gds-sso 3.1.1 → 4.0.0

data/README.md

@@ -30,10 +30,6 @@ Create a `config/initializers/gds-sso.rb` that looks like:
 
       # optional config for location of signonotron2
       config.oauth_root_url = "http://localhost:3001"
-
-      # optional config for API Access (requests which accept application/json)
-      config.basic_auth_user = 'api'
-      config.basic_auth_password = 'secret'
     end
 
 The user model must include the GDS::SSO::User module.
@@ -42,11 +38,16 @@ It should have the following fields:
     string   "name"
     string   "email"
     string   "uid"
-    text     "permissions"
+    array    "permissions"
     boolean  "remotely_signed_out", :default => false
 
 You also need to include `GDS::SSO::ControllerMethods` in your ApplicationController
 
+For ActiveRecord, you probably want to declare permissions as "serialized" like this:
+
+    serialize :permissions, Array
+
+
 ## Use in development mode
 
 In development, you generally want to be able to run an application without needing to run your own SSO server to be running as well. GDS-SSO facilitates this by using a 'mock' mode in development. Mock mode loads an arbitrary user from the local application's user tables:

data/lib/gds-sso.rb

@@ -38,7 +38,7 @@ module GDS
       end
 
       def self.default_strategies
-        use_mock_strategies? ? [:mock_gds_sso, :mock_gds_sso_api_access] : [:gds_sso, :gds_bearer_token, :gds_sso_api_access]
+        use_mock_strategies? ? [:mock_gds_sso, :mock_gds_sso_api_access] : [:gds_sso, :gds_bearer_token]
       end
 
       config.app_middleware.use Warden::Manager do |config|

data/lib/gds-sso/config.rb

@@ -15,13 +15,6 @@ module GDS
       mattr_accessor :oauth_root_url
       @@oauth_root_url = "http://localhost:3001"
 
-      # Basic Auth Credentials (for api access when request accept
-      # header is application/json)
-      mattr_accessor :basic_auth_user
-      mattr_accessor :basic_auth_password
-      mattr_accessor :basic_auth_realm
-      @@basic_auth_realm = "API Access"
-
       mattr_accessor :auth_valid_for
       @@auth_valid_for = 20 * 3600
 

data/lib/gds-sso/failure_app.rb

@@ -9,7 +9,6 @@ module GDS
       include ActionController::RackDelegation
       include ActionController::UrlFor
       include ActionController::Redirecting
-      include ActionController::HttpAuthentication::Basic::ControllerMethods
       include Rails.application.routes.url_helpers
 
       def self.call(env)

data/lib/gds-sso/user.rb

@@ -2,30 +2,6 @@ require 'active_support/concern'
 
 module GDS
   module SSO
-    class ApiUser
-      def uid
-        0
-      end
-
-      def name
-        'API User'
-      end
-
-      def has_permission?(permission)
-        true
-      end
-
-      def clear_remotely_signed_out!
-      end
-
-      def set_remotely_signed_out!
-      end
-
-      def remotely_signed_out?
-        false
-      end
-    end
-
     module User
       def included(base)
         attr_accessible :uid, :email, :name, :permissions, as: :oauth

data/lib/gds-sso/version.rb

@@ -1,5 +1,5 @@
 module GDS
   module SSO
-    VERSION = "3.1.1"
+    VERSION = "4.0.0"
   end
 end

data/lib/gds-sso/warden_config.rb

@@ -127,51 +127,7 @@ Warden::Strategies.add(:gds_bearer_token) do
       {
         'Content-Type' => 'text/plain',
         'Content-Length' => '0',
-        'WWW-Authenticate' => %(Bearer realm="#{GDS::SSO::Config.basic_auth_realm}", error="invalid_token")
-      },
-      []
-    ]
-  end
-end
-
-Warden::Strategies.add(:gds_sso_api_access) do
-  def api_user
-    @api_user ||= GDS::SSO::ApiUser.new
-  end
-
-  def valid?
-    ::GDS::SSO::ApiAccess.api_call?(env)
-  end
-
-  def authenticate!
-    logger.debug("Authenticating with gds_sso_api_access strategy")
-
-    auth = Rack::Auth::Basic::Request.new(env)
-
-    return custom!(unauthorized) unless auth.provided?
-    return fail!(:bad_request) unless auth.basic?
-
-    if valid_api_user?(*auth.credentials)
-      success!(api_user)
-    else
-      custom!(unauthorized)
-    end
-  end
-
-  def valid_api_user?(username, password)
-    username.to_s.strip != '' &&
-      password.to_s.strip != '' &&
-      username == ::GDS::SSO::Config.basic_auth_user &&
-      password == ::GDS::SSO::Config.basic_auth_password
-  end
-
-  def unauthorized
-    [
-      401,
-      {
-        'Content-Type' => 'text/plain',
-        'Content-Length' => '0',
-        'WWW-Authenticate' => %(Basic realm="#{GDS::SSO::Config.basic_auth_realm}")
+        'WWW-Authenticate' => %(Bearer error="invalid_token")
       },
       []
     ]
@@ -212,6 +168,14 @@ Warden::Strategies.add(:mock_gds_sso_api_access) do
 
