gds-sso 9.1.2 → 9.2.0

data/app/controllers/authentications_controller.rb

@@ -14,9 +14,7 @@ class AuthenticationsController < ActionController::Base
   end
 
   def sign_out
-    cookie_key = Rails.application.config.session_options[:key]
-    cookies.delete(cookie_key)
-    reset_session
+    logout
     redirect_to GDS::SSO::Config.oauth_root_url + "/users/sign_out"
   end
 end

data/lib/gds-sso/controller_methods.rb

@@ -26,16 +26,10 @@ module GDS
       def require_signin_permission!
         authorise_user!('signin')
       rescue PermissionDeniedException
-        skip_slimmer
         render "authorisations/cant_signin", layout: "unauthorised", status: :forbidden
       end
 
       def authenticate_user!
-        if user_remotely_signed_out?
-          message = "You have been remotely signed out."
-          skip_slimmer
-          render "authorisations/unauthorised", layout: "unauthorised", status: :forbidden, locals: { message: message }
-        end
         warden.authenticate!
       end
 
@@ -51,18 +45,13 @@ module GDS
         warden.user if user_signed_in?
       end
 
-      def log_out
-        warden.log_out
+      def logout
+        warden.logout
       end
 
       def warden
         request.env['warden']
       end
-
-      def skip_slimmer
-        # If slimmer used, without this you would see a generic 400 error page
-        headers["X-Slimmer-Skip"] = "1"
-      end
     end
   end
 end

data/lib/gds-sso/version.rb

@@ -1,5 +1,5 @@
 module GDS
   module SSO
-    VERSION = "9.1.2"
+    VERSION = "9.2.0"
   end
 end

data/lib/gds-sso/warden_config.rb

@@ -27,7 +27,7 @@ Warden::Manager.serialize_from_session do |tuple|
   # This will reject old sessions that don't have an auth_set time
   uid, auth_set = tuple
   if auth_set and (auth_set + GDS::SSO::Config.auth_valid_for) > Time.now.utc
-    GDS::SSO::Config.user_klass.where(:uid => uid).first
+    GDS::SSO::Config.user_klass.where(:uid => uid, :remotely_signed_out => false).first
   else
     nil
   end

