3.93.2

* Fixed issue when repeat object is malformed

* Removed only

* Changed numeric check to lodash isFinite

* Removed newer lodash function

.eslintignore

@@ -8,16 +8,13 @@ dist/
 dist-client/
 
 # Not linted
-migrations/*
 website/client-old/
-scripts/*
-test/server_side/**/*
 test/client-old/spec/**/*
 
 # Temporarilly disabled. These should be removed when the linting errors are fixed TODO
-website/common/script/content/index.js
+migrations/*
+scripts/*
 website/common/browserify.js
-test/content/**/*
 Gruntfile.js
 gulpfile.js
 gulp

.github/ISSUE_TEMPLATE.md

@@ -1,21 +1,19 @@
-[//]: # (Before logging this issue, look through common problems at https://github.com/HabitRPG/habitrpg/issues If you find your issue there, read at least the first post to see if there is a workaround for you)
+[//]: # (Before logging this issue, please post to the Report a Bug guild from the Habitica website's Help menu. Most bugs can be handled quickly there. If a GitHub issue is needed, you will be advised of that by a moderator or staff member -- a player with a dark blue or purple name. It is recommended that you don't create a new issue unless advised to.)
 
-[//]: # (Github is primarily used for reporting bugs. If you have a feature request, use "Help > Request a Feature" so that the feature request can be vetted by the larger Habitica community)
+[//]: # (Bugs in the mobile apps can also be reported there.)
 
-[//]: # (To report a bug in one of the mobile apps, please report it in the correct repository. Android: https://github.com/HabitRPG/habitrpg-android, iOS: https://github.com/HabitRPG/habitrpg-ios)
+[//]: # (If you have a feature request, use "Help > Request a Feature", not GitHub or the Report a Bug guild.)
 
 [//]: # (For more guidelines see https://github.com/HabitRPG/habitrpg/issues/2760)
 
 [//]: # (Fill out relevant information - UUID is found in Settings -> API)
-General Info
+### General Info
   * UUID: 
   * Browser: 
   * OS: 
 
 ### Description
-[//]: # (Describe bug in detail here. Include pictures if helpful.)
-
-
+[//]: # (Describe bug in detail here. Include screenshots if helpful.)
 
 #### Console Errors
 [//]: # (Include any JavaScript console errors here.)

.travis.yml

@@ -12,22 +12,24 @@ before_install:
   - $CXX --version
   - npm install -g npm@4
   - if [ $REQUIRES_SERVER ]; then sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10; echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | sudo tee /etc/apt/sources.list.d/mongodb.list; sudo apt-get update; sudo apt-get install mongodb-org-server; fi
+install:
+  - npm install &> npm.install.log || (cat npm.install.log; false)
 before_script:
   - npm run test:build
   - cp config.json.example config.json
   - if [ $REQUIRES_SERVER ]; then until nc -z localhost 27017; do echo Waiting for MongoDB; sleep 1; done; export DISPLAY=:99; fi
-after_script:
-  - ./node_modules/.bin/lcov-result-merger 'coverage/**/*.info' | ./node_modules/coveralls/bin/coveralls.js
-script: npm run $TEST
+script:
+  - npm run $TEST
+  - if [ $COVERAGE ]; then ./node_modules/.bin/lcov-result-merger 'coverage/**/*.info' | ./node_modules/coveralls/bin/coveralls.js; fi
 env:
   global:
     - CXX=g++-4.8
     - DISABLE_REQUEST_LOGGING=true
   matrix:
     - TEST="lint"
-    - TEST="test:api-v3" REQUIRES_SERVER=true
+    - TEST="test:api-v3" REQUIRES_SERVER=true COVERAGE=true
     - TEST="test:sanity"
-    - TEST="test:content"
-    - TEST="test:common"
-    - TEST="test:karma"
-    - TEST="client:unit"
+    - TEST="test:content" COVERAGE=true
+    - TEST="test:common" COVERAGE=true
+    - TEST="test:karma" COVERAGE=true
+    - TEST="client:unit" COVERAGE=true

Dockerfile

@@ -1,43 +1,16 @@
-FROM ubuntu:trusty
-
-MAINTAINER Sabe Jones <sabe@habitica.com>
-
-# Avoid ERROR: invoke-rc.d: policy-rc.d denied execution of start.
-RUN echo -e '#!/bin/sh\nexit 0' > /usr/sbin/policy-rc.d
-
-# Install prerequisites
-RUN apt-get update
-RUN apt-get install -y \
-    build-essential \
-    curl \
-    git \
-    libfontconfig1 \
-    libfreetype6 \
-    libkrb5-dev \
-    python
-
-# Install NodeJS
-RUN curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
-RUN apt-get install -y nodejs
-
-# Install npm@latest
-RUN curl -sL https://www.npmjs.org/install.sh | sh
-
-# Clean up package management
-RUN apt-get clean
-RUN rm -rf /var/lib/apt/lists/*
+FROM node:boron
 
 # Install global packages
 RUN npm install -g gulp grunt-cli bower mocha
 
 # Clone Habitica repo and install dependencies
-WORKDIR /habitrpg
-RUN git clone https://github.com/HabitRPG/habitica.git /habitrpg
+RUN mkdir -p /usr/src/habitrpg
+WORKDIR /usr/src/habitrpg
+RUN git clone https://github.com/HabitRPG/habitica.git /usr/src/habitrpg
 RUN npm install
 RUN bower install --allow-root
 
-# Create environment config file and build directory
-RUN cp config.json.example config.json
+# Create Build dir
 RUN mkdir -p ./website/build
 
 # Start Habitica

README.md

@@ -5,8 +5,7 @@ Habitica [![Build Status](https://travis-ci.org/HabitRPG/habitica.svg?branch=dev
 
 We need more programmers! Your assistance will be greatly appreciated.
 
-For an introduction to the technologies used and how the software is organized, refer to [Contributing to Habitica](http://habitica.wikia.com/wiki/Contributing_to_Habitica#Coders_.28Web_.26_Mobile.29) - "Coders (Web & Mobile)" section.
+For an introduction to the technologies used and how the software is organized, refer to [Guidance for Blacksmiths](http://habitica.wikia.com/wiki/Guidance_for_Blacksmiths).
 
-To set up a local install of Habitica for development and testing, see [Setting up Habitica Locally](http://habitica.wikia.com/wiki/Setting_up_Habitica_Locally), which contains instructions for Windows, *nix / Mac OS, and Vagrant.
+To set up a local install of Habitica for development and testing on various platforms, see [Setting up Habitica Locally](http://habitica.wikia.com/wiki/Setting_up_Habitica_Locally).
 
-Then read [Guidance for Blacksmiths](http://habitica.wikia.com/wiki/Guidance_for_Blacksmiths) for additional instructions and useful tips.

bower.json

@@ -30,7 +30,7 @@
     "bootstrap-tour": "0.10.1",
     "css-social-buttons": "samcollins/css-social-buttons#v1.1.1 ",
     "github-buttons": "mdo/github-buttons#v3.0.0",
-    "hello": "1.13.4",
+    "hello": "1.14.1",
     "jquery": "2.1.0",
     "jquery-colorbox": "1.4.36",
     "jquery-ui": "1.10.3",

config.json.example

@@ -73,9 +73,14 @@
     "LOGGLY_ACCOUNT": "account",
     "PUSH_CONFIGS": {
         "GCM_SERVER_API_KEY": "",
-        "APN_ENABLED": "true",
+        "APN_ENABLED": "false",
         "FCM_SERVER_API_KEY": ""
     },
+    "SITE_HTTP_AUTH": {
+        "ENABLED": "false",
+        "USERNAME": "admin",
+        "PASSWORD": "password"
+    },
     "PUSHER": {
         "ENABLED": "false",
         "APP_ID": "appId",
@@ -86,5 +91,15 @@
         "FLAGGING_URL": "https://hooks.slack.com/services/id/id/id",
         "FLAGGING_FOOTER_LINK": "https://habitrpg.github.io/flag-o-rama/",
         "SUBSCRIPTIONS_URL": "https://hooks.slack.com/services/id/id/id"
+    },
+    "ITUNES_SHARED_SECRET": "aaaabbbbccccddddeeeeffff00001111",
+    "EMAILS" : {
+        "COMMUNITY_MANAGER_EMAIL" : "leslie@habitica.com",
+        "TECH_ASSISTANCE_EMAIL" : "admin@habitica.com",
+        "PRESS_ENQUIRY_EMAIL" : "leslie@habitica.com"
+    },
+    "LOGGLY" : {
+        "TOKEN" : "example-token",
+        "SUBDOMAIN" : "exmaple-subdomain"
     }
 }

gulp/gulp-build.js

@@ -25,7 +25,7 @@ gulp.task('build:common', () => {
 
 gulp.task('build:server', ['build:src', 'build:common']);
 
-gulp.task('build:dev', ['browserify', 'prepare:staticNewStuff', 'semantic-ui'], (done) => {
+gulp.task('build:dev', ['browserify', 'prepare:staticNewStuff'], (done) => {
   gulp.start('grunt-build:dev', done);
 });
 
@@ -33,7 +33,7 @@ gulp.task('build:dev:watch', ['build:dev'], () => {
   gulp.watch(['website/client-old/**/*.styl', 'website/common/script/*']);
 });
 
-gulp.task('build:prod', ['browserify', 'build:server', 'prepare:staticNewStuff', 'semantic-ui'], (done) => {
+gulp.task('build:prod', ['browserify', 'build:server', 'prepare:staticNewStuff'], (done) => {
   runSequence(
     'grunt-build:prod',
     'apidoc',

gulp/gulp-semanticui.js

@@ -1,43 +0,0 @@
-import gulp from 'gulp';
-import fs from 'fs';
-
-// Make semantic-ui-less work with a theme in a different folder
-// Code taken from https://www.artembutusov.com/webpack-semantic-ui/
-
-// Relative to node_modules/semantic-ui-less
-const SEMANTIC_THEME_PATH = '../../website/client/assets/less/semantic-ui/theme.config';
-
-// fix well known bug with default distribution
-function fixFontPath (filename) {
-  return new Promise((resolve, reject) => {
-    fs.readFile(filename, 'utf8', (err, content) => {
-      if (err) return reject(err);
-
-      let newContent = content.replace(
-        '@fontPath  : \'../../themes/',
-        '@fontPath  : \'../../../themes/'
-      );
-
-      fs.writeFile(filename, newContent, 'utf8', (err1) => {
-        if (err) return reject(err1);
-        resolve();
-      });
-    });
-  });
-}
-
-gulp.task('semantic-ui', (done) => {
-  // relocate default config
-  fs.writeFile(
-    'node_modules/semantic-ui-less/theme.config',
-    `@import '${SEMANTIC_THEME_PATH}';\n`,
-    'utf8',
-    (err) => {
-      if (err) return done(err);
-
-      fixFontPath('node_modules/semantic-ui-less/themes/default/globals/site.variables')
-        .then(() => done())
-        .catch(done);
-    }
-  );
-});

gulp/gulp-tests.js

@@ -280,7 +280,7 @@ gulp.task('test:e2e:safe', ['test:prepare', 'test:prepare:server'], (cb) => {
 
 gulp.task('test:api-v3:unit', (done) => {
   let runner = exec(
-    testBin('mocha test/api/v3/unit --recursive --require ./test/helpers/start-server'),
+    testBin('node_modules/.bin/istanbul cover --dir coverage/api-v3-unit --report lcovonly node_modules/mocha/bin/_mocha -- test/api/v3/unit --recursive --require ./test/helpers/start-server'),
     (err, stdout, stderr) => {
       if (err) {
         process.exit(1);
@@ -298,7 +298,7 @@ gulp.task('test:api-v3:unit:watch', () => {
 
 gulp.task('test:api-v3:integration', (done) => {
   let runner = exec(
-    testBin('mocha test/api/v3/integration --recursive --require ./test/helpers/start-server'),
+    testBin('node_modules/.bin/istanbul cover --dir coverage/api-v3-integration --report lcovonly node_modules/mocha/bin/_mocha -- test/api/v3/integration --recursive --require ./test/helpers/start-server'),
     {maxBuffer: 500 * 1024},
     (err, stdout, stderr) => {
       if (err) {

gulp/gulp-transifex-test.js

@@ -67,7 +67,7 @@ gulp.task('transifex:malformedStrings', () => {
   let stringsWithIncorrectNumberOfInterpolations = [];
 
   let count = 0;
-  _(ALL_LANGUAGES).each(function (lang) {
+  _.each(ALL_LANGUAGES, function (lang) {
 
     _.each(stringsToLookFor, function (strings, file) {
       let translationFile = fs.readFileSync(LOCALES + lang + '/' + file);
@@ -89,7 +89,7 @@ gulp.task('transifex:malformedStrings', () => {
         }
       });
     });
-  }).value();
+  });
 
   if (!_.isEmpty(stringsWithMalformedInterpolations)) {
     let message = 'The following strings have malformed or missing interpolations';
@@ -114,7 +114,7 @@ function getArrayOfLanguages () {
 function eachTranslationFile (languages, cb) {
   let jsonFiles = stripOutNonJsonFiles(fs.readdirSync(ENGLISH_LOCALE));
 
-  _(languages).each((lang) => {
+  _.each(languages, (lang) => {
     _.each(jsonFiles, (filename) => {
       try {
         var translationFile = fs.readFileSync(LOCALES + lang + '/' + filename);
@@ -128,7 +128,7 @@ function eachTranslationFile (languages, cb) {
 
       cb(null, lang, filename, parsedEnglishFile, parsedTranslationFile);
     });
-  }).value();
+  });
 }
 
 function eachTranslationString (languages, cb) {
@@ -153,7 +153,7 @@ function formatMessageForPosting (msg, items) {
 function getStringsWith (json, interpolationRegex) {
   var strings = {};
 
-  _(json).each(function (file_name) {
+  _.each(json, function (file_name) {
     var raw_file = fs.readFileSync(ENGLISH_LOCALE + file_name);
     var parsed_json = JSON.parse(raw_file);
 
@@ -162,7 +162,7 @@ function getStringsWith (json, interpolationRegex) {
       var match = value.match(interpolationRegex);
       if (match) strings[file_name][key] = match;
     });
-  }).value();
+  });
 
   return strings;
 }

gulpfile.js

@@ -9,7 +9,6 @@
 require('babel-register');
 
 if (process.env.NODE_ENV === 'production') {
-  require('./gulp/gulp-semanticui');
   require('./gulp/gulp-apidoc');
   require('./gulp/gulp-newstuff');
   require('./gulp/gulp-build');

migrations/20130204_count_habits.js

@@ -1,5 +1,12 @@
 // %mongo server:27017/dbname underscore.js my_commands.js
 // %mongo server:27017/dbname underscore.js --shell
+
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var habits = 0,
     dailies = 0,
     todos = 0,

migrations/20130326_migrate_pets.js

@@ -3,6 +3,12 @@
  */
 // mongo habitrpg ./node_modules/underscore/underscore.js ./migrations/20130326_migrate_pets.js
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var mapping = {
     bearcub: {name:'BearCub', modifier: 'Base'},
     cactus: {name:'Cactus', modifier:'Base'},

migrations/20130327_apply_tokens.js

@@ -4,6 +4,12 @@
 
 // mongo habitrpg ./node_modules/underscore/underscore.js migrations/20130327_apply_tokens.js
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var mapping = [
     {
         tier: 1,

migrations/20130508_fix_duff_party_subscriptions.js

@@ -6,6 +6,11 @@
  * mongo habitrpg ./node_modules/underscore/underscore.js ./migrations/20130508_fix_duff_party_subscriptions.js
  */
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
 
