From 09979ce792f54b8d3b157686609fe87853c831b7 Mon Sep 17 00:00:00 2001
From: "holger.trampe" <htrampe@gmail.com>
Date: Fri, 23 Jul 2021 11:55:54 +0200
Subject: [PATCH] stuff

---
 api/urls.py                                   |   2 +
 api/views.py                                  |  30 +++--
 .../__pycache__/settings.cpython-38.pyc       | Bin 4788 -> 4704 bytes
 digitaleagentur/settings.py                   |  15 ++-
 requirements.txt                              |   1 +
 users/mainwebsocket.py                        |   2 +-
 users/middleware/__init__.py                  |   0
 .../__pycache__/__init__.cpython-38.pyc       | Bin 0 -> 174 bytes
 .../__pycache__/oauth.cpython-38.pyc          | Bin 0 -> 3384 bytes
 users/middleware/oauth.py                     | 108 ++++++++++++++++++
 users/templates/users/base.html               |   9 +-
 users/urls.py                                 |  12 +-
 12 files changed, 149 insertions(+), 30 deletions(-)
 create mode 100644 users/middleware/__init__.py
 create mode 100644 users/middleware/__pycache__/__init__.cpython-38.pyc
 create mode 100644 users/middleware/__pycache__/oauth.cpython-38.pyc
 create mode 100644 users/middleware/oauth.py

diff --git a/api/urls.py b/api/urls.py
index 987d2ed..e3740d6 100644
--- a/api/urls.py
+++ b/api/urls.py
@@ -11,4 +11,6 @@ urlpatterns = [
     path('getchatrooms/', views.getchatrooms, name='api-getchatrooms'),
     path('getsinglechat/<int:pk>', views.getsinglechat, name='api-getsinglechat'),
     path('chatnewmessage/', views.savenewchatmessage, name='api-savechatmessage'),
+    # MIGRATION
+    path('migrateagencyusers/<int:pk>', views.migrateAgencyUsers, name="api-migrateagencyusers")
 ]
\ No newline at end of file
diff --git a/api/views.py b/api/views.py
index a7037f8..daa15b5 100644
--- a/api/views.py
+++ b/api/views.py
@@ -1,6 +1,6 @@
 from rest_framework.views import APIView
 from rest_framework.response import Response
-from rest_framework.permissions import IsAuthenticated  # <-- Here
+#from rest_framework.permissions import IsAuthenticated  # <-- Here
 import json
 from standards.models import Standards
 from rest_framework import serializers
@@ -14,36 +14,37 @@ from django.http import HttpResponseRedirect,HttpResponse, JsonResponse
 
 from timemanagement.models import Absence
 
+
 class GetUserId(APIView):
-    permission_classes = (IsAuthenticated,)             # <-- And here
+    #permission_classes = (IsAuthenticated,)             # <-- And here
 
     def post(self, request):
         return Response({"userid" : self.request.user.pk})
 
 
 @api_view(['POST', ])
-@permission_classes((IsAuthenticated,))
+#@permission_classes((IsAuthenticated,))
 def getStandardList(request):
 	standards = Standards.objects.filter(agency=request.user.profile.agency)
 	ser = StandardsSerializer(standards, many=True)
 	return Response(ser.data, status=status.HTTP_200_OK)
 
 @api_view(['POST', ])
-@permission_classes((IsAuthenticated,))
+#@permission_classes((IsAuthenticated,))
 def getSingleStandard(request, pk):
 	standard = Standards.objects.get(pk=int(pk))
 	ser = StandardsSerializer(standard, many=False)
 	return Response(ser.data, status=status.HTTP_200_OK)
 
 @api_view(['POST', ])
-@permission_classes((IsAuthenticated,))
+#@permission_classes((IsAuthenticated,))
 def logoutByToken(request):	
 	print(request)
 	request.user.auth_token.delete()
 	return Response(status=status.HTTP_200_OK)
 
 @api_view(['POST', ])
-@permission_classes((IsAuthenticated,))
+#@permission_classes((IsAuthenticated,))
 def getchatrooms(request):	
 	chatrooms = ChatRoom.objects.filter(creator=request.user) | ChatRoom.objects.filter(chatmember_single=request.user)
 	chatrooms_ser = ChatRoomSerializer(chatrooms, many=True)
@@ -51,7 +52,7 @@ def getchatrooms(request):
 
