.trim(); - logger.info(message); - } - } -})); - -app.use(express.bodyParser()); -app.use(express.methodOverride()); - -app.use(function(req, res, next) { - // We will always be deployed behind an SSL terminator. This - // flag tells client-sessions that it's ok to send cookies which - // will only be returned over SSL. - req.connection.proxySecure = true; - if (!config.get('local_development')) { - // when we're not running local development, append STS headers to - // all requests to force browsers to use SSL - - // expires in 30 days - res.setHeader("Strict-Transport-Security", "max-age=10886400; includeSubdomains"); - } - next(); -}); - -if (config.get('local_development')) { - logger.warn("Running with insecure cookies, not appropriate for production"); -} - -app.use(sessions({ - cookieName: 'session', - secret: config.get('cookie.secret'), - duration: config.get('cookie.duration_ms'), - cookie: { - maxAge: config.get('cookie.duration_ms'), - httpOnly: true, - // only allow non-secure cookies during local development - secure: !config.get('local_development') - } -})); - -// add p3p cookie support -app.use(p3p); - -app.use(font_middleware.setup({ - fonts: [ opensans ], - ua: "all", - maxage: 180 * 24 * 60 * 60 * 1000, // 180 days - compress: true, - allow_origin: "*" -})); - -app.use(express.csrf()); - -app.use(i18n.abide({ - supported_languages: config.get('supported_languages'), - default_lang: config.get('default_lang'), - debug_lang: config.get('debug_lang'), - locale_directory: config.get('locale_directory') -})); - -// set up local variables available to templates -app.use(function(req, res, next) { - // delete the supplied CSRF token at this point, it's already been checked and - // subsequent API endpoints perform rigorous input validation. - if (req.body && req.body._csrf) delete req.body._csrf; - res.local('csrf_token', req.session._csrf); - res.local('browserid_server', config.get('browserid_server')); - var s = req.session || null; - res.local('session', s); - next(); -}); - -// all API requests should be uncachable -app.use(function(req, res, next) { - if (/^\/api\//.test(req.url)) { - res.setHeader('Cache-Control', 'no-cache, max-age=0'); - } - next(); -}); - -// documents -app.get('/.well-known/browserid', routes.well_known_browserid); -app.get('/', routes.welcome); -app.get('/sign_in', routes.signin); -app.get('/provision', routes.provision); - -// monitoring -app.get('/node_status', routes.elb_check); -app.get('/ldap_status', routes.checkStatus); - -// APIs -app.get('/api/session_context', routes.session_context); -app.post('/api/sign_in', validate({ - user: 'email', - pass: 'password' -}), routes.check_signin); -app.post('/api/provision', validate({ - user: 'email', - pubkey: 'pubkey' -}), routes.provision_key); - -// for testing -app.get('/signout', routes.signout); - -// static files -app.use(express.static(path.join(process.cwd(), '..', 'static'))); -app.use(routes.handle404); - -var dntPolicy = fs.readFileSync(path.join(process.cwd(), '..', 'static', 'dnt-policy.txt')).toString(); -app.get('/.well-known/dnt-policy.txt', function(req, res) { - res.setHeader('Content-Type', 'text/plain; charset=utf8'); - res.send(dntPolicy); -}); - -function startup(cb) { - app.listen(config.get('http_port'), config.get('http_address'), function(err) { - statsd.increment('server.started'); - if (cb) cb(err, app.address()); - }); -} - -// allow clortho to be invoked from the command line or as a library -// ref: http://stackoverflow.com/a/6398335/445792 -if (require.main === module) { - // command line invocation - startup(function(err, address) { - logger.info(util.format("running on http://%s:%s", - address.address, address.port)); - }); -} else { - exports.startup = startup; -} diff --git a/server/config/local.json-dist b/server/config/local.json-dist deleted file mode 100644 index 14adb7f..0000000 --- a/server/config/local.json-dist +++ /dev/null @@ -1,19 +0,0 @@ -{ - "basic_auth_realm": "Basic realm=\"Mozilla Corporation - LDAP Login\"", - "browserid_server": "http://127.0.0.1:10002", - "cookie": { - "secret": "YOU MUST CHANGE ME", - "duration": 86400000 - }, - "default_lang": "en-US", - "debug_lang": "it-CH", - "http_port": 3000, - "issuer": "dev.clortho.mozilla.org", - "ldap_bind_dn": "mail=USERNAME@mozilla.com,o=com,dc=mozilla", - "ldap_bind_password": "password", - "ldap_server_url": "ldaps://addressbook.mozilla.com:636", - "locale_directory": "locale", - "signin_method": "basicauth", - "supported_languages": ["en-US"], - "use_https": true -} diff --git a/server/lib/auth.js b/server/lib/auth.js deleted file mode 100644 index 54e3fbf..0000000 --- a/server/lib/auth.js +++ /dev/null @@ -1,328 +0,0 @@ -// vim: shiftwidth=2 -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -const ldap = require('ldapjs'), - config = require('./configuration'), - logger = require('./logging').logger, - statsd = require('../lib/statsd'), - util = require('util'), - _ = require('underscore'), - fs = require('fs'); - -// check required configuration at startup -[ 'ldap_server_url', 'ldap_bind_dn', 'ldap_bind_password' ].forEach(function(k) { - if (!config.has(k)) { - logger.error(util.format("Configuration error, you must specifiy '%s'", k)); - process.exit(1); - } -}); - -// create and connect an LDAP client, populate the options block -function createClient(opts, cb) { - var connectStartTime = new Date(); - - if (typeof opts !== 'object' || opts === null) throw new Error('invalid options parameter'); - opts.url = opts.url || config.get('ldap_server_url'); - opts.errorCallback = opts.errorCallback || function(err) { - logger.warn(util.format('LDAP connection ended with unhandled error: %s', err)); - }; - - cb = _.once(cb); - - var client = ldap.createClient({ - url: opts.url, - connectTimeout: opts.connectTimeout || config.get('ldap_server_connect_timeout') - }); - - var connected = false; - - client.on('close', function(err) { - if (!connected) { - err = "connect failed"; - } - if (err) { - if (opts.errorCallback) opts.errorCallback(err); - opts.errorCallback = null; - } - }); - - client.on('error', function(err) { - if (opts.errorCallback) { - opts.errorCallback(err); - } - opts.errorCallback = null; - }); - - client.on('connect', function() { - statsd.timing('ldap.timing.connect', new Date() - connectStartTime); - connected = true; - cb(null, client); - }); -} - -function checkOpts(required, got) { - if (typeof got !== 'object' || got === null) { - throw new Error("missing options object"); - } - got = Object.keys(got); - var missing = _.difference(required, got); - if (missing.length) { - throw new Error("missing required parameters: " + missing.join(', ')); - } -} - -/* check if we can authenticate to an ldap server. arguments include: - * url: url to LDAP server - * dn: LDAP distinguished name to bind - * pass: credentials associated with DN - */ -exports.checkBindAuth = function(opts, cb) { - opts.dn = opts.dn || config.get('ldap_bind_dn'); - opts.pass = opts.pass || config.get('ldap_bind_password'); - - return exports.authUser(opts, cb); -}; - -// fetches the user's LDAP entry and returns an -// object with mail, zimbraAlias and employeeType attributes -function getUserData(opts, cb) { - - // required parameters - checkOpts([ 'email', 'dn', 'pass' ], opts); - - // 'boundClient' is an optional parameter. When supplied, - // we will use an existing bound LDAP connection rather than - // opening a new one. - - // determine the search bases - var domain = opts.email.split('@')[1]; - var searchBases = config.get('ldap_search_bases')[domain]; - if (!searchBases) { - process.nextTick(function() { - cb(util.format("unsupported domain: %s", domain)); - }); - return; - } - - function withClient(client) { - /** - * This hairy bit of code allows us to search multiple - * base levels of the ldap directory. This exists for several - * reasons: - * - * a) we want to be able to use our mock LDAP server to test with - * - * b) our mock ldap server (ldapjs) does not support extensible - * filtering, otherwise we could search with this filter: - * - * (&(|(mail='+mail+')(zimbraAlias='+mail+'))(|(o:dn:=org)(o:dn:=com))) - * - * and only need one request to the server - * - * c) it is worth the tradeoff(?) of multiple searches, more latency, - * more bandwidth and more complex code to have and easily - * testable code base. - * - * d) it's compatible with Active Directory now ... - * - */ - - function searchForEmail(searchBase, mail, searchCallback) { - // no more bases left to search - if (!searchBase) return searchCallback(null, []); - - client.search(searchBase, { - scope: 'sub', - filter: '(|(mail='+opts.email+')(zimbraAlias='+opts.email+'))', - attributes: ['mail', 'zimbraAlias', 'employeeType', 'pwdChangedTime'] - }, function(err, res) { - - var results = []; - - if (err) { - logger.warn('error during LDAP search' + err.toString()); - return searchCallback(err, false); - } - - res.on('searchEntry', function(entry) { - results.push(entry.object); - }); - - res.on('end', function() { - if (results.length === 0) { - searchForEmail(searchBases.shift(), opts.email, searchCallback); - } else { - searchCallback(null, results); - } - }); - }); - } - - // search searching... - searchForEmail(searchBases.shift(), opts.email, cb); - } - - if (opts.boundClient) { - withClient(opts.boundClient); - } else { - createClient(opts, function(err, client) { - - // ensure unbind() is called. - cb = _.compose(function() { - client.unbind(); - }, cb); - - client.bind(opts.dn, opts.pass, function(err) { - if (err) { - logger.warn("Could not bind to get user data"); - return cb(err, false); - } - - withClient(client); - }); - }); - } -} - -// convert a (canonical) email address to a DN -exports.convertEmailToDN = function(email) { - // is this a supported domain? - var searchBases = config.get('ldap_search_bases'); - var domain = email.split('@')[1]; - if (!searchBases[domain]) { - throw new Error(util.format("unsupported domain: %s", domain)); - } - return util.format("mail=%s,%s", email, searchBases[domain][0]); -}; - -// given an object, add default .dn and .pass if they do not exist -function addDefaultCredentials(opts) { - if (!opts.dn) { - opts.dn = config.get('ldap_bind_dn'); - if (opts.pass) throw new Error("providing a password without a DN is meaningless"); - opts.pass = config.get('ldap_bind_password'); - } -} - -// given an email, map it to a canonical address -exports.canonicalAddress = function(opts, cb) { - addDefaultCredentials(opts); - checkOpts([ 'email', 'dn', 'pass' ], opts); - getUserData(opts, function(err, results) { - if (err) return cb(err, false); - - if (results.length !== 0) { - cb(null, results[0].mail); - } else { - err = "Could not find user: " + opts.email; - logger.warn(err); - cb(err, false); - } - }); -}; - -exports.authUser = function(opts, cb) { - // opts.email - a user email to authenticate as - // opts.dn - the dn to authenticate as - - // ensure cb is called only once - cb = _.once(cb); - - // if email is provided, we assume it is the canonical ldap account and - // convert it into a bind dn - if (opts.email) { - if (opts.dn) throw new Error(".dn and .email are mutually exclusive"); - try { - opts.dn = exports.convertEmailToDN(opts.email); - } catch(e) { - process.nextTick(function() { cb(e); }); - return; - } - } - - checkOpts([ 'dn', 'pass' ], opts); - - opts.errorCallback = function(err) { - cb(err); - }; - - var authStartTime = new Date(); - - // 1. connect to LDAP server - createClient(opts, function(err, client) { - if (err) return cb(err); - - // ensure unbind() is called. - cb = _.compose(function() { - client.unbind(); - }, cb); - - // 2. bind as target user - client.bind(opts.dn, opts.pass, function(err) { - statsd.timing('ldap.timing.auth', new Date() - authStartTime); - if (err) { - statsd.increment('ldap.auth.wrong_password'); - logger.warn('Wrong credentials for user', opts.dn, err); - cb(err, false); - } else { - statsd.increment('ldap.auth.success'); - - /* only fetch extra info. if we are searching by email. - * this happens only when a user is signing on. - * I should also note, doing this because getUserData - * only takes an email address to locate the *right* - * record in our LDAP directory - */ - if (opts.email) { - // fetch some info about the user - getUserData(opts, function(err, results) { - if (err) { - statsd.increment('ldap.auth.fetch_data_error'); - logger.warn("Could not fetch data for user", opts.dn, err); - cb(err, false); - return; - } - - cb(null, { - email: opts.email, - zimbraAlias: results[0].zimbraAlias || "", - pwdChangedTime: results[0].pwdChangedTime || "" - }); - }); - } else { - cb(null, {}); - } - } - }); - }); -}; - -exports.userMayUseEmail = function(opts, cb) { - // opts.user - canonical user - // opts.email - possibly an alias - - addDefaultCredentials(opts); - checkOpts([ 'user', 'email', 'dn', 'pass' ], opts); - - getUserData(opts, function(err, results) { - if (err) return cb(err); - - if (results.length === 0) return cb("User not found or disabled"); - - if (results[0].mail !== opts.user) { - return cb(util.format("%s does not own not %s", opts.user, opts.email)); - } - - if (results[0].employeetype === "DISABLED") { - return cb(util.format("%s account is disabled"), opts.user); - } - - return cb(null, { - email: opts.email, - zimbraAlias: results[0].zimbraAlias || "", - pwdChangedTime: results[0].pwdChangedTime || "" - }); - }); -}; diff --git a/server/lib/configuration.js b/server/lib/configuration.js deleted file mode 100644 index a55aaf1..0000000 --- a/server/lib/configuration.js +++ /dev/null @@ -1,132 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -const convict = require('convict'), - fs = require('fs'), - path = require('path'); - -var conf = module.exports = convict({ - browserid_server: { format: "url", default: "https://login.persona.org", }, - // configuration for "cef" logging, which is used to inject application level - // security events into syslog - security_logging: { - vendor: { format: 'string', default: "Mozilla" }, - product: { format: 'string', default: "mozilla-idp" }, - version: { format: 'string', default: "0.0.0" }, - syslog_tag: { format: 'string', default: "mozilla-idp" }, - syslog_host: { - doc: 'Host where syslog service is listening', - format: 'string', - default: "127.0.0.1", - env: 'CEF_SYSLOG_HOST' - }, - syslog_port: { - doc: 'Port on which syslog service will receive UDP messages', - format: 'integer', - default: 514, - env: 'CEF_SYSLOG_PORT' - } - }, - certificate_validity_s: { - doc: 'the amount of time certificates are valid', - format: 'int', - default: (5 * 60) // five minute default certification validity. - }, - cookie: { - secret: { format: 'string', default: "YOU MUST CHANGE ME" }, - duration_ms: { format: 'int', default: (24 * 60 * 60 * 1000) } - }, - default_lang: { format: 'string', default: 'en-US' }, - debug_lang: { format: 'string', default: "it-CH" }, - domain_mapping: { - doc: "Testing feature: Allows users to type in a testing domain to trigger the Mozilla IdP, but have their emails rewritten to mozilla domains", - format: Object, - default: { - "mozilla.personatest.org": "mozilla.com" - }, - }, - http_port: { format: 'int', env: "PORT", default: 3000 }, - http_address: { format: 'string', env: "ADDRESS", default: '127.0.0.1' }, - issuer: { format: 'string', default: "mozilla.personatest.org" }, - ldap_bind_dn: { format: 'string', default: "mail=USERNAME@mozilla.com,o=com,dc=mozilla" }, - ldap_bind_password: { format: 'string', default: "password" }, - ldap_server_url: { - format: 'string', - default: "ldaps://ldap.mozilla.org:636", - env: 'LDAP_SERVER_URL' - }, - ldap_search_bases: { - doc: "The search bases for supported domains. Both restricts the domains we support and provides configurable LDAP search base strings", - format: Object, - default: { - "mozillafoundation.org": [ "o=org,dc=mozilla", "o=com,dc=mozilla" ], - "mozilla.com": [ "o=com,dc=mozilla", "o=org,dc=mozilla" ] - } - }, - ldap_server_connect_timeout: { format: 'int', default: 10000 }, - locale_directory: { format: 'string', default: "locale" }, - statsd: { - host: { format: "string", default: "127.0.0.1" }, - port: { format: "int", default: 8125 } - }, - supported_languages: { - doc: "List of languages this deployment should detect and display localized strings.", - format: Array, - default: [ "en-US" ], - env: 'SUPPORTED_LANGUAGES' - }, - config_path: { - doc: "The path where deployment specific resources, such as keys, will be sought.", - format: 'string', - env: 'CONFIG_PATH', - default: "" - }, - auth_lockout_ms: { - doc: "The amount of time to lockout a user upon successive fail auth attemtps", - format: 'int', - default: (5 * 60 * 1000) - }, - auth_lockout_attempts: { - doc: "The number of failed authentcation attempts before a user will be locked out", - format: 'int', - default: 5 - }, - local_development: { - doc: "Run in local development mode, disables secure cookies", - format: 'boolean', - default: false, - env: 'LOCAL_DEV' - } -}); - -var dev_config_path = path.join(__dirname, '..', 'config', 'local.json'); - -if (! process.env.CONFIG_FILES && - fs.existsSync(dev_config_path)) { - process.env.CONFIG_FILES = dev_config_path; -} - -// handle configuration files. you can specify a CSV list of configuration -// files to process, which will be overlayed in order, in the CONFIG_FILES -// environment variable -if (process.env.CONFIG_FILES) { - var files = process.env.CONFIG_FILES.split(','); - files.forEach(function(file) { - var c = JSON.parse(fs.readFileSync(file, 'utf8')); - conf.load(c); - }); -} - -// if var path has not been set, let's default to var/ -// XXX: due to a bug in convict, .has() seems to not be working properly, -// thus we must explicitly check for the empty string -if (conf.get('config_path') === "") { - conf.set('config_path', path.join(__dirname, "..", "config")); -} - -// massage bind address to something node will understand -if ([ '0.0.0.0', '*' ].indexOf(conf.get('http_address')) !