0001-misc-remove-six-module-usage-52503.patch

debian/control
29	29	python3-djangorestframework (<< 3.10),
30	30	python3-markdown (>= 2.1),
31	31	python3-ldap (>= 2.4),
32		python3-six (>= 1.0),
33	32	python3-jwcrypto (>= 0.3.1),
34	33	python3-cryptography (>= 1.3.4),
35	34	python3-django-filters (>= 1),

debian/py3dist-overrides
9	9	XStatic_jquery_ui python3-xstatic-jquery-ui
10	10	django-import-export python3-django-import-export
11	11	django-sekizai python3-django-sekizai
12		six python3-six
13	12	pycryptodome python3-pycryptodome
14	13	ldaptools python3-ldaptools
15	14	django-mellon python3-django-mellon

doc/installation_modes.rst
23	23	- gadjo>=0.6
24	24	- django-import-export>=0.2.7,<=0.4.5
25	25	- djangorestframework>=3.3
26		- six>=1.9
27	26	- Markdown>=2.5
28	27	- python-ldap
29	28

setup.py
129	129	'gadjo>=0.53',
130	130	'django-import-export>=1,<2',
131	131	'djangorestframework>=3.3,<3.10',
132		'six>=1',
133	132	'Markdown>=2.1',
134	133	'python-ldap',
135	134	'django-filter>1,<2.3',

     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     from django.contrib import admin
     from django.utils import six
     from django.utils.translation import ugettext_lazy as _
     from . import models
-...
         list_select_related = True
         def name(self, obj):
             return six.text_type(obj)
             return str(obj)
         name.short_description = _('name')

     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     from django.contrib.contenttypes.models import ContentType
     from django.utils import six
     from django.utils.text import slugify
     from django.utils.translation import ugettext
     from django.utils.translation import ugettext_lazy as _
-...
             # do not create scoped admin roles if the model is not scopable
             if not ou_model:
                 continue
             name = six.text_type(MANAGED_CT[key]['name'])
             name = str(MANAGED_CT[key]['name'])
             slug = '_a2-' + slugify(name)
             scoped_name = six.text_type(MANAGED_CT[key]['scoped_name'])
             scoped_name = str(MANAGED_CT[key]['scoped_name'])
             name = scoped_name.format(ou=ou)
             ou_slug = slug + '-' + ou.slug
             if app_settings.MANAGED_CONTENT_TYPES == ():
-...
             if ct_tuple not in MANAGED_CT:
                 continue
             # General admin role
             name = six.text_type(MANAGED_CT[ct_tuple]['name'])
             name = str(MANAGED_CT[ct_tuple]['name'])
             slug = '_a2-' + slugify(name)
             if (
                 app_settings.MANAGED_CONTENT_TYPES is not None

     from __future__ import unicode_literals
     from django.db import migrations
     from django.utils.six import text_type
     from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP
     from django_rbac.models import CHANGE_OP
-...
         Permission = apps.get_model('a2_rbac', 'Permission')
         Operation = apps.get_model('django_rbac', 'Operation')
         ContentType = apps.get_model('contenttypes', 'ContentType')
         change_op, _ = Operation.objects.get_or_create(slug=text_type(CHANGE_OP.slug))
         manage_members_op, _ = Operation.objects.get_or_create(slug=text_type(MANAGE_MEMBERS_OP.slug))
         change_op, _ = Operation.objects.get_or_create(slug=str(CHANGE_OP.slug))
         manage_members_op, _ = Operation.objects.get_or_create(slug=str(MANAGE_MEMBERS_OP.slug))
         ct = ContentType.objects.get_for_model(Role)
         perms_to_delete = []
         for role in Role.objects.all():

     from django.core.exceptions import ValidationError
     from django.core.validators import MinValueValidator
     from django.db import models
     from django.utils import six
     from django.utils.text import slugify
     from django.utils.translation import pgettext_lazy
     from django.utils.translation import ugettext_lazy as _
-...
             admin_role = self.__class__.objects.get_admin_role(
                 self,
                 name=_('Managers of role "{role}"').format(role=six.text_type(self)),
                 slug='_a2-managers-of-role-{role}'.format(role=slugify(six.text_type(self))),
                 name=_('Managers of role "{role}"').format(role=str(self)),
                 slug='_a2-managers-of-role-{role}'.format(role=slugify(str(self))),
                 permissions=(view_user_perm,),
                 self_administered=True,
                 update_name=True,

     import sys
     import six
     from django.core.exceptions import ImproperlyConfigured
     from django.utils.translation import ugettext_lazy as _
-...
         def __init__(self, default=SENTINEL, definition='', names=None):
             self.names = names or []
             if isinstance(self.names, six.string_types):
             if isinstance(self.names, str):
                 self.names = [self.names]
             self.names = set(self.names)
             self.default = default

     from django.core.validators import RegexValidator
     from django.db.models import query
     from django.urls import reverse
     from django.utils import formats, html, six
     from django.utils import formats, html
     from django.utils.functional import keep_lazy
     from django.utils.translation import pgettext_lazy
     from django.utils.translation import ugettext_lazy as _
-...
     from .plugins import collect_from_plugins
     @keep_lazy(six.text_type)
     @keep_lazy(str)
     def capfirst(value):
         return value and value[0].upper() + value[1:]
-...
             # Test for the empty string here so that it does not get validated,
             # and so that subclasses do not need to handle it explicitly
             # inside the `to_internal_value()` method.
             if data == '' or (self.trim_whitespace and six.text_type(data).strip() == ''):
             if data == '' or (self.trim_whitespace and str(data).strip() == ''):
                 if not self.allow_blank:
                     self.fail('blank')
                 return ''

     import abc
     from django.utils import six
     @six.add_metaclass(abc.ABCMeta)
     class BaseAttributeSource(object):
     class BaseAttributeSource(object, metaclass=abc.ABCMeta):
         """
         Base class for attribute sources
         """

     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     from django.contrib.auth import get_user_model
     from django.utils import six
     from django.utils.translation import ugettext_lazy as _
     from django_rbac.utils import get_role_model
-...
             ctx['django_user_' + str(av.attribute.name)] = serialized
             ctx['django_user_' + str(av.attribute.name) + ':verified'] = av.verified
         ctx['django_user_groups'] = [group for group in user.groups.all()]
         ctx['django_user_group_names'] = [six.text_type(group) for group in user.groups.all()]
         ctx['django_user_group_names'] = [str(group) for group in user.groups.all()]
         if user.username:
             splitted = user.username.rsplit('@', 1)
             ctx['django_user_domain'] = splitted[1] if '@' in user.username else ''

     # You should have received a copy of the GNU Affero General Public License
     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import six
     from django.core.exceptions import ImproperlyConfigured
     from ...decorators import to_list
-...
                 config_error(UNEXPECTED_KEYS_ERROR, unexpected)
             if 'name' not in keys or 'template' not in keys:
                 config_error(BAD_CONFIG_ERROR)
             if not isinstance(d['template'], six.string_types):
             if not isinstance(d['template'], str):
                 config_error(TYPE_ERROR)
             yield d

     import inspect
     from django.utils import six
     try:
         from django.utils.deprecation import CallableTrue
     except ImportError:
-...
                 pass
             # try BasicAuthentication
             if (
                 six.PY3
                 and 'request'
                 'request'
                 in inspect.signature(super(Authentic2Authentication, self).authenticate_credentials).parameters
             ):
                 # compatibility with DRF 3.4

     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import hashlib
     import urllib.parse
     try:
         import ldap
-...
     import os
     import random
     import time
     import urllib.parse
     from django.conf import settings
     from django.contrib import messages
-...
     from django.contrib.auth.models import Group
     from django.core.cache import cache
     from django.core.exceptions import ImproperlyConfigured
     from django.utils import six
     from django.utils.encoding import force_bytes, force_text
     from django.utils.six.moves.urllib import parse as urlparse
     from django.utils.translation import ngettext
     from django.utils.translation import ugettext as _
-...
     def map_text(d):
         if d is None:
             return d
         elif isinstance(d, six.string_types):
         elif isinstance(d, str):
             return force_text(d)
         elif isinstance(d, (list, tuple)):
             return d.__class__(map_text(x) for x in d)
-...
             '''Obtain a Django role'''
             kwargs = {}
             slug = None
             if isinstance(role_id, six.string_types):
             if isinstance(role_id, str):
                 slug = role_id
             elif isinstance(role_id, (tuple, list)):
                 try:
-...
                     attribute, param = attribute.split(':')
                     quote = 'noquote' not in param.split(',')
                 if quote:
                     decoded.append((attribute, urlparse.unquote(value)))
                     decoded.append((attribute, urllib.parse.unquote(value)))
                 else:
                     decoded.append((attribute, force_text(value)))
             filters = [filter_format(u'(%s=%s)', (a, b)) for a, b in decoded]
-...
                 if isinstance(part, list):
                     part = part[0]
                 if quote:
                     part = urlparse.quote(part.encode('utf-8'))
                     part = urllib.parse.quote(part.encode('utf-8'))
                 parts.append(part)
             return ' '.join(part for part in parts)
-...
             # convert string to list of strings for settings accepting it
             for i in cls._TO_ITERABLE:
                 if i in block and isinstance(block[i], six.string_types):
                 if i in block and isinstance(block[i], str):
                     block[i] = (block[i],)
             for d in cls._DEFAULTS:
-...
                     if d == 'user_filter' and app_settings.A2_ACCEPT_EMAIL_AUTHENTICATION:
                         block[d] = '(|(mail=%s)(uid=%s))'
                 else:
                     if isinstance(cls._DEFAULTS[d], six.string_types):
                         if not isinstance(block[d], six.string_types):
                     if isinstance(cls._DEFAULTS[d], str):
                         if not isinstance(block[d], str):
                             raise ImproperlyConfigured('LDAP_AUTH_SETTINGS: attribute %r must be a string' % d)
                         try:
                             block[d] = force_text(block[d])
-...
             for key in cls._TO_LOWERCASE:
                 # we handle strings, list of strings and list of list or tuple whose first element is a
                 # string
                 if isinstance(block[key], six.string_types):
                 if isinstance(block[key], str):
                     block[key] = force_text(block[key]).lower()
                 elif isinstance(block[key], (list, tuple)):
                     new_seq = []

     from __future__ import unicode_literals
     import functools
     from django.contrib.auth import get_user_model
     from django.contrib.auth.backends import ModelBackend
     from django.db import models
     from django.utils import six
     from authentic2.backends import get_user_queryset
     from authentic2.user_login_failure import user_login_failure, user_login_success
-...
                             queries.append(models.Q(**{username_field: upn(username, realm)}))
             else:
                 queries.append(models.Q(**{username_field: upn(username, realm)}))
             queries = six.moves.reduce(models.Q.__or__, queries)
             queries = functools.reduce(models.Q.__or__, queries)
             if ou:
                 queries &= models.Q(ou=ou)
             return queries

