gds-sso 4.0.0 → 5.0.0

data/README.md

@@ -39,13 +39,15 @@ It should have the following fields:
     string   "email"
     string   "uid"
     array    "permissions"
+    array    "organisations"
     boolean  "remotely_signed_out", :default => false
 
 You also need to include `GDS::SSO::ControllerMethods` in your ApplicationController
 
-For ActiveRecord, you probably want to declare permissions as "serialized" like this:
+For ActiveRecord, you probably want to declare permissions and organisations as "serialized" like this:
 
     serialize :permissions, Array
+    serialize :organisations, Array
 
 
 ## Use in development mode

data/app/controllers/api/user_controller.rb

@@ -31,7 +31,10 @@ class Api::UserController < ApplicationController
             email: user_json['email']
           },
           extra: {
-            user: { permissions: user_json['permissions'] }
+            user: {
+              permissions: user_json['permissions'],
+              organisations: user_json['organisations'],
+            }
           })
     end
 

data/lib/gds-sso/user.rb

@@ -4,7 +4,7 @@ module GDS
   module SSO
     module User
       def included(base)
-        attr_accessible :uid, :email, :name, :permissions, as: :oauth
+        attr_accessible :uid, :email, :name, :permissions, :organisations, as: :oauth
       end
 
       def has_permission?(permission)
@@ -15,10 +15,11 @@ module GDS
 
       def self.user_params_from_auth_hash(auth_hash)
         {
-          'uid'         => auth_hash['uid'],
-          'email'       => auth_hash['info']['email'],
-          'name'        => auth_hash['info']['name'],
-          'permissions' => auth_hash['extra']['user']['permissions']
+          'uid'           => auth_hash['uid'],
+          'email'         => auth_hash['info']['email'],
+          'name'          => auth_hash['info']['name'],
+          'permissions'   => auth_hash['extra']['user']['permissions'],
+          'organisations' => auth_hash['extra']['user']['organisations'],
         }
       end
 

data/lib/gds-sso/version.rb

@@ -1,5 +1,5 @@
 module GDS
   module SSO
-    VERSION = "4.0.0"
+    VERSION = "5.0.0"
   end
 end

data/lib/gds-sso/warden_config.rb

@@ -109,7 +109,8 @@ Warden::Strategies.add(:gds_bearer_token) do
       },
       'extra' => {
         'user' => {
-          'permissions' => input['permissions']
+          'permissions' => input['permissions'],
+          'organisations' => input['organisations'],
         }
       }
     }

data/spec/controller/api_user_controller_spec.rb

@@ -2,11 +2,12 @@ require "spec_helper"
 
 def user_update_json
   {
-    "user" => { 
-      "uid" => @user_to_update.uid, 
-      "name" => "Joshua Marshall", 
-      "email" => "user@domain.com", 
-      "permissions" => ["signin", "new permission"]
+    "user" => {
+      "uid" => @user_to_update.uid,
+      "name" => "Joshua Marshall",
+      "email" => "user@domain.com",
+      "permissions" => ["signin", "new permission"],
+      "organisations" => ["justice-league"]
     }
   }.to_json
 end
@@ -14,11 +15,11 @@ end
 describe Api::UserController, type: :controller do
 
   before :each do
-    @user_to_update = User.create!({ 
-        :uid => "a1s2d3#{rand(10000)}", 
+    @user_to_update = User.create!({
+        :uid => "a1s2d3#{rand(10000)}",
         :email => "old@domain.com",
-        :name => "Moshua Jarshall", 
-        :permissions => ["signin"] }, 
+        :name => "Moshua Jarshall",
+        :permissions => ["signin"] },
         as: :oauth)
 
