From b9c73c2cf77f2445c2bd86ef6efdce8ad2377e36 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Claus-Peter=20H=C3=BCbner?= <claus-peter.huebner@email.de>
Date: Tue, 18 Oct 2022 23:12:27 +0200
Subject: [PATCH 01/14] first draft

---
 docu/RoadMap_2022-2023.md | 137 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 137 insertions(+)
 create mode 100644 docu/RoadMap_2022-2023.md

diff --git a/docu/RoadMap_2022-2023.md b/docu/RoadMap_2022-2023.md
new file mode 100644
index 000000000..8a29fcbb5
--- /dev/null
+++ b/docu/RoadMap_2022-2023.md
@@ -0,0 +1,137 @@
+# Roadmap 2022 / 2023
+
+## unsortierte Sammlung von Themen
+
+1. backend access layer
+
+   - Refactoring der Resolver-Klassen
+   - Daten-Zugriffschicht zur Kapselung der DB-Schicht
+   - Transfer-Datenmodel zum Austausch von Daten zwischen den Schichten
+   - technisches Transaktion-Handling und Lösung von Deadlocks
+   - Konzept in Arbeit
+2. capturing alias
+
+   - Konzept fertig
+   - Änderungen in Register- und Login-Prozess
+3. Passwort-Verschlüsselung
+
+   - Konzept fertig
+   - Unabhängigkeit von Email erzeugen
+   - Änderung der User-Email ermöglichen
+   - Versionierung der verwendeten Verschlüsselungslogik notwendig
+4. Contribution-Categories
+
+   - Bewertung und Kategorisierung von Schöpfungen: Was hat Wer für Wen geleistet?
+   - Regeln auf Categories ermöglichen
+   - Konzept in Arbeit
+5. Statistics / Analysen
+6. Subgruppierung / Subcommunities
+
+   - **einfacher Ansatz:** innerhalb der existierenden Community gibt es Untergruppierungen, sprich SubCommunities
+
+     - Einführung eine Community-Tabelle
+     - In der Community-Tabelle gibt es zunächst eine Haupt-Community, die mehrere Sub-Communities haben kann
+     - ein User ist in der Haupt-Community unique, kann aber in mehreren SubCommunities sein
+     - Eine SubCommunity dient zur einfachen Gruppierung gleichgesinnter oder örtlich gebundener User
+     - Eine SubCommunity hat eigene Moderatoren
+     - Motivation einer SubCommunity: kleine lokale Gruppen und jeder kennt jeden
+     - **ToDos**:
+       - DB-Migration für Community-Tabelle, User-SubCommunity-Zuordnungen, UserRights-Tabelle
+       - Berechtigungen für SubCommunities
+       - Register- und Login-Prozess für SubCommunity-Anmeldung anpassen
+         - Auswahl-Box einer SubCommunity
+         - createUser mit Zuordnung zur ausgewählten SubCommunity
+       - Schöpfungsprozess auf angemeldete SubCommunity anpassen
+         - "Beitrag einreichen"-Dialog auf angemeldete SubCommunity anpassen
+         - "meine Beiträge zum Gemeinwohl" mit Filter auf angemeldete SubCommunity anpassen
+         - "Gemeinschaft"-Dialog auf angemeldete SubCommunity anpassen
+       - "Mein Profil"-Dialog auf SubCommunities anpassen
+         - Umzug-Service in andere SubCommunity
+         - Löschen der Mitgliedschaft zu angemeldeter SubCommunity (Deaktivierung der Zuordnung "User-SubCommunity")
+       - "Senden"-Dialog mit SubCommunity-Auswahl
+       - "Transaktion"-Dialog mit Filter auf angemeldeter SubCommunity
+       - AdminInterface auf angemeldete SubCommunity anpassen
+         - "Übersicht"-Dialog mit Filter auf angemeldete SubCommunity
+         - "Nutzersuche"-Dialog mit Filter auf angemeldete SubCommunity
+         - "Mehrfachschöpfung"-Dialog mit Filter auf angemeldete SubComunity
+       - Subject/Texte/Footer/... der Email-Benachrichtigungen auf angemeldete SubCommunity anpassen
+   - **komplexer Ansatz**
+
+     - DB-Migration
+
+       - Community-Tabelle mit Eintrag für Haupt-Community
+       - Community-User Zuordnungstabelle
+       - Account-Tabelle
+       - Account-User Zuordnungstabelle
+     - SubCommunity-Verwaltung
+
+       - Neuanlage
+       - Änderungen
+       - Berechtigungen (Admin, Moderator, User, ...)
+       - Konten für 2te und 3te Schöpfung
+     - User-Community-Verwaltung
+
+       - Zuordnung zu einer SubCommunity bei Register bzw Login
+       - Umzug in andere SubCommunity
+       - Eindeutigkeit Community-übergreifend?
+     - User-Account-Verwaltung
+
+       - Berechtigung auf Accounts anderer User (Treuhander)
+     - Transaktions- und Schöpfungslogik auf Multi-Community anpassen
+7. User-Beziehungen und Favoritenverwaltung
+
+   - User-User-Zuordnung
+     - aus Tx-Liste die aktuellen Favoriten ermitteln
+   - Verwaltung von Zuordnungen
+     - Auswahl
+     - Berechtigungen
+     - Gruppierung
+     - Community-übergreifend
+     - User-Beziehungen
+8. technische Ablösung der Email und Ersatz durch GradidoID
+9. Zeitzone
+
+   - User sieht immer seine Locale-Zeit und Monate
+   - Admin sieht immer UTC-Zeit und Monate
+   - wichtiges Kriterium für Schöpfung ist das TargetDate
+   - Berechnung der möglichen Schöpfungen muss somit auf dem TargetDate der Schöpfung ermittelt werden!
+   - Kann es vorkommen, dass das TargetDate der Contribution vor dem CreationDate der TX liegt?
+   - Contribution-Link aktiviert in Tokyo am Locale: 01.11.2022 07:00:00+09:00 = TargetDate = Zieldatum der Schöpfung
+   - Gebucht wird die TX mit creationDate=31.10.2022 22:00:00 UTC,
+   - die Schöpfung hat creationDate=31.10.2022 22:00:00 UTC und contributionDate=01.11.2022 07:00:00 und neu contributionOffset=+09:00
+   - **Prüfung auf -12h <= ClientRequestTime <= +12h**
+   - original ClientRequestTime in DB speichern
+   - 17.10.2022 22:00 +09:00 => 17.10.2022	UTC: 17.10.2022 13:00 UTC => 17.10.2022
+   - 18.10.2022 02:00 +09:00 => 18.10.2022	UTC: 17.10.2022 17:00 UTC => 17.10.2022 !!!! darf nicht weil gleicher Tag !!!
+   - 31.10.2022 22:00 +09:00 => 10.2022
+   - 01.11.2022 07:00 +09:00 => 11.2022
+10. Layout
+11. Manuelle User-Registrierung für Admin
+
+    1. 10.12.2022 Tag bei den Galliern
+12. Dezentralisierung / Federation
+
+    1. Hyperswarm
+    2. 
+
+## Priorisierung
+
+1. capturing alias
+2. Manuelle User-Registrierung für Admin (10.12.2022)	**Konzeption!!**!
+3. Zeitzone
+4. User-Beziehungen und Favoritenverwaltung
+5. Layout
+6. Passwort-Verschlüsselung
+7. 
+8. Subgruppierung / Subcommunities (einfacher Ansatz)
+9. Contribution-Categories
+10. 
+11. backend access layer
+12. 
+13. Statistics / Analysen
+14. 
+15. technische Ablösung der Email und Ersatz durch GradidoID
+16. 
+17. Dezentralisierung / Federation
+
+## Zeitleiste

From f0187c130119a4a9711e6b802c6ba47071d69bf8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Claus-Peter=20H=C3=BCbner?= <claus-peter.huebner@email.de>
Date: Tue, 18 Oct 2022 23:55:22 +0200
Subject: [PATCH 02/14] first draft after meeting

---
 docu/RoadMap_2022-2023.md             |  92 ++++++++++++--------------
 docu/graphics/RoadMap2022-2023.drawio |  60 +++++++++++++++++
 docu/graphics/RoadMap2022-2023.png    | Bin 0 -> 64646 bytes
 3 files changed, 103 insertions(+), 49 deletions(-)
 create mode 100644 docu/graphics/RoadMap2022-2023.drawio
 create mode 100644 docu/graphics/RoadMap2022-2023.png

diff --git a/docu/RoadMap_2022-2023.md b/docu/RoadMap_2022-2023.md
index 8a29fcbb5..26a4ec41e 100644
--- a/docu/RoadMap_2022-2023.md
+++ b/docu/RoadMap_2022-2023.md
@@ -55,29 +55,6 @@
          - "Nutzersuche"-Dialog mit Filter auf angemeldete SubCommunity
          - "Mehrfachschöpfung"-Dialog mit Filter auf angemeldete SubComunity
        - Subject/Texte/Footer/... der Email-Benachrichtigungen auf angemeldete SubCommunity anpassen
-   - **komplexer Ansatz**
-
-     - DB-Migration
-
-       - Community-Tabelle mit Eintrag für Haupt-Community
-       - Community-User Zuordnungstabelle
-       - Account-Tabelle
-       - Account-User Zuordnungstabelle
-     - SubCommunity-Verwaltung
-
-       - Neuanlage
-       - Änderungen
-       - Berechtigungen (Admin, Moderator, User, ...)
-       - Konten für 2te und 3te Schöpfung
-     - User-Community-Verwaltung
-
-       - Zuordnung zu einer SubCommunity bei Register bzw Login
-       - Umzug in andere SubCommunity
-       - Eindeutigkeit Community-übergreifend?
-     - User-Account-Verwaltung
-
-       - Berechtigung auf Accounts anderer User (Treuhander)
-     - Transaktions- und Schöpfungslogik auf Multi-Community anpassen
 7. User-Beziehungen und Favoritenverwaltung
 
    - User-User-Zuordnung
@@ -89,30 +66,47 @@
      - Community-übergreifend
      - User-Beziehungen
 8. technische Ablösung der Email und Ersatz durch GradidoID
+
+   * APIs / Links / etc mit Email anpassen, so dass keine Email mehr verwendet wird
+   * Email soll aber im Aussen für User optional noch verwendbar bleiben
+   * Intern erfolgt aber auf jedenfall ein Mapping auf GradidoID egal ob per Email oder Alias angefragt wird
 9. Zeitzone
 
    - User sieht immer seine Locale-Zeit und Monate
    - Admin sieht immer UTC-Zeit und Monate
-   - wichtiges Kriterium für Schöpfung ist das TargetDate
-   - Berechnung der möglichen Schöpfungen muss somit auf dem TargetDate der Schöpfung ermittelt werden!
-   - Kann es vorkommen, dass das TargetDate der Contribution vor dem CreationDate der TX liegt?
-   - Contribution-Link aktiviert in Tokyo am Locale: 01.11.2022 07:00:00+09:00 = TargetDate = Zieldatum der Schöpfung
-   - Gebucht wird die TX mit creationDate=31.10.2022 22:00:00 UTC,
-   - die Schöpfung hat creationDate=31.10.2022 22:00:00 UTC und contributionDate=01.11.2022 07:00:00 und neu contributionOffset=+09:00
-   - **Prüfung auf -12h <= ClientRequestTime <= +12h**
-   - original ClientRequestTime in DB speichern
-   - 17.10.2022 22:00 +09:00 => 17.10.2022	UTC: 17.10.2022 13:00 UTC => 17.10.2022
-   - 18.10.2022 02:00 +09:00 => 18.10.2022	UTC: 17.10.2022 17:00 UTC => 17.10.2022 !!!! darf nicht weil gleicher Tag !!!
-   - 31.10.2022 22:00 +09:00 => 10.2022
-   - 01.11.2022 07:00 +09:00 => 11.2022
+   - wichtiges Kriterium für Schöpfung ist das TargetDate ( heißt in DB contributionDate)
+   - Berechnung der möglichen Schöpfungen muss somit auf dem TargetDate der Schöpfung ermittelt werden! **(Ist-Zustand)**
+   - Kann es vorkommen, dass das TargetDate der Contribution vor dem CreationDate der TX liegt? Ja
+   - Beispiel: User in Tokyo Locale mit Offest +09:00
+
+     - aktiviert Contribution-Link mit Locale: 01.11.2022 07:00:00+09:00 = TargetDate = Zieldatum der Schöpfung
+     - die Contribution wird gespeichert mit
+
+       - creationDate=31.10.2022 22:00:00 UTC
+       - contributionDate=01.11.2022 07:00:00
+       - (neu) clientRequestTime=01.11.2022 07:00:00+09:00
+     - durch automatische Bestätigung und sofortiger Transaktion wird die TX gespeichert mit
+
+       - creationDate=31.10.2022 22:00:00 UTC
+   - **zwingende Prüfung aller Requeste: auf -12h <= ClientRequestTime <= +12h**
+   - zur Analyse und Problemverfolgung von Contributions immer original ClientRequestTime mit Offset in DB speichern
+   - Beispiel für täglichen Contribution-Link während des Monats:
+
+     - 17.10.2022 22:00 +09:00 => 17.10.2022	UTC: 17.10.2022 13:00 UTC => 17.10.2022
+     - 18.10.2022 02:00 +09:00 => 18.10.2022	UTC: 17.10.2022 17:00 UTC => 17.10.2022 !!!! darf nicht weil gleicher Tag !!!
+   - Beispiel für täglichen Contribution-Link am Monatswechsel:
+
+     - 31.10.2022 22:00 +09:00 => 31.10.2022	UTC: 31.10.2022 15:00 UTC => 31.10.2022
+     - 01.11.2022 07:00 +09:00 => 01.11.2022	UTC: 31.10.2022 22:00 UTC => 31.10.2022 !!!! darf nicht weil gleicher Tag !!!
 10. Layout
 11. Manuelle User-Registrierung für Admin
 
-    1. 10.12.2022 Tag bei den Galliern
+    - soll am 10.12.2022 für den Tag bei den Galliern produktiv sein
 12. Dezentralisierung / Federation
 
-    1. Hyperswarm
-    2. 
+    - Hyperswarm
+    - Authentifizierungs- und Autorisierungs-Handshake
+    - Inter-Community-Communication
 
 ## Priorisierung
 
@@ -122,16 +116,16 @@
 4. User-Beziehungen und Favoritenverwaltung
 5. Layout
 6. Passwort-Verschlüsselung
-7. 
-8. Subgruppierung / Subcommunities (einfacher Ansatz)
-9. Contribution-Categories
-10. 
-11. backend access layer
-12. 
-13. Statistics / Analysen
-14. 
-15. technische Ablösung der Email und Ersatz durch GradidoID
-16. 
-17. Dezentralisierung / Federation
+7. Subgruppierung / Subcommunities (einfacher Ansatz)
+8. Contribution-Categories
+9. backend access layer
+10. Statistics / Analysen
+11. technische Ablösung der Email und Ersatz durch GradidoID
+12. Dezentralisierung / Federation
 
