RubyGems - gds-sso - Versions diffs - 9.2.1 → 9.2.2 - Mend

gds-sso 9.2.1 → 9.2.2

Files changed (19) hide show

data/Rakefile +1 -8
data/lib/gds-sso/user.rb +15 -3
data/lib/gds-sso/version.rb +1 -1
data/lib/gds-sso/warden_config.rb +3 -2
data/spec/controller/api_user_controller_spec.rb +22 -24
data/spec/fixtures/integration/signonotron2.sql +2 -1
data/spec/internal/db/combustion_test.sqlite +0 -0
data/spec/internal/log/test.log +206 -206
data/spec/requests/end_to_end_spec.rb +21 -19
data/spec/spec_helper.rb +9 -1
data/spec/support/timecop.rb +7 -0
data/spec/unit/api_access_spec.rb +27 -0
data/spec/unit/session_serialisation_spec.rb +62 -0
data/{test/user_test.rb → spec/unit/user_spec.rb} +5 -5
metadata +14 -32
data/spec/requests/authentication_soot2.rb +0 -116
data/test/api_access_test.rb +0 -27
data/test/session_serialisation_test.rb +0 -58
data/test/test_helper.rb +0 -8

data/Rakefile CHANGED Viewed

@@ -3,13 +3,6 @@ Bundler::GemHelper.install_tasks
 load File.dirname(__FILE__) + "/spec/tasks/signonotron_tasks.rake"
-require 'rake/testtask'
-Rake::TestTask.new do |t|
-  t.libs << "test"
-  t.test_files = FileList['test/**/*_test.rb']
-  t.verbose = true
-end
 require 'rspec/core/rake_task'
 desc "Run all specs"
 RSpec::Core::RakeTask.new(:spec) do |task|
@@ -28,4 +21,4 @@ task :publish_gem do |t|
   puts "Published #{gem}" if gem
 end
-task :default => [:test, :"signonotron:start", :spec]
+task :default => [:"signonotron:start", :spec]

data/lib/gds-sso/user.rb CHANGED Viewed

@@ -6,7 +6,9 @@ module GDS
       extend ActiveSupport::Concern
       included do
-        attr_accessible :uid, :email, :name, :permissions, :organisation_slug, as: :oauth
+        if (Gem::Version.new(Rails.version) < Gem::Version.new("4.0")) && respond_to?(:attr_accessible)
+          attr_accessible :uid, :email, :name, :permissions, :organisation_slug, as: :oauth
+        end
       end
       def has_permission?(permission)
@@ -35,11 +37,21 @@ module GDS
       module ClassMethods
         def find_for_gds_oauth(auth_hash)
+          user_params = GDS::SSO::User.user_params_from_auth_hash(auth_hash.to_hash)
           if user = self.where(:uid => auth_hash["uid"]).first
-            user.update_attributes(GDS::SSO::User.user_params_from_auth_hash(auth_hash.to_hash), as: :oauth)
+            if Gem::Version.new(Rails.version) >= Gem::Version.new("4.0")
+              user.update_attributes(user_params)
+            else
+              user.update_attributes(user_params, as: :oauth)
+            end
             user
           else # Create a new user.
-            self.create!(GDS::SSO::User.user_params_from_auth_hash(auth_hash.to_hash), as: :oauth)
+            if Gem::Version.new(Rails.version) >= Gem::Version.new("4.0")
+              self.create!(user_params)
+            else
+              self.create!(user_params, as: :oauth)
+            end
           end
         end
       end

data/lib/gds-sso/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module GDS
   module SSO
-    VERSION = "9.2.1"
+    VERSION = "9.2.2"
   end
 end

data/lib/gds-sso/warden_config.rb CHANGED Viewed

@@ -171,12 +171,13 @@ Warden::Strategies.add(:mock_gds_sso_api_access) do
     logger.debug("Authenticating with mock_gds_sso_api_access strategy")
     dummy_api_user = GDS::SSO.test_user || GDS::SSO::Config.user_klass.where(email: "dummyapiuser@domain.com").first
     if dummy_api_user.nil?
-      dummy_api_user = GDS::SSO::Config.user_klass.create!(
+      dummy_api_user = GDS::SSO::Config.user_klass.new(
           email: "dummyapiuser@domain.com",
           uid: "#{rand(10000)}",
           name: "Dummy API user created by gds-sso",
-          permissions: ["signin"],
           as: :oauth)
+      dummy_api_user.permissions = ["signin"]
+      dummy_api_user.save!
     end
     success!(dummy_api_user)
   end