== -1) { - conf.set('http_address', null); -} - diff --git a/server/lib/crypto.js b/server/lib/crypto.js deleted file mode 100644 index 431ec55..0000000 --- a/server/lib/crypto.js +++ /dev/null @@ -1,52 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -const jwcrypto = require("jwcrypto"), - fs = require("fs"), - assert = require("assert"), - cert = jwcrypto.cert, - config = require('./configuration'); - -// load desired algorithms -require("jwcrypto/lib/algs/rs"); -require("jwcrypto/lib/algs/ds"); - -// TODO move these to a shared constants/config file eventually -// and share it with scripts/gen_keys.js -var configDir = fs.realpathSync(config.get('config_path')); -var pubKeyFile = configDir + "/public-key.json"; -var secretKeyFile = configDir + "/secret-key.json"; - -// Load Pub/Private keys from the filesystem, exit loudly if you can't read them -var missingFileErr = null; -if (!fs.existsSync(pubKeyFile)) missingFileErr = "Public Key file ["+ pubKeyFile + "] does not exist"; -if (!fs.existsSync(secretKeyFile)) missingFileErr = "Secret Key file ["+secretKeyFile+"] does not exist"; -if (missingFileErr) { - console.error('ERROR:', missingFileErr); - console.log("\n---> run scripts/gen_keys.js to fix this\n"); - console.log(); - process.exit(1); -} - -var _privKey = jwcrypto.loadSecretKey(fs.readFileSync(secretKeyFile)); -exports.pubKey = fs.readFileSync(pubKeyFile); - -exports.cert_key = function(pubkey, email, duration_s, cb) { - var pubKey = jwcrypto.loadPublicKey(pubkey); - - var expiration = new Date(); - var iat = new Date(); - - expiration.setTime(new Date().valueOf() + (duration_s * 1000)); - - // Set issuedAt to 10 seconds ago. Pads for verifier clock skew - iat.setTime(iat.valueOf() - (10 * 1000)); - - cert.sign( - {publicKey: pubKey, principal: {email: email}}, - {issuer: config.get('issuer'), issuedAt: iat, expiresAt: expiration}, - null, - _privKey, - cb); -}; diff --git a/server/lib/email_rewrite.js b/server/lib/email_rewrite.js deleted file mode 100644 index 80fd17a..0000000 --- a/server/lib/email_rewrite.js +++ /dev/null @@ -1,14 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -const config = require('./configuration.js'); - -module.exports = function(email) { - var domainMapping = config.get('domain_mapping'); - var parts = email.split('@'); - if (parts.length === 2 && domainMapping[parts[1]]) { - email = parts[0] + '@' + domainMapping[parts[1]]; - } - return email; -}; diff --git a/server/lib/ldapMock.js b/server/lib/ldapMock.js deleted file mode 100644 index b233212..0000000 --- a/server/lib/ldapMock.js +++ /dev/null @@ -1,155 +0,0 @@ -/* - * Mock LDAP server, useful for testing and development - * - */ - -const ldap = require("ldapjs"); - -module.exports = function() { - - var i = 0; - - // mmmmm... all passwords are "testtest" - var directory = [ - // the vinz clortho binds as this user - {dn: "cn=vinz, o=com, dc=mozilla", attributes: { cn: "vinz", password: "testtest" }}, - - // for testing of actual live hosts - {dn: "mail=user@clortho.personatest.org, o=com, dc=mozilla", - attributes: { mail: "user@clortho.personatest.org" }} - ]; - - // Create some Testing users - for(i=1; i <= 6; i++) { - directory.push({ - dn: "mail=user"+i+"@mozilla.com, o=com, dc=mozilla", - attributes: { - // note only use lowercase attribute names, seems to be an ldapjs - // implementationd detail - mail: "user"+i+"@mozilla.com", - zimbraalias: 'alias'+i+"@mozilla.com", - password:"testtest", - employeetype: "Tester", - pwdChangedTime: "12345Z" - } - }); - } - - for(i=1; i <= 6; i++) { - directory.push({ - dn: "mail=user"+i+"@mozillafoundation.org, o=org, dc=mozilla", - attributes: { - mail: "user"+i+"@mozillafoundation.org", - zimbraalias: 'alias'+i+"@mozillafoundation.org", - password: "testtest", - employeetype: "Tester", - pwdChangedTime: "12345Z" - } - }); - } - - // add a .org mail under o=com - directory.push({ - dn: "mail=user_a@mozilla.com, o=com, dc=mozilla", - attributes: { - // note only use lowercase attribute names, seems to be an ldapjs - // implementationd detail - mail: "user_a@mozilla.com", - zimbraalias: 'test_a@mozillafoundation.org', - password:"testtest", - employeetype: "Tester", - pwdChangedTime: "12345Z" - } - }); - - // add a .com under o=org - directory.push({ - dn: "mail=user_a@mozillafoundation.org, o=org, dc=mozilla", - attributes: { - // note only use lowercase attribute names, seems to be an ldapjs - // implementationd detail - mail: "user_a@mozillafoundation.org", - zimbraalias: 'test_a@mozilla.com', - password:"testtest", - employeetype: "Tester", - pwdChangedTime: "12345Z" - } - }); - - function bindHandler(req, res, next) { - var bindDN = req.dn.toString(); - var credentials = req.credentials; - for(var i=0; i < directory.length; i++) { - if(directory[i].dn === bindDN && - credentials === directory[i].attributes.password && - directory[i].attributes.employeetype !== 'DISABLED') { - - this.emit('bind', { - success: true, - dn: bindDN, - credentials: credentials - }); - - res.end(); - return next(); - } - } - - this.emit('bind', { - success: false, - dn: bindDN, - credentials: credentials - }); - - return next(new ldap.InvalidCredentialsError()); - } - - function searchHandler(req, res, next) { - directory.forEach(function(user) { - // this test is pretty dumb, make sure in the directory - // that things are spaced / cased exactly - - if (user.dn.indexOf(req.dn.toString()) === -1) { - return; - } - - if (req.filter.matches(user.attributes)) { - res.send(user); - } - }); - - res.end(); - return next(); - } - - // some middleware to make sure the user has a successfully bind - function authorize(req, res, next) { - for(var i=0; i < directory.length; i++) { - if (req.connection.ldap.bindDN.equals(directory[i].dn)) { - this.emit('authorize', { - success: true, - dn: req.connection.ldap.bindDN - }); - return next(); - } - } - - this.emit('authorize', { - success: false, - dn: req.connection.ldap.bindDN - }); - - return next(new ldap.InsufficientAccessRightsError()); - } - - var ldapServer = ldap.createServer(); - ldapServer.bind('dc=mozilla', bindHandler); - ldapServer.search('dc=mozilla', [authorize], searchHandler); - - return { - directory: directory, - server: ldapServer, - bindHandler: bindHandler, - searchHandler: searchHandler - }; -}; diff --git a/server/lib/logging.js b/server/lib/logging.js deleted file mode 100644 index 8979fc8..0000000 --- a/server/lib/logging.js +++ /dev/null @@ -1,14 +0,0 @@ -/* a tiny wrapper around winston that let's us route all logging in the - * application through winston, and at a later point - * do more complex things with logging configuration per environment if - * needed */ - -// simply export winston -exports.logger = require('winston'); - -// enable logging of uncaught exceptions -exports.logger.handleExceptions(new exports.logger.transports.Console()); - -exports.disable = function() { - exports.logger.remove(exports.logger.transports.Console); -}; diff --git a/server/lib/p3p.js b/server/lib/p3p.js deleted file mode 100644 index 287fd0e..0000000 --- a/server/lib/p3p.js +++ /dev/null @@ -1,22 +0,0 @@ - -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -var useragent = require('useragent'), - policy = 'CP="This is not a P3P policy, but Mozilla deeply cares about ' + - 'your privacy. See http://www.mozilla.org/persona/privacy-policy ' + - 'for more."'; - -// add 'P3P' headers so that IE8, with default security settings, will allow -// us to set third-party cookies. Only add the headers in that case, saving -// bytes for all the other browsers. #2340 -module.exports = function(req, res, next) { - var browser = useragent.parse(req.headers['user-agent']); - if (browser.family === 'IE') { - res.on('header', function() { - res.setHeader('P3P', policy); - }); - } - next(); -}; diff --git a/server/lib/security_logging.js b/server/lib/security_logging.js deleted file mode 100644 index 9e03deb..0000000 --- a/server/lib/security_logging.js +++ /dev/null @@ -1,21 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -/* Security logging via 'CEF' is intended to report security events - * that could not be caused by non-malicious usage of the system. - * - * Some basic guidance with respect to "what to log" are here: - * - https://wiki.mozilla.org/Security/Users_and_Logs#What_to_Log - * - * With respect to the Mozilla IdP, event to log will be of the - * nature - 5 password failures in a row. - */ - -var cef = require('cef'), - conf = require('./configuration.js'); - -module.exports = new cef.Logger(conf.get('security_logging')); - - - diff --git a/server/lib/statsd.js b/server/lib/statsd.js deleted file mode 100644 index c809c70..0000000 --- a/server/lib/statsd.js +++ /dev/null @@ -1,23 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -const -StatsD = require("node-statsd").StatsD, -config = require('./configuration'), -logger = require('./logging').logger; - -// report statistics with a "mozillaidp" prefix. -const PREFIX = "mozillaidp."; - -var statsd = new StatsD(config.get('statsd.host'), config.get('statsd.port')); - -// start by exporting a stubbed no-op stats reporter -module.exports = { - timing: function(s, v) { - if (statsd) { statsd.timing(PREFIX + s, v); } - }, - increment: function(s, v) { - if (statsd) { statsd.increment(PREFIX + s, v); } - } -}; diff --git a/server/lib/throttle.js b/server/lib/throttle.js deleted file mode 100644 index 84b26e3..0000000 --- a/server/lib/throttle.js +++ /dev/null @@ -1,54 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -/* A simple in-memory throttle for failed authentication. This being - * in memory means a couple things: - * * For multiple server deployments, authenticationt throttling - * counts are node-local - * * client code should not add failed authentication attempts - * for non-existant users, lest a remote attacker can fatally bloat - * process memory - */ - -var config = require('./configuration'); - -/* keep track of failed authentication attempt. Keys are email addresses, - * values include `time` (time of last failure) and `count` (the number - * of consecutive failures */ -var fails = {}; - -exports.check = function(email, cb) { - if (fails[email]) { - if ((new Date() - fails[email].time) > config.get('auth_lockout_ms')) { - delete fails[email]; - } - } - - if (!cb) return; - - process.nextTick(function() { - if (fails[email] && - fails[email].count >= config.get('auth_lockout_attempts')) { - cb("lockout"); - } else { - cb(null); - } - }); -}; - -exports.failed = function(email, cb) { - if (!fails[email]) { - fails[email] = { count: 0 }; - } - - fails[email].count++; - fails[email].time = new Date(); - - if (cb) process.nextTick(cb); -}; - -exports.clear = function(email, cb) { - if (fails[email]) delete fails[email]; - if (cb) process.nextTick(cb); -}; diff --git a/server/lib/validate.js b/server/lib/validate.js deleted file mode 100644 index e33060b..0000000 --- a/server/lib/validate.js +++ /dev/null @@ -1,145 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -// a teensy tinsy module to do parameter validation. A good candiate for future -// librification. -// -// usage: -// -// const validate = require('validate.js'); -// -// app.post('/wsapi/foo', validate({ -// email: 'email', -// site: "origin" -// }), function(req, resp) { -// // handler that uses .params -// }); - -const -logger = require('./logging.js').logger, -check = require('validator').check; - -var hostnameRegex = /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$/; - -var types = { - email: function(x) { - check(x).isEmail(); - }, - email_type: function(x) { - check(x).isIn([ 'primary', 'secondary' ]); - }, - password: function(x) { - check(x).len(6,80); - }, - boolean: function(x) { - if (typeof x !== 'boolean') throw "boolean required"; - }, - token: function(x) { - check(x).len(48,48).isAlphanumeric(); - }, - assertion: function(x) { - check(x).len(50,10240).regex(/[0-9a-zA-Z~_\-]+/); - }, - pubkey: function(x) { - check(x).len(50,10240); - JSON.parse(x); - }, - hostname: function(x) { - check(x).is(hostnameRegex); - }, - origin: function(x) { - /* origin regex - /^ // beginning - https?:\/\/ // starts with http:// or https:// - (?=.{1,254}(?::|$)) // hostname must be within 1-254 characters - (?: // match hostname part (....) - (?!-) // cannot start with a dash (allow it to start with a digit re issue #2042) - (?![a-z0-9\-]{1,62}- // part cannot end with a dash - (?:\.|:|$)) // (end of part will be '.', ':', or end of str) - [a-z0-9\-]{1,63}\b // part will be 1-63 letters, numbers, or dashes - (?!\.$) // final part cannot end with a '.' - \.? // part followed by '.' unless final part - )+ // one or more hostname parts - (:\d+)? // optional port - $/i; // end; case-insensitive - */ - var regex = /^https?:\/\/(?=.{1,254}(?::|$))(?:(?!-)(?![a-z0-9\-]{1,62}-(?:\.|:|$))[a-z0-9\-]{1,63}\b(?!\.$)\.?)+(:\d+)?$/i; - if (typeof x !== 'string' || !x.match(regex)) { - throw new Error("not a valid origin"); - } - } -}; - -module.exports = function (params) { - // normalize the parameters description, verify all specified types are present - if (Array.isArray(params) || typeof params !