RubyGems - gds-sso - Versions diffs - 9.2.1 → 9.2.2 - Mend

gds-sso 9.2.1 → 9.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

data/Rakefile +1 -8
data/lib/gds-sso/user.rb +15 -3
data/lib/gds-sso/version.rb +1 -1
data/lib/gds-sso/warden_config.rb +3 -2
data/spec/controller/api_user_controller_spec.rb +22 -24
data/spec/fixtures/integration/signonotron2.sql +2 -1
data/spec/internal/db/combustion_test.sqlite +0 -0
data/spec/internal/log/test.log +206 -206
data/spec/requests/end_to_end_spec.rb +21 -19
data/spec/spec_helper.rb +9 -1
data/spec/support/timecop.rb +7 -0
data/spec/unit/api_access_spec.rb +27 -0
data/spec/unit/session_serialisation_spec.rb +62 -0
data/{test/user_test.rb → spec/unit/user_spec.rb} +5 -5
metadata +14 -32
data/spec/requests/authentication_soot2.rb +0 -116
data/test/api_access_test.rb +0 -27
data/test/session_serialisation_test.rb +0 -58
data/test/test_helper.rb +0 -8

data/Rakefile CHANGED Viewed

@@ -3,13 +3,6 @@ Bundler::GemHelper.install_tasks
 load File.dirname(__FILE__) + "/spec/tasks/signonotron_tasks.rake"
-require 'rake/testtask'
-Rake::TestTask.new do |t|
-  t.libs << "test"
-  t.test_files = FileList['test/**/*_test.rb']
-  t.verbose = true
-end
 require 'rspec/core/rake_task'
 desc "Run all specs"
 RSpec::Core::RakeTask.new(:spec) do |task|
@@ -28,4 +21,4 @@ task :publish_gem do |t|
   puts "Published #{gem}" if gem
 end
-task :default => [:test, :"signonotron:start", :spec]
+task :default => [:"signonotron:start", :spec]

data/lib/gds-sso/user.rb CHANGED Viewed

@@ -6,7 +6,9 @@ module GDS
       extend ActiveSupport::Concern
       included do
-        attr_accessible :uid, :email, :name, :permissions, :organisation_slug, as: :oauth
+        if (Gem::Version.new(Rails.version) < Gem::Version.new("4.0")) && respond_to?(:attr_accessible)
+          attr_accessible :uid, :email, :name, :permissions, :organisation_slug, as: :oauth
+        end
       end
       def has_permission?(permission)
@@ -35,11 +37,21 @@ module GDS
       module ClassMethods
         def find_for_gds_oauth(auth_hash)
+          user_params = GDS::SSO::User.user_params_from_auth_hash(auth_hash.to_hash)
           if user = self.where(:uid => auth_hash["uid"]).first
-            user.update_attributes(GDS::SSO::User.user_params_from_auth_hash(auth_hash.to_hash), as: :oauth)
+            if Gem::Version.new(Rails.version) >= Gem::Version.new("4.0")
+              user.update_attributes(user_params)
+            else
+              user.update_attributes(user_params, as: :oauth)
+            end
             user
           else # Create a new user.
-            self.create!(GDS::SSO::User.user_params_from_auth_hash(auth_hash.to_hash), as: :oauth)
+            if Gem::Version.new(Rails.version) >= Gem::Version.new("4.0")
+              self.create!(user_params)
+            else
+              self.create!(user_params, as: :oauth)
+            end
           end
         end
       end

data/lib/gds-sso/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module GDS
   module SSO
-    VERSION = "9.2.1"
+    VERSION = "9.2.2"
   end
 end

data/lib/gds-sso/warden_config.rb CHANGED Viewed

@@ -171,12 +171,13 @@ Warden::Strategies.add(:mock_gds_sso_api_access) do
     logger.debug("Authenticating with mock_gds_sso_api_access strategy")
     dummy_api_user = GDS::SSO.test_user || GDS::SSO::Config.user_klass.where(email: "dummyapiuser@domain.com").first
     if dummy_api_user.nil?
-      dummy_api_user = GDS::SSO::Config.user_klass.create!(
+      dummy_api_user = GDS::SSO::Config.user_klass.new(
           email: "dummyapiuser@domain.com",
           uid: "#{rand(10000)}",
           name: "Dummy API user created by gds-sso",
-          permissions: ["signin"],
           as: :oauth)
+      dummy_api_user.permissions = ["signin"]
+      dummy_api_user.save!
     end
     success!(dummy_api_user)
   end

