sorcery 0.5.3 → 0.5.21

data/lib/sorcery/model.rb

@@ -3,8 +3,7 @@ module Sorcery
   # It should be included into the ORM base class.
   # In the case of Rails this is usually ActiveRecord (actually, in that case, the plugin does this automatically).
   #
-  # When included it defines a single method: 'activate_sorcery!' which when called adds the other capabilities 
-  # to the class.
+  # When included it defines a single method: 'activate_sorcery!' which when called adds the other capabilities to the class.
   # This method is also the place to configure the plugin in the Model layer.
   module Model
     def self.included(klass)
@@ -21,8 +20,7 @@ module Sorcery
                 begin
                   include Submodules.const_get(mod.to_s.split("_").map {|p| p.capitalize}.join("")) 
                 rescue NameError
-                  # don't stop on a missing submodule. Needed because some submodules are only defined 
-                  # in the controller side.
+                  # don't stop on a missing submodule. Needed because some submodules are only defined in the controller side.
                 end
               end
             end
@@ -32,10 +30,11 @@ module Sorcery
 
             # Mongoid support
             self.class_eval do
-              field sorcery_config.username_attribute_name,         :type => String
-              field sorcery_config.email_attribute_name,            :type => String unless sorcery_config.username_attribute_name == sorcery_config.email_attribute_name
-              field sorcery_config.crypted_password_attribute_name, :type => String
-              field sorcery_config.salt_attribute_name,             :type => String
+              field sorcery_config.username_attribute_name, type: String
+              #field sorcery_config.password_attribute_name, type: String
+              field sorcery_config.email_attribute_name, type: String unless sorcery_config.username_attribute_name == sorcery_config.email_attribute_name
+              field sorcery_config.crypted_password_attribute_name, type: String
+              field sorcery_config.salt_attribute_name, type: String
             end if defined?(Mongoid) and self.ancestors.include?(Mongoid::Document)
 
             # add virtual password accessor and ORM callbacks
@@ -148,38 +147,26 @@ module Sorcery
     end
 
     # Each class which calls 'activate_sorcery!' receives an instance of this class.
-    # Every submodule which gets loaded may add accessors to this class so that all 
-    # options will be configured from a single place.
+    # Every submodule which gets loaded may add accessors to this class so that all options will be configured from a single place.
     class Config
 
-      attr_accessor :username_attribute_name,           # change default username attribute, for example, to use :email
-                                                        # as the login.
-                                                        
-                    :password_attribute_name,           # change *virtual* password attribute, the one which is used
-                                                        # until an encrypted one is generated.
-                                                        
+      attr_accessor :username_attribute_name,           # change default username attribute, for example, to use :email as the login.
+                    :password_attribute_name,           # change *virtual* password attribute, the one which is used until an encrypted one is generated.
                     :email_attribute_name,              # change default email attribute.
                     :crypted_password_attribute_name,   # change default crypted_password attribute.
                     :salt_join_token,                   # what pattern to use to join the password with the salt
                     :salt_attribute_name,               # change default salt attribute.
                     :stretches,                         # how many times to apply encryption to the password.
-                    :encryption_key,                    # encryption key used to encrypt reversible encryptions such as
-                                                        # AES256.
-                                                        
-                    :subclasses_inherit_config,         # make this configuration inheritable for subclasses. Useful for
-                                                        # ActiveRecord's STI.
+                    :encryption_key,                    # encryption key used to encrypt reversible encryptions such as AES256.
+                    :subclasses_inherit_config,         # make this configuration inheritable for subclasses. Useful for ActiveRecord's STI.
                     
                     :submodules,                        # configured in config/application.rb
-                    :before_authenticate,               # an array of method names to call before authentication
-                                                        # completes. used internally.
-                                                        
-                    :after_config                       # an array of method names to call after configuration by user.
-                                                        # used internally.
+                    :before_authenticate,               # an array of method names to call before authentication completes. used internally.
+                    :after_config                       # an array of method names to call after configuration by user. used internally.
                     
       attr_reader   :encryption_provider,               # change default encryption_provider.
                     :custom_encryption_provider,        # use an external encryption class.
-                    :encryption_algorithm               # encryption algorithm name. See 'encryption_algorithm=' below
-                                                        # for available options.
+                    :encryption_algorithm               # encryption algorithm name. See 'encryption_algorithm=' below for available options.
 
