diff --git a/.gitignore b/.gitignore
index ca068bf0..a8d1d2b9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,9 @@
# NodeJs modules
node_modules/
+# npm debug logs
+npm-debug.log*
+
# Coverage reports
coverage/
@@ -24,3 +27,5 @@ notifications/
# Generated by TypeScript compiler
dist/
+
+.nyc_output/
diff --git a/.travis.yml b/.travis.yml
index 7503d1ed..c26d76f1 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -20,7 +20,7 @@ addons:
before_install: npm install -g npm@'>=2.13.5'
script:
- grunt test
-- grunt build
+- grunt dist
- grunt docker-build
- docker-compose build
- docker-compose up -d
diff --git a/Dockerfile b/Dockerfile
index eef8b58f..aec7ddcf 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,7 +5,7 @@ WORKDIR /usr/src
COPY package.json /usr/src/package.json
RUN npm install --production
-COPY dist/src /usr/src
+COPY dist/src/server /usr/src
ENV PORT=80
EXPOSE 80
diff --git a/Gruntfile.js b/Gruntfile.js
index 4b248405..a4d08ccc 100644
--- a/Gruntfile.js
+++ b/Gruntfile.js
@@ -1,10 +1,12 @@
-module.exports = function(grunt) {
+module.exports = function (grunt) {
+ const buildDir = "dist";
+
grunt.initConfig({
run: {
options: {},
- "build-ts": {
+ "build": {
cmd: "npm",
- args: ['run', 'build-ts']
+ args: ['run', 'build']
},
"tslint": {
cmd: "npm",
@@ -17,39 +19,136 @@ module.exports = function(grunt) {
"docker-build": {
cmd: "docker",
args: ['build', '-t', 'clems4ever/authelia', '.']
+ },
+ "docker-restart": {
+ cmd: "docker-compose",
+ args: ['-f', 'docker-compose.yml', '-f', 'docker-compose.dev.yml', 'restart', 'auth']
+ },
+ "minify": {
+ cmd: "./node_modules/.bin/uglifyjs",
+ args: [`${buildDir}/src/server/public_html/js/authelia.js`, '-o', `${buildDir}/src/server/public_html/js/authelia.min.js`]
+ },
+ "apidoc": {
+ cmd: "./node_modules/.bin/apidoc",
+ args: ["-i", "src/server", "-o", "doc"]
}
},
copy: {
resources: {
expand: true,
- cwd: 'src/resources/',
+ cwd: 'src/server/resources/',
src: '**',
- dest: 'dist/src/resources/'
+ dest: `${buildDir}/src/server/resources/`
},
views: {
expand: true,
- cwd: 'src/views/',
+ cwd: 'src/server/views/',
src: '**',
- dest: 'dist/src/views/'
+ dest: `${buildDir}/src/server/views/`
},
- public_html: {
+ images: {
expand: true,
- cwd: 'src/public_html/',
+ cwd: 'src/client/img',
src: '**',
- dest: 'dist/src/public_html/'
+ dest: `${buildDir}/src/server/public_html/img/`
+ },
+ thirdparties: {
+ expand: true,
+ cwd: 'src/client/thirdparties',
+ src: '**',
+ dest: `${buildDir}/src/server/public_html/js/`
+ },
+ },
+ browserify: {
+ dist: {
+ src: ['dist/src/client/index.js'],
+ dest: `${buildDir}/src/server/public_html/js/authelia.js`,
+ options: {
+ browserifyOptions: {
+ standalone: 'authelia'
+ },
+ },
+ },
+ },
+ watch: {
+ views: {
+ files: ['src/server/views/**/*.pug'],
+ tasks: ['copy:views'],
+ options: {
+ interrupt: false,
+ atBegin: true
+ }
+ },
+ resources: {
+ files: ['src/server/resources/*.ejs'],
+ tasks: ['copy:resources'],
+ options: {
+ interrupt: false,
+ atBegin: true
+ }
+ },
+ images: {
+ files: ['src/client/img/**'],
+ tasks: ['copy:images'],
+ options: {
+ interrupt: false,
+ atBegin: true
+ }
+ },
+ css: {
+ files: ['src/client/**/*.css'],
+ tasks: ['concat:css', 'cssmin'],
+ options: {
+ interrupt: true,
+ atBegin: true
+ }
+ },
+ client: {
+ files: ['src/client/**/*.ts', 'test/client/**/*.ts'],
+ tasks: ['build'],
+ options: {
+ interrupt: true,
+ atBegin: true
+ }
+ },
+ server: {
+ files: ['src/server/**/*.ts', 'test/server/**/*.ts'],
+ tasks: ['build', 'run:docker-restart'],
+ options: {
+ interrupt: true,
+ }
+ }
+ },
+ concat: {
+ css: {
+ src: ['src/client/css/*.css'],
+ dest: `${buildDir}/src/server/public_html/css/authelia.css`
+ },
+ },
+ cssmin: {
+ target: {
+ files: {
+ [`${buildDir}/src/server/public_html/css/authelia.min.css`]: [`${buildDir}/src/server/public_html/css/authelia.css`]
+ }
}
}
});
+ grunt.loadNpmTasks('grunt-browserify');
+ grunt.loadNpmTasks('grunt-contrib-concat');
+ grunt.loadNpmTasks('grunt-contrib-copy');
+ grunt.loadNpmTasks('grunt-contrib-cssmin');
+ grunt.loadNpmTasks('grunt-contrib-watch');
grunt.loadNpmTasks('grunt-run');
- grunt.loadNpmTasks('grunt-contrib-copy');
grunt.registerTask('default', ['build']);
-
- grunt.registerTask('res', ['copy:resources', 'copy:views', 'copy:public_html']);
- grunt.registerTask('build', ['run:tslint', 'run:build-ts', 'res']);
+ grunt.registerTask('build-resources', ['copy:resources', 'copy:views', 'copy:images', 'copy:thirdparties', 'concat:css', 'cssmin']);
+ grunt.registerTask('build', ['run:tslint', 'run:build', 'browserify:dist']);
+ grunt.registerTask('dist', ['build', 'build-resources', 'run:minify', 'cssmin']);
+
grunt.registerTask('docker-build', ['run:docker-build']);
+ grunt.registerTask('docker-restart', ['run:docker-restart']);
grunt.registerTask('test', ['run:test']);
};
diff --git a/README.md b/README.md
index 57311feb..ab5aaeea 100644
--- a/README.md
+++ b/README.md
@@ -117,6 +117,8 @@ email address. For the sake of the example, the email is delivered in the file
./notifications/notification.txt.
Paste the link in your browser and you should be able to reset the password.
+![reset-password](https://raw.githubusercontent.com/clems4ever/authelia/master/images/reset_password.png)
+
### Access Control
With **Authelia**, you can define your own access control rules for restricting
the access to certain subdomains to your users. Those rules are defined in the
diff --git a/config.template.yml b/config.template.yml
index 4a112c92..2b234c11 100644
--- a/config.template.yml
+++ b/config.template.yml
@@ -76,7 +76,7 @@ session:
# The directory where the DB files will be saved
-store_directory: /var/lib/auth-server/store
+store_directory: /var/lib/authelia/store
# Notifications are sent to users when they require a password reset, a u2f
diff --git a/doc/api_data.js b/doc/api_data.js
index 3591eab6..2eacc2aa 100644
--- a/doc/api_data.js
+++ b/doc/api_data.js
@@ -1,67 +1,9 @@
define({ "api": [
- {
- "type": "post",
- "url": "/authentication/2ndfactor/u2f/sign",
- "title": "U2F Complete authentication",
- "name": "CompleteU2FAuthentication",
- "group": "Authentication",
- "version": "1.0.0",
- "success": {
- "fields": {
- "Success 204": [
- {
- "group": "Success 204",
- "optional": false,
- "field": "status",
- "description": "
The U2F authentication succeeded.
"
- }
- ]
- }
- },
- "error": {
- "fields": {
- "Error 403": [
- {
- "group": "Error 403",
- "type": "none",
- "optional": false,
- "field": "error",
- "description": "No authentication request has been provided.
"
- }
- ],
- "Error 500": [
- {
- "group": "Error 500",
- "type": "String",
- "optional": false,
- "field": "error",
- "description": "Internal error message.
"
- }
- ]
- }
- },
- "description": "Complete authentication request of the U2F device.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Authentication",
- "header": {
- "fields": {
- "Header": [
- {
- "group": "Header",
- "type": "String",
- "optional": false,
- "field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
- }
- ]
- }
- }
- },
{
"type": "get",
- "url": "/authentication/2ndfactor/u2f/sign_request",
- "title": "U2F Start authentication",
- "name": "StartU2FAuthentication",
+ "url": "/",
+ "title": "First factor page",
+ "name": "Login",
"group": "Authentication",
"version": "1.0.0",
"success": {
@@ -69,56 +11,82 @@ define({ "api": [
"Success 200": [
{
"group": "Success 200",
+ "type": "String",
"optional": false,
- "field": "authentication_request",
- "description": "The U2F authentication request.
"
+ "field": "Content",
+ "description": "The content of the first factor page.
"
}
]
}
},
- "error": {
+ "description": "Serves the login page and create a create a cookie for the client.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "Authentication"
+ },
+ {
+ "type": "get",
+ "url": "/logout",
+ "title": "Serves logout page",
+ "name": "Logout",
+ "group": "Authentication",
+ "version": "1.0.0",
+ "parameter": {
"fields": {
- "Error 401": [
+ "Parameter": [
{
- "group": "Error 401",
- "type": "none",
- "optional": false,
- "field": "error",
- "description": "There is no key registered for user in session.
"
- }
- ],
- "Error 500": [
- {
- "group": "Error 500",
+ "group": "Parameter",
"type": "String",
"optional": false,
- "field": "error",
- "description": "Internal error message.
"
+ "field": "redirect",
+ "description": "Redirect to this URL when user is deauthenticated.
"
}
]
}
},
- "description": "Initiate an authentication request using a U2F device.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Authentication",
- "header": {
+ "success": {
"fields": {
- "Header": [
+ "Success 302": [
{
- "group": "Header",
- "type": "String",
+ "group": "Success 302",
"optional": false,
- "field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
+ "field": "redirect",
+ "description": "Redirect to the URL.
"
}
]
}
- }
+ },
+ "description": "Log out the user and redirect to the URL.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "Authentication"
+ },
+ {
+ "type": "get",
+ "url": "/secondfactor",
+ "title": "Second factor page",
+ "name": "SecondFactor",
+ "group": "Authentication",
+ "version": "1.0.0",
+ "success": {
+ "fields": {
+ "Success 200": [
+ {
+ "group": "Success 200",
+ "type": "String",
+ "optional": false,
+ "field": "Content",
+ "description": "The content of second factor page.
"
+ }
+ ]
+ }
+ },
+ "description": "Serves the second factor page
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "Authentication"
},
{
"type": "post",
- "url": "/authentication/1stfactor",
- "title": "LDAP authentication",
+ "url": "/1stfactor",
+ "title": "Bind user against LDAP",
"name": "ValidateFirstFactor",
"group": "Authentication",
"version": "1.0.0",
@@ -165,15 +133,6 @@ define({ "api": [
"description": "1st factor is not validated.
"
}
],
- "Error 403": [
- {
- "group": "Error 403",
- "type": "none",
- "optional": false,
- "field": "error",
- "description": "Access has been restricted after too many authentication attempts
"
- }
- ],
"Error 500": [
{
"group": "Error 500",
@@ -186,7 +145,7 @@ define({ "api": [
}
},
"description": "Verify credentials against the LDAP.
",
- "filename": "src/lib/setup_endpoints.js",
+ "filename": "src/server/endpoints.ts",
"groupTitle": "Authentication",
"header": {
"fields": {
@@ -196,7 +155,7 @@ define({ "api": [
"type": "String",
"optional": false,
"field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
+ "description": "Cookie containing "connect.sid", the user session token.
"
}
]
}
@@ -204,10 +163,343 @@ define({ "api": [
},
{
"type": "post",
- "url": "/authentication/2ndfactor/totp",
- "title": "TOTP authentication",
+ "url": "/reset-password/request",
+ "title": "Finish password reset request",
+ "name": "FinishPasswordResetRequest",
+ "group": "PasswordReset",
+ "version": "1.0.0",
+ "description": "Start password reset request.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "PasswordReset",
+ "header": {
+ "fields": {
+ "Header": [
+ {
+ "group": "Header",
+ "type": "String",
+ "optional": false,
+ "field": "Cookie",
+ "description": "Cookie containing "connect.sid", the user session token.
"
+ }
+ ]
+ }
+ },
+ "parameter": {
+ "fields": {
+ "Parameter": [
+ {
+ "group": "Parameter",
+ "type": "String",
+ "optional": false,
+ "field": "identity_token",
+ "description": "The one-time identity validation token provided in the email.
"
+ }
+ ]
+ }
+ },
+ "success": {
+ "fields": {
+ "Success 200": [
+ {
+ "group": "Success 200",
+ "type": "String",
+ "optional": false,
+ "field": "content",
+ "description": "The content of the page.
"
+ }
+ ]
+ }
+ },
+ "error": {
+ "fields": {
+ "Error 403": [
+ {
+ "group": "Error 403",
+ "optional": false,
+ "field": "AccessDenied",
+ "description": "Access is denied.
"
+ }
+ ],
+ "Error 500": [
+ {
+ "group": "Error 500",
+ "type": "String",
+ "optional": false,
+ "field": "error",
+ "description": "Internal error message.
"
+ }
+ ]
+ }
+ }
+ },
+ {
+ "type": "get",
+ "url": "/password-reset/request",
+ "title": "Request username",
+ "name": "ServePasswordResetPage",
+ "group": "PasswordReset",
+ "version": "1.0.0",
+ "description": "Serve a page that requires the username.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "PasswordReset",
+ "header": {
+ "fields": {
+ "Header": [
+ {
+ "group": "Header",
+ "type": "String",
+ "optional": false,
+ "field": "Cookie",
+ "description": "Cookie containing "connect.sid", the user session token.
"
+ }
+ ]
+ }
+ }
+ },
+ {
+ "type": "post",
+ "url": "/api/password-reset",
+ "title": "Set new password",
+ "name": "SetNewLDAPPassword",
+ "group": "PasswordReset",
+ "version": "1.0.0",
+ "parameter": {
+ "fields": {
+ "Parameter": [
+ {
+ "group": "Parameter",
+ "type": "String",
+ "optional": false,
+ "field": "password",
+ "description": "New password
"
+ }
+ ]
+ }
+ },
+ "description": "Set a new password for the user.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "PasswordReset",
+ "header": {
+ "fields": {
+ "Header": [
+ {
+ "group": "Header",
+ "type": "String",
+ "optional": false,
+ "field": "Cookie",
+ "description": "Cookie containing "connect.sid", the user session token.
"
+ }
+ ]
+ }
+ }
+ },
+ {
+ "type": "get",
+ "url": "/password-reset/identity/start",
+ "title": "Start password reset request",
+ "name": "StartPasswordResetRequest",
+ "group": "PasswordReset",
+ "version": "1.0.0",
+ "description": "Start password reset request.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "PasswordReset",
+ "header": {
+ "fields": {
+ "Header": [
+ {
+ "group": "Header",
+ "type": "String",
+ "optional": false,
+ "field": "Cookie",
+ "description": "Cookie containing "connect.sid", the user session token.
"
+ }
+ ]
+ }
+ },
+ "success": {
+ "fields": {
+ "Success 204": [
+ {
+ "group": "Success 204",
+ "optional": false,
+ "field": "status",
+ "description": "Identity validation has been initiated.
"
+ }
+ ]
+ }
+ },
+ "error": {
+ "fields": {
+ "Error 403": [
+ {
+ "group": "Error 403",
+ "optional": false,
+ "field": "AccessDenied",
+ "description": "Access is denied.
"
+ }
+ ],
+ "Error 400": [
+ {
+ "group": "Error 400",
+ "optional": false,
+ "field": "InvalidIdentity",
+ "description": "User identity is invalid.
"
+ }
+ ],
+ "Error 500": [
+ {
+ "group": "Error 500",
+ "type": "String",
+ "optional": false,
+ "field": "error",
+ "description": "Internal error message.
"
+ }
+ ]
+ }
+ }
+ },
+ {
+ "type": "get",
+ "url": "/secondfactor/totp/identity/finish",
+ "title": "Finish TOTP registration identity validation",
+ "name": "FinishTOTPRegistration",
+ "group": "TOTP",
+ "version": "1.0.0",
+ "description": "Serves the TOTP registration page that displays the secret. The secret is a QRCode and a base32 secret.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "TOTP",
+ "header": {
+ "fields": {
+ "Header": [
+ {
+ "group": "Header",
+ "type": "String",
+ "optional": false,
+ "field": "Cookie",
+ "description": "Cookie containing "connect.sid", the user session token.
"
+ }
+ ]
+ }
+ },
+ "parameter": {
+ "fields": {
+ "Parameter": [
+ {
+ "group": "Parameter",
+ "type": "String",
+ "optional": false,
+ "field": "identity_token",
+ "description": "The one-time identity validation token provided in the email.
"
+ }
+ ]
+ }
+ },
+ "success": {
+ "fields": {
+ "Success 200": [
+ {
+ "group": "Success 200",
+ "type": "String",
+ "optional": false,
+ "field": "content",
+ "description": "The content of the page.
"
+ }
+ ]
+ }
+ },
+ "error": {
+ "fields": {
+ "Error 403": [
+ {
+ "group": "Error 403",
+ "optional": false,
+ "field": "AccessDenied",
+ "description": "Access is denied.
"
+ }
+ ],
+ "Error 500": [
+ {
+ "group": "Error 500",
+ "type": "String",
+ "optional": false,
+ "field": "error",
+ "description": "Internal error message.
"
+ }
+ ]
+ }
+ }
+ },
+ {
+ "type": "get",
+ "url": "/secondfactor/totp/identity/start",
+ "title": "Start TOTP registration identity validation",
+ "name": "StartTOTPRegistration",
+ "group": "TOTP",
+ "version": "1.0.0",
+ "description": "Initiates the identity validation
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "TOTP",
+ "header": {
+ "fields": {
+ "Header": [
+ {
+ "group": "Header",
+ "type": "String",
+ "optional": false,
+ "field": "Cookie",
+ "description": "Cookie containing "connect.sid", the user session token.
"
+ }
+ ]
+ }
+ },
+ "success": {
+ "fields": {
+ "Success 204": [
+ {
+ "group": "Success 204",
+ "optional": false,
+ "field": "status",
+ "description": "Identity validation has been initiated.
"
+ }
+ ]
+ }
+ },
+ "error": {
+ "fields": {
+ "Error 403": [
+ {
+ "group": "Error 403",
+ "optional": false,
+ "field": "AccessDenied",
+ "description": "Access is denied.
"
+ }
+ ],
+ "Error 400": [
+ {
+ "group": "Error 400",
+ "optional": false,
+ "field": "InvalidIdentity",
+ "description": "User identity is invalid.
"
+ }
+ ],
+ "Error 500": [
+ {
+ "group": "Error 500",
+ "type": "String",
+ "optional": false,
+ "field": "error",
+ "description": "Internal error message.
"
+ }
+ ]
+ }
+ }
+ },
+ {
+ "type": "post",
+ "url": "/api/totp",
+ "title": "Complete TOTP authentication",
"name": "ValidateTOTPSecondFactor",
- "group": "Authentication",
+ "group": "TOTP",
"version": "1.0.0",
"parameter": {
"fields": {
@@ -224,12 +516,12 @@ define({ "api": [
},
"success": {
"fields": {
- "Success 204": [
+ "Success 302": [
{
- "group": "Success 204",
+ "group": "Success 302",
"optional": false,
- "field": "status",
- "description": "TOTP token is valid.
"
+ "field": "Redirect",
+ "description": "to the URL that has been stored during last call to /verify.
"
}
]
}
@@ -257,8 +549,8 @@ define({ "api": [
}
},
"description": "Verify TOTP token. The user is authenticated upon success.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Authentication",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "TOTP",
"header": {
"fields": {
"Header": [
@@ -267,222 +559,7 @@ define({ "api": [
"type": "String",
"optional": false,
"field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
- }
- ]
- }
- }
- },
- {
- "type": "get",
- "url": "/authentication/login",
- "title": "Serve login page",
- "name": "Login",
- "group": "Pages",
- "version": "1.0.0",
- "parameter": {
- "fields": {
- "Parameter": [
- {
- "group": "Parameter",
- "type": "String",
- "optional": false,
- "field": "redirect",
- "description": "Redirect to this URL when user is authenticated.
"
- }
- ]
- }
- },
- "success": {
- "fields": {
- "Success 200": [
- {
- "group": "Success 200",
- "type": "String",
- "optional": false,
- "field": "Content",
- "description": "The content of the login page.
"
- }
- ]
- }
- },
- "description": "Create a user session and serve the login page along with a cookie.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Pages"
- },
- {
- "type": "get",
- "url": "/authentication/logout",
- "title": "Server logout page",
- "name": "Logout",
- "group": "Pages",
- "version": "1.0.0",
- "parameter": {
- "fields": {
- "Parameter": [
- {
- "group": "Parameter",
- "type": "String",
- "optional": false,
- "field": "redirect",
- "description": "Redirect to this URL when user is deauthenticated.
"
- }
- ]
- }
- },
- "success": {
- "fields": {
- "Success 301": [
- {
- "group": "Success 301",
- "optional": false,
- "field": "redirect",
- "description": "Redirect to the URL.
"
- }
- ]
- }
- },
- "description": "Deauthenticate the user and redirect him.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Pages"
- },
- {
- "type": "get",
- "url": "/authentication/reset-password",
- "title": "Serve password reset form.",
- "name": "ServePasswordResetForm",
- "group": "Pages",
- "version": "1.0.0",
- "description": "Serves password reset form that allow the user to provide the new password.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Pages",
- "header": {
- "fields": {
- "Header": [
- {
- "group": "Header",
- "type": "String",
- "optional": false,
- "field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
- }
- ]
- }
- },
- "parameter": {
- "fields": {
- "Parameter": [
- {
- "group": "Parameter",
- "type": "String",
- "optional": false,
- "field": "identity_token",
- "description": "The one-time identity validation token provided in the email.
"
- }
- ]
- }
- },
- "success": {
- "fields": {
- "Success 200": [
- {
- "group": "Success 200",
- "type": "String",
- "optional": false,
- "field": "content",
- "description": "The content of the page.
"
- }
- ]
- }
- },
- "error": {
- "fields": {
- "Error 403": [
- {
- "group": "Error 403",
- "optional": false,
- "field": "AccessDenied",
- "description": "Access is denied.
"
- }
- ],
- "Error 500": [
- {
- "group": "Error 500",
- "type": "String",
- "optional": false,
- "field": "error",
- "description": "Internal error message.
"
- }
- ]
- }
- }
- },
- {
- "type": "get",
- "url": "/authentication/u2f-register",
- "title": "Serve U2F registration page",
- "name": "ServeU2FRegistrationPage",
- "group": "Pages",
- "version": "1.0.0",
- "description": "Serves the U2F registration page that asks the user to touch the token of the U2F device.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Pages",
- "header": {
- "fields": {
- "Header": [
- {
- "group": "Header",
- "type": "String",
- "optional": false,
- "field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
- }
- ]
- }
- },
- "parameter": {
- "fields": {
- "Parameter": [
- {
- "group": "Parameter",
- "type": "String",
- "optional": false,
- "field": "identity_token",
- "description": "The one-time identity validation token provided in the email.
"
- }
- ]
- }
- },
- "success": {
- "fields": {
- "Success 200": [
- {
- "group": "Success 200",
- "type": "String",
- "optional": false,
- "field": "content",
- "description": "The content of the page.
"
- }
- ]
- }
- },
- "error": {
- "fields": {
- "Error 403": [
- {
- "group": "Error 403",
- "optional": false,
- "field": "AccessDenied",
- "description": "Access is denied.
"
- }
- ],
- "Error 500": [
- {
- "group": "Error 500",
- "type": "String",
- "optional": false,
- "field": "error",
- "description": "Internal error message.
"
+ "description": "Cookie containing "connect.sid", the user session token.
"
}
]
}
@@ -490,19 +567,19 @@ define({ "api": [
},
{
"type": "post",
- "url": "/authentication/2ndfactor/u2f/register",
- "title": "U2F Complete device registration",
- "name": "CompleteU2FRegistration",
- "group": "Registration",
+ "url": "/api/u2f/sign",
+ "title": "Complete U2F authentication",
+ "name": "CompleteU2FAuthentication",
+ "group": "U2F",
"version": "1.0.0",
"success": {
"fields": {
- "Success 204": [
+ "Success 302": [
{
- "group": "Success 204",
+ "group": "Success 302",
"optional": false,
- "field": "status",
- "description": "The U2F registration succeeded.
"
+ "field": "Redirect",
+ "description": "to the URL that has been stored during last call to /verify.
"
}
]
}
@@ -515,7 +592,7 @@ define({ "api": [
"type": "none",
"optional": false,
"field": "error",
- "description": "Unexpected identity validation challenge.
"
+ "description": "No authentication request has been provided.
"
}
],
"Error 500": [
@@ -529,9 +606,45 @@ define({ "api": [
]
}
},
+ "description": "Complete authentication request of the U2F device.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "U2F",
+ "header": {
+ "fields": {
+ "Header": [
+ {
+ "group": "Header",
+ "type": "String",
+ "optional": false,
+ "field": "Cookie",
+ "description": "Cookie containing "connect.sid", the user session token.
"
+ }
+ ]
+ }
+ }
+ },
+ {
+ "type": "post",
+ "url": "/api/secondfactor/u2f/register",
+ "title": "Complete U2F registration",
+ "name": "FinishU2FRegistration",
+ "group": "U2F",
+ "version": "1.0.0",
+ "success": {
+ "fields": {
+ "Success 302": [
+ {
+ "group": "Success 302",
+ "optional": false,
+ "field": "Redirect",
+ "description": "to the URL that has been stored during last call to /verify.
"
+ }
+ ]
+ }
+ },
"description": "Complete U2F registration request.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Registration",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "U2F",
"header": {
"fields": {
"Header": [
@@ -540,137 +653,13 @@ define({ "api": [
"type": "String",
"optional": false,
"field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
- }
- ]
- }
- }
- },
- {
- "type": "post",
- "url": "/authentication/new-totp-secret",
- "title": "Generate TOTP secret",
- "name": "GenerateTOTPSecret",
- "group": "Registration",
- "version": "1.0.0",
- "success": {
- "fields": {
- "Success 200": [
- {
- "group": "Success 200",
- "type": "String",
- "optional": false,
- "field": "base32",
- "description": "The base32 representation of the secret.
"
- },
- {
- "group": "Success 200",
- "type": "String",
- "optional": false,
- "field": "ascii",
- "description": "The ASCII representation of the secret.
"
- },
- {
- "group": "Success 200",
- "type": "String",
- "optional": false,
- "field": "qrcode",
- "description": "The QRCode of the secret in URI format.
"
+ "description": "Cookie containing "connect.sid", the user session token.
"
}
]
}
},
"error": {
"fields": {
- "Error 403": [
- {
- "group": "Error 403",
- "type": "String",
- "optional": false,
- "field": "error",
- "description": "No user provided in the session or unexpected identity validation challenge in the session.
"
- }
- ],
- "Error 500": [
- {
- "group": "Error 500",
- "type": "String",
- "optional": false,
- "field": "error",
- "description": "Internal error message
"
- }
- ]
- }
- },
- "description": "Generate a new TOTP secret and returns it.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Registration",
- "header": {
- "fields": {
- "Header": [
- {
- "group": "Header",
- "type": "String",
- "optional": false,
- "field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
- }
- ]
- }
- }
- },
- {
- "type": "post",
- "url": "/authentication/reset-password",
- "title": "Request for password reset",
- "name": "RequestPasswordReset",
- "group": "Registration",
- "version": "1.0.0",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Registration",
- "header": {
- "fields": {
- "Header": [
- {
- "group": "Header",
- "type": "String",
- "optional": false,
- "field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
- }
- ]
- }
- },
- "success": {
- "fields": {
- "Success 204": [
- {
- "group": "Success 204",
- "optional": false,
- "field": "status",
- "description": "Identity validation has been initiated.
"
- }
- ]
- }
- },
- "error": {
- "fields": {
- "Error 403": [
- {
- "group": "Error 403",
- "optional": false,
- "field": "AccessDenied",
- "description": "Access is denied.
"
- }
- ],
- "Error 400": [
- {
- "group": "Error 400",
- "optional": false,
- "field": "InvalidIdentity",
- "description": "User identity is invalid.
"
- }
- ],
"Error 500": [
{
"group": "Error 500",
@@ -681,83 +670,17 @@ define({ "api": [
}
]
}
- },
- "description": "This request issue an identity validation token for the user bound to the session. It sends a challenge to the email address set in the user LDAP entry. The user must visit the sent URL to complete the validation and continue the registration process.
"
+ }
},
{
- "type": "post",
- "url": "/authentication/totp-register",
- "title": "Request TOTP registration",
- "name": "RequestTOTPRegistration",
- "group": "Registration",
- "version": "1.0.0",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Registration",
- "header": {
- "fields": {
- "Header": [
- {
- "group": "Header",
- "type": "String",
- "optional": false,
- "field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
- }
- ]
- }
- },
- "success": {
- "fields": {
- "Success 204": [
- {
- "group": "Success 204",
- "optional": false,
- "field": "status",
- "description": "Identity validation has been initiated.
"
- }
- ]
- }
- },
- "error": {
- "fields": {
- "Error 403": [
- {
- "group": "Error 403",
- "optional": false,
- "field": "AccessDenied",
- "description": "Access is denied.
"
- }
- ],
- "Error 400": [
- {
- "group": "Error 400",
- "optional": false,
- "field": "InvalidIdentity",
- "description": "User identity is invalid.
"
- }
- ],
- "Error 500": [
- {
- "group": "Error 500",
- "type": "String",
- "optional": false,
- "field": "error",
- "description": "Internal error message.
"
- }
- ]
- }
- },
- "description": "This request issue an identity validation token for the user bound to the session. It sends a challenge to the email address set in the user LDAP entry. The user must visit the sent URL to complete the validation and continue the registration process.
"
- },
- {
- "type": "post",
- "url": "/authentication/u2f-register",
- "title": "Request U2F registration",
+ "type": "get",
+ "url": "/secondfactor/u2f/identity/start",
+ "title": "Start U2F registration identity validation",
"name": "RequestU2FRegistration",
- "group": "Registration",
+ "group": "U2F",
"version": "1.0.0",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Registration",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "U2F",
"header": {
"fields": {
"Header": [
@@ -766,7 +689,7 @@ define({ "api": [
"type": "String",
"optional": false,
"field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
+ "description": "Cookie containing "connect.sid", the user session token.
"
}
]
}
@@ -816,14 +739,14 @@ define({ "api": [
},
{
"type": "get",
- "url": "/authentication/totp-register",
- "title": "Serve TOTP registration page",
- "name": "ServeTOTPRegistrationPage",
- "group": "Registration",
+ "url": "/secondfactor/u2f/identity/finish",
+ "title": "Finish U2F registration identity validation",
+ "name": "ServeU2FRegistrationPage",
+ "group": "U2F",
"version": "1.0.0",
- "description": "Serves the TOTP registration page that displays the secret. The secret is a QRCode and a base32 secret.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Registration",
+ "description": "Serves the U2F registration page that asks the user to touch the token of the U2F device.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "U2F",
"header": {
"fields": {
"Header": [
@@ -832,7 +755,7 @@ define({ "api": [
"type": "String",
"optional": false,
"field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
+ "description": "Cookie containing "connect.sid", the user session token.
"
}
]
}
@@ -886,28 +809,49 @@ define({ "api": [
}
},
{
- "type": "post",
- "url": "/authentication/new-password",
- "title": "Set LDAP password",
- "name": "SetLDAPPassword",
- "group": "Registration",
+ "type": "get",
+ "url": "/api/u2f/sign_request",
+ "title": "Start U2F authentication",
+ "name": "StartU2FAuthentication",
+ "group": "U2F",
"version": "1.0.0",
- "parameter": {
+ "success": {
"fields": {
- "Parameter": [
+ "Success 200": [
{
- "group": "Parameter",
- "type": "String",
+ "group": "Success 200",
"optional": false,
- "field": "password",
- "description": "New password
"
+ "field": "authentication_request",
+ "description": "The U2F authentication request.
"
}
]
}
},
- "description": "Set a new password for the user.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Registration",
+ "error": {
+ "fields": {
+ "Error 401": [
+ {
+ "group": "Error 401",
+ "type": "none",
+ "optional": false,
+ "field": "error",
+ "description": "There is no key registered for user in session.
"
+ }
+ ],
+ "Error 500": [
+ {
+ "group": "Error 500",
+ "type": "String",
+ "optional": false,
+ "field": "error",
+ "description": "Internal error message.
"
+ }
+ ]
+ }
+ },
+ "description": "Initiate an authentication request using a U2F device.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "U2F",
"header": {
"fields": {
"Header": [
@@ -916,7 +860,7 @@ define({ "api": [
"type": "String",
"optional": false,
"field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
+ "description": "Cookie containing "connect.sid", the user session token.
"
}
]
}
@@ -924,10 +868,10 @@ define({ "api": [
},
{
"type": "get",
- "url": "/authentication/2ndfactor/u2f/register_request",
- "title": "U2F Start device registration",
+ "url": "/api/u2f/register_request",
+ "title": "Start U2F registration",
"name": "StartU2FRegistration",
- "group": "Registration",
+ "group": "U2F",
"version": "1.0.0",
"success": {
"fields": {
@@ -964,8 +908,8 @@ define({ "api": [
}
},
"description": "Initiate a U2F device registration request.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Registration",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "U2F",
"header": {
"fields": {
"Header": [
@@ -974,7 +918,7 @@ define({ "api": [
"type": "String",
"optional": false,
"field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
+ "description": "Cookie containing "connect.sid", the user session token.
"
}
]
}
@@ -982,7 +926,7 @@ define({ "api": [
},
{
"type": "get",
- "url": "/authentication/verify",
+ "url": "/verify",
"title": "Verify user authentication",
"name": "VerifyAuthentication",
"group": "Verification",
@@ -1012,7 +956,7 @@ define({ "api": [
}
},
"description": "Verify that the user is authenticated, i.e., the two factors have been validated
",
- "filename": "src/lib/setup_endpoints.js",
+ "filename": "src/server/endpoints.ts",
"groupTitle": "Verification",
"header": {
"fields": {
@@ -1022,7 +966,7 @@ define({ "api": [
"type": "String",
"optional": false,
"field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
+ "description": "Cookie containing "connect.sid", the user session token.
"
}
]
}
diff --git a/doc/api_data.json b/doc/api_data.json
index 60247d1f..527b6750 100644
--- a/doc/api_data.json
+++ b/doc/api_data.json
@@ -1,67 +1,9 @@
[
- {
- "type": "post",
- "url": "/authentication/2ndfactor/u2f/sign",
- "title": "U2F Complete authentication",
- "name": "CompleteU2FAuthentication",
- "group": "Authentication",
- "version": "1.0.0",
- "success": {
- "fields": {
- "Success 204": [
- {
- "group": "Success 204",
- "optional": false,
- "field": "status",
- "description": "The U2F authentication succeeded.
"
- }
- ]
- }
- },
- "error": {
- "fields": {
- "Error 403": [
- {
- "group": "Error 403",
- "type": "none",
- "optional": false,
- "field": "error",
- "description": "No authentication request has been provided.
"
- }
- ],
- "Error 500": [
- {
- "group": "Error 500",
- "type": "String",
- "optional": false,
- "field": "error",
- "description": "Internal error message.
"
- }
- ]
- }
- },
- "description": "Complete authentication request of the U2F device.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Authentication",
- "header": {
- "fields": {
- "Header": [
- {
- "group": "Header",
- "type": "String",
- "optional": false,
- "field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
- }
- ]
- }
- }
- },
{
"type": "get",
- "url": "/authentication/2ndfactor/u2f/sign_request",
- "title": "U2F Start authentication",
- "name": "StartU2FAuthentication",
+ "url": "/",
+ "title": "First factor page",
+ "name": "Login",
"group": "Authentication",
"version": "1.0.0",
"success": {
@@ -69,56 +11,82 @@
"Success 200": [
{
"group": "Success 200",
+ "type": "String",
"optional": false,
- "field": "authentication_request",
- "description": "The U2F authentication request.
"
+ "field": "Content",
+ "description": "The content of the first factor page.
"
}
]
}
},
- "error": {
+ "description": "Serves the login page and create a create a cookie for the client.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "Authentication"
+ },
+ {
+ "type": "get",
+ "url": "/logout",
+ "title": "Serves logout page",
+ "name": "Logout",
+ "group": "Authentication",
+ "version": "1.0.0",
+ "parameter": {
"fields": {
- "Error 401": [
+ "Parameter": [
{
- "group": "Error 401",
- "type": "none",
- "optional": false,
- "field": "error",
- "description": "There is no key registered for user in session.
"
- }
- ],
- "Error 500": [
- {
- "group": "Error 500",
+ "group": "Parameter",
"type": "String",
"optional": false,
- "field": "error",
- "description": "Internal error message.
"
+ "field": "redirect",
+ "description": "Redirect to this URL when user is deauthenticated.
"
}
]
}
},
- "description": "Initiate an authentication request using a U2F device.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Authentication",
- "header": {
+ "success": {
"fields": {
- "Header": [
+ "Success 302": [
{
- "group": "Header",
- "type": "String",
+ "group": "Success 302",
"optional": false,
- "field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
+ "field": "redirect",
+ "description": "Redirect to the URL.