 ## Zeitleiste
+
+
+
+
+![img](./graphics/RoadMap2022-2023.png)
diff --git a/docu/graphics/RoadMap2022-2023.drawio b/docu/graphics/RoadMap2022-2023.drawio
new file mode 100644
index 000000000..58b8dec94
--- /dev/null
+++ b/docu/graphics/RoadMap2022-2023.drawio
@@ -0,0 +1,60 @@
+<mxfile host="65bd71144e">
+    <diagram id="CdUoMVivL2xThNJutTjM" name="Seite-1">
+        <mxGraphModel dx="1022" dy="800" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="2336" pageHeight="1654" math="0" shadow="0">
+            <root>
+                <mxCell id="0"/>
+                <mxCell id="1" parent="0"/>
+                <mxCell id="14" style="edgeStyle=none;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;fontSize=16;" edge="1" parent="1" source="2" target="7">
+                    <mxGeometry relative="1" as="geometry">
+                        <Array as="points">
+                            <mxPoint x="160" y="100"/>
+                        </Array>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="2" value="capturing alias" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f5f5f5;gradientColor=#b3b3b3;strokeColor=#666666;fontSize=16;" vertex="1" parent="1">
+                    <mxGeometry x="40" y="40" width="240" height="40" as="geometry"/>
+                </mxCell>
+                <mxCell id="3" value="Manuelle User-Registrierung für Admin (10.12.2022)" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f5f5f5;gradientColor=#b3b3b3;strokeColor=#666666;fontSize=16;" vertex="1" parent="1">
+                    <mxGeometry x="40" y="200" width="440" height="40" as="geometry"/>
+                </mxCell>
+                <mxCell id="4" value="Zeitzone" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f5f5f5;gradientColor=#b3b3b3;strokeColor=#666666;fontSize=16;" vertex="1" parent="1">
+                    <mxGeometry x="40" y="280" width="440" height="40" as="geometry"/>
+                </mxCell>
+                <mxCell id="5" value="User-Beziehungen und Favoritenverwaltung" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f5f5f5;gradientColor=#b3b3b3;strokeColor=#666666;fontSize=16;" vertex="1" parent="1">
+                    <mxGeometry x="40" y="360" width="440" height="40" as="geometry"/>
+                </mxCell>
+                <mxCell id="6" value="Layout" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f5f5f5;gradientColor=#b3b3b3;strokeColor=#666666;fontSize=16;" vertex="1" parent="1">
+                    <mxGeometry x="40" y="440" width="440" height="40" as="geometry"/>
+                </mxCell>
+                <mxCell id="15" style="edgeStyle=none;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;fontSize=16;" edge="1" parent="1" source="7" target="12">
+                    <mxGeometry relative="1" as="geometry">
+                        <Array as="points">
+                            <mxPoint x="440" y="140"/>
+                        </Array>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="7" value="Passwort-Verschlüsselung" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f5f5f5;gradientColor=#b3b3b3;strokeColor=#666666;fontSize=16;" vertex="1" parent="1">
+                    <mxGeometry x="320" y="80" width="240" height="40" as="geometry"/>
+                </mxCell>
+                <mxCell id="8" value="Subgruppierung / Subcommunities" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f5f5f5;gradientColor=#b3b3b3;strokeColor=#666666;fontSize=16;" vertex="1" parent="1">
+                    <mxGeometry x="40" y="520" width="440" height="40" as="geometry"/>
+                </mxCell>
+                <mxCell id="9" value="Contribution-Categories" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f5f5f5;gradientColor=#b3b3b3;strokeColor=#666666;fontSize=16;" vertex="1" parent="1">
+                    <mxGeometry x="40" y="600" width="440" height="40" as="geometry"/>
+                </mxCell>
+                <mxCell id="10" value="backend access layer" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f5f5f5;gradientColor=#b3b3b3;strokeColor=#666666;fontSize=16;" vertex="1" parent="1">
+                    <mxGeometry x="40" y="680" width="440" height="40" as="geometry"/>
+                </mxCell>
+                <mxCell id="11" value="Statistics / Analysen" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f5f5f5;gradientColor=#b3b3b3;strokeColor=#666666;fontSize=16;" vertex="1" parent="1">
+                    <mxGeometry x="40" y="760" width="440" height="40" as="geometry"/>
+                </mxCell>
+                <mxCell id="12" value="Ablösung der Email und Ersatz durch GradidoID" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f5f5f5;gradientColor=#b3b3b3;strokeColor=#666666;fontSize=16;" vertex="1" parent="1">
+                    <mxGeometry x="600" y="120" width="360" height="40" as="geometry"/>
+                </mxCell>
+                <mxCell id="13" value="Dezentralisierung / Federation" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f5f5f5;gradientColor=#b3b3b3;strokeColor=#666666;fontSize=16;" vertex="1" parent="1">
+                    <mxGeometry x="40" y="840" width="440" height="40" as="geometry"/>
+                </mxCell>
+            </root>
+        </mxGraphModel>
+    </diagram>
+</mxfile>
\ No newline at end of file
diff --git a/docu/graphics/RoadMap2022-2023.png b/docu/graphics/RoadMap2022-2023.png
new file mode 100644
index 0000000000000000000000000000000000000000..3ce8511a346c0cec5a9293a0da6b5ddc6b1d8509
GIT binary patch
literal 64646
zcmeFZ2UJwcwl0jwR#1_khy(?ZC?GjYP*6mo<cx$SLjz4tEg~R-1j!i$K_rRftVqr|
zCqZ(~bVJjx8qw{!=e+-aWBm8t@sD@zc5GqQs<l?toHf%o=hR<8P7?nD`2{R2EPScQ
z5{g(@XJf$sQn=^9h_C4Z9{6zvrYQLUE4PDk5etiS$Nr(Zy_K`EnI!~^j!XRKZ**J_
z!S6<9`X+YzR&<=~W=3>e5_FuL;zlY^SyeMf8BS+qQ@JM&_R8k6U>MA>*0+NEoTCIW
zvxl&9V1`fLV&yDpr*C5_3pIjRf{8}XKc{i9W1ho2YUJ{BgrA-L=YWabukW3_g_9jK
zpk(HH`T>q#(;Uo<Ah6T7{e03M3bnL1v-!tCL#VYi#L)g9ChFVSL7o0_nlaS!beE@J
zwb3{E^~IlW#|$VL>RbNvsG6CPz3I;naB^|+{yqIM#LUF>*Qa@TxPRWU(*HI4bSp4Z
zeIuyT&lj8wolwpW3I&foJmHEs#1ccjUxfMj+@t@^-QOFqgIJ$_{Qu>F(}lt8U4HEj
zVgxpOdT9-{277*BYHwu;*2n>V1@E<UQ3n_7zb-T|7k7DnT}ois{QIT^hQ*jGW2m+L
zDJMC2!SzpiV7>(=fQx^z^3x$0)WOd1bk^y?vDddVft>D-5A&v9=M4h2f`Ih_df7oN
z_3h0Z|MBhmr;IoGJ@53<`*wEvn5TYCuz{Lc+r$2NvjS!SO!#$%c~ALwdV)DlPw**U
z=r|w!eB;Twz!eaMU!VMY=!CPUEB_B%KHaCIzNN$I4h;2e>>cdPtW7Yhv@`<?JrSWl
z_+|%nur`8VPBMm1PNqN@m2C7+DCY#^5RCo7Mj-W;;!sPd-3j%%jCnABz!V_%MrMG=
zf7~<R!u$dEVD@%U3&<aLcu)QVcm6eV9U*r1kY5D*xm+9lzYpdKd;ghnrw?%dBY}Ti
zI{hJUzs5}e5Vc=pzZm%^r#b)Tj+OKO1M#_juJsS%%j#P@05OCB+N;1IcC3mJ6Ei>!
zGl-qT2}6wO#JT7mh}(ht_l>N~tiex44)(hooOd~avSa%9Vio5vZT<(ZxPS5GKbu#l
z>gx|)X#y+cicwqtR`S8ge=0Bk9Yp8(CjmK;iU$x^Gl(gW2na?1fHDGqKhk%E+5t^u
z4U~bCzNP(%ya4US{_mo=xPDoR{|?5S`X7HtgN(il)BzZ-e<zavRyO|~B<DC4hCj~p
z|DPSG6K{!={Z9vq<HXtcXG8p7>p}fy(k~C{)I$7iqyN8oP^TOHLlhMBVK67Cojt26
z#13X?YWdS<!(b50|NE5^7w12^Q~$zRaQ;`BX#Rh)7D^5VCUy=sHoyHR;2{H(0EP{r
zR#pzyX7*+vy!*G(Sv<cO^xvVg1pbL5;vhP+Gc$0oH-lQUitF1$On}w?cjE!?f2ZU6
z3(NRJK^f>9T0l;`CVfLg2n<L7yQRJh1Vk18PS%_EU+AXa#^OIaeBe0682;dbl0Co;
zVD@H)82bNIO!uwzEnQ$3ulC=G5q$rhp6gF1gp>UbM%*{}X`*>yKZ9%|j3lr>w9+@j
z;9)<*i-&eFeS24MX#_ALQ}7cYjz(riP$>+g1TO#Z%Kq<yM}F(7U+&YtuphrekN<S3
z;rb^7A^~y5AcFvzg8c`p{s;mX2Sf_`Zzewczx=8H0*emR(%%sAPk8Zfr2QAb_zT4U
zb^ROQ-&5y;VPR2YNlDyScGg`<xEP|+AG5Be_XBdqpdny0lt}!^*Sbv~pI{?%^G8fy
z&PxT}S5R>0Hn`n&=gzbi5ebQeCJxngg^+0e>9e@eW99yja;7ZenHMg-b}$UQ#AP79
z8Qz+M?pbeJsu%INyt*jjmb5*p5*c4Gh#c5QRTnwsp*1Y>bY@-{_I-Hjy*J^uj$9or
zN%~~i7<Bi$z%l+A-0&!|!@X5LhlQ^1MeT8X@^Qj$dvCW~#g_@6W8qL^oxv5u!X|u7
zuVAPbOeN~6+Zc4?{Qml6jaHI~hxTBuj*hJCo6#Z*QncS$6!l+&UmM;~jDJ+g8rzy}
zr6{o)Ep|rkEZ#27zYkvW>wVN#IF(J5LXInyx>c_DHwEmB_$27w#Zr;>pl4df%3u_O
z*%}4T4S{61?S<nio9BN&sVv|{&KkNpQFU1Be}%y@KqGpnsqxjeo<GsSj~IHi>$&S9
zIp0iL!kOMs@LFDP=^4IL6L3Z3?@f?-#UhbNlC$S8-+K?8tY(7YJ5ghK&EaNim-Vpf
zl<&MZ>rGF%z;v?X)5WIwh{@{cj5pw2p||hmil!udF6M~4K-QkAlwoadYC1LDE;q7q
z_3stl^NJlA8PN%2kk363!z09wc>Js<P0G3>UZ4!W@(#x%gBO1jwdvX!Hcn^_YR}T;
zO$p)i=L|Ne-ND<Oix+=W3JW`vX6oTwPRT?I^Bu*F*B2ZeWYM{~W}_a61`4QzQTkHk
zYpy?L>l#hCZ?}hlwR1ie8@$^J;fm(h_Wk`u5}7XnGVQ)LfTP2=lT~nEwXMwJ2j4p7
z@pCb{D;qT1z7*CUeq8s*$0m`UDju~KH&V59#Jlu+helz~Nn=J*-k!xKY`S@7^-{Zx
z@!pni<L^Zzzr}M7bs2XURIv-JJLmP9&ZhB(6E!C@Zw1b|pJxfI?z7aFfHsS~D&DvW
zwdaGu!h6w&e(;0y`{V1LCH38w<K_K}Jlu^`@Jfn%&Ncz7;qRs?pq1ZmI!~S9vl`(p
zS+71UuMZ%t5JfG@AFEI#2s+$(cx4C|cg$rz;gyUl&To!C7yF0{R@2TixN#wjv$FO_
zJKv-|-?)8P9EYK=&`y`Q4qauf(QHdZZc576ai>WSU8D5X2&#y=P93LlpC*}pRuYq6
zA^?_M*;KjoF^l@?Ic(w>*T3pf`;+Srjp-;~OVMlt!EzX{aLRibqIlz*@cx*0lZ=C}
z&E?-@Q>FsE&a2#NSqi8Ws{_Z=W_oL@mF@7Y=+SqAINXe25oFUFD$$7?-6}y7v+uP&
zYeR;?yGc~;8(+uvi9-cD1m-FEY^Nn^EO!v|Nlq!HQR)ZX!Ja=xv$L{Vhr1Prn3U2>
z!Gb1r9ETxtG;-1k750nMH(h=ZLAPHs=WcNMc^vLJn8e%qvfWPMvm9dAYYgfV^~kUj
z_q)8C;kLiF+RCQ>>5FWVh;ZHl4?NLzDKmcDcBWx=#Q$OXbl*yPz0QZ~d@f@o3-9Xy
zLnmzFZObF^&Ql>d(GXX_2A7wYdw(bmdxSm@x2f2uy$G9rWUyE^p9oXRkaI|aAD4;d
zsntY(=yMU)W6ICaXx1n&MnEvS$RSlS*pXPx)l<$d(JP`WoVu5pF+1qx>Px&U?k)uu
zyR@9URZH=1Yh?lzpG_b^LTjb*P0BI1#C?B^ycPY(jOO`vy~N6qj<-FDpD3SAkgDMA
zjUveEtANDb!g<g7F9uQ{^U9Mv_B1-61yrB!x}BE_J?pwh5*qXF<<y10Ps{Ud8YM0}
zO0?{h52@}(0hIonA+OZDAqQ>#&VUxQtYW=dsKk={ZWt|RUNzF(Y4Lp&FEgjOKKW~z
zcB4d3<YEP0lR}$R_6^%QBHay5mjHPYHofY5c}?Nyk#^+@qS37hTB4&aae~?D%NicY
z#f<g=DgnE+edenvJFRngrUPW5QfyworIqk8hNL{B4VxrhK#>YqrT3&t60q%ExIz5%
z`&#Ape5X?*B`h$ktA}WWeKhuc`1Nqy{@hQRTSEmV@)<EQR<&t@pF@8HFEtgr7n<A*
zTWNp{<mxO(O`AulSv47=iyiw^SL9*&aaH@1@JUh%F5|#`p*?wb+H?{%pygro+x>ir
z3`y>GVb?Ftrf7Cr6jO$3<P0-d|JIKoa@e{?x}J#H6>Q}0+UMAq-j!6muW93tMUM{*
z(f8itWxH(8xqQudpBp=?q~m{Y^_rHJR@^9$BQQ9+{AL=<$@jg-MxiyU^zw--NdotN
zgouxk>bZwriIJr8D9kfCj$Vj(7RO~01efb|gvx%lpn(A<ZaQ*bG&}ZK)|%WpmXGCb
z))0ElwZ|~AIxyk_XbP*{I@<2suiQeI0A?0`&Nzt6f_esC=b&+_kN4OcmfJ0=EA4Ug
zL#1ynIB>jbv!Br3yzsY}G6Rwqb+_@|SW$iA;V&pG&)Cgv-uFS`E`jLLC%CmjZ3Yk+
z0iujyK`Wco;jhC5CWq^6Wk24=H-*3Ib7?ntVpP4|A*5^cQTR%XV4h>J;L?Zqrc0=9
znG}B+JT2R(11^0_$NuV<ri`5JqW(&Fa{e+Fl8y#&gU}dzkvWpX{pkQUWQ<HvhV0u~
zXITlpMy<WOrBm27`3lwU%C%W~nyx5QZw3kDqKRsMir>plJ5kCCkNofl+WXB>EJS72
z<AQ8~v^3&3iB)1<!b9$@7WP&)_2wHj6SIxXbtEjCoQH^WdAs^PeIV~=EXEVYVEb`4
zpV&$;Z+)jMKfgObVK_qlDx5W?f8~RvxvKIz>0*^miS)?U7KZlZ%ar_GC0U%rG2`V9
z+g27XAN|`zJdoT>(9O&aX|}5HZH5kX&wJ^rXMHRmBCAI(Wv(RJwJ`Y~OBuD8^do?d
zSNl}GdFe29sO6EO$lDe*C3OGYhJVQk9`U-(NgUd9yYcTMEuR!FhEVsVb0eYkuSv?@
zzb6h+J@zIL+2~aN7^KVg?u|X|6kGLy0XjP)v8wM<rbr_%Pna3RUanK-NmIS!55Kx(
zV;tE^O<_E}q6FmzcV+F^s!KCZN0Hg%_VV{O>*$NWdFn$719C0ZD{78+^Tsty5@tOH
zEFlX?FEer8B`8rKmX^ypVz^9r_0xv+{GITit$%s!*5H{okcUbI|3_8GBi_&*{=DuD
zZ?ns8zZ%N_+hw7)&P%=q8!;w{%?Z7hi8v{BQ4(p#Il~H7or;~7OI;28^z6IC60s{o
zWu-c+w1>?MNe9S}%qa|`#0BmCZKZ({>BdsC8SdPnZru+_5pZek;}sK8SPim2FLo&C
z&_^QG@k7zKqcFWKDXw(=(Uhie)4R%gojOkfDMo3ncly!v$?tprgL#Yv=8^0|61PAU
zMDM1@&eMG=^d^<uIyJtNiY!c~HIj9kt59Q0p#9!xEgzn%gt1mgI{t6*$MP}&w%)8j
zqh9r$wm!DmwU}7es?7$9@k!M9q(EzxM+RNy*>jf|DXHlc?~9=>g~q&Ap8CT$e;LI1
zfdY246|J7A3t^FKTV#X1Fu&MlN<M4tJ9<?qvjv)aNGN&_S{CqqE)MF5I^6HH!cu9k
zD31I{Rakt(irc5@hv((rZUuD+Jy1wXI(|};l@+GizS}%y<B;zqLT8YY%lpB=pP&ql
zNf)|Pjj>m!{NiWh^dq3Ud;wRC+8bxCGby;K?b(D4+3)+xoIoLT3awW@2?`yeR>;Rm
zbe_hOFs?U_`tsW`5aR`85U?EjWa%0_Nch1H`{FegF(XwMDr)!Nv<l$`E4zF{klV`h
zI{^;00*;r@MN%5hfGG*0-*d3Mif;pNFXWc^NbW;T;3z(M^sM{c!&hx@yXy%5wo+nD
zxP5^)g<WTW_AIww>ho7q>vJ!nV9Z;4E`AO9bs$G;{4Jd{Z+k3HmIagbxuHK!=JS(h
z$+(Q`LnUvzJn2jnmewbr06r}Rk$Qz=j@$mYlU}R<Y%bHPkGA~}Dv2did&NFYeT2U>
zR<>Px=Il9pX7yM=BQbMa7OmoJTX0asO*#{+XnEwm<NmSI{wp7dyvobVT@F`ECZ{}6
z$Xnc5)zVnh7jbmqsNII$<v})UQ`76Af5A72ev@1**%h2hvj?!esy*_t3a52zVb>iS
z*GFN%<$O$VM%Wvp+)7+`mm1h=j)=Wt68om`{`jUCH3R2vLS#oV@bEq7I}#XH#>xsV
zrU6HPhtPB|cRby3b)>2o_#9>$+B8{*t-y2BsR7Q>6~~pKuP8cUos06+QzIqNnoOYS
z^Q<N+1;X}86>(1v*&<CBaJpN0Dw&A9bUFmKv}vNF&B(kqXBs<~hw^8pj!}nB%e@)F
z%Oge175oKpJQXe(rhMCPDEP`%vQ*1vTch}_M~kgCcNTj!UQd1=y;1b@5N$ps@xThz
zATg7JhJckN3}&h2eZ4Iiv=Zr~_HE<BZC!okRh0eOSlJtkfozR?h7Ffq8oNSsoG~6X
zbw5t@_a_dnPo^np3TUr$^blif(u`KQ?fYC|kQ=j7;<y4stk@kh=buk9!rloUSfx@*
zmoXdrq<^+Tt>j08<c*W__lyievU5hln1og!=hndBVBU3pn<*wh7TK(TgTKz;(h{nd
z*}c~)w_lX*O_!Y!uG}F!d2YxMyUl2g<8zyen33^aNW_fI|53CA4h}V^QrK%%7*6Q0
zxhaSCD={mp)!gPV2GTnXE?`qWIP|iyKjzwEzVYAkDf>!?`Is5Q7pmYwlZCiLzow(P
zOZi<7fFE8m>FIXSLJ1$6kdeV_Ij`nss741)7cV#vUYD+bHSxPVEDvg8A--DwL|%+$
z8~AavDkMy<Dt}eXe|EFZub7{3o_X`Ct!MIDK8DB1cfi7!McZGswRGB=-wto8M9jr0
zEmH-702YC_FajxK5ym+=s+te5LWhaXhd-tgiKHG`&So1_Ml|(V;-1H$4iU!I^m*RY
zraQ559U~>=;GMl8J_Eb@Suktp{21C|-1yUFuW`J`MiVyQ@RNbh$NBhYuw~2+Exm-{
zDn1Tjj9JrzW#k4t0fvf)!Oc#dF$&GRaYq1bZiT3;qpQuxm<{UuALeV#k0o@Jk>reC
z8n_k0!kJgGCfEh2M@IWI661>II|&Ix&SAf5<2Fih@F;B;80-*ed|cxoU?}YMJhD~S
zZMDd%cJ2+|gpEm(hogbkH(z|1>kaV?xrC9rsA5Z_&FT8JDQ^Nt5ZaAdw_9W4H4;wv
z@pjU9p;_-(_2F9F!pK>IdsB6JWt=%=VFm}iNymMbL9dy5V@2qPuW{uwla>qw?RN;R
zOBfaN8m))}h5SJQtmlHPCE>tkN7=)UvUOF@4-(P5fW?E_Fxj|&5xgZ-eKZ8pq-(m^
z)id6aAXMTnYPI<>gvVl_6htlptJpw_C+kY<X6HrG80Y<P4A|b78G~bwoo-3%m7#p=
zFVD~9=H^<LY+DgE7Ica%tLADCTY4sfI3u2LbtpfzpwjbjbkcD?(Ji-P`Ze>|)K~BE
zVEEAtZ)=`AP+S|9bW;HyJdagdK)kE-s;zKb`2?*HdjuHH_4WgFVa@<>+p%MOAAeQh
z1~!Kma{>$&52Fa{dTgZY(63_kK-S=i!SeCp`aTWUJ=(NFe}CRvuRDwUVL5%Tra41h
zR`MI^i$CjsJLfbTp;qpFS+L1$(e7Rx^X6XD?O<9v3%U{~E@mp)p|?i`we{g<%<!BW
zy8`}gZtGQp4(k(DIdRb4y|uFWn-a!ZO6eymEJ6w>ni!WismN;BntX>q4xM|x-~;*=
zUYbv{%d<oKg7a&y>eD6Capbfp$u}nLT3M|Dg5ysEJ383(Ojk0HX?>g_6El4hAX*Sx
zMCmwctQD-_1IxCLh=+C90;SXDU+6v$(c-Xpv>M3Ov9T+=;4@i|{qV(8kzC!XkwO1a
zw`0USs!TSH*QKV2`(QC6sbd-5r0qaQYslMhAHvETfe*i~UTTwKlK!oQ3ItQuUtjz+
zL6tB#A8n#8?+_OtZ}r5eC8%mE-D!P7_Na(+tM|Ia9M7H=8nxd!oBv+mlFtEf3>W??
z4I0W|_xpJJT<p{0%B-Lz_};KdV&3J5r}67m`?|U4`m$ozf!q$K#h&_kkrnS84;`s{
z1)K5~N(~s$$g73+c~f><CH+H(SeV@Hp5>VC?8LN^`)M=P6Y5KF{&`1%`E(xxC7Ocj
z>T3Kk8@aQd?W*RB2KThc5{0IopN&uC3A;`v>{_@li~YEjm928)0UM!#7BP>0!h?B}
z_So6gSdWOow{on~MeDS&J2FX$8WB@n2yjqGOQ5UGz8%tEJ{<L{=_N2<LFSN+xO2rw
zZE8GVvChilz3H}+Px&o60I>^1=toPPrIFB_;if3!N0@+U{o`rr%^dao+D2pdt$Jvs
zy=U!9yhI2i=RU2ZkKG6UAE_;}34;Bd$_=&)1uYAec4>RNmX?g1-}oU)kZY`(KLQ`N
z4UO>derBf7JSSq*6rv3`4G4JB8B4=C`hwdE;}v|k2Sl}{)eJ^t_DHEfR#I@D+h@Bb
z9)@ld*jJlK)zG<-QrCT)0bA438y&m(x*Z^5kJ>wm>O<v?%&$Ggp8Il^VCU?PyeO*A
zY*2=^otuOF;(JnE=dWfi=@NQ9oK3>QY@r+L=;QTVi^1H9^H(ThcLis|l^m~BNnvwl
zwyV?fHVRx7;#DFYQP#2TfyHGcdAfEet2ew<X6$+c)n?nFyEdMmB$Z!}P$p}4e4VsK
zr^i;c(^E+UlZRbB3=g(ydMbMP9)N$Ulde<Da{q{;<rMeK{~)uJWJ_h8g`ds6{iew>
zpn~)tHp@X|#+A&K0AmoCzYOa@b>^9*THi_MgkXHR8y#iy<`x#6JuAvul+dc(ND2{m
zX9Fd}hQQ4iv?3=_cX2iP`0zM9;$lsbD7;!|F4{0wnRTubPoq5^fP=lGU7Tue?*kH|
zUiHsCjzwLl_vbC{ZeRwU&qlR0x0G{cHg9#ezNhK@*ia+C>Wty$<I<+crRM4m3vXK1
z&=nAe=9Z7(8ivZp3SaVw=u!+EdB(US|0p|wzq+d?ZO8y#%c)gtxw+Z|4G@}BkqKhi
zml9BQiyc;}{7!(sCB3=ihWGTagg3mU(HKN^6M8p%T1-{>GIfd!9a+#oFwFL@h7ON}
z=M!LTBqtuQkz9Eae|Z(tewq;2=hNdW9hI4zjnbQ-uduF0?TyN@1rHk2`BB<Ep3qSQ
zT6pa|a_?U1%UOV3t(&CEbeZjUf>^EgqPOVrX0S-%Hv-Wywt&7Bla%dPvoK-*e5#|V
z^J{}O$3+zj?*fkAO8T?*N4@H{jBkm3CWu@}g?Yv$#qNI0$#Ia5WZ7)BP$>q!T6Mfc
zP~@8@r5|(V99iG2)>rPh)V(6|M?K09$a1tRDy8N8w)aEtpq$(`VzS}s3-&;^v7!N-
zG-uODIY&cu?ExQjVkJp7+#^6JNPbTgeFW26i%`>To@HO5YEKBB!TTC--y>B`;BoNX
zk68a0#5emBqwtK`&)(<oTV|im7wz;rYRFBSU@LB-_eyGZ3l=^Xb&4F)j^rPe?A<ML
z6~0JQzzTg|2%IUgWIK$P!4M^Z?PW*U#TBDeJ#oaa2_Tz}o)K^T;X&97;uzu=Am~f8
zBX<4B5Gnv5i1DL-OYKryY5s$#XemMT#y0{tArx{KmRECJULxeSw?aR?|5p0$CXGxn
z-N*x5nr@>P5|h$9ru0e=Xs^Z)vwh4Xs{-H(2cOc%j*WsORJN2$LR4}XBXX7vzE~eT
z%<P+F`}UI%01CF|`j5IUEr9ql{<<C`r;2XA6nk7#APR40P$u19rk=H<LHeDx_KaHI
zbrajCN3jW)4k7NkwSDUKh+@~+e(uoBm^OC3foi0et*Y>DL39$*$C!zvM#5OJA|;`i
zIA%nEG*lyK^p4d7pi7!WfY-SPdyIqe-(FO-jy&SyUEnp5Mrpj0c=w1)Omi)!v%2ne
zo!7Y?^6cfVo+ti1!c<IN?{4R!Hyf$kMu{O(do$ZxlGqZRFP?<N;D$dx=tLjMvz-Ib
z3nRK(vOQO7N^{g)Z?7-1F5DO^>aNa`Pqd?FznxTE^QDLB5;8D%I^X`>Rhg_kBcV*;
z06nhP#Qem@=4#b<u3d>ij40i>5qm@SHQNshf&3w5whoi)HFdeuAq2!zg5(qwu<Qq+
zWXOydJ-qw2MP!Ta^K^n?NTnh8j!gQrvVgzLVM^^tRMKl5KV;liSe-mCEhkA$Vsm(K
zOO_`~_bt7vc}T@*^aI3k`g{@BU7CXU615QwTpywX6zs~}<<48cOZ#gwER(FVn4k7Z
zAuQv#;H!&b#hnZtqoRP1{`Z9aKG5ZuBsfIEA8k9;93~`@^tF93&bMD6p(e(zkB_<@
z#vaXW_Lek!F6?D$WcYFW<dN)^(Ydfhe@cFvWYWYfDZddQZ!G?XhnBSpdpk)6Omhm9
zBY|^uSL7|Hy_Y_|0SMmgQPFkUxd$}>gdN5SnJ(m%@~m&mVKvOAYqqtt75R3cB06Vi
zyD0f4fUSC{aZ47)7*}kmhWfH)QaPK7^KLh+w9>t6`}06v+j@xJSV{Qur@Ud4*){`a
z`p)-^sbs1W#!Qb5Kyde5Y?lbc&3YaF*Ric0iRH0(!(djnreE@69<`V9FmTFFEfn2w
zT<8aw<d%Pua9CGZa)=mi>*Mg@GFpmF1Z@gqH+}c5`;51)-Xvy^Ejj`o>d~O9F9!<%
zY-N)dVycslcQRygOhx7ff_SAkQ?5t8nYl*6Y{F4b(>(18P?|V){ME)ypUSre0o!Cz
z{-cGIEoWx-WMS90ioO7Jq&q%2Dwz1?09#-uSLeO3*6;Vv-w40bRsXuJblj%*W9ek!
zT+#a&X9;5q;)as|q=gPR5MyJ+WH>EyVnF)O*Fy-dpQrA+fJ3Xh+wp|e>L&X$G3LS$
zOGRw*&|%|JGh7T29%6`~EQogwdy$4ZG*d?f<L*!6nmQ^Mpkp5v(sd!_I^E1QtWz|Q
z)0#}V;l@@(G4=WHt^$|k3@$hLWSS%}(m9XBXkb5@LajbmSXRa{CRt2XTc}N_4X2gC
zLCD@V4jj9(<t?|#!$i{PNkoU!2zO!`Y@UWwYjy3FJ|^0VkOhw7FoI4HH$39GMEb=2
z82h@4k_HGrI^uDg)0guiIpd-?;YYR-#v1F%+!zpsx&p*3!|gW`#i@63XgQ0%Uiuje
z0i;?I1S(cP0~Hc5Df97JIgA;3Y?SCU;Sxbc`SgBrEgk^ju7D7rljA!kTWHD(WMF_M
zKnGV$j3Ro49AxxpF+m-%`ln}SXt=yxzClicLh9#DGUC@Z&R~-~0XtskN+BV?p?^R5
zGaid}DIwSa6TKj2Ud|&Bu7OAs1WS*NE|YQM5CT%4!(-7b#0`!4TKSz5kk5;oP|PU(
z*2M!XuM2eSt~(2FfNo#v0l7Y2kKGrJ<1*XKcQ%5L(yHK?kcU;{vr#X|RF<nQtonaC
z3FMPWfMwJox|@DWVHF1?Fbk%En||*-fJXX*UL4#CVZsIujRS~8)}*;iI_~i(1<kOW