     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import urllib.parse
     from django.conf import settings
     from django.utils.six.moves.urllib import parse as urlparse
     from . import app_settings, plugins
     from .decorators import SessionCache
-...
     def make_origin(url):
         '''Build origin of an URL'''
         parsed = urlparse.urlparse(url)
         parsed = urllib.parse.urlparse(url)
         if ':' in parsed.netloc:
             host, port = parsed.netloc.split(':', 1)
             if parsed.scheme == 'http' and port == 80:

     from Cryptodome.Protocol.KDF import PBKDF2
     from django.utils.crypto import constant_time_compare
     from django.utils.encoding import force_bytes
     from django.utils.six import text_type
     class DecryptionError(Exception):
-...
         key_size = 16
         hmac_size = key_size
         if isinstance(salt, text_type):
         if isinstance(salt, str):
             salt = force_bytes(salt)
         iv = hashmod.new(salt).digest()
-...
             if not crypted or not hmac or prf(key, crypted)[:hmac_size] != hmac:
                 raise DecryptionError('invalid HMAC')
             if isinstance(salt, text_type):
             if isinstance(salt, str):
                 salt = force_bytes(salt)
             iv = hashmod.new(salt).digest()

     from django.core.validators import RegexValidator
     from django.db import IntegrityError, models
     from django.db.transaction import atomic
     from django.utils import six
     from django.utils.encoding import force_bytes, force_text
     from django.utils.translation import ugettext as _
-...
         encoding = None
         def run(self, fd_or_str, encoding):
             if isinstance(fd_or_str, six.binary_type):
             if isinstance(fd_or_str, bytes):
                 input_fd = io.BytesIO(fd_or_str)
             elif isinstance(fd_or_str, six.text_type):
             elif isinstance(fd_or_str, str):
                 input_fd = io.StringIO(fd_or_str)
             elif not hasattr(fd_or_str, 'read1'):
                 try:
-...
                     except Exception:
                         pass
                     content = fd_or_str.read()
                     if isinstance(content, six.text_type):
                     if isinstance(content, str):
                         input_fd = io.StringIO(content)
                     else:
                         input_fd = io.BytesIO(content)
-...
             form.is_valid()
             def get_form_errors(form, name):
                 return [Error('data-error', six.text_type(value)) for value in form.errors.get(name, [])]
                 return [Error('data-error', str(value)) for value in form.errors.get(name, [])]
             cells = [
                 CsvCell(

     from django.core.exceptions import MultipleObjectsReturned, ValidationError
     from django.core.mail import send_mail
     from django.db import models, transaction
     from django.utils import six, timezone
     from django.utils import timezone
     from django.utils.translation import ugettext_lazy as _
     try:
-...
             return '%s (%s)' % (human_name, short_id)
         def __repr__(self):
             return '<User: %r>' % six.text_type(self)
             return '<User: %r>' % str(self)
         def clean(self):
             if not (self.username or self.email or (self.first_name and self.last_name)):

     from django.core.cache import cache as django_cache
     from django.core.exceptions import ValidationError
     from django.http import Http404, HttpResponse, HttpResponseBadRequest, HttpResponseForbidden
     from django.utils import six
     from django.views.debug import technical_404_response
     from . import app_settings, middleware
-...
             for i, arg in enumerate(args):
                 if self.args and i not in self.args:
                     continue
                 parts.append(six.text_type(arg))
                 parts.append(str(arg))
             for kw, arg in sorted(kwargs.items(), key=lambda x: x[0]):
                 if kw not in self.kwargs:
                     continue
                 parts.append(u'%s-%s' % (six.text_type(kw), six.text_type(arg)))
                 parts.append(u'%s-%s' % (str(kw), str(arg)))
             return u'|'.join(parts)

     import logging
     import urllib.parse
     from xml.dom.minidom import parseString
     from django.conf.urls import url
     from django.http import HttpResponseRedirect
     from django.urls import reverse
     from django.utils.http import urlquote
     from django.utils.six.moves.urllib import parse as urlparse
     from django.utils.translation import ugettext as _
     from authentic2 import settings
-...
     def is_param_id_in_return_url(return_url, returnIDParam):
         url = urlparse.urlparse(return_url)
         if url.query and returnIDParam in urlparse.parse_qs(url.query):
         url = urllib.parse.urlparse(return_url)
         if url.query and returnIDParam in urllib.parse.parse_qs(url.query):
             return True
         return False
     def add_param_to_url(url, param_name, value):
         scheme, netloc, path, params, query, fragment = urlparse.urlparse(url)
         scheme, netloc, path, params, query, fragment = urllib.parse.urlparse(url)
         if query:
             qs = urlparse.parse_qs(query)
             qs = urllib.parse.parse_qs(query)
             qs[param_name] = [value]
             query = urlparse.urlencode(qs)
         else:
             query = '%s=%s' % (param_name, value)
         return urlparse.urlunparse((scheme, netloc, path, params, query, fragment))
         return urllib.parse.urlunparse((scheme, netloc, path, params, query, fragment))
     def disco(request):

     import time
     from django.core.cache import cache
     from django.utils import six
     class ExponentialRetryTimeout(object):
-...
             self.key_prefix = key_prefix
         def key(self, keys):
             key = u'-'.join(six.text_type(key) for key in keys)
             key = u'-'.join(str(key) for key in keys)
             key = key.encode('utf-8')
             return '%s%s' % (self.key_prefix or self.KEY_PREFIX, hashlib.md5(key).hexdigest())

     # You should have received a copy of the GNU Affero General Public License
     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import functools
     import logging
     import operator
     import random
     from urllib.parse import quote
     from django.db.models import Q
     from django.template.loader import render_to_string
     from django.urls import reverse
     from django.utils import six
     from django.utils.six.moves.urllib.parse import quote
     from django.utils.translation import ugettext as _
     import authentic2.idp.saml.saml2_endpoints as saml2_endpoints
-...
                     queries.append(
                         q.filter(sp_options_policy__isnull=True, liberty_provider__entity_id__in=sessions_eids)
+                    )
             qs = six.moves.reduce(operator.__or__, queries)
             qs = functools.reduce(operator.__or__, queries)
             # do some prefetching
             qs = qs.prefetch_related('liberty_provider')
             qs = qs.select_related('sp_options_policy')

     import string
     import xml.etree.cElementTree as ctree
     from functools import wraps
     from urllib.parse import quote, urlencode
     from django.conf import settings
     from django.contrib import messages
-...
     from django.http import HttpResponse, HttpResponseBadRequest, HttpResponseForbidden, HttpResponseRedirect
     from django.shortcuts import redirect, render
     from django.urls import reverse
     from django.utils import six
     from django.utils.encoding import force_bytes, force_str, force_text
     from django.utils.six.moves.urllib.parse import quote, urlencode
     from django.utils.translation import ugettext as _
     from django.utils.translation import ugettext_noop as N_
     from django.views.decorators.cache import never_cache
-...
         if not access_granted:
             logger.debug('access denied, return answer to the requester')
             set_saml2_response_responder_status_code(
                 login.response, lasso.SAML2_STATUS_CODE_REQUEST_DENIED, msg=six.text_type(dic['message'])
                 login.response, lasso.SAML2_STATUS_CODE_REQUEST_DENIED, msg=str(dic['message'])
+            )
             return finish_sso(request, login)

     import logging
     from django.utils import six
     class RequestContextFilter(logging.Filter):
         DEFAULT_USERNAME = '-'
-...
             if not hasattr(record, 'user'):
                 if hasattr(request, 'user') and request.user.is_authenticated:
                     record.user = six.text_type(request.user)
                     record.user = str(request.user)
                 else:
                     record.user = self.DEFAULT_USERNAME

src/authentic2/management/commands/check-and-repair.py
27	27	from django.db.models import Count, Q
28	28	from django.db.models.functions import Lower
29	29	from django.db.transaction import atomic
30		from django.utils.six.moves import input
31	30	from django.utils.timezone import localtime
32	31
33	32	from authentic2 import app_settings

     from __future__ import print_function
     import logging
     import urllib.parse
     from datetime import timedelta
     from django.conf import settings
-...
     from django.db import transaction
     from django.db.models import F
     from django.utils import timezone, translation
     from django.utils.six.moves.urllib import parse as urlparse
     from authentic2.backends.ldap_backend import LDAPBackend
     from authentic2.utils import send_templated_mail
-...
             ctx = {
                 'user': user,
                 'days_to_deletion': days_to_deletion,
                 'login_url': urlparse.urljoin(settings.SITE_BASE_URL, settings.LOGIN_URL),
                 'login_url': urllib.parse.urljoin(settings.SITE_BASE_URL, settings.LOGIN_URL),
+            }
             with transaction.atomic():
                 if not self.fake:

     from __future__ import print_function
     import io
     import logging
     import re
     import sys
     from django.contrib.auth import get_user_model
     from django.core.management.base import BaseCommand
     from django.utils import six
     from ldap.dn import escape_dn_chars
     from ldif import LDIFWriter
-...
         def ldap(self, command, attrs):
             self.logger.debug('received command %s %s', command, attrs)
             if command == 'SEARCH':
                 out = six.BytesIO()
                 out = io.BytesIO()
                 ldif_writer = LDIFWriter(out)
                 qs = get_user_model().objects.all()
                 if attrs['filter'] != '(objectClass=*)':
-...
                 for user in qs:
                     o = {}
                     for user_attribute, ldap_attribute in MAPPING.items():
                         o[ldap_attribute] = [six.text_type(getattr(user, user_attribute)).encode('utf-8')]
                         o[ldap_attribute] = [str(getattr(user, user_attribute)).encode('utf-8')]
                     o['objectClass'] = ['inetOrgPerson']
                     dn = 'uid=%s,%s' % (escape_dn_chars(o['uid'][0]), attrs['suffix'])
                     self.logger.debug(u'sending entry %s %s', dn, o)

     from django.contrib.auth import get_user_model
     from django.contrib.contenttypes.models import ContentType
     from django.core.exceptions import ValidationError
     from django.utils import six
     from django.utils.text import slugify
     from django.utils.translation import pgettext, ugettext
     from django.utils.translation import ugettext_lazy as _
-...
         def save(self, commit=True):
             instance = self.instance
             if not instance.slug:
                 instance.slug = slugify(six.text_type(instance.name)).lstrip('_')
                 instance.slug = slugify(str(instance.name)).lstrip('_')
                 qs = instance.__class__.objects.all()
                 if instance.pk:
                     qs = qs.exclude(pk=instance.pk)
-...
                 if self.show_all_ou and (len(self.ou_qs) > 1 or self.search_all_ous):
                     choices.append(('all', all_ou_label))
                 for ou in self.ou_qs:
                     choices.append((str(ou.pk), six.text_type(ou)))
                     choices.append((str(ou.pk), str(ou)))
                 if self.show_none_ou and self.search_all_ous:
                     choices.append(('none', pgettext('organizational unit', 'None')))
-...
         @staticmethod
         def raise_validation_error(error_message):
             message_prefix = ugettext('Invalid import file')
             raise forms.ValidationError('%s : %s' % (message_prefix, six.text_type(error_message)))
             raise forms.ValidationError('%s : %s' % (message_prefix, str(error_message)))
     class UserNewImportForm(UserImportForm):

     from django.db import transaction
     from django.http import HttpResponseRedirect
     from django.urls import reverse
     from django.utils import six
     from django.utils.translation import ugettext as _
     from django.views.generic import FormView
-...
         @property
         def title(self):
             return six.text_type(self.object)
             return str(self.object)
         def authorize(self, request, *args, **kwargs):
             super(OrganizationalUnitDetailView, self).authorize(request, *args, **kwargs)

     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     from django.contrib.auth import get_user_model
     from django.utils import six
     from import_export.fields import Field
     from import_export.resources import ModelResource
     from import_export.widgets import Widget
-...
             raise NotImplementedError
         def render(self, value, object):
             return u', '.join(six.text_type(v) for v in value.all())
             return u', '.join(str(v) for v in value.all())
     class UserResource(ModelResource):
-...
                 result.add(role)
                 for pr in role.parent_relation.all():
                     result.add(pr.parent)
             return ', '.join(six.text_type(x) for x in result)
             return ', '.join(str(x) for x in result)
         class Meta:
             model = User