       def initialize
         @defaults = {

data/lib/sorcery/model/adapters/active_record.rb

@@ -11,7 +11,7 @@ module Sorcery
             where("#{@sorcery_config.username_attribute_name} = ?", credentials[0]).first
           end
 
-          def find_by_sorcery_token(token_attr_name, token)
+          def find_by_token(token_attr_name, token)
             where("#{token_attr_name} = ?", token).first
           end
 
@@ -25,4 +25,4 @@ module Sorcery
       end
     end
   end
-end
+end

data/lib/sorcery/model/adapters/mongoid.rb

@@ -43,7 +43,7 @@ module Sorcery
             tap(&blk)
           end
 
-          def find_by_sorcery_token(token_attr_name, token)
+          def find_by_token(token_attr_name, token)
             where(token_attr_name => token).first
           end
 
@@ -61,4 +61,4 @@ module Sorcery
       end
     end
   end
-end
+end

data/lib/sorcery/model/submodules/activity_logging.rb

@@ -3,8 +3,8 @@ module Sorcery
     module Submodules
       # This submodule keeps track of events such as login, logout, and last activity time, per user.
       # It helps in estimating which users are active now in the site.
-      # This cannot be determined absolutely because a user might be reading a page without clicking anything 
-      # for a while.
+      # This cannot be determined absolutely because a user might be reading a page without clicking anything for a while.
+      
       # This is the model part of the submodule, which provides configuration options.
       module ActivityLogging
         def self.included(base)
@@ -14,8 +14,7 @@ module Sorcery
             attr_accessor :last_login_at_attribute_name,                  # last login attribute name.
                           :last_logout_at_attribute_name,                 # last logout attribute name.
                           :last_activity_at_attribute_name,               # last activity attribute name.
-                          :activity_timeout                               # how long since last activity is 
-                                                                          #the user defined logged out?
+                          :activity_timeout                               # how long since last activity is the user defined logged out?
           end
           
           base.sorcery_config.instance_eval do
@@ -39,9 +38,9 @@ module Sorcery
           protected
 
           def define_activity_logging_mongoid_fields
-            field sorcery_config.last_login_at_attribute_name,    :type => DateTime
-            field sorcery_config.last_logout_at_attribute_name,   :type => DateTime
-            field sorcery_config.last_activity_at_attribute_name, :type => DateTime
+            field sorcery_config.last_login_at_attribute_name, type: DateTime
+            field sorcery_config.last_logout_at_attribute_name, type: DateTime
+            field sorcery_config.last_activity_at_attribute_name, type: DateTime
           end
         end
       end

data/lib/sorcery/model/submodules/brute_force_protection.rb

@@ -1,19 +1,15 @@
 module Sorcery
   module Model
     module Submodules
-      # This module helps protect user accounts by locking them down after too many failed attemps 
-      # to login were detected.
-      # This is the model part of the submodule which provides configuration options and methods 
-      # for locking and unlocking the user.
+      # This module helps protect user accounts by locking them down after too many failed attemps to login were detected.
+      # This is the model part of the submodule which provides configuration options and methods for locking and unlocking the user.
       module BruteForceProtection
         def self.included(base)
           base.sorcery_config.class_eval do
             attr_accessor :failed_logins_count_attribute_name,        # failed logins attribute name.
-                          :lock_expires_at_attribute_name,            # this field indicates whether user 
-                                                                      # is banned and when it will be active again.
+                          :lock_expires_at_attribute_name,            # this field indicates whether user is banned and when it will be active again.
                           :consecutive_login_retries_amount_limit,    # how many failed logins allowed.
-                          :login_lock_time_period                     # how long the user should be banned. 
-                                                                      # in seconds. 0 for permanent.
+                          :login_lock_time_period                     # how long the user should be banned. in seconds. 0 for permanent.
           end
           
           base.sorcery_config.instance_eval do
@@ -34,8 +30,8 @@ module Sorcery
           protected
 
           def define_brute_force_protection_mongoid_fields
-            field sorcery_config.failed_logins_count_attribute_name,  :type => Integer
-            field sorcery_config.lock_expires_at_attribute_name,      :type => DateTime
+            field sorcery_config.failed_logins_count_attribute_name, type: Integer
+            field sorcery_config.lock_expires_at_attribute_name, type: DateTime
           end
         end
         

data/lib/sorcery/model/submodules/external.rb

@@ -5,11 +5,9 @@ module Sorcery
       # This is the model part which handles finding the user using access tokens.
       # For the controller options see Sorcery::Controller::External.
       #
-      # Socery assumes (read: requires) you will create external users in the same table where
-      # you keep your regular users,
+      # Socery assumes (read: requires) you will create external users in the same table where you keep your regular users,
       # but that you will have a separate table for keeping their external authentication data,
-      # and that that separate table has a few rows for each user, facebook and twitter 
-      # for example (a one-to-many relationship).
+      # and that that separate table has a few rows for each user, facebook and twitter for example (a one-to-many relationship).
       #
       # External users will have a null crypted_password field, since we do not hold their password.
       # They will not be sent activation emails on creation.

