5.41.7

Currently translated at 99.6% (287 of 288 strings)

Translated using Weblate (Spanish)

Currently translated at 100.0% (288 of 288 strings)

Translated using Weblate (Spanish)

Currently translated at 100.0% (862 of 862 strings)

Translated using Weblate (Spanish)

Currently translated at 100.0% (932 of 932 strings)

Translated using Weblate (Korean)

Currently translated at 100.0% (193 of 193 strings)

Translated using Weblate (Korean)

Currently translated at 89.1% (99 of 111 strings)

Translated using Weblate (Korean)

Currently translated at 70.5% (608 of 862 strings)

Translated using Weblate (Korean)

Currently translated at 100.0% (167 of 167 strings)

Translated using Weblate (Korean)

Currently translated at 100.0% (167 of 167 strings)

Translated using Weblate (Korean)

Currently translated at 58.0% (165 of 284 strings)

Translated using Weblate (French)

Currently translated at 100.0% (862 of 862 strings)

Translated using Weblate (German)

Currently translated at 99.7% (930 of 932 strings)

Translated using Weblate (Chinese (Simplified))

Currently translated at 100.0% (862 of 862 strings)

Translated using Weblate (French)

Currently translated at 98.2% (847 of 862 strings)

Translated using Weblate (Chinese (Simplified))

Currently translated at 100.0% (932 of 932 strings)

Translated using Weblate (French)

Currently translated at 100.0% (932 of 932 strings)

Translated using Weblate (Spanish)

Currently translated at 98.9% (853 of 862 strings)

Translated using Weblate (Japanese)

Currently translated at 99.7% (860 of 862 strings)

Translated using Weblate (Japanese)

Currently translated at 100.0% (932 of 932 strings)

Translated using Weblate (English (United Kingdom))

Currently translated at 99.3% (926 of 932 strings)

Translated using Weblate (Korean)

Currently translated at 96.3% (889 of 923 strings)

Translated using Weblate (Korean)

Currently translated at 86.4% (798 of 923 strings)

Translated using Weblate (Japanese)

Currently translated at 100.0% (923 of 923 strings)

Translated using Weblate (Indonesian)

Currently translated at 100.0% (247 of 247 strings)

Translated using Weblate (Indonesian)

Currently translated at 97.5% (241 of 247 strings)

Translated using Weblate (Spanish (Latin America))

Currently translated at 100.0% (167 of 167 strings)

Translated using Weblate (Spanish (Latin America))

Currently translated at 100.0% (167 of 167 strings)

Translated using Weblate (Spanish (Latin America))

Currently translated at 100.0% (167 of 167 strings)

Translated using Weblate (Spanish)

Currently translated at 100.0% (167 of 167 strings)

Translated using Weblate (Indonesian)

Currently translated at 96.7% (239 of 247 strings)

Translated using Weblate (Portuguese (Brazil))

Currently translated at 91.3% (3143 of 3441 strings)

Translated using Weblate (Portuguese (Brazil))

Currently translated at 91.3% (3143 of 3441 strings)

Translated using Weblate (Japanese)

Currently translated at 100.0% (412 of 412 strings)

Translated using Weblate (Portuguese (Brazil))

Currently translated at 91.0% (3134 of 3441 strings)

Translated using Weblate (Portuguese (Brazil))

Currently translated at 100.0% (271 of 271 strings)

Translated using Weblate (Portuguese (Brazil))

Currently translated at 100.0% (271 of 271 strings)

Translated using Weblate (Portuguese (Brazil))

Currently translated at 100.0% (284 of 284 strings)

Translated using Weblate (Portuguese (Brazil))

Currently translated at 90.4% (3112 of 3441 strings)

Translated using Weblate (Portuguese (Brazil))

Currently translated at 90.4% (3112 of 3441 strings)

Translated using Weblate (Portuguese (Brazil))

Currently translated at 100.0% (275 of 275 strings)

Translated using Weblate (Ukrainian)

Currently translated at 54.7% (1883 of 3441 strings)

Translated using Weblate (German)

Currently translated at 100.0% (189 of 189 strings)

Translated using Weblate (German)

Currently translated at 100.0% (189 of 189 strings)

Translated using Weblate (Portuguese (Brazil))

Currently translated at 100.0% (428 of 428 strings)

Translated using Weblate (Portuguese (Brazil))

Currently translated at 90.4% (3111 of 3441 strings)

Translated using Weblate (Portuguese (Brazil))

Currently translated at 100.0% (189 of 189 strings)

Translated using Weblate (Portuguese (Brazil))

Currently translated at 100.0% (862 of 862 strings)

Translated using Weblate (Portuguese)

Currently translated at 77.7% (147 of 189 strings)

Translated using Weblate (Portuguese (Brazil))

Currently translated at 100.0% (247 of 247 strings)

Translated using Weblate (Spanish (Latin America))

Currently translated at 75.6% (143 of 189 strings)

Translated using Weblate (Spanish (Latin America))

Currently translated at 74.0% (140 of 189 strings)

Translated using Weblate (Spanish (Latin America))

Currently translated at 100.0% (167 of 167 strings)

Translated using Weblate (Spanish (Latin America))

Currently translated at 100.0% (167 of 167 strings)

Translated using Weblate (Spanish (Latin America))

Currently translated at 71.9% (136 of 189 strings)

Translated using Weblate (Portuguese (Brazil))

Currently translated at 90.3% (3110 of 3441 strings)

Translated using Weblate (English (United Kingdom))

Currently translated at 71.2% (2452 of 3441 strings)

Translated using Weblate (Indonesian)

Currently translated at 92.7% (229 of 247 strings)

Translated using Weblate (German)

Currently translated at 100.0% (189 of 189 strings)

Translated using Weblate (Korean)

Currently translated at 68.0% (187 of 275 strings)

Translated using Weblate (Korean)

Currently translated at 67.2% (185 of 275 strings)

Translated using Weblate (Korean)

Currently translated at 83.2% (768 of 923 strings)

Translated using Weblate (Korean)

Currently translated at 67.2% (185 of 275 strings)

Co-authored-by: Ashlynn <ashlynn.samuella@gmail.com>
Co-authored-by: Douglas Meneghetti <douglasrizzom@gmail.com>
Co-authored-by: Gustavo Angelo <gustavoangeloow@gmail.com>
Co-authored-by: Israel Silva Araújo <yisrael.araujo@gmail.com>
Co-authored-by: Jaime Martí <jaumemarti77@icloud.com>
Co-authored-by: Jan Freihöfer <jan.stauch.is@gmail.com>
Co-authored-by: Judes Martinez <pivet50811@limtu.com>
Co-authored-by: Lapin <sirocuro01@gmail.com>
Co-authored-by: Laura Fleckenstein <fleckenstein_laura@web.de>
Co-authored-by: Leslie Munguía <moongeeuh@gmail.com>
Co-authored-by: Lio Zam <zerofux@web.de>
Co-authored-by: Raul Fogaça Sanches <raul.fsanches@hotmail.com>
Co-authored-by: Ri Vargas <goldenhaitang@gmail.com>
Co-authored-by: Sophie LE MASLE <sophiesuff@gmail.com>
Co-authored-by: Summer_GUI <heyang94@163.com>
Co-authored-by: Toro Mor <thomas.bizer@gmx.de>
Co-authored-by: Weblate <noreply@weblate.org>
Co-authored-by: Witza <witza87@gmail.com>
Co-authored-by: hyrge <mmsg4561@gmail.com>
Co-authored-by: いんこ <ayakabooker@gmail.com>
Co-authored-by: 이승연 <opus456@naver.com>
Co-authored-by: 이영지 <oukig2036@naver.com>
Translate-URL: https://translate.habitica.com/projects/habitica/achievements/es/
Translate-URL: https://translate.habitica.com/projects/habitica/achievements/es_419/
Translate-URL: https://translate.habitica.com/projects/habitica/achievements/ko/
Translate-URL: https://translate.habitica.com/projects/habitica/backgrounds/de/
Translate-URL: https://translate.habitica.com/projects/habitica/backgrounds/en_GB/
Translate-URL: https://translate.habitica.com/projects/habitica/backgrounds/es/
Translate-URL: https://translate.habitica.com/projects/habitica/backgrounds/fr/
Translate-URL: https://translate.habitica.com/projects/habitica/backgrounds/ja/
Translate-URL: https://translate.habitica.com/projects/habitica/backgrounds/ko/
Translate-URL: https://translate.habitica.com/projects/habitica/backgrounds/zh_Hans/
Translate-URL: https://translate.habitica.com/projects/habitica/challenge/ko/
Translate-URL: https://translate.habitica.com/projects/habitica/character/ko/
Translate-URL: https://translate.habitica.com/projects/habitica/content/ja/
Translate-URL: https://translate.habitica.com/projects/habitica/faq/id/
Translate-URL: https://translate.habitica.com/projects/habitica/faq/pt_BR/
Translate-URL: https://translate.habitica.com/projects/habitica/front/de/
Translate-URL: https://translate.habitica.com/projects/habitica/front/es_419/
Translate-URL: https://translate.habitica.com/projects/habitica/front/pt/
Translate-URL: https://translate.habitica.com/projects/habitica/front/pt_BR/
Translate-URL: https://translate.habitica.com/projects/habitica/gear/en_GB/
Translate-URL: https://translate.habitica.com/projects/habitica/gear/pt_BR/
Translate-URL: https://translate.habitica.com/projects/habitica/gear/uk/
Translate-URL: https://translate.habitica.com/projects/habitica/groups/pt_BR/
Translate-URL: https://translate.habitica.com/projects/habitica/limited/es/
Translate-URL: https://translate.habitica.com/projects/habitica/limited/ja/
Translate-URL: https://translate.habitica.com/projects/habitica/limited/ko/
Translate-URL: https://translate.habitica.com/projects/habitica/limited/pt_BR/
Translate-URL: https://translate.habitica.com/projects/habitica/questscontent/es/
Translate-URL: https://translate.habitica.com/projects/habitica/questscontent/fr/
Translate-URL: https://translate.habitica.com/projects/habitica/questscontent/ja/
Translate-URL: https://translate.habitica.com/projects/habitica/questscontent/ko/
Translate-URL: https://translate.habitica.com/projects/habitica/questscontent/pt_BR/
Translate-URL: https://translate.habitica.com/projects/habitica/questscontent/zh_Hans/
Translate-URL: https://translate.habitica.com/projects/habitica/settings/ko/
Translate-URL: https://translate.habitica.com/projects/habitica/settings/pt_BR/
Translate-URL: https://translate.habitica.com/projects/habitica/subscriber/pt_BR/
Translation: Habitica/Achievements
Translation: Habitica/Backgrounds
Translation: Habitica/Challenge
Translation: Habitica/Character
Translation: Habitica/Content
Translation: Habitica/Faq
Translation: Habitica/Front
Translation: Habitica/Gear
Translation: Habitica/Groups
Translation: Habitica/Limited
Translation: Habitica/Questscontent
Translation: Habitica/Settings
Translation: Habitica/Subscriber

.babelrc

@@ -9,4 +9,4 @@
       }
     ]
   ]
-}
+}

.eslintrc.js

@@ -7,5 +7,14 @@ module.exports = {
   rules: {
     'prefer-regex-literals': 'warn',
     'import/no-extraneous-dependencies': 'off',
+    'require-await': 'error',
   },
+  overrides: [
+    {
+      files: ['migrations/**', 'gulp/**'], // Or *.test.js
+      rules: {
+        'require-await': 'off',
+      },
+    },
+  ],
 };

.github/workflows/test.yml

@@ -1,6 +1,13 @@
 name: Test
 
-on: [push, pull_request]
+on:
+  push:
+    branches-ignore:
+    - 'phillip/**'
+    - 'sabrecat/**'
+    - 'kalista/**'
+    - 'natalie/**'
+  pull_request:
 
 permissions:
   contents: read
@@ -19,7 +26,8 @@ jobs:
       uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node-version }}
-    - run: sudo apt-get -y install libkrb5-dev
+    - run: sudo apt update
+    - run: sudo apt -y install libkrb5-dev
     - run: cp config.json.example config.json
     - name: npm install
       run: |
@@ -41,7 +49,8 @@ jobs:
       uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node-version }}
-    - run: sudo apt-get -y install libkrb5-dev
+    - run: sudo apt update
+    - run: sudo apt -y install libkrb5-dev
     - run: cp config.json.example config.json
     - name: npm install
       run: |
@@ -63,7 +72,8 @@ jobs:
       uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node-version }}
-    - run: sudo apt-get -y install libkrb5-dev
+    - run: sudo apt update
+    - run: sudo apt -y install libkrb5-dev
     - run: cp config.json.example config.json
     - name: npm install
       run: |
@@ -86,7 +96,8 @@ jobs:
       uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node-version }}
-    - run: sudo apt-get -y install libkrb5-dev
+    - run: sudo apt update
+    - run: sudo apt -y install libkrb5-dev
     - run: cp config.json.example config.json
     - name: npm install
       run: |
@@ -108,7 +119,8 @@ jobs:
       uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node-version }}
-    - run: sudo apt-get -y install libkrb5-dev
+    - run: sudo apt update
+    - run: sudo apt -y install libkrb5-dev
     - run: cp config.json.example config.json
     - name: npm install
       run: |
@@ -137,7 +149,8 @@ jobs:
       with:
         mongodb-version: ${{ matrix.mongodb-version }}
         mongodb-replica-set: rs
-    - run: sudo apt-get -y install libkrb5-dev
+    - run: sudo apt update
+    - run: sudo apt -y install libkrb5-dev
     - run: cp config.json.example config.json
     - name: npm install
       run: |
@@ -167,7 +180,8 @@ jobs:
       with:
         mongodb-version: ${{ matrix.mongodb-version }}
         mongodb-replica-set: rs
-    - run: sudo apt-get -y install libkrb5-dev
+    - run: sudo apt update
+    - run: sudo apt -y install libkrb5-dev
     - run: cp config.json.example config.json
     - name: npm install
       run: |
@@ -197,7 +211,8 @@ jobs:
       with:
         mongodb-version: ${{ matrix.mongodb-version }}
         mongodb-replica-set: rs
-    - run: sudo apt-get -y install libkrb5-dev
+    - run: sudo apt update
+    - run: sudo apt -y install libkrb5-dev
     - run: cp config.json.example config.json
     - name: npm install
       run: |
@@ -222,7 +237,8 @@ jobs:
       uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node-version }}
-    - run: sudo apt-get -y install libkrb5-dev
+    - run: sudo apt update
+    - run: sudo apt -y install libkrb5-dev
     - run: cp config.json.example config.json
     - name: npm install
       run: |
@@ -246,7 +262,8 @@ jobs:
       uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node-version }}
-    - run: sudo apt-get -y install libkrb5-dev
+    - run: sudo apt update
+    - run: sudo apt -y install libkrb5-dev
     - run: cp config.json.example config.json
     - name: npm install
       run: |

.gitignore

@@ -47,5 +47,5 @@ webpack.webstorm.config
 
 # mongodb replica set for local dev
 mongodb-*.tgz
-/mongodb-data
+/mongodb-data*
 /.nyc_output

.heroku/report_deploy.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+DEVELOPER="someone"
+if git rev-parse --git-dir > /dev/null 2>&1; then
+    DEVELOPERS=$(git log -5 --pretty=format:'%an')
+    IFS=$'\n'
+    DEVELOPER=""
+    for dev in $DEVELOPERS
+    do
+        if [ "$DEVELOPER" == "someone" ]; then
+            if [[ ${dev} != *"[bot]"* ]]; then
+                DEVELOPER=$dev
+                continue
+            fi
+            continue
+        fi
+    done
+fi
+
+PARTS=$(cut -d"." -f1 <<< $BASE_URL)
+SERVER_NAME=$(cut -d"/" -f3 <<< ${PARTS[0]})
+
+SERVER_NAME=":$SERVER_EMOJI: $SERVER_NAME"
+
+wget $SLACK_DEPLOY_URL --post-data="{\"server_name\": \"$SERVER_NAME\", \"developer\": \"$DEVELOPER\", \"base_url\": \"$BASE_URL\"}" -O /dev/null

README.md

@@ -1,14 +1,20 @@
-Habitica ![Build Status](https://github.com/HabitRPG/habitica/workflows/Test/badge.svg) [![Code Climate](https://codeclimate.com/github/HabitRPG/habitrpg.svg)](https://codeclimate.com/github/HabitRPG/habitrpg) [![Bountysource](https://api.bountysource.com/badge/tracker?tracker_id=68393)](https://www.bountysource.com/trackers/68393-habitrpg?utm_source=68393&utm_medium=shield&utm_campaign=TRACKER_BADGE)
+Habitica ![Build Status](https://github.com/HabitRPG/habitica/workflows/Test/badge.svg)
 ===============
 
-[Habitica](https://habitica.com) is an open-source habit-building program that treats your life like a role-playing game. Level up as you succeed, lose HP as you fail, and earn money to buy weapons and armor.
+[Habitica](https://habitica.com) is an open-source habit-building program that treats your life like a role-playing game. Level up as you succeed, lose HP as you fail, and earn Gold to buy weapons and armor!
 
-**We need more programmers!** Your assistance will be greatly appreciated. The wiki pages below and the additional pages they link to will tell you how to get started on contributing code and where you can go to seek further help or ask questions:
+**Want to contribute code to Habitica?** We're always looking for assistance on any issues in our repo with the "Help Wanted" label. The wiki pages below and the additional linked pages will tell you how to start contributing code and where you can seek further help or ask questions:
 * [Guidance for Blacksmiths](https://habitica.fandom.com/wiki/Guidance_for_Blacksmiths) - an introduction to the technologies used and how the software is organized.
-* [Setting up Habitica Locally](https://habitica.fandom.com/wiki/Setting_up_Habitica_Locally) - how to set up a local install of Habitica for development and testing on various platforms.
+* [Setting up Habitica Locally](https://github.com/HabitRPG/habitica/wiki/Setting-Up-Habitica-for-Local-Development) - how to set up a local install of Habitica for development and testing.
+
+**Interested in contributing to Habitica’s mobile apps?** Visit the links below for our mobile repositories.
+* **Android:** https://github.com/HabitRPG/habitica-android
+* **iOS:** https://github.com/HabitRPG/habitica-ios
 
 Habitica's code is licensed as described at https://github.com/HabitRPG/habitica/blob/develop/LICENSE
 
-**Found a bug?** Please report it to [admin email](mailto:admin@habitica.com) rather than creating an issue (an admin will advise you if a new issue is necessary; usually it is not).
+**Found a bug?** Please report it to [admin email](mailto:admin@habitica.com) rather than create an issue (an admin will advise you if a new issue is necessary; usually it is not).
 
-**Have any questions about Habitica or its community?** See the links in the [habitica.com](https://habitica.com) website's Help menu or drop in to [Guilds > Tavern Chat](https://habitica.com/groups/tavern) to ask questions or chat socially!
+**Creating a third-party tool?** Please review our [API Usage Guidelines](https://github.com/HabitRPG/habitica/wiki/API-Usage-Guidelines) to ensure that your tool is compliant and maintains the best experience for Habitica players.
+
+**Have any questions about Habitica or contributing?** See the links in the [Habitica](https://habitica.com) website's Help menu. There’s FAQ’s, guides, and the option to reach out to us with any further questions!

apidoc/header.md

@@ -2,4 +2,4 @@
 
 This webpage includes the documentation for version 3 of the [Habitica](https://habitica.com) API.
 
-If you're developing a 3rd party tool that uses the Habitica API you should read the [Guidance for Comrades](https://habitica.fandom.com/wiki/Guidance_for_Comrades) and in particular the section called [Rules for Third-Party Tools](https://habitica.fandom.com/wiki/Guidance_for_Comrades#Rules_for_Third-Party_Tools) which includes suggestions on how to best use the API and the rules to follow when interacting with it.
+If you're developing a 3rd party tool that uses the Habitica API, read the [API Usage Guidelines](https://github.com/HabitRPG/habitica/wiki/API-Usage-Guidelines), which describe how to be a responsible user of our server resources!

config.json.example

@@ -8,18 +8,26 @@
   "AMAZON_PAYMENTS_SELLER_ID": "SELLER_ID",
   "AMPLITUDE_KEY": "AMPLITUDE_KEY",
   "AMPLITUDE_SECRET": "AMPLITUDE_SECRET",
+  "APPLE_AUTH_CLIENT_ID": "",
+  "APPLE_AUTH_KEY_ID": "",
+  "APPLE_AUTH_PRIVATE_KEY": "",
+  "APPLE_TEAM_ID": "",
   "BASE_URL": "http://localhost:3000",
+  "BLOCKED_IPS": "",
+  "CONTENT_SWITCHOVER_TIME_OFFSET": 8,
   "CRON_SAFE_MODE": "false",
   "CRON_SEMI_SAFE_MODE": "false",
+  "DEBUG_ENABLED": "false",
   "DISABLE_REQUEST_LOGGING": "true",
-  "EMAILS_COMMUNITY_MANAGER_EMAIL": "admin@habitica.com",
-  "EMAILS_PRESS_ENQUIRY_EMAIL": "admin@habitica.com",
-  "EMAILS_TECH_ASSISTANCE_EMAIL": "admin@habitica.com",
   "EMAIL_SERVER_AUTH_PASSWORD": "password",
   "EMAIL_SERVER_AUTH_USER": "user",
   "EMAIL_SERVER_URL": "http://example.com",
+  "EMAILS_COMMUNITY_MANAGER_EMAIL": "admin@habitica.com",
+  "EMAILS_PRESS_ENQUIRY_EMAIL": "admin@habitica.com",
+  "EMAILS_TECH_ASSISTANCE_EMAIL": "admin@habitica.com",
   "ENABLE_CONSOLE_LOGS_IN_PROD": "false",
   "ENABLE_CONSOLE_LOGS_IN_TEST": "false",
+  "ENABLE_STACKDRIVER_TRACING": "false",
   "FACEBOOK_KEY": "123456789012345",
   "FACEBOOK_SECRET": "aaaabbbbccccddddeeeeffff00001111",
   "FLAG_REPORT_EMAIL": "email@example.com, email2@example.com",
@@ -29,14 +37,16 @@
   "IAP_GOOGLE_KEYDIR": "/path/to/google/public/key/dir/",
   "IGNORE_REDIRECT": "true",
   "ITUNES_SHARED_SECRET": "aaaabbbbccccddddeeeeffff00001111",
+  "LIVELINESS_PROBE_KEY": "",
+  "LOG_AMPLITUDE_EVENTS": "false",
+  "LOG_REQUESTS_EXCESSIVE_MODE": "false",
   "LOGGLY_CLIENT_TOKEN": "token",
   "LOGGLY_SUBDOMAIN": "example-subdomain",
   "LOGGLY_TOKEN": "example-token",
-  "LOG_REQUESTS_EXCESSIVE_MODE": "false",
   "MAINTENANCE_MODE": "false",
-  "NODE_DB_URI": "mongodb://localhost:27017/habitica-dev?replicaSet=rs",
-  "TEST_DB_URI": "mongodb://localhost:27017/habitica-test?replicaSet=rs",
   "MONGODB_POOL_SIZE": "10",
+  "MONGODB_SOCKET_TIMEOUT": "20000",
+  "NODE_DB_URI": "mongodb://localhost:27017/habitica-dev?replicaSet=rs",
   "NODE_ENV": "development",
   "PATH": "bin:node_modules/.bin:/usr/local/bin:/usr/bin:/bin",
   "PAYPAL_BILLING_PLANS_basic_12mo": "basic_12mo",
@@ -54,43 +64,34 @@
   "PLAY_API_REFRESH_TOKEN": "aaaabbbbccccddddeeeeffff00001111",
   "PORT": 3000,
   "PUSH_CONFIGS_APN_ENABLED": "false",
-  "PUSH_CONFIGS_APN_KEY": "xxxxxxxxxx",
   "PUSH_CONFIGS_APN_KEY_ID": "xxxxxxxxxx",
+  "PUSH_CONFIGS_APN_KEY": "xxxxxxxxxx",
   "PUSH_CONFIGS_APN_TEAM_ID": "aaabbbcccd",
   "PUSH_CONFIGS_FCM_SERVER_API_KEY": "aaabbbcccd",
+  "RATE_LIMITER_ENABLED": "false",
+  "REDIS_HOST": "aaabbbcccdddeeefff",
+  "REDIS_PASSWORD": "12345678",
+  "REDIS_PORT": "1234",
   "S3_ACCESS_KEY_ID": "accessKeyId",
   "S3_BUCKET": "bucket",
   "S3_SECRET_ACCESS_KEY": "secretAccessKey",
-  "SESSION_SECRET": "YOUR SECRET HERE",
   "SESSION_SECRET_IV": "12345678912345678912345678912345",
   "SESSION_SECRET_KEY": "1234567891234567891234567891234567891234567891234567891234567891",
+  "SESSION_SECRET": "YOUR SECRET HERE",
   "SITE_HTTP_AUTH_ENABLED": "false",
   "SITE_HTTP_AUTH_PASSWORDS": "password,wordpass,passkey",
   "SITE_HTTP_AUTH_USERNAMES": "admin,tester,contributor",
+  "SKIP_SSL_CHECK_KEY": "key",
   "SLACK_FLAGGING_FOOTER_LINK": "https://habitrpg.github.io/flag-o-rama/",
   "SLACK_FLAGGING_URL": "https://hooks.slack.com/services/id/id/id",
   "SLACK_SUBSCRIPTIONS_URL": "https://hooks.slack.com/services/id/id/id",
   "SLACK_URL": "https://hooks.slack.com/services/some-url",
+  "SLOW_REQUEST_THRESHOLD": 1000,
   "STRIPE_API_KEY": "aaaabbbbccccddddeeeeffff00001111",
   "STRIPE_PUB_KEY": "22223333444455556666777788889999",
   "STRIPE_WEBHOOKS_ENDPOINT_SECRET": "111111",
-  "TRANSIFEX_SLACK_CHANNEL": "transifex",
-  "WEB_CONCURRENCY": 1,
-  "SKIP_SSL_CHECK_KEY": "key",
-  "ENABLE_STACKDRIVER_TRACING": "false",
-  "APPLE_AUTH_PRIVATE_KEY": "",
-  "APPLE_TEAM_ID": "",
-  "APPLE_AUTH_CLIENT_ID": "",
-  "APPLE_AUTH_KEY_ID": "",
-  "BLOCKED_IPS": "",
-  "LOG_AMPLITUDE_EVENTS": "false",
-  "RATE_LIMITER_ENABLED": "false",
-  "LIVELINESS_PROBE_KEY": "",
-  "REDIS_HOST": "aaabbbcccdddeeefff",
-  "REDIS_PORT": "1234",
-  "REDIS_PASSWORD": "12345678",
-  "TRUSTED_DOMAINS": "localhost,https://habitica.com",
+  "TEST_DB_URI": "mongodb://localhost:27017/habitica-test?replicaSet=rs",
   "TIME_TRAVEL_ENABLED": "false",
-  "DEBUG_ENABLED": "false",
-  "CONTENT_SWITCHOVER_TIME_OFFSET": 8
+  "TRUSTED_DOMAINS": "localhost,https://habitica.com",
+  "WEB_CONCURRENCY": 1
 }

docker-compose.dev.yml

@@ -22,7 +22,8 @@ services:
       dockerfile: ./Dockerfile-Dev
     command: ["npm", "start"]
     depends_on:
-      - mongo
+      mongo:
+        condition: service_healthy
     environment:
       - NODE_DB_URI=mongodb://mongo/habitrpg
     networks:
@@ -33,7 +34,16 @@ services:
       - .:/usr/src/habitica
       - /usr/src/habitica/node_modules
   mongo:
-    image: mongo:3.6
+    image: mongo:5.0.23
+    restart: unless-stopped
+    command: ["--replSet", "rs", "--bind_ip_all", "--port", "27017"]
+    healthcheck:
+      test: echo "try { rs.status() } catch (err) { rs.initiate() }" | mongosh --port 27017 --quiet
+      interval: 10s
+      timeout: 30s
+      start_period: 0s
+      start_interval: 1s
+      retries: 30
     networks:
       - habitica
     ports:

gulp/gulp-sprites.js

@@ -42,10 +42,50 @@ function cssVarMap (sprite) {
   }
 }
 
-function createSpritesStream (name, src) {
+function filterFile (file) {
+  if (file.relative.indexOf('Mount_Icon_') !== -1) {
+    return false;
+  }
+  if (file.path.indexOf('shop/') !== -1) {
+    return false;
+  }
+  if (file.path.indexOf('stable/eggs') !== -1) {
+    return false;
+  }
+  if (file.path.indexOf('stable/food') !== -1) {
+    return false;
+  }
+  if (file.path.indexOf('stable/potions') !== -1) {
+    return false;
+  }
+  if (file.relative.indexOf('shop_') === 0) {
+    return false;
+  }
+  if (file.relative.indexOf('icon_background') === 0) {
+    return false;
+  }
+  if (file.relative.indexOf('notif_') === 0) {
+    return false;
+  }
+  if (file.relative.indexOf('quest_') === 0) {
+    return false;
+  }
+  if (file.relative.indexOf('inventory_quest_') === 0) {
+    return false;
+  }
+  return true;
+}
+
+async function createSpritesStream (name, src) {
   const stream = mergeStream();
+  // need to import this way bc of weird dependency things
+  // eslint-disable-next-line global-require
+  const filter = require('gulp-filter');
+
+  const f = filter(filterFile);
 
   const spriteData = gulp.src(src)
+    .pipe(f)
     .pipe(spritesmith({
       imgName: `spritesmith-${name}.png`,
       cssName: `spritesmith-${name}.css`,
@@ -63,7 +103,7 @@ function createSpritesStream (name, src) {
   return stream;
 }
 