data/spec/internal/log/test.log

@@ -1,215 +1,215 @@
 Connecting to database specified by database.yml
-   (1.9ms)  select sqlite_version(*)
-   (15.8ms)  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text, "organisation_slug" varchar(255)) 
-   (8.5ms)  CREATE TABLE "schema_migrations" ("version" varchar(255) NOT NULL) 
-   (9.1ms)  CREATE UNIQUE INDEX "unique_schema_migrations" ON "schema_migrations" ("version")
+   (1.8ms)  select sqlite_version(*)
+   (16.3ms)  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text, "organisation_slug" varchar(255)) 
+   (8.2ms)  CREATE TABLE "schema_migrations" ("version" varchar(255) NOT NULL) 
+   (16.6ms)  CREATE UNIQUE INDEX "unique_schema_migrations" ON "schema_migrations" ("version")
    (0.1ms)  begin transaction
-  SQL (4.1ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d35619"]]
-   (27.5ms)  commit transaction
+  SQL (4.0ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d32532"]]
+   (6.1ms)  commit transaction
    (0.1ms)  begin transaction
-  SQL (0.4ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d31827"]]
-   (22.6ms)  commit transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3753"]]
+   (5.5ms)  commit transaction
 WARNING: Can't mass-assign protected attributes: uid, name, permissions
 Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d35619"}
-  Rendered /home/jenkins/workspace/govuk_gds_sso/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (3.0ms)
-Completed 403 Forbidden in 41.2ms (Views: 40.4ms | ActiveRecord: 0.0ms)
+  Parameters: {"uid"=>"a1s2d32532"}
+  Rendered /home/jenkins/workspace/govuk_gds_sso/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (3.3ms)
+Completed 403 Forbidden in 40.0ms (Views: 39.3ms | ActiveRecord: 0.0ms)
    (0.1ms)  begin transaction
-  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d31512"]]
-   (116.7ms)  commit transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d36815"]]
+   (5.6ms)  commit transaction
    (0.1ms)  begin transaction
-  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3419"]]
-   (75.0ms)  commit transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3282"]]
+   (6.5ms)  commit transaction
 Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d31512"}
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d31512' LIMIT 1
-   (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '---
+  Parameters: {"uid"=>"a1s2d36815"}
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d36815' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '---
 - signin
 - new permission
 ', "organisation_slug" = 'justice-league' WHERE "users"."id" = 3
-   (19.0ms)  commit transaction
-Completed 200 OK in 27.3ms (ActiveRecord: 19.5ms)
+   (5.8ms)  commit transaction
+Completed 200 OK in 14.7ms (ActiveRecord: 6.4ms)
   User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 3]]
    (0.1ms)  begin transaction
-  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34264"]]
-   (15.4ms)  commit transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39152"]]
+   (6.9ms)  commit transaction
    (0.1ms)  begin transaction
-  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d36264"]]
-   (20.8ms)  commit transaction
+  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34829"]]
+   (5.2ms)  commit transaction
 WARNING: Can't mass-assign protected attributes: uid, name, permissions
 Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d34264"}
-Completed 403 Forbidden in 1.8ms (Views: 1.1ms | ActiveRecord: 0.0ms)
+  Parameters: {"uid"=>"a1s2d39152"}
+Completed 403 Forbidden in 2.0ms (Views: 1.1ms | ActiveRecord: 0.0ms)
    (0.1ms)  begin transaction
-  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d37107"]]
-   (12.1ms)  commit transaction
+  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d36639"]]
+   (6.9ms)  commit transaction
    (0.1ms)  begin transaction
-  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39673"]]
-   (10.5ms)  commit transaction
+  SQL (0.1ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3925"]]
+   (6.0ms)  commit transaction
 Processing by Api::UserController#reauth as HTML
   Parameters: {"uid"=>"nonexistent-user"}
   User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'nonexistent-user' LIMIT 1
 Completed 200 OK in 1.2ms (ActiveRecord: 0.2ms)
    (0.1ms)  begin transaction
-  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3441"]]
-   (7.9ms)  commit transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d37344"]]
+   (7.1ms)  commit transaction
    (0.1ms)  begin transaction
-  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39814"]]
-   (7.5ms)  commit transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3518"]]
+   (14.4ms)  commit transaction
 Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d3441"}
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d3441' LIMIT 1
+  Parameters: {"uid"=>"a1s2d37344"}
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d37344' LIMIT 1
    (0.0ms)  begin transaction
    (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
 - signin
 ' WHERE "users"."id" = 9
-   (15.5ms)  commit transaction
-Completed 200 OK in 18.7ms (ActiveRecord: 15.9ms)
+   (5.2ms)  commit transaction
+Completed 200 OK in 8.5ms (ActiveRecord: 5.6ms)
   User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 9]]
-Started GET "/" for 127.0.0.1 at 2014-01-24 10:51:09 +0000
+Started GET "/" for 127.0.0.1 at 2014-01-28 12:06:18 +0000
 Processing by ExampleController#index as HTML
-Completed 200 OK in 3.9ms (Views: 3.5ms | ActiveRecord: 0.0ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-24 10:51:09 +0000
+Completed 200 OK in 5.7ms (Views: 5.1ms | ActiveRecord: 0.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-01-28 12:06:18 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 38.7ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-24 10:51:09 +0000
-Started GET "/auth/gds/callback?code=1448c6482e7d00a399db9cc2b0bb9f58f4f0f3168d1a5081cd9b233babfabc29&state=0f8d878fc97f9e9e0c0f1c50947b8897392c93567c9239a7" for 127.0.0.1 at 2014-01-24 10:51:10 +0000
+Completed   in 40.0ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-01-28 12:06:18 +0000
+Started GET "/auth/gds/callback?code=3e2d743d3ba5050a0ec491817483b429ce455460e46c0feb44a8cfea40894585&state=803302fbbbfeac9a63d3f39b21898d25ae6621bcf0a5d20b" for 127.0.0.1 at 2014-01-28 12:06:19 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"1448c6482e7d00a399db9cc2b0bb9f58f4f0f3168d1a5081cd9b233babfabc29", "state"=>"0f8d878fc97f9e9e0c0f1c50947b8897392c93567c9239a7"}
+  Parameters: {"code"=>"3e2d743d3ba5050a0ec491817483b429ce455460e46c0feb44a8cfea40894585", "state"=>"803302fbbbfeac9a63d3f39b21898d25ae6621bcf0a5d20b"}
 Authenticating with gds_sso strategy
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.1ms)  begin transaction
   SQL (0.2ms)  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "test@example-client.com"], ["name", "Test User"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "integration-uid"]]
-   (11.0ms)  commit transaction
+   (8.1ms)  commit transaction
    (0.1ms)  begin transaction
    (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (6.5ms)  commit transaction
+   (5.4ms)  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 24.0ms (ActiveRecord: 18.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-24 10:51:11 +0000
+Completed 302 Found in 21.2ms (ActiveRecord: 14.3ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-01-28 12:06:20 +0000
 Processing by ExampleController#restricted as HTML
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 1.5ms (Views: 0.4ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-24 10:51:11 +0000
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
+Completed 200 OK in 1.7ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-01-28 12:06:20 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-24 10:51:11 +0000
-Started GET "/auth/gds/callback?code=2cd307659413222e40d4100c14e7d7a883bc36d83f0d75e00d806c716163242d&state=a0515a53fe425603c4516cf5be28b2472d2a3ffc9195b925" for 127.0.0.1 at 2014-01-24 10:51:11 +0000
+Completed   in 0.4ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-01-28 12:06:20 +0000
+Started GET "/auth/gds/callback?code=364da35e04d83831df73e85766803a664cdc8948f25d2f533653c696ac3711c2&state=f293e8c8746094b476c3e355b0480eeb45491560a6a7df35" for 127.0.0.1 at 2014-01-28 12:06:20 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"2cd307659413222e40d4100c14e7d7a883bc36d83f0d75e00d806c716163242d", "state"=>"a0515a53fe425603c4516cf5be28b2472d2a3ffc9195b925"}
+  Parameters: {"code"=>"364da35e04d83831df73e85766803a664cdc8948f25d2f533653c696ac3711c2", "state"=>"f293e8c8746094b476c3e355b0480eeb45491560a6a7df35"}
 Authenticating with gds_sso strategy
   User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '---
+   (0.3ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (12.9ms)  commit transaction
+   (6.5ms)  commit transaction
    (0.1ms)  begin transaction
    (0.2ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (11.8ms)  commit transaction
+   (5.2ms)  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 31.2ms (ActiveRecord: 25.5ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-24 10:51:11 +0000
+Completed 302 Found in 20.0ms (ActiveRecord: 12.6ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-01-28 12:06:20 +0000
 Processing by ExampleController#restricted as HTML
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 1.5ms (Views: 0.4ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-24 10:51:11 +0000
