From e4b60ca7ddfada2ad66e3dc706a6d4c885f5ca9a Mon Sep 17 00:00:00 2001
From: RajkumarMondal <rajkumar@maintenanceconnection.ca>
Date: Mon, 12 Oct 2015 23:51:32 +0530
Subject: [PATCH] Fixed bug. Internal redirect was hard coded, changed to match
 quality of other providers and remove hard coded paths.

Is now able to operate with controllers not named "Account" with any view/path instead of the previous hard coded path.
---
 .../ArcGISOnlineAuthenticationHandler.cs      |  39 ++++++++++++++----
 ...-OwinOAuthProvidersDemo-20131113093838.mdf | Bin 3211264 -> 3211264 bytes
 ...nOAuthProvidersDemo-20131113093838_log.ldf | Bin 1048576 -> 1048576 bytes
 3 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/Owin.Security.Providers/ArcGISOnline/ArcGISOnlineAuthenticationHandler.cs b/Owin.Security.Providers/ArcGISOnline/ArcGISOnlineAuthenticationHandler.cs
index b9f9ee1..a5c71ce 100644
--- a/Owin.Security.Providers/ArcGISOnline/ArcGISOnlineAuthenticationHandler.cs
+++ b/Owin.Security.Providers/ArcGISOnline/ArcGISOnlineAuthenticationHandler.cs
@@ -34,6 +34,7 @@ namespace Owin.Security.Providers.ArcGISOnline
             try
             {
                 string code = null;
+                string state = null;
 
                 IReadableStringCollection query = Request.Query;
                 IList<string> values = query.GetValues("code");
@@ -41,18 +42,34 @@ namespace Owin.Security.Providers.ArcGISOnline
                 {
                     code = values[0];
                 }
+                values = query.GetValues("state");
+                if (values != null && values.Count == 1)
+                {
+                    state = values[0];
+                }
 
+                properties = Options.StateDataFormat.Unprotect(state);
+                if (properties == null)
+                {
+                    return null;
+                }
+                // OAuth2 10.12 CSRF
+                if (!ValidateCorrelationId(properties,logger))
+                {
+                    return new AuthenticationTicket(null, properties);
+                }
+            
                 string requestPrefix = Request.Scheme + "://" + Request.Host;
                 string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath;
 
                 // Build up the body for the token request
                 var body = new List<KeyValuePair<string, string>>();
+                body.Add(new KeyValuePair<string, string>("grant_type", "authorization_code"));
                 body.Add(new KeyValuePair<string, string>("code", code));
                 body.Add(new KeyValuePair<string, string>("redirect_uri", redirectUri));
                 body.Add(new KeyValuePair<string, string>("client_id", Options.ClientId));
                 body.Add(new KeyValuePair<string, string>("client_secret", Options.ClientSecret));
-                body.Add(new KeyValuePair<string, string>("grant_type", "authorization_code"));
-
+                
                 // Request the token
