From e3511df4f8b47349cf63e8bd21257a22361e7e25 Mon Sep 17 00:00:00 2001
From: fit2cloud-jiangweidong
 <80373698+fit2cloud-jiangweidong@users.noreply.github.com>
Date: Wed, 28 Apr 2021 19:25:30 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E7=AE=A1=E7=90=86=E5=91=98=E5=8F=AF?=
 =?UTF-8?q?=E4=BB=A5=E8=AE=BE=E7=BD=AE=E7=94=A8=E6=88=B7=E6=98=AF=E5=90=A6?=
 =?UTF-8?q?=E4=B8=8B=E6=AC=A1=E7=99=BB=E5=BD=95=E9=9C=80=E4=BF=AE=E6=94=B9?=
 =?UTF-8?q?=E5=AF=86=E7=A0=81=20(#6006)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* feat: 管理员可以设置用户是否下次登录需修改密码

* feat: 管理员可以设置用户下次是否需要更改密码，本次修改：字段命名规范化

* feat: 管理员可以设置用户下次是否需要更改密码，本次修改：字段命名规范化

* fix: 用户下次登录是否需要改密，函数名及变量名规范化

* fix: 管理员设置用户下次是否改密功能的国际化翻译文件

* fixs: 管理员设置用户下次登录是否需改密功能，逻辑修改

* fix: 管理员可设置用户下次登录是否需要改密，字段名称更改
---
 apps/authentication/errors.py                 |   9 +
 apps/authentication/mixins.py                 |  10 +
 apps/authentication/urls/view_urls.py         |   1 +
 apps/authentication/views/login.py            |  19 +-
 apps/locale/zh/LC_MESSAGES/django.mo          | Bin 72201 -> 76682 bytes
 apps/locale/zh/LC_MESSAGES/django.po          | 507 ++++++++++--------
 .../0033_user_need_update_password.py         |  18 +
 apps/users/models/user.py                     |   2 +
 apps/users/serializers/user.py                |   2 +-
 9 files changed, 355 insertions(+), 213 deletions(-)
 create mode 100644 apps/users/migrations/0033_user_need_update_password.py

diff --git a/apps/authentication/errors.py b/apps/authentication/errors.py
index 8f9ba9307..46f3b8fc5 100644
--- a/apps/authentication/errors.py
+++ b/apps/authentication/errors.py
@@ -275,6 +275,15 @@ class PasswdTooSimple(JMSException):
         self.url = url
 
 
+class PasswdNeedUpdate(JMSException):
+    default_code = 'passwd_need_update'
+    default_detail = _('The administrator require you to change your password this time')
+
+    def __init__(self, url, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.url = url
+
+
 class PasswordRequireResetError(JMSException):
     default_code = 'passwd_has_expired'
     default_detail = _('Your password has expired, please reset before logging in')
diff --git a/apps/authentication/mixins.py b/apps/authentication/mixins.py
index 89d7b85fd..b336307c7 100644
--- a/apps/authentication/mixins.py
+++ b/apps/authentication/mixins.py
@@ -194,6 +194,7 @@ class AuthMixin:
         self._check_login_acl(user, ip)
         self._check_password_require_reset_or_not(user)
         self._check_passwd_is_too_simple(user, password)
+        self._check_passwd_need_update(user)
 
         LoginBlockUtil(username, ip).clean_failed_count()
         request.session['auth_password'] = 1
@@ -224,6 +225,15 @@ class AuthMixin:
             )
             raise errors.PasswdTooSimple(url)
 
+    @classmethod
+    def _check_passwd_need_update(cls, user: User):
+        if user.need_update_password:
+            url = cls.generate_reset_password_url_with_flash_msg(
+                user, 'authentication:passwd-need-update-flash-msg'
+            )
+            raise errors.PasswdNeedUpdate(url)
+
+
     @classmethod
     def _check_password_require_reset_or_not(cls, user: User):
         if user.password_has_expired:
diff --git a/apps/authentication/urls/view_urls.py b/apps/authentication/urls/view_urls.py
index a95342fa6..062044047 100644
--- a/apps/authentication/urls/view_urls.py
+++ b/apps/authentication/urls/view_urls.py
@@ -22,6 +22,7 @@ urlpatterns = [
          name='forgot-password-sendmail-success'),
     path('password/reset/', users_view.UserResetPasswordView.as_view(), name='reset-password'),
     path('password/too-simple-flash-msg/', views.FlashPasswdTooSimpleMsgView.as_view(), name='passwd-too-simple-flash-msg'),
+    path('password/need-update-flash-msg/', views.FlashPasswdNeedUpdateMsgView.as_view(), name='passwd-need-update-flash-msg'),
     path('password/has-expired-msg/', views.FlashPasswdHasExpiredMsgView.as_view(), name='passwd-has-expired-flash-msg'),
     path('password/reset/success/', users_view.UserResetPasswordSuccessView.as_view(), name='reset-password-success'),
     path('password/verify/', users_view.UserVerifyPasswordView.as_view(), name='user-verify-password'),
diff --git a/apps/authentication/views/login.py b/apps/authentication/views/login.py
index e1a3ab4b6..a43ddf5eb 100644
--- a/apps/authentication/views/login.py
+++ b/apps/authentication/views/login.py
@@ -31,7 +31,7 @@ from ..forms import get_user_login_form_cls
 __all__ = [
     'UserLoginView', 'UserLogoutView',
     'UserLoginGuardView', 'UserLoginWaitConfirmView',
-    'FlashPasswdTooSimpleMsgView', 'FlashPasswdHasExpiredMsgView'
+    'FlashPasswdTooSimpleMsgView', 'FlashPasswdHasExpiredMsgView', 'FlashPasswdNeedUpdateMsgView'
 ]
 
 
@@ -71,7 +71,7 @@ class UserLoginView(mixins.AuthMixin, FormView):
             context = self.get_context_data(form=new_form)
             self.request.session.set_test_cookie()
             return self.render_to_response(context)
-        except (errors.PasswdTooSimple, errors.PasswordRequireResetError) as e:
+        except (errors.PasswdTooSimple, errors.PasswordRequireResetError, errors.PasswdNeedUpdate) as e:
             return redirect(e.url)
         self.clear_rsa_key()
         return self.redirect_to_guard_view()
@@ -241,6 +241,21 @@ class FlashPasswdTooSimpleMsgView(TemplateView):
         return self.render_to_response(context)
 
