{"version":3,"sources":["meteor://💻app/packages/accounts-password/email_templates.js","meteor://💻app/packages/accounts-password/password_server.js"],"names":["_objectSpread","module","link","default","v","greet","welcomeMsg","user","url","greeting","profile","name","Accounts","emailTemplates","from","siteName","Meteor","absoluteUrl","replace","resetPassword","subject","text","verifyEmail","enrollAccount","bcrypt","bcryptHash","wrapAsync","hash","bcryptCompare","compare","getUserById","id","options","users","findOne","_addDefaultFieldSelector","_bcryptRounds","_options","bcryptRounds","getPasswordString","password","SHA256","algorithm","Error","digest","hashPassword","getRoundsFromBcryptHash","rounds","hashSegments","split","length","parseInt","_checkPasswordUserFields","_id","services","_checkPassword","result","userId","formattedPassword","hashRounds","error","_handleError","defer","update","$set","checkPassword","findUserByUsername","username","_findUserByQuery","findUserByEmail","email","NonEmptyString","Match","Where","x","check","String","passwordValidator","OneOf","str","test","settings","packages","accounts","passwordMaxLength","registerLoginHandler","undefined","_userQueryValidator","code","Optional","fields","_is2faEnabledForUser","_isTokenValid","twoFactorAuthentication","secret","setUsername","newUsername","oldUsername","_checkForCaseInsensitiveDuplicates","ex","methods","changePassword","oldPassword","newPassword","hashed","currentToken","_getLoginToken","connection","$pull","hashedToken","$ne","$unset","passwordChanged","setPassword","newPlaintextPassword","Maybe","logout","Boolean","pluckAddresses","emails","map","address","forgotPassword","caseSensitiveEmail","find","toLowerCase","sendResetPasswordEmail","generateResetToken","reason","extraTokenData","includes","token","Random","tokenRecord","when","Date","Object","assign","_ensure","enroll","reset","generateVerificationToken","emailRecord","e","verified","$push","verificationTokens","push","extraParams","realEmail","urls","generateOptionsForEmail","Email","send","isDevelopment","console","log","sendEnrollmentEmail","args","_loginMethod","isEnroll","tokenLifetimeMs","_getPasswordResetTokenLifetimeMs","_getPasswordEnrollTokenLifetimeMs","currentTimeMs","now","oldToken","_setLoginToken","resetToOldToken","affectedRecords","err","_clearAllLoginTokens","sendVerificationEmail","t","emailsRecord","addEmail","newEmail","caseInsensitiveRegExp","RegExp","_escapeRegExp","didUpdateOwnEmail","reduce","prev","$addToSet","removeEmail","createUser","ObjectIncluding","_createUserCheckingDuplicates","forbidClientAccountCreation","createUserVerifyingEmail","callback","createIndex","unique","sparse"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,IAAIA,aAAJ;;AAAkBC,MAAM,CAACC,IAAP,CAAY,sCAAZ,EAAmD;AAACC,SAAO,CAACC,CAAD,EAAG;AAACJ,iBAAa,GAACI,CAAd;AAAgB;;AAA5B,CAAnD,EAAiF,CAAjF;;AAAlB,MAAMC,KAAK,GAAGC,UAAU,IAAI,CAACC,IAAD,EAAOC,GAAP,KAAe;AACzC,QAAMC,QAAQ,GACZF,IAAI,CAACG,OAAL,IAAgBH,IAAI,CAACG,OAAL,CAAaC,IAA7B,mBACaJ,IAAI,CAACG,OAAL,CAAaC,IAD1B,SAEI,QAHN;AAIA,mBAAUF,QAAV,iBAEAH,UAFA,+CAIAE,GAJA;AAQD,CAbD;AAeA;AACA;AACA;AACA;AACA;;;AACAI,QAAQ,CAACC,cAAT,mCACMD,QAAQ,CAACC,cAAT,IAA2B,EADjC;AAEEC,MAAI,EAAE,yCAFR;AAGEC,UAAQ,EAAEC,MAAM,CAACC,WAAP,GACPC,OADO,CACC,cADD,EACiB,EADjB,EAEPA,OAFO,CAEC,KAFD,EAEQ,EAFR,CAHZ;AAOEC,eAAa,EAAE;AACbC,WAAO,EAAE,8CAC0BR,QAAQ,CAACC,cAAT,CAAwBE,QADlD,CADI;AAGbM,QAAI,EAAEhB,KAAK,CAAC,wBAAD;AAHE,GAPjB;AAYEiB,aAAW,EAAE;AACXF,WAAO,EAAE,+CAC2BR,QAAQ,CAACC,cAAT,CAAwBE,QADnD,CADE;AAGXM,QAAI,EAAEhB,KAAK,CAAC,8BAAD;AAHA,GAZf;AAiBEkB,eAAa,EAAE;AACbH,WAAO,EAAE,uDACmCR,QAAQ,CAACC,cAAT,CAAwBE,QAD3D,CADI;AAGbM,QAAI,EAAEhB,KAAK,CAAC,4BAAD;AAHE;AAjBjB,G;;;;;;;;;;;ACpBA,IAAIL,aAAJ;;AAAkBC,MAAM,CAACC,IAAP,CAAY,sCAAZ,EAAmD;AAACC,SAAO,CAACC,CAAD,EAAG;AAACJ,iBAAa,GAACI,CAAd;AAAgB;;AAA5B,CAAnD,EAAiF,CAAjF;AAAlB,IAAIoB,MAAJ;AAAWvB,MAAM,CAACC,IAAP,CAAY,QAAZ,EAAqB;AAACC,SAAO,CAACC,CAAD,EAAG;AAACoB,UAAM,GAACpB,CAAP;AAAS;;AAArB,CAArB,EAA4C,CAA5C;AAA+C,IAAIQ,QAAJ;AAAaX,MAAM,CAACC,IAAP,CAAY,sBAAZ,EAAmC;AAACU,UAAQ,CAACR,CAAD,EAAG;AAACQ,YAAQ,GAACR,CAAT;AAAW;;AAAxB,CAAnC,EAA6D,CAA7D;AAGvE,MAAMqB,UAAU,GAAGT,MAAM,CAACU,SAAP,CAAiBF,MAAM,CAACG,IAAxB,CAAnB;AACA,MAAMC,aAAa,GAAGZ,MAAM,CAACU,SAAP,CAAiBF,MAAM,CAACK,OAAxB,CAAtB,C,CAEA;;AACA,MAAMC,WAAW,GAAG,CAACC,EAAD,EAAKC,OAAL,KAAiBhB,MAAM,CAACiB,KAAP,CAAaC,OAAb,CAAqBH,EAArB,EAAyBnB,QAAQ,CAACuB,wBAAT,CAAkCH,OAAlC,CAAzB,CAArC,C,CAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AAGApB,QAAQ,CAACwB,aAAT,GAAyB,MAAMxB,QAAQ,CAACyB,QAAT,CAAkBC,YAAlB,IAAkC,EAAjE,C,CAEA;AACA;AACA;AACA;AACA;;;AACA,MAAMC,iBAAiB,GAAGC,QAAQ,IAAI;AACpC,MAAI,OAAOA,QAAP,KAAoB,QAAxB,EAAkC;AAChCA,YAAQ,GAAGC,MAAM,CAACD,QAAD,CAAjB;AACD,GAFD,MAEO;AAAE;AACP,QAAIA,QAAQ,CAACE,SAAT,KAAuB,SAA3B,EAAsC;AACpC,YAAM,IAAIC,KAAJ,CAAU,sCACA,4BADV,CAAN;AAED;;AACDH,YAAQ,GAAGA,QAAQ,CAACI,MAApB;AACD;;AACD,SAAOJ,QAAP;AACD,CAXD,C,CAaA;AACA;AACA;AACA;AACA;;;AACA,MAAMK,YAAY,GAAGL,QAAQ,IAAI;AAC/BA,UAAQ,GAAGD,iBAAiB,CAACC,QAAD,CAA5B;AACA,SAAOf,UAAU,CAACe,QAAD,EAAW5B,QAAQ,CAACwB,aAAT,EAAX,CAAjB;AACD,CAHD,C,CAKA;;;AACA,MAAMU,uBAAuB,GAAGnB,IAAI,IAAI;AACtC,MAAIoB,MAAJ;;AACA,MAAIpB,IAAJ,EAAU;AACR,UAAMqB,YAAY,GAAGrB,IAAI,CAACsB,KAAL,CAAW,GAAX,CAArB;;AACA,QAAID,YAAY,CAACE,MAAb,GAAsB,CAA1B,EAA6B;AAC3BH,YAAM,GAAGI,QAAQ,CAACH,YAAY,CAAC,CAAD,CAAb,EAAkB,EAAlB,CAAjB;AACD;AACF;;AACD,SAAOD,MAAP;AACD,CATD,C,CAWA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACAnC,QAAQ,CAACwC,wBAAT,GAAoC;AAACC,KAAG,EAAE,CAAN;AAASC,UAAQ,EAAE;AAAnB,CAApC,C,CACA;;AACA1C,QAAQ,CAAC2C,cAAT,GAA0B,CAAChD,IAAD,EAAOiC,QAAP,KAAoB;AAC5C,QAAMgB,MAAM,GAAG;AACbC,UAAM,EAAElD,IAAI,CAAC8C;AADA,GAAf;AAIA,QAAMK,iBAAiB,GAAGnB,iBAAiB,CAACC,QAAD,CAA3C;AACA,QAAMb,IAAI,GAAGpB,IAAI,CAAC+C,QAAL,CAAcd,QAAd,CAAuBhB,MAApC;AACA,QAAMmC,UAAU,GAAGb,uBAAuB,CAACnB,IAAD,CAA1C;;AAEA,MAAI,CAAEC,aAAa,CAAC8B,iBAAD,EAAoB/B,IAApB,CAAnB,EAA8C;AAC5C6B,UAAM,CAACI,KAAP,GAAehD,QAAQ,CAACiD,YAAT,CAAsB,oBAAtB,EAA4C,KAA5C,CAAf;AACD,GAFD,MAEO,IAAIlC,IAAI,IAAIf,QAAQ,CAACwB,aAAT,MAA4BuB,UAAxC,EAAoD;AACzD;AACA3C,UAAM,CAAC8C,KAAP,CAAa,MAAM;AACjB9C,YAAM,CAACiB,KAAP,CAAa8B,MAAb,CAAoB;AAAEV,WAAG,EAAE9C,IAAI,CAAC8C;AAAZ,OAApB,EAAuC;AACrCW,YAAI,EAAE;AACJ,sCACEvC,UAAU,CAACiC,iBAAD,EAAoB9C,QAAQ,CAACwB,aAAT,EAApB;AAFR;AAD+B,OAAvC;AAMD,KAPD;AAQD;;AAED,SAAOoB,MAAP;AACD,CAxBD;;AAyBA,MAAMS,aAAa,GAAGrD,QAAQ,CAAC2C,cAA/B,C,CAEA;AACA;AACA;;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA3C,QAAQ,CAACsD,kBAAT,GACE,CAACC,QAAD,EAAWnC,OAAX,KAAuBpB,QAAQ,CAACwD,gBAAT,CAA0B;AAAED;AAAF,CAA1B,EAAwCnC,OAAxC,CADzB;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACApB,QAAQ,CAACyD,eAAT,GACE,CAACC,KAAD,EAAQtC,OAAR,KAAoBpB,QAAQ,CAACwD,gBAAT,CAA0B;AAAEE;AAAF,CAA1B,EAAqCtC,OAArC,CADtB,C,CAGA;;;AACA,MAAMuC,cAAc,GAAGC,KAAK,CAACC,KAAN,CAAYC,CAAC,IAAI;AACtCC,OAAK,CAACD,CAAD,EAAIE,MAAJ,CAAL;AACA,SAAOF,CAAC,CAACxB,MAAF,GAAW,CAAlB;AACD,CAHsB,CAAvB;AAKA,MAAM2B,iBAAiB,GAAGL,KAAK,CAACM,KAAN,CACxBN,KAAK,CAACC,KAAN,CAAYM,GAAG;AAAA;;AAAA,SAAIP,KAAK,CAACQ,IAAN,CAAWD,GAAX,EAAgBH,MAAhB,KAA2BG,GAAG,CAAC7B,MAAJ,yBAAclC,MAAM,CAACiE,QAArB,8EAAc,iBAAiBC,QAA/B,oFAAc,sBAA2BC,QAAzC,2DAAc,uBAAqCC,iBAAnD,CAA3B,IAAmG,GAAvG;AAAA,CAAf,CADwB,EACoG;AAC1HxC,QAAM,EAAE4B,KAAK,CAACC,KAAN,CAAYM,GAAG,IAAIP,KAAK,CAACQ,IAAN,CAAWD,GAAX,EAAgBH,MAAhB,KAA2BG,GAAG,CAAC7B,MAAJ,KAAe,EAA7D,CADkH;AAE1HR,WAAS,EAAE8B,KAAK,CAACM,KAAN,CAAY,SAAZ;AAF+G,CADpG,CAA1B,C,CAOA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACAlE,QAAQ,CAACyE,oBAAT,CAA8B,UAA9B,EAA0CrD,OAAO,IAAI;AACnD,MAAI,CAACA,OAAO,CAACQ,QAAb,EACE,OAAO8C,SAAP,CAFiD,CAE/B;;AAEpBX,OAAK,CAAC3C,OAAD,EAAU;AACbzB,QAAI,EAAEK,QAAQ,CAAC2E,mBADF;AAEb/C,YAAQ,EAAEqC,iBAFG;AAGbW,QAAI,EAAEhB,KAAK,CAACiB,QAAN,CAAelB,cAAf;AAHO,GAAV,CAAL;;AAOA,QAAMhE,IAAI,GAAGK,QAAQ,CAACwD,gBAAT,CAA0BpC,OAAO,CAACzB,IAAlC,EAAwC;AAACmF,UAAM;AAC1DpC,cAAQ,EAAE;AADgD,OAEvD1C,QAAQ,CAACwC,wBAF8C;AAAP,GAAxC,CAAb;;AAIA,MAAI,CAAC7C,IAAL,EAAW;AACTK,YAAQ,CAACiD,YAAT,CAAsB,gBAAtB;AACD;;AAGD,MAAI,CAACtD,IAAI,CAAC+C,QAAN,IAAkB,CAAC/C,IAAI,CAAC+C,QAAL,CAAcd,QAAjC,IACA,CAACjC,IAAI,CAAC+C,QAAL,CAAcd,QAAd,CAAuBhB,MAD5B,EACoC;AAClCZ,YAAQ,CAACiD,YAAT,CAAsB,0BAAtB;AACD;;AAED,QAAML,MAAM,GAAGS,aAAa,CAAC1D,IAAD,EAAOyB,OAAO,CAACQ,QAAf,CAA5B,CAzBmD,CA0BnD;AACA;;AACA,MACE,CAACgB,MAAM,CAACI,KAAR,IACAhD,QAAQ,CAAC+E,oBADT,IAEA/E,QAAQ,CAAC+E,oBAAT,CAA8B3D,OAAO,CAACzB,IAAtC,CAHF,EAIE;AACA,QAAI,CAACyB,OAAO,CAACwD,IAAb,EAAmB;AACjB5E,cAAQ,CAACiD,YAAT,CAAsB,2BAAtB,EAAmD,IAAnD,EAAyD,aAAzD;AACD;;AACD,QACE,CAACjD,QAAQ,CAACgF,aAAT,CACCrF,IAAI,CAAC+C,QAAL,CAAcuC,uBAAd,CAAsCC,MADvC,EAEC9D,OAAO,CAACwD,IAFT,CADH,EAKE;AACA5E,cAAQ,CAACiD,YAAT,CAAsB,kBAAtB,EAA0C,IAA1C,EAAgD,kBAAhD;AACD;AACF;;AAED,SAAOL,MAAP;AACD,CA/CD,E,CAiDA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA5C,QAAQ,CAACmF,WAAT,GAAuB,CAACtC,MAAD,EAASuC,WAAT,KAAyB;AAC9CrB,OAAK,CAAClB,MAAD,EAASc,cAAT,CAAL;AACAI,OAAK,CAACqB,WAAD,EAAczB,cAAd,CAAL;AAEA,QAAMhE,IAAI,GAAGuB,WAAW,CAAC2B,MAAD,EAAS;AAACiC,UAAM,EAAE;AACxCvB,cAAQ,EAAE;AAD8B;AAAT,GAAT,CAAxB;;AAGA,MAAI,CAAC5D,IAAL,EAAW;AACTK,YAAQ,CAACiD,YAAT,CAAsB,gBAAtB;AACD;;AAED,QAAMoC,WAAW,GAAG1F,IAAI,CAAC4D,QAAzB,CAX8C,CAa9C;;AACAvD,UAAQ,CAACsF,kCAAT,CAA4C,UAA5C,EACE,UADF,EACcF,WADd,EAC2BzF,IAAI,CAAC8C,GADhC;;AAGArC,QAAM,CAACiB,KAAP,CAAa8B,MAAb,CAAoB;AAACV,OAAG,EAAE9C,IAAI,CAAC8C;AAAX,GAApB,EAAqC;AAACW,QAAI,EAAE;AAACG,cAAQ,EAAE6B;AAAX;AAAP,GAArC,EAjB8C,CAmB9C;AACA;;AACA,MAAI;AACFpF,YAAQ,CAACsF,kCAAT,CAA4C,UAA5C,EACE,UADF,EACcF,WADd,EAC2BzF,IAAI,CAAC8C,GADhC;AAED,GAHD,CAGE,OAAO8C,EAAP,EAAW;AACX;AACAnF,UAAM,CAACiB,KAAP,CAAa8B,MAAb,CAAoB;AAACV,SAAG,EAAE9C,IAAI,CAAC8C;AAAX,KAApB,EAAqC;AAACW,UAAI,EAAE;AAACG,gBAAQ,EAAE8B;AAAX;AAAP,KAArC;AACA,UAAME,EAAN;AACD;AACF,CA7BD,C,CA+BA;AACA;AACA;;;AACAnF,MAAM,CAACoF,OAAP,CAAe;AAACC,gBAAc,EAAE,UAAUC,WAAV,EAAuBC,WAAvB,EAAoC;AAClE5B,SAAK,CAAC2B,WAAD,EAAczB,iBAAd,CAAL;AACAF,SAAK,CAAC4B,WAAD,EAAc1B,iBAAd,CAAL;;AAEA,QAAI,CAAC,KAAKpB,MAAV,EAAkB;AAChB,YAAM,IAAIzC,MAAM,CAAC2B,KAAX,CAAiB,GAAjB,EAAsB,mBAAtB,CAAN;AACD;;AAED,UAAMpC,IAAI,GAAGuB,WAAW,CAAC,KAAK2B,MAAN,EAAc;AAACiC,YAAM;AAC3CpC,gBAAQ,EAAE;AADiC,SAExC1C,QAAQ,CAACwC,wBAF+B;AAAP,KAAd,CAAxB;;AAIA,QAAI,CAAC7C,IAAL,EAAW;AACTK,cAAQ,CAACiD,YAAT,CAAsB,gBAAtB;AACD;;AAED,QAAI,CAACtD,IAAI,CAAC+C,QAAN,IAAkB,CAAC/C,IAAI,CAAC+C,QAAL,CAAcd,QAAjC,IAA6C,CAACjC,IAAI,CAAC+C,QAAL,CAAcd,QAAd,CAAuBhB,MAAzE,EAAiF;AAC/EZ,cAAQ,CAACiD,YAAT,CAAsB,0BAAtB;AACD;;AAED,UAAML,MAAM,GAAGS,aAAa,CAAC1D,IAAD,EAAO+F,WAAP,CAA5B;;AACA,QAAI9C,MAAM,CAACI,KAAX,EAAkB;AAChB,YAAMJ,MAAM,CAACI,KAAb;AACD;;AAED,UAAM4C,MAAM,GAAG3D,YAAY,CAAC0D,WAAD,CAA3B,CAzBkE,CA2BlE;AACA;AACA;AACA;;AACA,UAAME,YAAY,GAAG7F,QAAQ,CAAC8F,cAAT,CAAwB,KAAKC,UAAL,CAAgB5E,EAAxC,CAArB;;AACAf,UAAM,CAACiB,KAAP,CAAa8B,MAAb,CACE;AAAEV,SAAG,EAAE,KAAKI;AAAZ,KADF,EAEE;AACEO,UAAI,EAAE;AAAE,oCAA4BwC;AAA9B,OADR;AAEEI,WAAK,EAAE;AACL,uCAA+B;AAAEC,qBAAW,EAAE;AAAEC,eAAG,EAAEL;AAAP;AAAf;AAD1B,OAFT;AAKEM,YAAM,EAAE;AAAE,mCAA2B;AAA7B;AALV,KAFF;AAWA,WAAO;AAACC,qBAAe,EAAE;AAAlB,KAAP;AACD;AA5Cc,CAAf,E,CA+CA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACApG,QAAQ,CAACqG,WAAT,GAAuB,CAACxD,MAAD,EAASyD,oBAAT,EAA+BlF,OAA/B,KAA2C;AAChE2C,OAAK,CAAClB,MAAD,EAASmB,MAAT,CAAL;AACAD,OAAK,CAACuC,oBAAD,EAAuB1C,KAAK,CAACC,KAAN,CAAYM,GAAG;AAAA;;AAAA,WAAIP,KAAK,CAACQ,IAAN,CAAWD,GAAX,EAAgBH,MAAhB,KAA2BG,GAAG,CAAC7B,MAAJ,0BAAclC,MAAM,CAACiE,QAArB,+EAAc,kBAAiBC,QAA/B,oFAAc,sBAA2BC,QAAzC,2DAAc,uBAAqCC,iBAAnD,CAA3B,IAAmG,GAAvG;AAAA,GAAf,CAAvB,CAAL;AACAT,OAAK,CAAC3C,OAAD,EAAUwC,KAAK,CAAC2C,KAAN,CAAY;AAAEC,UAAM,EAAEC;AAAV,GAAZ,CAAV,CAAL;AACArF,SAAO;AAAKoF,UAAM,EAAE;AAAb,KAAuBpF,OAAvB,CAAP;AAEA,QAAMzB,IAAI,GAAGuB,WAAW,CAAC2B,MAAD,EAAS;AAACiC,UAAM,EAAE;AAACrC,SAAG,EAAE;AAAN;AAAT,GAAT,CAAxB;;AACA,MAAI,CAAC9C,IAAL,EAAW;AACT,UAAM,IAAIS,MAAM,CAAC2B,KAAX,CAAiB,GAAjB,EAAsB,gBAAtB,CAAN;AACD;;AAED,QAAMoB,MAAM,GAAG;AACbgD,UAAM,EAAE;AACN,iCAA2B;AADrB,KADK;AAIb/C,QAAI,EAAE;AAAC,kCAA4BnB,YAAY,CAACqE,oBAAD;AAAzC;AAJO,GAAf;;AAOA,MAAIlF,OAAO,CAACoF,MAAZ,EAAoB;AAClBrD,UAAM,CAACgD,MAAP,CAAc,6BAAd,IAA+C,CAA/C;AACD;;AAED/F,QAAM,CAACiB,KAAP,CAAa8B,MAAb,CAAoB;AAACV,OAAG,EAAE9C,IAAI,CAAC8C;AAAX,GAApB,EAAqCU,MAArC;AACD,CAvBD,C,CA0BA;AACA;AACA;AAEA;;;AACA,MAAMuD,cAAc,GAAG;AAAA,MAACC,MAAD,uEAAU,EAAV;AAAA,SAAiBA,MAAM,CAACC,GAAP,CAAWlD,KAAK,IAAIA,KAAK,CAACmD,OAA1B,CAAjB;AAAA,CAAvB,C,CAEA;AACA;;;AACAzG,MAAM,CAACoF,OAAP,CAAe;AAACsB,gBAAc,EAAE1F,OAAO,IAAI;AACzC2C,SAAK,CAAC3C,OAAD,EAAU;AAACsC,WAAK,EAAEM;AAAR,KAAV,CAAL;AAEA,UAAMrE,IAAI,GAAGK,QAAQ,CAACyD,eAAT,CAAyBrC,OAAO,CAACsC,KAAjC,EAAwC;AAAEoB,YAAM,EAAE;AAAE6B,cAAM,EAAE;AAAV;AAAV,KAAxC,CAAb;;AAEA,QAAI,CAAChH,IAAL,EAAW;AACTK,cAAQ,CAACiD,YAAT,CAAsB,gBAAtB;AACD;;AAED,UAAM0D,MAAM,GAAGD,cAAc,CAAC/G,IAAI,CAACgH,MAAN,CAA7B;AACA,UAAMI,kBAAkB,GAAGJ,MAAM,CAACK,IAAP,CACzBtD,KAAK,IAAIA,KAAK,CAACuD,WAAN,OAAwB7F,OAAO,CAACsC,KAAR,CAAcuD,WAAd,EADR,CAA3B;AAIAjH,YAAQ,CAACkH,sBAAT,CAAgCvH,IAAI,CAAC8C,GAArC,EAA0CsE,kBAA1C;AACD;AAfc,CAAf;AAiBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA/G,QAAQ,CAACmH,kBAAT,GAA8B,CAACtE,MAAD,EAASa,KAAT,EAAgB0D,MAAhB,EAAwBC,cAAxB,KAA2C;AACvE;AACA;AACA;AACA,QAAM1H,IAAI,GAAGuB,WAAW,CAAC2B,MAAD,CAAxB;;AACA,MAAI,CAAClD,IAAL,EAAW;AACTK,YAAQ,CAACiD,YAAT,CAAsB,iBAAtB;AACD,GAPsE,CASvE;;;AACA,MAAI,CAACS,KAAD,IAAU/D,IAAI,CAACgH,MAAf,IAAyBhH,IAAI,CAACgH,MAAL,CAAY,CAAZ,CAA7B,EAA6C;AAC3CjD,SAAK,GAAG/D,IAAI,CAACgH,MAAL,CAAY,CAAZ,EAAeE,OAAvB;AACD,GAZsE,CAcvE;;;AACA,MAAI,CAACnD,KAAD,IACF,CAAEgD,cAAc,CAAC/G,IAAI,CAACgH,MAAN,CAAd,CAA4BW,QAA5B,CAAqC5D,KAArC,CADJ,EACkD;AAChD1D,YAAQ,CAACiD,YAAT,CAAsB,yBAAtB;AACD;;AAED,QAAMsE,KAAK,GAAGC,MAAM,CAACtC,MAAP,EAAd;AACA,QAAMuC,WAAW,GAAG;AAClBF,SADkB;AAElB7D,SAFkB;AAGlBgE,QAAI,EAAE,IAAIC,IAAJ;AAHY,GAApB;;AAMA,MAAIP,MAAM,KAAK,eAAf,EAAgC;AAC9BK,eAAW,CAACL,MAAZ,GAAqB,OAArB;AACD,GAFD,MAEO,IAAIA,MAAM,KAAK,eAAf,EAAgC;AACrCK,eAAW,CAACL,MAAZ,GAAqB,QAArB;AACD,GAFM,MAEA,IAAIA,MAAJ,EAAY;AACjB;AACAK,eAAW,CAACL,MAAZ,GAAqBA,MAArB;AACD;;AAED,MAAIC,cAAJ,EAAoB;AAClBO,UAAM,CAACC,MAAP,CAAcJ,WAAd,EAA2BJ,cAA3B;AACD,GAtCsE,CAuCvE;AACA;AACA;;;AACA,MAAGD,MAAM,KAAK,eAAd,EAA+B;AAC7BhH,UAAM,CAACiB,KAAP,CAAa8B,MAAb,CAAoB;AAACV,SAAG,EAAE9C,IAAI,CAAC8C;AAAX,KAApB,EAAqC;AACnCW,UAAI,EAAG;AACL,oCAA4BqE;AADvB;AAD4B,KAArC,EAD6B,CAM7B;;AACArH,UAAM,CAAC0H,OAAP,CAAenI,IAAf,EAAqB,UAArB,EAAiC,UAAjC,EAA6CoI,MAA7C,GAAsDN,WAAtD;AACD,GARD,MAQO;AACLrH,UAAM,CAACiB,KAAP,CAAa8B,MAAb,CAAoB;AAACV,SAAG,EAAE9C,IAAI,CAAC8C;AAAX,KAApB,EAAqC;AACnCW,UAAI,EAAG;AACL,mCAA2BqE;AADtB;AAD4B,KAArC,EADK,CAML;;AACArH,UAAM,CAAC0H,OAAP,CAAenI,IAAf,EAAqB,UAArB,EAAiC,UAAjC,EAA6CqI,KAA7C,GAAqDP,WAArD;AACD;;AAED,SAAO;AAAC/D,SAAD;AAAQ/D,QAAR;AAAc4H;AAAd,GAAP;AACD,CA7DD;AA+DA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACAvH,QAAQ,CAACiI,yBAAT,GAAqC,CAACpF,MAAD,EAASa,KAAT,EAAgB2D,cAAhB,KAAmC;AACtE;AACA;AACA;AACA,QAAM1H,IAAI,GAAGuB,WAAW,CAAC2B,MAAD,CAAxB;;AACA,MAAI,CAAClD,IAAL,EAAW;AACTK,YAAQ,CAACiD,YAAT,CAAsB,iBAAtB;AACD,GAPqE,CAStE;;;AACA,MAAI,CAACS,KAAL,EAAY;AACV,UAAMwE,WAAW,GAAG,CAACvI,IAAI,CAACgH,MAAL,IAAe,EAAhB,EAAoBK,IAApB,CAAyBmB,CAAC,IAAI,CAACA,CAAC,CAACC,QAAjC,CAApB;AACA1E,SAAK,GAAG,CAACwE,WAAW,IAAI,EAAhB,EAAoBrB,OAA5B;;AAEA,QAAI,CAACnD,KAAL,EAAY;AACV1D,cAAQ,CAACiD,YAAT,CAAsB,8CAAtB;AACD;AACF,GAjBqE,CAmBtE;;;AACA,MAAI,CAACS,KAAD,IACF,CAAEgD,cAAc,CAAC/G,IAAI,CAACgH,MAAN,CAAd,CAA4BW,QAA5B,CAAqC5D,KAArC,CADJ,EACkD;AAChD1D,YAAQ,CAACiD,YAAT,CAAsB,yBAAtB;AACD;;AAED,QAAMsE,KAAK,GAAGC,MAAM,CAACtC,MAAP,EAAd;AACA,QAAMuC,WAAW,GAAG;AAClBF,SADkB;AAElB;AACAV,WAAO,EAAEnD,KAHS;AAIlBgE,QAAI,EAAE,IAAIC,IAAJ;AAJY,GAApB;;AAOA,MAAIN,cAAJ,EAAoB;AAClBO,UAAM,CAACC,MAAP,CAAcJ,WAAd,EAA2BJ,cAA3B;AACD;;AAEDjH,QAAM,CAACiB,KAAP,CAAa8B,MAAb,CAAoB;AAACV,OAAG,EAAE9C,IAAI,CAAC8C;AAAX,GAApB,EAAqC;AAAC4F,SAAK,EAAE;AAC3C,2CAAqCZ;AADM;AAAR,GAArC,EArCsE,CAyCtE;;AACArH,QAAM,CAAC0H,OAAP,CAAenI,IAAf,EAAqB,UAArB,EAAiC,OAAjC;;AACA,MAAI,CAACA,IAAI,CAAC+C,QAAL,CAAcgB,KAAd,CAAoB4E,kBAAzB,EAA6C;AAC3C3I,QAAI,CAAC+C,QAAL,CAAcgB,KAAd,CAAoB4E,kBAApB,GAAyC,EAAzC;AACD;;AACD3I,MAAI,CAAC+C,QAAL,CAAcgB,KAAd,CAAoB4E,kBAApB,CAAuCC,IAAvC,CAA4Cd,WAA5C;AAEA,SAAO;AAAC/D,SAAD;AAAQ/D,QAAR;AAAc4H;AAAd,GAAP;AACD,CAjDD,C,CAoDA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACAvH,QAAQ,CAACkH,sBAAT,GAAkC,CAACrE,MAAD,EAASa,KAAT,EAAgB2D,cAAhB,EAAgCmB,WAAhC,KAAgD;AAChF,QAAM;AAAC9E,SAAK,EAAE+E,SAAR;AAAmB9I,QAAnB;AAAyB4H;AAAzB,MACJvH,QAAQ,CAACmH,kBAAT,CAA4BtE,MAA5B,EAAoCa,KAApC,EAA2C,eAA3C,EAA4D2D,cAA5D,CADF;AAEA,QAAMzH