   def authenticate!
     logger.debug("Authenticating with mock_gds_sso_api_access strategy")
-    success!(GDS::SSO::ApiUser.new)
+    dummy_api_user = GDS::SSO::Config.user_klass.find_by_email("dummyapiuser@domain.com")
+    if dummy_api_user.nil?
+      dummy_api_user = GDS::SSO::Config.user_klass.create!(
+          uid: "#{rand(10000)}",
+          name: "Dummy API user created by gds-sso",
+          permissions: ["signin"],
+          as: :oauth)
+    end
+    success!(dummy_api_user)
   end
 end

data/spec/controller/api_user_controller_spec.rb

@@ -20,6 +20,13 @@ describe Api::UserController, type: :controller do
         :name => "Moshua Jarshall", 
         :permissions => ["signin"] }, 
         as: :oauth)
+
+    @signon_sso_push_user = User.create!({
+        :uid => "a1s2d3#{rand(10000)}",
+        :email => "ssopushuser@legit.com",
+        :name => "SSO Push user",
+        :permissions => ["signin", "user_update_permission"] },
+        as: :oauth)
   end
 
   describe "PUT update" do
@@ -42,7 +49,7 @@ describe Api::UserController, type: :controller do
       request.env['warden'] = mock("mock warden")
       request.env['warden'].expects(:authenticate!).at_least_once.returns(true)
       request.env['warden'].expects(:authenticated?).at_least_once.returns(true)
-      request.env['warden'].expects(:user).at_least_once.returns(GDS::SSO::ApiUser.new)
+      request.env['warden'].expects(:user).at_least_once.returns(@signon_sso_push_user)
 
       request.env['RAW_POST_DATA'] = user_update_json
       put :update, uid: @user_to_update.uid
@@ -73,7 +80,7 @@ describe Api::UserController, type: :controller do
       request.env['warden'] = mock("mock warden")
       request.env['warden'].expects(:authenticate!).at_least_once.returns(true)
       request.env['warden'].expects(:authenticated?).at_least_once.returns(true)
-      request.env['warden'].expects(:user).at_least_once.returns(GDS::SSO::ApiUser.new)
+      request.env['warden'].expects(:user).at_least_once.returns(@signon_sso_push_user)
 
       post :reauth, uid: "nonexistent-user"
 
@@ -85,7 +92,7 @@ describe Api::UserController, type: :controller do
       request.env['warden'] = mock("mock warden")
       request.env['warden'].expects(:authenticate!).at_least_once.returns(true)
       request.env['warden'].expects(:authenticated?).at_least_once.returns(true)
-      request.env['warden'].expects(:user).at_least_once.returns(GDS::SSO::ApiUser.new)
+      request.env['warden'].expects(:user).at_least_once.returns(@signon_sso_push_user)
 
       post :reauth, uid: @user_to_update.uid
 

data/spec/internal/config/initializers/gds-sso.rb

@@ -3,6 +3,4 @@ GDS::SSO.config do |config|
   config.oauth_id     = 'gds-sso-test'
   config.oauth_secret = 'secret'
   config.oauth_root_url = "http://localhost:4567"
-  config.basic_auth_user = 'test_api_user'
-  config.basic_auth_password = 'api_user_password'
 end