 
+@method_decorator(never_cache, name='dispatch')
+class FlashPasswdNeedUpdateMsgView(TemplateView):
+    template_name = 'flash_message_standalone.html'
+
+    def get(self, request, *args, **kwargs):
+        context = {
+            'title': _('Please change your password'),
+            'messages': _('The administrator require you to change your password this time'),
+            'interval': 8,
+            'redirect_url': request.GET.get('redirect_url'),
+            'auto_redirect': True,
+        }
+        return self.render_to_response(context)
+
+
 @method_decorator(never_cache, name='dispatch')
 class FlashPasswdHasExpiredMsgView(TemplateView):
     template_name = 'flash_message_standalone.html'
diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo
index bdb351ceb42856cc8ad5002068b470d0ed9b3304..b661bf7fde6ed307d17345315bfec8f1a3006672 100644
GIT binary patch
delta 25566
zcmaLf37n4g{{Qi77-QeZzTJcDWQmaMNsD7Eq{J{crkG)7tl=K}zK-l$S+g^Cp=@O<
zsjQ{Kj3K2gog(_b-uL&Tobx-6|MmENJ-_>YT{G%;8owoU!kN&(#XO<!dOW#8J+CM(
z@Oj>V48$8L*YkdF=Xqt*dEOuR8tDlBn2hh>V9ean^9qG{-Y9HGy+yBkUN+KqJ9*v&
z%F}iByhNOg7cfT`&pSc+b=>870dGfF&kLtvd^gWKNriEK&&!9eb@#k5jK%EOAG6{p
z%#YJB0#}+xumtHJu@GkM;d!jddjhLr1+0v3pxRBq@{I4TB~qM>(^vuTVs-TO^t>wA
z)*OLnNpHf7I3e2e@?i8^o|hAcU>2N&*>JYG%-n=pz+TLYM=_l7y^BOL;%%#NAJsv|
zx1Hgr1`!yBH8BU)L$!O!^4p?zsv~MbJ+S}|MD;ffGvh)`k1H{diO3ov>Szn*!VfVV
zPhb|jWd4Ne_;=JmnR<C%8O)F6@mbW4^uSmgj8EfrRQ-~@-N03`9O<Wev;Sp@bRt75
z9F5#PZ!WgS#i+CUH)hB3G44p7#@wX4qZTj_wX)%sKM}K%UTEnLPz&3Qx;w`)8(xlK
z|25-ZtU`LGtrdo&E>USz!}_QlX^E;Ig}OuoEPpPl<MpWehfoVTjjDg$${(Qm4e#Uf
zs|1K>C5=!G+M>>^2j)VRtHCtXj8~)Hj_sHePoR$OThs(oP_OYl%z*{^x`~y+BBY;1
z)q4$dVIYQxIt-vXeAm*;Q4`v2>CaKGSBm9lh;v6$2=$tk#e!G~)!%bi7+*&X*x$-0
zTKO`UAMkb&(V2gaI?Jz7XMGWMhBvS@{*Jng#p2z2Tn=^S?NB?@1+}8ysJCPos-MwT
zo`mXW398*8%&qtTb0U0yydO{vub@`+BkD|lK@E^G!KK5o6zPgs6I)^p9F28xCu-$)
zQ2pfW=LQT%?Qn6did8U7?|)|^T3L70jQe6f44}^TUDS*hqB>lOs<#$(S9YN$e#$(D
zYWF=B!!*>&!}`0UsEF#PAqLd(b41iZOH_yLP+J*;xiMf)H<y}QF)!txU>>}H`S54d
zQHBn16VGlIFeA*01K596tVxD;pgt=7f~DJ-olq0$iFI%=YJyu(6F-FI@HlGacTxR3
zK-CKy=-L-RrOTs^sO~`aU$57zWN7BGs2v%N>S!wJ%x0S_@k!F#u>f90wf_tCx)mDa
zwzwRs-Lt66-2yeywy2})h`Lif14J}XKhzEkMKv5}`E#%&=_Qtb0JRfeq6SPs9l;$d
z&otPzFNj)cIn++nL5<TGbyP26@Mt?(K`g4n0jP#!EPpl@B)u5*I_^Nt{GgS8fogZo
z(rKt2`~_9-9_mY(@g4V;lt=AEC**?^@S=#QK_Y5^30MecnHy0vJ&HP_Z%{jR3;ET-
zdw{CnWr$npVAKF3Q9C&SwdM0r<E%0_qfhVuheWhR-=ZdvirUg!m><K2y4R%`YDFbc
z^`EqKZPWnIq1v}a4cr;EGqI=%55vMZ-qOo3v)=y=MAY$4RL6%=EB+jHW<Q`hyoQ?C
zAE*^(ALjDIQ3I96a##Z^;u}~S$D!W$k5T;{MveCw1{AqKL<6Ux2KW`VRT-F_%!yh-
zA=Fux#uu>}s@-(d0P|22Ta4O?73OACy}j50KSAx7FOmH(N~B66Hxpk%rKey+T!U(O
z1N9o+#qxL`wIfdqcLUZ$UD|r6%i039((b7CG3Ef&+mwiEzjQb=(d&>*MiD%WW$+S~
zz|14uFCgVnTlzX`hsL7X%|{Kq9@XJK)KPqHUPRUV2{j>aq$|&aI^qHWA}T14+PZ3}
z8P~S_Mwb5q79+ovmB*ltZh)mnq1sPI^*0lB1Pd&G6{_D2mcIj^A{{tLB!b8vs1A#a
za%WQxHN#q{l{H7LyaP7IUf2#d;0g>I&F>1h4#P2ejO%Y0>h4U$Fr0;&;6h}l0^V{W
z>UaxkD?ddwIET6<S5OUZq2BX*sMj)lteaRx)R{knx;w9+R^AtNd55C<8H-QjyQm{N
zfuVZ;zX?Wo%}^CnQ61f}{M_SQNBJ?7d>?9nCr~?94SiT2Ght`c06j5yM5vt{g}TJE
zP&>Ln`Hb(aC8COZF&!Q=KSQnT3(SPqQ61ezO*F%JcboH?weVT;UqfBq*{Ge}j$wEV
zi{mL=jlW_*mukTTx5c|qGu&_KPc3~CpCtb@w#2ZB?l+irsG}H*+L1-5iLOTNKr(8g
z`%yc35`%98s-8EA{Z}OOB$tr~Gm<WX<*^iI!4{}bX9vuT@s>XnvyvW%8gM4+Rxh>k
zv#9<rV@14S`2{DtqbxO<{nw={M@A{EgXysoYO5l#Bqo|mQ3D=EZRsh@j^|K2aTPV;
zho~P`nWwmkl|c1V1+~D|sPD~d0V3LxepX=|<{-TWv*9jOgHKRL^SSvoYGoHt6S{&r
z>t9e43Z3dEk_VM8hMHhS)WD5V?E-HS$wA~TEQ5nkD_DYRum-i|`%wcPxAfPjdf%ZI
za2++_2dGP$WtuB5YL-P!usZ5Dr)J0w2D~?kXaauJhbRGc1hY^B&qEEo40R{gA!B%F
zP%G#$-E|y~TEJM;gx2E|_%W*9Rn&xUV@`aC!QcOL%y4JrLlx9QA2vg+s0V5y38;w<
zL!JF(b0%tl`Ka&1O4Qk}#o*gyeu}zNpP}BmpRl0b|Ex*wJui*=bUusfpbh51o~Sc>
z$I54;j%KZ;5140B3-}2&;RmP*Wt{2iXG85|DbzTXF!=ZXMntsI7f}t`V|9E3E8$eE
zh99Ed<DXG)OV)SYfKQ^@H9)PnDF*vPZFzgFja^aw%t!6uiFY}Fz1Lrnp&8#qrT@UP
z7(UAlP!IKGd>QpNw8UV?sE)c?el%*}zNnoWhB~t87>-LYH*Q7k)F-ppe>FHmhE{L|
z^+Vzss^f^+ZoqPwmvmLsSvR$GE7X=op(fTFHE=)6A7@TSjWZ9mz?G;8?GF&iPvi`0
zz@JeoyK5D^Ic|V_sQ0)yY9f`e05&u`U>VYVFc;1?S6TT^^pXDsYDaG2lNbn@>$aqt
z*#xyUuc9uU9}D4d)C%XL23TrtLDfHmrSWUj9k^$D^V|Z$Pz%V3+JR!oP6fQ$mhlp5
z!0xDyMqoi)iG}bZtc>STTbyaWJF+6Et@WWMSQ&LBHBkfBM;+PAs5{mHbqBg)M#lFN
zh^WC3)KQE^-SP#f20N|%fTfS4j_5RM<v(C`{1w%4=>_iB@LE`cbZ68A1E{T^gz9%b
z2LJxQ+%ndpR<I4Vg?m*24_f{))Bs;vehO;hH&7klMXfY+p_^bX)Idd0?Vdngx~Eb7
zzKj8_pe+$?X*VnAZw^IuJPLi7ggSyPs0m&|4UmTF_!d^fjEh{mI;b6Oj+L-87Q;!F
zzj_h-uN8buhR*7!RXB^9;cw;x)Igz&-O6&HIxd8oNLAG9TMKnLpTXb?QCr^@wZJZ@
ze&SI(HB^67(GHBag1M*(Ew%JoR0rEEeE>Dl6PCV!I<geY{|VLpKC0i)C2l9eQRz~s
ziPbRc28ifv8e#A#P`AAs>XHq`3OEk6b;+oeet~*BPGeKNiAC_K_uO}(6>6nDQ4@|s
zO*9eJ?>N-a29k&rCh|V&?Dk+jyos7nhWA~?e5jR`#^7s)+L@Y`ZfxZ*qK>33mciFh
z6HY`;Xf&#ysmKuoyg5XkB4Zh9YtFd>?|an5ZlG40aj837AC@Ow4Qt`+s1?mXwO@!@
z*)r6bC!;2C*wV*P^)6x#z5gkeaR;@s`=|laFLUXlSdMgQR7WjPJJSYLzbk5s-$D&I
z5H<0Ms1>h34Y<+Vj=Fq%G5F8_j}p<0ze9EOvsL)h@-r=WcccKS<MODV0ZmaW?_hSr
zP|`7|qlrgtbs}ma<1L+J<qI&N4n81~0k@!5unRSj6Q~X@U|GC^KFqelSsArc|H7i!
z12w@>=3>;P-GzEB&tgryh9$AYO7>qXZ@kiNX=~J0M`8p{z_Pd&JK<Mm^;P@@lk_w!
zf%oufEc^k#gkT$d17~1kyotIi)mOW>DH@+4J##hZKaj{tGW__$8dqThRwaEN)lt^9
z?l$*Ct!OHi#&xKAr!WE2uXBIV7>F%MFGKy9zJ;1Vmi7GZkByN3^O6GmsS1rZxc9yz
zY6}xkE1!yGa64*+7qJfJ-{>x1E6h&11Lnf+sJk%$^+}#+`AbmWnN3(64_JQS5)pN9
z8?#}^CU-k?U`En~QJ1PDX2!BO9IN47Ovc6d!Dct`3(4-+?oJp-{zz<uzhPypy~Q1I
zcWkEje=3oV6r9G|SZ%AjjBjCH(tS{uY!qsz7Gi$fikk3o%!%hvuhliwgzsAUJ<LTq
z<2JX@f|!qV84SMv^@ynBmrxbEnF**J7>yceGHM6rq3*;oD-YT3wl*_r0!2`t@Uj?&
zjm+k#x2+{=0v)k1_s{D?L}xM)OW<m(fJad)yNkIo!w#1&fIiY?F&vv?0qlgDKtI$#
z!%-8Mgz6{B%9o-RwgCf*Y$u|X?ZZesf|_B)oo*`|p*n7c%5Q^e*VF7{<pZsJ6zUSs