-gulp.task('sprites:main', () => {
+gulp.task('sprites:main', async () => {
   const mainSrc = sync('habitica-images/**/*.png');
   return createSpritesStream('main', mainSrc);
 });

gulp/gulp-start.js

@@ -1,11 +0,0 @@
-import gulp from 'gulp';
-import nodemon from 'gulp-nodemon';
-
-import pkg from '../package.json';
-
-gulp.task('nodemon', done => {
-  nodemon({
-    script: pkg.main,
-  });
-  done();
-});

gulp/gulp-tests.js

@@ -49,12 +49,6 @@ function integrationTestCommand (testDir) {
 }
 
 /* Test task definitions */
-gulp.task('test:nodemon', gulp.series(done => {
-  process.env.PORT = TEST_SERVER_PORT; // eslint-disable-line no-process-env
-  process.env.NODE_DB_URI = TEST_DB_URI; // eslint-disable-line no-process-env
-  done();
-}, 'nodemon'));
-
 gulp.task('test:prepare:mongo', cb => {
   const mongooseOptions = getDefaultConnectionOptions();
   const connectionUrl = getDevelopmentConnectionUrl(TEST_DB_URI);

gulpfile.js

@@ -21,7 +21,6 @@ if (process.env.NODE_ENV === 'production') { // eslint-disable-line no-process-e
   require('./gulp/gulp-build'); // eslint-disable-line global-require
   require('./gulp/gulp-console'); // eslint-disable-line global-require
   require('./gulp/gulp-sprites'); // eslint-disable-line global-require
-  require('./gulp/gulp-start'); // eslint-disable-line global-require
   require('./gulp/gulp-tests'); // eslint-disable-line global-require
   require('./gulp/gulp-transifex-test'); // eslint-disable-line global-require
   require('gulp').task('default', gulp.series('test')); // eslint-disable-line global-require

migrations/archive/2024/20240806_purge_invite_accepted.js

@@ -0,0 +1,47 @@
+/* eslint-disable no-console */
+import { model as User } from '../../../website/server/models/user';
+
+const MIGRATION_NAME = '2024_purge_invite_accepted';
+const progressCount = 1000;
+let count = 0;
+
+async function updateUsers (userIds) {
+  count += userIds.length;
+  if (count % progressCount === 0) console.warn(`${count} ${userIds[0]}`);
+
+  return await User.updateMany(
+    { _id: { $in: userIds } },
+    { $pull: { notifications: { type: 'GROUP_INVITE_ACCEPTED' } } },
+  ).exec();
+}
+
+export default async function processUsers () {
+  let query = {
+    migration: { $ne: MIGRATION_NAME },
+    'notifications.type': 'GROUP_INVITE_ACCEPTED',
+    'auth.timestamps.loggedin': { $gt: new Date('2024-06-25') },
+  };
+
+  while (true) { // eslint-disable-line no-constant-condition
+    const users = await User // eslint-disable-line no-await-in-loop
+      .find(query)
+      .limit(250)
+      .sort({ _id: 1 })
+      .select({ _id: 1 })
+      .exec();
+
+    if (users.length === 0) {
+      console.warn('All appropriate users found and modified.');
+      console.warn(`\n${count} users processed\n`);
+      break;
+    } else {
+      query._id = {
+        $gt: users[users.length - 1],
+      };
+    }
+
+    const userIds = users.map(user => user._id);
+
+    await updateUsers(userIds); // eslint-disable-line no-await-in-loop
+  }
+};

migrations/archive/2024/20241119_gem_caps_hourglasses.js

@@ -0,0 +1,115 @@
+/* eslint-disable no-console */
+const MIGRATION_NAME = '20241119_gem_caps_hourglasses';
+import { model as User } from '../../../website/server/models/user';
+
+const progressCount = 1000;
+let count = 0;
+
+async function updateUser (user) {
+  count += 1;
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
+
+  const { consecutive, customerId, dateTerminated, planId } = user.purchased.plan;
+  const isRecurring = customerId !== 'Gift' && !dateTerminated;
+  const updateOp = {
+    $set: {
+      migration: MIGRATION_NAME,
+      'purchased.plan.consecutive.gemCapExtra': Math.max(2 * Math.ceil((consecutive.gemCapExtra + 1) / 2, 26)),
+    },
+    $inc: {},
+  };
+
+  let hourglassBonus = 0;
+
+  if (isRecurring) {
+    await user.updateBalance(
+      5,
+      'admin_update_balance',
+      '',
+      'Subscription Reward Migration',
+    );
+    updateOp.$inc.balance = 5;
+    switch (planId) {
+      case 'basic':
+      case 'basic_earned':
+      case 'group_plan_auto':
+        hourglassBonus = 2;
+        break;
+      case 'basic_3mo':
+      case 'basic_6mo':
+      case 'google_6mo':
+        hourglassBonus = 4;
+        break;
+      case 'basic_12mo':
+        hourglassBonus = 12;
+        updateOp.$set['purchased.plan.hourglassPromoReceived'] = new Date();
+        break;
+      default:
+        hourglassBonus = 0;
+    }
+
+    if (hourglassBonus) {
+      updateOp.$inc['purchased.plan.consecutive.trinkets'] = hourglassBonus;
+      await user.updateHourglasses(
+        hourglassBonus,
+        'admin_update_balance',
+        '',
+        'Subscription Reward Migration',
+      );
+    }
+    updateOp.$push = {
+      notifications: {
+        type: 'ITEM_RECEIVED',
+        data: {
+          icon: 'notif_subscriber_reward',
+          title: 'Thanks for being a subscriber!',
+          text: 'Enjoy these extra Mystic Hourglasses and Gems to celebrate our new benefits.',
+        },
+        seen: false,
+      },
+    };
+  }
+
+  return await User.updateOne(
+    { _id: user._id },
+    updateOp,
+  ).exec();
+}
+
+export default async function processUsers () {
+  let query = {
+    migration: { $ne: MIGRATION_NAME },
+    'purchased.plan.customerId': { $exists: true },
+    $or: [
+      { 'purchased.plan.dateTerminated': { $exists: false } },
+      { 'purchased.plan.dateTerminated': null },
+      { 'purchased.plan.dateTerminated': { $gt: new Date() } },
+    ],
+  };
+
+  const fields = {
+    _id: 1,
+    purchased: 1,
+  };
+
+  while (true) { // eslint-disable-line no-constant-condition
+    const users = await User // eslint-disable-line no-await-in-loop
+      .find(query)
+      .limit(250)
+      .sort({_id: 1})
+      .select(fields)
+      .exec();
+
+    if (users.length === 0) {
+      console.warn('All appropriate users found and modified.');
+      console.warn(`\n${count} users processed\n`);
+      break;
+    } else {
+      query._id = {
+        $gt: users[users.length - 1],
+      };
+    }
+
+    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
+  }
+};

migrations/archive/api_v3/groups.js

@@ -37,7 +37,7 @@ let consoleStamp = require('console-stamp');
 consoleStamp(console);
 
 // Initialize configuration
-require('../../website/server/libs/api-v3/setupNconf')();
+require('../../website/server/libs/api-v3/setupNconf').default();
 
 let MONGODB_OLD = nconf.get('MONGODB_OLD');
 let MONGODB_NEW = nconf.get('MONGODB_NEW');

migrations/archive/api_v3/users.js

@@ -32,7 +32,7 @@ let moment = require('moment');
 consoleStamp(console);
 
 // Initialize configuration
-require('../../website/server/libs/api-v3/setupNconf')();
+require('../../website/server/libs/api-v3/setupNconf').default();
 
 let MONGODB_OLD = nconf.get('MONGODB_OLD');
 let MONGODB_NEW = nconf.get('MONGODB_NEW');

migrations/migration-runner.js

@@ -6,11 +6,11 @@ require('@babel/register'); // eslint-disable-line import/no-extraneous-dependen
 function setUpServer () {
   const nconf = require('nconf'); // eslint-disable-line global-require, no-unused-vars
   const mongoose = require('mongoose'); // eslint-disable-line global-require, no-unused-vars
-  const setupNconf = require('../website/server/libs/setupNconf'); // eslint-disable-line global-require
+  const setupNconf = require('../website/server/libs/setupNconf').default; // eslint-disable-line global-require
 
   setupNconf();
 
-  // We require src/server and npt src/index because
+  // We require src/server and not src/index because
   // 1. nconf is already setup
   // 2. we don't need clustering
   require('../website/server/server'); // eslint-disable-line global-require

migrations/users/bulk-email.js

@@ -26,7 +26,7 @@ async function updateUser (user) {
     [{ name: 'BASE_URL', content: BASE_URL }], // Add variables from template
   );
 
-  return User.update({ _id: user._id }, { $set: { migration: MIGRATION_NAME } }).exec();
+  return User.updateOne({ _id: user._id }, { $set: { migration: MIGRATION_NAME } }).exec();
 }
 
 export default async function processUsers () {

migrations/users/full-gear.js

@@ -11,7 +11,7 @@ const progressCount = 1000;
 let count = 0;
 
 /*
- * Award users every extant pet and mount
+ * Award every extant piece of equippable gear
  */
 
 async function updateUser (user) {
@@ -27,13 +27,13 @@ async function updateUser (user) {
 
   if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
 
-  return User.update({ _id: user._id }, { $set: set }).exec();
+  return User.updateOne({ _id: user._id }, { $set: set }).exec();
 }
 
 export default async function processUsers () {
   const query = {
     migration: { $ne: MIGRATION_NAME },
-    'auth.local.lowerCaseUsername': 'olson1',
+    'auth.local.username': 'ExampleHabitican',
   };
 
   const fields = {

migrations/users/full-stable.js

@@ -57,7 +57,7 @@ async function updateUser (user) {
 export default async function processUsers () {
   const query = {
     migration: { $ne: MIGRATION_NAME },
-    'auth.local.username': 'SabreTest',
+    'auth.local.username': 'ExampleHabitican',
   };
 
   const fields = {

migrations/users/habitoween.js

@@ -0,0 +1,175 @@
+/*
+ * Award Habitoween ladder items to participants in this month's Habitoween festivities
+ */
+/* eslint-disable no-console */
+import { model as User } from '../../website/server/models/user';
+
+const MIGRATION_NAME = '20241030_habitoween_ladder'; // Update when running in future years
+
+const progressCount = 1000;
+let count = 0;
+
+async function updateUser (user) {
+  count += 1;
+
+  const set = { migration: MIGRATION_NAME };
+  const inc = {
+    'items.food.Candy_Skeleton': 1,
+    'items.food.Candy_Base': 1,
+    'items.food.Candy_CottonCandyBlue': 1,
+    'items.food.Candy_CottonCandyPink': 1,
+    'items.food.Candy_Shade': 1,
+    'items.food.Candy_White': 1,
+    'items.food.Candy_Golden': 1,
+    'items.food.Candy_Zombie': 1,
+    'items.food.Candy_Desert': 1,
+    'items.food.Candy_Red': 1,
+  };
+  const push = { notifications: { $each: [] } };
+
+  if (user && user.items && user.items.mounts && user.items.mounts['JackOLantern-RoyalPurple']) {
+    push.notifications.$each.push({
+      type: 'ITEM_RECEIVED',
+      data: {
+        icon: 'notif_habitoween_candy',
+        title: 'Happy Habitoween!',
+        text: 'For this spooky celebration, you\'ve received an assortment of candy for your Pets!',
+        destination: '/inventory/stable',
+      },
+      seen: false,
+    });
+  } else if (user && user.items && user.items.pets && user.items.pets['JackOLantern-RoyalPurple']) {
+    set['items.mounts.JackOLantern-RoyalPurple'] = true;
+    push.notifications.$each.push({
+      type: 'ITEM_RECEIVED',
+      data: {
+        icon: 'notif_habitoween_purple_mount',
+        title: 'Happy Habitoween!',
+        text: 'For this spooky celebration, you\'ve received a Royal Purple Jack-O-Lantern Mount and an assortment of candy for your Pets!',
+        destination: '/inventory/stable',
+      },
+      seen: false,
+    });
+  } else if (user && user.items && user.items.mounts && user.items.mounts['JackOLantern-Glow']) {
+    set['items.pets.JackOLantern-RoyalPurple'] = 5;
+    push.notifications.$each.push({
+      type: 'ITEM_RECEIVED',
+      data: {
+        icon: 'notif_habitoween_purple_pet',
+        title: 'Happy Habitoween!',
+        text: 'For this spooky celebration, you\'ve received a Royal Purple Jack-O-Lantern Pet and an assortment of candy for your Pets!',
+        destination: '/inventory/stable',
+      },
+      seen: false,
+    });
+  } else if (user && user.items && user.items.pets && user.items.pets['JackOLantern-Glow']) {
+    set['items.mounts.JackOLantern-Glow'] = true;
+    push.notifications.$each.push({
+      type: 'ITEM_RECEIVED',
+      data: {
+        icon: 'notif_habitoween_glow_mount',
+        title: 'Happy Habitoween!',
+        text: 'For this spooky celebration, you\'ve received a Glow-in-the-Dark Jack-O-Lantern Mount and an assortment of candy for your Pets!',
+        destination: '/inventory/stable',
+      },
+      seen: false,
+    });
+  } else if (user && user.items && user.items.mounts && user.items.mounts['JackOLantern-Ghost']) {
+    set['items.pets.JackOLantern-Glow'] = 5;
+    push.notifications.$each.push({
+      type: 'ITEM_RECEIVED',
+      data: {
+        icon: 'notif_habitoween_glow_pet',
+        title: 'Happy Habitoween!',
+        text: 'For this spooky celebration, you\'ve received a Glow-in-the-Dark Jack-O-Lantern Pet and an assortment of candy for your Pets!',
+        destination: '/inventory/stable',
+      },
+      seen: false,
+    });
+  } else if (user && user.items && user.items.pets && user.items.pets['JackOLantern-Ghost']) {
+    set['items.mounts.JackOLantern-Ghost'] = true;
+    push.notifications.$each.push({
+      type: 'ITEM_RECEIVED',
+      data: {
+        icon: 'notif_habitoween_ghost_mount',
+        title: 'Happy Habitoween!',
+        text: 'For this spooky celebration, you\'ve received a Ghost Jack-O-Lantern Mount and an assortment of candy for your Pets!',
+        destination: '/inventory/stable',
+      },
+      seen: false,
+    });
+  } else if (user && user.items && user.items.mounts && user.items.mounts['JackOLantern-Base']) {
+    set['items.pets.JackOLantern-Ghost'] = 5;
+    push.notifications.$each.push({
+      type: 'ITEM_RECEIVED',
+      data: {
+        icon: 'notif_habitoween_ghost_pet',
+        title: 'Happy Habitoween!',
+        text: 'For this spooky celebration, you\'ve received a Ghost Jack-O-Lantern Pet and an assortment of candy for your Pets!',
+        destination: '/inventory/stable',
+      },
+      seen: false,
+    });
+  } else if (user && user.items && user.items.pets && user.items.pets['JackOLantern-Base']) {
+    set['items.mounts.JackOLantern-Base'] = true;
+    push.notifications.$each.push({
+      type: 'ITEM_RECEIVED',
+      data: {
+        icon: 'notif_habitoween_base_mount',
+        title: 'Happy Habitoween!',
+        text: 'For this spooky celebration, you\'ve received a Jack-O-Lantern Mount and an assortment of candy for your Pets!',
+        destination: '/inventory/stable',
+      },
+      seen: false,
+    });
+  } else {
+    set['items.pets.JackOLantern-Base'] = 5;
+    push.notifications.$each.push({
+      type: 'ITEM_RECEIVED',
+      data: {
+        icon: 'notif_habitoween_base_pet',
+        title: 'Happy Habitoween!',
+        text: 'For this spooky celebration, you\'ve received a Jack-O-Lantern Pet and an assortment of candy for your Pets!',
+        destination: '/inventory/stable',
+      },
+      seen: false,
+    });
+  }
+
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
+  return User.updateOne({ _id: user._id }, { $inc: inc, $push: push, $set: set }).exec();
+}
+
+export default async function processUsers () {
+  const query = {
+    migration: { $ne: MIGRATION_NAME },
+    'auth.timestamps.loggedin': { $gt: new Date('2024-10-01') },
+  };
+
+  const fields = {
+    _id: 1,
+    items: 1,
+  };
+
+  while (true) { // eslint-disable-line no-constant-condition
+    const users = await User // eslint-disable-line no-await-in-loop
+      .find(query)
+      .limit(250)
+      .sort({ _id: 1 })
+      .select(fields)
+      .lean()
+      .exec();
+
+    if (users.length === 0) {
+      console.warn('All appropriate users found and modified.');
+      console.warn(`\n${count} users processed\n`);
+      break;
+    } else {
+      query._id = {
+        $gt: users[users.length - 1],
+      };
+    }
+
+    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
+  }
+}

migrations/users/harvest_feast.js

@@ -0,0 +1,167 @@
+/* eslint-disable no-console */
+import { model as User } from '../../website/server/models/user';
+
+const MIGRATION_NAME = '20241120_harvest_feast';
+const progressCount = 1000;
+let count = 0;
+
+async function updateUser (user) {
+  count += 1;
+
+  const updateOp = {
+    $set: { migration: MIGRATION_NAME },
+  };
+
+  if (typeof user.items.gear.owned.head_special_turkeyHelmGilded !== 'undefined') {
+    updateOp.$inc = {
+      'items.food.Pie_Base': 1,
+      'items.food.Pie_CottonCandyBlue': 1,
+      'items.food.Pie_CottonCandyPink': 1,
+      'items.food.Pie_Desert': 1,
+      'items.food.Pie_Golden': 1,
+      'items.food.Pie_Red': 1,
+      'items.food.Pie_Shade': 1,
+      'items.food.Pie_Skeleton': 1,
+      'items.food.Pie_Zombie': 1,
+      'items.food.Pie_White': 1,
+    };
+    updateOp.$push = {
+      notifications: {
+        type: 'ITEM_RECEIVED',
+        data: {
+          icon: 'notif_harvestfeast_pie',
+          title: 'Happy Harvest Feast!',
+          text: 'Gobble gobble, you\'ve received an assortment of pie for your Pets!',
+          destination: '/inventory/stable',
+        },
+        seen: false,
+      },
+    };
+  } else if (typeof user.items.gear.owned.armor_special_turkeyArmorBase !== 'undefined') {
+    updateOp.$set['items.gear.owned.head_special_turkeyHelmGilded'] = true;
+    updateOp.$set['items.gear.owned.armor_special_turkeyArmorGilded'] = true;
+    updateOp.$set['items.gear.owned.back_special_turkeyTailGilded'] = true;
+    updateOp.$push = {
+      notifications: {
+        type: 'ITEM_RECEIVED',
+        data: {
+          icon: 'notif_harvestfeast_gilded_set',
+          title: 'Happy Harvest Feast!',
+          text: 'Gobble gobble, you\'ve received the Gilded Turkey Armor, Helm, and Tail!',
+          destination: '/inventory/equipment',
+        },
+        seen: false,
+      },
+    };
+  } else if (user.items && user.items.mounts && user.items.mounts['Turkey-Gilded']) {
+    updateOp.$set['items.gear.owned.head_special_turkeyHelmBase'] = true;
+    updateOp.$set['items.gear.owned.armor_special_turkeyArmorBase'] = true;
+    updateOp.$set['items.gear.owned.back_special_turkeyTailBase'] = true;
+    updateOp.$push = {
+      notifications: {
+        type: 'ITEM_RECEIVED',
+        data: {
+          icon: 'notif_harvestfeast_base_set',
+          title: 'Happy Harvest Feast!',
+          text: 'Gobble gobble, you\'ve received the Turkey Armor, Helm, and Tail!',
+          destination: '/inventory/equipment',
+        },
+        seen: false,
+      },
+    };
+  } else if (user.items && user.items.pets && user.items.pets['Turkey-Gilded']) {
+    updateOp.$set['items.mounts.Turkey-Gilded'] = true;
+    updateOp.$push = {
+      notifications: {
+        type: 'ITEM_RECEIVED',
+        data: {
+          icon: 'notif_harvestfeast_gilded_mount',
+          title: 'Happy Harvest Feast!',
+          text: 'Gobble gobble, you\'ve received the Gilded Turkey Mount!',
+          destination: '/inventory/stable',
+        },
+        seen: false,
+      },
+    };
+  } else if (user.items && user.items.mounts && user.items.mounts['Turkey-Base']) {
+    updateOp.$set['items.pets.Turkey-Gilded'] = 5;
+    updateOp.$push = {
+      notifications: {
+        type: 'ITEM_RECEIVED',
+        data: {
+          icon: 'notif_harvestfeast_gilded_pet',
+          title: 'Happy Harvest Feast!',
+          text: 'Gobble gobble, you\'ve received the Gilded Turkey Pet!',
+          destination: '/inventory/stable',
+        },
+        seen: false,
+      },
+    };
+  } else if (user.items && user.items.pets && user.items.pets['Turkey-Base']) {
+    updateOp.$set['items.mounts.Turkey-Base'] = true;
+    updateOp.$push = {
+      notifications: {
+        type: 'ITEM_RECEIVED',
+        data: {
+          icon: 'notif_harvestfeast_base_mount',
+          title: 'Happy Harvest Feast!',
+          text: 'Gobble gobble, you\'ve received the Turkey Mount!',
+          destination: '/inventory/stable',
+        },
+        seen: false,
+      },
+    };
+  } else {
+    updateOp.$set['items.pets.Turkey-Base'] = 5;
+    updateOp.$push = {
+      notifications: {
+        type: 'ITEM_RECEIVED',
+        data: {
+          icon: 'notif_harvestfeast_base_pet',
+          title: 'Happy Harvest Feast!',
+          text: 'Gobble gobble, you\'ve received the Turkey Pet!',
+          destination: '/inventory/stable',
+        },
+        seen: false,
+      },
+    };
+  }
+
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
+
+  return User.updateOne({ _id: user._id }, updateOp).exec();
+}
+
+export default async function processUsers () {
+  const query = {
+    migration: { $ne: MIGRATION_NAME },
+    'auth.timestamps.loggedin': { $gt: new Date('2024-10-20') },
+  };
+
+  const fields = {
+    _id: 1,
+    items: 1,
+  };
+
+  while (true) { // eslint-disable-line no-constant-condition
+    const users = await User // eslint-disable-line no-await-in-loop
+      .find(query)
+      .limit(250)
+      .sort({ _id: 1 })
+      .select(fields)
+      .lean()
+      .exec();
+
+    if (users.length === 0) {
+      console.warn('All appropriate users found and modified.');
+      console.warn(`\n${count} users processed\n`);
+      break;
+    } else {
+      query._id = {
+        $gt: users[users.length - 1],
+      };
+    }
+
+    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
+  }
+}

migrations/users/naming-day.js

@@ -1,14 +1,12 @@
 /* eslint-disable no-console */
-const MIGRATION_NAME = '20230731_naming_day';
-import { v4 as uuid } from 'uuid';
-
-import { model as User } from '../../../website/server/models/user';
+import { model as User } from '../../website/server/models/user';
 
+const MIGRATION_NAME = '20240731_naming_day';
 const progressCount = 1000;
 let count = 0;
 
 async function updateUser (user) {
-  count++;
+  count += 1;
 
   let set;
   let push;
@@ -115,16 +113,16 @@ async function updateUser (user) {
   if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
 
   if (push) {
-    return await user.updateOne({ $set: set, $inc: inc, $push: push }).exec();
-  } else {
-    return await user.updateOne({ $set: set, $inc: inc }).exec();
+    return user.updateOne({ $set: set, $inc: inc, $push: push }).exec();
   }
+
+  return user.updateOne({ $set: set, $inc: inc }).exec();
 }
 
 export default async function processUsers () {
-  let query = {
+  const query = {
     migration: { $ne: MIGRATION_NAME },
-    'auth.timestamps.loggedin': { $gt: new Date('2023-07-01') },
+    'auth.timestamps.loggedin': { $gt: new Date('2024-07-01') },
   };
 
   const fields = {
@@ -136,7 +134,7 @@ export default async function processUsers () {
     const users = await User // eslint-disable-line no-await-in-loop
       .find(query)
       .limit(250)
-      .sort({_id: 1})
+      .sort({ _id: 1 })
       .select(fields)
       .exec();
 
@@ -152,4 +150,4 @@ export default async function processUsers () {
 
     await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
   }
-};
+}

migrations/users/nye.js

@@ -0,0 +1,125 @@
+/* eslint-disable no-console */
+import { model as User } from '../../website/server/models/user';
+
+const MIGRATION_NAME = '20231228_nye';
+const progressCount = 1000;
+let count = 0;
+
+async function updateUser (user) {
+  count += 1;
+
+  const updateOp = {
+    $set: { migration: MIGRATION_NAME },
+    $push: { },
+  };
+  const data = {
+    title: 'Happy New Year!',
+    destination: '/inventory/equipment',
+  };
+
+  if (typeof user.items.gear.owned.head_special_nye2023 !== 'undefined') {
+    updateOp.$inc = {
+      'items.food.Candy_Skeleton': 1,
+      'items.food.Candy_Base': 1,
+      'items.food.Candy_CottonCandyBlue': 1,
+      'items.food.Candy_CottonCandyPink': 1,
+      'items.food.Candy_Shade': 1,
+      'items.food.Candy_White': 1,
+      'items.food.Candy_Golden': 1,
+      'items.food.Candy_Zombie': 1,
+      'items.food.Candy_Desert': 1,
+      'items.food.Candy_Red': 1,
+    };
+    data.icon = 'notif_candy_nye';
+    data.text = 'You’ve received an assortment of candy to celebrate with your Pets!';
+    data.destination = '/inventory/stable';
+  } else if (typeof user.items.gear.owned.head_special_nye2022 !== 'undefined') {
+    updateOp.$set['items.gear.owned.head_special_nye2023'] = true;
+    data.icon = 'notif_2023hat_nye';
+    data.text = 'Take on your resolutions with style in this Ludicrous Party Hat!';
+  } else if (typeof user.items.gear.owned.head_special_nye2021 !== 'undefined') {
+    updateOp.$set['items.gear.owned.head_special_nye2022'] = true;
+    data.icon = 'notif_2022hat_nye';
+    data.text = 'Take on your resolutions with style in this Fabulous Party Hat!';
+  } else if (typeof user.items.gear.owned.head_special_nye2020 !== 'undefined') {
+    updateOp.$set['items.gear.owned.head_special_nye2021'] = true;
+    data.icon = 'notif_2021hat_nye';
+    data.text = 'Take on your resolutions with style in this Preposterous Party Hat!';
+  } else if (typeof user.items.gear.owned.head_special_nye2019 !== 'undefined') {
+    updateOp.$set['items.gear.owned.head_special_nye2020'] = true;
+    data.icon = 'notif_2020hat_nye';
+    data.text = 'Take on your resolutions with style in this Extravagant Party Hat!';
+  } else if (typeof user.items.gear.owned.head_special_nye2018 !== 'undefined') {
+    updateOp.$set['items.gear.owned.head_special_nye2019'] = true;
+    data.icon = 'notif_2019hat_nye';
+    data.text = 'Take on your resolutions with style in this Outrageous Party Hat!';
+  } else if (typeof user.items.gear.owned.head_special_nye2017 !== 'undefined') {
+    updateOp.$set['items.gear.owned.head_special_nye2018'] = true;
+    data.icon = 'notif_2018hat_nye';
+    data.text = 'Take on your resolutions with style in this Outlandish Party Hat!';
+  } else if (typeof user.items.gear.owned.head_special_nye2016 !== 'undefined') {
+    updateOp.$set['items.gear.owned.head_special_nye2017'] = true;
+    data.icon = 'notif_2017hat_nye';
+    data.text = 'Take on your resolutions with style in this Fanciful Party Hat!';
+  } else if (typeof user.items.gear.owned.head_special_nye2015 !== 'undefined') {
+    updateOp.$set['items.gear.owned.head_special_nye2016'] = true;
+    data.icon = 'notif_2016hat_nye';
+    data.text = 'Take on your resolutions with style in this Whimsical Party Hat!';
+  } else if (typeof user.items.gear.owned.head_special_nye2014 !== 'undefined') {
+    updateOp.$set['items.gear.owned.head_special_nye2015'] = true;
+    data.icon = 'notif_2015hat_nye';
+    data.text = 'Take on your resolutions with style in this Ridiculous Party Hat!';
+  } else if (typeof user.items.gear.owned.head_special_nye !== 'undefined') {
+    updateOp.$set['items.gear.owned.head_special_nye2014'] = true;
+    data.icon = 'notif_2014hat_nye';
+    data.text = 'Take on your resolutions with style in this Silly Party Hat!';
+  } else {
+    updateOp.$set['items.gear.owned.head_special_nye'] = true;
+    data.icon = 'notif_2013hat_nye';
+    data.text = 'Take on your resolutions with style in this Absurd Party Hat!';
+  }
+
+  updateOp.$push.notifications = {
+    type: 'ITEM_RECEIVED',
+    data,
+    seen: false,
+  };
+
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
+
+  return User.updateOne({ _id: user._id }, updateOp).exec();
+}
+
+export default async function processUsers () {
+  const query = {
+    'auth.timestamps.loggedin': { $gt: new Date('2023-12-01') },
+    migration: { $ne: MIGRATION_NAME },
+  };
+
+  const fields = {
+    _id: 1,
+    items: 1,
+  };
+
+  while (true) { // eslint-disable-line no-constant-condition
+    const users = await User // eslint-disable-line no-await-in-loop
+      .find(query)
+      .limit(250)
+      .sort({ _id: 1 })
+      .select(fields)
+      .lean()
+      .exec();
+
+    if (users.length === 0) {
+      console.warn('All appropriate users found and modified.');
+      console.warn(`\n${count} users processed\n`);
+      break;
+    } else {
+      query._id = {
+        $gt: users[users.length - 1],
+      };
+    }
+
+    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
+  }
+}

migrations/users/take-this.js

@@ -3,7 +3,8 @@ import { v4 as uuid } from 'uuid';
 
 import { model as User } from '../../website/server/models/user';
 
