4.27.0

* feat(world-boss): barebones API

* fix(world): use Express respond for better JSON

* fix(api): respond with code 200

* feat(content): canonical Dysheartener desc and Rage

* fix(world-boss): enable progress

* WIP(test): world state API

* WIP(test): refactor world boss setup

* WIP(test): better expectations

* fix(test): more expect polishing

* feat(event): server side World Boss

* fix(strings): accidental deletion

* fix(content): include encouragement after Rage

* refactor(world-boss): address comments

.travis.yml

@@ -1,36 +1,27 @@
 language: node_js
 node_js:
   - '6'
-sudo: required
-dist: precise
 services:
   - mongodb
-addons:
-  apt:
-    sources:
-      - ubuntu-toolchain-r-test
-    packages:
-      - g++-4.8
+cache:
+  directories:
+    - 'node_modules'
 before_install:
-  - $CXX --version
   - npm install -g npm@5
-  - if [ $REQUIRES_SERVER ]; then sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10; echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | sudo tee /etc/apt/sources.list.d/mongodb.list; sudo apt-get update; sudo apt-get install mongodb-org-server; fi
-install:
-  - npm install &> npm.install.log || (cat npm.install.log; false)
 before_script:
   - npm run test:build
   - cp config.json.example config.json
-  - sleep 15
+  - sleep 5
 script:
   - npm run $TEST
   - if [ $COVERAGE ]; then ./node_modules/.bin/lcov-result-merger 'coverage/**/*.info' | ./node_modules/coveralls/bin/coveralls.js; fi
 env:
   global:
-    - CXX=g++-4.8
     - DISABLE_REQUEST_LOGGING=true
   matrix:
     - TEST="lint"
-    - TEST="test:api-v3" REQUIRES_SERVER=true COVERAGE=true
+    - TEST="test:api-v3:unit" REQUIRES_SERVER=true COVERAGE=true
+    - TEST="test:api-v3:integration" REQUIRES_SERVER=true COVERAGE=true
     - TEST="test:sanity"
     - TEST="test:content" COVERAGE=true
     - TEST="test:common" COVERAGE=true

Dockerfile-Production

@@ -15,12 +15,12 @@ ENV STRIPE_PUB_KEY pk_85fQ0yMECHNfHTSsZoxZXlPSwSNfA
 # The used solution is suggested here https://github.com/npm/npm/issues/16807#issuecomment-313591975
 RUN yarn global add npm@5
 # Install global packages
-RUN npm install -g gulp mocha
+RUN npm install -g gulp-cli mocha
 
 # Clone Habitica repo and install dependencies
 RUN mkdir -p /usr/src/habitrpg
 WORKDIR /usr/src/habitrpg
-RUN git clone --branch v4.11.0 https://github.com/HabitRPG/habitica.git /usr/src/habitrpg
+RUN git clone --branch v4.26.3 https://github.com/HabitRPG/habitica.git /usr/src/habitrpg
 RUN npm install
 RUN gulp build:prod --force
 

Vagrantfile.example

@@ -16,5 +16,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   config.vm.hostname = "habitrpg"
   config.vm.network "forwarded_port", guest: 3000, host: 3000, auto_correct: true
   config.vm.usable_port_range = (3000..3050)
+  config.vm.network "forwarded_port", guest: 8080, host: 8080, auto_correct: true
+  config.vm.usable_port_range = (8080..8130)
   config.vm.provision :shell, :path => "vagrant_scripts/vagrant.sh"
 end

config.json.example

@@ -22,6 +22,8 @@
     "CRON_SEMI_SAFE_MODE":"false",
     "MAINTENANCE_MODE": "false",
     "SESSION_SECRET":"YOUR SECRET HERE",
+    "SESSION_SECRET_KEY": "1234567891234567891234567891234567891234567891234567891234567891",
+    "SESSION_SECRET_IV": "12345678912345678912345678912345",
     "ADMIN_EMAIL": "you@example.com",
     "SMTP_USER":"user@example.com",
     "SMTP_PASS":"password",
@@ -71,6 +73,7 @@
     },
     "IAP_GOOGLE_KEYDIR": "/path/to/google/public/key/dir/",
     "LOGGLY_TOKEN": "token",
+    "LOGGLY_CLIENT_TOKEN": "token",
     "LOGGLY_ACCOUNT": "account",
     "PUSH_CONFIGS": {
         "GCM_SERVER_API_KEY": "",

docker-compose.dev.yml

@@ -1,3 +1,10 @@
-web:
-  volumes:
-    - '.:/usr/src/habitrpg'
+version: "3"
+services:
+
+  client:
+    volumes:
+      - '.:/usr/src/habitrpg'
+
+  server:
+    volumes:
+      - '.:/usr/src/habitrpg'

docker-compose.yml

@@ -1,13 +1,36 @@
-web:
-  build: .
-  ports:
-    - "3000:3000"
-  links:
-    - mongo
-  environment:
-    - NODE_DB_URI=mongodb://mongo/habitrpg
+version: "3"
+services:
 
-mongo:
-  image: mongo
-  ports:
-    - "27017:27017"
+  client:
+    build: .
+    networks:
+      - habitica
+    environment:
+      - BASE_URL=http://server:3000
+    ports:
+        - "8080:8080"
+    command: ["npm", "run", "client:dev"]
+    depends_on:
+      - server
+
+  server:
+    build: .
+    ports:
+      - "3000:3000"
+    networks:
+      - habitica
+    environment:
+      - NODE_DB_URI=mongodb://mongo/habitrpg
+    depends_on:
+      - mongo
+
+  mongo:
+    image: mongo
+    ports:
+      - "27017:27017"
+    networks:
+      - habitica
+
+networks:
+  habitica:
+    driver: bridge

gulp/gulp-apidoc.js

@@ -8,7 +8,7 @@ gulp.task('apidoc:clean', (done) => {
   clean(APIDOC_DEST_PATH, done);
 });
 
-gulp.task('apidoc', ['apidoc:clean'], (done) => {
+gulp.task('apidoc', gulp.series('apidoc:clean', (done) => {
   let result = apidoc.createDoc({
     src: APIDOC_SRC_PATH,
     dest: APIDOC_DEST_PATH,
@@ -19,8 +19,8 @@ gulp.task('apidoc', ['apidoc:clean'], (done) => {
   } else {
     done();
   }
-});
+}));
 
-gulp.task('apidoc:watch', ['apidoc'], () => {
-  return gulp.watch(`${APIDOC_SRC_PATH}/**/*.js`, ['apidoc']);
-});
+gulp.task('apidoc:watch', gulp.series('apidoc', (done) => {
+  return gulp.watch(`${APIDOC_SRC_PATH}/**/*.js`, gulp.series('apidoc', done));
+}));

gulp/gulp-build.js

@@ -2,12 +2,6 @@ import gulp from 'gulp';
 import babel from 'gulp-babel';
 import webpackProductionBuild from '../webpack/build';
 
-gulp.task('build', () => {
-  if (process.env.NODE_ENV === 'production') { // eslint-disable-line no-process-env
-    gulp.start('build:prod');
-  }
-});
-
 gulp.task('build:src', () => {
   return gulp.src('website/server/**/*.js')
     .pipe(babel())
@@ -20,18 +14,30 @@ gulp.task('build:common', () => {
     .pipe(gulp.dest('website/common/transpiled-babel/'));
 });
 
-gulp.task('build:server', ['build:src', 'build:common']);
+gulp.task('build:server', gulp.series('build:src', 'build:common', done => done()));
 
 // Client Production Build
 gulp.task('build:client', (done) => {
   webpackProductionBuild((err, output) => {
     if (err) return done(err);
     console.log(output); // eslint-disable-line no-console
+    done();
   });
 });
 
-gulp.task('build:prod', [
+gulp.task('build:prod', gulp.series(
   'build:server',
   'build:client',
   'apidoc',
-]);
+  done => done()
+));
+
+let buildArgs = [];
+
+if (process.env.NODE_ENV === 'production') { // eslint-disable-line no-process-env
+  buildArgs.push('build:prod');
+}
+
+gulp.task('build', gulp.series(buildArgs, (done) => {
+  done();
+}));

gulp/gulp-console.js

@@ -1,5 +1,4 @@
 import mongoose from 'mongoose';
-import autoinc  from 'mongoose-id-autoinc';
 import logger  from '../website/server/libs/logger';
 import nconf    from 'nconf';
 import repl     from 'repl';
@@ -25,23 +24,23 @@ let improveRepl = (context) => {
 
   const isProd = nconf.get('NODE_ENV') === 'production';
   const mongooseOptions = !isProd ? {} : {
-    replset: { socketOptions: { keepAlive: 1, connectTimeoutMS: 30000 } },
-    server: { socketOptions: { keepAlive: 1, connectTimeoutMS: 30000 } },
+    keepAlive: 1,
+    connectTimeoutMS: 30000,
+    useMongoClient: true,
   };
-  autoinc.init(
-    mongoose.connect(
-      nconf.get('NODE_DB_URI'),
-      mongooseOptions,
-      (err) => {
-        if (err) throw err;
-        logger.info('Connected with Mongoose');
-      }
-    )
+  mongoose.connect(
+    nconf.get('NODE_DB_URI'),
+    mongooseOptions,
+    (err) => {
+      if (err) throw err;
+      logger.info('Connected with Mongoose');
+    }
   );
 };
 
-gulp.task('console', () => {
+gulp.task('console', (done) => {
   improveRepl(repl.start({
     prompt: 'Habitica > ',
   }).context);
+  done();
 });

gulp/gulp-sprites.js

@@ -7,6 +7,7 @@ import mergeStream from 'merge-stream';
 import {basename} from 'path';
 import {sync} from 'glob';
 import {each} from 'lodash';
+import vinylBuffer from 'vinyl-buffer';
 
 // https://github.com/Ensighten/grunt-spritesmith/issues/67#issuecomment-34786248
 const MAX_SPRITESHEET_SIZE = 1024 * 1024 * 3;
@@ -104,6 +105,7 @@ function createSpritesStream (name, src) {
       }));
 
     let imgStream = spriteData.img
+      .pipe(vinylBuffer())
       .pipe(imagemin())
       .pipe(gulp.dest(IMG_DIST_PATH));
 
@@ -117,8 +119,6 @@ function createSpritesStream (name, src) {
   return stream;
 }
 
-gulp.task('sprites:compile', ['sprites:clean', 'sprites:main', 'sprites:largeSprites', 'sprites:checkCompiledDimensions']);
-
 gulp.task('sprites:main', () => {
   let mainSrc = sync('website/raw_sprites/spritesmith/**/*.png');
   return createSpritesStream('main', mainSrc);
@@ -133,7 +133,7 @@ gulp.task('sprites:clean', (done) => {
   clean(`${IMG_DIST_PATH}spritesmith*,${CSS_DIST_PATH}spritesmith*}`, done);
 });
 
-gulp.task('sprites:checkCompiledDimensions', ['sprites:main', 'sprites:largeSprites'], () => {
+gulp.task('sprites:checkCompiledDimensions', gulp.series('sprites:main', 'sprites:largeSprites', (done) => {
   console.log('Verifiying that images do not exceed max dimensions'); // eslint-disable-line no-console
 
   let numberOfSheetsThatAreTooBig = 0;
@@ -159,4 +159,7 @@ gulp.task('sprites:checkCompiledDimensions', ['sprites:main', 'sprites:largeSpri
   } else {
     console.log('All images are within the correct dimensions'); // eslint-disable-line no-console
   }
-});
+  done();
+}));
+
+gulp.task('sprites:compile', gulp.series('sprites:clean', 'sprites:main', 'sprites:largeSprites', 'sprites:checkCompiledDimensions', done => done()));

gulp/gulp-start.js

@@ -3,7 +3,7 @@ import nodemon from 'gulp-nodemon';
 
 let pkg = require('../package.json');
 
-gulp.task('nodemon', () => {
+gulp.task('nodemon', (done) => {
   nodemon({
     script: pkg.main,
     ignore: [
@@ -12,4 +12,5 @@ gulp.task('nodemon', () => {
       'common/dist/script/content/*',
     ],
   });
+  done();
 });

gulp/gulp-tests.js

@@ -4,7 +4,6 @@ import {
 import mongoose                   from 'mongoose';
 import { exec }                   from 'child_process';
 import gulp                       from 'gulp';
-import runSequence                from 'run-sequence';
 import os                         from 'os';
 import nconf                      from 'nconf';
 
@@ -39,23 +38,23 @@ let testBin = (string, additionalEnvVariables = '') => {
   }
 };
 
-gulp.task('test:nodemon', () => {
+gulp.task('test:nodemon', gulp.series(function setupNodemon (done) {
   process.env.PORT = TEST_SERVER_PORT; // eslint-disable-line no-process-env
   process.env.NODE_DB_URI = TEST_DB_URI; // eslint-disable-line no-process-env
-
-  runSequence('nodemon');
-});
+  done();
+}, 'nodemon'));
 
 gulp.task('test:prepare:mongo', (cb) => {
   mongoose.connect(TEST_DB_URI, (err) => {
     if (err) return cb(`Unable to connect to mongo database. Are you sure it's running? \n\n${err}`);
-    mongoose.connection.db.dropDatabase();
-    mongoose.connection.close();
-    cb();
+    mongoose.connection.dropDatabase((err2) => {
+      if (err2) return cb(err2);
+      mongoose.connection.close(cb);
+    });
   });
 });
 
-gulp.task('test:prepare:server', ['test:prepare:mongo'], () => {
+gulp.task('test:prepare:server', gulp.series('test:prepare:mongo', (done) => {
   if (!server) {
     server = exec(testBin('node ./website/server/index.js', `NODE_DB_URI=${TEST_DB_URI} PORT=${TEST_SERVER_PORT}`), (error, stdout, stderr) => {
       if (error) {
@@ -64,16 +63,18 @@ gulp.task('test:prepare:server', ['test:prepare:mongo'], () => {
       if (stderr) {
         console.error(stderr); // eslint-disable-line no-console
       }
+      done();
     });
   }
-});
+}));
 
-gulp.task('test:prepare:build', ['build']);
+gulp.task('test:prepare:build', gulp.series('build', done => done()));
 
-gulp.task('test:prepare', [
+gulp.task('test:prepare', gulp.series(
   'test:prepare:build',
   'test:prepare:mongo',
-]);
+  done => done()
+));
 
 gulp.task('test:sanity', (cb) => {
   let runner = exec(
@@ -88,7 +89,7 @@ gulp.task('test:sanity', (cb) => {
   pipe(runner);
 });
 
-gulp.task('test:common', ['test:prepare:build'], (cb) => {
+gulp.task('test:common', gulp.series('test:prepare:build', (cb) => {
   let runner = exec(
     testBin(COMMON_TEST_COMMAND),
     (err) => {
@@ -99,17 +100,17 @@ gulp.task('test:common', ['test:prepare:build'], (cb) => {
     }
   );
   pipe(runner);
-});
+}));
 
 gulp.task('test:common:clean', (cb) => {
   pipe(exec(testBin(COMMON_TEST_COMMAND), () => cb()));
 });
 
-gulp.task('test:common:watch', ['test:common:clean'], () => {
-  gulp.watch(['common/script/**/*', 'test/common/**/*'], ['test:common:clean']);
-});
+gulp.task('test:common:watch', gulp.series('test:common:clean', () => {
+  return gulp.watch(['common/script/**/*', 'test/common/**/*'], gulp.series('test:common:clean', done => done()));
+}));
 
-gulp.task('test:common:safe', ['test:prepare:build'], (cb) => {
+gulp.task('test:common:safe', gulp.series('test:prepare:build', (cb) => {
   let runner = exec(
     testBin(COMMON_TEST_COMMAND),
     (err, stdout) => { // eslint-disable-line handle-callback-err
@@ -123,9 +124,9 @@ gulp.task('test:common:safe', ['test:prepare:build'], (cb) => {
     }
   );
   pipe(runner);
-});
+}));
 
-gulp.task('test:content', ['test:prepare:build'], (cb) => {
+gulp.task('test:content', gulp.series('test:prepare:build', (cb) => {
   let runner = exec(
     testBin(CONTENT_TEST_COMMAND),
     CONTENT_OPTIONS,
@@ -137,17 +138,17 @@ gulp.task('test:content', ['test:prepare:build'], (cb) => {
     }
   );
   pipe(runner);
-});
+}));
 
 gulp.task('test:content:clean', (cb) => {
   pipe(exec(testBin(CONTENT_TEST_COMMAND), CONTENT_OPTIONS, () => cb()));
 });
 
-gulp.task('test:content:watch', ['test:content:clean'], () => {
-  gulp.watch(['common/script/content/**', 'test/**'], ['test:content:clean']);
-});
+gulp.task('test:content:watch', gulp.series('test:content:clean', () => {
+  return gulp.watch(['common/script/content/**', 'test/**'], gulp.series('test:content:clean', done => done()));
+}));
 
-gulp.task('test:content:safe', ['test:prepare:build'], (cb) => {
+gulp.task('test:content:safe', gulp.series('test:prepare:build', (cb) => {
   let runner = exec(
     testBin(CONTENT_TEST_COMMAND),
     CONTENT_OPTIONS,
@@ -162,7 +163,7 @@ gulp.task('test:content:safe', ['test:prepare:build'], (cb) => {
     }
   );
   pipe(runner);
-});
+}));
 
 gulp.task('test:api-v3:unit', (done) => {
   let runner = exec(
@@ -179,7 +180,7 @@ gulp.task('test:api-v3:unit', (done) => {
 });
 
 gulp.task('test:api-v3:unit:watch', () => {
-  gulp.watch(['website/server/libs/*', 'test/api/v3/unit/**/*', 'website/server/controllers/**/*'], ['test:api-v3:unit']);
+  return gulp.watch(['website/server/libs/*', 'test/api/v3/unit/**/*', 'website/server/controllers/**/*'], gulp.series('test:api-v3:unit', done => done()));
 });
 
 gulp.task('test:api-v3:integration', (done) => {
@@ -198,8 +199,10 @@ gulp.task('test:api-v3:integration', (done) => {
 });
 
 gulp.task('test:api-v3:integration:watch', () => {
-  gulp.watch(['website/server/controllers/api-v3/**/*', 'common/script/ops/*', 'website/server/libs/*.js',
-              'test/api/v3/integration/**/*'], ['test:api-v3:integration']);
+  return gulp.watch([
+    'website/server/controllers/api-v3/**/*', 'common/script/ops/*', 'website/server/libs/*.js',
+    'test/api/v3/integration/**/*',
+  ], gulp.series('test:api-v3:integration', done => done()));
 });
 
 gulp.task('test:api-v3:integration:separate-server', (done) => {
@@ -212,21 +215,17 @@ gulp.task('test:api-v3:integration:separate-server', (done) => {
   pipe(runner);
 });
 
-gulp.task('test', (done) => {
-  runSequence(
-    'test:sanity',
-    'test:content',
-    'test:common',
-    'test:api-v3:unit',
-    'test:api-v3:integration',
-    done
-  );
-});
+gulp.task('test', gulp.series(
+  'test:sanity',
+  'test:content',
+  'test:common',
+  'test:api-v3:unit',
+  'test:api-v3:integration',
+  done => done()
+));
 
-gulp.task('test:api-v3', (done) => {
-  runSequence(
-    'test:api-v3:unit',
-    'test:api-v3:integration',
-    done
-  );
-});
+gulp.task('test:api-v3', gulp.series(
+  'test:api-v3:unit',
+  'test:api-v3:integration',
+  done => done()
+));

gulp/gulp-transifex-test.js

@@ -93,9 +93,7 @@ const malformedStringExceptions = {
   feedPet: true,
 };
 
-gulp.task('transifex', ['transifex:missingFiles', 'transifex:missingStrings', 'transifex:malformedStrings']);
-
-gulp.task('transifex:missingFiles', () => {
+gulp.task('transifex:missingFiles', (done) => {
   let missingStrings = [];
 
   eachTranslationFile(ALL_LANGUAGES, (error) => {
@@ -109,9 +107,10 @@ gulp.task('transifex:missingFiles', () => {
     let formattedMessage = formatMessageForPosting(message, missingStrings);
     postToSlack(formattedMessage, SLACK_CONFIG);
   }
+  done();
 });
 
-gulp.task('transifex:missingStrings', () => {
+gulp.task('transifex:missingStrings', (done) => {
   let missingStrings = [];
 
   eachTranslationString(ALL_LANGUAGES, (language, filename, key, englishString, translationString) => {
@@ -126,9 +125,10 @@ gulp.task('transifex:missingStrings', () => {
     let formattedMessage = formatMessageForPosting(message, missingStrings);
     postToSlack(formattedMessage, SLACK_CONFIG);
   }
+  done();
 });
 
-gulp.task('transifex:malformedStrings', () => {
+gulp.task('transifex:malformedStrings', (done) => {
   let jsonFiles = stripOutNonJsonFiles(fs.readdirSync(ENGLISH_LOCALE));
   let interpolationRegex = /<%= [a-zA-Z]* %>/g;
   let stringsToLookFor = getStringsWith(jsonFiles, interpolationRegex);
@@ -170,4 +170,11 @@ gulp.task('transifex:malformedStrings', () => {
     let formattedMessage = formatMessageForPosting(message, stringsWithIncorrectNumberOfInterpolations);
     postToSlack(formattedMessage, SLACK_CONFIG);
   }
+  done();
 });
+
+gulp.task(
+  'transifex',
+  gulp.series('transifex:missingFiles', 'transifex:missingStrings', 'transifex:malformedStrings'),
+  (done) => done()
+);

gulpfile.js

@@ -8,10 +8,12 @@
 
 require('babel-register');
 
+const gulp = require('gulp');
+
 if (process.env.NODE_ENV === 'production') { // eslint-disable-line no-process-env
   require('./gulp/gulp-apidoc'); // eslint-disable-line global-require
   require('./gulp/gulp-build'); // eslint-disable-line global-require
 } else {
   require('glob').sync('./gulp/gulp-*').forEach(require); // eslint-disable-line global-require
-  require('gulp').task('default', ['test']); // eslint-disable-line global-require
+  require('gulp').task('default', gulp.series('test')); // eslint-disable-line global-require
 }

migrations/20140831_increase_gems_for_previous_contributions.js

@@ -16,7 +16,7 @@ var migrationName = '20140831_increase_gems_for_previous_contributions';
  * https://github.com/HabitRPG/habitrpg/issues/3933
  * Increase Number of Gems for Contributors
  * author: Alys (d904bd62-da08-416b-a816-ba797c9ee265)
- * 
+ *
  * Increase everyone's gems per their contribution level.
  * Originally they were given 2 gems per tier.
  * Now they are given 3 gems per tier for tiers 1,2,3
@@ -70,7 +70,7 @@ dbUsers.findEach(query, fields, function(err, user) {
     var extraGems = tier; // tiers 1,2,3
     if (tier > 3)  { extraGems = 3 + (tier - 3) * 2; }
     if (tier == 8) { extraGems = 11; }
-    extraBalance = extraGems / 4;
+    var extraBalance = extraGems / 4;
     set['balance'] = user.balance + extraBalance;
 
     // Capture current state of user:

migrations/20151021_usernames_emails_lowercase.js

@@ -39,7 +39,7 @@ function findUsers(gt){
       console.log('User: ', countUsers, user._id);
 
       var update = {
-        $set: {};
+        $set: {}
       };
 
       if(user.auth && user.auth.local) {
@@ -60,4 +60,4 @@ function findUsers(gt){
   });
 };
 
-findUsers();
+findUsers();

migrations/20171117_turkey_ladder.js

@@ -0,0 +1,128 @@
+var migrationName = '20171117_turkey_ladder.js';
+var authorName = 'Sabe'; // in case script author needs to know when their ...
+var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
+
+/*
+ * Award the Turkey Day ladder:
+ * Grant Turkey Costume to those who have the Gilded Turkey mount
+ * Grant Gilded Turkey mount to those who have the Gilded Turkey pet
+ * Grant Gilded Turkey pet to those who have the Base Turkey mount
+ * Grant Base Turkey mount to those who have the Base Turkey pet
+ * Grant Base Turkey pet to those who have none of the above yet
+ */
+
+var monk = require('monk');
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbUsers = monk(connectionString).get('users', { castIds: false });
+
+function processUsers(lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  var query = {
+    'migration':{$ne:migrationName},
+    'auth.timestamps.loggedin':{$gt:new Date('2017-11-01')},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [
+      'items.pets',
+      'items.mounts',
+    ] // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+  .then(updateUsers)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  var userPromises = users.map(updateUser);
+  var lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+  .then(function () {
+    processUsers(lastUser._id);
+  });
+}
+
+function updateUser (user) {
+  count++;
+
+  var set = {};
+
+  if (user && user.items && user.items.mounts && user.items.mounts['Turkey-Gilded']) {
+    set = {
+      migration: migrationName,
+      'items.gear.owned.head_special_turkeyHelmBase': false,
+      'items.gear.owned.armor_special_turkeyArmorBase': false,
+      'items.gear.owned.back_special_turkeyTailBase': false,
+    };
+    var push = [
+      {
+        type: 'marketGear',
+        path: 'gear.flat.head_special_turkeyHelmBase',
+        _id: monk.id(),
+      },
+      {
+        type: 'marketGear',
+        path: 'gear.flat.armor_special_turkeyArmorBase',
+        _id: monk.id(),
+      },
+      {
+        type: 'marketGear',
+        path: 'gear.flat.back_special_turkeyTailBase',
+        _id: monk.id(),
+      },
+    ];
+  } else if (user && user.items && user.items.pets && user.items.pets['Turkey-Gilded']) {
+    set = {'migration':migrationName, 'items.mounts.Turkey-Gilded':true};
+  } else if (user && user.items && user.items.mounts && user.items.mounts['Turkey-Base']) {
+    set = {'migration':migrationName, 'items.pets.Turkey-Gilded':5};
+  } else if (user && user.items && user.items.pets && user.items.pets['Turkey-Base']) {
+    set = {'migration':migrationName, 'items.mounts.Turkey-Base':true};
+  } else {
+    set = {'migration':migrationName, 'items.pets.Turkey-Base':5};
+  }
+
+  dbUsers.update({_id: user._id}, {$set: set});
+  if (push) {
+    dbUsers.update({_id: user._id}, {$push: {pinnedItems: {$each: push}}});
+  }
+
+  if (count % progressCount == 0) console.warn(count + ' ' + user._id);
+  if (user._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' users processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;

migrations/20171230_nye_hats.js

@@ -0,0 +1,103 @@
+var migrationName = '20171230_nye_hats.js';
+var authorName = 'Sabe'; // in case script author needs to know when their ...
+var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
+
+/*
+ * Award New Year's Eve party hats to users in sequence
+ */
+
+var monk = require('monk');
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbUsers = monk(connectionString).get('users', { castIds: false });
+
+function processUsers(lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  var query = {
+    'migration': {$ne:migrationName},
+    'auth.timestamps.loggedin': {$gt:new Date('2017-11-30')},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [
+      'items.gear.owned',
+    ] // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+  .then(updateUsers)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  var userPromises = users.map(updateUser);
+  var lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+  .then(function () {
+    processUsers(lastUser._id);
+  });
+}
+
+function updateUser (user) {
+  count++;
+
+  var set = {};
+  var push = {};
+
+  if (typeof user.items.gear.owned.head_special_nye2016 !== 'undefined') {
+    set = {'migration':migrationName, 'items.gear.owned.head_special_nye2017':false};
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.head_special_nye2017', '_id': monk.id()}};
+  } else if (typeof user.items.gear.owned.head_special_nye2015 !== 'undefined') {
+    set = {'migration':migrationName, 'items.gear.owned.head_special_nye2016':false};
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.head_special_nye2016', '_id': monk.id()}};
+  } else if (typeof user.items.gear.owned.head_special_nye2014 !== 'undefined') {
+    set = {'migration':migrationName, 'items.gear.owned.head_special_nye2015':false};
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.head_special_nye2015', '_id': monk.id()}};
+  } else if (typeof user.items.gear.owned.head_special_nye !== 'undefined') {
+    set = {'migration':migrationName, 'items.gear.owned.head_special_nye2014':false};
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.head_special_nye2014', '_id': monk.id()}};
+  } else {
+    set = {'migration':migrationName, 'items.gear.owned.head_special_nye':false};
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.head_special_nye', '_id': monk.id()}};
+  }
+
+  dbUsers.update({_id: user._id}, {$set: set, $push: push});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + user._id);
+  if (user._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' users processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;

migrations/20180110_nextPaymentProcessing.js

@@ -0,0 +1,79 @@
+/*
+ * Convert purchased.plan.nextPaymentProcessing from a double to a date field for Apple subscribers
+ */
+
+var monk = require('monk');
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbUsers = monk(connectionString).get('users', { castIds: false });
+
+function processUsers(lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  var query = {
+    'purchased.plan.paymentMethod': "Apple",
+    'purchased.plan.nextPaymentProcessing': {$type: 'double'},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+  })
+  .then(updateUsers)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 100;
+var count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  var userPromises = users.map(updateUser);
+  var lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+  .then(function () {
+    processUsers(lastUser._id);
+  });
+}
+
+function updateUser (user) {
+  count++;
+
+  var set = {
+    'purchased.plan.nextPaymentProcessing': new Date(user.purchased.plan.nextPaymentProcessing),
+  };
+
+  dbUsers.update({_id: user._id}, {$set: set});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + user._id);
+}
+
+function displayData() {
+  console.warn('\n' + count + ' users processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;

migrations/20180125_clean_new_notifications.js

@@ -0,0 +1,93 @@
+const UserNotification = require('../website/server/models/userNotification').model;
+const content = require('../website/common/script/content/index');
+
+const migrationName = '20180125_clean_new_migrations';
+const authorName = 'paglias'; // in case script author needs to know when their ...
+const authorUuid = 'ed4c688c-6652-4a92-9d03-a5a79844174a'; // ... own data is done
+
+/*
+ * Clean new migration types for processed users
+ */
+
+const monk = require('monk');
+const connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+const dbUsers = monk(connectionString).get('users', { castIds: false });
+
+const progressCount = 1000;
+let count = 0;
+
+function updateUser (user) {
+  count++;
+
+  const types = ['NEW_MYSTERY_ITEMS', 'CARD_RECEIVED', 'NEW_CHAT_MESSAGE'];
+
+  dbUsers.update({_id: user._id}, {
+    $pull: {notifications: { type: {$in: types } } },
+    $set: {migration: migrationName},
+  });
+
+  if (count % progressCount === 0) console.warn(`${count  } ${  user._id}`);
+  if (user._id === authorUuid) console.warn(`${authorName  } processed`);
+}
+
+function exiting (code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) {
+    msg = 'ERROR!';
+  }
+  if (msg) {
+    if (code) {
+      console.error(msg);
+    } else      {
+      console.log(msg);
+    }
+  }
+  process.exit(code);
+}
+
+function displayData () {
+  console.warn(`\n${  count  } users processed\n`);
+  return exiting(0);
+}
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  const userPromises = users.map(updateUser);
+  const lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+    .then(() => {
+      processUsers(lastUser._id);
+    });
+}
+
+function processUsers (lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  const query = {
+    migration: {$ne: migrationName},
+    'auth.timestamps.loggedin': {$gt: new Date('2010-01-24')},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId,
+    };
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+  })
+    .then(updateUsers)
+    .catch((err) => {
+      console.log(err);
+      return exiting(1, `ERROR! ${  err}`);
+    });
+}
+
+module.exports = processUsers;

