pax_global_header00006660000000000000000000000064141164163610014515gustar00rootroot0000000000000052 comment=8c533ec6c774350c49ee1393a1e19f88f1840dc2 django-axes-5.24.0/000077500000000000000000000000001411641636100140055ustar00rootroot00000000000000django-axes-5.24.0/.github/000077500000000000000000000000001411641636100153455ustar00rootroot00000000000000django-axes-5.24.0/.github/dependabot.yml000066400000000000000000000002231411641636100201720ustar00rootroot00000000000000version: 2 updates: - package-ecosystem: "pip" directory: "/" schedule: interval: "daily" time: "12:00" open-pull-requests-limit: 10 django-axes-5.24.0/.github/workflows/000077500000000000000000000000001411641636100174025ustar00rootroot00000000000000django-axes-5.24.0/.github/workflows/release.yml000066400000000000000000000017421411641636100215510ustar00rootroot00000000000000name: Release on: push: tags: - '*' jobs: build: if: github.repository == 'jazzband/django-axes' runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 with: fetch-depth: 0 - name: Set up Python uses: actions/setup-python@v2 with: python-version: 3.8 - name: Install dependencies run: | python -m pip install -U pip python -m pip install -U setuptools twine wheel - name: Build package run: | python setup.py --version python setup.py sdist --format=gztar bdist_wheel twine check dist/* - name: Upload packages to Jazzband if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') uses: pypa/gh-action-pypi-publish@master with: user: jazzband password: ${{ secrets.JAZZBAND_RELEASE_KEY }} repository_url: https://jazzband.co/projects/django-axes/upload django-axes-5.24.0/.github/workflows/test.yml000066400000000000000000000033711411641636100211100ustar00rootroot00000000000000name: Test on: [push, pull_request] jobs: build: name: build (Python ${{ matrix.python-version }}, Django ${{ matrix.django-version }}) runs-on: ubuntu-latest strategy: fail-fast: false matrix: python-version: ['3.6', '3.7', '3.8', '3.9', 'pypy3'] django-version: ['2.2', '3.1', '3.2'] # Tox configuration for QA environment include: - python-version: '3.8' django-version: 'qa' # Django > 3.2 only supports >= Python 3.8 - python-version: '3.8' django-version: 'main' experimental: true - python-version: '3.9' django-version: 'main' experimental: true - python-version: 'pypy3' django-version: 'main' experimental: true steps: - uses: actions/checkout@v2 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v2 with: python-version: ${{ matrix.python-version }} - name: Get pip cache dir id: pip-cache run: | echo "::set-output name=dir::$(pip cache dir)" - name: Cache uses: actions/cache@v2 with: path: ${{ steps.pip-cache.outputs.dir }} key: ${{ matrix.python-version }}-v1-${{ hashFiles('**/setup.py') }} restore-keys: | ${{ matrix.python-version }}-v1- - name: Install dependencies run: | python -m pip install --upgrade pip python -m pip install --upgrade tox tox-gh-actions - name: Tox tests run: | tox -v env: DJANGO: ${{ matrix.django-version }} - name: Upload coverage uses: codecov/codecov-action@v1 with: name: Python ${{ matrix.python-version }} django-axes-5.24.0/.gitignore000066400000000000000000000002711411641636100157750ustar00rootroot00000000000000*.egg-info *.pyc *.swp .coverage coverage.xml .DS_Store .idea .mypy_cache/ .project .pydevproject .python-version .tox build/ dist/ docs/_build test.db .eggs pip-wheel-metadata .vscode/django-axes-5.24.0/.prospector.yaml000066400000000000000000000001261411641636100171460ustar00rootroot00000000000000ignore-paths: - docs - axes/migrations pep8: options: max-line-length: 142 django-axes-5.24.0/CHANGES.rst000066400000000000000000000655511411641636100156230ustar00rootroot00000000000000 Changes ======= 5.24.0 (2021-09-09) ------------------- - Use atomic transaction for updating AccessAttempts in database handler. [okapies] 5.23.0 (2021-09-02) ------------------- - Pass ``request`` as argument to ``AXES_CLIENT_STR_CALLABLE``. [sarahboyce] 5.22.0 (2021-08-31) ------------------- - Improve ``failures_since_start`` handling by moving the counter incrementation from non-atomic Python code call to atomic database function. [okapies] - Add publicly available ``request.axes_failures_since_start`` attribute. [okapies] 5.21.0 (2021-08-19) ------------------- - Add configurable lockout HTTP status code responses with the new ``AXES_HTTP_RESPONSE_CODE`` setting. [phil-bell] 5.20.0 (2021-06-29) ------------------- - Improve race condition handling in e.g. multi-process environments by using ``get_or_create`` for access attempt fetching and updates. [uli-klank] 5.19.0 (2021-06-16) ------------------- - Add Polish locale. [Quadric] 5.18.0 (2021-06-09) ------------------- - Fix ``default_auto_field`` warning. [zkanda] 5.17.0 (2021-06-05) ------------------- - Fix ``default_app_config`` deprecation. Django 3.2 automatically detects ``AppConfig`` and therefore this setting is no longer required. [nikolaik] 5.16.0 (2021-05-19) ------------------- - Add ``AXES_CLIENT_STR_CALLABLE`` setting. [smtydn] 5.15.0 (2021-05-03) ------------------- - Add option to cleanse sensitive GET and POST params in database handler with the ``AXES_SENSITIVE_PARAMETERS`` setting. [mcoconnor] 5.14.0 (2021-04-06) ------------------- - Improve message formatting for lockout message and translations. [ashokdelphia] - Remove support for Django 3.0. [hramezani] - Add support for Django 3.2. [hramezani] 5.13.1 (2021-02-22) ------------------- - Default ``AXES_VERBOSE`` to ``AXES_ENABLED`` configuration setting, disabling verbose startup logging when Axes itself is disabled. [christianbundy] - Update documentation. [KStenK] 5.13.0 (2021-02-15) ------------------- - Add support for resetting attempts with cache backend. [nattyg93] 5.12.0 (2021-01-07) ------------------- - Clean up test structure and migrate tests outside the main package for a smaller wheel distributions. [aleksihakli] - Move configuration to pyproject.toml for cleaner layout. [aleksihakli] - Clean up test settings override configuration. [hramezani] 5.11.1 (2021-01-06) ------------------- - Fix cache entry creations for None username. [cabarnes] 5.11.0 (2021-01-05) ------------------- - Add lockout view CORS support with ``AXES_ALLOWED_CORS_ORIGINS`` configuration flag. [vladox] - Add missing ``@wraps`` decorator to ``axes.decorators.axes_dispatch``. [aleksihakli] 5.10.1 (2021-01-04) ------------------- - Add ``DEFAULT_AUTO_FIELD`` to test settings. [hramezani] - Fix documentation language. [danielquinn] - Fix Python package version specifiers and remove redundant imports. [aleksihakli] 5.10.0 (2020-12-18) ------------------- - Deprecate stock DRF support from 5.8.0, require users to set it up per project. Check the documentation for more information. [aleksihakli] 5.9.1 (2020-12-02) ------------------ - Move tests to GitHub Actions [jezdez] - Fix running Axes code in middleware when ``AXES_ENABLED`` is ``False``. [ashokdelphia] 5.9.0 (2020-11-05) ------------------ - Add Python 3.9 support. [hramezani] - Prevent ``AccessAttempt`` creation with database handler when username is not set and ``AXES_ONLY_USER_FAILURES`` setting is not set. [hramezani] 5.8.0 (2020-10-16) ------------------ - Improve Django REST Framework (DRF) integration. [Anatoly] 5.7.1 (2020-09-27) ------------------ - Adjust settings import and handling chain for cleaner module import and invocation order. [aleksihakli] - Adjust the use of ``AXES_ENABLED`` flag so that imports are always done the same way and initial log is written regardless of the setting and it only affects code that is decorated or wrapped with ``toggleable``. [alekshakli] 5.7.0 (2020-09-26) ------------------ - Deprecate ``AXES_LOGGER`` Axes setting and move to ``__name__`` based logging and fully qualified Python module name log identifiers. [aleksihakli] 5.6.2 (2020-09-20) ------------------ - Fix regression in ``axes_reset_user`` management command. [aleksihakli] 5.6.1 (2020-09-17) ------------------ - Improve test dependency management and upgrade black code formatter. [smithdc1] 5.6.0 (2020-09-12) ------------------ - Add proper development ``subTest`` support via ``pytest-subtests`` package. [smithdc1] - Deprecate ``django-appconf`` and use plain settings for Axes. [aleksihakli] 5.5.2 (2020-09-11) ------------------ - Update deprecating use of the ``request.is_ajax`` method. [smithdc1] 5.5.1 (2020-09-10) ------------------ - Update deprecated uses of Django modules and members. [smithdc1] 5.5.0 (2020-08-21) ------------------ - Add support for locking requests based on username OR IP address with inclusive or using the ``LOCK_OUT_BY_USER_OR_IP`` flag. [PetrDlouhy] - Deprecate Signal ``providing_args`` for Django 3.1 support. [coredumperror] 5.4.3 (2020-08-06) ------------------ - Add Django 3.1 support. [hramezani] 5.4.2 (2020-07-28) ------------------ - Add ABC or abstract base class implementation for handlers. [jorlugaqui] 5.4.1 (2020-07-03) ------------------ - Fix code styling for linters. [aleksihakli] 5.4.0 (2020-07-03) ------------------ - Propagate username to lockout view in URL parameters. [PetrDlouhy] - Update CAPTCHA examples. [PetrDlouhy] - Upgrade django-ipware to version 3. [hramezani,mnislam01] 5.3.5 (2020-07-02) ------------------ - Restrict ipware version for version compatibility. [aleksihakli] 5.3.4 (2020-06-09) ------------------ - Deprecate Django 1.11 LTS support. [aleksihakli] 5.3.3 (2020-05-22) ------------------ - Fix ``AXES_ONLY_ADMIN_SITE`` functionality when no default admin site is defined in the URL configuration. [igor-shevchenko] 5.3.2 (2020-05-15) ------------------ - Fix AppConf settings prefix for Fargate. [marksweb] 5.3.1 (2020-03-23) ------------------ - Fix null byte ValueError bug in ORM. [ddimmich] 5.3.0 (2020-03-10) ------------------ - Improve Django REST Framework compatibility. [I0x4dI] 5.2.2 (2020-01-08) ------------------ - Add missing proxy implementation for ``axes.handlers.proxy.AxesProxyHandler.get_failures``. [aleksihakli] 5.2.1 (2020-01-08) ------------------ - Add django-reversion compatibility notes. [mark-mishyn] - Add pluggable lockout responses and the ``AXES_LOCKOUT_CALLABLE`` configuration flag. [aleksihakli] 5.2.0 (2020-01-01) ------------------ - Add a test handler. [aidanlister] 5.1.0 (2019-12-29) ------------------ - Add pluggable user account whitelisting and the ``AXES_WHITELIST_CALLABLE`` configuration flag. [aleksihakli] 5.0.20 (2019-12-01) ------------------- - Fix django-allauth compatibility issue. [hramezani] - Improve tests for login attempt monitoring. [hramezani] - Add reverse proxy documentation. [ckcollab] - Update OAuth documentation examples. [aleksihakli] 5.0.19 (2019-11-06) ------------------- - Optimize access attempt fetching in database handler. [hramezani] - Optimize request data fetching in proxy handler. [hramezani] 5.0.18 (2019-10-17) ------------------- - Add ``cooloff_timedelta`` context variable to lockout responses. [jstockwin] 5.0.17 (2019-10-15) ------------------- - Safer string formatting for user input. [aleksihakli] 5.0.16 (2019-10-15) ------------------- - Fix string formatting bug in logging. [zerolab] 5.0.15 (2019-10-09) ------------------- - Add ``AXES_ENABLE_ADMIN`` flag. [flannelhead] 5.0.14 (2019-09-28) ------------------- - Docs, CI pipeline, and code formatting improvements [aleksihakli] 5.0.13 (2019-08-30) ------------------- - Python 3.8 and PyPy support. [aleksihakli] - Migrate to ``setuptools_scm`` and automatic versioning. [aleksihakli] 5.0.12 (2019-08-05) ------------------- - Support callables for ``AXES_COOLOFF_TIME`` setting. [DariaPlotnikova] 5.0.11 (2019-07-25) ------------------- - Fix typo in rST formatting that prevented 5.0.10 release to PyPI. [aleksihakli] 5.0.10 (2019-07-25) ------------------- - Refactor type checks for ``axes.helpers.get_client_cache_key`` for framework compatibility, fixes #471. [aleksihakli] 5.0.9 (2019-07-11) ------------------ - Add better handling for attempt and log resets by moving them into handlers which allows customization and more configurability. Unimplemented handlers raise ``NotImplementedError`` by default. [aleksihakli] - Add Python 3.8 dev version and PyPy to the Travis test matrix. [aleksihakli] 5.0.8 (2019-07-09) ------------------ - Add ``AXES_ONLY_ADMIN_SITE`` flag for only running Axes on admin site. [hramezani] - Add ``axes_reset_logs`` command for removing old AccessLog records. [tlebrize] - Allow ``AxesBackend`` subclasses to pass the ``axes.W003`` system check. [adamchainz] 5.0.7 (2019-06-14) ------------------ - Fix lockout message showing when lockout is disabled with the ``AXES_LOCK_OUT_AT_FAILURE`` setting. [mogzol] - Add support for callable ``AXES_FAILURE_LIMIT`` setting. [bbayles] 5.0.6 (2019-05-25) ------------------ - Deprecate ``AXES_DISABLE_SUCCESS_ACCESS_LOG`` flag in favour of ``AXES_DISABLE_ACCESS_LOG`` which has mostly the same functionality. Update documentation to better reflect the behaviour of the flag. [aleksihakli] 5.0.5 (2019-05-19) ------------------ - Change the lockout response calculation to request flagging instead of exception throwing in the signal handler and middleware. Move request attribute calculation from middleware to handler layer. Deprecate ``axes.request.AxesHttpRequest`` object type definition. [aleksihakli] - Deprecate the old version 4.x ``axes.backends.AxesModelBackend`` class. [aleksihakli] - Improve documentation on attempt tracking, resets, Axes customization, project and component compatibility and integrations, and other things. [aleksihakli] 5.0.4 (2019-05-09) ------------------ - Fix regression with OAuth2 authentication backends not having remote IP addresses set and throwing an exception in cache key calculation. [aleksihakli] 5.0.3 (2019-05-08) ------------------ - Fix ``django.contrib.auth`` module ``login`` and ``logout`` functionality so that they work with the handlers without the an ``AxesHttpRequest`` to improve cross compatibility with other Django applications. [aleksihakli] - Change IP address resolution to allow empty or missing addresses. [aleksihakli] - Add error logging for missing request attributes in the handler layer so that users get better indicators of misconfigured applications. [aleksihakli] 5.0.2 (2019-05-07) ------------------ - Add ``AXES_ENABLED`` setting for disabling Axes with e.g. tests that use Django test client ``login``, ``logout``, and ``force_login`` methods, which do not supply the ``request`` argument to views, preventing Axes from functioning correctly in certain test setups. [aleksihakli] 5.0.1 (2019-05-03) ------------------ - Add changelog to documentation. [aleksihakli] 5.0 (2019-05-01) ---------------- - Deprecate Python 2.7, 3.4 and 3.5 support. [aleksihakli] - Remove automatic decoration and monkey-patching of Django views and forms. Decorators are available for login function and method decoration as before. [aleksihakli] - Use backend, middleware, and signal handlers for tracking login attempts and implementing user lockouts. [aleksihakli, jorlugaqui, joshua-s] - Add ``AxesDatabaseHandler``, ``AxesCacheHandler``, and ``AxesDummyHandler`` handler backends for processing user login and logout events and failures. Handlers are configurable with the ``AXES_HANDLER`` setting. [aleksihakli, jorlugaqui, joshua-s] - Improve management commands and separate commands for resetting all access attempts, attempts by IP, and attempts by username. New command names are ``axes_reset``, ``axes_reset_ip`` and ``axes_reset_username``. [aleksihakli] - Add support for string import for ``AXES_USERNAME_CALLABLE`` that supports dotted paths in addition to the old callable type such as a function or a class method. [aleksihakli] - Deprecate one argument call signature for ``AXES_USERNAME_CALLABLE``. From now on, the callable needs to accept two arguments, the HttpRequest and credentials that are supplied to the Django ``authenticate`` method in authentication backends. [aleksihakli] - Move ``axes.attempts.is_already_locked`` function to ``axes.handlers.AxesProxyHandler.is_locked``. Various other previously undocumented methods have been deprecated and moved inside the project. The new documented public APIs can be considered as stable and can be safely utilized by other projects. [aleksihakli] - Improve documentation layouting and contents. Add public API reference section. [aleksihakli] 4.5.4 (2019-01-15) ------------------ - Improve README and documentation [aleksihakli] 4.5.3 (2019-01-14) ------------------ - Remove the unused ``AccessAttempt.trusted`` flag from models [aleksihakli] - Improve README and Travis CI setups [aleksihakli] 4.5.2 (2019-01-12) ------------------ - Added Turkish translations [obayhan] 4.5.1 (2019-01-11) ------------------ - Removed duplicated check that was causing issues when using APIs. [camilonova] - Added Russian translations [lubicz-sielski] 4.5.0 (2018-12-25) ------------------ - Improve support for custom authentication credentials using the ``AXES_USERNAME_FORM_FIELD`` and ``AXES_USERNAME_CALLABLE`` settings. [mastacheata] - Updated behaviour for fetching username from request or credentials: If no ``AXES_USERNAME_CALLABLE`` is configured, the optional ``credentials`` that are supplied to the axes utility methods are now the default source for client username and the HTTP request POST is the fallback for fetching the user information. ``AXES_USERNAME_CALLABLE`` implements an alternative signature with two arguments ``request, credentials`` in addition to the old ``request`` call argument signature in a backwards compatible fashion. [aleksihakli] - Add official support for the Django 2.1 version and Python 3.7. [aleksihakli] - Improve the requirements, documentation, tests, and CI setup. [aleksihakli] 4.4.3 (2018-12-08) ------------------ - Fix MANIFEST.in missing German translations [aleksihakli] - Add `AXES_RESET_ON_SUCCESS` configuration flag [arjenzijlstra] 4.4.2 (2018-10-30) ------------------ - fix missing migration and add check to prevent it happening again. [markddavidoff] 4.4.1 (2018-10-24) ------------------ - Add a German translation [adonig] - Documentation wording changes [markddavidoff] - Use `get_client_username` in `log_user_login_failed` instead of credentials [markddavidoff] - pin prospector to 0.12.11, and pin astroid to 1.6.5 [hsiaoyi0504] 4.4.0 (2018-05-26) ------------------ - Added AXES_USERNAME_CALLABLE [jaadus] 4.3.1 (2018-04-21) ------------------ - Change custom authentication backend failures from error to warning log level [aleksihakli] - Set up strict code linting for CI pipeline that fails builds if linting does not pass [aleksihakli] - Clean up old code base and tests based on linter errors [aleksihakli] 4.3.0 (2018-04-21) ------------------ - Refactor and clean up code layout [aleksihakli] - Add prospector linting and code checks to toolchain [aleksihakli] - Clean up log message formatting and refactor type checks [EvaSDK] - Fix faulty user locking with user agent when AXES_ONLY_USER_FAILURES is set [EvaSDK] 4.2.1 (2018-04-18) ------------------ - Fix unicode string interpolation on Python 2.7 [aleksihakli] 4.2.0 (2018-04-13) ------------------ - Add configuration flags for client IP resolving [aleksihakli] - Add AxesModelBackend authentication backend [markdaviddoff] 4.1.0 (2018-02-18) ------------------ - Add AXES_CACHE setting for configuring `axes` specific caching. [JWvDronkelaar] - Add checks and tests for faulty LocMemCache usage in application setup. [aleksihakli] 4.0.2 (2018-01-19) ------------------ - Improve Windows compatibility on Python < 3.4 by utilizing win_inet_pton [hsiaoyi0504] - Add documentation on django-allauth integration [grucha] - Add documentation on known AccessAttempt caching configuration problems when using axes with the `django.core.cache.backends.locmem.LocMemCache` [aleksihakli] - Refactor and improve existing AccessAttempt cache reset utility [aleksihakli] 4.0.1 (2017-12-19) ------------------ - Fixes issue when not using `AXES_USERNAME_FORM_FIELD` [camilonova] 4.0.0 (2017-12-18) ------------------ - *BREAKING CHANGES*. `AXES_BEHIND_REVERSE_PROXY` `AXES_REVERSE_PROXY_HEADER` `AXES_NUM_PROXIES` were removed in order to use `django-ipware` to get the user ip address [camilonova] - Added support for custom username field [kakulukia] - Customizing Axes doc updated [pckapps] - Remove filtering by username [camilonova] - Fixed logging failed attempts to authenticate using a custom authentication backend. [D3X] 3.0.3 (2017-11-23) ------------------ - Test against Python 2.7. [mbaechtold] - Test against Python 3.4. [pope1ni] 3.0.2 (2017-11-21) ------------------ - Added form_invalid decorator. Fixes #265 [camilonova] 3.0.1 (2017-11-17) ------------------ - Fix DeprecationWarning for logger warning [richardowen] - Fixes global lockout possibility [joeribekker] - Changed the way output is handled in the management commands [ataylor32] 3.0.0 (2017-11-17) ------------------ - BREAKING CHANGES. Support for Django >= 1.11 and signals, see issue #215. Drop support for Python < 3.6 [camilonova] 2.3.3 (2017-07-20) ------------------ - Many tweaks and handles successful AJAX logins. [Jack Sullivan] - Add tests for proxy number parametrization [aleksihakli] - Add AXES_NUM_PROXIES setting [aleksihakli] - Log failed access attempts regardless of settings [jimr] - Updated configuration docs to include AXES_IP_WHITELIST [Minkey27] - Add test for get_cache_key function [jorlugaqui] - Delete cache key in reset command line [jorlugaqui] - Add signals for setting/deleting cache keys [jorlugaqui] 2.3.2 (2016-11-24) ------------------ - Only look for lockable users on a POST [schinckel] - Fix and add tests for IPv4 and IPv6 parsing [aleksihakli] 2.3.1 (2016-11-12) ------------------ - Added settings for disabling success accesslogs [Minkey27] - Fixed illegal IP address string passed to inet_pton [samkuehn] 2.3.0 (2016-11-04) ------------------ - Fixed ``axes_reset`` management command to skip "ip" prefix to command arguments. [EvaMarques] - Added ``axes_reset_user`` management command to reset lockouts and failed login records for given users. [vladimirnani] - Fixed Travis-PyPI release configuration. [jezdez] - Make IP position argument optional. [aredalen] - Added possibility to disable access log [svenhertle] - Fix for IIS used as reverse proxy adding port number [Dmitri-Sintsov] - Made the signal race condition safe. [Minkey27] - Added AXES_ONLY_USER_FAILURES to support only looking at the user ID. [lip77us] 2.2.0 (2016-07-20) ------------------ - Improve the logic when using a reverse proxy to avoid possible attacks. [camilonova] 2.1.0 (2016-07-14) ------------------ - Add `default_app_config` so you can just use `axes` in `INSTALLED_APPS` [vdboor] 2.0.0 (2016-06-24) ------------------ - Removed middleware to use app_config [camilonova] - Lots of cleaning [camilonova] - Improved test suite and versions [camilonova] 1.7.0 (2016-06-10) ------------------ - Use render shortcut for rendering LOCKOUT_TEMPLATE [Radoslaw Luter] - Added app_label for RemovedInDjango19Warning [yograterol] - Add iso8601 translator. [mullakhmetov] - Edit json response. Context now contains ISO 8601 formatted cooloff time [mullakhmetov] - Add json response and iso8601 tests. [mullakhmetov] - Fixes issue 162: UnicodeDecodeError on pip install [joeribekker] - Added AXES_NEVER_LOCKOUT_WHITELIST option to prevent certain IPs from being locked out. [joeribekker] 1.6.1 (2016-05-13) ------------------ - Fixes whitelist check when BEHIND_REVERSE_PROXY [Patrick Hagemeister] - Made migrations py3 compatible [mvdwaeter] - Fixing #126, possibly breaking compatibility with Django<=1.7 [int-ua] - Add note for upgrading users about new migration files [kelseyq] - Fixes #148 [camilonova] - Decorate auth_views.login only once [teeberg] - Set IP public/private classifier to be compliant with RFC 1918. [SilasX] - Issue #155. Lockout response status code changed to 403. [Arthur Mullahmetov] - BUGFIX: Missing migration [smeinel] 1.6.0 (2016-01-07) ------------------ - Stopped using render_to_response so that other template engines work [tarkatronic] - Improved performance & DoS prevention on query2str [tarkatronic] - Immediately return from is_already_locked if the user is not lockable [jdunck] - Iterate over ip addresses only once [annp89] - added initial migration files to support django 1.7 &up. Upgrading users should run migrate --fake-initial after update [ibaguio] - Add db indexes to CommonAccess model [Schweigi] 1.5.0 (2015-09-11) ------------------ - Fix #_get_user_attempts to include username when filtering AccessAttempts if AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP is True [afioca] 1.4.0 (2015-08-09) ------------------ - Send the user_locked_out signal. Fixes #94. [toabi] 1.3.9 (2015-02-11) ------------------ - Python 3 fix (#104) 1.3.8 (2014-10-07) ------------------ - Rename GitHub organization from django-security to django-pci to emphasize focus on providing assistance with building PCI compliant websites with Django. [aclark4life] 1.3.7 (2014-10-05) ------------------ - Explain common issues where Axes fails silently [cericoda] - Allow for user-defined username field for lookup in POST data [SteveByerly] - Log out only if user was logged in [zoten] - Support for floats in cooloff time (i.e: 0.1 == 6 minutes) [marianov] - Limit amount of POST data logged (#73). Limiting the length of value is not enough, as there could be arbitrary number of them, or very long key names. [peterkuma] - Improve get_ip to try for real ip address [7wonders] - Change IPAddressField to GenericIPAddressField. When using a PostgreSQL database and the client does not pass an IP address you get an inet error. This is a known problem with PostgreSQL and the IPAddressField. https://code.djangoproject.com/ticket/5622. It can be fixed by using a GenericIPAddressField instead. [polvoblanco] - Get first X-Forwarded-For IP [tutumcloud] - White listing IP addresses behind reverse proxy. Allowing some IP addresses to have direct access to the app even if they are behind a reverse proxy. Those IP addresses must still be on a white list. [ericbulloch] - Reduce logging of reverse proxy IP lookup and use configured logger. Fixes #76. Instead of logging the notice that django.axes looks for a HTTP header set by a reverse proxy on each attempt, just log it one-time on first module import. Also use the configured logger (by default axes.watch_login) for the message to be more consistent in logging. [eht16] - Limit the length of the values logged into the database. Refs #73 [camilonova] - Refactored tests to be more stable and faster [camilonova] - Clean client references [camilonova] - Fixed admin login url [camilonova] - Added django 1.7 for testing [camilonova] - Travis file cleanup [camilonova] - Remove hardcoded url path [camilonova] - Fixing tests for django 1.7 [Andrew-Crosio] - Fix for django 1.7 exception not existing [Andrew-Crosio] - Removed python 2.6 from testing [camilonova] - Use django built-in six version [camilonova] - Added six as requirement [camilonova] - Added python 2.6 for travis testing [camilonova] - Replaced u string literal prefixes with six.u() calls [amrhassan] - Fixes object type issue, response is not an string [camilonova] - Python 3 compatibility fix for db_reset [nicois] - Added example project and helper scripts [barseghyanartur] - Admin command to list login attemps [marianov] - Replaced six imports with django.utils.six ones [amrhassan] - Replaced u string literal prefixes with six.u() calls to make it compatible with Python 3.2 [amrhassan] - Replaced `assertIn`s and `assertNotIn`s with `assertContains` and `assertNotContains` [fcurella] - Added py3k to travis [fcurella] - Update test cases to be python3 compatible [nicois] - Python 3 compatibility fix for db_reset [nicois] - Removed trash from example urls [barseghyanartur] - Added django installer [barseghyanartur] - Added example project and helper scripts [barseghyanartur] 1.3.6 (2013-11-23) ------------------ - Added AttributeError in case get_profile doesn't exist [camilonova] - Improved axes_reset command [camilonova] 1.3.5 (2013-11-01) ------------------ - Fix an issue with __version__ loading the wrong version [graingert] 1.3.4 (2013-11-01) ------------------ - Update README.rst for PyPI [marty, camilonova, graingert] - Add cooloff period [visualspace] 1.3.3 (2013-07-05) ------------------ - Added 'username' field to the Admin table [bkvirendra] - Removed fallback logging creation since logging cames by default on django 1.4 or later, if you don't have it is because you explicitly wanted. Fixes #45 [camilonova] 1.3.2 (2013-03-28) ------------------ - Fix an issue when a user logout [camilonova] - Match pypi version [camilonova] - Better User model import method [camilonova] - Use only one place to get the version number [camilonova] - Fixed an issue when a user on django 1.4 logout [camilonova] - Handle exception if there is not user profile model set [camilonova] - Made some cleanup and remove a pokemon exception handling [camilonova] - Improved tests so it really looks for the rabbit in the hole [camilonova] - Match pypi version [camilonova] 1.3.1 (2013-03-19) ------------------ - Add support for Django 1.5 [camilonova] 1.3.0 (2013-02-27) ------------------ - Bug fix: get_version() format string [csghormley] 1.2.9 (2013-02-20) ------------------ - Add to and improve test cases [camilonova] 1.2.8 (2013-01-23) ------------------ - Increased http accept header length [jslatts] 1.2.7 (2013-01-17) ------------------ - Reverse proxy support [rmagee] - Clean up README [martey] 1.2.6 (2012-12-04) ------------------ - Remove unused import [aclark4life] 1.2.5 (2012-11-28) ------------------ - Fix setup.py [aclark4life] - Added ability to flag user accounts as unlockable. [kencochrane] - Added ipaddress as a param to the user_locked_out signal. [kencochrane] - Added a signal receiver for user_logged_out. [kencochrane] - Added a signal for when a user gets locked out. [kencochrane] - Added AccessLog model to log all access attempts. [kencochrane] django-axes-5.24.0/LICENSE000066400000000000000000000022401411641636100150100ustar00rootroot00000000000000The MIT License Copyright (c) 2008 Josh VanderLinden Copyright (c) 2009 Philip Neustrom Copyright (c) 2016 Jazzband Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. django-axes-5.24.0/README.rst000066400000000000000000000065331411641636100155030ustar00rootroot00000000000000 django-axes =========== .. image:: https://jazzband.co/static/img/badge.svg :target: https://jazzband.co/ :alt: Jazzband .. image:: https://img.shields.io/github/stars/jazzband/django-axes.svg?label=Stars&style=socialcA :target: https://github.com/jazzband/django-axes :alt: GitHub .. image:: https://img.shields.io/pypi/v/django-axes.svg :target: https://pypi.org/project/django-axes/ :alt: PyPI release .. image:: https://img.shields.io/pypi/pyversions/django-axes.svg :target: https://pypi.org/project/django-axes/ :alt: Supported Python versions .. image:: https://img.shields.io/pypi/djversions/django-axes.svg :target: https://pypi.org/project/django-axes/ :alt: Supported Django versions .. image:: https://img.shields.io/readthedocs/django-axes.svg :target: https://django-axes.readthedocs.io/ :alt: Documentation .. image:: https://github.com/jazzband/django-axes/workflows/Test/badge.svg :target: https://github.com/jazzband/django-axes/actions :alt: GitHub Actions .. image:: https://codecov.io/gh/jazzband/django-axes/branch/master/graph/badge.svg :target: https://codecov.io/gh/jazzband/django-axes :alt: Coverage Axes is a Django plugin for keeping track of suspicious login attempts for your Django based website and implementing simple brute-force attack blocking. The name is sort of a geeky pun, since it can be interpreted as: * ``access``, as in monitoring access attempts, or * ``axes``, as in tools you can use to hack (generally on wood). Functionality ------------- Axes records login attempts to your Django powered site and prevents attackers from attempting further logins to your site when they exceed the configured attempt limit. Axes can track the attempts and persist them in the database indefinitely, or alternatively use a fast and DDoS resistant cache implementation. Axes can be configured to monitor login attempts by IP address, username, user agent, or their combinations. Axes supports cool off periods, IP address whitelisting and blacklisting, user account whitelisting, and other features for Django access management. Documentation ------------- For more information on installation and configuration see the documentation at: https://django-axes.readthedocs.io/ Issues ------ If you have questions or have trouble using the app please file a bug report at: https://github.com/jazzband/django-axes/issues Contributions ------------- All contributions are welcome! It is best to separate proposed changes and PRs into small, distinct patches by type so that they can be merged faster into upstream and released quicker. One way to organize contributions would be to separate PRs for e.g. * bugfixes, * new features, * code and design improvements, * documentation improvements, or * tooling and CI improvements. Merging contributions requires passing the checks configured with the CI. This includes running tests and linters successfully on the currently officially supported Python and Django versions. The test automation is run automatically with GitHub Actions, but you can run it locally with the ``tox`` command before pushing commits. Please note that this is a `Jazzband `_ project. By contributing you agree to abide by the `Contributor Code of Conduct `_ and follow the `guidelines `_. django-axes-5.24.0/axes/000077500000000000000000000000001411641636100147455ustar00rootroot00000000000000django-axes-5.24.0/axes/__init__.py000066400000000000000000000002751411641636100170620ustar00rootroot00000000000000from pkg_resources import get_distribution import django if django.VERSION < (3, 2): default_app_config = "axes.apps.AppConfig" __version__ = get_distribution("django-axes").version django-axes-5.24.0/axes/admin.py000066400000000000000000000037301411641636100164120ustar00rootroot00000000000000from django.contrib import admin from django.utils.translation import gettext_lazy as _ from axes.conf import settings from axes.models import AccessAttempt, AccessLog class AccessAttemptAdmin(admin.ModelAdmin): list_display = ( "attempt_time", "ip_address", "user_agent", "username", "path_info", "failures_since_start", ) list_filter = ["attempt_time", "path_info"] search_fields = ["ip_address", "username", "user_agent", "path_info"] date_hierarchy = "attempt_time" fieldsets = ( (None, {"fields": ("path_info", "failures_since_start")}), (_("Form Data"), {"fields": ("get_data", "post_data")}), (_("Meta Data"), {"fields": ("user_agent", "ip_address", "http_accept")}), ) readonly_fields = [ "user_agent", "ip_address", "username", "http_accept", "path_info", "attempt_time", "get_data", "post_data", "failures_since_start", ] def has_add_permission(self, request): return False class AccessLogAdmin(admin.ModelAdmin): list_display = ( "attempt_time", "logout_time", "ip_address", "username", "user_agent", "path_info", ) list_filter = ["attempt_time", "logout_time", "path_info"] search_fields = ["ip_address", "user_agent", "username", "path_info"] date_hierarchy = "attempt_time" fieldsets = ( (None, {"fields": ("path_info",)}), (_("Meta Data"), {"fields": ("user_agent", "ip_address", "http_accept")}), ) readonly_fields = [ "user_agent", "ip_address", "username", "http_accept", "path_info", "attempt_time", "logout_time", ] def has_add_permission(self, request): return False if settings.AXES_ENABLE_ADMIN: admin.site.register(AccessAttempt, AccessAttemptAdmin) admin.site.register(AccessLog, AccessLogAdmin) django-axes-5.24.0/axes/apps.py000066400000000000000000000030611411641636100162620ustar00rootroot00000000000000from logging import getLogger from django import apps from pkg_resources import get_distribution log = getLogger(__name__) class AppConfig(apps.AppConfig): default_auto_field = "django.db.models.AutoField" name = "axes" initialized = False @classmethod def initialize(cls): """ Initialize Axes logging and show version information. This method is re-entrant and can be called multiple times. It displays version information exactly once at application startup. """ if cls.initialized: return cls.initialized = True # Only import settings, checks, and signals one time after Django has been initialized from axes.conf import settings # noqa from axes import checks, signals # noqa # Skip startup log messages if Axes is not set to verbose if settings.AXES_VERBOSE: log.info("AXES: BEGIN LOG") log.info( "AXES: Using django-axes version %s", get_distribution("django-axes").version, ) if settings.AXES_ONLY_USER_FAILURES: log.info("AXES: blocking by username only.") elif settings.AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP: log.info("AXES: blocking by combination of username and IP.") elif settings.AXES_LOCK_OUT_BY_USER_OR_IP: log.info("AXES: blocking by username or IP.") else: log.info("AXES: blocking by IP only.") def ready(self): self.initialize() django-axes-5.24.0/axes/attempts.py000066400000000000000000000057411411641636100171670ustar00rootroot00000000000000from logging import getLogger from typing import List from django.db.models import QuerySet from django.utils.timezone import datetime, now from axes.conf import settings from axes.helpers import get_client_username, get_client_parameters, get_cool_off from axes.models import AccessAttempt log = getLogger(__name__) def get_cool_off_threshold(attempt_time: datetime = None) -> datetime: """ Get threshold for fetching access attempts from the database. """ cool_off = get_cool_off() if cool_off is None: raise TypeError( "Cool off threshold can not be calculated with settings.AXES_COOLOFF_TIME set to None" ) if attempt_time is None: return now() - cool_off return attempt_time - cool_off def filter_user_attempts(request, credentials: dict = None) -> List[QuerySet]: """ Return a list querysets of AccessAttempts that match the given request and credentials. """ username = get_client_username(request, credentials) filter_kwargs_list = get_client_parameters( username, request.axes_ip_address, request.axes_user_agent ) attempts_list = [ AccessAttempt.objects.filter(**filter_kwargs) for filter_kwargs in filter_kwargs_list ] return attempts_list def get_user_attempts(request, credentials: dict = None) -> List[QuerySet]: """ Get list of querysets with valid user attempts that match the given request and credentials. """ attempts_list = filter_user_attempts(request, credentials) if settings.AXES_COOLOFF_TIME is None: log.debug( "AXES: Getting all access attempts from database because no AXES_COOLOFF_TIME is configured" ) return attempts_list threshold = get_cool_off_threshold(request.axes_attempt_time) log.debug("AXES: Getting access attempts that are newer than %s", threshold) return [attempts.filter(attempt_time__gte=threshold) for attempts in attempts_list] def clean_expired_user_attempts(attempt_time: datetime = None) -> int: """ Clean expired user attempts from the database. """ if settings.AXES_COOLOFF_TIME is None: log.debug( "AXES: Skipping clean for expired access attempts because no AXES_COOLOFF_TIME is configured" ) return 0 threshold = get_cool_off_threshold(attempt_time) count, _ = AccessAttempt.objects.filter(attempt_time__lt=threshold).delete() log.info( "AXES: Cleaned up %s expired access attempts from database that were older than %s", count, threshold, ) return count def reset_user_attempts(request, credentials: dict = None) -> int: """ Reset all user attempts that match the given request and credentials. """ attempts_list = filter_user_attempts(request, credentials) count = 0 for attempts in attempts_list: _count, _ = attempts.delete() count += _count log.info("AXES: Reset %s access attempts from database.", count) return count django-axes-5.24.0/axes/backends.py000066400000000000000000000053671411641636100171040ustar00rootroot00000000000000from django.contrib.auth.backends import ModelBackend from axes.exceptions import ( AxesBackendPermissionDenied, AxesBackendRequestParameterRequired, ) from axes.handlers.proxy import AxesProxyHandler from axes.helpers import get_credentials, get_lockout_message, toggleable class AxesBackend(ModelBackend): """ Authentication backend class that forbids login attempts for locked out users. Use this class as the first item of ``AUTHENTICATION_BACKENDS`` to prevent locked out users from being logged in by the Django authentication flow. .. note:: This backend does not log your user in. It monitors login attempts. Authentication is handled by the following backends that are configured in ``AUTHENTICATION_BACKENDS``. """ @toggleable def authenticate( self, request, username: str = None, password: str = None, **kwargs: dict ): """ Checks user lockout status and raises an exception if user is not allowed to log in. This method interrupts the login flow and inserts error message directly to the ``response_context`` attribute that is supplied as a keyword argument. :keyword response_context: kwarg that will be have its ``error`` attribute updated with context. :raises AxesBackendRequestParameterRequired: if request parameter is not passed. :raises AxesBackendPermissionDenied: if user is already locked out. """ if request is None: raise AxesBackendRequestParameterRequired( "AxesBackend requires a request as an argument to authenticate" ) credentials = get_credentials(username=username, password=password, **kwargs) if AxesProxyHandler.is_allowed(request, credentials): return # Locked out, don't try to authenticate, just update response_context and return. # Its a bit weird to pass a context and expect a response value but its nice to get a "why" back. error_msg = get_lockout_message() response_context = kwargs.get("response_context", {}) response_context["error"] = error_msg # Raise an error that stops the authentication flows at django.contrib.auth.authenticate. # This error stops bubbling up at the authenticate call which catches backend PermissionDenied errors. # After this error is caught by authenticate it emits a signal indicating user login failed, # which is processed by axes.signals.log_user_login_failed which logs and flags the failed request. # The axes.middleware.AxesMiddleware further processes the flagged request into a readable response. raise AxesBackendPermissionDenied( "AxesBackend detected that the given user is locked out" ) django-axes-5.24.0/axes/checks.py000066400000000000000000000107071411641636100165640ustar00rootroot00000000000000from django.core.checks import ( # pylint: disable=redefined-builtin Tags, Warning, register, ) from django.utils.module_loading import import_string from axes.backends import AxesBackend from axes.conf import settings class Messages: CACHE_INVALID = ( "You are using the django-axes cache handler for login attempt tracking." " Your cache configuration is however invalid and will not work correctly with django-axes." " This can leave security holes in your login systems as attempts are not tracked correctly." " Reconfigure settings.AXES_CACHE and settings.CACHES per django-axes configuration documentation." ) MIDDLEWARE_INVALID = ( "You do not have 'axes.middleware.AxesMiddleware' in your settings.MIDDLEWARE." ) BACKEND_INVALID = "You do not have 'axes.backends.AxesBackend' or a subclass in your settings.AUTHENTICATION_BACKENDS." SETTING_DEPRECATED = "You have a deprecated setting {deprecated_setting} configured in your project settings" class Hints: CACHE_INVALID = None MIDDLEWARE_INVALID = None BACKEND_INVALID = ( "AxesModelBackend was renamed to AxesBackend in django-axes version 5.0." ) SETTING_DEPRECATED = None class Codes: CACHE_INVALID = "axes.W001" MIDDLEWARE_INVALID = "axes.W002" BACKEND_INVALID = "axes.W003" SETTING_DEPRECATED = "axes.W004" @register(Tags.security, Tags.caches, Tags.compatibility) def axes_cache_check(app_configs, **kwargs): # pylint: disable=unused-argument axes_handler = getattr(settings, "AXES_HANDLER", "") axes_cache_key = getattr(settings, "AXES_CACHE", "default") axes_cache_config = settings.CACHES.get(axes_cache_key, {}) axes_cache_backend = axes_cache_config.get("BACKEND", "") axes_cache_backend_incompatible = [ "django.core.cache.backends.dummy.DummyCache", "django.core.cache.backends.locmem.LocMemCache", "django.core.cache.backends.filebased.FileBasedCache", ] warnings = [] if axes_handler == "axes.handlers.cache.AxesCacheHandler": if axes_cache_backend in axes_cache_backend_incompatible: warnings.append( Warning( msg=Messages.CACHE_INVALID, hint=Hints.CACHE_INVALID, id=Codes.CACHE_INVALID, ) ) return warnings @register(Tags.security, Tags.compatibility) def axes_middleware_check(app_configs, **kwargs): # pylint: disable=unused-argument warnings = [] if "axes.middleware.AxesMiddleware" not in settings.MIDDLEWARE: warnings.append( Warning( msg=Messages.MIDDLEWARE_INVALID, hint=Hints.MIDDLEWARE_INVALID, id=Codes.MIDDLEWARE_INVALID, ) ) return warnings @register(Tags.security, Tags.compatibility) def axes_backend_check(app_configs, **kwargs): # pylint: disable=unused-argument warnings = [] found = False for name in settings.AUTHENTICATION_BACKENDS: try: backend = import_string(name) except ModuleNotFoundError as e: raise ModuleNotFoundError( "Can not find module path defined in settings.AUTHENTICATION_BACKENDS" ) from e except ImportError as e: raise ImportError( "Can not import backend class defined in settings.AUTHENTICATION_BACKENDS" ) from e if issubclass(backend, AxesBackend): found = True break if not found: warnings.append( Warning( msg=Messages.BACKEND_INVALID, hint=Hints.BACKEND_INVALID, id=Codes.BACKEND_INVALID, ) ) return warnings @register(Tags.compatibility) def axes_deprecation_check(app_configs, **kwargs): # pylint: disable=unused-argument warnings = [] deprecated_settings = [ "AXES_DISABLE_SUCCESS_ACCESS_LOG", "AXES_LOGGER", ] for deprecated_setting in deprecated_settings: try: getattr(settings, deprecated_setting) warnings.append( Warning( msg=Messages.SETTING_DEPRECATED.format( deprecated_setting=deprecated_setting ), hint=None, id=Codes.SETTING_DEPRECATED, ) ) except AttributeError: pass return warnings django-axes-5.24.0/axes/conf.py000066400000000000000000000125121411641636100162450ustar00rootroot00000000000000from django.conf import settings from django.utils.translation import gettext_lazy as _ # disable plugin when set to False settings.AXES_ENABLED = getattr(settings, "AXES_ENABLED", True) # see if the user has overridden the failure limit settings.AXES_FAILURE_LIMIT = getattr(settings, "AXES_FAILURE_LIMIT", 3) # see if the user has set axes to lock out logins after failure limit settings.AXES_LOCK_OUT_AT_FAILURE = getattr(settings, "AXES_LOCK_OUT_AT_FAILURE", True) # lock out with the combination of username and IP address settings.AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP = getattr( settings, "AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP", False ) # lock out with the username or IP address settings.AXES_LOCK_OUT_BY_USER_OR_IP = getattr( settings, "AXES_LOCK_OUT_BY_USER_OR_IP", False ) # lock out with username and never the IP or user agent settings.AXES_ONLY_USER_FAILURES = getattr(settings, "AXES_ONLY_USER_FAILURES", False) # lock out just for admin site settings.AXES_ONLY_ADMIN_SITE = getattr(settings, "AXES_ONLY_ADMIN_SITE", False) # show Axes logs in admin settings.AXES_ENABLE_ADMIN = getattr(settings, "AXES_ENABLE_ADMIN", True) # lock out with the user agent, has no effect when ONLY_USER_FAILURES is set settings.AXES_USE_USER_AGENT = getattr(settings, "AXES_USE_USER_AGENT", False) # use a specific username field to retrieve from login POST data settings.AXES_USERNAME_FORM_FIELD = getattr( settings, "AXES_USERNAME_FORM_FIELD", "username" ) # use a specific password field to retrieve from login POST data settings.AXES_PASSWORD_FORM_FIELD = getattr( settings, "AXES_PASSWORD_FORM_FIELD", "password" ) # noqa # use a provided callable to transform the POSTed username into the one used in credentials settings.AXES_USERNAME_CALLABLE = getattr(settings, "AXES_USERNAME_CALLABLE", None) # determine if given user should be always allowed to attempt authentication settings.AXES_WHITELIST_CALLABLE = getattr(settings, "AXES_WHITELIST_CALLABLE", None) # return custom lockout response if configured settings.AXES_LOCKOUT_CALLABLE = getattr(settings, "AXES_LOCKOUT_CALLABLE", None) # reset the number of failed attempts after one successful attempt settings.AXES_RESET_ON_SUCCESS = getattr(settings, "AXES_RESET_ON_SUCCESS", False) settings.AXES_DISABLE_ACCESS_LOG = getattr(settings, "AXES_DISABLE_ACCESS_LOG", False) settings.AXES_HANDLER = getattr( settings, "AXES_HANDLER", "axes.handlers.database.AxesDatabaseHandler" ) settings.AXES_LOCKOUT_TEMPLATE = getattr(settings, "AXES_LOCKOUT_TEMPLATE", None) settings.AXES_LOCKOUT_URL = getattr(settings, "AXES_LOCKOUT_URL", None) settings.AXES_COOLOFF_TIME = getattr(settings, "AXES_COOLOFF_TIME", None) settings.AXES_VERBOSE = getattr(settings, "AXES_VERBOSE", settings.AXES_ENABLED) # whitelist and blacklist settings.AXES_NEVER_LOCKOUT_WHITELIST = getattr( settings, "AXES_NEVER_LOCKOUT_WHITELIST", False ) settings.AXES_NEVER_LOCKOUT_GET = getattr(settings, "AXES_NEVER_LOCKOUT_GET", False) settings.AXES_ONLY_WHITELIST = getattr(settings, "AXES_ONLY_WHITELIST", False) settings.AXES_IP_WHITELIST = getattr(settings, "AXES_IP_WHITELIST", None) settings.AXES_IP_BLACKLIST = getattr(settings, "AXES_IP_BLACKLIST", None) # message to show when locked out and have cooloff enabled settings.AXES_COOLOFF_MESSAGE = getattr( settings, "AXES_COOLOFF_MESSAGE", _("Account locked: too many login attempts. Please try again later."), ) # message to show when locked out and have cooloff disabled settings.AXES_PERMALOCK_MESSAGE = getattr( settings, "AXES_PERMALOCK_MESSAGE", _( "Account locked: too many login attempts. Contact an admin to unlock your account." ), ) # if your deployment is using reverse proxies, set this value to 'left-most' or 'right-most' per your configuration settings.AXES_PROXY_ORDER = getattr(settings, "AXES_PROXY_ORDER", "left-most") # if your deployment is using reverse proxies, set this value to the number of proxies in front of Django settings.AXES_PROXY_COUNT = getattr(settings, "AXES_PROXY_COUNT", None) # if your deployment is using reverse proxies, set to your trusted proxy IP addresses prefixes if needed settings.AXES_PROXY_TRUSTED_IPS = getattr(settings, "AXES_PROXY_TRUSTED_IPS", None) # set to the names of request.META attributes that should be checked for the IP address of the client # if your deployment is using reverse proxies, ensure that the header attributes are securely set by the proxy # ensure that the client can not spoof the headers by setting them and sending them through the proxy settings.AXES_META_PRECEDENCE_ORDER = getattr( settings, "AXES_META_PRECEDENCE_ORDER", getattr(settings, "IPWARE_META_PRECEDENCE_ORDER", ("REMOTE_ADDR",)), ) # set CORS allowed origins when calling authentication over ajax settings.AXES_ALLOWED_CORS_ORIGINS = getattr(settings, "AXES_ALLOWED_CORS_ORIGINS", "*") # set the list of sensitive parameters to cleanse from get/post data before logging settings.AXES_SENSITIVE_PARAMETERS = getattr( settings, "AXES_SENSITIVE_PARAMETERS", [], ) # set the callable for the readable string that can be used in # e.g. logging to distinguish client requests settings.AXES_CLIENT_STR_CALLABLE = getattr(settings, "AXES_CLIENT_STR_CALLABLE", None) # set the HTTP response code given by too many requests settings.AXES_HTTP_RESPONSE_CODE = getattr(settings, "AXES_HTTP_RESPONSE_CODE", 403) django-axes-5.24.0/axes/decorators.py000066400000000000000000000011641411641636100174660ustar00rootroot00000000000000from functools import wraps from axes.handlers.proxy import AxesProxyHandler from axes.helpers import get_lockout_response def axes_dispatch(func): @wraps(func) def inner(request, *args, **kwargs): if AxesProxyHandler.is_allowed(request): return func(request, *args, **kwargs) return get_lockout_response(request) return inner def axes_form_invalid(func): @wraps(func) def inner(self, *args, **kwargs): if AxesProxyHandler.is_allowed(self.request): return func(self, *args, **kwargs) return get_lockout_response(self.request) return inner django-axes-5.24.0/axes/exceptions.py000066400000000000000000000005741411641636100175060ustar00rootroot00000000000000from django.core.exceptions import PermissionDenied class AxesBackendPermissionDenied(PermissionDenied): """ Raised by authentication backend on locked out requests to stop the Django authentication flow. """ class AxesBackendRequestParameterRequired(ValueError): """ Raised by authentication backend on invalid or missing request parameter value. """ django-axes-5.24.0/axes/handlers/000077500000000000000000000000001411641636100165455ustar00rootroot00000000000000django-axes-5.24.0/axes/handlers/__init__.py000066400000000000000000000000001411641636100206440ustar00rootroot00000000000000django-axes-5.24.0/axes/handlers/base.py000066400000000000000000000151401411641636100200320ustar00rootroot00000000000000import re from abc import ABC, abstractmethod from django.urls import reverse from django.urls.exceptions import NoReverseMatch from axes.conf import settings from axes.helpers import ( get_failure_limit, is_client_ip_address_blacklisted, is_client_ip_address_whitelisted, is_client_method_whitelisted, is_user_attempt_whitelisted, ) class AbstractAxesHandler(ABC): """ Contract that all handlers need to follow """ @abstractmethod def user_login_failed(self, sender, credentials: dict, request=None, **kwargs): """ Handles the Django ``django.contrib.auth.signals.user_login_failed`` authentication signal. """ raise NotImplementedError("user_login_failed should be implemented") @abstractmethod def user_logged_in(self, sender, request, user, **kwargs): """ Handles the Django ``django.contrib.auth.signals.user_logged_in`` authentication signal. """ raise NotImplementedError("user_logged_in should be implemented") @abstractmethod def user_logged_out(self, sender, request, user, **kwargs): """ Handles the Django ``django.contrib.auth.signals.user_logged_out`` authentication signal. """ raise NotImplementedError("user_logged_out should be implemented") @abstractmethod def get_failures(self, request, credentials: dict = None) -> int: """ Checks the number of failures associated to the given request and credentials. This is a virtual method that needs an implementation in the handler subclass if the ``settings.AXES_LOCK_OUT_AT_FAILURE`` flag is set to ``True``. """ raise NotImplementedError("get_failures should be implemented") class AxesBaseHandler: # pylint: disable=unused-argument """ Handler API definition for implementations that are used by the ``AxesProxyHandler``. If you wish to specialize your own handler class, override the necessary methods and configure the class for use by setting ``settings.AXES_HANDLER = 'module.path.to.YourClass'``. Make sure that new the handler is compliant with AbstractAxesHandler and make sure it extends from this mixin. Refer to `AxesHandler` for an example. The default implementation that is actually used by Axes is ``axes.handlers.database.AxesDatabaseHandler``. .. note:: This is a virtual class and **can not be used without specialization**. """ def is_allowed(self, request, credentials: dict = None) -> bool: """ Checks if the user is allowed to access or use given functionality such as a login view or authentication. This method is abstract and other backends can specialize it as needed, but the default implementation checks if the user has attempted to authenticate into the site too many times through the Django authentication backends and returns ``False`` if user exceeds the configured Axes thresholds. This checker can implement arbitrary checks such as IP whitelisting or blacklisting, request frequency checking, failed attempt monitoring or similar functions. Please refer to the ``axes.handlers.database.AxesDatabaseHandler`` for the default implementation and inspiration on some common checks and access restrictions before writing your own implementation. """ if self.is_admin_site(request): return True if self.is_blacklisted(request, credentials): return False if self.is_whitelisted(request, credentials): return True if self.is_locked(request, credentials): return False return True def is_blacklisted(self, request, credentials: dict = None) -> bool: """ Checks if the request or given credentials are blacklisted from access. """ if is_client_ip_address_blacklisted(request): return True return False def is_whitelisted(self, request, credentials: dict = None) -> bool: """ Checks if the request or given credentials are whitelisted for access. """ if is_user_attempt_whitelisted(request, credentials): return True if is_client_ip_address_whitelisted(request): return True if is_client_method_whitelisted(request): return True return False def is_locked(self, request, credentials: dict = None) -> bool: """ Checks if the request or given credentials are locked. """ if settings.AXES_LOCK_OUT_AT_FAILURE: # get_failures will have to be implemented by each specialized handler return self.get_failures( # type: ignore request, credentials ) >= get_failure_limit(request, credentials) return False def is_admin_site(self, request) -> bool: """ Checks if the request is for admin site. """ if settings.AXES_ONLY_ADMIN_SITE and hasattr(request, "path"): try: admin_url = reverse("admin:index") except NoReverseMatch: return True return not re.match("^%s" % admin_url, request.path) return False def reset_attempts( self, *, ip_address: str = None, username: str = None, ip_or_username: bool = False, ) -> int: """ Resets access attempts that match the given IP address or username. This method makes more sense for the DB backend, but as it is used by the ProxyHandler (via inherent), it needs to be defined here so we get compliant with all proxy methods. Please overwrite it on each specialized handler as needed. """ return 0 def reset_logs(self, *, age_days: int = None) -> int: """ Resets access logs that are older than given number of days. This method makes more sense for the DB backend, but as it is used by the ProxyHandler (via inherent), it needs to be defined here so we get compliant with all proxy methods. Please overwrite it on each specialized handler as needed. """ return 0 class AxesHandler(AbstractAxesHandler, AxesBaseHandler): """ Signal bare handler implementation without any storage backend. """ def user_login_failed(self, sender, credentials: dict, request=None, **kwargs): pass def user_logged_in(self, sender, request, user, **kwargs): pass def user_logged_out(self, sender, request, user, **kwargs): pass def get_failures(self, request, credentials: dict = None) -> int: return 0 django-axes-5.24.0/axes/handlers/cache.py000066400000000000000000000133161411641636100201660ustar00rootroot00000000000000from logging import getLogger from axes.conf import settings from axes.handlers.base import AxesBaseHandler, AbstractAxesHandler from axes.helpers import ( get_cache, get_cache_timeout, get_client_cache_key, get_client_str, get_client_username, get_credentials, get_failure_limit, ) from axes.models import AccessAttempt from axes.signals import user_locked_out log = getLogger(__name__) class AxesCacheHandler(AbstractAxesHandler, AxesBaseHandler): """ Signal handler implementation that records user login attempts to cache and locks users out if necessary. """ def __init__(self): self.cache = get_cache() self.cache_timeout = get_cache_timeout() def reset_attempts( self, *, ip_address: str = None, username: str = None, ip_or_username: bool = False, ) -> int: cache_keys: list = [] count = 0 if ip_address is None and username is None: raise NotImplementedError("Cannot clear all entries from cache") if ip_or_username: raise NotImplementedError( "Due to the cache key ip_or_username=True is not supported" ) cache_keys.extend( get_client_cache_key( AccessAttempt(username=username, ip_address=ip_address) ) ) for cache_key in cache_keys: deleted = self.cache.delete(cache_key) count += int(deleted) if deleted is not None else 1 log.info("AXES: Reset %d access attempts from database.", count) return count def get_failures(self, request, credentials: dict = None) -> int: cache_keys = get_client_cache_key(request, credentials) failure_count = max( self.cache.get(cache_key, default=0) for cache_key in cache_keys ) return failure_count def user_login_failed( self, sender, credentials: dict, request=None, **kwargs ): # pylint: disable=too-many-locals """ When user login fails, save attempt record in cache and lock user out if necessary. :raises AxesSignalPermissionDenied: if user should be locked out. """ if request is None: log.error( "AXES: AxesCacheHandler.user_login_failed does not function without a request." ) return username = get_client_username(request, credentials) if settings.AXES_ONLY_USER_FAILURES and username is None: log.warning( "AXES: Username is None and AXES_ONLY_USER_FAILURES is enabled, new record will NOT be created." ) return client_str = get_client_str( username, request.axes_ip_address, request.axes_user_agent, request.axes_path_info, request, ) if self.is_whitelisted(request, credentials): log.info("AXES: Login failed from whitelisted client %s.", client_str) return failures_since_start = 1 + self.get_failures(request, credentials) request.axes_failures_since_start = failures_since_start if failures_since_start > 1: log.warning( "AXES: Repeated login failure by %s. Count = %d of %d. Updating existing record in the cache.", client_str, failures_since_start, get_failure_limit(request, credentials), ) else: log.warning( "AXES: New login failure by %s. Creating new record in the cache.", client_str, ) cache_keys = get_client_cache_key(request, credentials) for cache_key in cache_keys: failures = self.cache.get(cache_key, default=0) self.cache.set(cache_key, failures + 1, self.cache_timeout) if ( settings.AXES_LOCK_OUT_AT_FAILURE and failures_since_start >= get_failure_limit(request, credentials) ): log.warning( "AXES: Locking out %s after repeated login failures.", client_str ) request.axes_locked_out = True user_locked_out.send( "axes", request=request, username=username, ip_address=request.axes_ip_address, ) def user_logged_in( self, sender, request, user, **kwargs ): # pylint: disable=unused-argument """ When user logs in, update the AccessLog related to the user. """ username = user.get_username() credentials = get_credentials(username) client_str = get_client_str( username, request.axes_ip_address, request.axes_user_agent, request.axes_path_info, request, ) log.info("AXES: Successful login by %s.", client_str) if settings.AXES_RESET_ON_SUCCESS: cache_keys = get_client_cache_key(request, credentials) for cache_key in cache_keys: failures_since_start = self.cache.get(cache_key, default=0) self.cache.delete(cache_key) log.info( "AXES: Deleted %d failed login attempts by %s from cache.", failures_since_start, client_str, ) def user_logged_out(self, sender, request, user, **kwargs): username = user.get_username() if user else None client_str = get_client_str( username, request.axes_ip_address, request.axes_user_agent, request.axes_path_info, request, ) log.info("AXES: Successful logout by %s.", client_str) django-axes-5.24.0/axes/handlers/database.py000066400000000000000000000244241411641636100206710ustar00rootroot00000000000000from logging import getLogger from django.db import transaction from django.db.models import F, Sum, Value, Q from django.db.models.functions import Concat from django.utils import timezone from axes.attempts import ( clean_expired_user_attempts, get_user_attempts, reset_user_attempts, ) from axes.conf import settings from axes.handlers.base import AxesBaseHandler, AbstractAxesHandler from axes.helpers import ( get_client_str, get_client_username, get_credentials, get_failure_limit, get_query_str, ) from axes.models import AccessLog, AccessAttempt from axes.signals import user_locked_out log = getLogger(__name__) class AxesDatabaseHandler(AbstractAxesHandler, AxesBaseHandler): """ Signal handler implementation that records user login attempts to database and locks users out if necessary. .. note:: The get_user_attempts function is called several time during the authentication and lockout process, caching its output can be dangerous. """ def reset_attempts( self, *, ip_address: str = None, username: str = None, ip_or_username: bool = False, ) -> int: attempts = AccessAttempt.objects.all() if ip_or_username: attempts = attempts.filter(Q(ip_address=ip_address) | Q(username=username)) else: if ip_address: attempts = attempts.filter(ip_address=ip_address) if username: attempts = attempts.filter(username=username) count, _ = attempts.delete() log.info("AXES: Reset %d access attempts from database.", count) return count def reset_logs(self, *, age_days: int = None) -> int: if age_days is None: count, _ = AccessLog.objects.all().delete() log.info("AXES: Reset all %d access logs from database.", count) else: limit = timezone.now() - timezone.timedelta(days=age_days) count, _ = AccessLog.objects.filter(attempt_time__lte=limit).delete() log.info( "AXES: Reset %d access logs older than %d days from database.", count, age_days, ) return count def get_failures(self, request, credentials: dict = None) -> int: attempts_list = get_user_attempts(request, credentials) attempt_count = max( ( attempts.aggregate(Sum("failures_since_start"))[ "failures_since_start__sum" ] or 0 ) for attempts in attempts_list ) return attempt_count def user_login_failed( self, sender, credentials: dict, request=None, **kwargs ): # pylint: disable=too-many-locals """ When user login fails, save AccessAttempt record in database, mark request with lockout attribute and emit lockout signal. """ log.info("AXES: User login failed, running database handler for failure.") if request is None: log.error( "AXES: AxesDatabaseHandler.user_login_failed does not function without a request." ) return # 1. database query: Clean up expired user attempts from the database before logging new attempts clean_expired_user_attempts(request.axes_attempt_time) username = get_client_username(request, credentials) client_str = get_client_str( username, request.axes_ip_address, request.axes_user_agent, request.axes_path_info, request, ) # This replaces null byte chars that crash saving failures. get_data = get_query_str(request.GET).replace("\0", "0x00") post_data = get_query_str(request.POST).replace("\0", "0x00") if self.is_whitelisted(request, credentials): log.info("AXES: Login failed from whitelisted client %s.", client_str) return # 2. database query: Get or create access record with the new failure data if settings.AXES_ONLY_USER_FAILURES and username is None: log.warning( "AXES: Username is None and AXES_ONLY_USER_FAILURES is enabled, new record will NOT be created." ) else: with transaction.atomic(): ( attempt, created, ) = AccessAttempt.objects.select_for_update().get_or_create( username=username, ip_address=request.axes_ip_address, user_agent=request.axes_user_agent, defaults={ "get_data": get_data, "post_data": post_data, "http_accept": request.axes_http_accept, "path_info": request.axes_path_info, "failures_since_start": 1, "attempt_time": request.axes_attempt_time, }, ) # Record failed attempt with all the relevant information. # Filtering based on username, IP address and user agent handled elsewhere, # and this handler just records the available information for further use. if created: log.warning( "AXES: New login failure by %s. Created new record in the database.", client_str, ) # 3. database query if there were previous attempts in the database # Update failed attempt information but do not touch the username, IP address, or user agent fields, # because attackers can request the site with multiple different configurations # in order to bypass the defense mechanisms that are used by the site. else: separator = "\n---------\n" attempt.get_data = Concat("get_data", Value(separator + get_data)) attempt.post_data = Concat( "post_data", Value(separator + post_data) ) attempt.http_accept = request.axes_http_accept attempt.path_info = request.axes_path_info attempt.failures_since_start = F("failures_since_start") + 1 attempt.attempt_time = request.axes_attempt_time attempt.save() log.warning( "AXES: Repeated login failure by %s. Updated existing record in the database.", client_str, ) # 3. or 4. database query: Calculate the current maximum failure number from the existing attempts failures_since_start = self.get_failures(request, credentials) request.axes_failures_since_start = failures_since_start if ( settings.AXES_LOCK_OUT_AT_FAILURE and failures_since_start >= get_failure_limit(request, credentials) ): log.warning( "AXES: Locking out %s after repeated login failures.", client_str ) request.axes_locked_out = True user_locked_out.send( "axes", request=request, username=username, ip_address=request.axes_ip_address, ) def user_logged_in( self, sender, request, user, **kwargs ): # pylint: disable=unused-argument """ When user logs in, update the AccessLog related to the user. """ # 1. database query: Clean up expired user attempts from the database clean_expired_user_attempts(request.axes_attempt_time) username = user.get_username() credentials = get_credentials(username) client_str = get_client_str( username, request.axes_ip_address, request.axes_user_agent, request.axes_path_info, request, ) log.info("AXES: Successful login by %s.", client_str) if not settings.AXES_DISABLE_ACCESS_LOG: # 2. database query: Insert new access logs with login time AccessLog.objects.create( username=username, ip_address=request.axes_ip_address, user_agent=request.axes_user_agent, http_accept=request.axes_http_accept, path_info=request.axes_path_info, attempt_time=request.axes_attempt_time, ) if settings.AXES_RESET_ON_SUCCESS: # 3. database query: Reset failed attempts for the logging in user count = reset_user_attempts(request, credentials) log.info( "AXES: Deleted %d failed login attempts by %s from database.", count, client_str, ) def user_logged_out( self, sender, request, user, **kwargs ): # pylint: disable=unused-argument """ When user logs out, update the AccessLog related to the user. """ # 1. database query: Clean up expired user attempts from the database clean_expired_user_attempts(request.axes_attempt_time) username = user.get_username() if user else None client_str = get_client_str( username, request.axes_ip_address, request.axes_user_agent, request.axes_path_info, request, ) log.info("AXES: Successful logout by %s.", client_str) if username and not settings.AXES_DISABLE_ACCESS_LOG: # 2. database query: Update existing attempt logs with logout time AccessLog.objects.filter( username=username, logout_time__isnull=True ).update(logout_time=request.axes_attempt_time) def post_save_access_attempt(self, instance, **kwargs): """ Handles the ``axes.models.AccessAttempt`` object post save signal. When needed, all post_save actions for this backend should be located here. """ def post_delete_access_attempt(self, instance, **kwargs): """ Handles the ``axes.models.AccessAttempt`` object post delete signal. When needed, all post_delete actions for this backend should be located here. """ django-axes-5.24.0/axes/handlers/dummy.py000066400000000000000000000012451411641636100202540ustar00rootroot00000000000000from axes.handlers.base import AxesBaseHandler, AbstractAxesHandler class AxesDummyHandler(AbstractAxesHandler, AxesBaseHandler): """ Signal handler implementation that does nothing and can be used to disable signal processing. """ def is_allowed(self, request, credentials: dict = None) -> bool: return True def user_login_failed(self, sender, credentials: dict, request=None, **kwargs): pass def user_logged_in(self, sender, request, user, **kwargs): pass def user_logged_out(self, sender, request, user, **kwargs): pass def get_failures(self, request, credentials: dict = None) -> int: return 0 django-axes-5.24.0/axes/handlers/proxy.py000066400000000000000000000105231411641636100203010ustar00rootroot00000000000000from logging import getLogger from django.utils.module_loading import import_string from django.utils.timezone import now from axes.conf import settings from axes.handlers.base import AxesBaseHandler, AbstractAxesHandler, AxesHandler from axes.helpers import ( get_client_ip_address, get_client_user_agent, get_client_path_info, get_client_http_accept, toggleable, ) log = getLogger(__name__) class AxesProxyHandler(AbstractAxesHandler, AxesBaseHandler): """ Proxy interface for configurable Axes signal handler class. If you wish to implement a custom version of this handler, you can override the settings.AXES_HANDLER configuration string with a class that implements a compatible interface and methods. Defaults to using axes.handlers.proxy.AxesProxyHandler if not overridden. Refer to axes.handlers.proxy.AxesProxyHandler for default implementation. """ implementation = None # type: AxesHandler @classmethod def get_implementation(cls, force: bool = False) -> AxesHandler: """ Fetch and initialize configured handler implementation and memoize it to avoid reinitialization. This method is re-entrant and can be called multiple times from e.g. Django application loader. """ if force or not cls.implementation: cls.implementation = import_string(settings.AXES_HANDLER)() return cls.implementation @classmethod def reset_attempts( cls, *, ip_address: str = None, username: str = None, ip_or_username: bool = False, ) -> int: return cls.get_implementation().reset_attempts( ip_address=ip_address, username=username, ip_or_username=ip_or_username ) @classmethod def reset_logs(cls, *, age_days: int = None) -> int: return cls.get_implementation().reset_logs(age_days=age_days) @staticmethod def update_request(request): """ Update request attributes before passing them into the selected handler class. """ if request is None: log.error( "AXES: AxesProxyHandler.update_request can not set request attributes to a None request" ) return if not hasattr(request, "axes_updated"): request.axes_locked_out = False request.axes_attempt_time = now() request.axes_ip_address = get_client_ip_address(request) request.axes_user_agent = get_client_user_agent(request) request.axes_path_info = get_client_path_info(request) request.axes_http_accept = get_client_http_accept(request) request.axes_failures_since_start = None request.axes_updated = True @classmethod def is_locked(cls, request, credentials: dict = None) -> bool: cls.update_request(request) return cls.get_implementation().is_locked(request, credentials) @classmethod def is_allowed(cls, request, credentials: dict = None) -> bool: cls.update_request(request) return cls.get_implementation().is_allowed(request, credentials) @classmethod def get_failures(cls, request, credentials: dict = None) -> int: cls.update_request(request) return cls.get_implementation().get_failures(request, credentials) @classmethod @toggleable def user_login_failed(cls, sender, credentials: dict, request=None, **kwargs): cls.update_request(request) return cls.get_implementation().user_login_failed( sender, credentials, request, **kwargs ) @classmethod @toggleable def user_logged_in(cls, sender, request, user, **kwargs): cls.update_request(request) return cls.get_implementation().user_logged_in(sender, request, user, **kwargs) @classmethod @toggleable def user_logged_out(cls, sender, request, user, **kwargs): cls.update_request(request) return cls.get_implementation().user_logged_out(sender, request, user, **kwargs) @classmethod @toggleable def post_save_access_attempt(cls, instance, **kwargs): return cls.get_implementation().post_save_access_attempt(instance, **kwargs) @classmethod @toggleable def post_delete_access_attempt(cls, instance, **kwargs): return cls.get_implementation().post_delete_access_attempt(instance, **kwargs) django-axes-5.24.0/axes/handlers/test.py000066400000000000000000000012041411641636100200730ustar00rootroot00000000000000from axes.handlers.base import AxesHandler class AxesTestHandler(AxesHandler): # pylint: disable=unused-argument """ Signal handler implementation that does nothing, ideal for a test suite. """ def reset_attempts( self, *, ip_address: str = None, username: str = None, ip_or_username: bool = False, ) -> int: return 0 def reset_logs(self, *, age_days: int = None) -> int: return 0 def is_allowed(self, request, credentials: dict = None) -> bool: return True def get_failures(self, request, credentials: dict = None) -> int: return 0 django-axes-5.24.0/axes/helpers.py000066400000000000000000000431431411641636100167660ustar00rootroot00000000000000from datetime import timedelta from hashlib import md5 from logging import getLogger from string import Template from typing import Callable, Optional, Type, Union from urllib.parse import urlencode import ipware.ip from django.core.cache import caches, BaseCache from django.http import HttpRequest, HttpResponse, JsonResponse, QueryDict from django.shortcuts import render, redirect from django.utils.module_loading import import_string from axes.conf import settings from axes.models import AccessBase log = getLogger(__name__) def get_cache() -> BaseCache: """ Get the cache instance Axes is configured to use with ``settings.AXES_CACHE`` and use ``'default'`` if not set. """ return caches[getattr(settings, "AXES_CACHE", "default")] def get_cache_timeout() -> Optional[int]: """ Return the cache timeout interpreted from settings.AXES_COOLOFF_TIME. The cache timeout can be either None if not configured or integer of seconds if configured. Notice that the settings.AXES_COOLOFF_TIME can be None, timedelta, integer, callable, or str path, and this function offers a unified _integer or None_ representation of that configuration for use with the Django cache backends. """ cool_off = get_cool_off() if cool_off is None: return None return int(cool_off.total_seconds()) def get_cool_off() -> Optional[timedelta]: """ Return the login cool off time interpreted from settings.AXES_COOLOFF_TIME. The return value is either None or timedelta. Notice that the settings.AXES_COOLOFF_TIME is either None, timedelta, or integer of hours, and this function offers a unified _timedelta or None_ representation of that configuration for use with the Axes internal implementations. :exception TypeError: if settings.AXES_COOLOFF_TIME is of wrong type. """ cool_off = settings.AXES_COOLOFF_TIME if isinstance(cool_off, int): return timedelta(hours=cool_off) if isinstance(cool_off, str): return import_string(cool_off)() if callable(cool_off): return cool_off() return cool_off def get_cool_off_iso8601(delta: timedelta) -> str: """ Return datetime.timedelta translated to ISO 8601 formatted duration for use in e.g. cool offs. """ seconds = delta.total_seconds() minutes, seconds = divmod(seconds, 60) hours, minutes = divmod(minutes, 60) days, hours = divmod(hours, 24) days_str = f"{days:.0f}D" if days else "" time_str = "".join( f"{value:.0f}{designator}" for value, designator in [[hours, "H"], [minutes, "M"], [seconds, "S"]] if value ) if time_str: return f"P{days_str}T{time_str}" return f"P{days_str}" def get_credentials(username: str = None, **kwargs) -> dict: """ Calculate credentials for Axes to use internally from given username and kwargs. Axes will set the username value into the key defined with ``settings.AXES_USERNAME_FORM_FIELD`` and update the credentials dictionary with the kwargs given on top of that. """ credentials = {settings.AXES_USERNAME_FORM_FIELD: username} credentials.update(kwargs) return credentials def get_client_username(request, credentials: dict = None) -> str: """ Resolve client username from the given request or credentials if supplied. The order of preference for fetching the username is as follows: 1. If configured, use ``AXES_USERNAME_CALLABLE``, and supply ``request, credentials`` as arguments 2. If given, use ``credentials`` and fetch username from ``AXES_USERNAME_FORM_FIELD`` (defaults to ``username``) 3. Use request.POST and fetch username from ``AXES_USERNAME_FORM_FIELD`` (defaults to ``username``) :param request: incoming Django ``HttpRequest`` or similar object from authentication backend or other source :param credentials: incoming credentials ``dict`` or similar object from authentication backend or other source """ if settings.AXES_USERNAME_CALLABLE: log.debug("Using settings.AXES_USERNAME_CALLABLE to get username") if callable(settings.AXES_USERNAME_CALLABLE): return settings.AXES_USERNAME_CALLABLE(request, credentials) if isinstance(settings.AXES_USERNAME_CALLABLE, str): return import_string(settings.AXES_USERNAME_CALLABLE)(request, credentials) raise TypeError( "settings.AXES_USERNAME_CALLABLE needs to be a string, callable, or None." ) if credentials: log.debug( "Using parameter credentials to get username with key settings.AXES_USERNAME_FORM_FIELD" ) return credentials.get(settings.AXES_USERNAME_FORM_FIELD, None) log.debug( "Using parameter request.POST to get username with key settings.AXES_USERNAME_FORM_FIELD" ) request_data = getattr(request, "data", request.POST) return request_data.get(settings.AXES_USERNAME_FORM_FIELD, None) def get_client_ip_address(request) -> str: """ Get client IP address as configured by the user. The django-ipware package is used for address resolution and parameters can be configured in the Axes package. """ client_ip_address, _ = ipware.ip.get_client_ip( request, proxy_order=settings.AXES_PROXY_ORDER, proxy_count=settings.AXES_PROXY_COUNT, proxy_trusted_ips=settings.AXES_PROXY_TRUSTED_IPS, request_header_order=settings.AXES_META_PRECEDENCE_ORDER, ) return client_ip_address def get_client_user_agent(request) -> str: return request.META.get("HTTP_USER_AGENT", "")[:255] def get_client_path_info(request) -> str: return request.META.get("PATH_INFO", "")[:255] def get_client_http_accept(request) -> str: return request.META.get("HTTP_ACCEPT", "")[:1025] def get_client_parameters(username: str, ip_address: str, user_agent: str) -> list: """ Get query parameters for filtering AccessAttempt queryset. This method returns a dict that guarantees iteration order for keys and values, and can so be used in e.g. the generation of hash keys or other deterministic functions. Returns list of dict, every item of list are separate parameters """ if settings.AXES_ONLY_USER_FAILURES: # 1. Only individual usernames can be tracked with parametrization filter_query = [{"username": username}] else: if settings.AXES_LOCK_OUT_BY_USER_OR_IP: # One of `username` or `IP address` is used filter_query = [{"username": username}, {"ip_address": ip_address}] elif settings.AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP: # 2. A combination of username and IP address can be used as well filter_query = [{"username": username, "ip_address": ip_address}] else: # 3. Default case is to track the IP address only, which is the most secure option filter_query = [{"ip_address": ip_address}] if settings.AXES_USE_USER_AGENT: # 4. The HTTP User-Agent can be used to track e.g. one browser filter_query.append({"user_agent": user_agent}) return filter_query def make_cache_key_list(filter_kwargs_list): cache_keys = [] for filter_kwargs in filter_kwargs_list: cache_key_components = "".join( value for value in filter_kwargs.values() if value ) cache_key_digest = md5(cache_key_components.encode()).hexdigest() cache_keys.append(f"axes-{cache_key_digest}") return cache_keys def get_client_cache_key( request_or_attempt: Union[HttpRequest, AccessBase], credentials: dict = None ) -> str: """ Build cache key name from request or AccessAttempt object. :param request_or_attempt: HttpRequest or AccessAttempt object :param credentials: credentials containing user information :return cache_key: Hash key that is usable for Django cache backends """ if isinstance(request_or_attempt, AccessBase): username = request_or_attempt.username ip_address = request_or_attempt.ip_address user_agent = request_or_attempt.user_agent else: username = get_client_username(request_or_attempt, credentials) ip_address = get_client_ip_address(request_or_attempt) user_agent = get_client_user_agent(request_or_attempt) filter_kwargs_list = get_client_parameters(username, ip_address, user_agent) return make_cache_key_list(filter_kwargs_list) def get_client_str( username: str, ip_address: str, user_agent: str, path_info: str, request: HttpRequest, ) -> str: """ Get a readable string that can be used in e.g. logging to distinguish client requests. Example log format would be ``{username: "example", ip_address: "127.0.0.1", path_info: "/example/"}`` """ if settings.AXES_CLIENT_STR_CALLABLE: log.debug("Using settings.AXES_CLIENT_STR_CALLABLE to get client string.") if callable(settings.AXES_CLIENT_STR_CALLABLE): return settings.AXES_CLIENT_STR_CALLABLE( username, ip_address, user_agent, path_info, request ) if isinstance(settings.AXES_CLIENT_STR_CALLABLE, str): return import_string(settings.AXES_CLIENT_STR_CALLABLE)( username, ip_address, user_agent, path_info, request ) raise TypeError( "settings.AXES_CLIENT_STR_CALLABLE needs to be a string, callable or None." ) client_dict = dict() if settings.AXES_VERBOSE: # Verbose mode logs every attribute that is available client_dict["username"] = username client_dict["ip_address"] = ip_address client_dict["user_agent"] = user_agent else: # Other modes initialize the attributes that are used for the actual lockouts client_list = get_client_parameters(username, ip_address, user_agent) client_dict = {} for client in client_list: client_dict.update(client) # Path info is always included as last component in the client string for traceability purposes if path_info and isinstance(path_info, (tuple, list)): path_info = path_info[0] client_dict["path_info"] = path_info # Template the internal dictionary representation into a readable and concatenated {key: "value"} format template = Template('$key: "$value"') items = [{"key": k, "value": v} for k, v in client_dict.items()] client_str = ", ".join(template.substitute(item) for item in items) client_str = "{" + client_str + "}" return client_str def cleanse_parameters(params: dict) -> dict: """ Replace sensitive parameter values in a parameter dict with a safe placeholder value. Parameters name ``'password'`` will always be cleansed. Additionally, parameters named in ``settings.AXES_SENSITIVE_PARAMETERS`` and ``settings.AXES_PASSWORD_FORM_FIELD will be cleansed. This is used to prevent passwords and similar values from being logged in cleartext. """ sensitive_parameters = ["password"] + settings.AXES_SENSITIVE_PARAMETERS if settings.AXES_PASSWORD_FORM_FIELD: sensitive_parameters.append(settings.AXES_PASSWORD_FORM_FIELD) if sensitive_parameters: cleansed = params.copy() for param in sensitive_parameters: if param in cleansed: cleansed[param] = "********************" return cleansed return params def get_query_str(query: Type[QueryDict], max_length: int = 1024) -> str: """ Turns a query dictionary into an easy-to-read list of key-value pairs. If a field is called either ``'password'`` or ``settings.AXES_PASSWORD_FORM_FIELD`` or if the fieldname is included in ``settings.AXES_SENSITIVE_PARAMETERS`` its value will be masked. The length of the output is limited to max_length to avoid a DoS attack via excessively large payloads. """ query_dict = cleanse_parameters(query.copy()) template = Template("$key=$value") items = [{"key": k, "value": v} for k, v in query_dict.items()] query_str = "\n".join(template.substitute(item) for item in items) return query_str[:max_length] def get_failure_limit(request, credentials) -> int: if callable(settings.AXES_FAILURE_LIMIT): return settings.AXES_FAILURE_LIMIT(request, credentials) if isinstance(settings.AXES_FAILURE_LIMIT, str): return import_string(settings.AXES_FAILURE_LIMIT)(request, credentials) if isinstance(settings.AXES_FAILURE_LIMIT, int): return settings.AXES_FAILURE_LIMIT raise TypeError("settings.AXES_FAILURE_LIMIT needs to be a callable or an integer") def get_lockout_message() -> str: if settings.AXES_COOLOFF_TIME: return settings.AXES_COOLOFF_MESSAGE return settings.AXES_PERMALOCK_MESSAGE def get_lockout_response(request, credentials: dict = None) -> HttpResponse: if settings.AXES_LOCKOUT_CALLABLE: if callable(settings.AXES_LOCKOUT_CALLABLE): return settings.AXES_LOCKOUT_CALLABLE(request, credentials) if isinstance(settings.AXES_LOCKOUT_CALLABLE, str): return import_string(settings.AXES_LOCKOUT_CALLABLE)(request, credentials) raise TypeError( "settings.AXES_LOCKOUT_CALLABLE needs to be a string, callable, or None." ) status = settings.AXES_HTTP_RESPONSE_CODE context = { "failure_limit": get_failure_limit(request, credentials), "username": get_client_username(request, credentials) or "", } cool_off = get_cool_off() if cool_off: context.update( { "cooloff_time": get_cool_off_iso8601( cool_off ), # differing old name is kept for backwards compatibility "cooloff_timedelta": cool_off, } ) if request.META.get("HTTP_X_REQUESTED_WITH") == "XMLHttpRequest": json_response = JsonResponse(context, status=status) json_response[ "Access-Control-Allow-Origin" ] = settings.AXES_ALLOWED_CORS_ORIGINS json_response["Access-Control-Allow-Methods"] = "POST, OPTIONS" json_response[ "Access-Control-Allow-Headers" ] = "Origin, Content-Type, Accept, Authorization, x-requested-with" return json_response if settings.AXES_LOCKOUT_TEMPLATE: return render(request, settings.AXES_LOCKOUT_TEMPLATE, context, status=status) if settings.AXES_LOCKOUT_URL: lockout_url = settings.AXES_LOCKOUT_URL query_string = urlencode({"username": context["username"]}) url = "{}?