data/spec/internal/log/test.log

@@ -3842,3 +3842,1146 @@ Authenticating with gds_bearer_token strategy
 ' WHERE "users"."id" = 6
    (2.7ms)  commit transaction
 Completed 200 OK in 76.1ms (Views: 0.3ms | ActiveRecord: 7.6ms)
+Connecting to database specified by database.yml
+   (0.9ms)  select sqlite_version(*)
+   (6.4ms)  DROP TABLE "users"
+   (2.4ms)  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text) 
+   (0.1ms)  begin transaction
+  SQL (2.4ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d38120"]]
+   (3.3ms)  commit transaction
+WARNING: Can't mass-assign protected attributes: uid, name, permissions
+Processing by Api::UserController#update as HTML
+  Parameters: {"uid"=>"a1s2d38120"}
+  Rendered /home/jenkins/workspace/govuk_gds_sso/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (0.9ms)
+Completed 403 Forbidden in 7.7ms (Views: 6.9ms | ActiveRecord: 0.0ms)
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d37442"]]
+   (3.7ms)  commit transaction
+Processing by Api::UserController#update as HTML
+  Parameters: {"uid"=>"a1s2d37442"}
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d37442' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '---
+- signin
+- new permission
+' WHERE "users"."id" = 2
+   (3.6ms)  commit transaction
+Completed 200 OK in 41.5ms (ActiveRecord: 4.2ms)
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 2]]
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d35316"]]
+   (3.7ms)  commit transaction
+WARNING: Can't mass-assign protected attributes: uid, name, permissions
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"a1s2d35316"}
+Completed 403 Forbidden in 1.9ms (Views: 1.1ms | ActiveRecord: 0.0ms)
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d32129"]]
+   (3.6ms)  commit transaction
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"nonexistent-user"}
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'nonexistent-user' LIMIT 1
+Completed 200 OK in 1.1ms (ActiveRecord: 0.2ms)
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d32312"]]
+   (3.4ms)  commit transaction
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"a1s2d32312"}
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d32312' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
+- signin
+' WHERE "users"."id" = 5
+   (3.1ms)  commit transaction
+Completed 200 OK in 7.7ms (ActiveRecord: 3.5ms)
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 5]]
+Started GET "/" for 127.0.0.1 at 2013-10-30 14:58:39 +0000
+Processing by ExampleController#index as HTML
+Completed 200 OK in 2.4ms (Views: 1.9ms | ActiveRecord: 0.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-30 14:58:39 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 3.1ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-30 14:58:39 +0000
+Started GET "/auth/gds/callback?code=21546b2d9ad4eac9af531e441d189e32374b72b07fa4595ccdc90e26f06bf5bc&state=4e2c3a74c3e20574e39358e44bb801e5fa2d82b0812546c6" for 127.0.0.1 at 2013-10-30 14:58:40 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"21546b2d9ad4eac9af531e441d189e32374b72b07fa4595ccdc90e26f06bf5bc", "state"=>"4e2c3a74c3e20574e39358e44bb801e5fa2d82b0812546c6"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "test@example-client.com"], ["name", "Test User"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "integration-uid"]]
+   (4.9ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (3.1ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 16.5ms (ActiveRecord: 8.8ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-30 14:58:41 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.4ms (Views: 0.5ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-30 14:58:41 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-30 14:58:41 +0000
+Started GET "/auth/gds/callback?code=b502c94aa9f9e6a5c22c8232bbdb33e45ffa417003478602d9431a701021e7f5&state=d4d6b16cf6ec8214fa1472c1e08f51e085490bcd4d767886" for 127.0.0.1 at 2013-10-30 14:58:41 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"b502c94aa9f9e6a5c22c8232bbdb33e45ffa417003478602d9431a701021e7f5", "state"=>"d4d6b16cf6ec8214fa1472c1e08f51e085490bcd4d767886"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (3.4ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (2.6ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 15.9ms (ActiveRecord: 6.6ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-30 14:58:41 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.4ms (Views: 0.4ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-30 14:58:41 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-30 14:58:41 +0000
+Started GET "/auth/gds/callback?code=cb181f89b3f5f0a5cf01ed58b0fa6d9a19d6103681566112ff2e9b5c291fb435&state=463eea390a459f0b3bc6c396f3440194a74f09fe360d7942" for 127.0.0.1 at 2013-10-30 14:58:41 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"cb181f89b3f5f0a5cf01ed58b0fa6d9a19d6103681566112ff2e9b5c291fb435", "state"=>"463eea390a459f0b3bc6c396f3440194a74f09fe360d7942"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (4.6ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (3.9ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 17.0ms (ActiveRecord: 9.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-30 14:58:41 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.1ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-30 14:58:41 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.9ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-30 14:58:41 +0000
+Started GET "/auth/gds/callback?code=0abbf3732068ec26d861f589015b48d9a47a052307122a8333cae758fcf50df8&state=5a63670716405b23224915160b440ace463901bfae234e3b" for 127.0.0.1 at 2013-10-30 14:58:42 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"0abbf3732068ec26d861f589015b48d9a47a052307122a8333cae758fcf50df8", "state"=>"5a63670716405b23224915160b440ace463901bfae234e3b"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (4.4ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (11.7ms)  commit transaction
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 26.0ms (ActiveRecord: 16.8ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-30 14:58:42 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 3.3ms (Views: 0.5ms | ActiveRecord: 0.1ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-30 14:58:42 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-30 14:58:42 +0000
+Started GET "/auth/gds/callback?code=4393d4eb5d4056deb04e22601d9d750f197ff2f67dadafd2e1e28a6cf811ff85&state=b8cab794093fd92b46e8d39c63dffffdc523af2f770860a2" for 127.0.0.1 at 2013-10-30 14:58:42 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"4393d4eb5d4056deb04e22601d9d750f197ff2f67dadafd2e1e28a6cf811ff85", "state"=>"b8cab794093fd92b46e8d39c63dffffdc523af2f770860a2"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (5.6ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (4.3ms)  commit transaction
