cbsorcery 0.8.6

data/spec/active_record/user_activity_logging_spec.rb

@@ -0,0 +1,17 @@
+require 'spec_helper'
+require 'shared_examples/user_activity_logging_shared_examples'
+
+describe User, "with activity logging submodule", :active_record => true do
+
+  before(:all) do
+    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activity_logging")
+    User.reset_column_information
+  end
+
+  after(:all) do
+    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activity_logging")
+  end
+
+  it_behaves_like "rails_3_activity_logging_model"
+
+end

data/spec/active_record/user_brute_force_protection_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+require 'shared_examples/user_brute_force_protection_shared_examples'
+
+describe User, "with brute_force_protection submodule", :active_record => true do
+  before(:all) do
+    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/brute_force_protection")
+    User.reset_column_information
+  end
+
+  after(:all) do
+    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/brute_force_protection")
+  end
+
+  it_behaves_like "rails_3_brute_force_protection_model"
+
+end

data/spec/active_record/user_oauth_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+require 'shared_examples/user_oauth_shared_examples'
+
+describe User, "with oauth submodule", :active_record => true do
+  before(:all) do
+    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
+    User.reset_column_information
+  end
+
+  after(:all) do
+    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
+  end
+
+  it_behaves_like "rails_3_oauth_model"
+
+end

data/spec/active_record/user_remember_me_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+require 'shared_examples/user_remember_me_shared_examples'
+
+describe User, "with remember_me submodule", :active_record => true do
+  before(:all) do
+    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/remember_me")
+    User.reset_column_information
+  end
+
+  after(:all) do
+    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/remember_me")
+  end
+
+  it_behaves_like "rails_3_remember_me_model"
+
+end

data/spec/active_record/user_reset_password_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+require 'shared_examples/user_reset_password_shared_examples'
+
+describe User, "with reset_password submodule", :active_record => true do
+  before(:all) do
+    ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/reset_password")
+    User.reset_column_information
+  end
+
+  after(:all) do
+    ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/reset_password")
+  end
+
+  it_behaves_like "rails_3_reset_password_model"
+
+end

data/spec/active_record/user_spec.rb

@@ -0,0 +1,37 @@
+require 'spec_helper'
+require 'rails_app/app/mailers/sorcery_mailer'
+require 'shared_examples/user_shared_examples'
+
+describe User, "with no submodules (core)", :active_record => true do
+  before(:all) do
+    sorcery_reload!
+  end
+
+  context "when app has plugin loaded" do
+    it "responds to the plugin activation class method" do
+      expect(ActiveRecord::Base).to respond_to :authenticates_with_sorcery!
+    end
+
+    it "User responds to .authenticates_with_sorcery!" do
+      expect(User).to respond_to :authenticates_with_sorcery!
+    end
+  end
+
+  # ----------------- PLUGIN CONFIGURATION -----------------------
+
+  it_should_behave_like "rails_3_core_model"
+
+  describe "external users" do
+    before(:all) do
+      ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
+      User.reset_column_information
+      sorcery_reload!
+    end
+
+    after(:all) do
+      ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
+    end
+
+    it_should_behave_like "external_user"
+  end
+end