data/spec/controller/api_user_controller_spec.rb CHANGED Viewed

@@ -37,31 +37,29 @@ describe Api::UserController, type: :controller do
           :name => "User",
           :permissions =>["signin"] })
-      request.env['warden'] = stub("stub warden", :authenticate! => true, authenticated?: true, user: malicious_user)
+      request.env['warden'] = double("stub warden", :authenticate! => true, authenticated?: true, user: malicious_user)
       request.env['RAW_POST_DATA'] = user_update_json
       put :update, uid: @user_to_update.uid
-      assert_equal 403, response.status
+      expect(response.status).to eq(403)
     end
     it "should create/update the user record in the same way as the OAuth callback" do
       # Test that it authenticates
-      request.env['warden'] = mock("mock warden")
-      request.env['warden'].expects(:authenticate!).at_least_once.returns(true)
-      request.env['warden'].expects(:authenticated?).at_least_once.returns(true)
-      request.env['warden'].expects(:user).at_least_once.returns(@signon_sso_push_user)
+      request.env['warden'] = double("mock warden")
+      expect(request.env['warden']).to receive(:authenticate!).at_least(:once).and_return(true)
+      expect(request.env['warden']).to receive(:authenticated?).at_least(:once).and_return(true)
+      expect(request.env['warden']).to receive(:user).at_least(:once).and_return(@signon_sso_push_user)
       request.env['RAW_POST_DATA'] = user_update_json
       put :update, uid: @user_to_update.uid
       @user_to_update.reload
-      assert_equal "Joshua Marshall", @user_to_update.name
-      assert_equal "user@domain.com", @user_to_update.email
-      expected_permissions = ["signin", "new permission"]
-      assert_equal expected_permissions, @user_to_update.permissions
-      expected_organisation = "justice-league"
-      assert_equal expected_organisation, @user_to_update.organisation_slug
+      expect(@user_to_update.name).to eq("Joshua Marshall")
+      expect(@user_to_update.email).to eq("user@domain.com")
+      expect(@user_to_update.permissions).to eq(["signin", "new permission"])
+      expect(@user_to_update.organisation_slug).to eq("justice-league")
     end
   end
@@ -72,35 +70,35 @@ describe Api::UserController, type: :controller do
           :name => "User",
           :permissions => ["signin"] })
-      request.env['warden'] = stub("stub warden", :authenticate! => true, authenticated?: true, user: malicious_user)
+      request.env['warden'] = double("stub warden", :authenticate! => true, authenticated?: true, user: malicious_user)
       post :reauth, uid: @user_to_update.uid
-      assert_equal 403, response.status
+      expect(response.status).to eq(403)
     end
     it "should return success if user record doesn't exist" do
-      request.env['warden'] = mock("mock warden")
-      request.env['warden'].expects(:authenticate!).at_least_once.returns(true)
-      request.env['warden'].expects(:authenticated?).at_least_once.returns(true)
-      request.env['warden'].expects(:user).at_least_once.returns(@signon_sso_push_user)
+      request.env['warden'] = double("mock warden")
+      expect(request.env['warden']).to receive(:authenticate!).at_least(:once).and_return(true)
+      expect(request.env['warden']).to receive(:authenticated?).at_least(:once).and_return(true)
+      expect(request.env['warden']).to receive(:user).at_least(:once).and_return(@signon_sso_push_user)
       post :reauth, uid: "nonexistent-user"
-      assert_equal 200, response.status
+      expect(response.status).to eq(200)
     end
     it "should set remotely_signed_out to true on the user" do
       # Test that it authenticates
-      request.env['warden'] = mock("mock warden")
-      request.env['warden'].expects(:authenticate!).at_least_once.returns(true)
-      request.env['warden'].expects(:authenticated?).at_least_once.returns(true)
-      request.env['warden'].expects(:user).at_least_once.returns(@signon_sso_push_user)
+      request.env['warden'] = double("mock warden")
+      expect(request.env['warden']).to receive(:authenticate!).at_least(:once).and_return(true)
+      expect(request.env['warden']).to receive(:authenticated?).at_least(:once).and_return(true)
+      expect(request.env['warden']).to receive(:user).at_least(:once).and_return(@signon_sso_push_user)
       post :reauth, uid: @user_to_update.uid
       @user_to_update.reload
-      assert_equal true,  @user_to_update.remotely_signed_out
+      expect(@user_to_update.remotely_signed_out).to be_true
     end
   end
 end

data/spec/fixtures/integration/signonotron2.sql CHANGED Viewed

@@ -6,7 +6,8 @@ DELETE FROM `permissions`;
 DELETE FROM `users`;
 -- Setup fixture data
-INSERT INTO `oauth_applications` VALUES (1,'GDS_SSO integration test','gds-sso-test','secret','http://www.example-client.com/auth/gds/callback','2012-04-19 13:26:54','2012-04-19 13:26:54', 'http://home.com', 'GDS_SSO integration test');
+INSERT INTO `oauth_applications` (id, name, uid, secret, redirect_uri, created_at, updated_at, home_uri, description)
+              VALUES (1,'GDS_SSO integration test','gds-sso-test','secret','http://www.example-client.com/auth/gds/callback','2012-04-19 13:26:54','2012-04-19 13:26:54', 'http://home.com', 'GDS_SSO integration test');
 INSERT INTO `users` (id, email, encrypted_password, created_at, updated_at, confirmed_at, name, uid, role)
               VALUES (1,'test@example-client.com','$2a$04$MdMkVFwTq5GLJJkHS8GLIe6dK1.C4ozzba5ZS5Ks2b/NenVsMGGRW','2012-04-19 13:26:54','2012-04-19 13:26:54','2012-04-19 13:26:54','Test User','integration-uid', "normal");
 INSERT INTO `permissions` (id, user_id, application_id, permissions) VALUES (1,1,1,"---

