gds-sso 1.1.1 → 1.2.0

data/README.md

@@ -17,7 +17,7 @@ These can be provided by one of the team with admin access to sign-on-o-tron.
 
 Then include the gem in your Gemfile:
 
-gem 'gds-sso', :git => 'https://github.com/alphagov/gds-sso.git'
+    gem 'gds-sso', :git => 'https://github.com/alphagov/gds-sso.git'
 
 Create a `config/initializers/gds-sso.rb` that looks like:
 

data/lib/gds-sso/config.rb

@@ -26,9 +26,12 @@ module GDS
 
       @@basic_auth_realm = "API Access"
 
+      mattr_accessor :auth_valid_for
+      @@auth_valid_for = 20 * 3600
+
       def self.user_klass
         user_model.to_s.constantize
       end
     end
   end
-end
+end

data/lib/gds-sso/version.rb

@@ -1,5 +1,5 @@
 module GDS
   module SSO
-    VERSION = "1.1.1"
+    VERSION = "1.2.0"
   end
 end

data/lib/gds-sso/warden_config.rb

@@ -9,11 +9,17 @@ Warden::Manager.after_authentication do |user, auth, opts|
 end
 
 Warden::Manager.serialize_into_session do |user|
-  user.respond_to?(:uid) ? user.uid : nil
+  user.respond_to?(:uid) ? [user.uid, Time.now.utc] : nil
 end
 
-Warden::Manager.serialize_from_session do |uid|
-  GDS::SSO::Config.user_klass.find_by_uid(uid)
+Warden::Manager.serialize_from_session do |tuple|
+  # This will reject old sessions that don't have an auth_set time
+  uid, auth_set = tuple
+  if auth_set and (auth_set + GDS::SSO::Config.auth_valid_for) > Time.now.utc
+    GDS::SSO::Config.user_klass.find_by_uid(uid)
+  else
+    nil
+  end
 end
 