data/spec/controllers/controller_activity_logging_spec.rb

@@ -0,0 +1,124 @@
+require 'spec_helper'
+
+# require 'shared_examples/controller_activity_logging_shared_examples'
+
+describe SorceryController do
+  after(:all) do
+    sorcery_controller_property_set(:register_login_time, true)
+    sorcery_controller_property_set(:register_logout_time, true)
+    sorcery_controller_property_set(:register_last_activity_time, true)
+    # sorcery_controller_property_set(:last_login_from_ip_address_name, true)
+  end
+
+  # ----------------- ACTIVITY LOGGING -----------------------
+  context "with activity logging features" do
+
+    let(:adapter) { double('sorcery_adapter') }
+    let(:user) { double('user', id: 42, sorcery_adapter: adapter) }
+
+    before(:all) do
+      sorcery_reload!([:activity_logging])
+    end
+
+    specify { expect(subject).to respond_to(:current_users) }
+
+    before(:each) do
+      allow(user).to receive(:username)
+      allow(user).to receive_message_chain(:sorcery_config, :username_attribute_names, :first) { :username }
+      allow(User.sorcery_config).to receive(:last_login_at_attribute_name) { :last_login_at }
+      allow(User.sorcery_config).to receive(:last_login_from_ip_address_name) { :last_login_from_ip_address }
+
+      sorcery_controller_property_set(:register_login_time, false)
+      sorcery_controller_property_set(:register_last_ip_address, false)
+      sorcery_controller_property_set(:register_last_activity_time, false)
+    end
+
+    it "'current_users' should proxy to User.current_users" do
+      expect(User).to receive(:current_users).with(no_args)
+
+      subject.current_users
+    end
+
+
+    it "logs login time on login" do
+      now = Time.now.in_time_zone
+      Timecop.freeze(now)
+
+      sorcery_controller_property_set(:register_login_time, true)
+      expect(user).to receive(:set_last_login_at).with(be_within(0.1).of(now))
+      login_user(user)
+
+      Timecop.return
+    end
+
+    it "logs logout time on logout" do
+      login_user(user)
+      now = Time.now.in_time_zone
+      Timecop.freeze(now)
+      expect(user).to receive(:set_last_logout_at).with(be_within(0.1).of(now))
+
+      logout_user
+
+      Timecop.return
+    end
+
+    it "logs last activity time when logged in" do
+      sorcery_controller_property_set(:register_last_activity_time, true)
+
+      login_user(user)
+      now = Time.now.in_time_zone
+      Timecop.freeze(now)
+      expect(user).to receive(:set_last_activity_at).with(be_within(0.1).of(now))
+
+      get :some_action
+
+      Timecop.return
+    end
+
+    it "logs last IP address when logged in" do
+      sorcery_controller_property_set(:register_last_ip_address, true)
+      expect(user).to receive(:set_last_ip_addess).with('0.0.0.0')
+
+      login_user(user)
+    end
+
+    it "updates nothing but activity fields" do
+      pending 'Move to model'
+      original_user_name = User.last.username
+      login_user(user)
+      get :some_action_making_a_non_persisted_change_to_the_user
+
+      expect(User.last.username).to eq original_user_name
+    end
+
+    it "does not register login time if configured so" do
+      sorcery_controller_property_set(:register_login_time, false)
+
+      expect(user).to receive(:set_last_login_at).never
+      login_user(user)
+    end
+
+    it "does not register logout time if configured so" do
+      sorcery_controller_property_set(:register_logout_time, false)
+      login_user(user)
+
+      expect(user).to receive(:set_last_logout_at).never
+      logout_user
+    end
+
+    it "does not register last activity time if configured so" do
+      sorcery_controller_property_set(:register_last_activity_time, false)
+
+      expect(user).to receive(:set_last_activity_at).never
+      login_user(user)
+    end
+
+    it "does not register last IP address if configured so" do
+      sorcery_controller_property_set(:register_last_ip_address, false)
+      expect(user).to receive(:set_last_ip_addess).never
+
+      login_user(user)
+    end
+
+  end
+end

data/spec/controllers/controller_brute_force_protection_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+
+describe SorceryController do
+
+  let(:user) { double('user', id: 42, email: 'bla@bla.com') }
+
+  def request_test_login
+    get :test_login, email: 'bla@bla.com', password: 'blabla'
+  end
+
+  # ----------------- SESSION TIMEOUT -----------------------
+  describe "brute force protection features" do
+
+    before(:all) do
+      sorcery_reload!([:brute_force_protection])
+    end
+
+    after(:each) do
+      Sorcery::Controller::Config.reset!
+      sorcery_controller_property_set(:user_class, User)
+      Timecop.return
+    end
+
+    it "counts login retries" do
+      allow(User).to receive(:authenticate)
+      allow(User.sorcery_adapter).to receive(:find_by_credentials).with(['bla@bla.com', 'blabla']).and_return(user)
+
+      expect(user).to receive(:register_failed_login!).exactly(3).times
+
+      3.times { request_test_login }
+    end
+
+    it "resets the counter on a good login" do
+      # dirty hack for rails 4
+      allow(@controller).to receive(:register_last_activity_time_to_db)
+
+      allow(User).to receive(:authenticate).and_return(user)
+      expect(user).to receive_message_chain(:sorcery_adapter, :update_attribute).with(:failed_logins_count, 0)
+
+      get :test_login, email: 'bla@bla.com', password: 'secret'
+    end
+  end
+end