 // since our primary subscription will first hit parties now, we *definitely* need an index there
 db.parties.ensureIndex( { 'members': 1}, {background: true} );

migrations/20130602_survey_rewards.js

@@ -1,5 +1,11 @@
 //mongo habitrpg ./node_modules/lodash/lodash.js migrations/20130602_survey_rewards.js
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var members = []
 members = _.uniq(members);
 

migrations/20130908_cleanup_derby_corruption.js

@@ -3,6 +3,12 @@
 // Racer was notorious for adding duplicates, randomly deleting documents, etc. Once we pull the plug on old.habit,
 // run this migration to cleanup all the corruption
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 db.users.find().forEach(function(user){
 
   // remove corrupt tasks, which will either be null-value or no id

migrations/20131028_task_subdocs_tags_invites.js

@@ -5,6 +5,12 @@
 // @see http://stackoverflow.com/questions/14867697/mongoose-full-collection-scan
 //Also, what do we think of a Mongoose Migration module? something like https://github.com/madhums/mongoose-migrate
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 db.users.find().forEach(function(user){
 
   // Add invites to groups

migrations/20131104_restore_lost_task_data.js

@@ -8,6 +8,12 @@
 var mongo = require('mongoskin');
 var _ = require('lodash');
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var backupUsers = mongo.db('localhost:27017/habitrpg_old?auto_reconnect').collection('users');
 var liveUsers = mongo.db('localhost:27017/habitrpg_new?auto_reconnect').collection('users');
 

migrations/20131127_restore_dayStart.js

@@ -1,5 +1,11 @@
 // node .migrations/20131127_restore_dayStart.js
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var mongo = require('mongoskin');
 var _ = require('lodash');
 

migrations/20131214_classes.coffee

@@ -8,6 +8,12 @@ mongo = require('mongoskin')
 _ = require('lodash')
 async = require('async')
 
+# IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+# We've now upgraded to lodash v4 but the code used in this migration has not been
+# adapted to work with it. Before this migration is used again any lodash method should
+# be checked for compatibility against the v4 changelog and changed if necessary.
+# https://github.com/lodash/lodash/wiki/Changelog#v400
+
 db = mongo.db('localhost:27017/habitrpg?auto_reconnect')
 
 ###

migrations/20131221_restore_NaN_history.js

@@ -1,5 +1,11 @@
 // node .migrations/20131221_restore_NaN_history.js
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 /**
  * After the classes migration, users lost some history entries
  */

migrations/20131225_restore_streaks.js

@@ -1,5 +1,11 @@
 // node .migrations/20131225_restore_streaks.js
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 /**
  * After the classes migration, users lost some history entries
  */

migrations/20140823_remove_undefined_and_false_notifications.js

@@ -5,6 +5,12 @@ var migrationName = '20140823_remove_undefined_and_false_notifications';
 var authorName = 'Alys'; // in case script author needs to know when their ...
 var authorUuid = 'd904bd62-da08-416b-a816-ba797c9ee265'; //... own data is done
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 /**
  * https://github.com/HabitRPG/habitrpg/pull/3907
  */

migrations/20140829_change_headAccessory_to_eyewear.js

@@ -4,6 +4,12 @@ var migrationName = '20140829_change_headAccessory_to_eyewear';
 var authorName = 'Alys'; // in case script author needs to know when their ...
 var authorUuid = 'd904bd62-da08-416b-a816-ba797c9ee265'; //... own data is done
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 /**
  * https://github.com/HabitRPG/habitrpg/issues/3645
  */

migrations/20140831_increase_gems_for_previous_contributions.js

@@ -4,6 +4,11 @@
 //
 // node 20140831_increase_gems_for_previous_contributions.js  > 20140831_increase_gems_for_previous_contributions_output.txt
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
 
 var migrationName = '20140831_increase_gems_for_previous_contributions';
 

migrations/20140914_upgrade_admin_contrib_tiers.js

@@ -8,6 +8,12 @@ var authorUuid = 'd904bd62-da08-416b-a816-ba797c9ee265'; //... own data is done
  * Convert Tier 7 contributors with admin flag to Tier 8 (moderators).
  */
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var mongo = require('mongoskin');
 var _ = require('lodash');
 

migrations/20141117_consecutive_months.js

@@ -1,3 +1,9 @@
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 // require moment, lodash
 db.users.find(
   {'purchased.plan.customerId':{$ne:null}},

migrations/20150124_mountmaster_fix.js

@@ -9,6 +9,12 @@ var authorUuid = 'd904bd62-da08-416b-a816-ba797c9ee265'; //... own data is done
 
 var dbserver = 'localhost:27017' // CHANGE THIS FOR PRODUCTION DATABASE
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var mongo = require('mongoskin');
 var _ = require('lodash');
 

migrations/20150131_birthday_goodies_fix_remove_robe.js

@@ -8,6 +8,12 @@ var authorUuid = 'd904bd62-da08-416b-a816-ba797c9ee265'; //... own data is done
 
 var dbserver = 'localhost:27017' // CHANGE THIS FOR PRODUCTION DATABASE
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var mongo = require('mongoskin');
 var _ = require('lodash');
 

migrations/20150201_convert_creation_date_from_string_to_object.js

@@ -19,6 +19,12 @@ var authorUuid = 'd904bd62-da08-416b-a816-ba797c9ee265'; //... own data is done
 
 var dbserver = 'localhost:27017' // CHANGE THIS FOR PRODUCTION DATABASE
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var mongo = require('mongoskin');
 var _ = require('lodash');
 var moment = require('moment');

migrations/20150224_force_resting_in_inn.js

@@ -6,6 +6,12 @@ var authorUuid = 'd904bd62-da08-416b-a816-ba797c9ee265'; //... own data is done
  * force all active players to rest in the inn due to massive server fail
  */
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var dbserver = 'localhost:27017' // CHANGE THIS FOR PRODUCTION DATABASE
 
 var mongo = require('mongoskin');

migrations/20150604_ultimateGearSets.js

@@ -19,6 +19,12 @@ var authorUuid = 'd904bd62-da08-416b-a816-ba797c9ee265'; //... own data is done
  * means minimal new testing.
  */
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var dbserver = 'localhost:27017' // FOR TEST DATABASE
 // var dbserver = 'username:password@ds031379-a0.mongolab.com:31379' // FOR PRODUCTION DATABASE
 var dbname = 'habitrpg';

migrations/20160111_challenges_condense_same_day_history_entries.js

@@ -7,6 +7,12 @@ var migrationName = '20160111_challenges_condense_same_day_history_entries.js';
 var dbserver = '';
 var dbname = '';
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var mongo = require('mongoskin');
 var _ = require('lodash');
 var moment = require('moment');

migrations/20160129_habit_birthday.js

@@ -11,6 +11,12 @@ var dbserver = 'localhost:27017'; // FOR TEST DATABASE
 // var dbserver = 'username:password@ds031379-a0.mongolab.com:31379'; // FOR PRODUCTION DATABASE
 var dbname = 'habitrpg';
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var mongo = require('mongoskin');
 var _ = require('lodash');
 

migrations/20160521_veteran_ladder.js

@@ -14,6 +14,12 @@ var dbname = 'habitrpg';
 var mongo = require('mongoskin');
 var _ = require('lodash');
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var dbUsers = mongo.db(dbserver + '/' + dbname + '?auto_reconnect').collection('users');
 
 // specify a query to limit the affected users (empty for all users):

migrations/20160527_fix_empty_checklist_id.js

@@ -2,6 +2,12 @@ var uuid = require('uuid').v4;
 var mongo = require('mongodb').MongoClient;
 var _ = require('lodash');
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var taskIds = require('checklists-no-id.json').map(function (obj) {
   return obj._id;
 });

migrations/20170418_subscriber_jackalopes.js

@@ -0,0 +1,88 @@
+var migrationName = '20170418_subscriber_jackalopes.js';
+var authorName = 'Sabe'; // in case script author needs to know when their ...
+var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
+
+/*
+ * Award Royal Purple Jackalope pet to all current subscribers
+ */
+
+var monk = require('monk');
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbUsers = monk(connectionString).get('users', { castIds: false });
+var now = new Date();
+
+function processUsers(lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  var query = {
+    'purchased.plan.customerId': {$type: 2},
+    $or: [
+      {'purchased.plan.dateTerminated': null},
+      {'purchased.plan.dateTerminated': {$exists: false}},
+      {'purchased.plan.dateTerminated': {$gt: now}},
+    ]
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [] // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+  .then(updateUsers)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  var userPromises = users.map(updateUser);
+  var lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+  .then(function () {
+    processUsers(lastUser._id);
+  });
+}
+
+function updateUser (user) {
+  count++;
+
+  var set = {'items.pets.Jackalope-RoyalPurple': 5};
+
+  dbUsers.update({_id: user._id}, {$set:set});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + user._id);
+  if (user._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' users processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;

migrations/20170425_missing_incentives.js

@@ -0,0 +1,207 @@
+var migrationName = '20170425_missing_incentives';
+var authorName = 'Sabe'; // in case script author needs to know when their ...
+var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
+
+/*
+ * Award missing Royal Purple Hatching Potion to users with 55+ check-ins
+ * Reduce users with impossible check-in counts to a reasonable number
+ */
+
+import monk from 'monk';
+import common from '../website/common';
+
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbUsers = monk(connectionString).get('users', { castIds: false });
+
+function processUsers(lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  var query = {
+    'loginIncentives': {$gt:99},
+    'migration': {$ne: migrationName},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [] // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+  .then(updateUsers)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  var userPromises = users.map(updateUser);
+  var lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+  .then(function () {
+    processUsers(lastUser._id);
+  });
+}
+
+function updateUser (user) {
+  count++;
+  var language = user.preferences.language || 'en';
+  var set = {'migration': migrationName};
+  var inc = {
+    'items.eggs.BearCub': 0,
+    'items.eggs.Cactus': 0,
+    'items.eggs.Dragon': 0,
+    'items.eggs.FlyingPig': 0,
+    'items.eggs.Fox': 0,
+    'items.eggs.LionCub': 0,
+    'items.eggs.PandaCub': 0,
+    'items.eggs.TigerCub': 0,
+    'items.eggs.Wolf': 0,
+    'items.food.Chocolate': 0,
+    'items.food.CottonCandyBlue': 0,
+    'items.food.CottonCandyPink': 0,
+    'items.food.Fish': 0,
+    'items.food.Honey': 0,
+    'items.food.Meat': 0,
+    'items.food.Milk': 0,
+    'items.food.Potatoe': 0,
+    'items.food.RottenMeat': 0,
+    'items.food.Strawberry': 0,
+    'items.hatchingPotions.Base': 0,
+    'items.hatchingPotions.CottonCandyBlue': 0,
+    'items.hatchingPotions.CottonCandyPink': 0,
+    'items.hatchingPotions.Desert': 0,
+    'items.hatchingPotions.Golden': 0,
+    'items.hatchingPotions.Red': 0,
+    'items.hatchingPotions.RoyalPurple': 0,
+    'items.hatchingPotions.Shade': 0,
+    'items.hatchingPotions.Skeleton': 0,
+    'items.hatchingPotions.White': 0,
+    'items.hatchingPotions.Zombie': 0,
+  };
+  var nextReward;
+
+  if (user.loginIncentives >= 105) {
+    inc['items.hatchingPotions.RoyalPurple'] += 1;
+    nextReward = 110;
+  }
+  if (user.loginIncentives >= 110) {
+    inc['items.eggs.BearCub'] += 1;
+    inc['items.eggs.Cactus'] += 1;
+    inc['items.eggs.Dragon'] += 1;
+    inc['items.eggs.FlyingPig'] += 1;
+    inc['items.eggs.Fox'] += 1;
+    inc['items.eggs.LionCub'] += 1;
+    inc['items.eggs.PandaCub'] += 1;
+    inc['items.eggs.TigerCub'] += 1;
+    inc['items.eggs.Wolf'] += 1;
+    nextReward = 115;
+  }
+  if (user.loginIncentives >= 115) {
+    inc['items.hatchingPotions.RoyalPurple'] += 1;
+    nextReward = 120;
+  }
+  if (user.loginIncentives >= 120) {
+    inc['items.hatchingPotions.Base'] += 1;
+    inc['items.hatchingPotions.CottonCandyBlue'] += 1;
+    inc['items.hatchingPotions.CottonCandyPink'] += 1;
+    inc['items.hatchingPotions.Desert'] += 1;
+    inc['items.hatchingPotions.Golden'] += 1;
+    inc['items.hatchingPotions.Red'] += 1;
+    inc['items.hatchingPotions.Shade'] += 1;
+    inc['items.hatchingPotions.Skeleton'] += 1;
+    inc['items.hatchingPotions.White'] += 1;
+    inc['items.hatchingPotions.Zombie'] += 1;
+    nextReward = 125;
+  }
+  if (user.loginIncentives >= 125) {
+    inc['items.hatchingPotions.RoyalPurple'] += 1;
+    nextReward = 130;
+  }
+  if (user.loginIncentives >= 130) {
+    inc['items.food.Chocolate'] += 3;
+    inc['items.food.CottonCandyBlue'] += 3;
+    inc['items.food.CottonCandyPink'] += 3;
+    inc['items.food.Fish'] += 3;
+    inc['items.food.Honey'] += 3;
+    inc['items.food.Meat'] += 3;
+    inc['items.food.Milk'] += 3;
+    inc['items.food.Potatoe'] += 3;
+    inc['items.food.RottenMeat'] += 3;
+    inc['items.food.Strawberry'] += 3;
+  }
+  if (user.loginIncentives >= 135) {
+    inc['items.hatchingPotions.RoyalPurple'] += 1;
+    nextReward = 140;
+  }
+  if (user.loginIncentives >= 140) {
+    set['items.gear.owned.weapon_special_skeletonKey'] = true;
+    set['items.gear.owned.shield_special_lootBag'] = true;
+    nextReward = 145;
+  }
+  if (user.loginIncentives >= 145) {
+    inc['items.hatchingPotions.RoyalPurple'] += 1;
+    nextReward = 150;
+  }
+  if (user.loginIncentives >= 150) {
+    set['items.gear.owned.head_special_clandestineCowl'] = true;
+    set['items.gear.owned.armor_special_sneakthiefRobes'] = true;
+    nextReward = 155;
+  }
+  if (user.loginIncentives > 155) {
+    set.loginIncentives = 155;
+    nextReward = 160;
+  }
+
+  var push = {
+    'notifications': {
+      'type': 'LOGIN_INCENTIVE',
+      'data': {
+        'nextRewardAt': nextReward,
+        'rewardKey': [
+          'shop_armoire',
+        ],
+        'rewardText': common.i18n.t('checkInRewards', language),
+        'reward': [],
+        'message': common.i18n.t('backloggedCheckInRewards', language),
+      },
+      'id': common.uuid(),
+    }
+  };
+
+  dbUsers.update({_id: user._id}, {$set:set, $push:push, $inc:inc});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + user._id);
+  if (user._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' users processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;