{}".format(lockout_url, query_string) return redirect(url) return HttpResponse(get_lockout_message(), status=status) def is_ip_address_in_whitelist(ip_address: str) -> bool: if not settings.AXES_IP_WHITELIST: return False return ip_address in settings.AXES_IP_WHITELIST def is_ip_address_in_blacklist(ip_address: str) -> bool: if not settings.AXES_IP_BLACKLIST: return False return ip_address in settings.AXES_IP_BLACKLIST def is_client_ip_address_whitelisted(request): """ Check if the given request refers to a whitelisted IP. """ if settings.AXES_NEVER_LOCKOUT_WHITELIST and is_ip_address_in_whitelist( request.axes_ip_address ): return True if settings.AXES_ONLY_WHITELIST and is_ip_address_in_whitelist( request.axes_ip_address ): return True return False def is_client_ip_address_blacklisted(request) -> bool: """ Check if the given request refers to a blacklisted IP. """ if is_ip_address_in_blacklist(request.axes_ip_address): return True if settings.AXES_ONLY_WHITELIST and not is_ip_address_in_whitelist( request.axes_ip_address ): return True return False def is_client_method_whitelisted(request) -> bool: """ Check if the given request uses a whitelisted method. """ if settings.AXES_NEVER_LOCKOUT_GET and request.method == "GET": return True return False def is_user_attempt_whitelisted(request, credentials: dict = None) -> bool: """ Check if the given request or credentials refer to a whitelisted username. This method invokes the ``settings.AXES_WHITELIST`` callable with ``request`` and ``credentials`` arguments. This function could use the following implementation for checking the lockout flags from a specific property in the user object: .. code-block: python username_value = get_client_username(request, credentials) username_field = getattr( get_user_model(), "USERNAME_FIELD", "username" ) kwargs = {username_field: username_value} user_model = get_user_model() user = user_model.objects.get(**kwargs) return user.nolockout """ whitelist_callable = settings.AXES_WHITELIST_CALLABLE if whitelist_callable is None: return False if callable(whitelist_callable): return whitelist_callable(request, credentials) if isinstance(whitelist_callable, str): return import_string(whitelist_callable)(request, credentials) raise TypeError( "settings.AXES_WHITELIST_CALLABLE needs to be a string, callable, or None." ) def toggleable(func) -> Callable: """ Decorator that toggles function execution based on settings. If the ``settings.AXES_ENABLED`` flag is set to ``False`` the decorated function never runs and a None is returned. This decorator is only suitable for functions that do not require return values to be passed back to callers. """ def inner(*args, **kwargs): # pylint: disable=inconsistent-return-statements if settings.AXES_ENABLED: return func(*args, **kwargs) return inner django-axes-5.24.0/axes/locale/000077500000000000000000000000001411641636100162045ustar00rootroot00000000000000django-axes-5.24.0/axes/locale/de/000077500000000000000000000000001411641636100165745ustar00rootroot00000000000000django-axes-5.24.0/axes/locale/de/LC_MESSAGES/000077500000000000000000000000001411641636100203615ustar00rootroot00000000000000django-axes-5.24.0/axes/locale/de/LC_MESSAGES/django.mo000066400000000000000000000030151411641636100221570ustar00rootroot00000000000000Þ•¬<°Q±? C P ^h q | ˆ ’œ ¡¬µÄ Ô ßkëWa×9K k v €‹ œ §²· ÆÓã ô    Account locked: too many login attempts. Contact an admin to unlock your account.Account locked: too many login attempts. Please try again laterAttempt TimeFailed LoginsForm DataGET DataIP AddressLogout TimeMeta DataPOST DataPathUser AgentUsernameaccess attemptaccess attemptsaccess logaccess logsProject-Id-Version: PACKAGE VERSION Report-Msgid-Bugs-To: POT-Creation-Date: 2018-07-17 15:56+0200 PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE Last-Translator: FULL NAME Language-Team: LANGUAGE Language: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); Zugang gesperrt: zu viele fehlgeschlagene Anmeldeversuche. Kontaktieren Sie einen Administrator, um Ihren Zugang zu entsperren.Zugang gesperrt: zu viele fehlgeschlagene Anmeldeversuche. Bitte versuchen Sie es später erneut.ZugriffszeitpunktFehlgeschlagene AnmeldeversucheForm-DatenGET-DatenIP-AdresseAbmeldezeitpunktMeta-DatenPOST-DatenPfadBrowserkennungBenutzernameZugriffsversuchZugriffsversucheZugriffslogZugriffslogsdjango-axes-5.24.0/axes/locale/de/LC_MESSAGES/django.po000066400000000000000000000041131411641636100221620ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2018-07-17 15:56+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: axes/admin.py:38 msgid "Form Data" msgstr "Form-Daten" #: axes/admin.py:41 axes/admin.py:95 msgid "Meta Data" msgstr "Meta-Daten" #: axes/conf.py:58 msgid "Account locked: too many login attempts. Please try again later." msgstr "" "Zugang gesperrt: zu viele fehlgeschlagene Anmeldeversuche. Bitte versuchen " "Sie es später erneut." #: axes/conf.py:61 msgid "" "Account locked: too many login attempts. Contact an admin to unlock your " "account." msgstr "" "Zugang gesperrt: zu viele fehlgeschlagene Anmeldeversuche. Kontaktieren Sie " "einen Administrator, um Ihren Zugang zu entsperren." #: axes/models.py:9 msgid "User Agent" msgstr "Browserkennung" #: axes/models.py:15 msgid "IP Address" msgstr "IP-Adresse" #: axes/models.py:21 msgid "Username" msgstr "Benutzername" #: axes/models.py:35 msgid "HTTP Accept" msgstr "" #: axes/models.py:40 msgid "Path" msgstr "Pfad" #: axes/models.py:45 msgid "Attempt Time" msgstr "Zugriffszeitpunkt" #: axes/models.py:57 msgid "GET Data" msgstr "GET-Daten" #: axes/models.py:61 msgid "POST Data" msgstr "POST-Daten" #: axes/models.py:65 msgid "Failed Logins" msgstr "Fehlgeschlagene Anmeldeversuche" #: axes/models.py:76 msgid "access attempt" msgstr "Zugriffsversuch" #: axes/models.py:77 msgid "access attempts" msgstr "Zugriffsversuche" #: axes/models.py:81 msgid "Logout Time" msgstr "Abmeldezeitpunkt" #: axes/models.py:90 msgid "access log" msgstr "Zugriffslog" #: axes/models.py:91 msgid "access logs" msgstr "Zugriffslogs" django-axes-5.24.0/axes/locale/pl/000077500000000000000000000000001411641636100166175ustar00rootroot00000000000000django-axes-5.24.0/axes/locale/pl/LC_MESSAGES/000077500000000000000000000000001411641636100204045ustar00rootroot00000000000000django-axes-5.24.0/axes/locale/pl/LC_MESSAGES/django.mo000066400000000000000000000027661411641636100222160ustar00rootroot00000000000000Þ•¤,ˆQ‰@Û  ) 7A J U a kuzƒ’ ¢ ­²¹nlKÛ'9L\en ˆ ’œ¯¿Ïâ   Account locked: too many login attempts. Contact an admin to unlock your account.Account locked: too many login attempts. Please try again later.Attempt TimeFailed LoginsForm DataGET DataIP AddressLogout TimeMeta DataPOST DataPathUsernameaccess attemptaccess attemptsaccess logaccess logsProject-Id-Version: Report-Msgid-Bugs-To: PO-Revision-Date: 2021-06-16 10:51+0300 Language: pl MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=4; plural=(n==1 ? 0 : (n%10>=2 && n%10<=4) && (n%100<12 || n%100>14) ? 1 : n!=1 && (n%10>=0 && n%10<=1) || (n%10>=5 && n%10<=9) || (n%100>=12 && n%100<=14) ? 2 : 3); Last-Translator: Language-Team: X-Generator: Poedit 3.0 Konto zablokowane: zbyt wiele prób logowania. Skontaktuj siÄ™ z administratorem, aby odblokować swoje konto.Konto zablokowane: zbyt wiele prób logowania. Spróbuj ponownie później.Czas wystÄ…pieniaNieudane logowaniaDane formularzaDane GETAdres IPCzas wylogowaniaMetadaneDane POSTÅšcieżkaNazwa Użytkownikapróba dostÄ™pupróby dostÄ™pudziennik logowaniadzienniki logowaniadjango-axes-5.24.0/axes/locale/pl/LC_MESSAGES/django.po000066400000000000000000000043321411641636100222100ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # msgid "" msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-06-11 23:36+0200\n" "PO-Revision-Date: 2021-06-16 10:51+0300\n" "Language: pl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=4; plural=(n==1 ? 0 : (n%10>=2 && n%10<=4) && (n" "%100<12 || n%100>14) ? 1 : n!=1 && (n%10>=0 && n%10<=1) || (n%10>=5 && n" "%10<=9) || (n%100>=12 && n%100<=14) ? 2 : 3);\n" "Last-Translator: \n" "Language-Team: \n" "X-Generator: Poedit 3.0\n" #: .\axes\admin.py:26 msgid "Form Data" msgstr "Dane formularza" #: .\axes\admin.py:27 .\axes\admin.py:64 msgid "Meta Data" msgstr "Metadane" #: .\axes\conf.py:89 msgid "Account locked: too many login attempts. Please try again later." msgstr "" "Konto zablokowane: zbyt wiele prób logowania. Spróbuj ponownie później." #: .\axes\conf.py:97 msgid "" "Account locked: too many login attempts. Contact an admin to unlock your " "account." msgstr "" "Konto zablokowane: zbyt wiele prób logowania. Skontaktuj siÄ™ z " "administratorem, aby odblokować swoje konto." #: .\axes\models.py:6 #, fuzzy msgid "User Agent" msgstr "User Agent" #: .\axes\models.py:8 msgid "IP Address" msgstr "Adres IP" #: .\axes\models.py:10 msgid "Username" msgstr "Nazwa Użytkownika" #: .\axes\models.py:12 #, fuzzy msgid "HTTP Accept" msgstr "HTTP Accept" #: .\axes\models.py:14 msgid "Path" msgstr "Åšcieżka" #: .\axes\models.py:16 msgid "Attempt Time" msgstr "Czas wystÄ…pienia" #: .\axes\models.py:25 msgid "GET Data" msgstr "Dane GET" #: .\axes\models.py:27 msgid "POST Data" msgstr "Dane POST" #: .\axes\models.py:29 msgid "Failed Logins" msgstr "Nieudane logowania" #: .\axes\models.py:35 msgid "access attempt" msgstr "próba dostÄ™pu" #: .\axes\models.py:36 msgid "access attempts" msgstr "próby dostÄ™pu" #: .\axes\models.py:40 msgid "Logout Time" msgstr "Czas wylogowania" #: .\axes\models.py:46 msgid "access log" msgstr "dziennik logowania" #: .\axes\models.py:47 msgid "access logs" msgstr "dzienniki logowania" django-axes-5.24.0/axes/locale/ru/000077500000000000000000000000001411641636100166325ustar00rootroot00000000000000django-axes-5.24.0/axes/locale/ru/LC_MESSAGES/000077500000000000000000000000001411641636100204175ustar00rootroot00000000000000django-axes-5.24.0/axes/locale/ru/LC_MESSAGES/django.mo000066400000000000000000000036361411641636100222260ustar00rootroot00000000000000Þ•´LÀQÁ? S ` nx   ˜ ¤ ®¸ ½ÈÑà ð ûkäsšXó! +Cc uƒ› °Ñ'Ú-Ig†   Account locked: too many login attempts. Contact an admin to unlock your account.Account locked: too many login attempts. Please try again laterAttempt TimeFailed LoginsForm DataGET DataHTTP AcceptIP AddressLogout TimeMeta DataPOST DataPathUser AgentUsernameaccess attemptaccess attemptsaccess logaccess logsProject-Id-Version: PACKAGE VERSION Report-Msgid-Bugs-To: POT-Creation-Date: 2019-01-11 12:20+0300 PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE Last-Translator: FULL NAME Language-Team: LANGUAGE Language: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); Ð£Ñ‡ÐµÑ‚Ð½Ð°Ñ Ð·Ð°Ð¿Ð¸ÑÑŒ заблокирована: Ñлишком много попыток входа. ОбратитеÑÑŒ к админиÑтратору Ð´Ð»Ñ Ñ€Ð°Ð·Ð±Ð»Ð¾ÐºÐ¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ ÑƒÑ‡ÐµÑ‚Ð½Ð¾Ð¹ запиÑи.Ð£Ñ‡ÐµÑ‚Ð½Ð°Ñ Ð·Ð°Ð¿Ð¸ÑÑŒ заблокирована: Ñлишком много попыток входа. Повторите попытку позже.Ð’Ñ€ÐµÐ¼Ñ Ð²Ñ…Ð¾Ð´Ð°ÐžÑˆÐ¸Ð±Ð¾Ñ‡Ð½Ñ‹Ðµ попыткиДанные формыДанные GET-запроÑÐ°Ð—Ð°Ð¿Ñ€Ð¾Ñ HTTPÐÐ´Ñ€ÐµÑ IPÐ’Ñ€ÐµÐ¼Ñ Ð²Ñ‹Ñ…Ð¾Ð´Ð°ÐœÐµÑ‚Ð°Ð´Ð°Ð½Ð½Ñ‹ÐµÐ”Ð°Ð½Ð½Ñ‹Ðµ POST-запроÑаПутьБраузер пользователÑПользовательЗапиÑÑŒ о попытке доÑтупаПопытки доÑтупаЗапиÑÑŒ о доÑтупеЛоги доÑтупаdjango-axes-5.24.0/axes/locale/ru/LC_MESSAGES/django.po000066400000000000000000000046771411641636100222370ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2019-01-11 12:20+0300\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: axes/admin.py:38 msgid "Form Data" msgstr "Данные формы" #: axes/admin.py:41 axes/admin.py:95 msgid "Meta Data" msgstr "Метаданные" #: axes/conf.py:58 msgid "Account locked: too many login attempts. Please try again later." msgstr "" "Ð£Ñ‡ÐµÑ‚Ð½Ð°Ñ Ð·Ð°Ð¿Ð¸ÑÑŒ заблокирована: Ñлишком много попыток входа. " "Повторите попытку позже." #: axes/conf.py:61 msgid "" "Account locked: too many login attempts. Contact an admin to unlock your " "account." msgstr "" "Ð£Ñ‡ÐµÑ‚Ð½Ð°Ñ Ð·Ð°Ð¿Ð¸ÑÑŒ заблокирована: Ñлишком много попыток входа. " "ОбратитеÑÑŒ к админиÑтратору Ð´Ð»Ñ Ñ€Ð°Ð·Ð±Ð»Ð¾ÐºÐ¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ ÑƒÑ‡ÐµÑ‚Ð½Ð¾Ð¹ запиÑи." #: axes/models.py:9 msgid "User Agent" msgstr "Браузер пользователÑ" #: axes/models.py:15 msgid "IP Address" msgstr "ÐÐ´Ñ€ÐµÑ IP" #: axes/models.py:21 msgid "Username" msgstr "Пользователь" #: axes/models.py:35 msgid "HTTP Accept" msgstr "Ð—Ð°Ð¿Ñ€Ð¾Ñ HTTP" #: axes/models.py:40 msgid "Path" msgstr "Путь" #: axes/models.py:45 msgid "Attempt Time" msgstr "Ð’Ñ€ÐµÐ¼Ñ Ð²Ñ…Ð¾Ð´Ð°" #: axes/models.py:57 msgid "GET Data" msgstr "Данные GET-запроÑа" #: axes/models.py:61 msgid "POST Data" msgstr "Данные POST-запроÑа" #: axes/models.py:65 msgid "Failed Logins" msgstr "Ошибочные попытки" #: axes/models.py:76 msgid "access attempt" msgstr "ЗапиÑÑŒ о попытке доÑтупа" #: axes/models.py:77 msgid "access attempts" msgstr "Попытки доÑтупа" #: axes/models.py:81 msgid "Logout Time" msgstr "Ð’Ñ€ÐµÐ¼Ñ Ð²Ñ‹Ñ…Ð¾Ð´Ð°" #: axes/models.py:90 msgid "access log" msgstr "ЗапиÑÑŒ о доÑтупе" #: axes/models.py:91 msgid "access logs" msgstr "Логи доÑтупа" django-axes-5.24.0/axes/locale/tr/000077500000000000000000000000001411641636100166315ustar00rootroot00000000000000django-axes-5.24.0/axes/locale/tr/LC_MESSAGES/000077500000000000000000000000001411641636100204165ustar00rootroot00000000000000django-axes-5.24.0/axes/locale/tr/LC_MESSAGES/django.mo000066400000000000000000000026521411641636100222220ustar00rootroot00000000000000Þ•¤,ˆQ‰?Û  ( 6@ I T ` jty‚‘ ¡ ¬k¸g$QŒÞï   $ 6 BNRct‡–   Account locked: too many login attempts. Contact an admin to unlock your account.Account locked: too many login attempts. Please try again laterAttempt TimeFailed LoginsForm DataGET DataIP AddressLogout TimeMeta DataPOST DataPathUsernameaccess attemptaccess attemptsaccess logaccess logsProject-Id-Version: PACKAGE VERSION Report-Msgid-Bugs-To: POT-Creation-Date: 2018-07-17 15:56+0200 PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE Last-Translator: FULL NAME Language-Team: LANGUAGE Language: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); Hesap kilitlendi: cok fazla eriÅŸim denemesi. Hesabını açtırmak için yöneticiyle iletiÅŸimegeçinHesap kilitlendi: cok fazla eriÅŸim denemesi. Lütfen daha sonra tekrar deneyinizGiriÅŸim ZamanıGeçersiz GiriÅŸlerForm-VerisiGET-VerisiIP-AdresiÇıkış ZamanıMeta-VerisiPOST-VerisiYolKullanıcı AdıeriÅŸim denemesieriÅŸim denemelerieriÅŸim kaydıeriÅŸim kayıtlarıdjango-axes-5.24.0/axes/locale/tr/LC_MESSAGES/django.po000066400000000000000000000040331411641636100222200ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2018-07-17 15:56+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: axes/admin.py:38 msgid "Form Data" msgstr "Form-Verisi" #: axes/admin.py:41 axes/admin.py:95 msgid "Meta Data" msgstr "Meta-Verisi" #: axes/conf.py:58 msgid "Account locked: too many login attempts. Please try again later." msgstr "" "Hesap kilitlendi: cok fazla eriÅŸim denemesi. Lütfen daha sonra tekrar deneyiniz." #: axes/conf.py:61 msgid "" "Account locked: too many login attempts. Contact an admin to unlock your " "account." msgstr "" "Hesap kilitlendi: cok fazla eriÅŸim denemesi. Hesabını açtırmak için yöneticiyle iletiÅŸime" "geçin." #: axes/models.py:9 msgid "User Agent" msgstr "" #: axes/models.py:15 msgid "IP Address" msgstr "IP-Adresi" #: axes/models.py:21 msgid "Username" msgstr "Kullanıcı Adı" #: axes/models.py:35 msgid "HTTP Accept" msgstr "" #: axes/models.py:40 msgid "Path" msgstr "Yol" #: axes/models.py:45 msgid "Attempt Time" msgstr "GiriÅŸim Zamanı" #: axes/models.py:57 msgid "GET Data" msgstr "GET-Verisi" #: axes/models.py:61 msgid "POST Data" msgstr "POST-Verisi" #: axes/models.py:65 msgid "Failed Logins" msgstr "Geçersiz GiriÅŸler" #: axes/models.py:76 msgid "access attempt" msgstr "eriÅŸim denemesi" #: axes/models.py:77 msgid "access attempts" msgstr "eriÅŸim denemeleri" #: axes/models.py:81 msgid "Logout Time" msgstr "Çıkış Zamanı" #: axes/models.py:90 msgid "access log" msgstr "eriÅŸim kaydı" #: axes/models.py:91 msgid "access logs" msgstr "eriÅŸim kayıtları" django-axes-5.24.0/axes/management/000077500000000000000000000000001411641636100170615ustar00rootroot00000000000000django-axes-5.24.0/axes/management/__init__.py000066400000000000000000000000001411641636100211600ustar00rootroot00000000000000django-axes-5.24.0/axes/management/commands/000077500000000000000000000000001411641636100206625ustar00rootroot00000000000000django-axes-5.24.0/axes/management/commands/__init__.py000066400000000000000000000000001411641636100227610ustar00rootroot00000000000000django-axes-5.24.0/axes/management/commands/axes_list_attempts.py000066400000000000000000000006241411641636100251520ustar00rootroot00000000000000from django.core.management.base import BaseCommand from axes.models import AccessAttempt class Command(BaseCommand): help = "List access attempts" def handle(self, *args, **options): # pylint: disable=unused-argument for obj in AccessAttempt.objects.all(): self.stdout.write( f"{obj.ip_address}\t{obj.username}\t{obj.failures_since_start}" ) django-axes-5.24.0/axes/management/commands/axes_reset.py000066400000000000000000000006311411641636100233760ustar00rootroot00000000000000from django.core.management.base import BaseCommand from axes.utils import reset class Command(BaseCommand): help = "Reset all access attempts and lockouts" def handle(self, *args, **options): # pylint: disable=unused-argument count = reset() if count: self.stdout.write(f"{count} attempts removed.") else: self.stdout.write("No attempts found.") django-axes-5.24.0/axes/management/commands/axes_reset_ip.py000066400000000000000000000010501411641636100240620ustar00rootroot00000000000000from django.core.management.base import BaseCommand from axes.utils import reset class Command(BaseCommand): help = "Reset all access attempts and lockouts for given IP addresses" def add_arguments(self, parser): parser.add_argument("ip", nargs="+", type=str) def handle(self, *args, **options): count = 0 for ip in options["ip"]: count += reset(ip=ip) if count: self.stdout.write(f"{count} attempts removed.") else: self.stdout.write("No attempts found.") django-axes-5.24.0/axes/management/commands/axes_reset_logs.py000066400000000000000000000012031411641636100244160ustar00rootroot00000000000000from django.core.management.base import BaseCommand from axes.handlers.proxy import AxesProxyHandler class Command(BaseCommand): help = "Reset access log records older than given days." def add_arguments(self, parser): parser.add_argument( "--age", type=int, default=30, help="Maximum age for records to keep in days", ) def handle(self, *args, **options): count = AxesProxyHandler.reset_logs(age_days=options["age"]) if count: self.stdout.write(f"{count} logs removed.") else: self.stdout.write("No logs found.") django-axes-5.24.0/axes/management/commands/axes_reset_user.py000077700000000000000000000000001411641636100310422axes_reset_username.pyustar00rootroot00000000000000django-axes-5.24.0/axes/management/commands/axes_reset_username.py000066400000000000000000000011031411641636100252700ustar00rootroot00000000000000from django.core.management.base import BaseCommand from axes.utils import reset class Command(BaseCommand): help = "Reset all access attempts and lockouts for given usernames" def add_arguments(self, parser): parser.add_argument("username", nargs="+", type=str) def handle(self, *args, **options): count = 0 for username in options["username"]: count += reset(username=username) if count: self.stdout.write(f"{count} attempts removed.") else: self.stdout.write("No attempts found.") django-axes-5.24.0/axes/middleware.py000066400000000000000000000027311411641636100174370ustar00rootroot00000000000000from typing import Callable from django.conf import settings from axes.helpers import get_lockout_response class AxesMiddleware: """ Middleware that calculates necessary HTTP request attributes for attempt monitoring and maps lockout signals into readable HTTP 403 Forbidden responses. If a project uses ``django rest framework`` then the middleware updates the request and checks whether the limit has been exceeded. It's needed only for integration with DRF because it uses its own request object. This middleware recognizes a logout monitoring flag in the request and and uses the ``axes.helpers.get_lockout_response`` handler for returning customizable and context aware lockout message to the end user if necessary. To customize the lockout handling behaviour further, you can subclass this middleware and change the ``__call__`` method to your own liking. Please see the following configuration flags before customizing this handler: - ``AXES_LOCKOUT_TEMPLATE``, - ``AXES_LOCKOUT_URL``, - ``AXES_COOLOFF_MESSAGE``, and - ``AXES_PERMALOCK_MESSAGE``. """ def __init__(self, get_response: Callable): self.get_response = get_response def __call__(self, request): response = self.get_response(request) if settings.AXES_ENABLED: if getattr(request, "axes_locked_out", None): response = get_lockout_response(request) # type: ignore return response django-axes-5.24.0/axes/migrations/000077500000000000000000000000001411641636100171215ustar00rootroot00000000000000django-axes-5.24.0/axes/migrations/0001_initial.py000066400000000000000000000054171411641636100215730ustar00rootroot00000000000000from django.db import migrations, models class Migration(migrations.Migration): dependencies = [] operations = [ migrations.CreateModel( name="AccessAttempt", fields=[ ( "id", models.AutoField( verbose_name="ID", serialize=False, auto_created=True, primary_key=True, ), ), ("user_agent", models.CharField(max_length=255)), ( "ip_address", models.GenericIPAddressField(null=True, verbose_name="IP Address"), ), ("username", models.CharField(max_length=255, null=True)), ("trusted", models.BooleanField(default=False)), ( "http_accept", models.CharField(max_length=1025, verbose_name="HTTP Accept"), ), ("path_info", models.CharField(max_length=255, verbose_name="Path")), ("attempt_time", models.DateTimeField(auto_now_add=True)), ("get_data", models.TextField(verbose_name="GET Data")), ("post_data", models.TextField(verbose_name="POST Data")), ( "failures_since_start", models.PositiveIntegerField(verbose_name="Failed Logins"), ), ], options={"ordering": ["-attempt_time"], "abstract": False}, ), migrations.CreateModel( name="AccessLog", fields=[ ( "id", models.AutoField( verbose_name="ID", serialize=False, auto_created=True, primary_key=True, ), ), ("user_agent", models.CharField(max_length=255)), ( "ip_address", models.GenericIPAddressField(null=True, verbose_name="IP Address"), ), ("username", models.CharField(max_length=255, null=True)), ("trusted", models.BooleanField(default=False)), ( "http_accept", models.CharField(max_length=1025, verbose_name="HTTP Accept"), ), ("path_info", models.CharField(max_length=255, verbose_name="Path")), ("attempt_time", models.DateTimeField(auto_now_add=True)), ("logout_time", models.DateTimeField(null=True, blank=True)), ], options={"ordering": ["-attempt_time"], "abstract": False}, ), ] django-axes-5.24.0/axes/migrations/0002_auto_20151217_2044.py000066400000000000000000000032731411641636100225440ustar00rootroot00000000000000from django.db import migrations, models class Migration(migrations.Migration): dependencies = [("axes", "0001_initial")] operations = [ migrations.AlterField( model_name="accessattempt", name="ip_address", field=models.GenericIPAddressField( db_index=True, null=True, verbose_name="IP Address" ), ), migrations.AlterField( model_name="accessattempt", name="trusted", field=models.BooleanField(db_index=True, default=False), ), migrations.AlterField( model_name="accessattempt", name="user_agent", field=models.CharField(db_index=True, max_length=255), ), migrations.AlterField( model_name="accessattempt", name="username", field=models.CharField(db_index=True, max_length=255, null=True), ), migrations.AlterField( model_name="accesslog", name="ip_address", field=models.GenericIPAddressField( db_index=True, null=True, verbose_name="IP Address" ), ), migrations.AlterField( model_name="accesslog", name="trusted", field=models.BooleanField(db_index=True, default=False), ), migrations.AlterField( model_name="accesslog", name="user_agent", field=models.CharField(db_index=True, max_length=255), ), migrations.AlterField( model_name="accesslog", name="username", field=models.CharField(db_index=True, max_length=255, null=True), ), ] django-axes-5.24.0/axes/migrations/0003_auto_20160322_0929.py000066400000000000000000000036341411641636100225550ustar00rootroot00000000000000from django.db import models, migrations class Migration(migrations.Migration): dependencies = [("axes", "0002_auto_20151217_2044")] operations = [ migrations.AlterField( model_name="accessattempt", name="failures_since_start", field=models.PositiveIntegerField(verbose_name="Failed Logins"), ), migrations.AlterField( model_name="accessattempt", name="get_data", field=models.TextField(verbose_name="GET Data"), ), migrations.AlterField( model_name="accessattempt", name="http_accept", field=models.CharField(verbose_name="HTTP Accept", max_length=1025), ), migrations.AlterField( model_name="accessattempt", name="ip_address", field=models.GenericIPAddressField( null=True, verbose_name="IP Address", db_index=True ), ), migrations.AlterField( model_name="accessattempt", name="path_info", field=models.CharField(verbose_name="Path", max_length=255), ), migrations.AlterField( model_name="accessattempt", name="post_data", field=models.TextField(verbose_name="POST Data"), ), migrations.AlterField( model_name="accesslog", name="http_accept", field=models.CharField(verbose_name="HTTP Accept", max_length=1025), ), migrations.AlterField( model_name="accesslog", name="ip_address", field=models.GenericIPAddressField( null=True, verbose_name="IP Address", db_index=True ), ), migrations.AlterField( model_name="accesslog", name="path_info", field=models.CharField(verbose_name="Path", max_length=255), ), ] django-axes-5.24.0/axes/migrations/0004_auto_20181024_1538.py000066400000000000000000000042251411641636100225520ustar00rootroot00000000000000from django.db import migrations, models class Migration(migrations.Migration): dependencies = [("axes", "0003_auto_20160322_0929")] operations = [ migrations.AlterModelOptions( name="accessattempt", options={ "verbose_name": "access attempt", "verbose_name_plural": "access attempts", }, ), migrations.AlterModelOptions( name="accesslog", options={ "verbose_name": "access log", "verbose_name_plural": "access logs", }, ), migrations.AlterField( model_name="accessattempt", name="attempt_time", field=models.DateTimeField(auto_now_add=True, verbose_name="Attempt Time"), ), migrations.AlterField( model_name="accessattempt", name="user_agent", field=models.CharField( db_index=True, max_length=255, verbose_name="User Agent" ), ), migrations.AlterField( model_name="accessattempt", name="username", field=models.CharField( db_index=True, max_length=255, null=True, verbose_name="Username" ), ), migrations.AlterField( model_name="accesslog", name="attempt_time", field=models.DateTimeField(auto_now_add=True, verbose_name="Attempt Time"), ), migrations.AlterField( model_name="accesslog", name="logout_time", field=models.DateTimeField( blank=True, null=True, verbose_name="Logout Time" ), ), migrations.AlterField( model_name="accesslog", name="user_agent", field=models.CharField( db_index=True, max_length=255, verbose_name="User Agent" ), ), migrations.AlterField( model_name="accesslog", name="username", field=models.CharField( db_index=True, max_length=255, null=True, verbose_name="Username" ), ), ] django-axes-5.24.0/axes/migrations/0005_remove_accessattempt_trusted.py000066400000000000000000000003331411641636100261250ustar00rootroot00000000000000from django.db import migrations class Migration(migrations.Migration): dependencies = [("axes", "0004_auto_20181024_1538")] operations = [migrations.RemoveField(model_name="accessattempt", name="trusted")] django-axes-5.24.0/axes/migrations/0006_remove_accesslog_trusted.py000066400000000000000000000004221411641636100252300ustar00rootroot00000000000000# Generated by Django 2.0.4 on 2019-03-13 08:55 from django.db import migrations class Migration(migrations.Migration): dependencies = [("axes", "0005_remove_accessattempt_trusted")] operations = [migrations.RemoveField(model_name="accesslog", name="trusted")] django-axes-5.24.0/axes/migrations/__init__.py000066400000000000000000000000001411641636100212200ustar00rootroot00000000000000django-axes-5.24.0/axes/models.py000066400000000000000000000025741411641636100166120ustar00rootroot00000000000000from django.db import models from django.utils.translation import gettext_lazy as _ class AccessBase(models.Model): user_agent = models.CharField(_("User Agent"), max_length=255, db_index=True) ip_address = models.GenericIPAddressField(_("IP Address"), null=True, db_index=True) username = models.CharField(_("Username"), max_length=255, null=True, db_index=True) http_accept = models.CharField(_("HTTP Accept"), max_length=1025) path_info = models.CharField(_("Path"), max_length=255) attempt_time = models.DateTimeField(_("Attempt Time"), auto_now_add=True) class Meta: app_label = "axes" abstract = True ordering = ["-attempt_time"] class AccessAttempt(AccessBase): get_data = models.TextField(_("GET Data")) post_data = models.TextField(_("POST Data")) failures_since_start = models.PositiveIntegerField(_("Failed Logins")) def __str__(self): return f"Attempted Access: {self.attempt_time}" class Meta: verbose_name = _("access attempt") verbose_name_plural = _("access attempts") class AccessLog(AccessBase): logout_time = models.DateTimeField(_("Logout Time"), null=True, blank=True) def __str__(self): return f"Access Log for {self.username} @ {self.attempt_time}" class Meta: verbose_name = _("access log") verbose_name_plural = _("access logs") django-axes-5.24.0/axes/signals.py000066400000000000000000000033661411641636100167670ustar00rootroot00000000000000from logging import getLogger from django.contrib.auth.signals import ( user_logged_in, user_logged_out, user_login_failed, ) from django.core.signals import setting_changed from django.db.models.signals import post_save, post_delete from django.dispatch import Signal from django.dispatch import receiver from axes.handlers.proxy import AxesProxyHandler from axes.models import AccessAttempt log = getLogger(__name__) # This signal provides the following arguments to any listeners: # request - The current Request object. # username - The username of the User who has been locked out. # ip_address - The IP of the user who has been locked out. user_locked_out = Signal() @receiver(user_login_failed) def handle_user_login_failed(*args, **kwargs): AxesProxyHandler.user_login_failed(*args, **kwargs) @receiver(user_logged_in) def handle_user_logged_in(*args, **kwargs): AxesProxyHandler.user_logged_in(*args, **kwargs) @receiver(user_logged_out) def handle_user_logged_out(*args, **kwargs): AxesProxyHandler.user_logged_out(*args, **kwargs) @receiver(post_save, sender=AccessAttempt) def handle_post_save_access_attempt(*args, **kwargs): AxesProxyHandler.post_save_access_attempt(*args, **kwargs) @receiver(post_delete, sender=AccessAttempt) def handle_post_delete_access_attempt(*args, **kwargs): AxesProxyHandler.post_delete_access_attempt(*args, **kwargs) @receiver(setting_changed) def handle_setting_changed( sender, setting, value, enter, **kwargs ): # pylint: disable=unused-argument """ Reinitialize handler implementation if a relevant setting changes in e.g. application reconfiguration or during testing. """ if setting == "AXES_HANDLER": AxesProxyHandler.get_implementation(force=True) django-axes-5.24.0/axes/utils.py000066400000000000000000000031701411641636100164600ustar00rootroot00000000000000""" Axes utility functions that are publicly available. This module is separate for historical reasons and offers a backwards compatible import path. """ from logging import getLogger from typing import Optional from django.http import HttpRequest from axes.conf import settings from axes.handlers.proxy import AxesProxyHandler from axes.helpers import get_client_ip_address log = getLogger(__name__) def reset(ip: str = None, username: str = None, ip_or_username=False) -> int: """ Reset records that match IP or username, and return the count of removed attempts. This utility method is meant to be used from the CLI or via Python API. """ return AxesProxyHandler.reset_attempts( ip_address=ip, username=username, ip_or_username=ip_or_username ) def reset_request(request: HttpRequest) -> int: """ Reset records that match IP or username, and return the count of removed attempts. This utility method is meant to be used from the CLI or via Python API. """ ip: Optional[str] = get_client_ip_address(request) username = request.GET.get("username", None) ip_or_username = settings.AXES_LOCK_OUT_BY_USER_OR_IP if settings.AXES_ONLY_USER_FAILURES: ip = None elif not ( settings.AXES_LOCK_OUT_BY_USER_OR_IP or settings.AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP ): username = None if not ip and not username: return 0 # We don't want to reset everything, if there is some wrong request parameter # if settings.AXES_USE_USER_AGENT: # TODO: reset based on user_agent? return reset(ip, username, ip_or_username) django-axes-5.24.0/codecov.yml000066400000000000000000000003241411641636100161510ustar00rootroot00000000000000coverage: status: patch: off project: default: # Minimum test coverage required for pass target: 90% # Maximum test coverage change allowed for pass threshold: 20% django-axes-5.24.0/docs/000077500000000000000000000000001411641636100147355ustar00rootroot00000000000000django-axes-5.24.0/docs/10_changelog.rst000066400000000000000000000000531411641636100177140ustar00rootroot00000000000000.. changelog: .. include:: ../CHANGES.rst django-axes-5.24.0/docs/1_requirements.rst000066400000000000000000000012101411641636100204240ustar00rootroot00000000000000.. _requirements: Requirements ============ Axes requires a supported Django version and runs on Python versions 3.6 and above. Refer to the project source code repository in `GitHub `_ and see the `Tox configuration `_ and `Python package definition `_ to check if your Django and Python version are supported. The `GitHub Actions builds `_ test Axes compatibility with the Django master branch for future compatibility as well. django-axes-5.24.0/docs/2_installation.rst000066400000000000000000000126271411641636100204210ustar00rootroot00000000000000.. _installation: Installation ============ Axes is easy to install from the PyPI package:: $ pip install django-axes After installing the package, the project settings need to be configured. **1.** Add ``axes`` to your ``INSTALLED_APPS``:: INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', # Axes app can be in any position in the INSTALLED_APPS list. 'axes', ] **2.** Add ``axes.backends.AxesBackend`` to the top of ``AUTHENTICATION_BACKENDS``:: AUTHENTICATION_BACKENDS = [ # AxesBackend should be the first backend in the AUTHENTICATION_BACKENDS list. 'axes.backends.AxesBackend', # Django ModelBackend is the default authentication backend. 'django.contrib.auth.backends.ModelBackend', ] **3.** Add ``axes.middleware.AxesMiddleware`` to your list of ``MIDDLEWARE``:: MIDDLEWARE = [ # The following is the list of default middleware in new Django projects. 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', # AxesMiddleware should be the last middleware in the MIDDLEWARE list. # It only formats user lockout messages and renders Axes lockout responses # on failed user authentication attempts from login views. # If you do not want Axes to override the authentication response # you can skip installing the middleware and use your own views. 'axes.middleware.AxesMiddleware', ] **4.** Run ``python manage.py check`` to check the configuration. **5.** Run ``python manage.py migrate`` to sync the database. Axes is now functional with the default settings and is saving user attempts into your database and locking users out if they exceed the maximum attempts. You should use the ``python manage.py check`` command to verify the correct configuration in development, staging, and production environments. It is probably best to use this step as part of your regular CI workflows to verify that your project is not misconfigured. Axes uses checks to verify your Django settings configuration for security and functionality. Many people have different configurations for their development and production environments, and running the application with misconfigured settings can prevent security features from working. Disabling Axes system checks ---------------------------- If you are implementing custom authentication, request middleware, or signal handlers the Axes checks system might generate false positives in the Django checks framework. You can silence the unnecessary warnings by using the following Django settings:: SILENCED_SYSTEM_CHECKS = ['axes.W003'] Axes has the following warnings codes built in: - ``axes.W001`` for invalid ``CACHES`` configuration. - ``axes.W002`` for invalid ``MIDDLEWARE`` configuration. - ``axes.W003`` for invalid ``AUTHENTICATION_BACKENDS`` configuration. - ``axes.W004`` for deprecated use of ``AXES_*`` setting flags. .. note:: Only disable the Axes system checks and warnings if you know what you are doing. The default checks are implemented to verify and improve your project's security and should only produce necessary warnings due to misconfigured settings. Disabling Axes components in tests ---------------------------------- If you get errors when running tests, try setting the ``AXES_ENABLED`` flag to ``False`` in your test settings:: AXES_ENABLED = False This disables the Axes middleware, authentication backend and signal receivers, which might fix errors with incompatible test configurations. Disabling atomic requests ------------------------- Django offers atomic database transactions that are tied to HTTP requests and toggled on and off with the ``ATOMIC_REQUESTS`` configuration. When ``ATOMIC_REQUESTS`` is set to ``True`` Django will always either perform all database read and write operations in one successful atomic transaction or in a case of failure roll them back, leaving no trace of the failed request in the database. However, sometimes Axes or another plugin can misbehave or not act correctly with other code, preventing the login mechanisms from working due to e.g. exception being thrown in some part of the code, preventing access attempts being logged to database with Axes or causing similar problems. If new attempts or log objects are not being correctly written to the Axes tables, it is possible to configure Django ``ATOMIC_REQUESTS`` setting to to ``False``:: ATOMIC_REQUESTS = False Please note that atomic requests are usually desirable when writing e.g. RESTful APIs, but sometimes it can be problematic and warrant a disable. Before disabling atomic requests or configuring them please read the relevant Django documentation and make sure you know what you are configuring rather than just toggling the flag on and off for testing. Also note that the cache backend can provide correct functionality with Memcached or Redis caches even with exceptions being thrown in the stack. django-axes-5.24.0/docs/3_usage.rst000066400000000000000000000103231411641636100170140ustar00rootroot00000000000000.. _usage: Usage ===== Once Axes is installed and configured, you can login and logout of your application via the ``django.contrib.auth`` views. The attempts will be logged and visible in the Access Attempts section in admin. Axes monitors the views by using the Django login and logout signals and locks out user attempts with a custom authentication backend that checks if requests are allowed to authenticate per the configured rules. By default, Axes will lock out repeated access attempts from the same IP address by monitoring login failures and storing them into the default database. Authenticating users -------------------- Axes needs a ``request`` attribute to be supplied to the stock Django ``authenticate`` method in the ``django.contrib.auth`` module in order to function correctly. If you wish to manually supply the argument to the calls to ``authenticate``, you can use the following snippet in your custom login views, tests, or other code:: def custom_login_view(request) username = ... password = ... user = authenticate( request=request, # this is the important custom argument username=username, password=password, ) if user is not None: login(request, user) If your test setup has problems with the ``request`` argument, you can either supply the argument manually with a blank `HttpRequest()`` object, disable Axes in the test setup by excluding ``axes`` from ``INSTALLED_APPS``, or leave out ``axes.backends.AxesBackend`` from your ``AUTHENTICATION_BACKENDS``. If you are using a 3rd party library that does not supply the ``request`` attribute when calling ``authenticate`` you can implement a customized backend that inherits from ``axes.backends.AxesBackend`` or other backend and overrides the ``authenticate`` method. Resetting attempts and lockouts ------------------------------- When Axes locks an IP address, it is not allowed to login again. You can allow IPs to attempt again by resetting (deleting) the relevant AccessAttempt records in the admin UI, CLI, or your own code. You can also configure automatic cool down periods, IP whitelists, and custom code and handler functions for resetting attempts. Please check out the configuration and customization documentation for further information. .. note:: Please note that the functionality describe here concerns the default database handler. If you have changed the default handler to another class such as the cache handler you have to implement custom reset commands. Resetting attempts from the Django admin UI ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Records can be easily deleted by using the Django admin application. Go to the admin UI and check the ``Access Attempt`` view. Select the attempts you wish the allow again and simply remove them. The blocked user will be allowed to log in again in accordance to the rules. Resetting attempts from command line ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Axes offers a command line interface with ``axes_reset``, ``axes_reset_ip``, and ``axes_reset_username`` management commands with the Django ``manage.py`` or ``django-admin`` command helpers: - ``python manage.py axes_reset`` will reset all lockouts and access records. - ``python manage.py axes_reset_ip [ip ...]`` will clear lockouts and records for the given IP addresses. - ``python manage.py axes_reset_username [username ...]`` will clear lockouts and records for the given usernames. - ``python manage.py axes_reset_logs (age)`` will reset (i.e. delete) AccessLog records that are older than the given age where the default is 30 days. Resetting attempts programmatically by APIs ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ In your code, you can use the ``axes.utils.reset`` function. - ``reset()`` will reset all lockouts and access records. - ``reset(ip=ip)`` will clear lockouts and records for the given IP address. - ``reset(username=username)`` will clear lockouts and records for the given username. .. note:: Please note that if you give both ``username`` and ``ip`` arguments to ``reset`` that attempts that have both the set IP and username are reset. The effective behaviour of ``reset`` is to ``and`` the terms instead of ``or`` ing them. django-axes-5.24.0/docs/4_configuration.rst000066400000000000000000000312001411641636100205550ustar00rootroot00000000000000.. _configuration: Configuration ============= Minimal Axes configuration is done with just ``settings.py`` updates. More advanced configuration and integrations might require updates on source code level depending on your project implementation. Configuring project settings ---------------------------- The following ``settings.py`` options are available for customizing Axes behaviour. * ``AXES_ENABLED``: Enable or disable Axes plugin functionality, for example in test runner setup. Default: ``True`` * ``AXES_FAILURE_LIMIT``: The integer number of login attempts allowed before a record is created for the failed logins. This can also be a callable or a dotted path to callable that returns an integer and all of the following are valid: ``AXES_FAILURE_LIMIT = 42``, ``AXES_FAILURE_LIMIT = lambda *args: 42``, and ``AXES_FAILURE_LIMIT = 'project.app.get_login_failure_limit'``. Default: ``3`` * ``AXES_LOCK_OUT_AT_FAILURE``: After the number of allowed login attempts are exceeded, should we lock out this IP (and optional user agent)? Default: ``True`` * ``AXES_COOLOFF_TIME``: If set, defines a period of inactivity after which old failed login attempts will be cleared. Can be set to a Python timedelta object, an integer, a callable, or a string path to a callable which takes no arguments. If an integer, will be interpreted as a number of hours. Default: ``None`` * ``AXES_ONLY_ADMIN_SITE``: If ``True``, lock is only enabled for admin site. Admin site is determined by checking request path against the path of ``"admin:index"`` view. If admin urls are not registered in current urlconf, all requests will not be locked. Default: ``False`` * ``AXES_ONLY_USER_FAILURES`` : If ``True``, only lock based on username, and never lock based on IP if attempts exceed the limit. Otherwise utilize the existing IP and user locking logic. Default: ``False`` * ``AXES_ENABLE_ADMIN``: If ``True``, admin views for access attempts and logins are shown in Django admin interface. Default: ``True`` * ``AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP``: If ``True``, prevent login from IP under a particular username if the attempt limit has been exceeded, otherwise lock out based on IP. Default: ``False`` * ``AXES_LOCK_OUT_BY_USER_OR_IP``: If ``True``, prevent login from if the attempt limit has been exceeded for IP or username. Default: ``False`` * ``AXES_USE_USER_AGENT``: If ``True``, lock out and log based on the IP address and the user agent. This means requests from different user agents but from the same IP are treated differently. This settings has no effect if the ``AXES_ONLY_USER_FAILURES`` setting is active. Default: ``False`` * ``AXES_HANDLER``: The path to the handler class to use. If set, overrides the default signal handler backend. Default: ``'axes.handlers.database.AxesDatabaseHandler'`` * ``AXES_CACHE``: The name of the cache for Axes to use. Default: ``'default'`` * ``AXES_LOCKOUT_TEMPLATE``: If set, specifies a template to render when a user is locked out. Template receives ``cooloff_timedelta``, ``cooloff_time``, ``username`` and ``failure_limit`` as context variables. Default: ``None`` * ``AXES_LOCKOUT_URL``: If set, specifies a URL to redirect to on lockout. If both ``AXES_LOCKOUT_TEMPLATE`` and ``AXES_LOCKOUT_URL`` are set, the template will be used. Default: ``None`` * ``AXES_VERBOSE``: If ``True``, you'll see slightly more logging for Axes. Default: ``True`` * ``AXES_USERNAME_FORM_FIELD``: the name of the form field that contains your users usernames. Default: ``username`` * ``AXES_USERNAME_CALLABLE``: A callable or a string path to callable that takes two arguments for user lookups: ``def get_username(request: HttpRequest, credentials: dict) -> str: ...