"
}
]
}
- }
+ },
+ "description": "Log out the user and redirect to the URL.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "Authentication"
+ },
+ {
+ "type": "get",
+ "url": "/secondfactor",
+ "title": "Second factor page",
+ "name": "SecondFactor",
+ "group": "Authentication",
+ "version": "1.0.0",
+ "success": {
+ "fields": {
+ "Success 200": [
+ {
+ "group": "Success 200",
+ "type": "String",
+ "optional": false,
+ "field": "Content",
+ "description": "The content of second factor page.
"
+ }
+ ]
+ }
+ },
+ "description": "Serves the second factor page
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "Authentication"
},
{
"type": "post",
- "url": "/authentication/1stfactor",
- "title": "LDAP authentication",
+ "url": "/1stfactor",
+ "title": "Bind user against LDAP",
"name": "ValidateFirstFactor",
"group": "Authentication",
"version": "1.0.0",
@@ -165,15 +133,6 @@
"description": "1st factor is not validated.
"
}
],
- "Error 403": [
- {
- "group": "Error 403",
- "type": "none",
- "optional": false,
- "field": "error",
- "description": "Access has been restricted after too many authentication attempts
"
- }
- ],
"Error 500": [
{
"group": "Error 500",
@@ -186,7 +145,7 @@
}
},
"description": "Verify credentials against the LDAP.
",
- "filename": "src/lib/setup_endpoints.js",
+ "filename": "src/server/endpoints.ts",
"groupTitle": "Authentication",
"header": {
"fields": {
@@ -196,7 +155,7 @@
"type": "String",
"optional": false,
"field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
+ "description": "Cookie containing "connect.sid", the user session token.
"
}
]
}
@@ -204,10 +163,343 @@
},
{
"type": "post",
- "url": "/authentication/2ndfactor/totp",
- "title": "TOTP authentication",
+ "url": "/reset-password/request",
+ "title": "Finish password reset request",
+ "name": "FinishPasswordResetRequest",
+ "group": "PasswordReset",
+ "version": "1.0.0",
+ "description": "Start password reset request.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "PasswordReset",
+ "header": {
+ "fields": {
+ "Header": [
+ {
+ "group": "Header",
+ "type": "String",
+ "optional": false,
+ "field": "Cookie",
+ "description": "Cookie containing "connect.sid", the user session token.
"
+ }
+ ]
+ }
+ },
+ "parameter": {
+ "fields": {
+ "Parameter": [
+ {
+ "group": "Parameter",
+ "type": "String",
+ "optional": false,
+ "field": "identity_token",
+ "description": "The one-time identity validation token provided in the email.
"
+ }
+ ]
+ }
+ },
+ "success": {
+ "fields": {
+ "Success 200": [
+ {
+ "group": "Success 200",
+ "type": "String",
+ "optional": false,
+ "field": "content",
+ "description": "The content of the page.
"
+ }
+ ]
+ }
+ },
+ "error": {
+ "fields": {
+ "Error 403": [
+ {
+ "group": "Error 403",
+ "optional": false,
+ "field": "AccessDenied",
+ "description": "Access is denied.
"
+ }
+ ],
+ "Error 500": [
+ {
+ "group": "Error 500",
+ "type": "String",
+ "optional": false,
+ "field": "error",
+ "description": "Internal error message.
"
+ }
+ ]
+ }
+ }
+ },
+ {
+ "type": "get",
+ "url": "/password-reset/request",
+ "title": "Request username",
+ "name": "ServePasswordResetPage",
+ "group": "PasswordReset",
+ "version": "1.0.0",
+ "description": "Serve a page that requires the username.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "PasswordReset",
+ "header": {
+ "fields": {
+ "Header": [
+ {
+ "group": "Header",
+ "type": "String",
+ "optional": false,
+ "field": "Cookie",
+ "description": "Cookie containing "connect.sid", the user session token.
"
+ }
+ ]
+ }
+ }
+ },
+ {
+ "type": "post",
+ "url": "/api/password-reset",
+ "title": "Set new password",
+ "name": "SetNewLDAPPassword",
+ "group": "PasswordReset",
+ "version": "1.0.0",
+ "parameter": {
+ "fields": {
+ "Parameter": [
+ {
+ "group": "Parameter",
+ "type": "String",
+ "optional": false,
+ "field": "password",
+ "description": "New password
"
+ }
+ ]
+ }
+ },
+ "description": "Set a new password for the user.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "PasswordReset",
+ "header": {
+ "fields": {
+ "Header": [
+ {
+ "group": "Header",
+ "type": "String",
+ "optional": false,
+ "field": "Cookie",
+ "description": "Cookie containing "connect.sid", the user session token.
"
+ }
+ ]
+ }
+ }
+ },
+ {
+ "type": "get",
+ "url": "/password-reset/identity/start",
+ "title": "Start password reset request",
+ "name": "StartPasswordResetRequest",
+ "group": "PasswordReset",
+ "version": "1.0.0",
+ "description": "Start password reset request.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "PasswordReset",
+ "header": {
+ "fields": {
+ "Header": [
+ {
+ "group": "Header",
+ "type": "String",
+ "optional": false,
+ "field": "Cookie",
+ "description": "Cookie containing "connect.sid", the user session token.
"
+ }
+ ]
+ }
+ },
+ "success": {
+ "fields": {
+ "Success 204": [
+ {
+ "group": "Success 204",
+ "optional": false,
+ "field": "status",
+ "description": "Identity validation has been initiated.
"
+ }
+ ]
+ }
+ },
+ "error": {
+ "fields": {
+ "Error 403": [
+ {
+ "group": "Error 403",
+ "optional": false,
+ "field": "AccessDenied",
+ "description": "Access is denied.
"
+ }
+ ],
+ "Error 400": [
+ {
+ "group": "Error 400",
+ "optional": false,
+ "field": "InvalidIdentity",
+ "description": "User identity is invalid.
"
+ }
+ ],
+ "Error 500": [
+ {
+ "group": "Error 500",
+ "type": "String",
+ "optional": false,
+ "field": "error",
+ "description": "Internal error message.
"
+ }
+ ]
+ }
+ }
+ },
+ {
+ "type": "get",
+ "url": "/secondfactor/totp/identity/finish",
+ "title": "Finish TOTP registration identity validation",
+ "name": "FinishTOTPRegistration",
+ "group": "TOTP",
+ "version": "1.0.0",
+ "description": "Serves the TOTP registration page that displays the secret. The secret is a QRCode and a base32 secret.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "TOTP",
+ "header": {
+ "fields": {
+ "Header": [
+ {
+ "group": "Header",
+ "type": "String",
+ "optional": false,
+ "field": "Cookie",
+ "description": "Cookie containing "connect.sid", the user session token.
"
+ }
+ ]
+ }
+ },
+ "parameter": {
+ "fields": {
+ "Parameter": [
+ {
+ "group": "Parameter",
+ "type": "String",
+ "optional": false,
+ "field": "identity_token",
+ "description": "The one-time identity validation token provided in the email.
"
+ }
+ ]
+ }
+ },
+ "success": {
+ "fields": {
+ "Success 200": [
+ {
+ "group": "Success 200",
+ "type": "String",
+ "optional": false,
+ "field": "content",
+ "description": "The content of the page.
"
+ }
+ ]
+ }
+ },
+ "error": {
+ "fields": {
+ "Error 403": [
+ {
+ "group": "Error 403",
+ "optional": false,
+ "field": "AccessDenied",
+ "description": "Access is denied.
"
+ }
+ ],
+ "Error 500": [
+ {
+ "group": "Error 500",
+ "type": "String",
+ "optional": false,
+ "field": "error",
+ "description": "Internal error message.
"
+ }
+ ]
+ }
+ }
+ },
+ {
+ "type": "get",
+ "url": "/secondfactor/totp/identity/start",
+ "title": "Start TOTP registration identity validation",
+ "name": "StartTOTPRegistration",
+ "group": "TOTP",
+ "version": "1.0.0",
+ "description": "Initiates the identity validation
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "TOTP",
+ "header": {
+ "fields": {
+ "Header": [
+ {
+ "group": "Header",
+ "type": "String",
+ "optional": false,
+ "field": "Cookie",
+ "description": "Cookie containing "connect.sid", the user session token.
"
+ }
+ ]
+ }
+ },
+ "success": {
+ "fields": {
+ "Success 204": [
+ {
+ "group": "Success 204",
+ "optional": false,
+ "field": "status",
+ "description": "Identity validation has been initiated.
"
+ }
+ ]
+ }
+ },
+ "error": {
+ "fields": {
+ "Error 403": [
+ {
+ "group": "Error 403",
+ "optional": false,
+ "field": "AccessDenied",
+ "description": "Access is denied.
"
+ }
+ ],
+ "Error 400": [
+ {
+ "group": "Error 400",
+ "optional": false,
+ "field": "InvalidIdentity",
+ "description": "User identity is invalid.
"
+ }
+ ],
+ "Error 500": [
+ {
+ "group": "Error 500",
+ "type": "String",
+ "optional": false,
+ "field": "error",
+ "description": "Internal error message.
"
+ }
+ ]
+ }
+ }
+ },
+ {
+ "type": "post",
+ "url": "/api/totp",
+ "title": "Complete TOTP authentication",
"name": "ValidateTOTPSecondFactor",
- "group": "Authentication",
+ "group": "TOTP",
"version": "1.0.0",
"parameter": {
"fields": {
@@ -224,12 +516,12 @@
},
"success": {
"fields": {
- "Success 204": [
+ "Success 302": [
{
- "group": "Success 204",
+ "group": "Success 302",
"optional": false,
- "field": "status",
- "description": "TOTP token is valid.
"
+ "field": "Redirect",
+ "description": "to the URL that has been stored during last call to /verify.
"
}
]
}
@@ -257,8 +549,8 @@
}
},
"description": "Verify TOTP token. The user is authenticated upon success.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Authentication",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "TOTP",
"header": {
"fields": {
"Header": [
@@ -267,222 +559,7 @@
"type": "String",
"optional": false,
"field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
- }
- ]
- }
- }
- },
- {
- "type": "get",
- "url": "/authentication/login",
- "title": "Serve login page",
- "name": "Login",
- "group": "Pages",
- "version": "1.0.0",
- "parameter": {
- "fields": {
- "Parameter": [
- {
- "group": "Parameter",
- "type": "String",
- "optional": false,
- "field": "redirect",
- "description": "Redirect to this URL when user is authenticated.
"
- }
- ]
- }
- },
- "success": {
- "fields": {
- "Success 200": [
- {
- "group": "Success 200",
- "type": "String",
- "optional": false,
- "field": "Content",
- "description": "The content of the login page.
"
- }
- ]
- }
- },
- "description": "Create a user session and serve the login page along with a cookie.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Pages"
- },
- {
- "type": "get",
- "url": "/authentication/logout",
- "title": "Server logout page",
- "name": "Logout",
- "group": "Pages",
- "version": "1.0.0",
- "parameter": {
- "fields": {
- "Parameter": [
- {
- "group": "Parameter",
- "type": "String",
- "optional": false,
- "field": "redirect",
- "description": "Redirect to this URL when user is deauthenticated.
"
- }
- ]
- }
- },
- "success": {
- "fields": {
- "Success 301": [
- {
- "group": "Success 301",
- "optional": false,
- "field": "redirect",
- "description": "Redirect to the URL.
"
- }
- ]
- }
- },
- "description": "Deauthenticate the user and redirect him.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Pages"
- },
- {
- "type": "get",
- "url": "/authentication/reset-password",
- "title": "Serve password reset form.",
- "name": "ServePasswordResetForm",
- "group": "Pages",
- "version": "1.0.0",
- "description": "Serves password reset form that allow the user to provide the new password.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Pages",
- "header": {
- "fields": {
- "Header": [
- {
- "group": "Header",
- "type": "String",
- "optional": false,
- "field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
- }
- ]
- }
- },
- "parameter": {
- "fields": {
- "Parameter": [
- {
- "group": "Parameter",
- "type": "String",
- "optional": false,
- "field": "identity_token",
- "description": "The one-time identity validation token provided in the email.
"
- }
- ]
- }
- },
- "success": {
- "fields": {
- "Success 200": [
- {
- "group": "Success 200",
- "type": "String",
- "optional": false,
- "field": "content",
- "description": "The content of the page.
"
- }
- ]
- }
- },
- "error": {
- "fields": {
- "Error 403": [
- {
- "group": "Error 403",
- "optional": false,
- "field": "AccessDenied",
- "description": "Access is denied.
"
- }
- ],
- "Error 500": [
- {
- "group": "Error 500",
- "type": "String",
- "optional": false,
- "field": "error",
- "description": "Internal error message.
"
- }
- ]
- }
- }
- },
- {
- "type": "get",
- "url": "/authentication/u2f-register",
- "title": "Serve U2F registration page",
- "name": "ServeU2FRegistrationPage",
- "group": "Pages",
- "version": "1.0.0",
- "description": "Serves the U2F registration page that asks the user to touch the token of the U2F device.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Pages",
- "header": {
- "fields": {
- "Header": [
- {
- "group": "Header",
- "type": "String",
- "optional": false,
- "field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
- }
- ]
- }
- },
- "parameter": {
- "fields": {
- "Parameter": [
- {
- "group": "Parameter",
- "type": "String",
- "optional": false,
- "field": "identity_token",
- "description": "The one-time identity validation token provided in the email.
"
- }
- ]
- }
- },
- "success": {
- "fields": {
- "Success 200": [
- {
- "group": "Success 200",
- "type": "String",
- "optional": false,
- "field": "content",
- "description": "The content of the page.
"
- }
- ]
- }
- },
- "error": {
- "fields": {
- "Error 403": [
- {
- "group": "Error 403",
- "optional": false,
- "field": "AccessDenied",
- "description": "Access is denied.
"
- }
- ],
- "Error 500": [
- {
- "group": "Error 500",
- "type": "String",
- "optional": false,
- "field": "error",
- "description": "Internal error message.
"
+ "description": "Cookie containing "connect.sid", the user session token.
"
}
]
}
@@ -490,19 +567,19 @@
},
{
"type": "post",
- "url": "/authentication/2ndfactor/u2f/register",
- "title": "U2F Complete device registration",
- "name": "CompleteU2FRegistration",
- "group": "Registration",
+ "url": "/api/u2f/sign",
+ "title": "Complete U2F authentication",
+ "name": "CompleteU2FAuthentication",
+ "group": "U2F",
"version": "1.0.0",
"success": {
"fields": {
- "Success 204": [
+ "Success 302": [
{
- "group": "Success 204",
+ "group": "Success 302",
"optional": false,
- "field": "status",
- "description": "The U2F registration succeeded.
"
+ "field": "Redirect",
+ "description": "to the URL that has been stored during last call to /verify.
"
}
]
}
@@ -515,7 +592,7 @@
"type": "none",
"optional": false,
"field": "error",
- "description": "Unexpected identity validation challenge.
"
+ "description": "No authentication request has been provided.
"
}
],
"Error 500": [
@@ -529,9 +606,45 @@
]
}
},
+ "description": "Complete authentication request of the U2F device.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "U2F",
+ "header": {
+ "fields": {
+ "Header": [
+ {
+ "group": "Header",
+ "type": "String",
+ "optional": false,
+ "field": "Cookie",
+ "description": "Cookie containing "connect.sid", the user session token.
"
+ }
+ ]
+ }
+ }
+ },
+ {
+ "type": "post",
+ "url": "/api/secondfactor/u2f/register",
+ "title": "Complete U2F registration",
+ "name": "FinishU2FRegistration",
+ "group": "U2F",
+ "version": "1.0.0",
+ "success": {
+ "fields": {
+ "Success 302": [
+ {
+ "group": "Success 302",
+ "optional": false,
+ "field": "Redirect",
+ "description": "to the URL that has been stored during last call to /verify.
"
+ }
+ ]
+ }
+ },
"description": "Complete U2F registration request.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Registration",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "U2F",
"header": {
"fields": {
"Header": [
@@ -540,137 +653,13 @@
"type": "String",
"optional": false,
"field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
- }
- ]
- }
- }
- },
- {
- "type": "post",
- "url": "/authentication/new-totp-secret",
- "title": "Generate TOTP secret",
- "name": "GenerateTOTPSecret",
- "group": "Registration",
- "version": "1.0.0",
- "success": {
- "fields": {
- "Success 200": [
- {
- "group": "Success 200",
- "type": "String",
- "optional": false,
- "field": "base32",
- "description": "The base32 representation of the secret.
"
- },
- {
- "group": "Success 200",
- "type": "String",
- "optional": false,
- "field": "ascii",
- "description": "The ASCII representation of the secret.
"
- },
- {
- "group": "Success 200",
- "type": "String",
- "optional": false,
- "field": "qrcode",
- "description": "The QRCode of the secret in URI format.
"
+ "description": "Cookie containing "connect.sid", the user session token.
"
}
]
}
},
"error": {
"fields": {
- "Error 403": [
- {
- "group": "Error 403",
- "type": "String",
- "optional": false,
- "field": "error",
- "description": "No user provided in the session or unexpected identity validation challenge in the session.
"
- }
- ],
- "Error 500": [
- {
- "group": "Error 500",
- "type": "String",
- "optional": false,
- "field": "error",
- "description": "Internal error message
"
- }
- ]
- }
- },
- "description": "Generate a new TOTP secret and returns it.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Registration",
- "header": {
- "fields": {
- "Header": [
- {
- "group": "Header",
- "type": "String",
- "optional": false,
- "field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
- }
- ]
- }
- }
- },
- {
- "type": "post",
- "url": "/authentication/reset-password",
- "title": "Request for password reset",
- "name": "RequestPasswordReset",
- "group": "Registration",
- "version": "1.0.0",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Registration",
- "header": {
- "fields": {
- "Header": [
- {
- "group": "Header",
- "type": "String",
- "optional": false,
- "field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
- }
- ]
- }
- },
- "success": {
- "fields": {
- "Success 204": [
- {
- "group": "Success 204",
- "optional": false,
- "field": "status",
- "description": "Identity validation has been initiated.
"
- }
- ]
- }
- },
- "error": {
- "fields": {
- "Error 403": [
- {
- "group": "Error 403",
- "optional": false,
- "field": "AccessDenied",
- "description": "Access is denied.
"
- }
- ],
- "Error 400": [
- {
- "group": "Error 400",
- "optional": false,
- "field": "InvalidIdentity",
- "description": "User identity is invalid.
"
- }
- ],
"Error 500": [
{
"group": "Error 500",
@@ -681,83 +670,17 @@
}
]
}
- },
- "description": "This request issue an identity validation token for the user bound to the session. It sends a challenge to the email address set in the user LDAP entry. The user must visit the sent URL to complete the validation and continue the registration process.
"
+ }
},
{
- "type": "post",
- "url": "/authentication/totp-register",
- "title": "Request TOTP registration",
- "name": "RequestTOTPRegistration",
- "group": "Registration",
- "version": "1.0.0",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Registration",
- "header": {
- "fields": {
- "Header": [
- {
- "group": "Header",
- "type": "String",
- "optional": false,
- "field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
- }
- ]
- }
- },
- "success": {
- "fields": {
- "Success 204": [
- {
- "group": "Success 204",
- "optional": false,
- "field": "status",
- "description": "Identity validation has been initiated.
"
- }
- ]
- }
- },
- "error": {
- "fields": {
- "Error 403": [
- {
- "group": "Error 403",
- "optional": false,
- "field": "AccessDenied",
- "description": "Access is denied.
"
- }
- ],
- "Error 400": [
- {
- "group": "Error 400",
- "optional": false,
- "field": "InvalidIdentity",
- "description": "User identity is invalid.
"
- }
- ],
- "Error 500": [
- {
- "group": "Error 500",
- "type": "String",
- "optional": false,
- "field": "error",
- "description": "Internal error message.
"
- }
- ]
- }
- },
- "description": "This request issue an identity validation token for the user bound to the session. It sends a challenge to the email address set in the user LDAP entry. The user must visit the sent URL to complete the validation and continue the registration process.
"
- },
- {
- "type": "post",
- "url": "/authentication/u2f-register",
- "title": "Request U2F registration",
+ "type": "get",
+ "url": "/secondfactor/u2f/identity/start",
+ "title": "Start U2F registration identity validation",
"name": "RequestU2FRegistration",
- "group": "Registration",
+ "group": "U2F",
"version": "1.0.0",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Registration",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "U2F",
"header": {
"fields": {
"Header": [
@@ -766,7 +689,7 @@
"type": "String",
"optional": false,
"field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
+ "description": "Cookie containing "connect.sid", the user session token.
"
}
]
}
@@ -816,14 +739,14 @@
},
{
"type": "get",
- "url": "/authentication/totp-register",
- "title": "Serve TOTP registration page",
- "name": "ServeTOTPRegistrationPage",
- "group": "Registration",
+ "url": "/secondfactor/u2f/identity/finish",
+ "title": "Finish U2F registration identity validation",
+ "name": "ServeU2FRegistrationPage",
+ "group": "U2F",
"version": "1.0.0",
- "description": "Serves the TOTP registration page that displays the secret. The secret is a QRCode and a base32 secret.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Registration",
+ "description": "Serves the U2F registration page that asks the user to touch the token of the U2F device.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "U2F",
"header": {
"fields": {
"Header": [
@@ -832,7 +755,7 @@
"type": "String",
"optional": false,
"field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
+ "description": "Cookie containing "connect.sid", the user session token.
"
}
]
}
@@ -886,28 +809,49 @@
}
},
{
- "type": "post",
- "url": "/authentication/new-password",
- "title": "Set LDAP password",
- "name": "SetLDAPPassword",
- "group": "Registration",
+ "type": "get",
+ "url": "/api/u2f/sign_request",
+ "title": "Start U2F authentication",
+ "name": "StartU2FAuthentication",
+ "group": "U2F",
"version": "1.0.0",
- "parameter": {
+ "success": {
"fields": {
- "Parameter": [
+ "Success 200": [
{
- "group": "Parameter",
- "type": "String",
+ "group": "Success 200",
"optional": false,
- "field": "password",
- "description": "New password
"
+ "field": "authentication_request",
+ "description": "The U2F authentication request.
"
}
]
}
},
- "description": "Set a new password for the user.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Registration",
+ "error": {
+ "fields": {
+ "Error 401": [
+ {
+ "group": "Error 401",
+ "type": "none",
+ "optional": false,
+ "field": "error",
+ "description": "There is no key registered for user in session.
"
+ }
+ ],
+ "Error 500": [
+ {
+ "group": "Error 500",
+ "type": "String",
+ "optional": false,
+ "field": "error",
+ "description": "Internal error message.
"
+ }
+ ]
+ }
+ },
+ "description": "Initiate an authentication request using a U2F device.
",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "U2F",
"header": {
"fields": {
"Header": [
@@ -916,7 +860,7 @@
"type": "String",
"optional": false,
"field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
+ "description": "Cookie containing "connect.sid", the user session token.
"
}
]
}
@@ -924,10 +868,10 @@
},
{
"type": "get",
- "url": "/authentication/2ndfactor/u2f/register_request",
- "title": "U2F Start device registration",
+ "url": "/api/u2f/register_request",
+ "title": "Start U2F registration",
"name": "StartU2FRegistration",
- "group": "Registration",
+ "group": "U2F",
"version": "1.0.0",
"success": {
"fields": {
@@ -964,8 +908,8 @@
}
},
"description": "Initiate a U2F device registration request.
",
- "filename": "src/lib/setup_endpoints.js",
- "groupTitle": "Registration",
+ "filename": "src/server/endpoints.ts",
+ "groupTitle": "U2F",
"header": {
"fields": {
"Header": [
@@ -974,7 +918,7 @@
"type": "String",
"optional": false,
"field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
+ "description": "Cookie containing "connect.sid", the user session token.
"
}
]
}
@@ -982,7 +926,7 @@
},
{
"type": "get",
- "url": "/authentication/verify",
+ "url": "/verify",
"title": "Verify user authentication",
"name": "VerifyAuthentication",
"group": "Verification",
@@ -1012,7 +956,7 @@
}
},
"description": "Verify that the user is authenticated, i.e., the two factors have been validated
",
- "filename": "src/lib/setup_endpoints.js",
+ "filename": "src/server/endpoints.ts",
"groupTitle": "Verification",
"header": {
"fields": {
@@ -1022,7 +966,7 @@
"type": "String",
"optional": false,
"field": "Cookie",
- "description": "Cookie containing 'connect.sid', the user session token.
"
+ "description": "Cookie containing "connect.sid", the user session token.
"
}
]
}
diff --git a/doc/api_project.js b/doc/api_project.js
index e51a09d6..9b4ecf09 100644
--- a/doc/api_project.js
+++ b/doc/api_project.js
@@ -1,15 +1,15 @@
define({
"title": "Authelia API documentation",
"name": "authelia",
- "version": "1.0.11",
- "description": "2-factor authentication server using LDAP as 1st factor and TOTP or U2F as 2nd factor",
+ "version": "2.1.3",
+ "description": "2FA Single Sign-On server for nginx using LDAP, TOTP and U2F",
"sampleUrl": false,
"defaultVersion": "0.0.0",
"apidoc": "0.3.0",
"generator": {
"name": "apidoc",
- "time": "2017-01-29T00:44:17.687Z",
+ "time": "2017-06-11T20:41:36.025Z",
"url": "http://apidocjs.com",
- "version": "0.17.5"
+ "version": "0.17.6"
}
});
diff --git a/doc/api_project.json b/doc/api_project.json
index 8962ef15..b27e7e63 100644
--- a/doc/api_project.json
+++ b/doc/api_project.json
@@ -1,15 +1,15 @@
{
"title": "Authelia API documentation",
"name": "authelia",
- "version": "1.0.11",
- "description": "2-factor authentication server using LDAP as 1st factor and TOTP or U2F as 2nd factor",
+ "version": "2.1.3",
+ "description": "2FA Single Sign-On server for nginx using LDAP, TOTP and U2F",
"sampleUrl": false,
"defaultVersion": "0.0.0",
"apidoc": "0.3.0",
"generator": {
"name": "apidoc",
- "time": "2017-01-29T00:44:17.687Z",
+ "time": "2017-06-11T20:41:36.025Z",
"url": "http://apidocjs.com",
- "version": "0.17.5"
+ "version": "0.17.6"
}
}
diff --git a/doc/css/style.css b/doc/css/style.css
index eb953166..6468b2b2 100644
--- a/doc/css/style.css
+++ b/doc/css/style.css
@@ -172,6 +172,7 @@ pre {
border-radius: 6px;
position: relative;
margin: 10px 0 20px 0;
+ overflow-x: auto;
}
pre.prettyprint {
diff --git a/doc/index.html b/doc/index.html
index d6347f26..5f04deda 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -224,7 +224,7 @@
{{#each params.examples}}
-
{{{reformat content type}}}
+
{{reformat content type}}
{{/each}}
@@ -274,7 +274,7 @@
{{#each this}}
{{field}}
{{/each}}
diff --git a/doc/locales/locale.js b/doc/locales/locale.js
index efe980ab..ba82385a 100644
--- a/doc/locales/locale.js
+++ b/doc/locales/locale.js
@@ -9,6 +9,8 @@ define([
'./locales/pt_br.js',
'./locales/ro.js',
'./locales/ru.js',
+ './locales/tr.js',
+ './locales/vi.js',
'./locales/zh.js',
'./locales/zh_cn.js'
], function() {
diff --git a/doc/locales/tr.js b/doc/locales/tr.js
new file mode 100644
index 00000000..5c64e52d
--- /dev/null
+++ b/doc/locales/tr.js
@@ -0,0 +1,25 @@
+define({
+ tr: {
+ 'Allowed values:' : 'İzin verilen değerler:',
+ 'Compare all with predecessor': 'Tümünü öncekiler ile karşılaştır',
+ 'compare changes to:' : 'değişiklikleri karşılaştır:',
+ 'compared to' : 'karşılaştır',
+ 'Default value:' : 'Varsayılan değer:',
+ 'Description' : 'Açıklama',
+ 'Field' : 'Alan',
+ 'General' : 'Genel',
+ 'Generated with' : 'Oluşturan',
+ 'Name' : 'İsim',
+ 'No response values.' : 'Dönüş verisi yok.',
+ 'optional' : 'opsiyonel',
+ 'Parameter' : 'Parametre',
+ 'Permission:' : 'İzin:',
+ 'Response' : 'Dönüş',
+ 'Send' : 'Gönder',
+ 'Send a Sample Request' : 'Örnek istek gönder',
+ 'show up to version:' : 'bu versiyona kadar göster:',
+ 'Size range:' : 'Boyut aralığı:',
+ 'Type' : 'Tip',
+ 'url' : 'url'
+ }
+});
diff --git a/doc/locales/vi.js b/doc/locales/vi.js
new file mode 100644
index 00000000..7ce77050
--- /dev/null
+++ b/doc/locales/vi.js
@@ -0,0 +1,25 @@
+define({
+ vi: {
+ 'Allowed values:' : 'Giá trị chấp nhận:',
+ 'Compare all with predecessor': 'So sánh với tất cả phiên bản trước',
+ 'compare changes to:' : 'so sánh sự thay đổi với:',
+ 'compared to' : 'so sánh với',
+ 'Default value:' : 'Giá trị mặc định:',
+ 'Description' : 'Chú thích',
+ 'Field' : 'Trường dữ liệu',
+ 'General' : 'Tổng quan',
+ 'Generated with' : 'Được tạo bởi',
+ 'Name' : 'Tên',
+ 'No response values.' : 'Không có kết quả trả về.',
+ 'optional' : 'Tùy chọn',
+ 'Parameter' : 'Tham số',
+ 'Permission:' : 'Quyền hạn:',
+ 'Response' : 'Kết quả',
+ 'Send' : 'Gửi',
+ 'Send a Sample Request' : 'Gửi một yêu cầu mẫu',
+ 'show up to version:' : 'hiển thị phiên bản:',
+ 'Size range:' : 'Kích cỡ:',
+ 'Type' : 'Kiểu',
+ 'url' : 'liên kết'
+ }
+});
diff --git a/doc/utils/send_sample_request.js b/doc/utils/send_sample_request.js
index a03877ec..f2396ea9 100755
--- a/doc/utils/send_sample_request.js
+++ b/doc/utils/send_sample_request.js
@@ -50,7 +50,9 @@ define([
var paramType = {};
$root.find(".sample-request-param:checked").each(function(i, element) {
var group = $(element).data("sample-request-param-group-id");
- $root.find("[data-sample-request-param-group=\"" + group + "\"]").each(function(i, element) {
+ $root.find("[data-sample-request-param-group=\"" + group + "\"]").not(function(){
+ return $(this).val() == "" && $(this).is("[data-sample-request-param-optional='true']");
+ }).each(function(i, element) {
var key = $(element).data("sample-request-param-name");
var value = element.value;
if ( ! element.optional && element.defaultValue !== '') {
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
index bbdd7bc4..79b5208b 100644
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@@ -4,8 +4,8 @@ services:
auth:
volumes:
- ./test:/usr/src/test
- - ./src/views:/usr/src/views
- - ./src/public_html:/usr/src/public_html
+ - ./dist/src/server:/usr/src
+ - ./node_modules:/usr/src/node_modules
- ./config.yml:/etc/auth-server/config.yml:ro
ldap-admin:
diff --git a/example/ldap/base.ldif b/example/ldap/base.ldif
index 07d4e5a8..97ca0356 100644
--- a/example/ldap/base.ldif
+++ b/example/ldap/base.ldif
@@ -25,7 +25,7 @@ dn: cn=john,ou=users,dc=example,dc=com
cn: john
objectclass: inetOrgPerson
objectclass: top
-mail: john.doe@example.com
+mail: clement.michaud34@gmail.com
sn: John Doe
userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
diff --git a/example/nginx_conf/nginx.conf b/example/nginx_conf/nginx.conf
index fc666447..400eb115 100644
--- a/example/nginx_conf/nginx.conf
+++ b/example/nginx_conf/nginx.conf
@@ -30,10 +30,6 @@ http {
ssl_certificate /etc/ssl/server.crt;
ssl_certificate_key /etc/ssl/server.key;
- error_page 401 = @error401;
- location @error401 {
- return 302 https://auth.test.local:8080/login?redirect=$scheme://$http_host$request_uri;
- }
location / {
proxy_set_header X-Original-URI $request_uri;
@@ -41,18 +37,12 @@ http {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://auth/;
- }
- location /js/ {
- proxy_pass http://auth/js/;
- }
+ proxy_intercept_errors on;
- location /img/ {
- proxy_pass http://auth/img/;
- }
-
- location /css/ {
- proxy_pass http://auth/css/;
+ error_page 401 = /error/401;
+ error_page 403 = /error/403;
+ error_page 404 = /error/404;
}
}
@@ -61,8 +51,7 @@ http {
root /usr/share/nginx/html;
server_name secret1.test.local secret2.test.local secret.test.local
- home.test.local mx1.mail.test.local mx2.mail.test.local
- localhost;
+ home.test.local mx1.mail.test.local mx2.mail.test.local;
ssl on;
ssl_certificate /etc/ssl/server.crt;
@@ -70,7 +59,7 @@ http {
error_page 401 = @error401;
location @error401 {
- return 302 https://auth.test.local:8080/login?redirect=$scheme://$http_host$request_uri;
+ return 302 https://auth.test.local:8080;
}
location /auth_verify {
diff --git a/images/email_confirmation.png b/images/email_confirmation.png
new file mode 100644
index 00000000..fd0d84e0
Binary files /dev/null and b/images/email_confirmation.png differ
diff --git a/images/first_factor.png b/images/first_factor.png
index 9f388325..195bc3c9 100644
Binary files a/images/first_factor.png and b/images/first_factor.png differ
diff --git a/images/reset_password.png b/images/reset_password.png
new file mode 100644
index 00000000..2d88a3cd
Binary files /dev/null and b/images/reset_password.png differ
diff --git a/images/second_factor.png b/images/second_factor.png
index e98452fb..7b4761ca 100644
Binary files a/images/second_factor.png and b/images/second_factor.png differ
diff --git a/images/secret-key.png b/images/secret-key.png
deleted file mode 100644
index 30a6a75c..00000000
Binary files a/images/secret-key.png and /dev/null differ
diff --git a/images/totp.png b/images/totp.png
index 30f84a7b..3c58db61 100644
Binary files a/images/totp.png and b/images/totp.png differ
diff --git a/images/u2f.png b/images/u2f.png
index 6ca0beef..15abd489 100644
Binary files a/images/u2f.png and b/images/u2f.png differ
diff --git a/package.json b/package.json
index 6347bcb8..f0e70b08 100644
--- a/package.json
+++ b/package.json
@@ -1,20 +1,18 @@
{
"name": "authelia",
"version": "2.1.9",
- "description": "2-factor authentication server using LDAP as 1st factor and TOTP or U2F as 2nd factor",
+ "description": "2FA Single Sign-On server for nginx using LDAP, TOTP and U2F",
"main": "src/index.js",
"bin": {
"authelia": "src/index.js"
},
"scripts": {
- "test": "./node_modules/.bin/mocha --compilers ts:ts-node/register --recursive test/unitary",
- "test-dbg": "./node_modules/.bin/mocha --debug-brk --compilers ts:ts-node/register --recursive test/unitary",
- "int-test": "./node_modules/.bin/mocha --recursive test/integration",
- "coverage": "./node_modules/.bin/istanbul cover _mocha -- -R spec --recursive test",
- "build-ts": "tsc",
- "watch-ts": "tsc -w",
+ "test": "./node_modules/.bin/mocha --compilers ts:ts-node/register --recursive test/client test/server",
+ "int-test": "./node_modules/.bin/mocha --compilers ts:ts-node/register --recursive test/integration",
+ "cover": "NODE_ENV=test nyc npm t",
+ "build": "tsc",
"tslint": "tslint -c tslint.json -p tsconfig.json",
- "serve": "node dist/src/index.js"
+ "serve": "node dist/server/index.js"
},
"repository": {
"type": "git",
@@ -29,7 +27,7 @@
"title": "Authelia API documentation"
},
"dependencies": {
- "authdog": "^0.1.1",
+ "@types/cors": "^2.8.1",
"bluebird": "^3.4.7",
"body-parser": "^1.15.2",
"dovehash": "0.0.5",
@@ -40,8 +38,10 @@
"nedb": "^1.8.0",
"nodemailer": "^2.7.0",
"object-path": "^0.11.3",
+ "pug": "^2.0.0-rc.2",
"randomstring": "^1.1.5",
"speakeasy": "^2.0.0",
+ "u2f": "^0.1.2",
"winston": "^2.3.1",
"yamljs": "^0.2.8"
},
@@ -52,6 +52,8 @@
"@types/ejs": "^2.3.33",
"@types/express": "^4.0.35",
"@types/express-session": "0.0.32",
+ "@types/jquery": "^2.0.45",
+ "@types/jsdom": "^2.0.30",
"@types/ldapjs": "^1.0.0",
"@types/mocha": "^2.2.41",
"@types/mockdate": "^2.0.0",
@@ -59,6 +61,7 @@
"@types/nodemailer": "^1.3.32",
"@types/object-path": "^0.9.28",
"@types/proxyquire": "^1.3.27",
+ "@types/query-string": "^4.3.1",
"@types/randomstring": "^1.1.5",
"@types/request": "0.0.43",
"@types/sinon": "^2.2.1",
@@ -66,12 +69,25 @@
"@types/tmp": "0.0.33",
"@types/winston": "^2.3.2",
"@types/yamljs": "^0.2.30",
+ "apidoc": "^0.17.6",
+ "browserify": "^14.3.0",
"grunt": "^1.0.1",
+ "grunt-browserify": "^5.0.0",
+ "grunt-contrib-concat": "^1.0.1",
"grunt-contrib-copy": "^1.0.0",
+ "grunt-contrib-cssmin": "^2.2.0",
+ "grunt-contrib-watch": "^1.0.0",
"grunt-run": "^0.6.0",
+ "istanbul": "^0.4.5",
+ "jquery": "^3.2.1",
+ "js-logger": "^1.3.0",
+ "jsdom": "^11.0.0",
"mocha": "^3.2.0",
"mockdate": "^2.0.1",
+ "notifyjs-browser": "^0.4.2",
+ "nyc": "^10.3.2",
"proxyquire": "^1.8.0",
+ "query-string": "^4.3.4",
"request": "^2.79.0",
"should": "^11.1.1",
"sinon": "^1.17.6",
@@ -79,6 +95,31 @@
"tmp": "0.0.31",
"ts-node": "^3.0.4",
"tslint": "^5.2.0",
- "typescript": "^2.3.2"
+ "typescript": "^2.3.2",
+ "u2f-api": "0.0.9",
+ "uglify-es": "^3.0.15"
+ },
+ "nyc": {
+ "include": [
+ "src/*.ts",
+ "src/**/*.ts"
+ ],
+ "exclude": [
+ "doc",
+ "src/types",
+ "dist",
+ "test"
+ ],
+ "extension": [
+ ".ts"
+ ],
+ "require": [
+ "ts-node/register"
+ ],
+ "reporter": [
+ "json",
+ "html"
+ ],
+ "all": true
}
}
diff --git a/src/client/css/00-bootstrap.min.css b/src/client/css/00-bootstrap.min.css
new file mode 100644
index 00000000..ed3905e0
--- /dev/null
+++ b/src/client/css/00-bootstrap.min.css
@@ -0,0 +1,6 @@
+/*!