migrations/api_v3/challenges.js

@@ -6,6 +6,12 @@
 
 // Due to some big user profiles it needs more RAM than is allowed by default by v8 (arounf 1.7GB).
 // Run the script with --max-old-space-size=4096 to allow up to 4GB of RAM
+
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
 console.log('Starting migrations/api_v3/challenges.js.');
 
 require('babel-register');

migrations/api_v3/challengesMembers.js

@@ -9,6 +9,12 @@
 // Run the script with --max-old-space-size=4096 to allow up to 4GB of RAM
 console.log('Starting migrations/api_v3/challengesMembers.js.');
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 require('babel-register');
 require('babel-polyfill');
 

migrations/api_v3/coupons.js

@@ -8,6 +8,12 @@
 // Run the script with --max-old-space-size=4096 to allow up to 4GB of RAM
 console.log('Starting migrations/api_v3/coupons.js.');
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 require('babel-register');
 require('babel-polyfill');
 

migrations/api_v3/emailUnsubscriptions.js

@@ -8,6 +8,12 @@
 // Run the script with --max-old-space-size=4096 to allow up to 4GB of RAM
 console.log('Starting migrations/api_v3/unsubscriptions.js.');
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 require('babel-register');
 require('babel-polyfill');
 

migrations/api_v3/groups.js

@@ -16,6 +16,12 @@
 // Run the script with --max-old-space-size=4096 to allow up to 4GB of RAM
 console.log('Starting migrations/api_v3/groups.js.');
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 require('babel-register');
 require('babel-polyfill');
 

migrations/api_v3/users.js

@@ -9,6 +9,12 @@
 // Run the script with --max-old-space-size=4096 to allow up to 4GB of RAM
 console.log('Starting migrations/api_v3/users.js.');
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 require('babel-register');
 require('babel-polyfill');
 

migrations/challenges/sync-all-challenges.js

@@ -0,0 +1,47 @@
+import Bluebird from 'Bluebird';
+
+import { model as Challenges } from '../../website/server/models/challenge';
+import { model as User } from '../../website/server/models/user';
+
+async function syncChallengeToMembers (challenges) {
+  let challengSyncPromises = challenges.map(async function (challenge) {
+    let users = await User.find({
+      // _id: '',
+      challenges: challenge._id,
+    }).exec();
+
+    let promises = [];
+    users.forEach(function (user) {
+      promises.push(challenge.syncToUser(user));
+      promises.push(challenge.save());
+      promises.push(user.save());
+    });
+
+    return Bluebird.all(promises);
+  });
+
+  return await Bluebird.all(challengSyncPromises);
+}
+
+async function syncChallenges (lastChallengeDate) {
+  let query = {
+    // _id: '',
+  };
+
+  if (lastChallengeDate) {
+    query.createdOn = { $lte: lastChallengeDate };
+  }
+
+  let challengesFound = await Challenges.find(query)
+    .limit(10)
+    .sort('-createdAt')
+    .exec();
+
+  let syncedChallenges = await syncChallengeToMembers(challengesFound)
+    .catch(reason => console.error(reason));
+  let lastChallenge = challengesFound[challengesFound.length - 1];
+  if (lastChallenge) syncChallenges(lastChallenge.createdAt);
+  return syncedChallenges;
+};
+
+module.exports = syncChallenges;

migrations/find_unique_user.js

@@ -7,6 +7,6 @@
 
 db.users.find().forEach(function(user){
   user.tasks = user.habits.concat(user.dailys).concat(user.todos).concat(user.rewards);
-  var found = _.any(user.tasks, {text: ""})
+  var found = _.some(user.tasks, {text: ""})
   if (found) printjson({id:user._id, auth:user.auth});
 })

migrations/groups/add-unlimited-subscription.js

@@ -0,0 +1,40 @@
+var migrationName = 'AddUnlimitedSubscription';
+var authorName = 'TheHollidayInn'; // in case script author needs to know when their ...
+var authorUuid = ''; //... own data is done
+
+/*
+ * This migrations will add a free subscription to a specified group
+ */
+import moment from 'moment';
+
+import { model as Group } from '../../website/server/models/group';
+
+// @TODO: this should probably be a GroupManager library method
+async function addUnlimitedSubscription (groupId, dateTerminated) {
+    let group = await Group.findById(groupId);
+
+    group.purchased.plan.customerId = "group-unlimited";
+    group.purchased.plan.dateCreated = new Date();
+    group.purchased.plan.dateUpdated = new Date();
+    group.purchased.plan.paymentMethod = "Group Unlimited";
+    group.purchased.plan.planId = "group_monthly";
+    group.purchased.plan.dateTerminated = null;
+    if (dateTerminated) {
+        let dateToEnd = moment(dateTerminated).toDate();
+        group.purchased.plan.dateTerminated = dateToEnd;
+    }
+    // group.purchased.plan.owner = ObjectId();
+    group.purchased.plan.subscriptionId = "";
+
+    return group.save();
+};
+
+module.exports = async function addUnlimitedSubscriptionCreator () {
+    let groupId = process.argv[2];
+
+    if (!groupId) throw Error('Group ID is required');
+
+    let dateTerminated = process.argv[3];
+
+    let result = await addUnlimitedSubscription(groupId, dateTerminated);
+};

migrations/groups/create-group.js

@@ -0,0 +1,32 @@
+import Bluebird from 'bluebird';
+
+import { model as Group } from '../../website/server/models/group';
+import { model as User } from '../../website/server/models/user';
+
+// @TODO: this should probably be a GroupManager library method
+async function createGroup (name, privacy, type, leaderId) {
+    let user = await User.findById(leaderId);
+    
+    let group = new Group({
+        name,
+        privacy,
+        type,
+    });
+
+    group.leader = user._id;
+    user.guilds.push(group._id);
+
+    return Bluebird.all([group.save(), user.save()]);
+};
+
+module.exports = async function groupCreator () {
+    let name = process.argv[2];
+    let privacy = process.argv[3];
+    let type = process.argv[4];
+    let leaderId  = process.argv[5];
+
+    let result = await createGroup(name, privacy, type, leaderId)
+};
+
+
+

migrations/groups/habitrpg-jackalopes.js

@@ -0,0 +1,46 @@
+var migrationName = 'Jackalopes for Unlimited Subscribers';
+
+/*
+ * This migration will find users with unlimited subscriptions who are also eligible for Jackalope mounts, and award them
+ */
+import Bluebird from 'bluebird';
+
+import { model as Group } from '../../website/server/models/group';
+import { model as User } from '../../website/server/models/user';
+import * as payments from '../../website/server/libs/payments';
+
+async function handOutJackalopes () {
+  let promises = [];
+  let cursor = User.find({
+    'purchased.plan.customerId':'habitrpg',
+  }).cursor();
+
+  cursor.on('data', async function(user) {
+    console.log('User: ' + user._id);
+
+    let groupList = [];
+    if (user.party._id) groupList.push(user.party._id);
+    groupList = groupList.concat(user.guilds);
+
+    let subscribedGroup =
+      await Group.findOne({
+        '_id': {$in: groupList},
+        'purchased.plan.planId': 'group_monthly',
+        'purchased.plan.dateTerminated': null,
+      },
+      {'_id':1}
+    );
+
+    if (subscribedGroup) {
+      User.update({'_id':user._id},{$set:{'items.mounts.Jackalope-RoyalPurple':true}}).exec();
+      promises.push(user.save());
+    }
+  });
+
+  cursor.on('close', async function() {
+    console.log('done');
+    return await Bluebird.all(promises);
+  });
+};
+
+module.exports = handOutJackalopes;

migrations/groups/update-groups-with-group-plans.js

@@ -0,0 +1,33 @@
+var migrationName = 'ResyncGroupPlanMembers';
+var authorName = 'TheHollidayInn'; // in case script author needs to know when their ...
+var authorUuid = ''; //... own data is done
+
+/*
+ * This migrations will iterate through all groups with a group plan a subscription and resync the free
+ * subscription to all members
+ */
+
+import Bluebird from 'bluebird';
+
+import { model as Group } from '../../website/server/models/group';
+import * as payments from '../../website/server/libs/payments';
+
+async function updateGroupsWithGroupPlans () {
+  let cursor = Group.find({
+    'purchased.plan.planId': 'group_monthly',
+    'purchased.plan.dateTerminated': null,
+  }).cursor();
+
+  let promises = [];
+
+  cursor.on('data', function(group) {
+    promises.push(payments.addSubscriptionToGroupUsers(group));
+    promises.push(group.save())
+  });
+
+  cursor.on('close', async function() {
+    return await Bluebird.all(promises);
+  });
+};
+
+module.exports = updateGroupsWithGroupPlans;

migrations/manual_password_reset.js

@@ -1,6 +1,9 @@
 // EMAIL="x@y.com" node ./migrations/manual_password_reset.js
 // Be sure to have PRODUCTION_DB in your config.json
 
+// IMPORTANT: this script isn't updated to use the new password encryption that uses bcrypt
+// using it will break accounts and should not be used until upgraded
+
 var nconf = require('nconf'),
   path = require('path');
 nconf.argv().env().file('user', path.join(path.resolve(__dirname, '../config.json')));

migrations/migration-runner.js

@@ -1,21 +1,24 @@
-require("babel-register");
-require("babel-polyfill");
-
-// This file must use ES5, everything required can be in ES6
-
-function setUpServer () {
-  var nconf = require('nconf');
-  var mongoose = require('mongoose');
-  var Bluebird = require('bluebird');
-  var setupNconf = require('../website/server/libs/setupNconf');
-  setupNconf();
-  // We require src/server and npt src/index because
-  // 1. nconf is already setup
-  // 2. we don't need clustering
-  require('../website/server/server'); // eslint-disable-line global-require
-}
-setUpServer();
-
-// Replace this with your migration
-var processUsers = require('./new_stuff');
-processUsers();
+require("babel-register");
+require("babel-polyfill");
+
+// This file must use ES5, everything required can be in ES6
+
+function setUpServer () {
+  var nconf = require('nconf');
+  var mongoose = require('mongoose');
+  var Bluebird = require('bluebird');
+  var setupNconf = require('../website/server/libs/setupNconf');
+  setupNconf();
+  // We require src/server and npt src/index because
+  // 1. nconf is already setup
+  // 2. we don't need clustering
+  require('../website/server/server'); // eslint-disable-line global-require
+}
+setUpServer();
+
+// Replace this with your migration
+var processUsers = require('./groups/update-groups-with-group-plans');
+processUsers()
+  .catch(function (err) {
+      console.log(err)
+  })

migrations/mystery_items.js

@@ -2,7 +2,7 @@ var _id = '';
 var update = {
   $addToSet: {
     'purchased.plan.mysteryItems':{
-      $each:['shield_mystery_201701','eyewear_mystery_201701']
+      $each:['body_mystery_201705','head_mystery_201705']
     }
   }
 };

migrations/takeThis.js

@@ -1,4 +1,4 @@
-var migrationName = '20170201_takeThis.js'; // Update per month
+var migrationName = '20170502_takeThis.js'; // Update per month
 var authorName = 'Sabe'; // in case script author needs to know when their ...
 var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
 
@@ -14,7 +14,7 @@ function processUsers(lastId) {
   // specify a query to limit the affected users (empty for all users):
   var query = {
     'migration':{$ne:migrationName},
-    'challenges':{$in:['b1d436b5-c784-42e3-9b07-7072479a6f8e']} // Update per month
+    'challenges':{$in:['69999331-d4ea-45a0-8c3f-f725d22b56c8']} // Update per month
   };
 