data/spec/controllers/controller_http_basic_auth_spec.rb

@@ -0,0 +1,68 @@
+require 'spec_helper'
+
+describe SorceryController do
+
+  let(:user) { double("user", id: 42, email: 'bla@bla.com') }
+
+  describe  "with http basic auth features" do
+    before(:all) do
+      sorcery_reload!([:http_basic_auth])
+
+      sorcery_controller_property_set(:controller_to_realm_map, {"sorcery" => "sorcery"})
+    end
+
+    after(:each) do
+      logout_user
+    end
+
+    it "requests basic authentication when before_filter is used" do
+      get :test_http_basic_auth
+
+      expect(response.status).to eq 401
+    end
+
+    it "authenticates from http basic if credentials are sent" do
+      # dirty hack for rails 4
+      allow(subject).to receive(:register_last_activity_time_to_db)
+
+      @request.env["HTTP_AUTHORIZATION"] = "Basic #{Base64::encode64("#{user.email}:secret")}"
+      expect(User).to receive('authenticate').with('bla@bla.com', 'secret').and_return(user)
+      get :test_http_basic_auth, nil, http_authentication_used: true
+
+      expect(response).to be_a_success
+    end
+
+    it "fails authentication if credentials are wrong" do
+      @request.env["HTTP_AUTHORIZATION"] = "Basic #{Base64::encode64("#{user.email}:wrong!")}"
+      expect(User).to receive('authenticate').with('bla@bla.com', 'wrong!').and_return(nil)
+      get :test_http_basic_auth, nil, http_authentication_used: true
+
+      expect(response).to redirect_to root_url
+    end
+
+    it "allows configuration option 'controller_to_realm_map'" do
+      sorcery_controller_property_set(:controller_to_realm_map, {"1" => "2"})
+
+      expect(Sorcery::Controller::Config.controller_to_realm_map).to eq({"1" => "2"})
+    end
+
+    it "displays the correct realm name configured for the controller" do
+      sorcery_controller_property_set(:controller_to_realm_map, {"sorcery" => "Salad"})
+      get :test_http_basic_auth
+
+      expect(response.headers["WWW-Authenticate"]).to eq "Basic realm=\"Salad\""
+    end
+
+    it "signs in the user's session on successful login" do
+      # dirty hack for rails 4
+      allow(controller).to receive(:register_last_activity_time_to_db)
+
+      @request.env["HTTP_AUTHORIZATION"] = "Basic #{Base64::encode64("#{user.email}:secret")}"
+      expect(User).to receive('authenticate').with('bla@bla.com', 'secret').and_return(user)
+
+      get :test_http_basic_auth, nil, http_authentication_used: true
+
+      expect(session[:user_id]).to eq "42"
+    end
+  end
+end