zLrr8W>W+Pcddoh;iulwn&c7OwF1y?SGcX6~MW_|8L#=Ed>a{zAHSjL#sLJnl1Jp&;
ze-1U#_NWh8H&lQ9Q9Cdi)$U!?f>-Qj|2311mhlZ1B%Nv%|3Y<?>qGY?EQOj-C9^5k
zB>e{J2xnjh+=RL_+pz&2#7r2v$CYPC9ZlW<5zVYHYD+7iR!|)^!}|C(Hb;GMwxA|-
z4t2|Kpa%NYe2Dc)XWi=tcoFN6ZjIG(B1Yg|+=PMeiIgHTW1n*y>QbG@C-5e!gM1&k
zf4kKZ3zMFJx(mxu^><?xJZb5_P!kOQn4b+Hyb-8zYVCJB&=FZ+!0SRp9lnJ+o6)Ep
znT2})SD?;t7plV}s4e~sb>?4Lc`9mW?xOn1bbuYxz<3kuA9SDODu*>HzwTp{Vt*1T
zNQKBxc&*a$FPA=LOG(c^%0CUE;;Li(Wdute=eHwVj{7L@c7lI8Lb}xF`~V{TIr0tj
zj(*`L5;)~1JOg#4vr%_oDQe<tF`s6#R}uUQOW<{@kmXC)peX8l@B~)JR#*&2Vi|l7
zwS%9c4=<zYhkoViJ&CnQw?NkBjlyK5zh)=2RUxO{Cp8c1JuPoOjVgc6((O=}Ez0a`
z4#P0=Ct7-jx!7E5?nKo)j9T!C)9k-8E|a0#e%&hGF+<L{*D(ib;IgQCPodh?xBTZU
z-Nt;)>|*6T%mmCsyWyyQW}adHwN;DAD2GQ-GrNTyG1FOh`@5kUEJO{w63gOx^R)TU
z%FCSNw<5|bV+|aFTEIpuj(adKeiN{QUr+-)z=D|Zyldb?<yW@!(`Hk%wfQFMEqNRD
z_6$a?bb_T9q87H!Jb;==;2aTE{M`z&UU0WF0@a{~`GVOQi;&;X($meA<{m6U`InZy
ziCR#GZ`{O+qjsW-GvGZ#L|fY2Dzrq+th1$uS$YbVCVw4jVyCP;&HUZW^sOr|XjU<s
zqPD!F8H3sN{*NG{2~0!Hbhfz>HIXBhPD8CM<f5xr%&diK-x76H?NCS1#nOE+g7je2
z$`_#S+6PMO{Xb;|-<da19sXfy?>pBpI~FIuFlwMWs0la0^!Ns9fG()^y-^cRu>5J}
zLM%-FY7A5)a)?Mt{1x>L5C7i1_f1e8y@Klab+adGBK=V1Gg0O9QI~L)xgAx0*gRo=
zg{ptyd-h+KFU<<>qgImc2e-m7EI>LJYQS=+6+e&axC^SI9;h8jK;4aDsD5XnCbZJr
zW*#!X`XS)Hc$dl0m+x0A_zTrxj!VvhW=XS>Sqn9hhNv@t-fVC7Fb9}pu_5(lqb7Pb
zKtvt<jQSAWMGfq`?D8w1DpoU}N3FOMYK3o^L(OTZ_DfOyuCx3t<|kN-{PU=t4CKDz
zA{9_8Xo4EBt)-(;9St%QQ3H%cO=P;|FS7J<%tHQV%in`#NFTKFAI;y9@d93k6t|Lm
zs1D1SHO<CmOVmW(uyi-nMEY3%V9OtFPO<#?sFl8ts=wRv4+Ybl|8XK3__P&Vw)A!L
z->7eWXe#H6l~5B&Kpnw5sE((g`k8~;$>o;bYU%yvDOCMS*opDI8$|RzzIfGj>_=7T
zh3cq3s^c+Mo@C|oP;bRDOCLbhKY?2Dx2U814Z|>7n(HU8>BHc^|F3Krb<O8dD|^N4
zVflkm9gns25_6ro3pLOumj2Ar7f^54CDa6ev3&0u=dYDzyyj*WjuE6I%qCcwv>(-R
zk~t66?mct8<?lufu;21enctZ=uoUHgU>z)Wo&8rw?XSB5qRh8Z`Eh2zoP>?ZpKIxF
zP&;)EtKy%QuKc4*H$<(xFKPh+)B?w#Cb~))D%gSQXdi0eQ<ndorBf|^8%t1r&+-f3
zaCfCFmL|U%R>F3u35`U(?_018{)qW8&rj|s1LcY6k~Bt5po96gISlnfWIATXb(jse
zn+MG=Pz$+erl9KIu=H=J{vTL=uAhVb@b7<!sA5^O8mgmb%*N&mW-HVL+GAOaLals~
z<!>_gq9%UK(pOPieg}2-p*Qu9VmSZ$L>7=S4L4xrU+nck4fGpoLg{~X=`5&p0ZSK0
zy%iNvD{N}{?ae4u{k~WX2clm0Sy({t|0W_i@d)ay&Y=d*b<2H9i=oox@M)}xs^1&c
z@lbOVs@_D@gyx`jc9WIwHut0I9l_xHf0~Fc)n!zJ^tWAw?5KeXn-x$4*2P@d2n%5w
zRJ&f74*Q#fP<LwxX22O(6z5<L+<Ke+f0D>SGUOd>gQf4dtsG!ZKn=VQHQ+LQANQgL
zh`j5{2bjam(dHy<M7<<@3BSgQ81WnXpNB|`-`tA3pa$w~=>&5)>KBnImR^BcaWbm@
z9`m4i3@ea-3NzsY49Bp4yZS{?M^G|gktfZ1sN4L4rDISNd<XU6m}2=GF*vZ5A4FZM
zGngK4p?2yw^kJ^w-FsgRvyyI(nn2(cA{rnP)gZwNrda-bORq=$u-T1T`FYHTS5WQm
zVL{CPhqDYSzX7U#8}kj+#JeLq6YzQy(M<ZI8jM6;x>=UL!c4aEkF5Ml%fD>?g5_xU
zz|v*zxe3?6-~>=d@dj!<e^Aapj)+zku!2RXiL9~oUh^30)}J-6S^hm#{fzhBnHNSa
z;5p2KucCIQ3)aFxI2AWy@bCW(|8!rfc372yI7=_Z8l?AG`Zj9Ib3Sliz9+B<=@yob
zMh!e2)z5pV`lnF!(oic8edvxLHwJVT1&OGj1Zt})p;lDO@?SvJYiIeL%s%Ewa~5g>
zADBBW{|FW*{~Od!+&9Dj;`}vG<-c4(L)1iGGrOY(jz_&tgHaP)j(Kr|r4N`V%rmH;
z4L_Kfy^!GV5!Fy{S7+3OM)B{zgA-Uvh6dVZ?m<oDp!o&r>@H#%%opP7*F!C!395cO
zEQH-qTRs%EBXh0%19O{sAV5R|pES={!9`TZKcYH#Xz3j3Tsi_ZU^TNos-KroU$!=u
z9%hb4ZT%!vyX9tJGZAg+K2!%sP%}Si=^Lm9w=M0ZcN55H7C=q3EUJB7RDX>yKfYx7
zT~Yl+oBfe?0dFJ`t#B4<;1!nMkDBo*4DJN#3-}P#kuTJpVP#bMWmG?}SvnfkUw>3T
zGf)#;W96HJ23Wae97i=cXX(4B2I(@m0WzEUQLj}gOV>dS+{|o;nrL@ay>Y0^x(IbC
zH=`ze9)th>|EgvDtPBe7qqZ<zm@}K1-}IqYQ~}jd6I8oas1H<o)Q<H;_45v@-e}Yp
zaE9g2$KcQZ<wW#4Y(`c50xRJ~EQwh&y8J4rde5Lb?uZ&V%6!|5L+!{QOOH3Fq57X~
z>17#10>O^fSix3vzxlcO4QeZ|p;q=6YT!JXT!)3sGN_5wK$Smh`AzW|(ydWPJlV=W
z$i(}vjyIB_86QTy=ciFK&7Ro}SQzyIs*KwD4yZHkiy9~iRev6;zm=B1$2^Fd*fCVS
zuTeXBDPS2PSzJdsP%F%bs#wmfiE7XoHPJ}3FKWQysQR-le;H;cy#@92e!uyddEN}9
z646hoTd0m7pk|sqtFwR^fx5*NQ7dj>HbV{E!t97zKo2V)jM}l`<~++!c4_|iKSX*`
z;Y+JfkAL>A2Ct$f5@QZT4LkyMi^rn|o`IU!V$`=i8P)!*mH%o!G_z)RJ5~_0@%{0t
z5K+g^1T)xT)NiXTF*p$`k1_k9c4`P}=O$rgoQ;~$AuB(HYJbVRk6KW84tIBoV*|$b
z8WK^%MASqkqZ-aM*IE8yRJ{|Z-|@~{`l6NpXx>8o5c<Q?d2_lI7sgQXtD=smCI<ii
zf0`3f#~rM|kD9<h%b$*#`6AQ=S6TiB)J}Y89!J&t#>!JI|F)SvS4i;p|GcOPRLvEV
zKiHrN8EV)9H9-5MI(3T#KTV^_(bQ&`i>=05EJ}Vds^v+`Kab@||A6{*Wy$TVj9OAF
zRJ&*_fMZboFT%pO2K5a+oSRRRIyyr}3H0)~wfayEs-nuDMGe&5(&Mou>CM;-)8!2b
z{&n*O)QdV2^;2Lj>bic6bukrdV??<7M0E`3(-i#qMTV}|3~Y}d;Rr04FC_T?H!~kK
zk&~!T*B_{Xs^)hSZiY&?Lm&1+^*0&y3EPeOZSh;w4&^A|CRR2;qzV}?;|zQUb!s{I
zmt``-d<ylG{(19FY)-l#K8JfzM-<BcOjtXY19fYPp!%t3*0=oDmJUP`(LGMEf+-k0
zD|3yx!#sq#J*Q9up2JwYjEAso;gI0}lSZK;?hZ`BV&t#EF?a+u@mBo%$~yYhWG)eH
z)tC4(h7=14{_j`*h5B)_5;fpu)Jm?S{+9Oub7P+3&eEuf*Fx26V(E6M_T5lN^cLy}
z5`$?z4ReX;l59YI{l7w8p4+IqQKW=h>C>o=8leVgZuzg{VA6go{~mR_uUh%<sH02g
zbNv)T^-~Iie>JH<L}%5|Y=wG#x|l;zw|^dLg?r4S<{8wAu2}j3YQQWJu6_jSsH#}H
zw)q?e-~Tp5^pWjszJ;1$KWu_SP<P}b%Rg`afZB;P)ByL*3?*IroT&2rsPgit1=O(o
zh9!CbCy>#W484~Z%>t!d#a5`D>4fU2H|obwqNQhIB<Yo?9mrhT4O9}<u9BteS-P3o
z&g@<~;41bfLo*wLx{OJd{utHqXO_N->i7<7MWIi)iRD1mi@<tV7j^3gp!$8+d>^%=
z8&ErZJ3vG~X6~Une28k0sf??T&n#+|!d{eDKn*w>wKE%0{Tx8`^9ib-FYqP2h#Ig$
zS@$8ThEI?VbS0uM)Hqy<t5M(Rf0c8$KN>Z_Xw(;Q4pzXAu?F5iy(PZ#u3kOVYt|A~
z-;bKe6x0OfBOgKUedMhRcsnb&nO{WB{1R%w8|GiA4)RoVTVDcI?@3gLbx<pBh`Jk1
zQAgAPHIbgEU(SXh<9bEX@$-hrUg8?x%Sy&YqRFUdFomxXUa&O(aL0>egbR2<Jv{a_
zA%6quA%r5tCsW=QM`J<UO8zl?6<^0k&o}h_I*9@L)kM#$6n;#j$rRMXse~5R;AP@p
z6F>A=2l2%9UxK(u*(Wwp^}`R+;KxVt@x<RG+@S8~)cKXT9==E3GuBsN85t)?j1Ly^
zlgm0gOQlz=fqry8{?xJj%Vb6pzeSs_^l=JnkX9G`91A|D`LhFMKUu%Ki9b(>aOr?|
zgNk{qP%Sc({sKFb_a$~DtRembf$xiVmB!PEH^;9in`HwL_4bj+kCEWRr^LIife3o)
zVP)Dq{^a8O<Mku+X$ogr$vli9U61^%)>&QRJ;*;zI*Isg%P&j4#iW}P^xP)>4rTfV
zTvi>zR24k-oTF|t@`n-hKaKE)5Lx_Kg*K!c(NO|H&nm(v<nf!P_bp+*<v&Ay5<&lz
zw~<X?4DrXG0+t_3W>ez1X!{rOvBdvHJTRU=?i1c6V-5w+Fu)e9Mc#ST<0m8%u3KkB
zgHIZD&y&Y*o?b&jTjDb?XDHu#t9usTQ62iz^D5<fz9lbO@85DVLMe<R^E={$@h8%^
zRg32;d94Y0x4$8rQ6`VxX+CP+NP?chHehiaM;<@Dy^J=f$~TjKpEPsxz92qUnR@?U