data/spec/controller/api_user_controller_spec.rb CHANGED Viewed

@@ -37,31 +37,29 @@ describe Api::UserController, type: :controller do
           :name => "User",
           :permissions =>["signin"] })
-      request.env['warden'] = stub("stub warden", :authenticate! => true, authenticated?: true, user: malicious_user)
+      request.env['warden'] = double("stub warden", :authenticate! => true, authenticated?: true, user: malicious_user)
       request.env['RAW_POST_DATA'] = user_update_json
       put :update, uid: @user_to_update.uid
-      assert_equal 403, response.status
+      expect(response.status).to eq(403)
     end
     it "should create/update the user record in the same way as the OAuth callback" do
       # Test that it authenticates
-      request.env['warden'] = mock("mock warden")
-      request.env['warden'].expects(:authenticate!).at_least_once.returns(true)
-      request.env['warden'].expects(:authenticated?).at_least_once.returns(true)
-      request.env['warden'].expects(:user).at_least_once.returns(@signon_sso_push_user)
+      request.env['warden'] = double("mock warden")
+      expect(request.env['warden']).to receive(:authenticate!).at_least(:once).and_return(true)
+      expect(request.env['warden']).to receive(:authenticated?).at_least(:once).and_return(true)
+      expect(request.env['warden']).to receive(:user).at_least(:once).and_return(@signon_sso_push_user)
       request.env['RAW_POST_DATA'] = user_update_json
       put :update, uid: @user_to_update.uid
       @user_to_update.reload
-      assert_equal "Joshua Marshall", @user_to_update.name
-      assert_equal "user@domain.com", @user_to_update.email
-      expected_permissions = ["signin", "new permission"]
-      assert_equal expected_permissions, @user_to_update.permissions
-      expected_organisation = "justice-league"
-      assert_equal expected_organisation, @user_to_update.organisation_slug
+      expect(@user_to_update.name).to eq("Joshua Marshall")
+      expect(@user_to_update.email).to eq("user@domain.com")
+      expect(@user_to_update.permissions).to eq(["signin", "new permission"])
+      expect(@user_to_update.organisation_slug).to eq("justice-league")
     end
   end
@@ -72,35 +70,35 @@ describe Api::UserController, type: :controller do
           :name => "User",
           :permissions => ["signin"] })
-      request.env['warden'] = stub("stub warden", :authenticate! => true, authenticated?: true, user: malicious_user)
+      request.env['warden'] = double("stub warden", :authenticate! => true, authenticated?: true, user: malicious_user)
       post :reauth, uid: @user_to_update.uid
-      assert_equal 403, response.status
+      expect(response.status).to eq(403)
     end
     it "should return success if user record doesn't exist" do
-      request.env['warden'] = mock("mock warden")
-      request.env['warden'].expects(:authenticate!).at_least_once.returns(true)
-      request.env['warden'].expects(:authenticated?).at_least_once.returns(true)
-      request.env['warden'].expects(:user).at_least_once.returns(@signon_sso_push_user)
+      request.env['warden'] = double("mock warden")
+      expect(request.env['warden']).to receive(:authenticate!).at_least(:once).and_return(true)
+      expect(request.env['warden']).to receive(:authenticated?).at_least(:once).and_return(true)
+      expect(request.env['warden']).to receive(:user).at_least(:once).and_return(@signon_sso_push_user)
       post :reauth, uid: "nonexistent-user"
-      assert_equal 200, response.status
+      expect(response.status).to eq(200)
     end
     it "should set remotely_signed_out to true on the user" do
       # Test that it authenticates
-      request.env['warden'] = mock("mock warden")
-      request.env['warden'].expects(:authenticate!).at_least_once.returns(true)
-      request.env['warden'].expects(:authenticated?).at_least_once.returns(true)
-      request.env['warden'].expects(:user).at_least_once.returns(@signon_sso_push_user)
+      request.env['warden'] = double("mock warden")
+      expect(request.env['warden']).to receive(:authenticate!).at_least(:once).and_return(true)
+      expect(request.env['warden']).to receive(:authenticated?).at_least(:once).and_return(true)
+      expect(request.env['warden']).to receive(:user).at_least(:once).and_return(@signon_sso_push_user)
       post :reauth, uid: @user_to_update.uid
       @user_to_update.reload
-      assert_equal true,  @user_to_update.remotely_signed_out
+      expect(@user_to_update.remotely_signed_out).to be_true
     end
   end
 end