data/spec/internal/db/combustion_test.sqlite CHANGED Viewed

Binary file

data/spec/internal/log/test.log CHANGED Viewed

@@ -1,375 +1,375 @@
 Connecting to database specified by database.yml
-  [1m[36m (1.9ms)[0m  [1mselect sqlite_version(*)[0m
-  [1m[35m (17.1ms)[0m  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text, "organisation_slug" varchar(255))
-  [1m[36m (12.1ms)[0m  [1mCREATE TABLE "schema_migrations" ("version" varchar(255) NOT NULL) [0m
-  [1m[35m (15.2ms)[0m  CREATE UNIQUE INDEX "unique_schema_migrations" ON "schema_migrations" ("version")
+  [1m[36m (1.8ms)[0m  [1mselect sqlite_version(*)[0m
+  [1m[35m (17.2ms)[0m  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255) NOT NULL, "uid" varchar(255) NOT NULL, "email" varchar(255) NOT NULL, "remotely_signed_out" boolean, "permissions" text, "organisation_slug" varchar(255))
+  [1m[36m (9.2ms)[0m  [1mCREATE TABLE "schema_migrations" ("version" varchar(255) NOT NULL) [0m
+  [1m[35m (13.4ms)[0m  CREATE UNIQUE INDEX "unique_schema_migrations" ON "schema_migrations" ("version")
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (3.8ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34286"]]
-  [1m[36m (13.0ms)[0m  [1mcommit transaction[0m
+  [1m[35mSQL (3.5ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3660"]]
+  [1m[36m (15.4ms)[0m  [1mcommit transaction[0m
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34481"]]
-  [1m[35m (12.2ms)[0m  commit transaction
+  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d37434"]]
+  [1m[35m (13.5ms)[0m  commit transaction
 WARNING: Can't mass-assign protected attributes: uid, name, permissions
 Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d34286"}
-  Rendered /home/jenkins/workspace/govuk_gds_sso/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (3.0ms)
-Completed 403 Forbidden in 40.6ms (Views: 39.8ms | ActiveRecord: 0.0ms)
+  Parameters: {"uid"=>"a1s2d3660"}
+  Rendered /home/jenkins/workspace/govuk_gds_sso/app/views/authorisations/unauthorised.html.erb within layouts/unauthorised (0.3ms)
+Completed 403 Forbidden in 38.6ms (Views: 37.8ms | ActiveRecord: 0.0ms)
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34054"]]
-  [1m[36m (15.4ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39648"]]
-  [1m[35m (14.7ms)[0m  commit transaction
+  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d32268"]]
+  [1m[36m (5.7ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[36mSQL (0.1ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39966"]]
+  [1m[35m (8.8ms)[0m  commit transaction
 Processing by Api::UserController#update as HTML
-  Parameters: {"uid"=>"a1s2d34054"}
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d34054' LIMIT 1[0m
+  Parameters: {"uid"=>"a1s2d32268"}
+  [1m[36mUser Load (0.3ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d32268' LIMIT 1[0m
   [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "email" = 'user@domain.com', "name" = 'Joshua Marshall', "permissions" = '---
 - signin
 - new permission
 ', "organisation_slug" = 'justice-league' WHERE "users"."id" = 3[0m
-  [1m[35m (10.6ms)[0m  commit transaction
-Completed 200 OK in 18.3ms (ActiveRecord: 11.1ms)
+  [1m[35m (8.6ms)[0m  commit transaction
+Completed 200 OK in 16.9ms (ActiveRecord: 9.1ms)
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1[0m  [["id", 3]]
   [1m[35m (0.0ms)[0m  begin transaction
-  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d31062"]]
-  [1m[35m (10.2ms)[0m  commit transaction
+  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d36178"]]
+  [1m[35m (9.3ms)[0m  commit transaction
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3460"]]
-  [1m[36m (9.8ms)[0m  [1mcommit transaction[0m
+  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3569"]]
+  [1m[36m (5.6ms)[0m  [1mcommit transaction[0m
 WARNING: Can't mass-assign protected attributes: uid, name, permissions
 Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d31062"}
-Completed 403 Forbidden in 1.7ms (Views: 1.1ms | ActiveRecord: 0.0ms)
+  Parameters: {"uid"=>"a1s2d36178"}
+Completed 403 Forbidden in 1.7ms (Views: 1.0ms | ActiveRecord: 0.0ms)
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39234"]]
-  [1m[35m (9.8ms)[0m  commit transaction
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d31308"]]
-  [1m[36m (10.0ms)[0m  [1mcommit transaction[0m
+  [1m[36mSQL (0.2ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d35273"]]
+  [1m[35m (7.2ms)[0m  commit transaction
+  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[35mSQL (0.1ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d34668"]]
+  [1m[36m (7.9ms)[0m  [1mcommit transaction[0m
 Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"nonexistent-user"}
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'nonexistent-user' LIMIT 1
-Completed 200 OK in 1.1ms (ActiveRecord: 0.2ms)
+  Parameters: {"uid"=>"a1s2d35273"}
+  [1m[35mUser Load (0.3ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d35273' LIMIT 1
+  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[35m (0.2ms)[0m  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
+- signin
+' WHERE "users"."id" = 7
+  [1m[36m (5.7ms)[0m  [1mcommit transaction[0m