data/spec/controllers/controller_oauth2_spec.rb

@@ -0,0 +1,407 @@
+require 'spec_helper'
+
+# require 'shared_examples/controller_oauth2_shared_examples'
+
+describe SorceryController, :active_record => true do
+  before(:all) do
+    if SORCERY_ORM == :active_record
+      ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
+      User.reset_column_information
+    end
+
+    sorcery_reload!([:external])
+    set_external_property
+  end
+
+  after(:all) do
+    if SORCERY_ORM == :active_record
+      ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
+    end
+  end
+
+  describe 'using create_from' do
+    before(:each) do
+      stub_all_oauth2_requests!
+    end
+
+    it 'creates a new user' do
+      sorcery_model_property_set(:authentications_class, Authentication)
+      sorcery_controller_external_property_set(:facebook, :user_info_mapping, { username: 'name' })
+
+      expect(User).to receive(:create_from_provider).with('facebook', '123', {username: 'Noam Ben Ari'})
+      get :test_create_from_provider, provider: 'facebook'
+    end
+
+    it 'supports nested attributes' do
+      sorcery_model_property_set(:authentications_class, Authentication)
+      sorcery_controller_external_property_set(:facebook, :user_info_mapping, { username: 'hometown/name' })
+      expect(User).to receive(:create_from_provider).with('facebook', '123', {username: 'Haifa, Israel'})
+
+      get :test_create_from_provider, provider: 'facebook'
+    end
+
+    it 'does not crash on missing nested attributes' do
+      sorcery_model_property_set(:authentications_class, Authentication)
+      sorcery_controller_external_property_set(:facebook, :user_info_mapping, { username: 'name', created_at: 'does/not/exist' })
+
+      expect(User).to receive(:create_from_provider).with('facebook', '123', {username: 'Noam Ben Ari'})
+
+      get :test_create_from_provider, provider: 'facebook'
+    end
+
+    describe 'with a block' do
+      it 'does not create user' do
+        sorcery_model_property_set(:authentications_class, Authentication)
+        sorcery_controller_external_property_set(:facebook, :user_info_mapping, { username: 'name' })
+
+        u = double('user')
+        expect(User).to receive(:create_from_provider).with('facebook', '123', {username: 'Noam Ben Ari'}).and_return(u).and_yield(u)
+        # test_create_from_provider_with_block in controller will check for uniqueness of username
+        get :test_create_from_provider_with_block, provider: 'facebook'
+      end
+    end
+  end
+
+  # ----------------- OAuth -----------------------
+  context "with OAuth features" do
+
+    let(:user) { double('user', id: 42) }
+
+    before(:each) do
+      stub_all_oauth2_requests!
+    end
+
+    after(:each) do
+      User.sorcery_adapter.delete_all
+      Authentication.sorcery_adapter.delete_all
+    end
+
+    context "when callback_url begin with /" do
+      before do
+        sorcery_controller_external_property_set(:facebook, :callback_url, "/oauth/twitter/callback")
+      end
+      it "login_at redirects correctly" do
+        get :login_at_test_facebook
+        expect(response).to be_a_redirect
+        expect(response).to redirect_to("https://graph.facebook.com/oauth/authorize?client_id=#{::Sorcery::Controller::Config.facebook.key}&display=page&redirect_uri=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&response_type=code&scope=email%2Coffline_access&state=")
+      end
+      it "logins with state" do
+        get :login_at_test_with_state
+        expect(response).to be_a_redirect
+        expect(response).to redirect_to("https://graph.facebook.com/oauth/authorize?client_id=#{::Sorcery::Controller::Config.facebook.key}&display=page&redirect_uri=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&response_type=code&scope=email%2Coffline_access&state=bla")
+      end
+      after do
+        sorcery_controller_external_property_set(:facebook, :callback_url, "http://blabla.com")
+      end
+    end
+
+    #this test can never pass because of the previous test (the callback url can't change anymore)
+=begin
+    context "when callback_url begin with http://" do
+      it "login_at redirects correctly" do
+        create_new_user
+        get :login_at_test2
+        response.should be_a_redirect
+        response.should redirect_to("https://graph.facebook.com/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.facebook.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=email%2Coffline_access&display=page&state")