 Warden::Strategies.add(:gds_sso) do

data/spec/internal/log/test.log

@@ -6270,3 +6270,1251 @@ GDS_SSO integration test:
    (20.5ms)  commit transaction
 Completed 200 OK in 24ms (ActiveRecord: 21.0ms)
   User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 5]]
+Connecting to database specified by database.yml
+   (3.3ms)  select sqlite_version(*)
+   (13.8ms)  DROP TABLE "users"
+   (2.1ms)  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text) 
+
+
+Started GET "/" for 127.0.0.1 at 2012-07-27 08:15:49 +0000
+Processing by ExampleController#index as HTML
+  Rendered text template (0.0ms)
+Completed 200 OK in 109ms (Views: 108.5ms | ActiveRecord: 0.0ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:15:50 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 20ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:15:50 +0000
+
+
+Started GET "/auth/gds/callback?code=672f73760787d1340c50a43992e1b1477d7ff417db36a2111f73727d3f29d71b&state=2ea392230392df2431984e0e2618a420c3f7b445731a076d" for 127.0.0.1 at 2012-07-27 08:15:51 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"672f73760787d1340c50a43992e1b1477d7ff417db36a2111f73727d3f29d71b", "state"=>"2ea392230392df2431984e0e2618a420c3f7b445731a076d"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+  SQL (8.7ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "test@example-client.com"], ["name", "Test User"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "integration-uid"]]
+   (12.6ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.4ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (7.6ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 110ms (ActiveRecord: 30.3ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:15:51 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 3ms (Views: 0.7ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:15:51 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 1ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:15:51 +0000
+
+
+Started GET "/auth/gds/callback?code=cfbd28a81c65a35470911eb2c3d2ed45231399c6a9969f864e17eafdee4e3fb3&state=9cb9c1eb965df4d40eb08664d487b7dbdb7b1b0aecbc2f5c" for 127.0.0.1 at 2012-07-27 08:15:51 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"cfbd28a81c65a35470911eb2c3d2ed45231399c6a9969f864e17eafdee4e3fb3", "state"=>"9cb9c1eb965df4d40eb08664d487b7dbdb7b1b0aecbc2f5c"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (8.3ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.5ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 17ms (ActiveRecord: 10.6ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:15:51 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.1ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:15:51 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:15:51 +0000
+
+
+Started GET "/auth/gds/callback?code=30e282807cc44ca2d222238386176fb6993ba6d40deb12b368338e99330dead2&state=be71eaa9a2b9895ce44564acc0ce4e48b358dbe323fb57e5" for 127.0.0.1 at 2012-07-27 08:15:52 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"30e282807cc44ca2d222238386176fb6993ba6d40deb12b368338e99330dead2", "state"=>"be71eaa9a2b9895ce44564acc0ce4e48b358dbe323fb57e5"}
+Authenticating with gds_sso strategy
+  User Load (0.8ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (3.0ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (12.8ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 23ms (ActiveRecord: 17.3ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:15:52 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-07-27 08:15:52 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+Authenticating with gds_sso strategy
+Completed   in 1ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:15:52 +0000
+
+
+Started GET "/auth/gds/callback?code=5eddf9c1cd8e1eaa1612cdad277860e889cdf799e3073ae8be0080e3f51a0a1e&state=60fc9b714bfb5bb8ba71082848f26cb4fada08ade34efa46" for 127.0.0.1 at 2012-07-27 08:15:52 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"5eddf9c1cd8e1eaa1612cdad277860e889cdf799e3073ae8be0080e3f51a0a1e", "state"=>"60fc9b714bfb5bb8ba71082848f26cb4fada08ade34efa46"}
+Authenticating with gds_sso strategy
+  User Load (0.4ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.4ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (6.4ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.7ms)  commit transaction
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 17ms (ActiveRecord: 9.3ms)
+
+
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-07-27 08:15:52 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.7ms | ActiveRecord: 0.3ms)
+
+
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-07-27 08:15:52 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+Authenticating with gds_sso strategy
+Completed   in 0ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:15:52 +0000
+
+
+Started GET "/auth/gds/callback?code=38cf49e620008c91d2d23d43683ee6d824c2ae843ef8ba516a5101fceba75574&state=6319007bf5c7f50ae4f765b37589f5fd89706e9e49475b55" for 127.0.0.1 at 2012-07-27 08:15:52 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"38cf49e620008c91d2d23d43683ee6d824c2ae843ef8ba516a5101fceba75574", "state"=>"6319007bf5c7f50ae4f765b37589f5fd89706e9e49475b55"}