     @signon_sso_push_user = User.create!({
@@ -31,16 +32,16 @@ describe Api::UserController, type: :controller do
 
   describe "PUT update" do
     it "should deny access to anybody but the API user (or a user with 'user_update_permission')" do
-      malicious_user = User.new({ 
-          :uid => '2', 
-          :name => "User", 
+      malicious_user = User.new({
+          :uid => '2',
+          :name => "User",
           :permissions =>["signin"] })
 
       request.env['warden'] = stub("stub warden", :authenticate! => true, authenticated?: true, user: malicious_user)
 
       request.env['RAW_POST_DATA'] = user_update_json
       put :update, uid: @user_to_update.uid
-      
+
       assert_equal 403, response.status
     end
 
@@ -59,20 +60,22 @@ describe Api::UserController, type: :controller do
       assert_equal "user@domain.com", @user_to_update.email
       expected_permissions = ["signin", "new permission"]
       assert_equal expected_permissions, @user_to_update.permissions
+      expected_organisations = ["justice-league"]
+      assert_equal expected_organisations, @user_to_update.organisations
     end
   end
 
   describe "POST reauth" do
     it "should deny access to anybody but the API user (or a user with 'user_update_permission')" do
-      malicious_user = User.new({ 
-          :uid => '2', 
-          :name => "User", 
+      malicious_user = User.new({
+          :uid => '2',
+          :name => "User",
           :permissions => ["signin"] })
 
       request.env['warden'] = stub("stub warden", :authenticate! => true, authenticated?: true, user: malicious_user)
 
       post :reauth, uid: @user_to_update.uid
-      
+
       assert_equal 403, response.status
     end
 

data/spec/fixtures/integration/authorize_api_users.sql

@@ -1,4 +1,4 @@
 DELETE FROM `oauth_access_tokens`;
 
-INSERT INTO oauth_access_tokens VALUES 
+INSERT INTO oauth_access_tokens VALUES
   (NULL, 1, 1, 'caaeb53be5c7277fb0ef158181bfd1537b57f9e3b83eb795be3cd0af6e118b28', '1bc343797483954d7306d67e96687feccdfdaa8b23ed662ae23e2b03e6661d16', 307584000, NULL, '2012-06-27 13:57:47', NULL);

data/spec/internal/app/models/user.rb

@@ -2,6 +2,7 @@ class User < ActiveRecord::Base
   include GDS::SSO::User
 
   serialize :permissions, Array
+  serialize :organisations, Array
 
-  attr_accessible :uid, :email, :name, :permissions, as: :oauth
+  attr_accessible :uid, :email, :name, :permissions, :organisations, as: :oauth
 end

data/spec/internal/db/schema.rb

@@ -5,5 +5,6 @@ ActiveRecord::Schema.define do
     t.string "email",       :null => false
     t.boolean "remotely_signed_out"
     t.text   "permissions"
+    t.text   "organisations"
   end
 end