+      end
+    end
+=end
+    it "'login_from' logins if user exists" do
+      # dirty hack for rails 4
+      allow(subject).to receive(:register_last_activity_time_to_db)
+
+      sorcery_model_property_set(:authentications_class, Authentication)
+      expect(User).to receive(:load_from_provider).with(:facebook, '123').and_return(user)
+      get :test_login_from_facebook
+
+      expect(flash[:notice]).to eq "Success!"
+    end
+
+    it "'login_from' fails if user doesn't exist" do
+      sorcery_model_property_set(:authentications_class, Authentication)
+      expect(User).to receive(:load_from_provider).with(:facebook, '123').and_return(nil)
+      get :test_login_from_facebook
+
+      expect(flash[:alert]).to eq "Failed!"
+    end
+
+    it "on successful login_from the user is redirected to the url he originally wanted" do
+      # dirty hack for rails 4
+      allow(subject).to receive(:register_last_activity_time_to_db)
+
+      sorcery_model_property_set(:authentications_class, Authentication)
+      expect(User).to receive(:load_from_provider).with(:facebook, '123').and_return(user)
+      get :test_return_to_with_external_facebook, {}, :return_to_url => "fuu"
+
+      expect(response).to redirect_to("fuu")
+      expect(flash[:notice]).to eq "Success!"
+    end
+
+    [:github, :google, :liveid, :vk].each do |provider|
+
+      describe "with #{provider}" do
+
+        it "login_at redirects correctly" do
+          get :"login_at_test_#{provider}"
+
+          expect(response).to be_a_redirect
+          expect(response).to redirect_to(provider_url provider)
+        end
+
+        it "'login_from' logins if user exists" do
+          # dirty hack for rails 4
+          allow(subject).to receive(:register_last_activity_time_to_db)
+
+          sorcery_model_property_set(:authentications_class, Authentication)
+          expect(User).to receive(:load_from_provider).with(provider, '123').and_return(user)
+          get :"test_login_from_#{provider}"
+
+          expect(flash[:notice]).to eq "Success!"
+        end
+
+        it "'login_from' fails if user doesn't exist" do
+          sorcery_model_property_set(:authentications_class, Authentication)
+          expect(User).to receive(:load_from_provider).with(provider, '123').and_return(nil)
+          get :"test_login_from_#{provider}"
+
+          expect(flash[:alert]).to eq "Failed!"
+        end
+
+        it "on successful login_from the user is redirected to the url he originally wanted (#{provider})" do
+          # dirty hack for rails 4
+          allow(subject).to receive(:register_last_activity_time_to_db)
+
+          sorcery_model_property_set(:authentications_class, Authentication)
+          expect(User).to receive(:load_from_provider).with(provider, '123').and_return(user)
+          get :"test_return_to_with_external_#{provider}", {}, :return_to_url => "fuu"
+
+          expect(response).to redirect_to "fuu"
+          expect(flash[:notice]).to eq "Success!"
+        end
+      end
+    end
+
+  end
+
+  describe "OAuth with User Activation features" do
+    before(:all) do
+      if SORCERY_ORM == :active_record
+        ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activation")
+      end
+
+      sorcery_reload!([:user_activation,:external], :user_activation_mailer => ::SorceryMailer)
+      sorcery_controller_property_set(:external_providers, [:facebook, :github, :google, :liveid, :vk])
+
+      sorcery_controller_external_property_set(:facebook, :key, "eYVNBjBDi33aa9GkA3w")
+      sorcery_controller_external_property_set(:facebook, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+      sorcery_controller_external_property_set(:facebook, :callback_url, "http://blabla.com")
+      sorcery_controller_external_property_set(:github, :key, "eYVNBjBDi33aa9GkA3w")
+      sorcery_controller_external_property_set(:github, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+      sorcery_controller_external_property_set(:github, :callback_url, "http://blabla.com")
+      sorcery_controller_external_property_set(:google, :key, "eYVNBjBDi33aa9GkA3w")
+      sorcery_controller_external_property_set(:google, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+      sorcery_controller_external_property_set(:google, :callback_url, "http://blabla.com")
+      sorcery_controller_external_property_set(:liveid, :key, "eYVNBjBDi33aa9GkA3w")