                 var requestMessage = new HttpRequestMessage(HttpMethod.Post, Options.Endpoints.TokenEndpoint);
                 requestMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
@@ -104,12 +121,8 @@ namespace Owin.Security.Providers.ArcGISOnline
                     Request.Host +
                     Request.PathBase;
 
-                context.Properties = new AuthenticationProperties
-                {
-                    RedirectUri = baseUri +
-                    "/Account/ExternalLoginCallback"
-                };
-
+                context.Properties = properties;
+              
                 await Options.Provider.Authenticated(context);
 
                 return new AuthenticationTicket(context.Identity, context.Properties);
@@ -146,7 +159,14 @@ namespace Owin.Security.Providers.ArcGISOnline
                 string redirectUri =
                     baseUri +
                     Options.CallbackPath;
+                AuthenticationProperties properties=challenge.Properties;
+                if (string.IsNullOrEmpty(properties.RedirectUri))
+                {
+                    properties.RedirectUri = currentUri;
+                }
 
+                GenerateCorrelationId(properties);
+                string state = Options.StateDataFormat.Protect(properties);
                 // comma separated
                 string scope = string.Join(",", Options.Scope);
 
@@ -154,7 +174,8 @@ namespace Owin.Security.Providers.ArcGISOnline
                     Options.Endpoints.AuthorizationEndpoint +
                         "?client_id=" + Uri.EscapeDataString(Options.ClientId) +
                         "&response_type=" + Uri.EscapeDataString(scope) +
-                        "&redirect_uri=" + Uri.EscapeDataString(redirectUri);
+                        "&redirect_uri=" + Uri.EscapeDataString(redirectUri) +
+                        "&state=" + Uri.EscapeDataString(state);
 
                 Response.Redirect(authorizationEndpoint);
             }
diff --git a/OwinOAuthProvidersDemo/App_Data/aspnet-OwinOAuthProvidersDemo-20131113093838.mdf b/OwinOAuthProvidersDemo/App_Data/aspnet-OwinOAuthProvidersDemo-20131113093838.mdf
index 0961ca784a28222be15d363238a999f850c018a8..ca288e8ea4931136ba0ee11d576dfe38f966c5bb 100644
GIT binary patch
delta 3597
zcmcIm4Nz3q6~6bq-R1FsWtYca*kyUZhMxr#5cx5tF2u$*?Ib7!tM%srku)YM!Dx&+
zu#R?_q^W~3cuZR}=$JNXJDnJnhfPu-)6Ot$hMF<sA5k|})YNGMZ8X*~&~xwGx83Np
zGo4B9&iBsQbH97;Ip^MY-wgzQPXi1`XtA1noDf10X4^3K%U|s-`(uvYqS6&Kn|044
zg4xTZiciB%$hiJ-HeE24ZrZ9i!+30e@4fBlO4T)0xDZ44gTFwypK5w%fiRoW*YqQW
zLXnK-&@68DR0wi0cND<!F;R}rZC$v@aHI+GGL`i;tA)2y(p03dII5$lTmJqN*mZ(t
zcWVJb*8*byN?#tCi-Z}HJv|F0%T+}TAVh@OF3q>iGv)}1gO1oz;v{opiobBdp(~=N
zh-qdKYy|7!C5MGBY8H+KyWx5_o%tFeFqt2p45e4aJ@%10LIU%Q8Aj^h(7j>+{(Mbz
zByA7R>Iyr^r7(F-%%xjkze-DbPvutc`I#eIEJtsq!NI2YvvCy7_=Mwo9T}N^7E0nB
zp`8CxDE^C9I}H5Dx)HQbtnskvQ&F+jVqmp!{HnN>2jnbcF0nmp2+{=;*F>*UNWMun
zl2zmpvX(qWp1|iSnEt6FCodLxcXjb?;%6Qx>&Fm7uV9EnEX26~86vBe9AH85YC+GZ
z;?`aD5|0hezi5?W*E5IMw(!85`J{%-CKY5BDMwjJX7jMT5;E@Shzg4J5~>f4iNzMZ
zezUkug#KwURjzf$Cy1#B?Vl;|;k4Mux8NqES{Ogv{-HhgH?}>FY8IKs%_nonGO~y?