,GAAG,GAAGI,QAAQ,CAAC0I,IAAT,CAAcnI,aAAd,CAA4BgH,KAA5B,EAAmCiB,WAAnC,CAAZ;AACA,QAAMpH,OAAO,GAAGpB,QAAQ,CAAC2I,uBAAT,CAAiCF,SAAjC,EAA4C9I,IAA5C,EAAkDC,GAAlD,EAAuD,eAAvD,CAAhB;AACAgJ,OAAK,CAACC,IAAN,CAAWzH,OAAX;;AACA,MAAIhB,MAAM,CAAC0I,aAAX,EAA0B;AACxBC,WAAO,CAACC,GAAR,iCAAqCpJ,GAArC;AACD;;AACD,SAAO;AAAC8D,SAAK,EAAE+E,SAAR;AAAmB9I,QAAnB;AAAyB4H,SAAzB;AAAgC3H,OAAhC;AAAqCwB;AAArC,GAAP;AACD,CAVD,C,CAYA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACApB,QAAQ,CAACiJ,mBAAT,GAA+B,CAACpG,MAAD,EAASa,KAAT,EAAgB2D,cAAhB,EAAgCmB,WAAhC,KAAgD;AAC7E,QAAM;AAAC9E,SAAK,EAAE+E,SAAR;AAAmB9I,QAAnB;AAAyB4H;AAAzB,MACJvH,QAAQ,CAACmH,kBAAT,CAA4BtE,MAA5B,EAAoCa,KAApC,EAA2C,eAA3C,EAA4D2D,cAA5D,CADF;AAEA,QAAMzH,GAAG,GAAGI,QAAQ,CAAC0I,IAAT,CAAc/H,aAAd,CAA4B4G,KAA5B,EAAmCiB,WAAnC,CAAZ;AACA,QAAMpH,OAAO,GAAGpB,QAAQ,CAAC2I,uBAAT,CAAiCF,SAAjC,EAA4C9I,IAA5C,EAAkDC,GAAlD,EAAuD,eAAvD,CAAhB;AACAgJ,OAAK,CAACC,IAAN,CAAWzH,OAAX;;AACA,MAAIhB,MAAM,CAAC0I,aAAX,EAA0B;AACxBC,WAAO,CAACC,GAAR,mCAAuCpJ,GAAvC;AACD;;AACD,SAAO;AAAC8D,SAAK,EAAE+E,SAAR;AAAmB9I,QAAnB;AAAyB4H,SAAzB;AAAgC3H,OAAhC;AAAqCwB;AAArC,GAAP;AACD,CAVD,C,CAaA;AACA;;;AACAhB,MAAM,CAACoF,OAAP,CAAe;AAACjF,eAAa,EAAE,YAAmB;AAAA,sCAAN2I,IAAM;AAANA,UAAM;AAAA;;AAChD,UAAM3B,KAAK,GAAG2B,IAAI,CAAC,CAAD,CAAlB;AACA,UAAMvD,WAAW,GAAGuD,IAAI,CAAC,CAAD,CAAxB;AACA,WAAOlJ,QAAQ,CAACmJ,YAAT,CACL,IADK,EAEL,eAFK,EAGLD,IAHK,EAIL,UAJK,EAKL,MAAM;AACJnF,WAAK,CAACwD,KAAD,EAAQvD,MAAR,CAAL;AACAD,WAAK,CAAC4B,WAAD,EAAc1B,iBAAd,CAAL;AAEA,UAAItE,IAAI,GAAGS,MAAM,CAACiB,KAAP,CAAaC,OAAb,CACT;AAAC,yCAAiCiG;AAAlC,OADS,EAET;AAACzC,cAAM,EAAE;AACPpC,kBAAQ,EAAE,CADH;AAEPiE,gBAAM,EAAE;AAFD;AAAT,OAFS,CAAX;AAQA,UAAIyC,QAAQ,GAAG,KAAf,CAZI,CAaJ;AACA;AACA;;AACA,UAAG,CAACzJ,IAAJ,EAAU;AACRA,YAAI,GAAGS,MAAM,CAACiB,KAAP,CAAaC,OAAb,CACL;AAAC,4CAAkCiG;AAAnC,SADK,EAEL;AAACzC,gBAAM,EAAE;AACPpC,oBAAQ,EAAE,CADH;AAEPiE,kBAAM,EAAE;AAFD;AAAT,SAFK,CAAP;AAOAyC,gBAAQ,GAAG,IAAX;AACD;;AACD,UAAI,CAACzJ,IAAL,EAAW;AACT,cAAM,IAAIS,MAAM,CAAC2B,KAAX,CAAiB,GAAjB,EAAsB,eAAtB,CAAN;AACD;;AACD,UAAI0F,WAAW,GAAG,EAAlB;;AACA,UAAG2B,QAAH,EAAa;AACX3B,mBAAW,GAAG9H,IAAI,CAAC+C,QAAL,CAAcd,QAAd,CAAuBmG,MAArC;AACD,OAFD,MAEO;AACLN,mBAAW,GAAG9H,IAAI,CAAC+C,QAAL,CAAcd,QAAd,CAAuBoG,KAArC;AACD;;AACD,YAAM;AAAEN,YAAF;AAAQhE;AAAR,UAAkB+D,WAAxB;;AACA,UAAI4B,eAAe,GAAGrJ,QAAQ,CAACsJ,gCAAT,EAAtB;;AACA,UAAIF,QAAJ,EAAc;AACZC,uBAAe,GAAGrJ,QAAQ,CAACuJ,iCAAT,EAAlB;AACD;;AACD,YAAMC,aAAa,GAAG7B,IAAI,CAAC8B,GAAL,EAAtB;AACA,UAAKD,aAAa,GAAG9B,IAAjB,GAAyB2B,eAA7B,EACE,MAAM,IAAIjJ,MAAM,CAAC2B,KAAX,CAAiB,GAAjB,EAAsB,eAAtB,CAAN;AACF,UAAI,CAAE2E,cAAc,CAAC/G,IAAI,CAACgH,MAAN,CAAd,CAA4BW,QAA5B,CAAqC5D,KAArC,CAAN,EACE,OAAO;AACLb,cAAM,EAAElD,IAAI,CAAC8C,GADR;AAELO,aAAK,EAAE,IAAI5C,MAAM,CAAC2B,KAAX,CAAiB,GAAjB,EAAsB,iCAAtB;AAFF,OAAP;AAKF,YAAM6D,MAAM,GAAG3D,YAAY,CAAC0D,WAAD,CAA3B,CAjDI,CAmDJ;AACA;AACA;AACA;;AACA,YAAM+D,QAAQ,GAAG1J,QAAQ,CAAC8F,cAAT,CAAwB,KAAKC,UAAL,CAAgB5E,EAAxC,CAAjB;;AACAnB,cAAQ,CAAC2J,cAAT,CAAwBhK,IAAI,CAAC8C,GAA7B,EAAkC,KAAKsD,UAAvC,EAAmD,IAAnD;;AACA,YAAM6D,eAAe,GAAG,MACtB5J,QAAQ,CAAC2J,cAAT,CAAwBhK,IAAI,CAAC8C,GAA7B,EAAkC,KAAKsD,UAAvC,EAAmD2D,QAAnD,CADF;;AAGA,UAAI;AACF;AACA;AACA;AACA;AACA,YAAIG,eAAe,GAAG,EAAtB,CALE,CAMF;;AACA,YAAGT,QAAH,EAAa;AACXS,yBAAe,GAAGzJ,MAAM,CAACiB,KAAP,CAAa8B,MAAb,CAChB;AACEV,eAAG,EAAE9C,IAAI,CAAC8C,GADZ;AAEE,8BAAkBiB,KAFpB;AAGE,8CAAkC6D;AAHpC,WADgB,EAMhB;AAACnE,gBAAI,EAAE;AAAC,0CAA4BwC,MAA7B;AACC,mCAAqB;AADtB,aAAP;AAEEO,kBAAM,EAAE;AAAC,0CAA4B;AAA7B;AAFV,WANgB,CAAlB;AASD,SAVD,MAUO;AACL0D,yBAAe,GAAGzJ,MAAM,CAACiB,KAAP,CAAa8B,MAAb,CAChB;AACEV,eAAG,EAAE9C,IAAI,CAAC8C,GADZ;AAEE,8BAAkBiB,KAFpB;AAGE,6CAAiC6D;AAHnC,WADgB,EAMhB;AAACnE,gBAAI,EAAE;AAAC,0CAA4BwC,MAA7B;AACC,mCAAqB;AADtB,aAAP;AAEEO,kBAAM,EAAE;AAAC,yCAA2B;AAA5B;AAFV,WANgB,CAAlB;AASD;;AACD,YAAI0D,eAAe,KAAK,CAAxB,EACE,OAAO;AACLhH,gBAAM,EAAElD,IAAI,CAAC8C,GADR;AAELO,eAAK,EAAE,IAAI5C,MAAM,CAAC2B,KAAX,CAAiB,GAAjB,EAAsB,eAAtB;AAFF,SAAP;AAIH,OAjCD,CAiCE,OAAO+H,GAAP,EAAY;AACZF,uBAAe;AACf,cAAME,GAAN;AACD,OAhGG,CAkGJ;AACA;;;AACA9J,cAAQ,CAAC+J,oBAAT,CAA8BpK,IAAI,CAAC8C,GAAnC;;AAEA,aAAO;AAACI,cAAM,EAAElD,IAAI,CAAC8C;AAAd,OAAP;AACD,KA5GI,CAAP;AA8GD;AAjHc,CAAf,E,CAmHA;AACA;AACA;AAGA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACAzC,QAAQ,CAACgK,qBAAT,GAAiC,CAACnH,MAAD,EAASa,KAAT,EAAgB2D,cAAhB,EAAgCmB,WAAhC,KAAgD;AAC/E;AACA;AACA;AAEA,QAAM;AAAC9E,SAAK,EAAE+E,SAAR;AAAmB9I,QAAnB;AAAyB4H;AAAzB,MACJvH,QAAQ,CAACiI,yBAAT,CAAmCpF,MAAnC,EAA2Ca,KAA3C,EAAkD2D,cAAlD,CADF;AAEA,QAAMzH,GAAG,GAAGI,QAAQ,CAAC0I,IAAT,CAAchI,WAAd,CAA0B6G,KAA1B,EAAiCiB,WAAjC,CAAZ;AACA,QAAMpH,OAAO,GAAGpB,QAAQ,CAAC2I,uBAAT,CAAiCF,SAAjC,EAA4C9I,IAA5C,EAAkDC,GAAlD,EAAuD,aAAvD,CAAhB;AACAgJ,OAAK,CAACC,IAAN,CAAWzH,OAAX;;AACA,MAAIhB,MAAM,CAAC0I,aAAX,EAA0B;AACxBC,WAAO,CAACC,GAAR,qCAAyCpJ,GAAzC;AACD;;AACD,SAAO;AAAC8D,SAAK,EAAE+E,SAAR;AAAmB9I,QAAnB;AAAyB4H,SAAzB;AAAgC3H,OAAhC;AAAqCwB;AAArC,GAAP;AACD,CAdD,C,CAgBA;AACA;;;AACAhB,MAAM,CAACoF,OAAP,CAAe;AAAC9E,aAAW,EAAE,YAAmB;AAAA,uCAANwI,IAAM;AAANA,UAAM;AAAA;;AAC9C,UAAM3B,KAAK,GAAG2B,IAAI,CAAC,CAAD,CAAlB;AACA,WAAOlJ,QAAQ,CAACmJ,YAAT,CACL,IADK,EAEL,aAFK,EAGLD,IAHK,EAIL,UAJK,EAKL,MAAM;AACJnF,WAAK,CAACwD,KAAD,EAAQvD,MAAR,CAAL;AAEA,YAAMrE,IAAI,GAAGS,MAAM,CAACiB,KAAP,CAAaC,OAAb,CACX;AAAC,mDAA2CiG;AAA5C,OADW,EAEX;AAACzC,cAAM,EAAE;AACPpC,kBAAQ,EAAE,CADH;AAEPiE,gBAAM,EAAE;AAFD;AAAT,OAFW,CAAb;AAOA,UAAI,CAAChH,IAAL,EACE,MAAM,IAAIS,MAAM,CAAC2B,KAAX,CAAiB,GAAjB,EAAsB,2BAAtB,CAAN;AAEA,YAAM0F,WAAW,GAAG9H,IAAI,CAAC+C,QAAL,CAAcgB,KAAd,CAAoB4E,kBAApB,CAAuCtB,IAAvC,CAClBiD,CAAC,IAAIA,CAAC,CAAC1C,KAAF,IAAWA,KADE,CAApB;AAGF,UAAI,CAACE,WAAL,EACE,OAAO;AACL5E,cAAM,EAAElD,IAAI,CAAC8C,GADR;AAELO,aAAK,EAAE,IAAI5C,MAAM,CAAC2B,KAAX,CAAiB,GAAjB,EAAsB,2BAAtB;AAFF,OAAP;AAKF,YAAMmI,YAAY,GAAGvK,IAAI,CAACgH,MAAL,CAAYK,IAAZ,CACnBmB,CAAC,IAAIA,CAAC,CAACtB,OAAF,IAAaY,WAAW,CAACZ,OADX,CAArB;AAGA,UAAI,CAACqD,YAAL,EACE,OAAO;AACLrH,cAAM,EAAElD,IAAI,CAAC8C,GADR;AAELO,aAAK,EAAE,IAAI5C,MAAM,CAAC2B,KAAX,CAAiB,GAAjB,EAAsB,0CAAtB;AAFF,OAAP,CA1BE,CA+BJ;AACA;AACA;AACA;AACA;;AACA3B,YAAM,CAACiB,KAAP,CAAa8B,MAAb,CACE;AAACV,WAAG,EAAE9C,IAAI,CAAC8C,GAAX;AACC,0BAAkBgF,WAAW,CAACZ;AAD/B,OADF,EAGE;AAACzD,YAAI,EAAE;AAAC,+BAAqB;AAAtB,SAAP;AACC4C,aAAK,EAAE;AAAC,+CAAqC;AAACa,mBAAO,EAAEY,WAAW,CAACZ;AAAtB;AAAtC;AADR,OAHF;AAMA,aAAO;AAAChE,cAAM,EAAElD,IAAI,CAAC8C;AAAd,OAAP;AACD,KAhDI,CAAP;AAkDD;AApDc,CAAf;AAsDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACAzC,QAAQ,CAACmK,QAAT,GAAoB,CAACtH,MAAD,EAASuH,QAAT,EAAmBhC,QAAnB,KAAgC;AAClDrE,OAAK,CAAClB,MAAD,EAASc,cAAT,CAAL;AACAI,OAAK,CAACqG,QAAD,EAAWzG,cAAX,CAAL;AACAI,OAAK,CAACqE,QAAD,EAAWxE,KAAK,CAACiB,QAAN,CAAe4B,OAAf,CAAX,CAAL;;AAEA,MAAI2B,QAAQ,KAAK,KAAK,CAAtB,EAAyB;AACvBA,YAAQ,GAAG,KAAX;AACD;;AAED,QAAMzI,IAAI,GAAGuB,WAAW,CAAC2B,MAAD,EAAS;AAACiC,UAAM,EAAE;AAAC6B,YAAM,EAAE;AAAT;AAAT,GAAT,CAAxB;AACA,MAAI,CAAChH,IAAL,EACE,MAAM,IAAIS,MAAM,CAAC2B,KAAX,CAAiB,GAAjB,EAAsB,gBAAtB,CAAN,CAXgD,CAalD;AAEA;AACA;AACA;AACA;AACA;AACA;;AACA,QAAMsI,qBAAqB,GACzB,IAAIC,MAAJ,YAAelK,MAAM,CAACmK,aAAP,CAAqBH,QAArB,CAAf,QAAkD,GAAlD,CADF;AAGA,QAAMI,iBAAiB,GAAG,CAAC7K,IAAI,CAACgH,MAAL,IAAe,EAAhB,EAAoB8D,MAApB,CACxB,CAACC,IAAD,EAAOhH,KAAP,KAAiB;AACf,QAAI2G,qBAAqB,CAACjG,IAAtB,CAA2BV,KAAK,CAACmD,OAAjC,CAAJ,EAA+C;AAC7CzG,YAAM,CAACiB,KAAP,CAAa8B,MAAb,CAAoB;AAClBV,WAAG,EAAE9C,IAAI,CAAC8C,GADQ;AAElB,0BAAkBiB,KAAK,CAACmD;AAFN,OAApB,EAGG;AAACzD,YAAI,EAAE;AACR,8BAAoBgH,QADZ;AAER,+BAAqBhC;AAFb;AAAP,OAHH;AAOA,aAAO,IAAP;AACD,KATD,MASO;AACL,aAAOsC,IAAP;AACD;AACF,GAduB,EAexB,KAfwB,CAA1B,CAxBkD,CA0ClD;AACA;AACA;AACA;AACA;AACA;;AAEA,MAAIF,iBAAJ,EAAuB;AACrB;AACD,GAnDiD,CAqDlD;;;AACAxK,UAAQ,CAACsF,kCAAT,CAA4C,gBAA5C,EACE,OADF,EACW8E,QADX,EACqBzK,IAAI,CAAC8C,GAD1B;;AAGArC,QAAM,CAACiB,KAAP,CAAa8B,MAAb,CAAoB;AAClBV,OAAG,EAAE9C,IAAI,CAAC8C;AADQ,GAApB,EAEG;AACDkI,aAAS,EAAE;AACThE,YAAM,EAAE;AACNE,eAAO,EAAEuD,QADH;AAENhC,gBAAQ,EAAEA;AAFJ;AADC;AADV,GAFH,EAzDkD,CAoElD;AACA;;AACA,MAAI;AACFpI,YAAQ,CAACsF,kCAAT,CAA4C,gBAA5C,EACE,OADF,EACW8E,QADX,EACqBzK,IAAI,CAAC8C,GAD1B;AAED,GAHD,CAGE,OAAO8C,EAAP,EAAW;AACX;AACAnF,UAAM,CAACiB,KAAP,CAAa8B,MAAb,CAAoB;AAACV,SAAG,EAAE9C,IAAI,CAAC8C;AAAX,KAApB,EACE;AAACuD,WAAK,EAAE;AAACW,cAAM,EAAE;AAACE,iBAAO,EAAEuD;AAAV;AAAT;AAAR,KADF;AAEA,UAAM7E,EAAN;AACD;AACF,CA/ED;AAiFA