   if (lastId) {

package.json

@@ -1,19 +1,19 @@
 {
   "name": "habitica",
   "description": "A habit tracker app which treats your goals like a Role Playing Game.",
-  "version": "3.75.0",
+  "version": "3.93.2",
   "main": "./website/server/index.js",
   "dependencies": {
-    "@slack/client": "3.6.0",
+    "@slack/client": "^3.8.1",
     "accepts": "^1.3.2",
     "amazon-payments": "0.0.4",
     "amplitude": "^2.0.3",
-    "apidoc": "^0.16.0",
+    "apidoc": "^0.17.5",
     "apn": "^1.7.6",
     "async": "^1.5.0",
     "autoprefixer": "^6.4.0",
     "aws-sdk": "^2.0.25",
-    "axios": "^0.15.3",
+    "axios": "^0.16.0",
     "babel-core": "^6.0.0",
     "babel-loader": "^6.0.0",
     "babel-plugin-syntax-async-functions": "^6.13.0",
@@ -28,22 +28,25 @@
     "bcrypt": "^1.0.2",
     "bluebird": "^3.3.5",
     "body-parser": "^1.15.0",
+    "bootstrap": "^4.0.0-alpha.6",
+    "bootstrap-vue": "^0.15.8",
     "bower": "~1.3.12",
     "browserify": "~12.0.1",
     "compression": "^1.6.1",
     "connect-ratelimit": "0.0.7",
     "cookie-session": "^1.2.0",
     "coupon-code": "^0.4.5",
-    "css-loader": "^0.23.1",
+    "css-loader": "^0.28.0",
     "csv-stringify": "^1.0.2",
     "cwait": "^1.0.0",
     "domain-middleware": "~0.1.0",
     "estraverse": "^4.1.1",
     "express": "~4.14.0",
+    "express-basic-auth": "^1.0.1",
     "express-csv": "~0.6.0",
     "express-validator": "^2.18.0",
-    "extract-text-webpack-plugin": "^1.0.1",
-    "file-loader": "^0.8.4",
+    "extract-text-webpack-plugin": "^2.0.0-rc.3",
+    "file-loader": "^0.10.0",
     "glob": "^4.3.5",
     "got": "^6.1.1",
     "grunt": "~0.4.1",
@@ -54,7 +57,7 @@
     "grunt-contrib-stylus": "~0.20.0",
     "grunt-contrib-uglify": "~0.6.0",
     "grunt-contrib-watch": "~0.6.1",
-    "grunt-hashres": "~0.4.1",
+    "grunt-hashres": "habitrpg/grunt-hashres#v0.4.2",
     "gulp": "^3.9.0",
     "gulp-babel": "^6.1.2",
     "gulp-grunt": "^0.5.2",
@@ -68,63 +71,61 @@
     "image-size": "~0.3.2",
     "in-app-purchase": "^1.1.6",
     "jade": "~1.11.0",
-    "jquery": "https://registry.npmjs.org/jquery/-/jquery-3.1.1.tgz",
+    "jquery": "^3.1.1",
     "js2xmlparser": "~1.0.0",
-    "json-loader": "^0.5.4",
-    "less": "^2.7.1",
-    "less-loader": "^2.2.3",
-    "lodash": "^3.10.1",
-    "lodash.pickby": "^4.2.0",
-    "lodash.setwith": "^4.2.0",
+    "lodash": "^4.17.4",
     "merge-stream": "^1.0.0",
     "method-override": "^2.3.5",
     "moment": "^2.13.0",
-    "mongoose": "^4.7.1",
+    "moment-recur": "habitrpg/moment-recur#v1.0.6",
+    "mongoose": "^4.8.6",
     "mongoose-id-autoinc": "~2013.7.14-4",
     "morgan": "^1.7.0",
     "nconf": "~0.8.2",
-    "newrelic": "^1.27.2",
     "nib": "^1.1.0",
     "node-gcm": "^0.14.4",
+    "node-sass": "^4.5.0",
     "nodemailer": "^2.3.2",
     "object-path": "^0.9.2",
-    "ora": "^0.2.0",
+    "ora": "^1.1.0",
     "pageres": "^4.1.1",
-    "passport": "~0.2.1",
-    "passport-facebook": "2.0.0",
+    "passport": "^0.3.2",
+    "passport-facebook": "^2.0.0",
     "passport-google-oauth20": "1.0.0",
     "paypal-ipn": "3.0.0",
     "paypal-rest-sdk": "^1.2.1",
-    "postcss-easy-import": "^1.0.1",
+    "postcss-easy-import": "^2.0.0",
     "pretty-data": "^0.40.0",
     "ps-tree": "^1.0.0",
-    "pug": "^2.0.0-beta6",
+    "pug": "^2.0.0-beta.12",
     "push-notify": "habitrpg/push-notify#v1.2.0",
     "pusher": "^1.3.0",
     "request": "~2.74.0",
     "rimraf": "^2.4.3",
     "run-sequence": "^1.1.4",
     "s3-upload-stream": "^1.0.6",
-    "semantic-ui-less": "~2.2.4",
+    "sass-loader": "^6.0.2",
     "serve-favicon": "^2.3.0",
-    "shelljs": "^0.6.0",
+    "shelljs": "^0.7.6",
     "stripe": "^4.2.0",
-    "superagent": "^1.8.3",
+    "superagent": "^3.4.3",
     "universal-analytics": "~0.3.2",
     "url-loader": "^0.5.7",
-    "useragent": "2.1.9",
-    "uuid": "^2.0.1",
+    "useragent": "^2.1.9",
+    "uuid": "^3.0.1",
     "validator": "^4.9.0",
     "vinyl-buffer": "^1.0.0",
     "vinyl-source-stream": "^1.1.0",
     "vue": "^2.1.0",
-    "vue-hot-reload-api": "^1.2.0",
-    "vue-loader": "^10.0.0",
+    "vue-loader": "^11.0.0",
+    "vue-mugen-scroll": "^0.2.1",
     "vue-router": "^2.0.0-rc.5",
-    "vue-template-compiler": "^2.1.0",
-    "webpack": "^1.12.2",
-    "webpack-merge": "^0.8.3",
+    "vue-style-loader": "^3.0.0",
+    "vue-template-compiler": "^2.1.10",
+    "webpack": "^2.2.1",
+    "webpack-merge": "^4.0.0",
     "winston": "^2.1.0",
+    "winston-loggly-bulk": "^1.4.2",
     "xml2js": "^0.4.4"
   },
   "private": true,
@@ -140,9 +141,9 @@
     "test:api-v3:unit": "gulp test:api-v3:unit",
     "test:api-v3:integration": "gulp test:api-v3:integration",
     "test:api-v3:integration:separate-server": "NODE_ENV=test gulp test:api-v3:integration:separate-server",
-    "test:sanity": "mocha test/sanity --recursive",
-    "test:common": "mocha test/common --recursive",
-    "test:content": "mocha test/content --recursive",
+    "test:sanity": "istanbul cover --dir coverage/sanity --report lcovonly node_modules/mocha/bin/_mocha -- test/sanity --recursive",
+    "test:common": "istanbul cover --dir coverage/common --report lcovonly node_modules/mocha/bin/_mocha -- test/common --recursive",
+    "test:content": "istanbul cover --dir coverage/content --report lcovonly node_modules/mocha/bin/_mocha -- test/content --recursive",
     "test:karma": "karma start test/client-old/spec/karma.conf.js --single-run",
     "test:karma:watch": "karma start test/client-old/spec/karma.conf.js",
     "test:prepare:webdriver": "webdriver-manager update",
@@ -153,37 +154,38 @@
     "sprites": "gulp sprites:compile",
     "client:dev": "node webpack/dev-server.js",
     "client:build": "node webpack/build.js",
-    "client:unit": "karma start test/client/unit/karma.conf.js --single-run",
-    "client:unit:watch": "karma start test/client/unit/karma.conf.js",
+    "client:unit": "cross-env NODE_ENV=test karma start test/client/unit/karma.conf.js --single-run",
+    "client:unit:watch": "cross-env NODE_ENV=test karma start test/client/unit/karma.conf.js",
     "client:e2e": "node test/client/e2e/runner.js",
     "client:test": "npm run client:unit && npm run client:e2e",
     "start": "gulp run:dev",
     "postinstall": "bower --config.interactive=false install -f; gulp build; npm run client:build"
   },
   "devDependencies": {
+    "babel-plugin-istanbul": "^4.0.0",
     "chai": "^3.4.0",
     "chai-as-promised": "^5.1.0",
     "chalk": "^1.1.3",
-    "chromedriver": "^2.21.2",
+    "chromedriver": "^2.27.2",
     "connect-history-api-fallback": "^1.1.0",
     "coveralls": "^2.11.2",
-    "cross-spawn": "^2.1.5",
+    "cross-env": "^4.0.0",
+    "cross-spawn": "^5.0.1",
     "csv": "~0.3.6",
     "deep-diff": "~0.1.4",
     "eslint": "^3.0.0",
-    "eslint-config-habitrpg": "^2.0.0",
+    "eslint-config-habitrpg": "^3.0.0",
     "eslint-friendly-formatter": "^2.0.5",
     "eslint-loader": "^1.3.0",
-    "eslint-plugin-html": "^1.3.0",
+    "eslint-plugin-html": "^2.0.0",
     "eslint-plugin-mocha": "^4.7.0",
     "event-stream": "^3.2.2",
     "eventsource-polyfill": "^0.9.6",
     "expect.js": "~0.2.0",
     "grunt-karma": "~0.12.1",
-    "http-proxy-middleware": "^0.12.0",
-    "inject-loader": "^2.0.1",
-    "isparta-loader": "^2.0.0",
-    "istanbul": "^0.3.14",
+    "http-proxy-middleware": "^0.17.0",
+    "inject-loader": "^3.0.0-beta4",
+    "istanbul": "^1.1.0-alpha.1",
     "karma": "^1.3.0",
     "karma-babel-preprocessor": "^6.0.1",
     "karma-chai-plugins": "~0.6.0",
@@ -191,28 +193,30 @@
     "karma-mocha": "^0.2.0",
     "karma-mocha-reporter": "^1.1.1",
     "karma-phantomjs-launcher": "^1.0.0",
-    "karma-sinon-chai": "^1.2.0",
+    "karma-sinon-chai": "~1.2.0",
+    "karma-sinon-stub-promise": "^1.0.0",
     "karma-sourcemap-loader": "^0.3.7",
     "karma-spec-reporter": "0.0.24",
-    "karma-webpack": "^1.7.0",
+    "karma-webpack": "^2.0.2",
     "lcov-result-merger": "^1.0.2",
     "lolex": "^1.4.0",
-    "mocha": "^2.3.3",
+    "mocha": "^3.2.0",
     "mongodb": "^2.0.46",
     "mongoskin": "~2.1.0",
-    "monk": "^3.1.3",
-    "nightwatch": "^0.8.18",
+    "monk": "^4.0.0",
+    "nightwatch": "^0.9.12",
     "phantomjs-prebuilt": "^2.1.12",
     "protractor": "^3.1.1",
     "require-again": "^2.0.0",
     "rewire": "^2.3.3",
-    "selenium-server": "2.53.0",
+    "selenium-server": "^3.0.1",
     "sinon": "^1.17.2",
     "sinon-chai": "^2.8.0",
     "sinon-stub-promise": "^4.0.0",
     "superagent-defaults": "^0.1.13",
     "vinyl-transform": "^1.0.0",
-    "webpack-dev-middleware": "^1.4.0",
-    "webpack-hot-middleware": "^2.6.0"
+    "webpack-bundle-analyzer": "^2.2.1",
+    "webpack-dev-middleware": "^1.10.0",
+    "webpack-hot-middleware": "^2.6.1"
   }
 }

test/README.md

@@ -0,0 +1 @@
+For information about writing and running tests, see [Using Your Local Install to Modify Habitica's Website and API](http://habitica.wikia.com/wiki/Using_Your_Local_Install_to_Modify_Habitica%27s_Website_and_API).

test/api/README.md

@@ -1,123 +0,0 @@
-# So you want to write API integration tests?
-
-@TODO rewrite
-
-That's great! This README will serve as a quick primer for style conventions and practices for these tests.
-
-## What is this?
-
-These are integration tests for the Habitica API. They are performed by making HTTP requests to the API's endpoints and asserting on the data that is returned.
-
-If the javascript looks weird to you, that's because it's written in [ES2015](http://www.ecma-international.org/ecma-262/6.0/) and transpiled by [Babel](https://babeljs.io/docs/learn-es2015/).
-
-## How to run the tests
-
-First, install gulp.
-
-```bash
-$ npm install -g gulp
-```
-
-To run the api tests, make sure the mongo db is up and running and then type this on the command line:
-
-```bash
-$ gulp test:api-v2
-```
-
-It may take a little while to get going, since it requires the web server to start up before the tests can run.
-
-You can also run a watch command for the api tests. This will allow the tests to re-run automatically when you make changes in the `/test/api/v2/`.
-
-```bash
-$ gulp test:api-v2:watch
-```
-
-One caveat. If you have a severe syntax error in your files, the tests may fail to run, but they won't alert you that they are not running. If you ever find your test hanging for a while, run this to get the stackstrace. Once you've fixed the problem, you can resume running the watch comand.
-
-```bash
-$ gulp test:api:safe
-```
-
-If you'd like to run the tests individually and inspect the output from the server, in one pane you can run:
-
-```bash
-$ gulp test:nodemon
-```
-
-And run your tests in another pane:
-
-```bash
-$ mocha path/to/file.js
-
-# Mark a test with the `.only` attribute
-$ mocha
-```
-
-## Structure
-
-Each top level route has it's own directory. So, all the routes that begin with `/groups/` live in `/test/api/groups/`.
-
-Each test should:
-
-  * encompase a single route
-  * begin with the REST parameter for the route
-  * display the full name of the route, swapping out `/` for `_`
-  * end with test.js
-
-So, for the `POST` route `/groups/:id/leave`, it would be
-
-```bash
-POST-groups_id_leave.test.js
-```
-
-## Promises
-
-To mitigate [callback hell](http://callbackhell.com/) :imp:, we've written a helper method to generate a user object that can make http requests that [return promises](https://babeljs.io/docs/learn-es2015/#promises).  This makes it very easy to chain together commands. All you need to do to make a subsequent request is return another promise and then call `.then((result) => {})` on the surrounding block, like so:
-
-```js
-it('does something', () => {
-  let user;
-
-  return generateUser().then((_user) => { // We return the initial promise so this test can be run asyncronously
-    user = _user;
-
-    return user.post('/groups', {
-      type: 'party',
-    });
-  }).then((party) => { // the result of the promise above is the argument of the function
-    return user.put(`/groups/${party._id}`, {
-      name: 'My party',
-    });
-  }).then((result) => {
-    return user.get('/groups/party');
-  }).then((party) => {
-    expect(party.name).to.eql('My party');
-  });
-});
-```
-
-If the test is simple, you can use the [chai-as-promised](http://chaijs.com/plugins/chai-as-promised) `return expect(somePromise).to.eventually` syntax to make your assertion.
-
-```js
-it('makes the party creator the leader automatically', () => {
-  return expect(user.post('/groups', {
-    type: 'party',
-  })).to.eventually.have.deep.property('leader._id', user._id);
-});
-```
-
-If the test is checking that the request returns an error, use the `.eventually.be.rejected.and.eql` syntax.
-
-```js
-it('returns an error', () => {
-  return expect(user.get('/groups/id-of-a-party-that-user-does-not-belong-to'))
-    .to.eventually.be.rejected.and.eql({
-      code: 404,
-      text: t('messageGroupNotFound'),
-    });
-});
-```
-
-## Questions?
-
-Ask in the [Aspiring Coder's Guild](https://habitica.com/#/options/groups/guilds/68d4a01e-db97-4786-8ee3-05d612c5af6f)!

test/api/v3/README.md

@@ -1,4 +0,0 @@
-# How to run tests:
-
-1. `npm test` is equivalent to `gulp test:api-v3` which will run, in order, `gulp lint`, `gulp test:api-v3:unit` and `gulp test:api-v3:integration`. If one of these fails, the whole `npm test` command blocks and fails.  Each of these commands can also be run as a standalone command. 
-2. To run the server and the integrations tests in two different terminals (to better inspect the output in the server) run `npm start` in one and `npm test:api-v3:integration:separate-server` in the other

test/api/v3/integration/challenges/POST-challenges_challengeId_leave.test.js

@@ -117,7 +117,6 @@ describe('POST /challenges/:challengeId/leave', () => {
       });
 
       expect(testTask).to.not.be.undefined;
-      expect(testTask.challenge).to.eql({});
     });
   });
 });

test/api/v3/integration/chat/POST-chat.test.js

@@ -4,11 +4,17 @@ import {
   sleep,
   server,
 } from '../../../../helpers/api-v3-integration.helper';
+import {
+  SPAM_MESSAGE_LIMIT,
+  SPAM_MIN_EXEMPT_CONTRIB_LEVEL,
+  TAVERN_ID,
+} from '../../../../../website/server/models/group';
 import { v4 as generateUUID } from 'uuid';
 
 describe('POST /chat', () => {
-  let user, groupWithChat, userWithChatRevoked, member;
+  let user, groupWithChat, member, additionalMember;
   let testMessage = 'Test Message';
+  let testBannedWordMessage = 'TEST_PLACEHOLDER_SWEAR_WORD_HERE';
 
   before(async () => {
     let { group, groupLeader, members } = await createAndPopulateGroup({
@@ -22,8 +28,8 @@ describe('POST /chat', () => {
 
     user = groupLeader;
     groupWithChat = group;
-    userWithChatRevoked = await members[0].update({'flags.chatRevoked': true});
     member = members[0];
+    additionalMember = members[1];
   });
 
   it('Returns an error when no message is provided', async () => {
@@ -62,6 +68,7 @@ describe('POST /chat', () => {
   });
 
   it('returns an error when chat privileges are revoked when sending a message to a public guild', async () => {
+    let userWithChatRevoked = await member.update({'flags.chatRevoked': true});
     await expect(userWithChatRevoked.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage})).to.eventually.be.rejected.and.eql({
       code: 404,
       error: 'NotFound',
@@ -69,6 +76,96 @@ describe('POST /chat', () => {
     });
   });
 