migrations/20180125_notifications.js

@@ -0,0 +1,149 @@
+const UserNotification = require('../website/server/models/userNotification').model;
+const content = require('../website/common/script/content/index');
+
+const migrationName = '20180125_migrations-v2';
+const authorName = 'paglias'; // in case script author needs to know when their ...
+const authorUuid = 'ed4c688c-6652-4a92-9d03-a5a79844174a'; // ... own data is done
+
+/*
+ * Migrate to new notifications system
+ */
+
+const monk = require('monk');
+const connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+const dbUsers = monk(connectionString).get('users', { castIds: false });
+
+const progressCount = 1000;
+let count = 0;
+
+function updateUser (user) {
+  count++;
+
+  const notifications = [];
+
+  // UNALLOCATED_STATS_POINTS skipped because added on each save
+  // NEW_STUFF skipped because it's a new type
+  // GROUP_TASK_NEEDS_WORK because it's a new type
+  // NEW_INBOX_MESSAGE not implemented yet
+
+
+  // NEW_MYSTERY_ITEMS
+  const mysteryItems = user.purchased && user.purchased.plan && user.purchased.plan.mysteryItems;
+  if (Array.isArray(mysteryItems) && mysteryItems.length > 0) {
+    const newMysteryNotif = new UserNotification({
+      type: 'NEW_MYSTERY_ITEMS',
+      data: {
+        items: mysteryItems,
+      },
+    }).toJSON();
+    notifications.push(newMysteryNotif);
+  }
+
+  // CARD_RECEIVED
+  Object.keys(content.cardTypes).forEach(cardType => {
+    const existingCards = user.items.special[`${cardType}Received`] || [];
+    existingCards.forEach(sender => {
+      const newNotif = new UserNotification({
+        type: 'CARD_RECEIVED',
+        data: {
+          card: cardType,
+          from: {
+            // id is missing in old notifications
+            name: sender,
+          },
+        },
+      }).toJSON();
+
+      notifications.push(newNotif);
+    });
+  });
+
+  // NEW_CHAT_MESSAGE
+  Object.keys(user.newMessages).forEach(groupId => {
+    const existingNotif = user.newMessages[groupId];
+
+    if (existingNotif) {
+      const newNotif = new UserNotification({
+        type: 'NEW_CHAT_MESSAGE',
+        data: {
+          group: {
+            id: groupId,
+            name: existingNotif.name,
+          },
+        },
+      }).toJSON();
+
+      notifications.push(newNotif);
+    }
+  });
+
+  dbUsers.update({_id: user._id}, {
+    $push: {notifications: { $each: notifications } },
+    $set: {migration: migrationName},
+  });
+
+  if (count % progressCount === 0) console.warn(`${count  } ${  user._id}`);
+  if (user._id === authorUuid) console.warn(`${authorName  } processed`);
+}
+
+function exiting (code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) {
+    msg = 'ERROR!';
+  }
+  if (msg) {
+    if (code) {
+      console.error(msg);
+    } else      {
+      console.log(msg);
+    }
+  }
+  process.exit(code);
+}
+
+function displayData () {
+  console.warn(`\n${  count  } users processed\n`);
+  return exiting(0);
+}
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  const userPromises = users.map(updateUser);
+  const lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+    .then(() => {
+      processUsers(lastUser._id);
+    });
+}
+
+function processUsers (lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  const query = {
+    migration: {$ne: migrationName},
+    'auth.timestamps.loggedin': {$gt: new Date('2010-01-24')},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId,
+    };
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+  })
+    .then(updateUsers)
+    .catch((err) => {
+      console.log(err);
+      return exiting(1, `ERROR! ${  err}`);
+    });
+}
+
+module.exports = processUsers;

migrations/20180130_habit_birthday.js

@@ -0,0 +1,118 @@
+var migrationName = '20180130_habit_birthday.js';
+var authorName = 'Sabe'; // in case script author needs to know when their ...
+var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
+
+/*
+ * Award party robes: most recent user doesn't have of 2014-2018. Also cake!
+ */
+
+var monk = require('monk');
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbUsers = monk(connectionString).get('users', { castIds: false });
+
+function processUsers(lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  var query = {
+    'migration':{$ne:migrationName},
+    'auth.timestamps.loggedin':{$gt:new Date('2018-01-01')}, // remove after first run to cover remaining users
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [ // specify fields we are interested in to limit retrieved data (empty if we're not reading data)
+      'items.gear.owned'
+    ],
+  })
+  .then(updateUsers)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  var userPromises = users.map(updateUser);
+  var lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+  .then(function () {
+    processUsers(lastUser._id);
+  });
+}
+
+function updateUser (user) {
+  count++;
+
+  var push;
+  var set = {'migration':migrationName};
+
+  if (user.items && user.items.gear && user.items.gear.owned && user.items.gear.owned.hasOwnProperty('armor_special_birthday2017')) {
+    set['items.gear.owned.armor_special_birthday2018'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.armor_special_birthday2018', '_id': monk.id()}};
+  } else if (user.items && user.items.gear && user.items.gear.owned && user.items.gear.owned.hasOwnProperty('armor_special_birthday2016')) {
+    set['items.gear.owned.armor_special_birthday2017'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.armor_special_birthday2017', '_id': monk.id()}};
+  } else if (user.items && user.items.gear && user.items.gear.owned && user.items.gear.owned.hasOwnProperty('armor_special_birthday2015')) {
+    set['items.gear.owned.armor_special_birthday2016'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.armor_special_birthday2016', '_id': monk.id()}};
+  } else if (user.items && user.items.gear && user.items.gear.owned && user.items.gear.owned.hasOwnProperty('armor_special_birthday')) {
+    set['items.gear.owned.armor_special_birthday2015'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.armor_special_birthday2015', '_id': monk.id()}};
+  } else {
+    set['items.gear.owned.armor_special_birthday'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.armor_special_birthday', '_id': monk.id()}};
+  }
+
+  var inc = {
+    'items.food.Cake_Skeleton':1,
+    'items.food.Cake_Base':1,
+    'items.food.Cake_CottonCandyBlue':1,
+    'items.food.Cake_CottonCandyPink':1,
+    'items.food.Cake_Shade':1,
+    'items.food.Cake_White':1,
+    'items.food.Cake_Golden':1,
+    'items.food.Cake_Zombie':1,
+    'items.food.Cake_Desert':1,
+    'items.food.Cake_Red':1,
+    'achievements.habitBirthdays':1
+  };
+
+  dbUsers.update({_id: user._id}, {$set: set, $inc: inc, $push: push});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + user._id);
+  if (user._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' users processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;
+

migrations/docs/mongo-indexes.md

@@ -0,0 +1,59 @@
+# Indexes
+
+This file contains a list of indexes that are on Habitica's production Mongo server.
+If we ever have an issue, use this list to reindex.
+
+## Challenges
+ - `{ "group": 1, "official": -1, "timestamp": -1 }`
+ - `{ "leader": 1, "official": -1, "timestamp": -1 }`
+ - `{ "official": -1, "timestamp": -1 }`
+
+## Groups
+ - `{ "privacy": 1, "type": 1, "memberCount": -1 }`
+ - `{ "privacy": 1 }`
+ - `{ "purchased.plan.customerId": 1 }`
+ - `{ "purchased.plan.paymentMethod": 1 }`
+ - `{ "purchased.plan.planId": 1, "purchased.plan.dateTerminated": 1 }`
+ - `{ "type": 1, "memberCount": -1, "_id": 1 }`
+ - `{ "type": 1 }`
+
+## Tasks
+ - `{ "challenge.id": 1 }`
+ - `{ "challenge.taskId": 1 }`
+ - `{ "group.id": 1 }`
+ - `{ "group.taskId": 1 }`
+ - `{ "type": 1, "everyX": 1, "frequency": 1 }`
+ - `{ "userId": 1 }`
+ - `{ "yesterDaily": 1, "type": 1 }`
+
+## Users
+ - `{ "_id": 1, "apiToken": 1 }`
+ - `{ "auth.facebook.emails.value": 1 }`
+ - `{ "auth.facebook.id": 1 }`
+ - `{ "auth.google.emails.value": 1 }`
+ - `{ "auth.google.id": 1 }`
+ - `{ "auth.local.email": 1 }`
+ - `{ "auth.local.lowerCaseUsername": 1 }`
+ - `{ "auth.local.username": 1 }`
+ - `{ "auth.timestamps.created": 1 }`
+ - `{ "auth.timestamps.loggedin": 1, "_lastPushNotification": 1, "preferences.timezoneOffset": 1 }`
+ - `{ "auth.timestamps.loggedin": 1 }`
+ - `{ "backer.tier": -1 }`
+ - `{ "challenges": 1, "_id": 1 }`
+ - `{ "contributor.admin": 1, "contributor.level": -1, "backer.npc": -1, "profile.name": 1 }`
+ - `{ "contributor.level": 1 }`
+ - `{ "flags.newStuff": 1 }`
+ - `{ "flags.armoireEmpty": 1 }`
+ - `{ "guilds": 1, "_id": 1 }`
+ - `{ "invitations.guilds.id": 1, "_id": 1 }`
+ - `{ "invitations.party.id": 1 }`
+ - `{ "loginIncentives": 1 }`
+ - `{ "migration": 1 }`
+ - `{ "party._id": 1, "_id": 1 }`
+ - `{ "preferences.sleep": 1, "_id": 1, "flags.lastWeeklyRecap": 1, "preferences.emailNotifications.unsubscribeFromAll": 1, "preferences.emailNotifications.weeklyRecaps": 1 }`
+ - `{ "preferences.sleep": 1, "_id": 1, "lastCron": 1, "preferences.emailNotifications.importantAnnouncements": 1, "preferences.emailNotifications.unsubscribeFromAll": 1, "flags.recaptureEmailsPhase": 1 }`
+ - `{ "profile.name": 1 }`
+ - `{ "purchased.plan.customerId": 1 }`
+ - `{ "purchased.plan.paymentMethod": 1 }`
+ - `{ "stats.score.overall": 1 }`
+ - `{ "webhooks.type": 1 }`

migrations/migration-runner.js

@@ -17,8 +17,5 @@ function setUpServer () {
 setUpServer();
 
 // Replace this with your migration
-var processUsers = require('./groups/update-groups-with-group-plans');
-processUsers()
-  .catch(function (err) {
-      console.log(err)
-  })
+const processUsers = require('./20180125_clean_new_notifications.js');
+processUsers();

migrations/mystery_items.js

@@ -1,10 +1,23 @@
+var UserNotification = require('../website/server/models/userNotification').model
+
 var _id = '';
+
+var items = ['back_mystery_201801','headAccessory_mystery_201801']
+
 var update = {
   $addToSet: {
     'purchased.plan.mysteryItems':{
-      $each:['armor_mystery_201710','head_mystery_201710']
+      $each: items,
     }
-  }
+  },
+  $push: {
+    notifications: (new UserNotification({
+      type: 'NEW_MYSTERY_ITEMS',
+      data: {
+        items: items,
+      },
+    })).toJSON(),
+  },
 };
 
 /*var update = {

migrations/restock_armoire_for_users_that_need_it.js

@@ -18,71 +18,94 @@ var authorUuid = '3e595299-3d8a-4a10-bfe0-88f555e4aa0c'; //... own data is done
  * 
  */
 
-var dbserver = 'localhost:27017'; // FOR TEST DATABASE
-var dbserver = 'username:password@ds031379-a0.mongolab.com:31379'; // FOR PRODUCTION DATABASE
-var dbname = 'habitrpg';
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
 
-var mongo = require('mongoskin');
-var _ = require('lodash');
+var monk = require('monk');
+var dbUsers = monk(connectionString).get('users', { castIds: false });
 
-var dbUsers = mongo.db(dbserver + '/' + dbname + '?auto_reconnect').collection('users');
 
-// specify a query to limit the affected users (empty for all users):
-var query = {
-  'auth.timestamps.loggedin':{$gt:new Date('2016-01-04')}
-  // '_id': authorUuid // FOR TESTING
-};
+function processUsers(lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  var query = {
+    'auth.timestamps.loggedin':{$gt:new Date('2016-01-04')}
+    // '_id': authorUuid // FOR TESTING
+  };
 
-// specify fields we are interested in to limit retrieved data (empty if we're not reading data):
-var fields = {
-  'flags.armoireEmpty':1,
-  'items.gear.owned':1
-};
+  // specify a query to limit the affected users (empty for all users):
+  var fields = {
+    'flags.armoireEmpty':1,
+    'items.gear.owned':1
+  };
 
-// specify user data to change:
-var set = {'migration':migrationName, 'flags.armoireEmpty':false};
-
-console.warn('Updating users...');
-var progressCount = 1000;
-var countSearched = 0;
-var countModified = 0;
-dbUsers.findEach(query, fields, {batchSize:250}, function(err, user) {
-  if (err) { return exiting(1, 'ERROR! ' + err); }
-  if (!user) {
-    console.warn('All appropriate users found and modified.');
-    return displayData();
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
   }
-  countSearched++;
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: {
+      'flags.armoireEmpty':1,
+      'items.gear.owned':1
+    } // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+  .then(updateUsers)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  var userPromises = users.map(updateUser);
+  var lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+  .then(function () {
+    processUsers(lastUser._id);
+  });
+}
+
+function updateUser (user) {
+  count++;
+
+  var set = {'migration':migrationName, 'flags.armoireEmpty':false};
+
 
   if (user.flags.armoireEmpty) {
     // this user believes their armoire has no more items in it
     if (user.items.gear.owned.weapon_armoire_barristerGavel && user.items.gear.owned.armor_armoire_barristerRobes && user.items.gear.owned.head_armoire_jesterCap && user.items.gear.owned.armor_armoire_jesterCostume && user.items.gear.owned.head_armoire_barristerWig && user.items.gear.owned.weapon_armoire_jesterBaton && user.items.gear.owned.weapon_armoire_lunarSceptre && user.items.gear.owned.armor_armoire_gladiatorArmor && user.items.gear.owned.weapon_armoire_basicCrossbow && user.items.gear.owned.head_armoire_gladiatorHelm && user.items.gear.owned.armor_armoire_lunarArmor && user.items.gear.owned.head_armoire_redHairbow && user.items.gear.owned.head_armoire_violetFloppyHat && user.items.gear.owned.head_armoire_rancherHat && user.items.gear.owned.shield_armoire_gladiatorShield && user.items.gear.owned.head_armoire_blueHairbow && user.items.gear.owned.weapon_armoire_mythmakerSword && user.items.gear.owned.head_armoire_royalCrown && user.items.gear.owned.head_armoire_hornedIronHelm && user.items.gear.owned.weapon_armoire_rancherLasso && user.items.gear.owned.armor_armoire_rancherRobes && user.items.gear.owned.armor_armoire_hornedIronArmor && user.items.gear.owned.armor_armoire_goldenToga && user.items.gear.owned.weapon_armoire_ironCrook && user.items.gear.owned.head_armoire_goldenLaurels && user.items.gear.owned.head_armoire_redFloppyHat && user.items.gear.owned.armor_armoire_plagueDoctorOvercoat && user.items.gear.owned.head_armoire_plagueDoctorHat && user.items.gear.owned.weapon_armoire_goldWingStaff && user.items.gear.owned.head_armoire_yellowHairbow && user.items.gear.owned.eyewear_armoire_plagueDoctorMask && user.items.gear.owned.head_armoire_blackCat && user.items.gear.owned.weapon_armoire_batWand && user.items.gear.owned.head_armoire_orangeCat && user.items.gear.owned.shield_armoire_midnightShield && user.items.gear.owned.armor_armoire_royalRobes && user.items.gear.owned.head_armoire_blueFloppyHat && user.items.gear.owned.shield_armoire_royalCane && user.items.gear.owned.weapon_armoire_shepherdsCrook && user.items.gear.owned.armor_armoire_shepherdRobes && user.items.gear.owned.head_armoire_shepherdHeaddress && user.items.gear.owned.weapon_armoire_blueLongbow && user.items.gear.owned.weapon_armoire_crystalCrescentStaff && user.items.gear.owned.head_armoire_crystalCrescentHat && user.items.gear.owned.armor_armoire_dragonTamerArmor && user.items.gear.owned.head_armoire_dragonTamerHelm && user.items.gear.owned.armor_armoire_crystalCrescentRobes && user.items.gear.owned.shield_armoire_dragonTamerShield && user.items.gear.owned.weapon_armoire_glowingSpear) {
       // this user does have all the armoire items so we don't change the flag
-	  // console.log("don't change: " + user._id); // FOR TESTING
+    // console.log("don't change: " + user._id); // FOR TESTING
+    } else {
+      // console.log("change: " + user._id); // FOR TESTING
+      dbUsers.update({_id: user._id}, {$set: set});
     }
-    else {
-      countModified++;
-	  // console.log("change: " + user._id); // FOR TESTING
-      dbUsers.update({_id:user._id}, {$set:set});
-    }
-  }
-  else {
+  } else {
     // this user already has armoire marked as containing items to be bought
     // so don't change the flag
-	// console.log("DON'T CHANGE: " + user._id); // FOR TESTING
+    // console.log("DON'T CHANGE: " + user._id); // FOR TESTING
   }
 
-  if (countSearched%progressCount == 0) console.warn(countSearched + ' ' + user._id);
+  if (count % progressCount == 0) console.warn(count + ' ' + user._id);
   if (user._id == authorUuid) console.warn(authorName + ' processed');
-});
-
-
-function displayData() {
-  console.warn('\n' + countSearched + ' users searched\n');
-  console.warn('\n' + countModified + ' users modified\n');
-  return exiting(0);
 }
 
+function displayData() {
+  console.warn('\n' + count + ' users processed\n');
+  return exiting(0);
+}
 
 function exiting(code, msg) {
   code = code || 0; // 0 = success
@@ -93,3 +116,5 @@ function exiting(code, msg) {
   }
   process.exit(code);
 }
+
+module.exports = processUsers;

migrations/takeThis.js

@@ -1,4 +1,4 @@
-var migrationName = '20170502_takeThis.js'; // Update per month
+var migrationName = '20180102_takeThis.js'; // Update per month
 var authorName = 'Sabe'; // in case script author needs to know when their ...
 var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
 
@@ -7,14 +7,14 @@ var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
  */
 
 var monk = require('monk');
-var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var connectionString = 'mongodb://sabrecat:z8e8jyRA8CTofMQ@ds013393-a0.mlab.com:13393/habitica?auto_reconnect=true';
 var dbUsers = monk(connectionString).get('users', { castIds: false });
 
 function processUsers(lastId) {
   // specify a query to limit the affected users (empty for all users):
   var query = {
     'migration':{$ne:migrationName},
-    'challenges':{$in:['69999331-d4ea-45a0-8c3f-f725d22b56c8']} // Update per month
+    'challenges':{$in:['5f70ce5b-2d82-4114-8e44-ca65615aae62']} // Update per month
   };
 
   if (lastId) {

migrations/tasks/tasks-set-everyX.js

@@ -0,0 +1,88 @@
+var migrationName = 'tasks-set-everyX';
+var authorName = 'Sabe'; // in case script author needs to know when their ...
+var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
+
+/*
+ * Iterates over all tasks and sets invalid everyX values (less than 0 or more than 9999 or not an int) field to 0
+ */
+
+var monk = require('monk');
+var connectionString = 'mongodb://sabrecat:z8e8jyRA8CTofMQ@ds013393-a0.mlab.com:13393/habitica?auto_reconnect=true';
+var dbTasks = monk(connectionString).get('tasks', { castIds: false });
+
+function processTasks(lastId) {
+  // specify a query to limit the affected tasks (empty for all tasks):
+  var query = {
+    type: "daily",
+    everyX: {
+      $not: {
+        $gte: 0,
+        $lte: 9999,
+        $type: "int",
+      }
+    },
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbTasks.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [],
+  })
+  .then(updateTasks)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateTasks (tasks) {
+  if (!tasks || tasks.length === 0) {
+    console.warn('All appropriate tasks found and modified.');
+    displayData();
+    return;
+  }
+
+  var taskPromises = tasks.map(updatetask);
+  var lasttask = tasks[tasks.length - 1];
+
+  return Promise.all(taskPromises)
+  .then(function () {
+    processTasks(lasttask._id);
+  });
+}
+
+function updatetask (task) {
+  count++;
+  var set = {'everyX': 0};
+
+  dbTasks.update({_id: task._id}, {$set:set});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + task._id);
+  if (task._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' tasks processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processTasks;

migrations/users/account-transfer.js

@@ -0,0 +1,38 @@
+var migrationName = 'AccountTransfer';
+var authorName = 'TheHollidayInn'; // in case script author needs to know when their ...
+var authorUuid = ''; //... own data is done
+
+/*
+ * This migraition will copy user data from prod to test
+ */
+
+const monk = require('monk');
+const connectionString = '';
+const Users = monk(connectionString).get('users', { castIds: false });
+
+import uniq from 'lodash/uniq';
+import Bluebird from 'bluebird';
+
+
+module.exports = async function accountTransfer () {
+  const fromAccountId = '';
+  const toAccountId = '';
+
+  const fromAccount = await Users.findOne({_id: fromAccountId});
+  const toAccount = await Users.findOne({_id: toAccountId});
+
+  const newMounts = Object.assign({}, fromAccount.items.mounts, toAccount.items.mounts);
+  const newPets = Object.assign({}, fromAccount.items.pets, toAccount.items.pets);
+  const newBackgrounds = Object.assign({}, fromAccount.purchased.background, toAccount.purchased.background);
+
+  await Users.update({_id: toAccountId}, {
+    $set: {
+      'items.pets': newPets,
+      'items.mounts': newMounts,
+      'purchased.background': newBackgrounds,
+    },
+  })
+  .then((result) => {
+    console.log(result);
+  });
+};

migrations/users/achievement-restore.js

@@ -0,0 +1,93 @@
+const migrationName = 'AchievementRestore';
+const authorName = 'TheHollidayInn'; // in case script author needs to know when their ...
+const authorUuid = ''; //... own data is done
+
+/*
+ * This migraition will copy user data from prod to test
+ */
+import Bluebird from 'bluebird';
+
+const monk = require('monk');
+const connectionString = 'mongodb://localhost/new-habit';
+const Users = monk(connectionString).get('users', { castIds: false });
+
+const monkOld = require('monk');
+const oldConnectionSting = 'mongodb://localhost/old-habit';
+const UsersOld = monk(oldConnectionSting).get('users', { castIds: false });
+
+function getAchievementUpdate (newUser, oldUser) {
+  const oldAchievements = oldUser.achievements;
+  const newAchievements = newUser.achievements;
+
+  let achievementsUpdate = Object.assign({}, newAchievements);
+
+  // ultimateGearSets
+  if (!achievementsUpdate.ultimateGearSets && oldAchievements.ultimateGearSets) {
+    achievementsUpdate.ultimateGearSets = oldAchievements.ultimateGearSets;
+  } else if (oldAchievements.ultimateGearSets) {
+    for (let index in oldAchievements.ultimateGearSets) {
+      if (oldAchievements.ultimateGearSets[index]) achievementsUpdate.ultimateGearSets[index] = true;
+    }
+  }
+
+  // challenges
+  if (!newAchievements.challenges) newAchievements.challenges = [];
+  if (!oldAchievements.challenges) oldAchievements.challenges = [];
+  achievementsUpdate.challenges = newAchievements.challenges.concat(oldAchievements.challenges);
+
+  // Quests
+  if (!achievementsUpdate.quests) achievementsUpdate.quests = {};
+  for (let index in oldAchievements.quests) {
+    if (!achievementsUpdate.quests[index]) {
+      achievementsUpdate.quests[index] = oldAchievements.quests[index];
+    } else {
+      achievementsUpdate.quests[index] += oldAchievements.quests[index];
+    }
+  }
+
+  // Rebirth level
+  if (achievementsUpdate.rebirthLevel) {
+    achievementsUpdate.rebirthLevel = Math.max(achievementsUpdate.rebirthLevel, oldAchievements.rebirthLevel);
+  } else if (oldAchievements.rebirthLevel) {
+    achievementsUpdate.rebirthLevel = oldAchievements.rebirthLevel;
+  }
+
+  //All others
+  const indexsToIgnore = ['ultimateGearSets', 'challenges', 'quests', 'rebirthLevel'];
+  for (let index in oldAchievements) {
+    if (indexsToIgnore.indexOf(index) !== -1) continue;
+
+    if (!achievementsUpdate[index])  {
+      achievementsUpdate[index] = oldAchievements[index];
+      continue;
+    }
+
+    if (Number.isInteger(oldAchievements[index])) {
+      achievementsUpdate[index] += oldAchievements[index];
+    } else {
+      if (oldAchievements[index] === true) achievementsUpdate[index] = true;
+    }
+  }
+
+  return achievementsUpdate;
+}
+
+module.exports = async function achievementRestore () {
+  const userIds = [
+  ];
+
+  for (let index in userIds) {
+    const userId = userIds[index];
+    const oldUser = await UsersOld.findOne({_id: userId}, 'achievements');
+    const newUser = await Users.findOne({_id: userId}, 'achievements');
+    const achievementUpdate = getAchievementUpdate(newUser, oldUser);
+    await Users.update(
+      {_id: userId},
+      {
+        $set: {
+          'achievements': achievementUpdate,
+        },
+      });
+    console.log(`Updated ${userId}`);
+  }
+};

package.json

@@ -1,7 +1,7 @@
 {
   "name": "habitica",
   "description": "A habit tracker app which treats your goals like a Role Playing Game.",
-  "version": "4.11.1",
+  "version": "4.27.0",
   "main": "./website/server/index.js",
   "dependencies": {
     "@slack/client": "^3.8.1",
@@ -10,7 +10,6 @@
     "amplitude": "^2.0.3",
     "apidoc": "^0.17.5",
     "apn": "^1.7.6",
-    "async": "^1.5.0",
     "autoprefixer": "^6.4.0",
     "aws-sdk": "^2.0.25",
     "axios": "^0.16.0",
@@ -27,106 +26,89 @@
     "babel-preset-es2015": "^6.6.0",
     "babel-register": "^6.6.0",
     "babel-runtime": "^6.11.6",
-    "babelify": "^7.2.0",
     "bcrypt": "^1.0.2",
     "bluebird": "^3.3.5",
     "body-parser": "^1.15.0",
-    "bootstrap": "4.0.0-beta.2",
-    "bootstrap-vue": "^1.0.2",
-    "browserify": "~12.0.1",
+    "bootstrap": "^4.0.0",
+    "bootstrap-vue": "^1.5.0",
     "compression": "^1.6.1",
-    "connect-ratelimit": "0.0.7",
     "cookie-session": "^1.2.0",
     "coupon-code": "^0.4.5",
-    "cross-env": "^4.0.0",
+    "cross-env": "^5.1.3",
     "css-loader": "^0.28.0",
     "csv-stringify": "^1.0.2",
     "cwait": "~1.0.1",
     "domain-middleware": "~0.1.0",
-    "estraverse": "^4.1.1",
     "express": "~4.14.0",
     "express-basic-auth": "^1.0.1",
-    "express-csv": "~0.6.0",
     "express-validator": "^2.18.0",
     "extract-text-webpack-plugin": "^2.0.0-rc.3",
-    "file-loader": "^0.10.0",
-    "glob": "^4.3.5",
+    "glob": "^7.1.2",
     "got": "^6.1.1",
-    "gulp": "^3.9.0",
+    "gulp": "^4.0.0",
     "gulp-babel": "^6.1.2",
-    "gulp-imagemin": "^2.4.0",
-    "gulp-nodemon": "^2.0.4",
-    "gulp-sourcemaps": "^1.6.0",
-    "gulp-uglify": "^1.4.2",
-    "gulp.spritesmith": "^4.1.0",
+    "gulp-imagemin": "^4.1.0",
+    "gulp-nodemon": "^2.2.1",
+    "gulp.spritesmith": "^6.9.0",
     "habitica-markdown": "^1.3.0",
     "hellojs": "^1.15.1",
     "html-webpack-plugin": "^2.8.1",
-    "image-size": "~0.3.2",
+    "image-size": "^0.6.2",
     "in-app-purchase": "^1.1.6",
     "intro.js": "^2.6.0",
-    "jade": "~1.11.0",
     "jquery": ">=3.0.0",
     "js2xmlparser": "~1.0.0",
     "lodash": "^4.17.4",
     "merge-stream": "^1.0.0",
     "method-override": "^2.3.5",
     "moment": "^2.13.0",
-    "moment-recur": "git://github.com/habitrpg/moment-recur#f147ef27bbc26ca67638385f3db4a44084c76626",
-    "mongoose": "~4.8.6",
-    "mongoose-id-autoinc": "~2013.7.14-4",
+    "moment-recur": "git://github.com/habitrpg/moment-recur.git#f147ef27bbc26ca67638385f3db4a44084c76626",
+    "mongoose": "^4.13.10",
     "morgan": "^1.7.0",
     "nconf": "~0.8.2",
-    "nib": "^1.1.0",
     "node-gcm": "^0.14.4",
     "node-sass": "^4.5.0",
     "nodemailer": "^2.3.2",
-    "object-path": "^0.9.2",
     "ora": "^1.1.0",
     "pageres": "^4.1.1",
     "passport": "^0.3.2",
     "passport-facebook": "^2.0.0",
     "passport-google-oauth20": "1.0.0",
     "paypal-ipn": "3.0.0",
-    "paypal-rest-sdk": "^1.2.1",
-    "popper.js": "^1.11.0",
+    "paypal-rest-sdk": "^1.8.1",
+    "popper.js": "^1.13.0",
     "postcss-easy-import": "^2.0.0",
-    "pretty-data": "^0.40.0",
     "ps-tree": "^1.0.0",
-    "pug": "^2.0.0-beta.12",
-    "push-notify": "git://github.com/habitrpg/push-notify#6bc2b5fdb1bdc9649b9ec1964d79ca50187fc8a9",
+    "pug": "^2.0.0-rc.4",
+    "push-notify": "git://github.com/habitrpg/push-notify.git#6bc2b5fdb1bdc9649b9ec1964d79ca50187fc8a9",
     "pusher": "^1.3.0",
-    "request": "~2.74.0",
+    "request": "^2.83.0",
     "rimraf": "^2.4.3",
-    "run-sequence": "^1.1.4",
-    "s3-upload-stream": "^1.0.6",
     "sass-loader": "^6.0.2",
-    "serve-favicon": "^2.3.0",
-    "shelljs": "^0.7.6",
-    "sortablejs": "^1.6.1",
+    "shelljs": "^0.8.1",
     "stripe": "^4.2.0",
     "superagent": "^3.4.3",
     "svg-inline-loader": "^0.7.1",
     "svg-url-loader": "^2.0.2",
     "svgo-loader": "^1.2.1",
-    "universal-analytics": "~0.3.2",
+    "universal-analytics": "^0.4.16",
     "url-loader": "^0.5.7",
     "useragent": "^2.1.9",
     "uuid": "^3.0.1",
     "validator": "^4.9.0",
-    "vinyl-buffer": "^1.0.0",
-    "vinyl-source-stream": "^1.1.0",
+    "vinyl-buffer": "^1.0.1",
     "vue": "^2.5.2",
     "vue-loader": "^13.3.0",
     "vue-mugen-scroll": "^0.2.1",
     "vue-router": "^3.0.0",
     "vue-style-loader": "^3.0.0",
     "vue-template-compiler": "^2.5.2",
-    "vuejs-datepicker": "git://github.com/habitrpg/vuejs-datepicker#825a866b6a9c52dd8c588a3e8b900880875ce914",
+    "vuedraggable": "^2.15.0",
+    "vuejs-datepicker": "git://github.com/habitrpg/vuejs-datepicker.git#5d237615463a84a23dd6f3f77c6ab577d68593ec",
     "webpack": "^2.2.1",
     "webpack-merge": "^4.0.0",
     "winston": "^2.1.0",
-    "winston-loggly-bulk": "^1.4.2",
+    "winston-loggly-bulk": "^2.0.2",
     "xml2js": "^0.4.4"
   },
   "private": true,
@@ -162,55 +144,44 @@
     "babel-plugin-istanbul": "^4.0.0",
     "chai": "^3.4.0",
     "chai-as-promised": "^5.1.0",
-    "chalk": "^1.1.3",
+    "chalk": "^2.3.0",
     "chromedriver": "^2.27.2",
     "connect-history-api-fallback": "^1.1.0",
-    "coveralls": "^2.11.2",
-    "cross-spawn": "^5.0.1",
+    "coveralls": "^3.0.0",
+    "cross-spawn": "^6.0.4",
     "csv": "~0.3.6",
-    "deep-diff": "~0.1.4",
     "eslint": "^3.0.0",
     "eslint-config-habitrpg": "^3.0.0",
     "eslint-friendly-formatter": "^2.0.5",
     "eslint-loader": "^1.3.0",
     "eslint-plugin-html": "^2.0.0",
     "eslint-plugin-mocha": "^4.7.0",
-    "event-stream": "^3.2.2",
     "eventsource-polyfill": "^0.9.6",
-    "expect.js": "~0.2.0",
+    "expect.js": "^0.3.1",
     "http-proxy-middleware": "^0.17.0",
-    "inject-loader": "^3.0.0-beta4",
     "istanbul": "^1.1.0-alpha.1",
-    "karma": "^1.3.0",
-    "karma-babel-preprocessor": "^6.0.1",
-    "karma-chai-plugins": "~0.6.0",
-    "karma-coverage": "^0.5.3",
-    "karma-mocha": "^0.2.0",
-    "karma-mocha-reporter": "^1.1.1",
+    "karma": "^2.0.0",
+    "karma-babel-preprocessor": "^7.0.0",
+    "karma-chai-plugins": "^0.9.0",
+    "karma-coverage": "^1.1.1",
+    "karma-mocha": "^1.3.0",
+    "karma-mocha-reporter": "^2.2.5",
     "karma-phantomjs-launcher": "^1.0.0",
-    "karma-sinon-chai": "~1.2.0",
+    "karma-sinon-chai": "^1.3.3",
     "karma-sinon-stub-promise": "^1.0.0",
     "karma-sourcemap-loader": "^0.3.7",
-    "karma-spec-reporter": "0.0.24",
+    "karma-spec-reporter": "0.0.32",
     "karma-webpack": "^2.0.2",
-    "lcov-result-merger": "^1.0.2",
-    "lolex": "^1.4.0",
-    "mocha": "^3.2.0",
-    "mongodb": "^2.0.46",
-    "mongoskin": "~2.1.0",
+    "lcov-result-merger": "^2.0.0",
+    "mocha": "^5.0.0",
     "monk": "^4.0.0",
     "nightwatch": "^0.9.12",
     "phantomjs-prebuilt": "^2.1.12",
-    "protractor": "^3.1.1",
-    "raw-loader": "^0.5.1",
     "require-again": "^2.0.0",
-    "rewire": "^2.3.3",
     "selenium-server": "^3.0.1",
-    "sinon": "^1.17.2",
+    "sinon": "^4.2.2",
     "sinon-chai": "^2.8.0",
     "sinon-stub-promise": "^4.0.0",
-    "superagent-defaults": "^0.1.13",
-    "vinyl-transform": "^1.0.0",
     "webpack-bundle-analyzer": "^2.2.1",
     "webpack-dev-middleware": "^1.10.0",
     "webpack-hot-middleware": "^2.6.1"

test/api/v3/integration/challenges/GET-challenges_challengeId_export_csv.test.js

@@ -64,11 +64,11 @@ describe('GET /challenges/:challengeId/export/csv', () => {
     let sortedMembers = _.sortBy([members[0], members[1], members[2], groupLeader], '_id');
     let splitRes = res.split('\n');
 