+ * Bootstrap v3.3.7 (http://getbootstrap.com)
+ * Copyright 2011-2016 Twitter, Inc.
+ * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
+ *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{margin:.67em 0;font-size:2em}mark{color:#000;background:#ff0}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{height:0;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{margin:0;font:inherit;color:inherit}button{overflow:visible}button,select{text-transform:none}button,html input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{padding:0;border:0}input{line-height:normal}input[type=checkbox],input[type=radio]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;padding:0}input[type=number]::-webkit-inner-spin-button,input[type=number]::-webkit-outer-spin-button{height:auto}input[type=search]{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-appearance:textfield}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}fieldset{padding:.35em .625em .75em;margin:0 2px;border:1px solid silver}legend{padding:0;border:0}textarea{overflow:auto}optgroup{font-weight:700}table{border-spacing:0;border-collapse:collapse}td,th{padding:0}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,:after,:before{color:#000!important;text-shadow:none!important;background:0 0!important;-webkit-box-shadow:none!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}a[href^="javascript:"]:after,a[href^="#"]:after{content:""}blockquote,pre{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}img,tr{page-break-inside:avoid}img{max-width:100%!important}h2,h3,p{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000!important}.label{border:1px solid #000}.table{border-collapse:collapse!important}.table td,.table th{background-color:#fff!important}.table-bordered td,.table-bordered th{border:1px solid #ddd!important}}@font-face{font-family:'Glyphicons Halflings';src:url(../fonts/glyphicons-halflings-regular.eot);src:url(../fonts/glyphicons-halflings-regular.eot?#iefix) format('embedded-opentype'),url(../fonts/glyphicons-halflings-regular.woff2) format('woff2'),url(../fonts/glyphicons-halflings-regular.woff) format('woff'),url(../fonts/glyphicons-halflings-regular.ttf) format('truetype'),url(../fonts/glyphicons-halflings-regular.svg#glyphicons_halflingsregular) format('svg')}.glyphicon{position:relative;top:1px;display:inline-block;font-family:'Glyphicons Halflings';font-style:normal;font-weight:400;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.glyphicon-asterisk:before{content:"\002a"}.glyphicon-plus:before{content:"\002b"}.glyphicon-eur:before,.glyphicon-euro:before{content:"\20ac"}.glyphicon-minus:before{content:"\2212"}.glyphicon-cloud:before{content:"\2601"}.glyphicon-envelope:before{content:"\2709"}.glyphicon-pencil:before{content:"\270f"}.glyphicon-glass:before{content:"\e001"}.glyphicon-music:before{content:"\e002"}.glyphicon-search:before{content:"\e003"}.glyphicon-heart:before{content:"\e005"}.glyphicon-star:before{content:"\e006"}.glyphicon-star-empty:before{content:"\e007"}.glyphicon-user:before{content:"\e008"}.glyphicon-film:before{content:"\e009"}.glyphicon-th-large:before{content:"\e010"}.glyphicon-th:before{content:"\e011"}.glyphicon-th-list:before{content:"\e012"}.glyphicon-ok:before{content:"\e013"}.glyphicon-remove:before{content:"\e014"}.glyphicon-zoom-in:before{content:"\e015"}.glyphicon-zoom-out:before{content:"\e016"}.glyphicon-off:before{content:"\e017"}.glyphicon-signal:before{content:"\e018"}.glyphicon-cog:before{content:"\e019"}.glyphicon-trash:before{content:"\e020"}.glyphicon-home:before{content:"\e021"}.glyphicon-file:before{content:"\e022"}.glyphicon-time:before{content:"\e023"}.glyphicon-road:before{content:"\e024"}.glyphicon-download-alt:before{content:"\e025"}.glyphicon-download:before{content:"\e026"}.glyphicon-upload:before{content:"\e027"}.glyphicon-inbox:before{content:"\e028"}.glyphicon-play-circle:before{content:"\e029"}.glyphicon-repeat:before{content:"\e030"}.glyphicon-refresh:before{content:"\e031"}.glyphicon-list-alt:before{content:"\e032"}.glyphicon-lock:before{content:"\e033"}.glyphicon-flag:before{content:"\e034"}.glyphicon-headphones:before{content:"\e035"}.glyphicon-volume-off:before{content:"\e036"}.glyphicon-volume-down:before{content:"\e037"}.glyphicon-volume-up:before{content:"\e038"}.glyphicon-qrcode:before{content:"\e039"}.glyphicon-barcode:before{content:"\e040"}.glyphicon-tag:before{content:"\e041"}.glyphicon-tags:before{content:"\e042"}.glyphicon-book:before{content:"\e043"}.glyphicon-bookmark:before{content:"\e044"}.glyphicon-print:before{content:"\e045"}.glyphicon-camera:before{content:"\e046"}.glyphicon-font:before{content:"\e047"}.glyphicon-bold:before{content:"\e048"}.glyphicon-italic:before{content:"\e049"}.glyphicon-text-height:before{content:"\e050"}.glyphicon-text-width:before{content:"\e051"}.glyphicon-align-left:before{content:"\e052"}.glyphicon-align-center:before{content:"\e053"}.glyphicon-align-right:before{content:"\e054"}.glyphicon-align-justify:before{content:"\e055"}.glyphicon-list:before{content:"\e056"}.glyphicon-indent-left:before{content:"\e057"}.glyphicon-indent-right:before{content:"\e058"}.glyphicon-facetime-video:before{content:"\e059"}.glyphicon-picture:before{content:"\e060"}.glyphicon-map-marker:before{content:"\e062"}.glyphicon-adjust:before{content:"\e063"}.glyphicon-tint:before{content:"\e064"}.glyphicon-edit:before{content:"\e065"}.glyphicon-share:before{content:"\e066"}.glyphicon-check:before{content:"\e067"}.glyphicon-move:before{content:"\e068"}.glyphicon-step-backward:before{content:"\e069"}.glyphicon-fast-backward:before{content:"\e070"}.glyphicon-backward:before{content:"\e071"}.glyphicon-play:before{content:"\e072"}.glyphicon-pause:before{content:"\e073"}.glyphicon-stop:before{content:"\e074"}.glyphicon-forward:before{content:"\e075"}.glyphicon-fast-forward:before{content:"\e076"}.glyphicon-step-forward:before{content:"\e077"}.glyphicon-eject:before{content:"\e078"}.glyphicon-chevron-left:before{content:"\e079"}.glyphicon-chevron-right:before{content:"\e080"}.glyphicon-plus-sign:before{content:"\e081"}.glyphicon-minus-sign:before{content:"\e082"}.glyphicon-remove-sign:before{content:"\e083"}.glyphicon-ok-sign:before{content:"\e084"}.glyphicon-question-sign:before{content:"\e085"}.glyphicon-info-sign:before{content:"\e086"}.glyphicon-screenshot:before{content:"\e087"}.glyphicon-remove-circle:before{content:"\e088"}.glyphicon-ok-circle:before{content:"\e089"}.glyphicon-ban-circle:before{content:"\e090"}.glyphicon-arrow-left:before{content:"\e091"}.glyphicon-arrow-right:before{content:"\e092"}.glyphicon-arrow-up:before{content:"\e093"}.glyphicon-arrow-down:before{content:"\e094"}.glyphicon-share-alt:before{content:"\e095"}.glyphicon-resize-full:before{content:"\e096"}.glyphicon-resize-small:before{content:"\e097"}.glyphicon-exclamation-sign:before{content:"\e101"}.glyphicon-gift:before{content:"\e102"}.glyphicon-leaf:before{content:"\e103"}.glyphicon-fire:before{content:"\e104"}.glyphicon-eye-open:before{content:"\e105"}.glyphicon-eye-close:before{content:"\e106"}.glyphicon-warning-sign:before{content:"\e107"}.glyphicon-plane:before{content:"\e108"}.glyphicon-calendar:before{content:"\e109"}.glyphicon-random:before{content:"\e110"}.glyphicon-comment:before{content:"\e111"}.glyphicon-magnet:before{content:"\e112"}.glyphicon-chevron-up:before{content:"\e113"}.glyphicon-chevron-down:before{content:"\e114"}.glyphicon-retweet:before{content:"\e115"}.glyphicon-shopping-cart:before{content:"\e116"}.glyphicon-folder-close:before{content:"\e117"}.glyphicon-folder-open:before{content:"\e118"}.glyphicon-resize-vertical:before{content:"\e119"}.glyphicon-resize-horizontal:before{content:"\e120"}.glyphicon-hdd:before{content:"\e121"}.glyphicon-bullhorn:before{content:"\e122"}.glyphicon-bell:before{content:"\e123"}.glyphicon-certificate:before{content:"\e124"}.glyphicon-thumbs-up:before{content:"\e125"}.glyphicon-thumbs-down:before{content:"\e126"}.glyphicon-hand-right:before{content:"\e127"}.glyphicon-hand-left:before{content:"\e128"}.glyphicon-hand-up:before{content:"\e129"}.glyphicon-hand-down:before{content:"\e130"}.glyphicon-circle-arrow-right:before{content:"\e131"}.glyphicon-circle-arrow-left:before{content:"\e132"}.glyphicon-circle-arrow-up:before{content:"\e133"}.glyphicon-circle-arrow-down:before{content:"\e134"}.glyphicon-globe:before{content:"\e135"}.glyphicon-wrench:before{content:"\e136"}.glyphicon-tasks:before{content:"\e137"}.glyphicon-filter:before{content:"\e138"}.glyphicon-briefcase:before{content:"\e139"}.glyphicon-fullscreen:before{content:"\e140"}.glyphicon-dashboard:before{content:"\e141"}.glyphicon-paperclip:before{content:"\e142"}.glyphicon-heart-empty:before{content:"\e143"}.glyphicon-link:before{content:"\e144"}.glyphicon-phone:before{content:"\e145"}.glyphicon-pushpin:before{content:"\e146"}.glyphicon-usd:before{content:"\e148"}.glyphicon-gbp:before{content:"\e149"}.glyphicon-sort:before{content:"\e150"}.glyphicon-sort-by-alphabet:before{content:"\e151"}.glyphicon-sort-by-alphabet-alt:before{content:"\e152"}.glyphicon-sort-by-order:before{content:"\e153"}.glyphicon-sort-by-order-alt:before{content:"\e154"}.glyphicon-sort-by-attributes:before{content:"\e155"}.glyphicon-sort-by-attributes-alt:before{content:"\e156"}.glyphicon-unchecked:before{content:"\e157"}.glyphicon-expand:before{content:"\e158"}.glyphicon-collapse-down:before{content:"\e159"}.glyphicon-collapse-up:before{content:"\e160"}.glyphicon-log-in:before{content:"\e161"}.glyphicon-flash:before{content:"\e162"}.glyphicon-log-out:before{content:"\e163"}.glyphicon-new-window:before{content:"\e164"}.glyphicon-record:before{content:"\e165"}.glyphicon-save:before{content:"\e166"}.glyphicon-open:before{content:"\e167"}.glyphicon-saved:before{content:"\e168"}.glyphicon-import:before{content:"\e169"}.glyphicon-export:before{content:"\e170"}.glyphicon-send:before{content:"\e171"}.glyphicon-floppy-disk:before{content:"\e172"}.glyphicon-floppy-saved:before{content:"\e173"}.glyphicon-floppy-remove:before{content:"\e174"}.glyphicon-floppy-save:before{content:"\e175"}.glyphicon-floppy-open:before{content:"\e176"}.glyphicon-credit-card:before{content:"\e177"}.glyphicon-transfer:before{content:"\e178"}.glyphicon-cutlery:before{content:"\e179"}.glyphicon-header:before{content:"\e180"}.glyphicon-compressed:before{content:"\e181"}.glyphicon-earphone:before{content:"\e182"}.glyphicon-phone-alt:before{content:"\e183"}.glyphicon-tower:before{content:"\e184"}.glyphicon-stats:before{content:"\e185"}.glyphicon-sd-video:before{content:"\e186"}.glyphicon-hd-video:before{content:"\e187"}.glyphicon-subtitles:before{content:"\e188"}.glyphicon-sound-stereo:before{content:"\e189"}.glyphicon-sound-dolby:before{content:"\e190"}.glyphicon-sound-5-1:before{content:"\e191"}.glyphicon-sound-6-1:before{content:"\e192"}.glyphicon-sound-7-1:before{content:"\e193"}.glyphicon-copyright-mark:before{content:"\e194"}.glyphicon-registration-mark:before{content:"\e195"}.glyphicon-cloud-download:before{content:"\e197"}.glyphicon-cloud-upload:before{content:"\e198"}.glyphicon-tree-conifer:before{content:"\e199"}.glyphicon-tree-deciduous:before{content:"\e200"}.glyphicon-cd:before{content:"\e201"}.glyphicon-save-file:before{content:"\e202"}.glyphicon-open-file:before{content:"\e203"}.glyphicon-level-up:before{content:"\e204"}.glyphicon-copy:before{content:"\e205"}.glyphicon-paste:before{content:"\e206"}.glyphicon-alert:before{content:"\e209"}.glyphicon-equalizer:before{content:"\e210"}.glyphicon-king:before{content:"\e211"}.glyphicon-queen:before{content:"\e212"}.glyphicon-pawn:before{content:"\e213"}.glyphicon-bishop:before{content:"\e214"}.glyphicon-knight:before{content:"\e215"}.glyphicon-baby-formula:before{content:"\e216"}.glyphicon-tent:before{content:"\26fa"}.glyphicon-blackboard:before{content:"\e218"}.glyphicon-bed:before{content:"\e219"}.glyphicon-apple:before{content:"\f8ff"}.glyphicon-erase:before{content:"\e221"}.glyphicon-hourglass:before{content:"\231b"}.glyphicon-lamp:before{content:"\e223"}.glyphicon-duplicate:before{content:"\e224"}.glyphicon-piggy-bank:before{content:"\e225"}.glyphicon-scissors:before{content:"\e226"}.glyphicon-bitcoin:before{content:"\e227"}.glyphicon-btc:before{content:"\e227"}.glyphicon-xbt:before{content:"\e227"}.glyphicon-yen:before{content:"\00a5"}.glyphicon-jpy:before{content:"\00a5"}.glyphicon-ruble:before{content:"\20bd"}.glyphicon-rub:before{content:"\20bd"}.glyphicon-scale:before{content:"\e230"}.glyphicon-ice-lolly:before{content:"\e231"}.glyphicon-ice-lolly-tasted:before{content:"\e232"}.glyphicon-education:before{content:"\e233"}.glyphicon-option-horizontal:before{content:"\e234"}.glyphicon-option-vertical:before{content:"\e235"}.glyphicon-menu-hamburger:before{content:"\e236"}.glyphicon-modal-window:before{content:"\e237"}.glyphicon-oil:before{content:"\e238"}.glyphicon-grain:before{content:"\e239"}.glyphicon-sunglasses:before{content:"\e240"}.glyphicon-text-size:before{content:"\e241"}.glyphicon-text-color:before{content:"\e242"}.glyphicon-text-background:before{content:"\e243"}.glyphicon-object-align-top:before{content:"\e244"}.glyphicon-object-align-bottom:before{content:"\e245"}.glyphicon-object-align-horizontal:before{content:"\e246"}.glyphicon-object-align-left:before{content:"\e247"}.glyphicon-object-align-vertical:before{content:"\e248"}.glyphicon-object-align-right:before{content:"\e249"}.glyphicon-triangle-right:before{content:"\e250"}.glyphicon-triangle-left:before{content:"\e251"}.glyphicon-triangle-bottom:before{content:"\e252"}.glyphicon-triangle-top:before{content:"\e253"}.glyphicon-console:before{content:"\e254"}.glyphicon-superscript:before{content:"\e255"}.glyphicon-subscript:before{content:"\e256"}.glyphicon-menu-left:before{content:"\e257"}.glyphicon-menu-right:before{content:"\e258"}.glyphicon-menu-down:before{content:"\e259"}.glyphicon-menu-up:before{content:"\e260"}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}:after,:before{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:10px;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.42857143;color:#333;background-color:#fff}button,input,select,textarea{font-family:inherit;font-size:inherit;line-height:inherit}a{color:#337ab7;text-decoration:none}a:focus,a:hover{color:#23527c;text-decoration:underline}a:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}figure{margin:0}img{vertical-align:middle}.carousel-inner>.item>a>img,.carousel-inner>.item>img,.img-responsive,.thumbnail a>img,.thumbnail>img{display:block;max-width:100%;height:auto}.img-rounded{border-radius:6px}.img-thumbnail{display:inline-block;max-width:100%;height:auto;padding:4px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;-o-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.img-circle{border-radius:50%}hr{margin-top:20px;margin-bottom:20px;border:0;border-top:1px solid #eee}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0,0,0,0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}[role=button]{cursor:pointer}.h1,.h2,.h3,.h4,.h5,.h6,h1,h2,h3,h4,h5,h6{font-family:inherit;font-weight:500;line-height:1.1;color:inherit}.h1 .small,.h1 small,.h2 .small,.h2 small,.h3 .small,.h3 small,.h4 .small,.h4 small,.h5 .small,.h5 small,.h6 .small,.h6 small,h1 .small,h1 small,h2 .small,h2 small,h3 .small,h3 small,h4 .small,h4 small,h5 .small,h5 small,h6 .small,h6 small{font-weight:400;line-height:1;color:#777}.h1,.h2,.h3,h1,h2,h3{margin-top:20px;margin-bottom:10px}.h1 .small,.h1 small,.h2 .small,.h2 small,.h3 .small,.h3 small,h1 .small,h1 small,h2 .small,h2 small,h3 .small,h3 small{font-size:65%}.h4,.h5,.h6,h4,h5,h6{margin-top:10px;margin-bottom:10px}.h4 .small,.h4 small,.h5 .small,.h5 small,.h6 .small,.h6 small,h4 .small,h4 small,h5 .small,h5 small,h6 .small,h6 small{font-size:75%}.h1,h1{font-size:36px}.h2,h2{font-size:30px}.h3,h3{font-size:24px}.h4,h4{font-size:18px}.h5,h5{font-size:14px}.h6,h6{font-size:12px}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:16px;font-weight:300;line-height:1.4}@media (min-width:768px){.lead{font-size:21px}}.small,small{font-size:85%}.mark,mark{padding:.2em;background-color:#fcf8e3}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}.text-justify{text-align:justify}.text-nowrap{white-space:nowrap}.text-lowercase{text-transform:lowercase}.text-uppercase{text-transform:uppercase}.text-capitalize{text-transform:capitalize}.text-muted{color:#777}.text-primary{color:#337ab7}a.text-primary:focus,a.text-primary:hover{color:#286090}.text-success{color:#3c763d}a.text-success:focus,a.text-success:hover{color:#2b542c}.text-info{color:#31708f}a.text-info:focus,a.text-info:hover{color:#245269}.text-warning{color:#8a6d3b}a.text-warning:focus,a.text-warning:hover{color:#66512c}.text-danger{color:#a94442}a.text-danger:focus,a.text-danger:hover{color:#843534}.bg-primary{color:#fff;background-color:#337ab7}a.bg-primary:focus,a.bg-primary:hover{background-color:#286090}.bg-success{background-color:#dff0d8}a.bg-success:focus,a.bg-success:hover{background-color:#c1e2b3}.bg-info{background-color:#d9edf7}a.bg-info:focus,a.bg-info:hover{background-color:#afd9ee}.bg-warning{background-color:#fcf8e3}a.bg-warning:focus,a.bg-warning:hover{background-color:#f7ecb5}.bg-danger{background-color:#f2dede}a.bg-danger:focus,a.bg-danger:hover{background-color:#e4b9b9}.page-header{padding-bottom:9px;margin:40px 0 20px;border-bottom:1px solid #eee}ol,ul{margin-top:0;margin-bottom:10px}ol ol,ol ul,ul ol,ul ul{margin-bottom:0}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;margin-left:-5px;list-style:none}.list-inline>li{display:inline-block;padding-right:5px;padding-left:5px}dl{margin-top:0;margin-bottom:20px}dd,dt{line-height:1.42857143}dt{font-weight:700}dd{margin-left:0}@media (min-width:768px){.dl-horizontal dt{float:left;width:160px;overflow:hidden;clear:left;text-align:right;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}}abbr[data-original-title],abbr[title]{cursor:help;border-bottom:1px dotted #777}.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:10px 20px;margin:0 0 20px;font-size:17.5px;border-left:5px solid #eee}blockquote ol:last-child,blockquote p:last-child,blockquote ul:last-child{margin-bottom:0}blockquote .small,blockquote footer,blockquote small{display:block;font-size:80%;line-height:1.42857143;color:#777}blockquote .small:before,blockquote footer:before,blockquote small:before{content:'\2014 \00A0'}.blockquote-reverse,blockquote.pull-right{padding-right:15px;padding-left:0;text-align:right;border-right:5px solid #eee;border-left:0}.blockquote-reverse .small:before,.blockquote-reverse footer:before,.blockquote-reverse small:before,blockquote.pull-right .small:before,blockquote.pull-right footer:before,blockquote.pull-right small:before{content:''}.blockquote-reverse .small:after,.blockquote-reverse footer:after,.blockquote-reverse small:after,blockquote.pull-right .small:after,blockquote.pull-right footer:after,blockquote.pull-right small:after{content:'\00A0 \2014'}address{margin-bottom:20px;font-style:normal;line-height:1.42857143}code,kbd,pre,samp{font-family:Menlo,Monaco,Consolas,"Courier New",monospace}code{padding:2px 4px;font-size:90%;color:#c7254e;background-color:#f9f2f4;border-radius:4px}kbd{padding:2px 4px;font-size:90%;color:#fff;background-color:#333;border-radius:3px;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,.25);box-shadow:inset 0 -1px 0 rgba(0,0,0,.25)}kbd kbd{padding:0;font-size:100%;font-weight:700;-webkit-box-shadow:none;box-shadow:none}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:1.42857143;color:#333;word-break:break-all;word-wrap:break-word;background-color:#f5f5f5;border:1px solid #ccc;border-radius:4px}pre code{padding:0;font-size:inherit;color:inherit;white-space:pre-wrap;background-color:transparent;border-radius:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}.row{margin-right:-15px;margin-left:-15px}.col-lg-1,.col-lg-10,.col-lg-11,.col-lg-12,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-md-1,.col-md-10,.col-md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-xs-1,.col-xs-10,.col-xs-11,.col-xs-12,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9{position:relative;min-height:1px;padding-right:15px;padding-left:15px}.col-xs-1,.col-xs-10,.col-xs-11,.col-xs-12,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666667%}.col-xs-10{width:83.33333333%}.col-xs-9{width:75%}.col-xs-8{width:66.66666667%}.col-xs-7{width:58.33333333%}.col-xs-6{width:50%}.col-xs-5{width:41.66666667%}.col-xs-4{width:33.33333333%}.col-xs-3{width:25%}.col-xs-2{width:16.66666667%}.col-xs-1{width:8.33333333%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666667%}.col-xs-pull-10{right:83.33333333%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666667%}.col-xs-pull-7{right:58.33333333%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666667%}.col-xs-pull-4{right:33.33333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.66666667%}.col-xs-pull-1{right:8.33333333%}.col-xs-pull-0{right:auto}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666667%}.col-xs-push-10{left:83.33333333%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666667%}.col-xs-push-7{left:58.33333333%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666667%}.col-xs-push-4{left:33.33333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.66666667%}.col-xs-push-1{left:8.33333333%}.col-xs-push-0{left:auto}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666667%}.col-xs-offset-10{margin-left:83.33333333%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666667%}.col-xs-offset-7{margin-left:58.33333333%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666667%}.col-xs-offset-4{margin-left:33.33333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.66666667%}.col-xs-offset-1{margin-left:8.33333333%}.col-xs-offset-0{margin-left:0}@media (min-width:768px){.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666667%}.col-sm-10{width:83.33333333%}.col-sm-9{width:75%}.col-sm-8{width:66.66666667%}.col-sm-7{width:58.33333333%}.col-sm-6{width:50%}.col-sm-5{width:41.66666667%}.col-sm-4{width:33.33333333%}.col-sm-3{width:25%}.col-sm-2{width:16.66666667%}.col-sm-1{width:8.33333333%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666667%}.col-sm-pull-10{right:83.33333333%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666667%}.col-sm-pull-7{right:58.33333333%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666667%}.col-sm-pull-4{right:33.33333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.66666667%}.col-sm-pull-1{right:8.33333333%}.col-sm-pull-0{right:auto}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666667%}.col-sm-push-10{left:83.33333333%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666667%}.col-sm-push-7{left:58.33333333%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666667%}.col-sm-push-4{left:33.33333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.66666667%}.col-sm-push-1{left:8.33333333%}.col-sm-push-0{left:auto}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666667%}.col-sm-offset-10{margin-left:83.33333333%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666667%}.col-sm-offset-7{margin-left:58.33333333%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666667%}.col-sm-offset-4{margin-left:33.33333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.66666667%}.col-sm-offset-1{margin-left:8.33333333%}.col-sm-offset-0{margin-left:0}}@media (min-width:992px){.col-md-1,.col-md-10,.col-md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666667%}.col-md-10{width:83.33333333%}.col-md-9{width:75%}.col-md-8{width:66.66666667%}.col-md-7{width:58.33333333%}.col-md-6{width:50%}.col-md-5{width:41.66666667%}.col-md-4{width:33.33333333%}.col-md-3{width:25%}.col-md-2{width:16.66666667%}.col-md-1{width:8.33333333%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666667%}.col-md-pull-10{right:83.33333333%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666667%}.col-md-pull-7{right:58.33333333%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666667%}.col-md-pull-4{right:33.33333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.66666667%}.col-md-pull-1{right:8.33333333%}.col-md-pull-0{right:auto}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666667%}.col-md-push-10{left:83.33333333%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666667%}.col-md-push-7{left:58.33333333%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666667%}.col-md-push-4{left:33.33333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.66666667%}.col-md-push-1{left:8.33333333%}.col-md-push-0{left:auto}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666667%}.col-md-offset-10{margin-left:83.33333333%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666667%}.col-md-offset-7{margin-left:58.33333333%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666667%}.col-md-offset-4{margin-left:33.33333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.66666667%}.col-md-offset-1{margin-left:8.33333333%}.col-md-offset-0{margin-left:0}}@media (min-width:1200px){.col-lg-1,.col-lg-10,.col-lg-11,.col-lg-12,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666667%}.col-lg-10{width:83.33333333%}.col-lg-9{width:75%}.col-lg-8{width:66.66666667%}.col-lg-7{width:58.33333333%}.col-lg-6{width:50%}.col-lg-5{width:41.66666667%}.col-lg-4{width:33.33333333%}.col-lg-3{width:25%}.col-lg-2{width:16.66666667%}.col-lg-1{width:8.33333333%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666667%}.col-lg-pull-10{right:83.33333333%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666667%}.col-lg-pull-7{right:58.33333333%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666667%}.col-lg-pull-4{right:33.33333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.66666667%}.col-lg-pull-1{right:8.33333333%}.col-lg-pull-0{right:auto}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666667%}.col-lg-push-10{left:83.33333333%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666667%}.col-lg-push-7{left:58.33333333%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666667%}.col-lg-push-4{left:33.33333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.66666667%}.col-lg-push-1{left:8.33333333%}.col-lg-push-0{left:auto}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666667%}.col-lg-offset-10{margin-left:83.33333333%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666667%}.col-lg-offset-7{margin-left:58.33333333%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666667%}.col-lg-offset-4{margin-left:33.33333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.66666667%}.col-lg-offset-1{margin-left:8.33333333%}.col-lg-offset-0{margin-left:0}}table{background-color:transparent}caption{padding-top:8px;padding-bottom:8px;color:#777;text-align:left}th{text-align:left}.table{width:100%;max-width:100%;margin-bottom:20px}.table>tbody>tr>td,.table>tbody>tr>th,.table>tfoot>tr>td,.table>tfoot>tr>th,.table>thead>tr>td,.table>thead>tr>th{padding:8px;line-height:1.42857143;vertical-align:top;border-top:1px solid #ddd}.table>thead>tr>th{vertical-align:bottom;border-bottom:2px solid #ddd}.table>caption+thead>tr:first-child>td,.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>td,.table>thead:first-child>tr:first-child>th{border-top:0}.table>tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed>tbody>tr>td,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>td,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>thead>tr>th{padding:5px}.table-bordered{border:1px solid #ddd}.table-bordered>tbody>tr>td,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>td,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>thead>tr>th{border:1px solid #ddd}.table-bordered>thead>tr>td,.table-bordered>thead>tr>th{border-bottom-width:2px}.table-striped>tbody>tr:nth-of-type(odd){background-color:#f9f9f9}.table-hover>tbody>tr:hover{background-color:#f5f5f5}table col[class*=col-]{position:static;display:table-column;float:none}table td[class*=col-],table th[class*=col-]{position:static;display:table-cell;float:none}.table>tbody>tr.active>td,.table>tbody>tr.active>th,.table>tbody>tr>td.active,.table>tbody>tr>th.active,.table>tfoot>tr.active>td,.table>tfoot>tr.active>th,.table>tfoot>tr>td.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>thead>tr.active>th,.table>thead>tr>td.active,.table>thead>tr>th.active{background-color:#f5f5f5}.table-hover>tbody>tr.active:hover>td,.table-hover>tbody>tr.active:hover>th,.table-hover>tbody>tr:hover>.active,.table-hover>tbody>tr>td.active:hover,.table-hover>tbody>tr>th.active:hover{background-color:#e8e8e8}.table>tbody>tr.success>td,.table>tbody>tr.success>th,.table>tbody>tr>td.success,.table>tbody>tr>th.success,.table>tfoot>tr.success>td,.table>tfoot>tr.success>th,.table>tfoot>tr>td.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>thead>tr.success>th,.table>thead>tr>td.success,.table>thead>tr>th.success{background-color:#dff0d8}.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr.success:hover>th,.table-hover>tbody>tr:hover>.success,.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover{background-color:#d0e9c6}.table>tbody>tr.info>td,.table>tbody>tr.info>th,.table>tbody>tr>td.info,.table>tbody>tr>th.info,.table>tfoot>tr.info>td,.table>tfoot>tr.info>th,.table>tfoot>tr>td.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>thead>tr.info>th,.table>thead>tr>td.info,.table>thead>tr>th.info{background-color:#d9edf7}.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr.info:hover>th,.table-hover>tbody>tr:hover>.info,.table-hover>tbody>tr>td.info:hover,.table-hover>tbody>tr>th.info:hover{background-color:#c4e3f3}.table>tbody>tr.warning>td,.table>tbody>tr.warning>th,.table>tbody>tr>td.warning,.table>tbody>tr>th.warning,.table>tfoot>tr.warning>td,.table>tfoot>tr.warning>th,.table>tfoot>tr>td.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>thead>tr.warning>th,.table>thead>tr>td.warning,.table>thead>tr>th.warning{background-color:#fcf8e3}.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr.warning:hover>th,.table-hover>tbody>tr:hover>.warning,.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover{background-color:#faf2cc}.table>tbody>tr.danger>td,.table>tbody>tr.danger>th,.table>tbody>tr>td.danger,.table>tbody>tr>th.danger,.table>tfoot>tr.danger>td,.table>tfoot>tr.danger>th,.table>tfoot>tr>td.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>thead>tr.danger>th,.table>thead>tr>td.danger,.table>thead>tr>th.danger{background-color:#f2dede}.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr.danger:hover>th,.table-hover>tbody>tr:hover>.danger,.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover{background-color:#ebcccc}.table-responsive{min-height:.01%;overflow-x:auto}@media screen and (max-width:767px){.table-responsive{width:100%;margin-bottom:15px;overflow-y:hidden;-ms-overflow-style:-ms-autohiding-scrollbar;border:1px solid #ddd}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>td,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>thead>tr>th{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>thead>tr>th:first-child{border-left:0}.