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACAvF,QAAQ,CAAC4K,WAAT,GAAuB,CAAC/H,MAAD,EAASa,KAAT,KAAmB;AACxCK,OAAK,CAAClB,MAAD,EAASc,cAAT,CAAL;AACAI,OAAK,CAACL,KAAD,EAAQC,cAAR,CAAL;AAEA,QAAMhE,IAAI,GAAGuB,WAAW,CAAC2B,MAAD,EAAS;AAACiC,UAAM,EAAE;AAACrC,SAAG,EAAE;AAAN;AAAT,GAAT,CAAxB;AACA,MAAI,CAAC9C,IAAL,EACE,MAAM,IAAIS,MAAM,CAAC2B,KAAX,CAAiB,GAAjB,EAAsB,gBAAtB,CAAN;AAEF3B,QAAM,CAACiB,KAAP,CAAa8B,MAAb,CAAoB;AAACV,OAAG,EAAE9C,IAAI,CAAC8C;AAAX,GAApB,EACE;AAACuD,SAAK,EAAE;AAACW,YAAM,EAAE;AAACE,eAAO,EAAEnD;AAAV;AAAT;AAAR,GADF;AAED,CAVD,C,CAYA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;;;AACA,MAAMmH,UAAU,GAAGzJ,OAAO,IAAI;AAC5B;AACA;AACA2C,OAAK,CAAC3C,OAAD,EAAUwC,KAAK,CAACkH,eAAN,CAAsB;AACnCvH,YAAQ,EAAEK,KAAK,CAACiB,QAAN,CAAeb,MAAf,CADyB;AAEnCN,SAAK,EAAEE,KAAK,CAACiB,QAAN,CAAeb,MAAf,CAF4B;AAGnCpC,YAAQ,EAAEgC,KAAK,CAACiB,QAAN,CAAeZ,iBAAf;AAHyB,GAAtB,CAAV,CAAL;AAMA,QAAM;AAAEV,YAAF;AAAYG,SAAZ;AAAmB9B;AAAnB,MAAgCR,OAAtC;AACA,MAAI,CAACmC,QAAD,IAAa,CAACG,KAAlB,EACE,MAAM,IAAItD,MAAM,CAAC2B,KAAX,CAAiB,GAAjB,EAAsB,iCAAtB,CAAN;AAEF,QAAMpC,IAAI,GAAG;AAAC+C,YAAQ,EAAE;AAAX,GAAb;;AACA,MAAId,QAAJ,EAAc;AACZ,UAAMgE,MAAM,GAAG3D,YAAY,CAACL,QAAD,CAA3B;AACAjC,QAAI,CAAC+C,QAAL,CAAcd,QAAd,GAAyB;AAAEhB,YAAM,EAAEgF;AAAV,KAAzB;AACD;;AAED,SAAO5F,QAAQ,CAAC+K,6BAAT,CAAuC;AAAEpL,QAAF;AAAQ+D,SAAR;AAAeH,YAAf;AAAyBnC;AAAzB,GAAvC,CAAP;AACD,CApBD,C,CAsBA;;;AACAhB,MAAM,CAACoF,OAAP,CAAe;AAACqF,YAAU,EAAE,YAAmB;AAAA,uCAAN3B,IAAM;AAANA,UAAM;AAAA;;AAC7C,UAAM9H,OAAO,GAAG8H,IAAI,CAAC,CAAD,CAApB;AACA,WAAOlJ,QAAQ,CAACmJ,YAAT,CACL,IADK,EAEL,YAFK,EAGLD,IAHK,EAIL,UAJK,EAKL,MAAM;AACJ;AACAnF,WAAK,CAAC3C,OAAD,EAAUwG,MAAV,CAAL;AACA,UAAI5H,QAAQ,CAACyB,QAAT,CAAkBuJ,2BAAtB,EACE,OAAO;AACLhI,aAAK,EAAE,IAAI5C,MAAM,CAAC2B,KAAX,CAAiB,GAAjB,EAAsB,mBAAtB;AADF,OAAP;AAIF,YAAMc,MAAM,GAAG7C,QAAQ,CAACiL,wBAAT,CAAkC7J,OAAlC,CAAf,CARI,CAUJ;;AACA,aAAO;AAACyB,cAAM,EAAEA;AAAT,OAAP;AACD,KAjBI,CAAP;AAmBD;AArBc,CAAf;AAuBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA7C,QAAQ,CAACiL,wBAAT,GAAqC7J,OAAD,IAAa;AAC/CA,SAAO,qBAAQA,OAAR,CAAP,CAD+C,CAE/C;;AACA,QAAMyB,MAAM,GAAGgI,UAAU,CAACzJ,OAAD,CAAzB,CAH+C,CAI/C;AACA;;AACA,MAAI,CAAEyB,MAAN,EACE,MAAM,IAAId,KAAJ,CAAU,sCAAV,CAAN,CAP6C,CAS/C;AACA;AACA;;AACA,MAAIX,OAAO,CAACsC,KAAR,IAAiB1D,QAAQ,CAACyB,QAAT,CAAkBuI,qBAAvC,EAA8D;AAC5D,QAAI5I,OAAO,CAACQ,QAAZ,EAAsB;AACpB5B,cAAQ,CAACgK,qBAAT,CAA+BnH,MAA/B,EAAuCzB,OAAO,CAACsC,KAA/C;AACD,KAFD,MAEO;AACL1D,cAAQ,CAACiJ,mBAAT,CAA6BpG,MAA7B,EAAqCzB,OAAO,CAACsC,KAA7C;AACD;AACF;;AAED,SAAOb,MAAP;AACD,CArBD,C,CAuBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA7C,QAAQ,CAAC6K,UAAT,GAAsB,CAACzJ,OAAD,EAAU8J,QAAV,KAAuB;AAC3C9J,SAAO,qBAAQA,OAAR,CAAP,CAD2C,CAG3C;;AACA,MAAI8J,QAAJ,EAAc;AACZ,UAAM,IAAInJ,KAAJ,CAAU,oEAAV,CAAN;AACD;;AAED,SAAO8I,UAAU,CAACzJ,OAAD,CAAjB;AACD,CATD,C,CAWA;AACA;AACA;;;AACAhB,MAAM,CAACiB,KAAP,CAAa8J,WAAb,CAAyB,yCAAzB,EAC0B;AAAEC,QAAM,EAAE,IAAV;AAAgBC,QAAM,EAAE;AAAxB,CAD1B;AAEAjL,MAAM,CAACiB,KAAP,CAAa8J,WAAb,CAAyB,+BAAzB,EAC0B;AAAEC,QAAM,EAAE,IAAV;AAAgBC,QAAM,EAAE;AAAxB,CAD1B;AAEAjL,MAAM,CAACiB,KAAP,CAAa8J,WAAb,CAAyB,gCAAzB,EAC0B;AAAEC,QAAM,EAAE,IAAV;AAAgBC,QAAM,EAAE;AAAxB,CAD1B,E","file":"/packages/accounts-password.js","sourcesContent":["const greet = welcomeMsg => (user, url) => {\n  const greeting =\n    user.profile && user.profile.name\n      ? `Hello ${user.profile.name},`\n      : 'Hello,';\n  return `${greeting}\n\n${welcomeMsg}, simply click the link below.\n\n${url}\n\nThank you.\n`;\n};\n\n/**\n * @summary Options to customize emails sent from the Accounts system.\n * @locus Server\n * @importFromPackage accounts-base\n */\nAccounts.emailTemplates = {\n  ...(Accounts.emailTemplates || {}),\n  from: 'Accounts Example <no-reply@example.com>',\n  siteName: Meteor.absoluteUrl()\n    .replace(/^https?:\\/\\//, '')\n    .replace(/\\/$/, ''),\n\n  resetPassword: {\n    subject: () =>\n      `How to reset your password on ${Accounts.emailTemplates.siteName}`,\n    text: greet('To reset your password'),\n  },\n  verifyEmail: {\n    subject: () =>\n      `How to verify email address on ${Accounts.emailTemplates.siteName}`,\n    text: greet('To verify your account email'),\n  },\n  enrollAccount: {\n    subject: () =>\n      `An account has been created for you on ${Accounts.emailTemplates.siteName}`,\n    text: greet('To start using the service'),\n  },\n};\n","import bcrypt from 'bcrypt'\nimport {Accounts} from \"meteor/accounts-base\";\n\nconst bcryptHash = Meteor.wrapAsync(bcrypt.hash);\nconst bcryptCompare = Meteor.wrapAsync(bcrypt.compare);\n\n// Utility for grabbing user\nconst getUserById = (id, options) => Meteor.users.findOne(id, Accounts._addDefaultFieldSelector(options));\n\n// User records have a 'services.password.bcrypt' field on them to hold\n// their hashed passwords.\n//\n// When the client sends a password to the server, it can either be a\n// string (the plaintext password) or an object with keys 'digest' and\n// 'algorithm' (must be \"sha-256\" for now). The Meteor client always sends\n// password objects { digest: *, algorithm: \"sha-256\" }, but DDP clients\n// that don't have access to SHA can just send plaintext passwords as\n// strings.\n//\n// When the server receives a plaintext password as a string, it always\n// hashes it with SHA256 before passing it into bcrypt. When the server\n// receives a password as an object, it asserts that the algorithm is\n// \"sha-256\" and then passes the digest to bcrypt.\n\n\nAccounts._bcryptRounds = () => Accounts._options.bcryptRounds || 10;\n\n// Given a 'password' from the client, extract the string that we should\n// bcrypt. 'password' can be one of:\n//  - String (the plaintext password)\n//  - Object with 'digest' and 'algorithm' keys. 'algorithm' must be \"sha-256\".\n//\nconst getPasswordString = password => {\n  if (typeof password === \"string\") {\n    password = SHA256(password);\n  } else { // 'password' is an object\n    if (password.algorithm !== \"sha-256\") {\n      throw new Error(\"Invalid password hash algorithm. \" +\n                      \"Only 'sha-256' is allowed.\");\n    }\n    password = password.digest;\n  }\n  return password;\n};\n\n// Use bcrypt to hash the password for storage in the database.\n// `password` can be a string (in which case it will be run through\n// SHA256 before bcrypt) or an object with properties `digest` and\n// `algorithm` (in which case we bcrypt `password.digest`).\n//\nconst hashPassword = password => {\n  password = getPasswordString(password);\n  return bcryptHash(password, Accounts._bcryptRounds());\n};\n\n// Extract the number of rounds used in the specified bcrypt hash.\nconst getRoundsFromBcryptHash = hash => {\n  let rounds;\n  if (hash) {\n    const hashSegments = hash.split('$');\n    if (hashSegments.length > 2) {\n      rounds = parseInt(hashSegments[2], 10);\n    }\n  }\n  return rounds;\n};\n\n// Check whether the provided password matches the bcrypt'ed password in\n// the database user record. `password` can be a string (in which case\n// it will be run through SHA256 before bcrypt) or an object with\n// properties `digest` and `algorithm` (in which case we bcrypt\n// `password.digest`).\n//\n// The user parameter needs at least user._id and user.services\nAccounts._checkPasswordUserFields = {_id: 1, services: 1};\n//\nAccounts._checkPassword = (user, password) => {\n  const result = {\n    userId: user._id\n  };\n\n  const formattedPassword = getPasswordString(password);\n  const hash = user.services.password.bcrypt;\n  const hashRounds = getRoundsFromBcryptHash(hash);\n\n  if (! bcryptCompare(formattedPassword, hash)) {\n    result.error = Accounts._handleError(\"Incorrect password\", false);\n  } else if (hash && Accounts._bcryptRounds() != hashRounds) {\n    // The password checks out, but the user's bcrypt hash needs to be updated.\n    Meteor.defer(() => {\n      Meteor.users.update({ _id: user._id }, {\n        $set: {\n          'services.password.bcrypt':\n            bcryptHash(formattedPassword, Accounts._bcryptRounds())\n        }\n      });\n    });\n  }\n\n  return result;\n};\nconst checkPassword = Accounts._checkPassword;\n\n///\n/// LOGIN\n///\n\n\n/**\n * @summary Finds the user with the specified username.