     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     from django.contrib import messages
     from django.utils import six
     from django.utils.translation import ugettext as _
     from authentic2.models import Service
-...
         @property
         def title(self):
             return six.text_type(self.object)
             return str(self.object)
         def get_table_queryset(self):
             return self.object.authorized_roles.all()

     from django.conf import settings
     from django.core.files.storage import default_storage
     from django.db import connection
     from django.utils import six
     from django.utils.functional import cached_property
     from django.utils.timezone import utc
     from django.utils.translation import ugettext_lazy as _
-...
                         logger.exception('error during report %s:%s run', self.user_import.uuid, self.uuid)
                         state = self.STATE_ERROR
                         try:
                             exception = six.text_type(e)
                             exception = str(e)
                         except Exception:
                             exception = repr(repr(e))
                     else:

     from django.forms import MediaDefiningClass
     from django.http import Http404, HttpResponse
     from django.urls import reverse, reverse_lazy
     from django.utils import six
     from django.utils.encoding import force_text
     from django.utils.functional import cached_property
     from django.utils.timezone import now
-...
             return super(MultipleOUMixin, self).get_context_data(**kwargs)
     @six.add_metaclass(MediaMixinBase)
     class MediaMixin(object):
     class MediaMixin(object, metaclass=MediaMixinBase):
         '''Expose needed CSS and JS files as a media object'''
         class Media:
-...
         def get_instance_name(self):
             if hasattr(self, 'get_object'):
                 return six.text_type(self.get_object())
                 return str(self.get_object())
             return u''
         def get_context_data(self, **kwargs):
-...
                     continue
                 menu_entries.append(
+                    {
                         'label': six.text_type(entry['label']),
                         'label': str(entry['label']),
                         'slug': entry.get('slug', ''),
                         'url': request.build_absolute_uri(six.text_type(entry['href'])),
                         'url': request.build_absolute_uri(str(entry['href'])),
+                    }
+                )
             return menu_entries

     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import base64
     import functools
     import operator
     import pickle
     from django.contrib.auth import get_user_model
     from django.core import signing
     from django.utils import six
     from django.utils.encoding import force_text
     from django_select2.forms import ModelSelect2MultipleWidget, ModelSelect2Widget
-...
             queries = []
             for term in term.split():
                 queries.append(super(SplitTermMixin, self).filter_queryset(term, queryset=qs))
             qs = six.moves.reduce(self.split_term_operator, queries)
             qs = functools.reduce(self.split_term_operator, queries)
             return qs
-...
+        ]
         def label_from_instance(self, obj):
             label = six.text_type(obj)
             label = str(obj)
             if obj.ou and utils.get_ou_count() > 1:
                 label = u'{ou} - {obj}'.format(ou=obj.ou, obj=obj)
             return label

     except ImportError:
         threading = None
     import urllib.parse
     from django import http
     from django.conf import settings
     from django.contrib import messages
     from django.utils.deprecation import MiddlewareMixin
     from django.utils.functional import SimpleLazyObject
     from django.utils.six.moves.urllib import parse as urlparse
     from django.utils.translation import ugettext as _
     from . import app_settings, plugins, utils
-...
                 return response
             if not getattr(response, 'display_message', True):
                 return response
             parsed_url = urlparse.urlparse(url)
             parsed_url = urllib.parse.urlparse(url)
             if not parsed_url.scheme and not parsed_url.netloc:
                 return response
             parsed_request_url = urlparse.urlparse(request.build_absolute_uri())
             parsed_request_url = urllib.parse.urlparse(request.build_absolute_uri())
             if (parsed_request_url.scheme == parsed_url.scheme or not parsed_url.scheme) and (
                 parsed_request_url.netloc == parsed_url.netloc
             ):

     import itertools
     from django.db.migrations.operations.base import Operation
     from django.utils import six
     class CreatePartialIndexes(Operation):
-...
                     for clause in where:
                         if isinstance(clause, tuple):
                             clause, params = clause
                             assert isinstance(clause, six.string_types)
                             assert isinstance(clause, str)
                             assert isinstance(params, tuple)
                             clause = clause % tuple(schema_editor.quote_value(param) for param in params)
                         assert isinstance(clause, six.string_types)
                         assert isinstance(clause, str)
                         clauses.append(clause)
                     where_clause = ' AND '.join(clauses)
                     # SQLite does not accept parameters in partial index creations, don't ask why :/

     import datetime
     import time
     import urllib.parse
     import uuid
     import django
-...
     from django.core.exceptions import ValidationError
     from django.db import models, transaction
     from django.db.models.query import Q
     from django.utils import six, timezone
     from django.utils import timezone
     from django.utils.http import urlquote
     from django.utils.six.moves.urllib import parse as urlparse
     from django.utils.translation import ugettext_lazy as _
     from model_utils.managers import QueryManager
-...
         def get_logout_url(self, request):
             ok_icon_url = (
                 request.build_absolute_uri(urlparse.urljoin(settings.STATIC_URL, 'authentic2/images/ok.png'))
                 request.build_absolute_uri(urllib.parse.urljoin(settings.STATIC_URL, 'authentic2/images/ok.png'))
                 + '?nonce=%s' % time.time()
+            )
             return self.logout_url.format(urlquote(ok_icon_url))
-...
             verbose_name_plural = _('password reset')
         def __str__(self):
             return six.text_type(self.user)
             return str(self.user)
     class Service(models.Model):
-...
             return self.name
         def __repr__(self):
             return '<%s %r>' % (self.__class__.__name__, six.text_type(self))
             return '<%s %r>' % (self.__class__.__name__, str(self))
         def authorize(self, user):
             if not self.authorized_roles.exists():
-...
             else:
                 return _uuid
             if isinstance(_uuid, six.text_type):
             if isinstance(_uuid, str):
                 _uuid = _uuid.encode('ascii')
                 _uuid = base64url_decode(_uuid)
             return uuid.UUID(bytes=_uuid)

     import string
     from django.core.exceptions import ValidationError
     from django.utils import six
     from django.utils.functional import lazy
     from django.utils.module_loading import import_string
     from django.utils.translation import ugettext as _
-...
         return ''.join(new_password)
     @six.add_metaclass(abc.ABCMeta)
     class PasswordChecker(object):
     class PasswordChecker(object, metaclass=abc.ABCMeta):
         class Check(object):
             def __init__(self, label, result):
                 self.label = label
-...
             return ''
     password_help_text = lazy(password_help_text, six.text_type)
     password_help_text = lazy(password_help_text, str)

     from django.contrib import admin, messages
     from django.core.exceptions import ValidationError
     from django.forms import ModelForm
     from django.utils import six
     from django.utils.translation import ugettext as _
     try:
-...
         def render(self, name, value, attrs=None, **kwargs):
             if attrs is None:
                 attrs = {}
             if isinstance(value, (str, six.text_type)):
             if isinstance(value, (str, str)):
                 attrs['rows'] = value.count('\n') + 5
                 attrs['cols'] = min(max((len(x) for x in value.split('\n'))), 150)
             return super(TextAndFileWidget, self).render(name, value, attrs, **kwargs)

     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import datetime
     import functools
     import logging
     import os.path
     import re
-...
     from django.http import Http404, HttpResponse, HttpResponseRedirect
     from django.shortcuts import render
     from django.urls import reverse
     from django.utils import six
     from django.utils.encoding import force_text
     from authentic2.compat_lasso import lasso
-...
             return None
         logger.debug('loaded %d bytes', len(metadata))
         try:
             metadata = six.text_type(metadata, 'utf-8')
             metadata = str(metadata, 'utf-8')
         except UnicodeDecodeError:
             logging.error('SAML metadata autoload: retrieved metadata for entity id %s is not UTF-8', provider_id)
             return None
-...
                             value,
+                        )
         if session_not_on_or_afters:
             return six.moves.reduce(min, session_not_on_or_afters)
             return functools.reduce(min, session_not_on_or_afters)
         return None

     from django.core.exceptions import ValidationError
     from django.db import models
     from django.template.defaultfilters import pluralize
     from django.utils import six
     from django.utils.encoding import force_bytes, force_text
     from django.utils.text import capfirst
-...
     # Initial author: Oliver Beattie
     class PickledObject(six.text_type):
     class PickledObject(str):
         """A subclass of string so it can be told whether a string is
         a pickled object or not (if the object is an instance of this class
         then it must [well, should] be a pickled one)."""
-...
             return MultiSelectFormField(**defaults)
         def get_db_prep_value(self, value, connection, prepared=False):
             if isinstance(value, six.string_types):
             if isinstance(value, str):
                 return value
             elif isinstance(value, list):
                 return ",".join(value)

     from __future__ import print_function
     import io
     import os
     import sys
     import warnings
-...
     from django.core.management.base import BaseCommand, CommandError
     from django.db.transaction import atomic
     from django.template.defaultfilters import slugify
     from django.utils import six
     from django.utils.translation import gettext as _
     from authentic2.compat_lasso import lasso
-...
                 response = requests.get(metadata_file_path)
                 if not response.ok:
                     raise CommandError('Unable to open url %s' % metadata_file_path)
                 metadata_file = six.BytesIO(response.content)
                 metadata_file = io.BytesIO(response.content)
             else:
                 try:
                     with open(metadata_file_path, 'rb') as fd:
                         metadata_file = six.BytesIO(fd.read())
                         metadata_file = io.BytesIO(fd.read())
                 except IOError:
                     raise CommandError('Unable to open file %s' % metadata_file_path)

     from django.db import models
     from django.db.models import Q
     from django.db.models.query import QuerySet
     from django.utils import six
     from django.utils.encoding import force_str, force_text
     from django.utils.translation import ugettext_lazy as _
-...
             return (self.liberty_provider.slug,)
         def __str__(self):
             return six.text_type(self.liberty_provider)
             return str(self.liberty_provider)
         class Meta:
             verbose_name = _('SAML service provider')

     import time
     import xml.etree.ElementTree as etree
     from django.utils import six
     from django.utils.encoding import force_text
     from authentic2.compat_lasso import lasso
-...
     def filter_attribute_private_key(message):
         if isinstance(message, six.string_types):
         if isinstance(message, str):
             return re.sub(r' (\w+:)?(PrivateKey=")([&#;\w/ +-=])+(")', '', message)
         else:
             return message
     def filter_element_private_key(message):
         if isinstance(message, six.string_types):
         if isinstance(message, str):
             return re.sub(
                 r'(<saml)(p)?(:PrivateKeyFile>-----BEGIN RSA PRIVATE KEY-----)'
                 r'([&#;\w/+=\s])+'

     import subprocess
     import tempfile
     import six
     _openssl = 'openssl'
     def decapsulate_pem_file(file_or_string):
         '''Remove PEM header lines'''
         if not isinstance(file_or_string, six.string_types):
         if not isinstance(file_or_string, str):
             content = file_or_string.read()
         else:
             content = file_or_string

     from django.core.serializers.json import Serializer as JSONSerializer
     from django.core.serializers.python import _get_model
     from django.db import DEFAULT_DB_ALIAS
     from django.utils import six
     class Serializer(JSONSerializer):
-...
         """
         from django.core.serializers.python import Deserializer as PythonDeserializer
         if not isinstance(stream_or_string, (bytes, six.string_types)):
         if not isinstance(stream_or_string, (bytes, str)):
             stream_or_string = stream_or_string.read()
         if isinstance(stream_or_string, bytes):
             stream_or_string = stream_or_string.decode('utf-8')
-...
         except GeneratorExit:
             raise
         except Exception as e:
             # Map to deserializer error
             six.reraise(DeserializationError, DeserializationError(e), sys.exc_info()[2])
             raise DeserializationError(e)

