Home Explore Help
Register Sign In
Apq
/
docker-compose
mirror of https://github.com/docker/compose.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: bba9e055af
Branches Tags
docker-compose
/
azure
/
login
/
login_test.go

login_test.go 13 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375 
  1. /*
    2. 

  2.    Copyright 2020 Docker, Inc.
    3. 

  3. 

  4.    Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5.    you may not use this file except in compliance with the License.
    6. 

  6.    You may obtain a copy of the License at
    7. 

  7. 

  8.        http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10.    Unless required by applicable law or agreed to in writing, software
    11. 

  11.    distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12.    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13.    See the License for the specific language governing permissions and
    14. 

  14.    limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package login
    18. 

  18. 

  19. import (
    20. 

  20. 	"context"
    21. 

  21. 	"io/ioutil"
    22. 

  22. 	"net/http"
    23. 

  23. 	"net/url"
    24. 

  24. 	"os"
    25. 

  25. 	"path/filepath"
    26. 

  26. 	"reflect"
    27. 

  27. 	"testing"
    28. 

  28. 	"time"
    29. 

  29. 

  30. 	"github.com/stretchr/testify/mock"
    31. 

  31. 	"github.com/stretchr/testify/suite"
    32. 

  32. 

  33. 	"golang.org/x/oauth2"
    34. 

  34. 

  35. 	. "github.com/onsi/gomega"
    36. 

  36. )
    37. 

  37. 

  38. type LoginSuite struct {
    39. 

  39. 	suite.Suite
    40. 

  40. 	dir        string
    41. 

  41. 	mockHelper *MockAzureHelper
    42. 

  42. 	azureLogin AzureLoginService
    43. 

  43. }
    44. 

  44. 

  45. func (suite *LoginSuite) BeforeTest(suiteName, testName string) {
    46. 

  46. 	dir, err := ioutil.TempDir("", "test_store")
    47. 

  47. 	Expect(err).To(BeNil())
    48. 

  48. 

  49. 	suite.dir = dir
    50. 

  50. 	suite.mockHelper = &MockAzureHelper{}
    51. 

  51. 	suite.azureLogin, err = newAzureLoginServiceFromPath(filepath.Join(dir, tokenStoreFilename), suite.mockHelper)
    52. 

  52. 	Expect(err).To(BeNil())
    53. 

  53. }
    54. 

  54. 

  55. func (suite *LoginSuite) AfterTest(suiteName, testName string) {
    56. 

  56. 	err := os.RemoveAll(suite.dir)
    57. 

  57. 	Expect(err).To(BeNil())
    58. 

  58. }
    59. 

  59. 

  60. func (suite *LoginSuite) TestRefreshInValidToken() {
    61. 

  61. 	data := refreshTokenData("refreshToken")
    62. 

  62. 	suite.mockHelper.On("queryToken", data, "123456").Return(azureToken{
    63. 

  63. 		RefreshToken: "newRefreshToken",
    64. 

  64. 		AccessToken:  "newAccessToken",
    65. 

  65. 		ExpiresIn:    3600,
    66. 

  66. 		Foci:         "1",
    67. 

  67. 	}, nil)
    68. 

  68. 

  69. 	azureLogin, err := newAzureLoginServiceFromPath(filepath.Join(suite.dir, tokenStoreFilename), suite.mockHelper)
    70. 

  70. 	Expect(err).To(BeNil())
    71. 

  71. 	suite.azureLogin = azureLogin
    72. 

  72. 	err = suite.azureLogin.tokenStore.writeLoginInfo(TokenInfo{
    73. 

  73. 		TenantID: "123456",
    74. 

  74. 		Token: oauth2.Token{
    75. 

  75. 			AccessToken:  "accessToken",
    76. 

  76. 			RefreshToken: "refreshToken",
    77. 

  77. 			Expiry:       time.Now().Add(-1 * time.Hour),
    78. 

  78. 			TokenType:    "Bearer",
    79. 

  79. 		},
    80. 

  80. 	})
    81. 

  81. 	Expect(err).To(BeNil())
    82. 

  82. 