+Authenticating with gds_sso strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (8.0ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.6ms)  commit transaction
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 17ms (ActiveRecord: 10.7ms)
+
+
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-07-27 08:15:52 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:15:52 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:15:52 +0000
+
+
+Started GET "/auth/gds/callback?code=ca6e4a7ad1fd4a30712d29900a4ccc749b34fdb576f56e2998e0e59864ae6bf9&state=6cd4bb3683856d09e630a2cd952e1de882d8ecf8bdc53fb2" for 127.0.0.1 at 2012-07-27 08:15:53 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"ca6e4a7ad1fd4a30712d29900a4ccc749b34fdb576f56e2998e0e59864ae6bf9", "state"=>"6cd4bb3683856d09e630a2cd952e1de882d8ecf8bdc53fb2"}
+Authenticating with gds_sso strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (13.1ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.6ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 22ms (ActiveRecord: 15.5ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:15:53 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.1ms)
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.5ms)  commit transaction
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:15:53 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (2.7ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Filter chain halted as :authenticate_user! rendered or redirected
+Completed 403 Forbidden in 39ms (Views: 34.6ms | ActiveRecord: 2.7ms)
+
+
+Started GET "/auth/gds/sign_out" for 127.0.0.1 at 2012-07-27 08:15:53 +0000
+Processing by AuthenticationsController#sign_out as HTML
+Redirected to http://localhost:4567/users/sign_out
+Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:15:53 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:15:53 +0000
+
+
+Started GET "/auth/gds/callback?code=7f37e5caee14b7feab19b435fc00e71f81e24bd40e766844b15b129aabb0f162&state=c76e9bb3b617955fe7537ec7db86ca3be085695a8b31d5a9" for 127.0.0.1 at 2012-07-27 08:15:53 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"7f37e5caee14b7feab19b435fc00e71f81e24bd40e766844b15b129aabb0f162", "state"=>"c76e9bb3b617955fe7537ec7db86ca3be085695a8b31d5a9"}
+Authenticating with gds_sso strategy
+  User Load (0.4ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.4ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (8.2ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.7ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 17ms (ActiveRecord: 11.2ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:15:53 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.5ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:15:53 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_sso_api_access strategy
+Completed   in 95ms
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:15:54 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_sso_api_access strategy
+Completed 200 OK in 2ms (Views: 0.7ms | ActiveRecord: 0.0ms)
+
+
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-07-27 08:15:54 +0000
+Processing by ExampleController#this_requires_signin_permission as JSON
+Authenticating with gds_sso_api_access strategy
+Completed 200 OK in 1ms (Views: 0.4ms | ActiveRecord: 0.0ms)
+   (0.2ms)  begin transaction
+  SQL (0.4ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d31126"]]
+   (3.7ms)  commit transaction
+WARNING: Can't mass-assign protected attributes: uid, name, permissions
+Processing by Api::UserController#update as HTML
+  Parameters: {"uid"=>"a1s2d31126"}
+Completed 403 Forbidden in 4ms (Views: 2.5ms | ActiveRecord: 0.0ms)
+   (0.1ms)  begin transaction
+  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d36505"]]
+   (1.8ms)  commit transaction
+Processing by Api::UserController#update as HTML
+  Parameters: {"uid"=>"a1s2d36505"}
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d36505' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+- new permission
+' WHERE "users"."id" = 3
+   (4.4ms)  commit transaction
+Completed 200 OK in 10ms (ActiveRecord: 5.0ms)
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 3]]
+   (0.1ms)  begin transaction
+  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d36793"]]
+   (2.7ms)  commit transaction
+WARNING: Can't mass-assign protected attributes: uid, name, permissions
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"a1s2d36793"}
+Completed 403 Forbidden in 2ms (Views: 1.3ms | ActiveRecord: 0.0ms)
+   (0.1ms)  begin transaction
+  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3666"]]
+   (6.9ms)  commit transaction
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"a1s2d3666"}
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d3666' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 5
+   (2.2ms)  commit transaction
+Completed 200 OK in 6ms (ActiveRecord: 2.9ms)
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 5]]
+Connecting to database specified by database.yml