zur2Kc77Z7P*%v%qWqPlF09vxzaQ!b}M@T&z{tS5oOgNb!Q1x^XWVfE4q*TQ$h{cSG
z>2)kY2!#n{COi*U`AYR_JaJ`_XK^^irgjJQpxQN_sA*qcUm`LaQqq%jABe9BW0+(v
z+`XUNgZtQYt!Pl!8zh0ob0mXr%5|FB0fH^wN;Y91%+Z=x&C?w}0Jfcmy*G^f9wt8#
zA_Z6@la8Np3lr%Ij#hgdA`^t15<kJ_JMIn#U<Kb&D8m^kvM9;asc_5#fs~=<wWy}0
z<InpOZi4`pLA|^o<Y)uW9Ls%T1h~+GTL_)>RPwugLwB^&1r}CA^{OqL?gGfop20PG
z_2uq7C0vp-{L>SA2M~j73p%dwm%`D<;~*@VDR*3LS?l593DU_Pt`}UbP@mC*XlGFH
zS=(o+=Ge7Hu|da*twyI8dovCtS+7$nPwQ!)WMBb6Kp127Ek<>V@cKU{qDkIe=vE|q
z=X1}PFBojcO1r?geHtKUfnr8m89xzs%_ra}DcbcNHsBOW6a%tdWRQz59ZfgjecV2X
zJ6}UySIZECh4McBy4$^V_${1Ci5!!0yNa^D{o+?GKq%r3x=kM(^XFpyfP<=5ORZGS
z9v-OIUT4oI_5hD*OUV2D2}n7G_bWY3CqaJ$8$5x9^T!I7mX>(sqS;dd62Ja9LHfMx
zfkzPw5^m!!n`9(KHZV_!T?6N`AiC(nW?6Bu<KU0xFlJivTFi6>0SwSm*B}}ZCP#ze
zZPy%zGC}d@-aMC>1E}5QpE%EBvY+5e%;)&2%NS8%0b0tKNsDAIOX4Iyoh9g)pT$xU
zYV5?P=;)K%w!D9mp;jH5)UG{wZzSfuQgOwxgdr!ON(wem8Ccj%x0BttI*rm<m`cxL
zbci?(cdbcyQp!t}w^_t7$f9_RVZg%ac_@}8Lm0Ezf;RykB5We|%IPSpN`Rr+q~&HT
zAeeW4_ocXV`}(_+UERmAu2|)jF#c;cOaXI@3VFQH%kj(e@rTk{d@^oedf#PVkj%#%
z=DXM<h`5+G`&k_5$%*s-0!@H93C^n;HJiETT*3elI!-ze9Pz7|`FCD@0icIhQ+BdD
zF(!5BRZMRa2g^->1%-NQg=Gjcgu1L24XzRSV-nOzq$_$7;})l_%_qUvYS7K{p3~<D
zZpNDqwtQH#ZM;z;X=U<$!;i{yVR#|tqhjL$2#rcX6~gSp6c}PC>V;l>4c~<Gw;1`u
zwF)RxEaQmp$N*QpIl5vJwPwA`LI6(rlS0Hk9KD|iu{g}Jm;*NNu9+U=Rkv=!i&u}*
z5k<#ahm&ZLK}8E#a9)jpfdUnBrJyrjmja{J-fd(CU9KSbm;kU3q5QR8dC{syL=DJa
z5yd=&ym;`FJQ7pR^J6sgV{5l*o$n_{0G+K1Yv*}bQ)>iJUpeX0y-7HHKW_4<VH}P|
z<*McBmLbU%bZzTNbblNjG>Xa<9@dlUl>&(L&}%rq@#gZ*QXl}82F$2ECq4GdfGzJq
z?dHLEy{m$52qCvM+#Y_5<*^t82u{4C-wKF?rBF~))5j!9e3S0I0hK_KD?k=6Lw38!
zZuUth|C--`o+cMT{a))y2K|Q6z=>r$)_r}<vi4`DU+c{wUvpmWGIL&K536S3hh~Ro
zD7xe7tJ>jFkw2>F1|y~w+#DPnj?oBYDgw4yPdZ=4M!%a;u~vRDbhrh6mg6My>A_=h
z>_7ns&m-a{<7Sb-Z$L*g@}xH4wd0esa`;QTN#`KMVJ3+##<|D7_!LLUoW~-TUs_C`
z(T8gI`@Qt>Z&Pe!T#L2s=A1V$(bf#hN4|6~2g*?gs9>#v%yCOCcz9EI*X!VcHt~F~
z;z$A?1Ga&h2eX>7lMjxIj76>Swj&Qx1qJQddb_pTe4J@#zXQ<fzR|U%<aj@Drm?(?
z@!Tf`_8I2m2Zk$gnQ_BIzC`9l8BQ+8SKPi92Z9Tq`kMqI2g#)T0I#tJ1sLjUlk|=<
zV#f=TqIU3uZ&YKgY&9#g7N6`J$V?944E{3s7kDblTzAd&<^amGX%#)5qg7IlDLTkV
zbiFgbRO@pQMzagTyZr)O{Tuj8+-_-Pym*AnusR~i1G-2-*Zs8wA*e4&szd;y`@J-2
z2{`2R#fG~1XifTxXJ4^JdyQzg?%pPH9fm~B$~24C=M`TyaTnR?wCe(yem8*fR)C_3
z=%iK7;+A>>&kb+N^#_-x-Rls{v=82PP+Xi*va~j`0M@^3jEUE_m~y^VI@-_OLzoKv
zNwm&GBWb2`NoYAPr3R@hApHI16+4c)>X#mZB5I6#26<j-BE|wm%e#J}NBV1$XIqoh
z{ZK^$db1U!i@3`#IhxmMj#_IDEOb!(ROq>b*s2GEdWuvmbArJzsz%Dj>yxlr=hd6(
zD%6PRI)Om~KFg!9_1Cj*80ALD82QDlqbwr<HprE#!NS=>a{t-bAcZuFV1DfGeEiM1
zR)1N48DVjawiK@gQ0s8i_8uqoobrf)p0u{rwdNMnPah$9#OmZ&=6I{1Bw=A$Bc?l5
z@^Jez41jv&7^Em^@R>{}&Elu|hr1fyT>afdB{^q4Ci*G5T+x++<bo=N8vCb?(~ine
zkT=lfkGtU!DMrC*^!Uo?tvvTlo<{0St9oj5pm=qBoyZ)si6>C_p4Ll!nVyl|)1j|$
zYp!H%z?!~nz1Q~FQam;qTw?G~J*Y&a56(B`)=y|#XD8L6o~-(Kuru)u$iYze{NZha
zdqT%7ho4iap0#D9apoW39=i1qoUgB|W*8J3YMef{;JCLx1{29}t$sRa;*9@FddS2e
z*OrQD?)YsTT>hY8KWYORmZwh@h$<;&eT2x0ci(DeDD%8AF9tD^l&n5fq;$$3%<b>p
zu6@;J;7S1b>30#HX*Yd>MY$N?8{Uq#>p)S>kLkGt8{e{zhx&ej3(i;X?jlxGhO%>V
ztokk)a7eO@aEF953IY_y&O1A8-RKZd*M_{%+$KwW_iojWVunV&y4aFCe`%lZ-8*cy
zZlJJ$q5RHaY_p}Dk*~<m=MHvyvH|NLO<(fY#zh`eUgzgXVx-PW4hyeWZjW7&zxVy2
zvSN%gR>BWG#ZR9h6hU?KpnhOuysrHrsZRLJwZr$wTW77F8<yckA$*Uesr?|z=oG)3
zTV=AEcjN4<qld(6F7r=4uk)la25QapekcM!#0+~B!lahix8|UtI4?!5>mI#D>To>Z
zE>vP%M;yH}gf8-gD6{RbEjFe-s4eS4q#4oLGWtR}2K9!{ua<3Y`1u`3CIKA-Eurd?
zQEm`@u<GB$QYSd~jtt~=Ip7J581svTT~FL)Eauv^N;^NM-%*A}>{|B8){`ew;#?pc
z`X29=TU@-y(teXf5V%!yg?JBxZwgoP7m9n+w_`8F<M>LX^AanP`O6Cd%q#AS%^ed6
z?c5Hu{h2Q|r?otdG05kvVZeB{JbbTdukv$mzn7IvxVEy9_P;Gi6n1k>8P$$~qXywt
z!~w%<qss$1(w2iq;nWvVYL%M4+3f)r>P;QOj-*?pVaG3L#i>|G^>5ZmNVYXws^8Uf
znI%C-<PXlt>j$amiD*#0@{kjxI#gxk(@(-XR1ul{=4s-ByG&;*yLEqZ(JvrOUPJ)u
z{=JBBt?wTE*d2~fJNtF13H|+>pAd8054CCwbNNH39-ff(^2;bjdU*aM!hknX-zA_*
z0Uf;jG0`(kvBqKzsdTyaI_>i?q=mB%fLv)dbqTrDZrpH`XX&H5SbrVXcjtnHaY~Kc
zPo)g#o2-p9AT)nGx7^?q*W70*m!flnhrL&E*q!S^%|Siek(hh|j_cje#l-_~-U@)&
zNaNS?Xc^NyJUf}T6|2$J7VWP&48jg6YecpI#wmqLR&b6?$#Pk0T7TFArG&+kcxs*0
zH|?5kRaZy$eOv_@=L1*bgxIRS&tmPmro}4W12$28Aj5k=SEw%>&^jIQr4PQjza`I=
z|M9R<^q7MKJ<Vy_l`MgNyVVmfs*ea3JsvVs%8&}9FG~#;8EK@LyFbn6AGRXhwcNFQ
z{l_6F*R1NgrZ?NL#ZWPA>AjaW4hiefg7;+SBc)P~n&o#znUnhRSQ2fbI!Y7fkS>a7
zc9GkU0-I*#WU`a$2YqtAp`emSwv=J^zGG4AXMS^ET|{SzmQ^(psoTl4jATlO2gtV#
z=W<;!lX8FEtf$R3>5*J^98*_As8<2!c0vumb>Fqv>~V;;Pw-onHd>k>oRFVB^l|<;
zx$IU!;Iki=c5M29w>U0O4>@kpx~t~x_;<Y{7tW5%TzDQITFRYXN$B=9;uru*zN1Pu
z4@uXcW6rz(5hu28>ci92BLI6nYNu8gK-K1z6Wb8S+)3T~PQ6*!D>vGnd+ycuePj9K
z$2O0tmnuapo-^DspxI7vn%JaKIv%DTI~PRHDGs0$)&>O@;iHXjx<=;DOn0Xb3`KeP
zBcCh8lUpvK$#MA@=((HTpiWM9owxI5NYlNg52<!EN&+EJUfjz9nbn9JbI`q&VO^t^
zL_2Flm`?wo%PgOi5q$yy;zPm%gi;c7U)~k~44vPWUi+qpntgHc?gmB42ehwt_N3I2
z&)7^SF`eW1Lb>dcS_+&v^%nF>s@q6SJ;NNOUX7GChO&9rD>$NPk9`izd++E>w(G!o
z!^~)u3bLh8Je9e+u8Z&M4imPZj(rReNkr+7x6()GZ--K2R2Xy@&L5W7K7PKIilWes
zl_soa{ls+yes@}^*w=B$Y795Um^$H}hV&9Q1>>#EugdPa-s0_3LtHMzaAHsT%PP7M
z?k^FHeJPyCT|IA!f}BqB?4>TTt~xK{R{OeRGldW0B0hU`_Vz3~<$c1(2Q#`uPui9W
zB;t+tS5R@^lNI(<RJ}bT22K2p5g$!B=_qMAXAWll@Ysd&hLb{XOCrg>fC?qrEelJ_
zo$33>%nh{YK*{THMK>vT?pJCo=C|XUl@oV7_`{gIKCJVcr8{g1Lq$`E8eXcC!>-+8
z2+dSik>o9RST3fZO5i&rJ`{W)vL%a9y34|M=eF%_(eNw6VPyOFXC*zJc*sLo64^!b
zqh+VfW&>uS)#fo}kz7yeUcS3OPq)&)U)PBI9K8s07gmRl_b#(#!j~n9Ik@tvw!2Mc
zEZ>zXz@M}Lm2DC&T9NqR*cKg#kPep;yEd)0fGikxTpnDSDKB}6_~aIEmnu?f-v4nd
z*q}ID8xi`YuPB#uI-}E(poM`m2Tn2_8V+C84QP^?Nm6nDRdSp><;KZ#yLT+*YpA1j
zUr-G1<IAlUpFTi7X(~GRNHHMJ>}BOu$1+nTQUPpGkNyKEu^R6c`a@Sw#d)5oURb!`
z&b<VQH!aeIOO=-kG9AS!=28>XG*~4gO1r65&sq)_nh27_b!f$a(vms?nw&rp3qvA2
z+p5RHi%q0@uuDb^*38W{X?xSI2s=_PPHTEj*$tmd$_;jA*>Ar3GbApU_&U@fda-op
zW!Ptzsq~M<Me2XhulY#{1ZmK6G&M5seMP2tYUht>O%_!%@)omb<!iZt0@?eyqNGb%
z^<(c|`&UJCO2y9{Gs9~|Qm8bikFK?<tS*)rRTQ(T9v){GbhPMLNL8=m>5ap;cG>E$
zG!TxyL4_ujpGN@<ym@yy?J#*|;nOkEq&&+6ZA1N!@y_sTN+F!T4zn1wEY8k_EA7<0
zPNvlFzlNOyg}*dceaI~ri|9oUhdameJa?JdcpXg7D_r?N{=s4@^YdQ9IsI7M-YIQA
z-X7eC3H=;ycTyc?a2E^Cy&mCE^uq~VvUrwB)-(r7yS{Sw8o!eU<x{RN&o<Ml=A&cj
z0JhH2OgbYENA}XcaFUluM@0Py7)CAYp_gJBL`)r<qN9^>$ruMmLI*C-PA7X`-iqrT
zvRh<_-(fRGApMH;c?pD8*w@3B)Tx>nIA_LQRyPOj7O=x_h4HgVRc1r!5zjmhK~CJP
z_8ZdJT_jM}rNnL^1H`8*CQYEwa=1?V?pm*Yih%*NnJ1ZddRf}`dT-hh`QRt$Y=s}K
zPDP4Gmf9t>yZc2QxD?0B!LnR3H!ACc+sf+n&GWROWV%AP!ZvQIuS{aKhl5h5_YVb5
zd}0tpD~gNJa7|v)F^^|Sy-iHys+JHrhJT$sIWVz{8(<PvIJ5>tG5wJa(>|DB<_xYf
z)*1gc_nJyIF=w}{FN}q_v$BTI#(DHP#UgqY72+1hZl_+w;O3wrBo+lq3J7oZpZJ9s
z51i_Zzl@cFlBv_Mxj>EOFsD;1YsnAdt*Uj8&Wmm9?(;$}dK{ta{a4)e#A`;10z8$(
zMNJn`N)&##I9vDkLnD8g3)5R*4cncfqWO-Mqx#yQ?EpV<`^JVB0m^%MCT@(XP@IFN
zzz06|;a8cv7y^SdQi)W$U+%)7i=c=G_*Po4WCQ^$3a)^&6?2<9)MdhD9?}7&#H?Ro
z@wC3|JwwdF>70ni0M;D(q#tpeoC5>-HF10Wb@3XgFG#rm%dJpm0!vE~_fs|7c?mi?
z#Hg!quHDss)g%LT-S}0x@8u34S-(qU*wiOX0C>*BfNQrnl_IZ<Vc;3edXjOmK^gW0
zKd}FIK~4R%%Ed}^FSVeJ7NWJYOl1U^vV08Yd4&Rfb<;19=9gHc1$>F-FjS><`4O72
zvog%36Z9P)ywK|o{U^s&&HXhHro3#*o|Y3^`1yoaHt}^H^S)$IvB5?O0PvFRhUb%*
zTX)`k`3z|#F9A%t8meIyLwED%c@c{s{E(Fu2SSrW{I$V6ss{y6?Bt>Ws^yATd5m0s
zvpkrmH`dj~jvX2^aqm0XFXI07zX3MEgQEZ<iw5o`4Afa!AAvgjsxQi|uiA>g%QOGl
zRUz>i)&#4`Y7Z1xr~FVE%p^+H{9M7wZ9<}dEF>#1>C`pIAd0ak`E|fgc}K`d2C`et
z3I-Tp|CGvrh2U4hn4Oao@aORVO#UBg{Lk6=Ka&(MdK%b2ceK%2{3ZVL40);2c7e2n
z><vMCXRGbG_FiL9o|;AyR}1XRPu=?$?hlE%gUy+Fhm|2)8}u=%Vt28((P4F@zrU}q
z6eKP-;rv|$rI$+yY^WaZdOVwHcw^oFQN<duHTwosooU_kK<*F)g4VvDa?D5o3WY)2
zgis!UK)oe{D2MT%`hS>f{L54OyT}(0>ehWPkYD4?1uZX|fn;2Sv9n}aU3X3v^G|JU
zL)5paZg;@x9!-VGJU_mVo<dF?E94%|{K_PRzb{Y`X}R^Yx|s3eKX$c2Y@a_mwOQ}!
zKLL=m#D1|SDqS|t(LB@2kl>WOUUPVTef|Ab@$C8!NQJ$d&-~oQ2OMnIM=$^Y#gUVf
zAIzxY;nAHt(P>Rre>b*ug!l4aJl(X!ukN<Wk6DC_9hf>kpxmB-KC?E^*HKkx%yIs7
zCfjLo=ET)5!JoTk0t5rKG6Tv`*`!&W%fs)(bOaY`Rt8!<lJD(%frc-lP>uKA6tyS)
zYhGK#pf?Q^f#1y|Ej+FGX5=`7vN9~Q^iMH3ZM0Ir0q@+kU^_Li$!~E@BQDbvyybkt
za&jy}NI(@frsPs%lT`GSNDqlhSBpmpV;+XSJ1w$KE(CSyeV5&T<_EC6p3o#G^u{!2
zrv(yUJXyMt59oozBn4ED>g7*u)Ki?b(wWN=#!u52aZb0)3Kj!um`8dvtx}3k(*c<N
zH9qH!DG6q1<)*LD;Yz_cfZbOy9ZlDY`vm)ot;d&k1fyqyMJEo~^r%3`8&xMr7mmJr
z1n?tqC&X-&kg!(x)w~r<Et{Oyt`p$ZL#x8Vw}@g84oF<d2~CZ*<*3fmy8$}K+V@B!
z5TNu@`C3qYoq{D<g|Bio&p~T$QHq6%M?rMzRa9ZPfZ}8os7y-W_4Ut_MIcMyhb0x`
z-Xfs<1rA4|*5T{o6JZA`y8GVn<9YZ*PVlgBJO5=0-t1?hh0D)CU7o;^6yoxsIOqmF
zLM?!_gmtbQrIK{ZkASRb&+ZWj=u?sd332h0iaJ0SYA+1wKtbmnUHz>wSZ5i?eGHwT
zj&0E#xga+vdxQinFk?V4$El7t&X<^WzZ>s}I#eM7GS}+g1`_YRRiGr-Q-RL|X<q^g
zY)T^!N{rjd`K-tIMXv|BG$rCs6#W3A)?pRf_-9T4(@<wcJc%ju#I(hUhOGBzsl_2l
z?C#d(z13w64G(73D&}V;8v|*K@s01_P`le<Nk?^=@ZvO4-#yRmxXG&tlXiQ({Bjj?
z^|vx7bzNp7)-Y{<m=Y!!O4VQm(`Q$!G})MRargGJAEt$gGz26%caGF@wHJLak-e=*
zBGVhs`ev8nv8@MLDGy%#P`Q>tT;z!M7ac_@??;rE3$Dw%k88$Hr%_#P%U$c`GH$c+
zyXpEN&!o2UJ?bN2O=M!ta&84-%q5Rgy#t{J9Rn(AIx4>DPEbW}YSflz*ZuQ|`}yZY
zzNc&h_r?(v$$uu*AwNi4>{@vdX=2u8Oj7{59SPJyW&H$=8XcvK5q&)~fHwQy&KD;(
zTXygnhK4s@^D@<c|KLc|lsBS(ghmx*^UgvZow+V$pP5H0*fK0{IB8E6%6Ku4Y&lO}
zcsHEQvr~AV+rM>9_InY_wR-Kzj~4qwunvI?DS%?#t{fz3N$s!@r?48L4>gf&Qr~>c
z;)ei`?^V4LDGqv_(JiTW+v#!E=9^Wy3RLFJF0-K~oLUcp1W$E2^bzP=#edXea}RyA
zeH>-aO4`f$$wn;0>y0OCRM+RPf&O>#ZMem6pD}Md$wMeR@_e{A{pxmnRqlJR$zxJa
ziZqQF&@wz%7kf@U_Wi}ydMha`UC=36t%2Z&v|I%(9{e+xM8n7k9>irOg`Z{4`>OS}
z2}scSswVCl!$VAyrqh+O*E~o1w~QbhuOjTI)4wCS8ijXd9RmFIILyu|`<<KBDYv(c
z<F(r2Si&V+hN(~Byx61?v^VX5%r4blWZT)DIS@hoxH2hOd*tUhbBw9#t$A4nQuWpH
zi$|dObTvlfIOjXN<Xp`N9Mq@A`;*s`6<fJ{+6Gly`6kre)+p9CAEf5>td%!6g-1H=
zrM{?7a#R>g?(TdG0`;!~d$-rZ^jR>uoUm%rNUOVk^v_oW2ZJ98hEsWD9EN&C+206I
zg7LmRh=y+Rkn5IU>b0wE!k+h9zDFuVi=%`Jb3~~1#H%^jDh94Lg6`bNC^dBe3Q6t1
z-nh93s&tVmB(eDTKBhe$cbOV(vwd1<0hpSfQ`0+12s(q5GK7Ds!sjs1gERb&o01%B
zQ4NkCSX3wP{X^mLF><iR5maiHQw3VEe}ECQYBm@rk@&5cV!4AvAmU7<h@Qu8zo%J-
zrMXy|iG%%ui*h^G$G}9^&z*u9XG+h-8#j);Rp`dzE>0EvoMplw`=c$ErxjDmiZ0jt
z;MpT%r0A}nYote`<Z1DYtN^!DEB;oTyGRvCXO@+2@4lIH=i(*iGRRGhJ}`vuYKY!3
zl}Zs7qT~!}Z4{|bYR}`Z=0|_dI?`I(S%-BB4+?`~+UiLuT$yP0uZ<8$Tk-5<sgH;z
zRkt0qAR;&*pR3}dp$9(`gKhSlq4SM;m;BP$0t>4c;dX6J^yR!@_KA=L9eAWTf*PPU
zd6TQ;5$XhaqX&Y;7TnE`;#1wT#HWzIY5@Z6q20ptSM?AEefx+l@@+<Yf;Wfe)mxh$
z86o3clFMA5i6-3Ie8&xQIva`u{F(G((%eirs!NQ?gb9M1EM;qlPD~_-FG2sdQo(aG
zeqHD9e}UG~+i7~o4$)%W0yien$NO=(Odfe;9~3AXyjQz&S+(Arx07<5=9KcT`^4HV
zCxvB3FKwW{OXa$7iz;}8Raw+5-3~ww#tm=Jp}u2j8feknKOQF93MEvzl)~RO$QQdU
z%S#1{qUawKDIASFf7tq_D6kvn`MJU^1W00A(s0%vge%E0Em(+zk~NafiArS$++V19
zDcROj_i9%3s?MJH^J?j7iV@YD-#k+VuSo(A3^phcA4MC=M1`r=rRR##KXjupo&Fpd
zXBZ@4TtY=$OXV?5Wf-WVSQT)$oN<sZEZ4ANAZ}(-ds4QX^d%*0`UZJ()L`1@_HoGo
zq8KUB=Oi$wsx>H)zPAtR*$%WD_Y>1Bgw62aJq{ElNqI8WyaAgvMJ=Wz7ibEK77R##
z`bHs1z(mE?KmL~THNX>p&=_Cyt_eC48td_CKC)0kw)G45V|;>s0;iS)P{_-cy3T{u
zb53%^M!ZoAS~VLLW+tEl`l>EQc0ZTd<?+69f!nI~7M$mk&~Bd+46RC5bSpo3Tkt|Z
z!K$V<C<fY<-g-N&LN=^dVx3TuBP+gxR?~H<zZf&5O9>nD^{+U4nLk<TQv2@3?Nv;7
zch1mvKdMB-tT6Hr(${*kEc4&7_yeCp0!yX~;z3nh^YNkc6y^5CZIX*t%eR?Tvmfu=
zW=bNq86emmw(fwRC5?;`a<aagF`(D(h{@cT$_P%Yzj1jRY|IdtSvK#xT|}i@@G+@V
zS5Xu{?>(*FjC1Ys5YiQvPsecq#a^smmgX7DmWM#vS6iejj5-Qup@%&(qYppZ_MjS(
zkE-w0Aug<D1@ZblDR)vYn`>zzs0dz2jP(`IqQ*3{;D}&SqR+*Oh&E_?9q}!jt;1Ny
zciA#0K)V`%*y~<6^7K8EeD~B_z@NZByyj?@%`-E>xWck5TO_UvQP1Z2y?QqXiZHoc
zL@QSz(2^TDoaqUQhK{UX5nm-IG#idKZnwnBilJ(sYpwxc!DxV%)y<S~{URAP?7NFy
zFi(2UB5k{_<ongt{xZYN%6jh@=H3m*vrimUt}rK#jA)|a?JrH|l=HYg8BSEXBzhl_
zaTrLvLlgVF-X5JiF3w{smO6g93P0Lxl;x)w1W?eV=>GKqHIa+;dB{k#4d28`Ugc}?
zMY|O}$|zl1Lzh4VSrUIWJGut73XMBbC&Ct5Obc^I7rMW$uw2~UTOCCSwASdz`y8nW
zT%q35@)(*fIyU!=<CiJ-oOU<eSKtWSP&oc}tnX-lqe*mDnyVR+YcdnP<Ne~G$;6gW
z5=A<C5pm}l;{EUg9fqw|q+}CU5JP1UrjYqii5T8)G_o6FU$r0^vmr>Z?l$L#%-x-I
zcj2klr)(c5_~!Y{1;2H<5+^<PoA_mcv=8HOR<_uFwZwMa>dLv+;1&j*k`%aO!eX_h
z3$wi_<Lsng<dH`Y?C4dSImG}W+leQfhH>X&Z?Wt@6I-<)G&`$|CyXbCuU*6x;219q
zN{Np?-^W+r`O<f(2b8FzvV&hn`-|ht?P}0$e@G45a^!i{^QGsU6Y`<%S$%(O|2AOh
zx})$`7s`bFW!yZatjwpFMBh4_v72K*_Ga&of}2Z9rXZ!f8SyMBWSA#D=~&2nFG=4m
zGb*{CnE(gPiyrahSGDdT&gBzhHH=SlCjxZXD_H!6^4<?<)9?`~6opIu{njyZV%juF
zFB+|2wB&$CtkaS-9gMnI#*{~@ZR0hW3;|(f#covEfwE{@jYRtHH}||msTS#Y_;%KH
z^f%9Js=rt!6pZdz`-|5{$Q$`06sr53lqa^HZN}Z$<OHS9P44?=HaY0^%M4b1HZy~C
zF4C*Mb>?-tVL{JTefNS6L5pM$ie^O=fy`XW)OJpw+q7B}A>Z>>H)^RyCX5HaE~BEL
zLY0!}q08l4BG)3yYhtS0_XY4|Pz#Z?H%Ur#)b50>A2YyL{Jt7IwBxWXme7vXv8wcK
zlKG}^mg>YSOdi4XPj(8AP{F*r29hu(&*wjrH<{Yx-H$oPCrHcAt$yKQdZJg~7p-Y#
zN=m8h$InDSPDLP;Nr?Qpg-wQdO-o!;U(enCZmhNuRWihF3i50-vP|Ra-28*j<^22^
z@a}k!9^MYkJX2};1dH?|l!o(1-kGwc#d!R+6?a3!R4UUftGLXbsXN(u_X`jiF?Vd0
z6Fya{zbbMz#nZ3en?6py4|yxh$`+2_E=VDNm@DA9C7%sZ62L<&#mLOcZ<1`umle9V
z`fW)1yWh(RGXA2LqdBXwaQ-ZQ<f;O^i-73PZJ`Dg7Kg__q6rJ{*A!)Jw<Fk&k@<Ba
zCGPgi1MQ;&iW2oHWLclkK8T=geUvzg{wi!sOT?mBKE5w<%V?UT`Z&za1U2bN*+Xz)
z`hDjus7EpK<CV|71ed`-4ztrP^{M{ejI(B~X!T9|H=_=TSMzk(46f-yrS|<ckeA_s
zO-|@bFw6Dka5(b#eU$D<P7RL}nzfHAFk@C^CFwg#5rO%K9nhOh)ivse<)R+~k*{W%
z+iL17GVYB`uLn2^JTg)p{p9O>5`uzOKM-!pNRnU1r{TfsdoJnCi?3N2wv6dNPm=EY
zB6C(A^x?x}6S^%(Ej6;1hFsdq7h|OHUmK};GZmz$L$qqjmqqdLETk(mT5^Y<YA_p4
znl)$Q7xz`yc~zZz)TwAjn6dpi^GsU367Z9_4Cb=<qoGK-vra|tzfHe3>?w=R6tPHe
zGw6Ay{6hPz48qcp)prj0Fh1Z@cEVu>9LbO|2wh;LKMu+GU+leSP*m&IHL3_o6eOtx
z0hJ(8Ns^<AWDt-H252%05+s9ws34$7Xo8@Uv*aY05R{xH2?~;fWN2u(b9J-NIs3f#
z)~)Z~`&I2fmZh+I^|PKepE<`IW6b+g#iD8*lx#&bn2m_N&4`x)K{=(z8fdoT1ZpcH
z#%J|=7jv0OWY&&L{_-r!nY78H%rW_{^wHBvwy2`nYChlIN8+5o)-8(dtIa|SZ<O7}
z?9TAhOqNm|B3UeK`)WqrCie2Y66(zOoy3p3k>fd^3w;}j{p1Rro%SBr#fs^hH|ghB
z&ay8Iy7@fpyM1Bfrrn_TSAEXf-Z3xv&NTzB@|LYwmt;PUm%Y4iPTqpD6VJm&%1$&A
zr#j$Fmw$pH7mkd%(S1YZkW0(QxXiBiSB0G7`8q~_9FA#|S_z~4S@`Mb%A{~gmj?y$
z%44;bc$+WZ4krNR{(@`b{a=r3^Dn(drR0W{-ceP8#!T|WB{SX|!eX&3^bvES`gN5|
zpVxG+x7|Qj6jj;kNV*KLow^w&T39N!W+>UoFd|KdzR7=U@2Qn_UEF59S{s*980sQD
z`W08%4yV%vuWvm7r4Kcuh3?4`#?7b7P-9*>5AgL7rmd-O(E`t0mRrea#zEG(QG@N-
zIVa}94&LM+h69P45d{>bmcF%^nH(A2-wI7_u8kY1G7OX2OuGDY4L8xLEK&+?zZ@4O
zdMHm*KU#84`V0pJJ-X=FvcMG}jg2U8FolYsPMZ5I>kIY&#GW3f4Q>8z);ye_5T|}W
z`N`~5E#1U9Ud9o!U%Si$MceVBn#Fb(9CIqY%<pX!l}Tkpp9S#ztcLM^y;gv@3Xsu_
z%CYhho+Vw)muwjzKXIOw&#|<Ug_;3#Q%;sO=yh2ObC&<%SU%$kec37O`>pGgx^i(2
z3=as)u&fy@#9hu;ubvU?dQP!}1I`0%!3YT@wxXy0fyS<i*t$%ucqZQGJX_kLuw*KG
zgK`sN7oEIK%`@W8?W3RK){;<Zj_=m4%Qm%jI1{XY3PycAHpe%4qPLs34mH=ct{Aza
zU=hR7V6fl%m?HtGrZh{@ZgDvTYkK+J^OON`Wi=d=P-X||6ouv?og%$@&9)I+RAV?O
z***9Nh^G?f$_(eRO~3k@69^mW^i7@({vpm6;loI#4CkyJY6KADUbTBhTJm&K@uOzx
zlhj)D_!Lu%0dOeWZA|K!A6NnYPg@0tEw_$tz7GM$@CPg#TF!WgrBqVvbg^(CQ7$fL
zIzYG{1UvXs2<1qW#Ebo|Sn5lEQGNxBbQyIqygZ%mD&THV?-URyo;iyv#xhX^o@FPW
z8Ma9Kf5!zIAfSNff~dVg<v<27>v8#54i%14U#!=7Yv0MLT?*C%QY%u<{U5n}4D^_6
zr;A?;s+|8fk_I&Tvpl=MIB}_fTnZOKC_SHo1^wkG3i}(OlR6UwkgH$h0}s1ScW2QQ
zT*<WQr{Ar?9B{Ppusr1ZC!2La$$U5hLA_#l4U24mrDm$SZAD{;zraCa+S6J9g2d55
zPkH<tIFs?}#;ojLT#f4Qo(1T;Cph;pJ-SONC<Gmra9^mo3nJfPZZ3WW+_OfyQuh5t
zUjXYNPePo|xWD|XFI7a9shtBH(3N$-E<b>_O3^xookExt2j``o{)3q<xR?+1x|5>f
zr$^WNKO;P7-2c@>-PIK|0kUb43cwqNK{@bqHH>2)g#@>QRq_d74-C!p<S^FlEUOZt
z=$}7~z<mvHlmM2;G23Z-@Wh#QUl{WE2>qsNUHk5RyDYlPDS$;M0Gobe0MO<1x0lLZ
zUsK(G2=WB#mr#eX4LBvlUrUBO)T_s!@ATw(z`xpA`@5(}<G?fY8u>5TzixehEop(x
zoz8W#0?*0**Ogdjp;2Yn#=5%??EVFI|8sfdO!;SVpv(Ku&Vlpk|NFJFJ}s#9ltIKA
z0KI%@CU28~+GOhaX;~+teX!yG#eI=l3n%SC_y95l;?Kl=cQ!o$M`jwT^V@TTu9Fi4
z1XmFe5l66J++jJodMN+U!l9uf*L+yMS2(>fF13v|uJ!g91BNEOCgAdywsuQ8@dO09
zlq$rk2Aobj-g&MuNI8!;IzCdlBqGcIXN+{?;KCupTFPcHQg8zEm{6<cxPbQDg$qYJ
zaBsgHnz-Bgu{|)<k831~y)~W-q!3)*`m$B<nb`X|NxSS6iwVmR%QsiQL_tfHF<`wv
zEOIGRdqWnFJFNn;Ika@l&FgNBz7NP)1q;e-c`7Mf5Yjyw5Y3}sm8Ke7E9@{(qQk?<
zjT53kXtfCZZ}UZ@haRB9nqnmkUKCYXuU-YnIz~ro-NNSxYR59O^74j7JeJ4R#Gm4O
z^#=kJ{$(YSQ$-r^3;(HdDWBmWtO2RAsy+R^{V2FhT>*T8W9Z-N2lMdXIU4CYfoF*N
zTJNgikKd7|640jFZE}1!bmZGTmI`3&97F3#RIu6O&Pgr-I5zLpZcQwE%Fpg!lbWV|
zL^P%;<^=b|e)POd1t?wJI-;>ceun$8|Mh851D|{I86SNO*#Od~xHuF^=eI<&pD)k`
z3_4a*JTs&{N4mc^R8#>IpMT%*SL5z1!GL%Yx>@BL*IWFlejSo9#D~$c-h3wr&pn{M
zJPM5_xxb&#@C66#3i$H$a^+cn6YhH~meiQdAZ{0ASKhkLUeC}!zzncQ<#On80k<P8
z-i6Su8YAt^fUCB965?Atvp?(i_ZTa(3I&xD3}!cra-@vsR%`=Z!1!#Z<&N(dNML*s
za~tVeemLr(rOG&2l4A)k#zut<mdz9!;B6tv;y&zp{B+d8zq)bc$b$mk#c%Dx>I$r;
zgkW*0?hby4i1OeYGdLmeIWGV=_1oj-m;r0;Pr5*Nb31bv`Vp*x)5rIpf*`E<$~T?@
zUd1k95-<V+K22bkYYKZl;$K12@X~MB<M=LB@!g*v6N!7A`$5;RY1o9=Z6L-L`ualg
zoQZc8q81fCy-KQ}pa@601?EEoV$fq40<Vq9%Y{ctenEesN+U_)ceBjqXrM3sbtN$1
z7zU@GVPJO0pK8BP5FmQ?F2n)wQHZ>#zW*4*AgfzjTcZj98Cc|_u3}?E+nONZnmzmD
zomY79=aJhH(i1?TkrC(>*72yP)2|>CsA&(C%i(d#ZgVp$AX16{TC!{_*QTJ#+6s6$
zpLuP~4MxbroHb>(Qp*{)*}RJ0^c#fA@5un|{+?^L=m$cxQo>bxk?N-F4j2+9+y?uG
zB#t1_iR~bYe<<fcQUl(N3mr-<Esv#Et`sNeoBNbXt~3h`LlfZTy=%Xdy%xmX0dDbn
z#ubo_R*OCd()udu;;nC-rEj5^SPdG5$(_i|9Z(w87+_bsG~aDLt#>fsNL=C-a54%(
z=r?LIr;8m7x)22wa+IEhEe|rmR|EmsXA#y=othhHSJi`3Z`7>y8v9NffLIkg4#Fd5
zrh14y*V+yqVHz!|e1tmAF4*z|B#w*W;uCQkYL<64|NL~^-Px+V*HX$>XQ9+&@kz9K
zN|91}9Bi>BOPu<i(D5XqO!fE^A4mH{ht?H*v!HS5IR-`7;nT%4MH=sM`vpYT`@V(`
zzAhByr>Cc9V?F>{_inTE)k)Qs)!^#Kh{=H?VlU7)4T$W*>d<(39o9ki4KQYfqG&kO
z{t)Pnpx?F0?hVPxo@2}2oActcNkW_q^Y1~oqs511U~6}yZV}u4d<c@`-^;0<@n40X
zo!eG!0NH&_f{&Ye%X)s+ctOREO}RBnu<LyH`y=>_9x)Q@?dj2ruE-R<aJlB|uPwNN
zbs>Mxhf9%)NBh++5CNCt^7vPew$PlHZ*_f0zIACxwg~t|PeqM(0nF<EIX5WtC`r3k
zvu(OIfzIh`ZQk+sBbj|TjgOqVe?z13ArO~UEmT<RRy$QSRP8NQh0u>8e_bL@<WA60
zR6KOLc;Jf2XFLHQ3%ZZ#(vz0AK1+?Q=>H--WqvF(bvMOOh3^^YLGvZSs)1%~dvh$}
zoqyB~-IJl_uIzu#PJx1R%1W4>Yvpk>yJ}1Y4)j}u=M%O2;;f3^`x$G){7YE_k&(<|
zcW>m^dbc|p&U;rwcRSIbH0|B8{=7<KcGzQM%)Q@hlPc9Rs&o-<#wZRUy4w_q_+x+@
zaZv->b~dm5$2=5)x%X0V0wRJBhfi`U=86G4Y@#J$^5RB^eMV1o%8OBGEhqS)bWZCe
zv#XUJi`bO}?sXzcv6LpyEwg7bbqvhXoDc~2o<kf3Uyr)&C;QBom(pJjzxdu`MRKF1
zb^)5o)mztE#5vbz&Yt&Lx4(pPO@En*FSwc^e1YzSub5Go5)9s0f4YNvpUB`S;70K@