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 18.7ms (ActiveRecord: 10.4ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-30 14:58:42 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 3.1ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-30 14:58:42 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-30 14:58:42 +0000
+Started GET "/auth/gds/callback?code=e7dd5b6ce99dde23d4e201fe072581c16f6ec38f18dca14912e2f99d21723ef8&state=d1fb30062bf4605aa9e69cf627352c1b5bcac088374a98b2" for 127.0.0.1 at 2013-10-30 14:58:42 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"e7dd5b6ce99dde23d4e201fe072581c16f6ec38f18dca14912e2f99d21723ef8", "state"=>"d1fb30062bf4605aa9e69cf627352c1b5bcac088374a98b2"}
+Authenticating with gds_sso strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (7.1ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (4.8ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 23.0ms (ActiveRecord: 12.7ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-30 14:58:42 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2.4ms (Views: 0.5ms | ActiveRecord: 0.2ms)
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (8.9ms)  commit transaction
+Started GET "/restricted" for 127.0.0.1 at 2013-10-30 14:58:42 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Filter chain halted as :authenticate_user! rendered or redirected
+Completed 403 Forbidden in 5.8ms (Views: 3.9ms | ActiveRecord: 0.2ms)
+Started GET "/auth/gds/sign_out" for 127.0.0.1 at 2013-10-30 14:58:42 +0000
+Processing by AuthenticationsController#sign_out as HTML
+Redirected to http://localhost:4567/users/sign_out
+Completed 302 Found in 0.5ms (ActiveRecord: 0.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-30 14:58:43 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-30 14:58:43 +0000
+Started GET "/auth/gds/callback?code=87bc7d06f9e52b5040f78d5ff86fbb263582b33244bed765d729002aac8001d7&state=1fbfeba924b1b068322d0fbef2b4da4d53fb74a256364324" for 127.0.0.1 at 2013-10-30 14:58:43 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"87bc7d06f9e52b5040f78d5ff86fbb263582b33244bed765d729002aac8001d7", "state"=>"1fbfeba924b1b068322d0fbef2b4da4d53fb74a256364324"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (7.2ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (4.1ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 20.1ms (ActiveRecord: 11.9ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-30 14:58:43 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.2ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-30 14:58:43 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-30 14:58:43 +0000
+Started GET "/auth/gds/callback?code=e1bd6f888ef37e5f44cc5a61ce36d141c51fc0208846c2718ae49def19e5f1f5&state=b4bf18736e24adef0702b62688f117ab0368826e88a41dda" for 127.0.0.1 at 2013-10-30 14:58:43 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"e1bd6f888ef37e5f44cc5a61ce36d141c51fc0208846c2718ae49def19e5f1f5", "state"=>"b4bf18736e24adef0702b62688f117ab0368826e88a41dda"}
+Authenticating with gds_sso strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (12.0ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.3ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (3.5ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 30.4ms (ActiveRecord: 16.4ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-30 14:58:43 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2.6ms (Views: 0.7ms | ActiveRecord: 0.3ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:03:43 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.5ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 11:03:43 +0000
+Started GET "/auth/gds/callback?code=973f0fa8a743e55c374e166c86c0da2753453e40b0994b02e576e9799d65c6cf&state=ce5a5d8001cced1f32f81a71982b7ae354697d1e80e108a3" for 127.0.0.1 at 2013-10-31 11:03:43 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"973f0fa8a743e55c374e166c86c0da2753453e40b0994b02e576e9799d65c6cf", "state"=>"ce5a5d8001cced1f32f81a71982b7ae354697d1e80e108a3"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (4.9ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (3.6ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 17.0ms (ActiveRecord: 9.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:03:43 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.1ms (Views: 0.2ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-30 14:58:43 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-30 14:58:43 +0000
+Started GET "/auth/gds/callback?code=e05906c7d82b5d9daf4a495c55296ad7159eb4ff81223f9082414307ba86758d&state=52504b0b1d107ce958c4f76ca1ee4643be771726c2544e3e" for 127.0.0.1 at 2013-10-30 14:58:44 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"e05906c7d82b5d9daf4a495c55296ad7159eb4ff81223f9082414307ba86758d", "state"=>"52504b0b1d107ce958c4f76ca1ee4643be771726c2544e3e"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (6.9ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (3.8ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 20.8ms (ActiveRecord: 11.4ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-30 14:58:44 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.3ms (Views: 0.5ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 10:53:44 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.0ms (Views: 0.2ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-30 14:58:44 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_sso_api_access strategy
+Completed   in 2.3ms
+Started GET "/restricted" for 127.0.0.1 at 2013-10-30 14:58:44 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_sso_api_access strategy
+Completed 200 OK in 1.3ms (Views: 0.5ms | ActiveRecord: 0.0ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-30 14:58:44 +0000
+Processing by ExampleController#this_requires_signin_permission as JSON
+Authenticating with gds_sso_api_access strategy
+Completed 200 OK in 1.1ms (Views: 0.2ms | ActiveRecord: 0.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-30 14:58:44 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_bearer_token strategy
+Completed   in 8.2ms
+Started GET "/restricted" for 127.0.0.1 at 2013-10-30 14:58:44 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_bearer_token strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (5.1ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (3.4ms)  commit transaction
+Completed 200 OK in 41.7ms (Views: 0.3ms | ActiveRecord: 9.2ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-30 14:58:44 +0000
+Processing by ExampleController#this_requires_signin_permission as JSON
+Authenticating with gds_bearer_token strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (4.4ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 6