+Completed 200 OK in 9.0ms (ActiveRecord: 6.2ms)
+  [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1  [["id", 7]]
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d39743"]]
-  [1m[36m (9.9ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.0ms)[0m  begin transaction
-  [1m[36mSQL (0.1ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3249"]]
-  [1m[35m (10.2ms)[0m  commit transaction
+  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "old@domain.com"], ["name", "Moshua Jarshall"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "a1s2d37522"]]
+  [1m[36m (7.9ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.1ms)[0m  begin transaction
+  [1m[36mSQL (0.1ms)[0m  [1mINSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)[0m  [["email", "ssopushuser@legit.com"], ["name", "SSO Push user"], ["organisation_slug", nil], ["permissions", "---\n- signin\n- user_update_permission\n"], ["remotely_signed_out", nil], ["uid", "a1s2d3700"]]
+  [1m[35m (7.4ms)[0m  commit transaction
 Processing by Api::UserController#reauth as HTML
-  Parameters: {"uid"=>"a1s2d39743"}
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'a1s2d39743' LIMIT 1[0m
-  [1m[35m (0.0ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
-- signin
-' WHERE "users"."id" = 9[0m
-  [1m[35m (10.2ms)[0m  commit transaction
-Completed 200 OK in 13.0ms (ActiveRecord: 10.6ms)
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1[0m  [["id", 9]]
-Started GET "/" for 127.0.0.1 at 2014-01-30 11:26:06 +0000
+  Parameters: {"uid"=>"nonexistent-user"}
+  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'nonexistent-user' LIMIT 1[0m
+Completed 200 OK in 1.2ms (ActiveRecord: 0.2ms)
+Started GET "/" for 127.0.0.1 at 2014-02-11 14:12:32 +0000
 Processing by ExampleController#index as HTML
-Completed 200 OK in 3.5ms (Views: 3.1ms | ActiveRecord: 0.0ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:06 +0000
+Completed 200 OK in 4.0ms (Views: 3.6ms | ActiveRecord: 0.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:32 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 41.5ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-30 11:26:06 +0000
-Started GET "/auth/gds/callback?code=bbd6f4334c2e431e50558d804c177d5ab1fd34ee7f4c79567ec75fe58c7e2325&state=ac961d72be22d46e54df46b5fc0bc6088757e50db5f0cb94" for 127.0.0.1 at 2014-01-30 11:26:07 +0000
+Completed   in 0.6ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-11 14:12:32 +0000
+Started GET "/auth/gds/callback?code=e6fc10270e675cd0e71f7b28931b538da1bdc20d5cde1c828ef7d097fced02aa&state=78623b0d617fc3d2eb1736195791e5435fcb43fbf249bf56" for 127.0.0.1 at 2014-02-11 14:12:33 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"bbd6f4334c2e431e50558d804c177d5ab1fd34ee7f4c79567ec75fe58c7e2325", "state"=>"ac961d72be22d46e54df46b5fc0bc6088757e50db5f0cb94"}
+  Parameters: {"code"=>"e6fc10270e675cd0e71f7b28931b538da1bdc20d5cde1c828ef7d097fced02aa", "state"=>"78623b0d617fc3d2eb1736195791e5435fcb43fbf249bf56"}
 Authenticating with gds_sso strategy
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  [1m[35mUser Load (0.3ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35mSQL (0.2ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "test@example-client.com"], ["name", "Test User"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "integration-uid"]]
-  [1m[36m (10.1ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[35mSQL (0.3ms)[0m  INSERT INTO "users" ("email", "name", "organisation_slug", "permissions", "remotely_signed_out", "uid") VALUES (?, ?, ?, ?, ?, ?)  [["email", "test@example-client.com"], ["name", "Test User"], ["organisation_slug", nil], ["permissions", "---\n- signin\n"], ["remotely_signed_out", nil], ["uid", "integration-uid"]]
+  [1m[36m (7.3ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (8.2ms)[0m  commit transaction
+  [1m[35m (7.1ms)[0m  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 24.8ms (ActiveRecord: 18.8ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:07 +0000
+Completed 302 Found in 22.6ms (ActiveRecord: 15.4ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:33 +0000
 Processing by ExampleController#restricted as HTML
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
-Completed 200 OK in 1.2ms (Views: 0.4ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:07 +0000
+  [1m[36mUser Load (0.3ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
+Completed 200 OK in 2.3ms (Views: 0.6ms | ActiveRecord: 0.3ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:33 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-30 11:26:07 +0000
-Started GET "/auth/gds/callback?code=4e9ef98e9bc9eca3c940483b933e6b039bf5fa44e65c348fef6800867172c0f8&state=bf519f59b9ea347c0af6862627c940625a4af53f4e0408f1" for 127.0.0.1 at 2014-01-30 11:26:08 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-11 14:12:33 +0000
+Started GET "/auth/gds/callback?code=99a32bede75e4ad5f4d9d91ba9dbf42603907dea464be720c39ca8f1db0b90cc&state=13e6a62c4a47b4f7ba5472161eaf1e7000c05963f6a1291a" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"4e9ef98e9bc9eca3c940483b933e6b039bf5fa44e65c348fef6800867172c0f8", "state"=>"bf519f59b9ea347c0af6862627c940625a4af53f4e0408f1"}