zDb(=;r9I&g-1#oPIT5NB{p@=e3Y4Fe>&3~?+qS=Dj0Bu{H@nxuSrm4hwCJ0Iy*I2g
z=83zg2|MNG+W3T`(BUSdMEH~RI0Rm@mI>YC)UWY}E}WDs-c;!5Nag(#G8drt;`UsP
z-UlDe@ui(VYWWy?_0WEuH;8nQ7*h(HZdooCUG@DcP))Ai$K%=P{&eI!=-}25ks0lu
zC2+Waix21XNA5IF$((AZ7mEMbs32q&Vt1<v%qWJKq@*7E6D%5(ECgHk%j_2jS`0O;
z01}09l@pb<GyzT?UUtficfZKMF+FNlS`Qt=2Zxl`#CT=+lW$xf{(ZI~hI_f2p~?FZ
z{xvbLK_MvC|9(OutjL&N?%w^Q*OH^~?oWkFDD*u!d=;scgp|V|h;qH6*^Rpr6l7q6
z1BAuzbJQnrH;{^!YnkeJbMYvHaHcAx9ZbeQR-PO(bN!g3fpCK|gSOwp=KZ(lUi=>M
z7~}q}Q<HQ9+2`MOdps9p@D9)c+_*T0V@C?#n`qX_Iq$8o-^P0pE!P6u_pmEegFpQb
z9;%A&p<%$u`oOLG(Z4v7E+7X`Rk5HJ!mj|-%E~EMeuEwuk?r~hZm-RTwDVFk)#D><
z(tla*X;A)Ud#cqBYaslpvd_$mVgWpi%fVYvO#01Vl%Pg}|7p1woci+&e#`L&fIKhg
zzct`=j3NQJ0}jj#{!W$TeU_KmO-+vbWs68TnrCSFJ*R)$E$-(;*DgVs`r6_@y?Jq&
zUoPV4CLOqmXfg5G6aLFxhBEb>%HjO~{73lzMhU2bdxakD{k1~>TpphYBJ1$a;vk8~
z|Aw7&A)Z+JFD}47n-C7N|8?&`{G(>XnPLDE-dPa+_<jU9sw%Zn(_}xokF)<z#wDTd
zU$5Sa2ssUl@c+LF0{*l9+XprRbVrVeIu1=;hqh0QfccLKu)nVF%Ftxdu9eLzLF^7;
z|7JQuA_TVpNwC?w!x2p4MU1bhwOb;{b}Byl_;1U_EFSt#{{~j!9Ir6NReX%+AQ1Vt
zN9G*;_Km<W?^>r_o(lwsM<ylaNZ*l-5a(eQaJuWPxcTYfE8Zl&uBito{E40o)XD#F
z$jq~)BE$!zXvG`gCGR-hnI-_{cJtle9zVIdfAaLRYU$|fmpg$Mo9Qa~U(jF*^?%M1
zh%jb9`{D#XqUjLYf}xnZ`b#Ns9gTgH5V;hp07QrfZRS7O`3fmw`(Y4xkoY+Q)Cu)W
z`v*@AVSe2%2s=G=<nWcKRvJ=9K{BoLPQ)k1UECs8!)-csugF+nBVc*xh-1ytl}o7T
zqmIOQkBe_mUN$G(sjaLr+vjT{74vHO)89qx51;G{IpmJPHM<Mm{RdG}PvX&k*Px#$
zE?WGp2E|Pk_!~+LNr&Vgr~T**1+klk6~}+EHqD?a{5xxNEL`$`ur_Pf2kcbsL~i#Y
zb?ipJRkFB)`v^E4aQyHC+pYy*`n!9UO;(JB+pRQ?4}w{xo81OtG>6?l3>Ln6dyYN5
zm{_VGhN#;m-tA66>go>J7(be&$D;8BRIj_W$?VKq82@i&S7g8I>?&h#?0aGIH;EKy
z?3Q2I+BCv|0r@Z@0_F!}@Zp6Ec^xvMb*Jx6Cb^#$oF>P=5COP~G~O;hYeqj#SXj6M
zv79!u0A!{kxFFG>7zLiOj)`6T!C=Aaa8HB7zcdx$G*+&!Vd1Gv<0?YorlluA@M`?N
zGyx)>{vc!Vov*)g6w2)Tf0d-RT|!ZpPhhMV#QpZ&E*D~q9i19ZdD-i&hXUdv@w+9z
z&AZQuVI{VHmW!nU=X7BBFn~xMvE_mQgs-}@<AV+d0y(hg=Y0;HLns<F!};>HXKfd^
z($x82{h+oT=ylv$7Y<DOZB0Ewjb`%Fcz;3#sZiJ%tn>XAJVNu#-wgGs%_<pG5Md9b
z)(k`Z$OqGu-I1+@3&DBXuhR(e4wb4uwfEV{e<%>_0vs=W57G1&V8GJ?b8z(YV;Y*v
z2w{6z{o?RAjHJ%o0Y*$RnaLrvP^;LP4G%CW)lf6{-Ll*p7N1P)`n(PdjYTl8nHO~!
z7ze+~a{{*ns^^L>MQ(X_$(gC@iEJ}GX>KovI=dS2hgqQ(0%P2z`TCG8P)RR}oIH_}
zIH0|=tgkec(~n~l&cx53H{&_O#vn*KcJ1U6I1<Gf7v7K$H*RJR{|Thkb#nH01>da`
zjed+fIeCSx2p4hd>DG%g58FfFNf-cY?n`@XeJ<EbZM!#K*(sqdQ;p?cfa+q&XB#)9
z!R^};cuI{wJjxt@kEi(+#%D9|I^<7iZ=aO3-H<;2-?FQFP*kty92hTO3rQ{eHOp7a
z58jVwZ)UOF{M?mKv7*#urFe|N%+9Ugm_W;;8B9^1TK$rN+82|_r>{)6`|A|Tr3fB-
zi|*Qp%i8WgXCoDO)nP75OmD#>PjI_gKCRQ1&e39FOO<z05q!sU4=4QepormAiyLhU
z2j=05HZw&l<iRsmBEt7;pyfCW<i%kaMgF0AGNHCl=+3LVp@Z59h-s=9X!mJ|K<$}q
z`Dv%*J3m-pj)Wf`@%*A3BHfVF1~A39(q{$XFRh;Xh)fjmpnxj3aqIGHvGtaLn5)$K
z+qq?>!a^*wsVC~ehmx(*yJ6`0rSxCCdgNa;ebgP=;x4>VCU@FyS<~cUT)EKky4Ge(
zrw+_pC!M!S1&#7^et$p0bl1Oa5llv&^F&3MHx3Pm$}EYza_e3PSS6<E&XDF@l}$b+
z?Xo#Gy<OzSQqXQw{>xV-vm@R}3Ftf$-1m_1*8LVva4=DIIy$y;vv$tx_6Es{NbPR7
zpM??+!>`#Zx4LR`9woSt1-9Rtebh|<@eKn$1dlQzIG>PSk2fukpvapP`3jPxvnX%@
zeZbPFDyO0~(|*7RIyov}gXt2h%faHel|EVd{HO!%?O)tBH|`KzRF-Ry$;v&PODVmo
z)w*$(|EA>D{h&1q{bu2&wD0r8P1b*ymbK9a!u7Smfy>}L?RB*Ne0!Lk7?&o)P(yA@
z?6uES<qjTVh{r)?*dR1|x!s_b{k6QszJWYyGgH8}OpSo&vHDQR^KYNMpZnf_yuwrc
z(>0|n7$e8FCkwF6@MrT2yA2BJzBXmJxeGi*F3dbfB)Z!aQ0s4W=Zs(3WmWFlpB9>y
zIfk*7B|W>=1P0e<1d~>H#Hr9dJAFz2(Q@n-_}$}u)d0e3tIeUa4m&ibaO5{}k?$|4
z+TUv)S_VCSzl{zF&GYOxPw%dp0y}L8VOD$&A83EIXsH-j55iHY@s*aHI9Wg6R)H4p
z&oZDLFg6o=IFgWT%d^VHYd0yped38?P7ZoNM^n0Iu&3^m;H$PGoy;)Nx@Ro6&U{hk
zjS~A@Q=dw8=y5=tQsS7{k(<q1zj!$wrq*2SvudW?l7vERn7;#Yqm*6g169{&nQbs$
z*j{W1J2}?>#X))WN%ijvabKhOyfWd?*aBHY*+(AP=7!jI{b-?^xwDyCESns=32n+-
z7mxPt>8>M00-;rm#%t;I7XLw4>*RUQu!8D}Jr2`Y<&F4FnPWw|2|wR`^=@paW>{P@
zLfqoMG}8#-_Rot1gt2feXTtR8WHWj!w#k;YABtIy>YKJ&*=R8mRSMDiX(;sE@M`)t
zR~z~()q*No((vFOd-U9>0}laE>wOkzQ?(Un4W!VpG%x0GGb>h#=M$07`H=teoVvu>
zM{82)^9niZB7@xKBF49?mAUyD!*ZDWy&(2dJA8ZjSdA}=N!VJeRijbIZ9Id7YDG3o
z_3d}o-KjSb>u$d`pNrX#)DAbKpe@JZ7hR<|lU$w)<mh)c)<rge+x{H55kA+plWh(x
z?J`MBxOiv1W<2DU9`<{kH&$&Vr-o3y)AhT_Uf6cvnzX}dVQ5Bhcz@QzUfMh7`<Q_*
zx<{xUXCUgE<$Lq@?rhzz-9_IE$#GWR?}C_B6b$EcSm=N0hwbrwt((jCo8FV%+iJsp
zJ2*_^x7B2hu@dq76UeeT$=M@2o>6ag+7}poyA2$CTfJ&U%K}a(){86lzD!0p#2I(`
zD6E}rE=@Jv<yad$Z~o1WeV)EL!!P57>LpZV$jK6XlGOtUsT#%AjnxQu_UOJF8i5x{
zDh(`buge{BCZVN4|4dPz6hP*5*gV=5kZ13Bv+?sc;}Co4MF4~9<R38?U7Xn~c3+gg
zcHMoqp^etL_<)n*P3qf^FQkp~FMXkpZ<>f;B^o0dV;3W?xPSAryoIiA4eRSiPb40N
ziQSh!c+&7q>HU*j@AF<<&{nC5Hh!=`{g(P^k^Sd@=LxiR7^aQY#pX|4UDAp|J{lX_
zSt|9@zAsn2+h(PPrIKYdWlc>TRx413t^^6>Xo(Kp#%@oTM5MwYH5GJmaI?ZQ8O}yY
zyQzW=*z1GXtU4o?&H{8bC@q9arC~||D>iZqv=ja9{F<c&APb!@AKOq3xVC*wc2!#J
zxFB{nO}qjtd8e}K!0(XB@%xogev_$DUR&IkDzKc2sC-{rj;`RdlkwNhm&J5Ou)gU}
z6Bf}@GQ${~1{>!+=k^c|($(xWWW-fi)IiI`B+Kyundw-mqt9Osn6c?$o9R7;6XKc*
z-mOhC_(>P^MSQu!assh8HlyF3$tf6UI81)xMsI<6vWMSQM#>Srv4W*PNzWVZEPKGM
zjh&zO`N(3`ljJruF=nc=IFc7^?IR}F$lIX9hzUDDK+LLTe~?jdcmp#e+nb;1yk(rc
zGy7TlXEtcK&=;IIlO^7Eg$0m#D6=Gy+cGEpL0&FVTFmUMplnMomo){8%+Sl`>NQvA
zk@#{A-KcpRpT2YrYq~$(M~*)nW`Fz@Q~Fe6oNj$bYihk9N@reEh<zr<_WC2e8@;dB
zX%7n<ziC)aQX@K|9|#j;rXRf3K$%L$|Lz*ecPl-|NyJy0HA%O;vs;O+zHrTfG}4F`
zMQZ^H-dnTUSWhz+;>PzqV_vh8!P%O#m62H|rHKT3M%NcHvwgG17PEmf?e>}U!2-uw
zi+d)eN}sMMpQ5a_DjTa`(|)<|d@(hGY>|PI4@NS1Oc=C}^zZCoGq%_x7E`T6&G+ti
z?G8Idx8Rq2-dJQNkkFJPXK#A#r&R66yG2VG`;NEVvdk+BiZl)dK2wTMV3Q0iX`U)*
zZGWmcFsrxSbwn?pBG@$8r2HvnF{BxEJRyeWelWV=Emk{IpnT(AT^(jLJkoHki+nu-
z_Y}ejL@jI&XC)p_Iy<|KGFoNkbbp>7B{PiHaj)0iygPf&eri&v#2e<Lt&d;hOeBq5
zxRYdE<?2$DiKcFu;9{M=lf;YJ{x(sN{8;OTYJP&f&Y+#Cdsbp~u4XLdj9=BDg%JxD
zn_VYy(#@4S)!NvUA-A^Dr^0i!e4v}8+)Ji1oHxof%gv`@4RZH#Z0F-@a=Onuky&L)
zuAM)ySop`m#qF&%OChbnuQJ(YeVS`Ml;~P@w(U_CD_i}G(H%#m7w#*cBI^$i82_He
zoU`oIx=`V^OR7^vJ4AHMD*Mkg{D&QDOPj-Fc%ZQ6yiRO%71q*gxWtXTVi%Po+h@l*
zxM?T3ci*|dU4IM;lD)FK-_|7%=v=7bR_8hKhhO_*2Kzu1_spYC*(+JATF@oj#&1?k
z40fc@ZG+au`FME_i<p&TawEs&4jd$W!hS<B9i?SZOJ=ihSbDi#xdL?r+ke1a5Cc*a
zi^f$`30c;uAZ<1k&M+gFj~T4vsL=riL2UexMwCNULzE8?-8k*<c7C0*j5UpsXwK(r
znXvY%yPiaDx30t4ZUmhA8nsdNhh%k!WlwOnjHfMDRi@-co)b8UB18L9-Cd90>RfbB
z4>lQTKAA}&ZZZ1?B~%>T9N2S&=svbLWADRdFNO574yQE9sH)5EMLliLGTUr!XD>3O
z`?UXLQT*B`7jHh`G&=AnBDMrG6mn=mBx?4A*2vHWv?kU_wr_L0A@5G~{HKiZx2$KF
zC1;AmS=QL5$Lqp7&7yo6TUm{PPx)@IcD$}^&8T+t0qFdFH>&Axo8>PqRtW}18s@*z
ztivzUxf_b8vXd`v(SNBu*2tc6<F!`WpF}>U3ERNQV_YIgXL^8#VRgIVYqe#pk@>wf
zr4PxGXw}D)xZkGYs_~~lgK;ZqoutvF6dwW!C$l1p$L|Q+TX<(Lw5)@q?TnD>P;GBN
zX}~7oDq9m2OwEX!L$e;~!i5$pN=8xMS`E62TP+MUf@EPT_lQ~j;dK~igJ<VElVY+U
zdR2Dg@^;kWDz+!JLNhTR0*@p>sbb|gs?#dl^WKSh(aDFkA&>u4kNqxUn`CKr+*6$#
zI+g={TLJganji6OW3`xY;&=~3EszV-8oYnl41DRcrTydJ)5Ejm9ZWIVPw)Nb=jQ0z
zhi%0wIi(uenT&X1G?9#5iZ~$^vXhpn3fb<#H}S~*wttz=XA18x-BLhFeY%{6yD<CN
z8;TPEk*j8^x)2@2{o3uih88srB?1Vs@X5>q@B;v8OZc|U9mD-VKp<D4%k(vc33-^h
zi2tA>lJAj*dV0ZB_}^h?Z~y-NY9nvfu{0svMcxvBj}(U_!C)p$WB=Bu4ZskUO-SI}
zbp^OnD!G(G0y=2EeZOvK*#E}3+;M2R_E&ZFEBa-6Oi2i515E+Xk0TPhJ~v=2OnO$9
z&GydLiWmKQvbvEX?$-|ln85FIYM4mh9evLR1hA%3{<bs7%CS-fzXu6zGt&G<K`LQ&
zN&Ece)42c9QXrt~>FJ3E<opgotSg|NIc_SCT#xHEvVTMuVUR@jt5>hG!cI;};J@4D
zW0~z{cDA<kAUU@B41IQz_{%2`yFJ0hLau;PyFSr7;P>hQhM?aSN|hz?kB>F74z?S=
zHDd2{1_MJlb3iY7Wu(Ib_i1vhhY$K3xd&Qj6jZ`3V3xplQ0Srjn=8m#1w5x~3{qRu
zifwg+DKc)*na-FWt}a*lx*i|ShJ1||FXW)4D+4*{bPLepx}6@|D^u_#;ja8hE9G)y
zSfQ`V75pmUpD-a6@m2rGlkGRONbz54|0b!b53mWXA4~PcKO@{8qLO1}J*a?^3zR>%
z|5Lc7^Ou_=2x|VW6p6vVPRMpcZq}cW7=4i9a2jsY{_BsoWK@E;S>$Jw{&p7x)T|bV
zg-^VAfUF(<s_?hZ{Bn(9K7?5;f88tY(*NA>KP&vdb4yqs6U@oU;ek@WeE<SUav4}g
zpE}s1y#Kmb&`rVMt#y9Ws+uhrVcIPMh@pJ&{*JGwX$)$H$w>k;1EsT%phjG0IDf-`
zy1zIhD>L&v&`QVloJPe)UEgmXSUe<OM`=G;){<*p_aoP+G}{9xWKB?C3YFd8D=D(V
zzp~$q;g|rRnNMQ<`)#E##*6vKUp?1q2_f^Y_=sHNLLDV|YZrO|eWwW`scJj#;yor$
zd?I%?fYkK#AV`b90P4D~(mSdlSk&`nWhD5RcPEjUjF`-QpFg`=xf>1OgCKHexT^Gt
zs#U0q+XqKn1o&o@@)`_^*Fb(9LJsZLT(&7G<h7QYCe8)qAlKmSEo2(+$+RvWPy7on
z$3#E}RJg%(K<X7oKJ16W6k5Vn<`y7~+$kt1m}Duxc0vn-iw#uKa`gZqZnPwd3uV7P
zM~{y;CIsa}&Y_0jD=ym;P4?uk!@UrqEuhZ&0SRgQXW<i`yR&)a)PkXsgmcWu@202`
z**7L$xP7I)JUwEIKV&E^s@lbQ$GP0>$B`#1GUq|<uYf|o9BOyK1-4(LaD)Ma@7MJY
zKlU?-LjPTdG3S1QH=RuQ0OkS5T$ZMnAwF<&u^%)|Q*7i-JC-JZi*Lv&=rQO}UVlx%
z6@LIl#=Zx;IpxM?)hE&WzmyAiUUi6t41dM6vni4pLQ#e)XH?8_KXB_<AsgbQ5T0f>
za|stsSp@>XrY9j19ZSoDI}cd344^Q&Q#GCbu}sB|_!93Q7&wstTJp}RNlM@{(|c<|
zXU5TY^$iOe&=!$RqjOXN;j|Ti`Vpg<Nm^_1cd{vqTm^ayz8@{jogCk`X)*>)nwgv5
zsonfV#wb|rHgBu2OY$7RZh*oozfAGRgX8)y*XCKVsj<>GBZ~_#r$>P!WB&l8m4}T9
zGrnqxt5LDULFZB;v(Rd$S59HnCJ=~^1f7xStP+=^8!Y#X5Mi1rpkOizA8rGAkioJ6
z8!oz>;GNQYn)~C=l;FWhxZ3tc0<NwhWY^2P0>~<=tUK%%$muQjH0*AJLC}?gQbY`l
z3=T!Fo${P|rN;R5>C-R4m&<+C)zv31l#iSV7yFp#Hei#Uoz3mKN6tk+d}0OkuT+BK
zRQnI(0X&S-($dS{MXE2css(JVOb$k7EplhHSa45GSDTS~LdH^<)E@Q=OxW!Z^HE0D
z5syjcH_4j!L4e+Jp@Hdk-xACA2TI=?gPU-V%^;;yhZB4rCk*!h?B709w-H#EPliLt
zUVind#?Dwhiu+2wa{qPqFA^~MI3^g{(DoAlf*~0o#ERGp2They(&X|Zvu<QmU!QR{
zI?fvPQ}f^wOn*K<nRqW;d^Wdu?&yvixK4b+Dp)%+mu89P18AVYapWAqJXM^K)ls%$
zW=DJcTlhWz+1NInsfQdw=8tim3;^?kZu=iK{ZkJOs$if}6XZ^F?1dl~erD?M>+@q#
zTHB?;{<pV795jm)Ns|zZ0uPv`8|J9?+EA^$26{0Q`PB<Wv0Kwl4sX^qWVS4-zvY`&
z&xt}eq%@)$JIis|G3oh9Vu=Uu50V05H8#@2|Dk<2E+EQz5!yE*uyiF4yL;Mr{tG&~
zb=N|$81|~nB`^aq-1@!#cV6Wbp1=?^;V>|B{>nZ94jWBDvZX7)ZyQ*2n5j<k+uI(Q
zpUdEX+B27-kj@{`qn5`1)zy8t`?ljdfCr^$1T`h5&l-oIE@H9P*Y#q%ZQ+k5x7A_E
ze)Ie8N=LUG8<~A-rY0ZJ^BQP%y!2!0KfIrb3_vQJ?#SEOvA0<)tD&JNebN_(eAzeZ
z9#A7gFV^kVqQ&o}Q-r|+x^V1F-)T92U0;8&FY03^!K;rW=6e`@Ny%)vOsy>-Gk#CW
zqRKw0y5ZTbmadS0s_(Ub_PPd8WxBCk7Tn}^(k&LtRli*6W@fWbxK3+y1U0WGvlg=B
zW5PULAzRmQ&F3V-iZ7en)o4DcS{km{F?qHwB8A}Q@y&}OA}538iLPwa@EhxW2g~3`
zl`sHJ(2O(+98Kb}+xm5w=#w(u71%{+mb4vKZh5p0!yJoi3DVc|lIc3r-jYUu{dIa)
zZf?mgCO-qkCsGVN=KEfsURgAb-{&hBi(YD#`BBv*#8&(+<A{9-{?TniH0@R+fw<+(
z`3Gv>!IX?eqjVom9U*j8=o~=AHdZI-4zDqP12^>_iGI6Vd}Uqi#Z{_#^uy}cg_4bi
zM3EuWNp#Y4g`d>Q+)8V6E|*RpR>0htg3e!g?0B{hR<pE_)&Kq8acgU9Rtsl2e98#E
zF^nLW{|LKzPu5~4UD_tpH|A3DGf+^U$MjQ`PdQ<k9zS^PIP|7{Dnwb93p39xT;&5k
z@J?=ST}0Y>8$dy19PXZkiFt(ymDs5|I>FKkQKU%D{Sf!|atafXi{$|!^l!1{)swhm
z<2&FTRZ%^+j(^&PGV@^YrC@E-1qom@@e@{N|HTEkHhT&y&uV?p=YV1(x#uIUqqtwa
z1Zz|?SJb3Z;^jgX@Qc(Mr4!rJid34_hC@%jOA`D(^9R)KRDw-b71QT%!A}l8Eu8UU
zc=feq8jhWyuY1@aWwwO}S&J&RhjlK7ce?W<!*aaIrkYG$DnlJ*3c3K%p%y$O@e>YG
zh++ZDaA4@vEyb3dUF3*237Ith;X|JsL%_ts#Iie#_VD?G`9mb}3;Q!G<K=0Kn6@o)
z>C4EmLVOjX&4t@v2z9CVbNRcY1i&HYus9`lh7Z5=?I>7!m^v{$LD9dT{znpl7D%Cy
z+`~VU0{4|I;43qU*y?_Di`=hPGTy_0VG{Ij@zqrZ+>bQESG=yLM^{PihD${J<!%ze
zd>#^XFngK^KCM}%hC&utr5<_BD)>_2^J&lm2`Zp?11~4x{)L@g>%z^CK@QQ;(b90p
zebMCoLqoRnf<o5v6O#C_FUi1&3yrSs?h+p$nM$k9m^(-W;<qm0-z&$^6cd&GqqY3+
zmE*Wsf(ZU(kV}dDuhLOLRLvNFYqY8em7oRG0-3h3Rk^QI%pFI*=z#!dx=gKxzt@hx
zJ<qn^f&WaoL<qjigEf{-F~5OSd|NeD)#VWWw=y9py2!5pL-b?^$Oz0Jkcwc!IrcMz
z3&c~BaRAVZg2%e`F36uq;x3Rgh~V;z7rAmA7TF<HE@jYvE``Rev;!PI(kf+rF66kS
zPbHLaohf+-6DRI0K++kmYN2XtJxz|=c|inx3aFqp9YK85!GAZ%=j5R7^FJJTZGR#5
zAN+SBV)WYx)-`;|{Z}z}kc3L`5CgdizRJb_=t06;$5}1D$UNxAKkfZgn3(XaTqC*l
zd9HmF0{`Ht9+^U+x=nmd_HTDV6$yoE$_M-w$E_0b2df(ts&i+qf>ivk8-Tz4bHo3v
z@c+&&Ar~5HXliQeG4(2>cj3po?Giw5R*5q;_Fos)962b_%3;Li?-o#|q~`+=MZ&%R
zUU0pHS6kzyl!rEyfl2@zmh=JLR1NG))GuES?k~T?vKMiv;b6g`A4l%95Mz9908ttR
zuowz_@LC{uH<GbxO?+Fwoe?dKe`U3PKp57D7q;nuNgtB8V2Z~(;^-h-8I#dZbjURx
zZTZ~z`7yW!xGg3!?h7UlP#(!+?Ow?31e_+(oucjsHpWE|QIzTz9d>{IEKl_19)H+q
z6#x6B4@)0r12;l$y^{r*LyiaJ=6WU)#;L_*ZlTE5)aoUmgCsi#hIz|afX9a=g*?8D
zQ&GAB0}W9yGTsiTv8`N5W*s#6um6iGGczlzU)1v3i&L1Re}%#{)|5r-RxqRY^6`=0
ztBC&S-+2Ugf0=~bUm{rQ?tq8AHl6xge0UhAuJ|2e-28xuY%?q0L`!P_><K{5XfWy`
z9pY`-FQ-fbz#b+#(r}3F#v<-_Ex7>`1#<9%S`nXSckyxlBq$!oVyoAdWwa7E0$@JI
zF~O$Q@rRDMrKQz}qZF{;<K?95`+05v(dr$>*e3cD(G&PE+Nk*cp_<P?6Fw)GJ4Z6b
z&8&br_ms;A593{iOCU`17|$#k{Haib6YnUX%&z4I;g7MKNCw8dX@I{XRG-6$s^}Vn
zHU@W9s!%9qU=qtc-nDC-_-N`uGUT%{9MoKsYCwX&>PILBJi62`(v|5M*~PvGJ?m3n
z4HU5A(DO&2S$E2J^XAGJ%bwVx=-$qxY(h>!?ZDLbRZ#QT{um4{`vqzfOW?janBQ6m
zF##CUVI@Nr`*odt@U>HZPLAEuDpHZ9*Gd+T>`Yulfd=Chg^l*CVXb$i2NdUFzP+yj
z`MpvQg?JuKbgBxJy0Rw=*uI^sVI=?w3?*AJ>vQ4#B^pFZ1rTv<kwp2_SJu~V+Z+lG
z1m~;XMCWhkL?2Z&!2Bz#E8$EwF?`0T!xRiJ`ow&I(t_$tRh|GPRpI;+4MY7N2?bGO
zGIq`?YwWFEAOH5x2lS>@u#ep(TOFASDt?iI58C9oNce)-wfD&Eixmm8Z%dn?b_wZ7
zd!fYSbSbotQC8&I(8dRa?GYeH1vQr?(G-f}SC<GW)j@bHaP_uur*8mEOKSk`VFD;M
z-md~#`?8|v4oqqhuF5qOI$ud29EGc**RiB%-g>%r@-?vMZ-LPk)`&a?`=sOk^kMd@
zgZj%`h~}cTFpc@R&AWjr*PP0Qs@XZ-^atlutNg!QioM2d(c9hqUiUS@#)zLRTk)la
z7)RVT4&sC2MMK5#3C|x`ShU~XhF{xB4i{%BD4!*BJiwCB>WME>T2q04aP}6s=Abw<
zU)o=J%3vw*ZWuIIrUh@`zP&u<;vfyqhwEE#>q7{G;N^XDn1+1igZ{w`NChWAHE{8`
zsmrq@2Op?_?=6@M-5aR;s5h`nm+PE2Mi8aoPu4V`;d9S{TP^20U%o6N&PpGdDUPx5
zcb^}E320>wTXww$gH_3^(<60tXdx?&&{57PsL%(~U%G$!y0-I1c^fml=xb%w+$nQb
zD<R(1F^{6}Wsc6++`w`<Qu8`Ag8h)64RkJL<ND0~h8?q`9QN*a+_r7n^FLRqVb^BG
zC|kOuxwoo`zM#S|Bj(x!A|s2vmE(1r!O{z^xm682PU_nSIK+J&nV*J8o_gL;Q=D-A
z=7XdQZlaER%bgcS2eZxeb@IpLx4Y~<kJMHya?hDI&|Td9DTc>rQ^t@tapQ-<6P}bP
z6p>hP2Gmm=v*f7{UesEpE^=XB-GmfW)M944loV~N8cOgA)!;(y3xkWS2HfVkv}RHV
zv3X6-u334f?hRJdnMU$_-Zk|z&e3MO_wB{GGI}EU@~5?m8MW2%JrB3d-r9P>@MIxu
z@4cB2Z?H;DLbJO$*sQk)H#0g`uyt)%43fIoDhY)v>jYD77z}8q-hIP<a(SpKKbce-
zgka{qYbNKrHza$^Wi6_zXaz0P%Z8j@xadeOYxyNU&XF%p&emxwFe>HlDzIQ&SOhPA
zi-C4gjF$YXmePcw2;+veF4={sh)SnctDT{@*{V%R>dqq!N31vxG4m{JY8I<ICVNw`
zM}&;qWmhb6&6yHl!iCtPZXd+QoABdMod_xN)*rviIRqGkc6!{%?s_>NL9pbr9<>SZ
zQHeGb;Ilyd{tWxJ0LN+pxuC7$(`u={c|RB#gpQmJ;g+>HHMMI><(PM6P4B}ZRM#c)
z?Tc^7415i`c`XFRDk9N&1^gDZU>1EPHXU=y_t7Q}kkObeXZg|@e!52*Og*m)m|kzx
zF(00bAJ8^fneDiptyAof7pzu#4}!+v1((nfS?P&t4m*v*e@aA$+-0##QGL)hYXSc&
zK_B(Q7Yq^P1MQm@yk%ja!&v!6ppvC0aW3ReEWIFha(HPvoYHEPB@p`P{flwucB_f$
zHVLXE{3E|!2*3yL1^~IT(A+VFgf1UvN7nQYD!saP@o`5BFKrd{vZMaABwS=1{;bT|
zh^a-_e(EnUuTyJqaV}UZdB^|Eb=DoMZ}Z0n76!`;DBN~2{Ez5u_ek|BZFSXWB5XVC
zb9ar4?S1R8o~>eIVY&$=zV-tpU(K#(OFrd}{Aw(JdHe3E0gc$zndg#xyO^Ur<_+a;
zZ8^#D!(Dc~Tc(5dN{ItZLMXL~X^=@89pbB;>6S@EV}8@G^?C5HR{5s&B<5+>qN{oP
zwrpf~WlXBSmhFsni_c!*%a7P%3i-NZH+#a)&y%_0wzN$(jG^)pf7`p%&@vKHooLKL
z%4b&d{ge{#O_HfnrABf)HSl1EGdo2J!u#qX%4n*3yW>Z|aGrLtM0^V}|7?z=0QG0J
zoDALCmsDf-a0UjK7LE*dyMGFo!Av!qDkEVStB~HSpI~bRf@e3Ds-U|td+>|-9#Fc9
z=PNvqy6llkkhYR`l1ApUkb08Q^A@hz`SG7WSCT0U^Wj-^%+W?8!D^-|CWeOSfjfPa
zEzZ+L*NB|f>Vq$iC}R7VudYce_DmKm_T~IZZ&JkiZnn)@361x^tgf&%5xG4v(59Dx
z;pCjx#5%iX*0mb{Z1nj)Dz(#RGf*+Rg$&O24bd5~(*2|2Ikh$Jl(Dqx1FOaC&Tyx+
zAQHXk6vrgHSD}4Cqt^@OI-t|jIRN{rPAD@|;<vE%+4Bfi6Hn(u_)-qCr7X-1yG|b9
zX*M`k?>Ag(HRLfORk)!(nNcl4BiJ-%@z4xc1qLB}0>|8s%IY^YY>z&CQ+qqJ@J-4R
z7{re3))9OL{xSMw`NM~YC55tR{DRevbL~W#CSBr5ogy?GdFL{_&8EZogA|SFC!g1!
zxAl>=pue>zA+Dd&LsG}mia4pNJ@w3*BCM^d8fa~tsS^pE-Wc4te%0;Z5GC3Mt97-b
zwkI8xQesX-w<S(FV!FN5=f2(39OK;`TN0V&R=T-X!tPR1su3)ET(GC0M4}F4+|5fb
z=pXL*ZnyDVsv6^N`Q-P*A$D~sLT7RZAu~ycwDMa_NF0sgABfn#t8f?=MvCr<rqt3U
z#?vBSFs$-zvtrj9UAEVf^$Xn#==#j^ouYEc(j_>ShxzrZrABs>Svx7}h|xEbT(l^V
zqgoEZ?Wb$2e`}yj`nI;KqY?t=Uo{;P*?vW17F<2PD_opP<CIh}L#<ezkIK<a9yA-Y
zNmq_-;-<2R(ctWJ)Mg}&F|vZ>x=g)A@SL2j_SJTh%}6#yL0Gv3N9K!B=*8W=HS@h5
za+oMkzq=NK$!ucQ8)J_(xpgRxzO(>a=^CGqFt1$Q%X0q4d*3TY=Ecr48ND6uf^<x@
z`Ok&WMLKu2H#<&uIgNcm1H8j<u_-O(G^6{;jE^yx`~z8w7TF{D4s~Wk)DXgt@~qA*
zq+;Hw1drPna9-pmy#(H-HWz@;l5ITpnkuI~doPRs_$}J-m%f<k<_)IbuUHp8Rxor+
zI7$-jl#G4qnf$`xu><XzkB0^32TNZqJxiAK9ZxYb^^0QD8Ji84mj(Bm@ufL4N`@Sh
zu}QNtHVwr&+G{)(RgyCt=J$42JbfxCDTmVPmY=<n)G)#B&WebeF)!^p6^<m|ax^cH
zRX}+pHn*$d67xcM%ey(ZAmPzU=@=GXGZmMOJ0~|I89;h*!3mrAsQQJ@L2b?kjN=fD
zr@K>kF%zw}=a@r!Js*n<A3Uttm#;Ct*2TWC2%w^jPGFh#fll6Rve(ya7k5R-()Y4X
z5e<|uU|ofUQVqF?uJ+88os@L5CnF1{-w={g<~i<LB2b=Ww*k=K`Bue;q?EP|lxSb+
z<*U1S7bJn4vmxZX-P6`NC8*Vh8ql7=tikk-f$-qEMx#(KDe-V+B_d7qmQT~f1h8Hp
z82}4Z{S8I|tEqt(Ioqs?5tVXtAH6%(=Bt*RIljtp*eUlWi~8C$*cM&!3$x6=UC+FS
zk@O%x8?jQdPAh@!Q!?6nvfX+O#;i7rvlZ7w9NcfqF(LS7;QMRd2a}|Dc)3|CeuD<0
zScrQe)ik0y>d$er`ycYtsqR7QhEjO0kd9hKsM=nYv%uoCU$#*a(#Md{9k+J<l@F;1
zobeOIel4d=?|vX!-(c%nFQ8dBnH8fX;+1W*mMqQs4cg5n!cQe~3rs!7he`B8d4;1g
zYAef%gVkD^w|0FcNn`UPl+Vm7&CYDceI1Q+OJ!FdmOx&;(0=RV4_*3n__F2aXFnZi
z3F5YxIpOSDdHbBc<bv3;UG(F@h?g6KcgHxD{OnzZvX07HU>?qspj(SdmsBOMM~QGW
ze1Dqe<uDcA^p%o9x1johb|<Siy`xlTc<`^f>K9f-@#35oF_YiB>~K2=X~&`4l<zt<
zSu8TMrD$bny^8YK6C5mCFy`DK&8@N*G?v`T?drwS-^L<LAVW)Ruf1JybbaPipVL|k
z1ei$wNW%rCgIF9Tf$JgEMvf0tP7oEg{UYXKn%*FH%}P#i?Ytd7kA@auD7vZadgg&F
zRZ)>QJw}bqr5eT?Ug!Jt4<w5^#BWV&`o*J<xkgM2PJrNuxp}w?Du5D2x#Gp3X1Dim
zN$};s5iTSQ`#Yasc=FBk*r1>O=kODh!>d<f4XZ5wjDA4DOxz>h`pt-UCOT3aSS;Pi
z3tCh?xmmS`vRDU>VWr#0I@V_E_O|PUP#_Ymrii=H?U#bJ+AcJ23v1gQd$S>?FmdoD
zd!ab~^X7s4qvO7*X8hd!lUn|#6~0B8P)*f?;gsQ&dkfh$(9PW>fcNrGw~pp9!9k~6
z?>X>wF;gb2#qBR);_YtVPvNt)6he9dGqpx?+e=*d)7b>xTPA5wm&(;xUp&(I*uU1j
z^>>k_;CB~Xfy&B-V8c%t=ybJd@h~einqUOfi%5@@NA~-*wj^98H#^(5A$`9YC09WJ
zJ-Q%p&JOv8D`QoVrWZ_sin)7yngJK9#YtfXc37lg_#w??Twm-7|KEV$7>o|hj_@ZL
z6YkCF!)8Znj&44VtoU&RxHC5K@$qGC$+C4;9eZhMFvkPQ*1xHx+=8xF&XJ=`VyR#d
zW!dXmg-0c_3BV9q5Ns$v#KR!<B<*aURCD|a1#xR>18xJYsEsf1z}HAiug>g~nD_{I
z^z-e1yuGcYr>Ll?V_bII6#qF?Vs`^bMYMHviZj93<qQn!QEQjFt7C+#7`R@)2a~7-
zn4VHpQ(Nn6f2`?7AO53W<iW%Ehc@&Va*TUq|Imi;2+u#ntbIz<LBjtFx5PiRAv~+$
zAKDPX|3=yn`?*5zEoU8L<Amu!WQKAa47j)lI^5$mb;$66mPNlkuY17zKsjs!2wb#g
z0@?2bq!J=9EVpnATJ}$U%TfT$ozGXE=Lap52}~6)OG2!@%X|tk@z*nF2az!a9!A?N
z;MAS4o#wRN5#ej`^vS!qp~|i)&Zyn3<h@E$pL1^5Ia&SyPzHuXp6rX%##4eGBTOpL
z`$A8A`^mjf><Qn2Q6LwIMsaGE$zP7WjyO4<5<n(`R)VUyr4Bn-ht|;$ucw{KkZ_wH
zuncV6sN3_=(b0)=uZC{x1Og(k6@#qJ<4$aDwbpz|-<cM@S3135U1^bkDR&yX0&~;*
zP7GV#gZ@NKt4C7#wrj_avC6nXL=qd+Of7EsiV=5WI{_2g1G{!r$(QXfE<j&{o=A^d
zroTcgirCfA)%l@T8#38oBH+lW^N>RDUp0-N@3eFTI5~&{y~Ur`gTBLPQ~)<&nd~?W
zR#0bYNa=>K_0q@$nFIi&ISVF??F0%A8;}G%BEoZ}K94C)<34@~!S8`9RX=!$TQ-w`