-    expect(splitRes[0]).to.equal('UUID,name,Task,Value,Notes,Task,Value,Notes');
-    expect(splitRes[1]).to.equal(`${sortedMembers[0]._id},${sortedMembers[0].profile.name},habit:Task 1,0,,todo:Task 2,0,`);
-    expect(splitRes[2]).to.equal(`${sortedMembers[1]._id},${sortedMembers[1].profile.name},habit:Task 1,0,,todo:Task 2,0,`);
-    expect(splitRes[3]).to.equal(`${sortedMembers[2]._id},${sortedMembers[2].profile.name},habit:Task 1,0,,todo:Task 2,0,`);
-    expect(splitRes[4]).to.equal(`${sortedMembers[3]._id},${sortedMembers[3].profile.name},habit:Task 1,0,,todo:Task 2,0,`);
+    expect(splitRes[0]).to.equal('UUID,name,Task,Value,Notes,Streak,Task,Value,Notes,Streak');
+    expect(splitRes[1]).to.equal(`${sortedMembers[0]._id},${sortedMembers[0].profile.name},habit:Task 1,0,,0,todo:Task 2,0,,0`);
+    expect(splitRes[2]).to.equal(`${sortedMembers[1]._id},${sortedMembers[1].profile.name},habit:Task 1,0,,0,todo:Task 2,0,,0`);
+    expect(splitRes[3]).to.equal(`${sortedMembers[2]._id},${sortedMembers[2].profile.name},habit:Task 1,0,,0,todo:Task 2,0,,0`);
+    expect(splitRes[4]).to.equal(`${sortedMembers[3]._id},${sortedMembers[3].profile.name},habit:Task 1,0,,0,todo:Task 2,0,,0`);
     expect(splitRes[5]).to.equal('');
   });
 });

test/api/v3/integration/challenges/GET-challenges_challengeId_members.test.js

@@ -149,7 +149,10 @@ describe('GET /challenges/:challengeId/members', () => {
 
     let usersToGenerate = [];
     for (let i = 0; i < 3; i++) {
-      usersToGenerate.push(generateUser({challenges: [challenge._id]}));
+      usersToGenerate.push(generateUser({
+        challenges: [challenge._id],
+        'profile.name': `${i}profilename`,
+      }));
     }
     let generatedUsers = await Promise.all(usersToGenerate);
     let profileNames = generatedUsers.map(generatedUser => generatedUser.profile.name);

test/api/v3/integration/challenges/GET-challenges_challengeId_members_memberId.test.js

@@ -95,13 +95,23 @@ describe('GET /challenges/:challengeId/members/:memberId', () => {
     expect(memberProgress.tasks[0].challenge.taskId).to.equal(chalTasks[0]._id);
   });
 
-  it('returns the tasks without the tags', async () => {
+  it('returns the tasks without the tags and checklist', async () => {
     let group = await generateGroup(user, {type: 'party', name: generateUUID()});
     let challenge = await generateChallenge(user, group);
     let taskText = 'Test Text';
-    await user.post(`/tasks/challenge/${challenge._id}`, [{type: 'habit', text: taskText}]);
+    await user.post(`/tasks/challenge/${challenge._id}`, [{
+      type: 'todo',
+      text: taskText,
+      checklist: [
+        {
+          _id: 123,
+          text: 'test',
+        },
+      ],
+    }]);
 
     let memberProgress = await user.get(`/challenges/${challenge._id}/members/${user._id}`);
     expect(memberProgress.tasks[0]).not.to.have.key('tags');
+    expect(memberProgress.tasks[0].checklist).to.eql([]);
   });
 });

test/api/v3/integration/challenges/POST-challenges.test.js

@@ -314,5 +314,33 @@ describe('POST /challenges', () => {
       groupLeader = await groupLeader.sync();
       expect(groupLeader.achievements.joinedChallenge).to.be.true;
     });
+
+    it('sets summary to challenges name when not supplied', async () => {
+      const name = 'Test Challenge';
+      const challenge = await groupLeader.post('/challenges', {
+        group: group._id,
+        name,
+        shortName: 'TC Label',
+      });
+
+      const updatedChallenge = await groupLeader.get(`/challenges/${challenge._id}`);
+
+      expect(updatedChallenge.summary).to.eql(name);
+    });
+
+    it('sets summary to challenges', async () => {
+      const name = 'Test Challenge';
+      const summary = 'Test Summary Challenge';
+      const challenge = await groupLeader.post('/challenges', {
+        group: group._id,
+        name,
+        shortName: 'TC Label',
+        summary,
+      });
+
+      const updatedChallenge = await groupLeader.get(`/challenges/${challenge._id}`);
+
+      expect(updatedChallenge.summary).to.eql(summary);
+    });
   });
 });

test/api/v3/integration/challenges/POST-challenges_challengeId_join.test.js

@@ -101,19 +101,21 @@ describe('POST /challenges/:challengeId/join', () => {
     });
 
     it('syncs challenge tasks to joining user', async () => {
-      let taskText = 'A challenge task text';
-
+      const taskText = 'A challenge task text';
       await groupLeader.post(`/tasks/challenge/${challenge._id}`, [
-        {type: 'habit', text: taskText},
+        {type: 'daily', text: taskText},
       ]);
 
       await authorizedUser.post(`/challenges/${challenge._id}/join`);
-      let tasks = await authorizedUser.get('/tasks/user');
-      let tasksTexts = tasks.map((task) => {
-        return task.text;
+
+      const tasks = await authorizedUser.get('/tasks/user');
+      const syncedTask = tasks.find((task) => {
+        return task.text === taskText;
       });
 
-      expect(tasksTexts).to.include(taskText);
+      expect(syncedTask.text).to.eql(taskText);
+      expect(syncedTask.isDue).to.exist;
+      expect(syncedTask.nextDue).to.exist;
     });
 
     it('adds challenge tag to user tags', async () => {

test/api/v3/integration/challenges/POST-challenges_challengeId_winner_winnerId.test.js

@@ -149,13 +149,19 @@ describe('POST /challenges/:challengeId/winner/:winnerId', () => {
 
       await sleep(0.5);
 
-      let tasks = await winningUser.get('/tasks/user');
-      let testTask = _.find(tasks, (task) => {
+      const tasks = await winningUser.get('/tasks/user');
+      const testTask = _.find(tasks, (task) => {
         return task.text === taskText;
       });
 
+      const updatedUser = await winningUser.sync();
+      const challengeTag = updatedUser.tags.find(tags => {
+        return tags.id === challenge._id;
+      });
+
       expect(testTask.challenge.broken).to.eql('CHALLENGE_CLOSED');
       expect(testTask.challenge.winner).to.eql(winningUser.profile.name);
+      expect(challengeTag.challenge).to.eql('false');
     });
   });
 });

test/api/v3/integration/challenges/POST_challenges_id_clone.test.js

@@ -0,0 +1,43 @@
+import {
+  generateUser,
+  generateGroup,
+} from '../../../../helpers/api-v3-integration.helper';
+
+describe('POST /challenges/:challengeId/clone', () => {
+  it('clones a challenge', async () => {
+    const user = await generateUser({balance: 10});
+    const group = await generateGroup(user);
+
+    const name = 'Test Challenge';
+    const shortName = 'TC Label';
+    const description = 'Test Description';
+    const prize = 1;
+
+    const challenge = await user.post('/challenges', {
+      group: group._id,
+      name,
+      shortName,
+      description,
+      prize,
+    });
+    const challengeTask = await user.post(`/tasks/challenge/${challenge._id}`, {
+      text: 'test habit',
+      type: 'habit',
+      up: false,
+      down: true,
+      notes: 1976,
+    });
+
+    const cloneChallengeResponse = await user.post(`/challenges/${challenge._id}/clone`, {
+      group: group._id,
+      name: `${name} cloned`,
+      shortName,
+      description,
+      prize,
+    });
+
+    expect(cloneChallengeResponse.clonedTasks[0].text).to.eql(challengeTask.text);
+    expect(cloneChallengeResponse.clonedTasks[0]._id).to.not.eql(challengeTask._id);
+    expect(cloneChallengeResponse.clonedTasks[0].challenge.id).to.eql(cloneChallengeResponse.clonedChallenge._id);
+  });
+});

test/api/v3/integration/chat/DELETE-chat_id.test.js

@@ -71,11 +71,9 @@ describe('DELETE /groups/:groupId/chat/:chatId', () => {
     });
 
     it('returns the update chat when previous message parameter is passed and the chat is updated', async () => {
-      await expect(user.del(`/groups/${groupWithChat._id}/chat/${nextMessage.id}?previousMsg=${message.id}`))
-        .eventually
-        .is.an('array')
-        .to.include(message)
-        .to.be.lengthOf(1);
+      let deleteResult = await user.del(`/groups/${groupWithChat._id}/chat/${nextMessage.id}?previousMsg=${message.id}`);
+
+      expect(deleteResult[0].id).to.eql(message.id);
     });
   });
 });

test/api/v3/integration/chat/POST-chat.test.js

@@ -1,5 +1,6 @@
 import {
   createAndPopulateGroup,
+  generateUser,
   translate as t,
   sleep,
   server,
@@ -233,7 +234,7 @@ describe('POST /chat', () => {
       // Email sent to mods
       await sleep(0.5);
       expect(email.sendTxn).to.be.calledOnce;
-      expect(email.sendTxn.args[0][1]).to.be.eql('slur-report-to-mods');
+      expect(email.sendTxn.args[0][1]).to.eql('slur-report-to-mods');
 
       // Slack message to mods
       expect(IncomingWebhook.prototype.send).to.be.calledOnce;
@@ -286,7 +287,7 @@ describe('POST /chat', () => {
       // Email sent to mods
       await sleep(0.5);
       expect(email.sendTxn).to.be.calledThrice;
-      expect(email.sendTxn.args[2][1]).to.be.eql('slur-report-to-mods');
+      expect(email.sendTxn.args[2][1]).to.eql('slur-report-to-mods');
 
       // Slack message to mods
       expect(IncomingWebhook.prototype.send).to.be.calledOnce;
@@ -363,6 +364,48 @@ describe('POST /chat', () => {
     expect(message.message.id).to.exist;
   });
 
+  it('creates a chat with user styles', async () => {
+    const mount = 'test-mount';
+    const pet = 'test-pet';
+    const style = 'test-style';
+    const userWithStyle = await generateUser({
+      'items.currentMount': mount,
+      'items.currentPet': pet,
+      'preferences.style': style,
+    });
+    await userWithStyle.sync();
+
+    const message = await userWithStyle.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage});
+
+    expect(message.message.id).to.exist;
+    expect(message.message.userStyles.items.currentMount).to.eql(userWithStyle.items.currentMount);
+    expect(message.message.userStyles.items.currentPet).to.eql(userWithStyle.items.currentPet);
+    expect(message.message.userStyles.preferences.style).to.eql(userWithStyle.preferences.style);
+    expect(message.message.userStyles.preferences.hair).to.eql(userWithStyle.preferences.hair);
+    expect(message.message.userStyles.preferences.skin).to.eql(userWithStyle.preferences.skin);
+    expect(message.message.userStyles.preferences.shirt).to.eql(userWithStyle.preferences.shirt);
+    expect(message.message.userStyles.preferences.chair).to.eql(userWithStyle.preferences.chair);
+    expect(message.message.userStyles.preferences.background).to.eql(userWithStyle.preferences.background);
+  });
+
+  it('adds backer info to chat', async () => {
+    const backerInfo = {
+      npc: 'Town Crier',
+      tier: 800,
+      tokensApplied: true,
+    };
+    const backer = await generateUser({
+      backer: backerInfo,
+    });
+
+    const message = await backer.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage});
+    const messageBackerInfo = message.message.backer;
+
+    expect(messageBackerInfo.npc).to.equal(backerInfo.npc);
+    expect(messageBackerInfo.tier).to.equal(backerInfo.tier);
+    expect(messageBackerInfo.tokensApplied).to.equal(backerInfo.tokensApplied);
+  });
+
   it('sends group chat received webhooks', async () => {
     let userUuid = generateUUID();
     let memberUuid = generateUUID();
@@ -407,6 +450,9 @@ describe('POST /chat', () => {
 
     expect(message.message.id).to.exist;
     expect(memberWithNotification.newMessages[`${groupWithChat._id}`]).to.exist;
+    expect(memberWithNotification.notifications.find(n => {
+      return n.type === 'NEW_CHAT_MESSAGE' && n.data.group.id === groupWithChat._id;
+    })).to.exist;
   });
 
   it('notifies other users of new messages for a party', async () => {
@@ -424,6 +470,9 @@ describe('POST /chat', () => {
 
     expect(message.message.id).to.exist;
     expect(memberWithNotification.newMessages[`${group._id}`]).to.exist;
+    expect(memberWithNotification.notifications.find(n => {
+      return n.type === 'NEW_CHAT_MESSAGE' && n.data.group.id === group._id;
+    })).to.exist;
   });
 
   context('Spam prevention', () => {

test/api/v3/integration/chat/POST-chat_seen.test.js

@@ -1,5 +1,6 @@
 import {
   createAndPopulateGroup,
+  sleep,
 } from '../../../../helpers/api-v3-integration.helper';
 
 describe('POST /groups/:id/chat/seen', () => {
@@ -24,10 +25,15 @@ describe('POST /groups/:id/chat/seen', () => {
     });
 
     it('clears new messages for a guild', async () => {
+      await guildMember.sync();
+      const initialNotifications = guildMember.notifications.length;
       await guildMember.post(`/groups/${guild._id}/chat/seen`);
 
+      await sleep(0.5);
+
       let guildThatHasSeenChat = await guildMember.get('/user');
 
+      expect(guildThatHasSeenChat.notifications.length).to.equal(initialNotifications - 1);
       expect(guildThatHasSeenChat.newMessages).to.be.empty;
     });
   });
@@ -53,10 +59,13 @@ describe('POST /groups/:id/chat/seen', () => {
     });
 
     it('clears new messages for a party', async () => {
+      await partyMember.sync();
+      const initialNotifications = partyMember.notifications.length;
       await partyMember.post(`/groups/${party._id}/chat/seen`);
 
       let partyMemberThatHasSeenChat = await partyMember.get('/user');
 
+      expect(partyMemberThatHasSeenChat.notifications.length).to.equal(initialNotifications - 1);
       expect(partyMemberThatHasSeenChat.newMessages).to.be.empty;
     });
   });

test/api/v3/integration/chat/POST-groups_id_chat_id_clear_flags.test.js

@@ -3,6 +3,7 @@ import {
   generateUser,
   translate as t,
 } from '../../../../helpers/api-v3-integration.helper';
+import config from '../../../../../config.json';
 import { v4 as generateUUID } from 'uuid';
 
 describe('POST /groups/:id/chat/:id/clearflags', () => {
@@ -74,7 +75,7 @@ describe('POST /groups/:id/chat/:id/clearflags', () => {
       expect(messages[0].flagCount).to.eql(0);
     });
 
-    it('can unflag a system message', async () => {
+    it('can\'t flag a system message', async () => {
       let { group, members } = await createAndPopulateGroup({
         groupDetails: {
           type: 'party',
@@ -95,13 +96,15 @@ describe('POST /groups/:id/chat/:id/clearflags', () => {
       await member.post('/user/class/cast/mpheal');
 
       let [skillMsg] = await member.get(`/groups/${group.id}/chat`);
-
-      await member.post(`/groups/${group._id}/chat/${skillMsg.id}/flag`);
-      await admin.post(`/groups/${group._id}/chat/${skillMsg.id}/clearflags`);
-
-      let messages = await members[0].get(`/groups/${group._id}/chat`);
-      expect(messages[0].id).to.eql(skillMsg.id);
-      expect(messages[0].flagCount).to.eql(0);
+      await expect(member.post(`/groups/${group._id}/chat/${skillMsg.id}/flag`))
+        .to.eventually.be.rejected.and.eql({
+          code: 400,
+          error: 'BadRequest',
+          message: t('messageCannotFlagSystemMessages', {communityManagerEmail: config.EMAILS.COMMUNITY_MANAGER_EMAIL}),
+        });
+      // let messages = await members[0].get(`/groups/${group._id}/chat`);
+      // expect(messages[0].id).to.eql(skillMsg.id);
+      // expect(messages[0].flagCount).to.eql(0);
     });
   });
 

test/api/v3/integration/coupons/GET-coupons.test.js

@@ -1,8 +1,8 @@
 import {
   generateUser,
-  translate as t,
   resetHabiticaDB,
 } from '../../../../helpers/api-v3-integration.helper';
+import apiMessages from '../../../../../website/server/libs/apiMessages';
 
 describe('GET /coupons/', () => {
   let user;
@@ -19,7 +19,7 @@ describe('GET /coupons/', () => {
     await expect(user.get('/coupons')).to.eventually.be.rejected.and.eql({
       code: 401,
       error: 'NotAuthorized',
-      message: t('noSudoAccess'),
+      message: apiMessages('noSudoAccess'),
     });
   });
 

test/api/v3/integration/coupons/POST-coupons_generate_event.test.js

@@ -4,6 +4,7 @@ import {
   resetHabiticaDB,
 } from '../../../../helpers/api-v3-integration.helper';
 import couponCode from 'coupon-code';
+import apiMessages from '../../../../../website/server/libs/apiMessages';
 
 describe('POST /coupons/generate/:event', () => {
   let user;
@@ -25,7 +26,7 @@ describe('POST /coupons/generate/:event', () => {
     await expect(user.post('/coupons/generate/aaa')).to.eventually.be.rejected.and.eql({
       code: 401,
       error: 'NotAuthorized',
-      message: t('noSudoAccess'),
+      message: apiMessages('noSudoAccess'),
     });
   });
 

test/api/v3/integration/groups/GET-groups_groupId_members.test.js

@@ -72,7 +72,7 @@ describe('GET /groups/:groupId/members', () => {
 
     expect(memberRes).to.have.all.keys([ // works as: object has all and only these keys
       '_id', 'id', 'preferences', 'profile', 'stats', 'achievements', 'party',
-      'backer', 'contributor', 'auth', 'items', 'inbox',
+      'backer', 'contributor', 'auth', 'items', 'inbox', 'loginIncentives',
     ]);
     expect(Object.keys(memberRes.auth)).to.eql(['timestamps']);
     expect(Object.keys(memberRes.preferences).sort()).to.eql([
@@ -93,7 +93,7 @@ describe('GET /groups/:groupId/members', () => {
 
     expect(memberRes).to.have.all.keys([ // works as: object has all and only these keys
       '_id', 'id', 'preferences', 'profile', 'stats', 'achievements', 'party',
-      'backer', 'contributor', 'auth', 'items', 'inbox',
+      'backer', 'contributor', 'auth', 'items', 'inbox', 'loginIncentives',
     ]);
     expect(Object.keys(memberRes.auth)).to.eql(['timestamps']);
     expect(Object.keys(memberRes.preferences).sort()).to.eql([
@@ -161,4 +161,19 @@ describe('GET /groups/:groupId/members', () => {
     let resIds = res.concat(res2).map(member => member._id);
     expect(resIds).to.eql(expectedIds.sort());
   });
+
+  it('searches members', async () => {
+    let group = await generateGroup(user, {type: 'party', name: generateUUID()});
+
+    let usersToGenerate = [];
+    for (let i = 0; i < 2; i++) {
+      usersToGenerate.push(generateUser({party: {_id: group._id}}));
+    }
+    const usersCreated = await Promise.all(usersToGenerate);
+    const userToSearch = usersCreated[0].profile.name;
+
+    let res = await user.get(`/groups/party/members?search=${userToSearch}`);
+    expect(res.length).to.equal(1);
+    expect(res[0].profile.name).to.equal(userToSearch);
+  });
 });

test/api/v3/integration/groups/POST-groups.test.js

@@ -44,6 +44,32 @@ describe('POST /group', () => {
         },
       });
     });
+
+    it('sets summary to groups name when not supplied', async () => {
+      const name = 'Test Group';
+      const group = await user.post('/groups', {
+        name,
+        type: 'guild',
+      });
+
+      const updatedGroup = await user.get(`/groups/${group._id}`);
+
+      expect(updatedGroup.summary).to.eql(name);
+    });
+
+    it('sets summary to groups', async () => {
+      const name = 'Test Group';
+      const summary = 'Test Summary';
+      const group = await user.post('/groups', {
+        name,
+        type: 'guild',
+        summary,
+      });
+
+      const updatedGroup = await user.get(`/groups/${group._id}`);
+
+      expect(updatedGroup.summary).to.eql(summary);
+    });
   });
 
   context('Guilds', () => {

test/api/v3/integration/groups/POST-groups_groupId_leave.js

@@ -10,6 +10,8 @@ import { v4 as generateUUID } from 'uuid';
 import {
   each,
 } from 'lodash';
+import { model as User } from '../../../../../website/server/models/user';
+import * as payments from '../../../../../website/server/libs/payments';
 
 describe('POST /groups/:groupId/leave', () => {
   let typesOfGroups = {
@@ -68,13 +70,21 @@ describe('POST /groups/:groupId/leave', () => {
       it('removes new messages for that group from user', async () => {
         await member.post(`/groups/${groupToLeave._id}/chat`, { message: 'Some message' });
 
+        await sleep(0.5);
+
         await leader.sync();
 
+        expect(leader.notifications.find(n => {
+          return n.type === 'NEW_CHAT_MESSAGE' && n.data.group.id === groupToLeave._id;
+        })).to.exist;
         expect(leader.newMessages[groupToLeave._id]).to.not.be.empty;
 
         await leader.post(`/groups/${groupToLeave._id}/leave`);
         await leader.sync();
 
+        expect(leader.notifications.find(n => {
+          return n.type === 'NEW_CHAT_MESSAGE' && n.data.group.id === groupToLeave._id;
+        })).to.not.exist;
         expect(leader.newMessages[groupToLeave._id]).to.be.empty;
       });
 
@@ -254,7 +264,7 @@ describe('POST /groups/:groupId/leave', () => {
     it('deletes non existant party from user when user tries to leave', async () => {
       let nonExistentPartyId = generateUUID();
       let userWithNonExistentParty = await generateUser({'party._id': nonExistentPartyId});
-      expect(userWithNonExistentParty.party._id).to.be.eql(nonExistentPartyId);
+      expect(userWithNonExistentParty.party._id).to.eql(nonExistentPartyId);
 
       await expect(userWithNonExistentParty.post(`/groups/${nonExistentPartyId}/leave`))
         .to.eventually.be.rejected;
@@ -264,4 +274,45 @@ describe('POST /groups/:groupId/leave', () => {
       expect(userWithNonExistentParty.party).to.eql({});
     });
   });
+
+  context('Leaving a group plan', () => {
+    it('cancels the free subscription', async () => {
+      // Create group
+      let { group, groupLeader, members } = await createAndPopulateGroup({
+        groupDetails: {
+          name: 'Test Private Guild',
+          type: 'guild',
+        },
+        members: 1,
+      });
+
+      let leader = groupLeader;
+      let member = members[0];
+      let userWithFreePlan = await User.findById(leader._id).exec();
+
+      // Create subscription
+      let paymentData = {
+        user: userWithFreePlan,
+        groupId: group._id,
+        sub: {
+          key: 'basic_3mo',
+        },
+        customerId: 'customer-id',
+        paymentMethod: 'Payment Method',
+        headers: {
+          'x-client': 'habitica-web',
+          'user-agent': '',
+        },
+      };
+      await payments.createSubscription(paymentData);
+      await member.sync();
+      expect(member.purchased.plan.planId).to.equal('group_plan_auto');
+      expect(member.purchased.plan.dateTerminated).to.not.exist;
+
+      // Leave
+      await member.post(`/groups/${group._id}/leave`);
+      await member.sync();
+      expect(member.purchased.plan.dateTerminated).to.exist;
+    });
+  });
 });

test/api/v3/integration/groups/POST-groups_id_removeMember.test.js

@@ -2,6 +2,7 @@ import {
   generateUser,
   createAndPopulateGroup,
   translate as t,
+  sleep,
 } from '../../../../helpers/api-v3-integration.helper';
 import * as email from '../../../../../website/server/libs/email';
 
@@ -119,16 +120,16 @@ describe('POST /groups/:groupId/removeMember/:memberId', () => {
       await leader.post(`/groups/${guild._id}/removeMember/${invitedUser._id}`);
 
       expect(email.sendTxn).to.be.calledOnce;
-      expect(email.sendTxn.args[0][0]._id).to.be.eql(invitedUser._id);
-      expect(email.sendTxn.args[0][1]).to.be.eql('guild-invite-rescinded');
+      expect(email.sendTxn.args[0][0]._id).to.eql(invitedUser._id);
+      expect(email.sendTxn.args[0][1]).to.eql('guild-invite-rescinded');
     });
 
     it('sends email to removed user', async () => {
       await leader.post(`/groups/${guild._id}/removeMember/${member._id}`);
 
       expect(email.sendTxn).to.be.calledOnce;
-      expect(email.sendTxn.args[0][0]._id).to.be.eql(member._id);
-      expect(email.sendTxn.args[0][1]).to.be.eql('kicked-from-guild');
+      expect(email.sendTxn.args[0][0]._id).to.eql(member._id);
+      expect(email.sendTxn.args[0][1]).to.eql('kicked-from-guild');
     });
   });
 
@@ -188,13 +189,20 @@ describe('POST /groups/:groupId/removeMember/:memberId', () => {
 
     it('removes new messages from a member who is removed', async () => {
       await partyLeader.post(`/groups/${party._id}/chat`, { message: 'Some message' });
+      await sleep(0.5);
       await removedMember.sync();
 
+      expect(removedMember.notifications.find(n => {
+        return n.type === 'NEW_CHAT_MESSAGE' && n.data.group.id === party._id;
+      })).to.exist;
       expect(removedMember.newMessages[party._id]).to.not.be.empty;
 
       await partyLeader.post(`/groups/${party._id}/removeMember/${removedMember._id}`);
       await removedMember.sync();
 
+      expect(removedMember.notifications.find(n => {
+        return n.type === 'NEW_CHAT_MESSAGE' && n.data.group.id === party._id;
+      })).to.not.exist;
       expect(removedMember.newMessages[party._id]).to.be.empty;
     });
 
@@ -247,16 +255,16 @@ describe('POST /groups/:groupId/removeMember/:memberId', () => {
       await partyLeader.post(`/groups/${party._id}/removeMember/${partyInvitedUser._id}`);
 
       expect(email.sendTxn).to.be.calledOnce;
-      expect(email.sendTxn.args[0][0]._id).to.be.eql(partyInvitedUser._id);
-      expect(email.sendTxn.args[0][1]).to.be.eql('party-invite-rescinded');
+      expect(email.sendTxn.args[0][0]._id).to.eql(partyInvitedUser._id);
+      expect(email.sendTxn.args[0][1]).to.eql('party-invite-rescinded');
     });
 
     it('sends email to removed user', async () => {
       await partyLeader.post(`/groups/${party._id}/removeMember/${partyMember._id}`);
 
       expect(email.sendTxn).to.be.calledOnce;
-      expect(email.sendTxn.args[0][0]._id).to.be.eql(partyMember._id);
-      expect(email.sendTxn.args[0][1]).to.be.eql('kicked-from-party');
+      expect(email.sendTxn.args[0][0]._id).to.eql(partyMember._id);
+      expect(email.sendTxn.args[0][1]).to.eql('kicked-from-party');
     });
   });
 });

test/api/v3/integration/groups/POST-groups_invite.test.js

@@ -110,6 +110,7 @@ describe('Post /groups/:groupId/invite', () => {
         id: group._id,
         name: groupName,
         inviter: inviter._id,
+        publicGuild: false,
       }]);
 
       await expect(userToInvite.get('/user'))
@@ -127,11 +128,13 @@ describe('Post /groups/:groupId/invite', () => {
           id: group._id,
           name: groupName,
           inviter: inviter._id,
+          publicGuild: false,
         },
         {
           id: group._id,
           name: groupName,
           inviter: inviter._id,
+          publicGuild: false,
         },
       ]);
 

test/api/v3/integration/members/GET-members_id.test.js

@@ -32,7 +32,7 @@ describe('GET /members/:memberId', () => {
     let memberRes = await user.get(`/members/${member._id}`);
     expect(memberRes).to.have.all.keys([ // works as: object has all and only these keys
       '_id', 'id', 'preferences', 'profile', 'stats', 'achievements', 'party',
-      'backer', 'contributor', 'auth', 'items', 'inbox',
+      'backer', 'contributor', 'auth', 'items', 'inbox', 'loginIncentives',
     ]);
     expect(Object.keys(memberRes.auth)).to.eql(['timestamps']);
     expect(Object.keys(memberRes.preferences).sort()).to.eql([

test/api/v3/integration/members/POST-send_private_message.test.js

@@ -98,6 +98,7 @@ describe('POST /members/send-private-message', () => {
 
   it('sends a private message to a user', async () => {
     let receiver = await generateUser();
+    // const initialNotifications = receiver.notifications.length;
 
     await userToSendMessage.post('/members/send-private-message', {
       message: messageToSend,
@@ -115,6 +116,92 @@ describe('POST /members/send-private-message', () => {
       return message.uuid === receiver._id && message.text === messageToSend;
     });
 
