dce_lti 0.4.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 93969389a33a1c7eabee7af327fd8f3b38df303e
-  data.tar.gz: 9a042ba6f70ac543103a9c66087829f6db3cf672
+  metadata.gz: a4dcee8b8e745797874479ffb1d75eb6e468bd16
+  data.tar.gz: 844b534a13367e71716209aaf8818a74ff19c9aa
 SHA512:
-  metadata.gz: e71bb0b7f2f05bc3f360f194857efa660dbf37a1e06fd14ad2b48198317ed64a0877fd696f6aa7151137a6074f027919c1ee0dcc204539aef550ce0632ecdf94
-  data.tar.gz: e43d735ebe797fde5a6f78b0f5e81c8390bedba4df62c667fb44632e2cd732dd2ad638adc4ef5c6d5ebd58c66ded71bc48d155086f37e9f1a21813ed305f574b
+  metadata.gz: edebe996ebdddee116b497723a5958fd494027adfc4292e36eca9880737d84d6bb8ab12da1615be1605be6445fbc66a4b5737d6b2c4521d232b012c197ac5ddd
+  data.tar.gz: 60aec8cf3c206bf68891a781a125f8c5d66348dc734989a88a5d1e9a4d69b27152321e57ba9f1b92957ae87c3c0a92532faf62ed971ebdfd7fb05f4b21351046

data/README.md

@@ -10,11 +10,18 @@ the [IMS::LTI gem](https://github.com/instructure/ims-lti).
 
 ## Getting started
 
-Add this engine to your gemfile:
+Add these gems to your gemfile:
 
     gem 'dce_lti'
+    gem 'activerecord-session_store', '~> 0.1.1''
 
-Install it and run migrations:
+Update (or create) `config/initializers/session_store.rb` and ensure it contains:
+
+    Rails.application.config.session_store :active_record_store, key: '_your_app_session', expire_after: 60.minutes
+
+Where `_your_app_session` is your application's session key.
+
+Bundle, install and then run migrations:
 
     bundle
     rake dce_lti:install
@@ -36,6 +43,10 @@ you have a valid LTI-provided user in `current_user`, thusly:
       end
     end
 
+That's it! You'll need to configure to fit your use case, but you've got the
+basics of LTI authentication (including experimental cookieless sessioning, see
+below) working already.
+
 ## Configuration
 
 The generated config looks something like (commented defaults omitted):
@@ -105,7 +116,7 @@ See
 and other classes/modules under the IMS::LTI::Extensions hierarchy for further
 options.
 
-## Notes
+## Other
 
 The `DceLti` provided controllers inherit from `ApplicationController` as
 defined in your application.
@@ -138,6 +149,95 @@ rendered. You can customize this output by creating a file named
 `app/views/dce_lti/sessions/invalid.html.erb`, per the default engine view
 resolution behavior.
 