z^jv&BVw5&-Z|U4$ViQFX>-*jtVe9OD2-a9_1(%xYEQ0Y|!{TNV&cqusFs24!QVlc+
zR85^0a-GrLt_g2IAXJ&%Q1hLShrc7kG!Tk13aE*0j4iETkM}J<hc$Zu8Oy@>&}((-
z<|%L+qo3zys`jzF($@1PddMyQ95RhVNMvnsWCZAn4c7G9AG#<zk90Ql^8a=%Z9HB1
za;EP-;xa2lp0C-et=Tw{os(bmvkpMt;(RX?%Coa~?Cpo{c<UiR?F*+DIXl>a9oLfA
zBduWG^3+%17NpNtWTVcu0R-2Ej2UgsuDa0fxf@q~`@^E2GmOS{)iOUIe5%yntaxaX
zbA~PTKCXti3NY<zoz-z0S*~qX60XeVWZ9ACm(r32Xq7xLE#hYE1?>F<;}hB+tHUb6
zq`{|sG;M*}jVQL?e&86Ci2n*Bm>$fd6*|E3?S|qL77d^>-s;nq9N0j>`&8wqx!aEB
z13!Eg4YqsTX|R!5^RybJ;Sbc87gOcgFma+L`9Cat`XBb@ElRTU4Ub^Zr#ILFc#&ZM
zxwliXY3N48NsEtH76A9=w`>`(OT~opNh26o_!c&m*E{mw3=A3Ajo3ChMCG#QX&#yW
zlhNNuv?`5KK#d1p-NJ1MZP*ZiE7B8o5}JX&dV5$kxY{K46H0PxV^HgnPWwurwqW<v
z;<$v3D_08FeFV=zM{a>ey)3h*K)E=>R=?QVD#`VFdi7RNGeQk3o2_M>4iOdU?v+Vz
zK~?QeT{EbwwO2~Vq&GcrJy}ffF2>@ITDWqV&*oZA#8<arprQSwbZG46E%6O(_lX;|
zUFFjY{nD@)k<<26-fk>=9+|G=S@XyCGAqkL)5mg+%}P&P@d*wW!i9|Ax+#x{LYiY8
zQ=aiyaF0$ul&-pz2dO%G!bLfcKct(&gLbt$29>|VnnqRbv4VP&pk>n`fzZtkb_R>J
zI8J*EcPoWHh}i9w0MwvJn-RE1m^;Il8s`_ogjyRb@08B>y{_vKkWP1_9U$#c>N_$r
zw5C*?yA`D7XKb|tUTXazoEnMN%-&unOGU5n8^AQB-Har0jqu9FBG0v%Zr7c4*P6|-
zC<mz>CpVwvhHLV=AJ$=3wue~*TY&{(qCaYc1kFT=&*)tc-3f-|(TN3TqvmSbn4E|Q
z!_b4A+u&N$Vb2q<0ZtbByxaGiA(jibws532>zURPjLa((p=qPbeC2^RXo0821mP&j
zh6t8Bd)M2w_&m*u{RcGM-?_3)q(*5Jxz0ER^YrDTT8DN`8oPgI0wV^EDM{jw)iVYt
z=<WQb-!`^WGbh!9%X_9%tA%@aOm_E8o@}4*^M)1ZOX-w1xeZmXfl*wgT44<g3%2(&
zy}L5|ypp_BW55|f8&!2hRI~c+);_Q(ja+6E5<iu#6LBs#o0(Z)cXMj1Wa;i2r`<Iz
zx3T2hZBQ&VhaF!eqpR_=s<bQg^?VfBzr;zuuOxvI(RJ*FGlljle4eBBRc)>I7BgX*
znAPRvzOTCwD;(a7fe)E+keX?Fc0U)E_wh^pQE_my6PgDa^>?%ykx1#Al+?(qk?igf
z&_zC>IPdv`5}lm`SR~^2Jprxk;`!-2`WdJrrQs+rGEO5)^lj{RBaJ34Bt?I%8}Zxo
zd4r)X=`qLF5ybIpyKZ-kd8%EnN)_(&MQjJWKCzWgU6IZnbia#TReZ5m;~4Z}_4=cz
z0)_Me)$n8#L)XkkLuppl*N2{YlObv&mSDb#b``!oU8cXyACz-vce5gL`pd}E5ZTtP
zno}aDNWXcGI5#NC3?94EBoH?9&@@O*!v(+Dr|!dQ3_~DMj^hcetCKv(<4y@!-vPRh
z-jqb7Evq)`-+b<9eozn!UD(vN*1oE1-C_B<N+^>chYW4oHvefj`uZ#v*SSm9fJVY9
znA#2u4cRM(^>*y;hz>1UVAxb+XQ~cNe0;2cUQfGxus2w(u5KoI;5ruJOKy-2=gX{V
zA0-X3)sgoEBfgUbC79<8`bL@V6xLS^<P8q0vUxxsUi7{sjYsu7-Ka2GoV|eYc78;*
z`N&t@tJiPzh7cJE+vOS>5n0dQ0Vot*IK%(6ch^;_QDb)Mnx&t&N#kn6i1|pctwZd@
zWF1QyGi8nWl5e!P^mHJT0;(a|pil{4DFY%Hc7%+epOE&vOI8lS!&>8Mg_jE9wN_b@
z(Y74gp}rF1J^JRQ7wxp=w9j{vBi@4!qu2b~-9_mHu?Ny2#16GhTQdi%VL4Li=T+Id
zM(T1@1GKmG8LO7UWQ051kdW+<;Yyn+d??dUqAvuzChF=X^6A&~gsey(IVLEqUYM6e
zx5~DNIFRecE)2}>nED}V%Q4Ifm<bs8VcVWQ8!#`i)<%Vy43c6U)pnM&^7`#%VZc?G
zYSGK_%}l?qOYXB%iUfYSbl-pHjiROKJ7<3Pgv!PHqjn(@;4=kcTqKBJx*^XR>;K?k
zHCt#eqEVe!zf0S@bD8amySZx<IFURf5raT<e2%|*PVnB4Q$znrAs@~2d=}i}+=;Nc
z)~83rz62ka9Y=g0-Sm9?RvOPl*msmYc#9f^$q={S44B?u-!^(AQ#LW*H`?1ZY=XV9
z@Ui?(p6hDyX;SZevx|;kZeqr9m2+0pZV&<rN~JcVE}W6aZ@r5p84&sgT87deAYQy#
z9WRwXbYbjE^V0-#rTp8mlTA8uLcfEWmzlggpW=8NCa{CW4S5z=3*8A7j%&4d-8pLe
z#R>d6U&X5W5L?JFowjg3zfT=p0=9|mmq!TME7Bh&@9G+e3K(K9^HdwL>S51yOsD39
zOSDH52Q{}VJ;vZ(5fyE~f&c<{a_{FYe?OTYoi_qh#?Dp4O6RmnaFh{T^pM^9s%ifo
znZGW0(dCz8-f#Ev-tT6MWXJi>TEzT9llkCa8e%iJkbPZ3Y>n~lqKi@^%Z}ljCA6cP
zqnm#g*T2pN_Js(vA6ulvWU-<I17#^+$>FjEYFfOQj{Unx6^?PC)ru!X#;hFtOS#E`
z7t@7aKOl)0T#eo!25<DBNRRV3Z1#y8ObDZsL4=eGzui?-ZUDU^sQEdAHlB}&<7w#W
z>Ame%#WNd;!JP?_)BTr7;EYl@uYFF*Lwx`684>Utt~By4pD4t0a+YZ`<IdmwSoZDP
zw^P8P8OtEy-c)|@-S@S>r|Jr)?g{-bYjS?4t^QL^7c(ili05P;2>3;!tClF{wDvyW
zP{=BHd)(J6+?SY;auwQiajbke!jg-IaWyB2>|@gZ0wgE{o&Zzl8=N8+kwJs{r)G=y
z6=omEa!o3WJQ~88^(ZJP)IS_o4Zxp=FXH5aF_4M>2QJ3@_Fy_98<49c$u+Gm^Jt3U
zYnq*%ZHO@*nHIo<n`}tO=D`G82$SGzzrEdenDu$PRc3X1{F>gPYIi>m_hv6@|Gj+&
zoEE6h-##I1iz9V%83w2|>QcH++rwA4gASqB01!UBUf35*pTGf($|No`-8NnzsrxZh
zY^BK@+ZfZ`-gy$Y2Z)J`f|`kEGc53*v;VdKQN8^OpZiCqw~tBvBZS1Y4&aafvn>%o
z&sJPjRkhr%NSQYb)v=A&`rPy}t)zXCsND4c;H2GI>`ZG)7y&bBQ$X2ibn%gdRZ9w9
z?L;Y$<<}rM2|oez8w(B|IvfXt!1yOmNQ>``$n3Hl2|ol)0m?rzRIA(X!DhV~x_T|y
zdO7hxp(yokO%%T!x}nMAg^%7THBccY3fpwP2G1e4&lOH%p2xUJdb}&%hw$L8v9kRh
zoT3t7fN6y{h;s>BmSq}VZQyR_GIeG<dl7sCM?|VrU_r5P_KdNE)Sl^y51gj{V}WCV
zeMc54>plGvMeMGxKp~q`;Zk<h>i8T^*p`w@#0^Bc|EImLj*4o1_ZI{e3{Xl1NeM}%
zK}x`&kq~JEha5sm1cp!qL@AYS1f-=)LKFe%RLVgqDG})y_&s}u^S$TXKYwf8weDT(
zoaH}fbY{=qv-kTx&*%As9#A4ZnvyO(`h42A9Zx2F8C(bK_Ezvh?gx2L{B_Cd6i&kF
ze`L`_#tUem2uUxWQQcb#l`qL*yW)UYy1KdfaL0kik0_1Mh+HSrc?On#NJpN^9dic{
z#!)u0+qdwQML|gYZ*Aj>qz8NRA7Vs-1);e#<@zxMxph)GaoM+rJS;`!3UvfI+-Duw
zRKYKm#M62+YT<s9v1Ek`XQP1Y?1X2M_`?34bTu}!i0S5|Blt_pl?PoA*a8aJ(h$^m
z`+SHG|HO*&NAjKL-s4?{`XilEaU_8d?xS_0Q&;lwf8#Tjjkp;8gU{$T760G)jF}gI
z7wl<8l!+@HC558Xgj1IBpUO-NB@5#E{&!(|Ilu^H(QZlwCkT6uALwn6h*NIZZEw&L
zL)7Ifu&NiS-DtCG4LHtr%pmb^Tu5EuLe5+o(lGdN(e;<`W?&*BGV9k=Z}~IP(grlr
zd&@$UupRSc<n??xah#yJV;77daQ&J2k+1V#k~^j)4SK{l0|l1QqGkzz{Y>7%=`=zY
zdxt|U#tca<cKm!UgP|Dry07+b<FQngUq(&O+};gJ$^iCthr<l8t`dcjmgb7wvHH!8
z-Lvi0Yu{9wp3TNRw!;75%8Kx#A*wvZN(C`Vty@6NovfVAD=La2k3ML9z3JU#jP)~2
zupCPf8(o_j@PqtXVTcwy?A*1M7FuCDBAMDU9o@{kX|E}FaZk2)ari3<VQRP^uABBH
zA5x!E^72qH_SxwMB*5!@e(g>rTAtIzJkir7Xc7UAmf&H($5{0<C8)JGQ`_)y<hUeE
z0Y!DVp+Z~+MMKA9)v`Rpt4FtnKsb+wkQf|WFSsP;^@FKpG^7uptaKk#gU!64^En;F
zNnHwIC>H$1P<*25RsC952Ir0kzI@cXGjlt(JoTg(-Yo@ZW@UZ0iksaqOVkOGPp8j#
z{k(q-XZCv{(zNuX-V_G>$WXz7{hyRXW&}sTTQ>@Z>cg+kaH6Hv^=myy5vM|V)W$Jc
zX~Gma1-W5O&KxF2(`b4}fvWGQ4a8EZa!^9NObNngZF~F_(GdPlUf8j^(u&U5Cvm%;
zB=vX7g1V){EZ5DfGq`u{NJ`{}9cbskLh~LYKxe7}y?4pEz|u+-R+G|QPlP8pbAM~N
z@SX~)3IT53jDQYuu*F%|dN4fOYmh@fG5e}e9r<_#bjyg1n^4I`rm38opHrvf0%wEj
z3uf9^JPc}!I}kKBIFR;vn6-x2RMvY^)7m_vvGGr@MHWgKGjdF8h#^o1>iaX8hj`ku
zrXt*(A}Sw!<qS!wU)q*`KY(!K$`0K^G=N=c5kMwPL~G3&0ffZI@4WJ80GNDY?n+tw
zElxrq7(UGCHh8hLK}*xcdTX;|E3#*EOY^7J8FFX9mm<(IdXznq1Dii*96QSTWy=7O
zsu;W`v+yNv%EO%0(>yOU-e}voCqaYW9i1Aj>epI)L3vZ+aBcgzcooI5!sk6m7&R+z
z*-Dg|Cy57<aa)~6l)dWTn~i>N<WA($`I&y5T!TEu7VuDQ4q-(4wp4Do8{)N{>Ny8S
z@VO(Hm6^UPMW{-ps|NeD+$&!j5;=jM2L)!4e5)DfUzXxPZfng5T*aZh2(w(^(ie8D
z%nyB8y)<vZp*A~xMa&?4wixv?*Na@eQX!XrWJ%h{Fsn$qW2@at<qB{dyD%~j+fSj~
zWel5CAD$iR#)54{F~(rL8n7$tH?bVkyCT}zw-P(Vr}ys{Lv1|yUdmXOV=6-o2^gXJ
zGGl5Q_(!)M(RInT)r~MzRM{9V7-UwpRF1j;XYAfDnN2)yBr;Rwfh1Y0|7m^awlsI$
z>$@M_Aexrn$l?RI@53^t>#m>9h-{@8*9*Gtzp9>Lx4x}G=7VWu*GxIu%IdRGceIBk
zu%l&*E@{nXCP2!-&?#LUvZrmu@e}opWobvQaLjg&8JJ$;o_B_O4;qCIl8g_>F51-Y
zz*6Hbk;nvuo0+OlKnu33-Opn##)#yu%~d{BkEGy<%l>85!P#h<XKPekjY>zN35H5-
zeT88+rNw}Q)b+?dt5xk}L)S^?l?fsB&5F}*n`1-$W8o`HwOdx1wF?N_7svwbVsG$E
zPSP`kPDFM$Gts8Aw%*^ukCwD-X2!}9{BTh9JzER4b|3tRgNJDbixW^6N5nyh57_8}
z6D%_kD(_kO9-lL_sy4K(XlN(N;`1|@|Kiu$U#j<0bJT&Qr!P4)bM$p6lH&07ZC3O}
zQd2q?XQelr$ph+Tva%n!bS7r7keedNNdBmqa@@USYNJ?lVl#WKQ22{c$3?xV<bj(d
zshYp!t-Cdx#RW(=z#zW$iObYEtkKwOePcR7kr&OgrN8rs?vsCqdBo#ZLCNIgZ2Z3d
z9qDvzEq<uW7`biZMxO0s#FCv2@t>ST(GR!7;-U>KMK_b%KVIpX6eKGOX+wx~RJBLH
z-vK{u&)q-%vfIh=$-SzH{ko&tP09~vwKPa2(5dIMR}&HX*Jccv>JSD2c7&~%$Ylpj
zZfg<g2FZsX4t;2JTf>?A+PT(B`>grm=ctP>8Xw7D&)b>adWOMOY(_3DW$F2-ifnx!
zM(5k-)o_hh?5wX$J^Z%TbC75zn|CDb<Ddze;*{XW%E~c?F(jsBpw@Zn_8EGEZV%%q
z-65dq-4>m0o)y5YG;TTmS~DMMj%vC0LE?MT34Eu8mn{kj^ByYJmAietC<u1NC)G=t
z#7VyX{I7Z^;*mJD1-p3#S+!*P`ZzcjmnRyoaeZqvB|qK$$S>rfNxxF5i@z_;+_hxd
zOfb9eS(5oSbCtT>=!`A>mxTJz!OkCpUA$?Sth0tyS-MOgE#k++=j;r2bu<cV#%mm<
z^XnkKp4I(aR+aFL)jwfH3BV=9xjI{v-b~+JWZLbTS>hMp#A(NpdkvZt6;!^+r8n2x
z1tiI?9dMx5a!YsflwFsVN*BlHFMQts!#$*wF)}B_o2rwB>al7tUY0^cA_+i*YFp=9
z=FS^Lq-9VY^cev$YtprLEB<J#fzz5E-S~2u?+3)k$<hRimip7gHh<Jgc>gp?fJV-#
zhpy~rhJcY~-?L2Ae&eb<wX)#Dx;v|wGkG^i8*Es5C=w9IN<M|#`n4~neJx_H*Wk1*
zdNc~lFCW9$qi2^e*gn*KcfSWCn%7vw5~p5xE-9qTTNHZEn?`=j+TFo)*H>a)?#JOA
zv<x49v&+wIWS?alB@yn?02MHy%fS=fRb!K<*R{T~ff0?bH*s}+G5?D*;H7iUDNsg{
zJBfn#P;}Ta#(VhURT0r3$hJ^B+i^i<`IJ9t;F|G`i@-H%<+bVxO7SkF?&JmT8?S$Y
zIzc(357!4rP2}n@&L2GC^hGInt)6KCF$tV=b#i8y)-o_Y@Z9lxyj%R_E*0Nq=2>tJ
z=n(uWjql_2kx^JPd*o{u8Mn3iab>`Hem(gQ&Vy?C56+_@y+REK)j<Cg#=o%uihhLe
zTrhiUmrz<$>&S`G-Q_4sdM&&Mx0oOx4x_YW{ww`G<;+bIyz=$gy|-`hKu^+Zgd+vY
zS0(4C?Sy>@@0!HnPedpyF9ScTC@U)qZ-{{Z2Mkg^pFUlYpL{=-c8>rs6v8=xZ_>2@
z0@A>B&Ik0N#|2fa6!%1$y#F*!TFp4P-b{qK?>*-Ig=k^_JBp7x|CGJn-8dL6NvQR?
zXndXmp*xRJ+<r6^QW0M%C;mK$zW~vP5q>x_w6lh=4c9Bt+MS++?;~lHlmgvZAxKG|
z!x(V3@4LIXKj9iNko?0jX_{GB;|1Ywm^+`!`6Xm$X6pB50A~w4nK>-(m*dY^kq;7M
z1}7oWj~CoNnCP9aA~yz{tPe7q`&aZzxKs8n<G-TUzf`^dw`9cuk=omTaRJ~A{%?Kx
z|Ish}uK@O60qp-`0jxsZ$tA=(33fbMTCkjnlUV81779Ul{;1|~_DS%4KMz<=%Mg0w
z&&1?a+08Jt3c9zyKL!|4m6wNdMO>1Gri|Z|rObGY`W$R^{$gx?3|f{Pwep?qj@|7L
zk?qA0ui=D|iQy{;?5bBHx;mta8)VEs<ao>N>0O0F3zCiy>S1ueSo%b7H_oZLN;5^f
zmA2k<09sGMUuAmE=UiZnF~7J1@ncco{WT!x2CCJQxMF|#-bho7<@U;b+_=B>6sTU$
zgUixWbOvAW!AeiVwW)qDnEkaT?kscCKQYYKo8>boZmOZejdRL2S76*{-2iC-lNX>x
zp<QeiFavq$Mjn&-wMuC0z`w&;UBM1tNf7VpTq#~Nd<ORhKk*TJ1+kZsU|w$Er1buZ
zkVQ<_EEpDM=I58OXh+&iU5rg%MKT6c6FD`TY-aB#4V5{2*?O)R2NAoJ-h-*kmB{ro
z4j+$CzDW(Xy508;hZ<5}0S~b}wN<}7pH)inD1x?i=@v0Uv_}dFeWdZ5aOXWltt<zL
z;P>K$%-b<6J@X2;tstv#62c@(D1d$>TT~-II^O)E4QbWbMMOmh<uXgNv$6z3cx+%K
z_u0hP04QN(@gY)w0uWWc;Ow*+LWpX2-vamZK~YmLob%8p0nB2M>iK@`z@QzUlvV$#
z?_vHXs}!^`)~*)k;;xj-u#Ck-MflWLY<l+T>dl*vGhQ>;_+&5zp6G=vjx)WPlkh_o
z-!|Qyudfjj2UW55Jb&fS6xvx%<M1uV`OIGkqGcoU1S3oC%+P&|c=LP^{jNO&p@!^4
z2B$MyHuzJ$eFwl^QN>|btfy#_nc-wdqTPq*HFP=lsiDsEC0_>hHR*DwpHTY(igby-
zGkmrjrxtboz3q$aHlv}cDS_%`P^V;F67oW@CGvL_R_d#IXc-t|qks{g+x~TPE6l$}
zJ6&IGrHvv4WXA=kB<`DiQuDm=M#nRTrQge1bRgPtXk2pe3xqDCht}a)Su@1iDPXBq
zhI;%-ng_eBG~<z6_A_*1>V~B@&An-!>$B7|Ctsf-Ih(Zbm`YHBmQdK@$qyoi^}cc}
zq|{shEx~;D)nLC(l6;1IsA0Gd9*`@t=6ABHHsew~960y|+FeU^@$Zj&Z%wY{mdw*U
z>9(>T%J9qf7^Y4~j8s^8Im%S54NH*tF~0gc2HvWxN_ht1-+L*ZVq{C~PR(e2D{7Z)
zv7HS8%7(Q~lX`ICtiquG{$|nc)h?3`k5>JIM8;~Dn#TX3>214tlT!R9@j}g39zfly
z>27V4=P0e*Af=-XD&^<4GHJ0L>p}9NUQ=TYL3FX;dNhEST7J%|N|~`EH9+T!u9OY^
z0&Y-6*K^rz&FodfA#lnbf>c#8?YrIVdRvykGgDwHiuN3!m6(2_RQVB<o){OAFJf&6
zs(xpz^d?}-%o4XfEk;0-FyJ37yR)vkHRDg5U9{GC2ZpPw4rQiab^!G;8x}v?s4SGK
zWLJA5cOm4(PQO~peK)3@v2Yg^(_1jBc--2}gnAf&Ophs(0Jp68<<dNIbjZu~L+S8J
zF+&`UnJ`a!i=^{(_F>VO%Z`yPGg^jzr}#j?SiIrywSF))R(twbF=89P0V$D&+W=FW
zn%4&<M5fmFfU+&zt=ag&cR!bSFg`4<#DO=(oJ~ARm}aK%xvBL$XXEviX)`^hNd{m#
z=`Z}Ky!GB!^`vTz-ug-{LVyaL9_&#~8Ft#wzBZ!!#fwzMjpyx5<Maxy7v#T#!XhFA
zE%!X>JT-1$Tei2byS8?6<DZm{wd=b!Is5cM@18Z^P3z}b!b3+VI3jMzq5X}&cj@7G
z{x5zWOucJK(alGGw>}ET-+IbO3qEq*@5M#+U*vB0Bj+Dzoz&{oWbVo_QBZgk->f62
z)ug(U>q5=F@=ks-kTaniizSz}$_Iv#OyXQ40xIp#2zJDIC>Kh5xsT*rd9Rdwb$(*0
z@>*%)aP8_E5TL%|c*fHuc=lycke7lG92JDi^7K>aOS6AdJMnsS(qDBdYv3lSm}jIm
z&Us6vG&MByZH{+-B{;ptlYRBV&6*lMQ|W%+m+gA3Z?RE!r>mWLwpPS3ZZbktoje-7
z@+)9WIME>^__wS_&(Xp|(d=G~3I_=bGcXo<JndTIg)1ZxStA!1g*B}`cmSqlf<%|U
zH>_!cb(z-NF4c6@0=1xscIGOLIJFE950B86_DQWekD1I2n}FW5SaO}1k{&F%z~%yi
z0M_<=QbGUhR-2!)^V%}Z9xA)xRXX<G4r{zR`))aomX5J!rf2RoaSZ<%=g7~M^TxZv
zTN#~ioOM(C7y7az(e2S(Z$68(DGXWA4$R+0peM7>A93oFJo)eLASvuallhnx9wCqQ
z-#Lx7^+ki-H@ThC`|?-gs`#Jldd@tOeUTZh>-X?EQ@+?YJMs-oc9k5J;C`v4q_g;a
zG8```7sW4+-xaWF+bj8AXnsg;r)>i|%-E{kTKUe6re0TG8mHwl`Io3)!YWgPo8VVA
zzeYpzaQN<^|KVuzWO9L+z+TtWGzP;m)ZNSP<W2JCM^rNh83D}XFteo9bk&Z(aQBHD
zj0X(R*oC*gulULOJG?Du1<_rSS^7ba*Yc*SxHP%XOS0w8#)|K+mF~;0ny~7Mf7qwt
zr%Ed4m6&%XH)E$VrX-IzwYI~fkslp5>`#=pu=9XsMjTd0;V}SN{;~2LAwEp(M{WQ8
zQe@y}(65&>9irU57A`6*S{)VM<E2Qb?_5qQ@$=H951I8tFa$Ga>M_<{*)`xqV=K>v
zGCk-sDV^8N_sz8BU4|;+>mOZz)C_gyA4}|t{`}8yX=Co}&bU(X{UZ#`i4x0Sbgv;c
zWjSHAefgd9gHGtC&!l#>J3Sh*BdexDA-1xXEJY=C*()nOg0|OVF-P<GD=Hh9?969A
zDa}#}9^S}G&3)~i_YzFnjQ+N3ahS(S)*M-dC5Pn@*CFm}GxsMzJ>{o)LWH@~mdNv@
zLX(Xc6Fpu|hP(i?1_i{`?U2PMoyeY<!ciNcd@dGX$Dq2&q6?nU5-c=dhQr#0xS7uK
z#|*1o*seNvUr+VdiQ$AVnfzsaN793tJQw~zA@O-rn`hoKaV&hS@ML2f3~kAx)0{rZ
z6HGNzpn~bymA+K_XM9BQMfH!32-n1hjI@1?2OIsp%5Iu4y_1pL#L|s~#YDGSv|r_-
zMlgz`$4JrfT<$-9D?YH~QwgeA%1z^~x#WcRFrpaWbNDyx^YI{HM6Cz^!*E4>N>i^q
z=e92r-t*COAdTQRR&L_`MF}h_1PKv@F&csssa9!};U8;d-K2touu%Q1M=G`WHO!Zm
z;Er~QPRW6Q6%^~<0-`dwk)#yJ5Go{6%74;<I1h8L2cE!K`6kA2ebP{~A9fg~*(@Kb
zaLll@vKo}}+SyJZT`vpgAnea_Nk{+bk!Jk?m4mmu_6Et`KXh`(ZC~l^fn=8CIy!oK
zdWdB;!UC&SE(%&E$6vZ(k{fwO1MluO24_8a@+AHK>_r^jbxtnnD=`gsQhGY-I;5Xp
zIl?Fvm83s+{5AoHJBZ|N{uf&0E_bxx!X83WtOCn8oiK&Oc<6E5*4jc}nVo6sf<+<W
z_M?2{UGt~{#w$f|!%ae&7U6yBL(+ACEP-UyOl~Hh{_u^8ISg!#!2R}H&+4y{p;R+>
zwMN1Yp_~N%XhRpBXO<^{N-$HdSo-=&1Od`h<mzNKyK+;O9S>I$4u*gf|9YA2T?@H?
z-QxD{(0^}<|G!(J_)s)r(eKar&|)5Vg&IS^$qVtGd5w3sBqAv!cY>&0ckqV&whgw(
zGpA3Vj!7bjaS;-unfxU5dvwn8gU%m2lNH>Lo;+W-JU7szqoWfA3W3F4aeIc}lB1s9
zYd%TXgTMzuK^~1AOy2w6LEAe4p;D&|-+37f2oZk82^e5Zg06!W$*yPn^ql@nkfzd`
z$q%G5M&FUoh{7I(`Rdnqz*3z6%SCpJh&730)dX@txSSt<7&!O4jseNRo!#1=^VERV
z*v3NrA(?5s9VbY#y}0_f#z2k}Q)WA2(2!PiS+eR@8GcE>$ESJS(69>OW-EZ3l}<mU
z6CNo~av}llkogTTY)H?``}M4Qnns%7w#a<U=P8gi(2$HboxE^sr*^enL^R7PXv|-S
z^hBOq%9}(*rKHf4i(&SG7cPXw_NH8W@S6H~3UffNg=cNH1u36^pBA~yq1;|hBBs9a
z6S5mg$2~rNOfvmQ@#&hX4u9af#k-C9SP|EbU(xNwsu_-`or^5Rj;s3axmXj&%3bq?
zqL8PD0=$twFNui~x@>H1WxjQHr^wo-btXT(M4~81qR4!m<O#&yZ!bVjyP^c2`DJ(w
zd70h^(i+YW)_7K#^u0RzGB^nTF#&Q3Wa42P;E*~#kkcASc&)DU!~<y6&kFjN9`3Eg
zA5bp(ggvVxOz|&6US_zfL@$5*V4C(u_Q*r$Gbdwa>)1l1Si|(wAJO~q5wkKAvz{*|
ziEHwJCeFYAa0x&DC1zqbjykL;Uu2t*PBazKaZ32(!*EDEta-$Q2LFFV$GO;vbGpO8
z-<wgF7x@@wVkMSQ#YylOj-&RP$k;pgam7&>en&R72EK%JOv3lWz-cre^WY}Di&ayZ
z<g0`+(2{ynpI#<hfOE(<0?;V@NB%bT-r?g8No|b3I1w!orp3PZ6`BNyI0YAgkFag<
zs>Jt%xWf;{kJc8j;f`dFfOz1F&6w<+j{&}$FRkywSkke#tLylPQ;!<w1e*&yC@C;;
z6sZJ-M+!U&mqB)<q+Z}ZH96ycp`R^cW%kQeuq-ndhFnWwx~<Pt+zB>$43bV<KQ?}W
z8PQd6+}KGPa|2F63Qt~neTlBJr})p&&u@?f3}v&3>s~xMgsb)gxhOye$kvP6mKHXg
zn;PpoP`kTRMHP)OfS^F2+sJRdRksVAg)87;YM;W!1pU)1hV`|v5ZNod1B@^L^TsKd
z0r&k3|Bi}4wNstT)8`sqIEe?pZ#j+D`IxwQ$JhLMT|57=kFx`eV^iUCMJ0jV)BWc>
z(<<&Ao4U&}PY`XTkWq2GM0-ueT4xTpLvM3dFv$EJiw1JT$&q{x@TS5$#-H*tdYCMz
z&`|gm!3P2l*DgEfoV-?CTns;1`234#G!Do?!*gdAA)CITfpRc({Wq*Tl`iIOF@4#%
z_wA&L>148sleZ$|OGTm_npQ_o+$^(=SDYMWjd0%k)dJW@6*(R`z8XIvCj}4tr@&TV
z9i-_oA8BHOWyJ!ha<)$b@1)E<qL8t#6}b79xpH@BE57q^$i@M?s`*kKdc;}JX=}dh
zDp)4E=x*QL-sv~AyWA?S7A@Gom-<@g#tlhXfB+e$mVg5lw<;kN&g*;zMv=?IjvZ;+
zDdDEFHUiYq{iO{gj|K+^b+{ZBH;GFGWN7IffDt&{AUDS=cGS=ItJu2F+w?rFUVMDK
z<qvVQmh6)^kF}}Z<~Xiq*m|TRR!pF;1B1QSLRD*9x}G^Jlx7-8#)Ok<VZSOLY){sa
zDt%WGyD9dG@&tg8ZUU>xM{7HZCZ=u$jgOn4!zUzE8o`9Ea8vc$Q^Fc?0B&Ws2sQQ!
z5=sgw_s2~}75DGu%bm0-diheXk6DwF5>T$Pt$~@c(o)H;&f#H(=ck0yBaa?fmD=A}
zXn0^0g}|fF@+u}{;K@-;SiGEbzg>E5m@3zx<Z}s?p1(_UbFt&^??7);iGNgGzFxn|
z$1%vlKR9{n(i{dL-Q)R!=dlXz-zzG97kmYC97{S`_F}53ss=s41fNQnF|9`8f=?nO
zGQp>+Gu2={c-_;}b1uieRH{I|gB=s}VfzA8!G%zUMTsYivCPX$A*(o<qXV&CDA%No
z=;3T%DgQdyG1vuPk?%eC=SkoxHxpHcQ!WfVcwjW38uDQW$X)_3>*5`K_Wkx$FK_tY
zivUwa=hM&1FL`ktlVHiA`=ZWu?1y5y0AnkEi;upRwUDZV{Do&>`Z|h}NRnj3>_Kr#
z8P5yC?a_)TBaa=meNmd*^aqNsdf0@&wB(>F9T^!Z5IZdxxKf_e5y2#cY7MB)eDBsF
zyX&EBc1-x{+q<6TDsMgvKc$N9-))U+9C12z4a2dP#oWPCms5!ne0BJ*RqFw<x|v|l
z>u@7to1gUu=%5L6lo#X;;1YHHadQ7}Rp&DF(4_hb`fCOF0bZYR+<JCO$}}{FDS%n#
zDlhW^3wPMc+E?LOofJKH=hP5HJFpE(JzTcPI@Y*xglP<=1G&&YA}(V9SZZf1a#^2k
z49Ld}0e-G96Sum$8ZegJG$)W){#BmIf^9Cge4UrWh3Janm`YQBKGmjOK^=Oq*s}UZ
z(b!}Q;!??T6%o)h#<fKjP8@7ee;&CIge_Y(He#q44_IJ`!;R$U?$%5F88E+da`iI*
z-tV<9R#VB0n~tzTC?@@epKH8?BCRz0mPEr6Pyxkn*WDk0;LNqbz9m?M9Xs9@Jeq}i
zW8}yrh?{9+(Nd8C7D5;f;%N3eHv&7na4UM8%wSWNdXv7DRaZ~%D!7Q)Hgh{`T$~r4
zqDy(9uM{!CdO&`Q0Sh~y`%bsZhm!SH^T!ilGH1lVk>eKeVoD$oi?S}bhZ$M~p>^km
z6d3mhm~S9Ax{lPxcpfGyE(fExh;)}uKq#*!(P41|_vkmrF-6JU9HuD0yMaPQ6(8v)
z#TFN(IIt6{Rfo)5sIb_YKdGR#eWgLmxkGsn_hdKqYKY4&{lfX{Z>F#Tza>snRE50-
zdra34??Yr;*=l#)(gFi-VQbIt82u@V%VXOZ7OA{hz8D|c#JgQ5&qsKkk@fUY(4AA%
zO(8qA%6{*K<PU^3Z*hEh{{xWZ<KXuyLFBEeILguvrAwE2t<WJX^q$!vCxxm4RH@_x
znpGcZw~Hm4v%WaRwJk@@Cb$?Btx7^t<1nnqQSa+fw+j`6uq>q=hN0Cgx(SG`kfY&%
zjy0CeZ}qC#S(pEA^x&<J8o$Snxme>lBS0e0g-s6y1yNl0OB^QoeHol!g?iwV$YcWr
zwiB4;VSq9l@p-V#`>ko=L||a6&0=H2sZ}aZbBP~~$2ZS3Ismr%OTzeZ#>COZjYWUA
z@ikdDn#e?2S=JF-U$Yhs<B&}+X>N{!&m4v)qEG)Mlsy4*-(jP-?7$3+)(v+qd>Fn}
z^VRL`kx+e!$84-UYjhV-jZqV9j0YAu=1zXpZaqN!gh;$a2(8&+L)q|$McW;Y>G;Uq
zV>Av{zAt3bsO$RtEgQ+=a+*I5JFA-gU@D5|5Imk8=T9l*)h3%j@ml&ZMUh8;Y5ZOE
z*3Od96kF?Y!PadDeh*6jir;}nc8hFTsvc~Zw?`@FsIHz&Y>=0>W@5^%U5{R+Oh%;g
zMKqs2IINq1o9C$|ny`Ds-L<EVPr8<_gRt`RSC7=%igWLelDJSDb3C#8?BM)R+rFrq
zyM{IQTR&PFZ6o@)85C*#@PZdAb*zRWz-=>@p-n{g#c!Oz>THkZW|{NsjlkCW5T4$Y
zy~0QlR*$6=SUmz{5*!rG_<;k$M`^OZ-a9T@F5<k_$xybNCoK#;Nr;P-ds81bDo7sr
z>UP5xSeWN-D;OTSk`S$^bBBuPcJ19q@YwYH2^r}6%@E9X-@|L;nX%1)G4*lOV&RJ!
z5MsxBek7A&GkG&shJ%#Mj5|UHFje0x2G(z}@ry16iSwZbZ|`TY9j}w*m$^%(;nA^t
z(dBt8mZ`X<a13H-E~ZB-o4Wl-e4(;^J29%GCS-qG*m?7|c5u=iOPIQR&EL&T#&9>*
z>xOKe-Tmf{aTA(x36h)VlA~28eD}_jIsu-A)~GjUBfaUA?k(@zw|`Da@siHbq&4V7
zcmg03{&k>Kc3o23a}*-kTkBe$?itzljf6V?VjxeA^nu-0@(b%3kJ0x|e-!Fz5Y#0J
zvwIY;bS~h?QiDfb!~)gDVhlKds@rHr%1a%p&@_t~UFldG6QOnCFWvm{VX^${k9Hwh
z2^6c)vyPMJ9iJ^wC$>N$_lTBB!V5D|G3xO3&xLXk)v*D=vsFfyQT&VA2Uj87+F9*8
z+rkt=KiBr8{}g5&{CMLT`fJ@$8T;kg-$&*kf30UzHV-|sA$I$3=gkt9X@nHZNWEN7
zWzQ-UhvR-nZ*`qSF$ttwl8WLfB?2txp28lo%USoFEKv2{<G)`eQTpralYPi7qTzi?
z(u7&V(!#>NC3wCFi8K{)<g$V{4v^X3y}~MVk+biw19`xKmLUG5^H-r4r#s!{d0%}=
zT;l<GV3A*Ub#<NDYA<>s6`6(MkH_$*8{bqB$^Xiw!YYLQaA4rC+I|jM+v6WOun!xH
z=A@2IS9LtqkR+P$|MLMGuZyMdl=UF?E0=jYRG^4j_3^g)>jAHU2OR7kzDy0}&HdGo
zgr2alvx{tE=w{R$BkYwE%5{OQmxE|uS#Liz#25HUieyesPS?yLEU?_Xdv!7g)X4x$
z1`VmWaqcxCxU+A8Y#Z2$5!C*xcx*Zdb&|EU_0nw>(Z4n(i$hK>F3M)KYIaS>2_JT!
zbyN`rF*gzoIX4MS)o1TIfY_n$Ie^QdB)s%Ar0y+vqwQo=RzB<nB?BuubGLRxuHh2H
z%Y&PYKP5xwX6t|<mXep3H<p{5yUSH0Tm9!6{`<?3D96^lh2(KBQ(!C#fxEWpU>LU~
z;oyZV_TXFa6Kc=lTHvdBy;AEW*V%j9)5mphX?SiRn|mRknlsC+i%Pb8SF=v(_=AP&
zwO}x;uq#2M(Z-zju5s?Qe%^<cW9!bhzsb%Xa{hG6+~^|2Gm*7n*m}tbm$*SOsj6!0
zD>9zSPfNS!aAAYp^smcf1bv&O{L)Kp^@`HM!avK<onMwp&1BuX$V$w0LQ&vd{QMY*
zZRS9p5MHM$pV54ka5CZSp(mmho4N-eDybwnBV#I2T3R|)S=5S@1OI+aEfQ{S?qEF~
u9foz_e~MW_`kr&H?{WMyaE;k#m-r=}`-xXW7lih~e@d6t74zh8`TjrH3_s`q