-const MIGRATION_NAME = '20181203_take_this';
+const MIGRATION_NAME = 'YYYYMMDD_take_this';
+const CHALLENGE_ID = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx';
 
 const progressCount = 1000;
 let count = 0;
@@ -41,15 +42,15 @@ async function updateUser (user) {
   if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
 
   if (push) {
-    return User.update({ _id: user._id }, { $set: set, $push: push }).exec();
+    return User.updateOne({ _id: user._id }, { $set: set, $push: push }).exec();
   }
-  return User.update({ _id: user._id }, { $set: set }).exec();
+  return User.updateOne({ _id: user._id }, { $set: set }).exec();
 }
 
 export default async function processUsers () {
   const query = {
     migration: { $ne: MIGRATION_NAME },
-    challenges: '00708425-d477-41a5-bf27-6270466e7976',
+    challenges: CHALLENGE_ID,
   };
 
   const fields = {
@@ -72,7 +73,7 @@ export default async function processUsers () {
       break;
     } else {
       query._id = {
-        $gt: users[users.length - 1],
+        $gt: users[users.length - 1]._id,
       };
     }
 

package.json

@@ -1,7 +1,7 @@
 {
   "name": "habitica",
   "description": "A habit tracker app which treats your goals like a Role Playing Game.",
-  "version": "5.26.1",
+  "version": "5.41.7",
   "main": "./website/server/index.js",
   "dependencies": {
     "@babel/core": "^7.22.10",
@@ -15,11 +15,12 @@
     "amplitude": "^6.0.0",
     "apidoc": "^0.54.0",
     "apple-auth": "^1.0.9",
+    "babel-preset-env": "^1.7.0",
     "bcrypt": "^5.1.1",
-    "body-parser": "^1.20.2",
+    "body-parser": "^1.20.3",
     "bootstrap": "^4.6.2",
-    "compression": "^1.7.4",
-    "cookie-session": "^2.0.0",
+    "compression": "^1.8.1",
+    "cookie-session": "^2.1.1",
     "coupon-code": "^0.4.5",
     "csv-stringify": "^5.6.5",
     "cwait": "^1.1.1",
@@ -27,7 +28,7 @@
     "eslint": "^8.55.0",
     "eslint-config-habitrpg": "^6.2.3",
     "eslint-plugin-mocha": "^5.0.0",
-    "express": "^4.19.2",
+    "express": "^4.21.1",
     "express-basic-auth": "^1.2.1",
     "express-validator": "^5.2.0",
     "firebase-admin": "^12.1.1",
@@ -35,8 +36,8 @@
     "got": "^11.8.6",
     "gulp": "^4.0.0",
     "gulp-babel": "^8.0.0",
+    "gulp-filter": "^7.0.0",
     "gulp-imagemin": "^7.1.0",
-    "gulp-nodemon": "^2.5.0",
     "gulp.spritesmith": "^6.13.0",
     "habitica-markdown": "^3.0.0",
     "helmet": "^4.6.0",
@@ -48,13 +49,12 @@
     "merge-stream": "^2.0.0",
     "method-override": "^3.0.0",
     "moment": "^2.29.4",
-    "moment-recur": "^1.0.7",
-    "mongoose": "^7.6.3",
-    "morgan": "^1.10.0",
+    "moment-recur": "git://github.com/HabitRPG/moment-recur.git#d3e8e6da0806f13b74dd2e4d7d9053e6a63db119",
+    "mongoose": "^8.9.5",
+    "morgan": "^1.10.1",
     "nconf": "^0.12.1",
     "node-gcm": "^1.0.5",
-    "nodemon": "^2.0.20",
-    "on-headers": "^1.0.2",
+    "on-headers": "^1.1.0",
     "passport": "^0.5.3",
     "passport-facebook": "^3.0.0",
     "passport-google-oauth2": "^0.2.0",
@@ -70,10 +70,10 @@
     "sinon": "^15.2.0",
     "stripe": "^12.18.0",
     "superagent": "^8.1.2",
-    "universal-analytics": "^0.5.3",
     "useragent": "^2.1.9",
     "uuid": "^9.0.0",
     "validator": "^13.11.0",
+    "webpack-bundle-analyzer": "^4.10.2",
     "winston": "^3.10.0",
     "winston-loggly-bulk": "^3.3.0",
     "xml2js": "^0.6.2"
@@ -97,26 +97,27 @@
     "test:sanity": "nyc --silent --no-clean mocha test/sanity --recursive",
     "test:common": "nyc --silent --no-clean mocha test/common --recursive",
     "test:content": "nyc --silent --no-clean mocha test/content --recursive",
-    "test:nodemon": "gulp test:nodemon",
     "coverage": "nyc report --reporter=html --report-dir coverage/results; open coverage/results/index.html",
     "sprites": "gulp sprites:compile",
     "client:dev": "cd website/client && npm run serve",
     "client:build": "cd website/client && npm run build",
     "client:unit": "cd website/client && npm run test:unit",
-    "start": "gulp nodemon",
-    "debug": "gulp nodemon --inspect",
-    "mongo:dev": "run-rs -v 5.0.23 -l ubuntu1804 --keep --dbpath mongodb-data --number 1 --quiet",
+    "start": "node --watch ./website/server/index.js",
+    "start:simple": "node ./website/server/index.js",
+    "debug": "node --watch --inspect ./website/server/index.js",
+    "mongo:dev": "run-rs -v 7.0.23 -l ubuntu2214 --keep --dbpath mongodb-data --number 1 --quiet",
+    "mongo:test": "run-rs -v 7.0.23 -l ubuntu2214 --keep --dbpath mongodb-data-testing --number 1 --quiet",
     "postinstall": "git config --global url.\"https://\".insteadOf git:// && gulp build && cd website/client && npm install",
     "apidoc": "gulp apidoc",
-    "heroku-postbuild": "npm run client:build"
+    "heroku-postbuild": ".heroku/report_deploy.sh"
   },
   "devDependencies": {
-    "axios": "^1.4.0",
+    "axios": "^1.8.2",
     "chai": "^4.3.7",
     "chai-as-promised": "^7.1.1",
     "chai-moment": "^0.1.0",
     "chalk": "^5.3.0",
-    "cross-spawn": "^7.0.3",
+    "cross-spawn": "^7.0.5",
     "mocha": "^5.1.1",
     "monk": "^7.3.4",
     "nyc": "^15.1.0",

scripts/gdpr-delete-users.js

@@ -71,15 +71,14 @@ async function deleteHabiticaData (user, email) {
 }
 
 async function processEmailAddress (email) {
-  const emailRegex = new RegExp(`^${email}$`, 'i');
   const localUsers = await User.find(
-    { 'auth.local.email': emailRegex },
+    { 'auth.local.email': email },
     { _id: 1, apiToken: 1, auth: 1 },
   ).exec();
 
   const socialUsers = await User.find(
     {
-      'auth.local.email': { $not: emailRegex },
+      'auth.local.email': { $ne: email },
       $or: [
         { 'auth.facebook.emails.value': email },
         { 'auth.google.emails.value': email },

scripts/team-cron.js

@@ -8,7 +8,17 @@ const TASK_VALUE_CHANGE_FACTOR = 0.9747;
 const MIN_TASK_VALUE = -47.27;
 
 async function updateTeamTasks (team) {
+  if (team.purchased.plan.dateTerminated) {
+    const dateTerminated = new Date(team.purchased.plan.dateTerminated);
+    if (dateTerminated < new Date()) {
+      team.purchased.plan.customerId = undefined;
+      team.markModified('purchased.plan');
+      return team.save();
+    }
+  }
+
   const toSave = [];
+
   let teamLeader = await User.findOne({ _id: team.leader }, 'preferences').exec();
 
   if (!teamLeader) { // why would this happen?
@@ -93,12 +103,7 @@ async function updateTeamTasks (team) {
 export default async function processTeamsCron () {
   const activeTeams = await Group.find({
     'purchased.plan.customerId': { $exists: true },
-    $or: [
-      { 'purchased.plan.dateTerminated': { $exists: false } },
-      { 'purchased.plan.dateTerminated': null },
-      { 'purchased.plan.dateTerminated': { $gt: new Date() } },
-    ],
-  }).exec();
+  }, { cron: 1, leader: 1, purchased: 1 }).exec();
 
   const cronPromises = activeTeams.map(updateTeamTasks);
   return Promise.all(cronPromises);

test/api/unit/libs/analyticsService.test.js

@@ -1,15 +1,11 @@
 /* eslint-disable camelcase */
 import nconf from 'nconf';
 import Amplitude from 'amplitude';
-import { Visitor } from 'universal-analytics';
 import * as analyticsService from '../../../../website/server/libs/analyticsService';
 
 describe('analyticsService', () => {
   beforeEach(() => {
     sandbox.stub(Amplitude.prototype, 'track').returns(Promise.resolve());
-
-    sandbox.stub(Visitor.prototype, 'event');
-    sandbox.stub(Visitor.prototype, 'transaction');
   });
 
   afterEach(() => {
@@ -37,8 +33,6 @@ describe('analyticsService', () => {
       data;
 
     beforeEach(() => {
-      Visitor.prototype.event.yields();
-
       eventType = 'Cron';
       data = {
         category: 'behavior',
@@ -49,6 +43,11 @@ describe('analyticsService', () => {
           'x-client': 'habitica-web',
           'user-agent': '',
         },
+        user: {
+          preferences: {
+            analyticsConsent: true,
+          },
+        },
       };
     });
 
@@ -295,6 +294,9 @@ describe('analyticsService', () => {
           rewards: [{ _id: 'reward' }],
           balance: 12,
           loginIncentives: 1,
+          preferences: {
+            analyticsConsent: true,
+          },
         };
 
         data.user = user;
@@ -326,37 +328,12 @@ describe('analyticsService', () => {
           });
       });
     });
-
-    context('GA', () => {
-      it('calls out to GA', () => analyticsService.track(eventType, data)
-        .then(() => {
-          expect(Visitor.prototype.event).to.be.calledOnce;
-        }));
-
-      it('sends details about event', () => analyticsService.track(eventType, data)
-        .then(() => {
-          expect(Visitor.prototype.event).to.be.calledWith({
-            ea: 'Cron',
-            ec: 'behavior',
-          });
-        }));
-    });
   });
 
   describe('#trackPurchase', () => {
-    let data; let
-      itemSpy;
+    let data;
 
     beforeEach(() => {
-      Visitor.prototype.event.yields();
-
-      itemSpy = sandbox.stub().returnsThis();
-
-      Visitor.prototype.transaction.returns({
-        item: itemSpy,
-        send: sandbox.stub().yields(),
-      });
-
       data = {
         uuid: 'user-id',
         sku: 'paypal-checkout',
@@ -370,6 +347,11 @@ describe('analyticsService', () => {
           'x-client': 'habitica-web',
           'user-agent': '',
         },
+        user: {
+          preferences: {
+            analyticsConsent: true,
+          },
+        },
       };
     });
 
@@ -533,6 +515,9 @@ describe('analyticsService', () => {
           dailys: [{ _id: 'daily' }],
           todos: [{ _id: 'todo' }],
           rewards: [{ _id: 'reward' }],
+          preferences: {
+            analyticsConsent: true,
+          },
         };
 
         data.user = user;
@@ -561,26 +546,6 @@ describe('analyticsService', () => {
           });
       });
     });
-
-    context('GA', () => {
-      it('calls out to GA', () => analyticsService.trackPurchase(data)
-        .then(() => {
-          expect(Visitor.prototype.event).to.be.calledOnce;
-          expect(Visitor.prototype.transaction).to.be.calledOnce;
-        }));
-
-      it('sends details about purchase', () => analyticsService.trackPurchase(data)
-        .then(() => {
-          expect(Visitor.prototype.event).to.be.calledWith({
-            ea: 'checkout',
-            ec: 'commerce',
-            el: 'PayPal',
-            ev: 8,
-          });
-          expect(Visitor.prototype.transaction).to.be.calledWith('user-id', 8);
-          expect(itemSpy).to.be.calledWith(8, 1, 'paypal-checkout', 'Gems', 'checkout');
-        }));
-    });
   });
 
   describe('mockAnalyticsService', () => {

test/api/unit/libs/bug-report.test.js

@@ -34,6 +34,7 @@ describe('bug-report', () => {
       emailData: {
         BROWSER_UA: userAgent,
         REPORT_MSG: userMessage,
+        USER_ANALYTICS: undefined,
         USER_CLASS: 'warrior',
         USER_CONSECUTIVE_MONTHS: 0,
         USER_COSTUME: 'false',
@@ -44,7 +45,6 @@ describe('bug-report', () => {
         USER_HOURGLASSES: 0,
         USER_ID: userId,
         USER_LEVEL: 1,
-        USER_OFFSET_MONTHS: 0,
         USER_PAYMENT_PLATFORM: undefined,
         USER_SUBSCRIPTION: undefined,
         USER_TIMEZONE_OFFSET: 0,

test/api/unit/libs/email.test.js

@@ -150,7 +150,7 @@ describe('emails', () => {
 
       sendTxn(mailingInfo, emailType);
       expect(got.post).to.be.called;
-      expect(got.post).to.be.calledWith('undefined/job', sinon.match({
+      expect(got.post).to.be.calledWith('http://example.com/job', sinon.match({
         json: {
           data: {
             emailType: sinon.match.same(emailType),
@@ -171,23 +171,23 @@ describe('emails', () => {
       expect(got.post).not.to.be.called;
     });
 
-    it('throws error when mail target is only a string', () => {
+    it('throws error when mail target is only a string', async () => {
       const emailType = 'an email type';
       const mailingInfo = 'my email';
 
-      expect(sendTxn(mailingInfo, emailType)).to.throw;
+      await expect(sendTxn(mailingInfo, emailType)).to.be.rejectedWith('Argument Error mailingInfoArray: does not contain email or _id');
     });
 
-    it('throws error when mail target has no _id or email', () => {
+    it('throws error when mail target has no _id or email', async () => {
       const emailType = 'an email type';
       const mailingInfo = {
 
       };
 
-      expect(sendTxn(mailingInfo, emailType)).to.throw;
+      await expect(sendTxn(mailingInfo, emailType)).to.be.rejectedWith('Argument Error mailingInfoArray: does not contain email or _id');
     });
 
-    it('throws error when variables not an array', () => {
+    it('throws error when variables not an array', async () => {
       const emailType = 'an email type';
       const mailingInfo = {
         name: 'my name',
@@ -195,9 +195,10 @@ describe('emails', () => {
       };
       const variables = {};
 
-      expect(sendTxn(mailingInfo, emailType, variables)).to.throw;
+      await expect(sendTxn(mailingInfo, emailType, variables)).to.be.rejectedWith('Argument Error variables: is not an array');
     });
-    it('throws error when variables array not contain name/content', () => {
+
+    it('throws error when variables array not contain name/content', async () => {
       const emailType = 'an email type';
       const mailingInfo = {
         name: 'my name',
@@ -209,8 +210,9 @@ describe('emails', () => {
         },
       ];
 
-      expect(sendTxn(mailingInfo, emailType, variables)).to.throw;
+      await expect(sendTxn(mailingInfo, emailType, variables)).to.be.rejectedWith('Argument Error variables: does not contain name or content');
     });
+
     it('throws no error when variables array contain name but no content', () => {
       const emailType = 'an email type';
       const mailingInfo = {
@@ -232,7 +234,7 @@ describe('emails', () => {
 
       sendTxn(mailingInfo, emailType);
       expect(got.post).to.be.called;
-      expect(got.post).to.be.calledWith('undefined/job', sinon.match({
+      expect(got.post).to.be.calledWith('http://example.com/job', sinon.match({
         json: {
           data: {
             emailType: sinon.match.same(emailType),
@@ -252,7 +254,7 @@ describe('emails', () => {
 
       sendTxn(mailingInfo, emailType, variables);
       expect(got.post).to.be.called;
-      expect(got.post).to.be.calledWith('undefined/job', sinon.match({
+      expect(got.post).to.be.calledWith('http://example.com/job', sinon.match({
         json: {
           data: {
             variables: sinon.match(value => value[0].name === 'BASE_URL', 'matches variables'),

test/api/unit/libs/highlightMentions.test.js

@@ -47,6 +47,12 @@ describe('highlightMentions', () => {
     expect(result[0]).to.equal('[@user-dash](/profile/444): message [@user_underscore](/profile/555)');
   });
 
+  it('highlights users with case-insensitive matching', async () => {
+    const text = '@USER: message @User2 @USER3';
+    const result = await highlightMentions(text);
+    expect(result[0]).to.equal('[@USER](/profile/111): message [@User2](/profile/222) [@USER3](/profile/333)');
+  });
+
   it('doesn\'t highlight nonexisting users', async () => {
     const text = '@nouser message';
     const result = await highlightMentions(text);

test/api/unit/libs/mongodb.js

@@ -1,5 +1,4 @@
 import os from 'os';
-import nconf from 'nconf';
 import requireAgain from 'require-again';
 
 const pathToMongoLib = '../../../../website/server/libs/mongodb';
@@ -29,22 +28,4 @@ describe('mongodb', () => {
       expect(string).to.equal('mongodb://hostname:3030');
     });
   });
-
-  describe('getDefaultConnectionOptions', () => {
-    it('returns development config when IS_PROD is false', () => {
-      sandbox.stub(nconf, 'get').withArgs('IS_PROD').returns(false);
-      const mongoLibOverride = requireAgain(pathToMongoLib);
-
-      const options = mongoLibOverride.getDefaultConnectionOptions();
-      expect(options).to.have.all.keys(['useNewUrlParser', 'useUnifiedTopology']);
-    });
-
-    it('returns production config when IS_PROD is true', () => {
-      sandbox.stub(nconf, 'get').withArgs('IS_PROD').returns(true);
-      const mongoLibOverride = requireAgain(pathToMongoLib);
-
-      const options = mongoLibOverride.getDefaultConnectionOptions();
-      expect(options).to.have.all.keys(['useNewUrlParser', 'useUnifiedTopology']);
-    });
-  });
 });

test/api/unit/libs/payments/apple.test.js

@@ -12,11 +12,33 @@ const { i18n } = common;
 describe('Apple Payments', () => {
   const subKey = 'basic_3mo';
 
+  let iapSetupStub;
+  let iapValidateStub;
+  let iapIsValidatedStub;
+  let iapIsCanceledStub;
+  let iapIsExpiredStub;
+  let paymentBuySkuStub;
+  let iapGetPurchaseDataStub;
+  let validateGiftMessageStub;
+  let paymentsCreateSubscritionStub;
+
+  beforeEach(() => {
+    iapSetupStub = sinon.stub(iap, 'setup').resolves();
+    iapValidateStub = sinon.stub(iap, 'validate').resolves({});
+  });
+
+  afterEach(() => {
+    iap.setup.restore();
+    iap.validate.restore();
+    iap.isValidated.restore();
+    iap.isExpired.restore();
+    iap.isCanceled.restore();
+    iap.getPurchaseData.restore();
+  });
+
   describe('verifyPurchase', () => {
     let sku; let user; let token; let receipt; let
       headers;
-    let iapSetupStub; let iapValidateStub; let iapIsValidatedStub; let paymentBuySkuStub; let
-      iapGetPurchaseDataStub; let validateGiftMessageStub;
 
     beforeEach(() => {
       token = 'testToken';
@@ -25,13 +47,9 @@ describe('Apple Payments', () => {
       receipt = `{"token": "${token}", "productId": "${sku}"}`;
       headers = {};
 
-      iapSetupStub = sinon.stub(iap, 'setup')
-        .resolves();
-      iapValidateStub = sinon.stub(iap, 'validate')
-        .resolves({});
       iapIsValidatedStub = sinon.stub(iap, 'isValidated').returns(true);
-      sinon.stub(iap, 'isExpired').returns(false);
-      sinon.stub(iap, 'isCanceled').returns(false);
+      iapIsCanceledStub = sinon.stub(iap, 'isCanceled').returns(false);
+      iapIsExpiredStub = sinon.stub(iap, 'isExpired').returns(false);
       iapGetPurchaseDataStub = sinon.stub(iap, 'getPurchaseData')
         .returns([{
           productId: 'com.habitrpg.ios.Habitica.21gems',
@@ -42,12 +60,6 @@ describe('Apple Payments', () => {
     });
 
     afterEach(() => {
-      iap.setup.restore();
-      iap.validate.restore();
-      iap.isValidated.restore();
-      iap.isExpired.restore();
-      iap.isCanceled.restore();
-      iap.getPurchaseData.restore();
       payments.buySkuItem.restore();
       gems.validateGiftMessage.restore();
     });
@@ -209,9 +221,6 @@ describe('Apple Payments', () => {
   describe('subscribe', () => {
     let sub; let sku; let user; let token; let receipt; let headers; let
       nextPaymentProcessing;
-    let iapSetupStub; let iapValidateStub; let iapIsValidatedStub;
-    let paymentsCreateSubscritionStub; let
-      iapGetPurchaseDataStub;
 
     beforeEach(() => {
       sub = common.content.subscriptionBlocks[subKey];
@@ -223,12 +232,10 @@ describe('Apple Payments', () => {
       nextPaymentProcessing = moment.utc().add({ days: 2 });
       user = new User();
 
-      iapSetupStub = sinon.stub(iap, 'setup')
-        .resolves();
-      iapValidateStub = sinon.stub(iap, 'validate')
-        .resolves({});
       iapIsValidatedStub = sinon.stub(iap, 'isValidated')
         .returns(true);
+      iapIsCanceledStub = sinon.stub(iap, 'isCanceled').returns(false);
+      iapIsExpiredStub = sinon.stub(iap, 'isExpired').returns(false);
       iapGetPurchaseDataStub = sinon.stub(iap, 'getPurchaseData')
         .returns([{
           expirationDate: moment.utc().subtract({ day: 1 }).toDate(),
@@ -250,10 +257,6 @@ describe('Apple Payments', () => {
     });
 
     afterEach(() => {
-      iap.setup.restore();
-      iap.validate.restore();
-      iap.isValidated.restore();
-      iap.getPurchaseData.restore();
       if (payments.createSubscription.restore) payments.createSubscription.restore();
     });
 
@@ -270,6 +273,29 @@ describe('Apple Payments', () => {
         });
     });
 
+    it('should throw an error if no active subscription is found', async () => {
+      iap.isCanceled.restore();
+      iapIsCanceledStub = sinon.stub(iap, 'isCanceled')
+        .returns(true);
+
+      iap.getPurchaseData.restore();
+      iapGetPurchaseDataStub = sinon.stub(iap, 'getPurchaseData')
+        .returns([{
+          expirationDate: moment.utc().add({ day: -2 }).toDate(),
+          purchaseDate: new Date(),
+          productId: 'subscription1month',
+          transactionId: token,
+          originalTransactionId: token,
+        }]);
+
+      await expect(applePayments.subscribe(user, receipt, headers, nextPaymentProcessing))
+        .to.eventually.be.rejected.and.to.eql({
+          httpCode: 401,
+          name: 'NotAuthorized',
+          message: applePayments.constants.RESPONSE_NO_ITEM_PURCHASED,
+        });
+    });
+
     const subOptions = [
       {
         sku: 'subscription1month',
@@ -574,8 +600,7 @@ describe('Apple Payments', () => {
   describe('cancelSubscribe ', () => {
     let user; let token; let receipt; let headers; let customerId; let
       expirationDate;
-    let iapSetupStub; let iapValidateStub; let iapIsValidatedStub; let iapGetPurchaseDataStub; let
-      paymentCancelSubscriptionSpy;
+    let paymentCancelSubscriptionSpy;
 
     beforeEach(async () => {
       token = 'test-token';
@@ -584,8 +609,7 @@ describe('Apple Payments', () => {
       customerId = 'test-customerId';
       expirationDate = moment.utc();
 
-      iapSetupStub = sinon.stub(iap, 'setup')
-        .resolves();
+      iapValidateStub.restore();
       iapValidateStub = sinon.stub(iap, 'validate')
         .resolves({
           expirationDate,
@@ -593,8 +617,8 @@ describe('Apple Payments', () => {
       iapGetPurchaseDataStub = sinon.stub(iap, 'getPurchaseData')
         .returns([{ expirationDate: expirationDate.toDate() }]);
       iapIsValidatedStub = sinon.stub(iap, 'isValidated').returns(true);
-      sinon.stub(iap, 'isCanceled').returns(false);
-      sinon.stub(iap, 'isExpired').returns(true);
+      iapIsCanceledStub = sinon.stub(iap, 'isCanceled').returns(false);
+      iapIsExpiredStub = sinon.stub(iap, 'isExpired').returns(true);
       user = new User();
       user.profile.name = 'sender';
       user.purchased.plan.paymentMethod = applePayments.constants.PAYMENT_METHOD_APPLE;
@@ -606,13 +630,7 @@ describe('Apple Payments', () => {
     });
 
     afterEach(() => {
-      iap.setup.restore();
-      iap.validate.restore();
-      iap.isValidated.restore();
-      iap.isExpired.restore();
-      iap.isCanceled.restore();
-      iap.getPurchaseData.restore();
-      payments.cancelSubscription.restore();
+      paymentCancelSubscriptionSpy.restore();
     });
 
     it('should throw an error if we are missing a subscription', async () => {
@@ -695,6 +713,8 @@ describe('Apple Payments', () => {
       expect(iapIsValidatedStub).to.be.calledWith({
         expirationDate,
       });
+      expect(iapIsCanceledStub).to.be.calledOnce;
+      expect(iapIsExpiredStub).to.be.calledOnce;
       expect(iapGetPurchaseDataStub).to.be.calledOnce;
 
       expect(paymentCancelSubscriptionSpy).to.be.calledOnce;

test/api/unit/libs/payments/google.test.js

@@ -11,12 +11,36 @@ const { i18n } = common;
 
 describe('Google Payments', () => {
   const subKey = 'basic_3mo';
+  let iapSetupStub;
+  let iapValidateStub;
+  let iapIsValidatedStub;
+  let paymentBuySkuStub;
+  let validateGiftMessageStub;
+
+  beforeEach(() => {
+    iapSetupStub = sinon.stub(iap, 'setup')
+      .resolves();
+    iapIsValidatedStub = sinon.stub(iap, 'isValidated')
+      .returns(true);
+    sinon.stub(iap, 'isCanceled').returns(false);
+    sinon.stub(iap, 'isExpired').returns(false);
+    paymentBuySkuStub = sinon.stub(payments, 'buySkuItem').resolves({});
+    validateGiftMessageStub = sinon.stub(gems, 'validateGiftMessage');
+  });
+
+  afterEach(() => {
+    iap.setup.restore();
+    iap.validate.restore();
+    iap.isValidated.restore();
+    iap.isCanceled.restore();
+    iap.isExpired.restore();
+    payments.buySkuItem.restore();
+    gems.validateGiftMessage.restore();
+  });
 
   describe('verifyPurchase', () => {
     let sku; let user; let token; let receipt; let signature; let
       headers;
-    let iapSetupStub; let iapValidateStub; let iapIsValidatedStub; let
-      paymentBuySkuStub; let validateGiftMessageStub;
 
     beforeEach(() => {
       sku = 'com.habitrpg.android.habitica.iap.21gems';
@@ -25,21 +49,7 @@ describe('Google Payments', () => {
       signature = '';
       headers = {};
 
-      iapSetupStub = sinon.stub(iap, 'setup')
-        .resolves();
       iapValidateStub = sinon.stub(iap, 'validate').resolves({ productId: sku });
-      iapIsValidatedStub = sinon.stub(iap, 'isValidated')
-        .returns(true);
-      paymentBuySkuStub = sinon.stub(payments, 'buySkuItem').resolves({});
-      validateGiftMessageStub = sinon.stub(gems, 'validateGiftMessage');
-    });
-
-    afterEach(() => {
-      iap.setup.restore();
-      iap.validate.restore();
-      iap.isValidated.restore();
-      payments.buySkuItem.restore();
-      gems.validateGiftMessage.restore();
     });
 
     it('should throw an error if receipt is invalid', async () => {
@@ -160,8 +170,7 @@ describe('Google Payments', () => {
   describe('subscribe', () => {
     let sub; let sku; let user; let token; let receipt; let signature; let headers; let
       nextPaymentProcessing;
-    let iapSetupStub; let iapValidateStub; let iapIsValidatedStub; let
-      paymentsCreateSubscritionStub;
+    let paymentsCreateSubscritionStub;
 
     beforeEach(() => {
       sub = common.content.subscriptionBlocks[subKey];
@@ -173,19 +182,12 @@ describe('Google Payments', () => {
       signature = '';
       nextPaymentProcessing = moment.utc().add({ days: 2 });
 
-      iapSetupStub = sinon.stub(iap, 'setup')
-        .resolves();
       iapValidateStub = sinon.stub(iap, 'validate')
         .resolves({});
-      iapIsValidatedStub = sinon.stub(iap, 'isValidated')
-        .returns(true);
       paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').resolves({});
     });
 
     afterEach(() => {
-      iap.setup.restore();
-      iap.validate.restore();
-      iap.isValidated.restore();
       payments.createSubscription.restore();
     });
 
@@ -243,7 +245,7 @@ describe('Google Payments', () => {
   describe('cancelSubscribe ', () => {
     let user; let token; let receipt; let signature; let headers; let customerId; let
       expirationDate;
-    let iapSetupStub; let iapValidateStub; let iapIsValidatedStub; let iapGetPurchaseDataStub; let
+    let iapGetPurchaseDataStub; let
       paymentCancelSubscriptionSpy;
 
     beforeEach(async () => {
@@ -253,17 +255,12 @@ describe('Google Payments', () => {
       signature = '';
       customerId = 'test-customerId';
       expirationDate = moment.utc();
-
-      iapSetupStub = sinon.stub(iap, 'setup')
-        .resolves();
       iapValidateStub = sinon.stub(iap, 'validate')
         .resolves({
           expirationDate,
         });
       iapGetPurchaseDataStub = sinon.stub(iap, 'getPurchaseData')
         .returns([{ expirationDate: expirationDate.toDate(), autoRenewing: false }]);
-      iapIsValidatedStub = sinon.stub(iap, 'isValidated')
-        .returns(true);
 
       user = new User();
       user.profile.name = 'sender';
@@ -276,9 +273,6 @@ describe('Google Payments', () => {
     });
 
     afterEach(() => {
-      iap.setup.restore();
-      iap.validate.restore();
-      iap.isValidated.restore();
       iap.getPurchaseData.restore();
       payments.cancelSubscription.restore();
     });
@@ -308,6 +302,8 @@ describe('Google Payments', () => {
     });
 
     it('should cancel a user subscription', async () => {
+      iap.isCanceled.restore();
+      iap.isCanceled = sinon.stub(iap, 'isCanceled').returns(true);
       await googlePayments.cancelSubscribe(user, headers);
 
       expect(iapSetupStub).to.be.calledOnce;
@@ -332,11 +328,20 @@ describe('Google Payments', () => {
     });
 
     it('should cancel a user subscription with multiple inactive subscriptions', async () => {
+      iap.isCanceled.restore();
+      iap.isCanceled = sinon.stub(iap, 'isCanceled').returns(true);
       const laterDate = moment.utc().add(7, 'days');
       iap.getPurchaseData.restore();
       iapGetPurchaseDataStub = sinon.stub(iap, 'getPurchaseData')
-        .returns([{ expirationDate, autoRenewing: false },
-          { expirationDate: laterDate, autoRenewing: false },
+        .returns([{
+          startTimeMillis: expirationDate.valueOf(),
+          expirationDate,
+          autoRenewing: false,
+        }, {
+          startTimeMillis: laterDate.valueOf(),
+          expirationDate: laterDate,
+          autoRenewing: false,
+        },
         ]);
       await googlePayments.cancelSubscribe(user, headers);
 
@@ -365,7 +370,12 @@ describe('Google Payments', () => {
       iap.getPurchaseData.restore();
       iapGetPurchaseDataStub = sinon.stub(iap, 'getPurchaseData')
         .returns([{ autoRenewing: true }]);
-      await googlePayments.cancelSubscribe(user, headers);
+      await expect(googlePayments.cancelSubscribe(user, headers))
+        .to.eventually.be.rejected.and.to.eql({
+          httpCode: 401,
+          name: 'NotAuthorized',
+          message: googlePayments.constants.RESPONSE_STILL_VALID,
+        });
 
       expect(iapSetupStub).to.be.calledOnce;
       expect(iapValidateStub).to.be.calledOnce;
@@ -388,8 +398,12 @@ describe('Google Payments', () => {
         .returns([{ expirationDate, autoRenewing: false },
           { autoRenewing: true },
           { expirationDate, autoRenewing: false }]);
-      await googlePayments.cancelSubscribe(user, headers);
-
+      await expect(googlePayments.cancelSubscribe(user, headers))
+        .to.eventually.be.rejected.and.to.eql({
+          httpCode: 401,
+          name: 'NotAuthorized',
+          message: googlePayments.constants.RESPONSE_STILL_VALID,
+        });
       expect(iapSetupStub).to.be.calledOnce;
       expect(iapValidateStub).to.be.calledOnce;
       expect(iapValidateStub).to.be.calledWith(iap.GOOGLE, {

test/api/unit/libs/payments/group-plans/group-payments-create.test.js

@@ -715,7 +715,7 @@ describe('Purchasing a group plan for group', () => {
     const mysteryItem = { title: 'item' };
     const mysteryItems = [mysteryItem];
     const consecutive = {
-      trinkets: 3,
+      trinkets: 4,
       gemCapExtra: 20,
       offset: 1,
       count: 13,

test/api/unit/libs/payments/payments.test.js

@@ -12,6 +12,7 @@ import {
 } from '../../../../helpers/api-unit.helper';
 import * as worldState from '../../../../../website/server/libs/worldState';
 import { TransactionModel } from '../../../../../website/server/models/transaction';
+import { REPEATING_EVENTS } from '../../../../../website/common/script/content/constants/events';
 
 describe('payments/index', () => {
   let user;
@@ -65,7 +66,6 @@ describe('payments/index', () => {
       mysteryItems: [],
       consecutive: {
         trinkets: 0,
-        offset: 0,
         gemCapExtra: 0,
       },
     };
@@ -108,14 +108,8 @@ describe('payments/index', () => {
       });
 
       it('add a transaction entry to the recipient', async () => {
-        recipient.purchased.plan = plan;
-
-        expect(recipient.purchased.plan.extraMonths).to.eql(0);
-
         await api.createSubscription(data);
 