 
 @api_view(['POST', ])
-@permission_classes((IsAuthenticated,))
+#@permission_classes((IsAuthenticated,))
 def getsinglechat(request, pk):		
 	chatroom = ChatRoom.objects.get(pk=pk)
 	if chatroom.creator == request.user or chatroom.chatmember_single == request.user or (request.user in chatroom.chatmembers.all()):
@@ -62,7 +63,7 @@ def getsinglechat(request, pk):
 
 
 @api_view(['POST', ])
-@permission_classes((IsAuthenticated,))
+#@permission_classes((IsAuthenticated,))
 def savenewchatmessage(request):	
 	room = ChatRoom.objects.get(pk=request.POST["room"])
 	if(request.user == room.creator or request.user == room.chatmember_single):
@@ -74,4 +75,15 @@ def savenewchatmessage(request):
 	else:
 		return Response(status=status.HTTP_403_FORBIDDEN)
 
-	
+# IMPORTED MODELS FOR MIGRATION
+from users.models import Agency
+from django.contrib.auth.models import User
+
+@api_view(['GET', ])
+def migrateAgencyUsers(request, pk):
+	datapackage = {}
+	Ag = Agency.objects.get(pk=pk)
+	for user in User.objects.filter(profile__agency=Ag):
+		if(len(user.email) > 0 and len(user.first_name) > 0 and len(user.last_name) > 0):
+			datapackage.update({str(user.pk) : {"userid" : user.email, "displayname" : user.first_name + " " + user.last_name}})
+	return JsonResponse(datapackage)
\ No newline at end of file
diff --git a/digitaleagentur/__pycache__/settings.cpython-38.pyc b/digitaleagentur/__pycache__/settings.cpython-38.pyc
index 28f51676a475f70c92fbac7c36c802b0f1324fb3..c2a23f55f3cbf5a8f6a568a90bef4a907e889440 100644
GIT binary patch
delta 198
zcmdm@`ap#@l$V!_0SLY~{7Semkyn=S(nRg+Iw|()+))xK4pEXRj_C|3{3%W;&M7V_
zt|@NmESZcc?sHhu8Kb09JW@O}88;g+uHcYWD=khfD%Q)*Oi9T}El(^;)yq#TEy>XH
zcLb7~&vH64PA=qDU|Pwrc`bJfD^C$O&`u~Z*-G%WDI?QY7CsghCPpA+0+S%tAEy6I
fe^~yr2r@A+{b%6@%QG=Cu>5EG2NIneB@_h!>-07k

delta 321
zcmaE$vPG3Ql$V!_0SJ!v{7lH6$SccuWuo?Vy>zZ9i4^-N$rOilh7|r3#}ua&=M<L|
z*L0Rl#uT?XEa{9<QYr2!9_frJo^zNs>oKn2*!+*vjImymvC6P0wYVfcttc@!wLHHl
zTQ9M+BqKGiBr`d&Br`uxFC;%ZHO~=6tV#<_OF?Q;Zf0>YP<gSQXEBoE)D%soC^;8b
zH^)$)ka)+?5D!<s5Km{v5Kn)<cxNBS$pPFfGEq`61p%%>zMjFsP|4t6*Wk@z+%2q}
zD;bImfqpJBocv7Swdpq&UKSQ6Mj&JYlOWa~rvFTTSpKsJGO>VIY+NiLIVL6smj6uu
LfZ_s^*@U71NO@yh

diff --git a/digitaleagentur/settings.py b/digitaleagentur/settings.py
index 3eafca2..b057e85 100644
--- a/digitaleagentur/settings.py
+++ b/digitaleagentur/settings.py
@@ -109,7 +109,8 @@ MIDDLEWARE = [
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'django_user_agents.middleware.UserAgentMiddleware',
     'simple_history.middleware.HistoryRequestMiddleware',
-    'auditlog.middleware.AuditlogMiddleware'
+    'auditlog.middleware.AuditlogMiddleware',
+    'users.middleware.oauth.OAuthMiddleware'
 ]
 
