0001-misc-apply-black-52457.patch

         'disable_existing_loggers': True,
         'filters': {
             'cleaning': {
                 '()':  'authentic2.utils.CleanLogMessage',
                 '()': 'authentic2.utils.CleanLogMessage',
             },
             'request_context': {
                 '()':  'authentic2.log_filters.RequestContextFilter',
                 '()': 'authentic2.log_filters.RequestContextFilter',
             },
             'force_debug': {
                 '()': 'authentic2.log_filters.ForceDebugFilter',
+            }
             },
         },
         'formatters': {
             'syslog': {
-...
     def extract_settings_from_environ():
         import json
         from django.core.exceptions import ImproperlyConfigured
         global MANAGERS, DATABASES, SENTRY_TRANSPORT, SENTRY_DSN, INSTALLED_APPS, \
                 SECURE_PROXY_SSL_HEADER, CACHES, SESSION_ENGINE, LDAP_AUTH_SETTINGS
         global MANAGERS, DATABASES, SENTRY_TRANSPORT, SENTRY_DSN, INSTALLED_APPS, SECURE_PROXY_SSL_HEADER, CACHES, SESSION_ENGINE, LDAP_AUTH_SETTINGS
         BOOLEAN_ENVS = (
                'DEBUG',
                'DEBUG_PROPAGATE_EXCEPTIONS',
                'SESSION_EXPIRE_AT_BROWSER_CLOSE',
                'SESSION_COOKIE_SECURE',
                'EMAIL_USE_TLS',
                'USE_X_FORWARDED_HOST',
                'DISCO_SERVICE',
                'DISCO_USE_OF_METADATA',
                'SHOW_DISCO_IN_MD',
                'SSLAUTH_CREATE_USER',
                'PUSH_PROFILE_UPDATES',
                'A2_ACCEPT_EMAIL_AUTHENTICATION',
                'A2_CAN_RESET_PASSWORD',
                'A2_REGISTRATION_CAN_DELETE_ACCOUNT',
                'A2_REGISTRATION_EMAIL_IS_UNIQUE',
                'REGISTRATION_OPEN',
                'A2_AUTH_PASSWORD_ENABLE',
                'SSLAUTH_ENABLE',
                'A2_IDP_SAML2_ENABLE',
             'DEBUG',
             'DEBUG_PROPAGATE_EXCEPTIONS',
             'SESSION_EXPIRE_AT_BROWSER_CLOSE',
             'SESSION_COOKIE_SECURE',
             'EMAIL_USE_TLS',
             'USE_X_FORWARDED_HOST',
             'DISCO_SERVICE',
             'DISCO_USE_OF_METADATA',
             'SHOW_DISCO_IN_MD',
             'SSLAUTH_CREATE_USER',
             'PUSH_PROFILE_UPDATES',
             'A2_ACCEPT_EMAIL_AUTHENTICATION',
             'A2_CAN_RESET_PASSWORD',
             'A2_REGISTRATION_CAN_DELETE_ACCOUNT',
             'A2_REGISTRATION_EMAIL_IS_UNIQUE',
             'REGISTRATION_OPEN',
             'A2_AUTH_PASSWORD_ENABLE',
             'SSLAUTH_ENABLE',
             'A2_IDP_SAML2_ENABLE',
+        )
         def to_boolean(name, default=True):
-...
                     globals()[path_env] = tuple(os.environ[path_env].split(':')) + tuple(old)
         INT_ENVS = (
                 'SESSION_COOKIE_AGE',
                 'EMAIL_PORT',
                 'AUTHENTICATION_EVENT_EXPIRATION',
                 'LOCAL_METADATA_CACHE_TIMEOUT',
                 'ACCOUNT_ACTIVATION_DAYS',
                 'PASSWORD_RESET_TIMEOUT_DAYS',
             'SESSION_COOKIE_AGE',
             'EMAIL_PORT',
             'AUTHENTICATION_EVENT_EXPIRATION',
             'LOCAL_METADATA_CACHE_TIMEOUT',
             'ACCOUNT_ACTIVATION_DAYS',
             'PASSWORD_RESET_TIMEOUT_DAYS',
+        )
         def to_int(name, default):
-...
                 except ValueError:
                     raise ImproperlyConfigured('environement variable %s must be an integer' % int_env)
         ADMINS = ()
         if 'ADMINS' in os.environ:
             ADMINS = filter(None, os.environ.get('ADMINS').split(':'))
             ADMINS = [ admin.split(';') for admin in ADMINS ]
             ADMINS = [admin.split(';') for admin in ADMINS]
             for admin in ADMINS:
                 assert len(admin) == 2, 'ADMINS setting must be a colon separated list of name and emails separated by a semi-colon'
                 assert (
                     len(admin) == 2
                 ), 'ADMINS setting must be a colon separated list of name and emails separated by a semi-colon'
                 assert '@' in admin[1], 'ADMINS setting pairs second value must be emails'
             MANAGERS = ADMINS
         for key in os.environ:
             if key.startswith('DATABASE_'):
                 prefix, db_key = key.split('_', 1)
-...
             try:
                 import memcache
             except:
                 raise ImproperlyConfigured('Python memcache library is not installed, please do: pip install memcache')
                 raise ImproperlyConfigured(
                     'Python memcache library is not installed, please do: pip install memcache'
+                )
             CACHES = {
                     'default': {
                         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
                         'LOCATION': '127.0.0.1:11211',
                         'KEY_PREFIX': 'authentic2',
+                        }
+                    }
                 'default': {
                     'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
                     'LOCATION': '127.0.0.1:11211',
                     'KEY_PREFIX': 'authentic2',
+                }
+            }
             SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'
         # extract any key starting with setting
         for key in os.environ:
             if key.startswith('SETTING_'):
                 setting_key = key[len('SETTING_'):]
                 setting_key = key[len('SETTING_') :]
                 value = os.environ[key]
                 try:
                      value = int(value)
                     value = int(value)
                 except ValueError:
                      pass
                     pass
                 globals()[setting_key] = value
     extract_settings_from_environ()
     CONFIG_FILE = '/etc/authentic2/config.py'

     # SECURITY WARNING: don't run with debug turned on in production!
     DEBUG = False
     #ADMINS = (
     # ADMINS = (
     #        # ('User 1', 'watchdog@example.net'),
     #        # ('User 2', 'janitor@example.net'),
     #)
     # )
     # ALLOWED_HOSTS must be correct in production!
     # See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
     ALLOWED_HOSTS = [
             '*',
         '*',
+    ]
     # Databases
     # Default: a local database named "authentic"
     # https://docs.djangoproject.com/en/1.7/ref/settings/#databases
     # Warning: don't change ENGINE
     #DATABASES['default']['NAME'] = 'authentic2_multitenant'
     #DATABASES['default']['USER'] = 'authentic-multitenant'
     #DATABASES['default']['PASSWORD'] = '******'
     #DATABASES['default']['HOST'] = 'localhost'
     #DATABASES['default']['PORT'] = '5432'
     # DATABASES['default']['NAME'] = 'authentic2_multitenant'
     # DATABASES['default']['USER'] = 'authentic-multitenant'
     # DATABASES['default']['PASSWORD'] = '******'
     # DATABASES['default']['HOST'] = 'localhost'
     # DATABASES['default']['PORT'] = '5432'
     LANGUAGE_CODE = 'fr-fr'
     TIME_ZONE = 'Europe/Paris'
     # Sentry / Raven configuration
     #RAVEN_CONFIG = {
     # RAVEN_CONFIG = {
     #    'dsn': '',
     #}
     # }
     # Email configuration
     #EMAIL_SUBJECT_PREFIX = '[authentic] '
     #SERVER_EMAIL = 'root@authentic.example.org'
     #DEFAULT_FROM_EMAIL = 'webmaster@authentic.example.org'
     # EMAIL_SUBJECT_PREFIX = '[authentic] '
     # SERVER_EMAIL = 'root@authentic.example.org'
     # DEFAULT_FROM_EMAIL = 'webmaster@authentic.example.org'
     # SMTP configuration
     #EMAIL_HOST = 'localhost'
     #EMAIL_HOST_USER = ''
     #EMAIL_HOST_PASSWORD = ''
     #EMAIL_PORT = 25
     # EMAIL_HOST = 'localhost'
     # EMAIL_HOST_USER = ''
     # EMAIL_HOST_PASSWORD = ''
     # EMAIL_PORT = 25
     # HTTPS Security
     #CSRF_COOKIE_SECURE = True
     #SESSION_COOKIE_SECURE = True
     # CSRF_COOKIE_SECURE = True
     # SESSION_COOKIE_SECURE = True
     # Idp
     # SAML 2.0 IDP
     #A2_IDP_SAML2_ENABLE = False
     # A2_IDP_SAML2_ENABLE = False
     # CAS 1.0 / 2.0 IDP
     #A2_IDP_CAS_ENABLE = False
     # A2_IDP_CAS_ENABLE = False
     # Authentifications
     #A2_AUTH_PASSWORD_ENABLE = True
     #A2_SSLAUTH_ENABLE = False
     # A2_AUTH_PASSWORD_ENABLE = True
     # A2_SSLAUTH_ENABLE = False

     # Add authentic2 hobo agent
     INSTALLED_APPS = ('hobo.agent.authentic2',) + INSTALLED_APPS
     LOGGING['filters'].update({
         'cleaning': {
             '()':  'authentic2.utils.CleanLogMessage',
         },
     })
     LOGGING['filters'].update(
+        {
             'cleaning': {
                 '()': 'authentic2.utils.CleanLogMessage',
             },
+        }
+    )
     for handler in LOGGING['handlers'].values():
         handler.setdefault('filters', []).append('cleaning')
-...
     HOBO_SKELETONS_DIR = os.path.join(VAR_DIR, 'skeletons')
     CONFIG_FILE='/etc/%s/config.py' % PROJECT_NAME
     CONFIG_FILE = '/etc/%s/config.py' % PROJECT_NAME
     if os.path.exists(CONFIG_FILE):
         with open(CONFIG_FILE) as fd:
             exec(fd.read())

     # If extensions (or modules to document with autodoc) are in another directory,
     # add these directories to sys.path here. If the directory is relative to the
     # documentation root, use os.path.abspath to make it absolute, like shown here.
     #sys.path.insert(0, os.path.abspath('.'))
     # sys.path.insert(0, os.path.abspath('.'))
     # -- General configuration -----------------------------------------------------
     # If your documentation needs a minimal Sphinx version, state it here.
     #needs_sphinx = '1.0'
     # needs_sphinx = '1.0'
     # Add any Sphinx extension module names here, as strings. They can be extensions
     # coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
     extensions = ['sphinx.ext.autodoc', 'sphinx.ext.doctest', 'sphinx.ext.intersphinx', 'sphinx.ext.todo', 'sphinx.ext.coverage', 'sphinx.ext.imgmath', 'sphinx.ext.ifconfig', 'sphinx.ext.viewcode']
     extensions = [
         'sphinx.ext.autodoc',
         'sphinx.ext.doctest',
         'sphinx.ext.intersphinx',
         'sphinx.ext.todo',
         'sphinx.ext.coverage',
         'sphinx.ext.imgmath',
         'sphinx.ext.ifconfig',
         'sphinx.ext.viewcode',
+    ]
     # Add any paths that contain templates here, relative to this directory.
     templates_path = ['_templates']
-...
     source_suffix = '.rst'
     # The encoding of source files.
     #source_encoding = 'utf-8-sig'
     # source_encoding = 'utf-8-sig'
     # The master toctree document.
     master_doc = 'index'
-...
     # The language for content autogenerated by Sphinx. Refer to documentation
     # for a list of supported languages.
     #language = None
     # language = None
     # There are two options for replacing |today|: either, you set today to some
     # non-false value, then it is used:
     #today = ''
     # today = ''
     # Else, today_fmt is used as the format for a strftime call.
     #today_fmt = '%B %d, %Y'
     # today_fmt = '%B %d, %Y'
     # List of patterns, relative to source directory, that match files and
     # directories to ignore when looking for source files.
     exclude_patterns = ['_build']
     # The reST default role (used for this markup: `text`) to use for all documents.
     #default_role = None
     # default_role = None
     # If true, '()' will be appended to :func: etc. cross-reference text.
     #add_function_parentheses = True
     # add_function_parentheses = True
     # If true, the current module name will be prepended to all description
     # unit titles (such as .. function::).
     #add_module_names = True
     # add_module_names = True
     # If true, sectionauthor and moduleauthor directives will be shown in the
     # output. They are ignored by default.
     #show_authors = False
     # show_authors = False
     # The name of the Pygments (syntax highlighting) style to use.
     pygments_style = 'sphinx'
     # A list of ignored prefixes for module index sorting.
     #modindex_common_prefix = []
     # modindex_common_prefix = []
     # -- Options for HTML output ---------------------------------------------------
-...
     # Theme options are theme-specific and customize the look and feel of a theme
     # further.  For a list of options available for each theme, see the
     # documentation.
     #html_theme_options = {}
     # html_theme_options = {}
     # Add any paths that contain custom themes here, relative to this directory.
     #html_theme_path = []
     # html_theme_path = []
     # The name for this set of Sphinx documents.  If None, it defaults to
     # "<project> v<release> documentation".
     #html_title = None
     # html_title = None
     # A shorter title for the navigation bar.  Default is the same as html_title.
     #html_short_title = None
     # html_short_title = None
     # The name of an image file (relative to this directory) to place at the top
     # of the sidebar.
-...
     # The name of an image file (within the static path) to use as favicon of the
     # docs.  This file should be a Windows icon file (.ico) being 16x16 or 32x32
     # pixels large.
     #html_favicon = None
     # html_favicon = None
     # Add any paths that contain custom static files (such as style sheets) here,
     # relative to this directory. They are copied after the builtin static files,
-...
     # If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
     # using the given strftime format.
     #html_last_updated_fmt = '%b %d, %Y'
     # html_last_updated_fmt = '%b %d, %Y'
     # If true, SmartyPants will be used to convert quotes and dashes to
     # typographically correct entities.
     #html_use_smartypants = True
     # html_use_smartypants = True
     # Custom sidebar templates, maps document names to template names.
     #html_sidebars = {}
     # html_sidebars = {}
     # Additional templates that should be rendered to pages, maps page names to
     # template names.
     #html_additional_pages = {}
     # html_additional_pages = {}
     # If false, no module index is generated.
     #html_domain_indices = True
     # html_domain_indices = True
     # If false, no index is generated.
     #html_use_index = True
     # html_use_index = True
     # If true, the index is split into individual pages for each letter.
     #html_split_index = False
     # html_split_index = False
     # If true, links to the reST sources are added to the pages.
     #html_show_sourcelink = True
     # html_show_sourcelink = True
     # If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
     #html_show_sphinx = True
     # html_show_sphinx = True
     # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
     #html_show_copyright = True
     # html_show_copyright = True
     # If true, an OpenSearch description file will be output, and all pages will
     # contain a <link> tag referring to it.  The value of this option must be the
     # base URL from which the finished HTML is served.
     #html_use_opensearch = ''
     # html_use_opensearch = ''
     # This is the file name suffix for HTML files (e.g. ".xhtml").
     #html_file_suffix = None
     # html_file_suffix = None
     # Output file base name for HTML help builder.
     htmlhelp_basename = 'Authentic2doc'
-...
     # -- Options for LaTeX output --------------------------------------------------
     latex_elements = {
     # The paper size ('letterpaper' or 'a4paper').
     #'papersize': 'letterpaper',
     # The font size ('10pt', '11pt' or '12pt').
     #'pointsize': '10pt',
     # Additional stuff for the LaTeX preamble.
     #'preamble': '',
         # The paper size ('letterpaper' or 'a4paper').
         #'papersize': 'letterpaper',
         # The font size ('10pt', '11pt' or '12pt').
         #'pointsize': '10pt',
         # Additional stuff for the LaTeX preamble.
         #'preamble': '',
+    }
     # Grouping the document tree into LaTeX files. List of tuples
     # (source start file, target name, title, author, documentclass [howto/manual]).
     latex_documents = [
       ('index', 'Authentic2.tex', u'Authentic2 Documentation',
        u'Entr\'ouvert', 'manual'),
         ('index', 'Authentic2.tex', u'Authentic2 Documentation', u'Entr\'ouvert', 'manual'),
+    ]
     # The name of an image file (relative to this directory) to place at the top of
-...
     # For "manual" documents, if this is true, then toplevel headings are parts,
     # not chapters.
     #latex_use_parts = False
     # latex_use_parts = False
     # If true, show page references after internal links.
     #latex_show_pagerefs = False
     # latex_show_pagerefs = False
     # If true, show URL addresses after external links.
     #latex_show_urls = False
     # latex_show_urls = False
     # Documents to append as an appendix to all manuals.
     #latex_appendices = []
     # latex_appendices = []
     # If false, no module index is generated.
     #latex_domain_indices = True
     # latex_domain_indices = True
     # -- Options for manual page output --------------------------------------------
     # One entry per manual page. List of tuples
     # (source start file, name, description, authors, manual section).
     man_pages = [
         ('index', 'authentic2', u'Authentic2 Documentation',
          [u'Mikaël Ates'], 1)
+    ]
     man_pages = [('index', 'authentic2', u'Authentic2 Documentation', [u'Mikaël Ates'], 1)]
     # If true, show URL addresses after external links.
     #man_show_urls = False
     # man_show_urls = False
     # -- Options for Texinfo output ------------------------------------------------
-...
     # (source start file, target name, title, author,
     #  dir menu entry, description, category)
     texinfo_documents = [
       ('index', 'Authentic2', u'Authentic2 Documentation', u'Mikaël Ates',
        'Authentic2', 'One line description of project.', 'Miscellaneous'),
+        (
             'index',
             'Authentic2',
             u'Authentic2 Documentation',
             u'Mikaël Ates',
             'Authentic2',
             'One line description of project.',
             'Miscellaneous',
         ),
+    ]
     # Documents to append as an appendix to all manuals.
     #texinfo_appendices = []
     # texinfo_appendices = []
     # If false, no module index is generated.
     #texinfo_domain_indices = True
     # texinfo_domain_indices = True
     # How to display URL addresses: 'footnote', 'no', or 'inline'.
     #texinfo_show_urls = 'footnote'
     # texinfo_show_urls = 'footnote'
     # Example configuration for intersphinx: refer to the Python standard library.

     from shutil import copyfile
     from optparse import OptionParser
     ### This file came from the https://github.com/flow123d/flow123d repo they were nice enough to spend time to write this.
     ### This file came from the https://github.com/flow123d/flow123d repo they were nice enough to spend time to write this.
     ### It is copied here for other people to use on its own.
     # parse arguments
     newline = 10*'\t';
     parser = OptionParser(usage="%prog [options] [file1 file2 ... filen]", version="%prog 1.0",
         epilog = "If no files are specified all xml files in current directory will be selected. \n" +
                  "Useful when there is not known precise file name only location")
     parser.add_option("-o", "--output",     dest="filename",    default="coverage-merged.xml",
         help="output file xml name", metavar="FILE")
     parser.add_option("-p", "--path",       dest="path",        default="./",
         help="xml location, default current directory", metavar="FILE")
     parser.add_option("-l", "--log",        dest="loglevel",    default="DEBUG",
         help="Log level DEBUG, INFO, WARNING, ERROR, CRITICAL")
     parser.add_option("-f", "--filteronly", dest="filteronly",  default=False, action='store_true',
         help="If set all files will be filtered by keep rules otherwise "+
     		 "all given files will be merged and filtered.")
     parser.add_option("-s", "--suffix",     dest="suffix",      default='',
         help="Additional suffix which will be added to filtered files so they original files can be preserved")
     parser.add_option("-k", "--keep",       dest="packagefilters", default=None,  metavar="NAME", action="append",
         help="preserves only specific packages. e.g.: " + newline +
              "'python merge.py -k src.la.*'" + newline +
              "will keep all packgages in folder " +
              "src/la/ and all subfolders of this folders. " + newline +
              "There can be mutiple rules e.g.:" + newline +
              "'python merge.py -k src.la.* -k unit_tests.la.'" + newline +
              "Format of the rule is simple dot (.) separated names with wildcard (*) allowed, e.g: " + newline +
              "package.subpackage.*")
     newline = 10 * '\t'
     parser = OptionParser(
         usage="%prog [options] [file1 file2 ... filen]",
         version="%prog 1.0",
         epilog="If no files are specified all xml files in current directory will be selected. \n"
         + "Useful when there is not known precise file name only location",
+    )
     parser.add_option(
         "-o",
         "--output",
         dest="filename",
         default="coverage-merged.xml",
         help="output file xml name",
         metavar="FILE",
+    )
     parser.add_option(
         "-p", "--path", dest="path", default="./", help="xml location, default current directory", metavar="FILE"
+    )
     parser.add_option(
         "-l", "--log", dest="loglevel", default="DEBUG", help="Log level DEBUG, INFO, WARNING, ERROR, CRITICAL"
+    )
     parser.add_option(
         "-f",
         "--filteronly",
         dest="filteronly",
         default=False,
         action='store_true',
         help="If set all files will be filtered by keep rules otherwise "
         + "all given files will be merged and filtered.",
+    )
     parser.add_option(
         "-s",
         "--suffix",
         dest="suffix",
         default='',
         help="Additional suffix which will be added to filtered files so they original files can be preserved",
+    )
     parser.add_option(
         "-k",
         "--keep",
         dest="packagefilters",
         default=None,
         metavar="NAME",
         action="append",
         help="preserves only specific packages. e.g.: "
         + newline
         + "'python merge.py -k src.la.*'"
         + newline
         + "will keep all packgages in folder "
         + "src/la/ and all subfolders of this folders. "
         + newline
         + "There can be mutiple rules e.g.:"
         + newline
         + "'python merge.py -k src.la.* -k unit_tests.la.'"
         + newline
         + "Format of the rule is simple dot (.) separated names with wildcard (*) allowed, e.g: "
         + newline
         + "package.subpackage.*",
+    )
     (options, args) = parser.parse_args()
-...
     path = options.path
     xmlfiles = args
     loglevel = getattr(logging, options.loglevel.upper())
     finalxml = os.path.join (path, options.filename)
     finalxml = os.path.join(path, options.filename)
     filteronly = options.filteronly
     filtersuffix = options.suffix
     packagefilters = options.packagefilters
     logging.basicConfig (level=loglevel, format='%(levelname)s %(asctime)s: %(message)s', datefmt='%x %X')
     logging.basicConfig(level=loglevel, format='%(levelname)s %(asctime)s: %(message)s', datefmt='%x %X')
     if not xmlfiles:
     	for filename in os.listdir (path):
     	    if not filename.endswith ('.xml'): continue
     	    fullname = os.path.join (path, filename)
     	    if fullname == finalxml: continue
     	    xmlfiles.append (fullname)
     	if not xmlfiles:
     		print('No xml files found!')
     		sys.exit (1)
         for filename in os.listdir(path):
             if not filename.endswith('.xml'):
                 continue
             fullname = os.path.join(path, filename)
             if fullname == finalxml:
                 continue
             xmlfiles.append(fullname)
         if not xmlfiles:
             print('No xml files found!')
             sys.exit(1)
     else:
     	xmlfiles=[path+filename for filename in xmlfiles]
         xmlfiles = [path + filename for filename in xmlfiles]
     # constants
     PACKAGES_LIST = 'packages/package';
     PACKAGES_LIST = 'packages/package'
     PACKAGES_ROOT = 'packages'
     CLASSES_LIST = 'classes/class';
     CLASSES_LIST = 'classes/class'
     CLASSES_ROOT = 'classes'
     METHODS_LIST = 'methods/method';
     METHODS_LIST = 'methods/method'
     METHODS_ROOT = 'methods'
     LINES_LIST = 'lines/line';
     LINES_LIST = 'lines/line'
     LINES_ROOT = 'lines'
     def merge_xml(xmlfile1, xmlfile2, outputfile):
         # parse
         xml1 = ET.parse(xmlfile1)
         xml2 = ET.parse(xmlfile2)
     def merge_xml (xmlfile1, xmlfile2, outputfile):
     	# parse
     	xml1 = ET.parse(xmlfile1)
     	xml2 = ET.parse(xmlfile2)
     	# get packages
     	packages1 = filter_xml(xml1)
     	packages2 = filter_xml(xml2)
         # get packages
         packages1 = filter_xml(xml1)
         packages2 = filter_xml(xml2)
     	# find root
     	packages1root = xml1.find(PACKAGES_ROOT)
         # find root
         packages1root = xml1.find(PACKAGES_ROOT)
         # merge packages
         merge(packages1root, packages1, packages2, 'name', merge_packages)
     	# merge packages
     	merge (packages1root, packages1, packages2, 'name', merge_packages);
         # write result to output file
         xml1.write(outputfile, encoding="UTF-8", xml_declaration=True)
     	# write result to output file
     	xml1.write (outputfile,  encoding="UTF-8", xml_declaration=True)
     def filter_xml(xmlfile):
         xmlroot = xmlfile.getroot()
         packageroot = xmlfile.find(PACKAGES_ROOT)
         packages = xmlroot.findall(PACKAGES_LIST)
     def filter_xml (xmlfile):
     	xmlroot = xmlfile.getroot()
     	packageroot = xmlfile.find(PACKAGES_ROOT)
     	packages = xmlroot.findall (PACKAGES_LIST)
         # delete nodes from tree AND from list
         included = []
         if packagefilters:
             logging.debug('excluding packages:')
         for pckg in packages:
             name = pckg.get('name')
             if not include_package(name):
                 logging.debug('excluding package "{0}"'.format(name))
                 packageroot.remove(pckg)
             else:
                 included.append(pckg)
         return included
     	# delete nodes from tree AND from list
     	included = []
     	if packagefilters: logging.debug ('excluding packages:')
     	for pckg in packages:
     		name = pckg.get('name')
     		if not include_package (name):
     			logging.debug ('excluding package "{0}"'.format(name))
     			packageroot.remove (pckg)
     		else:
     			included.append (pckg)
     	return included
     def prepare_packagefilters():
         if not packagefilters:
             return None
     def prepare_packagefilters ():
     	if not packagefilters:
     		return None
         # create simple regexp from given filter
         for i in range(len(packagefilters)):
             packagefilters[i] = '^' + packagefilters[i].replace('.', '\.').replace('*', '.*') + '$'
     	# create simple regexp from given filter
     	for i in range (len (packagefilters)):
     		packagefilters[i] = '^' + packagefilters[i].replace ('.', '\.').replace ('*', '.*') + '$'
     def include_package(name):
         if not packagefilters:
             return True
         for packagefilter in packagefilters:
             if re.search(packagefilter, name):
                 return True
         return False
     def include_package (name):
     	if not packagefilters:
     		return True
     	for packagefilter in packagefilters:
     		if re.search(packagefilter, name):
     			return True
     	return False
     def get_attributes_chain(obj, attrs):
         """Return a joined arguments of object based on given arguments"""
     def get_attributes_chain (obj, attrs):
     	"""Return a joined arguments of object based on given arguments"""
         if type(attrs) is list:
             result = ''
             for attr in attrs:
                 result += obj.attrib[attr]
             return result
         else:
             return obj.attrib[attrs]
     	if type(attrs) is list:
     		result = ''
     		for attr in attrs:
     			result += obj.attrib[attr]
     		return result
     	else:
     		return 	obj.attrib[attrs]
     def merge(root, list1, list2, attr, merge_function):
         """Groups given lists based on group attributes. Process of merging items with same key is handled by
         passed merge_function. Returns list1."""
         for item2 in list2:
             found = False
             for item1 in list1:
                 if get_attributes_chain(item1, attr) == get_attributes_chain(item2, attr):
                     item1 = merge_function(item1, item2)
                     found = True
                     break
             if found:
                 continue
             else:
                 root.append(item2)
     def merge (root, list1, list2, attr, merge_function):
     	""" Groups given lists based on group attributes. Process of merging items with same key is handled by
     		passed merge_function. Returns list1. """
     	for item2 in list2:
     		found = False
     		for item1 in list1:
     			if get_attributes_chain(item1, attr) == get_attributes_chain(item2, attr):
     				item1 = merge_function (item1, item2)
     				found = True
     				break
     		if found:
     			continue
     		else:
     			root.append(item2)
     def merge_packages(package1, package2):
         """Merges two packages. Returns package1."""
         classes1 = package1.findall(CLASSES_LIST)
         classes2 = package2.findall(CLASSES_LIST)
         if classes1 or classes2:
             merge(package1.find(CLASSES_ROOT), classes1, classes2, ['filename', 'name'], merge_classes)
     def merge_packages (package1, package2):
     	"""Merges two packages. Returns package1."""
     	classes1 = package1.findall (CLASSES_LIST);
     	classes2 = package2.findall (CLASSES_LIST);
     	if classes1 or classes2:
     		merge (package1.find (CLASSES_ROOT), classes1, classes2, ['filename','name'], merge_classes);
         return package1
     	return package1
     def merge_classes(class1, class2):
         """Merges two classes. Returns class1."""
     def merge_classes (class1, class2):
     	"""Merges two classes. Returns class1."""
         lines1 = class1.findall(LINES_LIST)
         lines2 = class2.findall(LINES_LIST)
         if lines1 or lines2:
             merge(class1.find(LINES_ROOT), lines1, lines2, 'number', merge_lines)
     	lines1 = class1.findall (LINES_LIST);
     	lines2 = class2.findall (LINES_LIST);
     	if lines1 or lines2:
     		merge (class1.find (LINES_ROOT), lines1, lines2, 'number', merge_lines);
         methods1 = class1.findall(METHODS_LIST)
         methods2 = class2.findall(METHODS_LIST)
         if methods1 or methods2:
             merge(class1.find(METHODS_ROOT), methods1, methods2, 'name', merge_methods)
     	methods1 = class1.findall (METHODS_LIST)
     	methods2 = class2.findall (METHODS_LIST)
     	if methods1 or methods2:
     		merge (class1.find (METHODS_ROOT), methods1, methods2, 'name', merge_methods);
         return class1
     	return class1
     def merge_methods(method1, method2):
         """Merges two methods. Returns method1."""
     def merge_methods (method1, method2):
     	"""Merges two methods. Returns method1."""
         lines1 = method1.findall(LINES_LIST)
         lines2 = method2.findall(LINES_LIST)
         merge(method1.find(LINES_ROOT), lines1, lines2, 'number', merge_lines)
     	lines1 = method1.findall (LINES_LIST);
     	lines2 = method2.findall (LINES_LIST);
     	merge (method1.find (LINES_ROOT), lines1, lines2, 'number', merge_lines);
     def merge_lines(line1, line2):
         """Merges two lines by summing their hits. Returns line1."""
     def merge_lines (line1, line2):
     	"""Merges two lines by summing their hits. Returns line1."""
         # merge hits
         value = int(line1.get('hits')) + int(line2.get('hits'))
         line1.set('hits', str(value))
     	# merge hits
     	value = int (line1.get('hits')) + int (line2.get('hits'))
     	line1.set ('hits', str(value))
         # merge conditionals
         con1 = line1.get('condition-coverage')
         con2 = line2.get('condition-coverage')
         if con1 is not None and con2 is not None:
             con1value = int(con1.split('%')[0])
             con2value = int(con2.split('%')[0])
             # bigger coverage on second line, swap their conditionals
             if con2value > con1value:
                 line1.set('condition-coverage', str(con2))
                 line1.__setitem__(0, line2.__getitem__(0))
     	# merge conditionals
     	con1 = line1.get('condition-coverage')
     	con2 = line2.get('condition-coverage')
     	if (con1 is not None and con2 is not None):
     		con1value = int(con1.split('%')[0])
     		con2value = int(con2.split('%')[0])
     		# bigger coverage on second line, swap their conditionals
     		if (con2value > con1value):
     			line1.set ('condition-coverage', str(con2))
     			line1.__setitem__(0, line2.__getitem__(0))
         return line1
     	return line1
     # prepare filters
     prepare_packagefilters ()
     prepare_packagefilters()
     if filteronly:
     	# filter all given files
     	currfile = 1
     	totalfiles = len (xmlfiles)
     	for xmlfile in xmlfiles:
     		xml = ET.parse(xmlfile)
     		filter_xml(xml)
     		logging.debug ('{1}/{2} filtering: {0}'.format (xmlfile, currfile, totalfiles))
     		xml.write (xmlfile + filtersuffix,  encoding="UTF-8", xml_declaration=True)
     		currfile += 1
         # filter all given files
         currfile = 1
         totalfiles = len(xmlfiles)
         for xmlfile in xmlfiles:
             xml = ET.parse(xmlfile)
             filter_xml(xml)
             logging.debug('{1}/{2} filtering: {0}'.format(xmlfile, currfile, totalfiles))
             xml.write(xmlfile + filtersuffix, encoding="UTF-8", xml_declaration=True)
             currfile += 1
     else:
     	# merge all given files
     	totalfiles = len (xmlfiles)
     	# special case if only one file was given
     	# filter given file and save it
     	if (totalfiles == 1):
     		logging.warning ('Only one file given!')
     		xmlfile = xmlfiles.pop(0)
     		xml = ET.parse(xmlfile)
     		filter_xml(xml)
     		xml.write (finalxml,  encoding="UTF-8", xml_declaration=True)
     		sys.exit (0)
     	currfile = 1
     	logging.debug ('{2}/{3} merging: {0} & {1}'.format (xmlfiles[0], xmlfiles[1], currfile, totalfiles-1))
     	merge_xml (xmlfiles[0], xmlfiles[1], finalxml)
     	currfile = 2
     	for i in range (totalfiles-2):
     		xmlfile = xmlfiles[i+2]
     		logging.debug ('{2}/{3} merging: {0} & {1}'.format (finalxml, xmlfile, currfile, totalfiles-1))
     		merge_xml (finalxml, xmlfile, finalxml)
     		currfile += 1
         # merge all given files
         totalfiles = len(xmlfiles)
         # special case if only one file was given
         # filter given file and save it
         if totalfiles == 1:
             logging.warning('Only one file given!')
             xmlfile = xmlfiles.pop(0)
             xml = ET.parse(xmlfile)
             filter_xml(xml)
             xml.write(finalxml, encoding="UTF-8", xml_declaration=True)
             sys.exit(0)
         currfile = 1
         logging.debug('{2}/{3} merging: {0} & {1}'.format(xmlfiles[0], xmlfiles[1], currfile, totalfiles - 1))
         merge_xml(xmlfiles[0], xmlfiles[1], finalxml)
         currfile = 2
         for i in range(totalfiles - 2):
             xmlfile = xmlfiles[i + 2]
             logging.debug('{2}/{3} merging: {0} & {1}'.format(finalxml, xmlfile, currfile, totalfiles - 1))
             merge_xml(finalxml, xmlfile, finalxml)
             currfile += 1

             try:
                 os.environ.pop('DJANGO_SETTINGS_MODULE', None)
                 from django.core.management import call_command
                 for dir in glob.glob('src/*'):
                     for path, dirs, files in os.walk(dir):
                         if 'locale' not in dirs:
-...
     def get_version():
         '''Use the VERSION, if absent generates a version with git describe, if not
            tag exists, take 0.0- and add the length of the commit log.
         '''
         """Use the VERSION, if absent generates a version with git describe, if not
         tag exists, take 0.0- and add the length of the commit log.
         """
         if os.path.exists('VERSION'):
             with open('VERSION', 'r') as v:
                 return v.read()
         if os.path.exists('.git'):
             p = subprocess.Popen(['git', 'describe', '--dirty=.dirty','--match=v*'], stdout=subprocess.PIPE,
                                  stderr=subprocess.PIPE)
             p = subprocess.Popen(
                 ['git', 'describe', '--dirty=.dirty', '--match=v*'],
                 stdout=subprocess.PIPE,
                 stderr=subprocess.PIPE,
+            )
             result = p.communicate()[0]
             if p.returncode == 0:
                 result = result.decode('ascii').strip()[1:]  # strip spaces/newlines and initial v
-...
                     version = result
                 return version
             else:
                 return '0.0.post%s' % len(
                     subprocess.check_output(
                         ['git', 'rev-list', 'HEAD']).splitlines())
                 return '0.0.post%s' % len(subprocess.check_output(['git', 'rev-list', 'HEAD']).splitlines())
         return '0.0'
     setup(name="authentic2",
           version=get_version(),
           license="AGPLv3+",
           description="Authentic 2, a versatile identity management server",
           url="http://dev.entrouvert.org/projects/authentic/",
           author="Entr'ouvert",
           author_email="authentic@listes.entrouvert.com",
           maintainer="Benjamin Dauvergne",
           maintainer_email="bdauvergne@entrouvert.com",
           scripts=('authentic2-ctl',),
           packages=find_packages('src'),
           package_dir={
               '': 'src',
           },
           include_package_data=True,
           install_requires=[
               'django>=1.11,<2.3',
               'requests>=2.3',
               'requests-oauthlib',
               'django-model-utils>=2.4,<4',
               'dnspython>=1.10',
               'Django-Select2>5,<6',
               'django-tables2>=1.0,<2.0',
               'django-ratelimit',
               'gadjo>=0.53',
               'django-import-export>=1,<2',
               'djangorestframework>=3.3,<3.10',
               'six>=1',
               'Markdown>=2.1',
               'python-ldap',
               'django-filter>1,<2.3',
               'pycryptodomex',
               'django-mellon>=1.22',
               'ldaptools',
               'jwcrypto>=0.3.1,<1',
               'cryptography',
               'XStatic-jQuery<2',
               'XStatic-jquery-ui',
               'xstatic-select2',
               'pillow',
               'tablib',
               'chardet',
               'attrs>17',
               'atomicwrites',
           ],
           zip_safe=False,
           classifiers=[
               "Development Status :: 5 - Production/Stable",
               "Environment :: Web Environment",
               "Framework :: Django",
               'Intended Audience :: End Users/Desktop',
               'Intended Audience :: Developers',
               'Intended Audience :: System Administrators',
               'Intended Audience :: Information Technology',
               'Intended Audience :: Legal Industry',
               'Intended Audience :: Science/Research',
               'Intended Audience :: Telecommunications Industry',
               "License :: OSI Approved :: GNU Affero General Public License v3 or later (AGPLv3+)",
               "Operating System :: OS Independent",
               "Programming Language :: Python",
               "Topic :: System :: Systems Administration :: Authentication/Directory",
           ],
           cmdclass={
               'build': build,
               'install_lib': install_lib,
               'compile_translations': compile_translations,
               'sdist': sdist,
           })
     setup(
         name="authentic2",
         version=get_version(),
         license="AGPLv3+",
         description="Authentic 2, a versatile identity management server",
         url="http://dev.entrouvert.org/projects/authentic/",
         author="Entr'ouvert",
         author_email="authentic@listes.entrouvert.com",
         maintainer="Benjamin Dauvergne",
         maintainer_email="bdauvergne@entrouvert.com",
         scripts=('authentic2-ctl',),
         packages=find_packages('src'),
         package_dir={
             '': 'src',
         },
         include_package_data=True,
         install_requires=[
             'django>=1.11,<2.3',
             'requests>=2.3',
             'requests-oauthlib',
             'django-model-utils>=2.4,<4',
             'dnspython>=1.10',
             'Django-Select2>5,<6',
             'django-tables2>=1.0,<2.0',
             'django-ratelimit',
             'gadjo>=0.53',
             'django-import-export>=1,<2',
             'djangorestframework>=3.3,<3.10',
             'six>=1',
             'Markdown>=2.1',
             'python-ldap',
             'django-filter>1,<2.3',
             'pycryptodomex',
             'django-mellon>=1.22',
             'ldaptools',
             'jwcrypto>=0.3.1,<1',
             'cryptography',
             'XStatic-jQuery<2',
             'XStatic-jquery-ui',
             'xstatic-select2',
             'pillow',
             'tablib',
             'chardet',
             'attrs>17',
             'atomicwrites',
         ],
         zip_safe=False,
         classifiers=[
             "Development Status :: 5 - Production/Stable",
             "Environment :: Web Environment",
             "Framework :: Django",
             'Intended Audience :: End Users/Desktop',
             'Intended Audience :: Developers',
             'Intended Audience :: System Administrators',
             'Intended Audience :: Information Technology',
             'Intended Audience :: Legal Industry',
             'Intended Audience :: Science/Research',
             'Intended Audience :: Telecommunications Industry',
             "License :: OSI Approved :: GNU Affero General Public License v3 or later (AGPLv3+)",
             "Operating System :: OS Independent",
             "Programming Language :: Python",
             "Topic :: System :: Systems Administration :: Authentication/Directory",
         ],
         cmdclass={
             'build': build,
             'install_lib': install_lib,
             'compile_translations': compile_translations,
             'sdist': sdist,
         },
+    )

         fields = ['parent']
         def get_queryset(self, request):
             return super(RoleParentInline, self).get_queryset(request) \
                 .filter(direct=True)
             return super(RoleParentInline, self).get_queryset(request).filter(direct=True)
     class RoleChildInline(admin.TabularInline):
-...
         fields = ['child']
         def get_queryset(self, request):
             return super(RoleChildInline, self).get_queryset(request) \
                 .filter(direct=True)
             return super(RoleChildInline, self).get_queryset(request).filter(direct=True)
     class RoleAttributeInline(admin.TabularInline):
-...
     class RoleAdmin(admin.ModelAdmin):
         inlines = [RoleChildInline, RoleParentInline]
         fields = ('uuid', 'name', 'slug', 'description', 'ou', 'members',
                   'permissions', 'admin_scope_ct', 'admin_scope_id', 'service')
         fields = (
             'uuid',
             'name',
             'slug',
             'description',
             'ou',
             'members',
             'permissions',
             'admin_scope_ct',
             'admin_scope_id',
             'service',
+        )
         readonly_fields = ('uuid',)
         prepopulated_fields = {"slug": ("name",)}
         filter_horizontal = ('members', 'permissions')
-...
     class OrganizationalUnitAdmin(admin.ModelAdmin):
         fields = ('uuid', 'name', 'slug', 'description', 'username_is_unique',
                   'email_is_unique', 'default', 'validate_emails',
                   'user_can_reset_password', 'user_add_password_policy')
         fields = (
             'uuid',
             'name',
             'slug',
             'description',
             'username_is_unique',
             'email_is_unique',
             'default',
             'validate_emails',
             'user_can_reset_password',
             'user_add_password_policy',
+        )
         readonly_fields = ('uuid',)
         prepopulated_fields = {"slug": ("name",)}
         list_display = ('name', 'slug')
-...
         def name(self, obj):
             return six.text_type(obj)
         name.short_description = _('name')
     admin.site.register(models.Role, RoleAdmin)
     admin.site.register(models.OrganizationalUnit, OrganizationalUnitAdmin)
     admin.site.register(models.Permission, PermissionAdmin)

src/authentic2/a2_rbac/app_settings.py
28	28
29	29	def _setting(self, name, dflt):
30	30	from django.conf import settings
	31
31	32	return getattr(settings, name, dflt)
32	33
33	34	def _setting_with_prefix(self, name, dflt):

             from authentic2.models import Service
             # update rbac on save to contenttype, ou and roles
             post_save.connect(
                 signal_handlers.update_rbac_on_ou_post_save,
                 sender=models.OrganizationalUnit)
             post_delete.connect(
                 signal_handlers.update_rbac_on_ou_post_delete,
                 sender=models.OrganizationalUnit)
             post_save.connect(signal_handlers.update_rbac_on_ou_post_save, sender=models.OrganizationalUnit)
             post_delete.connect(signal_handlers.update_rbac_on_ou_post_delete, sender=models.OrganizationalUnit)
             # keep service role and service ou field in sync
             for subclass in Service.__subclasses__():
                 post_save.connect(
                     signal_handlers.update_service_role_ou,
                     sender=subclass)
             post_save.connect(
                 signal_handlers.update_service_role_ou,
                 sender=Service)
             post_migrate.connect(
                 signal_handlers.create_default_ou,
                 sender=self)
             post_migrate.connect(
                 signal_handlers.create_default_permissions,
                 sender=self)
             post_migrate.connect(
                 signal_handlers.post_migrate_update_rbac,
                 sender=self)
                 post_save.connect(signal_handlers.update_service_role_ou, sender=subclass)
             post_save.connect(signal_handlers.update_service_role_ou, sender=Service)
             post_migrate.connect(signal_handlers.create_default_ou, sender=self)
             post_migrate.connect(signal_handlers.create_default_permissions, sender=self)
             post_migrate.connect(signal_handlers.post_migrate_update_rbac, sender=self)

     class UniqueBooleanField(NullBooleanField):
         '''BooleanField allowing only one True value in the table, and preventing
            problems with multiple False values by implicitely converting them to
            None.'''
         """BooleanField allowing only one True value in the table, and preventing
         problems with multiple False values by implicitely converting them to
         None."""
         def __init__(self, *args, **kwargs):
             kwargs['unique'] = True
             kwargs['blank'] = True
-...
             return value
         def get_db_prep_value(self, value, connection, prepared=False):
             value = super(UniqueBooleanField, self).get_db_prep_value(
                     value, connection, prepared=prepared)
             value = super(UniqueBooleanField, self).get_db_prep_value(value, connection, prepared=prepared)
             if value is False:
                 return None
             return value

         Role = get_role_model()
         if app_settings.MANAGED_CONTENT_TYPES == ():
             Role.objects.filter(slug='a2-managers-of-{ou.slug}'.format(ou=ou)) \
                 .delete()
             Role.objects.filter(slug='a2-managers-of-{ou.slug}'.format(ou=ou)).delete()
         else:
             ou_admin_role = ou.get_admin_role()
-...
                 continue
             else:
                 ou_ct_admin_role = Role.objects.get_admin_role(
                     instance=ct,
                     ou=ou,
                     name=name,
                     slug=ou_slug,
                     update_slug=True,
                     update_name=True)
             if not app_settings.MANAGED_CONTENT_TYPES or \
                     key in app_settings.MANAGED_CONTENT_TYPES:
                     instance=ct, ou=ou, name=name, slug=ou_slug, update_slug=True, update_name=True
+                )
             if not app_settings.MANAGED_CONTENT_TYPES or key in app_settings.MANAGED_CONTENT_TYPES:
                 ou_ct_admin_role.add_child(ou_admin_role)
             else:
                 ou_ct_admin_role.remove_child(ou_admin_role)
-...
     def update_ous_admin_roles():
         '''Create general admin roles linked to all organizational units,
            they give general administrative rights to all mamanged content types
            scoped to the given organizational unit.
         '''
         """Create general admin roles linked to all organizational units,
         they give general administrative rights to all mamanged content types
         scoped to the given organizational unit.
         """
         OU = get_ou_model()
         ou_all = OU.objects.all()
         if len(ou_all) < 2:
-...
         for ou in ou_all:
             update_ou_admin_roles(ou)
     MANAGED_CT = {
         ('a2_rbac', 'role'): {
             'name': _('Manager of roles'),
-...
     def update_content_types_roles():
         '''Create general and scoped management roles for all managed content
            types.
         '''
         """Create general and scoped management roles for all managed content
         types.
         """
         cts = ContentType.objects.all()
         Role = get_role_model()
         view_user_perm = utils.get_view_user_perm()
-...
         if app_settings.MANAGED_CONTENT_TYPES == ():
             Role.objects.filter(slug=slug).delete()
         else:
             admin_role, created = Role.objects.get_or_create(
                 slug=slug,
                 defaults=dict(
                     name=ugettext('Manager')))
             admin_role, created = Role.objects.get_or_create(slug=slug, defaults=dict(name=ugettext('Manager')))
             admin_role.add_self_administration()
             if not created and admin_role.name != ugettext('Manager'):
                 admin_role.name = ugettext('Manager')
-...
             # General admin role
             name = six.text_type(MANAGED_CT[ct_tuple]['name'])
             slug = '_a2-' + slugify(name)
             if app_settings.MANAGED_CONTENT_TYPES is not None and ct_tuple not in \
                     app_settings.MANAGED_CONTENT_TYPES:
             if (
                 app_settings.MANAGED_CONTENT_TYPES is not None
                 and ct_tuple not in app_settings.MANAGED_CONTENT_TYPES
             ):
                 Role.objects.filter(slug=slug).delete()
                 continue
             ct_admin_role = Role.objects.get_admin_role(instance=ct, name=name,
                                                         slug=slug,
                                                         update_name=True,
                                                         update_slug=True,
                                                         create=True)
             ct_admin_role = Role.objects.get_admin_role(
                 instance=ct, name=name, slug=slug, update_name=True, update_slug=True, create=True
+            )
             if MANAGED_CT[ct_tuple].get('must_view_user'):
                 ct_admin_role.permissions.add(view_user_perm)
             if MANAGED_CT[ct_tuple].get('must_manage_authorizations_user'):

     class RoleManager(BaseRoleManager):
         def get_admin_role(self, instance, name, slug, ou=None, operation=ADMIN_OP,
                            update_name=False, update_slug=False, permissions=(),
                            self_administered=False, create=True):
         def get_admin_role(
             self,
             instance,
             name,
             slug,
             ou=None,
             operation=ADMIN_OP,
             update_name=False,
             update_slug=False,
             permissions=(),
             self_administered=False,
             create=True,
         ):
             '''Get or create the role of manager's of this object instance'''
             kwargs = {}
             assert not ou or isinstance(instance, ContentType), (
                 'get_admin_role(ou=...) can only be used with ContentType instances: %s %s %s' % (name, ou, instance)
             assert not ou or isinstance(
                 instance, ContentType
             ), 'get_admin_role(ou=...) can only be used with ContentType instances: %s %s %s' % (
                 name,
                 ou,
                 instance,
+            )
             # Does the permission need to be scoped by ou ? Yes if the target is a
-...
                     target_ct=ContentType.objects.get_for_model(instance),
                     target_id=instance.pk,
                     defaults=defaults,
                     **kwargs)
                     **kwargs,
+                )
             else:
                 try:
                     perm = Permission.objects.get(
                         operation=op,
                         target_ct=ContentType.objects.get_for_model(instance),
                         target_id=instance.pk,
                         **kwargs)
                         **kwargs,
+                    )
                 except Permission.DoesNotExist:
                     return None
-...
                 mirror_role_ou = instance.ou
             else:
                 mirror_role_ou = None
             admin_role = self.get_mirror_role(perm, name, slug, ou=mirror_role_ou,
                                               update_name=update_name,
                                               update_slug=update_slug,
                                               create=create)
             admin_role = self.get_mirror_role(
                 perm,
                 name,
                 slug,
                 ou=mirror_role_ou,
                 update_name=update_name,
                 update_slug=update_slug,
                 create=create,
+            )
             if not admin_role:
                 return None
-...
                 admin_role.permissions.set(permissions)
             return admin_role
         def get_mirror_role(self, instance, name, slug, ou=None,
                             update_name=False, update_slug=False, create=True):
             '''Get or create a role which mirrors another model, for example a
                permission.
             '''
         def get_mirror_role(
             self, instance, name, slug, ou=None, update_name=False, update_slug=False, create=True
         ):
             """Get or create a role which mirrors another model, for example a
             permission.
             """
             ct = ContentType.objects.get_for_model(instance)
             update_fields = {}
             kwargs = {}
-...
             if create:
                 role, _ = self.prefetch_related('permissions').update_or_create(
                     admin_scope_ct=ct,
                     admin_scope_id=instance.pk,
                     defaults=update_fields,
                     **kwargs)
                     admin_scope_ct=ct, admin_scope_id=instance.pk, defaults=update_fields, **kwargs
+                )
             else:
                 try:
                     role = self.prefetch_related('permissions').get(
                         admin_scope_ct=ct,
                         admin_scope_id=instance.pk,
                         **kwargs)
                         admin_scope_ct=ct, admin_scope_id=instance.pk, **kwargs
+                    )
                 except self.model.DoesNotExist:
                     return None
                 for field, value in update_fields.items():

             migrations.CreateModel(
                 name='OrganizationalUnit',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
                     ('uuid', models.CharField(default=authentic2.utils.get_hex_uuid, unique=True, max_length=32, verbose_name='uuid')),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
+                    (
                         'uuid',
                         models.CharField(
                             default=authentic2.utils.get_hex_uuid, unique=True, max_length=32, verbose_name='uuid'
                         ),
                     ),
                     ('name', models.CharField(max_length=256, verbose_name='name')),
                     ('slug', models.SlugField(max_length=256, verbose_name='slug')),
                     ('description', models.TextField(verbose_name='description', blank=True)),
                     ('default', authentic2.a2_rbac.fields.UniqueBooleanField(verbose_name='Default organizational unit')),
+                    (
                         'default',
                         authentic2.a2_rbac.fields.UniqueBooleanField(verbose_name='Default organizational unit'),
                     ),
                 ],
                 options={
                     'verbose_name': 'organizational unit',
-...
             migrations.CreateModel(
                 name='Permission',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('target_id', models.PositiveIntegerField()),
                     ('operation', models.ForeignKey(verbose_name='operation', to='django_rbac.Operation', on_delete=models.CASCADE)),
                     ('ou', models.ForeignKey(related_name='scoped_permission', verbose_name='organizational unit', to=settings.RBAC_OU_MODEL, null=True, on_delete=models.CASCADE)),
                     ('target_ct', models.ForeignKey(related_name='+', to='contenttypes.ContentType', on_delete=models.CASCADE)),
+                    (
                         'operation',
                         models.ForeignKey(
                             verbose_name='operation', to='django_rbac.Operation', on_delete=models.CASCADE
                         ),
                     ),
+                    (
                         'ou',
                         models.ForeignKey(
                             related_name='scoped_permission',
                             verbose_name='organizational unit',
                             to=settings.RBAC_OU_MODEL,
                             null=True,
                             on_delete=models.CASCADE,
                         ),
                     ),
+                    (
                         'target_ct',
                         models.ForeignKey(
                             related_name='+', to='contenttypes.ContentType', on_delete=models.CASCADE
                         ),
                     ),
                 ],
                 options={
                     'verbose_name': 'permission',
-...
             migrations.CreateModel(
                 name='Role',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
                     ('uuid', models.CharField(default=authentic2.utils.get_hex_uuid, unique=True, max_length=32, verbose_name='uuid')),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
+                    (
                         'uuid',
                         models.CharField(
                             default=authentic2.utils.get_hex_uuid, unique=True, max_length=32, verbose_name='uuid'
                         ),
                     ),
                     ('name', models.CharField(max_length=256, verbose_name='name')),
                     ('slug', models.SlugField(max_length=256, verbose_name='slug')),
                     ('description', models.TextField(verbose_name='description', blank=True)),
                     ('admin_scope_id', models.PositiveIntegerField(null=True, verbose_name='administrative scope id', blank=True)),
                     ('admin_scope_ct', models.ForeignKey(verbose_name='administrative scope content type', blank=True, to='contenttypes.ContentType', null=True, on_delete=models.CASCADE)),
                     ('members', models.ManyToManyField(related_name='roles', to=settings.AUTH_USER_MODEL, blank=True)),
                     ('ou', models.ForeignKey(verbose_name='organizational unit', blank=True, to=settings.RBAC_OU_MODEL, null=True, on_delete=models.CASCADE)),
                     ('permissions', models.ManyToManyField(related_name='role', to=settings.RBAC_PERMISSION_MODEL, blank=True)),
                     ('service', models.ForeignKey(verbose_name='service', blank=True, to='authentic2.Service', null=True, on_delete=models.CASCADE)),
+                    (
                         'admin_scope_id',
                         models.PositiveIntegerField(
                             null=True, verbose_name='administrative scope id', blank=True
                         ),
                     ),
+                    (
                         'admin_scope_ct',
                         models.ForeignKey(
                             verbose_name='administrative scope content type',
                             blank=True,
                             to='contenttypes.ContentType',
                             null=True,
                             on_delete=models.CASCADE,
                         ),
                     ),
+                    (
                         'members',
                         models.ManyToManyField(related_name='roles', to=settings.AUTH_USER_MODEL, blank=True),
                     ),
+                    (
                         'ou',
                         models.ForeignKey(
                             verbose_name='organizational unit',
                             blank=True,
                             to=settings.RBAC_OU_MODEL,
                             null=True,
                             on_delete=models.CASCADE,
                         ),
                     ),
+                    (
                         'permissions',
                         models.ManyToManyField(
                             related_name='role', to=settings.RBAC_PERMISSION_MODEL, blank=True
                         ),
                     ),
+                    (
                         'service',
                         models.ForeignKey(
                             verbose_name='service',
                             blank=True,
                             to='authentic2.Service',
                             null=True,
                             on_delete=models.CASCADE,
                         ),
                     ),
                 ],
                 options={
                     'ordering': ('ou', 'service', 'name'),
-...
             migrations.CreateModel(
                 name='RoleAttribute',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('name', models.CharField(max_length=64, verbose_name='name')),
                     ('kind', models.CharField(max_length=32, verbose_name='kind', choices=[('string', 'string')])),
+                    (
                         'kind',
                         models.CharField(max_length=32, verbose_name='kind', choices=[('string', 'string')]),
                     ),
                     ('value', models.TextField(verbose_name='value')),
                     ('role', models.ForeignKey(related_name='attributes', verbose_name='role', to=settings.RBAC_ROLE_MODEL, on_delete=models.CASCADE)),
+                    (
                         'role',
                         models.ForeignKey(
                             related_name='attributes',
                             verbose_name='role',
                             to=settings.RBAC_ROLE_MODEL,
                             on_delete=models.CASCADE,
                         ),
                     ),
                 ],
                 options={
                     'verbose_name': 'role attribute',
-...
             migrations.CreateModel(
                 name='RoleParenting',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('direct', models.BooleanField(blank=True, default=True)),
                     ('child', models.ForeignKey(related_name='parent_relation', to=settings.RBAC_ROLE_MODEL, on_delete=models.CASCADE)),
                     ('parent', models.ForeignKey(related_name='child_relation', to=settings.RBAC_ROLE_MODEL, on_delete=models.CASCADE)),
+                    (
                         'child',
                         models.ForeignKey(
                             related_name='parent_relation', to=settings.RBAC_ROLE_MODEL, on_delete=models.CASCADE
                         ),
                     ),
+                    (
                         'parent',
                         models.ForeignKey(
                             related_name='child_relation', to=settings.RBAC_ROLE_MODEL, on_delete=models.CASCADE
                         ),
                     ),
                 ],
                 options={
                     'verbose_name': 'role parenting relation',

     from django.db import models, migrations
     from authentic2.migrations import CreatePartialIndexes
     class Migration(migrations.Migration):
         dependencies = [
-...
+        ]
         operations = [
             CreatePartialIndexes('Role', 'a2_rbac_role', 'a2_rbac_role_unique_idx',
                                  ('ou_id', 'service_id'), ('slug',),
                                  null_columns=('admin_scope_ct_id',)),
             CreatePartialIndexes(
                 'Role',
                 'a2_rbac_role',
                 'a2_rbac_role_unique_idx',
                 ('ou_id', 'service_id'),
                 ('slug',),
                 null_columns=('admin_scope_ct_id',),
             ),
+        ]

         operations = [
             migrations.AlterModelOptions(
                 name='organizationalunit',
                 options={'ordering': ('name',), 'verbose_name': 'organizational unit', 'verbose_name_plural': 'organizational units'},
                 options={
                     'ordering': ('name',),
                     'verbose_name': 'organizational unit',
                     'verbose_name_plural': 'organizational units',
                 },
             ),
             migrations.AlterUniqueTogether(
                 name='role',

             migrations.AlterField(
                 model_name='role',
                 name='service',
                 field=models.ForeignKey(related_name='roles', verbose_name='service', blank=True, to='authentic2.Service', null=True, on_delete=models.CASCADE),
                 field=models.ForeignKey(
                     related_name='roles',
                     verbose_name='service',
                     blank=True,
                     to='authentic2.Service',
                     null=True,
                     on_delete=models.CASCADE,
                 ),
                 preserve_default=True,
             ),
+        ]

         operations = [
             migrations.AlterModelOptions(
                 name='organizationalunit',
                 options={'ordering': ('default', 'name'), 'verbose_name': 'organizational unit', 'verbose_name_plural': 'organizational units'},
                 options={
                     'ordering': ('default', 'name'),
                     'verbose_name': 'organizational unit',
                     'verbose_name_plural': 'organizational units',
                 },
             ),
+        ]

     from django.db import models, migrations
     from authentic2.migrations import CreatePartialIndexes
     class Migration(migrations.Migration):
         dependencies = [
-...
+        ]
         operations = [
             CreatePartialIndexes('Permission', 'a2_rbac_permission', 'a2_rbac_permission_null_ou_unique_idx',
                                  ('ou_id',), ('operation_id', 'target_ct_id', 'target_id'))
             CreatePartialIndexes(
                 'Permission',
                 'a2_rbac_permission',
                 'a2_rbac_permission_null_ou_unique_idx',
                 ('ou_id',),
                 ('operation_id', 'target_ct_id', 'target_id'),
+            )
+        ]

     def deduplicate_admin_roles(apps, schema_editor):
         '''Find duplicated admin roles, only keep the one with the lowest id and
            copy all members, parent and children of other duplicated roles to it,
            then delete duplicates with greater id.
         '''
         """Find duplicated admin roles, only keep the one with the lowest id and
         copy all members, parent and children of other duplicated roles to it,
         then delete duplicates with greater id.
         """
         Role = apps.get_model('a2_rbac', 'Role')
         RoleParenting = apps.get_model('a2_rbac', 'RoleParenting')
         qs = Role.objects.filter(admin_scope_ct__isnull=False,
                                  admin_scope_id__isnull=False).order_by('id')
         qs = Role.objects.filter(admin_scope_ct__isnull=False, admin_scope_id__isnull=False).order_by('id')
         roles = defaultdict(lambda: [])
         for role in qs:
-...
             children = set()
             for role in duplicates:
                 members |= set(role.members.all())
                 parents |= set(
                     rp.parent for rp in RoleParenting.objects.filter(child=role, direct=True))
                 children |= set(
                     rp.child for rp in RoleParenting.objects.filter(parent=role, direct=True))
                 parents |= set(rp.parent for rp in RoleParenting.objects.filter(child=role, direct=True))
                 children |= set(rp.child for rp in RoleParenting.objects.filter(parent=role, direct=True))
             duplicates[0].members = members
             for parent in parents:
                 RoleParenting.objects.get_or_crate(
                     parent=parent,
                     child=duplicates[0],
                     direct=True)
                 RoleParenting.objects.get_or_crate(parent=parent, child=duplicates[0], direct=True)
             for child in children:
                 RoleParenting.objects.get_or_create(
                     parent=duplicates[0],
                     child=child,
                     direct=True)
                 RoleParenting.objects.get_or_create(parent=duplicates[0], child=child, direct=True)
             for role in duplicates[1:]:
                 role.delete()

         operations = [
             migrations.AlterModelOptions(
                 name='organizationalunit',
                 options={'ordering': ('-default', 'name'), 'verbose_name': 'organizational unit', 'verbose_name_plural': 'organizational units'},
                 options={
                     'ordering': ('-default', 'name'),
                     'verbose_name': 'organizational unit',
                     'verbose_name_plural': 'organizational units',
                 },
             ),
+        ]

         operations = [
             migrations.AlterModelOptions(
                 name='organizationalunit',
                 options={'ordering': ('name',), 'verbose_name': 'organizational unit', 'verbose_name_plural': 'organizational units'},
                 options={
                     'ordering': ('name',),
                     'verbose_name': 'organizational unit',
                     'verbose_name_plural': 'organizational units',
                 },
             ),
+        ]

             migrations.AddField(
                 model_name='organizationalunit',
                 name='user_add_password_policy',
                 field=models.IntegerField(default=0, verbose_name='User creation password policy', choices=[(0, 'Send reset link'), (1, 'Manual password definition')]),
                 field=models.IntegerField(
                     default=0,
                     verbose_name='User creation password policy',
                     choices=[(0, 'Send reset link'), (1, 'Manual password definition')],
                 ),
             ),
+        ]