data/spec/fixtures/integration/signonotron2.sql CHANGED Viewed

@@ -6,7 +6,8 @@ DELETE FROM `permissions`;
 DELETE FROM `users`;
 -- Setup fixture data
-INSERT INTO `oauth_applications` VALUES (1,'GDS_SSO integration test','gds-sso-test','secret','http://www.example-client.com/auth/gds/callback','2012-04-19 13:26:54','2012-04-19 13:26:54', 'http://home.com', 'GDS_SSO integration test');
+INSERT INTO `oauth_applications` (id, name, uid, secret, redirect_uri, created_at, updated_at, home_uri, description)
+              VALUES (1,'GDS_SSO integration test','gds-sso-test','secret','http://www.example-client.com/auth/gds/callback','2012-04-19 13:26:54','2012-04-19 13:26:54', 'http://home.com', 'GDS_SSO integration test');
 INSERT INTO `users` (id, email, encrypted_password, created_at, updated_at, confirmed_at, name, uid, role)
               VALUES (1,'test@example-client.com','$2a$04$MdMkVFwTq5GLJJkHS8GLIe6dK1.C4ozzba5ZS5Ks2b/NenVsMGGRW','2012-04-19 13:26:54','2012-04-19 13:26:54','2012-04-19 13:26:54','Test User','integration-uid', "normal");
 INSERT INTO `permissions` (id, user_id, application_id, permissions) VALUES (1,1,1,"---

