diff --git a/doorkeeper/.coveralls.yml b/doorkeeper/.coveralls.yml
new file mode 100644
index 0000000000..91600595a1
--- /dev/null
+++ b/doorkeeper/.coveralls.yml
@@ -0,0 +1 @@
+service_name: travis-ci
diff --git a/doorkeeper/.github/ISSUE_TEMPLATE.md b/doorkeeper/.github/ISSUE_TEMPLATE.md
new file mode 100644
index 0000000000..5e4bbdeb2f
--- /dev/null
+++ b/doorkeeper/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,25 @@
+### Steps to reproduce
+What we need to do to see your problem or bug?
+
+The more detailed the issue, the more likely that we will fix it ASAP.
+
+Don't use GitHub issues for questions like "How can I do that?" —
+use [StackOverflow](https://stackoverflow.com/questions/tagged/doorkeeper)
+instead with the corresponding tag.
+
+### Expected behavior
+Tell us what should happen
+
+### Actual behavior
+Tell us what happens instead
+
+### System configuration
+You can help us to understand your problem if you will share some very
+useful information about your project environment (don't forget to
+remove any confidential data if it exists).
+
+**Doorkeeper initializer**:
+
+**Ruby version**:
+
+**Gemfile.lock**:
diff --git a/doorkeeper/.github/PULL_REQUEST_TEMPLATE.md b/doorkeeper/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 0000000000..6b497019a7
--- /dev/null
+++ b/doorkeeper/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,17 @@
+### Summary
+
+Provide a general description of the code changes in your pull
+request... were there any bugs you had fixed? If so, mention them. If
+these bugs have open GitHub issues, be sure to tag them here as well,
+to keep the conversation linked together.
+
+### Other Information
+
+If there's anything else that's important and relevant to your pull
+request, mention that information here. This could include
+benchmarks, or other information.
+
+If you are updating NEWS.md file or are asked to update it by reviewers,
+please add the changelog entry at the top of the file.
+
+Thanks for contributing to Doorkeeper project!
diff --git a/doorkeeper/.gitignore b/doorkeeper/.gitignore
new file mode 100644
index 0000000000..32c3f83431
--- /dev/null
+++ b/doorkeeper/.gitignore
@@ -0,0 +1,19 @@
+.bundle/
+.rbx
+*.rbc
+log/*.log
+pkg/
+spec/dummy/db/*.sqlite3
+spec/dummy/log/*.log
+spec/dummy/tmp/
+spec/generators/tmp
+Gemfile.lock
+gemfiles/*.lock
+.rvmrc
+*.swp
+.idea
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+coverage
diff --git a/doorkeeper/.hound.yml b/doorkeeper/.hound.yml
new file mode 100644
index 0000000000..5d0ff60bbe
--- /dev/null
+++ b/doorkeeper/.hound.yml
@@ -0,0 +1,2 @@
+ruby:
+ config_file: .rubocop.yml
diff --git a/doorkeeper/.rspec b/doorkeeper/.rspec
new file mode 100644
index 0000000000..53607ea52b
--- /dev/null
+++ b/doorkeeper/.rspec
@@ -0,0 +1 @@
+--colour
diff --git a/doorkeeper/.rubocop.yml b/doorkeeper/.rubocop.yml
new file mode 100644
index 0000000000..e1d8271fc9
--- /dev/null
+++ b/doorkeeper/.rubocop.yml
@@ -0,0 +1,13 @@
+AllCops:
+ Exclude:
+ - "spec/dummy/db/*"
+
+LineLength:
+ Exclude:
+ - spec/**/*
+
+StringLiterals:
+ Enabled: false
+
+TrailingBlankLines:
+ Enabled: true
diff --git a/doorkeeper/.travis.yml b/doorkeeper/.travis.yml
new file mode 100644
index 0000000000..f28fb56d3f
--- /dev/null
+++ b/doorkeeper/.travis.yml
@@ -0,0 +1,38 @@
+cache: bundler
+language: ruby
+sudo: false
+
+rvm:
+ - 2.1
+ - 2.2
+ - 2.3
+ - 2.4
+ - 2.5
+
+before_install:
+ - gem update --system # Need for Ruby 2.5.0. https://github.com/travis-ci/travis-ci/issues/8978
+ - gem install bundler -v '~> 1.10'
+
+gemfile:
+ - gemfiles/rails_4_2.gemfile
+ - gemfiles/rails_5_0.gemfile
+ - gemfiles/rails_5_1.gemfile
+ - gemfiles/rails_5_2.gemfile
+ - gemfiles/rails_master.gemfile
+
+matrix:
+ exclude:
+ - gemfile: gemfiles/rails_5_0.gemfile
+ rvm: 2.1
+ - gemfile: gemfiles/rails_5_1.gemfile
+ rvm: 2.1
+ - gemfile: gemfiles/rails_5_2.gemfile
+ rvm: 2.1
+ - gemfile: gemfiles/rails_master.gemfile
+ rvm: 2.1
+ - gemfile: gemfiles/rails_master.gemfile
+ rvm: 2.2
+ - gemfile: gemfiles/rails_master.gemfile
+ rvm: 2.3
+ allow_failures:
+ - gemfile: gemfiles/rails_master.gemfile
diff --git a/doorkeeper/Appraisals b/doorkeeper/Appraisals
new file mode 100644
index 0000000000..854ba79a2c
--- /dev/null
+++ b/doorkeeper/Appraisals
@@ -0,0 +1,18 @@
+appraise "rails-4-2" do
+ gem "rails", "~> 4.2.0"
+end
+
+appraise "rails-5-0" do
+ gem "rails", "~> 5.0.0"
+ gem "rspec-rails", "~> 3.5"
+end
+
+appraise "rails-5-1" do
+ gem "rails", "~> 5.1.0"
+ gem "rspec-rails", "~> 3.5"
+end
+
+appraise "rails-master" do
+ gem "rails", git: 'https://github.com/rails/rails'
+ gem "arel", git: 'https://github.com/rails/arel'
+end
diff --git a/doorkeeper/CODE_OF_CONDUCT.md b/doorkeeper/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000000..bd6787de0f
--- /dev/null
+++ b/doorkeeper/CODE_OF_CONDUCT.md
@@ -0,0 +1,46 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team members or current maintainer email, specified in gemspec. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/
diff --git a/doorkeeper/CONTRIBUTING.md b/doorkeeper/CONTRIBUTING.md
new file mode 100644
index 0000000000..27d2c3062a
--- /dev/null
+++ b/doorkeeper/CONTRIBUTING.md
@@ -0,0 +1,47 @@
+# Contributing
+
+We love pull requests from everyone. By participating in this project, you agree
+to abide by the thoughtbot [code of conduct].
+
+[code of conduct]: https://thoughtbot.com/open-source-code-of-conduct
+
+Fork, then clone the repo:
+
+ git clone git@github.com:your-username/doorkeeper.git
+
+Set up Ruby dependencies via Bundler
+
+ bundle install
+
+Make sure the tests pass:
+
+ rake
+
+Make your change.
+Write tests.
+Follow our [style guide][style].
+Make the tests pass:
+
+[style]: https://github.com/thoughtbot/guides/tree/master/style
+
+ rake
+
+Add notes on your change to the `NEWS.md` file.
+
+Write a [good commit message][commit].
+Push to your fork.
+[Submit a pull request][pr].
+
+[commit]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
+[pr]: https://github.com/doorkeeper-gem/doorkeeper/compare/
+
+If [Hound] catches style violations,
+fix them.
+
+[hound]: https://houndci.com
+
+Wait for us.
+We try to at least comment on pull requests within one business day.
+We may suggest changes.
+
+Thank you for your contribution!
diff --git a/doorkeeper/Gemfile b/doorkeeper/Gemfile
new file mode 100644
index 0000000000..0aa8ad4426
--- /dev/null
+++ b/doorkeeper/Gemfile
@@ -0,0 +1,10 @@
+source "https://rubygems.org"
+
+gem "rails", "~> 5.1"
+
+gem "appraisal"
+
+gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
+gem "sqlite3", platform: [:ruby, :mswin, :mingw, :x64_mingw]
+gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw]
+gemspec
diff --git a/doorkeeper/MIT-LICENSE b/doorkeeper/MIT-LICENSE
new file mode 100644
index 0000000000..12cb693b5a
--- /dev/null
+++ b/doorkeeper/MIT-LICENSE
@@ -0,0 +1,20 @@
+Copyright 2011 Applicake. http://applicake.com
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/doorkeeper/NEWS.md b/doorkeeper/NEWS.md
new file mode 100644
index 0000000000..0e497d2f82
--- /dev/null
+++ b/doorkeeper/NEWS.md
@@ -0,0 +1,647 @@
+# News
+
+User-visible changes worth mentioning.
+
+## master
+
+## 4.3.2
+
+- [#1053] Support authorizing with query params in the request `redirect_uri` if explicitly present in app's `Application#redirect_uri`
+
+## 4.3.1
+
+- Remove `BaseRecord` and introduce additional concern for ordering methods to fix
+ braking changes for Doorkeeper models.
+- [#1032] Refactor BaseRequest callbacks into configurable lambdas
+- [#1040] Clear mixins from ActiveRecord DSL and save only overridable API. It
+ allows to use this mixins in Doorkeeper ORM extensions with minimum code boilerplate.
+
+## 4.3.0
+
+- [#976] Fix to invalidate the second redirect URI when the first URI is the native URI
+- [#1035] Allow `Application#redirect_uri=` to handle array of URIs.
+- [#1036] Allow to forbid Application redirect URI's with specific rules.
+- [#1029] Deprecate `order_method` and introduce `ordered_by`. Sort applications
+ by `created_at` in index action.
+- [#1033] Allow Doorkeeper configuration option #force_ssl_in_redirect_uri to be a callable object.
+- Fix Grape integration & add specs for it
+- [#913] Deferred ORM (ActiveRecord) models loading
+- [#943] Fix Access Token token generation when certain errors occur in custom token generators
+- [#1026] Implement RFC7662 - OAuth 2.0 Token Introspection
+- [#985] Generate valid migration files for Rails >= 5
+- [#972] Replace Struct subclassing with block-form initialization
+- [#1003] Use URL query param to pass through native redirect auth code so automated apps can find it.
+- [#868] `Scopes#&` and `Scopes#+` now take an array or any other enumerable
+ object.
+- [#1019] Remove translation not in use: `invalid_resource_owner`.
+- Use Ruby 2 hash style syntax (min required Ruby version = 2.1)
+- [#948] Make Scopes.<=> work with any "other" value.
+- [#974] Redirect URI is checked without query params within AuthorizationCodeRequest.
+- [#1004] More explicit help text for `native_redirect_uri`.
+- [#1023] Update Ruby versions and test against 2.5.0 on Travis CI.
+- [#1024] Migrate from FactoryGirl to FactoryBot.
+- [#1025] Improve documentation for adding foreign keys
+- [#1028] Make it possible to have composite strategy names.
+
+## 4.2.6
+
+- [#970] Escape certain attributes in authorization forms.
+
+## 4.2.5
+
+- [#936] Deprecate `Doorkeeper#configured?`, `Doorkeeper#database_installed?`, and
+ `Doorkeeper#installed?`
+- [#909] Add `InvalidTokenResponse#reason` reader method to allow read the kind
+ of invalid token error.
+- [#928] Test against more recent Ruby versions
+- Small refactorings within the codebase
+- [#921] Switch to Appraisal, and test against Rails master
+- [#892] Add minimum Ruby version requirement
+
+## 4.2.0
+
+- Security fix: Address CVE-2016-6582, implement token revocation according to
+ spec (tokens might not be revoked if client follows the spec).
+- [#873] Add hooks to Doorkeeper::ApplicationMetalController
+- [#871] Allow downstream users to better utilize doorkeeper spec factories by
+ eliminating name conflict on `:user` factory.
+
+## 4.1.0
+
+- [#845] Allow customising the `Doorkeeper::ApplicationController` base
+ controller
+
+## 4.0.0
+
+- [#834] Fix AssetNotPrecompiled error with Sprockets 4
+- [#843] Revert "Fix validation error messages"
+- [#847] Specify Null option to timestamps
+
+## 4.0.0.rc4
+
+- [#777] Add support for public client in password grant flow
+- [#823] Make configuration and specs ORM independent
+- [#745] Add created_at timestamp to token generation options
+- [#838] Drop `Application#scopes` generator and warning, introduced for
+ upgrading doorkeeper from v2 to v3.
+- [#801] Fix Rails 5 warning messages
+- Test against Rails 5 RC1
+
+## 4.0.0.rc3
+
+- [#769] Revoke refresh token on access token use. To make use of the new config
+ add `previous_refresh_token` column to `oauth_access_tokens`:
+
+ ```
+ rails generate doorkeeper:previous_refresh_token
+ ```
+- [#811] Toughen parameters filter with exact match
+- [#813] Applications admin bugfix
+- [#799] Fix Ruby Warnings
+- Drop `attr_accessible` from models
+
+### Backward incompatible changes
+
+- [#730] Force all timezones to use UTC to prevent comparison issues.
+- [#802] Remove `config.i18n.fallbacks` from engine
+
+## 4.0.0.rc2
+
+- Fix optional belongs_to for Rails 5
+- Fix Ruby warnings
+
+## 4.0.0.rc1
+
+### Backward incompatible changes
+
+- Drops support for Rails 4.1 and earlier
+- Drops support for Ruby 2.0
+- [#778] Bug fix: use the remaining time that a token is still valid when
+ building the redirect URI for the implicit grant flow
+
+### Other changes
+
+- [#771] Validation error messages fixes
+- Adds foreign key constraints in generated migrations between tokens and
+ grants, and applications
+- Support Rails 5
+
+## 3.1.0
+
+- [#736] Existing valid tokens are now reused in client_credentials flow
+- [#749] Allow user to raise authorization error with custom messages.
+ Under `resource_owner_authenticator` block a user can
+ `raise Doorkeeper::Errors::DoorkeeperError.new('custom_message')`
+- [#762] Check doesn’t abort the actual migration, so it runs
+- [#722] `doorkeeper_forbidden_render_options` now supports returning a 404 by
+ specifying `respond_not_found_when_forbidden: true` in the
+ `doorkeeper_forbidden_render_options` method.
+- [#734] Simplify and remove duplication in request strategy classes
+
+## 3.0.1
+
+- [#712] Wrap exchange of grant token for access token and access token refresh
+ in transactions
+- [#704] Allow applications scopes to be mass assigned
+- [#707] Fixed order of Mixin inclusion and table_name configuration in models
+- [#712] Wrap access token and refresh grants in transactions
+- Adds JRuby support
+- Specs, views and documentation adjustments
+
+## 3.0.0
+
+### Other changes
+
+- [#693] Updates `en.yml`.
+
+## 3.0.0 (rc2)
+
+### Backward incompatible changes
+
+- [#678] Change application-specific scopes to take precedence over server-wide
+ scopes. This removes the previous behavior where the intersection between
+ application and server scopes was used.
+
+### Other changes
+
+- [#671] Fixes `NoMethodError - undefined method 'getlocal'` when calling
+ the /oauth/token path. Switch from using a DateTime object to update
+ AR to using a Time object. (Issue #668)
+- [#677] Support editing application-specific scopes via the standard forms
+- [#682] Pass error hash to Grape `error!`
+- [#683] Generate application secret/UID if fields are blank strings
+
+## 3.0.0 (rc1)
+
+### Backward incompatible changes
+
+- [#648] Extracts mongodb ORMs to
+ https://github.com/doorkeeper-gem/doorkeeper-mongodb. If you use ActiveRecord
+ you don’t need to do any change, otherwise you will need to install the new
+ plugin.
+- [#665] `doorkeeper_unauthorized_render_options(error:)` and
+ `doorkeeper_forbidden_render_options(error:)` now accept `error` keyword
+ argument.
+
+### Removed deprecations
+
+- Removes `doorkeeper_for` deprecation notice.
+- Remove `applications.scopes` upgrade notice.
+
+
+## 2.2.2
+
+- [#541] Fixed `undefined method attr_accessible` problem on Rails 4
+ (happens only when ProtectedAttributes gem is used) in #599
+
+## 2.2.1
+
+- [#636] `custom_access_token_expires_in` bugfixes
+- [#641] syntax error fix (Issue #612)
+- [#633] Send extra details to Custom Token Generator
+- [#628] Refactor: improve orm adapters to ease extension
+- [#637] Upgrade to rspec to 3.2
+
+## 2.2.0 - 2015-04-19
+
+- [#611] Allow custom access token generators to be used
+- [#632] Properly fallback to `default_scopes` when no scope is specified
+- [#622] Clarify that there is a logical OR between scopes for authorizing
+- [#635] Upgrade to rspec 3
+- [#627] i18n fallbacks to english
+- Moved CHANGELOG to NEWS.md
+
+
+## 2.1.4 - 2015-03-27
+
+- [#595] HTTP spec: Add `scope` for refresh token scope param
+- [#596] Limit scopes in app scopes for client credentials
+- [#567] Add Grape helpers for easier integration with Grape framework
+- [#606] Add custom access token expiration support for Client Credentials flow
+
+
+## 2.1.3 - 2015-03-01
+
+- [#588] Fixes scopes_match? bug that skipped authorization form in some cases
+
+
+## 2.1.2 - 2015-02-25
+
+- [#574] Remove unused update authorization route.
+- [#576] Filter out sensitive parameters from logs.
+- [#582] The Authorization HTTP header fields are now case insensitive.
+- [#583] Database connection bugfix in certain scenarios.
+- Testing improvements
+
+
+## 2.1.1 - 2015-02-06
+
+- Remove `wildcard_redirect_url` option
+- [#481] Customize token flow OAuth expirations with a config lambda
+- [#568] TokensController: Memoize strategy.authorize_response result to enable
+ subclasses to use the response object.
+- [#571] Fix database initialization issues in some configurations.
+- Documentation improvements
+
+
+## 2.1.0 - 2015-01-13
+
+- [#540] Include `created_at` in response.
+- [#538] Check application-level scopes in client_credentials and password flow.
+- [5596227] Check application scopes in AccessToken when present. Fixes a bug in
+ doorkeeper 2.0.0 and 2.0.1 referring to application specific scopes.
+- [#534] Internationalizes doorkeeper views.
+- [#545] Ensure there is a connection to the database before checking for
+ missing columns
+- [#546] Use `Doorkeeper::` prefix when referencing `Application` to avoid
+ possible application model name conflict.
+- [#538] Test with Rails ~> 4.2.
+
+### Potentially backward incompatible changes
+
+- Enable by default `authorization_code` and `client_credentials` grant flows.
+ Disables implicit and password grant flows by default.
+- [#510, #544, 722113f] Revoked refresh token response bugfix.
+
+
+## 2.0.1 - 2014-12-17
+
+- [#525, #526, #527] Fix `ActiveRecord::NoDatabaseError` on gem load.
+
+
+## 2.0.0 - 2014-12-16
+
+### Backward incompatible changes
+
+- [#448] Removes `doorkeeper_for` helper. Now we use
+ `before_action :doorkeeper_authorize!`.
+- [#469] Allow client applications to restrict the set of allowable scopes.
+ Fixes #317. `oauth_applications` relation needs a new `scopes` string column,
+ non nullable, which defaults to an empty string. To add the column run:
+
+ ```
+ rails generate doorkeeper:application_scopes
+ ```
+
+ If you’d rather do it by hand, your ActiveRecord migration should contain:
+
+ ```ruby
+ add_column :oauth_applications, :scopes, :string, null: false, default: ‘’
+ ```
+
+### Removed deprecations
+
+- Removes `test_redirect_uri` option. It is now called `native_redirect_uri`.
+- [#446] Removes `mount Doorkeeper::Engine`. Now we use `use_doorkeeper`.
+
+### Others
+
+- [#484] Performance improvement - avoid performing order_by when not required.
+- [#450] When password is invalid in Password Credentials Grant, Doorkeeper
+ returned 'invalid_resource_owner' instead of 'invalid_grant', as the spec
+ declares. Fixes #444.
+- [#452] Allows `revoked_at` to be set in the future, for future expiry.
+ Rationale: https://github.com/doorkeeper-gem/doorkeeper/pull/452#issuecomment-51431459
+- [#480] For Implicit grant flow, access tokens can now be reused. Fixes #421.
+- [#491] Reworks of @jasl's #454 and #478. ORM refactor that allows doorkeeper
+ to be extended more easily with unsupported ORMs. It also marks the boundaries
+ between shared model code and ORM specifics inside of the gem.
+- [#496] Tests with Rails 4.2.
+- [#489] Adds `force_ssl_in_redirect_uri` to force the usage of the HTTPS
+ protocol in non-native redirect uris.
+- [#516] SECURITY: Adds `protect_from_forgery` to `Doorkeeper::ApplicationController`
+- [#518] Fix random failures in mongodb.
+
+---
+
+## 1.4.2 - 2015-03-02
+
+- [#576] Filter out sensitive parameters from logs
+
+## 1.4.1 - 2014-12-17
+
+- [#516] SECURITY: Adds `protect_from_forgery` to `Doorkeeper::ApplicationController`
+
+## 1.4.0 - 2014-07-31
+
+- internals
+ - [#427] Adds specs expectations.
+ - [#428] Error response refactor.
+ - [#417] Moves token validation into Access Token class.
+ - [#439] Removes redundant module includes.
+ - [#443] TokensController and TokenInfoController inherit from ActionController::Metal
+- bug
+ - [#418] fixes #243, requests with insufficient scope now respond 403 instead
+ of 401. (API change)
+ - [#438] fixes #398, native redirect for implicit token grant bug.
+ - [#440] namespace fixes
+- enhancements
+ - [#432] Keeps query parameters
+
+## 1.3.1 - 2014-07-06
+
+- enhancements
+ - [#405] Adds facade to more easily get the token from a request in a route
+ constraint.
+ - [#415] Extend Doorkeeper TokenResponse with an `after_successful_response`
+ callback that allows handling of `response` object.
+- internals
+ - [#409] Deprecates `test_redirect_uri` in favor of `native_redirect_uri`.
+ See discussion in: [#351].
+ - [#411] Clean rspec deprecations. General test improvements.
+ - [#412] rspec line width can go longer than 80 (hound CI config).
+- bug
+ - [#413] fixes #340, routing scope is now taken into account in redirect.
+ - [#401] and [#425] application is not required any longer for access_token.
+
+## 1.3.0 - 2014-05-23
+
+- enhancements
+ - [#387] Adds reuse_access_token configuration option.
+
+## 1.2.0 - 2014-05-02
+
+- enhancements
+ - [#376] Allow users to enable basic header authorization for access tokens.
+ - [#374] Token revocation implementation [RFC 7009]
+ - [#295] Only enable specific grant flows.
+- internals
+ - [#381] Locale source fix.
+ - [#380] Renames `errors_for` to `doorkeeper_errors_for`.
+ - [#390] Style adjustments in accordance with Ruby Style Guide form
+ Thoughtbot.
+
+## 1.1.0 - 2014-03-29
+
+- enhancements
+ - [#336] mongoid4 support.
+ - [#372] Allow users to set ActiveRecord table_name_prefix/suffix options
+- internals
+ - [#343] separate OAuth's admin and user end-point to different layouts, upgrade theme to Bootstrap 3.1.
+ - [#348] Move render_options in filter after `@error` has been set
+
+## 1.0.0 - 2014-01-13
+
+- bug (spec)
+ - [#228] token response `expires_in` value is now in seconds, relative to
+ request time
+ - [#296] client is optional for password grant type.
+ - [#319] If client credentials are present on password grant type they are validated
+ - [#326] If client credentials are present in refresh token they are validated
+ - [#326] If authenticated client does not match original client that
+ obtained a refresh token it responds `invalid_grant` instead of
+ `invalid_client`. Previous usage was invalid according to Section 5.2 of
+ the spec.
+ - [#329] access tokens' `scopes` string wa being compared against
+ `default_scopes` symbols, always unauthorizing.
+ - [#318] Include "WWW-Authenticate" header with Unauthorized responses
+- enhancements
+ - [#293] Adds ActionController::Instrumentation in TokensController
+ - [#298] Support for multiple redirect_uris added.
+ - [#313] `AccessToken.revoke_all_for` actually revokes all non-revoked
+ tokens for an application/owner instead of deleting them.
+ - [#333] Rails 4.1 support
+- internals
+ - Removes jQuery dependency [fixes #300] [PR #312 is related]
+ - [#294] Client uid and secret will be generated only if not present.
+ - [#316] Test warnings addressed.
+ - [#338] Rspec 3 syntax.
+
+---
+
+## 0.7.4 - 2013-12-01
+
+- bug
+ - Symbols instead of strings for user input.
+
+## 0.7.3 - 2013-10-04
+
+- enhancements
+ - [#204] Allow to overwrite scope in routes
+- internals
+ - Returns only present keys in Token Response (may imply a backwards
+ incompatible change). https://github.com/doorkeeper-gem/doorkeeper/issues/220
+- bug
+ - [#290] Support for Rails 4 when 'protected_attributes' gem is present.
+
+## 0.7.2 - 2013-09-11
+
+- enhancements
+ - [#272] Allow issuing multiple access_tokens for one user/application for multiple devices
+ - [#170] Increase length of allowed redirect URIs
+ - [#239] Do not try to load unavailable Request class for the current phase.
+ - [#273] Relax jquery-rails gem dependency
+
+## 0.7.1 - 2013-08-30
+
+- bug
+ - [#269] Rails 3.2 raised `ActiveModel::MassAssignmentSecurity::Error`.
+
+## 0.7.0 - 2013-08-21
+
+- enhancements
+ - [#229] Rails 4!
+- internals
+ - [#203] Changing table name to be specific in column_names_with_table
+ - [#215] README update
+ - [#227] Use Rails.config.paths["config/routes"] instead of assuming "config/routes.rb" exists
+ - [#262] Add jquery as gem dependency
+ - [#263] Add a configuration for ActiveRecord.establish_connection
+ - Deprecation and Ruby warnings (PRs merged outside of GitHub).
+
+## 0.6.7 - 2013-01-13
+
+- internals
+ - [#188] Add IDs to the show views for integration testing [@egtann](https://github.com/egtann)
+
+## 0.6.6 - 2013-01-04
+
+- enhancements
+ - [#187] Raise error if configuration is not set
+
+## 0.6.5 - 2012-12-26
+
+- enhancements
+ - [#184] Vendor the Bootstrap CSS [@tylerhunt](https://github.com/tylerhunt)
+
+## 0.6.4 - 2012-12-15
+
+- bug
+ - [#180] Add localization to authorized_applications destroy notice [@aalvarado](https://github.com/aalvarado)
+
+## 0.6.3 - 2012-12-07
+
+- bugfixes
+ - [#163] Error response content-type header should be application/json [@ggayan](https://github.com/ggayan)
+ - [#175] Make token.expires_in_seconds return nil when expires_in is nil [@miyagawa](https://github.com/miyagawa)
+- enhancements
+ - [#166, #172, #174] Behavior to automatically authorize based on a configured proc
+- internals
+ - [#168] Using expectation syntax for controller specs [@rdsoze](https://github.com/rdsoze)
+
+## 0.6.2 - 2012-11-10
+
+- bugfixes
+ - [#162] Remove ownership columns from base migration template [@rdsoze](https://github.com/rdsoze)
+
+## 0.6.1 - 2012-11-07
+
+- bugfixes
+ - [#160] Removed |routes| argument from initializer authenticator blocks
+- documentation
+ - [#160] Fixed description of context of authenticator blocks
+
+## 0.6.0 - 2012-11-05
+
+- enhancements
+ - Mongoid `orm` configuration accepts only :mongoid2 or :mongoid3
+ - Authorization endpoint does not redirect in #new action anymore. It wasn't specified by OAuth spec
+ - TokensController now inherits from ActionController::Metal. There might be performance upgrades
+ - Add link to authorization in Applications scaffold
+ - [#116] MongoMapper support [@carols10cents](https://github.com/carols10cents)
+ - [#122] Mongoid3 support [@petergoldstein](https://github.com/petergoldstein)
+ - [#150] Introduce test redirect uri for applications
+- bugfixes
+ - [#157] Response token status should be `:ok`, not `:success` [@theycallmeswift](https://github.com/theycallmeswift)
+ - [#159] Remove ActionView::Base.field_error_proc override (fixes #145)
+- internals
+ - Update development dependencies
+ - Several refactorings
+ - Rails/ORM are easily swichable with env vars (rails and orm)
+ - Travis now tests against Mongoid v2
+
+## 0.5.0 - 2012-10-20
+
+Official support for rubinius was removed.