zlhrU;t_<sb!BS3pLl#-@5G{_o2p_;-May2$1k20aFW4*ytNwz`_TqCsjj}gJqajxX
zO12$T#OnwiElSp2+PH4Lu{i^_r(E__b2~D=uzTByZ7{J+9EZAnwja><yWiMn)8E(^
z)727rE5E_L7>_xw<$26kuO=naV^B6`E$Z!)?5IBdLy4)j-jF2W-~FvN{x_D@f#Db&
z`n8+}>IrKyqsdmZG1w`nK`9kNPYS#Pc2Y?a;wj9%U-E*sT(UvCAldX0Drug`3toUD
z&35_yCAW<HRB0rJDv;eF6hSCovPC9WVEDS?0`;ciFgncHk-SK9!J8d|(E+0c7`_6N
z|3v!KNo$zSUQvd0a2856G#wVU3u!Q;M@r`IU~3^C#jR?CWP!dy$%Ag_IZXM@H8u;J
zH4Oh^!!eo-IQ$`>lw;~U4E<2Clm=QT&H~T0nGv1#NfRb5R3t46>w06c^kG9}k!G9K
zK>4mzv^%`u(t$Xd0K<<;MbOiT1!3m^LjvsjTrq6$n+7a+0)_e=l8>{X^SUC@M_{r6
zgH2=t*KHQ&%3Q#*M$9z<7Z_6*YQkItjhJiL(EcDA>Tf6!!$cz{`F+F3&<!PrE;saB
zO#cozpFl6KK8l<H7G(_z46H^Nz+KU1^MTfcn`^)rQvbAoN8?Q;V!+wiI37vQP4pMm
z`yLZ4Fv`{%huh%c#Tf7cPV2@cL&WMcdgNO(BgM;zD&A+-b7zg>4ax7MQUQjK%9+sq
zk!%P1DH*+;k|k<^#i!&N6uS(O{g&*4SI^20C_Rmw+Xe@%Y2ZFB=OB^mO@@wxT=4Q~
z*<(0x!Kk4(KPM=A&d7PDx$X?7G@s#9tve~F>2IBpW%{L{uAY_cXsG=K&Q<!6oSc}#
zlA-MD#2|E+jmd~OL_8uvFB`LuU-Iq8bB~Y%vER$+WORgzU`GdgHOw}5c;l6DF%tXl
zu~qV;0~{w4ixbO89eI$<$0PIsQc9}y?AoNqE&9;;#8N7xW^_+nNJKbb;)1g}Qs+$5
zFUrfwE50yXhn)R`zJr7vWoq1Br59y%Jkj6sB`aP!Y7FX2%1~k*#6^sd=w4?EY(AWn
zrH2kC(Kz_+?~>Yt&5EuLCf(M&Zr4foD^YIQ`OMP%IeQhb&FQ$j)^MvTH`2g9Q^|p?
zKBWNSE0h6R4bD=f`L1Id@Yt3>D?{#RF>)WSMDDj3cL``!isQ}!ALvchN}g!hnbDLU
z^eaJsa?qa=^rr^>X+b|)?g{!cf__)O-<_)Y7V+h&lQUArF}~<>M1NPVR)4Y}Tn_h=
zWW09dhs)7?#QjjhUF-9J3@ZlRslu^j{h2}c5jC<d9$p3G5kK0ykom-8$eo27D-d#T
zL2*0e{v5@ekKJBKzvx~}h3@u?ZbT-+gUCXth-|(6VovY7_Z{F-qfckpxj>pwyOk*j
znV656(g@nZtH623YJU6&WBR__w_#CVZdzCCvkiD_A|#&p7TU;@{CAifCVwKW_zkVV
zPk1$H<9Z4Ht0HB%ADLE;zZ%qPu)h^i!r4{GtwLKBGRlxqjamy{1uF4Zj<OA{Yz+Hx
zKi|c{t=Lt9)KzF~My-<Dn3GBzT#CKSE$i#Rp2zXBv!1NPOV2v4uO(_Y<8l3h=AF(I
z3aLIdm>Z+s*J4(Q)q^#GX!v}`<EL3sRT@HD^m|#LPVWpaQf><@4duqK$sw!%>-1k$
zoiGaCF0nL*J)%ZN^y%qbTT~wA_7w1nLrABmlV(Td!B*R3Fi+#LiLV=ZsNQX`RP`oy