+      sorcery_controller_external_property_set(:liveid, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+      sorcery_controller_external_property_set(:liveid, :callback_url, "http://blabla.com")
+      sorcery_controller_external_property_set(:vk, :key, "eYVNBjBDi33aa9GkA3w")
+      sorcery_controller_external_property_set(:vk, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+      sorcery_controller_external_property_set(:vk, :callback_url, "http://blabla.com")
+    end
+
+    after(:all) do
+      if SORCERY_ORM == :active_record
+        ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activation")
+      end
+    end
+
+    after(:each) do
+      User.sorcery_adapter.delete_all
+    end
+
+    it "does not send activation email to external users" do
+      old_size = ActionMailer::Base.deliveries.size
+      create_new_external_user(:facebook)
+
+      expect(ActionMailer::Base.deliveries.size).to eq old_size
+    end
+
+    it "does not send external users an activation success email" do
+      sorcery_model_property_set(:activation_success_email_method_name, nil)
+      create_new_external_user(:facebook)
+      old_size = ActionMailer::Base.deliveries.size
+      @user.activate!
+
+      expect(ActionMailer::Base.deliveries.size).to eq old_size
+    end
+
+    [:github, :google, :liveid, :vk].each do |provider|
+      it "does not send activation email to external users (#{provider})" do
+        old_size = ActionMailer::Base.deliveries.size
+        create_new_external_user provider
+        expect(ActionMailer::Base.deliveries.size).to eq old_size
+      end
+
+      it "does not send external users an activation success email (#{provider})" do
+        sorcery_model_property_set(:activation_success_email_method_name, nil)
+        create_new_external_user provider
+        old_size = ActionMailer::Base.deliveries.size
+        @user.activate!
+      end
+    end
+  end
+
+  describe "OAuth with user activation features"  do
+
+    let(:user) { double('user', id: 42) }
+
+    before(:all) do
+      sorcery_reload!([:activity_logging, :external])
+    end
+
+    after(:all) do
+      if SORCERY_ORM == :active_record
+        ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
+        ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activity_logging")
+      end
+    end
+
+    %w(facebook github google liveid vk).each do |provider|
+      context "when #{provider}" do
+        before(:each) do
+          sorcery_controller_property_set(:register_login_time, true)
+          sorcery_controller_property_set(:register_logout_time, false)
+          sorcery_controller_property_set(:register_last_activity_time, false)
+          sorcery_controller_property_set(:register_last_ip_address, false)
+          stub_all_oauth2_requests!
+          sorcery_model_property_set(:authentications_class, Authentication)
+        end
+
+        it "registers login time" do
+          now = Time.now.in_time_zone
+          Timecop.freeze(now)
+          expect(User).to receive(:load_from_provider).and_return(user)
+          expect(user).to receive(:set_last_login_at).with(be_within(0.1).of(now))
+          get "test_login_from_#{provider}".to_sym
+          Timecop.return
+        end
+
+        it "does not register login time if configured so" do
+          sorcery_controller_property_set(:register_login_time, false)
+          now = Time.now.in_time_zone
+          Timecop.freeze(now)
+          expect(User).to receive(:load_from_provider).and_return(user)
+          expect(user).to receive(:set_last_login_at).never
+          get "test_login_from_#{provider}".to_sym
+
+        end
+      end
+    end
+  end
+
+  describe "OAuth with session timeout features" do
+    before(:all) do
+      sorcery_reload!([:session_timeout, :external])
+    end
+
+    let(:user) { double('user', id: 42) }
+
+    %w(facebook github google liveid vk).each do |provider|
+      context "when #{provider}" do
+        before(:each) do
+          sorcery_model_property_set(:authentications_class, Authentication)
+          sorcery_controller_property_set(:session_timeout,0.5)
+          stub_all_oauth2_requests!
+        end
+
+        after(:each) do
+          Timecop.return
+        end
+
+        it "does not reset session before session timeout" do
+          expect(User).to receive(:load_from_provider).with(provider.to_sym, '123').and_return(user)
+          get "test_login_from_#{provider}".to_sym
+
+          expect(session[:user_id]).not_to be_nil
+          expect(flash[:notice]).to eq "Success!"