data/spec/internal/db/combustion_test.sqlite CHANGED Viewed

Binary file

data/spec/internal/log/test.log CHANGED Viewed

@@ -1,375 +1,375 @@
 Connecting to database specified by database.yml
-  [1m[36m (1.9ms)[0m  [1mselect sqlite_version(*)[0m
-  [1m[35m (17.1ms)[0m  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text, "organisation_slug" varchar(255))
-  [1m[36m (12.1ms)[0m  [1mCREATE TABLE "schema_migrations" ("version" varchar(255) NOT NULL) [0m
-  [1m[35m (15.2ms)[0m  CREATE UNIQUE INDEX "unique_schema_migrations" ON "schema_migrations" ("version")
+  [1m[36m (1.8ms)[0m  [1mselect sqlite_version(*)[0m
+  [1m[35m (17.2ms)[0m  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text, "organisation_slug" varchar(255))
+  [1m[36m (9.2ms)[0m  [1mCREATE TABLE "schema_migrations" ("version" varchar(255) NOT NULL) [0m
+  [1m[35m (13.4ms)[0m  CREATE UNIQUE INDEX "unique_schema_migrations" ON "schema_migrations" ("version")
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (3.8ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34286"]]
-  [1m[36m (13.0ms)[0m  [1mcommit transaction[0m
+  [1m[35mSQL (3.5ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3660"]]
+  [1m[36m (15.4ms)[0m  [1mcommit transaction[0m
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34481"]]
-  [1m[35m (12.2ms)[0m  commit transaction
+  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d37434"]]
+  [1m[35m (13.5ms)[0m  commit transaction
 WARNING: Can't mass-assign protected attributes: uid, name, permissions
 Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d34286"}
-  Rendered /home/jenkins/workspace/govuk_gds_sso/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (3.0ms)
-Completed 403 Forbidden in 40.6ms (Views: 39.8ms | ActiveRecord: 0.0ms)
+  Parameters: {"uid"=>"a1s2d3660"}
+  Rendered /home/jenkins/workspace/govuk_gds_sso/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (0.3ms)
+Completed 403 Forbidden in 38.6ms (Views: 37.8ms | ActiveRecord: 0.0ms)
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34054"]]
-  [1m[36m (15.4ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39648"]]
-  [1m[35m (14.7ms)[0m  commit transaction
+  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d32268"]]
+  [1m[36m (5.7ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[36mSQL (0.1ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39966"]]
+  [1m[35m (8.8ms)[0m  commit transaction
 Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d34054"}
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d34054' LIMIT 1[0m
+  Parameters: {"uid"=>"a1s2d32268"}
+  [1m[36mUser Load (0.3ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d32268' LIMIT 1[0m
   [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '---
 - signin
 - new permission
 ', "organisation_slug" = 'justice-league' WHERE "users"."id" = 3[0m
-  [1m[35m (10.6ms)[0m  commit transaction
-Completed 200 OK in 18.3ms (ActiveRecord: 11.1ms)
+  [1m[35m (8.6ms)[0m  commit transaction
+Completed 200 OK in 16.9ms (ActiveRecord: 9.1ms)
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1[0m  [["id", 3]]
   [1m[35m (0.0ms)[0m  begin transaction
-  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d31062"]]
-  [1m[35m (10.2ms)[0m  commit transaction
+  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d36178"]]
+  [1m[35m (9.3ms)[0m  commit transaction
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3460"]]
-  [1m[36m (9.8ms)[0m  [1mcommit transaction[0m
+  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3569"]]
+  [1m[36m (5.6ms)[0m  [1mcommit transaction[0m
 WARNING: Can't mass-assign protected attributes: uid, name, permissions
 Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d31062"}
-Completed 403 Forbidden in 1.7ms (Views: 1.1ms | ActiveRecord: 0.0ms)
+  Parameters: {"uid"=>"a1s2d36178"}
+Completed 403 Forbidden in 1.7ms (Views: 1.0ms | ActiveRecord: 0.0ms)
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39234"]]
-  [1m[35m (9.8ms)[0m  commit transaction
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d31308"]]
-  [1m[36m (10.0ms)[0m  [1mcommit transaction[0m
+  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d35273"]]
+  [1m[35m (7.2ms)[0m  commit transaction
+  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[35mSQL (0.1ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34668"]]
+  [1m[36m (7.9ms)[0m  [1mcommit transaction[0m
 Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"nonexistent-user"}
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'nonexistent-user' LIMIT 1
-Completed 200 OK in 1.1ms (ActiveRecord: 0.2ms)
+  Parameters: {"uid"=>"a1s2d35273"}
+  [1m[35mUser Load (0.3ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d35273' LIMIT 1
+  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[35m (0.2ms)[0m  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
+- signin
+' WHERE "users"."id" = 7
+  [1m[36m (5.7ms)[0m  [1mcommit transaction[0m
+Completed 200 OK in 9.0ms (ActiveRecord: 6.2ms)
+  [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 7]]
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39743"]]
-  [1m[36m (9.9ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.0ms)[0m  begin transaction
-  [1m[36mSQL (0.1ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3249"]]
-  [1m[35m (10.2ms)[0m  commit transaction
+  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d37522"]]
+  [1m[36m (7.9ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.1ms)[0m  begin transaction
+  [1m[36mSQL (0.1ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3700"]]
+  [1m[35m (7.4ms)[0m  commit transaction
 Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d39743"}
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d39743' LIMIT 1[0m