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>thead>tr>th:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}}fieldset{min-width:0;padding:0;margin:0;border:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:inherit;color:#333;border:0;border-bottom:1px solid #e5e5e5}label{display:inline-block;max-width:100%;margin-bottom:5px;font-weight:700}input[type=search]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type=checkbox],input[type=radio]{margin:4px 0 0;margin-top:1px\9;line-height:normal}input[type=file]{display:block}input[type=range]{display:block;width:100%}select[multiple],select[size]{height:auto}input[type=file]:focus,input[type=checkbox]:focus,input[type=radio]:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}output{display:block;padding-top:7px;font-size:14px;line-height:1.42857143;color:#555}.form-control{display:block;width:100%;height:34px;padding:6px 12px;font-size:14px;line-height:1.42857143;color:#555;background-color:#fff;background-image:none;border:1px solid #ccc;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075);-webkit-transition:border-color ease-in-out .15s,-webkit-box-shadow ease-in-out .15s;-o-transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s;transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s}.form-control:focus{border-color:#66afe9;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 8px rgba(102,175,233,.6);box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 8px rgba(102,175,233,.6)}.form-control::-moz-placeholder{color:#999;opacity:1}.form-control:-ms-input-placeholder{color:#999}.form-control::-webkit-input-placeholder{color:#999}.form-control::-ms-expand{background-color:transparent;border:0}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{background-color:#eee;opacity:1}.form-control[disabled],fieldset[disabled] .form-control{cursor:not-allowed}textarea.form-control{height:auto}input[type=search]{-webkit-appearance:none}@media screen and (-webkit-min-device-pixel-ratio:0){input[type=date].form-control,input[type=time].form-control,input[type=datetime-local].form-control,input[type=month].form-control{line-height:34px}.input-group-sm input[type=date],.input-group-sm input[type=time],.input-group-sm input[type=datetime-local],.input-group-sm input[type=month],input[type=date].input-sm,input[type=time].input-sm,input[type=datetime-local].input-sm,input[type=month].input-sm{line-height:30px}.input-group-lg input[type=date],.input-group-lg input[type=time],.input-group-lg input[type=datetime-local],.input-group-lg input[type=month],input[type=date].input-lg,input[type=time].input-lg,input[type=datetime-local].input-lg,input[type=month].input-lg{line-height:46px}}.form-group{margin-bottom:15px}.checkbox,.radio{position:relative;display:block;margin-top:10px;margin-bottom:10px}.checkbox label,.radio label{min-height:20px;padding-left:20px;margin-bottom:0;font-weight:400;cursor:pointer}.checkbox input[type=checkbox],.checkbox-inline input[type=checkbox],.radio input[type=radio],.radio-inline input[type=radio]{position:absolute;margin-top:4px\9;margin-left:-20px}.checkbox+.checkbox,.radio+.radio{margin-top:-5px}.checkbox-inline,.radio-inline{position:relative;display:inline-block;padding-left:20px;margin-bottom:0;font-weight:400;vertical-align:middle;cursor:pointer}.checkbox-inline+.checkbox-inline,.radio-inline+.radio-inline{margin-top:0;margin-left:10px}fieldset[disabled] input[type=checkbox],fieldset[disabled] input[type=radio],input[type=checkbox].disabled,input[type=checkbox][disabled],input[type=radio].disabled,input[type=radio][disabled]{cursor:not-allowed}.checkbox-inline.disabled,.radio-inline.disabled,fieldset[disabled] .checkbox-inline,fieldset[disabled] .radio-inline{cursor:not-allowed}.checkbox.disabled label,.radio.disabled label,fieldset[disabled] .checkbox label,fieldset[disabled] .radio label{cursor:not-allowed}.form-control-static{min-height:34px;padding-top:7px;padding-bottom:7px;margin-bottom:0}.form-control-static.input-lg,.form-control-static.input-sm{padding-right:0;padding-left:0}.input-sm{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-sm{height:30px;line-height:30px}select[multiple].input-sm,textarea.input-sm{height:auto}.form-group-sm .form-control{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.form-group-sm select.form-control{height:30px;line-height:30px}.form-group-sm select[multiple].form-control,.form-group-sm textarea.form-control{height:auto}.form-group-sm .form-control-static{height:30px;min-height:32px;padding:6px 10px;font-size:12px;line-height:1.5}.input-lg{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}select.input-lg{height:46px;line-height:46px}select[multiple].input-lg,textarea.input-lg{height:auto}.form-group-lg .form-control{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}.form-group-lg select.form-control{height:46px;line-height:46px}.form-group-lg select[multiple].form-control,.form-group-lg textarea.form-control{height:auto}.form-group-lg .form-control-static{height:46px;min-height:38px;padding:11px 16px;font-size:18px;line-height:1.3333333}.has-feedback{position:relative}.has-feedback .form-control{padding-right:42.5px}.form-control-feedback{position:absolute;top:0;right:0;z-index:2;display:block;width:34px;height:34px;line-height:34px;text-align:center;pointer-events:none}.form-group-lg .form-control+.form-control-feedback,.input-group-lg+.form-control-feedback,.input-lg+.form-control-feedback{width:46px;height:46px;line-height:46px}.form-group-sm .form-control+.form-control-feedback,.input-group-sm+.form-control-feedback,.input-sm+.form-control-feedback{width:30px;height:30px;line-height:30px}.has-success .checkbox,.has-success .checkbox-inline,.has-success .control-label,.has-success .help-block,.has-success .radio,.has-success .radio-inline,.has-success.checkbox label,.has-success.checkbox-inline label,.has-success.radio label,.has-success.radio-inline label{color:#3c763d}.has-success .form-control{border-color:#3c763d;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-success .form-control:focus{border-color:#2b542c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #67b168;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #67b168}.has-success .input-group-addon{color:#3c763d;background-color:#dff0d8;border-color:#3c763d}.has-success .form-control-feedback{color:#3c763d}.has-warning .checkbox,.has-warning .checkbox-inline,.has-warning .control-label,.has-warning .help-block,.has-warning .radio,.has-warning .radio-inline,.has-warning.checkbox label,.has-warning.checkbox-inline label,.has-warning.radio label,.has-warning.radio-inline label{color:#8a6d3b}.has-warning .form-control{border-color:#8a6d3b;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-warning .form-control:focus{border-color:#66512c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #c0a16b;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #c0a16b}.has-warning .input-group-addon{color:#8a6d3b;background-color:#fcf8e3;border-color:#8a6d3b}.has-warning .form-control-feedback{color:#8a6d3b}.has-error .checkbox,.has-error .checkbox-inline,.has-error .control-label,.has-error .help-block,.has-error .radio,.has-error .radio-inline,.has-error.checkbox label,.has-error.checkbox-inline label,.has-error.radio label,.has-error.radio-inline label{color:#a94442}.has-error .form-control{border-color:#a94442;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-error .form-control:focus{border-color:#843534;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #ce8483;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #ce8483}.has-error .input-group-addon{color:#a94442;background-color:#f2dede;border-color:#a94442}.has-error .form-control-feedback{color:#a94442}.has-feedback label~.form-control-feedback{top:25px}.has-feedback label.sr-only~.form-control-feedback{top:0}.help-block{display:block;margin-top:5px;margin-bottom:10px;color:#737373}@media (min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block;width:auto;vertical-align:middle}.form-inline .form-control-static{display:inline-block}.form-inline .input-group{display:inline-table;vertical-align:middle}.form-inline .input-group .form-control,.form-inline .input-group .input-group-addon,.form-inline .input-group .input-group-btn{width:auto}.form-inline .input-group>.form-control{width:100%}.form-inline .control-label{margin-bottom:0;vertical-align:middle}.form-inline .checkbox,.form-inline .radio{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.form-inline .checkbox label,.form-inline .radio label{padding-left:0}.form-inline .checkbox input[type=checkbox],.form-inline .radio input[type=radio]{position:relative;margin-left:0}.form-inline .has-feedback .form-control-feedback{top:0}}.form-horizontal .checkbox,.form-horizontal .checkbox-inline,.form-horizontal .radio,.form-horizontal .radio-inline{padding-top:7px;margin-top:0;margin-bottom:0}.form-horizontal .checkbox,.form-horizontal .radio{min-height:27px}.form-horizontal .form-group{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.form-horizontal .control-label{padding-top:7px;margin-bottom:0;text-align:right}}.form-horizontal .has-feedback .form-control-feedback{right:15px}@media (min-width:768px){.form-horizontal .form-group-lg .control-label{padding-top:11px;font-size:18px}}@media (min-width:768px){.form-horizontal .form-group-sm .control-label{padding-top:6px;font-size:12px}}.btn{display:inline-block;padding:6px 12px;margin-bottom:0;font-size:14px;font-weight:400;line-height:1.42857143;text-align:center;white-space:nowrap;vertical-align:middle;-ms-touch-action:manipulation;touch-action:manipulation;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;background-image:none;border:1px solid transparent;border-radius:4px}.btn.active.focus,.btn.active:focus,.btn.focus,.btn:active.focus,.btn:active:focus,.btn:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn.focus,.btn:focus,.btn:hover{color:#333;text-decoration:none}.btn.active,.btn:active{background-image:none;outline:0;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{cursor:not-allowed;filter:alpha(opacity=65);-webkit-box-shadow:none;box-shadow:none;opacity:.65}a.btn.disabled,fieldset[disabled] a.btn{pointer-events:none}.btn-default{color:#333;background-color:#fff;border-color:#ccc}.btn-default.focus,.btn-default:focus{color:#333;background-color:#e6e6e6;border-color:#8c8c8c}.btn-default:hover{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default.active,.btn-default:active,.open>.dropdown-toggle.btn-default{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default.active.focus,.btn-default.active:focus,.btn-default.active:hover,.btn-default:active.focus,.btn-default:active:focus,.btn-default:active:hover,.open>.dropdown-toggle.btn-default.focus,.open>.dropdown-toggle.btn-default:focus,.open>.dropdown-toggle.btn-default:hover{color:#333;background-color:#d4d4d4;border-color:#8c8c8c}.btn-default.active,.btn-default:active,.open>.dropdown-toggle.btn-default{background-image:none}.btn-default.disabled.focus,.btn-default.disabled:focus,.btn-default.disabled:hover,.btn-default[disabled].focus,.btn-default[disabled]:focus,.btn-default[disabled]:hover,fieldset[disabled] .btn-default.focus,fieldset[disabled] .btn-default:focus,fieldset[disabled] .btn-default:hover{background-color:#fff;border-color:#ccc}.btn-default .badge{color:#fff;background-color:#333}.btn-primary{color:#fff;background-color:#337ab7;border-color:#2e6da4}.btn-primary.focus,.btn-primary:focus{color:#fff;background-color:#286090;border-color:#122b40}.btn-primary:hover{color:#fff;background-color:#286090;border-color:#204d74}.btn-primary.active,.btn-primary:active,.open>.dropdown-toggle.btn-primary{color:#fff;background-color:#286090;border-color:#204d74}.btn-primary.active.focus,.btn-primary.active:focus,.btn-primary.active:hover,.btn-primary:active.focus,.btn-primary:active:focus,.btn-primary:active:hover,.open>.dropdown-toggle.btn-primary.focus,.open>.dropdown-toggle.btn-primary:focus,.open>.dropdown-toggle.btn-primary:hover{color:#fff;background-color:#204d74;border-color:#122b40}.btn-primary.active,.btn-primary:active,.open>.dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled.focus,.btn-primary.disabled:focus,.btn-primary.disabled:hover,.btn-primary[disabled].focus,.btn-primary[disabled]:focus,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary.focus,fieldset[disabled] .btn-primary:focus,fieldset[disabled] .btn-primary:hover{background-color:#337ab7;border-color:#2e6da4}.btn-primary .badge{color:#337ab7;background-color:#fff}.btn-success{color:#fff;background-color:#5cb85c;border-color:#4cae4c}.btn-success.focus,.btn-success:focus{color:#fff;background-color:#449d44;border-color:#255625}.btn-success:hover{color:#fff;background-color:#449d44;border-color:#398439}.btn-success.active,.btn-success:active,.open>.dropdown-toggle.btn-success{color:#fff;background-color:#449d44;border-color:#398439}.btn-success.active.focus,.btn-success.active:focus,.btn-success.active:hover,.btn-success:active.focus,.btn-success:active:focus,.btn-success:active:hover,.open>.dropdown-toggle.btn-success.focus,.open>.dropdown-toggle.btn-success:focus,.open>.dropdown-toggle.btn-success:hover{color:#fff;background-color:#398439;border-color:#255625}.btn-success.active,.btn-success:active,.open>.dropdown-toggle.btn-success{background-image:none}.btn-success.disabled.focus,.btn-success.disabled:focus,.btn-success.disabled:hover,.btn-success[disabled].focus,.btn-success[disabled]:focus,.btn-success[disabled]:hover,fieldset[disabled] .btn-success.focus,fieldset[disabled] .btn-success:focus,fieldset[disabled] .btn-success:hover{background-color:#5cb85c;border-color:#4cae4c}.btn-success .badge{color:#5cb85c;background-color:#fff}.btn-info{color:#fff;background-color:#5bc0de;border-color:#46b8da}.btn-info.focus,.btn-info:focus{color:#fff;background-color:#31b0d5;border-color:#1b6d85}.btn-info:hover{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info.active,.btn-info:active,.open>.dropdown-toggle.btn-info{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info.active.focus,.btn-info.active:focus,.btn-info.active:hover,.btn-info:active.focus,.btn-info:active:focus,.btn-info:active:hover,.open>.dropdown-toggle.btn-info.focus,.open>.dropdown-toggle.btn-info:focus,.open>.dropdown-toggle.btn-info:hover{color:#fff;background-color:#269abc;border-color:#1b6d85}.btn-info.active,.btn-info:active,.open>.dropdown-toggle.btn-info{background-image:none}.btn-info.disabled.focus,.btn-info.disabled:focus,.btn-info.disabled:hover,.btn-info[disabled].focus,.btn-info[disabled]:focus,.btn-info[disabled]:hover,fieldset[disabled] .btn-info.focus,fieldset[disabled] .btn-info:focus,fieldset[disabled] .btn-info:hover{background-color:#5bc0de;border-color:#46b8da}.btn-info .badge{color:#5bc0de;background-color:#fff}.btn-warning{color:#fff;background-color:#f0ad4e;border-color:#eea236}.btn-warning.focus,.btn-warning:focus{color:#fff;background-color:#ec971f;border-color:#985f0d}.btn-warning:hover{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning.active,.btn-warning:active,.open>.dropdown-toggle.btn-warning{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning.active.focus,.btn-warning.active:focus,.btn-warning.active:hover,.btn-warning:active.focus,.btn-warning:active:focus,.btn-warning:active:hover,.open>.dropdown-toggle.btn-warning.focus,.open>.dropdown-toggle.btn-warning:focus,.open>.dropdown-toggle.btn-warning:hover{color:#fff;background-color:#d58512;border-color:#985f0d}.btn-warning.active,.btn-warning:active,.open>.dropdown-toggle.btn-warning{background-image:none}.btn-warning.disabled.focus,.btn-warning.disabled:focus,.btn-warning.disabled:hover,.btn-warning[disabled].focus,.btn-warning[disabled]:focus,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning.focus,fieldset[disabled] .btn-warning:focus,fieldset[disabled] .btn-warning:hover{background-color:#f0ad4e;border-color:#eea236}.btn-warning .badge{color:#f0ad4e;background-color:#fff}.btn-danger{color:#fff;background-color:#d9534f;border-color:#d43f3a}.btn-danger.focus,.btn-danger:focus{color:#fff;background-color:#c9302c;border-color:#761c19}.btn-danger:hover{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger.active,.btn-danger:active,.open>.dropdown-toggle.btn-danger{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger.active.focus,.btn-danger.active:focus,.btn-danger.active:hover,.btn-danger:active.focus,.btn-danger:active:focus,.btn-danger:active:hover,.open>.dropdown-toggle.btn-danger.focus,.open>.dropdown-toggle.btn-danger:focus,.open>.dropdown-toggle.btn-danger:hover{color:#fff;background-color:#ac2925;border-color:#761c19}.btn-danger.active,.btn-danger:active,.open>.dropdown-toggle.btn-danger{background-image:none}.btn-danger.disabled.focus,.btn-danger.disabled:focus,.btn-danger.disabled:hover,.btn-danger[disabled].focus,.btn-danger[disabled]:focus,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger.focus,fieldset[disabled] .btn-danger:focus,fieldset[disabled] .btn-danger:hover{background-color:#d9534f;border-color:#d43f3a}.btn-danger .badge{color:#d9534f;background-color:#fff}.btn-link{font-weight:400;color:#337ab7;border-radius:0}.btn-link,.btn-link.active,.btn-link:active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:active,.btn-link:focus,.btn-link:hover{border-color:transparent}.btn-link:focus,.btn-link:hover{color:#23527c;text-decoration:underline;background-color:transparent}.btn-link[disabled]:focus,.btn-link[disabled]:hover,fieldset[disabled] .btn-link:focus,fieldset[disabled] .btn-link:hover{color:#777;text-decoration:none}.btn-group-lg>.btn,.btn-lg{padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}.btn-group-sm>.btn,.btn-sm{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-group-xs>.btn,.btn-xs{padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-block{display:block;width:100%}.btn-block+.btn-block{margin-top:5px}input[type=button].btn-block,input[type=reset].btn-block,input[type=submit].btn-block{width:100%}.fade{opacity:0;-webkit-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}tr.collapse.in{display:table-row}tbody.collapse.in{display:table-row-group}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition-timing-function:ease;-o-transition-timing-function:ease;transition-timing-function:ease;-webkit-transition-duration:.35s;-o-transition-duration:.35s;transition-duration:.35s;-webkit-transition-property:height,visibility;-o-transition-property:height,visibility;transition-property:height,visibility}.caret{display:inline-block;width:0;height:0;margin-left:2px;vertical-align:middle;border-top:4px dashed;border-top:4px solid\9;border-right:4px solid transparent;border-left:4px solid transparent}.dropdown,.dropup{position:relative}.dropdown-toggle:focus{outline:0}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;font-size:14px;text-align:left;list-style:none;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #ccc;border:1px solid rgba(0,0,0,.15);border-radius:4px;-webkit-box-shadow:0 6px 12px rgba(0,0,0,.175);box-shadow:0 6px 12px rgba(0,0,0,.175)}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.dropdown-menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:400;line-height:1.42857143;color:#333;white-space:nowrap}.dropdown-menu>li>a:focus,.dropdown-menu>li>a:hover{color:#262626;text-decoration:none;background-color:#f5f5f5}.dropdown-menu>.active>a,.dropdown-menu>.active>a:focus,.dropdown-menu>.active>a:hover{color:#fff;text-decoration:none;background-color:#337ab7;outline:0}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:focus,.dropdown-menu>.disabled>a:hover{color:#777}.dropdown-menu>.disabled>a:focus,.dropdown-menu>.disabled>a:hover{text-decoration:none;cursor:not-allowed;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.open>.dropdown-menu{display:block}.open>a{outline:0}.dropdown-menu-right{right:0;left:auto}.dropdown-menu-left{right:auto;left:0}.dropdown-header{display:block;padding:3px 20px;font-size:12px;line-height:1.42857143;color:#777;white-space:nowrap}.dropdown-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:990}.pull-right>.dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{content:"";border-top:0;border-bottom:4px dashed;border-bottom:4px solid\9}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:2px}@media (min-width:768px){.navbar-right .dropdown-menu{right:0;left:auto}.navbar-right .dropdown-menu-left{right:auto;left:0}}.btn-group,.btn-group-vertical{position:relative;display:inline-block;vertical-align:middle}.btn-group-vertical>.btn,.btn-group>.btn{position:relative;float:left}.btn-group-vertical>.btn.active,.btn-group-vertical>.btn:active,.btn-group-vertical>.btn:focus,.btn-group-vertical>.btn:hover,.btn-group>.btn.active,.btn-group>.btn:active,.btn-group>.btn:focus,.btn-group>.btn:hover{z-index:2}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group{margin-left:-1px}.btn-toolbar{margin-left:-5px}.btn-toolbar .btn,.btn-toolbar .btn-group,.btn-toolbar .input-group{float:left}.btn-toolbar>.btn,.btn-toolbar>.btn-group,.btn-toolbar>.input-group{margin-left:5px}.btn-group>.btn:not(:first-child):not(:last-child):not(.dropdown-toggle){border-radius:0}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn:first-child:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn:last-child:not(:first-child),.btn-group>.dropdown-toggle:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.btn-group>.btn-group{float:left}.btn-group>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-left-radius:0;border-bottom-left-radius:0}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.btn+.dropdown-toggle{padding-right:8px;padding-left:8px}.btn-group>.btn-lg+.dropdown-toggle{padding-right:12px;padding-left:12px}.btn-group.open .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125)}.btn-group.open .dropdown-toggle.btn-link{-webkit-box-shadow:none;box-shadow:none}.btn .caret{margin-left:0}.btn-lg .caret{border-width:5px 5px 0;border-bottom-width:0}.dropup .btn-lg .caret{border-width:0 5px 5px}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group,.btn-group-vertical>.btn-group>.btn{display:block;float:none;width:100%;max-width:100%}.btn-group-vertical>.btn-group>.btn{float:none}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:not(:first-child):not(:last-child){border-radius:0}.btn-group-vertical>.btn:first-child:not(:last-child){border-top-left-radius:4px;border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:last-child:not(:first-child){border-top-left-radius:0;border-top-right-radius:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.btn-group-vertical>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group-vertical>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group-vertical>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-left-radius:0;border-top-right-radius:0}.btn-group-justified{display:table;width:100%;table-layout:fixed;border-collapse:separate}.btn-group-justified>.btn,.btn-group-justified>.btn-group{display:table-cell;float:none;width:1%}.btn-group-justified>.btn-group .btn{width:100%}.btn-group-justified>.btn-group .dropdown-menu{left:auto}[data-toggle=buttons]>.btn input[type=checkbox],[data-toggle=buttons]>.btn input[type=radio],[data-toggle=buttons]>.btn-group>.btn input[type=checkbox],[data-toggle=buttons]>.btn-group>.btn input[type=radio]{position:absolute;clip:rect(0,0,0,0);pointer-events:none}.input-group{position:relative;display:table;border-collapse:separate}.input-group[class*=col-]{float:none;padding-right:0;padding-left:0}.input-group .form-control{position:relative;z-index:2;float:left;width:100%;margin-bottom:0}.input-group .form-control:focus{z-index:3}.input-group-lg>.form-control,.input-group-lg>.input-group-addon,.input-group-lg>.input-group-btn>.btn{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon,select.input-group-lg>.input-group-btn>.btn{height:46px;line-height:46px}select[multiple].input-group-lg>.form-control,select[multiple].input-group-lg>.input-group-addon,select[multiple].input-group-lg>.input-group-btn>.btn,textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon,textarea.input-group-lg>.input-group-btn>.btn{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon,.input-group-sm>.input-group-btn>.btn{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon,select.input-group-sm>.input-group-btn>.btn{height:30px;line-height:30px}select[multiple].input-group-sm>.form-control,select[multiple].input-group-sm>.input-group-addon,select[multiple].input-group-sm>.input-group-btn>.btn,textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon,textarea.input-group-sm>.input-group-btn>.btn{height:auto}.input-group .form-control,.input-group-addon,.input-group-btn{display:table-cell}.input-group .form-control:not(:first-child):not(:last-child),.input-group-addon:not(:first-child):not(:last-child),.input-group-btn:not(:first-child):not(:last-child){border-radius:0}.input-group-addon,.input-group-btn{width:1%;white-space:nowrap;vertical-align:middle}.input-group-addon{padding:6px 12px;font-size:14px;font-weight:400;line-height:1;color:#555;text-align:center;background-color:#eee;border:1px solid #ccc;border-radius:4px}.input-group-addon.input-sm{padding:5px 10px;font-size:12px;border-radius:3px}.input-group-addon.input-lg{padding:10px 16px;font-size:18px;border-radius:6px}.input-group-addon input[type=checkbox],.input-group-addon input[type=radio]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child,.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group>.btn,.input-group-btn:first-child>.dropdown-toggle,.input-group-btn:last-child>.btn-group:not(:last-child)>.btn,.input-group-btn:last-child>.btn:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child,.input-group-btn:first-child>.btn-group:not(:first-child)>.btn,.input-group-btn:first-child>.btn:not(:first-child),.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group>.btn,.input-group-btn:last-child>.dropdown-toggle{border-top-left-radius:0;border-bottom-left-radius:0}.input-group-addon:last-child{border-left:0}.input-group-btn{position:relative;font-size:0;white-space:nowrap}.input-group-btn>.btn{position:relative}.input-group-btn>.btn+.btn{margin-left:-1px}.input-group-btn>.btn:active,.input-group-btn>.btn:focus,.input-group-btn>.btn:hover{z-index:2}.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group{margin-right:-1px}.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group{z-index:2;margin-left:-1px}.nav{padding-left:0;margin-bottom:0;list-style:none}.nav>li{position:relative;display:block}.nav>li>a{position:relative;display:block;padding:10px 15px}.nav>li>a:focus,.nav>li>a:hover{text-decoration:none;background-color:#eee}.nav>li.disabled>a{color:#777}.nav>li.disabled>a:focus,.nav>li.disabled>a:hover{color:#777;text-decoration:none;cursor:not-allowed;background-color:transparent}.nav .open>a,.nav .open>a:focus,.nav .open>a:hover{background-color:#eee;border-color:#337ab7}.nav .nav-divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.42857143;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #ddd}.nav-tabs>li.active>a,.nav-tabs>li.active>a:focus,.nav-tabs>li.active>a:hover{color:#555;cursor:default;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent}.nav-tabs.nav-justified{width:100%;border-bottom:0}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-tabs.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:focus,.nav-tabs.nav-justified>.active>a:hover{border:1px solid #ddd}@media (min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:focus,.nav-tabs.nav-justified>.active>a:hover{border-bottom-color:#fff}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:focus,.nav-pills>li.active>a:hover{color:#fff;background-color:#337ab7}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-top:2px;margin-left:0}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:focus,.nav-tabs-justified>.active>a:hover{border:1px solid #ddd}@media (min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:focus,.nav-tabs-justified>.active>a:hover{border-bottom-color:#fff}}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-left-radius:0;border-top-right-radius:0}.navbar{position:relative;min-height:50px;margin-bottom:20px;border:1px solid transparent}@media (min-width:768px){.navbar{border-radius:4px}}@media (min-width:768px){.navbar-header{float:left}}.navbar-collapse{padding-right:15px;padding-left:15px;overflow-x:visible;-webkit-overflow-scrolling:touch;border-top:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.1);box-shadow:inset 0 1px 0 rgba(255,255,255,.1)}.navbar-collapse.in{overflow-y:auto}@media (min-width:768px){.navbar-collapse{width:auto;border-top:0;-webkit-box-shadow:none;box-shadow:none}.navbar-collapse.collapse{display:block!important;height:auto!important;padding-bottom:0;overflow:visible!important}.navbar-collapse.in{overflow-y:visible}.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse,.navbar-static-top .navbar-collapse{padding-right:0;padding-left:0}}.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse{max-height:340px}@media (max-device-width:480px) and (orientation:landscape){.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse{max-height:200px}}.container-fluid>.navbar-collapse,.container-fluid>.navbar-header,.container>.navbar-collapse,.container>.navbar-header{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.container-fluid>.navbar-collapse,.container-fluid>.navbar-header,.container>.navbar-collapse,.container>.navbar-header{margin-right:0;margin-left:0}}.navbar-static-top{z-index:1000;border-width:0 0 1px}@media (min-width:768px){.navbar-static-top{border-radius:0}}.navbar-fixed-bottom,.navbar-fixed-top{position:fixed;right:0;left:0;z-index:1030}@media (min-width:768px){.navbar-fixed-bottom,.navbar-fixed-top{border-radius:0}}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-fixed-bottom{bottom:0;margin-bottom:0;border-width:1px 0 0}.navbar-brand{float:left;height:50px;padding:15px 15px;font-size:18px;line-height:20px}.navbar-brand:focus,.navbar-brand:hover{text-decoration:none}.navbar-brand>img{display:block}@media (min-width:768px){.navbar>.container .navbar-brand,.navbar>.container-fluid .navbar-brand{margin-left:-15px}}.navbar-toggle{position:relative;float:right;padding:9px 10px;margin-top:8px;margin-right:15px;margin-bottom:8px;background-color:transparent;background-image:none;border:1px solid transparent;border-radius:4px}.navbar-toggle:focus{outline:0}.navbar-toggle .icon-bar{display:block;width:22px;height:2px;border-radius:1px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media (min-width:768px){.navbar-toggle{display:none}}.navbar-nav{margin:7.5px -15px}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px;line-height:20px}@media (max-width:767px){.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;-webkit-box-shadow:none;box-shadow:none}.navbar-nav .open .dropdown-menu .dropdown-header,.navbar-nav .open .dropdown-menu>li>a{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:focus,.navbar-nav .open .dropdown-menu>li>a:hover{background-image:none}}@media (min-width:768px){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-top:15px;padding-bottom:15px}}.navbar-form{padding:10px 15px;margin-top:8px;margin-right:-15px;margin-bottom:8px;margin-left:-15px;border-top:1px solid transparent;border-bottom:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.1),0 1px 0 rgba(255,255,255,.1);box-shadow:inset 0 1px 0 rgba(255,255,255,.1),0 1px 0 rgba(255,255,255,.1)}@media (min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block;width:auto;vertical-align:middle}.navbar-form .form-control-static{display:inline-block}.navbar-form .input-group{display:inline-table;vertical-align:middle}.navbar-form .input-group .form-control,.navbar-form .input-group .input-group-addon,.navbar-form .input-group .input-group-btn{width:auto}.navbar-form .input-group>.form-control{width:100%}.navbar-form .control-label{margin-bottom:0;vertical-align:middle}.navbar-form .checkbox,.navbar-form .radio{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.navbar-form .checkbox label,.navbar-form .radio label{padding-left:0}.navbar-form .checkbox input[type=checkbox],.navbar-form .radio input[type=radio]{position:relative;margin-left:0}.navbar-form .has-feedback .form-control-feedback{top:0}}@media (max-width:767px){.navbar-form .form-group{margin-bottom:5px}.navbar-form .form-group:last-child{margin-bottom:0}}@media (min-width:768px){.navbar-form{width:auto;padding-top:0;padding-bottom:0;margin-right:0;margin-left:0;border:0;-webkit-box-shadow:none;box-shadow:none}}.navbar-nav>li>.dropdown-menu{margin-top:0;border-top-left-radius:0;border-top-right-radius:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{margin-bottom:0;border-top-left-radius:4px;border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.navbar-btn{margin-top:8px;margin-bottom:8px}.navbar-btn.btn-sm{margin-top:10px;margin-bottom:10px}.navbar-btn.btn-xs{margin-top:14px;margin-bottom:14px}.navbar-text{margin-top:15px;margin-bottom:15px}@media (min-width:768px){.navbar-text{float:left;margin-right:15px;margin-left:15px}}@media (min-width:768px){.navbar-left{float:left!important}.navbar-right{float:right!important;margin-right:-15px}.navbar-right~.navbar-right{margin-right:0}}.navbar-default{background-color:#f8f8f8;border-color:#e7e7e7}.navbar-default .navbar-brand{color:#777}.navbar-default .navbar-brand:focus,.navbar-default .navbar-brand:hover{color:#5e5e5e;background-color:transparent}.navbar-default .navbar-text{color:#777}.navbar-default .navbar-nav>li>a{color:#777}.navbar-default .navbar-nav>li>a:focus,.navbar-default .navbar-nav>li>a:hover{color:#333;background-color:transparent}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:focus,.navbar-default .navbar-nav>.active>a:hover{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:focus,.navbar-default .navbar-nav>.disabled>a:hover{color:#ccc;background-color:transparent}.navbar-default .navbar-toggle{border-color:#ddd}.navbar-default .navbar-toggle:focus,.navbar-default .navbar-toggle:hover{background-color:#ddd}.navbar-default .navbar-toggle .icon-bar{background-color:#888}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#e7e7e7}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:focus,.navbar-default .navbar-nav>.open>a:hover{color:#555;background-color:#e7e7e7}@media (max-width:767px){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover{color:#333;background-color:transparent}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover{color:#ccc;background-color:transparent}}.navbar-default .navbar-link{color:#777}.navbar-default .navbar-link:hover{color:#333}.navbar-default .btn-link{color:#777}.navbar-default .btn-link:focus,.navbar-default .btn-link:hover{color:#333}.navbar-default .btn-link[disabled]:focus,.navbar-default .btn-link[disabled]:hover,fieldset[disabled] .navbar-default .btn-link:focus,fieldset[disabled] .navbar-default .btn-link:hover{color:#ccc}.navbar-inverse{background-color:#222;border-color:#080808}.navbar-inverse .navbar-brand{color:#9d9d9d}.navbar-inverse .navbar-brand:focus,.navbar-inverse .navbar-brand:hover{color:#fff;background-color:transparent}.navbar-inverse .navbar-text{color:#9d9d9d}.navbar-inverse .navbar-nav>li>a{color:#9d9d9d}.navbar-inverse .navbar-nav>li>a:focus,.navbar-inverse .navbar-nav>li>a:hover{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:focus,.navbar-inverse .navbar-nav>.active>a:hover{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:focus,.navbar-inverse .navbar-nav>.disabled>a:hover{color:#444;background-color:transparent}.navbar-inverse .navbar-toggle{border-color:#333}.navbar-inverse .navbar-toggle:focus,.navbar-inverse .navbar-toggle:hover{background-color:#333}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#101010}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:focus,.navbar-inverse .navbar-nav>.open>a:hover{color:#fff;background-color:#080808}@media (max-width:767px){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu .divider{background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#9d9d9d}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover{color:#444;background-color:transparent}}.navbar-inverse .navbar-link{color:#9d9d9d}.navbar-inverse .navbar-link:hover{color:#fff}.navbar-inverse .btn-link{color:#9d9d9d}.navbar-inverse .btn-link:focus,.navbar-inverse .btn-link:hover{color:#fff}.navbar-inverse .btn-link[disabled]:focus,.navbar-inverse .btn-link[disabled]:hover,fieldset[disabled] .navbar-inverse .btn-link:focus,fieldset[disabled] .navbar-inverse .btn-link:hover{color:#444}.breadcrumb{padding:8px 15px;margin-bottom:20px;list-style:none;background-color:#f5f5f5;border-radius:4px}.breadcrumb>li{display:inline-block}.breadcrumb>li+li:before{padding:0 5px;color:#ccc;content:"/\00a0"}.breadcrumb>.active{color:#777}.pagination{display:inline-block;padding-left:0;margin:20px 0;border-radius:4px}.pagination>li{display:inline}.pagination>li>a,.pagination>li>span{position:relative;float:left;padding:6px 12px;margin-left:-1px;line-height:1.42857143;color:#337ab7;text-decoration:none;background-color:#fff;border:1px solid #ddd}.pagination>li:first-child>a,.pagination>li:first-child>span{margin-left:0;border-top-left-radius:4px;border-bottom-left-radius:4px}.pagination>li:last-child>a,.pagination>li:last-child>span{border-top-right-radius:4px;border-bottom-right-radius:4px}.pagination>li>a:focus,.pagination>li>a:hover,.pagination>li>span:focus,.pagination>li>span:hover{z-index:2;color:#23527c;background-color:#eee;border-color:#ddd}.pagination>.active>a,.pagination>.active>a:focus,.pagination>.active>a:hover,.pagination>.active>span,.pagination>.active>span:focus,.pagination>.active>span:hover{z-index:3;color:#fff;cursor:default;background-color:#337ab7;border-color:#337ab7}.pagination>.disabled>a,.pagination>.disabled>a:focus,.pagination>.disabled>a:hover,.pagination>.disabled>span,.pagination>.disabled>span:focus,.pagination>.disabled>span:hover{color:#777;cursor:not-allowed;background-color:#fff;border-color:#ddd}.pagination-lg>li>a,.pagination-lg>li>span{padding:10px 16px;font-size:18px;line-height:1.3333333}.pagination-lg>li:first-child>a,.pagination-lg>li:first-child>span{border-top-left-radius:6px;border-bottom-left-radius:6px}.pagination-lg>li:last-child>a,.pagination-lg>li:last-child>span{border-top-right-radius:6px;border-bottom-right-radius:6px}.pagination-sm>li>a,.pagination-sm>li>span{padding:5px 10px;font-size:12px;line-height:1.5}.pagination-sm>li:first-child>a,.pagination-sm>li:first-child>span{border-top-left-radius:3px;border-bottom-left-radius:3px}.pagination-sm>li:last-child>a,.pagination-sm>li:last-child>span{border-top-right-radius:3px;border-bottom-right-radius:3px}.pager{padding-left:0;margin:20px 0;text-align:center;list-style:none}.pager li{display:inline}.