 ROOT_URLCONF = 'digitaleagentur.urls'
@@ -132,15 +133,18 @@ TEMPLATES = [
 
 REST_FRAMEWORK = {
     'DEFAULT_AUTHENTICATION_CLASSES': (
-        'rest_framework.authentication.TokenAuthentication',
+        #'rest_framework.authentication.TokenAuthentication',
+        #'rest_framework.permissions.AllowAny',
     ),
-    'DEFAULT_PERMISSION_CLASSES': [
-        'rest_framework.permissions.IsAuthenticated',
-    ],
+    #'DEFAULT_PERMISSION_CLASSES': [
+    #    'rest_framework.permissions.IsAuthenticated',
+    #],
 }
 
 #WSGI_APPLICATION = 'digitaleagentur.wsgi.application'
 ASGI_APPLICATION = "digitaleagentur.routing.application"
+
+
 CHANNEL_LAYERS = {
     'default': {
         'BACKEND': 'channels_redis.core.RedisChannelLayer',
@@ -152,6 +156,7 @@ CHANNEL_LAYERS = {
 
 
 
+
 # Password validation
 # https://docs.djangoproject.com/en/2.2/ref/settings/#auth-password-validators
 
diff --git a/requirements.txt b/requirements.txt
index 684c26e..fe94bb4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -36,3 +36,4 @@ xhtml2pdf==0.2.5
 django-simple-captcha==0.5.13
 auditlog3==1.0.1
 filetype==1.0.7
+Authlib==0.15.3
\ No newline at end of file
diff --git a/users/mainwebsocket.py b/users/mainwebsocket.py
index aa843ab..ecd02c2 100644
--- a/users/mainwebsocket.py
+++ b/users/mainwebsocket.py
@@ -9,7 +9,7 @@ from django.contrib.auth.models import User
 from rest_framework.authtoken.models import Token
 
 class UsersConsumer(WebsocketConsumer):
-
+    
     appconnect = False
     '''
 
diff --git a/users/middleware/__init__.py b/users/middleware/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/users/middleware/__pycache__/__init__.cpython-38.pyc b/users/middleware/__pycache__/__init__.cpython-38.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..d713153003039236f82964d51084dc7cfb6c4504
GIT binary patch
literal 174
zcmWIL<>g`k0+9(n6F~H15P=LBfgA@QE@lA|DGb33nv8xc8Hzx{2;x_;erR!OQL%nT
zNl{{ML8`uAYDGzMPJU^Men3%XSz?L4yJv`gN@jXyNn%cFVtQ&`Noi4hUb22ESXXXl
oN=i;@d16tjetdjpUS>&ryk0@&Ee@O9{FKt1R6CGmpMjVG08H*JAOHXW