zhBqj<MP^6qBv{5DM+hH~*O9V?1pUG>2KCgW4ZpzzfBh<q*9pml#svN$px4R<Z$*3?
zeZ-@l{KUr)^jZE@=buc)CRmctlkhWzdb$(p6aSU4ok8_WiJlpRRaWPNU=FLHk3Xr?
z&IVm$4kGVm;@7BGjd&TWui`MaLgRZs5N?v=r_(p_d#p@lJtZ8$KU?zW>*V_gzY~5T
zOtgt)Qja|S2`h;wP^Kq}@HKUwBApMrTYg{ii}3r0>UhT}_>6*`)|v7WiANKT(^+rI
zo+G?Q{!l^=@|F`G64ny*{7&7A#NQ>%r*3HsvoifQ^oPY&cLU`WNq?yKe<uk&{6O+D
z(aEQTMOL{F`J+fbdYV~&WAi84WT5bpRX9)nIO=yGbR$ncDfRTF-Zzx3z&8j3$=gA?
zzSf_a$lniV5=G;OR60U_1O-hA&yshYyrQUwzkhgxtsVcaE%>}a*;XsBU|NxPh5EIr
z--3+u#PwU3emVv=J~sG5;)f{I^Mb?6&V<fdd_A_O&I9VCBmWf!(QnLe;rz!2Y)*M^
z>$k^a{r4mPzV-iaS3lroC(?rOF<}aw@f%t2zjgG!s}LNzKb;ID9Y)z}*5NH|NT@?t
zLVioaE5X|K2l+i|Q<m_6`2TuxrgQf%SXPos&54boqnX6-5Pl=RnY;z~=;=#`H%R<W
zc{}n~TiHm`{GG)6g|a@6)t_b!H&L!9Gwt;pC0!uEA72nk5a!V6Pn<$%Po<w+J?{@|
z@S@qDdVf%sl_Tg!-6N#KNw2W_m#No<P}3%{)Y@e+JK+J^ZJ|7{pTsUAe_=Jkht|nT
za}f3;G^S3B<$XxKF?7(8pr;AxO_UEselg~sd-EESKRQ^-4pHw3^7V`&EFzwty!X=c
z{x2XhJ6Oaw0Bh1%&n)Y_mNj&_?$4o=z57^xciJ2!d}?_+skWW)3E>0keo5H_!Y9O6
zQl|#C!YB3qHz4wmifyQ{6hEb~FhNfi!oLXfD4UC^7;R-g<2!`8v=7IOly|eTX{f(P
z=;=e7L4+NI`!35%!EdSamu`C)iI&!|9BDm82p`cP$<oT}sy}!}l0Ssd$tAs1bGOyK
zgAFLxvkx;^T<Ivrxk<TxHP>&|!TVpIj6pVm?}?wF;7J<A6AD>=8hLt-62?-e^kbbW
z|2gW_z}kc!l*L-RZp7CUDp|S#<(n-|G~lIL;(byhEPjRt2T4~Z{VapMWcjPf`<yg?
zCGdt5-$+<S-E&q>(i>p$?$}uwJeP<Uqh4XcS>h?Qe~XYUJ?r03MpF`@1U(x_XLr%y
zpWVnWLBsb59}z!JZdU5(IgD@Pr@<883+m|ENWEFaKd1ahLS3t`vcvj=XMz6E{x6|0
z3*mJdR3cpl-zI$lpHd~BgVsTII)0Y)UCJIkJ}bM6FOi=}owq1_i*y^pVbb4|u0@zm
z_?dJkLTkzbhpi+1mFqn+tC0SR@B@YGNzWtnC*6?p0t7vc$ji*fXQWF8|6EFaJx^g?
z>Yt)c3h_>aL!?VnHjeNop*rbzaFpKvN>qHBL<K5NB}^y%5<yQS6=R71VCj35>p7tT
zEIyR7lf-M1UlhCGuU7Ui%BE0v6L}T!xb>4jd<7x6|FL9Nr@=leRJNWz)`{X(t?U?a
z9}Q=d{w3IfO1X4a{vuW)zXl<VaFeq1>{NB~`6qN<smIz(ApLK>{|m`XAsi!~n?Xkt
zdRxW0IF9sU!jF{y795V>ip^B=9)EUOA_s$xAbx>%E3L1()P0)xY4V;R6e9!*QK=#Y
z_b9lF>8wNjVAA8qs)W6kzuh|PYvma&Kh4r=vza=z3F!#Ct-kVKB;2<28_LlB-zOuZ
zG9RmWllTjC{4t%DB5bkFhm-Foe+izzI2-(Pn!jf46RF$5^53+)<&^Is=t)mrC}DfB
zPrZLU-#NVWWPU*7Gx!x@De*g$y+AyUFpPL_!Y<;iaVP3I=kS`@fNe=nq--zgyH@r+
z=}A^@S>C|_84awHC<aR+zMs;q*o*W5s~JN2JHiz5%Ht*LXdv;j<TbK-?eL1l_mKY_
z^`bF>yspGc5${F(IPr~yz_WDlH5n5~?8cK+SWR5daN>mt#fZmaF7jIwb`a0V1#2Iy
z_0J!tt=%7#>nTW>K>vDvC*-yG0P3wJeJvg5KhqkiQZ^cXNqC;Hh5U)+9kBAbG}dX&
z#%8K)PfyazsGpN`Q{pj?_4lZbe2*~Q%Gwa$Mw|Nj{{N^_o?#UJLI=GF&$}$|Z7MA!
z9!6Oy%ge^f^<1Ie8p;<uHlUCEugD80=($MQ%Y<{J+Y<^}-6tu_PWyp+|9>PigiiAl
z?@E|Y;bjV|;v5`Cc=VhklGzf!k)Q6dvX=BSk@khK8g)LTESdB+tAENAe^GXnvcO{g
z(361)tRg=Au@05LhjeZ_+(6J%6=x8tSi9+zk0*VVFxlGHA%2kZ{e&KbwS-#aWnzq2
z+)CP>fVYQ?&NO@;?@@3C*Wo3?RN{KFVHVPjaWd)ea6N7I5pO~MEgWKlXTYz?d-Rl~
zZXWU;Vns4T?f5znFQ?!CS5UZ)@PsPTa24^qxWsy>P5c_+2IU{Ap5=c@{0s6L67CSn
zlm7~Ne-hVIh4?apo^bMJSiB19ne^9|@U3pNo=sHfLdFi_(=dea=vhQ$k#(y7f~=ms
zboLZ^afFjrHi9-eEdI9n5p_Q%d_&o6@;;;8TI@-B7Y4__M}_yvm}E07XHFt-9hLq?
z(9;TEq%6`Uy=T+`;c4oPwmSJJFGEOA-aO1=6IPQqtzA*`ntuLQCvk+vBM41sl!4Hh
zpl1$wnJ@$oke7+Dj`SK8@)T!)YJ^A6XViQ2yh^+aWls{e5e`u>iSTdL&*J0JAIWuF
z_YTh#@9*XBmf(*{TI{cp*=rOP<?9#kk4yT@-?v~}e?mfZOpkb9_t>~@eqW1bjeNag
zdql@1Rqei^X7>btoUdO@uh?#HQ^%Lk(;sYD>F=1YTV#yt`=VofF|l#IBYX84l>ANi
zLLtxl{FQr0M)&gdjEwhn_4{Ld@&1?uUqbBPO}oVVRH19^z$#v&n5eke=qO)Q>;MLf
zjEd(!W!lG=FsP3|Ikab7`llkh#`a6_#rb>3_SZb36B>Ap;{3irvHg7U{fI=dz6Ae&
z<TXeh^7fIC<c7V^rBC0@-zzy^-=pc1zD#J8p+{V7zdp$s`wa~VeJhrA4(Z=7XJog8
z=>C4DXxsF2|9TlMo*Xe?NQO*3{BeEaqGJ-0<_;NElx_0IM0V}vkMf!YH_cMoyyQYd
zbEGd4%R2kS#deSG<@fc8?D436u)-6GTQY<*u=gT=1h>-{oKk$!nbDsXk56#h@4XyJ
zv`=Jw{D9avj;l{pB<GjBU`#@$?7gCVefo9n72VDEwtrAkj;UvJu{H7j1Yg%dEFrGH
zKQ8(5)Zat1weA<)?QLK0*r@34gObkAJW!VH^LuTyi~p?kQCepk->+LYe|&t>ymto`
zWGxh_*S2k&KR#ZzS>vmb`_Bw~kum?AoVC&Q3f?8_GI{!}2_czOu}y3*e^Tx_)vIt-
zytctj)>ifL$0bDj<GCG?3BDM=KT21ntKZE&nw$H~oKi`P=HyS$m61uYb6V$dtB#NF
zsf`HUrlehSj;7Z!1m@lfDHB{x_kP^TM;jQtegC<jD#<bPvt}p~)jK*SIzAyTG9fmO
z?d;nx+Adf^Y*Lpt`LfV5n(0ON_9w?L8J_Od$2Z`yJD%`p6NAH6^0n&akBsMn+Qklz
z-z_$dnfHl}iPB}}UiIf}wS+23H{M?o2(GF!tE%kwxUv@a-2Zx;Y;%J{Re3a2bPR8D
z@8CeeQ(zz6?eS>=G5!HQZP-7@SH*ipM<3bS@9X97&zmx9Y1VWBst$<m)yv+jU~iA!
zj^Le*_eDfR(DG5e;JfMn-}U~Znr_si@5n#*TQ`FbM3gVmUF8PB)BOK5{QLd~Z{Ooh
zgDsO6Ew3Gxr>j0(-m5V|-6!wMHG2x_YQGwMq5k`Bk6Syr!lQTYQI&so>QT<4jY!JA
zu6*{#&mbbH%DNI6+(6CN9gA-2K1;9aWeCP~-rc#u{-`QmF!zO~&X%t_-OKq{{QtE0
z&&z8^n^a`|rizjM5_<Z&$Hn&cy)(2@@Q`(Jf**6APCiz5vrnJcxCDRFq4oPRa<&P2
zn+9!ostD!&fql60QEqI~(J}6;n7ndBry^PRC8loKojN}8TH^SmbjPaYP2IjbWx^8A
zadqaZ)N$LBsvm1n@ap>au1*`1GJQ_k`n^~8tWWuHSIW3;SN7~nntn5HQsCIUI%zAH
zUYonjwYWNWcgmi3ug#rCos?-)Zhkl^b)6NZOioUjx*>Jl(v%%LT(#ta$0I@-q-@`u
zGIjd3#NpRQtiQ5*TgteNt}BvP*Kd0CgCuqQ#MA}5uI!kYwr7u*vTG)Fu5Q|$vS?!R
z%O`rIFMD<6Zsw3OZFU1Mb;PQx@2yW+KQCq6l1F)0_ADVUZGG~Nlb1un($+6a+b}$N
z-l=!ehowxNmAY+Qa`@?G>9eJbo1e0Kmo0t!x#Bq=&$zmKRPtBn`iF$M%%mn4hG)CF
zVz_F%Jv?xsa#-s4o!7=rO}=)aW`?lTNn@|>+L=`BhXGlGTb43y1C^7;-YlLx^M_y4
z)k@p2J!Q)7D?3(S*|qD+zV}jxZ@Bi})@uvjclFZ7u1?v$>FT^uDa+=i%wLkSZko+{
z)Rpxa3UN>=qnF!R{k>yMF{#@1-9_1Wx4~ZOf<zLj^S7kV+L*Fo%+)2slhdxZ&YUx4
z%Hq_8%ei=DUYoHzsrH?Ng~!cGOB{V|>|~ws&TVd|U2*cgJ555frR-aCEphRced|+a
z?o6up$624-bI+~W5{}ey(^4iZPRe_4SeWZDDe<TLng1DX+P#r=|7)bb3q4ohPT{{6
z@A^&7bANY8wzQQq(#CI2SwB8y^s1!ee@2u*uChl+o%q4E1&L`ZhP%n8Y+96>xH9R+
zpT4A+2gQ;yKNyiyx6Q58t$+A~9XbAMpQ}CmDI}-cxxeSOwLr+6(9-|B5G#hKZW_UT
zOI@%wb?tjLT5y}UuMZ6gPgjd=*Ab3h%O-Qr-5caq!K=Xyc(lzsb*1Nxy1H^WHD`Yu
z7V>6gCP;mE0`_Wb9CPKvdG2NT`_SEMvb}i5kjWtdcjeiFD?8S?9SnZd-KqSa?39gT
zQkHE>eRrH~_MW7a@sr&(VRl>sdoLeNgzNLa-%&c!#Fjn#KRRPQ|J4~6?0<H%eRZag
z`eB9K=ftzG%46S?*;jLfd=)Ws=YL%aPlq&f=ii4kdt1(sxaL#~9z?J-c=?%#-Bow0
zR+6@L)RkQ;ufDgIZ;yKot-u}A?0UIEiif!kn%y>6$d=Y_k3HKn_l;S$DUJU~lI=J@
z0W8MPfJg5|@O$bK?73?HGvUIyLvB<Hev?vnP2;`f-4A~7uk4tdI&(wnq~UyR=`r}D
z?InHyxR-nO!`vaMVQCvyq>dat`(&Pw@Yz4-2`OHXuW9g1A5C!kX7`oa9-22KL&pCH
D-9Wyu