+   (2.8ms)  commit transaction
+Completed 200 OK in 40.3ms (Views: 0.3ms | ActiveRecord: 7.8ms)
+Connecting to database specified by database.yml
+   (0.9ms)  select sqlite_version(*)
+   (9.6ms)  DROP TABLE "users"
+   (3.6ms)  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text) 
+   (0.1ms)  begin transaction
+  SQL (2.4ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3613"]]
+   (4.7ms)  commit transaction
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39406"]]
+   (3.1ms)  commit transaction
+WARNING: Can't mass-assign protected attributes: uid, name, permissions
+Processing by Api::UserController#update as HTML
+  Parameters: {"uid"=>"a1s2d3613"}
+  Rendered /home/jenkins/workspace/govuk_gds_sso/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (0.9ms)
+Completed 403 Forbidden in 7.3ms (Views: 6.6ms | ActiveRecord: 0.0ms)
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d31738"]]
+   (3.9ms)  commit transaction
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39354"]]
+   (3.7ms)  commit transaction
+Processing by Api::UserController#update as HTML
+  Parameters: {"uid"=>"a1s2d31738"}
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d31738' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '---
+- signin
+- new permission
+' WHERE "users"."id" = 3
+   (3.4ms)  commit transaction
+Completed 200 OK in 13.5ms (ActiveRecord: 4.0ms)
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 3]]
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d33165"]]
+   (3.7ms)  commit transaction
+   (0.0ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d31198"]]
+   (3.6ms)  commit transaction
+WARNING: Can't mass-assign protected attributes: uid, name, permissions
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"a1s2d33165"}
+Completed 403 Forbidden in 1.8ms (Views: 1.1ms | ActiveRecord: 0.0ms)
+   (0.1ms)  begin transaction
+  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39677"]]
+   (3.0ms)  commit transaction
+   (0.0ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d37547"]]
+   (2.9ms)  commit transaction
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"nonexistent-user"}
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'nonexistent-user' LIMIT 1
+Completed 200 OK in 1.2ms (ActiveRecord: 0.2ms)
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d32000"]]
+   (3.4ms)  commit transaction
+   (0.0ms)  begin transaction
+  SQL (0.1ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34762"]]
+   (3.5ms)  commit transaction
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"a1s2d32000"}
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d32000' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
+- signin
+' WHERE "users"."id" = 9
+   (3.0ms)  commit transaction
+Completed 200 OK in 7.7ms (ActiveRecord: 3.4ms)
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 9]]
+Started GET "/" for 127.0.0.1 at 2013-10-31 11:29:45 +0000
+Processing by ExampleController#index as HTML
+Completed 200 OK in 2.4ms (Views: 1.9ms | ActiveRecord: 0.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:29:45 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 2.9ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 11:29:45 +0000
+Started GET "/auth/gds/callback?code=ea334fb3f4df36c7eff38383bec4d2da86f369e516c7896d81474995968f178b&state=d67b7b12aff13a8cea87ebf60dd9aefaf48c33b2cbd4c714" for 127.0.0.1 at 2013-10-31 11:29:46 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"ea334fb3f4df36c7eff38383bec4d2da86f369e516c7896d81474995968f178b", "state"=>"d67b7b12aff13a8cea87ebf60dd9aefaf48c33b2cbd4c714"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "test@example-client.com"], ["name", "Test User"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "integration-uid"]]
+   (5.9ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (4.2ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 18.7ms (ActiveRecord: 10.7ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:29:46 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.4ms (Views: 0.4ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:29:46 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.4ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 11:29:46 +0000
+Started GET "/auth/gds/callback?code=7a505bdc1b787708ade7037c58aaa9515efc32cc3eca3f1dc839c77fca810bb7&state=3de4c55203f7ac53b7f1f125f3f9289f04e113ec763ffc56" for 127.0.0.1 at 2013-10-31 11:29:46 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"7a505bdc1b787708ade7037c58aaa9515efc32cc3eca3f1dc839c77fca810bb7", "state"=>"3de4c55203f7ac53b7f1f125f3f9289f04e113ec763ffc56"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (4.3ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (4.3ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 18.7ms (ActiveRecord: 9.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:29:46 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.3ms (Views: 0.4ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:29:46 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 11:29:46 +0000
+Started GET "/auth/gds/callback?code=f07c04e96868fd3c6c5bb2c39badad39dd08a634599c0fa95170ee5d4efb7329&state=64ce1792109d2001ee22c503eaeb791031d87ebc03c0c2a9" for 127.0.0.1 at 2013-10-31 11:29:47 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"f07c04e96868fd3c6c5bb2c39badad39dd08a634599c0fa95170ee5d4efb7329", "state"=>"64ce1792109d2001ee22c503eaeb791031d87ebc03c0c2a9"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (7.0ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (4.4ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 20.2ms (ActiveRecord: 12.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:29:47 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.4ms (Views: 0.3ms | ActiveRecord: 0.2ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 11:29:47 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.9ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 11:29:47 +0000
+Started GET "/auth/gds/callback?code=eb48b4542e41de858cb1401917bd3b45b5310dfe41d58559e313d07c9d9bbead&state=fb0c181bcb7e5c4dc4e04cbdceb84dccf2c9ae04cb312be1" for 127.0.0.1 at 2013-10-31 11:29:47 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"eb48b4542e41de858cb1401917bd3b45b5310dfe41d58559e313d07c9d9bbead", "state"=>"fb0c181bcb7e5c4dc4e04cbdceb84dccf2c9ae04cb312be1"}
+Authenticating with gds_sso strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (5.2ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (4.6ms)  commit transaction
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 20.7ms (ActiveRecord: 10.5ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 11:29:47 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 3.4ms (Views: 0.5ms | ActiveRecord: 0.1ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 11:29:47 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 11:29:47 +0000