z6_Q%=Jc1Q+0r@s*AZqjt^6Sn~W?}Kh*J?XU@`^q^&x=V$w)B4%s|Be$Jez3l9ZB*H
zYxp65>08N97tl0sCoI*x_O7)gi0OSboA>`ORpfTaQ+(bdTq505U0%e!h&)6-q5x5d
V@F9v2#fTEb48%-*s;g88{2N_{PV@i(

delta 2376
zcmZuyeQZ-z6z_d~?QY-7Soca>*3z$Suyqw?V0;Le2Y;XvqnqnCXC^C%#4qAlz{rQQ
zL}&x?V+7_=60j=F1dz{dcZ81(VgfM=B;bIKkFp>V6UdY}CL(xlU*D{T+y34;@4Rz<
z_ndR@yDt*?jzl=xNziMp)9G{sp^asIcXn=^b==Puc*#8C<BtXWWezXisCJ$13cKbb
zPd#vW(Do7Xm@*tc@NYbhR9+VL3Rkm89F$^VCTU>J#X>nD+gN*vP%5E0IWc8+PZFfy
zFi}<p(dDHl-&Kjif>|PzEq+5dG|H~cNi$qm-kt~>&JtfN91&PJqVH@dDbmeAhl4pD
z3lHG6a#@Z_9!hO|zb6KjMe>*p6(S2K_1(GbM4!G$WCL;9BtiQ_y^Wej{A%8o(`JTq
z5A~r`qU(@E)EH2nR@jd`(T=bv5onwu_kz1zrtC>U3=r0&7jskA8*H9I^pn_nqlhrD
z^+w}|%L5H$3R1j7esE4gspUBumCOP^tlsHVdl50d<=hxMyAoPt@)syujIYIZY%#JO
zTe6xLq_UfZp_?<Zo9axA<)N)%Y9(Fpc%PxPHBNI-U9y&P)!3S(6mP$L#hAJ^@!B}L
zVBapu4&Ji{D|eF&Xyd>ly-{j|<eNh30enm-6)1rjGif1&U#3QA6sVD%BsA<EUfN=e
z)W(gjp3Q1GUV1VMauS9hB*$T#k}yn4X(nwl3;153PT1Qd<f<;GiYbM|2?K?pJF*oX
z^cvI$Ccbw#Y+xy&(})c!8wERzZ=qH-a8(Hgp1X+dVN4IaRaAs{33U?-kjq%--o-`{
z5~|@(&R~IK%aCDifciCkjjHbpQagl`*&-}mq~&!XKnFCpWGSsr>ns$c=c<NR<`b<2
zD36$YU!)h6ew9tkaIBh^LQ9AmP5jm4FvEtsvTB3fRoG=Sfr>RWkn)1&KV%BmUlkm1
zW;RyIBOyd+E(}%S#XC{6)rW9_&A7l=O-~J$9SLFCX+z^2G*k@A!-jzn*839tR)sb8
z49b2|uj==>J{K&nBg@um^kF>VX(%wqX#&GtvB(&Ja1CxQriN535v)))Bo7;Kb{?0?
zq-6;C(t3QMAi}938P}!;i+HXU6P}ZDi{SzyOl*9MbZ^3NA43^^+-C44)IRn|hiy=Q
zMKZyW6NW4}(;?+R<0ZW0oR^UGyhMorwdbX2C^o3Vw_kF?)`XM`Wf#!rzUqTkJGd@L
zesoOfHL8w5PS|uoa;pSRIHl_ImkaWz7p1Y9dG<xg4GTBP4)ETQMOcNm_~`9k$<Fp)
zl<)<5RFXFnm}&b7+@KZTNEFI0Nmk=1UMGQ5Pg6%s>5~xI2s2^?Q~GjxuLt6~$>?&!
zWXo^nt_Xh6@dJdvLfSarcDgFvqmiAXnSWN^4v`(bGO~=s2Cj}o<ifyJ%hcii)@p$$
zZ&-Kzt;QxTo!x=2b^OFqvRBBhD76VMp`Lkq5AI%BtOmvN@@4q!K%NJN)>>?A&w)Hs
zHtuccI-0kLdAsxOhYP8*#_@Ru89!lp_HF4;(3*qS>r^tYJZNXVGvu*)R<S}K5k=8<
zT#hREw?>swQN<Qj>`}!LRYpgZ{HWsWR9v=jpfc5??b1Q(&l$7ulrzuq>bo1Kr&D&-