data/spec/internal/log/test.log

@@ -4985,3 +4985,821 @@ Authenticating with gds_bearer_token strategy
 ' WHERE "users"."id" = 11
    (4.3ms)  commit transaction
 Completed 200 OK in 46.0ms (Views: 0.3ms | ActiveRecord: 10.4ms)
+Connecting to database specified by database.yml
+   (0.7ms)  select sqlite_version(*)
+   (7.3ms)  DROP TABLE "users"
+   (3.8ms)  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text, "organisations" text) 
+   (0.1ms)  begin transaction
+  SQL (2.0ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisations", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34089"]]
+   (3.0ms)  commit transaction
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisations", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3996"]]
+   (2.8ms)  commit transaction
+WARNING: Can't mass-assign protected attributes: uid, name, permissions
+Processing by Api::UserController#update as HTML
+  Parameters: {"uid"=>"a1s2d34089"}
+  Rendered /home/jenkins/workspace/govuk_gds_sso/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (0.8ms)
+Completed 403 Forbidden in 6.4ms (Views: 5.8ms | ActiveRecord: 0.0ms)
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisations", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39189"]]
+   (3.0ms)  commit transaction
+   (0.0ms)  begin transaction
+  SQL (0.1ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisations", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d38102"]]
+   (3.2ms)  commit transaction
+Processing by Api::UserController#update as HTML
+  Parameters: {"uid"=>"a1s2d39189"}
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d39189' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '---
+- signin
+- new permission
+', "organisations" = '---
+- justice-league
+' WHERE "users"."id" = 3
+   (3.0ms)  commit transaction
+Completed 200 OK in 12.6ms (ActiveRecord: 3.4ms)
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 3]]
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisations", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34195"]]
+   (2.8ms)  commit transaction
+   (0.0ms)  begin transaction
+  SQL (0.1ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisations", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d38635"]]
+   (3.0ms)  commit transaction
+WARNING: Can't mass-assign protected attributes: uid, name, permissions
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"a1s2d34195"}
+Completed 403 Forbidden in 1.6ms (Views: 0.9ms | ActiveRecord: 0.0ms)
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisations", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d33699"]]
+   (2.8ms)  commit transaction
+   (0.0ms)  begin transaction
+  SQL (0.1ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisations", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d37674"]]
+   (2.7ms)  commit transaction
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"nonexistent-user"}
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'nonexistent-user' LIMIT 1
+Completed 200 OK in 1.0ms (ActiveRecord: 0.2ms)
+   (0.0ms)  begin transaction
+  SQL (0.1ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisations", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d36180"]]
+   (3.7ms)  commit transaction
+   (0.0ms)  begin transaction
+  SQL (0.1ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisations", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d38910"]]
+   (3.4ms)  commit transaction
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"a1s2d36180"}
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d36180' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 9
+   (3.7ms)  commit transaction
+Completed 200 OK in 7.5ms (ActiveRecord: 4.0ms)
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 9]]
+Started GET "/" for 127.0.0.1 at 2013-10-31 15:52:11 +0000
+Processing by ExampleController#index as HTML
+Completed 200 OK in 1.7ms (Views: 1.3ms | ActiveRecord: 0.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 15:52:11 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 2.4ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 15:52:11 +0000
+Started GET "/auth/gds/callback?code=a209758b79b2131c0535bbe675b198c8fd90e757f8ea1aa1fc2ef9a5c9492c42&state=f39e66d83a224e841bd76b3048d88c825252c1c49b43c54f" for 127.0.0.1 at 2013-10-31 15:52:11 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"a209758b79b2131c0535bbe675b198c8fd90e757f8ea1aa1fc2ef9a5c9492c42", "state"=>"f39e66d83a224e841bd76b3048d88c825252c1c49b43c54f"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "test@example-client.com"], ["name", "Test User"], ["organisations", "--- []\n"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "integration-uid"]]
+   (14.5ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.2ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 26.2ms (ActiveRecord: 18.3ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 15:52:12 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.1ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 15:52:12 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 15:52:12 +0000
+Started GET "/auth/gds/callback?code=1028b92ea395dff6aecc194accfbb8e7c7599a8b1bce4b74d6019ad0fc343693&state=a118ebbe209e944731bf4124ea8e8a8ed80f52cb61f3dc53" for 127.0.0.1 at 2013-10-31 15:52:12 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"1028b92ea395dff6aecc194accfbb8e7c7599a8b1bce4b74d6019ad0fc343693", "state"=>"a118ebbe209e944731bf4124ea8e8a8ed80f52cb61f3dc53"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (4.4ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.2ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 19.2ms (ActiveRecord: 8.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 15:52:12 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.1ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 15:52:12 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 15:52:12 +0000