\n * First tries to match username case sensitively; if that fails, it\n * tries case insensitively; but if more than one user matches the case\n * insensitive search, it returns null.\n * @locus Server\n * @param {String} username The username to look for\n * @param {Object} [options]\n * @param {MongoFieldSpecifier} options.fields Dictionary of fields to return or exclude.\n * @returns {Object} A user if found, else null\n * @importFromPackage accounts-base\n */\nAccounts.findUserByUsername =\n  (username, options) => Accounts._findUserByQuery({ username }, options);\n\n/**\n * @summary Finds the user with the specified email.\n * First tries to match email case sensitively; if that fails, it\n * tries case insensitively; but if more than one user matches the case\n * insensitive search, it returns null.\n * @locus Server\n * @param {String} email The email address to look for\n * @param {Object} [options]\n * @param {MongoFieldSpecifier} options.fields Dictionary of fields to return or exclude.\n * @returns {Object} A user if found, else null\n * @importFromPackage accounts-base\n */\nAccounts.findUserByEmail =\n  (email, options) => Accounts._findUserByQuery({ email }, options);\n\n// XXX maybe this belongs in the check package\nconst NonEmptyString = Match.Where(x => {\n  check(x, String);\n  return x.length > 0;\n});\n\nconst passwordValidator = Match.OneOf(\n  Match.Where(str => Match.test(str, String) && str.length <= Meteor.settings?.packages?.accounts?.passwordMaxLength || 256), {\n    digest: Match.Where(str => Match.test(str, String) && str.length === 64),\n    algorithm: Match.OneOf('sha-256')\n  }\n);\n\n// Handler to login with a password.\n//\n// The Meteor client sets options.password to an object with keys\n// 'digest' (set to SHA256(password)) and 'algorithm' (\"sha-256\").\n//\n// For other DDP clients which don't have access to SHA, the handler\n// also accepts the plaintext password in options.password as a string.\n//\n// (It might be nice if servers could turn the plaintext password\n// option off. Or maybe it should be opt-in, not opt-out?\n// Accounts.config option?)\n//\n// Note that neither password option is secure without SSL.\n//\nAccounts.registerLoginHandler(\"password\", options => {\n  if (!options.password)\n    return undefined; // don't handle\n\n  check(options, {\n    user: Accounts._userQueryValidator,\n    password: passwordValidator,\n    code: Match.Optional(NonEmptyString),\n  });\n\n\n  const user = Accounts._findUserByQuery(options.user, {fields: {\n    services: 1,\n    ...Accounts._checkPasswordUserFields,\n  }});\n  if (!user) {\n    Accounts._handleError(\"User not found\");\n  }\n\n\n  if (!user.services || !user.services.password ||\n      !user.services.password.bcrypt) {\n    Accounts._handleError(\"User has no password set\");\n  }\n\n  const result = checkPassword(user, options.password);\n  // This method is added by the package accounts-2fa\n  // First the login is validated, then the code situation is checked\n  if (\n    !result.error &&\n    Accounts._is2faEnabledForUser &&\n    Accounts._is2faEnabledForUser(options.user)\n  ) {\n    if (!options.code) {\n      Accounts._handleError('2FA code must be informed', true, 'no-2fa-code');\n    }\n    if (\n      !Accounts._isTokenValid(\n        user.services.twoFactorAuthentication.secret,\n        options.code\n      )\n    ) {\n      Accounts._handleError('Invalid 2FA code', true, 'invalid-2fa-code');\n    }\n  }\n\n  return result;\n});\n\n///\n/// CHANGING\n///\n\n/**\n * @summary Change a user's username. Use this instead of updating the\n * database directly. The operation will fail if there is an existing user\n * with a username only differing in case.\n * @locus Server\n * @param {String} userId The ID of the user to update.\n * @param {String} newUsername A new username for the user.\n * @importFromPackage accounts-base\n */\nAccounts.setUsername = (userId, newUsername) => {\n  check(userId, NonEmptyString);\n  check(newUsername, NonEmptyString);\n\n  const user = getUserById(userId, {fields: {\n    username: 1,\n  }});\n  if (!user) {\n    Accounts._handleError(\"User not found\");\n  }\n\n  const oldUsername = user.username;\n\n  // Perform a case insensitive check for duplicates before update\n  Accounts._checkForCaseInsensitiveDuplicates('username',\n    'Username', newUsername, user._id);\n\n  Meteor.users.update({_id: user._id}, {$set: {username: newUsername}});\n\n  // Perform another check after update, in case a matching user has been\n  // inserted in the meantime\n  try {\n    Accounts._checkForCaseInsensitiveDuplicates('username',\n      'Username', newUsername, user._id);\n  } catch (ex) {\n    // Undo update if the check fails\n    Meteor.users.update({_id: user._id}, {$set: {username: oldUsername}});\n    throw ex;\n  }\n};\n\n// Let the user change their own password if they know the old\n// password. `oldPassword` and `newPassword` should be objects with keys\n// `digest` and `algorithm` (representing the SHA256 of the password).\nMeteor.methods({changePassword: function (oldPassword, newPassword) {\n  check(oldPassword, passwordValidator);\n  check(newPassword, passwordValidator);\n\n  if (!this.userId) {\n    throw new Meteor.Error(401, \"Must be logged in\");\n  }\n\n  const user = getUserById(this.userId, {fields: {\n    services: 1,\n    ...Accounts._checkPasswordUserFields,\n  }});\n  if (!user) {\n    Accounts._handleError(\"User not found\");\n  }\n\n  if (!user.services || !user.services.password || !user.services.password.bcrypt) {\n    Accounts._handleError(\"User has no password set\");\n  }\n\n  const result = checkPassword(user, oldPassword);\n  if (result.error) {\n    throw result.error;\n  }\n\n  const hashed = hashPassword(newPassword);\n\n  // It would be better if this removed ALL existing tokens and replaced\n  // the token for the current connection with a new one, but that would\n  // be tricky, so we'll settle for just replacing all tokens other than\n  // the one for the current connection.\n  const currentToken = Accounts._getLoginToken(this.connection.id);\n  Meteor.users.update(\n    { _id: this.userId },\n    {\n      $set: { 'services.password.bcrypt': hashed },\n      $pull: {\n        'services.resume.loginTokens': { hashedToken: { $ne: currentToken } }\n      },\n      $unset: { 'services.password.reset': 1 }\n    }\n  );\n\n  return {passwordChanged: true};\n}});\n\n\n// Force change the users password.\n\n/**\n * @summary Forcibly change the password for a user.\n * @locus Server\n * @param {String} userId The id of the user to update.\n * @param {String} newPassword A new password for the user.\n * @param {Object} [options]\n * @param {Object} options.logout Logout all current connections with this userId (default: true)\n * @importFromPackage accounts-base\n */\nAccounts.setPassword = (userId, newPlaintextPassword, options) => {\n  check(userId, String)\n  check(newPlaintextPassword, Match.Where(str => Match.test(str, String) && str.length <= Meteor.settings?.packages?.accounts?.passwordMaxLength || 256))\n  check(options, Match.Maybe({ logout: Boolean }))\n  options = { logout: true , ...options };\n\n  const user = getUserById(userId, {fields: {_id: 1}});\n  if (!user) {\n    throw new Meteor.Error(403, \"User not found\");\n  }\n\n  const update = {\n    $unset: {\n      'services.password.reset': 1\n    },\n    $set: {'services.password.bcrypt': hashPassword(newPlaintextPassword)}\n  };\n\n  if (options.logout) {\n    update.$unset['services.resume.loginTokens'] = 1;\n  }\n\n  Meteor.users.update({_id: user._id}, update);\n};\n\n\n///\n/// RESETTING VIA EMAIL\n///\n\n// Utility for plucking addresses from emails\nconst pluckAddresses = (emails = []) => emails.map(email => email.address);\n\n// Method called by a user to request a password reset email. This is\n// the start of the reset process.