+    // @TODO waiting for mobile support
+    // expect(updatedReceiver.notifications.length).to.equal(initialNotifications + 1);
+    // const notification = updatedReceiver.notifications[updatedReceiver.notifications.length - 1];
+
+    // expect(notification.type).to.equal('NEW_INBOX_MESSAGE');
+    // expect(notification.data.messageId).to.equal(sendersMessageInReceiversInbox.id);
+    // expect(notification.data.excerpt).to.equal(messageToSend);
+    // expect(notification.data.sender.id).to.equal(updatedSender._id);
+    // expect(notification.data.sender.name).to.equal(updatedSender.profile.name);
+
+    expect(sendersMessageInReceiversInbox).to.exist;
+    expect(sendersMessageInSendersInbox).to.exist;
+  });
+
+  // @TODO waiting for mobile support
+  xit('creates a notification with an excerpt if the message is too long', async () => {
+    let receiver = await generateUser();
+    let longerMessageToSend = 'A very long message, that for sure exceeds the limit of 100 chars for the excerpt that we set to 100 chars';
+    let messageExcerpt = `${longerMessageToSend.substring(0, 100)}...`;
+
+    await userToSendMessage.post('/members/send-private-message', {
+      message: longerMessageToSend,
+      toUserId: receiver._id,
+    });
+
+    let updatedReceiver = await receiver.get('/user');
+
+    let sendersMessageInReceiversInbox = _.find(updatedReceiver.inbox.messages, (message) => {
+      return message.uuid === userToSendMessage._id && message.text === longerMessageToSend;
+    });
+
+    const notification = updatedReceiver.notifications[updatedReceiver.notifications.length - 1];
+
+    expect(notification.type).to.equal('NEW_INBOX_MESSAGE');
+    expect(notification.data.messageId).to.equal(sendersMessageInReceiversInbox.id);
+    expect(notification.data.excerpt).to.equal(messageExcerpt);
+  });
+
+  it('allows admin to send when sender has blocked the admin', async () => {
+    userToSendMessage = await generateUser({
+      'contributor.admin': 1,
+    });
+    const receiver = await generateUser({'inbox.blocks': [userToSendMessage._id]});
+
+    await userToSendMessage.post('/members/send-private-message', {
+      message: messageToSend,
+      toUserId: receiver._id,
+    });
+
+    const updatedReceiver = await receiver.get('/user');
+    const updatedSender = await userToSendMessage.get('/user');
+
+    const sendersMessageInReceiversInbox = _.find(updatedReceiver.inbox.messages, (message) => {
+      return message.uuid === userToSendMessage._id && message.text === messageToSend;
+    });
+
+    const sendersMessageInSendersInbox = _.find(updatedSender.inbox.messages, (message) => {
+      return message.uuid === receiver._id && message.text === messageToSend;
+    });
+
+    expect(sendersMessageInReceiversInbox).to.exist;
+    expect(sendersMessageInSendersInbox).to.exist;
+  });
+
+  it('allows admin to send when to user has opted out of messaging', async () => {
+    userToSendMessage = await generateUser({
+      'contributor.admin': 1,
+    });
+    const receiver = await generateUser({'inbox.optOut': true});
+
+    await userToSendMessage.post('/members/send-private-message', {
+      message: messageToSend,
+      toUserId: receiver._id,
+    });
+
+    const updatedReceiver = await receiver.get('/user');
+    const updatedSender = await userToSendMessage.get('/user');
+
+    const sendersMessageInReceiversInbox = _.find(updatedReceiver.inbox.messages, (message) => {
+      return message.uuid === userToSendMessage._id && message.text === messageToSend;
+    });
+
+    const sendersMessageInSendersInbox = _.find(updatedSender.inbox.messages, (message) => {
+      return message.uuid === receiver._id && message.text === messageToSend;
+    });
+
     expect(sendersMessageInReceiversInbox).to.exist;
     expect(sendersMessageInSendersInbox).to.exist;
   });

test/api/v3/integration/news/GET-news.test.js

@@ -0,0 +1,16 @@
+import {
+  requester,
+} from '../../../../helpers/api-v3-integration.helper';
+
+describe('GET /news', () => {
+  let api;
+
+  beforeEach(async () => {
+    api = requester();
+  });
+
+  it('returns the latest news in html format, does not require authentication', async () => {
+    const res = await api.get('/news');
+    expect(res).to.be.a.string;
+  });
+});

test/api/v3/integration/news/POST-news_tell_me_later.test.js

@@ -0,0 +1,42 @@
+import {
+  generateUser,
+} from '../../../../helpers/api-v3-integration.helper';
+
+describe('POST /news/tell-me-later', () => {
+  let user;
+
+  beforeEach(async () => {
+    user = await generateUser({
+      'flags.newStuff': true,
+    });
+  });
+
+  it('marks new stuff as read and adds notification', async () => {
+    expect(user.flags.newStuff).to.equal(true);
+    const initialNotifications = user.notifications.length;
+
+    await user.post('/news/tell-me-later');
+    await user.sync();
+
+    expect(user.flags.newStuff).to.equal(false);
+    expect(user.notifications.length).to.equal(initialNotifications + 1);
+
+    const notification = user.notifications[user.notifications.length - 1];
+
+    expect(notification.type).to.equal('NEW_STUFF');
+     // should be marked as seen by default so it's not counted in the number of notifications
+    expect(notification.seen).to.equal(true);
+    expect(notification.data.title).to.be.a.string;
+  });
+
+  it('never adds two notifications', async () => {
+    const initialNotifications = user.notifications.length;
+
+    await user.post('/news/tell-me-later');
+    await user.post('/news/tell-me-later');
+
+    await user.sync();
+
+    expect(user.notifications.length).to.equal(initialNotifications + 1);
+  });
+});

test/api/v3/integration/notifications/POST-notifications_notificationId_read.test.js

@@ -47,6 +47,7 @@ describe('POST /notifications/:notificationId/read', () => {
       id: id2,
       type: 'LOGIN_INCENTIVE',
       data: {},
+      seen: false,
     }]);
 
     await user.sync();

test/api/v3/integration/notifications/POST-notifications_notificationId_see.test.js

@@ -0,0 +1,59 @@
+import {
+  generateUser,
+  translate as t,
+} from '../../../../helpers/api-v3-integration.helper';
+import { v4 as generateUUID } from 'uuid';
+
+describe('POST /notifications/:notificationId/see', () => {
+  let user;
+
+  before(async () => {
+    user = await generateUser();
+  });
+
+  it('errors when notification is not found', async () => {
+    let dummyId = generateUUID();
+
+    await expect(user.post(`/notifications/${dummyId}/see`)).to.eventually.be.rejected.and.eql({
+      code: 404,
+      error: 'NotFound',
+      message: t('messageNotificationNotFound'),
+    });
+  });
+
+  it('mark a notification as seen', async () => {
+    expect(user.notifications.length).to.equal(0);
+
+    const id = generateUUID();
+    const id2 = generateUUID();
+
+    await user.update({
+      notifications: [{
+        id,
+        type: 'DROPS_ENABLED',
+        data: {},
+      }, {
+        id: id2,
+        type: 'LOGIN_INCENTIVE',
+        data: {},
+      }],
+    });
+
+    const userObj = await user.get('/user'); // so we can check that defaults have been applied
+    expect(userObj.notifications.length).to.equal(2);
+    expect(userObj.notifications[0].seen).to.equal(false);
+
+    const res = await user.post(`/notifications/${id}/see`);
+    expect(res).to.deep.equal({
+      id,
+      type: 'DROPS_ENABLED',
+      data: {},
+      seen: true,
+    });
+
+    await user.sync();
+    expect(user.notifications.length).to.equal(2);
+    expect(user.notifications[0].id).to.equal(id);
+    expect(user.notifications[0].seen).to.equal(true);
+  });
+});

test/api/v3/integration/notifications/POST-notifications_read.test.js

@@ -4,7 +4,7 @@ import {
 } from '../../../../helpers/api-v3-integration.helper';
 import { v4 as generateUUID } from 'uuid';
 
-describe('POST /notifications/:notificationId/read', () => {
+describe('POST /notifications/read', () => {
   let user;
 
   before(async () => {
@@ -57,6 +57,7 @@ describe('POST /notifications/:notificationId/read', () => {
       id: id2,
       type: 'LOGIN_INCENTIVE',
       data: {},
+      seen: false,
     }]);
 
     await user.sync();

test/api/v3/integration/notifications/POST_notifications_see.test.js

@@ -0,0 +1,88 @@
+import {
+  generateUser,
+  translate as t,
+} from '../../../../helpers/api-v3-integration.helper';
+import { v4 as generateUUID } from 'uuid';
+
+describe('POST /notifications/see', () => {
+  let user;
+
+  before(async () => {
+    user = await generateUser();
+  });
+
+  it('errors when notification is not found', async () => {
+    let dummyId = generateUUID();
+
+    await expect(user.post('/notifications/see', {
+      notificationIds: [dummyId],
+    })).to.eventually.be.rejected.and.eql({
+      code: 404,
+      error: 'NotFound',
+      message: t('messageNotificationNotFound'),
+    });
+  });
+
+  it('mark multiple notifications as seen', async () => {
+    expect(user.notifications.length).to.equal(0);
+
+    const id = generateUUID();
+    const id2 = generateUUID();
+    const id3 = generateUUID();
+
+    await user.update({
+      notifications: [{
+        id,
+        type: 'DROPS_ENABLED',
+        data: {},
+        seen: false,
+      }, {
+        id: id2,
+        type: 'LOGIN_INCENTIVE',
+        data: {},
+        seen: false,
+      }, {
+        id: id3,
+        type: 'CRON',
+        data: {},
+        seen: false,
+      }],
+    });
+
+    await user.sync();
+    expect(user.notifications.length).to.equal(3);
+
+    const res = await user.post('/notifications/see', {
+      notificationIds: [id, id3],
+    });
+
+    expect(res).to.deep.equal([
+      {
+        id,
+        type: 'DROPS_ENABLED',
+        data: {},
+        seen: true,
+      }, {
+        id: id2,
+        type: 'LOGIN_INCENTIVE',
+        data: {},
+        seen: false,
+      }, {
+        id: id3,
+        type: 'CRON',
+        data: {},
+        seen: true,
+      }]);
+
+    await user.sync();
+    expect(user.notifications.length).to.equal(3);
+    expect(user.notifications[0].id).to.equal(id);
+    expect(user.notifications[0].seen).to.equal(true);
+
+    expect(user.notifications[1].id).to.equal(id2);
+    expect(user.notifications[1].seen).to.equal(false);
+
+    expect(user.notifications[2].id).to.equal(id3);
+    expect(user.notifications[2].seen).to.equal(true);
+  });
+});

test/api/v3/integration/tasks/POST-tasks_id_score_direction.test.js

@@ -130,6 +130,7 @@ describe('POST /tasks/:id/score/:direction', () => {
     });
 
     it('uncompletes todo when direction is down', async () => {
+      await user.post(`/tasks/${todo._id}/score/up`);
       await user.post(`/tasks/${todo._id}/score/down`);
       let updatedTask = await user.get(`/tasks/${todo._id}`);
 
@@ -137,9 +138,23 @@ describe('POST /tasks/:id/score/:direction', () => {
       expect(updatedTask.dateCompleted).to.be.a('undefined');
     });
 
-    it('scores up todo even if it is already completed'); // Yes?
+    it('doesn\'t let a todo be completed twice', async () => {
+      await user.post(`/tasks/${todo._id}/score/up`);
+      await expect(user.post(`/tasks/${todo._id}/score/up`))
+      .to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('sessionOutdated'),
+      });
+    });
 
-    it('scores down todo even if it is already uncompleted'); // Yes?
+    it('doesn\'t let a todo be uncompleted twice', async () => {
+      await expect(user.post(`/tasks/${todo._id}/score/down`)).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('sessionOutdated'),
+      });
+    });
 
     context('user stats when direction is up', () => {
       let updatedUser;
@@ -163,23 +178,25 @@ describe('POST /tasks/:id/score/:direction', () => {
     });
 
     context('user stats when direction is down', () => {
-      let updatedUser;
+      let updatedUser, initialUser;
 
       beforeEach(async () => {
+        await user.post(`/tasks/${todo._id}/score/up`);
+        initialUser = await user.get('/user');
         await user.post(`/tasks/${todo._id}/score/down`);
         updatedUser = await user.get('/user');
       });
 
       it('decreases user\'s mp', () => {
-        expect(updatedUser.stats.mp).to.be.lessThan(user.stats.mp);
+        expect(updatedUser.stats.mp).to.be.lessThan(initialUser.stats.mp);
       });
 
       it('decreases user\'s exp', () => {
-        expect(updatedUser.stats.exp).to.be.lessThan(user.stats.exp);
+        expect(updatedUser.stats.exp).to.be.lessThan(initialUser.stats.exp);
       });
 
       it('decreases user\'s gold', () => {
-        expect(updatedUser.stats.gp).to.be.lessThan(user.stats.gp);
+        expect(updatedUser.stats.gp).to.be.lessThan(initialUser.stats.gp);
       });
     });
   });
@@ -202,6 +219,7 @@ describe('POST /tasks/:id/score/:direction', () => {
     });
 
     it('uncompletes daily when direction is down', async () => {
+      await user.post(`/tasks/${daily._id}/score/up`);
       await user.post(`/tasks/${daily._id}/score/down`);
       let task = await user.get(`/tasks/${daily._id}`);
 
@@ -222,9 +240,22 @@ describe('POST /tasks/:id/score/:direction', () => {
       expect(task.nextDue.length).to.eql(6);
     });
 
-    it('scores up daily even if it is already completed'); // Yes?
+    it('doesn\'t let a daily be completed twice', async () => {
+      await user.post(`/tasks/${daily._id}/score/up`);
+      await expect(user.post(`/tasks/${daily._id}/score/up`)).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('sessionOutdated'),
+      });
+    });
 
-    it('scores down daily even if it is already uncompleted'); // Yes?
+    it('doesn\'t let a daily be uncompleted twice', async () => {
+      await expect(user.post(`/tasks/${daily._id}/score/down`)).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('sessionOutdated'),
+      });
+    });
 
     context('user stats when direction is up', () => {
       let updatedUser;
@@ -248,23 +279,25 @@ describe('POST /tasks/:id/score/:direction', () => {
     });
 
     context('user stats when direction is down', () => {
-      let updatedUser;
+      let updatedUser, initialUser;
 
       beforeEach(async () => {
+        await user.post(`/tasks/${daily._id}/score/up`);
+        initialUser = await user.get('/user');
         await user.post(`/tasks/${daily._id}/score/down`);
         updatedUser = await user.get('/user');
       });
 
       it('decreases user\'s mp', () => {
-        expect(updatedUser.stats.mp).to.be.lessThan(user.stats.mp);
+        expect(updatedUser.stats.mp).to.be.lessThan(initialUser.stats.mp);
       });
 
       it('decreases user\'s exp', () => {
-        expect(updatedUser.stats.exp).to.be.lessThan(user.stats.exp);
+        expect(updatedUser.stats.exp).to.be.lessThan(initialUser.stats.exp);
       });
 
       it('decreases user\'s gold', () => {
-        expect(updatedUser.stats.gp).to.be.lessThan(user.stats.gp);
+        expect(updatedUser.stats.gp).to.be.lessThan(initialUser.stats.gp);
       });
     });
   });

test/api/v3/integration/tasks/POST-tasks_user.test.js

@@ -302,6 +302,17 @@ describe('POST /tasks/user', () => {
 
       expect(task.alias).to.eql('a_alias012');
     });
+
+    // This is a special case for iOS requests
+    it('will round a priority (difficulty)', async () => {
+      let task = await user.post('/tasks/user', {
+        text: 'test habit',
+        type: 'habit',
+        priority: 0.10000000000005,
+      });
+
+      expect(task.priority).to.eql(0.1);
+    });
   });
 
   context('habits', () => {
@@ -628,6 +639,43 @@ describe('POST /tasks/user', () => {
       });
     });
 
+    it('returns an error if everyX is a non int', async () => {
+      await expect(user.post('/tasks/user', {
+        text: 'test daily',
+        type: 'daily',
+        everyX: 2.5,
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: 'daily validation failed',
+      });
+    });
+
+    it('returns an error if everyX is negative', async () => {
+      await expect(user.post('/tasks/user', {
+        text: 'test daily',
+        type: 'daily',
+        everyX: -1,
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: 'daily validation failed',
+      });
+    });
+
+    it('returns an error if everyX is above 9999', async () => {
+      await expect(user.post('/tasks/user', {
+        text: 'test daily',
+        type: 'daily',
+        everyX: 10000,
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: 'daily validation failed',
+      });
+    });
+
+
     it('can create checklists', async () => {
       let task = await user.post('/tasks/user', {
         text: 'test daily',

test/api/v3/integration/tasks/challenges/POST-tasks_challenges_challengeId_tasks_id_score_direction.test.js

@@ -82,6 +82,13 @@ describe('POST /tasks/:id/score/:direction', () => {
     });
 
     it('should update the history', async () => {
+      let newCron = new Date(2015, 11, 20);
+
+      await user.post('/debug/set-cron', {
+        lastCron: newCron,
+      });
+
+      await user.post('/cron');
       await user.post(`/tasks/${usersChallengeTaskId}/score/up`);
 
       let tasks = await user.get(`/tasks/challenge/${challenge._id}`);

test/api/v3/integration/tasks/challenges/PUT-tasks_challenge_challengeId.test.js

@@ -139,6 +139,23 @@ describe('PUT /tasks/:id', () => {
       expect(savedHabit.up).to.eql(false);
       expect(savedHabit.down).to.eql(false);
     });
+
+    it('allows user to update their copy', async () => {
+      const userTasks = await user.get('/tasks/user');
+      const userChallengeTasks = userTasks.filter(task => task.challenge.id === challenge._id);
+      const userCopyOfChallengeTask = userChallengeTasks[0];
+
+      await user.put(`/tasks/${userCopyOfChallengeTask._id}`, {
+        notes: 'some new notes',
+        counterDown: 1,
+        counterUp: 2,
+      });
+      const savedHabit = await user.get(`/tasks/${userCopyOfChallengeTask._id}`);
+
+      expect(savedHabit.notes).to.eql('some new notes');
+      expect(savedHabit.counterDown).to.eql(1);
+      expect(savedHabit.counterUp).to.eql(2);
+    });
   });
 
   context('todos', () => {

test/api/v3/integration/tasks/groups/POST-group_tasks_id_needs-work_userId.test.js

@@ -0,0 +1,189 @@
+import {
+  createAndPopulateGroup,
+  translate as t,
+} from '../../../../../helpers/api-integration/v3';
+import { find } from 'lodash';
+
+describe('POST /tasks/:id/needs-work/:userId', () => {
+  let user, guild, member, member2, task;
+
+  function findAssignedTask (memberTask) {
+    return memberTask.group.id === guild._id;
+  }
+
+  beforeEach(async () => {
+    let {group, members, groupLeader} = await createAndPopulateGroup({
+      groupDetails: {
+        name: 'Test Guild',
+        type: 'guild',
+      },
+      members: 2,
+    });
+
+    guild = group;
+    user = groupLeader;
+    member = members[0];
+    member2 = members[1];
+
+    task = await user.post(`/tasks/group/${guild._id}`, {
+      text: 'test todo',
+      type: 'todo',
+      requiresApproval: true,
+    });
+  });
+
+  it('errors when user is not assigned', async () => {
+    await expect(user.post(`/tasks/${task._id}/needs-work/${member._id}`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 404,
+        error: 'NotFound',
+        message: t('taskNotFound'),
+      });
+  });
+
+  it('errors when user is not the group leader', async () => {
+    await user.post(`/tasks/${task._id}/assign/${member._id}`);
+    await expect(member.post(`/tasks/${task._id}/needs-work/${member._id}`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('onlyGroupLeaderCanEditTasks'),
+      });
+  });
+
+  it('marks as task as needing more work', async () => {
+    const initialNotifications = member.notifications.length;
+
+    await user.post(`/tasks/${task._id}/assign/${member._id}`);
+
+    let memberTasks = await member.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+
+    // score task to require approval
+    await expect(member.post(`/tasks/${syncedTask._id}/score/up`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('taskApprovalHasBeenRequested'),
+      });
+
+    await user.post(`/tasks/${task._id}/needs-work/${member._id}`);
+
+    [memberTasks] = await Promise.all([member.get('/tasks/user'), member.sync()]);
+    syncedTask = find(memberTasks, findAssignedTask);
+
+    // Check that the notification approval request has been removed
+    expect(syncedTask.group.approval.requested).to.equal(false);
+    expect(syncedTask.group.approval.requestedDate).to.equal(undefined);
+
+    // Check that the notification is correct
+    expect(member.notifications.length).to.equal(initialNotifications + 1);
+    const notification = member.notifications[member.notifications.length - 1];
+    expect(notification.type).to.equal('GROUP_TASK_NEEDS_WORK');
+
+    const taskText = syncedTask.text;
+    const managerName = user.profile.name;
+
+    expect(notification.data.message).to.equal(t('taskNeedsWork', {taskText, managerName}));
+
+    expect(notification.data.task.id).to.equal(syncedTask._id);
+    expect(notification.data.task.text).to.equal(taskText);
+
+    expect(notification.data.group.id).to.equal(syncedTask.group.id);
+    expect(notification.data.group.name).to.equal(guild.name);
+
+    expect(notification.data.manager.id).to.equal(user._id);
+    expect(notification.data.manager.name).to.equal(managerName);
+
+    // Check that the managers' GROUP_TASK_APPROVAL notifications have been removed
+    await user.sync();
+
+    expect(user.notifications.find(n => {
+      n.data.taskId === syncedTask._id && n.type === 'GROUP_TASK_APPROVAL';
+    })).to.equal(undefined);
+  });
+
+  it('allows a manager to mark a task as needing work', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+    await member2.post(`/tasks/${task._id}/assign/${member._id}`);
+
+    let memberTasks = await member.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+
+    // score task to require approval
+    await expect(member.post(`/tasks/${syncedTask._id}/score/up`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('taskApprovalHasBeenRequested'),
+      });
+
+    const initialNotifications = member.notifications.length;
+
+    await member2.post(`/tasks/${task._id}/needs-work/${member._id}`);
+
+    [memberTasks] = await Promise.all([member.get('/tasks/user'), member.sync()]);
+    syncedTask = find(memberTasks, findAssignedTask);
+
+    // Check that the notification approval request has been removed
+    expect(syncedTask.group.approval.requested).to.equal(false);
+    expect(syncedTask.group.approval.requestedDate).to.equal(undefined);
+
+    expect(member.notifications.length).to.equal(initialNotifications + 1);
+    const notification = member.notifications[member.notifications.length - 1];
+    expect(notification.type).to.equal('GROUP_TASK_NEEDS_WORK');
+
+    const taskText = syncedTask.text;
+    const managerName = member2.profile.name;
+
+    expect(notification.data.message).to.equal(t('taskNeedsWork', {taskText, managerName}));
+
+    expect(notification.data.task.id).to.equal(syncedTask._id);
+    expect(notification.data.task.text).to.equal(taskText);
+
+    expect(notification.data.group.id).to.equal(syncedTask.group.id);
+    expect(notification.data.group.name).to.equal(guild.name);
+
+    expect(notification.data.manager.id).to.equal(member2._id);
+    expect(notification.data.manager.name).to.equal(managerName);
+
+    // Check that the managers' GROUP_TASK_APPROVAL notifications have been removed
+    await Promise.all([user.sync(), member2.sync()]);
+
+    expect(user.notifications.find(n => {
+      n.data.taskId === syncedTask._id && n.type === 'GROUP_TASK_APPROVAL';
+    })).to.equal(undefined);
+
+    expect(member2.notifications.find(n => {
+      n.data.taskId === syncedTask._id && n.type === 'GROUP_TASK_APPROVAL';
+    })).to.equal(undefined);
+  });
+
+  it('prevents marking a task as needing work if it was already approved', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+
+    await member2.post(`/tasks/${task._id}/assign/${member._id}`);
+    await member2.post(`/tasks/${task._id}/approve/${member._id}`);
+    await expect(user.post(`/tasks/${task._id}/needs-work/${member._id}`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('canOnlyApproveTaskOnce'),
+      });
+  });
+
+  it('prevents marking a task as needing work if it is not waiting for approval', async () => {
+    await user.post(`/tasks/${task._id}/assign/${member._id}`);
+
+    await expect(user.post(`/tasks/${task._id}/needs-work/${member._id}`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('taskApprovalWasNotRequested'),
+      });
+  });
+});

test/api/v3/integration/tasks/groups/POST-group_tasks_id_score_direction.test.js

@@ -41,8 +41,9 @@ describe('POST /tasks/:id/score/:direction', () => {
 
     let memberTasks = await member.get('/tasks/user');
     let syncedTask = find(memberTasks, findAssignedTask);
+    const direction = 'up';
 
-    await expect(member.post(`/tasks/${syncedTask._id}/score/up`))
+    await expect(member.post(`/tasks/${syncedTask._id}/score/${direction}`))
       .to.eventually.be.rejected.and.to.eql({
         code: 401,
         error: 'NotAuthorized',
@@ -58,6 +59,7 @@ describe('POST /tasks/:id/score/:direction', () => {
       user: member.auth.local.username,
       taskName: updatedTask.text,
       taskId: updatedTask._id,
+      direction,
     }, 'cs')); // This test only works if we have the notification translated
     expect(user.notifications[1].data.groupId).to.equal(guild._id);
 
@@ -71,8 +73,9 @@ describe('POST /tasks/:id/score/:direction', () => {
     });
     let memberTasks = await member.get('/tasks/user');
     let syncedTask = find(memberTasks, findAssignedTask);
+    const direction = 'up';
 
-    await expect(member.post(`/tasks/${syncedTask._id}/score/up`))
+    await expect(member.post(`/tasks/${syncedTask._id}/score/${direction}`))
       .to.eventually.be.rejected.and.to.eql({
         code: 401,
         error: 'NotAuthorized',
@@ -88,6 +91,7 @@ describe('POST /tasks/:id/score/:direction', () => {
       user: member.auth.local.username,
       taskName: updatedTask.text,
       taskId: updatedTask._id,
+      direction,
     }));
     expect(user.notifications[1].data.groupId).to.equal(guild._id);
 
@@ -97,6 +101,7 @@ describe('POST /tasks/:id/score/:direction', () => {
       user: member.auth.local.username,
       taskName: updatedTask.text,
       taskId: updatedTask._id,
+      direction,
     }));
     expect(member2.notifications[0].data.groupId).to.equal(guild._id);
   });

test/api/v3/integration/tasks/groups/POST-tasks_task_id_unassign.test.js

@@ -75,15 +75,6 @@ describe('POST /tasks/:taskId/unassign/:memberId', () => {
       });
   });
 
-  it('returns error when non leader tries to create a task', async () => {
-    await expect(member.post(`/tasks/${task._id}/unassign/${member._id}`))
-      .to.eventually.be.rejected.and.eql({
-        code: 401,
-        error: 'NotAuthorized',
-        message: t('onlyGroupLeaderCanEditTasks'),
-      });
-  });
-
   it('unassigns a user from a task', async () => {
     await user.post(`/tasks/${task._id}/unassign/${member._id}`);
 
@@ -129,4 +120,26 @@ describe('POST /tasks/:taskId/unassign/:memberId', () => {
     expect(groupTask[0].group.assignedUsers).to.not.contain(member._id);
     expect(syncedTask).to.not.exist;
   });
+
+  it('allows a user to unassign themselves', async () => {
+    await member.post(`/tasks/${task._id}/unassign/${member._id}`);
+
+    let groupTask = await user.get(`/tasks/group/${guild._id}`);
+    let memberTasks = await member.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+
+    expect(groupTask[0].group.assignedUsers).to.not.contain(member._id);
+    expect(syncedTask).to.not.exist;
+  });
+
+  // @TODO: Which do we want? The user to unassign themselves or not. This test was in
+  // here, but then we had a request to allow to unaissgn.
+  xit('returns error when non leader tries to unassign their a task', async () => {
+    await expect(member.post(`/tasks/${task._id}/unassign/${member._id}`))
+      .to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('onlyGroupLeaderCanEditTasks'),
+      });
+  });
 });

test/api/v3/integration/user/DELETE-user.test.js

@@ -308,7 +308,7 @@ describe('DELETE /user', () => {
       })).to.eventually.be.rejected.and.eql({
         code: 401,
         error: 'NotAuthorized',
-        message: t('incorrectDeletePhrase'),
+        message: t('incorrectDeletePhrase', {magicWord: 'DELETE'}),
       });
     });
 

test/api/v3/integration/user/GET-user.test.js

@@ -27,4 +27,13 @@ describe('GET /user', () => {
     expect(returnedUser.auth.local.salt).to.not.exist;
     expect(returnedUser.apiToken).to.not.exist;
   });
+
+  it('returns only user properties requested', async () => {
+    let returnedUser = await user.get('/user?userFields=achievements,items.mounts');
+
+    expect(returnedUser._id).to.equal(user._id);
+    expect(returnedUser.achievements).to.exist;
+    expect(returnedUser.items.mounts).to.exist;
+    expect(returnedUser.stats).to.not.exist;
+  });
 });

test/api/v3/integration/user/GET-user_anonymized.test.js

@@ -25,6 +25,7 @@ describe('GET /user/anonymized', () => {
       'achievements.challenges': 'some',
       'inbox.messages': [{ text: 'some text' }],
       tags: [{ name: 'some name', challenge: 'some challenge' }],
+      notifications: [],
     });
 
     await generateHabit({ userId: user._id });
@@ -65,6 +66,7 @@ describe('GET /user/anonymized', () => {
     expect(returnedUser.stats.toNextLevel).to.eql(common.tnl(user.stats.lvl));
     expect(returnedUser.stats.maxMP).to.eql(30); // TODO why 30?
     expect(returnedUser.newMessages).to.not.exist;
+    expect(returnedUser.notifications).to.not.exist;
     expect(returnedUser.profile).to.not.exist;
     expect(returnedUser.purchased.plan).to.not.exist;
     expect(returnedUser.contributor).to.not.exist;

test/api/v3/integration/user/POST-user_feed_pet_food.test.js

@@ -30,7 +30,7 @@ describe('POST /user/feed/:pet/:food', () => {
       data: user.items.pets['Wolf-Base'],
       message: t('messageDontEnjoyFood', {
         egg: pet.text(),
-        foodText: food.text(),
+        foodText: food.textThe(),
       }),
     });
 

test/api/v3/integration/user/POST-user_open_mystery_item.test.js

@@ -13,15 +13,20 @@ describe('POST /user/open-mystery-item', () => {
   beforeEach(async () => {
     user = await generateUser({
       'purchased.plan.mysteryItems': [mysteryItemKey],
+      notifications: [
+        {type: 'NEW_MYSTERY_ITEMS', data: { items: [mysteryItemKey] }},
+      ],
     });
   });
 
   // More tests in common code unit tests
 
   it('opens a mystery item', async () => {
+    expect(user.notifications.length).to.equal(1);
     let response = await user.post('/user/open-mystery-item');
     await user.sync();
 
+    expect(user.notifications.length).to.equal(0);
     expect(user.items.gear.owned[mysteryItemKey]).to.be.true;
     expect(response.message).to.equal(t('mysteryItemOpened'));
     expect(response.data.key).to.eql(mysteryItemKey);

test/api/v3/integration/user/POST-user_read_card.test.js

@@ -26,13 +26,21 @@ describe('POST /user/read-card/:cardType', () => {
     await user.update({
       'items.special.greetingReceived': [true],
       'flags.cardReceived': true,
+      notifications: [{
+        type: 'CARD_RECEIVED',
+        data: {card: cardType},
+      }],
     });
 
+    await user.sync();
+    expect(user.notifications.length).to.equal(1);
+
     let response = await user.post(`/user/read-card/${cardType}`);
     await user.sync();
 
     expect(response.message).to.equal(t('readCard', {cardType}));
     expect(user.items.special[`${cardType}Received`]).to.be.empty;
     expect(user.flags.cardReceived).to.be.false;
+    expect(user.notifications.length).to.equal(0);
   });
 });

test/api/v3/integration/user/POST-user_sleep.test.js

@@ -1,6 +1,7 @@
 import {
   generateUser,
 } from '../../../../helpers/api-integration/v3';
+import { mockAnalyticsService as analytics } from '../../../../../website/server/libs/analyticsService';
 
 describe('POST /user/sleep', () => {
   let user;
@@ -22,4 +23,15 @@ describe('POST /user/sleep', () => {
     await user.sync();
     expect(user.preferences.sleep).to.be.false;
   });
+
+  it('sends sleep status to analytics service', async () => {
+    sandbox.spy(analytics, 'track');
+
+    await user.post('/user/sleep');
+    await user.sync();
+    expect(analytics.track).to.be.calledOnce;
+    expect(analytics.track).to.be.calledWith('sleep', sandbox.match.has('status', user.preferences.sleep));
+
+    sandbox.restore();
+  });
 });

test/api/v3/integration/user/auth/POST-register_local.test.js

@@ -6,10 +6,14 @@ import {
   getProperty,
 } from '../../../../../helpers/api-integration/v3';
 import { ApiUser } from '../../../../../helpers/api-integration/api-classes';
-import { v4 as generateRandomUserName } from 'uuid';
+import { v4 as uuid } from 'uuid';
 import { each } from 'lodash';
 import { encrypt } from '../../../../../../website/server/libs/encryption';
 
+function generateRandomUserName () {
+  return (Date.now() + uuid()).substring(0, 20);
+}
+
 describe('POST /user/auth/local/register', () => {
   context('username and email are free', () => {
     let api;
@@ -37,6 +41,71 @@ describe('POST /user/auth/local/register', () => {
       expect(user.newUser).to.eql(true);
     });
 
+    xit('remove spaces from username', async () => {
+      // TODO can probably delete this test now
+      let username = ' usernamewithspaces ';
+      let email = 'test@example.com';
+      let password = 'password';
+
+      let user = await api.post('/user/auth/local/register', {
+        username,
+        email,
+        password,
+        confirmPassword: password,
+      });
+
+      expect(user.auth.local.username).to.eql(username.trim());
+      expect(user.profile.name).to.eql(username.trim());
+    });
+
+    context('validates username', () => {
+      const email = 'test@example.com';
+      const password = 'password';
+
+      it('requires to username to be less than 20', async () => {
+        const username = (Date.now() + uuid()).substring(0, 21);
+
+        await expect(api.post('/user/auth/local/register', {
+          username,
+          email,
+          password,
+          confirmPassword: password,
+        })).to.eventually.be.rejected.and.eql({
+          code: 400,
+          error: 'BadRequest',
+          message: 'Invalid request parameters.',
+        });
+      });
+
+      it('rejects chracters not in [-_a-zA-Z0-9]', async () => {
+        const username = 'a-zA_Z09*';
+
+        await expect(api.post('/user/auth/local/register', {
+          username,
+          email,
+          password,
+          confirmPassword: password,
+        })).to.eventually.be.rejected.and.eql({
+          code: 400,
+          error: 'BadRequest',
+          message: 'Invalid request parameters.',
+        });
+      });
+
+      it('allows only [-_a-zA-Z0-9] characters', async () => {
+        const username = 'a-zA_Z09';
+
+        const user = await api.post('/user/auth/local/register', {
+          username,
+          email,
+          password,
+          confirmPassword: password,
+        });
+
+        expect(user.auth.local.username).to.eql(username);
+      });
+    });
+
     context('provides default tags and tasks', async () => {
       it('for a generic API consumer', async () => {
         let username = generateRandomUserName();

test/api/v3/integration/user/buy/POST-user_buy_gear.test.js

@@ -25,12 +25,32 @@ describe('POST /user/buy-gear/:key', () => {
       });
   });
 
-  it('buys a piece of gear', async () => {
+  it('buys the first level weapon gear', async () => {
+    let key = 'weapon_warrior_0';
+
+    await user.post(`/user/buy-gear/${key}`);
+    await user.sync();
+
+    expect(user.items.gear.owned[key]).to.eql(true);
+  });
+
+  it('buys the first level armor gear', async () => {
     let key = 'armor_warrior_1';
 
     await user.post(`/user/buy-gear/${key}`);
     await user.sync();
 
-    expect(user.items.gear.owned.armor_warrior_1).to.eql(true);
+    expect(user.items.gear.owned[key]).to.eql(true);
+  });
+
+  it('tries to buy subsequent, level gear', async () => {
+    let key = 'armor_warrior_2';
+
+    return expect(user.post(`/user/buy-gear/${key}`))
+      .to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: 'You need to purchase a lower level gear before this one.',
+      });
   });
 });

test/api/v3/integration/world-state/GET-world-state.test.js

@@ -0,0 +1,35 @@
+import { TAVERN_ID } from '../../../../../website/server/models/group';
+import { updateDocument } from '../../../../helpers/mongo';
+import {
+  requester,
+  resetHabiticaDB,
+} from '../../../../helpers/api-v3-integration.helper';
+
+describe('GET /world-state', () => {
+  before(async () => {
+    await resetHabiticaDB();
+  });
+
+  it('returns empty worldBoss object when world boss is not active (and does not require authentication)', async () => {
+    const res = await requester().get('/world-state');
+    expect(res.worldBoss).to.eql({});
+  });
+
+  it('returns Tavern quest data when world boss is active', async () => {
+    await updateDocument('groups', {_id: TAVERN_ID}, {quest: {active: true, key: 'dysheartener', progress: {hp: 50000, rage: 9999}}});
+
+    const res = await requester().get('/world-state');
+    expect(res).to.have.deep.property('worldBoss');
+
+    expect(res.worldBoss).to.eql({
+      active: true,
+      extra: {},
+      key: 'dysheartener',
+      progress: {
+        collect: {},
+        hp: 50000,
+        rage: 9999,
+      },
+    });
+  });
+});

test/api/v3/unit/libs/amazonPayments.test.js

@@ -1,739 +0,0 @@
-import moment from 'moment';
-import cc from 'coupon-code';
-import uuid from 'uuid';
-
-import {
-  generateGroup,
-} from '../../../../helpers/api-unit.helper.js';
-import { model as User } from '../../../../../website/server/models/user';
-import { model as Group } from '../../../../../website/server/models/group';
-import { model as Coupon } from '../../../../../website/server/models/coupon';
-import amzLib from '../../../../../website/server/libs/amazonPayments';
-import payments from '../../../../../website/server/libs/payments';
-import common from '../../../../../website/common';
-
-const i18n = common.i18n;
-
-describe('Amazon Payments', () => {
-  let subKey = 'basic_3mo';
-
-  describe('checkout', () => {
-    let user, orderReferenceId, headers;
-    let setOrderReferenceDetailsSpy;
-    let confirmOrderReferenceSpy;
-    let authorizeSpy;
-    let closeOrderReferenceSpy;
-
-    let paymentBuyGemsStub;
-    let paymentCreateSubscritionStub;
-    let amount = 5;
-
-    function expectAmazonStubs () {
-      expect(setOrderReferenceDetailsSpy).to.be.calledOnce;
-      expect(setOrderReferenceDetailsSpy).to.be.calledWith({
-        AmazonOrderReferenceId: orderReferenceId,
-        OrderReferenceAttributes: {
-          OrderTotal: {
-            CurrencyCode: amzLib.constants.CURRENCY_CODE,
-            Amount: amount,
-          },
-          SellerNote: amzLib.constants.SELLER_NOTE,
-          SellerOrderAttributes: {
-            SellerOrderId: common.uuid(),
-            StoreName: amzLib.constants.STORE_NAME,
-          },
-        },
-      });
-
-      expect(confirmOrderReferenceSpy).to.be.calledOnce;
-      expect(confirmOrderReferenceSpy).to.be.calledWith({ AmazonOrderReferenceId: orderReferenceId });
-
-      expect(authorizeSpy).to.be.calledOnce;
-      expect(authorizeSpy).to.be.calledWith({
-        AmazonOrderReferenceId: orderReferenceId,
-        AuthorizationReferenceId: common.uuid().substring(0, 32),
-        AuthorizationAmount: {
-          CurrencyCode: amzLib.constants.CURRENCY_CODE,
-          Amount: amount,
-        },
-        SellerAuthorizationNote: amzLib.constants.SELLER_NOTE,
-        TransactionTimeout: 0,
-        CaptureNow: true,
-      });
-
-      expect(closeOrderReferenceSpy).to.be.calledOnce;
-      expect(closeOrderReferenceSpy).to.be.calledWith({ AmazonOrderReferenceId: orderReferenceId });
-    }
-
-    beforeEach(function () {
-      user = new User();
-      headers = {};
-      orderReferenceId = 'orderReferenceId';
-
-      setOrderReferenceDetailsSpy = sinon.stub(amzLib, 'setOrderReferenceDetails');
-      setOrderReferenceDetailsSpy.returnsPromise().resolves({});
-
-      confirmOrderReferenceSpy = sinon.stub(amzLib, 'confirmOrderReference');
-      confirmOrderReferenceSpy.returnsPromise().resolves({});
-
-      authorizeSpy = sinon.stub(amzLib, 'authorize');
-      authorizeSpy.returnsPromise().resolves({});
-
-      closeOrderReferenceSpy = sinon.stub(amzLib, 'closeOrderReference');
-      closeOrderReferenceSpy.returnsPromise().resolves({});
-
-      paymentBuyGemsStub = sinon.stub(payments, 'buyGems');
-      paymentBuyGemsStub.returnsPromise().resolves({});
-
-      paymentCreateSubscritionStub = sinon.stub(payments, 'createSubscription');
-      paymentCreateSubscritionStub.returnsPromise().resolves({});
-
-      sinon.stub(common, 'uuid').returns('uuid-generated');
-    });
-
-    afterEach(function () {
-      amzLib.setOrderReferenceDetails.restore();
-      amzLib.confirmOrderReference.restore();
-      amzLib.authorize.restore();
-      amzLib.closeOrderReference.restore();
-      payments.buyGems.restore();
-      payments.createSubscription.restore();
-      common.uuid.restore();
-    });
-
-    it('should purchase gems', async () => {
-      sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
-      await amzLib.checkout({user, orderReferenceId, headers});
-
-      expect(paymentBuyGemsStub).to.be.calledOnce;
-      expect(paymentBuyGemsStub).to.be.calledWith({
-        user,
-        paymentMethod: amzLib.constants.PAYMENT_METHOD,
-        headers,
-      });
-      expectAmazonStubs();
-      expect(user.canGetGems).to.be.calledOnce;
-      user.canGetGems.restore();
-    });
-
-    it('should error if gem amount is too low', async () => {
-      let receivingUser = new User();
-      receivingUser.save();
-      let gift = {
-        type: 'gems',
-        gems: {
-          amount: 0,
-          uuid: receivingUser._id,
-        },
-      };
-
-      await expect(amzLib.checkout({gift, user, orderReferenceId, headers}))
-      .to.eventually.be.rejected.and.to.eql({
-        httpCode: 400,
-        message: 'Amount must be at least 1.',
-        name: 'BadRequest',
-      });
-    });
-
-    it('should error if user cannot get gems gems', async () => {
-      sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
-      await expect(amzLib.checkout({user, orderReferenceId, headers})).to.eventually.be.rejected.and.to.eql({
-        httpCode: 401,
-        message: i18n.t('groupPolicyCannotGetGems'),
-        name: 'NotAuthorized',
-      });
-      user.canGetGems.restore();
-    });
-
-    it('should gift gems', async () => {
-      let receivingUser = new User();
-      await receivingUser.save();
-      let gift = {
-        type: 'gems',
-        uuid: receivingUser._id,
-        gems: {
-          amount: 16,
-        },
-      };
-      amount = 16 / 4;
-      await amzLib.checkout({gift, user, orderReferenceId, headers});
-
-      expect(paymentBuyGemsStub).to.be.calledOnce;
-      expect(paymentBuyGemsStub).to.be.calledWith({
-        user,
-        paymentMethod: amzLib.constants.PAYMENT_METHOD_GIFT,
-        headers,
-        gift,
-      });
-      expectAmazonStubs();
-    });
-
-    it('should gift a subscription', async () => {
-      let receivingUser = new User();
-      receivingUser.save();
-      let gift = {
-        type: 'subscription',
-        subscription: {
-          key: subKey,
-          uuid: receivingUser._id,
-        },
-      };
-      amount = common.content.subscriptionBlocks[subKey].price;
-
-      await amzLib.checkout({user, orderReferenceId, headers, gift});
-
-      gift.member = receivingUser;
-      expect(paymentCreateSubscritionStub).to.be.calledOnce;
-      expect(paymentCreateSubscritionStub).to.be.calledWith({
-        user,
-        paymentMethod: amzLib.constants.PAYMENT_METHOD_GIFT,
-        headers,
-        gift,
-      });
-      expectAmazonStubs();
-    });
-  });
-
-  describe('subscribe', () => {
-    let user, group, amount, billingAgreementId, sub, coupon, groupId, headers;
-    let amazonSetBillingAgreementDetailsSpy;
-    let amazonConfirmBillingAgreementSpy;
-    let amazongAuthorizeOnBillingAgreementSpy;
-    let createSubSpy;
-
-    beforeEach(async () => {
-      user = new User();
-      user.profile.name = 'sender';
-      user.purchased.plan.customerId = 'customer-id';
-      user.purchased.plan.planId = subKey;
-      user.purchased.plan.lastBillingDate = new Date();
-
-      group = generateGroup({
-        name: 'test group',
-        type: 'guild',
-        privacy: 'public',
-        leader: user._id,
-      });
-      group.purchased.plan.customerId = 'customer-id';
-      group.purchased.plan.planId = subKey;
-      await group.save();
-
-      amount = common.content.subscriptionBlocks[subKey].price;
-      billingAgreementId = 'billingAgreementId';
-      sub = {
-        key: subKey,
-        price: amount,
-      };
-      groupId = group._id;
-      headers = {};
-
-      amazonSetBillingAgreementDetailsSpy = sinon.stub(amzLib, 'setBillingAgreementDetails');
-      amazonSetBillingAgreementDetailsSpy.returnsPromise().resolves({});
-
-      amazonConfirmBillingAgreementSpy = sinon.stub(amzLib, 'confirmBillingAgreement');
-      amazonConfirmBillingAgreementSpy.returnsPromise().resolves({});
-
-      amazongAuthorizeOnBillingAgreementSpy = sinon.stub(amzLib, 'authorizeOnBillingAgreement');
-      amazongAuthorizeOnBillingAgreementSpy.returnsPromise().resolves({});
-
-      createSubSpy = sinon.stub(payments, 'createSubscription');
-      createSubSpy.returnsPromise().resolves({});
-
-      sinon.stub(common, 'uuid').returns('uuid-generated');
-    });
-
-    afterEach(function () {
-      amzLib.setBillingAgreementDetails.restore();
-      amzLib.confirmBillingAgreement.restore();
-      amzLib.authorizeOnBillingAgreement.restore();
-      payments.createSubscription.restore();
-      common.uuid.restore();
-    });
-
-    it('should throw an error if we are missing a subscription', async () => {
-      await expect(amzLib.subscribe({
-        billingAgreementId,
-        coupon,
-        user,
-        groupId,
-        headers,
-      }))
-      .to.eventually.be.rejected.and.to.eql({
-        httpCode: 400,
-        name: 'BadRequest',
-        message: i18n.t('missingSubscriptionCode'),
-      });
-    });
-
-    it('should throw an error if we are missing a billingAgreementId', async () => {
-      await expect(amzLib.subscribe({
-        sub,
-        coupon,
-        user,
-        groupId,
-        headers,
-      }))
-      .to.eventually.be.rejected.and.to.eql({
-        httpCode: 400,
-        name: 'BadRequest',
-        message: 'Missing req.body.billingAgreementId',
-      });
-    });
-
-    it('should throw an error when coupon code is missing', async () => {
-      sub.discount = 40;
-
-      await expect(amzLib.subscribe({
-        billingAgreementId,
-        sub,
-        coupon,
-        user,
-        groupId,
-        headers,
-      }))
-      .to.eventually.be.rejected.and.to.eql({
-        httpCode: 400,
-        name: 'BadRequest',
-        message: i18n.t('couponCodeRequired'),
-      });
-    });
-
-    it('should throw an error when coupon code is invalid', async () => {
-      sub.discount = 40;
-      sub.key = 'google_6mo';
-      coupon = 'example-coupon';
-
-      let couponModel = new Coupon();
-      couponModel.event = 'google_6mo';
-      await couponModel.save();
-
-      sinon.stub(cc, 'validate').returns('invalid');
-
-      await expect(amzLib.subscribe({
-        billingAgreementId,
-        sub,
-        coupon,
-        user,
-        groupId,
-        headers,
-      }))
-      .to.eventually.be.rejected.and.to.eql({
-        httpCode: 401,
-        name: 'NotAuthorized',
-        message: i18n.t('invalidCoupon'),
-      });
-      cc.validate.restore();
-    });
-
-    it('subscribes with amazon with a coupon', async () => {
-      sub.discount = 40;
-      sub.key = 'google_6mo';
-      coupon = 'example-coupon';
-
-      let couponModel = new Coupon();
-      couponModel.event = 'google_6mo';
-      let updatedCouponModel = await couponModel.save();
-
-      sinon.stub(cc, 'validate').returns(updatedCouponModel._id);
-
-      await amzLib.subscribe({
-        billingAgreementId,
-        sub,
-        coupon,
-        user,
-        groupId,
-        headers,
-      });
-
-      expect(createSubSpy).to.be.calledOnce;
-      expect(createSubSpy).to.be.calledWith({
-        user,
-        customerId: billingAgreementId,
-        paymentMethod: amzLib.constants.PAYMENT_METHOD,
-        sub,
-        headers,
-        groupId,
-      });
-
-      cc.validate.restore();
-    });
-
-    it('subscribes with amazon', async () => {
-      await amzLib.subscribe({
-        billingAgreementId,
-        sub,
-        coupon,
-        user,
-        groupId,
-        headers,
-      });
-
-      expect(amazonSetBillingAgreementDetailsSpy).to.be.calledOnce;
-      expect(amazonSetBillingAgreementDetailsSpy).to.be.calledWith({
-        AmazonBillingAgreementId: billingAgreementId,
-        BillingAgreementAttributes: {
-          SellerNote: amzLib.constants.SELLER_NOTE_SUBSCRIPTION,
-          SellerBillingAgreementAttributes: {
-            SellerBillingAgreementId: common.uuid(),
-            StoreName: amzLib.constants.STORE_NAME,
-            CustomInformation: amzLib.constants.SELLER_NOTE_SUBSCRIPTION,
-          },
-        },
-      });
-
-      expect(amazonConfirmBillingAgreementSpy).to.be.calledOnce;
-      expect(amazonConfirmBillingAgreementSpy).to.be.calledWith({
-        AmazonBillingAgreementId: billingAgreementId,
-      });
-
-      expect(amazongAuthorizeOnBillingAgreementSpy).to.be.calledOnce;
-      expect(amazongAuthorizeOnBillingAgreementSpy).to.be.calledWith({
-        AmazonBillingAgreementId: billingAgreementId,
-        AuthorizationReferenceId: common.uuid().substring(0, 32),
-        AuthorizationAmount: {
-          CurrencyCode: amzLib.constants.CURRENCY_CODE,
-          Amount: amount,
-        },
-        SellerAuthorizationNote: amzLib.constants.SELLER_NOTE_ATHORIZATION_SUBSCRIPTION,
-        TransactionTimeout: 0,
-        CaptureNow: true,
-        SellerNote: amzLib.constants.SELLER_NOTE_ATHORIZATION_SUBSCRIPTION,
-        SellerOrderAttributes: {
-          SellerOrderId: common.uuid(),
-          StoreName: amzLib.constants.STORE_NAME,
-        },
-      });
-
-      expect(createSubSpy).to.be.calledOnce;
-      expect(createSubSpy).to.be.calledWith({
-        user,
-        customerId: billingAgreementId,
-        paymentMethod: amzLib.constants.PAYMENT_METHOD,
-        sub,
-        headers,
-        groupId,
-      });
-    });
-
-    it('subscribes with amazon with price to existing users', async () => {
-      user = new User();
-      user.guilds.push(groupId);
-      await user.save();
-      group.memberCount = 2;
-      await group.save();
-      sub.key = 'group_monthly';
-      sub.price = 9;
-      amount = 12;
-
-      await amzLib.subscribe({
-        billingAgreementId,
-        sub,
-        coupon,
-        user,
-        groupId,
-        headers,
-      });
-
-      expect(amazonSetBillingAgreementDetailsSpy).to.be.calledOnce;
-      expect(amazonSetBillingAgreementDetailsSpy).to.be.calledWith({
-        AmazonBillingAgreementId: billingAgreementId,
-        BillingAgreementAttributes: {
-          SellerNote: amzLib.constants.SELLER_NOTE_SUBSCRIPTION,
-          SellerBillingAgreementAttributes: {
-            SellerBillingAgreementId: common.uuid(),
-            StoreName: amzLib.constants.STORE_NAME,
-            CustomInformation: amzLib.constants.SELLER_NOTE_SUBSCRIPTION,
-          },
-        },
-      });
-
-      expect(amazonConfirmBillingAgreementSpy).to.be.calledOnce;
-      expect(amazonConfirmBillingAgreementSpy).to.be.calledWith({
-        AmazonBillingAgreementId: billingAgreementId,
-      });
-
-      expect(amazongAuthorizeOnBillingAgreementSpy).to.be.calledOnce;
-      expect(amazongAuthorizeOnBillingAgreementSpy).to.be.calledWith({
-        AmazonBillingAgreementId: billingAgreementId,
-        AuthorizationReferenceId: common.uuid().substring(0, 32),
-        AuthorizationAmount: {
-          CurrencyCode: amzLib.constants.CURRENCY_CODE,
-          Amount: amount,
-        },
-        SellerAuthorizationNote: amzLib.constants.SELLER_NOTE_ATHORIZATION_SUBSCRIPTION,
-        TransactionTimeout: 0,
-        CaptureNow: true,
-        SellerNote: amzLib.constants.SELLER_NOTE_ATHORIZATION_SUBSCRIPTION,
-        SellerOrderAttributes: {
-          SellerOrderId: common.uuid(),
-          StoreName: amzLib.constants.STORE_NAME,
-        },
-      });
-
-      expect(createSubSpy).to.be.calledOnce;
-      expect(createSubSpy).to.be.calledWith({
-        user,
-        customerId: billingAgreementId,
-        paymentMethod: amzLib.constants.PAYMENT_METHOD,
-        sub,
-        headers,
-        groupId,
-      });
-    });
-  });
-
-  describe('cancelSubscription', () => {
-    let user, group, headers, billingAgreementId, subscriptionBlock, subscriptionLength;
-    let getBillingAgreementDetailsSpy;
-    let paymentCancelSubscriptionSpy;
-
-    function expectAmazonStubs () {
-      expect(getBillingAgreementDetailsSpy).to.be.calledOnce;
-      expect(getBillingAgreementDetailsSpy).to.be.calledWith({
-        AmazonBillingAgreementId: billingAgreementId,
-      });
-    }
-
-    beforeEach(async () => {
-      user = new User();
-      user.profile.name = 'sender';
-      user.purchased.plan.customerId = 'customer-id';
-      user.purchased.plan.planId = subKey;
-      user.purchased.plan.lastBillingDate = new Date();
-
-      group = generateGroup({
-        name: 'test group',
-        type: 'guild',
-        privacy: 'public',
-        leader: user._id,
-      });
-      group.purchased.plan.customerId = 'customer-id';
-      group.purchased.plan.planId = subKey;
-      group.purchased.plan.lastBillingDate = new Date();
-      await group.save();
-
-      subscriptionBlock = common.content.subscriptionBlocks[subKey];
-      subscriptionLength = subscriptionBlock.months * 30;
-
-      headers = {};
-
-      getBillingAgreementDetailsSpy = sinon.stub(amzLib, 'getBillingAgreementDetails');
-      getBillingAgreementDetailsSpy.returnsPromise().resolves({
-        BillingAgreementDetails: {
-          BillingAgreementStatus: {State: 'Closed'},
-        },
-      });
-
-      paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription');
-      paymentCancelSubscriptionSpy.returnsPromise().resolves({});
-    });
-
-    afterEach(function () {
-      amzLib.getBillingAgreementDetails.restore();
-      payments.cancelSubscription.restore();
-    });
-
-    it('should throw an error if we are missing a subscription', async () => {
-      user.purchased.plan.customerId = undefined;
-
-      await expect(amzLib.cancelSubscription({user}))
-        .to.eventually.be.rejected.and.to.eql({
-          httpCode: 401,
-          name: 'NotAuthorized',
-          message: i18n.t('missingSubscription'),
-        });
-    });
-
-    it('should cancel a user subscription', async () => {
-      billingAgreementId = user.purchased.plan.customerId;
-
-      await amzLib.cancelSubscription({user, headers});
-
-      expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
-      expect(paymentCancelSubscriptionSpy).to.be.calledWith({
-        user,
-        groupId: undefined,
-        nextBill: moment(user.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
-        paymentMethod: amzLib.constants.PAYMENT_METHOD,
-        headers,
-        cancellationReason: undefined,
-      });
-      expectAmazonStubs();
-    });
-
-    it('should close a user subscription if amazon not closed', async () => {
-      amzLib.getBillingAgreementDetails.restore();
-      getBillingAgreementDetailsSpy = sinon.stub(amzLib, 'getBillingAgreementDetails')
-        .returnsPromise()
-        .resolves({
-          BillingAgreementDetails: {
-            BillingAgreementStatus: {State: 'Open'},
-          },
-        });
-      let closeBillingAgreementSpy = sinon.stub(amzLib, 'closeBillingAgreement').returnsPromise().resolves({});
-      billingAgreementId = user.purchased.plan.customerId;
-
-      await amzLib.cancelSubscription({user, headers});
-
-      expectAmazonStubs();
-      expect(closeBillingAgreementSpy).to.be.calledOnce;
-      expect(closeBillingAgreementSpy).to.be.calledWith({
-        AmazonBillingAgreementId: billingAgreementId,
-      });
-      expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
-      expect(paymentCancelSubscriptionSpy).to.be.calledWith({
-        user,
-        groupId: undefined,
-        nextBill: moment(user.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
-        paymentMethod: amzLib.constants.PAYMENT_METHOD,
-        headers,
-        cancellationReason: undefined,
-      });
-      amzLib.closeBillingAgreement.restore();
-    });
-
-    it('should throw an error if group is not found', async () => {
-      await expect(amzLib.cancelSubscription({user, groupId: 'fake-id'}))
-        .to.eventually.be.rejected.and.to.eql({
-          httpCode: 404,
-          name: 'NotFound',
-          message: i18n.t('groupNotFound'),
-        });
-    });
-
-    it('should throw an error if user is not group leader', async () => {
-      let nonLeader = new User();
-      nonLeader.guilds.push(group._id);
-      await nonLeader.save();
-
-      await expect(amzLib.cancelSubscription({user: nonLeader, groupId: group._id}))
-        .to.eventually.be.rejected.and.to.eql({
-          httpCode: 401,
-          name: 'NotAuthorized',
-          message: i18n.t('onlyGroupLeaderCanManageSubscription'),
-        });
-    });
-
-    it('should cancel a group subscription', async () => {
-      billingAgreementId = group.purchased.plan.customerId;
-
-      await amzLib.cancelSubscription({user, groupId: group._id, headers});
-
-      expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
-      expect(paymentCancelSubscriptionSpy).to.be.calledWith({
-        user,
-        groupId: group._id,
-        nextBill: moment(group.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
-        paymentMethod: amzLib.constants.PAYMENT_METHOD,
-        headers,
-        cancellationReason: undefined,
-      });
-      expectAmazonStubs();
-    });
-
-    it('should close a group subscription if amazon not closed', async () => {
-      amzLib.getBillingAgreementDetails.restore();
-      getBillingAgreementDetailsSpy = sinon.stub(amzLib, 'getBillingAgreementDetails')
-        .returnsPromise()
-        .resolves({
-          BillingAgreementDetails: {
-            BillingAgreementStatus: {State: 'Open'},
-          },
-        });
-      let closeBillingAgreementSpy = sinon.stub(amzLib, 'closeBillingAgreement').returnsPromise().resolves({});
-      billingAgreementId = group.purchased.plan.customerId;
-
-      await amzLib.cancelSubscription({user, groupId: group._id, headers});
-
-      expectAmazonStubs();
-      expect(closeBillingAgreementSpy).to.be.calledOnce;
-      expect(closeBillingAgreementSpy).to.be.calledWith({
-        AmazonBillingAgreementId: billingAgreementId,
-      });
-      expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
-      expect(paymentCancelSubscriptionSpy).to.be.calledWith({
-        user,
-        groupId: group._id,
-        nextBill: moment(group.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
-        paymentMethod: amzLib.constants.PAYMENT_METHOD,
-        headers,
-        cancellationReason: undefined,
-      });
-      amzLib.closeBillingAgreement.restore();
-    });
-  });
-
-  describe('#upgradeGroupPlan', () => {
-    let spy, data, user, group, uuidString;
-
-    beforeEach(async function () {
-      user = new User();
-      user.profile.name = 'sender';
-
-      data = {
-        user,
-        sub: {
-          key: 'basic_3mo', // @TODO: Validate that this is group
-        },
-        customerId: 'customer-id',
-        paymentMethod: 'Payment Method',
-        headers: {
-          'x-client': 'habitica-web',
-          'user-agent': '',
-        },
-      };
-
-      group = generateGroup({
-        name: 'test group',
-        type: 'guild',
-        privacy: 'public',
-        leader: user._id,
-      });
-      await group.save();
-
-      spy = sinon.stub(amzLib, 'authorizeOnBillingAgreement');
-      spy.returnsPromise().resolves([]);
-
-      uuidString = 'uuid-v4';
-      sinon.stub(uuid, 'v4').returns(uuidString);
-
-      data.groupId = group._id;
-      data.sub.quantity = 3;
-    });
-
-    afterEach(function () {
-      sinon.restore(amzLib.authorizeOnBillingAgreement);
-      uuid.v4.restore();
-    });
-
-    it('charges for a new member', async () => {
-      data.paymentMethod = amzLib.constants.PAYMENT_METHOD;
-      await payments.createSubscription(data);
-
-      let updatedGroup = await Group.findById(group._id).exec();
-
-      updatedGroup.memberCount += 1;
-      await updatedGroup.save();
-
-      await amzLib.chargeForAdditionalGroupMember(updatedGroup);
-
-      expect(spy.calledOnce).to.be.true;
-      expect(spy).to.be.calledWith({
-        AmazonBillingAgreementId: updatedGroup.purchased.plan.customerId,
-        AuthorizationReferenceId: uuidString.substring(0, 32),
-        AuthorizationAmount: {
-          CurrencyCode: amzLib.constants.CURRENCY_CODE,
-          Amount: 3,
-        },
-        SellerAuthorizationNote: amzLib.constants.SELLER_NOTE_GROUP_NEW_MEMBER,
-        TransactionTimeout: 0,
-        CaptureNow: true,
-        SellerNote: amzLib.constants.SELLER_NOTE_GROUP_NEW_MEMBER,
-        SellerOrderAttributes: {
-          SellerOrderId: uuidString,
-          StoreName: amzLib.constants.STORE_NAME,
-        },
-      });
-    });
-  });
-});

test/api/v3/unit/libs/payments.test.js

@@ -153,6 +153,24 @@ describe('payments/index', () => {
         expect(recipient.purchased.plan.dateUpdated).to.exist;
       });
 
+      it('sets plan.dateUpdated if it did exist but the user has cancelled', async () => {
+        recipient.purchased.plan.dateUpdated = moment().subtract(1, 'days').toDate();
+        recipient.purchased.plan.dateTerminated = moment().subtract(1, 'days').toDate();
+        recipient.purchased.plan.customerId = 'testing';
+
+        await api.createSubscription(data);
+
+        expect(moment(recipient.purchased.plan.dateUpdated).date()).to.eql(moment().date());
+      });
+
+      it('sets plan.dateUpdated if it did exist but the user has a corrupt plan', async () => {
+        recipient.purchased.plan.dateUpdated = moment().subtract(1, 'days').toDate();
+
+        await api.createSubscription(data);
+
+        expect(moment(recipient.purchased.plan.dateUpdated).date()).to.eql(moment().date());
+      });
+
       it('sets plan.dateCreated if it did not previously exist', async () => {
         expect(recipient.purchased.plan.dateCreated).to.not.exist;
 
@@ -399,13 +417,19 @@ describe('payments/index', () => {
       it('awards mystery items when within the timeframe for a mystery item', async () => {
         let mayMysteryItemTimeframe = 1464725113000; // May 31st 2016
         let fakeClock = sinon.useFakeTimers(mayMysteryItemTimeframe);
+
         data = { paymentMethod: 'PaymentMethod', user, sub: { key: 'basic_3mo' } };
 
+        const oldNotificationsCount = user.notifications.length;
+
         await api.createSubscription(data);
 