+  context('banned word', () => {
+    it('returns an error when chat message contains a banned word in tavern', async () => {
+      await expect(user.post('/groups/habitrpg/chat', { message: testBannedWordMessage}))
+      .to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('bannedWordUsed'),
+      });
+    });
+
+    it('errors when word is part of a phrase', async () => {
+      let wordInPhrase = `phrase ${testBannedWordMessage} end`;
+      await expect(user.post('/groups/habitrpg/chat', { message: wordInPhrase}))
+      .to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('bannedWordUsed'),
+      });
+    });
+
+    it('errors when word is surrounded by non alphabet characters', async () => {
+      let wordInPhrase = `_!${testBannedWordMessage}@_`;
+      await expect(user.post('/groups/habitrpg/chat', { message: wordInPhrase}))
+      .to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('bannedWordUsed'),
+      });
+    });
+
+    it('does not error when bad word is suffix of a word', async () => {
+      let wordAsSuffix = `prefix${testBannedWordMessage}`;
+      let message = await user.post('/groups/habitrpg/chat', { message: wordAsSuffix});
+
+      expect(message.message.id).to.exist;
+    });
+
+    it('does not error when bad word is prefix of a word', async () => {
+      let wordAsPrefix = `${testBannedWordMessage}suffix`;
+      let message = await user.post('/groups/habitrpg/chat', { message: wordAsPrefix});
+
+      expect(message.message.id).to.exist;
+    });
+
+    it('does not error when sending a chat message containing a banned word to a party', async () => {
+      let { group, members } = await createAndPopulateGroup({
+        groupDetails: {
+          name: 'Party',
+          type: 'party',
+          privacy: 'private',
+        },
+        members: 1,
+      });
+
+      let message = await members[0].post(`/groups/${group._id}/chat`, { message: testBannedWordMessage});
+
+      expect(message.message.id).to.exist;
+    });
+
+    it('does not error when sending a chat message containing a banned word to a public guild', async () => {
+      let { group, members } = await createAndPopulateGroup({
+        groupDetails: {
+          name: 'public guild',
+          type: 'guild',
+          privacy: 'public',
+        },
+        members: 1,
+      });
+
+      let message = await members[0].post(`/groups/${group._id}/chat`, { message: testBannedWordMessage});
+
+      expect(message.message.id).to.exist;
+    });
+
+    it('does not error when sending a chat message containing a banned word to a private guild', async () => {
+      let { group, members } = await createAndPopulateGroup({
+        groupDetails: {
+          name: 'private guild',
+          type: 'guild',
+          privacy: 'private',
+        },
+        members: 1,
+      });
+
+      let message = await members[0].post(`/groups/${group._id}/chat`, { message: testBannedWordMessage});
+
+      expect(message.message.id).to.exist;
+    });
+  });
+
   it('does not error when sending a message to a private guild with a user with revoked chat', async () => {
     let { group, members } = await createAndPopulateGroup({
       groupDetails: {
@@ -173,4 +270,30 @@ describe('POST /chat', () => {
     expect(message.message.id).to.exist;
     expect(memberWithNotification.newMessages[`${group._id}`]).to.exist;
   });
+
+  context('Spam prevention', () => {
+    it('Returns an error when the user has been posting too many messages', async () => {
+      // Post as many messages are needed to reach the spam limit
+      for (let i = 0; i < SPAM_MESSAGE_LIMIT; i++) {
+        let result = await additionalMember.post(`/groups/${TAVERN_ID}/chat`, { message: testMessage }); // eslint-disable-line no-await-in-loop
+        expect(result.message.id).to.exist;
+      }
+
+      await expect(additionalMember.post(`/groups/${TAVERN_ID}/chat`, { message: testMessage })).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('messageGroupChatSpam'),
+      });
+    });
+
+    it('contributor should not receive spam alert', async () => {
+      let userSocialite = await member.update({'contributor.level': SPAM_MIN_EXEMPT_CONTRIB_LEVEL, 'flags.chatRevoked': false});
+
+      // Post 1 more message than the spam limit to ensure they do not reach the limit
+      for (let i = 0; i < SPAM_MESSAGE_LIMIT + 1; i++) {
+        let result = await userSocialite.post(`/groups/${TAVERN_ID}/chat`, { message: testMessage }); // eslint-disable-line no-await-in-loop
+        expect(result.message.id).to.exist;
+      }
+    });
+  });
 });

test/api/v3/integration/groups/GET-groups.test.js

@@ -7,6 +7,7 @@ import {
 import {
   TAVERN_ID,
 } from '../../../../../website/server/models/group';
+import apiMessages from '../../../../../website/server/libs/apiMessages';
 
 describe('GET /groups', () => {
   let user;
@@ -14,6 +15,7 @@ describe('GET /groups', () => {
   const NUMBER_OF_PUBLIC_GUILDS_USER_IS_MEMBER = 1;
   const NUMBER_OF_USERS_PRIVATE_GUILDS = 1;
   const NUMBER_OF_GROUPS_USER_CAN_VIEW = 5;
+  const GUILD_PER_PAGE = 30;
 
   before(async () => {
     await resetHabiticaDB();
@@ -98,6 +100,60 @@ describe('GET /groups', () => {
       .to.eventually.have.a.lengthOf(NUMBER_OF_PUBLIC_GUILDS);
   });
 
+  describe('public guilds pagination', () => {
+    it('req.query.paginate must be a boolean string', async () => {
+      await expect(user.get('/groups?paginate=aString&type=publicGuilds'))
+        .to.eventually.be.rejected.and.eql({
+          code: 400,
+          error: 'BadRequest',
+          message: 'Invalid request parameters.',
+        });
+    });
+
+    it('req.query.paginate can only be true when req.query.type includes publicGuilds', async () => {
+      await expect(user.get('/groups?paginate=true&type=notPublicGuilds'))
+        .to.eventually.be.rejected.and.eql({
+          code: 400,
+          error: 'BadRequest',
+          message: apiMessages('guildsOnlyPaginate'),
+        });
+    });
+
+    it('req.query.page can\'t be negative', async () => {
+      await expect(user.get('/groups?paginate=true&page=-1&type=publicGuilds'))
+        .to.eventually.be.rejected.and.eql({
+          code: 400,
+          error: 'BadRequest',
+          message: 'Invalid request parameters.',
+        });
+    });
+
+    it('returns 30 guilds per page ordered by number of members', async () => {
+      await user.update({balance: 9000});
+      let groups = await Promise.all(_.times(60, (i) => {
+        return generateGroup(user, {
+          name: `public guild ${i} - is member`,
+          type: 'guild',
+          privacy: 'public',
+        });
+      }));
+
+      // update group number 32 and not the first to make sure sorting works
+      await groups[32].update({name: 'guild with most members', memberCount: 199});
+      await groups[33].update({name: 'guild with less members', memberCount: -100});
+
+      let page0 = await expect(user.get('/groups?type=publicGuilds&paginate=true'))
+        .to.eventually.have.a.lengthOf(GUILD_PER_PAGE);
+      expect(page0[0].name).to.equal('guild with most members');
+
+      await expect(user.get('/groups?type=publicGuilds&paginate=true&page=1'))
+        .to.eventually.have.a.lengthOf(GUILD_PER_PAGE);
+      let page2 = await expect(user.get('/groups?type=publicGuilds&paginate=true&page=2'))
+        .to.eventually.have.a.lengthOf(1 + 2); // 1 created now, 2 by other tests
+      expect(page2[2].name).to.equal('guild with less members');
+    });
+  });
+
   it('returns all the user\'s guilds when guilds passed in as query', async () => {
     await expect(user.get('/groups?type=guilds'))
       .to.eventually.have.a.lengthOf(NUMBER_OF_PUBLIC_GUILDS_USER_IS_MEMBER + NUMBER_OF_USERS_PRIVATE_GUILDS);

test/api/v3/integration/groups/GET-groups_groupId_invites.test.js

@@ -63,15 +63,17 @@ describe('GET /groups/:groupId/invites', () => {
   });
 
   it('returns only first 30 invites', async () => {
-    let group = await generateGroup(user, {type: 'party', name: generateUUID()});
+    let leader = await generateUser({balance: 4});
+    let group = await generateGroup(leader, {type: 'guild', privacy: 'public', name: generateUUID()});
+
     let invitesToGenerate = [];
     for (let i = 0; i < 31; i++) {
       invitesToGenerate.push(generateUser());
     }
     let generatedInvites = await Promise.all(invitesToGenerate);
-    await user.post(`/groups/${group._id}/invite`, {uuids: generatedInvites.map(invite => invite._id)});
+    await leader.post(`/groups/${group._id}/invite`, {uuids: generatedInvites.map(invite => invite._id)});
 
-    let res = await user.get('/groups/party/invites');
+    let res = await leader.get(`/groups/${group._id}/invites`);
     expect(res.length).to.equal(30);
     res.forEach(member => {
       expect(member).to.have.all.keys(['_id', 'id', 'profile']);

test/api/v3/integration/groups/GET-groups_groupId_members.test.js

@@ -84,7 +84,7 @@ describe('GET /groups/:groupId/members', () => {
     expect(Object.keys(memberRes.auth)).to.eql(['timestamps']);
     expect(Object.keys(memberRes.preferences).sort()).to.eql([
       'size', 'hair', 'skin', 'shirt',
-      'chair', 'costume', 'sleep', 'background',
+      'chair', 'costume', 'sleep', 'background', 'tasks',
     ].sort());
 
     expect(memberRes.stats.maxMP).to.exist;

test/api/v3/integration/groups/POST-group_remove_manager.test.js

@@ -0,0 +1,93 @@
+import {
+  createAndPopulateGroup,
+  translate as t,
+} from '../../../../helpers/api-v3-integration.helper';
+import { find } from 'lodash';
+
+describe('POST /group/:groupId/remove-manager', () => {
+  let leader, nonLeader, groupToUpdate;
+  let groupName = 'Test Public Guild';
+  let groupType = 'guild';
+  let nonManager;
+
+  function findAssignedTask (memberTask) {
+    return memberTask.group.id === groupToUpdate._id;
+  }
+
+  beforeEach(async () => {
+    let { group, groupLeader, members } = await createAndPopulateGroup({
+      groupDetails: {
+        name: groupName,
+        type: groupType,
+        privacy: 'public',
+      },
+      members: 1,
+    });
+
+    groupToUpdate = group;
+    leader = groupLeader;
+    nonLeader = members[0];
+    nonManager = members[0];
+  });
+
+  it('returns an error when a non group leader tries to add member', async () => {
+    await expect(nonLeader.post(`/groups/${groupToUpdate._id}/remove-manager`, {
+      managerId: nonLeader._id,
+    })).to.eventually.be.rejected.and.eql({
+      code: 401,
+      error: 'NotAuthorized',
+      message: t('messageGroupOnlyLeaderCanUpdate'),
+    });
+  });
+
+  it('returns an error when manager does not exist', async () => {
+    await expect(leader.post(`/groups/${groupToUpdate._id}/remove-manager`, {
+      managerId: nonManager._id,
+    })).to.eventually.be.rejected.and.eql({
+      code: 401,
+      error: 'NotAuthorized',
+      message: t('userIsNotManager'),
+    });
+  });
+
+  it('allows a leader to remove managers', async () => {
+    await leader.post(`/groups/${groupToUpdate._id}/add-manager`, {
+      managerId: nonLeader._id,
+    });
+
+    let updatedGroup = await leader.post(`/groups/${groupToUpdate._id}/remove-manager`, {
+      managerId: nonLeader._id,
+    });
+
+    expect(updatedGroup.managers[nonLeader._id]).to.not.exist;
+  });
+
+  it('removes group approval notifications from a manager that is removed', async () => {
+    await leader.post(`/groups/${groupToUpdate._id}/add-manager`, {
+      managerId: nonLeader._id,
+    });
+    let task = await leader.post(`/tasks/group/${groupToUpdate._id}`, {
+      text: 'test todo',
+      type: 'todo',
+      requiresApproval: true,
+    });
+    await nonLeader.post(`/tasks/${task._id}/assign/${leader._id}`);
+    let memberTasks = await leader.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+    await expect(leader.post(`/tasks/${syncedTask._id}/score/up`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('taskApprovalHasBeenRequested'),
+      });
+
+    let updatedGroup = await leader.post(`/groups/${groupToUpdate._id}/remove-manager`, {
+      managerId: nonLeader._id,
+    });
+
+    await nonLeader.sync();
+
+    expect(nonLeader.notifications.length).to.equal(0);
+    expect(updatedGroup.managers[nonLeader._id]).to.not.exist;
+  });
+});

test/api/v3/integration/groups/POST-groups.test.js

@@ -74,6 +74,18 @@ describe('POST /group', () => {
       expect(updatedUser.guilds).to.include(guild._id);
     });
 
+    it('awards the Joined Guild achievement', async () => {
+      await user.post('/groups', {
+        name: 'some guild',
+        type: 'guild',
+        privacy: 'public',
+      });
+
+      let updatedUser = await user.get('/user');
+
+      expect(updatedUser.achievements.joinedGuild).to.eql(true);
+    });
+
     context('public guild', () => {
       it('creates a group', async () => {
         let groupName = 'Test Public Guild';

test/api/v3/integration/groups/POST-groups_groupId_join.test.js

@@ -68,6 +68,12 @@ describe('POST /group/:groupId/join', () => {
 
       await expect(joiningUser.get(`/groups/${publicGuild._id}`)).to.eventually.have.property('memberCount', oldMemberCount + 1);
     });
+
+    it('awards Joined Guild achievement', async () => {
+      await joiningUser.post(`/groups/${publicGuild._id}/join`);
+
+      await expect(joiningUser.get('/user')).to.eventually.have.deep.property('achievements.joinedGuild', true);
+    });
   });
 
   context('Joining a private guild', () => {
@@ -147,8 +153,14 @@ describe('POST /group/:groupId/join', () => {
           }),
         };
 
-        expect(inviter.notifications[0].type).to.eql('GROUP_INVITE_ACCEPTED');
-        expect(inviter.notifications[0].data).to.eql(expectedData);
+        expect(inviter.notifications[1].type).to.eql('GROUP_INVITE_ACCEPTED');
+        expect(inviter.notifications[1].data).to.eql(expectedData);
+      });
+
+      it('awards Joined Guild achievement', async () => {
+        await invitedUser.post(`/groups/${guild._id}/join`);
+
+        await expect(invitedUser.get('/user')).to.eventually.have.deep.property('achievements.joinedGuild', true);
       });
     });
   });

test/api/v3/integration/groups/POST-groups_groupId_leave.js

@@ -78,7 +78,7 @@ describe('POST /groups/:groupId/leave', () => {
         expect(leader.newMessages[groupToLeave._id]).to.be.empty;
       });
 
-      context('With challenges', () => {
+      context('with challenges', () => {
         let challenge;
 
         beforeEach(async () => {
@@ -106,10 +106,25 @@ describe('POST /groups/:groupId/leave', () => {
 
           let userWithChallengeTasks = await leader.get('/user');
 
-          expect(userWithChallengeTasks.challenges).to.not.include(challenge._id);
           // @TODO find elegant way to assert against the task existing
           expect(userWithChallengeTasks.tasksOrder.habits).to.not.be.empty;
         });
+
+        it('keeps the user in the challenge when the keepChallenges parameter is set to remain-in-challenges', async () => {
+          await leader.post(`/groups/${groupToLeave._id}/leave`, {keepChallenges: 'remain-in-challenges'});
+
+          let userWithChallengeTasks = await leader.get('/user');
+
+          expect(userWithChallengeTasks.challenges).to.include(challenge._id);
+        });
+
+        it('drops the user in the challenge when the keepChallenges parameter isn\'t set', async () => {
+          await leader.post(`/groups/${groupToLeave._id}/leave`);
+
+          let userWithChallengeTasks = await leader.get('/user');
+
+          expect(userWithChallengeTasks.challenges).to.not.include(challenge._id);
+        });
       });
 
       it('prevents quest leader from leaving a groupToLeave');

test/api/v3/integration/groups/POST-groups_invite.test.js

@@ -1,10 +1,14 @@
 import {
   generateUser,
+  generateGroup,
   translate as t,
 } from '../../../../helpers/api-v3-integration.helper';
 import { v4 as generateUUID } from 'uuid';
+import nconf from 'nconf';
 
 const INVITES_LIMIT = 100;
+const PARTY_LIMIT_MEMBERS = 30;
+const MAX_EMAIL_INVITES_BY_USER = 200;
 
 describe('Post /groups/:groupId/invite', () => {
   let inviter;
@@ -12,7 +16,7 @@ describe('Post /groups/:groupId/invite', () => {
   let groupName = 'Test Public Guild';
 
   beforeEach(async () => {
-    inviter = await generateUser({balance: 1});
+    inviter = await generateUser({balance: 4});
     group = await inviter.post('/groups', {
       name: groupName,
       type: 'guild',
@@ -203,13 +207,37 @@ describe('Post /groups/:groupId/invite', () => {
       });
     });
 