data/lib/sorcery/model/submodules/remember_me.rb

@@ -1,8 +1,7 @@
 module Sorcery
   module Model
     module Submodules
-      # The Remember Me submodule takes care of setting the user's cookie so that he will 
-      # be automatically logged in to the site on every visit,
+      # The Remember Me submodule takes care of setting the user's cookie so that he will be automatically logged in to the site on every visit,
       # until the cookie expires.
       module RememberMe
         def self.included(base)
@@ -32,8 +31,8 @@ module Sorcery
           protected
 
           def define_remember_me_mongoid_fields
-            field sorcery_config.remember_me_token_attribute_name,            :type => String
-            field sorcery_config.remember_me_token_expires_at_attribute_name, :type => Time
+            field sorcery_config.remember_me_token_attribute_name, type: String
+            field sorcery_config.remember_me_token_expires_at_attribute_name, type: DateTime
           end
 
         end

data/lib/sorcery/model/submodules/reset_password.rb

@@ -5,8 +5,7 @@ module Sorcery
       # When the user requests an email is sent to him with a url.
       # The url includes a token, which is also saved with the user's record in the db.
       # The token has configurable expiration.
-      # When the user clicks the url in the email, providing the token has not yet expired,
-      # he will be able to reset his password via a form.
+      # When the user clicks the url in the email, providing the token has not yet expired, he will be able to reset his password via a form.
       #
       # When using this submodule, supplying a mailer is mandatory.
       module ResetPassword       
@@ -14,18 +13,11 @@ module Sorcery
           base.sorcery_config.class_eval do
             attr_accessor :reset_password_token_attribute_name,              # reset password code attribute name.
                           :reset_password_token_expires_at_attribute_name,   # expires at attribute name.
-                          :reset_password_email_sent_at_attribute_name,      # when was email sent, used for hammering
-                                                                             # protection.
-                                                                             
+                          :reset_password_email_sent_at_attribute_name,      # when was email sent, used for hammering protection.
                           :reset_password_mailer,                            # mailer class. Needed.
-                          :reset_password_email_method_name,                 # reset password email method on your
-                                                                             # mailer class.
-                                                                             
-                          :reset_password_expiration_period,                 # how many seconds before the reset request
-                                                                             # expires. nil for never expires.
-                                                                             
-                          :reset_password_time_between_emails                # hammering protection, how long to wait
-                                                                             # before allowing another email to be sent.
+                          :reset_password_email_method_name,                 # reset password email method on your mailer class.
+                          :reset_password_expiration_period,                 # how many seconds before the reset request expires. nil for never expires.
+                          :reset_password_time_between_emails                # hammering protection, how long to wait before allowing another email to be sent.
 
           end
           
@@ -69,9 +61,9 @@ module Sorcery
           end
 
           def define_reset_password_mongoid_fields
-            field sorcery_config.reset_password_token_attribute_name,             :type => String
-            field sorcery_config.reset_password_token_expires_at_attribute_name,  :type => DateTime
-            field sorcery_config.reset_password_email_sent_at_attribute_name,     :type => DateTime
+            field sorcery_config.reset_password_token_attribute_name, type: String
+            field sorcery_config.reset_password_token_expires_at_attribute_name, type: DateTime
+            field sorcery_config.reset_password_email_sent_at_attribute_name, type: DateTime
           end
         end
         