-  [1m[35m (0.0ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
-- signin
-' WHERE "users"."id" = 9[0m
-  [1m[35m (10.2ms)[0m  commit transaction
-Completed 200 OK in 13.0ms (ActiveRecord: 10.6ms)
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1[0m  [["id", 9]]
-Started GET "/" for 127.0.0.1 at 2014-01-30 11:26:06 +0000
+  Parameters: {"uid"=>"nonexistent-user"}
+  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'nonexistent-user' LIMIT 1[0m
+Completed 200 OK in 1.2ms (ActiveRecord: 0.2ms)
+Started GET "/" for 127.0.0.1 at 2014-02-11 14:12:32 +0000
 Processing by ExampleController#index as HTML
-Completed 200 OK in 3.5ms (Views: 3.1ms | ActiveRecord: 0.0ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:06 +0000
+Completed 200 OK in 4.0ms (Views: 3.6ms | ActiveRecord: 0.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:32 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 41.5ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-30 11:26:06 +0000
-Started GET "/auth/gds/callback?code=bbd6f4334c2e431e50558d804c177d5ab1fd34ee7f4c79567ec75fe58c7e2325&state=ac961d72be22d46e54df46b5fc0bc6088757e50db5f0cb94" for 127.0.0.1 at 2014-01-30 11:26:07 +0000
+Completed   in 0.6ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-11 14:12:32 +0000
+Started GET "/auth/gds/callback?code=e6fc10270e675cd0e71f7b28931b538da1bdc20d5cde1c828ef7d097fced02aa&state=78623b0d617fc3d2eb1736195791e5435fcb43fbf249bf56" for 127.0.0.1 at 2014-02-11 14:12:33 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"bbd6f4334c2e431e50558d804c177d5ab1fd34ee7f4c79567ec75fe58c7e2325", "state"=>"ac961d72be22d46e54df46b5fc0bc6088757e50db5f0cb94"}
+  Parameters: {"code"=>"e6fc10270e675cd0e71f7b28931b538da1bdc20d5cde1c828ef7d097fced02aa", "state"=>"78623b0d617fc3d2eb1736195791e5435fcb43fbf249bf56"}
 Authenticating with gds_sso strategy
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  [1m[35mUser Load (0.3ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "test@example-client.com"], ["name", "Test User"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "integration-uid"]]
-  [1m[36m (10.1ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[35mSQL (0.3ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "test@example-client.com"], ["name", "Test User"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "integration-uid"]]
+  [1m[36m (7.3ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (8.2ms)[0m  commit transaction
+  [1m[35m (7.1ms)[0m  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 24.8ms (ActiveRecord: 18.8ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:07 +0000
+Completed 302 Found in 22.6ms (ActiveRecord: 15.4ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:33 +0000
 Processing by ExampleController#restricted as HTML
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
-Completed 200 OK in 1.2ms (Views: 0.4ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:07 +0000
+  [1m[36mUser Load (0.3ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
+Completed 200 OK in 2.3ms (Views: 0.6ms | ActiveRecord: 0.3ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:33 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-30 11:26:07 +0000
-Started GET "/auth/gds/callback?code=4e9ef98e9bc9eca3c940483b933e6b039bf5fa44e65c348fef6800867172c0f8&state=bf519f59b9ea347c0af6862627c940625a4af53f4e0408f1" for 127.0.0.1 at 2014-01-30 11:26:08 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-11 14:12:33 +0000
+Started GET "/auth/gds/callback?code=99a32bede75e4ad5f4d9d91ba9dbf42603907dea464be720c39ca8f1db0b90cc&state=13e6a62c4a47b4f7ba5472161eaf1e7000c05963f6a1291a" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"4e9ef98e9bc9eca3c940483b933e6b039bf5fa44e65c348fef6800867172c0f8", "state"=>"bf519f59b9ea347c0af6862627c940625a4af53f4e0408f1"}
+  Parameters: {"code"=>"99a32bede75e4ad5f4d9d91ba9dbf42603907dea464be720c39ca8f1db0b90cc", "state"=>"13e6a62c4a47b4f7ba5472161eaf1e7000c05963f6a1291a"}
 Authenticating with gds_sso strategy
-  [1m[35mUser Load (0.4ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.1ms)[0m  UPDATE "users" SET "permissions" = '---
+  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (18.6ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.0ms)[0m  begin transaction
-  [1m[36m (0.1ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (14.1ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.1ms)[0m  begin transaction
+  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (13.9ms)[0m  commit transaction
+  [1m[35m (12.5ms)[0m  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 40.7ms (ActiveRecord: 33.3ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:08 +0000
-Processing by ExampleController#restricted as HTML
-  [1m[36mUser Load (0.3ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
-Completed 200 OK in 2.6ms (Views: 0.8ms | ActiveRecord: 0.3ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:08 +0000
+Completed 302 Found in 31.9ms (ActiveRecord: 27.3ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
 Processing by ExampleController#restricted as HTML
+  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
+Completed 200 OK in 1.3ms (Views: 0.3ms | ActiveRecord: 0.2ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.3ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-30 11:26:08 +0000
-Started GET "/auth/gds/callback?code=2955a427052acac9fb020d74f6dcce52c21c7837c1fff15841ca4bff16810df3&state=f54772c3aadc24cc438268104fbf1d63fee88c2b29337fef" for 127.0.0.1 at 2014-01-30 11:26:08 +0000
+Completed   in 0.6ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