+   (3.5ms)  select sqlite_version(*)
+   (12.8ms)  DROP TABLE "users"
+   (2.0ms)  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text) 
+
+
+Started GET "/" for 127.0.0.1 at 2012-07-27 08:45:53 +0000
+Processing by ExampleController#index as HTML
+  Rendered text template (0.0ms)
+Completed 200 OK in 70ms (Views: 69.5ms | ActiveRecord: 0.0ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:45:53 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 81ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:45:53 +0000
+
+
+Started GET "/auth/gds/callback?code=536c417bbb064146666b91baff9a33cd9e4e4643b28452121cec3457ab7f570e&state=9d3fc06fdb3417d828d8746ea0dda736758f569f601f3244" for 127.0.0.1 at 2012-07-27 08:45:54 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"536c417bbb064146666b91baff9a33cd9e4e4643b28452121cec3457ab7f570e", "state"=>"9d3fc06fdb3417d828d8746ea0dda736758f569f601f3244"}
+Authenticating with gds_sso strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+  SQL (8.9ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "test@example-client.com"], ["name", "Test User"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "integration-uid"]]
+   (7.4ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.5ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.8ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 100ms (ActiveRecord: 19.6ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:45:54 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 5ms (Views: 1.2ms | ActiveRecord: 0.3ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:45:54 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 1ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:45:54 +0000
+
+
+Started GET "/auth/gds/callback?code=12d1c1bacf23b4586b4e0d4496e86f72ca8ccfe8e691ec00cc794ac493a3eac1&state=ccdc9707ae270452cf66729c6179849fc42a5a8dea4520fb" for 127.0.0.1 at 2012-07-27 08:45:55 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"12d1c1bacf23b4586b4e0d4496e86f72ca8ccfe8e691ec00cc794ac493a3eac1", "state"=>"ccdc9707ae270452cf66729c6179849fc42a5a8dea4520fb"}
+Authenticating with gds_sso strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (3.5ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.5ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 13ms (ActiveRecord: 6.0ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:45:55 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:45:55 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:45:55 +0000
+
+
+Started GET "/auth/gds/callback?code=d254b41dcb4644f0e6cd1f70a1282eb9267de53daaaf847c549d3729682a6d83&state=a48b481d9dbeea050405364337b6630530639045a7930d59" for 127.0.0.1 at 2012-07-27 08:45:55 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"d254b41dcb4644f0e6cd1f70a1282eb9267de53daaaf847c549d3729682a6d83", "state"=>"a48b481d9dbeea050405364337b6630530639045a7930d59"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (7.6ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (8.8ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 24ms (ActiveRecord: 17.3ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:45:55 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-07-27 08:45:55 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+Authenticating with gds_sso strategy
+Completed   in 1ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:45:55 +0000
+
+
+Started GET "/auth/gds/callback?code=8fb2389f1e1f41415720c1bcadc320c4810dbb0a6ceb221974183c00683f3e64&state=9e6e2b00cc54c6ea645706c8dfa626e38ce053c81bfdd844" for 127.0.0.1 at 2012-07-27 08:45:55 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"8fb2389f1e1f41415720c1bcadc320c4810dbb0a6ceb221974183c00683f3e64", "state"=>"9e6e2b00cc54c6ea645706c8dfa626e38ce053c81bfdd844"}
+Authenticating with gds_sso strategy
+  User Load (0.4ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.4ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (7.0ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.6ms)  commit transaction
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 17ms (ActiveRecord: 9.8ms)
+
+
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-07-27 08:45:55 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.7ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-07-27 08:45:55 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+Authenticating with gds_sso strategy
+Completed   in 0ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:45:55 +0000
+
+
+Started GET "/auth/gds/callback?code=7edd6ac39078154c1413f71220eb8c8ccda4c02b348c4d11cdde82f19946aef2&state=6a3c08bd1a3df26444f79da14ca60882f403c960cd6d4256" for 127.0.0.1 at 2012-07-27 08:45:56 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"7edd6ac39078154c1413f71220eb8c8ccda4c02b348c4d11cdde82f19946aef2", "state"=>"6a3c08bd1a3df26444f79da14ca60882f403c960cd6d4256"}
+Authenticating with gds_sso strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (9.6ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.4ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.8ms)  commit transaction
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 19ms (ActiveRecord: 12.5ms)