-        expect(recipient.purchased.plan.extraMonths).to.eql(3);
-
         const transactions = await TransactionModel
           .find({ userId: recipient._id })
           .sort({ createdAt: -1 })
@@ -177,6 +171,45 @@ describe('payments/index', () => {
         expect(recipient.purchased.plan.dateUpdated).to.exist;
       });
 
+      it('does not reset gemCapExtra if they already had one', async () => {
+        recipient.purchased.plan.consecutive.gemCapExtra = 10;
+
+        await api.createSubscription(data);
+
+        expect(recipient.purchased.plan.consecutive.gemCapExtra).to.eql(10);
+      });
+
+      it('sets gemCapExtra to 0 if they receive a 3 month sub', async () => {
+        data.gift.subscription.key = 'basic_3mo';
+        data.gift.subscription.months = 3;
+
+        await api.createSubscription(data);
+
+        expect(recipient.purchased.plan.consecutive.gemCapExtra).to.eql(0);
+      });
+
+      it('sets gemCapExtra to max if they receive a 12 month sub', async () => {
+        recipient.purchased.plan.consecutive.gemCapExtra = 10;
+
+        data.gift.subscription.key = 'basic_12mo';
+        data.gift.subscription.months = 12;
+
+        await api.createSubscription(data);
+
+        expect(recipient.purchased.plan.consecutive.gemCapExtra).to.eql(26);
+      });
+
+      it('gives user 1 hourglass if they have no active subscription', async () => {
+        await api.createSubscription(data);
+        expect(recipient.purchased.plan.consecutive.trinkets).to.eql(1);
+      });
+
+      it('does not give any hourglasses if they have an active subscription', async () => {
+        recipient.purchased.plan = plan;
+        await api.createSubscription(data);
+        expect(recipient.purchased.plan.consecutive.trinkets).to.eql(plan.consecutive.trinkets);
+      });
+
       it('sets plan.dateUpdated if it did exist but the user has cancelled', async () => {
         recipient.purchased.plan.dateUpdated = moment().subtract(1, 'days').toDate();
         recipient.purchased.plan.dateTerminated = moment().subtract(1, 'days').toDate();
@@ -235,116 +268,6 @@ describe('payments/index', () => {
         expect(recipient.purchased.plan.customerId).to.eql('customer-id');
       });
 
-      it('sets plan.perkMonthCount to 1 if user is not subscribed', async () => {
-        recipient.purchased.plan = plan;
-        recipient.purchased.plan.perkMonthCount = 1;
-        recipient.purchased.plan.customerId = undefined;
-        data.sub.key = 'basic_earned';
-        data.gift.subscription.key = 'basic_earned';
-        data.gift.subscription.months = 1;
-
-        expect(recipient.purchased.plan.perkMonthCount).to.eql(1);
-        await api.createSubscription(data);
-
-        expect(recipient.purchased.plan.perkMonthCount).to.eql(1);
-      });
-
-      it('sets plan.perkMonthCount to 1 if field is not initialized', async () => {
-        recipient.purchased.plan = plan;
-        recipient.purchased.plan.perkMonthCount = -1;
-        recipient.purchased.plan.customerId = undefined;
-        data.sub.key = 'basic_earned';
-        data.gift.subscription.key = 'basic_earned';
-        data.gift.subscription.months = 1;
-
-        expect(recipient.purchased.plan.perkMonthCount).to.eql(-1);
-        await api.createSubscription(data);
-
-        expect(recipient.purchased.plan.perkMonthCount).to.eql(1);
-      });
-
-      it('sets plan.perkMonthCount to 1 if user had previous count but lapsed subscription', async () => {
-        recipient.purchased.plan = plan;
-        recipient.purchased.plan.perkMonthCount = 2;
-        recipient.purchased.plan.customerId = undefined;
-        data.sub.key = 'basic_earned';
-        data.gift.subscription.key = 'basic_earned';
-        data.gift.subscription.months = 1;
-
-        expect(recipient.purchased.plan.perkMonthCount).to.eql(2);
-        await api.createSubscription(data);
-
-        expect(recipient.purchased.plan.perkMonthCount).to.eql(1);
-      });
-
-      it('adds to plan.perkMonthCount if user is already subscribed', async () => {
-        recipient.purchased.plan = plan;
-        recipient.purchased.plan.perkMonthCount = 1;
-        data.sub.key = 'basic_earned';
-        data.gift.subscription.key = 'basic_earned';
-        data.gift.subscription.months = 1;
-
-        expect(recipient.purchased.plan.perkMonthCount).to.eql(1);
-        await api.createSubscription(data);
-
-        expect(recipient.purchased.plan.perkMonthCount).to.eql(2);
-      });
-
-      it('awards perks if plan.perkMonthCount reaches 3 with existing subscription', async () => {
-        recipient.purchased.plan = plan;
-        recipient.purchased.plan.perkMonthCount = 2;
-        data.sub.key = 'basic_earned';
-        data.gift.subscription.key = 'basic_earned';
-        data.gift.subscription.months = 1;
-
-        expect(recipient.purchased.plan.perkMonthCount).to.eql(2);
-        expect(recipient.purchased.plan.consecutive.trinkets).to.eql(0);
-        expect(recipient.purchased.plan.consecutive.gemCapExtra).to.eql(0);
-        await api.createSubscription(data);
-
-        expect(recipient.purchased.plan.perkMonthCount).to.eql(0);
-        expect(recipient.purchased.plan.consecutive.trinkets).to.eql(1);
-        expect(recipient.purchased.plan.consecutive.gemCapExtra).to.eql(5);
-      });
-
-      it('awards perks if plan.perkMonthCount reaches 3 without existing subscription', async () => {
-        recipient.purchased.plan.perkMonthCount = 0;
-        expect(recipient.purchased.plan.perkMonthCount).to.eql(0);
-        expect(recipient.purchased.plan.consecutive.trinkets).to.eql(0);
-        expect(recipient.purchased.plan.consecutive.gemCapExtra).to.eql(0);
-        await api.createSubscription(data);
-
-        expect(recipient.purchased.plan.perkMonthCount).to.eql(0);
-        expect(recipient.purchased.plan.consecutive.trinkets).to.eql(1);
-        expect(recipient.purchased.plan.consecutive.gemCapExtra).to.eql(5);
-      });
-
-      it('awards perks if plan.perkMonthCount reaches 3 without initialized field', async () => {
-        expect(recipient.purchased.plan.perkMonthCount).to.eql(-1);
-        expect(recipient.purchased.plan.consecutive.trinkets).to.eql(0);
-        expect(recipient.purchased.plan.consecutive.gemCapExtra).to.eql(0);
-        await api.createSubscription(data);
-
-        expect(recipient.purchased.plan.perkMonthCount).to.eql(0);
-        expect(recipient.purchased.plan.consecutive.trinkets).to.eql(1);
-        expect(recipient.purchased.plan.consecutive.gemCapExtra).to.eql(5);
-      });
-
-      it('awards perks if plan.perkMonthCount goes over 3', async () => {
-        recipient.purchased.plan = plan;
-        recipient.purchased.plan.perkMonthCount = 2;
-        data.sub.key = 'basic_earned';
-
-        expect(recipient.purchased.plan.perkMonthCount).to.eql(2);
-        expect(recipient.purchased.plan.consecutive.trinkets).to.eql(0);
-        expect(recipient.purchased.plan.consecutive.gemCapExtra).to.eql(0);
-        await api.createSubscription(data);
-
-        expect(recipient.purchased.plan.perkMonthCount).to.eql(2);
-        expect(recipient.purchased.plan.consecutive.trinkets).to.eql(1);
-        expect(recipient.purchased.plan.consecutive.gemCapExtra).to.eql(5);
-      });
-
       it('sets plan.customerId to "Gift" if it does not already exist', async () => {
         expect(recipient.purchased.plan.customerId).to.not.exist;
 
@@ -421,8 +344,8 @@ describe('payments/index', () => {
       context('Active Promotion', () => {
         beforeEach(() => {
           sinon.stub(worldState, 'getCurrentEventList').returns([{
-            ...common.content.events.winter2021Promo,
-            event: 'winter2021',
+            ...REPEATING_EVENTS.giftOneGetOne,
+            event: 'g1g1',
           }]);
         });
 
@@ -438,22 +361,30 @@ describe('payments/index', () => {
           expect(user.purchased.plan.dateTerminated).to.exist;
           expect(user.purchased.plan.dateUpdated).to.exist;
           expect(user.purchased.plan.dateCreated).to.exist;
+          expect(user.purchased.plan.consecutive.trinkets).to.eql(1);
+          expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(0);
 
           expect(recipient.items.pets['Jackalope-RoyalPurple']).to.eql(5);
           expect(recipient.purchased.plan.customerId).to.eql('Gift');
           expect(recipient.purchased.plan.dateTerminated).to.exist;
           expect(recipient.purchased.plan.dateUpdated).to.exist;
           expect(recipient.purchased.plan.dateCreated).to.exist;
+          expect(recipient.purchased.plan.consecutive.trinkets).to.eql(1);
+          expect(recipient.purchased.plan.consecutive.gemCapExtra).to.eql(0);
         });
 
         it('adds extraMonths to existing subscription for purchaser and creates a gift subscription for recipient without sub', async () => {
           user.purchased.plan = plan;
 
           expect(user.purchased.plan.extraMonths).to.eql(0);
+          expect(user.purchased.plan.consecutive.trinkets).to.eql(0);
+          expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(0);
 
           await api.createSubscription(data);
 
           expect(user.purchased.plan.extraMonths).to.eql(3);
+          expect(user.purchased.plan.consecutive.trinkets).to.eql(0);
+          expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(0);
 
           expect(recipient.items.pets['Jackalope-RoyalPurple']).to.eql(5);
           expect(recipient.purchased.plan.customerId).to.eql('Gift');
@@ -466,10 +397,12 @@ describe('payments/index', () => {
           recipient.purchased.plan = plan;
 
           expect(recipient.purchased.plan.extraMonths).to.eql(0);
+          expect(recipient.purchased.plan.consecutive.trinkets).to.eql(0);
 
           await api.createSubscription(data);
 
           expect(recipient.purchased.plan.extraMonths).to.eql(3);
+          expect(recipient.purchased.plan.consecutive.trinkets).to.eql(0);
 
           expect(user.items.pets['Jackalope-RoyalPurple']).to.eql(5);
           expect(user.purchased.plan.customerId).to.eql('Gift');
@@ -484,11 +417,15 @@ describe('payments/index', () => {
 
           expect(user.purchased.plan.extraMonths).to.eql(0);
           expect(recipient.purchased.plan.extraMonths).to.eql(0);
+          expect(user.purchased.plan.consecutive.trinkets).to.eql(0);
+          expect(recipient.purchased.plan.consecutive.trinkets).to.eql(0);
 
           await api.createSubscription(data);
 
           expect(user.purchased.plan.extraMonths).to.eql(3);
           expect(recipient.purchased.plan.extraMonths).to.eql(3);
+          expect(user.purchased.plan.consecutive.trinkets).to.eql(0);
+          expect(recipient.purchased.plan.consecutive.trinkets).to.eql(0);
         });
 
         it('sends a private message about the promotion', async () => {
@@ -511,7 +448,6 @@ describe('payments/index', () => {
         expect(user.purchased.plan.customerId).to.eql('customer-id');
         expect(user.purchased.plan.dateUpdated).to.exist;
         expect(user.purchased.plan.gemsBought).to.eql(0);
-        expect(user.purchased.plan.perkMonthCount).to.eql(0);
         expect(user.purchased.plan.paymentMethod).to.eql('Payment Method');
         expect(user.purchased.plan.extraMonths).to.eql(0);
         expect(user.purchased.plan.dateTerminated).to.eql(null);
@@ -549,33 +485,6 @@ describe('payments/index', () => {
         expect(user.purchased.plan.dateCurrentTypeCreated).to.not.eql(initialDate);
       });
 
-      it('keeps plan.perkMonthCount when changing subscription type', async () => {
-        await api.createSubscription(data);
-        user.purchased.plan.perkMonthCount = 2;
-        await api.createSubscription(data);
-        expect(user.purchased.plan.perkMonthCount).to.eql(2);
-      });
-
-      it('sets plan.perkMonthCount to zero when creating new monthly subscription', async () => {
-        user.purchased.plan.perkMonthCount = 2;
-        await api.createSubscription(data);
-        expect(user.purchased.plan.perkMonthCount).to.eql(0);
-      });
-
-      it('sets plan.perkMonthCount to zero when creating new 3 month subscription', async () => {
-        user.purchased.plan.perkMonthCount = 2;
-        await api.createSubscription(data);
-        expect(user.purchased.plan.perkMonthCount).to.eql(0);
-      });
-
-      it('updates plan.consecutive.offset when changing subscription type', async () => {
-        await api.createSubscription(data);
-        expect(user.purchased.plan.consecutive.offset).to.eql(3);
-        data.sub.key = 'basic_6mo';
-        await api.createSubscription(data);
-        expect(user.purchased.plan.consecutive.offset).to.eql(6);
-      });
-
       it('awards the Royal Purple Jackalope pet', async () => {
         await api.createSubscription(data);
 
@@ -694,6 +603,7 @@ describe('payments/index', () => {
           expect(user.purchased.plan.dateCreated).to.eql(created);
           expect(user.purchased.plan.dateUpdated).to.not.eql(updated);
           expect(user.purchased.plan.customerId).to.eql('customer-id');
+          expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(26);
         });
       });
 
@@ -741,55 +651,20 @@ describe('payments/index', () => {
     });
 
     context('Block subscription perks', () => {
-      it('adds block months to plan.consecutive.offset', async () => {
-        await api.createSubscription(data);
-
-        expect(user.purchased.plan.consecutive.offset).to.eql(3);
-      });
-
-      it('does not add to plans.consecutive.offset if 1 month subscription', async () => {
-        data.sub.key = 'basic_earned';
-        await api.createSubscription(data);
-
-        expect(user.purchased.plan.consecutive.offset).to.eql(0);
-      });
-
-      it('resets plans.consecutive.offset if 1 month subscription', async () => {
-        user.purchased.plan.consecutive.offset = 1;
-        await user.save();
-        data.sub.key = 'basic_earned';
-        await api.createSubscription(data);
-
-        expect(user.purchased.plan.consecutive.offset).to.eql(0);
-      });
-
-      it('adds 5 to plan.consecutive.gemCapExtra for 3 month block', async () => {
-        await api.createSubscription(data);
-
-        expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(5);
-      });
-
-      it('adds 10 to plan.consecutive.gemCapExtra for 6 month block', async () => {
-        data.sub.key = 'basic_6mo';
-        await api.createSubscription(data);
-
-        expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(10);
-      });
-
-      it('adds 20 to plan.consecutive.gemCapExtra for 12 month block', async () => {
+      it('adds 26 to plan.consecutive.gemCapExtra for 12 month block', async () => {
         data.sub.key = 'basic_12mo';
         await api.createSubscription(data);
 
-        expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(20);
+        expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(26);
       });
 
-      it('does not raise plan.consecutive.gemCapExtra higher than 25', async () => {
+      it('does not raise plan.consecutive.gemCapExtra higher than 26', async () => {
         data.sub.key = 'basic_12mo';
 
         await api.createSubscription(data);
         await api.createSubscription(data);
 
-        expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(25);
+        expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(26);
       });
 
       it('adds a plan.consecutive.trinkets for 3 month block', async () => {
@@ -798,20 +673,29 @@ describe('payments/index', () => {
         expect(user.purchased.plan.consecutive.trinkets).to.eql(1);
       });
 
-      it('adds 2 plan.consecutive.trinkets for 6 month block', async () => {
+      it('adds 1 plan.consecutive.trinkets for 6 month block', async () => {
         data.sub.key = 'basic_6mo';
 
         await api.createSubscription(data);
 
-        expect(user.purchased.plan.consecutive.trinkets).to.eql(2);
+        expect(user.purchased.plan.consecutive.trinkets).to.eql(1);
       });
 
-      it('adds 4 plan.consecutive.trinkets for 12 month block', async () => {
+      it('adds 1 plan.consecutive.trinkets for 12 month block if they had promo', async () => {
+        user.purchased.plan.hourglassPromoReceived = new Date();
         data.sub.key = 'basic_12mo';
 
         await api.createSubscription(data);
 
-        expect(user.purchased.plan.consecutive.trinkets).to.eql(4);
+        expect(user.purchased.plan.consecutive.trinkets).to.eql(1);
+      });
+
+      it('adds 12 plan.consecutive.trinkets for 12 month block', async () => {
+        data.sub.key = 'basic_12mo';
+
+        await api.createSubscription(data);
+
+        expect(user.purchased.plan.consecutive.trinkets).to.eql(13);
       });
 
       context('Upgrades subscription', () => {
@@ -819,70 +703,38 @@ describe('payments/index', () => {
           beforeEach(async () => {
             data.updatedFrom = { logic: 'payDifference' };
           });
-          it('Adds 10 to plan.consecutive.gemCapExtra from basic_earned to basic_6mo', async () => {
-            data.sub.key = 'basic_earned';
-            expect(user.purchased.plan.planId).to.not.exist;
-
-            await api.createSubscription(data);
-
-            expect(user.purchased.plan.planId).to.eql('basic_earned');
-            expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(0);
-
-            data.sub.key = 'basic_6mo';
-            data.updatedFrom.key = 'basic_earned';
-            await api.createSubscription(data);
-            expect(user.purchased.plan.planId).to.eql('basic_6mo');
-            expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(10);
-          });
-
-          it('Adds 15 to plan.consecutive.gemCapExtra when upgrading from basic_3mo to basic_12mo', async () => {
+          it('Adds 26 to plan.consecutive.gemCapExtra when upgrading from basic_3mo to basic_12mo', async () => {
             expect(user.purchased.plan.planId).to.not.exist;
 
             await api.createSubscription(data);
 
             expect(user.purchased.plan.planId).to.eql('basic_3mo');
-            expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(5);
+            expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(0);
 
             data.sub.key = 'basic_12mo';
             data.updatedFrom.key = 'basic_3mo';
             await api.createSubscription(data);
             expect(user.purchased.plan.planId).to.eql('basic_12mo');
-            expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(20);
+            expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(26);
           });
 
-          it('Adds 2 to plan.consecutive.trinkets from basic_earned to basic_6mo', async () => {
-            data.sub.key = 'basic_earned';
-            expect(user.purchased.plan.planId).to.not.exist;
-
-            await api.createSubscription(data);
-
-            expect(user.purchased.plan.planId).to.eql('basic_earned');
-            expect(user.purchased.plan.consecutive.trinkets).to.eql(0);
-
-            data.sub.key = 'basic_6mo';
-            data.updatedFrom.key = 'basic_earned';
-            await api.createSubscription(data);
-            expect(user.purchased.plan.planId).to.eql('basic_6mo');
-            expect(user.purchased.plan.consecutive.trinkets).to.eql(2);
-          });
-
-          it('Adds 2 to plan.consecutive.trinkets when upgrading from basic_6mo to basic_12mo', async () => {
+          it('Adds 12 to plan.consecutive.trinkets when upgrading from basic_6mo to basic_12mo', async () => {
             data.sub.key = 'basic_6mo';
             expect(user.purchased.plan.planId).to.not.exist;
 
             await api.createSubscription(data);
 
             expect(user.purchased.plan.planId).to.eql('basic_6mo');
-            expect(user.purchased.plan.consecutive.trinkets).to.eql(2);
+            expect(user.purchased.plan.consecutive.trinkets).to.eql(1);
 
             data.sub.key = 'basic_12mo';
             data.updatedFrom.key = 'basic_6mo';
             await api.createSubscription(data);
             expect(user.purchased.plan.planId).to.eql('basic_12mo');
-            expect(user.purchased.plan.consecutive.trinkets).to.eql(4);
+            expect(user.purchased.plan.consecutive.trinkets).to.eql(13);
           });
 
-          it('Adds 3 to plan.consecutive.trinkets when upgrading from basic_3mo to basic_12mo', async () => {
+          it('Adds 12 to plan.consecutive.trinkets when upgrading from basic_3mo to basic_12mo', async () => {
             expect(user.purchased.plan.planId).to.not.exist;
 
             await api.createSubscription(data);
@@ -894,7 +746,7 @@ describe('payments/index', () => {
             data.updatedFrom.key = 'basic_3mo';
             await api.createSubscription(data);
             expect(user.purchased.plan.planId).to.eql('basic_12mo');
-            expect(user.purchased.plan.consecutive.trinkets).to.eql(4);
+            expect(user.purchased.plan.consecutive.trinkets).to.eql(13);
           });
         });
 
@@ -902,70 +754,39 @@ describe('payments/index', () => {
           beforeEach(async () => {
             data.updatedFrom = { logic: 'payFull' };
           });
-          it('Adds 10 to plan.consecutive.gemCapExtra from basic_earned to basic_6mo', async () => {
-            data.sub.key = 'basic_earned';
-            expect(user.purchased.plan.planId).to.not.exist;
 
-            await api.createSubscription(data);
-
-            expect(user.purchased.plan.planId).to.eql('basic_earned');
-            expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(0);
-
-            data.sub.key = 'basic_6mo';
-            data.updatedFrom.key = 'basic_earned';
-            await api.createSubscription(data);
-            expect(user.purchased.plan.planId).to.eql('basic_6mo');
-            expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(10);
-          });
-
-          it('Adds 20 to plan.consecutive.gemCapExtra when upgrading from basic_3mo to basic_12mo', async () => {
+          it('Adds 26 to plan.consecutive.gemCapExtra when upgrading from basic_3mo to basic_12mo', async () => {
             expect(user.purchased.plan.planId).to.not.exist;
 
             await api.createSubscription(data);
 
             expect(user.purchased.plan.planId).to.eql('basic_3mo');
-            expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(5);
+            expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(0);
 
             data.sub.key = 'basic_12mo';
             data.updatedFrom.key = 'basic_3mo';
             await api.createSubscription(data);
             expect(user.purchased.plan.planId).to.eql('basic_12mo');
-            expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(25);
+            expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(26);
           });
 
-          it('Adds 2 to plan.consecutive.trinkets from basic_earned to basic_6mo', async () => {
-            data.sub.key = 'basic_earned';
-            expect(user.purchased.plan.planId).to.not.exist;
-
-            await api.createSubscription(data);
-
-            expect(user.purchased.plan.planId).to.eql('basic_earned');
-            expect(user.purchased.plan.consecutive.trinkets).to.eql(0);
-
-            data.sub.key = 'basic_6mo';
-            data.updatedFrom.key = 'basic_earned';
-            await api.createSubscription(data);
-            expect(user.purchased.plan.planId).to.eql('basic_6mo');
-            expect(user.purchased.plan.consecutive.trinkets).to.eql(2);
-          });
-
-          it('Adds 4 to plan.consecutive.trinkets when upgrading from basic_6mo to basic_12mo', async () => {
+          it('Adds 12 to plan.consecutive.trinkets when upgrading from basic_6mo to basic_12mo', async () => {
             data.sub.key = 'basic_6mo';
             expect(user.purchased.plan.planId).to.not.exist;
 
             await api.createSubscription(data);
 
             expect(user.purchased.plan.planId).to.eql('basic_6mo');
-            expect(user.purchased.plan.consecutive.trinkets).to.eql(2);
+            expect(user.purchased.plan.consecutive.trinkets).to.eql(1);
 
             data.sub.key = 'basic_12mo';
             data.updatedFrom.key = 'basic_6mo';
             await api.createSubscription(data);
             expect(user.purchased.plan.planId).to.eql('basic_12mo');
-            expect(user.purchased.plan.consecutive.trinkets).to.eql(6);
+            expect(user.purchased.plan.consecutive.trinkets).to.eql(13);
           });
 
-          it('Adds 4 to plan.consecutive.trinkets when upgrading from basic_3mo to basic_12mo', async () => {
+          it('Adds 12 to plan.consecutive.trinkets when upgrading from basic_3mo to basic_12mo', async () => {
             expect(user.purchased.plan.planId).to.not.exist;
 
             await api.createSubscription(data);
@@ -977,7 +798,7 @@ describe('payments/index', () => {
             data.updatedFrom.key = 'basic_3mo';
             await api.createSubscription(data);
             expect(user.purchased.plan.planId).to.eql('basic_12mo');
-            expect(user.purchased.plan.consecutive.trinkets).to.eql(5);
+            expect(user.purchased.plan.consecutive.trinkets).to.eql(13);
           });
         });
 
@@ -988,30 +809,13 @@ describe('payments/index', () => {
             data.updatedFrom = { logic: 'refundAndRepay' };
           });
           context('Upgrades within first half of subscription', () => {
-            it('Adds 10 to plan.consecutive.gemCapExtra from basic_earned to basic_6mo', async () => {
-              data.sub.key = 'basic_earned';
-              expect(user.purchased.plan.planId).to.not.exist;
-              await api.createSubscription(data);
-
-              expect(user.purchased.plan.planId).to.eql('basic_earned');
-              expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(0);
-
-              data.sub.key = 'basic_6mo';
-              data.updatedFrom.key = 'basic_earned';
-              clock.restore();
-              clock = sinon.useFakeTimers(new Date('2022-01-10'));
-              await api.createSubscription(data);
-              expect(user.purchased.plan.planId).to.eql('basic_6mo');
-              expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(10);
-            });
-
-            it('Adds 15 to plan.consecutive.gemCapExtra when upgrading from basic_3mo to basic_12mo', async () => {
+            it('Adds 26 to plan.consecutive.gemCapExtra when upgrading from basic_3mo to basic_12mo', async () => {
               expect(user.purchased.plan.planId).to.not.exist;
 
               await api.createSubscription(data);
 
               expect(user.purchased.plan.planId).to.eql('basic_3mo');
-              expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(5);
+              expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(0);
 
               data.sub.key = 'basic_12mo';
               data.updatedFrom.key = 'basic_3mo';
@@ -1019,28 +823,10 @@ describe('payments/index', () => {
               clock = sinon.useFakeTimers(new Date('2022-02-05'));
               await api.createSubscription(data);
               expect(user.purchased.plan.planId).to.eql('basic_12mo');
-              expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(20);
+              expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(26);
             });
 
-            it('Adds 2 to plan.consecutive.trinkets from basic_earned to basic_6mo', async () => {
-              data.sub.key = 'basic_earned';
-              expect(user.purchased.plan.planId).to.not.exist;
-
-              await api.createSubscription(data);
-
-              expect(user.purchased.plan.planId).to.eql('basic_earned');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(0);
-
-              data.sub.key = 'basic_6mo';
-              data.updatedFrom.key = 'basic_earned';
-              clock.restore();
-              clock = sinon.useFakeTimers(new Date('2022-01-08'));
-              await api.createSubscription(data);
-              expect(user.purchased.plan.planId).to.eql('basic_6mo');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(2);
-            });
-
-            it('Adds 3 to plan.consecutive.trinkets when upgrading from basic_3mo to basic_12mo', async () => {
+            it('Adds 12 to plan.consecutive.trinkets when upgrading from basic_3mo to basic_12mo', async () => {
               expect(user.purchased.plan.planId).to.not.exist;
 
               await api.createSubscription(data);
@@ -1054,17 +840,17 @@ describe('payments/index', () => {
               clock = sinon.useFakeTimers(new Date('2022-01-31'));
               await api.createSubscription(data);
               expect(user.purchased.plan.planId).to.eql('basic_12mo');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(4);
+              expect(user.purchased.plan.consecutive.trinkets).to.eql(13);
             });
 
-            it('Adds 2 to plan.consecutive.trinkets when upgrading from basic_6mo to basic_12mo', async () => {
+            it('Adds 12 to plan.consecutive.trinkets when upgrading from basic_6mo to basic_12mo', async () => {
               data.sub.key = 'basic_6mo';
               expect(user.purchased.plan.planId).to.not.exist;
 
               await api.createSubscription(data);
 
               expect(user.purchased.plan.planId).to.eql('basic_6mo');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(2);
+              expect(user.purchased.plan.consecutive.trinkets).to.eql(1);
 
               data.sub.key = 'basic_12mo';
               data.updatedFrom.key = 'basic_6mo';
@@ -1072,35 +858,17 @@ describe('payments/index', () => {
               clock = sinon.useFakeTimers(new Date('2022-01-28'));
               await api.createSubscription(data);
               expect(user.purchased.plan.planId).to.eql('basic_12mo');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(4);
+              expect(user.purchased.plan.consecutive.trinkets).to.eql(13);
             });
 
-            it('Adds 2 to plan.consecutive.trinkets from basic_earned to basic_6mo after initial cycle', async () => {
-              data.sub.key = 'basic_earned';
-              expect(user.purchased.plan.planId).to.not.exist;
-
-              await api.createSubscription(data);
-
-              expect(user.purchased.plan.planId).to.eql('basic_earned');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(0);
-
-              data.sub.key = 'basic_6mo';
-              data.updatedFrom.key = 'basic_earned';
-              clock.restore();
-              clock = sinon.useFakeTimers(new Date('2024-01-08'));
-              await api.createSubscription(data);
-              expect(user.purchased.plan.planId).to.eql('basic_6mo');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(2);
-            });
-
-            it('Adds 2 to plan.consecutive.trinkets when upgrading from basic_6mo to basic_12mo after initial cycle', async () => {
+            it('2 plan.consecutive.trinkets when upgrading from basic_6mo to basic_12mo after initial cycle', async () => {
               data.sub.key = 'basic_6mo';
               expect(user.purchased.plan.planId).to.not.exist;
 
               await api.createSubscription(data);
 
               expect(user.purchased.plan.planId).to.eql('basic_6mo');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(2);
+              expect(user.purchased.plan.consecutive.trinkets).to.eql(1);
 
               data.sub.key = 'basic_12mo';
               data.updatedFrom.key = 'basic_6mo';
@@ -1108,10 +876,10 @@ describe('payments/index', () => {
               clock = sinon.useFakeTimers(new Date('2022-08-28'));
               await api.createSubscription(data);
               expect(user.purchased.plan.planId).to.eql('basic_12mo');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(4);
+              expect(user.purchased.plan.consecutive.trinkets).to.eql(13);
             });
 