+        ]
         operations = [
             CreatePartialIndexes('Role', 'a2_rbac_role', 'a2_rbac_role_name_unique_idx',
                                  ('ou_id',), ('name',),
                                  null_columns=('admin_scope_ct_id',)),
             CreatePartialIndexes(
                 'Role',
                 'a2_rbac_role',
                 'a2_rbac_role_name_unique_idx',
                 ('ou_id',),
                 ('name',),
                 null_columns=('admin_scope_ct_id',),
             ),
+        ]

             migrations.AlterField(
                 model_name='organizationalunit',
                 name='uuid',
                 field=models.CharField(default=django_rbac.utils.get_hex_uuid, max_length=32, unique=True, verbose_name='uuid'),
                 field=models.CharField(
                     default=django_rbac.utils.get_hex_uuid, max_length=32, unique=True, verbose_name='uuid'
                 ),
             ),
             migrations.AlterField(
                 model_name='role',
                 name='uuid',
                 field=models.CharField(default=django_rbac.utils.get_hex_uuid, max_length=32, unique=True, verbose_name='uuid'),
                 field=models.CharField(
                     default=django_rbac.utils.get_hex_uuid, max_length=32, unique=True, verbose_name='uuid'
                 ),
             ),
+        ]

             migrations.AddField(
                 model_name='organizationalunit',
                 name='clean_unused_accounts_alert',
                 field=models.PositiveIntegerField(blank=True, null=True, validators=[django.core.validators.MinValueValidator(30, 'Ensure that this value is greater than 30 days, or leave blank for deactivating.')], verbose_name='Days after which the user receives an account deletion alert'),
                 field=models.PositiveIntegerField(
                     blank=True,
                     null=True,
                     validators=[
                         django.core.validators.MinValueValidator(
 , 'Ensure that this value is greater than 30 days, or leave blank for deactivating.'
+                        )
                     ],
                     verbose_name='Days after which the user receives an account deletion alert',
                 ),
             ),
             migrations.AddField(
                 model_name='organizationalunit',
                 name='clean_unused_accounts_deletion',
                 field=models.PositiveIntegerField(blank=True, null=True, validators=[django.core.validators.MinValueValidator(30, 'Ensure that this value is greater than 30 days, or leave blank for deactivating.')], verbose_name='Delay in days before cleaning unused accounts'),
                 field=models.PositiveIntegerField(
                     blank=True,
                     null=True,
                     validators=[
                         django.core.validators.MinValueValidator(
 , 'Ensure that this value is greater than 30 days, or leave blank for deactivating.'
+                        )
                     ],
                     verbose_name='Delay in days before cleaning unused accounts',
                 ),
             ),
+        ]

src/authentic2/a2_rbac/migrations/0024_fix_self_admin_perm.py
39	39	('a2_rbac', '0023_role_can_manage_members'),
40	40	]
41	41
42		operations = [
43		migrations.RunPython(update_self_administration_perm, migrations.RunPython.noop)
44		]
	42	operations = [migrations.RunPython(update_self_administration_perm, migrations.RunPython.noop)]

     from django.db import models
     from django.contrib.contenttypes.models import ContentType
     from django_rbac.models import (RoleAbstractBase, PermissionAbstractBase,
                                     OrganizationalUnitAbstractBase, RoleParentingAbstractBase, VIEW_OP,
                                     Operation)
     from django_rbac.models import (
         RoleAbstractBase,
         PermissionAbstractBase,
         OrganizationalUnitAbstractBase,
         RoleParentingAbstractBase,
         VIEW_OP,
         Operation,
+    )
     from django_rbac import utils as rbac_utils
     from authentic2.decorators import errorcollector
     try:
         from django.contrib.contenttypes.fields import GenericForeignKey, \
             GenericRelation
         from django.contrib.contenttypes.fields import GenericForeignKey, GenericRelation
     except ImportError:
         # Django < 1.8
         from django.contrib.contenttypes.generic import GenericForeignKey, \
             GenericRelation
         from django.contrib.contenttypes.generic import GenericForeignKey, GenericRelation
     from authentic2.decorators import GlobalCache
-...
             (MANUAL_PASSWORD_POLICY, _('Manual password definition')),
+        )
         PolicyValue = namedtuple('PolicyValue', [
             'generate_password', 'reset_password_at_next_login',
             'send_mail', 'send_password_reset'])
         PolicyValue = namedtuple(
             'PolicyValue',
             ['generate_password', 'reset_password_at_next_login', 'send_mail', 'send_password_reset'],
+        )
         USER_ADD_PASSWD_POLICY_VALUES = {
             RESET_LINK_POLICY: PolicyValue(False, False, False, True),
             MANUAL_PASSWORD_POLICY: PolicyValue(False, False, True, False),
+        }
         username_is_unique = models.BooleanField(
             blank=True,
             default=False,
             verbose_name=_('Username is unique'))
         email_is_unique = models.BooleanField(
             blank=True,
             default=False,
             verbose_name=_('Email is unique'))
         default = fields.UniqueBooleanField(
             verbose_name=_('Default organizational unit'))
         username_is_unique = models.BooleanField(blank=True, default=False, verbose_name=_('Username is unique'))
         email_is_unique = models.BooleanField(blank=True, default=False, verbose_name=_('Email is unique'))
         default = fields.UniqueBooleanField(verbose_name=_('Default organizational unit'))
         validate_emails = models.BooleanField(
             blank=True,
             default=False,
             verbose_name=_('Validate emails'))
         validate_emails = models.BooleanField(blank=True, default=False, verbose_name=_('Validate emails'))
         show_username = models.BooleanField(
             blank=True,
             default=True,
             verbose_name=_('Show username'))
         show_username = models.BooleanField(blank=True, default=True, verbose_name=_('Show username'))
         admin_perms = GenericRelation(rbac_utils.get_permission_model_name(),
                                       content_type_field='target_ct',
                                       object_id_field='target_id')
         admin_perms = GenericRelation(
             rbac_utils.get_permission_model_name(), content_type_field='target_ct', object_id_field='target_id'
+        )
         user_can_reset_password = models.NullBooleanField(
             verbose_name=_('Users can reset password'))
         user_can_reset_password = models.NullBooleanField(verbose_name=_('Users can reset password'))
         user_add_password_policy = models.IntegerField(
             verbose_name=_('User creation password policy'),
             choices=USER_ADD_PASSWD_POLICY_CHOICES,
             default=0)
             verbose_name=_('User creation password policy'), choices=USER_ADD_PASSWD_POLICY_CHOICES, default=0
+        )
         clean_unused_accounts_alert = models.PositiveIntegerField(
             verbose_name=_('Days after which the user receives an account deletion alert'),
             validators=[MinValueValidator(
 , _('Ensure that this value is greater than 30 days, or leave blank for deactivating.')
             )],
             validators=[
                 MinValueValidator(
 , _('Ensure that this value is greater than 30 days, or leave blank for deactivating.')
+                )
             ],
             null=True,
             blank=True)
             blank=True,
+        )
         clean_unused_accounts_deletion = models.PositiveIntegerField(
             verbose_name=_('Delay in days before cleaning unused accounts'),
             validators=[MinValueValidator(
 , _('Ensure that this value is greater than 30 days, or leave blank for deactivating.')
             )],
             validators=[
                 MinValueValidator(
 , _('Ensure that this value is greater than 30 days, or leave blank for deactivating.')
+                )
             ],
             null=True,
             blank=True)
             blank=True,
+        )
         objects = managers.OrganizationalUnitManager()
-...
                 if self.pk:
                     qs = qs.exclude(pk=self.pk)
                 qs.update(default=None)
             if self.pk and not self.default \
                and self.__class__.objects.get(pk=self.pk).default:
                 raise ValidationError(_('You cannot unset this organizational '
                                         'unit as the default, but you can set '
                                         'another one as the default.'))
             if self.pk and not self.default and self.__class__.objects.get(pk=self.pk).default:
                 raise ValidationError(
                     _(
                         'You cannot unset this organizational '
                         'unit as the default, but you can set '
                         'another one as the default.'
+                    )
+                )
             if bool(self.clean_unused_accounts_alert) ^ bool(self.clean_unused_accounts_deletion):
                 raise ValidationError(_('Deletion and alert delays must be set together.'))
             if self.clean_unused_accounts_alert and \
                     self.clean_unused_accounts_alert >= self.clean_unused_accounts_deletion:
             if (
                 self.clean_unused_accounts_alert
                 and self.clean_unused_accounts_alert >= self.clean_unused_accounts_deletion
             ):
                 raise ValidationError(_('Deletion alert delay must be less than actual deletion delay.'))
             super(OrganizationalUnit, self).clean()
         def get_admin_role(self):
             '''Get or create the generic admin role for this organizational
                unit.
             '''
             """Get or create the generic admin role for this organizational
             unit.
             """
             name = _('Managers of "{ou}"').format(ou=self)
             slug = '_a2-managers-of-{ou.slug}'.format(ou=self)
             return Role.objects.get_admin_role(
                 instance=self, name=name, slug=slug, operation=VIEW_OP,
                 update_name=True, update_slug=True, create=True)
                 instance=self,
                 name=name,
                 slug=slug,
                 operation=VIEW_OP,
                 update_name=True,
                 update_slug=True,
                 create=True,
+            )
         def delete(self, *args, **kwargs):
             Permission.objects.filter(ou=self).delete()
-...
         def export_json(self):
             return {
                 'uuid': self.uuid, 'slug': self.slug, 'name': self.name,
                 'description': self.description, 'default': self.default,
                 'uuid': self.uuid,
                 'slug': self.slug,
                 'name': self.name,
                 'description': self.description,
                 'default': self.default,
                 'email_is_unique': self.email_is_unique,
                 'username_is_unique': self.username_is_unique,
                 'validate_emails': self.validate_emails
                 'validate_emails': self.validate_emails,
+            }
         def __str__(self):
-...
             verbose_name = _('permission')
             verbose_name_plural = _('permissions')
         mirror_roles = GenericRelation(rbac_utils.get_role_model_name(),
                                        content_type_field='admin_scope_ct',
                                        object_id_field='admin_scope_id')
         mirror_roles = GenericRelation(
             rbac_utils.get_role_model_name(),
             content_type_field='admin_scope_ct',
             object_id_field='admin_scope_id',
+        )
     Permission._meta.natural_key = [
-...
             null=True,
             blank=True,
             verbose_name=_('administrative scope content type'),
             on_delete=models.CASCADE)
             on_delete=models.CASCADE,
+        )
         admin_scope_id = models.PositiveIntegerField(
             verbose_name=_('administrative scope id'),
             null=True,
             blank=True)
         admin_scope = GenericForeignKey(
             'admin_scope_ct',
             'admin_scope_id')
             verbose_name=_('administrative scope id'), null=True, blank=True
+        )
         admin_scope = GenericForeignKey('admin_scope_ct', 'admin_scope_id')
         service = models.ForeignKey(
             to='authentic2.Service',
             verbose_name=_('service'),
             null=True,
             blank=True,
             related_name='roles',
             on_delete=models.CASCADE)
         external_id = models.TextField(
             verbose_name=_('external id'),
             blank=True,
             db_index=True)
             on_delete=models.CASCADE,
+        )
         external_id = models.TextField(verbose_name=_('external id'), blank=True, db_index=True)
         admin_perms = GenericRelation(rbac_utils.get_permission_model_name(),
                                       content_type_field='target_ct',
                                       object_id_field='target_id')
         admin_perms = GenericRelation(
             rbac_utils.get_permission_model_name(), content_type_field='target_ct', object_id_field='target_id'
+        )
         can_manage_members = models.BooleanField(
             default=True,
             verbose_name=_('Allow adding or deleting role members'))
             default=True, verbose_name=_('Allow adding or deleting role members')
+        )
         def get_admin_role(self, create=True):
             from . import utils
-...
             admin_role = self.__class__.objects.get_admin_role(
                 self,
                 name=_('Managers of role "{role}"').format(
                     role=six.text_type(self)),
                 slug='_a2-managers-of-role-{role}'.format(
                     role=slugify(six.text_type(self))),
                 name=_('Managers of role "{role}"').format(role=six.text_type(self)),
                 slug='_a2-managers-of-role-{role}'.format(role=slugify(six.text_type(self))),
                 permissions=(view_user_perm,),
                 self_administered=True,
                 update_name=True,
                 update_slug=True,
                 create=create,
                 operation=MANAGE_MEMBERS_OP)
                 operation=MANAGE_MEMBERS_OP,
+            )
             return admin_role
         def validate_unique(self, exclude=None):
-...
                 operation=operation,
                 target_ct=ContentType.objects.get_for_model(self),
                 target_id=self.pk,
                 ou__is_null=True)
                 ou__is_null=True,
+            )
             return self.permissions.filter(pk=self_perm.pk).exists()
         def add_self_administration(self, op=None):
-...
             Permission = rbac_utils.get_permission_model()
             operation = rbac_utils.get_operation(op)
             self_perm, created = Permission.objects.get_or_create(
                 operation=operation,
                 target_ct=ContentType.objects.get_for_model(self),
                 target_id=self.pk)
                 operation=operation, target_ct=ContentType.objects.get_for_model(self), target_id=self.pk
+            )
             self.permissions.through.objects.get_or_create(role=self, permission=self_perm)
             return self_perm
-...
         class Meta:
             verbose_name = _('role')
             verbose_name_plural = _('roles')
             ordering = ('ou', 'service', 'name',)
             unique_together = (
                 ('admin_scope_ct', 'admin_scope_id'),
             ordering = (
                 'ou',
                 'service',
                 'name',
+            )
             unique_together = (('admin_scope_ct', 'admin_scope_id'),)
         def natural_key(self):
             return [
-...
         def export_json(self, attributes=False, parents=False, permissions=False):
             d = {
                 'uuid': self.uuid, 'slug': self.slug, 'name': self.name,
                 'description': self.description, 'external_id': self.external_id,
                 'uuid': self.uuid,
                 'slug': self.slug,
                 'name': self.name,
                 'description': self.description,
                 'external_id': self.external_id,
                 'ou': self.ou and self.ou.natural_key_json(),
                 'service': self.service and self.service.natural_key_json()
                 'service': self.service and self.service.natural_key_json(),
+            }
             if attributes:
-...
             verbose_name_plural = _('role parenting relations')
         def __str__(self):
             return u'{0} {1}> {2}'.format(self.parent.name, '-' if self.direct else '~',
                                           self.child.name)
             return u'{0} {1}> {2}'.format(self.parent.name, '-' if self.direct else '~', self.child.name)
     class RoleAttribute(models.Model):
         KINDS = (
             ('string', _('string')),
+        )
         KINDS = (('string', _('string')),)
         role = models.ForeignKey(
             to=Role,
             verbose_name=_('role'),
             related_name='attributes',
             on_delete=models.CASCADE)
         name = models.CharField(
             max_length=64,
             verbose_name=_('name'))
         kind = models.CharField(
             max_length=32,
             choices=KINDS,
             verbose_name=_('kind'))
         value = models.TextField(
             verbose_name=_('value'))
             to=Role, verbose_name=_('role'), related_name='attributes', on_delete=models.CASCADE
+        )
         name = models.CharField(max_length=64, verbose_name=_('name'))
         kind = models.CharField(max_length=32, choices=KINDS, verbose_name=_('kind'))
         value = models.TextField(verbose_name=_('value'))
         class Meta:
             verbose_name = ('role attribute')
             verbose_name = 'role attribute'
             verbose_name_plural = _('role attributes')
             unique_together = (
                 ('role', 'name', 'kind', 'value'),
+            )
             unique_together = (('role', 'name', 'kind', 'value'),)
         def to_json(self):
             return {'name': self.name, 'kind': self.kind, 'value': self.value}
     GenericRelation(Permission,
                     content_type_field='target_ct',
                     object_id_field='target_id').contribute_to_class(ContentType, 'admin_perms')
     GenericRelation(Permission, content_type_field='target_ct', object_id_field='target_id').contribute_to_class(
         ContentType, 'admin_perms'
+    )
     CHANGE_PASSWORD_OP = Operation.register(name=_('Change password'), slug='change_password')
-...
     ACTIVATE_OP = Operation.register(name=_('Activation'), slug='activate')
     CHANGE_EMAIL_OP = Operation.register(name=pgettext_lazy('operation', 'Change email'), slug='change_email')
     MANAGE_MEMBERS_OP = Operation.register(name=_('Manage role members'), slug='manage_members')
     MANAGE_AUTHORIZATIONS_OP = Operation.register(
         name=_('Manage service consents'), slug='manage_authorizations')
     MANAGE_AUTHORIZATIONS_OP = Operation.register(name=_('Manage service consents'), slug='manage_authorizations')

     from django_rbac.managers import defer_update_transitive_closure
     def create_default_ou(app_config, verbosity=2, interactive=True,
                           using=DEFAULT_DB_ALIAS, **kwargs):
     def create_default_ou(app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS, **kwargs):
         if not router.allow_migrate(using, get_ou_model()):
             return
         # be sure new objects names are localized using the default locale
-...
                 defaults={
                     'default': True,
                     'name': _('Default organizational unit'),
                 })
                 },
+            )
             # Update all existing models having an ou field to the default ou
             for app in apps.get_app_configs():
                 for model in app.get_models():
-...
                     model.objects.filter(ou__isnull=True).update(ou=default_ou)
     def post_migrate_update_rbac(app_config, verbosity=2, interactive=True,
                                  using=DEFAULT_DB_ALIAS, **kwargs):
     def post_migrate_update_rbac(app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS, **kwargs):
         # be sure new objects names are localized using the default locale
         from .management import update_ous_admin_roles, update_content_types_roles
-...
         get_role_model().objects.filter(service=instance).update(ou=instance.ou)
     def create_default_permissions(app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS,
                                    **kwargs):
         from .models import (CHANGE_PASSWORD_OP, RESET_PASSWORD_OP, ACTIVATE_OP, CHANGE_EMAIL_OP,
                              MANAGE_MEMBERS_OP, MANAGE_AUTHORIZATIONS_OP)
     def create_default_permissions(app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS, **kwargs):
         from .models import (
             CHANGE_PASSWORD_OP,
             RESET_PASSWORD_OP,
             ACTIVATE_OP,
             CHANGE_EMAIL_OP,
             MANAGE_MEMBERS_OP,
             MANAGE_AUTHORIZATIONS_OP,
+        )
         if not router.allow_migrate(using, get_ou_model()):
             return

             operation=rbac_utils.get_operation(VIEW_OP),
             target_ct=ContentType.objects.get_for_model(ContentType),
             target_id=ContentType.objects.get_for_model(User).pk,
             ou__isnull=ou is None, ou=ou)
             ou__isnull=ou is None,
             ou=ou,
+        )
         return view_user_perm
-...
                 operation=rbac_utils.get_operation(SEARCH_OP),
                 target_ct=ContentType.objects.get_for_model(ou),
                 target_id=ou.pk,
                 ou__isnull=True)
                 ou__isnull=True,
+            )
         else:
             OU = rbac_utils.get_ou_model()
             Permission = rbac_utils.get_permission_model()
-...
                 operation=rbac_utils.get_operation(SEARCH_OP),
                 target_ct=ContentType.objects.get_for_model(ContentType),
                 target_id=ContentType.objects.get_for_model(OU).pk,
                 ou__isnull=True)
                 ou__isnull=True,
+            )
         return view_ou_perm
-...
             operation=rbac_utils.get_operation(models.MANAGE_AUTHORIZATIONS_OP),
             target_ct=ContentType.objects.get_for_model(ContentType),
             target_id=ContentType.objects.get_for_model(User).pk,
             ou__isnull=ou is None, ou=ou)
             ou__isnull=ou is None,
             ou=ou,
+        )
         return manage_authorizations_user_perm

     from django.contrib.auth.forms import ReadOnlyPasswordHashField
     from .nonce.models import Nonce
     from . import (models, app_settings, decorators, attribute_kinds,
                    utils)
     from . import models, app_settings, decorators, attribute_kinds, utils
     from .forms.profile import BaseUserForm, modelform_factory
     from .custom_user.models import User, DeletedUser
     def cleanup_action(modeladmin, request, queryset):
         queryset.cleanup()
     cleanup_action.short_description = _('Cleanup expired objects')
-...
     class NonceModelAdmin(admin.ModelAdmin):
         list_display = ("value", "context", "not_on_or_after")
     admin.site.register(Nonce, NonceModelAdmin)
     class AttributeValueAdmin(admin.ModelAdmin):
         list_display = ('content_type', 'owner', 'attribute', 'content')
     admin.site.register(models.AttributeValue, AttributeValueAdmin)
     class LogoutUrlAdmin(admin.ModelAdmin):
         list_display = ('provider', 'logout_url', 'logout_use_iframe', 'logout_use_iframe_timeout')
     admin.site.register(models.LogoutUrl, LogoutUrlAdmin)
-...
         date_hierarchy = 'when'
         search_fields = ('who', 'nonce', 'how')
     admin.site.register(models.AuthenticationEvent, AuthenticationEventAdmin)
-...
         date_hierarchy = 'created'
         search_fields = ('user__username', 'source', 'external_id')
     admin.site.register(models.UserExternalId, UserExternalIdAdmin)
-...
+    )
     if settings.SESSION_ENGINE in DB_SESSION_ENGINES:
         class SessionAdmin(admin.ModelAdmin):
             def _session_data(self, obj):
                 return pprint.pformat(obj.get_decoded()).replace('\n', '<br>\n')
             _session_data.allow_tags = True
             _session_data.short_description = _('session data')
             list_display = ['session_key', 'ips', 'user', '_session_data', 'expire_date']
-...
                 content = session.get_decoded()
                 ips = content.get('ips', set())
                 return ', '.join(ips)
             ips.short_description = _('IP adresses')
             def user(self, session):
                 from django.contrib import auth
                 from django.contrib.auth import models as auth_models
                 content = session.get_decoded()
                 if auth.SESSION_KEY not in content:
                     return
-...
                 except Exception:
                     user = _('deleted user %r') % user_id
                 return user
             user.short_description = _('user')
             def clear_expired(self, request, queryset):
                 queryset.filter(expire_date__lt=timezone.now()).delete()
             clear_expired.short_description = _('clear expired sessions')
         admin.site.register(Session, SessionAdmin)
-...
         parameter_name = 'external'
         def lookups(self, request, model_admin):
             return (
                 ('1', _('Yes')),
                 ('0', _('No'))
+            )
             return (('1', _('Yes')), ('0', _('No')))
         def queryset(self, request, queryset):
             """
-...
         password = ReadOnlyPasswordHashField(
             label=_("Password"),
             help_text=_("Raw passwords are not stored, so there is no way to see "
                         "this user's password, but you can change the password "
                         "using <a href=\"password/\">this form</a>."))
             help_text=_(
                 "Raw passwords are not stored, so there is no way to see "
                 "this user's password, but you can change the password "
                 "using <a href=\"password/\">this form</a>."
             ),
+        )
         class Meta:
             model = User
-...
         A form that creates a user, with no privileges, from the given username and
         password.
         """
         error_messages = {
             'password_mismatch': _("The two password fields didn't match."),
             'missing_credential': _("You must at least give a username or an email to your user"),
+        }
         password1 = forms.CharField(
             label=_("Password"),
             widget=forms.PasswordInput)
         password1 = forms.CharField(label=_("Password"), widget=forms.PasswordInput)
         password2 = forms.CharField(
             label=_("Password confirmation"),
             widget=forms.PasswordInput,
             help_text=_("Enter the same password as above, for verification."))
             help_text=_("Enter the same password as above, for verification."),
+        )
         class Meta:
             model = User
-...
         fieldsets = (
             (None, {'fields': ('uuid', 'ou', 'password')}),
             (_('Personal info'), {'fields': ('username', 'first_name', 'last_name', 'email')}),
             (_('Permissions'), {'fields': ('is_active', 'is_staff', 'is_superuser',
                                            'groups')}),
             (_('Permissions'), {'fields': ('is_active', 'is_staff', 'is_superuser', 'groups')}),
             (_('Important dates'), {'fields': ('last_login', 'date_joined', 'deactivation')}),
+        )
         add_fieldsets = (
             (None, {
                 'classes': ('wide',),
                 'fields': ('ou', 'username', 'first_name', 'last_name', 'email', 'password1', 'password2')}),
+            (
                 None,
+                {
                     'classes': ('wide',),
                     'fields': ('ou', 'username', 'first_name', 'last_name', 'email', 'password1', 'password2'),
                 },
             ),
+        )
         readonly_fields = ('uuid',)
         list_filter = UserAdmin.list_filter + (UserRealmListFilter, ExternalUserListFilter)
-...
                 fieldsets = list(fieldsets)
                 fieldsets.insert(
                     insertion_idx,
                     (_('Attributes'), {'fields': [at.name for at in qs if at.name not in
                                                   ['first_name', 'last_name']]}))
+                    (
                         _('Attributes'),
                         {'fields': [at.name for at in qs if at.name not in ['first_name', 'last_name']]},
                     ),
+                )
             return fieldsets
         def get_form(self, request, obj=None, **kwargs):
             self.form = modelform_factory(self.model, form=UserChangeForm,
                                           fields=models.Attribute.objects.values_list('name',
                                                                                       flat=True))
             self.add_form = modelform_factory(self.model, form=UserCreationForm,
                                               fields=models.Attribute.objects.filter(required=True)
                                               .values_list('name', flat=True))
             self.form = modelform_factory(
                 self.model, form=UserChangeForm, fields=models.Attribute.objects.values_list('name', flat=True)
+            )
             self.add_form = modelform_factory(
                 self.model,
                 form=UserCreationForm,
                 fields=models.Attribute.objects.filter(required=True).values_list('name', flat=True),
+            )
             if 'fields' in kwargs:
                 fields = kwargs.pop('fields')
             else:
-...
             timestamp = timezone.now()
             for user in queryset:
                 user.mark_as_inactive(timestamp=timestamp)
         mark_as_inactive.short_description = _('Mark as inactive')
     admin.site.register(User, AuthenticUserAdmin)
-...
     class AttributeAdmin(admin.ModelAdmin):
         form = AttributeForm
         list_display = ('label', 'disabled', 'name', 'kind', 'order', 'required',
                         'asked_on_registration', 'user_editable', 'user_visible')
         list_display = (
             'label',
             'disabled',
             'name',
             'kind',
             'order',
             'required',
             'asked_on_registration',
             'user_editable',
             'user_visible',
+        )
         list_editable = ('order',)
         def get_queryset(self, request):
             return self.model.all_objects.all()
     admin.site.register(models.Attribute, AttributeAdmin)
-...
         date_hierarchy = 'deleted'
         search_fields = ['=old_user_id', '^old_uuid', 'old_email']
     admin.site.register(DeletedUser, DeletedUserAdmin)
-...
     def login(request, extra_context=None):
         return utils.redirect_to_login(request, login_url=utils.get_manager_login_url())
     admin.site.login = login
-...
     def logout(request, extra_context=None):
         return utils.redirect_to_login(request, login_url='auth_logout')
     admin.site.logout = logout
     admin.site.register(models.PasswordReset)

             except qs.model.DoesNotExist:
                 return None
             except qs.model.MultipleObjectsReturned:
                 raise Conflict('retrieved several instances of model %s for key attributes %s' % (
                     qs.model.__name__, kwargs))
                 raise Conflict(
                     'retrieved several instances of model %s for key attributes %s' % (qs.model.__name__, kwargs)
+                )
         def _validate_get_keys(self, keys):
             # Remove many-to-many relationships from validated_data.

         url(r'^register/$', api_views.register, name='a2-api-register'),
         url(r'^password-change/$', api_views.password_change, name='a2-api-password-change'),
         url(r'^user/$', api_views.user, name='a2-api-user'),
         url(r'^roles/(?P<role_uuid>[\w+]*)/members/(?P<member_uuid>[^/]+)/$', api_views.role_membership,
             name='a2-api-role-member'),
         url(r'^roles/(?P<role_uuid>[\w+]*)/relationships/members/$', api_views.role_memberships,
             name='a2-api-role-members'),
         url(
             r'^roles/(?P<role_uuid>[\w+]*)/members/(?P<member_uuid>[^/]+)/$',
             api_views.role_membership,
             name='a2-api-role-member',
         ),
         url(
             r'^roles/(?P<role_uuid>[\w+]*)/relationships/members/$',
             api_views.role_memberships,
             name='a2-api-role-members',
         ),
         url(r'^check-password/$', api_views.check_password, name='a2-api-check-password'),
         url(r'^validate-password/$', api_views.validate_password, name='a2-api-validate-password'),
         url(r'^address-autocomplete/$', api_views.address_autocomplete, name='a2-api-address-autocomplete'),

     from rest_framework.generics import GenericAPIView
     from rest_framework.response import Response
     from rest_framework import permissions, status, authentication
     from rest_framework.exceptions import (PermissionDenied, AuthenticationFailed,
         ValidationError, NotFound)
     from rest_framework.exceptions import PermissionDenied, AuthenticationFailed, ValidationError, NotFound
     from rest_framework.fields import CreateOnlyDefault
     from authentic2.compat.drf import action
     from rest_framework.authentication import SessionAuthentication
-...
     from .passwords import get_password_checker
     from .custom_user.models import User
     from . import (utils, decorators, attribute_kinds, app_settings, hooks,
                    api_mixins)
     from . import utils, decorators, attribute_kinds, app_settings, hooks, api_mixins
     from .models import Attribute, PasswordReset, Service
     from .a2_rbac.utils import get_default_ou
     from .journal_event_types import UserLogin, UserRegistration
-...
     if django.VERSION < (2,):
         import rest_framework.fields
         from . import validators
         rest_framework.fields.ProhibitNullCharactersValidator = validators.ProhibitNullCharactersValidator
     if django.VERSION < (1, 11):
         authentication.authenticate = utils.authenticate
-...
     class RegistrationSerializer(serializers.Serializer):
         '''Register RPC payload'''
         email = serializers.EmailField(
             required=False, allow_blank=True)
         email = serializers.EmailField(required=False, allow_blank=True)
         ou = serializers.SlugRelatedField(
             queryset=get_ou_model().objects.all(),
             slug_field='slug',
             default=get_default_ou,
             required=False, allow_null=True)
         username = serializers.CharField(
             required=False, allow_blank=True)
         first_name = serializers.CharField(
             required=False, allow_blank=True, default='')
         last_name = serializers.CharField(
             required=False, allow_blank=True, default='')
         password = serializers.CharField(
             required=False, allow_null=True)
         no_email_validation = serializers.BooleanField(
             required=False)
             required=False,
             allow_null=True,
+        )
         username = serializers.CharField(required=False, allow_blank=True)
         first_name = serializers.CharField(required=False, allow_blank=True, default='')
         last_name = serializers.CharField(required=False, allow_blank=True, default='')
         password = serializers.CharField(required=False, allow_null=True)
         no_email_validation = serializers.BooleanField(required=False)
         return_url = serializers.URLField(required=False, allow_blank=True)
         def validate(self, data):
-...
                 else:
                     authorized = request.user.has_perm(perm)
                 if not authorized:
                     raise serializers.ValidationError(_('you are not authorized '
                                                         'to create users in '
                                                         'this ou'))
                     raise serializers.ValidationError(
                         _('you are not authorized ' 'to create users in ' 'this ou')
+                    )
             User = get_user_model()
             if ou:
                 if (app_settings.A2_EMAIL_IS_UNIQUE or
                         app_settings.A2_REGISTRATION_EMAIL_IS_UNIQUE):
                 if app_settings.A2_EMAIL_IS_UNIQUE or app_settings.A2_REGISTRATION_EMAIL_IS_UNIQUE:
                     if 'email' not in data:
                         raise serializers.ValidationError(
                             _('Email is required'))
                     if User.objects.filter(
                             email__iexact=data['email']).exists():
                         raise serializers.ValidationError(
                             _('Account already exists'))
                         raise serializers.ValidationError(_('Email is required'))
                     if User.objects.filter(email__iexact=data['email']).exists():
                         raise serializers.ValidationError(_('Account already exists'))
                 if ou.email_is_unique:
                     if 'email' not in data:
                         raise serializers.ValidationError(
                             _('Email is required in this ou'))
                     if User.objects.filter(
                             ou=ou, email__iexact=data['email']).exists():
                         raise serializers.ValidationError(
                             _('Account already exists in this ou'))
                 if (app_settings.A2_USERNAME_IS_UNIQUE or
                         app_settings.A2_REGISTRATION_USERNAME_IS_UNIQUE):
                         raise serializers.ValidationError(_('Email is required in this ou'))
                     if User.objects.filter(ou=ou, email__iexact=data['email']).exists():
                         raise serializers.ValidationError(_('Account already exists in this ou'))
                 if app_settings.A2_USERNAME_IS_UNIQUE or app_settings.A2_REGISTRATION_USERNAME_IS_UNIQUE:
                     if 'username' not in data:
                         raise serializers.ValidationError(
                             _('Username is required'))
                     if User.objects.filter(
                             username=data['username']).exists():
                         raise serializers.ValidationError(
                             _('Account already exists'))
                         raise serializers.ValidationError(_('Username is required'))
                     if User.objects.filter(username=data['username']).exists():
                         raise serializers.ValidationError(_('Account already exists'))
                 if ou.username_is_unique:
                     if 'username' not in data:
                         raise serializers.ValidationError(
                             _('Username is required in this ou'))
                     if User.objects.filter(
                             ou=ou, username=data['username']).exists():
                         raise serializers.ValidationError(
                             _('Account already exists in this ou'))
                         raise serializers.ValidationError(_('Username is required in this ou'))
                     if User.objects.filter(ou=ou, username=data['username']).exists():
                         raise serializers.ValidationError(_('Account already exists in this ou'))
             return data
-...
     class Register(BaseRpcView):
         '''Register the given email, send a mail to the user and return a
            validation token.
            A mail will be sent to the user to validate its email. On
            validation of the mail the user will be logged and redirected to
            `{return_url}?token={token}`. It's the durty of the requesting
            service to finish the registration process on its side.
            If email is unique and an account already exist the requesting
            must enter in a process of registration through SSO, i.e. ask for
            authentication of the user and then finish the registration
            process for the received identity.
         '''
         """Register the given email, send a mail to the user and return a
         validation token.
         A mail will be sent to the user to validate its email. On
         validation of the mail the user will be logged and redirected to
         `{return_url}?token={token}`. It's the durty of the requesting
         service to finish the registration process on its side.
         If email is unique and an account already exist the requesting
         must enter in a process of registration through SSO, i.e. ask for
         authentication of the user and then finish the registration
         process for the received identity.
         """
         permission_classes = (permissions.IsAuthenticated,)
         serializer_class = RegistrationSerializer
         def rpc(self, request, serializer):
             validated_data = serializer.validated_data
             if not request.user.has_ou_perm('custom_user.add_user', validated_data['ou']):
                 raise PermissionDenied('You do not have permission to create users in ou %s' %
                                        validated_data['ou'].slug)
                 raise PermissionDenied(
                     'You do not have permission to create users in ou %s' % validated_data['ou'].slug
+                )
             email = validated_data.get('email')
             registration_data = {}
             for field in ('first_name', 'last_name', 'password', 'username'):
-...
             final_return_url = None
             if validated_data.get('return_url'):
                 token = utils.get_hex_uuid()[:16]
                 final_return_url = utils.make_url(validated_data['return_url'],
                                                   params={'token': token})
                 final_return_url = utils.make_url(validated_data['return_url'], params={'token': token})
             if email and not validated_data.get('no_email_validation'):
                 registration_template = ['authentic2/activation_email']
                 if validated_data['ou']:
                     registration_template.insert(0, 'authentic2/activation_email_%s' %
                                                  validated_data['ou'].slug)
                     registration_template.insert(0, 'authentic2/activation_email_%s' % validated_data['ou'].slug)
                 try:
                     utils.send_registration_mail(self.request, email,
                                                  template_names=registration_template,
                                                  next_url=final_return_url,
                                                  ou=validated_data['ou'],
                                                  context=ctx,
                                                  **registration_data)
                     utils.send_registration_mail(
                         self.request,
                         email,
                         template_names=registration_template,
                         next_url=final_return_url,
                         ou=validated_data['ou'],
                         context=ctx,
                         **registration_data,
+                    )
                 except smtplib.SMTPException as e:
                     response = {
                         'result': 0,
                         'errors': {
                             '__all__': ['Mail sending failed']
                         },
                         'errors': {'__all__': ['Mail sending failed']},
                         'exception': force_text(e),
+                    }
                     response_status = status.HTTP_503_SERVICE_UNAVAILABLE
-...
                 last_name = validated_data.get('last_name')
                 password = validated_data.get('password')
                 ou = validated_data.get('ou')
                 if not email and \
                    not username and \
                    not (first_name and last_name):
                 if not email and not username and not (first_name and last_name):
                     response = {
                         'result': 0,
                         'errors': {
                             '__all__': ['You must set at least a username, an email or '
                                         'a first name and a last name']
                             '__all__': [
                                 'You must set at least a username, an email or ' 'a first name and a last name'
+                            ]
                         },
+                    }
                     response_status = status.HTTP_400_BAD_REQUEST
                 else:
                     new_user = User(email=email, username=username, ou=ou, first_name=first_name,
                                     last_name=last_name)
                     new_user = User(
                         email=email, username=username, ou=ou, first_name=first_name, last_name=last_name
+                    )
                     if password:
                         new_user.set_password(password)
                     new_user.save()
-...
+                    }
                     if email:
                         response['validation_url'] = utils.build_activation_url(
                             request, email, next_url=final_return_url, ou=ou, **registration_data)
                             request, email, next_url=final_return_url, ou=ou, **registration_data
+                        )
                     if token:
                         response['token'] = token
                     response_status = status.HTTP_201_CREATED
             return response, response_status
     register = Register.as_view()
     class PasswordChangeSerializer(serializers.Serializer):
         '''Register RPC payload'''
         email = serializers.EmailField()
         ou = serializers.SlugRelatedField(
             queryset=get_ou_model().objects.all(),
             slug_field='slug',
             required=False, allow_null=True)
         old_password = serializers.CharField(
             required=True, allow_null=True)
         new_password = serializers.CharField(
             required=True, allow_null=True)
             queryset=get_ou_model().objects.all(), slug_field='slug', required=False, allow_null=True
+        )
         old_password = serializers.CharField(required=True, allow_null=True)
         new_password = serializers.CharField(required=True, allow_null=True)
         def validate(self, data):
             User = get_user_model()
-...
             serializer.user.save()
             return {'result': 1}, status.HTTP_200_OK
     password_change = PasswordChange.as_view()
-...
     class BaseUserSerializer(serializers.ModelSerializer):
         ou = serializers.SlugRelatedField(
             queryset=get_ou_model().objects.all(),
             slug_field='slug',
             required=False, default=get_default_ou)
             queryset=get_ou_model().objects.all(), slug_field='slug', required=False, default=get_default_ou
+        )
         date_joined = serializers.DateTimeField(read_only=True)
         last_login = serializers.DateTimeField(read_only=True)
         dist = serializers.FloatField(read_only=True)
         send_registration_email = serializers.BooleanField(write_only=True, required=False,
                                                            default=False)
         send_registration_email = serializers.BooleanField(write_only=True, required=False, default=False)
         send_registration_email_next_url = serializers.URLField(write_only=True, required=False)
         password = serializers.CharField(max_length=128, required=False)
         force_password_reset = serializers.BooleanField(write_only=True, required=False, default=False)
-...
                 else:
                     self.fields[at.name] = at.get_drf_field()
                 self.fields[at.name + '_verified'] = serializers.BooleanField(
                     source='is_verified.%s' % at.name, required=False)
                     source='is_verified.%s' % at.name, required=False
+                )
             for key in self.fields:
                 if key in app_settings.A2_REQUIRED_FIELDS:
                     self.fields[key].required = True
-...
         def create(self, validated_data):
             original_data = validated_data.copy()
             send_registration_email = validated_data.pop('send_registration_email', False)
             send_registration_email_next_url = validated_data.pop('send_registration_email_next_url',
                                                                   None)
             send_registration_email_next_url = validated_data.pop('send_registration_email_next_url', None)
             force_password_reset = validated_data.pop('force_password_reset', False)
             attributes = validated_data.pop('attributes', {})
-...
                 try:
                     utils.send_password_reset_mail(
                         instance,
                         template_names=['authentic2/api_user_create_registration_email',
                                         'authentic2/password_reset'],
                         template_names=[
                             'authentic2/api_user_create_registration_email',
                             'authentic2/password_reset',
                         ],
                         request=self.context['request'],
                         next_url=send_registration_email_next_url,
                         context={
                             'data': original_data,
                         })
                         },
+                    )
                 except smtplib.SMTPException as e:
                     logging.getLogger(__name__).error(u'registration mail could not be sent to user %s '
                                                       'created through API: %s', instance, e)
                     logging.getLogger(__name__).error(
                         u'registration mail could not be sent to user %s ' 'created through API: %s', instance, e
+                    )
             return instance
         def update(self, instance, validated_data):
-...
             self.check_perm('custom_user.change_user', instance.ou)
             if 'ou' in validated_data:
                 self.check_perm('custom_user.change_user', validated_data.get('ou'))
             if validated_data.get('email') != instance.email and \
                     not validated_data.get('email_verified'):
             if validated_data.get('email') != instance.email and not validated_data.get('email_verified'):
                 instance.email_verified = False
             super(BaseUserSerializer, self).update(instance, validated_data)
             for key, value in attributes.items():
-...
             update_or_create_fields = self.context['view'].request.GET.getlist('update_or_create')
             already_used = False
             if ('email' not in get_or_create_fields
                     and 'email' not in update_or_create_fields
                     and data.get('email')
                     and (not self.instance or data.get('email') != self.instance.email)):
                 if app_settings.A2_EMAIL_IS_UNIQUE and qs.filter(
                         email=data['email']).exists():
             if (
                 'email' not in get_or_create_fields
                 and 'email' not in update_or_create_fields
                 and data.get('email')
                 and (not self.instance or data.get('email') != self.instance.email)
             ):
                 if app_settings.A2_EMAIL_IS_UNIQUE and qs.filter(email=data['email']).exists():
                     already_used = True
                 if ou and ou.email_is_unique and qs.filter(
                         ou=ou, email=data['email']).exists():
                 if ou and ou.email_is_unique and qs.filter(ou=ou, email=data['email']).exists():
                     already_used = True
             errors = {}
-...
             required=False,
             default=CreateOnlyDefault(get_default_ou),
             queryset=get_ou_model().objects.all(),
             slug_field='slug')
             slug_field='slug',
+        )
         slug = serializers.SlugField(
             required=False,
             allow_blank=False,
             max_length=256,
             default=SlugFromNameDefault())
             required=False, allow_blank=False, max_length=256, default=SlugFromNameDefault()
+        )
         @property
         def user(self):
-...
         class Meta:
             model = get_role_model()
             fields = ('uuid', 'name', 'slug', 'ou',)
             fields = (
                 'uuid',
                 'name',
                 'slug',
                 'ou',
+            )
             extra_kwargs = {'uuid': {'read_only': True}}
             validators = [
                 UniqueTogetherValidator(
                     queryset=get_role_model().objects.all(),
                     fields=['name', 'ou']
                 ),
                 UniqueTogetherValidator(
                     queryset=get_role_model().objects.all(),
                     fields=['slug', 'ou']
+                )
                 UniqueTogetherValidator(queryset=get_role_model().objects.all(), fields=['name', 'ou']),
                 UniqueTogetherValidator(queryset=get_role_model().objects.all(), fields=['slug', 'ou']),
+            ]
-...
                 return super(IsoDateTimeField, self).strptime(value, format)
             except AmbiguousTimeError:
                 parsed = parse_datetime(value)
                 possible = sorted([
                     handle_timezone(parsed, is_dst=True),
                     handle_timezone(parsed, is_dst=False),
                 ])
                 possible = sorted(
+                    [
                         handle_timezone(parsed, is_dst=True),
                         handle_timezone(parsed, is_dst=False),
+                    ]
+                )
                 if self.bound == 'lesser':
                     return possible[0]
                 elif self.bound == 'upper':
-...
         class Meta:
             model = get_user_model()
             fields = {
                 'username': [
                     'exact',
                     'iexact'
                 ],
                 'username': ['exact', 'iexact'],
                 'first_name': [
                     'exact',
                     'iexact',
-...
     class FreeTextSearchFilter(BaseFilterBackend):
         """
         """
         """"""
         def filter_queryset(self, request, queryset, view):
             if 'q' in request.GET:
                 queryset = queryset.free_text_search(request.GET['q'])
-...
         @property
         def ordering(self):
            if 'q' in self.request.GET:
                return ['dist', Unaccent('last_name'), Unaccent('first_name')]
            return User._meta.ordering
             if 'q' in self.request.GET:
                 return ['dist', Unaccent('last_name'), Unaccent('first_name')]
             return User._meta.ordering
         def get_queryset(self):
             qs = super().get_queryset()
-...
             if 'service-slug' in self.request.GET:
                 service_slug = self.request.GET['service-slug']
                 service_ou = self.request.GET.get('service-ou', '')
                 service = Service.objects.filter(
                     slug=service_slug,
                     ou__slug=service_ou
                 ).prefetch_related('authorized_roles').first()
                 service = (
                     Service.objects.filter(slug=service_slug, ou__slug=service_ou)
                     .prefetch_related('authorized_roles')
                     .first()
+                )
                 if service:
                     if service.authorized_roles.all():
                         qs = qs.filter(roles__in=service.authorized_roles.children())
-...
             known_uuids = User.objects.filter(uuid__in=uuids).values_list('uuid', flat=True)
             return set(uuids) - set(known_uuids)
         @action(detail=False, methods=['post'],
                 permission_classes=(DjangoPermission('custom_user.search_user'),))
         @action(detail=False, methods=['post'], permission_classes=(DjangoPermission('custom_user.search_user'),))
         def synchronization(self, request):
             serializer = self.SynchronizationSerializer(data=request.data)
             if not serializer.is_valid():
                 response = {
                     'result': 0,
                     'errors': serializer.errors
+                }
                 response = {'result': 0, 'errors': serializer.errors}
                 return Response(response, status.HTTP_400_BAD_REQUEST)
             hooks.call_hooks('api_modify_serializer_after_validation', self, serializer)
             unknown_uuids = self.check_uuids(serializer.validated_data.get('known_uuids', []))
-...
             hooks.call_hooks('api_modify_response', self, 'synchronization', data)
             return Response(data)
         @action(detail=True, methods=['post'], url_path='password-reset',
                       permission_classes=(DjangoPermission('custom_user.reset_password_user'),))
         @action(
             detail=True,
             methods=['post'],
             url_path='password-reset',
             permission_classes=(DjangoPermission('custom_user.reset_password_user'),),
+        )
         def password_reset(self, request, uuid):
             user = self.get_object()
             # An user without email cannot receive the token
             if not user.email:
                 return Response({'result': 0, 'reason': 'User has no mail'}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
                 return Response(
                     {'result': 0, 'reason': 'User has no mail'}, status=status.HTTP_500_INTERNAL_SERVER_ERROR
+                )
             utils.send_password_reset_mail(user, request=request)
             return Response(status=status.HTTP_204_NO_CONTENT)
         @action(detail=True, methods=['post'],
                       permission_classes=(DjangoPermission('custom_user.change_user'),))
         @action(detail=True, methods=['post'], permission_classes=(DjangoPermission('custom_user.change_user'),))
         def email(self, request, uuid):
             user = self.get_object()
             serializer = ChangeEmailSerializer(data=request.data)
             if not serializer.is_valid():
                 response = {
                     'result': 0,
                     'errors': serializer.errors
+                }
                 response = {'result': 0, 'errors': serializer.errors}
                 return Response(response, status.HTTP_400_BAD_REQUEST)
             user.email_verified = False
             user.save()
             utils.send_email_change_email(user, serializer.validated_data['email'], request=request)
             return Response({'result': 1})
         @action(detail=False, methods=['get'],
                 permission_classes=(DjangoPermission('custom_user.search_user'),))
         @action(detail=False, methods=['get'], permission_classes=(DjangoPermission('custom_user.search_user'),))
         def find_duplicates(self, request):
             serializer = self.get_serializer(data=request.query_params, partial=True)
             if not serializer.is_valid():
                 response = {
                     'data': [],
                     'err': 1,
                     'err_desc': serializer.errors
+                }
                 response = {'data': [], 'err': 1, 'err_desc': serializer.errors}
                 return Response(response, status.HTTP_400_BAD_REQUEST)
             data = serializer.validated_data
-...
             birthdate = attributes.get('birthdate')
             qs = User.objects.find_duplicates(first_name, last_name, birthdate=birthdate)
             return Response({
                 'data': DuplicateUserSerializer(qs, many=True).data,
                 'err': 0,
             })
             return Response(
+                {
                     'data': DuplicateUserSerializer(qs, many=True).data,
                     'err': 0,
+                }
+            )
     class RolesAPI(api_mixins.GetOrCreateMixinView, ExceptionHandlerMixin, ModelViewSet):
-...
         def post(self, request, *args, **kwargs):
             self.role.members.add(self.member)
             return Response({'result': 1, 'detail': _('User successfully added to role')},
                             status=status.HTTP_201_CREATED)
             return Response(
                 {'result': 1, 'detail': _('User successfully added to role')}, status=status.HTTP_201_CREATED
+            )
         def delete(self, request, *args, **kwargs):
             self.role.members.remove(self.member)
             return Response({'result': 1, 'detail': _('User successfully removed from role')},
                             status=status.HTTP_200_OK)
             return Response(
                 {'result': 1, 'detail': _('User successfully removed from role')}, status=status.HTTP_200_OK
+            )
     role_membership = RoleMembershipAPI.as_view()
-...
                 try:
                     uuid = entry['uuid']
                 except TypeError:
                     raise ValidationError(_("List elements of the 'data' dict "
                             "entry must be dictionaries"))
                     raise ValidationError(_("List elements of the 'data' dict " "entry must be dictionaries"))
                 except KeyError:
                     raise ValidationError(_("Missing 'uuid' key for dict entry %s "
                             "of the 'data' payload") % entry)
                     raise ValidationError(
                         _("Missing 'uuid' key for dict entry %s " "of the 'data' payload") % entry
+                    )
                 try:
                     self.members.append(User.objects.get(uuid=uuid))
                 except User.DoesNotExist:
                     raise ValidationError(
                             _('No known user for UUID %s') % entry['uuid'])
                     raise ValidationError(_('No known user for UUID %s') % entry['uuid'])
             if not len(self.members) and request.method in ('POST', 'DELETE'):
                 raise ValidationError(_('No valid user UUID'))
-...
         def post(self, request, *args, **kwargs):
             self.role.members.add(*self.members)
             return Response(
+                    {
                         'result': 1,
                         'detail': _('Users successfully added to role')
                     },
                     status=status.HTTP_201_CREATED)
                 {'result': 1, 'detail': _('Users successfully added to role')}, status=status.HTTP_201_CREATED
+            )
         def delete(self, request, *args, **kwargs):
             self.role.members.remove(*self.members)
             return Response(
+                    {
                         'result': 1,
                         'detail': _('Users successfully removed from role')
                     },
                     status=status.HTTP_200_OK)
                 {'result': 1, 'detail': _('Users successfully removed from role')}, status=status.HTTP_200_OK
+            )
         def patch(self, request, *args, **kwargs):
             self.role.members.set(self.members)
             return Response(
+                    {
                         'result': 1,
                         'detail': _('Users successfully assigned to role')
                     },
                     status=status.HTTP_200_OK)
                 {'result': 1, 'detail': _('Users successfully assigned to role')}, status=status.HTTP_200_OK
+            )
         def put(self, request, *args, **kwargs):
             return self.patch(request, *args, **kwargs)
     role_memberships = RoleMembershipsAPI.as_view()
     class BaseOrganizationalUnitSerializer(serializers.ModelSerializer):
         slug = serializers.SlugField(
                 required=False,
                 allow_blank=False,
                 max_length=256,
                 default=SlugFromNameDefault(),
+            )
             required=False,
             allow_blank=False,
             max_length=256,
             default=SlugFromNameDefault(),
+        )
         class Meta:
             model = get_ou_model()
             fields = '__all__'
-...
         def get_queryset(self):
             return get_ou_model().objects.all()
     router = SimpleRouter()
     router.register(r'users', UsersAPI, base_name='a2-api-users')
     router.register(r'ous', OrganizationalUnitAPI, base_name='a2-api-ous')
-...
                 if hasattr(authenticator, 'authenticate_credentials'):
                     try:
                         user, oidc_client = authenticator.authenticate_credentials(
                             username, password, request=request)
                             username, password, request=request
+                        )
                         result['result'] = 1
                         if hasattr(user, 'oidc_client'):
                             result['oidc_client'] = True
-...
                         result['errors'] = [exc.detail]
             return result, status.HTTP_200_OK
     check_password = CheckPasswordAPI.as_view()
-...
             ok = True
             for check in password_checker(serializer.validated_data['password']):
                 ok = ok and check.result
                 checks.append({
                     'result': check.result,
                     'label': check.label,
                 })
                 checks.append(
+                    {
                         'result': check.result,
                         'label': check.label,
+                    }
+                )
             result['ok'] = ok
             return result, status.HTTP_200_OK
     validate_password = ValidatePasswordAPI.as_view()
-...
             if not getattr(settings, 'ADDRESS_AUTOCOMPLETE_URL', None):
                 return Response({})
             try:
                 response = requests.get(
                     settings.ADDRESS_AUTOCOMPLETE_URL,
                     params=request.GET
+                )
                 response = requests.get(settings.ADDRESS_AUTOCOMPLETE_URL, params=request.GET)
                 response.raise_for_status()
                 return Response(response.json())
             except RequestException:
-...
     class StatisticsSerializer(serializers.Serializer):
         TIME_INTERVAL_CHOICES = [
             ('day', _('Day')),
             ('month', _('Month')),
             ('year', _('Year'))
+        ]
         TIME_INTERVAL_CHOICES = [('day', _('Day')), ('month', _('Month')), ('year', _('Year'))]
         time_interval = serializers.ChoiceField(choices=TIME_INTERVAL_CHOICES, default='month')
         service = ServiceOUField(child=serializers.SlugField(max_length=256), required=False)
-...
         def wraps(func):
             func.filters = filters
             return decorator(func)
         return wraps
-...
+                {
                     'id': 'time_interval',
                     'label': _('Time interval'),
                     'options': [{'id': key, 'label': label} for key, label in time_interval_field.choices.items()],
                     'options': [
                         {'id': key, 'label': label} for key, label in time_interval_field.choices.items()
                     ],
                     'required': True,
                     'default': time_interval_field.default,
+                }
-...
+                }
                 statistics.append(data)
             return Response({
                 'data': statistics,
                 'err': 0,
             })
             return Response(
+                {
                     'data': statistics,
                     'err': 0,
+                }
+            )
         def get_statistics(self, request, klass, method):
             serializer = StatisticsSerializer(data=request.query_params)
             if not serializer.is_valid():
                 response = {
                     'data': [],
                     'err': 1,
                     'err_desc': serializer.errors
+                }
                 response = {'data': [], 'err': 1, 'err_desc': serializer.errors}
                 return Response(response, status.HTTP_400_BAD_REQUEST)
             data = serializer.validated_data
-...
             if users_ou and 'users_ou' in allowed_filters:
                 kwargs['users_ou'] = get_object_or_404(get_ou_model(), slug=users_ou)
             return Response({
                 'data': getattr(klass, method)(**kwargs),
                 'err': 0,
             })
             return Response(
+                {
                     'data': getattr(klass, method)(**kwargs),
                     'err': 0,
+                }
+            )
         @stat(name=_('Login count by authentication type'), filters=('services_ou', 'users_ou', 'service'))
         def login(self, request):

     from . import plugins
     class Authentic2Config(AppConfig):
         name = 'authentic2'
         verbose_name = 'Authentic2'
         def ready(self):
             plugins.init()
             debug.HIDDEN_SETTINGS = re.compile(
                 'API|TOKEN|KEY|SECRET|PASS|PROFANITIES_LIST|SIGNATURE|LDAP')
             debug.HIDDEN_SETTINGS = re.compile('API|TOKEN|KEY|SECRET|PASS|PROFANITIES_LIST|SIGNATURE|LDAP')