+    it('returns an error when a user has sent the max number of email invites', async () => {
+      let inviterWithMax = await generateUser({
+        invitesSent: MAX_EMAIL_INVITES_BY_USER,
+        balance: 4,
+      });
+      let tmpGroup = await inviterWithMax.post('/groups', {
+        name: groupName,
+        type: 'guild',
+      });
+
+      await expect(inviterWithMax.post(`/groups/${tmpGroup._id}/invite`, {
+        emails: [testInvite],
+        inviter: 'inviter name',
+      }))
+      .to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('inviteLimitReached', {techAssistanceEmail: nconf.get('EMAILS:TECH_ASSISTANCE_EMAIL')}),
+      });
+    });
+
     it('invites a user to a group by email', async () => {
       let res = await inviter.post(`/groups/${group._id}/invite`, {
         emails: [testInvite],
         inviter: 'inviter name',
       });
 
+      let updatedUser = await inviter.sync();
+
       expect(res).to.exist;
+      expect(updatedUser.invitesSent).to.eql(1);
     });
 
     it('invites multiple users to a group by email', async () => {
@@ -217,7 +245,10 @@ describe('Post /groups/:groupId/invite', () => {
         emails: [testInvite, {name: 'test2', email: 'test2@habitica.com'}],
       });
 
+      let updatedUser = await inviter.sync();
+
       expect(res).to.exist;
+      expect(updatedUser.invitesSent).to.eql(2);
     });
   });
 
@@ -265,6 +296,25 @@ describe('Post /groups/:groupId/invite', () => {
       expect(invitedUser.invitations.guilds[0].id).to.equal(group._id);
       expect(invite).to.exist;
     });
+
+    it('invites marks invite with cancelled plan', async () => {
+      let cancelledPlanGroup = await generateGroup(inviter, {
+        type: 'guild',
+        name: generateUUID(),
+      });
+      await cancelledPlanGroup.createCancelledSubscription();
+
+      let newUser = await generateUser();
+      let invite = await inviter.post(`/groups/${cancelledPlanGroup._id}/invite`, {
+        uuids: [newUser._id],
+        emails: [{name: 'test', email: 'test@habitica.com'}],
+      });
+      let invitedUser = await newUser.get('/user');
+
+      expect(invitedUser.invitations.guilds[0].id).to.equal(cancelledPlanGroup._id);
+      expect(invitedUser.invitations.guilds[0].cancelledPlan).to.be.true;
+      expect(invite).to.exist;
+    });
   });
 
   describe('guild invites', () => {
@@ -301,6 +351,19 @@ describe('Post /groups/:groupId/invite', () => {
       });
     });
 
+    it('allows 30+ members in a guild', async () => {
+      let invitesToGenerate = [];
+      // Generate 30 users to invite (30 + leader = 31 members)
+      for (let i = 0; i < PARTY_LIMIT_MEMBERS; i++) {
+        invitesToGenerate.push(generateUser());
+      }
+      let generatedInvites = await Promise.all(invitesToGenerate);
+      // Invite users
+      expect(await inviter.post(`/groups/${group._id}/invite`, {
+        uuids: generatedInvites.map(invite => invite._id),
+      })).to.be.an('array');
+    });
+
     // @TODO: Add this after we are able to mock the group plan route
     xit('returns an error when a non-leader invites to a group plan', async () => {
       let userToInvite = await generateUser();
@@ -390,5 +453,36 @@ describe('Post /groups/:groupId/invite', () => {
       });
       expect((await userToInvite.get('/user')).invitations.party.id).to.equal(party._id);
     });
+
+    it('allows 30 members in a party', async () => {
+      let invitesToGenerate = [];
+      // Generate 29 users to invite (29 + leader = 30 members)
+      for (let i = 0; i < PARTY_LIMIT_MEMBERS - 1; i++) {
+        invitesToGenerate.push(generateUser());
+      }
+      let generatedInvites = await Promise.all(invitesToGenerate);
+      // Invite users
+      expect(await inviter.post(`/groups/${party._id}/invite`, {
+        uuids: generatedInvites.map(invite => invite._id),
+      })).to.be.an('array');
+    });
+
+    it('does not allow 30+ members in a party', async () => {
+      let invitesToGenerate = [];
+      // Generate 30 users to invite (30 + leader = 31 members)
+      for (let i = 0; i < PARTY_LIMIT_MEMBERS; i++) {
+        invitesToGenerate.push(generateUser());
+      }
+      let generatedInvites = await Promise.all(invitesToGenerate);
+      // Invite users
+      await expect(inviter.post(`/groups/${party._id}/invite`, {
+        uuids: generatedInvites.map(invite => invite._id),
+      }))
+      .to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('partyExceedsMembersLimit', {maxMembersParty: PARTY_LIMIT_MEMBERS}),
+      });
+    });
   });
 });

test/api/v3/integration/groups/POST-groups_manager.test.js

@@ -0,0 +1,85 @@
+import {
+  generateUser,
+  createAndPopulateGroup,
+  translate as t,
+} from '../../../../helpers/api-v3-integration.helper';
+
+describe('POST /group/:groupId/add-manager', () => {
+  let leader, nonLeader, groupToUpdate;
+  let groupName = 'Test Public Guild';
+  let groupType = 'guild';
+  let nonMember;
+
+  context('Guilds', () => {
+    beforeEach(async () => {
+      let { group, groupLeader, members } = await createAndPopulateGroup({
+        groupDetails: {
+          name: groupName,
+          type: groupType,
+          privacy: 'public',
+        },
+        members: 1,
+      });
+
+      groupToUpdate = group;
+      leader = groupLeader;
+      nonLeader = members[0];
+      nonMember = await generateUser();
+    });
+
+    it('returns an error when a non group leader tries to add member', async () => {
+      await expect(nonLeader.post(`/groups/${groupToUpdate._id}/add-manager`, {
+        managerId: nonLeader._id,
+      })).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('messageGroupOnlyLeaderCanUpdate'),
+      });
+    });
+
+    it('returns an error when trying to promote a non member', async () => {
+      await expect(leader.post(`/groups/${groupToUpdate._id}/add-manager`, {
+        managerId: nonMember._id,
+      })).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('userMustBeMember'),
+      });
+    });
+
+    it('allows a leader to add managers', async () => {
+      let updatedGroup = await leader.post(`/groups/${groupToUpdate._id}/add-manager`, {
+        managerId: nonLeader._id,
+      });
+
+      expect(updatedGroup.managers[nonLeader._id]).to.be.true;
+    });
+  });
+
+  context('Party', () => {
+    let party, partyLeader, partyNonLeader;
+
+    beforeEach(async () => {
+      let { group, groupLeader, members } = await createAndPopulateGroup({
+        groupDetails: {
+          name: groupName,
+          type: 'party',
+          privacy: 'private',
+        },
+        members: 1,
+      });
+
+      party = group;
+      partyLeader = groupLeader;
+      partyNonLeader = members[0];
+    });
+
+    it('allows leader of party to add managers', async () => {
+      let updatedGroup = await partyLeader.post(`/groups/${party._id}/add-manager`, {
+        managerId: partyNonLeader._id,
+      });
+
+      expect(updatedGroup.managers[partyNonLeader._id]).to.be.true;
+    });
+  });
+});

test/api/v3/integration/groups/PUT-groups.test.js

@@ -43,4 +43,15 @@ describe('PUT /group', () => {
     expect(updatedGroup.leader.profile.name).to.eql(leader.profile.name);
     expect(updatedGroup.name).to.equal(groupUpdatedName);
   });
+
+  it('allows a leader to change leaders', async () => {
+    let updatedGroup = await leader.put(`/groups/${groupToUpdate._id}`, {
+      name: groupUpdatedName,
+      leader: nonLeader._id,
+    });
+
+    expect(updatedGroup.leader._id).to.eql(nonLeader._id);
+    expect(updatedGroup.leader.profile.name).to.eql(nonLeader.profile.name);
+    expect(updatedGroup.name).to.equal(groupUpdatedName);
+  });
 });

test/api/v3/integration/hall/PUT-hall_heores_heroId.test.js

@@ -40,13 +40,14 @@ describe('PUT /heroes/:heroId', () => {
     });
   });
 
-  it('updates contributor level, balance, ads, blocked', async () => {
+  it('change contributor level, balance, ads', async () => {
     let hero = await generateUser();
+    let prevBlockState = hero.auth.blocked;
+    let prevSleepState = hero.preferences.sleep;
     let heroRes = await user.put(`/hall/heroes/${hero._id}`, {
       balance: 3,
       contributor: {level: 1},
       purchased: {ads: true},
-      auth: {blocked: true},
     });
 
     // test response
@@ -61,18 +62,47 @@ describe('PUT /heroes/:heroId', () => {
     expect(heroRes.balance).to.equal(3 + 0.75); // 3+0.75 for first contrib level
     expect(heroRes.contributor.level).to.equal(1);
     expect(heroRes.purchased.ads).to.equal(true);
-    expect(heroRes.auth.blocked).to.equal(true);
     // test hero values
     await hero.sync();
     expect(hero.balance).to.equal(3 + 0.75); // 3+0.75 for first contrib level
     expect(hero.contributor.level).to.equal(1);
     expect(hero.purchased.ads).to.equal(true);
-    expect(hero.auth.blocked).to.equal(true);
-    expect(hero.preferences.sleep).to.equal(true);
+    expect(hero.auth.blocked).to.equal(prevBlockState);
+    expect(hero.preferences.sleep).to.equal(prevSleepState);
     expect(hero.notifications.length).to.equal(1);
     expect(hero.notifications[0].type).to.equal('NEW_CONTRIBUTOR_LEVEL');
   });
 
+  it('block a user', async () => {
+    let hero = await generateUser();
+    let heroRes = await user.put(`/hall/heroes/${hero._id}`, {
+      auth: {blocked: true},
+      preferences: {sleep: true},
+    });
+
+    // test response values
+    expect(heroRes.auth.blocked).to.equal(true);
+    // test hero values
+    await hero.sync();
+    expect(hero.auth.blocked).to.equal(true);
+    expect(hero.preferences.sleep).to.equal(true);
+  });
+
+  it('unblock a user', async () => {
+    let hero = await generateUser();
+    let prevSleepState = hero.preferences.sleep;
+    let heroRes = await user.put(`/hall/heroes/${hero._id}`, {
+      auth: {blocked: false},
+    });
+
+    // test response values
+    expect(heroRes.auth.blocked).to.equal(false);
+    // test hero values
+    await hero.sync();
+    expect(hero.auth.blocked).to.equal(false);
+    expect(hero.preferences.sleep).to.equal(prevSleepState);
+  });
+
   it('updates chatRevoked flag', async () => {
     let hero = await generateUser();
 

test/api/v3/integration/members/GET-members_id.test.js

@@ -37,7 +37,7 @@ describe('GET /members/:memberId', () => {
     expect(Object.keys(memberRes.auth)).to.eql(['timestamps']);
     expect(Object.keys(memberRes.preferences).sort()).to.eql([
       'size', 'hair', 'skin', 'shirt',
-      'chair', 'costume', 'sleep', 'background',
+      'chair', 'costume', 'sleep', 'background', 'tasks',
     ].sort());
 
     expect(memberRes.stats.maxMP).to.exist;

test/api/v3/integration/payments/amazon/GET-payments_amazon_subscribe_cancel.test.js

@@ -6,7 +6,7 @@ import {
 import amzLib from '../../../../../../website/server/libs/amazonPayments';
 
 describe('payments : amazon #subscribeCancel', () => {
-  let endpoint = '/amazon/subscribe/cancel';
+  let endpoint = '/amazon/subscribe/cancel?noRedirect=true';
   let user, group, amazonSubscribeCancelStub;
 
   beforeEach(async () => {
@@ -22,7 +22,7 @@ describe('payments : amazon #subscribeCancel', () => {
   });
 
   describe('success', () => {
-    beforeEach(async () => {
+    beforeEach(() => {
       amazonSubscribeCancelStub = sinon.stub(amzLib, 'cancelSubscription').returnsPromise().resolves({});
     });
 
@@ -66,7 +66,7 @@ describe('payments : amazon #subscribeCancel', () => {
         'purchased.plan.lastBillingDate': new Date(),
       });
 
-      await user.get(`${endpoint}?groupId=${group._id}`);
+      await user.get(`${endpoint}&groupId=${group._id}`);
 
       expect(amazonSubscribeCancelStub).to.be.calledOnce;
       expect(amazonSubscribeCancelStub.args[0][0].user._id).to.eql(user._id);

test/api/v3/integration/payments/apple/GET-payments_apple_cancelSubscribe.js

@@ -0,0 +1,41 @@
+import {generateUser} from '../../../../../helpers/api-integration/v3';
+import applePayments from '../../../../../../website/server/libs/applePayments';
+
+describe('payments : apple #cancelSubscribe', () => {
+  let endpoint = '/iap/ios/subscribe/cancel?noRedirect=true';
+  let user;
+
+  beforeEach(async () => {
+    user = await generateUser();
+  });
+
+  describe('success', () => {
+    let cancelStub;
+
+    beforeEach(async () => {
+      cancelStub = sinon.stub(applePayments, 'cancelSubscribe').returnsPromise().resolves({});
+    });
+
+    afterEach(() => {
+      applePayments.cancelSubscribe.restore();
+    });
+
+    it('cancels the subscription', async () => {
+      user = await generateUser({
+        'profile.name': 'sender',
+        'purchased.plan.paymentMethod': 'Apple',
+        'purchased.plan.customerId': 'customer-id',
+        'purchased.plan.planId': 'basic_3mo',
+        'purchased.plan.lastBillingDate': new Date(),
+        balance: 2,
+      });
+
+      await user.get(endpoint);
+
+      expect(cancelStub).to.be.calledOnce;
+      expect(cancelStub.args[0][0]._id).to.eql(user._id);
+      expect(cancelStub.args[0][1]['x-api-key']).to.eql(user.apiToken);
+      expect(cancelStub.args[0][1]['x-api-user']).to.eql(user._id);
+    });
+  });
+});

test/api/v3/integration/payments/apple/POST-payments_apple_verifyiap.js

@@ -0,0 +1,40 @@
+import {generateUser} from '../../../../../helpers/api-integration/v3';
+import applePayments from '../../../../../../website/server/libs/applePayments';
+
+describe('payments : apple #verify', () => {
+  let endpoint = '/iap/ios/verify';
+  let user;
+
+  beforeEach(async () => {
+    user = await generateUser();
+  });
+
+  describe('success', () => {
+    let verifyStub;
+
+    beforeEach(async () => {
+      verifyStub = sinon.stub(applePayments, 'verifyGemPurchase').returnsPromise().resolves({});
+    });
+
+    afterEach(() => {
+      applePayments.verifyGemPurchase.restore();
+    });
+
+    it('makes a purchase', async () => {
+      user = await generateUser({
+        balance: 2,
+      });
+
+      await user.post(endpoint, {
+      transaction: {
+        receipt: 'receipt',
+      }});
+
+      expect(verifyStub).to.be.calledOnce;
+      expect(verifyStub.args[0][0]._id).to.eql(user._id);
+      expect(verifyStub.args[0][1]).to.eql('receipt');
+      expect(verifyStub.args[0][2]['x-api-key']).to.eql(user.apiToken);
+      expect(verifyStub.args[0][2]['x-api-user']).to.eql(user._id);
+    });
+  });
+});