+
+- enhancements
+ - Configure the way access token is retrieved from request (default to bearer header)
+ - Authorization Code expiration time is now configurable
+ - Add support for mongoid
+ - [#78, #128, #137, #138] Application Ownership
+ - [#92] Allow users to skip controllers
+ - [#99] Remove deprecated warnings for data-* attributes [@towerhe](https://github.com/towerhe)
+ - [#101] Return existing access_token for PasswordAccessTokenRequest [@benoist](https://github.com/benoist)
+ - [#104] Changed access token scopes example code to default_scopes and optional_scopes [@amkirwan](https://github.com/amkirwan)
+ - [#107] Fix typos in initializer
+ - [#123] i18n for validator, flash messages [@petergoldstein](https://github.com/petergoldstein)
+ - [#140] ActiveRecord is the default value for the ORM [@petergoldstein](https://github.com/petergoldstein)
+- internals
+ - [#112, #120] Replacing update_attribute with update_column to eliminate deprecation warnings [@rmoriz](https://github.com/rmoriz), [@petergoldstein](https://github.com/petergoldstein)
+ - [#121] Updating all development dependencies to recent versions. [@petergoldstein](https://github.com/petergoldstein)
+ - [#144] Adding MongoDB dependency to .travis.yml [@petergoldstein](https://github.com/petergoldstein)
+ - [#143] Displays errors for unconfigured error messages [@timgaleckas](https://github.com/timgaleckas)
+- bugfixes
+ - [#102] Not returning 401 when access token generation fails [@cslew](https://github.com/cslew)
+ - [#125] Doorkeeper is using ActiveRecord version of as_json in ORM agnostic code [@petergoldstein](https://github.com/petergoldstein)
+ - [#142] Prevent double submission of password based authentication [@bdurand](https://github.com/bdurand)
+- documentation
+ - [#141] Add rack-cors middleware to readme [@gottfrois](https://github.com/gottfrois)
+
+## 0.4.2 - 2012-06-05
+
+- bugfixes:
+ - [#94] Uninitialized Constant in Password Flow
+
+## 0.4.1 - 2012-06-02
+
+- enhancements:
+ - Backport: Move doorkeeper_for extension to Filter helper
+
+## 0.4.0 - 2012-05-26
+
+- deprecation
+ - Deprecate authorization_scopes
+- database changes
+ - AccessToken#resource_owner_id is not nullable
+- enhancements
+ - [#83] Add Resource Owner Password Credentials flow [@jaimeiniesta](https://github.com/jaimeiniesta)
+ - [#76] Allow token expiration to be disabled [@mattgreen](https://github.com/mattgreen)
+ - [#89] Configure the way client credentials are retrieved from request
+ - [#b6470a] Add Client Credentials flow
+- internals
+ - [#2ece8d, #f93778] Introduce Client and ErrorResponse classes
+
+## 0.3.4 - 2012-05-24
+
+- Fix attr_accessible for rails 3.2.x
+
+## 0.3.3 - 2012-05-07
+
+- [#86] shrink gem package size
+
+## 0.3.2 - 2012-04-29
+
+- enhancements
+ - [#54] Ignore Authorization: headers that are not Bearer [@miyagawa](https://github.com/miyagawa)
+ - [#58, #64] Add destroy action to applications endpoint [@jaimeiniesta](https://github.com/jaimeiniesta), [@davidfrey](https://github.com/davidfrey)
+ - [#63] TokensController responds with `401 unauthorized` [@jaimeiniesta](https://github.com/jaimeiniesta)
+ - [#67, #72] Fix for mass-assignment [@cicloid](https://github.com/cicloid)
+- internals
+ - [#49] Add Gemnasium status image to README [@laserlemon](https://github.com/laserlemon)
+ - [#50] Fix typos [@tomekw](https://github.com/tomekw)
+ - [#51] Updated the factory_girl_rails dependency, fix expires_in response which returned a float number instead of integer [@antekpiechnik](https://github.com/antekpiechnik)
+ - [#62] Typos, .gitignore [@jaimeiniesta](https://github.com/jaimeiniesta)
+ - [#65] Change _path redirections to _url redirections [@jaimeiniesta](https://github.com/jaimeiniesta)
+ - [#75] Fix unknown method #authenticate_admin! [@mattgreen](https://github.com/mattgreen)
+ - Remove application link in authorized app view
+
+## 0.3.1 - 2012-02-17
+
+- enhancements
+ - [#48] Add if, else options to doorkeeper_for
+ - Add views generator
+- internals
+ - Namespace models
+
+## 0.3.0 - 2012-02-11
+
+- enhancements
+ - [#17, #31] Add support for client credentials in basic auth header [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
+ - [#28] Add indices to migration [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
+ - [#29] Allow doorkeeper to run with rails 3.2 [@john-griffin](https://github.com/john-griffin)
+ - [#30] Improve client's redirect uri validation [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
+ - [#32] Add token (implicit grant) flow [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
+ - [#34] Add support for custom unathorized responses [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
+ - [#36] Remove repetitions from the Authorised Applications view [@carvil](https://github.com/carvil)
+ - When user revoke an application, all tokens for that application are revoked
+ - Error messages now can be translated
+ - Install generator copies the error messages localization file
+- internals
+ - Fix deprecation warnings in ActiveSupport::Base64
+ - Remove deprecation in doorkeeper_for that handles hash arguments
+ - Depends on railties instead of whole rails framework
+ - CI now integrates with rails 3.1 and 3.2
+
+## 0.2.0 - 2011-12-17
+
+- enhancements
+ - [#4] Add authorized applications endpoint
+ - [#5, #11] Add access token scopes
+ - [#10] Add access token expiration by default
+ - [#9, #12] Add refresh token flow
+- internals
+ - [#7] Improve configuration options with :default
+ - Improve configuration options with :builder
+ - Refactor config class
+ - Improve coverage of authorization request integration
+- bug fixes
+ - [#6, #20] Fix access token response headers
+ - Fix issue with state parameter
+- deprecation
+ - deprecate :only and :except options in doorkeeper_for
+
+## 0.1.1 - 2011-11-30
+
+- enhancements
+ - [#3] Authorization code must be short lived and single use
+ - [#2] Improve views provided by doorkeeper
+ - [#1] Skips authorization form if the client has been authorized by the resource owner
+ - Improve readme
+- bugfixes
+ - Fix issue when creating the access token (wrong client id)
+
+## 0.1.0 - 2011-11-25
+
+- Authorization Code flow
+- OAuth applications endpoint
diff --git a/doorkeeper/README.md b/doorkeeper/README.md
new file mode 100644
index 0000000000..e3afdedc5f
--- /dev/null
+++ b/doorkeeper/README.md
@@ -0,0 +1,487 @@
+# Doorkeeper - awesome OAuth 2 provider for your Rails app.
+
+[](https://rubygems.org/gems/doorkeeper)
+[](https://travis-ci.org/doorkeeper-gem/doorkeeper)
+[](https://gemnasium.com/doorkeeper-gem/doorkeeper)
+[](https://codeclimate.com/github/doorkeeper-gem/doorkeeper)
+[](https://coveralls.io/github/doorkeeper-gem/doorkeeper?branch=master)
+[](https://hakiri.io/github/doorkeeper-gem/doorkeeper/master)
+
+Doorkeeper is a gem that makes it easy to introduce OAuth 2 provider
+functionality to your Rails or Grape application.
+
+Supported features:
+
+- [The OAuth 2.0 Authorization Framework](https://tools.ietf.org/html/rfc6749)
+ - [Authorization Code Flow](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.1)
+ - [Access Token Scopes](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-3.3)
+ - [Refresh token](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-1.5)
+ - [Implicit grant](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.2)
+ - [Resource Owner Password Credentials](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.3)
+ - [Client Credentials](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.4)
+- [OAuth 2.0 Token Revocation](http://tools.ietf.org/html/rfc7009)
+- [OAuth 2.0 Token Introspection](https://tools.ietf.org/html/rfc7662)
+
+## Documentation valid for `master` branch
+
+Please check the documentation for the version of doorkeeper you are using in:
+https://github.com/doorkeeper-gem/doorkeeper/releases
+
+- See the [wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki)
+- For general questions, please post in [Stack Overflow](http://stackoverflow.com/questions/tagged/doorkeeper)
+- See [SECURITY.md](SECURITY.md) for this project's security disclose
+ policy
+
+## Table of Contents
+
+
+
+
+- [Installation](#installation)
+- [Configuration](#configuration)
+ - [ORM](#orm)
+ - [Active Record](#active-record)
+ - [MongoDB](#mongodb)
+ - [Sequel](#sequel)
+ - [Couchbase](#couchbase)
+ - [Routes](#routes)
+ - [Authenticating](#authenticating)
+ - [Internationalization (I18n)](#internationalization-i18n)
+- [Protecting resources with OAuth (a.k.a your API endpoint)](#protecting-resources-with-oauth-aka-your-api-endpoint)
+ - [Ruby on Rails controllers](#ruby-on-rails-controllers)
+ - [Grape endpoints](#grape-endpoints)
+ - [Route Constraints and other integrations](#route-constraints-and-other-integrations)
+ - [Access Token Scopes](#access-token-scopes)
+ - [Custom Access Token Generator](#custom-access-token-generator)
+ - [Authenticated resource owner](#authenticated-resource-owner)
+ - [Applications list](#applications-list)
+- [Other customizations](#other-customizations)
+- [Testing](#testing)
+- [Upgrading](#upgrading)
+- [Development](#development)
+- [Contributing](#contributing)
+- [Other resources](#other-resources)
+ - [Wiki](#wiki)
+ - [Screencast](#screencast)
+ - [Client applications](#client-applications)
+ - [Contributors](#contributors)
+ - [IETF Standards](#ietf-standards)
+ - [License](#license)
+
+
+
+## Installation
+
+Put this in your Gemfile:
+
+``` ruby
+gem 'doorkeeper'
+```
+
+Run the installation generator with:
+
+ rails generate doorkeeper:install
+
+This will install the doorkeeper initializer into `config/initializers/doorkeeper.rb`.
+
+## Configuration
+
+### ORM
+
+#### Active Record
+
+By default doorkeeper is configured to use Active Record, so to start you have
+to generate the migration tables (supports Rails >= 5 migrations versioning):
+
+ rails generate doorkeeper:migration
+
+You may want to add foreign keys to your migration. For example, if you plan on
+using `User` as the resource owner, add the following line to the migration file
+for each table that includes a `resource_owner_id` column:
+
+```ruby
+add_foreign_key :table_name, :users, column: :resource_owner_id
+```
+
+Then run migrations:
+
+```sh
+rake db:migrate
+```
+
+Remember to add associations to your model so the related records are deleted.
+If you don't do this an `ActiveRecord::InvalidForeignKey`-error will be raised
+when you try to destroy a model with related access grants or access tokens.
+
+```ruby
+class User < ApplicationRecord
+ has_many :access_grants, class_name: "Doorkeeper::AccessGrant",
+ foreign_key: :resource_owner_id,
+ dependent: :delete_all # or :destroy if you need callbacks
+
+ has_many :access_tokens, class_name: "Doorkeeper::AccessToken",
+ foreign_key: :resource_owner_id,
+ dependent: :delete_all # or :destroy if you need callbacks
+end
+```
+
+#### MongoDB
+
+See [doorkeeper-mongodb project] for Mongoid and MongoMapper support. Follow along
+the implementation in that repository to extend doorkeeper with other ORMs.
+
+[doorkeeper-mongodb project]: https://github.com/doorkeeper-gem/doorkeeper-mongodb
+
+#### Sequel
+
+If you are using [Sequel gem] then you can add [doorkeeper-sequel extension] to your project.
+Follow configuration instructions for setting up the necessary Doorkeeper ORM.
+
+[Sequel gem]: https://github.com/jeremyevans/sequel/
+[doorkeeper-sequel extension]: https://github.com/nbulaj/doorkeeper-sequel
+
+#### Couchbase
+
+Use [doorkeeper-couchbase] extension if you are using Couchbase database.
+
+[doorkeeper-couchbase]: https://github.com/acaprojects/doorkeeper-couchbase
+
+### Routes
+
+The installation script will also automatically add the Doorkeeper routes into
+your app, like this:
+
+``` ruby
+Rails.application.routes.draw do
+ use_doorkeeper
+ # your routes
+end
+```
+
+This will mount following routes:
+
+ GET /oauth/authorize/native?code
+ GET /oauth/authorize
+ POST /oauth/authorize
+ DELETE /oauth/authorize
+ POST /oauth/token
+ POST /oauth/revoke
+ POST /oauth/introspect
+ resources /oauth/applications
+ GET /oauth/authorized_applications
+ DELETE /oauth/authorized_applications/:id
+ GET /oauth/token/info
+
+For more information on how to customize routes, check out [this page on the
+wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-routes).
+
+### Authenticating
+
+You need to configure Doorkeeper in order to provide `resource_owner` model
+and authentication block in `config/initializers/doorkeeper.rb`:
+
+``` ruby
+Doorkeeper.configure do
+ resource_owner_authenticator do
+ User.find_by(id: session[:current_user_id]) || redirect_to(login_url)
+ end
+end
+```
+
+This code is run in the context of your application so you have access to your
+models, session or routes helpers. However, since this code is not run in the
+context of your application's `ApplicationController` it doesn't have access to
+the methods defined over there.
+
+You may want to check other ways of authentication
+[here](https://github.com/doorkeeper-gem/doorkeeper/wiki/Authenticating-using-Clearance-or-DIY).
+
+### Internationalization (I18n)
+
+See language files in [the I18n repository](https://github.com/doorkeeper-gem/doorkeeper-i18n).
+
+## Protecting resources with OAuth (a.k.a your API endpoint)
+
+### Ruby on Rails controllers
+
+To protect your controllers (usual one or `ActionController::API`) with OAuth,
+you just need to setup `before_action`s specifying the actions you want to
+protect. For example:
+
+``` ruby
+class Api::V1::ProductsController < Api::V1::ApiController
+ before_action :doorkeeper_authorize! # Require access token for all actions
+
+ # your actions
+end
+```
+
+You can pass any option `before_action` accepts, such as `if`, `only`,
+`except`, and others.
+
+### Grape endpoints
+
+Starting from version 2.2 Doorkeeper provides helpers for the
+[Grape framework] >= 0.10. One of them is `doorkeeper_authorize!` that
+can be used in a similar way as an example above to protect your API
+with OAuth. Note that you have to use `require 'doorkeeper/grape/helpers'`
+and `helpers Doorkeeper::Grape::Helpers` in your Grape API class.
+
+For more information about integration with Grape see the [Wiki].
+
+[Grape framework]: https://github.com/ruby-grape/grape
+[Wiki]: https://github.com/doorkeeper-gem/doorkeeper/wiki/Grape-Integration
+
+``` ruby
+require 'doorkeeper/grape/helpers'
+
+module API
+ module V1
+ class Users < Grape::API
+ helpers Doorkeeper::Grape::Helpers
+
+ before do
+ doorkeeper_authorize!
+ end
+
+ # route_setting :scopes, ['user:email'] - for old versions of Grape
+ get :emails, scopes: [:user, :write] do
+ [{'email' => current_user.email}]
+ end
+
+ # ...
+ end
+ end
+end
+```
+
+### Route Constraints and other integrations
+
+You can leverage the `Doorkeeper.authenticate` facade to easily extract a
+`Doorkeeper::OAuth::Token` based on the current request. You can then ensure
+that token is still good, find its associated `#resource_owner_id`, etc.
+
+```ruby
+module Constraint
+ class Authenticated
+
+ def matches?(request)
+ token = Doorkeeper.authenticate(request)
+ token && token.accessible?
+ end
+ end
+end
+```
+
+For more information about integration and other integrations, check out [the
+related wiki
+page](https://github.com/doorkeeper-gem/doorkeeper/wiki/ActionController::Metal-with-doorkeeper).
+
+### Access Token Scopes
+
+You can also require the access token to have specific scopes in certain
+actions:
+
+First configure the scopes in `initializers/doorkeeper.rb`
+
+```ruby
+Doorkeeper.configure do
+ default_scopes :public # if no scope was requested, this will be the default
+ optional_scopes :admin, :write
+end
+```
+
+And in your controllers:
+
+```ruby
+class Api::V1::ProductsController < Api::V1::ApiController
+ before_action -> { doorkeeper_authorize! :public }, only: :index
+ before_action only: [:create, :update, :destroy] do
+ doorkeeper_authorize! :admin, :write
+ end
+end
+```
+
+Please note that there is a logical OR between multiple required scopes. In the
+above example, `doorkeeper_authorize! :admin, :write` means that the access
+token is required to have either `:admin` scope or `:write` scope, but does not
+need have both of them.
+
+If you want to require the access token to have multiple scopes at the same
+time, use multiple `doorkeeper_authorize!`, for example:
+
+```ruby
+class Api::V1::ProductsController < Api::V1::ApiController
+ before_action -> { doorkeeper_authorize! :public }, only: :index
+ before_action only: [:create, :update, :destroy] do
+ doorkeeper_authorize! :admin
+ doorkeeper_authorize! :write
+ end
+end
+```
+
+In the above example, a client can call `:create` action only if its access token
+has both `:admin` and `:write` scopes.
+
+### Custom Access Token Generator
+
+By default a 128 bit access token will be generated. If you require a custom
+token, such as [JWT](http://jwt.io), specify an object that responds to
+`.generate(options = {})` and returns a string to be used as the token.
+
+```ruby
+Doorkeeper.configure do
+ access_token_generator "Doorkeeper::JWT"
+end
+```
+
+JWT token support is available with
+[Doorkeeper-JWT](https://github.com/chriswarren/doorkeeper-jwt).
+
+### Custom Base Controller
+
+By default Doorkeeper's main controller `Doorkeeper::ApplicationController`
+inherits from `ActionController::Base`. You may want to use your own
+controller to inherit from, to keep Doorkeeper controllers in the same
+context than the rest your app:
+
+```ruby
+Doorkeeper.configure do
+ base_controller 'ApplicationController'
+end
+```
+
+### Authenticated resource owner
+
+If you want to return data based on the current resource owner, in other
+words, the access token owner, you may want to define a method in your
+controller that returns the resource owner instance:
+
+``` ruby
+class Api::V1::CredentialsController < Api::V1::ApiController
+ before_action :doorkeeper_authorize!
+ respond_to :json
+
+ # GET /me.json
+ def me
+ respond_with current_resource_owner
+ end
+
+ private
+
+ # Find the user that owns the access token
+ def current_resource_owner
+ User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
+ end
+end
+```
+
+In this example, we're returning the credentials (`me.json`) of the access
+token owner.
+
+### Applications list
+
+By default, the applications list (`/oauth/applications`) is publicly available.
+To protect the endpoint you should uncomment these lines:
+
+```ruby
+# config/initializers/doorkeeper.rb
+Doorkeeper.configure do
+ admin_authenticator do |routes|
+ Admin.find_by(id: session[:admin_id]) || redirect_to(routes.new_admin_session_url)
+ end
+end
+```
+
+The logic is the same as the `resource_owner_authenticator` block. **Note:**
+since the application list is just a scaffold, it's recommended to either
+customize the controller used by the list or skip the controller all together.
+For more information see the page
+[in the wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-routes).
+
+## Other customizations
+
+- [Associate users to OAuth applications (ownership)](https://github.com/doorkeeper-gem/doorkeeper/wiki/Associate-users-to-OAuth-applications-%28ownership%29)
+- [CORS - Cross Origin Resource Sharing](https://github.com/doorkeeper-gem/doorkeeper/wiki/%5BCORS%5D-Cross-Origin-Resource-Sharing)
+- see more on [Wiki page](https://github.com/doorkeeper-gem/doorkeeper/wiki)
+
+## Testing
+
+You can use Doorkeeper models in your application test suite. Note that starting from
+Doorkeeper 4.3.0 it uses [ActiveSupport lazy loading hooks](http://api.rubyonrails.org/classes/ActiveSupport/LazyLoadHooks.html)
+to load models. There are [known issue](https://github.com/doorkeeper-gem/doorkeeper/issues/1043)
+with the `factory_bot_rails` gem (it executes factories building before `ActiveRecord::Base`
+is initialized using hooks in gem railtie, so you can catch a `uninitialized constant` error).
+It is recommended to use pure `factory_bot` gem to solve this problem.
+
+## Upgrading
+
+If you want to upgrade doorkeeper to a new version, check out the [upgrading
+notes](https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions)
+and take a look at the
+[changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/master/NEWS.md).
+
+Doorkeeper follows [semantic versioning](http://semver.org/).
+
+## Development
+
+To run the local engine server:
+
+```
+bundle install
+bundle exec rails server
+````
+
+By default, it uses the latest Rails version with ActiveRecord. To run the
+tests with a specific ORM and Rails version:
+
+```
+rails=4.2.0 orm=active_record bundle exec rake
+```
+
+## Contributing
+
+Want to contribute and don't know where to start? Check out [features we're
+missing](https://github.com/doorkeeper-gem/doorkeeper/wiki/Supported-Features),
+create [example
+apps](https://github.com/doorkeeper-gem/doorkeeper/wiki/Example-Applications),
+integrate the gem with your app and let us know!
+
+Also, check out our [contributing guidelines
+page](https://github.com/doorkeeper-gem/doorkeeper/wiki/Contributing).
+
+## Other resources
+
+### Wiki
+
+You can find everything about Doorkeeper in our [wiki
+here](https://github.com/doorkeeper-gem/doorkeeper/wiki).
+
+### Screencast
+
+Check out this screencast from [railscasts.com](http://railscasts.com/): [#353
+OAuth with
+Doorkeeper](http://railscasts.com/episodes/353-oauth-with-doorkeeper)
+
+### Client applications
+
+After you set up the provider, you may want to create a client application to
+test the integration. Check out these [client
+examples](https://github.com/doorkeeper-gem/doorkeeper/wiki/Example-Applications)
+in our wiki or follow this [tutorial
+here](https://github.com/doorkeeper-gem/doorkeeper/wiki/Testing-your-provider-with-OAuth2-gem).
+
+### Contributors
+
+Thanks to all our [awesome
+contributors](https://github.com/doorkeeper-gem/doorkeeper/graphs/contributors)!
+
+### IETF Standards
+
+* [The OAuth 2.0 Authorization Framework](http://tools.ietf.org/html/rfc6749)
+* [OAuth 2.0 Threat Model and Security Considerations](http://tools.ietf.org/html/rfc6819)
+* [OAuth 2.0 Token Revocation](http://tools.ietf.org/html/rfc7009)
+
+### License
+
+MIT License. Copyright 2011 Applicake.
diff --git a/doorkeeper/RELEASING.md b/doorkeeper/RELEASING.md
new file mode 100644
index 0000000000..54b789d8c2
--- /dev/null
+++ b/doorkeeper/RELEASING.md
@@ -0,0 +1,10 @@
+# Releasing doorkeeper
+
+How to release doorkeeper in five easy steps!
+
+1. Update `lib/doorkeeper/version.rb` file accordingly.
+2. Update `NEWS.md` to reflect the changes since last release.
+3. Commit changes: `git commit -am 'Bump to vVERSION'`
+4. Run `rake release`
+5. Announce the new release, making sure to say “thank you” to the contributors
+ who helped shape this version!
diff --git a/doorkeeper/Rakefile b/doorkeeper/Rakefile
new file mode 100644
index 0000000000..e5f2d5242a
--- /dev/null
+++ b/doorkeeper/Rakefile
@@ -0,0 +1,20 @@
+require 'bundler/setup'
+require 'rspec/core/rake_task'
+
+desc 'Default: run specs.'
+task default: :spec
+
+desc "Run all specs"
+RSpec::Core::RakeTask.new(:spec) do |config|
+ config.verbose = false
+end
+
+namespace :doorkeeper do
+ desc "Install doorkeeper in dummy app"
+ task :install do
+ cd 'spec/dummy'
+ system 'bundle exec rails g doorkeeper:install --force'
+ end
+end
+
+Bundler::GemHelper.install_tasks
diff --git a/doorkeeper/SECURITY.md b/doorkeeper/SECURITY.md
new file mode 100644
index 0000000000..0b313e91d0
--- /dev/null
+++ b/doorkeeper/SECURITY.md
@@ -0,0 +1,15 @@
+# Reporting security issues in Doorkeeper
+
+Hello! Thank you for wanting to disclose a possible security
+vulnerability within the Doorkeeper gem! Please follow our disclosure
+policy as outlined below:
+
+1. Do NOT open up a GitHub issue with your report. Security reports
+ should be kept private until a possible fix is determined.
+2. Send an email to Nikita Bulai at bulaj.nikita AT gmail.com or one of
+ the others Doorkeeper maintainers listed in gemspec. You should receive
+ a prompt response.
+3. Be patient. Since Doorkeeper is in a stable maintenance phase, we want to
+ do as little as possible to rock the boat of the project.
+
+Thank you very much for adhering for these policies!
diff --git a/doorkeeper/app/assets/stylesheets/doorkeeper/admin/application.css b/doorkeeper/app/assets/stylesheets/doorkeeper/admin/application.css
new file mode 100644
index 0000000000..31ab17abc4
--- /dev/null
+++ b/doorkeeper/app/assets/stylesheets/doorkeeper/admin/application.css
@@ -0,0 +1,10 @@
+/*
+ *= require doorkeeper/bootstrap.min
+ *
+ *= require_self
+ *= require_tree .
+*/
+
+td {
+ vertical-align: middle !important;
+}
diff --git a/doorkeeper/app/assets/stylesheets/doorkeeper/application.css b/doorkeeper/app/assets/stylesheets/doorkeeper/application.css
new file mode 100644
index 0000000000..88abe3e5ec
--- /dev/null
+++ b/doorkeeper/app/assets/stylesheets/doorkeeper/application.css
@@ -0,0 +1,64 @@
+/*
+ *= require doorkeeper/bootstrap.min
+ *
+ *= require_self
+ *= require_tree .
+*/
+
+body {
+ background-color: #eee;
+ font-size: 14px;
+}
+
+#container {
+ background-color: #fff;
+ border: 1px solid #999;
+ border: 1px solid rgba(0, 0, 0, 0.2);
+ border-radius: 6px;
+ -webkit-box-shadow: 0 3px 9px rgba(0, 0, 0, 0.5);
+ box-shadow: 0 3px 20px rgba(0, 0, 0, 0.3);
+ margin: 2em auto;
+ max-width: 600px;
+ outline: 0;
+ padding: 1em;
+ width: 80%;
+}
+
+.page-header {
+ margin-top: 20px;
+}
+
+#oauth-permissions {
+ width: 260px;
+}
+
+.actions {
+ border-top: 1px solid #eee;
+ margin-top: 1em;
+ padding-top: 9px;
+}
+
+.actions > form > .btn {
+ margin-top: 5px;
+}
+
+.separator {
+ color: #eee;
+ padding: 0 .5em;
+}
+
+.inline_block {
+ display: inline-block;
+}
+
+#oauth {
+ margin-bottom: 1em;
+}
+
+#oauth > .btn {
+ width: 7em;
+}
+
+td {
+ vertical-align: middle !important;
+}
diff --git a/doorkeeper/app/controllers/doorkeeper/application_controller.rb b/doorkeeper/app/controllers/doorkeeper/application_controller.rb
new file mode 100644
index 0000000000..bee9a15f84
--- /dev/null
+++ b/doorkeeper/app/controllers/doorkeeper/application_controller.rb
@@ -0,0 +1,11 @@
+module Doorkeeper
+ class ApplicationController <
+ Doorkeeper.configuration.base_controller.constantize
+
+ include Helpers::Controller
+
+ protect_from_forgery with: :exception
+
+ helper 'doorkeeper/dashboard'
+ end
+end
diff --git a/doorkeeper/app/controllers/doorkeeper/application_metal_controller.rb b/doorkeeper/app/controllers/doorkeeper/application_metal_controller.rb
new file mode 100644
index 0000000000..9f84e79bbd
--- /dev/null
+++ b/doorkeeper/app/controllers/doorkeeper/application_metal_controller.rb
@@ -0,0 +1,17 @@
+module Doorkeeper
+ class ApplicationMetalController < ActionController::Metal
+ MODULES = [
+ ActionController::Instrumentation,
+ AbstractController::Rendering,
+ ActionController::Rendering,
+ ActionController::Renderers::All,
+ Helpers::Controller
+ ].freeze
+
+ MODULES.each do |mod|
+ include mod
+ end
+
+ ActiveSupport.run_load_hooks(:doorkeeper_metal_controller, self)
+ end
+end
diff --git a/doorkeeper/app/controllers/doorkeeper/applications_controller.rb b/doorkeeper/app/controllers/doorkeeper/applications_controller.rb
new file mode 100644
index 0000000000..f06adabe49
--- /dev/null
+++ b/doorkeeper/app/controllers/doorkeeper/applications_controller.rb
@@ -0,0 +1,63 @@
+module Doorkeeper
+ class ApplicationsController < Doorkeeper::ApplicationController
+ layout 'doorkeeper/admin'
+
+ before_action :authenticate_admin!