         def settings(self):
             if not hasattr(self, '_settings'):
                 from django.conf import settings
                 self._settings = settings
             return self._settings
-...
                         realms[realm] = realm
                     else:
                         realms[realm[0]] = realm[1]
             from django.contrib.auth import get_backends
             for backend in get_backends():
                 if hasattr(backend, 'get_realms'):
                     add_realms(backend.get_realms())
-...
             if self.defaults[key].has_default():
                 return self.defaults[key].default
             raise ImproperlyConfigured(
                 'missing setting %s(%s) is mandatory' % (key, self.defaults[key].description))
                 'missing setting %s(%s) is mandatory' % (key, self.defaults[key].description)
+            )
     default_settings = dict(
         ATTRIBUTE_BACKENDS=Setting(
-...
         CAFILE=Setting(
             names=('AUTHENTIC2_CAFILE', 'CAFILE'),
             default=None,
             definition='File containing certificate chains as PEM certificates'),
             definition='File containing certificate chains as PEM certificates',
         ),
         A2_REGISTRATION_CAN_DELETE_ACCOUNT=Setting(
             default=True,
             definition='Can user self delete their account and all their data'),
             default=True, definition='Can user self delete their account and all their data'
         ),
         A2_REGISTRATION_CAN_CHANGE_PASSWORD=Setting(
             default=True,
             definition='Allow user to change its own password'),
             default=True, definition='Allow user to change its own password'
         ),
         A2_REGISTRATION_EMAIL_BLACKLIST=Setting(
             default=[],
             definition='List of forbidden email wildcards, ex.: ^.*@ville.fr$'),
             default=[], definition='List of forbidden email wildcards, ex.: ^.*@ville.fr$'
         ),
         A2_REGISTRATION_REDIRECT=Setting(
             default=None,
             definition='Forced redirection after each redirect, NEXT_URL substring is replaced'
             ' by the original next_url passed to /accounts/register/'),
         A2_PROFILE_CAN_CHANGE_EMAIL=Setting(
             default=True,
             definition='Can user self change their email'),
         A2_PROFILE_CAN_EDIT_PROFILE=Setting(
             default=True,
             definition='Can user self edit their profile'),
         A2_PROFILE_CAN_MANAGE_FEDERATION=Setting(
             default=True,
             definition='Can user manage its federations'),
             ' by the original next_url passed to /accounts/register/',
         ),
         A2_PROFILE_CAN_CHANGE_EMAIL=Setting(default=True, definition='Can user self change their email'),
         A2_PROFILE_CAN_EDIT_PROFILE=Setting(default=True, definition='Can user self edit their profile'),
         A2_PROFILE_CAN_MANAGE_FEDERATION=Setting(default=True, definition='Can user manage its federations'),
         A2_PROFILE_CAN_MANAGE_SERVICE_AUTHORIZATIONS=Setting(
             default=True,
             definition='Allow user to revoke granted services access to its account profile data'),
         A2_PROFILE_DISPLAY_EMPTY_FIELDS=Setting(
             default=False,
             definition='Include empty fields in profile view'),
         A2_HOMEPAGE_URL=Setting(
             default=None,
             definition='IdP has no homepage, redirect to this one.'),
         A2_USER_CAN_RESET_PASSWORD=Setting(
             default=None,
             definition='Allow online reset of passwords'),
             default=True, definition='Allow user to revoke granted services access to its account profile data'
         ),
         A2_PROFILE_DISPLAY_EMPTY_FIELDS=Setting(default=False, definition='Include empty fields in profile view'),
         A2_HOMEPAGE_URL=Setting(default=None, definition='IdP has no homepage, redirect to this one.'),
         A2_USER_CAN_RESET_PASSWORD=Setting(default=None, definition='Allow online reset of passwords'),
         A2_RESET_PASSWORD_ID_LABEL=Setting(
             default=None,
             definition='Alternate ID label for the password reset form'),
         A2_EMAIL_IS_UNIQUE=Setting(
             default=False,
             definition='Email of users must be unique'),
             default=None, definition='Alternate ID label for the password reset form'
         ),
         A2_EMAIL_IS_UNIQUE=Setting(default=False, definition='Email of users must be unique'),
         A2_REGISTRATION_EMAIL_IS_UNIQUE=Setting(
             default=False,
             definition='Email of registered accounts must be unique'),
             default=False, definition='Email of registered accounts must be unique'
         ),
         A2_REGISTRATION_FORM_USERNAME_REGEX=Setting(
             default=r'^[\w.@+-]+$',
             definition='Regex to validate usernames'),
             default=r'^[\w.@+-]+$', definition='Regex to validate usernames'
         ),
         A2_REGISTRATION_FORM_USERNAME_HELP_TEXT=Setting(
             default=_('Required. At most 30 characters. Letters, digits, and @/./+/-/_ only.')),
         A2_REGISTRATION_FORM_USERNAME_LABEL=Setting(
             default=_('Username')),
             default=_('Required. At most 30 characters. Letters, digits, and @/./+/-/_ only.')
         ),
         A2_REGISTRATION_FORM_USERNAME_LABEL=Setting(default=_('Username')),
         A2_REGISTRATION_REALM=Setting(
             default=None,
             definition='Default realm to assign to self-registrated users'),
         A2_REGISTRATION_GROUPS=Setting(
             default=(),
             definition='Default groups for self-registered users'),
         A2_PROFILE_FIELDS=Setting(
             default=(),
             definition='Fields to show to the user in the profile page'),
             default=None, definition='Default realm to assign to self-registrated users'
         ),
         A2_REGISTRATION_GROUPS=Setting(default=(), definition='Default groups for self-registered users'),
         A2_PROFILE_FIELDS=Setting(default=(), definition='Fields to show to the user in the profile page'),
         A2_REGISTRATION_FIELDS=Setting(
             default=(),
             definition='Fields from the user model that must appear on the registration form'),
         A2_REQUIRED_FIELDS=Setting(
             default=(),
             definition='User fields that are required'),
             default=(), definition='Fields from the user model that must appear on the registration form'
         ),
         A2_REQUIRED_FIELDS=Setting(default=(), definition='User fields that are required'),
         A2_REGISTRATION_REQUIRED_FIELDS=Setting(
             default=(),
             definition='Fields from the registration form that must be required'),
         A2_PRE_REGISTRATION_FIELDS=Setting(
             default=(),
             definition='User fields to ask with email'),
         A2_REALMS=Setting(
             default=(),
             definition='List of realms to search user accounts'),
         A2_USERNAME_REGEX=Setting(
             default=None,
             definition='Regex that username must validate'),
         A2_USERNAME_LABEL=Setting(
             default=None,
             definition='Alternate username label for the login form'),
             default=(), definition='Fields from the registration form that must be required'
         ),
         A2_PRE_REGISTRATION_FIELDS=Setting(default=(), definition='User fields to ask with email'),
         A2_REALMS=Setting(default=(), definition='List of realms to search user accounts'),
         A2_USERNAME_REGEX=Setting(default=None, definition='Regex that username must validate'),
         A2_USERNAME_LABEL=Setting(default=None, definition='Alternate username label for the login form'),
         A2_USERNAME_HELP_TEXT=Setting(
             default=None,
             definition='Help text to explain validation rules of usernames'),
         A2_USERNAME_IS_UNIQUE=Setting(
             default=True,
             definition='Check username uniqueness'),
             default=None, definition='Help text to explain validation rules of usernames'
         ),
         A2_USERNAME_IS_UNIQUE=Setting(default=True, definition='Check username uniqueness'),
         A2_LOGIN_FORM_OU_SELECTOR=Setting(
             default=False,
             definition='Whether to add an OU selector to the login form'),
         A2_LOGIN_FORM_OU_SELECTOR_LABEL=Setting(
             default=None,
             definition='Label of OU field on login page'),
             default=False, definition='Whether to add an OU selector to the login form'
         ),
         A2_LOGIN_FORM_OU_SELECTOR_LABEL=Setting(default=None, definition='Label of OU field on login page'),
         A2_REGISTRATION_USERNAME_IS_UNIQUE=Setting(
             default=True,
             definition='Check username uniqueness on registration'),
             default=True, definition='Check username uniqueness on registration'
         ),
         IDP_BACKENDS=(),
         AUTH_FRONTENDS=(),
         AUTH_FRONTENDS_KWARGS={},
         VALID_REFERERS=Setting(
             default=(),
             definition='List of prefix to match referers'),
         A2_OPENED_SESSION_COOKIE_NAME=Setting(
             default='A2_OPENED_SESSION',
             definition='Authentic session open'),
         A2_OPENED_SESSION_COOKIE_DOMAIN=Setting(
             default=None),
         A2_OPENED_SESSION_COOKIE_SECURE=Setting(
             default=False),
         A2_ATTRIBUTE_KINDS=Setting(
             default=(),
             definition='List of other attribute kinds'),
         VALID_REFERERS=Setting(default=(), definition='List of prefix to match referers'),
         A2_OPENED_SESSION_COOKIE_NAME=Setting(default='A2_OPENED_SESSION', definition='Authentic session open'),
         A2_OPENED_SESSION_COOKIE_DOMAIN=Setting(default=None),
         A2_OPENED_SESSION_COOKIE_SECURE=Setting(default=False),
         A2_ATTRIBUTE_KINDS=Setting(default=(), definition='List of other attribute kinds'),
         A2_ATTRIBUTE_KIND_PROFILE_IMAGE_SIZE=Setting(
             default=200,
             definition='Width and height for a profile image'),
             default=200, definition='Width and height for a profile image'
         ),
         A2_VALIDATE_EMAIL=Setting(
             default=False,
             definition='Validate user email server by doing an RCPT command'),
         A2_VALIDATE_EMAIL_DOMAIN=Setting(
             default=True,
             definition='Validate user email domain'),
             default=False, definition='Validate user email server by doing an RCPT command'
         ),
         A2_VALIDATE_EMAIL_DOMAIN=Setting(default=True, definition='Validate user email domain'),
         A2_PASSWORD_POLICY_MIN_CLASSES=Setting(
             default=3,
             definition='Minimum number of characters classes to be present in passwords'),
         A2_PASSWORD_POLICY_MIN_LENGTH=Setting(
             default=8,
             definition='Minimum number of characters in a password'),
         A2_PASSWORD_POLICY_REGEX=Setting(
             default=None,
             definition='Regular expression for validating passwords'),
             default=3, definition='Minimum number of characters classes to be present in passwords'
         ),
         A2_PASSWORD_POLICY_MIN_LENGTH=Setting(default=8, definition='Minimum number of characters in a password'),
         A2_PASSWORD_POLICY_REGEX=Setting(default=None, definition='Regular expression for validating passwords'),
         A2_PASSWORD_POLICY_REGEX_ERROR_MSG=Setting(
             default=None,
             definition='Error message to show when the password do not validate the regular expression'),
             definition='Error message to show when the password do not validate the regular expression',
         ),
         A2_PASSWORD_POLICY_CLASS=Setting(
             default='authentic2.passwords.DefaultPasswordChecker',
             definition='path of a class to validate passwords'),
             definition='path of a class to validate passwords',
         ),
         A2_PASSWORD_POLICY_SHOW_LAST_CHAR=Setting(
             default=False,
             definition='Show last character in password fields'),
             default=False, definition='Show last character in password fields'
         ),
         A2_AUTH_PASSWORD_ENABLE=Setting(
             default=True,
             definition='Activate login/password authentication', names=('AUTH_PASSWORD',)),
             default=True, definition='Activate login/password authentication', names=('AUTH_PASSWORD',)
         ),
         A2_SUGGESTED_EMAIL_DOMAINS=Setting(
             default=['gmail.com', 'msn.com', 'hotmail.com', 'hotmail.fr',
                      'wanadoo.fr', 'yahoo.fr', 'yahoo.com', 'laposte.net',
                      'free.fr', 'orange.fr', 'numericable.fr'],
             definition='List of suggested email domains'),
             default=[
                 'gmail.com',
                 'msn.com',
                 'hotmail.com',
                 'hotmail.fr',
                 'wanadoo.fr',
                 'yahoo.fr',
                 'yahoo.com',
                 'laposte.net',
                 'free.fr',
                 'orange.fr',
                 'numericable.fr',
             ],
             definition='List of suggested email domains',
         ),
         A2_LOGIN_FAILURE_COUNT_BEFORE_WARNING=Setting(
             default=0,
             definition='Failure count before logging a warning to '
             'authentic2.user_login_failure. No warning will be send if value is '
             '0.'),
         PUSH_PROFILE_UPDATES=Setting(
             default=False,
             definition='Push profile update to linked services'),
         TEMPLATE_VARS=Setting(
             default={},
             definition='Variable to pass to templates'),
             '0.',
         ),
         PUSH_PROFILE_UPDATES=Setting(default=False, definition='Push profile update to linked services'),
         TEMPLATE_VARS=Setting(default={}, definition='Variable to pass to templates'),
         A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_FACTOR=Setting(
             default=1.8,
             definition='exponential backoff factor duration as seconds until '
             'next try after a login failure'),
             definition='exponential backoff factor duration as seconds until ' 'next try after a login failure',
         ),
         A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_DURATION=Setting(
             default=1,
             definition='exponential backoff base factor duration as seconds '
             'until next try after a login failure'),
             'until next try after a login failure',
         ),
         A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_MAX_DURATION=Setting(
             default=3600,
             definition='maximum exponential backoff maximum duration as seconds until '
             'next try after a login failure'),
             'next try after a login failure',
         ),
         A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_MIN_DURATION=Setting(
             default=10,
             definition='minimum exponential backoff maximum duration as seconds until '
             'next try after a login failure'),
         A2_VERIFY_SSL=Setting(
             default=True,
             definition='Verify SSL certificate in HTTP requests'),
         A2_ATTRIBUTE_KIND_TITLE_CHOICES=Setting(
             default=(),
             definition='Choices for the title attribute kind'),
             'next try after a login failure',
         ),
         A2_VERIFY_SSL=Setting(default=True, definition='Verify SSL certificate in HTTP requests'),
         A2_ATTRIBUTE_KIND_TITLE_CHOICES=Setting(default=(), definition='Choices for the title attribute kind'),
         A2_CORS_WHITELIST=Setting(
             default=(),
             definition='List of origin URL to whitelist, must be scheme://netloc[:port]'),
             default=(), definition='List of origin URL to whitelist, must be scheme://netloc[:port]'
         ),
         A2_EMAIL_CHANGE_TOKEN_LIFETIME=Setting(
             default=7200,
             definition='Lifetime in seconds of the token sent to verify email adresses'),
             default=7200, definition='Lifetime in seconds of the token sent to verify email adresses'
         ),
         A2_DELETION_REQUEST_LIFETIME=Setting(
             default=48*3600,
             definition='Lifetime in seconds of the user account deletion request'),
             default=48 * 3600, definition='Lifetime in seconds of the user account deletion request'
         ),
         A2_REDIRECT_WHITELIST=Setting(
             default=(),
             definition='List of origins which are authorized to ask for redirection.'),
             default=(), definition='List of origins which are authorized to ask for redirection.'
         ),
         A2_API_USERS_REQUIRED_FIELDS=Setting(
             default=(),
             definition='List of fields to require on user\'s API, override other settings'),
             default=(), definition='List of fields to require on user\'s API, override other settings'
         ),
         A2_USER_FILTER=Setting(
             default={},
             definition='Filters (as in QuerySet.filter() to apply to User queryset before '
                        'authentication'),
             definition='Filters (as in QuerySet.filter() to apply to User queryset before ' 'authentication',
         ),
         A2_USER_EXCLUDE=Setting(
             default={},
             definition='Exclusion filter (as in QuerySet.exclude() to apply to User queryset before '
                        'authentication'),
             'authentication',
         ),
         A2_USER_REMEMBER_ME=Setting(
             default=None,
             definition='Session duration as seconds when using the remember me '
             'checkbox. Truthiness activates the checkbox.'),
             'checkbox. Truthiness activates the checkbox.',
         ),
         A2_LOGIN_REDIRECT_AUTHENTICATED_USERS_TO_HOMEPAGE=Setting(
             default=False,
             definition='Redirect authenticated users to homepage'),
             default=False, definition='Redirect authenticated users to homepage'
         ),
         A2_LOGIN_DISPLAY_A_CANCEL_BUTTON=Setting(
             default=False,
             definition='Display a cancel button.'
             'This is only applicable for Liberty single sign on requests'),
             definition='Display a cancel button.' 'This is only applicable for Liberty single sign on requests',
         ),
         A2_SET_RANDOM_PASSWORD_ON_RESET=Setting(
             default=True,
             definition='Set a random password on request to reset the password from the front-office'),
         A2_ACCOUNTS_URL=Setting(
             default=None,
             definition='IdP has no account page, redirect to this one.'),
         A2_CACHE_ENABLED=Setting(
             default=True,
             definition='Disable all cache decorators for testing purpose.'),
         A2_ACCEPT_EMAIL_AUTHENTICATION=Setting(
             default=True,
             definition='Enable authentication by email'),
             definition='Set a random password on request to reset the password from the front-office',
         ),
         A2_ACCOUNTS_URL=Setting(default=None, definition='IdP has no account page, redirect to this one.'),
         A2_CACHE_ENABLED=Setting(default=True, definition='Disable all cache decorators for testing purpose.'),
         A2_ACCEPT_EMAIL_AUTHENTICATION=Setting(default=True, definition='Enable authentication by email'),
         A2_EMAILS_IP_RATELIMIT=Setting(
             default='10/h',
             definition='Maximum rate of email sendings triggered by the same IP address.'),
             default='10/h', definition='Maximum rate of email sendings triggered by the same IP address.'
         ),
         A2_EMAILS_ADDRESS_RATELIMIT=Setting(
             default='3/d',
             definition='Maximum rate of emails sent to the same email address.'),
             default='3/d', definition='Maximum rate of emails sent to the same email address.'
         ),
         A2_USER_DELETED_KEEP_DATA=Setting(
             default=['email', 'uuid'],
             definition='User data to keep after deletion'),
             default=['email', 'uuid'], definition='User data to keep after deletion'
         ),
         A2_USER_DELETED_KEEP_DATA_DAYS=Setting(
             default=365,
             definition='Number of days to keep data on deleted users'),
             default=365, definition='Number of days to keep data on deleted users'
         ),
         A2_TOKEN_EXISTS_WARNING=Setting(
             default=True,
             definition='If an active token exists, warn user before generating a new one.'),
             default=True, definition='If an active token exists, warn user before generating a new one.'
         ),
         A2_DUPLICATES_THRESHOLD=Setting(
             default=0.7,
             definition='Trigram similarity threshold for considering user as duplicate.'),
         A2_FTS_THRESHOLD=Setting(
             default=0.2,
             definition='Trigram similarity threshold for free text search.'),
             default=0.7, definition='Trigram similarity threshold for considering user as duplicate.'
         ),
         A2_FTS_THRESHOLD=Setting(default=0.2, definition='Trigram similarity threshold for free text search.'),
         A2_DUPLICATES_BIRTHDATE_BONUS=Setting(
             default=0.3,
             definition='Bonus in case of birthdate match (no bonus is 0, max is 1).'),
             default=0.3, definition='Bonus in case of birthdate match (no bonus is 0, max is 1).'
         ),
         A2_EMAIL_FORMAT=Setting(
             default='multipart/alternative',
             definition='Send email as "multiplart/alternative" or limit to "text/plain" or "text/html".'),
             definition='Send email as "multiplart/alternative" or limit to "text/plain" or "text/html".',
         ),
+    )
     app_settings = AppSettings(default_settings)

src/authentic2/apps/journal/migrations/0001_initial.py
113	113	'DROP INDEX journal_event_reference_ct_ids_idx;',
114	114	'DROP INDEX journal_event_reference_ids_idx;',
115	115	'DROP INDEX journal_event_timestamp_id_idx;',
116		]
	116	],
117	117	),
118	118	]

         type = models.ForeignKey(verbose_name=_('type'), to=EventType, on_delete=models.PROTECT)
         reference_ids = ArrayField(
             verbose_name=_('reference ids'), base_field=models.BigIntegerField(), null=True,
             verbose_name=_('reference ids'),
             base_field=models.BigIntegerField(),
             null=True,
+        )
         reference_ct_ids = ArrayField(
             verbose_name=_('reference ct ids'), base_field=models.IntegerField(), null=True,
             verbose_name=_('reference ct ids'),
             base_field=models.IntegerField(),
             null=True,
+        )
         data = JSONField(verbose_name=_('data'), null=True)
-...
         @classmethod
         def cleanup(cls):
             '''Expire old events by default retention days or customized at the
                EventTypeDefinition level.'''
             """Expire old events by default retention days or customized at the
             EventTypeDefinition level."""
             event_types_by_retention_days = defaultdict(set)
             default_retention_days = getattr(settings, 'JOURNAL_DEFAULT_RETENTION_DAYS', 365 * 2)
             for event_type in EventType.objects.all():

             if not hasattr(self, method_name):
                 return
             yield from getattr(self, method_name)(lexem[len(prefix) + 1:])
             yield from getattr(self, method_name)(lexem[len(prefix) + 1 :])
         @classmethod
         def documentation(cls):
             yield _('You can use colon terminated prefixes to make special searches, '
                     'and you can use quote around the suffix to preserve spaces.')
             yield _(
                 'You can use colon terminated prefixes to make special searches, '
                 'and you can use quote around the suffix to preserve spaces.'
+            )
             for name in dir(cls):
                 documentation = getattr(getattr(cls, name), 'documentation', None)
                 if documentation:

             migrations.CreateModel(
                 name='AttributeItem',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
                     ('attribute_name', models.CharField(default=('OpenLDAProotDSE', 'OpenLDAProotDSE'), max_length=100, verbose_name='Attribute name', choices=[('OpenLDAProotDSE', 'OpenLDAProotDSE'), ('aRecord', 'aRecord'), ('administrativeRole', 'administrativeRole'), ('alias', 'alias'), ('aliasedObjectName', 'aliasedObjectName'), ('altServer', 'altServer'), ('associatedDomain', 'associatedDomain'), ('associatedName', 'associatedName'), ('attributeTypes', 'attributeTypes'), ('audio', 'audio'), ('authPassword', 'authPassword'), ('authorityRevocationList', 'authorityRevocationList'), ('authzFrom', 'authzFrom'), ('authzTo', 'authzTo'), ('bootFile', 'bootFile'), ('bootParameter', 'bootParameter'), ('buildingName', 'buildingName'), ('businessCategory', 'businessCategory'), ('c', 'c'), ('cACertificate', 'cACertificate'), ('cNAMERecord', 'cNAMERecord'), ('carLicense', 'carLicense'), ('certificateRevocationList', 'certificateRevocationList'), ('children', 'children'), ('cn', 'cn'), ('co', 'co'), ('collectiveAttributeSubentries', 'collectiveAttributeSubentries'), ('collectiveAttributeSubentry', 'collectiveAttributeSubentry'), ('collectiveExclusions', 'collectiveExclusions'), ('configContext', 'configContext'), ('contextCSN', 'contextCSN'), ('createTimestamp', 'createTimestamp'), ('creatorsName', 'creatorsName'), ('crossCertificatePair', 'crossCertificatePair'), ('dITContentRules', 'dITContentRules'), ('dITRedirect', 'dITRedirect'), ('dITStructureRules', 'dITStructureRules'), ('dSAQuality', 'dSAQuality'), ('dc', 'dc'), ('deltaRevocationList', 'deltaRevocationList'), ('departmentNumber', 'departmentNumber'), ('description', 'description'), ('destinationIndicator', 'destinationIndicator'), ('displayName', 'displayName'), ('distinguishedName', 'distinguishedName'), ('dmdName', 'dmdName'), ('dnQualifier', 'dnQualifier'), ('documentAuthor', 'documentAuthor'), ('documentIdentifier', 'documentIdentifier'), ('documentLocation', 'documentLocation'), ('documentPublisher', 'documentPublisher'), ('documentTitle', 'documentTitle'), ('documentVersion', 'documentVersion'), ('drink', 'drink'), ('dynamicObject', 'dynamicObject'), ('dynamicSubtrees', 'dynamicSubtrees'), ('eduOrgHomePageURI', 'eduOrgHomePageURI'), ('eduOrgIdentityAuthNPolicyURI', 'eduOrgIdentityAuthNPolicyURI'), ('eduOrgLegalName', 'eduOrgLegalName'), ('eduOrgSuperiorURI', 'eduOrgSuperiorURI'), ('eduOrgWhitePagesURI', 'eduOrgWhitePagesURI'), ('eduPersonAffiliation', 'eduPersonAffiliation'), ('eduPersonAssurance', 'eduPersonAssurance'), ('eduPersonEntitlement', 'eduPersonEntitlement'), ('eduPersonNickname', 'eduPersonNickname'), ('eduPersonOrgDN', 'eduPersonOrgDN'), ('eduPersonOrgUnitDN', 'eduPersonOrgUnitDN'), ('eduPersonPrimaryAffiliation', 'eduPersonPrimaryAffiliation'), ('eduPersonPrimaryOrgUnitDN', 'eduPersonPrimaryOrgUnitDN'), ('eduPersonPrincipalName', 'eduPersonPrincipalName'), ('eduPersonScopedAffiliation', 'eduPersonScopedAffiliation'), ('eduPersonTargetedID', 'eduPersonTargetedID'), ('email', 'email'), ('employeeNumber', 'employeeNumber'), ('employeeType', 'employeeType'), ('enhancedSearchGuide', 'enhancedSearchGuide'), ('entry', 'entry'), ('entryCSN', 'entryCSN'), ('entryDN', 'entryDN'), ('entryTtl', 'entryTtl'), ('entryUUID', 'entryUUID'), ('extensibleObject', 'extensibleObject'), ('fax', 'fax'), ('gecos', 'gecos'), ('generationQualifier', 'generationQualifier'), ('gidNumber', 'gidNumber'), ('givenName', 'givenName'), ('glue', 'glue'), ('hasSubordinates', 'hasSubordinates'), ('homeDirectory', 'homeDirectory'), ('homePhone', 'homePhone'), ('homePostalAddress', 'homePostalAddress'), ('host', 'host'), ('houseIdentifier', 'houseIdentifier'), ('info', 'info'), ('initials', 'initials'), ('internationaliSDNNumber', 'internationaliSDNNumber'), ('ipHostNumber', 'ipHostNumber'), ('ipNetmaskNumber', 'ipNetmaskNumber'), ('ipNetworkNumber', 'ipNetworkNumber'), ('ipProtocolNumber', 'ipProtocolNumber'), ('ipServicePort', 'ipServicePort'), ('ipServiceProtocolSUPname', 'ipServiceProtocolSUPname'), ('janetMailbox', 'janetMailbox'), ('jpegPhoto', 'jpegPhoto'), ('knowledgeInformation', 'knowledgeInformation'), ('l', 'l'), ('labeledURI', 'labeledURI'), ('ldapSyntaxes', 'ldapSyntaxes'), ('loginShell', 'loginShell'), ('mDRecord', 'mDRecord'), ('mXRecord', 'mXRecord'), ('macAddress', 'macAddress'), ('mail', 'mail'), ('mailForwardingAddress', 'mailForwardingAddress'), ('mailHost', 'mailHost'), ('mailLocalAddress', 'mailLocalAddress'), ('mailPreferenceOption', 'mailPreferenceOption'), ('mailRoutingAddress', 'mailRoutingAddress'), ('manager', 'manager'), ('matchingRuleUse', 'matchingRuleUse'), ('matchingRules', 'matchingRules'), ('member', 'member'), ('memberNisNetgroup', 'memberNisNetgroup'), ('memberUid', 'memberUid'), ('mobile', 'mobile'), ('modifiersName', 'modifiersName'), ('modifyTimestamp', 'modifyTimestamp'), ('monitorContext', 'monitorContext'), ('nSRecord', 'nSRecord'), ('name', 'name'), ('nameForms', 'nameForms'), ('namingCSN', 'namingCSN'), ('namingContexts', 'namingContexts'), ('nisMapEntry', 'nisMapEntry'), ('nisMapNameSUPname', 'nisMapNameSUPname'), ('nisNetgroupTriple', 'nisNetgroupTriple'), ('o', 'o'), ('objectClass', 'objectClass'), ('objectClasses', 'objectClasses'), ('oncRpcNumber', 'oncRpcNumber'), ('organizationalStatus', 'organizationalStatus'), ('otherMailbox', 'otherMailbox'), ('ou', 'ou'), ('owner', 'owner'), ('pager', 'pager'), ('personalSignature', 'personalSignature'), ('personalTitle', 'personalTitle'), ('photo', 'photo'), ('physicalDeliveryOfficeName', 'physicalDeliveryOfficeName'), ('postOfficeBox', 'postOfficeBox'), ('postalAddress', 'postalAddress'), ('postalCode', 'postalCode'), ('preferredDeliveryMethod', 'preferredDeliveryMethod'), ('preferredLanguage', 'preferredLanguage'), ('presentationAddress', 'presentationAddress'), ('protocolInformation', 'protocolInformation'), ('pseudonym', 'pseudonym'), ('ref', 'ref'), ('referral', 'referral'), ('registeredAddress', 'registeredAddress'), ('rfc822MailMember', 'rfc822MailMember'), ('role', 'role'), ('roleOccupant', 'roleOccupant'), ('roomNumber', 'roomNumber'), ('sOARecord', 'sOARecord'), ('schacHomeOrganization', 'schacHomeOrganization'), ('schacHomeOrganizationType', 'schacHomeOrganizationType'), ('searchGuide', 'searchGuide'), ('secretary', 'secretary'), ('seeAlso', 'seeAlso'), ('serialNumber', 'serialNumber'), ('shadowExpire', 'shadowExpire'), ('shadowFlag', 'shadowFlag'), ('shadowInactive', 'shadowInactive'), ('shadowLastChange', 'shadowLastChange'), ('shadowMax', 'shadowMax'), ('shadowMin', 'shadowMin'), ('shadowWarning', 'shadowWarning'), ('singleLevelQuality', 'singleLevelQuality'), ('sn', 'sn'), ('st', 'st'), ('street', 'street'), ('structuralObjectClass', 'structuralObjectClass'), ('subentry', 'subentry'), ('subschema', 'subschema'), ('subschemaSubentry', 'subschemaSubentry'), ('subtreeMaximumQuality', 'subtreeMaximumQuality'), ('subtreeMinimumQuality', 'subtreeMinimumQuality'), ('subtreeSpecification', 'subtreeSpecification'), ('supannActivite', 'supannActivite'), ('supannAffectation', 'supannAffectation'), ('supannAliasLogin', 'supannAliasLogin'), ('supannAutreMail', 'supannAutreMail'), ('supannAutreTelephone', 'supannAutreTelephone'), ('supannCivilite', 'supannCivilite'), ('supannCodeEntite', 'supannCodeEntite'), ('supannCodeEntiteParent', 'supannCodeEntiteParent'), ('supannCodeINE', 'supannCodeINE'), ('supannEmpCorps', 'supannEmpCorps'), ('supannEmpId', 'supannEmpId'), ('supannEntiteAffectation', 'supannEntiteAffectation'), ('supannEntiteAffectationPrincipale', 'supannEntiteAffectationPrincipale'), ('supannEtablissement', 'supannEtablissement'), ('supannEtuAnneeInscription', 'supannEtuAnneeInscription'), ('supannEtuCursusAnnee', 'supannEtuCursusAnnee'), ('supannEtuDiplome', 'supannEtuDiplome'), ('supannEtuElementPedagogique', 'supannEtuElementPedagogique'), ('supannEtuEtape', 'supannEtuEtape'), ('supannEtuId', 'supannEtuId'), ('supannEtuInscription', 'supannEtuInscription'), ('supannEtuRegimeInscription', 'supannEtuRegimeInscription'), ('supannEtuSecteurDisciplinaire', 'supannEtuSecteurDisciplinaire'), ('supannEtuTypeDiplome', 'supannEtuTypeDiplome'), ('supannGroupeAdminDN', 'supannGroupeAdminDN'), ('supannGroupeDateFin', 'supannGroupeDateFin'), ('supannGroupeLecteurDN', 'supannGroupeLecteurDN'), ('supannListeRouge', 'supannListeRouge'), ('supannMailPerso', 'supannMailPerso'), ('supannOrganisme', 'supannOrganisme'), ('supannParrainDN', 'supannParrainDN'), ('supannRefId', 'supannRefId'), ('supannRole', 'supannRole'), ('supannRoleEntite', 'supannRoleEntite'), ('supannRoleGenerique', 'supannRoleGenerique'), ('supannTypeEntite', 'supannTypeEntite'), ('supannTypeEntiteAffectation', 'supannTypeEntiteAffectation'), ('superiorUUID', 'superiorUUID'), ('supportedAlgorithms', 'supportedAlgorithms'), ('supportedApplicationContext', 'supportedApplicationContext'), ('supportedAuthPasswordSchemes', 'supportedAuthPasswordSchemes'), ('supportedControl', 'supportedControl'), ('supportedExtension', 'supportedExtension'), ('supportedFeatures', 'supportedFeatures'), ('supportedLDAPVersion', 'supportedLDAPVersion'), ('supportedSASLMechanisms', 'supportedSASLMechanisms'), ('syncConsumerSubentry', 'syncConsumerSubentry'), ('syncProviderSubentry', 'syncProviderSubentry'), ('syncTimestamp', 'syncTimestamp'), ('syncreplCookie', 'syncreplCookie'), ('telephoneNumber', 'telephoneNumber'), ('teletexTerminalIdentifier', 'teletexTerminalIdentifier'), ('telexNumber', 'telexNumber'), ('textEncodedORAddress', 'textEncodedORAddress'), ('title', 'title'), ('top', 'top'), ('uid', 'uid'), ('uidNumber', 'uidNumber'), ('uniqueIdentifier', 'uniqueIdentifier'), ('uniqueMember', 'uniqueMember'), ('userCertificate', 'userCertificate'), ('userClass', 'userClass'), ('userPKCS12', 'userPKCS12'), ('userPassword', 'userPassword'), ('userSMIMECertificate', 'userSMIMECertificate'), ('vendorName', 'vendorName'), ('vendorVersion', 'vendorVersion'), ('x121Address', 'x121Address'), ('x500UniqueIdentifier', 'x500UniqueIdentifier')])),
                     ('output_name_format', models.CharField(default=('urn:oasis:names:tc:SAML:2.0:attrname-format:uri', 'SAMLv2 URI'), max_length=100, verbose_name='Output name format', choices=[('urn:oasis:names:tc:SAML:2.0:attrname-format:uri', 'SAMLv2 URI'), ('urn:oasis:names:tc:SAML:2.0:attrname-format:basic', 'SAMLv2 BASIC')])),
                     ('output_namespace', models.CharField(default=('Default', 'Default'), max_length=100, verbose_name='Output namespace', choices=[('Default', 'Default'), ('http://schemas.xmlsoap.org/ws/2005/05/identity/claims', 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims')])),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
+                    (
                         'attribute_name',
                         models.CharField(
                             default=('OpenLDAProotDSE', 'OpenLDAProotDSE'),
                             max_length=100,
                             verbose_name='Attribute name',
                             choices=[
                                 ('OpenLDAProotDSE', 'OpenLDAProotDSE'),
                                 ('aRecord', 'aRecord'),
                                 ('administrativeRole', 'administrativeRole'),
                                 ('alias', 'alias'),
                                 ('aliasedObjectName', 'aliasedObjectName'),
                                 ('altServer', 'altServer'),
                                 ('associatedDomain', 'associatedDomain'),
                                 ('associatedName', 'associatedName'),
                                 ('attributeTypes', 'attributeTypes'),
                                 ('audio', 'audio'),
                                 ('authPassword', 'authPassword'),
                                 ('authorityRevocationList', 'authorityRevocationList'),
                                 ('authzFrom', 'authzFrom'),
                                 ('authzTo', 'authzTo'),
                                 ('bootFile', 'bootFile'),
                                 ('bootParameter', 'bootParameter'),
                                 ('buildingName', 'buildingName'),
                                 ('businessCategory', 'businessCategory'),
                                 ('c', 'c'),
                                 ('cACertificate', 'cACertificate'),
                                 ('cNAMERecord', 'cNAMERecord'),
                                 ('carLicense', 'carLicense'),
                                 ('certificateRevocationList', 'certificateRevocationList'),
                                 ('children', 'children'),
                                 ('cn', 'cn'),
                                 ('co', 'co'),
                                 ('collectiveAttributeSubentries', 'collectiveAttributeSubentries'),
                                 ('collectiveAttributeSubentry', 'collectiveAttributeSubentry'),
                                 ('collectiveExclusions', 'collectiveExclusions'),
                                 ('configContext', 'configContext'),
                                 ('contextCSN', 'contextCSN'),
                                 ('createTimestamp', 'createTimestamp'),
                                 ('creatorsName', 'creatorsName'),
                                 ('crossCertificatePair', 'crossCertificatePair'),
                                 ('dITContentRules', 'dITContentRules'),
                                 ('dITRedirect', 'dITRedirect'),
                                 ('dITStructureRules', 'dITStructureRules'),
                                 ('dSAQuality', 'dSAQuality'),
                                 ('dc', 'dc'),
                                 ('deltaRevocationList', 'deltaRevocationList'),
                                 ('departmentNumber', 'departmentNumber'),
                                 ('description', 'description'),
                                 ('destinationIndicator', 'destinationIndicator'),
                                 ('displayName', 'displayName'),
                                 ('distinguishedName', 'distinguishedName'),
                                 ('dmdName', 'dmdName'),
                                 ('dnQualifier', 'dnQualifier'),
                                 ('documentAuthor', 'documentAuthor'),
                                 ('documentIdentifier', 'documentIdentifier'),
                                 ('documentLocation', 'documentLocation'),
                                 ('documentPublisher', 'documentPublisher'),
                                 ('documentTitle', 'documentTitle'),
                                 ('documentVersion', 'documentVersion'),
                                 ('drink', 'drink'),
                                 ('dynamicObject', 'dynamicObject'),
                                 ('dynamicSubtrees', 'dynamicSubtrees'),
                                 ('eduOrgHomePageURI', 'eduOrgHomePageURI'),
                                 ('eduOrgIdentityAuthNPolicyURI', 'eduOrgIdentityAuthNPolicyURI'),
                                 ('eduOrgLegalName', 'eduOrgLegalName'),
                                 ('eduOrgSuperiorURI', 'eduOrgSuperiorURI'),
                                 ('eduOrgWhitePagesURI', 'eduOrgWhitePagesURI'),
                                 ('eduPersonAffiliation', 'eduPersonAffiliation'),
                                 ('eduPersonAssurance', 'eduPersonAssurance'),
                                 ('eduPersonEntitlement', 'eduPersonEntitlement'),
                                 ('eduPersonNickname', 'eduPersonNickname'),
                                 ('eduPersonOrgDN', 'eduPersonOrgDN'),
                                 ('eduPersonOrgUnitDN', 'eduPersonOrgUnitDN'),
                                 ('eduPersonPrimaryAffiliation', 'eduPersonPrimaryAffiliation'),
                                 ('eduPersonPrimaryOrgUnitDN', 'eduPersonPrimaryOrgUnitDN'),
                                 ('eduPersonPrincipalName', 'eduPersonPrincipalName'),
                                 ('eduPersonScopedAffiliation', 'eduPersonScopedAffiliation'),
                                 ('eduPersonTargetedID', 'eduPersonTargetedID'),
                                 ('email', 'email'),
                                 ('employeeNumber', 'employeeNumber'),
                                 ('employeeType', 'employeeType'),
                                 ('enhancedSearchGuide', 'enhancedSearchGuide'),
                                 ('entry', 'entry'),
                                 ('entryCSN', 'entryCSN'),
                                 ('entryDN', 'entryDN'),
                                 ('entryTtl', 'entryTtl'),
                                 ('entryUUID', 'entryUUID'),
                                 ('extensibleObject', 'extensibleObject'),
                                 ('fax', 'fax'),
                                 ('gecos', 'gecos'),
                                 ('generationQualifier', 'generationQualifier'),
                                 ('gidNumber', 'gidNumber'),
                                 ('givenName', 'givenName'),
                                 ('glue', 'glue'),
                                 ('hasSubordinates', 'hasSubordinates'),
                                 ('homeDirectory', 'homeDirectory'),
                                 ('homePhone', 'homePhone'),
                                 ('homePostalAddress', 'homePostalAddress'),
                                 ('host', 'host'),
                                 ('houseIdentifier', 'houseIdentifier'),
                                 ('info', 'info'),
                                 ('initials', 'initials'),
                                 ('internationaliSDNNumber', 'internationaliSDNNumber'),
                                 ('ipHostNumber', 'ipHostNumber'),
                                 ('ipNetmaskNumber', 'ipNetmaskNumber'),
                                 ('ipNetworkNumber', 'ipNetworkNumber'),
                                 ('ipProtocolNumber', 'ipProtocolNumber'),
                                 ('ipServicePort', 'ipServicePort'),
                                 ('ipServiceProtocolSUPname', 'ipServiceProtocolSUPname'),
                                 ('janetMailbox', 'janetMailbox'),
                                 ('jpegPhoto', 'jpegPhoto'),
                                 ('knowledgeInformation', 'knowledgeInformation'),
                                 ('l', 'l'),
                                 ('labeledURI', 'labeledURI'),
                                 ('ldapSyntaxes', 'ldapSyntaxes'),
                                 ('loginShell', 'loginShell'),
                                 ('mDRecord', 'mDRecord'),
                                 ('mXRecord', 'mXRecord'),
                                 ('macAddress', 'macAddress'),
                                 ('mail', 'mail'),
                                 ('mailForwardingAddress', 'mailForwardingAddress'),
                                 ('mailHost', 'mailHost'),
                                 ('mailLocalAddress', 'mailLocalAddress'),
                                 ('mailPreferenceOption', 'mailPreferenceOption'),
                                 ('mailRoutingAddress', 'mailRoutingAddress'),
                                 ('manager', 'manager'),
                                 ('matchingRuleUse', 'matchingRuleUse'),
                                 ('matchingRules', 'matchingRules'),
                                 ('member', 'member'),
                                 ('memberNisNetgroup', 'memberNisNetgroup'),
                                 ('memberUid', 'memberUid'),
                                 ('mobile', 'mobile'),
                                 ('modifiersName', 'modifiersName'),
                                 ('modifyTimestamp', 'modifyTimestamp'),
                                 ('monitorContext', 'monitorContext'),
                                 ('nSRecord', 'nSRecord'),
                                 ('name', 'name'),
                                 ('nameForms', 'nameForms'),
                                 ('namingCSN', 'namingCSN'),
                                 ('namingContexts', 'namingContexts'),
                                 ('nisMapEntry', 'nisMapEntry'),
                                 ('nisMapNameSUPname', 'nisMapNameSUPname'),
                                 ('nisNetgroupTriple', 'nisNetgroupTriple'),
                                 ('o', 'o'),
                                 ('objectClass', 'objectClass'),
                                 ('objectClasses', 'objectClasses'),
                                 ('oncRpcNumber', 'oncRpcNumber'),
                                 ('organizationalStatus', 'organizationalStatus'),
                                 ('otherMailbox', 'otherMailbox'),
                                 ('ou', 'ou'),
                                 ('owner', 'owner'),
                                 ('pager', 'pager'),
                                 ('personalSignature', 'personalSignature'),
                                 ('personalTitle', 'personalTitle'),
                                 ('photo', 'photo'),
                                 ('physicalDeliveryOfficeName', 'physicalDeliveryOfficeName'),
                                 ('postOfficeBox', 'postOfficeBox'),
                                 ('postalAddress', 'postalAddress'),
                                 ('postalCode', 'postalCode'),
                                 ('preferredDeliveryMethod', 'preferredDeliveryMethod'),
                                 ('preferredLanguage', 'preferredLanguage'),
                                 ('presentationAddress', 'presentationAddress'),
                                 ('protocolInformation', 'protocolInformation'),
                                 ('pseudonym', 'pseudonym'),
                                 ('ref', 'ref'),
                                 ('referral', 'referral'),
                                 ('registeredAddress', 'registeredAddress'),
                                 ('rfc822MailMember', 'rfc822MailMember'),
                                 ('role', 'role'),
                                 ('roleOccupant', 'roleOccupant'),
                                 ('roomNumber', 'roomNumber'),
                                 ('sOARecord', 'sOARecord'),
                                 ('schacHomeOrganization', 'schacHomeOrganization'),
                                 ('schacHomeOrganizationType', 'schacHomeOrganizationType'),
                                 ('searchGuide', 'searchGuide'),
                                 ('secretary', 'secretary'),
                                 ('seeAlso', 'seeAlso'),
                                 ('serialNumber', 'serialNumber'),
                                 ('shadowExpire', 'shadowExpire'),
                                 ('shadowFlag', 'shadowFlag'),
                                 ('shadowInactive', 'shadowInactive'),
                                 ('shadowLastChange', 'shadowLastChange'),
                                 ('shadowMax', 'shadowMax'),
                                 ('shadowMin', 'shadowMin'),
                                 ('shadowWarning', 'shadowWarning'),
                                 ('singleLevelQuality', 'singleLevelQuality'),
                                 ('sn', 'sn'),
                                 ('st', 'st'),
                                 ('street', 'street'),
                                 ('structuralObjectClass', 'structuralObjectClass'),
                                 ('subentry', 'subentry'),
                                 ('subschema', 'subschema'),
                                 ('subschemaSubentry', 'subschemaSubentry'),
                                 ('subtreeMaximumQuality', 'subtreeMaximumQuality'),
                                 ('subtreeMinimumQuality', 'subtreeMinimumQuality'),
                                 ('subtreeSpecification', 'subtreeSpecification'),
                                 ('supannActivite', 'supannActivite'),
                                 ('supannAffectation', 'supannAffectation'),
                                 ('supannAliasLogin', 'supannAliasLogin'),
                                 ('supannAutreMail', 'supannAutreMail'),
                                 ('supannAutreTelephone', 'supannAutreTelephone'),
                                 ('supannCivilite', 'supannCivilite'),
                                 ('supannCodeEntite', 'supannCodeEntite'),
                                 ('supannCodeEntiteParent', 'supannCodeEntiteParent'),
                                 ('supannCodeINE', 'supannCodeINE'),
                                 ('supannEmpCorps', 'supannEmpCorps'),
                                 ('supannEmpId', 'supannEmpId'),
                                 ('supannEntiteAffectation', 'supannEntiteAffectation'),
                                 ('supannEntiteAffectationPrincipale', 'supannEntiteAffectationPrincipale'),
                                 ('supannEtablissement', 'supannEtablissement'),
                                 ('supannEtuAnneeInscription', 'supannEtuAnneeInscription'),
                                 ('supannEtuCursusAnnee', 'supannEtuCursusAnnee'),
                                 ('supannEtuDiplome', 'supannEtuDiplome'),
                                 ('supannEtuElementPedagogique', 'supannEtuElementPedagogique'),
                                 ('supannEtuEtape', 'supannEtuEtape'),
                                 ('supannEtuId', 'supannEtuId'),
                                 ('supannEtuInscription', 'supannEtuInscription'),
                                 ('supannEtuRegimeInscription', 'supannEtuRegimeInscription'),
                                 ('supannEtuSecteurDisciplinaire', 'supannEtuSecteurDisciplinaire'),
                                 ('supannEtuTypeDiplome', 'supannEtuTypeDiplome'),
                                 ('supannGroupeAdminDN', 'supannGroupeAdminDN'),
                                 ('supannGroupeDateFin', 'supannGroupeDateFin'),
                                 ('supannGroupeLecteurDN', 'supannGroupeLecteurDN'),
                                 ('supannListeRouge', 'supannListeRouge'),
                                 ('supannMailPerso', 'supannMailPerso'),
                                 ('supannOrganisme', 'supannOrganisme'),
                                 ('supannParrainDN', 'supannParrainDN'),
                                 ('supannRefId', 'supannRefId'),
                                 ('supannRole', 'supannRole'),
                                 ('supannRoleEntite', 'supannRoleEntite'),
                                 ('supannRoleGenerique', 'supannRoleGenerique'),
                                 ('supannTypeEntite', 'supannTypeEntite'),
                                 ('supannTypeEntiteAffectation', 'supannTypeEntiteAffectation'),
                                 ('superiorUUID', 'superiorUUID'),
                                 ('supportedAlgorithms', 'supportedAlgorithms'),
                                 ('supportedApplicationContext', 'supportedApplicationContext'),
                                 ('supportedAuthPasswordSchemes', 'supportedAuthPasswordSchemes'),
                                 ('supportedControl', 'supportedControl'),
                                 ('supportedExtension', 'supportedExtension'),
                                 ('supportedFeatures', 'supportedFeatures'),
                                 ('supportedLDAPVersion', 'supportedLDAPVersion'),
                                 ('supportedSASLMechanisms', 'supportedSASLMechanisms'),
                                 ('syncConsumerSubentry', 'syncConsumerSubentry'),
                                 ('syncProviderSubentry', 'syncProviderSubentry'),
                                 ('syncTimestamp', 'syncTimestamp'),
                                 ('syncreplCookie', 'syncreplCookie'),
                                 ('telephoneNumber', 'telephoneNumber'),
                                 ('teletexTerminalIdentifier', 'teletexTerminalIdentifier'),
                                 ('telexNumber', 'telexNumber'),
                                 ('textEncodedORAddress', 'textEncodedORAddress'),
                                 ('title', 'title'),
                                 ('top', 'top'),
                                 ('uid', 'uid'),
                                 ('uidNumber', 'uidNumber'),
                                 ('uniqueIdentifier', 'uniqueIdentifier'),
                                 ('uniqueMember', 'uniqueMember'),
                                 ('userCertificate', 'userCertificate'),
                                 ('userClass', 'userClass'),
                                 ('userPKCS12', 'userPKCS12'),
                                 ('userPassword', 'userPassword'),
                                 ('userSMIMECertificate', 'userSMIMECertificate'),
                                 ('vendorName', 'vendorName'),
                                 ('vendorVersion', 'vendorVersion'),
                                 ('x121Address', 'x121Address'),
                                 ('x500UniqueIdentifier', 'x500UniqueIdentifier'),
                             ],
                         ),
                     ),
+                    (
                         'output_name_format',
                         models.CharField(
                             default=('urn:oasis:names:tc:SAML:2.0:attrname-format:uri', 'SAMLv2 URI'),
                             max_length=100,
                             verbose_name='Output name format',
                             choices=[
                                 ('urn:oasis:names:tc:SAML:2.0:attrname-format:uri', 'SAMLv2 URI'),
                                 ('urn:oasis:names:tc:SAML:2.0:attrname-format:basic', 'SAMLv2 BASIC'),
                             ],
                         ),
                     ),
+                    (
                         'output_namespace',
                         models.CharField(
                             default=('Default', 'Default'),
                             max_length=100,
                             verbose_name='Output namespace',
                             choices=[
                                 ('Default', 'Default'),
+                                (
                                     'http://schemas.xmlsoap.org/ws/2005/05/identity/claims',
                                     'http://schemas.xmlsoap.org/ws/2005/05/identity/claims',
                                 ),
                             ],
                         ),
                     ),
                     ('required', models.BooleanField(default=False, verbose_name='Required')),
                 ],
                 options={
-...
             migrations.CreateModel(
                 name='AttributeList',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('name', models.CharField(unique=True, max_length=100, verbose_name='Name')),
                     ('attributes', models.ManyToManyField(related_name='attributes of the list', null=True, verbose_name='Attributes', to='attribute_aggregator.AttributeItem', blank=True)),
+                    (
                         'attributes',
                         models.ManyToManyField(
                             related_name='attributes of the list',
                             null=True,
                             verbose_name='Attributes',
                             to='attribute_aggregator.AttributeItem',
                             blank=True,
                         ),
                     ),
                 ],
                 options={
                     'verbose_name': 'attribute list',
-...
             migrations.CreateModel(
                 name='AttributeSource',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('name', models.CharField(unique=True, max_length=200, verbose_name='Name')),
                     ('namespace', models.CharField(default=('Default', 'Default'), max_length=100, verbose_name='Namespace', choices=[('Default', 'Default'), ('http://schemas.xmlsoap.org/ws/2005/05/identity/claims', 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims')])),
+                    (
                         'namespace',
                         models.CharField(
                             default=('Default', 'Default'),
                             max_length=100,
                             verbose_name='Namespace',
                             choices=[
                                 ('Default', 'Default'),
+                                (
                                     'http://schemas.xmlsoap.org/ws/2005/05/identity/claims',
                                     'http://schemas.xmlsoap.org/ws/2005/05/identity/claims',
                                 ),
                             ],
                         ),
                     ),
                 ],
                 options={
                     'verbose_name': 'attribute source',
-...
             migrations.CreateModel(
                 name='LdapSource',
                 fields=[
                     ('attributesource_ptr', models.OneToOneField(parent_link=True, auto_created=True, primary_key=True, serialize=False, to='attribute_aggregator.AttributeSource', on_delete=models.CASCADE)),
+                    (
                         'attributesource_ptr',
                         models.OneToOneField(
                             parent_link=True,
                             auto_created=True,
                             primary_key=True,
                             serialize=False,
                             to='attribute_aggregator.AttributeSource',
                             on_delete=models.CASCADE,
                         ),
                     ),
                     ('server', models.CharField(unique=True, max_length=200, verbose_name='Server')),
                     ('user', models.CharField(max_length=200, null=True, verbose_name='User', blank=True)),
                     ('password', models.CharField(max_length=200, null=True, verbose_name='Password', blank=True)),
+                    (
                         'password',
                         models.CharField(max_length=200, null=True, verbose_name='Password', blank=True),
                     ),
                     ('base', models.CharField(max_length=200, verbose_name='Base')),
                     ('port', models.IntegerField(default=389, verbose_name='Port')),
                     ('ldaps', models.BooleanField(default=False, verbose_name='LDAPS')),
                     ('certificate', models.TextField(verbose_name='Certificate', blank=True)),
                     ('is_auth_backend', models.BooleanField(default=False, verbose_name='Is it used for authentication?')),
+                    (
                         'is_auth_backend',
                         models.BooleanField(default=False, verbose_name='Is it used for authentication?'),
                     ),
                 ],
                 options={
                     'verbose_name': 'ldap attribute source',
-...
             migrations.CreateModel(
                 name='UserAliasInSource',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('name', models.CharField(max_length=200, verbose_name='Name')),
                     ('source', models.ForeignKey(verbose_name='attribute source', to='attribute_aggregator.AttributeSource', on_delete=models.CASCADE)),
                     ('user', models.ForeignKey(related_name='user_alias_in_source', verbose_name='user', to='auth.User', on_delete=models.CASCADE)),
+                    (
                         'source',
                         models.ForeignKey(
                             verbose_name='attribute source',
                             to='attribute_aggregator.AttributeSource',
                             on_delete=models.CASCADE,
                         ),
                     ),
+                    (
                         'user',
                         models.ForeignKey(
                             related_name='user_alias_in_source',
                             verbose_name='user',
                             to='auth.User',
                             on_delete=models.CASCADE,
                         ),
                     ),
                 ],
                 options={
                     'verbose_name': 'user alias from source',
-...
             migrations.CreateModel(
                 name='UserAttributeProfile',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('data', models.TextField(null=True, blank=True)),
                     ('user', models.OneToOneField(related_name='user_attribute_profile', null=True, blank=True, to='auth.User', on_delete=models.CASCADE)),
+                    (
                         'user',
                         models.OneToOneField(
                             related_name='user_attribute_profile',
                             null=True,
                             blank=True,
                             to='auth.User',
                             on_delete=models.CASCADE,
                         ),
                     ),
                 ],
                 options={
                     'verbose_name': 'user attribute profile',
-...
             migrations.AddField(
                 model_name='attributeitem',
                 name='source',
                 field=models.ForeignKey(verbose_name='Attribute source', blank=True, to='attribute_aggregator.AttributeSource', null=True, on_delete=models.CASCADE),
                 field=models.ForeignKey(
                     verbose_name='Attribute source',
                     blank=True,
                     to='attribute_aggregator.AttributeSource',
                     null=True,
                     on_delete=models.CASCADE,
                 ),
                 preserve_default=True,
             ),
+        ]

             migrations.AlterField(
                 model_name='useraliasinsource',
                 name='user',
                 field=models.ForeignKey(related_name='user_alias_in_source', verbose_name='user', to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE),
                 field=models.ForeignKey(
                     related_name='user_alias_in_source',
                     verbose_name='user',
                     to=settings.AUTH_USER_MODEL,
                     on_delete=models.CASCADE,
                 ),
                 preserve_default=True,
             ),
             migrations.AlterField(
                 model_name='userattributeprofile',
                 name='user',
                 field=models.OneToOneField(related_name='user_attribute_profile', null=True, blank=True, to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE),
                 field=models.OneToOneField(
                     related_name='user_attribute_profile',
                     null=True,
                     blank=True,
                     to=settings.AUTH_USER_MODEL,
                     on_delete=models.CASCADE,
                 ),
                 preserve_default=True,
             ),
+        ]

             migrations.AlterField(
                 model_name='attributelist',
                 name='attributes',
                 field=models.ManyToManyField(to='attribute_aggregator.AttributeItem', verbose_name='Attributes', blank=True),
                 field=models.ManyToManyField(
                     to='attribute_aggregator.AttributeItem', verbose_name='Attributes', blank=True
                 ),
             ),
             migrations.AlterField(
                 model_name='useraliasinsource',
                 name='user',
                 field=models.ForeignKey(verbose_name='user', to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE),
                 field=models.ForeignKey(
                     verbose_name='user', to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE
                 ),
             ),
+        ]

     def capfirst(value):
         return value and value[0].upper() + value[1:]
     DEFAULT_TITLE_CHOICES = (
         (pgettext_lazy('title', 'Mrs'), pgettext_lazy('title', 'Mrs')),
         (pgettext_lazy('title', 'Mr'), pgettext_lazy('title', 'Mr')),
-...
     def get_title_choices():
         return app_settings.A2_ATTRIBUTE_KIND_TITLE_CHOICES or DEFAULT_TITLE_CHOICES
     validate_phone_number = RegexValidator(
         r'^\+?\d{,20}$',
         message=_('Phone number can start with a + and must contain only digits.'))
         r'^\+?\d{,20}$', message=_('Phone number can start with a + and must contain only digits.')
+    )
     def clean_number(number):
-...
             return clean_number(super().to_internal_value(data))
     validate_fr_postcode = RegexValidator(
         r'^\d{5}$',
         message=_('The value must be a valid french postcode'))
     validate_fr_postcode = RegexValidator(r'^\d{5}$', message=_('The value must be a valid french postcode'))
     class FrPostcodeField(forms.CharField):
-...
         for chunk in uploadedfile.chunks():
             h_computation.update(chunk)
         hexdigest = h_computation.hexdigest()
         stored_file = default_storage.save(
             os.path.join('profile-image', hexdigest + '.jpeg'),
             uploadedfile)
         stored_file = default_storage.save(os.path.join('profile-image', hexdigest + '.jpeg'), uploadedfile)
         return stored_file
-...
     def profile_image_html_value(attribute, value):
         if value:
             fragment = u'<a href="%s"><img class="%s" src="%s"/></a>' % (
                 value.url, attribute.name, value.url)
             fragment = u'<a href="%s"><img class="%s" src="%s"/></a>' % (value.url, attribute.name, value.url)
             return html.mark_safe(fragment)
         return ''
-...
             'kwargs': {
                 'choices': get_title_choices(),
                 'widget': forms.RadioSelect,
+            }
             },
         },
+        {
             'label': _('boolean'),

     class UnsortableError(Exception):
         '''
         """
         Raise when topological_sort is unable to sort instance topologically.
         sorted_list contains the instances that could be sorted unsorted contains
         the instances that couldn't.
         '''
         """
         def __init__(self, sorted_list, unsortable_instances):
             self.sorted_list = sorted_list
             self.unsortable_instances = unsortable_instances
-...
     def topological_sort(source_and_instances, ctx, raise_on_unsortable=False):
         '''
         """
         Sort instances topologically based on their dependency declarations.
         '''
         """
         sorted_list = []
         variables = set(ctx.keys())
         unsorted = list(source_and_instances)
-...
                     for source, instance in unsorted:
                         dependencies = set(source.get_dependencies(instance, ctx))
                         sorted_list.append((source, instance))
                         logger.debug('missing dependencies for instance %r of %r: %s', instance, source,
                                      list(dependencies - variables))
                         logger.debug(
                             'missing dependencies for instance %r of %r: %s',
                             instance,
                             source,
                             list(dependencies - variables),
+                        )
                     break
         return sorted_list
     @to_list
     def get_sources():
         '''
         """
         List all known sources
         '''
         """
         for path in app_settings.ATTRIBUTE_BACKENDS:
             yield utils.import_module_or_class(path)
         for plugin in plugins.get_plugins():
-...
     @to_list
     def get_attribute_names(ctx):
         '''
         """
         Return attribute names from all sources
         '''
         """
         for source in get_sources():
             for instance in source.get_instances(ctx):
                 for attribute_name, attribute_description in source.get_attribute_names(instance, ctx):
-...
     def get_attributes(ctx):
         '''
         """
         Traverse and sources instances and aggregate produced attributes.
         Traversal is done by respecting a topological sort of instances based on
         their declared dependencies
         '''
         """
         source_and_instances = []
         for source in get_sources():
             source_and_instances.extend(((source, instance) for instance in source.get_instances(ctx)))
-...
     @to_iter
     def get_service_attributes(service):
         ctx = {'request': None, 'user': None, 'service': service}
         return ([('', _('None'))] + get_attribute_names(ctx)
                 + [('@verified_attributes@', _('List of verified attributes'))])
         return (
             [('', _('None'))]
             + get_attribute_names(ctx)
             + [('@verified_attributes@', _('List of verified attributes'))]
+        )

     @six.add_metaclass(abc.ABCMeta)
     class BaseAttributeSource(object):
         '''
         """
         Base class for attribute sources
         '''
         """
         @abc.abstractmethod
         def get_instances(self, ctx):
             pass

     @to_list
     def get_instances(ctx):
         '''
         """
         Retrieve instances from settings
         '''
         """
         return [None]

     @to_list
     def get_field_refs(format_string):
         '''
         """
         Extract the base references from format_string
         '''
         """
         from string import Formatter
         l = Formatter().parse(format_string)  # noqa: E741
         for p in l:
             field_ref = p[1].split('[', 1)[0]
             field_ref = field_ref.split('.', 1)[0]
         yield field_ref
     UNEXPECTED_KEYS_ERROR = '{0}: unexpected ' 'key(s) {1} in configuration'
     FORMAT_STRING_ERROR = '{0}: template string must contain only keyword references: {1}'
     BAD_CONFIG_ERROR = 'template attribute source must contain a name and at least a template'
-...
     @to_list
     def get_instances(ctx):
         '''
         """
         Retrieve instances from settings
         '''
         """
         from django.conf import settings
         for kind, d in getattr(settings, 'ATTRIBUTE_SOURCES', []):
             if kind != 'template':
                 continue

     @to_list
     def get_instances(ctx):
         '''
         """
         Retrieve instances from settings
         '''
         """
         from django.conf import settings
         for kind, d in getattr(settings, 'ATTRIBUTE_SOURCES', []):
             if kind != 'function':
                 continue
-...
                 missing = REQUIRED_KEYS - keys
                 config_error(MISSING_KEYS_ERROR, missing)
             dependencies = d['dependencies']
             if not isinstance(dependencies, (list, tuple)) or \
                     not all(isinstance(dep, str) for dep in dependencies):
             if not isinstance(dependencies, (list, tuple)) or not all(
                 isinstance(dep, str) for dep in dependencies
             ):
                 config_error(DEPENDENCY_TYPE_ERROR)
             if not callable(d['function']):