+### Cookieless Sessions - Experimental
+
+If you're running your LTI app on a domain different than your LMS, it will not
+work in recent Safari browers.  This is because [Safari blocks third party
+cookies set in an iframe by
+default](https://support.apple.com/kb/PH19214?locale=en_US). Mozilla has hinted
+at implementing this default as well, so the days of setting a cookie in an
+iframe and expecting it to work are probably numbered. Thanks, pervasive ad
+networks!
+
+There are a few options:
+
+1. Run your LMS and LTI provider on the same domain. This isn't really doable
+   if you want to provide a tool useful to multiple consumers on multiple domains,
+1. Only provide completely anonymous LTI tools,
+1. Build single page javascript-driven apps,
+1. Ask your users to enable third-party cookies,
+1. Block users when you detect they don't support third-party cookies,
+1. Persist the users session by including it in every link and form.
+
+This engine implements the last option by detecting when a browser doesn't
+accept cookies and then rewriting outgoing URLs and forms to include a session.
+
+This behavior is disabled by default and requires minimal app-level changes:
+
+1. Edit `config/initializers/dce_lti_config.rb`. Uncomment
+   `lti.enable_cookieless_sessions = false` and set it to `true`.
+1. You must use database sessions as provided by `activerecord-session_store`,
+   which we install by default and you should've already configured.
+1. The `redirect_after_successful_auth` path must include the session key and
+   id so we can pick it up if cookies aren't available (this is the default as
+   well).
+
+Please report bugs to github issues, there are bound to be a few.
+
+If a user supports cookies, we do basically nothing. We don't rewrite forms or
+URLs and we use a cookied (and database-backed) session per the usual.
+
+#### How cookieless sessions work
+
+When a request comes in without a cookie but with the session key and ID, then
+the `DceLti::Middleware::CookieShim` middleware "shims" it into the Rack
+environment and the session information is restored by subsequent middleware.
+
+When we detect that a user doesn't accept third-party cookies, we use
+`Rack::Plastic` to rewrite forms and URLs to include the session key and id
+from the `redirect_after_successful_auth` redirect.  This happens in the
+`DceLti::Middleware::CookielessSessions` middleware.
+
+#### Known issues with cookieless sessions
+
+* Even if your app works with cookieless sessions, other cookie sessioned
+  iframe'd apps won't: for instance the youtube javascript iframe API and many
+  other third-party javascript apps.
+* We only rewrite URLs without a protocol and domain ('/posts/1') to match the
+  URLs emitted by rails by default. If you're manually inserting links to your
+  application that include the protocol and domain name
+  ('http://example.com/posts/1'), the middleware doesn't catch it.  This could
+  be fixed to be a bit smarter in the future.
+* You will need to ensure that the session key and id tags along for ajax
+  requests to your LTI application.
+
+#### Database session cleanup
+
+Run the included `dce_lti:clean_sessions` rake task periodically to remove old
+sessions - the default is 7 days, you can modify this with the
+`OLDER_THAN_X_DAYS` environment variable, thusly:
+
+    OLDER_THAN_X_DAYS=14 rake dce_lti:clean_sessions
+
+#### Database session hijacking for cookieless sessions
+
+This is an issue, unfortunately. If a malicious user were able to get ahold of
+a link in another user's LTI session (when that other user is under a
+cookieless session) it'd contain a working session ID and could be exploited.
+
+This can be mitigated several ways:
+
+1. Deliver your LTI application over SSL to protect the transport layer. You
+ pretty much need to do this anyway, so this shouldn't be a big deal.
+1. Expire your sessions by setting the `expire_after` option in
+  `config/initializers/session_store.rb` to a value short enough to not annoy
+  your users.
+
+If you set `expire_after` too short, your users will get annoyed. If you set it
+too long, the sessions will linger and increase the time the session is
+vulnerable. We're looking into other ways of mitigating this as well - PRs
+accepted!
+
 ### Nonce cleanup
 
 You can clean up lti-related

data/db/migrate/20150206152909_add_sessions_table.rb

@@ -0,0 +1,12 @@
+class AddSessionsTable < ActiveRecord::Migration
+  def change
+    create_table :sessions do |t|
+      t.string :session_id, :null => false
+      t.text :data
+      t.timestamps
+    end
+
+    add_index :sessions, :session_id, :unique => true
+    add_index :sessions, :updated_at
+  end
+end

data/lib/dce_lti/controller_methods.rb

@@ -14,5 +14,10 @@ module DceLti
           User.find_by(id: session[:current_user_id])
         end
     end
+
+    def cookieless_session?
+      cookie = env.fetch('HTTP_COOKIE', '')
+      cookie.blank? || cookie.match(/shimmed_cookie/)
+    end
   end
 end

data/lib/dce_lti/engine.rb

@@ -12,20 +12,34 @@ resource_link_id
 resource_link_title
 tool_consumer_instance_guid
 launch_presentation_return_url
-    |
+      |
+
+      config.enable_cookieless_sessions = false
 
       config.provider_title = (ENV['LTI_PROVIDER_TITLE'] || 'DCE LTI Provider')
       config.provider_description = (ENV['LTI_PROVIDER_DESCRIPTION'] || 'A description of this')
 
       config.redirect_after_successful_auth = -> (controller) do
-        Rails.application.routes.url_helpers.root_path
+        session_key_name = Rails.application.config.session_options[:key]
+        Rails.application.routes.url_helpers.root_path(session_key_name => controller.session.id)
       end
+
       config.tool_config_extensions = ->(*) {}
       yield config
     end
 