-            it('Adds 3 to plan.consecutive.trinkets when upgrading from basic_3mo to basic_12mo after initial cycle', async () => {
+            it('Adds 12 to plan.consecutive.trinkets when upgrading from basic_3mo to basic_12mo after initial cycle', async () => {
               expect(user.purchased.plan.planId).to.not.exist;
 
               await api.createSubscription(data);
@@ -1125,11 +893,11 @@ describe('payments/index', () => {
               clock = sinon.useFakeTimers(new Date('2022-07-31'));
               await api.createSubscription(data);
               expect(user.purchased.plan.planId).to.eql('basic_12mo');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(4);
+              expect(user.purchased.plan.consecutive.trinkets).to.eql(13);
             });
           });
           context('Upgrades within second half of subscription', () => {
-            it('Adds 10 to plan.consecutive.gemCapExtra from basic_earned to basic_6mo', async () => {
+            it('Adds 0 to plan.consecutive.gemCapExtra from basic_earned to basic_6mo', async () => {
               data.sub.key = 'basic_earned';
               expect(user.purchased.plan.planId).to.not.exist;
 
@@ -1144,16 +912,16 @@ describe('payments/index', () => {
               clock = sinon.useFakeTimers(new Date('2022-01-20'));
               await api.createSubscription(data);
               expect(user.purchased.plan.planId).to.eql('basic_6mo');
-              expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(10);
+              expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(0);
             });
 
-            it('Adds 20 to plan.consecutive.gemCapExtra when upgrading from basic_3mo to basic_12mo', async () => {
+            it('Adds 26 to plan.consecutive.gemCapExtra when upgrading from basic_3mo to basic_12mo', async () => {
               expect(user.purchased.plan.planId).to.not.exist;
 
               await api.createSubscription(data);
 
               expect(user.purchased.plan.planId).to.eql('basic_3mo');
-              expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(5);
+              expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(0);
 
               data.sub.key = 'basic_12mo';
               data.updatedFrom.key = 'basic_3mo';
@@ -1161,17 +929,17 @@ describe('payments/index', () => {
               clock = sinon.useFakeTimers(new Date('2022-02-24'));
               await api.createSubscription(data);
               expect(user.purchased.plan.planId).to.eql('basic_12mo');
-              expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(25);
+              expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(26);
             });
 
-            it('Adds 2 to plan.consecutive.trinkets from basic_earned to basic_6mo', async () => {
+            it('Adds 0 to plan.consecutive.trinkets from basic_earned to basic_6mo', async () => {
               data.sub.key = 'basic_earned';
               expect(user.purchased.plan.planId).to.not.exist;
 
               await api.createSubscription(data);
 
               expect(user.purchased.plan.planId).to.eql('basic_earned');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(0);
+              expect(user.purchased.plan.consecutive.trinkets).to.eql(1);
 
               data.sub.key = 'basic_6mo';
               data.updatedFrom.key = 'basic_earned';
@@ -1179,17 +947,17 @@ describe('payments/index', () => {
               clock = sinon.useFakeTimers(new Date('2022-01-28'));
               await api.createSubscription(data);
               expect(user.purchased.plan.planId).to.eql('basic_6mo');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(2);
+              expect(user.purchased.plan.consecutive.trinkets).to.eql(1);
             });
 
-            it('Adds 4 to plan.consecutive.trinkets when upgrading from basic_6mo to basic_12mo', async () => {
+            it('Adds 12 to plan.consecutive.trinkets when upgrading from basic_6mo to basic_12mo', async () => {
               data.sub.key = 'basic_6mo';
               expect(user.purchased.plan.planId).to.not.exist;
 
               await api.createSubscription(data);
 
               expect(user.purchased.plan.planId).to.eql('basic_6mo');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(2);
+              expect(user.purchased.plan.consecutive.trinkets).to.eql(1);
 
               data.sub.key = 'basic_12mo';
               data.updatedFrom.key = 'basic_6mo';
@@ -1197,10 +965,10 @@ describe('payments/index', () => {
               clock = sinon.useFakeTimers(new Date('2022-05-28'));
               await api.createSubscription(data);
               expect(user.purchased.plan.planId).to.eql('basic_12mo');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(6);
+              expect(user.purchased.plan.consecutive.trinkets).to.eql(13);
             });
 
-            it('Adds 4 to plan.consecutive.trinkets when upgrading from basic_3mo to basic_12mo', async () => {
+            it('Adds 12 to plan.consecutive.trinkets when upgrading from basic_3mo to basic_12mo', async () => {
               expect(user.purchased.plan.planId).to.not.exist;
 
               await api.createSubscription(data);
@@ -1214,17 +982,17 @@ describe('payments/index', () => {
               clock = sinon.useFakeTimers(new Date('2022-03-03'));
               await api.createSubscription(data);
               expect(user.purchased.plan.planId).to.eql('basic_12mo');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(5);
+              expect(user.purchased.plan.consecutive.trinkets).to.eql(13);
             });
 
-            it('Adds 2 to plan.consecutive.trinkets from basic_earned to basic_6mo after initial cycle', async () => {
+            it('Adds 0 to plan.consecutive.trinkets from basic_earned to basic_6mo after initial cycle', async () => {
               data.sub.key = 'basic_earned';
               expect(user.purchased.plan.planId).to.not.exist;
 
               await api.createSubscription(data);
 
               expect(user.purchased.plan.planId).to.eql('basic_earned');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(0);
+              expect(user.purchased.plan.consecutive.trinkets).to.eql(1);
 
               data.sub.key = 'basic_6mo';
               data.updatedFrom.key = 'basic_earned';
@@ -1232,17 +1000,17 @@ describe('payments/index', () => {
               clock = sinon.useFakeTimers(new Date('2022-05-28'));
               await api.createSubscription(data);
               expect(user.purchased.plan.planId).to.eql('basic_6mo');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(2);
+              expect(user.purchased.plan.consecutive.trinkets).to.eql(1);
             });
 
-            it('Adds 4 to plan.consecutive.trinkets when upgrading from basic_6mo to basic_12mo after initial cycle', async () => {
+            it('Adds 12 to plan.consecutive.trinkets when upgrading from basic_6mo to basic_12mo after initial cycle', async () => {
               data.sub.key = 'basic_6mo';
               expect(user.purchased.plan.planId).to.not.exist;
 
               await api.createSubscription(data);
 
               expect(user.purchased.plan.planId).to.eql('basic_6mo');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(2);
+              expect(user.purchased.plan.consecutive.trinkets).to.eql(1);
 
               data.sub.key = 'basic_12mo';
               data.updatedFrom.key = 'basic_6mo';
@@ -1250,10 +1018,10 @@ describe('payments/index', () => {
               clock = sinon.useFakeTimers(new Date('2023-05-28'));
               await api.createSubscription(data);
               expect(user.purchased.plan.planId).to.eql('basic_12mo');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(6);
+              expect(user.purchased.plan.consecutive.trinkets).to.eql(13);
             });
 
-            it('Adds 4 to plan.consecutive.trinkets when upgrading from basic_3mo to basic_12mo after initial cycle', async () => {
+            it('Adds 12 to plan.consecutive.trinkets when upgrading from basic_3mo to basic_12mo after initial cycle', async () => {
               expect(user.purchased.plan.planId).to.not.exist;
 
               await api.createSubscription(data);
@@ -1267,7 +1035,7 @@ describe('payments/index', () => {
               clock = sinon.useFakeTimers(new Date('2023-09-03'));
               await api.createSubscription(data);
               expect(user.purchased.plan.planId).to.eql('basic_12mo');
-              expect(user.purchased.plan.consecutive.trinkets).to.eql(5);
+              expect(user.purchased.plan.consecutive.trinkets).to.eql(13);
             });
           });
           afterEach(async () => {
@@ -1277,22 +1045,6 @@ describe('payments/index', () => {
       });
 
       context('Downgrades subscription', () => {
-        it('does not remove from plan.consecutive.gemCapExtra from basic_6mo to basic_earned', async () => {
-          data.sub.key = 'basic_6mo';
-          expect(user.purchased.plan.planId).to.not.exist;
-
-          await api.createSubscription(data);
-
-          expect(user.purchased.plan.planId).to.eql('basic_6mo');
-          expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(10);
-
-          data.sub.key = 'basic_earned';
-          data.updatedFrom = { key: 'basic_6mo' };
-          await api.createSubscription(data);
-          expect(user.purchased.plan.planId).to.eql('basic_earned');
-          expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(10);
-        });
-
         it('does not remove from plan.consecutive.gemCapExtra from basic_12mo to basic_3mo', async () => {
           expect(user.purchased.plan.planId).to.not.exist;
 
@@ -1300,28 +1052,12 @@ describe('payments/index', () => {
           await api.createSubscription(data);
 
           expect(user.purchased.plan.planId).to.eql('basic_12mo');
-          expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(20);
+          expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(26);
 
           data.sub.key = 'basic_3mo';
           data.updatedFrom = { key: 'basic_12mo' };
           await api.createSubscription(data);
-          expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(20);
-        });
-
-        it('does not remove from plan.consecutive.trinkets from basic_6mo to basic_earned', async () => {
-          data.sub.key = 'basic_6mo';
-          expect(user.purchased.plan.planId).to.not.exist;
-
-          await api.createSubscription(data);
-
-          expect(user.purchased.plan.planId).to.eql('basic_6mo');
-          expect(user.purchased.plan.consecutive.trinkets).to.eql(2);
-
-          data.sub.key = 'basic_earned';
-          data.updatedFrom = { key: 'basic_6mo' };
-          await api.createSubscription(data);
-          expect(user.purchased.plan.planId).to.eql('basic_earned');
-          expect(user.purchased.plan.consecutive.trinkets).to.eql(2);
+          expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(26);
         });
 
         it('does not remove from plan.consecutive.trinkets from basic_12mo to basic_3mo', async () => {
@@ -1331,12 +1067,12 @@ describe('payments/index', () => {
           await api.createSubscription(data);
 
           expect(user.purchased.plan.planId).to.eql('basic_12mo');
-          expect(user.purchased.plan.consecutive.trinkets).to.eql(4);
+          expect(user.purchased.plan.consecutive.trinkets).to.eql(13);
 
           data.sub.key = 'basic_3mo';
           data.updatedFrom = { key: 'basic_12mo' };
           await api.createSubscription(data);
-          expect(user.purchased.plan.consecutive.trinkets).to.eql(4);
+          expect(user.purchased.plan.consecutive.trinkets).to.eql(13);
         });
       });
     });
@@ -1453,6 +1189,32 @@ describe('payments/index', () => {
         expect(user.purchased.plan.extraMonths).to.eql(0);
       });
 
+      it('does not reset gemCapExtra', async () => {
+        user.purchased.plan.consecutive.gemCapExtra = 12;
+
+        await api.cancelSubscription(data);
+
+        expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(12);
+      });
+
+      it('initializes gemCapExtra', async () => {
+        await api.cancelSubscription(data);
+        expect(user.purchased.plan.consecutive.gemCapExtra).to.eql(0);
+      });
+
+      it('initializes hourglasses', async () => {
+        await api.cancelSubscription(data);
+        expect(user.purchased.plan.consecutive.trinkets).to.eql(0);
+      });
+
+      it('does not reset owned hourglasses', async () => {
+        user.purchased.plan.consecutive.trinkets = 12;
+
+        await api.cancelSubscription(data);
+
+        expect(user.purchased.plan.consecutive.trinkets).to.eql(12);
+      });
+
       it('sends an email', async () => {
         await api.cancelSubscription(data);
 

test/api/unit/libs/payments/stripe/checkout.test.js

@@ -51,6 +51,7 @@ describe('Stripe - Checkout', () => {
         gift: undefined,
         sub: undefined,
         gemsBlock: gemsBlockKey,
+        server_url: BASE_URL,
       };
 
       expect(gems.validateGiftMessage).to.not.be.called;
@@ -101,6 +102,7 @@ describe('Stripe - Checkout', () => {
         gift: JSON.stringify(gift),
         sub: undefined,
         gemsBlock: undefined,
+        server_url: BASE_URL,
       };
 
       expect(gems.validateGiftMessage).to.be.calledOnce;
@@ -155,6 +157,7 @@ describe('Stripe - Checkout', () => {
         gift: JSON.stringify(gift),
         sub: undefined,
         gemsBlock: undefined,
+        server_url: BASE_URL,
       };
 
       expect(oneTimePayments.getOneTimePaymentInfo).to.be.calledOnce;
@@ -192,6 +195,7 @@ describe('Stripe - Checkout', () => {
         userId: user._id,
         gift: undefined,
         sub: JSON.stringify(sub),
+        server_url: BASE_URL,
       };
 
       expect(subscriptions.checkSubData).to.be.calledOnce;
@@ -258,6 +262,7 @@ describe('Stripe - Checkout', () => {
         userId: user._id,
         gift: undefined,
         sub: JSON.stringify(sub),
+        server_url: BASE_URL,
         groupId,
       };
 
@@ -328,8 +333,9 @@ describe('Stripe - Checkout', () => {
       user.purchased.plan.customerId = customerId;
 
       const metadata = {
-        userId: user._id,
         type: 'edit-card-user',
+        userId: user._id,
+        server_url: BASE_URL,
       };
 
       const res = await createEditCardCheckoutSession({ user }, stripe);
@@ -418,6 +424,7 @@ describe('Stripe - Checkout', () => {
         const metadata = {
           userId: user._id,
           type: 'edit-card-group',
+          server_url: BASE_URL,
           groupId,
         };
 
@@ -455,6 +462,7 @@ describe('Stripe - Checkout', () => {
           userId: anotherUser._id,
           type: 'edit-card-group',
           groupId,
+          server_url: BASE_URL,
         };
 
         const res = await createEditCardCheckoutSession({ user: anotherUser, groupId }, stripe);

test/api/unit/libs/payments/stripe/oneTimePayments.test.js

@@ -308,6 +308,7 @@ describe('Stripe - One Time Payments', () => {
           customerId,
           paymentMethod: 'Gift',
           gift,
+          autoRenews: false,
           gemsBlock: undefined,
         });
       });

test/api/unit/libs/payments/stripe/subscriptions.test.js

@@ -173,6 +173,7 @@ describe('Stripe - Subscriptions', () => {
         paymentMethod: 'Stripe',
         sub: sinon.match({ ...sub }),
         groupId: null,
+        autoRenews: true,
       });
     });
 
@@ -197,6 +198,7 @@ describe('Stripe - Subscriptions', () => {
         paymentMethod: 'Stripe',
         sub: sinon.match({ ...sub }),
         groupId,
+        autoRenews: true,
       });
     });
 
@@ -231,6 +233,7 @@ describe('Stripe - Subscriptions', () => {
         paymentMethod: 'Stripe',
         sub: sinon.match({ ...sub }),
         groupId,
+        autoRenews: true,
       });
     });
   });

test/api/unit/libs/payments/stripe/webhooks.test.js

@@ -16,6 +16,7 @@ import * as subscriptions from '../../../../../../website/server/libs/payments/s
 const { i18n } = common;
 
 describe('Stripe - Webhooks', () => {
+  const BASE_URL = nconf.get('BASE_URL');
   const stripe = stripeModule('test');
   const endpointSecret = nconf.get('STRIPE_WEBHOOKS_ENDPOINT_SECRET');
   const headers = {};
@@ -284,7 +285,9 @@ describe('Stripe - Webhooks', () => {
     const session = {};
 
     beforeEach(() => {
-      session.metadata = {};
+      session.metadata = {
+        server_url: BASE_URL,
+      };
       event = { type: eventType, data: { object: session } };
       constructEventStub = sandbox.stub(stripe.webhooks, 'constructEvent');
       constructEventStub.returns(event);

test/api/unit/middlewares/auth.test.js

@@ -1,8 +1,11 @@
+import nconf from 'nconf';
+import requireAgain from 'require-again';
 import {
   generateRes,
   generateReq,
 } from '../../../helpers/api-unit.helper';
-import { authWithHeaders as authWithHeadersFactory } from '../../../../website/server/middlewares/auth';
+
+const authPath = '../../../../website/server/middlewares/auth';
 
 describe('auth middleware', () => {
   let res; let req; let
@@ -16,6 +19,7 @@ describe('auth middleware', () => {
 
   describe('auth with headers', () => {
     it('allows to specify a list of user field that we do not want to load', done => {
+      const authWithHeadersFactory = requireAgain(authPath).authWithHeaders;
       const authWithHeaders = authWithHeadersFactory({
         userFieldsToExclude: ['items'],
       });
@@ -35,6 +39,7 @@ describe('auth middleware', () => {
     });
 
     it('makes sure some fields are always included', done => {
+      const authWithHeadersFactory = requireAgain(authPath).authWithHeaders;
       const authWithHeaders = authWithHeadersFactory({
         userFieldsToExclude: [
           'items', 'auth.timestamps',
@@ -60,5 +65,57 @@ describe('auth middleware', () => {
         return done();
       });
     });
+
+    it('errors with InvalidCredentialsError and code when token is wrong', done => {
+      const authWithHeadersFactory = requireAgain(authPath).authWithHeaders;
+      const authWithHeaders = authWithHeadersFactory({ userFieldsToExclude: [] });
+
+      req.headers['x-api-user'] = user._id;
+      req.headers['x-api-key'] = 'totally-wrong-token';
+
+      authWithHeaders(req, res, err => {
+        expect(err).to.exist;
+        expect(err.name).to.equal('InvalidCredentialsError');
+        expect(err.code).to.equal('invalid_credentials');
+        expect(err.message).to.equal(res.t('invalidCredentials'));
+        return done();
+      });
+    });
+
+    describe('when ENFORCE_CLIENT_HEADER is true', () => {
+      let authFactory;
+
+      beforeEach(() => {
+        sandbox.stub(nconf, 'get').withArgs('ENFORCE_CLIENT_HEADER').returns('true');
+        authFactory = requireAgain(authPath).authWithHeaders;
+      });
+
+      it('errors with missingClientHeader when x-client header is not present', done => {
+        const authWithHeaders = authFactory({ userFieldsToExclude: [] });
+
+        req.headers['x-api-user'] = user._id;
+        req.headers['x-api-key'] = user;
+        authWithHeaders(req, res, err => {
+          expect(err).to.exist;
+          expect(err.name).to.equal('BadRequest');
+          expect(err.message).to.equal(res.t('missingClientHeader'));
+          return done();
+        });
+      });
+
+      it('allows request to pass when x-client header is present', done => {
+        const authWithHeaders = authFactory({ userFieldsToExclude: [] });
+
+        req.headers['x-api-user'] = user._id;
+        req.headers['x-api-key'] = user.apiToken;
+        req.headers['x-client'] = 'habitica-web';
+
+        authWithHeaders(req, res, err => {
+          if (err) return done(err);
+          expect(res.locals.user).to.exist;
+          return done();
+        });
+      });
+    });
   });
 });

test/api/unit/middlewares/blocker.test.js

@@ -0,0 +1,197 @@
+import nconf from 'nconf';
+import requireAgain from 'require-again';
+import {
+  generateRes,
+  generateReq,
+  generateNext,
+} from '../../../helpers/api-unit.helper';
+import { Forbidden } from '../../../../website/server/libs/errors';
+import { apiError } from '../../../../website/server/libs/apiError';
+import { model as Blocker } from '../../../../website/server/models/blocker';
+
+function checkIPBlockedErrorThrown (next) {
+  expect(next).to.have.been.calledOnce;
+  const calledWith = next.getCall(0).args;
+  expect(calledWith[0].message).to.equal(apiError('ipAddressBlocked'));
+  expect(calledWith[0] instanceof Forbidden).to.equal(true);
+}
+
+function checkClientBlockedErrorThrown (next) {
+  expect(next).to.have.been.calledOnce;
+  const calledWith = next.getCall(0).args;
+  expect(calledWith[0].message).to.equal(apiError('clientBlocked'));
+  expect(calledWith[0] instanceof Forbidden).to.equal(true);
+}
+
+function checkErrorNotThrown (next) {
+  expect(next).to.have.been.calledOnce;
+  const calledWith = next.getCall(0).args;
+  expect(typeof calledWith[0] === 'undefined').to.equal(true);
+}
+
+describe('Blocker middleware', () => {
+  const pathToBlocker = '../../../../website/server/middlewares/blocker';
+
+  let res; let req; let next;
+
+  beforeEach(() => {
+    res = generateRes();
+    req = generateReq();
+    next = generateNext();
+  });
+
+  describe('Blocking IPs', () => {
+    it('is disabled when the env var is not defined', () => {
+      sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns(undefined);
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkErrorNotThrown(next);
+    });
+
+    it('is disabled when the env var is an empty string', () => {
+      sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('');
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkErrorNotThrown(next);
+    });
+
+    it('is disabled when the env var contains comma separated empty strings', () => {
+      sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns(' , , ');
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkErrorNotThrown(next);
+    });
+
+    it('does not throw when the ip does not match', () => {
+      req.ip = '192.168.1.1';
+      sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('192.168.1.2');
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkErrorNotThrown(next);
+    });
+
+    it('does not throw when the blocker IP does not match', async () => {
+      req.ip = '192.168.1.1';
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          if (event === 'change') {
+            callback({ operation: 'add', blocker: { type: 'ipaddress', area: 'full', value: '192.168.1.2' } });
+          }
+        },
+      });
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkErrorNotThrown(next);
+    });
+
+    it('does not throw when a client is blocked', async () => {
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          if (event === 'change') {
+            callback({ operation: 'add', blocker: { type: 'client', area: 'full', value: '192.168.1.1' } });
+          }
+        },
+      });
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkErrorNotThrown(next);
+    });
+
+    it('throws when the blocker IP is blocked', async () => {
+      req.ip = '192.168.1.1';
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          if (event === 'change') {
+            callback({ operation: 'add', blocker: { type: 'ipaddress', area: 'full', value: '192.168.1.1' } });
+          }
+        },
+      });
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkIPBlockedErrorThrown(next);
+    });
+  });
+
+  describe('Blocking clients', () => {
+    beforeEach(() => {
+      sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('');
+      req.headers['x-client'] = 'test-client';
+    });
+    it('is disabled when no clients are blocked', () => {
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkErrorNotThrown(next);
+    });
+
+    it('does not throw when the client does not match', async () => {
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          if (event === 'change') {
+            callback({ operation: 'add', blocker: { type: 'client', area: 'full', value: 'another-client' } });
+          }
+        },
+      });
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkErrorNotThrown(next);
+    });
+
+    it('throws when the client is blocked', async () => {
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          if (event === 'change') {
+            callback({ operation: 'add', blocker: { type: 'client', area: 'full', value: 'test-client' } });
+          }
+        },
+      });
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkClientBlockedErrorThrown(next);
+    });
+
+    it('does not throw when an ip is blocked', async () => {
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          if (event === 'change') {
+            callback({ operation: 'add', blocker: { type: 'ipaddress', area: 'full', value: 'test-client' } });
+          }
+        },
+      });
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkErrorNotThrown(next);
+    });
+
+    it('updates the list when data changes', async () => {
+      let blockCallback;
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          blockCallback = callback;
+          if (event === 'change') {
+            callback({ operation: 'add', blocker: { type: 'client', area: 'full', value: 'another-client' } });
+          }
+        },
+      });
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+      checkErrorNotThrown(next);
+      blockCallback({ operation: 'add', blocker: { type: 'client', area: 'full', value: 'test-client' } });
+      attachBlocker(req, res, next);
+      expect(next).to.have.been.calledTwice;
+      const calledWith = next.getCall(1).args;
+      expect(calledWith[0].message).to.equal(apiError('clientBlocked'));
+      expect(calledWith[0] instanceof Forbidden).to.equal(true);
+    });
+  });
+});

test/api/unit/middlewares/cronMiddleware.js

@@ -1,332 +0,0 @@
-import moment from 'moment';
-import { v4 as generateUUID } from 'uuid';
-import {
-  generateRes,
-  generateReq,
-  generateTodo,
-  generateDaily,
-} from '../../../helpers/api-unit.helper';
-import cronMiddleware from '../../../../website/server/middlewares/cron';
-import { model as User } from '../../../../website/server/models/user';
-import { model as Group } from '../../../../website/server/models/group';
-import * as Tasks from '../../../../website/server/models/task';
-import * as analyticsService from '../../../../website/server/libs/analyticsService';
-import * as cronLib from '../../../../website/server/libs/cron';
-
-const CRON_TIMEOUT_WAIT = new Date(60 * 60 * 1000).getTime();
-const CRON_TIMEOUT_UNIT = new Date(60 * 1000).getTime();
-
-describe('cron middleware', () => {
-  let res; let
-    req;
-  let user;
-
-  beforeEach(async () => {
-    res = generateRes();
-    req = generateReq();
-    user = await res.locals.user.save();
-    res.analytics = analyticsService;
-  });
-
-  afterEach(() => {
-    sandbox.restore();
-  });
-
-  it('calls next when user is not attached', done => {
-    res.locals.user = null;
-    cronMiddleware(req, res, done);
-  });
-
-  it('calls next when days have not been missed', done => {
-    cronMiddleware(req, res, done);
-  });
-
-  it('should clear todos older than 30 days for free users', async () => {
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    const task = generateTodo(user);
-    task.dateCompleted = moment(new Date()).subtract({ days: 31 });
-    task.completed = true;
-    await task.save();
-    await user.save();
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-
-        Tasks.Task.findOne({ _id: task }).then(foundTask => {
-          expect(foundTask).to.not.exist;
-          resolve();
-        });
-
-        return null;
-      });
-    });
-  });
-
-  it('should not clear todos older than 30 days for subscribed users', async () => {
-    user.purchased.plan.customerId = 'subscribedId';
-    user.purchased.plan.dateUpdated = moment('012013', 'MMYYYY');
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    const task = generateTodo(user);
-    task.dateCompleted = moment(new Date()).subtract({ days: 31 });
-    task.completed = true;
-    await task.save();
-    await user.save();
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        Tasks.Task.findOne({ _id: task }).then(foundTask => {
-          expect(foundTask).to.exist;
-          return resolve();
-        });
-        return null;
-      });
-    });
-  });
-
-  it('should clear todos older than 90 days for subscribed users', async () => {
-    user.purchased.plan.customerId = 'subscribedId';
-    user.purchased.plan.dateUpdated = moment('012013', 'MMYYYY');
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-
-    const task = generateTodo(user);
-    task.dateCompleted = moment(new Date()).subtract({ days: 91 });
-    task.completed = true;
-    await task.save();
-    await user.save();
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        Tasks.Task.findOne({ _id: task }).then(foundTask => {
-          expect(foundTask).to.not.exist;
-          return resolve();
-        });
-        return null;
-      });
-    });
-  });
-
-  it('should call next if user was not modified after cron', async () => {
-    const hpBefore = user.stats.hp;
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    await user.save();
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        expect(hpBefore).to.equal(user.stats.hp);
-        return resolve();
-      });
-    });
-  });
-
-  it('runs cron if previous cron was incomplete', async () => {
-    user.lastCron = moment(new Date()).subtract({ days: 1 });
-    user.auth.timestamps.loggedin = moment(new Date()).subtract({ days: 4 });
-    const now = new Date();
-    await user.save();
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        expect(moment(now).isSame(user.lastCron, 'day'));
-        expect(moment(now).isSame(user.auth.timestamps.loggedin, 'day'));
-        return resolve();
-      });
-    });
-  });
-
-  it('updates user.auth.timestamps.loggedin and lastCron', async () => {
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    const now = new Date();
-    await user.save();
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        expect(moment(now).isSame(user.lastCron, 'day'));
-        expect(moment(now).isSame(user.auth.timestamps.loggedin, 'day'));
-        return resolve();
-      });
-    });
-  });
-
-  it('does damage for missing dailies', async () => {
-    const hpBefore = user.stats.hp;
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    const daily = generateDaily(user);
-    daily.startDate = moment(new Date()).subtract({ days: 2 });
-    await daily.save();
-    await user.save();
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        return User.findOne({ _id: user._id }).then(updatedUser => {
-          expect(updatedUser.stats.hp).to.be.lessThan(hpBefore);
-          return resolve();
-        });
-      });
-    });
-  });
-
-  it('updates tasks', async () => {
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    const todo = generateTodo(user);
-    const todoValueBefore = todo.value;
-    await Promise.all([todo.save(), user.save()]);
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        return Tasks.Task.findOne({ _id: todo._id }).then(todoFound => {
-          expect(todoFound.value).to.be.lessThan(todoValueBefore);
-          return resolve();
-        });
-      });
-    });
-  });
-
-  it('applies quest progress', async () => {
-    const hpBefore = user.stats.hp;
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    const daily = generateDaily(user);
-    daily.startDate = moment(new Date()).subtract({ days: 2 });
-    await daily.save();
-
-    const questKey = 'dilatory';
-    user.party.quest.key = questKey;
-
-    const party = new Group({
-      type: 'party',
-      name: generateUUID(),
-      leader: user._id,
-    });
-    party.quest.members[user._id] = true;
-    party.quest.key = questKey;
-    await party.save();
-
-    user.party._id = party._id;
-    await user.save();
-
-    party.startQuest(user);
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        return User.findOne({ _id: user._id }).then(updatedUser => {
-          expect(updatedUser.stats.hp).to.be.lessThan(hpBefore);
-          return resolve();
-        });
-      });
-    });
-  });
-
-  it('recovers from failed cron and does not error when user is already cronning', async () => {
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    await user.save();
-
-    const updatedUser = user.toObject();
-    updatedUser.matchedCount = 0;
-
-    sandbox.spy(cronLib, 'recoverCron');
-
-    sandbox.stub(User, 'updateOne')
-      .withArgs({
-        _id: user._id,
-        $or: [
-          { _cronSignature: 'NOT_RUNNING' },
-          { _cronSignature: { $lt: sinon.match.number } },
-        ],
-      })
-      .returns({
-        exec () {
-          return Promise.resolve(updatedUser);
-        },
-      });
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        expect(cronLib.recoverCron).to.be.calledOnce;
-
-        return resolve();
-      });
-    });
-  });
-
-  it('cronSignature less than an hour ago should error', async () => {
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    const now = new Date();
-    await User.updateOne({
-      _id: user._id,
-    }, {
-      $set: {
-        _cronSignature: now.getTime() - CRON_TIMEOUT_WAIT + CRON_TIMEOUT_UNIT,
-      },
-    }).exec();
-    await user.save();
-    const expectedErrMessage = `Impossible to recover from cron for user ${user._id}.`;
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (!err) return reject(new Error('Cron should have failed.'));
-        expect(err.message).to.be.equal(expectedErrMessage);
-        return resolve();
-      });
-    });
-  });
-
-  it('cronSignature longer than an hour ago should allow cron', async () => {
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    const now = new Date();
-    await User.updateOne({
-      _id: user._id,
-    }, {
-      $set: {
-        _cronSignature: now.getTime() - CRON_TIMEOUT_WAIT - CRON_TIMEOUT_UNIT,
-      },
-    }).exec();
-    await user.save();
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        expect(moment(now).isSame(user.auth.timestamps.loggedin, 'day'));
-        expect(user._cronSignature).to.be.equal('NOT_RUNNING');
-        return resolve();
-      });
-    });
-  });
-
-  it('cron should not run more than once', async () => {
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    await user.save();
-
-    sandbox.spy(cronLib, 'cron');
-
-    await Promise.all([new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        return resolve();
-      });
-    }), new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        return resolve();
-      });
-    }), new Promise((resolve, reject) => {
-      setTimeout(() => {
-        cronMiddleware(req, res, err => {
-          if (err) return reject(err);
-          return resolve();
-        });
-      }, 400);
-    }),
-    ]);
-
-    expect(cronLib.cron).to.be.calledOnce;
-  });
-});

test/api/unit/middlewares/ipBlocker.test.js

@@ -1,76 +0,0 @@
-import nconf from 'nconf';
-import requireAgain from 'require-again';
-import {
-  generateRes,
-  generateReq,
-  generateNext,
-} from '../../../helpers/api-unit.helper';
-import { Forbidden } from '../../../../website/server/libs/errors';
-import { apiError } from '../../../../website/server/libs/apiError';
-
-function checkErrorThrown (next) {
-  expect(next).to.have.been.calledOnce;
-  const calledWith = next.getCall(0).args;
-  expect(calledWith[0].message).to.equal(apiError('ipAddressBlocked'));
-  expect(calledWith[0] instanceof Forbidden).to.equal(true);
-}
-
-function checkErrorNotThrown (next) {
-  expect(next).to.have.been.calledOnce;
-  const calledWith = next.getCall(0).args;
-  expect(typeof calledWith[0] === 'undefined').to.equal(true);
-}
-
-describe('ipBlocker middleware', () => {
-  const pathToIpBlocker = '../../../../website/server/middlewares/ipBlocker';
-
-  let res; let req; let next;
-
-  beforeEach(() => {
-    res = generateRes();
-    req = generateReq();
-    next = generateNext();
-  });
-
-  it('is disabled when the env var is not defined', () => {
-    sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns(undefined);
-    const attachIpBlocker = requireAgain(pathToIpBlocker).default;
-    attachIpBlocker(req, res, next);
-
-    checkErrorNotThrown(next);
-  });
-
-  it('is disabled when the env var is an empty string', () => {
-    sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('');
-    const attachIpBlocker = requireAgain(pathToIpBlocker).default;
-    attachIpBlocker(req, res, next);
-
-    checkErrorNotThrown(next);
-  });
-
-  it('is disabled when the env var contains comma separated empty strings', () => {
-    sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns(' , , ');
-    const attachIpBlocker = requireAgain(pathToIpBlocker).default;
-    attachIpBlocker(req, res, next);
-
-    checkErrorNotThrown(next);
-  });
-
-  it('does not throw when the ip does not match', () => {
-    req.ip = '192.168.1.1';
-    sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('192.168.1.2');
-    const attachIpBlocker = requireAgain(pathToIpBlocker).default;
-    attachIpBlocker(req, res, next);
-
-    checkErrorNotThrown(next);
-  });
-
-  it('throws when the ip is blocked', () => {
-    req.ip = '192.168.1.1';
-    sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('192.168.1.1');
-    const attachIpBlocker = requireAgain(pathToIpBlocker).default;
-    attachIpBlocker(req, res, next);
-
-    checkErrorThrown(next);
-  });
-});

test/api/unit/middlewares/rateLimiter.test.js

@@ -54,6 +54,7 @@ describe('rateLimiter middleware', () => {
 
   it('does not throw when there are available points', async () => {
     nconfGetStub.withArgs('RATE_LIMITER_ENABLED').returns('true');
+    nconfGetStub.withArgs('RATE_LIMITER_IP_COST').returns(1);
     const attachRateLimiter = requireAgain(pathToRateLimiter).default;
     await attachRateLimiter(req, res, next);
 