+        end
+
+        it "resets session after session timeout" do
+          expect(User).to receive(:load_from_provider).with(provider.to_sym, '123').and_return(user)
+          get "test_login_from_#{provider}".to_sym
+          expect(session[:user_id]).to eq "42"
+          Timecop.travel(Time.now.in_time_zone+0.6)
+          get :test_should_be_logged_in
+
+          expect(session[:user_id]).to be_nil
+          expect(response).to be_a_redirect
+        end
+      end
+    end
+  end
+
+  def stub_all_oauth2_requests!
+    access_token    = double(OAuth2::AccessToken)
+    allow(access_token).to receive(:token_param=)
+    response        = double(OAuth2::Response)
+    allow(response).to receive(:body) { {
+      "id"=>"123",
+      "name"=>"Noam Ben Ari",
+      "first_name"=>"Noam",
+      "last_name"=>"Ben Ari",
+      "link"=>"http://www.facebook.com/nbenari1",
+      "hometown"=>{"id"=>"110619208966868", "name"=>"Haifa, Israel"},
+      "location"=>{"id"=>"106906559341067", "name"=>"Pardes Hanah, Hefa, Israel"},
+      "bio"=>"I'm a new daddy, and enjoying it!",
+      "gender"=>"male",
+      "email"=>"nbenari@gmail.com",
+      "timezone"=>2,
+      "locale"=>"en_US",
+      "languages"=>[{"id"=>"108405449189952", "name"=>"Hebrew"}, {"id"=>"106059522759137", "name"=>"English"}, {"id"=>"112624162082677", "name"=>"Russian"}],
+      "verified"=>true,
+      "updated_time"=>"2011-02-16T20:59:38+0000",
+      # response for VK auth
+      "response"=>[
+          {
+            "uid"=>"123",
+            "first_name"=>"Noam",
+            "last_name"=>"Ben Ari"
+            }
+        ]}.to_json }
+    allow(access_token).to receive(:get) { response }
+    allow(access_token).to receive(:token) { "187041a618229fdaf16613e96e1caabc1e86e46bbfad228de41520e63fe45873684c365a14417289599f3" }
+    # access_token params for VK auth
+    allow(access_token).to receive(:params) { { "user_id"=>"100500", "email"=>"nbenari@gmail.com" } }
+    allow_any_instance_of(OAuth2::Strategy::AuthCode).to receive(:get_token) { access_token }
+  end
+
+  def set_external_property
+    sorcery_controller_property_set(:external_providers, [:facebook, :github, :google, :liveid, :vk])
+    sorcery_controller_external_property_set(:facebook, :key, "eYVNBjBDi33aa9GkA3w")
+    sorcery_controller_external_property_set(:facebook, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+    sorcery_controller_external_property_set(:facebook, :callback_url, "http://blabla.com")
+    sorcery_controller_external_property_set(:github, :key, "eYVNBjBDi33aa9GkA3w")
+    sorcery_controller_external_property_set(:github, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+    sorcery_controller_external_property_set(:github, :callback_url, "http://blabla.com")
+    sorcery_controller_external_property_set(:google, :key, "eYVNBjBDi33aa9GkA3w")
+    sorcery_controller_external_property_set(:google, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+    sorcery_controller_external_property_set(:google, :callback_url, "http://blabla.com")
+    sorcery_controller_external_property_set(:liveid, :key, "eYVNBjBDi33aa9GkA3w")
+    sorcery_controller_external_property_set(:liveid, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+    sorcery_controller_external_property_set(:liveid, :callback_url, "http://blabla.com")
+    sorcery_controller_external_property_set(:vk, :key, "eYVNBjBDi33aa9GkA3w")
+    sorcery_controller_external_property_set(:vk, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+    sorcery_controller_external_property_set(:vk, :callback_url, "http://blabla.com")
+  end
+
+  def provider_url(provider)
+    {
+      github: "https://github.com/login/oauth/authorize?client_id=#{::Sorcery::Controller::Config.github.key}&display=&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=&state=",
+      google: "https://accounts.google.com/o/oauth2/auth?client_id=#{::Sorcery::Controller::Config.google.key}&display=&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&state=",
+      liveid: "https://oauth.live.com/authorize?client_id=#{::Sorcery::Controller::Config.liveid.key}&display=&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=wl.basic+wl.emails+wl.offline_access&state=",
+      vk: "https://oauth.vk.com/authorize?client_id=#{::Sorcery::Controller::Config.vk.key}&display=&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=#{::Sorcery::Controller::Config.vk.scope}&state="
+    }[provider]
+  end
+
+end
+