     @to_list
     def get_instances(ctx):
         '''
         """
         Retrieve instances from settings
         '''
         """
         return [None]

         if not isinstance(service, Service):
             return
         names = []
         for service_role in Role.objects.filter(service=service) \
                 .prefetch_related('attributes'):
         for service_role in Role.objects.filter(service=service).prefetch_related('attributes'):
             for service_role_attribute in service_role.attributes.all():
                 if service_role_attribute.name in names:
                     continue
-...
     def get_dependencies(instance, ctx):
         return ('user', 'service',)
         return (
             'user',
             'service',
+        )
     def get_attributes(instance, ctx):
-...
         if not user or not service:
             return ctx
         ctx = ctx.copy()
         roles = Role.objects.for_user(user) \
             .filter(service=service) \
             .prefetch_related('attributes')
         roles = Role.objects.for_user(user).filter(service=service).prefetch_related('attributes')
         for service_role in roles:
             for service_role_attribute in service_role.attributes.all():
                 name = service_role_attribute.name

     class Migration(migrations.Migration):
         dependencies = [
                 ('auth', '0002_auto_20150323_1720'),
             ('auth', '0002_auto_20150323_1720'),
+        ]
         operations = [
             migrations.CreateModel(
                 name='ClientCertificate',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('serial', models.CharField(max_length=255, blank=True)),
                     ('subject_dn', models.CharField(max_length=255)),
                     ('issuer_dn', models.CharField(max_length=255)),
                     ('cert', models.TextField()),
                     ('user', models.ForeignKey(to='auth.User')),
                 ],
                 options={
                 },
                 options={},
                 bases=(models.Model,),
             ),
+        ]

             migrations.CreateModel(
                 name='Permission',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('name', models.CharField(max_length=50, verbose_name='name')),
                     ('content_type', models.ForeignKey(to='contenttypes.ContentType', to_field='id', on_delete=models.CASCADE)),
+                    (
                         'content_type',
                         models.ForeignKey(to='contenttypes.ContentType', to_field='id', on_delete=models.CASCADE),
                     ),
                     ('codename', models.CharField(max_length=100, verbose_name='codename')),
                 ],
                 options={
-...
             migrations.CreateModel(
                 name='Group',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('name', models.CharField(unique=True, max_length=80, verbose_name='name')),
                     ('permissions', models.ManyToManyField(to='auth.Permission', verbose_name='permissions', blank=True)),
+                    (
                         'permissions',
                         models.ManyToManyField(to='auth.Permission', verbose_name='permissions', blank=True),
                     ),
                 ],
                 options={
                     'verbose_name': 'group',
-...
             migrations.CreateModel(
                 name='User',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('password', models.CharField(max_length=128, verbose_name='password')),
                     ('last_login', models.DateTimeField(default=timezone.now, verbose_name='last login')),
                     ('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')),
                     ('username', models.CharField(help_text='Required. 30 characters or fewer. Letters, digits and @/./+/-/_ only.', unique=True, max_length=30, verbose_name='username', validators=[validators.RegexValidator('^[\\w.@+-]+$', 'Enter a valid username.', 'invalid')])),
+                    (
                         'is_superuser',
                         models.BooleanField(
                             default=False,
                             help_text='Designates that this user has all permissions without explicitly assigning them.',
                             verbose_name='superuser status',
                         ),
                     ),
+                    (
                         'username',
                         models.CharField(
                             help_text='Required. 30 characters or fewer. Letters, digits and @/./+/-/_ only.',
                             unique=True,
                             max_length=30,
                             verbose_name='username',
                             validators=[
                                 validators.RegexValidator('^[\\w.@+-]+$', 'Enter a valid username.', 'invalid')
                             ],
                         ),
                     ),
                     ('first_name', models.CharField(max_length=30, verbose_name='first name', blank=True)),
                     ('last_name', models.CharField(max_length=30, verbose_name='last name', blank=True)),
                     ('email', models.EmailField(max_length=75, verbose_name='email address', blank=True)),
                     ('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
                     ('is_active', models.BooleanField(default=True, help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.', verbose_name='active')),
+                    (
                         'is_staff',
                         models.BooleanField(
                             default=False,
                             help_text='Designates whether the user can log into this admin site.',
                             verbose_name='staff status',
                         ),
                     ),
+                    (
                         'is_active',
                         models.BooleanField(
                             default=True,
                             help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.',
                             verbose_name='active',
                         ),
                     ),
                     ('date_joined', models.DateTimeField(default=timezone.now, verbose_name='date joined')),
                     ('groups', models.ManyToManyField(to='auth.Group', verbose_name='groups', blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of his/her group.', related_name='+', related_query_name='+')),
                     ('user_permissions', models.ManyToManyField(to='auth.Permission', verbose_name='user permissions', blank=True, help_text='Specific permissions for this user.', related_name='+', related_query_name='+')),
+                    (
                         'groups',
                         models.ManyToManyField(
                             to='auth.Group',
                             verbose_name='groups',
                             blank=True,
                             help_text='The groups this user belongs to. A user will get all permissions granted to each of his/her group.',
                             related_name='+',
                             related_query_name='+',
                         ),
                     ),
+                    (
                         'user_permissions',
                         models.ManyToManyField(
                             to='auth.Permission',
                             verbose_name='user permissions',
                             blank=True,
                             help_text='Specific permissions for this user.',
                             related_name='+',
                             related_query_name='+',
                         ),
                     ),
                 ],
                 options={
                     'verbose_name': 'user',

             migrations.AlterField(
                 model_name='user',
                 name='username',
                 field=models.CharField(help_text='Required, 255 characters or fewer. Only letters, numbers, and @, ., +, -, or _ characters.', unique=True, max_length=255, verbose_name='username', validators=[django.core.validators.RegexValidator('^[\\w.@+-]+$', 'Enter a valid username.', 'invalid')]),
                 field=models.CharField(
                     help_text='Required, 255 characters or fewer. Only letters, numbers, and @, ., +, -, or _ characters.',
                     unique=True,
                     max_length=255,
                     verbose_name='username',
                     validators=[
                         django.core.validators.RegexValidator(
                             '^[\\w.@+-]+$', 'Enter a valid username.', 'invalid'
+                        )
                     ],
                 ),
                 preserve_default=True,
             ),
+        ]

src/authentic2/auth_migrations_18/0003_auto_20150410_1657.py
13	13	]
14	14
15	15	operations = [
16		migrations.DeleteModel('User'),
	16	migrations.DeleteModel('User'),
17	17	]

             migrations.CreateModel(
                 name='User',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('password', models.CharField(max_length=128, verbose_name='password')),
                     ('last_login', models.DateTimeField(default=django.utils.timezone.now, verbose_name='last login')),
                     ('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')),
                     ('username', models.CharField(help_text='Required. 30 characters or fewer. Letters, digits and @/./+/-/_ only.', unique=True, max_length=30, verbose_name='username', validators=[django.core.validators.RegexValidator('^[\\w.@+-]+$', 'Enter a valid username.', 'invalid')])),
+                    (
                         'last_login',
                         models.DateTimeField(default=django.utils.timezone.now, verbose_name='last login'),
                     ),
+                    (
                         'is_superuser',
                         models.BooleanField(
                             default=False,
                             help_text='Designates that this user has all permissions without explicitly assigning them.',
                             verbose_name='superuser status',
                         ),
                     ),
+                    (
                         'username',
                         models.CharField(
                             help_text='Required. 30 characters or fewer. Letters, digits and @/./+/-/_ only.',
                             unique=True,
                             max_length=30,
                             verbose_name='username',
                             validators=[
                                 django.core.validators.RegexValidator(
                                     '^[\\w.@+-]+$', 'Enter a valid username.', 'invalid'
+                                )
                             ],
                         ),
                     ),
                     ('first_name', models.CharField(max_length=30, verbose_name='first name', blank=True)),
                     ('last_name', models.CharField(max_length=30, verbose_name='last name', blank=True)),
                     ('email', models.EmailField(max_length=75, verbose_name='email address', blank=True)),
                     ('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
                     ('is_active', models.BooleanField(default=True, help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.', verbose_name='active')),
                     ('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')),
                     ('groups', models.ManyToManyField(related_query_name='user', related_name='user_set', to='auth.Group', blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of his/her group.', verbose_name='groups')),
                     ('user_permissions', models.ManyToManyField(related_query_name='user', related_name='user_set', to='auth.Permission', blank=True, help_text='Specific permissions for this user.', verbose_name='user permissions')),
+                    (
                         'is_staff',
                         models.BooleanField(
                             default=False,
                             help_text='Designates whether the user can log into this admin site.',
                             verbose_name='staff status',
                         ),
                     ),
+                    (
                         'is_active',
                         models.BooleanField(
                             default=True,
                             help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.',
                             verbose_name='active',
                         ),
                     ),
+                    (
                         'date_joined',
                         models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined'),
                     ),
+                    (
                         'groups',
                         models.ManyToManyField(
                             related_query_name='user',
                             related_name='user_set',
                             to='auth.Group',
                             blank=True,
                             help_text='The groups this user belongs to. A user will get all permissions granted to each of his/her group.',
                             verbose_name='groups',
                         ),
                     ),
+                    (
                         'user_permissions',
                         models.ManyToManyField(
                             related_query_name='user',
                             related_name='user_set',
                             to='auth.Permission',
                             blank=True,
                             help_text='Specific permissions for this user.',
                             verbose_name='user permissions',
                         ),
                     ),
                 ],
                 options={
                     'abstract': False,

             migrations.AlterField(
                 model_name='user',
                 name='groups',
                 field=models.ManyToManyField(related_query_name='user', related_name='user_set', to='auth.Group', blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', verbose_name='groups'),
                 field=models.ManyToManyField(
                     related_query_name='user',
                     related_name='user_set',
                     to='auth.Group',
                     blank=True,
                     help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.',
                     verbose_name='groups',
                 ),
             ),
             migrations.AlterField(
                 model_name='user',
-...
             migrations.AlterField(
                 model_name='user',
                 name='username',
                 field=models.CharField(error_messages={'unique': 'A user with that username already exists.'}, max_length=30, validators=[django.core.validators.RegexValidator('^[\\w.@+-]+$', 'Enter a valid username. This value may contain only letters, numbers and @/./+/-/_ characters.', 'invalid')], help_text='Required. 30 characters or fewer. Letters, digits and @/./+/-/_ only.', unique=True, verbose_name='username'),
                 field=models.CharField(
                     error_messages={'unique': 'A user with that username already exists.'},
                     max_length=30,
                     validators=[
                         django.core.validators.RegexValidator(
                             '^[\\w.@+-]+$',
                             'Enter a valid username. This value may contain only letters, numbers and @/./+/-/_ characters.',
                             'invalid',
+                        )
                     ],
                     help_text='Required. 30 characters or fewer. Letters, digits and @/./+/-/_ only.',
                     unique=True,
                     verbose_name='username',
                 ),
             ),
+        ]

     import inspect
     from django.utils import six
     try:
         from django.utils.deprecation import CallableTrue
     except ImportError:
-...
     class OIDCUser(object):
         """ Fake user class to return in case OIDC authentication
         """
         """Fake user class to return in case OIDC authentication"""
         def __init__(self, oidc_client):
             self.oidc_client = oidc_client
-...
     class Authentic2Authentication(BasicAuthentication):
         def authenticate_credentials(self, userid, password, request=None):
             # try Simple OIDC Authentication
             try:
                 client = OIDCClient.objects.get(client_id=userid, client_secret=password)
                 if not client.has_api_access:
                     raise AuthenticationFailed('OIDC client does not have access to the API')
                 if client.identifier_policy not in (client.POLICY_UUID,
                                                     client.POLICY_PAIRWISE_REVERSIBLE):
                     raise AuthenticationFailed('OIDC Client identifier policy does not allow access to '
                                                'the API')
                 if client.identifier_policy not in (client.POLICY_UUID, client.POLICY_PAIRWISE_REVERSIBLE):
                     raise AuthenticationFailed(
                         'OIDC Client identifier policy does not allow access to ' 'the API'
+                    )
                 user = OIDCUser(client)
                 user.authenticated = True
                 return (user, True)
             except OIDCClient.DoesNotExist:
                 pass
             # try BasicAuthentication
             if (six.PY3
                     and 'request' in inspect.signature(
                         super(Authentic2Authentication, self).authenticate_credentials).parameters):
             if (
                 six.PY3
                 and 'request'
                 in inspect.signature(super(Authentic2Authentication, self).authenticate_credentials).parameters
             ):
                 # compatibility with DRF 3.4
                 return super(Authentic2Authentication, self).authenticate_credentials(userid, password, request=request)
                 return super(Authentic2Authentication, self).authenticate_credentials(
                     userid, password, request=request
+                )
             return super(Authentic2Authentication, self).authenticate_credentials(userid, password)

     class BaseAuthenticator(object):
         def __init__(self, show_condition=None, **kwargs):
             self.show_condition = show_condition
-...
             if not roles:
                 return []
             service_ou_ids = []
             qs = User.objects.filter(roles__in=roles).values_list('ou').annotate(count=Count('ou')).order_by('-count')
             qs = (
                 User.objects.filter(roles__in=roles)
                 .values_list('ou')
                 .annotate(count=Count('ou'))
                 .order_by('-count')
+            )
             for ou_id, count in qs:
                 if not ou_id:
                     continue
-...
                     initial['ou'] = preferred_ous[0]
             form = authentication_forms.AuthenticationForm(
                 request=request,
                 data=data,
                 initial=initial,
                 preferred_ous=preferred_ous)
                 request=request, data=data, initial=initial, preferred_ous=preferred_ous
+            )
             if app_settings.A2_ACCEPT_EMAIL_AUTHENTICATION:
                 form.fields['username'].label = _('Username or email')
             if app_settings.A2_USERNAME_LABEL:
-...
                         request.session.set_expiry(app_settings.A2_USER_REMEMBER_ME)
                     response = utils.login(request, form.get_user(), how, service=service)
                     if 'ou' in form.fields:
                         utils.prepend_remember_cookie(request, response, 'preferred-ous', form.cleaned_data['ou'].pk)
                         utils.prepend_remember_cookie(
                             request, response, 'preferred-ous', form.cleaned_data['ou'].pk
+                        )
                     if hasattr(request, 'needs_password_change'):
                         del request.needs_password_change
                         return utils.redirect(request, 'password_change', params={'next': response.url}, resolve=True)
                         return utils.redirect(
                             request, 'password_change', params={'next': response.url}, resolve=True
+                        )
                     return response
                 else:

         from ldap.controls import SimplePagedResultsControl, DecodeControlTuples
         from ldap.controls import ppolicy
         from pyasn1.codec.der import decoder
         PYTHON_LDAP3 = [int(x) for x in ldap.__version__.split('.')] >= [3]
         LDAPObject = NativeLDAPObject
     except ImportError:
-...
     if PYTHON_LDAP3 is True:
         class LDAPObject(NativeLDAPObject):
             def __init__(self, uri, trace_level=0, trace_file=None,
                          trace_stack_limit=5, bytes_mode=False,
                          bytes_strictness=None, retry_max=1, retry_delay=60.0):
                 NativeLDAPObject.__init__(self, uri=uri, trace_level=trace_level,
                                           trace_file=trace_file,
                                           trace_stack_limit=trace_stack_limit,
                                           bytes_mode=bytes_mode, bytes_strictness=bytes_strictness,
                                           retry_max=retry_max,
                                           retry_delay=retry_delay)
             def __init__(
                 self,
                 uri,
                 trace_level=0,
                 trace_file=None,
                 trace_stack_limit=5,
                 bytes_mode=False,
                 bytes_strictness=None,
                 retry_max=1,
                 retry_delay=60.0,
             ):
                 NativeLDAPObject.__init__(
                     self,
                     uri=uri,
                     trace_level=trace_level,
                     trace_file=trace_file,
                     trace_stack_limit=trace_stack_limit,
                     bytes_mode=bytes_mode,
                     bytes_strictness=bytes_strictness,
                     retry_max=retry_max,
                     retry_delay=retry_delay,
+                )
             @to_list
             def _convert_results_to_unicode(self, result_list):
-...
             def modify_s(self, dn, modlist):
                 new_modlist = []
                 for mod_op, mod_typ, mod_vals in modlist:
                     def convert(v):
                         if hasattr(v, 'isnumeric'):
                             # unicode case
                             v = v.encode('utf-8')
                         return v
                     if mod_vals is None:
                         pass
                     elif isinstance(mod_vals, list):
-...
                     new_modlist.append((mod_op, mod_typ, mod_vals))
                 return NativeLDAPObject.modify_s(self, dn, new_modlist)
             def result4(self, msgid=ldap.RES_ANY, all=1, timeout=None, add_ctrls=0,
                         add_intermediates=0, add_extop=0, resp_ctrl_classes=None):
                 resp_type, resp_data, resp_msgid, decoded_resp_ctrls, resp_name, resp_value = NativeLDAPObject.result4(
             def result4(
                 self,
                 msgid=ldap.RES_ANY,
                 all=1,
                 timeout=None,
                 add_ctrls=0,
                 add_intermediates=0,
                 add_extop=0,
                 resp_ctrl_classes=None,
             ):
+                (
                     resp_type,
                     resp_data,
                     resp_msgid,
                     decoded_resp_ctrls,
                     resp_name,
                     resp_value,
                 ) = NativeLDAPObject.result4(
                     self,
                     msgid=msgid,
                     all=all,
-...
                     add_ctrls=add_ctrls,
                     add_intermediates=add_intermediates,
                     add_extop=add_extop,
                     resp_ctrl_classes=resp_ctrl_classes)
                     resp_ctrl_classes=resp_ctrl_classes,
+                )
                 if resp_data:
                     resp_data = self._convert_results_to_unicode(resp_data)
                 return resp_type, resp_data, resp_msgid, decoded_resp_ctrls, resp_name, resp_value
     elif PYTHON_LDAP3 is False:
         class LDAPObject(NativeLDAPObject):
             def simple_bind_s(self, who='', cred='', serverctrls=None, clientctrls=None):
                 who = force_bytes(who)
                 cred = force_bytes(cred)
                 return NativeLDAPObject.simple_bind_s(self, who=who, cred=cred,
                                                       serverctrls=serverctrls,
                                                       clientctrls=clientctrls)
                 return NativeLDAPObject.simple_bind_s(
                     self, who=who, cred=cred, serverctrls=serverctrls, clientctrls=clientctrls
+                )
             def passwd_s(self, dn, oldpw, newpw, serverctrls=None, clientctrls=None):
                 dn = force_bytes(dn)
                 oldpw = force_bytes(oldpw)
                 newpw = force_bytes(newpw)
                 return NativeLDAPObject.passwd_s(self, dn, oldpw, newpw,
                                                  serverctrls=serverctrls,
                                                  clientctrls=clientctrls)
                 return NativeLDAPObject.passwd_s(
                     self, dn, oldpw, newpw, serverctrls=serverctrls, clientctrls=clientctrls
+                )
             @to_list
             def _convert_results_to_unicode(self, result_list):
-...
                         attrs = {attribute: filter_non_unicode_values(attrs[attribute]) for attribute in attrs}
                         yield force_text(dn), attrs
             def search_ext(self, base, scope, filterstr='(objectclass=*)',
                            attrlist=None, attrsonly=0, serverctrls=None,
                            clientctrls=None, timeout=-1, sizelimit=0):
             def search_ext(
                 self,
                 base,
                 scope,
                 filterstr='(objectclass=*)',
                 attrlist=None,
                 attrsonly=0,
                 serverctrls=None,
                 clientctrls=None,
                 timeout=-1,
                 sizelimit=0,
             ):
                 base = force_bytes(base)
                 filterstr = force_bytes(filterstr)
                 if attrlist:
                     attrlist = [force_bytes(attr) for attr in attrlist]
                 return NativeLDAPObject.search_ext(self, base, scope,
                                                    filterstr=filterstr,
                                                    attrlist=attrlist,
                                                    attrsonly=attrsonly,
                                                    serverctrls=serverctrls,
                                                    clientctrls=clientctrls,
                                                    timeout=timeout,
                                                    sizelimit=sizelimit)
                 return NativeLDAPObject.search_ext(
                     self,
                     base,
                     scope,
                     filterstr=filterstr,
                     attrlist=attrlist,
                     attrsonly=attrsonly,
                     serverctrls=serverctrls,
                     clientctrls=clientctrls,
                     timeout=timeout,
                     sizelimit=sizelimit,
+                )
             def modify_s(self, dn, modlist):
                 dn = force_bytes(dn)
-...
                             # unicode case
                             v = force_bytes(v)
                         return v
                     if mod_vals is None:
                         pass
                     elif isinstance(mod_vals, list):
-...
                     new_modlist.append((mod_op, mod_typ, mod_vals))
                 return NativeLDAPObject.modify_s(self, dn, new_modlist)
             def result4(self, msgid=ldap.RES_ANY, all=1, timeout=None, add_ctrls=0,
                         add_intermediates=0, add_extop=0, resp_ctrl_classes=None):
                 resp_type, resp_data, resp_msgid, decoded_resp_ctrls, resp_name, resp_value = NativeLDAPObject.result4(
             def result4(
                 self,
                 msgid=ldap.RES_ANY,
                 all=1,
                 timeout=None,
                 add_ctrls=0,
                 add_intermediates=0,
                 add_extop=0,
                 resp_ctrl_classes=None,
             ):
+                (
                     resp_type,
                     resp_data,
                     resp_msgid,
                     decoded_resp_ctrls,
                     resp_name,
                     resp_value,
                 ) = NativeLDAPObject.result4(
                     self,
                     msgid=msgid,
                     all=all,
-...
                     add_ctrls=add_ctrls,
                     add_intermediates=add_intermediates,
                     add_extop=add_extop,
                     resp_ctrl_classes=resp_ctrl_classes)
                     resp_ctrl_classes=resp_ctrl_classes,
+                )
                 if resp_data:
                     resp_data = self._convert_results_to_unicode(resp_data)
                 return resp_type, resp_data, resp_msgid, decoded_resp_ctrls, resp_name, resp_value
-...
         if ctrl.timeBeforeExpiration:
             expiration_date = time.asctime(time.localtime(time.time() + ctrl.timeBeforeExpiration))
             messages.append(_('The password will expire at {expiration_date}.').format(
                 expiration_date=expiration_date))
             messages.append(
                 _('The password will expire at {expiration_date}.').format(expiration_date=expiration_date)
+            )
         if ctrl.graceAuthNsRemaining:
             messages.append(ngettext(
                 'This password expired: this is the last time it can be used.',
                 'This password expired and can only be used {graceAuthNsRemaining} times, including this one.',
                 ctrl.graceAuthNsRemaining).format(graceAuthNsRemaining=ctrl.graceAuthNsRemaining))
             messages.append(
                 ngettext(
                     'This password expired: this is the last time it can be used.',
                     'This password expired and can only be used {graceAuthNsRemaining} times, including this one.',
                     ctrl.graceAuthNsRemaining,
                 ).format(graceAuthNsRemaining=ctrl.graceAuthNsRemaining)
+            )
         return messages
     class LDAPUser(User):
         SESSION_LDAP_DATA_KEY = 'ldap-data'
         _changed = False
-...
                 # update dn case, can be removed in the future
                 self.ldap_data['dn'] = self.ldap_data['dn'].lower()
                 if self.ldap_data.get('password'):
                     self.ldap_data['password'] = {key.lower(): value for key, value in self.ldap_data['password'].items()}
                     self.ldap_data['password'] = {
                         key.lower(): value for key, value in self.ldap_data['password'].items()
+                    }
                 # retrieve encrypted bind pw if necessary
                 encrypted_bindpw = self.ldap_data.get('block', {}).get('encrypted_bindpw')
                 if encrypted_bindpw:
                     decrypted = crypto.aes_base64_decrypt(settings.SECRET_KEY, encrypted_bindpw,
                                                           raise_on_error=False)
                     decrypted = crypto.aes_base64_decrypt(
                         settings.SECRET_KEY, encrypted_bindpw, raise_on_error=False
+                    )
                     if decrypted:
                         decrypted = force_text(decrypted)
                         self.ldap_data['block']['bindpw'] = decrypted
-...
             data = dict(self.ldap_data)
             data['block'] = dict(data['block'])
             if data['block'].get('bindpw'):
                 data['block']['encrypted_bindpw'] = force_text(crypto.aes_base64_encrypt(
                     settings.SECRET_KEY, force_bytes(data['block']['bindpw'])))
                 data['block']['encrypted_bindpw'] = force_text(
                     crypto.aes_base64_encrypt(settings.SECRET_KEY, force_bytes(data['block']['bindpw']))
+                )
                 del data['block']['bindpw']
             session[self.SESSION_LDAP_DATA_KEY] = data
-...
             cache = self.ldap_data.setdefault('password', {})
             if password is not None:
                 # Prevent eavesdropping of the password through the session storage
                 password = force_text(crypto.aes_base64_encrypt(
                         settings.SECRET_KEY, force_bytes(password)))
                 password = force_text(crypto.aes_base64_encrypt(settings.SECRET_KEY, force_bytes(password)))
             cache[self.dn] = password
             # ensure session is marked dirty
             self.update_request()
-...
             return self.ldap_backend.get_connection(self.block, credentials=credentials)
         def get_attributes(self, attribute_source, ctx):
             cache_key = hashlib.md5((force_text(str(self.pk)) + ';' + force_text(self.dn)).encode('utf-8')).hexdigest()
             cache_key = hashlib.md5(
                 (force_text(str(self.pk)) + ';' + force_text(self.dn)).encode('utf-8')
             ).hexdigest()
             conn = self.get_connection()
             # prevents blocking on temporary LDAP failures
             if conn is not None:
-...
             'update_username': False,
             # lookup existing user with an external id build with attributes
             'lookups': ('external_id', 'username'),
             'external_id_tuples': (('uid',), ('dn:noquote',),),
             'external_id_tuples': (
                 ('uid',),
                 ('dn:noquote',),
             ),
             # clean all other existing external id for an user after linking the user
             # to an external id.
             'clean_external_id_on_update': True,
-...
             'certfile': '',
             'keyfile': '',
             # LDAP library options
             'ldap_options': {
             },
             'global_ldap_options': {
             },
             'ldap_options': {},
             'global_ldap_options': {},
             # Use Password Modify extended operation
             'use_password_modify': True,
             # Target OU
-...
+        }
         _REQUIRED = ('url', 'basedn')
         _TO_ITERABLE = ('url', 'groupsu', 'groupstaff', 'groupactive')
         _TO_LOWERCASE = ('fname_field', 'lname_field', 'email_field', 'attributes',
                          'mandatory_attributes_values', 'member_of_attribute',
                          'group_to_role_mapping', 'group_mapping',
                          'attribute_mappings', 'external_id_tuples')
         _TO_LOWERCASE = (
             'fname_field',
             'lname_field',
             'email_field',
             'attributes',
             'mandatory_attributes_values',
             'member_of_attribute',
             'group_to_role_mapping',
             'group_mapping',
             'attribute_mappings',
             'external_id_tuples',
+        )
         _VALID_CONFIG_KEYS = list(set(_REQUIRED).union(set(_DEFAULTS)))
         @classmethod
-...
         def get_groups_dns(cls, conn, block):
             group_base_dn = block['group_basedn'] or block['basedn']
             # 1.1 is special attribute meaning, "no attribute requested"
             results = conn.search_s(group_base_dn, ldap.SCOPE_SUBTREE,
                                     block['group_filter'], ['1.1'])
             results = conn.search_s(group_base_dn, ldap.SCOPE_SUBTREE, block['group_filter'], ['1.1'])
             results = cls.normalize_ldap_results(results)
             return set([group_dn for group_dn, attrs in results])
-...
                     if realm and block.get('realm') != realm:
                         continue
                 if '%s' not in block['user_filter']:
                     log.error(
                         "account name authentication filter doesn't contain '%s'")
                     log.error("account name authentication filter doesn't contain '%s'")
                     continue
                 user = self.authenticate_block(request, block, uid, password)
                 if user is not None:
-...
                                 try:
                                     query = filter_format(user_filter, (username,) * n)
                                 except TypeError as e:
                                     log.error('user_filter syntax error %r: %s', block['user_filter'],
                                               e)
                                     log.error('user_filter syntax error %r: %s', block['user_filter'], e)
                                     return
                                 log.debug('[%s] looking up dn for username %r using query %r', ldap_uri,
                                           username, query)
                                 log.debug(
                                     '[%s] looking up dn for username %r using query %r', ldap_uri, username, query
+                                )
                                 results = conn.search_s(user_basedn, ldap.SCOPE_SUBTREE, query, [u'1.1'])
                                 results = self.normalize_ldap_results(results)
                                 # remove search references
-...
                                 if len(results) == 0:
                                     log.debug('[%s] user lookup failed: no entry found, %s', ldap_uri, query)
                                 elif not block['multimatch'] and len(results) > 1:
                                     log.error('[%s] user lookup failed: too many (%d) entries found: %s',
                                               ldap_uri, len(results), query)
                                     log.error(
                                         '[%s] user lookup failed: too many (%d) entries found: %s',
                                         ldap_uri,
                                         len(results),
                                         query,
+                                    )
                                 else:
                                     authz_ids.extend(result[0] for result in results)
                             else:
-...
                                 break
                             except ldap.INVALID_CREDENTIALS as e:
                                 if block.get('use_controls') and len(e.args) > 0 and 'ctrls' in e.args[0]:
                                     self.process_controls(request, authz_id, DecodeControlTuples(e.args[0]['ctrls']))
                                     self.process_controls(
                                         request, authz_id, DecodeControlTuples(e.args[0]['ctrls'])
+                                    )
                                 attributes = self.get_ldap_attributes(block, conn, authz_id)
                                 user = self.lookup_existing_user(authz_id, block, attributes)
                                 if user and hasattr(request, 'failed_logins'):
-...
                             break
                     return self._return_user(authz_id, password, conn, block)
                 except ldap.CONNECT_ERROR:
                     log.error('connection to %r failed, did you forget to declare the TLS certificate '
                               'in /etc/ldap/ldap.conf ?', block['url'])
                     log.error(
                         'connection to %r failed, did you forget to declare the TLS certificate '
                         'in /etc/ldap/ldap.conf ?',
                         block['url'],
+                    )
                 except ldap.TIMEOUT:
                     log.error('connection to %r timed out', block['url'])
                 except ldap.SERVER_DOWN:
-...
         @classmethod
         def _parse_simple_config(self):
             if len(settings.LDAP_AUTH_SETTINGS) < 2:
                 raise ImproperlyConfigured('In a minimal configuration, you must at least specify '
                                            'url and user DN')
                 raise ImproperlyConfigured(
                     'In a minimal configuration, you must at least specify ' 'url and user DN'
+                )
             return {'url': settings.LDAP_AUTH_SETTINGS[0], 'basedn': settings.LDAP_AUTH_SETTINGS[1]}
         def backend_name(self):
-...
         def populate_user_attributes(self, user, block, attributes):
             # map legacy attributes (columns from Django user model)
             for legacy_attribute, legacy_field in (('email', 'email_field'),
                                                    ('first_name', 'fname_field'),
                                                    ('last_name', 'lname_field')):
             for legacy_attribute, legacy_field in (
                 ('email', 'email_field'),
                 ('first_name', 'fname_field'),
                 ('last_name', 'lname_field'),
             ):
                 ldap_attribute = block[legacy_field]
                 if not ldap_attribute:
                     break
-...
                     user._changed = True
         def populate_admin_flags_by_group(self, user, block, group_dns):
             '''Attribute admin flags based on groups.
                It supersedes is_staff, is_superuser and is_active.'''
             for g, attr in (('groupsu', 'is_superuser'),
                             ('groupstaff', 'is_staff'),
                             ('groupactive', 'is_active')):
             """Attribute admin flags based on groups.
             It supersedes is_staff, is_superuser and is_active."""
             for g, attr in (
                 ('groupsu', 'is_superuser'),
                 ('groupstaff', 'is_staff'),
                 ('groupactive', 'is_active'),
             ):
                 group_dns_to_match = block[g]
                 if not group_dns_to_match:
                     continue
-...
                         role.save()
         def get_ldap_group_dns(self, user, dn, conn, block, attributes):
             '''Retrieve group DNs from the LDAP by attributes (memberOf) or by
                filter.
             '''
             """Retrieve group DNs from the LDAP by attributes (memberOf) or by
             filter.
             """
             group_base_dn = block['group_basedn'] or block['basedn']
             member_of_attribute = block['member_of_attribute']
             group_filter = block['group_filter']
-...
                     try:
                         return Role.objects.get(name=slug, **kwargs), None
                     except Role.DoesNotExist:
                         error = ('role %r does not exist' % role_id)
                         error = 'role %r does not exist' % role_id
                     except Role.MultipleObjectsReturned:
                         error = 'multiple objects returned, identifier is imprecise'
                 except Role.MultipleObjectsReturned:
                     error = 'multiple objects returned, identifier is imprecise'
             else:
                 error = 'invalid role identifier must be slug, (slug, ou__slug) or (slug, ou__slug, service__slug)'
                 error = (
                     'invalid role identifier must be slug, (slug, ou__slug) or (slug, ou__slug, service__slug)'
+                )
             return None, error
         def populate_mandatory_groups(self, user, block):
-...
             self.populate_user_roles(user, dn, conn, block, attributes)
         def populate_user_ou(self, user, dn, conn, block, attributes):
             '''Assign LDAP user to an ou, the default one if ou_slug setting is
                None'''
             """Assign LDAP user to an ou, the default one if ou_slug setting is
             None"""
             ou_slug = block['ou_slug']
             OU = get_ou_model()
-...
         def get_ldap_attributes_names(cls, block):
             attributes = set()
             attributes.update(map_text(block['attributes']))
             for field in ('email_field', 'fname_field', 'lname_field',
                           'member_of_attribute'):
             for field in ('email_field', 'fname_field', 'lname_field', 'member_of_attribute'):
                 if block[field]:
                     attributes.add(block[field])
             for external_id_tuple in map_text(block['external_id_tuples']):
                 attributes.update(cls.attribute_name_from_external_id_tuple(
                     external_id_tuple))
                 attributes.update(cls.attribute_name_from_external_id_tuple(external_id_tuple))
             for from_at, to_at in map_text(block['attribute_mappings']):
                 attributes.add(to_at)
             for mapping in block['user_attributes']:
-...
         @classmethod
         def get_ldap_attributes(cls, block, conn, dn):
             '''Retrieve some attributes from LDAP, add mandatory values then apply
                defined mappings between atrribute names'''
             """Retrieve some attributes from LDAP, add mandatory values then apply
             defined mappings between atrribute names"""
             attributes = cls.get_ldap_attributes_names(block)
             attribute_mappings = map_text(block['attribute_mappings'])
             mandatory_attributes_values = map_text(block['mandatory_attributes_values'])
-...
                 extra_attribute_config = block['extra_attributes'][extra_attribute_name]
                 extra_attribute_values = []
                 if 'loop_over_attribute' in extra_attribute_config:
                     extra_attribute_config['loop_over_attribute'] = extra_attribute_config['loop_over_attribute'].lower()
                     extra_attribute_config['loop_over_attribute'] = extra_attribute_config[
                         'loop_over_attribute'
                     ].lower()
                     if extra_attribute_config['loop_over_attribute'] not in attribute_map:
                         log.debug('loop_over_attribute %s not present (or empty) in user object attributes retreived. Pass.' % extra_attribute_config['loop_over_attribute'])
                         log.debug(
                             'loop_over_attribute %s not present (or empty) in user object attributes retreived. Pass.'
                             % extra_attribute_config['loop_over_attribute']
+                        )
                         continue
                     if 'filter' not in extra_attribute_config and 'basedn' not in extra_attribute_config:
                         log.warning('Extra attribute %s not correctly configured : you need to defined at least one of filter or basedn parameters' % extra_attribute_name)
                         log.warning(
                             'Extra attribute %s not correctly configured : you need to defined at least one of filter or basedn parameters'
                             % extra_attribute_name
+                        )
                     for item in attribute_map[extra_attribute_config['loop_over_attribute']]:
                         ldap_filter = extra_attribute_config.get('filter', 'objectClass=*').format(item=item, **attribute_map)
                         ldap_basedn = extra_attribute_config.get('basedn', block.get('basedn')).format(item=item, **attribute_map)
                         ldap_scope = ldap_scopes.get(extra_attribute_config.get('scope', 'sub'), ldap.SCOPE_SUBTREE)
                         ldap_filter = extra_attribute_config.get('filter', 'objectClass=*').format(
                             item=item, **attribute_map
+                        )
                         ldap_basedn = extra_attribute_config.get('basedn', block.get('basedn')).format(
                             item=item, **attribute_map
+                        )
                         ldap_scope = ldap_scopes.get(
                             extra_attribute_config.get('scope', 'sub'), ldap.SCOPE_SUBTREE
+                        )
                         ldap_attributes_mapping = extra_attribute_config.get('mapping', {})
                         ldap_attributes_names = list(filter(lambda a: a != 'dn', ldap_attributes_mapping.values()))
                         ldap_attributes_names = list(
                             filter(lambda a: a != 'dn', ldap_attributes_mapping.values())
+                        )
                         try:
                             results = conn.search_s(ldap_basedn, ldap_scope, ldap_filter, ldap_attributes_names)
                         except ldap.LDAPError:
                             log.exception('unable to retrieve extra attribute %s for item %s' % (extra_attribute_name, item))
                             log.exception(
                                 'unable to retrieve extra attribute %s for item %s' % (extra_attribute_name, item)
+                            )
                             continue
                         else:
                             results = cls.normalize_ldap_results(results)
                         item_value = {}
                         for dn, attrs in results:
                             log.debug(u'Object retrieved for extra attr %s with item %s : %s %s' % (
                                 extra_attribute_name, item, dn, attrs))
                             log.debug(
                                 u'Object retrieved for extra attr %s with item %s : %s %s'
                                 % (extra_attribute_name, item, dn, attrs)
+                            )
                             for key in ldap_attributes_mapping:
                                 item_value[key] = attrs.get(ldap_attributes_mapping[key].lower())
                                 log.debug('Object attribute %s value retrieved for extra attr %s with item %s : %s' % (
                                     ldap_attributes_mapping[key], extra_attribute_name, item, item_value[key]))
                                 log.debug(
                                     'Object attribute %s value retrieved for extra attr %s with item %s : %s'
                                     % (ldap_attributes_mapping[key], extra_attribute_name, item, item_value[key])
+                                )
                                 if not item_value[key]:
                                     del item_value[key]
                                 elif len(item_value[key]) == 1:
-...
                 elif extra_attribute_serialization == 'json':
                     attribute_map[extra_attribute_name] = json.dumps(extra_attribute_values)
                 else:
                     log.warning('Invalid serialization type "%s" for extra attribute %s' % (extra_attribute_serialization, extra_attribute_name))
                     log.warning(
                         'Invalid serialization type "%s" for extra attribute %s'
                         % (extra_attribute_serialization, extra_attribute_name)
+                    )
             return attribute_map
         @classmethod
         def external_id_to_filter(cls, external_id, external_id_tuple):
             '''Split the external id, decode it and build an LDAP filter from it
                and the external_id_tuple.
             '''
             """Split the external id, decode it and build an LDAP filter from it
             and the external_id_tuple.
             """
             splitted = external_id.split()
             if len(splitted) != len(external_id_tuple):
                 return
-...
             return u'(&{0})'.format(''.join(filters))
         def build_external_id(self, external_id_tuple, attributes):
             '''Build the exernal id for the user, use attribute that eventually
                never change like GUID or UUID.
             '''
             """Build the exernal id for the user, use attribute that eventually
             never change like GUID or UUID.
             """
             parts = []
             for attribute in external_id_tuple:
                 quote = True
-...
                 if not external_id:
                     continue
                 log.debug('lookup using external_id %r: %r', eid_tuple, external_id)
                 users = LDAPUser.objects.prefetch_related('groups').filter(
                     userexternalid__external_id__iexact=external_id,
                     userexternalid__source=force_text(block['realm'])).order_by('-last_login')
                 users = (
                     LDAPUser.objects.prefetch_related('groups')
                     .filter(
                         userexternalid__external_id__iexact=external_id,
                         userexternalid__source=force_text(block['realm']),
+                    )
                     .order_by('-last_login')
+                )
                 # ordering of NULLs cannot be done through the ORM
                 users = sorted(users, reverse=True, key=lambda u: (u.last_login is not None, u.last_login))
                 if users:
                     user = users[0]
                     if len(users) > 1:
                         log.info('found %d users, collectings roles into the first one and deleting the other ones.',
                                  len(users))
                         log.info(
                             'found %d users, collectings roles into the first one and deleting the other ones.',
                             len(users),
+                        )
                         for other in users[1:]:
                             for r in other.roles.all():
                                 user.roles.add(r)
-...
                     log_msg = 'updating username from %r to %r'
                     log.debug(log_msg, old_username, user.username)
             # if external_id lookup is used, update it
             if 'external_id' in block['lookups'] \
                and block.get('external_id_tuples') \
                and block['external_id_tuples'][0]:
             if (
                 'external_id' in block['lookups']
                 and block.get('external_id_tuples')
                 and block['external_id_tuples'][0]
             ):
                 if not user.pk:
                     user.save()
                     user._changed = False
                 external_id = self.build_external_id(
                     map_text(block['external_id_tuples'][0]),
                     attributes)
                 external_id = self.build_external_id(map_text(block['external_id_tuples'][0]), attributes)
                 if external_id:
                     new, created = UserExternalId.objects.get_or_create(
                         user=user, external_id=external_id, source=force_text(block['realm']))
                         user=user, external_id=external_id, source=force_text(block['realm'])
+                    )
                     if block['clean_external_id_on_update']:
                         UserExternalId.objects \
                             .exclude(id=new.id) \
                             .filter(user=user, source=force_text(block['realm'])) \
                             .delete()
                         UserExternalId.objects.exclude(id=new.id).filter(
                             user=user, source=force_text(block['realm'])
                         ).delete()
         def _return_user(self, dn, password, conn, block, attributes=None):
             attributes = attributes or self.get_ldap_attributes(block, conn, dn)
-...
                 user_basedn = force_text(block.get('user_basedn') or block['basedn'])
                 user_filter = cls.get_sync_ldap_user_filter(block)
                 attribute_names = cls.get_ldap_attributes_names(block)
                 results = cls.paged_search(conn, user_basedn, ldap.SCOPE_SUBTREE, user_filter, attrlist=attribute_names)
                 results = cls.paged_search(
                     conn, user_basedn, ldap.SCOPE_SUBTREE, user_filter, attrlist=attribute_names
+                )
                 backend = cls()
                 for dn, attrs in results:
                     yield backend._return_user(dn, None, conn, block, attrs)
         @classmethod
         def deactivate_orphaned_users(cls):
             for block in cls.get_config():
                 conn = cls.get_connection(block)
                 if conn is None:
                     continue
                 eids = list(UserExternalId.objects.filter(user__is_active=True,
                                                           source=block['realm']).values_list('external_id', flat=True))
                 eids = list(
                     UserExternalId.objects.filter(user__is_active=True, source=block['realm']).values_list(
                         'external_id', flat=True
+                    )
+                )
                 basedn = force_text(block.get('user_basedn') or block['basedn'])
                 attribute_names = [a[0] for a in cls.attribute_name_from_external_id_tuple(block['external_id_tuples'])]
                 attribute_names = [
                     a[0] for a in cls.attribute_name_from_external_id_tuple(block['external_id_tuples'])
+                ]
                 user_filter = cls.get_sync_ldap_user_filter(block)
                 results = cls.paged_search(conn, basedn, ldap.SCOPE_SUBTREE,
                                            user_filter,
                                            attrlist=attribute_names)
                 results = cls.paged_search(
                     conn, basedn, ldap.SCOPE_SUBTREE, user_filter, attrlist=attribute_names
+                )
                 for dn, attrs in results:
                     data = attrs.copy()
                     data['dn'] = dn
-...
                 for eid in UserExternalId.objects.filter(external_id__in=eids):
                     eid.user.mark_as_inactive()
         @classmethod
         def ad_encoding(cls, s):
             '''Encode a string for AD consumption as a password'''
-...
                     if old_password:
                         modlist = [
                             (ldap.MOD_DELETE, key, [cls.ad_encoding(old_password)]),
                             (ldap.MOD_ADD, key, [value])
                             (ldap.MOD_ADD, key, [value]),
+                        ]
                     else:
                         modlist = [(ldap.MOD_REPLACE, key, [value])]
-...
                 if block['timeout'] > 0:
                     conn.set_option(ldap.OPT_NETWORK_TIMEOUT, block['timeout'])
                     conn.set_option(ldap.OPT_TIMEOUT, block['timeout'])
                 conn.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
                                 getattr(ldap, 'OPT_X_TLS_' + block['require_cert'].upper()))
                 conn.set_option(
                     ldap.OPT_X_TLS_REQUIRE_CERT, getattr(ldap, 'OPT_X_TLS_' + block['require_cert'].upper())
+                )
                 if block['cacertfile']:
                     conn.set_option(ldap.OPT_X_TLS_CACERTFILE, block['cacertfile'])
                 if block['cacertdir']:
-...
                         try:
                             conn.start_tls_s()
                         except ldap.CONNECT_ERROR:
                             log.error('connection to %r failed when activating TLS, did you forget '
                                       'to declare the TLS certificate in /etc/ldap/ldap.conf ?', url)
                             log.error(
                                 'connection to %r failed when activating TLS, did you forget '
                                 'to declare the TLS certificate in /etc/ldap/ldap.conf ?',
                                 url,
+                            )
                             continue
                 except ldap.TIMEOUT:
                     log.error('connection to %r timed out', url)
                     continue
                 except ldap.CONNECT_ERROR:
                     log.error('connection to %r failed when activating TLS, did you forget to '
                               'declare the TLS certificate in /etc/ldap/ldap.conf ?', url)
                     log.error(
                         'connection to %r failed when activating TLS, did you forget to '
                         'declare the TLS certificate in /etc/ldap/ldap.conf ?',
                         url,
+                    )
                     continue
                 except ldap.SERVER_DOWN:
                     if block['replicas']:
-...
                 if key not in cls._VALID_CONFIG_KEYS and validate:
                     raise ImproperlyConfigured(
                         '"{}" : invalid LDAP_AUTH_SETTINGS key, available are {}'.format(
                             key, cls._VALID_CONFIG_KEYS))
                             key, cls._VALID_CONFIG_KEYS
+                        )
+                    )
             for r in cls._REQUIRED:
                 if r not in block:
                     raise ImproperlyConfigured(
                         'LDAP_AUTH_SETTINGS: missing required configuration option %r' % r)
                     raise ImproperlyConfigured('LDAP_AUTH_SETTINGS: missing required configuration option %r' % r)
             # convert string to list of strings for settings accepting it
             for i in cls._TO_ITERABLE:
-...
                 else:
                     if isinstance(cls._DEFAULTS[d], six.string_types):
                         if not isinstance(block[d], six.string_types):
                             raise ImproperlyConfigured(
                                 'LDAP_AUTH_SETTINGS: attribute %r must be a string' % d)
                             raise ImproperlyConfigured('LDAP_AUTH_SETTINGS: attribute %r must be a string' % d)
                         try:
                             block[d] = force_text(block[d])
                         except UnicodeEncodeError:
                             raise ImproperlyConfigured(
                                 'LDAP_AUTH_SETTINGS: attribute %r must be a string' % d)
                             raise ImproperlyConfigured('LDAP_AUTH_SETTINGS: attribute %r must be a string' % d)
                     if isinstance(cls._DEFAULTS[d], bool) and not isinstance(block[d], bool):
                         raise ImproperlyConfigured('LDAP_AUTH_SETTINGS: attribute %r must be a boolean' % d)
                     if isinstance(cls._DEFAULTS[d], (list, tuple)) and not isinstance(block[d], (list, tuple)):
                         raise ImproperlyConfigured(
                             'LDAP_AUTH_SETTINGS: attribute %r must be a boolean' % d)
                     if (isinstance(cls._DEFAULTS[d], (list, tuple))
                             and not isinstance(block[d], (list, tuple))):
                         raise ImproperlyConfigured(
                             'LDAP_AUTH_SETTINGS: attribute %r must be a list or a tuple' % d)
                             'LDAP_AUTH_SETTINGS: attribute %r must be a list or a tuple' % d
+                        )
                     if isinstance(cls._DEFAULTS[d], dict) and not isinstance(block[d], dict):
                         raise ImproperlyConfigured(
                             'LDAP_AUTH_SETTINGS: attribute %r must be a dictionary' % d)
                         raise ImproperlyConfigured('LDAP_AUTH_SETTINGS: attribute %r must be a dictionary' % d)
                     if not isinstance(cls._DEFAULTS[d], bool) and d in cls._REQUIRED and not block[d]:
                         raise ImproperlyConfigured(
                             'LDAP_AUTH_SETTINGS: attribute %r is required but is empty')
                         raise ImproperlyConfigured('LDAP_AUTH_SETTINGS: attribute %r is required but is empty')
                     # force_bytes all strings in iterable or dict
                     if isinstance(block[d], (list, tuple, dict)):
                         block[d] = map_text(block[d])
-...
                 else:
                     raise NotImplementedError(
                         'LDAP setting %r cannot be converted to lowercase setting, its type is %r'
                         % (key, type(block[key])))
                         % (key, type(block[key]))
+                    )
             # special case user_attributes
             user_attributes = []
             for mapping in block['user_attributes']:
-...
                                 results = conn.search_s(dn, ldap.SCOPE_BASE)
                             else:
                                 ldap_filter = self.external_id_to_filter(external_id, external_id_tuple)
                                 results = conn.search_s(block['basedn'],
                                                         ldap.SCOPE_SUBTREE, ldap_filter)
                                 results = conn.search_s(block['basedn'], ldap.SCOPE_SUBTREE, ldap_filter)
                                 results = self.normalize_ldap_results(results)
                                 if not results:
                                     log.warning(
                                         u'unable to find user %r based on external id %s',
                                         user, external_id)
                                         u'unable to find user %r based on external id %s', user, external_id
+                                    )
                                     continue
                                 dn = results[0][0]
                         except ldap.LDAPError as e:
                             log.warning(
                                 u'unable to find user %r based on external id %s: %r',
                                 user,
                                 external_id,
                                 e)
                                 u'unable to find user %r based on external id %s: %r', user, external_id, e
+                            )
                             continue
                         return self._return_user(dn, None, conn, block)
     LDAPUser.ldap_backend = LDAPBackend
     LDAPBackendPasswordLost.ldap_backend = LDAPBackend

         '''Build an UPN from a username and a realm'''
         return u'{0}@{1}'.format(username, realm)
     PROXY_USER_MODEL = None
-...
             username_field = 'username'
             queries = []
             try:
                 if app_settings.A2_ACCEPT_EMAIL_AUTHENTICATION \
                         and UserModel._meta.get_field('email'):
                 if app_settings.A2_ACCEPT_EMAIL_AUTHENTICATION and UserModel._meta.get_field('email'):
                     queries.append(models.Q(**{'email__iexact': username}))
             except models.FieldDoesNotExist:
                 pass
-...
                 if '@' not in username:
                     if app_settings.REALMS:
                         for realm, desc in app_settings.REALMS:
                             queries.append(models.Q(
                                 **{username_field: upn(username, realm)}))
                             queries.append(models.Q(**{username_field: upn(username, realm)}))
             else:
                 queries.append(models.Q(**{username_field: upn(username, realm)}))
             queries = six.moves.reduce(models.Q.__or__, queries)
-...
         def must_reset_password(self, user):
             from .. import models
             return bool(models.PasswordReset.filter(user=user).count())
         def authenticate(self, request, username=None, password=None, realm=None, ou=None):
-...
         def get_saml2_authn_context(self):
             import lasso
             return lasso.SAML2_AUTHN_CONTEXT_PASSWORD

     class ValidateCSRFMixin(object):
         '''Move CSRF token validation inside the form validation.
         """Move CSRF token validation inside the form validation.
         This mixin must always be the leftest one and if your class override
         form_valid() dispatch() you should move those overrides in a base
         class.
         """
            This mixin must always be the leftest one and if your class override
            form_valid() dispatch() you should move those overrides in a base
            class.
         '''
         @method_decorator(csrf_exempt)
         @method_decorator(ensure_csrf_cookie)
         def dispatch(self, *args, **kwargs):
-...
     class NextURLViewMixin(RedirectToNextURLViewMixin):
         '''Make a view handle a next parameter, if it's not present it is
            automatically generated from the Referrer or from the value
            returned by the method get_next_url_default().
         '''
         """Make a view handle a next parameter, if it's not present it is
         automatically generated from the Referrer or from the value
         returned by the method get_next_url_default().
         """
         next_url_default = '..'
         def get_next_url_default(self):
-...
             if REDIRECT_FIELD_NAME in request.GET:
                 pass
             else:
                 next_url = request.META.get('HTTP_REFERER') or \
                     self.next_url_default
                 return utils.redirect(request, request.path, keep_params=True,
                                       params={
                                           REDIRECT_FIELD_NAME: next_url,
                                       },
                                       status=303)
             return super(NextURLViewMixin, self).dispatch(request, *args,
                                                           **kwargs)
                 next_url = request.META.get('HTTP_REFERER') or self.next_url_default
                 return utils.redirect(
                     request,
                     request.path,
                     keep_params=True,
                     params={
                         REDIRECT_FIELD_NAME: next_url,
                     },
                     status=303,
+                )
             return super(NextURLViewMixin, self).dispatch(request, *args, **kwargs)
     class TemplateNamesMixin(object):

src/authentic2/compat/cookies.py
19	19	if django.VERSION < (2, 1):
20	20	# Copied from Django >=2.1 / django.http.cookies
21	21	from http import cookies
	22
22	23	cookies.Morsel._reserved.setdefault('samesite', 'SameSite')

         from django.contrib.auth import get_user_model
     except ImportError:
         from django.contrib.auth.models import User
         get_user_model = lambda: User
     try:
         from django.db.transaction import atomic
         commit_on_success = atomic
     except ImportError:
         from django.db.transaction import commit_on_success
-...
         from binascii import Error as Base64Error
     if hasattr(inspect, 'signature'):
         def signature_parameters(func):
             return inspect.signature(func).parameters.keys()
     else:
         def signature_parameters(func):
             return inspect.getargspec(func)[0]

     try:
         import lasso
     except ImportError:
         class MockLasso(object):
             def __getattr__(self, key):
                 if key[0].isupper():
                     return ''
                 return AttributeError('Please install lasso')
         lasso = MockLasso()

     class UserFederations(object):
         '''Provide access to all federations of the current user'''
         def __init__(self, request):
             self.request = request
         def __getattr__(self, name):
             d = {'provider': None, 'links': [] }
             d = {'provider': None, 'links': []}
             if name.startswith('service_'):
                 try:
                     provider_id = int(name.split('_', 1)[1])
-...
                 return d
             return super(UserFederations, self).__getattr__(name)
     __AUTHENTIC2_DISTRIBUTION = None

src/authentic2/cors.py
63	63	if plugin.check_origin(request, origin):
64	64	return True
65	65	return False
66
67

     def aes_base64_encrypt(key, data):
         '''Generate an AES key from any key material using PBKDF2, and encrypt data using CFB mode. A
            new IV is generated each time, the IV is also used as salt for PBKDF2.
         '''
         """Generate an AES key from any key material using PBKDF2, and encrypt data using CFB mode. A
         new IV is generated each time, the IV is also used as salt for PBKDF2.
         """
         iv = Random.get_random_bytes(16)
         aes_key = PBKDF2(key, iv)
         aes = AES.new(aes_key, AES.MODE_CFB, iv=iv)
-...
     def remove_padding(msg, block_size):
         '''Ignore padded zero bytes'''
         try:
             msg_length, = struct.unpack('<h', msg[:2])
             (msg_length,) = struct.unpack('<h', msg[:2])
         except struct.error:
             raise DecryptionError('wrong padding')
         if len(msg) % block_size != 0:
             raise DecryptionError('message length is not a multiple of block size', len(msg),
                                   block_size)
         unpadded = msg[2:2 + msg_length]
             raise DecryptionError('message length is not a multiple of block size', len(msg), block_size)
         unpadded = msg[2 : 2 + msg_length]
         if msg_length > len(msg) - 2:
             raise DecryptionError('wrong padding')
         if len(msg[2 + msg_length:].strip(force_bytes('\0'))):
         if len(msg[2 + msg_length :].strip(force_bytes('\0'))):
             raise DecryptionError('padding is not all zero')
         if len(unpadded) != msg_length:
             raise DecryptionError('wrong padding')
-...
     def aes_base64url_deterministic_encrypt(key, data, salt, hash_name='sha256', count=1):
         '''Encrypt using AES-128 and sign using HMAC-SHA256 shortened to 64 bits.
         """Encrypt using AES-128 and sign using HMAC-SHA256 shortened to 64 bits.
            Count and algorithm are encoded in the final string for future evolution.
         Count and algorithm are encoded in the final string for future evolution.
         '''
         """
         mode = 1  # AES128-SHA256
         hashmod = SHA256
         key_size = 16
-...
             key = key.encode('utf-8')
         if hasattr(url, 'isnumeric'):
             url = url.encode('utf-8', 'replace')
         return base64.b32encode(hmac.HMAC(key=key, msg=url, digestmod=hashlib.sha256).digest()).decode('ascii').strip('=')
         return (
             base64.b32encode(hmac.HMAC(key=key, msg=url, digestmod=hashlib.sha256).digest())
             .decode('ascii')
             .strip('=')
+        )
     def check_hmac_url(key, url, signature):

     class ImportUserForm(BaseUserForm):
         locals()[ROLE_NAME] = forms.CharField(
             label=_('Role name'),
             required=False)
         locals()[ROLE_SLUG] = forms.CharField(
             label=_('Role slug'),
             required=False)
         locals()[ROLE_NAME] = forms.CharField(label=_('Role name'), required=False)
         locals()[ROLE_SLUG] = forms.CharField(label=_('Role slug'), required=False)
         choices = [
             (REGISTRATION_RESET_EMAIL, _('Email user so they can set a password')),
+        ]
         locals()[REGISTRATION] = forms.ChoiceField(
             choices=choices,
             label=_('Registration option'),
             required=False)
         locals()[PASSWORD_HASH] = forms.CharField(
             label=_('Password hash'),
             required=False)
             choices=choices, label=_('Registration option'), required=False
+        )
         locals()[PASSWORD_HASH] = forms.CharField(label=_('Password hash'), required=False)
         def clean(self):
             super(BaseUserForm, self).clean()
-...
                 RegexValidator(
                     r'^[a-zA-Z0-9_-]+$',
                     _('_source_name must contain no spaces and only letters, digits, - and _'),
                     'invalid')])
         locals()[SOURCE_ID] = forms.CharField(
             label=_('Source external id'))
                     'invalid',
+                )
             ],
+        )
         locals()[SOURCE_ID] = forms.CharField(label=_('Source external id'))
     @attrs
-...
                 except Simulate:
                     pass
             for action in [
                     parse_csv,
                     self.parse_header_row,
                     self.parse_rows,
                     do_import]:
             for action in [parse_csv, self.parse_header_row, self.parse_rows, do_import]:
                 action()
                 if self.errors:
                     break
-...
             header_names = set(self.headers_by_name)
             if header_names & SOURCE_COLUMNS and not SOURCE_COLUMNS.issubset(header_names):
                 self.add_error(
                     Error('invalid-external-id-pair',
                           _('You must have a _source_name and a _source_id column')))
                     Error('invalid-external-id-pair', _('You must have a _source_name and a _source_id column'))
+                )
             if ROLE_NAME in header_names and ROLE_SLUG in header_names:
                 self.add_error(
                     Error('invalid-role-column',
                           _('Either specify role names or role slugs, not both')))
                     Error('invalid-role-column', _('Either specify role names or role slugs, not both'))
+                )
         def parse_header(self, head, column):
             splitted = head.split()
             try:
                 header = CsvHeader(column, splitted[0])
                 if header.name in self.headers_by_name:
                     self.add_error(
                         Error('duplicate-header', _('Header "%s" is duplicated') % header.name))
                     self.add_error(Error('duplicate-header', _('Header "%s" is duplicated') % header.name))
                     return
                 self.headers_by_name[header.name] = header
             except IndexError:
-...
             self.headers.append(header)
             if (not (header.field or header.attribute)
                     and header.name not in SPECIAL_COLUMNS):
                 self.add_error(LineError('unknown-or-missing-attribute',
                                          _('unknown or missing attribute "%s"') % head,
                                          line=1, column=column))
             if not (header.field or header.attribute) and header.name not in SPECIAL_COLUMNS:
                 self.add_error(
                     LineError(
                         'unknown-or-missing-attribute',
                         _('unknown or missing attribute "%s"') % head,
                         line=1,
                         column=column,
+                    )
+                )
                 return
             for flag in splitted[1:]:
                 if header.name in SOURCE_COLUMNS:
                     self.add_error(LineError(
                         'flag-forbidden-on-source-columns',
                         _('You cannot set flags on _source_name and _source_id columns'),
                         line=1))
                     self.add_error(
                         LineError(
                             'flag-forbidden-on-source-columns',
                             _('You cannot set flags on _source_name and _source_id columns'),
                             line=1,
+                        )
+                    )
                     break
                 value = True
                 if flag.startswith('no-'):
-...
             rows = self.rows = []
             for i, row in enumerate(self.csv_importer.rows[1:]):
                 csv_row = self.parse_row(form_class, row, line=i + 2)
                 self.has_errors = self.has_errors or not(csv_row.is_valid)
                 self.has_errors = self.has_errors or not (csv_row.is_valid)
                 rows.append(csv_row)
         def parse_row(self, form_class, row, line):
-...
                     header=header,
                     value=form.cleaned_data.get(header.name),
                     missing=header.name not in data,
                     errors=get_form_errors(form, header.name))
                 for header in self.headers]
                     errors=get_form_errors(form, header.name),
+                )
                 for header in self.headers
+            ]
             cell_errors = any(bool(cell.errors) for cell in cells)
             errors = get_form_errors(form, '__all__')
             return CsvRow(
                 line=line,
                 cells=cells,
                 errors=errors,
                 is_valid=not bool(cell_errors or errors))
             return CsvRow(line=line, cells=cells, errors=errors, is_valid=not bool(cell_errors or errors))
         @property
         def email_is_unique(self):
-...
                         row.user_first_seen = False
                     else:
                         errors.append(
                             Error('unique-constraint-failed',
                                   _('Unique constraint on column "%(column)s" failed: '
                                     'value already appear on line %(line)d') % {
                                         'column': header.name,
                                         'line': unique_map[unique_key]}))
                             Error(
                                 'unique-constraint-failed',
                                 _(
                                     'Unique constraint on column "%(column)s" failed: '
                                     'value already appear on line %(line)d'
+                                )
                                 % {'column': header.name, 'line': unique_map[unique_key]},
+                            )
+                        )
                 else:
                     unique_map[unique_key] = row.line
             for cell in row:
                 if (not cell.header.globally_unique and not cell.header.unique) or (user and not cell.header.update):
                 if (not cell.header.globally_unique and not cell.header.unique) or (
                     user and not cell.header.update
                 ):
                     continue
                 if not cell.value:
                     continue
-...
                         row.user_first_seen = False
                     else:
                         errors.append(
                             Error('unique-constraint-failed',
                                   _('Unique constraint on column "%s" failed') % cell.header.name))
                             Error(
                                 'unique-constraint-failed',
                                 _('Unique constraint on column "%s" failed') % cell.header.name,
+                            )
+                        )
             row.errors.extend(errors)
             row.is_valid = row.is_valid and not bool(errors)
             return not bool(errors)
-...
             if len(users) > 1:
                 row.errors.append(
                     Error('key-matches-too-many-users',
                           _('Key value "%s" matches too many users') % key_value))
                     Error('key-matches-too-many-users', _('Key value "%s" matches too many users') % key_value)
+                )
                 return False
             user = None
-...
             for cell in row.cells:
                 if not cell.header.field:
                     continue
                 if (row.action == 'create' and cell.header.create) or (row.action == 'update' and cell.header.update):
                 if (row.action == 'create' and cell.header.create) or (
                     row.action == 'update' and cell.header.update
                 ):
                     if getattr(user, cell.header.name) != cell.value:
                         setattr(user, cell.header.name, cell.value)
                         if cell.header.name == 'email' and cell.header.verified:
-...
             if header_key.name == SOURCE_ID and row.action == 'create':
                 try:
                     UserExternalId.objects.create(user=user,
                                                   source=source_name,
                                                   external_id=source_id)
                     UserExternalId.objects.create(user=user, source=source_name, external_id=source_id)
                 except IntegrityError:
                     # should never happen since we have a unique index...
                     source_full_id = '%s.%s' % (source_name, source_id)
                     row.errors.append(
                         Error('external-id-already-exist',
                               _('External id "%s" already exists') % source_full_id))
                         Error('external-id-already-exist', _('External id "%s" already exists') % source_full_id)
+                    )
                     raise CancelImport
             for cell in row.cells:
                 if cell.header.field or not cell.header.attribute:
                     continue
                 if (row.action == 'create' and cell.header.create) or (row.action == 'update' and cell.header.update):
                 if (row.action == 'create' and cell.header.create) or (
                     row.action == 'update' and cell.header.update
                 ):
                     attributes = user.attributes
                     if cell.header.verified:
                         attributes = user.verified_attributes
-...
                     role = Role.objects.get(slug=cell.value, ou=self.ou)
             except Role.DoesNotExist:
                 self._missing_roles.add(cell.value)
                 cell.errors.append(
                     Error('role-not-found',
                           _('Role "%s" does not exist') % cell.value))
                 cell.errors.append(Error('role-not-found', _('Role "%s" does not exist') % cell.value))
                 return False
             if cell.header.delete:
                 user.roles.remove(role)
-...
             if cell.value == REGISTRATION_RESET_EMAIL:
                 send_password_reset_mail(
                     user,
                     template_names=['authentic2/manager/user_create_registration_email',
                                     'authentic2/password_reset'],
                     template_names=[
                         'authentic2/manager/user_create_registration_email',
                         'authentic2/password_reset',
                     ],
                     next_url='/accounts/',
                     context={'user': user})
                     context={'user': user},
+                )
             return True

         def ready(self):
             from django.db.models.signals import post_migrate
             post_migrate.connect(
                 self.create_first_name_last_name_attributes,
                 sender=self)
             post_migrate.connect(self.create_first_name_last_name_attributes, sender=self)
         def create_first_name_last_name_attributes(self, app_config, verbosity=2, interactive=True,
                                                    using=DEFAULT_DB_ALIAS, **kwargs):
         def create_first_name_last_name_attributes(
             self, app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS, **kwargs
         ):
             from django.utils import translation
             from django.utils.translation import ugettext_lazy as _
             from django.conf import settings
-...
             attrs = {}
             attrs['first_name'], created = Attribute.objects.get_or_create(
                 name='first_name',
                 defaults={'kind': 'string',
                           'label': _('First name'),
                           'required': True,
                           'asked_on_registration': True,
                           'user_editable': True,
                           'user_visible': True})
                 defaults={
                     'kind': 'string',
                     'label': _('First name'),
                     'required': True,
                     'asked_on_registration': True,
                     'user_editable': True,
                     'user_visible': True,
                 },
+            )
             attrs['last_name'], created = Attribute.objects.get_or_create(
                 name='last_name',
                 defaults={'kind': 'string',
                           'label': _('Last name'),
                           'required': True,
                           'asked_on_registration': True,
                           'user_editable': True,
                           'user_visible': True})
                 defaults={
                     'kind': 'string',
                     'label': _('Last name'),
                     'required': True,
                     'asked_on_registration': True,
                     'user_editable': True,
                     'user_visible': True,
                 },
+            )
             serialize = get_kind('string').get('serialize')
             for user in User.objects.all():
-...
                         defaults={
                             'multiple': False,
                             'verified': False,
                             'content': serialize(getattr(user, attr_name, None))
                         })
                             'content': serialize(getattr(user, attr_name, None)),
                         },
+                    )

         def add_arguments(self, parser):
             parser.add_argument('username', nargs='?', type=str)
             parser.add_argument(
                 '--database', action='store', dest='database',
                 default=DEFAULT_DB_ALIAS, help='Specifies the database to use. Default is "default".')
                 '--database',
                 action='store',
                 dest='database',
                 default=DEFAULT_DB_ALIAS,
                 help='Specifies the database to use. Default is "default".',
+            )
         def _get_pass(self, prompt="Password: "):
             p = getpass.getpass(prompt=force_str(prompt))

             i = 0
             while True:
                 batch = user_ids[i * 100:i * 100 + 100]
                 batch = user_ids[i * 100 : i * 100 + 100]
                 if not batch:
                     break
                 users = User.objects.prefetch_related('attribute_values__attribute').filter(
                     id__in=batch)
                 users = User.objects.prefetch_related('attribute_values__attribute').filter(id__in=batch)
                 count = 0
                 for user in users:
                     try:
-...
                         count += 1
                 i += 1
                 print('Fixed %d users.' % count)