zS$U7POHkkKvazMzu6FNmZ(hVWZ9IE=ekG5=)4=6{Z~I*mtV_C@RLyYBb(;`);+m@v
z9R03ZLSl{mF2opw8{t8C5kA(~?{7Uay+74X<hG>wiLM5<pWG#647Nn;br6+wXHtHP
zi`;E$67hmVQd!#bh`{1q`uZ&XF?-Jr4?G3=%+XVD%k%FvoRANq3*&XN=cLY)4(5A^
zPg#ai8{1dcole(Uut4a@pueKhcQ^`fd0Gtxa&bMz*ge1Kd>M2+YrDpU@^{Pg<tm-G
zaJ7(`ZMT-Kf_#t4b^(Uxd#>vW{zo6opm$rIX;A6Ih0Xt=Kd#cp9Famq5n?Q29HJOe
Wf(Rf=5kbUbi1COC%n>QO`TjpL1$(Uk

diff --git a/OwinOAuthProvidersDemo/App_Data/aspnet-OwinOAuthProvidersDemo-20131113093838_log.ldf b/OwinOAuthProvidersDemo/App_Data/aspnet-OwinOAuthProvidersDemo-20131113093838_log.ldf
index 75f6af2689fbacac42fabff31776a0f31844fda0..b232d0f4c70cc0fc50e09136e5dc9f942c35ec85 100644
GIT binary patch
delta 15080
zcmeG@3v^UPmiN``?sSJF-Jv00AulBS44)842pHuBgW!k~`H0|$1_Tk2Bq$PpbVt^R
zt`14wBn7BD(GgbN9Zw*`5p_r7s0UY9grkgtADT~;aoj!OobfY`$lhD^s{3_tW<0Qa
zc4kj1r{1e~@2z`p-MV$_zUr4q#EeADrV7`|#^xKWlPSiI(C^*(5dhGD;Wb_iY(}tZ
zSfib*JTJTR_hEC&50FVXKzHZNlpjU5%2S!#8JO9l;pOMrhVSz3|1M9%%CPFseV6BQ
zZ5~{W!XioF)d84+?Q5};F0K1|*r{-HWiY&?YM}=K<^$6nJr%~rLygn%ib@-E2(HRS
zI|~IqMrSC@wFz`xp)V&9=KIsKkT5FmJt_M`RMH2Qy@omggjItG1;ijQfPzz7Dl+${
zLO}vJiV_q98L^gVgqBJ{uXIQSltT7Eb7LdF9?88}P3^$FcMZlypt*AJOa*;)Q$Rq~
z^s2j%ftRj|mVVU!U|3vDvVfwac5~%<`ES_(rABC}v=@9mq=|;dtdo_Q;klA+<Px{7
z3qA+1uCS^9utfG!+?15|t53`m#<ICdHgd|T-EQ}Pa(-QcF_jkfy}4>&n3PfMm5qC|
zSA$S+#hy=@pTJ(Jt?o+Q-h9o^q;q_~;qHq!kpfCDH4Y_6Ju3zV0v6an)jk!*m3fg>
zy~-7CdRm&x-Eg;HYg5K<O0HtR`8{^M)A_wkrNXQ|%OoE~uNati!&olyN-dioziqo7
zXs-4ZPqXQi-4vbT1MO0df;U%Y^;d00bNVz6YnY4t2^*ur%0U%g_z6C&gPUMA%z{c-
z3%9`vIAPmX>E83Dy>OMQ+$eS5{6*q|-ub7v&B!Kd?!Mbx^Q_wqVR&eZXvCaF2~Zv#
zQ_ODMu}(5n##VPl_aD7hNZ@z>CgK7a%{eJe_mi>ENg@wQs|8x*T~H(O3~jQQMP+T%
z4m|)P1t@>lG8%!SghVLY_5H2FdzE4#n~&;W;phR)mnV^nr70qpZUP0?obZ9KYXuvn
zj-pWZ*=;+E5~J8Fbrn6>5!&~u<foovcUv9R&z8r3U&eg%P89D@@&%b9QZ`URB2|V6