  83. 	token, _ := suite.azureLogin.GetValidToken()
    84. 

  84. 

  85. 	Expect(token.AccessToken).To(Equal("newAccessToken"))
    86. 

  86. 	Expect(token.Expiry).To(BeTemporally(">", time.Now().Add(3500*time.Second)))
    87. 

  87. 

  88. 	storedToken, _ := suite.azureLogin.tokenStore.readToken()
    89. 

  89. 	Expect(storedToken.Token.AccessToken).To(Equal("newAccessToken"))
    90. 

  90. 	Expect(storedToken.Token.RefreshToken).To(Equal("newRefreshToken"))
    91. 

  91. 	Expect(storedToken.Token.Expiry).To(BeTemporally(">", time.Now().Add(3500*time.Second)))
    92. 

  92. }
    93. 

  93. 

  94. func (suite *LoginSuite) TestClearErrorMessageIfNotAlreadyLoggedIn() {
    95. 

  95. 	_, err := newAuthorizerFromLoginStorePath(filepath.Join(suite.dir, tokenStoreFilename))
    96. 

  96. 	Expect(err.Error()).To(ContainSubstring("not logged in to azure, you need to run \"docker login azure\" first"))
    97. 

  97. }
    98. 

  98. 

  99. func (suite *LoginSuite) TestDoesNotRefreshValidToken() {
    100. 

  100. 	expiryDate := time.Now().Add(1 * time.Hour)
    101. 

  101. 	err := suite.azureLogin.tokenStore.writeLoginInfo(TokenInfo{
    102. 

  102. 		TenantID: "123456",
    103. 

  103. 		Token: oauth2.Token{
    104. 

  104. 			AccessToken:  "accessToken",
    105. 

  105. 			RefreshToken: "refreshToken",
    106. 

  106. 			Expiry:       expiryDate,
    107. 

  107. 			TokenType:    "Bearer",
    108. 

  108. 		},
    109. 

  109. 	})
    110. 

  110. 	Expect(err).To(BeNil())
    111. 

  111. 

  112. 	token, _ := suite.azureLogin.GetValidToken()
    113. 

  113. 

  114. 	Expect(suite.mockHelper.Calls).To(BeEmpty())
    115. 

  115. 	Expect(token.AccessToken).To(Equal("accessToken"))
    116. 

  116. }
    117. 

  117. 

  118. func (suite *LoginSuite) TestInvalidLogin() {
    119. 

  119. 	suite.mockHelper.On("openAzureLoginPage", mock.AnythingOfType("string")).Run(func(args mock.Arguments) {
    120. 

  120. 		redirectURL := args.Get(0).(string)
    121. 

  121. 		err := queryKeyValue(redirectURL, "error", "access denied: login failed")
    122. 

  122. 		Expect(err).To(BeNil())
    123. 

  123. 	})
    124. 

  124. 

  125. 	azureLogin, err := newAzureLoginServiceFromPath(filepath.Join(suite.dir, tokenStoreFilename), suite.mockHelper)
    126. 

  126. 	Expect(err).To(BeNil())
    127. 

  127. 

  128. 	err = azureLogin.Login(context.TODO(), "")
    129. 

  129. 	Expect(err.Error()).To(BeEquivalentTo("no login code: login failed"))
    130. 

  130. }
    131. 

  131. 

  132. func (suite *LoginSuite) TestValidLogin() {
    133. 

  133. 	var redirectURL string
    134. 

  134. 	suite.mockHelper.On("openAzureLoginPage", mock.AnythingOfType("string")).Run(func(args mock.Arguments) {
    135. 

  135. 		redirectURL = args.Get(0).(string)
    136. 

  136. 		err := queryKeyValue(redirectURL, "code", "123456879")
    137. 

  137. 		Expect(err).To(BeNil())
    138. 

  138. 	})
    139. 

  139. 

  140. 	suite.mockHelper.On("queryToken", mock.MatchedBy(func(data url.Values) bool {
    141. 

  141. 		//Need a matcher here because the value of redirectUrl is not known until executing openAzureLoginPage
    142. 

