4.80.7

allow skipping SSL check with secret key (#10962 )
4.80.6
2025-10-27 03:02:30 +01:00 · 2019-01-23 17:12:13 +01:00 · 2019-01-23 17:10:11 +01:00 · 2019-01-18 15:13:34 -06:00 · 2019-01-18 15:13:25 -06:00 · 2019-01-18 12:10:15 +01:00
1659 changed files with 79637 additions and 59120 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -39,6 +39,7 @@ dist-client
 test/client/unit/coverage
 test/client/e2e/reports
 test/client-old/spec/mocks/translations.js
+yarn.lock

 # Elastic Beanstalk Files
 .elasticbeanstalk/*
--- a/.nvmrc
+++ b/.nvmrc
@@ -1 +1 @@
-8
+10
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,6 +1,6 @@
 language: node_js
 node_js:
-  - '8'
+  - '10'
 services:
  - mongodb
 cache:
--- a/3
+++ b/3
@@ -1,4 +1,4 @@
-FROM node:8
+FROM node:10

 ENV ADMIN_EMAIL admin@habitica.com
 ENV AMAZON_PAYMENTS_CLIENT_ID amzn1.application-oa2-client.68ed9e6904ef438fbc1bf86bf494056e
@@ -8,6 +8,7 @@ ENV BASE_URL https://habitica.com
 ENV FACEBOOK_KEY 128307497299777
 ENV GA_ID UA-33510635-1
 ENV GOOGLE_CLIENT_ID 1035232791481-32vtplgnjnd1aufv3mcu1lthf31795fq.apps.googleusercontent.com
+ENV LOGGLY_CLIENT_TOKEN ab5663bf-241f-4d14-8783-7d80db77089a
 ENV NODE_ENV production
 ENV STRIPE_PUB_KEY pk_85fQ0yMECHNfHTSsZoxZXlPSwSNfA

--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-FROM node:8
+FROM node:10

 # Install global packages
 RUN npm install -g gulp-cli mocha
--- a/config.json.example
+++ b/config.json.example
@@ -1,120 +1,82 @@
 {
-    "PORT":3000,
-    "ENABLE_CONSOLE_LOGS_IN_PROD":"false",
-    "IP":"0.0.0.0",
-    "WEB_CONCURRENCY":1,
-    "BASE_URL":"http://localhost:3000",
-    "FACEBOOK_KEY":"123456789012345",
-    "FACEBOOK_SECRET":"aaaabbbbccccddddeeeeffff00001111",
-    "GOOGLE_CLIENT_ID":"123456789012345",
-    "GOOGLE_CLIENT_SECRET":"aaaabbbbccccddddeeeeffff00001111",
-    "PLAY_API": {
-      "CLIENT_ID": "aaaabbbbccccddddeeeeffff00001111",
-      "CLIENT_SECRET": "aaaabbbbccccddddeeeeffff00001111",
-      "ACCESS_TOKEN":"aaaabbbbccccddddeeeeffff00001111",
-      "REFRESH_TOKEN":"aaaabbbbccccddddeeeeffff00001111"
-    },
-    "NODE_DB_URI":"mongodb://localhost/habitrpg",
-    "TEST_DB_URI":"mongodb://localhost/habitrpg_test",
-    "NODE_ENV":"development",
-    "ENABLE_CONSOLE_LOGS_IN_TEST": false,
-    "CRON_SAFE_MODE":"false",
-    "CRON_SEMI_SAFE_MODE":"false",
-    "MAINTENANCE_MODE": "false",
-    "SESSION_SECRET":"YOUR SECRET HERE",
-    "SESSION_SECRET_KEY": "1234567891234567891234567891234567891234567891234567891234567891",
-    "SESSION_SECRET_IV": "12345678912345678912345678912345",
-    "ADMIN_EMAIL": "you@example.com",
-    "SMTP_USER":"user@example.com",
-    "SMTP_PASS":"password",
-    "SMTP_SERVICE":"Gmail",
-    "SMTP_HOST":"example.com",