zKW>mVQOZy!GP<G@Liv$077X`xOlQERZmt#5p{PxzHy$7n@3raUD$0If$UDgk0l2Ht
z1uHZd7{Gyf35P(jr+vHZooAaXGyF60SrrC{t;&}&v*&zpzczLoKzT3jhpoEmMft7X
z`}QS2zHxoq6*p}7ov_zMLTU)v(2jnX@1Nkx)D~DLcaG)dqxC(Vrz`ce91ZToVIh6M
zK*AM*7<WG3!V|o1yB@U0{>nX>Fd?jr*a*+w00%}O02$MczXWRrRs(AYE9obd<*Uc&
zOU_EQKc*JWFhxOQY4D&!$y!^)`Y-mrg0?ECb_iAqHrNW-O7ZIpv|O#6*A?q$XQ>2r
zJn)()ZnJt@oqglh6rMSCQ89H_+f#QbnZ{9~yskvQU}*2TtAWu-B<D}EXAtH4OZ4E-
zJVZQzTwH<+?ezf3+Q%3oJ@7I9p`8GD<wX5uE4s+YUXFk&n2b5oY*-8{@jgpLRnyvW
z!yqfPsGWZ>K~LeIPtbEx4WuP$G|f?-UaDt~CrNHGpIL}d%6l=#aAD0r2s$zJ1Ew+U
z2K>V(UQ?>)yQd;~IjND23Of~W4ojDU%5Yc)(o5Oc5Gf1|t6L1K8@dr@4{NMuT9wOQ
z?C0Rg>&o=~{QPn~IdL2=!G3YM9-L?(17ffLg|V29v8>Wo(O9gpbMxJ^vEK|al<~cX
zB0Y~7(+Z1<rO^OtvJHgSOV7KMFD}qBeId_o_eMR+x~%-pPg+tJ@0{^Xl5lfv&1!V>
z5zu5nv094}!4}}Ew<{KiwKxU=Au#YtX@U@jcYronYrB_t6qnyHbgh+okOwOCa;v?~
z!=Ih3C%YfUDfIGRPuAZOO&@>w0=t>SudC4acns_v0e=34`kSi#t)u<sMfw;mnK!(|
zTCLT~J&I)OlsNfHQ{O9?kKh+p>U(^WBhIGvpDW@|{j6W#RHOy1{H>d;`jsg$sub(t
zl@dO@txCTw22ZuFyIIj^t%}p9S)*4;`2B5{=mTQ(e(My%vjqR$x5ViK*4wuz_{P<7
zc)Io2YRM<FZHE32F+TmRTWXZt5w&sppmkxbgs*G+iC!3^A7G`{Df&0+Qj~$d{R!Gl
zj&}2!IF}6TmurfAK`~<hrgdbErFv|g=`iW#`kOHc+18-7v3W|K<-p`xAID_ZuZzik
zrrJR>$hxjx>Nme_wq6zEI@lV0M~rLEoVe`I9qkw9#^Ddni?<hE<&aQlrLNy2Vo3zY
zH54n3YyGQgTyI|OpdD`A6It3a)qKuesCQ`1)q$N;ds2DNHG1GY3i`P6XlE)mkjZAO
z6o1zLwzdPKtkrX;*LvpOKu~Up#fXum&+*UN@wFM&{+0Jw*VlMrZt>ULzxnCf0>>`>
zf@7C%$N8WMtDEpxf1I$AjUsYIY$)EaY>7oK1D_&THTaDPY#4ke<Ez13-ZaGJ()vP{
z9m@Vp$U2Le%imh#NU)OOXG!sl<|#1|00-Mnjk2@ArgZIy$Yj=hDOX%!eE&gefFrza
zHY*E*CSOL}0}<9ctr3KfB^*J@U~ok6c^4;MW;EcyQz9bq4<kMR?qmqCq*14G6J*OY
ziTLSYs1A%#&Y;01P=<F(nm)qn0zRxm8{($^jMqKn3N}|KS)p1N|Hp&ch_tClUIis^
zF%-i@;Q4d3;N<zA7rgY*E~FPFE{l>2sT<SRBTmDl#l$;_%0|C;1OKlMEl*>7%pq;e
zf<)F{!0aLggl?#b3zGkJ`yU$WuED;d#KpMdVi>X3AP4B(joPIsroVOhdxnc_!e5!G
z6_rlOPZ<K!1rxl)`FI?BS`ni`Ee_GPjCJL^1#V$izW76J__!kjIwR9D*>N&RiZjqB