+Started GET "/auth/gds/callback?code=ff4e4137830a9245bac2bbba3045b0be54ffea458b5a0fd8e71a92626d6a3657&state=d109ba6dc85e36cf4b9a4957cd2cce84e9876d98af184050" for 127.0.0.1 at 2013-10-31 15:52:12 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"ff4e4137830a9245bac2bbba3045b0be54ffea458b5a0fd8e71a92626d6a3657", "state"=>"d109ba6dc85e36cf4b9a4957cd2cce84e9876d98af184050"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.5ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.4ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 19.1ms (ActiveRecord: 7.5ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 15:52:12 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.0ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 15:52:12 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.6ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 15:52:12 +0000
+Started GET "/auth/gds/callback?code=4097cfc5e079a307cff1068e2c9c9b985e0dde863fdfba7060b6c71148db931e&state=87c4a1caf35e3f4fe138c9b9e2ef6a33a292bcec944eac32" for 127.0.0.1 at 2013-10-31 15:52:13 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"4097cfc5e079a307cff1068e2c9c9b985e0dde863fdfba7060b6c71148db931e", "state"=>"87c4a1caf35e3f4fe138c9b9e2ef6a33a292bcec944eac32"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (5.3ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (4.6ms)  commit transaction
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 20.8ms (ActiveRecord: 10.4ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 15:52:13 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2.6ms (Views: 0.3ms | ActiveRecord: 0.2ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 15:52:13 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.1ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 15:52:13 +0000
+Started GET "/auth/gds/callback?code=14e859e39d2c67a5be17c5c1ee89321ab092b27cf7911f1bc5142f82e01149d1&state=3ff33fc028a77951a4b72999c3a5e8ba2241737882b6423f" for 127.0.0.1 at 2013-10-31 15:52:13 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"14e859e39d2c67a5be17c5c1ee89321ab092b27cf7911f1bc5142f82e01149d1", "state"=>"3ff33fc028a77951a4b72999c3a5e8ba2241737882b6423f"}
+Authenticating with gds_sso strategy
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (4.1ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.0ms)  commit transaction
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 17.6ms (ActiveRecord: 7.6ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 15:52:13 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2.6ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 15:52:13 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 15:52:13 +0000
+Started GET "/auth/gds/callback?code=21ef03551b75ba90b1cfd4bd5ae6ed3098ca7d17e3dcabb0d21198c5bf8584ec&state=e9cc1fee3b65e3fe62ab4b3dcd858471f2d2953952950d02" for 127.0.0.1 at 2013-10-31 15:52:13 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"21ef03551b75ba90b1cfd4bd5ae6ed3098ca7d17e3dcabb0d21198c5bf8584ec", "state"=>"e9cc1fee3b65e3fe62ab4b3dcd858471f2d2953952950d02"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.2ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (2.6ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 16.9ms (ActiveRecord: 6.4ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 15:52:13 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.1ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (2.5ms)  commit transaction
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 15:52:13 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Filter chain halted as :authenticate_user! rendered or redirected
+Completed 403 Forbidden in 2.6ms (Views: 1.8ms | ActiveRecord: 0.1ms)
+Started GET "/auth/gds/sign_out" for 127.0.0.1 at 2013-10-31 15:52:13 +0000
+Processing by AuthenticationsController#sign_out as HTML
+Redirected to http://localhost:4567/users/sign_out
+Completed 302 Found in 0.5ms (ActiveRecord: 0.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 15:52:13 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 15:52:13 +0000
+Started GET "/auth/gds/callback?code=5e511bbb58db010f8af8e4d7916fe3d3540b5c30cda091aba51fbc44c34c83c4&state=b067cda03e319707b0077f8543dd2e96c798e811eb2506ba" for 127.0.0.1 at 2013-10-31 15:52:14 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"5e511bbb58db010f8af8e4d7916fe3d3540b5c30cda091aba51fbc44c34c83c4", "state"=>"b067cda03e319707b0077f8543dd2e96c798e811eb2506ba"}
+Authenticating with gds_sso strategy
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.8ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (2.7ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 17.3ms (ActiveRecord: 7.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 15:52:14 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.0ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 15:52:14 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 15:52:14 +0000
+Started GET "/auth/gds/callback?code=d96b93f617e14e7f85e4df191893281fa21fbc3e4f997fc90b2d49d1108ed8f4&state=14d89b1d0a69b1a520733569d6b2eccb4c1a65661ee8159c" for 127.0.0.1 at 2013-10-31 15:52:14 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"d96b93f617e14e7f85e4df191893281fa21fbc3e4f997fc90b2d49d1108ed8f4", "state"=>"14d89b1d0a69b1a520733569d6b2eccb4c1a65661ee8159c"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.8ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (2.8ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 18.0ms (ActiveRecord: 7.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 15:52:14 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.2ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-11-01 11:57:14 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-11-01 11:57:14 +0000