\nMeteor.methods({forgotPassword: options => {\n  check(options, {email: String})\n\n  const user = Accounts.findUserByEmail(options.email, { fields: { emails: 1 } });\n\n  if (!user) {\n    Accounts._handleError(\"User not found\");\n  }\n\n  const emails = pluckAddresses(user.emails);\n  const caseSensitiveEmail = emails.find(\n    email => email.toLowerCase() === options.email.toLowerCase()\n  );\n\n  Accounts.sendResetPasswordEmail(user._id, caseSensitiveEmail);\n}});\n\n/**\n * @summary Generates a reset token and saves it into the database.\n * @locus Server\n * @param {String} userId The id of the user to generate the reset token for.\n * @param {String} email Which address of the user to generate the reset token for. This address must be in the user's `emails` list. If `null`, defaults to the first email in the list.\n * @param {String} reason `resetPassword` or `enrollAccount`.\n * @param {Object} [extraTokenData] Optional additional data to be added into the token record.\n * @returns {Object} Object with {email, user, token} values.\n * @importFromPackage accounts-base\n */\nAccounts.generateResetToken = (userId, email, reason, extraTokenData) => {\n  // Make sure the user exists, and email is one of their addresses.\n  // Don't limit the fields in the user object since the user is returned\n  // by the function and some other fields might be used elsewhere.\n  const user = getUserById(userId);\n  if (!user) {\n    Accounts._handleError(\"Can't find user\");\n  }\n\n  // pick the first email if we weren't passed an email.\n  if (!email && user.emails && user.emails[0]) {\n    email = user.emails[0].address;\n  }\n\n  // make sure we have a valid email\n  if (!email ||\n    !(pluckAddresses(user.emails).includes(email))) {\n    Accounts._handleError(\"No such email for user.\");\n  }\n\n  const token = Random.secret();\n  const tokenRecord = {\n    token,\n    email,\n    when: new Date()\n  };\n\n  if (reason === 'resetPassword') {\n    tokenRecord.reason = 'reset';\n  } else if (reason === 'enrollAccount') {\n    tokenRecord.reason = 'enroll';\n  } else if (reason) {\n    // fallback so that this function can be used for unknown reasons as well\n    tokenRecord.reason = reason;\n  }\n\n  if (extraTokenData) {\n    Object.assign(tokenRecord, extraTokenData);\n  }\n  // if this method is called from the enroll account work-flow then\n  // store the token record in 'services.password.enroll' db field\n  // else store the token record in in 'services.password.reset' db field\n  if(reason === 'enrollAccount') {\n    Meteor.users.update({_id: user._id}, {\n      $set : {\n        'services.password.enroll': tokenRecord\n      }\n    });\n    // before passing to template, update user object with new token\n    Meteor._ensure(user, 'services', 'password').enroll = tokenRecord;\n  } else {\n    Meteor.users.update({_id: user._id}, {\n      $set : {\n        'services.password.reset': tokenRecord\n      }\n    });\n    // before passing to template, update user object with new token\n    Meteor._ensure(user, 'services', 'password').reset = tokenRecord;\n  }\n\n  return {email, user, token};\n};\n\n/**\n * @summary Generates an e-mail verification token and saves it into the database.\n * @locus Server\n * @param {String} userId The id of the user to generate the  e-mail verification token for.\n * @param {String} email Which address of the user to generate the e-mail verification token for. This address must be in the user's `emails` list. If `null`, defaults to the first unverified email in the list.\n * @param {Object} [extraTokenData] Optional additional data to be added into the token record.\n * @returns {Object} Object with {email, user, token} values.\n * @importFromPackage accounts-base\n */\nAccounts.generateVerificationToken = (userId, email, extraTokenData) => {\n  // Make sure the user exists, and email is one of their addresses.\n  // Don't limit the fields in the user object since the user is returned\n  // by the function and some other fields might be used elsewhere.\n  const user = getUserById(userId);\n  if (!user) {\n    Accounts._handleError(\"Can't find user\");\n  }\n\n  // pick the first unverified email if we weren't passed an email.\n  if (!email) {\n    const emailRecord = (user.emails || []).find(e => !e.verified);\n    email = (emailRecord || {}).address;\n\n    if (!email) {\n      Accounts._handleError(\"That user has no unverified email addresses.\");\n    }\n  }\n\n  // make sure we have a valid email\n  if (!email ||\n    !(pluckAddresses(user.emails).includes(email))) {\n    Accounts._handleError(\"No such email for user.\");\n  }\n\n  const token = Random.secret();\n  const tokenRecord = {\n    token,\n    // TODO: This should probably be renamed to \"email\" to match reset token record.\n    address: email,\n    when: new Date()\n  };\n\n  if (extraTokenData) {\n    Object.assign(tokenRecord, extraTokenData);\n  }\n\n  Meteor.users.update({_id: user._id}, {$push: {\n    'services.email.verificationTokens': tokenRecord\n  }});\n\n  // before passing to template, update user object with new token\n  Meteor._ensure(user, 'services', 'email');\n  if (!user.services.email.verificationTokens) {\n    user.services.email.verificationTokens = [];\n  }\n  user.services.email.verificationTokens.push(tokenRecord);\n\n  return {email, user, token};\n};\n\n\n// send the user an email with a link that when opened allows the user\n// to set a new password, without the old password.\n\n/**\n * @summary Send an email with a link the user can use to reset their password.\n * @locus Server\n * @param {String} userId The id of the user to send email to.\n * @param {String} [email] Optional. Which address of the user's to send the email to. This address must be in the user's `emails` list. Defaults to the first email in the list.\n * @param {Object} [extraTokenData] Optional additional data to be added into the token record.\n * @param {Object} [extraParams] Optional additional params to be added to the reset url.\n * @returns {Object} Object with {email, user, token, url, options} values.\n * @importFromPackage accounts-base\n */\nAccounts.sendResetPasswordEmail = (userId, email, extraTokenData, extraParams) => {\n  const {email: realEmail, user, token} =\n    Accounts.generateResetToken(userId, email, 'resetPassword', extraTokenData);\n  const url = Accounts.urls.resetPassword(token, extraParams);\n  const options = Accounts.generateOptionsForEmail(realEmail, user, url, 'resetPassword');\n  Email.send(options);\n  if (Meteor.isDevelopment) {\n    console.log(`\\nReset password URL: ${url}`);\n  }\n  return {email: realEmail, user, token, url, options};\n};\n\n// send the user an email informing them that their account was created, with\n// a link that when opened both marks their email as verified and forces them\n// to choose their password. The email must be one of the addresses in the\n// user's emails field, or undefined to pick the first email automatically.\n//\n// This is not called automatically. It must be called manually if you\n// want to use enrollment emails.\n\n/**\n * @summary Send an email with a link the user can use to set their initial password.\n * @locus Server\n * @param {String} userId The id of the user to send email to.\n * @param {String} [email] Optional. Which address of the user's to send the email to. This address must be in the user's `emails` list. Defaults to the first email in the list.\n * @param {Object} [extraTokenData] Optional additional data to be added into the token record.\n * @param {Object} [extraParams] Optional additional params to be added to the enrollment url.\n * @returns {Object} Object with {email, user, token, url, options} values.