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
+Completed 200 OK in 1.9ms (Views: 0.6ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-01-28 12:06:20 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-24 10:51:11 +0000
-Started GET "/auth/gds/callback?code=0240d1c07162225b87780e8716aee956fbefc260fb2fedc4a70c1a31c44ae0c3&state=8131b038d7fa677de899f266e9968adf48c14dfd03a40a59" for 127.0.0.1 at 2014-01-24 10:51:11 +0000
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-01-28 12:06:20 +0000
+Started GET "/auth/gds/callback?code=0440ce3f25261b2f866a1a0efb324ecdd7942d50971652eed62563657403fd32&state=21532586c76da89f1ca7654e8be398d089da392448e3a56b" for 127.0.0.1 at 2014-01-28 12:06:20 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"0240d1c07162225b87780e8716aee956fbefc260fb2fedc4a70c1a31c44ae0c3", "state"=>"8131b038d7fa677de899f266e9968adf48c14dfd03a40a59"}
+  Parameters: {"code"=>"0440ce3f25261b2f866a1a0efb324ecdd7942d50971652eed62563657403fd32", "state"=>"21532586c76da89f1ca7654e8be398d089da392448e3a56b"}
 Authenticating with gds_sso strategy
   User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-   (0.1ms)  begin transaction
+   (0.0ms)  begin transaction
    (0.2ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (10.6ms)  commit transaction
+   (7.2ms)  commit transaction
    (0.1ms)  begin transaction
    (0.2ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (11.0ms)  commit transaction
+   (5.0ms)  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 27.1ms (ActiveRecord: 22.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-24 10:51:11 +0000
+Completed 302 Found in 17.4ms (ActiveRecord: 12.9ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-01-28 12:06:20 +0000
 Processing by ExampleController#restricted as HTML
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 1.3ms (Views: 0.3ms | ActiveRecord: 0.2ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-24 10:51:11 +0000
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
+Completed 200 OK in 1.5ms (Views: 0.3ms | ActiveRecord: 0.2ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-28 12:06:21 +0000
 Processing by ExampleController#this_requires_signin_permission as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.7ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-24 10:51:11 +0000
-Started GET "/auth/gds/callback?code=81d2c3798fcbab97c593f0284b8f21ab90b07fb4bbdc0edb7be458ba34f4d762&state=e13c00ff3ae7abbd8d411740fecb2515bb94893b508aebaa" for 127.0.0.1 at 2014-01-24 10:51:12 +0000
+Completed   in 1.0ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-01-28 12:06:21 +0000
+Started GET "/auth/gds/callback?code=df5983331b8cce345612b04dc646bc0cdf48844522ac9f15c39841f93dca5614&state=03808b1decb62bfea6703186e24b3e83c29813c32335271f" for 127.0.0.1 at 2014-01-28 12:06:21 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"81d2c3798fcbab97c593f0284b8f21ab90b07fb4bbdc0edb7be458ba34f4d762", "state"=>"e13c00ff3ae7abbd8d411740fecb2515bb94893b508aebaa"}
+  Parameters: {"code"=>"df5983331b8cce345612b04dc646bc0cdf48844522ac9f15c39841f93dca5614", "state"=>"03808b1decb62bfea6703186e24b3e83c29813c32335271f"}
 Authenticating with gds_sso strategy
   User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '---
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (10.8ms)  commit transaction
+   (10.3ms)  commit transaction
    (0.0ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '---
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (7.7ms)  commit transaction
+   (7.5ms)  commit transaction
 Redirected to http://www.example-client.com/this_requires_signin_permission
-Completed 302 Found in 24.8ms (ActiveRecord: 19.2ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-24 10:51:12 +0000
+Completed 302 Found in 22.4ms (ActiveRecord: 18.3ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-28 12:06:21 +0000
 Processing by ExampleController#this_requires_signin_permission as HTML
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 1.6ms (Views: 0.4ms | ActiveRecord: 0.2ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-24 10:51:12 +0000
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
+Completed 200 OK in 1.5ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-28 12:06:21 +0000
 Processing by ExampleController#this_requires_signin_permission as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-24 10:51:12 +0000
-Started GET "/auth/gds/callback?code=8cc7ee2ad20bb1a1414ce341bf5e050b5f69c2a5b8556ec6abff13d306ab6bd1&state=9391fbf0627f34c193bef9db8975ae84614b6780d03302c2" for 127.0.0.1 at 2014-01-24 10:51:12 +0000
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-01-28 12:06:21 +0000