+  Parameters: {"code"=>"99a32bede75e4ad5f4d9d91ba9dbf42603907dea464be720c39ca8f1db0b90cc", "state"=>"13e6a62c4a47b4f7ba5472161eaf1e7000c05963f6a1291a"}
 Authenticating with gds_sso strategy
-  [1m[35mUser Load (0.4ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.1ms)[0m  UPDATE "users" SET "permissions" = '---
+  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (18.6ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.0ms)[0m  begin transaction
-  [1m[36m (0.1ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (14.1ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.1ms)[0m  begin transaction
+  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (13.9ms)[0m  commit transaction
+  [1m[35m (12.5ms)[0m  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 40.7ms (ActiveRecord: 33.3ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:08 +0000
-Processing by ExampleController#restricted as HTML
-  [1m[36mUser Load (0.3ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
-Completed 200 OK in 2.6ms (Views: 0.8ms | ActiveRecord: 0.3ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:08 +0000
+Completed 302 Found in 31.9ms (ActiveRecord: 27.3ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
 Processing by ExampleController#restricted as HTML
+  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
+Completed 200 OK in 1.3ms (Views: 0.3ms | ActiveRecord: 0.2ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.3ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-30 11:26:08 +0000
-Started GET "/auth/gds/callback?code=2955a427052acac9fb020d74f6dcce52c21c7837c1fff15841ca4bff16810df3&state=f54772c3aadc24cc438268104fbf1d63fee88c2b29337fef" for 127.0.0.1 at 2014-01-30 11:26:08 +0000
+Completed   in 0.6ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
+Started GET "/auth/gds/callback?code=c734589a77321d80b595cd458f2a97984bc60a31423e649f53a8066d6adbaa6f&state=4ed2bc23f0aa2c35292b24cf085d2f8d2bd0633d7ffc9768" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"2955a427052acac9fb020d74f6dcce52c21c7837c1fff15841ca4bff16810df3", "state"=>"f54772c3aadc24cc438268104fbf1d63fee88c2b29337fef"}
+  Parameters: {"code"=>"c734589a77321d80b595cd458f2a97984bc60a31423e649f53a8066d6adbaa6f", "state"=>"4ed2bc23f0aa2c35292b24cf085d2f8d2bd0633d7ffc9768"}
 Authenticating with gds_sso strategy
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
+  [1m[35mUser Load (0.3ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (12.3ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (24.3ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[36m (0.1ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (12.0ms)[0m  commit transaction
-Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 30.7ms (ActiveRecord: 25.0ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:08 +0000
-Processing by ExampleController#restricted as HTML
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
-Completed 200 OK in 1.2ms (Views: 0.3ms | ActiveRecord: 0.1ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-30 11:26:08 +0000
+  [1m[35m (11.0ms)[0m  commit transaction
+Redirected to http://www.example-client.com/this_requires_signin_permission
+Completed 302 Found in 41.5ms (ActiveRecord: 36.0ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
+Processing by ExampleController#this_requires_signin_permission as HTML
+  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
+Completed 200 OK in 1.5ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
 Processing by ExampleController#this_requires_signin_permission as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.6ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-30 11:26:08 +0000
-Started GET "/auth/gds/callback?code=4b843d5cb3e88fa160c5fe50a3988e7eaaa7d989dcaf29a3b7fb90e8b47bfe39&state=e04d474f8e77975f6560f50641a87648994e340c93e285fb" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
+Completed   in 0.2ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
+Started GET "/auth/gds/callback?code=d4c19782a4d297262a15c4b248148ce88a5712cc9ebeb139eecf9457fd11eec6&state=4f13783c8f5b8095df92fbcb7f4f4f38e8a3c7f7bc6d0177" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"4b843d5cb3e88fa160c5fe50a3988e7eaaa7d989dcaf29a3b7fb90e8b47bfe39", "state"=>"e04d474f8e77975f6560f50641a87648994e340c93e285fb"}
+  Parameters: {"code"=>"d4c19782a4d297262a15c4b248148ce88a5712cc9ebeb139eecf9457fd11eec6", "state"=>"4f13783c8f5b8095df92fbcb7f4f4f38e8a3c7f7bc6d0177"}
 Authenticating with gds_sso strategy
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
+  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (9.3ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (10.1ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[36m (0.3ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (7.6ms)[0m  commit transaction
+  [1m[35m (7.4ms)[0m  commit transaction
 Redirected to http://www.example-client.com/this_requires_signin_permission
-Completed 302 Found in 22.7ms (ActiveRecord: 17.6ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
-Processing by ExampleController#this_requires_signin_permission as HTML
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
-Completed 200 OK in 1.5ms (Views: 0.4ms | ActiveRecord: 0.1ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