\n * @importFromPackage accounts-base\n */\nAccounts.sendEnrollmentEmail = (userId, email, extraTokenData, extraParams) => {\n  const {email: realEmail, user, token} =\n    Accounts.generateResetToken(userId, email, 'enrollAccount', extraTokenData);\n  const url = Accounts.urls.enrollAccount(token, extraParams);\n  const options = Accounts.generateOptionsForEmail(realEmail, user, url, 'enrollAccount');\n  Email.send(options);\n  if (Meteor.isDevelopment) {\n    console.log(`\\nEnrollment email URL: ${url}`);\n  }\n  return {email: realEmail, user, token, url, options};\n};\n\n\n// Take token from sendResetPasswordEmail or sendEnrollmentEmail, change\n// the users password, and log them in.\nMeteor.methods({resetPassword: function (...args) {\n  const token = args[0];\n  const newPassword = args[1];\n  return Accounts._loginMethod(\n    this,\n    \"resetPassword\",\n    args,\n    \"password\",\n    () => {\n      check(token, String);\n      check(newPassword, passwordValidator);\n\n      let user = Meteor.users.findOne(\n        {\"services.password.reset.token\": token},\n        {fields: {\n          services: 1,\n          emails: 1,\n        }}\n      );\n\n      let isEnroll = false;\n      // if token is in services.password.reset db field implies\n      // this method is was not called from enroll account workflow\n      // else this method is called from enroll account workflow\n      if(!user) {\n        user = Meteor.users.findOne(\n          {\"services.password.enroll.token\": token},\n          {fields: {\n            services: 1,\n            emails: 1,\n          }}\n        );\n        isEnroll = true;\n      }\n      if (!user) {\n        throw new Meteor.Error(403, \"Token expired\");\n      }\n      let tokenRecord = {};\n      if(isEnroll) {\n        tokenRecord = user.services.password.enroll;\n      } else {\n        tokenRecord = user.services.password.reset;\n      }\n      const { when, email } = tokenRecord;\n      let tokenLifetimeMs = Accounts._getPasswordResetTokenLifetimeMs();\n      if (isEnroll) {\n        tokenLifetimeMs = Accounts._getPasswordEnrollTokenLifetimeMs();\n      }\n      const currentTimeMs = Date.now();\n      if ((currentTimeMs - when) > tokenLifetimeMs)\n        throw new Meteor.Error(403, \"Token expired\");\n      if (!(pluckAddresses(user.emails).includes(email)))\n        return {\n          userId: user._id,\n          error: new Meteor.Error(403, \"Token has invalid email address\")\n        };\n\n      const hashed = hashPassword(newPassword);\n\n      // NOTE: We're about to invalidate tokens on the user, who we might be\n      // logged in as. Make sure to avoid logging ourselves out if this\n      // happens. But also make sure not to leave the connection in a state\n      // of having a bad token set if things fail.\n      const oldToken = Accounts._getLoginToken(this.connection.id);\n      Accounts._setLoginToken(user._id, this.connection, null);\n      const resetToOldToken = () =>\n        Accounts._setLoginToken(user._id, this.connection, oldToken);\n\n      try {\n        // Update the user record by:\n        // - Changing the password to the new one\n        // - Forgetting about the reset token or enroll token that was just used\n        // - Verifying their email, since they got the password reset via email.\n        let affectedRecords = {};\n        // if reason is enroll then check services.password.enroll.token field for affected records\n        if(isEnroll) {\n          affectedRecords = Meteor.users.update(\n            {\n              _id: user._id,\n              'emails.address': email,\n              'services.password.enroll.token': token\n            },\n            {$set: {'services.password.bcrypt': hashed,\n                    'emails.$.verified': true},\n              $unset: {'services.password.enroll': 1 }});\n        } else {\n          affectedRecords = Meteor.users.update(\n            {\n              _id: user._id,\n              'emails.address': email,\n              'services.password.reset.token': token\n            },\n            {$set: {'services.password.bcrypt': hashed,\n                    'emails.$.verified': true},\n              $unset: {'services.password.reset': 1 }});\n        }\n        if (affectedRecords !== 1)\n          return {\n            userId: user._id,\n            error: new Meteor.Error(403, \"Invalid email\")\n          };\n      } catch (err) {\n        resetToOldToken();\n        throw err;\n      }\n\n      // Replace all valid login tokens with new ones (changing\n      // password should invalidate existing sessions).\n      Accounts._clearAllLoginTokens(user._id);\n\n      return {userId: user._id};\n    }\n  );\n}});\n\n///\n/// EMAIL VERIFICATION\n///\n\n\n// send the user an email with a link that when opened marks that\n// address as verified\n\n/**\n * @summary Send an email with a link the user can use verify their email address.\n * @locus Server\n * @param {String} userId The id of the user to send email to.\n * @param {String} [email] Optional. Which address of the user's to send the email to. This address must be in the user's `emails` list. Defaults to the first unverified email in the list.\n * @param {Object} [extraTokenData] Optional additional data to be added into the token record.\n * @param {Object} [extraParams] Optional additional params to be added to the verification url.\n *\n * @returns {Object} Object with {email, user, token, url, options} values.\n * @importFromPackage accounts-base\n */\nAccounts.sendVerificationEmail = (userId, email, extraTokenData, extraParams) => {\n  // XXX Also generate a link using which someone can delete this\n  // account if they own said address but weren't those who created\n  // this account.\n\n  const {email: realEmail, user, token} =\n    Accounts.generateVerificationToken(userId, email, extraTokenData);\n  const url = Accounts.urls.verifyEmail(token, extraParams);\n  const options = Accounts.generateOptionsForEmail(realEmail, user, url, 'verifyEmail');\n  Email.send(options);\n  if (Meteor.isDevelopment) {\n    console.log(`\\nVerification email URL: ${url}`);\n  }\n  return {email: realEmail, user, token, url, options};\n};\n\n// Take token from sendVerificationEmail, mark the email as verified,\n// and log them in.\nMeteor.methods({verifyEmail: function (...args) {\n  const token = args[0];\n  return Accounts._loginMethod(\n    this,\n    \"verifyEmail\",\n    args,\n    \"password\",\n    () => {\n      check(token, String);\n\n      const user = Meteor.users.findOne(\n        {'services.email.verificationTokens.token': token},\n        {fields: {\n          services: 1,\n          emails: 1,\n        }}\n      );\n      if (!user)\n        throw new Meteor.Error(403, \"Verify email link expired\");\n\n        const tokenRecord = user.services.email.verificationTokens.find(\n          t => t.token == token\n        );\n      if (!tokenRecord)\n        return {\n          userId: user._id,\n          error: new Meteor.Error(403, \"Verify email link expired\")\n        };\n\n      const emailsRecord = user.emails.find(\n        e => e.address == tokenRecord.address\n      );\n      if (!emailsRecord)\n        return {\n          userId: user._id,\n          error: new Meteor.Error(403, \"Verify email link is for unknown address\")\n        };\n\n      // By including the address in the query, we can use 'emails.$' in the\n      // modifier to get a reference to the specific object in the emails\n      // array. See\n      // http://www.mongodb.org/display/DOCS/Updating/#Updating-The%24positionaloperator)\n      // http://www.mongodb.org/display/DOCS/Updating#Updating-%24pull\n      Meteor.users.update(\n        {_id: user._id,\n         'emails.address': tokenRecord.address},\n        {$set: {'emails.$.verified': true},\n         $pull: {'services.email.verificationTokens': {address: tokenRecord.address}}});\n\n      return {userId: user._id};\n    }\n  );\n}});\n\n/**\n * @summary Add an email address for a user. Use this instead of directly\n * updating the database. The operation will fail if there is a different user\n * with an email only differing in case. If the specified user has an existing\n * email only differing in case however, we replace it.