``. This can be any callable such as ``AXES_USERNAME_CALLABLE = lambda request, credentials: 'username'`` or a full Python module path to callable such as ``AXES_USERNAME_CALLABLE = 'example.get_username``. The ``request`` is a HttpRequest like object and the ``credentials`` is a dictionary like object. ``credentials`` are the ones that were passed to Django ``authenticate()`` in the login flow. If no function is supplied, Axes fetches the username from the ``credentials`` or ``request.POST`` dictionaries based on ``AXES_USERNAME_FORM_FIELD``. * ``AXES_WHITELIST_CALLABLE``: A callable or a string path to callable that takes two arguments for whitelisting determination and returns True, if user should be whitelisted: ``def is_whilisted(request: HttpRequest, credentials: dict) -> bool: ...``. This can be any callable similarly to ``AXES_USERNAME_CALLABLE``. Default: ``None`` * ``AXES_LOCKOUT_CALLABLE``: A callable or a string path to callable that takes two arguments returns a response. For example: ``def generate_lockout_response(request: HttpRequest, credentials: dict) -> HttpResponse: ...``. This can be any callable similarly to ``AXES_USERNAME_CALLABLE``. If not callable is defined, then the default implementation in ``axes.helpers.get_lockout_response`` is used for determining the correct lockout response that is sent to the requesting client. Default: ``None`` * ``AXES_PASSWORD_FORM_FIELD``: the name of the form or credentials field that contains your users password. Default: ``password`` * ``AXES_SENSITIVE_PARAMETERS``: Configures POST and GET parameter values (in addition to the value of ``AXES_PASSWORD_FORM_FIELD``) to mask in login attempt logging. Default: ``[]`` * ``AXES_NEVER_LOCKOUT_GET``: If ``True``, Axes will never lock out HTTP GET requests. Default: ``False`` * ``AXES_NEVER_LOCKOUT_WHITELIST``: If ``True``, users can always login from whitelisted IP addresses. Default: ``False`` * ``AXES_IP_BLACKLIST``: An iterable of IPs to be blacklisted. Takes precedence over whitelists. For example: ``AXES_IP_BLACKLIST = ['0.0.0.0']``. Default: ``None`` * ``AXES_IP_WHITELIST``: An iterable of IPs to be whitelisted. For example: ``AXES_IP_WHITELIST = ['0.0.0.0']``. Default: ``None`` * ``AXES_DISABLE_ACCESS_LOG``: If ``True``, disable writing login and logout access logs to database, so the admin interface will not have user login trail for successful user authentication. Default: ``False`` * ``AXES_RESET_ON_SUCCESS``: If ``True``, a successful login will reset the number of failed logins. Default: ``False`` * ``AXES_ALLOWED_CORS_ORIGINS``: Configures lockout response CORS headers for XHR requests. Default: ``*`` * ``AXES_HTTP_RESPONSE_CODE``: Sets the http response code returned when ``AXES_FAILURE_LIMIT`` is reached. For example: ``AXES_HTTP_RESPONSE_CODE = 429`` Default: ``403`` The configuration option precedences for the access attempt monitoring are: 1. Default: only use IP address. 2. ``AXES_ONLY_USER_FAILURES``: only user username (``AXES_USE_USER_AGENT`` has no effect). 3. ``AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP``: use username and IP address. The ``AXES_USE_USER_AGENT`` setting can be used with username and IP address or just IP address monitoring, but does nothing when the ``AXES_ONLY_USER_FAILURES`` setting is set. Configuring reverse proxies --------------------------- Axes makes use of ``django-ipware`` package to detect the IP address of the client and uses some conservative configuration parameters by default for security. If you are using reverse proxies, you will need to configure one or more of the following settings to suit your set up to correctly resolve client IP addresses: * ``AXES_PROXY_COUNT``: The number of reverse proxies in front of Django as an integer. Default: ``None`` * ``AXES_META_PRECEDENCE_ORDER``: The names of ``request.META`` attributes as a tuple of strings to check to get the client IP address. Check the Django documentation for header naming conventions. Default: ``IPWARE_META_PRECEDENCE_ORDER`` setting if set, else ``('REMOTE_ADDR', )`` .. note:: For reverse proxies or e.g. Heroku, you might also want to fetch IP addresses from a HTTP header such as ``X-Forwarded-For``. To configure this, you can fetch IPs through the ``HTTP_X_FORWARDED_FOR`` key from the ``request.META`` property which contains all the HTTP headers in Django: .. code-block:: python # refer to the Django request and response objects documentation AXES_META_PRECEDENCE_ORDER = [ 'HTTP_X_FORWARDED_FOR', 'REMOTE_ADDR', ] Please note that proxies have different behaviours with the HTTP headers. Make sure that your proxy either strips the incoming value or otherwise makes sure of the validity of the header that is used because **any header values used in application configuration must be secure and trusted**. Otherwise the client can spoof IP addresses by just setting the header in their request and circumvent the IP address monitoring. Normal proxy server behaviours include overriding and appending the header value depending on the platform. Different platforms and gateway services utilize different headers, please refer to your deployment target documentation for up-to-date information on correct configuration. Configuring handlers -------------------- Axes uses handlers for processing signals and events from Django authentication and login attempts. The following handlers are implemented by Axes and can be configured with the ``AXES_HANDLER`` setting in project configuration: - ``axes.handlers.database.AxesDatabaseHandler`` logs attempts to database and creates AccessAttempt and AccessLog records that persist until removed from the database manually or automatically after their cool offs expire (checked on each login event). - ``axes.handlers.cache.AxesCacheHandler`` only uses the cache for monitoring attempts and does not persist data other than in the cache backend; this data can be purged automatically depending on your cache configuration, so the cache handler is by design less secure than the database backend but offers higher throughput and can perform better with less bottlenecks. The cache backend should ideally be used with a central cache system such as a Memcached cache and should not rely on individual server state such as the local memory or file based cache does. - ``axes.handlers.dummy.AxesDummyHandler`` does nothing with attempts and can be used to disable Axes handlers if the user does not wish Axes to execute any logic on login signals. Please note that this effectively disables any Axes security features, and is meant to be used on e.g. local development setups and testing deployments where login monitoring is not wanted. To switch to cache based attempt tracking you can do the following:: AXES_HANDLER = 'axes.handlers.cache.AxesCacheHandler' See the cache configuration section for suitable cache backends. Configuring caches ------------------ If you are running Axes with the cache based handler on a deployment with a local Django cache, the Axes lockout and reset functionality might not work predictably if the cache in use is not the same for all the Django processes. Axes needs to cache access attempts application-wide, and e.g. the in-memory cache only caches access attempts per Django process, so for example resets made in the command line might not remove lock-outs that are in a separate process's in-memory cache such as the web server serving your login or admin page. To circumvent this problem, please use somethings else than ``django.core.cache.backends.dummy.DummyCache``, ``django.core.cache.backends.locmem.LocMemCache``, or ``django.core.cache.backends.filebased.FileBasedCache`` as your cache backend in Django cache ``BACKEND`` setting. If changing the ``'default'`` cache is not an option, you can add a cache specifically for use with Axes. This is a two step process. First you need to add an extra cache to ``CACHES`` with a name of your choice:: CACHES = { 'axes': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': '127.0.0.1:11211', } } The next step is to tell Axes to use this cache through adding ``AXES_CACHE`` to your ``settings.py`` file:: AXES_CACHE = 'axes' There are no known problems in e.g. ``MemcachedCache`` or Redis based caches. Configuring authentication backends ----------------------------------- Axes requires authentication backends to pass request objects with the authentication requests for performing monitoring. If you get ``AxesBackendRequestParameterRequired`` exceptions, make sure any libraries and middleware you use pass the request object. Please check the integration documentation for further information. Configuring 3rd party apps -------------------------- Refer to the integration documentation for Axes configuration with third party applications and plugins such as - Django REST Framework - Django Allauth - Django Simple Captcha django-axes-5.24.0/docs/5_customization.rst000066400000000000000000000134351411641636100206310ustar00rootroot00000000000000.. customization: Customization ============= Axes has multiple options for customization including customizing the attempt tracking and lockout handling logic and lockout response formatting. There are public APIs and the whole Axes tracking system is pluggable. You can swap the authentication backend, attempt tracker, failure handlers, database or cache backends and error formatters as you see fit. Check the API reference section for further inspiration on implementing custom authentication backends, middleware, and handlers. Axes uses the stock Django signals for login monitoring and can be customized and extended by using them correctly. Axes listens to the following signals from ``django.contrib.auth.signals`` to log access attempts: * ``user_logged_in`` * ``user_logged_out`` * ``user_login_failed`` You can also use Axes with your own auth module, but you'll need to ensure that it sends the correct signals in order for Axes to log the access attempts. Customizing authentication views -------------------------------- Here is a more detailed example of sending the necessary signals using and a custom auth backend at an endpoint that expects JSON requests. The custom authentication can be swapped out with ``authenticate`` and ``login`` from ``django.contrib.auth``, but beware that those methods take care of sending the nessary signals for you, and there is no need to duplicate them as per the example. ``example/forms.py``:: from django import forms class LoginForm(forms.Form): username = forms.CharField(max_length=128, required=True) password = forms.CharField(max_length=128, required=True) ``example/views.py``:: from django.contrib.auth import signals from django.http import JsonResponse, HttpResponse from django.utils.decorators import method_decorator from django.views import View from django.views.decorators.csrf import csrf_exempt from axes.decorators import axes_dispatch from example.forms import LoginForm from example.authentication import authenticate, login @method_decorator(axes_dispatch, name='dispatch') @method_decorator(csrf_exempt, name='dispatch') class Login(View): """ Custom login view that takes JSON credentials """ http_method_names = ['post'] def post(self, request): form = LoginForm(request.POST) if not form.is_valid(): # inform django-axes of failed login signals.user_login_failed.send( sender=User, request=request, credentials={ 'username': form.cleaned_data.get('username'), }, ) return HttpResponse(status=400) user = authenticate( request=request, username=form.cleaned_data.get('username'), password=form.cleaned_data.get('password'), ) if user is not None: login(request, user) signals.user_logged_in.send( sender=User, request=request, user=user, ) return JsonResponse({ 'message':'success' }, status=200) # inform django-axes of failed login signals.user_login_failed.send( sender=User, request=request, credentials={ 'username': form.cleaned_data.get('username'), }, ) return HttpResponse(status=403) ``urls.py``:: from django.urls import path from example.views import Login urlpatterns = [ path('login/', Login.as_view(), name='login'), ] Customizing username lookups ---------------------------- In special cases, you may have the need to modify the username that is submitted before attempting to authenticate. For example, adding namespacing or removing client-set prefixes. In these cases, ``axes`` needs to know how to make these changes so that it can correctly identify the user without any form cleaning or validation. This is where the ``AXES_USERNAME_CALLABLE`` setting comes in. You can define how to make these modifications in a callable that takes a request object and a credentials dictionary, and provide that callable to ``axes`` via this setting. For example, a function like this could take a post body with something like ``username='prefixed-username'`` and ``namespace=my_namespace`` and turn it into ``my_namespace-username``: ``example/utils.py``:: def get_username(request, credentials): username = credentials.get('username') namespace = credentials.get('namespace') return namespace + '-' + username ``settings.py``:: AXES_USERNAME_CALLABLE = 'example.utils.get_username' .. note:: You still have to make these modifications yourself before calling authenticate. If you want to re-use the same function for consistency, that's fine, but Axes does not inject these changes into the authentication flow for you. Customizing lockout responses ----------------------------- Axes can be configured with ``AXES_LOCKOUT_CALLABLE`` to return a custom lockout response when using the plugin with e.g. DRF (Django REST Framework) or other third party libraries which require specialized formats such as JSON or XML response formats or customized response status codes. An example of usage could be e.g. a custom view for processing lockouts. ``example/views.py``:: from django.http import JsonResponse def lockout(request, credentials, *args, **kwargs): return JsonResponse({"status": "Locked out due to too many login failures"}, status=403) ``settings.py``:: AXES_LOCKOUT_CALLABLE = "example.views.lockout" django-axes-5.24.0/docs/6_integration.rst000066400000000000000000000216551411641636100202500ustar00rootroot00000000000000.. _integration: Integration =========== Axes is intended to be pluggable and usable with custom authentication solutions. This document describes the integration with some popular 3rd party packages such as Django Allauth, Django REST Framework, and other tools. In the following table **Compatible** means that a component should be fully compatible out-of-the-box, **Functional** means that a component should be functional after configuration, and **Incompatible** means that a component has been reported as non-functional with Axes. ======================= ============= ============ ============ ============== Project Version Compatible Functional Incompatible ======================= ============= ============ ============ ============== Django REST Framework |check| Django Allauth |check| Django Simple Captcha |check| Django OAuth Toolkit |check| Django Reversion |check| ======================= ============= ============ ============ ============== .. |check| unicode:: U+2713 .. |lt| unicode:: U+003C .. |lte| unicode:: U+2264 .. |gte| unicode:: U+2265 .. |gt| unicode:: U+003E Please note that project compatibility depends on multiple different factors such as Django version, Axes version, and 3rd party package versions and their unique combinations per project. .. note:: This documentation is mostly provided by Axes users. If you have your own compatibility tweaks and customizations that enable you to use Axes with other tools or have better implementations than the solutions provided here, please do feel free to open an issue or a pull request in GitHub! Integration with Django Allauth ------------------------------- Axes relies on having login information stored under ``AXES_USERNAME_FORM_FIELD`` key both in ``request.POST`` and in ``credentials`` dict passed to ``user_login_failed`` signal. This is not the case with Allauth. Allauth always uses the ``login`` key in post POST data but it becomes ``username`` key in ``credentials`` dict in signal handler. To overcome this you need to use custom login form that duplicates the value of ``username`` key under a ``login`` key in that dict and set ``AXES_USERNAME_FORM_FIELD = 'login'``. You also need to decorate ``dispatch()`` and ``form_invalid()`` methods of the Allauth login view. ``settings.py``:: AXES_USERNAME_FORM_FIELD = 'login' ``example/forms.py``:: from allauth.account.forms import LoginForm class AxesLoginForm(LoginForm): """ Extended login form class that supplied the user credentials for Axes compatibility. """ def user_credentials(self): credentials = super().user_credentials() credentials['login'] = credentials.get('email') or credentials.get('username') return credentials ``example/urls.py``:: from django.utils.decorators import method_decorator from allauth.account.views import LoginView from axes.decorators import axes_dispatch from axes.decorators import axes_form_invalid from example.forms import AxesLoginForm LoginView.dispatch = method_decorator(axes_dispatch)(LoginView.dispatch) LoginView.form_invalid = method_decorator(axes_form_invalid)(LoginView.form_invalid) urlpatterns = [ # Override allauth default login view with a patched view path('accounts/login/', LoginView.as_view(form_class=AxesLoginForm), name='account_login'), path('accounts/', include('allauth.urls')), ] Integration with Django REST Framework -------------------------------------- Django Axes requires REST Framework to be connected via lockout signals for correct functionality. You can use the following snippet in your project signals such as ``example/signals.py``:: from django.dispatch import receiver from axes.signals import user_locked_out from rest_framework.exceptions import PermissionDenied @receiver(user_locked_out) def raise_permission_denied(*args, **kwargs): raise PermissionDenied("Too many failed login attempts") And then configure your application to load it in ``examples/apps.py``:: from django import apps class AppConfig(apps.AppConfig): name = "example" def ready(self): from example import signals # noqa Please check the Django signals documentation for more information: https://docs.djangoproject.com/en/3.1/topics/signals/ When a user login fails a signal is emitted and PermissionDenied raises a HTTP 403 reply which interrupts the login process. This functionality was handled in the middleware for a time, but that resulted in extra database requests being made for each and every web request, and was migrated to signals. Integration with Django Simple Captcha -------------------------------------- Axes supports Captcha with the Django Simple Captcha package in the following manner. ``settings.py``:: AXES_LOCKOUT_URL = '/locked' ``example/urls.py``:: url(r'^locked/$', locked_out, name='locked_out'), ``example/forms.py``:: class AxesCaptchaForm(forms.Form): captcha = CaptchaField() ``example/views.py``:: from axes.utils import reset_request from django.http.response import HttpResponseRedirect from django.shortcuts import render from django.urls import reverse_lazy from .forms import AxesCaptchaForm def locked_out(request): if request.POST: form = AxesCaptchaForm(request.POST) if form.is_valid(): reset_request(request) return HttpResponseRedirect(reverse_lazy('auth_login')) else: form = AxesCaptchaForm() return render(request, 'accounts/captcha.html', {'form': form}) ``example/templates/example/captcha.html``::
{% csrf_token %} {{ form.captcha.errors }} {{ form.captcha }}
Integration with Django OAuth Toolkit ------------------------------------- Django OAuth toolkit is not designed to work with Axes, but some users have reported that they have configured validator classes to function correctly. ``example/validators.py``:: from django.contrib.auth import authenticate from django.http import HttpRequest, QueryDict from oauth2_provider.oauth2_validators import OAuth2Validator from axes.helpers import get_client_ip_address, get_client_user_agent class AxesOAuth2Validator(OAuth2Validator): def validate_user(self, username, password, client, request, *args, **kwargs): """ Check username and password correspond to a valid and active User Set defaults for necessary request object attributes for Axes compatibility. The ``request`` argument is not a Django ``HttpRequest`` object. """ _request = request if request and not isinstance(request, HttpRequest): request = HttpRequest() request.uri = _request.uri request.method = request.http_method = _request.http_method request.META = request.headers = _request.headers request._params = _request._params request.decoded_body = _request.decoded_body request.axes_ip_address = get_client_ip_address(request) request.axes_user_agent = get_client_user_agent(request) body = QueryDict(str(_request.body), mutable=True) if request.method == 'GET': request.GET = body elif request.method == 'POST': request.POST = body user = authenticate(request=request, username=username, password=password) if user is not None and user.is_active: request = _request request.user = user return True return False ``settings.py``:: OAUTH2_PROVIDER = { 'OAUTH2_VALIDATOR_CLASS': 'example.validators.AxesOAuth2Validator', 'SCOPES': {'read': 'Read scope', 'write': 'Write scope'}, } Integration with Django Reversion --------------------------------- Django Reversion is not designed to work with Axes, but some users have reported that they have configured a workaround with a monkeypatch function that functions correctly. ``example/monkeypatch.py``:: from django.urls import resolve from reversion import views def _request_creates_revision(request): view_name = resolve(request.path_info).url_name if view_name and view_name.endswith('login'): return False return request.method not in ["OPTIONS", "GET", "HEAD"] views._request_creates_revision = _request_creates_revision django-axes-5.24.0/docs/7_architecture.rst000066400000000000000000000070141411641636100204010ustar00rootroot00000000000000.. _architecture: Architecture ============ Axes is based on the existing Django authentication backend architecture and framework for recognizing users and aims to be compatible with the stock design and implementation of Django while offering extensibility and configurability for using the Axes authentication monitoring and logging for users of the package as well as 3rd party package vendors such as Django REST Framework, Django Allauth, Python Social Auth and so forth. The development of custom 3rd party package support are active goals, but you should check the up-to-date documentation and implementation of Axes for current compatibility before using Axes with custom solutions and make sure that authentication monitoring is working correctly. This document describes the Django authentication flow and how Axes augments it to achieve authentication and login monitoring and lock users out on too many access attempts. Django Axes authentication flow ------------------------------- Axes offers a few additions to the Django authentication flow that implement the login monitoring and lockouts through a swappable **handler** API and configuration flags that users and package vendors can use to customize Axes or their own projects as they best see fit. The following diagram visualizes the Django login flow and highlights the following extra steps that Axes adds to it with the **1. Authentication backend**, **2. Signal receivers**, and **3. Middleware**. .. image:: images/flow.png :alt: Django Axes augmented authentication flow with custom authentication backend, signal receivers, and middleware When a user tries to log in in Django, the login is usually performed by running a number of authentication backends that check user login information by calling the ``authenticate`` function, which either returns a Django compatible ``User`` object or a ``None``. If an authentication backend does not approve a user login, it can raise a ``PermissionDenied`` exception, which immediately skips the rest of the authentication backends, triggers the ``user_login_failed`` signal, and then returns a ``None`` to the calling function, indicating that the login failed. Axes implements authentication blocking with the custom ``AxesBackend`` authentication backend which checks every request coming through the Django authentication flow and verifies they are not blocked, and allows the requests to go through if the check passes. If the authentication attempt matches a lockout rule, e.g. it is from a blacklisted IP or exceeds the maximum configured authentication attempts, it is blocked by raising the ``PermissionDenied`` excepton in the backend. Axes monitors logins with the ``user_login_failed`` signal receiver and records authentication failures from both the ``AxesBackend`` and other authentication backends and tracks the failed attempts by tracking the attempt IP address, username, user agent, or all of them. If the lockout rules match, then Axes marks the request as locked by setting a special attribute into the request. The ``AxesMiddleware`` then processes the request, returning a lockout response to the user, if the flag has been set. Axes assumes that the login views either call the ``authenticate`` method to log in users or otherwise take care of notifying Axes of authentication attempts and failures the same way Django does via authentication signals. The login flows can be customized and the Axes authentication backend, middleware, and signal receivers can easily be swapped to alternative implementations. django-axes-5.24.0/docs/8_reference.rst000066400000000000000000000006261411641636100176600ustar00rootroot00000000000000.. _reference: API reference ============= Axes offers extensible APIs that you can customize to your liking. You can specialize the following base classes or alternatively use third party modules as long as they implement the following APIs. .. automodule:: axes.handlers.base :members: .. automodule:: axes.backends :members: :show-inheritance: .. automodule:: axes.middleware :members: django-axes-5.24.0/docs/9_development.rst000066400000000000000000000025701411641636100202450ustar00rootroot00000000000000.. _development: Development =========== You can contribute to this project forking it from GitHub and sending pull requests. First `fork `_ the `repository `_ and then clone it:: $ git clone git@github.com:/django-axes.git Initialize a virtual environment for development purposes:: $ mkdir -p ~/.virtualenvs $ python3 -m venv ~/.virtualenvs/django-axes $ source ~/.virtualenvs/django-axes/bin/activate Then install the necessary requirements:: $ cd django-axes $ pip install -r requirements.txt Unit tests are located in the ``axes/tests`` folder and can be easily run with the pytest tool:: $ pytest Prospector runs a number of source code style, safety, and complexity checks:: $ prospector Mypy runs static typing checks to verify the source code type annotations and correctness:: $ mypy . Before committing, you can run all the above tests against all supported Python and Django versions with tox:: $ tox Tox runs the same test set that is run by GitHub Actions, and your code should be good to go if it passes. If you wish to limit the testing to specific environment(s), you can parametrize the tox run:: $ tox -e py39-django22 After you have pushed your changes, open a pull request on GitHub for getting your code upstreamed. django-axes-5.24.0/docs/Makefile000066400000000000000000000164011411641636100163770ustar00rootroot00000000000000# Makefile for Sphinx documentation # # You can set these variables from the command line. SPHINXOPTS = SPHINXBUILD = sphinx-build PAPER = BUILDDIR = _build # User-friendly check for sphinx-build ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) $(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/) endif # Internal variables. PAPEROPT_a4 = -D latex_paper_size=a4 PAPEROPT_letter = -D latex_paper_size=letter ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . # the i18n builder cannot share the environment and doctrees with the others I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . .PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest coverage gettext help: @echo "Please use \`make ' where is one of" @echo " html to make standalone HTML files" @echo " dirhtml to make HTML files named index.html in directories" @echo " singlehtml to make a single large HTML file" @echo " pickle to make pickle files" @echo " json to make JSON files" @echo " htmlhelp to make HTML files and a HTML help project" @echo " qthelp to make HTML files and a qthelp project" @echo " applehelp to make an Apple Help Book" @echo " devhelp to make HTML files and a Devhelp project" @echo " epub to make an epub" @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" @echo " latexpdf to make LaTeX files and run them through pdflatex" @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" @echo " text to make text files" @echo " man to make manual pages" @echo " texinfo to make Texinfo files" @echo " info to make Texinfo files and run them through makeinfo" @echo " gettext to make PO message catalogs" @echo " changes to make an overview of all changed/added/deprecated items" @echo " xml to make Docutils-native XML files" @echo " pseudoxml to make pseudoxml-XML files for display purposes" @echo " linkcheck to check all external links for integrity" @echo " doctest to run all doctests embedded in the documentation (if enabled)" @echo " coverage to run coverage check of the documentation (if enabled)" clean: rm -rf $(BUILDDIR)/* html: $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html @echo @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." dirhtml: $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml @echo @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." singlehtml: $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml @echo @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." pickle: $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle @echo @echo "Build finished; now you can process the pickle files." json: $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json @echo @echo "Build finished; now you can process the JSON files." htmlhelp: $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp @echo @echo "Build finished; now you can run HTML Help Workshop with the" \ ".hhp project file in $(BUILDDIR)/htmlhelp." qthelp: $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp @echo @echo "Build finished; now you can run "qcollectiongenerator" with the" \ ".qhcp project file in $(BUILDDIR)/qthelp, like this:" @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/DjangoAxes.qhcp" @echo "To view the help file:" @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/DjangoAxes.qhc" applehelp: $(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp @echo @echo "Build finished. The help book is in $(BUILDDIR)/applehelp." @echo "N.B. You won't be able to view it unless you put it in" \ "~/Library/Documentation/Help or install it in your application" \ "bundle." devhelp: $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp @echo @echo "Build finished." @echo "To view the help file:" @echo "# mkdir -p $$HOME/.local/share/devhelp/DjangoAxes" @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/DjangoAxes" @echo "# devhelp" epub: $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub @echo @echo "Build finished. The epub file is in $(BUILDDIR)/epub." latex: $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex @echo @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." @echo "Run \`make' in that directory to run these through (pdf)latex" \ "(use \`make latexpdf' here to do that automatically)." latexpdf: $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex @echo "Running LaTeX files through pdflatex..." $(MAKE) -C $(BUILDDIR)/latex all-pdf @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." latexpdfja: $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex @echo "Running LaTeX files through platex and dvipdfmx..." $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." text: $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text @echo @echo "Build finished. The text files are in $(BUILDDIR)/text." man: $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man @echo @echo "Build finished. The manual pages are in $(BUILDDIR)/man." texinfo: $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo @echo @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." @echo "Run \`make' in that directory to run these through makeinfo" \ "(use \`make info' here to do that automatically)." info: $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo @echo "Running Texinfo files through makeinfo..." make -C $(BUILDDIR)/texinfo info @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." gettext: $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale @echo @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." changes: $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes @echo @echo "The overview file is in $(BUILDDIR)/changes." linkcheck: $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck @echo @echo "Link check complete; look for any errors in the above output " \ "or in $(BUILDDIR)/linkcheck/output.txt." doctest: $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest @echo "Testing of doctests in the sources finished, look at the " \ "results in $(BUILDDIR)/doctest/output.txt." coverage: $(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage @echo "Testing of coverage in the sources finished, look at the " \ "results in $(BUILDDIR)/coverage/python.txt." xml: $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml @echo @echo "Build finished. The XML files are in $(BUILDDIR)/xml." pseudoxml: $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml @echo @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." django-axes-5.24.0/docs/conf.py000066400000000000000000000077131411641636100162440ustar00rootroot00000000000000""" Sphinx documentation generator configuration. More information on the configuration options is available at: http://www.sphinx-doc.org/en/master/usage/configuration.html """ import sphinx_rtd_theme from pkg_resources import get_distribution import django from django.conf import settings settings.configure(INSTALLED_APPS=["django", "django.contrib.auth", "axes"], DEBUG=True) django.setup() # -- Extra custom configuration ------------------------------------------ title = "django-axes documentation" description = ("Keep track of failed login attempts in Django-powered sites.",) # -- General configuration ------------------------------------------------ # Add any Sphinx extension module names here, as strings. # They can be extensions coming with Sphinx (named 'sphinx.ext.*') or your custom ones. extensions = ["sphinx.ext.autodoc"] # Add any paths that contain templates here, relative to this directory. templates_path = ["_templates"] # The suffix(es) of source filenames. # You can specify multiple suffix as a list of string: source_suffix = ['.rst', '.md'] source_suffix = ".rst" # The master toctree document. master_doc = "index" # General information about the project. project = "django-axes" copyright = "2016, Jazzband" author = "Jazzband" # The full version, including alpha/beta/rc tags. release = get_distribution("django-axes").version # The short X.Y version. version = ".".join(release.split(".")[:2]) # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. # # This is also used if you do content translation via gettext catalogs. # Usually you set "language" from the command line for these cases. language = None # List of patterns, relative to source directory, that match files and # directories to ignore when looking for source files. exclude_patterns = ["_build"] # The name of the Pygments (syntax highlighting) style to use. pygments_style = "sphinx" # If true, `todo` and `todoList` produce output, else they produce nothing. todo_include_todos = False # -- Options for HTML output ---------------------------------------------- # The theme to use for HTML and HTML Help pages. See the documentation for # a list of builtin themes. html_theme = "sphinx_rtd_theme" # Add any paths that contain custom themes here, relative to this directory. html_theme_path = [sphinx_rtd_theme.get_html_theme_path()] # Add any paths that contain custom static files (such as style sheets) here, # relative to this directory. They are copied after the builtin static files, # so a file named "default.css" will overwrite the builtin "default.css". html_static_path = ["_static"] # Custom sidebar templates, maps document names to template names. html_sidebars = { "**": ["globaltoc.html", "relations.html", "sourcelink.html", "searchbox.html"] } # Output file base name for HTML help builder. htmlhelp_basename = "DjangoAxesdoc" # -- Options for LaTeX output --------------------------------------------- latex_elements = { "papersize": "a4paper", "pointsize": "12pt", "preamble": "", "figure_align": "htbp", } # Grouping the document tree into LaTeX files. List of tuples # (source start file, target name, title, author, documentclass [howto, manual, or own class]). latex_documents = [(master_doc, "DjangoAxes.tex", title, author, "manual")] # -- Options for manual page output --------------------------------------- # One entry per manual page. List of tuples # (source start file, name, description, authors, manual section). man_pages = [(master_doc, "djangoaxes", description, [author], 1)] # -- Options for Texinfo output ------------------------------------------- # Grouping the document tree into Texinfo files. List of tuples # (source start file, target name, title, author, dir menu entry, description, category) texinfo_documents = [ ( master_doc, "DjangoAxes", title, author, "DjangoAxes", description, "Miscellaneous", ) ] django-axes-5.24.0/docs/images/000077500000000000000000000000001411641636100162025ustar00rootroot00000000000000django-axes-5.24.0/docs/images/flow.png000066400000000000000000004036451411641636100176730ustar00rootroot00000000000000‰PNG  IHDR5ˆ{Ñ }zTXtmxGraphModelMWǮ캎ýš tîs:–³Ë9L.œsÎþúgŸýh J¥iY$©˜éμj³膴ʫ,ýÙ‚üÀþ ~` ŸAþ >âG¿–õW÷8Ž?éªáWYÿ_™:ÜUÛF?þÑÿ¨QRõë°”?0ýüû5kŸßgùuëüç ÿ‚È¿Èÿ>SjÛÌËb¹Zß]`üŒ½É‚­*?óÌÛªy-ødI3¼0åC£ wgˆ'伕·‚ñ¨=‹0Hwc-‡©5T9˜o)OF•L¤ñQ% ràÑ(ß *ƒÐ}"÷g‹u[õy=³–‡wâ½"]Ë禛ÂZQ¤—\\,2 98¡Ü1œ¸£ãûr‘¥ž'ã Øsf~f»“°FüÃÔ#FŸ¥‚?ÊJµ“sÞ °·ÎO’•Lº£KÐâ»#œÇTàä°«\@|j+E¦f p°ÌQÈ–†ÉJúØq?¡!ˆUή…Æ0Ï`©è#:ýR*IêPøÇÚú>ÃÕÉâñ7 ×£s9ˆ)¼RZJP?þ¹§eøy”©J9ï¬KžäM¥œ¤üÈQºUûƒvžÿ¾÷¤On7iÄì²´K 4ý~‘VЌד©R¨­VÄKig9ðŽ‰ |§a¿XçœÆ¹•ò—?hæT‹›•æ± 7r¦v}­°q›ƒ1–îX¹OfÜáÂY^(຋˜Q<æñGUb¼E'ÍMÌ™ý¢Aãrü+Šû$5ÏéæVÚá õxSƒ¿dñ™b™,ׯXcc©™ ±š¹z+ãJ>¥‚ÅhéŠÕ5–û>ÙÀ_ókºéJå5kÑÔêlYÄé§U<¢¼¬{ïD(ÐÏŒ¾@C¤/ 㨖³ã2×@î!Ïii‰WæCª2¶ðA¨ ]*ƒ.ˆÜânAˆ~>1@Sö0Ô! ¯†UÄùÝ̹)O,ôwðµX¸áׂr§~Ý’¿ø‚`ç÷ŽïûzœÂ‚¥tQ=h“1Ó0T£‹!gâ±™ŸäìuÈÆ}Ì`µONÂИa,ö8Ž ¹Ù8 ¯¿­ÅHÒ¦ûνÞë)N2)Ây*-›Ï6ýÂt=hù½¦Oea¾¬õ²H9‚»p/MŽ´œeƒö½ý\â2€o¶FÖßè¨:Šf@€1VŸF¶Xwp¾ÙºQò²F9Áù”%ZE Æ8hj£!) úàÝÍᲟšýæûØTqÁž “~y6÷¡mØÕê²ëóÙyªfÛÃÞð{Ôj9\š6õ±N÷ `«&A¬±"¸DÆ£mS ^S’=ŠÅ¹K‰ HpÖ-•*¢±¡‰µ:Á”× œ‡ëGa^:\WÔkâ A—šžϸðã‹D…Z!TQç¤á>¨’9Ö›’µÍ' ™®±x/h"ÿh¡ÖëÉí3v }@a z³ÇkÖ«­Ãµ4všÏ£,õ-7¥¸ŠSñ0ô«–š|ž N÷ÄdŒÆYðœjŒÖŸ÷&âHNØnMÉdúnø[RºZ‘tÓ,.""ÂÂ7+nV‰#_6§¿âÞèÌÖM°µû ÅÄßDOqq pHf0Ò„ƉšÛq ÓKöK±K Â–I]°ààKBÀtb¾7pVrË97žˆW¼0Ðé{Ñ+o2ýë+÷Jç±ZQ^ì™Ùð¤ݳuüagÃÆ.ÇCX+ ÚnÖo‰Ðvõ’Å­”u@²—Ü—:ÚFŠšÉÑrvs…Ú£’}Ÿ¼Ì“<{(ák‡†h.É­VcfíD4ùGûÖŒäâlâ§æiŒA¨ÒêÓ(§=Ë·(N†0l°[D”ÉГ°úio}R·Æo€ØäGÉ-†ÉlÏqðͽýÓ—éä`QûÀ–¦Ü„ê:¥ucâô“=Òòcù3­Jë=$ÂÓ|n¶´-yåŒxÜ"öéVù‚ Ô<ÑÄHÚ8‘M¯e$ h&|–ÓTóEËô H;!qÞňg«•zÉëìpÕ l¨`Åžæc2‚¶f%weVèY×C*$ÏüVŸÅµúiXçd{Ý·“€ %Öcô„צÂz 2¯¶»ÒE7ðÙ?6Ô?™ikÛÌöŒ¸LÇ|¨ Ûv`pz8—&ËõÊ‹´ÕdztE ß2¦Ì˜&™…ö ¤ê½ $øT ]M²N¢Þ6Äøú2p·< %££l3-<·uårOz¤J’þ*&1úº¿­–qpÕúî~§Tÿa„þ-cª•kÓíK6Æh±74B& ~‹I®ÔßZ`iP[WÐAÓŸNcÂÄ'*àwŒ{xÍÌ8ÊÒUŠëc+M8Ëîó¨ 5&ˆ¹ø6WÌß‚`¹Š¢½ö, 2ÎQâ±Öè¼:ŠµwѲ#;4Î%Ù’#óüÍä#Õê…ybªþÀ˜M;ß‹UúòrÌÖî^­î¸ä {cÏû ôìî¿|i‹ØdéÜÚW˜é#9rëê|K) pdç§}Ó\Ú:î˜ýýŒmQÂ-“©ÍIÓ§_ Ûò $/b>ü=orBL¹Í²Ê²H³ž¨•á¤r;x¡¬Î RWòa Dê…=?œ9º‘,ÇaÝÇ nöœ Yò jÚ§OŸÀLú¹:¶™‰øÁ‡`ÅxªÏÛ}F?K_û^›ûèQÄÃà:ѱûd}f]Q!©÷µ‘Ûãä»Ý£©ñé BŠPd}Õ,£D´Ã2!C·:É]¾Ý#Ûúì›}ªe…Î ®fà|WÏU$¯hY34óSbÃ(:ú¥!*$¸2p¾ˆ&õU³±Xàò¹ÉǦþªsáɺyÅ“ûÞ °Ï‹! 5ÊìÍE.ê&kã[ÕŒáã»Ocá¬Æ…cai¶æN|{kOo¤ÙúÐ-Ðöi­u™0›®¡f ,%7S2N]Zãeš]KBq räNã°á‰|È9í{sx ä-2FFÜãò/ æéHûä…$#—¡T,´6×€7äEŽТêëxl !gÍŠ4Ã5þ {®ßÖË„(ÍŠãn†ì‹üt hËÙY2_›55æk§£Ø¡J‘/1x´!ÊôAïŒež„ Y2°Pøùh¶ïÅ!õvºÍߘÇ#¾Ÿ~*­ouPïU~²–ÿ¿ûáßËâúß{8ÌýBø^ IDATx^ì´ÅöõK%0 bÀœ0Å𕇘PÑgÆðP@Ô§ ˆb€sF|&ÌbDÁ§¨sV0 f¿õ+ÿu¿¦é™îžéžéžÙµÖ]æöTWí:uêìsNUÍ÷×_ýeT„€B@! „€9E`>‘šœŽœš-„€B@! „€E@¤F‚ „€B@! „@®©Éõð©ñB@! „€B@d–ÔüöÛoæ?þ076 ,°€FJ¤Šò6ß|ó™F¥úWùï¿ÿnþüóOÓ¤I“Š¼¯–^òÉ'Ÿ˜-Zä;{:’ø믿šù矿bó7^T®V¶ÒþòË/¦iÓ¦VïÕJÁfàGzµVF´:ý¨´=e>2_±Od—‰Š’š«¯¾ÚôéÓgž­·Þz¦Gæ¸ãŽ³J–Ò¾}{óÄO˜áÇ›ÿûßÕ‘ìßzöÙg›ÚoŸyæ™fРA%Ö¤¯…!€òyþùçÍÚk¯m–[n¹°Ç þ}·Ýv3Íš53wÜqGÉuûâW_}eÞxã Ó¶m[³à‚ š£Ž:Ê<ôÐCfúô驼Jýï¼óÎ;;ûîkÞÿ}³Ê*«”ýÞ—^zÉ,¶ØbûO?ýÔ¬°Â 榛n2x`ÙuU@»Ñ ï½÷žyî¹çÌ¥—^jÞyç3qâÄTÞWJ¥~Þ}÷]óõ×_›-·ÜÒVW‰qÓnûâ|·šÏúÛ½Æk˜Ž;šË.»,µfùßyÌ1ǘ{î¹Ç|ôÑGe¿Ó¯Ç’ž«þNž<Ùl¶Ùfvîl¾ùæe·?¨‚•VZÉzè¡æôÓOO¥þ JÏ=÷\sÖYg™ï¿ÿ¾ìw&9¾Q3sæL³ä’Kšë¯¿Þ|ðÁQ¾’ú3iËaê(ñIÛ¬‘íÚµ3W^ye`‹^xá³ÕV[™W_}Õl¸á†Ïà|@¿qÄfã76›nº©=zt‰=¬Ý¯U”ÔŒ5ÊH¡rÈ!‡4 R^I Œ{Í5×´†eÅW4~øaMyò4>ÿüs³üòË›n¸ÁtÐA%7-i%æoȘ1cÌÞ{ïmIÌꫯ^ãÖÿÎÇÜœzê©æî»ï¶˜•[PÔÿøÇ?Ì5×\c ÷=öØÃ0»ì²K¹U~ß9 3p€Å0k¤ÆñÇkn¿ývóÅ_Ø>eÔøÛ—ÊÀ¥P©¿Ý• 5þwžwÞyÖ¡Â|*·øõXÒsÕß¾—_~Ù´iÓ&UR³ì²ËÚõþŒ3Î(žÈßO’Ô$9¾Q:ðí·ßš¥–ZÊÚ@ØBY(iËaúÔ†¤íýöÛÏl²É&¦ÿþ"5)zUHÍ¢‹.jn½õVÛ5Œÿ /¼°¼ùæ›fuÖ1“&M2LòµÖZˬ¶Új)ÃP¸zR„HkˆZð|á÷– &4xj£Ö£ç¢! RS'?©‰†hô§¼¤&ú·JãèüóÏoðÂÊ©ñ÷N¤¦ôñ.öÍ,š${–”‹Ú&‘š¨HUî¹,’šÊõ>[oJšÔ„õN‘š0„¢ÿ½*¤f™e–ið\ÒTÒJqÁ“Løø´ÓN³¡8°{íµ—!-áP RÖ¶ÞzkëùlÙ²¥õ˜ <ØÖCXŽî7ß|c¿{Øa‡BáG¿~ýÌ“O>iÓ€†jn¾ùfóÝwßÙT·6ÚÈ>wã7š‘#GRlh/¡ÁsÎ9ǦÚ+'œp‚¹à‚ ÄòÃ?˜¾}ûÚÏ(Ï<óŒ}'…ðö®»îj®»î:›öy"›~vÒI'YÏÜ|`ÃÓ—_~¹mG¹Ø<üðÃó¼sá…¶ýæ}xQ‰*Ð.Rh!ƉqKJ1y÷±cÇZL‰Ì…íÞ½»íÃà¿ÿý¯•Y7>½{÷¶'ßùǘðw~wdƒöù´…¹ÈüüøãíœAùž—ÔÞGýÏ>û¬•O"GÈ/óDŸ!Ep¦È"ú‚+Ïï¹çžV_xKœïs8à̸øâ‹­Ù¶=)ë®»®%©ì1”(x!',.®,D¶ô#(ˆÔ k,дIφ= u"·´“rC!Í 9Á@lÕª•í÷UW]e1ç=«ýë_†ÍïôÉaY.6(Iÿ;‘+ð_ 6dŒý¬Ù³g[9€ü£hÃä…½3:de̼An#Œz7QÄP”8¤™ï8çm¡0~žŽ€¸T-¯ ;gF!ÄQv¤†O”?cĸ»Eþ Kì×c.b\2‘E¼c¼“±|íµ×¬CƒúýésÈ]ÔïR‡Ãß·W^yÅ´Èï wo¿Ñ)ÅƉyÃóîÍbdϘ#“ Þ˼ z‡L Çðó·tôh”qCàÔ@n.fLysb”æ&[aº9ö·»uëÖv²`Ô±†`|ºTàbz9îôó“ùƒáÈçÓ¦M³} K#Ì!ç˜cüÑ“ÈsÜ9´ø.󌹲Å[Øù®’Âé×cì‡ssƒï¡§Ðeè|œ@|ŸÚëtzc‰ñ½å–[¬¡÷Gjø= n¬±ô×í³ §°>;RCßY™Ì#H@¹ã©pû=XÑýÈ:Ž 0ˆBjœÞ¦ÿ8#0æXÓ ˆŒ˜ºñõÎCô}wdÖÉX±µªW¯^¡:5ŒÔ`Dƒ!…µÜvld‚u„õçò‚þ#tý„(¡§ÑÈ&s=à0fÍÞa^yå•m;0p‘AŒÌ“bmÁ‘‡ÓˆÂšˆ,C¼ é'ê +ak³ÛãH=Aó9Šk8L¨3ªD6p"Cq8a; §¼]ñÀØ®¢ÛÐSè|d¹Æùμ¡‘š°¹„>Šº~¡ŠÙ:´¶9šu=1.&Gaã˜äß3Cj`“(a&'F•ŸÔ œY¨Q6xäYH™PV&£#5xž™¤¼[">ø`C$ƒˆÞ"&“•‚qÀ¢1qˆ¢@‰ðƒÍëõ^(H…¨†²#xþvÞygû7ê¡ŸüÝŒ1”* Þ‰‚AA3ùxž¶2Aœ7 o0ßÅXÆc yÚ[‚‡ˆ6 €gýõ×·Æ> k˜!ƈG‚Œ&òDý¤åF{‰`àùucÊwXØYäè íŸÄ˃aK@q²•#xôCã•É )„ñN<¶þ´ :u%† …þaÓ Ù»‹öòy!RƒÒÁP@¡» ö."Á #5(ò =5((—nI;YXy„Ï…£ËÁÆÿNï…щфqä¼½,Ò¤õмjÅä…özÓÏÜâáH ƒ@2ÆNÞ ÐÌGž%šÂû!znCvX$ xÈ¿K?s„™sF¸q§È9æ%mC†XTX8ñ¼!Kôý§Ÿ~²Þ^oaÁ‰ú]6ûzÉ]PúY±q÷÷ÙY¡qb>#5NN3ãŒù‡^b‘õ·/긡1Ôœ=`.² ÒêöêHHÀ å…Îä$vêÔ)©ÁÛÍØ`:L1f—BÇû1jÝ‚‚Å‚Ì¢ÉD¡àeÇS‡ñ‰ÑËv^RžactA<™ôDS¼ÞF Q>w"ïA.- O•+,ü`†áŠ×¬¼F"ÏAØ X…ÒÏH!cÌÀ ¯8rH)‡Ôx±¢.æIÔqó’q ÑbŒ †5ÿóö­]TˆÔ` 8B»X|‘Qæt˜^àïè "ÁDº(Ìyˆˆ3$Š‘tó–5#¨`pC²Áý‹!Šs‹ùÁ<)Fj˜#8˘?è.WøÞxäùoo”“lÚdà;RƒóÄ›î‰n… ¸‹SXŸÝ:F{Y7é‡s”;DãX1ñ»B$ˆMRæÈk-k NGpvxxI kz„ƒ„š-á%5ÅÖ*¾S Ϩ¤ÆE›Y{°WÀ‡œ+Ì?ì!Ö*ô[!¹tNIÚŒþt…ïRõ{I k§W>ЕØ#¼çfX[wH QA ÓO“É÷a±µÙéãBóšu?®=à0‰£½¤™C_:”î ·p˜³ö±>8矋tÿ R6—ÐgQ×/§÷ Ù:N¯âÜuéûQä(Ê8&õL&H “Ž‰‰ÑîX¿ŸÔ¸4%:Žw…éBr^Rãݯ õŒÂ3„k‰2¸”5>gpž]H ¬ãâ˜(ÿÆ°ÀÀðïrá ‚bÃ3x6(Þ¨ÿ'¼‹ÐRH™ ¦óº¹zQw úï?"Ðë=ð¶Å‘ ú¶Ô‹Ç…I](R‹g‘è ØàòŠñ‚ÇÐ¥Ÿy)v¤Æ{,·—Ô@^À2ˆñà-º¤ýj„« RƒE[½¤ÆÕK; ‘,Ò™HûpÅK”ücèŒ4dÑ%½[ˆÔÀÈ"âV(Rã?ÒcÊ|pòV6ÅH c¾ ¢ ;ÂäŒ ‘ƬœÚá‰ÑÅâ öZæ´7Ý/(cT ©ANidÙ)dÞã)Ç[…qI4–…•ñsòÏߊ:õ»QHM±q÷ËFI±q "5`ˆgÖ<DæŠKÉâÈ'óÈk¨óRÆñÆX%N #5a²5öê¢B¤Æ¤³—Ô„éæ4¤Æ›BÊ<$Ú…Ô è$Ò÷‚ )6Ô ¡wˆ5s! ©a¬0âýº×E'1rÉ`ðËQuœ#ÅH7¢M»!*Öΰq ë³#5Ì=Ö]H–ÛOZîx€#Ynn;̉Ò3_¢¾Cš2Ùè ô%Åé-/©ažàÃ>pûcü$$l­ Ã3 ©an8âʸsvÎIÁaˆ-SH.I}'m§‡?Ý( ²‰Îö¦Aºlqìá„C·@£´ÂÏZèOá/¦ŸŠÙS^]Shmvú¸Ð¼Æ‰×p¤Æ»v…é@/©aÍa̼ºÂëÐ#Š…ç]›ÝqßA¤&l.áÈŠº~…Ù:`î?N:ŠUò.¬ª“Ø*Šケˆé%5vn³#ʇ “Ť@ 0Öb¤¥åÎÇc†·€ôw Æ0Âç Õ Å†pAŽ0„Üžÿds¹ë|ŽÀ:Ňa‡ŠâÒ ·/ˆ¿Q?^ Œm hdži;Jï¡Ôè/lÅÁ Ú×…É_X` o<ëNs£Ÿ(˜ºö{½LvRh/!~ðr‹0õ;O¸7ý,©¡½,ö^.Ñ- zÚ…Ç?h¡(©qû¼ùük,H„ ‘0bquû¦\*H¡ô3"÷†ð1&ñþ@jPn`éM¥ré‘¥’7å`SŒÔàeÃÓë5jH ]H “—b¤œ‘c gèò¼ó,{ÓÏ’"5(mïBà"CCgT0?ñ^1þ3¼Xx ¥½Ñö¨ßMšÔà‰/6Nuxù¼ÑQŒsÆRƒÇÂâtÑVò ½¤ÂWʸ…-èIë¢RHM˜^ ¢ç'5¼¤)F!5NþðÀº»ÖHÑAßB–Ù_çö9€‡KYBjÐO!Ö<ô½+^oÐQáQ"5®oÔ‰# ‡éÝÈ{ØšQ¬Ï:|ŸÈ Ö] rG¦ËÚH€Ëìp˜°>⌌BjXC‰T¹ô;tûÞØ‹…ÉÜpé…8?×~Þç Qo¤ÆO¬½kUžqI m`}ÄÖðzýYÿYÓ9Ô€õ•vÉ%zƒ,´ %k;zÇ©qmÄfc¦Û#¥-¬÷~R¦ŸÂHMØÚDj¼óš9×(—Ô¦G4Ì;&®8ôX3™»Þµ;{(ˆÔ„Í%œxQׯ0<ƒHËv*&Gaã˜äß«Bj uÀ›ßë%5(HQÒ²$·'…ð#Š(ŒÔð^¼;^2ám‹;(À¬ü(ž÷oú•÷»NÁ{÷ðw—çË÷Iÿ ×… !`(r ŒK C Ć(ý£@¬hË©…à!´,ˆä¹»»Þö'䊴) qBö($&4ÊÏ õPž5c<=Îb±ƒÔé€t L‰áu/•ÔàÝÅÀÄ €dàm| TÝa¤Æ)(<Ú(q0 }¬ñTòwö ,è#!Ɔ=‹J£©ÁpÄاM´—gYð(Œ+íÇ£K¨#|?äÓ‘…€!ôµ˜Çžv—‹ÿ´ßy݈Î0§ˆÜ1ž R:0†Ãä…üm—²€ì£w/ 29ÃS„8rSlŒ°[  ØÌcô(ë?iú¬ï~RÃ;]Ô‘#“.Ë"¬-î o¤&L?á(d elƒ.×[›Ãär×(—Ô¸Œô6Ǹ‰Þ@W]#‚‰aíAE "5aº-Qׯ0<©+èâÏ09J’´„ÕUQRÊ"ð £Ëeæïþô3&3JÆÒæY„ oÆ¢7RÃÂàRŒ bxÈX8$ rwã±cÆ<‹ÑŠê Š’ æN·òöÁE,øÌ»±Û=ã 'þ‘p¸ ^…²'5(JÛû~ðsǤº_o; G$·Çû7›ÑXP)`…¡D”Š÷°Ø‚¯KéÃ(Âø¡ôc—Md, Ž`±`°2VL6êÁËàNbrég^#2ݦb&$‹½k8£ÝæqŒ%Ò(\Á˜†œ²°SÜ&;·ùßÚ枇hbèAà(ìw‚¼¹ RY¨ &¼ÛÕéÅŽÈ‹^= õ1¦Œ›ÛŸå}'2ˆ÷cÅåÁãùSúIÚäÔ‹õúS'ÊÅÆÿNH$† 4Q>N7‚h¸9…L`€y˜¼`øº}?ôÒ‚Qè6cP@°]JýÃèD>Y¸ÝÂàŽ8Rãæ€_O¸ ŒÎ 뿧Æï¾Çü&µÄÓÎçxrY\^º{§?%HqFù®#!¯bþ0ÏÂÆÝÿîbãÄ“nædÀ¢ˆá©¼3?½'>"ïÔÉsþö¡;âŽõpQ9¢½Ìw‚’¿?a²EùÛ ~=Àvsº˜^pãæ¢é´Ù¥Ÿa裳ƒÆã×í±t)r|×EÇÐ}¤3W 0n®±æ ‡ÌIôê1úã«x♫|Çô Ö>¿îå™bégD&Á‡²êŠwïAØ8¡Šõ™è5zÜ­¯.­Ðí±,w6ë%Ž/§§ÝšÁß]꼟pX[ñ÷nÓOÎvó û ÃÖfœÐ¬KÅæu\{ hí ÓÈ©~àŠÓˆ³Õ;—‰|¹µÏEfÜßÑ?È5ä“û‰E˜Íuí Ã=DjÂä(h=M볊’š8À & à5ˆ™4îd­ }aõ³pq²ÉÁ(g‘§x½ü¥‰§ŠÅß…yÃÞ‘äßñaœfgqæ··°è¢lððå:1ÊûøÿN›Ý1³þ“ÿ¢ŒS±>‡µ¥Üñp{Y qú×H¢þ¬q…®h }è'~À“qócàÖEŽÇ8Å!©AÏ08¼Ž“b}Ž‚gfAg]ÁVaþ»ƒW¼Ï#0¤ÿè$ôtX[üí/¦ŸÀš;Qpʸ9Ôÿ°µ9 ÓRì°:ÃþŽ>fþ²y˜Dֱׂ¢TþúËKÞúJÁ3i9 ïÐß3Ij0’ñ2QÜšR;èýžóNñ9å³.UËŸ6–Äûj©wN?Þ¢2xTñÂù7°ÖR¿Õ! „€È–DËÃ.Íë» rDÚûoH]"ú‚_Š“5ìúûßW@pà ÑR!L’wš¡`¼Iy¤„=ã.õˆÏð²äáˆb½<ã.d* IDATOƒ¡ß¤U”¥©ìÔO! „€¨D¶ˆŽ•ùj¥ÿRn¢5¤b‘nϪ7²œÎ›Tk­ IRCè‹È›¥Ü™ðIû'Å‚hÿ8á¤ßUKõ>'$ÊbA¸ß]øUK}T_„€B@ø BÃƤo¥ 1! ª‹@&IMu!