     import logging
     import random
     import time
     import urllib.parse
     import uuid
     from functools import wraps
     from importlib import import_module
-...
     from django.template.context import make_context
     from django.template.loader import TemplateDoesNotExist, render_to_string, select_template
     from django.urls import reverse
     from django.utils import html, six, timezone
     from django.utils import html, timezone
     from django.utils.encoding import iri_to_uri, uri_to_iri
     from django.utils.formats import localize
     from django.utils.six.moves.urllib import parse as urlparse
     from django.utils.translation import ungettext
     try:
-...
         backends = []
         for backend_path in getattr(app_settings, setting_name):
             kwargs = {}
             if not isinstance(backend_path, six.string_types):
             if not isinstance(backend_path, str):
                 backend_path, kwargs = backend_path
             kwargs_settings = getattr(app_settings, setting_name + '_KWARGS', {})
             backend = load_backend(backend_path, kwargs_settings)
-...
     def add_arg(url, key, value=None):
         '''Add a parameter to an URL'''
         key = urlparse.quote(key)
         key = urllib.parse.quote(key)
         if value is not None:
             add = '%s=%s' % (key, urlparse.quote(value))
             add = '%s=%s' % (key, urllib.parse.quote(value))
         else:
             add = key
         if '?' in url:
-...
     def field_names(list_of_field_name_and_titles):
         for t in list_of_field_name_and_titles:
             if isinstance(t, six.string_types):
             if isinstance(t, str):
                 yield t
             else:
                 yield t[0]
-...
     def is_valid_url(url):
         try:
             parsed = urlparse.urlparse(url)
             parsed = urllib.parse.urlparse(url)
             if parsed.scheme in ('http', 'https', ''):
                 return True
         except Exception:
-...
         else:
             url = to
         url = iri_to_uri(url)
         scheme, netloc, path, query_string, o_fragment = urlparse.urlsplit(url)
         url = uri_to_iri(urlparse.urlunsplit((scheme, netloc, path, '', '')))
         scheme, netloc, path, query_string, o_fragment = urllib.parse.urlsplit(url)
         url = uri_to_iri(urllib.parse.urlunsplit((scheme, netloc, path, '', '')))
         fragment = fragment or o_fragment
         # Django < 1.6 compat, query_string is not optional
         url_params = QueryDict(query_string=query_string, mutable=True)
-...
             if request:
                 url = request.build_absolute_uri(url)
             elif hasattr(settings, 'SITE_BASE_URL'):
                 url = urlparse.urljoin(settings.SITE_BASE_URL, url)
                 url = urllib.parse.urljoin(settings.SITE_BASE_URL, url)
             else:
                 raise TypeError('make_url() absolute cannot be used without request')
         # keep using unicode
-...
         # explicitly state that the session has been modified
         request.session.modified = True
         event = {
             'who': six.text_type(request.user),
             'who': str(request.user),
             'who_id': getattr(request.user, 'pk', None),
             'how': how,
             'when': int(time.time()),
+        }
         kwargs = {
             'who': six.text_type(request.user)[:80],
             'who': str(request.user)[:80],
             'how': how,
+        }
         nonce = nonce or get_nonce(request)
-...
     def normalize_attribute_values(values):
         '''Take a list of values or a single one and normalize it'''
         values_set = set()
         if isinstance(values, six.string_types) or not hasattr(values, '__iter__'):
         if isinstance(values, str) or not hasattr(values, '__iter__'):
             values = [values]
         for value in values:
             if isinstance(value, bool):
                 value = str(value).lower()
             values_set.add(six.text_type(value))
             values_set.add(str(value))
         return values_set
-...
         """
         from .. import middleware
         if isinstance(template_names, six.string_types):
         if isinstance(template_names, str):
             template_names = [template_names]
         if per_ou_templates and getattr(user_or_email, 'ou', None):
             new_template_names = []
-...
         if good_next_url(request, next_url):
             if replace:
                 for key, value in replace.items():
                     next_url = next_url.replace(key, urlparse.quote(value))
                     next_url = next_url.replace(key, urllib.parse.quote(value))
             return next_url
         return default
-...
         If not scheme and not port are given, port compare is skipped.
         The last two rules allow authorizing complete domains easily.
         """
         p1, p2 = urlparse.urlparse(url1), urlparse.urlparse(url2)
         p1, p2 = urllib.parse.urlparse(url1), urllib.parse.urlparse(url2)
         p1_host, p1_port = netloc_to_host_port(p1.netloc)
         p2_host, p2_port = netloc_to_host_port(p2.netloc)

     import ast
     from django.utils import six
     from django.utils.translation import ugettext as _
-...
                 # set the nearer expr node as the node of the error
                 if e.node is None and hasattr(node, 'col_offset'):
                     e.set_node(node)
                 six.reraise(*sys.exc_info())
                 raise e
         @lru_cache(maxsize=1024)
         def __call__(self, expression):
-...
                 if e.text is None:
                     e.text = expression
                 e.params = {'expression': expression}
                 six.reraise(*sys.exc_info())
                 raise e
             return compile(tree, expression, mode='eval')
-...
             super(ConditionValidator, self).__init__(
                 authorized_nodes=authorized_nodes, forbidden_nodes=forbidden_nodes
+            )
             if six.PY3:
                 self.authorized_nodes.append(ast.NameConstant)
             self.authorized_nodes.append(ast.NameConstant)
         def check_Name(self, node):
             if node.id.startswith('_'):
-...
                 raise ExpressionError(
                     _('variable is not defined: %s') % e, code='undefined-variable', text=expression, column=0
+                )
         except Exception:
         except Exception as e:
             if on_raise is not None:
                 return on_raise
             six.reraise(*sys.exc_info())
             raise e

     from __future__ import unicode_literals
     from django.utils import six
     from django.utils.encoding import force_text
     from django.utils.functional import keep_lazy
     from django.utils.text import format_lazy
-...
         return format_lazy(fstring, *args)
     @keep_lazy(six.text_type)
     @keep_lazy(str)
     def lazy_label(default, func):
         """Allow using a getter for a label, with late binding.

     from django.template import loader
     from django.template.loader import render_to_string
     from django.urls import reverse
     from django.utils import six, timezone
     from django.utils import timezone
     from django.utils.translation import ugettext as _
     from django.views.decorators.cache import never_cache
     from django.views.decorators.csrf import csrf_exempt, ensure_csrf_cookie
-...
                     value = filter(None, value)
                     value = [html_value(attribute, at_value) for at_value in value]
                     if not title:
                         title = six.text_type(attribute)
                         title = str(attribute)
                 else:
                     # fallback to model attributes
                     try:
-...
                     if not isinstance(value, (list, tuple)):
                         value = (value,)
                     raw_value = value
                     value = [six.text_type(v) for v in value]
                     value = [str(v) for v in value]
                 if value or app_settings.A2_PROFILE_DISPLAY_EMPTY_FIELDS:
                     profile.append((title, value))
                     attributes.append({'attribute': attribute, 'values': raw_value})

     import hashlib
     import hmac
     import json
     import urllib.parse
     from django.conf import settings
     from django.db import models
     from django.utils.encoding import force_bytes, force_text
     from django.utils.six.moves.urllib import parse as urlparse
     from django.utils.timezone import now
     from django.utils.translation import ugettext_lazy as _
-...
             return None, 'id_token is expired'
         def check_issuer():
             parsed = urlparse.urlparse(app_settings.authorize_url)
             parsed = urllib.parse.urlparse(app_settings.authorize_url)
             if 'iss' not in payload:
                 return False
             try:
                 parsed_issuer = urlparse.urlparse(payload['iss'])
                 parsed_issuer = urllib.parse.urlparse(payload['iss'])
             except Exception:
                 return False
             return parsed_issuer.scheme == parsed.scheme and parsed_issuer.netloc == parsed.netloc

     import json
     import logging
     import urllib.parse
     import uuid
     import requests
-...
     from django.shortcuts import render, resolve_url
     from django.urls import reverse
     from django.utils.http import is_safe_url, urlencode
     from django.utils.six.moves.urllib import parse as urlparse
     from django.utils.translation import ugettext as _
     from django.views.generic import FormView, View
     from requests_oauthlib import OAuth2Session
-...
                 redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
             # Prevent errors when redirect_to does not contain fc-login-or-link view
             parsed_redirect_to = urlparse.urlparse(redirect_to)
             parsed_redirect_to = urllib.parse.urlparse(redirect_to)
             if parsed_redirect_to.path == reverse('fc-login-or-link'):
                 redirect_to = urlparse.parse_qs(parsed_redirect_to.query).get(
                 redirect_to = urllib.parse.parse_qs(parsed_redirect_to.query).get(
                     REDIRECT_FIELD_NAME, [a2_utils.make_url('auth_homepage')]
                 )[0]
             params = {

     import requests
     from django.contrib.auth import get_user_model
     from django.contrib.auth.backends import ModelBackend
     from django.utils import six
     from django.utils.timezone import now
     from jwcrypto.jwk import JWK
     from jwcrypto.jwt import JWT
-...
                 jwt = JWT(jwt=original_id_token, key=key_or_keyset, check_claims={}, algs=algs)
                 jwt.claims
             if isinstance(id_token.aud, six.text_type) and provider.client_id != id_token.aud:
             if isinstance(id_token.aud, str) and provider.client_id != id_token.aud:
                 logger.warning(
                     'auth_oidc: invalid id_token audience %s != provider client_id %s',
                     id_token.aud,

     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import datetime
     import urllib.parse
     import requests
     from django.shortcuts import get_object_or_404
     from django.utils import six
     from django.utils.six.moves.urllib import parse as urlparse
     from django.utils.timezone import utc
     from django.utils.translation import ugettext as _
     from jwcrypto.common import JWException, base64url_encode, json_decode
-...
     REQUIRED_ID_TOKEN_KEYS = set(['iss', 'sub', 'aud', 'exp', 'iat'])
     KEY_TYPES = {
         'iss': six.text_type,
         'sub': six.text_type,
         'iss': str,
         'sub': str,
         'exp': int,
         'iat': int,
         'auth_time': int,
         'nonce': six.text_type,
         'acr': six.text_type,
         'azp': six.text_type,
         'nonce': str,
         'acr': str,
         'azp': str,
         # aud and amr havec specific checks
+    }
-...
         nonce = None
         def __init__(self, encoded):
             if not isinstance(encoded, (six.binary_type, six.string_types)):
             if not isinstance(encoded, (bytes, str)):
                 raise IDTokenError(_('Encoded ID Token must be either binary or string data'))
             self._encoded = encoded
-...
                 if key == 'amr':
                     if not isinstance(decoded['amr'], list):
                         raise IDTokenError(_('invalid amr value: %s') % decoded['amr'])
                     if not all(isinstance(v, six.text_type) for v in decoded['amr']):
                     if not all(isinstance(v, str) for v in decoded['amr']):
                         raise IDTokenError(_('invalid amr value: %s') % decoded['amr'])
                 elif key in KEY_TYPES:
                     if not isinstance(decoded[key], KEY_TYPES[key]):
-...
     def check_https(url):
         return urlparse.urlparse(url).scheme == 'https'
         return urllib.parse.urlparse(url).scheme == 'https'
     def register_issuer(name, issuer=None, openid_configuration=None, verify=True, timeout=None, ou=None):
-...
     def get_openid_configuration_url(issuer):
         parsed = urlparse.urlparse(issuer)
         parsed = urllib.parse.urlparse(issuer)
         if parsed.query or parsed.fragment or parsed.scheme != 'https':
             raise ValueError(
                 _('invalid issuer URL, it must use the https:// scheme and not have a ' 'query or fragment')
+            )
         issuer = urlparse.urlunparse((parsed.scheme, parsed.netloc, parsed.path.rstrip('/'), None, None, None))
         issuer = urllib.parse.urlunparse(
             (parsed.scheme, parsed.netloc, parsed.path.rstrip('/'), None, None, None)
+        )
         return issuer + '/.well-known/openid-configuration'