\n * @locus Server\n * @param {String} userId The ID of the user to update.\n * @param {String} newEmail A new email address for the user.\n * @param {Boolean} [verified] Optional - whether the new email address should\n * be marked as verified. Defaults to false.\n * @importFromPackage accounts-base\n */\nAccounts.addEmail = (userId, newEmail, verified) => {\n  check(userId, NonEmptyString);\n  check(newEmail, NonEmptyString);\n  check(verified, Match.Optional(Boolean));\n\n  if (verified === void 0) {\n    verified = false;\n  }\n\n  const user = getUserById(userId, {fields: {emails: 1}});\n  if (!user)\n    throw new Meteor.Error(403, \"User not found\");\n\n  // Allow users to change their own email to a version with a different case\n\n  // We don't have to call checkForCaseInsensitiveDuplicates to do a case\n  // insensitive check across all emails in the database here because: (1) if\n  // there is no case-insensitive duplicate between this user and other users,\n  // then we are OK and (2) if this would create a conflict with other users\n  // then there would already be a case-insensitive duplicate and we can't fix\n  // that in this code anyway.\n  const caseInsensitiveRegExp =\n    new RegExp(`^${Meteor._escapeRegExp(newEmail)}$`, 'i');\n\n  const didUpdateOwnEmail = (user.emails || []).reduce(\n    (prev, email) => {\n      if (caseInsensitiveRegExp.test(email.address)) {\n        Meteor.users.update({\n          _id: user._id,\n          'emails.address': email.address\n        }, {$set: {\n          'emails.$.address': newEmail,\n          'emails.$.verified': verified\n        }});\n        return true;\n      } else {\n        return prev;\n      }\n    },\n    false\n  );\n\n  // In the other updates below, we have to do another call to\n  // checkForCaseInsensitiveDuplicates to make sure that no conflicting values\n  // were added to the database in the meantime. We don't have to do this for\n  // the case where the user is updating their email address to one that is the\n  // same as before, but only different because of capitalization. Read the\n  // big comment above to understand why.\n\n  if (didUpdateOwnEmail) {\n    return;\n  }\n\n  // Perform a case insensitive check for duplicates before update\n  Accounts._checkForCaseInsensitiveDuplicates('emails.address',\n    'Email', newEmail, user._id);\n\n  Meteor.users.update({\n    _id: user._id\n  }, {\n    $addToSet: {\n      emails: {\n        address: newEmail,\n        verified: verified\n      }\n    }\n  });\n\n  // Perform another check after update, in case a matching user has been\n  // inserted in the meantime\n  try {\n    Accounts._checkForCaseInsensitiveDuplicates('emails.address',\n      'Email', newEmail, user._id);\n  } catch (ex) {\n    // Undo update if the check fails\n    Meteor.users.update({_id: user._id},\n      {$pull: {emails: {address: newEmail}}});\n    throw ex;\n  }\n}\n\n/**\n * @summary Remove an email address for a user. Use this instead of updating\n * the database directly.\n * @locus Server\n * @param {String} userId The ID of the user to update.\n * @param {String} email The email address to remove.\n * @importFromPackage accounts-base\n */\nAccounts.removeEmail = (userId, email) => {\n  check(userId, NonEmptyString);\n  check(email, NonEmptyString);\n\n  const user = getUserById(userId, {fields: {_id: 1}});\n  if (!user)\n    throw new Meteor.Error(403, \"User not found\");\n\n  Meteor.users.update({_id: user._id},\n    {$pull: {emails: {address: email}}});\n}\n\n///\n/// CREATING USERS\n///\n\n// Shared createUser function called from the createUser method, both\n// if originates in client or server code. Calls user provided hooks,\n// does the actual user insertion.\n//\n// returns the user id\nconst createUser = options => {\n  // Unknown keys allowed, because a onCreateUserHook can take arbitrary\n  // options.\n  check(options, Match.ObjectIncluding({\n    username: Match.Optional(String),\n    email: Match.Optional(String),\n    password: Match.Optional(passwordValidator)\n  }));\n\n  const { username, email, password } = options;\n  if (!username && !email)\n    throw new Meteor.Error(400, \"Need to set a username or email\");\n\n  const user = {services: {}};\n  if (password) {\n    const hashed = hashPassword(password);\n    user.services.password = { bcrypt: hashed };\n  }\n\n  return Accounts._createUserCheckingDuplicates({ user, email, username, options })\n};\n\n// method for create user. Requests come from the client.\nMeteor.methods({createUser: function (...args) {\n  const options = args[0];\n  return Accounts._loginMethod(\n    this,\n    \"createUser\",\n    args,\n    \"password\",\n    () => {\n      // createUser() above does more checking.\n      check(options, Object);\n      if (Accounts._options.forbidClientAccountCreation)\n        return {\n          error: new Meteor.Error(403, \"Signups forbidden\")\n        };\n\n      const userId = Accounts.createUserVerifyingEmail(options);\n\n      // client gets logged in as the new user afterwards.\n      return {userId: userId};\n    }\n  );\n}});\n\n/**\n * @summary Creates an user and sends an email if `options.email` is informed.\n * Then if the `sendVerificationEmail` option from the `Accounts` package is\n * enabled, you'll send a verification email if `options.password` is informed,\n * otherwise you'll send an enrollment email.\n * @locus Server\n * @param {Object} options The options object to be passed down when creating\n * the user\n * @param {String} options.username A unique name for this user.\n * @param {String} options.email The user's email address.\n * @param {String} options.password The user's password. This is __not__ sent in plain text over the wire.\n * @param {Object} options.profile The user's profile, typically including the `name` field.\n * @importFromPackage accounts-base\n * */\nAccounts.createUserVerifyingEmail = (options) => {\n  options = { ...options };\n  // Create user. result contains id and token.\n  const userId = createUser(options);\n  // safety belt. createUser is supposed to throw on error. send 500 error\n  // instead of sending a verification email with empty userid.\n  if (! userId)\n    throw new Error(\"createUser failed to insert new user\");\n\n  // If `Accounts._options.sendVerificationEmail` is set, register\n  // a token to verify the user's primary email, and send it to\n  // that address.\n  if (options.email && Accounts._options.sendVerificationEmail) {\n    if (options.password) {\n      Accounts.sendVerificationEmail(userId, options.email);\n    } else {\n      Accounts.sendEnrollmentEmail(userId, options.email);\n    }\n  }\n\n  return userId;\n};\n\n// Create user directly on the server.\n//\n// Unlike the client version, this does not log you in as this user\n// after creation.\n//\n// returns userId or throws an error if it can't create\n//\n// XXX add another argument (\"server options\") that gets sent to onCreateUser,\n// which is always empty when called from the createUser method? eg, \"admin:\n// true\", which we want to prevent the client from setting, but which a custom\n// method calling Accounts.createUser could set?\n//\nAccounts.createUser = (options, callback) => {\n  options = { ...options };\n\n  // XXX allow an optional callback?\n  if (callback) {\n    throw new Error(\"Accounts.createUser with callback not supported on the server yet.\");\n  }\n\n  return createUser(options);\n};\n\n///\n/// PASSWORD-SPECIFIC INDEXES ON USERS\n///\nMeteor.users.createIndex('services.email.verificationTokens.token',\n                          { unique: true, sparse: true });\nMeteor.users.createIndex('services.password.reset.token',\n                          { unique: true, sparse: true });\nMeteor.users.createIndex('services.password.enroll.token',\n                          { unique: true, sparse: true });\n"]}