+ before_action :set_application, only: [:show, :edit, :update, :destroy]
+
+ def index
+ @applications = if Application.respond_to?(:ordered_by)
+ Application.ordered_by(:created_at)
+ else
+ ActiveSupport::Deprecation.warn <<-MSG.squish
+ Doorkeeper #{Doorkeeper.configuration.orm} extension must implement #ordered_by
+ method for it's models as it will be used by default in Doorkeeper 5.
+ MSG
+
+ Application.all
+ end
+ end
+
+ def show; end
+
+ def new
+ @application = Application.new
+ end
+
+ def create
+ @application = Application.new(application_params)
+ if @application.save
+ flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :create])
+ redirect_to oauth_application_url(@application)
+ else
+ render :new
+ end
+ end
+
+ def edit; end
+
+ def update
+ if @application.update_attributes(application_params)
+ flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :update])
+ redirect_to oauth_application_url(@application)
+ else
+ render :edit
+ end
+ end
+
+ def destroy
+ flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :destroy]) if @application.destroy
+ redirect_to oauth_applications_url
+ end
+
+ private
+
+ def set_application
+ @application = Application.find(params[:id])
+ end
+
+ def application_params
+ params.require(:doorkeeper_application).permit(:name, :redirect_uri, :scopes)
+ end
+ end
+end
diff --git a/doorkeeper/app/controllers/doorkeeper/authorizations_controller.rb b/doorkeeper/app/controllers/doorkeeper/authorizations_controller.rb
new file mode 100644
index 0000000000..8406c9e1d6
--- /dev/null
+++ b/doorkeeper/app/controllers/doorkeeper/authorizations_controller.rb
@@ -0,0 +1,57 @@
+module Doorkeeper
+ class AuthorizationsController < Doorkeeper::ApplicationController
+ before_action :authenticate_resource_owner!
+
+ def new
+ if pre_auth.authorizable?
+ if skip_authorization? || matching_token?
+ auth = authorization.authorize
+ redirect_to auth.redirect_uri
+ else
+ render :new
+ end
+ else
+ render :error
+ end
+ end
+
+ # TODO: Handle raise invalid authorization
+ def create
+ redirect_or_render authorization.authorize
+ end
+
+ def destroy
+ redirect_or_render authorization.deny
+ end
+
+ private
+
+ def matching_token?
+ AccessToken.matching_token_for pre_auth.client,
+ current_resource_owner.id,
+ pre_auth.scopes
+ end
+
+ def redirect_or_render(auth)
+ if auth.redirectable?
+ redirect_to auth.redirect_uri
+ else
+ render json: auth.body, status: auth.status
+ end
+ end
+
+ def pre_auth
+ @pre_auth ||= OAuth::PreAuthorization.new(Doorkeeper.configuration,
+ server.client_via_uid,
+ params)
+ end
+
+ def authorization
+ @authorization ||= strategy.request
+ end
+
+ def strategy
+ @strategy ||= server.authorization_request pre_auth.response_type
+ end
+ end
+end
diff --git a/doorkeeper/app/controllers/doorkeeper/authorized_applications_controller.rb b/doorkeeper/app/controllers/doorkeeper/authorized_applications_controller.rb
new file mode 100644
index 0000000000..258ad65ac8
--- /dev/null
+++ b/doorkeeper/app/controllers/doorkeeper/authorized_applications_controller.rb
@@ -0,0 +1,14 @@
+module Doorkeeper
+ class AuthorizedApplicationsController < Doorkeeper::ApplicationController
+ before_action :authenticate_resource_owner!
+
+ def index
+ @applications = Application.authorized_for(current_resource_owner)
+ end
+
+ def destroy
+ AccessToken.revoke_all_for params[:id], current_resource_owner
+ redirect_to oauth_authorized_applications_url, notice: I18n.t(:notice, scope: [:doorkeeper, :flash, :authorized_applications, :destroy])
+ end
+ end
+end
diff --git a/doorkeeper/app/controllers/doorkeeper/token_info_controller.rb b/doorkeeper/app/controllers/doorkeeper/token_info_controller.rb
new file mode 100644
index 0000000000..79249d5b71
--- /dev/null
+++ b/doorkeeper/app/controllers/doorkeeper/token_info_controller.rb
@@ -0,0 +1,13 @@
+module Doorkeeper
+ class TokenInfoController < Doorkeeper::ApplicationMetalController
+ def show
+ if doorkeeper_token && doorkeeper_token.accessible?
+ render json: doorkeeper_token, status: :ok
+ else
+ error = OAuth::ErrorResponse.new(name: :invalid_request)
+ response.headers.merge!(error.headers)
+ render json: error.body, status: error.status
+ end
+ end
+ end
+end
diff --git a/doorkeeper/app/controllers/doorkeeper/tokens_controller.rb b/doorkeeper/app/controllers/doorkeeper/tokens_controller.rb
new file mode 100644
index 0000000000..9ba0459b81
--- /dev/null
+++ b/doorkeeper/app/controllers/doorkeeper/tokens_controller.rb
@@ -0,0 +1,93 @@
+module Doorkeeper
+ class TokensController < Doorkeeper::ApplicationMetalController
+ def create
+ response = authorize_response
+ headers.merge! response.headers
+ self.response_body = response.body.to_json
+ self.status = response.status
+ rescue Errors::DoorkeeperError => e
+ handle_token_exception e
+ end
+
+ # OAuth 2.0 Token Revocation - http://tools.ietf.org/html/rfc7009
+ def revoke
+ # The authorization server, if applicable, first authenticates the client
+ # and checks its ownership of the provided token.
+ #
+ # Doorkeeper does not use the token_type_hint logic described in the
+ # RFC 7009 due to the refresh token implementation that is a field in
+ # the access token model.
+ if authorized?
+ revoke_token
+ end
+
+ # The authorization server responds with HTTP status code 200 if the token
+ # has been revoked successfully or if the client submitted an invalid
+ # token
+ render json: {}, status: 200
+ end
+
+ def introspect
+ introspection = OAuth::TokenIntrospection.new(server, token)
+
+ if introspection.authorized?
+ render json: introspection.to_json, status: 200
+ else
+ error = OAuth::ErrorResponse.new(name: introspection.error)
+ response.headers.merge!(error.headers)
+ render json: error.body, status: error.status
+ end
+ end
+
+ private
+
+ # OAuth 2.0 Section 2.1 defines two client types, "public" & "confidential".
+ # Public clients (as per RFC 7009) do not require authentication whereas
+ # confidential clients must be authenticated for their token revocation.
+ #
+ # Once a confidential client is authenticated, it must be authorized to
+ # revoke the provided access or refresh token. This ensures one client
+ # cannot revoke another's tokens.
+ #
+ # Doorkeeper determines the client type implicitly via the presence of the
+ # OAuth client associated with a given access or refresh token. Since public
+ # clients authenticate the resource owner via "password" or "implicit" grant
+ # types, they set the application_id as null (since the claim cannot be
+ # verified).
+ #
+ # https://tools.ietf.org/html/rfc6749#section-2.1
+ # https://tools.ietf.org/html/rfc7009
+ def authorized?
+ if token.present?
+ # Client is confidential, therefore client authentication & authorization
+ # is required
+ if token.application_id?
+ # We authorize client by checking token's application
+ server.client && server.client.application == token.application
+ else
+ # Client is public, authentication unnecessary
+ true
+ end
+ end
+ end
+
+ def revoke_token
+ if token.accessible?
+ token.revoke
+ end
+ end
+
+ def token
+ @token ||= AccessToken.by_token(request.POST['token']) ||
+ AccessToken.by_refresh_token(request.POST['token'])
+ end
+
+ def strategy
+ @strategy ||= server.token_request params[:grant_type]
+ end
+
+ def authorize_response
+ @authorize_response ||= strategy.authorize
+ end
+ end
+end
diff --git a/doorkeeper/app/helpers/doorkeeper/dashboard_helper.rb b/doorkeeper/app/helpers/doorkeeper/dashboard_helper.rb
new file mode 100644
index 0000000000..f2412a25f7
--- /dev/null
+++ b/doorkeeper/app/helpers/doorkeeper/dashboard_helper.rb
@@ -0,0 +1,19 @@
+module Doorkeeper
+ module DashboardHelper
+ def doorkeeper_errors_for(object, method)
+ if object.errors[method].present?
+ output = object.errors[method].map do |msg|
+ content_tag(:span, class: 'help-block') do
+ msg.capitalize
+ end
+ end
+
+ safe_join(output)
+ end
+ end
+
+ def doorkeeper_submit_path(application)
+ application.persisted? ? oauth_application_path(application) : oauth_applications_path
+ end
+ end
+end
diff --git a/doorkeeper/app/validators/redirect_uri_validator.rb b/doorkeeper/app/validators/redirect_uri_validator.rb
new file mode 100644
index 0000000000..3b9b52ae42
--- /dev/null
+++ b/doorkeeper/app/validators/redirect_uri_validator.rb
@@ -0,0 +1,44 @@
+require 'uri'
+
+class RedirectUriValidator < ActiveModel::EachValidator
+ def self.native_redirect_uri
+ Doorkeeper.configuration.native_redirect_uri
+ end
+
+ def validate_each(record, attribute, value)
+ if value.blank?
+ record.errors.add(attribute, :blank)
+ else
+ value.split.each do |val|
+ uri = ::URI.parse(val)
+ next if native_redirect_uri?(uri)
+ record.errors.add(attribute, :forbidden_uri) if forbidden_uri?(uri)
+ record.errors.add(attribute, :fragment_present) unless uri.fragment.nil?
+ record.errors.add(attribute, :relative_uri) if uri.scheme.nil? || uri.host.nil?
+ record.errors.add(attribute, :secured_uri) if invalid_ssl_uri?(uri)
+ end
+ end
+ rescue URI::InvalidURIError
+ record.errors.add(attribute, :invalid_uri)
+ end
+
+ private
+
+ def native_redirect_uri?(uri)
+ self.class.native_redirect_uri.present? && uri.to_s == self.class.native_redirect_uri.to_s
+ end
+
+ def forbidden_uri?(uri)
+ Doorkeeper.configuration.forbid_redirect_uri.call(uri)
+ end
+
+ def invalid_ssl_uri?(uri)
+ forces_ssl = Doorkeeper.configuration.force_ssl_in_redirect_uri
+
+ if forces_ssl.respond_to?(:call)
+ forces_ssl.call(uri)
+ else
+ forces_ssl && uri.try(:scheme) == 'http'
+ end
+ end
+end
diff --git a/doorkeeper/app/views/doorkeeper/applications/_delete_form.html.erb b/doorkeeper/app/views/doorkeeper/applications/_delete_form.html.erb
new file mode 100644
index 0000000000..719f8261fb
--- /dev/null
+++ b/doorkeeper/app/views/doorkeeper/applications/_delete_form.html.erb
@@ -0,0 +1,4 @@
+<%- submit_btn_css ||= 'btn btn-link' %>
+<%= form_tag oauth_application_path(application), method: :delete do %>
+ <%= submit_tag t('doorkeeper.applications.buttons.destroy'), onclick: "return confirm('#{ t('doorkeeper.applications.confirmations.destroy') }')", class: submit_btn_css %>
+<% end %>
diff --git a/doorkeeper/app/views/doorkeeper/applications/_form.html.erb b/doorkeeper/app/views/doorkeeper/applications/_form.html.erb
new file mode 100644
index 0000000000..8e25102058
--- /dev/null
+++ b/doorkeeper/app/views/doorkeeper/applications/_form.html.erb
@@ -0,0 +1,47 @@
+<%= form_for application, url: doorkeeper_submit_path(application), html: {class: 'form-horizontal', role: 'form'} do |f| %>
+ <% if application.errors.any? %>
+ <%= t('doorkeeper.applications.form.error') %>
+ <%= f.text_field :name, class: 'form-control' %>
+ <%= doorkeeper_errors_for application, :name %>
+
+ <% end %>
+
+ <%= content_tag :div, class: "form-group#{' has-error' if application.errors[:redirect_uri].present?}" do %>
+ <%= f.label :redirect_uri, class: 'col-sm-2 control-label' %>
+
+ <%= f.text_area :redirect_uri, class: 'form-control' %>
+ <%= doorkeeper_errors_for application, :redirect_uri %>
+
+ <%= t('doorkeeper.applications.help.redirect_uri') %>
+
+ <% if Doorkeeper.configuration.native_redirect_uri %>
+
+ <%= raw t('doorkeeper.applications.help.native_redirect_uri', native_redirect_uri: content_tag(:code) { Doorkeeper.configuration.native_redirect_uri }) %>
+
+ <% end %>
+
+ <% end %>
+
+ <%= content_tag :div, class: "form-group#{' has-error' if application.errors[:scopes].present?}" do %>
+ <%= f.label :scopes, class: 'col-sm-2 control-label' %>
+
+ <%= f.text_field :scopes, class: 'form-control' %>
+ <%= doorkeeper_errors_for application, :scopes %>
+
+ <%= t('doorkeeper.applications.help.scopes') %>
+
+
+ <% end %>
+
+
+<% end %>
diff --git a/doorkeeper/app/views/doorkeeper/applications/edit.html.erb b/doorkeeper/app/views/doorkeeper/applications/edit.html.erb
new file mode 100644
index 0000000000..05bddd2e4d
--- /dev/null
+++ b/doorkeeper/app/views/doorkeeper/applications/edit.html.erb
@@ -0,0 +1,5 @@
+
+
+<%= render 'form', application: @application %>
diff --git a/doorkeeper/app/views/doorkeeper/applications/index.html.erb b/doorkeeper/app/views/doorkeeper/applications/index.html.erb
new file mode 100644
index 0000000000..4a3df83058
--- /dev/null
+++ b/doorkeeper/app/views/doorkeeper/applications/index.html.erb
@@ -0,0 +1,26 @@
+
+
+<%= link_to t('.new'), new_oauth_application_path, class: 'btn btn-success' %>
+
+
+
+
+ | <%= t('.name') %> |
+ <%= t('.callback_url') %> |
+ |
+ |
+
+
+
+ <% @applications.each do |application| %>
+
+ | <%= link_to application.name, oauth_application_path(application) %> |
+ <%= application.redirect_uri %> |
+ <%= link_to t('doorkeeper.applications.buttons.edit'), edit_oauth_application_path(application), class: 'btn btn-link' %> |
+ <%= render 'delete_form', application: application %> |
+
+ <% end %>
+
+
diff --git a/doorkeeper/app/views/doorkeeper/applications/new.html.erb b/doorkeeper/app/views/doorkeeper/applications/new.html.erb
new file mode 100644
index 0000000000..05bddd2e4d
--- /dev/null
+++ b/doorkeeper/app/views/doorkeeper/applications/new.html.erb
@@ -0,0 +1,5 @@
+
+
+<%= render 'form', application: @application %>
diff --git a/doorkeeper/app/views/doorkeeper/applications/show.html.erb b/doorkeeper/app/views/doorkeeper/applications/show.html.erb
new file mode 100644
index 0000000000..283e56c481
--- /dev/null
+++ b/doorkeeper/app/views/doorkeeper/applications/show.html.erb
@@ -0,0 +1,39 @@
+
+
+
+
+
<%= t('.application_id') %>:
+
<%= @application.uid %>
+
+
<%= t('.secret') %>:
+
<%= @application.secret %>
+
+
<%= t('.scopes') %>:
+
<%= @application.scopes %>
+
+
<%= t('.callback_urls') %>:
+
+
+ <% @application.redirect_uri.split.each do |uri| %>
+
+
+ <%= uri %>
+ |
+
+ <%= link_to t('doorkeeper.applications.buttons.authorize'), oauth_authorization_path(client_id: @application.uid, redirect_uri: uri, response_type: 'code', scope: @application.scopes), class: 'btn btn-success', target: '_blank' %>
+ |
+
+ <% end %>
+
+
+
+
+
<%= t('.actions') %>
+
+
<%= link_to t('doorkeeper.applications.buttons.edit'), edit_oauth_application_path(@application), class: 'btn btn-primary' %>
+
+
<%= render 'delete_form', application: @application, submit_btn_css: 'btn btn-danger' %>
+
+
<%= @pre_auth.error_response.body[:error_description] %>
+
diff --git a/doorkeeper/app/views/doorkeeper/authorizations/new.html.erb b/doorkeeper/app/views/doorkeeper/authorizations/new.html.erb
new file mode 100644
index 0000000000..015b51bf8f
--- /dev/null
+++ b/doorkeeper/app/views/doorkeeper/authorizations/new.html.erb
@@ -0,0 +1,40 @@
+
+
+
+
+ <%= raw t('.prompt', client_name: content_tag(:strong, class: 'text-info') { @pre_auth.client.name }) %>
+
+
+ <% if @pre_auth.scopes.count > 0 %>
+
+
<%= t('.able_to') %>:
+
+
+ <% @pre_auth.scopes.each do |scope| %>
+ - <%= t scope, scope: [:doorkeeper, :scopes] %>
+ <% end %>
+
+
+ <%= form_tag oauth_authorization_path, method: :post do %>
+ <%= hidden_field_tag :client_id, @pre_auth.client.uid %>
+ <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri %>
+ <%= hidden_field_tag :state, @pre_auth.state %>
+ <%= hidden_field_tag :response_type, @pre_auth.response_type %>
+ <%= hidden_field_tag :scope, @pre_auth.scope %>
+ <%= submit_tag t('doorkeeper.authorizations.buttons.authorize'), class: "btn btn-success btn-lg btn-block" %>
+ <% end %>
+ <%= form_tag oauth_authorization_path, method: :delete do %>
+ <%= hidden_field_tag :client_id, @pre_auth.client.uid %>
+ <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri %>
+ <%= hidden_field_tag :state, @pre_auth.state %>
+ <%= hidden_field_tag :response_type, @pre_auth.response_type %>
+ <%= hidden_field_tag :scope, @pre_auth.scope %>
+ <%= submit_tag t('doorkeeper.authorizations.buttons.deny'), class: "btn btn-danger btn-lg btn-block" %>
+ <% end %>
+
+
diff --git a/doorkeeper/app/views/doorkeeper/authorizations/show.html.erb b/doorkeeper/app/views/doorkeeper/authorizations/show.html.erb
new file mode 100644
index 0000000000..f4d6610193
--- /dev/null
+++ b/doorkeeper/app/views/doorkeeper/authorizations/show.html.erb
@@ -0,0 +1,7 @@
+
+
+
+ <%= params[:code] %>
+
diff --git a/doorkeeper/app/views/doorkeeper/authorized_applications/_delete_form.html.erb b/doorkeeper/app/views/doorkeeper/authorized_applications/_delete_form.html.erb
new file mode 100644
index 0000000000..512e8ece3b
--- /dev/null
+++ b/doorkeeper/app/views/doorkeeper/authorized_applications/_delete_form.html.erb
@@ -0,0 +1,4 @@
+<%- submit_btn_css ||= 'btn btn-link' %>
+<%= form_tag oauth_authorized_application_path(application), method: :delete do %>
+ <%= submit_tag t('doorkeeper.authorized_applications.buttons.revoke'), onclick: "return confirm('#{ t('doorkeeper.authorized_applications.confirmations.revoke') }')", class: submit_btn_css %>
+<% end %>
diff --git a/doorkeeper/app/views/doorkeeper/authorized_applications/index.html.erb b/doorkeeper/app/views/doorkeeper/authorized_applications/index.html.erb
new file mode 100644
index 0000000000..a3f5aaac31
--- /dev/null
+++ b/doorkeeper/app/views/doorkeeper/authorized_applications/index.html.erb
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+ | <%= t('doorkeeper.authorized_applications.index.application') %> |
+ <%= t('doorkeeper.authorized_applications.index.created_at') %> |
+ |
+
+
+
+ <% @applications.each do |application| %>
+
+ | <%= application.name %> |
+ <%= application.created_at.strftime(t('doorkeeper.authorized_applications.index.date_format')) %> |
+ <%= render 'delete_form', application: application %> |
+
+ <% end %>
+
+
+
diff --git a/doorkeeper/app/views/layouts/doorkeeper/admin.html.erb b/doorkeeper/app/views/layouts/doorkeeper/admin.html.erb
new file mode 100644
index 0000000000..926542b8a7
--- /dev/null
+++ b/doorkeeper/app/views/layouts/doorkeeper/admin.html.erb
@@ -0,0 +1,37 @@
+
+
+
+
+
+
+ Doorkeeper
+ <%= stylesheet_link_tag "doorkeeper/admin/application" %>
+ <%= csrf_meta_tags %>
+
+
+
+
+
+
+ <%= content_tag :li, class: "#{'active' if request.path == oauth_applications_path}" do %>
+ <%= link_to t('doorkeeper.layouts.admin.nav.applications'), oauth_applications_path %>
+ <% end %>
+ <%= content_tag :li do %>
+ <%= link_to t('doorkeeper.layouts.admin.nav.home'), root_path %>
+ <% end %>
+
+
+
+ <%- if flash[:notice].present? %>
+
+ <%= flash[:notice] %>
+
+ <% end -%>
+
+ <%= yield %>
+
+ <%- if flash[:notice].present? %>
+
+ <%= flash[:notice] %>
+
+ <% end -%>
+
+ <%= yield %>
+
+
The page you were looking for doesn't exist.
+
You may have mistyped the address or the page may have moved.
+
+
The change you wanted was rejected.
+
Maybe you tried to change something you didn't have access to.
+
+
We're sorry, but something went wrong.
+
We've been notified about this issue and we'll take a look at it shortly.
+
XSS
" }
+ let(:client_params) { { name: client_name } }
+ scenario "resource owner visit authorization endpoint" do
+ visit authorization_endpoint_url(client: @client)
+ expect(page).not_to have_css("#xss")
+ end
+ end
+
+ context 'when access was denied' do
+ scenario 'redirects with error' do
+ visit authorization_endpoint_url(client: @client)
+ click_on 'Deny'
+
+ i_should_be_on_client_callback @client
+ url_should_not_have_param 'code'
+ url_should_have_param 'error', 'access_denied'
+ url_should_have_param 'error_description', translated_error_message(:access_denied)
+ end
+
+ scenario 'redirects with state parameter' do
+ visit authorization_endpoint_url(client: @client, state: 'return-this')
+ click_on 'Deny'
+
+ i_should_be_on_client_callback @client
+ url_should_not_have_param 'code'
+ url_should_have_param 'state', 'return-this'
+ end
+ end
+end
+
+describe 'Authorization Code Flow Errors', 'after authorization' do
+ before do
+ client_exists
+ authorization_code_exists application: @client
+ end
+
+ it 'returns :invalid_grant error when posting an already revoked grant code' do
+ # First successful request
+ post token_endpoint_url(code: @authorization.token, client: @client)
+
+ # Second attempt with same token
+ expect do
+ post token_endpoint_url(code: @authorization.token, client: @client)
+ end.to_not change { Doorkeeper::AccessToken.count }
+
+ should_not_have_json 'access_token'
+ should_have_json 'error', 'invalid_grant'
+ should_have_json 'error_description', translated_error_message('invalid_grant')
+ end
+
+ it 'returns :invalid_grant error for invalid grant code' do
+ post token_endpoint_url(code: 'invalid', client: @client)
+
+ access_token_should_not_exist
+
+ should_not_have_json 'access_token'
+ should_have_json 'error', 'invalid_grant'
+ should_have_json 'error_description', translated_error_message('invalid_grant')
+ end
+end
diff --git a/doorkeeper/spec/requests/flows/authorization_code_spec.rb b/doorkeeper/spec/requests/flows/authorization_code_spec.rb
new file mode 100644
index 0000000000..6a63b89487
--- /dev/null
+++ b/doorkeeper/spec/requests/flows/authorization_code_spec.rb
@@ -0,0 +1,149 @@
+require 'spec_helper_integration'
+
+feature 'Authorization Code Flow' do
+ background do
+ config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
+ client_exists
+ create_resource_owner
+ sign_in
+ end
+
+ scenario 'resource owner authorizes the client' do
+ visit authorization_endpoint_url(client: @client)
+ click_on 'Authorize'
+
+ access_grant_should_exist_for(@client, @resource_owner)
+
+ i_should_be_on_client_callback(@client)
+
+ url_should_have_param('code', Doorkeeper::AccessGrant.first.token)
+ url_should_not_have_param('state')
+ url_should_not_have_param('error')
+ end
+
+ scenario 'resource owner authorizes using test url' do
+ @client.redirect_uri = Doorkeeper.configuration.native_redirect_uri
+ @client.save!