+
+
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-07-27 08:45:56 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.5ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:45:56 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:45:56 +0000
+
+
+Started GET "/auth/gds/callback?code=04e2475db9bc90f0e56da6fb4868b70f88d182d485c433d03bc75ebb5c999394&state=744df284f488b88d779047f22459b042e4b592941959d833" for 127.0.0.1 at 2012-07-27 08:45:56 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"04e2475db9bc90f0e56da6fb4868b70f88d182d485c433d03bc75ebb5c999394", "state"=>"744df284f488b88d779047f22459b042e4b592941959d833"}
+Authenticating with gds_sso strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (7.7ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (7.2ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 23ms (ActiveRecord: 16.0ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:45:56 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.5ms | ActiveRecord: 0.2ms)
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (13.5ms)  commit transaction
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:45:56 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Filter chain halted as :authenticate_user! rendered or redirected
+Completed 403 Forbidden in 11ms (Views: 9.3ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/auth/gds/sign_out" for 127.0.0.1 at 2012-07-27 08:45:56 +0000
+Processing by AuthenticationsController#sign_out as HTML
+Redirected to http://localhost:4567/users/sign_out
+Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:45:56 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:45:56 +0000
+
+
+Started GET "/auth/gds/callback?code=243b962a5961200888e2c8635bd2afb282c85b287a9864cfd06ac3fcae5f4d62&state=637b5ff7c0eb9fe8511223295b630ae448e21c47b103fafc" for 127.0.0.1 at 2012-07-27 08:45:56 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"243b962a5961200888e2c8635bd2afb282c85b287a9864cfd06ac3fcae5f4d62", "state"=>"637b5ff7c0eb9fe8511223295b630ae448e21c47b103fafc"}
+Authenticating with gds_sso strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (28.4ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (5.7ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 42ms (ActiveRecord: 35.1ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:45:57 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:45:57 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:45:57 +0000
+
+
+Started GET "/auth/gds/callback?code=2a8ab41d23ec9e39a5c449e5030645a327fa39c486f2b4ed82f8a793f199fa83&state=67c77987f68bc78bae845b4db4936fd70506318af01f5c77" for 127.0.0.1 at 2012-07-27 08:45:57 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"2a8ab41d23ec9e39a5c449e5030645a327fa39c486f2b4ed82f8a793f199fa83", "state"=>"67c77987f68bc78bae845b4db4936fd70506318af01f5c77"}
+Authenticating with gds_sso strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.4ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (6.1ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.4ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.8ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 17ms (ActiveRecord: 9.1ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:45:57 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-28 04:50:57 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-28 04:50:57 +0000
+
+
+Started GET "/auth/gds/callback?code=548c1490e5aa385eb93ffd86f9a3baa58a49271432ff0d726dcf9561e21f2106&state=405c3eb10c17cf787a4acb78c4c3995b3dd22bb39622237b" for 127.0.0.1 at 2012-07-28 04:50:57 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"548c1490e5aa385eb93ffd86f9a3baa58a49271432ff0d726dcf9561e21f2106", "state"=>"405c3eb10c17cf787a4acb78c4c3995b3dd22bb39622237b"}
+Authenticating with gds_sso strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.4ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (9.6ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.4ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (6.5ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 24ms (ActiveRecord: 17.2ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-28 04:50:57 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:45:57 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:45:57 +0000
+
+
+Started GET "/auth/gds/callback?code=f1bb413bf09405e14f63f4f04c5c193a515e6f44f645c493acb22a4dca5e2353&state=4c080f6dea98f167921b7a3db60bc17d1436113ea31faa5d" for 127.0.0.1 at 2012-07-27 08:45:57 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"f1bb413bf09405e14f63f4f04c5c193a515e6f44f645c493acb22a4dca5e2353", "state"=>"4c080f6dea98f167921b7a3db60bc17d1436113ea31faa5d"}
+Authenticating with gds_sso strategy
+  User Load (0.5ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.4ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (19.9ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (5.1ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 35ms (ActiveRecord: 26.4ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:45:58 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.7ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-28 04:40:58 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.3ms | ActiveRecord: 0.3ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:45:58 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_sso_api_access strategy