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;border-radius:15px}.pager li>a:focus,.pager li>a:hover{text-decoration:none;background-color:#eee}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:focus,.pager .disabled>a:hover,.pager .disabled>span{color:#777;cursor:not-allowed;background-color:#fff}.label{display:inline;padding:.2em .6em .3em;font-size:75%;font-weight:700;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25em}a.label:focus,a.label:hover{color:#fff;text-decoration:none;cursor:pointer}.label:empty{display:none}.btn .label{position:relative;top:-1px}.label-default{background-color:#777}.label-default[href]:focus,.label-default[href]:hover{background-color:#5e5e5e}.label-primary{background-color:#337ab7}.label-primary[href]:focus,.label-primary[href]:hover{background-color:#286090}.label-success{background-color:#5cb85c}.label-success[href]:focus,.label-success[href]:hover{background-color:#449d44}.label-info{background-color:#5bc0de}.label-info[href]:focus,.label-info[href]:hover{background-color:#31b0d5}.label-warning{background-color:#f0ad4e}.label-warning[href]:focus,.label-warning[href]:hover{background-color:#ec971f}.label-danger{background-color:#d9534f}.label-danger[href]:focus,.label-danger[href]:hover{background-color:#c9302c}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:700;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:middle;background-color:#777;border-radius:10px}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.btn-group-xs>.btn .badge,.btn-xs .badge{top:0;padding:1px 5px}a.badge:focus,a.badge:hover{color:#fff;text-decoration:none;cursor:pointer}.list-group-item.active>.badge,.nav-pills>.active>a>.badge{color:#337ab7;background-color:#fff}.list-group-item>.badge{float:right}.list-group-item>.badge+.badge{margin-right:5px}.nav-pills>li>a>.badge{margin-left:3px}.jumbotron{padding-top:30px;padding-bottom:30px;margin-bottom:30px;color:inherit;background-color:#eee}.jumbotron .h1,.jumbotron h1{color:inherit}.jumbotron p{margin-bottom:15px;font-size:21px;font-weight:200}.jumbotron>hr{border-top-color:#d5d5d5}.container .jumbotron,.container-fluid .jumbotron{padding-right:15px;padding-left:15px;border-radius:6px}.jumbotron .container{max-width:100%}@media screen and (min-width:768px){.jumbotron{padding-top:48px;padding-bottom:48px}.container .jumbotron,.container-fluid .jumbotron{padding-right:60px;padding-left:60px}.jumbotron .h1,.jumbotron h1{font-size:63px}}.thumbnail{display:block;padding:4px;margin-bottom:20px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:border .2s ease-in-out;-o-transition:border .2s ease-in-out;transition:border .2s ease-in-out}.thumbnail a>img,.thumbnail>img{margin-right:auto;margin-left:auto}a.thumbnail.active,a.thumbnail:focus,a.thumbnail:hover{border-color:#337ab7}.thumbnail .caption{padding:9px;color:#333}.alert{padding:15px;margin-bottom:20px;border:1px solid transparent;border-radius:4px}.alert h4{margin-top:0;color:inherit}.alert .alert-link{font-weight:700}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable,.alert-dismissible{padding-right:35px}.alert-dismissable .close,.alert-dismissible .close{position:relative;top:-2px;right:-21px;color:inherit}.alert-success{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.alert-success hr{border-top-color:#c9e2b3}.alert-success .alert-link{color:#2b542c}.alert-info{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.alert-info hr{border-top-color:#a6e1ec}.alert-info .alert-link{color:#245269}.alert-warning{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.alert-warning hr{border-top-color:#f7e1b5}.alert-warning .alert-link{color:#66512c}.alert-danger{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.alert-danger hr{border-top-color:#e4b9c0}.alert-danger .alert-link{color:#843534}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{height:20px;margin-bottom:20px;overflow:hidden;background-color:#f5f5f5;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,.1);box-shadow:inset 0 1px 2px rgba(0,0,0,.1)}.progress-bar{float:left;width:0;height:100%;font-size:12px;line-height:20px;color:#fff;text-align:center;background-color:#337ab7;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,.15);-webkit-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease}.progress-bar-striped,.progress-striped .progress-bar{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);-webkit-background-size:40px 40px;background-size:40px 40px}.progress-bar.active,.progress.active .progress-bar{-webkit-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#5cb85c}.progress-striped .progress-bar-success{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.progress-bar-info{background-color:#5bc0de}.progress-striped .progress-bar-info{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.progress-bar-warning{background-color:#f0ad4e}.progress-striped .progress-bar-warning{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.progress-bar-danger{background-color:#d9534f}.progress-striped .progress-bar-danger{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.media{margin-top:15px}.media:first-child{margin-top:0}.media,.media-body{overflow:hidden;zoom:1}.media-body{width:10000px}.media-object{display:block}.media-object.img-thumbnail{max-width:none}.media-right,.media>.pull-right{padding-left:10px}.media-left,.media>.pull-left{padding-right:10px}.media-body,.media-left,.media-right{display:table-cell;vertical-align:top}.media-middle{vertical-align:middle}.media-bottom{vertical-align:bottom}.media-heading{margin-top:0;margin-bottom:5px}.media-list{padding-left:0;list-style:none}.list-group{padding-left:0;margin-bottom:20px}.list-group-item{position:relative;display:block;padding:10px 15px;margin-bottom:-1px;background-color:#fff;border:1px solid #ddd}.list-group-item:first-child{border-top-left-radius:4px;border-top-right-radius:4px}.list-group-item:last-child{margin-bottom:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}a.list-group-item,button.list-group-item{color:#555}a.list-group-item .list-group-item-heading,button.list-group-item .list-group-item-heading{color:#333}a.list-group-item:focus,a.list-group-item:hover,button.list-group-item:focus,button.list-group-item:hover{color:#555;text-decoration:none;background-color:#f5f5f5}button.list-group-item{width:100%;text-align:left}.list-group-item.disabled,.list-group-item.disabled:focus,.list-group-item.disabled:hover{color:#777;cursor:not-allowed;background-color:#eee}.list-group-item.disabled .list-group-item-heading,.list-group-item.disabled:focus .list-group-item-heading,.list-group-item.disabled:hover .list-group-item-heading{color:inherit}.list-group-item.disabled .list-group-item-text,.list-group-item.disabled:focus .list-group-item-text,.list-group-item.disabled:hover .list-group-item-text{color:#777}.list-group-item.active,.list-group-item.active:focus,.list-group-item.active:hover{z-index:2;color:#fff;background-color:#337ab7;border-color:#337ab7}.list-group-item.active .list-group-item-heading,.list-group-item.active .list-group-item-heading>.small,.list-group-item.active .list-group-item-heading>small,.list-group-item.active:focus .list-group-item-heading,.list-group-item.active:focus .list-group-item-heading>.small,.list-group-item.active:focus .list-group-item-heading>small,.list-group-item.active:hover .list-group-item-heading,.list-group-item.active:hover .list-group-item-heading>.small,.list-group-item.active:hover .list-group-item-heading>small{color:inherit}.list-group-item.active .list-group-item-text,.list-group-item.active:focus .list-group-item-text,.list-group-item.active:hover .list-group-item-text{color:#c7ddef}.list-group-item-success{color:#3c763d;background-color:#dff0d8}a.list-group-item-success,button.list-group-item-success{color:#3c763d}a.list-group-item-success .list-group-item-heading,button.list-group-item-success .list-group-item-heading{color:inherit}a.list-group-item-success:focus,a.list-group-item-success:hover,button.list-group-item-success:focus,button.list-group-item-success:hover{color:#3c763d;background-color:#d0e9c6}a.list-group-item-success.active,a.list-group-item-success.active:focus,a.list-group-item-success.active:hover,button.list-group-item-success.active,button.list-group-item-success.active:focus,button.list-group-item-success.active:hover{color:#fff;background-color:#3c763d;border-color:#3c763d}.list-group-item-info{color:#31708f;background-color:#d9edf7}a.list-group-item-info,button.list-group-item-info{color:#31708f}a.list-group-item-info .list-group-item-heading,button.list-group-item-info .list-group-item-heading{color:inherit}a.list-group-item-info:focus,a.list-group-item-info:hover,button.list-group-item-info:focus,button.list-group-item-info:hover{color:#31708f;background-color:#c4e3f3}a.list-group-item-info.active,a.list-group-item-info.active:focus,a.list-group-item-info.active:hover,button.list-group-item-info.active,button.list-group-item-info.active:focus,button.list-group-item-info.active:hover{color:#fff;background-color:#31708f;border-color:#31708f}.list-group-item-warning{color:#8a6d3b;background-color:#fcf8e3}a.list-group-item-warning,button.list-group-item-warning{color:#8a6d3b}a.list-group-item-warning .list-group-item-heading,button.list-group-item-warning .list-group-item-heading{color:inherit}a.list-group-item-warning:focus,a.list-group-item-warning:hover,button.list-group-item-warning:focus,button.list-group-item-warning:hover{color:#8a6d3b;background-color:#faf2cc}a.list-group-item-warning.active,a.list-group-item-warning.active:focus,a.list-group-item-warning.active:hover,button.list-group-item-warning.active,button.list-group-item-warning.active:focus,button.list-group-item-warning.active:hover{color:#fff;background-color:#8a6d3b;border-color:#8a6d3b}.list-group-item-danger{color:#a94442;background-color:#f2dede}a.list-group-item-danger,button.list-group-item-danger{color:#a94442}a.list-group-item-danger .list-group-item-heading,button.list-group-item-danger .list-group-item-heading{color:inherit}a.list-group-item-danger:focus,a.list-group-item-danger:hover,button.list-group-item-danger:focus,button.list-group-item-danger:hover{color:#a94442;background-color:#ebcccc}a.list-group-item-danger.active,a.list-group-item-danger.active:focus,a.list-group-item-danger.active:hover,button.list-group-item-danger.active,button.list-group-item-danger.active:focus,button.list-group-item-danger.active:hover{color:#fff;background-color:#a94442;border-color:#a94442}.list-group-item-heading{margin-top:0;margin-bottom:5px}.list-group-item-text{margin-bottom:0;line-height:1.3}.panel{margin-bottom:20px;background-color:#fff;border:1px solid transparent;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,.05);box-shadow:0 1px 1px rgba(0,0,0,.05)}.panel-body{padding:15px}.panel-heading{padding:10px 15px;border-bottom:1px solid transparent;border-top-left-radius:3px;border-top-right-radius:3px}.panel-heading>.dropdown .dropdown-toggle{color:inherit}.panel-title{margin-top:0;margin-bottom:0;font-size:16px;color:inherit}.panel-title>.small,.panel-title>.small>a,.panel-title>a,.panel-title>small,.panel-title>small>a{color:inherit}.panel-footer{padding:10px 15px;background-color:#f5f5f5;border-top:1px solid #ddd;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.list-group,.panel>.panel-collapse>.list-group{margin-bottom:0}.panel>.list-group .list-group-item,.panel>.panel-collapse>.list-group .list-group-item{border-width:1px 0;border-radius:0}.panel>.list-group:first-child .list-group-item:first-child,.panel>.panel-collapse>.list-group:first-child .list-group-item:first-child{border-top:0;border-top-left-radius:3px;border-top-right-radius:3px}.panel>.list-group:last-child .list-group-item:last-child,.panel>.panel-collapse>.list-group:last-child .list-group-item:last-child{border-bottom:0;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.panel-heading+.panel-collapse>.list-group .list-group-item:first-child{border-top-left-radius:0;border-top-right-radius:0}.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.list-group+.panel-footer{border-top-width:0}.panel>.panel-collapse>.table,.panel>.table,.panel>.table-responsive>.table{margin-bottom:0}.panel>.panel-collapse>.table caption,.panel>.table caption,.panel>.table-responsive>.table caption{padding-right:15px;padding-left:15px}.panel>.table-responsive:first-child>.table:first-child,.panel>.table:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child,.panel>.table:first-child>thead:first-child>tr:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table:first-child>thead:first-child>tr:first-child th:first-child{border-top-left-radius:3px}.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table:first-child>thead:first-child>tr:first-child th:last-child{border-top-right-radius:3px}.panel>.table-responsive:last-child>.table:last-child,.panel>.table:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:first-child{border-bottom-left-radius:3px}.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:last-child{border-bottom-right-radius:3px}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive,.panel>.table+.panel-body,.panel>.table-responsive+.panel-body{border-top:1px solid #ddd}.panel>.table>tbody:first-child>tr:first-child td,.panel>.table>tbody:first-child>tr:first-child th{border-top:0}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child{border-left:0}.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child{border-right:0}.panel>.table-bordered>tbody>tr:first-child>td,.panel>.table-bordered>tbody>tr:first-child>th,.panel>.table-bordered>thead>tr:first-child>td,.panel>.table-bordered>thead>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>th,.panel>.table-responsive>.table-bordered>thead>tr:first-child>td,.panel>.table-responsive>.table-bordered>thead>tr:first-child>th{border-bottom:0}.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}.panel>.table-responsive{margin-bottom:0;border:0}.panel-group{margin-bottom:20px}.panel-group .panel{margin-bottom:0;border-radius:4px}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse>.list-group,.panel-group .panel-heading+.panel-collapse>.panel-body{border-top:1px solid #ddd}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #ddd}.panel-default{border-color:#ddd}.panel-default>.panel-heading{color:#333;background-color:#f5f5f5;border-color:#ddd}.panel-default>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ddd}.panel-default>.panel-heading .badge{color:#f5f5f5;background-color:#333}.panel-default>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ddd}.panel-primary{border-color:#337ab7}.panel-primary>.panel-heading{color:#fff;background-color:#337ab7;border-color:#337ab7}.panel-primary>.panel-heading+.panel-collapse>.panel-body{border-top-color:#337ab7}.panel-primary>.panel-heading .badge{color:#337ab7;background-color:#fff}.panel-primary>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#337ab7}.panel-success{border-color:#d6e9c6}.panel-success>.panel-heading{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.panel-success>.panel-heading+.panel-collapse>.panel-body{border-top-color:#d6e9c6}.panel-success>.panel-heading .badge{color:#dff0d8;background-color:#3c763d}.panel-success>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#d6e9c6}.panel-info{border-color:#bce8f1}.panel-info>.panel-heading{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.panel-info>.panel-heading+.panel-collapse>.panel-body{border-top-color:#bce8f1}.panel-info>.panel-heading .badge{color:#d9edf7;background-color:#31708f}.panel-info>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#bce8f1}.panel-warning{border-color:#faebcc}.panel-warning>.panel-heading{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.panel-warning>.panel-heading+.panel-collapse>.panel-body{border-top-color:#faebcc}.panel-warning>.panel-heading .badge{color:#fcf8e3;background-color:#8a6d3b}.panel-warning>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#faebcc}.panel-danger{border-color:#ebccd1}.panel-danger>.panel-heading{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.panel-danger>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ebccd1}.panel-danger>.panel-heading .badge{color:#f2dede;background-color:#a94442}.panel-danger>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ebccd1}.embed-responsive{position:relative;display:block;height:0;padding:0;overflow:hidden}.embed-responsive .embed-responsive-item,.embed-responsive embed,.embed-responsive iframe,.embed-responsive object,.embed-responsive video{position:absolute;top:0;bottom:0;left:0;width:100%;height:100%;border:0}.embed-responsive-16by9{padding-bottom:56.25%}.embed-responsive-4by3{padding-bottom:75%}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.05);box-shadow:inset 0 1px 1px rgba(0,0,0,.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,.15)}.well-lg{padding:24px;border-radius:6px}.well-sm{padding:9px;border-radius:3px}.close{float:right;font-size:21px;font-weight:700;line-height:1;color:#000;text-shadow:0 1px 0 #fff;filter:alpha(opacity=20);opacity:.2}.close:focus,.close:hover{color:#000;text-decoration:none;cursor:pointer;filter:alpha(opacity=50);opacity:.5}button.close{-webkit-appearance:none;padding:0;cursor:pointer;background:0 0;border:0}.modal-open{overflow:hidden}.modal{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1050;display:none;overflow:hidden;-webkit-overflow-scrolling:touch;outline:0}.modal.fade .modal-dialog{-webkit-transition:-webkit-transform .3s ease-out;-o-transition:-o-transform .3s ease-out;transition:transform .3s ease-out;-webkit-transform:translate(0,-25%);-ms-transform:translate(0,-25%);-o-transform:translate(0,-25%);transform:translate(0,-25%)}.modal.in .modal-dialog{-webkit-transform:translate(0,0);-ms-transform:translate(0,0);-o-transform:translate(0,0);transform:translate(0,0)}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal-dialog{position:relative;width:auto;margin:10px}.modal-content{position:relative;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #999;border:1px solid rgba(0,0,0,.2);border-radius:6px;outline:0;-webkit-box-shadow:0 3px 9px rgba(0,0,0,.5);box-shadow:0 3px 9px rgba(0,0,0,.5)}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{filter:alpha(opacity=0);opacity:0}.modal-backdrop.in{filter:alpha(opacity=50);opacity:.5}.modal-header{padding:15px;border-bottom:1px solid #e5e5e5}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.42857143}.modal-body{position:relative;padding:15px}.modal-footer{padding:15px;text-align:right;border-top:1px solid #e5e5e5}.modal-footer .btn+.btn{margin-bottom:0;margin-left:5px}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}.modal-scrollbar-measure{position:absolute;top:-9999px;width:50px;height:50px;overflow:scroll}@media (min-width:768px){.modal-dialog{width:600px;margin:30px auto}.modal-content{-webkit-box-shadow:0 5px 15px rgba(0,0,0,.5);box-shadow:0 5px 15px rgba(0,0,0,.5)}.modal-sm{width:300px}}@media (min-width:992px){.modal-lg{width:900px}}.tooltip{position:absolute;z-index:1070;display:block;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:12px;font-style:normal;font-weight:400;line-height:1.42857143;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;word-wrap:normal;white-space:normal;filter:alpha(opacity=0);opacity:0;line-break:auto}.tooltip.in{filter:alpha(opacity=90);opacity:.9}.tooltip.top{padding:5px 0;margin-top:-3px}.tooltip.right{padding:0 5px;margin-left:3px}.tooltip.bottom{padding:5px 0;margin-top:3px}.tooltip.left{padding:0 5px;margin-left:-3px}.tooltip-inner{max-width:200px;padding:3px 8px;color:#fff;text-align:center;background-color:#000;border-radius:4px}.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.top-left .tooltip-arrow{right:5px;bottom:0;margin-bottom:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.top-right .tooltip-arrow{bottom:0;left:5px;margin-bottom:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-width:5px 5px 5px 0;border-right-color:#000}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-width:5px 0 5px 5px;border-left-color:#000}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip.bottom-left .tooltip-arrow{top:0;right:5px;margin-top:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip.bottom-right .tooltip-arrow{top:0;left:5px;margin-top:-5px;border-width:0 5px 5px;border-bottom-color:#000}.popover{position:absolute;top:0;left:0;z-index:1060;display:none;max-width:276px;padding:1px;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;font-style:normal;font-weight:400;line-height:1.42857143;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;word-wrap:normal;white-space:normal;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #ccc;border:1px solid rgba(0,0,0,.2);border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,.2);box-shadow:0 5px 10px rgba(0,0,0,.2);line-break:auto}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover-title{padding:8px 14px;margin:0;font-size:14px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;border-radius:5px 5px 0 0}.popover-content{padding:9px 14px}.popover>.arrow,.popover>.arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid}.popover>.arrow{border-width:11px}.popover>.arrow:after{content:"";border-width:10px}.popover.top>.arrow{bottom:-11px;left:50%;margin-left:-11px;border-top-color:#999;border-top-color:rgba(0,0,0,.25);border-bottom-width:0}.popover.top>.arrow:after{bottom:1px;margin-left:-10px;content:" ";border-top-color:#fff;border-bottom-width:0}.popover.right>.arrow{top:50%;left:-11px;margin-top:-11px;border-right-color:#999;border-right-color:rgba(0,0,0,.25);border-left-width:0}.popover.right>.arrow:after{bottom:-10px;left:1px;content:" ";border-right-color:#fff;border-left-width:0}.popover.bottom>.arrow{top:-11px;left:50%;margin-left:-11px;border-top-width:0;border-bottom-color:#999;border-bottom-color:rgba(0,0,0,.25)}.popover.bottom>.arrow:after{top:1px;margin-left:-10px;content:" ";border-top-width:0;border-bottom-color:#fff}.popover.left>.arrow{top:50%;right:-11px;margin-top:-11px;border-right-width:0;border-left-color:#999;border-left-color:rgba(0,0,0,.25)}.popover.left>.arrow:after{right:1px;bottom:-10px;content:" ";border-right-width:0;border-left-color:#fff}.carousel{position:relative}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner>.item{position:relative;display:none;-webkit-transition:.6s ease-in-out left;-o-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel-inner>.item>a>img,.carousel-inner>.item>img{line-height:1}@media all and (transform-3d),(-webkit-transform-3d){.carousel-inner>.item{-webkit-transition:-webkit-transform .6s ease-in-out;-o-transition:-o-transform .6s ease-in-out;transition:transform .6s ease-in-out;-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-perspective:1000px;perspective:1000px}.carousel-inner>.item.active.right,.carousel-inner>.item.next{left:0;-webkit-transform:translate3d(100%,0,0);transform:translate3d(100%,0,0)}.carousel-inner>.item.active.left,.carousel-inner>.item.prev{left:0;-webkit-transform:translate3d(-100%,0,0);transform:translate3d(-100%,0,0)}.carousel-inner>.item.active,.carousel-inner>.item.next.left,.carousel-inner>.item.prev.right{left:0;-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block}.carousel-inner>.active{left:0}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.carousel-inner>.next{left:100%}.carousel-inner>.prev{left:-100%}.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0}.carousel-inner>.active.left{left:-100%}.carousel-inner>.active.right{left:100%}.carousel-control{position:absolute;top:0;bottom:0;left:0;width:15%;font-size:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,.6);background-color:rgba(0,0,0,0);filter:alpha(opacity=50);opacity:.5}.carousel-control.left{background-image:-webkit-linear-gradient(left,rgba(0,0,0,.5) 0,rgba(0,0,0,.0001) 100%);background-image:-o-linear-gradient(left,rgba(0,0,0,.5) 0,rgba(0,0,0,.0001) 100%);background-image:-webkit-gradient(linear,left top,right top,from(rgba(0,0,0,.5)),to(rgba(0,0,0,.0001)));background-image:linear-gradient(to right,rgba(0,0,0,.5) 0,rgba(0,0,0,.0001) 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#80000000', endColorstr='#00000000', GradientType=1);background-repeat:repeat-x}.carousel-control.right{right:0;left:auto;background-image:-webkit-linear-gradient(left,rgba(0,0,0,.0001) 0,rgba(0,0,0,.5) 100%);background-image:-o-linear-gradient(left,rgba(0,0,0,.0001) 0,rgba(0,0,0,.5) 100%);background-image:-webkit-gradient(linear,left top,right top,from(rgba(0,0,0,.0001)),to(rgba(0,0,0,.5)));background-image:linear-gradient(to right,rgba(0,0,0,.0001) 0,rgba(0,0,0,.5) 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#00000000', endColorstr='#80000000', GradientType=1);background-repeat:repeat-x}.carousel-control:focus,.carousel-control:hover{color:#fff;text-decoration:none;filter:alpha(opacity=90);outline:0;opacity:.9}.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right,.carousel-control .icon-next,.carousel-control .icon-prev{position:absolute;top:50%;z-index:5;display:inline-block;margin-top:-10px}.carousel-control .glyphicon-chevron-left,.carousel-control .icon-prev{left:50%;margin-left:-10px}.carousel-control .glyphicon-chevron-right,.carousel-control .icon-next{right:50%;margin-right:-10px}.carousel-control .icon-next,.carousel-control .icon-prev{width:20px;height:20px;font-family:serif;line-height:1}.carousel-control .icon-prev:before{content:'\2039'}.carousel-control .icon-next:before{content:'\203a'}.carousel-indicators{position:absolute;bottom:10px;left:50%;z-index:15;width:60%;padding-left:0;margin-left:-30%;text-align:center;list-style:none}.carousel-indicators li{display:inline-block;width:10px;height:10px;margin:1px;text-indent:-999px;cursor:pointer;background-color:#000\9;background-color:rgba(0,0,0,0);border:1px solid #fff;border-radius:10px}.carousel-indicators .active{width:12px;height:12px;margin:0;background-color:#fff}.carousel-caption{position:absolute;right:15%;bottom:20px;left:15%;z-index:10;padding-top:20px;padding-bottom:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,.6)}.carousel-caption .btn{text-shadow:none}@media screen and (min-width:768px){.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right,.carousel-control .icon-next,.carousel-control .icon-prev{width:30px;height:30px;margin-top:-10px;font-size:30px}.carousel-control .glyphicon-chevron-left,.carousel-control .icon-prev{margin-left:-10px}.carousel-control .glyphicon-chevron-right,.carousel-control .icon-next{margin-right:-10px}.carousel-caption{right:20%;left:20%;padding-bottom:30px}.carousel-indicators{bottom:20px}}.btn-group-vertical>.btn-group:after,.btn-group-vertical>.btn-group:before,.btn-toolbar:after,.btn-toolbar:before,.clearfix:after,.clearfix:before,.container-fluid:after,.container-fluid:before,.container:after,.container:before,.dl-horizontal dd:after,.dl-horizontal dd:before,.form-horizontal .form-group:after,.form-horizontal .form-group:before,.modal-footer:after,.modal-footer:before,.modal-header:after,.modal-header:before,.nav:after,.nav:before,.navbar-collapse:after,.navbar-collapse:before,.navbar-header:after,.navbar-header:before,.navbar:after,.navbar:before,.pager:after,.pager:before,.panel-body:after,.panel-body:before,.row:after,.row:before{display:table;content:" "}.btn-group-vertical>.btn-group:after,.btn-toolbar:after,.clearfix:after,.container-fluid:after,.container:after,.dl-horizontal dd:after,.form-horizontal .form-group:after,.modal-footer:after,.modal-header:after,.nav:after,.navbar-collapse:after,.navbar-header:after,.navbar:after,.pager:after,.panel-body:after,.row:after{clear:both}.center-block{display:block;margin-right:auto;margin-left:auto}.pull-right{float:right!important}.pull-left{float:left!important}.hide{display:none!important}.show{display:block!important}.invisible{visibility:hidden}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.hidden{display:none!important}.affix{position:fixed}@-ms-viewport{width:device-width}.visible-lg,.visible-md,.visible-sm,.visible-xs{display:none!important}.visible-lg-block,.visible-lg-inline,.visible-lg-inline-block,.visible-md-block,.visible-md-inline,.visible-md-inline-block,.visible-sm-block,.visible-sm-inline,.visible-sm-inline-block,.visible-xs-block,.visible-xs-inline,.visible-xs-inline-block{display:none!important}@media (max-width:767px){.visible-xs{display:block!important}table.visible-xs{display:table!important}tr.visible-xs{display:table-row!important}td.visible-xs,th.visible-xs{display:table-cell!important}}@media (max-width:767px){.visible-xs-block{display:block!important}}@media (max-width:767px){.visible-xs-inline{display:inline!important}}@media (max-width:767px){.visible-xs-inline-block{display:inline-block!important}}@media (min-width:768px) and (max-width:991px){.visible-sm{display:block!important}table.visible-sm{display:table!important}tr.visible-sm{display:table-row!important}td.visible-sm,th.visible-sm{display:table-cell!important}}@media (min-width:768px) and (max-width:991px){.visible-sm-block{display:block!important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline{display:inline!important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline-block{display:inline-block!important}}@media (min-width:992px) and (max-width:1199px){.visible-md{display:block!important}table.visible-md{display:table!important}tr.visible-md{display:table-row!important}td.visible-md,th.visible-md{display:table-cell!important}}@media (min-width:992px) and (max-width:1199px){.visible-md-block{display:block!important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline{display:inline!important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline-block{display:inline-block!important}}@media (min-width:1200px){.visible-lg{display:block!important}table.visible-lg{display:table!important}tr.visible-lg{display:table-row!important}td.visible-lg,th.visible-lg{display:table-cell!important}}@media (min-width:1200px){.visible-lg-block{display:block!important}}@media (min-width:1200px){.visible-lg-inline{display:inline!important}}@media (min-width:1200px){.visible-lg-inline-block{display:inline-block!important}}@media (max-width:767px){.hidden-xs{display:none!important}}@media (min-width:768px) and (max-width:991px){.hidden-sm{display:none!important}}@media (min-width:992px) and (max-width:1199px){.hidden-md{display:none!important}}@media (min-width:1200px){.hidden-lg{display:none!important}}.visible-print{display:none!important}@media print{.visible-print{display:block!important}table.visible-print{display:table!important}tr.visible-print{display:table-row!important}td.visible-print,th.visible-print{display:table-cell!important}}.visible-print-block{display:none!important}@media print{.visible-print-block{display:block!important}}.visible-print-inline{display:none!important}@media print{.visible-print-inline{display:inline!important}}.visible-print-inline-block{display:none!important}@media print{.visible-print-inline-block{display:inline-block!important}}@media print{.hidden-print{display:none!important}}
+/*# sourceMappingURL=bootstrap.min.css.map */
\ No newline at end of file
diff --git a/src/client/css/01-main.css b/src/client/css/01-main.css
new file mode 100644
index 00000000..377215e9
--- /dev/null
+++ b/src/client/css/01-main.css
@@ -0,0 +1,4 @@
+
+body {
+ background-image: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI1NiIgaGVpZ2h0PSIxMDAiPgo8cmVjdCB3aWR0aD0iNTYiIGhlaWdodD0iMTAwIiBmaWxsPSIjRkZGRkZGIj48L3JlY3Q+CjxwYXRoIGQ9Ik0yOCA2NkwwIDUwTDAgMTZMMjggMEw1NiAxNkw1NiA1MEwyOCA2NkwyOCAxMDAiIGZpbGw9Im5vbmUiIHN0cm9rZT0iI0ZDRkNGQyIgc3Ryb2tlLXdpZHRoPSIyIj48L3BhdGg+CjxwYXRoIGQ9Ik0yOCAwTDI4IDM0TDAgNTBMMCA4NEwyOCAxMDBMNTYgODRMNTYgNTBMMjggMzQiIGZpbGw9Im5vbmUiIHN0cm9rZT0iI0ZCRkJGQiIgc3Ryb2tlLXdpZHRoPSIyIj48L3BhdGg+Cjwvc3ZnPg==");
+}
\ No newline at end of file
diff --git a/src/client/css/02-login.css b/src/client/css/02-login.css
new file mode 100644
index 00000000..9d7ec922
--- /dev/null
+++ b/src/client/css/02-login.css
@@ -0,0 +1,101 @@
+.form-signin
+{
+ padding: 15px;
+ margin: 0 auto;
+}
+
+.form-signin .form-signin-heading, .form-signin .checkbox
+{
+ margin-bottom: 10px;
+}
+
+.form-signin .checkbox
+{
+ font-weight: normal;
+}
+
+.form-signin .form-control
+{
+ position: relative;
+ font-size: 16px;
+ height: auto;
+ padding: 10px;
+ -webkit-box-sizing: border-box;
+ -moz-box-sizing: border-box;
+ box-sizing: border-box;
+}
+.form-signin .form-control:focus
+{
+ z-index: 2;
+}
+.form-signin input[type="text"]
+{
+ margin-bottom: -1px;
+ border-bottom-left-radius: 0;
+ border-bottom-right-radius: 0;
+}
+.form-signin input[type="password"]
+{
+ /* margin-bottom: 10px; */
+ border-top-left-radius: 0;
+ border-top-right-radius: 0;
+}
+.account-wall
+{
+ border: 1px solid #DDD;
+ margin-top: 20px;
+ padding: 20px;
+ padding-bottom: 40px;
+ background-color: #f7f7f7;
+ -moz-box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3);