+ visit authorization_endpoint_url(client: @client)
+ click_on 'Authorize'
+
+ access_grant_should_exist_for(@client, @resource_owner)
+
+ url_should_have_param('code', Doorkeeper::AccessGrant.first.token)
+ i_should_see 'Authorization code:'
+ i_should_see Doorkeeper::AccessGrant.first.token
+ end
+
+ scenario 'resource owner authorizes the client with state parameter set' do
+ visit authorization_endpoint_url(client: @client, state: 'return-me')
+ click_on 'Authorize'
+ url_should_have_param('code', Doorkeeper::AccessGrant.first.token)
+ url_should_have_param('state', 'return-me')
+ end
+
+ scenario 'resource owner requests an access token with authorization code' do
+ visit authorization_endpoint_url(client: @client)
+ click_on 'Authorize'
+
+ authorization_code = Doorkeeper::AccessGrant.first.token
+ create_access_token authorization_code, @client
+
+ access_token_should_exist_for(@client, @resource_owner)
+
+ should_not_have_json 'error'
+
+ should_have_json 'access_token', Doorkeeper::AccessToken.first.token
+ should_have_json 'token_type', 'bearer'
+ should_have_json_within 'expires_in', Doorkeeper::AccessToken.first.expires_in, 1
+ end
+
+ context 'with scopes' do
+ background do
+ default_scopes_exist :public
+ optional_scopes_exist :write
+ end
+
+ scenario 'resource owner authorizes the client with default scopes' do
+ visit authorization_endpoint_url(client: @client)
+ click_on 'Authorize'
+ access_grant_should_exist_for(@client, @resource_owner)
+ access_grant_should_have_scopes :public
+ end
+
+ scenario 'resource owner authorizes the client with required scopes' do
+ visit authorization_endpoint_url(client: @client, scope: 'public write')
+ click_on 'Authorize'
+ access_grant_should_have_scopes :public, :write
+ end
+
+ scenario 'resource owner authorizes the client with required scopes (without defaults)' do
+ visit authorization_endpoint_url(client: @client, scope: 'write')
+ click_on 'Authorize'
+ access_grant_should_have_scopes :write
+ end
+
+ scenario 'new access token matches required scopes' do
+ visit authorization_endpoint_url(client: @client, scope: 'public write')
+ click_on 'Authorize'
+
+ authorization_code = Doorkeeper::AccessGrant.first.token
+ create_access_token authorization_code, @client
+
+ access_token_should_exist_for(@client, @resource_owner)
+ access_token_should_have_scopes :public, :write
+ end
+
+ scenario 'returns new token if scopes have changed' do
+ client_is_authorized(@client, @resource_owner, scopes: 'public write')
+ visit authorization_endpoint_url(client: @client, scope: 'public')
+ click_on 'Authorize'
+
+ authorization_code = Doorkeeper::AccessGrant.first.token
+ create_access_token authorization_code, @client
+
+ expect(Doorkeeper::AccessToken.count).to be(2)
+
+ should_have_json 'access_token', Doorkeeper::AccessToken.last.token
+ end
+
+ scenario 'resource owner authorizes the client with extra scopes' do
+ client_is_authorized(@client, @resource_owner, scopes: 'public')
+ visit authorization_endpoint_url(client: @client, scope: 'public write')
+ click_on 'Authorize'
+
+ authorization_code = Doorkeeper::AccessGrant.first.token
+ create_access_token authorization_code, @client
+
+ expect(Doorkeeper::AccessToken.count).to be(2)
+
+ should_have_json 'access_token', Doorkeeper::AccessToken.last.token
+ access_token_should_have_scopes :public, :write
+ end
+ end
+end
+
+describe 'Authorization Code Flow' do
+ before do
+ Doorkeeper.configure do
+ orm DOORKEEPER_ORM
+ use_refresh_token
+ end
+ client_exists
+ end
+
+ context 'issuing a refresh token' do
+ before do
+ authorization_code_exists application: @client
+ end
+
+ it 'second of simultaneous client requests get an error for revoked acccess token' do
+ authorization_code = Doorkeeper::AccessGrant.first.token
+ allow_any_instance_of(Doorkeeper::AccessGrant).to receive(:revoked?).and_return(false, true)
+
+ post token_endpoint_url(code: authorization_code, client: @client)
+
+ should_not_have_json 'access_token'
+ should_have_json 'error', 'invalid_grant'
+ end
+ end
+end
diff --git a/doorkeeper/spec/requests/flows/client_credentials_spec.rb b/doorkeeper/spec/requests/flows/client_credentials_spec.rb
new file mode 100644
index 0000000000..17de92b5c7
--- /dev/null
+++ b/doorkeeper/spec/requests/flows/client_credentials_spec.rb
@@ -0,0 +1,86 @@
+require 'spec_helper_integration'
+
+describe 'Client Credentials Request' do
+ let(:client) { FactoryBot.create :application }
+
+ context 'a valid request' do
+ it 'authorizes the client and returns the token response' do
+ headers = authorization client.uid, client.secret
+ params = { grant_type: 'client_credentials' }
+
+ post '/oauth/token', params, headers
+
+ should_have_json 'access_token', Doorkeeper::AccessToken.first.token
+ should_have_json_within 'expires_in', Doorkeeper.configuration.access_token_expires_in, 1
+ should_not_have_json 'scope'
+ should_not_have_json 'refresh_token'
+
+ should_not_have_json 'error'
+ should_not_have_json 'error_description'
+ end
+
+ context 'with scopes' do
+ before do
+ optional_scopes_exist :write
+ default_scopes_exist :public
+ end
+
+ it 'adds the scope to the token an returns in the response' do
+ headers = authorization client.uid, client.secret
+ params = { grant_type: 'client_credentials', scope: 'write' }
+
+ post '/oauth/token', params, headers
+
+ should_have_json 'access_token', Doorkeeper::AccessToken.first.token
+ should_have_json 'scope', 'write'
+ end
+
+ context 'that are default' do
+ it 'adds the scope to the token an returns in the response' do
+ headers = authorization client.uid, client.secret
+ params = { grant_type: 'client_credentials', scope: 'public' }
+
+ post '/oauth/token', params, headers
+
+ should_have_json 'access_token', Doorkeeper::AccessToken.first.token
+ should_have_json 'scope', 'public'
+ end
+ end
+
+ context 'that are invalid' do
+ it 'does not authorize the client and returns the error' do
+ headers = authorization client.uid, client.secret
+ params = { grant_type: 'client_credentials', scope: 'random' }
+
+ post '/oauth/token', params, headers
+
+ should_have_json 'error', 'invalid_scope'
+ should_have_json 'error_description', translated_error_message(:invalid_scope)
+ should_not_have_json 'access_token'
+
+ expect(response.status).to eq(401)
+ end
+ end
+ end
+ end
+
+ context 'an invalid request' do
+ it 'does not authorize the client and returns the error' do
+ headers = {}
+ params = { grant_type: 'client_credentials' }
+
+ post '/oauth/token', params, headers
+
+ should_have_json 'error', 'invalid_client'
+ should_have_json 'error_description', translated_error_message(:invalid_client)
+ should_not_have_json 'access_token'
+
+ expect(response.status).to eq(401)
+ end
+ end
+
+ def authorization(username, password)
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials username, password
+ { 'HTTP_AUTHORIZATION' => credentials }
+ end
+end
diff --git a/doorkeeper/spec/requests/flows/implicit_grant_errors_spec.rb b/doorkeeper/spec/requests/flows/implicit_grant_errors_spec.rb
new file mode 100644
index 0000000000..9d9ca31a04
--- /dev/null
+++ b/doorkeeper/spec/requests/flows/implicit_grant_errors_spec.rb
@@ -0,0 +1,32 @@
+require 'spec_helper_integration'
+
+feature 'Implicit Grant Flow Errors' do
+ background do
+ config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
+ config_is_set(:grant_flows, ["implicit"])
+ client_exists
+ create_resource_owner
+ sign_in
+ end
+
+ after do
+ access_token_should_not_exist
+ end
+
+ [
+ [:client_id, :invalid_client],
+ [:redirect_uri, :invalid_redirect_uri]
+ ].each do |error|
+ scenario "displays #{error.last} error for invalid #{error.first}" do
+ visit authorization_endpoint_url(client: @client, error.first => 'invalid', response_type: 'token')
+ i_should_not_see 'Authorize'
+ i_should_see_translated_error_message error.last
+ end
+
+ scenario "displays #{error.last} error when #{error.first} is missing" do
+ visit authorization_endpoint_url(client: @client, error.first => '', response_type: 'token')
+ i_should_not_see 'Authorize'
+ i_should_see_translated_error_message error.last
+ end
+ end
+end
diff --git a/doorkeeper/spec/requests/flows/implicit_grant_spec.rb b/doorkeeper/spec/requests/flows/implicit_grant_spec.rb
new file mode 100644
index 0000000000..ee48860287
--- /dev/null
+++ b/doorkeeper/spec/requests/flows/implicit_grant_spec.rb
@@ -0,0 +1,61 @@
+require 'spec_helper_integration'
+
+feature 'Implicit Grant Flow (feature spec)' do
+ background do
+ config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
+ config_is_set(:grant_flows, ["implicit"])
+ client_exists
+ create_resource_owner
+ sign_in
+ end
+
+ scenario 'resource owner authorizes the client' do
+ visit authorization_endpoint_url(client: @client, response_type: 'token')
+ click_on 'Authorize'
+
+ access_token_should_exist_for @client, @resource_owner
+
+ i_should_be_on_client_callback @client
+ end
+end
+
+describe 'Implicit Grant Flow (request spec)' do
+ before do
+ config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
+ config_is_set(:grant_flows, ["implicit"])
+ client_exists
+ create_resource_owner
+ end
+
+ context 'token reuse' do
+ it 'should return a new token each request' do
+ allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(false)
+
+ token = client_is_authorized(@client, @resource_owner)
+
+ post "/oauth/authorize",
+ client_id: @client.uid,
+ state: '',
+ redirect_uri: @client.redirect_uri,
+ response_type: 'token',
+ commit: 'Authorize'
+
+ expect(response.location).not_to include(token.token)
+ end
+
+ it 'should return the same token if it is still accessible' do
+ allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
+
+ token = client_is_authorized(@client, @resource_owner)
+
+ post "/oauth/authorize",
+ client_id: @client.uid,
+ state: '',
+ redirect_uri: @client.redirect_uri,
+ response_type: 'token',
+ commit: 'Authorize'
+
+ expect(response.location).to include(token.token)
+ end
+ end
+end
diff --git a/doorkeeper/spec/requests/flows/password_spec.rb b/doorkeeper/spec/requests/flows/password_spec.rb
new file mode 100644
index 0000000000..25f8e2943f
--- /dev/null
+++ b/doorkeeper/spec/requests/flows/password_spec.rb
@@ -0,0 +1,154 @@
+require 'spec_helper_integration'
+
+describe 'Resource Owner Password Credentials Flow not set up' do
+ before do
+ client_exists
+ create_resource_owner
+ end
+
+ context 'with valid user credentials' do
+ it 'doesn\'t issue new token' do
+ expect do
+ post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
+ end.to_not change { Doorkeeper::AccessToken.count }
+ end
+ end
+end
+
+describe 'Resource Owner Password Credentials Flow' do
+ before do
+ config_is_set(:grant_flows, ["password"])
+ config_is_set(:resource_owner_from_credentials) { User.authenticate! params[:username], params[:password] }
+ client_exists
+ create_resource_owner
+ end
+
+ context 'with valid user credentials' do
+ it 'should issue new token with confidential client' do
+ expect do
+ post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
+ end.to change { Doorkeeper::AccessToken.count }.by(1)
+
+ token = Doorkeeper::AccessToken.first
+
+ expect(token.application_id).to eq @client.id
+ should_have_json 'access_token', token.token
+ end
+
+ it 'should issue new token with public client (only client_id present)' do
+ expect do
+ post password_token_endpoint_url(client_id: @client.uid, resource_owner: @resource_owner)
+ end.to change { Doorkeeper::AccessToken.count }.by(1)
+
+ token = Doorkeeper::AccessToken.first
+
+ expect(token.application_id).to eq @client.id
+ should_have_json 'access_token', token.token
+ end
+
+ it 'should issue new token without client credentials' do
+ expect do
+ post password_token_endpoint_url(resource_owner: @resource_owner)
+ end.to change { Doorkeeper::AccessToken.count }.by(1)
+
+ token = Doorkeeper::AccessToken.first
+
+ expect(token.application_id).to be_nil
+ should_have_json 'access_token', token.token
+ end
+
+ it 'should issue a refresh token if enabled' do
+ config_is_set(:refresh_token_enabled, true)
+
+ post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
+
+ token = Doorkeeper::AccessToken.first
+
+ should_have_json 'refresh_token', token.refresh_token
+ end
+
+ it 'should return the same token if it is still accessible' do
+ allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
+
+ client_is_authorized(@client, @resource_owner)
+
+ post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
+
+ expect(Doorkeeper::AccessToken.count).to be(1)
+ should_have_json 'access_token', Doorkeeper::AccessToken.first.token
+ end
+
+ context 'with valid, default scope' do
+ before do
+ default_scopes_exist :public
+ end
+
+ it 'should issue new token' do
+ expect do
+ post password_token_endpoint_url(client: @client, resource_owner: @resource_owner, scope: 'public')
+ end.to change { Doorkeeper::AccessToken.count }.by(1)
+
+ token = Doorkeeper::AccessToken.first
+
+ expect(token.application_id).to eq @client.id
+ should_have_json 'access_token', token.token
+ should_have_json 'scope', 'public'
+ end
+ end
+ end
+
+ context 'with invalid scopes' do
+ subject do
+ post password_token_endpoint_url(client: @client,
+ resource_owner: @resource_owner,
+ scope: 'random')
+ end
+
+ it 'should not issue new token' do
+ expect { subject }.to_not(change { Doorkeeper::AccessToken.count })
+ end
+
+ it 'should return invalid_scope error' do
+ subject
+ should_have_json 'error', 'invalid_scope'
+ should_have_json 'error_description', translated_error_message(:invalid_scope)
+ should_not_have_json 'access_token'
+
+ expect(response.status).to eq(401)
+ end
+ end
+
+ context 'with invalid user credentials' do
+ it 'should not issue new token with bad password' do
+ expect do
+ post password_token_endpoint_url(client: @client,
+ resource_owner_username: @resource_owner.name,
+ resource_owner_password: 'wrongpassword')
+ end.to_not change { Doorkeeper::AccessToken.count }
+ end
+
+ it 'should not issue new token without credentials' do
+ expect do
+ post password_token_endpoint_url(client: @client)
+ end.to_not change { Doorkeeper::AccessToken.count }
+ end
+ end
+
+ context 'with invalid confidential client credentials' do
+ it 'should not issue new token with bad client credentials' do
+ expect do
+ post password_token_endpoint_url(client_id: @client.uid,
+ client_secret: 'bad_secret',
+ resource_owner: @resource_owner)
+ end.to_not change { Doorkeeper::AccessToken.count }
+ end
+ end
+
+ context 'with invalid public client id' do
+ it 'should not issue new token with bad client id' do
+ expect do
+ post password_token_endpoint_url(client_id: 'bad_id', resource_owner: @resource_owner)
+ end.to_not change { Doorkeeper::AccessToken.count }
+ end
+ end
+end
diff --git a/doorkeeper/spec/requests/flows/refresh_token_spec.rb b/doorkeeper/spec/requests/flows/refresh_token_spec.rb
new file mode 100644
index 0000000000..32189e6322
--- /dev/null
+++ b/doorkeeper/spec/requests/flows/refresh_token_spec.rb
@@ -0,0 +1,174 @@
+require 'spec_helper_integration'
+
+describe 'Refresh Token Flow' do
+ before do
+ Doorkeeper.configure do
+ orm DOORKEEPER_ORM
+ use_refresh_token
+ end
+ client_exists
+ end
+
+ context 'issuing a refresh token' do
+ before do
+ authorization_code_exists application: @client
+ end
+
+ it 'client gets the refresh token and refreshses it' do
+ post token_endpoint_url(code: @authorization.token, client: @client)
+
+ token = Doorkeeper::AccessToken.first
+
+ should_have_json 'access_token', token.token
+ should_have_json 'refresh_token', token.refresh_token
+
+ expect(@authorization.reload).to be_revoked
+
+ post refresh_token_endpoint_url(client: @client, refresh_token: token.refresh_token)
+
+ new_token = Doorkeeper::AccessToken.last
+ should_have_json 'access_token', new_token.token
+ should_have_json 'refresh_token', new_token.refresh_token
+
+ expect(token.token).not_to eq(new_token.token)
+ expect(token.refresh_token).not_to eq(new_token.refresh_token)
+ end
+ end
+
+ context 'refreshing the token' do
+ before do
+ @token = FactoryBot.create(
+ :access_token,
+ application: @client,
+ resource_owner_id: 1,
+ use_refresh_token: true
+ )
+ end
+
+ context "refresh_token revoked on use" do
+ it 'client request a token with refresh token' do
+ post refresh_token_endpoint_url(
+ client: @client, refresh_token: @token.refresh_token
+ )
+ should_have_json(
+ 'refresh_token', Doorkeeper::AccessToken.last.refresh_token
+ )
+ expect(@token.reload).not_to be_revoked
+ end
+
+ it 'client request a token with expired access token' do
+ @token.update_attribute :expires_in, -100
+ post refresh_token_endpoint_url(
+ client: @client, refresh_token: @token.refresh_token
+ )
+ should_have_json(
+ 'refresh_token', Doorkeeper::AccessToken.last.refresh_token
+ )
+ expect(@token.reload).not_to be_revoked
+ end
+ end
+
+ context "refresh_token revoked on refresh_token request" do
+ before do
+ allow(Doorkeeper::AccessToken).to receive(:refresh_token_revoked_on_use?).and_return(false)
+ end
+
+ it 'client request a token with refresh token' do
+ post refresh_token_endpoint_url(
+ client: @client, refresh_token: @token.refresh_token
+ )
+ should_have_json(
+ 'refresh_token', Doorkeeper::AccessToken.last.refresh_token
+ )
+ expect(@token.reload).to be_revoked
+ end
+
+ it 'client request a token with expired access token' do
+ @token.update_attribute :expires_in, -100
+ post refresh_token_endpoint_url(
+ client: @client, refresh_token: @token.refresh_token
+ )
+ should_have_json(
+ 'refresh_token', Doorkeeper::AccessToken.last.refresh_token
+ )
+ expect(@token.reload).to be_revoked
+ end
+ end
+
+ it 'client gets an error for invalid refresh token' do
+ post refresh_token_endpoint_url(client: @client, refresh_token: 'invalid')
+ should_not_have_json 'refresh_token'
+ should_have_json 'error', 'invalid_grant'
+ end
+
+ it 'client gets an error for revoked access token' do
+ @token.revoke
+ post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
+ should_not_have_json 'refresh_token'
+ should_have_json 'error', 'invalid_grant'
+ end
+
+ it 'second of simultaneous client requests get an error for revoked access token' do
+ allow_any_instance_of(Doorkeeper::AccessToken).to receive(:revoked?).and_return(false, true)
+ post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
+
+ should_not_have_json 'refresh_token'
+ should_have_json 'error', 'invalid_request'
+ end
+ end
+
+ context 'refreshing the token with multiple sessions (devices)' do
+ before do
+ # enable password auth to simulate other devices
+ config_is_set(:grant_flows, ["password"])
+ config_is_set(:resource_owner_from_credentials) do
+ User.authenticate! params[:username], params[:password]
+ end
+ create_resource_owner
+ _another_token = post password_token_endpoint_url(
+ client: @client, resource_owner: @resource_owner
+ )
+ last_token.update_attribute :created_at, 5.seconds.ago
+
+ @token = FactoryBot.create(
+ :access_token,
+ application: @client,
+ resource_owner_id: @resource_owner.id,
+ use_refresh_token: true
+ )
+ @token.update_attribute :expires_in, -100
+ end
+
+ context "refresh_token revoked on use" do
+ it 'client request a token after creating another token with the same user' do
+ post refresh_token_endpoint_url(
+ client: @client, refresh_token: @token.refresh_token
+ )
+
+ should_have_json 'refresh_token', last_token.refresh_token
+ expect(@token.reload).not_to be_revoked
+ end
+ end
+
+ context "refresh_token revoked on refresh_token request" do
+ before do
+ allow(Doorkeeper::AccessToken).to receive(:refresh_token_revoked_on_use?).and_return(false)
+ end
+
+ it 'client request a token after creating another token with the same user' do
+ post refresh_token_endpoint_url(
+ client: @client, refresh_token: @token.refresh_token
+ )
+
+ should_have_json 'refresh_token', last_token.refresh_token
+ expect(@token.reload).to be_revoked
+ end
+ end
+
+ def last_token
+ Doorkeeper::AccessToken.last_authorized_token_for(
+ @client.id, @resource_owner.id
+ )
+ end
+ end
+end
diff --git a/doorkeeper/spec/requests/flows/revoke_token_spec.rb b/doorkeeper/spec/requests/flows/revoke_token_spec.rb
new file mode 100644
index 0000000000..5ae62967c7
--- /dev/null
+++ b/doorkeeper/spec/requests/flows/revoke_token_spec.rb
@@ -0,0 +1,157 @@
+require 'spec_helper_integration'
+
+describe 'Revoke Token Flow' do
+ before do
+ Doorkeeper.configure { orm DOORKEEPER_ORM }
+ end
+
+ context 'with default parameters' do
+ let(:client_application) { FactoryBot.create :application }
+ let(:resource_owner) { User.create!(name: 'John', password: 'sekret') }
+ let(:access_token) do
+ FactoryBot.create(:access_token,
+ application: client_application,
+ resource_owner_id: resource_owner.id,
+ use_refresh_token: true)
+ end
+
+ context 'with authenticated, confidential OAuth 2.0 client/application' do
+ let(:headers) do
+ client_id = client_application.uid
+ client_secret = client_application.secret
+ credentials = Base64.encode64("#{client_id}:#{client_secret}")
+ { 'HTTP_AUTHORIZATION' => "Basic #{credentials}" }
+ end
+
+ it 'should revoke the access token provided' do
+ post revocation_token_endpoint_url, { token: access_token.token }, headers
+
+ access_token.reload
+
+ expect(response).to be_successful
+ expect(access_token.revoked?).to be_truthy
+ end
+
+ it 'should revoke the refresh token provided' do
+ post revocation_token_endpoint_url, { token: access_token.refresh_token }, headers
+
+ access_token.reload
+
+ expect(response).to be_successful
+ expect(access_token.revoked?).to be_truthy
+ end
+
+ context 'with invalid token to revoke' do
+ it 'should not revoke any tokens and respond successfully' do
+ num_prev_revoked_tokens = Doorkeeper::AccessToken.where(revoked_at: nil).count
+ post revocation_token_endpoint_url, { token: 'I_AM_AN_INVALID_TOKEN' }, headers
+
+ # The authorization server responds with HTTP status code 200 even if
+ # token is invalid
+ expect(response).to be_successful
+ expect(Doorkeeper::AccessToken.where(revoked_at: nil).count).to eq(num_prev_revoked_tokens)
+ end
+ end
+
+ context 'with bad credentials and a valid token' do
+ let(:headers) do
+ client_id = client_application.uid
+ credentials = Base64.encode64("#{client_id}:poop")
+ { 'HTTP_AUTHORIZATION' => "Basic #{credentials}" }
+ end
+ it 'should not revoke any tokens and respond successfully' do
+ post revocation_token_endpoint_url, { token: access_token.token }, headers
+
+ access_token.reload
+
+ expect(response).to be_successful
+ expect(access_token.revoked?).to be_falsey
+ end
+ end
+
+ context 'with no credentials and a valid token' do
+ it 'should not revoke any tokens and respond successfully' do
+ post revocation_token_endpoint_url, { token: access_token.token }
+
+ access_token.reload
+
+ expect(response).to be_successful
+ expect(access_token.revoked?).to be_falsey
+ end
+ end
+
+ context 'with valid token for another client application' do
+ let(:other_client_application) { FactoryBot.create :application }
+ let(:headers) do
+ client_id = other_client_application.uid
+ client_secret = other_client_application.secret
+ credentials = Base64.encode64("#{client_id}:#{client_secret}")
+ { 'HTTP_AUTHORIZATION' => "Basic #{credentials}" }
+ end
+
+ it 'should not revoke the token as its unauthorized' do
+ post revocation_token_endpoint_url, { token: access_token.token }, headers
+
+ access_token.reload
+
+ expect(response).to be_successful
+ expect(access_token.revoked?).to be_falsey
+ end
+ end
+ end
+
+ context 'with public OAuth 2.0 client/application' do
+ let(:access_token) do
+ FactoryBot.create(:access_token,
+ application: nil,
+ resource_owner_id: resource_owner.id,
+ use_refresh_token: true)
+ end
+
+ it 'should revoke the access token provided' do
+ post revocation_token_endpoint_url, { token: access_token.token }
+
+ access_token.reload
+
+ expect(response).to be_successful
+ expect(access_token.revoked?).to be_truthy
+ end
+
+ it 'should revoke the refresh token provided' do
+ post revocation_token_endpoint_url, { token: access_token.refresh_token }
+
+ access_token.reload
+
+ expect(response).to be_successful
+ expect(access_token.revoked?).to be_truthy
+ end
+
+ context 'with a valid token issued for a confidential client' do
+ let(:access_token) do
+ FactoryBot.create(:access_token,
+ application: client_application,
+ resource_owner_id: resource_owner.id,
+ use_refresh_token: true)
+ end
+
+ it 'should not revoke the access token provided' do
+ post revocation_token_endpoint_url, { token: access_token.token }
+
+ access_token.reload
+
+ expect(response).to be_successful
+ expect(access_token.revoked?).to be_falsey
+ end
+
+ it 'should not revoke the refresh token provided' do
+ post revocation_token_endpoint_url, { token: access_token.token }
+
+ access_token.reload
+
+ expect(response).to be_successful
+ expect(access_token.revoked?).to be_falsey
+ end
+ end
+ end
+ end
+end
diff --git a/doorkeeper/spec/requests/flows/skip_authorization_spec.rb b/doorkeeper/spec/requests/flows/skip_authorization_spec.rb
new file mode 100644
index 0000000000..567fac323f
--- /dev/null
+++ b/doorkeeper/spec/requests/flows/skip_authorization_spec.rb
@@ -0,0 +1,59 @@
+require 'spec_helper_integration'
+
+feature 'Skip authorization form' do
+ background do
+ config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
+ client_exists
+ default_scopes_exist :public
+ optional_scopes_exist :write
+ end
+
+ context 'for previously authorized clients' do
+ background do
+ create_resource_owner
+ sign_in
+ end
+
+ scenario 'skips the authorization and return a new grant code' do
+ client_is_authorized(@client, @resource_owner, scopes: 'public')
+ visit authorization_endpoint_url(client: @client)
+
+ i_should_not_see 'Authorize'
+ client_should_be_authorized @client
+ i_should_be_on_client_callback @client
+ url_should_have_param 'code', Doorkeeper::AccessGrant.first.token
+ end
+
+ scenario 'does not skip authorization when scopes differ (new request has fewer scopes)' do
+ client_is_authorized(@client, @resource_owner, scopes: 'public write')
+ visit authorization_endpoint_url(client: @client, scope: 'public')
+ i_should_see 'Authorize'
+ end
+
+ scenario 'does not skip authorization when scopes differ (new request has more scopes)' do
+ client_is_authorized(@client, @resource_owner, scopes: 'public write')
+ visit authorization_endpoint_url(client: @client, scopes: 'public write email')
+ i_should_see 'Authorize'
+ end
+
+ scenario 'creates grant with new scope when scopes differ' do
+ client_is_authorized(@client, @resource_owner, scopes: 'public write')
+ visit authorization_endpoint_url(client: @client, scope: 'public')
+ click_on 'Authorize'
+ access_grant_should_have_scopes :public
+ end
+
+ scenario 'doesn not skip authorization when scopes are greater' do
+ client_is_authorized(@client, @resource_owner, scopes: 'public')
+ visit authorization_endpoint_url(client: @client, scope: 'public write')
+ i_should_see 'Authorize'
+ end
+
+ scenario 'creates grant with new scope when scopes are greater' do
+ client_is_authorized(@client, @resource_owner, scopes: 'public')
+ visit authorization_endpoint_url(client: @client, scope: 'public write')
+ click_on 'Authorize'
+ access_grant_should_have_scopes :public, :write
+ end
+ end
+end
diff --git a/doorkeeper/spec/requests/protected_resources/metal_spec.rb b/doorkeeper/spec/requests/protected_resources/metal_spec.rb
new file mode 100644
index 0000000000..8fe08a4e4b
--- /dev/null
+++ b/doorkeeper/spec/requests/protected_resources/metal_spec.rb
@@ -0,0 +1,14 @@
+require 'spec_helper_integration'
+
+describe 'ActionController::Metal API' do
+ before do
+ @client = FactoryBot.create(:application)
+ @resource = User.create!(name: 'Joe', password: 'sekret')
+ @token = client_is_authorized(@client, @resource)
+ end
+
+ it 'client requests protected resource with valid token' do
+ get "/metal.json?access_token=#{@token.token}"
+ should_have_json 'ok', true
+ end
+end
diff --git a/doorkeeper/spec/requests/protected_resources/private_api_spec.rb b/doorkeeper/spec/requests/protected_resources/private_api_spec.rb
new file mode 100644
index 0000000000..7f2a8137d1
--- /dev/null