literal 0
HcmV?d00001


From 7dceb054243f3c5f641388934cb6dbbbaa6b91e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Claus-Peter=20H=C3=BCbner?= <claus-peter.huebner@email.de>
Date: Tue, 25 Oct 2022 22:10:58 +0200
Subject: [PATCH 03/14] Ergebnisse aus Architekur-Mtg vom 25.10.2022

---
 docu/RoadMap_2022-2023.md | 201 ++++++++++++++++++++++----------------
 1 file changed, 118 insertions(+), 83 deletions(-)

diff --git a/docu/RoadMap_2022-2023.md b/docu/RoadMap_2022-2023.md
index 26a4ec41e..be3e197bd 100644
--- a/docu/RoadMap_2022-2023.md
+++ b/docu/RoadMap_2022-2023.md
@@ -13,49 +13,47 @@
 
    - Konzept fertig
    - Änderungen in Register- und Login-Prozess
-3. Passwort-Verschlüsselung
+3. Passwort-Verschlüsselung: Refactoring
 
-   - Konzept fertig
-   - Unabhängigkeit von Email erzeugen
-   - Änderung der User-Email ermöglichen
-   - Versionierung der verwendeten Verschlüsselungslogik notwendig
-4. Contribution-Categories
+   - Konzept aufteilen in Ausbaustufen
+   - Altlasten entsorgen
+   - Versionierung/Typisierung der verwendeten Verschlüsselungslogik notwendig
+   - DB-Migration auf encryptionType=EMAIL
+4. Passwort-Verschlüsselung: Login mit impliziter Neuverschlüsselung
+
+   * Logik der Passwortverschlüsselung auf GradidoID einführen
+   * bei Login mit encryptionType=Email oder OneTime triggern einer Neuverschlüsselung per GradidoID
+   * Unabhängigkeit von Email erzeugen
+   * Änderung der User-Email ermöglichen
+5. Contribution-Categories
 
    - Bewertung und Kategorisierung von Schöpfungen: Was hat Wer für Wen geleistet?
    - Regeln auf Categories ermöglichen
    - Konzept in Arbeit
-5. Statistics / Analysen
-6. Subgruppierung / Subcommunities
+6. Statistics / Analysen
+7. Contribution-Link editieren
+8. User-Tagging
 
-   - **einfacher Ansatz:** innerhalb der existierenden Community gibt es Untergruppierungen, sprich SubCommunities
+   - Eine UserTag dient zur einfachen Gruppierung gleichgesinnter oder örtlich gebundener User
+   - Motivation des User-Taggings: bilden kleinerer lokaler User-Gruppen und jeder kennt jeden
+   - Einführung einer UserTaggings-Tabelle und eine User-UserTaggings-Zuordnungs-Tabelle
+   - Ein Moderator kann im AdminInterface die Liste der UserTags pflegen
 
-     - Einführung eine Community-Tabelle
-     - In der Community-Tabelle gibt es zunächst eine Haupt-Community, die mehrere Sub-Communities haben kann
-     - ein User ist in der Haupt-Community unique, kann aber in mehreren SubCommunities sein
-     - Eine SubCommunity dient zur einfachen Gruppierung gleichgesinnter oder örtlich gebundener User
-     - Eine SubCommunity hat eigene Moderatoren
-     - Motivation einer SubCommunity: kleine lokale Gruppen und jeder kennt jeden
-     - **ToDos**:
-       - DB-Migration für Community-Tabelle, User-SubCommunity-Zuordnungen, UserRights-Tabelle
-       - Berechtigungen für SubCommunities
-       - Register- und Login-Prozess für SubCommunity-Anmeldung anpassen
-         - Auswahl-Box einer SubCommunity
-         - createUser mit Zuordnung zur ausgewählten SubCommunity
-       - Schöpfungsprozess auf angemeldete SubCommunity anpassen
-         - "Beitrag einreichen"-Dialog auf angemeldete SubCommunity anpassen
-         - "meine Beiträge zum Gemeinwohl" mit Filter auf angemeldete SubCommunity anpassen
-         - "Gemeinschaft"-Dialog auf angemeldete SubCommunity anpassen
-       - "Mein Profil"-Dialog auf SubCommunities anpassen
-         - Umzug-Service in andere SubCommunity
-         - Löschen der Mitgliedschaft zu angemeldeter SubCommunity (Deaktivierung der Zuordnung "User-SubCommunity")
-       - "Senden"-Dialog mit SubCommunity-Auswahl
-       - "Transaktion"-Dialog mit Filter auf angemeldeter SubCommunity
-       - AdminInterface auf angemeldete SubCommunity anpassen
-         - "Übersicht"-Dialog mit Filter auf angemeldete SubCommunity
-         - "Nutzersuche"-Dialog mit Filter auf angemeldete SubCommunity
-         - "Mehrfachschöpfung"-Dialog mit Filter auf angemeldete SubComunity
-       - Subject/Texte/Footer/... der Email-Benachrichtigungen auf angemeldete SubCommunity anpassen
-7. User-Beziehungen und Favoritenverwaltung
+     - neues TAG anlegen
+     - vorhandenes TAG umbenennen
+     - ein TAG löschen, sofern kein User mehr diesem TAG zugeordnet ist
+   - Will ein User ein TAG zugeordnet werden, so kann dies nur ein Moderator im AdminInterface tun
+   - Ein Moderator kann im AdminInterface
+
+     - ein TAG einem User zuordnen
+     - ein TAG von einem User entfernen
+   - wichtige UseCases:
+
+     - Zuordnung eines Users zu einem TAG durch einen Moderator
+     - TAG spezifische Schöpfung
+       - User muss für seinen Beitrag ein TAG auswählen können, dem er zuvor zugeordnet wurde
+       - TAG-Moderator kann den Beitrag bestätigen, weil er den User mit dem TAG (persönlich) kennt
+9. User-Beziehungen und Favoritenverwaltung
 
    - User-User-Zuordnung
      - aus Tx-Liste die aktuellen Favoriten ermitteln
@@ -65,67 +63,104 @@
      - Gruppierung
      - Community-übergreifend
      - User-Beziehungen
-8. technische Ablösung der Email und Ersatz durch GradidoID
+10. technische Ablösung der Email und Ersatz durch GradidoID
 
-   * APIs / Links / etc mit Email anpassen, so dass keine Email mehr verwendet wird
-   * Email soll aber im Aussen für User optional noch verwendbar bleiben
-   * Intern erfolgt aber auf jedenfall ein Mapping auf GradidoID egal ob per Email oder Alias angefragt wird
-9. Zeitzone
+    * APIs / Links / etc mit Email anpassen, so dass keine Email mehr verwendet wird
+    * Email soll aber im Aussen für User optional noch verwendbar bleiben
+    * Intern erfolgt aber auf jedenfall ein Mapping auf GradidoID egal ob per Email oder Alias angefragt wird
+11. Zeitzone
 
-   - User sieht immer seine Locale-Zeit und Monate
-   - Admin sieht immer UTC-Zeit und Monate
-   - wichtiges Kriterium für Schöpfung ist das TargetDate ( heißt in DB contributionDate)
-   - Berechnung der möglichen Schöpfungen muss somit auf dem TargetDate der Schöpfung ermittelt werden! **(Ist-Zustand)**
-   - Kann es vorkommen, dass das TargetDate der Contribution vor dem CreationDate der TX liegt? Ja
-   - Beispiel: User in Tokyo Locale mit Offest +09:00
+    - User sieht immer seine Locale-Zeit und Monate
+    - Admin sieht immer UTC-Zeit und Monate
+    - wichtiges Kriterium für Schöpfung ist das TargetDate ( heißt in DB contributionDate)
+    - Berechnung der möglichen Schöpfungen muss somit auf dem TargetDate der Schöpfung ermittelt werden! **(Ist-Zustand)**
+    - Kann es vorkommen, dass das TargetDate der Contribution vor dem CreationDate der TX liegt? Ja
+    - Beispiel: User in Tokyo Locale mit Offest +09:00
 
-     - aktiviert Contribution-Link mit Locale: 01.11.2022 07:00:00+09:00 = TargetDate = Zieldatum der Schöpfung
-     - die Contribution wird gespeichert mit
+      - aktiviert Contribution-Link mit Locale: 01.11.2022 07:00:00+09:00 = TargetDate = Zieldatum der Schöpfung
+      - die Contribution wird gespeichert mit
 
-       - creationDate=31.10.2022 22:00:00 UTC
-       - contributionDate=01.11.2022 07:00:00
-       - (neu) clientRequestTime=01.11.2022 07:00:00+09:00
-     - durch automatische Bestätigung und sofortiger Transaktion wird die TX gespeichert mit
+        - creationDate=31.10.2022 22:00:00 UTC
+        - contributionDate=01.11.2022 07:00:00
+        - (neu) clientRequestTime=01.11.2022 07:00:00+09:00
+      - durch automatische Bestätigung und sofortiger Transaktion wird die TX gespeichert mit
 
-       - creationDate=31.10.2022 22:00:00 UTC
-   - **zwingende Prüfung aller Requeste: auf -12h <= ClientRequestTime <= +12h**
-   - zur Analyse und Problemverfolgung von Contributions immer original ClientRequestTime mit Offset in DB speichern
-   - Beispiel für täglichen Contribution-Link während des Monats:
+        - creationDate=31.10.2022 22:00:00 UTC
+    - **zwingende Prüfung aller Requeste: auf -12h <= ClientRequestTime <= +12h**
 
-     - 17.10.2022 22:00 +09:00 => 17.10.2022	UTC: 17.10.2022 13:00 UTC => 17.10.2022
-     - 18.10.2022 02:00 +09:00 => 18.10.2022	UTC: 17.10.2022 17:00 UTC => 17.10.2022 !!!! darf nicht weil gleicher Tag !!!
-   - Beispiel für täglichen Contribution-Link am Monatswechsel:
+      - Prüfung auf Sommerzeiten und exotische Länder beachten
+      - 
+    - zur Analyse und Problemverfolgung von Contributions immer original ClientRequestTime mit Offset in DB speichern
+    - Beispiel für täglichen Contribution-Link während des Monats:
 
-     - 31.10.2022 22:00 +09:00 => 31.10.2022	UTC: 31.10.2022 15:00 UTC => 31.10.2022
-     - 01.11.2022 07:00 +09:00 => 01.11.2022	UTC: 31.10.2022 22:00 UTC => 31.10.2022 !!!! darf nicht weil gleicher Tag !!!
-10. Layout
-11. Manuelle User-Registrierung für Admin
+      - 17.10.2022 22:00 +09:00 => 17.10.2022	UTC: 17.10.2022 13:00 UTC => 17.10.2022
+      - 18.10.2022 02:00 +09:00 => 18.10.2022	UTC: 17.10.2022 17:00 UTC => 17.10.2022 !!!! darf nicht weil gleicher Tag !!!
+    - Beispiel für täglichen Contribution-Link am Monatswechsel:
+
+      - 31.10.2022 22:00 +09:00 => 31.10.2022	UTC: 31.10.2022 15:00 UTC => 31.10.2022
+      - 01.11.2022 07:00 +09:00 => 01.11.2022	UTC: 31.10.2022 22:00 UTC => 31.10.2022 !!!! darf nicht weil gleicher Tag !!!
+12. Layout
+13. Lastschriften-Link
+14. Registrierung mit Redeem-Link: bei inaktivem Konto keine Buchung möglich
+
+    1. speichern des Links zusammen mit OptIn-Code
+    2. 
+15. Manuelle User-Registrierung für Admin
 
     - soll am 10.12.2022 für den Tag bei den Galliern produktiv sein
-12. Dezentralisierung / Federation
+16. Dezentralisierung / Federation
 
     - Hyperswarm
+
+      - funktioniert schon im Prototyp
+      - alle Instanzen finden sich gegenseitig
+      - ToDo:
+        - Infos aus HyperSwarm in der Community speichern
+        - Prüfung ob neue mir noch unbekannte Community hinzugekommen ist?
+        - Triggern der Authentifizierungs- und Autorisierungs-Handshake für neue Community
     - Authentifizierungs- und Autorisierungs-Handshake
     - Inter-Community-Communication
+    - **ToDos**:
+
+      - DB-Migration für Community-Tabelle, User-Community-Zuordnungen, UserRights-Tabelle
+      - Berechtigungen für Communities
+      - Register- und Login-Prozess für Community-Anmeldung anpassen
+
+        - Auswahl-Box einer Community
+        - createUser mit Zuordnung zur ausgewählten Community
+      - Schöpfungsprozess auf angemeldete Community anpassen
+
+        - "Beitrag einreichen"-Dialog auf angemeldete Community anpassen
+        - "meine Beiträge zum Gemeinwohl" mit Filter auf angemeldete Community anpassen
+        - "Gemeinschaft"-Dialog auf angemeldete Community anpassen
+      - "Mein Profil"-Dialog auf Communities anpassen
+
+        - Umzug-Service in andere Community
+        - Löschen der Mitgliedschaft zu angemeldeter Community (Deaktivierung der Zuordnung "User-Community")
+      - "Senden"-Dialog mit Community-Auswahl
+      - "Transaktion"-Dialog mit Filter auf angemeldeter Community
+      - AdminInterface auf angemeldete Community anpassen
+
+        - "Übersicht"-Dialog mit Filter auf angemeldete Community
+        - "Nutzersuche"-Dialog mit Filter auf angemeldete Community
+        - "Mehrfachschöpfung"-Dialog mit Filter auf angemeldete Comunity
+      - Subject/Texte/Footer/... der Email-Benachrichtigungen auf angemeldete Community anpassen
 
 ## Priorisierung
 
-1. capturing alias
-2. Manuelle User-Registrierung für Admin (10.12.2022)	**Konzeption!!**!
-3. Zeitzone
-4. User-Beziehungen und Favoritenverwaltung
+1. Contribution-Link editieren (vlt schon im vorherigen Bugfix-Release Ende Okt. 2022 fertig)
+2. Passwort-Verschlüsselung: Refactoring **Konzeption fertig!!**!
+3. Manuelle User-Registrierung für Admin (10.12.2022)	**Konzeption ongoing!!**!
+4. Passwort-Verschlüsselung: implizite Login-Neuverschlüsselung **Konzeption fertig!!**!
 5. Layout
-6. Passwort-Verschlüsselung
-7. Subgruppierung / Subcommunities (einfacher Ansatz)
-8. Contribution-Categories
-9. backend access layer
-10. Statistics / Analysen
-11. technische Ablösung der Email und Ersatz durch GradidoID
-12. Dezentralisierung / Federation
-
-## Zeitleiste
-
-
-
-
-![img](./graphics/RoadMap2022-2023.png)
+6. Zeitzone
+7. Dezentralisierung / Federation
+8. capturing alias **Konzeption fertig!!**!
+9. Registrierung mit Redeem-Link: bei inaktivem Konto keine Buchung möglich
+10. Subgruppierung / User-Tagging (einfacher Ansatz)
+11. backend access layer
+12. technische Ablösung der Email und Ersatz durch GradidoID
+13. User-Beziehungen und Favoritenverwaltung
+14. Lastschriften-Link
+15. Contribution-Categories
+16. Statistics / Analysen

From 77227355d8760d8e481b04f66706c53c933d2256 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Claus-Peter=20H=C3=BCbner?= <claus-peter.huebner@email.de>
Date: Tue, 25 Oct 2022 22:27:30 +0200
Subject: [PATCH 04/14] =?UTF-8?q?kleine=20=C3=84nderungen=20u=20Erg=C3=A4n?=
 =?UTF-8?q?zungen?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docu/RoadMap_2022-2023.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/docu/RoadMap_2022-2023.md b/docu/RoadMap_2022-2023.md
index be3e197bd..fa8573448 100644
--- a/docu/RoadMap_2022-2023.md
+++ b/docu/RoadMap_2022-2023.md
@@ -101,10 +101,11 @@
       - 01.11.2022 07:00 +09:00 => 01.11.2022	UTC: 31.10.2022 22:00 UTC => 31.10.2022 !!!! darf nicht weil gleicher Tag !!!
 12. Layout
 13. Lastschriften-Link
-14. Registrierung mit Redeem-Link: bei inaktivem Konto keine Buchung möglich
+14. Registrierung mit Redeem-Link:
 
-    1. speichern des Links zusammen mit OptIn-Code
-    2. 
+    * bei inaktivem Konto, sprich bisher noch keine Email-Bestätigung, keine Buchung möglich
+    * somit speichern des Links zusammen mit OptIn-Code
+    * damit kann in einem Resend der ConfirmationEmail der Link auch korrekt wieder mitgeliefert werden
 15. Manuelle User-Registrierung für Admin
 
     - soll am 10.12.2022 für den Tag bei den Galliern produktiv sein

From 73ced2291e0cff0e0c5263520854ebf7283d244a Mon Sep 17 00:00:00 2001
From: joseji <chosejimenez@gmail.com>
Date: Tue, 8 Nov 2022 13:41:33 +0100
Subject: [PATCH 05/14] database migration added