== 'object' || typeof params === null) { - throw "argument to validate must be an object, not a " + (typeof params); - } - - Object.keys(params).forEach(function(p) { - var v = params[p]; - if (typeof v === 'string') { - v = { type: v }; - } - if (typeof v.required === "undefined") v.required = true; - - if (!types[v.type]) throw "unknown type specified in WSAPI:" + v.type; - params[p] = v; - }); - - return function(req, resp, next) { - var reqParams = null; - if (req.method === "POST") { - reqParams = req.body; - } else { - reqParams = req.query; - } - - // clear body and query to prevent wsapi handlers from accessing - // un-validated input parameters - req.body = {}; - req.query = {}; - req.params = {}; - - // now validate - try { - // allow csrf through - if (reqParams.csrf) { - req.params.csrf = reqParams.csrf; - delete reqParams.csrf; - } - - Object.keys(params).forEach(function(p) { - if (params[p].required && !reqParams.hasOwnProperty(p)) throw "missing required parameter: '" + p + "'"; - if (reqParams[p] === undefined) return; - - // validate - try { - types[params[p].type](reqParams[p]); - } catch (e) { - throw p + ": " + e.toString(); - } - req.params[p] = reqParams[p]; - delete reqParams[p]; - }); - - // if there are any keys left in reqParams, they're not allowable! - var extra = Object.keys(reqParams); - if (extra.length) throw "unsupported parameter: '" + extra.join("', '") + "'"; - } catch(e) { - var msg = { - success: false, - reason: e.toString() - }; - logger.warn("bad request received: " + msg.reason); - resp.statusCode = 400; - return resp.json(msg); - } - - - // this is called outside the try/catch because errors - // in the handling of the request should be caught separately - next(); - }; -}; diff --git a/server/routes.js b/server/routes.js deleted file mode 100644 index f2b1b14..0000000 --- a/server/routes.js +++ /dev/null @@ -1,240 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -const config = require('./lib/configuration'), - crypto = require('./lib/crypto'), - util = require('util'), -emailRewrite = require('./lib/email_rewrite.js'), - auth = require('./lib/auth'), - ldap = require('ldapjs'), - logger = require('./lib/logging.js').logger, - statsd = require('./lib/statsd'), - throttle = require('./lib/throttle'), - secLog = require('./lib/security_logging'), - url = require('url'); - -// apply X-Content-Security-Policy headers to HTML resources served -function applyContentSecurityPolicy(res) { - ['X-Content-Security-Policy','Content-Security-Policy'].forEach(function(header) { - res.setHeader(header, - util.format("default-src 'self' %s", - config.get('browserid_server'))); - }); -} - -exports.routes = function () { - return { - well_known_browserid: function (req, resp) { - var pk = crypto.pubKey; - resp.setHeader('Content-Type', 'application/json'); - resp.setHeader('Cache-Control', 'max-age=5, public'); - resp.render('well_known_browserid', { - public_key: pk, - layout: false - }); - }, - provision: function (req, resp) { - statsd.increment('provision.attempt'); - applyContentSecurityPolicy(resp); - // This cookie tests 3rd party Cookie blocking - req.session.question = "Are you the Keymaster?"; - resp.render('provision', { - user: req.session.email, - browserid_server: config.get('browserid_server'), - layout: false - }); - }, - signin: function (req, resp) { - if (! req.session.question) { - statsd.increment('auth.3rd_party_cookies_fail'); - return resp.render('3rd_party_cookies', - { title: req.gettext("Sign In") }); - } - - statsd.increment('auth.attempt'); - var email = (req.query ? req.query.email : null); - if (email) email = emailRewrite(email); - - // prevent framing of authentication page. - resp.setHeader('X-Frame-Options', 'DENY'); - applyContentSecurityPolicy(resp); - resp.render('signin', { - title: req.gettext("Sign In"), - email: email - }); - }, - - welcome: function (req, resp) { - resp.setHeader('X-Frame-Options', 'DENY'); - applyContentSecurityPolicy(resp); - resp.render('welcome', { - title: req.gettext("The Mozilla Identity Provider") - }); - }, - - handle404: function (req, resp) { - resp.setHeader('X-Frame-Options', 'DENY'); - applyContentSecurityPolicy(resp); - resp.render('404', { - title: req.gettext("No Content Found"), - status: 404 - }); - }, - - // API end points - provision_key: function (req, resp) { - // check that there is an authenticated user - if (!req.session || !req.session.email) { - return resp.send('No Session', 401); - } - // check that required arguments are supplied - if (!req.params.pubkey || !req.params.user) { - return resp.send(400); - } - - // check that the user is authenticated as the target user - auth.userMayUseEmail({ - user: req.session.email, - email: emailRewrite(req.params.user).toLowerCase() - }, function(err, userData) { - if (err) { - logger.warn("cannot provision user:", err); - statsd.increment('provision.failure'); - return resp.send(401); - } - - // if the user has changed their password since the last - // provision then force them to log in again - if (userData.pwdChangedTime !== req.session.pwdChangedTime) { - statsd.increment('provision.pwdChangedTime mismatch'); - req.session.reset(); - return resp.send('Password Changed. Reauthentication required.', 401); - } - - crypto.cert_key( - req.params.pubkey, - req.params.user, - config.get('certificate_validity_s'), - function(err, cert) { - if (err) { - resp.writeHead(500); - resp.end(); - } else { - // successful provisioning - statsd.increment('provision.success'); - resp.json({ cert: cert }); - } - }); - }); - }, - - check_signin: function (req, resp) { - var mozillaUser = ""; - if (req.params.user) { - mozillaUser = emailRewrite(req.params.user).toLowerCase(); - } - - if (!req.params.user || !req.params.pass) { - resp.writeHead(400); - return resp.end(); - } else { - auth.canonicalAddress({ email: mozillaUser }, function(err, mozillaUser) { - if (err) { - resp.json({ - success: false, - reason: 'email not found' - }, 401); - return; - } - - throttle.check(mozillaUser, function(err) { - if (err) { - // Send an event to the security log for every authentication - // attempt to a throttle account. - secLog.warn({ - signature: 'AUTH_LOCKOUT', - name: "attempted login to a throttled account", - extensions: { - suser: mozillaUser - } - }); - statsd.increment('auth.throttle'); - // as per security guidelines, account throttling should - // be indistiguishable from wrong password. This is a - // usability loss in the name of security - // https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines - resp.json({ - success: false, - reason: 'email or password incorrect' - }, 401); - return; - } - auth.authUser({ - email: mozillaUser, - pass: req.params.pass - }, function (err, userData) { - if (err || userData === false) { - // if this is a password failure, note it in our password - // throttling - if (err && err.name === 'InvalidCredentialsError') { - throttle.failed(mozillaUser); - } - resp.json({ - success: false, - reason: 'email or password incorrect' - }, 401); - } else { - // upon successful authentication, clear any throttling - // for this user - throttle.clear(mozillaUser); - - req.session.email = mozillaUser; - req.session.pwdChangedTime = userData.pwdChangedTime; - - resp.send({ success: true }, 200); - statsd.increment('auth.success'); - } - }); - }); - }); - } - }, - - session_context: function(req, res) { - res.json({ - csrf: req.session._csrf - }, 200); - }, - - // Monitoring End points - - // the ELB (elastic load balancer) check is just to make - // sure that node returns a response - elb_check: function(req, res) { - res.setHeader('Content-Type', 'text/plain'); - res.send("OK"); - }, - - // checks that we can bind against the LDAP server - // this check is for our global load balancers so they - // can add / remove regions if LDAP connectivity drops - checkStatus: function(req, res) { - auth.checkBindAuth({}, function(err) { - res.setHeader('Content-Type', 'text/plain'); - if (err) { - statsd.increment('healthcheck.error'); - // try message, no? has name? no ... "unknown" - var output = "Error: " + err.name; - res.send(output, 503); - } else { - statsd.increment('healthcheck.ok'); - res.send('OK'); - } - }); - }, - - // QA Only URLs - signout: function (req, resp) { req.session.reset(); resp.redirect('/'); } - }; -}; diff --git a/server/views/3rd_party_cookies.ejs b/server/views/3rd_party_cookies.ejs deleted file mode 100644 index 0cad36d..0000000 --- a/server/views/3rd_party_cookies.ejs +++ /dev/null @@ -1,12 +0,0 @@ -
- <%= gettext(" /> -
- \ No newline at end of file diff --git a/server/views/404.ejs b/server/views/404.ejs deleted file mode 100644 index 2fcdc38..0000000 --- a/server/views/404.ejs +++ /dev/null @@ -1,8 +0,0 @@ -
- <%= gettext(" /> -
- diff --git a/server/views/layout.ejs b/server/views/layout.ejs deleted file mode 100644 index 24bd6a8..0000000 --- a/server/views/layout.ejs +++ /dev/null @@ -1,17 +0,0 @@ - - - - - <%= title %> - - - - - - - <%- body %> - - - - - diff --git a/server/views/provision.ejs b/server/views/provision.ejs deleted file mode 100644 index 2387ad4..0000000 --- a/server/views/provision.ejs +++ /dev/null @@ -1,13 +0,0 @@ - - - - - provisioning - - - - - - - - diff --git a/server/views/signin.ejs b/server/views/signin.ejs deleted file mode 100644 index 657bd9d..0000000 --- a/server/views/signin.ejs +++ /dev/null @@ -1,35 +0,0 @@ -
- <%= gettext(" /> -
- - -
- -
-
- diff --git a/server/views/welcome.ejs b/server/views/welcome.ejs deleted file mode 100644 index c690447..0000000 --- a/server/views/welcome.ejs +++ /dev/null @@ -1,11 +0,0 @@ -
- <%= gettext(" /> -
-
-

<%= gettext("The Mozilla Identity Provider") %>: - <%= gettext("Better LDAP authentication for Mozilla employees since 2013.") %> -

-

- <%- gettext('To use this, log in with your Mozilla email address anywhere Persona is supported.') %> -

-
diff --git a/server/views/well_known_browserid.ejs b/server/views/well_known_browserid.ejs deleted file mode 100644 index 8bf280e..0000000 --- a/server/views/well_known_browserid.ejs +++ /dev/null @@ -1,5 +0,0 @@ -{ - "public-key": <%- public_key %>, - "authentication": "/sign_in", - "provisioning": "/provision" -} diff --git a/static/css/404.css b/static/css/404.css deleted file mode 100644 index d856360..0000000 --- a/static/css/404.css +++ /dev/null @@ -1,189 +0,0 @@ -html, -body, -div, -span, -applet, -object, -iframe, -h1, -h2, -h3, -h4, -h5, -h6, -p, -blockquote, -pre, -a, -abbr, -acronym, -address, -big, -cite, -code, -del, -dfn, -em, -img, -ins, -kbd, -q, -s, -samp, -small, -strike, -strong, -tt, -var, -center, -dl, -dt, -dd, -ol, -ul, -li, -fieldset, -form, -label, -legend, -table, -caption, -tbody, -tfoot, -thead, -tr, -th, -td, -article, -aside, -canvas, -details, -embed, -figure, -figcaption, -footer, -header, -hgroup, -menu, -nav, -output, -ruby, -section, -summary, -time, -mark, -audio, -video { - margin: 0; - padding: 0; - border: 0; - outline: 0; - vertical-align: baseline; - background: transparent; - font-weight: inherit; - font-style: inherit; - font-size: 100%; - font-family: inherit; -} -article, -aside, -details, -figcaption, -figure, -footer, -header, -hgroup, -menu, -nav, -section { - display: block; -} -body { - position: relative; -} -.outer { - float: left; - clear: both; - position: relative; - left: 50%; -} -.inner { - position: relative; - left: -50%; -} -html { - margin: 0; - padding: 0; -} -body { - margin: 0; - padding: 0; - font-family: helvetica, arial, verdana, sans-serif; - text-rendering: optimizeLegibility; -} -.floatClear { - float: left; - clear: both; -} -img { - border: 0; -} -ul { - list-style-type: none; -} -.clearfix { - zoom: 1; -} -.clearfix:after { - content: "."; - display: block; - height: 0; - clear: both; - visibility: hidden; -} -#p404 { - color: #FFF; - background-color: #021D48; - line-height: 1.5; - font-family: Times; -} -#p404 div { - width: 1000px; - margin: auto; - margin-top: 15%; - border: solid 1px white; -} -#p404 div img { - width: 573px; - float: left; -} -#p404 div div { - display: table-cell; - vertical-align: middle; - width: 398px; - margin: 0 auto; - margin-left: 537px; - height: 300px; - border: none; - vertical-align: bottom; - text-align: center; -} -#p404 div div blockquote { - width: 358px; - display: block; - font-size: 32px; - margin: 10 auto; -} -#p404 div div blockquote em { - font-style: italic; -} -#p404 div div blockquote, -#p404 div div p { - padding-left: 38px; -} -#p404 div div p { - margin-top: 10px; -} -#p404 div .clear { - clear: both; -} diff --git a/static/css/stylo.css b/static/css/stylo.css deleted file mode 100644 index 1d49142..0000000 --- a/static/css/stylo.css +++ /dev/null @@ -1,552 +0,0 @@ -html, -body, -div, -span, -applet, -object, -iframe, -h1, -h2, -h3, -h4, -h5, -h6, -p, -blockquote, -pre, -a, -abbr, -acronym, -address, -big, -cite, -code, -del, -dfn, -em, -img, -ins, -kbd, -q, -s, -samp, -small, -strike, -strong, -tt, -var, -center, -dl, -dt, -dd, -ol, -ul, -li, -fieldset, -form, -label, -legend, -table, -caption, -tbody, -tfoot, -thead, -tr, -th, -td, -article, -aside, -canvas, -details, -embed, -figure, -figcaption, -footer, -header, -hgroup, -menu, -nav, -output, -ruby, -section, -summary, -time, -mark, -audio, -video { - margin: 0; - padding: 0; - border: 0; - outline: 0; - vertical-align: baseline; - background: transparent; - font-weight: inherit; - font-style: inherit; - font-size: 100%; - font-family: inherit; -} -article, -aside, -details, -figcaption, -figure, -footer, -header, -hgroup, -menu, -nav, -section { - display: block; -} - -* { - -webkit-box-sizing: border-box; - -moz-box-sizing: border-box; - -o-box-sizing: border-box; - box-sizing: border-box; -} - -.outer { - float: left; - clear: both; - position: relative; - left: 50%; -} -.inner { - position: relative; - left: -50%; -} - -body { - font-family: 'Open Sans', 'sans-serif', 'serif'; - text-rendering: optimizeLegibility; - line-height: 1.5; - position: relative; -} - -.floatClear { - float: left; - clear: both; -} -img { - border: 0; -} -ul { - list-style-type: none; -} -.clearfix { - zoom: 1; -} -.clearfix:after { - content: "."; - display: block; - height: 0; - clear: both; - visibility: hidden; -} -/* === Layout === */ -body { - line-height: 1.5; -} -div.title { - width: 200px; - margin: 0 auto; -} -.signin-panel { - border: solid 0px #ff0000; - width: 325px; - margin: 0 auto; - padding: 40px 20px; -} -.left-col { - clear: left; - text-align: right; -} -html[dir=rtl] .left-col { - clear: right; - text-align: left; -} -.left-col { - border: solid 0px #0000ff; - min-width: 113px; - max-width: 173px; - min-height: 1px; - overflow: hidden; - float: left; -} -html[dir=rtl] .left-col, -html[dir=rtl] .right-col, -html[dir=rtl] .center-col { - float: right; -} -.prompt { - text-align: center; - margin-bottom: 1em; - font-size: 1.1em; - font-weight: 300; -} -.center-col { - width: 200px; - margin: auto; - margin-top: .5em; -} -.center-col.last { - margin-top: 1em; - position: relative; -} -.clear { - clear: both; -} -button { - font-size: .8em; - font-weight: bold; - padding: .3em 1.8em .4em; - margin: 0; - display: inline-block; - -moz-border-radius: .25em; - border-radius: .25em; - box-shadow: 0 1px 0 0 rgba(0,0,0,0.2),inset 0 -1px 0 0 rgba(0,0,0,0.3); - background-color: #43a6e2; - background-color: #277ac1; - background-repeat: repeat-x; - background-image: -khtml-gradient(linear,left top,left bottom,from(#43a6e2),to(#277ac1)); - background-image: -moz-linear-gradient(#43a6e2,#277ac1); - background-image: -ms-linear-gradient(#43a6e2,#277ac1); - background-image: -webkit-gradient(linear,left top,left bottom,color-stop(0%,#43a6e2),color-stop(100%,#277ac1)); - background-image: -webkit-linear-gradient(#43a6e2,#277ac1); - background-image: -o-linear-gradient(#43a6e2,#277ac1); - -ms-filter: "progid:DXImageTransform.Microsoft.gradient(startColorstr='#43a6e2', endColorstr='#277ac1', GradientType=0)"; - background-image: linear-gradient(#43a6e2,#277ac1); - color: #fff; - border: 0; - text-shadow: 0 1px 0 rgba(0,0,0,0.25); - cursor: pointer; - float: left; -} - -button:hover, -button:focus, -.button:hover, -.button:focus { - box-shadow: inset 0 -1px 0 rgba(0, 0, 0, 0.3), 0 1px 0 rgba(0, 0, 0, 0.2), 0 2px 0 rgba(0, 0, 0, 0.1); - - background-color: #4aafe5; - background-image: -webkit-gradient(linear, left top, left bottom, from(#4aafe5), to(#2c89c8)); - background-image: -webkit-linear-gradient(top, #4aafe5, #2c89c8); - background-image: -moz-linear-gradient(top, #4aafe5, #2c89c8); - background-image: -ms-linear-gradient(top, #4aafe5, #2c89c8); - background-image: -o-linear-gradient(top, #4aafe5, #2c89c8); - background-image: linear-gradient(top, #4aafe5, #2c89c8); -} - -button:focus, -.button:focus { - box-shadow: 0 0 1px #fff, 0 0 1px 3px #49ADE3; - box-shadow: 0 0 1px rgba(255, 255, 255, 0.5), 0 0 1px 3px rgba(73, 173, 227, 0.6); -} - -button:active, -.button:active { - background-color: #184a73; - background-image: -webkit-gradient(linear, left top, left bottom, from(#184a73), to(#276084)); - background-image: -webkit-linear-gradient(top, #184a73, #276084); - background-image: -moz-linear-gradient(top, #184a73, #276084); - background-image: -ms-linear-gradient(top, #184a73, #276084); - background-image: -o-linear-gradient(top, #184a73, #276084); - background-image: linear-gradient(top, #184a73, #276084); - color: #97b6ca; - text-shadow: 0 1px rgba(0,0,0,0.4); - box-shadow: inset 0 2px 1px rgba(0,0,0,0.3); -} - -button::-moz-focus-inner, .button::-moz-focus-inner { - padding: 0; - border: 0 -} - -button.cancel { - float: right; - background-color: #d94f30; - background-image: -webkit-gradient(linear, left top, left bottom, from(#d94f30), to(#ad1804)); - background-image: -webkit-linear-gradient(top, #d94f30, #ad1804); - background-image: -moz-linear-gradient(top, #d94f30, #ad1804); - background-image: -ms-linear-gradient(top, #d94f30, #ad1804); - background-image: -o-linear-gradient(top, #d94f30, #ad1804); - background-image: linear-gradient(top, #d94f30, #ad1804); - filter: "progid:DXImageTransform.Microsoft.gradient(startColorstr=#d93f30, endColorstr=#ad1804)"; - -ms-filter: "progid:DXImageTransform.Microsoft.gradient(startColorstr=#d93f30, endColorstr=#ad1804)"; -} - -button.cancel:hover, -button.cancel:focus { - background-color: #e3653f; - background-image: -webkit-gradient(linear, left top, left bottom, from(#e3653f), to(#c01c03)); - background-image: -webkit-linear-gradient(top, #e3653f, #c01c03); - background-image: -moz-linear-gradient(top, #e3653f, #c01c03); - background-image: -ms-linear-gradient(top, #e3653f, #c01c03); - background-image: -o-linear-gradient(top, #e3653f, #c01c03); - background-image: linear-gradient(top, #e3653f, #c01c03); -} - -button.cancel:active, -.button.cancel:active { - box-shadow: 0 0 5px #333 inset; - color: #cfa391; - - background-color: #83311e; - background-image: -webkit-gradient(linear, left top, left bottom, from(#83311e), to(#670d01)); - background-image: -webkit-linear-gradient(top, #83311e, #670d01); - background-image: -moz-linear-gradient(top, #83311e, #670d01); - background-image: -ms-linear-gradient(top, #83311e, #670d01); - background-image: -o-linear-gradient(top, #83311e, #670d01); - background-image: linear-gradient(top, #83311e, #670d01); -} - - -/* === Basic Style === */ -html { - height: 100%; -} - -body { - font-family: 'Open Sans', 'sans-serif', 'serif'; - background-image: linear-gradient(bottom, rgb(62,72,79) 39%, rgb(91,104,112) 70%); - background-image: -o-linear-gradient(bottom, rgb(62,72,79) 39%, rgb(91,104,112) 70%); - background-image: -moz-linear-gradient(bottom, rgb(62,72,79) 39%, rgb(91,104,112) 70%); - background-image: -webkit-linear-gradient(bottom, rgb(62,72,79) 39%, rgb(91,104,112) 70%); - background-image: -ms-linear-gradient(bottom, rgb(62,72,79) 39%, rgb(91,104,112) 70%); - - background-image: -webkit-gradient( - linear, - left bottom, - left top, - color-stop(0.39, rgb(62,72,79)), - color-stop(0.7, rgb(91,104,112)) - ); - background-color: #4D4E53; - background-repeat: no-repeat; - overflow-y: auto; - color: #ccc; -} - -a { - color: #ddd; - text-decoration: none; - border-bottom:1px dashed; -} - -.overview { - max-width: 600px; - margin: auto; - font-size: 1.2em; - text-align: center; -} -.overview p { - margin-top: 1em; -} - -strong { - font-weight: bold; -} - -em { - font-style: italic; -} - -.signin-panel { - color: #555; - background-color: #FFF; - -moz-border-radius: 5px; - -webkit-border-radius: 5px; - border-radius: 5px; - -moz-box-shadow: 2px 2px 6px rgba(0, 0, 0, 0.25), 3px 3px 60px rgba(0, 0, 0, 0.25), 5px 2px 16px rgba(0, 0, 0, 0.25); - -webkit-box-shadow: 2px 2px 6px rgba(0, 0, 0, 0.25), 3px 3px 60px rgba(0, 0, 0, 0.25), 5px 2px 16px rgba(0, 0, 0, 0.25); - box-shadow: 2px 2px 6px rgba(0, 0, 0, 0.25), 3px 3px 60px rgba(0, 0, 0, 0.25), 5px 2px 16px rgba(0, 0, 0, 0.25); - background: #f7f7f7; - background-image: -moz-linear-gradient(top, #ffffff, #ffffff 40%, #eeeeee); - background-image: -webkit-gradient(linear, left top, left bottom, from(#ffffff), color-stop(0.4, #ffffff), to(#eeeeee)); - background-image: -webkit-linear-gradient(top, from(#ffffff), color-stop(0.4, #ffffff), to(#eeeeee)); - background-image: -o-linear-gradient(top, #ffffff 0%, #ffffff 40%, #eeeeee 100%); - filter: "progid:DXImageTransform.Microsoft.gradient(startColorstr=#ffffff, endColorstr=#eeeeee)"; - -ms-filter: "progid:DXImageTransform.Microsoft.gradient(startColorstr=#ffffff, endColorstr=#eeeeee)"; - background-image: linear-gradient(top, #ffffff 0%, #ffffff 40%, #eeeeee 100%); -} - -label { - font-family: Arial; -} - -.hidden { - /* This funkiness is so that labels still appear for screen readers */ - height: 0; - visibility: hidden; - display: block; -} -.logo { - padding-top: 10px; -} -/* === Heading === */ -h1 { - font-size: 1.5em; - margin-bottom: -0.3em; -} -/* === Labels === */ -label { - font-weight: bold; -} -/* === Inputs === */ -input { - width: 100%; - border: 1px solid #666; - padding: .4em .5em; - -moz-border-radius: .3em; - border-radius: .3em; - font-size: .8em; - border-color: #b2b2b2; - color: #383838; -} - -input:focus { - border: 1px solid #0096dc; - box-shadow: 0 0 5px 0 #0096dc; -} - -input[type=password]:focus { - color: #2d79c1; -} - -input:disabled { - background-color: #fff; -} - -.tooltip { - color: #fff; - font-size: 0.8em; - font-weight: bold; - text-shadow: 0 1px #333; - line-height: 16px; - background-color: #aa1401; - background-image: -webkit-gradient(linear, left top, left bottom, from(rgba(218, 81, 50, 0.9)), to(rgba(169, 19, 0, 1))); - background-image: -webkit-linear-gradient(top, rgba(218, 81, 50, 0.9), rgba(169, 19, 0, 1)); - background-image: -moz-linear-gradient(top, rgba(218, 81, 50, 0.9), rgba(169, 19, 0, 1)); - background-image: -ms-linear-gradient(top, rgba(218, 81, 50, 0.9), rgba(169, 19, 0, 1)); - background-image: -o-linear-gradient(top, rgba(218, 81, 50, 0.9), rgba(169, 19, 0, 1)); - background-image: linear-gradient(top, rgba(218, 81, 50, 0.9), rgba(169, 19, 0, 1)); - border-radius: 4px; - padding: 10px 15px; - box-shadow: 0 1px #666; - - display: none; - max-width: 275px; - position: absolute; - top: 10px; - left: 10px; - z-index: 5; -} - -.tooltip .arrow-down { - /* This is an awesome CSS only arrow! */ - width: 0; - height: 0; - border-left: 10px solid transparent; - border-right: 10px solid transparent; - border-top: 10px solid #aa1401; - border-top: 10px solid rgba(169, 19, 0, 1); - position: absolute; - bottom: -10px; - left: 20px; -} - - -/* === Hey brother */ -@media only screen and (max-width: 345px) { - body { - max-width: 100%; - } - img { - max-width: 100%; - } - .signin-panel { - border: solid 0px #ff0000; - margin: 0 auto; - width: 95%; - padding: 20px; - } - html[dir=rtl] .signin-panel { - margin-left: 1em; - } - .right-col { - width: 1em; - } - .left-col { - clear: auto; - text-align: left; - padding-left: 20px; - } - html[dir=rtl] .left-col { - clear: none; - text-align: right; - padding-right: 20px; - } - .left-col, - .right-col { - border: solid 0px #0000ff; - min-width: 400px; - max-width: 400px; - min-height: 1px; - overflow: hidden; - float: none; - } - html[dir=rtl] .left-col, - html[dir=rtl] .right-col, - html[dir=rtl] .center-col { - float: none; - } - .center-col { - border: auto; - width: 100%; - float: none; - margin-top: 15px; - } - - button { - height: 40px; - font-size: 14px; - } - - input { - padding: 9px 5px; - } -} - -@media only screen and (max-width: 275px) { - /** - * At this width, the buttons start to overlay each other. Put them each on - * their own line and let them expand to the full width. - */ - button, button.cancel { - float: none; - width: 100%; - } - - button.cancel { - margin-top: 15px; - } - - /** - * Give a little border to make the buttons look more balanced - */ - .center-col.last { - border-top: 1px dashed #ddd; - padding-top: 15px; - } - -} - -.error { - margin-top: 10px; -} - -.error a { - color: #000; -} \ No newline at end of file diff --git a/static/dnt-policy.txt b/static/dnt-policy.txt deleted file mode 100644 index 43a389f..0000000 --- a/static/dnt-policy.txt +++ /dev/null @@ -1,15 +0,0 @@ -PRELIMINARY DNT POLICY - -This domain interprets DNT as a request for an opt out of collection and -retention of visitors' reading habits, which we will respect, subject to -reasonable exceptions that respect user privacy. - -This is a temporary document. A full DNT Policy is being drafted at -https://eff.org/dnt-policy . When that document is finished, this domain may -decide to adopt it. - -You can agree to this same policy by posting it at -https://subdomain.example.com/.well-known/dnt-policy.txt, where "subdomain" is -any domain to which the policy applies. Commonly it will be posted on third -party domains. HTTPS is required. - diff --git a/static/i/mozilla-wordmark-200.png b/static/i/mozilla-wordmark-200.png deleted file mode 100644 index f155d3b..0000000 Binary files a/static/i/mozilla-wordmark-200.png and /dev/null differ diff --git a/static/i/mozilla200x50.png b/static/i/mozilla200x50.png deleted file mode 100644 index 43d5284..0000000 Binary files a/static/i/mozilla200x50.png and /dev/null differ diff --git a/static/i/mozilla200x50_purple.png b/static/i/mozilla200x50_purple.png deleted file mode 100644 index 4f8da23..0000000 Binary files a/static/i/mozilla200x50_purple.png and /dev/null differ diff --git a/static/i/mozilla200x50_red.png b/static/i/mozilla200x50_red.png deleted file mode 100644 index 1a870bc..0000000 Binary files a/static/i/mozilla200x50_red.png and /dev/null differ diff --git a/static/i/mozilla_corp.jpeg b/static/i/mozilla_corp.jpeg deleted file mode 100644 index 3912520..0000000 Binary files a/static/i/mozilla_corp.jpeg and /dev/null differ diff --git a/static/i/vinz_clortho_crop.jpg b/static/i/vinz_clortho_crop.jpg deleted file mode 100644 index 9d7dd4f..0000000 Binary files a/static/i/vinz_clortho_crop.jpg and /dev/null differ diff --git a/static/js/lib/jquery.min.js b/static/js/lib/jquery.min.js deleted file mode 100644 index 01c6881..0000000 --- a/static/js/lib/jquery.min.js +++ /dev/null @@ -1,6 +0,0 @@ -/*! jQuery v1.10.0 | (c) 2005, 2013 jQuery Foundation, Inc. | jquery.org/license -//@ sourceMappingURL=jquery-1.10.0.min.map -*/ -(function(e,t){var n,r,i=typeof t,o=e.location,a=e.document,s=a.documentElement,l=e.jQuery,u=e.$,c={},p=[],f="1.10.0",d=p.concat,h=p.push,g=p.slice,m=p.indexOf,y=c.toString,v=c.hasOwnProperty,b=f.trim,x=function(e,t){return new x.fn.init(e,t,r)},w=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,T=/\S+/g,C=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,N=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/,k=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,E=/^[\],:{}\s]*$/,S=/(?:^|:|,)(?:\s*\[)+/g,A=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,j=/"[^"\\\r\n]*"|true|false|null|-?(?:\d+\.|)\d+(?:[eE][+-]?\d+|)/g,D=/^-ms-/,L=/-([\da-z])/gi,H=function(e,t){return t.toUpperCase()},q=function(e){(a.addEventListener||"load"===e.type||"complete"===a.readyState)&&(_(),x.ready())},_=function(){a.addEventListener?(a.removeEventListener("DOMContentLoaded",q,!1),e.removeEventListener("load",q,!1)):(a.detachEvent("onreadystatechange",q),e.detachEvent("onload",q))};x.fn=x.prototype={jquery:f,constructor:x,init:function(e,n,r){var i,o;if(!e)return this;if("string"==typeof e){if(i="<"===e.charAt(0)&&">"===e.charAt(e.length-1)&&e.length>=3?[null,e,null]:N.exec(e),!i||!i[1]&&n)return!n||n.jquery?(n||r).find(e):this.constructor(n).find(e);if(i[1]){if(n=n instanceof x?n[0]:n,x.merge(this,x.parseHTML(i[1],n&&n.nodeType?n.ownerDocument||n:a,!0)),k.test(i[1])&&x.isPlainObject(n))for(i in n)x.isFunction(this[i])?this[i](n[i]):this.attr(i,n[i]);return this}if(o=a.getElementById(i[2]),o&&o.parentNode){if(o.id!==i[2])return r.find(e);this.length=1,this[0]=o}return this.context=a,this.selector=e,this}return e.nodeType?(this.context=this[0]=e,this.length=1,this):x.isFunction(e)?r.ready(e):(e.selector!==t&&(this.selector=e.selector,this.context=e.context),x.makeArray(e,this))},selector:"",length:0,toArray:function(){return g.call(this)},get:function(e){return null==e?this.toArray():0>e?this[this.length+e]:this[e]},pushStack:function(e){var t=x.merge(this.constructor(),e);return t.prevObject=this,t.context=this.context,t},each:function(e,t){return x.each(this,e,t)},ready:function(e){return x.ready.promise().done(e),this},slice:function(){return this.pushStack(g.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n=+e+(0>e?t:0);return this.pushStack(n>=0&&t>n?[this[n]]:[])},map:function(e){return this.pushStack(x.map(this,function(t,n){return e.call(t,n,t)}))},end:function(){return this.prevObject||this.constructor(null)},push:h,sort:[].sort,splice:[].splice},x.fn.init.prototype=x.fn,x.extend=x.fn.extend=function(){var e,n,r,i,o,a,s=arguments[0]||{},l=1,u=arguments.length,c=!1;for("boolean"==typeof s&&(c=s,s=arguments[1]||{},l=2),"object"==typeof s||x.isFunction(s)||(s={}),u===l&&(s=this,--l);u>l;l++)if(null!=(o=arguments[l]))for(i in o)e=s[i],r=o[i],s!==r&&(c&&r&&(x.isPlainObject(r)||(n=x.isArray(r)))?(n?(n=!1,a=e&&x.isArray(e)?e:[]):a=e&&x.isPlainObject(e)?e:{},s[i]=x.extend(c,a,r)):r!==t&&(s[i]=r));return s},x.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),noConflict:function(t){return e.$===x&&(e.$=u),t&&e.jQuery===x&&(e.jQuery=l),x},isReady:!1,readyWait:1,holdReady:function(e){e?x.readyWait++:x.ready(!0)},ready:function(e){if(e===!0?!--x.readyWait:!x.isReady){if(!a.body)return setTimeout(x.ready);x.isReady=!0,e!==!0&&--x.readyWait>0||(n.resolveWith(a,[x]),x.fn.trigger&&x(a).trigger("ready").off("ready"))}},isFunction:function(e){return"function"===x.type(e)},isArray:Array.isArray||function(e){return"array"===x.type(e)},isWindow:function(e){return null!=e&&e==e.window},isNumeric:function(e){return!isNaN(parseFloat(e))&&isFinite(e)},type:function(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?c[y.call(e)]||"object":typeof e},isPlainObject:function(e){var n;if(!e||"object"!==x.type(e)||e.nodeType||x.isWindow(e))return!1;try{if(e.constructor&&!v.call(e,"constructor")&&!v.call(e.constructor.prototype,"isPrototypeOf"))return!1}catch(r){return!1}if(x.support.ownLast)for(n in e)return v.call(e,n);for(n in e);return n===t||v.call(e,n)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},error:function(e){throw Error(e)},parseHTML:function(e,t,n){if(!e||"string"!=typeof e)return null;"boolean"==typeof t&&(n=t,t=!1),t=t||a;var r=k.exec(e),i=!n&&[];return r?[t.createElement(r[1])]:(r=x.buildFragment([e],t,i),i&&x(i).remove(),x.merge([],r.childNodes))},parseJSON:function(n){return e.JSON&&e.JSON.parse?e.JSON.parse(n):null===n?n:"string"==typeof n&&(n=x.trim(n),n&&E.test(n.replace(A,"@").replace(j,"]").replace(S,"")))?Function("return "+n)():(x.error("Invalid JSON: "+n),t)},parseXML:function(n){var r,i;if(!n||"string"!