ÑÛ…€B@! „€È"5y-µU! „€B@y©‘P! „€B@!kDjr=|j¼B@! „€"5’! „€B@! r€HM®‡OB@! „€B@¤F2 „€B@! „@®©Éõð©ñB@! „€B@ˆÔH„€B@! „€È5"5¹>5^! „€B@‘É€B@! „€¹F@¤&×Ã§Æ ! „€B@! R#B@! „€B ׈ÔäzøÔx! „€B@! Dj$B@! „€B@ä‘š\Ÿ/„€B@! „€Hd@! „€B@\# R“ëáSã…€B@! „€©‘ ! „€B@!kDjr=|j¼B@! „€"5’! „€B@! r€HM®‡OB@! „€B@¤F2 „€B@! „@®©Éõð©ñB@! „€B@ˆÔH„€B@! „€È5"5¹>5^! „€B@‘É€B@! „€¹F@¤&×Ã§Æ ! „€B@! R#B@! „€B ׈ÔäzøÔx! „€B@! Dj$B@¤†ÀwÞiš6mšZýªXü 0ß|ó™=öØ#? VK…€È"5¹.5Vä ÿþ÷¿¦C‡ùj´Z+„@*<ú裦sçΩԭJ…€"5’! RC@¤&5hU±È"5¹25Xä ‘š\ —+ò…€HM¾ÆK­i" R“&ºª[‘É€©! R“´ªXä‘šÜ ™,r…€HM®†KùB@¤&_ã¥Ö 4©I]Õ-„€Hd@Ô©I ZU,r‡€HMî†L ¹B@¤&WÃ¥Æ |! R“¯ñRk…@šˆÔ¤‰®êB@¤F2 „@jˆÔ¤­*¹C@¤&wC¦ \! R“«áRc…@¾©É×x©µB MDjÒDWu !P6©9r¤™¶iÓÆüþûï%ÁR#û¥¤áÓ—„@*$i¿”DjN:é$óÎ;ï˜1cÆX%§"„@v ¢±×^{YgQŽj–RHÍ9çœc6ÞxcÛ! ²‡¤æÐC5—]vY¬ÆeÔÈ~‰5dzXTrí—ؤ…0ÿüó›áÇW´£z™ñ8ñÄ­Ó’P­—ÔpÀf»í¶3'œpBµš¬÷ !Í?þhŽ>úèOÿýHµIì—ÈC¥…@U(Õ~‰EjÙ^sÍ5CEEì#@ ÚQGevÛm·ª46©ùóÏ?Í‚ .¨èoUFJ/ñ¸ôÒKÍRK-eöÜsÏH_®&©‘ýiˆôÈ ¥Ø/±HMãÆÍœ9sdtdfÈÕ!PŸþÙ4oÞÜÎÛj”8¤†¨R“&MªÑL½S ]$ê›j’Ù/%°¾&ª„@)öKdRÃæã÷ßߌ1¢JÝÓk…€(¾}ûšV­Z™#<²”¯—õ¨¤fÚ´if‘E±',©!þúë¯ÈN“j‘Ù/ù‘'µTxˆk¿D&5={ö4íÚµ3‡rˆB G2:aÂsõÕWW¼ÕQIMÇŽíq±è! òƒÀ‡~h|ðAsðÁ‡6ºZ¤FöKèÐè!IâÚ/‘I ÷_Œ=ZÇ6grØÕ(!PŽzîÝ»·½OªÒ%*©á¤¶I“&ÙT9! òƒÀ÷ßoöÙg3vìØÐFW‹ÔÈ~ = 2‰@\û%2©Ùa‡Ì“O>™ÉN«QB@G Zó7*©éß¿¿¹è¢‹4ŒB@ä"¬ãÆ myµHMµô_( z@PâÌßȤf¾ùæ3äΪ!?ª5£’6ñò£"„@þàŠ‡(G;W‹ÔTKÿåo$Õb!=âÌ_‘šìŸZ$G ŽRHòå"5I¢©º„@6øí·ß ?aE¤& !ý]?qì‘ɨâ(…$áˆJjn»í6Ó«W¯$_­º„€¨"5Z¯uˆ@ûE¤¦D]®?â(…$щJj8ÎYé­I"¯º„@åàöï³Î:+ô…ŠÔ„B¤„€ð!Ç~©‘ø:@ ŽRH‘š$ÑT]B › _fÏžÚ8‘šPˆô€"5’! Š!uRsÄG˜ë¯¿^ƒ(„@©Éá ©ÉB 'ı_©ÉÉ ª™B â(…rÞãÿnÔHN?KuÕ%*‹€N?«,Þz›¨'âØ/"5õ$êkÝ"G)$ ’HM’hª.!MtP@6ÇE­µ€@ûE¤¦F\}!ÄQ I‚•Ôèô³$QW]B ²ˆÔTo½MÔqì—š'5?þø£ùâ‹/Ìk¬‘køóÏ? ?5Êu?Ôøê G)$Ù¨¤¦Z§ŸqâÚ|`–\rI³Øb‹%ÙuÕ%b#Àzµà‚ æNÏëô³¹‡ºVìŽØ¬/dÖ¸ï¾ûÎ,±Ä™k[Ôű_j–ÔüðÃæ_ÿú—¹å–[Ì¢‹.j–_~yÓ»woÓ¯_?3sæLkÄüþûïæ„N°;å”S¢âÛðÜ5×\cþùÏš¥–Z*öwã~áž{î17Üpƒ¹ûî»ã~5ðù×^{Íl´ÑF–(!0”?þøÃ.¦S§N5»ì²‹ùøãçùî~ûígn¿ýöÀ:o¼ñFóüóÏ›Ë/¿¼áïë­·ž9î¸ãÌa‡–H»“®ä‘G1Ë-·œÅÂ[ }žôû+U_¥d›²Ljzè!³ï¾ûÚî¢/öÙgsú駛õ×_ßœ|òÉfñÅ·:ùðΓ¨ø¼þúëæý÷ß7:uŠú•’ŸÃqSj;K~©ï‹B0Ýzë­þÒ¾}{‹ñàÁƒëBŸ”ƒå™gžiåoÚ´ifíµ×.§ªŠWü yT»ƒuqôèÑsÍ•¨ƒVI»ƒµ»Tû(jŠ=‡îØtÓMç²ÏÎ>ûló¿ÿýÏÚ^p@à×»uëfn½õÖyþ¶âŠ+š^xÁðÛ[:è óŸÿüǬ¶ÚjI4;3u̘1ÃÚrÛn»­¹úê«3Ó®¸ ‰c¿Ô,©AHÐ1cƘe—]ÖL™2Å´k×Î<ðÀfƒ 6°¤†ù'Ÿ|bؤܲe˸8Ûzüq[_Ú%-R‘™þùmó!y`©Yi¥•,É7 “o¿ýÖ>ÃßÝÍÑ—^z©yúé§HÞö¾}ûš¦M›Z#†çÀ»{÷îæ³Ï>³FWÖÊ!‡b¶ÜrKK€½¥ÐçYkÔöÄQ QëŒò\TRSéÓÏÞ|óMƒa?ðÀ­1‚AùꫯÚ9 ©ÁHç7s`óÍ7Òݹž¹îºë̸qã :bWXä ÌÝRÛ™T;À‹þn³Í6 U:Rƒ‘Qú¤,!2]t‘5BòVDjþ±¨vúºY³f±‡º’vQìRí£Ø ø¤¦uëÖ¦ÿþ 2dˆÕÓènwŒ8ú½sôÑGÏc§`ëq”øf›mfX`«ë!5}ô‘iÞ¼¹µmxÏV[meÎ?ÿü$š™:p‚6ÌLœ813m*¥!qì—š$5Ÿ~ú©Ya…¬ào¸á† ²à²øÿãÿh 5,"DZ0bñœ <ÃíæL¤Y³fYOëöÛoo®½öZ³Ê*«ØÉÄ¿9ñeõÕW7/¾ø¢Yzé¥çzCžI†Á¼ÐB ÖÿÄOØÌÏ?ÿl½œ;ï¼³=Ú‚0vìXsÆgØz×YgKÒ#F˜+¯¼Ò’ªc=Öì½÷ÞsÉ “–Ï|ðAÛÞÿûßÖ í-.RSˆÔà­¦Lš4ÉtA#^pÁÖ¼ÿþûª>òÈ#­1ŽêGqÝÙu×]žã»x—Ÿ}öYë…ÁC›Ÿyæ³ñÆÛÅ}Ýu×5(ÿ>}úØ!ú0aÂûiB11nxñ®AƒY/Í2Ë,cÿGç—_~±„ üvÚi'süñÇ[Ò‹'ž±¹ùæ›íç”;ï¼s®Ïy‘¦W^yÅ*?R-h[žJ¥d¿¢’šJŸ~vÌ1ÇXù»ãŽ;ºËyá…š£Ž:Ê :ÔÊ1d #“9Î|’ÑsÎ9Ç|óÍ7Vvß{ï=;ß1nXdçÌ™cõˆwQÆÀÿ駟ìü¤Î zÑ=¼Ç 2:…(mA–y×n»íf˜KD’h's€ÏÐ%xXióî»ïnçé[o½5Ï÷HI@/é+¯p±âM7Ýd?Úÿý­WÓ_Š‘šÃ?#GŽ´Ž!ÚÊczÕUWYÝÌ3|†îG—a¢ik%ŠN?3&ŽÝ#eàÀ6C )»ƒ, d’úÐ÷Ýwß<ö 2‡ƒ™&EŽv »¿þúkàºÉß°>üðC+F§všý¼BÈЕAëmÐ<Ã&óœ§Ì3æ.z ògL#5ÞŒ‘=÷ÜÓ:­é—¿°öÇ[laÿ„#›5Œ—’ÅÜ õòË/Ïõõ¨˜Ùd`EÚ6…ñFoðëã€-Š.Çî{ì±ÇmA²gü¶K›6m¬¼­®6ìVÖ‰SO=ÕÚ¼^›kÍ5× ´kh#v-òÓ¢E «÷X¿üòK{Á®³¹*¡WÜ;âØ/5IjPð f¡”—~ÆbÆ$`ñbrcÈ;â©P l,$L\#ƒ…‡IÍ"ˆAíR¸XàG<Á‡z¨øLÖ ú!/]»v5÷Þ{¯­Ãÿ²Ë.3;U"AD;ðäñ^××_m…†‰ˆï Ê+ ä… Ñ…áèŠ#5,œnq/eS©¡]%uÔ¨QÖ£²ð 7¼8í„ Ò>þO€AØX˜!2d`ÇäEIzggØ'uÒI'Ùï?ŠcB„b饗ÌÁl¦OŸnÓâø œ!{<¡ÄøDÙQ¿Ã‡v{?‡L¡0€øÞo¼aëÈS‰£’ìWVIÍ;ì`PÆ4¨¸H ó×¥uA؃dC—ùŽL²ÉœdÀ8Å(%Ö+ûäbÀ< ÕËBûä“OZ™¿ë®»ì\aDî!I&æ Î R2\;Û¶mkõD]B»0΃¾wÅWê+oʺ„90~üxÛôs>x±ƒÔ0W½æعçžku'¥'I}S0! ‘€ã…yÁ\GWCù7cÏbŽ®Å ##Y!òæ`ž¤t gôpÝÏ»\à¢×kô=ïÇ 0`€u uîÜÙ:†ÐMÈ ú\X;3Þ‹S†þa(â袽è¿J`,±Œjw°¾²!‹IØŒ1Žœ£ÈñZk­eƒ~{ÂŽL#¯È0zˆèÄW_}¸n²ÞaátD^!䵃9h½EùçŸy N˜í¶ÛÎÊéÅ_l×kz=s€T3¯Û…ùX.©A/ccÑ'tŽÿ6„(˜â@²ÉXÐè@œKØ’Ø4ØtŒË%—\bõ(ï$M™Ï‚lAHßvaÀ Z7¼öïB?°~°Þxm.tC]ƒ\@úX;Ð…¬á8’ßyçkoAŒ*]âØ/5Ij0`Yðý†4AŒ×Í¥Ÿ9R¹€©»½ $)ixÈ0𸲓g0Œ™|…ÂÀ( „¡éر£²8O€¿~ ”Šcó°`"#«®ºª]ИÐ<ì¼…Eÿ0ʨŸvx Ä ‹ñ¢Àƒç u;Rƒ·À»§–^.©yøᇭҡ`ä@ÈðH{ “……\XQ´ní'ÂE¤ï£p1”ø?Šº©ÁBä…Å…‚Áˆ×"Š±G½(Œ ´°ô3rvÙ[Ìð£‚ôº¬¦ÓR6q”B’ +*©©ôég.Ïï™· [`å'5DúA¿Œ²¨ãÅBŸ¾Fa>²'‹t° ô3 pê!rRHö©—H6äÖyÉoZæ8º²àH F6 >ž|.,DxÞ0LüßÛ¤¯¼˜àìàÝx;ñÀ²02Çi—·@j [Î!Âßø?ƒrHM}SœPDÖ ¨ROß~ûmKj ¼¢è™.]ºXç íw©¬+>ì•bá‡ìà|t2²G÷ûsÜ©“è Î-ä Ò‚A‰s ½ãŒBȆyò,œ6ä–õ‰# Ï8kH%ŠH±Ž³¨v‡#5á¤ìôò ¡-doà¼E·9™FÆ ä uûD‡ OÇèBä ý… ô=œ:þyFê—·`“àôaþàtùÓ¤ 58‰˜¸‚nÃF(—Ô0Ç©»»[ÊSL±ß‚l2°f.:‡-ïÀ9DÚ>zÝ¥™¢GÁýd búmÚd3±nx÷1^Dرó¼6×÷ß_Ю!â‚cwBh¨ÇE"ÁÞ?–ië˜8öKM’&†…á…3‘0tý¤†¼J”’wã†,cÁ¥_AX‹‘ÈÄÃ……§kPýö,nÎóŽwbpðI#¡°ÀòoÞ‹g!Å`b1góFjð0âÉ#> x ‘š´ÓÏ »31*‰"a0²hC\a"CŽ\ÄÍíƒð“0„”©Á¨Àxóî`ñÇ“‚‘ Î`ȤD†‘ –3x ·ŒÍçŸ>™L{b—S¥PÎ{üßJj*}ú^4œÞE”è'rä/Fº‹Ô@¬ù›_F]*^I5D÷0W10 ‘/HG!Ù§^¼“èR3yÒ%1¨Y,]z'xãl!²âH ‘h<#Lô!^Ut›ÿ{D¤ƒô•7UÝE¤€þ1Xñ‘šB{jÊ!5ÞtÖB²‰Œ‚)úÜÑÍèrúó ]ÃBOÁ»Jß𳘻ôZE!Gjð‚ò= ¢6ŒQÝïß;ã'5NçôìÙÓâ¦Âzå6ÿºµƒ9IÅËZiR£ÓÏŒgQíGjXÇ“²;0Àq° ¤XÕ˺E„ù§ +(8ƒÖMlwP„ â-A4‘h'NÆ ïá$ðÏ3œ‹Þâô†>òÌþç RShOM¹¤Æ›~VH¯DÁ”yd“±Æ‰rº6?Ì_tŠ³QÈÀñƒþ²qÄúmôlÍĺm늟ԠK±¹œ#&È®¡ÍN·¡S‰ÐàÀ©IÒ2*¡.~AeÇËØ¡Cû›ÅßOj˜Ô X0¼xx=Š‘„‹Ií CÏ)ùÌ+F0Ä"¨~F †$R„@á!Á«@=,ª„!ŠÜù;‹ñ&›l2OípŸ³AÁ‘½Tx‘“<‘š¹GËE*YH™[xÂqð‡@Pú†~Œ"S…H ²É·x ðb²O½o"#8IR0œð }$õ†1ã=ýŒv¢ƒ #èÈxÐ÷Ð%AúÊK~ðö“6.¤Ià ,©É©)†)xÐnÆ’Š'# 2D?8 ݦI~£ËÁ£½ë'5fqt?ÄÃ[ ‘äç¼óγÆÑ=Þµ£š¤Fü=’QíGjHJÂîàÝ^Yª—5Œµ"Ž]A$Yb¿hк‰Œ;R™çy Ï2'ÐMAßc}öÏ3ï~È?•d²‚ÆššeRSSæmMy$uŒ”~œ A°3æ ‘,lˆ!™ À [¿Ù.8©‚Ö#2IÂH /d×xu›HM†¬< V SŠ#1êɇ¬øt†<°Á¬Iƒaá lÈMÀKjX! ü À¨Ÿð?^\WÜ~È¡:O"&Aõ~ÅPvÞ@<Ãx&Xð\®)íGa¹ ÷0{R$0¤HëÂàñ†M1>gòweÄÞFWÂŽtv)$("ê ƒ0¤ð;( H¸#s]zD†Ô1ö$àñB!p¢ øâ¢à‘F ÐwšŸãñÀ؃Ô`BüPÔÃwñ**'ê1dL M¤u@P ¯wÚû9 ÒD4Œ:‘‹¼P”uRSéÓÏæºKE?àØÀ{§;èHgd*HF™§+¯¼rÃ&Uæ›q<ìîÀÞë'5…dßÉ, #ú…¨/õ¡/Huƒ€Q˜ƒÈ¦—Ô £¿“'O¶ú„ô="AúŠ\kWÐ8ð ¢gÐ9—ëž+v¤³óV¦¥O¢bŠ“‹è ÑWŒ·ÿRIä36C$ˆ”áô`aG3` ©C¯"+8] =èwôRÝOÅHKó` «ÎGNq`±¦ÐgïÚá'5ȱ÷€Š4—g‘š¿Ñjw¸#qœ&ew`#àä`ó9Ù Aõ"sd¬`P£3XóÐ+8€ƒÖMtö‘K¡âè7ç¨)ô½ yÆÞYoA—✅ܰ6ã¤-¤i¹RìHg¤ýí¢™Þ÷ ›% :( Ð܈‚)vIMFú0Ž%tŠÛdO”"çÒ㽟cSÙ‚`d»Z7¼}ñGjˆT;›‹¿Ù5^݆~„ˆ)R“¦öŒY7JÕ(W"€<å¼r·?'è„&;Fïõ–8õó=& “ÆÞëÝ”ë}‹ŸÛ@ˆ¢–‡Ë ‹bœy÷ÿ°¸3ùéx:‚ÅÿI º'üooZõ P0ØÈv£‘÷ùóD½Ÿãe,x¿×S«öxÖIM¥O?s a 3—¢Þ7$£…–9H‰"3Aõ’Jz©ÿÈyÚíÒž¢è5oƒ¾WH_¹ï1wØG†AC!*áMs¨š`‡¼8StÎ<ÄxÊ‘Aÿø‚ê-èæ?sß{bY¡W'¥û½õ»Kb‘#<çY+:ýlî©–Ýá—‹BöŸ³Þù‰uкEÖ‚¾çŸgAõ5]‚³ç!º,Š®ŒÒ¦´ž)„©ß&Ãé !K½áM­wú[Çûy¡6²]x>Îzä¯?/vMû¥&÷Ô¤%̪·º`|zIMu[“¯·ÇQ Iö,êžšj‘š$ûªºò‰€#5Õ8Õ'ŸˆÍÛjP+#©~$…€#5d ©”‡@ûE¤¦<¬õí "À&EòZ]趂¯Îý«â(…$;•ÔTúô³$û¨ºòbÒôHíS) ‘šÒpÓ·jRü‰þ—r±{í¢RZÏâØ/"5¥a¬o \!G)$Ù±¨¤¦Ò§Ÿ%ÙGÕ%ê~Vï þ ôˆc¿Ô=©aC?qòÒÓ:Õ,ÒA ŽRH²"5I¢Y¼.ö]°Ç¯Ë }^¹–åóM…Ö­óŽ§ ¨ŽŒK«ƒ»ÞZYâØ/uIjØèÅÉœÈÉÞcôâ›ÜØ”ï ©Qœ Æ1}äh{ON‹[wÞŸ÷Ÿp§?œÀÁ‘ªÜÑQjI¢ŽRßµïÅQ I¶=*©©ÆégIö³’uq1‡Xp*—·p 'ù÷~Î)Zè=ŽvÍJAOrmbÎ'Y8A‘ÔFï¥t<ô ©¬œ,ÆQÿÜÁÆ^oáèf{áwÐçœdÄ!.y»ˆ7I|]]"5i \§ì—Ê`-û¥28GyKû¥.I §EpÜ2§s$Aj HÜ{Àå}$.÷ä¤,Žå>‰r ó(žÕg¼lÆm#ù¨œ@ç=­uÄ}gVŸ£’ìCTR£ƒ¢£ŽÎé}þS°¸ý½ã';îsî¹!ŠÃà²Ýé IDATôAœ•Â1öÝÎQÑþ{*Êm#§µq¢ÄMá8dîc àˆiŽ¦æDDR ½…‹|i›Ÿì¸Ï9%#quÀ€±wopI`Xá î ªt©–þK£Ÿ²_Ò@uÞ:e¿Tç(o‰3ë’Ôp·dåÊmÒx>1 ¹ë„ûG8+#ñr Çéq·gþûô$RÂܮ];;6x‰Îp¾;—ùq§žS¢9\ÞÆ}(,ÞÜ‹ÃáœÏñÏ<óŒõ&òÚC=#ÚBÄï°€rßÌ!CÌÈ‘#í{xžÝ[0d®¼òJ{YïeçxÙAƒÙóà9꘳`s9 ó³Ï>kÚ·oozwÏw!pÄ-¾sýõ×['mô^ÚçU ÔGÞ5^&<Åœ¡Ï1º½œ›ŽAÁùúÜqÚi§ÙK¥¸À‹ãTy?‡pK;žfÞç5@¸ƒ{}ܤ\\x饗Ú:¸s(¨í\¼G=´…sØGÆ#ˆ›y?®Q&`Ÿ‰£’l-æ?2Š1̘È'ò†Ìp }äRJî>âzNèCîp˜0'ˆÜºÈ27~üxÃÌcï1뤒poó€:¹£š¹ÌÊÌçŽ;Úƒ2˜ÃÌ¢ù¤í/u1ѳÜqÍ5×X]ä/ts‹£‰Â‰A/t:ˆû7ÐADE‚ê%êâÇ–ؤË;‡rˆ"/Ü?¶\®‹î$ºÅ]_ÜsÅ=\fJß¹ï‹;zÐÅAŸ3öô—±àþ,»0à¹ÔûÁ¨Ÿ¾p ºŒqDž0P‘0‡tq?d@×Ñ<ÜÏÀœ‰n„¸f)eZ$©5‹×%ûEö ¶¨ì—àyR—¤†…Ãã•Å™´.Õä’:XPÒǸ€’…Ë‘.Ðcaô?©áo, ä¶³˜¹ô3Oˆ†ãä Æxñ=.¨Ã €¤a´ÐW¼µAm'uãÒI{ÀO7¿yíª•’uR“åÓÏH?bžéÀÇøF¾ÐÈm‡è`øBØ™+È*ÿ†`°B!æÏP¯s† g\¶ÉÝ)Ì%Ì;òŽá‹¼âàtŽäžzî¼óNû{Ú´iv>}ÎœG¦‘í 6¢‡ˆX`Ä3géïÃ?lÉsœ:1´™è8UH†›cã8b0ºÐ?88˜Ïà€~BÇx :’ʹô9 >.•ËESx?æ$ú½à¯„-$1éÒ¥‹uR1F'.­C/¢¯Ð¡àAßÑÿèVnêF/ƒí úœñ‡èqK8D0¨]ü ¼q– ÷XwhŽ*êf}@/ñ Ä=Mä‡ö‘–I‡ 36È$‘1ÉJ©©ÜHÈ~‘ý‚-*ûE¤¦øãÏ$ÒŒהÅÇÝ8Ž1‚×ô²0RƒGo(ƶ#5!¤@àÑcAƒ@½áˆ7„S0 ðʱȒb‚‘‚1Áâî.và °À³Àmqo'‹ü6Ûlc#1x©—S§;dèС–di!úC!o4Þ` }ŒŒ <000ÈüÅ‘ðijàRK0*úôéc †ý¥ÐH‰ŸÔ@<0 )Sz´Í0Å8À3 Dƒð˜;b¡ j;ï†l Zc5l”ƒˆÆ&歹’uR“åÓÏpà‘ǨGV™+nß Fç¨Q£,¡À¸Æq¡~É%—XO:ßáæfœDG™{8+0`ý—ö"÷,V<‹ÁÏ¢Ej \æ4‘"•è!Œ|n{FÇ]`o æ®ÿsæ„»œÛ¯ƒÚÈí×è"ædC›ˆ ¤ gNæ9ï"2E; ÌE $§óŠ¿!¦àâï85¼…9É3< ¹ :ÊÇIA4Œ¨vP‰"¹=>ìÝ@—¹´Tˆ‘+/œ( t s¢Ãè%7ï˜ãèJôû‡Ð£ì%ÁY„å»ô,½†:Q&ô‡  dƒö3ŸƒêÅQäÇ–ˆûz»¦M›Z†î$=Ïø²Ç3èW°[tÑEmz0Ž шdÐ礑´Bí‚ BÇ‚ü°.`”BèXW?œ4¤”QÖR !|È2ÆÞ°a­¢ýÈZ–ŠHMåFù‘ý"ûý*ûE¤Æ"àÝ,Ú·o_»(»h¤BÃBÊ¢…Wò€G‚Áç-Þ#ù†9 1$Ä{¤3ÞNêÄhgÄðfÑ"™StßSø;m!§šÈQ<³xîð ±Á0"5RD®5NnW¨2ÏP (F†  þMß1N‚Ž.äÝb,ÌÔ A ƒźX¤†¶³Éšþñáý…xÑG&%žRÆÏ#ÆDË»§Æ;>/~r‰ÁǾêÂ`ô’Œ¨Bc FìŸri>¤¡a„‘þQK%ë¤&«§ŸaØBêÝ J¼gºÉˆíÃh#µŠ4^08À…vP½AØÉjÕª•=lÐ;¤šÉEw +ÐÕà@ÿ üŸçÀÈd’ˆYÐçô ' :²PÑ)Ö È(:™6AX)|FDbåðD ·.•ç º.RCJcâÅ- zJ§ŸUnd¿È~q¶¨ì‘š0ÒÉ;2˜\t7 ð¸…0 u¼zH‹, *ăÄ{ú‘·~„•}9¤¼ÐV~³ç…S”¨O*dì«·ŽwÞyÇæíó>oÁ(ÂHaÁ[ÊÁï2Ñ¢'ˆ¤›±Wˆ‚7µÛG·maÏ—Óö°º³þw‘šÒGˆ(óC™ßDüÎ íæÌMï)}D)˜»I¤´ã—ùä= «ÐçQÚ†éPè,Rª˜ËQ¯CÅ}à £'A’§tª7 lÑóèhœLÞRèsï3¥ö—v]#ÞƒÈÂ&ïáoÈaR²6Îqÿ®ƒâ"VÞó²_d¿”'Aùúvû¥.ÓÏ*1œ¤¤°WƒßþËð¢¼O/C¼«¤«`P‘JáÍ«ŽRO–Ÿ!Í -ý„ðà%ƒ(J²ÄQ I¾9ê‘ÎY>ý,Iâ(…$ÁŒJjtúY’¨«.!PYDj*‹·Þ&ê 8ö‹HM=I†úZ·ÄQ I‚•Ôèô³$QW]B ²èô³Êâ­· zB Žý"RSO’¡¾Ö-q”B’ ‰Ô$‰¦êÙD@ds\Ô*!P ı_"“švØÁ<ù䓵€ú êjÍߨ¤fÀ€æ /¬»qQ‡…@- °ãŽ;šûï¿?´+>ú¨éܹsèsI?P-ý—t?TŸ¨GâÌßȤ¦uëÖfôèÑööw! òƒÀ”)SLïÞ½ÍäÉ“+Þ訤f0M›6­xûôB! ÊC€ý4ØÝ»w­¨Z¤FöKèÐè!IâÚ/‘IM¯^½Ì¶Ûnkzöì™ÉŽ«QB@#pÍ5ט &˜«¯¾ºâE%5„—Zh¡Š·O/B |æÌ™c¸…>¬T‹ÔÈ~ ý]d¸öKdRsÉ%—˜÷ßßœwÞyÙì¹Z%„@ }ûö5­Zµ2GydÅŠJj&Mšd\pA³Å[T¼z¡¥#™ÔD)Õ"5²_¢ŒŽžÙC ®ý™ÔÐUÒC~øáÓ¤I“ìõ\-B`~úé'Ó¢E 3{ö쪠•ÔüüóÏf½õÖ3ŸþyUÚ©— !Pûí·Ÿ¹êª«L£FB+¨©‘ý:4z@dRì—X¤æ0—_~y¤ ™CG uˆÀ.»ìbŽ?þxÓ±cǪô>*©¡q_|±ùòË/ÍùçŸ_•¶ê¥B@ÄC`èСfá…6}úô‰ôÅj’Ù/‘†H Ì PŠý‹ÔÐÓþýû›_ýÕŒ1"3WC„€˜È ÷¿ <¸jðÄ!54rúôéfõÕW·íVB »<òÈ#fܸqfÈ!‘YMR#û%ò0éA!PuJµ_b“zzòÉ'›©S§š1cÆØhºvíj?üp³á†šM7ÝÔpl¢Š•G€c9²ùµ×^³ùíwß}wÕRμ½/•Ô°·fÝu×54ä쯽öÚ•UoBÀ"À±ÍO?ý´Ì¬¸âŠæ°Ã+ ™,Ù/% ¾$RC Iû¥dRãzwÙe—YcŠŸÅ_ÜŒ?>µŽ«b! æE`ûí·7ß}÷u,l¶Ùfæˆ#ŽÈ L¥’:@š+ÇPÿøã6íuþùç·{úŽ;î8Û?Nssvêó¿/.Â!yÁéa÷ÝwŸ!ÇBSêaAY!5²_2³D¨!uŽ@ÒöKÙ¤¦ÎÇ£fºÏ=!Q«#A RS‘ê%©#€—ŸäD7nœúûô‚ì"5R“]¤Ô²¨ _zôèa®¿þzé—¨ Õðs"55<¸qº&R-=‘š¨HÕîsÇ7gŸ}¶0`€éׯ_ívT= E@¤&"=tËþósÚi§Ùte•úF@¤¦¾Ç¿¡÷"5„4©IÕ|Õ¹ä’KÚMå¤,Íœ93_WkE@¤&Q8U™1ö°*§_J9¼B Ö"5µ5ž%÷F¤¦dèôÅ"ˆÔÔ·x¥6l˜5:¸¼ù”SNQ´¦ŽEB¤¦Ž?…®¥9óÌ3ôË Aƒ­IçõÔS¦M›6QªÑ3D@¤&ƒƒRMRúY bB]P¤&! ó^HMÞG0›í©Éæ¸TºUqH '9Ô¶m[sÚi§™N:Ù&/¾øâfþùç¯tóõ¾„©IHU#„@ "5 ‹€H! DjÒ@5u–’~öí·ßš•VZɼúê«f5Ö°Þi§ì©i·ß~»9î¸ãÌçŸnú÷ïoÿvÐAÙψäŒ7Î :Ô|ôÑG¦k×®fØ°aöøW•ê" RS]üõv!PëˆÔÔúGìŸHMD ôX,DjbÁ¥‡=p,ô`>ûì3ëtùàƒÌzë­gzôèaúôéc.¸àóüÃvØa槟~²÷àð ÏCdFmÈ®†ì\vÙef×]w¾UF@¤¦ÊP£¯WúYl Ý©)´ZüŠHM-Žjõû$RSý1Èk Î;ï<3aÂ3fÌÛ…{î¹Ç <ؼøâ‹öRÏÕV[ÍÜyç623qâDÓ«W/3uêT»gÁ´QÊÈ‘#ÍÀÍ>ûì“W(j¦Ý"553”™êˆì—L GU#RSUø³ór)…ìŒE-µD¤¦–F³ô¾”’~¶ß~û™Í6ÛÌôë×ϾxРA¦I“&ö÷§Ÿ~jÖZk-óÍ7ßX3dÈ3cÆ û{õÕW·—}.´ÐB fOÎ +¬PzôÍD©IFUâC@ö‹DÂ! R#Y°H)HÒ@@¤& TóWgœƒèicË/¿¼¹ùæ›íÊÎ;ïlúöíkvÛm7óÒK/™=öØüóÎ;æ믿6;Ý[Ãgk®¹¦yá…lªÚu×]gî¿ÿ~3vìØüVƒ-©©ÁAÍ@—”~–AÈHDj22Õn†HMµG 6ß/RS›ã·WqIÛ?Ã綾^Úüþûïöä3HLË–-Í_|aöÚk/3}út³ÑFÙÃî»ï>³ùæ›Û.ºè"©YguÌW\aV^yå¸MÖó) R“¨ªRDj$ ŠÔHRC@¤&5h3_ñ?ü`.¾øbóì³Ïš™3gšæÍ››m¶ÙÆôîÝÛFaÊ-¿ýö›ùî»ï,éñÞÇûEfÊE9Ùï‹Ô$‹§jB`nDj$"5’Ô©I ÚLULºcþïÿ3'œp‚½KæÝwß5wÜq‡Ù~ûíM»víìßùÙd“MìIdþù§¹í¶Û̲Ë.k¶Ýv[›«RÛˆÔÔöøV«wJ?«òÙ{¯HMöƤ*-RúYU`¯ù—ŠÔÔæCHþøãÓ¸qcÛÁfÍšYòÒ¹sg{WLÔÂ}3—_~¹yúé§ÍäÉ“M«V­¢~UÏå‘šZš,û%ƒT¡&ŠÔT謿FJ!ë#”Ïö‰ÔäsÜ µÂÑÊÏ?ÿ¼Ý OJYR…t±E]Ô’¥u×]×,·Ür6]mÀ€ög•ü# R“ÿ1Ìbd¿dqTªÓ&‘šêàž¹·J)dnHj¢A"5ùF—NF…{_6ÝtS›Rvå•Wš 6ØÀ¦‹¥]x7éj¤³q”óìÙ³ÍðáÃí…›¤³)]-íH¾~‘šä1UÆ(ýLRà©‘,XDj$i R“ªÉ× ‰ùì³ÏìÉbDEzôèa¾üòK{Tò±Çk[l±ä_³FRÞ¸|süøñæ“O>±'žÕùþûïm„G$'& Ux\¤¦  ë•B Ž©©£Á.ÖU‘ BˆÔ¤jru>óÌ3–(<÷Üsæ®»î²Ç$ç­L:ÕëLô¨W¯^fŸ}öÉ[ꦽ"5u3Ôꨨ "5U={/©ÉÞ˜ÔB‹Dj²3ŠD88^™¨ÆI'dÓÉ&L˜`/º¬D:YÚHªöù矛½÷ÞÛž¬vï½÷š—_~Ùl·ÝvöG¥úˆÔT j±J?«ÅQ-­O"5¥áVsß©©¹!ÍD‡Djª3 õ¯Üºuk›NöðÛ /¼ÐžPÖ­[7³ÖZkU§a|+‡=@O<ñ„%5´éj\à¹ÆkXR§RYDj*‹w½¼MöK½Œtx?EjÂ1ª‹'¤êb˜+ÞI‘šÊB>kÖ,³ï¾ûÚÌGa.¹ä’Ê6 o»è¢‹ìᜬvÁØ“ÖT*ƒ€HMep®··È~©·/Ü_‘É‚E@JA‚"5i úw¤’…x饗ÌC=d#?þø£yíµ×ì a*Åàtµ-ZØ»qˆlq ÂK,aSñˆh©$€HMò˜ªF~&øÿˆÔHDj$©! R“ ´îˆe6ÄcˆC`Ø;²ùæ››vØÁFTÊC€ÓÔ×'Ÿ|Ò\|ñÅ6Et5îäÙzë­Ë«\߶ˆÔH„€H‘š4ÑÍQÝŠÔäh°rÔT‘šò‹Mý£F²Ñƒ1cÆ$záeù­«ývß}wóÀ˜öíÛÛÃò^¸ä”‹Mý…”¼³Î:+°{.ñ•W^)«û"5eÁ§/ !‚€HDÄ" R#AH‘šè¨¾ûî»æ¶Ûn3³|Ì1ǘ®]»ÚMþløßxã£W¤'SA€t?ÒúˆÞ̘1ÃôîÝÛFÈvÛm7{9i^ Çw#[È•·p*Þ /ØK/½Ôptöå—_^V7EjÊ‚O_.€€N?“h8Dj$ "5’Ô© †–=AL\òû²Ë.3ß}÷M'«…#–SªŒTÌøñÃ¥¥¤«1¦Ó¦M3Ÿ~ú©¿¬ž®F[I±;vì|¸=h™!ªsÈ!‡Øä p|·mÛ¶fĈfÍ5×4o¾ù¦9õÔSÍäÉ“-ÁC–—]vÙyê©ÉˆðÖX3ä”­±-£;"5e€WK_•R¨¥ÑÌN_Djþ ^gäŽ7ΞPF:Ù駟®;T²#®e·„ã¢;ì0Ã!¤rõíÛ·ì:“®ààƒ6ì‚<»Ò£G³âŠ+Ú=Z7Üpƒ= œ‹X!3p€=LáöÛo7Æ ³û‹zöìiûq9òÈ#Í&›lbÎ<óLû›¨gÈ!"5Ižê D@ö‹C‘ÉÀ\H)H Ò@ žI QŽ&mi™e–1wÞy§M'ó¿üò˧·êÌwØþã?nÓ× -[¶¬ZKW[m5³ß~ûÍuWQ§N,AyñÅÍ믿nÞ{ï={¯{ˆÖ_}{¯Ï·ß~k ÎÇlzõêe:vìhV]uU{,öÍ7ßl§<òÈ#6ºƒìû‹"5Uö ˜¹< IDATš~±ÒÏjzxcuN‘šXpÕîÃ"5µ;¶ÕìY½"1ì…Á d? Q™7ÞxÃÜwß}6"£#–«)…Ùx7©jãÇ·÷âtéÒÅFïîºë.³ä’KšvíÚU¤‘jÒÅ -þô°óÏ?ßFié"JóÁ˜I“&™sÎ9Ǧ¬}ýõ×ö„¸ûï¿ß’Úùq…´6mÚˆÔTdTõ! ©‘ (R#HZ%5±ŒQJäå×_5K-µ”M#cöÑG:®zAm p÷Ýw›‘#GZ²3qâĹˆA=$õñ¸ãŽ3o¿ýö\ÕÿþûïfñÅ·ÄœC)ºwïnï;âp€³Ï>Ûpbéißÿ½éß¿¿Ú¬·Þz¶Í{Ò~øáöÿ¤ßqdM‘š4FQu !PEj$Ej$i Pk¤†MÖïË Rz‹,²È\ûeÒÀPuÖ³fͲ—rºÚ†nh–^ziá;ùä“MãÆ‚Â){×^{í<õuîÜÙîµÜpÐÏpGÏgœa<ð@›2סCi¢°—†44¢‘'žx¢ý¬I“&æ’K.)xy©ÒÏFUâC@ég ‡€HdA¤F2y%5ît2öðÿ€ÔRÊ8ÒO¶N'KMdTñÿ!ÀaDpHglÖ¬™ùí·ßìæ|"‚i¥«}ôÑGv¿W£FÌÌ™3-ÁñžâöÍ7ßØ4ö y?'Zùþûï›ÕW_Ý~·P©‘x§€œ²i šÏ:Ejò9n‰·ZJ!qHU¡16ÿïnÖ édŸþ¹5èH)ëÖ­›=^™ý0œ`Å*B Ú@jHíš>}ºá ¢:³g϶Ã<‘š<ŒRþÚ(û%c–V‹EjÒB6gõJ)älÀrÒܬ“<áSKDæž{î±ûT„@žxë­·Ì:ë¬c£‡Í !Ïj©ÉêÈä»]J?Ë÷ø%Ùz‘š$ÑÌq]"59¼ 7=K¤†Ó§HéaS?›¥IŸac4¿IéQyFÙæ42Ò%IŸ|øá‡í%šìËI+]-.^"5qÓóB@ÄA@¤&Z5ü¬HM n»V-RƒQǦg.$Œ(̨Q£ÌŽ;îhïÚàÞ !PËNyÅWØ}9mÛ¶5x³IWã8gîªAçWºˆÔTq½OÔ"5õ5Þ{+R#AHJ“61sR§6q´rЀiôSu ¼ ÀaGu”Ùf›mÌyçgOZ«T©©Òõõ¥ŸÕ×xë­HdÁ" R#AH4I ©c\øÊ+¯ØceI#ãX\.½ÔédÉ&^~ô„÷Ô«¤ßÂ;8*›£³RæÌ™cZh¡¬4'±v0š7onh&²ùïÿÛ,¼ðÂ6]2Ò("5i ª:e¿H"5’‘É@j$Ej0º0ÂZ·nm 1 ë=öØÃ`;í´“ÙrË-SëC*¾ð mitåÒî¸g‡åqË 'œ`ì-÷rQn¢_n¹åÌFm4WH—jÕª•Ùwß}ÍÊ+¯l~þùg{ñc¥ „øöÛo·—HR¸¨òôÓO7/½ô’mé‹È^­.Û;v¬•³ .¸ÀÊ$ó…^°ékI¤«‰ÔÔªôT·_"5ÕÅ?Ko©ÉÒhT±-R U¿†_©ážŽë®»Înæ¿÷Þ{ëòxå$IÍý÷ßßpbÑKŠÔrÈ!–„þë_ÿšëõcÆŒ±7rd1GWšÔp)妛nj¾ÿþ{Ãßk®¹¦M_lß¾½Ý|ß±cG›¶Uo¥k×®–ìý„è•SDjÊAOß-„€ÒÏ$‘É‚E@¤F‚qH GÓÞqÇæ¹çž³7”ï¾ûîv“?éelø¯çRˆÔ`|2ÄŒ9ÒF? Ž,œyæ™fĈf¥•V2't’éÙ³§= R³Ê*«Øÿo±ÅëÑ£GÛ£­ÿýw{K|ÿþý-܃6×_½œP0pý‘ê£"D9Ž?þxÑàxlÚÆžiÓ¦Ù6päpïÞ½m:×Í7ßl£l.}$å髯¾²'Ó5nܸÔÜ}÷ÝæÜsϵÜ9èáꫯ¶÷² [ °ÿ&bGÊÚi§6—˜`„Ó†Ï>û̶lxwP!ZDe:wîl®ºê*‹˜Ph¥ž÷hqz §¨½OÜ€èìºë®– F)"5QPÒ3B@”Š€HM©ÈÕØ÷Djjl@3Ò¨¤ùÃ0‡Ø`{챩îÝÈ<‘›QˆÔLž<Ùá¤Mq«;„²Ð¤Iû9Çürxц>øÀ´iÓÆÜrË-æ”SN±·Â³iüÓO?5믿¾õÂ;RsÆgX"CÚDó§Ÿ~2»í¶›#/©á–{ŽÈ¦êÆøç]ìÏ€@ñ.R—¦L™böÞ{oóæ›ošƒ:È’)ÆòB!½ð†n°ïºë®»ìv"5x`éËc=f¿Ã!DLúôéc–^ziû<¿ùÃúÖ[omÀ”¾,¹ä’R´Þzë™C=ÔFZH{ ê/ŸA¬8y±Åk¨‡t=ˆw™ÊßãÁ{ÿý÷Í?þhOS4h…fàÀ–lRH„TºÏ7ß|s+—Œ+2Fá7i~}.Ê‘ÍM! R#°ˆÔHÒ@ *©qï&JƒÄþ u ac ‘ ÈŒÛ{Bdá‹/¾°‘’_~ù¥Á „,¶lÙÒF¼0BÙüþÍ7ßXRQ!½ï°Ã³P3f< Y€@0(DÎvÙe—¹HÍã?n£:'N´Ïpê„ãõ×_$5Ó§O7…ÒÏ 37Ýt“Ý7D”É¥ŸÅ!J@¤†ÊÁlvØa3|øpÃþÊСCíÞ^RãÚLTï@†Ø'R¨¿=—~ædÂÇwzè!³õÖ[×­(t{j DðˆÚ@f‰F-ŠÔDEJÏ !P "5¥ Vƒß©©ÁAÍ@—â’o“Ù8NJ)hxâIMÂ"ÕiñÅÏ@ï*ׄB¤†2"[ìw¡°åÛo¿53gδÆ8†:㢳ÁXO9ч#Ž8ÂôíÛ×ôë×Ï’Ò‰\á@¢,D/N>ùdû17Õs °7R‚Œ‚F|yä‘ó"-¤¦Å%5D|H•cüy7$#šÞéÞëîcñ“šÙ³gÛ}X|¶>øàƒöļ þ²‡ÆOj8Uì!oõVˆì‘êÇÁ¤"/¤žA×^{í’à©) 6}IˆˆÔDªÖ©©õ®NÿÊ!5þ“þÃÏ?ÿùOkÈsžb o<÷µ\0¬1Ìo»í¶†n6jÔÈ~F$cè )bD-ˆÆ°…[å¿ûî;‹ÑŒ3l D€h˜½óÎ;6=´5nŸ'rCĆý%Ë/¿¼­ƒº‰úp2!/©¡ˆ'uó›”²e—]Ö’+ÞE½{ H DŒˆ‘Û§â:©ápRàèý#=¬C‡vû9Hâ}ìÍèxI ÄŽ”¸I“&YBGÛ8²ù ê/‘ÒˈNA¤)_~ù¥Å‡ôµZ.¤“AH9N»S§N6½Œ4FÆœ“ŠR‰ÔÔ²©oB úˆÔT 2Ñ‘šL CÍ5"IRΕW^iÓ•0È0|Ù A†<'qmVRÃ|o!âB4eçw¶©WÎ å1<ê§/¿ü²ÝÏzö“xt†\|øá‡C“º!Löœ°¿ÒYàHßE]Ô£îÝ»Ïs‘³óÏ?ß>Ó¢E »ÿ…=lÆg/Ê2Ë,c6Ûl3ëá‡ÔBq‚ä@NŠ‘R0¨9„€4;ˆûhØ£Ã^™‹/¾Ø~¾âŠ+Úö±/Ç[ˆ2‘¦F²6D¡‚úÛ´iS{*Ü +¬`÷"Qè?îÿY‘‡$Û£€(äòé“$ßC]"5I#ªú„€ð" R#y°ˆÔHÒ@ mRãm3F+Ñ H ä/?^yR¬j¹°ßT!Œr¢+ÞÂ~ˆ¸„ˆÑ ‰+`‰·žz‰r*D4ˆ­ºêªsðÀg”fÍšÍõU(Ÿ¹ˆHXÛ _ìó¡´‘ý6 ·çŠ“Ոظt;o}¤ÞA|h›·ê/‡"øÛÖ¾<üÌد†ò ™ü‚g¥îߩɃ¤¨B ¿ˆÔäwìm¹HM¢pª²ÿC ’¤Æ:‡ Áp'©‘jE4‚´«ZOW«u„À™! BEDŠã˜KÝëQkxAFÝÞ!N"ãÿÜk®¹ÆÍþ¤j‘šj ®w úA@¤¦~ƺhOEj$i PMRãïQ.wÄÃOªikD ð䳄t+•ü Àxm ±ÕV[ÙHM½¢uD_ˆ¦} ÒÙƒD++E¤&+#¡vÚD@¤¦6Ç5v¯DjbC¦/D@ K¤¦PsÙÒ¥Kë½æ® 6¢«< píµ×ÚËQ‰J¾ýöÛ6E/ËE¤&Ë££¶ ü# R“ÿ1L¤"5‰À¨J|äÔ¸&sG—Iry¤;Yã‘ÙD­t5‰vµ Œ¢/lê'¥ BÃ^!RÊòPDjò0Jj£È/"5ù»D[.R“(œªìÿÈ©ñ—=²‡'Ž%æhaÒÕ^yå³ñÆ×ÔéjØl!aá¸jNj#Œã¯§Nj¿àrÓ¥–Z*[ ŽØ‘šˆ@é1! JB@¤¦$ØjïK"5µ7¦YèQžIM!ü8a‹½9xǹ[…#‹U„@p§©55j”½t´–ŠHM-¦ú"²‡€HMöƤ*-©© ì5ÿÒZ$5nÐ0<¹Ò2À­ë­[·¶©j¤©b<ñÄ6Œ“ÜÎ<óL›N©áHéjN–öˆ‰Ô¤°êõ€HM}CïEj$i PˤÆ׋/¾h0T'L˜ÐpyåìÙ³ÍäÉ“ErÒ®ÕÉéd'N4mÛ¶µéd\hzꩧÚt2.Q]gurÔ›Ò›*RS:vú¦áˆÔ„cTOˆÔÔÅ0W¼“õDj‚Àýá‡ì^Ž‘îÕ«—½'D¥~àÒÏvÚÉîËêÖ­›¹êª«ê§ó=©©ëáWç…@êˆÔ¤q>^ R“qÊ[+ëÔxÇkÊ”)6=Ã8Fzøðá6Umÿý÷¯O}Þä7N{‰¾<øàƒæ©§ž2ÈýB -dïÐ!BS«édqðáY‘š¸ˆéy! â R­~V¤¦†·Š]©) >Þ{"8¿ýúõ³ÇH“ºÆ±ÒìÉaNªdRÈ /ì©Z~ùåí~˜ž={ÚÓÊ8@"/G,W]‘šJ#®÷ úB@¤¦¾Æ»`oEj$i RU¼ýl‡ìÜ|óÍ6e‰Âž ‘œxX¦õtÿþý͹çžkïŠ!,ë^¦…C)õŠÔ”‚š¾#„@TDj¢"UãωÔÔøW©{"5¥ÿÉ'Ÿ˜VXÁ¦«õîÝÛ|øá‡6]­oß¾¦yóæ¥W¬oFB`ÆŒæÚk¯µR"4Ó¦MSº`$ç}H¤¦Dàô5! "! R ¦ÚH¤¦öǸ=©IuŽ&‚Ó©S'³Ùf›Ùt5"œœÕ®];ErÊ€šHÇ+Ï™3Çì²Ë.6ì†n°D’T2í‰)\ÏWEj’ÁQµ!Œ€H$Ã" R#AH‘š4Pýÿurš€>óÌ3æ‹/¾0-Z´H÷…5R»7c¸9¡ bH¬C‡5ÒËìuC¤&{c¢ ZB@¤¦–F³Œ¾ˆÔ”ž¾Z‘šÊ  4nÜئ«-¸à‚ö”=öØÃœtÒI•kD†ßDfØ°a6"CÁÀ&ì믿6K/½t†[^;M©©±TO„@©Éâ¨T¡M"5U½^)RS½Aæt5.þ<þøãmªÚ|`n¼ñF‘`oN-<@$† ¢ž|òÉ6ìã?¶{d {J'«Ž\ŠÔTw½UÔ "5õ2Ò!ý©‘ ¤€HM¨–VçO?ýd.ºè"{$qãÆÙ¨ikË,³L®I"UD¨ø÷b‹-fÚ¶mkÓÊH)SÉ"5ÙµBÔ*"5µ:²1û%R0= ‘šH0Uõ!N÷âð6Ä8Ðtìرªí‰óòQ£FÙ£¯¹ßç½÷ÞSYðªð¬HM@×+…@! RSGƒ]¬«"5„4©IÕtêätµ_~ùÅn”']C>ûì3›ªÆe Õ,ît2í# CJÙèѣ͚k®i¶Þzëj6O€HMD ô˜%! RSlµ÷%‘šÚÓ,ôH¤& £PZ؃sË-·Øc¤{ôèaHW{õÕW͆n˜jº„å£>2«¬²ŠM';üðÃÍôéÓm4‰/¹ä’¥uJߪ*"5U…_/5€HMÍq´ŠÔDÃIOÅC@¤&^yxúôÓO7#FŒ0Ûn»­¹õÖ[MË–-k6idýúõ3Ï?ÿ¼¹úê«Í~ûí—Xݪ¨úˆÔT Ô!PˈÔÔòèÆè›HM °ôhdDj"C•»9p€Ô¯VXÁ¦«í¿ÿþfýõ×·éjü+ît2ÒÉÐ=§žzªM'›8q¢MS:YîÄ!RƒEj"Á¤‡„€(‘š«µ¯‰ÔÔÚˆf£?"5Ù‡J´bÒ¤Iæ±Ç³éj=ô=a ‚±ÊË[laÓÉ 3ƒ¶éd]ºt1k¯½v%š¨wT‘š*€^/j‘šà¨Ý©‰Š”ž‹ƒ€HM´jïY.¼ìÚµ«!2ÃþN+S©_DjêwìÕs!P Dj*rÞ!R“ƒAÊaEjr8h 7™ûcúôéc®ºê*½Q©_DjêwìÕs!P Dj*rÞ!R“ƒAÊaEjr8h 7yøðáæì³Ï6 °‡¨Ô/"5õ;ö깨"5•@9ï©ÉÁ å°‰"59´„›ÌñËì­iÒ¤‰™9sfµ«ºÇ-ñV‹Ô$©*4ƈÔÔ§<ñĦ{÷îfĈ¦[·n §ŸÝzë­æÄO47Þx£iß¾}}‚Sǽ©©ãÁW×…@©©Èyx…HMF)m©Éߘ©ÅB -DjÒBVõ !"5’‹€H! DjÒ@Uu |" R“ÏqS«…@^©ÉËH¥ÜN‘š”®ÓêEjêtà}Ýv—o úF@¤¦¾Ç_½i# R“6Â9©_¤&'•³fŠÔälÀRjî"‹,b P©oDjê{üÕ{!6"5i#œ“úEjr2P9k¦HMÎ,¥æŠÔ¤lΪ©ÉÙ€©¹B gˆÔälÀÒj®HMZÈÖw½"5õ=þ®÷J?“€€Hä@4©IÝÕ-R“£ÁÊQSEjr4Xjªøì”Õöõï‡ ˜ž˜³O1¢ ¨` D%P`Î "‚ˆ$EP0 "’Äœ@E `FAÅŒ9¢>Äô­ßyÿ;¯hª™®™é}×bÍÐSuï¹ûVUŸ]ûÜsòŒ€HMžV÷B åˆÔ¤üðÓ©Ñ…DjòªúÉD@¤&™ë&«…@R©IÊJåÙN‘š<œÒîEjRºðÓVø™®©Ñu „@>©É'º ê[¤&A‹• SEj´Xy4U‰òn‚º©IÐbÉT!@Dj¸hù0Y¤&¨ªO‘] R£ë@J®! ò€HM¾NHÿ"5 Y¨„™Y¤¦OŸ>nÆŒnéÒ¥nÚ´i†@·nÝìíÚk¯µú<¾8´k×Î1Bë•Ðëvøðánûí·w½zõr 6¬ðSHJM…¡Ó‰B@䀀HM ¥á‘š4¬ráçXQR3eÊwØa‡¹•W^Ù}úé§nà 7tk®¹fá' …€p .t³fͲû±AƒîÏ?ÿ¬*"5‚M' !#"59UꇉԔú g~!5ýúõs»ì²‹kÑ¢EqŒÖ¨B@¬HÍgœá† )‘šHpé`! "" R°R=\¤¦TW¶¸óŠJjÚ´iã5jä.¾øââ®Ñ…€X!š_ýÕ{î¹9#%R“3T:P RSÐJñ‘šR\ÕâÏ) ©ùûï¿]Íš5-ÄEMø#pË-·¸u×]×5oÞ<'cEjr‚I !PADj*\©&RSj+ùD!5™êÕ«ÇÃpY!„@NÀ#×=6"59Aªƒ„€¨ "5®ÔN©)µÇ|r%5sæ̱´¿dXRB 9üóÏ?nñâÅ9,R“L:H " RSAàJí4‘šR[ÑxÌ'WRÓ´iSK{ÀÄÃpY!„@N|ñÅîñÇwmÛ¶-÷x‘šr!ÒB@T‘šJ€WJ§ŠÔ”ÒjÆg.¹’šzõê¹×_Ý­½öÚñ1^–!P.¿üò‹kݺµ›4iR¹ÇŠÔ” ‘B ˆÔT¼R:U¤¦”V3>sÉ•ÔtéÒÅÝ|óÍñ1\–!3(¬O<ñD¹Ç‹Ô” ‘B ˆÔT¼R:U¤¦”V3>sÉ•Ô¬²Ê*ŽjB@$þýûç”ÚY¤&yk+‹…@’©IÒjåÑV‘š<‚›â®EjR¼øšzjøã?ÿÊk"5å!¤¿ !PDj*ƒ^ +RSB‹£©äJjî¿ÿ~wÚi§ÅÈr™"„@®ˆÔ䊔ŽB ŸˆÔäÝõ-R“ ÅJ©¹’Ò9“V­â€ß_ýµ\ñÒlŸW|¤tœI1XþeƒÍöy:P Ÿå%—\⮽öÚr!RS.D:@J RS ðJéT‘šRZÍøÌE¤¦ê×âšk®q?ÿü³»ñÆ—éüùçŸw;wvÓ§OÏúy“&M\ÇŽ]Ë–-«Þ° öøý÷ß»m·ÝÖlºóÎ;+ØKøi'žx¢CüôÓOÝV[meAòöÙg7cÆ ÷Ûo¿¹C=Ô]zé¥î˜cŽY¦œt Kf:ëþ󫮺ÊÕ¬YÓ}ûí·n£6ªR»“Öß‹-*×l‘šr!ÒB@T‘šJ€WJ§ŠÔ”ÒjÆg.¹’š³Î:Ë5*>†ÇØôUW]Õm¼ñÆËX9`À÷õ×_/Gvüç×_½©Ÿ|ò‰«]»vlfxÆg¸GyÄýûßÿv¯¾új•Úµùæ›»¯¾úÊAø5jd}Oœ8ѵjÕÊí¶Ûnî7Þpo¿ý¶Ûf›m¬øk°5kÖÌa[&ÙñŸo±ÅîðÃw²´7‘š´_š¿ˆ"5ñX‡¢[!RSô%(Ir%5qÎ~ö矺+¯¼Òœá_ýÕ]}õÕîœsÎqÆ ³4¶Ìqîܹî”SNqƒ r[n¹¥ëÚµ«{àÌQ¿é¦›Ê”Þ½{»©S§ºvíڹ뮻Îýë_ÿ*[wšöÚk/·ß~ûYŸ›nº©9Õ’üÑÝvÛmŽ"¥x 3fŒÕôA-àX”l;÷Üs]óæÍC?ßyç­Tž… .gc­Zµ\‡Ü‹/¾è¾üòK‡ó~Çw¸ÝwßÝì8î¸ãõ„P5¦L™âÖ[o=7tèP+˜Êg+­´’{î¹çl¾ôuùå—»×^{Í5lØÐÝ~ûínà 7\î‡ÄuÔQî–[n±=UÔ<¡zê©F¼ºuëæ{ì1K÷=vìXSEÂúEuÉÄå`“M6q|°kß¾½­ÊK:u Ûúõë»N:™ºõðÃ;ŠH^|ñÅî•W^±¹=Ú½ûì„}ÎÚ3_Öâ½÷Þ[Î.T‰™3gºn¸Áúg.o¾ù¦[²d‰­#×ÓÇlטCºFŒad•kU fÍšåž~úi׳gO÷ù矻ã?ÞˆkfX\1 Ê~VLô5¶‘] †€H.„| P ¤†p#Ô ”œpœoÞΣ ÞÑÁñ%´ çŸP'~‡à°¾ð F<ÀÒÃ1ô !ðíƒ>p;ì°ƒ#¼Œb†{ˆŽ/¡Nì]àˆÖe—]faUô3~üxû9gÎwë­·†~Á7nœ9Øa6BÂP,pâ!Ì÷©§ž22‚“ÏX8Ú„‰A  BÆÀg¼W¯^n=ö0òÓ·o_SCÀ2…ãlìÿÙ{ï½ÝÙgŸmN<øøP.¯¦0>ªÊ³Ï>ëvÜqG·ýöÛ/×/Ä. [Hkrì±ÇºÕV[ÍÖòôòË/»o¾ùÆ~úéFrÀƒ¹ïºë®îè£vmÚ´1’^Øö9ëÑ«[·®Á0»øx£B5hÐÀ 6Ýu×]Ö7dg§v²c 4,| IDATŽGq„õ ¹áúÁ>Lÿ‘Géî»ï>[® H"k—¦DqY Ù!Ò€HMº×¿lö"5ºò@®¤&ÎÙÏæÏŸooäqêycÎ> ¿o§søðáF(p®Q pÔ‡ boÒ9g„ öƃ 60•…7í8°(-ÁÆÿ=zر8üB£PXppqÜQ~Ó9r¤9ù~ø¡íç@]`oÈìÙ³ÍÑÎüü§Ÿ~r\p)tP¨¯¿þº[guÜ?ü`dGÅ„µ!̪mÛ¶âÅX(SØ@µ‚Ð@òP@ /üíüóÏ·é¡hðw”­`ù玅\œp F÷Ýw_›¿ŸªPãƳö;pàÀPlQ6P_ ØÌqiÓ¦1D]AUB[ˆ#ð,„p°–Ì/ìsÖ”¾P²^zé¥ÐùB:PT(,Ëõ1{ÿý÷àñ;’ë%Æ“fHÜþó#`ï¼óŽ©_\+\ ¨;4ú„ø‚W\šHM\VBvt# R“îõ©Ñúç\IM\³ŸöE¸êdeÒ¤I¦´àXÞAà­;J jN:¤$¸‡µB€"I€ð°Ÿ#Ø.ºè"·îºë9âo8³~¿4*¡Xk­µ–‡É¢¶„m°Ïüq#)ýúõ3e"ÌFT œhÆ_c5Œ¸¬¿þú…í8ùØ„úÂÀOOÞPh<ÑÃVB¾Pk|ƒX àøFøгêÕ«ÛǨ3„ï¡1* ²D˜ÞŠú Ãö°Ã³uØl³Í\Ÿ>}l} K'Ÿ|²EÔ.~2&¡}„£A@h't’ý’ö9Š ®aó¥/T"È*áoü#´¥…µ€¡ô@Ij0oÞ<#T`)ûî»ïŒòû¨|#ÄyÅ¥)ûY\VBvt# R“îõ©Ñú礓ÂÇØd l Eg¢‚3Š£L8Äá¼óÎ3¥ƒP!~¶hÑÂjBÈp„ ß‚ˆpŽ8Ê*!^8ý8²8ã„=óÌ3šÀ^°`ý­{÷îEx„Š&BÕÎ<óLSbÂ>'œ âˆê„ƒf#*’ßãÃÞ ÂÇP]î¹ç#((&/TH :Ž9{ap¼iÈ DˆýCö’ œ Tp.sË £ŽÊľ æƒB‚"†ýÙúe_L&¶("ìëaíjÔ¨a$ ¥Œð<®IÖ‡=Ž¸‚Ýšk®iäU„š‘ ûœ00p@IËfEhÿý÷7uòCûh t„•±~„·RF_(6„ŸZáãºâcoØ Ða?×ZœšÄi5d‹H/"5é]ûef®ð3]ù@ WR×ìg8¶d¿bÏŽ(Ê Ž*oÒqÊQE '¨8¬|ŽƒMØÙâÅ‹mß N:Êo³ ë¢á,£@4اÃù¼‰‡l ŽÐ çúÆÿQW8G—†‚ÀOø–WÂ>'Ô õ§™~Âl¤Oœì&¤Ž1懲9ãʈñ ¨OÂêh>ø ‘6xp Jd å¢Ä8(A`êDûpú ­bc=¡}¨àòä“O†ö†-JÖvÛmç~ÿýwÃbB¨!x-’rÈ!†óƒ@òŽ?”7È$ŠYØçÌé³Ï>3²šm¾ˆáwQT=l‚°Òøì­·Þ2båñäZ€ÜúP>Žƒèz¥†<Ö$ˆ[>îÛ¨}ŠÔDELÇ !Djòjû©Ià¢%Àä\IMœ³Ÿ¡B°gG™Ÿ(8¿+j8æ8ÿÁ4Á¨¼á¯*‡;p~ ‡ fÂÊöy¦½a6–wI…šCH 높٠8ý[o½u•féÊÖoU` ‰!œŒTÍÁ–íóà1/v£®±~ŒChaµjՖÓ¿qVÕµSÞ:Gý»²ŸEELÇ !Djòjû©Ià¢%ÀäR 5 €Y& ¢" DE…_ƒ !ðˆÔèR0Djt!ä\IMœ³Ÿåõ)J ‘šRZMÍE$‘šä®]•Z.RS¥pª³ÿC WR×ìgZH! ÊG@ÙÏÊÇHG!Djòq"F©IÄ2%ÎH‘š/Ùßÿíø§êð‰»ÈdpÑP¢€¢/ B€¨£عª–zDjR ä€\IM\³Ÿå”@§d#MoeSôž}öÙ–Yl^qj>55[¨“kûúë¯-û›ã+Ó(::vìX×±cÇœº!3YÙŽ<òȬÇçrLNƒ•ÐA"5%´˜šŠH0"5 ^¼ª4]¤¦*ÑT_\IMœ³Ÿås5«ŠÔ@ !5Ô[‰Só¤†=QÔ(²º‘¾¸²¤† oà’k?¤K&3D([Ëå˜8­A!lQö³B ¬1„€(‘šòJÉßEjR²Ðž¦HÍÿï½÷Ü駟nub¨Q2xð`÷ÒK/YÉ­¶ÚÊŠ=ò9N3)“ï¼óN+€‰ÊqÚi§Yµ{ÒýR…= ¤T¦ö B½R©¡® Îß{ï½Ý¤I“um.¼ðB«AC M6hÐÀjäÐu\vÙewóÍ7›¢Bjí`3Å+©C ’šE‹Y째%ýSŒ5RöØcYJŠn’VÙ“æ‚}ØJ¡Ê°>¨aÃù`J£æÍ¡‡j…J)pIíÆ 6p bC}Š«Rû¬©/Ä\QÑH¥LALÆCáÕ(øøö+ØpJP0¨5+@@¤F—‡! R£ !äJjÒýŒ"ž{íµ—©)W\q…9ÃàlÙ²¥»÷Þ{Ía¦ŠC† 1RÔ¹sg õ¢ ŒB˜Ç=÷Ü㸠5’F¹~ýú±ÁŽ°>¸Îî¾ûî²0¾-Z¸ãŽ;Ί]RØå‡ú:¾Íž={9l(| ®`wß}÷™3f̰⡳fÍrÍ›7·" Øé\FÁ/÷Xú©‰Ã*È! Djt ˆÔèȹ’šRÏ~FQGœj (ÜÉOäwÞyǪÜùå—¶§œrŠ’ ØtèÐÁ>GŠ4¢Ì@ˆpÀi^H ÎàÓ'xݺumŒm·ÝÖ”UÓ¦MM± ¶l¤æÛo¿u{©¨)7¶B›*T ‹B¶øû§Ÿ~j êF¦$5‹«®ºÊÔ(ý2>DˆÏù?Ê„cuÖ1µvÀ¸qãÆÙ9( Klò§ÂÊz÷îm•ï}C="Ô릛nrûï¿ÿ2×{Ôlºé¦îÑG5U‡vÐAYxW§N,ämŸ}öqä­ùì³ÏŒ@Aj®¿þzS… qœ) ë#“Ô@~ \ÙHM6l˜¯',E”(ì{ˆáŠHMyøy"ZŠ% (ÅUÕœ„@ò©IÞšåÅb‘š¼ÀšúNs%5iÈ~F¸ûE7CíXc5,d,ŒÔàŒ³ÿfúôéæà£Ø àp.* ê$=0}úô1R€"qì±ÇšNHdèС¦rÆø„ª3{uíÚÕH ¡fŸÖ­[ÛÿGeäëòË/7"Ř ,0’ÅþȤ e %BR©¡/ž3„’q!v»«¯¾ÚH›Í!c™ñãÇ—í©¹öÚk-íÍ7ß45(¬öñp qÌ?þhŒ3ÆH d23û!zaØÌ›7Ïpàß{ìa¡‚üƒØ½'5þ˜¨ø¡@•b©)ÅUÕœ„@ò©IÞšåÅb‘š¼ÀšúNs%5iÈ~†# é ¤ §lاrÇw˜ú@ƒ,àˆã ³9gžëì½AA t½(ú9üðÃ-L-˜Ò™½%¨~ø¡…ƒâ†òÂfwHC0 j á]4”’@jPH@È„òžˆ õÙ£B¨ªÑ‰'žhêû]PH‚-˜Ò{A£q.d…P²>øÀÆúùçŸÝúë¯oóŸÒ™½: ¶mÛ:öÊ„õA8²Ä>æØ­[7;ž~ €Ó¦M+3= (E™Øĵ Ò bÀBÈßØóþDÁ¯TÊ~Vª+«y d! R“¬õÊ›µ"5yƒ6Õ‹Ô,»ü8è¼íÇyÏ¥¡d@ ÈŽl|ŽºÉ)¯}ôÑG–ÍÌg$Ë<RÀ~™`ƒÌ¼ÿþûn›m¶q«®ºê2#œŽP7Ô¦(±P™87ÂÆ^BãØ7T^ËÖ¡k¥Ì}CìO‚¤…Ù† ¡l´5jØZñ°c\&{£‚ÇT¿ò昴¿+Q@ÒVLö ÒD@¤¦4×5ò¬Dj"C¦r@ WR“†ìg9À¥C„@"©Iä²Éh!PrˆÔ”Ü’VlB"5ÃMg­\IM©g?Óu"Je?+åÕÕÜ„@r©IÎZåÕR‘š¼Â›ÚÎEjR»ôšxŠP¢€-¶¦*bŒ€HMŒ§¦‰ÔíôŒ•+©)Fö3ö`°9½V­Zy_öŒÐØ£–|·"¹E¾{x¸Nã^ãF¤&ßW‚úB DjrA)LjԤ`‘‹0Å\IM¡³ŸQ …"d±"¥r>Ù²æÎk)”)°I­K/½4C´O²µ1§Ì ù5âÿ#5…B ixR1“ü€ìkQD’á ©F=?ìxÈõ½÷ÞëÎ9眲?Oœ8ѲבÍnĈV‹È.­Š1«²e?«J4Õ—E@¤¦¢È•Øy"5%¶ 1™N\I uGúöíkEóÕ‚ÕéK…Ô Œì_Ô‚!£Z±1©Cšå(tÎÔÍ!%vÔÆ5CêmHkU5Š©Rdôí·ß.ë’ÔÙ¤í&5u£FbMj”( ª®õ#„@e©© z%t®HM -fŒ¦’+©)dö³/¿üÒjZ˜7õD$05c¨C cŠ]Îœ9ÓwÜqŽMÐÔ:¡æ õSyäKÉܱcG+8ék®´oß¾ yRï»ï¾–˜‚‘°DâççŸnoä):I£ð%‹ʧvš_­ZµåV‘0Mš4±*÷Ô—¹å–[Leâ<ì¦H$møðáVÀ’°: Hn±Å¦¬pÌã?nÇ 0À‘œ¡S§NVÛÿµ×^³Z5·ß~»©0÷Üs¨Äy¿æšk  |Ro†ßo½õÖelDÁaì9sæÑ`^Æ ³ú:\¨VT•-·ÜÒ¡–@.©ŸŽðœ1c†ëÝ»·›:uªk×®+…D…5²H Í9ôGŠ†n¶ÙfFN8áKå̃JŠBÓ¦M-tŒ5;æ‚"ròÉ'».‡)ã0×Áƒ»š5kº­·ÞÚÒ_3·lí¥—^2Uì˜؃)s¤^©«™#³æ\[\G(2gœq†]c't’©IŒ>^©¡¾ª9²6ØØ«W/«ñCM0…°5oÞ¼ O‘š‚À¬A„€(‘]"†€H.„| +©)dö3ê–Ò3nÜ87aÂs qvq0q)ò±A]¡ $N?dg‡GÿŠ+®0G}úôéŽZ'8°8ɾ±‡òäÉV ¢‚“ÿÜsÏ9jÌPlµã×_u;í´“9þžÔàœg*jÕœ~úéVµ€ñqÂqêqŒébBÑNœÛ¥K—Z1LzœN k2goþ!k‡z¨Í Ra¨íµ×^FæŽ?þxë›yáŒCÔ˜óÅÉîóÀA/ð„„P‡†ã©õ™€´Bâ(jÉôÏ|ø‚¡|á…¬à%ó‚¤p ¼/n™y}B!™àù™={¶ýĈÊ×_m$á“O>q7Þx£­9ã˜#Ž8Âl…Ì0wä! SŠvBú˜3ëENˆ˜‡µ ¸wÜÑ®]wÝÕÖŒŸÌ 5ãyÛ³gO»(¤ é„Ø kGAUæǵÅõ©¨¶nÝÚæþ¬¸±¾¬E\Áë{Á¡MÙÏ ²ÆB <DjÊC(%©IÉBxšq$5@€CËÛnÞšCPx£Ï›xöIðög“Ÿ8—8™ìÛÀ¹†ñvGBC?ß|óU¬Ç¹&È ?Cµ¹í¶ÛlpüqFq˜9Î;ŸàÅ[üÌ}>쯀¼óÎ;æXCÎ=÷\{#OCqA:öØcM±Àñö/+PœxÓ_·n]#28ÀÕ«Ww(V.ÔóÏ?ߎ‡\m¼ñÆæ\ï¹çž6÷Álçà8ó;z°QŒrÊ”)æP3sò{N a! ª Diï½÷vC† q+¯¼²)fàˆªA¸*ã@(`*ðð$eÑ¢EŽý+(H8{†5ß Rœ‹Í„¤¡ì€ÿo¼‘õrô˜€ë¤I“ÊBë°›P<ö¢0gæK›7ožaˆjÆ8 ìcŽÙ0Bò<¦¨v0Í–ýŒk‰=2(^4æ Ä.+ÄÎgÝ#”B¼æVDj ØG}´©7¬}¡Ö¡q]¢„Ñ J:‘šª|š©/! ⎀HMÜW¨@öI©)Ð)&WRSèìgÙH ËƒÓ yÀéfŸoóy‹ˆJjP‚ø—™(À““è pBq†ƒY°° 2Â>˜ñãÇ›‚BXä…p3µxó_¿~}GøoþÙ#BÎ4÷7o÷!=öŠÆœ Œ‡‚ÂþÔ”ÂP§ØïS¾dÉsò±™ìq(3„GÍŸ?ßœuìG)`ï D‹ã!;"úC%â'aWd1#¬ý$œ )à8lÈÖ H„…Ñ/*óC"” ÒǾúàó… Zèá¬+¡Y(àÅ °0L±ŸýTybßL³5Ö%âÆOÈkÑ€xJÆž(AHXeö¦Ôp Êûª|H"JÍ믿nزv„!Bxn¸á†‚‘e?KÙƒ]Ó1E@¤&¦ Sh³Dj x:ÆK ©àhÒ <ì[  §GåÀ¾ÞÞóvœ·ì+RjQÂéljũfÃ>á_4_wœOH ʪ!MŒ·æšk–] „µAx¾úê+#„Máüsp8œbT ”~§áàû=#özÐÇñ¶Â…óLãÊ Ä‚ý@ì³Øàœ£N@ju#´ "ƒ¢…cä86Ò£: Ê°QÀ¦wÈ s}óÍ7mì'$‹9ž¡@ýƤáô{µ#ón b³ •B6ôE¸v±V(48p€Ð± …†=)7ƀĆaÊ|<\ì©b}ek$i€lq¨L(Y„BrÀåŠJ®eÆ…„¢°¢)Q@!PÖB@”‡€HMy¥äï"5)YèO3WRSÈìg¹@À¾TB~*ÚPbhåõñaó|® ûè7Ø+ñ…Tààû0/ HIfƒ¬°éž¬^8Ê4BÊP' _d‡ó \ X™ód°ï§›†ZŸªzEÖ³O‹ýCjB@| R“TاHM-&çJjØKPÞ¾“LW& Ô!À~Rg“dA¤&u—‡&, Š€HMAáŽï`"5ñ]›$[–+©áú+Tü’ñ”íB ŽÅ.—:g"5q\=Ù$J‘šÒYËJÍD¤¦Rðéä,äJj¨³Aú\Rðª ! 3š\šHM.(é! *Š€HME‘+±óDjJlAc2\I ©¡B]5! ’ƒÀñÇoõ2ÓT‡Í@¤&9ë*K…@©IâªåÁf‘š<€ª.]®¤¨( I±KŠ0ª !úôécYÖ(æšK©É%#„@E©©(r%vžHM‰-hL¦…Ô`ò'Ÿ|b׃c2™!„@êá<ñÄîºë®Ë‘šœ¡ÒB@T‘š €VŠ§ˆÔ”âªNQI·˜ ë¹V/þ,eHýõ—ûý÷ß#OZ¤&2d:AˆÔD«”©)åÕ-ÞÜ*JjØ[S§N×µkWGÌþöÛo_¼Ihd!rHÛL©ÉªêS¤F×@ÿþý]ï޽ݕW^é.¿ür’bDjR¼øšº("59 CˆÔ$a•’g£HMòÖ¬ª-^gulS9!K .¬êîÕ_‚©IÐbÉT!@Dj¸hù0Y¤&¨ªO‘št_¨4}ûö5RS£F ×¹sg©5)¾$DjR¼øšº("59 CˆÔ$a•’g£HMòÖ¬*-ö*ïSjMU¢›¼¾Dj’·f²X$ ‘š$­Vm©É#¸)îZ¤&½‹Ti< RkÒ{=0s‘št¯¿f/ò€HM¾NHÿ"5 Y¨„™)R“°«Bs×^{m·ÒJ+¹5ÖXà 8Ð]tÑEnÑ¢EŽlhWUK"5é[sÍX‘šB¢ã±Djb¼8 6M¤&Á‹W ÓŸ}öYwòÉ'»¸O<±¬§1cƸK.¹ÄÝsÏ=®qãÆ•A§&‘š$®šlÉA@¤&9k•WKEjò oj;©IíÒ/3qŸÒYh¤‘št¯¿f/ò€HM¾NHÿ"5 Y¨„™Iòþù'aVËܪFàè£v\µt#À÷ÌQG•n4{! ò†€HMÞ MVÇ"5ÉZ/Y+’„€ž/IZ-Ù*„€H&"5É\·J[M@«V­Ü Aƒ\»víœw:FåÎ?ÿ|7~üxפI“J£„€×\sëÞ½»€B@!7Djòmü;®Y³¦[yå•Ýª«®êæÏŸïÖ[o=·xñbËND±<5! „€B@!Dj’°Jy²‘Jß¼=]ºtiÙÇëÑ£‡ëÒ¥KžFU·B@! „€B j©©Z<×*Í’%KÊì¦8^ðÿ‰› B v(ü,vK"ƒ„€%‡€HMÉ-i´ Õ©4Ñ°ÓÑB@䆀䆓ŽB@Š# RSqìJæL¯ÖH¥)™%ÕD„@¬©‰ÕrÈ! „@I" RS’ËmR¨5W_}µ#DD{i¢a§£…€(…Ÿ•‘ŽB@Ê! RS9üJâl²qÆnĈŽ4JI IDAT5! „€B@!$*MjìÞ|óM7sæLW«V-7uêÔ$Í_¶ Ä#pຟ~úÉíºë®öï¼óÎKüœ4! „@¾ÿ’o„Õ¿X1Uí¿T˜Ô<üðîeË–V¨±^½z®~ýúöOMÂ#ÀK…·Þz˽û/êxÀyä‘…7¤ÄGüí·ß¬¶“Íh ­ð³hxéèü" ÿ%¿øªw!ªô_*Dj.½ôR÷ÑG¹‰'Ú¼šñA€ºC-Z´°— }úô‰a¶¤gÏžnôèÑn«­¶r't’;å”SVh›Ùi§Ÿ~º9r¤ý¾ÓN;¹÷Þ{Ïñ6 ¢¸Î:ëØ‹œ›o¾y™¾PÊÖ^{mwá…º.ó7ö©±oí»ï¾s7Ýt“ýN±Ûu×]·Àˆo8% (öyYä¿èŠñE ²þKdRáZµj®ÿþñEE– !à.¹ä{éЯ_¿Ô¡ñàƒºc=ÖÈÈ?þèÞyç{³Í6ÛdÅ“šÚµk»O>ùÄ-\¸ÐH mÿý÷wO=õ”ƒ(í½÷Þ®yó桤†Ð¿Aƒ-ó·Î;Û|ûí·Fjø}Þ¼yn½õÖKͺˆÔ¤f©c=Qù/±^'ʨ¨ÿ‰Ô ÙÞ~ûíôB@$BÐÎ9çwÄG$ÀÚª3µäÞ{ïu/½ô’{î¹çlþ¨/¨0ÙŽ÷là~øá÷Í7߸Y³f¹¦M›º5×\ÓBk{ì1׸qcwÜqÇ9œ£9s渳Î:Ë”œcŽ9ÆÝvÛm¶Ÿ §wïÞnøðánã7¶óŸ}öÙåH ÊΘ1cì¸Ï?ÿÜ|òÉîÚk¯µ¾oC"+á“O>éÆŽë¾þúkwñÅ»îÝ»[ŸW\q…ûôÓOÝ.»ìâºuëfÄ ÂôÈ#Ø|!vÓ§O£Ð »ÂϪîÚVOC@þKÅpÓYB XTĉDjVYe·xñb…œk…5®ˆˆÀ’%K,,Šû6í®»î²û¸×^{Í~BŒ2I ý®±ÆFHî¼óN#?‡z¨‘šõ×_ßÈÇÇì¶ÞzkÅ(“Ô ^@@ +­´’©; 6´ÿ·jÕÊÝÿýî„Np;ï¼³)D&ú`S%$Š1 có$â ÉáÿŒ‡íØ6Æ«¯¾šºkAN/ò_Ò»öšy²ˆê¿äLjN=õTwÀØ—¸šÉA€·þ8Á~ó{r,¯¸¥„š,X°ÀñÜb? !ZÁa=~©ù÷¿ÿí8Ÿó}ôQשS§åH ñ¾ç°‡ý:ˆßÿÝBѾÿþ{ gÈQ&©iÓ¦›p›o¾¹©0>¥³WgèË'`` É Kìq!;ÙÒhÈHfJg’ ø ÂÐ3ƒm±Å büDaÏ Ê ÙUƒt‘¸€Ï8¥ÒzÇw,Cj ;ÙÆ(äU,RSH´5V&i{þé ¥„@”û7gR£/¥RºD4—´!Öûró¯ýËö¿ä£¡Ž°¡³Í6[®û¯¾úÊÂÈV[mµíûØtÓMO+‹­Ìð¶\2™UtŒ\ìÈå…Ÿå‚’ŽÉi}þå Oõ+ ‰@”ûW¤¦+£±„@‘ˆòP(’‰V!ôüË ¬êT(÷¯HMA–Dƒâ"å¡P\K5ºB jÐó¯jñToB D¹Ej ¹2++ýõ—…ÞT«V­`(ýñÇeY§ 6h‘ŠòP(’‰¶„PøY /n¦¦ç_I&FF¿‰Æ>ËRnQîßÔ‘ª“ͨsçÎe×Y’(´Gæ!Ò¬†5*ƒ“’5³‘UŠúÁMÇĹ“öºë®s5jԈݵFšXjqP­5.Jéµk×vçž{n^M"= ëü矺6ÚÈýóÏ?y/.Gy(ÄÅfÙQ:èú+µLâL’~ýÍš5Ë‚üý÷ßeûîphÙO7{ölwØa‡9öðe6 ïN:5tÉ(*Lý«O?ý´ìïø2d_ä<µx"ôßȬI"›K/½4žÆV‘UQîßT’Ò;véÒ¥ nÈY’î¹ç·hÑ"ûüÄOtûî»o™“íA%½6Ó -d,‚½üòËæ$S³‚Ôד&M2:nšdn;vllL+©!«Õ3ÏKÝKV)°¢NE©'B]$·¤©'{ÙîœÂÏt¤?ÿÊ#5|—ÑÂü{˜O³õÖ[»Aƒ•Em@Šˆdá¥íÚk¯]¶dø~ñÅ-Ê…c¾#yYÊ÷7Q-D]à'Úžï[>c8✠! û®'m=Q$¨E¤¨ç»™Îø$™þ ~ÅŽñð‡ˆ’á÷Ì—Éø6={ö´ó½²1gÎסC7sæLGþßõ½/¾øÂ"xæÍ›gŸSùµ×^sÔ1Ã'Xºtiè¸Øƒ/F ü=|Œ ,sù³̽^½zfJ …žQÜPä˜ ~&sá%¼oø{Aÿ2(nü¤fþ~-Ì·,dxUÞïQîßT’.Ô “ÊÆEWRÃE9tèP#;¼å@Â¥vÄ>ûìS¶¶Ü¬¤xåæáïüÎÈ'5=zô°úܬ(=Ü8\Ä nTnHO¨(²ÇXÆ s<œ (K} H 77ÍüùóÍQÇñõÕWífƒTáÄÓÍò@ä†åæâæáÆ»õÖ[ ›£>ÚðÁBî ÔßÈu\ˆßžþyÂ…¼!Â6æ^ac1Yp£fÄEìŒ3ΰ,d RăÂc= C¾1WÎ'¤Œ(˜ÈC Bé9묳ìp„26Œ¤>˜K”‡BU>ŒÔ—B Ø$ýùçI ßgþ{ˆƒ”šÊš“N:ÉèŸþÙaög<ýôÓË,™!¹À/àÿ™ß‘|¯·Þzæ_ì¸ãŽöÝŒ“ïqà;ïz^ä⣄}×óÍ÷9=Å…ù>Æ'jß¾ýrþ ~õÁ ØéhÛ¶­ù|ÇûF /ÆâE2þÑ6|§CløÞ‡hÑÇ{ï½çüqûÿý÷ßo¾ÿ®ºê*óöÞ{o³ÿˆ±ÂÆ%b[ðEè‹c ƒÁø_{©kø{ØLù¾8Ž9Ò|6ßPã("íý7|>ÆâÅîO?ýd$ BJñå0ß’mIlQîßT’Þà¼û†³©¨ ©9óÌ3Í‘¦¡¬°7'“{RÃMŽCÍ…‹* O{衇Ü&›lb5/(šÇ[66Ä…ˆãCQÚn¼ñƲ‡@Ôœ`rÞ.`aOH˜4Þ¤ð† “Ô@B~øácöô uãa@8Û×_íxò¶§2ÂÛƒ°=5=nFzÿ熜>}º½ðŸ_{íµö6€¿E7¨ÔðÐãM‚ããã}yó6cR=Äã¶ÜrK“iy@ù·̆šÄ:g&ȶ§Æ?8yó¶ |°“e-©-ÊC!©s”ÝñE@ágñ]›4X–ôç_¡Âϲ] |Oã0wíÚÕ-X° ëw$¤‚ÒÃw*ßÇ$0`ŸŽ÷¯®¿þzó)ø~ û®÷¤ÆG¤ ]Áw|˜?Cr^nòÓ7ÂÔéÛ7^rB°ü [^ÔâÃpŒ÷Ç B¹øþ÷aj(2|ÿ£¤Ð<©á…i¶qQ_˜;6£|Õ߇WjÀEÊ+5`ƒoäI/oƒ!h+ÚSƒ)Â/ ó-yqœÄåþ©ÉÓžš\HÍŒ3Ìùæ"F=Bq!¤‹›‰Ð2.N$anF¤ØvíÚÙƒæÎ…³Ç{˜BÁÅÌÍÇ[äN” ú&‹/H1©KŒ(D‡ÁÆì ¿áyá'ãÆG>æMŽ(ã³­q³óp£OÞ `7ãóæ$l,Þx0.dŒøWòH© aì„Š³o’€¯Bø{Gðs|†5B©Â¾ëy¡ünö¤æì³ÏõgˆHùðÃ-RÂÅÞcö×î¾ûîe—’÷7Ø߃Oi`/J£Fl¯ êûwx©‰?Ü€ŸÔà„‹Q½zu{i AB‘®àKQü6ü3È ê~'5ì‰a;ê¶áïpýú†¯âý·ÌDžÔàS…ù–™‘+ù¸×òÑg”û7•¤&[JçL¥9Ó«~¡P++/QÀŠH !M°wbbÙÓAì&d bÜüÍ;Ô°udRŽCuàÒ'Î?aS¼i@"å†D¹áxì2tÐA™Ô QâxÞ¢ð€07öðøF"ÞdÜ{ï½ö…“‡>¤‚~‹ƒœpÃáäGbåYæt!v(0{ZiÙ¾#ýÞ|,üü¾£qÎñMðs ø!$õ û®',HjðGø~Ç? ógøŽ†ððÎïD¸Ø ØÃoBÆ ø&Lp­[·¶·œ‹ÿaƒ,à_°×Öï5*5&ÂÑÃÆ%rßB¼ úYØÅ>"iòÅ9žÔ@‚°òÅœý¶?ö„{ÿ _ÈÛÉß!5¨dø…a¾%¾V[”û7u¤&Ž ÊMÌÅ™¹gƒ›Œ‹ ÂãC©`ý(6¼õ6dTö~ð  ˆ>úÈÞœVåLžT -ÜH„ºA¸øé7ïãü³±Žã¹é*:nð<Æàm ýcNW4Ve×¾Á;˜Ù%[Ÿläá ©Lz‹òPHú\eüPøYüÖ$Méù—ŸÕûŽô{p §¡~°Ïƒ}ø9Aÿ¡"ßõaþ ã0.~O0Ì=sÖì—¡œCÐ?bS=amØ[‘hŒ°q!3ï¿ÿ¾%!€D…5Æ¥ý ü:ˆþóÈôñVä¿…‘Í·ÌÏÕ¿^£Ü¿"5ù[‡*ë™°´ ©©²Ž3:‚‘ò5¶Ïf@2–d»)óe‡ú­z¢<ª~tõ(„€(zþ{OjP7ÔVŒ€'5$DPûQî_‘š\9ìç€Í3`äËlÞdK2pdfíÈ׸ê7¿Dy(ä×õ.„€(,zþïàh¨ (4„{«­²–±½A~ײ8E¹Ejt—  å¡84Å# ð³®á–A@Ï?]B ¹D¹EjŠ°Îdý`‘2‹9²Ç„ÁxÏ"˜—ˆ!}²…`V¸Î^§l±±…²9ÊC¡P6iœô  ë/=kÇ™êú«ºU‘ÿRy,å¿DÃ0Êý{RÃþ²OùÆÞª¨’7œFšbRþ‘"/n þlŠó¹Ñ½}d£Mf ÒôwJ!HÒÿù ?nóòö`'µsØ{¥‘уì'£GŽrÚ2Dzî`E]87ê3¹ËÖ(…bÙ¨qK]¥»¶I˜Y±®?ù/+ÅöòÿRþÒ$ÑI©@ Hçþ‘r‘¢Wî¬S§Î2ëDÚF I‘@€ (Pƒ rýû÷7 (ôI¿Ó$ƒůFŽi¸’ä€"PÔÆ!ÿ;)¢±Ï“°¦æGAL¹âY3>£ï™gžiŸAéœ>úhKdÀ¸4>;ꨣ,­cØ|È[Ï úâ‹/AfÍÈg½õäאּeë‹Z=aØr½œuÖYî±Ç³Üó×]w¥×F©á‚Ä9Ê#D¼­X_ê…œ£ÆB@„!P¬çŸüù/ò_*ÿLŠrÿ&B©É$5JÄ©¤X¤C"ß9NûÔ©S-sŸã¨SÐA¸Ž?…Œ(âØ´iS«Û2nÜ8ûÉÇ‚Q8Ó Z’…¾qãÆF ‚þ)€I_ ÅŸÈ¡N5Xh~F½—ãŽ;ÎÆ‚LàDãÜCFÈjƘ2(ú ’ŠCA4(ÖDe[s ‡hAÊH¹ ¹àsŠN2r SØ’tŠî¢ðõmHÕ !‚ô@6 [4æGyo¦à~ú¤x'$ oß¾¶ˆ¢œà )'ò»C Kð¥¸l¯½ö2bN`ÆzBjZµjå:uêdd“B™¾A& 8¬/8uíÚÕ°kØ°¡¥¶þñÇ­X'$‡ùñ7BÚ(J©›!‹'BÁ‚ñøŒ ÈÌ·6àlÙú¢ r¶\ 6úaÝ‹âcžÔPв ¡Á–B¶(…BÚ¥±ÒƒÏÿ‡Ÿ ¦ésáïëë,X0»Pw]©‘ÿ"ÿEþK´;0Šÿ’HRƒcŽƒHVOjpxgÏžmªÊNãSO=eÎý7Þhoèi((ËyC_´>}ú8ŠOâÀãì¢Шœ‹CŽÒIjø2FB‘ÐàÈz‡œý0„™±§†7øüg˜©@q€@JpÆiôƒ$58þ*Ó !Ø ¡á'$ƒy0ï7ß|Ó }PHŠ3(%!l>Ã.°C ‚Ày;±õõ"XüúõëgÕs©” IYi¥•Œ –AȾüòKë›s!/ò®CNä'Jz!|üðä!ˆ/Jc2Gl©^½º i€à±~(S|i0ˆ‹³ÍgøðáF(!I„,‚ŸÑÀˆŠÅÌÁ·aÁ ò ÙC Daãz#®¹sçšJÃÚ¢ä0^![”‡B!íÒXB@|#P¬ç_©‘ÿ"ÿEþK´;>Êý›HRÃTBœ<©Áa%$ •¤^½zæ\¢f@j8Ž0,êoéÉ0Fèÿh·Þz«©<( ÿ9Î+Î|©ñÕqúQhPwÂH N3Ì»i'žx¢)(J¨ (4”~’œ{pˆ˜o„œáèC (T¡…Ȳ…“ß³gOS]PBPqPL<©Á^È¢RõîÝÛ­µÖZeýCÔHTà:Çó0†vÚiF6<©AUÁaçμ8Ç%Š"R¿ÿþ»‘Ö‚GȤ†=pÿðןq±Ÿ=T` Á<òÈ#­oBÌP䂉 ±Œ3þü¬ó A°P}XÛ6mÚ!ô­fÍš6/ßV„Í!CB±%Ô åŠ°8Þ ~öÙg¶Æÿ–·t¨†"5Ñj:Z!PQ¢8E#ì¼0R#ÿEþ‹ü—hwY”û7¤†pÔœcBT”œ\qþEØŽ™` ^”å‘ší¶ÛÎö›@¬˜ÿ‡H!A Ž=öXs‚ƒ¤†¾qúQp´Ù¯™‚ì  °×dæÌ™bvÊ)§qÂY' …‰8ÐŒ•Ij˜Šû’ ¨Rô #œÌ7ŽAQjÔ¨‘…Sa;$ \Å…ðºŸþÙ-^¼ØT¥C=Ôö”€?Eˆp;ágìb>¨,—`#¼‹°=0Á~Ö櫯¾²Ð3Tª°‡Ä!Û|Pu<©ÁFlGÁb-ïCé‚[¶¾¸n°…0¡`¡œq²æd´ f?©‰ö0ÓÑB@Ê"Å)ªìXÁó!5ò_ä¿È©Ü]åþ=©ÁÉö›ÿ‡¢³KóÎ-Î22Ê* Ê$‡¸í;Ly!¼ ¥†ý8lx'l‰½8Ûö=@&PBØPÎ^‘`8–ק’F‚x„)5Bº M8êôÉ8ìŸÁ¿éžÏ!*8ìÁ”ÎìÍA)"¼ òÀ¾Æ£º…RCµ^"’žF;º¸™À¥ •ã ƒ²¹¡¼Ð 2„òAèŸMì(IÁ†r…Š‚ÒÂøìKá 9¡’ñ7°DíB"Ì ²ÅZ‘äÅò‰>¥³Cƒ4ùF(jù3æàSy{¥R“m>=Ô(Èk‚k{i¬1 _°eë+¶ÖrÇu4‰ÔT…€•A ŠST™q2Ï•ÿ"ÿEþKåï¨(÷oìIMypòÃv” áo¿ýÖyoõƒaTÁ¾ „›±g…FØoï}M|B×éÊ,’YžMa§¨&ê¡H¨1ÁF&7ŸVTïÒYƒäÚPfP† zìA¡@­kœoÈaXc? ÄUÅ㉀ÈøÌp_|ñ…)OØ Ñ‚Dp,™ç°G¿P­¼ù`˜°ˆkhEOÃúʆ-¡z\[™i¼ 5ïlãDy(ÛV/„€¨Jâúü“ÿ’}•å¿d÷Çä¿d¿nMjxëÎþ²~Eu˜!@(&„¡A`§" @M”qýR/5œ5! â‡@Ÿò_âwÈ¢x"åþM4©!‹ÊA6u¡¼åA‰aoJû7PjÔ„@)"å¡PŠóל„€H/q|þÉIïõ¨™GC Êý›hR -Ò‹@”‡BzQÒÌ…€(Eôü+ÅU՜҂@”ûW¤&-WEÊæIx!ûyªb?T)@å¡P óÕ„€=ÿhœÓ– IDATt-$ ù/Ë®V”û·¤I ®¨oBX™ÿ,c«¯¾ºí£‰º'—›‚Ìa÷ßÿ2,ÙPOí²ŸQ«… ÷dÅb“=Y·|²ú'™Ñ¨«ÂæuR(¯èï¤b&ùi–ƒZ1d!Ël]t‘Õs©U«–e~£‘aŒ”Ùdí"‘ HZ@†42ʱñÌg¤e¦ð¥od+{á…–¢]»vVo‡º4$o`ŸRf«(ö>ƒ™ÐHÁO å°Ff6R^ó3Ø(|Ìþ–Ëš–Â1Q ¥0_ÍA!dR#ÿEþ‹ü—ÿÞÁQü—’%5dÎð:äÀÿNæ1Ò 7hÐ /O|Ÿ<˜¢ØŠh’ÒC:aÒ“mÌf¤ƒ&½0õR¨ùrà 7¸:”ûw²§šºE‹Ë̇Ú0o¿ý¶Ìaçwv«®ºª{饗,»X°Ut句u$E"¤†ìeÙ²–‰Ô,{yGy(äåÆP§B@"!´çŸüù/z)û¿‡E”û71¤'"!À‘ÅYoÒ¤‰© =¤@#N7Å3wÙes´©ƒ’cÍïj¸Pìòª«®r{íµ—k¤îÊ?Q$PP.æÍ›g5VP6(à‰Ò‚"B*h ˆC0E2é¤I勺Ѿ}{+d Q©S§Ž2­¡ŽP„’Éô‰ÚAuûN:•­ 6‘^™:'+ú;Šv“*šÔÓÁÖ¬Y3Sj¨A“Ù R~N 0òCí i¢ AÌP[¨=‰¡¾Í-·Übµj°›öÎ;ïΤ‰&5ÍלÁ°ói¶³©)œCqJê‘´"‚=üN-"Š•²¦—]v™kݺµÍ$5Œv,}‘ΚZ9`Ä *5IÎe½™ E8Y«`ãê× PAìXSˆ)Tâ¤{¦ÞŠ ×o×°™FdÒS®® ê±Î½B·(…BÛ¦ñ„€ùD ØÏ?ù/Ëû7ò_þ[fCþKùw~”û71¤‡çG¹ÁéEÕ 0fÇŽÍ!&›ÙÌ™3ݵ×^käeøðáö9¿ßzë­æT6lØЙÓó"Üë„N°Ïø;©ž!8„há¬âÔsBx( `\Æ8à€ÊV‡ÂB¢Š=d€"Ž8ЧŸ~ºE¦5ć0-ˆ6ùF¸ä»Wôw `¢Ðx¢áÏG5¡F !oA•„ÂØÄìP•pÞ)æI­™=z¸÷ßßÔlEÙo¿ýlþ8ç.œ|È)µiß}÷‘´cŽ9Æ]sÍ5†ûå—_n$ ØP ¼SÒá`=!1p†4@ GŒaªó\°`ÑLRÃñaÇ‚-Ùe(ŠÅBä8Ö‡ŸÆFƒ4AâXs ¶÷áP•ìx…ð¸Ð˜;AÁ Lºuëf×!ýr,a}(JÌoÇw4ÅË òoãª="ÊC¡jGVoB@â"PìçŸü—åýù/˜/"ÿ¥ügC”û71¤g™Ð©Ã?ÜHN7Î%ê …'L˜`ukpÒQLp2ƒ¿£BŒ;ÖœW¯|…zöÂì¿ÿþö9Å$}ÎÆáÁ9g¿ oãéiÐôKÒ³gO#„¶‚…#Œ³Î¨÷Þ{Ïœbœú7ß|ÓœgÔ› ÚA_¨¨R’ýe„qP;‚ùo³Í6îöÛo_ÆA3jçù}>8óÌBã'J’·£F2Å  û9î5OÆPgž}öY›×®»îj :DÅ7ÖRçêê‹iƒøqñ²× ¢^ìÉAõ /ÈX&©¡¯°cYwæJ-„›8ŸÉ“O>i„Š¹²'‰7i()\C¬‘oT;ˆ&{¡¸~²‘¿ŽàöðÙaþÁ¶mÛšrÆuPŒå¡P û4¦B _ûù'ÿå¿ÑAÿFþˆ‡ü—òïú(÷obH oõQBPJpQiíáM9û8|ÃAE`ßÇà”úßqHù}Ñ¢E²Æ[tÞ®ÓøûH¹b BÓpt ÃÆQç&ô*ºCòc6†-ìKéÓ§©T˜Ç‘g ý 4 gõÈ;õôÃQq¾þúk#+ú;Ž6¤blÌ£W¯^VÖ ;ƒ-œˆd‹ä8ö„€F…ÂZDcoás¨ œvsOú&T BÆÛ© ©É´…u¼ï¾ûl/máÂ…ö“ÐBˆªYíÚµMýÉFj ;RQKv°ì)‚ԠଷÞzNˆªåóa¾qý@!¼™¤âIÒ¯Ôx²ÃºNš4É®®5sô×-¤¼Ð-ÊC¡Ð¶i(öóOþËW7èßÈùÃüù/åßùQîßDTTœCÔ ö™\pÁ¦€àTâó“P,Èêá[„ ±çÆÿŽ2™Œ°ße"Bèd”0"°ØçÂ^” 1áC¼ñÇAe¯ $å‚°,ÔÂÕ`Ý5jÔ0§egÎœ9F’¼óNXÖ½÷ÞkçáxCؘ­´ /¼ÐˆNøŠþNXÎøÝwßmŠ”o8íµPŠ‚¬oìo!teŠ:T+Ê ¶A¢Ø{„‚ÂÀ¾ß‹ëÖ­kÊŠskÚßÿm}£¬@DPAa{ß ‚„åùæq‡DA!h¬afgžy¦ýƒ@³‘Ô¦°cÁŽln\3ôÏ+Ô¤`øk™CÁAuBCbýÂHß¼9{öl#m(V\GÙH ëˆjGªªó',­Ð-ÊC¡Ð¶i(æóOþËòþü—ÿ&:’ÿ’Û]åþM©á ¾Ûáí: 8(D§•ÐX/!D~Ã>oú!%8ÖüŽãLzbHª„O- ™À‘†ìð–%­ ’ƒzÁÛ}6›ãÓØ+ƒúQ@iаĹ ÞðC¾ØGA_3öÕàð÷ïß߈sð U„”Ët}´¢¿&—™€sÀ BDr„ÌÆþH oK8†Íþl‚§1gœð¹sçšóÏØüŽZãD‡ð:lDm %µßâ ûž˜?*If ’(ÿ7ÂüØפOÔ Þ\@²PÏ M¨q`i‚ÈS:CÐÂŽå€t¡®°Î1®`¢ˆ äÔñ„ìJ Š× •  5lÀ/“Ô@Z!cüƒ`²Ö\7¨Y¨]„ºEy(Ú6'„€È'Å|þÉùïÊýù/ÿ-I!ÿ%·»>Êý›Rô!-~¯ˆÏ¶åá J Ã7§H9Ì[÷àï+‚å—}3\p8¸¨?~=!FAG?·%ÑQ+Braú†*A„ òFƒõfš ö·¢c}H[æþ§àù\?×5ÖX#§…Bî¯\{… za$4—ó«â˜(…ªO}! â‚@±Ÿò_âr%T½ò_ªỌ́ܿ‰!5ù‡íiŠyóOú^6ì³÷¤)x 1_‘¢<ÒƒŠf*„@HÃóÏ—Yÿ’†+:]sŒrÿŠÔd\¤~&œŒ=ì‡ÈVÜ1]—”f›t¢<’>WÙ/„€"–çŸü]÷¥ˆ@”û7gRÃ>6Ú« !<tÿ&oÍd±Uƒ€žUƒ£zÅ@ Êý›3©!¥1©›¢&„@r u7 *¨!¤&„€Hò_Ò¶âšo© ÕÉ™ÔPïƒZ¤¿UB 9ÕnúôénäÈ‘É1Z– ! ªù/U¤ºF ªÿ’3©2dˆ¥ø½á† <% '„@e öéÆÏ>ûìÊt£s…€‰D@þK"—MF «ÝÅəԀ-é‘IŸë+Ì o! âÀo¿ýf…a),«&„€H+ò_ÒºòšwR¨ˆÿ‰ÔP¸pØ°aîÑGM*F²[¤ Ã;ÌŠ¥6mÚ4UóÖd…€Aä¿èzÉB "þK$RTf§à€’…Ž¬)C2CAÚ^½z¥læš®B`yä¿èªÉ@ ¢þKdRW\q…›={¶›8q¢«Y³f2’•B % Ù¶hÑÂê,‰Ð¤dÑ5M! rB@þKN0é !P*ë¿TˆÔ0ÓÇܵlÙÒuìØÑÕ«WÏí¶ÛnŽ´‰jB@Ò’²yÖ¬YnĈîPÈYá—A# !ä¿$`‘dbj¨Jÿ¥Â¤Æ£=tèPs¦ø·ÖZk¹©S§¦f!4Q!<ð@÷óÏ?Û‹…ÝwßÝuÖYq0K6! b€ü—X/ŒKUí¿TšÔ¤óTLñÿý¿ÿçþùçŸTÌU“B@! ’áJuêÔqï¿ÿ¾[mµÕ’?!Í RˆÔT ¾Ò9Y¤¦tÖR3B@!š4iâ&Ožì9äû©–nDjÒ½þe³©Ñ… „€B@$ |ßm’¤•Ë­"5ùÁ5q½ŠÔ$nÉd°B@Ô"àU€ÔšÔ^ ÿ{Aÿ¨­®çœH.! „€B )U©5IYµüÚ)¥&¿ø&¦w‘šÄ,• B@!j2U©5©¾¤Ôhù—E@¤FW„B@!¼Jã}— £¤$¬`~l”R“\׫HMâ–L ! „€Hýû÷wW\q…ëÔ©“6lXYø<5Ú†îúôéã:wîœ:\4açDjt"5º„€B@¤! ÿ%i+–?{Ejò‡m¢zÖC!QË%c…€B@½”Õ5@@¤F—ƒ”]B@! „@"ÐKÙD.[^Œ©É ¬ñï”Ê»­Zµrƒ ríÚµ+ ?5j”;ÿüóÝøñãÙEÔ„€B@!WDjâº2…·K¤¦ð˜ÇfÄš5kº•W^Ù­ºêªnþüùn½õÖs‹/vüñ‡ûý÷ßcc§ B@! „@"5º.<"5)¾úöíëºwïî–.]Z†BõêÕ]=\—.]RŒŒ¦.„€B@$‘š$¬Ral©) α•fÉ’%eöÕ¨Qc™ÿÇÖp&„€B@¤‘šÔ_eˆÔ¤üZª5RiR~1húB@! †€HMÂ,æŠÔäܤtíÕ©4IY1Ù)„€B@€€H®€H®‡ZsõÕW»k®¹F{it=! „€‰A@¤&1K•wCEjòqü ÛÙgœáFŒáASB@! „@©IÂ*ÆÆJ“šÁƒ»7ß|ÓÍœ9ÓÕªUËM:µ0–k!  <ÐýôÓOn×]wµçwžB@! DjR±Ì9M²Â¤æá‡v-[¶´BõêÕsõë×·jB@^*¼õÖ[îÝwßu¼hxàÜ‘GYxC4¢B@" RS@°c>T…HÍ¥—^ê>úè#7qâD+Þ¨&„@| îP‹-ìeCŸ>}âc˜,B@!PňÔT1  î.2©ÐT«VÍõïß?ÁÓ–éB ô¸ä’Kì¥C¿~ýJ²š¡B@¤‘šT.{è¤#‘BÎn¿ýv÷ÐC A! €!hçœsŽ;âˆ#`­LB@! ‘šhx•òÑ‘HÍ*«¬â/^¬³R¾"4·’B`É’%níµ×¶ûVM! „@©! RSj+ZñùäLjØ|gR£‹&A«*S…@ºuI! „@)" ï·R\ÕŠÍI¤¦b¸é,!(ôÐOÔrÉX! „€È}¿åT ©IÁ"kŠB@}]B@!PŠèû­WµbsJ©ùóÏ?Ý×_íþýïW ­<žõ×_Yï+­´RG)L×àÌø`s¦iìÑÀy†`@¨çÆot?ü° j†ùøñÇMUºùæ›ío8ümÛ¶uŸ|ò‰ƒó£?þ|׸qc#CoHÀ¶Ûnë† f„ˆó»é?ØÀe¯½ö²yBÑC%Á>È „ç…^µ‡BsÓM7YÿŒM¡GHQ˜í3gÎt-[¶4{¶Új+wøᇦ›nº©;ðÀÝW_}åX3~Æß!K¨Yƒ 2ÀÏ“p€@‚är‰*ÇúúÖ·Ür‹«Y³¦Ûÿý-üÿC ×cÍ ¬ŸL 5çwžQ ¤*iMý¤­˜ìB@\Ð÷[.(¥ã˜T–§üùçŸ7'ÿÃ?4Udܸqî®»î2²B{衇Ü&›l⮿þz#58É8»¨ì÷@Ù{ï½mïKíÚµ-Tiøðáv.jÎ6D RÙ *iÁõÕWíúç†D)‘gaUØ‹’°êª«š£MëÕ«—ëÓ§)C¨8×]w}Àîúõë›D_ ,°*ÆÚsÏ=MMÁi‡­¶ÚjeWøþó°¯5×\Ó~²÷ˆ>/¾øbûIƒø„Ùqƒ¢j-]ºÔÕ¨QÃH d(ìxƆÈybÕ¾}{#PM›6].ô‹=5ÌgòäÉŽð4¯š1'Oj 8ˆ%6Òä2Ø8Bƒm`Ç:<ýôÓ¦üp d±Î¬—óágsçÎ5•âb“ÖôÐOÚŠÉ^! „€È}¿å‚R:ŽI©!4 ggÞ7B›CÂùå—]›6mÊþY@jPVPYPMPX¦OŸnħŸ0*΃ø†ãL¤åU Ø P()8Ô´… ÚOHA0QN9!\8ü8ÙÁ½%ôÉœ›B¡AŽÖ^{mS¤P.p¾Ï:ë,sÖiìOAEÁ!'3™'Uü ²)€$žG¸Jç@> r´]vÙ%ÔT¥I“&A€„~yÌfûG}äFŽiöÐPdM2 ýARh­[·¶u˜8q¢Ù ?#«a}(nÌBTj 1„îAj ¬¨?àñ#ÔÎ' #5~O k‡º$R“Ž‡£f)„€ñG@¤&þkT( SAjPLP=pxQ"P& &-Z´0ÒS YAÕ@±! ²$5,ûd^ýu# 8û¨!¡¶Ûn; µbJP6Rƒ*€"€Z@¸ªÊ Žx©A¡@UB Â'”ý(„šáœžÆžBèØ“ÃÔ œzö¨@ Ø?Y¹üòËM•`|úb~¾ž…êCXêÌk¬a8I aWa¶` ¢™ä Ô¬Èöl¤r…ªF(ág¬köþû|°VAR%| Õ Ê\°›=3¾AØÖ_ý2"I†5”°â¸ ©É´A¤¦P##„€B "5Ñð*å£SAjPcx«Ïv6ìã0óöŸP/œ}öLàøCRØ€î÷×àôûš+\|Î~ vŸ®˜ 턈vEC½a¤’ƒ”ÙPWH\€’€b€€S½Å[ؾ d 5Gœý8ò¨C(/„{¡¦àŒ³w„/’ \ ˜Ò™D_|ñ…9ü ¾˜Ï)§œbÊP°¡rø}F(U„áAÖ‚¤5(ÌÂî Pà‡½`YÈf;ënCc¯x²Ÿ‡¬m½ñãÇ—í©aã?„¢Å< `$¥3{™ÿwÞ1bH¨ŠŠßÇäçÉþ(}±Þ'žx¢…¶­¾úê†?á{\ ™6ˆÔ”ò#PsB@$# R“äÕ«ZÛSAjùä2»Y+>§† ÅKÁ˜ëƒ‚¦·Þz«‘0L W~î¬H)dJŸ† ZOê Źé¡çÕ‘mB@!PQôýVQäJï¼’%5_|±ÕŽ¹öÚkxðçƒJC!ÆvÚÉ 1R(“¢šlÛ¶­9¨8Ú8Ïü£À%ÄÐ%o wþ©¡6KÏž=ÝìÙ³­ï©S§º:˜*D˜o8娻ï¾ÛŽƒDì¸ãŽV¤“ⓧŸ~ºýاŽ}ûöµ0<æÎõIsÓC?ΫSú¶Q—ûYM!|‘ì|ô­>“ƒ@I’š¯¾úÊÈ8Î:•ç=ôPS¨6sËvTÈÆõ×_ïžzê)sÖ9†ý"€¼í¶ÛÜ”)SLE|@,h„±ñÖ%õÅ~ŸŒ€ÿûBžßÿ½©E8LJDµ AjPZ C¾Oλúê«Cm;v¬ì^wÝuÐ0WÔ œyÔ–ZµjÙOH…$ã½÷ÞsuêÔ)»2)–ɼ Š»îºËýòË/îüóÏwuëÖ5")¨^½ºÙú裱ÆѣG‘cþ(Zƒ/^løBVÿWTI°1”*Ö•=E„¢ñ¼ Ý%pE…Úb‹-l ²´þú뛆I°TÂÕ¸|kРÛc=bws ÒC?ÖËSòÆéú+ù%Ö…@ÑÐó¥hÐÇnà’$5„]¡°ç½4{9Ä8ž¨ /¿ü²9øüp¯Ö­[ÛÆ{ö¥ÐPbh8±8ἉǑ¿å–[ìm>!hìa $ 5"Ùñ{F 8ë„ZwÞyvÌÂ… MU€4¡> ô@p´qÖQë ³ý18å'”ÆóÙǘç£F±byáwˆáXÞ”™C9Ä"FÆ1ÈH“&MlŽ<°µ⃳màÀ¾Æb|öAˆ …‹-*#N£løb/ö†ÊAÒ°GUósãó ’vØÒ„JÃ:U«VÍÈÕ–[nikȺzåՅϼ݃‚.Œ‘A…ƒ²/‡u%1 “àÜùþ ™#ü \×YgØÝÜ"5±^’T'§#UË­É ‚" çKAáŽõ`%IjØÜÏþÞôã /]ºÔXT HûZpÈßzë-stqÔù;YÃØ‹Ãþ RþâðówÎÁéÆ¡fo áKyH¤‰c Yã6½?q ¬‰¿APh°‡ý)ˆÎ7Ø`SnØ?‚Ê‚bfdàè£v÷Üs)8ÔdcS= ƒ>I_ýÑG™=¨ 2>óö`3ªsC AýA¡b}Ò7á{ìÏ ’È•‚ˆšÃX„l1—Ç{ÌÈûYP]P;À0¾ì<0gö2A`À¥ËÏmîܹF>X'Ç¡JÑ?ÊçÐØßA(kö0~øáev£Òqî|`d„=4Ø@ŠaŠÙ0a|時ŒA²h¬* ÊMÜ›úq_¡Ò¶O×_i¯¯f'Š‰€ž/ÅD?^c—$©b}ö›ð&߈D`c¹ÏLÆ^ –ø;Ä…ð-€Ì `O ª8Ž4IP„h&2ª±·‚M÷a½6„q“pŸ6…s6v˜-lÚgŸÌŠN>7:{x„òGã½Ú9Ê´“=8œ%r6|!4ö,8ç27È!z¨1åµlvs}@ú f¾eÃ$³¿Þ(Rù,>ZÞÜ¢ü]ý(héتF@×_U#ªþ„€ðèù¢k¡ìZø'Ç”I¿hP, &(.—( g‡%ò`/Lf ã(}êX!PH’~ÿ+Uõèú«zLÕ£ÿE@Ï] ©#5„W±wÄo–z nEø![„›¡(¨ ¤  ‡~RVª4íÔõWšëªY 8  çKV!6”løY<à•B è¡uH«ºþÒºòš·È?z¾ä㤌 R“”•ª¤„ᇛ¿T‘”>¹C©Î±¢óÒC¿¢È鼪@@×_U ¨>„€C@Ï]‘š<\ d#ƒ)‘‹ÙØ÷CV/²µ‘Š˜z/„ÎU¦çF¶6²ÆQ&J#!E<©ÉSÑ>2Çc¯×H¡í8D±)ìØLü¨ßC:î$6=ô“¸j¥c³®¿ÒYKÍDÄ =_â¶"ųG¤&Ø“>˜´Ã8îÅlíÛ··}D:uª2RœãÈÞ¶Ã;DšæÇìvÛm7«³SÑ>2„‘*Ûת‰dP–ƒƒøÍš5ËmµÕVËel«Šq чú…@YcdC@ן® ! ò…€ž/ùB6yý&–ÔfD½ê†P¿„J÷¤l8p 9Ú¼¤¨"Å}›={¶}ƆÞ¸÷ïßßTŒ`CE8묳¬þ õI®»î:ËrFmj±ÐÆŒãpÌ)’IñLÔŠ 7ÜЊ2R‡¢šÔÈéÒ¥‹â ³“žÔ8!dŠ2R =ÚŠI2Ff:fwêÐ|úé§VE‚ôÈa¶A4ÈøFMú¤X$sfî4jéuÔQVÛ»I¤@-š›o¾ÙŠ\öë×ÏQì“ÏûN9å”eæaš4i’¥¸f.¹ä³‡¤àÂïôM RV_vÙeVŸ‡:2>%›õx|ÔêСƒ£8èqÇgýa µoêÕ«çî¿ÿ~K+MßÔòBšÔÂΫ®ºÊÒ=o¶ÙfRB£& c°þ¨U¤sF]âz5j”[mµÕ¬˜(ý’⚺<¤›âÇZuíÚÕìàš à**¸ðr†2‡Ô½a¾ÔB!‹CÓC?«^tý¥wí5s!oô|É7ÂÉé?±¤ç5dÈ!æxCVùêÑ£‡‘ÊæÍ›/S7†ð¤F™##Žc Q6ú}î¹çÜí·ßî&L˜`ýàLãìúì׌ID'—*ôÈJ}Nž<ÙŠXâ ‡ÙÉg-[¶tãƳtÑÆÄ¡g­Zµ2Û¶m[fõq(ö‚@š6mjÄ Ì6æ áXˆEݺÿŸ½;·o*ÿ¾Ó¤)Ѥh"24ð+$%Š!dŠ’)óLŠ’DÑd¬LÑ RB™§šG*MÒø½Wÿõm}î=ûÜ3ì}î³^¯ûúÞï¹û¬½Ög­õ¬çó<ÏZÏR)÷Œöx'/Ò7Þ˜œ‚p gÐÏ~ö³b—]vIý@HäûÑ77Àùnîb ±'ø„'wõ±6–vgX(ëê䵡P#Â’„2QÆ…=QÄ…IñÜ}÷݉èøéÖ΋/¾¸©A(œ3q–ˆÂ/|k5ÖHÊtUÛ®-·Ü2ñѧòígeoO׆n˜ž½âŠ+RÈ<÷Øc®¤&÷-“„ƒ§áàar†åˆ#ŽH¯m¶Ù&ýx^™Ô 0G„œ·ñ„a¨j'%ŸâÎÛ¤X”eO÷ëÊExïâ&üI¨›¾Ó÷ζ!5Hs:p)ð ceRƒÈÀÅù8ò¸¼å-oIDˆwÊùEÿr[sß„Êå+‘+sá…NgUàÆK“=Iˆ \\N€xºÒ®\‡2DÚÂ#„tùnn;²Áë3•§&BÖž¼K.¹d©)c¾õÖ['O Bç¿3@.V¦Ç[Ö‰RƒäðøsÍ÷xüŒK™Ô…3Æá© aüW¾EøYÌ„@ !_†j;ël-©·P%–{Êd9|jª¡Îij!´‰÷†‡ÅÙrq–F ~¹8{á»ÂÑÊÅ¡ráJB¹Ê$Äïêî§ÝúÀã ]Ú-ÌK¿ç™gžt.¤ªmÈÇû4UAtàèÙé ‚•ûV~–bï= ,°Àœ)þž‡ x7´Óá~¡aïscš¾g<ã—éÚUþ»w¹2Ú™¡^‹ó;ˆ,ls©Âræ2cËCÕ†B¿ £4¹mŒù7¹c= Æ@È—q@sÞßjRÓ£%@³¡ßìñ™ôÖÅü›ôŽþãC äËø°oÚ›ƒÔ4mD¢=À¡?P£Êžˆù×3Tñ` ÔD äKMÀ&øñžI³#ò·D ö!ë·}c6I-¥c’F3ú4 /Íq¶¦gRã@u>(=ÎÇ»@ .Np}õu×]Wï‹ñt 0 BéQM </1)2=“š·½íméF/7EE ö ð‰O|"]í:ë(À8¥c¨Ç;Ù@È—Ù1νô²gRsÜqÇ?ýéOSŽŽ(@ Ð\›½ä’K;ì°C{-(B阨áŒÎB äK£†c¬é™Ôh¥+l]ÑûˆGº×wÄs@ 0™ù曯8ôÐCÇðöxe ð?BéˆÙÃB äË°m_½µI.î¹çžÅ-·ÜRœsÎ9żóÎÛ¾^G‹ F@ÈÙzë­W¬°Â Ah&xœÛÔµP:Ú4ZÑÖ@ ]„|i×x ³µ}‘ ºà‚ Šõ×_¿ØvÛm‹¥—^ºXn¹å ×>G Ñ#àÚfW6ß|óÍÅI'Tœ{î¹r6úaˆ7vA ”Ž˜@ 0,B¾ ÙöÕÛ7©É]=þøã“2ågÁ,.½ôÒö¡-ZŒÀª«®ZÜwß}É°°üòËÛo¿}‹{MŸDBé˜ÄQ>Í@ äK3Æ¡ ­˜1©iB'¢ 3G „ÂÌ1Œ@ /13@`X„|²í«7HMûÆl(-¡0X£Ò@ (Š"äKLƒ@ !_†…lûê RÓ¾1J‹C( Ö¨4‚ÔÄ!"úËÁmYÕAjZ6`Ãjn…a!õ@È—˜@ 0,B¾ ÙöÕ¤¦}c6”‡P ¬Qi „§&æ@  Ð_†n˪RÓ²VsC( Ù¨7B¾Äa!òeXȶ¯Þ 5í³¡´8„ÂP`J@ <51@`ˆ„þ2Dp[Vuš– Ø°šBaXÈF½@ ò%æ@  /ÃB¶}õ©iߘ ¥Å!†kTᩉ9CD ô—!‚Û²ªƒÔ´lÀ†ÕÜ ÃB6ê /1@`X„|²í«7HMûÆl(-¡0X£Ò@ OMÌ@ "¡¿ Ü–U¤¦e6¨æ~ýë_/6Ø`ƒâØc-6ß|ó9¿O>ùäbçw.Î:ë¬âÕ¯~õ ^õÀ,F ”ŽY<øÑõ@`È„|2À-ª>HM‹kÐMwÞy‹‡=ìaÅ£õ¨âž{î)Zh¡âþûï/þñ<ðÀ _õÀ,E ”ŽY:ðÑí@`„|È-yEš– Ô0šùÞ÷¾·8à€Š¿ÿýïsªÄ#QxàÅ^{í5ŒWF@ 0 ¥czt9!_Ft ^¤¦ƒ4Ì&òÒüío›óŠG>ò‘sý˜ïŽº@`v JÇìçèe 0B¾Œõf¾3HM3Çed­*{kÂK32ØãEÀ¬B ”ŽY5ÜÑÙ@`¤„|)Ü~YšFÏh—½5ᥠÞñ–@`¶!JÇlñèo 0:B¾Œ릿)HMÓGhíã­Ùÿý‹ƒ:(ÎÒŒïxE 0Û¥c¶xô7!_F‡uÓߤ¦é#4‚ö¹ílë­·.N:é¤BZ”@ ‰@(ƒD3ê 2!_b>dfLj>üá×]w]qà 7}ìc‹K/½4Ð "°êª«øʽèEég§váÛ‡ûª/ÃÅ7j¦C äËtÅß@ _-_ú&5_øŠõ×_?%j\z饋e—]6ýD Ñ#À¨pýõ×ßûÞ÷ DàÜsÏ-^÷º×¾!zcÈ—Õ@ äË@Œ*@ AÊ—¾HÍn»íVÜqÇÅ9眓’7F æ ïÐzë­—Œ GqDsÖcKB¾ôT<Œ/c=^Ìf*_j“ Ç<óÌS¼ï}ï›%G7v"°ë®»&£Ã‘GÙš„|iÍPECg9!_fùˆîCD _ùR‹Ô ùÄ'>QœþùCìJTƒB@ÚŽ;îX¬µÖZƒªrhõ„|´Qq 0B¾ Ö¨4Š"…Ð×Õ_j‘š‡?üáÅý÷ß!g1Ý– ð·¿ý­xÜã—ÖmÓKÈ—¦P´/˜/1#@`Xô#_z&5ÿô§?-Ž>úèaµ?ê ! ð®w½«XrÉ%‹vØaµ¦Ê/ƒÁ1j F@È—Q#ï fuåKϤfË-·,VYe•b‹-¶˜=hFO @@Èè•W^Y|üãoloB¾4vh¢aÀ”„|‰ ÃB ®|é™ÔÈñ©O}*®mÖÈE½ÀpÕóV[m•òI5µ„|iêÈD»©ù3$†…@]ùÒ3©YmµÕŠo|ãÃjwÔCD éë·éíâÐDÕ@ëhúúmzûZ?¢À¨³~{&5yÈCŠÿüç?ClvTÃB éë·éíÖ¸D½À$ ÐôõÛôöMˆ>ÃB Îú R3¬Qˆz!PG(Œ£ÙMoß80‰wmA éë·éíkË8G;q Pgý©ÇÅ;#PG(Œ¸iéuMoß80‰wmA éë·éíkË8G;q Pgý©Ç5ì¿ùÍoŠüãÅÓžö´¡´ì¯ýkºüÏxFñèG?z(ï¨[éô¡kV¡0°—Ö¨¨éí«Ñ•xt„üóŸÿ,¬åùæ›o„oWu"ÐôõÛôöÅŒ-!7F‹÷LßVgý¶†Ô|ík_KÊçrË-W”ÿ¿ÿû¿b·Ýv+ÞøÆ7η®ß÷¾×¼æ5ÅÉ'Ÿ\l¶Ùfé¹ßýîwÅžð„â‡?üañ¬g=+}öïÿ»xìc[œþùÅž{îY\}õÕªS†ÔM7Ý´8äCŠï}ï{sþ~óÍ7/|á à²Ë.Kïë,»ì²KÊ5²ÄKûï¿qÐAÍyäIOzRñùϾp§w·÷~ðƒLùJþð‡? .¸`qñÅoûÛ‹»ï¾»øÓŸþT¼ò•¯,<£¹tö}¯½ö*ÞûÞ÷Vb…-ºè¢Å§?ýébÍ5×,~ùË_[o½uqá… ,°@zÇ6ÛlSüñ)«k|= K "ÿ?ãŒ3Òw+'žxb±í¶ÛÎù³ºµ©œ‡å·¿ýmÂiýõ×O·öåòÇ?þ±Ðm(·I ?ûÙϦ9CvÄG¤ºe»ÿú׿^~øájÜ—Zj©)ÇeñÅ/Yd‘¹Ú o×,gReNhÇ}÷Ý—ž3Þå1žÉ¯#fòž~¿ÛôöõÛ¯A}ϼ$^ûÚ×ΩÒÝh£æZ ƒz_Sêùò—¿\ÜxãÅÞ{ïý &}ô£-¶ß~ûbÕUWú%6YîÝyçIFD™¦¯ß¦·¯-óiäPȶ̶ÿµ³Îúm ©yÙË^Vì³Ï>Åë_ÿú¢ü» ïÙÏ~öÐ,uÿûß‹¥—^: úa‡–¾è¢‹ŠõÖ[/) Wî¸ãŽD(é¬ìÿú׿Š³Ï>;)Å×\sMzæ‘|d±ï¾û”ërÞʼ„×^{mz‡~ù¹PÂmòo~ó›“BŽŒ¨ïW¿úU²ì# ˆU·÷RÌ8à€â¶Ûn+\“'ïÐg>ó™ÑÒ$ƒÐ:á„Òk«úŽt±Œ",ÈÏ÷¿ÿýâÉO~r1Ï<ó¤÷?õ©O-x~Š<¢¡¿óÏ?ñío»xùË_^œtÒI KdðÇ?þqqÜqÇ;î¸cz§ç)ù|pוç»O|âÓ3Úˆ¼ûÝï.þò—¿Ìñyæ‹_übñô§?½¸êª«æÔeÌd®×GDê[ßúVRŠ~ñ‹_¤> eÆ®Ø 7ÜêÑ—ÕW_=Í¿7Þx®¶=þñ/Î;ï¼)Çå›ßüfñ¶·½-õ×ñ½õ­o-žÿüç§1ðý#<²8çœsŠ§<å)‰Ô!¶Æxž¤:Ba"¯éí&åwN‚2цŒÖ·5“ål®ç¯xEZŸçž{nñªW½ªŸê{þÎ{Þóž´>É6ò.JšÙ8&A…ÜhßÌ­£ŒÔœzê©ÉZÎ[ÁÍ*Í%ÈS@Ù÷»„b¹É&›$ë=°üòË'%ÐïguVR˜)ëï|ç;“"ÍËaã¡8³jþüç?OžÉ7Ø`ƒâÖ[oMßûóŸÿœ¾ë÷•VZ)–ýÎò| ˜W\1µIQJú—¾ô¥9_aáϤ!èÝ÷Þ{ï\Þ‚¿øÅ©_~r¡ÔSªµƒâL¡Ýi§Ôõ!Xgžyf!)Ñ›Þô¦¤të "4Õ{)þ™L­µÖZÅæ›o^l¸á†s¾Ã['Þ¥[ßýÍ;‘\x¨ÞñŽw$‚€€^rÉ%ÅW\1—2ò–·¼¥xÌc“< <]ÚÃüàé¹e–Y¦8ôÐC‹µ×^»ëÊ{Îsž“ŒìûÈG>’æ’þ›HŒïû‘Ðgå;ßùN²jû;Ò’‹ç(E·ß~{òdG⟠IDATt™Cê.÷ÉO~22ó’ëEN•Î2ݸ `æÏç>÷¹9_}ßûÞW}ôÑ CGm8ðÀÓßÿö·¿¥9lŽÌ;ï¼3–Bu„ÂŒ_ÖGMo_]èW¦S&Ì#Ê¿çvÞyç$ëöÛo¿$/^xáô»yMÆšsäKÞ(_ùÊWŠSN9%=o˜{>C²ÉÒcŽ9fŽ\f 7ÍaÆ Ï1ƽdÀvÛmW<êQšƒç­Þ¥¯~õ«ÉøÀûbÞÿýéw2ÞïÞEZ¯dÑ]wÝ• /eYk=‘µ Cˆ5ü±},µ‡áà¥/}i2–Ø/È{Â6‘}Œdøk¬Q¼ä%/IƆ†˜ðÒòʲêò°2"‘gAjª§uÓ×oÓÛ7Pa1ÄÊÚ.‡:åÆQGU){ôó oxCÒQDz ¢ô²5äÆ'YEÕuÖïXH ¯eÚ¦esµ9þèG?J„blÓõ7 )«9¯e˜ÒÉ“‘gÕ¶Y±r›„<¾ëÇsòêP…h ˆRC鶹óظmö¬oB Êå׿þuñÜç>7…sQö)⼊ﯰ ‰Lä²ë®»&ÂläâýÂÍlòYYµ±"I”…\l˜6fÏ ƒIkó …wÝu×Mý¡4°P" ”¡h÷ÜsOR컽×ç<\0E !ýëvncª¾«‹Bˆ”•t8R((?”¨K/½4I¹PüP ¾ûÝï&¯‹±‚'åá1©*¿ÿýï žÊz´“BeŒ|Ÿ—J?):°BT³"B¡2w2ië¬_ŸScH¹BFå–[nI;ø•I†qõùtãBQ{õ«_H\.ÆûØcMsÊçæ­ðJ}[gu*ÉS¿¢¤ŽPè÷3ù^ÓÛ7“¾ â»S)+¯¼ršƒd€õ@i'ÿÈ”}èCiS¶>„Î’³YùgX²q32(¾kÝ1  Œ'dâB#@,ŒHæ®z=cMò˜ð<2vµˆH.ä´9m}[3È‚u/|—¼$‡y@õÓ:°~Õa­^~ùå‰lñlæB^ëxÄ#R]dåóž÷¼ÔVm¤¬ #Ö–öxC–³7Þ¡ö›ìõ>ò ¹q¦ –‘çxr³l RS=››¾~›Þ¾AȈQÔÑv9Ô)7¬ç*Ùcou"†îGNÑ%„ˆ y ¹1ŠÙö¿wÔY¿c!5¬€¬c”sŸ³”H“Èg¬hŠÍ§EÈ•ÉH¶åß)Å‚(ª¾#ü‰UÅ’w…'¦žÏg°¼±–Ÿ~úéiãCnlš”€g>ó™¥-¶Ø"Mæ=öØ#) X¾s#¼U‹›2mP|–R °þÚlJO "–Ã)´™Ñ6át6až›\|ßçêC&(Û6rÊ6/…@{»½—å™âipÆºà‚ æê3ëdnÓT}÷% :E½¬¤ ÏÊÊRg^#ý¤4!!Þ`RV(þÆÂÌRöþtŠ±§vÚiéO³Œ«qtŽIŸzœ?šFña‘66ÅŠ[.¹ßú„L³z«Òg\íd‰î$¾ˆ97Õ¸P&µ2é\Ì+sÄUwý£Räx,·Új«H:Ba /¬YIÓÛW³;œl$לUËI7?(l¸ÈõÇ€C>ùÝš§”+< 3<²ÂH;Ã[=C‘çõ™ˆ4X/æ%rd:[F.òœ+äyJA0×½Ÿ1¨\2©±nyÞsXÃsoä+c™—×!bÁ[Ý-üì/xA")ÞOÙ`Ü!}®ý¼?äe*RCf{9ª­ŒFêËg&-¬É 5ÕS»éë·éí¸ÀR…m—C`)Ë 2´›ì¡_MEjBn i’UT[gýŽ…Ôh3¥Ö¦Hùd½§´³–å‚Ü/›¥WX’Ð ÏæßMNÖB–EÿÚxÏ OËÖõÝwß=}n3µAÛ(m˜<=ØœXÆ)ÛB&<“w®Á÷MHʬ’o¦ò ò`cÉRGAeA¤tSÜŒg‰ó}ïa½d…Ìž$ŠmUbÍ×.J…Ȭ¼2ú$4‚u´zfSdm/“›£°‹²rÌRO¡°ÞÛè;•Y µó6ûìaÑ'Š‹’=H~¯zo™LåÍ[ŸÝÚEÁæÑ °(Óõ]ˆÁPVÒ3¤ˆ3Æ,»¼e°Ó?¤Rˆ‡±C0ô7{M²%”bRöþtNo …D¨Ò¤^Šž8}ý¢t°¸–É>"ŠÂSxY¨%e‡2„¸¸ÕH¨ Ë3o™yˆ¼ê¯U&Ò™äªß@Rœ}™j\œÛrVQEýËÊÃãdÎRV)¨æ¸Â:L‘Ô¾A€®#F'ªþ÷¦¦·o˜”ßiþX÷Ö<¥ŽJvšO Œˆ9ùç<ϯ]kŸL1÷y=×ÔðTòjª›Å¼´žÉIäœW·¾… ñ|òü ýd8qùO©33å[§"5äÓµ ˜L%¬ãìÑÑ.r©\Êʉ0V²„§EÌ;…‰Aöì¼6ä=YmýÛK¦"5p´.µ…lÒWûCš 5ã–ã|ÛåP'©ahí&{px¥íïd¦ß§#5!7†3;ëè#'5ºœ' +"bbÂØ0yXŦÆÂÎÃA¡¤,S4óﬞGŽXúl:¬ÿÈŠ:m^6tD‰Ò*&¡aQdYg±¤Ä*¾‹¼Ø¼²EŸRžça²‰æXo£Í“§XØü§òy í£<¨+ ›E0Ê>«<+iVî;§îP›³âF Šº³9ÙKåóª÷ cBð)^ï„{¾ÖX›„oñœM×w–^–Íò•ÔBµˆìaÊ–Òì™àÅ"x$Ĭ#’åÛÊ„s–ղǢÄÞ¹˜C,Δ,ãÃc–Ã=ƒ a¤ÀäÐ5ʉB B$Ì }2~”´\PJ¤~"aEßÌ7Š×Tã’ÏËäï#,åsV¼‚¼p1wÍ!äÖ ªÔ ƒzgzšÞ¾:}ƳÂÅÜzˆÄç5… Pà4È@ÖD$ÄüG"¬òÊœö»9ÆXb›ÏU×$“ ÎÇä+ÒÅ›ÿ¼² ï¹Ü ܈YŒT-Ö£:xprɤ&…ÈN2ÙBô‘(òY±–<Çጛðb¥3œÕz'_õÏßôËE;ÉÙl$€™Ï#Ä{åïbãÎ*m†§¶2€ñ–"lYV Vq¥sõìnúúmzû†!3†QgÛåLÊrC”F7Ù“ G¾Ã $Ê„žäXDÈaÌ®îuÖY¿c!56 Dƒ‚j-–5–òò5¶B¦l”¼åߧ‚••NåѦ°0æk”m¦&´0µòÙ•:C…hQ˜’òmZuêç³Bðà„`°0 º+D”õµsœ»½ åîí,&µ3;3-æò =½¶i¦ïìõû°¢lâ ç*ü:•Â^Û5Šçê­Q´§©ïड़;KØ)·„Æò”tΞXë›f…bLðÆ0L¨›üóçØÈ“~ /™! p¹o)ë¶Ê°ÐùFø v9Õ3æ>yÇ°SGÞóR‘MIÜ®£øNÓ×oÓÛ7Š1ä;&Mu“=ä#h]]!äÆ gÛ£bzÕ_ÆBjÛÝêÚ²ÅQˆ8k“V¸SùF±Q´#ÞQ¤¶|Þ(›Ò4Ì«õZÙ¾§ë…qô®éí&ñÎ@ -4}ý6½}mçhg 0ê¬ß‰%5€g±6!¤G´Û†W~ùL\ìÊ¿^˨HM¹Ï½¶mºç7̹Vºn RS±™=_G(ÌìMý}»éíëEép›£¤¶òP šÔ¸a¢B#òßoõ#Ófò¾^¾Ké ³]žK&5®æI#ß}&¿ŽÂkÆ{¦¸ºÝYË,óݪéºk—‘ Ežc¬qsfä¥éeDêÝNÔ[ƒ}*äËÔx†|ù>!_»öQ[õÛ*RÃZ)‘Úüãto¸ë™m`ò%Èx-9’ÍJÂDy(òòÇÈCP±ÑI )¹¡¼0’8z†v¿ýöK¹\êw–W¹(nå’ÔÍ•¥þõ.ÖBùäË‘ æQzTªWœªº\9ÊÂ+ ¥|,ò °:vzj$yâÁQäo‘¤Ô³<0DúŽ|?òÊØ”%”K¡øؘ˞šÜçœO•֗]vY S?oÆŽ;î8Çk%§|)°Çç†nHÖP‰/™Lj\Ÿ*§‹4þÖ ÿéÚ¨íH’:\5-ÿ‹$¬®©•?h饗Ny+Œ«$ÆÆ5²r^è‹F™v’,WÅRt\éª~ØIÀ÷Å/~1]!˺ë¦<¹lµ\\=^Õ÷níñžªqÄžIu„ÂLÞÓïwGÙ>Wtš3’Yš»’¯ÉgÒm}YÓ”]kÍ\Q$a-{jä~!xpÌ)Æ s—,ðŽ3Î8#åm™n¾R¦y ¬Åÿ­ykÔúq5}U®5§É(a§äš¼W<Ðp@’ 9ß‹z;e"F±'È'OË2Í»;ì°´­ ‰kµ“ÄgÖ=¹´Ùf›¥µ%Ž¾ó„ÈÏ…ˆø>¢;}‚m¹TɽÎ95•ÒAf(2ZUyËô ùÌ{^Žõæ„¡örñYsÍ5ç4Ì7\3­oæQ•ü‘‡ì”{Gb^2YŸåì"›ÉuûÈ"‹,R[îuÃrº½¯ßõ9Ý÷F¹~§kKÕßGÙ¾/!_B¾ô³J»§Îúm ©±!È;@ñ %T<#<¾òДI¬¹BÉ‘lOâ=XÎ ãˆI(ÈzKÔ¯rñ÷ª¾wkyP5î”Ýq–:Baíeû¬ekÌ<’ÔÖš6ÿ‘‘ªõEÙ5WÌʬõ"qd™ÔøÜšD<Œ5E©1·hsÈ{§›¯,¦d˜„—B ¼×Íê–XR8X·:ùœ˜Q…¢îÿršÛå°ØL²L#vx?¬%^'ë°,Ó#ë]{$ª$“–_~ùdhA¬}É3{C[åCô˺Õ/ ‚Ës®›Üc¬(ã¡/å|<ã1xÍ„Ô]Hœ\;öx—g’ÉØÃäYd·Jþ0„À¬Õwó–ú'¿dù¬#÷äñªÂ&Óí}ÃZÛ£\¿ýôa”í ùR¤¹]Ö™B¾ìt£/ý¬ÞzžàÖPPHeœ§xSHÖBÞ„¡HP6„”ÙT”óÏ?¿xÊSž2'é¦ÏÊçKXÝrø–å•Q±aqÄIñ¡´¨[a‰A„XãXûlèW]uÕ\¡Ý겡!Yk›§‡NRã¬Ï-·Ü’²t{á ³µdŸøÀæäqÂÉs„ÐQòä„…p*R3\…CY¢aS´‘ÛˆyK` éßý›ÛÌÚJÒ&ž.J¡ïwÃ_ÖÞéÚȺA±‚¥"Î}›m¶I AÉBà`‚Di e€‡ÍØ#±Móƒ˜ R£_9ƒ:‹6Ï’ç‘BÉ8JVÙš-ÁX·¾¯²Ê*j«p·qG4ÇYF¹©÷ÓÏQ¶Ï¸“#È9ƒÅÞš¶ªÖ¹ã;GuT꥖§·óLMgø™³z¬ùÎÚ ¬þ½ÌWsqÂ|ä-»‰ÂOÉVO·:ü}ÞyçM2ÅàuÔ'Þd 3Ëgé(Y¦!(Ë-·\ª_ Ù¡ßåð³lĨ"5Ö-’“e+™ -d1#ŒúàFnÛ R¡tÝäžõÚIj¼ÏšÎÅÿ“fBjÈXÆA°f_¹ÀŸ¼á™ÏF˜*ùƒÜy䑉XŠ$–|ûí·'Rã{¼i Gä"cL¹GÎTaÙËÞ×ÏÚìå;£\¿½´§ó™Q¶/äËIMÈ—ÿzÛr äK?+÷¿ß©³~[CjX0m0TÊ´Íš%,“š¼QpùS†ypra9¥„äÒÔ°ÚÜ…\X<…±î³Ï>éã¼Éò¦ëâ•é$5Ýê²ÁÙð(6q9t(XeO eD(”¾ ëØwß}“uà©ÈÞ¬ß÷xsX‘ó!â| x*R“±ÓÊXãiâyá%qî…R@d|)+ÞGIÒí´Ñ³È²JvÃ霮 ³Ï>{NX\ƒLjx¢(T6 o kíá‡>W¶qaå Àæ PD…B@aáé‚¿¤†bË›”K&OU}ç©ële£Û¸Çq–:BaíeûXÆyô„‘ ˆh&5UëËÚ¦@Û¨¤ƒ šŽÔäЧ¬Ø3Äô2_Y¬}Š®5“IÒÁ‹Ú­F ¤†×Âü¶.²A&­¾d™Æ0C^æÐ+Ï $ÖK7RÓ@dO Ï3Y™ekî;ÂHÞ‘EŒ%úBvÄ+‡vu“{U¤¦Û™š™šrøY·5@Ö!¾ 0pí6ä¦gô°DæÈ/ÆQÕ7Þþ:r¶UXÂoº½oXk{”ë·Ÿ>Œ²}!_þKjB¾ÌMjB¾ô³r'˜ÔPº…b8“B±æMYc5Djl”}ÖwžV2VÏn¤†òî‡G„5ò`Ãâ ¸R,òµ™P|o½õÖdi¤ü{ŇõÙe—MŸu«K} o ¥ÉéôÔð(¡¢x±öò:dOM•Ò%d†7êŽ;î(]tÑdýC<ú!59ÔŽRƒL(:‚Ú{ÄÉSÎô9Ÿ©¡È¬¶ÚjéýˆFþÂÏzmãO~ò“tКåágÏSSE"U1ý°·¡ ë`i¦Øå‚Ô˜7*„qõo'O¹`Qï,ÝúÞ­=ÝÆ]ˆÎ8Ë(7õ~ú9Êö!î<€~¬óz*RcÞ" ”pg¦„S!ÒU¤†²m –/ ({+z™¯,½ê gòÙ1íÌágÝꀻp&…ˆ‚oN#-·;–•òÔ:ãµÒ7ᓼÄTY¦ÁÍÚV¯°:xôJj´ƒD(MF•‰T7¹×TRçncÁØ£?ŒŒ^æ ãO= ÂüœMîl¾ô*÷Òª°DΧÛûúY›½|g”ë·—öt>3Êö…|™›Ô„|yð™½^Œ&!_þ‡RõÛO e‚g@”°#á Ȇs'Æœï…÷C,»³ “0ŠÆ ,PIj„°0 !@€x(ìwÝuWò<ðPXÞrø’ Ý»)H‰ÍŸâ‚©ÃfÏb_U…Ð6 ˆ¾P:ÊqãÈBÅ (L‡ É.†Tä®âÒyj¶|¾G?áAq˜ŠÔ8ð,Ö_áµÉmÈÖGÖCýTXy¥\xÚÌËW:S~~þ󟧰¼nøO×FïÒ&–Pý€‹0R‡D°xÚ0lþ,ì,–ˆŒv:¤mbþË!dêD\(ùpJ†¢/ÎH ˜ÎÒ­ïÝÚÃ#U5îýlăüN¡0È÷öZ×(ÛÇXÀƒaÞGëM8(ùRµ¾x+¬sʨy‰èòô• %yž9—C~ëôÔX½ÌWuñ– ¼ûî»A/_éâw¤qô/1cš³Puå^–dât{_¯ë±îs£\¿uÛæùQ¶/äËIMYg ù2÷E$!_ê­â:ë·5¤&C@qf9¥ì³FZ8UIðlþ^>[Ñ F„IÉÖ}Š©úmÞÝŠ ÞæÊÚÈ{ãyßç@v$ÔTªêò>ñêÎÂtKiÓNñRXçÊ!UUí{ÏÃÂ1èB1R¿6—½ ÝÞÓ ÿ^ÚˆœxŸwõš0S¨eª>ÖÙ6óAAørá¥a±GzÊgÊß­Û÷nã>è1©S_¡P§ÞA=;êöñÌX‡  Ê·Þuö‹±™vvËš¯*hó¾<¿ºáÓË|ÛAÔQ~rhgY.•ešµ LµÎ¦j7yˆ8YÛU¥¹7N£ø{ÕX3cHáÑ'Çx÷Eë>Ï7éåöÕ•{Ý°¬³÷ ›Q¯ßºíuûB¾äËCzÎûÖ:RÓÿ´ˆos#àf(^!7û ÿ°ÇfÔ›zÝþ4½}uûÏdR#\wÒJÓ×oÓÛ7ió!ú3zB¾üó 5£Ÿ{ñƆ ¾_8‘¤I/MßÔ›Þ¾IŸÑ¿á#À£ïü¤pçI+M_¿Moߤ͇èÏèù¤fô³.ÞŒ ¦oêMoߘ†-^´¦¯ß¦·¯ƒ Æ„@õÛJOøv?ÝΣÀ=_ÐíœÄ8ÆFL©Ùf{™)3ý~ÓñÆÜ­#ÆOÓÛ7lLF1§ÿõ¯¥sD’O%;«úê,ózݾçL’"ÏWÊtímB'© M_¿Moß æB/ºÑ ÞE^ùév¾pïh[Î Ú»“Á\õÛJRãÆ×û–o÷£œ‹»ñ¬|ån/»™Ë!`· ²¸ÊÔU›&{ùV ™¼£ÜÏ~Ûí¦!×Ew^õ:“vMõÝAáà6(8TÝj4¬¶÷So¾ýÅ-[.xÈD¥—ºÜ®åÖ¨rî¢^¾7Õ3u„ÂLßÕÏ÷›Þ¾~úTõòz­»&Üü‡”tÞÖkÛäX‘£É­c®Xï¥8ðìšzt»!P=no”„Øh3mçTíêEÞ¹~ÞMn.ÿEhiç¾ãŠf7éͦÒôõÛôöõ3WÌmsÍzûºùNTNûPUoN*íÆWWÆ÷Sòí{.Lrü$—òÍ“ÝúI¶ºiÒ9]i%†]Êú[/2qØívýuÖïD‘šr¢¸º¤Æ•É¼(nVdéÌ2>e¼ÜÏ~Ûí j׆£(ƒÂ¡M¤ÆmZ®wFjrÏ^°RÓ Jí|¦¼^ë® ×(#9T]$e ’h³×d°:º^Þùäåj×Ìm˜~°©£õSÿ ¿cîš'öU‰½¥ð£+²NŸ1ÏÍ5kGâ\ _7Ûl³¤K!Ö—\rIz–\‰ê$5öOzIN¾kM[wä…õkN‹b!ϬU†kÔÞO¶h§ß­e: =çÈ#L{w¹¨ß^lÞÓE´ìè&#N8ᄤ·dycÏ&£ÔO 3i;y#"‚ì¢Èï¥=ôF8Y»d3ù(ù““/wû¼Üný¥ÊÝW¥“IßA ßè&ú]%sÈ`ïƒ!ŒŽ›uC9ùxÚ´×Õîä#ÙÝ‹þ&œØžây¹·Èx׺«Ï¸Ò•ºéÕƒž·Ãª¯Îú ©‘ÄŽâgC¶ØL¾Ë.», ?