+++ b/doorkeeper/spec/requests/protected_resources/private_api_spec.rb
@@ -0,0 +1,81 @@
+require 'spec_helper_integration'
+
+feature 'Private API' do
+ background do
+ @client = FactoryBot.create(:application)
+ @resource = User.create!(name: 'Joe', password: 'sekret')
+ @token = client_is_authorized(@client, @resource)
+ end
+
+ scenario 'client requests protected resource with valid token' do
+ with_access_token_header @token.token
+ visit '/full_protected_resources'
+ expect(page.body).to have_content('index')
+ end
+
+ scenario 'client requests protected resource with disabled header authentication' do
+ config_is_set :access_token_methods, [:from_access_token_param]
+ with_access_token_header @token.token
+ visit '/full_protected_resources'
+ response_status_should_be 401
+ end
+
+ scenario 'client attempts to request protected resource with invalid token' do
+ with_access_token_header 'invalid'
+ visit '/full_protected_resources'
+ response_status_should_be 401
+ end
+
+ scenario 'client attempts to request protected resource with expired token' do
+ @token.update_attribute :expires_in, -100 # expires token
+ with_access_token_header @token.token
+ visit '/full_protected_resources'
+ response_status_should_be 401
+ end
+
+ scenario 'client requests protected resource with permanent token' do
+ @token.update_attribute :expires_in, nil # never expires
+ with_access_token_header @token.token
+ visit '/full_protected_resources'
+ expect(page.body).to have_content('index')
+ end
+
+ scenario 'access token with no default scopes' do
+ Doorkeeper.configuration.instance_eval {
+ @default_scopes = Doorkeeper::OAuth::Scopes.from_array([:public])
+ @scopes = default_scopes + optional_scopes
+ }
+ @token.update_attribute :scopes, 'dummy'
+ with_access_token_header @token.token
+ visit '/full_protected_resources'
+ response_status_should_be 403
+ end
+
+ scenario 'access token with no allowed scopes' do
+ @token.update_attribute :scopes, nil
+ with_access_token_header @token.token
+ visit '/full_protected_resources/1.json'
+ response_status_should_be 403
+ end
+
+ scenario 'access token with one of allowed scopes' do
+ @token.update_attribute :scopes, 'admin'
+ with_access_token_header @token.token
+ visit '/full_protected_resources/1.json'
+ expect(page.body).to have_content('show')
+ end
+
+ scenario 'access token with another of allowed scopes' do
+ @token.update_attribute :scopes, 'write'
+ with_access_token_header @token.token
+ visit '/full_protected_resources/1.json'
+ expect(page.body).to have_content('show')
+ end
+
+ scenario 'access token with both allowed scopes' do
+ @token.update_attribute :scopes, 'write admin'
+ with_access_token_header @token.token
+ visit '/full_protected_resources/1.json'
+ expect(page.body).to have_content('show')
+ end
+end
diff --git a/doorkeeper/spec/routing/custom_controller_routes_spec.rb b/doorkeeper/spec/routing/custom_controller_routes_spec.rb
new file mode 100644
index 0000000000..298be9a6c1
--- /dev/null
+++ b/doorkeeper/spec/routing/custom_controller_routes_spec.rb
@@ -0,0 +1,75 @@
+require 'spec_helper_integration'
+
+describe 'Custom controller for routes' do
+ it 'GET /space/scope/authorize routes to custom authorizations controller' do
+ expect(get('/inner_space/scope/authorize')).to route_to('custom_authorizations#new')
+ end
+
+ it 'POST /space/scope/authorize routes to custom authorizations controller' do
+ expect(post('/inner_space/scope/authorize')).to route_to('custom_authorizations#create')
+ end
+
+ it 'DELETE /space/scope/authorize routes to custom authorizations controller' do
+ expect(delete('/inner_space/scope/authorize')).to route_to('custom_authorizations#destroy')
+ end
+
+ it 'POST /space/scope/token routes to tokens controller' do
+ expect(post('/inner_space/scope/token')).to route_to('custom_authorizations#create')
+ end
+
+ it 'GET /space/scope/applications routes to applications controller' do
+ expect(get('/inner_space/scope/applications')).to route_to('custom_authorizations#index')
+ end
+
+ it 'GET /space/scope/token/info routes to the token_info controller' do
+ expect(get('/inner_space/scope/token/info')).to route_to('custom_authorizations#show')
+ end
+
+ it 'GET /space/oauth/authorize routes to custom authorizations controller' do
+ expect(get('/space/oauth/authorize')).to route_to('custom_authorizations#new')
+ end
+
+ it 'POST /space/oauth/authorize routes to custom authorizations controller' do
+ expect(post('/space/oauth/authorize')).to route_to('custom_authorizations#create')
+ end
+
+ it 'DELETE /space/oauth/authorize routes to custom authorizations controller' do
+ expect(delete('/space/oauth/authorize')).to route_to('custom_authorizations#destroy')
+ end
+
+ it 'POST /space/oauth/token routes to tokens controller' do
+ expect(post('/space/oauth/token')).to route_to('custom_authorizations#create')
+ end
+
+ it 'POST /space/oauth/revoke routes to tokens controller' do
+ expect(post('/space/oauth/revoke')).to route_to('custom_authorizations#revoke')
+ end
+
+ it 'POST /space/oauth/introspect routes to tokens controller' do
+ expect(post('/space/oauth/introspect')).to route_to('custom_authorizations#introspect')
+ end
+
+ it 'GET /space/oauth/applications routes to applications controller' do
+ expect(get('/space/oauth/applications')).to route_to('custom_authorizations#index')
+ end
+
+ it 'GET /space/oauth/token/info routes to the token_info controller' do
+ expect(get('/space/oauth/token/info')).to route_to('custom_authorizations#show')
+ end
+
+ it 'POST /outer_space/oauth/token is not be routable' do
+ expect(post('/outer_space/oauth/token')).not_to be_routable
+ end
+
+ it 'GET /outer_space/oauth/authorize routes to custom authorizations controller' do
+ expect(get('/outer_space/oauth/authorize')).to be_routable
+ end
+
+ it 'GET /outer_space/oauth/applications is not routable' do
+ expect(get('/outer_space/oauth/applications')).not_to be_routable
+ end
+
+ it 'GET /outer_space/oauth/token_info is not routable' do
+ expect(get('/outer_space/oauth/token/info')).not_to be_routable
+ end
+end
diff --git a/doorkeeper/spec/routing/default_routes_spec.rb b/doorkeeper/spec/routing/default_routes_spec.rb
new file mode 100644
index 0000000000..ba9cfca4b6
--- /dev/null
+++ b/doorkeeper/spec/routing/default_routes_spec.rb
@@ -0,0 +1,39 @@
+require 'spec_helper_integration'
+
+describe 'Default routes' do
+ it 'GET /oauth/authorize routes to authorizations controller' do
+ expect(get('/oauth/authorize')).to route_to('doorkeeper/authorizations#new')
+ end
+
+ it 'POST /oauth/authorize routes to authorizations controller' do
+ expect(post('/oauth/authorize')).to route_to('doorkeeper/authorizations#create')
+ end
+
+ it 'DELETE /oauth/authorize routes to authorizations controller' do
+ expect(delete('/oauth/authorize')).to route_to('doorkeeper/authorizations#destroy')
+ end
+
+ it 'POST /oauth/token routes to tokens controller' do
+ expect(post('/oauth/token')).to route_to('doorkeeper/tokens#create')
+ end
+
+ it 'POST /oauth/revoke routes to tokens controller' do
+ expect(post('/oauth/revoke')).to route_to('doorkeeper/tokens#revoke')
+ end
+
+ it 'POST /oauth/introspect routes to tokens controller' do
+ expect(post('/oauth/introspect')).to route_to('doorkeeper/tokens#introspect')
+ end
+
+ it 'GET /oauth/applications routes to applications controller' do
+ expect(get('/oauth/applications')).to route_to('doorkeeper/applications#index')
+ end
+
+ it 'GET /oauth/authorized_applications routes to authorized applications controller' do
+ expect(get('/oauth/authorized_applications')).to route_to('doorkeeper/authorized_applications#index')
+ end
+
+ it 'GET /oauth/token/info route to authorized tokeninfo controller' do
+ expect(get('/oauth/token/info')).to route_to('doorkeeper/token_info#show')
+ end
+end
diff --git a/doorkeeper/spec/routing/scoped_routes_spec.rb b/doorkeeper/spec/routing/scoped_routes_spec.rb
new file mode 100644
index 0000000000..64550ce3c3
--- /dev/null
+++ b/doorkeeper/spec/routing/scoped_routes_spec.rb
@@ -0,0 +1,31 @@
+require 'spec_helper_integration'
+
+describe 'Scoped routes' do
+ it 'GET /scope/authorize routes to authorizations controller' do
+ expect(get('/scope/authorize')).to route_to('doorkeeper/authorizations#new')
+ end
+
+ it 'POST /scope/authorize routes to authorizations controller' do
+ expect(post('/scope/authorize')).to route_to('doorkeeper/authorizations#create')
+ end
+
+ it 'DELETE /scope/authorize routes to authorizations controller' do
+ expect(delete('/scope/authorize')).to route_to('doorkeeper/authorizations#destroy')
+ end
+
+ it 'POST /scope/token routes to tokens controller' do
+ expect(post('/scope/token')).to route_to('doorkeeper/tokens#create')
+ end
+
+ it 'GET /scope/applications routes to applications controller' do
+ expect(get('/scope/applications')).to route_to('doorkeeper/applications#index')
+ end
+
+ it 'GET /scope/authorized_applications routes to authorized applications controller' do
+ expect(get('/scope/authorized_applications')).to route_to('doorkeeper/authorized_applications#index')
+ end
+
+ it 'GET /scope/token/info route to authorzed tokeninfo controller' do
+ expect(get('/scope/token/info')).to route_to('doorkeeper/token_info#show')
+ end
+end
diff --git a/doorkeeper/spec/spec_helper.rb b/doorkeeper/spec/spec_helper.rb
new file mode 100644
index 0000000000..34c474d00e
--- /dev/null
+++ b/doorkeeper/spec/spec_helper.rb
@@ -0,0 +1,4 @@
+$LOAD_PATH.unshift File.expand_path(File.join(File.dirname(__FILE__), '../lib'))
+$LOAD_PATH.unshift File.expand_path(File.join(File.dirname(__FILE__), '../app'))
+
+require 'doorkeeper'
diff --git a/doorkeeper/spec/spec_helper_integration.rb b/doorkeeper/spec/spec_helper_integration.rb
new file mode 100644
index 0000000000..6e48036096
--- /dev/null
+++ b/doorkeeper/spec/spec_helper_integration.rb
@@ -0,0 +1,74 @@
+if ENV['TRAVIS']
+ require 'coveralls'
+
+ Coveralls.wear!('rails') do
+ add_filter('/spec/')
+ add_filter('/lib/generators/doorkeeper/templates/')
+ end
+else
+ require 'simplecov'
+
+ SimpleCov.start do
+ add_filter('/spec/')
+ add_filter('/lib/generators/doorkeeper/templates/')
+ end
+end
+
+ENV['RAILS_ENV'] ||= 'test'
+TABLE_NAME_PREFIX = ENV['table_name_prefix'] || nil
+TABLE_NAME_SUFFIX = ENV['table_name_suffix'] || nil
+
+orm = (ENV['BUNDLE_GEMFILE'] || '').match(/Gemfile\.(.+)\.rb/)
+DOORKEEPER_ORM = (orm && orm[1] || :active_record).to_sym
+
+$LOAD_PATH.unshift File.dirname(__FILE__)
+
+require 'capybara/rspec'
+require 'dummy/config/environment'
+require 'rspec/rails'
+require 'generator_spec/test_case'
+require 'database_cleaner'
+
+# Load JRuby SQLite3 if in that platform
+begin
+ require 'jdbc/sqlite3'
+ Jdbc::SQLite3.load_driver
+rescue LoadError
+end
+
+Rails.logger.info "====> Doorkeeper.orm = #{Doorkeeper.configuration.orm}"
+if Doorkeeper.configuration.orm == :active_record
+ Rails.logger.info "======> active_record.table_name_prefix = #{Rails.configuration.active_record.table_name_prefix}"
+ Rails.logger.info "======> active_record.table_name_suffix = #{Rails.configuration.active_record.table_name_suffix}"
+end
+Rails.logger.info "====> Rails version: #{Rails.version}"
+Rails.logger.info "====> Ruby version: #{RUBY_VERSION}"
+
+require "support/orm/#{DOORKEEPER_ORM}"
+
+ENGINE_RAILS_ROOT = File.join(File.dirname(__FILE__), '../')
+
+Dir["#{File.dirname(__FILE__)}/support/{dependencies,helpers,shared}/*.rb"].each { |f| require f }
+
+# Remove after dropping support of Rails 4.2
+require "#{File.dirname(__FILE__)}/support/http_method_shim.rb"
+
+RSpec.configure do |config|
+ config.infer_spec_type_from_file_location!
+ config.mock_with :rspec
+
+ config.infer_base_class_for_anonymous_controllers = false
+
+ config.include RSpec::Rails::RequestExampleGroup, type: :request
+
+ config.before do
+ DatabaseCleaner.start
+ Doorkeeper.configure { orm DOORKEEPER_ORM }
+ end
+
+ config.after do
+ DatabaseCleaner.clean
+ end
+
+ config.order = 'random'
+end
diff --git a/doorkeeper/spec/support/dependencies/factory_girl.rb b/doorkeeper/spec/support/dependencies/factory_girl.rb
new file mode 100644
index 0000000000..98e0cf8d74
--- /dev/null
+++ b/doorkeeper/spec/support/dependencies/factory_girl.rb
@@ -0,0 +1,2 @@
+require 'factory_bot'
+FactoryBot.find_definitions
diff --git a/doorkeeper/spec/support/helpers/access_token_request_helper.rb b/doorkeeper/spec/support/helpers/access_token_request_helper.rb
new file mode 100644
index 0000000000..97fb184992
--- /dev/null
+++ b/doorkeeper/spec/support/helpers/access_token_request_helper.rb
@@ -0,0 +1,11 @@
+module AccessTokenRequestHelper
+ def client_is_authorized(client, resource_owner, access_token_attributes = {})
+ attributes = {
+ application: client,
+ resource_owner_id: resource_owner.id
+ }.merge(access_token_attributes)
+ FactoryBot.create(:access_token, attributes)
+ end
+end
+
+RSpec.configuration.send :include, AccessTokenRequestHelper
diff --git a/doorkeeper/spec/support/helpers/authorization_request_helper.rb b/doorkeeper/spec/support/helpers/authorization_request_helper.rb
new file mode 100644
index 0000000000..c25034a50d
--- /dev/null
+++ b/doorkeeper/spec/support/helpers/authorization_request_helper.rb
@@ -0,0 +1,41 @@
+module AuthorizationRequestHelper
+ def resource_owner_is_authenticated(resource_owner = nil)
+ resource_owner ||= User.create!(name: 'Joe', password: 'sekret')
+ Doorkeeper.configuration.instance_variable_set(:@authenticate_resource_owner, proc { resource_owner })
+ end
+
+ def resource_owner_is_not_authenticated
+ Doorkeeper.configuration.instance_variable_set(:@authenticate_resource_owner, proc { redirect_to('/sign_in') })
+ end
+
+ def default_scopes_exist(*scopes)
+ Doorkeeper.configuration.instance_variable_set(:@default_scopes, Doorkeeper::OAuth::Scopes.from_array(scopes))
+ end
+
+ def optional_scopes_exist(*scopes)
+ Doorkeeper.configuration.instance_variable_set(:@optional_scopes, Doorkeeper::OAuth::Scopes.from_array(scopes))
+ end
+
+ def client_should_be_authorized(client)
+ expect(client.access_grants.size).to eq(1)
+ end
+
+ def client_should_not_be_authorized(client)
+ expect(client.size).to eq(0)
+ end
+
+ def i_should_be_on_client_callback(client)
+ expect(client.redirect_uri).to eq("#{current_uri.scheme}://#{current_uri.host}#{current_uri.path}")
+ end
+
+ def allowing_forgery_protection(&block)
+ _original_value = ActionController::Base.allow_forgery_protection
+ ActionController::Base.allow_forgery_protection = true
+
+ block.call
+ ensure
+ ActionController::Base.allow_forgery_protection = _original_value
+ end
+end
+
+RSpec.configuration.send :include, AuthorizationRequestHelper
diff --git a/doorkeeper/spec/support/helpers/config_helper.rb b/doorkeeper/spec/support/helpers/config_helper.rb
new file mode 100644
index 0000000000..654f6234fb
--- /dev/null
+++ b/doorkeeper/spec/support/helpers/config_helper.rb
@@ -0,0 +1,9 @@
+module ConfigHelper
+ def config_is_set(setting, value = nil, &block)
+ setting_ivar = "@#{setting}"
+ value = block_given? ? block : value
+ Doorkeeper.configuration.instance_variable_set(setting_ivar, value)
+ end
+end
+
+RSpec.configuration.send :include, ConfigHelper
diff --git a/doorkeeper/spec/support/helpers/model_helper.rb b/doorkeeper/spec/support/helpers/model_helper.rb
new file mode 100644
index 0000000000..a75fa1dbcb
--- /dev/null
+++ b/doorkeeper/spec/support/helpers/model_helper.rb
@@ -0,0 +1,72 @@
+module ModelHelper
+ def client_exists(client_attributes = {})
+ @client = FactoryBot.create(:application, client_attributes)
+ end
+
+ def create_resource_owner
+ @resource_owner = User.create!(name: 'Joe', password: 'sekret')
+ end
+
+ def authorization_code_exists(options = {})
+ @authorization = FactoryBot.create(:access_grant, options)
+ end
+
+ def access_grant_should_exist_for(client, resource_owner)
+ grant = Doorkeeper::AccessGrant.first
+
+ expect(grant.application).to have_attributes(id: client.id).
+ and(be_instance_of(Doorkeeper::Application))
+
+ expect(grant.resource_owner_id).to eq(resource_owner.id)
+ end
+
+ def access_token_should_exist_for(client, resource_owner)
+ token = Doorkeeper::AccessToken.first
+
+ expect(token.application).to have_attributes(id: client.id).
+ and(be_instance_of(Doorkeeper::Application))
+
+ expect(token.resource_owner_id).to eq(resource_owner.id)
+ end
+
+ def access_grant_should_not_exist
+ expect(Doorkeeper::AccessGrant.all).to be_empty
+ end
+
+ def access_token_should_not_exist
+ expect(Doorkeeper::AccessToken.all).to be_empty
+ end
+
+ def access_grant_should_have_scopes(*args)
+ grant = Doorkeeper::AccessGrant.first
+ expect(grant.scopes).to eq(Doorkeeper::OAuth::Scopes.from_array(args))
+ end
+
+ def access_token_should_have_scopes(*args)
+ grant = Doorkeeper::AccessToken.last
+ expect(grant.scopes).to eq(Doorkeeper::OAuth::Scopes.from_array(args))
+ end
+
+ def uniqueness_error
+ case DOORKEEPER_ORM
+ when :active_record
+ ActiveRecord::RecordNotUnique
+ when :sequel
+ error_classes = [Sequel::UniqueConstraintViolation, Sequel::ValidationFailed]
+ proc { |error| expect(error.class).to be_in(error_classes) }
+ when :mongo_mapper
+ error_classes = [MongoMapper::DocumentNotValid, Mongo::OperationFailure]
+ proc { |error| expect(error.class).to be_in(error_classes) }
+ when /mongoid/
+ error_classes = [Mongoid::Errors::Validations]
+ error_classes << Moped::Errors::OperationFailure if defined?(::Moped) # Mongoid 4
+ error_classes << Mongo::Error::OperationFailure if defined?(::Mongo) # Mongoid 5
+
+ proc { |error| expect(error.class).to be_in(error_classes) }
+ else
+ raise "'#{DOORKEEPER_ORM}' ORM is not supported!"
+ end
+ end
+end
+
+RSpec.configuration.send :include, ModelHelper
diff --git a/doorkeeper/spec/support/helpers/request_spec_helper.rb b/doorkeeper/spec/support/helpers/request_spec_helper.rb
new file mode 100644
index 0000000000..35bd7b5f21
--- /dev/null
+++ b/doorkeeper/spec/support/helpers/request_spec_helper.rb
@@ -0,0 +1,88 @@
+module RequestSpecHelper
+ def i_should_see(content)
+ expect(page).to have_content(content)
+ end
+
+ def i_should_not_see(content)
+ expect(page).to have_no_content(content)
+ end
+
+ def i_should_be_on(path)
+ expect(current_path).to eq(path)
+ end
+
+ def url_should_have_param(param, value)
+ expect(current_params[param]).to eq(value)
+ end
+
+ def url_should_not_have_param(param)
+ expect(current_params).not_to have_key(param)
+ end
+
+ def current_params
+ Rack::Utils.parse_query(current_uri.query)
+ end
+
+ def current_uri
+ URI.parse(page.current_url)
+ end
+
+ def request_response
+ respond_to?(:response) ? response : page.driver.response
+ end
+
+ def json_response
+ JSON.parse(request_response.body)
+ end
+
+ def should_have_header(header, value)
+ expect(headers[header]).to eq(value)
+ end
+
+ def with_access_token_header(token)
+ with_header 'Authorization', "Bearer #{token}"
+ end
+
+ def with_header(header, value)
+ page.driver.header header, value
+ end
+
+ def basic_auth_header_for_client(client)
+ ActionController::HttpAuthentication::Basic.encode_credentials client.uid, client.secret
+ end
+
+ def should_have_json(key, value)
+ expect(json_response.fetch(key)).to eq(value)
+ end
+
+ def should_have_json_within(key, value, range)
+ expect(json_response.fetch(key)).to be_within(range).of(value)
+ end
+
+ def should_not_have_json(key)
+ expect(json_response).not_to have_key(key)
+ end
+
+ def sign_in
+ visit '/'
+ click_on 'Sign in'
+ end
+
+ def create_access_token(authorization_code, client)
+ page.driver.post token_endpoint_url(code: authorization_code, client: client)
+ end
+
+ def i_should_see_translated_error_message(key)
+ i_should_see translated_error_message(key)
+ end
+
+ def translated_error_message(key)
+ I18n.translate key, scope: %i[doorkeeper errors messages]
+ end
+
+ def response_status_should_be(status)
+ expect(request_response.status.to_i).to eq(status)
+ end
+end
+
+RSpec.configuration.send :include, RequestSpecHelper
diff --git a/doorkeeper/spec/support/helpers/url_helper.rb b/doorkeeper/spec/support/helpers/url_helper.rb
new file mode 100644
index 0000000000..246c181829
--- /dev/null
+++ b/doorkeeper/spec/support/helpers/url_helper.rb
@@ -0,0 +1,56 @@
+module UrlHelper
+ def token_endpoint_url(options = {})
+ parameters = {
+ code: options[:code],
+ client_id: options[:client_id] || (options[:client] ? options[:client].uid : nil),
+ client_secret: options[:client_secret] || (options[:client] ? options[:client].secret : nil),
+ redirect_uri: options[:redirect_uri] || (options[:client] ? options[:client].redirect_uri : nil),
+ grant_type: options[:grant_type] || 'authorization_code'
+ }
+ "/oauth/token?#{build_query(parameters)}"
+ end
+
+ def password_token_endpoint_url(options = {})
+ parameters = {
+ code: options[:code],
+ client_id: options[:client_id] || (options[:client] ? options[:client].uid : nil),
+ client_secret: options[:client_secret] || (options[:client] ? options[:client].secret : nil),
+ username: options[:resource_owner_username] || (options[:resource_owner] ? options[:resource_owner].name : nil),
+ password: options[:resource_owner_password] || (options[:resource_owner] ? options[:resource_owner].password : nil),
+ scope: options[:scope],
+ grant_type: 'password'
+ }
+ "/oauth/token?#{build_query(parameters)}"
+ end
+
+ def authorization_endpoint_url(options = {})
+ parameters = {
+ client_id: options[:client_id] || options[:client].uid,
+ redirect_uri: options[:redirect_uri] || options[:client].redirect_uri,
+ response_type: options[:response_type] || 'code',
+ scope: options[:scope],
+ state: options[:state]
+ }.reject { |_, v| v.blank? }
+ "/oauth/authorize?#{build_query(parameters)}"
+ end
+
+ def refresh_token_endpoint_url(options = {})
+ parameters = {
+ refresh_token: options[:refresh_token],
+ client_id: options[:client_id] || options[:client].uid,
+ client_secret: options[:client_secret] || options[:client].secret,
+ grant_type: options[:grant_type] || 'refresh_token'
+ }
+ "/oauth/token?#{build_query(parameters)}"
+ end
+
+ def revocation_token_endpoint_url
+ '/oauth/revoke'
+ end
+
+ def build_query(hash)
+ Rack::Utils.build_query(hash)
+ end
+end
+
+RSpec.configuration.send :include, UrlHelper
diff --git a/doorkeeper/spec/support/http_method_shim.rb b/doorkeeper/spec/support/http_method_shim.rb
new file mode 100644
index 0000000000..f187abfbec
--- /dev/null
+++ b/doorkeeper/spec/support/http_method_shim.rb
@@ -0,0 +1,38 @@
+# Rails 5 deprecates calling HTTP action methods with positional arguments
+# in favor of keyword arguments. However, the keyword argument form is only
+# supported in Rails 5+. Since we support back to 4, we need some sort of shim
+# to avoid super noisy deprecations when running tests.
+module RoutingHTTPMethodShim
+ def get(path, params = {}, headers = nil)
+ super(path, params: params, headers: headers)
+ end
+
+ def post(path, params = {}, headers = nil)
+ super(path, params: params, headers: headers)
+ end
+
+ def put(path, params = {}, headers = nil)
+ super(path, params: params, headers: headers)
+ end
+end
+
+module ControllerHTTPMethodShim
+ def get(path, params = {})
+ super(path, params: params)
+ end
+
+ def post(path, params = {})
+ super(path, params: params)
+ end
+
+ def put(path, params = {})
+ super(path, params: params)
+ end
+end
+
+if ::Rails::VERSION::MAJOR >= 5
+ RSpec.configure do |config|
+ config.include ControllerHTTPMethodShim, type: :controller
+ config.include RoutingHTTPMethodShim, type: :request
+ end
+end
diff --git a/doorkeeper/spec/support/orm/active_record.rb b/doorkeeper/spec/support/orm/active_record.rb
new file mode 100644
index 0000000000..ff0cad9b2a
--- /dev/null
+++ b/doorkeeper/spec/support/orm/active_record.rb
@@ -0,0 +1,3 @@
+# load schema to in memory sqlite
+ActiveRecord::Migration.verbose = false
+load Rails.root + 'db/schema.rb'
diff --git a/doorkeeper/spec/support/shared/controllers_shared_context.rb b/doorkeeper/spec/support/shared/controllers_shared_context.rb
new file mode 100644
index 0000000000..71c8b1a000
--- /dev/null
+++ b/doorkeeper/spec/support/shared/controllers_shared_context.rb
@@ -0,0 +1,65 @@
+shared_context 'valid token', token: :valid do
+ let(:token_string) { '1A2B3C4D' }
+
+ let :token do
+ double(Doorkeeper::AccessToken,
+ accessible?: true, includes_scope?: true, acceptable?: true,
+ previous_refresh_token: "", revoke_previous_refresh_token!: true)
+ end
+
+ before :each do
+ allow(
+ Doorkeeper::AccessToken
+ ).to receive(:by_token).with(token_string).and_return(token)
+ end
+end
+
+shared_context 'invalid token', token: :invalid do
+ let(:token_string) { '1A2B3C4D' }
+
+ let :token do
+ double(Doorkeeper::AccessToken,
+ accessible?: false, revoked?: false, expired?: false,
+ includes_scope?: false, acceptable?: false,
+ previous_refresh_token: "", revoke_previous_refresh_token!: true)
+ end
+
+ before :each do
+ allow(
+ Doorkeeper::AccessToken
+ ).to receive(:by_token).with(token_string).and_return(token)
+ end
+end
+
+shared_context 'authenticated resource owner' do
+ before do
+ user = double(:resource, id: 1)
+ allow(Doorkeeper.configuration).to receive(:authenticate_resource_owner) { proc { user } }
+ end
+end
+
+shared_context 'not authenticated resource owner' do
+ before do
+ allow(Doorkeeper.configuration).to receive(:authenticate_resource_owner) { proc { redirect_to '/' } }
+ end
+end
+
+shared_context 'valid authorization request' do
+ let :authorization do
+ double(:authorization, valid?: true, authorize: true, success_redirect_uri: 'http://something.com/cb?code=token')
+ end
+
+ before do
+ allow(controller).to receive(:authorization) { authorization }
+ end
+end
+
+shared_context 'invalid authorization request' do
+ let :authorization do
+ double(:authorization, valid?: false, authorize: false, redirect_on_error?: false)
+ end
+
+ before do
+ allow(controller).to receive(:authorization) { authorization }
+ end
+end
diff --git a/doorkeeper/spec/support/shared/models_shared_examples.rb b/doorkeeper/spec/support/shared/models_shared_examples.rb
new file mode 100644
index 0000000000..b0ea26593d
--- /dev/null
+++ b/doorkeeper/spec/support/shared/models_shared_examples.rb
@@ -0,0 +1,52 @@
+shared_examples 'an accessible token' do
+ describe :accessible? do
+ it 'is accessible if token is not expired' do
+ allow(subject).to receive(:expired?).and_return(false)
+ should be_accessible
+ end
+
+ it 'is not accessible if token is expired' do
+ allow(subject).to receive(:expired?).and_return(true)
+ should_not be_accessible
+ end
+ end
+end
+
+shared_examples 'a revocable token' do
+ describe :accessible? do
+ before { subject.save! }
+
+ it 'is accessible if token is not revoked' do
+ expect(subject).to be_accessible
+ end
+
+ it 'is not accessible if token is revoked' do
+ subject.revoke
+ expect(subject).not_to be_accessible
+ end
+ end
+end
+
+shared_examples 'a unique token' do
+ describe :token do
+ it 'is generated before validation' do
+ expect { subject.valid? }.to change { subject.token }.from(nil)
+ end
+
+ it 'is not valid if token exists' do
+ token1 = FactoryBot.create factory_name
+ token2 = FactoryBot.create factory_name
+ token2.token = token1.token
+ expect(token2).not_to be_valid
+ end
+
+ it 'expects database to throw an error when tokens are the same' do
+ token1 = FactoryBot.create factory_name
+ token2 = FactoryBot.create factory_name
+ token2.token = token1.token
+ expect do
+ token2.save!(validate: false)
+ end.to raise_error(uniqueness_error)
+ end
+ end
+end
diff --git a/doorkeeper/spec/validators/redirect_uri_validator_spec.rb b/doorkeeper/spec/validators/redirect_uri_validator_spec.rb
new file mode 100644
index 0000000000..0f36beebe6
--- /dev/null
+++ b/doorkeeper/spec/validators/redirect_uri_validator_spec.rb
@@ -0,0 +1,123 @@
+require 'spec_helper_integration'
+
+describe RedirectUriValidator do
+ subject do
+ FactoryBot.create(:application)
+ end
+
+ it 'is valid when the uri is a uri' do
+ subject.redirect_uri = 'https://example.com/callback'
+ expect(subject).to be_valid
+ end
+
+ # Most mobile and desktop operating systems allow apps to register a custom URL
+ # scheme that will launch the app when a URL with that scheme is visited from
+ # the system browser.