     initializer 'dce_lti.load_helpers' do
       ActionController::Base.send :include, ControllerMethods
+      ActionController::Base.send :include, RedirectToHelper
+      ActionController::Base.send :helper, RedirectToHelper
+      ApplicationController.skip_before_filter :verify_authenticity_token, if: :cookieless_session?
+    end
+
+    initializer 'dce_lti.add_middleware' do |app|
+      if config.enable_cookieless_sessions
+        app.middleware.insert_before ActionDispatch::Cookies, 'DceLti::Middleware::CookieShim'
+        app.middleware.use 'DceLti::Middleware::CookielessSessions'
+      end
     end
 
     isolate_namespace DceLti

data/lib/dce_lti/middleware/cookie_shim.rb

@@ -0,0 +1,36 @@
+module DceLti
+  module Middleware
+    class CookieShim
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        if env['HTTP_COOKIE'].to_s.strip.empty?
+          params = parse_query_string(env)
+          if params[session_key_name.to_s]
+            env['HTTP_COOKIE'] = "#{session_key_name}=#{params[session_key_name.to_s]};shimmed_cookie=1"
+          end
+        end
+
+        @app.call(env)
+      end
+
+      private
+
+      def parse_query_string(env)
+        query_string = env['QUERY_STRING']
+        params = {}
+        query_string.split('&').each do |parameter|
+          (key, value) = parameter.split('=')
+          params[key] = value
+        end
+        params
+      end
+
+      def session_key_name
+        @session_key_name ||= Rails.application.config.session_options[:key]
+      end
+    end
+  end
+end

data/lib/dce_lti/middleware/cookieless_sessions.rb

@@ -0,0 +1,79 @@
+require 'rack-plastic'
+
+module DceLti
+  module Middleware
+    class CookielessSessions < Rack::Plastic
+      def change_nokogiri_doc(doc)
+        if no_cookies? || shimmed_cookie?
+          doc.css('a').each do |a|
+            href = a[:href]
+
+            next unless local_url?(href)
+            next if url_has_key_already?(href)
+
+            if href.match(/\?/)
+              a[:href] += "&#{session_key_name}=#{session_id}"
+            else
+              a[:href] += "?#{session_key_name}=#{session_id}"
+            end
+          end
+
+          doc.css('form').each do |form|
+            action = form[:action]
+            next unless local_url?(action)
+            next if url_has_key_already?(action)
+
+            # For PATCH, PUT, DELETE and POST, which allow
+            # params mixed in the action and the form.
+            if action.match(/\?/)
+              form[:action] += "&#{session_key_name}=#{session_id}"
+            else
+              form[:action] += "?#{session_key_name}=#{session_id}"
+            end
+
+            # For GET, oddly. GET method forms stomp all params encoded
+            # in the action
+            input_node = Nokogiri::XML::Node.new('input', doc)
+            input_node[:type] = 'hidden'
+            input_node[:name] = session_key_name
+            input_node[:value] = session_id
+            form.children.first.add_previous_sibling(
+              input_node
+            )
+          end
+        end
+        doc
+      end
+
+      private
+
+      def shimmed_cookie?
+        @p.request.env['HTTP_COOKIE'].to_s.strip.match(/shimmed_cookie/)
+      end
+
+      def no_cookies?
+        @p.request.env['HTTP_COOKIE'].to_s.strip.empty?
+      end
+
+      def local_url?(url)
+        ! url.match(/\Ahttps?:\/\/|\/\//i)
+      end
+
+      def url_has_key_already?(url)
+        url.match(/#{session_key_name}/i)
+      end
+
+      def session_key_name
+        @session_key_name ||= Rails.application.config.session_options[:key]
+      end
+
+      def session
+        @p.request.env['rack.session']
+      end
+
+      def session_id
+        session.id
+      end
+    end
+  end
+end

data/lib/dce_lti/redirect_to_helper.rb

@@ -0,0 +1,25 @@
+module DceLti
+  module RedirectToHelper
+    def redirect_to(options)
+      session_key_name = Rails.application.config.session_options[:key]
+      if request.env.fetch('HTTP_COOKIE', '').match(/shimmed_cookie/) &&
+        (::DceLti::Engine.config.enable_cookieless_sessions)
+        case options
+        when Hash
+          options.merge!(session_key_name => session.id)
+        when String
+          if options.match(/\?/)
+            unless options.match(/#{session_key_name}/)
+              options += %Q|&#{session_key_name}=#{session.id}|
+            end
+          else
+            unless options.match(/#{session_key_name}/)
+              options += %Q|?#{session_key_name}=#{session.id}|
+            end
+          end
+        end
+      end
+      super(options)
+    end
+  end
+end