literal 0
HcmV?d00001

diff --git a/users/middleware/__pycache__/oauth.cpython-38.pyc b/users/middleware/__pycache__/oauth.cpython-38.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..dd9f9b0b6b87574e0671011af5a76a1705a6209e
GIT binary patch
literal 3384
zcma)8&2JmW6`z^?<Z?w)vf{{Y>nH)zmPJbyK^>#55=4mAScpv<wgjaM6r0t~NLp#h
zrDvA5MJ$T~5)fZp^wukN%%!JZddV?=#9n*KpU_^?_hw0nRt>ZycK7Yfo44=l_nX;S
zSnvq^w*K+2FR!-<`6s^2|4exK1TJ+3H%>TBNsk7UqRdj(GXg`)Mr!t~z|yjr+C3+5
zv}~nruNKs_Y^PqY9@Kk&;OloMUFbD}hL+v5*=q$YE!Wb;-cqnc$!COnynaS_UDQsE
z;2QUzkoLlN;0bBd(tEfu%nvuE%p|;7`VEA-7CzX{jzu3{T`71XMVy1&e2{RSisz9O
z50V#2zs*W}<3RM|lhS!4v;8C$pk?kTp)ID_0qB4UCGtG!AE+3=JpaS&;7|PyZh{1q
zlYnvmE3!{H<HlJnFu2LBGZL7>;x>2A$SDnMkX>HWvQtGExL*;I1T~DWZ0ZOueeK3f
zf2F#iY)mh;0zyts$%Gd49IBGDQ&N!7-~=quZrdy^H5>?8x?z~~lROM1t}U%Bg4{v;
zrV{CX=^uzZltK-%z7k*4vKEGM8YvZqUz2}7TEm2>wZmLSy@6QkiWhmDW<$RANG8vs
zeC@NX?KPepBzcsI2-2AkW!R6`hI&=+BIRrPo1MXlY=8?3a4DTX>eJE6m5@6#cV7$L
zg*7%@7=rpS#n6u+<;OMoOO)=CKinF#m*j{|jDnq0*(%7yd`ZqJBNP(yw51CJr8#rQ
zhL)i`Ae#j_vW{%9;XvV_PzeRu<xXKF^smOB>Da2Qau=+A3s!4rm6F1mcqqYao!8bO
z^%K7U-E*eB`WDA03s7Ph8QX=eN59D%g?&n&ki5a`_|#fWUPCR^_zRWpZ0wv)n%qC9
zW2bOtbA?$rr}*`0blL*OUFRP7U`<*tF*7drZh%E>scwuZoBd|pa}5R*)}lZc0Nd+;
zYEWn0(#ogsag<Oh$@*<WUI)!!L5h87l*3RflztS)pisR*<2X`09SW7pWl)xH!L9U%
z10Lm~Qh6Ijrd9Xo==RmB4`imzO|5j+(=3is^>Jt3Mhu0&_+bZGaOqf(qY5&HmKZZ^
zh$B`|PG8Z9aZc2ixyeax!KjVcd_}qWij9rJm^kOq9=Tf>m{h&4R?x!W7R<AP6-MaI
zwE7J_Z&!A4R+scodHp3R*eOH)f(+VSqzwc>KkA9^&|w&0gJVP-4wp6pB|d30`9qj2
z9f(}hk1uQbJ=;41&QhffqdDq}7m3Q1L<mR+RSdu^z&Cm(N^2mKeqP$K6p(584(cGS
z1N^lUkpHMO)Nn8GqBu{U3GD(KNO=QQFKcxzJ{0ls4mh~gzYB}@A|=p2%`=3V)MQKa
zI(6aSqBiwdgSm9H{(qP84d%;Q_Dsm<GReiZ`~iGx^wyL)G+nGg{nNcDKGyA5`ZG2U
zhcX#8F%I<$9;w5<ERwu*a3D;0dr{WGRJr_cV`uwbxbygaxO;DFd-ML*lkF#^If(MZ
z(o=aPbM-vQ59K1Jp@}PCyEuSEL&g`YwV&SK+U#zJ-HivEr9VGZF2q20GMoY=xQ>jP
zfmb4&2Zh9zFIz~k@lZ-&$53bA7-R#9oh#pmTd;JwdKO~am9Qfdc@quL=Q=s^=lJ3&
zl>tE~U`%#!wLfpVs;92324M3FsxVl!4mUzQ`1`cQe9K?5srkK0+4l^d44$sx!)y!w
z4P9`TEkp4=kUf|gz4Jec{u*&(oY;_`!lnKWw}KwQp2Y#FK#UcNTy=|sbnM9Y5JUNt
z#3v?T_bxYZ#j!2#;*%RUKx6a?&^84`+uXbX`hY(m?+VjLjvVDK2b#S^_AcQL*q!2h
zm-K&TlDu~8$-hxDHYpkTFlXY5U2+?6JU0JmenEau`s|Ae)oxcep~OvBgRES{QYQWV
zEEIh{$N+?Gs&z)qho7(RZmw=T-dw%6`FQi)?Y5^oL04NMYn8Qqne{@R#Cho@DikjU
za8BX6api4PVA-+!34RN={I(^3gEDqQg#`n6xTK;g_XURK9Z<Ljm%0Tv!WvLOldS+&
z8C?O)0(K1>3fQ7I*=Y4@5wEuCYg~&ohWw+eh<!I&h6=#G@e!~tJlRK(x&AU_l|oj3
zN`Y1BeEy7XMNPPo0P$&HxSxv?eT18%qRUu51kDI8r4OkPfeY>0prapM_4_p_{+H93
zKkc*+LJkgNk*8Z-P~*5?Wha6|?J(W&(74lXT=-HtVaP=a=MwZsAIRwF?W=xFb@1rr
z;h78RKMYGR40{<LrYQSi_;eVh)r>w0$=`y>(g!}ulei~<MYyh_#PB6LUM@@zWU)xW
zg}IV1p$fuWVr)oydPjFz!*uU3>aD=#=(%otIao!ONt3+}bgDRz@I5&2b&%y}bb^5e
z@4ZotA4UCx3*IqMQF9*J(_H;QNAAZT-ucz9tNw0P3pxr|F^`9^c_9syE7Rd&o}{Y7
z#Q+ZH+7XFIyTI3+-hp(9ROy{g?|J3T>9RNj(t|Iei!&{~WnO!Og5Cwo=9R-~1u@Lm
aTp}+E?XFj~`WX9NVS;_=y6WGmp6ow<olvL%