@@ -71,6 +72,7 @@ describe('rateLimiter middleware', () => {
 
   it('does not throw when an unknown error is thrown by the rate limiter', async () => {
     nconfGetStub.withArgs('RATE_LIMITER_ENABLED').returns('true');
+    nconfGetStub.withArgs('RATE_LIMITER_IP_COST').returns(1);
     sandbox.stub(logger, 'error');
     sandbox.stub(RateLimiterMemory.prototype, 'consume')
       .returns(Promise.reject(new Error('Unknown error.')));
@@ -104,6 +106,7 @@ describe('rateLimiter middleware', () => {
   it('limits when LIVELINESS_PROBE_KEY is incorrect', async () => {
     nconfGetStub.withArgs('RATE_LIMITER_ENABLED').returns('true');
     nconfGetStub.withArgs('LIVELINESS_PROBE_KEY').returns('abc');
+    nconfGetStub.withArgs('RATE_LIMITER_IP_COST').returns(1);
     const attachRateLimiter = requireAgain(pathToRateLimiter).default;
 
     req.query.liveliness = 'das';
@@ -120,6 +123,7 @@ describe('rateLimiter middleware', () => {
   it('limits when LIVELINESS_PROBE_KEY is not set', async () => {
     nconfGetStub.withArgs('RATE_LIMITER_ENABLED').returns('true');
     nconfGetStub.withArgs('LIVELINESS_PROBE_KEY').returns(undefined);
+    nconfGetStub.withArgs('RATE_LIMITER_IP_COST').returns(1);
     const attachRateLimiter = requireAgain(pathToRateLimiter).default;
 
     await attachRateLimiter(req, res, next);
@@ -135,6 +139,7 @@ describe('rateLimiter middleware', () => {
   it('throws when LIVELINESS_PROBE_KEY is blank', async () => {
     nconfGetStub.withArgs('RATE_LIMITER_ENABLED').returns('true');
     nconfGetStub.withArgs('LIVELINESS_PROBE_KEY').returns('');
+    nconfGetStub.withArgs('RATE_LIMITER_IP_COST').returns(1);
     const attachRateLimiter = requireAgain(pathToRateLimiter).default;
 
     req.query.liveliness = '';
@@ -150,6 +155,7 @@ describe('rateLimiter middleware', () => {
 
   it('throws when there are no available points remaining', async () => {
     nconfGetStub.withArgs('RATE_LIMITER_ENABLED').returns('true');
+    nconfGetStub.withArgs('RATE_LIMITER_IP_COST').returns(1);
     const attachRateLimiter = requireAgain(pathToRateLimiter).default;
 
     // call for 31 times
@@ -173,6 +179,7 @@ describe('rateLimiter middleware', () => {
 
   it('uses the user id if supplied or the ip address', async () => {
     nconfGetStub.withArgs('RATE_LIMITER_ENABLED').returns('true');
+    nconfGetStub.withArgs('RATE_LIMITER_IP_COST').returns(1);
     const attachRateLimiter = requireAgain(pathToRateLimiter).default;
 
     req.ip = 1;
@@ -199,4 +206,51 @@ describe('rateLimiter middleware', () => {
       'X-RateLimit-Reset': sinon.match(Date),
     });
   });
+
+  it('applies increased cost for registration calls with and without user id', async () => {
+    nconfGetStub.withArgs('RATE_LIMITER_ENABLED').returns('true');
+    nconfGetStub.withArgs('RATE_LIMITER_REGISTRATION_COST').returns(3);
+    const attachRateLimiter = requireAgain(pathToRateLimiter).default;
+    req.path = '/api/v4/user/auth/local/register';
+
+    req.ip = 1;
+    await attachRateLimiter(req, res, next);
+
+    req.headers['x-api-user'] = 'user-1';
+    await attachRateLimiter(req, res, next);
+    await attachRateLimiter(req, res, next);
+
+    // user id an ip are counted as separate sources
+    expect(res.set).to.have.been.calledWithMatch({
+      'X-RateLimit-Limit': 30,
+      'X-RateLimit-Remaining': 27, // 2 calls with user id
+      'X-RateLimit-Reset': sinon.match(Date),
+    });
+
+    req.headers['x-api-user'] = undefined;
+    await attachRateLimiter(req, res, next);
+    await attachRateLimiter(req, res, next);
+
+    expect(res.set).to.have.been.calledWithMatch({
+      'X-RateLimit-Limit': 30,
+      'X-RateLimit-Remaining': 24, // 3 calls with only ip
+      'X-RateLimit-Reset': sinon.match(Date),
+    });
+  });
+
+  it('applies increased cost for unauthenticated API calls', async () => {
+    nconfGetStub.withArgs('RATE_LIMITER_ENABLED').returns('true');
+    nconfGetStub.withArgs('RATE_LIMITER_IP_COST').returns(10);
+    const attachRateLimiter = requireAgain(pathToRateLimiter).default;
+
+    req.ip = 1;
+    await attachRateLimiter(req, res, next);
+    await attachRateLimiter(req, res, next);
+
+    expect(res.set).to.have.been.calledWithMatch({
+      'X-RateLimit-Limit': 30,
+      'X-RateLimit-Remaining': 10,
+      'X-RateLimit-Reset': sinon.match(Date),
+    });
+  });
 });

test/api/unit/models/user.test.js

@@ -1,9 +1,13 @@
 import moment from 'moment';
+import requireAgain from 'require-again';
 import { model as User } from '../../../../website/server/models/user';
 import { model as NewsPost } from '../../../../website/server/models/newsPost';
 import { model as Group } from '../../../../website/server/models/group';
+import { model as Blocker } from '../../../../website/server/models/blocker';
 import common from '../../../../website/common';
 
+const pathToUserSchema = '../../../../website/server/models/user/schema';
+
 describe('User Model', () => {
   describe('.toJSON()', () => {
     it('keeps user._tmp when calling .toJSON', () => {
@@ -912,4 +916,73 @@ describe('User Model', () => {
       expect(user.toJSON().flags.newStuff).to.equal(true);
     });
   });
+
+  describe('validates email', () => {
+    it('does not throw an error for a valid email', () => {
+      const user = new User();
+      user.auth.local.email = 'hello@example.com';
+      const errors = user.validateSync();
+      expect(errors.errors['auth.local.email']).to.not.exist;
+    });
+
+    it('throws an error if email is not valid', () => {
+      const user = new User();
+      user.auth.local.email = 'invalid-email';
+      const errors = user.validateSync();
+      expect(errors.errors['auth.local.email'].message).to.equal(common.i18n.t('invalidEmail'));
+    });
+
+    it('throws an error if email is using a restricted domain', () => {
+      const user = new User();
+      user.auth.local.email = 'scammer@habitica.com';
+      const errors = user.validateSync();
+      expect(errors.errors['auth.local.email'].message).to.equal(common.i18n.t('invalidEmailDomain', { domains: 'habitica.com, habitrpg.com' }));
+    });
+
+    it('throws an error if email was blocked specifically', () => {
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          callback({ operation: 'add', blocker: { type: 'email', area: 'full', value: 'blocked@example.com' } });
+        },
+      });
+      const schema = requireAgain(pathToUserSchema).UserSchema;
+      const valid = schema.paths['auth.local.email'].options.validate.every(v => v.validator('blocked@example.com'));
+      expect(valid).to.equal(false);
+    });
+
+    it('throws an error if email domain was blocked', () => {
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          callback({ operation: 'add', blocker: { type: 'email', area: 'full', value: '@example.com' } });
+        },
+      });
+      const schema = requireAgain(pathToUserSchema).UserSchema;
+      const valid = schema.paths['auth.local.email'].options.validate.every(v => v.validator('blocked@example.com'));
+      expect(valid).to.equal(false);
+    });
+
+    it('throws an error if user portion of email was blocked', () => {
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          callback({ operation: 'add', blocker: { type: 'email', area: 'full', value: 'blocked@' } });
+        },
+      });
+      const schema = requireAgain(pathToUserSchema).UserSchema;
+      const valid = schema.paths['auth.local.email'].options.validate.every(v => v.validator('blocked@example.com'));
+      expect(valid).to.equal(false);
+    });
+
+    it('does not throw an error if email is not blocked', () => {
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          callback({ operation: 'add', blocker: { type: 'email', area: 'full', value: '@example.com' } });
+          callback({ operation: 'add', blocker: { type: 'email', area: 'full', value: 'blocked@' } });
+          callback({ operation: 'add', blocker: { type: 'email', area: 'full', value: 'bad@test.com' } });
+        },
+      });
+      const schema = requireAgain(pathToUserSchema).UserSchema;
+      const valid = schema.paths['auth.local.email'].options.validate.every(v => v.validator('good@test.com'));
+      expect(valid).to.equal(true);
+    });
+  });
 });

test/api/v3/integration/chat/GET-chat.test.js

@@ -3,6 +3,7 @@ import {
   createAndPopulateGroup,
   translate as t,
 } from '../../../../helpers/api-integration/v3';
+import { model as Group } from '../../../../../website/server/models/group';
 
 describe('GET /groups/:groupId/chat', () => {
   let user;
@@ -37,4 +38,34 @@ describe('GET /groups/:groupId/chat', () => {
       });
     });
   });
+
+  context('public Guild', () => {
+    let group;
+    before(async () => {
+      ({ group } = await createAndPopulateGroup({
+        groupDetails: {
+          name: 'test group',
+          type: 'guild',
+          privacy: 'private',
+        },
+        members: 1,
+        upgradeToGroupPlan: true,
+        chat: [
+          'Hello',
+          'Welcome to the Guild',
+        ],
+      }));
+
+      // Creation API is shut down, we need to simulate an extant public group
+      await Group.updateOne({ _id: group._id }, { $set: { privacy: 'public' }, $unset: { 'purchased.plan': 1 } }).exec();
+    });
+
+    it('returns error if user attempts to fetch a sunset Guild', async () => {
+      await expect(user.get(`/groups/${group._id}/chat`)).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('featureRetired'),
+      });
+    });
+  });
 });

test/api/v3/integration/chat/POST-chat.like.test.js

@@ -4,6 +4,7 @@ import {
   createAndPopulateGroup,
   translate as t,
 } from '../../../../helpers/api-integration/v3';
+import { model as Group } from '../../../../../website/server/models/group';
 
 describe('POST /chat/:chatId/like', () => {
   let user;
@@ -111,4 +112,18 @@ describe('POST /chat/:chatId/like', () => {
         message: t('groupNotFound'),
       });
   });
+
+  it('does not like a message that belongs to a sunset public group', async () => {
+    const message = await anotherUser.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage });
+
+    // Creation API is shut down, we need to simulate an extant public group
+    await Group.updateOne({ _id: groupWithChat._id }, { $set: { privacy: 'public' }, $unset: { 'purchased.plan': 1 } }).exec();
+
+    await expect(user.post(`/groups/${groupWithChat._id}/chat/${message.message.id}/like`))
+      .to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('featureRetired'),
+      });
+  });
 });

test/api/v3/integration/chat/POST-chat.test.js

@@ -9,7 +9,7 @@ import {
 import {
   SPAM_MIN_EXEMPT_CONTRIB_LEVEL,
 } from '../../../../../website/server/models/group';
-import { MAX_MESSAGE_LENGTH } from '../../../../../website/common/script/constants';
+import { MAX_MESSAGE_LENGTH, CHAT_FLAG_FROM_SHADOW_MUTE } from '../../../../../website/common/script/constants';
 import * as email from '../../../../../website/server/libs/email';
 
 describe('POST /chat', () => {
@@ -80,17 +80,20 @@ describe('POST /chat', () => {
       member.updateOne({ 'flags.chatRevoked': false });
     });
 
-    it('does not error when chat privileges are revoked when sending a message to a private guild', async () => {
+    it('errors when chat privileges are revoked when sending a message to a private guild', async () => {
       await member.updateOne({
         'flags.chatRevoked': true,
       });
 
-      const message = await member.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage });
-
-      expect(message.message.id).to.exist;
+      await expect(member.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage }))
+        .to.eventually.be.rejected.and.eql({
+          code: 401,
+          error: 'NotAuthorized',
+          message: t('chatPrivilegesRevoked'),
+        });
     });
 
-    it('does not error when chat privileges are revoked when sending a message to a party', async () => {
+    it('errors when chat privileges are revoked when sending a message to a party', async () => {
       const { group, members } = await createAndPopulateGroup({
         groupDetails: {
           name: 'Party',
@@ -106,9 +109,12 @@ describe('POST /chat', () => {
         'auth.timestamps.created': new Date('2022-01-01'),
       });
 
-      const message = await privatePartyMemberWithChatsRevoked.post(`/groups/${group._id}/chat`, { message: testMessage });
-
-      expect(message.message.id).to.exist;
+      await expect(privatePartyMemberWithChatsRevoked.post(`/groups/${group._id}/chat`, { message: testMessage }))
+        .to.eventually.be.rejected.and.eql({
+          code: 401,
+          error: 'NotAuthorized',
+          message: t('chatPrivilegesRevoked'),
+        });
     });
   });
 
@@ -123,7 +129,7 @@ describe('POST /chat', () => {
       member.updateOne({ 'flags.chatShadowMuted': false });
     });
 
-    it('creates a chat with zero flagCount when sending a message to a private guild', async () => {
+    it('creates a chat with flagCount set when sending a message to a private guild', async () => {
       await member.updateOne({
         'flags.chatShadowMuted': true,
       });
@@ -131,10 +137,10 @@ describe('POST /chat', () => {
       const message = await member.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage });
 
       expect(message.message.id).to.exist;
-      expect(message.message.flagCount).to.eql(0);
+      expect(message.message.flagCount).to.eql(CHAT_FLAG_FROM_SHADOW_MUTE);
     });
 
-    it('creates a chat with zero flagCount when sending a message to a party', async () => {
+    it('creates a chat with flagCount set when sending a message to a party', async () => {
       const { group, members } = await createAndPopulateGroup({
         groupDetails: {
           name: 'Party',
@@ -153,7 +159,7 @@ describe('POST /chat', () => {
       const message = await userWithChatShadowMuted.post(`/groups/${group._id}/chat`, { message: testMessage });
 
       expect(message.message.id).to.exist;
-      expect(message.message.flagCount).to.eql(0);
+      expect(message.message.flagCount).to.eql(CHAT_FLAG_FROM_SHADOW_MUTE);
     });
   });
 
@@ -238,6 +244,18 @@ describe('POST /chat', () => {
     expect(groupMessages[0].id).to.exist;
   });
 
+  it('creates a chat with case-insensitive mentions', async () => {
+    const originalUsername = member.auth.local.username;
+    const uppercaseUsername = originalUsername.toUpperCase();
+    const messageWithMentions = `hi @${uppercaseUsername}`;
+    const newMessage = await user.post(`/groups/${groupWithChat._id}/chat`, { message: messageWithMentions });
+    const groupMessages = await user.get(`/groups/${groupWithChat._id}/chat`);
+
+    expect(newMessage.message.id).to.exist;
+    expect(newMessage.message.text).to.include(`[@${uppercaseUsername}](/profile/${member._id})`);
+    expect(groupMessages[0].id).to.exist;
+  });
+
   it('creates a chat with a max length of 3000 chars', async () => {
     const veryLongMessage = `
     123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789.

test/api/v3/integration/content/GET-content.test.js

@@ -1,6 +1,7 @@
 import {
   requester,
   translate as t,
+  generateUser,
 } from '../../../../helpers/api-integration/v3';
 import i18n from '../../../../../website/common/script/i18n';
 
@@ -56,4 +57,28 @@ describe('GET /content', () => {
     const res = await requester().get('/content?filter=backgroundsFlat,invalid');
     expect(res).to.not.have.property('backgroundsFlat');
   });
+
+  describe('authenticated user', () => {
+    let user;
+    it('returns content in user\'s preferred language when no language parameter is provided', async () => {
+      user = await generateUser({ 'preferences.language': 'de' });
+      const res = await user.get('/content');
+      expect(res).to.have.nested.property('backgrounds.backgrounds062014.beach');
+      expect(res.backgrounds.backgrounds062014.beach.text).to.equal(i18n.t('backgroundBeachText', 'de'));
+    });
+
+    it('respects language parameter over user\'s preferred language', async () => {
+      user = await generateUser({ 'preferences.language': 'de' });
+      const res = await user.get('/content?language=fr');
+      expect(res).to.have.nested.property('backgrounds.backgrounds062014.beach');
+      expect(res.backgrounds.backgrounds062014.beach.text).to.equal(i18n.t('backgroundBeachText', 'fr'));
+    });
+
+    it('falls back to English if user\'s preferred language is invalid', async () => {
+      user = await generateUser({ 'preferences.language': 'invalid_lang' });
+      const res = await user.get('/content');
+      expect(res).to.have.nested.property('backgrounds.backgrounds062014.beach');
+      expect(res.backgrounds.backgrounds062014.beach.text).to.equal(t('backgroundBeachText'));
+    });
+  });
 });

test/api/v3/integration/debug/POST-debug_boss-rage.test.js

@@ -0,0 +1,73 @@
+import nconf from 'nconf';
+import {
+  generateUser,
+  createAndPopulateGroup,
+} from '../../../../helpers/api-integration/v3';
+
+describe('POST /debug/boss-rage', () => {
+  let user;
+  let nconfStub;
+
+  beforeEach(async () => {
+    user = await generateUser();
+  });
+
+  beforeEach(() => {
+    nconfStub = sandbox.stub(nconf, 'get');
+    nconfStub.withArgs('DEBUG_ENABLED').returns(true);
+    nconfStub.withArgs('BASE_URL').returns('https://example.com');
+  });
+
+  afterEach(() => {
+    nconfStub.restore();
+  });
+
+  it('errors if user is not in a party', async () => {
+    await expect(user.post('/debug/boss-rage'))
+      .to.eventually.be.rejected.and.deep.equal({
+        code: 400,
+        error: 'BadRequest',
+        message: 'User not in a party.',
+      });
+  });
+
+  it('returns error when not in production mode', async () => {
+    nconfStub.withArgs('DEBUG_ENABLED').returns(false);
+
+    await expect(user.post('/debug/boss-rage'))
+      .to.eventually.be.rejected.and.deep.equal({
+        code: 404,
+        error: 'NotFound',
+        message: 'Not found.',
+      });
+  });
+
+  context('user is in a party', async () => {
+    let party;
+
+    beforeEach(async () => {
+      const { group, groupLeader } = await createAndPopulateGroup({
+        groupDetails: {
+          name: 'Test Party',
+          type: 'party',
+        },
+        members: 2,
+      });
+      party = group;
+      user = groupLeader;
+    });
+
+    it('increases boss rage to 50', async () => {
+      await user.post('/debug/boss-rage');
+      await party.sync();
+      expect(party.quest.progress.rage).to.eql(50);
+    });
+
+    it('increases boss rage to 100', async () => {
+      await user.post('/debug/boss-rage');
+      await user.post('/debug/boss-rage');
+      await party.sync();
+      expect(party.quest.progress.rage).to.eql(100);
+    });
+  });
+});

test/api/v3/integration/debug/POST-debug_jumpTime.test.js

@@ -34,9 +34,11 @@ describe('POST /debug/jump-time', () => {
     expect(resultDate.getMonth()).to.eql(today.getMonth());
     expect(resultDate.getFullYear()).to.eql(today.getFullYear());
     const newResultDate = new Date((await user.post('/debug/jump-time', { offsetDays: 1 })).time);
-    expect(newResultDate.getDate()).to.eql(today.getDate() + 1);
-    expect(newResultDate.getMonth()).to.eql(today.getMonth());
-    expect(newResultDate.getFullYear()).to.eql(today.getFullYear());
+    const tomorrow = new Date(today.valueOf());
+    tomorrow.setDate(today.getDate() + 1);
+    expect(newResultDate.getDate()).to.eql(tomorrow.getDate());
+    expect(newResultDate.getMonth()).to.eql(tomorrow.getMonth());
+    expect(newResultDate.getFullYear()).to.eql(tomorrow.getFullYear());
   });
 
   it('jumps back', async () => {
@@ -45,9 +47,11 @@ describe('POST /debug/jump-time', () => {
     expect(resultDate.getMonth()).to.eql(today.getMonth());
     expect(resultDate.getFullYear()).to.eql(today.getFullYear());
     const newResultDate = new Date((await user.post('/debug/jump-time', { offsetDays: -1 })).time);
-    expect(newResultDate.getDate()).to.eql(today.getDate() - 1);
-    expect(newResultDate.getMonth()).to.eql(today.getMonth());
-    expect(newResultDate.getFullYear()).to.eql(today.getFullYear());
+    const yesterday = new Date(today.valueOf());
+    yesterday.setDate(today.getDate() - 1);
+    expect(newResultDate.getDate()).to.eql(yesterday.getDate());
+    expect(newResultDate.getMonth()).to.eql(yesterday.getMonth());
+    expect(newResultDate.getFullYear()).to.eql(yesterday.getFullYear());
   });
 
   it('can jump a lot', async () => {
@@ -55,7 +59,7 @@ describe('POST /debug/jump-time', () => {
     expect(resultDate.getDate()).to.eql(today.getDate());
     expect(resultDate.getMonth()).to.eql(today.getMonth());
     expect(resultDate.getFullYear()).to.eql(today.getFullYear());
-    const newResultDate = new Date((await user.post('/debug/jump-time', { offsetDays: 355 })).time);
+    const newResultDate = new Date((await user.post('/debug/jump-time', { offsetDays: 365 })).time);
     expect(newResultDate.getFullYear()).to.eql(today.getFullYear() + 1);
   });
 

test/api/v3/integration/groups/POST-groups_groupId_join.test.js

@@ -85,22 +85,6 @@ describe('POST /group/:groupId/join', () => {
         await expect(user.get('/user')).to.eventually.have.nested.property('items.quests.basilist', 1);
       });
 
-      it('notifies inviting user that their invitation was accepted', async () => {
-        await invitedUser.post(`/groups/${guild._id}/join`);
-
-        const inviter = await user.get('/user');
-        const expectedData = {
-          headerText: t('invitationAcceptedHeader'),
-          bodyText: t('invitationAcceptedBody', {
-            username: invitedUser.auth.local.username,
-            groupName: guild.name,
-          }),
-        };
-
-        expect(inviter.notifications[1].type).to.eql('GROUP_INVITE_ACCEPTED');
-        expect(inviter.notifications[1].data).to.eql(expectedData);
-      });
-
       it('awards Joined Guild achievement', async () => {
         await invitedUser.post(`/groups/${guild._id}/join`);
 
@@ -155,23 +139,6 @@ describe('POST /group/:groupId/join', () => {
         await expect(invitedUser.get('/user')).to.eventually.have.nested.property('party._id', party._id);
       });
 
-      it('notifies inviting user that their invitation was accepted', async () => {
-        await invitedUser.post(`/groups/${party._id}/join`);
-
-        const inviter = await user.get('/user');
-
-        const expectedData = {
-          headerText: t('invitationAcceptedHeader'),
-          bodyText: t('invitationAcceptedBody', {
-            username: invitedUser.auth.local.username,
-            groupName: party.name,
-          }),
-        };
-
-        expect(inviter.notifications[0].type).to.eql('GROUP_INVITE_ACCEPTED');
-        expect(inviter.notifications[0].data).to.eql(expectedData);
-      });
-
       it('clears invitation from user when joining party', async () => {
         await invitedUser.post(`/groups/${party._id}/join`);
 

test/api/v3/integration/groups/POST-groups_invite.test.js

@@ -61,6 +61,24 @@ describe('Post /groups/:groupId/invite', () => {
         });
     });
 
+    it('fakes sending an invite if user is shadow muted', async () => {
+      const inviterMuted = await inviter.updateOne({ 'flags.chatShadowMuted': true });
+      const userToInvite = await generateUser();
+
+      const response = await inviterMuted.post(`/groups/${group._id}/invite`, {
+        usernames: [userToInvite.auth.local.lowerCaseUsername],
+      });
+      expect(response).to.be.an('Array');
+      expect(response[0]).to.have.all.keys(['_id', 'id', 'name', 'inviter']);
+      expect(response[0]._id).to.be.a('String');
+      expect(response[0].id).to.eql(group._id);
+      expect(response[0].name).to.eql(groupName);
+      expect(response[0].inviter).to.eql(inviter._id);
+
+      await expect(userToInvite.get('/user'))
+        .to.eventually.not.have.nested.property('invitations.parties[0].id', group._id);
+    });
+
     it('invites a user to a group by username', async () => {
       const userToInvite = await generateUser();
 
@@ -209,6 +227,24 @@ describe('Post /groups/:groupId/invite', () => {
         });
     });
 
+    it('fakes sending an invite if user is shadow muted', async () => {
+      const inviterMuted = await inviter.updateOne({ 'flags.chatShadowMuted': true });
+      const userToInvite = await generateUser();
+
+      const response = await inviterMuted.post(`/groups/${group._id}/invite`, {
+        uuids: [userToInvite._id],
+      });
+      expect(response).to.be.an('Array');
+      expect(response[0]).to.have.all.keys(['_id', 'id', 'name', 'inviter']);
+      expect(response[0]._id).to.be.a('String');
+      expect(response[0].id).to.eql(group._id);
+      expect(response[0].name).to.eql(groupName);
+      expect(response[0].inviter).to.eql(inviter._id);
+
+      await expect(userToInvite.get('/user'))
+        .to.eventually.not.have.nested.property('invitations.parties[0].id', group._id);
+    });
+
     it('invites a user to a group by uuid', async () => {
       const userToInvite = await generateUser();
 
@@ -281,6 +317,19 @@ describe('Post /groups/:groupId/invite', () => {
         });
     });
 
+    it('fakes sending invite when inviter is shadow muted', async () => {
+      const inviterMuted = await inviter.updateOne({ 'flags.chatShadowMuted': true });
+      const res = await inviterMuted.post(`/groups/${group._id}/invite`, {
+        emails: [testInvite],
+        inviter: 'inviter name',
+      });
+
+      const updatedUser = await inviterMuted.sync();
+
+      expect(res).to.exist;
+      expect(updatedUser.invitesSent).to.eql(1);
+    });
+
     it('returns an error when invite is missing an email', async () => {
       await expect(inviter.post(`/groups/${group._id}/invite`, {
         emails: [{ name: 'test' }],
@@ -405,6 +454,19 @@ describe('Post /groups/:groupId/invite', () => {
         });
     });
 
+    it('fakes sending an invite if user is shadow muted', async () => {
+      const inviterMuted = await inviter.updateOne({ 'flags.chatShadowMuted': true });
+      const newUser = await generateUser();
+      const invite = await inviterMuted.post(`/groups/${group._id}/invite`, {
+        uuids: [newUser._id],
+        emails: [{ name: 'test', email: 'test@habitica.com' }],
+      });
+      const invitedUser = await newUser.get('/user');
+
+      expect(invitedUser.invitations.parties[0]).to.not.exist;
+      expect(invite).to.exist;
+    });
+
     it('invites users to a group by uuid and email', async () => {
       const newUser = await generateUser();
       const invite = await inviter.post(`/groups/${group._id}/invite`, {

test/api/v3/integration/hall/GET-hall_heroes_heroId.test.js

@@ -10,6 +10,7 @@ describe('GET /heroes/:heroId', () => {
   const heroFields = [
     '_id', 'id', 'auth', 'balance', 'contributor', 'flags', 'items',
     'lastCron', 'party', 'preferences', 'profile', 'purchased', 'secret', 'achievements',
+    'stats',
   ];
 
   before(async () => {

test/api/v3/integration/hall/PUT-hall_heores_heroId.test.js

@@ -11,6 +11,7 @@ describe('PUT /heroes/:heroId', () => {
   const heroFields = [
     '_id', 'auth', 'balance', 'contributor', 'flags', 'items', 'lastCron',
     'party', 'preferences', 'profile', 'purchased', 'secret', 'permissions', 'achievements',
+    'stats',
   ];
 
   before(async () => {
@@ -60,12 +61,12 @@ describe('PUT /heroes/:heroId', () => {
     expect(heroRes.profile).to.have.all.keys(['name']);
 