+ -webkit-box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3);
+ box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3);
+}
+.account-wall h1
+{
+ color: #555;
+ margin-bottom: 30px;
+ font-weight: 400;
+ display: block;
+ text-align: center;
+}
+.account-wall p
+{
+ text-align: center;
+ margin: 10px 10px;
+ margin-top: 30px;
+ font-size: 1.3em;
+}
+.account-wall .form-inputs
+{
+ margin-bottom: 10px;
+}
+.account-wall hr {
+ border-color: #c5c5c5;
+}
+
+.header-img
+{
+ width: 96px;
+ height: 96px;
+ margin: 0 auto 10px;
+ display: block;
+ -moz-border-radius: 50%;
+ -webkit-border-radius: 50%;
+ border-radius: 50%;
+}
+
+.link
+{
+ margin-top: 10px;
+}
+
+.btn-primary.totp
+{
+ background-color: rgb(102, 135, 162);
+}
+
+.btn-primary.u2f
+{
+ background-color: rgb(83, 149, 204);
+}
\ No newline at end of file
diff --git a/src/client/css/03-errors.css b/src/client/css/03-errors.css
new file mode 100644
index 00000000..e9f97f33
--- /dev/null
+++ b/src/client/css/03-errors.css
@@ -0,0 +1,12 @@
+
+.error-401 .header-img {
+ border-radius: 0%;
+}
+
+.error-403 .header-img {
+ border-radius: 0%;
+}
+
+.error-404 .header-img {
+ border-radius: 0%;
+}
\ No newline at end of file
diff --git a/src/client/css/03-password-reset-form.css b/src/client/css/03-password-reset-form.css
new file mode 100644
index 00000000..34066bc2
--- /dev/null
+++ b/src/client/css/03-password-reset-form.css
@@ -0,0 +1,4 @@
+
+.password-reset-form .header-img {
+ border-radius: 0%;
+}
diff --git a/src/client/css/03-password-reset-request.css b/src/client/css/03-password-reset-request.css
new file mode 100644
index 00000000..1a2ad4df
--- /dev/null
+++ b/src/client/css/03-password-reset-request.css
@@ -0,0 +1,4 @@
+
+.password-reset-request .header-img {
+ border-radius: 0%;
+}
diff --git a/src/client/css/03-totp-register.css b/src/client/css/03-totp-register.css
new file mode 100644
index 00000000..b51fa6db
--- /dev/null
+++ b/src/client/css/03-totp-register.css
@@ -0,0 +1,12 @@
+.totp-register #secret {
+ background-color: white;
+ font-size: 0.9em;
+ font-weight: bold;
+ padding: 5px;
+ border: 1px solid #c7c7c7;
+ word-wrap: break-word;
+}
+
+.totp-register #qrcode img {
+ margin: 20px auto;
+}
\ No newline at end of file
diff --git a/src/client/css/03-u2f-register.css b/src/client/css/03-u2f-register.css
new file mode 100644
index 00000000..e54cddf8
--- /dev/null
+++ b/src/client/css/03-u2f-register.css
@@ -0,0 +1,5 @@
+
+.u2f-register img {
+ display: block;
+ margin: 20px auto;
+}
\ No newline at end of file
diff --git a/src/client/firstfactor/FirstFactorValidator.ts b/src/client/firstfactor/FirstFactorValidator.ts
new file mode 100644
index 00000000..369cd535
--- /dev/null
+++ b/src/client/firstfactor/FirstFactorValidator.ts
@@ -0,0 +1,20 @@
+
+import BluebirdPromise = require("bluebird");
+import Endpoints = require("../../server/endpoints");
+
+export function validate(username: string, password: string, $: JQueryStatic): BluebirdPromise < void> {
+ return new BluebirdPromise(function (resolve, reject) {
+ $.post(Endpoints.FIRST_FACTOR_POST, {
+ username: username,
+ password: password,
+ })
+ .done(function () {
+ resolve();
+ })
+ .fail(function (xhr: JQueryXHR, textStatus: string) {
+ if (xhr.status == 401)
+ reject(new Error("Authetication failed. Please check your credentials"));
+ reject(new Error(textStatus));
+ });
+ });
+}
diff --git a/src/client/firstfactor/UISelectors.ts b/src/client/firstfactor/UISelectors.ts
new file mode 100644
index 00000000..25dc81ff
--- /dev/null
+++ b/src/client/firstfactor/UISelectors.ts
@@ -0,0 +1,3 @@
+
+export const USERNAME_FIELD_ID = "#username";
+export const PASSWORD_FIELD_ID = "#password";
\ No newline at end of file
diff --git a/src/client/firstfactor/index.ts b/src/client/firstfactor/index.ts
new file mode 100644
index 00000000..fea6b4e3
--- /dev/null
+++ b/src/client/firstfactor/index.ts
@@ -0,0 +1,39 @@
+import FirstFactorValidator = require("./FirstFactorValidator");
+import JSLogger = require("js-logger");
+import UISelectors = require("./UISelectors");
+
+import Endpoints = require("../../server/endpoints");
+
+export default function (window: Window, $: JQueryStatic, firstFactorValidator: typeof FirstFactorValidator, jslogger: typeof JSLogger) {
+ function onFormSubmitted() {
+ const username: string = $(UISelectors.USERNAME_FIELD_ID).val();
+ const password: string = $(UISelectors.PASSWORD_FIELD_ID).val();
+ jslogger.debug("Form submitted");
+ firstFactorValidator.validate(username, password, $)
+ .then(onFirstFactorSuccess, onFirstFactorFailure);
+ return false;
+ }
+
+ function onFirstFactorSuccess() {
+ jslogger.debug("First factor validated.");
+ $(UISelectors.USERNAME_FIELD_ID).val("");
+ $(UISelectors.PASSWORD_FIELD_ID).val("");
+
+ // Redirect to second factor
+ window.location.href = Endpoints.SECOND_FACTOR_GET;
+ }
+
+ function onFirstFactorFailure(err: Error) {
+ jslogger.debug("First factor failed.");
+
+ $(UISelectors.PASSWORD_FIELD_ID).val("");
+ $.notify("Error during authentication: " + err.message, "error");
+ }
+
+
+ $(window.document).ready(function () {
+ jslogger.info("Enter first factor");
+ $("form").on("submit", onFormSubmitted);
+ });
+}
+
diff --git a/src/client/img/icon.png b/src/client/img/icon.png
new file mode 100644
index 00000000..145a2751
Binary files /dev/null and b/src/client/img/icon.png differ
diff --git a/src/client/img/mail.png b/src/client/img/mail.png
new file mode 100644
index 00000000..834bfce9
Binary files /dev/null and b/src/client/img/mail.png differ
diff --git a/src/client/img/padlock.png b/src/client/img/padlock.png
new file mode 100644
index 00000000..31abbaee
Binary files /dev/null and b/src/client/img/padlock.png differ
diff --git a/src/client/img/password.png b/src/client/img/password.png
new file mode 100644
index 00000000..cf616474
Binary files /dev/null and b/src/client/img/password.png differ
diff --git a/src/public_html/img/pendrive.png b/src/client/img/pendrive.png
similarity index 100%
rename from src/public_html/img/pendrive.png
rename to src/client/img/pendrive.png
diff --git a/src/client/img/success.png b/src/client/img/success.png
new file mode 100644
index 00000000..ee9d6841
Binary files /dev/null and b/src/client/img/success.png differ
diff --git a/src/client/img/user.png b/src/client/img/user.png
new file mode 100644
index 00000000..00941399
Binary files /dev/null and b/src/client/img/user.png differ
diff --git a/src/client/img/warning.png b/src/client/img/warning.png
new file mode 100644
index 00000000..c6acd953
Binary files /dev/null and b/src/client/img/warning.png differ
diff --git a/src/client/index.ts b/src/client/index.ts
new file mode 100644
index 00000000..8d7e37ce
--- /dev/null
+++ b/src/client/index.ts
@@ -0,0 +1,38 @@
+
+import FirstFactorValidator = require("./firstfactor/FirstFactorValidator");
+
+import FirstFactor from "./firstfactor/index";
+import SecondFactor from "./secondfactor/index";
+import TOTPRegister from "./totp-register/totp-register";
+import U2fRegister from "./u2f-register/u2f-register";
+import ResetPasswordRequest from "./reset-password/reset-password-request";
+import ResetPasswordForm from "./reset-password/reset-password-form";
+import jslogger = require("js-logger");
+import jQuery = require("jquery");
+import u2fApi = require("u2f-api");
+
+jslogger.useDefaults();
+jslogger.setLevel(jslogger.INFO);
+
+require("notifyjs-browser")(jQuery);
+
+export = {
+ firstfactor: function () {
+ FirstFactor(window, jQuery, FirstFactorValidator, jslogger);
+ },
+ secondfactor: function () {
+ SecondFactor(window, jQuery, u2fApi);
+ },
+ register_totp: function() {
+ TOTPRegister(window, jQuery);
+ },
+ register_u2f: function () {
+ U2fRegister(window, jQuery);
+ },
+ reset_password_request: function () {
+ ResetPasswordRequest(window, jQuery);
+ },
+ reset_password_form: function () {
+ ResetPasswordForm(window, jQuery);
+ }
+};
\ No newline at end of file
diff --git a/src/client/reset-password/constants.ts b/src/client/reset-password/constants.ts
new file mode 100644
index 00000000..d48d4e67
--- /dev/null
+++ b/src/client/reset-password/constants.ts
@@ -0,0 +1,2 @@
+
+export const FORM_SELECTOR = ".form-signin";
\ No newline at end of file
diff --git a/src/client/reset-password/reset-password-form.ts b/src/client/reset-password/reset-password-form.ts
new file mode 100644
index 00000000..dfd48e45
--- /dev/null
+++ b/src/client/reset-password/reset-password-form.ts
@@ -0,0 +1,49 @@
+import BluebirdPromise = require("bluebird");
+
+import Endpoints = require("../../server/endpoints");
+import Constants = require("./constants");
+
+export default function (window: Window, $: JQueryStatic) {
+ function modifyPassword(newPassword: string) {
+ return new BluebirdPromise(function (resolve, reject) {
+ $.post(Endpoints.RESET_PASSWORD_FORM_POST, {
+ password: newPassword,
+ })
+ .done(function (data) {
+ resolve(data);
+ })
+ .fail(function (xhr, status) {
+ reject(status);
+ });
+ });
+ }
+
+ function onFormSubmitted() {
+ const password1 = $("#password1").val();
+ const password2 = $("#password2").val();
+
+ if (!password1 || !password2) {
+ $.notify("You must enter your new password twice.", "warn");
+ return false;
+ }
+
+ if (password1 != password2) {
+ $.notify("The passwords are different", "warn");
+ return false;
+ }
+
+ modifyPassword(password1)
+ .then(function () {
+ $.notify("Your password has been changed. Please login again", "success");
+ window.location.href = Endpoints.FIRST_FACTOR_GET;
+ })
+ .error(function () {
+ $.notify("An error occurred during password change.", "warn");
+ });
+ return false;
+ }
+
+ $(document).ready(function () {
+ $(Constants.FORM_SELECTOR).on("submit", onFormSubmitted);
+ });
+}
diff --git a/src/client/reset-password/reset-password-request.ts b/src/client/reset-password/reset-password-request.ts
new file mode 100644
index 00000000..e390fbc5
--- /dev/null
+++ b/src/client/reset-password/reset-password-request.ts
@@ -0,0 +1,49 @@
+
+import BluebirdPromise = require("bluebird");
+
+import Endpoints = require("../../server/endpoints");
+import Constants = require("./constants");
+import jslogger = require("js-logger");
+
+export default function(window: Window, $: JQueryStatic) {
+ function requestPasswordReset(username: string) {
+ return new BluebirdPromise(function (resolve, reject) {
+ $.get(Endpoints.RESET_PASSWORD_IDENTITY_START_GET, {
+ userid: username,
+ })
+ .done(function () {
+ resolve();
+ })
+ .fail(function (xhr: JQueryXHR, textStatus: string) {
+ reject(new Error(textStatus));
+ });
+ });
+ }
+
+ function onFormSubmitted() {
+ const username = $("#username").val();
+
+ if (!username) {
+ $.notify("You must provide your username to reset your password.", "warn");
+ return;
+ }
+
+ requestPasswordReset(username)
+ .then(function () {
+ $.notify("An email has been sent. Click on the link to change your password", "success");
+ setTimeout(function () {
+ window.location.replace(Endpoints.FIRST_FACTOR_GET);
+ }, 1000);
+ })
+ .error(function () {
+ $.notify("Are you sure this is your username?", "warn");
+ });
+ return false;
+ }
+
+ $(document).ready(function () {
+ jslogger.debug("Reset password request form setup");
+ $(Constants.FORM_SELECTOR).on("submit", onFormSubmitted);
+ });
+}
+
diff --git a/src/client/secondfactor/TOTPValidator.ts b/src/client/secondfactor/TOTPValidator.ts
new file mode 100644
index 00000000..7538f7f1
--- /dev/null
+++ b/src/client/secondfactor/TOTPValidator.ts
@@ -0,0 +1,22 @@
+
+import BluebirdPromise = require("bluebird");
+import Endpoints = require("../../server/endpoints");
+
+export function validate(token: string, $: JQueryStatic): BluebirdPromise {
+ return new BluebirdPromise(function (resolve, reject) {
+ $.ajax({
+ url: Endpoints.SECOND_FACTOR_TOTP_POST,
+ data: {
+ token: token,
+ },
+ method: "POST",
+ dataType: "json"
+ } as JQueryAjaxSettings)
+ .done(function (data: any) {
+ resolve(data);
+ })
+ .fail(function (xhr: JQueryXHR, textStatus: string) {
+ reject(new Error(textStatus));
+ });
+ });
+}
\ No newline at end of file
diff --git a/src/client/secondfactor/U2FValidator.ts b/src/client/secondfactor/U2FValidator.ts
new file mode 100644
index 00000000..fb5da8e1
--- /dev/null
+++ b/src/client/secondfactor/U2FValidator.ts
@@ -0,0 +1,61 @@
+
+import U2fApi = require("u2f-api");
+import U2f = require("u2f");
+import BluebirdPromise = require("bluebird");
+import { SignMessage } from "../../server/lib/routes/secondfactor/u2f/sign_request/SignMessage";
+import Endpoints = require("../../server/endpoints");
+
+function finishU2fAuthentication(responseData: U2fApi.SignResponse, $: JQueryStatic): BluebirdPromise {
+ return new BluebirdPromise(function (resolve, reject) {
+ $.ajax({
+ url: Endpoints.SECOND_FACTOR_U2F_SIGN_POST,
+ data: responseData,
+ method: "POST",
+ dataType: "json"
+ } as JQueryAjaxSettings)
+ .done(function (data) {
+ resolve(data);
+ })
+ .fail(function (xhr: JQueryXHR, textStatus: string) {
+ reject(new Error(textStatus));
+ });
+ });
+}
+
+function startU2fAuthentication($: JQueryStatic, u2fApi: typeof U2fApi): BluebirdPromise {
+ return new BluebirdPromise(function (resolve, reject) {
+ $.get(Endpoints.SECOND_FACTOR_U2F_SIGN_REQUEST_GET, {}, undefined, "json")
+ .done(function (signResponse: SignMessage) {
+ $.notify("Please touch the token", "info");
+
+ const signRequest: U2fApi.SignRequest = {
+ appId: signResponse.request.appId,
+ challenge: signResponse.request.challenge,
+ keyHandle: signResponse.keyHandle, // linked to the client session cookie
+ version: "U2F_V2"
+ };
+
+ u2fApi.sign([signRequest], 60)
+ .then(function (signResponse: U2fApi.SignResponse) {
+ finishU2fAuthentication(signResponse, $)
+ .then(function (data) {
+ resolve(data);
+ }, function (err) {
+ $.notify("Error when finish U2F transaction", "error");
+ reject(err);
+ });
+ })
+ .catch(function (err: Error) {
+ reject(err);
+ });
+ })
+ .fail(function (xhr: JQueryXHR, textStatus: string) {
+ reject(new Error(textStatus));
+ });
+ });
+}
+
+
+export function validate($: JQueryStatic, u2fApi: typeof U2fApi): BluebirdPromise {
+ return startU2fAuthentication($, u2fApi);
+}
diff --git a/src/client/secondfactor/constants.ts b/src/client/secondfactor/constants.ts
new file mode 100644
index 00000000..eb8b154b
--- /dev/null
+++ b/src/client/secondfactor/constants.ts
@@ -0,0 +1,5 @@
+
+export const TOTP_FORM_SELECTOR = ".form-signin.totp";
+export const TOTP_TOKEN_SELECTOR = ".form-signin #token";
+
+export const U2F_FORM_SELECTOR = ".form-signin.u2f";
\ No newline at end of file
diff --git a/src/client/secondfactor/index.ts b/src/client/secondfactor/index.ts
new file mode 100644
index 00000000..1129bc2a
--- /dev/null
+++ b/src/client/secondfactor/index.ts
@@ -0,0 +1,57 @@
+
+import U2fApi = require("u2f-api");
+import jslogger = require("js-logger");
+
+import TOTPValidator = require("./TOTPValidator");
+import U2FValidator = require("./U2FValidator");
+
+import Endpoints = require("../../server/endpoints");
+
+import Constants = require("./constants");
+
+
+export default function (window: Window, $: JQueryStatic, u2fApi: typeof U2fApi) {
+ function onAuthenticationSuccess(data: any) {
+ window.location.href = data.redirection_url;
+ }
+
+
+ function onSecondFactorTotpSuccess(data: any) {
+ onAuthenticationSuccess(data);
+ }
+
+ function onSecondFactorTotpFailure(err: Error) {
+ $.notify("Error while validating TOTP token. Cause: " + err.message, "error");
+ }
+
+ function onU2fAuthenticationSuccess(data: any) {
+ onAuthenticationSuccess(data);
+ }
+
+ function onU2fAuthenticationFailure() {
+ $.notify("Problem with U2F authentication. Did you register before authenticating?", "warn");
+ }
+
+
+ function onTOTPFormSubmitted(): boolean {
+ const token = $(Constants.TOTP_TOKEN_SELECTOR).val();
+ jslogger.debug("TOTP token is %s", token);
+
+ TOTPValidator.validate(token, $)
+ .then(onSecondFactorTotpSuccess)
+ .catch(onSecondFactorTotpFailure);
+ return false;
+ }
+
+ function onU2FFormSubmitted(): boolean {
+ jslogger.debug("Start U2F authentication");
+ U2FValidator.validate($, U2fApi)
+ .then(onU2fAuthenticationSuccess, onU2fAuthenticationFailure);
+ return false;
+ }
+
+ $(window.document).ready(function () {
+ $(Constants.TOTP_FORM_SELECTOR).on("submit", onTOTPFormSubmitted);
+ $(Constants.U2F_FORM_SELECTOR).on("submit", onU2FFormSubmitted);
+ });
+}
\ No newline at end of file
diff --git a/src/public_html/js/qrcode.min.js b/src/client/thirdparties/qrcode.min.js
similarity index 100%
rename from src/public_html/js/qrcode.min.js
rename to src/client/thirdparties/qrcode.min.js
diff --git a/src/client/totp-register/totp-register.ts b/src/client/totp-register/totp-register.ts
new file mode 100644
index 00000000..6a9aa7ee
--- /dev/null
+++ b/src/client/totp-register/totp-register.ts
@@ -0,0 +1,11 @@
+
+import jslogger = require("js-logger");
+import UISelector = require("./ui-selector");
+
+export default function(window: Window, $: JQueryStatic) {
+ jslogger.debug("Creating QRCode from OTPAuth url");
+ const qrcode = $(UISelector.QRCODE_ID_SELECTOR);
+ const val = qrcode.text();
+ qrcode.empty();
+ new (window as any).QRCode(qrcode.get(0), val);
+}
diff --git a/src/client/totp-register/ui-selector.ts b/src/client/totp-register/ui-selector.ts
new file mode 100644
index 00000000..9d43fabe
--- /dev/null
+++ b/src/client/totp-register/ui-selector.ts
@@ -0,0 +1,2 @@
+
+export const QRCODE_ID_SELECTOR = "#qrcode";
\ No newline at end of file
diff --git a/src/client/u2f-register/u2f-register.ts b/src/client/u2f-register/u2f-register.ts
new file mode 100644
index 00000000..d584ab03
--- /dev/null
+++ b/src/client/u2f-register/u2f-register.ts
@@ -0,0 +1,53 @@
+
+import BluebirdPromise = require("bluebird");
+import U2f = require("u2f");
+import u2fApi = require("u2f-api");
+
+import Endpoints = require("../../server/endpoints");
+import jslogger = require("js-logger");
+
+export default function(window: Window, $: JQueryStatic) {
+
+ function checkRegistration(regResponse: u2fApi.RegisterResponse, fn: (err: Error) => void) {
+ const registrationData: U2f.RegistrationData = regResponse;
+
+ jslogger.debug("registrationResponse = %s", JSON.stringify(registrationData));
+
+ $.post(Endpoints.SECOND_FACTOR_U2F_REGISTER_POST, registrationData, undefined, "json")
+ .done(function (data) {
+ document.location.href = data.redirection_url;
+ })
+ .fail(function (xhr, status) {
+ $.notify("Error when finish U2F transaction" + status);
+ });
+ }
+
+ function requestRegistration(fn: (err: Error) => void) {
+ $.get(Endpoints.SECOND_FACTOR_U2F_REGISTER_REQUEST_GET, {}, undefined, "json")
+ .done(function (registrationRequest: U2f.Request) {
+ jslogger.debug("registrationRequest = %s", JSON.stringify(registrationRequest));
+
+ const registerRequest: u2fApi.RegisterRequest = registrationRequest;
+ u2fApi.register([registerRequest], [], 120)
+ .then(function (res: u2fApi.RegisterResponse) {
+ checkRegistration(res, fn);
+ })
+ .catch(function (err: Error) {
+ fn(err);
+ });
+ });
+ }
+
+ function onRegisterFailure(err: Error) {
+ $.notify("Problem authenticating with U2F.", "error");
+ }
+
+ $(document).ready(function () {
+ requestRegistration(function (err: Error) {
+ if (err) {
+ onRegisterFailure(err);
+ return;
+ }
+ });
+ });
+}
diff --git a/src/lib/IdentityValidator.ts b/src/lib/IdentityValidator.ts
deleted file mode 100644
index 94f19458..00000000
--- a/src/lib/IdentityValidator.ts
+++ /dev/null
@@ -1,156 +0,0 @@
-
-import objectPath = require("object-path");
-import randomstring = require("randomstring");
-import BluebirdPromise = require("bluebird");
-import util = require("util");
-import exceptions = require("./Exceptions");
-import fs = require("fs");
-import ejs = require("ejs");
-import UserDataStore from "./UserDataStore";
-import { ILogger } from "../types/ILogger";
-import express = require("express");
-
-import Identity = require("../types/Identity");
-import { IdentityValidationRequestContent } from "./UserDataStore";
-
-const filePath = __dirname + "/../resources/email-template.ejs";
-const email_template = fs.readFileSync(filePath, "utf8");
-
-
-// IdentityValidator allows user to go through a identity validation process in two steps:
-// - Request an operation to be performed (password reset, registration).
-// - Confirm operation with email.
-
-export interface IdentityValidable {
- challenge(): string;
- templateName(): string;
- preValidation(req: express.Request): BluebirdPromise;
- mailSubject(): string;
-}
-
-export class IdentityValidator {
- private userDataStore: UserDataStore;
- private logger: ILogger;
-
- constructor(userDataStore: UserDataStore, logger: ILogger) {
- this.userDataStore = userDataStore;
- this.logger = logger;
- }
-
-
- static setup(app: express.Application, endpoint: string, handler: IdentityValidable, userDataStore: UserDataStore, logger: ILogger) {
- const identityValidator = new IdentityValidator(userDataStore, logger);
- app.get(endpoint, identityValidator.identity_check_get(endpoint, handler));
- app.post(endpoint, identityValidator.identity_check_post(endpoint, handler));
- }
-
-
- private issue_token(userid: string, content: Object): BluebirdPromise {
- const five_minutes = 4 * 60 * 1000;
- const token = randomstring.generate({ length: 64 });
- const that = this;
-
- this.logger.debug("identity_check: issue identity token %s for 5 minutes", token);
- return this.userDataStore.issue_identity_check_token(userid, token, content, five_minutes)
- .then(function () {
- return BluebirdPromise.resolve(token);
- });
- }
-
- private consume_token(token: string): BluebirdPromise {
- this.logger.debug("identity_check: consume token %s", token);
- return this.userDataStore.consume_identity_check_token(token);
- }
-
- private identity_check_get(endpoint: string, handler: IdentityValidable): express.RequestHandler {
- const that = this;
- return function (req: express.Request, res: express.Response) {
- const logger = req.app.get("logger");
- const identity_token = objectPath.get(req, "query.identity_token");
- logger.info("GET identity_check: identity token provided is %s", identity_token);
-
- if (!identity_token) {
- res.status(403);
- res.send();
- return;
- }
-
- that.consume_token(identity_token)
- .then(function (content: IdentityValidationRequestContent) {
- objectPath.set(req, "session.auth_session.identity_check", {});
- req.session.auth_session.identity_check.challenge = handler.challenge();
- req.session.auth_session.identity_check.userid = content.userid;
- res.render(handler.templateName());
- }, function (err: Error) {
- logger.error("GET identity_check: Error while consuming token %s", err);
- throw new exceptions.AccessDeniedError("Access denied");
- })
- .catch(exceptions.AccessDeniedError, function (err: Error) {
- logger.error("GET identity_check: Access Denied %s", err);
- res.status(403);
- res.send();
- })
- .catch(function (err: Error) {
- logger.error("GET identity_check: Internal error %s", err);
- res.status(500);
- res.send();
- });
- };
- }
-
-
- private identity_check_post(endpoint: string, handler: IdentityValidable): express.RequestHandler {
- const that = this;
- return function (req: express.Request, res: express.Response) {
- const logger = req.app.get("logger");
- const notifier = req.app.get("notifier");
- let identity: Identity.Identity;
-
- handler.preValidation(req)
- .then(function (id: Identity.Identity) {
- identity = id;
- const email_address = objectPath.get(identity, "email");
- const userid = objectPath.get(identity, "userid");
-
- if (!(email_address && userid)) {
- throw new exceptions.IdentityError("Missing user id or email address");
- }
-
- return that.issue_token(userid, undefined);
- }, function (err: Error) {
- throw new exceptions.AccessDeniedError(err.message);
- })
- .then(function (token: string) {
- const redirect_url = objectPath.get(req, "body.redirect");
- const original_uri = objectPath.get(req, "headers.x-original-uri", "");
- const original_url = util.format("https://%s%s", req.headers.host, original_uri);
- let link_url = util.format("%s?identity_token=%s", original_url, token);
- if (redirect_url) {
- link_url = util.format("%s&redirect=%s", link_url, redirect_url);
- }
-
- logger.info("POST identity_check: notify to %s", identity.userid);
- return notifier.notify(identity, handler.mailSubject(), link_url);
- })
- .then(function () {
- res.status(204);
- res.send();
- })
- .catch(exceptions.IdentityError, function (err: Error) {
- logger.error("POST identity_check: %s", err);
- res.status(400);
- res.send();
- })
- .catch(exceptions.AccessDeniedError, function (err: Error) {
- logger.error("POST identity_check: %s", err);
- res.status(403);
- res.send();
- })
- .catch(function (err: Error) {
- logger.error("POST identity_check: Error %s", err);
- res.status(500);
- res.send();
- });
- };
- }
-}
diff --git a/src/lib/RestApi.ts b/src/lib/RestApi.ts
deleted file mode 100644
index 558321b2..00000000
--- a/src/lib/RestApi.ts
+++ /dev/null
@@ -1,282 +0,0 @@
-
-import express = require("express");
-import routes = require("./routes");
-import IdentityValidator = require("./IdentityValidator");
-import UserDataStore from "./UserDataStore";
-import { ILogger } from "../types/ILogger";
-
-export default class RestApi {
- static setup(app: express.Application, userDataStore: UserDataStore, logger: ILogger): void {
- /**
- * @apiDefine UserSession
- * @apiHeader {String} Cookie Cookie containing "connect.sid", the user
- * session token.
- */
-
- /**
- * @apiDefine InternalError
- * @apiError (Error 500) {String} error Internal error message.
- */
-
- /**
- * @apiDefine IdentityValidationPost
- *
- * @apiSuccess (Success 204) status Identity validation has been initiated.
- * @apiError (Error 403) AccessDenied Access is denied.
- * @apiError (Error 400) InvalidIdentity User identity is invalid.
- * @apiError (Error 500) {String} error Internal error message.
- *
- * @apiDescription This request issue an identity validation token for the user
- * bound to the session. It sends a challenge to the email address set in the user
- * LDAP entry. The user must visit the sent URL to complete the validation and
- * continue the registration process.
- */
-
- /**
- * @apiDefine IdentityValidationGet
- * @apiParam {String} identity_token The one-time identity validation token provided in the email.
- * @apiSuccess (Success 200) {String} content The content of the page.
- * @apiError (Error 403) AccessDenied Access is denied.
- * @apiError (Error 500) {String} error Internal error message.
- */
-
- /**
- * @api {get} /login Serve login page
- * @apiName Login
- * @apiGroup Pages
- * @apiVersion 1.0.0
- *
- * @apiParam {String} redirect Redirect to this URL when user is authenticated.
- * @apiSuccess (Success 200) {String} Content The content of the login page.
- *
- * @apiDescription Create a user session and serve the login page along with
- * a cookie.
- */
- app.get("/login", routes.login);
-
- /**
- * @api {get} /logout Server logout page
- * @apiName Logout
- * @apiGroup Pages
- * @apiVersion 1.0.0
- *
- * @apiParam {String} redirect Redirect to this URL when user is deauthenticated.
- * @apiSuccess (Success 301) redirect Redirect to the URL.
- *
- * @apiDescription Deauthenticate the user and redirect him.
- */
- app.get("/logout", routes.logout);
-
- /**
- * @api {post} /totp-register Request TOTP registration
- * @apiName RequestTOTPRegistration
- * @apiGroup Registration
- * @apiVersion 1.0.0
- * @apiUse UserSession
- * @apiUse IdentityValidationPost
- */
- /**
- * @api {get} /totp-register Serve TOTP registration page
- * @apiName ServeTOTPRegistrationPage
- * @apiGroup Registration
- * @apiVersion 1.0.0
- * @apiUse UserSession
- * @apiUse IdentityValidationGet
- *
- *
- * @apiDescription Serves the TOTP registration page that displays the secret.
- * The secret is a QRCode and a base32 secret.
- */
- IdentityValidator.IdentityValidator.setup(app, "/totp-register", routes.totp_register.icheck_interface, userDataStore, logger);
-
-
- /**
- * @api {post} /u2f-register Request U2F registration
- * @apiName RequestU2FRegistration
- * @apiGroup Registration
- * @apiVersion 1.0.0
- * @apiUse UserSession
- * @apiUse IdentityValidationPost
- */
- /**
- * @api {get} /u2f-register Serve U2F registration page
- * @apiName ServeU2FRegistrationPage
- * @apiGroup Pages
- * @apiVersion 1.0.0
- * @apiUse UserSession
- * @apiUse IdentityValidationGet
- *
- * @apiDescription Serves the U2F registration page that asks the user to
- * touch the token of the U2F device.
- */
- IdentityValidator.IdentityValidator.setup(app, "/u2f-register", routes.u2f_register.icheck_interface, userDataStore, logger);
-
- /**
- * @api {post} /reset-password Request for password reset
- * @apiName RequestPasswordReset
- * @apiGroup Registration
- * @apiVersion 1.0.0
- * @apiUse UserSession
- * @apiUse IdentityValidationPost
- */
- /**
- * @api {get} /reset-password Serve password reset form.
- * @apiName ServePasswordResetForm
- * @apiGroup Pages
- * @apiVersion 1.0.0
- * @apiUse UserSession
- * @apiUse IdentityValidationGet
- *
- * @apiDescription Serves password reset form that allow the user to provide
- * the new password.
- */
- IdentityValidator.IdentityValidator.setup(app, "/reset-password", routes.reset_password.icheck_interface, userDataStore, logger);
-
- app.get("/reset-password-form", function (req, res) { res.render("reset-password-form"); });
-
- /**
- * @api {post} /new-password Set LDAP password
- * @apiName SetLDAPPassword
- * @apiGroup Registration
- * @apiVersion 1.0.0
- * @apiUse UserSession
- *
- * @apiParam {String} password New password
- *
- * @apiDescription Set a new password for the user.
- */
- app.post("/new-password", routes.reset_password.post);
-
- /**
- * @api {post} /new-totp-secret Generate TOTP secret
- * @apiName GenerateTOTPSecret
- * @apiGroup Registration
- * @apiVersion 1.0.0
- * @apiUse UserSession
- *
- * @apiSuccess (Success 200) {String} base32 The base32 representation of the secret.
- * @apiSuccess (Success 200) {String} ascii The ASCII representation of the secret.
- * @apiSuccess (Success 200) {String} qrcode The QRCode of the secret in URI format.
- *
- * @apiError (Error 403) {String} error No user provided in the session or
- * unexpected identity validation challenge in the session.
- * @apiError (Error 500) {String} error Internal error message
- *
- * @apiDescription Generate a new TOTP secret and returns it.
- */
- app.post("/new-totp-secret", routes.totp_register.post);
-
- /**
- * @api {get} /verify Verify user authentication
- * @apiName VerifyAuthentication
- * @apiGroup Verification
- * @apiVersion 1.0.0
- * @apiUse UserSession
- *
- * @apiSuccess (Success 204) status The user is authenticated.
- * @apiError (Error 401) status The user is not authenticated.
- *
- * @apiDescription Verify that the user is authenticated, i.e., the two
- * factors have been validated
- */
- app.get("/verify", routes.verify);
-
- /**
- * @api {post} /1stfactor LDAP authentication
- * @apiName ValidateFirstFactor
- * @apiGroup Authentication
- * @apiVersion 1.0.0
- * @apiUse UserSession
- * @apiUse InternalError
- *
- * @apiParam {String} username User username.
- * @apiParam {String} password User password.
- *
- * @apiSuccess (Success 204) status 1st factor is validated.
- * @apiError (Error 401) {none} error 1st factor is not validated.
- * @apiError (Error 403) {none} error Access has been restricted after too
- * many authentication attempts
- *
- * @apiDescription Verify credentials against the LDAP.
- */
- app.post("/1stfactor", routes.first_factor);
-
- /**
- * @api {post} /2ndfactor/totp TOTP authentication
- * @apiName ValidateTOTPSecondFactor
- * @apiGroup Authentication
- * @apiVersion 1.0.0
- * @apiUse UserSession
- * @apiUse InternalError
- *
- * @apiParam {String} token TOTP token.
- *
- * @apiSuccess (Success 204) status TOTP token is valid.
- * @apiError (Error 401) {none} error TOTP token is invalid.
- *
- * @apiDescription Verify TOTP token. The user is authenticated upon success.
- */
- app.post("/2ndfactor/totp", routes.second_factor.totp);
-
- /**
- * @api {get} /2ndfactor/u2f/sign_request U2F Start authentication
- * @apiName StartU2FAuthentication
- * @apiGroup Authentication
- * @apiVersion 1.0.0
- * @apiUse UserSession
- * @apiUse InternalError
- *
- * @apiSuccess (Success 200) authentication_request The U2F authentication request.
- * @apiError (Error 401) {none} error There is no key registered for user in session.
- *
- * @apiDescription Initiate an authentication request using a U2F device.
- */
- app.get("/2ndfactor/u2f/sign_request", routes.second_factor.u2f.sign_request);
-
- /**
- * @api {post} /2ndfactor/u2f/sign U2F Complete authentication
- * @apiName CompleteU2FAuthentication
- * @apiGroup Authentication
- * @apiVersion 1.0.0
- * @apiUse UserSession
- * @apiUse InternalError
- *
- * @apiSuccess (Success 204) status The U2F authentication succeeded.
- * @apiError (Error 403) {none} error No authentication request has been provided.
- *
- * @apiDescription Complete authentication request of the U2F device.
- */
- app.post("/2ndfactor/u2f/sign", routes.second_factor.u2f.sign);
-
- /**
- * @api {get} /2ndfactor/u2f/register_request U2F Start device registration
- * @apiName StartU2FRegistration
- * @apiGroup Registration
- * @apiVersion 1.0.0
- * @apiUse UserSession
- * @apiUse InternalError
- *
- * @apiSuccess (Success 200) authentication_request The U2F registration request.
- * @apiError (Error 403) {none} error Unexpected identity validation challenge.
- *
- * @apiDescription Initiate a U2F device registration request.
- */
- app.get("/2ndfactor/u2f/register_request", routes.second_factor.u2f.register_request);
-
- /**
- * @api {post} /2ndfactor/u2f/register U2F Complete device registration
- * @apiName CompleteU2FRegistration
- * @apiGroup Registration
- * @apiVersion 1.0.0
- * @apiUse UserSession
- * @apiUse InternalError
- *
- * @apiSuccess (Success 204) status The U2F registration succeeded.
- * @apiError (Error 403) {none} error Unexpected identity validation challenge.
- * @apiError (Error 403) {none} error No registration request has been provided.
- *
- * @apiDescription Complete U2F registration request.
