diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 00415285f6c..7a63a740fa7 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -111,15 +111,6 @@ class ApplicationController < ActionController::Base
     @guardian ||= Guardian.new(current_user)
   end
 
-  def log_on_user(user)
-    session[:current_user_id] = user.id
-    unless user.auth_token
-      user.auth_token = SecureRandom.hex(16)
-      user.save!
-    end
-    cookies.permanent[:_t] = { :value => user.auth_token, :httponly => true }
-  end
-
   # This is odd, but it seems that in Rails `render json: obj` is about
   # 20% slower than calling MultiJSON.dump ourselves. I'm not sure why
   # Rails doesn't call MultiJson.dump when you pass it json: obj but
diff --git a/app/models/user.rb b/app/models/user.rb
index e9ae855b7da..5a8615b8da5 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -291,6 +291,13 @@ class User < ActiveRecord::Base
     end
   end
 
+  def update_ip_address!(new_ip_address)
+    if (ip_address != new_ip_address) and new_ip_address.present?
+      @current_user.ip_address = new_ip_address
+      @current_user.update_column(:ip_address, new_ip_address)
+    end
+  end
+
   def update_last_seen!
     now = DateTime.now
     now_date = now.to_date
diff --git a/lib/current_user.rb b/lib/current_user.rb
index bda9065f044..5b21650352d 100644
--- a/lib/current_user.rb
+++ b/lib/current_user.rb
@@ -2,13 +2,22 @@ module CurrentUser
 
   def self.lookup_from_env(env)
     request = Rack::Request.new(env)
-    auth_token = request.cookies[:_t]
-    user = nil
+    lookup_from_auth_token(request.cookies["_t"])
+  end
+
+  def self.lookup_from_auth_token(auth_token)
     if auth_token && auth_token.length == 32
-      user = User.where(auth_token: auth_token).first 
+      User.where(auth_token: auth_token).first 
     end
-    
-    return user
+  end
+
+  def log_on_user(user)
+    session[:current_user_id] = user.id
+    unless user.auth_token
+      user.auth_token = SecureRandom.hex(16)
+      user.save!
+    end
+    cookies.permanent[:_t] = { :value => user.auth_token, :httponly => true }
   end
 
   def current_user
@@ -16,11 +25,8 @@ module CurrentUser
 
     if session[:current_user_id].blank?
       # maybe we have a cookie? 
-      auth_token = cookies[:_t]
-      if auth_token && auth_token.length == 32
-        @current_user = User.where(auth_token: auth_token).first
-        session[:current_user_id] = @current_user.id if @current_user
-      end
+      @current_user = CurrentUser.lookup_from_auth_token(cookies["_t"])
+      session[:current_user_id] = @current_user.id if @current_user
     else
       @current_user ||= User.where(id: session[:current_user_id]).first
     end
@@ -32,10 +38,7 @@ module CurrentUser
     @not_logged_in = session[:current_user_id].blank?
     if @current_user
       @current_user.update_last_seen! 
-      if (@current_user.ip_address != request.remote_ip) and request.remote_ip.present?
-        @current_user.ip_address = request.remote_ip
-        @current_user.update_column(:ip_address, request.remote_ip)
-      end
+      @current_user.update_ip_address!(request.remote_ip)
     end
     @current_user
   end
diff --git a/spec/components/current_user_spec.rb b/spec/components/current_user_spec.rb
new file mode 100644
index 00000000000..c49fc9f017b
--- /dev/null
+++ b/spec/components/current_user_spec.rb
@@ -0,0 +1,15 @@
+require 'spec_helper'
+require_dependency 'current_user'
+
+describe CurrentUser do
+  it "allows us to lookup a user from our environment" do 
+    token = EmailToken.generate_token
+    user = Fabricate.build(:user)
+    User.expects(:where).returns([user])
+    CurrentUser.lookup_from_env("HTTP_COOKIE" => "_t=#{token};").should == user
+  end
+
+  it "allows us to lookup a user from our app" do 
+  end
+
+end