     // test response values
-    expect(heroRes.balance).to.equal(3 + 0.75); // 3+0.75 for first contrib level
+    expect(heroRes.balance).to.equal(3 + 2.5); // 3+2.5 for first contrib level
     expect(heroRes.contributor.level).to.equal(1);
     expect(heroRes.purchased.ads).to.equal(true);
     // test hero values
     await hero.sync();
-    expect(hero.balance).to.equal(3 + 0.75); // 3+0.75 for first contrib level
+    expect(hero.balance).to.equal(3 + 2.5); // 3+2.5 for first contrib level
     expect(hero.contributor.level).to.equal(1);
     expect(hero.purchased.ads).to.equal(true);
     expect(hero.auth.blocked).to.equal(prevBlockState);
@@ -136,12 +137,12 @@ describe('PUT /heroes/:heroId', () => {
     expect(heroRes.profile).to.have.all.keys(['name']);
 
     // test response values
-    expect(heroRes.balance).to.equal(1); // 0+1 for sixth contrib level
+    expect(heroRes.balance).to.equal(15); // 0+15 for sixth contrib level
     expect(heroRes.contributor.level).to.equal(6);
     expect(heroRes.items.pets['Dragon-Hydra']).to.equal(5);
     // test hero values
     await hero.sync();
-    expect(hero.balance).to.equal(1); // 0+1 for sixth contrib level
+    expect(hero.balance).to.equal(15); // 0+15 for sixth contrib level
     expect(hero.contributor.level).to.equal(6);
     expect(hero.items.pets['Dragon-Hydra']).to.equal(5);
   });

test/api/v3/integration/inbox/POST-send_private_message.test.js

@@ -43,7 +43,7 @@ describe('POST /members/send-private-message', () => {
     });
   });
 
-  it('returns error when to user has blocked the sender', async () => {
+  it('returns error when recipient has blocked the sender', async () => {
     const receiver = await generateUser({ 'inbox.blocks': [userToSendMessage._id] });
 
     await expect(userToSendMessage.post('/members/send-private-message', {
@@ -56,7 +56,7 @@ describe('POST /members/send-private-message', () => {
     });
   });
 
-  it('returns error when sender has blocked to user', async () => {
+  it('returns error when sender has blocked recipient', async () => {
     const receiver = await generateUser();
     const sender = await generateUser({ 'inbox.blocks': [receiver._id] });
 
@@ -70,7 +70,7 @@ describe('POST /members/send-private-message', () => {
     });
   });
 
-  it('returns error when to user has opted out of messaging', async () => {
+  it('returns error when recipient has opted out of messaging', async () => {
     const receiver = await generateUser({ 'inbox.optOut': true });
 
     await expect(userToSendMessage.post('/members/send-private-message', {
@@ -174,7 +174,7 @@ describe('POST /members/send-private-message', () => {
     expect(notification.data.excerpt).to.equal(messageExcerpt);
   });
 
-  it('allows admin to send when sender has blocked the admin', async () => {
+  it('allows admin to send when recipient has blocked the admin', async () => {
     userToSendMessage = await generateUser({
       'permissions.moderator': true,
     });
@@ -202,7 +202,7 @@ describe('POST /members/send-private-message', () => {
     expect(sendersMessageInSendersInbox).to.exist;
   });
 
-  it('allows admin to send when to user has opted out of messaging', async () => {
+  it('allows admin to send when recipient has opted out of messaging', async () => {
     userToSendMessage = await generateUser({
       'permissions.moderator': true,
     });
@@ -229,4 +229,58 @@ describe('POST /members/send-private-message', () => {
     expect(sendersMessageInReceiversInbox).to.exist;
     expect(sendersMessageInSendersInbox).to.exist;
   });
+
+  describe('sender is shadow muted', () => {
+    beforeEach(async () => {
+      userToSendMessage = await generateUser({
+        'flags.chatShadowMuted': true,
+      });
+    });
+
+    it('does not save the message in the receiver inbox', async () => {
+      const receiver = await generateUser();
+
+      const response = await userToSendMessage.post('/members/send-private-message', {
+        message: messageToSend,
+        toUserId: receiver._id,
+      });
+
+      expect(response.message.uuid).to.equal(receiver._id);
+
+      const updatedReceiver = await receiver.get('/user');
+      const updatedSender = await userToSendMessage.get('/user');
+
+      const sendersMessageInReceiversInbox = _.find(
+        updatedReceiver.inbox.messages,
+        message => message.uuid === userToSendMessage._id && message.text === messageToSend,
+      );
+
+      const sendersMessageInSendersInbox = _.find(
+        updatedSender.inbox.messages,
+        message => message.uuid === receiver._id && message.text === messageToSend,
+      );
+
+      expect(sendersMessageInReceiversInbox).to.not.exist;
+      expect(sendersMessageInSendersInbox).to.exist;
+    });
+
+    it('does not save the message message twice if recipient is sender', async () => {
+      const response = await userToSendMessage.post('/members/send-private-message', {
+        message: messageToSend,
+        toUserId: userToSendMessage._id,
+      });
+
+      expect(response.message.uuid).to.equal(userToSendMessage._id);
+
+      const updatedSender = await userToSendMessage.get('/user');
+
+      const sendersMessageInSendersInbox = _.find(
+        updatedSender.inbox.messages,
+        message => message.uuid === userToSendMessage._id && message.text === messageToSend,
+      );
+
+      expect(sendersMessageInSendersInbox).to.exist;
+      expect(Object.keys(updatedSender.inbox.messages).length).to.equal(1);
+    });
+  });
 });

test/api/v3/integration/members/GET-members_username.test.js

@@ -0,0 +1,56 @@
+import {
+  generateUser,
+  translate as t,
+} from '../../../../helpers/api-integration/v3';
+import common from '../../../../../website/common';
+
+describe('GET /members/username/:username', () => {
+  let user;
+
+  before(async () => {
+    user = await generateUser();
+  });
+
+  it('validates req.params.username', async () => {
+    await expect(user.get('/members/username/')).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
+
+  it('returns a member\'s public data only', async () => {
+    // make sure user has all the fields that can be returned by the getMember call
+    const member = await generateUser({
+      contributor: { level: 1 },
+      backer: { tier: 3 },
+      preferences: {
+        costume: false,
+        background: 'volcano',
+      },
+      secret: {
+        text: 'Clark Kent',
+      },
+    });
+    const memberRes = await user.get(`/members/username/${member.auth.local.username}`);
+    expect(memberRes).to.have.all.keys([ // works as: object has all and only these keys
+      '_id', 'id', 'preferences', 'profile', 'stats', 'achievements', 'party',
+      'backer', 'contributor', 'auth', 'items', 'inbox', 'loginIncentives', 'flags',
+    ]);
+    expect(Object.keys(memberRes.auth)).to.eql(['local', 'timestamps']);
+    expect(Object.keys(memberRes.preferences).sort()).to.eql([
+      'size', 'hair', 'skin', 'shirt',
+      'chair', 'costume', 'sleep', 'background', 'tasks', 'disableClasses',
+    ].sort());
+
+    expect(memberRes.stats.maxMP).to.exist;
+    expect(memberRes.stats.maxHealth).to.equal(common.maxHealth);
+    expect(memberRes.stats.toNextLevel).to.equal(common.tnl(memberRes.stats.lvl));
+    expect(memberRes.inbox.optOut).to.exist;
+    expect(memberRes.inbox.canReceive).to.exist;
+    expect(memberRes.inbox.messages).to.not.exist;
+    expect(memberRes.secret).to.not.exist;
+
+    expect(memberRes.blocks).to.not.exist;
+  });
+});

test/api/v3/integration/tasks/GET-tasks_user.test.js

@@ -101,34 +101,6 @@ describe('GET /tasks/user', () => {
     expect(allCompletedTodos[allCompletedTodos.length - 1].text).to.equal('todo to complete 2');
   });
 
-  it('returns only some completed todos if req.query.type is "completedTodos" or "_allCompletedTodos"', async () => {
-    const LIMIT = 30;
-    const numberOfTodos = LIMIT + 1;
-    const todosInput = [];
-
-    for (let i = 0; i < numberOfTodos; i += 1) {
-      todosInput[i] = { text: `todo to complete ${i}`, type: 'todo' };
-    }
-    const todos = await user.post('/tasks/user', todosInput);
-    await user.sync();
-    const initialTodoCount = user.tasksOrder.todos.length;
-
-    for (let i = 0; i < numberOfTodos; i += 1) {
-      const id = todos[i]._id;
-
-      await user.post(`/tasks/${id}/score/up`); // eslint-disable-line no-await-in-loop
-    }
-    await user.sync();
-
-    expect(user.tasksOrder.todos.length).to.equal(initialTodoCount - numberOfTodos);
-
-    const completedTodos = await user.get('/tasks/user?type=completedTodos');
-    expect(completedTodos.length).to.equal(LIMIT);
-
-    const allCompletedTodos = await user.get('/tasks/user?type=_allCompletedTodos');
-    expect(allCompletedTodos.length).to.equal(numberOfTodos);
-  });
-
   it('returns dailies with isDue for the date specified', async () => {
     // @TODO Add required format
     const startDate = moment().subtract('1', 'days').toISOString();

test/api/v3/integration/tasks/POST-tasks_id_score_direction.test.js

@@ -125,6 +125,90 @@ describe('POST /tasks/:id/score/:direction', () => {
         expect(body.finalLvl).to.eql(user.stats.lvl);
       });
     });
+
+    context('handles drops', async () => {
+      let randomStub;
+
+      afterEach(() => {
+        randomStub.restore();
+      });
+      it('gives user a drop', async () => {
+        user = await generateUser({
+          'stats.gp': 100,
+          'achievements.completedTask': true,
+          'items.eggs': {
+            Wolf: 1,
+          },
+        });
+        randomStub = sandbox.stub(Math, 'random').returns(0.1);
+        const task = await user.post('/tasks/user', {
+          text: 'test habit',
+          type: 'habit',
+        });
+
+        const res = await user.post(`/tasks/${task.id}/score/up`);
+        expect(res._tmp.drop).to.be.ok;
+      });
+
+      it('does not give a drop when non-sub drop cap is reached', async () => {
+        user = await generateUser({
+          'stats.gp': 100,
+          'achievements.completedTask': true,
+          'items.eggs': {
+            Wolf: 1,
+          },
+          'items.lastDrop.count': 5,
+        });
+        randomStub = sandbox.stub(Math, 'random').returns(0.1);
+        const task = await user.post('/tasks/user', {
+          text: 'test habit',
+          type: 'habit',
+        });
+
+        const res = await user.post(`/tasks/${task.id}/score/up`);
+        expect(res._tmp.drop).to.be.undefined;
+      });
+
+      it('gives a drop when subscriber is over regular cap but under subscriber cap', async () => {
+        user = await generateUser({
+          'stats.gp': 100,
+          'achievements.completedTask': true,
+          'items.eggs': {
+            Wolf: 1,
+          },
+          'items.lastDrop.count': 6,
+          'purchased.plan.customerId': '123',
+        });
+        randomStub = sandbox.stub(Math, 'random').returns(0.1);
+        const task = await user.post('/tasks/user', {
+          text: 'test habit',
+          type: 'habit',
+        });
+
+        const res = await user.post(`/tasks/${task.id}/score/up`);
+        expect(res._tmp.drop).to.be.ok;
+      });
+
+      it('does not give a drop when subscriber is at subscriber drop cap', async () => {
+        user = await generateUser({
+          'stats.gp': 100,
+          'achievements.completedTask': true,
+          'items.eggs': {
+            Wolf: 1,
+          },
+          'items.lastDrop.count': 10,
+          'purchased.plan.customerId': '123',
+        });
+        randomStub = sandbox.stub(Math, 'random').returns(0.1);
+        const task = await user.post('/tasks/user', {
+          text: 'test habit',
+          type: 'habit',
+        });
+
+        const res = await user.post(`/tasks/${task.id}/score/up`);
+        expect(res._tmp.drop).to.be.undefined;
+      });
+    });
   });
 
   context('todos', () => {

test/api/v3/integration/tasks/groups/POST-tasks_group_id_assign_user_id.test.js

@@ -105,9 +105,9 @@ describe('POST /tasks/:taskId/assign/:memberId', () => {
 
     const groupTask = await user.get(`/tasks/group/${guild._id}`);
 
-    expect(member.notifications.length).to.equal(2);
-    expect(member.notifications[1].type).to.equal('GROUP_TASK_ASSIGNED');
-    expect(member.notifications[1].taskId).to.equal(groupTask._id);
+    const lastNotification = member.notifications[member.notifications.length - 1];
+    expect(lastNotification.type).to.equal('GROUP_TASK_ASSIGNED');
+    expect(lastNotification.taskId).to.equal(groupTask._id);
   });
 
   it('assigns a task to multiple users', async () => {

test/api/v3/integration/tasks/groups/POST-tasks_task_id_unassign.test.js

@@ -89,10 +89,12 @@ describe('POST /tasks/:taskId/unassign/:memberId', () => {
   });
 
   it('removes task assignment notification from unassigned user', async () => {
+    await member.sync();
+    const oldNotificationCount = member.notifications.length;
     await user.post(`/tasks/${task._id}/unassign/${member._id}`);
 
     await member.sync();
-    expect(member.notifications.length).to.equal(1); // mystery items
+    expect(member.notifications.length).to.equal(oldNotificationCount - 1);
   });
 
   it('unassigns a user and only that user from a task', async () => {

test/api/v3/integration/user/auth/GET-user_auth_apple.test.js

@@ -25,7 +25,7 @@ describe('GET /user/auth/apple', () => {
   });
 
   it('registers a new user', async () => {
-    const response = await api.get(appleEndpoint);
+    const response = await api.get(`${appleEndpoint}?allowRegister=true`);
 
     expect(response.apiToken).to.exist;
     expect(response.id).to.exist;
@@ -35,7 +35,7 @@ describe('GET /user/auth/apple', () => {
   });
 
   it('logs an existing user in', async () => {
-    const registerResponse = await api.get(appleEndpoint);
+    const registerResponse = await api.get(`${appleEndpoint}?allowRegister=true`);
 
     const response = await api.get(appleEndpoint);
 

test/api/v3/integration/user/auth/POST-auth_reset-password-set-new-one.js

@@ -238,6 +238,28 @@ describe('POST /user/auth/reset-password-set-new-one', () => {
     expect(isPassValid).to.equal(true);
   });
 
+  it('changes the apiToken on password reset', async () => {
+    const user = await generateUser();
+    const previousToken = user.apiToken;
+
+    const code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({ days: 1 }),
+    }));
+    await user.updateOne({
+      'auth.local.passwordResetCode': code,
+    });
+
+    await api.post(`${endpoint}`, {
+      newPassword: 'my new password',
+      confirmPassword: 'my new password',
+      code,
+    });
+
+    await user.sync();
+    expect(user.apiToken).to.not.eql(previousToken);
+  });
+
   it('renders the success page and convert the password from sha1 to bcrypt', async () => {
     const user = await generateUser();
 

test/api/v3/integration/user/auth/POST-login-local.test.js

@@ -44,7 +44,7 @@ describe('POST /user/auth/local/login', () => {
     })).to.eventually.be.rejected.and.eql({
       code: 401,
       error: 'NotAuthorized',
-      message: t('accountSuspended', { communityManagerEmail: nconf.get('EMAILS_COMMUNITY_MANAGER_EMAIL'), userId: user._id }),
+      message: t('accountSuspended', { communityManagerEmail: nconf.get('EMAILS_COMMUNITY_MANAGER_EMAIL'), userId: user._id, username: user.auth.local.username }),
     });
   });
 
@@ -110,6 +110,18 @@ describe('POST /user/auth/local/login', () => {
     expect(isValidPassword).to.equal(true);
   });
 
+  it('sets auth.timestamps.updated', async () => {
+    const oldUpdated = new Date(user.auth.timestamps.updated);
+    // login
+    await api.post(endpoint, {
+      username: user.auth.local.email,
+      password,
+    });
+
+    await user.sync();
+    expect(user.auth.timestamps.updated).to.be.greaterThan(oldUpdated);
+  });
+
   it('user uses social authentication and has no password', async () => {
     await user.unset({
       'auth.local.hashed_password': 1,

test/api/v3/integration/user/auth/POST-user_auth_social.test.js

@@ -6,6 +6,7 @@ import {
   translate as t,
   getProperty,
 } from '../../../../../helpers/api-integration/v3';
+import apiErrorMessages from '../../../../../../website/common/script/errors/apiErrorMessages';
 
 describe('POST /user/auth/social', () => {
   let api;
@@ -64,6 +65,18 @@ describe('POST /user/auth/social', () => {
       await expect(getProperty('users', response.id, 'profile.name')).to.eventually.equal('a google user');
     });
 
+    it('fails if allowRegister is false and user does not exist', async () => {
+      await expect(api.post(endpoint, {
+        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
+        network,
+        allowRegister: false,
+      })).to.eventually.be.rejected.and.eql({
+        code: 404,
+        error: 'NotFound',
+        message: `${apiErrorMessages.socialFlowUserNotFound} ${user.auth.local.username}+google@example.com`,
+      });
+    });
+
     it('logs an existing user in', async () => {
       const registerResponse = await api.post(endpoint, {
         authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
@@ -131,6 +144,36 @@ describe('POST /user/auth/social', () => {
       expect(response.newUser).to.be.false;
     });
 
+    it('logs an existing user into their social account if allowRegister is false', async () => {
+      const registerResponse = await api.post(endpoint, {
+        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
+        network,
+      });
+      expect(registerResponse.newUser).to.be.true;
+      // This is important for existing accounts before the new social handling
+      passport._strategies.google.userProfile.restore();
+      const expectedResult = {
+        id: randomGoogleId,
+        displayName: 'a google user',
+        emails: [
+          { value: user.auth.local.email },
+        ],
+      };
+      sandbox.stub(passport._strategies.google, 'userProfile').yields(null, expectedResult);
+
+      const response = await api.post(endpoint, {
+        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
+        network,
+        allowRegister: false,
+      });
+
+      expect(response.apiToken).to.eql(registerResponse.apiToken);
+      expect(response.id).to.eql(registerResponse.id);
+      expect(response.apiToken).not.to.eql(user.apiToken);
+      expect(response.id).not.to.eql(user._id);
+      expect(response.newUser).to.be.false;
+    });
+
     it('add social auth to an existing user', async () => {
       const response = await user.post(endpoint, {
         authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
@@ -167,5 +210,24 @@ describe('POST /user/auth/social', () => {
 
       await expect(getProperty('users', user._id, '_ABtests')).to.eventually.be.a('object');
     });
+
+    it('sets auth.timestamps.updated', async () => {
+      let oldUpdated = new Date(user.auth.timestamps.updated);
+      await user.post(endpoint, {
+        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
+        network,
+      });
+      await user.sync();
+      expect(user.auth.timestamps.updated).to.be.greaterThan(oldUpdated);
+      oldUpdated = new Date(user.auth.timestamps.updated);
+
+      // Do it again to ensure it updates even when nothing else changes
+      await api.post(endpoint, {
+        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
+        network,
+      });
+      await user.sync();
+      expect(user.auth.timestamps.updated).to.be.greaterThan(oldUpdated);
+    });
   });
 });

test/api/v3/integration/user/auth/PUT-user_update_password.test.js

@@ -27,11 +27,30 @@ describe('PUT /user/auth/update-password', async () => {
       newPassword,
       confirmPassword: newPassword,
     });
-    expect(response).to.eql({});
+
+    expect(response).to.exist;
+    expect(response.apiToken).to.exist;
+
     await user.sync();
     expect(user.auth.local.hashed_password).to.not.eql(previousHashedPassword);
   });
 
+  it('should change the apiToken on password change', async () => {
+    const previousToken = user.apiToken;
+    const response = await user.put(ENDPOINT, {
+      password,
+      newPassword,
+      confirmPassword: newPassword,
+    });
+
+    const newToken = response.apiToken;
+    expect(newToken).to.exist;
+
+    await user.sync();
+    expect(user.apiToken).to.eql(newToken);
+    expect(user.apiToken).to.not.eql(previousToken);
+  });
+
   it('returns an error when confirmPassword does not match newPassword', async () => {
     await expect(user.put(ENDPOINT, {
       password,

test/api/v3/integration/user/buy/POST-user_buy_mystery_set.test.js

@@ -31,7 +31,7 @@ describe('POST /user/buy-mystery-set/:key', () => {
 
     expect(res.data).to.eql({
       items: JSON.parse(JSON.stringify(user.items)), // otherwise dates can't be compared
-      purchasedPlanConsecutive: user.purchased.plan.consecutive,
+      purchasedPlanConsecutive: JSON.parse(JSON.stringify(user.purchased.plan.consecutive)),
     });
     expect(res.message).to.equal(t('hourglassPurchaseSet'));
   });

test/api/v3/integration/world-state/GET-world-state.test.js

@@ -123,7 +123,7 @@ describe('GET /world-state', () => {
 
       const res = await requester().get('/world-state');
 
-      expect(res.npcImageSuffix).to.equal('winter');
+      expect(res.npcImageSuffix).to.equal('fall');
     });
   });
 });

test/api/v4/inbox/POST-inbox_message_like.test.js

@@ -0,0 +1,104 @@
+import find from 'lodash/find';
+import {
+  generateUser,
+  translate as t,
+} from '../../../helpers/api-integration/v4';
+
+/**
+ * Checks the messages array if the uniqueMessageId has the like flag
+ * @param {InboxMessage[]} messages
+ * @param {String} uniqueMessageId
+ * @param {String} userId
+ * @param {Boolean} likeStatus
+ */
+function expectMessagesLikeStatus (messages, uniqueMessageId, userId, likeStatus) {
+  const messageToCheck = find(messages, { uniqueMessageId });
+
+  expect(messageToCheck.likes[userId]).to.equal(likeStatus);
+}
+
+// eslint-disable-next-line mocha/no-exclusive-tests
+describe('POST /inbox/like-private-message/:messageId', () => {
+  let userToSendMessage;
+  const getLikeUrl = messageId => `/inbox/like-private-message/${messageId}`;
+
+  before(async () => {
+    userToSendMessage = await generateUser();
+  });
+
+  it('returns an error when private message is not found', async () => {
+    await expect(userToSendMessage.post(getLikeUrl('some-unknown-id')))
+      .to.eventually.be.rejected.and.eql({
+        code: 404,
+        error: 'NotFound',
+        message: t('messageGroupChatNotFound'),
+      });
+  });
+
+  it('likes a message', async () => {
+    const receiver = await generateUser();
+
+    const sentMessageResult = await userToSendMessage.post('/members/send-private-message', {
+      message: 'some message :)',
+      toUserId: receiver._id,
+    });
+
+    const { uniqueMessageId } = sentMessageResult.message;
+
+    const likeResult = await receiver.post(getLikeUrl(uniqueMessageId));
+    expect(likeResult.likes[receiver._id]).to.equal(true);
+
+    const senderMessages = await userToSendMessage.get('/inbox/messages');
+
+    expectMessagesLikeStatus(senderMessages, uniqueMessageId, receiver._id, true);
+
+    const receiversMessages = await receiver.get('/inbox/messages');
+
+    expectMessagesLikeStatus(receiversMessages, uniqueMessageId, receiver._id, true);
+  });
+
+  it('allows a user to like their own private message', async () => {
+    const receiver = await generateUser();
+
+    const sentMessageResult = await userToSendMessage.post('/members/send-private-message', {
+      message: 'some message :)',
+      toUserId: receiver._id,
+    });
+
+    const { uniqueMessageId } = sentMessageResult.message;
+
+    const likeResult = await userToSendMessage.post(getLikeUrl(uniqueMessageId));
+    expect(likeResult.likes[userToSendMessage._id]).to.equal(true);
+
+    const messages = await userToSendMessage.get('/inbox/messages');
+    expectMessagesLikeStatus(messages, uniqueMessageId, userToSendMessage._id, true);
+
+    const receiversMessages = await receiver.get('/inbox/messages');
+
+    expectMessagesLikeStatus(receiversMessages, uniqueMessageId, userToSendMessage._id, true);
+  });
+
+  it('unlikes a message', async () => {
+    const receiver = await generateUser();
+
+    const sentMessageResult = await userToSendMessage.post('/members/send-private-message', {
+      message: 'some message :)',
+      toUserId: receiver._id,
+    });
+
+    const { uniqueMessageId } = sentMessageResult.message;
+
+    const likeResult = await receiver.post(getLikeUrl(uniqueMessageId));
+
+    expect(likeResult.likes[receiver._id]).to.equal(true);
+
+    const unlikeResult = await receiver.post(getLikeUrl(uniqueMessageId));
+
+    expect(unlikeResult.likes[receiver._id]).to.equal(false);
+
+    const messages = await userToSendMessage.get('/inbox/messages');
+
+    const messageToCheck = find(messages, { id: sentMessageResult.message.id });
+    expect(messageToCheck.likes[receiver._id]).to.equal(false);
+  });
+});

test/api/v4/user/GET-user.test.js

@@ -40,6 +40,24 @@ describe('GET /user', () => {
     expect(returnedUser.stats).to.not.exist;
   });
 
+  it('returns when ALWAYS_LOADED paths are requested', async () => {
+    const returnedUser = await user.get('/user?userFields=_id,notifications,preferences,auth,flags,permissions');
+
+    expect(returnedUser._id).to.equal(user._id);
+    expect(returnedUser.notifications).to.exist;
+    expect(returnedUser.preferences).to.exist;
+    expect(returnedUser.auth).to.exist;
+    expect(returnedUser.flags).to.exist;
+    expect(returnedUser.permissions).to.exist;
+  });
+
+  it('returns when subpaths paths are requested', async () => {
+    const returnedUser = await user.get('/user?userFields=auth.local.username');
+
+    expect(returnedUser._id).to.equal(user._id);
+    expect(returnedUser.auth.local.username).to.exist;
+  });
+
   it('does not return requested private properties', async () => {
     const returnedUser = await user.get('/user?userFields=apiToken,secret.text');
 

test/api/v4/user/auth/POST-check_email.test.js

@@ -0,0 +1,66 @@
+import {
+  translate as t,
+  requester,
+  generateUser,
+} from '../../../../helpers/api-integration/v4';
+
+const ENDPOINT = '/user/auth/check-email';
+
+describe('POST /user/auth/check-email', () => {
+  const email = 'SOmE-nEw-emAIl_2@example.net';
+  let api;
+
+  beforeEach(async () => {
+    api = requester();
+  });
+
+  it('returns email if it is not used yet', async () => {
+    const response = await api.post(ENDPOINT, {
+      email,
+    });
+    expect(response.email).to.eql(email);
+    expect(response.valid).to.be.true;
+  });
+
+  it('rejects if email is not provided', async () => {
+    await expect(api.post(ENDPOINT, {
+    })).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: 'Invalid request parameters.',
+    });
+  });
+
+  it('rejects if email is already taken', async () => {
+    const user = await generateUser();
+
+    const response = await api.post(ENDPOINT, {
+      email: user.auth.local.email,
+    });
+    expect(response).to.eql({
+      valid: false,
+      email: user.auth.local.email,
+      error: t('cannotFulfillReq'),
+    });
+  });
+
+  it('rejects if casing is different', async () => {
+    const user = await generateUser();
+
+    const response = await api.post(ENDPOINT, {
+      email: user.auth.local.email.toUpperCase(),
+    });
+    expect(response).to.eql({
+      valid: false,
+      email: user.auth.local.email.toUpperCase(),
+      error: t('cannotFulfillReq'),
+    });
+  });
+
+  it('rejects if email uses restricted domain', async () => {
+    const response = await api.post(ENDPOINT, {
+      email: 'fake@habitica.com',
+    });
+    expect(response.valid).to.be.false;
+  });
+});

test/common/libs/cron.test.js

@@ -183,8 +183,6 @@ describe('cron utility functions', () => {
   });
 
   describe('getPlanContext', () => {
-    const now = new Date(2022, 5, 1);
-
     function baseUserData (count, offset, planId) {
       return {
         purchased: {
@@ -192,7 +190,7 @@ describe('cron utility functions', () => {
             consecutive: {
               count,
               offset,
-              gemCapExtra: 25,
+              gemCapExtra: 26,
               trinkets: 19,
             },
             quantity: 1,
@@ -213,52 +211,19 @@ describe('cron utility functions', () => {
       };
     }
 
-    it('monthly plan, next date in 3 months', () => {
+    it('elapsedMonths is 0 if its the same month', () => {
       const user = baseUserData(60, 0, 'group_plan_auto');
-      user.purchased.plan.perkMonthCount = 0;
 
-      const planContext = getPlanContext(user, now);
-
-      expect(planContext.nextHourglassDate)
-        .to.be.sameMoment('2022-08-10T02:00:00.144Z');
+      const planContext = getPlanContext(user, new Date(2022, 4, 20));
+      expect(planContext.elapsedMonths).to.equal(0);
     });
 
-    it('monthly plan, next date in 1 month', () => {
-      const user = baseUserData(62, 0, 'group_plan_auto');
-      user.purchased.plan.perkMonthCount = 2;
+    it('elapsedMonths is 1 after one month', () => {
+      const user = baseUserData(60, 0, 'group_plan_auto');
 
-      const planContext = getPlanContext(user, now);
+      const planContext = getPlanContext(user, new Date(2022, 5, 11));
 