     from django.contrib import messages
     from django.core.exceptions import MultipleObjectsReturned
     from django.db.transaction import atomic
     from django.utils import six
     from django.utils.translation import ugettext as _
     from mellon.adapters import DefaultAdapter, UserCreationError
     from mellon.utils import get_setting
-...
             super(MappingError, self).__init__(message)
         def __str__(self):
             s = six.text_type(self.args[0])
             s = str(self.args[0])
             if self.details:
                 s += ' ' + repr(self.details)
             return s
-...
                 action = mapping.get('action', 'set-attribute')
                 mandatory = mapping.get('mandatory', False) is True
                 method = None
                 if isinstance(action, six.string_types):
                 if isinstance(action, str):
                     try:
                         method = getattr(self, 'action_' + action.replace('-', '_'))
                     except AttributeError:
-...
         def action_rename(self, user, idp, saml_attributes, mapping):
             from_name = mapping.get('from')
             if not from_name or not isinstance(from_name, six.string_types):
             if not from_name or not isinstance(from_name, str):
                 raise MappingError('missing from in rename')
             to_name = mapping.get('to')
             if not to_name or not isinstance(to_name, six.string_types):
             if not to_name or not isinstance(to_name, str):
                 raise MappingError('missing to in rename')
             if from_name in saml_attributes:
                 saml_attributes[to_name] = saml_attributes[from_name]
         def action_set_attribute(self, user, idp, saml_attributes, mapping):
             attribute = mapping.get('attribute')
             if not attribute or not isinstance(attribute, six.string_types):
             if not attribute or not isinstance(attribute, str):
                 raise MappingError('missing attribute key')
             saml_attribute = mapping.get('saml_attribute')
             if not saml_attribute or not isinstance(saml_attribute, six.string_types):
             if not saml_attribute or not isinstance(saml_attribute, str):
                 raise MappingError('missing saml_attribute key')
             if saml_attribute not in saml_attributes:
-...
             slug = ou_desc.get('slug')
             name = ou_desc.get('name')
             if slug:
                 if not isinstance(slug, six.string_types):
                 if not isinstance(slug, str):
                     raise MappingError('invalid ou.slug in ou description')
                 try:
                     return OU.objects.get(slug=slug)
                 except OU.DoesNotExist:
                     raise MappingError('unknown ou', details={'slug': slug})
             elif name:
                 if not isinstance(name, six.string_types):
                 if not isinstance(name, str):
                     raise MappingError('invalid ou.slug in ou description')
                 try:
                     return OU.objects.get(name=name)
-...
                 kwargs['ou'] = ou
             if slug:
                 if not isinstance(slug, six.string_types):
                 if not isinstance(slug, str):
                     raise MappingError('invalid role slug', details={'slug': slug})
                 kwargs['slug'] = slug
             elif name:
                 if not isinstance(name, six.string_types):
                 if not isinstance(name, str):
                     raise MappingError('invalid role name', details={'name': name})
                 kwargs['name'] = name
             else:
-...
             condition = mapping.get('condition')
             if condition is None:
                 return True
             if not isinstance(condition, six.string_types):
             if not isinstance(condition, str):
                 raise MappingError('invalid condition')
             try:
                 # use a proxy to simplify condition expressions as subscript is forbidden
-...
                 logger.debug('auth_saml: condition %r is %s', condition, value, extra={'user': user})
                 return value
             except Exception as e:
                 raise MappingError('condition evaluation failed', details={'error': six.text_type(e)})
                 raise MappingError('condition evaluation failed', details={'error': str(e)})
         def action_add_role(self, user, idp, saml_attributes, mapping):
             role = self.get_role(mapping)

     # You should have received a copy of the GNU Affero General Public License
     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import urllib.parse
     from datetime import timedelta
     from django.db import models
     from django.db.models import query
     from django.utils.six.moves.urllib import parse as urlparse
     from django.utils.timezone import now
-...
     class ServiceQuerySet(query.QuerySet):
         def for_service(self, service):
             '''Find service with the longest match'''
             parsed = urlparse.urlparse(service)
             parsed = urllib.parse.urlparse(service)
             matches = []
             for match in self.filter(urls__contains=parsed.netloc):
                 urls = match.get_urls()

     import requests
     from django.http import HttpResponse, HttpResponseBadRequest
     from django.utils import six
     from django.utils.timezone import now
     from django.views.generic.base import View
-...
                 if st.service.identifier_attribute not in attributes:
                     self.logger.error(
                         'unable to compute an identifier for user %r and service %s',
                         six.text_type(st.user),
                         str(st.user),
                         st.service_url,
+                    )
                     return self.validation_failure(request, service, INTERNAL_ERROR)
-...
                 'validation success service: %r ticket: %s user: %r identifier: %r',
                 st.service_url,
                 st.ticket_id,
                 six.text_type(st.user),
                 str(st.user),
                 identifier,
+            )
             return self.real_validation_success(request, st, identifier)
-...
             root = ET.Element(SERVICE_RESPONSE_ELT)
             success = ET.SubElement(root, AUTHENTICATION_SUCCESS_ELT)
             user = ET.SubElement(success, USER_ELT)
             user.text = six.text_type(identifier)
             user.text = str(identifier)
             self.provision_pgt(request, st, success)
             self.provision_attributes(request, st, success)
             return HttpResponse(ET.tostring(root, encoding='utf-8'), content_type='text/xml')
-...
             for key, values in values.items():
                 for value in values:
                     attribute_elt = ET.SubElement(attributes_elt, '{%s}%s' % (CAS_NAMESPACE, key))
                     attribute_elt.text = six.text_type(value)
                     attribute_elt.text = str(value)
         def provision_pgt(self, request, st, success):
             """Provision a PGT ticket if requested"""

     # You should have received a copy of the GNU Affero General Public License
     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import urllib.parse
     import uuid
     from importlib import import_module
-...
     from django.core.exceptions import ImproperlyConfigured, ValidationError
     from django.core.validators import URLValidator
     from django.db import models
     from django.utils import six
     from django.utils.six.moves.urllib import parse as urlparse
     from django.utils.timezone import now
     from django.utils.translation import ugettext_lazy as _
-...
     def generate_uuid():
         return six.text_type(uuid.uuid4())
         return str(uuid.uuid4())
     def validate_https_url(data):
-...
             if len(redirect_uri) > app_settings.REDIRECT_URI_MAX_LENGTH:
                 raise ValueError('redirect_uri length > %s' % app_settings.REDIRECT_URI_MAX_LENGTH)
             parsed_uri = urlparse.urlparse(redirect_uri)
             parsed_uri = urllib.parse.urlparse(redirect_uri)
             for valid_redirect_uri in self.redirect_uris.split():
                 parsed_valid_uri = urlparse.urlparse(valid_redirect_uri)
                 parsed_valid_uri = urllib.parse.urlparse(valid_redirect_uri)
                 if parsed_uri.scheme != parsed_valid_uri.scheme:
                     continue
                 if parsed_valid_uri.netloc.startswith('*'):
-...
         def __repr__(self):
             return '<OIDCAuthorization client:%r user:%r scopes:%r>' % (
                 self.client_id and six.text_type(self.client),
                 self.user_id and six.text_type(self.user),
                 self.client_id and str(self.client),
                 self.user_id and str(self.user),
                 self.scopes,
+            )
-...
         def __repr__(self):
             return '<OIDCCode uuid:%s client:%s user:%s expired:%s scopes:%s>' % (
                 self.uuid,
                 self.client_id and six.text_type(self.client),
                 self.user_id and six.text_type(self.user),
                 self.client_id and str(self.client),
                 self.user_id and str(self.user),
                 self.expired,
                 self.scopes,
+            )
-...
         def __repr__(self):
             return '<OIDCAccessToken uuid:%s client:%s user:%s expired:%s scopes:%s>' % (
                 self.uuid,
                 self.client_id and six.text_type(self.client),
                 self.user_id and six.text_type(self.user),
                 self.client_id and str(self.client),
                 self.user_id and str(self.user),
                 self.expired,
                 self.scopes,
+            )

     import base64
     import hashlib
     import json
     import urllib.parse
     import uuid
     from django.conf import settings
     from django.core.exceptions import ImproperlyConfigured
     from django.utils import six
     from django.utils.encoding import force_bytes, force_text
     from django.utils.six.moves.urllib import parse as urlparse
     from jwcrypto.jwk import JWK, InvalidJWKValue, JWKSet
     from jwcrypto.jwt import JWT
-...
     def url_domain(url):
         return urlparse.urlparse(url).netloc.split(':')[0]
         return urllib.parse.urlparse(url).netloc.split(':')[0]
     def make_sub(client, user):
-...
     def normalize_claim_values(values):
         values_list = []
         if isinstance(values, six.string_types) or not hasattr(values, '__iter__'):
         if isinstance(values, str) or not hasattr(values, '__iter__'):
             return values
         for value in values:
             if isinstance(value, bool):

     from django.http import HttpResponse, HttpResponseNotAllowed, JsonResponse
     from django.shortcuts import render
     from django.urls import reverse
     from django.utils import six
     from django.utils.encoding import force_text
     from django.utils.http import urlencode
     from django.utils.timezone import now, utc
-...
                 'idp_oidc: sending code %s for scopes %s for service %s', code.uuid, ' '.join(scopes), client
+            )
             params = {
                 'code': six.text_type(code.uuid),
                 'code': str(code.uuid),
+            }
             if state is not None:
                 params['state'] = state
-...
+        )
         return JsonResponse(
+            {
                 'access_token': six.text_type(access_token.uuid),
                 'access_token': str(access_token.uuid),
                 'token_type': 'Bearer',
                 'expires_in': int(expires_in.total_seconds()),
                 'id_token': utils.make_idtoken(client, id_token),
-...
             id_token['nonce'] = oidc_code.nonce
         return JsonResponse(
+            {
                 'access_token': six.text_type(access_token.uuid),
                 'access_token': str(access_token.uuid),
                 'token_type': 'Bearer',
                 'expires_in': int(expires_in.total_seconds()),
                 'id_token': utils.make_idtoken(client, id_token),

     import copy
     import functools
     from django.conf import settings
     from django.contrib.contenttypes.models import ContentType
     from django.db.models.query import Q
     from django.utils import six
     try:
         from django.core.exceptions import FieldDoesNotExist
-...
                 return False
             if user_obj.is_superuser:
                 return True
             if isinstance(perm_or_perms, six.string_types):
             if isinstance(perm_or_perms, str):
                 perm_or_perms = [perm_or_perms]
             perm_or_perms = set(perm_or_perms)
             cache = self.get_permission_cache(user_obj)
-...
                 return False
             if user_obj.is_superuser:
                 return True
             if isinstance(perm_or_perms, six.string_types):
             if isinstance(perm_or_perms, str):
                 perm_or_perms = [perm_or_perms]
             perm_or_perms = set(perm_or_perms)
             cache = self.get_permission_cache(user_obj)
-...
                     ct_id, fk = key.split('.')
                     q.append(Q(pk=int(fk)))
             if q:
                 return six.moves.reduce(Q.__or__, q)
                 return functools.reduce(Q.__or__, q)
             return False
         def filter_by_perm(self, user_obj, perm_or_perms, qs):