literal 0
HcmV?d00001

diff --git a/users/middleware/oauth.py b/users/middleware/oauth.py
new file mode 100644
index 0000000..00bbfe4
--- /dev/null
+++ b/users/middleware/oauth.py
@@ -0,0 +1,108 @@
+from authlib.integrations.base_client import OAuthError
+from authlib.integrations.django_client import OAuth
+from authlib.oauth2.rfc6749 import OAuth2Token
+from django.shortcuts import redirect
+from django.utils.deprecation import MiddlewareMixin
+from users.models import Agency, Profile
+from django.contrib.auth.models import User
+from django.contrib.auth import login
+from digitaleagentur import settings
+
+class OAuthMiddleware(MiddlewareMixin):
+
+    def __init__(self, get_response=None):
+        super().__init__(get_response)
+        self.oauth = OAuth()
+
+    def process_request(self, request):
+        if settings.OAUTH_URL_WHITELISTS is not None:
+            for w in settings.OAUTH_URL_WHITELISTS:
+                if request.path.startswith(w):
+                    return self.get_response(request)
+
+        def update_token(token, refresh_token, access_token):
+            request.session['token'] = token
+            return None
+
+        # Check, if logged user is in Database - if not, create and save by SUB
+        def checkUserInDatabase(userdata):
+            # Get sub of current user
+            sub = userdata
+            activeuser = None
+            # Check in Database, if user exist - if not, create new user
+            if not User.objects.filter(username = sub).exists():
+                pr = Profile(user=None, agency=Agency.objects.get(pk=1))
+                pr.save()
+                print(pr)
+                activeuser = User.objects.create(username=sub, profile=pr)
+                pr.user = activeuser
+                pr.save()
+            else:
+                activeuser = User.objects.get(username=sub)
+    
+            if activeuser is not None:
+                login(request, activeuser)
+
+        sso_client = self.oauth.register(
+            settings.OAUTH_CLIENT_NAME, overwrite=True, **settings.OAUTH_CLIENT, update_token=update_token
+        )
+        if request.path.startswith('/users/oauth/callback'):
+            self.clear_session(request)
+            request.session['token'] = sso_client.authorize_access_token(request)
+            if self.get_current_user(sso_client, request) is not None:
+                redirect_uri = request.session.pop('redirect_uri', None)
+                if redirect_uri is not None:
+                    return redirect(redirect_uri)
+                return redirect('users-dashboard')
+
+        if request.session.get('token', None) is not None:
+            #current_user = self.get_current_user(sso_client, request)
+            current_user = request.session.get('token').get('user_id')
+            if current_user is not None:
+                checkUserInDatabase(current_user)
+                return self.get_response(request)
+
+        # remember redirect URI for redirecting to the original URL.
+        request.session['redirect_uri'] = request.path
+        return sso_client.authorize_redirect(request, settings.OAUTH_CLIENT['redirect_uri'])
+
+    # fetch current login user info
+    # 1. check if it's in cache
+    # 2. fetch from remote API when it's not in cache
+    @staticmethod
+    def get_current_user(sso_client, request):
+        token = request.session.get('token', None)
+        if token is None or 'access_token' not in token:
+            return None
+
+        if not OAuth2Token.from_dict(token).is_expired() and 'user' in request.session:
+            return request.session['user']
+    
+        try:
+            res = sso_client.get(settings.OAUTH_CLIENT['userinfo_endpoint'], token=OAuth2Token(token))
+            if res.ok:
+                print("OK WE ARE HERE!")
+                print(res)
+                #request.session['user'] = res.json()
+                #request.session['user'] = res
+                return True
+                #return res.json()
+            else:
+                print(res)
+        except OAuthError as e:
+            print(e)
+        
+        return None
+
+    @staticmethod
+    def clear_session(request):
+        try:
+            del request.session['user']
+            del request.session['token']
+        except KeyError:
+            pass
+
+    def __del__(self):
+        print('destroyed')
+
+    
diff --git a/users/templates/users/base.html b/users/templates/users/base.html
index a591827..a6ca51e 100644
--- a/users/templates/users/base.html
+++ b/users/templates/users/base.html
@@ -875,7 +875,7 @@ $(document).on('click', function (e) {
 