+ #
+ # @see https://www.oauth.com/oauth2-servers/redirect-uris/redirect-uris-native-apps/
+ it 'is valid when the uri is custom native URI' do
+ subject.redirect_uri = 'myapp://callback'
+ expect(subject).to be_valid
+ end
+
+ it 'is valid when the uri has a query parameter' do
+ subject.redirect_uri = 'https://example.com/abcd?xyz=123'
+ expect(subject).to be_valid
+ end
+
+ it 'accepts native redirect uri' do
+ subject.redirect_uri = 'urn:ietf:wg:oauth:2.0:oob'
+ expect(subject).to be_valid
+ end
+
+ it 'rejects if test uri is disabled' do
+ allow(RedirectUriValidator).to receive(:native_redirect_uri).and_return(nil)
+ subject.redirect_uri = 'urn:some:test'
+ expect(subject).not_to be_valid
+ end
+
+ it 'is invalid when the uri is not a uri' do
+ subject.redirect_uri = ']'
+ expect(subject).not_to be_valid
+ expect(subject.errors[:redirect_uri].first).to eq('must be a valid URI.')
+ end
+
+ it 'is invalid when the uri is relative' do
+ subject.redirect_uri = '/abcd'
+ expect(subject).not_to be_valid
+ expect(subject.errors[:redirect_uri].first).to eq('must be an absolute URI.')
+ end
+
+ it 'is invalid when the uri has a fragment' do
+ subject.redirect_uri = 'https://example.com/abcd#xyz'
+ expect(subject).not_to be_valid
+ expect(subject.errors[:redirect_uri].first).to eq('cannot contain a fragment.')
+ end
+
+ context 'force secured uri' do
+ it 'accepts an valid uri' do
+ subject.redirect_uri = 'https://example.com/callback'
+ expect(subject).to be_valid
+ end
+
+ it 'accepts native redirect uri' do
+ subject.redirect_uri = 'urn:ietf:wg:oauth:2.0:oob'
+ expect(subject).to be_valid
+ end
+
+ it 'accepts app redirect uri' do
+ subject.redirect_uri = 'some-awesome-app://oauth/callback'
+ expect(subject).to be_valid
+ end
+
+ it 'accepts a non secured protocol when disabled' do
+ subject.redirect_uri = 'http://example.com/callback'
+ allow(Doorkeeper.configuration).to receive(
+ :force_ssl_in_redirect_uri
+ ).and_return(false)
+ expect(subject).to be_valid
+ end
+
+ it 'accepts a non secured protocol when conditional option defined' do
+ Doorkeeper.configure do
+ orm DOORKEEPER_ORM
+ force_ssl_in_redirect_uri { |uri| uri.host != 'localhost' }
+ end
+
+ application = FactoryBot.build(:application, redirect_uri: 'http://localhost/callback')
+ expect(application).to be_valid
+
+ application = FactoryBot.build(:application, redirect_uri: 'http://localhost2/callback')
+ expect(application).not_to be_valid
+ end
+
+ it 'forbids redirect uri if required' do
+ subject.redirect_uri = 'javascript://document.cookie'
+
+ Doorkeeper.configure do
+ orm DOORKEEPER_ORM
+ forbid_redirect_uri { |uri| uri.scheme == 'javascript' }
+ end
+
+ expect(subject).to be_invalid
+ expect(subject.errors[:redirect_uri].first).to eq('is forbidden by the server.')
+
+ subject.redirect_uri = 'https://localhost/callback'
+ expect(subject).to be_valid
+ end
+
+ it 'invalidates the uri when the uri does not use a secure protocol' do
+ subject.redirect_uri = 'http://example.com/callback'
+ expect(subject).not_to be_valid
+ error = subject.errors[:redirect_uri].first
+ expect(error).to eq('must be an HTTPS/SSL URI.')
+ end
+ end
+
+ context 'multiple redirect uri' do
+ it 'invalidates the second uri when the first uri is native uri' do
+ subject.redirect_uri = "urn:ietf:wg:oauth:2.0:oob\nexample.com/callback"
+ expect(subject).to be_invalid
+ end
+ end
+end
diff --git a/doorkeeper/spec/version/version_spec.rb b/doorkeeper/spec/version/version_spec.rb
new file mode 100644
index 0000000000..22f3c21ceb
--- /dev/null
+++ b/doorkeeper/spec/version/version_spec.rb
@@ -0,0 +1,15 @@
+require 'spec_helper_integration'
+
+describe 'Doorkeeper version' do
+ context '#gem_version' do
+ it 'returns Gem::Version instance' do
+ expect(Doorkeeper.gem_version).to be_an_instance_of(Gem::Version)
+ end
+ end
+
+ context 'VERSION' do
+ it 'returns gem version string' do
+ expect(Doorkeeper::VERSION::STRING).to match(/^\d+\.\d+\.\d+[.\w]?$/)
+ end
+ end
+end
diff --git a/doorkeeper/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css b/doorkeeper/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css
new file mode 100755
index 0000000000..a6db4010a1
--- /dev/null
+++ b/doorkeeper/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css
@@ -0,0 +1,7 @@
+/*!
+ * Bootstrap v3.1.0 (http://getbootstrap.com)
+ * Copyright 2011-2014 Twitter, Inc.
+ * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
+ */
+
+/*! normalize.css v3.0.0 | MIT License | git.io/normalize */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background:0 0}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}input[type=checkbox],input[type=radio]{box-sizing:border-box;padding:0}input[type=number]::-webkit-inner-spin-button,input[type=number]::-webkit-outer-spin-button{height:auto}input[type=search]{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}legend{border:0;padding:0}textarea{overflow:auto}optgroup{font-weight:700}table{border-collapse:collapse;border-spacing:0}td,th{padding:0}@media print{*{text-shadow:none!important;color:#000!important;background:transparent!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100%!important}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}select{background:#fff!important}.navbar{display:none}.table td,.table th{background-color:#fff!important}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000!important}.label{border:1px solid #000}.table{border-collapse:collapse!important}.table-bordered th,.table-bordered td{border:1px solid #ddd!important}}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}:before,:after{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:62.5%;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.428571429;color:#333;background-color:#fff}input,button,select,textarea{font-family:inherit;font-size:inherit;line-height:inherit}a{color:#428bca;text-decoration:none}a:hover,a:focus{color:#2a6496;text-decoration:underline}a:focus{outline:thin dotted;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}figure{margin:0}img{vertical-align:middle}.img-responsive{display:block;max-width:100%;height:auto}.img-rounded{border-radius:6px}.img-thumbnail{padding:4px;line-height:1.428571429;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;transition:all .2s ease-in-out;display:inline-block;max-width:100%;height:auto}.img-circle{border-radius:50%}hr{margin-top:20px;margin-bottom:20px;border:0;border-top:1px solid #eee}.sr-only{position:absolute;width:1px;height:1px;margin:-1px;padding:0;overflow:hidden;clip:rect(0,0,0,0);border:0}h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6{font-family:inherit;font-weight:500;line-height:1.1;color:inherit}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small,.h1 small,.h2 small,.h3 small,.h4 small,.h5 small,.h6 small,h1 .small,h2 .small,h3 .small,h4 .small,h5 .small,h6 .small,.h1 .small,.h2 .small,.h3 .small,.h4 .small,.h5 .small,.h6 .small{font-weight:400;line-height:1;color:#999}h1,.h1,h2,.h2,h3,.h3{margin-top:20px;margin-bottom:10px}h1 small,.h1 small,h2 small,.h2 small,h3 small,.h3 small,h1 .small,.h1 .small,h2 .small,.h2 .small,h3 .small,.h3 .small{font-size:65%}h4,.h4,h5,.h5,h6,.h6{margin-top:10px;margin-bottom:10px}h4 small,.h4 small,h5 small,.h5 small,h6 small,.h6 small,h4 .small,.h4 .small,h5 .small,.h5 .small,h6 .small,.h6 .small{font-size:75%}h1,.h1{font-size:36px}h2,.h2{font-size:30px}h3,.h3{font-size:24px}h4,.h4{font-size:18px}h5,.h5{font-size:14px}h6,.h6{font-size:12px}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:16px;font-weight:200;line-height:1.4}@media (min-width:768px){.lead{font-size:21px}}small,.small{font-size:85%}cite{font-style:normal}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}.text-justify{text-align:justify}.text-muted{color:#999}.text-primary{color:#428bca}a.text-primary:hover{color:#3071a9}.text-success{color:#3c763d}a.text-success:hover{color:#2b542c}.text-info{color:#31708f}a.text-info:hover{color:#245269}.text-warning{color:#8a6d3b}a.text-warning:hover{color:#66512c}.text-danger{color:#a94442}a.text-danger:hover{color:#843534}.bg-primary{color:#fff;background-color:#428bca}a.bg-primary:hover{background-color:#3071a9}.bg-success{background-color:#dff0d8}a.bg-success:hover{background-color:#c1e2b3}.bg-info{background-color:#d9edf7}a.bg-info:hover{background-color:#afd9ee}.bg-warning{background-color:#fcf8e3}a.bg-warning:hover{background-color:#f7ecb5}.bg-danger{background-color:#f2dede}a.bg-danger:hover{background-color:#e4b9b9}.page-header{padding-bottom:9px;margin:40px 0 20px;border-bottom:1px solid #eee}ul,ol{margin-top:0;margin-bottom:10px}ul ul,ol ul,ul ol,ol ol{margin-bottom:0}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none}.list-inline>li{display:inline-block;padding-left:5px;padding-right:5px}.list-inline>li:first-child{padding-left:0}dl{margin-top:0;margin-bottom:20px}dt,dd{line-height:1.428571429}dt{font-weight:700}dd{margin-left:0}@media (min-width:768px){.dl-horizontal dt{float:left;width:160px;clear:left;text-align:right;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}}abbr[title],abbr[data-original-title]{cursor:help;border-bottom:1px dotted #999}.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:10px 20px;margin:0 0 20px;font-size:17.5px;border-left:5px solid #eee}blockquote p:last-child,blockquote ul:last-child,blockquote ol:last-child{margin-bottom:0}blockquote footer,blockquote small,blockquote .small{display:block;font-size:80%;line-height:1.428571429;color:#999}blockquote footer:before,blockquote small:before,blockquote .small:before{content:'\2014 \00A0'}.blockquote-reverse,blockquote.pull-right{padding-right:15px;padding-left:0;border-right:5px solid #eee;border-left:0;text-align:right}.blockquote-reverse footer:before,blockquote.pull-right footer:before,.blockquote-reverse small:before,blockquote.pull-right small:before,.blockquote-reverse .small:before,blockquote.pull-right .small:before{content:''}.blockquote-reverse footer:after,blockquote.pull-right footer:after,.blockquote-reverse small:after,blockquote.pull-right small:after,.blockquote-reverse .small:after,blockquote.pull-right .small:after{content:'\00A0 \2014'}blockquote:before,blockquote:after{content:""}address{margin-bottom:20px;font-style:normal;line-height:1.428571429}code,kbd,pre,samp{font-family:Menlo,Monaco,Consolas,"Courier New",monospace}code{padding:2px 4px;font-size:90%;color:#c7254e;background-color:#f9f2f4;white-space:nowrap;border-radius:4px}kbd{padding:2px 4px;font-size:90%;color:#fff;background-color:#333;border-radius:3px;box-shadow:inset 0 -1px 0 rgba(0,0,0,.25)}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:1.428571429;word-break:break-all;word-wrap:break-word;color:#333;background-color:#f5f5f5;border:1px solid #ccc;border-radius:4px}pre code{padding:0;font-size:inherit;color:inherit;white-space:pre-wrap;background-color:transparent;border-radius:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}.row{margin-left:-15px;margin-right:-15px}.col-xs-1,.col-sm-1,.col-md-1,.col-lg-1,.col-xs-2,.col-sm-2,.col-md-2,.col-lg-2,.col-xs-3,.col-sm-3,.col-md-3,.col-lg-3,.col-xs-4,.col-sm-4,.col-md-4,.col-lg-4,.col-xs-5,.col-sm-5,.col-md-5,.col-lg-5,.col-xs-6,.col-sm-6,.col-md-6,.col-lg-6,.col-xs-7,.col-sm-7,.col-md-7,.col-lg-7,.col-xs-8,.col-sm-8,.col-md-8,.col-lg-8,.col-xs-9,.col-sm-9,.col-md-9,.col-lg-9,.col-xs-10,.col-sm-10,.col-md-10,.col-lg-10,.col-xs-11,.col-sm-11,.col-md-11,.col-lg-11,.col-xs-12,.col-sm-12,.col-md-12,.col-lg-12{position:relative;min-height:1px;padding-left:15px;padding-right:15px}.col-xs-1,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9,.col-xs-10,.col-xs-11,.col-xs-12{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666666666666%}.col-xs-10{width:83.33333333333334%}.col-xs-9{width:75%}.col-xs-8{width:66.66666666666666%}.col-xs-7{width:58.333333333333336%}.col-xs-6{width:50%}.col-xs-5{width:41.66666666666667%}.col-xs-4{width:33.33333333333333%}.col-xs-3{width:25%}.col-xs-2{width:16.666666666666664%}.col-xs-1{width:8.333333333333332%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666666666666%}.col-xs-pull-10{right:83.33333333333334%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666666666666%}.col-xs-pull-7{right:58.333333333333336%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666666666667%}.col-xs-pull-4{right:33.33333333333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.666666666666664%}.col-xs-pull-1{right:8.333333333333332%}.col-xs-pull-0{right:0}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666666666666%}.col-xs-push-10{left:83.33333333333334%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666666666666%}.col-xs-push-7{left:58.333333333333336%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666666666667%}.col-xs-push-4{left:33.33333333333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.666666666666664%}.col-xs-push-1{left:8.333333333333332%}.col-xs-push-0{left:0}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666666666666%}.col-xs-offset-10{margin-left:83.33333333333334%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666666666666%}.col-xs-offset-7{margin-left:58.333333333333336%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666666666667%}.col-xs-offset-4{margin-left:33.33333333333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.666666666666664%}.col-xs-offset-1{margin-left:8.333333333333332%}.col-xs-offset-0{margin-left:0}@media (min-width:768px){.col-sm-1,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-10,.col-sm-11,.col-sm-12{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666666666666%}.col-sm-10{width:83.33333333333334%}.col-sm-9{width:75%}.col-sm-8{width:66.66666666666666%}.col-sm-7{width:58.333333333333336%}.col-sm-6{width:50%}.col-sm-5{width:41.66666666666667%}.col-sm-4{width:33.33333333333333%}.col-sm-3{width:25%}.col-sm-2{width:16.666666666666664%}.col-sm-1{width:8.333333333333332%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666666666666%}.col-sm-pull-10{right:83.33333333333334%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666666666666%}.col-sm-pull-7{right:58.333333333333336%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666666666667%}.col-sm-pull-4{right:33.33333333333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.666666666666664%}.col-sm-pull-1{right:8.333333333333332%}.col-sm-pull-0{right:0}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666666666666%}.col-sm-push-10{left:83.33333333333334%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666666666666%}.col-sm-push-7{left:58.333333333333336%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666666666667%}.col-sm-push-4{left:33.33333333333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.666666666666664%}.col-sm-push-1{left:8.333333333333332%}.col-sm-push-0{left:0}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666666666666%}.col-sm-offset-10{margin-left:83.33333333333334%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666666666666%}.col-sm-offset-7{margin-left:58.333333333333336%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666666666667%}.col-sm-offset-4{margin-left:33.33333333333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.666666666666664%}.col-sm-offset-1{margin-left:8.333333333333332%}.col-sm-offset-0{margin-left:0}}@media (min-width:992px){.col-md-1,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-10,.col-md-11,.col-md-12{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666666666666%}.col-md-10{width:83.33333333333334%}.col-md-9{width:75%}.col-md-8{width:66.66666666666666%}.col-md-7{width:58.333333333333336%}.col-md-6{width:50%}.col-md-5{width:41.66666666666667%}.col-md-4{width:33.33333333333333%}.col-md-3{width:25%}.col-md-2{width:16.666666666666664%}.col-md-1{width:8.333333333333332%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666666666666%}.col-md-pull-10{right:83.33333333333334%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666666666666%}.col-md-pull-7{right:58.333333333333336%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666666666667%}.col-md-pull-4{right:33.33333333333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.666666666666664%}.col-md-pull-1{right:8.333333333333332%}.col-md-pull-0{right:0}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666666666666%}.col-md-push-10{left:83.33333333333334%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666666666666%}.col-md-push-7{left:58.333333333333336%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666666666667%}.col-md-push-4{left:33.33333333333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.666666666666664%}.col-md-push-1{left:8.333333333333332%}.col-md-push-0{left:0}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666666666666%}.col-md-offset-10{margin-left:83.33333333333334%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666666666666%}.col-md-offset-7{margin-left:58.333333333333336%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666666666667%}.col-md-offset-4{margin-left:33.33333333333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.666666666666664%}.col-md-offset-1{margin-left:8.333333333333332%}.col-md-offset-0{margin-left:0}}@media (min-width:1200px){.col-lg-1,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-lg-10,.col-lg-11,.col-lg-12{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666666666666%}.col-lg-10{width:83.33333333333334%}.col-lg-9{width:75%}.col-lg-8{width:66.66666666666666%}.col-lg-7{width:58.333333333333336%}.col-lg-6{width:50%}.col-lg-5{width:41.66666666666667%}.col-lg-4{width:33.33333333333333%}.col-lg-3{width:25%}.col-lg-2{width:16.666666666666664%}.col-lg-1{width:8.333333333333332%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666666666666%}.col-lg-pull-10{right:83.33333333333334%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666666666666%}.col-lg-pull-7{right:58.333333333333336%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666666666667%}.col-lg-pull-4{right:33.33333333333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.666666666666664%}.col-lg-pull-1{right:8.333333333333332%}.col-lg-pull-0{right:0}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666666666666%}.col-lg-push-10{left:83.33333333333334%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666666666666%}.col-lg-push-7{left:58.333333333333336%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666666666667%}.col-lg-push-4{left:33.33333333333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.666666666666664%}.col-lg-push-1{left:8.333333333333332%}.col-lg-push-0{left:0}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666666666666%}.col-lg-offset-10{margin-left:83.33333333333334%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666666666666%}.col-lg-offset-7{margin-left:58.333333333333336%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666666666667%}.col-lg-offset-4{margin-left:33.33333333333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.666666666666664%}.col-lg-offset-1{margin-left:8.333333333333332%}.col-lg-offset-0{margin-left:0}}table{max-width:100%;background-color:transparent}th{text-align:left}.table{width:100%;margin-bottom:20px}.table>thead>tr>th,.table>tbody>tr>th,.table>tfoot>tr>th,.table>thead>tr>td,.table>tbody>tr>td,.table>tfoot>tr>td{padding:8px;line-height:1.428571429;vertical-align:top;border-top:1px solid #ddd}.table>thead>tr>th{vertical-align:bottom;border-bottom:2px solid #ddd}.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>th,.table>caption+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>td,.table>thead:first-child>tr:first-child>td{border-top:0}.table>tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed>thead>tr>th,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>tbody>tr>td,.table-condensed>tfoot>tr>td{padding:5px}.table-bordered{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>tbody>tr>td,.table-bordered>tfoot>tr>td{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>thead>tr>td{border-bottom-width:2px}.table-striped>tbody>tr:nth-child(odd)>td,.table-striped>tbody>tr:nth-child(odd)>th{background-color:#f9f9f9}.table-hover>tbody>tr:hover>td,.table-hover>tbody>tr:hover>th{background-color:#f5f5f5}table col[class*=col-]{position:static;float:none;display:table-column}table td[class*=col-],table th[class*=col-]{position:static;float:none;display:table-cell}.table>thead>tr>td.active,.table>tbody>tr>td.active,.table>tfoot>tr>td.active,.table>thead>tr>th.active,.table>tbody>tr>th.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>tbody>tr.active>td,.table>tfoot>tr.active>td,.table>thead>tr.active>th,.table>tbody>tr.active>th,.table>tfoot>tr.active>th{background-color:#f5f5f5}.table-hover>tbody>tr>td.active:hover,.table-hover>tbody>tr>th.active:hover,.table-hover>tbody>tr.active:hover>td,.table-hover>tbody>tr.active:hover>th{background-color:#e8e8e8}.table>thead>tr>td.success,.table>tbody>tr>td.success,.table>tfoot>tr>td.success,.table>thead>tr>th.success,.table>tbody>tr>th.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>tbody>tr.success>td,.table>tfoot>tr.success>td,.table>thead>tr.success>th,.table>tbody>tr.success>th,.table>tfoot>tr.success>th{background-color:#dff0d8}.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover,.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr.success:hover>th{background-color:#d0e9c6}.table>thead>tr>td.info,.table>tbody>tr>td.info,.table>tfoot>tr>td.info,.table>thead>tr>th.info,.table>tbody>tr>th.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>tbody>tr.info>td,.table>tfoot>tr.info>td,.table>thead>tr.info>th,.table>tbody>tr.info>th,.table>tfoot>tr.info>th{background-color:#d9edf7}.table-hover>tbody>tr>td.info:hover,.table-hover>tbody>tr>th.info:hover,.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr.info:hover>th{background-color:#c4e3f3}.table>thead>tr>td.warning,.table>tbody>tr>td.warning,.table>tfoot>tr>td.warning,.table>thead>tr>th.warning,.table>tbody>tr>th.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>tbody>tr.warning>td,.table>tfoot>tr.warning>td,.table>thead>tr.warning>th,.table>tbody>tr.warning>th,.table>tfoot>tr.warning>th{background-color:#fcf8e3}.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover,.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr.warning:hover>th{background-color:#faf2cc}.table>thead>tr>td.danger,.table>tbody>tr>td.danger,.table>tfoot>tr>td.danger,.table>thead>tr>th.danger,.table>tbody>tr>th.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>tbody>tr.danger>td,.table>tfoot>tr.danger>td,.table>thead>tr.danger>th,.table>tbody>tr.danger>th,.table>tfoot>tr.danger>th{background-color:#f2dede}.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover,.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr.danger:hover>th{background-color:#ebcccc}@media (max-width:767px){.table-responsive{width:100%;margin-bottom:15px;overflow-y:hidden;overflow-x:scroll;-ms-overflow-style:-ms-autohiding-scrollbar;border:1px solid #ddd;-webkit-overflow-scrolling:touch}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>thead>tr>th,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tfoot>tr>td{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>thead>tr>th:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.table-responsive>.table-bordered>thead>tr>th:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>th,.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>td{border-bottom:0}}fieldset{padding:0;margin:0;border:0;min-width:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:inherit;color:#333;border:0;border-bottom:1px solid #e5e5e5}label{display:inline-block;margin-bottom:5px;font-weight:700}input[type=search]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type=radio],input[type=checkbox]{margin:4px 0 0;margin-top:1px \9;line-height:normal}input[type=file]{display:block}input[type=range]{display:block;width:100%}select[multiple],select[size]{height:auto}input[type=file]:focus,input[type=radio]:focus,input[type=checkbox]:focus{outline:thin dotted;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}output{display:block;padding-top:7px;font-size:14px;line-height:1.428571429;color:#555}.form-control{display:block;width:100%;height:34px;padding:6px 12px;font-size:14px;line-height:1.428571429;color:#555;background-color:#fff;background-image:none;border:1px solid #ccc;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075);-webkit-transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s;transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s}.form-control:focus{border-color:#66afe9;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 8px rgba(102,175,233,.6);box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 8px rgba(102,175,233,.6)}.form-control:-moz-placeholder{color:#999}.form-control::-moz-placeholder{color:#999;opacity:1}.form-control:-ms-input-placeholder{color:#999}.form-control::-webkit-input-placeholder{color:#999}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{cursor:not-allowed;background-color:#eee;opacity:1}textarea.form-control{height:auto}input[type=date]{line-height:34px}.form-group{margin-bottom:15px}.radio,.checkbox{display:block;min-height:20px;margin-top:10px;margin-bottom:10px;padding-left:20px}.radio label,.checkbox label{display:inline;font-weight:400;cursor:pointer}.radio input[type=radio],.radio-inline input[type=radio],.checkbox input[type=checkbox],.checkbox-inline input[type=checkbox]{float:left;margin-left:-20px}.radio+.radio,.checkbox+.checkbox{margin-top:-5px}.radio-inline,.checkbox-inline{display:inline-block;padding-left:20px;margin-bottom:0;vertical-align:middle;font-weight:400;cursor:pointer}.radio-inline+.radio-inline,.checkbox-inline+.checkbox-inline{margin-top:0;margin-left:10px}input[type=radio][disabled],input[type=checkbox][disabled],.radio[disabled],.radio-inline[disabled],.checkbox[disabled],.checkbox-inline[disabled],fieldset[disabled] input[type=radio],fieldset[disabled] input[type=checkbox],fieldset[disabled] .radio,fieldset[disabled] .radio-inline,fieldset[disabled] .checkbox,fieldset[disabled] .checkbox-inline{cursor:not-allowed}.input-sm{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-sm{height:30px;line-height:30px}textarea.input-sm,select[multiple].input-sm{height:auto}.input-lg{height:46px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-lg{height:46px;line-height:46px}textarea.input-lg,select[multiple].input-lg{height:auto}.has-feedback{position:relative}.has-feedback .form-control{padding-right:42.5px}.has-feedback .form-control-feedback{position:absolute;top:25px;right:0;display:block;width:34px;height:34px;line-height:34px;text-align:center}.has-success .help-block,.has-success .control-label,.has-success .radio,.has-success .checkbox,.has-success .radio-inline,.has-success .checkbox-inline{color:#3c763d}.has-success .form-control{border-color:#3c763d;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-success .form-control:focus{border-color:#2b542c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #67b168;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #67b168}.has-success .input-group-addon{color:#3c763d;border-color:#3c763d;background-color:#dff0d8}.has-success .form-control-feedback{color:#3c763d}.has-warning .help-block,.has-warning .control-label,.has-warning .radio,.has-warning .checkbox,.has-warning .radio-inline,.has-warning .checkbox-inline{color:#8a6d3b}.has-warning .form-control{border-color:#8a6d3b;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-warning .form-control:focus{border-color:#66512c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #c0a16b;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #c0a16b}.has-warning .input-group-addon{color:#8a6d3b;border-color:#8a6d3b;background-color:#fcf8e3}.has-warning .form-control-feedback{color:#8a6d3b}.has-error .help-block,.has-error .control-label,.has-error .radio,.has-error .checkbox,.has-error .radio-inline,.has-error .checkbox-inline{color:#a94442}.has-error .form-control{border-color:#a94442;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-error .form-control:focus{border-color:#843534;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #ce8483;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #ce8483}.has-error .input-group-addon{color:#a94442;border-color:#a94442;background-color:#f2dede}.has-error .form-control-feedback{color:#a94442}.form-control-static{margin-bottom:0}.help-block{display:block;margin-top:5px;margin-bottom:10px;color:#737373}@media (min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block;width:auto;vertical-align:middle}.form-inline .control-label{margin-bottom:0;vertical-align:middle}.form-inline .radio,.form-inline .checkbox{display:inline-block;margin-top:0;margin-bottom:0;padding-left:0;vertical-align:middle}.form-inline .radio input[type=radio],.form-inline .checkbox input[type=checkbox]{float:none;margin-left:0}.form-inline .has-feedback .form-control-feedback{top:0}}.form-horizontal .control-label,.form-horizontal .radio,.form-horizontal .checkbox,.form-horizontal .radio-inline,.form-horizontal .checkbox-inline{margin-top:0;margin-bottom:0;padding-top:7px}.form-horizontal .radio,.form-horizontal .checkbox{min-height:27px}.form-horizontal .form-group{margin-left:-15px;margin-right:-15px}.form-horizontal .form-control-static{padding-top:7px}@media (min-width:768px){.form-horizontal .control-label{text-align:right}}.form-horizontal .has-feedback .form-control-feedback{top:0;right:15px}.btn{display:inline-block;margin-bottom:0;font-weight:400;text-align:center;vertical-align:middle;cursor:pointer;background-image:none;border:1px solid transparent;white-space:nowrap;padding:6px 12px;font-size:14px;line-height:1.428571429;border-radius:4px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;-o-user-select:none;user-select:none}.btn:focus{outline:thin dotted;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn:hover,.btn:focus{color:#333;text-decoration:none}.btn:active,.btn.active{outline:0;background-image:none;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{cursor:not-allowed;pointer-events:none;opacity:.65;filter:alpha(opacity=65);-webkit-box-shadow:none;box-shadow:none}.btn-default{color:#333;background-color:#fff;border-color:#ccc}.btn-default:hover,.btn-default:focus,.btn-default:active,.btn-default.active,.open .dropdown-toggle.btn-default{color:#333;background-color:#ebebeb;border-color:#adadad}.btn-default:active,.btn-default.active,.open .dropdown-toggle.btn-default{background-image:none}.btn-default.disabled,.btn-default[disabled],fieldset[disabled] .btn-default,.