     import contextlib
     import functools
     import threading
     from django.contrib.auth import get_user_model
-...
     from django.db import models
     from django.db.models import query
     from django.db.models.query import Prefetch, Q
     from django.utils import six
     from . import utils
-...
             obsolete = old - add
             if obsolete:
                 queries = (query.Q(parent_id=a, child_id=b, direct=False) for a, b in obsolete)
                 self.model.objects.filter(six.moves.reduce(query.Q.__or__, queries)).delete()
                 self.model.objects.filter(functools.reduce(query.Q.__or__, queries)).delete()
     @contextlib.contextmanager

     import functools
     import hashlib
     import operator
     from django.conf import settings
     from django.db import models
     from django.db.models.query import Prefetch, Q
     from django.utils import six
     from django.utils.text import slugify
     from django.utils.translation import ugettext_lazy as _
-...
         def save(self, *args, **kwargs):
             # truncate slug and add a hash if it's too long
             if not self.slug:
                 self.slug = slugify(six.text_type(self.name)).lstrip('_')
                 self.slug = slugify(str(self.name)).lstrip('_')
             if len(self.slug) > 256:
                 self.slug = self.slug[:252] + hashlib.md5(self.slug).hexdigest()[:4]
             if not self.uuid:
-...
                 if hasattr(backend, "filter_by_perm"):
                     results.append(backend.filter_by_perm(self, perm_or_perms, qs))
             if results:
                 return six.moves.reduce(operator.__or__, results)
                 return functools.reduce(operator.__or__, results)
             else:
                 return qs

     import contextlib
     import datetime
     import json
     import urllib.parse as urlparse
     import urllib.parse
     import uuid
     import httmock
-...
         def handle_authorization(self, app, url, **kwargs):
             assert url.startswith('https://fcp.integ01')
             parsed_url = urlparse.urlparse(url)
             parsed_url = urllib.parse.urlparse(url)
             query = QueryDict(parsed_url.query)
             assert_equals_url(query['redirect_uri'], self.callback_url)
             assert query['client_id'] == self.client_id
-...
                 app.session.flush()
             response = app.get(path)
             self.callback_params = {
                 k: v for k, v in QueryDict(urlparse.urlparse(response.location).query).items()
                 k: v for k, v in QueryDict(urllib.parse.urlparse(response.location).query).items()
+            }
             response = response.follow()
             response = response.click(href='callback')
-...
         def handle_logout(self, app, url):
             assert url.startswith('https://fcp.integ01.dev-franceconnect.fr/api/v1/logout')
             parsed_url = urlparse.urlparse(url)
             parsed_url = urllib.parse.urlparse(url)
             query = QueryDict(parsed_url.query)
             assert_equals_url(query['post_logout_redirect_uri'], 'http://testserver' + reverse('fc-logout'))
             assert query['state']

     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import datetime
     import urllib.parse
     import mock
     import requests
     from django.contrib.auth import get_user_model
     from django.urls import reverse
     from django.utils.six.moves.urllib import parse as urlparse
     from django.utils.timezone import now
     from authentic2.custom_user.models import DeletedUser
-...
     def path(url):
         return urlparse.urlparse(url).path
         return urllib.parse.urlparse(url).path
     def test_login_redirect(app, franceconnect):

     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import urllib.parse
     import django
     import django_webtest
     import mock
-...
     from django.core.management import call_command
     from django.db import connection
     from django.db.migrations.executor import MigrationExecutor
     from django.utils.six.moves.urllib import parse as urlparse
     from pytest_django.migrations import DisableMigrations
     from authentic2 import hooks as a2_hooks
-...
         else:
             def check_location(response, default_return):
                 assert urlparse.urljoin('http://testserver/', default_return).endswith(response['Location'])
                 assert urllib.parse.urljoin('http://testserver/', default_return).endswith(response['Location'])
         return check_location

     from __future__ import unicode_literals
     from django.utils.six.moves.urllib.parse import urlparse
     from urllib.parse import urlparse
     from authentic2.custom_user.models import User
     from authentic2.models import Attribute

     import base64
     import json
     import urllib.parse
     import pytest
     from django.contrib.auth import get_user_model
-...
     from django.test.utils import override_settings
     from django.urls import reverse
     from django.utils.encoding import force_text
     from django.utils.six import text_type
     from django.utils.six.moves.urllib import parse as urlparse
     from django.utils.translation import ugettext as _
     from rest_framework import status, test
-...
             response = login_require(request, login_hint=['backoffice'])
             self.assertEqualsURL(response['Location'].split('?', 1)[0], '/login/')
             self.assertEqualsURL(
                 urlparse.parse_qs(response['Location'].split('?', 1)[1])['next'][0], '/coin?nonce=xxx&next=/zob/'
                 urllib.parse.parse_qs(response['Location'].split('?', 1)[1])['next'][0],
                 '/coin?nonce=xxx&next=/zob/',
+            )
             self.assertEqual(request.session['login-hint'], ['backoffice'])
-...
             for i, name in enumerate(attribute_kinds.get_attribute_kinds()):
                 fields['field_%d' % i] = attribute_kinds.get_form_field(name)
             AttributeKindForm = type('AttributeKindForm', (forms.Form,), fields)
             text_type(AttributeKindForm().as_p())
             str(AttributeKindForm().as_p())
     class APITest(TestCase):

     import random
     import re
     import time
     import urllib.parse
     import pytest
     from django.contrib.auth import get_user_model
-...
     from django.http import QueryDict
     from django.urls import reverse
     from django.utils.encoding import force_str, force_text
     from django.utils.six.moves.urllib import parse as urlparse
     from django.utils.timezone import now, utc
     from httmock import HTTMock, urlmatch
     from jwcrypto.common import base64url_decode, base64url_encode, json_encode
-...
         provides_kid_header=False,
         kid=None,
     ):
         token_endpoint = urlparse.urlparse(oidc_provider.token_endpoint)
         userinfo_endpoint = urlparse.urlparse(oidc_provider.userinfo_endpoint)
         token_revocation_endpoint = urlparse.urlparse(oidc_provider.token_revocation_endpoint)
         token_endpoint = urllib.parse.urlparse(oidc_provider.token_endpoint)
         userinfo_endpoint = urllib.parse.urlparse(oidc_provider.userinfo_endpoint)
         token_revocation_endpoint = urllib.parse.urlparse(oidc_provider.token_revocation_endpoint)
         @urlmatch(netloc=token_endpoint.netloc, path=token_endpoint.path)
         def token_endpoint_mock(url, request):
             if urlparse.parse_qs(request.body).get('code') == [code]:
             if urllib.parse.parse_qs(request.body).get('code') == [code]:
                 exp = now() + datetime.timedelta(seconds=10)
                 id_token = {
                     'iss': oidc_provider.issuer,
-...
         @urlmatch(netloc=token_revocation_endpoint.netloc, path=token_revocation_endpoint.path)
         def token_revocation_endpoint_mock(url, request):
             query = urlparse.parse_qs(request.body)
             query = urllib.parse.parse_qs(request.body)
             assert 'token' in query
             return {
                 'status_code': 200,
-...
         response = app.get('/admin/').maybe_follow()
         assert oidc_provider.name in response.text
         response = response.click(oidc_provider.name)
         location = urlparse.urlparse(response.location)
         endpoint = urlparse.urlparse(oidc_provider.authorization_endpoint)
         location = urllib.parse.urlparse(response.location)
         endpoint = urllib.parse.urlparse(oidc_provider.authorization_endpoint)
         assert location.scheme == endpoint.scheme
         assert location.netloc == endpoint.netloc
         assert location.path == endpoint.path
-...
         assert set(hooks.auth_oidc_backend_modify_user[0]['kwargs']) >= set(
             ['user', 'provider', 'user_info', 'id_token', 'access_token']
+        )
         assert urlparse.urlparse(response['Location']).path == '/admin/'
         assert urllib.parse.urlparse(response['Location']).path == '/admin/'
         assert User.objects.count() == 1
         user = User.objects.get()
         assert user.ou == get_default_ou()
-...
         response = app.get('/').maybe_follow()
         assert oidc_provider.name in response.text
         response = response.click(oidc_provider.name)
         location = urlparse.urlparse(response.location)
         location = urllib.parse.urlparse(response.location)
         query = QueryDict(location.query)
         state = query['state']
         nonce = query['nonce']
-...
             with oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code, sub=simple_user.uuid, nonce=nonce):
                 response = app.get(login_callback_url(oidc_provider), params={'code': code, 'state': state})
         assert urlparse.urlparse(response['Location']).path == '/'
         assert urllib.parse.urlparse(response['Location']).path == '/'
         assert User.objects.count() == 1
         user = User.objects.get()
         # verify user was not modified
-...
         response = app.get('/').maybe_follow()
         assert oidc_provider.name in response.text
         response = response.click(oidc_provider.name)
         location = urlparse.urlparse(response.location)
         location = urllib.parse.urlparse(response.location)
         query = QueryDict(location.query)
         state = query['state']
         nonce = query['nonce']
-...
         config_file = os.path.join(config_dir, 'openid_configuration.json')
         with open(config_file) as f:
             oidc_conf = json.load(f)
         jwks_uri = urlparse.urlparse(oidc_conf['jwks_uri'])
         jwks_uri = urllib.parse.urlparse(oidc_conf['jwks_uri'])
         @urlmatch(netloc=jwks_uri.netloc, path=jwks_uri.path)
         def jwks_mock(url, request):
-...
         response = app.get('/').maybe_follow()
         assert oidc_provider_rsa.name in response.text
         response = response.click(oidc_provider_rsa.name)
         location = urlparse.urlparse(response.location)
         location = urllib.parse.urlparse(response.location)
         query = QueryDict(location.query)
         state = query['state']
         nonce = query['nonce']
-...
         response = app.get('/').maybe_follow()
         response = response.click(oidc_provider.name)
         location = urlparse.urlparse(response.location)
         location = urllib.parse.urlparse(response.location)
         query = QueryDict(location.query)
         state = query['state']
         nonce = query['nonce']
-...
         # As the oidc-state is used during a redirect from a third-party, we need
         # it to be lax.
         assert re.search('Set-Cookie.* oidc-state=.*SameSite=Lax', str(response))
         qs = urlparse.parse_qs(urlparse.urlparse(response.location).query)
         qs = urllib.parse.parse_qs(urllib.parse.urlparse(response.location).query)
         state = qs['state']
         # reset the session to forget the state
-...
         response = app.get('/').maybe_follow()
         assert oidc_provider.name in response.text
         response = response.click(oidc_provider.name)
         location = urlparse.urlparse(response.location)
         location = urllib.parse.urlparse(response.location)
         query = QueryDict(location.query)
         state = query['state']
         nonce = query['nonce']
-...
         response = app.get('/').maybe_follow()
         assert oidc_provider.name in response.text
         response = response.click(oidc_provider.name)
         location = urlparse.urlparse(response.location)
         location = urllib.parse.urlparse(response.location)
         query = QueryDict(location.query)
         state = query['state']
         nonce = query['nonce']