 <!-- WEBSOCKETS -->
 <script type="text/javascript">
-
+  /*
 $(document).ready(function(){
 
   $("#chat_alluserscontent").hide();
@@ -897,10 +897,7 @@ $(document).ready(function(){
       //HANDLER FOR ALL PUSHNOTIFICATIONS
       if(e["data"].split("__")[0] == "pushnotification"){
 
-          /*
-          Check for Chat-Message in CHatview or invisible-Browser
-          */
-          tempsplit = e["data"].split("__");
+         tempsplit = e["data"].split("__");
           finalsplit = tempsplit[1].split(" ");
 
           if(finalsplit[0] != "Chat"){
@@ -1048,7 +1045,7 @@ $("#chatButton").click(function(){
       }
    });
 });
-
+*/
 
 </script>
 <!-- Billstatus -->
diff --git a/users/urls.py b/users/urls.py
index fcf564b..07909f7 100644
--- a/users/urls.py
+++ b/users/urls.py
@@ -18,17 +18,11 @@ urlpatterns = [
     path('logout/', auth_views.LogoutView.as_view(template_name='users/logout.html'), name='users-logout'),
     path('usersman/', permission_required('users.usermanager')(UsersManagement.as_view(template_name="users/users_management.html")), name='users-management'),
     path('usersman/adduser/', permission_required('users.usermanager')(UsersCreateUser.as_view(template_name="users/users_adduser.html")), name='users-adduser'),
-    #path('usersman/profile/', views.profile, name='users-profile'),    
-    #path('usersman/<int:pk>/', views.ProfileUpdateView, name='users-update'),  
-    #path('usersman/<int:pk>/', permission_required('users.usermanager')(ProfileUpdateView.as_view()), name='users-update'),
     path('usersman/<int:pk>/perms', permission_required('users.usermanager')(UsersPermUpdateView.as_view()), name='users-perm-update'),
     path('usersman/<int:pk>/delete', permission_required('users.usermanager')(ProfileDeleteView.as_view()), name='users-delete'),
     path('usersman/gd/<int:pk>', views.getDataFromToDelUser, name="users-delete-getdata"),
     path('userlog/<int:pk>', views.showUserLog, name="users-log"),
-    #path('agencyinfo/', views.agency, name='agencyinfo'),    
-    #path('agencyinfo/<int:pk>/', permission_required('users.agency_change')(AgencyUpdateView.as_view()), name='agency-manage'), 
     path('usersman/<int:pk>/prio', views.UsersPrio, name='users-prio'),
-    #path('prioupdate/', views.UsersPrioUpdate, name="users-prioupdate"),
     path('areataskupdate/<int:pk>/', views.UsersAreaTaskUpdate, name="users-areataskupdate"),
     path('globalsearch/', views.GlobalSearch, name="globalsearch"),
     path('standardrout/', views.searchStandardRouter, name="standardrouter"),
@@ -46,9 +40,9 @@ urlpatterns = [
     path('icsall/<int:ag>', views.getICSFileAll, name="geticsall"),
     path('icspublic/<slug:code>/<int:ag>', views.getICSFileEx, name="getics"),
     path('icspublicall/<slug:code>/<int:ag>', views.getICSFileExAll, name="geticsall"),
-    path('updateuserorga/', views.UpdateUserOrga, name="update-user-orga")
-    #path('recalculateabsence/<slug:code>', views.recalculateAbsence, name="recalculateabsence"),
-
+    path('updateuserorga/', views.UpdateUserOrga, name="update-user-orga"),
+    # OAUTH
+    path('oauth/callback', views.oauthCallBack, name="oauthcallback"),
 ]