+Completed 302 Found in 22.6ms (ActiveRecord: 18.1ms)
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
 Processing by ExampleController#this_requires_signin_permission as HTML
+  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
+Completed 200 OK in 1.6ms (Views: 0.3ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
+Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
-Started GET "/auth/gds/callback?code=134885ee836204ff43d31ccc582b44083b4f4f1690fa9ad2d3b9e80441ab890e&state=a62b5d8ff1085b8ab7f457b63757682bd1945487f66771ff" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
+Completed   in 0.4ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-11 14:12:34 +0000
+Started GET "/auth/gds/callback?code=8af724f9c09ee4e089368f8cddc85616c0447adee552b3002faaddb54166c157&state=787ba78ded34fb3ad2a92f986844823633e1319d70e7fad5" for 127.0.0.1 at 2014-02-11 14:12:35 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"134885ee836204ff43d31ccc582b44083b4f4f1690fa9ad2d3b9e80441ab890e", "state"=>"a62b5d8ff1085b8ab7f457b63757682bd1945487f66771ff"}
+  Parameters: {"code"=>"8af724f9c09ee4e089368f8cddc85616c0447adee552b3002faaddb54166c157", "state"=>"787ba78ded34fb3ad2a92f986844823633e1319d70e7fad5"}
 Authenticating with gds_sso strategy
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (13.6ms)[0m  [1mcommit transaction[0m
+  [1m[36m (33.2ms)[0m  [1mcommit transaction[0m
   [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (8.2ms)[0m  commit transaction
-Redirected to http://www.example-client.com/this_requires_signin_permission
-Completed 302 Found in 26.7ms (ActiveRecord: 22.4ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
-Processing by ExampleController#this_requires_signin_permission as HTML
+  [1m[35m (10.3ms)[0m  commit transaction
+Redirected to http://www.example-client.com/restricted
+Completed 302 Found in 49.7ms (ActiveRecord: 44.3ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:35 +0000
+Processing by ExampleController#restricted as HTML
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
-Completed 200 OK in 1.4ms (Views: 0.3ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
+Completed 200 OK in 1.4ms (Views: 0.4ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:35 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
-Started GET "/auth/gds/callback?code=d14d2130eac245b11610d2d7c51bd796c9fbae7597f4fe5647ce47f6194c9b12&state=0ce283073ff60edb6c2b7f306b8acc6ab9c507abaa1028a3" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-11 14:12:35 +0000
+Started GET "/auth/gds/callback?code=53319f3b8cac2a91c4627efec0f88a262661a3c2826fa1a035e4e2b212a14a71&state=1d152479a45612e77cb0e0bbf53731283148c72571fa2a19" for 127.0.0.1 at 2014-02-11 14:12:35 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"d14d2130eac245b11610d2d7c51bd796c9fbae7597f4fe5647ce47f6194c9b12", "state"=>"0ce283073ff60edb6c2b7f306b8acc6ab9c507abaa1028a3"}
+  Parameters: {"code"=>"53319f3b8cac2a91c4627efec0f88a262661a3c2826fa1a035e4e2b212a14a71", "state"=>"1d152479a45612e77cb0e0bbf53731283148c72571fa2a19"}
 Authenticating with gds_sso strategy
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
   [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.1ms)[0m  UPDATE "users" SET "permissions" = '---
+  [1m[35m (0.2ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (8.7ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[36m (10.8ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.1ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (6.5ms)[0m  commit transaction
+  [1m[35m (8.6ms)[0m  commit transaction
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 20.5ms (ActiveRecord: 15.7ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:09 +0000
+Completed 302 Found in 25.2ms (ActiveRecord: 20.0ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:35 +0000
 Processing by ExampleController#restricted as HTML
-  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
-Completed 200 OK in 1.3ms (Views: 0.4ms | ActiveRecord: 0.1ms)
+  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
+Completed 200 OK in 1.9ms (Views: 0.6ms | ActiveRecord: 0.2ms)
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."email" = 'test@example-client.com' LIMIT 1
   [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
-  [1m[35m (0.2ms)[0m  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
+  [1m[35m (0.1ms)[0m  UPDATE "users" SET "remotely_signed_out" = 't', "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (8.0ms)[0m  [1mcommit transaction[0m
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
+  [1m[36m (8.2ms)[0m  [1mcommit transaction[0m
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:35 +0000
 Processing by ExampleController#restricted as HTML
-  [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
+  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
 Authenticating with gds_sso strategy
-Completed   in 0.7ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
-Started GET "/auth/gds/callback?code=ab02d8007ca7b28a90d145185f0238f776e0b1a3459f156a6669a643708bbc27&state=0f587d064bf9e71ea3d6bb3249a272d4049ef72440671dba" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