test/api/v3/integration/payments/apple/POST-payments_google_subscribe.test.js

@@ -0,0 +1,55 @@
+import {generateUser, translate as t} from '../../../../../helpers/api-integration/v3';
+import applePayments from '../../../../../../website/server/libs/applePayments';
+
+describe('payments : apple #subscribe', () => {
+  let endpoint = '/iap/ios/subscribe';
+  let user;
+
+  beforeEach(async () => {
+    user = await generateUser();
+  });
+
+  it('verifies sub key', async () => {
+    await expect(user.post(endpoint)).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('missingSubscriptionCode'),
+    });
+  });
+
+  describe('success', () => {
+    let subscribeStub;
+
+    beforeEach(async () => {
+      subscribeStub = sinon.stub(applePayments, 'subscribe').returnsPromise().resolves({});
+    });
+
+    afterEach(() => {
+      applePayments.subscribe.restore();
+    });
+
+    it('makes a purchase', async () => {
+      user = await generateUser({
+        'profile.name': 'sender',
+        'purchased.plan.customerId': 'customer-id',
+        'purchased.plan.planId': 'basic_3mo',
+        'purchased.plan.lastBillingDate': new Date(),
+        balance: 2,
+      });
+
+      let sku = 'com.habitrpg.ios.habitica.subscription.3month';
+
+      await user.post(endpoint, {
+        sku,
+        receipt: 'receipt',
+      });
+
+      expect(subscribeStub).to.be.calledOnce;
+      expect(subscribeStub.args[0][0]).to.eql(sku);
+      expect(subscribeStub.args[0][1]._id).to.eql(user._id);
+      expect(subscribeStub.args[0][2]).to.eql('receipt');
+      expect(subscribeStub.args[0][3]['x-api-key']).to.eql(user.apiToken);
+      expect(subscribeStub.args[0][3]['x-api-user']).to.eql(user._id);
+    });
+  });
+});

test/api/v3/integration/payments/google/GET-payments_google_cancelSubscribe.js

@@ -2,7 +2,7 @@ import {generateUser} from '../../../../../helpers/api-integration/v3';
 import googlePayments from '../../../../../../website/server/libs/googlePayments';
 
 describe('payments : google #cancelSubscribe', () => {
-  let endpoint = '/iap/android/subscribe/cancel';
+  let endpoint = '/iap/android/subscribe/cancel?noRedirect=true';
   let user;
 
   beforeEach(async () => {
@@ -23,6 +23,7 @@ describe('payments : google #cancelSubscribe', () => {
     it('makes a purchase', async () => {
       user = await generateUser({
         'profile.name': 'sender',
+        'purchased.plan.paymentMethod': 'Google',
         'purchased.plan.customerId': 'customer-id',
         'purchased.plan.planId': 'basic_3mo',
         'purchased.plan.lastBillingDate': new Date(),

test/api/v3/integration/payments/paypal/GET-payments_paypal_checkout.test.js

@@ -31,7 +31,7 @@ describe('payments : paypal #checkout', () => {
         balance: 2,
       });
 
-      await user.get(endpoint);
+      await user.get(`${endpoint}?noRedirect=true`);
 
       expect(checkoutStub).to.be.calledOnce;
       expect(checkoutStub.args[0][0].gift).to.eql(undefined);

test/api/v3/integration/payments/paypal/GET-payments_paypal_checkout_success.test.js

@@ -53,7 +53,7 @@ describe('payments : paypal #checkoutSuccess', () => {
         balance: 2,
       });
 
-      await user.get(`${endpoint}?PayerID=${customerId}&paymentId=${paymentId}`);
+      await user.get(`${endpoint}?PayerID=${customerId}&paymentId=${paymentId}&noRedirect=true`);
 
       expect(checkoutSuccessStub).to.be.calledOnce;
 

test/api/v3/integration/payments/paypal/GET-payments_paypal_subscribe.test.js

@@ -44,7 +44,7 @@ describe('payments : paypal #subscribe', () => {
         balance: 2,
       });
 
-      await user.get(`${endpoint}?sub=${subKey}`);
+      await user.get(`${endpoint}?sub=${subKey}&noRedirect=true`);
 
       expect(subscribeStub).to.be.calledOnce;
 

test/api/v3/integration/payments/paypal/GET-payments_paypal_subscribe_cancel.test.js

@@ -41,7 +41,7 @@ describe('payments : paypal #subscribeCancel', () => {
         balance: 2,
       });
 
-      await user.get(endpoint);
+      await user.get(`${endpoint}?noRedirect=true`);
 
       expect(subscribeCancelStub).to.be.calledOnce;
 

test/api/v3/integration/payments/paypal/GET-payments_paypal_subscribe_success.test.js

@@ -42,7 +42,7 @@ describe('payments : paypal #subscribeSuccess', () => {
         balance: 2,
       });
 
-      await user.get(`${endpoint}?token=${token}`);
+      await user.get(`${endpoint}?token=${token}&noRedirect=true`);
 
       expect(subscribeSuccessStub).to.be.calledOnce;
 

test/api/v3/integration/payments/stripe/GET-payments_stripe_subscribe_cancel.test.js

@@ -6,7 +6,7 @@ import {
 import stripePayments from '../../../../../../website/server/libs/stripePayments';
 
 describe('payments - stripe - #subscribeCancel', () => {
-  let endpoint = '/stripe/subscribe/cancel';
+  let endpoint = '/stripe/subscribe/cancel?redirect=none';
   let user, group, stripeCancelSubscriptionStub;
 
   beforeEach(async () => {
@@ -39,7 +39,7 @@ describe('payments - stripe - #subscribeCancel', () => {
         balance: 2,
       });
 
-      await user.get(`${endpoint}?redirect=none`);
+      await user.get(`${endpoint}`);
 
       expect(stripeCancelSubscriptionStub).to.be.calledOnce;
       expect(stripeCancelSubscriptionStub.args[0][0].user._id).to.eql(user._id);
@@ -64,7 +64,7 @@ describe('payments - stripe - #subscribeCancel', () => {
         'purchased.plan.lastBillingDate': new Date(),
       });
 
-      await user.get(`${endpoint}?groupId=${group._id}&redirect=none`);
+      await user.get(`${endpoint}&groupId=${group._id}`);
 
       expect(stripeCancelSubscriptionStub).to.be.calledOnce;
       expect(stripeCancelSubscriptionStub.args[0][0].user._id).to.eql(user._id);

test/api/v3/integration/tasks/POST-tasks_id_score_direction.test.js

@@ -208,6 +208,20 @@ describe('POST /tasks/:id/score/:direction', () => {
       expect(task.completed).to.equal(false);
     });
 
+    it('computes isDue', async () => {
+      await user.post(`/tasks/${daily._id}/score/up`);
+      let task = await user.get(`/tasks/${daily._id}`);
+
+      expect(task.isDue).to.equal(true);
+    });
+
+    it('computes nextDue', async () => {
+      await user.post(`/tasks/${daily._id}/score/up`);
+      let task = await user.get(`/tasks/${daily._id}`);
+
+      expect(task.nextDue.length).to.eql(6);
+    });
+
     it('scores up daily even if it is already completed'); // Yes?
 
     it('scores down daily even if it is already uncompleted'); // Yes?
@@ -315,6 +329,30 @@ describe('POST /tasks/:id/score/:direction', () => {
 
       expect(updatedUser.stats.gp).to.be.greaterThan(user.stats.gp);
     });
+
+    it('adds score notes to task', async () => {
+      let scoreNotesString = 'test-notes';
+
+      await user.post(`/tasks/${habit._id}/score/up`, {
+        scoreNotes: scoreNotesString,
+      });
+      let updatedTask = await user.get(`/tasks/${habit._id}`);
+
+      expect(updatedTask.history[0].scoreNotes).to.eql(scoreNotesString);
+    });
+
+    it('errors when score notes are too large', async () => {
+      let scoreNotesString = new Array(258).join('a');
+
+      await expect(user.post(`/tasks/${habit._id}/score/up`, {
+        scoreNotes: scoreNotesString,
+      }))
+      .to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('taskScoreNotesTooLong'),
+      });
+    });
   });
 
   context('reward', () => {

test/api/v3/integration/tasks/POST-tasks_user.test.js

@@ -496,6 +496,8 @@ describe('POST /tasks/user', () => {
         frequency: 'daily',
         everyX: 5,
         startDate: now,
+        daysOfMonth: [15],
+        weeksOfMonth: [3],
       });
 
       expect(task.userId).to.equal(user._id);
@@ -504,7 +506,11 @@ describe('POST /tasks/user', () => {
       expect(task.type).to.eql('daily');
       expect(task.frequency).to.eql('daily');
       expect(task.everyX).to.eql(5);
+      expect(task.daysOfMonth).to.eql([15]);
+      expect(task.weeksOfMonth).to.eql([3]);
       expect(new Date(task.startDate)).to.eql(now);
+      expect(task.isDue).to.be.true;
+      expect(task.nextDue.length).to.eql(6);
     });
 
     it('creates multiple dailys', async () => {

test/api/v3/integration/tasks/PUT-tasks_id.test.js

@@ -1,3 +1,4 @@
+import moment from 'moment';
 import {
   generateUser,
   generateGroup,
@@ -395,12 +396,15 @@ describe('PUT /tasks/:id', () => {
         notes: 'some new notes',
         frequency: 'daily',
         everyX: 5,
+        startDate: moment().add(1, 'days').toDate(),
       });
 
       expect(savedDaily.text).to.eql('some new text');
       expect(savedDaily.notes).to.eql('some new notes');
       expect(savedDaily.frequency).to.eql('daily');
       expect(savedDaily.everyX).to.eql(5);
+      expect(savedDaily.isDue).to.be.false;
+      expect(savedDaily.nextDue.length).to.eql(6);
     });
 
     it('can update checklists (replace it)', async () => {

test/api/v3/integration/tasks/groups/DELETE-group_tasks_id.test.js

@@ -4,7 +4,7 @@ import {
 } from '../../../../../helpers/api-integration/v3';
 import { find } from 'lodash';
 
-describe('DELETE /tasks/:id', () => {
+describe('Groups DELETE /tasks/:id', () => {
   let user, guild, member, member2, task;
 
   function findAssignedTask (memberTask) {
@@ -48,6 +48,21 @@ describe('DELETE /tasks/:id', () => {
       });
   });
 
+  it('allows a manager to delete a group task', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+
+    await member2.del(`/tasks/${task._id}`);
+
+    await expect(user.get(`/tasks/${task._id}`))
+      .to.eventually.be.rejected.and.eql({
+        code: 404,
+        error: 'NotFound',
+        message: t('taskNotFound'),
+      });
+  });
+
   it('unlinks assigned user', async () => {
     await user.del(`/tasks/${task._id}`);
 

test/api/v3/integration/tasks/groups/GET-approvals_group_id.test.js

@@ -55,4 +55,13 @@ describe('GET /approvals/group/:groupId', () => {
     let approvals = await user.get(`/approvals/group/${guild._id}`);
     expect(approvals[0]._id).to.equal(syncedTask._id);
   });
+
+  it('allows managers to get a list of task that need approval', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member._id,
+    });
+
+    let approvals = await member.get(`/approvals/group/${guild._id}`);
+    expect(approvals[0]._id).to.equal(syncedTask._id);
+  });
 });

test/api/v3/integration/tasks/groups/POST-group_tasks_id_approve_userId.test.js

@@ -5,7 +5,7 @@ import {
 import { find } from 'lodash';
 
 describe('POST /tasks/:id/approve/:userId', () => {
-  let user, guild, member, task;
+  let user, guild, member, member2, task;
 
   function findAssignedTask (memberTask) {
     return memberTask.group.id === guild._id;
@@ -17,12 +17,13 @@ describe('POST /tasks/:id/approve/:userId', () => {
         name: 'Test Guild',
         type: 'guild',
       },
-      members: 1,
+      members: 2,
     });
 
     guild = group;
     user = groupLeader;
     member = members[0];
+    member2 = members[1];
 
     task = await user.post(`/tasks/group/${guild._id}`, {
       text: 'test todo',
@@ -69,4 +70,74 @@ describe('POST /tasks/:id/approve/:userId', () => {
     expect(syncedTask.group.approval.approvingUser).to.equal(user._id);
     expect(syncedTask.group.approval.dateApproved).to.be.a('string'); // date gets converted to a string as json doesn't have a Date type
   });
+
+  it('allows a manager to approve an assigned user', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+
+    await member2.post(`/tasks/${task._id}/assign/${member._id}`);
+    await member2.post(`/tasks/${task._id}/approve/${member._id}`);
+
+    let memberTasks = await member.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+
+    await member.sync();
+
+    expect(member.notifications.length).to.equal(2);
+    expect(member.notifications[0].type).to.equal('GROUP_TASK_APPROVED');
+    expect(member.notifications[0].data.message).to.equal(t('yourTaskHasBeenApproved', {taskText: task.text}));
+    expect(member.notifications[1].type).to.equal('SCORED_TASK');
+    expect(member.notifications[1].data.message).to.equal(t('yourTaskHasBeenApproved', {taskText: task.text}));
+
+    expect(syncedTask.group.approval.approved).to.be.true;
+    expect(syncedTask.group.approval.approvingUser).to.equal(member2._id);
+    expect(syncedTask.group.approval.dateApproved).to.be.a('string'); // date gets converted to a string as json doesn't have a Date type
+  });
+
+  it('removes approval pending notifications from managers', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+
+    await member2.post(`/tasks/${task._id}/assign/${member._id}`);
+    let memberTasks = await member.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+    await expect(member.post(`/tasks/${syncedTask._id}/score/up`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('taskApprovalHasBeenRequested'),
+      });
+
+    await user.sync();
+    await member2.sync();
+    expect(user.notifications.length).to.equal(2);
+    expect(user.notifications[1].type).to.equal('GROUP_TASK_APPROVAL');
+    expect(member2.notifications.length).to.equal(1);
+    expect(member2.notifications[0].type).to.equal('GROUP_TASK_APPROVAL');
+
+    await member2.post(`/tasks/${task._id}/approve/${member._id}`);
+
+    await user.sync();
+    await member2.sync();
+
+    expect(user.notifications.length).to.equal(1);
+    expect(member2.notifications.length).to.equal(0);
+  });
+
+  it('prevents double approval on a task', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+
+    await member2.post(`/tasks/${task._id}/assign/${member._id}`);
+    await member2.post(`/tasks/${task._id}/approve/${member._id}`);
+    await expect(user.post(`/tasks/${task._id}/approve/${member._id}`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('canOnlyApproveTaskOnce'),
+      });
+  });
 });

test/api/v3/integration/tasks/groups/POST-group_tasks_id_score_direction.test.js

@@ -5,7 +5,7 @@ import {
 import { find } from 'lodash';
 
 describe('POST /tasks/:id/score/:direction', () => {
-  let user, guild, member, task;
+  let user, guild, member, member2, task;
 
   function findAssignedTask (memberTask) {
     return memberTask.group.id === guild._id;
@@ -17,12 +17,13 @@ describe('POST /tasks/:id/score/:direction', () => {
         name: 'Test Guild',
         type: 'guild',
       },
-      members: 1,
+      members: 2,
     });
 
     guild = group;
     user = groupLeader;
     member = members[0];
+    member2 = members[1];
 
     task = await user.post(`/tasks/group/${guild._id}`, {
       text: 'test todo',
@@ -51,18 +52,55 @@ describe('POST /tasks/:id/score/:direction', () => {
 
     await user.sync();
 