+Started GET "/auth/gds/callback?code=0c03b317301bb64cd2b940ceb43a16cc676afb23d55fb85fb714825f594faaf7&state=ffb1adf63ff365631c1d1a41f1394f7a413c08c3e34ec507" for 127.0.0.1 at 2014-01-28 12:06:21 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"8cc7ee2ad20bb1a1414ce341bf5e050b5f69c2a5b8556ec6abff13d306ab6bd1", "state"=>"9391fbf0627f34c193bef9db8975ae84614b6780d03302c2"}
+  Parameters: {"code"=>"0c03b317301bb64cd2b940ceb43a16cc676afb23d55fb85fb714825f594faaf7", "state"=>"ffb1adf63ff365631c1d1a41f1394f7a413c08c3e34ec507"}
 Authenticating with gds_sso strategy
   User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.0ms)  begin transaction
    (0.2ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (10.6ms)  commit transaction
+   (10.3ms)  commit transaction
    (0.1ms)  begin transaction
-   (0.1ms)  UPDATE "users" SET "permissions" = '---
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (11.2ms)  commit transaction
+   (7.9ms)  commit transaction
 Redirected to http://www.example-client.com/this_requires_signin_permission
-Completed 302 Found in 26.7ms (ActiveRecord: 22.4ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-24 10:51:12 +0000
+Completed 302 Found in 22.9ms (ActiveRecord: 18.9ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-28 12:06:21 +0000
 Processing by ExampleController#this_requires_signin_permission as HTML
-  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 1.4ms (Views: 0.3ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-24 10:51:12 +0000
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
+Completed 200 OK in 1.4ms (Views: 0.3ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-01-28 12:06:21 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-24 10:51:12 +0000
-Started GET "/auth/gds/callback?code=b16074c5be55527951cc6ccb7ac7690f41583b41bf3dcda9773c6ab84e39c49e&state=4a20fbb17da3769dd5f53c5a7ce5c879f82c9e1fdca7aa12" for 127.0.0.1 at 2014-01-24 10:51:12 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2014-01-28 12:06:21 +0000
+Started GET "/auth/gds/callback?code=a39962c51f86b1f459427f7ae97304d2d468d1cf6e721ca6041089889daa81c2&state=2890c4de4d8d349c25d5ed2ce298366fb75ddd9bd12dfadf" for 127.0.0.1 at 2014-01-28 12:06:22 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"b16074c5be55527951cc6ccb7ac7690f41583b41bf3dcda9773c6ab84e39c49e", "state"=>"4a20fbb17da3769dd5f53c5a7ce5c879f82c9e1fdca7aa12"}
+  Parameters: {"code"=>"a39962c51f86b1f459427f7ae97304d2d468d1cf6e721ca6041089889daa81c2", "state"=>"2890c4de4d8d349c25d5ed2ce298366fb75ddd9bd12dfadf"}
 Authenticating with gds_sso strategy
-  User Load (0.4ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '---
+   (0.3ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
    (9.9ms)  commit transaction
@@ -217,141 +217,133 @@ Authenticating with gds_sso strategy
    (0.2ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (25.9ms)  commit transaction
+   (8.7ms)  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 42.6ms (ActiveRecord: 36.7ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-24 10:51:12 +0000
+Completed 302 Found in 27.4ms (ActiveRecord: 19.6ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-01-28 12:06:22 +0000
 Processing by ExampleController#restricted as HTML
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 1.5ms (Views: 0.4ms | ActiveRecord: 0.2ms)
-  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
+Completed 200 OK in 2.2ms (Views: 0.7ms | ActiveRecord: 0.2ms)
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."email" = 'test@example-client.com' LIMIT 1
    (0.0ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
+   (0.1ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (6.3ms)  commit transaction
-Started GET "/restricted" for 127.0.0.1 at 2014-01-24 10:51:12 +0000
-Processing by ExampleController#restricted as HTML
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Filter chain halted as :authenticate_user! rendered or redirected
-Completed 403 Forbidden in 3.5ms (Views: 2.3ms | ActiveRecord: 0.2ms)
-Started GET "/auth/gds/sign_out" for 127.0.0.1 at 2014-01-24 10:51:12 +0000
-Processing by AuthenticationsController#sign_out as HTML
-Redirected to http://localhost:4567/users/sign_out
-Completed 302 Found in 0.5ms (ActiveRecord: 0.0ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-24 10:51:13 +0000
+   (8.1ms)  commit transaction
+Started GET "/restricted" for 127.0.0.1 at 2014-01-28 12:06:22 +0000
 Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
 Authenticating with gds_sso strategy
-Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-24 10:51:13 +0000
-Started GET "/auth/gds/callback?code=51ea5a75cbc3cb334a8ed62e71ffbcef7b0b86ffd90005a0115aa0ba06c0581d&state=2fdd40e87bdceaf5625ba614ff72a5f703a67e82859778da" for 127.0.0.1 at 2014-01-24 10:51:13 +0000