+Started GET "/auth/gds/callback?code=536f958d99bc9df1cbb702a01aa39a7e98c3e681234e688b8a9bd5375f0d0b44&state=583ae1df19a5df870720b123cfbe98f59a032b2704abcfda" for 127.0.0.1 at 2013-11-01 11:57:14 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"536f958d99bc9df1cbb702a01aa39a7e98c3e681234e688b8a9bd5375f0d0b44", "state"=>"583ae1df19a5df870720b123cfbe98f59a032b2704abcfda"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.9ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (2.8ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 17.1ms (ActiveRecord: 7.3ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-11-01 11:57:14 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.0ms (Views: 0.2ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 15:52:14 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 15:52:14 +0000
+Started GET "/auth/gds/callback?code=46612155324ea49e413f4d9a6cd7a669e947939b6e12aadddc1e7a3ba6a322b1&state=f9197ac3f652449ae8dbb58fbcc8cbcae63e80ee44934d26" for 127.0.0.1 at 2013-10-31 15:52:14 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"46612155324ea49e413f4d9a6cd7a669e947939b6e12aadddc1e7a3ba6a322b1", "state"=>"f9197ac3f652449ae8dbb58fbcc8cbcae63e80ee44934d26"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.8ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.2ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 18.3ms (ActiveRecord: 7.6ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 15:52:14 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.1ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-11-01 11:47:14 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 0.9ms (Views: 0.2ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 15:52:14 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_bearer_token strategy
+Completed   in 6.7ms
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 15:52:15 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_bearer_token strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.5ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (2.8ms)  commit transaction
+Completed 200 OK in 38.6ms (Views: 0.2ms | ActiveRecord: 6.9ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 15:52:15 +0000
+Processing by ExampleController#this_requires_signin_permission as JSON
+Authenticating with gds_bearer_token strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.5ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.2ms)  commit transaction
+Completed 200 OK in 42.7ms (Views: 0.2ms | ActiveRecord: 7.3ms)
+Connecting to database specified by database.yml
+   (0.8ms)  select sqlite_version(*)
+   (34.6ms)  DROP TABLE "users"
+   (6.4ms)  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text, "organisations" text) 
+   (0.1ms)  begin transaction
+  SQL (2.3ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisations", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d32344"]]
+   (4.0ms)  commit transaction
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisations", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d37414"]]
+   (3.8ms)  commit transaction
+WARNING: Can't mass-assign protected attributes: uid, name, permissions
+Processing by Api::UserController#update as HTML
+  Parameters: {"uid"=>"a1s2d32344"}
+  Rendered /home/jenkins/workspace/govuk_gds_sso/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (0.8ms)
+Completed 403 Forbidden in 6.6ms (Views: 5.9ms | ActiveRecord: 0.0ms)
+   (0.1ms)  begin transaction
+  SQL (0.5ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisations", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d35734"]]
+   (3.9ms)  commit transaction
+   (0.0ms)  begin transaction
+  SQL (0.1ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisations", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39966"]]
+   (3.7ms)  commit transaction
+Processing by Api::UserController#update as HTML
+  Parameters: {"uid"=>"a1s2d35734"}
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d35734' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '---
+- signin
+- new permission
+', "organisations" = '---
+- justice-league
+' WHERE "users"."id" = 3
+   (4.0ms)  commit transaction
+Completed 200 OK in 14.1ms (ActiveRecord: 4.4ms)
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 3]]
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisations", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d38691"]]
+   (3.8ms)  commit transaction
+   (0.0ms)  begin transaction
+  SQL (0.1ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisations", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d33567"]]
+   (3.7ms)  commit transaction
+WARNING: Can't mass-assign protected attributes: uid, name, permissions
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"a1s2d38691"}
+Completed 403 Forbidden in 1.7ms (Views: 1.0ms | ActiveRecord: 0.0ms)
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisations", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d35881"]]
+   (4.4ms)  commit transaction
+   (0.0ms)  begin transaction
+  SQL (0.1ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisations", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34835"]]
+   (40.2ms)  commit transaction