- */
- app.post("/2ndfactor/u2f/register", routes.second_factor.u2f.register);
- }
-}
diff --git a/src/lib/Server.ts b/src/lib/Server.ts
deleted file mode 100644
index da54cd38..00000000
--- a/src/lib/Server.ts
+++ /dev/null
@@ -1,94 +0,0 @@
-
-import { UserConfiguration } from "./Configuration";
-import { GlobalDependencies } from "../types/Dependencies";
-import AuthenticationRegulator from "./AuthenticationRegulator";
-import UserDataStore from "./UserDataStore";
-import ConfigurationAdapter from "./ConfigurationAdapter";
-import { NotifierFactory } from "./notifiers/NotifierFactory";
-import TOTPValidator from "./TOTPValidator";
-import TOTPGenerator from "./TOTPGenerator";
-import RestApi from "./RestApi";
-import { LdapClient } from "./LdapClient";
-import BluebirdPromise = require("bluebird");
-import { IdentityValidator } from "./IdentityValidator";
-
-import * as Express from "express";
-import * as BodyParser from "body-parser";
-import * as Path from "path";
-import * as http from "http";
-
-import AccessController from "./access_control/AccessController";
-
-export default class Server {
- private httpServer: http.Server;
-
- start(yaml_configuration: UserConfiguration, deps: GlobalDependencies): BluebirdPromise {
- const config = ConfigurationAdapter.adapt(yaml_configuration);
-
- const view_directory = Path.resolve(__dirname, "../views");
- const public_html_directory = Path.resolve(__dirname, "../public_html");
- const datastore_options = {
- directory: config.store_directory,
- inMemory: config.store_in_memory
- };
-
- const app = Express();
- app.use(Express.static(public_html_directory));
- app.use(BodyParser.urlencoded({ extended: false }));
- app.use(BodyParser.json());
- app.set("trust proxy", 1); // trust first proxy
-
- app.use(deps.session({
- secret: config.session.secret,
- resave: false,
- saveUninitialized: true,
- cookie: {
- secure: false,
- maxAge: config.session.expiration,
- domain: config.session.domain
- },
- }));
-
- app.set("views", view_directory);
- app.set("view engine", "ejs");
-
- // by default the level of logs is info
- deps.winston.level = config.logs_level || "info";
-
- const five_minutes = 5 * 60;
- const userDataStore = new UserDataStore(datastore_options, deps.nedb);
- const regulator = new AuthenticationRegulator(userDataStore, five_minutes);
- const notifier = NotifierFactory.build(config.notifier, deps.nodemailer);
- const ldap = new LdapClient(config.ldap, deps.ldapjs, deps.winston);
- const accessController = new AccessController(config.access_control, deps.winston);
- const totpValidator = new TOTPValidator(deps.speakeasy);
- const totpGenerator = new TOTPGenerator(deps.speakeasy);
- const identityValidator = new IdentityValidator(userDataStore, deps.winston);
-
- app.set("logger", deps.winston);
- app.set("ldap", ldap);
- app.set("totp validator", totpValidator);
- app.set("totp generator", totpGenerator);
- app.set("u2f", deps.u2f);
- app.set("user data store", userDataStore);
- app.set("notifier", notifier);
- app.set("authentication regulator", regulator);
- app.set("config", config);
- app.set("access controller", accessController);
- app.set("identity validator", identityValidator);
-
- RestApi.setup(app, userDataStore, deps.winston);
-
- return new BluebirdPromise((resolve, reject) => {
- this.httpServer = app.listen(config.port, function (err: string) {
- console.log("Listening on %d...", config.port);
- resolve();
- });
- });
- }
-
- stop() {
- this.httpServer.close();
- }
-}
-
diff --git a/src/lib/routes.ts b/src/lib/routes.ts
deleted file mode 100644
index 4c2d680d..00000000
--- a/src/lib/routes.ts
+++ /dev/null
@@ -1,41 +0,0 @@
-
-import FirstFactor = require("./routes/FirstFactor");
-import SecondFactorRoutes = require("./routes/SecondFactorRoutes");
-import PasswordReset = require("./routes/PasswordReset");
-import AuthenticationValidator = require("./routes/AuthenticationValidator");
-import U2FRegistration = require("./routes/U2FRegistration");
-import TOTPRegistration = require("./routes/TOTPRegistration");
-import objectPath = require("object-path");
-
-import express = require("express");
-
-export = {
- login: serveLogin,
- logout: serveLogout,
- verify: AuthenticationValidator,
- first_factor: FirstFactor,
- second_factor: SecondFactorRoutes,
- reset_password: PasswordReset,
- u2f_register: U2FRegistration,
- totp_register: TOTPRegistration,
-};
-
-function serveLogin(req: express.Request, res: express.Response) {
- if (!(objectPath.has(req, "session.auth_session"))) {
- req.session.auth_session = {};
- req.session.auth_session.first_factor = false;
- req.session.auth_session.second_factor = false;
- }
- res.render("login");
-}
-
-function serveLogout(req: express.Request, res: express.Response) {
- const redirect_param = req.query.redirect;
- const redirect_url = redirect_param || "/";
- req.session.auth_session = {
- first_factor: false,
- second_factor: false
- };
- res.redirect(redirect_url);
-}
-
diff --git a/src/lib/routes/AuthenticationValidator.ts b/src/lib/routes/AuthenticationValidator.ts
deleted file mode 100644
index d5ae1178..00000000
--- a/src/lib/routes/AuthenticationValidator.ts
+++ /dev/null
@@ -1,53 +0,0 @@
-
-import objectPath = require("object-path");
-import BluebirdPromise = require("bluebird");
-import express = require("express");
-import AccessController from "../access_control/AccessController";
-import exceptions = require("../Exceptions");
-
-function verify_filter(req: express.Request, res: express.Response) {
- const logger = req.app.get("logger");
- const accessController: AccessController = req.app.get("access controller");
-
- if (!objectPath.has(req, "session.auth_session"))
- return BluebirdPromise.reject("No auth_session variable");
-
- if (!objectPath.has(req, "session.auth_session.first_factor"))
- return BluebirdPromise.reject("No first factor variable");
-
- if (!objectPath.has(req, "session.auth_session.second_factor"))
- return BluebirdPromise.reject("No second factor variable");
-
- if (!objectPath.has(req, "session.auth_session.userid"))
- return BluebirdPromise.reject("No userid variable");
-
- const username = objectPath.get(req, "session.auth_session.userid");
- const groups = objectPath.get(req, "session.auth_session.groups");
-
- const host = objectPath.get(req, "headers.host");
- const domain = host.split(":")[0];
-
- const isAllowed = accessController.isDomainAllowedForUser(domain, username, groups);
- if (!isAllowed) return BluebirdPromise.reject(
- new exceptions.DomainAccessDenied("User '" + username + "' does not have access to " + domain));
-
- if (!req.session.auth_session.first_factor ||
- !req.session.auth_session.second_factor)
- return BluebirdPromise.reject(new exceptions.AccessDeniedError("First or second factor not validated"));
-
- return BluebirdPromise.resolve();
-}
-
-export = function (req: express.Request, res: express.Response) {
- verify_filter(req, res)
- .then(function () {
- res.status(204);
- res.send();
- })
- .catch(function (err) {
- req.app.get("logger").error(err);
- res.status(401);
- res.send();
- });
-};
-
diff --git a/src/lib/routes/DenyNotLogged.ts b/src/lib/routes/DenyNotLogged.ts
deleted file mode 100644
index 2c2b71d9..00000000
--- a/src/lib/routes/DenyNotLogged.ts
+++ /dev/null
@@ -1,19 +0,0 @@
-
-import objectPath = require("object-path");
-import express = require("express");
-
-type ExpressRequest = (req: express.Request, res: express.Response, next?: express.NextFunction) => void;
-
-export = function(callback: ExpressRequest): ExpressRequest {
- return function (req: express.Request, res: express.Response, next: express.NextFunction) {
- const auth_session = req.session.auth_session;
- const first_factor = objectPath.has(req, "session.auth_session.first_factor")
- && req.session.auth_session.first_factor;
- if (!first_factor) {
- res.status(403);
- res.send();
- return;
- }
- callback(req, res, next);
- };
-};
diff --git a/src/lib/routes/FirstFactor.ts b/src/lib/routes/FirstFactor.ts
deleted file mode 100644
index 7d33afc9..00000000
--- a/src/lib/routes/FirstFactor.ts
+++ /dev/null
@@ -1,82 +0,0 @@
-
-import exceptions = require("../Exceptions");
-import objectPath = require("object-path");
-import BluebirdPromise = require("bluebird");
-import express = require("express");
-import AccessController from "../access_control/AccessController";
-import AuthenticationRegulator from "../AuthenticationRegulator";
-import { LdapClient } from "../LdapClient";
-
-export = function (req: express.Request, res: express.Response) {
- const username: string = req.body.username;
- const password: string = req.body.password;
- if (!username || !password) {
- res.status(401);
- res.send();
- return;
- }
-
- const logger = req.app.get("logger");
- const ldap: LdapClient = req.app.get("ldap");
- const config = req.app.get("config");
- const regulator: AuthenticationRegulator = req.app.get("authentication regulator");
- const accessController: AccessController = req.app.get("access controller");
-
- logger.info("1st factor: Starting authentication of user \"%s\"", username);
- logger.debug("1st factor: Start bind operation against LDAP");
- logger.debug("1st factor: username=%s", username);
-
- regulator.regulate(username)
- .then(function () {
- return ldap.bind(username, password);
- })
- .then(function () {
- objectPath.set(req, "session.auth_session.userid", username);
- objectPath.set(req, "session.auth_session.first_factor", true);
- logger.info("1st factor: LDAP binding successful");
- logger.debug("1st factor: Retrieve email from LDAP");
- return BluebirdPromise.join(ldap.get_emails(username), ldap.get_groups(username));
- })
- .then(function (data: [string[], string[]]) {
- const emails: string[] = data[0];
- const groups: string[] = data[1];
-
- if (!emails && emails.length <= 0) throw new Error("No email found");
- logger.debug("1st factor: Retrieved email are %s", emails);
- objectPath.set(req, "session.auth_session.email", emails[0]);
- objectPath.set(req, "session.auth_session.groups", groups);
-
- regulator.mark(username, true);
- res.status(204);
- res.send();
- })
- .catch(exceptions.LdapSeachError, function (err: Error) {
- logger.error("1st factor: Unable to retrieve email from LDAP", err);
- res.status(500);
- res.send();
- })
- .catch(exceptions.LdapBindError, function (err: Error) {
- logger.error("1st factor: LDAP binding failed");
- logger.debug("1st factor: LDAP binding failed due to ", err);
- regulator.mark(username, false);
- res.status(401);
- res.send("Bad credentials");
- })
- .catch(exceptions.AuthenticationRegulationError, function (err: Error) {
- logger.error("1st factor: the regulator rejected the authentication of user %s", username);
- logger.debug("1st factor: authentication rejected due to %s", err);
- res.status(403);
- res.send("Access has been restricted for a few minutes...");
- })
- .catch(exceptions.DomainAccessDenied, (err: Error) => {
- logger.error("1st factor: ", err);
- res.status(401);
- res.send("Access denied...");
- })
- .catch(function (err: Error) {
- console.log(err.stack);
- logger.error("1st factor: Unhandled error %s", err);
- res.status(500);
- res.send("Internal error");
- });
-};
diff --git a/src/lib/routes/PasswordReset.ts b/src/lib/routes/PasswordReset.ts
deleted file mode 100644
index 25b8e107..00000000
--- a/src/lib/routes/PasswordReset.ts
+++ /dev/null
@@ -1,81 +0,0 @@
-
-import BluebirdPromise = require("bluebird");
-import objectPath = require("object-path");
-import exceptions = require("../Exceptions");
-import express = require("express");
-import { Identity } from "../../types/Identity";
-import { IdentityValidable } from "../IdentityValidator";
-
-const CHALLENGE = "reset-password";
-
-class PasswordResetHandler implements IdentityValidable {
- challenge(): string {
- return CHALLENGE;
- }
-
- templateName(): string {
- return "reset-password";
- }
-
- preValidation(req: express.Request): BluebirdPromise {
- const userid = objectPath.get(req, "body.userid");
- if (!userid) {
- return BluebirdPromise.reject(new exceptions.AccessDeniedError("No user id provided"));
- }
-
- const ldap = req.app.get("ldap");
- return ldap.get_emails(userid)
- .then(function (emails: string[]) {
- if (!emails && emails.length <= 0) throw new Error("No email found");
-
- const identity = {
- email: emails[0],
- userid: userid
- };
- return BluebirdPromise.resolve(identity);
- });
- }
-
- mailSubject(): string {
- return "Reset your password";
- }
-}
-
-function protect(fn: express.RequestHandler) {
- return function (req: express.Request, res: express.Response) {
- const challenge = objectPath.get(req, "session.auth_session.identity_check.challenge");
- if (challenge != CHALLENGE) {
- res.status(403);
- res.send();
- return;
- }
- fn(req, res, undefined);
- };
-}
-
-function post(req: express.Request, res: express.Response) {
- const logger = req.app.get("logger");
- const ldap = req.app.get("ldap");
- const new_password = objectPath.get(req, "body.password");
- const userid = objectPath.get(req, "session.auth_session.identity_check.userid");
-
- logger.info("POST reset-password: User %s wants to reset his/her password", userid);
-
- ldap.update_password(userid, new_password)
- .then(function () {
- logger.info("POST reset-password: Password reset for user %s", userid);
- objectPath.set(req, "session.auth_session", undefined);
- res.status(204);
- res.send();
- })
- .catch(function (err: Error) {
- logger.error("POST reset-password: Error while resetting the password of user %s. %s", userid, err);
- res.status(500);
- res.send();
- });
-}
-
-export = {
- icheck_interface: new PasswordResetHandler(),
- post: protect(post)
-};
diff --git a/src/lib/routes/SecondFactorRoutes.ts b/src/lib/routes/SecondFactorRoutes.ts
deleted file mode 100644
index f8698c2f..00000000
--- a/src/lib/routes/SecondFactorRoutes.ts
+++ /dev/null
@@ -1,28 +0,0 @@
-
-import DenyNotLogged = require("./DenyNotLogged");
-import U2FRoutes = require("./U2FRoutes");
-import TOTPAuthenticator = require("./TOTPAuthenticator");
-
-import express = require("express");
-
-interface SecondFactorRoutes {
- totp: express.RequestHandler;
- u2f: {
- register_request: express.RequestHandler;
- register: express.RequestHandler;
- sign_request: express.RequestHandler;
- sign: express.RequestHandler;
- };
-}
-
-export = {
- totp: DenyNotLogged(TOTPAuthenticator),
- u2f: {
- register_request: U2FRoutes.register_request,
- register: U2FRoutes.register,
-
- sign_request: DenyNotLogged(U2FRoutes.sign_request),
- sign: DenyNotLogged(U2FRoutes.sign),
- }
-} as SecondFactorRoutes;
-
diff --git a/src/lib/routes/TOTPAuthenticator.ts b/src/lib/routes/TOTPAuthenticator.ts
deleted file mode 100644
index 7f63f2ff..00000000
--- a/src/lib/routes/TOTPAuthenticator.ts
+++ /dev/null
@@ -1,49 +0,0 @@
-
-import exceptions = require("../Exceptions");
-import objectPath = require("object-path");
-import express = require("express");
-import { TOTPSecretDocument } from "../UserDataStore";
-import BluebirdPromise = require("bluebird");
-
-const UNAUTHORIZED_MESSAGE = "Unauthorized access";
-
-export = function(req: express.Request, res: express.Response) {
- const logger = req.app.get("logger");
- const userid = objectPath.get(req, "session.auth_session.userid");
- logger.info("POST 2ndfactor totp: Initiate TOTP validation for user %s", userid);
-
- if (!userid) {
- logger.error("POST 2ndfactor totp: No user id in the session");
- res.status(403);
- res.send();
- return;
- }
-
- const token = req.body.token;
- const totpValidator = req.app.get("totp validator");
- const userDataStore = req.app.get("user data store");
-
- logger.debug("POST 2ndfactor totp: Fetching secret for user %s", userid);
- userDataStore.get_totp_secret(userid)
- .then(function (doc: TOTPSecretDocument) {
- logger.debug("POST 2ndfactor totp: TOTP secret is %s", JSON.stringify(doc));
- return totpValidator.validate(token, doc.secret.base32);
- })
- .then(function () {
- logger.debug("POST 2ndfactor totp: TOTP validation succeeded");
- objectPath.set(req, "session.auth_session.second_factor", true);
- res.status(204);
- res.send();
- })
- .catch(exceptions.InvalidTOTPError, function (err: Error) {
- logger.error("POST 2ndfactor totp: Invalid TOTP token %s", err.message);
- res.status(401);
- res.send("Invalid TOTP token");
- })
- .catch(function (err: Error) {
- console.log(err.stack);
- logger.error("POST 2ndfactor totp: Internal error %s", err.message);
- res.status(500);
- res.send("Internal error");
- });
-};
diff --git a/src/lib/routes/TOTPRegistration.ts b/src/lib/routes/TOTPRegistration.ts
deleted file mode 100644
index 1be58181..00000000
--- a/src/lib/routes/TOTPRegistration.ts
+++ /dev/null
@@ -1,86 +0,0 @@
-import objectPath = require("object-path");
-import BluebirdPromise = require("bluebird");
-import express = require("express");
-import exceptions = require("../Exceptions");
-import { Identity } from "../../types/Identity";
-import { IdentityValidable } from "../IdentityValidator";
-
-const CHALLENGE = "totp-register";
-const TEMPLATE_NAME = "totp-register";
-
-
-class TOTPRegistrationHandler implements IdentityValidable {
- challenge(): string {
- return CHALLENGE;
- }
-
- templateName(): string {
- return TEMPLATE_NAME;
- }
-
- preValidation(req: express.Request): BluebirdPromise {
- const first_factor_passed = objectPath.get(req, "session.auth_session.first_factor");
- if (!first_factor_passed) {
- return BluebirdPromise.reject("Authentication required before registering TOTP secret key");
- }
-
- const userid = objectPath.get(req, "session.auth_session.userid");
- const email = objectPath.get(req, "session.auth_session.email");
-
- if (!(userid && email)) {
- return BluebirdPromise.reject("User ID or email is missing");
- }
-
- const identity = {
- email: email,
- userid: userid
- };
- return BluebirdPromise.resolve(identity);
- }
-
- mailSubject(): string {
- return "Register your TOTP secret key";
- }
-}
-
-// Generate a secret and send it to the user
-function post(req: express.Request, res: express.Response) {
- const logger = req.app.get("logger");
- const userid = objectPath.get(req, "session.auth_session.identity_check.userid");
- const challenge = objectPath.get(req, "session.auth_session.identity_check.challenge");
-
- if (challenge != CHALLENGE || !userid) {
- res.status(403);
- res.send();
- return;
- }
-
- const user_data_store = req.app.get("user data store");
- const totpGenerator = req.app.get("totp generator");
- const secret = totpGenerator.generate();
-
- logger.debug("POST new-totp-secret: save the TOTP secret in DB");
- user_data_store.set_totp_secret(userid, secret)
- .then(function () {
- const doc = {
- otpauth_url: secret.otpauth_url,
- base32: secret.base32,
- ascii: secret.ascii
- };
- objectPath.set(req, "session", undefined);
-
- res.status(200);
- res.json(doc);
- })
- .catch(function (err: Error) {
- logger.error("POST new-totp-secret: Internal error %s", err);
- res.status(500);
- res.send();
- });
-}
-
-
-export = {
- icheck_interface: new TOTPRegistrationHandler(),
- post: post,
-};
diff --git a/src/lib/routes/U2FAuthenticationProcess.ts b/src/lib/routes/U2FAuthenticationProcess.ts
deleted file mode 100644
index 84c8690b..00000000
--- a/src/lib/routes/U2FAuthenticationProcess.ts
+++ /dev/null
@@ -1,84 +0,0 @@
-
-import u2f_register_handler = require("./U2FRegistration");
-import objectPath = require("object-path");
-import u2f_common = require("./u2f_common");
-import BluebirdPromise = require("bluebird");
-import express = require("express");
-import authdog = require("../../types/authdog");
-import UserDataStore, { U2FMetaDocument } from "../UserDataStore";
-
-
-function retrieve_u2f_meta(req: express.Request, userDataStore: UserDataStore) {
- const userid = req.session.auth_session.userid;
- const appid = u2f_common.extract_app_id(req);
- return userDataStore.get_u2f_meta(userid, appid);
-}
-
-
-function sign_request(req: express.Request, res: express.Response) {
- const logger = req.app.get("logger");
- const userDataStore = req.app.get("user data store");
-
- retrieve_u2f_meta(req, userDataStore)
- .then(function (doc: U2FMetaDocument) {
- if (!doc) {
- u2f_common.reply_with_missing_registration(res);
- return;
- }
-
- const u2f = req.app.get("u2f");
- const meta = doc.meta;
- const appid = u2f_common.extract_app_id(req);
- logger.info("U2F sign_request: Start authentication to app %s", appid);
- return u2f.startAuthentication(appid, [meta]);
- })
- .then(function (authRequest: authdog.AuthenticationRequest) {
- logger.info("U2F sign_request: Store authentication request and reply");
- req.session.auth_session.sign_request = authRequest;
- res.status(200);
- res.json(authRequest);
- })
- .catch(function (err: Error) {
- logger.info("U2F sign_request: %s", err);
- res.status(500);
- res.send();
- });
-}
-
-
-function sign(req: express.Request, res: express.Response) {
- if (!objectPath.has(req, "session.auth_session.sign_request")) {
- u2f_common.reply_with_unauthorized(res);
- return;
- }
-
- const logger = req.app.get("logger");
- const userDataStore = req.app.get("user data store");
-
- retrieve_u2f_meta(req, userDataStore)
- .then(function (doc: U2FMetaDocument) {
- const appid = u2f_common.extract_app_id(req);
- const u2f = req.app.get("u2f");
- const authRequest = req.session.auth_session.sign_request;
- const meta = doc.meta;
- logger.info("U2F sign: Finish authentication");
- return u2f.finishAuthentication(authRequest, req.body, [meta]);
- })
- .then(function (authenticationStatus: authdog.Authentication) {
- logger.info("U2F sign: Authentication successful");
- req.session.auth_session.second_factor = true;
- res.status(204);
- res.send();
- })
- .catch(function (err: Error) {
- logger.error("U2F sign: %s", err);
- res.status(500);
- res.send();
- });
-}
-
-
-export = {
- sign_request: sign_request,
- sign: sign
-};
diff --git a/src/lib/routes/U2FRegistration.ts b/src/lib/routes/U2FRegistration.ts
deleted file mode 100644
index d8126c46..00000000
--- a/src/lib/routes/U2FRegistration.ts
+++ /dev/null
@@ -1,51 +0,0 @@
-
-import objectPath = require("object-path");
-import BluebirdPromise = require("bluebird");
-import express = require("express");
-
-import { IdentityValidable } from "../IdentityValidator";
-import { Identity } from "../../types/Identity";
-
-const CHALLENGE = "u2f-register";
-const TEMPLATE_NAME = "u2f-register";
-const MAIL_SUBJECT = "Register your U2F device";
-
-
-class U2FRegistrationHandler implements IdentityValidable {
- challenge(): string {
- return CHALLENGE;
- }
-
- templateName(): string {
- return TEMPLATE_NAME;
- }
-
- preValidation(req: express.Request): BluebirdPromise {
- const first_factor_passed = objectPath.get(req, "session.auth_session.first_factor");
- if (!first_factor_passed) {
- return BluebirdPromise.reject("Authentication required before issuing a u2f registration request");
- }
-
- const userid = objectPath.get(req, "session.auth_session.userid");
- const email = objectPath.get(req, "session.auth_session.email");
-
- if (!(userid && email)) {
- return BluebirdPromise.reject("User ID or email is missing");
- }
-
- const identity = {
- email: email,
- userid: userid
- };
- return BluebirdPromise.resolve(identity);
- }
-
- mailSubject(): string {
- return MAIL_SUBJECT;
- }
-}
-
-export = {
- icheck_interface: new U2FRegistrationHandler(),
-};
-
diff --git a/src/lib/routes/U2FRegistrationProcess.ts b/src/lib/routes/U2FRegistrationProcess.ts
deleted file mode 100644
index 1737e256..00000000
--- a/src/lib/routes/U2FRegistrationProcess.ts
+++ /dev/null
@@ -1,89 +0,0 @@
-
-import u2f_register_handler = require("./U2FRegistration");
-import objectPath = require("object-path");
-import u2f_common = require("./u2f_common");
-import BluebirdPromise = require("bluebird");
-import express = require("express");
-import authdog = require("../../types/authdog");
-
-function register_request(req: express.Request, res: express.Response) {
- const logger = req.app.get("logger");
- const challenge = objectPath.get(req, "session.auth_session.identity_check.challenge");
- if (challenge != "u2f-register") {
- res.status(403);
- res.send();
- return;
- }
-
- const u2f = req.app.get("u2f");
- const appid = u2f_common.extract_app_id(req);
-
- logger.debug("U2F register_request: headers=%s", JSON.stringify(req.headers));
- logger.info("U2F register_request: Starting registration of app %s", appid);
- u2f.startRegistration(appid, [])
- .then(function (registrationRequest: authdog.AuthenticationRequest) {
- logger.info("U2F register_request: Sending back registration request");
- req.session.auth_session.register_request = registrationRequest;
- res.status(200);
- res.json(registrationRequest);
- })
- .catch(function (err: Error) {
- logger.error("U2F register_request: %s", err);
- res.status(500);
- res.send("Unable to start registration request");
- });
-}
-
-function register(req: express.Request, res: express.Response) {
- const registrationRequest = objectPath.get(req, "session.auth_session.register_request");
- const challenge = objectPath.get(req, "session.auth_session.identity_check.challenge");
-
- if (!registrationRequest) {
- res.status(403);
- res.send();
- return;
- }
-
- if (!(registrationRequest && challenge == "u2f-register")) {
- res.status(403);
- res.send();
- return;
- }
-
-
- const user_data_storage = req.app.get("user data store");
- const u2f = req.app.get("u2f");
- const userid = req.session.auth_session.userid;
- const appid = u2f_common.extract_app_id(req);
- const logger = req.app.get("logger");
-
- logger.info("U2F register: Finishing registration");
- logger.debug("U2F register: register_request=%s", JSON.stringify(registrationRequest));
- logger.debug("U2F register: body=%s", JSON.stringify(req.body));
-
- u2f.finishRegistration(registrationRequest, req.body)
- .then(function (registrationStatus: authdog.Registration) {
- logger.info("U2F register: Store registration and reply");
- const meta = {
- keyHandle: registrationStatus.keyHandle,
- publicKey: registrationStatus.publicKey,
- certificate: registrationStatus.certificate
- };
- return user_data_storage.set_u2f_meta(userid, appid, meta);
- })
- .then(function () {
- objectPath.set(req, "session.auth_session.identity_check", undefined);
- res.status(204);
- res.send();
- })
- .catch(function (err: Error) {
- logger.error("U2F register: %s", err);
- res.status(500);
- res.send("Unable to register");
- });
-}
-
-export = {
- register_request: register_request,
- register: register
-};
diff --git a/src/lib/routes/U2FRoutes.ts b/src/lib/routes/U2FRoutes.ts
deleted file mode 100644
index 50c150ee..00000000
--- a/src/lib/routes/U2FRoutes.ts
+++ /dev/null
@@ -1,19 +0,0 @@
-
-import U2FRegistrationProcess = require("./U2FRegistrationProcess");
-import U2FAuthenticationProcess = require("./U2FAuthenticationProcess");
-
-import express = require("express");
-
-interface U2FRoutes {
- register_request: express.RequestHandler;
- register: express.RequestHandler;
- sign_request: express.RequestHandler;
- sign: express.RequestHandler;
-}
-
-export = {
- register_request: U2FRegistrationProcess.register_request,
- register: U2FRegistrationProcess.register,
- sign_request: U2FAuthenticationProcess.sign_request,
- sign: U2FAuthenticationProcess.sign,
-} as U2FRoutes;
diff --git a/src/lib/routes/u2f_common.ts b/src/lib/routes/u2f_common.ts
deleted file mode 100644
index cb13bd01..00000000
--- a/src/lib/routes/u2f_common.ts
+++ /dev/null
@@ -1,39 +0,0 @@
-
-import util = require("util");
-import express = require("express");
-
-function extract_app_id(req: express.Request) {
- return util.format("https://%s", req.headers.host);
-}
-
-function extract_original_url(req: express.Request) {
- return util.format("https://%s%s", req.headers.host, req.headers["x-original-uri"]);
-}
-
-function extract_referrer(req: express.Request) {
- return req.headers.referrer;
-}
-
-function reply_with_internal_error(res: express.Response, msg: string) {
- res.status(500);
- res.send(msg);
-}
-
-function reply_with_missing_registration(res: express.Response) {
- res.status(401);
- res.send("Please register before authenticate");
-}
-
-function reply_with_unauthorized(res: express.Response) {
- res.status(401);
- res.send();
-}
-
-export = {
- extract_app_id: extract_app_id,
- extract_original_url: extract_original_url,
- extract_referrer: extract_referrer,
- reply_with_internal_error: reply_with_internal_error,
- reply_with_missing_registration: reply_with_missing_registration,
- reply_with_unauthorized: reply_with_unauthorized
-};
\ No newline at end of file
diff --git a/src/public_html/css/login.css b/src/public_html/css/login.css
deleted file mode 100644
index 85143d5e..00000000
--- a/src/public_html/css/login.css
+++ /dev/null
@@ -1,126 +0,0 @@
-@import url(https://fonts.googleapis.com/css?family=Open+Sans);
-.btn { display: inline-block; *display: inline; *zoom: 1; padding: 4px 10px 4px; margin-bottom: 0; font-size: 13px; line-height: 18px; color: #333333; text-align: center;text-shadow: 0 1px 1px rgba(255, 255, 255, 0.75); vertical-align: middle; background-color: #f5f5f5; background-image: -moz-linear-gradient(top, #ffffff, #e6e6e6); background-image: -ms-linear-gradient(top, #ffffff, #e6e6e6); background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), to(#e6e6e6)); background-image: -webkit-linear-gradient(top, #ffffff, #e6e6e6); background-image: -o-linear-gradient(top, #ffffff, #e6e6e6); background-image: linear-gradient(top, #ffffff, #e6e6e6); background-repeat: repeat-x; filter: progid:dximagetransform.microsoft.gradient(startColorstr=#ffffff, endColorstr=#e6e6e6, GradientType=0); border-color: #e6e6e6 #e6e6e6 #e6e6e6; border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); border: 1px solid #e6e6e6; -webkit-border-radius: 4px; -moz-border-radius: 4px; border-radius: 4px; -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); -moz-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); cursor: pointer; *margin-left: .3em; }
-.btn:hover, .btn:active, .btn.active, .btn.disabled, .btn[disabled] { background-color: #e6e6e6; }
-.btn-large { padding: 9px 14px; font-size: 15px; line-height: normal; -webkit-border-radius: 5px; -moz-border-radius: 5px; border-radius: 5px; }
-.btn:hover { color: #333333; text-decoration: none; background-color: #e6e6e6; background-position: 0 -15px; -webkit-transition: background-position 0.1s linear; -moz-transition: background-position 0.1s linear; -ms-transition: background-position 0.1s linear; -o-transition: background-position 0.1s linear; transition: background-position 0.1s linear; }
-.btn-primary, .btn-primary:hover { text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); color: #ffffff; }
-.btn-primary.active { color: rgba(255, 255, 255, 0.75); }
-.btn-primary { background-color: #4a77d4; background-image: -moz-linear-gradient(top, #6eb6de, #4a77d4); background-image: -ms-linear-gradient(top, #6eb6de, #4a77d4); background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#6eb6de), to(#4a77d4)); background-image: -webkit-linear-gradient(top, #6eb6de, #4a77d4); background-image: -o-linear-gradient(top, #6eb6de, #4a77d4); background-image: linear-gradient(top, #6eb6de, #4a77d4); background-repeat: repeat-x; filter: progid:dximagetransform.microsoft.gradient(startColorstr=#6eb6de, endColorstr=#4a77d4, GradientType=0); border: 1px solid #3762bc; text-shadow: 1px 1px 1px rgba(0,0,0,0.4); box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.5); }
-.btn-primary:hover, .btn-primary:active, .btn-primary.active, .btn-primary.disabled, .btn-primary[disabled] { filter: none; background-color: #4a77d4; }
-.btn-block { width: 100%; display:block; }
-
-* { -webkit-box-sizing:border-box; -moz-box-sizing:border-box; -ms-box-sizing:border-box; -o-box-sizing:border-box; box-sizing:border-box; }
-
-html { width: 100%; height:100%; overflow:hidden; }
-
-body {
- width: 100%;
- height:100%;
- font-family: 'Open Sans', sans-serif;
- background: #092756;
- background: -moz-radial-gradient(0% 100%, ellipse cover, rgba(104,128,138,.4) 10%,rgba(138,114,76,0) 40%),-moz-linear-gradient(top, rgba(57,173,219,.25) 0%, rgba(42,60,87,.4) 100%), -moz-linear-gradient(-45deg, #670d10 0%, #092756 100%);
- background: -webkit-radial-gradient(0% 100%, ellipse cover, rgba(104,128,138,.4) 10%,rgba(138,114,76,0) 40%), -webkit-linear-gradient(top, rgba(57,173,219,.25) 0%,rgba(42,60,87,.4) 100%), -webkit-linear-gradient(-45deg, #670d10 0%,#092756 100%);
- background: -o-radial-gradient(0% 100%, ellipse cover, rgba(104,128,138,.4) 10%,rgba(138,114,76,0) 40%), -o-linear-gradient(top, rgba(57,173,219,.25) 0%,rgba(42,60,87,.4) 100%), -o-linear-gradient(-45deg, #670d10 0%,#092756 100%);
- background: -ms-radial-gradient(0% 100%, ellipse cover, rgba(104,128,138,.4) 10%,rgba(138,114,76,0) 40%), -ms-linear-gradient(top, rgba(57,173,219,.25) 0%,rgba(42,60,87,.4) 100%), -ms-linear-gradient(-45deg, #670d10 0%,#092756 100%);
- background: -webkit-radial-gradient(0% 100%, ellipse cover, rgba(104,128,138,.4) 10%,rgba(138,114,76,0) 40%), linear-gradient(to bottom, rgba(57,173,219,.25) 0%,rgba(42,60,87,.4) 100%), linear-gradient(135deg, #670d10 0%,#092756 100%);
- filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#3E1D6D', endColorstr='#092756',GradientType=1 );
-}
-
-.vr {
- margin-left: 10px;
- margin-right: 10px;
-}
-
-.login {
- position: absolute;
- top: 50%;
- left: 50%;
- margin: -150px 0 0 -150px;
- width:300px;
- height:300px;
-}
-
-.totp {
- position: absolute;
- top: 50%;
- left: 50%;
- margin: -150px 0 0 -150px;
- width:400px;
- height:300px;
-}
-
-h1 { color: #fff; text-shadow: 0 0 10px rgba(0,0,0,0.3); letter-spacing:1px; text-align:center; }
-
-h2 { color: #fff; text-shadow: 0 0 10px rgba(0,0,0,0.3); letter-spacing:1px; text-align:center; font-size: 1em; }
-
-p { color: #fff; text-shadow: 0 0 10px rgba(0,0,0,0.3); letter-spacing:1px; text-align:center; }
-
-a { color: #fff; text-align: center; }
-
-#qrcode img {
- margin: auto;
- text-align: center;
- padding: 10px;
- background: white;
-}
-
-#secret { font-size: 0.7em; }
-
-input {
- width: 100%;
- margin-bottom: 10px;
- background: rgba(0,0,0,0.3);
- border: none;
- outline: none;
- padding: 10px;
- font-size: 13px;
- color: #fff;
- text-shadow: 1px 1px 1px rgba(0,0,0,0.3);
- border: 1px solid rgba(0,0,0,0.3);
- border-radius: 4px;
- box-shadow: inset 0 -5px 45px rgba(100,100,100,0.2), 0 1px 1px rgba(255,255,255,0.2);
- -webkit-transition: box-shadow .5s ease;
- -moz-transition: box-shadow .5s ease;
- -o-transition: box-shadow .5s ease;
- -ms-transition: box-shadow .5s ease;
- transition: box-shadow .5s ease;
-}
-input:focus { box-shadow: inset 0 -5px 45px rgba(100,100,100,0.4), 0 1px 1px rgba(255,255,255,0.2); }
-
-#information {
- border: 1px solid black;
- padding: 10px 20px;
- margin-top: 25px;
- font-size: 0.8em;
- border-radius: 4px;
-}
-
-#information.failure {
- background-color: rgb(255, 124, 124);
-}
-
-#information.success {
- background-color: rgb(43, 188, 99);
-}
-
-#second-factor {
- width: 400px;
-}
-
-#second-factor .login {
- display: inline-block;
-}
-
-#second-factor #totp {
- width: 180px;
- float: left;
-}
-
-#second-factor #u2f {
- width: 180px;
- float: right;
-}
-
-button {
- margin-top: 5px;
-}
diff --git a/src/public_html/js/jquery.min.js b/src/public_html/js/jquery.min.js
deleted file mode 100644
index 4c5be4c0..00000000
--- a/src/public_html/js/jquery.min.js
+++ /dev/null
@@ -1,4 +0,0 @@
-/*! jQuery v3.1.1 | (c) jQuery Foundation | jquery.org/license */