data/lib/dce_lti/version.rb

@@ -1,3 +1,3 @@
 module DceLti
-  VERSION = "0.4.0"
+  VERSION = "0.5.0"
 end

data/lib/dce_lti.rb

@@ -1,5 +1,8 @@
 require "dce_lti/engine"
 require 'dce_lti/controller_methods'
+require 'dce_lti/redirect_to_helper'
+require 'dce_lti/middleware/cookie_shim'
+require 'dce_lti/middleware/cookieless_sessions'
 
 module DceLti
 end

data/lib/tasks/dce_lti_tasks.rake

@@ -31,4 +31,11 @@ engine provides.
   task clean_nonces: :environment do
     DceLti::Nonce.clean
   end
+
+  desc 'Clean up old sessions'
+  task clean_sessions: :environment do
+    older_than = (ENV.fetch('OLDER_THAN_X_DAYS', 7)).to_i
+    session_klass = ActionDispatch::Session::ActiveRecordStore.session_class
+    session_klass.where('updated_at < ?', (Time.now - older_than.days)).delete_all
+  end
 end

data/spec/dummy/config/initializers/dce_lti_config.rb

@@ -5,7 +5,21 @@ DceLti::Engine.setup do |lti|
   #
   # lti.provider_title = (ENV['LTI_PROVIDER_TITLE'] || 'DCE LTI Provider')
   # lti.provider_description = (ENV['LTI_PROVIDER_DESCRIPTION'] || 'A description of this')
-  # lti.redirect_after_successful_auth = ->(controller) { Rails.application.routes.url_helpers.root_path }
+  #
+  # Set this to `true` to enable the form and URL-rewriting behavior that
+  # allows for the creation of cookieless sessions. The default is `false`,
+  # meaning we don't attempt to use cookieless sessions when a cookie cannot be
+  # set - the session just fails.
+  #
+  # lti.enable_cookieless_sessions = false
+  #
+  # The default post-auth redirect includes the session key and session id so
+  # that we can instantiate a successful cookieless session if needed.
+  #
+  # lti.redirect_after_successful_auth = ->(controller) {
+  #   session_key_name = Rails.application.config.session_options[:key]
+  #   Rails.application.routes.url_helpers.root_path(session_key_name => controller.session.id)
+  # }
 
   lti.consumer_secret = (ENV['LTI_CONSUMER_SECRET'] || 'consumer_secret')
   lti.consumer_key = (ENV['LTI_CONSUMER_KEY'] || 'consumer_key')