             if '@' in search and len(search.split()) == 1:
                 with connection.cursor() as cursor:
                     cursor.execute(
                         "SET pg_trgm.similarity_threshold = %f" % app_settings.A2_FTS_THRESHOLD
+                    )
                     cursor.execute("SET pg_trgm.similarity_threshold = %f" % app_settings.A2_FTS_THRESHOLD)
                 qs = self.filter(email__icontains=search).order_by(Unaccent('last_name'), Unaccent('first_name'))
                 if qs.exists():
                     return wrap_qs(qs)
-...
                 pass
             else:
                 attribute_values = AttributeValue.objects.filter(
                     search_vector=SearchQuery(phone_number), attribute__kind='phone_number')
                     search_vector=SearchQuery(phone_number), attribute__kind='phone_number'
+                )
                 qs = self.filter(attribute_values__in=attribute_values).order_by('last_name', 'first_name')
                 if qs.exists():
                     return wrap_qs(qs)
-...
                 pass
             else:
                 attribute_values = AttributeValue.objects.filter(
                     search_vector=SearchQuery(date.isoformat()), attribute__kind='birthdate')
                     search_vector=SearchQuery(date.isoformat()), attribute__kind='birthdate'
+                )
                 qs = self.filter(attribute_values__in=attribute_values).order_by('last_name', 'first_name')
                 if qs.exists():
                     return wrap_qs(qs)
             qs = self.find_duplicates(fullname=search, limit=None, threshold=app_settings.A2_FTS_THRESHOLD)
             extra_user_ids = set()
             attribute_values = AttributeValue.objects.filter(search_vector=SearchQuery(search), attribute__searchable=True)
             attribute_values = AttributeValue.objects.filter(
                 search_vector=SearchQuery(search), attribute__searchable=True
+            )
             extra_user_ids.update(self.filter(attribute_values__in=attribute_values).values_list('id', flat=True))
             if len(search.split()) == 1:
                 extra_user_ids.update(
                     self.filter(
                         Q(username__istartswith=search)
                         | Q(email__istartswith=search)
                     ).values_list('id', flat=True))
                     self.filter(Q(username__istartswith=search) | Q(email__istartswith=search)).values_list(
                         'id', flat=True
+                    )
+                )
             if extra_user_ids:
                 qs = qs | self.filter(id__in=extra_user_ids)
             qs = qs.order_by('dist', Unaccent('last_name'), Unaccent('first_name'))
             return qs
         def find_duplicates(self, first_name=None, last_name=None, fullname=None, birthdate=None, limit=5, threshold=None):
         def find_duplicates(
             self, first_name=None, last_name=None, fullname=None, birthdate=None, limit=5, threshold=None
         ):
             with connection.cursor() as cursor:
                 cursor.execute(
                     "SET pg_trgm.similarity_threshold = %f" % (threshold or app_settings.A2_DUPLICATES_THRESHOLD)
-...
                     object_id=OuterRef('pk'),
                     content_type=content_type,
                     attribute__kind='birthdate',
                     content=birthdate
                     content=birthdate,
                 ).annotate(bonus=Value(1 - bonus, output_field=FloatField()))
                 qs = qs.annotate(dist=Coalesce(
                     Subquery(same_birthdate.values('bonus'), output_field=FloatField()) * F('dist'),
                     F('dist')
                 ))
                 qs = qs.annotate(
                     dist=Coalesce(
                         Subquery(same_birthdate.values('bonus'), output_field=FloatField()) * F('dist'), F('dist')
+                    )
+                )
             return qs
     class UserManager(BaseUserManager):
         def _create_user(self, username, email, password,
                          is_staff, is_superuser, **extra_fields):
         def _create_user(self, username, email, password, is_staff, is_superuser, **extra_fields):
             """
             Creates and saves a User with the given username, email and password.
             """
-...
             if not username:
                 raise ValueError('The given username must be set')
             email = self.normalize_email(email)
             user = self.model(username=username, email=email,
                               is_staff=is_staff, is_active=True,
                               is_superuser=is_superuser, last_login=now,
                               date_joined=now, **extra_fields)
             user = self.model(
                 username=username,
                 email=email,
                 is_staff=is_staff,
                 is_active=True,
                 is_superuser=is_superuser,
                 last_login=now,
                 date_joined=now,
                 **extra_fields,
+            )
             user.set_password(password)
             user.save(using=self._db)
             return user
         def create_user(self, username, email=None, password=None, **extra_fields):
             return self._create_user(username, email, password, False, False,
                                      **extra_fields)
             return self._create_user(username, email, password, False, False, **extra_fields)
         def create_superuser(self, username, email, password, **extra_fields):
             return self._create_user(username, email, password, True, True,
                                      **extra_fields)
             return self._create_user(username, email, password, True, True, **extra_fields)
         def get_by_natural_key(self, uuid):
             return self.get(uuid=uuid)

     import authentic2.utils
     import authentic2.validators
     def noop(apps, schema_editor):
         pass
     def copy_old_users_to_custom_user_model(apps, schema_editor):
         OldUser = apps.get_model('auth', 'User')
         NewUser = apps.get_model('custom_user', 'User')
         fields = ['id', 'username', 'email', 'first_name', 'last_name',
                 'is_staff', 'is_active', 'date_joined', 'is_superuser',
                 'last_login', 'password']
         fields = [
             'id',
             'username',
             'email',
             'first_name',
             'last_name',
             'is_staff',
             'is_active',
             'date_joined',
             'is_superuser',
             'last_login',
             'password',
+        ]
         old_users = OldUser.objects.prefetch_related('groups', 'user_permissions').order_by('id')
         new_users = []
         for old_user in old_users:
-...
         PermissionThrough.objects.bulk_create(new_permissions)
         # Reset sequences
         if schema_editor.connection.vendor == 'postgresql':
             schema_editor.execute('SELECT setval(pg_get_serial_sequence(\'"custom_user_user_groups"\',\'id\'), coalesce(max("id"), 1), max("id") IS NOT null) FROM "custom_user_user_groups";')
             schema_editor.execute('SELECT setval(pg_get_serial_sequence(\'"custom_user_user_user_permissions"\',\'id\'), coalesce(max("id"), 1), max("id") IS NOT null) FROM "custom_user_user_user_permissions";')
             schema_editor.execute('SELECT setval(pg_get_serial_sequence(\'"custom_user_user"\',\'id\'), coalesce(max("id"), 1), max("id") IS NOT null) FROM "custom_user_user";')
             schema_editor.execute(
                 'SELECT setval(pg_get_serial_sequence(\'"custom_user_user_groups"\',\'id\'), coalesce(max("id"), 1), max("id") IS NOT null) FROM "custom_user_user_groups";'
+            )
             schema_editor.execute(
                 'SELECT setval(pg_get_serial_sequence(\'"custom_user_user_user_permissions"\',\'id\'), coalesce(max("id"), 1), max("id") IS NOT null) FROM "custom_user_user_user_permissions";'
+            )
             schema_editor.execute(
                 'SELECT setval(pg_get_serial_sequence(\'"custom_user_user"\',\'id\'), coalesce(max("id"), 1), max("id") IS NOT null) FROM "custom_user_user";'
+            )
         elif schema_editor.connection.vendor == 'sqlite':
             schema_editor.execute('UPDATE sqlite_sequence SET seq = (SELECT MAX(id) FROM custom_user_user) WHERE name = "custom_user_user";')
             schema_editor.execute('UPDATE sqlite_sequence SET seq = (SELECT MAX(id) FROM custom_user_user_groups) WHERE name = "custom_user_user_groups";')
             schema_editor.execute('UPDATE sqlite_sequence SET seq = (SELECT MAX(id) FROM custom_user_user_user_permissions) WHERE name = "custom_user_user_permissions";')
             schema_editor.execute(
                 'UPDATE sqlite_sequence SET seq = (SELECT MAX(id) FROM custom_user_user) WHERE name = "custom_user_user";'
+            )
             schema_editor.execute(
                 'UPDATE sqlite_sequence SET seq = (SELECT MAX(id) FROM custom_user_user_groups) WHERE name = "custom_user_user_groups";'
+            )
             schema_editor.execute(
                 'UPDATE sqlite_sequence SET seq = (SELECT MAX(id) FROM custom_user_user_user_permissions) WHERE name = "custom_user_user_permissions";'
+            )
         else:
             raise NotImplementedError()
     class Migration(migrations.Migration):
         dependencies = [
                 ('auth', '__first__'),
             ('auth', '__first__'),
+        ]
         operations = [
             migrations.CreateModel(
                 name='User',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('password', models.CharField(max_length=128, verbose_name='password')),
                     ('last_login', models.DateTimeField(default=django.utils.timezone.now, verbose_name='last login')),
                     ('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')),
                     ('uuid', models.CharField(default=authentic2.utils.get_hex_uuid, verbose_name='uuid', unique=True, max_length=32, editable=False)),
                     ('username', models.CharField(max_length=256, null=True, verbose_name='username', blank=True)),
+                    (
                         'last_login',
                         models.DateTimeField(default=django.utils.timezone.now, verbose_name='last login'),
                     ),
+                    (
                         'is_superuser',
                         models.BooleanField(
                             default=False,
                             help_text='Designates that this user has all permissions without explicitly assigning them.',
                             verbose_name='superuser status',
                         ),
                     ),
+                    (
                         'uuid',
                         models.CharField(
                             default=authentic2.utils.get_hex_uuid,
                             verbose_name='uuid',
                             unique=True,
                             max_length=32,
                             editable=False,
                         ),
                     ),
+                    (
                         'username',
                         models.CharField(max_length=256, null=True, verbose_name='username', blank=True),
                     ),
                     ('first_name', models.CharField(max_length=64, verbose_name='first name', blank=True)),
                     ('last_name', models.CharField(max_length=64, verbose_name='last name', blank=True)),
                     ('email', models.EmailField(blank=True, max_length=254, verbose_name='email address', validators=[authentic2.validators.EmailValidator])),
                     ('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
                     ('is_active', models.BooleanField(default=True, help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.', verbose_name='active')),
                     ('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')),
                     ('groups', models.ManyToManyField(related_query_name='user', related_name='user_set', to='auth.Group', blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of his/her group.', verbose_name='groups')),
                     ('user_permissions', models.ManyToManyField(related_query_name='user', related_name='user_set', to='auth.Permission', blank=True, help_text='Specific permissions for this user.', verbose_name='user permissions')),
+                    (
                         'email',
                         models.EmailField(
                             blank=True,
                             max_length=254,
                             verbose_name='email address',
                             validators=[authentic2.validators.EmailValidator],
                         ),
                     ),
+                    (
                         'is_staff',
                         models.BooleanField(
                             default=False,
                             help_text='Designates whether the user can log into this admin site.',
                             verbose_name='staff status',
                         ),
                     ),
+                    (
                         'is_active',
                         models.BooleanField(
                             default=True,
                             help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.',
                             verbose_name='active',
                         ),
                     ),
+                    (
                         'date_joined',
                         models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined'),
                     ),
+                    (
                         'groups',
                         models.ManyToManyField(
                             related_query_name='user',
                             related_name='user_set',
                             to='auth.Group',
                             blank=True,
                             help_text='The groups this user belongs to. A user will get all permissions granted to each of his/her group.',
                             verbose_name='groups',
                         ),
                     ),
+                    (
                         'user_permissions',
                         models.ManyToManyField(
                             related_query_name='user',
                             related_name='user_set',
                             to='auth.Permission',
                             blank=True,
                             help_text='Specific permissions for this user.',
                             verbose_name='user permissions',
                         ),
                     ),
                 ],
                 options={
                     'verbose_name': 'user',

     from django.conf import settings
     from django.db import models, migrations
     class ThirdPartyAlterField(migrations.AlterField):
         def __init__(self, *args, **kwargs):
             self.app_label = kwargs.pop('app_label')
-...
         def database_forwards(self, app_label, schema_editor, from_state, to_state):
             if hasattr(from_state, 'clear_delayed_apps_cache'):
                 from_state.clear_delayed_apps_cache()
             super(ThirdPartyAlterField, self).database_forwards(self.app_label,
                     schema_editor, from_state, to_state)
             super(ThirdPartyAlterField, self).database_forwards(
                 self.app_label, schema_editor, from_state, to_state
+            )
         def database_backwards(self, app_label, schema_editor, from_state, to_state):
             self.database_forwards(app_label, schema_editor, from_state, to_state)
         def __eq__(self, other):
             return (
                 (self.__class__ == other.__class__) and
                 (self.app_label == other.app_label) and
                 (self.name == other.name) and
                 (self.model_name.lower() == other.model_name.lower()) and
                 (self.field.deconstruct()[1:] == other.field.deconstruct()[1:])
                 (self.__class__ == other.__class__)
                 and (self.app_label == other.app_label)
                 and (self.name == other.name)
                 and (self.model_name.lower() == other.model_name.lower())
                 and (self.field.deconstruct()[1:] == other.field.deconstruct()[1:])
+            )
         def references_model(self, *args, **kwargs):
-...
+        ]
         operations = [
                 # Django admin log
                 ThirdPartyAlterField(
                     app_label='admin',
                     model_name='logentry',
                     name='user',
                     field=models.ForeignKey(to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE),
                     preserve_default=True
                 ),
             # Django admin log
             ThirdPartyAlterField(
                 app_label='admin',
                 model_name='logentry',
                 name='user',
                 field=models.ForeignKey(to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE),
                 preserve_default=True,
             ),
+        ]

         operations = [
             migrations.AlterModelOptions(
                 name='user',
                 options={'verbose_name': 'user', 'verbose_name_plural': 'users',},
                 options={
                     'verbose_name': 'user',
                     'verbose_name_plural': 'users',
                 },
             ),
+        ]

             migrations.AddField(
                 model_name='user',
                 name='ou',
                 field=models.ForeignKey(blank=True, to=settings.RBAC_OU_MODEL, null=True, on_delete=models.CASCADE),
                 field=models.ForeignKey(
                     blank=True, to=settings.RBAC_OU_MODEL, null=True, on_delete=models.CASCADE
                 ),
                 preserve_default=True,
             ),
+        ]

             migrations.AlterField(
                 model_name='user',
                 name='ou',
                 field=models.ForeignKey(verbose_name='organizational unit', blank=True, to=settings.RBAC_OU_MODEL, null=True, on_delete=models.CASCADE),
                 field=models.ForeignKey(
                     verbose_name='organizational unit',
                     blank=True,
                     to=settings.RBAC_OU_MODEL,
                     null=True,
                     on_delete=models.CASCADE,
                 ),
                 preserve_default=True,
             ),
+        ]

     from django.db import models, migrations
     def noop(apps, schema_editor):
         pass
     def set_last_login(apps, schema_editor):
         User = apps.get_model('custom_user', 'User')
         User.objects.filter(last_login__isnull=True) \
             .update(last_login=models.F('date_joined'))
         User.objects.filter(last_login__isnull=True).update(last_login=models.F('date_joined'))
     class Migration(migrations.Migration):

     from django.db import models, migrations
     def noop(apps, schema_editor):
         pass
     def set_last_login(apps, schema_editor):
         User = apps.get_model('custom_user', 'User')
         User.objects.filter(last_login__isnull=True) \
             .update(last_login=models.F('date_joined'))
         User.objects.filter(last_login__isnull=True).update(last_login=models.F('date_joined'))
     class Migration(migrations.Migration):

         operations = [
             migrations.AlterModelOptions(
                 name='user',
                 options={'ordering': ('first_name', 'last_name', 'email', 'username'), 'verbose_name': 'user', 'verbose_name_plural': 'users',},
                 options={
                     'ordering': ('first_name', 'last_name', 'email', 'username'),
                     'verbose_name': 'user',
                     'verbose_name_plural': 'users',
                 },
             ),
+        ]

             migrations.AddField(
                 model_name='user',
                 name='modified',
                 field=models.DateTimeField(default=datetime.datetime(2017, 3, 13, 14, 41, 7, 593150, tzinfo=utc), auto_now=True, verbose_name='Last modification time', db_index=True),
                 field=models.DateTimeField(
                     default=datetime.datetime(2017, 3, 13, 14, 41, 7, 593150, tzinfo=utc),
                     auto_now=True,
                     verbose_name='Last modification time',
                     db_index=True,
                 ),
                 preserve_default=False,
             ),
+        ]

         operations = [
             migrations.AlterModelOptions(
                 name='user',
                 options={'ordering': ('last_name', 'first_name', 'email', 'username'), 'verbose_name': 'user', 'verbose_name_plural': 'users',},
                 options={
                     'ordering': ('last_name', 'first_name', 'email', 'username'),
                     'verbose_name': 'user',
                     'verbose_name_plural': 'users',
                 },
             ),
+        ]

             migrations.AlterField(
                 model_name='user',
                 name='email',
                 field=models.EmailField(blank=True, max_length=254, verbose_name='email address', validators=[authentic2.validators.email_validator]),
                 field=models.EmailField(
                     blank=True,
                     max_length=254,
                     verbose_name='email address',
                     validators=[authentic2.validators.email_validator],
                 ),
             ),
+        ]

             migrations.CreateModel(
                 name='DeletedUser',
                 fields=[
                     ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                    (
                         'id',
                         models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
                     ),
                     ('deleted', models.DateTimeField(verbose_name='Deletion date', auto_now_add=True)),
                     ('old_uuid', models.TextField(blank=True, null=True, verbose_name='Old UUID')),
                     ('old_user_id', models.PositiveIntegerField(blank=True, null=True, verbose_name='Old user id')),
                     ('old_email', models.EmailField(blank=True, max_length=254, null=True, verbose_name='Old email adress')),
                     ('old_data', django.contrib.postgres.fields.jsonb.JSONField(blank=True, null=True, verbose_name='Old data')),
+                    (
                         'old_user_id',
                         models.PositiveIntegerField(blank=True, null=True, verbose_name='Old user id'),
                     ),
+                    (
                         'old_email',
                         models.EmailField(blank=True, max_length=254, null=True, verbose_name='Old email adress'),
                     ),
+                    (
                         'old_data',
                         django.contrib.postgres.fields.jsonb.JSONField(
                             blank=True, null=True, verbose_name='Old data'
                         ),
                     ),
                 ],
                 options={
                     'verbose_name': 'deleted user',

src/authentic2/custom_user/migrations/0022_index_email.py
9	9	operations = [
10	10	migrations.RunSQL(
11	11	sql=r'CREATE INDEX "custom_user_user_email_idx" ON "custom_user_user" (UPPER("email") text_pattern_ops);',
12		reverse_sql=r'DROP INDEX "custom_user_user_email_idx";'
	12	reverse_sql=r'DROP INDEX "custom_user_user_email_idx";',
13	13	),
14	14	]

src/authentic2/custom_user/migrations/0023_index_username.py
9	9	operations = [
10	10	migrations.RunSQL(
11	11	sql=r'CREATE INDEX "custom_user_user_username_idx" ON "custom_user_user" (UPPER("username") text_pattern_ops);',
12		reverse_sql=r'DROP INDEX "custom_user_user_username_idx";'
	12	reverse_sql=r'DROP INDEX "custom_user_user_username_idx";',
13	13	),
14	14	]

         operations = [
             TrigramExtension(),
             RunSQLIfExtension(
                 sql=["CREATE INDEX IF NOT EXISTS custom_user_user_email_trgm_idx ON custom_user_user USING gist "
                      "(LOWER(email) public.gist_trgm_ops)"],
                 sql=[
                     "CREATE INDEX IF NOT EXISTS custom_user_user_email_trgm_idx ON custom_user_user USING gist "
                     "(LOWER(email) public.gist_trgm_ops)"
                 ],
                 reverse_sql=['DROP INDEX custom_user_user_email_trgm_idx'],
             ),
+        ]

         DeletedUser = apps.get_model('custom_user', 'DeletedUser')
         def delete_user(self):
             deleted_user = DeletedUser(
                 old_user_id=self.id)
             deleted_user = DeletedUser(old_user_id=self.id)
             if 'email' in app_settings.A2_USER_DELETED_KEEP_DATA:
                 deleted_user.old_email = self.email.rsplit('#', 1)[0]
             if 'uuid' in app_settings.A2_USER_DELETED_KEEP_DATA:

     from django.utils import six
     from django.utils.translation import ugettext_lazy as _
     from django.core.exceptions import ValidationError, MultipleObjectsReturned
     try:
         from django.contrib.contenttypes.fields import GenericRelation
     except ImportError:
-...
                 else:
                     atv = self.values.get(name)
                     self.values[name] = attribute.set_value(
                         self.owner, value,
                         verified=bool(self.verified),
                         attribute_value=atv)
                         self.owner, value, verified=bool(self.verified), attribute_value=atv
+                    )
                 update_fields = ['modified']
                 if name in ['first_name', 'last_name']:
-...
         def __getattr__(self, name):
             v = getattr(self.user.attributes, name, None)
             return (
                 v is not None
                 and v == getattr(self.user.verified_attributes, name, None)
+            )
             return v is not None and v == getattr(self.user.verified_attributes, name, None)
     class IsVerifiedDescriptor(object):
-...
         Username, password and email are required. Other fields are optional.
         """
         uuid = models.CharField(
             _('uuid'),
             max_length=32,
             default=utils.get_hex_uuid, editable=False, unique=True)
         uuid = models.CharField(_('uuid'), max_length=32, default=utils.get_hex_uuid, editable=False, unique=True)
         username = models.CharField(_('username'), max_length=256, null=True, blank=True)
         first_name = models.CharField(_('first name'), max_length=128, blank=True)
         last_name = models.CharField(_('last name'), max_length=128, blank=True)
         email = models.EmailField(
             _('email address'),
             blank=True,
             max_length=254,
             validators=[email_validator])
         email_verified = models.BooleanField(
             default=False,
             verbose_name=_('email verified'))
         email = models.EmailField(_('email address'), blank=True, max_length=254, validators=[email_validator])
         email_verified = models.BooleanField(default=False, verbose_name=_('email verified'))
         is_staff = models.BooleanField(
             _('staff status'),
             default=False,
             help_text=_('Designates whether the user can log into this admin '
                         'site.'))
             help_text=_('Designates whether the user can log into this admin ' 'site.'),
+        )
         is_active = models.BooleanField(
             _('active'),
             default=True,
             help_text=_('Designates whether this user should be treated as '
                         'active. Unselect this instead of deleting accounts.'))
             help_text=_(
                 'Designates whether this user should be treated as '
                 'active. Unselect this instead of deleting accounts.'
             ),
+        )
         ou = models.ForeignKey(
             verbose_name=_('organizational unit'),
             to='a2_rbac.OrganizationalUnit',
             blank=True,
             null=True,
             swappable=False,
             on_delete=models.CASCADE)
             on_delete=models.CASCADE,
+        )
         # events dates
         date_joined = models.DateTimeField(_('date joined'), default=timezone.now)
         modified = models.DateTimeField(
             verbose_name=_('Last modification time'),
             db_index=True,
             auto_now=True)
         modified = models.DateTimeField(verbose_name=_('Last modification time'), db_index=True, auto_now=True)
         last_account_deletion_alert = models.DateTimeField(
             verbose_name=_('Last account deletion alert'),
             null=True,
             blank=True)
         deactivation = models.DateTimeField(
             verbose_name=_('Deactivation datetime'),
             null=True,
             blank=True)
             verbose_name=_('Last account deletion alert'), null=True, blank=True
+        )
         deactivation = models.DateTimeField(verbose_name=_('Deactivation datetime'), null=True, blank=True)
         objects = UserManager.from_queryset(UserQuerySet)()
         attributes = AttributesDescriptor()
-...
             qs = (qs1 | qs2).order_by('name').distinct()
             RoleParenting = get_role_parenting_model()
             rp_qs = RoleParenting.objects.filter(child__in=qs1)
             qs = qs.prefetch_related(models.Prefetch(
                 'child_relation', queryset=rp_qs), 'child_relation__parent')
             qs = qs.prefetch_related(models.Prefetch(
                 'members', queryset=self.__class__.objects.filter(pk=self.pk), to_attr='member'))
             qs = qs.prefetch_related(models.Prefetch('child_relation', queryset=rp_qs), 'child_relation__parent')
             qs = qs.prefetch_related(
                 models.Prefetch('members', queryset=self.__class__.objects.filter(pk=self.pk), to_attr='member')
+            )
             return qs
         def __str__(self):
-...
             return '<User: %r>' % six.text_type(self)
         def clean(self):
             if not (self.username
                     or self.email
                     or (self.first_name and self.last_name)):
                 raise ValidationError(_('An account needs at least one identifier: '
                                         'username, email or a full name (first and last name).'))
             if not (self.username or self.email or (self.first_name and self.last_name)):
                 raise ValidationError(
                     _(
                         'An account needs at least one identifier: '
                         'username, email or a full name (first and last name).'
+                    )
+                )
         def validate_unique(self, exclude=None):
             errors = {}
-...
             if self.pk:
                 qs = qs.exclude(pk=self.pk)
             if 'username' not in exclude and self.username and (app_settings.A2_USERNAME_IS_UNIQUE
                                                                 or (self.ou and self.ou.username_is_unique)):
             if (
                 'username' not in exclude
                 and self.username
                 and (app_settings.A2_USERNAME_IS_UNIQUE or (self.ou and self.ou.username_is_unique))
             ):
                 username_qs = qs
                 if not app_settings.A2_USERNAME_IS_UNIQUE:
                     username_qs = qs.filter(ou=self.ou)
-...
                     pass
                 else:
                     errors.setdefault('username', []).append(
                         _('This username is already in use. Please supply a different username.'))
                         _('This username is already in use. Please supply a different username.')
+                    )
             if 'email' not in exclude and self.email and (app_settings.A2_EMAIL_IS_UNIQUE
                                                           or (self.ou and self.ou.email_is_unique)):
             if (
                 'email' not in exclude
                 and self.email
                 and (app_settings.A2_EMAIL_IS_UNIQUE or (self.ou and self.ou.email_is_unique))
             ):
                 email_qs = qs
                 if not app_settings.A2_EMAIL_IS_UNIQUE:
                     email_qs = qs.filter(ou=self.ou)
-...
                     pass
                 else:
                     errors.setdefault('email', []).append(
                         _('This email address is already in use. Please supply a different email '
                           'address.'))
                         _('This email address is already in use. Please supply a different email ' 'address.')
+                    )
             if errors:
                 raise ValidationError(errors)
-...
                 attribute = attributes_map[av.attribute_id]
                 drf_field = attribute.get_drf_field()
                 d[str(attribute.name)] = drf_field.to_representation(av.to_python())
             d.update({
                 'uuid': self.uuid,
                 'username': self.username,
                 'email': self.email,
                 'ou': self.ou.name if self.ou else None,
                 'ou__uuid': self.ou.uuid if self.ou else None,
                 'ou__slug': self.ou.slug if self.ou else None,
                 'ou__name': self.ou.name if self.ou else None,
                 'first_name': self.first_name,
                 'last_name': self.last_name,
                 'is_superuser': self.is_superuser,
                 'roles': [role.to_json() for role in self.roles_and_parents()],
                 'services': [service.to_json(roles=self.roles_and_parents()) for service in Service.objects.all()],
             })
             d.update(
+                {
                     'uuid': self.uuid,
                     'username': self.username,
                     'email': self.email,
                     'ou': self.ou.name if self.ou else None,
                     'ou__uuid': self.ou.uuid if self.ou else None,
                     'ou__slug': self.ou.slug if self.ou else None,
                     'ou__name': self.ou.name if self.ou else None,
                     'first_name': self.first_name,
                     'last_name': self.last_name,
                     'is_superuser': self.is_superuser,
                     'roles': [role.to_json() for role in self.roles_and_parents()],
                     'services': [
                         service.to_json(roles=self.roles_and_parents()) for service in Service.objects.all()
                     ],
+                }
+            )
             return d
         def save(self, *args, **kwargs):
-...
         @transaction.atomic
         def delete(self, **kwargs):
             deleted_user = DeletedUser(
                 old_user_id=self.id)
             deleted_user = DeletedUser(old_user_id=self.id)
             if 'email' in app_settings.A2_USER_DELETED_KEEP_DATA:
                 deleted_user.old_email = self.email.rsplit('#', 1)[0]
             if 'uuid' in app_settings.A2_USER_DELETED_KEEP_DATA:
-...
     class DeletedUser(models.Model):
         deleted = models.DateTimeField(
             verbose_name=_('Deletion date'),
             auto_now_add=True)
         old_uuid = models.TextField(
             verbose_name=_('Old UUID'),
             null=True,
             blank=True)
         old_user_id = models.PositiveIntegerField(
             verbose_name=_('Old user id'),
             null=True,
             blank=True)
         old_email = models.EmailField(
             verbose_name=_('Old email adress'),
             null=True,
             blank=True)
         old_data = JSONField(
             verbose_name=_('Old data'),
             null=True,
             blank=True)
         deleted = models.DateTimeField(verbose_name=_('Deletion date'), auto_now_add=True)
         old_uuid = models.TextField(verbose_name=_('Old UUID'), null=True, blank=True)
         old_user_id = models.PositiveIntegerField(verbose_name=_('Old user id'), null=True, blank=True)
         old_email = models.EmailField(verbose_name=_('Old email adress'), null=True, blank=True)
         old_data = JSONField(verbose_name=_('Old data'), null=True, blank=True)
         @classmethod
         def cleanup(cls, threshold=None, timestamp=None):
             threshold = threshold or (timezone.now() - datetime.timedelta(days=app_settings.A2_USER_DELETED_KEEP_DATA_DAYS))
             threshold = threshold or (
                 timezone.now() - datetime.timedelta(days=app_settings.A2_USER_DELETED_KEEP_DATA_DAYS)
+            )
             cls.objects.filter(deleted__lt=threshold).delete()
         def __str__(self):
             return 'DeletedUser(old_id=%s, old_uuid=%s…, old_email=%s)' % (
                 self.old_user_id or '-',
                 (self.old_uuid or '')[:6],
                 self.old_email or '-')
                 self.old_email or '-',
+            )
         class Meta:
             verbose_name = _('deleted user')

     from django.utils.text import format_lazy
     from django_rbac.models import Operation
     from django_rbac.utils import (
         get_ou_model, get_role_model, get_role_parenting_model, get_permission_model)
     from django_rbac.utils import get_ou_model, get_role_model, get_role_parenting_model, get_permission_model
     from authentic2.decorators import errorcollector
     from authentic2.a2_rbac.models import RoleAttribute
-...
                                 yield message.message
                             else:
                                 yield message
                     for message in error_list(messages):
                         errorlist.append(format_lazy(u'{}="{}": {}', obj.__class__._meta.get_field(key).verbose_name, value, message))
                         errorlist.append(
                             format_lazy(
                                 u'{}="{}": {}', obj.__class__._meta.get_field(key).verbose_name, value, message
+                            )
+                        )
             raise ValidationError(errorlist)
         obj.save()
-...
     def export_roles(context):
         """ Serialize roles in role_queryset
         """
         return [
             role.export_json(attributes=True, parents=True, permissions=True)
             for role in context.role_qs
+        ]
         """Serialize roles in role_queryset"""
         return [role.export_json(attributes=True, parents=True, permissions=True) for role in context.role_qs]
     def search_ou(ou_d):
-...
             return role
     class ImportContext(object):
         """ Holds information on how to perform the import.
         """Holds information on how to perform the import.
         ou_delete_orphans: if True any existing ou that is not found in the export will
                            be deleted
-...
         """
         def __init__(
                 self,
                 import_roles=True,
                 import_ous=True,
                 role_delete_orphans=False,
                 role_parentings_update=True,
                 role_permissions_update=True,
                 role_attributes_update=True,
                 ou_delete_orphans=False,
                 set_ou=None):
             self,
             import_roles=True,
             import_ous=True,
             role_delete_orphans=False,
             role_parentings_update=True,
             role_permissions_update=True,
             role_attributes_update=True,
             ou_delete_orphans=False,
             set_ou=None,
         ):
             self.import_roles = import_roles
             self.import_ous = import_ous
             self.role_delete_orphans = role_delete_orphans
-...
                 try:
                     return func(self, *args, **kwargs)
                 except ValidationError as e:
                     raise ValidationError(_('Role "%(name)s": %(errors)s') % {
                         'name': self._role_d.get('name', self._role_d.get('slug')),
                         'errors': lazy_join(', ', [v.message for v in e.error_list]),
                     })
                     raise ValidationError(
                         _('Role "%(name)s": %(errors)s')
                         % {
                             'name': self._role_d.get('name', self._role_d.get('slug')),
                             'errors': lazy_join(', ', [v.message for v in e.error_list]),
+                        }
+                    )
             return f
         @wraps_validationerror
-...
         @wraps_validationerror
         def attributes(self):
             """ Update attributes (delete everything then create)
             """
             """Update attributes (delete everything then create)"""
             created, deleted = [], []
             for attr in self._obj.attributes.all():
                 attr.delete()
-...
         @wraps_validationerror
         def parentings(self):
             """ Update parentings (delete everything then create)
             """
             """Update parentings (delete everything then create)"""
             created, deleted = [], []
             Parenting = get_role_parenting_model()
             for parenting in Parenting.objects.filter(child=self._obj, direct=True):
-...
                     parent = search_role(parent_d)
                     if not parent:
                         raise ValidationError(_("Could not find parent role: %s") % parent_d)
                     created.append(Parenting.objects.create(
                         child=self._obj, direct=True, parent=parent))
                     created.append(Parenting.objects.create(child=self._obj, direct=True, parent=parent))
             return created, deleted
         @wraps_validationerror
         def permissions(self):
             """ Update permissions (delete everything then create)
             """
             """Update permissions (delete everything then create)"""
             created, deleted = [], []
             for perm in self._obj.permissions.all():
                 perm.delete()
-...
             if self._permissions:
                 for perm in self._permissions:
                     op = Operation.objects.get_by_natural_key_json(perm['operation'])
                     ou = get_ou_model().objects.get_by_natural_key_json(
                         perm['ou']) if perm['ou'] else None
                     ou = get_ou_model().objects.get_by_natural_key_json(perm['ou']) if perm['ou'] else None
                     ct = ContentType.objects.get_by_natural_key_json(perm['target_ct'])
                     target = ct.model_class().objects.get_by_natural_key_json(perm['target'])
                     perm = get_permission_model().objects.create(
                         operation=op, ou=ou, target_ct=ct, target_id=target.pk)
                         operation=op, ou=ou, target_ct=ct, target_id=target.pk
+                    )
                     self._obj.permissions.add(perm)
                     created.append(perm)
-...
     class ImportResult(object):
         def __init__(self):
             self.roles = {'created': [], 'updated': []}
             self.ous = {'created': [], 'updated': []}
-...
                     result.update_permissions(*ds.permissions())
             if import_context.ou_delete_orphans:
                 raise ValidationError(_("Unsupported context value for ou_delete_orphans : %s") % (
                     import_context.ou_delete_orphans))
                 raise ValidationError(
                     _("Unsupported context value for ou_delete_orphans : %s") % (import_context.ou_delete_orphans)
+                )
             if import_context.role_delete_orphans:
                 # FIXME : delete each role that is in DB but not in the export
                 raise ValidationError(_("Unsupported context value for role_delete_orphans : %s") % (
                     import_context.role_delete_orphans))
                 raise ValidationError(
                     _("Unsupported context value for role_delete_orphans : %s")
                     % (import_context.role_delete_orphans)
+                )
         return result

     from django.utils import six
     from . import app_settings, middleware
     # XXX: import to_list for retrocompaibility
     from .utils import to_list, to_iter  # noqa: F401
-...
     def unless(test, message):
         '''Decorator returning a 404 status code if some condition is not met'''
         def decorator(func):
             @wraps(func)
             def f(request, *args, **kwargs):
                 if not test():
                     return technical_404_response(request, Http404(message))
                 return func(request, *args, **kwargs)
             return f
         return decorator
-...
         def test():
             return getattr(settings, name, False)
         return unless(test, 'please enable %s' % full_name)
-...
         def test():
             try:
                 import lasso  # noqa: F401
                 return True
             except ImportError:
                 return False
         return unless(test, 'please install lasso')
     def required(wrapping_functions, patterns_rslt):
         '''
         """
         Used to require 1..n decorators in any view returned by a url tree
         Usage:
-...
           urlpatterns = required((func,func,func),patterns(...))
         Note:
           Use functools.partial to pass keyword params to the required
           decorators. If you need to pass args you will have to write a
           Use functools.partial to pass keyword params to the required
           decorators. If you need to pass args you will have to write a
           wrapper function.
         Example:
-...
               partial(login_required,login_url='/accounts/login/'),
               patterns(...)
+          )
         '''
         """
         if not hasattr(wrapping_functions, '__iter__'):
             wrapping_functions = (wrapping_functions,)
         return [
             _wrap_instance__resolve(wrapping_functions, instance)
             for instance in patterns_rslt
+        ]
         return [_wrap_instance__resolve(wrapping_functions, instance) for instance in patterns_rslt]
     def _wrap_instance__resolve(wrapping_functions, instance):
-...
     class CacheDecoratorBase(object):
         '''Base class to build cache decorators.
         """Base class to build cache decorators.
         It helps for building keys from function arguments.
         """
            It helps for building keys from function arguments.
         '''
         def __new__(cls, *args, **kwargs):
             if len(args) > 1:
                 raise TypeError(
                     '%s got unexpected arguments, only one argument must be given, the function to decorate' % cls.__name__)
                     '%s got unexpected arguments, only one argument must be given, the function to decorate'
                     % cls.__name__
+                )
             if args:
                 # Case of a decorator used directly
                 return cls(**kwargs)(args[0])
             return super(CacheDecoratorBase, cls).__new__(cls)
         def __init__(self, timeout=None, hostname_vary=True, args=None,
                      kwargs=None):
         def __init__(self, timeout=None, hostname_vary=True, args=None, kwargs=None):
             self.timeout = timeout
             self.hostname_vary = hostname_vary
             self.args = args
-...
                     key = self.key(*args, **kwargs)
                     value, tstamp = self.get(key)
                     if tstamp is not None:
                         if (self.timeout is None
                                 or tstamp + self.timeout > now):
                         if self.timeout is None or tstamp + self.timeout > now:
                             return value
                         if hasattr(self, 'delete'):
                             self.delete(key, (key, tstamp))
-...
                     return value
                 except CacheUnusable:  # fallback when cache cannot be used
                     return func(*args, **kwargs)
             f.cache = self
             return f
-...
     class SimpleDictionnaryCacheMixin(object):
         '''Default implementations of set, get and delete for a cache implemented
            using a dictionary. The dictionnary must be returned by a property named
            'cache'.
         '''
         """Default implementations of set, get and delete for a cache implemented
         using a dictionary. The dictionnary must be returned by a property named
         'cache'.
         """
         def set(self, key, value):
             self.cache[key] = value
-...
             return value
     class SessionCache(PickleCacheMixin, SimpleDictionnaryCacheMixin,
                        CacheDecoratorBase):
     class SessionCache(PickleCacheMixin, SimpleDictionnaryCacheMixin, CacheDecoratorBase):
         @property
         def cache(self):
             request = middleware.StoreRequestMiddleware.get_request()
-...
                     if variable in request.GET:
                         identifier = request.GET[variable]
                         if not re.match(r'^[$a-zA-Z_][0-9a-zA-Z_$]*$', identifier):
                             return HttpResponseBadRequest('invalid JSONP callback name', content_type='text/plain')
                             return HttpResponseBadRequest(
                                 'invalid JSONP callback name', content_type='text/plain'
+                            )
                         jsonp = True
                         break
             # 1. check origin
-...
                 response['Access-Control-Allow-Headers'] = 'x-requested-with'
             response.write(json_str)
             return response
         return f

             logger.warn('get_disco_return_url_from_metadata: unknown service provider %s', entity_id)
             return None
         dom = parseString(liberty_provider.metadata.encode('utf8'))
         endpoints = dom.getElementsByTagNameNS('urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol',
                                                'DiscoveryResponse')
         endpoints = dom.getElementsByTagNameNS(
             'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol', 'DiscoveryResponse'
+        )
         if not endpoints:
             logger.warn('get_disco_return_url_from_metadata: no discovery service endpoint for %s', entity_id)
             return None
-...
         entityID = None
         _return = None
         policy = \
             "urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol:single",
         policy = ("urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol:single",)
         returnIDParam = None
         isPassive = False
-...
             # Discovery request parameters
             entityID = request.GET.get('entityID', '')
             _return = request.GET.get('return', '')
             policy = request.GET.get('idp_selected', 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol:single')
             policy = request.GET.get(
                 'idp_selected', 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol:single'
+            )
             returnIDParam = request.GET.get('returnIDParam', 'entityID')
             # XXX: isPassive is unused
             isPassive = request.GET.get('isPassive', '')
-...
         # equal to returnIDParam. Else, it is an unconformant SP.
         if is_param_id_in_return_url(return_url, returnIDParam):
             message = _('invalid return url %(return_url)s for %(entity_id)s') % dict(
                 return_url=return_url, entity_id=entityID)
                 return_url=return_url, entity_id=entityID
+            )
             return error_page(request, message, logger=logger)
         # not back from selection interface
-...
         idp_selected = urlquote('http://www.identity-hub.com/idp/saml2/metadata')
         return HttpResponseRedirect('%s?idp_selected=%s' % (reverse(disco), idp_selected))
     urlpatterns = [
         url(r'^disco$', disco),
         url(r'^idp_selection$', idp_selection),

         KEY_PREFIX = 'exp-backoff-'
         CACHE_DURATION = 86400
         def __init__(self,
                      factor=FACTOR,
                      duration=DURATION,
                      max_duration=MAX_DURATION,
                      key_prefix=None,
                      cache_duration=CACHE_DURATION):
         def __init__(
             self,
             factor=FACTOR,
             duration=DURATION,
             max_duration=MAX_DURATION,
             key_prefix=None,
             cache_duration=CACHE_DURATION,
         ):
             self.factor = factor
             self.duration = duration
             self.max_duration = max_duration
-...
             return '%s%s' % (self.key_prefix or self.KEY_PREFIX, hashlib.md5(key).hexdigest())
         def seconds_to_wait(self, *keys):
             '''Return the duration in seconds until the next time when an action can be
                done.
             '''
             """Return the duration in seconds until the next time when an action can be
             done.
             """
             key = self.key(keys)
             if self.duration:
                 now = time.time()
-...
             return 0
         def success(self, *keys):
             '''Signal an action success, delete exponential backoff cache.
             '''
             """Signal an action success, delete exponential backoff cache."""
             key = self.key(keys)
             if not self.duration:
                 return
-...
             self.logger.debug(u'success for %s', keys)
         def failure(self, *keys):
             '''Signal an action failure, augment the exponential backoff one level.
             '''
             """Signal an action failure, augment the exponential backoff one level."""
             key = self.key(keys)
             if not self.duration:
                 return

             initial=False,
             required=False,
             label=_('Remember me'),
             help_text=_('Do not ask for authentication next time'))
             help_text=_('Do not ask for authentication next time'),
+        )
         ou = forms.ModelChoiceField(
             label=lazy_label(_('Organizational unit'), lambda: app_settings.A2_LOGIN_FORM_OU_SELECTOR_LABEL),
             required=True,
             queryset=OU.objects.all())
             queryset=OU.objects.all(),
+        )
         def __init__(self, *args, **kwargs):
             preferred_ous = kwargs.pop('preferred_ous', [])
-...
             self.exponential_backoff = ExponentialRetryTimeout(
                 key_prefix='login-exp-backoff-',
                 duration=app_settings.A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_DURATION,
                 factor=app_settings.A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_FACTOR)
                 factor=app_settings.A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_FACTOR,
+            )
             if not app_settings.A2_USER_REMEMBER_ME:
                 del self.fields['remember_me']
-...
                 if preferred_ous:
                     choices = self.fields['ou'].choices
                     new_choices = list(choices)[:1] + [
                         (ugettext('Preferred organizational units'), [
                             (ou.pk, ou.name) for ou in preferred_ous]),
                         (ugettext('Preferred organizational units'), [(ou.pk, ou.name) for ou in preferred_ous]),
                         (ugettext('All organizational units'), list(choices)[1:]),
+                    ]
                     self.fields['ou'].choices = new_choices
-...
                 seconds_to_wait = self.exponential_backoff.seconds_to_wait(*keys)
                 if seconds_to_wait > app_settings.A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_MIN_DURATION:
                     seconds_to_wait -= app_settings.A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_MIN_DURATION
                     msg = _('You made too many login errors recently, you must '
                             'wait <span class="js-seconds-until">%s</span> seconds '
                             'to try again.')
                     msg = _(
                         'You made too many login errors recently, you must '
                         'wait <span class="js-seconds-until">%s</span> seconds '
                         'to try again.'
+                    )
                     msg = msg % int(math.ceil(seconds_to_wait))
                     msg = html.mark_safe(msg)
                     raise forms.ValidationError(msg)
-...
             if app_settings.A2_USERNAME_LABEL:
                 username_label = app_settings.A2_USERNAME_LABEL
             invalid_login_message = [
                     _('Incorrect %(username_label)s or password.') % {'username_label': username_label},
                 _('Incorrect %(username_label)s or password.') % {'username_label': username_label},
+            ]
             if app_settings.A2_USER_CAN_RESET_PASSWORD is not False and getattr(settings, 'REGISTRATION_OPEN', True):
             if app_settings.A2_USER_CAN_RESET_PASSWORD is not False and getattr(
                 settings, 'REGISTRATION_OPEN', True
             ):
                 invalid_login_message.append(
                         _('Try again, use the forgotten password link below, or create an account.'))
                     _('Try again, use the forgotten password link below, or create an account.')
+                )
             elif app_settings.A2_USER_CAN_RESET_PASSWORD is not False:
                 invalid_login_message.append(
                         _('Try again or use the forgotten password link below.'))
                 invalid_login_message.append(_('Try again or use the forgotten password link below.'))
             elif getattr(settings, 'REGISTRATION_OPEN', True):
                 invalid_login_message.append(
                         _('Try again or create an account.'))
                 invalid_login_message.append(_('Try again or create an account.'))
             error_messages['invalid_login'] = ' '.join([force_text(x) for x in invalid_login_message])
             return error_messages

     from authentic2 import app_settings
     from authentic2.passwords import password_help_text, validate_password
     from authentic2.forms.widgets import (PasswordInput, NewPasswordInput,
                                           CheckPasswordInput, ProfileImageInput,
                                           EmailInput)
     from authentic2.forms.widgets import (
         PasswordInput,
         NewPasswordInput,
         CheckPasswordInput,
         ProfileImageInput,
         EmailInput,
+    )
     from authentic2.validators import email_validator
     import PIL.Image
-...
         widget = CheckPasswordInput
         def __init__(self, *args, **kwargs):
             kwargs['help_text'] = u'''
             kwargs[
                 'help_text'
             ] = u'''
         <span class="a2-password-check-equality-default">%(default)s</span>
         <span class="a2-password-check-equality-matched">%(match)s</span>
         <span class="a2-password-check-equality-unmatched">%(nomatch)s</span>
-...
             output = io.BytesIO()
             if image.mode != 'RGB':
                 image = image.convert('RGB')
             image.save(
                 output,
                 format='JPEG',
                 quality=99,
                 optimize=1)
             image.save(output, format='JPEG', quality=99, optimize=1)
             output.seek(0)
             return File(output, name=name)

                     help_text=field.help_text,
                     initial=initial,
                     required=False,
                     widget=forms.TextInput(attrs={'readonly': ''}))
                     widget=forms.TextInput(attrs={'readonly': ''}),
+                )
             if not locked_fields:
                 return

     class PasswordResetForm(forms.Form):
         next_url = forms.CharField(widget=forms.HiddenInput, required=False)
         email = forms.CharField(
             label=_("Email"), max_length=254)
         email = forms.CharField(label=_("Email"), max_length=254)
         def save(self):
             """
-...
             for user in active_users:
                 # we don't set the password to a random string, as some users should not have
                 # a password
                 set_random_password = (user.has_usable_password()
                                        and app_settings.A2_SET_RANDOM_PASSWORD_ON_RESET)
                 set_random_password = user.has_usable_password() and app_settings.A2_SET_RANDOM_PASSWORD_ON_RESET
                 utils.send_password_reset_mail(
                     user,
                     set_random_password=set_random_password,
                     next_url=self.cleaned_data.get('next_url'))
                     user, set_random_password=set_random_password, next_url=self.cleaned_data.get('next_url')
+                )
             for user in users.filter(is_active=False):
                 logger.info('password reset failed for user "%r": account is disabled', user)
                 utils.send_templated_mail(user, ['authentic2/password_reset_refused'])
-...
     class PasswordResetMixin(Form):
         '''Remove all password reset object for the current user when password is
            successfully changed.'''
         """Remove all password reset object for the current user when password is
         successfully changed."""
         def save(self, commit=True):
             ret = super(PasswordResetMixin, self).save(commit=commit)
-...
                     ret = old_save(*args, **kwargs)
                     models.PasswordReset.objects.filter(user=self.user).delete()
                     return ret
                 self.user.save = save
             return ret
-...
             return new_password1
     class PasswordChangeForm(NotifyOfPasswordChange, NextUrlFormMixin, PasswordResetMixin,
                              auth_forms.PasswordChangeForm):
     class PasswordChangeForm(
         NotifyOfPasswordChange, NextUrlFormMixin, PasswordResetMixin, auth_forms.PasswordChangeForm
     ):
         old_password = PasswordField(label=_('Old password'))
         new_password1 = NewPasswordField(label=_('New password'))
         new_password2 = CheckPasswordField(label=_("New password confirmation"))
-...
                 raise ValidationError(_('New password must differ from old password'))
             return new_password1
     # make old_password the first field
     new_base_fields = OrderedDict()

     class EmailChangeForm(EmailChangeFormNoPassword):
         password = forms.CharField(label=_("Password"),
                                    widget=forms.PasswordInput)
         password = forms.CharField(label=_("Password"), widget=forms.PasswordInput)
         def clean_email(self):
             email = self.cleaned_data['email']
-...
                 def save_m2m(*args, **kwargs):
                     old(*args, **kwargs)
                     self.save_attributes()
                 self.save_m2m = save_m2m
             return result
-...
     def modelform_factory(model, **kwargs):
         '''Build a modelform for the given model,
         """Build a modelform for the given model,
            For the user model also add attribute based fields.
         '''
         For the user model also add attribute based fields.
         """
         form = kwargs.pop('form', None)
         fields = kwargs.get('fields') or []
-...
             form = forms.ModelForm
         modelform = None
         if required:
             def __init__(self, *args, **kwargs):
                 super(modelform, self).__init__(*args, **kwargs)
                 for field in required:
                     if field in self.fields:
                         self.fields[field].required = True
             d['__init__'] = __init__
         modelform = type(model.__name__ + 'ModelForm', (form,), d)
         kwargs['form'] = modelform
         modelform.required_css_class = 'form-field-required'
         return dj_modelform_factory(model, **kwargs)

                     else:
                         exist = True
                     if exist:
                         raise ValidationError(_('This username is already in '
                                                 'use. Please supply a different username.'))
                         raise ValidationError(
                             _('This username is already in ' 'use. Please supply a different username.')
+                        )
                 return username
         def clean_email(self):
-...
                     else:
                         exist = True
                     if exist:
                         raise ValidationError(_('This email address is already in '
                                                 'use. Please supply a different email address.'))
                         raise ValidationError(
                             _('This email address is already in ' 'use. Please supply a different email address.')
+                        )
                 return BaseUserManager.normalize_email(email)
         def save(self, commit=True):

         '%Y': 'yyyy',
         '%y': 'yy',
         '%p': 'P',
         '%S': 'ss'
         '%S': 'ss',
+    }
     DATE_FORMAT_TO_JS_REGEX = re.compile(r'(?<!\w)(' + '|'.join(DATE_FORMAT_PY_JS_MAPPING.keys()) + r')\b')
-...
             # with a default, and convert it to a Python data format for later string parsing
             date_format = self.options['format']
             self.format = DATE_FORMAT_TO_PYTHON_REGEX.sub(
                 lambda x: DATE_FORMAT_JS_PY_MAPPING[x.group()],
                 date_format)
                 lambda x: DATE_FORMAT_JS_PY_MAPPING[x.group()], date_format
+            )
             super(PickerWidgetMixin, self).__init__(attrs, format=self.format)
-...
             final_attrs = self.build_attrs(attrs)
             final_attrs['class'] = "controls input-append date"
             rendered_widget = super(PickerWidgetMixin, self).render(
                     name, value, attrs=final_attrs, renderer=renderer)
                 name, value, attrs=final_attrs, renderer=renderer
+            )
             # if not set, autoclose have to be true.
             self.options.setdefault('autoclose', True)
-...
             if not help_text:
                 help_text = u'%s %s' % (_('Format:'), self.options['format'])
             return mark_safe(self.render_template % dict(
                 id=id,
                 rendered_widget=rendered_widget,
                 clear_button=CLEAR_BTN_TEMPLATE if self.options.get('clearBtn') else '',
                 glyphicon=self.glyphicon,
                 language=get_language(),
                 options=js_options,
                 help_text=help_text))
             return mark_safe(
                 self.render_template
                 % dict(
                     id=id,
                     rendered_widget=rendered_widget,
                     clear_button=CLEAR_BTN_TEMPLATE if self.options.get('clearBtn') else '',
                     glyphicon=self.glyphicon,
                     language=get_language(),
                     options=js_options,
                     help_text=help_text,
+                )
+            )
     class DateTimeWidget(PickerWidgetMixin, DateTimeInput):
-...
                 xstatic('jquery', 'jquery.min.js'),
                 'authentic2/js/password.js',
+            )
             css = {
                 'all': ('authentic2/css/password.css',)
+            }
             css = {'all': ('authentic2/css/password.css',)}
         def render(self, name, value, attrs=None, renderer=None):
             output = super(PasswordInput, self).render(
                     name, value, attrs=attrs, renderer=renderer)
             output = super(PasswordInput, self).render(name, value, attrs=attrs, renderer=renderer)
             if attrs and app_settings.A2_PASSWORD_POLICY_SHOW_LAST_CHAR:
                 _id = attrs.get('id')
                 if _id:
-...
             if attrs is None:
                 attrs = {}
             attrs['autocomplete'] = 'new-password'
             output = super(NewPasswordInput, self).render(
                     name, value, attrs=attrs, renderer=renderer)
             output = super(NewPasswordInput, self).render(name, value, attrs=attrs, renderer=renderer)
             if attrs:
                 _id = attrs.get('id')
                 if _id:
-...
             if attrs is None:
                 attrs = {}
             attrs['autocomplete'] = 'new-password'
             output = super(CheckPasswordInput, self).render(
                     name, value, attrs=attrs, renderer=renderer)
             output = super(CheckPasswordInput, self).render(name, value, attrs=attrs, renderer=renderer)
             if attrs:
                 _id = attrs.get('id')
                 if _id and _id.endswith('2'):
-...
             self.attrs.update({'list': self.name})
         def render(self, name, value, attrs=None, renderer=None):
             output = super(DatalistTextInput, self).render(
                     name, value, attrs=attrs, renderer=renderer)
             output = super(DatalistTextInput, self).render(name, value, attrs=attrs, renderer=renderer)
             datalist = '<datalist id="%s">' % self.name
             for element in self.data:
                 datalist += '<option value="%s">' % element
-...
         def media(self):
             if app_settings.A2_SUGGESTED_EMAIL_DOMAINS:
                 return forms.Media(
                     js = (
                     js=(
                         xstatic('jquery', 'jquery.min.js'),
                         'authentic2/js/email_domains_suggestions.js',
+                    )
+                )
         def get_context(self, *args, **kwargs):
             context = super(EmailInput, self).get_context(*args, **kwargs)
             if app_settings.A2_SUGGESTED_EMAIL_DOMAINS:
                 context['widget']['attrs']['data-suggested-domains'] = ':'.join(app_settings.A2_SUGGESTED_EMAIL_DOMAINS)
                 context['widget']['attrs']['data-suggested-domains'] = ':'.join(
                     app_settings.A2_SUGGESTED_EMAIL_DOMAINS
+                )
                 context['domains_suggested'] = True
             return context

         """
         Secure password hashing using the algorithm used by Drupal 7 (recommended)
         """
         algorithm = "drupal7_sha512"
         iterations = 10000
         digest = hashlib.sha512
-...
             while i < count:
                 value = v[i]
                 i += 1
                 out += self.i64toa(value & 0x3f)
                 out += self.i64toa(value & 0x3F)
                 if i < count:
                     value |= v[i] << 8
                 out += self.i64toa((value >> 6) & 0x3f)
                 out += self.i64toa((value >> 6) & 0x3F)
                 if i == count:
                     break
                 i += 1
                 if i < count:
                     value |= v[i] << 16
                 out += self.i64toa((value >> 12) & 0x3f)
                 out += self.i64toa((value >> 12) & 0x3F)
                 if i == count:
                     break
                 i += 1
                 out += self.i64toa((value >> 18) & 0x3f)
                 out += self.i64toa((value >> 18) & 0x3F)
             return out
         def from_drupal(self, encoded):
-...
         def safe_summary(self, encoded):
             algorithm, iterations, salt, hash = encoded.split('$', 3)
             assert algorithm == self.algorithm
             return OrderedDict([
                 (_('algorithm'), algorithm),
                 (_('iterations'), iterations),
                 (_('salt'), hashers.mask_hash(salt)),
                 (_('hash'), hashers.mask_hash(hash)),
             ])
             return OrderedDict(
+                [
                     (_('algorithm'), algorithm),
                     (_('iterations'), iterations),
                     (_('salt'), hashers.mask_hash(salt)),
                     (_('hash'), hashers.mask_hash(hash)),
+                ]
+            )
     class CommonPasswordHasher(hashers.BasePasswordHasher):
         """
         The Salted MD5 password hashing algorithm (not recommended)
         """
         algorithm = None
         digest = None
-...
         def safe_summary(self, encoded):
             algorithm, salt, hash = encoded.split('$', 2)
             assert algorithm == self.algorithm
             return OrderedDict([
                 (_('algorithm'), algorithm),
                 (_('salt'), hashers.mask_hash(salt, show=2)),
                 (_('hash'), hashers.mask_hash(hash)),
             ])
             return OrderedDict(
+                [
                     (_('algorithm'), algorithm),
                     (_('salt'), hashers.mask_hash(salt, show=2)),
                     (_('hash'), hashers.mask_hash(hash)),
+                ]
+            )
     OPENLDAP_ALGO_MAPPING = {
         'SHA': (
             'sha-oldap',
 ,
             True
         ),
         'SSHA': (
             'ssha-oldap',
 ,
             True
         ),
         'MD5': (
             'md5-oldap',
 ,
             True
         ),
         'SMD5': (
             'md5-oldap',
 ,
             True
         ),
         'SHA': ('sha-oldap', 0, True),
         'SSHA': ('ssha-oldap', 20, True),
         'MD5': ('md5-oldap', 0, True),
         'SMD5': ('md5-oldap', 16, True),
+    }
-...
             # throw away the prefix
             if data.startswith(self._prefix):
                 data = data[len(self._prefix):]
                 data = data[len(self._prefix) :]
             # extract salt from encoded data
             intermediate = base64.b64decode(data)
-...
         def safe_summary(self, encoded):
             algorithm, hash = encoded.split('$', 1)
             assert algorithm == self.algorithm
             return OrderedDict([
                 (_('algorithm'), algorithm),
                 (_('hash'), hashers.mask_hash(hash)),
             ])
             return OrderedDict(
+                [
                     (_('algorithm'), algorithm),
                     (_('hash'), hashers.mask_hash(hash)),
+                ]
+            )

     @decorators.GlobalCache
     def get_hooks(hook_name):
         '''Return a list of defined hook named a2_hook<hook_name> on AppConfig classes of installed
            Django applications.
         """Return a list of defined hook named a2_hook<hook_name> on AppConfig classes of installed
         Django applications.
            Ordering of hooks can be defined using an orer field on the hook method.
         '''
         Ordering of hooks can be defined using an orer field on the hook method.
         """
         hooks = []
         for app in apps.get_app_configs():
             name = 'a2_hook_' + hook_name