-    "SMTP_PORT": 587,
-    "SMTP_TLS": true,
-    "STRIPE_API_KEY":"aaaabbbbccccddddeeeeffff00001111",
-    "STRIPE_PUB_KEY":"22223333444455556666777788889999",
-    "NEW_RELIC_LICENSE_KEY":"NEW_RELIC_LICENSE_KEY",
-    "NEW_RELIC_NO_CONFIG_FILE":"true",
-    "NEW_RELIC_APPLICATION_ID":"NEW_RELIC_APPLICATION_ID",
-    "NEW_RELIC_API_KEY":"NEW_RELIC_API_KEY",
-    "GA_ID": "GA_ID",
-    "AMPLITUDE_KEY": "AMPLITUDE_KEY",
-    "AMAZON_PAYMENTS": {
-        "SELLER_ID": "SELLER_ID",
-        "CLIENT_ID": "CLIENT_ID",
-        "MWS_KEY": "",
-        "MWS_SECRET": ""
-    },
-    "FLAG_REPORT_EMAIL": "email@mod.com,email2@mod.com",
-    "EMAIL_SERVER": {
-        "url": "http://example.com",
-        "authUser": "user",
-        "authPassword": "password"
-    },
-    "S3":{
-        "bucket":"bucket",
-        "accessKeyId":"accessKeyId",
-        "secretAccessKey":"secretAccessKey"
-    },
-    "SLACK_URL": "https://hooks.slack.com/services/some-url",
-    "TRANSIFEX_SLACK_CHANNEL": "transifex",
-    "PAYPAL":{
-        "billing_plans": {
-            "basic_earned":"basic_earned",
-            "basic_3mo":"basic_3mo",
-            "basic_6mo":"basic_6mo",
-            "google_6mo":"google_6mo",
-            "basic_12mo":"basic_12mo"
-        },
-        "mode":"sandbox",
-        "client_id":"client_id",
-        "client_secret":"client_secret",
-        "experience_profile_id": ""
-    },
-    "IAP_GOOGLE_KEYDIR": "/path/to/google/public/key/dir/",
-    "LOGGLY_TOKEN": "token",
-    "LOGGLY_CLIENT_TOKEN": "token",
-    "LOGGLY_ACCOUNT": "account",
-    "PUSH_CONFIGS": {
-        "GCM_SERVER_API_KEY": "",
-        "APN_ENABLED": "false",
-        "APN_KEY_ID": "xxxxxxxxxx",
-        "APN_KEY": "xxxxxxxxxx",
-        "APN_TEAM_ID": "aaabbbcccd",
-        "FCM_SERVER_API_KEY": ""
-    },
-    "SITE_HTTP_AUTH": {
-        "ENABLED": "false",
-        "USERNAME": "admin",
-        "PASSWORD": "password"
-    },
-    "PUSHER": {
-        "ENABLED": "false",
-        "APP_ID": "appId",
-        "KEY": "key",
-        "SECRET": "secret"
-    },
-    "SLACK": {
-        "FLAGGING_URL": "https://hooks.slack.com/services/id/id/id",
-        "FLAGGING_FOOTER_LINK": "https://habitrpg.github.io/flag-o-rama/",
-        "SUBSCRIPTIONS_URL": "https://hooks.slack.com/services/id/id/id"
-    },
-    "ITUNES_SHARED_SECRET": "aaaabbbbccccddddeeeeffff00001111",
-    "EMAILS" : {
-        "COMMUNITY_MANAGER_EMAIL" : "admin@habitica.com",
-        "TECH_ASSISTANCE_EMAIL" : "admin@habitica.com",
-        "PRESS_ENQUIRY_EMAIL" : "admin@habitica.com"
-    },
-    "LOGGLY" : {
-        "TOKEN" : "example-token",
-        "SUBDOMAIN" : "exmaple-subdomain"
-    },
-    "KAFKA": {
-      "GROUP_ID": "",