data/lib/sorcery/model/submodules/user_activation.rb

@@ -8,27 +8,14 @@ module Sorcery
       module UserActivation
         def self.included(base)
           base.sorcery_config.class_eval do
-            attr_accessor :activation_state_attribute_name,               # the attribute name to hold activation state
-                                                                          # (active/pending).
-                                                                          
-                          :activation_token_attribute_name,               # the attribute name to hold activation code
-                                                                          # (sent by email).
-                                                                          
-                          :activation_token_expires_at_attribute_name,    # the attribute name to hold activation code
-                                                                          # expiration date. 
-                                                                          
-                          :activation_token_expiration_period,            # how many seconds before the activation code
-                                                                          # expires. nil for never expires.
-                                                                          
+            attr_accessor :activation_state_attribute_name,               # the attribute name to hold activation state (active/pending).
+                          :activation_token_attribute_name,               # the attribute name to hold activation code (sent by email).
+                          :activation_token_expires_at_attribute_name,    # the attribute name to hold activation code expiration date. 
+                          :activation_token_expiration_period,            # how many seconds before the activation code expires. nil for never expires.
                           :user_activation_mailer,                        # your mailer class. Required.
-                          :activation_needed_email_method_name,           # activation needed email method on your
-                                                                          # mailer class.
-                                                                          
-                          :activation_success_email_method_name,          # activation success email method on your
-                                                                          # mailer class.
-                                                                          
-                          :prevent_non_active_users_to_login              # do you want to prevent or allow users that
-                                                                          # did not activate by email to login?
+                          :activation_needed_email_method_name,           # activation needed email method on your mailer class.
+                          :activation_success_email_method_name,          # activation success email method on your mailer class.
+                          :prevent_non_active_users_to_login              # do you want to prevent or allow users that did not activate by email to login?
           end
           
           base.sorcery_config.instance_eval do
@@ -80,9 +67,9 @@ module Sorcery
 
           def define_user_activation_mongoid_fields
             self.class_eval do
-              field sorcery_config.activation_state_attribute_name,            :type => String
-              field sorcery_config.activation_token_attribute_name,            :type => String
-              field sorcery_config.activation_token_expires_at_attribute_name, :type => DateTime
+              field sorcery_config.activation_state_attribute_name, type: String
+              field sorcery_config.activation_token_attribute_name, type: String
+              field sorcery_config.activation_token_expires_at_attribute_name, type: DateTime
             end
           end
         end

data/lib/sorcery/model/temporary_token.rb

@@ -1,8 +1,7 @@
 module Sorcery
   module Model
     # This module encapsulates the logic for temporary token.
-    # A temporary token is created to identify a user in scenarios 
-    # such as reseting password and activating the user by email.
+    # A temporary token is created to identify a user in scenarios such as reseting password and activating the user by email.
     module TemporaryToken
       def self.included(base)
         base.extend(ClassMethods)
@@ -11,7 +10,7 @@ module Sorcery
       module ClassMethods
         def load_from_token(token, token_attr_name, token_expiration_date_attr)
           return nil if token.blank?
-          user = find_by_sorcery_token(token_attr_name,token)
+          user = find_by_token(token_attr_name,token)
           if !user.blank? && !user.send(token_expiration_date_attr).nil?
             return Time.now.utc < user.send(token_expiration_date_attr) ? user : nil
           end

data/lib/sorcery/test_helpers/internal.rb

@@ -15,8 +15,7 @@ module Sorcery
       end
 
       # a patch to fix a bug in testing that happens when you 'destroy' a session twice.
-      # After the first destroy, the session is an ordinary hash, and then when destroy 
-      # is called again there's an exception.
+      # After the first destroy, the session is an ordinary hash, and then when destroy is called again there's an exception.
       class ::Hash
         def destroy
           clear

data/lib/sorcery/test_helpers/internal/rails.rb

@@ -4,11 +4,7 @@ module Sorcery
       module Rails
         include ::Sorcery::TestHelpers::Rails
 
-        SUBMODUELS_AUTO_ADDED_CONTROLLER_FILTERS = [
-          :register_last_activity_time_to_db, 
-          :deny_banned_user, 
-          :validate_session
-        ]
+        SUBMODUELS_AUTO_ADDED_CONTROLLER_FILTERS = [:register_last_activity_time_to_db, :deny_banned_user, :validate_session]
 