+Completed   in 74ms
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:45:58 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_sso_api_access strategy
+Completed 200 OK in 1ms (Views: 0.6ms | ActiveRecord: 0.0ms)
+
+
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-07-27 08:45:58 +0000
+Processing by ExampleController#this_requires_signin_permission as JSON
+Authenticating with gds_sso_api_access strategy
+Completed 200 OK in 1ms (Views: 0.6ms | ActiveRecord: 0.0ms)
+   (0.2ms)  begin transaction
+  SQL (0.4ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39416"]]
+   (2.8ms)  commit transaction
+WARNING: Can't mass-assign protected attributes: uid, name, permissions
+Processing by Api::UserController#update as HTML
+  Parameters: {"uid"=>"a1s2d39416"}
+Completed 403 Forbidden in 4ms (Views: 2.4ms | ActiveRecord: 0.0ms)
+   (0.1ms)  begin transaction
+  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d38152"]]
+   (1.8ms)  commit transaction
+Processing by Api::UserController#update as HTML
+  Parameters: {"uid"=>"a1s2d38152"}
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d38152' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+- new permission
+' WHERE "users"."id" = 3
+   (12.9ms)  commit transaction
+Completed 200 OK in 18ms (ActiveRecord: 13.4ms)
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 3]]
+   (0.1ms)  begin transaction
+  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39041"]]
+   (19.9ms)  commit transaction
+WARNING: Can't mass-assign protected attributes: uid, name, permissions
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"a1s2d39041"}
+Completed 403 Forbidden in 2ms (Views: 1.4ms | ActiveRecord: 0.0ms)
+   (0.1ms)  begin transaction
+  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3694"]]
+   (1.9ms)  commit transaction
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"a1s2d3694"}
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d3694' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 5
+   (12.3ms)  commit transaction
+Completed 200 OK in 16ms (ActiveRecord: 12.9ms)
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 5]]
+Connecting to database specified by database.yml
+   (3.1ms)  select sqlite_version(*)
+   (66.1ms)  DROP TABLE "users"
+   (6.2ms)  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text) 
+
+
+Started GET "/" for 127.0.0.1 at 2012-07-27 08:49:16 +0000
+Processing by ExampleController#index as HTML
+  Rendered text template (0.0ms)
+Completed 200 OK in 63ms (Views: 62.6ms | ActiveRecord: 0.0ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:49:16 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 74ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:49:16 +0000
+
+
+Started GET "/auth/gds/callback?code=11ed7e29f5118cd5fda35d51e4c33228e6ac7d7d0e66d669c2d621ece789c101&state=3e874f70e521017a5d2eca9c16063aacea2551b9a5dfb3e7" for 127.0.0.1 at 2012-07-27 08:49:17 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"11ed7e29f5118cd5fda35d51e4c33228e6ac7d7d0e66d669c2d621ece789c101", "state"=>"3e874f70e521017a5d2eca9c16063aacea2551b9a5dfb3e7"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+  SQL (18.6ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "test@example-client.com"], ["name", "Test User"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "integration-uid"]]
+   (21.7ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.4ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (10.5ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 210ms (ActiveRecord: 52.1ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:49:18 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 13ms (Views: 10.9ms | ActiveRecord: 0.3ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:49:18 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 1ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:49:18 +0000
+
+
+Started GET "/auth/gds/callback?code=82b6c070b1b92bcd703794a4e47e769007424793ba44cafcfddcae066e102586&state=93d86f64b6755da7edc623f039d7ec33f065ab64376c21ce" for 127.0.0.1 at 2012-07-27 08:49:19 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"82b6c070b1b92bcd703794a4e47e769007424793ba44cafcfddcae066e102586", "state"=>"93d86f64b6755da7edc623f039d7ec33f065ab64376c21ce"}
+Authenticating with gds_sso strategy
+  User Load (0.4ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (25.3ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.8ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 36ms (ActiveRecord: 28.1ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:49:19 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:49:19 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:49:19 +0000
+
+