-      "CLOUDKARAFKA_BROKERS": "",
-      "CLOUDKARAFKA_USERNAME": "",
-      "CLOUDKARAFKA_PASSWORD": "",
-      "CLOUDKARAFKA_TOPIC_PREFIX": ""
-    },
-    "MIGRATION_CONNECT_STRING": "mongodb://localhost:27017/habitrpg?auto_reconnect=true"
+  "ADMIN_EMAIL": "you@example.com",
+  "AMAZON_PAYMENTS_CLIENT_ID": "CLIENT_ID",
+  "AMAZON_PAYMENTS_MODE": "sandbox",
+  "AMAZON_PAYMENTS_MWS_KEY": "MWS_KEY",
+  "AMAZON_PAYMENTS_MWS_SECRET": "MWS_SECRET",
+  "AMAZON_PAYMENTS_SELLER_ID": "SELLER_ID",
+  "AMPLITUDE_KEY": "AMPLITUDE_KEY",
+  "AMPLITUDE_SECRET": "AMPLITUDE_SECRET",
+  "BASE_URL": "http://localhost:3000",
+  "CRON_SAFE_MODE": "false",
+  "CRON_SEMI_SAFE_MODE": "false",
+  "DISABLE_REQUEST_LOGGING": "true",
+  "EMAILS_COMMUNITY_MANAGER_EMAIL": "admin@habitica.com",
+  "EMAILS_PRESS_ENQUIRY_EMAIL": "admin@habitica.com",
+  "EMAILS_TECH_ASSISTANCE_EMAIL": "admin@habitica.com",
+  "EMAIL_SERVER_AUTH_PASSWORD": "password",
+  "EMAIL_SERVER_AUTH_USER": "user",
+  "EMAIL_SERVER_URL": "http://example.com",
+  "ENABLE_CONSOLE_LOGS_IN_PROD": "false",
+  "ENABLE_CONSOLE_LOGS_IN_TEST": "false",
+  "FACEBOOK_KEY": "123456789012345",
+  "FACEBOOK_SECRET": "aaaabbbbccccddddeeeeffff00001111",
+  "FLAG_REPORT_EMAIL": "email@example.com, email2@example.com",
+  "GA_ID": "GA_ID",
+  "GOOGLE_CLIENT_ID": "123456789012345",
+  "GOOGLE_CLIENT_SECRET": "aaaabbbbccccddddeeeeffff00001111",
+  "IAP_GOOGLE_KEYDIR": "/path/to/google/public/key/dir/",
+  "IGNORE_REDIRECT": "true",
+  "ITUNES_SHARED_SECRET": "aaaabbbbccccddddeeeeffff00001111",
+  "LOGGLY_CLIENT_TOKEN": "token",
+  "LOGGLY_SUBDOMAIN": "example-subdomain",
+  "LOGGLY_TOKEN": "example-token",
+  "MAINTENANCE_MODE": "false",
+  "NODE_DB_URI": "mongodb://localhost/habitrpg",
+  "NODE_ENV": "development",
+  "PATH": "bin:node_modules/.bin:/usr/local/bin:/usr/bin:/bin",
+  "PAYPAL_BILLING_PLANS_basic_12mo": "basic_12mo",
+  "PAYPAL_BILLING_PLANS_basic_3mo": "basic_3mo",
+  "PAYPAL_BILLING_PLANS_basic_6mo": "basic_6mo",
+  "PAYPAL_BILLING_PLANS_basic_earned": "basic_earned",
+  "PAYPAL_BILLING_PLANS_google_6mo": "google_6mo",
+  "PAYPAL_CLIENT_ID": "client_id",
+  "PAYPAL_CLIENT_SECRET": "client_secret",
+  "PAYPAL_EXPERIENCE_PROFILE_ID": "xp_profile_id",
+  "PAYPAL_MODE": "sandbox",
+  "PLAY_API_ACCESS_TOKEN": "aaaabbbbccccddddeeeeffff00001111",
+  "PLAY_API_CLIENT_ID": "aaaabbbbccccddddeeeeffff00001111",
+  "PLAY_API_CLIENT_SECRET": "aaaabbbbccccddddeeeeffff00001111",
+  "PLAY_API_REFRESH_TOKEN": "aaaabbbbccccddddeeeeffff00001111",
+  "PORT": 3000,
+  "PUSH_CONFIGS_APN_ENABLED": "false",
+  "PUSH_CONFIGS_APN_KEY": "xxxxxxxxxx",
+  "PUSH_CONFIGS_APN_KEY_ID": "xxxxxxxxxx",
+  "PUSH_CONFIGS_APN_TEAM_ID": "aaabbbcccd",
+  "PUSH_CONFIGS_FCM_SERVER_API_KEY": "aaabbbcccd",