=typeof n)return null;try{e.DOMParser?(i=new DOMParser,r=i.parseFromString(n,"text/xml")):(r=new ActiveXObject("Microsoft.XMLDOM"),r.async="false",r.loadXML(n))}catch(o){r=t}return r&&r.documentElement&&!r.getElementsByTagName("parsererror").length||x.error("Invalid XML: "+n),r},noop:function(){},globalEval:function(t){t&&x.trim(t)&&(e.execScript||function(t){e.eval.call(e,t)})(t)},camelCase:function(e){return e.replace(D,"ms-").replace(L,H)},nodeName:function(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()},each:function(e,t,n){var r,i=0,o=e.length,a=M(e);if(n){if(a){for(;o>i;i++)if(r=t.apply(e[i],n),r===!1)break}else for(i in e)if(r=t.apply(e[i],n),r===!1)break}else if(a){for(;o>i;i++)if(r=t.call(e[i],i,e[i]),r===!1)break}else for(i in e)if(r=t.call(e[i],i,e[i]),r===!1)break;return e},trim:b&&!b.call("\ufeff\u00a0")?function(e){return null==e?"":b.call(e)}:function(e){return null==e?"":(e+"").replace(C,"")},makeArray:function(e,t){var n=t||[];return null!=e&&(M(Object(e))?x.merge(n,"string"==typeof e?[e]:e):h.call(n,e)),n},inArray:function(e,t,n){var r;if(t){if(m)return m.call(t,e,n);for(r=t.length,n=n?0>n?Math.max(0,r+n):n:0;r>n;n++)if(n in t&&t[n]===e)return n}return-1},merge:function(e,n){var r=n.length,i=e.length,o=0;if("number"==typeof r)for(;r>o;o++)e[i++]=n[o];else while(n[o]!==t)e[i++]=n[o++];return e.length=i,e},grep:function(e,t,n){var r,i=[],o=0,a=e.length;for(n=!!n;a>o;o++)r=!!t(e[o],o),n!==r&&i.push(e[o]);return i},map:function(e,t,n){var r,i=0,o=e.length,a=M(e),s=[];if(a)for(;o>i;i++)r=t(e[i],i,n),null!=r&&(s[s.length]=r);else for(i in e)r=t(e[i],i,n),null!=r&&(s[s.length]=r);return d.apply([],s)},guid:1,proxy:function(e,n){var r,i,o;return"string"==typeof n&&(o=e[n],n=e,e=o),x.isFunction(e)?(r=g.call(arguments,2),i=function(){return e.apply(n||this,r.concat(g.call(arguments)))},i.guid=e.guid=e.guid||x.guid++,i):t},access:function(e,n,r,i,o,a,s){var l=0,u=e.length,c=null==r;if("object"===x.type(r)){o=!0;for(l in r)x.access(e,n,l,r[l],!0,a,s)}else if(i!==t&&(o=!0,x.isFunction(i)||(s=!0),c&&(s?(n.call(e,i),n=null):(c=n,n=function(e,t,n){return c.call(x(e),n)})),n))for(;u>l;l++)n(e[l],r,s?i:i.call(e[l],l,n(e[l],r)));return o?e:c?n.call(e):u?n(e[0],r):a},now:function(){return(new Date).getTime()},swap:function(e,t,n,r){var i,o,a={};for(o in t)a[o]=e.style[o],e.style[o]=t[o];i=n.apply(e,r||[]);for(o in t)e.style[o]=a[o];return i}}),x.ready.promise=function(t){if(!n)if(n=x.Deferred(),"complete"===a.readyState)setTimeout(x.ready);else if(a.addEventListener)a.addEventListener("DOMContentLoaded",q,!1),e.addEventListener("load",q,!1);else{a.attachEvent("onreadystatechange",q),e.attachEvent("onload",q);var r=!1;try{r=null==e.frameElement&&a.documentElement}catch(i){}r&&r.doScroll&&function o(){if(!x.isReady){try{r.doScroll("left")}catch(e){return setTimeout(o,50)}_(),x.ready()}}()}return n.promise(t)},x.each("Boolean Number String Function Array Date RegExp Object Error".split(" "),function(e,t){c["[object "+t+"]"]=t.toLowerCase()});function M(e){var t=e.length,n=x.type(e);return x.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n||"function"!==n&&(0===t||"number"==typeof t&&t>0&&t-1 in e)}r=x(a),function(e,t){var n,r,i,o,a,s,l,u,c,p,f,d,h,g,m,y,v,b="sizzle"+-new Date,w=e.document,T=0,C=0,N=lt(),k=lt(),E=lt(),S=!1,A=function(){return 0},j=typeof t,D=1<<31,L={}.hasOwnProperty,H=[],q=H.pop,_=H.push,M=H.push,O=H.slice,F=H.indexOf||function(e){var t=0,n=this.length;for(;n>t;t++)if(this[t]===e)return t;return-1},B="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",P="[\\x20\\t\\r\\n\\f]",R="(?:\\\\.|[\\w-]|[^\\x00-\\xa0])+",W=R.replace("w","w#"),$="\\["+P+"*("+R+")"+P+"*(?:([*^$|!~]?=)"+P+"*(?:(['\"])((?:\\\\.|[^\\\\])*?)\\3|("+W+")|)|)"+P+"*\\]",I=":("+R+")(?:\\(((['\"])((?:\\\\.|[^\\\\])*?)\\3|((?:\\\\.|[^\\\\()[\\]]|"+$.replace(3,8)+")*)|.*)\\)|)",z=RegExp("^"+P+"+|((?:^|[^\\\\])(?:\\\\.)*)"+P+"+$","g"),X=RegExp("^"+P+"*,"+P+"*"),U=RegExp("^"+P+"*([>+~]|"+P+")"+P+"*"),V=RegExp(P+"*[+~]"),Y=RegExp("="+P+"*([^\\]'\"]*)"+P+"*\\]","g"),J=RegExp(I),G=RegExp("^"+W+"$"),Q={ID:RegExp("^#("+R+")"),CLASS:RegExp("^\\.("+R+")"),TAG:RegExp("^("+R.replace("w","w*")+")"),ATTR:RegExp("^"+$),PSEUDO:RegExp("^"+I),CHILD:RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+P+"*(even|odd|(([+-]|)(\\d*)n|)"+P+"*(?:([+-]|)"+P+"*(\\d+)|))"+P+"*\\)|)","i"),bool:RegExp("^(?:"+B+")$","i"),needsContext:RegExp("^"+P+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+P+"*((?:-\\d)?\\d*)"+P+"*\\)|)(?=[^-]|$)","i")},K=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,et=/^(?:input|select|textarea|button)$/i,tt=/^h\d$/i,nt=/'|\\/g,rt=RegExp("\\\\([\\da-f]{1,6}"+P+"?|("+P+")|.)","ig"),it=function(e,t,n){var r="0x"+t-65536;return r!==r||n?t:0>r?String.fromCharCode(r+65536):String.fromCharCode(55296|r>>10,56320|1023&r)};try{M.apply(H=O.call(w.childNodes),w.childNodes),H[w.childNodes.length].nodeType}catch(ot){M={apply:H.length?function(e,t){_.apply(e,O.call(t))}:function(e,t){var n=e.length,r=0;while(e[n++]=t[r++]);e.length=n-1}}}function at(e,t,n,i){var o,a,s,l,u,c,d,m,y,x;if((t?t.ownerDocument||t:w)!==f&&p(t),t=t||f,n=n||[],!e||"string"!=typeof e)return n;if(1!==(l=t.nodeType)&&9!==l)return[];if(h&&!i){if(o=Z.exec(e))if(s=o[1]){if(9===l){if(a=t.getElementById(s),!a||!a.parentNode)return n;if(a.id===s)return n.push(a),n}else if(t.ownerDocument&&(a=t.ownerDocument.getElementById(s))&&v(t,a)&&a.id===s)return n.push(a),n}else{if(o[2])return M.apply(n,t.getElementsByTagName(e)),n;if((s=o[3])&&r.getElementsByClassName&&t.getElementsByClassName)return M.apply(n,t.getElementsByClassName(s)),n}if(r.qsa&&(!g||!g.test(e))){if(m=d=b,y=t,x=9===l&&e,1===l&&"object"!==t.nodeName.toLowerCase()){c=bt(e),(d=t.getAttribute("id"))?m=d.replace(nt,"\\$&"):t.setAttribute("id",m),m="[id='"+m+"'] ",u=c.length;while(u--)c[u]=m+xt(c[u]);y=V.test(e)&&t.parentNode||t,x=c.join(",")}if(x)try{return M.apply(n,y.querySelectorAll(x)),n}catch(T){}finally{d||t.removeAttribute("id")}}}return At(e.replace(z,"$1"),t,n,i)}function st(e){return K.test(e+"")}function lt(){var e=[];function t(n,r){return e.push(n+=" ")>o.cacheLength&&delete t[e.shift()],t[n]=r}return t}function ut(e){return e[b]=!0,e}function ct(e){var t=f.createElement("div");try{return!!e(t)}catch(n){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function pt(e,t,n){e=e.split("|");var r,i=e.length,a=n?null:t;while(i--)(r=o.attrHandle[e[i]])&&r!==t||(o.attrHandle[e[i]]=a)}function ft(e,t){var n=e.getAttributeNode(t);return n&&n.specified?n.value:e[t]===!0?t.toLowerCase():null}function dt(e,t){return e.getAttribute(t,"type"===t.toLowerCase()?1:2)}function ht(e){return"input"===e.nodeName.toLowerCase()?e.defaultValue:t}function gt(e,t){var n=t&&e,r=n&&1===e.nodeType&&1===t.nodeType&&(~t.sourceIndex||D)-(~e.sourceIndex||D);if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function mt(e){return function(t){var n=t.nodeName.toLowerCase();return"input"===n&&t.type===e}}function yt(e){return function(t){var n=t.nodeName.toLowerCase();return("input"===n||"button"===n)&&t.type===e}}function vt(e){return ut(function(t){return t=+t,ut(function(n,r){var i,o=e([],n.length,t),a=o.length;while(a--)n[i=o[a]]&&(n[i]=!(r[i]=n[i]))})})}s=at.isXML=function(e){var t=e&&(e.ownerDocument||e).documentElement;return t?"HTML"!==t.nodeName:!1},r=at.support={},p=at.setDocument=function(e){var n=e?e.ownerDocument||e:w;return n!==f&&9===n.nodeType&&n.documentElement?(f=n,d=n.documentElement,h=!s(n),r.attributes=ct(function(e){return e.innerHTML="",pt("type|href|height|width",dt,"#"===e.firstChild.getAttribute("href")),pt(B,ft,null==e.getAttribute("disabled")),e.className="i",!e.getAttribute("className")}),r.input=ct(function(e){return e.innerHTML="",e.firstChild.setAttribute("value",""),""===e.firstChild.getAttribute("value")}),pt("value",ht,r.attributes&&r.input),r.getElementsByTagName=ct(function(e){return e.appendChild(n.createComment("")),!e.getElementsByTagName("*").length}),r.getElementsByClassName=ct(function(e){return e.innerHTML="
",e.firstChild.className="i",2===e.getElementsByClassName("i").length}),r.getById=ct(function(e){return d.appendChild(e).id=b,!n.getElementsByName||!n.getElementsByName(b).length}),r.getById?(o.find.ID=function(e,t){if(typeof t.getElementById!==j&&h){var n=t.getElementById(e);return n&&n.parentNode?[n]:[]}},o.filter.ID=function(e){var t=e.replace(rt,it);return function(e){return e.getAttribute("id")===t}}):(delete o.find.ID,o.filter.ID=function(e){var t=e.replace(rt,it);return function(e){var n=typeof e.getAttributeNode!==j&&e.getAttributeNode("id");return n&&n.value===t}}),o.find.TAG=r.getElementsByTagName?function(e,n){return typeof n.getElementsByTagName!==j?n.getElementsByTagName(e):t}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},o.find.CLASS=r.getElementsByClassName&&function(e,n){return typeof n.getElementsByClassName!==j&&h?n.getElementsByClassName(e):t},m=[],g=[],(r.qsa=st(n.querySelectorAll))&&(ct(function(e){e.innerHTML="",e.querySelectorAll("[selected]").length||g.push("\\["+P+"*(?:value|"+B+")"),e.querySelectorAll(":checked").length||g.push(":checked")}),ct(function(e){var t=n.createElement("input");t.setAttribute("type","hidden"),e.appendChild(t).setAttribute("t",""),e.querySelectorAll("[t^='']").length&&g.push("[*^$]="+P+"*(?:''|\"\")"),e.querySelectorAll(":enabled").length||g.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),g.push(",.*:")})),(r.matchesSelector=st(y=d.webkitMatchesSelector||d.mozMatchesSelector||d.oMatchesSelector||d.msMatchesSelector))&&ct(function(e){r.disconnectedMatch=y.call(e,"div"),y.call(e,"[s!='']:x"),m.push("!=",I)}),g=g.length&&RegExp(g.join("|")),m=m.length&&RegExp(m.join("|")),v=st(d.contains)||d.compareDocumentPosition?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},r.sortDetached=ct(function(e){return 1&e.compareDocumentPosition(n.createElement("div"))}),A=d.compareDocumentPosition?function(e,t){if(e===t)return S=!0,0;var i=t.compareDocumentPosition&&e.compareDocumentPosition&&e.compareDocumentPosition(t);return i?1&i||!r.sortDetached&&t.compareDocumentPosition(e)===i?e===n||v(w,e)?-1:t===n||v(w,t)?1:c?F.call(c,e)-F.call(c,t):0:4&i?-1:1:e.compareDocumentPosition?-1:1}:function(e,t){var r,i=0,o=e.parentNode,a=t.parentNode,s=[e],l=[t];if(e===t)return S=!0,0;if(!o||!a)return e===n?-1:t===n?1:o?-1:a?1:c?F.call(c,e)-F.call(c,t):0;if(o===a)return gt(e,t);r=e;while(r=r.parentNode)s.unshift(r);r=t;while(r=r.parentNode)l.unshift(r);while(s[i]===l[i])i++;return i?gt(s[i],l[i]):s[i]===w?-1:l[i]===w?1:0},n):f},at.matches=function(e,t){return at(e,null,null,t)},at.matchesSelector=function(e,t){if((e.ownerDocument||e)!==f&&p(e),t=t.replace(Y,"='$1']"),!(!r.matchesSelector||!h||m&&m.test(t)||g&&g.test(t)))try{var n=y.call(e,t);if(n||r.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(i){}return at(t,f,null,[e]).length>0},at.contains=function(e,t){return(e.ownerDocument||e)!==f&&p(e),v(e,t)},at.attr=function(e,n){(e.ownerDocument||e)!==f&&p(e);var i=o.attrHandle[n.toLowerCase()],a=i&&L.call(o.attrHandle,n.toLowerCase())?i(e,n,!h):t;return a===t?r.attributes||!h?e.getAttribute(n):(a=e.getAttributeNode(n))&&a.specified?a.value:null:a},at.error=function(e){throw Error("Syntax error, unrecognized expression: "+e)},at.uniqueSort=function(e){var t,n=[],i=0,o=0;if(S=!r.detectDuplicates,c=!r.sortStable&&e.slice(0),e.sort(A),S){while(t=e[o++])t===e[o]&&(i=n.push(o));while(i--)e.splice(n[i],1)}return e},a=at.getText=function(e){var t,n="",r=0,i=e.nodeType;if(i){if(1===i||9===i||11===i){if("string"==typeof e.textContent)return e.textContent;for(e=e.firstChild;e;e=e.nextSibling)n+=a(e)}else if(3===i||4===i)return e.nodeValue}else for(;t=e[r];r++)n+=a(t);return n},o=at.selectors={cacheLength:50,createPseudo:ut,match:Q,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(rt,it),e[3]=(e[4]||e[5]||"").replace(rt,it),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||at.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&at.error(e[0]),e},PSEUDO:function(e){var n,r=!e[5]&&e[2];return Q.CHILD.test(e[0])?null:(e[3]&&e[4]!==t?e[2]=e[4]:r&&J.test(r)&&(n=bt(r,!0))&&(n=r.indexOf(")",r.length-n)-r.length)&&(e[0]=e[0].slice(0,n),e[2]=r.slice(0,n)),e.slice(0,3))}},filter:{TAG:function(e){var t=e.replace(rt,it).toLowerCase();return"*"===e?function(){return!0}:function(e){return e.nodeName&&e.nodeName.toLowerCase()===t}},CLASS:function(e){var t=N[e+" "];return t||(t=RegExp("(^|"+P+")"+e+"("+P+"|$)"))&&N(e,function(e){return t.test("string"==typeof e.className&&e.className||typeof e.getAttribute!==j&&e.getAttribute("class")||"")})},ATTR:function(e,t,n){return function(r){var i=at.attr(r,e);return null==i?"!="===t:t?(i+="","="===t?i===n:"!="===t?i!==n:"^="===t?n&&0===i.indexOf(n):"*="===t?n&&i.indexOf(n)>-1:"$="===t?n&&i.slice(-n.length)===n:"~="===t?(" "+i+" ").indexOf(n)>-1:"|="===t?i===n||i.slice(0,n.length+1)===n+"-":!1):!0}},CHILD:function(e,t,n,r,i){var o="nth"!==e.slice(0,3),a="last"!==e.slice(-4),s="of-type"===t;return 1===r&&0===i?function(e){return!!e.parentNode}:function(t,n,l){var u,c,p,f,d,h,g=o!==a?"nextSibling":"previousSibling",m=t.parentNode,y=s&&t.nodeName.toLowerCase(),v=!l&&!s;if(m){if(o){while(g){p=t;while(p=p[g])if(s?p.nodeName.toLowerCase()===y:1===p.nodeType)return!1;h=g="only"===e&&!h&&"nextSibling"}return!0}if(h=[a?m.firstChild:m.lastChild],a&&v){c=m[b]||(m[b]={}),u=c[e]||[],d=u[0]===T&&u[1],f=u[0]===T&&u[2],p=d&&m.childNodes[d];while(p=++d&&p&&p[g]||(f=d=0)||h.pop())if(1===p.nodeType&&++f&&p===t){c[e]=[T,d,f];break}}else if(v&&(u=(t[b]||(t[b]={}))[e])&&u[0]===T)f=u[1];else while(p=++d&&p&&p[g]||(f=d=0)||h.pop())if((s?p.nodeName.toLowerCase()===y:1===p.nodeType)&&++f&&(v&&((p[b]||(p[b]={}))[e]=[T,f]),p===t))break;return f-=i,f===r||0===f%r&&f/r>=0}}},PSEUDO:function(e,t){var n,r=o.pseudos[e]||o.setFilters[e.toLowerCase()]||at.error("unsupported pseudo: "+e);return r[b]?r(t):r.length>1?(n=[e,e,"",t],o.setFilters.hasOwnProperty(e.toLowerCase())?ut(function(e,n){var i,o=r(e,t),a=o.length;while(a--)i=F.call(e,o[a]),e[i]=!(n[i]=o[a])}):function(e){return r(e,0,n)}):r}},pseudos:{not:ut(function(e){var t=[],n=[],r=l(e.replace(z,"$1"));return r[b]?ut(function(e,t,n,i){var o,a=r(e,null,i,[]),s=e.length;while(s--)(o=a[s])&&(e[s]=!(t[s]=o))}):function(e,i,o){return t[0]=e,r(t,null,o,n),!n.pop()}}),has:ut(function(e){return function(t){return at(e,t).length>0}}),contains:ut(function(e){return function(t){return(t.textContent||t.innerText||a(t)).indexOf(e)>-1}}),lang:ut(function(e){return G.test(e||"")||at.error("unsupported lang: "+e),e=e.replace(rt,it).toLowerCase(),function(t){var n;do if(n=h?t.lang:t.getAttribute("xml:lang")||t.getAttribute("lang"))return n=n.toLowerCase(),n===e||0===n.indexOf(e+"-");while((t=t.parentNode)&&1===t.nodeType);return!1}}),target:function(t){var n=e.location&&e.location.hash;return n&&n.slice(1)===t.id},root:function(e){return e===d},focus:function(e){return e===f.activeElement&&(!f.hasFocus||f.hasFocus())&&!!