+Started GET "/auth/gds/callback?code=108abc54dd5903ba4ef81201a3d25d11c2cb2a55aea275dbb42598619f7bf88c&state=15d10b5a84779242774884ea54c7365bde9cecf67fd266e3" for 127.0.0.1 at 2012-07-27 08:49:19 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"108abc54dd5903ba4ef81201a3d25d11c2cb2a55aea275dbb42598619f7bf88c", "state"=>"15d10b5a84779242774884ea54c7365bde9cecf67fd266e3"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.4ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (9.3ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.9ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 29ms (ActiveRecord: 12.2ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:49:19 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 6ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-07-27 08:49:19 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+Authenticating with gds_sso strategy
+Completed   in 1ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:49:19 +0000
+
+
+Started GET "/auth/gds/callback?code=8f5fa8eb067f3e5d2ee42db94b71994ea779125021bd80ecde89d9afc5468a4a&state=deacc16d75b5d3aade82ef7de2bd8db4d61ea2e79956e3b8" for 127.0.0.1 at 2012-07-27 08:49:20 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"8f5fa8eb067f3e5d2ee42db94b71994ea779125021bd80ecde89d9afc5468a4a", "state"=>"deacc16d75b5d3aade82ef7de2bd8db4d61ea2e79956e3b8"}
+Authenticating with gds_sso strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (16.9ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.7ms)  commit transaction
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 28ms (ActiveRecord: 19.7ms)
+
+
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-07-27 08:49:20 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.7ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-07-27 08:49:20 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+Authenticating with gds_sso strategy
+Completed   in 0ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:49:20 +0000
+
+
+Started GET "/auth/gds/callback?code=7cc10d54143214d9754f2ac15b1acaa3b9a38743879e03722d694be96719f0eb&state=201eef216c9e162d3ea4db7e9324a010efc6926e9f548c25" for 127.0.0.1 at 2012-07-27 08:49:20 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"7cc10d54143214d9754f2ac15b1acaa3b9a38743879e03722d694be96719f0eb", "state"=>"201eef216c9e162d3ea4db7e9324a010efc6926e9f548c25"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (15.1ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (16.8ms)  commit transaction
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 39ms (ActiveRecord: 32.9ms)
+
+
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-07-27 08:49:20 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:49:20 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:49:20 +0000
+
+
+Started GET "/auth/gds/callback?code=a3f78e0c6e72b321aa5905d9d852fd1541d2a9bfa7c5c69c42cc4716dabc0cf9&state=05cb302b04ba9b3326e8d3fc2a93c12cdfe858e8f80bcf31" for 127.0.0.1 at 2012-07-27 08:49:21 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"a3f78e0c6e72b321aa5905d9d852fd1541d2a9bfa7c5c69c42cc4716dabc0cf9", "state"=>"05cb302b04ba9b3326e8d3fc2a93c12cdfe858e8f80bcf31"}
+Authenticating with gds_sso strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.4ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (23.5ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.7ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 44ms (ActiveRecord: 26.4ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:49:21 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.2ms)
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.0ms)  begin transaction
+   (10.5ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.8ms)  commit transaction
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:49:21 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Filter chain halted as :authenticate_user! rendered or redirected
+Completed 403 Forbidden in 22ms (Views: 20.0ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/auth/gds/sign_out" for 127.0.0.1 at 2012-07-27 08:49:21 +0000
+Processing by AuthenticationsController#sign_out as HTML
+Redirected to http://localhost:4567/users/sign_out
+Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:49:21 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:49:21 +0000
+
+
+Started GET "/auth/gds/callback?code=98716b82739c67387474c3557cf721a21cff4a88052a48d821c31d8a49e1dcde&state=b27b72cb23a9812370729a4a480c2e115fb592de3f80abbd" for 127.0.0.1 at 2012-07-27 08:49:22 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"98716b82739c67387474c3557cf721a21cff4a88052a48d821c31d8a49e1dcde", "state"=>"b27b72cb23a9812370729a4a480c2e115fb592de3f80abbd"}
+Authenticating with gds_sso strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (17.8ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.7ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 27ms (ActiveRecord: 20.4ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:49:22 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 12ms (Views: 0.5ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:49:22 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:49:22 +0000
+
+