-      expect(planContext.nextHourglassDate)
-        .to.be.sameMoment('2022-06-10T02:00:00.144Z');
-    });
-
-    it('multi-month plan, no offset', () => {
-      const user = baseUserData(60, 0, 'basic_3mo');
-
-      const planContext = getPlanContext(user, now);
-
-      expect(planContext.nextHourglassDate)
-        .to.be.sameMoment('2022-06-10T02:00:00.144Z');
-    });
-
-    it('multi-month plan with offset', () => {
-      const user = baseUserData(60, 1, 'basic_3mo');
-
-      const planContext = getPlanContext(user, now);
-
-      expect(planContext.nextHourglassDate)
-        .to.be.sameMoment('2022-07-10T02:00:00.144Z');
-    });
-
-    it('multi-month plan with perk count', () => {
-      const user = baseUserData(60, 1, 'basic_3mo');
-      user.purchased.plan.perkMonthCount = 2;
-
-      const planContext = getPlanContext(user, now);
-
-      expect(planContext.nextHourglassDate)
-        .to.be.sameMoment('2022-07-10T02:00:00.144Z');
+      expect(planContext.elapsedMonths).to.equal(1);
     });
   });
 });

test/common/libs/shops.test.js

@@ -47,15 +47,17 @@ describe('shops', () => {
 
     describe('premium hatching potions', () => {
       it('contains current scheduled premium hatching potions', async () => {
-        clock = sinon.useFakeTimers(new Date('2024-04-01'));
+        clock = sinon.useFakeTimers(new Date('2024-04-01T09:00:00.000Z'));
         const potions = shared.shops.getMarketCategories(user).find(x => x.identifier === 'premiumHatchingPotions');
-        expect(potions.items.length).to.eql(2);
+        expect(potions.items.length).to.eql(3);
       });
 
       it('does not contain past scheduled premium hatching potions', async () => {
+        clock = sinon.useFakeTimers(new Date('2024-04-01T09:00:00.000Z'));
         const potions = shared.shops.getMarketCategories(user).find(x => x.identifier === 'premiumHatchingPotions');
-        expect(potions.items.filter(x => x.key === 'Aquatic' || x.key === 'Celestial').length).to.eql(0);
+        expect(potions.items.filter(x => x.key === 'Aquatic' || x.key === 'Celestial').length, 'Aquatic or Celestial found').to.eql(0);
       });
+
       it('returns end date for scheduled premium potions', async () => {
         const potions = shared.shops.getMarketCategories(user).find(x => x.identifier === 'premiumHatchingPotions');
         potions.items.forEach(potion => {
@@ -73,9 +75,9 @@ describe('shops', () => {
       });
 
       it('does not contain locked quest premium hatching potions', async () => {
-        clock = sinon.useFakeTimers(new Date('2024-04-01'));
+        clock = sinon.useFakeTimers(new Date('2024-04-01T09:00:00.000Z'));
         const potions = shared.shops.getMarketCategories(user).find(x => x.identifier === 'premiumHatchingPotions');
-        expect(potions.items.length).to.eql(2);
+        expect(potions.items.length).to.eql(3);
         expect(potions.items.filter(x => x.key === 'Bronze' || x.key === 'BlackPearl').length).to.eql(0);
       });
 
@@ -341,6 +343,16 @@ describe('shops', () => {
       const backgrounds = shopCategories.find(cat => cat.identifier === 'backgrounds').items;
       expect(backgrounds.length).to.be.greaterThan(0);
     });
+
+    it('does not add an end date to steampunk gear', () => {
+      const categories = shopCategories.filter(cat => cat.identifier.startsWith('30'));
+      categories.forEach(category => {
+        expect(category.end).to.not.exist;
+        category.items.forEach(item => {
+          expect(item.end).to.not.exist;
+        });
+      });
+    });
   });
 
   describe('customizationShop', () => {

test/common/ops/buy/purchase.test.js

@@ -233,6 +233,17 @@ describe('shared.ops.purchase', () => {
       expect(user.items.hatchingPotions[key]).to.eql(1);
     });
 
+    it('purchases event hatching potion', async () => {
+      clock.restore();
+      clock = sandbox.useFakeTimers(moment('2022-04-10').valueOf());
+      const type = 'hatchingPotions';
+      const key = 'Veggie';
+
+      await purchase(user, { params: { type, key } });
+
+      expect(user.items.hatchingPotions[key]).to.eql(1);
+    });
+
     it('purchases hatching potion if user completed quest', async () => {
       const type = 'hatchingPotions';
       const key = 'Bronze';

test/content/events.test.js

@@ -10,7 +10,7 @@ describe('events', () => {
   });
 
   it('returns empty array when no events are active', () => {
-    clock = sinon.useFakeTimers(new Date('2024-01-06'));
+    clock = sinon.useFakeTimers(new Date('2024-01-11'));
     const events = getRepeatingEvents();
     expect(events).to.be.empty;
   });
@@ -27,14 +27,14 @@ describe('events', () => {
   it('returns nye event at beginning of the year', () => {
     clock = sinon.useFakeTimers(new Date('2025-01-01'));
     const events = getRepeatingEvents();
-    expect(events).to.have.length(1);
+    expect(events).to.have.length(2);
     expect(events[0].key).to.equal('nye');
   });
 
   it('returns nye event at end of the year', () => {
     clock = sinon.useFakeTimers(new Date('2024-12-30'));
     const events = getRepeatingEvents();
-    expect(events).to.have.length(1);
+    expect(events).to.have.length(2);
     expect(events[0].key).to.equal('nye');
   });
 });

test/content/food.test.js

@@ -72,7 +72,7 @@ describe('food', () => {
     });
 
     it('sets canDrop for pie if it is pie season', () => {
-      clock = sinon.useFakeTimers(new Date(2024, 2, 14));
+      clock = sinon.useFakeTimers(new Date(2024, 2, 15));
       const datedContent = require('../../website/common/script/content').default;
       each(datedContent.food, foodItem => {
         if (foodItem.key.indexOf('Pie_') !== -1) {

test/content/index.test.js

@@ -42,23 +42,23 @@ describe('content index', () => {
     expect(Object.keys(juneGear).length, '').to.equal(Object.keys(julyGear).length - 3);
   });
 
-  it('Releases pets gear when appropriate without needing restarting', () => {
+  it('Releases pets when appropriate without needing restarting', () => {
     clock = sinon.useFakeTimers(new Date('2024-06-20'));
     const junePets = content.petInfo;
     expect(junePets['Chameleon-Base']).to.not.exist;
     clock.restore();
-    clock = sinon.useFakeTimers(new Date('2024-07-10'));
+    clock = sinon.useFakeTimers(new Date('2024-07-18'));
     const julyPets = content.petInfo;
     expect(julyPets['Chameleon-Base']).to.exist;
     expect(Object.keys(junePets).length, '').to.equal(Object.keys(julyPets).length - 10);
   });
 
-  it('Releases mounts gear when appropriate without needing restarting', () => {
+  it('Releases mounts when appropriate without needing restarting', () => {
     clock = sinon.useFakeTimers(new Date('2024-06-20'));
     const juneMounts = content.mountInfo;
     expect(juneMounts['Chameleon-Base']).to.not.exist;
     clock.restore();
-    clock = sinon.useFakeTimers(new Date('2024-07-10'));
+    clock = sinon.useFakeTimers(new Date('2024-07-18'));
     const julyMounts = content.mountInfo;
     expect(julyMounts['Chameleon-Base']).to.exist;
     expect(Object.keys(juneMounts).length, '').to.equal(Object.keys(julyMounts).length - 10);
@@ -131,7 +131,7 @@ describe('content index', () => {
   });
 
   it('marks pie as buyable and droppable during pi day', () => {
-    clock = sinon.useFakeTimers(new Date('2024-03-14'));
+    clock = sinon.useFakeTimers(new Date('2024-03-15'));
     const { food } = content;
     Object.keys(food).forEach(key => {
       if (key === 'Saddle') {

test/content/quests.test.js

@@ -0,0 +1,42 @@
+import {
+  each,
+} from 'lodash';
+import {
+  expectValidTranslationString,
+} from '../helpers/content.helper';
+
+import { quests } from '../../website/common/script/content/quests';
+
+describe('quests', () => {
+  let clock;
+
+  afterEach(() => {
+    if (clock) {
+      clock.restore();
+    }
+  });
+
+  it('contains basic information about each quest', () => {
+    each(quests, (quest, key) => {
+      expectValidTranslationString(quest.text);
+      expectValidTranslationString(quest.notes);
+      expectValidTranslationString(quest.completion);
+      expect(quest.key, key).to.equal(key);
+      expect(quest.category, key).to.be.a('string');
+      if (quest.boss) {
+        expectValidTranslationString(quest.boss.name);
+        expect(quest.boss.hp, key).to.be.a('number');
+        expect(quest.boss.str, key).to.be.a('number');
+      }
+      expect(quest.drop).to.be.an('object');
+      expect(quest.drop.gp, key).to.be.a('number');
+      expect(quest.drop.exp, key).to.be.a('number');
+      if (quest.drop.items) {
+        quest.drop.items.forEach(drop => {
+          expectValidTranslationString(drop.text);
+          expect(drop.type, key).to.exist;
+        });
+      }
+    });
+  });
+});

test/content/releaseDates.test.js

@@ -19,8 +19,8 @@ describe('releaseDates', () => {
   });
   describe('armoire', () => {
     it('should only contain valid armoire names', () => {
-      const lastReleaseDate = maxBy(Object.values(ARMOIRE_RELEASE_DATES), value => new Date(`${value.year}-${value.month + 1}-20`));
-      clock = sinon.useFakeTimers(new Date(`${lastReleaseDate.year}-${lastReleaseDate.month + 1}-20`));
+      const lastReleaseDate = maxBy(Object.values(ARMOIRE_RELEASE_DATES), value => new Date(`${value.year}-${value.month}-22`));
+      clock = sinon.useFakeTimers(new Date(`${lastReleaseDate.year}-${lastReleaseDate.month}-22`));
       Object.keys(ARMOIRE_RELEASE_DATES).forEach(key => {
         expect(find(armoire.all, { set: key }), `${key} is not a valid armoire set`).to.exist;
       });
@@ -40,8 +40,8 @@ describe('releaseDates', () => {
 
   describe('eggs', () => {
     it('should only contain valid egg names', () => {
-      const lastReleaseDate = maxBy(Object.values(EGGS_RELEASE_DATES), value => new Date(`${value.year}-${value.month + 1}-${value.day}`));
-      clock = sinon.useFakeTimers(new Date(`${lastReleaseDate.year}-${lastReleaseDate.month + 1}-${lastReleaseDate.day}`));
+      const lastReleaseDate = maxBy(Object.values(EGGS_RELEASE_DATES), value => new Date(`${value.year}-${value.month}-${value.day}`));
+      clock = sinon.useFakeTimers(new Date(`${lastReleaseDate.year}-${lastReleaseDate.month}-${lastReleaseDate.day + 1}`));
       Object.keys(EGGS_RELEASE_DATES).forEach(key => {
         expect(eggs.all[key], `${key} is not a valid egg name`).to.exist;
       });
@@ -61,8 +61,8 @@ describe('releaseDates', () => {
 
   describe('hatchingPotions', () => {
     it('should only contain valid potion names', () => {
-      const lastReleaseDate = maxBy(Object.values(HATCHING_POTIONS_RELEASE_DATES), value => new Date(`${value.year}-${value.month + 1}-${value.day}`));
-      clock = sinon.useFakeTimers(new Date(`${lastReleaseDate.year}-${lastReleaseDate.month + 1}-${lastReleaseDate.day}`));
+      const lastReleaseDate = maxBy(Object.values(HATCHING_POTIONS_RELEASE_DATES), value => new Date(`${value.year}-${value.month}-${value.day}`));
+      clock = sinon.useFakeTimers(new Date(`${lastReleaseDate.year}-${lastReleaseDate.month}-${lastReleaseDate.day + 1}`));
       Object.keys(HATCHING_POTIONS_RELEASE_DATES).forEach(key => {
         expect(hatchingPotions.all[key], `${key} is not a valid potion name`).to.exist;
       });

test/content/schedule.test.js

@@ -1,4 +1,5 @@
 // eslint-disable-next-line max-len
+import maxBy from 'lodash/maxBy';
 import moment from 'moment';
 import nconf from 'nconf';
 import {
@@ -10,6 +11,7 @@ import QUEST_BUNDLES from '../../website/common/script/content/bundles';
 import potions from '../../website/common/script/content/hatching-potions';
 import SPELLS from '../../website/common/script/content/spells';
 import QUEST_SEASONAL from '../../website/common/script/content/quests/seasonal';
+import { HATCHING_POTIONS_RELEASE_DATES } from '../../website/common/script/content/constants/releaseDates';
 
 function validateMatcher (matcher, checkedDate) {
   expect(matcher.end).to.be.a('date');
@@ -18,12 +20,19 @@ function validateMatcher (matcher, checkedDate) {
 
 describe('Content Schedule', () => {
   let switchoverTime;
+  let clock;
 
   beforeEach(() => {
     switchoverTime = nconf.get('CONTENT_SWITCHOVER_TIME_OFFSET') || 0;
     clearCachedMatchers();
   });
 
+  afterEach(() => {
+    if (clock) {
+      clock.restore();
+    }
+  });
+
   it('assembles scheduled items on january 15th', () => {
     const date = new Date('2024-01-15');
     const matchers = getAllScheduleMatchingGroups(date);
@@ -105,8 +114,14 @@ describe('Content Schedule', () => {
     expect(matchers.backgrounds.end).to.eql(moment.utc(`2024-05-07T${String(switchoverTime).padStart(2, '0')}:00:00.000Z`).toDate());
   });
 
-  it('sets the end date if its on the release day', () => {
-    const date = new Date('2024-05-07T07:00:00.000Z');
+  it('sets the end date if its on the release day before switchover', () => {
+    const date = new Date('2024-05-07T07:00:00.000+00:00');
+    const matchers = getAllScheduleMatchingGroups(date);
+    expect(matchers.backgrounds.end).to.eql(moment.utc(`2024-05-07T${String(switchoverTime).padStart(2, '0')}:00:00.000Z`).toDate());
+  });
+
+  it('sets the end date if its on the release day after switchover', () => {
+    const date = new Date('2024-05-07T09:00:00.000+00:00');
     const matchers = getAllScheduleMatchingGroups(date);
     expect(matchers.backgrounds.end).to.eql(moment.utc(`2024-06-07T${String(switchoverTime).padStart(2, '0')}:00:00.000Z`).toDate());
   });
@@ -118,17 +133,65 @@ describe('Content Schedule', () => {
   });
 
   it('sets the end date for a gala', () => {
-    const date = new Date('2024-05-20');
+    const date = new Date('2024-05-31');
     const matchers = getAllScheduleMatchingGroups(date);
-    expect(matchers.seasonalGear.end).to.eql(moment.utc(`2024-06-21T${String(switchoverTime).padStart(2, '0')}:00:00.000Z`).toDate());
+    expect(matchers.seasonalGear.end).to.eql(moment.utc(`2024-06-01T${String(switchoverTime).padStart(2, '0')}:00:00.000Z`).toDate());
+  });
+
+  it('sets the end date for a winter gala', () => {
+    const date = new Date('2025-02-28');
+    const matchers = getAllScheduleMatchingGroups(date);
+    expect(matchers.seasonalGear.end).to.eql(moment.utc(`2025-03-01T${String(switchoverTime).padStart(2, '0')}:00:00.000Z`).toDate());
+  });
+
+  it('sets the end date in new year for a winter gala', () => {
+    const date = new Date('2025-02-28');
+    const matchers = getAllScheduleMatchingGroups(date);
+    expect(matchers.seasonalGear.end).to.eql(moment.utc(`2025-03-01T${String(switchoverTime).padStart(2, '0')}:00:00.000Z`).toDate());
+  });
+
+  it('uses correct date for first hours of the month', () => {
+    // if the date is checked before CONTENT_SWITCHOVER_TIME_OFFSET,
+    // it should be considered the previous month
+    const date = new Date('2024-05-01T02:00:00.000Z');
+    const matchers = getAllScheduleMatchingGroups(date);
+    expect(matchers.petQuests.items).to.contain('snake');
+    expect(matchers.petQuests.items).to.not.contain('horse');
+    expect(matchers.timeTravelers.match('202304'), '202304').to.be.true;
+    expect(matchers.timeTravelers.match('202404'), '202404').to.be.false;
+    expect(matchers.timeTravelers.match('202305'), '202305').to.be.false;
+  });
+
+  it('uses correct date after switchover time', () => {
+    // if the date is checked after CONTENT_SWITCHOVER_TIME_OFFSET,
+    // it should be considered the current
+    const date = new Date('2024-05-01T09:00:00.000Z');
+    const matchers = getAllScheduleMatchingGroups(date);
+    expect(matchers.petQuests.items).to.contain('snake');
+    expect(matchers.petQuests.items).to.not.contain('horse');
+    expect(matchers.timeTravelers.match('202304'), '202304').to.be.false;
+    expect(matchers.timeTravelers.match('202305'), '202305').to.be.true;
+    expect(matchers.timeTravelers.match('202405'), '202405').to.be.false;
+  });
+
+  it('uses UTC timezone', () => {
+    // if the date is checked after CONTENT_SWITCHOVER_TIME_OFFSET,
+    // it should be considered the current
+    clock = sinon.useFakeTimers(new Date('2024-05-01T05:00:00.000-04:00'));
+    const matchers = getAllScheduleMatchingGroups();
+    expect(matchers.petQuests.items).to.contain('snake');
+    expect(matchers.petQuests.items).to.not.contain('horse');
+    expect(matchers.timeTravelers.match('202304'), '202304').to.be.false;
+    expect(matchers.timeTravelers.match('202305'), '202305').to.be.true;
+    expect(matchers.timeTravelers.match('202405'), '202405').to.be.false;
   });
 
   it('contains content for repeating events', () => {
     const date = new Date('2024-04-15');
     const matchers = getAllScheduleMatchingGroups(date);
     expect(matchers.premiumHatchingPotions).to.exist;
-    expect(matchers.premiumHatchingPotions.items.length).to.equal(4);
-    expect(matchers.premiumHatchingPotions.items.indexOf('Garden')).to.not.equal(-1);
+    expect(matchers.premiumHatchingPotions.items.length).to.equal(6);
+    expect(matchers.premiumHatchingPotions.items.indexOf('Veggie')).to.not.equal(-1);
     expect(matchers.premiumHatchingPotions.items.indexOf('Porcelain')).to.not.equal(-1);
   });
 
@@ -167,6 +230,8 @@ describe('Content Schedule', () => {
     });
 
     it('premium hatching potions', () => {
+      const lastReleaseDate = maxBy(Object.values(HATCHING_POTIONS_RELEASE_DATES), value => new Date(`${value.year}-${value.month}-${value.day}`));
+      clock = sinon.useFakeTimers(new Date(`${lastReleaseDate.year}-${lastReleaseDate.month}-${lastReleaseDate.day + 1}`));
       const potionKeys = Object.keys(potions.premium);
       Object.keys(MONTHLY_SCHEDULE).forEach(key => {
         const monthlyPotions = MONTHLY_SCHEDULE[key][21].find(item => item.type === 'premiumHatchingPotions');
@@ -207,6 +272,21 @@ describe('Content Schedule', () => {
       expect(matcher.match('backgroundkey072024')).to.be.true;
     });
 
+    it('allows background matching the month for new backgrounds from multiple years', () => {
+      const date = new Date('2026-07-08');
+      const matcher = getAllScheduleMatchingGroups(date).backgrounds;
+      expect(matcher.match('backgroundkey072024')).to.be.true;
+      expect(matcher.match('backgroundkey072025')).to.be.true;
+      expect(matcher.match('backgroundkey072026')).to.be.true;
+    });
+
+    it('allows background matching the previous month in the first week for new backgrounds', () => {
+      const date = new Date('2024-09-02');
+      const matcher = getAllScheduleMatchingGroups(date).backgrounds;
+      expect(matcher.match('backgroundkey082024')).to.be.true;
+      expect(matcher.match('backgroundkey092024')).to.be.false;
+    });
+
     it('disallows background in the future', () => {
       const date = new Date('2024-07-08');
       const matcher = getAllScheduleMatchingGroups(date).backgrounds;
@@ -226,46 +306,59 @@ describe('Content Schedule', () => {
       expect(matcher.match('backgroundkey022021')).to.be.true;
     });
 
-    it('allows background even yeared backgrounds in first half of year', () => {
+    it('allows even yeared backgrounds in first half of year', () => {
       const date = new Date('2025-02-08');
       const matcher = getAllScheduleMatchingGroups(date).backgrounds;
       expect(matcher.match('backgroundkey022024')).to.be.true;
       expect(matcher.match('backgroundkey082022')).to.be.true;
     });
 
-    it('allows background odd yeared backgrounds in second half of year', () => {
+    it('allows odd yeared backgrounds in second half of year', () => {
       const date = new Date('2024-08-08');
       const matcher = getAllScheduleMatchingGroups(date).backgrounds;
       expect(matcher.match('backgroundkey022023')).to.be.true;
       expect(matcher.match('backgroundkey082021')).to.be.true;
     });
+
+    it('allows odd yeared backgrounds in beginning of january', () => {
+      const date = new Date('2025-01-06');
+      const matcher = getAllScheduleMatchingGroups(date).backgrounds;
+      expect(matcher.match('backgroundkey122024'), 'backgroundkey122024').to.be.true;
+      expect(matcher.match('backgroundkey062023'), 'backgroundkey062022').to.be.true;
+    });
   });
 
   describe('timeTravelers matcher', () => {
     it('allows sets matching the month', () => {
       const date = new Date('2024-07-08');
       const matcher = getAllScheduleMatchingGroups(date).timeTravelers;
-      expect(matcher.match('202307')).to.be.true;
-      expect(matcher.match('202207')).to.be.true;
+      expect(matcher.match('202307'), '202307').to.be.true;
+      expect(matcher.match('202207'), '202207').to.be.true;
     });
 
     it('disallows sets not matching the month', () => {
       const date = new Date('2024-07-08');
       const matcher = getAllScheduleMatchingGroups(date).timeTravelers;
-      expect(matcher.match('202306')).to.be.false;
-      expect(matcher.match('202402')).to.be.false;
+      expect(matcher.match('202306'), '202306').to.be.false;
+      expect(matcher.match('202402'), '202402').to.be.false;
     });
 
     it('disallows sets from current month', () => {
       const date = new Date('2024-07-08');
       const matcher = getAllScheduleMatchingGroups(date).timeTravelers;
-      expect(matcher.match('202407')).to.be.false;
+      expect(matcher.match('202407'), '202407').to.be.false;
     });
 
     it('disallows sets from the future', () => {
       const date = new Date('2024-07-08');
-      const matcher = getAllScheduleMatchingGroups(date).backgrounds;
-      expect(matcher.match('202507')).to.be.false;
+      const matcher = getAllScheduleMatchingGroups(date).timeTravelers;
+      expect(matcher.match('202507'), '202507').to.be.false;
+    });
+
+    it('matches sets released in the earlier half of the year', () => {
+      const date = new Date('2024-07-08');
+      const matcher = getAllScheduleMatchingGroups(date).timeTravelers;
+      expect(matcher.match('202401'), '202401').to.be.true;
     });
   });
 });

test/content/shop-featuredItems.test.js

@@ -18,7 +18,7 @@ describe('Shop Featured Items', () => {
     });
 
     it('contains the current premium hatching potions', () => {
-      clock = Sinon.useFakeTimers(new Date('2024-04-08'));
+      clock = Sinon.useFakeTimers(new Date('2024-04-09'));
       const items = featuredItems.market();
       expect(_.find(items, item => item.path === 'premiumHatchingPotions.Porcelain')).to.exist;
     });

test/content/time-travelers.test.js

@@ -45,7 +45,7 @@ describe('time-travelers store', () => {
 
   describe('on may 1st', () => {
     beforeEach(() => {
-      date = new Date('2024-05-01');
+      date = new Date('2024-05-01T09:00:00.000Z');
     });
     it('returns the correct gear', () => {
       const items = timeTravelers.timeTravelerStore(user, date);

test/helpers/globals.helper.js

@@ -19,6 +19,6 @@ const sinonStubPromise = require('sinon-stub-promise');
 sinonStubPromise(global.sinon);
 global.sandbox = sinon.createSandbox();
 
-const setupNconf = require('../../website/server/libs/setupNconf');
+const setupNconf = require('../../website/server/libs/setupNconf').default;
 
 setupNconf('./config.json.example');

test/helpers/mongo.js

@@ -74,15 +74,10 @@ export async function getDocument (collectionName, doc) {
 }
 
 before(done => {
-  mongoose.connection.on('open', err => {
-    if (err) return done(err);
-    return resetHabiticaDB()
-      .then(() => {
-        done();
-      })
-      .catch(error => {
-        throw error;
-      });
+  mongoose.connection.once('open', async err => {
+    if (err) throw err;
+    await resetHabiticaDB();
+    done();
   });
 });
 

test/helpers/start-server.js

@@ -3,7 +3,7 @@
 
 const nconf = require('nconf');
 const mongoose = require('mongoose');
-const setupNconf = require('../../website/server/libs/setupNconf');
+const setupNconf = require('../../website/server/libs/setupNconf').default;
 
 // fix further imports of require/import syntaxes
 require('@babel/register');

website/client/.eslintrc.js

@@ -3,11 +3,12 @@ module.exports = {
   root: true,
   env: {
     node: true,
+    es2021: true,
   },
   extends: [
     'habitrpg/lib/vue',
   ],
-  ignorePatterns: ['dist/', 'node_modules/'],
+  ignorePatterns: ['dist/', 'node_modules/', '*.d.ts'],
   rules: {
     'no-console': process.env.NODE_ENV === 'production' ? 'error' : 'off',
     'no-debugger': process.env.NODE_ENV === 'production' ? 'error' : 'off',
@@ -39,7 +40,4 @@ module.exports = {
       order: ['template', 'style', 'script'],
     }],
   },
-  parserOptions: {
-    parser: 'babel-eslint',
-  },
 };

website/client/babel.config.js

@@ -1,9 +0,0 @@
-/* eslint-disable import/no-commonjs */
-module.exports = {
-  presets: [
-    '@vue/cli-plugin-babel/preset',
-  ],
-  plugins: [
-    '@babel/plugin-proposal-optional-chaining',
-  ],
-};

website/client/index.html

@@ -7,23 +7,12 @@
     <title>Habitica - Gamify Your Life</title>
     <meta name="description" content="Habitica is a free habit and productivity app that treats your real life like a game. Habitica can help you achieve your goals to become healthy and happy.">
     <meta name="keywords" content="Habits,Goals,Todo,Gamification,Health,Fitness,School,Work">
-    <meta name="smartbanner:title" content="Habitica">
-    <meta name="smartbanner:author" content="HabitRPG, Inc.">
-    <meta name="smartbanner:price" content="FREE">
-    <meta name="smartbanner:price-suffix-apple" content=" - On the App Store">
-    <meta name="smartbanner:price-suffix-google" content=" - In Google Play">
-    <meta name="smartbanner:icon-apple" content="/static/presskit/Logo/iOS.png">
-    <meta name="smartbanner:icon-google" content="/static/presskit/Logo/Android.png">
-    <meta name="smartbanner:button" content="VIEW">
-    <meta name="smartbanner:button-url-apple" content="https://itunes.apple.com/us/app/habitica-gamified-taskmanager/id994882113">
-    <meta name="smartbanner:button-url-google" content="https://play.google.com/store/apps/details?id=com.habitrpg.android.habitica">
-    <meta name="smartbanner:enabled-platforms" content="android,ios">
-    <meta name="smartbanner:hide-ttl" content="2592000000">
     <link href="https://fonts.googleapis.com/css?family=Roboto+Condensed:400,400i,700,700i|Roboto:400,400i,700,700i" rel="stylesheet">
     <link rel="shortcut icon" sizes="48x48" href="/static/icons/favicon.ico">
     <link rel="shortcut icon" sizes="192x192" href="/static/icons/favicon_192x192.png">
     <link rel="mask-icon" href="/static/icons/favicon.ico">
     <meta property="og:image" content="/static/emails/images/meta-image.png" />
+    <script type="module" src="/src/main.js"></script>
   </head>
   <body>
     <div id="loading-screen">
@@ -40,10 +29,9 @@
     </div>
 
     <div id="app"></div>
-    <!-- built files will be auto injected -->
 
     <script type="text/javascript" src="//cloudfront.loggly.com/js/loggly.tracker-latest.min.js" async></script>
     <!-- Translations -->
-    <script type='text/javascript' src='/api/v4/i18n/browser-script'></script>
+    <script type='text/javascript' src='/api/v4/i18n/browser-script' vite-ignore></script>
   </body>
 </html>

website/client/package.json

@@ -3,29 +3,26 @@
   "version": "1.0.0",
   "private": true,
   "scripts": {
-    "serve": "vue-cli-service serve",
-    "build": "vue-cli-service build",
-    "test:unit": "vue-cli-service test:unit --require ./tests/unit/helpers.js",
-    "lint": "vue-cli-service lint .",
-    "lint-no-fix": "vue-cli-service lint --no-fix .",
+    "serve": "vite",
+    "build": "vite build",
+    "preview": "vite preview",
+    "test:unit": "vitest run",
+    "test:unit:watch": "vitest watch",
+    "lint": "eslint --ext .js,.vue --ignore-path ../../.gitignore --fix .",
+    "lint-no-fix": "eslint --ext .js,.vue --no-fix src",
     "postinstall": "node ./scripts/npm-postinstall.js"
   },
   "dependencies": {
-    "@vue/cli-plugin-babel": "^5.0.8",
-    "@vue/cli-plugin-eslint": "^5.0.8",
-    "@vue/cli-plugin-router": "^5.0.8",
-    "@vue/cli-plugin-unit-mocha": "^5.0.8",
-    "@vue/cli-service": "^5.0.8",
+    "@froxz/vite-plugin-s3": "^1.6.0",
+    "@vitejs/plugin-vue2": "^2.3.3",
     "@vue/test-utils": "1.0.0-beta.29",
     "amplitude-js": "^8.21.3",
     "assert": "^2.1.0",
+    "autoprefixer": "^10.4.20",
     "axios": "^0.28.0",
     "axios-progress-bar": "^1.2.0",
-    "babel-eslint": "^10.1.0",
     "bootstrap": "^4.6.0",
     "bootstrap-vue": "^2.23.1",
-    "core-js": "^3.33.1",
-    "dompurify": "^3.0.3",
     "eslint": "7.32.0",
     "eslint-config-habitrpg": "6.2.0",
     "eslint-plugin-mocha": "5.3.0",
@@ -35,32 +32,34 @@
     "intro.js": "^7.2.0",
     "jquery": "^3.7.1",
     "lodash": "^4.17.21",
+    "markdown-it": "^14.0.0",
     "moment": "^2.29.4",
-    "moment-locales-webpack-plugin": "^1.2.0",
     "nconf": "^0.12.1",
     "sass": "^1.63.4",
-    "sass-loader": "^14.1.1",
     "sinon": "^17.0.1",
-    "smartbanner.js": "^1.19.3",
     "stopword": "^2.0.8",
     "timers-browserify": "^2.0.12",
     "uuid": "^9.0.1",
     "validator": "^13.9.0",
+    "vite": "^6.3.6",
+    "vite-plugin-compression2": "^1.3.3",
     "vue": "^2.7.10",
     "vue-fragment": "^1.6.0",
     "vue-mugen-scroll": "^0.2.6",
     "vue-router": "^3.6.5",
-    "vue-template-babel-compiler": "^2.0.0",
-    "vue-template-compiler": "^2.7.10",
     "vuedraggable": "^2.24.3",
     "vuejs-datepicker": "git://github.com/habitrpg/vuejs-datepicker.git#153d339e4dbebb73733658aeda1d5b7fcc55b0a0"
   },
   "devDependencies": {
     "@babel/plugin-proposal-optional-chaining": "^7.21.0",
+    "@vitest/browser": "^3.0.5",
     "babel-plugin-lodash": "^3.3.4",
-    "chai": "^5.1.0",
     "inspectpack": "^4.7.1",
+    "jsdom": "^26.0.0",
+    "mocha": "^11.1.0",
+    "playwright": "^1.50.1",
     "terser-webpack-plugin": "^5.3.10",
-    "webpack": "^5.89.0"
+    "vitest": "^3.0.5",
+    "webpack": "^5.94.0"
   }
 }