         def sorcery_reload!(submodules = [], options = {})
           reload_user_class

data/sorcery.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{sorcery}
-  s.version = "0.5.3"
+  s.version = "0.5.21"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Noam Ben Ari"]
-  s.date = %q{2011-07-01}
+  s.date = %q{2011-05-20}
   s.description = %q{Provides common authentication needs such as signing in/out, activating by email and resetting password.}
   s.email = %q{nbenari@gmail.com}
   s.extra_rdoc_files = [
@@ -218,13 +218,6 @@ Gem::Specification.new do |s|
     "spec/rails3_mongoid/spec/user_reset_password_spec.rb",
     "spec/rails3_mongoid/spec/user_spec.rb",
     "spec/rails3_mongoid/vendor/plugins/.gitkeep",
-    "spec/shared_examples/user_activation_shared_examples.rb",
-    "spec/shared_examples/user_activity_logging_shared_examples.rb",
-    "spec/shared_examples/user_brute_force_protection_shared_examples.rb",
-    "spec/shared_examples/user_oauth_shared_examples.rb",
-    "spec/shared_examples/user_remember_me_shared_examples.rb",
-    "spec/shared_examples/user_reset_password_shared_examples.rb",
-    "spec/shared_examples/user_shared_examples.rb",
     "spec/sinatra/Gemfile",
     "spec/sinatra/Gemfile.lock",
     "spec/sinatra/Rakefile",
@@ -362,13 +355,6 @@ Gem::Specification.new do |s|
     "spec/rails3_mongoid/spec/user_remember_me_spec.rb",
     "spec/rails3_mongoid/spec/user_reset_password_spec.rb",
     "spec/rails3_mongoid/spec/user_spec.rb",
-    "spec/shared_examples/user_activation_shared_examples.rb",
-    "spec/shared_examples/user_activity_logging_shared_examples.rb",
-    "spec/shared_examples/user_brute_force_protection_shared_examples.rb",
-    "spec/shared_examples/user_oauth_shared_examples.rb",
-    "spec/shared_examples/user_remember_me_shared_examples.rb",
-    "spec/shared_examples/user_reset_password_shared_examples.rb",
-    "spec/shared_examples/user_shared_examples.rb",
     "spec/sinatra/authentication.rb",
     "spec/sinatra/db/migrate/activation/20101224223622_add_activation_to_users.rb",
     "spec/sinatra/db/migrate/activity_logging/20101224223624_add_activity_logging_to_users.rb",

data/spec/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ../
   specs:
-    sorcery (0.5.21)
+    sorcery (0.5.2)
       bcrypt-ruby (~> 2.1.4)
       oauth (>= 0.4.4)
       oauth (>= 0.4.4)

data/spec/rails3/Gemfile.lock

@@ -2,7 +2,7 @@ PATH
   remote: ../../../
   specs:
     oauth (0.4.4)
-    sorcery (0.5.21)
+    sorcery (0.5.2)
       bcrypt-ruby (~> 2.1.4)
       oauth (>= 0.4.4)
       oauth (>= 0.4.4)

data/spec/rails3/spec/user_activation_spec.rb

@@ -1,6 +1,5 @@
 require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
 require File.expand_path(File.dirname(__FILE__) + '/../app/mailers/sorcery_mailer')
-require File.expand_path(File.dirname(__FILE__) + '/../../shared_examples/user_activation_shared_examples')
 
 describe "User with activation submodule" do
   before(:all) do
@@ -11,6 +10,173 @@ describe "User with activation submodule" do
     ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activation")
   end
 