+Started GET "/auth/gds/callback?code=c734589a77321d80b595cd458f2a97984bc60a31423e649f53a8066d6adbaa6f&state=4ed2bc23f0aa2c35292b24cf085d2f8d2bd0633d7ffc9768" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"2955a427052acac9fb020d74f6dcce52c21c7837c1fff15841ca4bff16810df3", "state"=>"f54772c3aadc24cc438268104fbf1d63fee88c2b29337fef"}
+  Parameters: {"code"=>"c734589a77321d80b595cd458f2a97984bc60a31423e649f53a8066d6adbaa6f", "state"=>"4ed2bc23f0aa2c35292b24cf085d2f8d2bd0633d7ffc9768"}
 Authenticating with gds_sso strategy
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  [1m[35mUser Load (0.3ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (12.3ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (24.3ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[36m (0.1ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (12.0ms)[0m  commit transaction
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 30.7ms (ActiveRecord: 25.0ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:08 +0000
-Processing by ExampleController#restricted as HTML
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
-Completed 200 OK in 1.2ms (Views: 0.3ms | ActiveRecord: 0.1ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-30 11:26:08 +0000
+  [1m[35m (11.0ms)[0m  commit transaction
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 41.5ms (ActiveRecord: 36.0ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
+Completed 200 OK in 1.5ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
 Processing by ExampleController#this_requires_signin_permission as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.6ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-30 11:26:08 +0000
-Started GET "/auth/gds/callback?code=4b843d5cb3e88fa160c5fe50a3988e7eaaa7d989dcaf29a3b7fb90e8b47bfe39&state=e04d474f8e77975f6560f50641a87648994e340c93e285fb" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
+Started GET "/auth/gds/callback?code=d4c19782a4d297262a15c4b248148ce88a5712cc9ebeb139eecf9457fd11eec6&state=4f13783c8f5b8095df92fbcb7f4f4f38e8a3c7f7bc6d0177" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"4b843d5cb3e88fa160c5fe50a3988e7eaaa7d989dcaf29a3b7fb90e8b47bfe39", "state"=>"e04d474f8e77975f6560f50641a87648994e340c93e285fb"}
+  Parameters: {"code"=>"d4c19782a4d297262a15c4b248148ce88a5712cc9ebeb139eecf9457fd11eec6", "state"=>"4f13783c8f5b8095df92fbcb7f4f4f38e8a3c7f7bc6d0177"}
 Authenticating with gds_sso strategy
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
+  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (9.3ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (10.1ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[36m (0.3ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (7.6ms)[0m  commit transaction
+  [1m[35m (7.4ms)[0m  commit transaction
 Redirected to http://www.example-client.com/this_requires_signin_permission
-Completed 302 Found in 22.7ms (ActiveRecord: 17.6ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
-Processing by ExampleController#this_requires_signin_permission as HTML
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
-Completed 200 OK in 1.5ms (Views: 0.4ms | ActiveRecord: 0.1ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
+Completed 302 Found in 22.6ms (ActiveRecord: 18.1ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
 Processing by ExampleController#this_requires_signin_permission as HTML
+  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
+Completed 200 OK in 1.6ms (Views: 0.3ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
+Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
-Started GET "/auth/gds/callback?code=134885ee836204ff43d31ccc582b44083b4f4f1690fa9ad2d3b9e80441ab890e&state=a62b5d8ff1085b8ab7f457b63757682bd1945487f66771ff" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
+Completed   in 0.4ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
+Started GET "/auth/gds/callback?code=8af724f9c09ee4e089368f8cddc85616c0447adee552b3002faaddb54166c157&state=787ba78ded34fb3ad2a92f986844823633e1319d70e7fad5" for 127.0.0.1 at 2014-02-11 14:12:35 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"134885ee836204ff43d31ccc582b44083b4f4f1690fa9ad2d3b9e80441ab890e", "state"=>"a62b5d8ff1085b8ab7f457b63757682bd1945487f66771ff"}
+  Parameters: {"code"=>"8af724f9c09ee4e089368f8cddc85616c0447adee552b3002faaddb54166c157", "state"=>"787ba78ded34fb3ad2a92f986844823633e1319d70e7fad5"}
 Authenticating with gds_sso strategy
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (13.6ms)[0m  [1mcommit transaction[0m
+  [1m[36m (33.2ms)[0m  [1mcommit transaction[0m
   [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (8.2ms)[0m  commit transaction
-Redirected to http://www.example-client.com/this_requires_signin_permission
-Completed 302 Found in 26.7ms (ActiveRecord: 22.4ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
-Processing by ExampleController#this_requires_signin_permission as HTML
+  [1m[35m (10.3ms)[0m  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 49.7ms (ActiveRecord: 44.3ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:35 +0000
+Processing by ExampleController#restricted as HTML
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
-Completed 200 OK in 1.4ms (Views: 0.3ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
+Completed 200 OK in 1.4ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:35 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
-Started GET "/auth/gds/callback?code=d14d2130eac245b11610d2d7c51bd796c9fbae7597f4fe5647ce47f6194c9b12&state=0ce283073ff60edb6c2b7f306b8acc6ab9c507abaa1028a3" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-11 14:12:35 +0000
+Started GET "/auth/gds/callback?code=53319f3b8cac2a91c4627efec0f88a262661a3c2826fa1a035e4e2b212a14a71&state=1d152479a45612e77cb0e0bbf53731283148c72571fa2a19" for 127.0.0.1 at 2014-02-11 14:12:35 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"d14d2130eac245b11610d2d7c51bd796c9fbae7597f4fe5647ce47f6194c9b12", "state"=>"0ce283073ff60edb6c2b7f306b8acc6ab9c507abaa1028a3"}