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"nonexistent-user"}
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'nonexistent-user' LIMIT 1
+Completed 200 OK in 1.0ms (ActiveRecord: 0.2ms)
+   (0.0ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisations", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d31514"]]
+   (3.0ms)  commit transaction
+   (0.0ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisations", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d36094"]]
+   (3.0ms)  commit transaction
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"a1s2d31514"}
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d31514' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 9
+   (3.6ms)  commit transaction
+Completed 200 OK in 7.8ms (ActiveRecord: 3.9ms)
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 9]]
+Started GET "/" for 127.0.0.1 at 2013-10-31 16:05:28 +0000
+Processing by ExampleController#index as HTML
+Completed 200 OK in 1.8ms (Views: 1.5ms | ActiveRecord: 0.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 16:05:28 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 2.6ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 16:05:28 +0000
+Started GET "/auth/gds/callback?code=1c62032084b8244625c9ec530b1aee653c634dc2f93c341ee87ac89df7733c44&state=66f8aae2e04b3847d6552c7d0cc1f4102ba247ab8b0d25a7" for 127.0.0.1 at 2013-10-31 16:05:29 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"1c62032084b8244625c9ec530b1aee653c634dc2f93c341ee87ac89df7733c44", "state"=>"66f8aae2e04b3847d6552c7d0cc1f4102ba247ab8b0d25a7"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisations", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "test@example-client.com"], ["name", "Test User"], ["organisations", "--- []\n"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "integration-uid"]]
+   (4.5ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.2ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 16.4ms (ActiveRecord: 8.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 16:05:29 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.2ms (Views: 0.4ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 16:05:29 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 16:05:29 +0000
+Started GET "/auth/gds/callback?code=cb6515bf10f5eac28bae082284da1f22cf2017283e2dcf9f2b62bc7710970e9d&state=b7e6782b2faa7baf1b78a918aa32df707bee280235690ffe" for 127.0.0.1 at 2013-10-31 16:05:29 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"cb6515bf10f5eac28bae082284da1f22cf2017283e2dcf9f2b62bc7710970e9d", "state"=>"b7e6782b2faa7baf1b78a918aa32df707bee280235690ffe"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (5.2ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.7ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 21.1ms (ActiveRecord: 9.5ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 16:05:29 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.2ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 16:05:29 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 16:05:29 +0000
+Started GET "/auth/gds/callback?code=e69eebf06bec82b8e4ad23e317973cce3be18d350988f2a127e6f10a0c671a95&state=9c0e6c19f456fb7360a20416ca42a53f28cbddd6c3fa9a48" for 127.0.0.1 at 2013-10-31 16:05:29 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"e69eebf06bec82b8e4ad23e317973cce3be18d350988f2a127e6f10a0c671a95", "state"=>"9c0e6c19f456fb7360a20416ca42a53f28cbddd6c3fa9a48"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (5.3ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (4.3ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 20.6ms (ActiveRecord: 10.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 16:05:29 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.1ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 16:05:30 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.8ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 16:05:30 +0000
+Started GET "/auth/gds/callback?code=b1e31468ecb01c7481fa0018933c9590a0a5f434962063289e3a96d89ba4d40c&state=a9faa44665e6a90b81f50b598dfb4e9d26cfa777dbd54f00" for 127.0.0.1 at 2013-10-31 16:05:30 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"b1e31468ecb01c7481fa0018933c9590a0a5f434962063289e3a96d89ba4d40c", "state"=>"a9faa44665e6a90b81f50b598dfb4e9d26cfa777dbd54f00"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (5.1ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (4.0ms)  commit transaction
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 21.3ms (ActiveRecord: 9.8ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 16:05:30 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 3.1ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 16:05:30 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 16:05:30 +0000
+Started GET "/auth/gds/callback?code=386e52c1e23c30e200df0b16597864710bb1d1c7c060d59ada2fcc0069ed4ce5&state=7a790232602701f44962d30f2b396a1aadedab8921ec7ec0" for 127.0.0.1 at 2013-10-31 16:05:30 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"386e52c1e23c30e200df0b16597864710bb1d1c7c060d59ada2fcc0069ed4ce5", "state"=>"7a790232602701f44962d30f2b396a1aadedab8921ec7ec0"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (5.7ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (4.0ms)  commit transaction
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 21.0ms (ActiveRecord: 10.4ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 16:05:30 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2.7ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 16:05:30 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 16:05:30 +0000