+  "S3_ACCESS_KEY_ID": "accessKeyId",
+  "S3_BUCKET": "bucket",
+  "S3_SECRET_ACCESS_KEY": "secretAccessKey",
+  "SESSION_SECRET": "YOUR SECRET HERE",
+  "SESSION_SECRET_IV": "12345678912345678912345678912345",
+  "SESSION_SECRET_KEY": "1234567891234567891234567891234567891234567891234567891234567891",
+  "SITE_HTTP_AUTH_ENABLED": "false",
+  "SITE_HTTP_AUTH_PASSWORD": "password",
+  "SITE_HTTP_AUTH_USERNAME": "admin",
+  "SLACK_FLAGGING_FOOTER_LINK": "https://habitrpg.github.io/flag-o-rama/",
+  "SLACK_FLAGGING_URL": "https://hooks.slack.com/services/id/id/id",
+  "SLACK_SUBSCRIPTIONS_URL": "https://hooks.slack.com/services/id/id/id",
+  "SLACK_URL": "https://hooks.slack.com/services/some-url",
+  "SMTP_HOST": "example.com",
+  "SMTP_PASS": "password",
+  "SMTP_PORT": 587,
+  "SMTP_SERVICE": "Gmail",
+  "SMTP_TLS": "true",
+  "SMTP_USER": "user@example.com",
+  "STRIPE_API_KEY": "aaaabbbbccccddddeeeeffff00001111",
+  "STRIPE_PUB_KEY": "22223333444455556666777788889999",
+  "TEST_DB_URI": "mongodb://localhost/habitrpg_test",
+  "TRANSIFEX_SLACK_CHANNEL": "transifex",
+  "WEB_CONCURRENCY": 1,
+  "SKIP_SSL_CHECK_KEY": "key"
 }
--- a/database_reports/20181001_backtoschool_challenge.js
+++ b/database_reports/20181001_backtoschool_challenge.js
@@ -0,0 +1,48 @@
+import monk from 'monk';
+import nconf from 'nconf';
+
+/*
+ * Output data on users who completed all the To-Do tasks in the 2018 Back-to-School Challenge.
+ * User ID,Profile Name
+ */
+const CONNECTION_STRING = nconf.get('MIGRATION_CONNECT_STRING');
+const CHALLENGE_ID = '0acb1d56-1660-41a4-af80-9259f080b62b';
+
+let dbUsers = monk(CONNECTION_STRING).get('users', { castIds: false });
+let dbTasks = monk(CONNECTION_STRING).get('tasks', { castIds: false });
+
+function usersReport() {
+  console.info('User ID,Profile Name');
+  let userCount = 0;
+
+  dbUsers.find(
+    {challenges: CHALLENGE_ID},
+    {fields:
+      {_id: 1, 'profile.name': 1}
+    },
+  ).each((user, {close, pause, resume}) => {
+    pause();
+    userCount++;
+    let completedTodos = 0;
+    return dbTasks.find(
+      {
+        userId: user._id,
+        'challenge.id': CHALLENGE_ID,
+        type: 'todo',
+      },
+      {fields: {completed: 1}}
+    ).each((task) => {
+      if (task.completed) completedTodos++;
+    }).then(() => {
+      if (completedTodos >= 7) {
+        console.info(`${user._id},${user.profile.name}`);
+      }
+      resume();
+    });
+  }).then(() => {
+    console.info(`${userCount} users reviewed`);
+    return process.exit(0);
+  });
+}
+
+module.exports = usersReport;
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@@ -2,9 +2,13 @@ version: "3"
 services:

  client:
+    environment:
+      - NODE_ENV=development
    volumes:
      - '.:/usr/src/habitrpg'

  server:
+    environment:
+      - NODE_ENV=development
    volumes:
      - '.:/usr/src/habitrpg'
--- a/gulp/gulp-tests.js
+++ b/gulp/gulp-tests.js
@@ -167,7 +167,7 @@ gulp.task('test:content:safe', gulp.series('test:prepare:build', (cb) => {

 gulp.task('test:api:unit', (done) => {
  let runner = exec(
-    testBin('node_modules/.bin/istanbul cover --dir coverage/api-unit node_modules/mocha/bin/_mocha -- test/api/unit --recursive --require ./test/helpers/start-server'),
+    testBin('istanbul cover --dir coverage/api-unit node_modules/mocha/bin/_mocha -- test/api/unit --recursive --require ./test/helpers/start-server'),
    (err) => {
      if (err) {
        process.exit(1);
@@ -180,12 +180,12 @@ gulp.task('test:api:unit', (done) => {
 });

 gulp.task('test:api:unit:watch', () => {
-  return gulp.watch(['website/server/libs/*', 'test/api/v3/unit/**/*', 'website/server/controllers/**/*'], gulp.series('test:api:unit', done => done()));
+  return gulp.watch(['website/server/libs/*', 'test/api/unit/**/*', 'website/server/controllers/**/*'], gulp.series('test:api:unit', done => done()));
 });

 gulp.task('test:api-v3:integration', (done) => {
  let runner = exec(
-    testBin('node_modules/.bin/istanbul cover --dir coverage/api-v3-integration --report lcovonly node_modules/mocha/bin/_mocha -- test/api/v3/integration --recursive --require ./test/helpers/start-server'),
+    testBin('istanbul cover --dir coverage/api-v3-integration --report lcovonly node_modules/mocha/bin/_mocha -- test/api/v3/integration --recursive --require ./test/helpers/start-server'),
    {maxBuffer: 500 * 1024},
    (err) => {
      if (err) {
@@ -217,7 +217,7 @@ gulp.task('test:api-v3:integration:separate-server', (done) => {

 gulp.task('test:api-v4:integration', (done) => {
  let runner = exec(
-    testBin('node_modules/.bin/istanbul cover --dir coverage/api-v4-integration --report lcovonly node_modules/mocha/bin/_mocha -- test/api/v4 --recursive --require ./test/helpers/start-server'),
+    testBin('istanbul cover --dir coverage/api-v4-integration --report lcovonly node_modules/mocha/bin/_mocha -- test/api/v4 --recursive --require ./test/helpers/start-server'),
    {maxBuffer: 500 * 1024},
    (err) => {
      if (err) {
@@ -254,4 +254,4 @@ gulp.task('test:api-v3', gulp.series(
  'test:api:unit',
  'test:api-v3:integration',
  done => done()
-));
+));
--- a/migrations/archive/2018/20180724_summer_splash_orcas.js
+++ b/migrations/archive/2018/20180724_summer_splash_orcas.js
@@ -0,0 +1,99 @@
+let migrationName = '20180724_summer-splash-orcas.js'; // Update per month
+let authorName = 'Sabe'; // in case script author needs to know when their ...