+  Parameters: {"code"=>"53319f3b8cac2a91c4627efec0f88a262661a3c2826fa1a035e4e2b212a14a71", "state"=>"1d152479a45612e77cb0e0bbf53731283148c72571fa2a19"}
 Authenticating with gds_sso strategy
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.1ms)[0m  UPDATE "users" SET "permissions" = '---
+  [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (8.7ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[36m (10.8ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.1ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (6.5ms)[0m  commit transaction
+  [1m[35m (8.6ms)[0m  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 20.5ms (ActiveRecord: 15.7ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
+Completed 302 Found in 25.2ms (ActiveRecord: 20.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:35 +0000
 Processing by ExampleController#restricted as HTML
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
-Completed 200 OK in 1.3ms (Views: 0.4ms | ActiveRecord: 0.1ms)
+  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
+Completed 200 OK in 1.9ms (Views: 0.6ms | ActiveRecord: 0.2ms)
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."email" = 'test@example-client.com' LIMIT 1
   [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
+  [1m[35m (0.1ms)[0m  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (8.0ms)[0m  [1mcommit transaction[0m
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
+  [1m[36m (8.2ms)[0m  [1mcommit transaction[0m
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:35 +0000
 Processing by ExampleController#restricted as HTML
-  [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
+  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
 Authenticating with gds_sso strategy
-Completed   in 0.7ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
-Started GET "/auth/gds/callback?code=ab02d8007ca7b28a90d145185f0238f776e0b1a3459f156a6669a643708bbc27&state=0f587d064bf9e71ea3d6bb3249a272d4049ef72440671dba" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
+Completed   in 0.8ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-11 14:12:35 +0000
+Started GET "/auth/gds/callback?code=e6c8fb7975becaaf4bee4ddb6c343a4b0638c257cb75d855c4f5dee6a40e6dec&state=4001702096ace0ac8c73d1fd70effb07e8a58c27cbcba283" for 127.0.0.1 at 2014-02-11 14:12:36 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"ab02d8007ca7b28a90d145185f0238f776e0b1a3459f156a6669a643708bbc27", "state"=>"0f587d064bf9e71ea3d6bb3249a272d4049ef72440671dba"}
+  Parameters: {"code"=>"e6c8fb7975becaaf4bee4ddb6c343a4b0638c257cb75d855c4f5dee6a40e6dec", "state"=>"4001702096ace0ac8c73d1fd70effb07e8a58c27cbcba283"}
 Authenticating with gds_sso strategy
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
+  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[36m (0.1ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (18.4ms)[0m  commit transaction
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
+  [1m[35m (10.2ms)[0m  commit transaction
+  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.1ms)[0m  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (7.2ms)[0m  [1mcommit transaction[0m
+  [1m[36m (7.0ms)[0m  [1mcommit transaction[0m
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 30.2ms (ActiveRecord: 26.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
+Completed 302 Found in 21.6ms (ActiveRecord: 17.7ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:36 +0000
 Processing by ExampleController#restricted as HTML
   [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
 Completed 200 OK in 1.1ms (Views: 0.3ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:36 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
-Started GET "/auth/gds/callback?code=1925d41b24df1eb865d5bd41bd3649acb2a0598b18e07c730d02cfe4e3847a84&state=38715f2b26587f3ff0631a8abf6937a262a7af0e8e750bb1" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-11 14:12:36 +0000
+Started GET "/auth/gds/callback?code=70f64f5b290b2dda1cff56465904b804edea5d86dc786eb9b05841e357ff8872&state=1c23b33a5d02264e30b539351ee6e2ebba854c71bd91c566" for 127.0.0.1 at 2014-02-11 14:12:36 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"1925d41b24df1eb865d5bd41bd3649acb2a0598b18e07c730d02cfe4e3847a84", "state"=>"38715f2b26587f3ff0631a8abf6937a262a7af0e8e750bb1"}
+  Parameters: {"code"=>"70f64f5b290b2dda1cff56465904b804edea5d86dc786eb9b05841e357ff8872", "state"=>"1c23b33a5d02264e30b539351ee6e2ebba854c71bd91c566"}
 Authenticating with gds_sso strategy
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.1ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (7.9ms)[0m  commit transaction
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
+  [1m[35m (11.9ms)[0m  commit transaction
+  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.1ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (6.2ms)[0m  [1mcommit transaction[0m
+  [1m[36m (13.0ms)[0m  [1mcommit transaction[0m
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 19.2ms (ActiveRecord: 14.7ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
+Completed 302 Found in 30.3ms (ActiveRecord: 25.5ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:36 +0000
 Processing by ExampleController#restricted as HTML
   [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
-Completed 200 OK in 1.2ms (Views: 0.4ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-31 07:31:10 +0000
+Completed 200 OK in 1.3ms (Views: 0.4ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-12 10:17:36 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-31 07:31:10 +0000