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled:active,.btn-default[disabled]:active,fieldset[disabled] .btn-default:active,.btn-default.disabled.active,.btn-default[disabled].active,fieldset[disabled] .btn-default.active{background-color:#fff;border-color:#ccc}.btn-default .badge{color:#fff;background-color:#333}.btn-primary{color:#fff;background-color:#428bca;border-color:#357ebd}.btn-primary:hover,.btn-primary:focus,.btn-primary:active,.btn-primary.active,.open .dropdown-toggle.btn-primary{color:#fff;background-color:#3276b1;border-color:#285e8e}.btn-primary:active,.btn-primary.active,.open .dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled,.btn-primary[disabled],fieldset[disabled] .btn-primary,.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled:active,.btn-primary[disabled]:active,fieldset[disabled] .btn-primary:active,.btn-primary.disabled.active,.btn-primary[disabled].active,fieldset[disabled] .btn-primary.active{background-color:#428bca;border-color:#357ebd}.btn-primary .badge{color:#428bca;background-color:#fff}.btn-success{color:#fff;background-color:#5cb85c;border-color:#4cae4c}.btn-success:hover,.btn-success:focus,.btn-success:active,.btn-success.active,.open .dropdown-toggle.btn-success{color:#fff;background-color:#47a447;border-color:#398439}.btn-success:active,.btn-success.active,.open .dropdown-toggle.btn-success{background-image:none}.btn-success.disabled,.btn-success[disabled],fieldset[disabled] .btn-success,.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled:active,.btn-success[disabled]:active,fieldset[disabled] .btn-success:active,.btn-success.disabled.active,.btn-success[disabled].active,fieldset[disabled] .btn-success.active{background-color:#5cb85c;border-color:#4cae4c}.btn-success .badge{color:#5cb85c;background-color:#fff}.btn-info{color:#fff;background-color:#5bc0de;border-color:#46b8da}.btn-info:hover,.btn-info:focus,.btn-info:active,.btn-info.active,.open .dropdown-toggle.btn-info{color:#fff;background-color:#39b3d7;border-color:#269abc}.btn-info:active,.btn-info.active,.open .dropdown-toggle.btn-info{background-image:none}.btn-info.disabled,.btn-info[disabled],fieldset[disabled] .btn-info,.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled:active,.btn-info[disabled]:active,fieldset[disabled] .btn-info:active,.btn-info.disabled.active,.btn-info[disabled].active,fieldset[disabled] .btn-info.active{background-color:#5bc0de;border-color:#46b8da}.btn-info .badge{color:#5bc0de;background-color:#fff}.btn-warning{color:#fff;background-color:#f0ad4e;border-color:#eea236}.btn-warning:hover,.btn-warning:focus,.btn-warning:active,.btn-warning.active,.open .dropdown-toggle.btn-warning{color:#fff;background-color:#ed9c28;border-color:#d58512}.btn-warning:active,.btn-warning.active,.open .dropdown-toggle.btn-warning{background-image:none}.btn-warning.disabled,.btn-warning[disabled],fieldset[disabled] .btn-warning,.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled:active,.btn-warning[disabled]:active,fieldset[disabled] .btn-warning:active,.btn-warning.disabled.active,.btn-warning[disabled].active,fieldset[disabled] .btn-warning.active{background-color:#f0ad4e;border-color:#eea236}.btn-warning .badge{color:#f0ad4e;background-color:#fff}.btn-danger{color:#fff;background-color:#d9534f;border-color:#d43f3a}.btn-danger:hover,.btn-danger:focus,.btn-danger:active,.btn-danger.active,.open .dropdown-toggle.btn-danger{color:#fff;background-color:#d2322d;border-color:#ac2925}.btn-danger:active,.btn-danger.active,.open .dropdown-toggle.btn-danger{background-image:none}.btn-danger.disabled,.btn-danger[disabled],fieldset[disabled] .btn-danger,.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled:active,.btn-danger[disabled]:active,fieldset[disabled] .btn-danger:active,.btn-danger.disabled.active,.btn-danger[disabled].active,fieldset[disabled] .btn-danger.active{background-color:#d9534f;border-color:#d43f3a}.btn-danger .badge{color:#d9534f;background-color:#fff}.btn-link{color:#428bca;font-weight:400;cursor:pointer;border-radius:0}.btn-link,.btn-link:active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:hover,.btn-link:focus,.btn-link:active{border-color:transparent}.btn-link:hover,.btn-link:focus{color:#2a6496;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,fieldset[disabled] .btn-link:hover,.btn-link[disabled]:focus,fieldset[disabled] .btn-link:focus{color:#999;text-decoration:none}.btn-lg{padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.btn-sm{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-xs{padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-block{display:block;width:100%;padding-left:0;padding-right:0}.btn-block+.btn-block{margin-top:5px}input[type=submit].btn-block,input[type=reset].btn-block,input[type=button].btn-block{width:100%}.fade{opacity:0;-webkit-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition:height .35s ease;transition:height .35s ease}@font-face{font-family:'Glyphicons Halflings';src:url(../../../../../../../Downloads/bootstrap-3.1.0/dist/fonts/glyphicons-halflings-regular.eot);src:url(../../../../../../../Downloads/bootstrap-3.1.0/dist/fonts/glyphicons-halflings-regular.eot?#iefix) format('embedded-opentype'),url(../../../../../../../Downloads/bootstrap-3.1.0/dist/fonts/glyphicons-halflings-regular.woff) format('woff'),url(../../../../../../../Downloads/bootstrap-3.1.0/dist/fonts/glyphicons-halflings-regular.ttf) format('truetype'),url(../../../../../../../Downloads/bootstrap-3.1.0/dist/fonts/glyphicons-halflings-regular.svg#glyphicons_halflingsregular) format('svg')}.glyphicon{position:relative;top:1px;display:inline-block;font-family:'Glyphicons Halflings';font-style:normal;font-weight:400;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.glyphicon-asterisk:before{content:"\2a"}.glyphicon-plus:before{content:"\2b"}.glyphicon-euro:before{content:"\20ac"}.glyphicon-minus:before{content:"\2212"}.glyphicon-cloud:before{content:"\2601"}.glyphicon-envelope:before{content:"\2709"}.glyphicon-pencil:before{content:"\270f"}.glyphicon-glass:before{content:"\e001"}.glyphicon-music:before{content:"\e002"}.glyphicon-search:before{content:"\e003"}.glyphicon-heart:before{content:"\e005"}.glyphicon-star:before{content:"\e006"}.glyphicon-star-empty:before{content:"\e007"}.glyphicon-user:before{content:"\e008"}.glyphicon-film:before{content:"\e009"}.glyphicon-th-large:before{content:"\e010"}.glyphicon-th:before{content:"\e011"}.glyphicon-th-list:before{content:"\e012"}.glyphicon-ok:before{content:"\e013"}.glyphicon-remove:before{content:"\e014"}.glyphicon-zoom-in:before{content:"\e015"}.glyphicon-zoom-out:before{content:"\e016"}.glyphicon-off:before{content:"\e017"}.glyphicon-signal:before{content:"\e018"}.glyphicon-cog:before{content:"\e019"}.glyphicon-trash:before{content:"\e020"}.glyphicon-home:before{content:"\e021"}.glyphicon-file:before{content:"\e022"}.glyphicon-time:before{content:"\e023"}.glyphicon-road:before{content:"\e024"}.glyphicon-download-alt:before{content:"\e025"}.glyphicon-download:before{content:"\e026"}.glyphicon-upload:before{content:"\e027"}.glyphicon-inbox:before{content:"\e028"}.glyphicon-play-circle:before{content:"\e029"}.glyphicon-repeat:before{content:"\e030"}.glyphicon-refresh:before{content:"\e031"}.glyphicon-list-alt:before{content:"\e032"}.glyphicon-lock:before{content:"\e033"}.glyphicon-flag:before{content:"\e034"}.glyphicon-headphones:before{content:"\e035"}.glyphicon-volume-off:before{content:"\e036"}.glyphicon-volume-down:before{content:"\e037"}.glyphicon-volume-up:before{content:"\e038"}.glyphicon-qrcode:before{content:"\e039"}.glyphicon-barcode:before{content:"\e040"}.glyphicon-tag:before{content:"\e041"}.glyphicon-tags:before{content:"\e042"}.glyphicon-book:before{content:"\e043"}.glyphicon-bookmark:before{content:"\e044"}.glyphicon-print:before{content:"\e045"}.glyphicon-camera:before{content:"\e046"}.glyphicon-font:before{content:"\e047"}.glyphicon-bold:before{content:"\e048"}.glyphicon-italic:before{content:"\e049"}.glyphicon-text-height:before{content:"\e050"}.glyphicon-text-width:before{content:"\e051"}.glyphicon-align-left:before{content:"\e052"}.glyphicon-align-center:before{content:"\e053"}.glyphicon-align-right:before{content:"\e054"}.glyphicon-align-justify:before{content:"\e055"}.glyphicon-list:before{content:"\e056"}.glyphicon-indent-left:before{content:"\e057"}.glyphicon-indent-right:before{content:"\e058"}.glyphicon-facetime-video:before{content:"\e059"}.glyphicon-picture:before{content:"\e060"}.glyphicon-map-marker:before{content:"\e062"}.glyphicon-adjust:before{content:"\e063"}.glyphicon-tint:before{content:"\e064"}.glyphicon-edit:before{content:"\e065"}.glyphicon-share:before{content:"\e066"}.glyphicon-check:before{content:"\e067"}.glyphicon-move:before{content:"\e068"}.glyphicon-step-backward:before{content:"\e069"}.glyphicon-fast-backward:before{content:"\e070"}.glyphicon-backward:before{content:"\e071"}.glyphicon-play:before{content:"\e072"}.glyphicon-pause:before{content:"\e073"}.glyphicon-stop:before{content:"\e074"}.glyphicon-forward:before{content:"\e075"}.glyphicon-fast-forward:before{content:"\e076"}.glyphicon-step-forward:before{content:"\e077"}.glyphicon-eject:before{content:"\e078"}.glyphicon-chevron-left:before{content:"\e079"}.glyphicon-chevron-right:before{content:"\e080"}.glyphicon-plus-sign:before{content:"\e081"}.glyphicon-minus-sign:before{content:"\e082"}.glyphicon-remove-sign:before{content:"\e083"}.glyphicon-ok-sign:before{content:"\e084"}.glyphicon-question-sign:before{content:"\e085"}.glyphicon-info-sign:before{content:"\e086"}.glyphicon-screenshot:before{content:"\e087"}.glyphicon-remove-circle:before{content:"\e088"}.glyphicon-ok-circle:before{content:"\e089"}.glyphicon-ban-circle:before{content:"\e090"}.glyphicon-arrow-left:before{content:"\e091"}.glyphicon-arrow-right:before{content:"\e092"}.glyphicon-arrow-up:before{content:"\e093"}.glyphicon-arrow-down:before{content:"\e094"}.glyphicon-share-alt:before{content:"\e095"}.glyphicon-resize-full:before{content:"\e096"}.glyphicon-resize-small:before{content:"\e097"}.glyphicon-exclamation-sign:before{content:"\e101"}.glyphicon-gift:before{content:"\e102"}.glyphicon-leaf:before{content:"\e103"}.glyphicon-fire:before{content:"\e104"}.glyphicon-eye-open:before{content:"\e105"}.glyphicon-eye-close:before{content:"\e106"}.glyphicon-warning-sign:before{content:"\e107"}.glyphicon-plane:before{content:"\e108"}.glyphicon-calendar:before{content:"\e109"}.glyphicon-random:before{content:"\e110"}.glyphicon-comment:before{content:"\e111"}.glyphicon-magnet:before{content:"\e112"}.glyphicon-chevron-up:before{content:"\e113"}.glyphicon-chevron-down:before{content:"\e114"}.glyphicon-retweet:before{content:"\e115"}.glyphicon-shopping-cart:before{content:"\e116"}.glyphicon-folder-close:before{content:"\e117"}.glyphicon-folder-open:before{content:"\e118"}.glyphicon-resize-vertical:before{content:"\e119"}.glyphicon-resize-horizontal:before{content:"\e120"}.glyphicon-hdd:before{content:"\e121"}.glyphicon-bullhorn:before{content:"\e122"}.glyphicon-bell:before{content:"\e123"}.glyphicon-certificate:before{content:"\e124"}.glyphicon-thumbs-up:before{content:"\e125"}.glyphicon-thumbs-down:before{content:"\e126"}.glyphicon-hand-right:before{content:"\e127"}.glyphicon-hand-left:before{content:"\e128"}.glyphicon-hand-up:before{content:"\e129"}.glyphicon-hand-down:before{content:"\e130"}.glyphicon-circle-arrow-right:before{content:"\e131"}.glyphicon-circle-arrow-left:before{content:"\e132"}.glyphicon-circle-arrow-up:before{content:"\e133"}.glyphicon-circle-arrow-down:before{content:"\e134"}.glyphicon-globe:before{content:"\e135"}.glyphicon-wrench:before{content:"\e136"}.glyphicon-tasks:before{content:"\e137"}.glyphicon-filter:before{content:"\e138"}.glyphicon-briefcase:before{content:"\e139"}.glyphicon-fullscreen:before{content:"\e140"}.glyphicon-dashboard:before{content:"\e141"}.glyphicon-paperclip:before{content:"\e142"}.glyphicon-heart-empty:before{content:"\e143"}.glyphicon-link:before{content:"\e144"}.glyphicon-phone:before{content:"\e145"}.glyphicon-pushpin:before{content:"\e146"}.glyphicon-usd:before{content:"\e148"}.glyphicon-gbp:before{content:"\e149"}.glyphicon-sort:before{content:"\e150"}.glyphicon-sort-by-alphabet:before{content:"\e151"}.glyphicon-sort-by-alphabet-alt:before{content:"\e152"}.glyphicon-sort-by-order:before{content:"\e153"}.glyphicon-sort-by-order-alt:before{content:"\e154"}.glyphicon-sort-by-attributes:before{content:"\e155"}.glyphicon-sort-by-attributes-alt:before{content:"\e156"}.glyphicon-unchecked:before{content:"\e157"}.glyphicon-expand:before{content:"\e158"}.glyphicon-collapse-down:before{content:"\e159"}.glyphicon-collapse-up:before{content:"\e160"}.glyphicon-log-in:before{content:"\e161"}.glyphicon-flash:before{content:"\e162"}.glyphicon-log-out:before{content:"\e163"}.glyphicon-new-window:before{content:"\e164"}.glyphicon-record:before{content:"\e165"}.glyphicon-save:before{content:"\e166"}.glyphicon-open:before{content:"\e167"}.glyphicon-saved:before{content:"\e168"}.glyphicon-import:before{content:"\e169"}.glyphicon-export:before{content:"\e170"}.glyphicon-send:before{content:"\e171"}.glyphicon-floppy-disk:before{content:"\e172"}.glyphicon-floppy-saved:before{content:"\e173"}.glyphicon-floppy-remove:before{content:"\e174"}.glyphicon-floppy-save:before{content:"\e175"}.glyphicon-floppy-open:before{content:"\e176"}.glyphicon-credit-card:before{content:"\e177"}.glyphicon-transfer:before{content:"\e178"}.glyphicon-cutlery:before{content:"\e179"}.glyphicon-header:before{content:"\e180"}.glyphicon-compressed:before{content:"\e181"}.glyphicon-earphone:before{content:"\e182"}.glyphicon-phone-alt:before{content:"\e183"}.glyphicon-tower:before{content:"\e184"}.glyphicon-stats:before{content:"\e185"}.glyphicon-sd-video:before{content:"\e186"}.glyphicon-hd-video:before{content:"\e187"}.glyphicon-subtitles:before{content:"\e188"}.glyphicon-sound-stereo:before{content:"\e189"}.glyphicon-sound-dolby:before{content:"\e190"}.glyphicon-sound-5-1:before{content:"\e191"}.glyphicon-sound-6-1:before{content:"\e192"}.glyphicon-sound-7-1:before{content:"\e193"}.glyphicon-copyright-mark:before{content:"\e194"}.glyphicon-registration-mark:before{content:"\e195"}.glyphicon-cloud-download:before{content:"\e197"}.glyphicon-cloud-upload:before{content:"\e198"}.glyphicon-tree-conifer:before{content:"\e199"}.glyphicon-tree-deciduous:before{content:"\e200"}.caret{display:inline-block;width:0;height:0;margin-left:2px;vertical-align:middle;border-top:4px solid;border-right:4px solid transparent;border-left:4px solid transparent}.dropdown{position:relative}.dropdown-toggle:focus{outline:0}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;list-style:none;font-size:14px;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,.15);border-radius:4px;-webkit-box-shadow:0 6px 12px rgba(0,0,0,.175);box-shadow:0 6px 12px rgba(0,0,0,.175);background-clip:padding-box}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.dropdown-menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:400;line-height:1.428571429;color:#333;white-space:nowrap}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus{text-decoration:none;color:#262626;background-color:#f5f5f5}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{color:#fff;text-decoration:none;outline:0;background-color:#428bca}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{color:#999}.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{text-decoration:none;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);cursor:not-allowed}.open>.dropdown-menu{display:block}.open>a{outline:0}.dropdown-menu-right{left:auto;right:0}.dropdown-menu-left{left:0;right:auto}.dropdown-header{display:block;padding:3px 20px;font-size:12px;line-height:1.428571429;color:#999}.dropdown-backdrop{position:fixed;left:0;right:0;bottom:0;top:0;z-index:990}.pull-right>.dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{border-top:0;border-bottom:4px solid;content:""}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:1px}@media (min-width:768px){.navbar-right .dropdown-menu{left:auto;right:0}.navbar-right .dropdown-menu-left{left:0;right:auto}}.btn-group,.btn-group-vertical{position:relative;display:inline-block;vertical-align:middle}.btn-group>.btn,.btn-group-vertical>.btn{position:relative;float:left}.btn-group>.btn:hover,.btn-group-vertical>.btn:hover,.btn-group>.btn:focus,.btn-group-vertical>.btn:focus,.btn-group>.btn:active,.btn-group-vertical>.btn:active,.btn-group>.btn.active,.btn-group-vertical>.btn.active{z-index:2}.btn-group>.btn:focus,.btn-group-vertical>.btn:focus{outline:0}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group{margin-left:-1px}.btn-toolbar{margin-left:-5px}.btn-toolbar .btn-group,.btn-toolbar .input-group{float:left}.btn-toolbar>.btn,.btn-toolbar>.btn-group,.btn-toolbar>.input-group{margin-left:5px}.btn-group>.btn:not(:first-child):not(:last-child):not(.dropdown-toggle){border-radius:0}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn:first-child:not(:last-child):not(.dropdown-toggle){border-bottom-right-radius:0;border-top-right-radius:0}.btn-group>.btn:last-child:not(:first-child),.btn-group>.dropdown-toggle:not(:first-child){border-bottom-left-radius:0;border-top-left-radius:0}.btn-group>.btn-group{float:left}.btn-group>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group>.btn-group:first-child>.btn:last-child,.btn-group>.btn-group:first-child>.dropdown-toggle{border-bottom-right-radius:0;border-top-right-radius:0}.btn-group>.btn-group:last-child>.btn:first-child{border-bottom-left-radius:0;border-top-left-radius:0}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group-xs>.btn{padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-group-sm>.btn{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-group-lg>.btn{padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.btn-group>.btn+.dropdown-toggle{padding-left:8px;padding-right:8px}.btn-group>.btn-lg+.dropdown-toggle{padding-left:12px;padding-right:12px}.btn-group.open .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125)}.btn-group.open .dropdown-toggle.btn-link{-webkit-box-shadow:none;box-shadow:none}.btn .caret{margin-left:0}.btn-lg .caret{border-width:5px 5px 0;border-bottom-width:0}.dropup .btn-lg .caret{border-width:0 5px 5px}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group,.btn-group-vertical>.btn-group>.btn{display:block;float:none;width:100%;max-width:100%}.btn-group-vertical>.btn-group>.btn{float:none}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:not(:first-child):not(:last-child){border-radius:0}.btn-group-vertical>.btn:first-child:not(:last-child){border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:last-child:not(:first-child){border-bottom-left-radius:4px;border-top-right-radius:0;border-top-left-radius:0}.btn-group-vertical>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group-vertical>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group-vertical>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-right-radius:0;border-top-left-radius:0}.btn-group-justified{display:table;width:100%;table-layout:fixed;border-collapse:separate}.btn-group-justified>.btn,.btn-group-justified>.btn-group{float:none;display:table-cell;width:1%}.btn-group-justified>.btn-group .btn{width:100%}[data-toggle=buttons]>.btn>input[type=radio],[data-toggle=buttons]>.btn>input[type=checkbox]{display:none}.input-group{position:relative;display:table;border-collapse:separate}.input-group[class*=col-]{float:none;padding-left:0;padding-right:0}.input-group .form-control{float:left;width:100%;margin-bottom:0}.input-group-lg>.form-control,.input-group-lg>.input-group-addon,.input-group-lg>.input-group-btn>.btn{height:46px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon,select.input-group-lg>.input-group-btn>.btn{height:46px;line-height:46px}textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon,textarea.input-group-lg>.input-group-btn>.btn,select[multiple].input-group-lg>.form-control,select[multiple].input-group-lg>.input-group-addon,select[multiple].input-group-lg>.input-group-btn>.btn{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon,.input-group-sm>.input-group-btn>.btn{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon,select.input-group-sm>.input-group-btn>.btn{height:30px;line-height:30px}textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon,textarea.input-group-sm>.input-group-btn>.btn,select[multiple].input-group-sm>.form-control,select[multiple].input-group-sm>.input-group-addon,select[multiple].input-group-sm>.input-group-btn>.btn{height:auto}.input-group-addon,.input-group-btn,.input-group .form-control{display:table-cell}.input-group-addon:not(:first-child):not(:last-child),.input-group-btn:not(:first-child):not(:last-child),.input-group .form-control:not(:first-child):not(:last-child){border-radius:0}.input-group-addon,.input-group-btn{width:1%;white-space:nowrap;vertical-align:middle}.input-group-addon{padding:6px 12px;font-size:14px;font-weight:400;line-height:1;color:#555;text-align:center;background-color:#eee;border:1px solid #ccc;border-radius:4px}.input-group-addon.input-sm{padding:5px 10px;font-size:12px;border-radius:3px}.input-group-addon.input-lg{padding:10px 16px;font-size:18px;border-radius:6px}.input-group-addon input[type=radio],.input-group-addon input[type=checkbox]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child,.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group>.btn,.input-group-btn:first-child>.dropdown-toggle,.input-group-btn:last-child>.btn:not(:last-child):not(.dropdown-toggle),.input-group-btn:last-child>.btn-group:not(:last-child)>.btn{border-bottom-right-radius:0;border-top-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child,.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group>.btn,.input-group-btn:last-child>.dropdown-toggle,.input-group-btn:first-child>.btn:not(:first-child),.input-group-btn:first-child>.btn-group:not(:first-child)>.btn{border-bottom-left-radius:0;border-top-left-radius:0}.input-group-addon:last-child{border-left:0}.input-group-btn{position:relative;font-size:0;white-space:nowrap}.input-group-btn>.btn{position:relative}.input-group-btn>.btn+.btn{margin-left:-1px}.input-group-btn>.btn:hover,.input-group-btn>.btn:focus,.input-group-btn>.btn:active{z-index:2}.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group{margin-right:-1px}.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group{margin-left:-1px}.nav{margin-bottom:0;padding-left:0;list-style:none}.nav>li{position:relative;display:block}.nav>li>a{position:relative;display:block;padding:10px 15px}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li.disabled>a{color:#999}.nav>li.disabled>a:hover,.nav>li.disabled>a:focus{color:#999;text-decoration:none;background-color:transparent;cursor:not-allowed}.nav .open>a,.nav .open>a:hover,.nav .open>a:focus{background-color:#eee;border-color:#428bca}.nav .nav-divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.428571429;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #ddd}.nav-tabs>li.active>a,.nav-tabs>li.active>a:hover,.nav-tabs>li.active>a:focus{color:#555;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent;cursor:default}.nav-tabs.nav-justified{width:100%;border-bottom:0}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{text-align:center;margin-bottom:5px}.nav-tabs.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border-bottom-color:#fff}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:hover,.nav-pills>li.active>a:focus{color:#fff;background-color:#428bca}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-top:2px;margin-left:0}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{text-align:center;margin-bottom:5px}.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border-bottom-color:#fff}}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-right-radius:0;border-top-left-radius:0}.navbar{position:relative;min-height:50px;margin-bottom:20px;border:1px solid transparent}@media (min-width:768px){.navbar{border-radius:4px}}@media (min-width:768px){.navbar-header{float:left}}.navbar-collapse{max-height:340px;overflow-x:visible;padding-right:15px;padding-left:15px;border-top:1px solid transparent;box-shadow:inset 0 1px 0 rgba(255,255,255,.1);-webkit-overflow-scrolling:touch}.navbar-collapse.in{overflow-y:auto}@media (min-width:768px){.navbar-collapse{width:auto;border-top:0;box-shadow:none}.navbar-collapse.collapse{display:block!important;height:auto!important;padding-bottom:0;overflow:visible!important}.navbar-collapse.in{overflow-y:visible}.navbar-fixed-top .navbar-collapse,.navbar-static-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{padding-left:0;padding-right:0}}.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:0;margin-left:0}}.navbar-static-top{z-index:1000;border-width:0 0 1px}@media (min-width:768px){.navbar-static-top{border-radius:0}}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030}@media (min-width:768px){.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-fixed-bottom{bottom:0;margin-bottom:0;border-width:1px 0 0}.navbar-brand{float:left;padding:15px;font-size:18px;line-height:20px;height:20px}.navbar-brand:hover,.navbar-brand:focus{text-decoration:none}@media (min-width:768px){.navbar>.container .navbar-brand,.navbar>.container-fluid .navbar-brand{margin-left:-15px}}.navbar-toggle{position:relative;float:right;margin-right:15px;padding:9px 10px;margin-top:8px;margin-bottom:8px;background-color:transparent;background-image:none;border:1px solid transparent;border-radius:4px}.navbar-toggle:focus{outline:0}.navbar-toggle .icon-bar{display:block;width:22px;height:2px;border-radius:1px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media (min-width:768px){.navbar-toggle{display:none}}.navbar-nav{margin:7.5px -15px}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px;line-height:20px}@media (max-width:767px){.