+let authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; // ... own data is done
+
+/*
+ * Award ladder items to participants in this year's Summer Splash festivities
+ */
+
+import monk from 'monk';
+import nconf from 'nconf';
+const CONNECTION_STRING = nconf.get('MIGRATION_CONNECT_STRING');
+let dbUsers = monk(CONNECTION_STRING).get('users', { castIds: false });
+
+function processUsers (lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  let query = {
+    migration: {$ne: migrationName},
+    'auth.timestamps.loggedin': {$gt: new Date('2018-07-01')}, // rerun without date restriction after initial run
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId,
+    };
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [
+      'items.mounts',
+    ], // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+    .then(updateUsers)
+    .catch((err) => {
+      console.log(err);
+      return exiting(1, `ERROR! ${  err}`);
+    });
+}
+
+let progressCount = 1000;
+let count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  let userPromises = users.map(updateUser);
+  let lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+    .then(() => {
+      processUsers(lastUser._id);
+    });
+}
+
+function updateUser (user) {
+  count++;
+
+  let set = {};
+
+  if (user && user.items && user.items.pets && typeof user.items.pets['Orca-Base'] !== 'undefined') {
+    set = {migration: migrationName};
+  } else if (user && user.items && user.items.mounts && typeof user.items.mounts['Orca-Base'] !== 'undefined') {
+    set = {migration: migrationName, 'items.pets.Orca-Base': 5};
+  } else {
+    set = {migration: migrationName, 'items.mounts.Orca-Base': true};
+  }
+
+  dbUsers.update({_id: user._id}, {$set: set});
+
+  if (count % progressCount === 0) console.warn(`${count  } ${  user._id}`);
+  if (user._id === authorUuid) console.warn(`${authorName  } processed`);
+}
+
+function displayData () {
+  console.warn(`\n${  count  } users processed\n`);
+  return exiting(0);
+}
+
+function exiting (code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) {
+    msg = 'ERROR!';
+  }
+  if (msg) {
+    if (code) {
+      console.error(msg);
+    } else      {
+      console.log(msg);
+    }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;
--- a/migrations/archive/2018/20180731_naming_day.js
+++ b/migrations/archive/2018/20180731_naming_day.js
@@ -0,0 +1,123 @@
+let migrationName = '20180731_naming-day.js'; // Update when running in future years
+let authorName = 'Sabe'; // in case script author needs to know when their ...
+let authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; // ... own data is done
+
+/*
+ * Award Naming Day ladder items to participants in this month's Naming Day festivities
+ */
+
+import monk from 'monk';
+import nconf from 'nconf';
+const CONNECTION_STRING = nconf.get('MIGRATION_CONNECT_STRING'); // FOR TEST DATABASE
+let dbUsers = monk(CONNECTION_STRING).get('users', { castIds: false });
+
+function processUsers (lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  let query = {
+    migration: {$ne: migrationName},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId,
+    };
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [
+      'items.gear.owned',
+      'items.mounts',
+      'items.pets',
+    ], // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+    .then(updateUsers)
+    .catch((err) => {
+      console.log(err);
+      return exiting(1, `ERROR! ${  err}`);
+    });
+}
+
+let progressCount = 1000;
+let count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  let userPromises = users.map(updateUser);
+  let lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+    .then(() => {
+      processUsers(lastUser._id);
+    });
+}
+
+function updateUser (user) {
+  count++;
+
+  let set = {};
+  let push;
+
+  const inc = {
+    'items.food.Cake_Base': 1,
+    'items.food.Cake_CottonCandyBlue': 1,
+    'items.food.Cake_CottonCandyPink': 1,
+    'items.food.Cake_Desert': 1,
+    'items.food.Cake_Golden': 1,
+    'items.food.Cake_Red': 1,
+    'items.food.Cake_Shade': 1,
+    'items.food.Cake_Skeleton': 1,
+    'items.food.Cake_White': 1,
+    'items.food.Cake_Zombie': 1,
+    'achievements.habiticaDays': 1,
+  };
+
+  if (user && user.items && user.items.gear && user.items.gear.owned && typeof user.items.gear.owned.head_special_namingDay2017 !== 'undefined') {
+    set = {migration: migrationName, 'items.gear.owned.body_special_namingDay2018': false};
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.body_special_namingDay2018', _id: monk.id()}};
+  } else if (user && user.items && user.items.pets && typeof user.items.pets['Gryphon-RoyalPurple'] !== 'undefined') {
+    set = {migration: migrationName, 'items.gear.owned.head_special_namingDay2017': false};
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.head_special_namingDay2017', _id: monk.id()}};
+  } else if (user && user.items && user.items.mounts && typeof user.items.mounts['Gryphon-RoyalPurple'] !== 'undefined') {
+    set = {migration: migrationName, 'items.pets.Gryphon-RoyalPurple': 5};
+  } else {
+    set = {migration: migrationName, 'items.mounts.Gryphon-RoyalPurple': true};
+  }
+
+  if (push) {
+    dbUsers.update({_id: user._id}, {$set: set, $push: push, $inc: inc});
+  } else {
+    dbUsers.update({_id: user._id}, {$set: set, $inc: inc});
+  }
+
+  if (count % progressCount === 0) console.warn(`${count  } ${  user._id}`);
+  if (user._id === authorUuid) console.warn(`${authorName  } processed`);
+}
+
+function displayData () {
+  console.warn(`\n${  count  } users processed\n`);
+  return exiting(0);
+}
+
+function exiting (code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) {
+    msg = 'ERROR!';
+  }
+  if (msg) {
+    if (code) {
+      console.error(msg);
+    } else      {
+      console.log(msg);
+    }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;
--- a/migrations/archive/2018/20180811_inboxOutsideUser.js
+++ b/migrations/archive/2018/20180811_inboxOutsideUser.js
@@ -0,0 +1,147 @@
+const migrationName = '20180811_inboxOutsideUser.js';
+const authorName = 'paglias'; // in case script author needs to know when their ...