     @login_required
     def consent_federation(request, nonce='', provider_id=None):
         '''On a GET produce a form asking for consentment,
            On a POST handle the form and redirect to next'''
         """On a GET produce a form asking for consentment,
         On a POST handle the form and redirect to next"""
         if request.method == "GET":
             return render(
                 request, 'interaction/consent_federation.html',
                 request,
                 'interaction/consent_federation.html',
+                {
                     'provider_id': request.GET.get('provider_id', ''),
                     'nonce': request.GET.get('nonce', ''),
                     'next': request.GET.get('next', '')
                 })
                     'next': request.GET.get('next', ''),
                 },
+            )
         else:
             next_url = '/'
             if 'next' in request.POST:

             migrations.CreateModel(
                 name='AttributePolicy',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('name', models.CharField(unique=True, max_length=100)),
                     ('enabled', models.BooleanField(default=False, verbose_name='Enabled')),
                     ('ask_consent_attributes', models.BooleanField(default=True, verbose_name='Ask the user consent before forwarding attributes')),
                     ('allow_attributes_selection', models.BooleanField(default=True, verbose_name='Allow the user to select the forwarding attributes')),
                     ('forward_attributes_from_push_sources', models.BooleanField(default=False, verbose_name='Forward pushed attributes')),
                     ('map_attributes_from_push_sources', models.BooleanField(default=False, verbose_name='Map forwarded pushed attributes')),
                     ('output_name_format', models.CharField(default=('urn:oasis:names:tc:SAML:2.0:attrname-format:uri', 'SAMLv2 URI'), max_length=100, verbose_name='Output name format', choices=[('urn:oasis:names:tc:SAML:2.0:attrname-format:uri', 'SAMLv2 URI'), ('urn:oasis:names:tc:SAML:2.0:attrname-format:basic', 'SAMLv2 BASIC')])),
                     ('output_namespace', models.CharField(default=('Default', 'Default'), max_length=100, verbose_name='Output namespace', choices=[('Default', 'Default'), ('http://schemas.xmlsoap.org/ws/2005/05/identity/claims', 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims')])),
                     ('filter_source_of_filtered_attributes', models.BooleanField(default=False, verbose_name='Filter by source and per attribute the forwarded pushed attributes')),
                     ('map_attributes_of_filtered_attributes', models.BooleanField(default=False, verbose_name='Map filtered attributes')),
                     ('send_error_and_no_attrs_if_missing_required_attrs', models.BooleanField(default=False, verbose_name='Send an error when a required attribute is missing')),
                     ('attribute_filter_for_sso_from_push_sources', models.ForeignKey(related_name='filter attributes of push sources with list', verbose_name='Filter by attribute names the forwarded pushed attributes', blank=True, to='attribute_aggregator.AttributeList', null=True, on_delete=models.CASCADE)),
                     ('attribute_list_for_sso_from_pull_sources', models.ForeignKey(related_name='attributes from pull sources', verbose_name='Pull attributes list', blank=True, to='attribute_aggregator.AttributeList', null=True, on_delete=models.CASCADE)),
                     ('source_filter_for_sso_from_push_sources', models.ManyToManyField(related_name='filter attributes of push sources with sources', null=True, verbose_name='Filter by source the forwarded pushed attributes', to='attribute_aggregator.AttributeSource', blank=True)),
+                    (
                         'ask_consent_attributes',
                         models.BooleanField(
                             default=True, verbose_name='Ask the user consent before forwarding attributes'
                         ),
                     ),
+                    (
                         'allow_attributes_selection',
                         models.BooleanField(
                             default=True, verbose_name='Allow the user to select the forwarding attributes'
                         ),
                     ),
+                    (
                         'forward_attributes_from_push_sources',
                         models.BooleanField(default=False, verbose_name='Forward pushed attributes'),
                     ),
+                    (
                         'map_attributes_from_push_sources',
                         models.BooleanField(default=False, verbose_name='Map forwarded pushed attributes'),
                     ),
+                    (
                         'output_name_format',
                         models.CharField(
                             default=('urn:oasis:names:tc:SAML:2.0:attrname-format:uri', 'SAMLv2 URI'),
                             max_length=100,
                             verbose_name='Output name format',
                             choices=[
                                 ('urn:oasis:names:tc:SAML:2.0:attrname-format:uri', 'SAMLv2 URI'),
                                 ('urn:oasis:names:tc:SAML:2.0:attrname-format:basic', 'SAMLv2 BASIC'),
                             ],
                         ),
                     ),
+                    (
                         'output_namespace',
                         models.CharField(
                             default=('Default', 'Default'),
                             max_length=100,
                             verbose_name='Output namespace',
                             choices=[
                                 ('Default', 'Default'),
+                                (
                                     'http://schemas.xmlsoap.org/ws/2005/05/identity/claims',
                                     'http://schemas.xmlsoap.org/ws/2005/05/identity/claims',
                                 ),
                             ],
                         ),
                     ),
+                    (
                         'filter_source_of_filtered_attributes',
                         models.BooleanField(
                             default=False,
                             verbose_name='Filter by source and per attribute the forwarded pushed attributes',
                         ),
                     ),
+                    (
                         'map_attributes_of_filtered_attributes',
                         models.BooleanField(default=False, verbose_name='Map filtered attributes'),
                     ),
+                    (
                         'send_error_and_no_attrs_if_missing_required_attrs',
                         models.BooleanField(
                             default=False, verbose_name='Send an error when a required attribute is missing'
                         ),
                     ),
+                    (
                         'attribute_filter_for_sso_from_push_sources',
                         models.ForeignKey(
                             related_name='filter attributes of push sources with list',
                             verbose_name='Filter by attribute names the forwarded pushed attributes',
                             blank=True,
                             to='attribute_aggregator.AttributeList',
                             null=True,
                             on_delete=models.CASCADE,
                         ),
                     ),
+                    (
                         'attribute_list_for_sso_from_pull_sources',
                         models.ForeignKey(
                             related_name='attributes from pull sources',
                             verbose_name='Pull attributes list',
                             blank=True,
                             to='attribute_aggregator.AttributeList',
                             null=True,
                             on_delete=models.CASCADE,
                         ),
                     ),
+                    (
                         'source_filter_for_sso_from_push_sources',
                         models.ManyToManyField(
                             related_name='filter attributes of push sources with sources',
                             null=True,
                             verbose_name='Filter by source the forwarded pushed attributes',
                             to='attribute_aggregator.AttributeSource',
                             blank=True,
                         ),
                     ),
                 ],
                 options={
                     'verbose_name': 'attribute policy',

             migrations.AlterField(
                 model_name='attributepolicy',
                 name='attribute_filter_for_sso_from_push_sources',
                 field=models.ForeignKey(related_name='+', verbose_name='Filter by attribute names the forwarded pushed attributes', blank=True, to='attribute_aggregator.AttributeList', null=True, on_delete=models.CASCADE),
                 field=models.ForeignKey(
                     related_name='+',
                     verbose_name='Filter by attribute names the forwarded pushed attributes',
                     blank=True,
                     to='attribute_aggregator.AttributeList',
                     null=True,
                     on_delete=models.CASCADE,
                 ),
             ),
             migrations.AlterField(
                 model_name='attributepolicy',
                 name='attribute_list_for_sso_from_pull_sources',
                 field=models.ForeignKey(related_name='+', verbose_name='Pull attributes list', blank=True, to='attribute_aggregator.AttributeList', null=True, on_delete=models.CASCADE),
                 field=models.ForeignKey(
                     related_name='+',
                     verbose_name='Pull attributes list',
                     blank=True,
                     to='attribute_aggregator.AttributeList',
                     null=True,
                     on_delete=models.CASCADE,
                 ),
             ),
             migrations.AlterField(
                 model_name='attributepolicy',
                 name='source_filter_for_sso_from_push_sources',
                 field=models.ManyToManyField(to='attribute_aggregator.AttributeSource', verbose_name='Filter by source the forwarded pushed attributes', blank=True),
                 field=models.ManyToManyField(
                     to='attribute_aggregator.AttributeSource',
                     verbose_name='Filter by source the forwarded pushed attributes',
                     blank=True,
                 ),
             ),
+        ]

     class Plugin(object):
         def check_origin(self, request, origin):
             from authentic2.cors import make_origin
             from authentic2.saml.models import LibertySession
             for session in LibertySession.objects.filter(
                     django_session_key=request.session.session_key):
             for session in LibertySession.objects.filter(django_session_key=request.session.session_key):
                 provider_origin = make_origin(session.provider_id)
                 if origin == provider_origin:
                     return True
-...
     def check_authentic2_config(app_configs, **kwargs):
         from . import app_settings
         errors = []
         if (not settings.DEBUG
                 and app_settings.ENABLE
                 and (app_settings.is_default('SIGNATURE_PUBLIC_KEY')
                      or app_settings.is_default('SIGNATURE_PRIVATE_KEY'))):
         if (
             not settings.DEBUG
             and app_settings.ENABLE
             and (
                 app_settings.is_default('SIGNATURE_PUBLIC_KEY')
                 or app_settings.is_default('SIGNATURE_PRIVATE_KEY')
+            )
         ):
             errors.append(
                 Warning(
                     'You should not use default SAML keys in production',
                     hint='Generate new RSA keys and change the value of '
                          'A2_IDP_SAML2_SIGNATURE_PUBLIC_KEY and '
                          'A2_IDP_SAML2_SIGNATURE_PRIVATE_KEY in your setting file',
                     'A2_IDP_SAML2_SIGNATURE_PUBLIC_KEY and '
                     'A2_IDP_SAML2_SIGNATURE_PRIVATE_KEY in your setting file',
+                )
+            )
         return errors
     check_authentic2_config = register(Tags.security, deploy=True)(check_authentic2_config)

         def _setting(self, name, dflt):
             from django.conf import settings
             return getattr(settings, name, dflt)
         def _setting_with_prefix(self, name, dflt):
-...
         @property
         def ENABLE(self):
             return self._setting_with_prefix('ENABLE',
                                              self._setting('IDP_SAML2',
                                                            self.__DEFAULTS['ENABLE']))
             return self._setting_with_prefix('ENABLE', self._setting('IDP_SAML2', self.__DEFAULTS['ENABLE']))
         @property
         def SIGNATURE_PUBLIC_KEY(self):
             return self._setting_with_prefix('SIGNATURE_PUBLIC_KEY',
                                              self._setting('SAML_SIGNATURE_PUBLIC_KEY',
                                                            self.__DEFAULTS['SIGNATURE_PUBLIC_KEY']))
             return self._setting_with_prefix(
                 'SIGNATURE_PUBLIC_KEY',
                 self._setting('SAML_SIGNATURE_PUBLIC_KEY', self.__DEFAULTS['SIGNATURE_PUBLIC_KEY']),
+            )
         @property
         def SIGNATURE_PRIVATE_KEY(self):
             return self._setting_with_prefix('SIGNATURE_PRIVATE_KEY',
                                              self._setting('SAML_SIGNATURE_PRIVATE_KEY',
                                                            self.__DEFAULTS['SIGNATURE_PRIVATE_KEY']))
             return self._setting_with_prefix(
                 'SIGNATURE_PRIVATE_KEY',
                 self._setting('SAML_SIGNATURE_PRIVATE_KEY', self.__DEFAULTS['SIGNATURE_PRIVATE_KEY']),
+            )
         @property
         def AUTHN_CONTEXT_FROM_SESSION(self):
             return self._setting_with_prefix('AUTHN_CONTEXT_FROM_SESSION',
                                              self._setting('IDP_SAML2_AUTHN_CONTEXT_FROM_SESSION',
                                                            self.__DEFAULTS['AUTHN_CONTEXT_FROM_SESSION']))
             return self._setting_with_prefix(
                 'AUTHN_CONTEXT_FROM_SESSION',
                 self._setting(
                     'IDP_SAML2_AUTHN_CONTEXT_FROM_SESSION', self.__DEFAULTS['AUTHN_CONTEXT_FROM_SESSION']
                 ),
+            )
         def is_default(self, name):
             return getattr(self, name) == self.__DEFAULTS[name]
-...
                 raise AttributeError(name)
             return self._setting_with_prefix(name, self.__DEFAULTS[name])
     # Ugly? Guido recommends this himself ...
     # http://mail.python.org/pipermail/python-ideas/2012-May/014969.html
     app_settings = AppSettings('A2_IDP_SAML2_')

             q = models.LibertyServiceProvider.objects.all()
             q = q.filter(
                 Q(liberty_provider__authorized_roles__isnull=True)
                 | Q(liberty_provider__authorized_roles__in=request.user.roles_and_parents()))
                 | Q(liberty_provider__authorized_roles__in=request.user.roles_and_parents())
+            )
             ls = []
             sessions = models.LibertySession.objects.filter(
                 django_session_key=request.session.session_key)
             sessions = models.LibertySession.objects.filter(django_session_key=request.session.session_key)
             sessions_eids = set(session.provider_id for session in sessions)
             all_policy = common.get_sp_options_policy_all()
             default_policy = common.get_sp_options_policy_default()
-...
                 queries.append(q)
                 queries.append(q.filter(liberty_provider__entity_id__in=sessions_eids))
             else:
                 queries.append(q.filter(
                     sp_options_policy__enabled=True,
                     sp_options_policy__idp_initiated_sso=True))
                 queries.append(
                     q.filter(sp_options_policy__enabled=True, sp_options_policy__idp_initiated_sso=True)
+                )
                 queries.append(
                     q.filter(
                         sp_options_policy__enabled=True,
                         sp_options_policy__accept_slo=True,
                         liberty_provider__entity_id__in=sessions_eids))
                         liberty_provider__entity_id__in=sessions_eids,
+                    )
+                )
                 if default_policy and default_policy.idp_initiated_sso:
                     queries.append(
                         q.filter(
                             sp_options_policy__isnull=True))
                     queries.append(q.filter(sp_options_policy__isnull=True))
                 if default_policy and default_policy.accept_slo:
                     queries.append(
                         q.filter(
                             sp_options_policy__isnull=True,
                             liberty_provider__entity_id__in=sessions_eids))
                         q.filter(sp_options_policy__isnull=True, liberty_provider__entity_id__in=sessions_eids)
+                    )
             qs = six.moves.reduce(operator.__or__, queries)
             # do some prefetching
             qs = qs.prefetch_related('liberty_provider')
-...
                 liberty_provider = service_provider.liberty_provider
                 if all_policy:
                     policy = all_policy
                 elif (service_provider.enable_following_sp_options_policy
                         and service_provider.sp_options_policy):
                 elif service_provider.enable_following_sp_options_policy and service_provider.sp_options_policy:
                     policy = service_provider.sp_options_policy
                 else:
                     policy = default_policy
-...
                     protocol = 'saml2'
                     if policy.idp_initiated_sso:
                         actions.append(
+                            (
                                 _('Login'), 'POST',
                                 '/idp/%s/idp_sso/' % protocol,
+                                (
                                     ('provider_id', entity_id),
+                                )
+                            )
                             (_('Login'), 'POST', '/idp/%s/idp_sso/' % protocol, (('provider_id', entity_id),))
+                        )
                     if policy.accept_slo and entity_id in sessions_eids:
                         actions.append(
+                            (
                                 _('Logout'), 'POST',
                                 '/idp/%s/idp_slo/' % protocol,
+                                (
                                     ('provider_id', entity_id),
+                                )
+                            )
                             (_('Logout'), 'POST', '/idp/%s/idp_slo/' % protocol, (('provider_id', entity_id),))
+                        )
                     if actions:
                         ls.append(
                             Service(url=None, name=liberty_provider.name, actions=actions))
                         ls.append(Service(url=None, name=liberty_provider.name, actions=actions))
             return ls
         def logout_list(self, request):
             all_sessions = models.LibertySession.objects.filter(
                 django_session_key=request.session.session_key)
             all_sessions = models.LibertySession.objects.filter(django_session_key=request.session.session_key)
             self.logger.debug("all_sessions %r" % all_sessions)
             provider_ids = set([s.provider_id for s in all_sessions])
             self.logger.debug("provider_ids %r" % provider_ids)
-...
                         url = reverse(saml2_endpoints.idp_slo, args=[provider_id])
                         # add a nonce so this link is never cached
                         nonce = hex(random.getrandbits(128))
                         url = '{0}?provider_id={1}&nonce={2}'.format(
                             url, quote(provider_id), nonce)
                         url = '{0}?provider_id={1}&nonce={2}'.format(url, quote(provider_id), nonce)
                         name = name or provider_id
                         code = render_to_string('idp/saml/logout_fragment.html', {
                             'needs_iframe': policy.needs_iframe_logout,
                             'name': name, 'url': url,
                             'iframe_timeout': policy.iframe_logout_timeout})
                         code = render_to_string(
                             'idp/saml/logout_fragment.html',
+                            {
                                 'needs_iframe': policy.needs_iframe_logout,
                                 'name': name,
                                 'url': url,
                                 'iframe_timeout': policy.iframe_logout_timeout,
                             },
+                        )
                         result.append(code)
             return result
-...
                 return ()
             user = request.user
             links = []
             qs = models.LibertyFederation.objects.filter(
                 user=user,
                 sp__isnull=False)
             qs = models.LibertyFederation.objects.filter(user=user, sp__isnull=False)
             qs = qs.select_related('sp')
             for federation in qs:
                 links.append(
                     (federation.sp.liberty_provider, federation.name_id_content)
+                )
                 links.append((federation.sp.liberty_provider, federation.name_id_content))
             return links
         def can_synchronous_logout(self, django_sessions_keys):
-...
                     'hidden_inputs': {
                         'next': next_url,
                     },
                     'buttons': (
                         ('delete', _('Delete')),
                     ),
                     'buttons': (('delete', _('Delete')),),
                     'url': url,
+                }
             qs = models.LibertyProvider.objects
             qs = qs.filter(service_provider__users_can_manage_federations=True)
             qs = qs.exclude(service_provider__libertyfederation__in=federations)
             qs = qs.filter(Q(authorized_roles__isnull=True)
                            | Q(authorized_roles__in=request.user.roles_and_parents()))
             qs = qs.filter(
                 Q(authorized_roles__isnull=True) | Q(authorized_roles__in=request.user.roles_and_parents())
+            )
             qs = qs.select_related()
             for liberty_provider in qs:
                 url = reverse('a2-idp-saml2-idp-sso')
-...
                         'provider_id': liberty_provider.entity_id,
                         'next': next_url,
                     },
                     'buttons': (
                         ('create', _('Create')),
                     ),
                     'buttons': (('create', _('Create')),),
                     'url': url,
+                }

     from django.contrib.auth import get_user_model
     from django.contrib.auth.decorators import login_required
     from django.core.exceptions import ObjectDoesNotExist
     from django.http import HttpResponse, HttpResponseRedirect, \
         HttpResponseForbidden, HttpResponseBadRequest
     from django.http import HttpResponse, HttpResponseRedirect, HttpResponseForbidden, HttpResponseBadRequest
     from django.utils import six
     from django.utils.translation import ugettext as _, ugettext_noop as N_
     from django.views.decorators.csrf import csrf_exempt
-...
     import authentic2.views as a2_views
     from authentic2.saml.models import (
         LibertyArtifact, LibertySession, LibertyFederation, nameid2kwargs,
         saml2_urn_to_nidformat, nidformat_to_saml2_urn, save_key_values,
         get_and_delete_key_values, LibertyProvider, LibertyServiceProvider,
         SAMLAttribute, NAME_ID_FORMATS)
     from authentic2.saml.common import redirect_next, asynchronous_bindings, \
         soap_bindings, load_provider, get_saml2_request_message, \
         error_page, set_saml2_response_responder_status_code, \
         AUTHENTIC_STATUS_CODE_MISSING_DESTINATION, \
         load_federation, \
         return_saml2_response, \
         get_soap_message, soap_fault, return_saml_soap_response, \
         AUTHENTIC_STATUS_CODE_UNKNOWN_PROVIDER, \
         AUTHENTIC_STATUS_CODE_MISSING_NAMEID, \
         AUTHENTIC_STATUS_CODE_MISSING_SESSION_INDEX, \
         AUTHENTIC_STATUS_CODE_UNKNOWN_SESSION, \
         AUTHENTIC_STATUS_CODE_INTERNAL_SERVER_ERROR, \
         AUTHENTIC_STATUS_CODE_UNAUTHORIZED, \
         send_soap_request, get_saml2_query_request, \
         get_saml2_request_message_async_binding, create_saml2_server, \
         get_saml2_metadata, get_sp_options_policy, \
         get_entity_id, AUTHENTIC_SAME_ID_SENTINEL
         LibertyArtifact,
         LibertySession,
         LibertyFederation,
         nameid2kwargs,
         saml2_urn_to_nidformat,
         nidformat_to_saml2_urn,
         save_key_values,
         get_and_delete_key_values,
         LibertyProvider,
         LibertyServiceProvider,
         SAMLAttribute,
         NAME_ID_FORMATS,
+    )
     from authentic2.saml.common import (
         redirect_next,
         asynchronous_bindings,
         soap_bindings,
         load_provider,
         get_saml2_request_message,
         error_page,
         set_saml2_response_responder_status_code,
         AUTHENTIC_STATUS_CODE_MISSING_DESTINATION,
         load_federation,
         return_saml2_response,
         get_soap_message,
         soap_fault,
         return_saml_soap_response,
         AUTHENTIC_STATUS_CODE_UNKNOWN_PROVIDER,
         AUTHENTIC_STATUS_CODE_MISSING_NAMEID,
         AUTHENTIC_STATUS_CODE_MISSING_SESSION_INDEX,
         AUTHENTIC_STATUS_CODE_UNKNOWN_SESSION,
         AUTHENTIC_STATUS_CODE_INTERNAL_SERVER_ERROR,
         AUTHENTIC_STATUS_CODE_UNAUTHORIZED,
         send_soap_request,
         get_saml2_query_request,
         get_saml2_request_message_async_binding,
         create_saml2_server,
         get_saml2_metadata,
         get_sp_options_policy,
         get_entity_id,
         AUTHENTIC_SAME_ID_SENTINEL,
+    )
     import authentic2.saml.saml2utils as saml2utils
     from authentic2.idp.saml.common import kill_django_sessions
     from authentic2.constants import NONCE_FIELD_NAME
-...
     from authentic2.idp import signals as idp_signals
     from authentic2.utils import (
         make_url, get_backends as get_idp_backends, login_require,
         find_authentication_event, datetime_to_xs_datetime)
         make_url,
         get_backends as get_idp_backends,
         login_require,
         find_authentication_event,
         datetime_to_xs_datetime,
+    )
     from authentic2 import utils
     from authentic2.attributes_ng.engine import get_attributes
     from authentic2 import hooks
-...
         alphabet = string.ascii_letters + string.digits
         return '_' + ''.join(random.SystemRandom().choice(alphabet) for i in range(20))
     metadata_map = (
         (saml2utils.Saml2Metadata.SINGLE_SIGN_ON_SERVICE, asynchronous_bindings, '/sso'),
         (saml2utils.Saml2Metadata.SINGLE_LOGOUT_SERVICE, asynchronous_bindings, '/slo', '/slo_return'),
         (saml2utils.Saml2Metadata.SINGLE_LOGOUT_SERVICE, soap_bindings, '/slo/soap'),
         (saml2utils.Saml2Metadata.ARTIFACT_RESOLUTION_SERVICE, lasso.SAML2_METADATA_BINDING_SOAP, '/artifact')
         (saml2utils.Saml2Metadata.ARTIFACT_RESOLUTION_SERVICE, lasso.SAML2_METADATA_BINDING_SOAP, '/artifact'),
+    )
-...
     def log_assert(func, exception_classes=(AssertionError,)):
         '''Convert assertion errors to warning logs and report them to the user
            through the messages framework.
         """Convert assertion errors to warning logs and report them to the user
         through the messages framework.
         Returns a redirect to homepage or the `next` query parameter.
         """
            Returns a redirect to homepage or the `next` query parameter.
         '''
         @wraps(func)
         def f(request, *args, **kwargs):
             try:
                 return func(request, *args, **kwargs)
             except exception_classes as e:
                 return error_redirect(request, str(e))
         return f
     #####
     # SSO
     #####
-...
         lib_session = LibertySession(
             provider_id=login.remoteProviderId,
             saml2_assertion=login.assertion,
             django_session_key=request.session.session_key)
             django_session_key=request.session.session_key,
+        )
         lib_session.save()
     def fill_assertion(request, saml_request, assertion, provider_id, nid_format):
         '''Stuff an assertion with information extracted from the user record
         """Stuff an assertion with information extracted from the user record
            and from the session, and eventually from transactions linked to the
            request, i.e. a login event or a consent event.
-...
         # to the request id
         # TODO: use information from the consent event to specialize release of
         # attributes (user only authorized to give its email for email)
            '''
         """
         assert nid_format in NAME_ID_FORMATS
         logger.debug('initializing assertion %s', assertion.id)
-...
         if attribute_value is None:
             return None
         keys = [
             force_bytes(salt),
             force_bytes(provider.entity_id),
             force_bytes(attribute_value)
+        ]
         keys = [force_bytes(salt), force_bytes(provider.entity_id), force_bytes(attribute_value)]
         return '_' + hashlib.sha256(b''.join(keys)).hexdigest().upper()
-...
             # sequence from lasso are always tuple, so convert to list
             attributes[(name, name_format)] = attribute, list(attribute.attributeValue)
             for atv in attribute.attributeValue:
                 if atv.any and len(atv.any) == 1 and isinstance(atv.any[0], lasso.MiscTextNode) and \
                         atv.any[0].textChild:
                 if (
                     atv.any
                     and len(atv.any) == 1
                     and isinstance(atv.any[0], lasso.MiscTextNode)
                     and atv.any[0].textChild
                 ):
                     seen.add((name, name_format, force_text(atv.any[0].content)))
         definitions = list(qs)
-...
                         name=edu_name,
                         name_format='uri',
                         attribute_name='edupersontargetedid',
                         friendly_name='eduPersonTargetedID'))
                         friendly_name='eduPersonTargetedID',
+                    )
+                )
         for definition in definitions:
             name = definition.name
-...
     def build_assertion(request, login, provider, nid_format='transient'):
         """After a successfully validated authentication request, build an
            authentication assertion
         authentication assertion
         """
         entity_id = get_entity_id(request)
         now = datetime.datetime.utcnow()
-...
                 if how == 'password':
                     authn_context = lasso.SAML2_AUTHN_CONTEXT_PASSWORD
                 elif how == 'password-on-https':
                     authn_context = \
                         lasso.SAML2_AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT
                     authn_context = lasso.SAML2_AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT
                 elif how.startswith('oath-totp'):
                     authn_context = lasso.SAML2_AUTHN_CONTEXT_TIME_SYNC_TOKEN
                 else:
-...
             now.isoformat() + 'Z',
             'unused',  # reauthenticateOnOrAfter is only for ID-FF 1.2
             notBefore.isoformat() + 'Z',
             notOnOrAfter.isoformat() + 'Z')
             notOnOrAfter.isoformat() + 'Z',
+        )
         assertion = login.assertion
         assertion.conditions.notOnOrAfter = notOnOrAfter.isoformat() + 'Z'
         # Set SessionNotOnOrAfter to expiry date of the current session, so we are sure no session on
-...
             if kwargs.get('name_id_sp_name_qualifier') == login.remoteProviderId:
                 kwargs['name_id_sp_name_qualifier'] = AUTHENTIC_SAME_ID_SENTINEL
             service_provider = LibertyServiceProvider.objects.get(
                 liberty_provider__entity_id=login.remoteProviderId)
                 liberty_provider__entity_id=login.remoteProviderId
+            )
             federation, new = LibertyFederation.objects.get_or_create(
                 sp=service_provider,
                 user=request.user,
                 **kwargs)
                 sp=service_provider, user=request.user, **kwargs
+            )
             if new:
                 logger.debug('nameID persistent, new federation')
                 federation.save()
-...
             kwargs = nameid2kwargs(login.assertion.subject.nameID)
         kwargs['entity_id'] = login.remoteProviderId
         kwargs['user'] = request.user
         logger.debug(u'sending nameID %(name_id_format)r: %(name_id_content)r to '
                      u'%(entity_id)s for user %(user)s' % kwargs)
         logger.debug(
             u'sending nameID %(name_id_format)r: %(name_id_content)r to '
             u'%(entity_id)s for user %(user)s' % kwargs
+        )
         register_new_saml2_session(request, login)
         add_attributes(request, entity_id, assertion, provider, nid_format)
         return kwargs['name_id_content']
-...
     @log_assert
     def sso(request):
         """Endpoint for receiving saml2:AuthnRequests by POST, Redirect or SOAP.
            For SOAP a session must be established previously through the login
            page. No authentication through the SOAP request is supported.
         For SOAP a session must be established previously through the login
         page. No authentication through the SOAP request is supported.
         """
         if request.method == "GET":
             logger.debug('called by GET')
-...
         message = get_saml2_request_message(request, login)
         # 1. Process the request, separate POST and GET treatment
         if not message:
             return HttpResponseForbidden('A SAMLv2 Single Sign On request need a query string',
                                          content_type='text/plain')
             return HttpResponseForbidden(
                 'A SAMLv2 Single Sign On request need a query string', content_type='text/plain'
+            )
         logger.debug('processing sso request %r', message)
         policy = None
         signed = True
-...
                 break
             except (lasso.ProfileInvalidMsgError, lasso.ProfileMissingIssuerError) as e:
                 logger.warning(
                     'invalid message for WebSSO profile with HTTP-Redirect binding: '
                     '%r exception: %s', message, e, extra={'request': request})
                     'invalid message for WebSSO profile with HTTP-Redirect binding: ' '%r exception: %s',
                     message,
                     e,
                     extra={'request': request},
+                )
                 return HttpResponseBadRequest(
                     _("SAMLv2 Single Sign On: invalid message for WebSSO profile with HTTP-Redirect "
                       "binding: %r") % message, content_type='text/plain')
                     _(
                         "SAMLv2 Single Sign On: invalid message for WebSSO profile with HTTP-Redirect "
                         "binding: %r"
+                    )
                     % message,
                     content_type='text/plain',
+                )
             except lasso.ProfileInvalidProtocolprofileError:
                 log_info_authn_request_details(login)
                 message = _(
                     "SAMLv2 Single Sign On: the request cannot be "
                     "answered because no valid protocol binding could be found")
                 logger.warning(
                     'the request cannot be answered because no valid protocol binding could be found')
                     "answered because no valid protocol binding could be found"
+                )
                 logger.warning('the request cannot be answered because no valid protocol binding could be found')
                 return HttpResponseBadRequest(message, content_type='text/plain')
             except lasso.ProviderMissingPublicKeyError as e:
                 log_info_authn_request_details(login)
-...
                 logger.warning('digital signature treatment error: %s', e)
                 login.response.status.statusMessage = 'Signature validation failed'
                 return return_login_response(request, login)
             except (lasso.ServerProviderNotFoundError,
                     lasso.ProfileUnknownProviderError):
             except (lasso.ServerProviderNotFoundError, lasso.ProfileUnknownProviderError):
                 logger.debug('processAuthnRequestMsg not successful')
                 log_info_authn_request_details(login)
                 provider_id = login.remoteProviderId
-...
+                        {
                             'entity_id': provider_id,
                             'add_url': add_url,
                         })
                         },
+                    )
                 else:
                     policy = get_sp_options_policy(provider_loaded)
                     if not policy:
                         return error_page(
                             request,
                             _('sso: No SP policy defined'),
                             logger=logger, warning=True)
                         return error_page(request, _('sso: No SP policy defined'), logger=logger, warning=True)
                     logger.debug('provider %s loaded with success', provider_id)
                 if policy.authn_request_signed:
                     verify_hint = lasso.PROFILE_SIGNATURE_VERIFY_HINT_FORCE
-...
         if signed and not check_destination(request, login.request):
             logger.warning('wrong or absent destination')
             return return_login_error(
                 request, login,
                 AUTHENTIC_STATUS_CODE_MISSING_DESTINATION)
             return return_login_error(request, login, AUTHENTIC_STATUS_CODE_MISSING_DESTINATION)
         # Check NameIDPolicy or force the NameIDPolicy
         name_id_policy = login.request.nameIdPolicy
         if (name_id_policy
                 and name_id_policy.format
                 and name_id_policy.format != lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED):
         if (
             name_id_policy
             and name_id_policy.format
             and name_id_policy.format != lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED
         ):
             logger.debug('nameID policy is %s', force_text(name_id_policy.dump()))
             nid_format = saml2_urn_to_nidformat(name_id_policy.format, accepted=policy.accepted_name_id_format)
             logger.debug('nameID format %s', nid_format)
-...
             logger.debug('default nameID format %s', default_nid_format)
             accepted_nid_format = policy.accepted_name_id_format
             logger.debug('nameID format accepted %s', accepted_nid_format)
             if (not nid_format or nid_format not in accepted_nid_format) and \
                default_nid_format != nid_format:
                 set_saml2_response_responder_status_code(login.response, lasso.SAML2_STATUS_CODE_INVALID_NAME_ID_POLICY)
             if (not nid_format or nid_format not in accepted_nid_format) and default_nid_format != nid_format:
                 set_saml2_response_responder_status_code(
                     login.response, lasso.SAML2_STATUS_CODE_INVALID_NAME_ID_POLICY
+                )
                 logger.warning('NameID format required is not accepted')
                 return finish_sso(request, login)
         else:
-...
     def need_login(request, login, nid_format, service):
         """Redirect to the login page with a nonce parameter to verify later that
            the login form was submitted
         the login form was submitted
         """
         nonce = login.request.id or get_nonce()
         save_key_values(nonce, force_text(login.dump()), False, nid_format)
         next_url = make_url(continue_sso, params={NONCE_FIELD_NAME: nonce})
         logger.debug('redirect to login page with next url %s', next_url)
         return login_require(request, next_url=next_url, params={NONCE_FIELD_NAME: nonce},
                              service=service, login_hint=get_login_hints_extension(login))
         return login_require(
             request,
             next_url=next_url,
             params={NONCE_FIELD_NAME: nonce},
             service=service,
             login_hint=get_login_hints_extension(login),
+        )
     def get_url_with_nonce(request, function, nonce):
-...
         save_key_values(nonce, force_text(login.dump()), False, nid_format)
         display_name = None
         try:
             provider = \
                 LibertyProvider.objects.get(entity_id=login.request.issuer.content)
             provider = LibertyProvider.objects.get(entity_id=login.request.issuer.content)
             display_name = provider.name
         except ObjectDoesNotExist:
             pass
         if not display_name:
             display_name = quote(login.request.issuer.content)
         url = '%s?%s=%s&next=%s&provider_id=%s' \
             % (reverse('a2-consent-federation'), NONCE_FIELD_NAME,
                 nonce, get_url_with_nonce(request, continue_sso, nonce),
                 display_name)
         url = '%s?%s=%s&next=%s&provider_id=%s' % (
             reverse('a2-consent-federation'),
             NONCE_FIELD_NAME,
             nonce,
             get_url_with_nonce(request, continue_sso, nonce),
             display_name,
+        )
         logger.debug('redirect to url %s', url)
         return HttpResponseRedirect(url)
-...
             consent_answer = request.GET.get('consent_answer', '')
             if consent_answer:
                 logger.debug('back from the consent page for federation with answer %s', consent_answer)
             consent_attribute_answer = \
                 request.GET.get('consent_attribute_answer', '')
             consent_attribute_answer = request.GET.get('consent_attribute_answer', '')
             if consent_attribute_answer:
                 logger.debug(u'back from the consent page for attributes %s', consent_attribute_answer)
         nonce = request.GET.get(NONCE_FIELD_NAME, '')
-...
         if not login:
             return error_page(request, _('continue_sso: error loading login'), logger=logger)
         if not load_provider(request, login.remoteProviderId, server=login.server, autoload=True):
             return error_page(request, _('continue_sso: unknown provider %s') % login.remoteProviderId, logger=logger)
             return error_page(
                 request, _('continue_sso: unknown provider %s') % login.remoteProviderId, logger=logger
+            )
         if 'cancel' in request.GET:
             logger.debug('login canceled')
             set_saml2_response_responder_status_code(login.response, lasso.SAML2_STATUS_CODE_REQUEST_DENIED)
-...
             login,
             consent_obtained=consent_obtained,
             consent_attribute_answer=consent_attribute_answer,
             nid_format=nid_format)
             nid_format=nid_format,
+        )
     def needs_persistence(nid_format):
-...
         element = ctree.fromstring(xml_string)
         return list(element)
     EO_NS = 'https://www.entrouvert.com/'
     LOGIN_HINT = '{%s}login-hint' % EO_NS
-...
         return hints
     def sso_after_process_request(request, login, consent_obtained=False,
                                   consent_attribute_answer=False, user=None,
                                   nid_format='transient', return_profile=False):
     def sso_after_process_request(
         request,
         login,
         consent_obtained=False,
         consent_attribute_answer=False,
         user=None,
         nid_format='transient',
         return_profile=False,
     ):
         """Common path for sso and idp_initiated_sso.
            consent_obtained: whether the user has given his consent to this
            federation
            user: the user which must be federated, if None, current user is the
            default.
         consent_obtained: whether the user has given his consent to this
         federation
         user: the user which must be federated, if None, current user is the
         default.
         """
         nonce = login.request.id
         user = user or request.user
-...
         # check if user is authorized through this service
         service = LibertyServiceProvider.objects.get(
             liberty_provider__entity_id=login.remoteProviderId).liberty_provider
             liberty_provider__entity_id=login.remoteProviderId
         ).liberty_provider
         if not passive and \
                 (user.is_anonymous or (force_authn and not did_auth)):
         if not passive and (user.is_anonymous or (force_authn and not did_auth)):
             logger.debug('login required')
             return need_login(request, login, nid_format, service)
-...
             transient = True
         decisions = idp_signals.authorize_service.send(
             sender=None,
             request=request, user=request.user,
             audience=login.remoteProviderId,
             attributes={})
             sender=None, request=request, user=request.user, audience=login.remoteProviderId, attributes={}
+        )
         logger.debug('signal authorize_service sent')
         # You don't dream. By default, access granted.
-...
         if not access_granted:
             logger.debug('access denied, return answer to the requester')
             set_saml2_response_responder_status_code(
                 login.response,
                 lasso.SAML2_STATUS_CODE_REQUEST_DENIED,
                 msg=six.text_type(dic['message']))
                 login.response, lasso.SAML2_STATUS_CODE_REQUEST_DENIED, msg=six.text_type(dic['message'])
+            )
             return finish_sso(request, login)
         provider = load_provider(request, login.remoteProviderId, server=login.server)
         if not provider:
             return error_page(
                 request,
                 _('Provider %s is unknown') % login.remoteProviderId,
                 logger=logger)
             return error_page(request, _('Provider %s is unknown') % login.remoteProviderId, logger=logger)
         saml_policy = get_sp_options_policy(provider)
         if not saml_policy:
             return error_page(request, _('No service provider policy defined'), logger=logger)
-...
         if needs_persistence(nid_format):
             try:
                 LibertyFederation.objects.get(
                     user=request.user,
                     sp__liberty_provider__entity_id=login.remoteProviderId)
                     user=request.user, sp__liberty_provider__entity_id=login.remoteProviderId
+                )
                 logger.debug('consent already given (existing federation) for %s', login.remoteProviderId)
                 consent_obtained = True
                 '''This is abusive since a federation may exist even if we have
-...
         if not consent_obtained and not transient:
             logger.debug('signal avoid_consent sent')
             avoid_consent = idp_signals.avoid_consent.send(sender=None,
                                                            request=request,
                                                            user=request.user,
                                                            audience=login.remoteProviderId)
             avoid_consent = idp_signals.avoid_consent.send(
                 sender=None, request=request, user=request.user, audience=login.remoteProviderId
+            )
             for c in avoid_consent:
                 logger.debug('avoid_consent connected to function %s', c[0].__name__)
                 if c[1] and 'avoid_consent' in c[1] and c[1]['avoid_consent']:
                     logger.debug('avoid consent by signal')
                     consent_obtained = True
                     # The user consent is bypassed by the signal
                     consent_value = \
                         'urn:oasis:names:tc:SAML:2.0:consent:unspecified'
                     consent_value = 'urn:oasis:names:tc:SAML:2.0:consent:unspecified'
         if not consent_obtained and not transient:
             logger.debug('ask the user consent now')
-...
     def save_artifact(request, login):
         '''Remember an artifact message for later retrieving'''
         LibertyArtifact(
             artifact=login.artifact,
             content=force_text(login.artifactMessage),
             provider_id=login.remoteProviderId).save()
             artifact=login.artifact, content=force_text(login.artifactMessage), provider_id=login.remoteProviderId
         ).save()
         logger.debug('artifact saved')
-...
     @never_cache
     @csrf_exempt
     def artifact(request):
         '''Resolve a SAMLv2 ArtifactResolve request
         '''
         """Resolve a SAMLv2 ArtifactResolve request"""
         soap_message = get_soap_message(request)
         server = create_server(request)
         login = lasso.Login(server)
-...
             logger.debug('resolve response %r', login.msgBody)
         except Exception:
             logger.exception('resolve error')
             return soap_fault(
                 request,
                 faultcode='soap:Server',
                 faultstring='Internal Server Error')
             return soap_fault(request, faultcode='soap:Server', faultstring='Internal Server Error')
         logger.debug('treatment ended, return answer')
         return return_saml_soap_response(login)
-...
     @csrf_exempt
     @login_required
     def idp_sso(request, provider_id=None, return_profile=False):
         '''Initiate an SSO toward provider_id without a prior AuthnRequest
         '''
         """Initiate an SSO toward provider_id without a prior AuthnRequest"""
         if not provider_id:
             provider_id = request.POST.get('provider_id')
         if not provider_id:
-...
                 return error_redirect(
                     request,
                     N_('%r tried to log as %r on %r but was forbidden'),
                     request.user, username, provider_id)
                     request.user,
                     username,
                     provider_id,
+                )
             try:
                 user = User.objects.get_by_natural_key(username=username)
             except User.DoesNotExist:
-...
         logger.debug('binding %r', binding)
         logger.debug('authentication request initialized toward provider_id %r', provider_id)
         return sso_after_process_request(request, login, consent_obtained=False,
                                          user=user, nid_format=nid_format,
                                          return_profile=return_profile)
         return sso_after_process_request(
             request,
             login,
             consent_obtained=False,
             user=user,
             nid_format=nid_format,
             return_profile=return_profile,
+        )
     @never_cache
-...
         logout = lasso.Logout.newFromDump(server, force_str(logout_dump))
         load_provider(request, logout.remoteProviderId, server=logout.server)
         # Clean all session
         all_sessions = \
             LibertySession.objects.filter(django_session_key=session_key)
         all_sessions = LibertySession.objects.filter(django_session_key=session_key)
         try:
             logout.buildResponseMsg()
         except lasso.ProfileUnknownProfileUrlError:
-...
             return redirect('auth_homepage')
         if all_sessions.exists():
             all_sessions.delete()
             set_saml2_response_responder_status_code(logout.response,
                                                      lasso.SAML2_STATUS_CODE_PARTIAL_LOGOUT)
             set_saml2_response_responder_status_code(logout.response, lasso.SAML2_STATUS_CODE_PARTIAL_LOGOUT)
             logger.warning('partial logout')
             logout.buildResponseMsg()
         provider = LibertyProvider.objects.get(entity_id=logout.remoteProviderId)
-...
         try:
             try:
                 logout.processRequestMsg(force_str(message))
             except (lasso.ServerProviderNotFoundError,
                     lasso.ProfileUnknownProviderError):
             except (lasso.ServerProviderNotFoundError, lasso.ProfileUnknownProviderError):
                 logger.debug('loading provider %s', logout.remoteProviderId)
                 p = load_provider(request, logout.remoteProviderId, server=logout.server)
                 if not p:
-...
     def get_only_last_session(issuer_id, provider_id, name_id, session_indexes):
         """Try to have a decent behaviour when receiving a logout request with
            multiple session indexes.
         multiple session indexes.
            Enumerate all emitted assertions for the given session, and for each
            provider only keep the more recent one.
         Enumerate all emitted assertions for the given session, and for each
         provider only keep the more recent one.
         """
         lib_session1 = LibertySession.get_for_nameid_and_session_indexes(issuer_id, provider_id, name_id, session_indexes)
         lib_session1 = LibertySession.get_for_nameid_and_session_indexes(
             issuer_id, provider_id, name_id, session_indexes
+        )
         django_session_keys = [s.django_session_key for s in lib_session1]
         lib_session = LibertySession.objects.filter(django_session_key__in=django_session_keys)
         providers = set([s.provider_id for s in lib_session])
-...
     def build_session_dump(liberty_sessions):
         '''Build a session dump from a list of pairs
            (provider_id,assertion_content)'''
         """Build a session dump from a list of pairs
         (provider_id,assertion_content)"""
         session = [
             u'<Session xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"'
             u' xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2">',
+        ]
         for liberty_session in liberty_sessions:
             session.append(u'<NidAndSessionIndex ProviderID="{0.provider_id}" '
                            u'AssertionID="xxx" '
                            u'SessionIndex="{0.session_index}">'.format(liberty_session))
             session.append(
                 u'<NidAndSessionIndex ProviderID="{0.provider_id}" '
                 u'AssertionID="xxx" '
                 u'SessionIndex="{0.session_index}">'.format(liberty_session)
+            )
             session.append(u'<saml:NameID Format="{0.name_id_format}" '.format(liberty_session))
             if liberty_session.name_id_qualifier:
                 session.append(u'NameQualifier="{0.name_id_qualifier}" '.format(liberty_session))
-...
     def set_session_dump_from_liberty_sessions(profile, lib_sessions):
         '''Extract all assertion from a list of lib_sessions, and create a session
         dump from them'''
         """Extract all assertion from a list of lib_sessions, and create a session
         dump from them"""
         session_dump = build_session_dump(lib_sessions)
         profile.setSessionFromDump(session_dump)
-...
             return error
         try:
             provider = \
                 LibertyProvider.objects.get(entity_id=logout.remoteProviderId)
             provider = LibertyProvider.objects.get(entity_id=logout.remoteProviderId)
         except ObjectDoesNotExist:
             logger.warning('provider %r unknown', logout.remoteProviderId)
             return return_logout_error(request, logout, AUTHENTIC_STATUS_CODE_UNAUTHORIZED)
-...
             logout.server.providerId,
             logout.remoteProviderId,
             logout.request.nameId,
             logout.request.sessionIndexes)
             logout.request.sessionIndexes,
+        )
         if not found:
             logger.debug('no third SP session found')
         else:
-...
             try:
                 logout.validateRequest()
             except lasso.LogoutUnsupportedProfileError:
                 '''
                     If one provider does not support SLO by SOAP,
                     continue with others!
                 '''
                 logger.warning('one provider does not support SOAP among %s', [s.provider_id for s in lib_sessions])
                 """
                 If one provider does not support SLO by SOAP,
                 continue with others!
                 """
                 logger.warning(
                     'one provider does not support SOAP among %s', [s.provider_id for s in lib_sessions]
+                )
             except Exception as e:
                 logger.warning('slo, unknown error %s', e)
                 logout.buildResponseMsg()
                 provider = LibertyProvider.objects.get(entity_id=logout.remoteProviderId)
                 return return_saml2_response(request, logout, title=_('You are being redirected to "%s"') % provider.name)
                 return return_saml2_response(
                     request, logout, title=_('You are being redirected to "%s"') % provider.name
+                )
             for lib_session in lib_sessions:
                 try:
                     logger.debug('slo, relaying logout to provider %s', lib_session.provider_id)
-...
     @never_cache
     @csrf_exempt
     def slo(request):
         """Endpoint for receiving SLO by POST, Redirect.
         """
         """Endpoint for receiving SLO by POST, Redirect."""
         message = get_saml2_request_message_async_binding(request)
         logout, response = process_logout_request(request, message, request.method)
         if response:
             return response
         try:
             provider = \
                 LibertyProvider.objects.get(entity_id=logout.remoteProviderId)
             provider = LibertyProvider.objects.get(entity_id=logout.remoteProviderId)
         except ObjectDoesNotExist:
             logger.debug('provider %r unknown', logout.remoteProviderId)
             return return_logout_error(request, logout, AUTHENTIC_STATUS_CODE_UNAUTHORIZED)
-...
             logger.warning('signature error %s', e)
             logout.buildResponseMsg()
             provider = LibertyProvider.objects.get(entity_id=logout.remoteProviderId)
             return return_saml2_response(request, logout, title=_('You are being redirected to "%s"') % provider.name)
             return return_saml2_response(
                 request, logout, title=_('You are being redirected to "%s"') % provider.name
+            )
         except (lasso.ProfileInvalidMsgError, lasso.ProfileMissingIssuerError):
             return error_page(request, _('Invalid logout request'), logger=logger, warning=True)
         session_indexes = logout.request.sessionIndexes
         if len(session_indexes) == 0:
             logger.warning('slo received a request from %s without any SessionIndex, it is forbidden',
                            logout.remoteProviderId)
             logger.warning(
                 'slo received a request from %s without any SessionIndex, it is forbidden',
                 logout.remoteProviderId,
+            )
             logout.buildResponseMsg()
             provider = LibertyProvider.objects.get(entity_id=logout.remoteProviderId)
             return return_saml2_response(request, logout, title=_('You are being redirected to "%s"') % provider.name)
             return return_saml2_response(
                 request, logout, title=_('You are being redirected to "%s"') % provider.name
+            )
         logger.debug('asynchronous slo from %s', logout.remoteProviderId)
         # Filter sessions
         if not logout.request.nameId:
-...
             logout.server.providerId,
             logout.remoteProviderId,
             logout.request.nameId,
             logout.request.sessionIndexes)
             logout.request.sessionIndexes,
+        )
         if not all_sessions.exists():
             logger.warning('slo refused, since no session exists with the requesting provider')
             return return_logout_error(request, logout, AUTHENTIC_STATUS_CODE_UNKNOWN_SESSION)
-...
             return return_logout_error(request, logout, AUTHENTIC_STATUS_CODE_INTERNAL_SERVER_ERROR)
         # Now clean sessions for this provider
         LibertySession.objects.filter(
             provider_id=logout.remoteProviderId,
             django_session_key=request.session.session_key).delete()
             provider_id=logout.remoteProviderId, django_session_key=request.session.session_key
         ).delete()
         # Save some values for cleaning up
         save_key_values(logout.request.id, force_text(logout.dump()), request.session.session_key)
-...
             return redirect_next(request, next) or ko_icon(request)
         lib_sessions = LibertySession.objects.filter(
             django_session_key=request.session.session_key,
             provider_id=provider_id)
             django_session_key=request.session.session_key, provider_id=provider_id
+        )
         if lib_sessions:
             logger.debug('%d lib_sessions found', lib_sessions.count())
             set_session_dump_from_liberty_sessions(logout, [lib_sessions[0]])
         try:
             logout.initRequest(provider_id, policy.http_method_for_slo_request)
         except (lasso.ProfileMissingAssertionError,
                 lasso.ProfileSessionNotFoundError):
         except (lasso.ProfileMissingAssertionError, lasso.ProfileSessionNotFoundError):
             logger.debug('slo failed because no sessions exists for %r', provider_id)
             return redirect_next(request, next) or ko_icon(request)
         if all is not None:
-...
             logger.warning('slo error: %s', e)
         else:
             LibertySession.objects.filter(
                 django_session_key=request.session.session_key,
                 provider_id=logout.remoteProviderId).delete()
                 django_session_key=request.session.session_key, provider_id=logout.remoteProviderId
             ).delete()
             logger.debug('deleted session to %s', logout.remoteProviderId)
         return redirect_next(request, next) or ok_icon(request)
-...
             return error_redirect(request, N_('slo no relay state in response'), default_url=icon_url('ko'))
         logger.debug('relay_state %r', relay_state)
         try:
             logout_dump, provider_id, next = \
                 get_and_delete_key_values(relay_state)
             logout_dump, provider_id, next = get_and_delete_key_values(relay_state)
         except KeyError:
             return error_redirect(request, N_('unknown relay state %r'), relay_state, default_url=icon_url('ko'))
         server = create_server(request)
-...
             logger.warning('failed to load provider %s', provider_id)
         return process_logout_response(request, logout, get_saml2_query_request(request), next)
     # Helpers
     # Mapping to generate the metadata file, must be kept in sync with the url
-...
     def create_server(request, provider_id=None):
         '''Build a lasso.Server object using current settings for the IdP
         """Build a lasso.Server object using current settings for the IdP
         The built lasso.Server is cached for later use it should work until
         multithreading is used, then thread local storage should be used.
         '''
         """
         options = get_options()
         __cached_server = create_saml2_server(request, idp_map=metadata_map, options=options)
         return __cached_server
-...
     def error_redirect(request, msg, *args, **kwargs):
         '''Log a warning message, register it with the messages framework, then
            redirect the user to the homepage.
         """Log a warning message, register it with the messages framework, then
         redirect the user to the homepage.
            It will redirect to Authentic2 homepage unless a next query parameter was used.
         '''
         It will redirect to Authentic2 homepage unless a next query parameter was used.
         """
         default_kwargs = {
             'log_level': logging.WARNING,
             'msg_level': messages.WARNING,

     from django.conf.urls import url
     from . import views
     from authentic2.idp.saml.saml2_endpoints import (metadata, sso, continue_sso,
                                                      slo, slo_soap, idp_slo,
                                                      slo_return, finish_slo,
                                                      artifact, idp_sso)
     from authentic2.idp.saml.saml2_endpoints import (
         metadata,
         sso,
         continue_sso,
         slo,
         slo_soap,
         idp_slo,
         slo_return,
         finish_slo,
         artifact,
         idp_sso,
+    )
     urlpatterns = [
         url(r'^metadata$', metadata, name='a2-idp-saml-metadata'),
-...
         url(r'^finish_slo$', finish_slo, name='a2-idp-saml-finish-slo'),
         url(r'^artifact$', artifact, name='a2-idp-saml-artifact'),
         # legacy endpoint, now it's prefered to pass the entity_id in a parameter
         url(r'^idp_sso/(.+)$',
             idp_sso, name='a2-idp-saml-idp-sso-named'),
         url(r'^idp_sso/$',
             idp_sso,
             name='a2-idp-saml2-idp-sso'),
         url(r'^federations/create/(?P<pk>\d+)/$',
             views.create_federation,
             name='a2-idp-saml2-federation-create'),
         url(r'^federations/(?P<pk>\d+)/delete/$',
             views.delete_federation,
             name='a2-idp-saml2-federation-delete'),
         url(r'^idp_sso/(.+)$', idp_sso, name='a2-idp-saml-idp-sso-named'),
         url(r'^idp_sso/$', idp_sso, name='a2-idp-saml2-idp-sso'),
         url(r'^federations/create/(?P<pk>\d+)/$', views.create_federation, name='a2-idp-saml2-federation-create'),
         url(r'^federations/(?P<pk>\d+)/delete/$', views.delete_federation, name='a2-idp-saml2-federation-delete'),
+    ]

             self.object = self.get_object()
             self.object.user = None
             self.object.save()
             messages.info(request, _('Federation to {0} deleted').format(
                 self.object.sp.liberty_provider.name))
             messages.info(request, _('Federation to {0} deleted').format(self.object.sp.liberty_provider.name))
             return HttpResponseRedirect(self.get_success_url())
         def get_success_url(self):

src/authentic2/idp/urls.py
18	18	from authentic2.idp.interactions import consent_federation
19	19
20	20	urlpatterns = [
21		url(r'^consent_federation', consent_federation,
22		name='a2-consent-federation'),
	21	url(r'^consent_federation', consent_federation, name='a2-consent-federation'),
23	22	]

             super().record(user=user, session=session, service=service, data={'how': how})
         @classmethod
         def get_method_statistics(cls, group_by_time, service=None, services_ou=None, users_ou=None, start=None, end=None):
         def get_method_statistics(
             cls, group_by_time, service=None, services_ou=None, users_ou=None, start=None, end=None
         ):
             if services_ou and not service:
                 service = Service.objects.filter(ou=services_ou)
-...
                 which_references=service,
                 users_ou=users_ou,
                 start=start,
                 end=end
                 end=end,
+            )
             stats = Statistics(qs, time_interval=group_by_time)

         DEFAULT_REQUEST_ID = '-'
         def filter(self, record):
             '''Add username, ip and request ID to the log record.
             """Add username, ip and request ID to the log record.
                Inspired by django-log-request-id
             '''
             Inspired by django-log-request-id
             """
             from . import middleware
             request = record.request = getattr(record, 'request', middleware.StoreRequestMiddleware.get_request())
             if not hasattr(request, 'META'):
                 record.request = None

     class SettingsLogLevel(int):
         def __new__(cls, default_log_level, debug_setting='DEBUG'):
             return super(SettingsLogLevel, cls).__new__(
                 cls, getattr(logging, default_log_level))
             return super(SettingsLogLevel, cls).__new__(cls, getattr(logging, default_log_level))
         def __init__(self, default_log_level, debug_setting='DEBUG'):
             self.debug_setting = debug_setting
-...
             level = super(DjangoLogger, self).getEffectiveLevel()
             if isinstance(level, SettingsLogLevel):
                 from django.conf import settings
                 debug = getattr(settings, level.debug_setting, False)
                 if debug:
                     return logging.DEBUG
             return level
     logging.setLoggerClass(DjangoLogger)
     class DjangoRootLogger(DjangoLogger, logging.RootLogger):
         pass
     logging.root.__class__ = DjangoRootLogger

     from authentic2 import app_settings
     from authentic2.a2_rbac.models import OrganizationalUnit as OU, Role, Permission
     try:
         from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP
     except ImportError:
-...
         help = 'Check and repair authentic2 datas'
         def add_arguments(self, parser):
             parser.add_argument('--repair', action='store_true',
                                 help='repair what\'s broken', default=False)
             parser.add_argument('--noinput', action='store_true',
                                 help='do not ask questions', default=False)
             parser.add_argument('--fake', action='store_true',
                                 help='fake repair', default=False)
             parser.add_argument('--repair', action='store_true', help='repair what\'s broken', default=False)
             parser.add_argument('--noinput', action='store_true', help='do not ask questions', default=False)
             parser.add_argument('--fake', action='store_true', help='fake repair', default=False)
             if MULTITENANT:
                 parser.add_argument('-d', '--domain', dest='domain_name',
                                     help='specify tenant domain name')
                 parser.add_argument('-d', '--domain', dest='domain_name', help='specify tenant domain name')
             for key in dir(self):
                 if not key.startswith('check_'):
                     continue
-...
                 method = getattr(self, key)
                 if callable(method) and method.__name__.startswith('check_'):
                     slug = method.__name__.replace('_', '-')
                     parser.add_argument('--no-%s' % slug,
                                         action='store_false',
                                         default=True,
                                         dest=method.__name__,
                                         help='disable check %s' % slug)
                     parser.add_argument(
                         '--no-%s' % slug,
                         action='store_false',
                         default=True,
                         dest=method.__name__,
                         help='disable check %s' % slug,
+                    )
         def handle(self, verbosity=0, repair=False, noinput=False, fake=False, domain_name=None, **options):
             self.verbosity = verbosity
-...
         @atomic
         def check_and_repair(self, options):
             for method in [
                     self.check_roles_with_lost_admin_scope,
                     self.check_duplicate_manage_members_permissions,
                     self.check_duplicate_permissions,
                     self.check_unused_permissions,
                     self.check_instance_permission_ou,
                     self.check_admin_roles_ou,
                     self.check_manager_of_roles,
                     self.check_identifiers_uniqueness,
                 self.check_roles_with_lost_admin_scope,
                 self.check_duplicate_manage_members_permissions,
                 self.check_duplicate_permissions,
                 self.check_unused_permissions,
                 self.check_instance_permission_ou,
                 self.check_admin_roles_ou,
                 self.check_manager_of_roles,
                 self.check_identifiers_uniqueness,
             ]:
                 if not options[method.__name__]:
                     continue
-...
             used_permission_ids = set()
             used_permission_ids.update(
                 Role.objects.filter(
                     admin_scope_ct=permission_ct).values_list(
                         'admin_scope_id', flat=True))
             used_permission_ids.update(
                 Role.permissions.through.objects.values_list(
                     'permission_id', flat=True))
                 Role.objects.filter(admin_scope_ct=permission_ct).values_list('admin_scope_id', flat=True)
+            )
             used_permission_ids.update(Role.permissions.through.objects.values_list('permission_id', flat=True))
             qs = Permission.objects.exclude(id__in=used_permission_ids)
             count = qs.count()
-...
             manage_members_op = get_operation(MANAGE_MEMBERS_OP)
             permissions = Permission.objects.exclude(target_ct=ct_ct).filter(operation=manage_members_op)
             targets_with_duplicates = set(
                 permissions
                 .values_list('operation_id', 'target_ct_id', 'target_id')
                 permissions.values_list('operation_id', 'target_ct_id', 'target_id')
                 .annotate(count=Count(('operation_id', 'target_ct_id', 'target_id')))
                 .filter(count__gt=1)
                 .values_list('operation_id', 'target_ct_id', 'target_id')
-...
                     for operation_id, target_ct_id, target_id in targets_with_duplicates:
                         qs = Permission.objects.filter(target_ct_id=target_ct_id, target_id=target_id)
                         for perm in qs:
                             linked_admin_role = Role.objects.get(admin_scope_ct=permission_ct, admin_scope_id=perm.id)
                         target = ContentType.objects.get_for_id(target_ct_id).model_class().objects.get(pk=target_id)
                             linked_admin_role = Role.objects.get(
                                 admin_scope_ct=permission_ct, admin_scope_id=perm.id
+                            )
                         target = (
                             ContentType.objects.get_for_id(target_ct_id).model_class().objects.get(pk=target_id)
+                        )
                         self.notice(' - %s: [%s]', target, '; '.join(map(str, qs)))
                 if self.do_repair():
                     self.notice('Deleting duplicate manage members permissions...', ending=' ')
                     for operation_id, target_ct_id, target_id in targets_with_duplicates:
                         qs = Permission.objects.filter(target_ct_id=target_ct_id, target_id=target_id).order_by('id')
                         qs = Permission.objects.filter(target_ct_id=target_ct_id, target_id=target_id).order_by(
                             'id'
+                        )
                         role_perms = []
                         for perm in qs:
                             linked_admin_role = Role.objects.filter(
                                 admin_scope_ct=permission_ct, admin_scope_id=perm.id).first()
                                 admin_scope_ct=permission_ct, admin_scope_id=perm.id
                             ).first()
                             if linked_admin_role:
                                 role_perms.append((perm, linked_admin_role))
                             else:
-...
             ct_ct = ContentType.objects.get_for_model(ContentType)
             permissions = Permission.objects.exclude(target_ct=ct_ct)
             targets_with_duplicates = set(
                 permissions
                 .values_list('operation_id', 'target_ct_id', 'target_id')
                 permissions.values_list('operation_id', 'target_ct_id', 'target_id')
                 .annotate(count=Count(('operation_id', 'target_ct_id', 'target_id')))
                 .filter(count__gt=1)
                 .values_list('operation_id', 'target_ct_id', 'target_id')
-...
                 if self.repair:
                     for operation_id, target_ct_id, target_id in targets_with_duplicates:
                         qs = Permission.objects.filter(
                             operation_id=operation_id, target_ct_id=target_ct_id, target_id=target_id)
                         target = ContentType.objects.get_for_id(target_ct_id).model_class().objects.get(pk=target_id)
                             operation_id=operation_id, target_ct_id=target_ct_id, target_id=target_id
+                        )
                         target = (
                             ContentType.objects.get_for_id(target_ct_id).model_class().objects.get(pk=target_id)
+                        )
                         self.notice(' - %s: [%s]', target, '; '.join(map(str, qs)))
                 if self.do_repair():
                     self.notice('Deleting duplicate permissions...', ending=' ')
                     for operation_id, target_ct_id, target_id in targets_with_duplicates:
                         qs = list(Permission.objects.filter(
                             operation_id=operation_id, target_ct_id=target_ct_id, target_id=target_id).order_by('id'))
                         qs = list(
                             Permission.objects.filter(
                                 operation_id=operation_id, target_ct_id=target_ct_id, target_id=target_id
                             ).order_by('id')
+                        )
                         first_perm = qs[0]
                         for perm in qs[1:]:
                             perm.delete()
-...
             for ou in OU.objects.all():
                 roles = Role.objects.exclude(admin_scope_ct=permission_ct).filter(ou=ou)
                 permissions = Permission.objects.filter(
                     operation=manage_members_op, target_ct=role_ct, target_id__in=roles.values_list('id'))
                     operation=manage_members_op, target_ct=role_ct, target_id__in=roles.values_list('id')
+                )
                 wrong_ou_roles = Role.objects.filter(
                     admin_scope_ct=permission_ct, admin_scope_id__in=permissions.values_list('id')).exclude(ou=ou)
                     admin_scope_ct=permission_ct, admin_scope_id__in=permissions.values_list('id')
                 ).exclude(ou=ou)
                 if wrong_ou_roles:
                     self.warning('Found %4d admin role with wrong ou in ou %s', wrong_ou_roles.count(), ou)
                     roles_to_fix[ou] = wrong_ou_roles
-...
             roles = Role.objects.exclude(slug__startswith='_a2-managers-of-role-')
             for role in roles:
                 manager_perms = Permission.objects.filter(operation__in=operations, target_ct=role_ct, target_id=role.id)
                 manager_perms = Permission.objects.filter(
                     operation__in=operations, target_ct=role_ct, target_id=role.id
+                )
                 manager_perms_ids = manager_perms.values_list('id', flat=True)
                 manager_roles = Role.objects.filter(slug__startswith='_a2-managers-of-role-',
                                                     admin_scope_ct=permission_ct,
                                                     admin_scope_id__in=manager_perms_ids)
                 manager_roles = Role.objects.filter(
                     slug__startswith='_a2-managers-of-role-',
                     admin_scope_ct=permission_ct,
                     admin_scope_id__in=manager_perms_ids,
+                )
                 role_shown = False
                 to_delete = []
                 to_change_ou = []
-...
                         if list(manager_roles)[0].ou != role.ou:
                             self.warning(
                                 '- "%s" detected wrong ou, should be "%s" and is "%s"',
                                 admin_role, role.ou, admin_role.ou)
                                 admin_role,
                                 role.ou,
                                 admin_role.ou,
+                            )
                             to_change_ou.append((admin_role, role.ou))
                         continue
                     add_members = set()
-...
                         direct_members = manager_role.members.all()
                         direct_members_count = direct_members.count()
                         direct_children = Role.objects.filter(
                             parent_relation__parent=manager_role,
                             parent_relation__direct=True)
                             parent_relation__parent=manager_role, parent_relation__direct=True
+                        )
                         direct_children_count = direct_children.count()
                         show = members_count or self.verbosity > 1
                         if show:
-...
                                 self.notice('- "%s" has problematic manager roles', role)
                             self.warning('  - %s', manager_role, ending=' ')
                         direct_parents = Role.objects.filter(
                             child_relation__child=manager_role,
                             child_relation__direct=True)
                             child_relation__child=manager_role, child_relation__direct=True
+                        )
                         if show:
                             self.warning('DELETE', ending=' ')
                         to_delete.append(manager_role)
-...
                 if not admin_role.admin_scope:
                     self.warning('invalid admin role "%s": no admin scope', admin_role)
                 admin_permissions = (
                     admin_role.permissions
                     .filter(operation__in=operations, target_ct=role_ct)
                     admin_role.permissions.filter(operation__in=operations, target_ct=role_ct)
                     .select_related('ou')
                     .prefetch_related('target__ou')
+                )
-...
                         self.notice(' - %s', admin_permission)
                 for admin_permission in admin_permissions:
                     if MANAGE_MEMBERS_OP and admin_permission.operation != manage_members_op:
                         self.warning('invalid admin role "%s" invalid permission "%s": not manage_members operation',
                                      admin_role, admin_permission)
                         self.warning(
                             'invalid admin role "%s" invalid permission "%s": not manage_members operation',
                             admin_role,
                             admin_permission,
+                        )
                     if not (
                             (admin_permission.target != admin_role and admin_permission == admin_role.admin_scope)
                             or (admin_permission.target == admin_role)):
                         (admin_permission.target != admin_role and admin_permission == admin_role.admin_scope)
                         or (admin_permission.target == admin_role)
                     ):
                         self.warning(
                             'invalid admin role "%s" invalid permission "%s": '
                             'not admin_scope and not self manage permission',
                             admin_role, admin_permission)
                             admin_role,
                             admin_permission,
+                        )
                     if admin_permission.ou is not None:
                         self.warning('invalid admin role "%s" invalid permission "%s": wrong ou "%s"',
                                      admin_role, admin_permission, admin_permission.ou)
                         self.warning(
                             'invalid admin role "%s" invalid permission "%s": wrong ou "%s"',
                             admin_role,
                             admin_permission,
                             admin_permission.ou,
+                        )
                         admin_permission.target.get_admin_role()
                     if admin_permission.target.ou != admin_role.ou:
                         self.warning('invalid admin role "%s" wrong ou, should be "%s" is "%s"',
                                      admin_role, admin_permission.target.ou, admin_role.ou)
                         self.warning(
                             'invalid admin role "%s" wrong ou, should be "%s" is "%s"',
                             admin_role,
                             admin_permission.target.ou,
                             admin_role.ou,
+                        )
         def duplicate_emails(self, user_qs):
             return (
                 user_qs
                 .order_by()
                 user_qs.order_by()
                 .values(iemail=Lower('email'))
                 .annotate(count_id=Count('id'))
                 .filter(count_id__gt=1)
-...
         def duplicate_username(self, user_qs):
             return (
                 user_qs
                 .order_by()
                 user_qs.order_by()
                 .values('username')
                 .exclude(Q(username__isnull=True) | Q(username=''))
                 .annotate(count_id=Count('id'))
-...
                 self.notice('  * "%s" %s ', user.get_full_name(), user, ending=' ')
                 self.notice('(created %s', localtime(user.date_joined).strftime('%Y-%m-%dT%H:%M:%S'), ending=' ')
                 if user.last_login:
                     self.notice(', last login %s', localtime(user.last_login).strftime('%Y-%m-%dT%H:%M:%S'), ending='')
                     self.notice(
                         ', last login %s', localtime(user.last_login).strftime('%Y-%m-%dT%H:%M:%S'), ending=''
+                    )
                 else:
                     self.notice(', never logged in', ending='')
                 external_ids = list(user.userexternalid_set.all())
                 if external_ids:
                     self.notice(
                         ', external-ids: %s',
                         ', '.join(external_id.source + '#' + external_id.external_id for external_id in external_ids),
                         ending='')
                         ', '.join(
                             external_id.source + '#' + external_id.external_id for external_id in external_ids
                         ),
                         ending='',
+                    )
                 self.notice(')')
         def _check_username_uniqueness(self, qs, msg):