+Completed   in 1.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-01-28 12:06:22 +0000
+Started GET "/auth/gds/callback?code=06ab784306b56de665a546c623f7930128ff9d34e000d72463a6fcf43b9fbfbf&state=c9e9e4067b58804fcb5f51368a49914e3572748b9fea5140" for 127.0.0.1 at 2014-01-28 12:06:22 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"51ea5a75cbc3cb334a8ed62e71ffbcef7b0b86ffd90005a0115aa0ba06c0581d", "state"=>"2fdd40e87bdceaf5625ba614ff72a5f703a67e82859778da"}
+  Parameters: {"code"=>"06ab784306b56de665a546c623f7930128ff9d34e000d72463a6fcf43b9fbfbf", "state"=>"c9e9e4067b58804fcb5f51368a49914e3572748b9fea5140"}
 Authenticating with gds_sso strategy
-  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.0ms)  begin transaction
    (0.2ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (11.8ms)  commit transaction
+   (13.7ms)  commit transaction
    (0.1ms)  begin transaction
    (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (7.6ms)  commit transaction
+   (8.9ms)  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 24.8ms (ActiveRecord: 19.9ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-24 10:51:13 +0000
+Completed 302 Found in 28.0ms (ActiveRecord: 23.4ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-01-28 12:06:22 +0000
 Processing by ExampleController#restricted as HTML
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 1.4ms (Views: 0.4ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-24 10:51:13 +0000
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
+Completed 200 OK in 1.1ms (Views: 0.3ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-01-28 12:06:22 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-24 10:51:13 +0000
-Started GET "/auth/gds/callback?code=0513a4804ec89a9055deea8cf661376042f6723409a03d49287a90932541c152&state=d3fe14ab30cc0da2dc5ccc629fa9fc6799a00562b5560a7c" for 127.0.0.1 at 2014-01-24 10:51:13 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2014-01-28 12:06:22 +0000
+Started GET "/auth/gds/callback?code=361e6a6151fc8f9a28864bec1cb88d516d0901ff9dcdf5182d448c5e04c1086b&state=2996cc333d5d82abc129d372c87396a7af45eb8d2e5eebc7" for 127.0.0.1 at 2014-01-28 12:06:22 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"0513a4804ec89a9055deea8cf661376042f6723409a03d49287a90932541c152", "state"=>"d3fe14ab30cc0da2dc5ccc629fa9fc6799a00562b5560a7c"}
+  Parameters: {"code"=>"361e6a6151fc8f9a28864bec1cb88d516d0901ff9dcdf5182d448c5e04c1086b", "state"=>"2996cc333d5d82abc129d372c87396a7af45eb8d2e5eebc7"}
 Authenticating with gds_sso strategy
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '---
+   (0.3ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (18.3ms)  commit transaction
+   (8.5ms)  commit transaction
    (0.1ms)  begin transaction
    (0.2ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (9.4ms)  commit transaction
+   (5.0ms)  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 34.5ms (ActiveRecord: 28.4ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-24 10:51:13 +0000
+Completed 302 Found in 21.8ms (ActiveRecord: 14.4ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-01-28 12:06:23 +0000
 Processing by ExampleController#restricted as HTML
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 1.4ms (Views: 0.4ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-25 06:56:13 +0000
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
+Completed 200 OK in 1.8ms (Views: 0.5ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-01-29 08:11:23 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-25 06:56:13 +0000
-Started GET "/auth/gds/callback?code=34461e15524c4fddb13285894e5a803cc6f25c22ac7ade9e8fd9275013d4fd06&state=4572cc9771c2595df77f1be284286e861a670412edfcbe61" for 127.0.0.1 at 2014-01-25 06:56:13 +0000
+Completed   in 0.4ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-01-29 08:11:23 +0000
+Started GET "/auth/gds/callback?code=f66465b718481180bd28b0d89baf7b673130d7ec350f5485571dbca9eaf6f089&state=773049e2a1ca6b484a060189b52ddef6ab6f6c95d646b6e4" for 127.0.0.1 at 2014-01-29 08:11:23 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"34461e15524c4fddb13285894e5a803cc6f25c22ac7ade9e8fd9275013d4fd06", "state"=>"4572cc9771c2595df77f1be284286e861a670412edfcbe61"}
+  Parameters: {"code"=>"f66465b718481180bd28b0d89baf7b673130d7ec350f5485571dbca9eaf6f089", "state"=>"773049e2a1ca6b484a060189b52ddef6ab6f6c95d646b6e4"}
 Authenticating with gds_sso strategy
   User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.0ms)  begin transaction
    (0.2ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (30.4ms)  commit transaction
+   (6.5ms)  commit transaction
    (0.1ms)  begin transaction
    (0.2ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (17.6ms)  commit transaction