  142. 		return reflect.DeepEqual(data, url.Values{
    143. 

  143. 			"grant_type":   []string{"authorization_code"},
    144. 

  144. 			"client_id":    []string{clientID},
    145. 

  145. 			"code":         []string{"123456879"},
    146. 

  146. 			"scope":        []string{scopes},
    147. 

  147. 			"redirect_uri": []string{redirectURL},
    148. 

  148. 		})
    149. 

  149. 	}), "organizations").Return(azureToken{
    150. 

  150. 		RefreshToken: "firstRefreshToken",
    151. 

  151. 		AccessToken:  "firstAccessToken",
    152. 

  152. 		ExpiresIn:    3600,
    153. 

  153. 		Foci:         "1",
    154. 

  154. 	}, nil)
    155. 

  155. 

  156. 	authBody := `{"value":[{"id":"/tenants/12345a7c-c56d-43e8-9549-dd230ce8a038","tenantId":"12345a7c-c56d-43e8-9549-dd230ce8a038"}]}`
    157. 

  157. 

  158. 	suite.mockHelper.On("queryAuthorizationAPI", authorizationURL, "Bearer firstAccessToken").Return([]byte(authBody), 200, nil)
    159. 

  159. 	data := refreshTokenData("firstRefreshToken")
    160. 

  160. 	suite.mockHelper.On("queryToken", data, "12345a7c-c56d-43e8-9549-dd230ce8a038").Return(azureToken{
    161. 

  161. 		RefreshToken: "newRefreshToken",
    162. 

  162. 		AccessToken:  "newAccessToken",
    163. 

  163. 		ExpiresIn:    3600,
    164. 

  164. 		Foci:         "1",
    165. 

  165. 	}, nil)
    166. 

  166. 	azureLogin, err := newAzureLoginServiceFromPath(filepath.Join(suite.dir, tokenStoreFilename), suite.mockHelper)
    167. 

  167. 	Expect(err).To(BeNil())
    168. 

  168. 

  169. 	err = azureLogin.Login(context.TODO(), "")
    170. 

  170. 	Expect(err).To(BeNil())
    171. 

  171. 

  172. 	loginToken, err := suite.azureLogin.tokenStore.readToken()
    173. 

  173. 	Expect(err).To(BeNil())
    174. 

  174. 	Expect(loginToken.Token.AccessToken).To(Equal("newAccessToken"))
    175. 

  175. 	Expect(loginToken.Token.RefreshToken).To(Equal("newRefreshToken"))
    176. 

  176. 	Expect(loginToken.Token.Expiry).To(BeTemporally(">", time.Now().Add(3500*time.Second)))
    177. 

  177. 	Expect(loginToken.TenantID).To(Equal("12345a7c-c56d-43e8-9549-dd230ce8a038"))
    178. 

  178. 	Expect(loginToken.Token.Type()).To(Equal("Bearer"))
    179. 

  179. }
    180. 

  180. 

  181. func (suite *LoginSuite) TestValidLoginRequestedTenant() {
    182. 

  182. 	var redirectURL string
    183. 

  183. 	suite.mockHelper.On("openAzureLoginPage", mock.AnythingOfType("string")).Run(func(args mock.Arguments) {
    184. 

  184. 		redirectURL = args.Get(0).(string)
    185. 

  185. 		err := queryKeyValue(redirectURL, "code", "123456879")
    186. 

  186. 		Expect(err).To(BeNil())
    187. 

  187. 	})
    188. 

  188. 

  189. 	suite.mockHelper.On("queryToken", mock.MatchedBy(func(data url.Values) bool {
    190. 

  190. 		//Need a matcher here because the value of redirectUrl is not known until executing openAzureLoginPage
    191. 

  191. 		return reflect.DeepEqual(data, url.Values{
    192. 

  192. 			"grant_type":   []string{"authorization_code"},
    193. 

  193. 			"client_id":    []string{clientID},
    194. 

  194. 			"code":         []string{"123456879"},
    195. 

  195. 			"scope":        []string{scopes},
    196. 

  196. 			"redirect_uri": []string{redirectURL},
    197. 