+const authorUuid = 'ed4c688c-6652-4a92-9d03-a5a79844174a'; // ... own data is done
+
+/*
+ * Move inbox messages from the user model to their own collection
+ */
+
+const monk = require('monk');
+const nconf = require('nconf');
+const uuid = require('uuid').v4;
+
+const Inbox = require('../website/server/models/message').inboxModel;
+const connectionString = nconf.get('MIGRATION_CONNECT_STRING'); // FOR TEST DATABASE
+const dbInboxes = monk(connectionString).get('inboxes', { castIds: false });
+const dbUsers = monk(connectionString).get('users', { castIds: false });
+
+function processUsers (lastId) {
+  let query = {
+    migration: {$ne: migrationName},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId,
+    };
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 1000,
+    fields: ['_id', 'inbox'],
+  })
+    .then(updateUsers)
+    .catch((err) => {
+      console.log(err);
+      return exiting(1, `ERROR! ${  err}`);
+    });
+}
+
+let progressCount = 1000;
+let count = 0;
+let msgCount = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users and their tasks found and modified.');
+    displayData();
+    return;
+  }
+
+  let usersPromises = users.map(updateUser);
+  let lastUser = users[users.length - 1];
+
+  return Promise.all(usersPromises)
+    .then(() => {
+      return processUsers(lastUser._id);
+    });
+}
+
+function updateUser (user) {
+  count++;
+
+  if (count % progressCount === 0) console.warn(`${count  } ${  user._id}`);
+  if (msgCount % progressCount === 0) console.warn(`${msgCount  } messages processed`);
+  if (user._id === authorUuid) console.warn(`${authorName  } being processed`);
+
+  const oldInboxMessages = user.inbox.messages || {};
+  const oldInboxMessagesIds = Object.keys(oldInboxMessages);
+
+  msgCount += oldInboxMessagesIds.length;
+
+  const newInboxMessages = oldInboxMessagesIds.map(msgId => {
+    const msg = oldInboxMessages[msgId];
+    if (!msg || (!msg.id && !msg._id)) { // eslint-disable-line no-extra-parens
+      console.log('missing message or message _id and id', msg);
+      throw new Error('error!');
+    }
+
+    if (msg.id && !msg._id) msg._id = msg.id;
+    if (msg._id && !msg.id) msg.id = msg._id;
+
+    const newMsg = new Inbox(msg);
+    newMsg.ownerId = user._id;
+    return newMsg.toJSON();
+  });
+
+  const promises = newInboxMessages.map(newMsg => {
+    return (async function fn () {
+      const existing = await dbInboxes.find({_id: newMsg._id});
+
+      if (existing.length > 0) {
+        if (
+          existing[0].ownerId === newMsg.ownerId &&
+          existing[0].text === newMsg.text &&
+          existing[0].uuid === newMsg.uuid &&
+          existing[0].sent === newMsg.sent
+        ) {
+          return null;
+        }
+
+        newMsg.id = newMsg._id = uuid();
+      }
+
+      return newMsg;
+    })();
+  });
+
+  return Promise.all(promises)
+    .then((filteredNewMsg) => {
+      filteredNewMsg = filteredNewMsg.filter(m => Boolean(m && m.id && m._id && m.id == m._id));
+      return dbInboxes.insert(filteredNewMsg);
+    }).then(() => {
+      return dbUsers.update({_id: user._id}, {
+        $set: {
+          migration: migrationName,
+          'inbox.messages': {},
+        },
+      });
+    }).catch((err) => {
+      console.log(err);
+      return exiting(1, `ERROR! ${  err}`);
+    });
+}
+
+function displayData () {
+  console.warn(`\n${  count  } users processed\n`);
+  console.warn(`\n${  msgCount  } messages processed\n`);
+  return exiting(0);
+}
+
+function exiting (code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) {
+    msg = 'ERROR!';
+  }
+  if (msg) {
+    if (code) {
+      console.error(msg);
+    } else      {
+      console.log(msg);
+    }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;
--- a/migrations/archive/2018/20181001_generate_usernames.js
+++ b/migrations/archive/2018/20181001_generate_usernames.js
@@ -0,0 +1,99 @@
+let authorName = 'Sabe'; // in case script author needs to know when their ...