-  it_behaves_like "rails_3_activation_model"
+  # ----------------- PLUGIN CONFIGURATION -----------------------
+  describe User, "loaded plugin configuration" do
+    before(:all) do
+      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
+    end
+  
+    after(:each) do
+      User.sorcery_config.reset!
+      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
+    end
+    
+    it "should enable configuration option 'activation_state_attribute_name'" do
+      sorcery_model_property_set(:activation_state_attribute_name, :status)
+      User.sorcery_config.activation_state_attribute_name.should equal(:status)    
+    end
+    
+    it "should enable configuration option 'activation_token_attribute_name'" do
+      sorcery_model_property_set(:activation_token_attribute_name, :code)
+      User.sorcery_config.activation_token_attribute_name.should equal(:code)    
+    end
+    
+    it "should enable configuration option 'user_activation_mailer'" do
+      sorcery_model_property_set(:user_activation_mailer, TestMailer)
+      User.sorcery_config.user_activation_mailer.should equal(TestMailer)    
+    end
+    
+    it "should enable configuration option 'activation_needed_email_method_name'" do
+      sorcery_model_property_set(:activation_needed_email_method_name, :my_activation_email)
+      User.sorcery_config.activation_needed_email_method_name.should equal(:my_activation_email)
+    end
+    
+    it "should enable configuration option 'activation_success_email_method_name'" do
+      sorcery_model_property_set(:activation_success_email_method_name, :my_activation_email)
+      User.sorcery_config.activation_success_email_method_name.should equal(:my_activation_email)
+    end
+    
+    it "if mailer is nil on activation, throw exception!" do
+      expect{sorcery_reload!([:user_activation])}.to raise_error(ArgumentError)
+    end
+  end
+
+  # ----------------- ACTIVATION PROCESS -----------------------
+  describe User, "activation process" do
+    before(:all) do
+      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
+    end
+    
+    before(:each) do
+      create_new_user
+    end
+    
+    it "should initialize user state to 'pending'" do
+      @user.activation_state.should == "pending"
+    end
+    
+    specify { @user.should respond_to(:activate!) }
+    
+    it "should clear activation code and change state to 'active' on activation" do
+      activation_token = @user.activation_token
+      @user.activate!
+      @user2 = User.find(@user.id) # go to db to make sure it was saved and not just in memory
+      @user2.activation_token.should be_nil
+      @user2.activation_state.should == "active"
+      User.find_by_activation_token(activation_token).should be_nil
+    end
+    
+    it "should send the user an activation email" do
+      old_size = ActionMailer::Base.deliveries.size
+      create_new_user
+      ActionMailer::Base.deliveries.size.should == old_size + 1
+    end
+    
+    it "subsequent saves do not send activation email" do
+      old_size = ActionMailer::Base.deliveries.size
+      @user.username = "Shauli"
+      @user.save!
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+    
+    it "should send the user an activation success email on successful activation" do
+      old_size = ActionMailer::Base.deliveries.size
+      @user.activate!
+      ActionMailer::Base.deliveries.size.should == old_size + 1
+    end
+    
+    it "subsequent saves do not send activation success email" do
+      @user.activate!
+      old_size = ActionMailer::Base.deliveries.size
+      @user.username = "Shauli"
+      @user.save!
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+    
+    it "activation needed email is optional" do
+      sorcery_model_property_set(:activation_needed_email_method_name, nil)
+      old_size = ActionMailer::Base.deliveries.size
+      create_new_user
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+    
+    it "activation success email is optional" do
+      sorcery_model_property_set(:activation_success_email_method_name, nil)
+      old_size = ActionMailer::Base.deliveries.size
+      @user.activate!
+      ActionMailer::Base.deliveries.size.should == old_size
+    end
+  end
+
+  describe User, "prevent non-active login feature" do
+    before(:all) do
+      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
+    end
+    
+    it "should not allow a non-active user to authenticate" do
+      create_new_user
+      User.authenticate(@user.username,'secret').should be_false
+    end
+    
+    it "should allow a non-active user to authenticate if configured so" do
+      create_new_user
+      sorcery_model_property_set(:prevent_non_active_users_to_login, false)
+      User.authenticate(@user.username,'secret').should be_true
+    end
+  end
+  
+  describe User, "load_from_activation_token" do
+    before(:all) do
+      sorcery_reload!([:user_activation], :user_activation_mailer => ::SorceryMailer)
+    end
+    
+    after(:each) do
+      Timecop.return
+    end
+    
+    it "load_from_activation_token should return user when token is found" do
+      create_new_user
+      User.load_from_activation_token(@user.activation_token).should == @user
+    end
+    
+    it "load_from_activation_token should NOT return user when token is NOT found" do
+      create_new_user
+      User.load_from_activation_token("a").should == nil
+    end
+    
+    it "load_from_activation_token should return user when token is found and not expired" do
+      sorcery_model_property_set(:activation_token_expiration_period, 500)
+      create_new_user
+      User.load_from_activation_token(@user.activation_token).should == @user
+    end
+    
+    it "load_from_activation_token should NOT return user when token is found and expired" do
+      sorcery_model_property_set(:activation_token_expiration_period, 0.1)
+      create_new_user
+      Timecop.travel(Time.now+0.5)
+      User.load_from_activation_token(@user.activation_token).should == nil
+    end
+    
+    it "load_from_activation_token should return nil if token is blank" do
+      User.load_from_activation_token(nil).should == nil
+      User.load_from_activation_token("").should == nil
+    end
+    
+    it "load_from_activation_token should always be valid if expiration period is nil" do
+      sorcery_model_property_set(:activation_token_expiration_period, nil)
+      create_new_user
+      User.load_from_activation_token(@user.activation_token).should == @user
+    end
+  end
   
 end