(e.type||e.href||~e.tabIndex)},enabled:function(e){return e.disabled===!1},disabled:function(e){return e.disabled===!0},checked:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&!!e.checked||"option"===t&&!!e.selected},selected:function(e){return e.parentNode&&e.parentNode.selectedIndex,e.selected===!0},empty:function(e){for(e=e.firstChild;e;e=e.nextSibling)if(e.nodeName>"@"||3===e.nodeType||4===e.nodeType)return!1;return!0},parent:function(e){return!o.pseudos.empty(e)},header:function(e){return tt.test(e.nodeName)},input:function(e){return et.test(e.nodeName)},button:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&"button"===e.type||"button"===t},text:function(e){var t;return"input"===e.nodeName.toLowerCase()&&"text"===e.type&&(null==(t=e.getAttribute("type"))||t.toLowerCase()===e.type)},first:vt(function(){return[0]}),last:vt(function(e,t){return[t-1]}),eq:vt(function(e,t,n){return[0>n?n+t:n]}),even:vt(function(e,t){var n=0;for(;t>n;n+=2)e.push(n);return e}),odd:vt(function(e,t){var n=1;for(;t>n;n+=2)e.push(n);return e}),lt:vt(function(e,t,n){var r=0>n?n+t:n;for(;--r>=0;)e.push(r);return e}),gt:vt(function(e,t,n){var r=0>n?n+t:n;for(;t>++r;)e.push(r);return e})}};for(n in{radio:!0,checkbox:!0,file:!0,password:!0,image:!0})o.pseudos[n]=mt(n);for(n in{submit:!0,reset:!0})o.pseudos[n]=yt(n);function bt(e,t){var n,r,i,a,s,l,u,c=k[e+" "];if(c)return t?0:c.slice(0);s=e,l=[],u=o.preFilter;while(s){(!n||(r=X.exec(s)))&&(r&&(s=s.slice(r[0].length)||s),l.push(i=[])),n=!1,(r=U.exec(s))&&(n=r.shift(),i.push({value:n,type:r[0].replace(z," ")}),s=s.slice(n.length));for(a in o.filter)!(r=Q[a].exec(s))||u[a]&&!(r=u[a](r))||(n=r.shift(),i.push({value:n,type:a,matches:r}),s=s.slice(n.length));if(!n)break}return t?s.length:s?at.error(e):k(e,l).slice(0)}function xt(e){var t=0,n=e.length,r="";for(;n>t;t++)r+=e[t].value;return r}function wt(e,t,n){var r=t.dir,o=n&&"parentNode"===r,a=C++;return t.first?function(t,n,i){while(t=t[r])if(1===t.nodeType||o)return e(t,n,i)}:function(t,n,s){var l,u,c,p=T+" "+a;if(s){while(t=t[r])if((1===t.nodeType||o)&&e(t,n,s))return!0}else while(t=t[r])if(1===t.nodeType||o)if(c=t[b]||(t[b]={}),(u=c[r])&&u[0]===p){if((l=u[1])===!0||l===i)return l===!0}else if(u=c[r]=[p],u[1]=e(t,n,s)||i,u[1]===!0)return!0}}function Tt(e){return e.length>1?function(t,n,r){var i=e.length;while(i--)if(!e[i](t,n,r))return!1;return!0}:e[0]}function Ct(e,t,n,r,i){var o,a=[],s=0,l=e.length,u=null!=t;for(;l>s;s++)(o=e[s])&&(!n||n(o,r,i))&&(a.push(o),u&&t.push(s));return a}function Nt(e,t,n,r,i,o){return r&&!r[b]&&(r=Nt(r)),i&&!i[b]&&(i=Nt(i,o)),ut(function(o,a,s,l){var u,c,p,f=[],d=[],h=a.length,g=o||St(t||"*",s.nodeType?[s]:s,[]),m=!e||!o&&t?g:Ct(g,f,e,s,l),y=n?i||(o?e:h||r)?[]:a:m;if(n&&n(m,y,s,l),r){u=Ct(y,d),r(u,[],s,l),c=u.length;while(c--)(p=u[c])&&(y[d[c]]=!(m[d[c]]=p))}if(o){if(i||e){if(i){u=[],c=y.length;while(c--)(p=y[c])&&u.push(m[c]=p);i(null,y=[],u,l)}c=y.length;while(c--)(p=y[c])&&(u=i?F.call(o,p):f[c])>-1&&(o[u]=!(a[u]=p))}}else y=Ct(y===a?y.splice(h,y.length):y),i?i(null,a,y,l):M.apply(a,y)})}function kt(e){var t,n,r,i=e.length,a=o.relative[e[0].type],s=a||o.relative[" "],l=a?1:0,c=wt(function(e){return e===t},s,!0),p=wt(function(e){return F.call(t,e)>-1},s,!0),f=[function(e,n,r){return!a&&(r||n!==u)||((t=n).nodeType?c(e,n,r):p(e,n,r))}];for(;i>l;l++)if(n=o.relative[e[l].type])f=[wt(Tt(f),n)];else{if(n=o.filter[e[l].type].apply(null,e[l].matches),n[b]){for(r=++l;i>r;r++)if(o.relative[e[r].type])break;return Nt(l>1&&Tt(f),l>1&&xt(e.slice(0,l-1).concat({value:" "===e[l-2].type?"*":""})).replace(z,"$1"),n,r>l&&kt(e.slice(l,r)),i>r&&kt(e=e.slice(r)),i>r&&xt(e))}f.push(n)}return Tt(f)}function Et(e,t){var n=0,r=t.length>0,a=e.length>0,s=function(s,l,c,p,d){var h,g,m,y=[],v=0,b="0",x=s&&[],w=null!=d,C=u,N=s||a&&o.find.TAG("*",d&&l.parentNode||l),k=T+=null==C?1:Math.random()||.1;for(w&&(u=l!==f&&l,i=n);null!=(h=N[b]);b++){if(a&&h){g=0;while(m=e[g++])if(m(h,l,c)){p.push(h);break}w&&(T=k,i=++n)}r&&((h=!m&&h)&&v--,s&&x.push(h))}if(v+=b,r&&b!==v){g=0;while(m=t[g++])m(x,y,l,c);if(s){if(v>0)while(b--)x[b]||y[b]||(y[b]=q.call(p));y=Ct(y)}M.apply(p,y),w&&!s&&y.length>0&&v+t.length>1&&at.uniqueSort(p)}return w&&(T=k,u=C),x};return r?ut(s):s}l=at.compile=function(e,t){var n,r=[],i=[],o=E[e+" "];if(!o){t||(t=bt(e)),n=t.length;while(n--)o=kt(t[n]),o[b]?r.push(o):i.push(o);o=E(e,Et(i,r))}return o};function St(e,t,n){var r=0,i=t.length;for(;i>r;r++)at(e,t[r],n);return n}function At(e,t,n,i){var a,s,u,c,p,f=bt(e);if(!i&&1===f.length){if(s=f[0]=f[0].slice(0),s.length>2&&"ID"===(u=s[0]).type&&r.getById&&9===t.nodeType&&h&&o.relative[s[1].type]){if(t=(o.find.ID(u.matches[0].replace(rt,it),t)||[])[0],!t)return n;e=e.slice(s.shift().value.length)}a=Q.needsContext.test(e)?0:s.length;while(a--){if(u=s[a],o.relative[c=u.type])break;if((p=o.find[c])&&(i=p(u.matches[0].replace(rt,it),V.test(s[0].type)&&t.parentNode||t))){if(s.splice(a,1),e=i.length&&xt(s),!e)return M.apply(n,i),n;break}}}return l(e,f)(i,t,!h,n,V.test(e)),n}o.pseudos.nth=o.pseudos.eq;function jt(){}jt.prototype=o.filters=o.pseudos,o.setFilters=new jt,r.sortStable=b.split("").sort(A).join("")===b,p(),[0,0].sort(A),r.detectDuplicates=S,x.find=at,x.expr=at.selectors,x.expr[":"]=x.expr.pseudos,x.unique=at.uniqueSort,x.text=at.getText,x.isXMLDoc=at.isXML,x.contains=at.contains}(e);var O={};function F(e){var t=O[e]={};return x.each(e.match(T)||[],function(e,n){t[n]=!0}),t}x.Callbacks=function(e){e="string"==typeof e?O[e]||F(e):x.extend({},e);var n,r,i,o,a,s,l=[],u=!e.once&&[],c=function(t){for(r=e.memory&&t,i=!0,a=s||0,s=0,o=l.length,n=!0;l&&o>a;a++)if(l[a].apply(t[0],t[1])===!1&&e.stopOnFalse){r=!1;break}n=!1,l&&(u?u.length&&c(u.shift()):r?l=[]:p.disable())},p={add:function(){if(l){var t=l.length;(function i(t){x.each(t,function(t,n){var r=x.type(n);"function"===r?e.unique&&p.has(n)||l.push(n):n&&n.length&&"string"!==r&&i(n)})})(arguments),n?o=l.length:r&&(s=t,c(r))}return this},remove:function(){return l&&x.each(arguments,function(e,t){var r;while((r=x.inArray(t,l,r))>-1)l.splice(r,1),n&&(o>=r&&o--,a>=r&&a--)}),this},has:function(e){return e?x.inArray(e,l)>-1:!(!l||!l.length)},empty:function(){return l=[],o=0,this},disable:function(){return l=u=r=t,this},disabled:function(){return!l},lock:function(){return u=t,r||p.disable(),this},locked:function(){return!u},fireWith:function(e,t){return t=t||[],t=[e,t.slice?t.slice():t],!l||i&&!u||(n?u.push(t):c(t)),this},fire:function(){return p.fireWith(this,arguments),this},fired:function(){return!!i}};return p},x.extend({Deferred:function(e){var t=[["resolve","done",x.Callbacks("once memory"),"resolved"],["reject","fail",x.Callbacks("once memory"),"rejected"],["notify","progress",x.Callbacks("memory")]],n="pending",r={state:function(){return n},always:function(){return i.done(arguments).fail(arguments),this},then:function(){var e=arguments;return x.Deferred(function(n){x.each(t,function(t,o){var a=o[0],s=x.isFunction(e[t])&&e[t];i[o[1]](function(){var e=s&&s.apply(this,arguments);e&&x.isFunction(e.promise)?e.promise().done(n.resolve).fail(n.reject).progress(n.notify):n[a+"With"](this===r?n.promise():this,s?[e]:arguments)})}),e=null}).promise()},promise:function(e){return null!=e?x.extend(e,r):r}},i={};return r.pipe=r.then,x.each(t,function(e,o){var a=o[2],s=o[3];r[o[1]]=a.add,s&&a.add(function(){n=s},t[1^e][2].disable,t[2][2].lock),i[o[0]]=function(){return i[o[0]+"With"](this===i?r:this,arguments),this},i[o[0]+"With"]=a.fireWith}),r.promise(i),e&&e.call(i,i),i},when:function(e){var t=0,n=g.call(arguments),r=n.length,i=1!==r||e&&x.isFunction(e.promise)?r:0,o=1===i?e:x.Deferred(),a=function(e,t,n){return function(r){t[e]=this,n[e]=arguments.length>1?g.call(arguments):r,n===s?o.notifyWith(t,n):--i||o.resolveWith(t,n)}},s,l,u;if(r>1)for(s=Array(r),l=Array(r),u=Array(r);r>t;t++)n[t]&&x.isFunction(n[t].promise)?n[t].promise().done(a(t,u,n)).fail(o.reject).progress(a(t,l,s)):--i;return i||o.resolveWith(u,n),o.promise()}}),x.support=function(t){var n,r,o,s,l,u,c,p,f,d=a.createElement("div");if(d.setAttribute("className","t"),d.innerHTML="
a",n=d.getElementsByTagName("*")||[],r=d.getElementsByTagName("a")[0],!r||!r.style||!n.length)return t;s=a.createElement("select"),u=s.appendChild(a.createElement("option")),o=d.getElementsByTagName("input")[0],r.style.cssText="top:1px;float:left;opacity:.5",t.getSetAttribute="t"!==d.className,t.leadingWhitespace=3===d.firstChild.nodeType,t.tbody=!d.getElementsByTagName("tbody").length,t.htmlSerialize=!!d.getElementsByTagName("link").length,t.style=/top/.test(r.getAttribute("style")),t.hrefNormalized="/a"===r.getAttribute("href"),t.opacity=/^0.5/.test(r.style.opacity),t.cssFloat=!!r.style.cssFloat,t.checkOn=!!o.value,t.optSelected=u.selected,t.enctype=!!a.createElement("form").enctype,t.html5Clone="<:nav>"!==a.createElement("nav").cloneNode(!0).outerHTML,t.inlineBlockNeedsLayout=!1,t.shrinkWrapBlocks=!1,t.pixelPosition=!1,t.deleteExpando=!0,t.noCloneEvent=!0,t.reliableMarginRight=!0,t.boxSizingReliable=!0,o.checked=!0,t.noCloneChecked=o.cloneNode(!0).checked,s.disabled=!0,t.optDisabled=!u.disabled;try{delete d.test}catch(h){t.deleteExpando=!1}o=a.createElement("input"),o.setAttribute("value",""),t.input=""===o.getAttribute("value"),o.value="t",o.setAttribute("type","radio"),t.radioValue="t"===o.value,o.setAttribute("checked","t"),o.setAttribute("name","t"),l=a.createDocumentFragment(),l.appendChild(o),t.appendChecked=o.checked,t.checkClone=l.cloneNode(!0).cloneNode(!0).lastChild.checked,d.attachEvent&&(d.attachEvent("onclick",function(){t.noCloneEvent=!1}),d.cloneNode(!0).click());for(f in{submit:!0,change:!0,focusin:!0})d.setAttribute(c="on"+f,"t"),t[f+"Bubbles"]=c in e||d.attributes[c].expando===!1;d.style.backgroundClip="content-box",d.cloneNode(!0).style.backgroundClip="",t.clearCloneStyle="content-box"===d.style.backgroundClip;for(f in x(t))break;return t.ownLast="0"!==f,x(function(){var n,r,o,s="padding:0;margin:0;border:0;display:block;box-sizing:content-box;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;",l=a.getElementsByTagName("body")[0];l&&(n=a.createElement("div"),n.style.cssText="border:0;width:0;height:0;position:absolute;top:0;left:-9999px;margin-top:1px",l.appendChild(n).appendChild(d),d.innerHTML="
t
",o=d.getElementsByTagName("td"),o[0].style.cssText="padding:0;margin:0;border:0;display:none",p=0===o[0].offsetHeight,o[0].style.display="",o[1].style.display="none",t.reliableHiddenOffsets=p&&0===o[0].offsetHeight,d.innerHTML="",d.style.cssText="box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;padding:1px;border:1px;display:block;width:4px;margin-top:1%;position:absolute;top:1%;",x.swap(l,null!=l.style.zoom?{zoom:1}:{},function(){t.boxSizing=4===d.offsetWidth}),e.getComputedStyle&&(t.pixelPosition="1%"!==(e.getComputedStyle(d,null)||{}).top,t.boxSizingReliable="4px"===(e.getComputedStyle(d,null)||{width:"4px"}).width,r=d.appendChild(a.createElement("div")),r.style.cssText=d.style.cssText=s,r.style.marginRight=r.style.width="0",d.style.width="1px",t.reliableMarginRight=!parseFloat((e.getComputedStyle(r,null)||{}).marginRight)),typeof d.style.zoom!==i&&(d.innerHTML="",d.style.cssText=s+"width:1px;padding:1px;display:inline;zoom:1",t.inlineBlockNeedsLayout=3===d.offsetWidth,d.style.display="block",d.innerHTML="
",d.firstChild.style.width="5px",t.shrinkWrapBlocks=3!==d.offsetWidth,t.inlineBlockNeedsLayout&&(l.style.zoom=1)),l.removeChild(n),n=d=o=r=null)}),n=s=l=u=r=o=null,t}({});var B=/(?:\{[\s\S]*\}|\[[\s\S]*\])$/,P=/([A-Z])/g;function R(e,n,r,i){if(x.acceptData(e)){var o,a,s=x.expando,l=e.nodeType,u=l?x.cache:e,c=l?e[s]:e[s]&&s; -if(c&&u[c]&&(i||u[c].data)||r!==t||"string"!=typeof n)return c||(c=l?e[s]=p.pop()||x.guid++:s),u[c]||(u[c]=l?{}:{toJSON:x.noop}),("object"==typeof n||"function"==typeof n)&&(i?u[c]=x.extend(u[c],n):u[c].data=x.extend(u[c].data,n)),a=u[c],i||(a.data||(a.data={}),a=a.data),r!==t&&(a[x.camelCase(n)]=r),"string"==typeof n?(o=a[n],null==o&&(o=a[x.camelCase(n)])):o=a,o}}function W(e,t,n){if(x.acceptData(e)){var r,i,o=e.nodeType,a=o?x.cache:e,s=o?e[x.expando]:x.expando;if(a[s]){if(t&&(r=n?a[s]:a[s].data)){x.isArray(t)?t=t.concat(x.map(t,x.camelCase)):t in r?t=[t]:(t=x.camelCase(t),t=t in r?[t]:t.split(" ")),i=t.length;while(i--)delete r[t[i]];if(n?!I(r):!x.isEmptyObject(r))return}(n||(delete a[s].data,I(a[s])))&&(o?x.cleanData([e],!0):x.support.deleteExpando||a!=a.window?delete a[s]:a[s]=null)}}}x.extend({cache:{},noData:{applet:!0,embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"},hasData:function(e){return e=e.nodeType?x.cache[e[x.expando]]:e[x.expando],!!e&&!I(e)},data:function(e,t,n){return R(e,t,n)},removeData:function(e,t){return W(e,t)},_data:function(e,t,n){return R(e,t,n,!0)},_removeData:function(e,t){return W(e,t,!0)},acceptData:function(e){if(e.nodeType&&1!==e.nodeType&&9!==e.nodeType)return!1;var t=e.nodeName&&x.noData[e.nodeName.toLowerCase()];return!t||t!==!0&&e.getAttribute("classid")===t}}),x.fn.extend({data:function(e,n){var r,i,o=null,a=0,s=this[0];if(e===t){if(this.length&&(o=x.data(s),1===s.nodeType&&!x._data(s,"parsedAttrs"))){for(r=s.attributes;r.length>a;a++)i=r[a].name,0===i.indexOf("data-")&&(i=x.camelCase(i.slice(5)),$(s,i,o[i]));x._data(s,"parsedAttrs",!0)}return o}return"object"==typeof e?this.each(function(){x.data(this,e)}):arguments.length>1?this.each(function(){x.data(this,e,n)}):s?$(s,e,x.data(s,e)):null},removeData:function(e){return this.each(function(){x.removeData(this,e)})}});function $(e,n,r){if(r===t&&1===e.nodeType){var i="data-"+n.replace(P,"-$1").toLowerCase();if(r=e.getAttribute(i),"string"==typeof r){try{r="true"===r?!0:"false"===r?!1:"null"===r?null:+r+""===r?+r:B.test(r)?x.parseJSON(r):r}catch(o){}x.data(e,n,r)}else r=t}return r}function I(e){var t;for(t in e)if(("data"!==t||!x.isEmptyObject(e[t]))&&"toJSON"!==t)return!1;return!0}x.extend({queue:function(e,n,r){var i;return e?(n=(n||"fx")+"queue",i=x._data(e,n),r&&(!i||x.isArray(r)?i=x._data(e,n,x.makeArray(r)):i.push(r)),i||[]):t},dequeue:function(e,t){t=t||"fx";var n=x.queue(e,t),r=n.length,i=n.shift(),o=x._queueHooks(e,t),a=function(){x.dequeue(e,t)};"inprogress"===i&&(i=n.shift(),r--),o.cur=i,i&&("fx"===t&&n.unshift("inprogress"),delete o.stop,i.call(e,a,o)),!r&&o&&o.empty.fire()},_queueHooks:function(e,t){var n=t+"queueHooks";return x._data(e,n)||x._data(e,n,{empty:x.Callbacks("once memory").add(function(){x._removeData(e,t+"queue"),x._removeData(e,n)})})}}),x.fn.extend({queue:function(e,n){var r=2;return"string"!=typeof e&&(n=e,e="fx",r--),r>arguments.length?x.queue(this[0],e):n===t?this:this.each(function(){var t=x.queue(this,e,n);x._queueHooks(this,e),"fx"===e&&"inprogress"!==t[0]&&x.dequeue(this,e)})},dequeue:function(e){return this.each(function(){x.dequeue(this,e)})},delay:function(e,t){return e=x.fx?x.fx.speeds[e]||e:e,t=t||"fx",this.queue(t,function(t,n){var r=setTimeout(t,e);n.stop=function(){clearTimeout(r)}})},clearQueue:function(e){return this.queue(e||"fx",[])},promise:function(e,n){var r,i=1,o=x.Deferred(),a=this,s=this.length,l=function(){--i||o.resolveWith(a,[a])};"string"!=typeof e&&(n=e,e=t),e=e||"fx";while(s--)r=x._data(a[s],e+"queueHooks"),r&&r.empty&&(i++,r.empty.add(l));return l(),o.promise(n)}});var z,X,U=/[\t\r\n\f]/g,V=/\r/g,Y=/^(?:input|select|textarea|button|object)$/i,J=/^(?:a|area)$/i,G=/^(?:checked|selected)$/i,Q=x.support.getSetAttribute,K=x.support.input;x.fn.extend({attr:function(e,t){return x.access(this,x.attr,e,t,arguments.length>1)},removeAttr:function(e){return this.each(function(){x.removeAttr(this,e)})},prop:function(e,t){return x.access(this,x.prop,e,t,arguments.length>1)},removeProp:function(e){return e=x.propFix[e]||e,this.each(function(){try{this[e]=t,delete this[e]}catch(n){}})},addClass:function(e){var t,n,r,i,o,a=0,s=this.length,l="string"==typeof e&&e;if(x.isFunction(e))return this.each(function(t){x(this).addClass(e.call(this,t,this.className))});if(l)for(t=(e||"").match(T)||[];s>a;a++)if(n=this[a],r=1===n.nodeType&&(n.className?(" "+n.className+" ").replace(U," "):" ")){o=0;while(i=t[o++])0>r.indexOf(" "+i+" ")&&(r+=i+" ");n.className=x.trim(r)}return this},removeClass:function(e){var t,n,r,i,o,a=0,s=this.length,l=0===arguments.length||"string"==typeof e&&e;if(x.isFunction(e))return this.each(function(t){x(this).removeClass(e.call(this,t,this.className))});if(l)for(t=(e||"").match(T)||[];s>a;a++)if(n=this[a],r=1===n.nodeType&&(n.className?