+        expect(user.notifications.find(n => n.type === 'NEW_MYSTERY_ITEMS')).to.not.be.undefined;
         expect(user.purchased.plan.mysteryItems).to.have.a.lengthOf(2);
         expect(user.purchased.plan.mysteryItems).to.include('armor_mystery_201605');
         expect(user.purchased.plan.mysteryItems).to.include('head_mystery_201605');
+        expect(user.notifications.length).to.equal(oldNotificationsCount + 1);
+        expect(user.notifications[0].type).to.equal('NEW_MYSTERY_ITEMS');
 
         fakeClock.restore();
       });

test/api/v3/unit/libs/payments/amazon/cancel.test.js

@@ -0,0 +1,180 @@
+import moment from 'moment';
+
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import { model as User } from '../../../../../../../website/server/models/user';
+import amzLib from '../../../../../../../website/server/libs/amazonPayments';
+import payments from '../../../../../../../website/server/libs/payments';
+import common from '../../../../../../../website/common';
+import { createNonLeaderGroupMember } from '../paymentHelpers';
+
+const i18n = common.i18n;
+
+describe('Amazon Payments - Cancel Subscription', () => {
+  const subKey = 'basic_3mo';
+
+  let user, group, headers, billingAgreementId, subscriptionBlock, subscriptionLength;
+  let getBillingAgreementDetailsSpy;
+  let paymentCancelSubscriptionSpy;
+
+  function expectAmazonStubs () {
+    expect(getBillingAgreementDetailsSpy).to.be.calledOnce;
+    expect(getBillingAgreementDetailsSpy).to.be.calledWith({
+      AmazonBillingAgreementId: billingAgreementId,
+    });
+  }
+
+  function expectAmazonCancelSubscriptionSpy (groupId, lastBillingDate) {
+    expect(paymentCancelSubscriptionSpy).to.be.calledWith({
+      user,
+      groupId,
+      nextBill: moment(lastBillingDate).add({ days: subscriptionLength }),
+      paymentMethod: amzLib.constants.PAYMENT_METHOD,
+      headers,
+      cancellationReason: undefined,
+    });
+  }
+
+  function expectAmazonCancelUserSubscriptionSpy () {
+    expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
+    expectAmazonCancelSubscriptionSpy(undefined, user.purchased.plan.lastBillingDate);
+  }
+
+  function expectAmazonCancelGroupSubscriptionSpy (groupId) {
+    expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
+    expectAmazonCancelSubscriptionSpy(groupId, group.purchased.plan.lastBillingDate);
+  }
+
+  function expectBillingAggreementDetailSpy () {
+    getBillingAgreementDetailsSpy = sinon.stub(amzLib, 'getBillingAgreementDetails')
+      .returnsPromise()
+      .resolves({
+        BillingAgreementDetails: {
+          BillingAgreementStatus: {State: 'Open'},
+        },
+      });
+  }
+
+  beforeEach(async () => {
+    user = new User();
+    user.profile.name = 'sender';
+    user.purchased.plan.customerId = 'customer-id';
+    user.purchased.plan.planId = subKey;
+    user.purchased.plan.lastBillingDate = new Date();
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    group.purchased.plan.customerId = 'customer-id';
+    group.purchased.plan.planId = subKey;
+    group.purchased.plan.lastBillingDate = new Date();
+    await group.save();
+
+    subscriptionBlock = common.content.subscriptionBlocks[subKey];
+    subscriptionLength = subscriptionBlock.months * 30;
+
+    headers = {};
+
+    getBillingAgreementDetailsSpy = sinon.stub(amzLib, 'getBillingAgreementDetails');
+    getBillingAgreementDetailsSpy.returnsPromise().resolves({
+      BillingAgreementDetails: {
+        BillingAgreementStatus: {State: 'Closed'},
+      },
+    });
+
+    paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription');
+    paymentCancelSubscriptionSpy.returnsPromise().resolves({});
+  });
+
+  afterEach(function () {
+    amzLib.getBillingAgreementDetails.restore();
+    payments.cancelSubscription.restore();
+  });
+
+  it('should throw an error if we are missing a subscription', async () => {
+    user.purchased.plan.customerId = undefined;
+
+    await expect(amzLib.cancelSubscription({user}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 401,
+        name: 'NotAuthorized',
+        message: i18n.t('missingSubscription'),
+      });
+  });
+
+  it('should cancel a user subscription', async () => {
+    billingAgreementId = user.purchased.plan.customerId;
+
+    await amzLib.cancelSubscription({user, headers});
+
+    expectAmazonCancelUserSubscriptionSpy();
+    expectAmazonStubs();
+  });
+
+  it('should close a user subscription if amazon not closed', async () => {
+    amzLib.getBillingAgreementDetails.restore();
+    expectBillingAggreementDetailSpy();
+    let closeBillingAgreementSpy = sinon.stub(amzLib, 'closeBillingAgreement').returnsPromise().resolves({});
+    billingAgreementId = user.purchased.plan.customerId;
+
+    await amzLib.cancelSubscription({user, headers});
+
+    expectAmazonStubs();
+    expect(closeBillingAgreementSpy).to.be.calledOnce;
+    expect(closeBillingAgreementSpy).to.be.calledWith({
+      AmazonBillingAgreementId: billingAgreementId,
+    });
+    expectAmazonCancelUserSubscriptionSpy();
+    amzLib.closeBillingAgreement.restore();
+  });
+
+  it('should throw an error if group is not found', async () => {
+    await expect(amzLib.cancelSubscription({user, groupId: 'fake-id'}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 404,
+        name: 'NotFound',
+        message: i18n.t('groupNotFound'),
+      });
+  });
+
+  it('should throw an error if user is not group leader', async () => {
+    let nonLeader = await createNonLeaderGroupMember(group);
+
+    await expect(amzLib.cancelSubscription({user: nonLeader, groupId: group._id}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 401,
+        name: 'NotAuthorized',
+        message: i18n.t('onlyGroupLeaderCanManageSubscription'),
+      });
+  });
+
+  it('should cancel a group subscription', async () => {
+    billingAgreementId = group.purchased.plan.customerId;
+
+    await amzLib.cancelSubscription({user, groupId: group._id, headers});
+
+    expectAmazonCancelGroupSubscriptionSpy(group._id);
+    expectAmazonStubs();
+  });
+
+  it('should close a group subscription if amazon not closed', async () => {
+    amzLib.getBillingAgreementDetails.restore();
+    expectBillingAggreementDetailSpy();
+    let closeBillingAgreementSpy = sinon.stub(amzLib, 'closeBillingAgreement').returnsPromise().resolves({});
+    billingAgreementId = group.purchased.plan.customerId;
+
+    await amzLib.cancelSubscription({user, groupId: group._id, headers});
+
+    expectAmazonStubs();
+    expect(closeBillingAgreementSpy).to.be.calledOnce;
+    expect(closeBillingAgreementSpy).to.be.calledWith({
+      AmazonBillingAgreementId: billingAgreementId,
+    });
+    expectAmazonCancelGroupSubscriptionSpy(group._id);
+    amzLib.closeBillingAgreement.restore();
+  });
+});

test/api/v3/unit/libs/payments/amazon/checkout.test.js

@@ -0,0 +1,193 @@
+import { model as User } from '../../../../../../../website/server/models/user';
+import amzLib from '../../../../../../../website/server/libs/amazonPayments';
+import payments from '../../../../../../../website/server/libs/payments';
+import common from '../../../../../../../website/common';
+
+const i18n = common.i18n;
+
+describe('Amazon Payments - Checkout', () => {
+  const subKey = 'basic_3mo';
+  let user, orderReferenceId, headers;
+  let setOrderReferenceDetailsSpy;
+  let confirmOrderReferenceSpy;
+  let authorizeSpy;
+  let closeOrderReferenceSpy;
+
+  let paymentBuyGemsStub;
+  let paymentCreateSubscritionStub;
+  let amount = 5;
+
+  function expectOrderReferenceSpy () {
+    expect(setOrderReferenceDetailsSpy).to.be.calledOnce;
+    expect(setOrderReferenceDetailsSpy).to.be.calledWith({
+      AmazonOrderReferenceId: orderReferenceId,
+      OrderReferenceAttributes: {
+        OrderTotal: {
+          CurrencyCode: amzLib.constants.CURRENCY_CODE,
+          Amount: amount,
+        },
+        SellerNote: amzLib.constants.SELLER_NOTE,
+        SellerOrderAttributes: {
+          SellerOrderId: common.uuid(),
+          StoreName: amzLib.constants.STORE_NAME,
+        },
+      },
+    });
+  }
+
+  function expectAuthorizeSpy () {
+    expect(authorizeSpy).to.be.calledOnce;
+    expect(authorizeSpy).to.be.calledWith({
+      AmazonOrderReferenceId: orderReferenceId,
+      AuthorizationReferenceId: common.uuid().substring(0, 32),
+      AuthorizationAmount: {
+        CurrencyCode: amzLib.constants.CURRENCY_CODE,
+        Amount: amount,
+      },
+      SellerAuthorizationNote: amzLib.constants.SELLER_NOTE,
+      TransactionTimeout: 0,
+      CaptureNow: true,
+    });
+  }
+
+  function expectAmazonStubs () {
+    expectOrderReferenceSpy();
+
+    expect(confirmOrderReferenceSpy).to.be.calledOnce;
+    expect(confirmOrderReferenceSpy).to.be.calledWith({ AmazonOrderReferenceId: orderReferenceId });
+
+    expectAuthorizeSpy();
+
+    expect(closeOrderReferenceSpy).to.be.calledOnce;
+    expect(closeOrderReferenceSpy).to.be.calledWith({ AmazonOrderReferenceId: orderReferenceId });
+  }
+
+  beforeEach(function () {
+    user = new User();
+    headers = {};
+    orderReferenceId = 'orderReferenceId';
+
+    setOrderReferenceDetailsSpy = sinon.stub(amzLib, 'setOrderReferenceDetails');
+    setOrderReferenceDetailsSpy.returnsPromise().resolves({});
+
+    confirmOrderReferenceSpy = sinon.stub(amzLib, 'confirmOrderReference');
+    confirmOrderReferenceSpy.returnsPromise().resolves({});
+
+    authorizeSpy = sinon.stub(amzLib, 'authorize');
+    authorizeSpy.returnsPromise().resolves({});
+
+    closeOrderReferenceSpy = sinon.stub(amzLib, 'closeOrderReference');
+    closeOrderReferenceSpy.returnsPromise().resolves({});
+
+    paymentBuyGemsStub = sinon.stub(payments, 'buyGems');
+    paymentBuyGemsStub.returnsPromise().resolves({});
+
+    paymentCreateSubscritionStub = sinon.stub(payments, 'createSubscription');
+    paymentCreateSubscritionStub.returnsPromise().resolves({});
+
+    sinon.stub(common, 'uuid').returns('uuid-generated');
+  });
+
+  afterEach(function () {
+    amzLib.setOrderReferenceDetails.restore();
+    amzLib.confirmOrderReference.restore();
+    amzLib.authorize.restore();
+    amzLib.closeOrderReference.restore();
+    payments.buyGems.restore();
+    payments.createSubscription.restore();
+    common.uuid.restore();
+  });
+
+  function expectBuyGemsStub (paymentMethod, gift) {
+    expect(paymentBuyGemsStub).to.be.calledOnce;
+
+    let expectedArgs = {
+      user,
+      paymentMethod,
+      headers,
+    };
+    if (gift) expectedArgs.gift = gift;
+    expect(paymentBuyGemsStub).to.be.calledWith(expectedArgs);
+  }
+
+  it('should purchase gems', async () => {
+    sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
+    await amzLib.checkout({user, orderReferenceId, headers});
+
+    expectBuyGemsStub(amzLib.constants.PAYMENT_METHOD);
+    expectAmazonStubs();
+    expect(user.canGetGems).to.be.calledOnce;
+    user.canGetGems.restore();
+  });
+
+  it('should error if gem amount is too low', async () => {
+    let receivingUser = new User();
+    receivingUser.save();
+    let gift = {
+      type: 'gems',
+      gems: {
+        amount: 0,
+        uuid: receivingUser._id,
+      },
+    };
+
+    await expect(amzLib.checkout({gift, user, orderReferenceId, headers}))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 400,
+      message: 'Amount must be at least 1.',
+      name: 'BadRequest',
+    });
+  });
+
+  it('should error if user cannot get gems gems', async () => {
+    sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+    await expect(amzLib.checkout({user, orderReferenceId, headers})).to.eventually.be.rejected.and.to.eql({
+      httpCode: 401,
+      message: i18n.t('groupPolicyCannotGetGems'),
+      name: 'NotAuthorized',
+    });
+    user.canGetGems.restore();
+  });
+
+  it('should gift gems', async () => {
+    let receivingUser = new User();
+    await receivingUser.save();
+    let gift = {
+      type: 'gems',
+      uuid: receivingUser._id,
+      gems: {
+        amount: 16,
+      },
+    };
+    amount = 16 / 4;
+    await amzLib.checkout({gift, user, orderReferenceId, headers});
+
+    expectBuyGemsStub(amzLib.constants.PAYMENT_METHOD_GIFT, gift);
+    expectAmazonStubs();
+  });
+
+  it('should gift a subscription', async () => {
+    let receivingUser = new User();
+    receivingUser.save();
+    let gift = {
+      type: 'subscription',
+      subscription: {
+        key: subKey,
+        uuid: receivingUser._id,
+      },
+    };
+    amount = common.content.subscriptionBlocks[subKey].price;
+
+    await amzLib.checkout({user, orderReferenceId, headers, gift});
+
+    gift.member = receivingUser;
+    expect(paymentCreateSubscritionStub).to.be.calledOnce;
+    expect(paymentCreateSubscritionStub).to.be.calledWith({
+      user,
+      paymentMethod: amzLib.constants.PAYMENT_METHOD_GIFT,
+      headers,
+      gift,
+    });
+    expectAmazonStubs();
+  });
+});

test/api/v3/unit/libs/payments/amazon/subscribe.test.js

@@ -0,0 +1,267 @@
+import cc from 'coupon-code';
+
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import { model as User } from '../../../../../../../website/server/models/user';
+import { model as Coupon } from '../../../../../../../website/server/models/coupon';
+import amzLib from '../../../../../../../website/server/libs/amazonPayments';
+import payments from '../../../../../../../website/server/libs/payments';
+import common from '../../../../../../../website/common';
+
+const i18n = common.i18n;
+
+describe('Amazon Payments - Subscribe', () => {
+  const subKey = 'basic_3mo';
+  let user, group, amount, billingAgreementId, sub, coupon, groupId, headers;
+  let amazonSetBillingAgreementDetailsSpy;
+  let amazonConfirmBillingAgreementSpy;
+  let amazonAuthorizeOnBillingAgreementSpy;
+  let createSubSpy;
+
+  beforeEach(async () => {
+    user = new User();
+    user.profile.name = 'sender';
+    user.purchased.plan.customerId = 'customer-id';
+    user.purchased.plan.planId = subKey;
+    user.purchased.plan.lastBillingDate = new Date();
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    group.purchased.plan.customerId = 'customer-id';
+    group.purchased.plan.planId = subKey;
+    await group.save();
+
+    amount = common.content.subscriptionBlocks[subKey].price;
+    billingAgreementId = 'billingAgreementId';
+    sub = {
+      key: subKey,
+      price: amount,
+    };
+    groupId = group._id;
+    headers = {};
+
+    amazonSetBillingAgreementDetailsSpy = sinon.stub(amzLib, 'setBillingAgreementDetails');
+    amazonSetBillingAgreementDetailsSpy.returnsPromise().resolves({});
+
+    amazonConfirmBillingAgreementSpy = sinon.stub(amzLib, 'confirmBillingAgreement');
+    amazonConfirmBillingAgreementSpy.returnsPromise().resolves({});
+
+    amazonAuthorizeOnBillingAgreementSpy = sinon.stub(amzLib, 'authorizeOnBillingAgreement');
+    amazonAuthorizeOnBillingAgreementSpy.returnsPromise().resolves({});
+
+    createSubSpy = sinon.stub(payments, 'createSubscription');
+    createSubSpy.returnsPromise().resolves({});
+
+    sinon.stub(common, 'uuid').returns('uuid-generated');
+  });
+
+  afterEach(function () {
+    amzLib.setBillingAgreementDetails.restore();
+    amzLib.confirmBillingAgreement.restore();
+    amzLib.authorizeOnBillingAgreement.restore();
+    payments.createSubscription.restore();
+    common.uuid.restore();
+  });
+
+  function expectAmazonAuthorizeBillingAgreementSpy () {
+    expect(amazonAuthorizeOnBillingAgreementSpy).to.be.calledOnce;
+    expect(amazonAuthorizeOnBillingAgreementSpy).to.be.calledWith({
+      AmazonBillingAgreementId: billingAgreementId,
+      AuthorizationReferenceId: common.uuid().substring(0, 32),
+      AuthorizationAmount: {
+        CurrencyCode: amzLib.constants.CURRENCY_CODE,
+        Amount: amount,
+      },
+      SellerAuthorizationNote: amzLib.constants.SELLER_NOTE_ATHORIZATION_SUBSCRIPTION,
+      TransactionTimeout: 0,
+      CaptureNow: true,
+      SellerNote: amzLib.constants.SELLER_NOTE_ATHORIZATION_SUBSCRIPTION,
+      SellerOrderAttributes: {
+        SellerOrderId: common.uuid(),
+        StoreName: amzLib.constants.STORE_NAME,
+      },
+    });
+  }
+
+  function expectAmazonSetBillingAgreementDetailsSpy () {
+    expect(amazonSetBillingAgreementDetailsSpy).to.be.calledOnce;
+    expect(amazonSetBillingAgreementDetailsSpy).to.be.calledWith({
+      AmazonBillingAgreementId: billingAgreementId,
+      BillingAgreementAttributes: {
+        SellerNote: amzLib.constants.SELLER_NOTE_SUBSCRIPTION,
+        SellerBillingAgreementAttributes: {
+          SellerBillingAgreementId: common.uuid(),
+          StoreName: amzLib.constants.STORE_NAME,
+          CustomInformation: amzLib.constants.SELLER_NOTE_SUBSCRIPTION,
+        },
+      },
+    });
+  }
+
+  function expectCreateSpy () {
+    expect(createSubSpy).to.be.calledOnce;
+    expect(createSubSpy).to.be.calledWith({
+      user,
+      customerId: billingAgreementId,
+      paymentMethod: amzLib.constants.PAYMENT_METHOD,
+      sub,
+      headers,
+      groupId,
+    });
+  }
+
+  it('should throw an error if we are missing a subscription', async () => {
+    await expect(amzLib.subscribe({
+      billingAgreementId,
+      coupon,
+      user,
+      groupId,
+      headers,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 400,
+      name: 'BadRequest',
+      message: i18n.t('missingSubscriptionCode'),
+    });
+  });
+
+  it('should throw an error if we are missing a billingAgreementId', async () => {
+    await expect(amzLib.subscribe({
+      sub,
+      coupon,
+      user,
+      groupId,
+      headers,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 400,
+      name: 'BadRequest',
+      message: 'Missing req.body.billingAgreementId',
+    });
+  });
+
+  it('should throw an error when coupon code is missing', async () => {
+    sub.discount = 40;
+
+    await expect(amzLib.subscribe({
+      billingAgreementId,
+      sub,
+      coupon,
+      user,
+      groupId,
+      headers,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 400,
+      name: 'BadRequest',
+      message: i18n.t('couponCodeRequired'),
+    });
+  });
+
+  it('should throw an error when coupon code is invalid', async () => {
+    sub.discount = 40;
+    sub.key = 'google_6mo';
+    coupon = 'example-coupon';
+
+    let couponModel = new Coupon();
+    couponModel.event = 'google_6mo';
+    await couponModel.save();
+
+    sinon.stub(cc, 'validate').returns('invalid');
+
+    await expect(amzLib.subscribe({
+      billingAgreementId,
+      sub,
+      coupon,
+      user,
+      groupId,
+      headers,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 401,
+      name: 'NotAuthorized',
+      message: i18n.t('invalidCoupon'),
+    });
+    cc.validate.restore();
+  });
+
+  it('subscribes with amazon with a coupon', async () => {
+    sub.discount = 40;
+    sub.key = 'google_6mo';
+    coupon = 'example-coupon';
+
+    let couponModel = new Coupon();
+    couponModel.event = 'google_6mo';
+    let updatedCouponModel = await couponModel.save();
+
+    sinon.stub(cc, 'validate').returns(updatedCouponModel._id);
+
+    await amzLib.subscribe({
+      billingAgreementId,
+      sub,
+      coupon,
+      user,
+      groupId,
+      headers,
+    });
+
+    expectCreateSpy();
+
+    cc.validate.restore();
+  });
+
+  it('subscribes with amazon', async () => {
+    await amzLib.subscribe({
+      billingAgreementId,
+      sub,
+      coupon,
+      user,
+      groupId,
+      headers,
+    });
+
+    expectAmazonSetBillingAgreementDetailsSpy();
+
+    expect(amazonConfirmBillingAgreementSpy).to.be.calledOnce;
+    expect(amazonConfirmBillingAgreementSpy).to.be.calledWith({
+      AmazonBillingAgreementId: billingAgreementId,
+    });
+
+    expectAmazonAuthorizeBillingAgreementSpy();
+
+    expectCreateSpy();
+  });
+
+  it('subscribes with amazon with price to existing users', async () => {
+    user = new User();
+    user.guilds.push(groupId);
+    await user.save();
+    group.memberCount = 2;
+    await group.save();
+    sub.key = 'group_monthly';
+    sub.price = 9;
+    amount = 12;
+
+    await amzLib.subscribe({
+      billingAgreementId,
+      sub,
+      coupon,
+      user,
+      groupId,
+      headers,
+    });
+
+    expectAmazonSetBillingAgreementDetailsSpy();
+    expect(amazonConfirmBillingAgreementSpy).to.be.calledOnce;
+    expect(amazonConfirmBillingAgreementSpy).to.be.calledWith({
+      AmazonBillingAgreementId: billingAgreementId,
+    });
+    expectAmazonAuthorizeBillingAgreementSpy();
+    expectCreateSpy();
+  });
+});

test/api/v3/unit/libs/payments/amazon/upgrade-groupplan.test.js

@@ -0,0 +1,83 @@
+import uuid from 'uuid';
+
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import { model as User } from '../../../../../../../website/server/models/user';
+import { model as Group } from '../../../../../../../website/server/models/group';
+import amzLib from '../../../../../../../website/server/libs/amazonPayments';
+import payments from '../../../../../../../website/server/libs/payments';
+
+describe('#upgradeGroupPlan', () => {
+  let spy, data, user, group, uuidString;
+
+  beforeEach(async function () {
+    user = new User();
+    user.profile.name = 'sender';
+
+    data = {
+      user,
+      sub: {
+        key: 'basic_3mo', // @TODO: Validate that this is group
+      },
+      customerId: 'customer-id',
+      paymentMethod: 'Payment Method',
+      headers: {
+        'x-client': 'habitica-web',
+        'user-agent': '',
+      },
+    };
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    await group.save();
+
+    spy = sinon.stub(amzLib, 'authorizeOnBillingAgreement');
+    spy.returnsPromise().resolves([]);
+
+    uuidString = 'uuid-v4';
+    sinon.stub(uuid, 'v4').returns(uuidString);
+
+    data.groupId = group._id;
+    data.sub.quantity = 3;
+  });
+
+  afterEach(function () {
+    amzLib.authorizeOnBillingAgreement.restore();
+    uuid.v4.restore();
+  });
+
+  it('charges for a new member', async () => {
+    data.paymentMethod = amzLib.constants.PAYMENT_METHOD;
+    await payments.createSubscription(data);
+
+    let updatedGroup = await Group.findById(group._id).exec();
+
+    updatedGroup.memberCount += 1;
+    await updatedGroup.save();
+
+    await amzLib.chargeForAdditionalGroupMember(updatedGroup);
+
+    expect(spy.calledOnce).to.be.true;
+    expect(spy).to.be.calledWith({
+      AmazonBillingAgreementId: updatedGroup.purchased.plan.customerId,
+      AuthorizationReferenceId: uuidString.substring(0, 32),
+      AuthorizationAmount: {
+        CurrencyCode: amzLib.constants.CURRENCY_CODE,
+        Amount: 3,
+      },
+      SellerAuthorizationNote: amzLib.constants.SELLER_NOTE_GROUP_NEW_MEMBER,
+      TransactionTimeout: 0,
+      CaptureNow: true,
+      SellerNote: amzLib.constants.SELLER_NOTE_GROUP_NEW_MEMBER,
+      SellerOrderAttributes: {
+        SellerOrderId: uuidString,
+        StoreName: amzLib.constants.STORE_NAME,
+      },
+    });
+  });
+});

test/api/v3/unit/libs/payments/paymentHelpers.js

@@ -0,0 +1,7 @@
+import { model as User } from '../../../../../../website/server/models/user';
+
+export async function createNonLeaderGroupMember (group) {
+  let nonLeader = new User();
+  nonLeader.guilds.push(group._id);
+  return await nonLeader.save();
+}

test/api/v3/unit/libs/payments/paypal/checkout-success.test.js

@@ -0,0 +1,87 @@
+/* eslint-disable camelcase */
+import payments from '../../../../../../../website/server/libs/payments';
+import paypalPayments from '../../../../../../../website/server/libs/paypalPayments';
+import { model as User } from '../../../../../../../website/server/models/user';
+
+describe('checkout success', () => {
+  const subKey = 'basic_3mo';
+  let user, gift, customerId, paymentId;
+  let paypalPaymentExecuteStub, paymentBuyGemsStub, paymentsCreateSubscritionStub;
+
+  beforeEach(() => {
+    user = new User();
+    customerId = 'customerId-test';
+    paymentId = 'paymentId-test';
+
+    paypalPaymentExecuteStub = sinon.stub(paypalPayments, 'paypalPaymentExecute').returnsPromise().resolves({});
+    paymentBuyGemsStub = sinon.stub(payments, 'buyGems').returnsPromise().resolves({});
+    paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').returnsPromise().resolves({});
+  });
+
+  afterEach(() => {
+    paypalPayments.paypalPaymentExecute.restore();
+    payments.buyGems.restore();
+    payments.createSubscription.restore();
+  });
+
+  it('purchases gems', async () => {
+    await paypalPayments.checkoutSuccess({user, gift, paymentId, customerId});
+
+    expect(paypalPaymentExecuteStub).to.be.calledOnce;
+    expect(paypalPaymentExecuteStub).to.be.calledWith(paymentId, { payer_id: customerId });
+    expect(paymentBuyGemsStub).to.be.calledOnce;
+    expect(paymentBuyGemsStub).to.be.calledWith({
+      user,
+      customerId,
+      paymentMethod: 'Paypal',
+    });
+  });
+
+  it('gifts gems', async () => {
+    let receivingUser = new User();
+    await receivingUser.save();
+    gift = {
+      type: 'gems',
+      gems: {
+        amount: 16,
+        uuid: receivingUser._id,
+      },
+    };
+
+    await paypalPayments.checkoutSuccess({user, gift, paymentId, customerId});
+
+    expect(paypalPaymentExecuteStub).to.be.calledOnce;
+    expect(paypalPaymentExecuteStub).to.be.calledWith(paymentId, { payer_id: customerId });
+    expect(paymentBuyGemsStub).to.be.calledOnce;
+    expect(paymentBuyGemsStub).to.be.calledWith({
+      user,
+      customerId,
+      paymentMethod: 'PayPal (Gift)',
+      gift,
+    });
+  });
+
+  it('gifts subscription', async () => {
+    let receivingUser = new User();
+    await receivingUser.save();
+    gift = {
+      type: 'subscription',
+      subscription: {
+        key: subKey,
+        uuid: receivingUser._id,
+      },
+    };
+
+    await paypalPayments.checkoutSuccess({user, gift, paymentId, customerId});
+
+    expect(paypalPaymentExecuteStub).to.be.calledOnce;
+    expect(paypalPaymentExecuteStub).to.be.calledWith(paymentId, { payer_id: customerId });
+    expect(paymentsCreateSubscritionStub).to.be.calledOnce;
+    expect(paymentsCreateSubscritionStub).to.be.calledWith({
+      user,
+      customerId,
+      paymentMethod: 'PayPal (Gift)',
+      gift,
+    });
+  });
+});

test/api/v3/unit/libs/payments/paypal/checkout.test.js

@@ -0,0 +1,127 @@
+/* eslint-disable camelcase */
+import nconf from 'nconf';
+
+import paypalPayments from '../../../../../../../website/server/libs/paypalPayments';
+import { model as User } from '../../../../../../../website/server/models/user';
+import common from '../../../../../../../website/common';
+
+const BASE_URL = nconf.get('BASE_URL');
+const i18n = common.i18n;
+
+describe('checkout', () => {
+  const subKey = 'basic_3mo';
+  let paypalPaymentCreateStub;
+  let approvalHerf;
+
+  function getPaypalCreateOptions (description, amount) {
+    return {
+      intent: 'sale',
+      payer: { payment_method: 'Paypal' },
+      redirect_urls: {
+        return_url: `${BASE_URL}/paypal/checkout/success`,
+        cancel_url: `${BASE_URL}`,
+      },
+      transactions: [{
+        item_list: {
+          items: [{
+            name: description,
+            price: amount,
+            currency: 'USD',
+            quantity: 1,
+          }],
+        },
+        amount: {
+          currency: 'USD',
+          total: amount,
+        },
+        description,
+      }],
+    };
+  }
+
+  beforeEach(() => {
+    approvalHerf = 'approval_href';
+    paypalPaymentCreateStub = sinon.stub(paypalPayments, 'paypalPaymentCreate')
+      .returnsPromise().resolves({
+        links: [{ rel: 'approval_url', href: approvalHerf }],
+      });
+  });
+
+  afterEach(() => {
+    paypalPayments.paypalPaymentCreate.restore();
+  });
+
+  it('creates a link for gem purchases', async () => {
+    let link = await paypalPayments.checkout({user: new User()});
+
+    expect(paypalPaymentCreateStub).to.be.calledOnce;
+    expect(paypalPaymentCreateStub).to.be.calledWith(getPaypalCreateOptions('Habitica Gems', 5.00));
+    expect(link).to.eql(approvalHerf);
+  });
+
+  it('should error if gem amount is too low', async () => {
+    let receivingUser = new User();
+    receivingUser.save();
+    let gift = {
+      type: 'gems',
+      gems: {
+        amount: 0,
+        uuid: receivingUser._id,
+      },
+    };
+
+    await expect(paypalPayments.checkout({gift}))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 400,
+      message: 'Amount must be at least 1.',
+      name: 'BadRequest',
+    });
+  });
+
+  it('should error if the user cannot get gems', async () => {
+    let user = new User();
+    sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+
+    await expect(paypalPayments.checkout({user})).to.eventually.be.rejected.and.to.eql({
+      httpCode: 401,
+      message: i18n.t('groupPolicyCannotGetGems'),
+      name: 'NotAuthorized',
+    });
+  });
+
+  it('creates a link for gifting gems', async () => {
+    let receivingUser = new User();
+    await receivingUser.save();
+    let gift = {
+      type: 'gems',
+      uuid: receivingUser._id,
+      gems: {
+        amount: 16,
+      },
+    };
+
+    let link = await paypalPayments.checkout({gift});
+
+    expect(paypalPaymentCreateStub).to.be.calledOnce;
+    expect(paypalPaymentCreateStub).to.be.calledWith(getPaypalCreateOptions('Habitica Gems (Gift)', '4.00'));
+    expect(link).to.eql(approvalHerf);
+  });
+
+  it('creates a link for gifting a subscription', async () => {
+    let receivingUser = new User();
+    receivingUser.save();
+    let gift = {
+      type: 'subscription',
+      subscription: {
+        key: subKey,
+        uuid: receivingUser._id,
+      },
+    };
+
+    let link = await paypalPayments.checkout({gift});
+
+    expect(paypalPaymentCreateStub).to.be.calledOnce;
+    expect(paypalPaymentCreateStub).to.be.calledWith(getPaypalCreateOptions('mo. Habitica Subscription (Gift)', '15.00'));
+    expect(link).to.eql(approvalHerf);
+  });
+});

test/api/v3/unit/libs/payments/paypal/ipn.test.js

@@ -0,0 +1,66 @@
+/* eslint-disable camelcase */
+import payments from '../../../../../../../website/server/libs/payments';
+import paypalPayments from '../../../../../../../website/server/libs/paypalPayments';
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import { model as User } from '../../../../../../../website/server/models/user';
+
+describe('ipn', () => {
+  const subKey = 'basic_3mo';
+  let user, group, txn_type, userPaymentId, groupPaymentId;
+  let ipnVerifyAsyncStub, paymentCancelSubscriptionSpy;
+
+  beforeEach(async () => {
+    txn_type = 'recurring_payment_profile_cancel';
+    userPaymentId = 'userPaymentId-test';
+    groupPaymentId = 'groupPaymentId-test';
+
+    user = new User();
+    user.profile.name = 'sender';
+    user.purchased.plan.customerId = userPaymentId;
+    user.purchased.plan.planId = subKey;
+    user.purchased.plan.lastBillingDate = new Date();
+    await user.save();
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    group.purchased.plan.customerId = groupPaymentId;
+    group.purchased.plan.planId = subKey;
+    group.purchased.plan.lastBillingDate = new Date();
+    await group.save();
+
+    ipnVerifyAsyncStub = sinon.stub(paypalPayments, 'ipnVerifyAsync').returnsPromise().resolves({});
+    paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+  });
+
+  afterEach(function () {
+    paypalPayments.ipnVerifyAsync.restore();
+    payments.cancelSubscription.restore();
+  });
+
+  it('should cancel a user subscription', async () => {
+    await paypalPayments.ipn({txn_type, recurring_payment_id: userPaymentId});
+
+    expect(ipnVerifyAsyncStub).to.be.calledOnce;
+    expect(ipnVerifyAsyncStub).to.be.calledWith({txn_type, recurring_payment_id: userPaymentId});
+
+    expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
+    expect(paymentCancelSubscriptionSpy.args[0][0].user._id).to.eql(user._id);
+    expect(paymentCancelSubscriptionSpy.args[0][0].paymentMethod).to.eql('Paypal');
+  });
+
+  it('should cancel a group subscription', async () => {
+    await paypalPayments.ipn({txn_type, recurring_payment_id: groupPaymentId});
+
+    expect(ipnVerifyAsyncStub).to.be.calledOnce;
+    expect(ipnVerifyAsyncStub).to.be.calledWith({txn_type, recurring_payment_id: groupPaymentId});
+
+    expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
+    expect(paymentCancelSubscriptionSpy).to.be.calledWith({ groupId: group._id, paymentMethod: 'Paypal' });
+  });
+});