  197. 		})
    198. 

  198. 	}), "organizations").Return(azureToken{
    199. 

  199. 		RefreshToken: "firstRefreshToken",
    200. 

  200. 		AccessToken:  "firstAccessToken",
    201. 

  201. 		ExpiresIn:    3600,
    202. 

  202. 		Foci:         "1",
    203. 

  203. 	}, nil)
    204. 

  204. 

  205. 	authBody := `{"value":[{"id":"/tenants/00000000-c56d-43e8-9549-dd230ce8a038","tenantId":"00000000-c56d-43e8-9549-dd230ce8a038"},
    206. 

  206. 						   {"id":"/tenants/12345a7c-c56d-43e8-9549-dd230ce8a038","tenantId":"12345a7c-c56d-43e8-9549-dd230ce8a038"}]}`
    207. 

  207. 

  208. 	suite.mockHelper.On("queryAuthorizationAPI", authorizationURL, "Bearer firstAccessToken").Return([]byte(authBody), 200, nil)
    209. 

  209. 	data := refreshTokenData("firstRefreshToken")
    210. 

  210. 	suite.mockHelper.On("queryToken", data, "12345a7c-c56d-43e8-9549-dd230ce8a038").Return(azureToken{
    211. 

  211. 		RefreshToken: "newRefreshToken",
    212. 

  212. 		AccessToken:  "newAccessToken",
    213. 

  213. 		ExpiresIn:    3600,
    214. 

  214. 		Foci:         "1",
    215. 

  215. 	}, nil)
    216. 

  216. 	azureLogin, err := newAzureLoginServiceFromPath(filepath.Join(suite.dir, tokenStoreFilename), suite.mockHelper)
    217. 

  217. 	Expect(err).To(BeNil())
    218. 

  218. 

  219. 	err = azureLogin.Login(context.TODO(), "12345a7c-c56d-43e8-9549-dd230ce8a038")
    220. 

  220. 	Expect(err).To(BeNil())
    221. 

  221. 

  222. 	loginToken, err := suite.azureLogin.tokenStore.readToken()
    223. 

  223. 	Expect(err).To(BeNil())
    224. 

  224. 	Expect(loginToken.Token.AccessToken).To(Equal("newAccessToken"))
    225. 

  225. 	Expect(loginToken.Token.RefreshToken).To(Equal("newRefreshToken"))
    226. 

  226. 	Expect(loginToken.Token.Expiry).To(BeTemporally(">", time.Now().Add(3500*time.Second)))
    227. 

  227. 	Expect(loginToken.TenantID).To(Equal("12345a7c-c56d-43e8-9549-dd230ce8a038"))
    228. 

  228. 	Expect(loginToken.Token.Type()).To(Equal("Bearer"))
    229. 

  229. }
    230. 

  230. 

  231. func (suite *LoginSuite) TestLoginNoTenant() {
    232. 

  232. 	var redirectURL string
    233. 

  233. 	suite.mockHelper.On("openAzureLoginPage", mock.AnythingOfType("string")).Run(func(args mock.Arguments) {
    234. 

  234. 		redirectURL = args.Get(0).(string)
    235. 

  235. 		err := queryKeyValue(redirectURL, "code", "123456879")
    236. 

  236. 		Expect(err).To(BeNil())
    237. 

  237. 	})
    238. 

  238. 

  239. 	suite.mockHelper.On("queryToken", mock.MatchedBy(func(data url.Values) bool {
    240. 

  240. 		//Need a matcher here because the value of redirectUrl is not known until executing openAzureLoginPage
    241. 

  241. 		return reflect.DeepEqual(data, url.Values{
    242. 

  242. 			"grant_type":   []string{"authorization_code"},
    243. 

  243. 			"client_id":    []string{clientID},
    244. 

  244. 			"code":         []string{"123456879"},
    245. 

  245. 			"scope":        []string{scopes},
    246. 

  246. 			"redirect_uri": []string{redirectURL},
    247. 

  247. 		})
    248. 

  248. 	}), "organizations").Return(azureToken{
    249. 