---
 backend/src/config/index.ts                   |   2 +-
 .../0053-change_password_encryption/User.ts   | 127 ++++++++++++++++++
 .../UserContact.ts                            |  66 +++++++++
 database/entity/User.ts                       |   2 +-
 database/entity/UserContact.ts                |   2 +-
 .../0053-change_password_encryption           |  38 ++++++
 6 files changed, 234 insertions(+), 3 deletions(-)
 create mode 100644 database/entity/0053-change_password_encryption/User.ts
 create mode 100644 database/entity/0053-change_password_encryption/UserContact.ts
 create mode 100644 database/migrations/0053-change_password_encryption

diff --git a/backend/src/config/index.ts b/backend/src/config/index.ts
index e7139033b..26227b90d 100644
--- a/backend/src/config/index.ts
+++ b/backend/src/config/index.ts
@@ -10,7 +10,7 @@ Decimal.set({
 })
 
 const constants = {
-  DB_VERSION: '0052-add_updated_at_to_contributions',
+  DB_VERSION: '0053-change_password_encryption',
   DECAY_START_TIME: new Date('2021-05-13 17:46:31-0000'), // GMT+0
   LOG4JS_CONFIG: 'log4js-config.json',
   // default log level on production should be info
diff --git a/database/entity/0053-change_password_encryption/User.ts b/database/entity/0053-change_password_encryption/User.ts
new file mode 100644
index 000000000..bf2d02268
--- /dev/null
+++ b/database/entity/0053-change_password_encryption/User.ts
@@ -0,0 +1,127 @@
+import {
+  BaseEntity,
+  Entity,
+  PrimaryGeneratedColumn,
+  Column,
+  DeleteDateColumn,
+  OneToMany,
+  JoinColumn,
+  OneToOne,
+} from 'typeorm'
+import { Contribution } from '../Contribution'
+import { ContributionMessage } from '../ContributionMessage'
+import { UserContact } from '../UserContact'
+
+@Entity('users', { engine: 'InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci' })
+export class User extends BaseEntity {
+  @PrimaryGeneratedColumn('increment', { unsigned: true })
+  id: number
+
+  @Column({
+    name: 'gradido_id',
+    length: 36,
+    nullable: false,
+    collation: 'utf8mb4_unicode_ci',
+  })
+  gradidoID: string
+
+  @Column({
+    name: 'alias',
+    length: 20,
+    nullable: true,
+    default: null,
+    collation: 'utf8mb4_unicode_ci',
+  })
+  alias: string
+
+  /*
+    @Column({ name: 'public_key', type: 'binary', length: 32, default: null, nullable: true })
+    pubKey: Buffer
+    @Column({ name: 'privkey', type: 'binary', length: 80, default: null, nullable: true })
+    privKey: Buffer
+    @Column({
+      type: 'text',
+      name: 'passphrase',
+      collation: 'utf8mb4_unicode_ci',
+      nullable: true,
+      default: null,
+    })
+    passphrase: string
+    */
+
+  @OneToOne(() => UserContact, (emailContact: UserContact) => emailContact.user)
+  @JoinColumn({ name: 'email_id' })
+  emailContact: UserContact
+
+  @Column({ name: 'email_id', type: 'int', unsigned: true, nullable: true, default: null })
+  emailId: number | null
+
+  @Column({
+    name: 'first_name',
+    length: 255,
+    nullable: true,
+    default: null,
+    collation: 'utf8mb4_unicode_ci',
+  })
+  firstName: string
+
+  @Column({
+    name: 'last_name',
+    length: 255,
+    nullable: true,
+    default: null,
+    collation: 'utf8mb4_unicode_ci',
+  })
+  lastName: string
+
+  @Column({ name: 'created_at', default: () => 'CURRENT_TIMESTAMP', nullable: false })
+  createdAt: Date
+
+  @DeleteDateColumn({ name: 'deleted_at', nullable: true })
+  deletedAt: Date | null
+
+  @Column({ type: 'bigint', default: 0, unsigned: true })
+  password: BigInt
+
+  @Column({
+    name: 'password_encryption_type',
+    type: 'int',
+    unsigned: true,
+    nullable: false,
+    default: 1,
+  })
+  passwordEncryptionType: number
+
+  @Column({ length: 4, default: 'de', collation: 'utf8mb4_unicode_ci', nullable: false })
+  language: string
+
+  @Column({ name: 'is_admin', type: 'datetime', nullable: true, default: null })
+  isAdmin: Date | null
+
+  @Column({ name: 'referrer_id', type: 'int', unsigned: true, nullable: true, default: null })
+  referrerId?: number | null
+
+  @Column({
+    name: 'contribution_link_id',
+    type: 'int',
+    unsigned: true,
+    nullable: true,
+    default: null,
+  })
+  contributionLinkId?: number | null
+
+  @Column({ name: 'publisher_id', default: 0 })
+  publisherId: number
+
+  @OneToMany(() => Contribution, (contribution) => contribution.user)
+  @JoinColumn({ name: 'user_id' })
+  contributions?: Contribution[]
+
+  @OneToMany(() => ContributionMessage, (message) => message.user)
+  @JoinColumn({ name: 'user_id' })
+  messages?: ContributionMessage[]
+
+  @OneToMany(() => UserContact, (userContact: UserContact) => userContact.user)
+  @JoinColumn({ name: 'user_id' })
+  userContacts?: UserContact[]
+}
diff --git a/database/entity/0053-change_password_encryption/UserContact.ts b/database/entity/0053-change_password_encryption/UserContact.ts
new file mode 100644
index 000000000..05bfdfffe
--- /dev/null
+++ b/database/entity/0053-change_password_encryption/UserContact.ts
@@ -0,0 +1,66 @@
+import {
+  BaseEntity,
+  Entity,
+  PrimaryGeneratedColumn,
+  Column,
+  DeleteDateColumn,
+  OneToOne,
+  JoinColumn,
+  ManyToOne,
+} from 'typeorm'
+import { User } from './User'
+
+@Entity('user_contacts', { engine: 'InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci' })
+export class UserContact extends BaseEntity {
+  @PrimaryGeneratedColumn('increment', { unsigned: true })
+  id: number
+
+  @Column({
+    name: 'type',
+    length: 100,
+    nullable: true,
+    default: null,
+    collation: 'utf8mb4_unicode_ci',
+  })
+  type: string
+
+  @OneToOne(() => User, (user) => user.emailContact)
+  user: User
+
+  @Column({ name: 'user_id', type: 'int', unsigned: true, nullable: false })
+  userId: number
+
+  @Column({ length: 255, unique: true, nullable: false, collation: 'utf8mb4_unicode_ci' })
+  email: string
+
+  @Column({ name: 'email_verification_code', type: 'bigint', unsigned: true, unique: true })
+  emailVerificationCode: BigInt
+
+  @Column({ name: 'email_opt_in_type_id' })
+  emailOptInTypeId: number
+
+  @Column({ name: 'email_resend_count' })
+  emailResendCount: number
+
+  // @Column({ name: 'email_hash', type: 'binary', length: 32, default: null, nullable: true })
+  // emailHash: Buffer
+
+  @Column({ name: 'email_checked', type: 'bool', nullable: false, default: false })
+  emailChecked: boolean
+
+  @Column({ length: 255, unique: false, nullable: true, collation: 'utf8mb4_unicode_ci' })
+  phone: string
+
+  @Column({ name: 'created_at', default: () => 'CURRENT_TIMESTAMP', nullable: false })
+  createdAt: Date
+
+  @Column({ name: 'updated_at', nullable: true, default: null, type: 'datetime' })
+  updatedAt: Date | null
+
+  @DeleteDateColumn({ name: 'deleted_at', nullable: true })
+  deletedAt: Date | null
+
+  @ManyToOne(() => User, (user) => user.userContacts)
+  @JoinColumn({ name: 'user_id' })
+  contactUser: User
+}
diff --git a/database/entity/User.ts b/database/entity/User.ts
index d073f428a..b3c00a9b4 100644
--- a/database/entity/User.ts
+++ b/database/entity/User.ts
@@ -1 +1 @@
-export { User } from './0049-add_user_contacts_table/User'
+export { User } from './0053-change_password_encryption/User'
diff --git a/database/entity/UserContact.ts b/database/entity/UserContact.ts
index a368bb7ca..dd74e65c4 100644
--- a/database/entity/UserContact.ts
+++ b/database/entity/UserContact.ts
@@ -1 +1 @@
-export { UserContact } from './0049-add_user_contacts_table/UserContact'
+export { UserContact } from './0053-change_password_encryption/UserContact'
diff --git a/database/migrations/0053-change_password_encryption b/database/migrations/0053-change_password_encryption
new file mode 100644
index 000000000..1b87e2511
--- /dev/null
+++ b/database/migrations/0053-change_password_encryption
@@ -0,0 +1,38 @@
+/* MIGRATION TO ADD GRADIDO_ID
+ *
+ * This migration adds and renames columns to and in the table `users`
+ */
+
+/* eslint-disable @typescript-eslint/explicit-module-boundary-types */
+/* eslint-disable @typescript-eslint/no-explicit-any */
+
+export async function upgrade(queryFn: (query: string, values?: any[]) => Promise<Array<any>>) {
+  await queryFn('ALTER TABLE users RENAME COLUMN created TO created_at;')
+  await queryFn('ALTER TABLE users RENAME COLUMN deletedAt TO deleted_at;')
+  // alter table emp rename column emp_name to name
+  await queryFn(
+    'ALTER TABLE users ADD COLUMN password_encryption_type int(10) NOT NULL DEFAULT 1 AFTER password;',
+  )
+
+  // TODO these steps comes after verification and test
+  /*
+  await queryFn('ALTER TABLE users DROP COLUMN public_key;')
+  await queryFn('ALTER TABLE users DROP COLUMN privkey;')
+  await queryFn('ALTER TABLE users DROP COLUMN email_hash;')
+  await queryFn('ALTER TABLE users DROP COLUMN passphrase;')
+  */
+}
+
+export async function downgrade(queryFn: (query: string, values?: any[]) => Promise<Array<any>>) {
+  await queryFn('ALTER TABLE users RENAME COLUMN created_at TO created;')
+  await queryFn('ALTER TABLE users RENAME COLUMN deleted_at TO deletedAt;')
+  await queryFn('ALTER TABLE users DROP COLUMN password_encryption_type;')
+
+  // TODO these steps comes after verification and test
+  /*
+  await queryFn('ALTER TABLE users ADD COLUMN public_key binary(32) DEFAULT NULL;')
+  await queryFn('ALTER TABLE users ADD COLUMN privkey binary(80) DEFAULT NULL;')
+  await queryFn('ALTER TABLE users ADD COLUMN email_hash binary(32) DEFAULT NULL;')
+  await queryFn('ALTER TABLE users ADD COLUMN passphrase text DEFAULT NULL;')
+  */
+}
\ No newline at end of file

From ac6b8e666ff893d19786b51f20bff36b6c771038 Mon Sep 17 00:00:00 2001
From: joseji <chosejimenez@gmail.com>
Date: Wed, 9 Nov 2022 10:46:01 +0100
Subject: [PATCH 06/14] encryption interface

---
 .../graphql/enum/PasswordEncryptionType.ts    | 12 +++++
 backend/src/password/EmailEncryptr.ts         | 19 +++++++
 backend/src/password/EncryptorUtils.ts        | 52 +++++++++++++++++++
 backend/src/password/GradidoIDEncryptr.ts     | 19 +++++++
 backend/src/password/PasswordEncryptr.ts      |  6 +++
 ...ion => 0053-change_password_encryption.ts} |  4 +-
 6 files changed, 110 insertions(+), 2 deletions(-)
 create mode 100644 backend/src/graphql/enum/PasswordEncryptionType.ts
 create mode 100644 backend/src/password/EmailEncryptr.ts
 create mode 100644 backend/src/password/EncryptorUtils.ts
 create mode 100644 backend/src/password/GradidoIDEncryptr.ts
 create mode 100644 backend/src/password/PasswordEncryptr.ts
 rename database/migrations/{0053-change_password_encryption => 0053-change_password_encryption.ts} (97%)

diff --git a/backend/src/graphql/enum/PasswordEncryptionType.ts b/backend/src/graphql/enum/PasswordEncryptionType.ts
new file mode 100644
index 000000000..4f23aa693
--- /dev/null
+++ b/backend/src/graphql/enum/PasswordEncryptionType.ts
@@ -0,0 +1,12 @@
+import { registerEnumType } from 'type-graphql'
+
+export enum PasswordEncryptionType {
+  EMAIL = 0,
+  ONE_TIME = 1,
+  GRADIDO_ID = 2,
+}
+
+registerEnumType(PasswordEncryptionType, {
+  name: 'PasswordEncryptionType', // this one is mandatory
+  description: 'Type of the password encryption', // this one is optional
+})
diff --git a/backend/src/password/EmailEncryptr.ts b/backend/src/password/EmailEncryptr.ts
new file mode 100644
index 000000000..59098e207
--- /dev/null
+++ b/backend/src/password/EmailEncryptr.ts
@@ -0,0 +1,19 @@
+import { User } from '@entity/User'
+import { PasswordEncryptr } from './PasswordEncryptr'
+import { SecretKeyCryptographyCreateKey } from './EncryptorUtils'
+
+export class EmailEncryptr implements PasswordEncryptr {
+  async encryptPassword(dbUser: User, password: string): Promise<bigint> {
+    const keyBuffer = SecretKeyCryptographyCreateKey(dbUser.emailContact.email, password) // return short and long hash
+    const passwordHash = keyBuffer[0].readBigUInt64LE()
+
+    return passwordHash
+  }
+
+  async verifyPassword(dbUser: User, password: string): Promise<boolean> {
+    if (BigInt(password) !== (await this.encryptPassword(dbUser, dbUser.password.toString()))) {
+      return false
+    }
+    return true
+  }
+}
diff --git a/backend/src/password/EncryptorUtils.ts b/backend/src/password/EncryptorUtils.ts
new file mode 100644
index 000000000..6609ff075
--- /dev/null
+++ b/backend/src/password/EncryptorUtils.ts
@@ -0,0 +1,52 @@
+import CONFIG from '@/config'
+import { backendLogger as logger } from '@/server/logger'
+
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+const sodium = require('sodium-native')
+
+// We will reuse this for changePassword
+export const isValidPassword = (password: string): boolean => {
+  return !!password.match(/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[^a-zA-Z0-9 \\t\\n\\r]).{8,}$/)
+}
+
+export const SecretKeyCryptographyCreateKey = (salt: string, password: string): Buffer[] => {
+  logger.trace('SecretKeyCryptographyCreateKey...')
+  const configLoginAppSecret = Buffer.from(CONFIG.LOGIN_APP_SECRET, 'hex')
+  const configLoginServerKey = Buffer.from(CONFIG.LOGIN_SERVER_KEY, 'hex')
+  if (configLoginServerKey.length !== sodium.crypto_shorthash_KEYBYTES) {
+    logger.error(
+      `ServerKey has an invalid size. The size must be ${sodium.crypto_shorthash_KEYBYTES} bytes.`,
+    )
+    throw new Error(
+      `ServerKey has an invalid size. The size must be ${sodium.crypto_shorthash_KEYBYTES} bytes.`,
+    )
+  }
+
+  const state = Buffer.alloc(sodium.crypto_hash_sha512_STATEBYTES)
+  sodium.crypto_hash_sha512_init(state)
+  sodium.crypto_hash_sha512_update(state, Buffer.from(salt))
+  sodium.crypto_hash_sha512_update(state, configLoginAppSecret)
+  const hash = Buffer.alloc(sodium.crypto_hash_sha512_BYTES)
+  sodium.crypto_hash_sha512_final(state, hash)
+
+  const encryptionKey = Buffer.alloc(sodium.crypto_box_SEEDBYTES)
+  const opsLimit = 10
+  const memLimit = 33554432
+  const algo = 2
+  sodium.crypto_pwhash(
+    encryptionKey,
+    Buffer.from(password),
+    hash.slice(0, sodium.crypto_pwhash_SALTBYTES),
+    opsLimit,
+    memLimit,
+    algo,
+  )
+
+  const encryptionKeyHash = Buffer.alloc(sodium.crypto_shorthash_BYTES)
+  sodium.crypto_shorthash(encryptionKeyHash, encryptionKey, configLoginServerKey)
+
+  logger.debug(
+    `SecretKeyCryptographyCreateKey...successful: encryptionKeyHash= ${encryptionKeyHash}, encryptionKey= ${encryptionKey}`,
+  )
+  return [encryptionKeyHash, encryptionKey]
+}
diff --git a/backend/src/password/GradidoIDEncryptr.ts b/backend/src/password/GradidoIDEncryptr.ts
new file mode 100644
index 000000000..630bee056
--- /dev/null
+++ b/backend/src/password/GradidoIDEncryptr.ts
@@ -0,0 +1,19 @@
+import { User } from '@entity/User'
+import { SecretKeyCryptographyCreateKey } from './EncryptorUtils'
+import { PasswordEncryptr } from './PasswordEncryptr'
+
+export class GradidoIDEncryptr implements PasswordEncryptr {
+  async encryptPassword(dbUser: User, password: string): Promise<bigint> {
+    const keyBuffer = SecretKeyCryptographyCreateKey(dbUser.gradidoID, password) // return short and long hash
+    const passwordHash = keyBuffer[0].readBigUInt64LE()
+
+    return passwordHash
+  }
+
+  async verifyPassword(dbUser: User, password: string): Promise<boolean> {
+    if (BigInt(password) !== (await this.encryptPassword(dbUser, dbUser.password.toString()))) {
+      return false
+    }
+    return true
+  }
+}
diff --git a/backend/src/password/PasswordEncryptr.ts b/backend/src/password/PasswordEncryptr.ts
new file mode 100644
index 000000000..24d949be9
--- /dev/null
+++ b/backend/src/password/PasswordEncryptr.ts
@@ -0,0 +1,6 @@
+import { User } from '@entity/User'
+
+export interface PasswordEncryptr {
+  encryptPassword(dbUser: User, password: string): Promise<bigint>
+  verifyPassword(dbUser: User, password: string): Promise<boolean>
+}
diff --git a/database/migrations/0053-change_password_encryption b/database/migrations/0053-change_password_encryption.ts
similarity index 97%
rename from database/migrations/0053-change_password_encryption
rename to database/migrations/0053-change_password_encryption.ts
index 1b87e2511..5d880689f 100644
--- a/database/migrations/0053-change_password_encryption
+++ b/database/migrations/0053-change_password_encryption.ts
@@ -1,4 +1,4 @@
-/* MIGRATION TO ADD GRADIDO_ID
+/* MIGRATION TO ADD ENCRYPTION TO PASSWORDS
  *
  * This migration adds and renames columns to and in the table `users`
  */
@@ -35,4 +35,4 @@ export async function downgrade(queryFn: (query: string, values?: any[]) => Prom
   await queryFn('ALTER TABLE users ADD COLUMN email_hash binary(32) DEFAULT NULL;')
   await queryFn('ALTER TABLE users ADD COLUMN passphrase text DEFAULT NULL;')
   */
-}
\ No newline at end of file
+}

From 107cc016ba0064462ccde429699a1fb711f61508 Mon Sep 17 00:00:00 2001
From: joseji <chosejimenez@gmail.com>
Date: Tue, 15 Nov 2022 20:30:09 +0100
Subject: [PATCH 07/14] set up completed and working

---
 .../graphql/enum/PasswordEncryptionType.ts    |  4 +--
 .../src/graphql/resolver/UserResolver.test.ts |  1 +
 backend/src/password/EmailEncryptr.ts         | 19 ------------
 backend/src/password/EncryptorUtils.ts        | 14 +++++++++
 backend/src/password/GradidoIDEncryptr.ts     | 19 ------------
 backend/src/password/PasswordEncryptr.ts      | 30 +++++++++++++++++--
 backend/src/util/communityUser.ts             |  2 ++
 .../0053-change_password_encryption/User.ts   | 28 ++++++++---------
 .../UserContact.ts                            |  6 ----
 9 files changed, 60 insertions(+), 63 deletions(-)
 delete mode 100644 backend/src/password/EmailEncryptr.ts
 delete mode 100644 backend/src/password/GradidoIDEncryptr.ts

diff --git a/backend/src/graphql/enum/PasswordEncryptionType.ts b/backend/src/graphql/enum/PasswordEncryptionType.ts
index 4f23aa693..b3a00d748 100644
--- a/backend/src/graphql/enum/PasswordEncryptionType.ts
+++ b/backend/src/graphql/enum/PasswordEncryptionType.ts
@@ -1,8 +1,8 @@
 import { registerEnumType } from 'type-graphql'
 
 export enum PasswordEncryptionType {
-  EMAIL = 0,
-  ONE_TIME = 1,
+  NO_PASSWORD = 0,
+  EMAIL = 1,
   GRADIDO_ID = 2,
 }
 
diff --git a/backend/src/graphql/resolver/UserResolver.test.ts b/backend/src/graphql/resolver/UserResolver.test.ts
index cf4ad8d4b..791ed4c8e 100644
--- a/backend/src/graphql/resolver/UserResolver.test.ts
+++ b/backend/src/graphql/resolver/UserResolver.test.ts
@@ -146,6 +146,7 @@ describe('UserResolver', () => {
               publisherId: 1234,
               referrerId: null,
               contributionLinkId: null,
+              passwordEncryptionType: 1,
             },
           ])
           const valUUID = validateUUID(user[0].gradidoID)
diff --git a/backend/src/password/EmailEncryptr.ts b/backend/src/password/EmailEncryptr.ts
deleted file mode 100644
index 59098e207..000000000
--- a/backend/src/password/EmailEncryptr.ts
+++ /dev/null
@@ -1,19 +0,0 @@
-import { User } from '@entity/User'
-import { PasswordEncryptr } from './PasswordEncryptr'
-import { SecretKeyCryptographyCreateKey } from './EncryptorUtils'
-
-export class EmailEncryptr implements PasswordEncryptr {
-  async encryptPassword(dbUser: User, password: string): Promise<bigint> {
-    const keyBuffer = SecretKeyCryptographyCreateKey(dbUser.emailContact.email, password) // return short and long hash
-    const passwordHash = keyBuffer[0].readBigUInt64LE()
-
-    return passwordHash
-  }
-
-  async verifyPassword(dbUser: User, password: string): Promise<boolean> {
-    if (BigInt(password) !== (await this.encryptPassword(dbUser, dbUser.password.toString()))) {
-      return false
-    }
-    return true
-  }
-}
diff --git a/backend/src/password/EncryptorUtils.ts b/backend/src/password/EncryptorUtils.ts
index 6609ff075..5f6f4b416 100644
--- a/backend/src/password/EncryptorUtils.ts
+++ b/backend/src/password/EncryptorUtils.ts
@@ -1,5 +1,7 @@
 import CONFIG from '@/config'
 import { backendLogger as logger } from '@/server/logger'
+import { User } from '@entity/User'
+import { PasswordEncryptionType } from '@enum/PasswordEncryptionType'
 
 // eslint-disable-next-line @typescript-eslint/no-var-requires
 const sodium = require('sodium-native')
@@ -50,3 +52,15 @@ export const SecretKeyCryptographyCreateKey = (salt: string, password: string):
   )
   return [encryptionKeyHash, encryptionKey]
 }
+
+export const getBasicCryptographicKey = (dbUser: User): string | null => {
+  if (dbUser.passwordEncryptionType === PasswordEncryptionType.NO_PASSWORD) {
+    return null
+  } else if (dbUser.passwordEncryptionType === PasswordEncryptionType.EMAIL) {
+    return dbUser.emailContact.email
+  } else if (dbUser.passwordEncryptionType === PasswordEncryptionType.GRADIDO_ID) {
+    return dbUser.gradidoID
+  }
+
+  throw new Error(`Unknown password encryption type: ${dbUser.passwordEncryptionType}`)
+}
diff --git a/backend/src/password/GradidoIDEncryptr.ts b/backend/src/password/GradidoIDEncryptr.ts
deleted file mode 100644
index 630bee056..000000000
--- a/backend/src/password/GradidoIDEncryptr.ts
+++ /dev/null
@@ -1,19 +0,0 @@
-import { User } from '@entity/User'
-import { SecretKeyCryptographyCreateKey } from './EncryptorUtils'
-import { PasswordEncryptr } from './PasswordEncryptr'
-
-export class GradidoIDEncryptr implements PasswordEncryptr {
-  async encryptPassword(dbUser: User, password: string): Promise<bigint> {
-    const keyBuffer = SecretKeyCryptographyCreateKey(dbUser.gradidoID, password) // return short and long hash
-    const passwordHash = keyBuffer[0].readBigUInt64LE()
-
-    return passwordHash
-  }
-
-  async verifyPassword(dbUser: User, password: string): Promise<boolean> {
-    if (BigInt(password) !== (await this.encryptPassword(dbUser, dbUser.password.toString()))) {
-      return false
-    }
-    return true
-  }
-}
diff --git a/backend/src/password/PasswordEncryptr.ts b/backend/src/password/PasswordEncryptr.ts
index 24d949be9..24dc7f352 100644
--- a/backend/src/password/PasswordEncryptr.ts
+++ b/backend/src/password/PasswordEncryptr.ts
@@ -1,6 +1,30 @@
 import { User } from '@entity/User'
+import { logger } from '@test/testSetup'
+import { getBasicCryptographicKey, SecretKeyCryptographyCreateKey } from './EncryptorUtils'
 
-export interface PasswordEncryptr {
-  encryptPassword(dbUser: User, password: string): Promise<bigint>
-  verifyPassword(dbUser: User, password: string): Promise<boolean>
+export class PasswordEncryptr {
+  async encryptPassword(dbUser: User, password: string): Promise<bigint> {
+    const basicKey = getBasicCryptographicKey(dbUser)
+    if (!basicKey) logger.error('Password not set for user ' + dbUser.id)
+    else {
+      const keyBuffer = SecretKeyCryptographyCreateKey(basicKey, password) // return short and long hash
+      const passwordHash = keyBuffer[0].readBigUInt64LE()
+      return passwordHash
+    }
+
+    throw new Error('Password not set for user ' + dbUser.id) // user has no password
+  }
+
+  async verifyPassword(dbUser: User, password: string): Promise<boolean> {
+    const basicKey = getBasicCryptographicKey(dbUser)
+    if (!basicKey) logger.error('Password not set for user ' + dbUser.id)
+    else {
+      if (BigInt(password) !== (await this.encryptPassword(dbUser, dbUser.password.toString()))) {
+        return false
+      }
+      return true
+    }
+
+    throw new Error('Password not set for user ' + dbUser.id) // user has no password
+  }
 }
diff --git a/backend/src/util/communityUser.ts b/backend/src/util/communityUser.ts
index e885b7043..87d0432dc 100644
--- a/backend/src/util/communityUser.ts
+++ b/backend/src/util/communityUser.ts
@@ -26,6 +26,8 @@ const communityDbUser: dbUser = {
   isAdmin: null,
   publisherId: 0,
   passphrase: '',
+  // default password encryption type
+  passwordEncryptionType: 2,
   hasId: function (): boolean {
     throw new Error('Function not implemented.')
   },
diff --git a/database/entity/0053-change_password_encryption/User.ts b/database/entity/0053-change_password_encryption/User.ts
index bf2d02268..fac4e1031 100644
--- a/database/entity/0053-change_password_encryption/User.ts
+++ b/database/entity/0053-change_password_encryption/User.ts
@@ -34,20 +34,20 @@ export class User extends BaseEntity {
   })
   alias: string
 
-  /*
-    @Column({ name: 'public_key', type: 'binary', length: 32, default: null, nullable: true })
-    pubKey: Buffer
-    @Column({ name: 'privkey', type: 'binary', length: 80, default: null, nullable: true })
-    privKey: Buffer
-    @Column({
-      type: 'text',
-      name: 'passphrase',
-      collation: 'utf8mb4_unicode_ci',
-      nullable: true,
-      default: null,
-    })
-    passphrase: string
-    */
+  @Column({ name: 'public_key', type: 'binary', length: 32, default: null, nullable: true })
+  pubKey: Buffer
+
+  @Column({ name: 'privkey', type: 'binary', length: 80, default: null, nullable: true })
+  privKey: Buffer
+
+  @Column({
+    type: 'text',
+    name: 'passphrase',
+    collation: 'utf8mb4_unicode_ci',
+    nullable: true,
+    default: null,
+  })
+  passphrase: string
 
   @OneToOne(() => UserContact, (emailContact: UserContact) => emailContact.user)
   @JoinColumn({ name: 'email_id' })
diff --git a/database/entity/0053-change_password_encryption/UserContact.ts b/database/entity/0053-change_password_encryption/UserContact.ts
index 05bfdfffe..97b12d4cd 100644
--- a/database/entity/0053-change_password_encryption/UserContact.ts
+++ b/database/entity/0053-change_password_encryption/UserContact.ts
@@ -5,8 +5,6 @@ import {
   Column,
   DeleteDateColumn,
   OneToOne,
-  JoinColumn,
-  ManyToOne,
 } from 'typeorm'
 import { User } from './User'
 
@@ -59,8 +57,4 @@ export class UserContact extends BaseEntity {
 
   @DeleteDateColumn({ name: 'deleted_at', nullable: true })
   deletedAt: Date | null
-
-  @ManyToOne(() => User, (user) => user.userContacts)
-  @JoinColumn({ name: 'user_id' })
-  contactUser: User
 }

From 47d8469eb3292edbeeebcc4bb85273058b48afaf Mon Sep 17 00:00:00 2001
From: joseji <chosejimenez@gmail.com>
Date: Thu, 17 Nov 2022 13:38:16 +0100
Subject: [PATCH 08/14] new password implementation set up and test

---
 .../src/graphql/resolver/UserResolver.test.ts | 65 ++++++++++++++++-
 backend/src/graphql/resolver/UserResolver.ts  | 71 +++++--------------
 backend/src/password/PasswordEncryptr.ts      | 46 ++++++------
 backend/src/util/communityUser.ts             |  2 +-
 4 files changed, 103 insertions(+), 81 deletions(-)

diff --git a/backend/src/graphql/resolver/UserResolver.test.ts b/backend/src/graphql/resolver/UserResolver.test.ts
index 2d92e196c..d3bfb1c66 100644
--- a/backend/src/graphql/resolver/UserResolver.test.ts
+++ b/backend/src/graphql/resolver/UserResolver.test.ts
@@ -36,6 +36,10 @@ import { UserContact } from '@entity/UserContact'
 import { OptInType } from '../enum/OptInType'
 import { UserContactType } from '../enum/UserContactType'
 import { bobBaumeister } from '@/seeds/users/bob-baumeister'
+import { encryptPassword } from '@/password/PasswordEncryptr'
+import { PasswordEncryptionType } from '../enum/PasswordEncryptionType'
+import { find } from 'lodash'
+import { SecretKeyCryptographyCreateKey } from '@/password/EncryptorUtils'
 
 // import { klicktippSignIn } from '@/apis/KlicktippController'
 
@@ -491,7 +495,8 @@ describe('UserResolver', () => {
       })
 
       it('updates the password', () => {
-        expect(newUser.password).toEqual('3917921995996627700')
+        const encryptedPass = encryptPassword(newUser, 'Aa12345_')
+        expect(newUser.password.toString()).toEqual(encryptedPass.toString())
       })
 
       /*
@@ -1159,6 +1164,64 @@ describe('UserResolver', () => {
       })
     })
   })
+
+  describe('password encryption type', () => {
+    describe('user just registered', () => {
+      let bibi: User
+
+      it('password type should be gradido id', async () => {
+        const users = await User.find()
+        bibi = users[1]
+
+        expect(bibi).toEqual(
+          expect.objectContaining({
+            password: SecretKeyCryptographyCreateKey(bibi.gradidoID.toString(), 'Aa12345_')[0]
+              .readBigUInt64LE()
+              .toString(),
+            passwordEncryptionType: PasswordEncryptionType.GRADIDO_ID,
+          }),
+        )
+      })
+    })
+
+    describe('user has encryption type email', () => {
+      const variables = {
+        email: 'bibi@bloxberg.de',
+        password: 'Aa12345_',
+        publisherId: 1234,
+      }
+
+      let bibi: User
+      beforeAll(async () => {
+        const users = await User.find()
+        bibi = users[1]
+
+        bibi.passwordEncryptionType = PasswordEncryptionType.EMAIL
+        bibi.password = SecretKeyCryptographyCreateKey(
+          'bibi@bloxberg.de',
+          'Aa12345_',
+        )[0].readBigUInt64LE()
+
+        await bibi.save()
+      })
+
+      it('changes to gradidoID on login', async () => {
+        await mutate({ mutation: login, variables: variables })
+
+        const users = await User.find()
+        bibi = users[0]
+
+        expect(bibi).toEqual(
+          expect.objectContaining({
+            password: SecretKeyCryptographyCreateKey(bibi.gradidoID.toString(), 'Aa12345_')[0]
+              .readBigUInt64LE()
+              .toString(),
+            passwordEncryptionType: PasswordEncryptionType.GRADIDO_ID,
+          }),
+        )
+      })
+    })
+  })
 })
 
 describe('printTimeDuration', () => {
diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts
index 2287ede98..78f8a96f8 100644
--- a/backend/src/graphql/resolver/UserResolver.ts
+++ b/backend/src/graphql/resolver/UserResolver.ts
@@ -39,17 +39,15 @@ import { SearchAdminUsersResult } from '@model/AdminUser'
 import Paginated from '@arg/Paginated'
 import { Order } from '@enum/Order'
 import { v4 as uuidv4 } from 'uuid'
+import { isValidPassword, SecretKeyCryptographyCreateKey } from '@/password/EncryptorUtils'
+import { encryptPassword, verifyPassword } from '@/password/PasswordEncryptr'
+import { PasswordEncryptionType } from '../enum/PasswordEncryptionType'
 
 // eslint-disable-next-line @typescript-eslint/no-var-requires
 const sodium = require('sodium-native')
 // eslint-disable-next-line @typescript-eslint/no-var-requires
 const random = require('random-bigint')
 
-// We will reuse this for changePassword
-const isPassword = (password: string): boolean => {
-  return !!password.match(/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[^a-zA-Z0-9 \\t\\n\\r]).{8,}$/)
-}
-
 const LANGUAGES = ['de', 'en', 'es', 'fr', 'nl']
 const DEFAULT_LANGUAGE = 'de'
 const isLanguage = (language: string): boolean => {
@@ -106,48 +104,6 @@ const KeyPairEd25519Create = (passphrase: string[]): Buffer[] => {
   return [pubKey, privKey]
 }
 