test/api/v3/unit/libs/payments/paypal/subscribe-cancel.test.js

@@ -0,0 +1,124 @@
+/* eslint-disable camelcase */
+import payments from '../../../../../../../website/server/libs/payments';
+import paypalPayments from '../../../../../../../website/server/libs/paypalPayments';
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import { model as User } from '../../../../../../../website/server/models/user';
+import common from '../../../../../../../website/common';
+import { createNonLeaderGroupMember } from '../paymentHelpers';
+
+const i18n = common.i18n;
+
+describe('subscribeCancel', () => {
+  const subKey = 'basic_3mo';
+  let user, group, groupId, customerId, groupCustomerId, nextBillingDate;
+  let paymentCancelSubscriptionSpy, paypalBillingAgreementCancelStub, paypalBillingAgreementGetStub;
+
+  beforeEach(async () => {
+    customerId = 'customer-id';
+    groupCustomerId = 'groupCustomerId-test';
+
+    user = new User();
+    user.profile.name = 'sender';
+    user.purchased.plan.customerId = customerId;
+    user.purchased.plan.planId = subKey;
+    user.purchased.plan.lastBillingDate = new Date();
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    group.purchased.plan.customerId = groupCustomerId;
+    group.purchased.plan.planId = subKey;
+    group.purchased.plan.lastBillingDate = new Date();
+    await group.save();
+
+    nextBillingDate = new Date();
+
+    paypalBillingAgreementCancelStub = sinon.stub(paypalPayments, 'paypalBillingAgreementCancel').returnsPromise().resolves({});
+    paypalBillingAgreementGetStub = sinon.stub(paypalPayments, 'paypalBillingAgreementGet')
+      .returnsPromise().resolves({
+        agreement_details: {
+          next_billing_date: nextBillingDate,
+          cycles_completed: 1,
+        },
+      });
+    paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+  });
+
+  afterEach(function () {
+    paypalPayments.paypalBillingAgreementGet.restore();
+    paypalPayments.paypalBillingAgreementCancel.restore();
+    payments.cancelSubscription.restore();
+  });
+
+  it('should throw an error if we are missing a subscription', async () => {
+    user.purchased.plan.customerId = undefined;
+
+    await expect(paypalPayments.subscribeCancel({user}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 401,
+        name: 'NotAuthorized',
+        message: i18n.t('missingSubscription'),
+      });
+  });
+
+  it('should throw an error if group is not found', async () => {
+    await expect(paypalPayments.subscribeCancel({user, groupId: 'fake-id'}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 404,
+        name: 'NotFound',
+        message: i18n.t('groupNotFound'),
+      });
+  });
+
+  it('should throw an error if user is not group leader', async () => {
+    let nonLeader = await createNonLeaderGroupMember(group);
+
+    await expect(paypalPayments.subscribeCancel({user: nonLeader, groupId: group._id}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 401,
+        name: 'NotAuthorized',
+        message: i18n.t('onlyGroupLeaderCanManageSubscription'),
+      });
+  });
+
+  it('should cancel a user subscription', async () => {
+    await paypalPayments.subscribeCancel({user});
+
+    expect(paypalBillingAgreementGetStub).to.be.calledOnce;
+    expect(paypalBillingAgreementGetStub).to.be.calledWith(customerId);
+    expect(paypalBillingAgreementCancelStub).to.be.calledOnce;
+    expect(paypalBillingAgreementCancelStub).to.be.calledWith(customerId, { note: i18n.t('cancelingSubscription') });
+
+    expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
+    expect(paymentCancelSubscriptionSpy).to.be.calledWith({
+      user,
+      groupId,
+      paymentMethod: 'Paypal',
+      nextBill: nextBillingDate,
+      cancellationReason: undefined,
+    });
+  });
+
+  it('should cancel a group subscription', async () => {
+    await paypalPayments.subscribeCancel({user, groupId: group._id});
+
+    expect(paypalBillingAgreementGetStub).to.be.calledOnce;
+    expect(paypalBillingAgreementGetStub).to.be.calledWith(groupCustomerId);
+    expect(paypalBillingAgreementCancelStub).to.be.calledOnce;
+    expect(paypalBillingAgreementCancelStub).to.be.calledWith(groupCustomerId, { note: i18n.t('cancelingSubscription') });
+
+    expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
+    expect(paymentCancelSubscriptionSpy).to.be.calledWith({
+      user,
+      groupId: group._id,
+      paymentMethod: 'Paypal',
+      nextBill: nextBillingDate,
+      cancellationReason: undefined,
+    });
+  });
+});

test/api/v3/unit/libs/payments/paypal/subscribe-success.test.js

@@ -0,0 +1,77 @@
+/* eslint-disable camelcase */
+import payments from '../../../../../../../website/server/libs/payments';
+import paypalPayments from '../../../../../../../website/server/libs/paypalPayments';
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import { model as User } from '../../../../../../../website/server/models/user';
+import common from '../../../../../../../website/common';
+
+describe('subscribeSuccess', () => {
+  const subKey = 'basic_3mo';
+  let user, group, block, groupId, token, headers, customerId;
+  let paypalBillingAgreementExecuteStub, paymentsCreateSubscritionStub;
+
+  beforeEach(async () => {
+    user = new User();
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+
+    token = 'test-token';
+    headers = {};
+    block = common.content.subscriptionBlocks[subKey];
+    customerId = 'test-customerId';
+
+    paypalBillingAgreementExecuteStub = sinon.stub(paypalPayments, 'paypalBillingAgreementExecute')
+      .returnsPromise({}).resolves({
+        id: customerId,
+      });
+    paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').returnsPromise().resolves({});
+  });
+
+  afterEach(() => {
+    paypalPayments.paypalBillingAgreementExecute.restore();
+    payments.createSubscription.restore();
+  });
+
+  it('creates a user subscription', async () => {
+    await paypalPayments.subscribeSuccess({user, block, groupId, token, headers});
+
+    expect(paypalBillingAgreementExecuteStub).to.be.calledOnce;
+    expect(paypalBillingAgreementExecuteStub).to.be.calledWith(token, {});
+
+    expect(paymentsCreateSubscritionStub).to.be.calledOnce;
+    expect(paymentsCreateSubscritionStub).to.be.calledWith({
+      user,
+      groupId,
+      customerId,
+      paymentMethod: 'Paypal',
+      sub: block,
+      headers,
+    });
+  });
+
+  it('create a group subscription', async () => {
+    groupId = group._id;
+
+    await paypalPayments.subscribeSuccess({user, block, groupId, token, headers});
+
+    expect(paypalBillingAgreementExecuteStub).to.be.calledOnce;
+    expect(paypalBillingAgreementExecuteStub).to.be.calledWith(token, {});
+
+    expect(paymentsCreateSubscritionStub).to.be.calledOnce;
+    expect(paymentsCreateSubscritionStub).to.be.calledWith({
+      user,
+      groupId,
+      customerId,
+      paymentMethod: 'Paypal',
+      sub: block,
+      headers,
+    });
+  });
+});

test/api/v3/unit/libs/payments/paypal/subscribe.test.js

@@ -0,0 +1,112 @@
+/* eslint-disable camelcase */
+import moment from 'moment';
+import cc from 'coupon-code';
+
+import paypalPayments from '../../../../../../../website/server/libs/paypalPayments';
+import { model as Coupon } from '../../../../../../../website/server/models/coupon';
+import common from '../../../../../../../website/common';
+
+const i18n = common.i18n;
+
+describe('subscribe', () => {
+  const subKey = 'basic_3mo';
+  let coupon, sub, approvalHerf;
+  let paypalBillingAgreementCreateStub;
+
+  beforeEach(() => {
+    approvalHerf = 'approvalHerf-test';
+    sub = Object.assign({}, common.content.subscriptionBlocks[subKey]);
+
+    paypalBillingAgreementCreateStub = sinon.stub(paypalPayments, 'paypalBillingAgreementCreate')
+      .returnsPromise().resolves({
+        links: [{ rel: 'approval_url', href: approvalHerf }],
+      });
+  });
+
+  afterEach(() => {
+    paypalPayments.paypalBillingAgreementCreate.restore();
+  });
+
+  it('should throw an error when coupon code is missing', async () => {
+    sub.discount = 40;
+
+    await expect(paypalPayments.subscribe({sub, coupon}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 400,
+        name: 'BadRequest',
+        message: i18n.t('couponCodeRequired'),
+      });
+  });
+
+  it('should throw an error when coupon code is invalid', async () => {
+    sub.discount = 40;
+    sub.key = 'google_6mo';
+    coupon = 'example-coupon';
+
+    let couponModel = new Coupon();
+    couponModel.event = 'google_6mo';
+    await couponModel.save();
+
+    sinon.stub(cc, 'validate').returns('invalid');
+
+    await expect(paypalPayments.subscribe({sub, coupon}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 401,
+        name: 'NotAuthorized',
+        message: i18n.t('invalidCoupon'),
+      });
+    cc.validate.restore();
+  });
+
+  it('subscribes with paypal with a coupon', async () => {
+    sub.discount = 40;
+    sub.key = 'google_6mo';
+    coupon = 'example-coupon';
+
+    let couponModel = new Coupon();
+    couponModel.event = 'google_6mo';
+    let updatedCouponModel = await couponModel.save();
+
+    sinon.stub(cc, 'validate').returns(updatedCouponModel._id);
+
+    let link = await paypalPayments.subscribe({sub, coupon});
+
+    expect(link).to.eql(approvalHerf);
+    expect(paypalBillingAgreementCreateStub).to.be.calledOnce;
+    let billingPlanTitle = `Habitica Subscription ($${sub.price} every ${sub.months} months, recurring)`;
+    expect(paypalBillingAgreementCreateStub).to.be.calledWith({
+      name: billingPlanTitle,
+      description: billingPlanTitle,
+      start_date: moment().add({ minutes: 5 }).format(),
+      plan: {
+        id: sub.paypalKey,
+      },
+      payer: {
+        payment_method: 'Paypal',
+      },
+    });
+
+    cc.validate.restore();
+  });
+
+  it('creates a link for a subscription', async () => {
+    delete sub.discount;
+
+    let link = await paypalPayments.subscribe({sub, coupon});
+
+    expect(link).to.eql(approvalHerf);
+    expect(paypalBillingAgreementCreateStub).to.be.calledOnce;
+    let billingPlanTitle = `Habitica Subscription ($${sub.price} every ${sub.months} months, recurring)`;
+    expect(paypalBillingAgreementCreateStub).to.be.calledWith({
+      name: billingPlanTitle,
+      description: billingPlanTitle,
+      start_date: moment().add({ minutes: 5 }).format(),
+      plan: {
+        id: sub.paypalKey,
+      },
+      payer: {
+        payment_method: 'Paypal',
+      },
+    });
+  });
+});

test/api/v3/unit/libs/payments/stripe/cancel-subscription.test.js

@@ -0,0 +1,143 @@
+import stripeModule from 'stripe';
+
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import { model as User } from '../../../../../../../website/server/models/user';
+import stripePayments from '../../../../../../../website/server/libs/stripePayments';
+import payments from '../../../../../../../website/server/libs/payments';
+import common from '../../../../../../../website/common';
+
+const i18n = common.i18n;
+
+describe('cancel subscription', () => {
+  const subKey = 'basic_3mo';
+  const stripe = stripeModule('test');
+  let user, groupId, group;
+
+  beforeEach(async () => {
+    user = new User();
+    user.profile.name = 'sender';
+    user.purchased.plan.customerId = 'customer-id';
+    user.purchased.plan.planId = subKey;
+    user.purchased.plan.lastBillingDate = new Date();
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    group.purchased.plan.customerId = 'customer-id';
+    group.purchased.plan.planId = subKey;
+    await group.save();
+
+    groupId = group._id;
+  });
+
+  it('throws an error if there is no customer id', async () => {
+    user.purchased.plan.customerId = undefined;
+
+    await expect(stripePayments.cancelSubscription({
+      user,
+      groupId: undefined,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 401,
+      name: 'NotAuthorized',
+      message: i18n.t('missingSubscription'),
+    });
+  });
+
+  it('throws an error if the group is not found', async () => {
+    await expect(stripePayments.cancelSubscription({
+      user,
+      groupId: 'fake-group',
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 404,
+      name: 'NotFound',
+      message: i18n.t('groupNotFound'),
+    });
+  });
+
+  it('throws an error if user is not the group leader', async () => {
+    let nonLeader = new User();
+    nonLeader.guilds.push(groupId);
+    await nonLeader.save();
+
+    await expect(stripePayments.cancelSubscription({
+      user: nonLeader,
+      groupId,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 401,
+      name: 'NotAuthorized',
+      message: i18n.t('onlyGroupLeaderCanManageSubscription'),
+    });
+  });
+
+  describe('success', () => {
+    let stripeDeleteCustomerStub, paymentsCancelSubStub, stripeRetrieveStub, subscriptionId, currentPeriodEndTimeStamp;
+
+    beforeEach(() => {
+      subscriptionId = 'subId';
+      stripeDeleteCustomerStub = sinon.stub(stripe.customers, 'del').returnsPromise().resolves({});
+      paymentsCancelSubStub = sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+
+      currentPeriodEndTimeStamp = (new Date()).getTime();
+      stripeRetrieveStub = sinon.stub(stripe.customers, 'retrieve')
+        .returnsPromise().resolves({
+          subscriptions: {
+            data: [{id: subscriptionId, current_period_end: currentPeriodEndTimeStamp}], // eslint-disable-line camelcase
+          },
+        });
+    });
+
+    afterEach(() => {
+      stripe.customers.del.restore();
+      stripe.customers.retrieve.restore();
+      payments.cancelSubscription.restore();
+    });
+
+    it('cancels a user subscription', async () => {
+      await stripePayments.cancelSubscription({
+        user,
+        groupId: undefined,
+      }, stripe);
+
+      expect(stripeDeleteCustomerStub).to.be.calledOnce;
+      expect(stripeDeleteCustomerStub).to.be.calledWith(user.purchased.plan.customerId);
+      expect(stripeRetrieveStub).to.be.calledOnce;
+      expect(stripeRetrieveStub).to.be.calledWith(user.purchased.plan.customerId);
+      expect(paymentsCancelSubStub).to.be.calledOnce;
+      expect(paymentsCancelSubStub).to.be.calledWith({
+        user,
+        groupId: undefined,
+        nextBill: currentPeriodEndTimeStamp * 1000, // timestamp in seconds
+        paymentMethod: 'Stripe',
+        cancellationReason: undefined,
+      });
+    });
+
+    it('cancels a group subscription', async () => {
+      await stripePayments.cancelSubscription({
+        user,
+        groupId,
+      }, stripe);
+
+      expect(stripeDeleteCustomerStub).to.be.calledOnce;
+      expect(stripeDeleteCustomerStub).to.be.calledWith(group.purchased.plan.customerId);
+      expect(stripeRetrieveStub).to.be.calledOnce;
+      expect(stripeRetrieveStub).to.be.calledWith(user.purchased.plan.customerId);
+      expect(paymentsCancelSubStub).to.be.calledOnce;
+      expect(paymentsCancelSubStub).to.be.calledWith({
+        user,
+        groupId,
+        nextBill: currentPeriodEndTimeStamp * 1000, // timestamp in seconds
+        paymentMethod: 'Stripe',
+        cancellationReason: undefined,
+      });
+    });
+  });
+});

test/api/v3/unit/libs/payments/stripe/checkout-subscription.test.js

@@ -0,0 +1,307 @@
+import stripeModule from 'stripe';
+import cc from 'coupon-code';
+
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import { model as User } from '../../../../../../../website/server/models/user';
+import { model as Coupon } from '../../../../../../../website/server/models/coupon';
+import stripePayments from '../../../../../../../website/server/libs/stripePayments';
+import payments from '../../../../../../../website/server/libs/payments';
+import common from '../../../../../../../website/common';
+
+const i18n = common.i18n;
+
+describe('checkout with subscription', () => {
+  const subKey = 'basic_3mo';
+  const stripe = stripeModule('test');
+  let user, group, data, gift, sub, groupId, email, headers, coupon, customerIdResponse, subscriptionId, token;
+  let spy;
+  let stripeCreateCustomerSpy;
+  let stripePaymentsCreateSubSpy;
+
+  beforeEach(async () => {
+    user = new User();
+    user.profile.name = 'sender';
+    user.purchased.plan.customerId = 'customer-id';
+    user.purchased.plan.planId = subKey;
+    user.purchased.plan.lastBillingDate = new Date();
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    group.purchased.plan.customerId = 'customer-id';
+    group.purchased.plan.planId = subKey;
+    await group.save();
+
+    sub = {
+      key: 'basic_3mo',
+    };
+
+    data = {
+      user,
+      sub,
+      customerId: 'customer-id',
+      paymentMethod: 'Payment Method',
+    };
+
+    email = 'example@example.com';
+    customerIdResponse = 'test-id';
+    subscriptionId = 'test-sub-id';
+    token = 'test-token';
+
+    spy = sinon.stub(stripe.subscriptions, 'update');
+    spy.returnsPromise().resolves;
+
+    stripeCreateCustomerSpy = sinon.stub(stripe.customers, 'create');
+    let stripCustomerResponse = {
+      id: customerIdResponse,
+      subscriptions: {
+        data: [{id: subscriptionId}],
+      },
+    };
+    stripeCreateCustomerSpy.returnsPromise().resolves(stripCustomerResponse);
+
+    stripePaymentsCreateSubSpy = sinon.stub(payments, 'createSubscription');
+    stripePaymentsCreateSubSpy.returnsPromise().resolves({});
+
+    data.groupId = group._id;
+    data.sub.quantity = 3;
+  });
+
+  afterEach(function () {
+    stripe.subscriptions.update.restore();
+    stripe.customers.create.restore();
+    payments.createSubscription.restore();
+  });
+
+  it('should throw an error if we are missing a token', async () => {
+    await expect(stripePayments.checkout({
+      user,
+      gift,
+      sub,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 400,
+      name: 'BadRequest',
+      message: 'Missing req.body.id',
+    });
+  });
+
+  it('should throw an error when coupon code is missing', async () => {
+    sub.discount = 40;
+
+    await expect(stripePayments.checkout({
+      token,
+      user,
+      gift,
+      sub,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 400,
+      name: 'BadRequest',
+      message: i18n.t('couponCodeRequired'),
+    });
+  });
+
+  it('should throw an error when coupon code is invalid', async () => {
+    sub.discount = 40;
+    sub.key = 'google_6mo';
+    coupon = 'example-coupon';
+
+    let couponModel = new Coupon();
+    couponModel.event = 'google_6mo';
+    await couponModel.save();
+
+    sinon.stub(cc, 'validate').returns('invalid');
+
+    await expect(stripePayments.checkout({
+      token,
+      user,
+      gift,
+      sub,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 400,
+      name: 'BadRequest',
+      message: i18n.t('invalidCoupon'),
+    });
+    cc.validate.restore();
+  });
+
+  it('subscribes with stripe with a coupon', async () => {
+    sub.discount = 40;
+    sub.key = 'google_6mo';
+    coupon = 'example-coupon';
+
+    let couponModel = new Coupon();
+    couponModel.event = 'google_6mo';
+    let updatedCouponModel = await couponModel.save();
+
+    sinon.stub(cc, 'validate').returns(updatedCouponModel._id);
+
+    await stripePayments.checkout({
+      token,
+      user,
+      gift,
+      sub,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }, stripe);
+
+    expect(stripeCreateCustomerSpy).to.be.calledOnce;
+    expect(stripeCreateCustomerSpy).to.be.calledWith({
+      email,
+      metadata: { uuid: user._id },
+      card: token,
+      plan: sub.key,
+    });
+
+    expect(stripePaymentsCreateSubSpy).to.be.calledOnce;
+    expect(stripePaymentsCreateSubSpy).to.be.calledWith({
+      user,
+      customerId: customerIdResponse,
+      paymentMethod: 'Stripe',
+      sub,
+      headers,
+      groupId: undefined,
+      subscriptionId: undefined,
+    });
+
+    cc.validate.restore();
+  });
+
+  it('subscribes a user', async () => {
+    sub = data.sub;
+
+    await stripePayments.checkout({
+      token,
+      user,
+      gift,
+      sub,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }, stripe);
+
+    expect(stripeCreateCustomerSpy).to.be.calledOnce;
+    expect(stripeCreateCustomerSpy).to.be.calledWith({
+      email,
+      metadata: { uuid: user._id },
+      card: token,
+      plan: sub.key,
+    });
+
+    expect(stripePaymentsCreateSubSpy).to.be.calledOnce;
+    expect(stripePaymentsCreateSubSpy).to.be.calledWith({
+      user,
+      customerId: customerIdResponse,
+      paymentMethod: 'Stripe',
+      sub,
+      headers,
+      groupId: undefined,
+      subscriptionId: undefined,
+    });
+  });
+
+  it('subscribes a group', async () => {
+    token = 'test-token';
+    sub = data.sub;
+    groupId = group._id;
+    email = 'test@test.com';
+    headers = {};
+
+    await stripePayments.checkout({
+      token,
+      user,
+      gift,
+      sub,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }, stripe);
+
+    expect(stripeCreateCustomerSpy).to.be.calledOnce;
+    expect(stripeCreateCustomerSpy).to.be.calledWith({
+      email,
+      metadata: { uuid: user._id },
+      card: token,
+      plan: sub.key,
+      quantity: 3,
+    });
+
+    expect(stripePaymentsCreateSubSpy).to.be.calledOnce;
+    expect(stripePaymentsCreateSubSpy).to.be.calledWith({
+      user,
+      customerId: customerIdResponse,
+      paymentMethod: 'Stripe',
+      sub,
+      headers,
+      groupId,
+      subscriptionId,
+    });
+  });
+
+  it('subscribes a group with the correct number of group members', async () => {
+    token = 'test-token';
+    sub = data.sub;
+    groupId = group._id;
+    email = 'test@test.com';
+    headers = {};
+    user = new User();
+    user.guilds.push(groupId);
+    await user.save();
+    group.memberCount = 2;
+    await group.save();
+
+    await stripePayments.checkout({
+      token,
+      user,
+      gift,
+      sub,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }, stripe);
+
+    expect(stripeCreateCustomerSpy).to.be.calledOnce;
+    expect(stripeCreateCustomerSpy).to.be.calledWith({
+      email,
+      metadata: { uuid: user._id },
+      card: token,
+      plan: sub.key,
+      quantity: 4,
+    });
+
+    expect(stripePaymentsCreateSubSpy).to.be.calledOnce;
+    expect(stripePaymentsCreateSubSpy).to.be.calledWith({
+      user,
+      customerId: customerIdResponse,
+      paymentMethod: 'Stripe',
+      sub,
+      headers,
+      groupId,
+      subscriptionId,
+    });
+  });
+});

test/api/v3/unit/libs/payments/stripe/checkout.test.js

@@ -0,0 +1,193 @@
+import stripeModule from 'stripe';
+
+import { model as User } from '../../../../../../../website/server/models/user';
+import stripePayments from '../../../../../../../website/server/libs/stripePayments';
+import payments from '../../../../../../../website/server/libs/payments';
+import common from '../../../../../../../website/common';
+
+const i18n = common.i18n;
+
+describe('checkout', () => {
+  const subKey = 'basic_3mo';
+  const stripe = stripeModule('test');
+  let stripeChargeStub, paymentBuyGemsStub, paymentCreateSubscritionStub;
+  let user, gift, groupId, email, headers, coupon, customerIdResponse, token;
+
+  beforeEach(() => {
+    user = new User();
+    user.profile.name = 'sender';
+    user.purchased.plan.customerId = 'customer-id';
+    user.purchased.plan.planId = subKey;
+    user.purchased.plan.lastBillingDate = new Date();
+
+    token = 'test-token';
+
+    customerIdResponse = 'example-customerIdResponse';
+    let stripCustomerResponse = {
+      id: customerIdResponse,
+    };
+    stripeChargeStub = sinon.stub(stripe.charges, 'create').returnsPromise().resolves(stripCustomerResponse);
+    paymentBuyGemsStub = sinon.stub(payments, 'buyGems').returnsPromise().resolves({});
+    paymentCreateSubscritionStub = sinon.stub(payments, 'createSubscription').returnsPromise().resolves({});
+  });
+
+  afterEach(() => {
+    stripe.charges.create.restore();
+    payments.buyGems.restore();
+    payments.createSubscription.restore();
+  });
+
+  it('should error if gem amount is too low', async () => {
+    let receivingUser = new User();
+    receivingUser.save();
+    gift = {
+      type: 'gems',
+      gems: {
+        amount: 0,
+        uuid: receivingUser._id,
+      },
+    };
+
+    await expect(stripePayments.checkout({
+      token,
+      user,
+      gift,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }, stripe))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 400,
+      message: 'Amount must be at least 1.',
+      name: 'BadRequest',
+    });
+  });
+
+
+  it('should error if user cannot get gems', async () => {
+    gift = undefined;
+    sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+
+    await expect(stripePayments.checkout({
+      token,
+      user,
+      gift,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }, stripe)).to.eventually.be.rejected.and.to.eql({
+      httpCode: 401,
+      message: i18n.t('groupPolicyCannotGetGems'),
+      name: 'NotAuthorized',
+    });
+  });
+
+  it('should purchase gems', async () => {
+    gift = undefined;
+    sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
+
+    await stripePayments.checkout({
+      token,
+      user,
+      gift,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }, stripe);
+
+    expect(stripeChargeStub).to.be.calledOnce;
+    expect(stripeChargeStub).to.be.calledWith({
+      amount: 500,
+      currency: 'usd',
+      card: token,
+    });
+
+    expect(paymentBuyGemsStub).to.be.calledOnce;
+    expect(paymentBuyGemsStub).to.be.calledWith({
+      user,
+      customerId: customerIdResponse,
+      paymentMethod: 'Stripe',
+      gift,
+    });
+    expect(user.canGetGems).to.be.calledOnce;
+    user.canGetGems.restore();
+  });
+
+  it('should gift gems', async () => {
+    let receivingUser = new User();
+    await receivingUser.save();
+    gift = {
+      type: 'gems',
+      uuid: receivingUser._id,
+      gems: {
+        amount: 16,
+      },
+    };
+
+    await stripePayments.checkout({
+      token,
+      user,
+      gift,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }, stripe);
+
+    expect(stripeChargeStub).to.be.calledOnce;
+    expect(stripeChargeStub).to.be.calledWith({
+      amount: '400',
+      currency: 'usd',
+      card: token,
+    });
+
+    expect(paymentBuyGemsStub).to.be.calledOnce;
+    expect(paymentBuyGemsStub).to.be.calledWith({
+      user,
+      customerId: customerIdResponse,
+      paymentMethod: 'Gift',
+      gift,
+    });
+  });
+
+  it('should gift a subscription', async () => {
+    let receivingUser = new User();
+    receivingUser.save();
+    gift = {
+      type: 'subscription',
+      subscription: {
+        key: subKey,
+        uuid: receivingUser._id,
+      },
+    };
+
+    await stripePayments.checkout({
+      token,
+      user,
+      gift,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }, stripe);
+
+    gift.member = receivingUser;
+    expect(stripeChargeStub).to.be.calledOnce;
+    expect(stripeChargeStub).to.be.calledWith({
+      amount: '1500',
+      currency: 'usd',
+      card: token,
+    });
+
+    expect(paymentCreateSubscritionStub).to.be.calledOnce;
+    expect(paymentCreateSubscritionStub).to.be.calledWith({
+      user,
+      customerId: customerIdResponse,
+      paymentMethod: 'Gift',
+      gift,
+    });
+  });
+});

test/api/v3/unit/libs/payments/stripe/edit-subscription.test.js

@@ -0,0 +1,147 @@
+import stripeModule from 'stripe';
+
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import { model as User } from '../../../../../../../website/server/models/user';
+import stripePayments from '../../../../../../../website/server/libs/stripePayments';
+import common from '../../../../../../../website/common';
+
+const i18n = common.i18n;
+
+describe('edit subscription', () => {
+  const subKey = 'basic_3mo';
+  const stripe = stripeModule('test');
+  let user, groupId, group, token;
+
+  beforeEach(async () => {
+    user = new User();
+    user.profile.name = 'sender';
+    user.purchased.plan.customerId = 'customer-id';
+    user.purchased.plan.planId = subKey;
+    user.purchased.plan.lastBillingDate = new Date();
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    group.purchased.plan.customerId = 'customer-id';
+    group.purchased.plan.planId = subKey;
+    await group.save();
+
+    groupId = group._id;
+
+    token = 'test-token';
+  });
+
+  it('throws an error if there is no customer id', async () => {
+    user.purchased.plan.customerId = undefined;
+
+    await expect(stripePayments.editSubscription({
+      user,
+      groupId: undefined,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 401,
+      name: 'NotAuthorized',
+      message: i18n.t('missingSubscription'),
+    });
+  });
+
+  it('throws an error if a token is not provided', async () => {
+    await expect(stripePayments.editSubscription({
+      user,
+      groupId: undefined,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 400,
+      name: 'BadRequest',
+      message: 'Missing req.body.id',
+    });
+  });
+
+  it('throws an error if the group is not found', async () => {
+    await expect(stripePayments.editSubscription({
+      token,
+      user,
+      groupId: 'fake-group',
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 404,
+      name: 'NotFound',
+      message: i18n.t('groupNotFound'),
+    });
+  });
+
+  it('throws an error if user is not the group leader', async () => {
+    let nonLeader = new User();
+    nonLeader.guilds.push(groupId);
+    await nonLeader.save();
+
+    await expect(stripePayments.editSubscription({
+      token,
+      user: nonLeader,
+      groupId,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 401,
+      name: 'NotAuthorized',
+      message: i18n.t('onlyGroupLeaderCanManageSubscription'),
+    });
+  });
+
+  describe('success', () => {
+    let stripeListSubscriptionStub, stripeUpdateSubscriptionStub, subscriptionId;
+
+    beforeEach(() => {
+      subscriptionId = 'subId';
+      stripeListSubscriptionStub = sinon.stub(stripe.customers, 'listSubscriptions')
+        .returnsPromise().resolves({
+          data: [{id: subscriptionId}],
+        });
+
+      stripeUpdateSubscriptionStub = sinon.stub(stripe.customers, 'updateSubscription').returnsPromise().resolves({});
+    });
+
+    afterEach(() => {
+      stripe.customers.listSubscriptions.restore();
+      stripe.customers.updateSubscription.restore();
+    });
+
+    it('edits a user subscription', async () => {
+      await stripePayments.editSubscription({
+        token,
+        user,
+        groupId: undefined,
+      }, stripe);
+
+      expect(stripeListSubscriptionStub).to.be.calledOnce;
+      expect(stripeListSubscriptionStub).to.be.calledWith(user.purchased.plan.customerId);
+      expect(stripeUpdateSubscriptionStub).to.be.calledOnce;
+      expect(stripeUpdateSubscriptionStub).to.be.calledWith(
+        user.purchased.plan.customerId,
+        subscriptionId,
+        { card: token }
+      );
+    });
+
+    it('edits a group subscription', async () => {
+      await stripePayments.editSubscription({
+        token,
+        user,
+        groupId,
+      }, stripe);
+
+      expect(stripeListSubscriptionStub).to.be.calledOnce;
+      expect(stripeListSubscriptionStub).to.be.calledWith(group.purchased.plan.customerId);
+      expect(stripeUpdateSubscriptionStub).to.be.calledOnce;
+      expect(stripeUpdateSubscriptionStub).to.be.calledWith(
+        group.purchased.plan.customerId,
+        subscriptionId,
+        { card: token }
+      );
+    });
+  });
+});