•1QmN)k€Å#©ç;eRcó²± } dzŽ° %¢³Ù!+žÍË"#$ó™…ë½,ë”j ¨œ³[»³Ô§˜ø¾oã%\,“Wý&™d‘&BC±‘Ä’âhØÈYp…¦è£¿ ú¡¿Ú\î'ÅD½6GB¸çž{ŠÕW_=%ìäµAçÄ—¾Z|H!Dé¨ÂD›sÉ™×a Ƶ8)ê§ 8„o&5ˆ¨Œí½à€\ÂD]ÚƒÌÀT½|ï#ȵÁB%Ì8Âbâ—-% $˜ÁËR]c¿Wµ»ìFVÁã"Œ‡•K’?óÂø°œs L÷Ýwߤ•I Z…3l-hú S·$©–ˆ^½æ†J¹ Ûøû¿yÊða][¯dT/k¢©1—­]>cÀù矟օùçÝŠ›¼c|0¯()9ü ©!/ÜþGÙ&l¬”‚|‘…rÿý÷/Ž;î¸dø »VYe•T79EAQù·âŠ+&‚/ü¬Lj¬Q}Î @É6á2æ|6@3dœÍÞûÈ Ê ùäßr(Wµ`°©Ú+(.…wŸ쩒)¹ k±ÅK}¢Æ™±^N<ñÄJYãÎ}ÇÞb àkß±7!>úŒÔj™kü)JX™Lov¯æ:JÇðZѽ榷¯³åæ‰õÁ0#Ö·uÆÀÀlÞ湆ˆ3tØë̯¾l^™ÃÖ}.eRc çè†5{”„äêòóÒ—¾4#…ÂlŸ¥»ðù×^h]3’d R’‹ý:{:¬QßÏ^gÏVɤL.'í°Ç{±"ˬí±^%À•û fúKo «ìÉ";üÍ;µI´‡ÓäÓƪÏËy´ 3í¦“‘óä}ŒîW%srȹBNKrÇú÷72\âæ;î¸#Õƒ!¥ÓéotGòŠNIGÑ'‰‡ÉJz ·JVuÔQãXŠ}½³Îú ©±¹b <6Q“ ãG €o±)˜´„¿ Áȱä¬u6»Î35ág6H›¿Ö‚²°(Î5! °qĉ,”IâÿåÒ­Ý ÂÕIjx :CLœca)°@)9K‚E£Xú%9§d‚p’‘ZÊýÌ›¼“ŠuPÑç,¬(¾Å$,?e÷e7LÊVRm²é#€ŠIf<X^˜‚¤^äC±HµÂ2¾'‘*é_ý‘ä„%¢fÁjûK^ò’„AÊ"D  YpNzšÇ Ž¬Ä,Ë„œN` 2yŒmÝÚëa­!x¼_ñ]PÕ¯æE‰dié$5È_ÕÜ£XQääÜï 5}ɾ±É!»Ì]sμ±RÌ)6ç|voº5Ñ)ß²"NnZk6OJ3yÉ8D‰¦˜ð›‡Ö/Yi¾w#5”2’1‡âŽ—“üòú¬»îºI>«×¦Kq¢,P^ïgé‡Ô° zrDÞe #9©6첡¢“ÔtîÙè@y¡XTÉJŽ÷ªÛš¤<ØwÈ J٠ײˆ‡¥J–·ûEÓ˜[˹íŒ.Þƒh‘[œâ»”ïjs©£tŒ£ŸMo_&Ö»ý~‚3ÐÙãÈs,Ÿ©A:ÊágÖˆ¹ª ܾSž_eRCfÐ…èd½ qà•°ç"”J¾uAgéFj²nÀC†tžýÓ^^_k€²mîÓ…º>.kƒG‰‘‚AònrÈz¥·Ð»¼×»´Ñù?ýÍ‘2ŒåŒ¬~ô‰.áÝp/òSõy9J£“ÔTéd Õävv“9öù¿þõ¯s"zàÁ`OO$§ÉV¤2Z†aÏO§¿e™+2-ë(È£ rX¥Wwî/ãX—½¾³Îú ©±(-&›-««¶Ϥ&Ÿ;±©ñrXL¬Ü–ŠÍ×ïÓ‘ž\&ÞA˜¹Xdï2©©:ѭݤ†P \T‘šÜ·LØ„ðØôr¡ù¼|.(gúîFjXk·|Ñ…! ΠϘv:$ÜIjºaRŽ»ïŒÕ5ɲI ag!éO.¬¬ ÝÎd[¤-ãž5›?<ó­MÈ „sQ6(æ Ìl¹°4š”6J—çrh^ùœ‹¶níÎui'˸:u+ ,k“¾´ÝH !Z5÷2óœâ‹8 =D”ÂSÓ«ÈkÎsdCRcS¦ó8# æJùPçtk¢©áÕ£È0ö[6?óÙüR?â»þå%"‹º‘Ÿk£MI™ŠÔ¥<çŠ5o-P‚¦"5™,ec¢¯ÙS“IKöªêW6Šx9ͪ™K'©éÜ+ʤƻªd rÉòÌ3JögR“ë²ß „äw&59l¥S–t#5 (ä'—ÂÈAþæ½&ÀŒ¡unŒÚ\ê(ãègÓÛW… B!÷%ÚžˆÛÇ¿ìçÝHMù¢J¶õVž_eR# ÂúÊF믿>íQy¾æ)ëRŠ}ª©Q¯5§]t˜NR#dìcûXRÜ‘†k± ÓuÊ û©5Èø@ß°ï’›”t}"S}æo9üFú•‹PSû>vÉ,E„©ês².—NR“õʲN–I1ê&s3àÃ릔õ;ã¡Ñ–2©!›§Óß²L„ lõQ¡C0øfRS%+DZûygõ;RÃë"4ÊƆe³B”=5àÛ˜Yü :€Íše²sÓ·€1uƒ\ž0eRCy¶ X&l༠&©ŸéHM·v$Š 뺋rËR˜I +v—o?ËÊ< ,ÒÏÊUÌëûÝHM¹ŸyBS6(Qp$\(þ¼a”zá!¯gY2©a!õÓ °¼°Ë²ŠÔÀÒ&íbû)'ÙJ¤Sá`,µ™ ç>g¡¨+[4'çÕ0G%cÂ=‹¬±Š Ëñe͆Å‹EŠ'{j2"ܺµ;×Eøš™±|ÙË^–Bžãssˆ^7RCpu›{ÞÃZC!9á©éGôÿ;È7ïb³¥ÔóÊÚhlx¤fº5QîQ9¬‹RŽð ]@ôÍE ¥[¨.…A8‚5+|c¤F(ˆxq¥~16˜ë¬‰~¯òÔh—5ÊkJˆu˜IõCR¬)k&ú$tÎz/ø¯Cj(gÝd ,ë^ê*Y‚Ôtî;¬èââ…wÀì1^°€QYŽ©Íš­£¦EÓ¿ÅZ°&²‘‚bn-Ó1,ˤ†"͸!:¢©1í;oš»êp o¬µÊ»aOÎë´Rã;ä‡0yÞ {5#¡uN©’¢tÑ ö|!»þ¯mä09†o$Ÿ[ït!úùA—ÒgnéœÈ›ÏÔ…H!LUŸÛÓû!5äS7™“ÏÙöJjè-¼>Óéo2‘g®©Æù+ëžÙYžš‡X€ÎŠWP„w°òZ¹&*²äûå~Rܵ›¥€ÒD©âD@±¦úÜ¢§èP–‘%„ÊYVC–D}®Â¤,vs;³ “ÔÛ°hY]9aDA1f½àÀÊÀÅ*dl|—B#Ä–>‡!Ë<Ï;C šÆ±lÕ¥`ò~ølÅÊÂ¥ÛÊ×,óŽtkw^0áÚÁ‚GÊBkÃ1^æKš08©|¥3KRÎæ ËÌ(ÄÚ çòy®é·À©Ÿhú¦ÞôöÕÁŸò«˜kÖ‚smùLI–3ÖJ/k¢üÞòUÉB1¬wëDAÖmÐ朹CYAÀ)$æ»µÄ³É a-›Ÿ¼¸yÙŽ©<5’‚bM[߬ž¸’#_n'ÙËrªÚ¢ÊûB®1”IuÀkJAQàè9a7¹dü„®”7êò^a’sHM7™bý3 QŽ:=5dosöÔ·dx•,aÙ&ÊûÅq ^/ÄÏX1¼èyŸå(Üxj"ü¬Î «ÿlåKöÀŠâ°oØKì/ùò¢LjœŸ`l°žè3åù…pû{y~u^éló\.³Ÿw7ù;M_¿MoßLÇ–aŽÇ´ßë•$ÌUûdÞÛDt P ‹t ÞF:N>¯ÓO›­ kˆ´¬£M%#¬-2¡so´gª ™ëLxésûqùsò¢söòy?ýËߤÌéUËï6FÞ¯^äíLú9ªïÖY¿c#5£#Þqåêl™”á˜9n\¿y…rD †…@¥cXm˜ªÞ¦·o˜L÷NÊ4ï£].Ùó1ÝwãïÀ ¨³~ƒÔ ù¨+h(u„Â8ºÐôö“~ßÉ")LÅDÖ:áM“b±ë“øÞphúúmzû†;:ý×Îû#”KXªðQ¡ÞQQ#PgýöLjÄü»Ù'J ´¦¯ß¦·¯}#-F‡@Ó×oÓÛ7º‘Š7íC Îúí™Ô°öåíƒ$ZÌ^fvËR><ÙD$B¾4qT¢MÀô„|™£x"úC ®|é™Ô¸eÊmYå[2úkb|+F‰€ƒânßsÕgSKÈ—¦ŽL´+˜/1C@`XÔ•/=“Wæ¹AÇõ~Q@ =¸ÒOWh6µ„|iêÈD»©ù3$†…@]ùÒ3©Ñ`WSº £œ7`X‰z@`æ8èé:NWy7½„|iúEû¹ù3"†…@?ò¥©‘8Lr œ8lX‰z@`0È1 ±¨Ä£M/!_š>BѾ@`nB¾ÄŒa!Ð|©Ej4|¯½öJÏÝW%š‹2#1£ìÏm)!_Ú2RÑÎÙŽ@È—Ù>¢ÿÀðèW¾Ô&5º°çž{·ÜrKqÎ9çóÎ;ïðz5@m¸l×[o½b…Vh¡É ùR{Èã ÀÈù22¨ãEÀ¬C`¦ò¥/Rå .¸ Xýõ‹m·Ý¶Xz饋å–[.%y‹£GÀµ‡®l¾ù曋“N:©8÷Üs[rÖ ©/£ŸCñÆ@ !_bnÀ°¤|é›ÔäÎüñI™ò³à‚ —^zé°úõ@«®ºjqß}÷%ÃÂòË/_l¿ýöƒSÈ—‰ÊèHKùÒÒ‹f-@`ÐòeƤ¦˜E{@à!yHñŸÿü§‡'ã‘@ zGàÿøG±ùæ›'Ÿ|rñð‡?¼÷/Æ“@ Lƒ@È—˜"e‚ÔÄ|H©‰‰Ã@àðÃ/:è bÿý÷/öÙgŸa¼"ê YŠ@È—Y:ð]º¤&æCB€ÒqÀ@  —É<ðÀ)¿™£@ 0(B¾ Éɨ'HÍdŒcô"Æ!ÀŠzðÁ'2#¹ê~ûíÞšÆR4(h'!_Ú9nÃluša¢u@ 0‹ÈVÔ Axkfñdˆ®F äË€€ê‚ÔLÀ ¢ ~6£Ž@ È”­¨ù³ðÖÄüA òe(N^Aj&oLûêQ\Ðlñ¥@ è‚ó°‡=¬˜þù‹»îº«Xxá…‹?ÿùÏ…ÛŠþþ÷¿n@ ô@È—¾¡›è/©™èáí½sAjzÇ*ž ©¸è¢‹Š 6Ø 8î¸ãŠM7ÝtÎE$§vZ±ÓN;gžyf±ÆkŒ@ ÔF äKmÈfÍ‚ÔÌš¡žº£~!@ @ ­<äì³ÏþO$DkëðE»Á"Àc·öÚk¶Ò¨-@ !#ðóÎ;ï?0d”£ú@ %|ýë_/ÖYg–´6šÙÂÜ–‘ŠvíC äKûÆlX-R3,d^ïÅ_\l²É&ÅÑGþu“ÈÞ{ï]œ~úéÅ®»îšþ]}õÕÞ‹hÞ R3hD£>Ä™½˜@ 0,B¾ ÙöÕ¤¦}c6°?þñ/úЇzÔ£Š{ï½·xžPÜÿýÅ?ÿùÏâ÷¿ÿýÀÞµ 5í«6µ4”Ž6V´5h!_Ú5^Ãlmša¢Ûðº:ê¨â°Ã›ëzUÉñxlvß}÷†·>š7 ‚Ô Õ¨3ÂCbÀ°ù2,dÛWošöÙ@[Ì;ó·¿ýmNî~ÿÝï~7ÐwDeíA HM{Æ*Z@ ÿC HÍ,Ÿ eoMxifùd(Š"HMÌ@ @ h#AjÚ8jnsöÖ„—fÀÀ¶°º 5-´49ÂCZ0HÑÄ@ ¥„|iéÀ ¡ÙAj†jÛªä­9ôÐC‹}öÙ'ÎÒ´mðÜÞ 54ªKÄAÞ˜@ 0,B¾ ÙöÕ¤¦}c6ðÿãÿ(vØa‡â#ùH!-ÊìE HÍìûaö<”Ža¢u³/³{ü˽©9âˆ#Šï|ç;é­o}ë[©þýöÛ/ý(‡rHú‰Ï‡˜ÃYýèG‹ç<ç9Éã¶âŠ+ö-á‚Ôô ]|q "<$¦G  /ÃB¶}õöMj.ºè¢âµ¯}mñ°‡=¬øñ\<éIO*X`ö!-&y…n¾ùæ´WXa…”k¨Ÿ¤¦Ôâ;Àä ðŸÿü§¸ýöÛ‹g>ó™syîÿú׿&ù2 Þ|ùØ9Ú¢Àä Щ9òÈ#‹e–Y¦Xo½õ&‰èI 0A 5[o½uqüñÇ×êUšZpÅÃ@cxàÒÉ /¼°Xi¥•Š-·Ü²xÅ+^1e{?üðâ„N(~ùË_&#åú믟’Õ%YóÎ;ï\|èChŸ÷Úk¯â½ï}oqÏ=÷¤У(ô© n»í¶Q¼.Þ#B 6©Ùxã“`|÷»ß=¢&Æk@ š?ÿùÏÅ;ÞñŽž¿¤¦g¨âÁDxH °ôèÁ\pÀ)õg?ûYq×]wúÓŸŠù矿ò üç>÷¹Åk¬Q¼õ­o-Î:ë¬â‹_üb¡žÝvÛ-ýû²—½¬xÃÞ0 þ·š÷¼ç=CéÝwß],´ÐB­»[eþð‡“7{—]vÉûâ%ÃE äËpñmSíµHÍ¿ÿýïbÞyçM.è(@ Ð|XYY?{UD‚Ô4LÛØÂ8È;úQc|¼÷Þ{SX*ròÆ7¾±øÌg>Sl´ÑF•q.oûí·/>ùÉO&¯Ž$ÌÎè-µÔRÅ›Þô¦bõÕW/Þüæ7'‚sÞyç¥Û2ÿøÇ?[l±Eò}ðƒ,þõ¯¥¿¯¶ÚjÅW¿úÕâÑ~t±÷Þ{k¯½vñóŸÿõÃ;øÃ&oõ駟žÎsÌ1ÅrË-—H›3ÀÿøÇS¿^ø¦ßy‹ÖZk­bÍ5×Lõù̽‡×kÓM7-ªÚuõÕW§÷ †Ú‹§<å)£ôYúÆ/³tà+º]‹ÔLJõ©tö‡wÅ¥ñ‰O¤0y©á¹qÙ€³]wÝ59á1™ŽÔðœ çœsNò~\rÉ%©dÎTágˆr£øŠÔøþQG•Î÷"Wÿ÷ÿ—[ýõS~€AÉÎxsqXS’¶ò5œ½¾Ob9‡4…G ª¸®ó=ïyOÊ„ÝÖÂ=/Þ{º¤f:„âï@ @ ÐDz&5®Süð‡?LïÑ÷ìSð)þtÅœ’ˆMÕSÒ¹ IÈvØa‡t?%_›e`ví'¦ÿûÿŸ—)‘dÍD÷ø®v#=žAô´G"4Y¡½ë?øA"8¼AˆW7¼Ru]Ó6m|ä#Y\ýõ)ÁìàækU{n¼ñÆDœJãëvßøÆ7R?ä_Ð>¹ü«]ÏyÎsƳJðÖ¸(` F}#JGßÐÅ@`B¾ÄÉôLj&áö3‡÷‹¸ù曈,'öÒ? ²0/ ½œ;¡°³Ðç»÷·Ûn»äÕAŠϯ¸âŠsÍ(Š5eÙ³}ìcÓÕ—žãáØKVcž á|²#{…Ÿ÷§ˆ§@b4m•ù@Œ°ûk»xC"D@â0ʽP,„MÒ2äH¥Þù‰©ú¡Sˆ›6h«Äj¼HÊÊ+¯œúœ31Sü8äÁüŒ9@.²ÇjÕUWMIÉ5}•¡Y}0pU(2Æ»3ý©ÂËç÷¹]Ûƒ¼WÏ D`yÏJÉä$ŸCÜŒ•Dqplóí>AjBè'úñî@`²ù2Ùã[§w=“šI¸ýŒbÿÉO~2…qIÐ…ÄÕ–3³ðï½÷ÞI9æ <— ïå›÷ƒ×ÒÏKS>ó BAæ1Q(ʈoež'€ÇÈ¿”$FØ™Ð1E›xzöÚk¯¤ÔkŸ0-—tk׺뮛¸Ôå\‰P4?GqD±ÜrË%/¥ÙñnE™ª¹(þ<;Ú£x¿3ž&mB ®¾úêä‰áÉ#ÃK”Ë"‹,RhŸ¾dÏÂÃ3"ÜKý²?çâ°¿zxtªð‚÷Óžö´R¦ €BüÙ¬õÉ8Á·[{|O?atAìœúÚ×¾–>G&?ÿùÏÏ剫³ÀšòlÜ~Ö”‘ˆv@ À0˜5¤Æ™çS(àB’Þô¦7%o00ʺð2DÂ!ugExüØe—]’’íü«€Dc>%ì‹ç‚g†wiBx (òÎÒPžßõ®w«¯¾zªK¸¥›BÎ+°ÓN;%¯"ÁáyÄ@ÈE{Ùe—M!P7ÝtSe»ôIXö^Pæ‘!¡WÏ{ÞóÒwyž‘;ï¼3y©¦ë‡ö 5ËäÌ|ÃÞP,µÔR黈 rˆ0Á ÙО§ý»Þzë%båìâàìÂà9Þž,$â%/yI"s§žzj ³ƒ¥°À*¼F¸ñ®ð´9ëä<R‡¬ù\?ùÉOÖUíɤÅØ+BË\V=xæ‰Ð8írŽ ¶m.ãº(€´Ÿ,ÞmÆ:Ú@ £E€žÓ3©™„ÛÏx„†Q¤…AQ~<ðÀ¤p_wÝu‰ðP`]@ GnaW,ûÂÒ„5)žç  Sò¯¹æšäMá áÙNF¡FLʽž‹ü~žä€w‚Rï°<…üu¯{]ªƒ7„R(¤ a®UÕ.×;ï“oèRŸ6ñ !BÍx3[l±Nåv¶©úá`¹~“ËáwúŒè ®‚FxÄMˆ yt´OجäP»x x—83Ã;’‹::ï~á _Ø/¤ ú£m¼oÎ+ñª!’ˆ¡Kx…Ô_Õ&dôo|c é3'|O›Hÿ‹L’yûÜh—ùß6.RÛi¾E™Ý<àQ@ 4!_h;ë£çöLj&åö3 9‹¾ð'J¬«§:+á*_И\(¼,úÏ~ö³ÓmbÝ ïåºü /Écó˜DTxàª~ÞŠ¹¶õRªÚÕí{Âå u—­æ½ö£—öt>ãl ò†˜å{gzÊ$iºº»áåúfçaòiÓÕSÕžnßQ·Kxæššô¡¥¾ËA¤Íòío„^¹¼þõ¯Où|^þò—§yñÌg>3Í/ØJŽª Þåï[mµUúî駟žæ¡|;ßúÖ·RUÇsLzvœ%. 'úñîP:bÀ°ù2,dÛUo-R3ÎÛÏ(dB« ¡=”M¡E_øÂ’2NÁ¤`Sv% D|$Ž¤´fR#ɦÏ(É”Í{î¹'e«G4•3Î8#“%–X¢8á„¡P·w\pÁIF^ʅ‹Pœzꩉ PÜ÷Úk¯bå•W.vß}÷‚Eh‚#,‰bM)ö™|-È”÷ S’tƒ 6Hùo`í}ÞO±—Ôç<.ÈR°!iûî»oR¶)×ú|ŽÃYšvØ!‘d ‘‘WR÷÷¿ÿýÔ/dD^앯|å¯L™Ô_ƒåqÇ—ˆœ$åz{ý9ûì³ÚŽÔh÷+^ñŠâÈ#L„Ã;«êp\¨–¶(ë­·^j«¤™”òüÈë“Kn—g$óCØà˜Cõ_>œ›nºi©A¼c¢Íˆ<@sJ{%èDF$=Í {Üã—Þƒ°ÀÒ÷<Ë‹$ÜÌûQá}È°1æ1“HbÕ3Ï<3…ÑÝxãc•m&5Ö~ç;ßI‰P3QDôý(‡rHúQâófâÀc=ÄxµsÞ’sö^ªW\q¬²lÐ/ùÒ~¹ò¥™r¿×ýxPò¥©çígg⪫®JòŒåòJ±—@’¢ªP~)ÝŸOúÓÉ3¡Pœ)™¼¼ ¬óÊm·Ý–>—AR×½÷Þ›bz²Á‚Ï€u¶×¦¿þõ¯ÉË€”Pt Ž‚4P˜ý«]wß}wR¢)Û¼S‘^J4¥^±‘¼wÝuW" È 'ÜÉônág”rD†—A’QÄÏ¿”C ?y((ñˆBU.eR£ÈÓk_ûÚô<DÈçþïÒ†[n¹%%…3Ó*«¬’”z…‡§ªãQEjͪð³Ü.s@rO혊Ôð!Ä<@žGr)o|`€4¾æ5¯yЙ*$¸›gÈ+OÖu×]—ÚÅ[f,·ó4ágÈ+O™9&<Íx³´íö³‹.º(Í7¡ÆÊ_`Æ a¼;˜µ»7ß|sZd39Úæò¥Í£mŸ4%_ZCj Ê£…÷¥|QŇËËrÅWo¼ñœ±geçE `ò4(c–x–uJ,%™'DATxä!“ª\)Rƒ°ì³Ï>ÉZï}à\æwÞ¤Ø#ÿþ÷¿ŠÆ3ÐIjY‡âyŠsÙ"&ÄÉ÷œ¯ˆ°:J÷t¤qáÊçc7MØ/’ð(õw#5‹.ºhê_nÏj«­–<µxˆ„ZéP@„©yÿûߟ<#0ó=m¬ª£“Ô ?HÇt¤&÷¥LjLä»ì©AªI^.„.—6Ú(;ž8xšcÆzÍ5לó ¢K‘6__!mÏxÆ3ÒüBVÌ‹n¤&_ öã&5mº(q·xí¢@ó@jx¬?þøæ5nš…|iÝEƒgýÊ—Z¤fœ·ŸQ¾YÙYl)ج(óHH©¡(;ãàÜ %›Ç†WC”í /¼°¸ï¾ûR8E\Ø…Ûù ûwÜ‘Ð#ñˆt†%¿Ÿ‡'¢ŠÔ waWB§„[±ìS€)hB·ïW'%×{µ™á5 T#5¼·ß~{R˜½SX%y %¬ëœsÎIŠ:EÛ{…v!Bå’=5BÎôÕy¢õ×_¿øä'?™BAà#ül:R£½”b›Ï“þðúðF {Ú‹èÛYg5çL 8ònðUÕ#sË3B‘O˜!5È@çíkÀ‰ªçì3Kág,þÎñX!»BÅxZ„ ^sÍ5‰Ø"iˆ^™”Â郭³H,•¾‹Ìz®LjÔÍãëòígAjÎOg¤z- æ7ÏZ”@ h. Ã#T[JÈ—¶ŒT´s¶#Ð|©EjÆ}ûk9¥ZXk:Ë:’W@hB¹guwðÝÁ~ 5²á< Å”Îk;GQ¾Ò™rJ)¨/Š.Åš2Ë3T.”[ÖDCApÞ¥ð¾h‹ƒåÙûÃ{ƒ 5qÞ}B.Xÿ‘$!fH‡3ßêåÜŠç)ûH…Ïœåæä¾ë²‚\Ë¿¾Ká÷.uƒ²ï½I¹”¯tF°r(œï"+BÉ´F¢÷¤$_éì¬$¼‹Õ½ªÿ‘T˜h«ðq˜žW›ÏQh_çUÓ¼i¼a Ð%—\ò RƒÈÀÀùíçõsÕu>… cD‘W­\ÌsÏ{‹ù&R_ÊW:#‰È3bj¼xÒÖ¦š6Ü~Æ›i}Ô¹mo¶ þè 0Nœ·Þkjz ùÒôŠös#PW¾´ŠÔè*E1é5¶Þó”QéËÅ9 JøtÊEW¸E·|+ÖTOX¢T®_]jӄXº”ùçŸÿAÕR¢Õˆä‚PÎ…ÑÍ3Ï<écué+ÃTÅ»ä‘ñ~¡WuJî—Ãñå0.gix¸„gMWºÕ¡ý°AJËÅ&$¤¬ ›òsê…KgžžÎö Ú_®ÆH(LfZ;u71l. 0×yG£@{È ž›Þâ/M¡h_ ð`êÈ—Z¤fœ·ŸMÒ@»m­Lj&©oÑ—æ"ÐtRãJsç¡„îE ö À(%"¢É%äK“G'ÚtG Ž|©EjÆyûÙ$ ¸,×ÓæP¬Iê[ô¥¹4ýö3·Ï¹å/‡6ÉhY ”®-ìV˜qSKÈ—¦ŽL´+˜:ò%HM̦@`– ÐôÛÏœ=Ë—6Ì’!‰n€Ð_ç5Ý„ÙÔò¥©#í ¦F Ž|©EjÆyûY úøpÈÙ|~g|-ï›ÛŽCÓIÛñ\X%Ú‡«ËgšZB¾4ud¢]Àôô*_j‘šqß~6}·{ÂÁv7ˆ¹ÞØ dƒ,®vÕr.‹-¶Xº=Ë-kÃ(Ȧ£Ü„–Ë 'œ®E.ßÖï»]qmC~èæ57žÕ-nVÛm·Ý IEQ\çí²WHë»ß]0Ì’qh´¥é·ŸM’|iãüˆ63A Wù2“wÌä»!_f‚^|7/½Ê—YKj$ sòÓŸþô%ÔœéЭ¾úêÅë_ÿút½¯ÃÙûØÇŠÃ;,]{ÌZ>è"ÿ ұ馛ΩڵÔnLsöL ï„Í _ƒ|ÓM7ŸøÄ'jWyã7¦ä£Aä!Õw×{#©Ã,eÊWf󃮻é„Ò1èúÑ!Ы|]‹æ~SÈ—q!ï fŽ@¯ò¥©™”ÛÏd¸_{íµ ÷_ó<ˆ×Sx7¸ÏÏ?ÿüâ§?ýiÊKsì±Ç¦›Êx_ä$A‚$ª\i¥•Òa™K/½´Ø|óÍq‘Ó†ð”_F²OEÞœ 6Ø 9]XúO?ýô”ÈQ. ÔuÌr›H8(×Mg;$¿”»EÛ]Åììgåžq ²/rºäâ:i„Æ{Õ'‰§Û_²gÊUÉÚ'O¶¸ Ù¿¼W¼;òîð~h«öË#¯ oÌx…>þñ§Ü.¼PÛl³MJXʵÔRK¥<1Ú¦h›g$ç¬Âì1yL×/A&\¿ýío§„ŒrÁä+¥Õås9cx¥<Ëô½ï}/‡wú›¤™GuTz? %ùtYƒƒ£òÒHn _ISå¹AÚ`Ú ‡™/ÏñÔPG(¬³Î:k¤õÔKòÍI‘/.* Z„@¯òe\] ù2.äã½ÀÌèU¾Ô"5“pû™œ*=Jl)$ŠŸC—ä~yêSŸšvJʉ4l»í¶Å›ßüæ”çÆïG}tR¤/»ì²ô] Òã )‘)Ùðr}3€° RêÙj«­ !cÈ”LÌ<9Ú¥D Ùèl‡äšró ’["‹¤¢”} EsN„%'âD.$(E0„@®dDžć‡g£6Jañ¹6ùWB5ï:å”SR›Î;ï¼D¬ô[¿ ßùÝï~W|ùË_NDPH˜C£ ‚T!ê¨Â¬ÛmW÷ÜsOòÄœyæ™)AèZk­Uð°½üå/Oèƒ1A¢¼÷ùÏ~:“ñ¢½(aì_$Å÷á±Â +$B#W$¡HŒÄš®~ï{ß[HÀ©>ø¯n8Ì|yŽ§†¦ß~6 òe<#;Þ·’7~¦Ëù5ÞV6ãípúÓŸþ4Wž¯AµlÜgþz•/ƒêoÝzB¾ÔE¬™Ï{ž7•êVM’lîU¾Ì:RC™Ýyç‹“O>9%\¤Ì#)+¯¼ršÈ¯‚²ï¾û&¥ :î¸ãÒ¦-©&‚À ¼ËµÌn¸aR¸%¾¤¸ï¾ûîs®k^tÑEYyÉK^’<=È’.ah”gWØæ3ÂÖ„!íÐ6ÞïF†®[n¹¥øð‡?œH˜¶æ¢ÍÚ+ÜM/ºè¢Ddx,ôß÷¿ô¥/%ÏT>sà ƒ,8/ÃÄ{¤è´Þzë¥äšÂ¼„‘!c™´l·ÝvÉ3ƒÌèWçaoD A®ª0ë&$ÜMÎãÅ£…Ì©ÿ /Lí?ñÄ“ !Aš /yu4cµîºëøÀRxL.¹ä’”Lö~w[¹`N(O Oe—2 l+J/e@T,b„çÚk¯MáW~¯ºÅI8”÷|ðÁI±æY <,Šº œ=¡øw¶Ã»‘„‡wEýBÙ*›a.6Dd€7!ñíýõ¯=‡í²Ë.ÅãÿøŽ¥ðÂœuÖYé{$¢âsõÑBÀ„wñrpÀs­ÄåÅ/~qj›v• o Œ‘¶*̺-Ju!,Î&!‡ˆ×ÝwßBÉà˜ûÀò‰p!99ä~Úô´§=-)Â<ðÀäÑñó‹_ü"…™!E¯|å+“w-}¨Â!×?Sa3Žï× ã?k’|9í´Ó –!ÂÞüšþù6d£>sÇB¾Í…qƒA„Ìšiq~•Wºß3w3mCïóÖö{¡ ´Ô- Döó¼[Éõ‹¨ÓÆ&œùëU¾ÔÅmPÏ7I¾töi’ÎøSÞ êŒï æT/õÌDÞôRÿTÏdÙÜí‚&„‹‹ÎÓôÒ«|©EjÚ~ÐÎb³Y ËEx•ð%¤€âOy †H&ƪ–Éû—Çi¶Då3'ž£°/³Ì2ÉSS>´ŸßÅòëo66^Š´MŒ¹pÎÃyªv¨ÁâYŠ% Lñ]ʹɛ‹ Ì3Dy¢œ ãb]¤k/ ‚\±®Þyçi“Fꄧi’Ç©½>ç%¡©ƒ—†çÄψ…ð;^Œß»„àñ~ 5cm|ìc›ÂÓŒ*̪S^¦02álŸ÷"›ˆ EÓû}¡o¼q 7Cºœåá¡Búx¡x¥`GÈøܹ#¤®È(—³8¡>UဵµÔ¹=d¤¦)òÅ<7wÉ kÈüâÕÅ™;WGgÁÌ?ÆÎ3w<®ˆþW¿úÕä&k(̈Šg­Q!–Ö¶0RÞgÞüäb¾[¿ˆMÕ¹5ë©Û™;^Y²ô»ßýn’;Îâ1üX“Œ ÚÆL¾ : /dÉO~ò“Ê3wÖº3Šdã„3ŠÎ’kþ%kÕOF[s¦¯s½òòNuÏÀ¨Å»ËˆB“k¾Ç3o^øþÅ_œþN®7²²ÛE0dŸï/¹ä’)|—1­êœc®_(onc– gM;ó׫|—ülŠ|éìÿ8Ïø¶AÞLwÆ·Mò†Lë”ç"Bªä #T·ÏéSUç¼»ÉfÆéªB–‰F0ºÉûq­×Î÷ö*_f ©¡àò¸ ‡MÍæl"8¯‚ðcBNÊ/Eù¸ÿþûSX¥Þ&Í’ë†â, ŇbO¡H—KVÒÛ±i ­âEá ðnÊ6oNU;(ö§§¬#^êúÕ¯~•”\œáAZvÙeSŸ‘ ä‚¢f‘ Þ™]ŽÚ`R³ÚòÆ Xþ®?úìsJ…?ŸkÉù„ïñÂP´œûQwviÖˆü`Z…ÙTžJÙõ×_ŸÚo³§¨!ƒãgœ‘%JÒE©âå2fúï< ¥ÃgÚ«>JÅ‚²§P¤`ªøž‹xnºáДÞO;괛ͤÆâªwʽùÅS;ì3wæ¡Í‡ÁüS(ñgîVÈ'm²!!'Â^‘}^TžHáÈÏ‚µP–B/É,Þ€ªskŒ"Ugî\ B™ <· ðÊgî(d›õIÎ1HØÌ]†Ru掩ɷC"CžU?BÄØ ~Ï/Bpëœéë\+äÑTçðD`‚¬‘=úÂ…´À„,GÉEJyl,¬¯nçŠ@—e yÆeªsŽå³‚dQ–ö¦ùëUHi¹ IDAT¾ô#»ñ&’šqžñmƒ¼éåŒo[ä ƒwÕjºM•¼qηêsd§êœ7]©›lî¶~6Ûl³´70vWÉûò±†A¬Á™ÔÑ«|©Ejfóí!6.ÊFùJbdȦ]&IuÍw‘,JG/9Vl¤rÄ^‹ IÊLÃv6U¡¼ñHLõ"Å°ÐB õÚ”ô\3á€Uá/¬,äùyÊeÁó .¸`×$ „ÊxÔI*Ì9â¹)+%½àP«óc~¸ŽP©i‚|qC [¬¤‚œ×Ü0ÏÜ™¿dŒyçß©ÎÜÁJ8&R‚˜#ääƒónH†a£ŒžÉ^át¼;¼úZunÍ÷ªÎÜ‘Sέ¹}Q}BA‘딃gƒÅí‚ c/ËW\Qy掇 Qá‘PNl¶Îá!WŠ=Ÿ‘ŸÔ9Ó×¹ì¦;‡ÇÓ̆Ü*dã Ï°ówÎ3¾m7Óñm‹¼ADÁ«ÎP ÿª’7tΪÏ´ªÎy3ìVÉæ| mÕº#Ç>÷¹Ï%cK•¼g$kJéU¾Ô"5M>h×à‡ÑŠ¿Éʳ"$eb b$L­³Ø¬•¤spTêÜ2RÓù›Gx:‹¥dÏ ¯Í°ÏÜ 9²éQX§:sçE!“ˆ¹À{¢°ì!çˆ9ÅœÇCˆ…º¼Î„›ñê0x %UçÖÔ[uæNØp&y¼³þï| ¶ EÈÔ[¾€@˜¯9UuæÎƉ± òÖðŽÜ~ûís®—Gv(ûH«bÝ3}åõÃ0¢_SÃãEá BT`ÄŽÈ 1Œ*Þσ—/Y€¯Ït+ÆK÷ÜsÏ)Ï9ªßûµ‘Rƒ¤Va ï¦ùëU¾ JžÕ­§ ò¥s.ŽóŒoäÍtg|Û"oœ[©:CMÎTÉ{QÕçö¢ªsÞH{•læa®*ôIr̾&”­JÞ7é q¯ò%HM]É8†çy7lÇÎëx ÆÐÔxeƒ¨sÐn6’ë`>;å\‹0*D`ØgîÖ~Jl·3wBÆ„À:“Á#ƒ\CåEð™«Èy…iù p«M¾ÍÐôtÉ…Æ™A’ªskÝÎÜñ M¦)¤ 9Ê&î]ÛmŸçó¼ï³÷½îµ~k­k]¿u]뺺ݹ£è:íwßϦǢD™vñŸOµ»îyp—R¸1± ¸×R ë WË(¤óÞK‘”º;w.ÇSÊmžNÝÑcý@ܹÓvõëbÂÅvuwîX^X“Œ=w3÷ß Š»SZsQŸ@ÊÇ™îôÍ4·¹hôº‡'8½9„1Å D6H÷ƒ¸ñ–°Î¤‹+`]á2G9ðŒ;3ÝsT?«Oic–N÷Ûxç¯_¥c\’sœò¥³Ïã¾ã;)ò¦×ßI‘7ÈKÝj‡:uò†œíöwVšº{ÞÝd3ÙYW`Ë‘L$Ûêäý¸ÖjÝ{û•/H*®AQ@`²àRÅl]•¯³'ã"5m¼ÈÛï(·áÎ÷( ±ÐæM Kp¿÷ÖÔ‹Äpß*.zuïò–›~ï èÌTï´!vî8Ùø;ï÷Ít§«‡@…+—¨†ÕÒyeÈ&!®gî- ÌÐkÝôs?°¼·é=ÇnX¶íÎ_¿Ñ‰šÌÍA~w’åK'óIÞô3Ï'AÞÔÝ¡î&oöô’Cus S6³Ø; é,Ü“˜¤Ò¯|iDj0¥¹&j›$£­À4!àĘ`íU‚ÔôB¨]Ÿ»Û!\30wgú%íêÅàZíÂݜΠ±™©È³#J‘S}‘0ý[þ®^û^ÜLù.šŸ¶–i"5ãÄ8äÍÂèCÞˆj99Ô9/XáÝOì,ˆ&9I¥_ùÒˆÔ8‰…¹=J LÈ RÓO©ict¢~ð÷w(×d®ŒR®4i×´~wÔr¦_ùÒ˜Ô —Dª©&¢œÖ‹~“Œ€Kã"E MÛo©ft"QÀJèǸÉwûÁT^¼D¬iZD_àœsÎiô¨>xNòÊjéÕ·nÏ5zy/‹þ% A·‹ª.ùK·óÎ;Ïéµ.ÈÊõ°ÖZkåÐÒu®'Ÿ|rÎ1ãÎp×B7Or*Øþ,ôõ(K¿JÇ(ÛT}× å‹ "ã•Ü#3õ«ÉwûŇ{¤¨|2Á7-³‘+¥÷2{õ­ÛsMÛÜëû£’+½Ú1_>µœéW¾ÌŠÔ”A³ùˆš%Ú‡€“ù5š–q‘ša^䕵YÒJ¹[z•&ßíU—Ï)SHM¿–²j³Q><ßœôê[H¨>ð=m.a‘´ä“©«K´ JÅ©Ò šä2je£`Õot¢qa;hùÂ2à"¶HU½J“ïöª«|ŽÔÑÿÔ§>µßG|o6r¥9éÕ·¶šAÉ•Æ`O飖3ýÊ—9‘wk,( |øìÛ£Àx`âwaœeæq{\zÃÞ0«†L#©!ŸÈ)2J‚J ¯|+’º ^-å»ÜlY;Ü%t’/oŠÌör¾È #É&›¤}öÙ'çX¹Ä“[o½uNDI>VI¼#6W¹NäšÑ–ÿøÇ9GÍûÞ÷¾œE–ìC9$×MÙ6®UKñÕ.ùh(ìÈ’¿9`b™ ˜Ë3Ä*e>(þ¶é¦›f9 ‰à´åØcM"áì½÷Þ9Q'|êž«â³Ùf›eËŸ:„\ö,åJ¾®^"°)Þ#²¿±|å+_ÉÁ .ºè¢Œ'KÍ¡‡š­6ŠÜ:ò½D#!¨>P¾$ù¬ÃIÛYY„|–sË-·\ÐLÉŠ…e†íßS÷®K.¹$ãÍ­º¶€Ÿp ¹>›÷l=Œ¿‹Ò"Ìië˜ÇÁØû÷Ë^ö²…æ’1¥ÔÁäío{&kÚ*¿èF,C戼%;î¸cÎn ½[pöo]vÙ%ÿ§mîOk®rNh[ ³-×’yÑk®ÏJ@ty¨ß‹¼ƒ|g“ºMjä2Væ'ï2@’^ùšöÜsÏœ8µ”êw)gwÞygžæ§15—È€&r¥sÑÚµnÈidÙ( z¹"ö’+æ9N&žxâ‰9úŸ|QB [›è>æ1ÉŸK&é½@ ·^p°ÖÉ;ëÇz2µÓüí|®3a7¹¢î•VZ)¯3Ò:#;ºÉõZcÚ®o{ÛÛ²Ìî”+u8™Ã½ÖŒõWW¿Cþξ“¥d˜qùÃþsu‘[r`Õɇuï/Þò}‘¥æL5"#9ßlêÖFò[}ÎBn¬¸/÷#g´g&YÜdÎôÝ~åËœH¦}&»µÅcAXÔ ×‹’°3þþ‰K‡ÀaëBFa‘M€r-QálʸHÍ0£·+J„Íì¼óÎË›¥²(á«ò]‡6”Cßeå‘\Q†ç+¯¼2+#6Y!€¹+Q\å4±¡’}ꥨz‡Î&Lñ¡Ð×"`³'3Ÿ÷¼çå—rN¹fMBZžþô§çü(ÚS%54R˜X2(¼ÈƒÄ”6|›?Š+’#8„ϸs]wÝu¹.ýÅi°ÞqÇiýõ×O·ÜrKZc5jŸ«Î#í¦ÌpmsRLè› 6_|qN¶‰ªÓ¼¤xÛàA¹Gèlà” Ÿ¹ó¥m=F„„2%ÛvN6]¤JÛáA!”P¸ÁPß)cÆ©î]Ú-ù'7ÍBj„gö¬¶*ˆ’*á(KE@´Õ8à Ûn»í¸f¼$J¥ÄJ¤GióÅx#d”Cyìßq(áûÆÈØÙg½Ó÷ádþh“$¡ÿÖW„ æ‚Ük®ÏF>t{¦_¥cïlR× åKÕíʸ9 "\eŽ8âˆÍ«~·(­…0/$‡bØD®”uh=IL¯°¬}Jp!5H̯^rEèrw¥%ß%¬ckÁo2°kko÷ÝwÏJ0yçwqÃ#¿8´±îÌû³Ï>{©©>g]ô#WÈHÞOÒ7æ8¤¨“+ä+9Dö±L[Gðõï"W¢:œŒ[¯5£ÝuõÛ:ûîÿrÂh·uK~ÀX^®:Ùqùå—ßïýúh½«C .nÌUò C$²ÙD?èÖFóÇŸýËø{O?r¦3Éâ&k´¤fP ŽzÆ€S§”Qæ7ã"5üÈ[”yî)ãN—(Ý„wgä*©±Ò³ýöÛgâ°îºëæ ÑZ¡ÀP*r.±Äùß~SB%*¦ÜS‚mH,?6VdpjO¡V ßñŠ*¢PtœþvÞ©¡€}ôÑI„ ¥Û°lÊúÀr‚hHðÆâþô ¹B*Ê]+ßA‚ljuÏõ£|xRUwŠ"ñž÷¼'[žX .H KÅw¾ó|ÒÍzEY¸ð ó}â~Ö ' ŠBÈ:²á†fRX-”*V '¥HNÝ»Æ5!5¬6°R¼×i©M]1ŒG5Q', ¥Ÿ‚£'Þ”Nóá‚’Š8ùm®h;¼Šrl®QŽeƒ«J­ºà¬Pnl8™î5×)éúN4Èw6©kÐò¥JTXä¬G‡UN·­E'Ý¥t’ãwðÁçÍ[¤š%©‰\1÷Í_¡ú)íž7Ï>ò‘,°ÒŸ{î¹y]¿üå/ï)W†˜ŸæÂd9ÔaU]{íµó¡òróÍ7g âB™¦ Rã{,£d«Ã kNÿÌÓÎç:eZ·Ã¤FX=È0òU½úT'W(Ø_ýêW³LuØ€X±®8¤*r¥N{­k­®~ä´³ïÆÅú,.°Ö,âä «Nv¬°Â µï·¦í%NȺÎ{TÆ¡Ùä ¥³–=§´±BÒí{ýÈmê%‹›¬ÓnßíW¾ÌÙR3ˆÆFí@ HM;ÆaÜ­˜fRcc¤(;%µ©R<:ï\TISÁrb卵Ņ"Ja´Y9Õ¢4Ûh vŠ+âDÑ@–l¤6^nZ6~DÈ©'sÿ«_ýêLŠJa=Qœ¸ÛÄ•r‰½Sà:¦. …ö;ɤä ˆDõn  mUR£^£>(6Û¥–Z*­¼òÊ  TŸëFj#î ÅRý¬\ð·Éûq¢ÊõöÈ ¥d‰à¾F±ÙR«¤¦NÜjœ"ÃÞ©´MâX,5Ú[%5È^Ý»ú!5,qÆá@r¿üå/g82JRõN…û8úR RC)cM£à,½ôÒ™¤˜/¥˜Kê@2‘S$6ÅM²¢À‘âYHM™k” Êp!“,†æ‚6÷šëƒ”5ý^ää;›Ô5LRc^›È %ÚüDp»‘šâòYHMqÇl"W¬'sÚܧ$³q£”’-¥XOÖw?rÅúEL¾ íÈóˆ¬$ÃJ ä‰,«’Ÿ—µî{‚uƒHMçs3‘šª\±~XÌñê¡ÒU'WX#X4¹hé»~t’šn8©³×š!{ëêGÊ:ûNα蛊;|Šƒn²£îýeßPÜíIHf)æ@?² á®k#kY«h3r^HM?r¦—,n²N»}·_ù¤fhOI6[Œ=ÊüF`\¤fÐщª£Xˆ W Š£M á°ÙR6H•Ò©9餓²ea5Plº6<§›§vZv°—;5Nm²eÄ ¦“D§s\(6&'«¯q1ó ¥ SàþðÜç>7î3Jw-J/rÒ‹Ôèû1Ç“-#ŃBQ*QÓº‘Š‚‡¼p'±ÁR£.J…;-,R²YåŽÕɆice©áîÂõŠ‚à—Å©Xj0'¢”˜:œ¼Ÿ»E ‰Ô_Ø•{NÆ£JjȵºwÕ‘„Ô˜i#<Ť“Ôýcé1‡Ö[o½Œ+Z)URão”&÷šÜ |¾æ5¯É'Ê,5¬fæÃUH=¬/ðÕ&–ùZ” ão,}12ŸÈrĨ×\¤¤ëWéä;›Ô5hùRµ¾P0Í1¤€‚îMIM¹RîÔhë1™ÁÓÚ wXnXXXMû‘+æÙÈeÔ|+ úÒyá¿ŽÔ Vȵð¨ÏÁCê”iÝä RƒÈ;ü€-ëÞ¢w)r…\biðãÖT!5E®»u8!½ÖŒvÖÕï„=†[!yNf[ÃÚ_';Ðt¾Ÿlu§ï[ßúV–íîóتb¤¦›l"ŸºùoœÔOæ’Cýȇc½dq“u¤fhE@ °q‘šA_ä­#5Ü+(Õ6J3¥²\ʯ#5ÈI9ÁâcÌRß¹œºó!§Ø%š•„µ€ ‡ Š[ élSq‚náÂ…â®8tÊÏú£^J4ÅÖFÖ©h» ÇƦ~ rUPòÛ€ë,5,2e…¥A¿º=WÅ’{›“hýÔ>îX…ÔØx)ÓúϲÀúBi§tQÌ—Yf™Ü_˜"#ˆë…siA<(.ÏSôÇtâd#U'×-„㔨j>Ÿ*©MÝ»ÔÛÒÁ |h7‚ N—z;IÓoØS õ—’ÅÒT-H «L9,BdÌÔ3î&±¬PüT˜R$Í Ä†>RÊŒ¥Ž%ÇØ—¼NqÍiDW‘k.pþÖk®RìõhïlR× åK•Ôk‚Òlþ›îrt#5:p§QÌ_ë寉\©†tF’o½õÖ|_Ï÷‡¬7s™2/ú‘+æšvpõ¬w|@>ôCj(êæœÃ kñ±†ú!5Ýä Rƒ˜÷êuÇ ‰ì&W¸¦‘‡p%Ϭ}lD³È÷Têp²¦{­‡0uõ#:}g¹e çšhmk7LºÉ²´îýånëŽuo¾U-t’š^õWÇGÍE‡Bæ‰q³±¨÷#gç^²¸É:íöÝ~åKXjvÔLÓHjªÃcS¸á†ò¦P 3ˆ!tòÏ¿ÜrËå;5½ŠÓv§x”‡ªB®V $l˜…Ÿ¶M¬irOýTª!²Ý©±!s÷0¦êbÅ‚Àz—껌…6P@–)wJL©¿NN§‘>ĨWéö®ºç¸Ê ÷tê¾KЧªë[¯¶ š½*~¢ì!/Æ£í@ôÌ%Š]·/DÙwªwĆ9×;ÛÒö@ƒ&5ýw YE¸ø´©\A¬XX?«erÅ]h6é>êä Rãðż¶ÆªÉ?»ÉëÈgä‚y‰à©§S®ÔáÔÏšéV·¾{ ÒP-u²£Ûû}×Úo©«¿[É;ø«¿Ûüí&g´§‰,î·ýÕïõ+_‚ÔÌÝ)}&ÜϦt`vk\¤fÐщv;¾>G ©qjeþ!ЯÒ1.dB¾Œ ù¹½·V°(ó~åKšù;Gî×ó“ã"5ƒ¾È£9Z\.fYšÍ íh[oýF'Æ»û©3äK?(µï;\PEeìŒRÙ¾–F‹†‰@¿ò%HÍ0GaÂêR3a6¤æ©°Qm 0Å´=P@š)ž|ѵ©G _ù¤fê§Bÿ ÷³þ±šæoŽ‹Ô ::Ñ8ƨ\Þ&€{•&ßíU׸?ç¿ïn˨ —„ªý¨ßïûý*ãÂläKvîHÀ¾Ÿ{<¾«TsèŒk<æú^÷?Ü;lzp®ï&¹=W,Fù|¿ò%“šóÎ;ïï%†ø(ï ö!@xˆ3¨"’“”½Ê°/òözÿ >yJÒDQÒz•jØå^ßíö¹‹¿"ú¸¤<ŽbßÑG„!wD+‰C‡ÝIã\îÜ»:#ŽõÛŽj”º~Ÿ©ûž\‚ˆÕ´ ‡ÕˆCMŸç÷ûN4®6Nƒ|©ÃNè]óDUìUD@«æÈéõýnŸW#¯Í¶Ž¹<'¬³È…¾%”ý\êì÷Ù&2¾ß:»}O‚SWf0f’eIýÊ—Lj‚ÑÌuêÅó@ Ð 5õÈ ‚Ôˆ¶´âŠ+ŽÔ”0¯B„"Ã"uÉO3Š2©) /›´£äšu.eûí·Ï¹A$ÿkZŠ"RrÐ4}~œßï÷"ï¸Ú¤&å°Îƒ"5ÂP#ã(d§Ü^Bæ ïiT›Q’Ñ%uLdYR7§ú•/AjƱ"[úÎw¾óùô#J 0Hú%5mˆN$Ǽ.§JDétȉ»<rH\zé¥93…Õz¡Ì;!•÷@â=ñýKvð‚!K‚“EIâŠB!B˜Ù;Jn™÷¿ÿýÙB& §hÞ%g„Í›ò ,(Å[Nùa$k”ï¢a‚)Ô‡vXzÜã—“è]vÙe9ÏeFÞ—j‘ÅåKn"—i‹<*>{þóŸŸs¯È•Ò­ÿ>³‰°ÄI´§¹xœ ²|è‹ü+rJÈ##w‡vËÇóýï?'Ô£Éë Éb ùê0P|:rrx·Ä—u–¤Fnï:ᄲåĘùA¾êú^,5Hñ‚§“R Aá‰ýä·ZUrÂ’`QrNßÎWR?¡Âå³âºI7õ[> JåHê|Þ\* ï¸ É£n)ÿvj+T­q‘»HýÚã"õ¸K¿JǸÚÙùR×wáÍuÉSå[zÛÛÞ–ä»ê¶æ„ÕµÆÏ8㌼þ &;-5usܼú[ò]Ö’4æTÝ\ë&»JâOí%ËäÃòþ^óÒúµ>XvkÓÜ®[§”y²D¨s2Õz×g2†ž"ÿ YøêW¿:Ë]m%».¹ä’´á†æõ*y-Ë9yH6*rPIŠ)§Žú„Ž×cP'sú‘ñdx?u‘urYâeØÙ[ÈòP’Nû+œÏ«a뫲ĵr– Ëyì`¥ÈášëúÖ­=ãZ£3½·_ù¤¦£7¦6Ùìà qLàOñkû%5m¸Èk£ENJ¢:§€”Gÿ÷›âÁ:bãAr>øÁfBƒøŒB.}ÕýÌÿ_úÒ—fò"ã÷ú믟 ›ŽHa§œrJúÔ§>•“ÊqÝB\ÊÄ”cß·iÙ°)ÚKJ®IQCj´S»)B6o‰B(¥ֶͯ—}B®6Ùd“œ| ©“¬OFq¤Jn¾ùæü»®ÿ¬%y „g‹ûò‚°Q¶öÛo¿Ä% a¢ I8ùœç<']sÍ5iË-·Ì‰;Kr9}ò¬ÿ×a;ØJøF±[7RÃ-îpEB(S°DëúSuk%Éæ(¯„ïžx≙8˜Ú a&|Ë»áEQC@‘J%¢zßÇ{)h ™"Ï£¢ˆhú ã»ÝvÛå¶IàéoH¢9ç;”šq—~£«m/u}§¸JœJˆ hþ“-Ýšó­·Þ:Ï} 9YD6TIM·õmΘ;äˆ5‹sÝBÜëæšïÔÉ.kÁ:&„Z¶>ï^ó)'÷XãȆþÖ­S"ä‡6[+Ö³ÌõÖŸÃrÐÁ‹5/¤Â!ŽÃDY³&aCîÀS! ŠH4Jî9œ"Å:™ƒpõ’ñÈU?u‘[urYûÈÉç=ïyYî³Ðh·~#`ˆXõžfU–ÁäY l¾ùæy~ vE–”Ñ{J·öŒkÎôÞ~åKš6ŽÞ˜Ú¤fLÀOùk'‰Ô85%`± PB¿ñodeÖQ,™6Šº,â‡rH¶°Pœ%Iì$5Ný„ÚY£‘Š—•ÄßuP¢¶I¤èR*eÅ ‹ËO,â#Úä´ÖiçÚk¯AAp Š E¢z9˜RC©Ð7…aý;!öäNñ.$˦^×ïÕÊ9…Âû!‰7‹ •¿SHz‘ š¼(dÀ•1„‘¶#GÝHzàYÈrÇTHSgß%Ò©&őˇÓbÊFù.BA!£Ö‘Ê]7÷3Šˆº9ĸîù*©ñ=ŸuÖY'¥Ëé-B¤ßæ…ñ¡äµ!Üm¿yÇ%îÚJj¬ñ¯~õ«Ùš‰¼"öäÐþûï_»æÏ°B(”iëµJjº­ok@"J‡% ‹¦õJ®ÕÍ5r§Nv­¼òÊÙ«.„±(ë±Û¼Ô'ï#øm­! uëT¦{r¬vëjõÕWÏÖ%1pÐrM¬kÑaŠn"Õµ IDATvY½H Cöv“9úoö’ñHM?u!(r¹"×Xó€’¬¸›ûYU–8ØbÑêFjÈUõÔí)uíik‰~åKšqIؾ7ÜÏZ8(SФ~IM¢Qʽ̳Ï>{©©ú¢Û$¸DP&l 6Rn!K.¹dVPª–›1ÂâT³‘ÂlÈ6# *åÄ“ÂÎÍ€r‹”òÊW¾2» •wQ乑P&§“Ná(6~¤‡BŽxQ’/ q)ùÈGòI«Ïþ׊v"sêPÖ]wÝlq@jêúÏ­«“Ô85t’ZH ÅÂIc'©a áÎU,5å ¥9rFÉZtÑEóæÏ¿½©©vØÌ•C=4)—¾º¾sWã§O÷ÜsO>!†‹ Lc‹¸u’J!­©aÑ£¬u’šò|•Ôè/e§Œ…÷{VŸX¹(1”JH!]ãý*ãjcäK]ß‘ik†k$W#ÖŒBjêÖKŸy_¬™¬†Nø«¤¦Ûú¦œ×ÕIFÕÍ5®^u² ág]¡ÌÕEX™i^WÖ/e›%y«[§æú©§žº@YgM!Wõ³ŽÔ,·ÜrYæ•õBž°€U-5Þ‰ÜK Òä™n2§Sîv“ñpè§.2½S.;.tg)¢º‘Ù3‘š"K:I 댊¥†«!™V·§Ôµ§ºOŒk­Ö½·_ù¤¦M£m ¦~I͸/òRd_|ñ|ÄFÎ:sÅWÌHj(ŠÍŸÂË*Òi©¡x"aþÙ„ê$5tD‰Ï4_u–îLx¾ØX§‘nužuÖY îÔPÚmpÅÝ’Î% 1³¡•ûÚk£c ré® Òa3CÔlN½ x°(õKjXfœÄê7u‚ÛRÃ-‹r‚Ìp‰ ˜w’íë†ûM_àC¤¤u#5pvšíNn¹éè£:êúŽ0RìÜ¢\:ÍFê(ÆËo¢a,(M¬e\G(&ú†Ô7„Õü©$¥("åÔºóù*©¡$ñûw‚KéZo½õò|áˆÔiCGŸ³¤³ôh\m·|éÖoó†õÏ5Ãåj&Rc.Zûæ5‚ÀrgÞTIM·õMù®[ÇÁº¹ÆíµNvi3¢ÏòiÜtÓMYöôš—È‹µ>:l o­‹ºuÊÔ„Ô8ˆBz²–Ë ÂˆÄpsÏÈ÷:IÍL2Ç:ë%㫤f¦ºÁN¹ÌE¦°ÒKn€îаDù»õN.u“%¦Krß¡ ÙåÙªû,êö”ºöT÷‰q­Õº÷ö+_‚Ô´iÔ¢-À"0)¤ôm.\6[Å怸 ,,"üzŠM¢dS§4/³Ì2ÙÂß‘Rœn¼ñÆ™Tpñ@Š + ¡œbRÐípšïôŸUÁi,7 mBŒ¼K»l`%¤3W9ïu÷‚òà¤õ)qºË=£ZXŽ.dÜÃÔ‡Ðw'ïF”¸£QÐëú_ç~æ^M^?);H„ß Š…vyŽ2£O…Ô85´á+Ý0p?Æé©ç_|ñÅ]C:— Ü;(‰ÆÁã"X×÷jHgä’H¤0"ˆÜY˜øº;ÝæÇï^€‹ÆN›‘w#øªS:áZŠþRXœ¤*uÏRý^Ú„X ý1Žep¯ñ=¤¹wé÷"ï¸ÚÙVRC馔’)Ö-Eœ;+<ëÖÜ“žô¤,X!ÌIä}Ûm·Í2¥×úî\ÇÅÖ¼®›kÝdW5¤3$8¸Ð®™æ%RáÐÀú%»ì d- yç:%CN;í´VR÷‘–:÷3Ê<"ÇzŪLæ8\AÔ#®¹ +™QGjºÉ‡;½d|'©éV«o\ÖOÖZû‡BÆ'\“!#Q,qXäPJ;‘"Qà}(¤†Œ@’êö”ní×é½ýÊ— 5m½1µ)ÜÏÆü”¿¶_RÓ–èD6G§ð6gÖ›E¸[qZÊÿ™ûÃLaEñ‹_ä©ßУˆë€M¿ne”]._½ŠÍ1buê–˜áaý¡•bó`Áñîª \¯÷•Ï3d•†¬J¬ ÅÕ’¡TûÕ­î: ´±C$zmqÚlüXgª¥®ïÝêC*´ÛW±d!1W:€jŸþõòOïö|µî;™3ÁR(*(QnCéWéW[Û"_êút“#Ü.áèļêV¸A!ÜæôL÷©šÌq瀞kþÞ¯ìêg^:|Ñߪ’>Ó:íw¾°2#[Ö(’C~! Ö&LÉÃ~ò½ÔÉœ~e|g[ëêê&—‹ÜÕ‡²GÀÅöJlì{d’:SiÒž~qÕ÷ú•/AjŽˆ“ Ž™u.…rR|KûUræò¾~ž@ý ßiŠ@¿¤¦­y›ö7¾ŸòÉóµ×^›•nr9‰2½ôh\„|ò£y/Òê^!W+Ö/n®,›Q¦~åËÐIðrØ#³|?…Ùžùž¯Se?EXUt™êJh=>•åÒo?utûŽú¸Sp‹(ÉŒøUs#hZªu•vr‡€QJš6ŒÂôµ!HÍôi¯9±ýÖ·¾•ÃAsáVeºè÷"ï¸PR3.äG÷^>+àÊ­·›…zt-Š7 ~åËÐH ßgþèþ¡\z•™¢|¯„îìõ_T~åܼ!êôgîUG·Ï]hua”¹—ÙÔåTþ‹þéýÔ_­Ëâã·-êßÉ6”p?kÃ(L_ú%5\¤Ž“‡€@%J\[ò¥£m úC _ù24Rã2—‹K.mõKjX-ÄéA$—Ã$‚?¤‹¦üÄY7„Ÿÿüçù‚ŸpÑ4<‹Ô¸<题"†ˆ,-¢iø2©Ò;VæJ«\ÊuñÎZ—ÌXŽø*ºdŠ¤É ±‘DN’鹘ÆÿÜ9BÓ³¬R’±!e.¨QÔD¶¨Öå9æ4m3XÚ*3t‰€á¢—¶y‡w¹¨Æg”ÿ¬÷À4J 0 ôKjÜ?˜éîÊ$ô5ÚÌGø»Û›íYm-!_Ú:2Ñ®@`fšÈ—¡‘šÒD&£~I‹¥ a.E¶§œR¯°Æˆ2#L‰$2«‰h.̉¾áb/Rã»|*E­q) (ÂyŠÈ#R ¡ó~#S¾'37‚ˆ/Z"â;¬*|5…Íä~†¨ˆL‚`‰JS²ÛžtÒIùï’~‹ ã‡yµ.õ¨Ï»µ·\üõ]þç"¨[Ä$Ÿ#mÚä­ v0¨f˜E´~IùÜ–KÏmÅ2Ú´—Û;Ãk·©­!_Ú4Ñ–@ ýÊ—ÖV Ê:"Ã"½'‡hÝHp£uîg\ÆÄ}nP¨R'dðI‚…‡¯·=r(¸°Ôø›ˆ:êC:Ü¥©ºŒy¶– á…âóþã¬FH‘v³4!,?rˆE^­‹{\!5,P¨",¾ƒD ûyüñÇçö 5.Ûº3TêF^‚p?k¶ÈâÛý!Ð/©±†XPùBG ÉA™¡t´¹„|ióèDÛî4‘/­!5%¶g·$Üá&†hiÉrÁŠ!CÉ¡0Ó±×¹ƒÝ~ûí™4©ƒÅ¤ÄD ¤FNa]j¥\ÍDj–%Éï¸Ì éʽͽ Ö#npˆ˘é3‘!¹×!YÌ÷.ºy^ÿ<[½#ÄzÄ’4 RB¬ ~I;k¬¥B*G ÉA@b?{x["yÖ!òeræS´4¨"ÐD¾ŒœÔpݺN8á„…Fe‚…‚%_ÈcJŽdT"™i,Á)9žWI 2â’â·¿ýí…H@!5¬,²TKX%C«û>Bºø¯®^¤ÆsKÍa‡– ÒÁM¿üß½"1r—§ÓR£.–©b©‘ M„8‰ò ¾ÉAýfí R |’è—Ôè#ë¤;lÖc”@ h?ܺÝõ´ïµ½„|iûEû…h*_FNj$RdH-…‹™ì²”{nY¥¼ä%/É„ÅÄe|wg”ââ…Xì¿ÿþiŸ}öIÇsLþ\–f$ÀsHŒ€îÚ 5ÜÃ|W8eÅ…ÿâ‚ÖÔ >²y+:!5%³óᇞ³m+î¼x'âÃÊâ>Œ m*i›>ŠÌVêBÀšsÎ9'·›‹W ë+U‰æVúƒ#¤fþŽ~õµ Öšù;¢çÀ ù2H4§£®‰%5¬,’pŠŽôÁ~0'®™eß}÷Í9mžùÌg¦<0­µÖZéÖ[oÍVÉ=W[mµ´ë®»¦M7Ý4UI ëœ5¯}íkÓ–[n™/'û‘@SΘm·Ý6׿÷Þ{§u×]7}á _Èá£ßñŽw亾ÿýïçz%õ|ÙË^–N>ùä\šéX(Ñ‹Ù#¤föØMú“,Ö¬à‹/¾x–Å—^ziºçž{rˆ|‡?Q@ ˜-!_f‹Üô>7±¤æ‘|dZe•UÒ…^˜¶Új«QçIOzR)$D2NÖ—n¸!í¸ãŽÙº#1çå—_ž~ñ‹_¤Ûn»-GSqáŸøDNŠ©ž3Ï<3É`zÐA¥C9$! ù}ÇwäÄžrÈì²Ë.éÃþpZf™eÒøÃœ@“òæ]W\qE&7“FjÂýlzú8{¤fœèïÝ_|q> :öØc³|•L¡!o÷Úk¯|ˆ´þúë¯ñæ@ ˜XB¾LìÐ µáKj~õ«_%Äf“M6IŸûÜçrÈ×ë®».]tÑE9&²¢HŽ)¦>ëÉG?úÑtóÍ7çï­±Æé°Ã[ð=ߵᲾȇáqçwÎß·ù"@žAj>ö±¥m¶Ù&Î"Ãô„'ùÉO¦w½ë]9`©¹óÎ;sB²[n¹%»ZHPæ=“FjÂýl2qÛ[¤¦í#í @ &‰#5vÚiiÕUWMW_}u¾ßâÒþšk®¹ÀÍß–ßáªÆ²R "ÚSéüéO:ß©(@?ȲõÖ[g4ïAj$f=öÈ֤檫®J/yÉKò÷×[o½ÄßÓçÇwÜäÏ’èA 0üAD+œCú~”,d$ľ_<ÃYd‘ô·¿ýmU­Ž6âÚŒ6ŽÃ4àÚtâû@ tC€ÇÑþ>)GG/¸Œ‰Q^UBX`¸Žu*&¿qE[vÙeó½™~Š»9"÷xG?…UˆÕÇž(@ ÿ@ ,Á1@`X„|²“WïÄ’šÉƒº]-f¦¾ZØiª"Î8ãŒle:묳ҋ^ô¢v5:Z‰@ÜÙ›Èa‹F@È—‰¦‘42HÍH`nçKäáaÕzðƒœCV/½ôÒéÞ{ïÍy$X·¢@ 0BéŠQG Ô!ò%æEA HÍ<ž GuT:øàƒs„R]tÑœ£Gë(@  pŠQG Ô!ò%æEš˜Vš?ýéO ÐXl±ÅúÀ@ @ ´°Ô´}„†Ü¾ªµ&¬4C;ª@ @  Aj†ëdUZ¬5a¥™¬q‹Ö“‚@¸‡LÊHE;ÉC äËäÙ°Z¤fXÈNP½¬5tPŽ€wi&hࢩÀ„ y'd ¢™À"òemHMR3$`'©ZÑÎvÚi§tÊ)§$.hQ@ $¡t ͨ+ª„|‰ùPR3çÂW¿úÕô•¯|%ÿ”²Î:ë$?k¯½ö†ˆÀ^{í•Ž>úè!¾e°U‡|,žQ[ 0,f+_‚Ô kDFPï°IL¯.Éé…P|Þ.!ÿñÿ‘Î=÷Ü&Åw@`LpAÛm·ÝÒK^ò’1µ ÿ׆|é«øf Ðf#_‚Ô´aäúløIL¯fÉé…P|>|àÓ½÷Þ.g1M AàOúSZj©¥òºm{ ùÒöŠö #0ù¤¦Å³¨í$¦tArz!Ÿ\>¾ùæ›Ó±Ç À!ðæ7¿9­°Â éo|ck[ò¥µC fD ©| RÓ¢ 5é$¦”Arz!4?Ýë^—£ñm¿ýöó„èy 0p½âŠ+Ò©§žÚÚÖ‡|iíÐDÃh*_‚ÔŒqBM;‰émœ^ÍŸÏå¿8ýôÓ#lóüòèé” ÔóŽ;î˜óIµµ„|iëÈD»™h*_‚ÔŒpFÍwÓ ê 9½šÞÏ×]wÝtÉ%—Lo£gÀ#ÐöõÛööMñÔˆ®sF Éú R3g¸»W$fnàÉ™~“ôôð€ô÷¿ÿ}’šm ÿ@Û×oÛÛ)º#Ðdý©àL 3@0kª ’3\|ÇY{¡5ÎvÆ»@àþ´}ý¶½}1§@ HÍØç@˜ñÁ´“œÏþó]ó?\uÕUéÙÏ~öx`€o¥c€`FUÀˆhûúm{ûF<\ñº@`¢h²~ÃRÓ`hƒÄ4k _6’sß}÷¥{î¹'#¹ÒJ+¥C=4½ô¥/Íÿ_b‰%Ò"‹,2”‡óÊ&Bk8-ˆZ@`¶´}ý¶½}³Å=ž æMÖošfD˜É^.ÓBr~ó›ß¤ù—I7ÝtSzÒ“ž”åùÏ~zÑ‹^”>þñ§½÷Þ;ýâ¿HtPþlë­·ÎcÉ9ÿüóÓ»Þõ®tË-·¤W¼âé½ï}o+“[6Z“=+£õÀô!ÐöõÛööMߌˆƒC Éú RSÁ=HÌà&akšT’sÑE¥Í7ß<ýîw¿K·$•Ë/¿|£ºë®»¦w¿ûÝ9Ç‹äwüãÓCúÐtûí·§Ûn»-m¼ñÆéÌ3ÏÌ—ð·Új«$æû&›lÒºái"´Z×øhP 0Ïhûúm{ûæùô‰î3"ÐdýÎkR$f~¯¤I!9Gydºì²Ë²ÕE9ûì³³Uæúë¯OÿôOÿ”õ¨G¥Ï~ö³Ù2så•W¦m¶Ù&ýèG?Ê÷qô ¥ 7Ü0?ÇJóÎw¾3½ò•¯lÝÀ7Z­k|4(˜ç´}ý¶½}ó|úD÷ 5³™AbfƒÚüy¦­$çe/{YZ}õÕÓþûïŸãío{ZtÑE³[ÙÏþóô¸Ç=.Ý{ï½™ÀrÈ!éÇ?þq¶Þ<æ1IïyÏ{Òƒüàƒ¸Ùf›åï·­„ÒѶ‰öý#ÐöõÛööõt|3˜4Y¿Sm© 3ÿ&ÿ {Ü’ÃmLP€ÿþïÿÎwh”¼àémo{[ÚtÓM“(hl°A&7\ΞûÜ禃>8!BË.»lºöÚkÓÓŸþôtꩧ¦sÏ=7]pÁƒ„h`u5Z{iTA íë·ííÈ D%À”"ÐdýN© 3¥3º%ÝÉ)÷g–¥—^:ýõ¯M|àÓÏ~ö³LZ~õ«_e73AV^yåLb¾ô¥/¥ç<ç9Ù’S,5+®¸búÈG>’þõ_ÿµ%h.ÜŒ&BkTøË_þ’±žżâÊh†Qó2w‡Qÿ¤Õùûßÿ>ß}ƒù œÿ÷ÿwäÁ@Ú¸~«¸¶½}Úòfp+!äÍÂX’½¢¥NjÄÔ&ëw¢IM˜Á ¨©9ã 9u­´ "€ôt–»îº+Q ÚJfJ{›­æ#Õü î|yÈC2vï{ßûÒþð‡ìÒ7‰å‹_übž«®ºêBÍ/A%~ýë_çhzûØDz›ã Š9©ÎÝvÛ-]|ñÅé-oyKºîºëUýœëqWMÔÀã?¾q]ðaE´IùÛßþ–^õªW%9¨~ùË_æ9ÖYªãÂÂÚ¤öDî©W\qE“fÍù»m[¿j{û惼!vß}÷ôÝï~7=å)O y3çU×ë®»nÚo¿ýx{t>é®-yíÞmK“õ;Q¤&HL§[´© Ð’3‰#ÒDh¢ßøÆ7Òë^÷º¼³‚9Uìc;ŠWü\ÝÇêŒz÷ç?ÿ9}ûÛßNO|âÓ#ñˆ9¯zÿj® A¦¸I"2!«ã‡>ô¡¹V;°ç’-¶Ø"½æ5¯i\§> ¯n^4)yÈ5õÓŸþ4ß‹«+e\žõ¬geÒÔ¤Ç{lvEµrÒ¶õ;i¤f>È›;î¸#Ýyçé‘|dÈ›&BcŽß-r‡WË,³Lmmîá’ýîᶱ4‘/­&5AbÚ8½¢Mý"$§_¤Rv{â20®âÝ'tR:á„rÀŠ¾Ü@üàÓ:묓þë¿þ+oïxÇ;rô9–èX!X#¾üå/ç;M_ûÚ×Ò•y}:ùä“ÓqÇ—þð‡çûNa¡·…Ö¦èÿö·¿Mo~ó›Ó[ßúÖ´Øb‹-Ô}u±|ÿûßÏ÷§Î8ãŒ$!«`þ-àƒ÷ˆf×­ Ûn»mé½Â +¤Ï|æ3iÏ=÷Ìw¬n½õÖ¬,#l¬”çõÖ[/[T´Ï©ž»\Õ"ßᇞ¾þõ¯ç{]§œrJÆdÍ5×Ìu#}æüþç¦vØ!‡!·‘úž»\úÓŸņåáôÓOO/|á ªßß(ûù–ÿøÇgLÏ:ë¬ü.côä'?9}ï{ßKûì³Oúæ7¿™-L0 fܺ.¹ä’ôþ÷¿??ÓYÊ]5$c¹å–«ÅÉÓc¿Új«ek—~-¹ä’Ù¢Ïk¬±FÚh£r¾(óÅom«+ßúÖ·r®( ëß›Þô¦Úùô‰O|"˘Ç@ŸgXn()Þÿú׿>Qظ/ç½æ¥zGápÜë·—Üh[û棼á-@ÆPžCÞÜ_†w“7äW·}¤[:{‡½Š¬uדˆ¨u…õØGî™Ýö²^kl˜Ÿ7Y¿­"5Ab†9-¢îq#$§û4ZÃGJ!±¡"”äç=ïyYafš?ì°ÃòÆpÌ1Ç$'«\wš¶Ûn»ô?ÿó?ySøá˜É—@ã½×^{eRqà 7äõ©OMŸüä'³BKy¦DîsŸKßùÎw2¹PÿÞð†|2OÉ­kƒÍ»Ó~ðƒö›UBûµ…Ò¬o\_ôíSŸúT&”t®YúW 2ò´§=-‡‚ï×N;í”]Úlº%‡’{\ˆÚÑGs$!6,^È“®uhµPøëò-yÏZk­••xm~ô£É_ù`1 IDAT–£Ž:*·açwÎ!ŠHG}òÎ:‹ÈO~ò“ôoÿöo™ À²Sãƒüy'¥BŸí>ï¼óòÿÿýßÿ=ÿF ’QWÌ ¸¯¿þú¹/Æ¡Û|2.,k¥ÞoŽ"6°36æÈ¡‡šÛä7Òç7 ›Q–q¯ß^}m[û棼‘rà _øB¾óòæþ2¼›¼!#êö‘•VZ©6yH.©ÏoO¹Ÿ}ô£­]&7ÞxcþYHV×í#ÿüÏÿÜk‰ õó&ëw¬¤&HÌPçATÞr‚äüc€š­A«“ªg<ãY9¥H:Eu¡’‹÷3§ïNÄ(öZJ¤“/'kî.P¢m6ÖÊ5Åžbʪ@é/—·)Ï6›z‰fGÉõ7Šq),%Ú@áV¼Ó¦Ã%É¿Y JþÏrÒÙ÷>üáç6³6ì±ÇÙzÄr¤h·¿ &¡^'{ŠvQ¾)Þ¥ÀD_¹«Eü /Ì ^Eæ+9”$AaeðÌâ‹/ž­!ž£¤Ÿx≹MRµtË·dLXp8õK<‹¼°Vé“⎠"#òŸß%F·¹¢ÍˆÌÆNLEdI*÷^X§¼¦”~<á OÈ}AäùbéêV`Ž­²Ê*3Î'ã[mDV<‡—»q»ì²KŽ|¨+¢W"!š{£¾<ÎõÛíG(ƒ6 V ®^¬7î›ØXNXa¸‘}úӟΊ: e¼ÜGá晡,S`ôÍé¹ç‘ªü݆Á ¢¬—bsaá¡$#3”t'œÞ[ÂrS¦õ§³ 6)dé™Ï|fvqcaAÜ(ÂÜ´ûž{îÉ ±ÓòÔáÿ\ºª§ýž;í´Ó2±ð. n¥‰Ð$Æê*„ÃoÀöÛoŸOèm8\&(—,6ä™SöË/¿ðdlà
[:¤Ñ]Bûw_„i&¹dop`âbÝ^6yÒ¹Òšè%5ÓBb ²¢ —¯rçÅÖ¹Š¸Ù„­†Elú~§U¿}Ê—§°³ñ™lÚ–jØJŠX¿…‚Ä c®'/n# †…lœ)œ˜¥–Zªß&å{“LrœQÎ\rwJ>¡5 ð)Ɉ—5ጂm~PPY5(Ò.·"=Ü(Ü¥á‡ì´‚[¢M‘ÂcRt÷Ýwß<¯(ŸNÌ(Ä6w®æŸ5ÀzâÞLQ,ÜA1O)Ú”víaâÇBqõûî»ïÎóØæåþK]^üâçS~ ¯ç‘ rY”5Cít¡Ta… 'X_ȧÒýA<(ôî©XW_}u&X»îºk^WÚj ±$!¢|¹C„ ¹?!ÆY7ü¦¸“©ˆ‹¨Huù–|†P8}Tԃ챘«°f°R°Ü¨ÁáþÖ­Ts=Ù,ë0¥d¨ŸÌ1ÎäDq3sÇ©sR" OÖ*}êV ÊyKvv›OÆÅÝ™’Š’âÞ¡pßAa(7¹Zæ˜q1î£.M”ŽQ·ÍûÚÖ¾q˲Ç!‡Ã˜â&;LyÃ5×=#äÍýex7yC×í#>ºå¡#Û–c„ˆ|è&—¨‘cwÈénûÈ8ÖlõMÖïœHÍ´˜*xeú9µ QFœñÃd™MXÐq6A)“&/?pJ…„BïT“¢Ð´4mK5le“wÙ¼‹Ùä¹ÎïRC¸ŠBån¥ŽäÔµ›Ïé\Þ9Ìg'‰äðÙuJW¬eC•Ü4ZÃÀ”;ë e¾œ´;¥g))D€€’ÍÒá7YÑœJ>ׄbL¦PþÝOÞØfÂÕ«[1ï)¶î¤”bݲþpc¢ìö*ˆ$%¾Wèa}±¡Í¶š_¼Ï)&Ú†¨’‹,ÈLçÁ‹ |úM0Ù-ßÂã°¬ZY ,Iï.¤©óÌš¯–:LMŠ§ö#oƒn¹å–žwUD8ÓïÎBÞ8¡®–&óÉs\ôøÊWóQ7–5uÏæ`ª×üé÷óq¯ß^íl[ûBÞ„¼©ÊðnòÆAJ·}ĜŽL°9@²ßˆhVWÚÎ(—½ÖÒ8>o²~‘ši$1äDÎi« ¶lX1‡º[QŒÚ&èDÔ%O§¨X²SO‘”lj\3L"§iNø(uN4¹OpÍ 9eä¢`BRüLvípr«~—ÃœH:í­ +ú’JFYç’Ar™øÕ¯~u&i¥8¥XÉ6_×7'€Ý––¶xG]¸Ñna+‘*Å‚¥ìòãwú gmwÒëÿ̦\]øâóÉu:Ém~N¶}—²Aqs2Áˆðo§ 6§ÞáR¯âN£‘“§¿J¹@=ŽE;ˆw¶ä˜Kˆ°B9#¨ÌqóÈiû8C:wâOÖ‰0…ˆi_Ób­³ÞX³¬5¬7m0ã7íǤ~à^ÓYÌ»~f’+\ʸxh@&õcaÙaIë,,rö€i-M”Žq`Ðöö…¼ǬÜ;‡%o±8´¡?Õúß¼%5̇×^{m6wÛŠ"8¸iÑŽš( H…$q”â믿>+#ÌwˆB]QŠK¾;î¸cvÅ@€üÛå,…ň%€»eÇé#Bã",¿VßuÚÆrÂÕ Ö—^zi&ܯ+eÞÆé4°.,¬Ó?ï.Ä!AƸ°P‹¹¹ móvúJÁ¯ë›ºº…--mAÊêÂ"-uarK¨X—\E6¢ðyB¨.®$Ü}„"„“‹ÆÆn¬gc'®&Æ…+B"ÏR*ú’Óu“àI)Aœ|9„[)Ú =Å¿¸³p0­àšÄMÇ\b]`‰h[a‰àNÃM©M¤Æüq˜P¢M5ÅuÄ ?Ìn÷©¦õÄ÷ǃyA&øíkR¯Ž ½¶“†¶·/äͨfj;ßÓMÞÄ>òãÕdý6²Ô´ý$xÓUdŠ¿u ŸtŠ±S¶naDÄâj!ä§ßˆ‘‘u€ë‚ð{%Œ*ëWäuŸ: Å›+Ke_"9'„,<%,"IV—º°°ˆÓÅr*ÌB£ Æâ­¥èŸÓržº©ÞS¶¡ð±8qÿè 7ʽF_êÂäRò„‚K˜8éŠìÄŠÅ9¡èrÝÝ©ayB]ÒF¬Yˆ+ÿæÊC.î¸è\.gû»6;™(¤1BØĺ}ƒ˜O£¬£í–Ôª¥Á®Zjœ ·‰ÔŒrÜâ]À¤#ÐDéG_ÛÞ¾q`ï &&ë·©é`I]Dd; KF]Q–Jš‹[ŠË¶ˆBà´ÜI9‹‹Ë¸Nü\ÜuúÇŠ7¥¾Xcœ³>”p, ž-¹‘– '¿uaa)îÈ”$vˆ ó#‹(H%JS!¬L§Ú\×7.]uaKõE[Dâ© 7ªˆX]˜\§óåý¬/Åß~¬5Üã>d¥Jjme}pi)r×Æ¥n!y½¯—‹£~¹h§C‹RÃd|ºù›¶}Á·ÄTñ+wjÌBfDÅ*¥‰Ðjû¸DûR^÷J¿÷i& 3óXßÌÛ(ÍNRÇWÈ—q >¼w†|¶m¬¹Éú©™6’ã¢,7q;/uê+RSF”òíþ‡»3%Wƒß¬$¬/,ÜÒ(á¢qË*aAYuD¶á{Oiqa¥ážæb,rÄ¢#úÅìòr]XX÷rÔ[Þí>·,ïóÄ‹¢ïr)R w…{9ˆP·¾±lÔ…-e ѹ!ê i+2T]˜Ü2oàQ%5ˆ¤~<®*©áʆ°q'Cþ´ÙóÂíÊÁšÃ] 9ƒ!ë˜þ"„îݸh £BjX™¸²MŠkÐ$‘˜NÙÀo×¼ý¬JfÚBjÌ%²Ø•(_Eù-ý´Ž]­‹7›ÍÄý=rÂa@›Š~²J³4«ôŠŠH.8ØqÿpÐÅa‰|DB\³8´qç±` ó]s©»‰Ò1—÷ÌöÙq·/äËlG®þ¹/ƒÁsåË@Iͤ“œf³[Õº0¢G ½Éí @`l¨Š¹(ù.L"wJ¹û6, Š‹a ·(E¤A(ì”u÷r(ûuaaÕW}7å‘Kû26an]¥ `¬,îJ)u}£àu [ZB4r« 7ÊÅ­.le¹œï¤†b¦ý0ƒ µS;`Yñ^n~%´.…9a-]Ê¿‘5 D®ã螎(F0ºD9£Äú)¡Z#&WË$“˜Nvó¡[·Òá«f5ÒØ\F²šjÀõ!ÚäÅ îh¸kg]ÌGRÓ+*" ·ÃÄoÐeT¤)v˜UµBº/ƒ¨oÜë·WÆݾ/½F¨Ùç£ 5!_šÉ0¿Ýdý•ÔL:É©¤™ÂˆÎvPÝ•A>ª—’Ý›qyÐ]žê˜òŽ~ÃÂ6iÓ\úVn´.le¯ö°Ì°ª sB8t†®½é¦›ò½£jhSõº#ÂãŽR)ÚPBàvKŠ×«M£ú|šHLSÌš­¦uW¿on!½Nù^Äžµ‘EUô=kµTÄ=„]@!ÏÝ9cýcmr AãR'T²ÀNí¬¬ÝH —MÖ`A0L°âJ¤æ½î¼Ü‰c%E´ÒÐ.‡9ôAª¤F@÷þ¸ŒÂ“UÙ;÷æXlYNKHî£%™dgòYDßá…š{ªÃc˜±| ~à€åÔSOÍý×&3ÜjåÂÑGí³îDCä$tFëŒ~·º(†,Ïuc¢þnQÝäjJ~h¿Ÿº~¹oXÀ8SàÅåÚA–d¥æAÕRÓÙø×9U,÷¢¢ LãàFˆ}¸Á×}D3äk¹~ú›w²ô?v®³³:Ÿc±7§Yôõ[Ýòr.ë¨óÙQ­ßÙ¶yTí ùò fC¾üŸÜ ù2Û»ðsMÖïHIÍ4’œÁ YÔ2˜Ï$f\JòAÉcáã–HÙ·ñ÷Êße—]–•wߥˆ³r£d!õ‹Žà\!?vœ²‹4«‘BÜ]´NKMq?„[%žk(%—{$¢Â½Ô!¢ 4+$B"<»ú¹¯q­r玥FCwÑŠ¢­>…[,+'KŽCŠ-rÂå’…Ù¨ºg‰È á]…ÔpDÖ¸¯j «3ò‚ôÉo…¤©Sß)Ú¬Ïp‚3rH‰G ¹÷VÜvF?Ô¯º(†úØmLºEEtwP›$T=óÌ3³[j]¿à[ÀØ­ ð3Æîà™7ðÝ®Jj:ûÃE·s <áÂõWðdÖtŸ“"„Œ7AP¸Ë÷3IBÌÍ=í@dëžS7„„#GHè0óØ4Q:Æ!ëGÕ¾/!_ªr3äË`V{“õ;VR$g0µLAbºS¡5—ѦìRº#u2B wo‹µÃɹS~ŸRCY/¹O¶ß~ûì„<ˆ²‡ ±æxö /ÌŸõCj¼ƒ%–«"à¾7VÊ®S_¤ÃI<댌õNím÷nßA”¸]Rtý­$YЩ¾MVYX<œ¢ {Ž”7ׂ)…[[J2^„‚«« Âc«G°u +q”$¬¥Æ’¥Gß*…µµXÊ»:£v‹bˆ¸t“™¢"VÝϺõËÝ¿jÆnm@ ;î°,Ú¢õÕ‘šR×Lc ™±4†î%š?~#!ú£pFÊ$ó,¤æ,y¬3Bô»¯$  ×åÎ猕ú$„wØeTëw¶ýUûB¾„|1G‹Ü ù2Û»ðsMÖo«HMœÁL€¨¥‰éš­þk­ÿ¦; N¹)"XQDŠ¥i 4–; ”qw²Xj(öžS¸ƒ9¥wú/“«e•Ü/©)a¬Ös1Ò&Š¨v®˜BËs-rjïT¾´ËÝ2®M…Ô°öˆn(`Ã"㔿šXµ…2Ž<¹ãT¢*V“J"u—_~yNÒ[ Åä"ÇBÃ’ày÷Ú„Xg ñ…Û‚T”œV–j nruQ ½¯Û˜Pæ»EE4VåNM·~!ý´y3>È.—0î]Öw·þ° un€¥.ãÏq†mõÎ!²ËŠVH lYÅXí"D–åÌXu>Çm©aY rØe”ëw6}eûB¾„|1GÉÍ/³Y­÷¦Éúm5© ’3˜ µŒ 1³Ç¹‰Ðšý[þ/‡7*J®û,P'ß,5ÜÁ(ª”D®IÅRSGjX&¸qO*!Ô›XjêH÷i‚¤PjY`$ï“S|€[¥û·.F,/ÂÉ#gîTpsCR¸´qáBœþsCŠX¢ª 1‡°Qœ4`±‘À—‹“|]î·°À¸ $”:Ë YoX˜´[Ž(V˜¦¤†5¦.Š¡±ê6&HM·¨ˆ·ß~{¾ïã§[¿D¹¬’šnmpŸJq_È:Grê,5ÕºêÆÀØi/2í]&WGAj?ù¹¸!rÃcýCJªÑÏŒ©ñC¤½ËXÔ=ç^UšHŠ/ÿ84 ù²p”Ô/ÿˆ®8 òe¢HMœ¹¨sñì 38DG¥tpå¢RæY4(û¬ ÅRCÙçNåþ„$±ˆE[ô"úYKw(Ú”{d©¼; ¬HŽç¹ŸÕ…tæÎÅ}²ZH RÂJãG¡"rå†nX\Ö ½à¬BÕÎú†Ô˜—Ú‚püìg?Ë'ú¬)ò4éešEDÛDfŒ¤VÁ  0ÃqBY))îW\׸Ê9•æ…l ÐÁêÃÄ%ν"Š7‹ 2VJgôC±.Š¡¾w“™¢"RÞX)Bw£êúår•ˆtk2Â:÷¨``.ÌÔd²n ÊDÕ/í4¿$BV·Â Ó*©1T UÝs¬†ærÄuqØeTëw¶ýUûB¾„|©ÊÍ/³]± ?×dýN4© ’3˜ µô‡@˜þpšÍ·š­ÙÔ_}†2OQ¦ÌwFþrÑžU ¾‹íJJfI[÷nõ¹§‚„(žCh]ÜÓ`Ѧª[ÙLïqÏÇ÷«¡ª)îúT—‹«Ô…¼pw¡ZDjDÊ&Ÿk‡Èh¾Ïú tú\KgÃ~Ǥ.*"÷<…ÛÒ­_m®‹¤¨.wUàÖäÒ}ÝpKÞ¿3´wcs°É;fûÜ\ǪbLƇ}¿onËúíÖÞ¶´/ær¿3jtß‹1Ö³}S“õ;Õ¤&HÎl§Ðü|.HÌøƽ‰Ðv+àVå´Møb–ˆ(ãE Æd¼ø÷z{›Öo][ÛÔ¾˜Ë½fÓè?1=æMÞØdýÎ+R$§É4šþï‰iÏ7Zíiu´$ ÐöõÛööÅ, î4Y¿óšÔÉ™_Ë(HL{Ç»‰Ðjo/¢eÀüD íë·í훟³&zô‡@“õ¤fLE0*?b‘ŽÊÏÚk¯ÝßhķƆ@˜±AßøÅM„VãÊã@ *m_¿moßP'*&&ë7HMƒÁ’Ó¬1|5HÌ@Ð+›­½2ª !ÐöõÛöö h¢š@`*h²~ƒÔÌa É™xx4HÌ@lIM„VKšÍÿ@Û×oÛÛ)º#Ðdý©àL ’3@0kª 3\|ÇY{¡5ÎvÆ»@àþ´}ý¶½}1§@ HMëç@œ¹ Q˜¹á7IO‡Ò1I£m F íë·íí‹ùAj&nÉ™yÈ‚ÄLÜ”Xƒ×]wÝtÉ%— ¬¾¨(F‡@Û×oÛÛ7º‘Š7“‡@“õîgcßùNr‚ÄŒqòµìÕ«¬²J:ýôÓÓÊ+¯Ü²–Es@`&$ªÝqÇÓÕW_ÝZ B¾´vh¢aÀŒ4•/AjZ4¡¦ä‰iÑdkYSvØa‡´ÖZk¥×½îu-kY4'fBà?þã?ÒW\‘N=õÔÖò¥µC fD ©| RÓâ 5é$'HL‹'WËšö| Ý|óÍé=ïyOËZÍ ™xó›ßœVXa…ôÆ7¾±µ@…|iíÐDÃh*_‚ÔLЄj;É 3A“©…M]l±ÅÒÝwß]tѶ.šüñLË,³Lºçž{ZNÈ—ÖQ40XÙÈ— 5<‰ÆMr‚ÄLðäiaÓ?÷¹Ï¥O<1þù-l]4):Øh£Ò[Þò–´á†¶œ/­¢h` °³‘/Aj¦h ›ä‰™¢ÉÒÒ®ì·ß~é¾ûîKÇ{lK[Í  3}èCÓa‡61€„|™˜¡Š†Îsf+_‚ÔLñÄ™+É 3Å“£Å]Ûwß}Ów¾ótöÙg§=èA-ni4-˜p Ù|óÍÓ³žõ¬‰"4e¤B¾Ì¿9=žæ*_‚ÔLÎXϹ¥½HN˜9C  .¸ m±ÅiçwNÏxÆ3Òª«®š„e£G@XU!›¿ýío§SN9%sÎ9árÖ ©/£ŸCñÆ@ ƒ”/Ajæñ<«’œ»îº+-µÔRiuÖYð3¡‰®·}èCY™ò³ÄK$s6J Œ{Âï~÷»|°°Új«¥]wÝut/ò›B¾ à¨>èÀ åKš˜r<àéïÿ{ À@øË_þ’^ûÚצ3Î8#=ðhÝQY ÌoB¾Ìïñïì}š˜}“ávþð‡ß1>ÊGuT-’—]vY’øìÆo ¤@`"pÄG¤w¾óé ƒJûï¿ÿ“=ôдÖZk¥×¿þõY±yô£öÜsÏô”§<%»®¹„*ÒÕk¬‘ÞýîwO.Ñò@ X€@9E-kMLŽ@ !_…äôÔ¤fzÆrN=é‡Ô° l³Í6™ˆ”²Ùf›e‚rÅWäpŸ?úÑÒ1Ç“.¼ðŠ÷±}lúÓŸþ”Ãóþô§?MoxÃ2éY~ùå3yqyx=öÈÕ}þóŸÏÖYå£Àd#P=E-= kÍdi´>h !_Ú2íjGšvÇØZÓ‹ÔÜvÛmiÙe—M¿üå/ïçvôÑG§ÓN;-ßárvûí·§«®º*'gCxî¸ãŽœLñÜsÏÍäå7¿ùM¶Ê¬·Þz™ü”"¡Û³Ÿýì±á/Á €Àüó?ÿsZ|ñÅÓ¯ýëôÈG>2ýáH¢Ýwß}ƒyIÔó/órØ{v:HMOˆæÇz‘šóÏ??ç'`m©–¿þõ¯9L«;1’#nµÕVéºë®Ë~ÿûßg÷4yD?Bf–[n¹lÕyÑ‹^”­4»í¶[ºòÊ+sØWèxÄü=zL)îÞm¹å–éø@ÚvÛm„ŒÿØÇ>–vß}÷쪺ÁLiï£[@ 0LB¾ ÝÉ®;HÍdßÀZß‹Ô (¢ž}üã¿ß;7¡zo IDATÚh£$#ì’K.™wž|òÉ9Y¢ð­ˆ ëû4+®¸b~Ö]Vwm(8 _{ÁXn¢Àt!ÐK¾LWo£7@ 0JB¾Œív¿+HM»Çgd­›«P¸õÖ[óýî&wÝuWÎþ¾È"‹,hÿwÞ™]ÒVXa……þÎ å'?ùIz⟘ŸÓ‡À\åËô!= A!òePHN~=Aj& Òƒ 1* B¾Ä´a!òeXÈN^½Aj&oÌÒâ/}éKÙçýøãÏ.bE(”hdòɸó%¹"ÐÒq÷Ýw§‡?üá÷{Õ¾ûî›Ã¾×ù±vØa‡tã7ε‰ñ| L(ýÈ— íZ4»!Aj6M_ãË׃üàl饗N÷Þ{oŽN™¿§i¤£/ÀxèGé¸ôÒKÓÆoœïîù~){ØÃÒCòÚwÜqéúë¯ÏI{£ÀüD ù2?‘™½R3ÿÆ|A~|ðÁ …WuaÿCIûí·ß~Ýu×M›nºi:à€ óšk®™N8á„ôä'?9}ï{ßKûì³OŽÎ¸úê«gò#ßV”@ ˜ú‘/ÓÓÛèÉL©™çóƒ•FrÌRÄ~¯þžÃÝ ÐÒñŠW¼"]{íµé…/|á‚7î¸ãŽ9$üÓžö´zµÕVËÉ{wÚi§´ÝvÛ¥Ç?þñ9Šâ¡‡š#,¾þõ¯Ox`N,Ê¢DÁoV]uÕ´óÎ;çÜX’þF éA ù2=½ž©‰9Ъµ&¬41Q@`ô£t° l³Í6™ˆ”²Ùf›e‚"•ÜVò_sÌ1é /ÌI{E\t³Å[äZBÅ#=Ë/¿|&/厠ú$ýeÝ9ñćÑŨ3Æ„@?òeLM‹×Ž°ÔŒð6¾®XkÂJÓÆщ6“@/¥ã¶ÛnËù¬~ùË_ÞÏ=ìè£N§vZ&,¾ÃåLxø«®º*vØa™ð¸xöÙg§sÏ=7“I~Yeä½B~JyÖ³ž•žýìgO> Ñƒ@ X€@/ùPÍ‚ÔÌŸ±žÑZsÐA% 6ã.MLˆ@ 4½”ŽóÏ??íºë®ÙÚR-ýë_ÓøÀ|'f•UVI[mµUºîºë²Å†¼úýïŸÝÓ~÷»ß%2 ™Yn¹å²UGôÆ=öØ#í¶ÛnéÊ+¯ÌQ G<âƒî^ÔcD —|cÓâÕ#F H͈oãëD;ã£îò-´(@  ^J‚"êÙÇ?þñû½v£6J×\sMZrÉ%Ó:묓N>ùätõÕW§ý÷ß?Ö÷iV\qÅü¬»4¬:îÚì¾ûîùoäùÆr%¦ ^òeºz½™ 9“Qfl0.xÚt¾ò•¯â@ 0B(z¿ýíoóI¶Ÿ¢È° ñª@à~|õ«_ÍûsÕÏÚk¯Ý±[o½5ߟ‚þ®»îJK,±DZd‘EÔqçwf—´VXa¡¿ßwß}é'?ùIz⟘ŸTý%æC 0^­¿ÌšÔœwÞyùr&ó>Ÿå•W^9ÿD Ñ#àPÁiöw¿ûÝÎöœsÎÉ9?¢£B JbÄ¥¿ ÁñÛw«Ÿ5%9£êS¼g:ýe:Ç5z5™ R™©Ù{ï½ÓM7Ý”/fÆé×dN¢hõô"àtzóÍ7χ Gyäôv4z6Vz‘˜^ ’Ó ¡ø|„þ2 T£Î@`0ÌUiLjfÿˆõ?˜ŒZa!°×^{åCÑ£¢sE`®$¦×ûƒäôB(>Ÿ+¡¿ÌÁx> ³Õ_‘&[™…ÍŒíG€ šèOrwD š 0lÓ«-Arz!Ÿ7A ô—&hÅwñ#0ý¥©ZóÞ{ï —³ñu´ è ‰ —Zj©¼n£3!0nÓkt‚äôB(>Ÿ Ð_b~“…Àlô—¾IËÇ7ß|s:öØc' •hm 0Ïxó›ßœ£B½ñoœçHD÷«´Äô­ 9½ŠÏ ¡¿Ä\&¦úKߤæu¯{]Žf³ýöÛO&2Ñê@`ž"ÀeTÒÁSO=už"݆À¤“˜^£$§Bó÷óÐ_æïØGÏ'¦úKߤFþ‹ÓO?=Â6OöüˆÖÏC„zÞqÇs>©(ói'1½F2HN/„æÏç¡¿ÌŸ±ŽžNMõ—¾Iͺ뮛.¹ä’éB+zÌbýNÿ@ÏwÓk„ƒäôBhz?ù7½c=›~š¬ß¾IÍð€ô÷¿ÿ}úÑ‹Sˆ@¬ßéÔ 1sÓ 9sÃo’žù7I£m F Éú R³'˜4 óŽ‰ìb˜á[œáâ;ÎÚCþýxw 07š¬ß 5sÃ:ž&&Ba":4$f¼ƒ<í$çóŸÿ|×üUW]uUzö³Ÿ=ÞàÛCþ ̨*1MÖï¼!5ÿû¿ÿ›~ò“Ÿäœÿò/ÿR;$ûÛß’YØÇ]þò—¿$qõ§µ´¹æŠE´È"‹L üM„ÂÔtzÂ:$¦Ý6m$ç¾ûîK÷ÜsO}¥•VJ‡zhzéK_šÿ¿ÄK„ük÷tLwÝuWÖg†U†±Gÿõ¯MÿôOÿ”÷׺Ò&lX¸ö[/=D×$—AÌ£&ú˼ 5ïÿûÓ[Þò–ô°‡=,Ý}÷Ý9gǧ>õ©ôÌg>3ýö·¿Mÿõ_ÿ•vÞyçtÎ9çä°·\pÁXæÐu/{ÙË’…ÿèG?z w˜¾øÅ/æºlZ{î¹gzÌc“Þþö·7êßw¿ûÝœ£Hv×ÙÖÑù‡?üáéÛßþvú×ý×Fm©~ùç?ÿyzêSŸš~ÿûßϺŽºßúÖ·¦û·KozÓ›Zï8+k"ÆÙÎùôî 1“=ÚÓBr~ó›ß䃾›nº)=éIOʃòüç??½èE/JÿøÇÓÞ{ï~ñ‹_¤ƒ:(¶õÖ[翱äœþùé]ïzWºå–[Ò+^ñŠôÞ÷¾·‡‚3k¶òï?ÿó?“7ßøÆ7Tùµ¯}-m²É&Ýwè'Ÿ|rú¾ÐsQ¸Ûüâ¿8Ù—úÓŸöüþl¾pûí·§G>ò‘ÑAªïÚÓž–>ö±%ÑèJ¶6(E{ÉG<âYGÙèÔ×ÿøÇçµ6ŒÒdÎõóþ‚ó.»ì²@§þÕ¯~5]¶ÉúzRóÉO~2½á oHŸùÌgÒzë­—d(}Ç;Þ‘Þ÷¾÷¥?þñ‰b¼êª«f5nRó¨G=*}ùË_NË,³Ì@&‚‰(¯Ðk¬‘L4ëÏcûØ~æè‚ï|ä#I\¿ÙÖ1 Ró³Ÿý,­¸âŠÝ\´3HM£é_î 1}5¡_›T’sÑE¥Í7ß<ýîw¿Ë'è°–_~ù~×]wMï~÷»sŽ:É{í™}èC¥÷¶ÛnË]gžyfV~·Új«ä`ŽÂ߶ÒD)ª¶}T¤†²Lü÷ÿ÷žÐEÑx9F%©ùá8TlP:K•Ô°> 㧪¯! Ã$5Mæ\?s¬àLF:HM?È5üŽS%§P'žxâ‚'‹`þÒ—¾” Î7¿ùÍlvßn»íÒ;ßùÎ,Ð/¾øâ´ÑF% ýCòœ£ç¨£ŽÊ }‡vHûí·_úÃþ^ø¦M7Ý4©Ë Nµ0ç;•P^ùÊWæºÄ|îsŸË§?EÞ`ƒ ’ ÑæÁBðÙÏ~69Ñ`]rRÆšaãpŠÆ×Y†ÕÿøÇÙ9[rÉ%ó¦ôŒg<#!qÚxì±Ç& ÏÆôà?8×sÝu×e,^ûÚ×æÓ5ß)‹Fr²ï|ç;ÙŠ£k®¹fn¾?ïyÏK÷Þ{oîó¢‹.šë°øœÒíµ×^ÙÚÅÒ¥½67Ý:묓N;í´ÜvÃSžò”…°!Œ·Øb‹lS¿ºW_}õlIÛc=òß=û¶·½-o–Þaƒ…Ýj«­–?üðô„'ñ‰OäÓ&ÿf;úè£ÓwÞ™.½ôÒŒ¢gL˜¼=wÆgä:m{ýë_Ÿ±Fv³þ=ëYÏj8ÛñõÙnêíhýd¶"HÌdŽÛ Z=)$çÈ#L—]vY–çÊÙgŸ­2×_}>vØfOb™¹òÊ+Ó6Ûl“~ô£åýçAzPÚpà ós¬4䩽®me¶ò¯©±ïì³Ï>?û*EtÙe—­Ý§¹3wÓ¤Ëøô§?Ž?þø|€hcã-`Ÿ²‡—‚Fß 7\xá…ù»ô ¾ëç׿þuŸÿùŸÿÉÙ µu·Ývëº?ï{ßËŸßzë­ÙJ÷áø~–š:H·½ñÒká/xAB é@UKyÕÖM÷)¸Ði”bQôÿÅ_<÷¡è,uu|àÈDÝþNO4×éMÍeúBq—+–º×ÍÝwß=˜³lÒàæ}ô º#½‡òf̤OœuÖY ékÚáÊÄ/ùË|˜llôíÏþs­~ÛSN9%¿ßÞcЧè~ð6ªîŠÕ9W§?Ò™JANôíë_ÿz&sú _ºÞÁœÉ¸C8èCZ0ž'tRž—uºlÑdýNµ¥Æàº&¨IU-Lå{Üã²€¦€›À&e¶˜G‘•ãŽ;.»©!„M!5‡rH>‘bŠDœ#ß+…ð§Œ[̈ÉmqÜpà é£ýè7“Éó›m¶Y&SbÃMÌD°h„Éx⟘ "@á·á8S¿Ï¸Ï™Øq‚â5¯yMÞŒfLõšœHòrÇw¤õ×_?/šW½êUYðÌ„«ç-4ÂE¬¼[ÚTÈ"Eß3êA MbDÑAD¸û½ç=﹩ÑÂÐbÓoXa§ÜÓà‚ˆX(¡¾þ÷ÿw&JKvj·º7nˆ¨Ï´É&ìop)‹ÐW·÷.‰¯¿Û$EuœwÞyùÏ[Ô“Xš…Iì_Ú$¦ £ÐÞ6´•äP^(í¿ÿþ<[¯(-<쓵ì¥ö=Bä´}€\¯*Üäµï·­ÌVþõ"5;í´S>¤¬:ôôž#Ž8¢vŸ†U7}Á¾dŸµÏøŽÿÛÛÔ_ˆHÁôÆoÌJ¤ƒ>ûš½œ…;R1)±Æ@»JŠ;w5ã×m– „ò˳…¢j?ìLãá ·SGÐVûÝÞúÁ~0ë@®è›¹% t•Ôø/Œ®ÕM÷)¸pݢ étð(n÷uuèB~ÅWdƶ:ü¶÷á”*©Ñ7:!lévúÆÊ gú¥CDÒš Ü—Ãñnú„ñëÔ×èôcsEdëô›k¯½6ë¯Ú«ï¾o,µkË-·ÌcD*¥Ì9¸ÕéÁ«Åwô™Xk­µ²åÖÿÍ3‡Ít³¢_–ñ$7 ©éÔe›Èˆ&ëwªIM™€u‘\r§ò”ýªû™/~ª&×-'ùX· ¢œ{î¹Ù…ë˜cŽÉ“C5˜Õâ§ÞmbÛLF“²ŽÔ8èt?³@°|“ŤA´•ðSœ¬˜˜ÚkÂ9eàbç}O~ò“³@ê4gj§Åƒð9áQÉâ’†¼xÞ‚äªÇ—¸ê~Vü&m‚Nñ5¾üò˳eƒ 0‰Ë&èY‹X;«…¥†Ãø½ÇƈXiåPß›ŠÓDã€È„Ì:ØÂÞ²Æp(ÂÇتÏÂRœš8TŸglÞ4R…¬âE€tÈàsžóœ|Òä½Á4‰¥‰P˜Äþ£ÍAbÆúô¼³ $Ç!(€ƒ"2N¡´:0s¨gÿb äqIb'?ÉX ŠÔÓŸþô|˜f_×}Ô^³b¶òÏÞÀ¢ÛÊ°Ã4 %’¾ÀÂU·Oû{7}¡ª`ÚXi( N÷;]Ò|fŸ4vHŠý‘R+§êg"5û³ñsHéÓoýµ÷u’{qŽ@/¨Û[yµh£¹¤‹-¶ØýHM§ûYÆs¤›îSÆÞnNšËôdnStXÖÕQ™GÜ úI,³ÝÔ'±¯³ms˜Ù"϶œQôuÐü³G/ $‡;c¯à­À:C‰sfŸ±ÕíÓNÌ»é ÕðºöV„‰žbßñ®j.URã(ë ×6m³¯û¾Ót'ú‚ßx/ýƒžÐIjªû3BEáÎMÿàuÑi©é¦#u{«C` z“}›ÞÏêýã~t0úI7ݧs®ð®±·#|Š}¿è,Ýꀟ6w-:À%è@'©1.ˆEqq§gÐ3yä ¾¼``˵‘ñw^&½ô‰N}­Šiq—‡c~cUõ×NKyÀ’UJuÎuÓ;±u÷X¡'Ò‡yµ˜%ÐBÁ™®\tjzvšAK³ÿ_–É2cÁv&ßd%(ó3B‹RïB?ÅÄ'€,0k'Ô ‹À$­÷Ž^ µœœ³~ "úÖW]Û,j,Nx(òNf|F@ÂOñïjÑ“šyx6É*‹ë[õ²)áì}¡¾ˆÚÄÔÏ¢ßÔêÖ~cÞ«˜È kLõÞŒ1t2eS©¶±W}mû|.›zÛú2¨ö‰’QÏ8’Ó?ês•e ;p¡ªJ,w=‡tÕ=°é>]­ÓÞEÙ·¯ö*ô‡ƒöæλ½< ìý&ò¦Ðf²¼uÓºµÓ^Î J_ºé+ýê`sÁ´´outÖEqG` †¯õËoîYHM?úD7}­ß&úM¯94èÏûÏ~ßÛdýNýš~A‹ïÓŒ@¡0­8‰™Ö‘~A HN÷yò/ÖȨpàÌåŸç{Qˆ°½g’EG…]·÷4Y¿AjÆ=Zñþ@`4 #hÎH^$f$0ÇKZŠ@œ Ì|”-–ó¢Y¼`ä.bÕc¡™Ô¨©m¬&ë7HM[F-Ú &BaˆÍjÕAb† oT>áÌg’3äß„OÏh~ Ð&ë7HMK'’û#r6÷TzuIÝJç›^ÏÍõs>Â|J‡uj1LÌæÚ÷q?ßD( £­%ö ë3H4‡S—ûvÂÎ÷s÷o6- Oȱ’ñÛÿÝ1è÷ÁlÞ9-ÏLÉé%_Æ-ÿÚ4gÜ)™/ë£S> zÈš’’bÐuG}ÿ@ Éú Róÿq«F‚Äd’¬¬DæšM}"‰î%Dr).ñ‰P"”Þ\JgøÅÙÖ%Bˆ¤ ÉÁJ}UL}O¤ áEF©Ã¬ß÷M(>=åÒŸ‹nEQê¬C_D}“Ÿ`RJ¡0Œ>¹Dé¨è;%?RÓ÷‰iŠØý¿_Œ¸Ü,z“R6eá_EþTqR¤Fy±D×FÑ^Q†ä½6Vær‡'"R m¥&™äô’/ã–ýÂp¿)èŽCEë_¤6‡"­Mbq_E0!QâªEÔ6QÚDN%wȇjκ¹öÕE~uŠÈæ]¢}‰šÖ­Ø÷ìpI£[4)Bl{}c>—&ë7HÍÿŸ)¢š‰¬ÕMAo:¡DC)9Tš>ëûu z5IÕlê,Ï ’Ôψ¼Õ•*¦Þ)ì_É|<—öw{v.¤F$:$ÅøK5“ RÓ|ô„†²XÓ(»½ÈM˜æ8÷zb”¤†B!gTɸݫm³ù¼—qåⶾ„¤uz/ü~”Ù!0I$§—|i¢Í­ÉxJÞ9)(ü’5Ú“û&Ú¶Š*&¼AÕ"7Š¨oä€h³"Ûò’>2%¿"ƒÊC(Q·"/D•ô˦…¼ÖöΨvMë™ôï7Y¿OjX$N2øòÂH>Dq\~Û×¾öµtúé§çVN%â‰×]uí’-UæÛã?>m¾ùæ9¦»8ܾïPþÓ¦i‚aÝEX²-¹OXRXQ0wá ©AFÄŒ—`ÒB”—F‹Î¿YX|N8‹M®H‰‘_?cسº~x—8þbË‹ç®Ýrûø7áÄ2f|µURS˜I~&Çïd2)WI LN>ùäžÛw%žjci"†Õ~áÃm8Šð£Ú„ܘ3Ü!‚Ä ùÔÛ‹Ô]N>«Ö Y&W—ð¡æ·<[ò9 +3$ê#+­7k¦$h,V¹¸äô’—«SF ]/§‡5¯½÷Þ;Ë”:LN:µ$)ÜÊeÍ: õ²K"o„z¢ ¶“œ™ä‹\!9WƒJ»kÑç“N:)ë ¬öl<&샔Ð:@|MNþÏ»#Êf|Èñ2,ÓácdP~§2R¤B›³hd¡Œ¡ƒÌ–ó眘™ékm)C$ä™b0g™K}DZ‘LdÙœÖÀµk×:Æd£>cdô™3šŽ9§]­×»cªÆ™±yYÿW¯^íJaÚˆèQ¶ÍK`©¥dØöÍ·ÙÓ ذٲ5l€ˆ¦M]* ðßΰatƒ^³It¢o#=‹eCÎ;×EH9ØÃ!Œ¨ÒÌôíéŸPÎ{ ÄÛú~oó3sxO4@½µÏX[Ska_ì+s$5µvò=bcG"褨&Ýå$ ·¨ð‰LŠç°‰ý ¨†7\SÐAäÁ>ÊÀ6æ^Ä^ñ.Žexy*}pgdïe¬!ŽBé¯Èý†±¤ðÓïZ`˘ð,g¿æt„9:8C9Ša*NGc)©ð_4{7¬àÍãIiCjÈ'œº°’±rŒ"6¹ÈL+¼Ï”Íó.}„ ÙTé²0›Ÿ{úÀ¦ª–æùæ‰}”9±î]59lë[Å©éñlH ÁC<¼” ø¤ˆ€3P h¨Èè)ŠFѱo¤%ZŸÔØ€);eØD ŒDØ,E\¼Ç"Ä°…uµŸ~úiqáÂ…ÅåË—»¨†Íœ×ƒÒhBœDKé(…¶xONNºëJX’š2ý )Cf"KJx¸ˆF¹œN}#‹Ãµ¼-Æ£9œ‹§€¡¨ÉIäˆ'”ÁÑþøãN~(CéYÀ~ÿãÃR¦r\yû`áãB8Br 7›dÌ_«ÌÌUmúÔè/¯•k€7ýŒô3F*¾©Ñk‹µ1:Ôÿ1bHµaƒÐG„º êTŒC‹QØVŸKO*b[Fjü{êžàmÉe—Ï O¦ÍšÞkñM Ï©ÿG0Ø:ÉA¯é#¯+{êz¿gsö¯¡DL"i¨5É[y©©Ù`Àƒí³é³¼À%©á¸b礈íR¾Çü®©GRϲ/ÖÉÜH ÇÇ O¿ìZºDs8ÚÏEY‘‘NaÄÅ>ü駟.Ο?ßíŒÈòà0àð@~¿‡gØ íÆEU¢E†L` 6„=á õw:kßÖý>è÷Á÷@2>àxLÙ^‚,„}ƒW8Ë<—c[Ó/¤>‹F&?ÿüsç´äLAŒ`7؃“•|4c„-E¦EzÜã@sŠº3”½Ò§ÀzñvP6òÅéc‡ÝŒ‘mµŽtlrÓwÏ7Zm.Èa.­¿t¤Æf)Ô(BXò GzRë@9x* ÊÍ",s½û¤†"ÙÜóiñó2X€4‚äq(?Ã/*¤†’`܈ÏˆÔ ^€ò›G}´S&l Ñx!ŒiˆÔ0  ¡1BúW’ ”\4òÒ€‚“â©ÉÉy Bé(<%ä}áeáÉn.ÛRãÝȯK‹CÉ9æ¯Uf [m¼"KlnHŠw‘2eø¥õY/ˆKIj[Þ$ž&`ŠË©Fjö¹©Gλ ,ÈŒ $gó[VÀ&¾7fD*ƒì#¢ ôÂ&lm6á2uÃÆ+µ”Çž ë· 5NØ®ÙÈ>©qAHMÍ—öhc+Ø\º­…C+€Ìæ%8Ÿ'NÄ”3±Ì¾´€¢c™az k È bcpÀD0°Ã~çç¥K—:§-]‹ïQ¤ùÔñÅ}Ð8†ŽYQˆ(°pßyçb[¢Á0 {ÁÉ:Q±Ç39WAjV¿° üÀˆ›ŒÏ‘ŽlqÚˆœè—gØû9'Ë¢%îC88B¼ î’&½Žã–Õ£‡Aè¬#ŽLØIñ¹BDfôIŠl£Á\ä 7x,Ù4dÏÞqôr´û2ÑcdÿØ[x²6®™KkÑ߃&5&UˆÓ¢³!‹~Ødcc Pla õ!#¼Ž°ä[’hcHk)õ•+W:0Ï[ÄR`ÜO^ Ðboj€cÄ€G‘7rð4ˆnˆY¼R9ŠÍËÀDôI …²ð)”¨ŽëabXÂK¢¯¼)<«ˆEa¨\|×H÷ÖääáÁ kÆÏx…y42  ><©Ét(RC¡'y¸¢&!ƒ’”ú]‹ÌxgjãàM>‹Ôo䑤–qõÇú~/I P. ‘gyf,­ á㩵£°¾3ÎÒ”êedfèýIr633<òHD°]óÁ €ð´ŠšÙ˜Ã~°SBlŸ›Ã@*ıŒÔ„Nõm$»È†ÐUö’`ÏÎ"5é\€n@¦ŒÔˆf‹ÂTÙÚ$pH$¦?²eöeßö¯m&6sµÈ+í§ý^zFè´kFdÀ·s¢Hì€}dyÀ5¢a° ü#'0Š=“Ö€¤¦±÷ÒÏ ¸Åÿ³=ðûáù±îc‹D‹!Nj@^uÆZüŸ½Vš›q(v Œ#”3‰s¿( G‰>ŠŽ PRÄŒ %öÑáÅaÙxŠ\ÈÃ3C4 @dÈÝ´®"[FŸÈn€5½×Ø£:šñ³[l)Ì íŒ å †#ü¿~,FV®†ä°™•2ý§´èïA“oSµØx¤ÿX,Àö5Êy,,Äà¡`£¤©)-Ë[œ¼øÆFÌK^n÷YðåFêX`Öó(=E ¢¤3å"„/ gÑ‹ôð40& Ø 0ÏA„mKâeŒžLá´•ÓÓÓÿ|”'ºÂ!z Ðè ` ¥,>ê§l<ŒKMN”ÊóåtJ£`úU–t6.’²Ìq)S€Qó³lBßÆ,‘þ‰!51"C-25ª#¼51—-ÑWßÄ ,²uD´Dbbü°‚eïgKôñàp±¿sh³M,%ƒ#"2~ÂI0 §:lC"-¶œEžÂ2v< qbËGNUŽgX öñž!9ìk]íú½-ú{Ф& L[¬²EÅkS;´ùñû2º©Éa (ïÀ˜3-Vý-S•i ÀÀ }àêà\¾%p.Â#_ø¬’Ƙ”$î¬qɉ$6 ÚyVD{–•–l•YË|“¥ë¯²1²È3cÃHSñ-B\'Bå¾)çð·…MéÄ®Ÿ“$§MâôÙºïë2£8‡¨k¿*BdÓeZÛd7µ±Ï¤¼Élí¦mQë˜éúc"1­rŸƒý«É^=¡ã)"ÒD±§ù=]½èW,‹g#*ˆ,üË~€A`¶D*+›qÖy,0˜w”úÐöéﯵq±ìÂtVãPFÎÂCø‘ÓǾ޷1p‚ñ¯rx9œ¿q€’'GBe<EWùRëZ?Æë[ô÷(HÍ1NbŽ)%°I ´…M¾wŸÏJ’³Oéç»÷-9“˜¾ìçhÿjëÏš•ùP¿0v­"1HlY1¢"'ÙV“€,Q'Q!™"þMž«³ZϦuW‹þ&©™ÖÜeoR[‘@‹QØJ&ðÐ$9˜„ìÂÖ$$fX´iÿþ/Ñ‘‘‚Uš(ƒïDü”’¶,»b•wÌí™Òó¤óû8£Ïÿ]-ú›¤fn”ã¥ZŒÂ\”$g.3}œãL3~^Óþ—U^™˜šZô7I͆gÏ÷!Ú*ù–îJ>.%p]-Fa®bK’3×™?Œq'‰Y}žÒþ­.»¼óF øîH…ÅŒ¨ìne´èo’šÆyQ‰Bµ åkM5Œ²\rãã¯_îü“¨ž¶ê3ò¾Õ$àC@‡z)3{,­Å(˘×G’œu%˜÷¯#$1ëHïÆ{ÓþmN–ëÀEör•½à-÷Õök%a,ÅÆàÜ%áá¦ØÇcõ”¤fhìJÔ«øæXˆgžy¦ÃÎœ!dȳ‚®4¼;Á¥ "Jã¼=g˨XæL ÖÓà=çõ(ÑüñÇw\‹ Õ°ŒsïkÈòKî9„eÈÆ*­­4 [{kÑßÙ‘š8^9Bè0Š½ÐþøÆot‡Û휋µñMˆ{jx§<ø;žÛÇ;_~ùeuoµÖíÿð=Ø~ 8̦â…jû5 ¨÷¬wß}·; QôBŠû„ÅX"¼%Ø= ùòåN\¨E!D%üñ®&¼ÆH!ò:5ý¡úþöÛo_‹ò4P(ÆÊɼúå=ÞéÐ,„æÇì"µç•kˆÔ 1wß}÷âá‡î”ñÓG («&R¢B½ CD|J}-sò1yð¶0¾ß}÷]'?ÆÇaW~Æiæ¢AæCCÌ„BDR~­Ã¼ æ€A‘¬!RS;ïL¦ŸíÈZñk’äñäŽZ’˜BÚÑ%- hG]ÚÊkì™@{àmrÜHßqÞöÛÞ‰ë8ikxGô¢¶·ÚwÏ;·xõÕW;\ƒXqàFúÙóÏ?ßíÓµýÞ±gË`‰@h' >¡( 1©áü¬ÝýÞ…˜!rpÒÒ'5œÒ²H4ý|衇:\U6$(2Pà³!R*&ðÉ'ŸtDIÔ§†e<;°‚‚ÔëY²AX‘RX þŠ>leAMä¡-ú;KRƒåFÔ°(4@¤6¡Ø‘ ¸$5W®\Y|öÙgÝï4ù¦^ ò…3¥¶•B¤×óGFxO(´ 5Rà0FŠ’õ ÄóE:×hçÏŸï¼!ÒÄ‘5åERx(&20ô¼²¿}R#½±bt4–%’¢Æ‹â5ú¢?Òß¤Û å¾ÆØyoD¶NOO;ùRZ9CˆA¤SÞ©1iŒ{È2 £ÂˆòÀ˜“0¼ž´D¤¦6W䕤f"Ö숺‘$çˆ&³2”$1ÓßP4ÝQ,ï Ú5)í*H4.{qÙ`—!¼×yn ïØ‹k{«}õ—_~ép°Ž„À0Ajd°ØÛkûµŒ ™!H¢!BÈ/#5OmìŠþ”Ø€,¤ ÷IM‰ ¥ÉÁ@pÎRÃÉÌá‘š ²Rdöp(×° <Ò'5"DcdÃáNöIjnÔ‹$5Rc‘I¯ò p,⨩à„;‹äP&J"Ø/#5 t)y¥R„2k‘š( ±ab­=Ÿò0ÜÒÔ¤]‰´„DDEŸ}k"Z"Ì»!z3†Ô nˆž÷#RØ"éwP‰„ƒb4þüóÏÎë 5ŽW‘r]ÔüóÏ?]¤EÞ+²¢O¼+Œ g’»Ð°oy\ÇØ {dfŽî¹çž._—1ä9r­|V6Ï‘3‹Ä‡#`ˆÓ2Rèô=BË·”é^1—M}º3ðßž%É9¤Ùúo_“ÄÎüÍÅþq*J²úɱÉñ CˆÔÔH §ëÞ‰æ¬á:PÛ[E&8"ᕸðMÎ}÷Ý×íñöíÚ~mÏ_…ÔH©¯ÖᨌtvѸeRÀ22n ÎoiuC¤&ÒöúXæ…^è ¬!Í.ÒÏÆÈ&IMÝþÌ’Ô¼áÉèGjDl€gù—H4&iU9ÏC|d/}Mh‰"&œÉ›AYïºë®NyµH+Ó¹€~@)ˆÓ}‘œ27²,é,ËýRàxÊç#8Æ€DºW|P'¤Q`Q Þ÷ '»¾ßßx^Ù_Ê´!KòCõYÎ(ò "ôÛo¿uD‹·G¨Õûy‡ ÷Á HÔY¥9 c¤…i"Ï›nº©û°Œ‘)Šïã‰:Is3'¢l¼4‹k½‘Á2oBÚšè‘ÜÞ 55Y*.à²ê»chsÙÔy®’äL{ö’ÄL{~ÎêÝœììÁ¹ÈûÐÞ·§Ho[dZ”M&ÄÞØ£Á}¼3´·Š@ØÇeKì©?G£o˜Ep83kû5RÃI‹$À ¤Ë"5QÒyhìœÍp‚¨O üDËojJ\ˆ qž¥Ÿq|‹:!o0#ì#Ô'5²S8TûXæöÛo¿Ž5à$Ÿ- ™CX¦” â e¤fæ‘š³ øŠÈñÅa‘øðßß…V–FÑå"šHùq~˳âZ¡\ì·B_7Ù(¢€¤õAe5× Pd‡dŒi<:¼ !ƒç^ßÅ u¾¹a ËF~þ¯<K%:„PŠ{KÙ gCç õûç»'†yl©Ç1ãÛç5sÚÔ÷)çM¾;IÎ&¥Ùþ¬$1í2›ês³öj{¡}cpL«áþ½5¼wÔöVGö…Þ9£É®°¯ÂMCûõ˜þ]Ó;ì‚$ùÖ¶àxˆÈ:ïq¯èÌróÍ7zT Ë amÈfT''xQ‹þÎ.R3ÁùÊ.¥¶.£°õÎä V’@’œ•Ä6ú¦$1£Eup¦ý;¸)Ûh‡¥ÏK¿G°DODBdšd; ´èo’šÃ˜ÓìeJ`- ´…µ^”7ïLIrÖu’˜õäwHw§ý;¤ÙÚ|_Ewò ³´2i\ÙG-ú;šÔøvÂwÙR)Ó@êïáÍYk“äœ-±$1­+êx®Oûw%0- ¬‚_šHá^¼xqñï¿ÿ.Þ{ï½i>{“H Ü dæÖ[o]¼óÎ;)™”ÀÚØ6ÉI³öå–H ñK.‘”ÀaH`UüÒLjˆãÍ7ß\üþûï‹ÓÓÓÅ-·ÜrÊ^¦f"!ÛgŸ}vñàƒ&¡™Éœïc˜ë’œ$1û˜µ|gâ—\)éJ`]ü²©!Žo¿ý¶;‘õå—_^Ü{kûï¿¿;Ô([J %°{ ({¨dóµk×}ôÑ⫯¾Ê”³ÝOì߸Œä$‰™õò˜Ôà¿Lj:²33—À&ñËʤ&æàý÷ßïÀ”?·ÝvÛÂÆ–-%Øžxâ‰ÅßÿÝ9xàÅ+¯¼²»—ç›R(INœm­ÆŸ\J`ßHü²ïÈ÷Ï]›Æ/ÿ^—Êv×óz¡IEND®B`‚django-axes-5.24.0/docs/index.rst000066400000000000000000000005431411641636100166000ustar00rootroot00000000000000.. _index: django-axes documentation ========================= Contents -------- .. toctree:: :maxdepth: 2 :numbered: 1 1_requirements 2_installation 3_usage 4_configuration 5_customization 6_integration 7_architecture 8_reference 9_development 10_changelog Indices and tables ------------------ * :ref:`search` django-axes-5.24.0/manage.py000066400000000000000000000003711411641636100156100ustar00rootroot00000000000000#!/usr/bin/env python import os import sys if __name__ == "__main__": os.environ.setdefault("DJANGO_SETTINGS_MODULE", "tests.settings") from django.core.management import execute_from_command_line execute_from_command_line(sys.argv) django-axes-5.24.0/mypy.ini000066400000000000000000000001511411641636100155010ustar00rootroot00000000000000[mypy] python_version = 3.6 ignore_missing_imports = True [mypy-axes.migrations.*] ignore_errors = True django-axes-5.24.0/pyproject.toml000066400000000000000000000023311411641636100167200ustar00rootroot00000000000000[build-system] requires = ["setuptools>=30.3.0", "wheel", "setuptools_scm"] [tool.pytest.ini_options] testpaths = "tests" addopts = "--cov axes --cov-append --cov-branch --cov-report term-missing --cov-report=xml" DJANGO_SETTINGS_MODULE = "tests.settings" [tool.tox] legacy_tox_ini = """ [tox] envlist = py{36,37,38,39,py3}-dj{22,31,32} py{38,39}-djmain py38-djqa [gh-actions] python = 3.6: py36 3.7: py37 3.8: py38 3.9: py39 pypy3: pypy3 [gh-actions:env] DJANGO = 2.2: dj22 3.1: dj31 3.2: dj32 main: djmain qa: djqa # Normal test environment runs pytest which orchestrates other tools [testenv] deps = -r requirements-test.txt dj22: django>=2.2,<2.3 dj31: django>=3.1,<3.2 dj32: django>=3.2,<3.3 djmain: https://github.com/django/django/archive/main.tar.gz usedevelop = true commands = pytest setenv = PYTHONDONTWRITEBYTECODE=1 # Django development version is allowed to fail the test matrix [testenv:py{38,39,py3}-djmain] ignore_errors = true ignore_outcome = true # QA runs type checks, linting, and code formatting checks [testenv:py38-djqa] deps = -r requirements-qa.txt commands = mypy axes prospector black -t py36 --check --diff axes """ django-axes-5.24.0/requirements-qa.txt000066400000000000000000000001151411641636100176650ustar00rootroot00000000000000black==21.8b0 mypy==0.910 prospector==1.3.1 types-pkg_resources # Type stub django-axes-5.24.0/requirements-test.txt000066400000000000000000000001401411641636100202410ustar00rootroot00000000000000-e . coverage==5.5 pytest==6.2.5 pytest-cov==2.12.1 pytest-django==4.4.0 pytest-subtests==0.5.0 django-axes-5.24.0/requirements.txt000066400000000000000000000001311411641636100172640ustar00rootroot00000000000000-e . -r requirements-qa.txt -r requirements-test.txt sphinx_rtd_theme==0.5.2 tox==3.24.3 django-axes-5.24.0/setup.py000066400000000000000000000044551411641636100155270ustar00rootroot00000000000000#!