-const SecretKeyCryptographyCreateKey = (salt: string, password: string): Buffer[] => {
-  logger.trace('SecretKeyCryptographyCreateKey...')
-  const configLoginAppSecret = Buffer.from(CONFIG.LOGIN_APP_SECRET, 'hex')
-  const configLoginServerKey = Buffer.from(CONFIG.LOGIN_SERVER_KEY, 'hex')
-  if (configLoginServerKey.length !== sodium.crypto_shorthash_KEYBYTES) {
-    logger.error(
-      `ServerKey has an invalid size. The size must be ${sodium.crypto_shorthash_KEYBYTES} bytes.`,
-    )
-    throw new Error(
-      `ServerKey has an invalid size. The size must be ${sodium.crypto_shorthash_KEYBYTES} bytes.`,
-    )
-  }
-
-  const state = Buffer.alloc(sodium.crypto_hash_sha512_STATEBYTES)
-  sodium.crypto_hash_sha512_init(state)
-  sodium.crypto_hash_sha512_update(state, Buffer.from(salt))
-  sodium.crypto_hash_sha512_update(state, configLoginAppSecret)
-  const hash = Buffer.alloc(sodium.crypto_hash_sha512_BYTES)
-  sodium.crypto_hash_sha512_final(state, hash)
-
-  const encryptionKey = Buffer.alloc(sodium.crypto_box_SEEDBYTES)
-  const opsLimit = 10
-  const memLimit = 33554432
-  const algo = 2
-  sodium.crypto_pwhash(
-    encryptionKey,
-    Buffer.from(password),
-    hash.slice(0, sodium.crypto_pwhash_SALTBYTES),
-    opsLimit,
-    memLimit,
-    algo,
-  )
-
-  const encryptionKeyHash = Buffer.alloc(sodium.crypto_shorthash_BYTES)
-  sodium.crypto_shorthash(encryptionKeyHash, encryptionKey, configLoginServerKey)
-
-  logger.debug(
-    `SecretKeyCryptographyCreateKey...successful: encryptionKeyHash= ${encryptionKeyHash}, encryptionKey= ${encryptionKey}`,
-  )
-  return [encryptionKeyHash, encryptionKey]
-}
-
 /*
 const getEmailHash = (email: string): Buffer => {
   logger.trace('getEmailHash...')
@@ -343,12 +299,16 @@ export class UserResolver {
       // TODO we want to catch this on the frontend and ask the user to check his emails or resend code
       throw new Error('User has no private or publicKey')
     }
-    const passwordHash = SecretKeyCryptographyCreateKey(email, password) // return short and long hash
-    const loginUserPassword = BigInt(dbUser.password.toString())
-    if (loginUserPassword !== passwordHash[0].readBigUInt64LE()) {
+
+    if (!verifyPassword(dbUser, password)) {
       logger.error('The User has no valid credentials.')
       throw new Error('No user with this credentials')
     }
+
+    if (dbUser.passwordEncryptionType !== PasswordEncryptionType.GRADIDO_ID) {
+      dbUser.passwordEncryptionType = PasswordEncryptionType.GRADIDO_ID
+      dbUser.password = encryptPassword(dbUser, password)
+    }
     // add pubKey in logger-context for layout-pattern X{user} to print it in each logging message
     logger.addContext('user', dbUser.id)
     logger.debug('validation of login credentials successful...')
@@ -623,7 +583,7 @@ export class UserResolver {
   ): Promise<boolean> {
     logger.info(`setPassword(${code}, ***)...`)
     // Validate Password
-    if (!isPassword(password)) {
+    if (!isValidPassword(password)) {
       logger.error('Password entered is lexically invalid')
       throw new Error(
         'Please enter a valid password with at least 8 characters, upper and lower case letters, at least one number and one special character!',
@@ -681,10 +641,11 @@ export class UserResolver {
     userContact.emailChecked = true
 
     // Update Password
+    user.passwordEncryptionType = PasswordEncryptionType.GRADIDO_ID
     const passwordHash = SecretKeyCryptographyCreateKey(userContact.email, password) // return short and long hash
     const keyPair = KeyPairEd25519Create(passphrase) // return pub, priv Key
     const encryptedPrivkey = SecretKeyCryptographyEncrypt(keyPair[1], passwordHash[1])
-    user.password = passwordHash[0].readBigUInt64LE() // using the shorthash
+    user.password = encryptPassword(user, password)
     user.pubKey = keyPair[0]
     user.privKey = encryptedPrivkey
     logger.debug('User credentials updated ...')
@@ -789,7 +750,7 @@ export class UserResolver {
 
     if (password && passwordNew) {
       // Validate Password
-      if (!isPassword(passwordNew)) {
+      if (!isValidPassword(passwordNew)) {
         logger.error('newPassword does not fullfil the rules')
         throw new Error(
           'Please enter a valid password with at least 8 characters, upper and lower case letters, at least one number and one special character!',
@@ -801,7 +762,7 @@ export class UserResolver {
         userEntity.emailContact.email,
         password,
       )
-      if (BigInt(userEntity.password.toString()) !== oldPasswordHash[0].readBigUInt64LE()) {
+      if (!verifyPassword(userEntity, password)) {
         logger.error(`Old password is invalid`)
         throw new Error(`Old password is invalid`)
       }
@@ -817,7 +778,7 @@ export class UserResolver {
       logger.debug('PrivateKey encrypted...')
 
       // Save new password hash and newly encrypted private key
-      userEntity.password = newPasswordHash[0].readBigUInt64LE()
+      userEntity.password = encryptPassword(userEntity, passwordNew)
       userEntity.privKey = encryptedPrivkey
     }
 
diff --git a/backend/src/password/PasswordEncryptr.ts b/backend/src/password/PasswordEncryptr.ts
index 24dc7f352..b8ef2de31 100644
--- a/backend/src/password/PasswordEncryptr.ts
+++ b/backend/src/password/PasswordEncryptr.ts
@@ -1,30 +1,28 @@
 import { User } from '@entity/User'
-import { logger } from '@test/testSetup'
+// import { logger } from '@test/testSetup' getting error "jest is not defined"
 import { getBasicCryptographicKey, SecretKeyCryptographyCreateKey } from './EncryptorUtils'
 
-export class PasswordEncryptr {
-  async encryptPassword(dbUser: User, password: string): Promise<bigint> {
-    const basicKey = getBasicCryptographicKey(dbUser)
-    if (!basicKey) logger.error('Password not set for user ' + dbUser.id)
-    else {
-      const keyBuffer = SecretKeyCryptographyCreateKey(basicKey, password) // return short and long hash
-      const passwordHash = keyBuffer[0].readBigUInt64LE()
-      return passwordHash
-    }
-
-    throw new Error('Password not set for user ' + dbUser.id) // user has no password
-  }
-
-  async verifyPassword(dbUser: User, password: string): Promise<boolean> {
-    const basicKey = getBasicCryptographicKey(dbUser)
-    if (!basicKey) logger.error('Password not set for user ' + dbUser.id)
-    else {
-      if (BigInt(password) !== (await this.encryptPassword(dbUser, dbUser.password.toString()))) {
-        return false
-      }
-      return true
-    }
-
+export const encryptPassword = (dbUser: User, password: string): bigint => {
+  const basicKey = getBasicCryptographicKey(dbUser)
+  if (!basicKey) {
+    // logger.error('Password not set for user ' + dbUser.id)
     throw new Error('Password not set for user ' + dbUser.id) // user has no password
+  } else {
+    const keyBuffer = SecretKeyCryptographyCreateKey(basicKey, password) // return short and long hash
+    const passwordHash = keyBuffer[0].readBigUInt64LE()
+    return passwordHash
+  }
+}
+
+export const verifyPassword = (dbUser: User, password: string): boolean => {
+  const basicKey = getBasicCryptographicKey(dbUser)
+  if (!basicKey) {
+    // logger.error('Password not set for user ' + dbUser.id)
+    throw new Error('Password not set for user ' + dbUser.id) // user has no password
+  } else {
+    if (dbUser.password.toString() !== encryptPassword(dbUser, password).toString()) {
+      return false
+    }
+    return true
   }
 }
diff --git a/backend/src/util/communityUser.ts b/backend/src/util/communityUser.ts
index 87d0432dc..9913418fb 100644
--- a/backend/src/util/communityUser.ts
+++ b/backend/src/util/communityUser.ts
@@ -27,7 +27,7 @@ const communityDbUser: dbUser = {
   publisherId: 0,
   passphrase: '',
   // default password encryption type
-  passwordEncryptionType: 2,
+  passwordEncryptionType: 0,
   hasId: function (): boolean {
     throw new Error('Function not implemented.')
   },

From 39d006351d8e6c04bdaa6b6025c9e7898c724326 Mon Sep 17 00:00:00 2001
From: joseji <chosejimenez@gmail.com>
Date: Thu, 17 Nov 2022 14:10:17 +0100
Subject: [PATCH 09/14] unused import added wrongly

---
 backend/src/graphql/resolver/UserResolver.test.ts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/backend/src/graphql/resolver/UserResolver.test.ts b/backend/src/graphql/resolver/UserResolver.test.ts
index d3bfb1c66..03aabfbb4 100644
--- a/backend/src/graphql/resolver/UserResolver.test.ts
+++ b/backend/src/graphql/resolver/UserResolver.test.ts
@@ -38,7 +38,6 @@ import { UserContactType } from '../enum/UserContactType'
 import { bobBaumeister } from '@/seeds/users/bob-baumeister'
 import { encryptPassword } from '@/password/PasswordEncryptr'
 import { PasswordEncryptionType } from '../enum/PasswordEncryptionType'
-import { find } from 'lodash'
 import { SecretKeyCryptographyCreateKey } from '@/password/EncryptorUtils'
 
 // import { klicktippSignIn } from '@/apis/KlicktippController'

From fc23fc9e87768e0fc5f5f57235261c18b4518f54 Mon Sep 17 00:00:00 2001
From: joseji <chosejimenez@gmail.com>
Date: Sun, 20 Nov 2022 18:14:43 +0100
Subject: [PATCH 10/14] fixes done

---
 .../src/graphql/resolver/UserResolver.test.ts |  6 ++--
 backend/src/graphql/resolver/UserResolver.ts  |  4 ++-
 backend/src/password/EncryptorUtils.ts        | 27 ++++++++++--------
 backend/src/password/PasswordEncryptor.ts     | 17 +++++++++++
 backend/src/password/PasswordEncryptr.ts      | 28 -------------------
 .../0053-change_password_encryption/User.ts   |  2 +-
 .../0053-change_password_encryption.ts        | 22 ++-------------
 7 files changed, 42 insertions(+), 64 deletions(-)
 create mode 100644 backend/src/password/PasswordEncryptor.ts
 delete mode 100644 backend/src/password/PasswordEncryptr.ts

diff --git a/backend/src/graphql/resolver/UserResolver.test.ts b/backend/src/graphql/resolver/UserResolver.test.ts
index 03aabfbb4..a3e2dbe21 100644
--- a/backend/src/graphql/resolver/UserResolver.test.ts
+++ b/backend/src/graphql/resolver/UserResolver.test.ts
@@ -36,7 +36,7 @@ import { UserContact } from '@entity/UserContact'
 import { OptInType } from '../enum/OptInType'
 import { UserContactType } from '../enum/UserContactType'
 import { bobBaumeister } from '@/seeds/users/bob-baumeister'
-import { encryptPassword } from '@/password/PasswordEncryptr'
+import { encryptPassword } from '@/password/PasswordEncryptor'
 import { PasswordEncryptionType } from '../enum/PasswordEncryptionType'
 import { SecretKeyCryptographyCreateKey } from '@/password/EncryptorUtils'
 
@@ -149,7 +149,7 @@ describe('UserResolver', () => {
               publisherId: 1234,
               referrerId: null,
               contributionLinkId: null,
-              passwordEncryptionType: 1,
+              passwordEncryptionType: PasswordEncryptionType.NO_PASSWORD,
             },
           ])
           const valUUID = validateUUID(user[0].gradidoID)
@@ -1168,7 +1168,7 @@ describe('UserResolver', () => {
     describe('user just registered', () => {
       let bibi: User
 
-      it('password type should be gradido id', async () => {
+      it('has password type gradido id', async () => {
         const users = await User.find()
         bibi = users[1]
 
diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts
index ef5edd747..a9006bbb6 100644
--- a/backend/src/graphql/resolver/UserResolver.ts
+++ b/backend/src/graphql/resolver/UserResolver.ts
@@ -40,7 +40,7 @@ import Paginated from '@arg/Paginated'
 import { Order } from '@enum/Order'
 import { v4 as uuidv4 } from 'uuid'
 import { isValidPassword, SecretKeyCryptographyCreateKey } from '@/password/EncryptorUtils'
-import { encryptPassword, verifyPassword } from '@/password/PasswordEncryptr'
+import { encryptPassword, verifyPassword } from '@/password/PasswordEncryptor'
 import { PasswordEncryptionType } from '../enum/PasswordEncryptionType'
 
 // eslint-disable-next-line @typescript-eslint/no-var-requires
@@ -432,6 +432,7 @@ export class UserResolver {
     dbUser.lastName = lastName
     dbUser.language = language
     dbUser.publisherId = publisherId
+    dbUser.passwordEncryptionType = PasswordEncryptionType.NO_PASSWORD
     dbUser.passphrase = passphrase.join(' ')
     logger.debug('new dbUser=' + dbUser)
     if (redeemCode) {
@@ -780,6 +781,7 @@ export class UserResolver {
       logger.debug('PrivateKey encrypted...')
 
       // Save new password hash and newly encrypted private key
+      userEntity.passwordEncryptionType = PasswordEncryptionType.GRADIDO_ID
       userEntity.password = encryptPassword(userEntity, passwordNew)
       userEntity.privKey = encryptedPrivkey
     }
diff --git a/backend/src/password/EncryptorUtils.ts b/backend/src/password/EncryptorUtils.ts
index 5f6f4b416..2ca47109d 100644
--- a/backend/src/password/EncryptorUtils.ts
+++ b/backend/src/password/EncryptorUtils.ts
@@ -47,20 +47,23 @@ export const SecretKeyCryptographyCreateKey = (salt: string, password: string):
   const encryptionKeyHash = Buffer.alloc(sodium.crypto_shorthash_BYTES)
   sodium.crypto_shorthash(encryptionKeyHash, encryptionKey, configLoginServerKey)
 
-  logger.debug(
-    `SecretKeyCryptographyCreateKey...successful: encryptionKeyHash= ${encryptionKeyHash}, encryptionKey= ${encryptionKey}`,
-  )
   return [encryptionKeyHash, encryptionKey]
 }
 
-export const getBasicCryptographicKey = (dbUser: User): string | null => {
-  if (dbUser.passwordEncryptionType === PasswordEncryptionType.NO_PASSWORD) {
-    return null
-  } else if (dbUser.passwordEncryptionType === PasswordEncryptionType.EMAIL) {
-    return dbUser.emailContact.email
-  } else if (dbUser.passwordEncryptionType === PasswordEncryptionType.GRADIDO_ID) {
-    return dbUser.gradidoID
+export const getUserCryptographicSalt = (dbUser: User): string => {
+  switch (dbUser.passwordEncryptionType) {
+    case PasswordEncryptionType.NO_PASSWORD: {
+      throw new Error('Password not set for user ' + dbUser.id) // user has no password
+    }
+    case PasswordEncryptionType.EMAIL: {
+      return dbUser.emailContact.email
+      break
+    }
+    case PasswordEncryptionType.GRADIDO_ID: {
+      return dbUser.gradidoID
+      break
+    }
+    default:
+      throw new Error(`Unknown password encryption type: ${dbUser.passwordEncryptionType}`)
   }
-
-  throw new Error(`Unknown password encryption type: ${dbUser.passwordEncryptionType}`)
 }
diff --git a/backend/src/password/PasswordEncryptor.ts b/backend/src/password/PasswordEncryptor.ts
new file mode 100644
index 000000000..2c6ebfb0f
--- /dev/null
+++ b/backend/src/password/PasswordEncryptor.ts
@@ -0,0 +1,17 @@
+import { User } from '@entity/User'
+// import { logger } from '@test/testSetup' getting error "jest is not defined"
+import { getUserCryptographicSalt, SecretKeyCryptographyCreateKey } from './EncryptorUtils'
+
+export const encryptPassword = (dbUser: User, password: string): bigint => {
+  const basicKey = getUserCryptographicSalt(dbUser)
+  const keyBuffer = SecretKeyCryptographyCreateKey(basicKey, password) // return short and long hash
+  const passwordHash = keyBuffer[0].readBigUInt64LE()
+  return passwordHash
+}
+
+export const verifyPassword = (dbUser: User, password: string): boolean => {
+  if (dbUser.password.toString() !== encryptPassword(dbUser, password).toString()) {
+    return false
+  }
+  return true
+}
diff --git a/backend/src/password/PasswordEncryptr.ts b/backend/src/password/PasswordEncryptr.ts
deleted file mode 100644
index b8ef2de31..000000000
--- a/backend/src/password/PasswordEncryptr.ts
+++ /dev/null
@@ -1,28 +0,0 @@
-import { User } from '@entity/User'
-// import { logger } from '@test/testSetup' getting error "jest is not defined"
-import { getBasicCryptographicKey, SecretKeyCryptographyCreateKey } from './EncryptorUtils'
-
-export const encryptPassword = (dbUser: User, password: string): bigint => {
-  const basicKey = getBasicCryptographicKey(dbUser)
-  if (!basicKey) {
-    // logger.error('Password not set for user ' + dbUser.id)
-    throw new Error('Password not set for user ' + dbUser.id) // user has no password
-  } else {
-    const keyBuffer = SecretKeyCryptographyCreateKey(basicKey, password) // return short and long hash
-    const passwordHash = keyBuffer[0].readBigUInt64LE()
-    return passwordHash
-  }
-}
-
-export const verifyPassword = (dbUser: User, password: string): boolean => {
-  const basicKey = getBasicCryptographicKey(dbUser)
-  if (!basicKey) {
-    // logger.error('Password not set for user ' + dbUser.id)
-    throw new Error('Password not set for user ' + dbUser.id) // user has no password
-  } else {
-    if (dbUser.password.toString() !== encryptPassword(dbUser, password).toString()) {
-      return false
-    }
-    return true
-  }
-}
diff --git a/database/entity/0053-change_password_encryption/User.ts b/database/entity/0053-change_password_encryption/User.ts
index fac4e1031..2a3332925 100644
--- a/database/entity/0053-change_password_encryption/User.ts
+++ b/database/entity/0053-change_password_encryption/User.ts
@@ -88,7 +88,7 @@ export class User extends BaseEntity {
     type: 'int',
     unsigned: true,
     nullable: false,
-    default: 1,
+    default: 0,
   })
   passwordEncryptionType: number
 
diff --git a/database/migrations/0053-change_password_encryption.ts b/database/migrations/0053-change_password_encryption.ts
index 5d880689f..0c8632186 100644
--- a/database/migrations/0053-change_password_encryption.ts
+++ b/database/migrations/0053-change_password_encryption.ts
@@ -1,6 +1,6 @@
-/* MIGRATION TO ADD ENCRYPTION TO PASSWORDS
+/* MIGRATION TO ADD ENCRYPTION TYPE TO PASSWORDS
  *
- * This migration adds and renames columns to and in the table `users`
+ * This migration adds and renames columns in the table `users`
  */
 
 /* eslint-disable @typescript-eslint/explicit-module-boundary-types */
@@ -11,28 +11,12 @@ export async function upgrade(queryFn: (query: string, values?: any[]) => Promis
   await queryFn('ALTER TABLE users RENAME COLUMN deletedAt TO deleted_at;')
   // alter table emp rename column emp_name to name
   await queryFn(
-    'ALTER TABLE users ADD COLUMN password_encryption_type int(10) NOT NULL DEFAULT 1 AFTER password;',
+    'ALTER TABLE users ADD COLUMN password_encryption_type int(10) NOT NULL DEFAULT 0 AFTER password;',
   )
-
-  // TODO these steps comes after verification and test
-  /*
-  await queryFn('ALTER TABLE users DROP COLUMN public_key;')
-  await queryFn('ALTER TABLE users DROP COLUMN privkey;')
-  await queryFn('ALTER TABLE users DROP COLUMN email_hash;')
-  await queryFn('ALTER TABLE users DROP COLUMN passphrase;')
-  */
 }
 
 export async function downgrade(queryFn: (query: string, values?: any[]) => Promise<Array<any>>) {
   await queryFn('ALTER TABLE users RENAME COLUMN created_at TO created;')
   await queryFn('ALTER TABLE users RENAME COLUMN deleted_at TO deletedAt;')
   await queryFn('ALTER TABLE users DROP COLUMN password_encryption_type;')
-
-  // TODO these steps comes after verification and test
-  /*
-  await queryFn('ALTER TABLE users ADD COLUMN public_key binary(32) DEFAULT NULL;')
-  await queryFn('ALTER TABLE users ADD COLUMN privkey binary(80) DEFAULT NULL;')
-  await queryFn('ALTER TABLE users ADD COLUMN email_hash binary(32) DEFAULT NULL;')
-  await queryFn('ALTER TABLE users ADD COLUMN passphrase text DEFAULT NULL;')
-  */
 }

From 3aeb9dd0f17e8abdaaec37258bdf6b6dd2b22950 Mon Sep 17 00:00:00 2001
From: joseji <chosejimenez@gmail.com>
Date: Tue, 22 Nov 2022 11:12:07 +0100
Subject: [PATCH 11/14] fixes added

---
 .../src/graphql/resolver/UserResolver.test.ts | 24 +++++++++++++++++++
 backend/src/password/EncryptorUtils.ts        |  2 ++
 backend/src/password/PasswordEncryptor.ts     |  4 ++--
 .../0053-change_password_encryption.ts        |  2 ++
 4 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/backend/src/graphql/resolver/UserResolver.test.ts b/backend/src/graphql/resolver/UserResolver.test.ts
index 4e05aadd6..377dfa131 100644
--- a/backend/src/graphql/resolver/UserResolver.test.ts
+++ b/backend/src/graphql/resolver/UserResolver.test.ts
@@ -39,6 +39,7 @@ import { bobBaumeister } from '@/seeds/users/bob-baumeister'
 import { encryptPassword } from '@/password/PasswordEncryptor'
 import { PasswordEncryptionType } from '../enum/PasswordEncryptionType'
 import { SecretKeyCryptographyCreateKey } from '@/password/EncryptorUtils'
+import { tokenToString } from 'typescript'
 
 // import { klicktippSignIn } from '@/apis/KlicktippController'
 
@@ -1220,6 +1221,29 @@ describe('UserResolver', () => {
           }),
         )
       })
+
+      it('can login after password change', async () => {
+        resetToken()
+        expect(await mutate({ mutation: login, variables: variables })).toEqual(
+          expect.objectContaining({
+            data: {
+              login: {
+                email: 'bibi@bloxberg.de',
+                firstName: 'Bibi',
+                hasElopage: false,
+                id: expect.any(Number),
+                isAdmin: null,
+                klickTipp: {
+                  newsletterState: false,
+                },
+                language: 'de',
+                lastName: 'Bloxberg',
+                publisherId: 1234,
+              },
+            },
+          }),
+        )
+      })
     })
   })
 })
diff --git a/backend/src/password/EncryptorUtils.ts b/backend/src/password/EncryptorUtils.ts
index 2ca47109d..971b6a32e 100644
--- a/backend/src/password/EncryptorUtils.ts
+++ b/backend/src/password/EncryptorUtils.ts
@@ -53,6 +53,7 @@ export const SecretKeyCryptographyCreateKey = (salt: string, password: string):
 export const getUserCryptographicSalt = (dbUser: User): string => {
   switch (dbUser.passwordEncryptionType) {
     case PasswordEncryptionType.NO_PASSWORD: {
+      logger.error('Password not set for user ' + dbUser.id)
       throw new Error('Password not set for user ' + dbUser.id) // user has no password
     }
     case PasswordEncryptionType.EMAIL: {
@@ -64,6 +65,7 @@ export const getUserCryptographicSalt = (dbUser: User): string => {
       break
     }
     default:
+      logger.error(`Unknown password encryption type: ${dbUser.passwordEncryptionType}`)
       throw new Error(`Unknown password encryption type: ${dbUser.passwordEncryptionType}`)
   }
 }
diff --git a/backend/src/password/PasswordEncryptor.ts b/backend/src/password/PasswordEncryptor.ts
index 2c6ebfb0f..3dc0736df 100644
--- a/backend/src/password/PasswordEncryptor.ts
+++ b/backend/src/password/PasswordEncryptor.ts
@@ -3,8 +3,8 @@ import { User } from '@entity/User'
 import { getUserCryptographicSalt, SecretKeyCryptographyCreateKey } from './EncryptorUtils'
 
 export const encryptPassword = (dbUser: User, password: string): bigint => {
-  const basicKey = getUserCryptographicSalt(dbUser)
-  const keyBuffer = SecretKeyCryptographyCreateKey(basicKey, password) // return short and long hash
+  const salt = getUserCryptographicSalt(dbUser)
+  const keyBuffer = SecretKeyCryptographyCreateKey(salt, password) // return short and long hash
   const passwordHash = keyBuffer[0].readBigUInt64LE()
   return passwordHash
 }
diff --git a/database/migrations/0053-change_password_encryption.ts b/database/migrations/0053-change_password_encryption.ts
index 0c8632186..635109430 100644
--- a/database/migrations/0053-change_password_encryption.ts
+++ b/database/migrations/0053-change_password_encryption.ts
@@ -13,6 +13,8 @@ export async function upgrade(queryFn: (query: string, values?: any[]) => Promis
   await queryFn(
     'ALTER TABLE users ADD COLUMN password_encryption_type int(10) NOT NULL DEFAULT 0 AFTER password;',
   )
+  await queryFn(`UPDATE users SET password_encryption_type = 1 WHERE id IN
+  (SELECT user_id FROM user_contacts WHERE email_checked = 1)`)
 }
 
 export async function downgrade(queryFn: (query: string, values?: any[]) => Promise<Array<any>>) {

From e55f516c512019b15081ad476278884b35631587 Mon Sep 17 00:00:00 2001
From: joseji <chosejimenez@gmail.com>
Date: Tue, 22 Nov 2022 11:19:42 +0100
Subject: [PATCH 12/14] removed unused import

---
 backend/src/graphql/resolver/UserResolver.test.ts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/backend/src/graphql/resolver/UserResolver.test.ts b/backend/src/graphql/resolver/UserResolver.test.ts
index 377dfa131..200ba8163 100644
--- a/backend/src/graphql/resolver/UserResolver.test.ts
+++ b/backend/src/graphql/resolver/UserResolver.test.ts
@@ -39,7 +39,6 @@ import { bobBaumeister } from '@/seeds/users/bob-baumeister'
 import { encryptPassword } from '@/password/PasswordEncryptor'
 import { PasswordEncryptionType } from '../enum/PasswordEncryptionType'
 import { SecretKeyCryptographyCreateKey } from '@/password/EncryptorUtils'
-import { tokenToString } from 'typescript'
 
 // import { klicktippSignIn } from '@/apis/KlicktippController'
 

From 60e3f628325b38cfd5798bf5ebbec00b6a95c99b Mon Sep 17 00:00:00 2001
From: joseji <chosejimenez@gmail.com>
Date: Wed, 23 Nov 2022 11:32:27 +0100
Subject: [PATCH 13/14] enum use on community user initialization

---
 backend/src/util/communityUser.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/src/util/communityUser.ts b/backend/src/util/communityUser.ts
index 9913418fb..298348f0f 100644
--- a/backend/src/util/communityUser.ts
+++ b/backend/src/util/communityUser.ts
@@ -1,5 +1,6 @@
 /* eslint-disable @typescript-eslint/no-unused-vars */
 
+import { PasswordEncryptionType } from '@/graphql/enum/PasswordEncryptionType'
 import { SaveOptions, RemoveOptions } from '@dbTools/typeorm'
 import { User as dbUser } from '@entity/User'
 import { UserContact } from '@entity/UserContact'
@@ -27,7 +28,7 @@ const communityDbUser: dbUser = {
   publisherId: 0,
   passphrase: '',
   // default password encryption type
-  passwordEncryptionType: 0,
+  passwordEncryptionType: PasswordEncryptionType.NO_PASSWORD,
   hasId: function (): boolean {
     throw new Error('Function not implemented.')
   },

From 2a74b924721257b239a0148ec7bd8b28e424a8d5 Mon Sep 17 00:00:00 2001
From: joseji <chosejimenez@gmail.com>
Date: Thu, 24 Nov 2022 11:21:47 +0100
Subject: [PATCH 14/14] user saving on db

---
 .../src/graphql/resolver/UserResolver.test.ts    | 16 +++++++++++-----
 backend/src/graphql/resolver/UserResolver.ts     |  1 +
 backend/src/password/PasswordEncryptor.ts        |  5 +----
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/backend/src/graphql/resolver/UserResolver.test.ts b/backend/src/graphql/resolver/UserResolver.test.ts
index 200ba8163..d8472fba9 100644
--- a/backend/src/graphql/resolver/UserResolver.test.ts
+++ b/backend/src/graphql/resolver/UserResolver.test.ts
@@ -1193,9 +1193,11 @@ describe('UserResolver', () => {
 
       let bibi: User
       beforeAll(async () => {
-        const users = await User.find()
-        bibi = users[1]
-
+        const usercontact = await UserContact.findOneOrFail(
+          { email: 'bibi@bloxberg.de' },
+          { relations: ['user'] },
+        )
+        bibi = usercontact.user
         bibi.passwordEncryptionType = PasswordEncryptionType.EMAIL
         bibi.password = SecretKeyCryptographyCreateKey(
           'bibi@bloxberg.de',
@@ -1208,11 +1210,15 @@ describe('UserResolver', () => {
       it('changes to gradidoID on login', async () => {
         await mutate({ mutation: login, variables: variables })
 
-        const users = await User.find()
-        bibi = users[0]
+        const usercontact = await UserContact.findOneOrFail(
+          { email: 'bibi@bloxberg.de' },
+          { relations: ['user'] },
+        )
+        bibi = usercontact.user
 
         expect(bibi).toEqual(
           expect.objectContaining({
+            firstName: 'Bibi',
             password: SecretKeyCryptographyCreateKey(bibi.gradidoID.toString(), 'Aa12345_')[0]
               .readBigUInt64LE()
               .toString(),
diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts
index b376c632f..752c585fd 100644
--- a/backend/src/graphql/resolver/UserResolver.ts
+++ b/backend/src/graphql/resolver/UserResolver.ts
@@ -311,6 +311,7 @@ export class UserResolver {
     if (dbUser.passwordEncryptionType !== PasswordEncryptionType.GRADIDO_ID) {
       dbUser.passwordEncryptionType = PasswordEncryptionType.GRADIDO_ID
       dbUser.password = encryptPassword(dbUser, password)
+      await dbUser.save()
     }
     // add pubKey in logger-context for layout-pattern X{user} to print it in each logging message
     logger.addContext('user', dbUser.id)
diff --git a/backend/src/password/PasswordEncryptor.ts b/backend/src/password/PasswordEncryptor.ts
index 3dc0736df..1735106c1 100644
--- a/backend/src/password/PasswordEncryptor.ts
+++ b/backend/src/password/PasswordEncryptor.ts
@@ -10,8 +10,5 @@ export const encryptPassword = (dbUser: User, password: string): bigint => {
 }
 
 export const verifyPassword = (dbUser: User, password: string): boolean => {
-  if (dbUser.password.toString() !== encryptPassword(dbUser, password).toString()) {
-    return false
-  }
-  return true
+  return dbUser.password.toString() === encryptPassword(dbUser, password).toString()
 }