             # exclude user from LDAP directories based on their source name (or realm)
             realms = [block['realm'] for block in LDAPBackend.get_config() if block.get('realm')]
             self.user_qs = (
                 User.objects.all()
                 .exclude(oidc_account__isnull=False)
                 .exclude(userexternalid__source__in=realms)
                 User.objects.all().exclude(oidc_account__isnull=False).exclude(userexternalid__source__in=realms)
+            )
             translation.activate(settings.LANGUAGE_CODE)
-...
                 inactive_users_to_delete = inactive_users.filter(
                     last_login__lte=self.now - deletion_delay,
                     # ensure respect of alert delay before deletion
                     last_account_deletion_alert__lte=self.now - (deletion_delay - alert_delay)
                     last_account_deletion_alert__lte=self.now - (deletion_delay - alert_delay),
+                )
                 for user in inactive_users_to_delete:
                     logger.info(
                         '%s last login more than %d days ago, deleting user', user,
                         ou.clean_unused_accounts_deletion)
                         '%s last login more than %d days ago, deleting user',
                         user,
                         ou.clean_unused_accounts_deletion,
+                    )
                     self.delete_user(user)
         def send_alert(self, user, days_to_deletion):
-...
                     def send_mail():
                         send_templated_mail(email, prefix, ctx)
                     transaction.on_commit(send_mail)
         def delete_user(self, user):

src/authentic2/management/commands/deactivate-orphaned-ldap-users.py
20	20
21	21
22	22	class Command(BaseCommand):
23
24	23	def handle(self, args, *kwargs):
25	24	LDAPBackend.deactivate_orphaned_users()

         help = 'Export site'
         def add_arguments(self, parser):
             parser.add_argument('--output', metavar='FILE', default=None,
                                 help='name of a file to write output to')
             parser.add_argument(
                 '--output', metavar='FILE', default=None, help='name of a file to write output to'
+            )
         def handle(self, *args, **options):
             if options['output']:

     def provision_contextm(dry_run, settings):
         if dry_run and 'hobo.agent.authentic2' in settings.INSTALLED_APPS:
             import hobo.agent.authentic2
             with hobo.agent.authentic2.provisionning.Provisionning():
                 yield
         else:
-...
         help = 'Import site'
         def add_arguments(self, parser):
             parser.add_argument('filename', metavar='FILENAME', type=str, help='name of file to import')
             parser.add_argument(
                 'filename', metavar='FILENAME', type=str, help='name of file to import')
             parser.add_argument(
                 '--dry-run', action='store_true', dest='dry_run',
                 help='Do not actually perform the import')
                 '--dry-run', action='store_true', dest='dry_run', help='Do not actually perform the import'
+            )
             parser.add_argument(
                 '-o', '--option', action='append', help='Import context options',
                 '-o',
                 '--option',
                 action='append',
                 help='Import context options',
                 choices=[
                     'role-delete-orphans', 'ou-delete-orphans', 'no-role-permissions-update',
                     'no-role-attributes-update', 'no-role-parentings-update'])
                     'role-delete-orphans',
                     'ou-delete-orphans',
                     'no-role-permissions-update',
                     'no-role-attributes-update',
                     'no-role-parentings-update',
                 ],
+            )
         def handle(self, filename, **options):
             translation.activate(settings.LANGUAGE_CODE)

             if self.callback:
                 m.extend(self.callback(u, dn, entry, self.options, d))
             if 'username' not in d:
                 self.log.warning('cannot load dn %s, username cannot be initialized from the field %s',
                                  dn, self.options['username'])
                 self.log.warning(
                     'cannot load dn %s, username cannot be initialized from the field %s',
                     dn,
                     self.options['username'],
+                )
                 return
             try:
                 old = User.objects.get(username=d['username'])
-...
     class ExtraAttributeAction(argparse.Action):
         def __call__(self, parser, namespace, values, option_string=None):
             ldap_attribute, django_attribute = values
             try:
-...
     class Command(BaseCommand):
         '''Load LDAP ldif file'''
         can_import_django_settings = True
         requires_system_checks = True
         help = 'Load/update LDIF files as users'
         def add_arguments(self, parser):
             parser.add_argument('ldif_file', nargs='+')
             parser.add_argument(
                 '--first-name', default='givenName', help='attribute used to set the first name')
             parser.add_argument(
                 '--last-name', default='sn', help='attribute used to set the last name')
             parser.add_argument('--first-name', default='givenName', help='attribute used to set the first name')
             parser.add_argument('--last-name', default='sn', help='attribute used to set the last name')
             parser.add_argument('--email', default='mail', help='attribute used to set the email')
             parser.add_argument('--username', default='uid', help='attribute used to set the username')
             parser.add_argument(
                 '--password', default='userPassword',
                 help='attribute to extract the password from, '
                      'OpenLDAP hashing algorithm are recognized'
                 '--password',
                 default='userPassword',
                 help='attribute to extract the password from, ' 'OpenLDAP hashing algorithm are recognized',
+            )
             parser.add_argument('--object-class', default='inetOrgPerson', help='object class of records to load')
             parser.add_argument(
                 '--object-class', default='inetOrgPerson', help='object class of records to load')
             parser.add_argument(
                 '--extra-attribute', default={}, action=ExtraAttributeAction, nargs=2,
                 help='object class of records to load'
+            )
             parser.add_argument(
                 '--result', default=None, help='file to store a JSON log of created users')
             parser.add_argument(
                 '--fake', action='store_true', help='file to store a JSON log of created users'
                 '--extra-attribute',
                 default={},
                 action=ExtraAttributeAction,
                 nargs=2,
                 help='object class of records to load',
+            )
             parser.add_argument('--result', default=None, help='file to store a JSON log of created users')
             parser.add_argument('--fake', action='store_true', help='file to store a JSON log of created users')
             parser.add_argument('--realm', default=None, help='realm for the new users')
             parser.add_argument(
                 '--callback', default=None,
                 '--callback',
                 default=None,
                 help='python file containing a function callback(user, dn, entry, options, dump)'
                      ' it can return models that will be saved'
                 ' it can return models that will be saved',
+            )
             parser.add_argument('--callback-arg', action='append', help='arguments for the callback')

         def add_arguments(self, parser):
             parser.add_argument('username', nargs='?', type=str)
             parser.add_argument(
                 '--database', action='store', dest='database',
                 default=DEFAULT_DB_ALIAS, help='Specifies the database to use. Default is "default".')
                 '--database',
                 action='store',
                 dest='database',
                 default=DEFAULT_DB_ALIAS,
                 help='Specifies the database to use. Default is "default".',
+            )
         def _get_pass(self, prompt="Password: "):
             p = getpass.getpass(prompt=prompt)
-...
                 username = getpass.getuser()
             try:
                 u = User._default_manager.using(options.get('database')).get(**{
                     User.USERNAME_FIELD: username
                 })
                 u = User._default_manager.using(options.get('database')).get(**{User.USERNAME_FIELD: username})
             except User.DoesNotExist:
                 raise CommandError("user '%s' does not exist" % username)
-...
             PasswordReset.objects.get_or_create(user=u)
             return (
                 'Password changed successfully for user "%s", on next login he '
                 'will be forced to change its password.' % u)
                 'will be forced to change its password.' % u
+            )

src/authentic2/management/commands/sync-ldap-users.py
15	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
16	16
17	17	from __future__ import print_function
	18
18	19	try:
19	20	import ldap
20	21	from ldap.filter import filter_format # noqa: F401

         def __getattr__(self, name):
             from django.conf import settings
             if name not in self.__DEFAULTS:
                 raise AttributeError
             return getattr(settings, self.__PREFIX + name, self.__DEFAULTS[name])
     app_settings = AppSettings()
     app_settings.__name__ = __name__
     sys.modules[__name__] = app_settings

             from django.db.models.signals import post_save
             from django_rbac.utils import get_ou_model
             post_save.connect(
                 self.post_save_ou,
                 sender=get_ou_model())
             post_save.connect(self.post_save_ou, sender=get_ou_model())
         def post_save_ou(self, *args, **kwargs):
             from . import utils
             utils.get_ou_count.cache.clear()

             continue
         if issubclass(cls, widgets.ModelSelect2MultipleWidget):
             cls_name = key.replace('Widget', 'Field')
             vars()[cls_name] = type(cls_name, (Select2ModelMultipleChoiceField,), {
                 'widget': cls,
             })
             vars()[cls_name] = type(
                 cls_name,
                 (Select2ModelMultipleChoiceField,),
+                {
                     'widget': cls,
                 },
+            )
         elif issubclass(cls, widgets.ModelSelect2Widget):
             cls_name = key.replace('Widget', 'Field')
             vars()[cls_name] = type(cls_name, (Select2ModelChoiceField,), {
                 'widget': cls,
             })
             vars()[cls_name] = type(
                 cls_name,
                 (Select2ModelChoiceField,),
+                {
                     'widget': cls,
                 },
+            )

                     instance.slug += str(i)
                     i += 1
             if len(instance.slug) > 256:
                 instance.slug = instance.slug[:252] + \
                     hashlib.md5(instance.slug).hexdigest()[:4]
                 instance.slug = instance.slug[:252] + hashlib.md5(instance.slug).hexdigest()[:4]
             return super(SlugMixin, self).save(commit=commit)
-...
     class LimitQuerysetFormMixin(FormWithRequest):
         '''Limit queryset of all model choice field based on the objects
            viewable by the user.
         '''
         """Limit queryset of all model choice field based on the objects
         viewable by the user.
         """
         def __init__(self, *args, **kwargs):
             super(LimitQuerysetFormMixin, self).__init__(*args, **kwargs)
             if self.request and not self.request.user.is_anonymous:
-...
     class ChoosePermissionForm(CssClass, forms.Form):
         operation = forms.ModelChoiceField(
             required=False,
             label=_('Operation'),
             queryset=Operation.objects)
         operation = forms.ModelChoiceField(required=False, label=_('Operation'), queryset=Operation.objects)
         ou = forms.ModelChoiceField(
             label=_('Organizational unit'),
             queryset=get_ou_model().objects,
             required=False)
         target = forms.ModelChoiceField(
             label=_('Target object'),
             required=False,
             queryset=ContentType.objects)
         action = forms.CharField(
             initial='add',
             required=False,
             widget=forms.HiddenInput)
             label=_('Organizational unit'), queryset=get_ou_model().objects, required=False
+        )
         target = forms.ModelChoiceField(label=_('Target object'), required=False, queryset=ContentType.objects)
         action = forms.CharField(initial='add', required=False, widget=forms.HiddenInput)
         permission = forms.ModelChoiceField(
             queryset=get_permission_model().objects,
             required=False,
             widget=forms.HiddenInput)
             queryset=get_permission_model().objects, required=False, widget=forms.HiddenInput
+        )
     class UserEditForm(LimitQuerysetFormMixin, CssClass, BaseUserForm):
-...
         class Meta:
             model = User
             exclude = ('is_staff', 'groups', 'user_permissions', 'last_login',
                        'date_joined', 'password')
             exclude = ('is_staff', 'groups', 'user_permissions', 'last_login', 'date_joined', 'password')
     class UserChangePasswordForm(CssClass, forms.ModelForm):
         error_messages = {
             'password_mismatch': _("The two password fields didn't match."),
+        }
         notification_template_prefix = \
             'authentic2/manager/change-password-notification'
         notification_template_prefix = 'authentic2/manager/change-password-notification'
         require_password = True
         def clean_password2(self):
-...
         def clean(self):
             super(UserChangePasswordForm, self).clean()
             if (self.require_password
                     and not self.cleaned_data.get('generate_password')
                     and not self.cleaned_data.get('password1')
                     and not self.cleaned_data.get('send_password_reset')):
             if (
                 self.require_password
                 and not self.cleaned_data.get('generate_password')
                 and not self.cleaned_data.get('password1')
                 and not self.cleaned_data.get('send_password_reset')
             ):
                 raise forms.ValidationError(
                     _('You must choose password generation or type a new'
                       '  one or send a password reset mail'))
             if (not self.has_email()
                     and (self.cleaned_data.get('send_mail')
                          or self.cleaned_data.get('generate_password')
                          or self.cleaned_data.get('send_password_reset'))):
                     _('You must choose password generation or type a new' '  one or send a password reset mail')
+                )
             if not self.has_email() and (
                 self.cleaned_data.get('send_mail')
                 or self.cleaned_data.get('generate_password')
                 or self.cleaned_data.get('send_password_reset')
             ):
                 raise forms.ValidationError(
                     _('User does not have a mail, we cannot send the '
                       'informations to him.'))
                     _('User does not have a mail, we cannot send the ' 'informations to him.')
+                )
         def has_email(self):
             return bool(self.instance and self.instance.email)
-...
                     send_templated_mail(
                         user,
                         self.notification_template_prefix,
                         context={'new_password': new_password, 'user': user})
                         context={'new_password': new_password, 'user': user},
+                    )
             return user
         generate_password = forms.BooleanField(
             initial=False,
             label=_('Generate new password'),
             required=False)
         password1 = NewPasswordField(
             label=_("Password"),
             required=False)
         password2 = CheckPasswordField(
             label=_("Confirmation"),
             required=False)
         send_mail = forms.BooleanField(
             initial=False,
             label=_('Send informations to user'),
             required=False)
         generate_password = forms.BooleanField(initial=False, label=_('Generate new password'), required=False)
         password1 = NewPasswordField(label=_("Password"), required=False)
         password2 = CheckPasswordField(label=_("Confirmation"), required=False)
         send_mail = forms.BooleanField(initial=False, label=_('Send informations to user'), required=False)
         class Meta:
             model = User
-...
         form_id = "id_user_add_form"
         require_password = False
         notification_template_prefix = \
             'authentic2/manager/new-account-notification'
         notification_template_prefix = 'authentic2/manager/new-account-notification'
         reset_password_at_next_login = forms.BooleanField(
             initial=False,
             label=_('Ask for password reset on next login'),
             required=False)
             initial=False, label=_('Ask for password reset on next login'), required=False
+        )
         send_password_reset = forms.BooleanField(
             initial=False,
             label=_('Send mail to user to make it choose a password'),
             required=False)
             initial=False, label=_('Send mail to user to make it choose a password'), required=False
+        )
         def __init__(self, *args, **kwargs):
             self.ou = kwargs.pop('ou', None)
-...
             has_password = (
                 self.cleaned_data.get('new_password1')
                 or self.cleaned_data.get('generate_password')
                 or self.cleaned_data.get('send_password_reset'))
                 or self.cleaned_data.get('send_password_reset')
+            )
             if (has_password
                     and not self.cleaned_data.get('username')
                     and not self.cleaned_data.get('email')):
             if has_password and not self.cleaned_data.get('username') and not self.cleaned_data.get('email'):
                 raise forms.ValidationError(
                     _('You must set a username or an email to set a password or send an activation link.'))
                     _('You must set a username or an email to set a password or send an activation link.')
+                )
             if not has_password:
                 self.instance.set_random_password()
-...
                     def save(*args, **kwargs):
                         old_save(*args, **kwargs)
                         PasswordReset.objects.get_or_create(user=user)
                     user.save = save
             if self.cleaned_data.get('send_password_reset'):
                 try:
                     send_password_reset_mail(
                         user,
                         template_names=['authentic2/manager/user_create_registration_email',
                                         'authentic2/password_reset'],
                         template_names=[
                             'authentic2/manager/user_create_registration_email',
                             'authentic2/password_reset',
                         ],
                         request=self.request,
                         next_url='/accounts/',
                         context={
                             'user': user,
                         })
                         },
+                    )
                 except smtplib.SMTPException as e:
                     logger.error(u'registration mail could not be sent to user %s created through '
                                  u'manager: %s', user, e)
                     logger.error(
                         u'registration mail could not be sent to user %s created through ' u'manager: %s', user, e
+                    )
             return user
         class Meta:
-...
     class ServiceRoleSearchForm(CssClass, PrefixFormMixin, FormWithRequest):
         prefix = 'search'
         text = forms.CharField(
             label=_('Name'),
             required=False)
         internals = forms.BooleanField(
             initial=False,
             label=_('Show internal roles'),
             required=False)
         text = forms.CharField(label=_('Name'), required=False)
         internals = forms.BooleanField(initial=False, label=_('Show internal roles'), required=False)
         def __init__(self, *args, **kwargs):
             super(ServiceRoleSearchForm, self).__init__(*args, **kwargs)
-...
                     # we were passed an explicit list of objects linked to OUs by a field named 'ou',
                     # get possible OUs from this list
                     related_query_name = self.queryset.model._meta.get_field('ou').related_query_name()
                     objects_ou_qs = get_ou_model().objects.filter(
                         **{"%s__in" % related_query_name: self.queryset}).distinct()
                     objects_ou_qs = (
                         get_ou_model().objects.filter(**{"%s__in" % related_query_name: self.queryset}).distinct()
+                    )
                     # to combine queryset with distinct, each queryset must have the distinct flag
                     self.ou_qs = (self.ou_qs.distinct() | objects_ou_qs)
                     self.ou_qs = self.ou_qs.distinct() | objects_ou_qs
                 # even if default ordering is by name on the model, we are not sure it's kept after the
                 # ORing in the previous if condition, so we sort it again.
-...
         ou_permission = 'custom_user.search_user'
         prefix = 'search'
         text = forms.CharField(
             label=_('Free text'),
             required=False)
         text = forms.CharField(label=_('Free text'), required=False)
         def __init__(self, *args, **kwargs):
             self.minimum_chars = kwargs.pop('minimum_chars', 0)
-...
     class NameSearchForm(CssClass, PrefixFormMixin, FormWithRequest):
         prefix = 'search'
         text = forms.CharField(
             label=_('Name'),
             required=False)
         text = forms.CharField(label=_('Name'), required=False)
         def filter(self, qs):
             if self.cleaned_data.get('text'):
-...
             return qs
     class RoleEditForm(SlugMixin, HideOUFieldMixin, LimitQuerysetFormMixin, CssClass,
                        forms.ModelForm):
         ou = forms.ModelChoiceField(queryset=get_ou_model().objects,
                                     required=True, label=_('Organizational unit'))
     class RoleEditForm(SlugMixin, HideOUFieldMixin, LimitQuerysetFormMixin, CssClass, forms.ModelForm):
         ou = forms.ModelChoiceField(
             queryset=get_ou_model().objects, required=True, label=_('Organizational unit')
+        )
         class Meta:
             model = get_role_model()
-...
         class Meta:
             model = get_ou_model()
             fields = (
                 'name', 'slug', 'default', 'username_is_unique', 'email_is_unique', 'validate_emails',
                 'show_username', 'user_can_reset_password', 'user_add_password_policy',
                 'clean_unused_accounts_alert', 'clean_unused_accounts_deletion'
                 'name',
                 'slug',
                 'default',
                 'username_is_unique',
                 'email_is_unique',
                 'validate_emails',
                 'show_username',
                 'user_can_reset_password',
                 'user_add_password_policy',
                 'clean_unused_accounts_alert',
                 'clean_unused_accounts_deletion',
+            )
-...
                 self.instance,
                 new_email,
                 request=self.request,
                 template_names=['authentic2/manager/user_change_email_notification'])
                 template_names=['authentic2/manager/user_change_email_notification'],
+            )
             return self.instance
         class Meta:
-...
                 self.fields['ou'].widget = forms.HiddenInput()
         ou = forms.ModelChoiceField(
             label=_('Organizational unit'),
             queryset=get_ou_model().objects,
             initial=lambda: get_default_ou().pk
             label=_('Organizational unit'), queryset=get_ou_model().objects, initial=lambda: get_default_ou().pk
+        )
-...
     class UserImportForm(forms.Form):
         import_file = forms.FileField(
             label=_('Import file'),
             help_text=_('A CSV file'))
         encoding = forms.ChoiceField(
             label=_('Encoding'),
             choices=ENCODINGS)
         ou = forms.ModelChoiceField(
             label=_('Organizational Unit'),
             queryset=OU.objects.all())
         import_file = forms.FileField(label=_('Import file'), help_text=_('A CSV file'))
         encoding = forms.ChoiceField(label=_('Encoding'), choices=ENCODINGS)
         ou = forms.ModelChoiceField(label=_('Organizational Unit'), queryset=OU.objects.all())
         @staticmethod
         def raise_validation_error(error_message):
-...
             import_file = self.cleaned_data['import_file']
             import_file.open()
             new_import = user_import.UserImport.new(
                 import_file=import_file,
                 encoding=self.cleaned_data['encoding'])
                 import_file=import_file, encoding=self.cleaned_data['encoding']
+            )
             with new_import.meta_update as meta:
                 meta['filename'] = import_file.name
                 meta['ou'] = self.cleaned_data['ou']
-...
         def clean(self):
             from authentic2.csv_import import CsvImporter
             encoding = self.cleaned_data['encoding']
             with self.user_import.import_file as fd:
                 importer = CsvImporter()

             service_name = cls.get_service_name(event)
             if context and context == user:
                 return _('deletion of authorization of single sign on with "{service}" by administrator').format(
                     service=service_name)
                     service=service_name
+                )
             elif user:
                 return _('deletion of authorization of single sign on with "{service}" of user "{user}"').format(
                     service=service_name,
-...
             references = references or []
             references = [role] + references
             data = data or {}
             data.update(
                 {'role_name': str(role), 'role_uuid': role.uuid}
+            )
             data.update({'role_name': str(role), 'role_uuid': role.uuid})
             super().record(
                 user=user, session=session, references=references, data=data,
                 user=user,
                 session=session,
                 references=references,
                 data=data,
+            )

         permissions = ['a2_rbac.search_organizationalunit']
         title = _('Organizational units')
     listing = OrganizationalUnitView.as_view()
-...
         exclude_fields = ('slug',)
         def get_fields(self):
             return [x for x in self.form_class.base_fields.keys()
                     if x not in self.exclude_fields]
             return [x for x in self.form_class.base_fields.keys() if x not in self.exclude_fields]
         def get_success_url(self):
             return '..'
     add = OrganizationalUnitAddView.as_view()
-...
             super(OrganizationalUnitDetailView, self).authorize(request, *args, **kwargs)
             self.can_delete = self.can_delete and not self.object.default
     detail = OrganizationalUnitDetailView.as_view()
-...
         template_name = 'authentic2/manager/ou_edit.html'
         title = _('Edit organizational unit')
     edit = OrganizationalUnitEditView.as_view()
-...
         def dispatch(self, request, *args, **kwargs):
             if self.get_object().default:
                 messages.warning(request, _('You cannot delete the default '
                                             'organizational unit, you must first '
                                             'set another default organiational '
                                             'unit.'))
                 return self.return_ajax_response(
                     request, HttpResponseRedirect(self.get_success_url()))
             return super(OrganizationalUnitDeleteView, self).dispatch(request, *args,
                                                                       **kwargs)
                 messages.warning(
                     request,
                     _(
                         'You cannot delete the default '
                         'organizational unit, you must first '
                         'set another default organiational '
                         'unit.'
                     ),
+                )
                 return self.return_ajax_response(request, HttpResponseRedirect(self.get_success_url()))
             return super(OrganizationalUnitDeleteView, self).dispatch(request, *args, **kwargs)
     delete = OrganizationalUnitDeleteView.as_view()
-...
         def get(self, request, *args, **kwargs):
             export = data_transfer.export_site(
                 data_transfer.ExportContext(
                     ou_qs=self.get_table_data(),
                     export_roles=False,
                     export_ous=True))
                 data_transfer.ExportContext(ou_qs=self.get_table_data(), export_roles=False, export_ous=True)
+            )
             return self.export_response(json.dumps(export, indent=4), 'application/json', 'json')
     export = OusExportView.as_view()
     class OusImportView(views.PermissionMixin, views.TitleMixin, views.MediaMixin, views.FormNeedsRequest,
                           FormView):
     class OusImportView(
         views.PermissionMixin, views.TitleMixin, views.MediaMixin, views.FormNeedsRequest, FormView
     ):
         form_class = forms.OusImportForm
         model = get_ou_model()
         template_name = 'authentic2/manager/import_form.html'

         class Meta:
             model = User
             exclude = ('password', 'user_permissions', 'is_staff',
                        'is_superuser', 'groups')
             export_order = ('ou', 'uuid', 'id', 'username', 'email',
                             'first_name', 'last_name', 'last_login',
                             'date_joined', 'roles')
             exclude = ('password', 'user_permissions', 'is_staff', 'is_superuser', 'groups')
             export_order = (
                 'ou',
                 'uuid',
                 'id',
                 'username',
                 'email',
                 'first_name',
                 'last_name',
                 'last_login',
                 'date_joined',
                 'roles',
+            )
             widgets = {
                 'roles': {
                     'field': 'name',
                 },
                 'ou': {
                     'field': 'name',
+                }
                 },
+            }

             permission_ct = ContentType.objects.get_for_model(Permission)
             ct_ct = ContentType.objects.get_for_model(ContentType)
             ou_ct = ContentType.objects.get_for_model(OU)
             permission_qs = Permission.objects.filter(target_ct_id__in=[ct_ct.id, ou_ct.id]) \
                 .values_list('id', flat=True)
             permission_qs = Permission.objects.filter(target_ct_id__in=[ct_ct.id, ou_ct.id]).values_list(
                 'id', flat=True
+            )
             # only non role-admin roles, they are accessed through the
             # RoleManager views
             if not self.admin_roles:
                 qs = qs.filter(
                     Q(admin_scope_ct__isnull=True) | Q(admin_scope_ct=permission_ct, admin_scope_id__in=permission_qs))
                     Q(admin_scope_ct__isnull=True)
                     | Q(admin_scope_ct=permission_ct, admin_scope_id__in=permission_qs)
+                )
             if not self.service_roles:
                 qs = qs.filter(service__isnull=True)
             return qs
     class RolesView(views.SearchOUMixin, views.HideOUColumnMixin, RolesMixin,
                     views.BaseTableView):
     class RolesView(views.SearchOUMixin, views.HideOUColumnMixin, RolesMixin, views.BaseTableView):
         template_name = 'authentic2/manager/roles.html'
         model = get_role_model()
         table_class = tables.RoleTable
-...
             kwargs['queryset'] = self.get_queryset()
             return kwargs
     listing = RolesView.as_view()
-...
         def form_valid(self, form):
             response = super(RoleAddView, self).form_valid(form)
             hooks.call_hooks('event', name='manager-add-role', user=self.request.user,
                              instance=form.instance, form=form)
             hooks.call_hooks(
                 'event', name='manager-add-role', user=self.request.user, instance=form.instance, form=form
+            )
             self.request.journal.record('manager.role.creation', role=form.instance)
             return response
-...
             if export_format == 'json':
                 export = data_transfer.export_site(
                     data_transfer.ExportContext(
                         role_qs=self.get_table_data(),
                         export_roles=True,
                         export_ous=False))
                         role_qs=self.get_table_data(), export_roles=True, export_ous=False
+                    )
+                )
                 return self.export_response(json.dumps(export, indent=4), 'application/json', 'json')
             return super(RolesExportView, self).get(request, *args, **kwargs)
-...
         def form_valid(self, form):
             response = super(RoleEditView, self).form_valid(form)
             hooks.call_hooks('event', name='manager-edit-role', user=self.request.user,
                              instance=form.instance, form=form)
             hooks.call_hooks(
                 'event', name='manager-edit-role', user=self.request.user, instance=form.instance, form=form
+            )
             self.request.journal.record('manager.role.edit', role=form.instance, form=form)
             return response
     edit = RoleEditView.as_view()
-...
                         messages.warning(self.request, _('User already in this role.'))
                     else:
                         self.object.members.add(user)
                         hooks.call_hooks('event', name='manager-add-role-member',
                                          user=self.request.user, role=self.object, member=user)
                         self.request.journal.record('manager.role.membership.grant', role=self.object, member=user)
                         hooks.call_hooks(
                             'event',
                             name='manager-add-role-member',
                             user=self.request.user,
                             role=self.object,
                             member=user,
+                        )
                         self.request.journal.record(
                             'manager.role.membership.grant', role=self.object, member=user
+                        )
                 elif action == 'remove':
                     if not self.object.members.filter(pk=user.pk).exists():
                         messages.warning(self.request, _('User was not in this role.'))
                     else:
                         self.object.members.remove(user)
                         hooks.call_hooks('event', name='manager-remove-role-member',
                                          user=self.request.user, role=self.object, member=user)
                         self.request.journal.record('manager.role.membership.removal', role=self.object, member=user)
                         hooks.call_hooks(
                             'event',
                             name='manager-remove-role-member',
                             user=self.request.user,
                             role=self.object,
                             member=user,
+                        )
                         self.request.journal.record(
                             'manager.role.membership.removal', role=self.object, member=user
+                        )
             else:
                 messages.warning(self.request, _('You are not authorized'))
             return super(RoleMembersView, self).form_valid(form)
-...
         def get_context_data(self, **kwargs):
             ctx = super(RoleMembersView, self).get_context_data(**kwargs)
             ctx['children'] = views.filter_view(self.request,
                                                 self.object.children(include_self=False, annotate=True))
             ctx['parents'] = views.filter_view(self.request, self.object.parents(
                 include_self=False, annotate=True).order_by(F('ou').asc(nulls_first=True), 'name'))
             ctx['children'] = views.filter_view(
                 self.request, self.object.children(include_self=False, annotate=True)
+            )
             ctx['parents'] = views.filter_view(
                 self.request,
                 self.object.parents(include_self=False, annotate=True).order_by(
                     F('ou').asc(nulls_first=True), 'name'
                 ),
+            )
             ctx['has_multiple_ou'] = OU.objects.count() > 1
             ctx['admin_roles'] = views.filter_view(self.request,
                                                    self.object.get_admin_role().children(include_self=False,
                                                                                          annotate=True))
             ctx['admin_roles'] = views.filter_view(
                 self.request, self.object.get_admin_role().children(include_self=False, annotate=True)
+            )
             ctx['from_ldap'] = self._can_manage_members and not self.can_manage_members
             return ctx
         def is_ou_specified(self):
             return self.search_form.is_valid() \
                 and self.search_form.cleaned_data.get('ou')
             return self.search_form.is_valid() and self.search_form.cleaned_data.get('ou')
         def get_table(self, **kwargs):
             show_username = has_show_username()
-...
             self.request.journal.record('manager.role.deletion', role=role)
             return super(RoleDeleteView, self).delete(request, *args, **kwargs)
     delete = RoleDeleteView.as_view()
-...
                 action = form.cleaned_data.get('action')
                 Permission = get_permission_model()
                 if action == 'add' and operation and target:
                     perm, created = Permission.objects \
                         .get_or_create(operation=operation, ou=ou,
                                        target_ct=ContentType.objects.get_for_model(
                                            target),
                                        target_id=target.pk)
                     perm, created = Permission.objects.get_or_create(
                         operation=operation,
                         ou=ou,
                         target_ct=ContentType.objects.get_for_model(target),
                         target_id=target.pk,
+                    )
                     self.object.permissions.add(perm)
                     hooks.call_hooks('event', name='manager-add-permission', user=self.request.user,
                                      role=self.object, permission=perm)
                     hooks.call_hooks(
                         'event',
                         name='manager-add-permission',
                         user=self.request.user,
                         role=self.object,
                         permission=perm,
+                    )
                 elif action == 'remove':
                     try:
                         permission_id = int(self.request.POST.get('permission', ''))
-...
                     else:
                         if self.object.permissions.filter(id=permission_id).exists():
                             self.object.permissions.remove(perm)
                             hooks.call_hooks('event', name='manager-remove-permission',
                                              user=self.request.user, role=self.object, permission=perm)
                             hooks.call_hooks(
                                 'event',
                                 name='manager-remove-permission',
                                 user=self.request.user,
                                 role=self.object,
                                 permission=perm,
+                            )
             else:
                 messages.warning(self.request, _('You are not authorized'))
             return super(RolePermissionsView, self).form_valid(form)
     permissions = RolePermissionsView.as_view()
-...
         def get_data(self):
             return self.get_table_data()
     members_export = RoleMembersExportView.as_view()
     class RoleAddChildView(views.AjaxFormViewMixin, views.TitleMixin,
                            views.PermissionMixin, views.FormNeedsRequest,
                            SingleObjectMixin, FormView):
     class RoleAddChildView(
         views.AjaxFormViewMixin,
         views.TitleMixin,
         views.PermissionMixin,
         views.FormNeedsRequest,
         SingleObjectMixin,
         FormView,
     ):
         title = _('Add child role')
         model = get_role_model()
         form_class = forms.RolesForm
-...
             parent = self.get_object()
             for role in form.cleaned_data['roles']:
                 parent.add_child(role)
                 hooks.call_hooks('event', name='manager-add-child-role', user=self.request.user,
                                  parent=parent, child=role)
                 hooks.call_hooks(
                     'event', name='manager-add-child-role', user=self.request.user, parent=parent, child=role
+                )
                 self.request.journal.record('manager.role.inheritance.addition', parent=parent, child=role)
             return super(RoleAddChildView, self).form_valid(form)
     add_child = RoleAddChildView.as_view()
     class RoleAddParentView(views.AjaxFormViewMixin, views.TitleMixin,
                             views.FormNeedsRequest, SingleObjectMixin, FormView):
     class RoleAddParentView(
         views.AjaxFormViewMixin, views.TitleMixin, views.FormNeedsRequest, SingleObjectMixin, FormView
     ):
         title = _('Add parent role')
         model = get_role_model()
         form_class = forms.RoleParentsForm
-...
             child = self.get_object()
             for role in form.cleaned_data['roles']:
                 child.add_parent(role)
                 hooks.call_hooks('event', name='manager-add-child-role', user=self.request.user,
                                  parent=role, child=child)
                 hooks.call_hooks(
                     'event', name='manager-add-child-role', user=self.request.user, parent=role, child=child
+                )
                 self.request.journal.record('manager.role.inheritance.addition', parent=role, child=child)
             return super(RoleAddParentView, self).form_valid(form)
     add_parent = RoleAddParentView.as_view()
     class RoleRemoveChildView(views.AjaxFormViewMixin, SingleObjectMixin,
                               views.PermissionMixin, TemplateView):
     class RoleRemoveChildView(views.AjaxFormViewMixin, SingleObjectMixin, views.PermissionMixin, TemplateView):
         title = _('Remove child role')
         model = get_role_model()
         success_url = '../..'
-...
         def post(self, request, *args, **kwargs):
             self.object.remove_child(self.child)
             hooks.call_hooks('event', name='manager-remove-child-role', user=self.request.user,
                              parent=self.object, child=self.child)
             hooks.call_hooks(
                 'event',
                 name='manager-remove-child-role',
                 user=self.request.user,
                 parent=self.object,
                 child=self.child,
+            )
             self.request.journal.record('manager.role.inheritance.removal', parent=self.object, child=self.child)
             return redirect(self.request, self.success_url)
     remove_child = RoleRemoveChildView.as_view()
     class RoleRemoveParentView(views.AjaxFormViewMixin, SingleObjectMixin,
                                TemplateView):
     class RoleRemoveParentView(views.AjaxFormViewMixin, SingleObjectMixin, TemplateView):
         title = _('Remove parent role')
         model = get_role_model()
         success_url = '../..'
-...
             if not self.request.user.has_perm('a2_rbac.manage_members_role', self.parent):
                 raise PermissionDenied
             self.object.remove_parent(self.parent)
             hooks.call_hooks('event', name='manager-remove-child-role', user=self.request.user,
                              parent=self.parent, child=self.object)
             hooks.call_hooks(
                 'event',
                 name='manager-remove-child-role',
                 user=self.request.user,
                 parent=self.parent,
                 child=self.object,
+            )
             self.request.journal.record('manager.role.inheritance.removal', parent=self.parent, child=self.object)
             return redirect(self.request, self.success_url)
     remove_parent = RoleRemoveParentView.as_view()
     class RoleAddAdminRoleView(views.AjaxFormViewMixin, views.TitleMixin,
                                views.PermissionMixin, views.FormNeedsRequest,
                                SingleObjectMixin, FormView):
     class RoleAddAdminRoleView(
         views.AjaxFormViewMixin,
         views.TitleMixin,
         views.PermissionMixin,
         views.FormNeedsRequest,
         SingleObjectMixin,
         FormView,
     ):
         title = _('Add admin role')
         model = get_role_model()
         form_class = forms.RolesForm
-...
             administered_role = self.get_object()
             for role in form.cleaned_data['roles']:
                 administered_role.get_admin_role().add_child(role)
                 hooks.call_hooks('event', name='manager-add-admin-role', user=self.request.user,
                                  role=administered_role, admin_role=role)
                 self.request.journal.record('manager.role.administrator.role.addition',
                                             role=administered_role, admin_role=role)
                 hooks.call_hooks(
                     'event',
                     name='manager-add-admin-role',
                     user=self.request.user,
                     role=administered_role,
                     admin_role=role,
+                )
                 self.request.journal.record(
                     'manager.role.administrator.role.addition', role=administered_role, admin_role=role
+                )
             return super(RoleAddAdminRoleView, self).form_valid(form)
     add_admin_role = RoleAddAdminRoleView.as_view()
     class RoleRemoveAdminRoleView(views.TitleMixin, views.AjaxFormViewMixin,
                                   SingleObjectMixin, views.PermissionMixin,
                                   TemplateView):
     class RoleRemoveAdminRoleView(
         views.TitleMixin, views.AjaxFormViewMixin, SingleObjectMixin, views.PermissionMixin, TemplateView
     ):
         title = _('Remove admin role')
         model = get_role_model()
         success_url = '../..'
-...
         def post(self, request, *args, **kwargs):
             self.object.get_admin_role().remove_child(self.child)
             hooks.call_hooks('event', name='manager-remove-admin-role',
                              user=self.request.user, role=self.object, admin_role=self.child)
             self.request.journal.record('manager.role.administrator.role.removal',
                                         role=self.object, admin_role=self.child)
             hooks.call_hooks(
                 'event',
                 name='manager-remove-admin-role',
                 user=self.request.user,
                 role=self.object,
                 admin_role=self.child,
+            )
             self.request.journal.record(
                 'manager.role.administrator.role.removal', role=self.object, admin_role=self.child
+            )
             return redirect(self.request, self.success_url)
     remove_admin_role = RoleRemoveAdminRoleView.as_view()
     class RoleAddAdminUserView(views.AjaxFormViewMixin, views.TitleMixin,
                                views.PermissionMixin, views.FormNeedsRequest,
                                SingleObjectMixin, FormView):
     class RoleAddAdminUserView(
         views.AjaxFormViewMixin,
         views.TitleMixin,
         views.PermissionMixin,
         views.FormNeedsRequest,
         SingleObjectMixin,
         FormView,
     ):
         title = _('Add admin user')
         model = get_role_model()
         form_class = forms.UsersForm
-...
             administered_role = self.get_object()
             for user in form.cleaned_data['users']:
                 administered_role.get_admin_role().members.add(user)
                 hooks.call_hooks('event', name='manager-add-admin-role-user', user=self.request.user,
                                  role=administered_role, admin=user)
                 self.request.journal.record('manager.role.administrator.user.addition',
                                             role=administered_role, admin_user=user)
                 hooks.call_hooks(
                     'event',
                     name='manager-add-admin-role-user',
                     user=self.request.user,
                     role=administered_role,
                     admin=user,
+                )
                 self.request.journal.record(
                     'manager.role.administrator.user.addition', role=administered_role, admin_user=user
+                )
             return super(RoleAddAdminUserView, self).form_valid(form)
     add_admin_user = RoleAddAdminUserView.as_view()
     class RoleRemoveAdminUserView(views.TitleMixin, views.AjaxFormViewMixin,
                                   SingleObjectMixin, views.PermissionMixin,
                                   TemplateView):
     class RoleRemoveAdminUserView(
         views.TitleMixin, views.AjaxFormViewMixin, SingleObjectMixin, views.PermissionMixin, TemplateView
     ):
         title = _('Remove admin user')
         model = get_role_model()
         success_url = '../..'
-...
         def post(self, request, *args, **kwargs):
             self.object.get_admin_role().members.remove(self.user)
             hooks.call_hooks('event', name='remove-remove-admin-role-user', user=self.request.user,
                              role=self.object, admin=self.user)
             self.request.journal.record('manager.role.administrator.user.removal',
                                         role=self.object, admin_user=self.user)
             hooks.call_hooks(
                 'event',
                 name='remove-remove-admin-role-user',
                 user=self.request.user,
                 role=self.object,
                 admin=self.user,
+            )
             self.request.journal.record(
                 'manager.role.administrator.user.removal', role=self.object, admin_user=self.user
+            )
             return redirect(self.request, self.success_url)
     remove_admin_user = RoleRemoveAdminUserView.as_view()
     class RolesImportView(views.PermissionMixin, views.TitleMixin, views.MediaMixin, views.FormNeedsRequest,
                           FormView):
     class RolesImportView(
         views.PermissionMixin, views.TitleMixin, views.MediaMixin, views.FormNeedsRequest, FormView
     ):
         form_class = forms.RolesImportForm
         model = get_role_model()
         template_name = 'authentic2/manager/import_form.html'
-...
         def get_success_url(self):
             messages.success(
                 self.request,
                 _('Roles have been successfully imported inside "%s" organizational unit.') % self.ou
                 _('Roles have been successfully imported inside "%s" organizational unit.') % self.ou,
+            )
             return reverse('a2-manager-roles') + '?search-ou=%s' % self.ou.pk
-...
             ctx['object'] = self.context
             return ctx
     journal = RoleJournal.as_view()

         permissions = ['authentic2.search_service']
         title = _('Services')
     listing = ServicesView.as_view()
     class ServiceView(views.SimpleSubTableView, role_views.RoleViewMixin,
                       views.MediaMixin, views.FormNeedsRequest, views.FormView):
     class ServiceView(
         views.SimpleSubTableView,
         role_views.RoleViewMixin,
         views.MediaMixin,
         views.FormNeedsRequest,
         views.FormView,
     ):
         search_form_class = forms.NameSearchForm
         model = Service
         pk_url_kwarg = 'service_pk'
-...
             if self.can_change:
                 if action == 'add':
                     if self.object.authorized_roles.filter(pk=role.pk).exists():
                         messages.warning(self.request, _('Role already authorized in this '
                                          'service.'))
                         messages.warning(self.request, _('Role already authorized in this ' 'service.'))
                     else:
                         self.object.add_authorized_role(role)
                 elif action == 'remove':
-...
         fields = ['name', 'slug', 'ou', 'unauthorized_url']
         success_url = '..'
     edit = ServiceEditView.as_view()

     import django_tables2 as tables
     from django_tables2.utils import A
     from django_rbac.utils import get_role_model, get_permission_model, \
         get_ou_model
     from django_rbac.utils import get_role_model, get_permission_model, get_ou_model
     from authentic2.models import Service
     from authentic2.middleware import StoreRequestMiddleware
-...
             verified = user.email_verified
             value = user.email
             if value and verified:
                 return html.format_html(
                         '<span class="verified">{value}</span>',
                         value=value)
                 return html.format_html('<span class="verified">{value}</span>', value=value)
             return value
-...
             value = super().render(**kwargs)
             if not user.is_active:
                 value = html.format_html(
                     '<span class="disabled">{value} ({disabled})</span>',
                     value=value, disabled=_('disabled'))
                     '<span class="disabled">{value} ({disabled})</span>', value=value, disabled=_('disabled')
+                )
             return value
     class UserTable(tables.Table):
         link = UserLinkColumn(
             viewname='a2-manager-user-detail',
-...
             verbose_name=_('User'),
             accessor='get_full_name',
             order_by=('last_name', 'first_name', 'email', 'username'),
             kwargs={'pk': A('pk')})
             kwargs={'pk': A('pk')},
+        )
         username = tables.Column()
         email = VerifiableEmailColumn()
         ou = tables.Column()
-...
         class Meta:
             model = User
             attrs = {'class': 'main', 'id': 'user-table'}
             fields = ('username', 'email', 'first_name',
                       'last_name', 'ou')
             fields = ('username', 'email', 'first_name', 'last_name', 'ou')
             sequence = ('link', '...')
             empty_text = _('None')
     class RoleMembersTable(UserTable):
         direct = tables.BooleanColumn(verbose_name=_('Direct member'),
                                       orderable=False)
         direct = tables.BooleanColumn(verbose_name=_('Direct member'), orderable=False)
         via = tables.TemplateColumn(
             '{% for role in record.via %}'
             '<a href="{% url "a2-manager-role-members" pk=role.pk %}">{{ role }}</a>{% if not forloop.last %}, {% endif %}'
             '{% endfor %}',
             verbose_name=_('Inherited from'), orderable=False)
             verbose_name=_('Inherited from'),
             orderable=False,
+        )
         class Meta(UserTable.Meta):
             pass
     class RoleTable(tables.Table):
         name = tables.LinkColumn(viewname='a2-manager-role-members',
                                  kwargs={'pk': A('pk')},
                                  accessor='name', verbose_name=_('label'))
         name = tables.LinkColumn(
             viewname='a2-manager-role-members', kwargs={'pk': A('pk')}, accessor='name', verbose_name=_('label')
+        )
         ou = tables.Column()
         member_count = tables.Column(verbose_name=_('Direct member count'),
                                      orderable=False)
         member_count = tables.Column(verbose_name=_('Direct member count'), orderable=False)
         def render_name (self, record, bound_column):
         def render_name(self, record, bound_column):
             content = bound_column.column.render(record.name, record, bound_column)
             if not record.can_manage_members:
                 content = SafeText('%s (%s)' % (content, _('LDAP')))
-...
     class OuUserRolesTable(tables.Table):
         name = tables.LinkColumn(viewname='a2-manager-role-members',
                                  kwargs={'pk': A('pk')},
                                  accessor='name', verbose_name=_('label'))
         name = tables.LinkColumn(
             viewname='a2-manager-role-members', kwargs={'pk': A('pk')}, accessor='name', verbose_name=_('label')
+        )
         via = tables.TemplateColumn(
             '''{% for rel in record.via %}{{ rel.child }} {% if not forloop.last %}, {% endif %}{% endfor %}''',
             verbose_name=_('Inherited from'), orderable=False)
             verbose_name=_('Inherited from'),
             orderable=False,
+        )
         member = tables.TemplateColumn(
             '{%% load i18n %%}<input class="role-member{%% if not record.member and record.via %%} '
             'indeterminate{%% endif %%}"'
-...
             '{%% if not record.has_perm %%}disabled '
             'title="{%% trans "%s" %%}"{%% endif %%} '
             '{%% if not record.can_manage_members %%}disabled '
             'title="{%% trans "%s" %%}"{%% endif %%}/>' % (ugettext_noop('You are not authorized to manage this role'), ugettext_noop('This role is synchronised from LDAP, changing members is not allowed.')),
             'title="{%% trans "%s" %%}"{%% endif %%}/>'
             % (
                 ugettext_noop('You are not authorized to manage this role'),
                 ugettext_noop('This role is synchronised from LDAP, changing members is not allowed.'),
             ),
             verbose_name=_('Member'),
             order_by=('member', 'via', 'name'))
             order_by=('member', 'via', 'name'),
+        )
         def render_name (self, record, bound_column):
         def render_name(self, record, bound_column):
             content = bound_column.column.render(record.name, record, bound_column)
             if not record.can_manage_members:
                 content = SafeText('%s (%s)' % (content, _('LDAP')))
-...
     class UserRolesTable(tables.Table):
         name = tables.LinkColumn(viewname='a2-manager-role-members',
                                  kwargs={'pk': A('pk')},
                                  accessor='name', verbose_name=_('label'))
         name = tables.LinkColumn(
             viewname='a2-manager-role-members', kwargs={'pk': A('pk')}, accessor='name', verbose_name=_('label')
+        )
         ou = tables.Column()
         via = tables.TemplateColumn(
             '{% if not record.member %}{% for rel in record.child_relation.all %}'
             '{{ rel.child }} {% if not forloop.last %}, {% endif %}{% endfor %}'
             '{% endif %}',
             verbose_name=_('Inherited from'),
             orderable=False)
             orderable=False,
+        )
         def render_name (self, record, bound_column):
         def render_name(self, record, bound_column):
             content = bound_column.column.render(record.name, record, bound_column)
             if not record.can_manage_members:
                 content = SafeText('%s (%s)' % (content, _('LDAP')))

     urlpatterns = required(
         manager_login_required, [
         manager_login_required,
+        [
             # homepage
             url(r'^$', views.homepage, name='a2-manager-homepage'),
             url(r'^me/$', user_views.me, name='a2-manager-me'),
             # Authentic2 users
             url(r'^users/$', user_views.users, name='a2-manager-users'),
             url(r'^users/export/(?P<format>csv)/$',
                 user_views.users_export, name='a2-manager-users-export'),
             url(r'^users/add/$', user_views.user_add_default_ou,
                 name='a2-manager-user-add-default-ou'),
             url(r'^users/add/choose-ou/$', user_views.user_add_choose_ou,
                 name='a2-manager-user-add-choose-ou'),
             url(r'^users/import/$',
                 user_views.user_imports, name='a2-manager-users-imports'),
             url(r'^users/import/(?P<uuid>[a-z0-9]+)/download/(?P<filename>.*)$',
                 user_views.user_import, name='a2-manager-users-import-download'),
             url(r'^users/import/(?P<uuid>[a-z0-9]+)/$',
                 user_views.user_import, name='a2-manager-users-import'),
             url(r'^users/import/(?P<import_uuid>[a-z0-9]+)/(?P<report_uuid>[a-z0-9]+)/$',
                 user_views.user_import_report, name='a2-manager-users-import-report'),
             url(r'^users/(?P<ou_pk>\d+)/add/$', user_views.user_add,
                 name='a2-manager-user-add'),
             url(r'^users/(?P<pk>\d+)/$', user_views.user_detail,
                 name='a2-manager-user-detail'),
             url(r'^users/(?P<pk>\d+)/edit/$', user_views.user_edit,
                 name='a2-manager-user-edit'),
             url(r'^users/(?P<pk>\d+)/delete/$', user_views.user_delete,
                 name='a2-manager-user-delete'),
             url(r'^users/(?P<pk>\d+)/roles/$',
                 user_views.roles,
                 name='a2-manager-user-roles'),
             url(r'^users/(?P<pk>\d+)/change-password/$',
             url(r'^users/export/(?P<format>csv)/$', user_views.users_export, name='a2-manager-users-export'),
             url(r'^users/add/$', user_views.user_add_default_ou, name='a2-manager-user-add-default-ou'),
             url(r'^users/add/choose-ou/$', user_views.user_add_choose_ou, name='a2-manager-user-add-choose-ou'),
             url(r'^users/import/$', user_views.user_imports, name='a2-manager-users-imports'),
             url(
                 r'^users/import/(?P<uuid>[a-z0-9]+)/download/(?P<filename>.*)$',
                 user_views.user_import,
                 name='a2-manager-users-import-download',
             ),
             url(r'^users/import/(?P<uuid>[a-z0-9]+)/$', user_views.user_import, name='a2-manager-users-import'),
             url(
                 r'^users/import/(?P<import_uuid>[a-z0-9]+)/(?P<report_uuid>[a-z0-9]+)/$',
                 user_views.user_import_report,
                 name='a2-manager-users-import-report',
             ),
             url(r'^users/(?P<ou_pk>\d+)/add/$', user_views.user_add, name='a2-manager-user-add'),
             url(r'^users/(?P<pk>\d+)/$', user_views.user_detail, name='a2-manager-user-detail'),
             url(r'^users/(?P<pk>\d+)/edit/$', user_views.user_edit, name='a2-manager-user-edit'),
             url(r'^users/(?P<pk>\d+)/delete/$', user_views.user_delete, name='a2-manager-user-delete'),
             url(r'^users/(?P<pk>\d+)/roles/$', user_views.roles, name='a2-manager-user-roles'),
             url(
                 r'^users/(?P<pk>\d+)/change-password/$',
                 user_views.user_change_password,
                 name='a2-manager-user-change-password'),
             url(r'^users/(?P<pk>\d+)/change-email/$',
                 name='a2-manager-user-change-password',
             ),
             url(
                 r'^users/(?P<pk>\d+)/change-email/$',
                 user_views.user_change_email,
                 name='a2-manager-user-change-email'),
             url(r'^users/(?P<pk>\d+)/su/$', user_views.su,
                 name='a2-manager-user-su'),
             url(r'^users/(?P<pk>\d+)/authorizations/$',
                 name='a2-manager-user-change-email',
             ),
             url(r'^users/(?P<pk>\d+)/su/$', user_views.su, name='a2-manager-user-su'),
             url(
                 r'^users/(?P<pk>\d+)/authorizations/$',
                 user_views.user_authorizations,
                 name='a2-manager-user-authorizations'),
             url(r'^users/(?P<pk>\d+)/journal/$',
                 user_views.user_journal,
                 name='a2-manager-user-journal'),
                 name='a2-manager-user-authorizations',
             ),
             url(r'^users/(?P<pk>\d+)/journal/$', user_views.user_journal, name='a2-manager-user-journal'),
             # by uuid
             url(r'^users/uuid:(?P<slug>[a-z0-9]+)/$', user_views.user_detail,
                 name='a2-manager-user-by-uuid-detail'),
             url(r'^users/uuid:(?P<slug>[a-z0-9]+)/edit/$', user_views.user_edit,
                 name='a2-manager-user-by-uuid-edit'),
             url(r'^users/uuid:(?P<slug>[a-z0-9]+)/roles/$',
                 user_views.roles,
                 name='a2-manager-user-by-uuid-roles'),
             url(r'^users/uuid:(?P<slug>[a-z0-9]+)/change-password/$',
             url(
                 r'^users/uuid:(?P<slug>[a-z0-9]+)/$',
                 user_views.user_detail,
                 name='a2-manager-user-by-uuid-detail',
             ),
             url(
                 r'^users/uuid:(?P<slug>[a-z0-9]+)/edit/$',
                 user_views.user_edit,
                 name='a2-manager-user-by-uuid-edit',
             ),
             url(
                 r'^users/uuid:(?P<slug>[a-z0-9]+)/roles/$', user_views.roles, name='a2-manager-user-by-uuid-roles'
             ),
             url(
                 r'^users/uuid:(?P<slug>[a-z0-9]+)/change-password/$',
                 user_views.user_change_password,
                 name='a2-manager-user-by-uuid-change-password'),
             url(r'^users/uuid:(?P<slug>[a-z0-9]+)/change-email/$',
                 name='a2-manager-user-by-uuid-change-password',
             ),
             url(
                 r'^users/uuid:(?P<slug>[a-z0-9]+)/change-email/$',
                 user_views.user_change_email,
                 name='a2-manager-user-by-uuid-change-email'),
             url(r'^users/uuid:(?P<slug>[a-z0-9]+)/journal/$',
                 name='a2-manager-user-by-uuid-change-email',
             ),
             url(
                 r'^users/uuid:(?P<slug>[a-z0-9]+)/journal/$',
                 user_views.user_journal,
                 name='a2-manager-user-journal'),
                 name='a2-manager-user-journal',
             ),
             # Authentic2 roles
             url(r'^roles/$', role_views.listing,
                 name='a2-manager-roles'),
             url(r'^roles/import/$', role_views.roles_import,
                 name='a2-manager-roles-import'),
             url(r'^roles/add/$', role_views.add,
                 name='a2-manager-role-add'),
             url(r'^roles/export/(?P<format>csv|json)/$',
                 role_views.export, name='a2-manager-roles-export'),
             url(r'^roles/journal/$', role_views.roles_journal,
                 name='a2-manager-roles-journal'),
             url(r'^roles/(?P<pk>\d+)/$', role_views.members,
                 name='a2-manager-role-members'),
             url(r'^roles/(?P<pk>\d+)/add-child/$', role_views.add_child,
                 name='a2-manager-role-add-child'),
             url(r'^roles/(?P<pk>\d+)/add-parent/$', role_views.add_parent,
                 name='a2-manager-role-add-parent'),
             url(r'^roles/(?P<pk>\d+)/remove-child/(?P<child_pk>\d+)/$',
                 role_views.remove_child, name='a2-manager-role-remove-child'),
             url(r'^roles/(?P<pk>\d+)/remove-parent/(?P<parent_pk>\d+)/$',
                 role_views.remove_parent, name='a2-manager-role-remove-parent'),
             url(r'^roles/(?P<pk>\d+)/add-admin-user/$', role_views.add_admin_user,
                 name='a2-manager-role-add-admin-user'),
             url(r'^roles/(?P<pk>\d+)/remove-admin-user/(?P<user_pk>\d+)/$',
                 role_views.remove_admin_user, name='a2-manager-role-remove-admin-user'),
             url(r'^roles/(?P<pk>\d+)/add-admin-role/$', role_views.add_admin_role,
                 name='a2-manager-role-add-admin-role'),
             url(r'^roles/(?P<pk>\d+)/remove-admin-role/(?P<role_pk>\d+)/$',
                 role_views.remove_admin_role, name='a2-manager-role-remove-admin-role'),
             url(r'^roles/(?P<pk>\d+)/export/(?P<format>csv)/$',
             url(r'^roles/$', role_views.listing, name='a2-manager-roles'),
             url(r'^roles/import/$', role_views.roles_import, name='a2-manager-roles-import'),
             url(r'^roles/add/$', role_views.add, name='a2-manager-role-add'),
             url(r'^roles/export/(?P<format>csv|json)/$', role_views.export, name='a2-manager-roles-export'),
             url(r'^roles/journal/$', role_views.roles_journal, name='a2-manager-roles-journal'),
             url(r'^roles/(?P<pk>\d+)/$', role_views.members, name='a2-manager-role-members'),
             url(r'^roles/(?P<pk>\d+)/add-child/$', role_views.add_child, name='a2-manager-role-add-child'),
             url(r'^roles/(?P<pk>\d+)/add-parent/$', role_views.add_parent, name='a2-manager-role-add-parent'),
             url(
                 r'^roles/(?P<pk>\d+)/remove-child/(?P<child_pk>\d+)/$',
                 role_views.remove_child,
                 name='a2-manager-role-remove-child',
             ),
             url(
                 r'^roles/(?P<pk>\d+)/remove-parent/(?P<parent_pk>\d+)/$',
                 role_views.remove_parent,
                 name='a2-manager-role-remove-parent',
             ),
             url(
                 r'^roles/(?P<pk>\d+)/add-admin-user/$',
                 role_views.add_admin_user,
                 name='a2-manager-role-add-admin-user',
             ),
             url(
                 r'^roles/(?P<pk>\d+)/remove-admin-user/(?P<user_pk>\d+)/$',
                 role_views.remove_admin_user,
                 name='a2-manager-role-remove-admin-user',
             ),
             url(
                 r'^roles/(?P<pk>\d+)/add-admin-role/$',
                 role_views.add_admin_role,
                 name='a2-manager-role-add-admin-role',
             ),
             url(
                 r'^roles/(?P<pk>\d+)/remove-admin-role/(?P<role_pk>\d+)/$',
                 role_views.remove_admin_role,
                 name='a2-manager-role-remove-admin-role',
             ),
             url(
                 r'^roles/(?P<pk>\d+)/export/(?P<format>csv)/$',
                 role_views.members_export,
                 name='a2-manager-role-members-export'),
             url(r'^roles/(?P<pk>\d+)/delete/$', role_views.delete,
                 name='a2-manager-role-delete'),
             url(r'^roles/(?P<pk>\d+)/edit/$', role_views.edit,
                 name='a2-manager-role-edit'),
             url(r'^roles/(?P<pk>\d+)/permissions/$', role_views.permissions,
                 name='a2-manager-role-permissions'),
             url(r'^roles/(?P<pk>\d+)/journal/$', role_views.journal,
                 name='a2-manager-role-journal'),
                 name='a2-manager-role-members-export',
             ),
             url(r'^roles/(?P<pk>\d+)/delete/$', role_views.delete, name='a2-manager-role-delete'),
             url(r'^roles/(?P<pk>\d+)/edit/$', role_views.edit, name='a2-manager-role-edit'),
             url(r'^roles/(?P<pk>\d+)/permissions/$', role_views.permissions, name='a2-manager-role-permissions'),
             url(r'^roles/(?P<pk>\d+)/journal/$', role_views.journal, name='a2-manager-role-journal'),
             # Authentic2 organizational units
             url(r'^organizational-units/$', ou_views.listing,
                 name='a2-manager-ous'),
             url(r'^organizational-units/add/$', ou_views.add,
                 name='a2-manager-ou-add'),
             url(r'^organizational-units/(?P<pk>\d+)/$', ou_views.detail,
                 name='a2-manager-ou-detail'),
             url(r'^organizational-units/(?P<pk>\d+)/edit/$', ou_views.edit,
                 name='a2-manager-ou-edit'),
             url(r'^organizational-units/(?P<pk>\d+)/delete/$', ou_views.delete,
                 name='a2-manager-ou-delete'),
             url(r'^organizational-units/export/(?P<format>json)/$',
                 ou_views.export,
                 name='a2-manager-ou-export'),
             url(r'^organizational-units/import/$',
                 ou_views.ous_import,
                 name='a2-manager-ous-import'),
             url(r'^organizational-units/$', ou_views.listing, name='a2-manager-ous'),
             url(r'^organizational-units/add/$', ou_views.add, name='a2-manager-ou-add'),
             url(r'^organizational-units/(?P<pk>\d+)/$', ou_views.detail, name='a2-manager-ou-detail'),
             url(r'^organizational-units/(?P<pk>\d+)/edit/$', ou_views.edit, name='a2-manager-ou-edit'),
             url(r'^organizational-units/(?P<pk>\d+)/delete/$', ou_views.delete, name='a2-manager-ou-delete'),
             url(r'^organizational-units/export/(?P<format>json)/$', ou_views.export, name='a2-manager-ou-export'),
             url(r'^organizational-units/import/$', ou_views.ous_import, name='a2-manager-ous-import'),
             # Services
             url(r'^services/$', service_views.listing,
                 name='a2-manager-services'),
             url(r'^services/(?P<service_pk>\d+)/$', service_views.roles,
                 name='a2-manager-service'),
             url(r'^services/(?P<service_pk>\d+)/edit/$', service_views.edit,
                 name='a2-manager-service-edit'),
             url(r'^services/$', service_views.listing, name='a2-manager-services'),
             url(r'^services/(?P<service_pk>\d+)/$', service_views.roles, name='a2-manager-service'),
             url(r'^services/(?P<service_pk>\d+)/edit/$', service_views.edit, name='a2-manager-service-edit'),
             # Journal
             url(r'^journal/$', journal_views.journal,
                 name='a2-manager-journal'),
             url(r'^journal/$', journal_views.journal, name='a2-manager-journal'),
             # backoffice menu as json
             url(r'^menu.json$', views.menu_json),
             # general management
             url(r'^site-export/$', views.site_export, name='a2-manager-site-export'),
             url(r'^site-import/$', views.site_import, name='a2-manager-site-import'),
+        ]
         ],
+    )
     urlpatterns += [
         url(r'^jsi18n/$',
         url(
             r'^jsi18n/$',
             JavaScriptCatalog.as_view(packages=['authentic2.manager']),
             name='a2-manager-javascript-catalog'),
             name='a2-manager-javascript-catalog',
         ),
         url(r'^select2.json$', views.select2, name='django_select2-json'),
+    ]