/usr/bin/env python from setuptools import setup, find_packages setup( name="django-axes", description="Keep track of failed login attempts in Django-powered sites.", long_description="\n".join( [ open("README.rst", encoding="utf-8").read(), open("CHANGES.rst", encoding="utf-8").read(), ] ), keywords="authentication django pci security", author=", ".join( [ "Josh VanderLinden", "Philip Neustrom", "Michael Blume", "Alex Clark", "Camilo Nova", "Aleksi Hakli", ] ), author_email="security@jazzband.co", maintainer="Jazzband", maintainer_email="security@jazzband.co", url="https://github.com/jazzband/django-axes", project_urls={ "Documentation": "https://django-axes.readthedocs.io/", "Source": "https://github.com/jazzband/django-axes", "Tracker": "https://github.com/jazzband/django-axes/issues", }, license="MIT", package_dir={"axes": "axes"}, use_scm_version=True, setup_requires=["setuptools_scm"], python_requires="~=3.6", install_requires=["django>=2.2", "django-ipware>=3,<5"], include_package_data=True, packages=find_packages(exclude=["tests"]), classifiers=[ "Development Status :: 5 - Production/Stable", "Environment :: Web Environment", "Environment :: Plugins", "Framework :: Django", "Framework :: Django :: 2.2", "Framework :: Django :: 3.1", "Framework :: Django :: 3.2", "Intended Audience :: Developers", "Intended Audience :: System Administrators", "License :: OSI Approved :: MIT License", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Python :: Implementation :: PyPy", "Topic :: Internet :: Log Analysis", "Topic :: Security", "Topic :: System :: Logging", ], zip_safe=False, ) django-axes-5.24.0/tests/000077500000000000000000000000001411641636100151475ustar00rootroot00000000000000django-axes-5.24.0/tests/__init__.py000066400000000000000000000000001411641636100172460ustar00rootroot00000000000000django-axes-5.24.0/tests/base.py000066400000000000000000000133321411641636100164350ustar00rootroot00000000000000from random import choice from string import ascii_letters, digits from time import sleep from django.contrib.auth import get_user_model from django.http import HttpRequest from django.test import TestCase from django.urls import reverse from django.utils.timezone import now from axes.conf import settings from axes.helpers import ( get_cache, get_client_http_accept, get_client_ip_address, get_client_path_info, get_client_user_agent, get_cool_off, get_credentials, get_failure_limit, ) from axes.models import AccessAttempt, AccessLog from axes.utils import reset def custom_failure_limit(request, credentials): return 3 class AxesTestCase(TestCase): """ Test case using custom settings for testing. """ VALID_USERNAME = "axes-valid-username" VALID_PASSWORD = "axes-valid-password" VALID_EMAIL = "axes-valid-email@example.com" VALID_USER_AGENT = "axes-user-agent" VALID_IP_ADDRESS = "127.0.0.1" INVALID_USERNAME = "axes-invalid-username" INVALID_PASSWORD = "axes-invalid-password" INVALID_EMAIL = "axes-invalid-email@example.com" LOCKED_MESSAGE = "Account locked: too many login attempts." LOGOUT_MESSAGE = "Logged out" LOGIN_FORM_KEY = '' STATUS_SUCCESS = 200 ALLOWED = 302 BLOCKED = 403 def setUp(self): """ Create a valid user for login. """ self.username = self.VALID_USERNAME self.password = self.VALID_PASSWORD self.email = self.VALID_EMAIL self.ip_address = self.VALID_IP_ADDRESS self.user_agent = self.VALID_USER_AGENT self.path_info = reverse("admin:login") self.user = get_user_model().objects.create_superuser( username=self.username, password=self.password, email=self.email ) self.request = HttpRequest() self.request.method = "POST" self.request.META["REMOTE_ADDR"] = self.ip_address self.request.META["HTTP_USER_AGENT"] = self.user_agent self.request.META["PATH_INFO"] = self.path_info self.request.axes_attempt_time = now() self.request.axes_ip_address = get_client_ip_address(self.request) self.request.axes_user_agent = get_client_user_agent(self.request) self.request.axes_path_info = get_client_path_info(self.request) self.request.axes_http_accept = get_client_http_accept(self.request) self.request.axes_failures_since_start = None self.credentials = get_credentials(self.username) def tearDown(self): get_cache().clear() def get_kwargs_with_defaults(self, **kwargs): defaults = { "user_agent": self.user_agent, "ip_address": self.ip_address, "username": self.username, } defaults.update(kwargs) return defaults def create_attempt(self, **kwargs): kwargs = self.get_kwargs_with_defaults(**kwargs) kwargs.setdefault("failures_since_start", 1) return AccessAttempt.objects.create(**kwargs) def create_log(self, **kwargs): return AccessLog.objects.create(**self.get_kwargs_with_defaults(**kwargs)) def reset(self, ip=None, username=None): return reset(ip, username) def login( self, is_valid_username=False, is_valid_password=False, remote_addr=None, **kwargs ): """ Login a user. A valid credential is used when is_valid_username is True, otherwise it will use a random string to make a failed login. """ if is_valid_username: username = self.VALID_USERNAME else: username = "".join(choice(ascii_letters + digits) for _ in range(10)) if is_valid_password: password = self.VALID_PASSWORD else: password = self.INVALID_PASSWORD post_data = {"username": username, "password": password, **kwargs} return self.client.post( reverse("admin:login"), post_data, REMOTE_ADDR=remote_addr or self.ip_address, HTTP_USER_AGENT=self.user_agent, ) def logout(self): return self.client.post( reverse("admin:logout"), REMOTE_ADDR=self.ip_address, HTTP_USER_AGENT=self.user_agent, ) def check_login(self): response = self.login(is_valid_username=True, is_valid_password=True) self.assertNotContains( response, self.LOGIN_FORM_KEY, status_code=self.ALLOWED, html=True ) def almost_lockout(self): for _ in range(1, get_failure_limit(None, None)): response = self.login() self.assertContains(response, self.LOGIN_FORM_KEY, html=True) def lockout(self): self.almost_lockout() return self.login() def check_lockout(self): response = self.lockout() if settings.AXES_LOCK_OUT_AT_FAILURE == True: self.assertContains(response, self.LOCKED_MESSAGE, status_code=self.BLOCKED) else: self.assertNotContains( response, self.LOCKED_MESSAGE, status_code=self.STATUS_SUCCESS ) def cool_off(self): sleep(get_cool_off().total_seconds()) def check_logout(self): response = self.logout() self.assertContains( response, self.LOGOUT_MESSAGE, status_code=self.STATUS_SUCCESS ) def check_handler(self): """ Check a handler and its basic functionality with lockouts, cool offs, login, and logout. This is a check that is intended to successfully run for each and every new handler. """ self.check_lockout() self.cool_off() self.check_login() self.check_logout() django-axes-5.24.0/tests/settings.py000066400000000000000000000040001411641636100173530ustar00rootroot00000000000000DATABASES = {"default": {"ENGINE": "django.db.backends.sqlite3", "NAME": ":memory:"}} CACHES = { "default": { # This cache backend is OK to use in development and testing # but has the potential to break production setups with more than on process # due to each process having their own local memory based cache "BACKEND": "django.core.cache.backends.locmem.LocMemCache" } } SITE_ID = 1 MIDDLEWARE = [ "django.middleware.common.CommonMiddleware", "django.contrib.sessions.middleware.SessionMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.messages.middleware.MessageMiddleware", "axes.middleware.AxesMiddleware", ] AUTHENTICATION_BACKENDS = [ "axes.backends.AxesBackend", "django.contrib.auth.backends.ModelBackend", ] PASSWORD_HASHERS = ["django.contrib.auth.hashers.MD5PasswordHasher"] ROOT_URLCONF = "tests.urls" INSTALLED_APPS = [ "django.contrib.auth", "django.contrib.contenttypes", "django.contrib.sessions", "django.contrib.sites", "django.contrib.messages", "django.contrib.admin", "axes", ] TEMPLATES = [ { "BACKEND": "django.template.backends.django.DjangoTemplates", "DIRS": [], "APP_DIRS": True, "OPTIONS": { "context_processors": [ "django.template.context_processors.debug", "django.template.context_processors.request", "django.contrib.auth.context_processors.auth", "django.contrib.messages.context_processors.messages", ] }, } ] LOGGING = { "version": 1, "disable_existing_loggers": False, "handlers": {"console": {"class": "logging.StreamHandler"}}, "loggers": {"axes": {"handlers": ["console"], "level": "INFO", "propagate": False}}, } SECRET_KEY = "too-secret-for-test" USE_I18N = False USE_L10N = False USE_TZ = False LOGIN_REDIRECT_URL = "/admin/" AXES_FAILURE_LIMIT = 10 DEFAULT_AUTO_FIELD = "django.db.models.AutoField" django-axes-5.24.0/tests/test_admin.py000066400000000000000000000016471411641636100176600ustar00rootroot00000000000000from contextlib import suppress from importlib import reload from django.contrib import admin from django.test import override_settings import axes.admin from axes.models import AccessAttempt, AccessLog from tests.base import AxesTestCase class AxesEnableAdminFlag(AxesTestCase): def setUp(self): with suppress(admin.sites.NotRegistered): admin.site.unregister(AccessAttempt) with suppress(admin.sites.NotRegistered): admin.site.unregister(AccessLog) @override_settings(AXES_ENABLE_ADMIN=False) def test_disable_admin(self): reload(axes.admin) self.assertFalse(admin.site.is_registered(AccessAttempt)) self.assertFalse(admin.site.is_registered(AccessLog)) def test_enable_admin_by_default(self): reload(axes.admin) self.assertTrue(admin.site.is_registered(AccessAttempt)) self.assertTrue(admin.site.is_registered(AccessLog)) django-axes-5.24.0/tests/test_attempts.py000066400000000000000000000133261411641636100204260ustar00rootroot00000000000000from unittest.mock import patch from django.http import HttpRequest from django.test import override_settings from django.utils.timezone import now from axes.attempts import get_cool_off_threshold from axes.models import AccessAttempt from axes.utils import reset, reset_request from tests.base import AxesTestCase class GetCoolOffThresholdTestCase(AxesTestCase): @override_settings(AXES_COOLOFF_TIME=42) def test_get_cool_off_threshold(self): timestamp = now() with patch("axes.attempts.now", return_value=timestamp): attempt_time = timestamp threshold_now = get_cool_off_threshold(attempt_time) attempt_time = None threshold_none = get_cool_off_threshold(attempt_time) self.assertEqual(threshold_now, threshold_none) @override_settings(AXES_COOLOFF_TIME=None) def test_get_cool_off_threshold_error(self): with self.assertRaises(TypeError): get_cool_off_threshold() class ResetTestCase(AxesTestCase): def test_reset(self): self.create_attempt() reset() self.assertFalse(AccessAttempt.objects.count()) def test_reset_ip(self): self.create_attempt(ip_address=self.ip_address) reset(ip=self.ip_address) self.assertFalse(AccessAttempt.objects.count()) def test_reset_username(self): self.create_attempt(username=self.username) reset(username=self.username) self.assertFalse(AccessAttempt.objects.count()) class ResetResponseTestCase(AxesTestCase): USERNAME_1 = "foo_username" USERNAME_2 = "bar_username" IP_1 = "127.1.0.1" IP_2 = "127.1.0.2" def setUp(self): super().setUp() self.create_attempt() self.create_attempt(username=self.USERNAME_1, ip_address=self.IP_1) self.create_attempt(username=self.USERNAME_1, ip_address=self.IP_2) self.create_attempt(username=self.USERNAME_2, ip_address=self.IP_1) self.create_attempt(username=self.USERNAME_2, ip_address=self.IP_2) self.request = HttpRequest() def test_reset(self): reset_request(self.request) self.assertEqual(AccessAttempt.objects.count(), 5) def test_reset_ip(self): self.request.META["REMOTE_ADDR"] = self.IP_1 reset_request(self.request) self.assertEqual(AccessAttempt.objects.count(), 3) def test_reset_username(self): self.request.GET["username"] = self.USERNAME_1 reset_request(self.request) self.assertEqual(AccessAttempt.objects.count(), 5) def test_reset_ip_username(self): self.request.GET["username"] = self.USERNAME_1 self.request.META["REMOTE_ADDR"] = self.IP_1 reset_request(self.request) self.assertEqual(AccessAttempt.objects.count(), 3) @override_settings(AXES_ONLY_USER_FAILURES=True) def test_reset_user_failures(self): reset_request(self.request) self.assertEqual(AccessAttempt.objects.count(), 5) @override_settings(AXES_ONLY_USER_FAILURES=True) def test_reset_ip_user_failures(self): self.request.META["REMOTE_ADDR"] = self.IP_1 reset_request(self.request) self.assertEqual(AccessAttempt.objects.count(), 5) @override_settings(AXES_ONLY_USER_FAILURES=True) def test_reset_username_user_failures(self): self.request.GET["username"] = self.USERNAME_1 reset_request(self.request) self.assertEqual(AccessAttempt.objects.count(), 3) @override_settings(AXES_ONLY_USER_FAILURES=True) def test_reset_ip_username_user_failures(self): self.request.GET["username"] = self.USERNAME_1 self.request.META["REMOTE_ADDR"] = self.IP_1 reset_request(self.request) self.assertEqual(AccessAttempt.objects.count(), 3) @override_settings(AXES_LOCK_OUT_BY_USER_OR_IP=True) def test_reset_user_or_ip(self): reset_request(self.request) self.assertEqual(AccessAttempt.objects.count(), 5) @override_settings(AXES_LOCK_OUT_BY_USER_OR_IP=True) def test_reset_ip_user_or_ip(self): self.request.META["REMOTE_ADDR"] = self.IP_1 reset_request(self.request) self.assertEqual(AccessAttempt.objects.count(), 3) @override_settings(AXES_LOCK_OUT_BY_USER_OR_IP=True) def test_reset_username_user_or_ip(self): self.request.GET["username"] = self.USERNAME_1 reset_request(self.request) self.assertEqual(AccessAttempt.objects.count(), 3) @override_settings(AXES_LOCK_OUT_BY_USER_OR_IP=True) def test_reset_ip_username_user_or_ip(self): self.request.GET["username"] = self.USERNAME_1 self.request.META["REMOTE_ADDR"] = self.IP_1 reset_request(self.request) self.assertEqual(AccessAttempt.objects.count(), 2) @override_settings(AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True) def test_reset_user_and_ip(self): reset_request(self.request) self.assertEqual(AccessAttempt.objects.count(), 5) @override_settings(AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True) def test_reset_ip_user_and_ip(self): self.request.META["REMOTE_ADDR"] = self.IP_1 reset_request(self.request) self.assertEqual(AccessAttempt.objects.count(), 3) @override_settings(AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True) def test_reset_username_user_and_ip(self): self.request.GET["username"] = self.USERNAME_1 reset_request(self.request) self.assertEqual(AccessAttempt.objects.count(), 3) @override_settings(AXES_LOCK_OUT_BY_USER_OR_AND=True) def test_reset_ip_username_user_and_ip(self): self.request.GET["username"] = self.USERNAME_1 self.request.META["REMOTE_ADDR"] = self.IP_1 reset_request(self.request) self.assertEqual(AccessAttempt.objects.count(), 3) django-axes-5.24.0/tests/test_backends.py000066400000000000000000000013531411641636100203340ustar00rootroot00000000000000from unittest.mock import patch, MagicMock from axes.backends import AxesBackend from axes.exceptions import ( AxesBackendRequestParameterRequired, AxesBackendPermissionDenied, ) from tests.base import AxesTestCase class BackendTestCase(AxesTestCase): def test_authenticate_raises_on_missing_request(self): request = None with self.assertRaises(AxesBackendRequestParameterRequired): AxesBackend().authenticate(request) @patch("axes.handlers.proxy.AxesProxyHandler.is_allowed", return_value=False) def test_authenticate_raises_on_locked_request(self, _): request = MagicMock() with self.assertRaises(AxesBackendPermissionDenied): AxesBackend().authenticate(request) django-axes-5.24.0/tests/test_checks.py000066400000000000000000000070011411641636100200160ustar00rootroot00000000000000from django.core.checks import run_checks, Warning # pylint: disable=redefined-builtin from django.test import override_settings, modify_settings from axes.backends import AxesBackend from axes.checks import Messages, Hints, Codes from tests.base import AxesTestCase class CacheCheckTestCase(AxesTestCase): @override_settings( AXES_HANDLER="axes.handlers.cache.AxesCacheHandler", CACHES={ "default": { "BACKEND": "django.core.cache.backends.db.DatabaseCache", "LOCATION": "axes_cache", } }, ) def test_cache_check(self): warnings = run_checks() self.assertEqual(warnings, []) @override_settings( AXES_HANDLER="axes.handlers.cache.AxesCacheHandler", CACHES={ "default": {"BACKEND": "django.core.cache.backends.locmem.LocMemCache"} }, ) def test_cache_check_warnings(self): warnings = run_checks() warning = Warning( msg=Messages.CACHE_INVALID, hint=Hints.CACHE_INVALID, id=Codes.CACHE_INVALID ) self.assertEqual(warnings, [warning]) @override_settings( AXES_HANDLER="axes.handlers.database.AxesDatabaseHandler", CACHES={ "default": {"BACKEND": "django.core.cache.backends.locmem.LocMemCache"} }, ) def test_cache_check_does_not_produce_check_warnings_with_database_handler(self): warnings = run_checks() self.assertEqual(warnings, []) class MiddlewareCheckTestCase(AxesTestCase): @modify_settings(MIDDLEWARE={"remove": ["axes.middleware.AxesMiddleware"]}) def test_cache_check_warnings(self): warnings = run_checks() warning = Warning( msg=Messages.MIDDLEWARE_INVALID, hint=Hints.MIDDLEWARE_INVALID, id=Codes.MIDDLEWARE_INVALID, ) self.assertEqual(warnings, [warning]) class AxesSpecializedBackend(AxesBackend): pass class BackendCheckTestCase(AxesTestCase): @modify_settings(AUTHENTICATION_BACKENDS={"remove": ["axes.backends.AxesBackend"]}) def test_backend_missing(self): warnings = run_checks() warning = Warning( msg=Messages.BACKEND_INVALID, hint=Hints.BACKEND_INVALID, id=Codes.BACKEND_INVALID, ) self.assertEqual(warnings, [warning]) @override_settings( AUTHENTICATION_BACKENDS=["tests.test_checks.AxesSpecializedBackend"] ) def test_specialized_backend(self): warnings = run_checks() self.assertEqual(warnings, []) @override_settings( AUTHENTICATION_BACKENDS=["tests.test_checks.AxesNotDefinedBackend"] ) def test_import_error(self): with self.assertRaises(ImportError): run_checks() @override_settings(AUTHENTICATION_BACKENDS=["module.not_defined"]) def test_module_not_found_error(self): with self.assertRaises(ModuleNotFoundError): run_checks() class DeprecatedSettingsTestCase(AxesTestCase): def setUp(self): self.disable_success_access_log_warning = Warning( msg=Messages.SETTING_DEPRECATED.format( deprecated_setting="AXES_DISABLE_SUCCESS_ACCESS_LOG" ), hint=Hints.SETTING_DEPRECATED, id=Codes.SETTING_DEPRECATED, ) @override_settings(AXES_DISABLE_SUCCESS_ACCESS_LOG=True) def test_deprecated_success_access_log_flag(self): warnings = run_checks() self.assertEqual(warnings, [self.disable_success_access_log_warning]) django-axes-5.24.0/tests/test_decorators.py000066400000000000000000000036231411641636100207310ustar00rootroot00000000000000from unittest.mock import MagicMock, patch from django.http import HttpResponse from axes.decorators import axes_dispatch, axes_form_invalid from tests.base import AxesTestCase class DecoratorTestCase(AxesTestCase): SUCCESS_RESPONSE = HttpResponse(status=200, content="Dispatched") LOCKOUT_RESPONSE = HttpResponse(status=403, content="Locked out") def setUp(self): self.request = MagicMock() self.cls = MagicMock(return_value=self.request) self.func = MagicMock(return_value=self.SUCCESS_RESPONSE) @patch("axes.handlers.proxy.AxesProxyHandler.is_allowed", return_value=False) @patch("axes.decorators.get_lockout_response", return_value=LOCKOUT_RESPONSE) def test_axes_dispatch_locks_out(self, _, __): response = axes_dispatch(self.func)(self.request) self.assertEqual(response.content, self.LOCKOUT_RESPONSE.content) @patch("axes.handlers.proxy.AxesProxyHandler.is_allowed", return_value=True) @patch("axes.decorators.get_lockout_response", return_value=LOCKOUT_RESPONSE) def test_axes_dispatch_dispatches(self, _, __): response = axes_dispatch(self.func)(self.request) self.assertEqual(response.content, self.SUCCESS_RESPONSE.content) @patch("axes.handlers.proxy.AxesProxyHandler.is_allowed", return_value=False) @patch("axes.decorators.get_lockout_response", return_value=LOCKOUT_RESPONSE) def test_axes_form_invalid_locks_out(self, _, __): response = axes_form_invalid(self.func)(self.cls) self.assertEqual(response.content, self.LOCKOUT_RESPONSE.content) @patch("axes.handlers.proxy.AxesProxyHandler.is_allowed", return_value=True) @patch("axes.decorators.get_lockout_response", return_value=LOCKOUT_RESPONSE) def test_axes_form_invalid_dispatches(self, _, __): response = axes_form_invalid(self.func)(self.cls) self.assertEqual(response.content, self.SUCCESS_RESPONSE.content) django-axes-5.24.0/tests/test_handlers.py000066400000000000000000000470771411641636100203770ustar00rootroot00000000000000from platform import python_implementation from unittest.mock import MagicMock, patch from pytest import mark from django.core.cache import cache from django.test import override_settings from django.urls import reverse from django.utils import timezone from django.utils.timezone import timedelta from axes.conf import settings from axes.handlers.proxy import AxesProxyHandler from axes.helpers import get_client_str from axes.models import AccessAttempt, AccessLog from tests.base import AxesTestCase @override_settings(AXES_HANDLER="axes.handlers.base.AxesHandler") class AxesHandlerTestCase(AxesTestCase): @override_settings(AXES_IP_BLACKLIST=["127.0.0.1"]) def test_is_allowed_with_blacklisted_ip_address(self): self.assertFalse(AxesProxyHandler.is_allowed(self.request)) @override_settings( AXES_NEVER_LOCKOUT_WHITELIST=True, AXES_IP_WHITELIST=["127.0.0.1"] ) def test_is_allowed_with_whitelisted_ip_address(self): self.assertTrue(AxesProxyHandler.is_allowed(self.request)) @override_settings(AXES_NEVER_LOCKOUT_GET=True) def test_is_allowed_with_whitelisted_method(self): self.request.method = "GET" self.assertTrue(AxesProxyHandler.is_allowed(self.request)) @override_settings(AXES_LOCK_OUT_AT_FAILURE=False) def test_is_allowed_no_lock_out(self): self.assertTrue(AxesProxyHandler.is_allowed(self.request)) @override_settings(AXES_ONLY_ADMIN_SITE=True) def test_only_admin_site(self): request = MagicMock() request.path = "/test/" self.assertTrue(AxesProxyHandler.is_allowed(self.request)) def test_is_admin_site(self): request = MagicMock() tests = ( # (AXES_ONLY_ADMIN_SITE, URL, Expected) (True, "/test/", True), (True, reverse("admin:index"), False), (False, "/test/", False), (False, reverse("admin:index"), False), ) for setting_value, url, expected in tests: with override_settings(AXES_ONLY_ADMIN_SITE=setting_value): request.path = url self.assertEqual(AxesProxyHandler().is_admin_site(request), expected) @override_settings(ROOT_URLCONF="tests.urls_empty") @override_settings(AXES_ONLY_ADMIN_SITE=True) def test_is_admin_site_no_admin_site(self): request = MagicMock() request.path = "/admin/" self.assertTrue(AxesProxyHandler().is_admin_site(self.request)) class AxesProxyHandlerTestCase(AxesTestCase): def setUp(self): self.sender = MagicMock() self.credentials = MagicMock() self.request = MagicMock() self.user = MagicMock() self.instance = MagicMock() @patch("axes.handlers.proxy.AxesProxyHandler.implementation", None) def test_setting_changed_signal_triggers_handler_reimport(self): self.assertIsNone(AxesProxyHandler.implementation) with self.settings(AXES_HANDLER="axes.handlers.database.AxesDatabaseHandler"): self.assertIsNotNone(AxesProxyHandler.implementation) @patch("axes.handlers.proxy.AxesProxyHandler.implementation") def test_user_login_failed(self, handler): self.assertFalse(handler.user_login_failed.called) AxesProxyHandler.user_login_failed(self.sender, self.credentials, self.request) self.assertTrue(handler.user_login_failed.called) @patch("axes.handlers.proxy.AxesProxyHandler.implementation") def test_user_logged_in(self, handler): self.assertFalse(handler.user_logged_in.called) AxesProxyHandler.user_logged_in(self.sender, self.request, self.user) self.assertTrue(handler.user_logged_in.called) @patch("axes.handlers.proxy.AxesProxyHandler.implementation") def test_user_logged_out(self, handler): self.assertFalse(handler.user_logged_out.called) AxesProxyHandler.user_logged_out(self.sender, self.request, self.user) self.assertTrue(handler.user_logged_out.called) @patch("axes.handlers.proxy.AxesProxyHandler.implementation") def test_post_save_access_attempt(self, handler): self.assertFalse(handler.post_save_access_attempt.called) AxesProxyHandler.post_save_access_attempt(self.instance) self.assertTrue(handler.post_save_access_attempt.called) @patch("axes.handlers.proxy.AxesProxyHandler.implementation") def test_post_delete_access_attempt(self, handler): self.assertFalse(handler.post_delete_access_attempt.called) AxesProxyHandler.post_delete_access_attempt(self.instance) self.assertTrue(handler.post_delete_access_attempt.called) class AxesHandlerBaseTestCase(AxesTestCase): def check_whitelist(self, log): with override_settings( AXES_NEVER_LOCKOUT_WHITELIST=True, AXES_IP_WHITELIST=[self.ip_address] ): AxesProxyHandler.user_login_failed( sender=None, request=self.request, credentials=self.credentials ) client_str = get_client_str( self.username, self.ip_address, self.user_agent, self.path_info, self.request, ) log.info.assert_called_with( "AXES: Login failed from whitelisted client %s.", client_str ) def check_empty_request(self, log, handler): AxesProxyHandler.user_login_failed(sender=None, credentials={}, request=None) log.error.assert_called_with( f"AXES: {handler}.user_login_failed does not function without a request." ) @override_settings(AXES_HANDLER="axes.handlers.database.AxesDatabaseHandler") class ResetAttemptsTestCase(AxesHandlerBaseTestCase): """Resetting attempts is currently implemented only for database handler""" USERNAME_1 = "foo_username" USERNAME_2 = "bar_username" IP_1 = "127.1.0.1" IP_2 = "127.1.0.2" def setUp(self): super().setUp() self.create_attempt() self.create_attempt(username=self.USERNAME_1, ip_address=self.IP_1) self.create_attempt(username=self.USERNAME_1, ip_address=self.IP_2) self.create_attempt(username=self.USERNAME_2, ip_address=self.IP_1) self.create_attempt(username=self.USERNAME_2, ip_address=self.IP_2) def test_handler_reset_attempts(self): self.assertEqual(5, AxesProxyHandler.reset_attempts()) self.assertFalse(AccessAttempt.objects.count()) def test_handler_reset_attempts_username(self): self.assertEqual(2, AxesProxyHandler.reset_attempts(username=self.USERNAME_1)) self.assertEqual(AccessAttempt.objects.count(), 3) self.assertEqual( AccessAttempt.objects.filter(ip_address=self.USERNAME_1).count(), 0 ) def test_handler_reset_attempts_ip(self): self.assertEqual(2, AxesProxyHandler.reset_attempts(ip_address=self.IP_1)) self.assertEqual(AccessAttempt.objects.count(), 3) self.assertEqual(AccessAttempt.objects.filter(ip_address=self.IP_1).count(), 0) def test_handler_reset_attempts_ip_and_username(self): self.assertEqual( 1, AxesProxyHandler.reset_attempts( ip_address=self.IP_1, username=self.USERNAME_1 ), ) self.assertEqual(AccessAttempt.objects.count(), 4) self.assertEqual(AccessAttempt.objects.filter(ip_address=self.IP_1).count(), 1) self.create_attempt(username=self.USERNAME_1, ip_address=self.IP_1) self.assertEqual( 1, AxesProxyHandler.reset_attempts( ip_address=self.IP_1, username=self.USERNAME_2 ), ) self.assertEqual( 1, AxesProxyHandler.reset_attempts( ip_address=self.IP_2, username=self.USERNAME_1 ), ) def test_handler_reset_attempts_ip_or_username(self): self.assertEqual( 3, AxesProxyHandler.reset_attempts( ip_address=self.IP_1, username=self.USERNAME_1, ip_or_username=True ), ) self.assertEqual(AccessAttempt.objects.count(), 2) self.assertEqual(AccessAttempt.objects.filter(ip_address=self.IP_1).count(), 0) self.assertEqual( AccessAttempt.objects.filter(ip_address=self.USERNAME_1).count(), 0 ) @override_settings( AXES_HANDLER="axes.handlers.database.AxesDatabaseHandler", AXES_COOLOFF_TIME=timedelta(seconds=2), AXES_RESET_ON_SUCCESS=True, ) @mark.xfail( python_implementation() == "PyPy", reason="PyPy implementation is flaky for this test", strict=False, ) class AxesDatabaseHandlerTestCase(AxesHandlerBaseTestCase): def test_handler_reset_attempts(self): self.create_attempt() self.assertEqual(1, AxesProxyHandler.reset_attempts()) self.assertFalse(AccessAttempt.objects.count()) def test_handler_reset_logs(self): self.create_log() self.assertEqual(1, AxesProxyHandler.reset_logs()) self.assertFalse(AccessLog.objects.count()) def test_handler_reset_logs_older_than_42_days(self): self.create_log() then = timezone.now() - timezone.timedelta(days=90) with patch("django.utils.timezone.now", return_value=then): self.create_log() self.assertEqual(AccessLog.objects.count(), 2) self.assertEqual(1, AxesProxyHandler.reset_logs(age_days=42)) self.assertEqual(AccessLog.objects.count(), 1) @override_settings(AXES_RESET_ON_SUCCESS=True) def test_handler(self): self.check_handler() @override_settings(AXES_RESET_ON_SUCCESS=False) def test_handler_without_reset(self): self.check_handler() @override_settings(AXES_FAILURE_LIMIT=lambda *args: 3) def test_handler_callable_failure_limit(self): self.check_handler() @override_settings(AXES_FAILURE_LIMIT="tests.base.custom_failure_limit") def test_handler_str_failure_limit(self): self.check_handler() @override_settings(AXES_FAILURE_LIMIT=None) def test_handler_invalid_failure_limit(self): with self.assertRaises(TypeError): self.check_handler() @override_settings(AXES_LOCK_OUT_AT_FAILURE=False) def test_handler_without_lockout(self): self.check_handler() @patch("axes.handlers.database.log") def test_empty_request(self, log): self.check_empty_request(log, "AxesDatabaseHandler") @patch("axes.handlers.database.log") def test_whitelist(self, log): self.check_whitelist(log) @override_settings(AXES_ONLY_USER_FAILURES=True) @patch("axes.handlers.database.log") def test_user_login_failed_only_user_failures_with_none_username(self, log): credentials = {"username": None, "password": "test"} sender = MagicMock() AxesProxyHandler.user_login_failed(sender, credentials, self.request) attempt = AccessAttempt.objects.all() self.assertEqual(0, AccessAttempt.objects.count()) log.warning.assert_called_with( "AXES: Username is None and AXES_ONLY_USER_FAILURES is enabled, new record will NOT be created." ) def test_user_login_failed_with_none_username(self): credentials = {"username": None, "password": "test"} sender = MagicMock() AxesProxyHandler.user_login_failed(sender, credentials, self.request) attempt = AccessAttempt.objects.all() self.assertEqual(1, AccessAttempt.objects.filter(username__isnull=True).count()) def test_user_login_failed_multiple_username(self): configurations = ( (2, 1, {}, ["admin", "admin1"]), (2, 1, {"AXES_USE_USER_AGENT": True}, ["admin", "admin1"]), (2, 1, {"AXES_ONLY_USER_FAILURES": True}, ["admin", "admin1"]), ( 2, 1, {"AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP": True}, ["admin", "admin1"], ), ( 1, 2, {"AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP": True}, ["admin", "admin"], ), (1, 2, {"AXES_LOCK_OUT_BY_USER_OR_IP": True}, ["admin", "admin"]), (2, 1, {"AXES_LOCK_OUT_BY_USER_OR_IP": True}, ["admin", "admin1"]), ) for ( total_attempts_count, failures_since_start, overrides, usernames, ) in configurations: with self.settings(**overrides): with self.subTest( total_attempts_count=total_attempts_count, failures_since_start=failures_since_start, settings=overrides, ): self.login(username=usernames[0]) attempt = AccessAttempt.objects.get(username=usernames[0]) self.assertEqual(1, attempt.failures_since_start) # check the number of failures associated to the attempt self.login(username=usernames[1]) attempt = AccessAttempt.objects.get(username=usernames[1]) self.assertEqual(failures_since_start, attempt.failures_since_start) # check the number of distinct attempts self.assertEqual( total_attempts_count, AccessAttempt.objects.count() ) AccessAttempt.objects.all().delete() @override_settings(AXES_HANDLER="axes.handlers.cache.AxesCacheHandler") class ResetAttemptsCacheHandlerTestCase(AxesHandlerBaseTestCase): """Test reset attempts for the cache handler""" USERNAME_1 = "foo_username" USERNAME_2 = "bar_username" IP_1 = "127.1.0.1" IP_2 = "127.1.0.2" def set_up_login_attemtps(self): """Set up the login attempts.""" self.login(username=self.USERNAME_1, remote_addr=self.IP_1) self.login(username=self.USERNAME_1, remote_addr=self.IP_2) self.login(username=self.USERNAME_2, remote_addr=self.IP_1) self.login(username=self.USERNAME_2, remote_addr=self.IP_2) def check_failures(self, failures, username=None, ip_address=None): if ip_address is None and username is None: raise NotImplementedError("Must supply ip_address or username") try: prev_ip = self.request.META["REMOTE_ADDR"] credentials = {"username": username} if username else {} if ip_address is not None: self.request.META["REMOTE_ADDR"] = ip_address self.assertEqual( failures, AxesProxyHandler.get_failures(self.request, credentials=credentials), ) finally: self.request.META["REMOTE_ADDR"] = prev_ip def test_handler_reset_attempts(self): with self.assertRaises(NotImplementedError): AxesProxyHandler.reset_attempts() @override_settings(AXES_ONLY_USER_FAILURES=True) def test_handler_reset_attempts_username(self): self.set_up_login_attemtps() self.assertEqual( 2, AxesProxyHandler.get_failures( self.request, credentials={"username": self.USERNAME_1} ), ) self.assertEqual( 2, AxesProxyHandler.get_failures( self.request, credentials={"username": self.USERNAME_2} ), ) self.assertEqual(1, AxesProxyHandler.reset_attempts(username=self.USERNAME_1)) self.assertEqual( 0, AxesProxyHandler.get_failures( self.request, credentials={"username": self.USERNAME_1} ), ) self.assertEqual( 2, AxesProxyHandler.get_failures( self.request, credentials={"username": self.USERNAME_2} ), ) def test_handler_reset_attempts_ip(self): self.set_up_login_attemtps() self.check_failures(2, ip_address=self.IP_1) self.assertEqual(1, AxesProxyHandler.reset_attempts(ip_address=self.IP_1)) self.check_failures(0, ip_address=self.IP_1) self.check_failures(2, ip_address=self.IP_2) @override_settings(AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True) def test_handler_reset_attempts_ip_and_username(self): self.set_up_login_attemtps() self.check_failures(1, username=self.USERNAME_1, ip_address=self.IP_1) self.check_failures(1, username=self.USERNAME_2, ip_address=self.IP_1) self.check_failures(1, username=self.USERNAME_1, ip_address=self.IP_2) self.assertEqual( 1, AxesProxyHandler.reset_attempts( ip_address=self.IP_1, username=self.USERNAME_1 ), ) self.check_failures(0, username=self.USERNAME_1, ip_address=self.IP_1) self.check_failures(1, username=self.USERNAME_2, ip_address=self.IP_1) self.check_failures(1, username=self.USERNAME_1, ip_address=self.IP_2) def test_handler_reset_attempts_ip_or_username(self): with self.assertRaises(NotImplementedError): AxesProxyHandler.reset_attempts() @override_settings( AXES_HANDLER="axes.handlers.cache.AxesCacheHandler", AXES_COOLOFF_TIME=timedelta(seconds=1), ) class AxesCacheHandlerTestCase(AxesHandlerBaseTestCase): @override_settings(AXES_RESET_ON_SUCCESS=True) def test_handler(self): self.check_handler() @override_settings(AXES_RESET_ON_SUCCESS=False) def test_handler_without_reset(self): self.check_handler() @override_settings(AXES_LOCK_OUT_AT_FAILURE=False) def test_handler_without_lockout(self): self.check_handler() @patch("axes.handlers.cache.log") def test_empty_request(self, log): self.check_empty_request(log, "AxesCacheHandler") @patch("axes.handlers.cache.log") def test_whitelist(self, log): self.check_whitelist(log) @override_settings(AXES_ONLY_USER_FAILURES=True) @patch.object(cache, "set") @patch("axes.handlers.cache.log") def test_user_login_failed_only_user_failures_with_none_username( self, log, cache_set ): credentials = {"username": None, "password": "test"} sender = MagicMock() AxesProxyHandler.user_login_failed(sender, credentials, self.request) self.assertFalse(cache_set.called) log.warning.assert_called_with( "AXES: Username is None and AXES_ONLY_USER_FAILURES is enabled, new record will NOT be created." ) @patch.object(cache, "set") def test_user_login_failed_with_none_username(self, cache_set): credentials = {"username": None, "password": "test"} sender = MagicMock() AxesProxyHandler.user_login_failed(sender, credentials, self.request) self.assertTrue(cache_set.called) @override_settings(AXES_HANDLER="axes.handlers.dummy.AxesDummyHandler") class AxesDummyHandlerTestCase(AxesHandlerBaseTestCase): def test_handler(self): for _ in range(settings.AXES_FAILURE_LIMIT): self.login() self.check_login() def test_handler_is_allowed(self): self.assertEqual(True, AxesProxyHandler.is_allowed(self.request, {})) def test_handler_get_failures(self): self.assertEqual(0, AxesProxyHandler.get_failures(self.request, {})) @override_settings(AXES_HANDLER="axes.handlers.test.AxesTestHandler") class AxesTestHandlerTestCase(AxesHandlerBaseTestCase): def test_handler_reset_attempts(self): self.assertEqual(0, AxesProxyHandler.reset_attempts()) def test_handler_reset_logs(self): self.assertEqual(0, AxesProxyHandler.reset_logs()) def test_handler_is_allowed(self): self.assertEqual(True, AxesProxyHandler.is_allowed(self.request, {})) def test_handler_get_failures(self): self.assertEqual(0, AxesProxyHandler.get_failures(self.request, {})) django-axes-5.24.0/tests/test_helpers.py000066400000000000000000000701711411641636100202300ustar00rootroot00000000000000from datetime import timedelta from hashlib import md5 from unittest.mock import patch from django.contrib.auth import get_user_model from django.http import JsonResponse, HttpResponseRedirect, HttpResponse, HttpRequest from django.test import override_settings, RequestFactory from axes.apps import AppConfig from axes.helpers import ( get_cache_timeout, get_client_str, get_client_username, get_client_cache_key, get_client_parameters, get_cool_off, get_cool_off_iso8601, get_lockout_response, is_client_ip_address_blacklisted, is_client_ip_address_whitelisted, is_client_method_whitelisted, is_ip_address_in_blacklist, is_ip_address_in_whitelist, is_user_attempt_whitelisted, toggleable, cleanse_parameters, ) from axes.models import AccessAttempt from tests.base import AxesTestCase @override_settings(AXES_ENABLED=False) class AxesDisabledTestCase(AxesTestCase): def test_initialize(self): AppConfig.logging_initialized = False AppConfig.initialize() self.assertFalse(AppConfig.logging_initialized) def test_toggleable(self): def is_true(): return True self.assertTrue(is_true()) self.assertIsNone(toggleable(is_true)()) class CacheTestCase(AxesTestCase): @override_settings(AXES_COOLOFF_TIME=3) # hours def test_get_cache_timeout_integer(self): timeout_seconds = float(60 * 60 * 3) self.assertEqual(get_cache_timeout(), timeout_seconds) @override_settings(AXES_COOLOFF_TIME=timedelta(seconds=420)) def test_get_cache_timeout_timedelta(self): self.assertEqual(get_cache_timeout(), 420) @override_settings(AXES_COOLOFF_TIME=None) def test_get_cache_timeout_none(self): self.assertEqual(get_cache_timeout(), None) class TimestampTestCase(AxesTestCase): def test_iso8601(self): """ Test get_cool_off_iso8601 correctly translates datetime.timedelta to ISO 8601 formatted duration. """ expected = { timedelta(days=1, hours=25, minutes=42, seconds=8): "P2DT1H42M8S", timedelta(days=7, seconds=342): "P7DT5M42S", timedelta(days=0, hours=2, minutes=42): "PT2H42M", timedelta(hours=20, seconds=42): "PT20H42S", timedelta(seconds=300): "PT5M", timedelta(seconds=9005): "PT2H30M5S", timedelta(minutes=9005): "P6DT6H5M", timedelta(days=15): "P15D", } for delta, iso_duration in expected.items(): with self.subTest(iso_duration): self.assertEqual(get_cool_off_iso8601(delta), iso_duration) class ClientStringTestCase(AxesTestCase): @staticmethod def get_expected_client_str(*args, **kwargs): client_str_template = '{{username: "{0}", ip_address: "{1}", user_agent: "{2}", path_info: "{3}"}}' return client_str_template.format(*args, **kwargs) @override_settings(AXES_VERBOSE=True) def test_verbose_ip_only_client_details(self): username = "test@example.com" ip_address = "127.0.0.1" user_agent = "Googlebot/2.1 (+http://www.googlebot.com/bot.html)" path_info = "/admin/" expected = self.get_expected_client_str( username, ip_address, user_agent, path_info, self.request ) actual = get_client_str( username, ip_address, user_agent, path_info, self.request ) self.assertEqual(expected, actual) @override_settings(AXES_VERBOSE=True) def test_imbalanced_quotes(self): username = "butterfly.. },,," ip_address = "127.0.0.1" user_agent = "Googlebot/2.1 (+http://www.googlebot.com/bot.html)" path_info = "/admin/" expected = self.get_expected_client_str( username, ip_address, user_agent, path_info, self.request ) actual = get_client_str( username, ip_address, user_agent, path_info, self.request ) self.assertEqual(expected, actual) @override_settings(AXES_VERBOSE=True) def test_verbose_ip_only_client_details_tuple(self): username = "test@example.com" ip_address = "127.0.0.1" user_agent = "Googlebot/2.1 (+http://www.googlebot.com/bot.html)" path_info = ("admin", "login") expected = self.get_expected_client_str( username, ip_address, user_agent, path_info[0], self.request ) actual = get_client_str( username, ip_address, user_agent, path_info, self.request ) self.assertEqual(expected, actual) @override_settings(AXES_VERBOSE=False) def test_non_verbose_ip_only_client_details(self): username = "test@example.com" ip_address = "127.0.0.1" user_agent = "Googlebot/2.1 (+http://www.googlebot.com/bot.html)" path_info = "/admin/" expected = '{ip_address: "127.0.0.1", path_info: "/admin/"}' actual = get_client_str( username, ip_address, user_agent, path_info, self.request ) self.assertEqual(expected, actual) @override_settings(AXES_ONLY_USER_FAILURES=True) @override_settings(AXES_VERBOSE=True) def test_verbose_user_only_client_details(self): username = "test@example.com" ip_address = "127.0.0.1" user_agent = "Googlebot/2.1 (+http://www.googlebot.com/bot.html)" path_info = "/admin/" expected = self.get_expected_client_str( username, ip_address, user_agent, path_info, self.request ) actual = get_client_str( username, ip_address, user_agent, path_info, self.request ) self.assertEqual(expected, actual) @override_settings(AXES_ONLY_USER_FAILURES=True) @override_settings(AXES_VERBOSE=False) def test_non_verbose_user_only_client_details(self): username = "test@example.com" ip_address = "127.0.0.1" user_agent = "Googlebot/2.1 (+http://www.googlebot.com/bot.html)" path_info = "/admin/" expected = '{username: "test@example.com", path_info: "/admin/"}' actual = get_client_str( username, ip_address, user_agent, path_info, self.request ) self.assertEqual(expected, actual) @override_settings(AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True) @override_settings(AXES_VERBOSE=True) def test_verbose_user_ip_combo_client_details(self): username = "test@example.com" ip_address = "127.0.0.1" user_agent = "Googlebot/2.1 (+http://www.googlebot.com/bot.html)" path_info = "/admin/" expected = self.get_expected_client_str( username, ip_address, user_agent, path_info, self.request ) actual = get_client_str( username, ip_address, user_agent, path_info, self.request ) self.assertEqual(expected, actual) @override_settings(AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True) @override_settings(AXES_VERBOSE=False) def test_non_verbose_user_ip_combo_client_details(self): username = "test@example.com" ip_address = "127.0.0.1" user_agent = "Googlebot/2.1 (+http://www.googlebot.com/bot.html)" path_info = "/admin/" expected = '{username: "test@example.com", ip_address: "127.0.0.1", path_info: "/admin/"}' actual = get_client_str( username, ip_address, user_agent, path_info, self.request ) self.assertEqual(expected, actual) @override_settings(AXES_USE_USER_AGENT=True) @override_settings(AXES_VERBOSE=True) def test_verbose_user_agent_client_details(self): username = "test@example.com" ip_address = "127.0.0.1" user_agent = "Googlebot/2.1 (+http://www.googlebot.com/bot.html)" path_info = "/admin/" expected = self.get_expected_client_str( username, ip_address, user_agent, path_info, self.request ) actual = get_client_str( username, ip_address, user_agent, path_info, self.request ) self.assertEqual(expected, actual) @override_settings(AXES_USE_USER_AGENT=True) @override_settings(AXES_VERBOSE=False) def test_non_verbose_user_agent_client_details(self): username = "test@example.com" ip_address = "127.0.0.1" user_agent = "Googlebot/2.1 (+http://www.googlebot.com/bot.html)" path_info = "/admin/" expected = '{ip_address: "127.0.0.1", user_agent: "Googlebot/2.1 (+http://www.googlebot.com/bot.html)", path_info: "/admin/"}' actual = get_client_str( username, ip_address, user_agent, path_info, self.request ) self.assertEqual(expected, actual) @override_settings( AXES_CLIENT_STR_CALLABLE="tests.test_helpers.get_dummy_client_str" ) def test_get_client_str_callable(self): self.assertEqual( get_client_str( "username", "ip_address", "user_agent", "path_info", self.request ), "client string", ) @override_settings( AXES_CLIENT_STR_CALLABLE="tests.test_helpers.get_dummy_client_str_using_request" ) def test_get_client_str_callable(self): self.request.user = self.user self.assertEqual( get_client_str( "username", "ip_address", "user_agent", "path_info", self.request ), self.email, ) def get_dummy_client_str(username, ip_address, user_agent, path_info): return "client string" def get_dummy_client_str_using_request( username, ip_address, user_agent, path_info, request ): return f"{request.user.email}" class ClientParametersTestCase(AxesTestCase): @override_settings(AXES_ONLY_USER_FAILURES=True) def test_get_filter_kwargs_user(self): self.assertEqual( get_client_parameters(self.username, self.ip_address, self.user_agent), [{"username": self.username}], ) @override_settings( AXES_ONLY_USER_FAILURES=False, AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=False, AXES_USE_USER_AGENT=False, ) def test_get_filter_kwargs_ip(self): self.assertEqual( get_client_parameters(self.username, self.ip_address, self.user_agent), [{"ip_address": self.ip_address}], ) @override_settings( AXES_ONLY_USER_FAILURES=False, AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True, AXES_USE_USER_AGENT=False, ) def test_get_filter_kwargs_user_and_ip(self): self.assertEqual( get_client_parameters(self.username, self.ip_address, self.user_agent), [{"username": self.username, "ip_address": self.ip_address}], ) @override_settings( AXES_ONLY_USER_FAILURES=False, AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=False, AXES_LOCK_OUT_BY_USER_OR_IP=True, AXES_USE_USER_AGENT=False, ) def test_get_filter_kwargs_user_or_ip(self): self.assertEqual( get_client_parameters(self.username, self.ip_address, self.user_agent), [{"username": self.username}, {"ip_address": self.ip_address}], ) @override_settings( AXES_ONLY_USER_FAILURES=False, AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=False, AXES_USE_USER_AGENT=True, ) def test_get_filter_kwargs_ip_and_agent(self): self.assertEqual( get_client_parameters(self.username, self.ip_address, self.user_agent), [{"ip_address": self.ip_address}, {"user_agent": self.user_agent}], ) @override_settings( AXES_ONLY_USER_FAILURES=False, AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True, AXES_USE_USER_AGENT=True, ) def test_get_filter_kwargs_user_ip_agent(self): self.assertEqual( get_client_parameters(self.username, self.ip_address, self.user_agent), [ {"username": self.username, "ip_address": self.ip_address}, {"user_agent": self.user_agent}, ], ) class ClientCacheKeyTestCase(AxesTestCase): def test_get_cache_key(self): """ Test the cache key format. """ cache_hash_digest = md5(self.ip_address.encode()).hexdigest() cache_hash_key = f"axes-{cache_hash_digest}" # Getting cache key from request request_factory = RequestFactory() request = request_factory.post( "/admin/login/", data={"username": self.username, "password": "test"} ) self.assertEqual([cache_hash_key], get_client_cache_key(request)) # Getting cache key from AccessAttempt Object attempt = AccessAttempt( user_agent="", ip_address=self.ip_address, username=self.username, get_data="", post_data="", http_accept=request.META.get("HTTP_ACCEPT", ""), path_info=request.META.get("PATH_INFO", ""), failures_since_start=0, ) self.assertEqual([cache_hash_key], get_client_cache_key(attempt)) def test_get_cache_key_empty_ip_address(self): """ Simulate an empty IP address in the request. """ empty_ip_address = "" cache_hash_digest = md5(empty_ip_address.encode()).hexdigest() cache_hash_key = f"axes-{cache_hash_digest}" # Getting cache key from request request_factory = RequestFactory() request = request_factory.post( "/admin/login/", data={"username": self.username, "password": "test"}, REMOTE_ADDR=empty_ip_address, ) self.assertEqual([cache_hash_key], get_client_cache_key(request)) # Getting cache key from AccessAttempt Object attempt = AccessAttempt( user_agent="", ip_address=empty_ip_address, username=self.username, get_data="", post_data="", http_accept=request.META.get("HTTP_ACCEPT", ""), path_info=request.META.get("PATH_INFO", ""), failures_since_start=0, ) self.assertEqual([cache_hash_key], get_client_cache_key(attempt)) def test_get_cache_key_credentials(self): """ Test the cache key format. """ ip_address = self.ip_address cache_hash_digest = md5(ip_address.encode()).hexdigest() cache_hash_key = f"axes-{cache_hash_digest}" # Getting cache key from request request_factory = RequestFactory() request = request_factory.post( "/admin/login/", data={"username": self.username, "password": "test"} ) # Difference between the upper test: new call signature with credentials credentials = {"username": self.username} self.assertEqual([cache_hash_key], get_client_cache_key(request, credentials)) # Getting