data/spec/dummy/log/development.log

@@ -2983,3 +2983,69 @@ Completed 200 OK in 3ms (Views: 0.4ms | ActiveRecord: 0.6ms)
    (0.2ms)  SELECT version FROM "schema_migrations"
    (1.2ms)  INSERT INTO "schema_migrations" (version) VALUES ('20141008172001')
    (1.1ms)  INSERT INTO "schema_migrations" (version) VALUES ('20141003180140')
+   (105.5ms)  DROP DATABASE IF EXISTS "dce_lti_dummy_test"
+   (241.9ms)  CREATE DATABASE "dce_lti_dummy_test" ENCODING = 'utf8'
+  SQL (0.1ms)  CREATE EXTENSION IF NOT EXISTS "plpgsql"
+   (13.1ms)  CREATE TABLE "dce_lti_nonces" ("id" serial primary key, "nonce" character varying(255), "created_at" timestamp, "updated_at" timestamp) 
+   (4.4ms)  CREATE UNIQUE INDEX  "index_dce_lti_nonces_on_nonce" ON "dce_lti_nonces" USING btree ("nonce")
+   (6.6ms)  CREATE TABLE "dce_lti_users" ("id" serial primary key, "lti_user_id" character varying(255), "lis_person_contact_email_primary" character varying(255), "lis_person_name_family" character varying(255), "lis_person_name_full" character varying(255), "lis_person_name_given" character varying(255), "lis_person_sourcedid" character varying(255), "user_image" character varying(255), "roles" character varying(255)[] DEFAULT '{}', "created_at" timestamp, "updated_at" timestamp) 
+   (1.4ms)  CREATE TABLE "schema_migrations" ("version" character varying(255) NOT NULL) 
+   (3.4ms)  CREATE UNIQUE INDEX  "unique_schema_migrations" ON "schema_migrations"  ("version")
+   (0.3ms)  SELECT version FROM "schema_migrations"
+   (1.2ms)  INSERT INTO "schema_migrations" (version) VALUES ('20141008172001')
+   (1.0ms)  INSERT INTO "schema_migrations" (version) VALUES ('20141003180140')
+   (205.8ms)  DROP DATABASE IF EXISTS "dce_lti_dummy_test"
+   (227.7ms)  CREATE DATABASE "dce_lti_dummy_test" ENCODING = 'utf8'
+  SQL (0.1ms)  CREATE EXTENSION IF NOT EXISTS "plpgsql"
+   (7.5ms)  CREATE TABLE "dce_lti_nonces" ("id" serial primary key, "nonce" character varying(255), "created_at" timestamp, "updated_at" timestamp) 
+   (3.5ms)  CREATE UNIQUE INDEX  "index_dce_lti_nonces_on_nonce" ON "dce_lti_nonces" USING btree ("nonce")
+   (13.6ms)  CREATE TABLE "dce_lti_users" ("id" serial primary key, "lti_user_id" character varying(255), "lis_person_contact_email_primary" character varying(255), "lis_person_name_family" character varying(255), "lis_person_name_full" character varying(255), "lis_person_name_given" character varying(255), "lis_person_sourcedid" character varying(255), "user_image" character varying(255), "roles" character varying(255)[] DEFAULT '{}', "created_at" timestamp, "updated_at" timestamp) 
+   (2.7ms)  CREATE TABLE "schema_migrations" ("version" character varying(255) NOT NULL) 
+   (7.0ms)  CREATE UNIQUE INDEX  "unique_schema_migrations" ON "schema_migrations"  ("version")
+   (0.2ms)  SELECT version FROM "schema_migrations"
+   (2.3ms)  INSERT INTO "schema_migrations" (version) VALUES ('20141008172001')
+   (2.2ms)  INSERT INTO "schema_migrations" (version) VALUES ('20141003180140')
+   (104.9ms)  DROP DATABASE IF EXISTS "dce_lti_dummy_test"
+   (233.8ms)  CREATE DATABASE "dce_lti_dummy_test" ENCODING = 'utf8'
+  SQL (0.2ms)  CREATE EXTENSION IF NOT EXISTS "plpgsql"
+   (8.3ms)  CREATE TABLE "dce_lti_nonces" ("id" serial primary key, "nonce" character varying(255), "created_at" timestamp, "updated_at" timestamp) 
+   (3.3ms)  CREATE UNIQUE INDEX  "index_dce_lti_nonces_on_nonce" ON "dce_lti_nonces" USING btree ("nonce")
+   (7.5ms)  CREATE TABLE "dce_lti_users" ("id" serial primary key, "lti_user_id" character varying(255), "lis_person_contact_email_primary" character varying(255), "lis_person_name_family" character varying(255), "lis_person_name_full" character varying(255), "lis_person_name_given" character varying(255), "lis_person_sourcedid" character varying(255), "user_image" character varying(255), "roles" character varying(255)[] DEFAULT '{}', "created_at" timestamp, "updated_at" timestamp) 
+   (1.5ms)  CREATE TABLE "schema_migrations" ("version" character varying(255) NOT NULL) 
+   (7.3ms)  CREATE UNIQUE INDEX  "unique_schema_migrations" ON "schema_migrations"  ("version")
+   (0.5ms)  SELECT version FROM "schema_migrations"