z2nI!(Vvud^f7h@Xq|Ma^hg-(K?KVFr22|o&cw<al38OKPiYCy5dVv_920@Vpdhoi1
zrHj`K07HWz5JnmXh0w{uXhm6)@V3_WObz(b8unPW;DuQumN%wibeSTW*tWEp5#H0r
z0{u5g5ail?3N-%HEv%s5U3Qkd8ce=pyk5Y+ehpt9!kp#nB>+})^=JXfAwM#ShlXG>
zD!vC*NJIKBW`oAXXQMxo%4{*w@f%`l8`$|NnJpHI)UCPN<sXscbv5Y$eItu%S=tFJ
zuXB#IkZ163D)o34@pqG1okN(KwXzHoWEZ@l$HP>IZSs!hZPjPKcpVkt>J!^3N@=Pb
z<tVSKVrRa1(aW=nK$1O!qkR8^Yyf#36+>L5OA`gfsH1|pa_J1=z(hw=?Gs)>OV;Vq
zUuw#wL$*ts<kJ3LF0Hgj+5EkKVvlMjulqU6^i`reV{Mv>TV%a(<@9kVfyz30gD_9$
ztS~qdrorv74E=dEtP-bb%lLZEhJ<}ccLoZ_0$>scjqpPCjEWtzt1?gnQ7A~`OO%LS
zG$<Lp?tb-)?SFceo}`b*OeYM}0BRftQb-(MTA*cUrNYsNP*_-@_dplMU0HM(fDJlR
z$dJpaFRb*173+T^`=PVA#IUj(y^h>{ME^q{oEcV*C4`kS;owMYmt%iDtVs3@j)}0s
zQx9rMVMBD6L51)XRE`PODyU?|f(or4d5qCJsGN)im8cz5x+tjh`}09Xh{gT#<{H+X
zMiE7Al99^TCYe4~PyyU(-|rHUC4D$df>M|O<1t|>#Z0DD#uYD8^+Moa08Hww5!Mk^
z@a0YviYl%%qRQTvzq_ma>BPtqv!1X{Vq_s4owH<VWqom_FI_=zMu#|ugP?OrS4@-Q
ziU*!_q$^#h4aJqtU6+3qf2%q!;z<MBD312)g<B($U5;CIuT4om<2?$G4+n<V=L|x2
z8k|0T6;jg+!6<x226&aBqzhqmFnL^XWlYj*K=cOIF07JX96@0}Dmom*YYy(dwU90#
zfu-x@@8c<O{*@lMS^R}Np%dPMrFg770RuoeEEnz3_%sp5;Z9Di68xKltx1SqigmQ0
zo`|#)5jGJi#vw&Hww7QZDZ{@Kye~&6^`Sq>XDRkBL0CDaGLw+UXeg^d&{BMuh@F-o
zSqZk53*;Jv--x-+t*{7lo*HVKtHnU*B8<UD-ORFl?eAPXVJ@Ajl0A#o=j5RU$etkt
zkv+*?n33Q$ZcjS1KF*t0;*UoLl5}Ck=!GQN*rGcXT^u&&VC#0YFT<CXm8kR&=!IF?
zSsO4*3_fl_AsH{ndC|=*d)(0HXTLM8gK{^DvNA90!dBcN8sJ{r?F@u>$#;)>_3n{w
z>LFIl;#pZ=Q0;pML_djO{l5&VNpOWL{toyCYD0@|`Y-Og^~_|gTLjnbwwJeyFo?u<
z>89X%=^4S*UhI-HgKp8w^@G6^R~8DF!SgNt$9k4~-Em}YAdr;mMpT(-SD*bdcdl|?
zcL%=x*<ov<2wS)f<O>m}PhX27)i#hRG>~D7MnV~-90_BRUVcYqAdc{IBy?yeG#3yP
zuN1>-F~T8UhmrVm+yhuCkWGh6VGbA&cDz~s&&N3D;4!|dB1a+;#z6oS<4|n|E;>nj
z>Yf9kne8(AD+?9a7FvP~l!Zq1vJf5U*%s0zy(WIxHn0y_2+uW<OD?wJ7Wx@J<iPBA
zZWrd6i_yIC%!v-4<&KzW=O1Hc(v6B7hI~oiF?*8JI=?I$`>SUU6Or5z61}_uOvjG!