  249. 		RefreshToken: "firstRefreshToken",
    250. 

  250. 		AccessToken:  "firstAccessToken",
    251. 

  251. 		ExpiresIn:    3600,
    252. 

  252. 		Foci:         "1",
    253. 

  253. 	}, nil)
    254. 

  254. 

  255. 	authBody := `{"value":[{"id":"/tenants/12345a7c-c56d-43e8-9549-dd230ce8a038","tenantId":"12345a7c-c56d-43e8-9549-dd230ce8a038"}]}`
    256. 

  256. 	suite.mockHelper.On("queryAuthorizationAPI", authorizationURL, "Bearer firstAccessToken").Return([]byte(authBody), 200, nil)
    257. 

  257. 

  258. 	azureLogin, err := newAzureLoginServiceFromPath(filepath.Join(suite.dir, tokenStoreFilename), suite.mockHelper)
    259. 

  259. 	Expect(err).To(BeNil())
    260. 

  260. 

  261. 	err = azureLogin.Login(context.TODO(), "00000000-c56d-43e8-9549-dd230ce8a038")
    262. 

  262. 	Expect(err.Error()).To(BeEquivalentTo("could not find requested azure tenant 00000000-c56d-43e8-9549-dd230ce8a038: login failed"))
    263. 

  263. }
    264. 

  264. 

  265. func (suite *LoginSuite) TestLoginRequestedTenantNotFound() {
    266. 

  266. 	var redirectURL string
    267. 

  267. 	suite.mockHelper.On("openAzureLoginPage", mock.AnythingOfType("string")).Run(func(args mock.Arguments) {
    268. 

  268. 		redirectURL = args.Get(0).(string)
    269. 

  269. 		err := queryKeyValue(redirectURL, "code", "123456879")
    270. 

  270. 		Expect(err).To(BeNil())
    271. 

  271. 	})
    272. 

  272. 

  273. 	suite.mockHelper.On("queryToken", mock.MatchedBy(func(data url.Values) bool {
    274. 

  274. 		//Need a matcher here because the value of redirectUrl is not known until executing openAzureLoginPage
    275. 

  275. 		return reflect.DeepEqual(data, url.Values{
    276. 

  276. 			"grant_type":   []string{"authorization_code"},
    277. 

  277. 			"client_id":    []string{clientID},
    278. 

  278. 			"code":         []string{"123456879"},
    279. 

  279. 			"scope":        []string{scopes},
    280. 

  280. 			"redirect_uri": []string{redirectURL},
    281. 

  281. 		})
    282. 

  282. 	}), "organizations").Return(azureToken{
    283. 

  283. 		RefreshToken: "firstRefreshToken",
    284. 

  284. 		AccessToken:  "firstAccessToken",
    285. 

  285. 		ExpiresIn:    3600,
    286. 

  286. 		Foci:         "1",
    287. 

  287. 	}, nil)
    288. 

  288. 

  289. 	authBody := `{"value":[]}`
    290. 

  290. 	suite.mockHelper.On("queryAuthorizationAPI", authorizationURL, "Bearer firstAccessToken").Return([]byte(authBody), 200, nil)
    291. 

  291. 

  292. 	azureLogin, err := newAzureLoginServiceFromPath(filepath.Join(suite.dir, tokenStoreFilename), suite.mockHelper)
    293. 

  293. 	Expect(err).To(BeNil())
    294. 

  294. 

  295. 	err = azureLogin.Login(context.TODO(), "")
    296. 

  296. 	Expect(err.Error()).To(BeEquivalentTo("could not find azure tenant: login failed"))
    297. 

  297. }
    298. 

  298. 

  299. func (suite *LoginSuite) TestLoginAuthorizationFailed() {
    300. 

  300. 	var redirectURL string
    301. 

  301. 	suite.mockHelper.On("openAzureLoginPage", mock.AnythingOfType("string")).Run(func(args mock.Arguments) {
    302. 

  302. 		redirectURL = args.Get(0).(string)
    303. 

  303. 		err := queryKeyValue(redirectURL, "code", "123456879")
    304. 