delta 21441
zcmZA81$>oN{KxU<Zezq4gKad7?jBtdBHf6z3X)RN%|$vTE;1ShNcZR=NFyO3DIqP5
zgn)tmKi~WO_W$$xKQ9mObABhE^TfRyIPqf8ge^hd>)}D)Ivghh9VZixj&ht-i5%x~
z1w|dFXd}nT6W}<-um$B7O&n(m#^GSB^0DKj_c+dO{DgKFnmSH$%7vOc&P3|V(P;!8
z!Yf$4C38`qy_MtaavZPoduzvuq~n@4j&qs@KYZpmsd4(}juVV4FcjBg2=2x-coehY
zucoK1<7A<n1JmP&7=&%G7`DSgI1{tse$2=G&K)wGw3DKp<K)Le7>&)bFitXe;U&rs
z@H+1Q!g0bew!Pzo;TBAW2QfLGGOwBsP$%#jBQT%?C(is%8ZwEo0IET8)Bu&tx~L8<
zP&?8cQ(#|Izfl&SgxaYYm=+hK#@T^M@er#0DNKnM(HlwTJ{hh2otdPgdqxqc0drtJ
zEQUJcR@f7JSp9Y6_HiC#Ui=;NVERt(!mD5+%1yBuwnAN!xK8Z9Cb&x=6~08RG*M@_
z9ERGFY*sFWT6rbZJ<t$!hMiCg>udGnP?uyj>RwoB@%^Y1{u$N&erNVyH^bjnk-3XI
za5QS7TBxmWiR#e9>c2(}Jlo=%Q73Q+)&3&t5<EhU6ZoauJ`%Oy!l;|PyqAnt+6WV4
zTht1>pdQEJsB1kBb;hePBkn`ByM~(J1!};+uI_m0QRRH71y!<g6DxPYAmZL(WYUot
zX$|IK2FjaI6P&R6n^ymq#Zz{3uW2q!Lc0Q}OIZR#uqx)n`j`y+U?CiiNpUSE*Ym%P
zjLzTy2ID!@Kvyt1K0poh8r3mlcXz9EVF2aQsD9;8J5&YLuep^wU=GSdu_P|W;&=he
z>G@CA!#(4VP+RgjYN8IPOVbmJq8ByMM${Q?$57ml+UnD&OLz~}|0!y`x2SgSQ1?U#
zkB-L4A@%&{C!>zVFf*1#opCeNB^ZhtXgX@(S*QUPqXt}o+QGf3oA9)G%Y0=9f92i_
z=}<RwLG)_nmB{ECHbqVFsoB}=Z4O1X8;jb3saBqA<)!9&)IxS*Sv-y@F;Oq~{g4KA
z!j*cl{~E9c0X1ldsj#h;`=D;d(Wu955o*CZQ42kV8t5{H;Z5^77NP9v?e0)9RR3C-
z0>41*Z13LezdDX1pf^+uYHJsuuGuow&9oUc(O%S<A3^myYw=r{o$^DAhxTz#Br|Hl
zA{c=mp!zj7+j+_8%zLADViank$rz3^F%_<`_)gS-`%wK(Tl^;KF@Au0`~v#A3r~R>
zFC(g74l75acF<dnjLxtc>P^@Pi(?<uPOLz^aMq(b97Ap8IrAy%k|gQp?o1T&0qNvJ
zwVRAOvE``oHlTK38?wV*=P(%!e9pX%St;K~bxhjdJ)>}ppd5vI&ZALJMJ?0`)JL^%
zW##s$OV|rFp%=9SQ&E?2A!g9?zsdp!(SK8+2E2?K@E&RlpP>eNgIY-90qz-PL=BuB
z^I|b9fGx2MjzukWFKV2FsPRuoJ^z=<_$NXQ{0y~_z=5uzs1>J0U83w*8>^xEO+`&G
z8~ryg>K<5TZbY@)jm_~8YG<Mbu`BwJDM+R&)<TshV`W^0>i7`#biBlT_$O*7atwAS
zERMPv%V9dKgF4gpsQ%r|eyFEpII4f_VD?{k`6dFo$qr&}yn$IT@eucmLLStXwm|LB
z7*xMGsEOC22K*j%DNdSKQSBa~7WA*hgNM3LRqCPazbf(&(AE_}t+*5_UdiG$P_O3t
zR^JVE4f|PnB&z=;RKFQko@@27s7taMOW-!trF`Tiqk%$)xo408b%yy-m*fNd1i!}R
zcnRatJKTMPmFEQ1zai=#X@gpbzSw9XJyAO{05$Gd)Q-(XwfC+eqnlwHs>4A{k0&q<
z-a~EeJJhue9pRoyZq!X0jp|<kOJi-+gd@@ap=HiOwVQ{Ta1~O|^G`+t9d`rHdDK?@
zf;zK%m=#~5E=}au?gW`p^#xIH$g-%Lv<_;)jV#_4)vgZ);0SXRrqlC3mW&2ogc@ii
zYNfj{J03M3VMWR*M!Gj=UDTF#Lv8s8)Xx#)a5XN+%-Cp@T?*6!2UvNS%FOSKAyWh=
zVFQfEq8KvTy#y6dJJJNT(9cj?+!?jd0jMn<gSy+7pxSLU_n1dem-sa5F}{Re-2?$+
z+>hB%)TPLaibta+u85kj7V7S8ZuL`86V1i~7;Ev9n1k{q48(s>JL8OXcQlJxbu9a@
z2|5ta7WP7&(LmJAHx@PV0?dwUQD<-pGvY<m8Namp;BjvIe5h+)2G#x}Ooa8!Ca8tC
z7{~r=0qqFrTJ}IKU?ge>rdfF&YC)?|6aRqfcNMk3`<NTwp!!9PciZPf?Pz7xgte{Q
z1l6vMmyFJ!Git>{P&eUtYcSXR4z<9Im=+IWFkVG1;5KH%7pN_doZwEJ4wF#Mj`^?v
zPQ|9E6Y$<8qk*5J&LGi5cR>X)7v)OmzeJdfaxc{5H59eb$(R}!T6_y;rF;-|LU%DK
zzCbPXAJoD_Ci&(4Pev1@#~{pw8ZbZVnpHNdqi&+QsK=@+>V-7HT!N95<5B%jqjvTl
z>XQ9w^{FSjmnJ_(>iMtY&+wW>omp4Ziie;UGzN9;C!)487B$goEAPeRl#im?pT}tY
z1q)*66!$}{9O^OchI%?CV3?l&b!61>d(;{4$K-evli_(RgEz1krvJv>!aA6Na%0qj
zyIXkx=Ak?Tbwax^0FPl}Jc<5s(W`55!zzA5P5cbCb^oBwG>kh&*E%O^z*4Ao)lmy?
zf_nEiM~ycPHBk)e-dcnq7-!|ZsGa<ID*La7S1oYIe1e+bHR=olr@0G>LS2gDsEKN$
z&ZLpmw?+-z3qx@*Y60U>PtAOD3+ASLVjBCOlFUm2GHANnFg0eSTnJNOeJp})FcnTQ
z7hxFXO{kk}AL`Td8tTN}pvL{rOgY1CpAB;oFXknqYyOGZ8g&NkP-oB;wF84N9A{d2
z1!}_msDZAdo`yi5yMRnsh;k_m$M&d8H2}4<Ls1L#P9UQRr=upEi@H`TQ8(2VOoe+;
z9ZsX#UqW4qo2a|`EvkL$nQna+R5>r|5=EnSsv<^XJ!D+3GlEQB0y8iR#-q0U3Tl9d
zsB8Vo%73F4lIUA^=R#5S5vX_u)Pl2HyaZ~&<x%5SL!Dp~Os41mGcua!OH{|c7>Q$1
z1J5&;paxilS#bwyi!Y-tVd7ct;~9!-R|&O4^|2s!KrLhjYNzL6W<CF_$Y`P?=1-^v
zokwlmub2iOq9*dhxYsf<>gGz0>Yo{PZF8coc`?*D)lg?#A9V>@TKr4&YDIl5Fbp-o
zI4jRYt#qN4*P^y~o5lB_`kz1zd>(b?cdh&iwXmSst|6#);i#u1`)u}K@A3)+s$omi
zUA+jk@_5t&4xuLg8MPx<P!rulJsp2wF-$qfefL*IP1GFKt}|+(15hV80yW;0IqbhG
zz9pcoU5L4H8R~I4j#|iRRJ&hLTX`Ex;4{=2=A7%s3!oNM8q;B8)FtYQ`EV$f!sVzF
zx#lIK0q&z#`V4jL{zWYy)jYSH2GuSfs$EelS3;dhb<~9Qt=tLKzb9%Z`dWN6YDXud
z=JC!YlYz`S)R`VdO?1}0j5^~RsHfsFY5|`4?m#I~^--vJe$-P`7By}ijKGelGahV?
zK^EwBrjgM#`4+XsOHd10W96+@zXvtIanz-{fI5S#s55$o>i-V&VDJL>F)eI1K<&_1
zm<cDK|L6bZ{tWMK%uK~q)HVAHOJc}E_seG$)ETx%ZD}9Oi=$9qz1E^8{t4UQYxCnp
z{5qHNX3T<_7Q3I86|gn;pVOC2RXl^bIU-}(My!M7u|E#P&Da48EOG0nV^PYxF*iOz
zoj~ML_cI|HRo@H?;CQTuTQDsKEMxyQVFogduo14urKkptzjL3{FHzTWH0owsgxc~I
zsGZu1y2gi5_sB06e}=jj^pk58grnLQL-nt^oa?V^-;jWAqBf`rx?m9YLfs4f@oOA`
ze_+507J+Y36VG1hepy|My(yo?D)`YV_Z2-3b*Z*ub-a!(G1qGLzYLiXtKFMwCu+dG
zsGH?y)J{CcG#IqTy;(D&?t#3hg_l7sxEkt&YN5{b6V#b@!qnIgbq`HKjXT#%Mh!Qc
z2QVq+bJ!ZMqjseHT6Zfy#1P6&F+H}$U>stOL|v*0s4ZWHy6FyJe!PuYF~vG}0p22H
zk`btZ8mKYq%vzu(>VjH8KXVvrfn%^OPDP#BbJPwb<_1#x<Ypvl{7e{%d9VYP!~%N$
z=aJDwM=%BcjJj!Vp|<E1>aI?{!TrT#e$<YAiW;~ls{dfr`(P|;oH?k4u0$qsHe2~R
z>eAlFl+5pVHo6_dF$op9P!kt6tE1inpQ5&OCMLo-OpZIT5*|kN58mX~hoN>fHHKj(
z)Xo${Ew}_GWqzkJnXXtHbK*ACnOs3_=~L81FHL7NzZaq$ikhG<mc=F*jZ-ii{(y9G
zZeb3b8RxnK^_X5oZ!R*=$!LJITl7~Vya!M>(PY%MU4fDKJr>5ZR`zUl7nlY!dHCo?
zO;l!^y92FJm!KVLyl$8h$Dwv)_BQrEg3L++x@NmkXM7yB#iub9Ua<Q67*6>OYM^A>
z*)dIw&#>|i_YGHcm+mZn(TMHwUra~+7xCQv0elSaW=AP6*h8y9G+4ctpZPK851b{g
zz`Zo+u#XQS%DE2kc|iFLa`MiJL+(PpKI|@dChD5bLEQu2p%%U#wSzyH7cdLu$5x-*
zd&KP!g?c{oU^F&H-SuNIH!ekO;W5mLcTw$wkGk!OVJXTDkpG;q{J~Xq8vN+)RNyi9
z1r~{V3=5dvvShTCH7w8^b+dIe`<NpznD`Vc&opDr^=3S(-BHw;pR)2@)V=T+HU4Yl
zG4wit$K60CRD*n|0g9XD%qpmkHO;1|d!ZewUq8%?Uev@Zu_f-Y`t&E<adTiE;`#k@
z{To|gur*kM^=YsQi{o2Njs;J;pABVE6V^k$NSdMQzq0r+D~~g0nz813)Xg4`{-6Jk
zk<pp_q5wWYoxwXZ;wSgTlMmIdCaS&_>L%-D<x%Dwa|33i{*aY#ns3a|Q|y)+<RGH~
zE1}M)DTZMW)R_%8C!sFQYz)Iis5jyUEB|EW>!=smJJh(@PrL2Qm^IDjr@8)W(3yZ7
zZq7u#7gnPt+=E)!A@e$F;x|@KbH+W>BB*wC%=W1M!%&xOG=||fR$h39>z|FlN&-65
zW2l?xqLrPqZamb?fEqB5l?$8YQ46Yxny3?MA-ymVC!)sx2DRh!ti0W8nS-e3`wSMq
z$Cw?{{p`MS%VSE)U!oQ;1U2ADb1G^9^Q}JK;`=cL@l)n?tAAp8Us>jF)PMo!+?y;6
zHBold8RSEqSs~P?V`<cc4Nzy=1J!;U`p*>Aeje)5euv>0k6O@Au3qPw1s<D!V<-)h
zop()#>W~{XU`ex*S<7r<wm~hV6Y5&`Fo&Dpm<#=K{nwMJOv62x8vn!mnEHY{VP({S
zwNdqr%uc8?9fmryiRJ=xBWl41Q2kF@{G9n4mSTSAFEZM~Vi#R&qgMU}YQjENo`4!?
zj=2~$!3xwuHd%a+l@DPu;%6;>4RcezWA!1Ic>dKf9T`oS3w0(XQSq8)Q?s4f6Sa_`
zRvv{~$TW-3wRo(#-s16?j&}P|?XO(o`PV>qE$|pM@oQ8(@UmM@W~N2GyK`a<tcz+l
z6SeSpsDam`PG|>eyrWh=Z}oSv4e@7}*?&ED^?q>&>WmtoCu)E}r~xKe{Vc0rfV%rv
zSotuj{b@{xH&B=EPt*d#uDIi*F>{zjy_TtnI)mC~8;gI18gQ7EXPHaQji?E}HxHto
zp5v$mUAFiG)QS9#df~k@y;-ihKO$8@4b;=@kLobYoM`bF)W8cZzTS*Ck75q$&tqBq
z)8fUix#L$hYaru$o%(LZX=QfCs&wpU<sGP<IfO;=l9iKQcgvYjXIu|;0<BPI*bcSO
z(H5VH{(A&<V(a~Ju7A7*_WJ|8DlrQUE?E3E>YfPv)%{cp#e$ThQ49JEOW`!kjYlvI
zK1E%+L^s@fAqusC5@rqQCD4*gM(mE7XaZ`5K6A0T4t0jR%zdc#N3DDoHNj<6{4r{r
z*H#X^>Bd7*<D^CZ@BgDLkPFqJAnGwIi~1aIYw@wB54E+6QP+4QHo}KEA1mDAI{{us
z?ZAZF?zl@(6K}Bcw%hjnAF#kNRELYGGx^=(fp^>iQlbXPjF~YfX27bL7Tcf})(>?e
zV^D9v8CG6^r75pQwYznP{nvmm2*^LJp>x+=NGNJ6bEE2unx#<_d|=kWER>t0+7Gn&