-Started GET "/auth/gds/callback?code=83f960a4a005ab15c432803710b3601129f3a965a2dddd5f891b8b6c6e7d1fbc&state=1a74af1fd08d87d48b925359c27c60eaa0190c55010fbe3d" for 127.0.0.1 at 2014-01-31 07:31:10 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-12 10:17:36 +0000
+Started GET "/auth/gds/callback?code=c0ad710d6760f6b0b0e6a557ca4bf2a123ef9d86e975c9258ef2e053b4bbbb97&state=4783df9c49c0b93843c2cd1c772d849e4db46b1b9cae6707" for 127.0.0.1 at 2014-02-12 10:17:36 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"83f960a4a005ab15c432803710b3601129f3a965a2dddd5f891b8b6c6e7d1fbc", "state"=>"1a74af1fd08d87d48b925359c27c60eaa0190c55010fbe3d"}
+  Parameters: {"code"=>"c0ad710d6760f6b0b0e6a557ca4bf2a123ef9d86e975c9258ef2e053b4bbbb97", "state"=>"4783df9c49c0b93843c2cd1c772d849e4db46b1b9cae6707"}
 Authenticating with gds_sso strategy
   [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (10.1ms)[0m  commit transaction
-  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[35m (12.1ms)[0m  commit transaction
+  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.1ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (8.7ms)[0m  [1mcommit transaction[0m
+  [1m[36m (10.5ms)[0m  [1mcommit transaction[0m
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 22.8ms (ActiveRecord: 19.3ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-31 07:31:10 +0000
+Completed 302 Found in 26.9ms (ActiveRecord: 23.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-12 10:17:36 +0000
 Processing by ExampleController#restricted as HTML
-  [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
-Completed 200 OK in 1.1ms (Views: 0.2ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
+  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
+Completed 200 OK in 1.1ms (Views: 0.2ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:37 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
-Started GET "/auth/gds/callback?code=a189c109c0650bf0f0ef6ffe19f9dc6115efe9c34cf2393c9af2a4d9b3dec0ab&state=e4bf81abac5c130c5138a67bfb5dde669d703052f34e43ed" for 127.0.0.1 at 2014-01-30 11:26:11 +0000
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-11 14:12:37 +0000
+Started GET "/auth/gds/callback?code=f70c7f75ee370e3dac1d42a255060ae102928781d2b8ed2788b807f83579952b&state=6a8d93fb1c82907068719bac9afd5150913bf6dc6f406e94" for 127.0.0.1 at 2014-02-11 14:12:37 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"a189c109c0650bf0f0ef6ffe19f9dc6115efe9c34cf2393c9af2a4d9b3dec0ab", "state"=>"e4bf81abac5c130c5138a67bfb5dde669d703052f34e43ed"}
+  Parameters: {"code"=>"f70c7f75ee370e3dac1d42a255060ae102928781d2b8ed2788b807f83579952b", "state"=>"6a8d93fb1c82907068719bac9afd5150913bf6dc6f406e94"}
 Authenticating with gds_sso strategy
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
   [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (10.5ms)[0m  commit transaction
+  [1m[35m (11.2ms)[0m  commit transaction
   [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.1ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (8.5ms)[0m  [1mcommit transaction[0m
+  [1m[36m (8.0ms)[0m  [1mcommit transaction[0m
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 24.5ms (ActiveRecord: 19.6ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:11 +0000
+Completed 302 Found in 24.4ms (ActiveRecord: 19.8ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:37 +0000
 Processing by ExampleController#restricted as HTML
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
-Completed 200 OK in 1.4ms (Views: 0.4ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-31 07:21:11 +0000
+  [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
+Completed 200 OK in 1.2ms (Views: 0.4ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-12 10:07:37 +0000
 Processing by ExampleController#restricted as HTML
   [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
 Completed 200 OK in 0.9ms (Views: 0.2ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:11 +0000
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:37 +0000
 Processing by ExampleController#restricted as JSON
 Authenticating with gds_bearer_token strategy
-Completed   in 7.8ms
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:11 +0000
-Processing by ExampleController#restricted as JSON
+Completed   in 8.3ms
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-02-11 14:12:37 +0000
+Processing by ExampleController#this_requires_signin_permission as JSON
 Authenticating with gds_bearer_token strategy
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.1ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (10.9ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (10.1ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[36m (0.1ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (9.8ms)[0m  commit transaction
-Completed 200 OK in 59.7ms (Views: 0.3ms | ActiveRecord: 21.3ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-30 11:26:11 +0000
-Processing by ExampleController#this_requires_signin_permission as JSON
+  [1m[35m (10.6ms)[0m  commit transaction
+Completed 200 OK in 61.2ms (Views: 0.5ms | ActiveRecord: 21.3ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:37 +0000
+Processing by ExampleController#restricted as JSON
 Authenticating with gds_bearer_token strategy
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (10.1ms)[0m  commit transaction
-  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[35m (16.1ms)[0m  commit transaction
+  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.1ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (10.0ms)[0m  [1mcommit transaction[0m
-Completed 200 OK in 61.3ms (Views: 0.2ms | ActiveRecord: 20.7ms)
+  [1m[36m (10.4ms)[0m  [1mcommit transaction[0m
+Completed 200 OK in 82.9ms (Views: 0.5ms | ActiveRecord: 27.1ms)