+Started GET "/auth/gds/callback?code=70beb55f70ac04ac21ef4a183418280ea46056270b3cd041ae86e186695a62e8&state=544b67a14f017575c36f5861e8cb8c6c17967ae57c76ce43" for 127.0.0.1 at 2013-10-31 16:05:30 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"70beb55f70ac04ac21ef4a183418280ea46056270b3cd041ae86e186695a62e8", "state"=>"544b67a14f017575c36f5861e8cb8c6c17967ae57c76ce43"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (6.6ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.7ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 23.0ms (ActiveRecord: 11.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 16:05:30 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.2ms (Views: 0.4ms | ActiveRecord: 0.1ms)
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (4.4ms)  commit transaction
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 16:05:31 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Filter chain halted as :authenticate_user! rendered or redirected
+Completed 403 Forbidden in 3.0ms (Views: 2.0ms | ActiveRecord: 0.1ms)
+Started GET "/auth/gds/sign_out" for 127.0.0.1 at 2013-10-31 16:05:31 +0000
+Processing by AuthenticationsController#sign_out as HTML
+Redirected to http://localhost:4567/users/sign_out
+Completed 302 Found in 0.5ms (ActiveRecord: 0.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 16:05:31 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 16:05:31 +0000
+Started GET "/auth/gds/callback?code=382f4ac231619f9e60e8b34fc08c6504a1a3aa49c4d7bb5c36ec7f079b4b721b&state=9c230d76cfd2c9f60c7e1f9f6683a58b1b6062b4810709f2" for 127.0.0.1 at 2013-10-31 16:05:31 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"382f4ac231619f9e60e8b34fc08c6504a1a3aa49c4d7bb5c36ec7f079b4b721b", "state"=>"9c230d76cfd2c9f60c7e1f9f6683a58b1b6062b4810709f2"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (7.1ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (4.8ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 23.5ms (ActiveRecord: 12.5ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 16:05:31 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.1ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 16:05:31 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 16:05:31 +0000
+Started GET "/auth/gds/callback?code=56db0a87c01b2eb44cbe03164eb62d25356b7274ece2816a2a469bb4e2eeee5a&state=b16d66bc2f497c0a4a7201f8b060079d83c99af8968ff2c8" for 127.0.0.1 at 2013-10-31 16:05:31 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"56db0a87c01b2eb44cbe03164eb62d25356b7274ece2816a2a469bb4e2eeee5a", "state"=>"b16d66bc2f497c0a4a7201f8b060079d83c99af8968ff2c8"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (8.2ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (6.3ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 27.3ms (ActiveRecord: 15.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 16:05:31 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.3ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-11-01 12:10:31 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-11-01 12:10:31 +0000
+Started GET "/auth/gds/callback?code=c3cd0659f1d34682397627d1fdc06626355edcaca5268e7c7ce847f1ae021f6d&state=fda5e234204b0eec844bf791e4a8921926fce92207ac63a6" for 127.0.0.1 at 2013-11-01 12:10:31 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"c3cd0659f1d34682397627d1fdc06626355edcaca5268e7c7ce847f1ae021f6d", "state"=>"fda5e234204b0eec844bf791e4a8921926fce92207ac63a6"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (9.1ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (5.0ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 25.5ms (ActiveRecord: 14.8ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-11-01 12:10:31 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.2ms (Views: 0.2ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 16:05:31 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 16:05:31 +0000
+Started GET "/auth/gds/callback?code=09e4b9e898446807d3195e8f82fd447462fb5063f76cf8c534f27b9d246a4626&state=c54b2f84c9a7feeeb51261860ef10a5c89357c3e616d735f" for 127.0.0.1 at 2013-10-31 16:05:32 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"09e4b9e898446807d3195e8f82fd447462fb5063f76cf8c534f27b9d246a4626", "state"=>"c54b2f84c9a7feeeb51261860ef10a5c89357c3e616d735f"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (4.3ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.2ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 19.8ms (ActiveRecord: 8.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 16:05:32 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.3ms (Views: 0.3ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-11-01 12:00:32 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.0ms (Views: 0.2ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 16:05:32 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_bearer_token strategy
+Completed   in 7.3ms
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 16:05:32 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_bearer_token strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (5.5ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.4ms)  commit transaction
+Completed 200 OK in 45.5ms (Views: 0.3ms | ActiveRecord: 9.8ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 16:05:32 +0000
+Processing by ExampleController#this_requires_signin_permission as JSON
+Authenticating with gds_bearer_token strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (11.3ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+', "organisations" = '--- []
+' WHERE "users"."id" = 11
+   (3.2ms)  commit transaction
+Completed 200 OK in 52.9ms (Views: 0.2ms | ActiveRecord: 15.2ms)