test/api/v3/unit/libs/payments/stripe/handle-webhook.test.js

@@ -0,0 +1,260 @@
+import stripeModule from 'stripe';
+
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import { model as User } from '../../../../../../../website/server/models/user';
+import stripePayments from '../../../../../../../website/server/libs/stripePayments';
+import payments from '../../../../../../../website/server/libs/payments';
+import common from '../../../../../../../website/common';
+import logger from '../../../../../../../website/server/libs/logger';
+import { v4 as uuid } from 'uuid';
+import moment from 'moment';
+
+const i18n = common.i18n;
+
+describe('Stripe - Webhooks', () => {
+  const stripe = stripeModule('test');
+
+  describe('all events', () => {
+    const eventType = 'account.updated';
+    const event = {id: 123};
+    const eventRetrieved = {type: eventType};
+
+    beforeEach(() => {
+      sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves(eventRetrieved);
+      sinon.stub(logger, 'error');
+    });
+
+    afterEach(() => {
+      stripe.events.retrieve.restore();
+      logger.error.restore();
+    });
+
+    it('logs an error if an unsupported webhook event is passed', async () => {
+      const error = new Error(`Missing handler for Stripe webhook ${eventType}`);
+      await stripePayments.handleWebhooks({requestBody: event}, stripe);
+      expect(logger.error).to.have.been.called.once;
+
+      const calledWith = logger.error.getCall(0).args;
+      expect(calledWith[0].message).to.equal(error.message);
+      expect(calledWith[1].event).to.equal(eventRetrieved);
+    });
+
+    it('retrieves and validates the event from Stripe', async () => {
+      await stripePayments.handleWebhooks({requestBody: event}, stripe);
+      expect(stripe.events.retrieve).to.have.been.called.once;
+      expect(stripe.events.retrieve).to.have.been.calledWith(event.id);
+    });
+  });
+
+  describe('customer.subscription.deleted', () => {
+    const eventType = 'customer.subscription.deleted';
+
+    beforeEach(() => {
+      sinon.stub(stripe.customers, 'del').returnsPromise().resolves({});
+      sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+    });
+
+    afterEach(() => {
+      stripe.customers.del.restore();
+      payments.cancelSubscription.restore();
+    });
+
+    it('does not do anything if event.request is null (subscription cancelled manually)', async () => {
+      sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+        id: 123,
+        type: eventType,
+        request: 123,
+      });
+
+      await stripePayments.handleWebhooks({requestBody: {}}, stripe);
+
+      expect(stripe.events.retrieve).to.have.been.called.once;
+      expect(stripe.customers.del).to.not.have.been.called;
+      expect(payments.cancelSubscription).to.not.have.been.called;
+      stripe.events.retrieve.restore();
+    });
+
+    describe('user subscription', () => {
+      it('throws an error if the user is not found', async () => {
+        const customerId = 456;
+        sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+          id: 123,
+          type: eventType,
+          data: {
+            object: {
+              plan: {
+                id: 'basic_earned',
+              },
+              customer: customerId,
+            },
+          },
+          request: null,
+        });
+
+        await expect(stripePayments.handleWebhooks({requestBody: {}}, stripe)).to.eventually.be.rejectedWith({
+          message: i18n.t('userNotFound'),
+          httpCode: 404,
+          name: 'NotFound',
+        });
+
+        expect(stripe.customers.del).to.not.have.been.called;
+        expect(payments.cancelSubscription).to.not.have.been.called;
+
+        stripe.events.retrieve.restore();
+      });
+
+      it('deletes the customer on Stripe and calls payments.cancelSubscription', async () => {
+        const customerId = '456';
+
+        let subscriber = new User();
+        subscriber.purchased.plan.customerId = customerId;
+        subscriber.purchased.plan.paymentMethod = 'Stripe';
+        await subscriber.save();
+
+        sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+          id: 123,
+          type: eventType,
+          data: {
+            object: {
+              plan: {
+                id: 'basic_earned',
+              },
+              customer: customerId,
+            },
+          },
+          request: null,
+        });
+
+        await stripePayments.handleWebhooks({requestBody: {}}, stripe);
+
+        expect(stripe.customers.del).to.have.been.calledOnce;
+        expect(stripe.customers.del).to.have.been.calledWith(customerId);
+        expect(payments.cancelSubscription).to.have.been.calledOnce;
+
+        let cancelSubscriptionOpts = payments.cancelSubscription.lastCall.args[0];
+        expect(cancelSubscriptionOpts.user._id).to.equal(subscriber._id);
+        expect(cancelSubscriptionOpts.paymentMethod).to.equal('Stripe');
+        expect(Math.round(moment(cancelSubscriptionOpts.nextBill).diff(new Date(), 'days', true))).to.equal(3);
+        expect(cancelSubscriptionOpts.groupId).to.be.undefined;
+
+        stripe.events.retrieve.restore();
+      });
+    });
+
+    describe('group plan subscription', () => {
+      it('throws an error if the group is not found', async () => {
+        const customerId = 456;
+        sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+          id: 123,
+          type: eventType,
+          data: {
+            object: {
+              plan: {
+                id: 'group_monthly',
+              },
+              customer: customerId,
+            },
+          },
+          request: null,
+        });
+
+        await expect(stripePayments.handleWebhooks({requestBody: {}}, stripe)).to.eventually.be.rejectedWith({
+          message: i18n.t('groupNotFound'),
+          httpCode: 404,
+          name: 'NotFound',
+        });
+
+        expect(stripe.customers.del).to.not.have.been.called;
+        expect(payments.cancelSubscription).to.not.have.been.called;
+
+        stripe.events.retrieve.restore();
+      });
+
+      it('throws an error if the group leader is not found', async () => {
+        const customerId = 456;
+
+        let subscriber = generateGroup({
+          name: 'test group',
+          type: 'guild',
+          privacy: 'public',
+          leader: uuid(),
+        });
+        subscriber.purchased.plan.customerId = customerId;
+        subscriber.purchased.plan.paymentMethod = 'Stripe';
+        await subscriber.save();
+
+        sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+          id: 123,
+          type: eventType,
+          data: {
+            object: {
+              plan: {
+                id: 'group_monthly',
+              },
+              customer: customerId,
+            },
+          },
+          request: null,
+        });
+
+        await expect(stripePayments.handleWebhooks({requestBody: {}}, stripe)).to.eventually.be.rejectedWith({
+          message: i18n.t('userNotFound'),
+          httpCode: 404,
+          name: 'NotFound',
+        });
+
+        expect(stripe.customers.del).to.not.have.been.called;
+        expect(payments.cancelSubscription).to.not.have.been.called;
+
+        stripe.events.retrieve.restore();
+      });
+
+      it('deletes the customer on Stripe and calls payments.cancelSubscription', async () => {
+        const customerId = '456';
+
+        let leader = new User();
+        await leader.save();
+
+        let subscriber = generateGroup({
+          name: 'test group',
+          type: 'guild',
+          privacy: 'public',
+          leader: leader._id,
+        });
+        subscriber.purchased.plan.customerId = customerId;
+        subscriber.purchased.plan.paymentMethod = 'Stripe';
+        await subscriber.save();
+
+        sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+          id: 123,
+          type: eventType,
+          data: {
+            object: {
+              plan: {
+                id: 'group_monthly',
+              },
+              customer: customerId,
+            },
+          },
+          request: null,
+        });
+
+        await stripePayments.handleWebhooks({requestBody: {}}, stripe);
+
+        expect(stripe.customers.del).to.have.been.calledOnce;
+        expect(stripe.customers.del).to.have.been.calledWith(customerId);
+        expect(payments.cancelSubscription).to.have.been.calledOnce;
+
+        let cancelSubscriptionOpts = payments.cancelSubscription.lastCall.args[0];
+        expect(cancelSubscriptionOpts.user._id).to.equal(leader._id);
+        expect(cancelSubscriptionOpts.paymentMethod).to.equal('Stripe');
+        expect(Math.round(moment(cancelSubscriptionOpts.nextBill).diff(new Date(), 'days', true))).to.equal(3);
+        expect(cancelSubscriptionOpts.groupId).to.equal(subscriber._id);
+
+        stripe.events.retrieve.restore();
+      });
+    });
+  });
+});

test/api/v3/unit/libs/payments/stripe/upgrade-group-plan.test.js

@@ -0,0 +1,66 @@
+import stripeModule from 'stripe';
+
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import { model as User } from '../../../../../../../website/server/models/user';
+import { model as Group } from '../../../../../../../website/server/models/group';
+import stripePayments from '../../../../../../../website/server/libs/stripePayments';
+import payments from '../../../../../../../website/server/libs/payments';
+
+describe('Stripe - Upgrade Group Plan', () => {
+  const stripe = stripeModule('test');
+  let spy, data, user, group;
+
+  beforeEach(async function () {
+    user = new User();
+    user.profile.name = 'sender';
+
+    data = {
+      user,
+      sub: {
+        key: 'basic_3mo', // @TODO: Validate that this is group
+      },
+      customerId: 'customer-id',
+      paymentMethod: 'Payment Method',
+      headers: {
+        'x-client': 'habitica-web',
+        'user-agent': '',
+      },
+    };
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    await group.save();
+
+    spy = sinon.stub(stripe.subscriptions, 'update');
+    spy.returnsPromise().resolves([]);
+    data.groupId = group._id;
+    data.sub.quantity = 3;
+    stripePayments.setStripeApi(stripe);
+  });
+
+  afterEach(function () {
+    stripe.subscriptions.update.restore();
+  });
+
+  it('updates a group plan quantity', async () => {
+    data.paymentMethod = 'Stripe';
+    await payments.createSubscription(data);
+
+    let updatedGroup = await Group.findById(group._id).exec();
+    expect(updatedGroup.purchased.plan.quantity).to.eql(3);
+
+    updatedGroup.memberCount += 1;
+    await updatedGroup.save();
+
+    await stripePayments.chargeForAdditionalGroupMember(updatedGroup);
+
+    expect(spy.calledOnce).to.be.true;
+    expect(updatedGroup.purchased.plan.quantity).to.eql(4);
+  });
+});

test/api/v3/unit/libs/paypalPayments.test.js

@@ -1,561 +0,0 @@
-/* eslint-disable camelcase */
-import nconf from 'nconf';
-import moment from 'moment';
-import cc from 'coupon-code';
-
-import payments from '../../../../../website/server/libs/payments';
-import paypalPayments from '../../../../../website/server/libs/paypalPayments';
-import {
-  generateGroup,
-} from '../../../../helpers/api-unit.helper.js';
-import { model as User } from '../../../../../website/server/models/user';
-import { model as Coupon } from '../../../../../website/server/models/coupon';
-import common from '../../../../../website/common';
-
-const BASE_URL = nconf.get('BASE_URL');
-const i18n = common.i18n;
-
-describe('Paypal Payments', ()  => {
-  let subKey = 'basic_3mo';
-
-  describe('checkout', () => {
-    let paypalPaymentCreateStub;
-    let approvalHerf;
-
-    function getPaypalCreateOptions (description, amount) {
-      return {
-        intent: 'sale',
-        payer: { payment_method: 'Paypal' },
-        redirect_urls: {
-          return_url: `${BASE_URL}/paypal/checkout/success`,
-          cancel_url: `${BASE_URL}`,
-        },
-        transactions: [{
-          item_list: {
-            items: [{
-              name: description,
-              price: amount,
-              currency: 'USD',
-              quantity: 1,
-            }],
-          },
-          amount: {
-            currency: 'USD',
-            total: amount,
-          },
-          description,
-        }],
-      };
-    }
-
-    beforeEach(() => {
-      approvalHerf = 'approval_href';
-      paypalPaymentCreateStub = sinon.stub(paypalPayments, 'paypalPaymentCreate')
-        .returnsPromise().resolves({
-          links: [{ rel: 'approval_url', href: approvalHerf }],
-        });
-    });
-
-    afterEach(() => {
-      paypalPayments.paypalPaymentCreate.restore();
-    });
-
-    it('creates a link for gem purchases', async () => {
-      let link = await paypalPayments.checkout({user: new User()});
-
-      expect(paypalPaymentCreateStub).to.be.calledOnce;
-      expect(paypalPaymentCreateStub).to.be.calledWith(getPaypalCreateOptions('Habitica Gems', 5.00));
-      expect(link).to.eql(approvalHerf);
-    });
-
-    it('should error if gem amount is too low', async () => {
-      let receivingUser = new User();
-      receivingUser.save();
-      let gift = {
-        type: 'gems',
-        gems: {
-          amount: 0,
-          uuid: receivingUser._id,
-        },
-      };
-
-      await expect(paypalPayments.checkout({gift}))
-      .to.eventually.be.rejected.and.to.eql({
-        httpCode: 400,
-        message: 'Amount must be at least 1.',
-        name: 'BadRequest',
-      });
-    });
-
-    it('should error if the user cannot get gems', async () => {
-      let user = new User();
-      sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
-
-      await expect(paypalPayments.checkout({user})).to.eventually.be.rejected.and.to.eql({
-        httpCode: 401,
-        message: i18n.t('groupPolicyCannotGetGems'),
-        name: 'NotAuthorized',
-      });
-    });
-
-    it('creates a link for gifting gems', async () => {
-      let receivingUser = new User();
-      await receivingUser.save();
-      let gift = {
-        type: 'gems',
-        uuid: receivingUser._id,
-        gems: {
-          amount: 16,
-        },
-      };
-
-      let link = await paypalPayments.checkout({gift});
-
-      expect(paypalPaymentCreateStub).to.be.calledOnce;
-      expect(paypalPaymentCreateStub).to.be.calledWith(getPaypalCreateOptions('Habitica Gems (Gift)', '4.00'));
-      expect(link).to.eql(approvalHerf);
-    });
-
-    it('creates a link for gifting a subscription', async () => {
-      let receivingUser = new User();
-      receivingUser.save();
-      let gift = {
-        type: 'subscription',
-        subscription: {
-          key: subKey,
-          uuid: receivingUser._id,
-        },
-      };
-
-      let link = await paypalPayments.checkout({gift});
-
-      expect(paypalPaymentCreateStub).to.be.calledOnce;
-      expect(paypalPaymentCreateStub).to.be.calledWith(getPaypalCreateOptions('mo. Habitica Subscription (Gift)', '15.00'));
-      expect(link).to.eql(approvalHerf);
-    });
-  });
-
-  describe('checkout success', () => {
-    let user, gift, customerId, paymentId;
-    let paypalPaymentExecuteStub, paymentBuyGemsStub, paymentsCreateSubscritionStub;
-
-    beforeEach(() => {
-      user = new User();
-      customerId = 'customerId-test';
-      paymentId = 'paymentId-test';
-
-      paypalPaymentExecuteStub = sinon.stub(paypalPayments, 'paypalPaymentExecute').returnsPromise().resolves({});
-      paymentBuyGemsStub = sinon.stub(payments, 'buyGems').returnsPromise().resolves({});
-      paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').returnsPromise().resolves({});
-    });
-
-    afterEach(() => {
-      paypalPayments.paypalPaymentExecute.restore();
-      payments.buyGems.restore();
-      payments.createSubscription.restore();
-    });
-
-    it('purchases gems', async () => {
-      await paypalPayments.checkoutSuccess({user, gift, paymentId, customerId});
-
-      expect(paypalPaymentExecuteStub).to.be.calledOnce;
-      expect(paypalPaymentExecuteStub).to.be.calledWith(paymentId, { payer_id: customerId });
-      expect(paymentBuyGemsStub).to.be.calledOnce;
-      expect(paymentBuyGemsStub).to.be.calledWith({
-        user,
-        customerId,
-        paymentMethod: 'Paypal',
-      });
-    });
-
-    it('gifts gems', async () => {
-      let receivingUser = new User();
-      await receivingUser.save();
-      gift = {
-        type: 'gems',
-        gems: {
-          amount: 16,
-          uuid: receivingUser._id,
-        },
-      };
-
-      await paypalPayments.checkoutSuccess({user, gift, paymentId, customerId});
-
-      expect(paypalPaymentExecuteStub).to.be.calledOnce;
-      expect(paypalPaymentExecuteStub).to.be.calledWith(paymentId, { payer_id: customerId });
-      expect(paymentBuyGemsStub).to.be.calledOnce;
-      expect(paymentBuyGemsStub).to.be.calledWith({
-        user,
-        customerId,
-        paymentMethod: 'PayPal (Gift)',
-        gift,
-      });
-    });
-
-    it('gifts subscription', async () => {
-      let receivingUser = new User();
-      await receivingUser.save();
-      gift = {
-        type: 'subscription',
-        subscription: {
-          key: subKey,
-          uuid: receivingUser._id,
-        },
-      };
-
-      await paypalPayments.checkoutSuccess({user, gift, paymentId, customerId});
-
-      expect(paypalPaymentExecuteStub).to.be.calledOnce;
-      expect(paypalPaymentExecuteStub).to.be.calledWith(paymentId, { payer_id: customerId });
-      expect(paymentsCreateSubscritionStub).to.be.calledOnce;
-      expect(paymentsCreateSubscritionStub).to.be.calledWith({
-        user,
-        customerId,
-        paymentMethod: 'PayPal (Gift)',
-        gift,
-      });
-    });
-  });
-
-  describe('subscribe', () => {
-    let coupon, sub, approvalHerf;
-    let paypalBillingAgreementCreateStub;
-
-    beforeEach(() => {
-      approvalHerf = 'approvalHerf-test';
-      sub = common.content.subscriptionBlocks[subKey];
-
-      paypalBillingAgreementCreateStub = sinon.stub(paypalPayments, 'paypalBillingAgreementCreate')
-        .returnsPromise().resolves({
-          links: [{ rel: 'approval_url', href: approvalHerf }],
-        });
-    });
-
-    afterEach(() => {
-      paypalPayments.paypalBillingAgreementCreate.restore();
-    });
-
-    it('should throw an error when coupon code is missing', async () => {
-      sub.discount = 40;
-
-      await expect(paypalPayments.subscribe({sub, coupon}))
-        .to.eventually.be.rejected.and.to.eql({
-          httpCode: 400,
-          name: 'BadRequest',
-          message: i18n.t('couponCodeRequired'),
-        });
-    });
-
-    it('should throw an error when coupon code is invalid', async () => {
-      sub.discount = 40;
-      sub.key = 'google_6mo';
-      coupon = 'example-coupon';
-
-      let couponModel = new Coupon();
-      couponModel.event = 'google_6mo';
-      await couponModel.save();
-
-      sinon.stub(cc, 'validate').returns('invalid');
-
-      await expect(paypalPayments.subscribe({sub, coupon}))
-        .to.eventually.be.rejected.and.to.eql({
-          httpCode: 401,
-          name: 'NotAuthorized',
-          message: i18n.t('invalidCoupon'),
-        });
-      cc.validate.restore();
-    });
-
-    it('subscribes with amazon with a coupon', async () => {
-      sub.discount = 40;
-      sub.key = 'google_6mo';
-      coupon = 'example-coupon';
-
-      let couponModel = new Coupon();
-      couponModel.event = 'google_6mo';
-      let updatedCouponModel = await couponModel.save();
-
-      sinon.stub(cc, 'validate').returns(updatedCouponModel._id);
-
-      let link = await paypalPayments.subscribe({sub, coupon});
-
-      expect(link).to.eql(approvalHerf);
-      expect(paypalBillingAgreementCreateStub).to.be.calledOnce;
-      let billingPlanTitle = `Habitica Subscription ($${sub.price} every ${sub.months} months, recurring)`;
-      expect(paypalBillingAgreementCreateStub).to.be.calledWith({
-        name: billingPlanTitle,
-        description: billingPlanTitle,
-        start_date: moment().add({ minutes: 5 }).format(),
-        plan: {
-          id: sub.paypalKey,
-        },
-        payer: {
-          payment_method: 'Paypal',
-        },
-      });
-
-      cc.validate.restore();
-    });
-
-    it('creates a link for a subscription', async () => {
-      delete sub.discount;
-
-      let link = await paypalPayments.subscribe({sub, coupon});
-
-      expect(link).to.eql(approvalHerf);
-      expect(paypalBillingAgreementCreateStub).to.be.calledOnce;
-      let billingPlanTitle = `Habitica Subscription ($${sub.price} every ${sub.months} months, recurring)`;
-      expect(paypalBillingAgreementCreateStub).to.be.calledWith({
-        name: billingPlanTitle,
-        description: billingPlanTitle,
-        start_date: moment().add({ minutes: 5 }).format(),
-        plan: {
-          id: sub.paypalKey,
-        },
-        payer: {
-          payment_method: 'Paypal',
-        },
-      });
-    });
-  });
-
-  describe('subscribeSuccess', () => {
-    let user, group, block, groupId, token, headers, customerId;
-    let paypalBillingAgreementExecuteStub, paymentsCreateSubscritionStub;
-
-    beforeEach(async () => {
-      user = new User();
-
-      group = generateGroup({
-        name: 'test group',
-        type: 'guild',
-        privacy: 'public',
-        leader: user._id,
-      });
-
-      token = 'test-token';
-      headers = {};
-      block = common.content.subscriptionBlocks[subKey];
-      customerId = 'test-customerId';
-
-      paypalBillingAgreementExecuteStub = sinon.stub(paypalPayments, 'paypalBillingAgreementExecute')
-        .returnsPromise({}).resolves({
-          id: customerId,
-        });
-      paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').returnsPromise().resolves({});
-    });
-
-    afterEach(() => {
-      paypalPayments.paypalBillingAgreementExecute.restore();
-      payments.createSubscription.restore();
-    });
-
-    it('creates a user subscription', async () => {
-      await paypalPayments.subscribeSuccess({user, block, groupId, token, headers});
-
-      expect(paypalBillingAgreementExecuteStub).to.be.calledOnce;
-      expect(paypalBillingAgreementExecuteStub).to.be.calledWith(token, {});
-
-      expect(paymentsCreateSubscritionStub).to.be.calledOnce;
-      expect(paymentsCreateSubscritionStub).to.be.calledWith({
-        user,
-        groupId,
-        customerId,
-        paymentMethod: 'Paypal',
-        sub: block,
-        headers,
-      });
-    });
-
-    it('create a group subscription', async () => {
-      groupId = group._id;
-
-      await paypalPayments.subscribeSuccess({user, block, groupId, token, headers});
-
-      expect(paypalBillingAgreementExecuteStub).to.be.calledOnce;
-      expect(paypalBillingAgreementExecuteStub).to.be.calledWith(token, {});
-
-      expect(paymentsCreateSubscritionStub).to.be.calledOnce;
-      expect(paymentsCreateSubscritionStub).to.be.calledWith({
-        user,
-        groupId,
-        customerId,
-        paymentMethod: 'Paypal',
-        sub: block,
-        headers,
-      });
-    });
-  });
-
-  describe('subscribeCancel', () => {
-    let user, group, groupId, customerId, groupCustomerId, nextBillingDate;
-    let paymentCancelSubscriptionSpy, paypalBillingAgreementCancelStub, paypalBillingAgreementGetStub;
-
-    beforeEach(async () => {
-      customerId = 'customer-id';
-      groupCustomerId = 'groupCustomerId-test';
-
-      user = new User();
-      user.profile.name = 'sender';
-      user.purchased.plan.customerId = customerId;
-      user.purchased.plan.planId = subKey;
-      user.purchased.plan.lastBillingDate = new Date();
-
-      group = generateGroup({
-        name: 'test group',
-        type: 'guild',
-        privacy: 'public',
-        leader: user._id,
-      });
-      group.purchased.plan.customerId = groupCustomerId;
-      group.purchased.plan.planId = subKey;
-      group.purchased.plan.lastBillingDate = new Date();
-      await group.save();
-
-      nextBillingDate = new Date();
-
-      paypalBillingAgreementCancelStub = sinon.stub(paypalPayments, 'paypalBillingAgreementCancel').returnsPromise().resolves({});
-      paypalBillingAgreementGetStub = sinon.stub(paypalPayments, 'paypalBillingAgreementGet')
-        .returnsPromise().resolves({
-          agreement_details: {
-            next_billing_date: nextBillingDate,
-            cycles_completed: 1,
-          },
-        });
-      paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
-    });
-
-    afterEach(function () {
-      paypalPayments.paypalBillingAgreementGet.restore();
-      paypalPayments.paypalBillingAgreementCancel.restore();
-      payments.cancelSubscription.restore();
-    });
-
-    it('should throw an error if we are missing a subscription', async () => {
-      user.purchased.plan.customerId = undefined;
-
-      await expect(paypalPayments.subscribeCancel({user}))
-        .to.eventually.be.rejected.and.to.eql({
-          httpCode: 401,
-          name: 'NotAuthorized',
-          message: i18n.t('missingSubscription'),
-        });
-    });
-
-    it('should throw an error if group is not found', async () => {
-      await expect(paypalPayments.subscribeCancel({user, groupId: 'fake-id'}))
-        .to.eventually.be.rejected.and.to.eql({
-          httpCode: 404,
-          name: 'NotFound',
-          message: i18n.t('groupNotFound'),
-        });
-    });
-
-    it('should throw an error if user is not group leader', async () => {
-      let nonLeader = new User();
-      nonLeader.guilds.push(group._id);
-      await nonLeader.save();
-
-      await expect(paypalPayments.subscribeCancel({user: nonLeader, groupId: group._id}))
-        .to.eventually.be.rejected.and.to.eql({
-          httpCode: 401,
-          name: 'NotAuthorized',
-          message: i18n.t('onlyGroupLeaderCanManageSubscription'),
-        });
-    });
-
-    it('should cancel a user subscription', async () => {
-      await paypalPayments.subscribeCancel({user});
-
-      expect(paypalBillingAgreementGetStub).to.be.calledOnce;
-      expect(paypalBillingAgreementGetStub).to.be.calledWith(customerId);
-      expect(paypalBillingAgreementCancelStub).to.be.calledOnce;
-      expect(paypalBillingAgreementCancelStub).to.be.calledWith(customerId, { note: i18n.t('cancelingSubscription') });
-
-      expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
-      expect(paymentCancelSubscriptionSpy).to.be.calledWith({
-        user,
-        groupId,
-        paymentMethod: 'Paypal',
-        nextBill: nextBillingDate,
-        cancellationReason: undefined,
-      });
-    });
-
-    it('should cancel a group subscription', async () => {
-      await paypalPayments.subscribeCancel({user, groupId: group._id});
-
-      expect(paypalBillingAgreementGetStub).to.be.calledOnce;
-      expect(paypalBillingAgreementGetStub).to.be.calledWith(groupCustomerId);
-      expect(paypalBillingAgreementCancelStub).to.be.calledOnce;
-      expect(paypalBillingAgreementCancelStub).to.be.calledWith(groupCustomerId, { note: i18n.t('cancelingSubscription') });
-
-      expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
-      expect(paymentCancelSubscriptionSpy).to.be.calledWith({
-        user,
-        groupId: group._id,
-        paymentMethod: 'Paypal',
-        nextBill: nextBillingDate,
-        cancellationReason: undefined,
-      });
-    });
-  });
-
-  describe('ipn', () => {
-    let user, group, txn_type, userPaymentId, groupPaymentId;
-    let ipnVerifyAsyncStub, paymentCancelSubscriptionSpy;
-
-    beforeEach(async () => {
-      txn_type = 'recurring_payment_profile_cancel';
-      userPaymentId = 'userPaymentId-test';
-      groupPaymentId = 'groupPaymentId-test';
-
-      user = new User();
-      user.profile.name = 'sender';
-      user.purchased.plan.customerId = userPaymentId;
-      user.purchased.plan.planId = subKey;
-      user.purchased.plan.lastBillingDate = new Date();
-      await user.save();
-
-      group = generateGroup({
-        name: 'test group',
-        type: 'guild',
-        privacy: 'public',
-        leader: user._id,
-      });
-      group.purchased.plan.customerId = groupPaymentId;
-      group.purchased.plan.planId = subKey;
-      group.purchased.plan.lastBillingDate = new Date();
-      await group.save();
-
-      ipnVerifyAsyncStub = sinon.stub(paypalPayments, 'ipnVerifyAsync').returnsPromise().resolves({});
-      paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
-    });
-
-    afterEach(function () {
-      paypalPayments.ipnVerifyAsync.restore();
-      payments.cancelSubscription.restore();
-    });
-
-    it('should cancel a user subscription', async () => {
-      await paypalPayments.ipn({txn_type, recurring_payment_id: userPaymentId});
-
-      expect(ipnVerifyAsyncStub).to.be.calledOnce;
-      expect(ipnVerifyAsyncStub).to.be.calledWith({txn_type, recurring_payment_id: userPaymentId});
-
-      expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
-      expect(paymentCancelSubscriptionSpy.args[0][0].user._id).to.eql(user._id);
-      expect(paymentCancelSubscriptionSpy.args[0][0].paymentMethod).to.eql('Paypal');
-    });
-
-    it('should cancel a group subscription', async () => {
-      await paypalPayments.ipn({txn_type, recurring_payment_id: groupPaymentId});
-
-      expect(ipnVerifyAsyncStub).to.be.calledOnce;
-      expect(ipnVerifyAsyncStub).to.be.calledWith({txn_type, recurring_payment_id: groupPaymentId});
-
-      expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
-      expect(paymentCancelSubscriptionSpy).to.be.calledWith({ groupId: group._id, paymentMethod: 'Paypal' });
-    });
-  });
-});

test/api/v3/unit/libs/preening.test.js

@@ -8,7 +8,10 @@ describe('preenHistory', () => {
 
   beforeEach(() => {
     // Replace system clocks so we can get predictable results
-    clock = sinon.useFakeTimers(Number(moment('2013-10-20').zone(0).startOf('day').toDate()), 'Date');
+    clock = sinon.useFakeTimers({
+      now: Number(moment('2013-10-20').zone(0).startOf('day').toDate()),
+      toFake: ['Date'],
+    });
   });
   afterEach(() => {
     return clock.restore();

test/api/v3/unit/libs/pushNotifications.js

@@ -22,7 +22,7 @@ describe('pushNotifications', () => {
 
     sandbox.stub(nconf, 'get').returns('true-key');
 
-    sandbox.stub(gcmLib.Sender.prototype, 'send', fcmSendSpy);
+    sandbox.stub(gcmLib.Sender.prototype, 'send').callsFake(fcmSendSpy);
 
     sandbox.stub(pushNotify, 'apn').returns({
       on: () => null,

test/api/v3/unit/middlewares/ensureAccessRight.test.js

@@ -7,6 +7,7 @@ import {
 import i18n from '../../../../../website/common/script/i18n';
 import { ensureAdmin, ensureSudo } from '../../../../../website/server/middlewares/ensureAccessRight';
 import { NotAuthorized } from '../../../../../website/server/libs/errors';
+import apiMessages from '../../../../../website/server/libs/apiMessages';
 
 describe('ensure access middlewares', () => {
   let res, req, next;
@@ -23,7 +24,9 @@ describe('ensure access middlewares', () => {
 
       ensureAdmin(req, res, next);
 
-      expect(next).to.be.calledWith(new NotAuthorized(i18n.t('noAdminAccess')));
+      const calledWith = next.getCall(0).args;
+      expect(calledWith[0].message).to.equal(i18n.t('noAdminAccess'));
+      expect(calledWith[0] instanceof NotAuthorized).to.equal(true);
     });
 
     it('passes when user is an admin', () => {
@@ -42,7 +45,9 @@ describe('ensure access middlewares', () => {
 
       ensureSudo(req, res, next);
 
-      expect(next).to.be.calledWith(new NotAuthorized(i18n.t('noSudoAccess')));
+      const calledWith = next.getCall(0).args;
+      expect(calledWith[0].message).to.equal(apiMessages('noSudoAccess'));
+      expect(calledWith[0] instanceof NotAuthorized).to.equal(true);
     });
 
     it('passes when user is a sudo user', () => {

test/api/v3/unit/middlewares/ensureDevelpmentMode.js

@@ -22,7 +22,8 @@ describe('developmentMode middleware', () => {
 
     ensureDevelpmentMode(req, res, next);
 
-    expect(next).to.be.calledWith(new NotFound());
+    const calledWith = next.getCall(0).args;
+    expect(calledWith[0] instanceof NotFound).to.equal(true);
   });
 
   it('passes when not in production', () => {