+Started GET "/auth/gds/callback?code=bbad64af30b3ceb0f0bea70f55c5cdfc9b944597b0c5f895898ce7aae891d2fa&state=062b39ebbf6cadda37ad07b6d4d97cb3ecfb9c860385c083" for 127.0.0.1 at 2013-10-31 11:29:47 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"bbad64af30b3ceb0f0bea70f55c5cdfc9b944597b0c5f895898ce7aae891d2fa", "state"=>"062b39ebbf6cadda37ad07b6d4d97cb3ecfb9c860385c083"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (4.7ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (3.5ms)  commit transaction
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 16.7ms (ActiveRecord: 8.8ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 11:29:47 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 2.9ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:29:47 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 11:29:47 +0000
+Started GET "/auth/gds/callback?code=70eb8cc2821db0bdb529fd3426c94b99d68c7e4eb12b778e61dd50403acf6aad&state=fe739fcb50889b85a8af8277a420601f13d7ae36ba79f0a3" for 127.0.0.1 at 2013-10-31 11:29:48 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"70eb8cc2821db0bdb529fd3426c94b99d68c7e4eb12b778e61dd50403acf6aad", "state"=>"fe739fcb50889b85a8af8277a420601f13d7ae36ba79f0a3"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (4.8ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (3.0ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 19.0ms (ActiveRecord: 8.5ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:29:48 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.4ms (Views: 0.5ms | ActiveRecord: 0.1ms)
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (3.1ms)  commit transaction
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:29:48 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Filter chain halted as :authenticate_user! rendered or redirected
+Completed 403 Forbidden in 3.4ms (Views: 2.4ms | ActiveRecord: 0.1ms)
+Started GET "/auth/gds/sign_out" for 127.0.0.1 at 2013-10-31 11:29:48 +0000
+Processing by AuthenticationsController#sign_out as HTML
+Redirected to http://localhost:4567/users/sign_out
+Completed 302 Found in 0.6ms (ActiveRecord: 0.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:29:48 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 11:29:48 +0000
+Started GET "/auth/gds/callback?code=6df0c015afd6823152c95acc2031d9a240fdbb888069625907109d173c99cbb6&state=d75a201ebc3157d9862f91a78fcfbe4bf2a49e5d16cced59" for 127.0.0.1 at 2013-10-31 11:29:48 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"6df0c015afd6823152c95acc2031d9a240fdbb888069625907109d173c99cbb6", "state"=>"d75a201ebc3157d9862f91a78fcfbe4bf2a49e5d16cced59"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (7.1ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (4.6ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 20.8ms (ActiveRecord: 12.4ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:29:48 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.3ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:29:48 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 11:29:48 +0000
+Started GET "/auth/gds/callback?code=f9288ca55b8e6cf4db6c2be2206da8f652cd5e3cdb057317d58b77e9498291de&state=20ec2c50661c7b68bc24e7eae4f9ae9dff2dfeac734f46df" for 127.0.0.1 at 2013-10-31 11:29:48 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"f9288ca55b8e6cf4db6c2be2206da8f652cd5e3cdb057317d58b77e9498291de", "state"=>"20ec2c50661c7b68bc24e7eae4f9ae9dff2dfeac734f46df"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (4.6ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (3.0ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 17.3ms (ActiveRecord: 8.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:29:48 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.4ms (Views: 0.4ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-11-01 07:34:48 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-11-01 07:34:48 +0000
+Started GET "/auth/gds/callback?code=a7bbe8723628cc9643b443aeec6d01f157a551459487c75b9d736bed893bc79d&state=4e9244f89282b1883c5ac4453277f0ba1a5c98b362538f12" for 127.0.0.1 at 2013-11-01 07:34:48 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"a7bbe8723628cc9643b443aeec6d01f157a551459487c75b9d736bed893bc79d", "state"=>"4e9244f89282b1883c5ac4453277f0ba1a5c98b362538f12"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (4.2ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (3.9ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 16.8ms (ActiveRecord: 8.7ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-11-01 07:34:49 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.1ms (Views: 0.2ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:29:49 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 11:29:49 +0000
+Started GET "/auth/gds/callback?code=52fcbae45155f9d60188eb3972067cdb696f2aa0ae878829bf8b8875269407ec&state=00957b3c7b8f4bede1e4b64beda98279a6d7e5aed69274eb" for 127.0.0.1 at 2013-10-31 11:29:49 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"52fcbae45155f9d60188eb3972067cdb696f2aa0ae878829bf8b8875269407ec", "state"=>"00957b3c7b8f4bede1e4b64beda98279a6d7e5aed69274eb"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (5.2ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (4.3ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 19.3ms (ActiveRecord: 10.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:29:49 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.3ms (Views: 0.4ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-11-01 07:24:49 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.0ms (Views: 0.2ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:29:49 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_bearer_token strategy
+Completed   in 8.3ms
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:29:49 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_bearer_token strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (5.2ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (5.0ms)  commit transaction
+Completed 200 OK in 44.5ms (Views: 0.3ms | ActiveRecord: 10.7ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 11:29:49 +0000
+Processing by ExampleController#this_requires_signin_permission as JSON
+Authenticating with gds_bearer_token strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (3.5ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (2.8ms)  commit transaction
+Completed 200 OK in 42.5ms (Views: 0.3ms | ActiveRecord: 7.0ms)
+Connecting to database specified by database.yml
+   (0.9ms)  select sqlite_version(*)
+   (7.1ms)  DROP TABLE "users"
+   (4.9ms)  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text) 
+   (0.1ms)  begin transaction
+  SQL (2.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34045"]]
+   (4.0ms)  commit transaction