zNYq4A%|)njHlRMvw|U8=CvybV@g@e~Bl9WhMe-aIVd8uIsD+`ZPsRLL1k0LTurcL1
zs2zN4{)fSo!+&$<OOHz^dyA9N1Q$>Z9-A-Czf8}4_g5-Ounz5NqrRxjLQS+EwIk<I
z<J_|H1M@ZN5(PeR+hs&f*z4paqYlw#S+g?cCtd@SU~i1XAyz*PHDQdo%-n=IiSM!U
zZS>zun2mVgL$_Zp^#A@ZnoJ-S^-!0h5oX1%sONYxhTu}vgd0!;?nbpgW$_0XMfo)*
z#ng}7oy~%3UlMh5*EHKIuIGO+8FiRq#-Mg27Io$;Q4?=M4YUV!Q=PH+P4lVM|84at
z9=rXb%mSE~er2rO7QI?=4>JA*peBs528+#gsCK)od>OTndshC_41VI?)e&Y+OisI!
zsP<JcKQ=|3z=$VY|72vQ5zyAmL%mA3;8c8sx;ckDb>EQFQLo%}R=$qKDgR~V!q43H
zwJ{Iz&rxsI@m5}jVU$mx#<}{8{nrGczq<`{pjKQ7bqVU4O)TCLwNsr?XVlB$qfzar
zTYR>;#@u6`K`r2p`O0e*LC@VSPK(-!Qf33xM4hcX1hv4KW-Myr^{B1gidx_ejKGIh
z{?|<M!mSTS?T|N<WvXEz0^LxL&s@|s-;3dR9W~K&^DSy2|Cz~Ox|c3J<|f_{)qVhm
z<8V~_>8Ph>A#!QF&JHr#l5^JJj``gD7d24GE7x$;K<QBf=Qhit#;I%dt<5f|{{684
z4zuzqzg+)~WVGemQ3Ibguc5Z`A!>kE=HFHy@P``@Lrt8<%#B)DDXXuA8mA%ZebUn6
zz0m*f{{|{U#TZn_8K?ojL*2bwt$YTx(3_}sf1%!Jp|9QkMNpTlf|XmL#_4S3fvEAu
zpvH+s|L6ZMYp~D!$-IK<aNo*7Z`?CZg<5brGZ&_&9Bt*AsEM1J9Z(DHhiVst5xDLR
z*I#$xJ^~u>0cxvXTlt-plf8AfFqN6n%w-nAbo48W8mBR8oX;>Nc0}#i0Mw<Jh-x?U
zE!SUfyjZJPZ53NkTe;85H?Sb(Czu^G{OQ(LL=D&)HDO1yyV)1D6GN;#$((^&z#Ojy
zmZJt*XBFGcgXS6YI%*3aq0Y$jm)kEAwSXwpz`3wIMx!oa538Sur6^BFweub&qk+z&
zULf~T14aDpHpqaQFb^tT(X57Aa2?b@O;J16&dOh-+JA!@|67Z%G`Aw{z0Q6z+M=80
zbJT>Mf82r7qUv*ED3-twtZLRbTbdnFpDDdj{f40yI>n4JV=;pHoi${%(!J(k)ES*b
zt^5~EhflCG2ETL5Jy8RXH)o*6nUA`smZHX4i@Mu)qTZ}0QRBT(J@Y#u|GEv+nYqkp
z)PR+&TpjftunB5_7FOTe9E3XK5$OL^MZMDJp%(I^)n7pMzlUCB{v)F^N%x=ooMy*L
zl&hgSjz%qHI;#C_bCbo7q1v56eUrLw<y%(&%zTaMsefnXw2sH?|9yXy<MD5G4%8Wx
zLJe5m;!RK!ceJ<{wcyF9h0U_~0#yIi<}OsbV^)98;y2Cbj@RS=I_>ee3y4B>C}x&N
zP4E$FL3Pa*W=FG+Il`QR>NgiNVJvFgJr+NTc`2XrlF<w0t(h^vJ<|_R9h+fV?2B5!
zWXynbP;a&^sDTb)7JQ1@ffRvm`zTa>0n|JnTX_IBpzK{traGD5u`HGj^7tRWUZ_{|
zI4p-7una!LjF=;lYbDf8)(V^91RRMsu>`gcb{8-Q^;qvmE%1_C_B!{;WF_z~>O&$+
zVvqm3SrybZ?~QtFCShURh%@k4)Z^JZiR&11HfpQapmuC4YQp_if7ZO~k9*mA3nWSE
z@!y>pQ5{O62KdNqY<^~TLtW!Rs0l}4Pn?K{@GtC(KO}Q6Wyuha|A*GbIF|TVSd;mk
zH)OQ+mH8_vZRKFBiz~4?{(<GOeyBU)MAVs2$4Fd;sc@%x9JTOksCEyn{0_C?WGUQB
zkqZ6Ke;x}|Ms4*c7==Sn_rP4#HQ$dq)9dDa98CEIYT)i+?oHVj)ou)?!KqeWj%v3N
zwZq%PJca#t`4IxT+wY+6Qcp_v+UG<KP!ToY$G&XkGW!3?@)#oicN}WSdH5kNLA_$`
zS=>qG_DpQ1LhVgP)ZXO9iC7+Wdmpy?|4>Uz9`3fwgnEe=3Fnoijvo?ei=Uuw(;cWK
zo-wbW2Doefftol`gnN<0QRT|0{`IWf5!J5`YP?aX`KF-SEso%oRe{V-0-5nOYM{tS
z*KDYrD2&>f-l&)IAk=`vQ0>QA{Y-P7xdgjWzX~;Bn$+$BilD}+>LsIrs-p&Kh;^_H
zYQj}m6gOfnyoq|S6Q}VwOEDkn6?PJJSKUXQVNhE4O_3J!Q?87~u`8<GB2+tXJQ=-8
zenP$5?w}SD%3twn0U3}noouMvxeWh*vR2*(weYs6fx4Q*QT?Z*wtgY1-Fnn`J5c@i
zBKLsTIY34YFQOLm8|o{`J7iv`e*k}Qd`p_`&++h5u}PI2IW-zbGuoXY{YYFprsFHp
zC1Sb+WoXx%bc}l5>rNG7Wx4;HID%i<AjJIt!xfw0bR?#4cPSYll6+ZAX6^nUUz}8h
zc6EqNAg}-FI}m$ecGNKx>tk=yDC^sS{9#fv`sypw{~oJothfGjRoKy<SQR?{K=P1^
zP_B_sY3d_QM-Tc9q|IU4>?Ca`>G%a3QK#3Qj!LxYibIHbk5O5GfQ~Q7|3|PeNykcD
zi3h3gMqLAvj-QCflg~%;kS}NLo6+t(u{&<F|NXPE_1jB*a+|BP8{=121jbY7N&1qc
zo2-EixRiWd%l}5ch2;<1AghU8A`K_$ctL$X#<)QK7xFtuNoo7a`l(GJ>id$K`eX0y
zzut7yNJmKgfbTyB(y$mg{ZIRyZPF){^$9bYSO~FD@(0K#9K#tnFKH+N-SLmCZWyu3
z<m2hn%Nl3q{o_9lV_kCp(O_)CU^Zbc%uZce;={?;$C<br^{zNTx<LLkzQBZ|Cv7%T
z?n$7O#h1QUugBUuhDPHon2&}72zH>{k#w2z8Oj;R$C1WT&Pw?Yl8(0YO*qyNn?&M8
z=RY!-NoeyS`B+jd@{jOi>%_Mtum4|$WVC?>Q~443k)(4>sG}RPAj<vm3bC&+;b?CC
z63X%xX_WPSL)(Rx{~NnlUhRVYeeL@5QR#eV1OH0pRq{tjg=kclRFG7|>ic0++9Zrs
zoBRi)R#v}*iZ+yW@cqtzd}*rit#zz{{(rKhZ+6XTP!%7k1;;WfdDZ*BP3C9v5#;sb
z%4X}_lX4c)Wa?Uy5{|vpZ%ruRU2E?%$I|u${pRDhB>(vbSf%=XMt(jG+LEtg@#W-8
zs3Wc>#+OB>Jbp~tMqZ!g^~nEA+DE$$Sb%se`SqmsBpp34H*T}?v_O0RB__~=PWP$&
zmySA0S|jD3Q#X$I-&Qx0ST^b_Qa(i8DT}M^M9M>{t4Hdh07qrgaoT)}$B2JQo8KtU
z58(XQlG#OiOHju=vm`FId^I}#|6?U}qX;ght{*;N3>`U$m$UZ0$ZsY;in{XnE9Gcw
zr?yer{}cpuj3CXX(GzP>nS4W1!m)yOb<~#n-$}cuduwffHT7M&9{Dm>-hu~-rKIih
z_r^M8dGAkD{z>XW!&;aME0Jz8(NWcrk0n2lypHRXQ;=?ubTnq5CR&sojVRxzt~#kS
zu};)oBmWw+yw@%h?M5VAfAtO5Ks4NmIu?*}P}Z@CbeYcU@D%9-@&~CaM%y7a=v?xB
zh;^iX5{VxeoEKPv`d;L3lGnlacIOi5OY&a_vi~h9==jhEs!I6-QhEk_MZ7hRr@YGA
zHSxEmAMJl9b)vpD>0jc3sGmA?Or!l=>K9tSm)M_r9s0_~cUbrNn_&~HBAWbiDmGZB
z{njBl<;tWO>UGcPb0e7iFm<wH0BsYIG7&#O{XUE$?V`RUX#i=NwH2YX_3|ytSxQDf
zn(QY(nEXmoSrR{WI)fP?6?y$=@-s<4StJ}?h(D!X$64BTCsiXAB>AXoOguGd9{JqF
zbbLU5Dk+RKBjNh@rJ!RigUz5}B(^3kB5fu<+Uk2#7f<?xvi^<aG_^y0GuE+~{Bhif
zKj1pNjm>HIlEe>>&J+9`3z4?!`9DtJKItCmQwIJE|DuzQ^Q6xHocl){)Syie9%29;
z&q$r=QxQ+&cuYs#H&~5So_t5rQc_;Z8%Xm=^GPkdbht$drZRwmcax5jHW52bY(0(A
zQ67UaIE%D~x`))gBkdrbaO|{9e(L*@Z-ZNDzlU}$DMyfBL3&0!AGSj8XH<MlAv0bh
zkZ{aR$lx8~)vWFx2HQmYi^LaU2xh=3#EatR*6tOSu`xE9g{dz{UO#c^*sah1lw=mr
zIWHZ;t@C#@)X~9wPW@=g-6@|Wuj6ZLt9&e}J@LZW$Ku-AgySw5{ZRi6v9yd)l(t3v
z^?H^#F22{ev`xB%Mz={@sE@(-kD9cvPP-ooevU;*?TDSHT^{Ry?!6At#41ofgIIpr
zTuc~G^Dm(?gvus3fr{6pu9R2f8|sg#4P_lCXp;`dVG)1C{iC(zzbBrRlyI~mACpkP
zFviJ7DrVz(SJU7-D!lJ?`iqIDlG4*?80jo&fpySWrKr=93pcr0XAk`+kZM|;!e5i`
zM$ALsGNdGwk5W!bejD}MnbzNZkPRMA={jkjKgu;DzL@+XI=;rQC{JR5KIGdH`<axO
z{4LaR1=F}$=VS7vExwI@H%L>c`yO?i#5sEY|0L6uLA&E1I(&k6&_|<*q(+n{QeH)y
zhU&@j1^J1j2jsJ01=0|bj`g(H@w2(i;)>m4oFL*yNO9yBXxp<<v5r7v0=;nv<?+PF
zQqF9h_o%lWFY%$}?_o~bC86IO^6jj>e#ZZuG>7sHoJ!KMkn;C#*8ivX9UY4?KrK>k
zDmxKgYYjF~4y9g4a{Sz%bN|RqxdMH3JSFv^t&YE4oP5;Xrp;u^ze!R-l8zCWjrxE1
z;B+JQ=TB5rB=uvkZ)q@-cncf2E9F0|-5O#wE&qo0kE#2@ce8PX@At+*{$FWLCUT0J
zjHDg3UPf6*PRdEJ4&~|o$p8J}BbJN$A4xj)lYStUU2Tb7p}dcLMaJ8VA5tEO2}cp~
zm2^u#pz%L8$Www>X|bJ7^Q`eY^0SCNrcIvr2GBr>h>axH!Qwe+n{Z6AF^3VWWO>zH
zrtL?R!^k((uQYV*A&>*7&^QhGn)r-{pOC(>!CO&3lDc?|BK8aFcuRUrI;#T5M*21-
z>F7bqN}5T(ha?>-s9Q_g$r#ghOMgM;Bozf{aDZ}ZEKcnGBZ_!`0_%zYNIqJXw5w}_
zE~HqT_)zL+k!D)|6V$gQWud+nMyemjr_}$4{`1dD#Sf&+q*4qr26eO|Uk<yI(phXP
z9aEC(Q&*KVn|xnVRqB(|ZZ~NX`35+K_%)=N|1ZGv<56Nd+PS*>UziRht>PmpKO^7V
z-;A%W)RiO6BBjwt95<=oLjDZ-HKYO5t-uHyV*+^{iHUzmyYFxij;6j7X*=m_>X+-4
zHqPJF{pTEm$Ty{Nd)$u=NjkRRH#Yf4be>B}IPO}$4GyPWii8St4)NN=Yhw#yQ^{8+
zm7v_nJ^%mfF`J6_j}<i1QP0J>VC8doowgx(goS-Z`h+$S#J(r?j{IIyMr+^M)G(_^
zM`_o9KKhR3EFpbKAsNA|Bpul)?;@WXb@(bCEE89>S*1vyw`&34_O9K1b-FE%%h5fJ
zC#-$%o?Y5!ZQpZ1k8VBNw(k=+qDSw*;PxH5b?Dn6E_d%AJ#nx4oC}OQHQ;cdFLp@D
zxcfuC^7z^h>+ZWftZZDt;e8VM){GhvS7&sxz_{MyHYf6xn{qfV+c&+E_+n>Wh?^Mm
zN04vw{QbUx3;O#)7mkcOxNxk;*LrbY->$_OeJ>Zc^L39s7*}@56Hi=&Wl0jn#jF|<
z;On_|cHGc)sRQB~Z!8(?o4;+BZ@~63zQQ}Q`P%PD>l?S@V6s}(oThy`^v>F#sc*~9
zO}?02JA7^9^Tn-+Z<f&)cCm=B@x{8nA1}_0TW~3>C!$IZ{~6w!FzMd>U3Yd&y8r$6
zasOQI6qxAl_{9(A#7(?*+Y{IK*TI2tf81IcnCZdD^>^a8{Wf>>-LYftuHWgn<vTm#
zA1s+2cjjJykMHCAgMC--7mSO1P&kpV*3<rR_n$rwh)elmT_WGbH@o6Cy{(rtCPjef
z!1gBro+?2x<r8}@#uQKD85VOPiD%??UsBI5PfW`YPu7^ZA)YKTmqR?>m|n>}>$jH-
z_1yJrFB;~V9<=>lgeM{(rf3>Zo9*#wJd-`!gVK8{2FJ9@;`uq|<E)<UG3~Q@B4d(f
z^F+mz$mUrW@!QOm_r`C}%Dz~xLDQJ%?4HLl&2o6I#}vrvNfy%}rzdLrl$@S-!T$r&
CnoRNl

diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po
index 6124b8b26..c6520c29b 100644
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@@ -137,7 +137,7 @@ msgstr "资产"
 msgid "Reviewers"
 msgstr "审批人"
 
-#: acls/models/login_asset_acl.py:89 tickets/const.py:12
+#: acls/models/login_asset_acl.py:86 tickets/const.py:12
 msgid "Login asset confirm"
 msgstr "登录资产复核"
 
@@ -315,7 +315,7 @@ msgstr "目标URL"
 #: applications/serializers/attrs/application_type/mysql_workbench.py:34
 #: applications/serializers/attrs/application_type/vmware_client.py:30
 #: assets/models/base.py:252 assets/serializers/asset_user.py:71
-#: audits/signals_handler.py:58 authentication/forms.py:22
+#: audits/signals_handler.py:46 authentication/forms.py:22
 #: authentication/templates/authentication/login.html:155
 #: settings/serializers/settings.py:93 users/forms/profile.py:21
 #: users/templates/users/user_otp_check_password.html:13
@@ -1195,11 +1195,11 @@ msgstr "运行用户（显示名称）"
 msgid "User for display"
 msgstr "用户（显示名称）"
 
-#: audits/signals_handler.py:57
+#: audits/signals_handler.py:45
 msgid "SSH Key"
 msgstr "SSH 密钥"
 
-#: audits/signals_handler.py:59
+#: audits/signals_handler.py:47
 msgid "SSO"
 msgstr ""
 
@@ -1364,6 +1364,10 @@ msgid "Your password is too simple, please change it for security"
 msgstr "你的密码过于简单，为了安全，请修改"
 
 #: authentication/errors.py:280 authentication/views/login.py:251
+msgid "The administrator require you to change your password this time"
+msgstr "管理员要求您本次修改密码"
+
+#: authentication/errors.py:289 authentication/views/login.py:266
 msgid "Your password has expired, please reset before logging in"
 msgstr "您的密码已过期，先修改再登录"
 
@@ -3838,6 +3842,14 @@ msgstr "选择用户"
 msgid "Asset num"
 msgstr "资产数量"
 
+#: users/templates/users/_user.html:21
+msgid "Auth"
+msgstr "认证"
+
+#: users/templates/users/_user.html:27
+msgid "Security and Role"
+msgstr "角色安全"
+
 #: users/templates/users/_user_detail_nav_header.html:11
 msgid "User detail"
 msgstr "用户详情"
@@ -3955,6 +3967,229 @@ msgstr "包含"
 msgid "Exclude"
 msgstr "不包含"
 
+#: users/templates/users/user_bulk_update.html:8
+msgid "Select properties that need to be modified"
+msgstr "选择需要修改属性"
+
+#: users/templates/users/user_bulk_update.html:10
+msgid "Select all"
+msgstr "全选"
+
+#: users/templates/users/user_create.html:4
+#: users/templates/users/user_list.html:7
+msgid "Create user"
+msgstr "创建用户"
+
+#: users/templates/users/user_detail.html:80
+msgid "Force enabled"
+msgstr "强制启用"
+
+#: users/templates/users/user_detail.html:101
+#: users/templates/users/user_profile.html:106
+msgid "Date joined"
+msgstr "创建日期"
+
+#: users/templates/users/user_detail.html:105
+#: users/templates/users/user_profile.html:110
+msgid "Last login"
+msgstr "最后登录"
+
+#: users/templates/users/user_detail.html:110
+#: users/templates/users/user_profile.html:115
+msgid "Last password updated"
+msgstr "最后更新密码"
+
+#: users/templates/users/user_detail.html:126
+#: users/templates/users/user_profile.html:150
+msgid "Quick modify"
+msgstr "快速修改"
+
+#: users/templates/users/user_detail.html:148
+msgid "Force enabled MFA"
+msgstr "强制启用多因子认证"
+
+#: users/templates/users/user_detail.html:165
+msgid "Reset MFA"
+msgstr "重置多因子认证"
+
+#: users/templates/users/user_detail.html:174
+msgid "Send reset password mail"
+msgstr "发送重置密码邮件"
+
+#: users/templates/users/user_detail.html:177
+#: users/templates/users/user_detail.html:187
+msgid "Send"
+msgstr "发送"
+
+#: users/templates/users/user_detail.html:184
+msgid "Send reset ssh key mail"
+msgstr "发送重置密钥邮件"
+
+#: users/templates/users/user_detail.html:193
+#: users/templates/users/user_detail.html:490
+msgid "Unblock user"
+msgstr "解除登录限制"
+
+#: users/templates/users/user_detail.html:196
+msgid "Unblock"
+msgstr "解除"
+
+#: users/templates/users/user_detail.html:217
+msgid "Join user groups"
+msgstr "添加到用户组"
+
+#: users/templates/users/user_detail.html:226
+msgid "Join"
+msgstr "加入"
+
+#: users/templates/users/user_detail.html:356
+#: users/templates/users/user_detail.html:383
+msgid "Update successfully!"
+msgstr "更新成功"
+
+#: users/templates/users/user_detail.html:365
+msgid "Goto profile page enable MFA"
+msgstr "请去个人信息页面启用自己的多因子认证"
+
+#: users/templates/users/user_detail.html:401
+msgid "An e-mail has been sent to the user`s mailbox."
+msgstr "已发送邮件到用户邮箱"
+
+#: users/templates/users/user_detail.html:411
+#: users/templates/users/user_detail.html:437
+#: users/templates/users/user_detail.html:505
+#: users/templates/users/user_list.html:178
+msgid "Are you sure?"
+msgstr "你确认吗?"
+
+#: users/templates/users/user_detail.html:412
+msgid "This will reset the user password and send a reset mail"
+msgstr "将失效用户当前密码，并发送重设密码邮件到用户邮箱"
+
+#: users/templates/users/user_detail.html:415
+#: users/templates/users/user_detail.html:441
+#: users/templates/users/user_detail.html:509
+#: users/templates/users/user_list.html:182
+msgid "Cancel"
+msgstr "取消"
+
+#: users/templates/users/user_detail.html:427
+msgid ""
+"The reset-ssh-public-key E-mail has been sent successfully. Please inform "
+"the user to update his new ssh public key."
+msgstr "重设密钥邮件将会发送到用户邮箱"
+
+#: users/templates/users/user_detail.html:428
+msgid "Reset SSH public key"
+msgstr "重置SSH密钥"
+
+#: users/templates/users/user_detail.html:438
+msgid "This will reset the user public key and send a reset mail"
+msgstr "将会失效用户当前密钥，并发送重置邮件到用户邮箱"
+
+#: users/templates/users/user_detail.html:456
+msgid "Successfully updated the SSH public key."
+msgstr "更新SSH密钥成功"
+
+#: users/templates/users/user_detail.html:457
+#: users/templates/users/user_detail.html:461
+msgid "User SSH public key update"
+msgstr "SSH密钥"
+
+#: users/templates/users/user_detail.html:506
+msgid "After unlocking the user, the user can log in normally."
+msgstr "解除用户登录限制后，此用户即可正常登录"
+
+#: users/templates/users/user_detail.html:520
+msgid "Reset user MFA success"
+msgstr "重置用户多因子认证成功"
+
+#: users/templates/users/user_granted_remote_app.html:35
+msgid "App type"
+msgstr "应用类型"
+
+#: users/templates/users/user_group_detail.html:17
+#: users/templates/users/user_group_granted_asset.html:18
+msgid "User group detail"
+msgstr "用户组详情"
+
+#: users/templates/users/user_group_detail.html:81
+msgid "Add user"
+msgstr "添加用户"
+
+#: users/templates/users/user_group_detail.html:87
+msgid "Add"
+msgstr "添加"
+
+#: users/templates/users/user_group_list.html:7
+msgid "Create user group"
+msgstr "创建用户组"
+
+#: users/templates/users/user_list.html:30
+msgid "Delete selected"
+msgstr "批量删除"
+
+#: users/templates/users/user_list.html:32
+msgid "Remove selected"
+msgstr "批量移除"
+
+#: users/templates/users/user_list.html:34
+msgid "Update selected"
+msgstr "批量更新"
+
+#: users/templates/users/user_list.html:35
+msgid "Deactive selected"
+msgstr "禁用所选"
+
+#: users/templates/users/user_list.html:36
+msgid "Active selected"
+msgstr "激活所选"
+
+#: users/templates/users/user_list.html:106
+#: users/templates/users/user_list.html:110
+msgid "Remove"
+msgstr "移除"
+
+#: users/templates/users/user_list.html:179
+msgid "This will delete the selected users !!!"
+msgstr "删除选中用户 !!!"
+
+#: users/templates/users/user_list.html:190
+msgid "User Deleting failed."
+msgstr "用户删除失败"
+
+#: users/templates/users/user_list.html:191
+msgid "User Delete"
+msgstr "删除"
+
+#: users/templates/users/user_list.html:213
+msgid "This will remove the selected users !!"
+msgstr "移除选中用户 !!!"
+
+#: users/templates/users/user_list.html:215
+msgid "User Removing failed."
+msgstr "用户移除失败"
+
+#: users/templates/users/user_list.html:216
+msgid "User Remove"
+msgstr "移除"
+
+#: users/templates/users/user_list.html:265
+msgid "Are you sure about removing it?"
+msgstr "您确定移除吗?"
+
+#: users/templates/users/user_list.html:266
+msgid "Remove the success"
+msgstr "移除成功"
+
+#: users/templates/users/user_list.html:271
+msgid "User is expired"
+msgstr "用户已失效"
+
+#: users/templates/users/user_list.html:274
+msgid "User is inactive"
+msgstr "用户已禁用"
+
 #: users/templates/users/user_otp_check_password.html:6
 #: users/templates/users/user_verify_mfa.html:6
 msgid "Authenticate"
@@ -4008,6 +4243,64 @@ msgstr "重置"
 msgid "Verify password"
 msgstr "校验密码"
 