     # You should have received a copy of the GNU Affero General Public License
     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import urllib.parse
     from django.contrib.auth import get_user_model
     from django.test.client import Client, RequestFactory
     from django.test.utils import override_settings
     from django.utils.encoding import force_text
     from django.utils.six.moves.urllib import parse as urlparse
     from authentic2.a2_rbac.utils import get_default_ou
     from authentic2.constants import AUTHENTICATION_EVENTS_SESSION_KEY, NONCE_FIELD_NAME
-...
             assert service.authorized_roles.exists() is True
             response = client.get('/idp/cas/login', {constants.SERVICE_PARAM: self.URL})
             location = response['Location']
             query = urlparse.parse_qs(location.split('?')[1])
             query = urllib.parse.parse_qs(location.split('?')[1])
             next_url, next_url_query = query['next'][0].split('?')
             next_url_query = urlparse.parse_qs(next_url_query)
             next_url_query = urllib.parse.parse_qs(next_url_query)
             response = client.get(location)
             response = client.post(
                 location,
-...
             assert service.authorized_roles.exists() is True
             response = client.get('/idp/cas/login', {constants.SERVICE_PARAM: self.URL})
             location = response['Location']
             query = urlparse.parse_qs(location.split('?')[1])
             query = urllib.parse.parse_qs(location.split('?')[1])
             next_url, next_url_query = query['next'][0].split('?')
             next_url_query = urlparse.parse_qs(next_url_query)
             next_url_query = urllib.parse.parse_qs(next_url_query)
             response = client.get(location)
             response = client.post(
                 location,
-...
+            )
             response = client.get(response.url)
             client = Client()
             ticket_id = urlparse.parse_qs(response.url.split('?')[1])[constants.TICKET_PARAM][0]
             ticket_id = urllib.parse.parse_qs(response.url.split('?')[1])[constants.TICKET_PARAM][0]
             response = client.get(
                 '/idp/cas/validate', {constants.TICKET_PARAM: ticket_id, constants.SERVICE_PARAM: self.URL}
+            )
-...
             ticket = Ticket.objects.get()
             location = response['Location']
             url = location.split('?')[0]
             query = urlparse.parse_qs(location.split('?')[1])
             query = urllib.parse.parse_qs(location.split('?')[1])
             self.assertTrue(url.endswith('/login/'))
             self.assertIn('nonce', query)
             self.assertIn('next', query)
             self.assertEqual(query['nonce'], [ticket.ticket_id])
             next_url, next_url_query = query['next'][0].split('?')
             next_url_query = urlparse.parse_qs(next_url_query)
             next_url_query = urllib.parse.parse_qs(next_url_query)
             self.assertEqual(next_url, '/idp/cas/continue/')
             self.assertEqual(set(next_url_query.keys()), set([constants.SERVICE_PARAM, NONCE_FIELD_NAME]))
             self.assertEqual(next_url_query[constants.SERVICE_PARAM], [self.URL])
-...
             # Do not the same client for direct calls from the CAS service provider
             # to prevent use of the user session
             client = Client()
             ticket_id = urlparse.parse_qs(response.url.split('?')[1])[constants.TICKET_PARAM][0]
             ticket_id = urllib.parse.parse_qs(response.url.split('?')[1])[constants.TICKET_PARAM][0]
             response = client.get(
                 '/idp/cas/validate', {constants.TICKET_PARAM: ticket_id, constants.SERVICE_PARAM: self.URL}
+            )
-...
             ticket = Ticket.objects.get()
             location = response['Location']
             url = location.split('?')[0]
             query = urlparse.parse_qs(location.split('?')[1])
             query = urllib.parse.parse_qs(location.split('?')[1])
             self.assertTrue(url.endswith('/login/'))
             self.assertIn('nonce', query)
             self.assertIn('next', query)
             self.assertEqual(query['nonce'], [ticket.ticket_id])
             next_url, next_url_query = query['next'][0].split('?')
             next_url_query = urlparse.parse_qs(next_url_query)
             next_url_query = urllib.parse.parse_qs(next_url_query)
             self.assertEqual(next_url, '/idp/cas/continue/')
             self.assertEqual(set(next_url_query.keys()), set([constants.SERVICE_PARAM, NONCE_FIELD_NAME]))
             self.assertEqual(next_url_query[constants.SERVICE_PARAM], [self.URL])
-...
             # Do not the same client for direct calls from the CAS service provider
             # to prevent use of the user session
             client = Client()
             ticket_id = urlparse.parse_qs(response.url.split('?')[1])[constants.TICKET_PARAM][0]
             ticket_id = urllib.parse.parse_qs(response.url.split('?')[1])[constants.TICKET_PARAM][0]
             response = client.get(
                 '/idp/cas/serviceValidate', {constants.TICKET_PARAM: ticket_id, constants.SERVICE_PARAM: self.URL}
+            )
-...
             ticket = Ticket.objects.get()
             location = response['Location']
             url = location.split('?')[0]
             query = urlparse.parse_qs(location.split('?')[1])
             query = urllib.parse.parse_qs(location.split('?')[1])
             self.assertTrue(url.endswith('/login/'))
             self.assertIn('nonce', query)
             self.assertIn('next', query)
             self.assertEqual(query['nonce'], [ticket.ticket_id])
             next_url, next_url_query = query['next'][0].split('?')
             next_url_query = urlparse.parse_qs(next_url_query)
             next_url_query = urllib.parse.parse_qs(next_url_query)
             self.assertEqual(next_url, '/idp/cas/continue/')
             self.assertEqual(set(next_url_query.keys()), set([constants.SERVICE_PARAM, NONCE_FIELD_NAME]))
             self.assertEqual(next_url_query[constants.SERVICE_PARAM], [self.URL])
-...
             # Do not the same client for direct calls from the CAS service provider
             # to prevent use of the user session
             client = Client()
             ticket_id = urlparse.parse_qs(response.url.split('?')[1])[constants.TICKET_PARAM][0]
             ticket_id = urllib.parse.parse_qs(response.url.split('?')[1])[constants.TICKET_PARAM][0]
             response = client.get(
                 '/idp/cas/serviceValidate',
                 {constants.TICKET_PARAM: ticket_id, constants.SERVICE_PARAM: self.URL, constants.RENEW_PARAM: ''},
-...
             ticket = Ticket.objects.get()
             location = response['Location']
             url = location.split('?')[0]
             query = urlparse.parse_qs(location.split('?')[1])
             query = urllib.parse.parse_qs(location.split('?')[1])
             self.assertTrue(url.endswith('/login/'))
             self.assertIn('nonce', query)
             self.assertIn('next', query)
             self.assertEqual(query['nonce'], [ticket.ticket_id])
             next_url, next_url_query = query['next'][0].split('?')
             next_url_query = urlparse.parse_qs(next_url_query)
             next_url_query = urllib.parse.parse_qs(next_url_query)
             self.assertEqual(next_url, '/idp/cas/continue/')
             self.assertEqual(set(next_url_query.keys()), set([constants.SERVICE_PARAM, NONCE_FIELD_NAME]))
             self.assertEqual(next_url_query[constants.SERVICE_PARAM], [self.URL])
-...
             # Do not the same client for direct calls from the CAS service provider
             # to prevent use of the user session
             client = Client()
             ticket_id = urlparse.parse_qs(response.url.split('?')[1])[constants.TICKET_PARAM][0]
             ticket_id = urllib.parse.parse_qs(response.url.split('?')[1])[constants.TICKET_PARAM][0]
             response = client.get(
                 '/idp/cas/proxyValidate', {constants.TICKET_PARAM: ticket_id, constants.SERVICE_PARAM: self.URL}
+            )
-...
             ticket = Ticket.objects.get()
             location = response['Location']
             url = location.split('?')[0]
             query = urlparse.parse_qs(location.split('?')[1])
             query = urllib.parse.parse_qs(location.split('?')[1])
             self.assertTrue(url.endswith('/login/'))
             self.assertIn('nonce', query)
             self.assertIn('next', query)
             self.assertEqual(query['nonce'], [ticket.ticket_id])
             next_url, next_url_query = query['next'][0].split('?')
             next_url_query = urlparse.parse_qs(next_url_query)
             next_url_query = urllib.parse.parse_qs(next_url_query)
             self.assertEqual(next_url, '/idp/cas/continue/')
             self.assertEqual(set(next_url_query.keys()), set([constants.SERVICE_PARAM, NONCE_FIELD_NAME]))
             self.assertEqual(next_url_query[constants.SERVICE_PARAM], [self.URL])
-...
             # Do not the same client for direct calls from the CAS service provider
             # to prevent use of the user session
             client = Client()
             ticket_id = urlparse.parse_qs(response.url.split('?')[1])[constants.TICKET_PARAM][0]
             ticket_id = urllib.parse.parse_qs(response.url.split('?')[1])[constants.TICKET_PARAM][0]
             response = client.get(
                 '/idp/cas/serviceValidate',
+                {