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34401"]]
+   (3.8ms)  commit transaction
+WARNING: Can't mass-assign protected attributes: uid, name, permissions
+Processing by Api::UserController#update as HTML
+  Parameters: {"uid"=>"a1s2d34045"}
+  Rendered /home/jenkins/workspace/govuk_gds_sso/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (1.0ms)
+Completed 403 Forbidden in 7.1ms (Views: 6.4ms | ActiveRecord: 0.0ms)
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d37401"]]
+   (4.9ms)  commit transaction
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d38417"]]
+   (5.1ms)  commit transaction
+Processing by Api::UserController#update as HTML
+  Parameters: {"uid"=>"a1s2d37401"}
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d37401' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '---
+- signin
+- new permission
+' WHERE "users"."id" = 3
+   (4.1ms)  commit transaction
+Completed 200 OK in 14.6ms (ActiveRecord: 4.6ms)
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 3]]
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3357"]]
+   (7.3ms)  commit transaction
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d35680"]]
+   (9.0ms)  commit transaction
+WARNING: Can't mass-assign protected attributes: uid, name, permissions
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"a1s2d3357"}
+Completed 403 Forbidden in 2.1ms (Views: 1.3ms | ActiveRecord: 0.0ms)
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d33521"]]
+   (13.4ms)  commit transaction
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34941"]]
+   (3.6ms)  commit transaction
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"nonexistent-user"}
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'nonexistent-user' LIMIT 1
+Completed 200 OK in 1.3ms (ActiveRecord: 0.3ms)
+   (0.1ms)  begin transaction
+  SQL (0.2ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d31774"]]
+   (5.1ms)  commit transaction
+   (0.0ms)  begin transaction
+  SQL (0.1ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d31106"]]
+   (5.0ms)  commit transaction
+Processing by Api::UserController#reauth as HTML
+  Parameters: {"uid"=>"a1s2d31774"}
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d31774' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
+- signin
+' WHERE "users"."id" = 9
+   (4.7ms)  commit transaction
+Completed 200 OK in 9.7ms (ActiveRecord: 5.2ms)
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 9]]
+Started GET "/" for 127.0.0.1 at 2013-10-31 11:38:29 +0000
+Processing by ExampleController#index as HTML
+Completed 200 OK in 2.5ms (Views: 2.0ms | ActiveRecord: 0.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:38:29 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 3.1ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 11:38:29 +0000
+Started GET "/auth/gds/callback?code=7076c155ba2e6b897d4be0cea184f3ee669c54789ff8df4f3ec6303689e63f25&state=770ee508b2b88449dc584a5e510d496412f38273cc5e1f93" for 127.0.0.1 at 2013-10-31 11:38:30 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"7076c155ba2e6b897d4be0cea184f3ee669c54789ff8df4f3ec6303689e63f25", "state"=>"770ee508b2b88449dc584a5e510d496412f38273cc5e1f93"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+  SQL (0.3ms)  INSERT INTO "users" ("email", "name", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?)  [["email", "test@example-client.com"], ["name", "Test User"], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "integration-uid"]]
+   (4.4ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (2.6ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 15.9ms (ActiveRecord: 7.8ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:38:30 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.4ms (Views: 0.5ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:38:30 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 11:38:30 +0000
+Started GET "/auth/gds/callback?code=c7ca4d809f924ea396e11557a456d3592df744c59f19cb35c58d12d85296f9ce&state=0df587715601a2f68981a64f74b971390937487447e4cb8f" for 127.0.0.1 at 2013-10-31 11:38:31 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"c7ca4d809f924ea396e11557a456d3592df744c59f19cb35c58d12d85296f9ce", "state"=>"0df587715601a2f68981a64f74b971390937487447e4cb8f"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (4.4ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (3.6ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 18.1ms (ActiveRecord: 8.7ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:38:31 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.4ms (Views: 0.4ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:38:31 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 11:38:31 +0000
+Started GET "/auth/gds/callback?code=344801e2fa7aa06cb1ad37f59897de3c9f94b02e46dc5b58803f2d72e5f4e36b&state=ef509060c15900e987de31eed7b4dce7f2608cdd06cf04c8" for 127.0.0.1 at 2013-10-31 11:38:31 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"344801e2fa7aa06cb1ad37f59897de3c9f94b02e46dc5b58803f2d72e5f4e36b", "state"=>"ef509060c15900e987de31eed7b4dce7f2608cdd06cf04c8"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (3.6ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (2.9ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 15.7ms (ActiveRecord: 7.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:38:31 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.1ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 11:38:31 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+Authenticating with gds_sso strategy
+Completed   in 1.0ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 11:38:31 +0000
+Started GET "/auth/gds/callback?code=e4d456776e183ac16c1a488fee5d37f0ef73b83eaab6babd84dcaba64b9a6de8&state=33a12d41614b3c0471c76c47a87dfb1c1d9d0e669947b31e" for 127.0.0.1 at 2013-10-31 11:38:31 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"e4d456776e183ac16c1a488fee5d37f0ef73b83eaab6babd84dcaba64b9a6de8", "state"=>"33a12d41614b3c0471c76c47a87dfb1c1d9d0e669947b31e"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (3.7ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (3.6ms)  commit transaction
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 17.0ms (ActiveRecord: 8.0ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 11:38:31 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 3.6ms (Views: 0.6ms | ActiveRecord: 0.1ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 11:38:31 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 11:38:31 +0000
+Started GET "/auth/gds/callback?code=06e4a236c113f2b9a712766532fbd02b4d0c5c988050e6e8588cae14fea1973b&state=a66a4cc2b23620d9d6e6737f5e68925c79530f1af0732b94" for 127.0.0.1 at 2013-10-31 11:38:31 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"06e4a236c113f2b9a712766532fbd02b4d0c5c988050e6e8588cae14fea1973b", "state"=>"a66a4cc2b23620d9d6e6737f5e68925c79530f1af0732b94"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (4.7ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (3.1ms)  commit transaction