+Completed   in 0.8ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-11 14:12:35 +0000
+Started GET "/auth/gds/callback?code=e6c8fb7975becaaf4bee4ddb6c343a4b0638c257cb75d855c4f5dee6a40e6dec&state=4001702096ace0ac8c73d1fd70effb07e8a58c27cbcba283" for 127.0.0.1 at 2014-02-11 14:12:36 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"ab02d8007ca7b28a90d145185f0238f776e0b1a3459f156a6669a643708bbc27", "state"=>"0f587d064bf9e71ea3d6bb3249a272d4049ef72440671dba"}
+  Parameters: {"code"=>"e6c8fb7975becaaf4bee4ddb6c343a4b0638c257cb75d855c4f5dee6a40e6dec", "state"=>"4001702096ace0ac8c73d1fd70effb07e8a58c27cbcba283"}
 Authenticating with gds_sso strategy
-  [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
+  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[36m (0.1ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (18.4ms)[0m  commit transaction
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
+  [1m[35m (10.2ms)[0m  commit transaction
+  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.1ms)[0m  UPDATE "users" SET "remotely_signed_out" = 'f', "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (7.2ms)[0m  [1mcommit transaction[0m
+  [1m[36m (7.0ms)[0m  [1mcommit transaction[0m
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 30.2ms (ActiveRecord: 26.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
+Completed 302 Found in 21.6ms (ActiveRecord: 17.7ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:36 +0000
 Processing by ExampleController#restricted as HTML
   [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
 Completed 200 OK in 1.1ms (Views: 0.3ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:36 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
-Started GET "/auth/gds/callback?code=1925d41b24df1eb865d5bd41bd3649acb2a0598b18e07c730d02cfe4e3847a84&state=38715f2b26587f3ff0631a8abf6937a262a7af0e8e750bb1" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-11 14:12:36 +0000
+Started GET "/auth/gds/callback?code=70f64f5b290b2dda1cff56465904b804edea5d86dc786eb9b05841e357ff8872&state=1c23b33a5d02264e30b539351ee6e2ebba854c71bd91c566" for 127.0.0.1 at 2014-02-11 14:12:36 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"1925d41b24df1eb865d5bd41bd3649acb2a0598b18e07c730d02cfe4e3847a84", "state"=>"38715f2b26587f3ff0631a8abf6937a262a7af0e8e750bb1"}
+  Parameters: {"code"=>"70f64f5b290b2dda1cff56465904b804edea5d86dc786eb9b05841e357ff8872", "state"=>"1c23b33a5d02264e30b539351ee6e2ebba854c71bd91c566"}
 Authenticating with gds_sso strategy
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
   [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.1ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (7.9ms)[0m  commit transaction
-  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
+  [1m[35m (11.9ms)[0m  commit transaction
+  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.1ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (6.2ms)[0m  [1mcommit transaction[0m
+  [1m[36m (13.0ms)[0m  [1mcommit transaction[0m
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 19.2ms (ActiveRecord: 14.7ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
+Completed 302 Found in 30.3ms (ActiveRecord: 25.5ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:36 +0000
 Processing by ExampleController#restricted as HTML
   [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
-Completed 200 OK in 1.2ms (Views: 0.4ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-31 07:31:10 +0000
+Completed 200 OK in 1.3ms (Views: 0.4ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-12 10:17:36 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
 Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-31 07:31:10 +0000
-Started GET "/auth/gds/callback?code=83f960a4a005ab15c432803710b3601129f3a965a2dddd5f891b8b6c6e7d1fbc&state=1a74af1fd08d87d48b925359c27c60eaa0190c55010fbe3d" for 127.0.0.1 at 2014-01-31 07:31:10 +0000
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-12 10:17:36 +0000
+Started GET "/auth/gds/callback?code=c0ad710d6760f6b0b0e6a557ca4bf2a123ef9d86e975c9258ef2e053b4bbbb97&state=4783df9c49c0b93843c2cd1c772d849e4db46b1b9cae6707" for 127.0.0.1 at 2014-02-12 10:17:36 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"83f960a4a005ab15c432803710b3601129f3a965a2dddd5f891b8b6c6e7d1fbc", "state"=>"1a74af1fd08d87d48b925359c27c60eaa0190c55010fbe3d"}
+  Parameters: {"code"=>"c0ad710d6760f6b0b0e6a557ca4bf2a123ef9d86e975c9258ef2e053b4bbbb97", "state"=>"4783df9c49c0b93843c2cd1c772d849e4db46b1b9cae6707"}
 Authenticating with gds_sso strategy
   [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (10.1ms)[0m  commit transaction
-  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[35m (12.1ms)[0m  commit transaction
+  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.1ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (8.7ms)[0m  [1mcommit transaction[0m
+  [1m[36m (10.5ms)[0m  [1mcommit transaction[0m
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 22.8ms (ActiveRecord: 19.3ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-31 07:31:10 +0000
+Completed 302 Found in 26.9ms (ActiveRecord: 23.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-12 10:17:36 +0000
 Processing by ExampleController#restricted as HTML