(" "+n.className+" ").replace(U," "):"")){o=0;while(i=t[o++])while(r.indexOf(" "+i+" ")>=0)r=r.replace(" "+i+" "," ");n.className=e?x.trim(r):""}return this},toggleClass:function(e,t){var n=typeof e,r="boolean"==typeof t;return x.isFunction(e)?this.each(function(n){x(this).toggleClass(e.call(this,n,this.className,t),t)}):this.each(function(){if("string"===n){var o,a=0,s=x(this),l=t,u=e.match(T)||[];while(o=u[a++])l=r?l:!s.hasClass(o),s[l?"addClass":"removeClass"](o)}else(n===i||"boolean"===n)&&(this.className&&x._data(this,"__className__",this.className),this.className=this.className||e===!1?"":x._data(this,"__className__")||"")})},hasClass:function(e){var t=" "+e+" ",n=0,r=this.length;for(;r>n;n++)if(1===this[n].nodeType&&(" "+this[n].className+" ").replace(U," ").indexOf(t)>=0)return!0;return!1},val:function(e){var n,r,i,o=this[0];{if(arguments.length)return i=x.isFunction(e),this.each(function(n){var o;1===this.nodeType&&(o=i?e.call(this,n,x(this).val()):e,null==o?o="":"number"==typeof o?o+="":x.isArray(o)&&(o=x.map(o,function(e){return null==e?"":e+""})),r=x.valHooks[this.type]||x.valHooks[this.nodeName.toLowerCase()],r&&"set"in r&&r.set(this,o,"value")!==t||(this.value=o))});if(o)return r=x.valHooks[o.type]||x.valHooks[o.nodeName.toLowerCase()],r&&"get"in r&&(n=r.get(o,"value"))!==t?n:(n=o.value,"string"==typeof n?n.replace(V,""):null==n?"":n)}}}),x.extend({valHooks:{option:{get:function(e){var t=x.find.attr(e,"value");return null!=t?t:e.text}},select:{get:function(e){var t,n,r=e.options,i=e.selectedIndex,o="select-one"===e.type||0>i,a=o?null:[],s=o?i+1:r.length,l=0>i?s:o?i:0;for(;s>l;l++)if(n=r[l],!(!n.selected&&l!==i||(x.support.optDisabled?n.disabled:null!==n.getAttribute("disabled"))||n.parentNode.disabled&&x.nodeName(n.parentNode,"optgroup"))){if(t=x(n).val(),o)return t;a.push(t)}return a},set:function(e,t){var n,r,i=e.options,o=x.makeArray(t),a=i.length;while(a--)r=i[a],(r.selected=x.inArray(x(r).val(),o)>=0)&&(n=!0);return n||(e.selectedIndex=-1),o}}},attr:function(e,n,r){var o,a,s=e.nodeType;if(e&&3!==s&&8!==s&&2!==s)return typeof e.getAttribute===i?x.prop(e,n,r):(1===s&&x.isXMLDoc(e)||(n=n.toLowerCase(),o=x.attrHooks[n]||(x.expr.match.bool.test(n)?X:z)),r===t?o&&"get"in o&&null!==(a=o.get(e,n))?a:(a=x.find.attr(e,n),null==a?t:a):null!==r?o&&"set"in o&&(a=o.set(e,r,n))!==t?a:(e.setAttribute(n,r+""),r):(x.removeAttr(e,n),t))},removeAttr:function(e,t){var n,r,i=0,o=t&&t.match(T);if(o&&1===e.nodeType)while(n=o[i++])r=x.propFix[n]||n,x.expr.match.bool.test(n)?K&&Q||!G.test(n)?e[r]=!1:e[x.camelCase("default-"+n)]=e[r]=!1:x.attr(e,n,""),e.removeAttribute(Q?n:r)},attrHooks:{type:{set:function(e,t){if(!x.support.radioValue&&"radio"===t&&x.nodeName(e,"input")){var n=e.value;return e.setAttribute("type",t),n&&(e.value=n),t}}}},propFix:{"for":"htmlFor","class":"className"},prop:function(e,n,r){var i,o,a,s=e.nodeType;if(e&&3!==s&&8!==s&&2!==s)return a=1!==s||!x.isXMLDoc(e),a&&(n=x.propFix[n]||n,o=x.propHooks[n]),r!==t?o&&"set"in o&&(i=o.set(e,r,n))!==t?i:e[n]=r:o&&"get"in o&&null!==(i=o.get(e,n))?i:e[n]},propHooks:{tabIndex:{get:function(e){var t=x.find.attr(e,"tabindex");return t?parseInt(t,10):Y.test(e.nodeName)||J.test(e.nodeName)&&e.href?0:-1}}}}),X={set:function(e,t,n){return t===!1?x.removeAttr(e,n):K&&Q||!G.test(n)?e.setAttribute(!Q&&x.propFix[n]||n,n):e[x.camelCase("default-"+n)]=e[n]=!0,n}},x.each(x.expr.match.bool.source.match(/\w+/g),function(e,n){var r=x.expr.attrHandle[n]||x.find.attr;x.expr.attrHandle[n]=K&&Q||!G.test(n)?function(e,n,i){var o=x.expr.attrHandle[n],a=i?t:(x.expr.attrHandle[n]=t)!=r(e,n,i)?n.toLowerCase():null;return x.expr.attrHandle[n]=o,a}:function(e,n,r){return r?t:e[x.camelCase("default-"+n)]?n.toLowerCase():null}}),K&&Q||(x.attrHooks.value={set:function(e,n,r){return x.nodeName(e,"input")?(e.defaultValue=n,t):z&&z.set(e,n,r)}}),Q||(z={set:function(e,n,r){var i=e.getAttributeNode(r);return i||e.setAttributeNode(i=e.ownerDocument.createAttribute(r)),i.value=n+="","value"===r||n===e.getAttribute(r)?n:t}},x.expr.attrHandle.id=x.expr.attrHandle.name=x.expr.attrHandle.coords=function(e,n,r){var i;return r?t:(i=e.getAttributeNode(n))&&""!==i.value?i.value:null},x.valHooks.button={get:function(e,n){var r=e.getAttributeNode(n);return r&&r.specified?r.value:t},set:z.set},x.attrHooks.contenteditable={set:function(e,t,n){z.set(e,""===t?!1:t,n)}},x.each(["width","height"],function(e,n){x.attrHooks[n]={set:function(e,r){return""===r?(e.setAttribute(n,"auto"),r):t}}})),x.support.hrefNormalized||x.each(["href","src"],function(e,t){x.propHooks[t]={get:function(e){return e.getAttribute(t,4)}}}),x.support.style||(x.attrHooks.style={get:function(e){return e.style.cssText||t},set:function(e,t){return e.style.cssText=t+""}}),x.support.optSelected||(x.propHooks.selected={get:function(e){var t=e.parentNode;return t&&(t.selectedIndex,t.parentNode&&t.parentNode.selectedIndex),null}}),x.each(["tabIndex","readOnly","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder","contentEditable"],function(){x.propFix[this.toLowerCase()]=this}),x.support.enctype||(x.propFix.enctype="encoding"),x.each(["radio","checkbox"],function(){x.valHooks[this]={set:function(e,n){return x.isArray(n)?e.checked=x.inArray(x(e).val(),n)>=0:t}},x.support.checkOn||(x.valHooks[this].get=function(e){return null===e.getAttribute("value")?"on":e.value})});var Z=/^(?:input|select|textarea)$/i,et=/^key/,tt=/^(?:mouse|contextmenu)|click/,nt=/^(?:focusinfocus|focusoutblur)$/,rt=/^([^.]*)(?:\.(.+)|)$/;function it(){return!0}function ot(){return!1}function at(){try{return a.activeElement}catch(e){}}x.event={global:{},add:function(e,n,r,o,a){var s,l,u,c,p,f,d,h,g,m,y,v=x._data(e);if(v){r.handler&&(c=r,r=c.handler,a=c.selector),r.guid||(r.guid=x.guid++),(l=v.events)||(l=v.events={}),(f=v.handle)||(f=v.handle=function(e){return typeof x===i||e&&x.event.triggered===e.type?t:x.event.dispatch.apply(f.elem,arguments)},f.elem=e),n=(n||"").match(T)||[""],u=n.length;while(u--)s=rt.exec(n[u])||[],g=y=s[1],m=(s[2]||"").split(".").sort(),g&&(p=x.event.special[g]||{},g=(a?p.delegateType:p.bindType)||g,p=x.event.special[g]||{},d=x.extend({type:g,origType:y,data:o,handler:r,guid:r.guid,selector:a,needsContext:a&&x.expr.match.needsContext.test(a),namespace:m.join(".")},c),(h=l[g])||(h=l[g]=[],h.delegateCount=0,p.setup&&p.setup.call(e,o,m,f)!==!1||(e.addEventListener?e.addEventListener(g,f,!1):e.attachEvent&&e.attachEvent("on"+g,f))),p.add&&(p.add.call(e,d),d.handler.guid||(d.handler.guid=r.guid)),a?h.splice(h.delegateCount++,0,d):h.push(d),x.event.global[g]=!0);e=null}},remove:function(e,t,n,r,i){var o,a,s,l,u,c,p,f,d,h,g,m=x.hasData(e)&&x._data(e);if(m&&(c=m.events)){t=(t||"").match(T)||[""],u=t.length;while(u--)if(s=rt.exec(t[u])||[],d=g=s[1],h=(s[2]||"").split(".").sort(),d){p=x.event.special[d]||{},d=(r?p.delegateType:p.bindType)||d,f=c[d]||[],s=s[2]&&RegExp("(^|\\.)"+h.join("\\.(?:.*\\.|)")+"(\\.|$)"),l=o=f.length;while(o--)a=f[o],!i&&g!==a.origType||n&&n.guid!==a.guid||s&&!s.test(a.namespace)||r&&r!==a.selector&&("**"!==r||!a.selector)||(f.splice(o,1),a.selector&&f.delegateCount--,p.remove&&p.remove.call(e,a));l&&!f.length&&(p.teardown&&p.teardown.call(e,h,m.handle)!==!1||x.removeEvent(e,d,m.handle),delete c[d])}else for(d in c)x.event.remove(e,d+t[u],n,r,!0);x.isEmptyObject(c)&&(delete m.handle,x._removeData(e,"events"))}},trigger:function(n,r,i,o){var s,l,u,c,p,f,d,h=[i||a],g=v.call(n,"type")?n.type:n,m=v.call(n,"namespace")?n.namespace.split("."):[];if(u=f=i=i||a,3!==i.nodeType&&8!==i.nodeType&&!nt.test(g+x.event.triggered)&&(g.indexOf(".")>=0&&(m=g.split("."),g=m.shift(),m.sort()),l=0>g.indexOf(":")&&"on"+g,n=n[x.expando]?n:new x.Event(g,"object"==typeof n&&n),n.isTrigger=o?2:3,n.namespace=m.join("."),n.namespace_re=n.namespace?RegExp("(^|\\.)"+m.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,n.result=t,n.target||(n.target=i),r=null==r?[n]:x.makeArray(r,[n]),p=x.event.special[g]||{},o||!p.trigger||p.trigger.apply(i,r)!==!1)){if(!o&&!p.noBubble&&!x.isWindow(i)){for(c=p.delegateType||g,nt.test(c+g)||(u=u.parentNode);u;u=u.parentNode)h.push(u),f=u;f===(i.ownerDocument||a)&&h.push(f.defaultView||f.parentWindow||e)}d=0;while((u=h[d++])&&!n.isPropagationStopped())n.type=d>1?c:p.bindType||g,s=(x._data(u,"events")||{})[n.type]&&x._data(u,"handle"),s&&s.apply(u,r),s=l&&u[l],s&&x.acceptData(u)&&s.apply&&s.apply(u,r)===!1&&n.preventDefault();if(n.type=g,!o&&!n.isDefaultPrevented()&&(!p._default||p._default.apply(h.pop(),r)===!1)&&x.acceptData(i)&&l&&i[g]&&!x.isWindow(i)){f=i[l],f&&(i[l]=null),x.event.triggered=g;try{i[g]()}catch(y){}x.event.triggered=t,f&&(i[l]=f)}return n.result}},dispatch:function(e){e=x.event.fix(e);var n,r,i,o,a,s=[],l=g.call(arguments),u=(x._data(this,"events")||{})[e.type]||[],c=x.event.special[e.type]||{};if(l[0]=e,e.delegateTarget=this,!c.preDispatch||c.preDispatch.call(this,e)!==!1){s=x.event.handlers.call(this,e,u),n=0;while((o=s[n++])&&!e.isPropagationStopped()){e.currentTarget=o.elem,a=0;while((i=o.handlers[a++])&&!e.isImmediatePropagationStopped())(!e.namespace_re||e.namespace_re.test(i.namespace))&&(e.handleObj=i,e.data=i.data,r=((x.event.special[i.origType]||{}).handle||i.handler).apply(o.elem,l),r!==t&&(e.result=r)===!1&&(e.preventDefault(),e.stopPropagation()))}return c.postDispatch&&c.postDispatch.call(this,e),e.result}},handlers:function(e,n){var r,i,o,a,s=[],l=n.delegateCount,u=e.target;if(l&&u.nodeType&&(!e.button||"click"!==e.type))for(;u!=this;u=u.parentNode||this)if(1===u.nodeType&&(u.disabled!==!0||"click"!==e.type)){for(o=[],a=0;l>a;a++)i=n[a],r=i.selector+" ",o[r]===t&&(o[r]=i.needsContext?x(r,this).index(u)>=0:x.find(r,this,null,[u]).length),o[r]&&o.push(i);o.length&&s.push({elem:u,handlers:o})}return n.length>l&&s.push({elem:this,handlers:n.slice(l)}),s},fix:function(e){if(e[x.expando])return e;var t,n,r,i=e.type,o=e,s=this.fixHooks[i];s||(this.fixHooks[i]=s=tt.test(i)?this.mouseHooks:et.test(i)?this.keyHooks:{}),r=s.props?this.props.concat(s.props):this.props,e=new x.Event(o),t=r.length;while(t--)n=r[t],e[n]=o[n];return e.target||(e.target=o.srcElement||a),3===e.target.nodeType&&(e.target=e.target.parentNode),e.metaKey=!!e.metaKey,s.filter?s.filter(e,o):e},props:"altKey bubbles cancelable ctrlKey currentTarget eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "),fixHooks:{},keyHooks:{props:"char charCode key keyCode".split(" "),filter:function(e,t){return null==e.which&&(e.which=null!=t.charCode?t.charCode:t.keyCode),e}},mouseHooks:{props:"button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX screenY toElement".split(" "),filter:function(e,n){var r,i,o,s=n.button,l=n.fromElement;return null==e.pageX&&null!=n.clientX&&(i=e.target.ownerDocument||a,o=i.documentElement,r=i.body,e.pageX=n.clientX+(o&&o.scrollLeft||r&&r.scrollLeft||0)-(o&&o.clientLeft||r&&r.clientLeft||0),e.pageY=n.clientY+(o&&o.scrollTop||r&&r.scrollTop||0)-(o&&o.clientTop||r&&r.clientTop||0)),!e.relatedTarget&&l&&(e.relatedTarget=l===e.target?n.toElement:l),e.which||s===t||(e.which=1&s?1:2&s?3:4&s?2:0),e}},special:{load:{noBubble:!0},focus:{trigger:function(){if(this!==at()&&this.focus)try{return this.focus(),!1}catch(e){}},delegateType:"focusin"},blur:{trigger:function(){return this===at()&&this.blur?(this.blur(),!1):t},delegateType:"focusout"},click:{trigger:function(){return x.nodeName(this,"input")&&"checkbox"===this.type&&this.click?(this.click(),!1):t},_default:function(e){return x.nodeName(e.target,"a")}},beforeunload:{postDispatch:function(e){e.result!==t&&(e.originalEvent.returnValue=e.result)}}},simulate:function(e,t,n,r){var i=x.extend(new x.Event,n,{type:e,isSimulated:!0,originalEvent:{}});r?x.event.trigger(i,null,t):x.event.dispatch.call(t,i),i.isDefaultPrevented()&&n.preventDefault()}},x.removeEvent=a.removeEventListener?function(e,t,n){e.removeEventListener&&e.removeEventListener(t,n,!1)}:function(e,t,n){var r="on"+t;e.detachEvent&&(typeof e[r]===i&&(e[r]=null),e.detachEvent(r,n))},x.Event=function(e,n){return this instanceof x.Event?(e&&e.type?(this.originalEvent=e,this.type=e.type,this.isDefaultPrevented=e.defaultPrevented||e.returnValue===!1||e.getPreventDefault&&e.getPreventDefault()?it:ot):this.type=e,n&&x.extend(this,n),this.timeStamp=e&&e.timeStamp||x.now(),this[x.expando]=!0,t):new x.Event(e,n)},x.Event.prototype={isDefaultPrevented:ot,isPropagationStopped:ot,isImmediatePropagationStopped:ot,preventDefault:function(){var e=this.originalEvent;this.isDefaultPrevented=it,e&&(e.preventDefault?e.preventDefault():e.returnValue=!1)},stopPropagation:function(){var e=this.originalEvent;this.isPropagationStopped=it,e&&(e.stopPropagation&&e.stopPropagation(),e.cancelBubble=!0)},stopImmediatePropagation:function(){this.isImmediatePropagationStopped=it,this.stopPropagation()}},x.each({mouseenter:"mouseover",mouseleave:"mouseout"},function(e,t){x.event.special[e]={delegateType:t,bindType:t,handle:function(e){var n,r=this,i=e.relatedTarget,o=e.handleObj;return(!i||i!==r&&!x.contains(r,i))&&(e.type=o.origType,n=o.handler.apply(this,arguments),e.type=t),n}}}),x.support.submitBubbles||(x.event.special.submit={setup:function(){return x.nodeName(this,"form")?!1:(x.event.add(this,"click._submit keypress._submit",function(e){var n=e.target,r=x.nodeName(n,"input")||x.nodeName(n,"button")?n.form:t;r&&!x._data(r,"submitBubbles")&&(x.event.add(r,"submit._submit",function(e){e._submit_bubble=!0}),x._data(r,"submitBubbles",!0))}),t)},postDispatch:function(e){e._submit_bubble&&(delete e._submit_bubble,this.parentNode&&!e.isTrigger&&x.event.simulate("submit",this.parentNode,e,!0))},teardown:function(){return x.nodeName(this,"form")?!1:(x.event.remove(this,"._submit"),t)}}),x.support.changeBubbles||(x.event.special.change={setup:function(){return Z.test(this.nodeName)?(("checkbox"===this.type||"radio"===this.type)&&(x.event.add(this,"propertychange._change",function(e){"checked"===e.originalEvent.propertyName&&(this._just_changed=!0)}),x.event.add(this,"click._change",function(e){this._just_changed&&!e.isTrigger&&(this._just_changed=!1),x.event.simulate("change",this,e,!0)})),!1):(x.event.add(this,"beforeactivate._change",function(e){var t=e.target;Z.test(t.nodeName)&&!x._data(t,"changeBubbles")&&(x.event.add(t,"change._change",function(e){!this.parentNode||e.isSimulated||e.isTrigger||x.event.simulate("change",this.parentNode,e,!0)}),x._data(t,"changeBubbles",!0))}),t)},handle:function(e){var n=e.target;return this!==n||e.isSimulated||e.isTrigger||"radio"!==n.type&&"checkbox"!==n.type?e.handleObj.handler.apply(this,arguments):t},teardown:function(){return x.event.remove(this,"._change"),!Z.test(this.nodeName)}}),x.support.focusinBubbles||x.each({focus:"focusin",blur:"focusout"},function(e,t){var n=0,r=function(e){x.event.simulate(t,e.target,x.event.fix(e),!0)};x.event.special[t]={setup:function(){0===n++&&a.addEventListener(e,r,!0)},teardown:function(){0===--n&&a.removeEventListener(e,r,!0)}}}),x.fn.extend({on:function(e,n,r,i,o){var a,s;if("object"==typeof e){"string"!=typeof n&&(r=r||n,n=t);for(a in e)this.on(a,n,r,e[a],o);return this}if(null==r&&null==i?(i=n,r=n=t):null==i&&("string"==typeof n?(i=r,r=t):(i=r,r=n,n=t)),i===!1)i=ot;else if(!i)return this;return 1===o&&(s=i,i=function(e){return x().off(e),s.apply(this,arguments)},i.guid=s.guid||(s.guid=x.guid++)),this.each(function(){x.event.add(this,e,i,r,n)})},one:function(e,t,n,r){return this.on(e,t,n,r,1)},off:function(e,n,r){var i,o;if(e&&e.preventDefault&&e.handleObj)return i=e.handleObj,x(e.delegateTarget).off(i.namespace?i.origType+"."+i.namespace:i.origType,i.selector,i.handler),this;if("object"==typeof e){for(o in e)this.off(o,n,e[o]);return this}return(n===!1||"function"==typeof n)&&(r=n,n=t),r===!1&&(r=ot),this.each(function(){x.event.remove(this,e,r,n)})},trigger:function(e,t){return this.each(function(){x.event.trigger(e,t,this)})},triggerHandler:function(e,n){var r=this[0];return r?x.event.trigger(e,n,r,!0):t}});var st=/^.