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 16.8ms (ActiveRecord: 8.4ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 11:38:32 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 3.2ms (Views: 0.3ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:38:32 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 11:38:32 +0000
+Started GET "/auth/gds/callback?code=e8aeebb3e2ba1909323787104940651c8a0981647bdf64a760e147e86ffbfefc&state=f79820d13a2122a8d3ac5f2c2ebc85ac261c47947c51585f" for 127.0.0.1 at 2013-10-31 11:38:32 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"e8aeebb3e2ba1909323787104940651c8a0981647bdf64a760e147e86ffbfefc", "state"=>"f79820d13a2122a8d3ac5f2c2ebc85ac261c47947c51585f"}
+Authenticating with gds_sso strategy
+  User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (5.0ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (2.8ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 18.0ms (ActiveRecord: 8.5ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:38:32 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.4ms (Views: 0.4ms | ActiveRecord: 0.1ms)
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (2.9ms)  commit transaction
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:38:32 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Filter chain halted as :authenticate_user! rendered or redirected
+Completed 403 Forbidden in 3.5ms (Views: 2.4ms | ActiveRecord: 0.1ms)
+Started GET "/auth/gds/sign_out" for 127.0.0.1 at 2013-10-31 11:38:32 +0000
+Processing by AuthenticationsController#sign_out as HTML
+Redirected to http://localhost:4567/users/sign_out
+Completed 302 Found in 0.6ms (ActiveRecord: 0.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:38:32 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 11:38:32 +0000
+Started GET "/auth/gds/callback?code=7f24c5a305c90af77ec7cec351c5984876b2972f95f9e2bdeeddb39b07aa1157&state=7cb3208f25ead37892e645398274299dbe4d08fc0bae32d4" for 127.0.0.1 at 2013-10-31 11:38:32 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"7f24c5a305c90af77ec7cec351c5984876b2972f95f9e2bdeeddb39b07aa1157", "state"=>"7cb3208f25ead37892e645398274299dbe4d08fc0bae32d4"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.0ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (4.4ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (3.6ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 17.3ms (ActiveRecord: 8.7ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:38:32 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.4ms (Views: 0.4ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:38:32 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 11:38:32 +0000
+Started GET "/auth/gds/callback?code=7389b2655a69297e389913caf43fce07399e10de4e9b3d1b8aeeaeacb12541ff&state=6e1887d565e93ad7e6d2455ca48002569502e3d1c76c9584" for 127.0.0.1 at 2013-10-31 11:38:33 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"7389b2655a69297e389913caf43fce07399e10de4e9b3d1b8aeeaeacb12541ff", "state"=>"6e1887d565e93ad7e6d2455ca48002569502e3d1c76c9584"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (4.8ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (3.0ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 18.3ms (ActiveRecord: 8.5ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:38:33 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.4ms (Views: 0.4ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-11-01 07:43:33 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-11-01 07:43:33 +0000
+Started GET "/auth/gds/callback?code=dda00818864f4f1f758d17f7270a2ae70004a6424993c00b950396e2fb66d455&state=f2b7c6d249227239f0df33b4f919530cd13e7a5583230cb7" for 127.0.0.1 at 2013-11-01 07:43:33 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"dda00818864f4f1f758d17f7270a2ae70004a6424993c00b950396e2fb66d455", "state"=>"f2b7c6d249227239f0df33b4f919530cd13e7a5583230cb7"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (4.0ms)  commit transaction
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (2.7ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 15.0ms (ActiveRecord: 7.3ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-11-01 07:43:33 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.0ms (Views: 0.2ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:38:33 +0000
+Processing by ExampleController#restricted as HTML
+Authenticating with gds_sso strategy
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2013-10-31 11:38:33 +0000
+Started GET "/auth/gds/callback?code=163ff71d8a13eea08b9e061f7bc78c1acf07117cfbd653020e43ed56e2ad642f&state=cc7649abe8fa5d4abaf5ff934b0b39c99d336a1ee509b053" for 127.0.0.1 at 2013-10-31 11:38:33 +0000
+Processing by AuthenticationsController#callback as HTML
+  Parameters: {"code"=>"163ff71d8a13eea08b9e061f7bc78c1acf07117cfbd653020e43ed56e2ad642f", "state"=>"cc7649abe8fa5d4abaf5ff934b0b39c99d336a1ee509b053"}
+Authenticating with gds_sso strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (3.9ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (3.6ms)  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 18.0ms (ActiveRecord: 8.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:38:33 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.5ms (Views: 0.5ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-11-01 07:33:33 +0000
+Processing by ExampleController#restricted as HTML
+  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+Completed 200 OK in 1.1ms (Views: 0.2ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:38:33 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_bearer_token strategy
+Completed   in 7.9ms
+Started GET "/restricted" for 127.0.0.1 at 2013-10-31 11:38:33 +0000
+Processing by ExampleController#restricted as JSON
+Authenticating with gds_bearer_token strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (4.4ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (3.7ms)  commit transaction
+Completed 200 OK in 42.1ms (Views: 0.3ms | ActiveRecord: 8.7ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2013-10-31 11:38:33 +0000
+Processing by ExampleController#this_requires_signin_permission as JSON
+Authenticating with gds_bearer_token strategy
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+   (0.1ms)  begin transaction
+   (0.2ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (5.5ms)  commit transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  UPDATE "users" SET "permissions" = '---
+- signin
+' WHERE "users"."id" = 11
+   (4.3ms)  commit transaction
+Completed 200 OK in 46.0ms (Views: 0.3ms | ActiveRecord: 10.4ms)