+   (6.2ms)  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 52.9ms (ActiveRecord: 48.7ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-25 06:56:14 +0000
+Completed 302 Found in 17.0ms (ActiveRecord: 13.3ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-01-29 08:11:23 +0000
 Processing by ExampleController#restricted as HTML
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 1.4ms (Views: 0.2ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-24 10:51:14 +0000
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
+Completed 200 OK in 1.1ms (Views: 0.2ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-01-28 12:06:23 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-24 10:51:14 +0000
-Started GET "/auth/gds/callback?code=499e0a5eb102c906b2938d18db59f80670977e4e9687440e72cbdf702292fd2e&state=c395d566cf48fc237a946e5aec8551743c971be20710d038" for 127.0.0.1 at 2014-01-24 10:51:14 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2014-01-28 12:06:23 +0000
+Started GET "/auth/gds/callback?code=c907539bdb4394222bfcde63eb2bf52d7621c6108a163f59fbe51f61e3f497bd&state=9ede945ae9ae047734797b919de32ae02eab30153963e8ba" for 127.0.0.1 at 2014-01-28 12:06:23 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"499e0a5eb102c906b2938d18db59f80670977e4e9687440e72cbdf702292fd2e", "state"=>"c395d566cf48fc237a946e5aec8551743c971be20710d038"}
+  Parameters: {"code"=>"c907539bdb4394222bfcde63eb2bf52d7621c6108a163f59fbe51f61e3f497bd", "state"=>"9ede945ae9ae047734797b919de32ae02eab30153963e8ba"}
 Authenticating with gds_sso strategy
   User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
    (0.1ms)  begin transaction
-   (0.2ms)  UPDATE "users" SET "permissions" = '---
+   (0.3ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (11.0ms)  commit transaction
+   (6.8ms)  commit transaction
    (0.1ms)  begin transaction
    (0.2ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (8.0ms)  commit transaction
+   (5.9ms)  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 25.6ms (ActiveRecord: 19.8ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-24 10:51:14 +0000
+Completed 302 Found in 21.3ms (ActiveRecord: 13.8ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-01-28 12:06:23 +0000
 Processing by ExampleController#restricted as HTML
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 1.5ms (Views: 0.4ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-25 06:46:14 +0000
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
+Completed 200 OK in 1.4ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-01-29 08:01:23 +0000
 Processing by ExampleController#restricted as HTML
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-Completed 200 OK in 1.1ms (Views: 0.2ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-24 10:51:14 +0000
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
+Completed 200 OK in 1.2ms (Views: 0.2ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-01-28 12:06:23 +0000
 Processing by ExampleController#restricted as JSON
 Authenticating with gds_bearer_token strategy
-Completed   in 9.5ms
-Started GET "/restricted" for 127.0.0.1 at 2014-01-24 10:51:14 +0000
+Completed   in 7.8ms
+Started GET "/restricted" for 127.0.0.1 at 2014-01-28 12:06:23 +0000
 Processing by ExampleController#restricted as JSON
 Authenticating with gds_bearer_token strategy
   User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
@@ -359,25 +351,25 @@ Authenticating with gds_bearer_token strategy
    (0.2ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (11.6ms)  commit transaction
-   (0.1ms)  begin transaction
-   (0.3ms)  UPDATE "users" SET "permissions" = '---
+   (5.3ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (9.2ms)  commit transaction
-Completed 200 OK in 65.6ms (Views: 0.3ms | ActiveRecord: 21.5ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-24 10:51:14 +0000
+   (4.8ms)  commit transaction
+Completed 200 OK in 43.0ms (Views: 0.2ms | ActiveRecord: 10.5ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-28 12:06:23 +0000
 Processing by ExampleController#this_requires_signin_permission as JSON
 Authenticating with gds_bearer_token strategy
-  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-   (0.0ms)  begin transaction
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
    (0.2ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (10.9ms)  commit transaction
+   (6.5ms)  commit transaction
    (0.1ms)  begin transaction
    (0.2ms)  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-   (9.4ms)  commit transaction
-Completed 200 OK in 61.5ms (Views: 0.3ms | ActiveRecord: 21.0ms)
+   (5.4ms)  commit transaction
+Completed 200 OK in 61.5ms (Views: 0.4ms | ActiveRecord: 12.7ms)