zhS(8i^<FmWfbN9e!@5|P)}+yUJH4yJk2#>@i)z^8eTQ>@b3c2YOSb#Z9JAdi@Kp(z
zxDo;edcr=exL)9^XBJJvz|2d=xQ1yVYe8GCFKWl(Zhp@bY^47ppwn9eYXqy8x9(-}
z-w){+O5<DhvOMi^tM116Et@a#Pl<IPA&i&qvpdiu%Eu0q_OUz`(s<5i?9to`K~L+x
z5;dBScU4TDe}KIxeypUv9;`0@!24_+4}8Q--u_z_@KK+u5ux#s2ib6|{zkLq(Q01%
zK9dKq)GvwO_ddIe`dkvcL1>_a(KnEcXCGk0@rQth57;9<10g2XWIpsDE7Dy2%7g5Y
zfdnN^^!cT29ekJ74&ks}JpYj0k0?_3>xV?Y{fAkre}#}{Ae?Ziy!AtYLrJavn-Xwo
zeA!2Yv+5pi^{-4o`FZKbqTAw+9fAVf{fU5%`@{iF=LaP8$T1XgO9G$%eB0r;_|*xx
zAYU65;v2SY;>AZC#v8z=9T6D(6rk+@^Z2JGOs|g*JnEQUFAh`V4;&XW5op`XBE0<=
zONmV(?O<r|qsri|{<R5uWbylsvm#!7kkz(4V{o(Ep-DEM*Nr&i5NqOrPaTL1KJ-(z
zCuksVGBfV2Y75}u<t*E(z0u1j%x8D<7Y?xV{4)~t&*iUw#xCI1M_FUGmo^dM>BQzd
z2b-D=g3XGy7g#Z`*6qW6qH^(Ny8Z|ccy)stE<HX{Vx{q$bRAa)-@i}eya&-f<$0TU
zw@)wdq4SE8%E!6&M`C8mM<Aol!?jedd35QQByR}c=Fy7~x}%@o>Mu($UIAa5gt%G6
ztJOa-0awVUc@gL5bzVL0&qGO$PyoH2=lf9ER9@+GXfjM`l4lvWcoCbP?9gU7-<2%1
zdBu+sFG!F$g5TE<ao0#~DiUxb`MeawUB??zY;GpXIiC+rMd)Sx%2bDrWU*M`TAKc1
zY&jYTR~E$On5N?=Joa-Q9=(rk8=x=8_(d^?NXdRhyw#5~b_=a?rzGI$Ra03*u**Zb
zx;?m%%mlizyfj_#Se)*#MKO2xmz?`MpyT)f3Ek1b^4dCBEpG}s+^2+Z3&zy(S0#uU
z&({tRxP~1J7v(@lw+VdOKtxUF>Hm(}4N36mQG8dXep%Zu*zLi>1c#<?)-?WnCQkA;
zjMbUAIvf4768e_$dD;5ESo^kT_+_Y8?z)u^%|U_BTg^|m`n3c#C-E-@is$D##yy$8
zo+~<FJPYax9WEd<^99-H+$MkJJV&PrzHE?Q#B05J6E_As#(N<z9gGOmr-xdm<`jj*
zbVg`ASY>GgPlr6DQ4qjy6}rXia!ac5Tx6Jjq1KXm*%MQfcV6+CR{A`VRSBPvNhcn=
zkb~e(8T+!uG!W2(mBf7b`K?36xey;)?;6>+SN^}*EAb<=yp}5#@;eW+A!7e0H~3MT
zW&YN6h4S+nQ@D-u`<icTx9NHCjx<cLM#%4Li1ie#vTTX@tbqWDvrf7Ox1^f%VNEiB
zVlR6^Yzh&?_vKoDo4M9G`A?Gl6*aHhst477T8V$R>buzgch+Z!K10y|ANKjd-=__(
h*BYZqjZtr7)YlkIZjAP8jHWb3QyZgc+oOKtzX7I|Vmkl;

delta 2248
zcmZo@aA;_7m|(*a**ei<GNY5i#)Q|biopyF3`{_X3>1JIh&Tho-OV~ej$E793dAvP
zel6a_0%j4`)yyN&&LhDH#7scUyq!ma<;(o(pVu*oZWeI*z&J{bhQVk$7|jNwMZsuE
sI9d{pmV~G!;cLdW2kdPRINBa?wmsl#d%)fHfT!&NZ`%XDWe@lj0NV6fE&u=k