  304. 		Expect(err).To(BeNil())
    305. 

  305. 	})
    306. 

  306. 

  307. 	suite.mockHelper.On("queryToken", mock.MatchedBy(func(data url.Values) bool {
    308. 

  308. 		//Need a matcher here because the value of redirectUrl is not known until executing openAzureLoginPage
    309. 

  309. 		return reflect.DeepEqual(data, url.Values{
    310. 

  310. 			"grant_type":   []string{"authorization_code"},
    311. 

  311. 			"client_id":    []string{clientID},
    312. 

  312. 			"code":         []string{"123456879"},
    313. 

  313. 			"scope":        []string{scopes},
    314. 

  314. 			"redirect_uri": []string{redirectURL},
    315. 

  315. 		})
    316. 

  316. 	}), "organizations").Return(azureToken{
    317. 

  317. 		RefreshToken: "firstRefreshToken",
    318. 

  318. 		AccessToken:  "firstAccessToken",
    319. 

  319. 		ExpiresIn:    3600,
    320. 

  320. 		Foci:         "1",
    321. 

  321. 	}, nil)
    322. 

  322. 

  323. 	authBody := `[access denied]`
    324. 

  324. 

  325. 	suite.mockHelper.On("queryAuthorizationAPI", authorizationURL, "Bearer firstAccessToken").Return([]byte(authBody), 400, nil)
    326. 

  326. 

  327. 	azureLogin, err := newAzureLoginServiceFromPath(filepath.Join(suite.dir, tokenStoreFilename), suite.mockHelper)
    328. 

  328. 	Expect(err).To(BeNil())
    329. 

  329. 

  330. 	err = azureLogin.Login(context.TODO(), "")
    331. 

  331. 	Expect(err.Error()).To(BeEquivalentTo("unable to login status code 400: [access denied]: login failed"))
    332. 

  332. }
    333. 

  333. 

  334. func refreshTokenData(refreshToken string) url.Values {
    335. 

  335. 	return url.Values{
    336. 

  336. 		"grant_type":    []string{"refresh_token"},
    337. 

  337. 		"client_id":     []string{clientID},
    338. 

  338. 		"scope":         []string{scopes},
    339. 

  339. 		"refresh_token": []string{refreshToken},
    340. 

  340. 	}
    341. 

  341. }
    342. 

  342. 

  343. func queryKeyValue(redirectURL string, key string, value string) error {
    344. 

  344. 	req, err := http.NewRequest("GET", redirectURL, nil)
    345. 

  345. 	Expect(err).To(BeNil())
    346. 

  346. 	q := req.URL.Query()
    347. 

  347. 	q.Add(key, value)
    348. 

  348. 	req.URL.RawQuery = q.Encode()
    349. 

  349. 	client := &http.Client{}
    350. 

  350. 	_, err = client.Do(req)
    351. 

  351. 	return err
    352. 

  352. }
    353. 

  353. 

  354. func TestLoginSuite(t *testing.T) {
    355. 

  355. 	RegisterTestingT(t)
    356. 

  356. 	suite.Run(t, new(LoginSuite))
    357. 

  357. }
    358. 

  358. 

  359. type MockAzureHelper struct {
    360. 

  360. 	mock.Mock
    361. 

  361. }
    362. 

  362. 

  363. func (s *MockAzureHelper) queryToken(data url.Values, tenantID string) (token azureToken, err error) {
    364. 

  364. 	args := s.Called(data, tenantID)
    365. 

  365. 	return args.Get(0).(azureToken), args.Error(1)
    366. 

  366. }
    367. 

  367. 

  368. func (s *MockAzureHelper) queryAuthorizationAPI(authorizationURL string, authorizationHeader string) ([]byte, int, error) {
    369. 

  369. 	args := s.Called(authorizationURL, authorizationHeader)
    370. 

  370. 	return args.Get(0).([]byte), args.Int(1), args.Error(2)
    371. 

  371. }
    372. 

  372. 

  373. func (s *MockAzureHelper) openAzureLoginPage(redirectURL string) {
    374. 

  374. 	s.Called(redirectURL)
    375. 

  375. }
    376.