data/test/user_test.rb

@@ -8,12 +8,12 @@ class TestUser < Test::Unit::TestCase
       'uid' => 'abcde',
       'credentials' => {'token' => 'abcdefg', 'secret' => 'abcdefg'},
       'info' => {'name' => 'Matt Patterson', 'email' => 'matt@alphagov.co.uk'},
-      'extra' => {'user' => {'permissions' => []}}
+      'extra' => {'user' => {'permissions' => [], 'organisations' => []}}
     }
   end
 
   def test_user_params_creation
-    expected = {'uid' => 'abcde', 'name' => 'Matt Patterson', 'email' => 'matt@alphagov.co.uk', "permissions" => []}
+    expected = {'uid' => 'abcde', 'name' => 'Matt Patterson', 'email' => 'matt@alphagov.co.uk', "permissions" => [], "organisations" => []}
     assert_equal expected, GDS::SSO::User.user_params_from_auth_hash(@auth_hash)
   end
-end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gds-sso
 version: !ruby/object:Gem::Version
-  version: 4.0.0
+  version: 5.0.0
   prerelease: 
 platform: ruby
 authors:
@@ -49,17 +49,17 @@ dependencies:
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ~>
+    - - ! '>='
       - !ruby/object:Gem::Version
-        version: 0.0.3
+        version: 1.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ~>
+    - - ! '>='
       - !ruby/object:Gem::Version
-        version: 0.0.3
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: rack-accept
   requirement: !ruby/object:Gem::Requirement
@@ -315,7 +315,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3519837502807078883
+      hash: -2714081135888151855
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -324,7 +324,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3519837502807078883
+      hash: -2714081135888151855
 requirements: []
 rubyforge_project: gds-sso
 rubygems_version: 1.8.23