data/spec/requests/end_to_end_spec.rb

@@ -87,28 +87,24 @@ describe "Integration of client using GDS-SSO with signonotron" do
         page.driver.header 'accept', 'text/html'
         page.should have_content('restricted kablooie')
 
-        # Simulate a POST to /auth/gds/api/users/:uid/reauth by SOOT
+        # logout from signon
+        visit "http://localhost:4567/users/sign_out"
+
+        # Simulate a POST to /auth/gds/api/users/:uid/reauth by signon
         # This is already tested in api_user_controller_spec.rb
-        user = User.where(:uid => "integration-uid").first
+        user = User.where(:email => "test@example-client.com").first
         user.set_remotely_signed_out!
 
-        page.driver.header 'accept', 'text/html'
-
-        # check we can't visit
+        # attempt to visit a restricted page
         visit "http://#{@client_host}/restricted"
-        page.should have_content('You have been remotely signed out')
 
-        # signin
-        visit "http://#{@client_host}/auth/gds/sign_out" # want to be redirected to SOOT, and then back again
-        # Workaround Devise treating us like we're not HTML by manually signin in
-        # If we weren't signed out, we wouldn't get the login form, we'd get the dashboard.
-        visit "http://localhost:4567/users/sign_in"
+        # be redirected to signon
+        page.should have_content('GOV.UK Signon')
         fill_in "Email", :with => "test@example-client.com"
         fill_in "Passphrase", :with => "q1w2e3r4t5y6u7i8o9p0"
         click_on "Sign in"
 
-        # check we can visit
-        visit "http://#{@client_host}/restricted"
+        # then back again to the restricted page
         page.should have_content('restricted kablooie')
       end
     end

data/spec/tasks/signonotron_tasks.rake

@@ -31,6 +31,7 @@ namespace :signonotron do
       end
       env_stuff += " RAILS_ENV=test"
 
+      puts "Running bundler"
       puts `#{env_stuff} bundle install --path=#{gem_root + 'tmp' + "#{@app_to_launch}_bundle"}`
       FileUtils.cp gem_root.join('spec', 'fixtures', 'integration', "#{@app_to_launch}_database.yml"), File.join('config', 'database.yml')
       puts `#{env_stuff} bundle exec rake db:drop db:create db:schema:load`

data/test/session_serialisation_test.rb

@@ -33,7 +33,7 @@ class SessionSerialisationTest < Test::Unit::TestCase
   end
 
   def test_deserializing_a_user_and_in_date_timestamp_returns_the_user
-    User.expects(:where).with(:uid => 1234).returns(stub(:first => :a_user))
+    User.expects(:where).with(:uid => 1234, :remotely_signed_out => false).returns(stub(:first => :a_user))
 
     result = @serializer.deserialize [1234, Time.now.utc - GDS::SSO::Config.auth_valid_for + 3600]
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gds-sso
 version: !ruby/object:Gem::Version
-  version: 9.1.2
+  version: 9.2.0
   prerelease: 
 platform: ruby
 authors:
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-01-24 00:00:00.000000000 Z
+date: 2014-01-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -332,7 +332,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 3871486311140163207
+      hash: 1644539480887075613
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -341,7 +341,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 3871486311140163207
+      hash: 1644539480887075613
 requirements: []
 rubyforge_project: gds-sso
 rubygems_version: 1.8.23