diff --git a/ordr/tests/__init__.py b/ordr/tests/__init__.py
index 46d1833..e253c7b 100644
--- a/ordr/tests/__init__.py
+++ b/ordr/tests/__init__.py
@@ -60,9 +60,9 @@ def get_example_user(role):
     user = User(
         id=id_,
         username=first_name + last_name,
-        first_name = first_name,
-        last_name = last_name,
-        email = last_name.lower() + '@example.com',
+        first_name=first_name,
+        last_name=last_name,
+        email=last_name.lower() + '@example.com',
         role=role
         )
     user.set_password(first_name)
diff --git a/ordr/tests/security.py b/ordr/tests/security.py
index adba9f4..9c027ae 100644
--- a/ordr/tests/security.py
+++ b/ordr/tests/security.py
@@ -2,7 +2,7 @@ import pytest
 
 from pyramid.testing import DummyRequest
 
-from . import app_config, dbsession, get_example_user
+from . import app_config, dbsession, get_example_user  # noqa: F401
 
 
 def test_crypt_context_to_settings():
@@ -40,33 +40,33 @@ def test_authentication_policy_authenticated_user_id_with_user():
 
 def test_authentication_policy_effective_principals_no_user():
     from ordr.security import AuthenticationPolicy
-    from pyramid.security import Everyone 
+    from pyramid.security import Everyone
     request = DummyRequest(user=None)
     ap = AuthenticationPolicy('')
     result = ap.effective_principals(request)
     assert result == [Everyone]
     
     
-def test_authentication_policy_effective_principals_no_user():
+def test_authentication_policy_effective_principals_with_user():
     from ordr.security import AuthenticationPolicy
     from ordr.models import User, Role
-    from pyramid.security import Authenticated, Everyone 
+    from pyramid.security import Authenticated, Everyone
     ap = AuthenticationPolicy('')
     user = User(id=123, role=Role.PURCHASER)
     request = DummyRequest(user=user)
     result = ap.effective_principals(request)
     expected = [
-        Everyone, 
-        Authenticated, 
-        'user:123', 
-        'role:purchaser', 
+        Everyone,
+        Authenticated,
+        'user:123',
+        'role:purchaser',
         'role:user'
         ]
     assert result == expected
 
 
-@pytest.mark.parametrize(
-    'uauid,role_name',  [
+@pytest.mark.parametrize(  # noqa: F811
+    'uauid,role_name', [
         (3, 'USER'),
         (4, 'PURCHASER'),
         (5, 'ADMIN'),
@@ -74,7 +74,7 @@ def test_authentication_policy_effective_principals_no_user():
     )
 def test_get_user_returns_user(dbsession, uauid, role_name):
     from ordr.security import get_user
-    from ordr.models import User, Role
+    from ordr.models import Role
     # this is a dirty hack, but DummyRequest does not accept setting an
     # unauthenticated_userid
     from pyramid.testing import DummyResource
@@ -86,9 +86,8 @@ def test_get_user_returns_user(dbsession, uauid, role_name):
     assert get_user(request) == user
 
 
-
-@pytest.mark.parametrize(
-    'uauid,role_name',  [
+@pytest.mark.parametrize(  # noqa: F811
+    'uauid,role_name', [
         (1, 'UNVALIDATED'),
         (2, 'NEW'),
         (6, 'INACTIVE'),
@@ -98,7 +97,7 @@ def test_get_user_returns_user(dbsession, uauid, role_name):
     )
 def test_get_user_returns_none(dbsession, uauid, role_name):
     from ordr.security import get_user
-    from ordr.models import User, Role
+    from ordr.models import Role
     # this is a dirty hack, but DummyRequest does not accept setting an
     # unauthenticated_userid
     from pyramid.testing import DummyResource