-  [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
-Completed 200 OK in 1.1ms (Views: 0.2ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
+  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
+Completed 200 OK in 1.1ms (Views: 0.2ms | ActiveRecord: 0.2ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:37 +0000
 Processing by ExampleController#restricted as HTML
 Authenticating with gds_sso strategy
-Completed   in 0.2ms
-Started GET "/auth/gds" for 127.0.0.1 at 2014-01-30 11:26:10 +0000
-Started GET "/auth/gds/callback?code=a189c109c0650bf0f0ef6ffe19f9dc6115efe9c34cf2393c9af2a4d9b3dec0ab&state=e4bf81abac5c130c5138a67bfb5dde669d703052f34e43ed" for 127.0.0.1 at 2014-01-30 11:26:11 +0000
+Completed   in 0.3ms
+Started GET "/auth/gds" for 127.0.0.1 at 2014-02-11 14:12:37 +0000
+Started GET "/auth/gds/callback?code=f70c7f75ee370e3dac1d42a255060ae102928781d2b8ed2788b807f83579952b&state=6a8d93fb1c82907068719bac9afd5150913bf6dc6f406e94" for 127.0.0.1 at 2014-02-11 14:12:37 +0000
 Processing by AuthenticationsController#callback as HTML
-  Parameters: {"code"=>"a189c109c0650bf0f0ef6ffe19f9dc6115efe9c34cf2393c9af2a4d9b3dec0ab", "state"=>"e4bf81abac5c130c5138a67bfb5dde669d703052f34e43ed"}
+  Parameters: {"code"=>"f70c7f75ee370e3dac1d42a255060ae102928781d2b8ed2788b807f83579952b", "state"=>"6a8d93fb1c82907068719bac9afd5150913bf6dc6f406e94"}
 Authenticating with gds_sso strategy
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
   [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (10.5ms)[0m  commit transaction
+  [1m[35m (11.2ms)[0m  commit transaction
   [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.1ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (8.5ms)[0m  [1mcommit transaction[0m
+  [1m[36m (8.0ms)[0m  [1mcommit transaction[0m
 Redirected to http://www.example-client.com/restricted
-Completed 302 Found in 24.5ms (ActiveRecord: 19.6ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:11 +0000
+Completed 302 Found in 24.4ms (ActiveRecord: 19.8ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:37 +0000
 Processing by ExampleController#restricted as HTML
-  [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
-Completed 200 OK in 1.4ms (Views: 0.4ms | ActiveRecord: 0.2ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-31 07:21:11 +0000
+  [1m[35mUser Load (0.1ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1
+Completed 200 OK in 1.2ms (Views: 0.4ms | ActiveRecord: 0.1ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-12 10:07:37 +0000
 Processing by ExampleController#restricted as HTML
   [1m[36mUser Load (0.1ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' AND "users"."remotely_signed_out" = 'f' LIMIT 1[0m
 Completed 200 OK in 0.9ms (Views: 0.2ms | ActiveRecord: 0.1ms)
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:11 +0000
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:37 +0000
 Processing by ExampleController#restricted as JSON
 Authenticating with gds_bearer_token strategy
-Completed   in 7.8ms
-Started GET "/restricted" for 127.0.0.1 at 2014-01-30 11:26:11 +0000
-Processing by ExampleController#restricted as JSON
+Completed   in 8.3ms
+Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-02-11 14:12:37 +0000
+Processing by ExampleController#this_requires_signin_permission as JSON
 Authenticating with gds_bearer_token strategy
   [1m[35mUser Load (0.2ms)[0m  SELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1
-  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.1ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (10.9ms)[0m  [1mcommit transaction[0m
-  [1m[35m (0.1ms)[0m  begin transaction
-  [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
+  [1m[36m (10.1ms)[0m  [1mcommit transaction[0m
+  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[36m (0.1ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (9.8ms)[0m  commit transaction
-Completed 200 OK in 59.7ms (Views: 0.3ms | ActiveRecord: 21.3ms)
-Started GET "/this_requires_signin_permission" for 127.0.0.1 at 2014-01-30 11:26:11 +0000
-Processing by ExampleController#this_requires_signin_permission as JSON
+  [1m[35m (10.6ms)[0m  commit transaction
+Completed 200 OK in 61.2ms (Views: 0.5ms | ActiveRecord: 21.3ms)
+Started GET "/restricted" for 127.0.0.1 at 2014-02-11 14:12:37 +0000
+Processing by ExampleController#restricted as JSON
 Authenticating with gds_bearer_token strategy
   [1m[36mUser Load (0.2ms)[0m  [1mSELECT "users".* FROM "users" WHERE "users"."uid" = 'integration-uid' LIMIT 1[0m
-  [1m[35m (0.0ms)[0m  begin transaction
+  [1m[35m (0.1ms)[0m  begin transaction
   [1m[36m (0.2ms)[0m  [1mUPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11[0m
-  [1m[35m (10.1ms)[0m  commit transaction
-  [1m[36m (0.0ms)[0m  [1mbegin transaction[0m
+  [1m[35m (16.1ms)[0m  commit transaction
+  [1m[36m (0.1ms)[0m  [1mbegin transaction[0m
   [1m[35m (0.1ms)[0m  UPDATE "users" SET "permissions" = '---
 - signin
 ' WHERE "users"."id" = 11
-  [1m[36m (10.0ms)[0m  [1mcommit transaction[0m
-Completed 200 OK in 61.3ms (Views: 0.2ms | ActiveRecord: 20.7ms)
+  [1m[36m (10.4ms)[0m  [1mcommit transaction[0m
+Completed 200 OK in 82.9ms (Views: 0.5ms | ActiveRecord: 27.1ms)