-    expect(user.notifications.length).to.equal(1);
-    expect(user.notifications[0].type).to.equal('GROUP_TASK_APPROVAL');
-    expect(user.notifications[0].data.message).to.equal(t('userHasRequestedTaskApproval', {
+    expect(user.notifications.length).to.equal(2);
+    expect(user.notifications[1].type).to.equal('GROUP_TASK_APPROVAL');
+    expect(user.notifications[1].data.message).to.equal(t('userHasRequestedTaskApproval', {
       user: member.auth.local.username,
       taskName: updatedTask.text,
+      taskId: updatedTask._id,
     }, 'cs')); // This test only works if we have the notification translated
-    expect(user.notifications[0].data.groupId).to.equal(guild._id);
+    expect(user.notifications[1].data.groupId).to.equal(guild._id);
 
     expect(updatedTask.group.approval.requested).to.equal(true);
     expect(updatedTask.group.approval.requestedDate).to.be.a('string'); // date gets converted to a string as json doesn't have a Date type
   });
 
+  it('sends notifications to all managers', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+    let memberTasks = await member.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+
+    await expect(member.post(`/tasks/${syncedTask._id}/score/up`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('taskApprovalHasBeenRequested'),
+      });
+    let updatedTask = await member.get(`/tasks/${syncedTask._id}`);
+    await user.sync();
+    await member2.sync();
+
+    expect(user.notifications.length).to.equal(2);
+    expect(user.notifications[1].type).to.equal('GROUP_TASK_APPROVAL');
+    expect(user.notifications[1].data.message).to.equal(t('userHasRequestedTaskApproval', {
+      user: member.auth.local.username,
+      taskName: updatedTask.text,
+      taskId: updatedTask._id,
+    }));
+    expect(user.notifications[1].data.groupId).to.equal(guild._id);
+
+    expect(member2.notifications.length).to.equal(1);
+    expect(member2.notifications[0].type).to.equal('GROUP_TASK_APPROVAL');
+    expect(member2.notifications[0].data.message).to.equal(t('userHasRequestedTaskApproval', {
+      user: member.auth.local.username,
+      taskName: updatedTask.text,
+      taskId: updatedTask._id,
+    }));
+    expect(member2.notifications[0].data.groupId).to.equal(guild._id);
+  });
+
   it('errors when approval has already been requested', async () => {
     let memberTasks = await member.get('/tasks/user');
     let syncedTask = find(memberTasks, findAssignedTask);

test/api/v3/integration/tasks/groups/POST-tasks_group_id.test.js

@@ -1,16 +1,29 @@
 import {
   generateUser,
-  generateGroup,
+  createAndPopulateGroup,
   translate as t,
 } from '../../../../../helpers/api-v3-integration.helper';
 import { v4 as generateUUID } from 'uuid';
 
 describe('POST /tasks/group/:groupid', () => {
-  let user, guild;
+  let user, guild, manager;
+  let groupName = 'Test Public Guild';
+  let groupType = 'guild';
 
   beforeEach(async () => {
     user = await generateUser({balance: 1});
-    guild = await generateGroup(user, {type: 'guild'});
+    let { group, groupLeader, members } = await createAndPopulateGroup({
+      groupDetails: {
+        name: groupName,
+        type: groupType,
+        privacy: 'private',
+      },
+      members: 1,
+    });
+
+    guild = group;
+    user = groupLeader;
+    manager = members[0];
   });
 
   it('returns error when group is not found', async () => {
@@ -116,4 +129,27 @@ describe('POST /tasks/group/:groupid', () => {
     expect(task.everyX).to.eql(5);
     expect(new Date(task.startDate)).to.eql(now);
   });
+
+  it('allows a manager to add a group task', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: manager._id,
+    });
+
+    let task = await manager.post(`/tasks/group/${guild._id}`, {
+      text: 'test habit',
+      type: 'habit',
+      up: false,
+      down: true,
+      notes: 1976,
+    });
+
+    let groupTask = await manager.get(`/tasks/group/${guild._id}`);
+
+    expect(groupTask[0].group.id).to.equal(guild._id);
+    expect(task.text).to.eql('test habit');
+    expect(task.notes).to.eql('1976');
+    expect(task.type).to.eql('habit');
+    expect(task.up).to.eql(false);
+    expect(task.down).to.eql(true);
+  });
 });

test/api/v3/integration/tasks/groups/POST-tasks_group_id_assign_user_id.test.js

@@ -6,7 +6,7 @@ import {
 import { v4 as generateUUID } from 'uuid';
 import { find } from 'lodash';
 
-describe('POST /tasks/:taskId', () => {
+describe('POST /tasks/:taskId/assign/:memberId', () => {
   let user, guild, member, member2, task;
 
   function findAssignedTask (memberTask) {
@@ -130,4 +130,19 @@ describe('POST /tasks/:taskId', () => {
     expect(member1SyncedTask).to.exist;
     expect(member2SyncedTask).to.exist;
   });
+
+  it('allows a manager to assign tasks', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+
+    await member2.post(`/tasks/${task._id}/assign/${member._id}`);
+
+    let groupTask = await member2.get(`/tasks/group/${guild._id}`);
+    let memberTasks = await member.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+
+    expect(groupTask[0].group.assignedUsers).to.contain(member._id);
+    expect(syncedTask).to.exist;
+  });
 });

test/api/v3/integration/tasks/groups/POST-tasks_task_id_unassign.test.js

@@ -114,4 +114,19 @@ describe('POST /tasks/:taskId/unassign/:memberId', () => {
     expect(groupTask[0].group.assignedUsers).to.contain(member2._id);
     expect(member2SyncedTask).to.exist;
   });
+
+  it('allows a manager to unassign a user from a task', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+
+    await member2.post(`/tasks/${task._id}/unassign/${member._id}`);
+
+    let groupTask = await member2.get(`/tasks/group/${guild._id}`);
+    let memberTasks = await member.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+
+    expect(groupTask[0].group.assignedUsers).to.not.contain(member._id);
+    expect(syncedTask).to.not.exist;
+  });
 });

test/api/v3/integration/tasks/groups/PUT-group_task_id.test.js

@@ -89,4 +89,25 @@ describe('PUT /tasks/:id', () => {
     expect(member2SyncedTask.up).to.eql(false);
     expect(member2SyncedTask.down).to.eql(false);
   });
+
+  it('updates the linked tasks', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+
+    await member2.put(`/tasks/${task._id}`, {
+      text: 'some new text',
+      up: false,
+      down: false,
+      notes: 'some new notes',
+    });
+
+
+    let memberTasks = await member.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+
+    expect(syncedTask.text).to.eql('some new text');
+    expect(syncedTask.up).to.eql(false);
+    expect(syncedTask.down).to.eql(false);
+  });
 });

test/api/v3/integration/user/DELETE-user.test.js

@@ -3,6 +3,7 @@ import {
   createAndPopulateGroup,
   generateGroup,
   generateUser,
+  generateChallenge,
   translate as t,
 } from '../../../../helpers/api-integration/v3';
 import {
@@ -64,6 +65,30 @@ describe('DELETE /user', () => {
     }));
   });
 
+  it('reduces memberCount in challenges user is linked to', async () => {
+    let populatedGroup = await createAndPopulateGroup({
+      members: 2,
+    });
+
+    let group = populatedGroup.group;
+    let authorizedUser = populatedGroup.members[1];
+
+    let challenge = await generateChallenge(populatedGroup.groupLeader, group);
+    await authorizedUser.post(`/challenges/${challenge._id}/join`);
+
+    await challenge.sync();
+
+    expect(challenge.memberCount).to.eql(2);
+
+    await authorizedUser.del('/user', {
+      password,
+    });
+
+    await challenge.sync();
+
+    expect(challenge.memberCount).to.eql(1);
+  });
+
   it('deletes the user', async () => {
     await user.del('/user', {
       password,

test/api/v3/integration/user/auth/GET-auth_reset-password-set-new-one.js

@@ -0,0 +1,140 @@
+import {
+  encrypt,
+} from '../../../../../../website/server/libs/encryption';
+import moment from 'moment';
+import {
+  generateUser,
+} from '../../../../../helpers/api-integration/v3';
+import superagent from 'superagent';
+import nconf from 'nconf';
+
+const API_TEST_SERVER_PORT = nconf.get('PORT');
+
+describe('GET /user/auth/local/reset-password-set-new-one', () => {
+  let endpoint = `http://localhost:${API_TEST_SERVER_PORT}/static/user/auth/local/reset-password-set-new-one`;
+
+  // Tests to validate the validatePasswordResetCodeAndFindUser function
+
+  it('renders an error page if the code is missing', async () => {
+    try {
+      await superagent.get(endpoint);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the code is invalid json', async () => {
+    try {
+      await superagent.get(`${endpoint}?code=invalid`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the code cannot be decrypted', async () => {
+    let user = await generateUser();
+
+    try {
+      let code = JSON.stringify({ // not encrypted
+        userId: user._id,
+        expiresAt: new Date(),
+      });
+      await superagent.get(`${endpoint}?code=${code}`);
+
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the code is expired', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().subtract({minutes: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': code,
+    });
+
+    try {
+      await superagent.get(`${endpoint}?code=${code}`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the user does not exist', async () => {
+    let code = encrypt(JSON.stringify({
+      userId: Date.now().toString(),
+      expiresAt: moment().add({days: 1}),
+    }));
+
+    try {
+      await superagent.get(`${endpoint}?code=${code}`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the user has no local auth', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      auth: 'not an object with valid fields',
+    });
+
+    try {
+      await superagent.get(`${endpoint}?code=${code}`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the code doesn\'t match the one saved at user.auth.passwordResetCode', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': 'invalid',
+    });
+
+    try {
+      await superagent.get(`${endpoint}?code=${code}`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  //
+
+  it('returns the password reset page if the password reset code is valid', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': code,
+    });
+
+    let res = await superagent.get(`${endpoint}?code=${code}`);
+    expect(res.status).to.equal(200);
+  });
+});
+

test/api/v3/integration/user/auth/POST-auth_reset-password-set-new-one.js

@@ -0,0 +1,267 @@
+import {
+  encrypt,
+} from '../../../../../../website/server/libs/encryption';
+import {
+  compare,
+  bcryptCompare,
+  sha1MakeSalt,
+  sha1Encrypt as sha1EncryptPassword,
+} from '../../../../../../website/server/libs/password';
+import moment from 'moment';
+import {
+  generateUser,
+} from '../../../../../helpers/api-integration/v3';
+import superagent from 'superagent';
+import nconf from 'nconf';
+
+const API_TEST_SERVER_PORT = nconf.get('PORT');
+
+describe('POST /user/auth/local/reset-password-set-new-one', () => {
+  let endpoint = `http://localhost:${API_TEST_SERVER_PORT}/static/user/auth/local/reset-password-set-new-one`;
+
+  // Tests to validate the validatePasswordResetCodeAndFindUser function
+
+  it('renders an error page if the code is missing', async () => {
+    try {
+      await superagent.post(endpoint);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the code is invalid json', async () => {
+    try {
+      await superagent.post(`${endpoint}?code=invalid`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the code cannot be decrypted', async () => {
+    let user = await generateUser();
+
+    try {
+      let code = JSON.stringify({ // not encrypted
+        userId: user._id,
+        expiresAt: new Date(),
+      });
+      await superagent.post(`${endpoint}?code=${code}`);
+
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the code is expired', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().subtract({minutes: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': code,
+    });
+
+    try {
+      await superagent.post(`${endpoint}?code=${code}`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the user does not exist', async () => {
+    let code = encrypt(JSON.stringify({
+      userId: Date.now().toString(),
+      expiresAt: moment().add({days: 1}),
+    }));
+
+    try {
+      await superagent.post(`${endpoint}?code=${code}`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the user has no local auth', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      auth: 'not an object with valid fields',
+    });
+
+    try {
+      await superagent.post(`${endpoint}?code=${code}`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the code doesn\'t match the one saved at user.auth.passwordResetCode', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': 'invalid',
+    });
+
+    try {
+      await superagent.post(`${endpoint}?code=${code}`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  //
+
+  it('renders the error page if the new password is missing', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': code,
+    });
+
+    try {
+      await superagent.post(`${endpoint}?code=${code}`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders the error page if the password confirmation is missing', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': code,
+    });
+
+    try {
+      await superagent
+        .post(`${endpoint}?code=${code}`)
+        .send({newPassword: 'my new password'});
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders the error page if the password confirmation does not match', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': code,
+    });
+
+    try {
+      await superagent
+        .post(`${endpoint}?code=${code}`)
+        .send({
+          newPassword: 'my new password',
+          confirmPassword: 'not matching',
+        });
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders the success page and save the user', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': code,
+    });
+
+    let res = await superagent
+      .post(`${endpoint}?code=${code}`)
+      .send({
+        newPassword: 'my new password',
+        confirmPassword: 'my new password',
+      });
+
+    expect(res.status).to.equal(200);
+
+    await user.sync();
+    expect(user.auth.local.passwordResetCode).to.equal(undefined);
+    expect(user.auth.local.passwordHashMethod).to.equal('bcrypt');
+    expect(user.auth.local.salt).to.be.undefined;
+    let isPassValid = await compare(user, 'my new password');
+    expect(isPassValid).to.equal(true);
+  });
+
+  it('renders the success page and convert the password from sha1 to bcrypt', async () => {
+    let user = await generateUser();
+
+    let textPassword = 'mySecretPassword';
+    let salt = sha1MakeSalt();
+    let sha1HashedPassword = sha1EncryptPassword(textPassword, salt);
+
+    await user.update({
+      'auth.local.hashed_password': sha1HashedPassword,
+      'auth.local.passwordHashMethod': 'sha1',
+      'auth.local.salt': salt,
+    });
+
+    await user.sync();
+    expect(user.auth.local.passwordHashMethod).to.equal('sha1');
+    expect(user.auth.local.salt).to.equal(salt);
+    expect(user.auth.local.hashed_password).to.equal(sha1HashedPassword);
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': code,
+    });
+
+    let res = await superagent
+      .post(`${endpoint}?code=${code}`)
+      .send({
+        newPassword: 'my new password',
+        confirmPassword: 'my new password',
+      });
+
+    expect(res.status).to.equal(200);
+
+    await user.sync();
+    expect(user.auth.local.passwordResetCode).to.equal(undefined);
+    expect(user.auth.local.passwordHashMethod).to.equal('bcrypt');
+    expect(user.auth.local.salt).to.be.undefined;
+    expect(user.auth.local.hashed_password).not.to.equal(sha1HashedPassword);
+
+    let isValidPassword = await bcryptCompare('my new password', user.auth.local.hashed_password);
+    expect(isValidPassword).to.equal(true);
+  });
+});