+   (2.4ms)  INSERT INTO "schema_migrations" (version) VALUES ('20141008172001')
+   (2.6ms)  INSERT INTO "schema_migrations" (version) VALUES ('20141003180140')
+   (205.3ms)  DROP DATABASE IF EXISTS "dce_lti_dummy_test"
+   (229.4ms)  CREATE DATABASE "dce_lti_dummy_test" ENCODING = 'utf8'
+  SQL (0.2ms)  CREATE EXTENSION IF NOT EXISTS "plpgsql"
+   (16.2ms)  CREATE TABLE "dce_lti_nonces" ("id" serial primary key, "nonce" character varying(255), "created_at" timestamp, "updated_at" timestamp) 
+   (4.8ms)  CREATE UNIQUE INDEX  "index_dce_lti_nonces_on_nonce" ON "dce_lti_nonces" USING btree ("nonce")
+   (7.7ms)  CREATE TABLE "dce_lti_users" ("id" serial primary key, "lti_user_id" character varying(255), "lis_person_contact_email_primary" character varying(255), "lis_person_name_family" character varying(255), "lis_person_name_full" character varying(255), "lis_person_name_given" character varying(255), "lis_person_sourcedid" character varying(255), "user_image" character varying(255), "roles" character varying(255)[] DEFAULT '{}', "created_at" timestamp, "updated_at" timestamp) 
+   (1.3ms)  CREATE TABLE "schema_migrations" ("version" character varying(255) NOT NULL) 
+   (3.3ms)  CREATE UNIQUE INDEX  "unique_schema_migrations" ON "schema_migrations"  ("version")
+   (0.3ms)  SELECT version FROM "schema_migrations"
+   (1.0ms)  INSERT INTO "schema_migrations" (version) VALUES ('20141008172001')
+   (1.0ms)  INSERT INTO "schema_migrations" (version) VALUES ('20141003180140')
+   (107.1ms)  DROP DATABASE IF EXISTS "dce_lti_dummy_test"
+   (329.4ms)  CREATE DATABASE "dce_lti_dummy_test" ENCODING = 'utf8'
+  SQL (0.2ms)  CREATE EXTENSION IF NOT EXISTS "plpgsql"
+   (15.0ms)  CREATE TABLE "dce_lti_nonces" ("id" serial primary key, "nonce" character varying(255), "created_at" timestamp, "updated_at" timestamp) 
+   (7.1ms)  CREATE UNIQUE INDEX  "index_dce_lti_nonces_on_nonce" ON "dce_lti_nonces" USING btree ("nonce")
+   (15.3ms)  CREATE TABLE "dce_lti_users" ("id" serial primary key, "lti_user_id" character varying(255), "lis_person_contact_email_primary" character varying(255), "lis_person_name_family" character varying(255), "lis_person_name_full" character varying(255), "lis_person_name_given" character varying(255), "lis_person_sourcedid" character varying(255), "user_image" character varying(255), "roles" character varying(255)[] DEFAULT '{}', "created_at" timestamp, "updated_at" timestamp) 
+   (2.6ms)  CREATE TABLE "schema_migrations" ("version" character varying(255) NOT NULL) 
+   (7.6ms)  CREATE UNIQUE INDEX  "unique_schema_migrations" ON "schema_migrations"  ("version")
+   (0.3ms)  SELECT version FROM "schema_migrations"
+   (2.6ms)  INSERT INTO "schema_migrations" (version) VALUES ('20141008172001')
+   (2.3ms)  INSERT INTO "schema_migrations" (version) VALUES ('20141003180140')
+   (106.1ms)  DROP DATABASE IF EXISTS "dce_lti_dummy_test"
+   (233.4ms)  CREATE DATABASE "dce_lti_dummy_test" ENCODING = 'utf8'
+  SQL (0.4ms)  CREATE EXTENSION IF NOT EXISTS "plpgsql"
+   (10.2ms)  CREATE TABLE "dce_lti_nonces" ("id" serial primary key, "nonce" character varying(255), "created_at" timestamp, "updated_at" timestamp) 
+   (7.4ms)  CREATE UNIQUE INDEX  "index_dce_lti_nonces_on_nonce" ON "dce_lti_nonces" USING btree ("nonce")
+   (15.2ms)  CREATE TABLE "dce_lti_users" ("id" serial primary key, "lti_user_id" character varying(255), "lis_person_contact_email_primary" character varying(255), "lis_person_name_family" character varying(255), "lis_person_name_full" character varying(255), "lis_person_name_given" character varying(255), "lis_person_sourcedid" character varying(255), "user_image" character varying(255), "roles" character varying(255)[] DEFAULT '{}', "created_at" timestamp, "updated_at" timestamp) 
+   (2.6ms)  CREATE TABLE "schema_migrations" ("version" character varying(255) NOT NULL) 
+   (6.8ms)  CREATE UNIQUE INDEX  "unique_schema_migrations" ON "schema_migrations"  ("version")
+   (0.2ms)  SELECT version FROM "schema_migrations"
+   (2.1ms)  INSERT INTO "schema_migrations" (version) VALUES ('20141008172001')
+   (2.1ms)  INSERT INTO "schema_migrations" (version) VALUES ('20141003180140')