     import datetime
     import functools
     import json
     import urllib.parse
     from importlib import import_module
     import pytest
-...
     from django.test.utils import override_settings
     from django.urls import reverse
     from django.utils.encoding import force_text
     from django.utils.six.moves.urllib import parse as urlparse
     from django.utils.timezone import now
     from jwcrypto.jwk import JWK, JWKSet
     from jwcrypto.jwt import JWT
-...
             assert code.auth_time <= now()
             assert code.expired >= now()
         assert response['Location'].startswith(redirect_uri)
         location = urlparse.urlparse(response['Location'])
         location = urllib.parse.urlparse(response['Location'])
         if oidc_client.authorization_flow == oidc_client.FLOW_AUTHORIZATION_CODE:
             query = urlparse.parse_qs(location.query)
             query = urllib.parse.parse_qs(location.query)
             assert set(query.keys()) == set(['code', 'state'])
             assert query['code'] == [code.uuid]
             code = query['code'][0]
-...
             id_token = response.json['id_token']
         elif oidc_client.authorization_flow == oidc_client.FLOW_IMPLICIT:
             assert location.fragment
             query = urlparse.parse_qs(location.fragment)
             query = urllib.parse.parse_qs(location.fragment)
             assert OIDCAccessToken.objects.count() == 1
             access_token = OIDCAccessToken.objects.get()
             assert set(query.keys()) == set(['access_token', 'token_type', 'expires_in', 'id_token', 'state'])
-...
     ):
         # check next_url qs
         if message:
             location = urlparse.urlparse(response.location)
             location = urllib.parse.urlparse(response.location)
             assert location.path == '/continue/'
             if check_next:
                 location_qs = QueryDict(location.query or '')
                 assert 'next' in location_qs
                 assert location_qs['next'].startswith(redirect_uri)
                 next_url = urlparse.urlparse(location_qs['next'])
                 next_url = urllib.parse.urlparse(location_qs['next'])
                 next_url_qs = QueryDict(next_url.fragment if fragment else next_url.query)
                 assert next_url_qs['error'] == error
                 assert next_url_qs['error_description'] == error_description
-...
             assert error_description in continue_response.pyquery('.error').text()
         elif check_next:
             assert response.location.startswith(redirect_uri)
             location = urlparse.urlparse(response.location)
             location = urllib.parse.urlparse(response.location)
             location_qs = QueryDict(location.fragment if fragment else location.query)
             assert location_qs['error'] == error
             assert location_qs['error_description'] == error_description
-...
     def assert_authorization_response(response, fragment=False, **kwargs):
         location = urlparse.urlparse(response.location)
         location = urllib.parse.urlparse(response.location)
         location_qs = QueryDict(location.fragment if fragment else location.query)
         assert set(location_qs) == set(kwargs)
         for key, value in kwargs.items():
-...
             },
+        )
         response = app.get(authorize_url)
         assert urlparse.urlparse(response['Location']).path == reverse('auth_login')
         assert urllib.parse.urlparse(response['Location']).path == reverse('auth_login')
         if oidc_client.authorization_mode != oidc_client.AUTHORIZATION_MODE_NONE:
             # prompt is none, but consent is required
-...
             code.expired = now() - datetime.timedelta(seconds=120)
             assert not code.is_valid()
             code.save()
             location = urlparse.urlparse(response['Location'])
             query = urlparse.parse_qs(location.query)
             location = urllib.parse.urlparse(response['Location'])
             query = urllib.parse.parse_qs(location.query)
             assert set(query.keys()) == set(['code'])
             assert query['code'] == [code.uuid]
             code = query['code'][0]
-...
         authorize_url = make_url('oidc-authorize', params=params)
         response = app.get(authorize_url)
         response = response.form.submit('accept')
         location = urlparse.urlparse(response['Location'])
         query = urlparse.parse_qs(location.query)
         location = urllib.parse.urlparse(response['Location'])
         query = urllib.parse.parse_qs(location.query)
         code = query['code'][0]
         token_url = make_url('oidc-token')
         response = app.post(
-...
             assert OIDCAuthorization.objects.get()
         if oidc_client.authorization_flow == oidc_client.FLOW_AUTHORIZATION_CODE:
             code = OIDCCode.objects.get()
         location = urlparse.urlparse(response['Location'])
         location = urllib.parse.urlparse(response['Location'])
         if oidc_client.authorization_flow == oidc_client.FLOW_AUTHORIZATION_CODE:
             query = urlparse.parse_qs(location.query)
             query = urllib.parse.parse_qs(location.query)
             code = query['code'][0]
             token_url = make_url('oidc-token')
             response = app.post(
-...
+            )
             id_token = response.json['id_token']
         elif oidc_client.authorization_flow == oidc_client.FLOW_IMPLICIT:
             query = urlparse.parse_qs(location.fragment)
             query = urllib.parse.parse_qs(location.fragment)
             id_token = query['id_token'][0]
         if oidc_client.idtoken_algo in (oidc_client.ALGO_RSA, oidc_client.ALGO_EC):
-...
         authorize_url = make_url('oidc-authorize', params=params)
         response = app.get(authorize_url)
         location = urlparse.urlparse(response['Location'])
         query = urlparse.parse_qs(location.query)
         location = urllib.parse.urlparse(response['Location'])
         query = urllib.parse.parse_qs(location.query)
         assert query['service'] == ['default client']
         response = response.follow().click('Register')
         location = urlparse.urlparse(response.request.url)
         query = urlparse.parse_qs(location.query)
         location = urllib.parse.urlparse(response.request.url)
         query = urllib.parse.parse_qs(location.query)
         assert query['service'] == ['default client']
         response.form.set('email', 'john.doe@example.com')
-...
             authorize_url = make_url('oidc-authorize', params=params)
             response = app.get(authorize_url)
             location = urlparse.urlparse(response['Location'])
             query = urlparse.parse_qs(location.query)
             location = urllib.parse.urlparse(response['Location'])
             query = urllib.parse.parse_qs(location.query)
             code = query['code'][0]
             token_url = make_url('oidc-token')
-...
             authorize_url = make_url('oidc-authorize', params=params)
             response = app.get(authorize_url)
             location = urlparse.urlparse(response['Location'])
             query = urlparse.parse_qs(location.query)
             location = urllib.parse.urlparse(response['Location'])
             query = urllib.parse.parse_qs(location.query)
             code = query['code'][0]
             token_url = make_url('oidc-token')

     import datetime
     import hashlib
     import re
     import urllib.parse
     import xml.etree.ElementTree as ET
     import lasso
-...
     from django.template import Context, Template
     from django.urls import reverse
     from django.utils.encoding import force_bytes, force_str, force_text
     from django.utils.six.moves.urllib import parse as urlparse
     from django.utils.translation import gettext as _
     from authentic2.a2_rbac.models import OrganizationalUnit, Role
-...
                     ),
+                )
             login.buildAuthnRequestMsg()
             url_parsed = urlparse.urlparse(login.msgUrl)
             url_parsed = urllib.parse.urlparse(login.msgUrl)
             assert url_parsed.path == reverse('a2-idp-saml-sso'), 'msgUrl should target the sso endpoint'
             if self.keys:
                 assert 'rsa-sha256' in login.msgUrl
-...
             if response.location:
                 method = lasso.HTTP_METHOD_ARTIFACT_GET
                 query_string = response.location.split('?', 1)[1]
                 parsed_query_string = urlparse.parse_qs(query_string)
                 parsed_query_string = urllib.parse.parse_qs(query_string)
                 self.relay_state = parsed_query_string.get('RelayState')
                 login.msgRelayState = force_str(self.relay_state)
             else:  # lasso.HTTP_METHOD_ARTIFACT_POST, never happens
-...
                     REDIRECT_FIELD_NAME: make_url('a2-idp-saml-continue', params={NONCE_FIELD_NAME: request_id}),
                 },
+            )
             self.nonce = urlparse.parse_qs(urlparse.urlparse(response['Location']).query)['nonce'][0]
             self.nonce = urllib.parse.parse_qs(urllib.parse.urlparse(response['Location']).query)['nonce'][0]
             url = response['Location']
             response = self.app.get(url)
             assert response.status_code == 200

     # You should have received a copy of the GNU Affero General Public License
     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import builtins as __builtin__
     import json
     import random
-...
     from django import VERSION
     from django.core import management
     from django.core.exceptions import ValidationError
     from django.utils.six.moves import builtins as __builtin__
     from django_rbac.utils import get_role_model

     import json
     import os
     import time
     import urllib.parse
     import ldap
     import mock
-...
     from django.core.exceptions import ImproperlyConfigured
     from django.utils import timezone
     from django.utils.encoding import force_bytes, force_text
     from django.utils.six.moves.urllib import parse as urlparse
     from ldap.dn import escape_dn_chars
     from ldaptools.slapd import Slapd, has_slapd
-...
         assert all(
+            [
                 user.userexternalid_set.first().external_id
                 == urlparse.quote(user.username.split('@')[0].encode('utf-8'))
                 == urllib.parse.quote(user.username.split('@')[0].encode('utf-8'))
                 for user in User.objects.all()
+            ]
+        )

     # You should have received a copy of the GNU Affero General Public License
     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     from urllib.parse import quote
     import pytest
     from django.contrib.auth import get_user_model
     from django.utils.six.moves.urllib.parse import quote
     from authentic2 import models

     from __future__ import unicode_literals
     import json
     from urllib.parse import urlparse
     import pytest
     from django.contrib.auth import get_user_model
-...
     from django.core import mail
     from django.urls import reverse
     from django.utils.encoding import force_bytes, force_str
     from django.utils.six.moves.urllib.parse import urlparse
     from webtest import Upload
     from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP

     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     from datetime import date
     from urllib.parse import urlparse
     from django.contrib.auth import REDIRECT_FIELD_NAME, get_user_model
     from django.urls import reverse
     from django.utils.http import urlquote
     from django.utils.six.moves.urllib.parse import urlparse
     from authentic2 import models, utils
     from authentic2.apps.journal.models import Event

     from django.contrib.auth import get_user_model
     from django.contrib.contenttypes.models import ContentType
     from django.urls import reverse
     from django.utils.six import text_type
     from webtest import Upload
     from authentic2.a2_rbac.utils import get_default_ou, get_view_user_perm
-...
         response = login(
             app,
             superuser_or_admin,
             reverse('a2-manager-user-by-uuid-detail', kwargs={'slug': text_type(simple_user.uuid)}),
             reverse('a2-manager-user-by-uuid-detail', kwargs={'slug': str(simple_user.uuid)}),
+        )
         assert 'Change user email' in response.text
         # cannot click it's a submit button :/
         response = app.get(
             reverse('a2-manager-user-by-uuid-change-email', kwargs={'slug': text_type(simple_user.uuid)})
             reverse('a2-manager-user-by-uuid-change-email', kwargs={'slug': str(simple_user.uuid)})
+        )
         assert response.form['new_email'].value == simple_user.email
         response.form.set('new_email', NEW_EMAIL)
-...
         response = login(
             app,
             superuser_or_admin,
             reverse('a2-manager-user-by-uuid-detail', kwargs={'slug': text_type(simple_user.uuid)}),
             reverse('a2-manager-user-by-uuid-detail', kwargs={'slug': str(simple_user.uuid)}),
+        )
         assert 'Change user email' in response.text
         # cannot click it's a submit button :/
         response = app.get(
             reverse('a2-manager-user-by-uuid-change-email', kwargs={'slug': text_type(simple_user.uuid)})
             reverse('a2-manager-user-by-uuid-change-email', kwargs={'slug': str(simple_user.uuid)})
+        )
         assert response.form['new_email'].value == simple_user.email
         assert len(mailoutbox) == 0

     # authentic2
     import datetime
     from urllib.parse import urlparse
     import pytest
     from django.urls import reverse
     from django.utils.html import escape
     from django.utils.six.moves.urllib.parse import urlparse
     from authentic2.custom_user.models import DeletedUser, User

     import base64
     import re
     import socket
     import urllib.parse
     from contextlib import closing, contextmanager
     import httmock
-...
     from django.shortcuts import resolve_url
     from django.test import TestCase
     from django.urls import reverse
     from django.utils import six
     from django.utils.encoding import force_text, iri_to_uri
     from django.utils.six.moves.urllib import parse as urlparse
     from lxml import etree
     from authentic2 import models, utils
-...
         value.
         """
         url1 = iri_to_uri(utils.make_url(url1, params=None))
         splitted1 = urlparse.urlsplit(url1)
         splitted1 = urllib.parse.urlsplit(url1)
         url2 = iri_to_uri(utils.make_url(url2, params=kwargs))
         splitted2 = urlparse.urlsplit(url2)
         splitted2 = urllib.parse.urlsplit(url2)
         for i, (elt1, elt2) in enumerate(zip(splitted1, splitted2)):
             if i == 3:
                 elt1 = urlparse.parse_qs(elt1, True)
                 elt2 = urlparse.parse_qs(elt2, True)
                 elt1 = urllib.parse.parse_qs(elt1, True)
                 elt2 = urllib.parse.parse_qs(elt2, True)
                 for k, v in elt1.items():
                     elt1[k] = set(v)
                 for k, v in elt2.items():
-...
     def assert_redirects_complex(response, expected_url, **kwargs):
         assert response.status_code == 302, 'code should be 302'
         scheme, netloc, path, query, fragment = urlparse.urlsplit(response.url)
         e_scheme, e_netloc, e_path, e_query, e_fragment = urlparse.urlsplit(expected_url)
         scheme, netloc, path, query, fragment = urllib.parse.urlsplit(response.url)
         e_scheme, e_netloc, e_path, e_query, e_fragment = urllib.parse.urlsplit(expected_url)
         e_scheme = e_scheme if e_scheme else scheme
         e_netloc = e_netloc if e_netloc else netloc
         expected_url = urlparse.urlunsplit((e_scheme, e_netloc, e_path, e_query, e_fragment))
         expected_url = urllib.parse.urlunsplit((e_scheme, e_netloc, e_path, e_query, e_fragment))
         assert_equals_url(response['Location'], expected_url, **kwargs)
-...
         for xpath, content in constraints:
             nodes = doc.xpath(xpath, namespaces=namespaces)
             assert len(nodes) > 0, 'xpath %s not found' % xpath
             if isinstance(content, six.string_types):
             if isinstance(content, str):
                 for node in nodes:
                     if hasattr(node, 'text'):
                         assert node.text == content, 'xpath %s does not contain %s but %s' % (
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2