+Started GET "/auth/gds/callback?code=9c9e2e4da32bc275daafce610fc556763ffdf2693f2b8001046779f87f8b21c7&state=6f3bc6ea360d5396e13faf1bedff7cc603178a3daa8e13ca" for 127.0.0.1 at 2012-07-27 08:49:22 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"9c9e2e4da32bc275daafce610fc556763ffdf2693f2b8001046779f87f8b21c7", "state"=>"6f3bc6ea360d5396e13faf1bedff7cc603178a3daa8e13ca"}
+Authenticating with gds_sso strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.4ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (17.5ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.9ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 28ms (ActiveRecord: 20.5ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:49:22 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.7ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-28 04:54:22 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-28 04:54:22 +0000
+
+
+Started GET "/auth/gds/callback?code=7256ac7a70b0bc41438b8db31b8ee83bed187a6673d5d239ea652b26b2be7010&state=9b3a9f1afb99e15a8c573552c5aebfec35386ff8a84482ec" for 127.0.0.1 at 2012-07-28 04:54:22 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"7256ac7a70b0bc41438b8db31b8ee83bed187a6673d5d239ea652b26b2be7010", "state"=>"9b3a9f1afb99e15a8c573552c5aebfec35386ff8a84482ec"}
+Authenticating with gds_sso strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (22.8ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.7ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 32ms (ActiveRecord: 25.6ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-28 04:54:22 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.5ms | ActiveRecord: 0.3ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:49:23 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0ms
+
+
+Started GET "/auth/gds" for 127.0.0.1 at 2012-07-27 08:49:23 +0000
+
+
+Started GET "/auth/gds/callback?code=ef30affe82a39f9a7cfccc667fed4ea1bb8ce15583ad3e9471c084c0ad215589&state=027efdb72e202ca04ed1b019c5045dca00b0216d917430d3" for 127.0.0.1 at 2012-07-27 08:49:23 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"ef30affe82a39f9a7cfccc667fed4ea1bb8ce15583ad3e9471c084c0ad215589", "state"=>"027efdb72e202ca04ed1b019c5045dca00b0216d917430d3"}
+Authenticating with gds_sso strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (23.6ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 1
+   (1.8ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 34ms (ActiveRecord: 26.6ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:49:23 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2ms (Views: 0.7ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-28 04:44:23 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 22ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:49:23 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_sso_api_access strategy
+Completed   in 148ms
+
+
+Started GET "/restricted" for 127.0.0.1 at 2012-07-27 08:49:23 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_sso_api_access strategy
+Completed 200 OK in 2ms (Views: 0.6ms | ActiveRecord: 0.0ms)
+
+
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2012-07-27 08:49:24 +0000
+Processing by ExampleController#this_requires_signin_permission as JSON
+Authenticating with gds_sso_api_access strategy
+Completed 200 OK in 1ms (Views: 0.4ms | ActiveRecord: 0.0ms)
+   (0.2ms)  begin transaction
+  SQL (0.4ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d31963"]]
+   (25.1ms)  commit transaction
+WARNING: Can't mass-assign protected attributes: uid, name, permissions
+Processing by Api::UserController#update as HTML
+  Parameters: {"uid"=>"a1s2d31963"}
+Completed 403 Forbidden in 4ms (Views: 2.7ms | ActiveRecord: 0.0ms)
+   (0.1ms)  begin transaction
+  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d31159"]]
+   (8.0ms)  commit transaction
+Processing by Api::UserController#update as HTML
+  Parameters: {"uid"=>"a1s2d31159"}
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d31159' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+- new permission
+' WHERE "users"."id" = 3
+   (1.8ms)  commit transaction
+Completed 200 OK in 17ms (ActiveRecord: 2.4ms)
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 3]]
+   (0.1ms)  begin transaction
+  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34898"]]
+   (9.6ms)  commit transaction
+WARNING: Can't mass-assign protected attributes: uid, name, permissions
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"a1s2d34898"}
+Completed 403 Forbidden in 2ms (Views: 1.3ms | ActiveRecord: 0.0ms)
+   (0.1ms)  begin transaction
+  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "--- \nGDS_SSO integration test: \n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34245"]]
+   (8.1ms)  commit transaction
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"a1s2d34245"}
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d34245' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.4ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '--- 
+GDS_SSO integration test: 
+- signin
+' WHERE "users"."id" = 5
+   (9.5ms)  commit transaction
+Completed 200 OK in 17ms (ActiveRecord: 10.3ms)
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 5]]