     def new_id():
         return (base64.b32encode(uuid.uuid4().bytes)
                 .strip(b'=')
                 .lower()
                 .decode('ascii'))
         return base64.b32encode(uuid.uuid4().bytes).strip(b'=').lower().decode('ascii')
     class UserImport(object):
-...
                         data['tid'] = gettid()
                     try:
                         with publik_provisionning():
                             importer.run(fd,
                                          encoding=self.data['encoding'],
                                          ou=self.data['ou'],
                                          simulate=simulate)
                             importer.run(
                                 fd, encoding=self.data['encoding'], ou=self.data['ou'], simulate=simulate
+                            )
                     except Exception as e:
                         logger.exception('error during report %s:%s run', self.user_import.uuid, self.uuid)
                         state = self.STATE_ERROR
-...
                         data['exception'] = exception
                         data['importer'] = importer
                         data['duration'] = duration
             t = threading.Thread(target=thread_worker)
             t.daemon = True
             if start:
-...
             for name in os.listdir(self.user_import.path):
                 if name.startswith(self.PREFIX):
                     try:
                         yield self[name[len(self.PREFIX):]]
                         yield self[name[len(self.PREFIX) :]]
                     except KeyError:
                         pass

     from django_rbac.utils import get_role_model, get_role_parenting_model, get_ou_model
     from .views import (BaseTableView, BaseAddView, BaseEditView, ActionMixin,
                         OtherActionsMixin, Action, ExportMixin, BaseSubTableView,
                         HideOUColumnMixin, BaseDeleteView, BaseDetailView,
                         TitleMixin, PermissionMixin, MediaMixin, FormNeedsRequest)
     from .views import (
         BaseTableView,
         BaseAddView,
         BaseEditView,
         ActionMixin,
         OtherActionsMixin,
         Action,
         ExportMixin,
         BaseSubTableView,
         HideOUColumnMixin,
         BaseDeleteView,
         BaseDetailView,
         TitleMixin,
         PermissionMixin,
         MediaMixin,
         FormNeedsRequest,
+    )
     from .tables import UserTable, UserRolesTable, OuUserRolesTable, UserAuthorizationsTable
     from .forms import (UserSearchForm, UserAddForm, UserEditForm,
                         UserChangePasswordForm, ChooseUserRoleForm,
                         UserRoleSearchForm, UserChangeEmailForm, UserNewImportForm,
                         UserEditImportForm, ChooseUserAuthorizationsForm, UserAddChooseOUForm)
     from .forms import (
         UserSearchForm,
         UserAddForm,
         UserEditForm,
         UserChangePasswordForm,
         ChooseUserRoleForm,
         UserRoleSearchForm,
         UserChangeEmailForm,
         UserNewImportForm,
         UserEditImportForm,
         ChooseUserAuthorizationsForm,
         UserAddChooseOUForm,
+    )
     from .resources import UserResource
     from .utils import get_ou_count, has_show_username
     from .journal_views import BaseJournalView
-...
         title = _('Users')
         def is_ou_specified(self):
             return self.search_form.is_valid() \
                 and self.search_form.cleaned_data.get('ou')
             return self.search_form.is_valid() and self.search_form.cleaned_data.get('ou')
         def get_queryset(self):
             qs = super(UsersView, self).get_queryset()
-...
             table = super(UsersView, self).get_table(**kwargs)
             if self.search_form.not_enough_chars():
                 user_qs = self.search_form.filter_by_ou(self.get_queryset())
                 table.empty_text = _('Enter at least %(limit)d characters '
                                      '(%(user_count)d users)') % {
                 table.empty_text = _('Enter at least %(limit)d characters ' '(%(user_count)d users)') % {
                     'limit': self.search_form.minimum_chars,
                     'user_count': user_qs.count(),
+                }
-...
                     self.can_add = False
             extra_actions = ctx['extra_actions'] = []
             if self.request.user.has_perm('custom_user.admin_user'):
                 extra_actions.append({
                     'url': reverse('a2-manager-users-imports'),
                     'label': _('Import users'),
                 })
                 extra_actions.append(
+                    {
                         'url': reverse('a2-manager-users-imports'),
                         'label': _('Import users'),
+                    }
+                )
             return ctx
-...
             'password1',
             'password2',
             'reset_password_at_next_login',
             'send_mail']
             'send_mail',
+        ]
         form_class = UserAddForm
         permissions = ['custom_user.add_user']
         template_name = 'authentic2/manager/user_add.html'
-...
             if not self.ou.show_username:
                 fields.remove('username')
             i = fields.index('generate_password')
             if self.request.user.is_superuser and \
                     'is_superuser' not in self.fields:
             if self.request.user.is_superuser and 'is_superuser' not in self.fields:
                 fields.insert(i, 'is_superuser')
                 i += 1
             for attribute in Attribute.objects.all():
-...
                 include_post=True,
                 replace={
                     '$UUID': self.object.uuid,
                 })
                 },
+            )
         def get_context_data(self, **kwargs):
             context = super(UserAddView, self).get_context_data(**kwargs)
             context['cancel_url'] = select_next_url(
                 self.request,
                 default='../..',
                 field_name='cancel')
             context['cancel_url'] = select_next_url(self.request, default='../..', field_name='cancel')
             context['next'] = select_next_url(self.request, default=None, include_post=True)
             context['ou'] = self.ou
             context['duplicate_users'] = self.duplicate_users
-...
                     return self.form_invalid(form)
             response = super(UserAddView, self).form_valid(form)
             hooks.call_hooks('event', name='manager-add-user', user=self.request.user,
                              instance=form.instance, form=form)
             hooks.call_hooks(
                 'event', name='manager-add-user', user=self.request.user, instance=form.instance, form=form
+            )
             self.request.journal.record('manager.user.creation', form=form)
             return response
-...
             value = ou.user_add_password_policy
             return ou.USER_ADD_PASSWD_POLICY_VALUES[value]._asdict()
     user_add = UserAddView.as_view()
-...
         def get_other_actions(self):
             for action in super(UserDetailView, self).get_other_actions():
                 yield action
             yield Action('password_reset', _('Reset password'),
                          permission='custom_user.reset_password_user')
             yield Action('password_reset', _('Reset password'), permission='custom_user.reset_password_user')
             if self.object.is_active:
                 yield Action('deactivate', _('Suspend'),
                              permission='custom_user.activate_user')
                 yield Action('deactivate', _('Suspend'), permission='custom_user.activate_user')
             else:
                 yield Action('activate', _('Activate'),
                              permission='custom_user.activate_user')
                 yield Action('activate', _('Activate'), permission='custom_user.activate_user')
             if PasswordReset.objects.filter(user=self.object).exists():
                 yield Action('delete_password_reset', _('Do not force password change on next login'),
                              permission='custom_user.reset_password_user')
                 yield Action(
                     'delete_password_reset',
                     _('Do not force password change on next login'),
                     permission='custom_user.reset_password_user',
+                )
             else:
                 yield Action('force_password_change', _('Force password change on '
                              'next login'),
                              permission='custom_user.reset_password_user')
             yield Action('change_password', _('Change user password'),
                          url_name='a2-manager-user-change-password',
                          permission='custom_user.change_password_user')
                 yield Action(
                     'force_password_change',
                     _('Force password change on ' 'next login'),
                     permission='custom_user.reset_password_user',
+                )
             yield Action(
                 'change_password',
                 _('Change user password'),
                 url_name='a2-manager-user-change-password',
                 permission='custom_user.change_password_user',
+            )
             if self.request.user.is_superuser:
                 yield Action('su', _('Impersonate this user'),
                              url_name='a2-manager-user-su')
                 yield Action('su', _('Impersonate this user'), url_name='a2-manager-user-su')
             if self.object.ou and self.object.ou.validate_emails:
                 yield Action('change_email', _('Change user email'),
                              url_name='a2-manager-user-change-email',
                              permission='custom_user.change_email_user')
                 yield Action(
                     'change_email',
                     _('Change user email'),
                     url_name='a2-manager-user-change-email',
                     permission='custom_user.change_email_user',
+                )
         def action_force_password_change(self, request, *args, **kwargs):
             PasswordReset.objects.get_or_create(user=self.object)
-...
         def action_deactivate(self, request, *args, **kwargs):
             if request.user == self.object:
                 messages.warning(request, _('You cannot desactivate your own '
                                  'user'))
                 messages.warning(request, _('You cannot desactivate your own ' 'user'))
             else:
                 self.object.mark_as_inactive()
                 request.journal.record('manager.user.deactivation', target_user=self.object)
-...
         def action_password_reset(self, request, *args, **kwargs):
             user = self.object
             if not user.email:
                 messages.info(request, _('User has no email, it\'not possible to '
                                          'send him am email to reset its '
                                          'password'))
                 messages.info(
                     request,
                     _('User has no email, it\'not possible to ' 'send him am email to reset its ' 'password'),
+                )
                 return
             send_password_reset_mail(user, request=request)
             messages.info(request, _('A mail was sent to %s') % self.object.email)
-...
             request.journal.record('manager.user.password.change.unforce', target_user=self.object)
         def action_su(self, request, *args, **kwargs):
             return redirect(request, 'auth_logout',
                             params={REDIRECT_FIELD_NAME: switch_user.build_url(self.object)})
             return redirect(
                 request, 'auth_logout', params={REDIRECT_FIELD_NAME: switch_user.build_url(self.object)}
+            )
         # Copied from PasswordResetForm implementation
         def send_mail(self, subject_template_name, email_template_name,
                       context, to_email):
         def send_mail(self, subject_template_name, email_template_name, context, to_email):
             """
             Sends a django.core.mail.EmailMultiAlternatives to `to_email`.
             """
-...
                 if attribute.name == 'address_autocomplete':
                     continue
                 fields.append(attribute.name)
             if self.request.user.is_superuser and \
                     'is_superuser' not in self.fields:
             if self.request.user.is_superuser and 'is_superuser' not in self.fields:
                 fields.append('is_superuser')
             return fields
-...
             # show modify roles button only if something is possible
             kwargs['can_change_roles'] = self.has_perm_on_roles(self.request.user, self.object)
             user_data = []
             user_data += [data for datas in hooks.call_hooks('manager_user_data', self, self.object)
                           for data in datas]
             user_data += [
                 data for datas in hooks.call_hooks('manager_user_data', self, self.object) for data in datas
+            ]
             kwargs['user_data'] = user_data
             ctx = super(UserDetailView, self).get_context_data(**kwargs)
             return ctx
     user_detail = UserDetailView.as_view()
-...
                 fields.append('email')
             for attribute in Attribute.objects.all():
                 fields.append(attribute.name)
             if self.request.user.is_superuser and \
                     'is_superuser' not in self.fields:
             if self.request.user.is_superuser and 'is_superuser' not in self.fields:
                 fields.append('is_superuser')
             return fields
-...
             return select_next_url(
                 self.request,
                 default=reverse('a2-manager-user-detail', kwargs={'pk': self.object.pk}),
                 include_post=True)
                 include_post=True,
+            )
         def get_context_data(self, **kwargs):
             context = super(UserEditView, self).get_context_data(**kwargs)
-...
                 self.object.save()
             response = super(UserEditView, self).form_valid(form)
             if form.has_changed():
                 hooks.call_hooks('event', name='manager-edit-user', user=self.request.user,
                                  instance=form.instance, form=form)
                 hooks.call_hooks(
                     'event', name='manager-edit-user', user=self.request.user, instance=form.instance, form=form
+                )
                 self.request.journal.record('manager.user.profile.edit', form=form)
             return response
     user_edit = UserEditView.as_view()
-...
             headers = fields + tuple(['attribute_%s' % attr for attr in attributes])
             at_mapping = {a.id: a for a in Attribute.objects.all()}
             avs = AttributeValue.objects.filter(
                 content_type=ContentType.objects.get_for_model(get_user_model()))\
                 .filter(attribute__disabled=False).values()
             avs = (
                 AttributeValue.objects.filter(content_type=ContentType.objects.get_for_model(get_user_model()))
                 .filter(attribute__disabled=False)
                 .values()
+            )
             user_attrs = collections.defaultdict(dict)
             for av in avs:
-...
         def form_valid(self, form):
             response = super(UserChangePasswordView, self).form_valid(form)
             hooks.call_hooks('event', name='manager-change-password', user=self.request.user,
                              instance=form.instance, form=form)
             hooks.call_hooks(
                 'event', name='manager-change-password', user=self.request.user, instance=form.instance, form=form
+            )
             self.request.journal.record('manager.user.password.change', form=form)
             return response
-...
                 user=self.request.user,
                 instance=form.instance,
                 form=form,
                 email=new_email)
                 email=new_email,
+            )
             return response
     user_change_email = UserChangeEmailView.as_view()
-...
         def is_ou_specified(self):
             '''Differentiate view of all user's roles from view of roles by OU'''
             return (self.search_form.is_valid()
                     and self.search_form.cleaned_data.get('ou_filter') != 'all')
             return self.search_form.is_valid() and self.search_form.cleaned_data.get('ou_filter') != 'all'
         def get_table_queryset(self):
             if self.is_ou_specified():
-...
                 RoleParenting = get_role_parenting_model()
                 rp_qs = RoleParenting.objects.filter(child__in=roles)
                 qs = Role.objects.all()
                 qs = qs.prefetch_related(models.Prefetch(
                     'child_relation', queryset=rp_qs, to_attr='via'))
                 qs = qs.prefetch_related(models.Prefetch(
                     'members', queryset=User.objects.filter(pk=self.object.pk),
                     to_attr='member'))
                 qs = qs.prefetch_related(models.Prefetch('child_relation', queryset=rp_qs, to_attr='via'))
                 qs = qs.prefetch_related(
                     models.Prefetch('members', queryset=User.objects.filter(pk=self.object.pk), to_attr='member')
+                )
                 qs2 = self.request.user.filter_by_perm('a2_rbac.manage_members_role', qs)
                 managable_ids = [str(pk) for pk in qs2.values_list('pk', flat=True)]
                 qs = qs.extra(select={'has_perm': 'a2_rbac_role.id in (%s)' % ', '.join(managable_ids)})
-...
             if action == 'add':
                 if user.roles.filter(pk=role.pk):
                     messages.warning(
                         self.request,
                         _('User {user} has already the role {role}.')
                         .format(user=user, role=role))
                         self.request, _('User {user} has already the role {role}.').format(user=user, role=role)
+                    )
                 else:
                     user.roles.add(role)
                     hooks.call_hooks('event', name='manager-add-role-member',
                                      user=self.request.user, role=role, member=user)
                     hooks.call_hooks(
                         'event', name='manager-add-role-member', user=self.request.user, role=role, member=user
+                    )
                     self.request.journal.record('manager.role.membership.grant', member=user, role=role)
             elif action == 'remove':
                 if user.roles.filter(pk=role.pk).exists():
                     user.roles.remove(role)
                     hooks.call_hooks('event', name='manager-remove-role-member', user=self.request.user,
                                      role=role, member=user)
                     hooks.call_hooks(
                         'event', name='manager-remove-role-member', user=self.request.user, role=role, member=user
+                    )
                     self.request.journal.record('manager.role.membership.removal', member=user, role=role)
             return super(UserRolesView, self).form_valid(form)
-...
             kwargs['user'] = self.object
             kwargs['role_members_from_ou'] = app_settings.ROLE_MEMBERS_FROM_OU
             kwargs['show_all_ou'] = app_settings.SHOW_ALL_OU
             kwargs['queryset'] = self.request.user.filter_by_perm('a2_rbac.view_role', get_role_model().objects.all())
             kwargs['queryset'] = self.request.user.filter_by_perm(
                 'a2_rbac.view_role', get_role_model().objects.all()
+            )
             if self.object.ou_id:
                 initial = kwargs.setdefault('initial', {})
                 initial['ou'] = str(self.object.ou_id)
-...
         def delete(self, request, *args, **kwargs):
             request.journal.record('manager.user.deletion', target_user=self.object)
             response = super().delete(request, *args, **kwargs)
             hooks.call_hooks('event', name='manager-delete-user', user=request.user,
                              instance=self.object)
             hooks.call_hooks('event', name='manager-delete-user', user=request.user, instance=self.object)
             return response
-...
             from authentic2.manager import user_import
             ctx = super(UserImportsView, self).get_context_data(**kwargs)
             ctx['imports'] = sorted(user_import.UserImport.all(), key=operator.attrgetter('created'), reverse=True)
             ctx['imports'] = sorted(
                 user_import.UserImport.all(), key=operator.attrgetter('created'), reverse=True
+            )
             help_columns = []
             field_columns = ['username', 'email', 'first_name', 'last_name']
             key = 'username'
-...
                 field = User._meta.get_field(field_column)
                 if Attribute.objects.filter(name=field.name).exists():
                     continue
                 help_columns.append({
                     'label': field.verbose_name,
                     'name': field.name,
                     'key': field.name == key,
                 })
                 help_columns.append(
+                    {
                         'label': field.verbose_name,
                         'name': field.name,
                         'key': field.name == key,
+                    }
+                )
             for attribute in Attribute.objects.all():
                 kind = attribute.get_kind()
                 if not kind.get('csv_importable', True):
                     continue
                 help_columns.append({
                     'label': attribute.label,
                     'name': attribute.name,
                     'key': attribute.name == key,
                 })
             help_columns.append({
                 'label': _('Password hash'),
                 'name': 'password_hash',
                 'key': False,
             })
                 help_columns.append(
+                    {
                         'label': attribute.label,
                         'name': attribute.name,
                         'key': attribute.name == key,
+                    }
+                )
             help_columns.append(
+                {
                     'label': _('Password hash'),
                     'name': 'password_hash',
                     'key': False,
+                }
+            )
             ctx['help_columns'] = help_columns
             example_data = u','.join(column['name'] + (' key' if column['key'] else '') for column in help_columns) + '\n'
             example_url = 'data:text/csv;base64,%s' % base64.b64encode(example_data.encode('utf-8')).decode('ascii')
             example_data = (
                 u','.join(column['name'] + (' key' if column['key'] else '') for column in help_columns) + '\n'
+            )
             example_url = 'data:text/csv;base64,%s' % base64.b64encode(example_data.encode('utf-8')).decode(
                 'ascii'
+            )
             ctx['form'].fields['import_file'].help_text = format_html(
                 _('{0}. {1} <a download="{3}" href="{2}">{3}</a>'),
                 ctx['form'].fields['import_file'].help_text,
                 _('ex.:'),
                 example_url,
                 _('users.csv'))
                 _('users.csv'),
+            )
             return ctx
     user_imports = UserImportsView.as_view()
-...
         def dispatch(self, request, uuid, **kwargs):
             from authentic2.manager.user_import import UserImport
             self.user_import = UserImport(uuid)
             if not self.user_import.exists():
                 raise Http404
-...
             ctx['reports'] = sorted(self.user_import.reports, key=operator.attrgetter('created'), reverse=True)
             return ctx
     user_import = UserImportView.as_view()
-...
         def dispatch(self, request, import_uuid, report_uuid):
             from authentic2.manager.user_import import UserImport
             self.user_import = UserImport(import_uuid)
             if not self.user_import.exists():
                 raise Http404
-...
                 ctx['report_title'] = _('Execution')
             return ctx
     user_import_report = UserImportReportView.as_view()
-...
         duration = 30  # seconds
         class Media:
             js = (
                 'authentic2/js/js_seconds_until.js',
+            )
             js = ('authentic2/js/js_seconds_until.js',)
         def dispatch(self, request, *args, **kwargs):
             if not request.user.is_superuser:
-...
             ctx = super(UserSuView, self).get_context_data(**kwargs)
             ctx['su_url'] = make_url(
                 'auth_logout',
                 params={REDIRECT_FIELD_NAME: switch_user.build_url(self.object, self.duration)},
                 request=self.request,
                 absolute=True)
                 absolute=True,
+            )
             ctx['duration'] = self.duration
             return ctx
     su = UserSuView.as_view()
     class UserAuthorizationsView(FormNeedsRequest, BaseFormView, SingleObjectMixin,
                                  BaseTableView, PermissionMixin):
     class UserAuthorizationsView(
         FormNeedsRequest, BaseFormView, SingleObjectMixin, BaseTableView, PermissionMixin
     ):
         permissions = ['custom_user.view_user']
         template_name = 'authentic2/manager/user_authorizations.html'
         title = pgettext_lazy('manager', 'Consent Management')
-...
         @property
         def can_manage_authorizations(self):
             return self.request.user.has_perm(
                 'custom_user.manage_authorizations_user', self.get_object())
             return self.request.user.has_perm('custom_user.manage_authorizations_user', self.get_object())
         def get_table_data(self):
             qs = OIDCAuthorization.objects.filter(user=self.get_object())
-...
                     self.request.journal.record(
                         'manager.user.sso.authorization.deletion',
                         service=oidc_authorization.client,
                         target_user=self.object)
                         target_user=self.object,
+                    )
             return response

     from django.core.exceptions import PermissionDenied, ValidationError
     from django.db import transaction
     from django.views.generic.base import ContextMixin
     from django.views.generic import (FormView, UpdateView, CreateView, DeleteView, TemplateView,
                                       DetailView, View)
     from django.views.generic import FormView, UpdateView, CreateView, DeleteView, TemplateView, DetailView, View
     from django.views.generic.detail import SingleObjectMixin
     from django.views.generic.edit import FormMixin
     from django.http import HttpResponse, Http404
-...
     class MultipleOUMixin(object):
         '''Tell templates if there are multiple OU for adaptation in breadcrumbs for example'''
         def get_context_data(self, **kwargs):
             kwargs['multiple_ou'] = utils.get_ou_count() > 1
             return super(MultipleOUMixin, self).get_context_data(**kwargs)
-...
     @six.add_metaclass(MediaMixinBase)
     class MediaMixin(object):
         '''Expose needed CSS and JS files as a media object'''
         class Media:
             js = (
                 xstatic('jquery.js', 'jquery.min.js'),
-...
                 'authentic2/js/purl.js',
                 'authentic2/manager/js/manager.js',
+            )
             css = {
                 'all': (
                     'authentic2/manager/css/style.css',
+                )
+            }
             css = {'all': ('authentic2/manager/css/style.css',)}
         def get_context_data(self, **kwargs):
             kwargs['media'] = self.media
-...
     class PermissionMixin(object):
         '''Control access to views based on permissions'''
         permissions = None
         permissions_global = False
-...
                 model_name = self.model._meta.model_name
                 add_perm = '%s.add_%s' % (app_label, model_name)
                 self.can_add = request.user.has_perm_any(add_perm)
                 if hasattr(self, 'get_object') \
                         and ((hasattr(self, 'pk_url_kwarg')
                               and self.pk_url_kwarg in self.kwargs)
                              or (hasattr(self, 'slug_url_kwarg')
                                  and self.slug_url_kwarg in self.kwargs)):
                 if hasattr(self, 'get_object') and (
                     (hasattr(self, 'pk_url_kwarg') and self.pk_url_kwarg in self.kwargs)
                     or (hasattr(self, 'slug_url_kwarg') and self.slug_url_kwarg in self.kwargs)
                 ):
                     self.object = self.get_object()
                     permissions = ('view', 'change', 'delete', 'manage_members')
                     for permission in permissions:
                         perm = '%s.%s_%s' % (app_label, permission, model_name)
                         setattr(self, 'can_' + permission,
                                 request.user.has_perm(perm, self.object))
                     if self.permissions \
                             and not request.user.has_perms(
                                 self.permissions, self.object):
                         setattr(self, 'can_' + permission, request.user.has_perm(perm, self.object))
                     if self.permissions and not request.user.has_perms(self.permissions, self.object):
                         raise PermissionDenied
                 elif self.permissions \
                         and not request.user.has_perm_any(self.permissions):
                 elif self.permissions and not request.user.has_perm_any(self.permissions):
                     raise PermissionDenied
             else:
                 if self.permissions:
-...
     class SearchFormMixin(object):
         '''Handle a search form on the current table view.
         """Handle a search form on the current table view.
            The search form class must implement a .filter(qs) method returning a new queryset.'''
         The search form class must implement a .filter(qs) method returning a new queryset."""
         search_form_class = None
-...
     class Action(object):
         '''Describe an action for view supporting multiples actions.'''
         name = None
         title = None
         confirm = None
-...
         popup = True
         permission = None
         def __init__(self, name=None, title=None, confirm=None, url_name=None, url=None,
                      popup=None, permission=None):
         def __init__(
             self, name=None, title=None, confirm=None, url_name=None, url=None, popup=None, permission=None
         ):
             if name is not None:
                 self.name = name
             if title is not None:
-...
     class AjaxFormViewMixin(object):
         '''Implement a JSON response for view which can be included in an AJAX popup'''
         success_url = '.'
         def dispatch(self, request, *args, **kwargs):
             response = super(AjaxFormViewMixin, self).dispatch(request, *args,
                                                                **kwargs)
             response = super(AjaxFormViewMixin, self).dispatch(request, *args, **kwargs)
             return self.return_ajax_response(request, response)
         def return_ajax_response(self, request, response):
-...
                 # empty location means that the view can be used from anywhere
                 # and so the redirect URL should not be used
                 # otherwise compute an absolute URI from the relative URI
                 if location and (not location.startswith('http://')
                                  or not location.startswith('https://')
                                  or not location.startswith('/')):
                 if location and (
                     not location.startswith('http://')
                     or not location.startswith('https://')
                     or not location.startswith('/')
                 ):
                     location = request.build_absolute_uri(location)
                 data['location'] = location
             if hasattr(response, 'render'):
-...
     class TitleMixin(object):
         '''Mixin to provide a title to the view's template'''
         title = ''
         def get_context_data(self, **kwargs):
-...
     class ActionMixin(object):
         '''Describe the main action implementd by a view'''
         action = None
         def get_context_data(self, **kwargs):
-...
     class OtherActionsMixin(object):
         '''Describe secondary actions possible on a view'''
         other_actions = None
         def get_context_data(self, **kwargs):
-...
                         method = getattr(self, 'action_' + action.name, None)
                         if method:
                             response = method(request, *args, **kwargs)
                     hooks.call_hooks('event', name='manager-action', user=self.request.user,
                                      action=action, instance=self.object)
                     hooks.call_hooks(
                         'event',
                         name='manager-action',
                         user=self.request.user,
                         action=action,
                         instance=self.object,
+                    )
                     if response:
                         return response
                     self.request.method = 'GET'
-...
     class ExportMixin(object):
         '''Help in implementd export views'''
         http_method_names = ['get', 'head', 'options']
         export_prefix = ''
-...
         def export_response(self, content, content_type, export_format):
             response = HttpResponse(content, content_type=content_type)
             filename = '%s%s.%s' % (self.get_export_prefix(), now().strftime('%Y%m%d_%H%M%S'),
                                     export_format)
             response['Content-Disposition'] = 'attachment; filename="%s"' \
                 % filename
             filename = '%s%s.%s' % (self.get_export_prefix(), now().strftime('%Y%m%d_%H%M%S'), export_format)
             response['Content-Disposition'] = 'attachment; filename="%s"' % filename
             return response
     class FormNeedsRequest(object):
         def get_form_kwargs(self):
             kwargs = super(FormNeedsRequest, self).get_form_kwargs()
             if getattr(self.get_form_class(), 'need_request', False):
-...
         def get_table(self, **kwargs):
             table = super(TableHookMixin, self).get_table(**kwargs)
             import copy
             table = copy.deepcopy(table)
             hooks.call_hooks('manager_modify_table', self, table)
             return table
     class BaseTableView(MultipleOUMixin, TitleMixin, TableHookMixin, FormatsContextData, ModelNameMixin,
                         PermissionMixin, SearchFormMixin, FilterQuerysetByPermMixin, TableQuerysetMixin,
                         SingleTableView):
     class BaseTableView(
         MultipleOUMixin,
         TitleMixin,
         TableHookMixin,
         FormatsContextData,
         ModelNameMixin,
         PermissionMixin,
         SearchFormMixin,
         FilterQuerysetByPermMixin,
         TableQuerysetMixin,
         SingleTableView,
     ):
         '''Base class for views showing a table of objects'''
         pass
     class SubTableViewMixin(TableHookMixin, FormatsContextData, ModelNameMixin, PermissionMixin,
                             SearchFormMixin, FilterTableQuerysetByPermMixin,
                             TableQuerysetMixin, SingleObjectMixin,
                             SingleTableMixin, ContextMixin):
     class SubTableViewMixin(
         TableHookMixin,
         FormatsContextData,
         ModelNameMixin,
         PermissionMixin,
         SearchFormMixin,
         FilterTableQuerysetByPermMixin,
         TableQuerysetMixin,
         SingleObjectMixin,
         SingleTableMixin,
         ContextMixin,
     ):
         '''Helper class for views showing a table of objects related to one object'''
         context_object_name = 'object'
         paginate_by = None
-...
         pass
     class BaseSubTableView(MultipleOUMixin, TitleMixin, SubTableViewMixin,
                            FormNeedsRequest, FormView):
     class BaseSubTableView(MultipleOUMixin, TitleMixin, SubTableViewMixin, FormNeedsRequest, FormView):
         '''Base class for views showing a table of objects related to one object'''
         success_url = '.'
     class BaseDeleteView(TitleMixin, ModelNameMixin, PermissionMixin,
                          AjaxFormViewMixin, DeleteView):
     class BaseDeleteView(TitleMixin, ModelNameMixin, PermissionMixin, AjaxFormViewMixin, DeleteView):
         '''Base class for views implementing deletion of an object'''
         template_name = 'authentic2/manager/delete.html'
         context_object_name = 'object'
-...
     class ModelFormView(MediaMixin, FormNeedsRequest):
         '''Base class for views showing a form for a model'''
         fields = None
         form_class = None
-...
             return self.fields
         def get_form_class(self):
             return modelform_factory(self.model, form=self.form_class,
                                      fields=self.get_fields())
             return modelform_factory(self.model, form=self.form_class, fields=self.get_fields())
         def get_form(self, form_class=None):
             form = super(ModelFormView, self).get_form(form_class=form_class)
-...
             return form
     class BaseDetailView(MultipleOUMixin, TitleMixin, ModelNameMixin, PermissionMixin, ModelFormView,
                          DetailView):
     class BaseDetailView(MultipleOUMixin, TitleMixin, ModelNameMixin, PermissionMixin, ModelFormView, DetailView):
         context_object_name = 'object'
         form_class = None
-...
             return ctx
     class BaseAddView(MultipleOUMixin, TitleMixin, ModelNameMixin, PermissionMixin,
                       AjaxFormViewMixin, ModelFormView, CreateView):
     class BaseAddView(
         MultipleOUMixin, TitleMixin, ModelNameMixin, PermissionMixin, AjaxFormViewMixin, ModelFormView, CreateView
     ):
         '''Base class for views for adding an instance of a model'''
         template_name = 'authentic2/manager/form.html'
         success_view_name = None
         context_object_name = 'object'
-...
             return reverse(self.success_view_name, kwargs={'pk': self.object.pk})
     class BaseEditView(MultipleOUMixin, SuccessMessageMixin, TitleMixin, ModelNameMixin,
                        PermissionMixin, AjaxFormViewMixin, ModelFormView, UpdateView):
     class BaseEditView(
         MultipleOUMixin,
         SuccessMessageMixin,
         TitleMixin,
         ModelNameMixin,
         PermissionMixin,
         AjaxFormViewMixin,
         ModelFormView,
         UpdateView,
     ):
         '''Base class for views for editing an instance of a model'''
         template_name = 'authentic2/manager/form.html'
         context_object_name = 'object'
-...
     class HomepageView(TitleMixin, PermissionMixin, MediaMixin, TemplateView):
         template_name = 'authentic2/manager/homepage.html'
         permissions = ['a2_rbac.search_role', 'a2_rbac.search_organizationalunit',
                        'auth.search_group', 'custom_user.search_user']
         permissions = [
             'a2_rbac.search_role',
             'a2_rbac.search_organizationalunit',
             'auth.search_group',
             'custom_user.search_user',
+        ]
         default_entries = [
+            {
                 'class': 'icon-organizational-units',
-...
         def get_homepage_entries(self):
             entries = []
             for hook_entries in itertools.chain(
                     self.default_entries,
                     hooks.call_hooks('manager_homepage_entries', self)):
                 self.default_entries, hooks.call_hooks('manager_homepage_entries', self)
             ):
                 if not hasattr(hook_entries, 'append'):
                     hook_entries = [hook_entries]
                 for entry in hook_entries:
-...
             for entry in self.get_homepage_entries():
                 if entry.get('slug') == 'journal':
                     continue
                 menu_entries.append({
                     'label': six.text_type(entry['label']),
                     'slug': entry.get('slug', ''),
                     'url': request.build_absolute_uri(six.text_type(entry['href'])),
                 })
                 menu_entries.append(
+                    {
                         'label': six.text_type(entry['label']),
                         'slug': entry.get('slug', ''),
                         'url': request.build_absolute_uri(six.text_type(entry['href'])),
+                    }
+                )
             return menu_entries
-...
         def get_table(self, **kwargs):
             OU = get_ou_model()
             exclude_ou = False
             if (hasattr(self, 'search_form')
                     and self.search_form.is_valid()
                     and self.search_form.cleaned_data.get('ou') is not None):
             if (
                 hasattr(self, 'search_form')
                 and self.search_form.is_valid()
                 and self.search_form.cleaned_data.get('ou') is not None
             ):
                 exclude_ou = True
             if OU.objects.count() < 2:
                 exclude_ou = True
-...
             if not widget_class or not hasattr(widgets, widget_class):
                 raise Http404('Missing or unknown widget class.')
             widget = getattr(widgets, widget_class)()
             if not isinstance(widget, (widgets.SimpleModelSelect2Widget, widgets.SimpleModelSelect2MultipleWidget)):
             if not isinstance(
                 widget, (widgets.SimpleModelSelect2Widget, widgets.SimpleModelSelect2MultipleWidget)
             ):
                 raise Http404('Reference to invalid widget class')
             qs = widget.get_queryset()
             qs.query.where = pickle.loads(base64.b64decode(field_data['where_clause']))
-...
     class SiteExport(View):
         def get(self, request, *args, **kwargs):
             if not request.user.is_superuser:
                 raise PermissionDenied
             return HttpResponse(
                 json.dumps(export_site(), indent=4), content_type='application/json')
             return HttpResponse(json.dumps(export_site(), indent=4), content_type='application/json')
     site_export = SiteExport.as_view()

     class SearchUserWidgetMixin(SplitTermMixin):
         model = get_user_model()
         search_fields = [
             'username__icontains', 'first_name__icontains',
             'last_name__icontains', 'email__icontains'
             'username__icontains',
             'first_name__icontains',
             'last_name__icontains',
             'email__icontains',
+        ]
         def label_from_instance(self, user):
-...
         def label_from_instance(self, obj):
             label = six.text_type(obj)
             if obj.ou and utils.get_ou_count() > 1:
                 label = u'{ou} - {obj}'.format(
                     ou=obj.ou, obj=obj)
                 label = u'{ou} - {obj}'.format(ou=obj.ou, obj=obj)
             return label

         def get_by_natural_key(self, slug):
             return self.get(slug=slug)
     GetBySlugManager = GetBySlugQuerySet.as_manager
-...
         def get_by_natural_key(self, name):
             return self.get(name=name)
     GetByNameManager = GetByNameQuerySet.as_manager
-...
             content_type = ContentType.objects.get_for_model(model)
             return self.filter(content_type=content_type, object_id=model.pk)
     GenericManager = models.Manager.from_queryset(GenericQuerySet)
-...
         def get_by_natural_key(self, ct_nk, owner_nk, attribute_nk):
             from .models import Attribute, AttributeValue
             try:
                 ct = ContentType.objects.get_by_natural_key(*ct_nk)
             except ContentType.DoesNotExist:

     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import time
     try:
         import threading
     except ImportError:
-...
             else:
                 domain = app_settings.A2_OPENED_SESSION_COOKIE_DOMAIN
             if hasattr(request, 'user') and request.user.is_authenticated:
                 response.set_cookie(name, value='1', max_age=None, domain=domain,
                                     secure=app_settings.A2_OPENED_SESSION_COOKIE_SECURE)
                 response.set_cookie(
                     name,
                     value='1',
                     max_age=None,
                     domain=domain,
                     secure=app_settings.A2_OPENED_SESSION_COOKIE_SECURE,
+                )
             elif app_settings.A2_OPENED_SESSION_COOKIE_NAME in request.COOKIES:
                 response.delete_cookie(name, domain=domain)
             return response
-...
     class XForwardedForMiddleware(MiddlewareMixin):
         '''Copy the first address from X-Forwarded-For header to the REMOTE_ADDR meta.
         """Copy the first address from X-Forwarded-For header to the REMOTE_ADDR meta.
         This middleware should only be used if you are sure the header cannot be
         forged (behind a reverse proxy for example)."""
            This middleware should only be used if you are sure the header cannot be
            forged (behind a reverse proxy for example).'''
         def process_request(self, request):
             if 'HTTP_X_FORWARDED_FOR' in request.META:
                 request.META['REMOTE_ADDR'] = request.META['HTTP_X_FORWARDED_FOR'].split(",")[0].strip()
-...
     class DisplayMessageBeforeRedirectMiddleware(MiddlewareMixin):
         '''Verify if messages are currently stored and if there is a redirection to another domain, in
            this case show an intermediate page.
         '''
         """Verify if messages are currently stored and if there is a redirection to another domain, in
         this case show an intermediate page.
         """
         def process_response(self, request, response):
             # Check if response is a redirection
             if response.status_code not in (301, 302, 303, 307, 308):
-...
             if not parsed_url.scheme and not parsed_url.netloc:
                 return response
             parsed_request_url = urlparse.urlparse(request.build_absolute_uri())
             if (parsed_request_url.scheme == parsed_url.scheme or not parsed_url.scheme) and \
                     (parsed_request_url.netloc == parsed_url.netloc):
             if (parsed_request_url.scheme == parsed_url.scheme or not parsed_url.scheme) and (
                 parsed_request_url.netloc == parsed_url.netloc
             ):
                 return response
             # Check if there is some messages to show
             storage = messages.get_messages(request)
-...
         def middleware(request):
             request.journal = journal.Journal(request=request)
             return get_response(request)
         return middleware
-...
                     return http.HttpResponseBadRequest('null character in form data')
             return get_response(request)
         return middleware

             migrations.CreateModel(
                 name='Attribute',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('label', models.CharField(unique=True, max_length=63, verbose_name='label')),
                     ('description', models.TextField(verbose_name='description', blank=True)),
                     ('name', models.SlugField(unique=True, max_length=256, verbose_name='name')),
                     ('required', models.BooleanField(blank=True, default=False, verbose_name='required')),
                     ('asked_on_registration', models.BooleanField(blank=True, default=False, verbose_name='asked on registration')),
                     ('user_editable', models.BooleanField(blank=True, default=False, verbose_name='user editable')),
+                    (
                         'asked_on_registration',
                         models.BooleanField(blank=True, default=False, verbose_name='asked on registration'),
                     ),
+                    (
                         'user_editable',
                         models.BooleanField(blank=True, default=False, verbose_name='user editable'),
                     ),
                     ('user_visible', models.BooleanField(blank=True, default=False, verbose_name='user visible')),
                     ('multiple', models.BooleanField(blank=True, default=False, verbose_name='multiple')),
                     ('kind', models.CharField(max_length=16, verbose_name='kind', choices=[('string', '<django.utils.functional.__proxy__ object at 0x303d350>')])),
+                    (
                         'kind',
                         models.CharField(
                             max_length=16,
                             verbose_name='kind',
                             choices=[('string', '<django.utils.functional.__proxy__ object at 0x303d350>')],
                         ),
                     ),
                 ],
                 options={
                     'verbose_name': 'attribute definition',
-...
             migrations.CreateModel(
                 name='AttributeValue',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('object_id', models.PositiveIntegerField(verbose_name='object identifier')),
                     ('content', models.TextField(verbose_name='content')),
                     ('attribute', models.ForeignKey(verbose_name='attribute', to='authentic2.Attribute', on_delete=models.CASCADE)),
                     ('content_type', models.ForeignKey(verbose_name='content type', to='contenttypes.ContentType', on_delete=models.CASCADE)),
+                    (
                         'attribute',
                         models.ForeignKey(
                             verbose_name='attribute', to='authentic2.Attribute', on_delete=models.CASCADE
                         ),
                     ),
+                    (
                         'content_type',
                         models.ForeignKey(
                             verbose_name='content type', to='contenttypes.ContentType', on_delete=models.CASCADE
                         ),
                     ),
                 ],
                 options={
                     'verbose_name': 'attribute value',
-...
             migrations.CreateModel(
                 name='AuthenticationEvent',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('when', models.DateTimeField(auto_now=True, verbose_name='when')),
                     ('who', models.CharField(max_length=80, verbose_name='who')),
                     ('how', models.CharField(max_length=32, verbose_name='how')),
-...
             migrations.CreateModel(
                 name='DeletedUser',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('creation', models.DateTimeField(auto_now_add=True, verbose_name='creation date')),
                     ('user', models.ForeignKey(verbose_name='user', to='auth.User', on_delete=models.CASCADE)),
                 ],
-...
             migrations.CreateModel(
                 name='FederatedId',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('provider', models.CharField(max_length=255, verbose_name='provider')),
                     ('about', models.CharField(max_length=255, verbose_name='about')),
                     ('service', models.CharField(max_length=255, verbose_name='service')),
-...
             migrations.CreateModel(
                 name='LogoutUrl',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
                     ('logout_url', models.URLField(help_text='you can use a {} to pass the URL of the success icon, ex.: http://example.com/logout?next={}', max_length=255, null=True, verbose_name='url', blank=True)),
                     ('logout_use_iframe', models.BooleanField(default=False, verbose_name='use an iframe instead of an img tag for logout')),
                     ('logout_use_iframe_timeout', models.PositiveIntegerField(default=300, help_text="if iframe logout is used, it's the time between the onload event for this iframe and the moment we consider its loading to be really finished", verbose_name='iframe logout timeout (ms)')),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
+                    (
                         'logout_url',
                         models.URLField(
                             help_text='you can use a {} to pass the URL of the success icon, ex.: http://example.com/logout?next={}',
                             max_length=255,
                             null=True,
                             verbose_name='url',
                             blank=True,
                         ),
                     ),
+                    (
                         'logout_use_iframe',
                         models.BooleanField(
                             default=False, verbose_name='use an iframe instead of an img tag for logout'
                         ),
                     ),
+                    (
                         'logout_use_iframe_timeout',
                         models.PositiveIntegerField(
                             default=300,
                             help_text="if iframe logout is used, it's the time between the onload event for this iframe and the moment we consider its loading to be really finished",
                             verbose_name='iframe logout timeout (ms)',
                         ),
                     ),
                     ('object_id', models.PositiveIntegerField(verbose_name='object identifier')),
                     ('content_type', models.ForeignKey(verbose_name='content type', to='contenttypes.ContentType', on_delete=models.CASCADE)),
+                    (
                         'content_type',
                         models.ForeignKey(
                             verbose_name='content type', to='contenttypes.ContentType', on_delete=models.CASCADE
                         ),
                     ),
                 ],
                 options={
                     'verbose_name': 'logout URL',
-...
             migrations.CreateModel(
                 name='PasswordReset',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('user', models.ForeignKey(verbose_name='user', to='auth.User', on_delete=models.CASCADE)),
                 ],
                 options={
-...
             migrations.CreateModel(
                 name='UserExternalId',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('source', models.URLField(max_length=256, verbose_name='source')),
                     ('external_id', models.CharField(max_length=256, verbose_name='external id')),
                     ('created', models.DateTimeField(auto_now_add=True, verbose_name='creation date')),

             migrations.AlterField(
                 model_name='deleteduser',
                 name='user',
                 field=models.ForeignKey(verbose_name='user', to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE),
                 field=models.ForeignKey(
                     verbose_name='user', to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE
                 ),
                 preserve_default=True,
             ),
             migrations.AlterField(
                 model_name='passwordreset',
                 name='user',
                 field=models.ForeignKey(verbose_name='user', to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE),
                 field=models.ForeignKey(
                     verbose_name='user', to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE
                 ),
                 preserve_default=True,
             ),
             migrations.AlterField(
                 model_name='userexternalid',
                 name='user',
                 field=models.ForeignKey(verbose_name='user', to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE),
                 field=models.ForeignKey(
                     verbose_name='user', to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE
                 ),
                 preserve_default=True,
             ),
+        ]

             migrations.CreateModel(
                 name='Service',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('name', models.CharField(max_length=128, verbose_name='name')),
                     ('slug', models.SlugField(max_length=128, verbose_name='slug')),
                 ],

             migrations.AddField(
                 model_name='service',
                 name='ou',
                 field=models.ForeignKey(blank=True, to=settings.RBAC_OU_MODEL, null=True, on_delete=models.CASCADE),
                 field=models.ForeignKey(
                     blank=True, to=settings.RBAC_OU_MODEL, null=True, on_delete=models.CASCADE
                 ),
                 preserve_default=True,
             ),
             migrations.AlterUniqueTogether(

     from django.db import migrations
     from authentic2.migrations import CreatePartialIndexes
     class Migration(migrations.Migration):
         dependencies = [
-...
+        ]
         operations = [
             CreatePartialIndexes('Service', 'authentic2_service',
                                  'authentic2_service_uniq_idx', ('ou_id',),
                                  ('slug',)),
             CreatePartialIndexes(
                 'Service', 'authentic2_service', 'authentic2_service_uniq_idx', ('ou_id',), ('slug',)
             ),
+        ]

             migrations.AlterField(
                 model_name='service',
                 name='ou',
                 field=models.ForeignKey(verbose_name='organizational unit', blank=True, to=settings.RBAC_OU_MODEL, null=True, on_delete=models.CASCADE),
                 field=models.ForeignKey(
                     verbose_name='organizational unit',
                     blank=True,
                     to=settings.RBAC_OU_MODEL,
                     null=True,
                     on_delete=models.CASCADE,
                 ),
                 preserve_default=True,
             ),
+        ]

             migrations.AlterField(
                 model_name='passwordreset',
                 name='user',
                 field=models.ForeignKey(verbose_name='user', to=settings.AUTH_USER_MODEL, unique=True, on_delete=models.CASCADE),
                 field=models.ForeignKey(
                     verbose_name='user', to=settings.AUTH_USER_MODEL, unique=True, on_delete=models.CASCADE
                 ),
                 preserve_default=True,
             ),
+        ]

src/authentic2/migrations/0009_auto_20160211_2247.py
3	3
4	4	from django.db import models, migrations
5	5
	6
6	7	def deduplicate_attribute_values(apps, schema_editor):
7	8	AttributeValue = apps.get_model('authentic2', 'AttributeValue')
8	9	seen = set()

             migrations.AlterField(
                 model_name='attributevalue',
                 name='multiple',
                 field=models.NullBooleanField(default=False) if django.VERSION < (2,) else models.BooleanField(default=False, null=True),
                 field=models.NullBooleanField(default=False)
                 if django.VERSION < (2,)
                 else models.BooleanField(default=False, null=True),
             ),
+        ]

                 name='attributevalue',
                 unique_together=set([('content_type', 'object_id', 'attribute', 'multiple', 'content')]),
             ),
             CreatePartialIndexes('AttributeValue', 'authentic2_attributevalue',
                                  'authentic2_attribute_value_partial_unique_idx',
                                  (), ('content_type_id', 'object_id', 'attribute_id'),
                                  where=(('multiple = %s', (False,)),))
             CreatePartialIndexes(
                 'AttributeValue',
                 'authentic2_attributevalue',
                 'authentic2_attribute_value_partial_unique_idx',
                 (),
                 ('content_type_id', 'object_id', 'attribute_id'),
                 where=(('multiple = %s', (False,)),),
             ),
+        ]

             migrations.AlterField(
                 model_name='passwordreset',
                 name='user',
                 field=models.OneToOneField(verbose_name='user', to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE),
                 field=models.OneToOneField(
                     verbose_name='user', to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE
                 ),
             ),
+        ]

             migrations.CreateModel(
                 name='AuthorizedRole',
                 fields=[
                     ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                    (
                         'id',
                         models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True),
                     ),
                     ('role', models.ForeignKey(to=settings.RBAC_ROLE_MODEL, on_delete=models.CASCADE)),
                 ],
             ),
             migrations.AddField(
                 model_name='service',
                 name='unauthorized_url',
                 field=models.URLField(max_length=256, null=True, verbose_name='callback url when unauthorized', blank=True),
                 field=models.URLField(
                     max_length=256, null=True, verbose_name='callback url when unauthorized', blank=True
                 ),
             ),
             migrations.AddField(
                 model_name='authorizedrole',
-...
             migrations.AddField(
                 model_name='service',
                 name='authorized_roles',
                 field=models.ManyToManyField(related_name='allowed_services', verbose_name='authorized services', to=settings.RBAC_ROLE_MODEL, through='authentic2.AuthorizedRole', blank=True),
                 field=models.ManyToManyField(
                     related_name='allowed_services',
                     verbose_name='authorized services',
                     to=settings.RBAC_ROLE_MODEL,
                     through='authentic2.AuthorizedRole',
                     blank=True,
                 ),
             ),
+        ]

             ),
             migrations.AlterModelOptions(
                 name='attribute',
                 options={'base_manager_name': 'all_objects', 'ordering': ('order', 'id'), 'verbose_name': 'attribute definition', 'verbose_name_plural': 'attribute definitions'},
                 options={
                     'base_manager_name': 'all_objects',
                     'ordering': ('order', 'id'),
                     'verbose_name': 'attribute definition',
                     'verbose_name_plural': 'attribute definitions',
                 },
             ),
             migrations.AlterModelManagers(
                 name='attribute',

             migrations.AddField(
                 model_name='attribute',
                 name='scopes',
                 field=models.CharField(default='', help_text='scopes separated by spaces', max_length=256, verbose_name='scopes', blank=True),
                 field=models.CharField(
                     default='',
                     help_text='scopes separated by spaces',
                     max_length=256,
                     verbose_name='scopes',
                     blank=True,
                 ),
             ),
+        ]

         operations = [
             migrations.CreateModel(
                 name='LDAPUser',
                 fields=[
                 ],
                 fields=[],
                 options={
                     'proxy': True,
                 },

             migrations.AlterField(
                 model_name='deleteduser',
                 name='user',
                 field=models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, related_name='deletion', to=settings.AUTH_USER_MODEL, verbose_name='user'),
                 field=models.OneToOneField(
                     on_delete=django.db.models.deletion.CASCADE,
                     related_name='deletion',
                     to=settings.AUTH_USER_MODEL,
                     verbose_name='user',
                 ),
             ),
+        ]

             migrations.CreateModel(
                 name='Token',
                 fields=[
                     ('uuid', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False, verbose_name='Identifier')),
+                    (
                         'uuid',
                         models.UUIDField(
                             default=uuid.uuid4,
                             editable=False,
                             primary_key=True,
                             serialize=False,
                             verbose_name='Identifier',
                         ),
                     ),
                     ('kind', models.CharField(max_length=32, verbose_name='Kind')),
                     ('content', django.contrib.postgres.fields.jsonb.JSONField(blank=True, verbose_name='Content')),
+                    (
                         'content',
                         django.contrib.postgres.fields.jsonb.JSONField(blank=True, verbose_name='Content'),
                     ),
                     ('created', models.DateTimeField(verbose_name='Creation date', auto_now_add=True)),
                     ('expires', models.DateTimeField(verbose_name='Expires')),
                 ],

         DeletedUser = apps.get_model('authentic2', 'DeletedUser')
         User = apps.get_model('custom_user', 'User')
         User.objects.update(
             deleted=models.Subquery(DeletedUser.objects.filter(user_id=models.OuterRef('id')).values_list('creation')[:1]))
             deleted=models.Subquery(
                 DeletedUser.objects.filter(user_id=models.OuterRef('id')).values_list('creation')[:1]
+            )
+        )
     class Migration(migrations.Migration):

                     "CREATE OR REPLACE FUNCTION public.immutable_unaccent(text) RETURNS varchar AS $$ "
                     "SELECT public.unaccent('public.unaccent',$1::text); $$ LANGUAGE 'sql' IMMUTABLE",
                     "CREATE INDEX custom_user_name_gist_idx ON custom_user_user USING gist "
                     "(LOWER(public.immutable_unaccent(first_name || ' ' || last_name)) public.gist_trgm_ops)"
                     "(LOWER(public.immutable_unaccent(first_name || ' ' || last_name)) public.gist_trgm_ops)",
                 ],
                 reverse_sql=[
                     "DROP INDEX IF EXISTS custom_user_name_gist_idx",

         operations = [
             migrations.AlterModelOptions(
                 name='attributevalue',
                 options={'ordering': ('attribute__order', 'id'), 'verbose_name': 'attribute value', 'verbose_name_plural': 'attribute values'},
                 options={
                     'ordering': ('attribute__order', 'id'),
                     'verbose_name': 'attribute value',
                     'verbose_name_plural': 'attribute values',
                 },
             ),
+        ]

     def clean_admin_tools_tables(apps, schema_editor):
         try:
             with schema_editor.connection.cursor() as cursor:
                 cursor.execute("SELECT table_name FROM information_schema.tables "
                                "WHERE table_schema = current_schema() "
                                "AND table_name LIKE 'admin_tools%'")
                 cursor.execute(
                     "SELECT table_name FROM information_schema.tables "
                     "WHERE table_schema = current_schema() "
                     "AND table_name LIKE 'admin_tools%'"
+                )
                 rows = cursor.fetchall()
                 for table_name, in rows:
                 for (table_name,) in rows:
                     cursor.execute('DROP TABLE "%s" CASCADE' % table_name)
         except Exception:
             logging.getLogger(__name__).exception('migration authentic2.0030 failed')

     def create_trigger(apps, schema_editor):
         with schema_editor.connection.cursor() as cursor:
             cursor.execute('SHOW default_text_search_config')
             default_text_search_config, = cursor.fetchone()
             cursor.execute('''CREATE OR REPLACE FUNCTION authentic2_update_atv_search_vector() RETURNS TRIGGER AS $$
             (default_text_search_config,) = cursor.fetchone()
             cursor.execute(
                 '''CREATE OR REPLACE FUNCTION authentic2_update_atv_search_vector() RETURNS TRIGGER AS $$
     BEGIN
         IF TG_OP = 'INSERT' OR (TG_OP = 'UPDATE' AND NEW.content <> OLD.content) THEN
             NEW.search_vector = to_tsvector(NEW.content);
         END IF;
         RETURN NEW;
     END; $$ LANGUAGE plpgsql''')
             cursor.execute('''CREATE TRIGGER authentic2_attributevalue_search_vector_trigger
     END; $$ LANGUAGE plpgsql'''
+            )
             cursor.execute(
                 '''CREATE TRIGGER authentic2_attributevalue_search_vector_trigger
     BEFORE INSERT OR UPDATE OF content
     ON authentic2_attributevalue
     FOR EACH ROW EXECUTE PROCEDURE authentic2_update_atv_search_vector()''')
     FOR EACH ROW EXECUTE PROCEDURE authentic2_update_atv_search_vector()'''
+            )
     def drop_trigger(apps, schema_editor):
         with schema_editor.connection.cursor() as cursor:
             cursor.execute('DROP TRIGGER IF EXISTS authentic2_attributevalue_search_vector_trigger ON authentic2_attributevalue')
             cursor.execute(
                 'DROP TRIGGER IF EXISTS authentic2_attributevalue_search_vector_trigger ON authentic2_attributevalue'
+            )
             cursor.execute('DROP FUNCTION IF EXISTS authentic2_update_atv_search_vector')
-...
             ),
             migrations.AddIndex(
                 model_name='attributevalue',
                 index=django.contrib.postgres.indexes.GinIndex(fields=['search_vector'], name='authentic2_atv_tsvector_idx')
                 index=django.contrib.postgres.indexes.GinIndex(
                     fields=['search_vector'], name='authentic2_atv_tsvector_idx'
                 ),
             ),
             migrations.RunPython(create_trigger, drop_trigger),
+        ]

     class CreatePartialIndexes(Operation):
         reversible = True
         def __init__(self, model_name, table_name, index_name, nullable_columns, non_null_columns,
                      null_columns=None, where=None):
         def __init__(
             self,
             model_name,
             table_name,
             index_name,
             nullable_columns,
             non_null_columns,
             null_columns=None,
             where=None,
         ):
             self.model_name = model_name
             self.table_name = table_name
             self.index_name = index_name
-...
                             clause, params = clause
                             assert isinstance(clause, six.string_types)
                             assert isinstance(params, tuple)
                             clause = clause % tuple(schema_editor.quote_value(param) for param in
                                                      params)
                             clause = clause % tuple(schema_editor.quote_value(param) for param in params)
                         assert isinstance(clause, six.string_types)
                         clauses.append(clause)
                     where_clause = ' AND '.join(clauses)
                     # SQLite does not accept parameters in partial index creations, don't ask why :/
                     schema_editor.execute('CREATE UNIQUE INDEX "%s_%s" ON %s (%s) WHERE %s' %
                                           (self.index_name, i, self.table_name, index, where_clause))
                     schema_editor.execute(
                         'CREATE UNIQUE INDEX "%s_%s" ON %s (%s) WHERE %s'
                         % (self.index_name, i, self.table_name, index, where_clause)
+                    )
                 else:
                     schema_editor.execute('CREATE UNIQUE INDEX "%s_%s" ON %s (%s)' %
                                           (self.index_name, i, self.table_name, index))
                     schema_editor.execute(
                         'CREATE UNIQUE INDEX "%s_%s" ON %s (%s)' % (self.index_name, i, self.table_name, index)
+                    )
         def database_backwards(self, app_label, schema_editor, from_state, to_state):
             if not self.allowed(app_label, schema_editor, to_state):

         from django.contrib.contenttypes.generic import GenericForeignKey
     from . import managers
     # install our natural_key implementation
     from . import natural_key as unused_natural_key  # noqa: F401
     from .utils import ServiceAccessDenied
     class UserExternalId(models.Model):
         user = models.ForeignKey(
             settings.AUTH_USER_MODEL,
             verbose_name=_('user'),
             on_delete=models.CASCADE)
         user = models.ForeignKey(settings.AUTH_USER_MODEL, verbose_name=_('user'), on_delete=models.CASCADE)
         source = models.CharField(max_length=256, verbose_name=_('source'))
         external_id = models.CharField(max_length=256, verbose_name=_('external id'))
         created = models.DateTimeField(auto_now_add=True, verbose_name=_('creation date'))
-...
             return u'{0} is {1} on {2}'.format(self.user, self.external_id, self.source)
         def __repr__(self):
             return '<UserExternalId user: {0!r} source: {1!r} ' \
                    'external_id: {2!r} created: {3} updated: {4}' \
                    .format(self.user_id, self.source, self.external_id,
                            self.created, self.updated)
             return (
                 '<UserExternalId user: {0!r} source: {1!r} '
                 'external_id: {2!r} created: {3} updated: {4}'.format(
                     self.user_id, self.source, self.external_id, self.created, self.updated
+                )
+            )
         class Meta:
             verbose_name = _('user external id')
-...
     class AuthenticationEvent(models.Model):
         '''Record authentication events whatever the source'''
         when = models.DateTimeField(auto_now=True, verbose_name=_('when'))
         who = models.CharField(max_length=80, verbose_name=_('who'))
         how = models.CharField(max_length=32, verbose_name=_('how'))
-...
             verbose_name_plural = _('authentication logs')
         def __str__(self):
             return _('Authentication of %(who)s by %(how)s at %(when)s') % \
                 self.__dict__
             return _('Authentication of %(who)s by %(how)s at %(when)s') % self.__dict__
     class LogoutUrlAbstract(models.Model):
         logout_url = models.URLField(
             verbose_name=_('url'),
             help_text=_('you can use a {} to pass the URL of the success icon, '
                         'ex.: http://example.com/logout?next={}'),
             help_text=_(
                 'you can use a {} to pass the URL of the success icon, ' 'ex.: http://example.com/logout?next={}'
             ),
             max_length=255,
             blank=True,
             null=True)
             null=True,
+        )
         logout_use_iframe = models.BooleanField(
             verbose_name=_('use an iframe instead of an img tag for logout'),
             default=False)
             verbose_name=_('use an iframe instead of an img tag for logout'), default=False
+        )
         logout_use_iframe_timeout = models.PositiveIntegerField(
             verbose_name=_('iframe logout timeout (ms)'),
             help_text=_('if iframe logout is used, it\'s the time between the '
                         'onload event for this iframe and the moment we consider its '

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2