+#: users/templates/users/user_profile.html:97
+msgid "Administrator Settings force MFA login"
+msgstr "管理员设置强制使用多因子认证"
+
+#: users/templates/users/user_profile.html:156
+msgid "Set MFA"
+msgstr "设置多因子认证"
+
+#: users/templates/users/user_profile.html:178
+msgid "Update MFA"
+msgstr "更改多因子认证"
+
+#: users/templates/users/user_profile.html:188
+msgid "Update password"
+msgstr "更改密码"
+
+#: users/templates/users/user_profile.html:198
+msgid "Update SSH public key"
+msgstr "更改SSH密钥"
+
+#: users/templates/users/user_profile.html:206
+msgid "Reset public key and download"
+msgstr "重置并下载SSH密钥"
+
+#: users/templates/users/user_pubkey_update.html:55
+msgid "Old public key"
+msgstr "原来SSH密钥"
+
+#: users/templates/users/user_pubkey_update.html:63
+msgid "Fingerprint"
+msgstr "指纹"
+
+#: users/templates/users/user_pubkey_update.html:69
+msgid "Update public key"
+msgstr "更新密钥"
+
+#: users/templates/users/user_pubkey_update.html:72
+msgid "Or reset by server"
+msgstr "或者重置并下载密钥"
+
+#: users/templates/users/user_pubkey_update.html:98
+msgid ""
+"The new public key has been set successfully, Please download the "
+"corresponding private key."
+msgstr "新的公钥已设置成功，请下载对应的私钥"
+
+#: users/templates/users/user_update.html:4
+msgid "Update user"
+msgstr "更新用户"
+
+#: users/templates/users/user_update.html:22 users/views/profile/reset.py:120
+msgid "User auth from {}, go there change password"
+msgstr "用户认证源来自 {}, 请去相应系统修改密码"
+
+#: users/templates/users/user_update.html:32
+msgid "User auth from {}, ssh key login is not supported"
+msgstr "用户认证源来自 {}, 不支持使用 SSH Key 登录"
+
 #: users/templates/users/user_verify_mfa.html:11
 msgid ""
 "The account protection has been opened, please complete the following "
@@ -4380,10 +4673,6 @@ msgstr "Token错误或失效"
 msgid "* The new password cannot be the last {} passwords"
 msgstr "* 新密码不能是最近 {} 次的密码"
 
-#: users/views/profile/reset.py:120
-msgid "User auth from {}, go there change password"
-msgstr "用户认证源来自 {}, 请去相应系统修改密码"
-
 #: xpack/plugins/change_auth_plan/meta.py:9
 #: xpack/plugins/change_auth_plan/models.py:89
 #: xpack/plugins/change_auth_plan/models.py:184
@@ -4860,208 +5149,6 @@ msgstr "旗舰版"
 msgid "Community edition"
 msgstr "社区版"
 
-#~ msgid "Auth"
-#~ msgstr "认证"
-
-#~ msgid "Security and Role"
-#~ msgstr "角色安全"
-
-#~ msgid "Select properties that need to be modified"
-#~ msgstr "选择需要修改属性"
-
-#~ msgid "Select all"
-#~ msgstr "全选"
-
-#~ msgid "Create user"
-#~ msgstr "创建用户"
-
-#~ msgid "Force enabled"
-#~ msgstr "强制启用"
-
-#~ msgid "Date joined"
-#~ msgstr "创建日期"
-
-#~ msgid "Last login"
-#~ msgstr "最后登录"
-
-#~ msgid "Last password updated"
-#~ msgstr "最后更新密码"
-
-#~ msgid "Quick modify"
-#~ msgstr "快速修改"
-
-#~ msgid "Force enabled MFA"
-#~ msgstr "强制启用多因子认证"
-
-#~ msgid "Reset MFA"
-#~ msgstr "重置多因子认证"
-
-#~ msgid "Send reset password mail"
-#~ msgstr "发送重置密码邮件"
-
-#~ msgid "Send"
-#~ msgstr "发送"
-
-#~ msgid "Send reset ssh key mail"
-#~ msgstr "发送重置密钥邮件"
-
-#~ msgid "Unblock user"
-#~ msgstr "解除登录限制"
-
-#~ msgid "Unblock"
-#~ msgstr "解除"
-
-#~ msgid "Join user groups"
-#~ msgstr "添加到用户组"
-
-#~ msgid "Join"
-#~ msgstr "加入"
-
-#~ msgid "Update successfully!"
-#~ msgstr "更新成功"
-
-#~ msgid "Goto profile page enable MFA"
-#~ msgstr "请去个人信息页面启用自己的多因子认证"
-
-#~ msgid "An e-mail has been sent to the user`s mailbox."
-#~ msgstr "已发送邮件到用户邮箱"
-
-#~ msgid "Are you sure?"
-#~ msgstr "你确认吗?"
-
-#~ msgid "This will reset the user password and send a reset mail"
-#~ msgstr "将失效用户当前密码，并发送重设密码邮件到用户邮箱"
-
-#~ msgid "Cancel"
-#~ msgstr "取消"
-
-#~ msgid ""
-#~ "The reset-ssh-public-key E-mail has been sent successfully. Please inform "
-#~ "the user to update his new ssh public key."
-#~ msgstr "重设密钥邮件将会发送到用户邮箱"
-
-#~ msgid "Reset SSH public key"
-#~ msgstr "重置SSH密钥"
-
-#~ msgid "This will reset the user public key and send a reset mail"
-#~ msgstr "将会失效用户当前密钥，并发送重置邮件到用户邮箱"
-
-#~ msgid "Successfully updated the SSH public key."
-#~ msgstr "更新SSH密钥成功"
-
-#~ msgid "User SSH public key update"
-#~ msgstr "SSH密钥"
-
-#~ msgid "After unlocking the user, the user can log in normally."
-#~ msgstr "解除用户登录限制后，此用户即可正常登录"
-
-#~ msgid "Reset user MFA success"
-#~ msgstr "重置用户多因子认证成功"
-
-#~ msgid "App type"
-#~ msgstr "应用类型"
-
-#~ msgid "User group detail"
-#~ msgstr "用户组详情"
-
-#~ msgid "Add user"
-#~ msgstr "添加用户"
-
-#~ msgid "Add"
-#~ msgstr "添加"
-
-#~ msgid "Create user group"
-#~ msgstr "创建用户组"
-
-#~ msgid "Delete selected"
-#~ msgstr "批量删除"
-
-#~ msgid "Remove selected"
-#~ msgstr "批量移除"
-
-#~ msgid "Update selected"
-#~ msgstr "批量更新"
-
-#~ msgid "Deactive selected"
-#~ msgstr "禁用所选"
-
-#~ msgid "Active selected"
-#~ msgstr "激活所选"
-
-#~ msgid "Remove"
-#~ msgstr "移除"
-
-#~ msgid "This will delete the selected users !!!"
-#~ msgstr "删除选中用户 !!!"
-
-#~ msgid "User Deleting failed."
-#~ msgstr "用户删除失败"
-
-#~ msgid "User Delete"
-#~ msgstr "删除"
-
-#~ msgid "This will remove the selected users !!"
-#~ msgstr "移除选中用户 !!!"
-
-#~ msgid "User Removing failed."
-#~ msgstr "用户移除失败"
-
-#~ msgid "User Remove"
-#~ msgstr "移除"
-
-#~ msgid "Are you sure about removing it?"
-#~ msgstr "您确定移除吗?"
-
-#~ msgid "Remove the success"
-#~ msgstr "移除成功"
-
-#~ msgid "User is expired"
-#~ msgstr "用户已失效"
-
-#~ msgid "User is inactive"
-#~ msgstr "用户已禁用"
-
-#~ msgid "Administrator Settings force MFA login"
-#~ msgstr "管理员设置强制使用多因子认证"
-
-#~ msgid "Set MFA"
-#~ msgstr "设置多因子认证"
-
-#~ msgid "Update MFA"
-#~ msgstr "更改多因子认证"
-
-#~ msgid "Update password"
-#~ msgstr "更改密码"
-
-#~ msgid "Update SSH public key"
-#~ msgstr "更改SSH密钥"
-
-#~ msgid "Reset public key and download"
-#~ msgstr "重置并下载SSH密钥"
-
-#~ msgid "Old public key"
-#~ msgstr "原来SSH密钥"
-
-#~ msgid "Fingerprint"
-#~ msgstr "指纹"
-
-#~ msgid "Update public key"
-#~ msgstr "更新密钥"
-
-#~ msgid "Or reset by server"
-#~ msgstr "或者重置并下载密钥"
-
-#~ msgid ""
-#~ "The new public key has been set successfully, Please download the "
-#~ "corresponding private key."
-#~ msgstr "新的公钥已设置成功，请下载对应的私钥"
-
-#~ msgid "Update user"
-#~ msgstr "更新用户"
-
-#~ msgid "User auth from {}, ssh key login is not supported"
-#~ msgstr "用户认证源来自 {}, 不支持使用 SSH Key 登录"
-
 #~ msgid "(Domain name support)"
 #~ msgstr "(支持域名)"
 
diff --git a/apps/users/migrations/0033_user_need_update_password.py b/apps/users/migrations/0033_user_need_update_password.py
new file mode 100644
index 000000000..8cc1740a9
--- /dev/null
+++ b/apps/users/migrations/0033_user_need_update_password.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.1 on 2021-04-28 11:00
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('users', '0032_userpasswordhistory'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='need_update_password',
+            field=models.BooleanField(default=False),
+        ),
+    ]
diff --git a/apps/users/models/user.py b/apps/users/models/user.py
index 9fd46e2cb..344e2b6e6 100644
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@@ -125,6 +125,7 @@ class AuthMixin:
 
     def reset_password(self, new_password):
         self.set_password(new_password)
+        self.need_update_password = False
         self.save()
 
     @property
@@ -603,6 +604,7 @@ class User(AuthMixin, TokenMixin, RoleMixin, MFAMixin, AbstractUser):
         auto_now_add=True, blank=True, null=True,
         verbose_name=_('Date password last updated')
     )
+    need_update_password = models.BooleanField(default=False)
 
     def __str__(self):
         return '{0.name}({0.username})'.format(self)
diff --git a/apps/users/serializers/user.py b/apps/users/serializers/user.py
index c63c6264d..d7b535880 100644
--- a/apps/users/serializers/user.py
+++ b/apps/users/serializers/user.py
@@ -51,7 +51,7 @@ class UserSerializer(CommonBulkSerializerMixin, serializers.ModelSerializer):
             'total_role_display', 'comment', 'source', 'is_valid', 'is_expired',
             'is_active', 'created_by', 'is_first_login', 'can_public_key_auth',
             'password_strategy', 'date_password_last_updated', 'date_expired',
-            'avatar_url', 'source_display', 'date_joined', 'last_login'
+            'avatar_url', 'source_display', 'date_joined', 'last_login', 'need_update_password'
         ]
         fields = fields_small + [
             'groups', 'role', 'groups_display', 'role_display',