cache key from AccessAttempt Object attempt = AccessAttempt( user_agent="", ip_address=ip_address, username=self.username, get_data="", post_data="", http_accept=request.META.get("HTTP_ACCEPT", ""), path_info=request.META.get("PATH_INFO", ""), failures_since_start=0, ) self.assertEqual([cache_hash_key], get_client_cache_key(attempt)) class UsernameTestCase(AxesTestCase): @override_settings(AXES_USERNAME_FORM_FIELD="username") def test_default_get_client_username(self): expected = "test-username" request = HttpRequest() request.POST["username"] = expected actual = get_client_username(request) self.assertEqual(expected, actual) def test_default_get_client_username_drf(self): class DRFRequest: def __init__(self): self.data = {} self.POST = {} expected = "test-username" request = DRFRequest() request.data["username"] = expected actual = get_client_username(request) self.assertEqual(expected, actual) @override_settings(AXES_USERNAME_FORM_FIELD="username") def test_default_get_client_username_credentials(self): expected = "test-username" expected_in_credentials = "test-credentials-username" request = HttpRequest() request.POST["username"] = expected credentials = {"username": expected_in_credentials} actual = get_client_username(request, credentials) self.assertEqual(expected_in_credentials, actual) def sample_customize_username(request, credentials): return "prefixed-" + request.POST.get("username") @override_settings(AXES_USERNAME_FORM_FIELD="username") @override_settings(AXES_USERNAME_CALLABLE=sample_customize_username) def test_custom_get_client_username_from_request(self): provided = "test-username" expected = "prefixed-" + provided provided_in_credentials = "test-credentials-username" request = HttpRequest() request.POST["username"] = provided credentials = {"username": provided_in_credentials} actual = get_client_username(request, credentials) self.assertEqual(expected, actual) def sample_customize_username_credentials(request, credentials): return "prefixed-" + credentials.get("username") @override_settings(AXES_USERNAME_FORM_FIELD="username") @override_settings(AXES_USERNAME_CALLABLE=sample_customize_username_credentials) def test_custom_get_client_username_from_credentials(self): provided = "test-username" provided_in_credentials = "test-credentials-username" expected_in_credentials = "prefixed-" + provided_in_credentials request = HttpRequest() request.POST["username"] = provided credentials = {"username": provided_in_credentials} actual = get_client_username(request, credentials) self.assertEqual(expected_in_credentials, actual) @override_settings( AXES_USERNAME_CALLABLE=lambda request, credentials: "example" ) # pragma: no cover def test_get_client_username(self): self.assertEqual(get_client_username(HttpRequest(), {}), "example") @override_settings(AXES_USERNAME_CALLABLE=lambda request: None) # pragma: no cover def test_get_client_username_invalid_callable_too_few_arguments(self): with self.assertRaises(TypeError): get_client_username(HttpRequest(), {}) @override_settings( AXES_USERNAME_CALLABLE=lambda request, credentials, extra: None ) # pragma: no cover def test_get_client_username_invalid_callable_too_many_arguments(self): with self.assertRaises(TypeError): get_client_username(HttpRequest(), {}) @override_settings(AXES_USERNAME_CALLABLE=True) def test_get_client_username_not_callable(self): with self.assertRaises(TypeError): get_client_username(HttpRequest(), {}) @override_settings(AXES_USERNAME_CALLABLE="tests.test_helpers.get_username") def test_get_client_username_str(self): self.assertEqual(get_client_username(HttpRequest(), {}), "username") def get_username(request, credentials: dict) -> str: return "username" class IPWhitelistTestCase(AxesTestCase): def setUp(self): self.request = HttpRequest() self.request.method = "POST" self.request.META["REMOTE_ADDR"] = "127.0.0.1" self.request.axes_ip_address = "127.0.0.1" @override_settings(AXES_IP_WHITELIST=None) def test_ip_in_whitelist_none(self): self.assertFalse(is_ip_address_in_whitelist("127.0.0.2")) @override_settings(AXES_IP_WHITELIST=["127.0.0.1"]) def test_ip_in_whitelist(self): self.assertTrue(is_ip_address_in_whitelist("127.0.0.1")) self.assertFalse(is_ip_address_in_whitelist("127.0.0.2")) @override_settings(AXES_IP_BLACKLIST=None) def test_ip_in_blacklist_none(self): self.assertFalse(is_ip_address_in_blacklist("127.0.0.2")) @override_settings(AXES_IP_BLACKLIST=["127.0.0.1"]) def test_ip_in_blacklist(self): self.assertTrue(is_ip_address_in_blacklist("127.0.0.1")) self.assertFalse(is_ip_address_in_blacklist("127.0.0.2")) @override_settings(AXES_IP_BLACKLIST=["127.0.0.1"]) def test_is_client_ip_address_blacklisted_ip_in_blacklist(self): self.assertTrue(is_client_ip_address_blacklisted(self.request)) @override_settings(AXES_IP_BLACKLIST=["127.0.0.2"]) def test_is_is_client_ip_address_blacklisted_ip_not_in_blacklist(self): self.assertFalse(is_client_ip_address_blacklisted(self.request)) @override_settings(AXES_NEVER_LOCKOUT_WHITELIST=True) @override_settings(AXES_IP_WHITELIST=["127.0.0.1"]) def test_is_client_ip_address_blacklisted_ip_in_whitelist(self): self.assertFalse(is_client_ip_address_blacklisted(self.request)) @override_settings(AXES_ONLY_WHITELIST=True) @override_settings(AXES_IP_WHITELIST=["127.0.0.2"]) def test_is_already_locked_ip_not_in_whitelist(self): self.assertTrue(is_client_ip_address_blacklisted(self.request)) @override_settings(AXES_NEVER_LOCKOUT_WHITELIST=True) @override_settings(AXES_IP_WHITELIST=["127.0.0.1"]) def test_is_client_ip_address_whitelisted_never_lockout(self): self.assertTrue(is_client_ip_address_whitelisted(self.request)) @override_settings(AXES_ONLY_WHITELIST=True) @override_settings(AXES_IP_WHITELIST=["127.0.0.1"]) def test_is_client_ip_address_whitelisted_only_allow(self): self.assertTrue(is_client_ip_address_whitelisted(self.request)) @override_settings(AXES_ONLY_WHITELIST=True) @override_settings(AXES_IP_WHITELIST=["127.0.0.2"]) def test_is_client_ip_address_whitelisted_not(self): self.assertFalse(is_client_ip_address_whitelisted(self.request)) class MethodWhitelistTestCase(AxesTestCase): def setUp(self): self.request = HttpRequest() self.request.method = "GET" @override_settings(AXES_NEVER_LOCKOUT_GET=True) def test_is_client_method_whitelisted(self): self.assertTrue(is_client_method_whitelisted(self.request)) @override_settings(AXES_NEVER_LOCKOUT_GET=False) def test_is_client_method_whitelisted_not(self): self.assertFalse(is_client_method_whitelisted(self.request)) class LockoutResponseTestCase(AxesTestCase): def setUp(self): self.request = HttpRequest() @override_settings(AXES_COOLOFF_TIME=42) def test_get_lockout_response_cool_off(self): get_lockout_response(request=self.request) @override_settings(AXES_LOCKOUT_TEMPLATE="example.html") @patch("axes.helpers.render") def test_get_lockout_response_lockout_template(self, render): self.assertFalse(render.called) get_lockout_response(request=self.request) self.assertTrue(render.called) @override_settings(AXES_LOCKOUT_URL="https://example.com") def test_get_lockout_response_lockout_url(self): response = get_lockout_response(request=self.request) self.assertEqual(type(response), HttpResponseRedirect) def test_get_lockout_response_lockout_json(self): self.request.META["HTTP_X_REQUESTED_WITH"] = "XMLHttpRequest" response = get_lockout_response(request=self.request) self.assertEqual(type(response), JsonResponse) def test_get_lockout_response_lockout_response(self): response = get_lockout_response(request=self.request) self.assertEqual(type(response), HttpResponse) def mock_get_cool_off_str(): return timedelta(seconds=30) class AxesCoolOffTestCase(AxesTestCase): @override_settings(AXES_COOLOFF_TIME=None) def test_get_cool_off_none(self): self.assertIsNone(get_cool_off()) @override_settings(AXES_COOLOFF_TIME=2) def test_get_cool_off_int(self): self.assertEqual(get_cool_off(), timedelta(hours=2)) @override_settings(AXES_COOLOFF_TIME=lambda: timedelta(seconds=30)) def test_get_cool_off_callable(self): self.assertEqual(get_cool_off(), timedelta(seconds=30)) @override_settings(AXES_COOLOFF_TIME="tests.test_helpers.mock_get_cool_off_str") def test_get_cool_off_path(self): self.assertEqual(get_cool_off(), timedelta(seconds=30)) def mock_is_whitelisted(request, credentials): return True class AxesWhitelistTestCase(AxesTestCase): def setUp(self): self.user_model = get_user_model() self.user = self.user_model.objects.create(username="jane.doe") self.request = HttpRequest() self.credentials = dict() def test_is_whitelisted(self): self.assertFalse(is_user_attempt_whitelisted(self.request, self.credentials)) @override_settings(AXES_WHITELIST_CALLABLE=mock_is_whitelisted) def test_is_whitelisted_override_callable(self): self.assertTrue(is_user_attempt_whitelisted(self.request, self.credentials)) @override_settings(AXES_WHITELIST_CALLABLE="tests.test_helpers.mock_is_whitelisted") def test_is_whitelisted_override_path(self): self.assertTrue(is_user_attempt_whitelisted(self.request, self.credentials)) @override_settings(AXES_WHITELIST_CALLABLE=42) def test_is_whitelisted_override_invalid(self): with self.assertRaises(TypeError): is_user_attempt_whitelisted(self.request, self.credentials) def mock_get_lockout_response(request, credentials): return HttpResponse(status=400) class AxesLockoutTestCase(AxesTestCase): def setUp(self): self.request = HttpRequest() self.credentials = dict() def test_get_lockout_response(self): response = get_lockout_response(self.request, self.credentials) self.assertEqual(403, response.status_code) @override_settings(AXES_HTTP_RESPONSE_CODE=429) def test_get_lockout_response_with_custom_http_response_code(self): response = get_lockout_response(self.request, self.credentials) self.assertEqual(429, response.status_code) @override_settings(AXES_LOCKOUT_CALLABLE=mock_get_lockout_response) def test_get_lockout_response_override_callable(self): response = get_lockout_response(self.request, self.credentials) self.assertEqual(400, response.status_code) @override_settings( AXES_LOCKOUT_CALLABLE="tests.test_helpers.mock_get_lockout_response" ) def test_get_lockout_response_override_path(self): response = get_lockout_response(self.request, self.credentials) self.assertEqual(400, response.status_code) @override_settings(AXES_LOCKOUT_CALLABLE=42) def test_get_lockout_response_override_invalid(self): with self.assertRaises(TypeError): get_lockout_response(self.request, self.credentials) class AxesCleanseParamsTestCase(AxesTestCase): def setUp(self): self.parameters = { "username": "test_user", "password": "test_password", "other_sensitive_data": "sensitive", } def test_cleanse_parameters(self): cleansed = cleanse_parameters(self.parameters) self.assertEqual("test_user", cleansed["username"]) self.assertEqual("********************", cleansed["password"]) self.assertEqual("sensitive", cleansed["other_sensitive_data"]) @override_settings(AXES_SENSITIVE_PARAMETERS=["other_sensitive_data"]) def test_cleanse_parameters_override_sensitive(self): cleansed = cleanse_parameters(self.parameters) self.assertEqual("test_user", cleansed["username"]) self.assertEqual("********************", cleansed["password"]) self.assertEqual("********************", cleansed["other_sensitive_data"]) @override_settings(AXES_SENSITIVE_PARAMETERS=["other_sensitive_data"]) @override_settings(AXES_PASSWORD_FORM_FIELD="username") def test_cleanse_parameters_override_both(self): cleansed = cleanse_parameters(self.parameters) self.assertEqual("********************", cleansed["username"]) self.assertEqual("********************", cleansed["password"]) self.assertEqual("********************", cleansed["other_sensitive_data"]) @override_settings(AXES_PASSWORD_FORM_FIELD=None) def test_cleanse_parameters_override_empty(self): cleansed = cleanse_parameters(self.parameters) self.assertEqual("test_user", cleansed["username"]) self.assertEqual("********************", cleansed["password"]) self.assertEqual("sensitive", cleansed["other_sensitive_data"]) django-axes-5.24.0/tests/test_logging.py000066400000000000000000000104231411641636100202060ustar00rootroot00000000000000from unittest.mock import patch from django.test import override_settings from django.urls import reverse from axes.apps import AppConfig from axes.models import AccessAttempt, AccessLog from tests.base import AxesTestCase @patch("axes.apps.AppConfig.initialized", False) @patch("axes.apps.log") class AppsTestCase(AxesTestCase): def test_axes_config_log_re_entrant(self, log): """ Test that initialize call count does not increase on repeat calls. """ AppConfig.initialize() calls = log.info.call_count AppConfig.initialize() self.assertTrue( calls == log.info.call_count and calls > 0, "AxesConfig.initialize needs to be re-entrant", ) @override_settings(AXES_VERBOSE=False) def test_axes_config_log_not_verbose(self, log): AppConfig.initialize() self.assertFalse(log.info.called) @override_settings(AXES_ONLY_USER_FAILURES=True) def test_axes_config_log_user_only(self, log): AppConfig.initialize() log.info.assert_called_with("AXES: blocking by username only.") @override_settings(AXES_ONLY_USER_FAILURES=False) def test_axes_config_log_ip_only(self, log): AppConfig.initialize() log.info.assert_called_with("AXES: blocking by IP only.") @override_settings(AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True) def test_axes_config_log_user_ip(self, log): AppConfig.initialize() log.info.assert_called_with("AXES: blocking by combination of username and IP.") @override_settings(AXES_LOCK_OUT_BY_USER_OR_IP=True) def test_axes_config_log_user_or_ip(self, log): AppConfig.initialize() log.info.assert_called_with("AXES: blocking by username or IP.") class AccessLogTestCase(AxesTestCase): def test_access_log_on_logout(self): """ Test a valid logout and make sure the logout_time is updated. """ self.login(is_valid_username=True, is_valid_password=True) self.assertIsNone(AccessLog.objects.latest("id").logout_time) response = self.client.get(reverse("admin:logout")) self.assertContains(response, "Logged out") self.assertIsNotNone(AccessLog.objects.latest("id").logout_time) def test_log_data_truncated(self): """ Test that get_query_str properly truncates data to the max_length (default 1024). """ # An impossibly large post dict extra_data = {"a" * x: x for x in range(1024)} self.login(**extra_data) self.assertEqual(len(AccessAttempt.objects.latest("id").post_data), 1024) @override_settings(AXES_DISABLE_ACCESS_LOG=True) def test_valid_logout_without_success_log(self): AccessLog.objects.all().delete() response = self.login(is_valid_username=True, is_valid_password=True) response = self.client.get(reverse("admin:logout")) self.assertEqual(AccessLog.objects.all().count(), 0) self.assertContains(response, "Logged out", html=True) @override_settings(AXES_DISABLE_ACCESS_LOG=True) def test_valid_login_without_success_log(self): """ Test that a valid login does not generate an AccessLog when DISABLE_SUCCESS_ACCESS_LOG is True. """ AccessLog.objects.all().delete() response = self.login(is_valid_username=True, is_valid_password=True) self.assertEqual(response.status_code, 302) self.assertEqual(AccessLog.objects.all().count(), 0) @override_settings(AXES_DISABLE_ACCESS_LOG=True) def test_valid_logout_without_log(self): AccessLog.objects.all().delete() response = self.login(is_valid_username=True, is_valid_password=True) response = self.client.get(reverse("admin:logout")) self.assertEqual(AccessLog.objects.count(), 0) self.assertContains(response, "Logged out", html=True) @override_settings(AXES_DISABLE_ACCESS_LOG=True) def test_non_valid_login_without_log(self): """ Test that a non-valid login does generate an AccessLog when DISABLE_ACCESS_LOG is True. """ AccessLog.objects.all().delete() response = self.login(is_valid_username=True, is_valid_password=False) self.assertEqual(response.status_code, 200) self.assertEqual(AccessLog.objects.all().count(), 0) django-axes-5.24.0/tests/test_login.py000066400000000000000000000654541411641636100177060ustar00rootroot00000000000000""" Integration tests for the login handling. TODO: Clean up the tests in this module. """ from importlib import import_module from django.contrib.auth import get_user_model, login, logout from django.http import HttpRequest from django.test import override_settings, TestCase from django.urls import reverse from axes.conf import settings from axes.helpers import get_cache, make_cache_key_list from axes.models import AccessAttempt from tests.base import AxesTestCase class DjangoLoginTestCase(TestCase): def setUp(self): engine = import_module(settings.SESSION_ENGINE) self.request = HttpRequest() self.request.session = engine.SessionStore() self.username = "john.doe" self.password = "hunter2" self.user = get_user_model().objects.create(username=self.username) self.user.set_password(self.password) self.user.save() self.user.backend = "django.contrib.auth.backends.ModelBackend" class DjangoContribAuthLoginTestCase(DjangoLoginTestCase): def test_login(self): login(self.request, self.user) def test_logout(self): login(self.request, self.user) logout(self.request) @override_settings(AXES_ENABLED=False) class DjangoTestClientLoginTestCase(DjangoLoginTestCase): def test_client_login(self): self.client.login(username=self.username, password=self.password) def test_client_logout(self): self.client.login(username=self.username, password=self.password) self.client.logout() def test_client_force_login(self): self.client.force_login(self.user) class DatabaseLoginTestCase(AxesTestCase): """ Test for lockouts under different configurations and circumstances to prevent false positives and false negatives. Always block attempted logins for the same user from the same IP. Always allow attempted logins for a different user from a different IP. """ IP_1 = "10.1.1.1" IP_2 = "10.2.2.2" IP_3 = "10.2.2.3" USER_1 = "valid-user-1" USER_2 = "valid-user-2" USER_3 = "valid-user-3" EMAIL_1 = "valid-email-1@example.com" EMAIL_2 = "valid-email-2@example.com" VALID_USERNAME = USER_1 VALID_EMAIL = EMAIL_1 VALID_PASSWORD = "valid-password" VALID_IP_ADDRESS = IP_1 WRONG_PASSWORD = "wrong-password" LOCKED_MESSAGE = "Account locked: too many login attempts." LOGIN_FORM_KEY = '' ATTEMPT_NOT_BLOCKED = 200 ALLOWED = 302 BLOCKED = 403 def _login(self, username, password, ip_addr="127.0.0.1", **kwargs): """ Login a user and get the response. IP address can be configured to test IP blocking functionality. """ post_data = {"username": username, "password": password} post_data.update(kwargs) return self.client.post( reverse("admin:login"), post_data, REMOTE_ADDR=ip_addr, HTTP_USER_AGENT="test-browser", ) def _lockout_user_from_ip(self, username, ip_addr): for _ in range(settings.AXES_FAILURE_LIMIT): response = self._login( username=username, password=self.WRONG_PASSWORD, ip_addr=ip_addr ) return response def _lockout_user1_from_ip1(self): return self._lockout_user_from_ip(username=self.USER_1, ip_addr=self.IP_1) def setUp(self): """ Create two valid users for authentication. """ super().setUp() self.user2 = get_user_model().objects.create_superuser( username=self.USER_2, email=self.EMAIL_2, password=self.VALID_PASSWORD, is_staff=True, is_superuser=True, ) def test_login(self): """ Test a valid login for a real username. """ response = self._login(self.username, self.password) self.assertNotContains( response, self.LOGIN_FORM_KEY, status_code=self.ALLOWED, html=True ) def test_lockout_limit_once(self): """ Test the login lock trying to login one more time than failure limit. """ response = self.lockout() self.assertContains(response, self.LOCKED_MESSAGE, status_code=self.BLOCKED) def test_lockout_limit_many(self): """ Test the login lock trying to login a lot of times more than failure limit. """ self.lockout() for _ in range(settings.AXES_FAILURE_LIMIT): response = self.login() self.assertContains(response, self.LOCKED_MESSAGE, status_code=self.BLOCKED) def attempt_count(self): return AccessAttempt.objects.count() @override_settings(AXES_RESET_ON_SUCCESS=False) def test_reset_on_success_false(self): self.almost_lockout() self.login(is_valid_username=True, is_valid_password=True) response = self.login() self.assertContains(response, self.LOCKED_MESSAGE, status_code=self.BLOCKED) self.assertTrue(self.attempt_count()) @override_settings(AXES_RESET_ON_SUCCESS=True) def test_reset_on_success_true(self): self.almost_lockout() self.assertTrue(self.attempt_count()) self.login(is_valid_username=True, is_valid_password=True) self.assertFalse(self.attempt_count()) response = self.lockout() self.assertContains(response, self.LOCKED_MESSAGE, status_code=self.BLOCKED) self.assertTrue(self.attempt_count()) @override_settings(AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True) def test_lockout_by_combination_user_and_ip(self): """ Test login failure when AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP is True. """ # test until one try before the limit for _ in range(1, settings.AXES_FAILURE_LIMIT): response = self.login(is_valid_username=True, is_valid_password=False) # Check if we are in the same login page self.assertContains(response, self.LOGIN_FORM_KEY, html=True) # So, we shouldn't have gotten a lock-out yet. # But we should get one now response = self.login(is_valid_username=True, is_valid_password=False) self.assertContains(response, self.LOCKED_MESSAGE, status_code=403) @override_settings(AXES_ONLY_USER_FAILURES=True) def test_lockout_by_only_user_failures(self): """ Test login failure when AXES_ONLY_USER_FAILURES is True. """ # test until one try before the limit for _ in range(1, settings.AXES_FAILURE_LIMIT): response = self._login(self.username, self.WRONG_PASSWORD) # Check if we are in the same login page self.assertContains(response, self.LOGIN_FORM_KEY, html=True) # So, we shouldn't have gotten a lock-out yet. # But we should get one now response = self._login(self.username, self.WRONG_PASSWORD) self.assertContains(response, self.LOCKED_MESSAGE, status_code=self.BLOCKED) # reset the username only and make sure we can log in now even though our IP has failed each time self.reset(username=self.username) response = self._login(self.username, self.password) # Check if we are still in the login page self.assertNotContains( response, self.LOGIN_FORM_KEY, status_code=self.ALLOWED, html=True ) # now create failure_limit + 1 failed logins and then we should still # be able to login with valid_username for _ in range(settings.AXES_FAILURE_LIMIT): response = self._login(self.username, self.password) # Check if we can still log in with valid user response = self._login(self.username, self.password) self.assertNotContains( response, self.LOGIN_FORM_KEY, status_code=self.ALLOWED, html=True ) # Test for true and false positives when blocking by IP *OR* user (default) # Cache disabled. Default settings. def test_lockout_by_ip_blocks_when_same_user_same_ip_without_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 1 is still blocked from IP 1. response = self._login(self.USER_1, self.VALID_PASSWORD, ip_addr=self.IP_1) self.assertEqual(response.status_code, self.BLOCKED) def test_lockout_by_ip_allows_when_same_user_diff_ip_without_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 1 can still login from IP 2. response = self._login(self.USER_1, self.VALID_PASSWORD, ip_addr=self.IP_2) self.assertEqual(response.status_code, self.ALLOWED) def test_lockout_by_ip_blocks_when_diff_user_same_ip_without_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 2 is also locked out from IP 1. response = self._login(self.USER_2, self.VALID_PASSWORD, ip_addr=self.IP_1) self.assertEqual(response.status_code, self.BLOCKED) def test_lockout_by_ip_allows_when_diff_user_diff_ip_without_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 2 can still login from IP 2. response = self._login(self.USER_2, self.VALID_PASSWORD, ip_addr=self.IP_2) self.assertEqual(response.status_code, self.ALLOWED) # Test for true and false positives when blocking by user only. # Cache disabled. When AXES_ONLY_USER_FAILURES = True @override_settings(AXES_ONLY_USER_FAILURES=True) def test_lockout_by_user_blocks_when_same_user_same_ip_without_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 1 is still blocked from IP 1. response = self._login(self.USER_1, self.VALID_PASSWORD, ip_addr=self.IP_1) self.assertEqual(response.status_code, self.BLOCKED) @override_settings(AXES_ONLY_USER_FAILURES=True) def test_lockout_by_user_blocks_when_same_user_diff_ip_without_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 1 is also locked out from IP 2. response = self._login(self.USER_1, self.VALID_PASSWORD, ip_addr=self.IP_2) self.assertEqual(response.status_code, self.BLOCKED) @override_settings(AXES_ONLY_USER_FAILURES=True) def test_lockout_by_user_allows_when_diff_user_same_ip_without_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 2 can still login from IP 1. response = self._login(self.USER_2, self.VALID_PASSWORD, ip_addr=self.IP_1) self.assertEqual(response.status_code, self.ALLOWED) @override_settings(AXES_ONLY_USER_FAILURES=True) def test_lockout_by_user_allows_when_diff_user_diff_ip_without_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 2 can still login from IP 2. response = self._login(self.USER_2, self.VALID_PASSWORD, ip_addr=self.IP_2) self.assertEqual(response.status_code, self.ALLOWED) @override_settings(AXES_ONLY_USER_FAILURES=True) def test_lockout_by_user_with_empty_username_allows_other_users_without_cache(self): # User with empty username is locked out from IP 1. self._lockout_user_from_ip(username="", ip_addr=self.IP_1) # Still possible to access the login page response = self.client.get(reverse("admin:login"), REMOTE_ADDR=self.IP_1) self.assertContains(response, self.LOGIN_FORM_KEY, status_code=200, html=True) # Test for true and false positives when blocking by user and IP together. # Cache disabled. When LOCK_OUT_BY_COMBINATION_USER_AND_IP = True @override_settings(AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True) def test_lockout_by_user_and_ip_blocks_when_same_user_same_ip_without_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 1 is still blocked from IP 1. response = self._login(self.USER_1, self.VALID_PASSWORD, ip_addr=self.IP_1) self.assertEqual(response.status_code, self.BLOCKED) @override_settings(AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True) def test_lockout_by_user_and_ip_allows_when_same_user_diff_ip_without_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 1 can still login from IP 2. response = self._login(self.USER_1, self.VALID_PASSWORD, ip_addr=self.IP_2) self.assertEqual(response.status_code, self.ALLOWED) @override_settings(AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True) def test_lockout_by_user_and_ip_allows_when_diff_user_same_ip_without_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 2 can still login from IP 1. response = self._login(self.USER_2, self.VALID_PASSWORD, ip_addr=self.IP_1) self.assertEqual(response.status_code, self.ALLOWED) @override_settings(AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True) def test_lockout_by_user_and_ip_allows_when_diff_user_diff_ip_without_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 2 can still login from IP 2. response = self._login(self.USER_2, self.VALID_PASSWORD, ip_addr=self.IP_2) self.assertEqual(response.status_code, self.ALLOWED) @override_settings(AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True) def test_lockout_by_user_and_ip_with_empty_username_allows_other_users_without_cache( self, ): # User with empty username is locked out from IP 1. self._lockout_user_from_ip(username="", ip_addr=self.IP_1) # Still possible to access the login page response = self.client.get(reverse("admin:login"), REMOTE_ADDR=self.IP_1) self.assertContains(response, self.LOGIN_FORM_KEY, status_code=200, html=True) # Test for true and false positives when blocking by IP *OR* user (default) # With cache enabled. Default criteria. def test_lockout_by_ip_blocks_when_same_user_same_ip_using_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 1 is still blocked from IP 1. response = self._login(self.USER_1, self.VALID_PASSWORD, ip_addr=self.IP_1) self.assertEqual(response.status_code, self.BLOCKED) def test_lockout_by_ip_allows_when_same_user_diff_ip_using_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 1 can still login from IP 2. response = self._login(self.USER_1, self.VALID_PASSWORD, ip_addr=self.IP_2) self.assertEqual(response.status_code, self.ALLOWED) def test_lockout_by_ip_blocks_when_diff_user_same_ip_using_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 2 is also locked out from IP 1. response = self._login(self.USER_2, self.VALID_PASSWORD, ip_addr=self.IP_1) self.assertEqual(response.status_code, self.BLOCKED) def test_lockout_by_ip_allows_when_diff_user_diff_ip_using_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 2 can still login from IP 2. response = self._login(self.USER_2, self.VALID_PASSWORD, ip_addr=self.IP_2) self.assertEqual(response.status_code, self.ALLOWED) @override_settings(AXES_ONLY_USER_FAILURES=True) def test_lockout_by_user_with_empty_username_allows_other_users_using_cache(self): # User with empty username is locked out from IP 1. self._lockout_user_from_ip(username="", ip_addr=self.IP_1) # Still possible to access the login page response = self.client.get(reverse("admin:login"), REMOTE_ADDR=self.IP_1) self.assertContains(response, self.LOGIN_FORM_KEY, status_code=200, html=True) # Test for true and false positives when blocking by user only. # With cache enabled. When AXES_ONLY_USER_FAILURES = True @override_settings(AXES_ONLY_USER_FAILURES=True) def test_lockout_by_user_blocks_when_same_user_same_ip_using_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 1 is still blocked from IP 1. response = self._login(self.USER_1, self.VALID_PASSWORD, ip_addr=self.IP_1) self.assertEqual(response.status_code, self.BLOCKED) @override_settings(AXES_ONLY_USER_FAILURES=True) def test_lockout_by_user_blocks_when_same_user_diff_ip_using_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 1 is also locked out from IP 2. response = self._login(self.USER_1, self.VALID_PASSWORD, ip_addr=self.IP_2) self.assertEqual(response.status_code, self.BLOCKED) @override_settings(AXES_ONLY_USER_FAILURES=True) def test_lockout_by_user_allows_when_diff_user_same_ip_using_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 2 can still login from IP 1. response = self._login(self.USER_2, self.VALID_PASSWORD, ip_addr=self.IP_1) self.assertEqual(response.status_code, self.ALLOWED) @override_settings(AXES_ONLY_USER_FAILURES=True) def test_lockout_by_user_allows_when_diff_user_diff_ip_using_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 2 can still login from IP 2. response = self._login(self.USER_2, self.VALID_PASSWORD, ip_addr=self.IP_2) self.assertEqual(response.status_code, self.ALLOWED) # Test for true and false positives when blocking by user and IP together. # With cache enabled. When LOCK_OUT_BY_COMBINATION_USER_AND_IP = True @override_settings(AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True) def test_lockout_by_user_and_ip_blocks_when_same_user_same_ip_using_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 1 is still blocked from IP 1. response = self._login(self.USER_1, self.VALID_PASSWORD, ip_addr=self.IP_1) self.assertEqual(response.status_code, self.BLOCKED) @override_settings(AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True) def test_lockout_by_user_and_ip_allows_when_same_user_diff_ip_using_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 1 can still login from IP 2. response = self._login(self.USER_1, self.VALID_PASSWORD, ip_addr=self.IP_2) self.assertEqual(response.status_code, self.ALLOWED) @override_settings(AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True) def test_lockout_by_user_and_ip_allows_when_diff_user_same_ip_using_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 2 can still login from IP 1. response = self._login(self.USER_2, self.VALID_PASSWORD, ip_addr=self.IP_1) self.assertEqual(response.status_code, self.ALLOWED) @override_settings(AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True) def test_lockout_by_user_and_ip_allows_when_diff_user_diff_ip_using_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 2 can still login from IP 2. response = self._login(self.USER_2, self.VALID_PASSWORD, ip_addr=self.IP_2) self.assertEqual(response.status_code, self.ALLOWED) @override_settings( AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True, AXES_FAILURE_LIMIT=2 ) def test_lockout_by_user_and_ip_allows_when_diff_user_same_ip_using_cache_multiple_attempts( self, ): # User 1 is locked out from IP 1. response = self._login(self.USER_1, self.WRONG_PASSWORD, self.IP_1) self.assertEqual(response.status_code, self.ATTEMPT_NOT_BLOCKED) # Second attempt from different IP response = self._login(self.USER_1, self.WRONG_PASSWORD, self.IP_2) self.assertEqual(response.status_code, self.ATTEMPT_NOT_BLOCKED) # Second attempt from same IP, different username response = self._login(self.USER_2, self.WRONG_PASSWORD, self.IP_1) self.assertEqual(response.status_code, self.ATTEMPT_NOT_BLOCKED) # User 1 is blocked from IP 1 response = self._login(self.USER_1, self.WRONG_PASSWORD, ip_addr=self.IP_1) self.assertContains(response, self.LOCKED_MESSAGE, status_code=self.BLOCKED) # User 1 is blocked from IP 2 response = self._login(self.USER_1, self.WRONG_PASSWORD, ip_addr=self.IP_2) self.assertContains(response, self.LOCKED_MESSAGE, status_code=self.BLOCKED) # User 2 can still login from IP 2, only he has 1 attempt left response = self._login(self.USER_2, self.VALID_PASSWORD, ip_addr=self.IP_2) self.assertEqual(response.status_code, self.ALLOWED) @override_settings(AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP=True) def test_lockout_by_user_and_ip_with_empty_username_allows_other_users_using_cache( self, ): # User with empty username is locked out from IP 1. self._lockout_user_from_ip(username="", ip_addr=self.IP_1) # Still possible to access the login page response = self.client.get(reverse("admin:login"), REMOTE_ADDR=self.IP_1) self.assertContains(response, self.LOGIN_FORM_KEY, status_code=200, html=True) # Test for true and false positives when blocking by user or IP together. # With cache enabled. When AXES_LOCK_OUT_BY_USER_OR_IP = True @override_settings(AXES_LOCK_OUT_BY_USER_OR_IP=True) def test_lockout_by_user_or_ip_blocks_when_same_user_same_ip_using_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 1 is still blocked from IP 1. response = self._login(self.USER_1, self.VALID_PASSWORD, ip_addr=self.IP_1) self.assertEqual(response.status_code, self.BLOCKED) @override_settings(AXES_LOCK_OUT_BY_USER_OR_IP=True) def test_lockout_by_user_or_ip_allows_when_same_user_diff_ip_using_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 1 is blocked out from IP 1 response = self._login(self.USER_1, self.VALID_PASSWORD, ip_addr=self.IP_2) self.assertEqual(response.status_code, self.BLOCKED) @override_settings(AXES_LOCK_OUT_BY_USER_OR_IP=True) def test_lockout_by_user_or_ip_allows_when_diff_user_same_ip_using_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 2 can still login from IP 1. response = self._login(self.USER_2, self.VALID_PASSWORD, ip_addr=self.IP_1) self.assertEqual(response.status_code, self.BLOCKED) @override_settings(AXES_LOCK_OUT_BY_USER_OR_IP=True, AXES_FAILURE_LIMIT=3) def test_lockout_by_user_or_ip_allows_when_diff_user_same_ip_using_cache_multiple_attempts( self, ): # User 1 is locked out from IP 1. response = self._login(self.USER_1, self.WRONG_PASSWORD, self.IP_1) self.assertEqual(response.status_code, self.ATTEMPT_NOT_BLOCKED) # Second attempt from different IP response = self._login(self.USER_1, self.WRONG_PASSWORD, self.IP_2) self.assertEqual(response.status_code, self.ATTEMPT_NOT_BLOCKED) # User 1 is blocked on all IPs, he reached 2 attempts response = self._login(self.USER_1, self.WRONG_PASSWORD, ip_addr=self.IP_2) self.assertContains(response, self.LOCKED_MESSAGE, status_code=self.BLOCKED) response = self._login(self.USER_1, self.WRONG_PASSWORD, ip_addr=self.IP_3) self.assertContains(response, self.LOCKED_MESSAGE, status_code=self.BLOCKED) # IP 1 has still one attempt left response = self._login(self.USER_2, self.WRONG_PASSWORD, self.IP_1) self.assertEqual(response.status_code, self.ATTEMPT_NOT_BLOCKED) # But now IP 1 is blocked for all attempts response = self._login(self.USER_1, self.WRONG_PASSWORD, ip_addr=self.IP_1) self.assertContains(response, self.LOCKED_MESSAGE, status_code=self.BLOCKED) response = self._login(self.USER_2, self.WRONG_PASSWORD, ip_addr=self.IP_1) self.assertContains(response, self.LOCKED_MESSAGE, status_code=self.BLOCKED) response = self._login(self.USER_3, self.WRONG_PASSWORD, ip_addr=self.IP_1) self.assertContains(response, self.LOCKED_MESSAGE, status_code=self.BLOCKED) @override_settings(AXES_LOCK_OUT_BY_USER_OR_IP=True, AXES_FAILURE_LIMIT=3) def test_lockout_by_user_or_ip_allows_when_diff_user_same_ip_using_cache_multiple_failed_attempts( self, ): """Test, if the failed attempts make also impact on the attempt count""" # User 1 is locked out from IP 1. response = self._login(self.USER_1, self.WRONG_PASSWORD, self.IP_1) self.assertEqual(response.status_code, self.ATTEMPT_NOT_BLOCKED) # Second attempt from different IP response = self._login(self.USER_1, self.WRONG_PASSWORD, self.IP_2) self.assertEqual(response.status_code, self.ATTEMPT_NOT_BLOCKED) # Second attempt from same IP, different username response = self._login(self.USER_2, self.WRONG_PASSWORD, self.IP_1) self.assertEqual(response.status_code, self.ATTEMPT_NOT_BLOCKED) # User 1 is blocked from IP 2 response = self._login(self.USER_1, self.WRONG_PASSWORD, ip_addr=self.IP_2) self.assertContains(response, self.LOCKED_MESSAGE, status_code=self.BLOCKED) # On IP 2 it is only 2. attempt, for user 2 it is also 2. attempt -> allow log in response = self._login(self.USER_2, self.VALID_PASSWORD, ip_addr=self.IP_2) self.assertEqual(response.status_code, self.ALLOWED) @override_settings(AXES_LOCK_OUT_BY_USER_OR_IP=True) def test_lockout_by_user_or_ip_allows_when_diff_user_diff_ip_using_cache(self): # User 1 is locked out from IP 1. self._lockout_user1_from_ip1() # User 2 can still login from IP 2. response = self._login(self.USER_2, self.VALID_PASSWORD, ip_addr=self.IP_2) self.assertEqual(response.status_code, self.ALLOWED) @override_settings(AXES_LOCK_OUT_BY_USER_OR_IP=True) def test_lockout_by_user_or_ip_with_empty_username_allows_other_users_using_cache( self, ): # User with empty username is locked out from IP 1. self._lockout_user_from_ip(username="", ip_addr=self.IP_1) # Still possible to access the login page response = self.client.get(reverse("admin:login"), REMOTE_ADDR=self.IP_1) self.assertContains(response, self.LOGIN_FORM_KEY, status_code=200, html=True) # Test the same logic with cache handler @override_settings(AXES_HANDLER="axes.handlers.cache.AxesCacheHandler") class CacheLoginTestCase(DatabaseLoginTestCase): def attempt_count(self): cache = get_cache() keys = cache._cache return len(keys) def reset(self, **kwargs): get_cache().delete(make_cache_key_list([kwargs])[0]) django-axes-5.24.0/tests/test_management.py000066400000000000000000000072601411641636100207010ustar00rootroot00000000000000from io import StringIO from unittest.mock import patch, Mock from django.core.management import call_command from django.utils import timezone from axes.models import AccessAttempt, AccessLog from tests.base import AxesTestCase class ResetAccessLogsManagementCommandTestCase(AxesTestCase): def setUp(self): self.msg_not_found = "No logs found.\n" self.msg_num_found = "{} logs removed.\n" days_3 = timezone.now() - timezone.timedelta(days=3) with patch("django.utils.timezone.now", Mock(return_value=days_3)): AccessLog.objects.create() days_13 = timezone.now() - timezone.timedelta(days=9) with patch("django.utils.timezone.now", Mock(return_value=days_13)): AccessLog.objects.create() days_30 = timezone.now() - timezone.timedelta(days=27) with patch("django.utils.timezone.now", Mock(return_value=days_30)): AccessLog.objects.create() def test_axes_delete_access_logs_default(self): out = StringIO() call_command("axes_reset_logs", stdout=out) self.assertEqual(self.msg_not_found, out.getvalue()) def test_axes_delete_access_logs_older_than_2_days(self): out = StringIO() call_command("axes_reset_logs", age=2, stdout=out) self.assertEqual(self.msg_num_found.format(3), out.getvalue()) def test_axes_delete_access_logs_older_than_4_days(self): out = StringIO() call_command("axes_reset_logs", age=4, stdout=out) self.assertEqual(self.msg_num_found.format(2), out.getvalue()) def test_axes_delete_access_logs_older_than_16_days(self): out = StringIO() call_command("axes_reset_logs", age=16, stdout=out) self.assertEqual(self.msg_num_found.format(1), out.getvalue()) class ManagementCommandTestCase(AxesTestCase): def setUp(self): AccessAttempt.objects.create( username="jane.doe", ip_address="10.0.0.1", failures_since_start="4" ) AccessAttempt.objects.create( username="john.doe", ip_address="10.0.0.2", failures_since_start="15" ) def test_axes_list_attempts(self): out = StringIO() call_command("axes_list_attempts", stdout=out) expected = "10.0.0.1\tjane.doe\t4\n10.0.0.2\tjohn.doe\t15\n" self.assertEqual(expected, out.getvalue()) def test_axes_reset(self): out = StringIO() call_command("axes_reset", stdout=out) expected = "2 attempts removed.\n" self.assertEqual(expected, out.getvalue()) def test_axes_reset_not_found(self): out = StringIO() call_command("axes_reset", stdout=out) out = StringIO() call_command("axes_reset", stdout=out) expected = "No attempts found.\n" self.assertEqual(expected, out.getvalue()) def test_axes_reset_ip(self): out = StringIO() call_command("axes_reset_ip", "10.0.0.1", stdout=out) expected = "1 attempts removed.\n" self.assertEqual(expected, out.getvalue()) def test_axes_reset_ip_not_found(self): out = StringIO() call_command("axes_reset_ip", "10.0.0.3", stdout=out) expected = "No attempts found.\n" self.assertEqual(expected, out.getvalue()) def test_axes_reset_username(self): out = StringIO() call_command("axes_reset_username", "john.doe", stdout=out) expected = "1 attempts removed.\n" self.assertEqual(expected, out.getvalue()) def test_axes_reset_username_not_found(self): out = StringIO() call_command("axes_reset_username", "ivan.renko", stdout=out) expected = "No attempts found.\n" self.assertEqual(expected, out.getvalue()) django-axes-5.24.0/tests/test_middleware.py000066400000000000000000000023011411641636100206710ustar00rootroot00000000000000from django.http import HttpResponse, HttpRequest from django.test import override_settings from axes.middleware import AxesMiddleware from tests.base import AxesTestCase class MiddlewareTestCase(AxesTestCase): STATUS_SUCCESS = 200 STATUS_LOCKOUT = 403 def setUp(self): self.request = HttpRequest() def test_success_response(self): def get_response(request): request.axes_locked_out = False return HttpResponse() response = AxesMiddleware(get_response)(self.request) self.assertEqual(response.status_code, self.STATUS_SUCCESS) def test_lockout_response(self): def get_response(request): request.axes_locked_out = True return HttpResponse() response = AxesMiddleware(get_response)(self.request) self.assertEqual(response.status_code, self.STATUS_LOCKOUT) @override_settings(AXES_ENABLED=False) def test_respects_enabled_switch(self): def get_response(request): request.axes_locked_out = True return HttpResponse() response = AxesMiddleware(get_response)(self.request) self.assertEqual(response.status_code, self.STATUS_SUCCESS) django-axes-5.24.0/tests/test_models.py000066400000000000000000000021701411641636100200430ustar00rootroot00000000000000from django.apps.registry import apps from django.db import connection from django.db.migrations.autodetector import MigrationAutodetector from django.db.migrations.executor import MigrationExecutor from django.db.migrations.state import ProjectState from axes.models import AccessAttempt, AccessLog from tests.base import AxesTestCase class ModelsTestCase(AxesTestCase): def setUp(self): self.failures_since_start = 42 self.access_attempt = AccessAttempt( failures_since_start=self.failures_since_start ) self.access_log = AccessLog() def test_access_attempt_str(self): self.assertIn("Access", str(self.access_attempt)) def test_access_log_str(self): self.assertIn("Access", str(self.access_log)) class MigrationsTestCase(AxesTestCase): def test_missing_migrations(self): executor = MigrationExecutor(connection) autodetector = MigrationAutodetector( executor.loader.project_state(), ProjectState.from_apps(apps) ) changes = autodetector.changes(graph=executor.loader.graph) self.assertEqual({}, changes) django-axes-5.24.0/tests/test_signals.py000066400000000000000000000007511411641636100202230ustar00rootroot00000000000000from unittest.mock import MagicMock from axes.signals import user_locked_out from tests.base import AxesTestCase class SignalTestCase(AxesTestCase): def test_send_lockout_signal(self): """ Test if the lockout signal is correctly emitted when user is locked out. """ handler = MagicMock() user_locked_out.connect(handler) self.assertEqual(0, handler.call_count) self.lockout() self.assertEqual(1, handler.call_count) django-axes-5.24.0/tests/urls.py000066400000000000000000000001601411641636100165030ustar00rootroot00000000000000from django.contrib import admin from django.urls import path urlpatterns = [path("admin/", admin.site.urls)] django-axes-5.24.0/tests/urls_empty.py000066400000000000000000000000271411641636100177230ustar00rootroot00000000000000urlpatterns: list = []