-!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.constructor(),a);return b.prevObject=this,b},each:function(a){return r.each(this,a)},map:function(a){return this.pushStack(r.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(f.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(a<0?b:0);return this.pushStack(c>=0&&c0&&b-1 in a)}var x=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ha(),z=ha(),A=ha(),B=function(a,b){return a===b&&(l=!0),0},C={}.hasOwnProperty,D=[],E=D.pop,F=D.push,G=D.push,H=D.slice,I=function(a,b){for(var c=0,d=a.length;c+~]|"+K+")"+K+"*"),S=new RegExp("="+K+"*([^\\]'\"]*?)"+K+"*\\]","g"),T=new RegExp(N),U=new RegExp("^"+L+"$"),V={ID:new RegExp("^#("+L+")"),CLASS:new RegExp("^\\.("+L+")"),TAG:new RegExp("^("+L+"|[*])"),ATTR:new RegExp("^"+M),PSEUDO:new RegExp("^"+N),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+K+"*(even|odd|(([+-]|)(\\d*)n|)"+K+"*(?:([+-]|)"+K+"*(\\d+)|))"+K+"*\\)|)","i"),bool:new RegExp("^(?:"+J+")$","i"),needsContext:new RegExp("^"+K+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+K+"*((?:-\\d)?\\d*)"+K+"*\\)|)(?=[^-]|$)","i")},W=/^(?:input|select|textarea|button)$/i,X=/^h\d$/i,Y=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,$=/[+~]/,_=new RegExp("\\\\([\\da-f]{1,6}"+K+"?|("+K+")|.)","ig"),aa=function(a,b,c){var d="0x"+b-65536;return d!==d||c?b:d<0?String.fromCharCode(d+65536):String.fromCharCode(d>>10|55296,1023&d|56320)},ba=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ca=function(a,b){return b?"\0"===a?"\ufffd":a.slice(0,-1)+"\\"+a.charCodeAt(a.length-1).toString(16)+" ":"\\"+a},da=function(){m()},ea=ta(function(a){return a.disabled===!0&&("form"in a||"label"in a)},{dir:"parentNode",next:"legend"});try{G.apply(D=H.call(v.childNodes),v.childNodes),D[v.childNodes.length].nodeType}catch(fa){G={apply:D.length?function(a,b){F.apply(a,H.call(b))}:function(a,b){var c=a.length,d=0;while(a[c++]=b[d++]);a.length=c-1}}}function ga(a,b,d,e){var f,h,j,k,l,o,r,s=b&&b.ownerDocument,w=b?b.nodeType:9;if(d=d||[],"string"!=typeof a||!a||1!==w&&9!==w&&11!==w)return d;if(!e&&((b?b.ownerDocument||b:v)!==n&&m(b),b=b||n,p)){if(11!==w&&(l=Z.exec(a)))if(f=l[1]){if(9===w){if(!(j=b.getElementById(f)))return d;if(j.id===f)return d.push(j),d}else if(s&&(j=s.getElementById(f))&&t(b,j)&&j.id===f)return d.push(j),d}else{if(l[2])return G.apply(d,b.getElementsByTagName(a)),d;if((f=l[3])&&c.getElementsByClassName&&b.getElementsByClassName)return G.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q||!q.test(a))){if(1!==w)s=b,r=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(ba,ca):b.setAttribute("id",k=u),o=g(a),h=o.length;while(h--)o[h]="#"+k+" "+sa(o[h]);r=o.join(","),s=$.test(a)&&qa(b.parentNode)||b}if(r)try{return G.apply(d,s.querySelectorAll(r)),d}catch(x){}finally{k===u&&b.removeAttribute("id")}}}return i(a.replace(P,"$1"),b,d,e)}function ha(){var a=[];function b(c,e){return a.push(c+" ")>d.cacheLength&&delete b[a.shift()],b[c+" "]=e}return b}function ia(a){return a[u]=!0,a}function ja(a){var b=n.createElement("fieldset");try{return!!a(b)}catch(c){return!1}finally{b.parentNode&&b.parentNode.removeChild(b),b=null}}function ka(a,b){var c=a.split("|"),e=c.length;while(e--)d.attrHandle[c[e]]=b}function la(a,b){var c=b&&a,d=c&&1===a.nodeType&&1===b.nodeType&&a.sourceIndex-b.sourceIndex;if(d)return d;if(c)while(c=c.nextSibling)if(c===b)return-1;return a?1:-1}function ma(a){return function(b){var c=b.nodeName.toLowerCase();return"input"===c&&b.type===a}}function na(a){return function(b){var c=b.nodeName.toLowerCase();return("input"===c||"button"===c)&&b.type===a}}function oa(a){return function(b){return"form"in b?b.parentNode&&b.disabled===!1?"label"in b?"label"in b.parentNode?b.parentNode.disabled===a:b.disabled===a:b.isDisabled===a||b.isDisabled!==!a&&ea(b)===a:b.disabled===a:"label"in b&&b.disabled===a}}function pa(a){return ia(function(b){return b=+b,ia(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e]=c[e]))})})}function qa(a){return a&&"undefined"!=typeof a.getElementsByTagName&&a}c=ga.support={},f=ga.isXML=function(a){var b=a&&(a.ownerDocument||a).documentElement;return!!b&&"HTML"!==b.nodeName},m=ga.setDocument=function(a){var b,e,g=a?a.ownerDocument||a:v;return g!==n&&9===g.nodeType&&g.documentElement?(n=g,o=n.documentElement,p=!f(n),v!==n&&(e=n.defaultView)&&e.top!==e&&(e.addEventListener?e.addEventListener("unload",da,!1):e.attachEvent&&e.attachEvent("onunload",da)),c.attributes=ja(function(a){return a.className="i",!a.getAttribute("className")}),c.getElementsByTagName=ja(function(a){return a.appendChild(n.createComment("")),!a.getElementsByTagName("*").length}),c.getElementsByClassName=Y.test(n.getElementsByClassName),c.getById=ja(function(a){return o.appendChild(a).id=u,!n.getElementsByName||!n.getElementsByName(u).length}),c.getById?(d.filter.ID=function(a){var b=a.replace(_,aa);return function(a){return a.getAttribute("id")===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c=b.getElementById(a);return c?[c]:[]}}):(d.filter.ID=function(a){var b=a.replace(_,aa);return function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c,d,e,f=b.getElementById(a);if(f){if(c=f.getAttributeNode("id"),c&&c.value===a)return[f];e=b.getElementsByName(a),d=0;while(f=e[d++])if(c=f.getAttributeNode("id"),c&&c.value===a)return[f]}return[]}}),d.find.TAG=c.getElementsByTagName?function(a,b){return"undefined"!=typeof b.getElementsByTagName?b.getElementsByTagName(a):c.qsa?b.querySelectorAll(a):void 0}:function(a,b){var c,d=[],e=0,f=b.getElementsByTagName(a);if("*"===a){while(c=f[e++])1===c.nodeType&&d.push(c);return d}return f},d.find.CLASS=c.getElementsByClassName&&function(a,b){if("undefined"!=typeof b.getElementsByClassName&&p)return b.getElementsByClassName(a)},r=[],q=[],(c.qsa=Y.test(n.querySelectorAll))&&(ja(function(a){o.appendChild(a).innerHTML=" ",a.querySelectorAll("[msallowcapture^='']").length&&q.push("[*^$]="+K+"*(?:''|\"\")"),a.querySelectorAll("[selected]").length||q.push("\\["+K+"*(?:value|"+J+")"),a.querySelectorAll("[id~="+u+"-]").length||q.push("~="),a.querySelectorAll(":checked").length||q.push(":checked"),a.querySelectorAll("a#"+u+"+*").length||q.push(".#.+[+~]")}),ja(function(a){a.innerHTML=" ";var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+K+"*[*^$|!~]?="),2!==a.querySelectorAll(":enabled").length&&q.push(":enabled",":disabled"),o.appendChild(a).disabled=!0,2!==a.querySelectorAll(":disabled").length&&q.push(":enabled",":disabled"),a.querySelectorAll("*,:x"),q.push(",.*:")})),(c.matchesSelector=Y.test(s=o.matches||o.webkitMatchesSelector||o.mozMatchesSelector||o.oMatchesSelector||o.msMatchesSelector))&&ja(function(a){c.disconnectedMatch=s.call(a,"*"),s.call(a,"[s!='']:x"),r.push("!=",N)}),q=q.length&&new RegExp(q.join("|")),r=r.length&&new RegExp(r.join("|")),b=Y.test(o.compareDocumentPosition),t=b||Y.test(o.contains)?function(a,b){var c=9===a.nodeType?a.documentElement:a,d=b&&b.parentNode;return a===d||!(!d||1!==d.nodeType||!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!0,0;var d=!a.compareDocumentPosition-!b.compareDocumentPosition;return d?d:(d=(a.ownerDocument||a)===(b.ownerDocument||b)?a.compareDocumentPosition(b):1,1&d||!c.sortDetached&&b.compareDocumentPosition(a)===d?a===n||a.ownerDocument===v&&t(v,a)?-1:b===n||b.ownerDocument===v&&t(v,b)?1:k?I(k,a)-I(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e||!f)return a===n?-1:b===n?1:e?-1:f?1:k?I(k,a)-I(k,b):0;if(e===f)return la(a,b);c=a;while(c=c.parentNode)g.unshift(c);c=b;while(c=c.parentNode)h.unshift(c);while(g[d]===h[d])d++;return d?la(g[d],h[d]):g[d]===v?-1:h[d]===v?1:0},n):n},ga.matches=function(a,b){return ga(a,null,null,b)},ga.matchesSelector=function(a,b){if((a.ownerDocument||a)!==n&&m(a),b=b.replace(S,"='$1']"),c.matchesSelector&&p&&!A[b+" "]&&(!r||!r.test(b))&&(!q||!q.test(b)))try{var d=s.call(a,b);if(d||c.disconnectedMatch||a.document&&11!==a.document.nodeType)return d}catch(e){}return ga(b,n,null,[a]).length>0},ga.contains=function(a,b){return(a.ownerDocument||a)!==n&&m(a),t(a,b)},ga.attr=function(a,b){(a.ownerDocument||a)!==n&&m(a);var e=d.attrHandle[b.toLowerCase()],f=e&&C.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes||!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},ga.escape=function(a){return(a+"").replace(ba,ca)},ga.error=function(a){throw new Error("Syntax error, unrecognized expression: "+a)},ga.uniqueSort=function(a){var b,d=[],e=0,f=0;if(l=!c.detectDuplicates,k=!c.sortStable&&a.slice(0),a.sort(B),l){while(b=a[f++])b===a[f]&&(e=d.push(f));while(e--)a.splice(d[e],1)}return k=null,a},e=ga.getText=function(a){var b,c="",d=0,f=a.nodeType;if(f){if(1===f||9===f||11===f){if("string"==typeof a.textContent)return a.textContent;for(a=a.firstChild;a;a=a.nextSibling)c+=e(a)}else if(3===f||4===f)return a.nodeValue}else while(b=a[d++])c+=e(b);return c},d=ga.selectors={cacheLength:50,createPseudo:ia,match:V,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(a){return a[1]=a[1].replace(_,aa),a[3]=(a[3]||a[4]||a[5]||"").replace(_,aa),"~="===a[2]&&(a[3]=" "+a[3]+" "),a.slice(0,4)},CHILD:function(a){return a[1]=a[1].toLowerCase(),"nth"===a[1].slice(0,3)?(a[3]||ga.error(a[0]),a[4]=+(a[4]?a[5]+(a[6]||1):2*("even"===a[3]||"odd"===a[3])),a[5]=+(a[7]+a[8]||"odd"===a[3])):a[3]&&ga.error(a[0]),a},PSEUDO:function(a){var b,c=!a[6]&&a[2];return V.CHILD.test(a[0])?null:(a[3]?a[2]=a[4]||a[5]||"":c&&T.test(c)&&(b=g(c,!0))&&(b=c.indexOf(")",c.length-b)-c.length)&&(a[0]=a[0].slice(0,b),a[2]=c.slice(0,b)),a.slice(0,3))}},filter:{TAG:function(a){var b=a.replace(_,aa).toLowerCase();return"*"===a?function(){return!0}:function(a){return a.nodeName&&a.nodeName.toLowerCase()===b}},CLASS:function(a){var b=y[a+" "];return b||(b=new RegExp("(^|"+K+")"+a+"("+K+"|$)"))&&y(a,function(a){return b.test("string"==typeof a.className&&a.className||"undefined"!=typeof a.getAttribute&&a.getAttribute("class")||"")})},ATTR:function(a,b,c){return function(d){var e=ga.attr(d,a);return null==e?"!="===b:!b||(e+="","="===b?e===c:"!="===b?e!==c:"^="===b?c&&0===e.indexOf(c):"*="===b?c&&e.indexOf(c)>-1:"$="===b?c&&e.slice(-c.length)===c:"~="===b?(" "+e.replace(O," ")+" ").indexOf(c)>-1:"|="===b&&(e===c||e.slice(0,c.length+1)===c+"-"))}},CHILD:function(a,b,c,d,e){var f="nth"!==a.slice(0,3),g="last"!==a.slice(-4),h="of-type"===b;return 1===d&&0===e?function(a){return!!a.parentNode}:function(b,c,i){var j,k,l,m,n,o,p=f!==g?"nextSibling":"previousSibling",q=b.parentNode,r=h&&b.nodeName.toLowerCase(),s=!i&&!h,t=!1;if(q){if(f){while(p){m=b;while(m=m[p])if(h?m.nodeName.toLowerCase()===r:1===m.nodeType)return!1;o=p="only"===a&&!o&&"nextSibling"}return!0}if(o=[g?q.firstChild:q.lastChild],g&&s){m=q,l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),j=k[a]||[],n=j[0]===w&&j[1],t=n&&j[2],m=n&&q.childNodes[n];while(m=++n&&m&&m[p]||(t=n=0)||o.pop())if(1===m.nodeType&&++t&&m===b){k[a]=[w,n,t];break}}else if(s&&(m=b,l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),j=k[a]||[],n=j[0]===w&&j[1],t=n),t===!1)while(m=++n&&m&&m[p]||(t=n=0)||o.pop())if((h?m.nodeName.toLowerCase()===r:1===m.nodeType)&&++t&&(s&&(l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d||t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]||d.setFilters[a.toLowerCase()]||ga.error("unsupported pseudo: "+a);return e[u]?e(b):e.length>1?(c=[a,a,"",b],d.setFilters.hasOwnProperty(a.toLowerCase())?ia(function(a,c){var d,f=e(a,b),g=f.length;while(g--)d=I(a,f[g]),a[d]=!(c[d]=f[g])}):function(a){return e(a,0,c)}):e}},pseudos:{not:ia(function(a){var b=[],c=[],d=h(a.replace(P,"$1"));return d[u]?ia(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),b[0]=null,!c.pop()}}),has:ia(function(a){return function(b){return ga(a,b).length>0}}),contains:ia(function(a){return a=a.replace(_,aa),function(b){return(b.textContent||b.innerText||e(b)).indexOf(a)>-1}}),lang:ia(function(a){return U.test(a||"")||ga.error("unsupported lang: "+a),a=a.replace(_,aa).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")||b.getAttribute("lang"))return c=c.toLowerCase(),c===a||0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType);return!1}}),target:function(b){var c=a.location&&a.location.hash;return c&&c.slice(1)===b.id},root:function(a){return a===o},focus:function(a){return a===n.activeElement&&(!n.hasFocus||n.hasFocus())&&!!(a.type||a.href||~a.tabIndex)},enabled:oa(!1),disabled:oa(!0),checked:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&!!a.checked||"option"===b&&!!a.selected},selected:function(a){return a.parentNode&&a.parentNode.selectedIndex,a.selected===!0},empty:function(a){for(a=a.firstChild;a;a=a.nextSibling)if(a.nodeType<6)return!1;return!0},parent:function(a){return!d.pseudos.empty(a)},header:function(a){return X.test(a.nodeName)},input:function(a){return W.test(a.nodeName)},button:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&"button"===a.type||"button"===b},text:function(a){var b;return"input"===a.nodeName.toLowerCase()&&"text"===a.type&&(null==(b=a.getAttribute("type"))||"text"===b.toLowerCase())},first:pa(function(){return[0]}),last:pa(function(a,b){return[b-1]}),eq:pa(function(a,b,c){return[c<0?c+b:c]}),even:pa(function(a,b){for(var c=0;c=0;)a.push(d);return a}),gt:pa(function(a,b,c){for(var d=c<0?c+b:c;++d1?function(b,c,d){var e=a.length;while(e--)if(!a[e](b,c,d))return!1;return!0}:a[0]}function va(a,b,c){for(var d=0,e=b.length;d-1&&(f[j]=!(g[j]=l))}}else r=wa(r===g?r.splice(o,r.length):r),e?e(null,g,r,i):G.apply(g,r)})}function ya(a){for(var b,c,e,f=a.length,g=d.relative[a[0].type],h=g||d.relative[" "],i=g?1:0,k=ta(function(a){return a===b},h,!0),l=ta(function(a){return I(b,a)>-1},h,!0),m=[function(a,c,d){var e=!g&&(d||c!==j)||((b=c).nodeType?k(a,c,d):l(a,c,d));return b=null,e}];i1&&ua(m),i>1&&sa(a.slice(0,i-1).concat({value:" "===a[i-2].type?"*":""})).replace(P,"$1"),c,i0,e=a.length>0,f=function(f,g,h,i,k){var l,o,q,r=0,s="0",t=f&&[],u=[],v=j,x=f||e&&d.find.TAG("*",k),y=w+=null==v?1:Math.random()||.1,z=x.length;for(k&&(j=g===n||g||k);s!==z&&null!=(l=x[s]);s++){if(e&&l){o=0,g||l.ownerDocument===n||(m(l),h=!p);while(q=a[o++])if(q(l,g||n,h)){i.push(l);break}k&&(w=y)}c&&((l=!q&&l)&&r--,f&&t.push(l))}if(r+=s,c&&s!==r){o=0;while(q=b[o++])q(t,u,g,h);if(f){if(r>0)while(s--)t[s]||u[s]||(u[s]=E.call(i));u=wa(u)}G.apply(i,u),k&&!f&&u.length>0&&r+b.length>1&&ga.uniqueSort(i)}return k&&(w=y,j=v),t};return c?ia(f):f}return h=ga.compile=function(a,b){var c,d=[],e=[],f=A[a+" "];if(!f){b||(b=g(a)),c=b.length;while(c--)f=ya(b[c]),f[u]?d.push(f):e.push(f);f=A(a,za(e,d)),f.selector=a}return f},i=ga.select=function(a,b,c,e){var f,i,j,k,l,m="function"==typeof a&&a,n=!e&&g(a=m.selector||a);if(c=c||[],1===n.length){if(i=n[0]=n[0].slice(0),i.length>2&&"ID"===(j=i[0]).type&&9===b.nodeType&&p&&d.relative[i[1].type]){if(b=(d.find.ID(j.matches[0].replace(_,aa),b)||[])[0],!b)return c;m&&(b=b.parentNode),a=a.slice(i.shift().value.length)}f=V.needsContext.test(a)?0:i.length;while(f--){if(j=i[f],d.relative[k=j.type])break;if((l=d.find[k])&&(e=l(j.matches[0].replace(_,aa),$.test(i[0].type)&&qa(b.parentNode)||b))){if(i.splice(f,1),a=e.length&&sa(i),!a)return G.apply(c,e),c;break}}}return(m||h(a,n))(e,b,!p,c,!b||$.test(a)&&qa(b.parentNode)||b),c},c.sortStable=u.split("").sort(B).join("")===u,c.detectDuplicates=!!l,m(),c.sortDetached=ja(function(a){return 1&a.compareDocumentPosition(n.createElement("fieldset"))}),ja(function(a){return a.innerHTML=" ","#"===a.firstChild.getAttribute("href")})||ka("type|href|height|width",function(a,b,c){if(!c)return a.getAttribute(b,"type"===b.toLowerCase()?1:2)}),c.attributes&&ja(function(a){return a.innerHTML=" ",a.firstChild.setAttribute("value",""),""===a.firstChild.getAttribute("value")})||ka("value",function(a,b,c){if(!c&&"input"===a.nodeName.toLowerCase())return a.defaultValue}),ja(function(a){return null==a.getAttribute("disabled")})||ka(J,function(a,b,c){var d;if(!c)return a[b]===!0?b.toLowerCase():(d=a.getAttributeNode(b))&&d.specified?d.value:null}),ga}(a);r.find=x,r.expr=x.selectors,r.expr[":"]=r.expr.pseudos,r.uniqueSort=r.unique=x.uniqueSort,r.text=x.getText,r.isXMLDoc=x.isXML,r.contains=x.contains,r.escapeSelector=x.escape;var y=function(a,b,c){var d=[],e=void 0!==c;while((a=a[b])&&9!==a.nodeType)if(1===a.nodeType){if(e&&r(a).is(c))break;d.push(a)}return d},z=function(a,b){for(var c=[];a;a=a.nextSibling)1===a.nodeType&&a!==b&&c.push(a);return c},A=r.expr.match.needsContext,B=/^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i,C=/^.[^:#\[\.,]*$/;function D(a,b,c){return r.isFunction(b)?r.grep(a,function(a,d){return!!b.call(a,d,a)!==c}):b.nodeType?r.grep(a,function(a){return a===b!==c}):"string"!=typeof b?r.grep(a,function(a){return i.call(b,a)>-1!==c}):C.test(b)?r.filter(b,a,c):(b=r.filter(b,a),r.grep(a,function(a){return i.call(b,a)>-1!==c&&1===a.nodeType}))}r.filter=function(a,b,c){var d=b[0];return c&&(a=":not("+a+")"),1===b.length&&1===d.nodeType?r.find.matchesSelector(d,a)?[d]:[]:r.find.matches(a,r.grep(b,function(a){return 1===a.nodeType}))},r.fn.extend({find:function(a){var b,c,d=this.length,e=this;if("string"!=typeof a)return this.pushStack(r(a).filter(function(){for(b=0;b1?r.uniqueSort(c):c},filter:function(a){return this.pushStack(D(this,a||[],!1))},not:function(a){return this.pushStack(D(this,a||[],!0))},is:function(a){return!!D(this,"string"==typeof a&&A.test(a)?r(a):a||[],!1).length}});var E,F=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]+))$/,G=r.fn.init=function(a,b,c){var e,f;if(!a)return this;if(c=c||E,"string"==typeof a){if(e="<"===a[0]&&">"===a[a.length-1]&&a.length>=3?[null,a,null]:F.exec(a),!e||!e[1]&&b)return!b||b.jquery?(b||c).find(a):this.constructor(b).find(a);if(e[1]){if(b=b instanceof r?b[0]:b,r.merge(this,r.parseHTML(e[1],b&&b.nodeType?b.ownerDocument||b:d,!0)),B.test(e[1])&&r.isPlainObject(b))for(e in b)r.isFunction(this[e])?this[e](b[e]):this.attr(e,b[e]);return this}return f=d.getElementById(e[2]),f&&(this[0]=f,this.length=1),this}return a.nodeType?(this[0]=a,this.length=1,this):r.isFunction(a)?void 0!==c.ready?c.ready(a):a(r):r.makeArray(a,this)};G.prototype=r.fn,E=r(d);var H=/^(?:parents|prev(?:Until|All))/,I={children:!0,contents:!0,next:!0,prev:!0};r.fn.extend({has:function(a){var b=r(a,this),c=b.length;return this.filter(function(){for(var a=0;a-1:1===c.nodeType&&r.find.matchesSelector(c,a))){f.push(c);break}return this.pushStack(f.length>1?r.uniqueSort(f):f)},index:function(a){return a?"string"==typeof a?i.call(r(a),this[0]):i.call(this,a.jquery?a[0]:a):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(a,b){return this.pushStack(r.uniqueSort(r.merge(this.get(),r(a,b))))},addBack:function(a){return this.add(null==a?this.prevObject:this.prevObject.filter(a))}});function J(a,b){while((a=a[b])&&1!==a.nodeType);return a}r.each({parent:function(a){var b=a.parentNode;return b&&11!==b.nodeType?b:null},parents:function(a){return y(a,"parentNode")},parentsUntil:function(a,b,c){return y(a,"parentNode",c)},next:function(a){return J(a,"nextSibling")},prev:function(a){return J(a,"previousSibling")},nextAll:function(a){return y(a,"nextSibling")},prevAll:function(a){return y(a,"previousSibling")},nextUntil:function(a,b,c){return y(a,"nextSibling",c)},prevUntil:function(a,b,c){return y(a,"previousSibling",c)},siblings:function(a){return z((a.parentNode||{}).firstChild,a)},children:function(a){return z(a.firstChild)},contents:function(a){return a.contentDocument||r.merge([],a.childNodes)}},function(a,b){r.fn[a]=function(c,d){var e=r.map(this,b,c);return"Until"!==a.slice(-5)&&(d=c),d&&"string"==typeof d&&(e=r.filter(d,e)),this.length>1&&(I[a]||r.uniqueSort(e),H.test(a)&&e.reverse()),this.pushStack(e)}});var K=/[^\x20\t\r\n\f]+/g;function L(a){var b={};return r.each(a.match(K)||[],function(a,c){b[c]=!0}),b}r.Callbacks=function(a){a="string"==typeof a?L(a):r.extend({},a);var b,c,d,e,f=[],g=[],h=-1,i=function(){for(e=a.once,d=b=!0;g.length;h=-1){c=g.shift();while(++h-1)f.splice(c,1),c<=h&&h--}),this},has:function(a){return a?r.inArray(a,f)>-1:f.length>0},empty:function(){return f&&(f=[]),this},disable:function(){return e=g=[],f=c="",this},disabled:function(){return!f},lock:function(){return e=g=[],c||b||(f=c=""),this},locked:function(){return!!e},fireWith:function(a,c){return e||(c=c||[],c=[a,c.slice?c.slice():c],g.push(c),b||i()),this},fire:function(){return j.fireWith(this,arguments),this},fired:function(){return!!d}};return j};function M(a){return a}function N(a){throw a}function O(a,b,c){var d;try{a&&r.isFunction(d=a.promise)?d.call(a).done(b).fail(c):a&&r.isFunction(d=a.then)?d.call(a,b,c):b.call(void 0,a)}catch(a){c.call(void 0,a)}}r.extend({Deferred:function(b){var c=[["notify","progress",r.Callbacks("memory"),r.Callbacks("memory"),2],["resolve","done",r.Callbacks("once memory"),r.Callbacks("once memory"),0,"resolved"],["reject","fail",r.Callbacks("once memory"),r.Callbacks("once memory"),1,"rejected"]],d="pending",e={state:function(){return d},always:function(){return f.done(arguments).fail(arguments),this},"catch":function(a){return e.then(null,a)},pipe:function(){var a=arguments;return r.Deferred(function(b){r.each(c,function(c,d){var e=r.isFunction(a[d[4]])&&a[d[4]];f[d[1]](function(){var a=e&&e.apply(this,arguments);a&&r.isFunction(a.promise)?a.promise().progress(b.notify).done(b.resolve).fail(b.reject):b[d[0]+"With"](this,e?[a]:arguments)})}),a=null}).promise()},then:function(b,d,e){var f=0;function g(b,c,d,e){return function(){var h=this,i=arguments,j=function(){var a,j;if(!(b=f&&(d!==N&&(h=void 0,i=[a]),c.rejectWith(h,i))}};b?k():(r.Deferred.getStackHook&&(k.stackTrace=r.Deferred.getStackHook()),a.setTimeout(k))}}return r.Deferred(function(a){c[0][3].add(g(0,a,r.isFunction(e)?e:M,a.notifyWith)),c[1][3].add(g(0,a,r.isFunction(b)?b:M)),c[2][3].add(g(0,a,r.isFunction(d)?d:N))}).promise()},promise:function(a){return null!=a?r.extend(a,e):e}},f={};return r.each(c,function(a,b){var g=b[2],h=b[5];e[b[1]]=g.add,h&&g.add(function(){d=h},c[3-a][2].disable,c[0][2].lock),g.add(b[3].fire),f[b[0]]=function(){return f[b[0]+"With"](this===f?void 0:this,arguments),this},f[b[0]+"With"]=g.fireWith}),e.promise(f),b&&b.call(f,f),f},when:function(a){var b=arguments.length,c=b,d=Array(c),e=f.call(arguments),g=r.Deferred(),h=function(a){return function(c){d[a]=this,e[a]=arguments.length>1?f.call(arguments):c,--b||g.resolveWith(d,e)}};if(b<=1&&(O(a,g.done(h(c)).resolve,g.reject),"pending"===g.state()||r.isFunction(e[c]&&e[c].then)))return g.then();while(c--)O(e[c],h(c),g.reject);return g.promise()}});var P=/^(Eval|Internal|Range|Reference|Syntax|Type|URI)Error$/;r.Deferred.exceptionHook=function(b,c){a.console&&a.console.warn&&b&&P.test(b.name)&&a.console.warn("jQuery.Deferred exception: "+b.message,b.stack,c)},r.readyException=function(b){a.setTimeout(function(){throw b})};var Q=r.Deferred();r.fn.ready=function(a){return Q.then(a)["catch"](function(a){r.readyException(a)}),this},r.extend({isReady:!1,readyWait:1,holdReady:function(a){a?r.readyWait++:r.ready(!0)},ready:function(a){(a===!0?--r.readyWait:r.isReady)||(r.isReady=!0,a!==!0&&--r.readyWait>0||Q.resolveWith(d,[r]))}}),r.ready.then=Q.then;function R(){d.removeEventListener("DOMContentLoaded",R),
-a.removeEventListener("load",R),r.ready()}"complete"===d.readyState||"loading"!==d.readyState&&!d.documentElement.doScroll?a.setTimeout(r.ready):(d.addEventListener("DOMContentLoaded",R),a.addEventListener("load",R));var S=function(a,b,c,d,e,f,g){var h=0,i=a.length,j=null==c;if("object"===r.type(c)){e=!0;for(h in c)S(a,b,h,c[h],!0,f,g)}else if(void 0!==d&&(e=!0,r.isFunction(d)||(g=!0),j&&(g?(b.call(a,d),b=null):(j=b,b=function(a,b,c){return j.call(r(a),c)})),b))for(;h1,null,!0)},removeData:function(a){return this.each(function(){W.remove(this,a)})}}),r.extend({queue:function(a,b,c){var d;if(a)return b=(b||"fx")+"queue",d=V.get(a,b),c&&(!d||r.isArray(c)?d=V.access(a,b,r.makeArray(c)):d.push(c)),d||[]},dequeue:function(a,b){b=b||"fx";var c=r.queue(a,b),d=c.length,e=c.shift(),f=r._queueHooks(a,b),g=function(){r.dequeue(a,b)};"inprogress"===e&&(e=c.shift(),d--),e&&("fx"===b&&c.unshift("inprogress"),delete f.stop,e.call(a,g,f)),!d&&f&&f.empty.fire()},_queueHooks:function(a,b){var c=b+"queueHooks";return V.get(a,c)||V.access(a,c,{empty:r.Callbacks("once memory").add(function(){V.remove(a,[b+"queue",c])})})}}),r.fn.extend({queue:function(a,b){var c=2;return"string"!=typeof a&&(b=a,a="fx",c--),arguments.length\x20\t\r\n\f]+)/i,ka=/^$|\/(?:java|ecma)script/i,la={option:[1,""," "],thead:[1,""],col:[2,""],tr:[2,""],td:[3,""],_default:[0,"",""]};la.optgroup=la.option,la.tbody=la.tfoot=la.colgroup=la.caption=la.thead,la.th=la.td;function ma(a,b){var c;return c="undefined"!=typeof a.getElementsByTagName?a.getElementsByTagName(b||"*"):"undefined"!=typeof a.querySelectorAll?a.querySelectorAll(b||"*"):[],void 0===b||b&&r.nodeName(a,b)?r.merge([a],c):c}function na(a,b){for(var c=0,d=a.length;c-1)e&&e.push(f);else if(j=r.contains(f.ownerDocument,f),g=ma(l.appendChild(f),"script"),j&&na(g),c){k=0;while(f=g[k++])ka.test(f.type||"")&&c.push(f)}return l}!function(){var a=d.createDocumentFragment(),b=a.appendChild(d.createElement("div")),c=d.createElement("input");c.setAttribute("type","radio"),c.setAttribute("checked","checked"),c.setAttribute("name","t"),b.appendChild(c),o.checkClone=b.cloneNode(!0).cloneNode(!0).lastChild.checked,b.innerHTML="",o.noCloneChecked=!!b.cloneNode(!0).lastChild.defaultValue}();var qa=d.documentElement,ra=/^key/,sa=/^(?:mouse|pointer|contextmenu|drag|drop)|click/,ta=/^([^.]*)(?:\.(.+)|)/;function ua(){return!0}function va(){return!1}function wa(){try{return d.activeElement}catch(a){}}function xa(a,b,c,d,e,f){var g,h;if("object"==typeof b){"string"!=typeof c&&(d=d||c,c=void 0);for(h in b)xa(a,h,c,d,b[h],f);return a}if(null==d&&null==e?(e=c,d=c=void 0):null==e&&("string"==typeof c?(e=d,d=void 0):(e=d,d=c,c=void 0)),e===!1)e=va;else if(!e)return a;return 1===f&&(g=e,e=function(a){return r().off(a),g.apply(this,arguments)},e.guid=g.guid||(g.guid=r.guid++)),a.each(function(){r.event.add(this,b,e,d,c)})}r.event={global:{},add:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,n,o,p,q=V.get(a);if(q){c.handler&&(f=c,c=f.handler,e=f.selector),e&&r.find.matchesSelector(qa,e),c.guid||(c.guid=r.guid++),(i=q.events)||(i=q.events={}),(g=q.handle)||(g=q.handle=function(b){return"undefined"!=typeof r&&r.event.triggered!==b.type?r.event.dispatch.apply(a,arguments):void 0}),b=(b||"").match(K)||[""],j=b.length;while(j--)h=ta.exec(b[j])||[],n=p=h[1],o=(h[2]||"").split(".").sort(),n&&(l=r.event.special[n]||{},n=(e?l.delegateType:l.bindType)||n,l=r.event.special[n]||{},k=r.extend({type:n,origType:p,data:d,handler:c,guid:c.guid,selector:e,needsContext:e&&r.expr.match.needsContext.test(e),namespace:o.join(".")},f),(m=i[n])||(m=i[n]=[],m.delegateCount=0,l.setup&&l.setup.call(a,d,o,g)!==!1||a.addEventListener&&a.addEventListener(n,g)),l.add&&(l.add.call(a,k),k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k):m.push(k),r.event.global[n]=!0)}},remove:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,n,o,p,q=V.hasData(a)&&V.get(a);if(q&&(i=q.events)){b=(b||"").match(K)||[""],j=b.length;while(j--)if(h=ta.exec(b[j])||[],n=p=h[1],o=(h[2]||"").split(".").sort(),n){l=r.event.special[n]||{},n=(d?l.delegateType:l.bindType)||n,m=i[n]||[],h=h[2]&&new RegExp("(^|\\.)"+o.join("\\.(?:.*\\.|)")+"(\\.|$)"),g=f=m.length;while(f--)k=m[f],!e&&p!==k.origType||c&&c.guid!==k.guid||h&&!h.test(k.namespace)||d&&d!==k.selector&&("**"!==d||!k.selector)||(m.splice(f,1),k.selector&&m.delegateCount--,l.remove&&l.remove.call(a,k));g&&!m.length&&(l.teardown&&l.teardown.call(a,o,q.handle)!==!1||r.removeEvent(a,n,q.handle),delete i[n])}else for(n in i)r.event.remove(a,n+b[j],c,d,!0);r.isEmptyObject(i)&&V.remove(a,"handle events")}},dispatch:function(a){var b=r.event.fix(a),c,d,e,f,g,h,i=new Array(arguments.length),j=(V.get(this,"events")||{})[b.type]||[],k=r.event.special[b.type]||{};for(i[0]=b,c=1;c=1))for(;j!==this;j=j.parentNode||this)if(1===j.nodeType&&("click"!==a.type||j.disabled!==!0)){for(f=[],g={},c=0;c-1:r.find(e,this,null,[j]).length),g[e]&&f.push(d);f.length&&h.push({elem:j,handlers:f})}return j=this,i\x20\t\r\n\f]*)[^>]*)\/>/gi,za=/
\ No newline at end of file
diff --git a/src/server/views/layout/layout.pug b/src/server/views/layout/layout.pug
new file mode 100644
index 00000000..a085cb22
--- /dev/null
+++ b/src/server/views/layout/layout.pug
@@ -0,0 +1,27 @@
+block variables
+
+html
+ head
+ title Authelia - 2FA
+ meta(name="viewport", content="width=device-width, initial-scale=1.0")/
+ link(rel="icon", href="/img/icon.png" type="image/gif" sizes="32x32")/
+ link(rel="stylesheet", type="text/css", href="/css/authelia.min.css")/
+ if redirection_url
+
+ body
+
+ script(src="/js/authelia.min.js")
+ block entrypoint
\ No newline at end of file
diff --git a/src/server/views/need-identity-validation.pug b/src/server/views/need-identity-validation.pug
new file mode 100644
index 00000000..c6690b0b
--- /dev/null
+++ b/src/server/views/need-identity-validation.pug
@@ -0,0 +1,8 @@
+extends layout/layout.pug
+
+block form-header
+ Registration
+
+
+block content
+ A confirmation email has been sent to your mailbox. Please open it and click on the link within 15 minutes to confirm the registration.
diff --git a/src/server/views/password-reset-form.pug b/src/server/views/password-reset-form.pug
new file mode 100644
index 00000000..e90c5e3f
--- /dev/null
+++ b/src/server/views/password-reset-form.pug
@@ -0,0 +1,22 @@
+extends layout/layout.pug
+
+block variables
+ - page_classname = "password-reset-form";
+
+block form-header
+ Reset password
+
+ Set your new password and confirm it.
+
+block content
+
+
+block entrypoint
+
diff --git a/src/server/views/password-reset-request.pug b/src/server/views/password-reset-request.pug
new file mode 100644
index 00000000..714ff0ea
--- /dev/null
+++ b/src/server/views/password-reset-request.pug
@@ -0,0 +1,22 @@
+extends layout/layout.pug
+
+block variables
+ - page_classname = "password-reset-request";
+
+block form-header
+ Reset password
+
+ After giving your username, you will receive an email to change your password.
+
+block content
+
+
+block entrypoint
+
+
diff --git a/src/server/views/secondfactor.pug b/src/server/views/secondfactor.pug
new file mode 100644
index 00000000..1f824c2c
--- /dev/null
+++ b/src/server/views/secondfactor.pug
@@ -0,0 +1,26 @@
+extends layout/layout.pug
+
+block form-header
+ Sign in
+
+
+block content
+
+
+
+
+block entrypoint
+
\ No newline at end of file
diff --git a/src/server/views/totp-register.pug b/src/server/views/totp-register.pug
new file mode 100644
index 00000000..f4c4237e
--- /dev/null
+++ b/src/server/views/totp-register.pug
@@ -0,0 +1,19 @@
+extends layout/layout.pug
+
+block variables
+ - page_classname = "totp-register";
+
+block form-header
+ TOTP Secret
+ Insert your secret in Google Authenticator
+
+block content
+ p(id="secret") #{ base32_secret }
+ div(id="qrcode") #{ otpauth_url }
+ Login
+
+block entrypoint
+
+
diff --git a/src/server/views/u2f-register.pug b/src/server/views/u2f-register.pug
new file mode 100644
index 00000000..af24eae9
--- /dev/null
+++ b/src/server/views/u2f-register.pug
@@ -0,0 +1,14 @@
+extends layout/layout.pug
+
+block variables
+ - page_classname = "u2f-register";
+
+block form-header
+ U2F Registration
+ Touch the token to register your U2F device.
+
+block content
+
+
+block entrypoint
+
diff --git a/src/lib/Configuration.ts b/src/types/Configuration.ts
similarity index 100%
rename from src/lib/Configuration.ts
rename to src/types/Configuration.ts
diff --git a/src/types/Dependencies.ts b/src/types/Dependencies.ts
index 3047938f..261cd2ff 100644
--- a/src/types/Dependencies.ts
+++ b/src/types/Dependencies.ts
@@ -4,6 +4,7 @@ import nodemailer = require("nodemailer");
import session = require("express-session");
import nedb = require("nedb");
import ldapjs = require("ldapjs");
+import u2f = require("u2f");
export type Nodemailer = typeof nodemailer;
export type Speakeasy = typeof speakeasy;
@@ -11,9 +12,10 @@ export type Winston = typeof winston;
export type Session = typeof session;
export type Nedb = typeof nedb;
export type Ldapjs = typeof ldapjs;
+export type U2f = typeof u2f;
export interface GlobalDependencies {
- u2f: object;
+ u2f: U2f;
nodemailer: Nodemailer;
ldapjs: Ldapjs;
session: Session;
diff --git a/src/types/ILogger.ts b/src/types/ILogger.ts
deleted file mode 100644
index 96f03fe6..00000000
--- a/src/types/ILogger.ts
+++ /dev/null
@@ -1,7 +0,0 @@
-
-import * as winston from "winston";
-
-export interface ILogger {
- debug: winston.LeveledLogMethod;
-}
-
diff --git a/src/types/TOTPSecret.ts b/src/types/TOTPSecret.ts
index e4a6b7d7..33ce602c 100644
--- a/src/types/TOTPSecret.ts
+++ b/src/types/TOTPSecret.ts
@@ -2,5 +2,5 @@
export interface TOTPSecret {
base32: string;
ascii: string;
- otpauth_url: string;
+ otpauth_url?: string;
}
\ No newline at end of file
diff --git a/src/types/authdog.d.ts b/src/types/authdog.d.ts
deleted file mode 100644
index 4405f6f1..00000000
--- a/src/types/authdog.d.ts
+++ /dev/null
@@ -1,69 +0,0 @@
-
-import BluebirdPromise = require("bluebird");
-
-declare module "authdog" {
- interface RegisterRequest {
- challenge: string;
- }
-
- interface RegisteredKey {
- version: number;
- keyHandle: string;
- }
-
- type RegisteredKeys = Array;
- type RegisterRequests = Array;
- type AppId = string;
-
- interface RegistrationRequest {
- appId: AppId;
- type: string;
- registerRequests: RegisterRequests;
- registeredKeys: RegisteredKeys;
- }
-
- interface Registration {
- publicKey: string;
- keyHandle: string;
- certificate: string;
- }
-
- interface ClientData {
- challenge: string;
- }
-
- interface RegistrationResponse {
- clientData: ClientData;
- registrationData: string;
- }
-
- interface Options {
- timeoutSeconds: number;
- requestId: string;
- }
-
- interface AuthenticationRequest {
- appId: AppId;
- type: string;
- challenge: string;
- registeredKeys: RegisteredKeys;
- timeoutSeconds: number;
- requestId: string;
- }
-
- interface AuthenticationResponse {
- keyHandle: string;
- clientData: ClientData;
- signatureData: string;
- }
-
- interface Authentication {
- userPresence: Uint8Array,
- counter: Uint32Array
- }
-
- export function startRegistration(appId: AppId, registeredKeys: RegisteredKeys, options?: Options): BluebirdPromise;
- export function finishRegistration(registrationRequest: RegistrationRequest, registrationResponse: RegistrationResponse): BluebirdPromise;
- export function startAuthentication(appId: AppId, registeredKeys: RegisteredKeys, options: Options): BluebirdPromise;
- export function finishAuthentication(challenge: string, deviceResponse: AuthenticationResponse, registeredKeys: RegisteredKeys): BluebirdPromise;
-}
\ No newline at end of file
diff --git a/src/types/jquery-notify.d.ts b/src/types/jquery-notify.d.ts
new file mode 100644
index 00000000..60d08cc1
--- /dev/null
+++ b/src/types/jquery-notify.d.ts
@@ -0,0 +1,4 @@
+
+interface JQueryStatic {
+ notify: any;
+}
diff --git a/src/types/request-async.d.ts b/src/types/request-async.d.ts
index 164d6919..964a7b24 100644
--- a/src/types/request-async.d.ts
+++ b/src/types/request-async.d.ts
@@ -1,8 +1,9 @@
import * as BluebirdPromise from "bluebird";
-import * as request from "request";
declare module "request" {
- export interface RequestAsync extends RequestAPI {
+ export interface RequestAPI {
getAsync(uri: string, options?: RequiredUriUrl): BluebirdPromise;
getAsync(uri: string): BluebirdPromise;
getAsync(options: RequiredUriUrl & CoreOptions): BluebirdPromise;
diff --git a/src/types/u2f-api.d.ts b/src/types/u2f-api.d.ts
new file mode 100644
index 00000000..87a0e4b8
--- /dev/null
+++ b/src/types/u2f-api.d.ts
@@ -0,0 +1,63 @@
+
+
+declare module "u2f-api" {
+ type MessageTypes = "u2f_register_request" | "u2f_sign_request" | "u2f_register_response" | "u2f_sign_response";
+
+ export interface Request {
+ type: MessageTypes,
+ signRequests: SignRequest[],
+ registerRequests?: RegisterRequest[],
+ timeoutSeconds?: number,
+ requestId?: number
+ }
+
+ type ResponseData = Error | RegisterResponse | SignResponse;
+
+
+ export interface Response {
+ type: MessageTypes;
+ responseData: ResponseData;
+ requestId?: number;
+ }
+
+ export enum ErrorCodes {
+ 'OK' = 0,
+ 'OTHER_ERROR' = 1,
+ 'BAD_REQUEST' = 2,
+ 'CONFIGURATION_UNSUPPORTED' = 3,
+ 'DEVICE_INELIGIBLE' = 4,
+ 'TIMEOUT' = 5
+ }
+
+ export interface Error {
+ errorCode: ErrorCodes;
+ errorMessage?: string;
+ }
+
+ export interface RegisterResponse {
+ registrationData: string;
+ clientData: string;
+ }
+
+ export interface RegisterRequest {
+ version: string;
+ challenge: string;
+ appId: string;
+ }
+
+ export interface SignResponse {
+ keyHandle: string;
+ signatureData: string;
+ clientData: string;
+ }
+
+ export interface SignRequest {
+ version: string;
+ challenge: string;
+ keyHandle: string;
+ appId: string;
+ }
+
+ export function sign(signRequests: SignRequest[], timeout: number): Promise;
+ export function register(registerRequests: RegisterRequest[], signRequests: SignRequest[], timeout: number): Promise;
+}
\ No newline at end of file
diff --git a/src/types/u2f.d.ts b/src/types/u2f.d.ts
new file mode 100644
index 00000000..b308fbc4
--- /dev/null
+++ b/src/types/u2f.d.ts
@@ -0,0 +1,45 @@
+
+
+declare module "u2f" {
+ export interface Request {
+ version: "U2F_V2";
+ appId: string;
+ challenge: string;
+ keyHandle?: string;
+ }
+
+ export interface RegistrationData {
+ clientData: string;
+ registrationData: string;
+ errorCode?: number;
+ }
+
+ export interface RegistrationResult {
+ successful: boolean;
+ publicKey: string;
+ keyHandle: string;
+ certificate: string;
+ }
+
+
+ export interface SignatureData {
+ clientData: string;
+ signatureData: string;
+ errorCode?: number;
+ }
+
+ export interface SignatureResult {
+ successful: boolean;
+ userPresent: boolean;
+ counter: number;
+ }
+
+ export interface Error {
+ errorCode: number;
+ errorMessage: string;
+ }
+
+ export function request(appId: string, keyHandle?: string): Request;
+ export function checkRegistration(request: Request, registerData: RegistrationData): RegistrationResult | Error;
+ export function checkSignature(request: Request, signData: SignatureData, publicKey: string): SignatureResult | Error;
+}
\ No newline at end of file
diff --git a/src/views/head.ejs b/src/views/head.ejs
deleted file mode 100644
index 618957e4..00000000
--- a/src/views/head.ejs
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/src/views/login.ejs b/src/views/login.ejs
deleted file mode 100644
index cacd1517..00000000
--- a/src/views/login.ejs
+++ /dev/null
@@ -1,35 +0,0 @@
-
-
- Login
- <% include head %>
-
-
-
-
-
-
Second factor
-
-
Time-Based One-Time Password
-
- Sign
- Register
-
-
-
FIDO Universal 2nd Factor
- Sign
- Register
-
-
-
- <% include scripts %>
-
-
-