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;box-shadow:none}.navbar-nav .open .dropdown-menu>li>a,.navbar-nav .open .dropdown-menu .dropdown-header{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:hover,.navbar-nav .open .dropdown-menu>li>a:focus{background-image:none}}@media (min-width:768px){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-top:15px;padding-bottom:15px}.navbar-nav.navbar-right:last-child{margin-right:-15px}}@media (min-width:768px){.navbar-left{float:left!important}.navbar-right{float:right!important}}.navbar-form{margin-left:-15px;margin-right:-15px;padding:10px 15px;border-top:1px solid transparent;border-bottom:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.1),0 1px 0 rgba(255,255,255,.1);box-shadow:inset 0 1px 0 rgba(255,255,255,.1),0 1px 0 rgba(255,255,255,.1);margin-top:8px;margin-bottom:8px}@media (min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block;width:auto;vertical-align:middle}.navbar-form .control-label{margin-bottom:0;vertical-align:middle}.navbar-form .radio,.navbar-form .checkbox{display:inline-block;margin-top:0;margin-bottom:0;padding-left:0;vertical-align:middle}.navbar-form .radio input[type=radio],.navbar-form .checkbox input[type=checkbox]{float:none;margin-left:0}.navbar-form .has-feedback .form-control-feedback{top:0}}@media (max-width:767px){.navbar-form .form-group{margin-bottom:5px}}@media (min-width:768px){.navbar-form{width:auto;border:0;margin-left:0;margin-right:0;padding-top:0;padding-bottom:0;-webkit-box-shadow:none;box-shadow:none}.navbar-form.navbar-right:last-child{margin-right:-15px}}.navbar-nav>li>.dropdown-menu{margin-top:0;border-top-right-radius:0;border-top-left-radius:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{border-bottom-right-radius:0;border-bottom-left-radius:0}.navbar-btn{margin-top:8px;margin-bottom:8px}.navbar-btn.btn-sm{margin-top:10px;margin-bottom:10px}.navbar-btn.btn-xs{margin-top:14px;margin-bottom:14px}.navbar-text{margin-top:15px;margin-bottom:15px}@media (min-width:768px){.navbar-text{float:left;margin-left:15px;margin-right:15px}.navbar-text.navbar-right:last-child{margin-right:0}}.navbar-default{background-color:#f8f8f8;border-color:#e7e7e7}.navbar-default .navbar-brand{color:#777}.navbar-default .navbar-brand:hover,.navbar-default .navbar-brand:focus{color:#5e5e5e;background-color:transparent}.navbar-default .navbar-text{color:#777}.navbar-default .navbar-nav>li>a{color:#777}.navbar-default .navbar-nav>li>a:hover,.navbar-default .navbar-nav>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:hover,.navbar-default .navbar-nav>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:hover,.navbar-default .navbar-nav>.disabled>a:focus{color:#ccc;background-color:transparent}.navbar-default .navbar-toggle{border-color:#ddd}.navbar-default .navbar-toggle:hover,.navbar-default .navbar-toggle:focus{background-color:#ddd}.navbar-default .navbar-toggle .icon-bar{background-color:#888}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#e7e7e7}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:hover,.navbar-default .navbar-nav>.open>a:focus{background-color:#e7e7e7;color:#555}@media (max-width:767px){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#ccc;background-color:transparent}}.navbar-default .navbar-link{color:#777}.navbar-default .navbar-link:hover{color:#333}.navbar-inverse{background-color:#222;border-color:#080808}.navbar-inverse .navbar-brand{color:#999}.navbar-inverse .navbar-brand:hover,.navbar-inverse .navbar-brand:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-text{color:#999}.navbar-inverse .navbar-nav>li>a{color:#999}.navbar-inverse .navbar-nav>li>a:hover,.navbar-inverse .navbar-nav>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:hover,.navbar-inverse .navbar-nav>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:hover,.navbar-inverse .navbar-nav>.disabled>a:focus{color:#444;background-color:transparent}.navbar-inverse .navbar-toggle{border-color:#333}.navbar-inverse .navbar-toggle:hover,.navbar-inverse .navbar-toggle:focus{background-color:#333}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#101010}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:hover,.navbar-inverse .navbar-nav>.open>a:focus{background-color:#080808;color:#fff}@media (max-width:767px){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu .divider{background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#999}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#444;background-color:transparent}}.navbar-inverse .navbar-link{color:#999}.navbar-inverse .navbar-link:hover{color:#fff}.breadcrumb{padding:8px 15px;margin-bottom:20px;list-style:none;background-color:#f5f5f5;border-radius:4px}.breadcrumb>li{display:inline-block}.breadcrumb>li+li:before{content:"/\00a0";padding:0 5px;color:#ccc}.breadcrumb>.active{color:#999}.pagination{display:inline-block;padding-left:0;margin:20px 0;border-radius:4px}.pagination>li{display:inline}.pagination>li>a,.pagination>li>span{position:relative;float:left;padding:6px 12px;line-height:1.428571429;text-decoration:none;color:#428bca;background-color:#fff;border:1px solid #ddd;margin-left:-1px}.pagination>li:first-child>a,.pagination>li:first-child>span{margin-left:0;border-bottom-left-radius:4px;border-top-left-radius:4px}.pagination>li:last-child>a,.pagination>li:last-child>span{border-bottom-right-radius:4px;border-top-right-radius:4px}.pagination>li>a:hover,.pagination>li>span:hover,.pagination>li>a:focus,.pagination>li>span:focus{color:#2a6496;background-color:#eee;border-color:#ddd}.pagination>.active>a,.pagination>.active>span,.pagination>.active>a:hover,.pagination>.active>span:hover,.pagination>.active>a:focus,.pagination>.active>span:focus{z-index:2;color:#fff;background-color:#428bca;border-color:#428bca;cursor:default}.pagination>.disabled>span,.pagination>.disabled>span:hover,.pagination>.disabled>span:focus,.pagination>.disabled>a,.pagination>.disabled>a:hover,.pagination>.disabled>a:focus{color:#999;background-color:#fff;border-color:#ddd;cursor:not-allowed}.pagination-lg>li>a,.pagination-lg>li>span{padding:10px 16px;font-size:18px}.pagination-lg>li:first-child>a,.pagination-lg>li:first-child>span{border-bottom-left-radius:6px;border-top-left-radius:6px}.pagination-lg>li:last-child>a,.pagination-lg>li:last-child>span{border-bottom-right-radius:6px;border-top-right-radius:6px}.pagination-sm>li>a,.pagination-sm>li>span{padding:5px 10px;font-size:12px}.pagination-sm>li:first-child>a,.pagination-sm>li:first-child>span{border-bottom-left-radius:3px;border-top-left-radius:3px}.pagination-sm>li:last-child>a,.pagination-sm>li:last-child>span{border-bottom-right-radius:3px;border-top-right-radius:3px}.pager{padding-left:0;margin:20px 0;list-style:none;text-align:center}.pager li{display:inline}.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;border-radius:15px}.pager li>a:hover,.pager li>a:focus{text-decoration:none;background-color:#eee}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>a:focus,.pager .disabled>span{color:#999;background-color:#fff;cursor:not-allowed}.label{display:inline;padding:.2em .6em .3em;font-size:75%;font-weight:700;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25em}.label[href]:hover,.label[href]:focus{color:#fff;text-decoration:none;cursor:pointer}.label:empty{display:none}.btn .label{position:relative;top:-1px}.label-default{background-color:#999}.label-default[href]:hover,.label-default[href]:focus{background-color:gray}.label-primary{background-color:#428bca}.label-primary[href]:hover,.label-primary[href]:focus{background-color:#3071a9}.label-success{background-color:#5cb85c}.label-success[href]:hover,.label-success[href]:focus{background-color:#449d44}.label-info{background-color:#5bc0de}.label-info[href]:hover,.label-info[href]:focus{background-color:#31b0d5}.label-warning{background-color:#f0ad4e}.label-warning[href]:hover,.label-warning[href]:focus{background-color:#ec971f}.label-danger{background-color:#d9534f}.label-danger[href]:hover,.label-danger[href]:focus{background-color:#c9302c}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:700;color:#fff;line-height:1;vertical-align:baseline;white-space:nowrap;text-align:center;background-color:#999;border-radius:10px}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.btn-xs .badge{top:0;padding:1px 5px}a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}a.list-group-item.active>.badge,.nav-pills>.active>a>.badge{color:#428bca;background-color:#fff}.nav-pills>li>a>.badge{margin-left:3px}.jumbotron{padding:30px;margin-bottom:30px;color:inherit;background-color:#eee}.jumbotron h1,.jumbotron .h1{color:inherit}.jumbotron p{margin-bottom:15px;font-size:21px;font-weight:200}.container .jumbotron{border-radius:6px}.jumbotron .container{max-width:100%}@media screen and (min-width:768px){.jumbotron{padding-top:48px;padding-bottom:48px}.container .jumbotron{padding-left:60px;padding-right:60px}.jumbotron h1,.jumbotron .h1{font-size:63px}}.thumbnail{display:block;padding:4px;margin-bottom:20px;line-height:1.428571429;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.thumbnail>img,.thumbnail a>img{display:block;max-width:100%;height:auto;margin-left:auto;margin-right:auto}a.thumbnail:hover,a.thumbnail:focus,a.thumbnail.active{border-color:#428bca}.thumbnail .caption{padding:9px;color:#333}.alert{padding:15px;margin-bottom:20px;border:1px solid transparent;border-radius:4px}.alert h4{margin-top:0;color:inherit}.alert .alert-link{font-weight:700}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable{padding-right:35px}.alert-dismissable .close{position:relative;top:-2px;right:-21px;color:inherit}.alert-success{background-color:#dff0d8;border-color:#d6e9c6;color:#3c763d}.alert-success hr{border-top-color:#c9e2b3}.alert-success .alert-link{color:#2b542c}.alert-info{background-color:#d9edf7;border-color:#bce8f1;color:#31708f}.alert-info hr{border-top-color:#a6e1ec}.alert-info .alert-link{color:#245269}.alert-warning{background-color:#fcf8e3;border-color:#faebcc;color:#8a6d3b}.alert-warning hr{border-top-color:#f7e1b5}.alert-warning .alert-link{color:#66512c}.alert-danger{background-color:#f2dede;border-color:#ebccd1;color:#a94442}.alert-danger hr{border-top-color:#e4b9c0}.alert-danger .alert-link{color:#843534}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{overflow:hidden;height:20px;margin-bottom:20px;background-color:#f5f5f5;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,.1);box-shadow:inset 0 1px 2px rgba(0,0,0,.1)}.progress-bar{float:left;width:0;height:100%;font-size:12px;line-height:20px;color:#fff;text-align:center;background-color:#428bca;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,.15);-webkit-transition:width .6s ease;transition:width .6s ease}.progress-striped .progress-bar{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-size:40px 40px}.progress.active .progress-bar{-webkit-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#5cb85c}.progress-striped .progress-bar-success{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.progress-bar-info{background-color:#5bc0de}.progress-striped .progress-bar-info{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.progress-bar-warning{background-color:#f0ad4e}.progress-striped .progress-bar-warning{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.progress-bar-danger{background-color:#d9534f}.progress-striped .progress-bar-danger{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.media,.media-body{overflow:hidden;zoom:1}.media,.media .media{margin-top:15px}.media:first-child{margin-top:0}.media-object{display:block}.media-heading{margin:0 0 5px}.media>.pull-left{margin-right:10px}.media>.pull-right{margin-left:10px}.media-list{padding-left:0;list-style:none}.list-group{margin-bottom:20px;padding-left:0}.list-group-item{position:relative;display:block;padding:10px 15px;margin-bottom:-1px;background-color:#fff;border:1px solid #ddd}.list-group-item:first-child{border-top-right-radius:4px;border-top-left-radius:4px}.list-group-item:last-child{margin-bottom:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.list-group-item>.badge{float:right}.list-group-item>.badge+.badge{margin-right:5px}a.list-group-item{color:#555}a.list-group-item .list-group-item-heading{color:#333}a.list-group-item:hover,a.list-group-item:focus{text-decoration:none;background-color:#f5f5f5}a.list-group-item.active,a.list-group-item.active:hover,a.list-group-item.active:focus{z-index:2;color:#fff;background-color:#428bca;border-color:#428bca}a.list-group-item.active .list-group-item-heading,a.list-group-item.active:hover .list-group-item-heading,a.list-group-item.active:focus .list-group-item-heading{color:inherit}a.list-group-item.active .list-group-item-text,a.list-group-item.active:hover .list-group-item-text,a.list-group-item.active:focus .list-group-item-text{color:#e1edf7}.list-group-item-success{color:#3c763d;background-color:#dff0d8}a.list-group-item-success{color:#3c763d}a.list-group-item-success .list-group-item-heading{color:inherit}a.list-group-item-success:hover,a.list-group-item-success:focus{color:#3c763d;background-color:#d0e9c6}a.list-group-item-success.active,a.list-group-item-success.active:hover,a.list-group-item-success.active:focus{color:#fff;background-color:#3c763d;border-color:#3c763d}.list-group-item-info{color:#31708f;background-color:#d9edf7}a.list-group-item-info{color:#31708f}a.list-group-item-info .list-group-item-heading{color:inherit}a.list-group-item-info:hover,a.list-group-item-info:focus{color:#31708f;background-color:#c4e3f3}a.list-group-item-info.active,a.list-group-item-info.active:hover,a.list-group-item-info.active:focus{color:#fff;background-color:#31708f;border-color:#31708f}.list-group-item-warning{color:#8a6d3b;background-color:#fcf8e3}a.list-group-item-warning{color:#8a6d3b}a.list-group-item-warning .list-group-item-heading{color:inherit}a.list-group-item-warning:hover,a.list-group-item-warning:focus{color:#8a6d3b;background-color:#faf2cc}a.list-group-item-warning.active,a.list-group-item-warning.active:hover,a.list-group-item-warning.active:focus{color:#fff;background-color:#8a6d3b;border-color:#8a6d3b}.list-group-item-danger{color:#a94442;background-color:#f2dede}a.list-group-item-danger{color:#a94442}a.list-group-item-danger .list-group-item-heading{color:inherit}a.list-group-item-danger:hover,a.list-group-item-danger:focus{color:#a94442;background-color:#ebcccc}a.list-group-item-danger.active,a.list-group-item-danger.active:hover,a.list-group-item-danger.active:focus{color:#fff;background-color:#a94442;border-color:#a94442}.list-group-item-heading{margin-top:0;margin-bottom:5px}.list-group-item-text{margin-bottom:0;line-height:1.3}.panel{margin-bottom:20px;background-color:#fff;border:1px solid transparent;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,.05);box-shadow:0 1px 1px rgba(0,0,0,.05)}.panel-body{padding:15px}.panel>.list-group{margin-bottom:0}.panel>.list-group .list-group-item{border-width:1px 0;border-radius:0}.panel>.list-group .list-group-item:first-child{border-top:0}.panel>.list-group .list-group-item:last-child{border-bottom:0}.panel>.list-group:first-child .list-group-item:first-child{border-top-right-radius:3px;border-top-left-radius:3px}.panel>.list-group:last-child .list-group-item:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.panel>.table,.panel>.table-responsive>.table{margin-bottom:0}.panel>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:first-child{border-top-left-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:last-child{border-top-right-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:first-child{border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:last-child{border-bottom-right-radius:3px}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive{border-top:1px solid #ddd}.panel>.table>tbody:first-child>tr:first-child th,.panel>.table>tbody:first-child>tr:first-child td{border-top:0}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.panel>.table-bordered>thead>tr:first-child>th,.panel>.table-responsive>.table-bordered>thead>tr:first-child>th,.panel>.table-bordered>tbody>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>th,.panel>.table-bordered>tfoot>tr:first-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:first-child>th,.panel>.table-bordered>thead>tr:first-child>td,.panel>.table-responsive>.table-bordered>thead>tr:first-child>td,.panel>.table-bordered>tbody>tr:first-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>td,.panel>.table-bordered>tfoot>tr:first-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:first-child>td{border-top:0}.panel>.table-bordered>thead>tr:last-child>th,.panel>.table-responsive>.table-bordered>thead>tr:last-child>th,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th,.panel>.table-bordered>thead>tr:last-child>td,.panel>.table-responsive>.table-bordered>thead>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td{border-bottom:0}.panel>.table-responsive{border:0;margin-bottom:0}.panel-heading{padding:10px 15px;border-bottom:1px solid transparent;border-top-right-radius:3px;border-top-left-radius:3px}.panel-heading>.dropdown .dropdown-toggle{color:inherit}.panel-title{margin-top:0;margin-bottom:0;font-size:16px;color:inherit}.panel-title>a{color:inherit}.panel-footer{padding:10px 15px;background-color:#f5f5f5;border-top:1px solid #ddd;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel-group{margin-bottom:20px}.panel-group .panel{margin-bottom:0;border-radius:4px;overflow:hidden}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse .panel-body{border-top:1px solid #ddd}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #ddd}.panel-default{border-color:#ddd}.panel-default>.panel-heading{color:#333;background-color:#f5f5f5;border-color:#ddd}.panel-default>.panel-heading+.panel-collapse .panel-body{border-top-color:#ddd}.panel-default>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#ddd}.panel-primary{border-color:#428bca}.panel-primary>.panel-heading{color:#fff;background-color:#428bca;border-color:#428bca}.panel-primary>.panel-heading+.panel-collapse .panel-body{border-top-color:#428bca}.panel-primary>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#428bca}.panel-success{border-color:#d6e9c6}.panel-success>.panel-heading{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.panel-success>.panel-heading+.panel-collapse .panel-body{border-top-color:#d6e9c6}.panel-success>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#d6e9c6}.panel-info{border-color:#bce8f1}.panel-info>.panel-heading{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.panel-info>.panel-heading+.panel-collapse .panel-body{border-top-color:#bce8f1}.panel-info>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#bce8f1}.panel-warning{border-color:#faebcc}.panel-warning>.panel-heading{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.panel-warning>.panel-heading+.panel-collapse .panel-body{border-top-color:#faebcc}.panel-warning>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#faebcc}.panel-danger{border-color:#ebccd1}.panel-danger>.panel-heading{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.panel-danger>.panel-heading+.panel-collapse .panel-body{border-top-color:#ebccd1}.panel-danger>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#ebccd1}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.05);box-shadow:inset 0 1px 1px rgba(0,0,0,.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,.15)}.well-lg{padding:24px;border-radius:6px}.well-sm{padding:9px;border-radius:3px}.close{float:right;font-size:21px;font-weight:700;line-height:1;color:#000;text-shadow:0 1px 0 #fff;opacity:.2;filter:alpha(opacity=20)}.close:hover,.close:focus{color:#000;text-decoration:none;cursor:pointer;opacity:.5;filter:alpha(opacity=50)}button.close{padding:0;cursor:pointer;background:0 0;border:0;-webkit-appearance:none}.modal-open{overflow:hidden}.modal{display:none;overflow:auto;overflow-y:scroll;position:fixed;top:0;right:0;bottom:0;left:0;z-index:1050;-webkit-overflow-scrolling:touch;outline:0}.modal.fade .modal-dialog{-webkit-transform:translate(0,-25%);-ms-transform:translate(0,-25%);transform:translate(0,-25%);-webkit-transition:-webkit-transform .3s ease-out;-moz-transition:-moz-transform .3s ease-out;-o-transition:-o-transform .3s ease-out;transition:transform .3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0,0);-ms-transform:translate(0,0);transform:translate(0,0)}.modal-dialog{position:relative;width:auto;margin:10px}.modal-content{position:relative;background-color:#fff;border:1px solid #999;border:1px solid rgba(0,0,0,.2);border-radius:6px;-webkit-box-shadow:0 3px 9px rgba(0,0,0,.5);box-shadow:0 3px 9px rgba(0,0,0,.5);background-clip:padding-box;outline:0}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{opacity:0;filter:alpha(opacity=0)}.modal-backdrop.in{opacity:.5;filter:alpha(opacity=50)}.modal-header{padding:15px;border-bottom:1px solid #e5e5e5;min-height:16.428571429px}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.428571429}.modal-body{position:relative;padding:20px}.modal-footer{margin-top:15px;padding:19px 20px 20px;text-align:right;border-top:1px solid #e5e5e5}.modal-footer .btn+.btn{margin-left:5px;margin-bottom:0}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}@media (min-width:768px){.modal-dialog{width:600px;margin:30px auto}.modal-content{-webkit-box-shadow:0 5px 15px rgba(0,0,0,.5);box-shadow:0 5px 15px rgba(0,0,0,.5)}.modal-sm{width:300px}.modal-lg{width:900px}}.tooltip{position:absolute;z-index:1030;display:block;visibility:visible;font-size:12px;line-height:1.4;opacity:0;filter:alpha(opacity=0)}.tooltip.in{opacity:.9;filter:alpha(opacity=90)}.tooltip.top{margin-top:-3px;padding:5px 0}.tooltip.right{margin-left:3px;padding:0 5px}.tooltip.bottom{margin-top:3px;padding:5px 0}.tooltip.left{margin-left:-3px;padding:0 5px}.tooltip-inner{max-width:200px;padding:3px 8px;color:#fff;text-align:center;text-decoration:none;background-color:#000;border-radius:4px}.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.top-left .tooltip-arrow{bottom:0;left:5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.top-right .tooltip-arrow{bottom:0;right:5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-width:5px 5px 5px 0;border-right-color:#000}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-width:5px 0 5px 5px;border-left-color:#000}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip.bottom-left .tooltip-arrow{top:0;left:5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip.bottom-right .tooltip-arrow{top:0;right:5px;border-width:0 5px 5px;border-bottom-color:#000}.popover{position:absolute;top:0;left:0;z-index:1010;display:none;max-width:276px;padding:1px;text-align:left;background-color:#fff;background-clip:padding-box;border:1px solid #ccc;border:1px solid rgba(0,0,0,.2);border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,.2);box-shadow:0 5px 10px rgba(0,0,0,.2);white-space:normal}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover-title{margin:0;padding:8px 14px;font-size:14px;font-weight:400;line-height:18px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;border-radius:5px 5px 0 0}.popover-content{padding:9px 14px}.popover .arrow,.popover .arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid}.popover .arrow{border-width:11px}.popover .arrow:after{border-width:10px;content:""}.popover.top .arrow{left:50%;margin-left:-11px;border-bottom-width:0;border-top-color:#999;border-top-color:rgba(0,0,0,.25);bottom:-11px}.popover.top .arrow:after{content:" ";bottom:1px;margin-left:-10px;border-bottom-width:0;border-top-color:#fff}.popover.right .arrow{top:50%;left:-11px;margin-top:-11px;border-left-width:0;border-right-color:#999;border-right-color:rgba(0,0,0,.25)}.popover.right .arrow:after{content:" ";left:1px;bottom:-10px;border-left-width:0;border-right-color:#fff}.popover.bottom .arrow{left:50%;margin-left:-11px;border-top-width:0;border-bottom-color:#999;border-bottom-color:rgba(0,0,0,.25);top:-11px}.popover.bottom .arrow:after{content:" ";top:1px;margin-left:-10px;border-top-width:0;border-bottom-color:#fff}.popover.left .arrow{top:50%;right:-11px;margin-top:-11px;border-right-width:0;border-left-color:#999;border-left-color:rgba(0,0,0,.25)}.popover.left .arrow:after{content:" ";right:1px;border-right-width:0;border-left-color:#fff;bottom:-10px}.carousel{position:relative}.carousel-inner{position:relative;overflow:hidden;width:100%}.carousel-inner>.item{display:none;position:relative;-webkit-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel-inner>.item>img,.carousel-inner>.item>a>img{display:block;max-width:100%;height:auto;line-height:1}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block}.carousel-inner>.active{left:0}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.carousel-inner>.next{left:100%}.carousel-inner>.prev{left:-100%}.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0}.carousel-inner>.active.left{left:-100%}.carousel-inner>.active.right{left:100%}.carousel-control{position:absolute;top:0;left:0;bottom:0;width:15%;opacity:.5;filter:alpha(opacity=50);font-size:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,.6)}.carousel-control.left{background-image:-webkit-linear-gradient(left,color-stop(rgba(0,0,0,.5) 0),color-stop(rgba(0,0,0,.0001) 100%));background-image:linear-gradient(to right,rgba(0,0,0,.5) 0,rgba(0,0,0,.0001) 100%);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#80000000', endColorstr='#00000000', GradientType=1)}.carousel-control.right{left:auto;right:0;background-image:-webkit-linear-gradient(left,color-stop(rgba(0,0,0,.0001) 0),color-stop(rgba(0,0,0,.5) 100%));background-image:linear-gradient(to right,rgba(0,0,0,.0001) 0,rgba(0,0,0,.5) 100%);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#00000000', endColorstr='#80000000', GradientType=1)}.carousel-control:hover,.carousel-control:focus{outline:0;color:#fff;text-decoration:none;opacity:.9;filter:alpha(opacity=90)}.carousel-control .icon-prev,.carousel-control .icon-next,.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right{position:absolute;top:50%;z-index:5;display:inline-block}.carousel-control .icon-prev,.carousel-control .glyphicon-chevron-left{left:50%}.carousel-control .icon-next,.carousel-control .glyphicon-chevron-right{right:50%}.carousel-control .icon-prev,.carousel-control .icon-next{width:20px;height:20px;margin-top:-10px;margin-left:-10px;font-family:serif}.carousel-control .icon-prev:before{content:'\2039'}.carousel-control .icon-next:before{content:'\203a'}.carousel-indicators{position:absolute;bottom:10px;left:50%;z-index:15;width:60%;margin-left:-30%;padding-left:0;list-style:none;text-align:center}.carousel-indicators li{display:inline-block;width:10px;height:10px;margin:1px;text-indent:-999px;border:1px solid #fff;border-radius:10px;cursor:pointer;background-color:#000 \9;background-color:rgba(0,0,0,0)}.carousel-indicators .active{margin:0;width:12px;height:12px;background-color:#fff}.carousel-caption{position:absolute;left:15%;right:15%;bottom:20px;z-index:10;padding-top:20px;padding-bottom:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,.6)}.carousel-caption .btn{text-shadow:none}@media screen and (min-width:768px){.carousel-control .glyphicons-chevron-left,.carousel-control .glyphicons-chevron-right,.carousel-control .icon-prev,.carousel-control .icon-next{width:30px;height:30px;margin-top:-15px;margin-left:-15px;font-size:30px}.carousel-caption{left:20%;right:20%;padding-bottom:30px}.carousel-indicators{bottom:20px}}.clearfix:before,.clearfix:after,.container:before,.container:after,.container-fluid:before,.container-fluid:after,.row:before,.row:after,.form-horizontal .form-group:before,.form-horizontal .form-group:after,.btn-toolbar:before,.btn-toolbar:after,.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after,.nav:before,.nav:after,.navbar:before,.navbar:after,.navbar-header:before,.navbar-header:after,.navbar-collapse:before,.navbar-collapse:after,.pager:before,.pager:after,.panel-body:before,.panel-body:after,.modal-footer:before,.modal-footer:after{content:" ";display:table}.clearfix:after,.container:after,.container-fluid:after,.row:after,.form-horizontal .form-group:after,.btn-toolbar:after,.btn-group-vertical>.btn-group:after,.nav:after,.navbar:after,.navbar-header:after,.navbar-collapse:after,.pager:after,.panel-body:after,.modal-footer:after{clear:both}.center-block{display:block;margin-left:auto;margin-right:auto}.pull-right{float:right!important}.pull-left{float:left!important}.hide{display:none!important}.show{display:block!important}.invisible{visibility:hidden}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.hidden{display:none!important;visibility:hidden!important}.affix{position:fixed}@-ms-viewport{width:device-width}.visible-xs,tr.visible-xs,th.visible-xs,td.visible-xs{display:none!important}@media (max-width:767px){.visible-xs{display:block!important}table.visible-xs{display:table}tr.visible-xs{display:table-row!important}th.visible-xs,td.visible-xs{display:table-cell!important}}.visible-sm,tr.visible-sm,th.visible-sm,td.visible-sm{display:none!important}@media (min-width:768px) and (max-width:991px){.visible-sm{display:block!important}table.visible-sm{display:table}tr.visible-sm{display:table-row!important}th.visible-sm,td.visible-sm{display:table-cell!important}}.visible-md,tr.visible-md,th.visible-md,td.visible-md{display:none!important}@media (min-width:992px) and (max-width:1199px){.visible-md{display:block!important}table.visible-md{display:table}tr.visible-md{display:table-row!important}th.visible-md,td.visible-md{display:table-cell!important}}.visible-lg,tr.visible-lg,th.visible-lg,td.visible-lg{display:none!important}@media (min-width:1200px){.visible-lg{display:block!important}table.visible-lg{display:table}tr.visible-lg{display:table-row!important}th.visible-lg,td.visible-lg{display:table-cell!important}}@media (max-width:767px){.hidden-xs,tr.hidden-xs,th.hidden-xs,td.hidden-xs{display:none!important}}@media (min-width:768px) and (max-width:991px){.hidden-sm,tr.hidden-sm,th.hidden-sm,td.hidden-sm{display:none!important}}@media (min-width:992px) and (max-width:1199px){.hidden-md,tr.hidden-md,th.hidden-md,td.hidden-md{display:none!important}}@media (min-width:1200px){.hidden-lg,tr.hidden-lg,th.hidden-lg,td.hidden-lg{display:none!important}}.visible-print,tr.visible-print,th.visible-print,td.visible-print{display:none!important}@media print{.visible-print{display:block!important}table.visible-print{display:table}tr.visible-print{display:table-row!important}th.visible-print,td.visible-print{display:table-cell!important}}@media print{.hidden-print,tr.hidden-print,th.hidden-print,td.hidden-print{display:none!important}}