[^:#\[\.,]*$/,lt=/^(?:parents|prev(?:Until|All))/,ut=x.expr.match.needsContext,ct={children:!0,contents:!0,next:!0,prev:!0};x.fn.extend({find:function(e){var t,n=[],r=this,i=r.length;if("string"!=typeof e)return this.pushStack(x(e).filter(function(){for(t=0;i>t;t++)if(x.contains(r[t],this))return!0}));for(t=0;i>t;t++)x.find(e,r[t],n);return n=this.pushStack(i>1?x.unique(n):n),n.selector=this.selector?this.selector+" "+e:e,n},has:function(e){var t,n=x(e,this),r=n.length;return this.filter(function(){for(t=0;r>t;t++)if(x.contains(this,n[t]))return!0})},not:function(e){return this.pushStack(ft(this,e||[],!0))},filter:function(e){return this.pushStack(ft(this,e||[],!1))},is:function(e){return!!ft(this,"string"==typeof e&&ut.test(e)?x(e):e||[],!1).length},closest:function(e,t){var n,r=0,i=this.length,o=[],a=ut.test(e)||"string"!=typeof e?x(e,t||this.context):0;for(;i>r;r++)for(n=this[r];n&&n!==t;n=n.parentNode)if(11>n.nodeType&&(a?a.index(n)>-1:1===n.nodeType&&x.find.matchesSelector(n,e))){n=o.push(n);break}return this.pushStack(o.length>1?x.unique(o):o)},index:function(e){return e?"string"==typeof e?x.inArray(this[0],x(e)):x.inArray(e.jquery?e[0]:e,this):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(e,t){var n="string"==typeof e?x(e,t):x.makeArray(e&&e.nodeType?[e]:e),r=x.merge(this.get(),n);return this.pushStack(x.unique(r))},addBack:function(e){return this.add(null==e?this.prevObject:this.prevObject.filter(e))}});function pt(e,t){do e=e[t];while(e&&1!==e.nodeType);return e}x.each({parent:function(e){var t=e.parentNode;return t&&11!==t.nodeType?t:null},parents:function(e){return x.dir(e,"parentNode")},parentsUntil:function(e,t,n){return x.dir(e,"parentNode",n)},next:function(e){return pt(e,"nextSibling")},prev:function(e){return pt(e,"previousSibling")},nextAll:function(e){return x.dir(e,"nextSibling")},prevAll:function(e){return x.dir(e,"previousSibling")},nextUntil:function(e,t,n){return x.dir(e,"nextSibling",n)},prevUntil:function(e,t,n){return x.dir(e,"previousSibling",n)},siblings:function(e){return x.sibling((e.parentNode||{}).firstChild,e)},children:function(e){return x.sibling(e.firstChild)},contents:function(e){return x.nodeName(e,"iframe")?e.contentDocument||e.contentWindow.document:x.merge([],e.childNodes)}},function(e,t){x.fn[e]=function(n,r){var i=x.map(this,t,n);return"Until"!==e.slice(-5)&&(r=n),r&&"string"==typeof r&&(i=x.filter(r,i)),this.length>1&&(ct[e]||(i=x.unique(i)),lt.test(e)&&(i=i.reverse())),this.pushStack(i)}}),x.extend({filter:function(e,t,n){var r=t[0];return n&&(e=":not("+e+")"),1===t.length&&1===r.nodeType?x.find.matchesSelector(r,e)?[r]:[]:x.find.matches(e,x.grep(t,function(e){return 1===e.nodeType}))},dir:function(e,n,r){var i=[],o=e[n];while(o&&9!==o.nodeType&&(r===t||1!==o.nodeType||!x(o).is(r)))1===o.nodeType&&i.push(o),o=o[n];return i},sibling:function(e,t){var n=[];for(;e;e=e.nextSibling)1===e.nodeType&&e!==t&&n.push(e);return n}});function ft(e,t,n){if(x.isFunction(t))return x.grep(e,function(e,r){return!!t.call(e,r,e)!==n});if(t.nodeType)return x.grep(e,function(e){return e===t!==n});if("string"==typeof t){if(st.test(t))return x.filter(t,e,n);t=x.filter(t,e)}return x.grep(e,function(e){return x.inArray(e,t)>=0!==n})}function dt(e){var t=ht.split("|"),n=e.createDocumentFragment();if(n.createElement)while(t.length)n.createElement(t.pop());return n}var ht="abbr|article|aside|audio|bdi|canvas|data|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",gt=/ jQuery\d+="(?:null|\d+)"/g,mt=RegExp("<(?:"+ht+")[\\s/>]","i"),yt=/^\s+/,vt=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi,bt=/<([\w:]+)/,xt=/\s*$/g,At={option:[1,""],legend:[1,"
","
"],area:[1,"",""],param:[1,"",""],thead:[1,"","
"],tr:[2,"","
"],col:[2,"","
"],td:[3,"","
"],_default:x.support.htmlSerialize?[0,"",""]:[1,"X
","
"]},jt=dt(a),Dt=jt.appendChild(a.createElement("div"));At.optgroup=At.option,At.tbody=At.tfoot=At.colgroup=At.caption=At.thead,At.th=At.td,x.fn.extend({text:function(e){return x.access(this,function(e){return e===t?x.text(this):this.empty().append((this[0]&&this[0].ownerDocument||a).createTextNode(e))},null,e,arguments.length)},append:function(){return this.domManip(arguments,function(e){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var t=Lt(this,e);t.appendChild(e)}})},prepend:function(){return this.domManip(arguments,function(e){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var t=Lt(this,e);t.insertBefore(e,t.firstChild)}})},before:function(){return this.domManip(arguments,function(e){this.parentNode&&this.parentNode.insertBefore(e,this)})},after:function(){return this.domManip(arguments,function(e){this.parentNode&&this.parentNode.insertBefore(e,this.nextSibling)})},remove:function(e,t){var n,r=e?x.filter(e,this):this,i=0;for(;null!=(n=r[i]);i++)t||1!==n.nodeType||x.cleanData(Ft(n)),n.parentNode&&(t&&x.contains(n.ownerDocument,n)&&_t(Ft(n,"script")),n.parentNode.removeChild(n));return this},empty:function(){var e,t=0;for(;null!=(e=this[t]);t++){1===e.nodeType&&x.cleanData(Ft(e,!1));while(e.firstChild)e.removeChild(e.firstChild);e.options&&x.nodeName(e,"select")&&(e.options.length=0)}return this},clone:function(e,t){return e=null==e?!1:e,t=null==t?e:t,this.map(function(){return x.clone(this,e,t)})},html:function(e){return x.access(this,function(e){var n=this[0]||{},r=0,i=this.length;if(e===t)return 1===n.nodeType?n.innerHTML.replace(gt,""):t;if(!("string"!=typeof e||Tt.test(e)||!x.support.htmlSerialize&&mt.test(e)||!x.support.leadingWhitespace&&yt.test(e)||At[(bt.exec(e)||["",""])[1].toLowerCase()])){e=e.replace(vt,"<$1>");try{for(;i>r;r++)n=this[r]||{},1===n.nodeType&&(x.cleanData(Ft(n,!1)),n.innerHTML=e);n=0}catch(o){}}n&&this.empty().append(e)},null,e,arguments.length)},replaceWith:function(){var e=x.map(this,function(e){return[e.nextSibling,e.parentNode]}),t=0;return this.domManip(arguments,function(n){var r=e[t++],i=e[t++];i&&(r&&r.parentNode!==i&&(r=this.nextSibling),x(this).remove(),i.insertBefore(n,r))},!0),t?this:this.remove()},detach:function(e){return this.remove(e,!0)},domManip:function(e,t,n){e=d.apply([],e);var r,i,o,a,s,l,u=0,c=this.length,p=this,f=c-1,h=e[0],g=x.isFunction(h);if(g||!(1>=c||"string"!=typeof h||x.support.checkClone)&&Nt.test(h))return this.each(function(r){var i=p.eq(r);g&&(e[0]=h.call(this,r,i.html())),i.domManip(e,t,n)});if(c&&(l=x.buildFragment(e,this[0].ownerDocument,!1,!n&&this),r=l.firstChild,1===l.childNodes.length&&(l=r),r)){for(a=x.map(Ft(l,"script"),Ht),o=a.length;c>u;u++)i=l,u!==f&&(i=x.clone(i,!0,!0),o&&x.merge(a,Ft(i,"script"))),t.call(this[u],i,u);if(o)for(s=a[a.length-1].ownerDocument,x.map(a,qt),u=0;o>u;u++)i=a[u],kt.test(i.type||"")&&!x._data(i,"globalEval")&&x.contains(s,i)&&(i.src?x._evalUrl(i.src):x.globalEval((i.text||i.textContent||i.innerHTML||"").replace(St,"")));l=r=null}return this}});function Lt(e,t){return x.nodeName(e,"table")&&x.nodeName(1===t.nodeType?t:t.firstChild,"tr")?e.getElementsByTagName("tbody")[0]||e.appendChild(e.ownerDocument.createElement("tbody")):e}function Ht(e){return e.type=(null!==x.find.attr(e,"type"))+"/"+e.type,e}function qt(e){var t=Et.exec(e.type);return t?e.type=t[1]:e.removeAttribute("type"),e}function _t(e,t){var n,r=0;for(;null!=(n=e[r]);r++)x._data(n,"globalEval",!t||x._data(t[r],"globalEval"))}function Mt(e,t){if(1===t.nodeType&&x.hasData(e)){var n,r,i,o=x._data(e),a=x._data(t,o),s=o.events;if(s){delete a.handle,a.events={};for(n in s)for(r=0,i=s[n].length;i>r;r++)x.event.add(t,n,s[n][r])}a.data&&(a.data=x.extend({},a.data))}}function Ot(e,t){var n,r,i;if(1===t.nodeType){if(n=t.nodeName.toLowerCase(),!x.support.noCloneEvent&&t[x.expando]){i=x._data(t);for(r in i.events)x.removeEvent(t,r,i.handle);t.removeAttribute(x.expando)}"script"===n&&t.text!==e.text?(Ht(t).text=e.text,qt(t)):"object"===n?(t.parentNode&&(t.outerHTML=e.outerHTML),x.support.html5Clone&&e.innerHTML&&!x.trim(t.innerHTML)&&(t.innerHTML=e.innerHTML)):"input"===n&&Ct.test(e.type)?(t.defaultChecked=t.checked=e.checked,t.value!==e.value&&(t.value=e.value)):"option"===n?t.defaultSelected=t.selected=e.defaultSelected:("input"===n||"textarea"===n)&&(t.defaultValue=e.defaultValue)}}x.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,t){x.fn[e]=function(e){var n,r=0,i=[],o=x(e),a=o.length-1;for(;a>=r;r++)n=r===a?this:this.clone(!0),x(o[r])[t](n),h.apply(i,n.get());return this.pushStack(i)}});function Ft(e,n){var r,o,a=0,s=typeof e.getElementsByTagName!==i?e.getElementsByTagName(n||"*"):typeof e.querySelectorAll!==i?e.querySelectorAll(n||"*"):t;if(!s)for(s=[],r=e.childNodes||e;null!=(o=r[a]);a++)!n||x.nodeName(o,n)?s.push(o):x.merge(s,Ft(o,n));return n===t||n&&x.nodeName(e,n)?x.merge([e],s):s}function Bt(e){Ct.test(e.type)&&(e.defaultChecked=e.checked)}x.extend({clone:function(e,t,n){var r,i,o,a,s,l=x.contains(e.ownerDocument,e);if(x.support.html5Clone||x.isXMLDoc(e)||!mt.test("<"+e.nodeName+">")?o=e.cloneNode(!0):(Dt.innerHTML=e.outerHTML,Dt.removeChild(o=Dt.firstChild)),!(x.support.noCloneEvent&&x.support.noCloneChecked||1!==e.nodeType&&11!==e.nodeType||x.isXMLDoc(e)))for(r=Ft(o),s=Ft(e),a=0;null!=(i=s[a]);++a)r[a]&&Ot(i,r[a]);if(t)if(n)for(s=s||Ft(e),r=r||Ft(o),a=0;null!=(i=s[a]);a++)Mt(i,r[a]);else Mt(e,o);return r=Ft(o,"script"),r.length>0&&_t(r,!l&&Ft(e,"script")),r=s=i=null,o},buildFragment:function(e,t,n,r){var i,o,a,s,l,u,c,p=e.length,f=dt(t),d=[],h=0;for(;p>h;h++)if(o=e[h],o||0===o)if("object"===x.type(o))x.merge(d,o.nodeType?[o]:o);else if(wt.test(o)){s=s||f.appendChild(t.createElement("div")),l=(bt.exec(o)||["",""])[1].toLowerCase(),c=At[l]||At._default,s.innerHTML=c[1]+o.replace(vt,"<$1>")+c[2],i=c[0];while(i--)s=s.lastChild;if(!x.support.leadingWhitespace&&yt.test(o)&&d.push(t.createTextNode(yt.exec(o)[0])),!x.support.tbody){o="table"!==l||xt.test(o)?""!==c[1]||xt.test(o)?0:s:s.firstChild,i=o&&o.childNodes.length;while(i--)x.nodeName(u=o.childNodes[i],"tbody")&&!u.childNodes.length&&o.removeChild(u)}x.merge(d,s.childNodes),s.textContent="";while(s.firstChild)s.removeChild(s.firstChild);s=f.lastChild}else d.push(t.createTextNode(o));s&&f.removeChild(s),x.support.appendChecked||x.grep(Ft(d,"input"),Bt),h=0;while(o=d[h++])if((!r||-1===x.inArray(o,r))&&(a=x.contains(o.ownerDocument,o),s=Ft(f.appendChild(o),"script"),a&&_t(s),n)){i=0;while(o=s[i++])kt.test(o.type||"")&&n.push(o)}return s=null,f},cleanData:function(e,t){var n,r,o,a,s=0,l=x.expando,u=x.cache,c=x.support.deleteExpando,f=x.event.special;for(;null!=(n=e[s]);s++)if((t||x.acceptData(n))&&(o=n[l],a=o&&u[o])){if(a.events)for(r in a.events)f[r]?x.event.remove(n,r):x.removeEvent(n,r,a.handle);u[o]&&(delete u[o],c?delete n[l]:typeof n.removeAttribute!==i?n.removeAttribute(l):n[l]=null,p.push(o))}},_evalUrl:function(e){return x.ajax({url:e,type:"GET",dataType:"script",async:!1,global:!1,"throws":!0}) -}}),x.fn.extend({wrapAll:function(e){if(x.isFunction(e))return this.each(function(t){x(this).wrapAll(e.call(this,t))});if(this[0]){var t=x(e,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&t.insertBefore(this[0]),t.map(function(){var e=this;while(e.firstChild&&1===e.firstChild.nodeType)e=e.firstChild;return e}).append(this)}return this},wrapInner:function(e){return x.isFunction(e)?this.each(function(t){x(this).wrapInner(e.call(this,t))}):this.each(function(){var t=x(this),n=t.contents();n.length?n.wrapAll(e):t.append(e)})},wrap:function(e){var t=x.isFunction(e);return this.each(function(n){x(this).wrapAll(t?e.call(this,n):e)})},unwrap:function(){return this.parent().each(function(){x.nodeName(this,"body")||x(this).replaceWith(this.childNodes)}).end()}});var Pt,Rt,Wt,$t=/alpha\([^)]*\)/i,It=/opacity\s*=\s*([^)]*)/,zt=/^(top|right|bottom|left)$/,Xt=/^(none|table(?!-c[ea]).+)/,Ut=/^margin/,Vt=RegExp("^("+w+")(.*)$","i"),Yt=RegExp("^("+w+")(?!px)[a-z%]+$","i"),Jt=RegExp("^([+-])=("+w+")","i"),Gt={BODY:"block"},Qt={position:"absolute",visibility:"hidden",display:"block"},Kt={letterSpacing:0,fontWeight:400},Zt=["Top","Right","Bottom","Left"],en=["Webkit","O","Moz","ms"];function tn(e,t){if(t in e)return t;var n=t.charAt(0).toUpperCase()+t.slice(1),r=t,i=en.length;while(i--)if(t=en[i]+n,t in e)return t;return r}function nn(e,t){return e=t||e,"none"===x.css(e,"display")||!x.contains(e.ownerDocument,e)}function rn(e,t){var n,r,i,o=[],a=0,s=e.length;for(;s>a;a++)r=e[a],r.style&&(o[a]=x._data(r,"olddisplay"),n=r.style.display,t?(o[a]||"none"!==n||(r.style.display=""),""===r.style.display&&nn(r)&&(o[a]=x._data(r,"olddisplay",ln(r.nodeName)))):o[a]||(i=nn(r),(n&&"none"!==n||!i)&&x._data(r,"olddisplay",i?n:x.css(r,"display"))));for(a=0;s>a;a++)r=e[a],r.style&&(t&&"none"!==r.style.display&&""!==r.style.display||(r.style.display=t?o[a]||"":"none"));return e}x.fn.extend({css:function(e,n){return x.access(this,function(e,n,r){var i,o,a={},s=0;if(x.isArray(n)){for(o=Rt(e),i=n.length;i>s;s++)a[n[s]]=x.css(e,n[s],!1,o);return a}return r!==t?x.style(e,n,r):x.css(e,n)},e,n,arguments.length>1)},show:function(){return rn(this,!0)},hide:function(){return rn(this)},toggle:function(e){var t="boolean"==typeof e;return this.each(function(){(t?e:nn(this))?x(this).show():x(this).hide()})}}),x.extend({cssHooks:{opacity:{get:function(e,t){if(t){var n=Wt(e,"opacity");return""===n?"1":n}}}},cssNumber:{columnCount:!0,fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":x.support.cssFloat?"cssFloat":"styleFloat"},style:function(e,n,r,i){if(e&&3!==e.nodeType&&8!==e.nodeType&&e.style){var o,a,s,l=x.camelCase(n),u=e.style;if(n=x.cssProps[l]||(x.cssProps[l]=tn(u,l)),s=x.cssHooks[n]||x.cssHooks[l],r===t)return s&&"get"in s&&(o=s.get(e,!1,i))!==t?o:u[n];if(a=typeof r,"string"===a&&(o=Jt.exec(r))&&(r=(o[1]+1)*o[2]+parseFloat(x.css(e,n)),a="number"),!(null==r||"number"===a&&isNaN(r)||("number"!==a||x.cssNumber[l]||(r+="px"),x.support.clearCloneStyle||""!==r||0!==n.indexOf("background")||(u[n]="inherit"),s&&"set"in s&&(r=s.set(e,r,i))===t)))try{u[n]=r}catch(c){}}},css:function(e,n,r,i){var o,a,s,l=x.camelCase(n);return n=x.cssProps[l]||(x.cssProps[l]=tn(e.style,l)),s=x.cssHooks[n]||x.cssHooks[l],s&&"get"in s&&(a=s.get(e,!0,r)),a===t&&(a=Wt(e,n,i)),"normal"===a&&n in Kt&&(a=Kt[n]),""===r||r?(o=parseFloat(a),r===!0||x.isNumeric(o)?o||0:a):a}}),e.getComputedStyle?(Rt=function(t){return e.getComputedStyle(t,null)},Wt=function(e,n,r){var i,o,a,s=r||Rt(e),l=s?s.getPropertyValue(n)||s[n]:t,u=e.style;return s&&(""!==l||x.contains(e.ownerDocument,e)||(l=x.style(e,n)),Yt.test(l)&&Ut.test(n)&&(i=u.width,o=u.minWidth,a=u.maxWidth,u.minWidth=u.maxWidth=u.width=l,l=s.width,u.width=i,u.minWidth=o,u.maxWidth=a)),l}):a.documentElement.currentStyle&&(Rt=function(e){return e.currentStyle},Wt=function(e,n,r){var i,o,a,s=r||Rt(e),l=s?s[n]:t,u=e.style;return null==l&&u&&u[n]&&(l=u[n]),Yt.test(l)&&!zt.test(n)&&(i=u.left,o=e.runtimeStyle,a=o&&o.left,a&&(o.left=e.currentStyle.left),u.left="fontSize"===n?"1em":l,l=u.pixelLeft+"px",u.left=i,a&&(o.left=a)),""===l?"auto":l});function on(e,t,n){var r=Vt.exec(t);return r?Math.max(0,r[1]-(n||0))+(r[2]||"px"):t}function an(e,t,n,r,i){var o=n===(r?"border":"content")?4:"width"===t?1:0,a=0;for(;4>o;o+=2)"margin"===n&&(a+=x.css(e,n+Zt[o],!0,i)),r?("content"===n&&(a-=x.css(e,"padding"+Zt[o],!0,i)),"margin"!==n&&(a-=x.css(e,"border"+Zt[o]+"Width",!0,i))):(a+=x.css(e,"padding"+Zt[o],!0,i),"padding"!==n&&(a+=x.css(e,"border"+Zt[o]+"Width",!0,i)));return a}function sn(e,t,n){var r=!0,i="width"===t?e.offsetWidth:e.offsetHeight,o=Rt(e),a=x.support.boxSizing&&"border-box"===x.css(e,"boxSizing",!1,o);if(0>=i||null==i){if(i=Wt(e,t,o),(0>i||null==i)&&(i=e.style[t]),Yt.test(i))return i;r=a&&(x.support.boxSizingReliable||i===e.style[t]),i=parseFloat(i)||0}return i+an(e,t,n||(a?"border":"content"),r,o)+"px"}function ln(e){var t=a,n=Gt[e];return n||(n=un(e,t),"none"!==n&&n||(Pt=(Pt||x("