+let authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; // ... own data is done
+
+/*
+ * Generate usernames for users who lack them
+ */
+
+import monk from 'monk';
+import nconf from 'nconf';
+import { generateUsername } from '../../website/server/libs/auth/utils';
+const CONNECTION_STRING = nconf.get('MIGRATION_CONNECT_STRING'); // FOR TEST DATABASE
+let dbUsers = monk(CONNECTION_STRING).get('users', { castIds: false });
+
+function processUsers (lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  let query = {
+    'auth.local.username': {$exists: false},
+    'auth.timestamps.loggedin': {$gt: new Date('2018-04-01')}, // Initial coverage for users active within last 6 months
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId,
+    };
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [
+      'auth',
+    ], // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+    .then(updateUsers)
+    .catch((err) => {
+      console.log(err);
+      return exiting(1, `ERROR! ${  err}`);
+    });
+}
+
+let progressCount = 1000;
+let count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  let userPromises = users.map(updateUser);
+  let lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+    .then(() => {
+      processUsers(lastUser._id);
+    });
+}
+
+function updateUser (user) {
+  count++;
+
+  if (!user.auth.local.username) {
+    const newName = generateUsername();
+    dbUsers.update(
+      {_id: user._id},
+      {$set:
+        {
+          'auth.local.username': newName,
+          'auth.local.lowerCaseUsername': newName,
+        },
+      }
+    );
+  }
+  if (count % progressCount === 0) console.warn(`${count  } ${  user._id}`);
+  if (user._id === authorUuid) console.warn(`${authorName  } processed`);
+}
+
+function displayData () {
+  console.warn(`\n${  count  } users processed\n`);
+  return exiting(0);
+}
+
+function exiting (code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) {
+    msg = 'ERROR!';
+  }
+  if (msg) {
+    if (code) {
+      console.error(msg);
+    } else      {
+      console.log(msg);
+    }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;
--- a/migrations/archive/2018/20181002_username_email.js
+++ b/migrations/archive/2018/20181002_username_email.js
@@ -0,0 +1,107 @@
+const MIGRATION_NAME = '20181003_username_email.js';
+let authorName = 'Sabe'; // in case script author needs to know when their ...
+let authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; // ... own data is done
+
+/*
+ * Send emails to eligible users announcing upcoming username changes
+ */
+
+import monk from 'monk';
+import nconf from 'nconf';
+import { sendTxn } from '../../website/server/libs/email';
+const CONNECTION_STRING = nconf.get('MIGRATION_CONNECT_STRING');
+let dbUsers = monk(CONNECTION_STRING).get('users', { castIds: false });
+
+function processUsers (lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  let query = {
+    migration: {$ne: MIGRATION_NAME},
+    'auth.timestamps.loggedin': {$gt: new Date('2018-04-01')},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId,
+    };
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 100,
+    fields: [
+      '_id',
+      'auth',
+      'preferences',
+      'profile',
+    ], // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+    .then(updateUsers)
+    .catch((err) => {
+      console.log(err);
+      return exiting(1, `ERROR! ${  err}`);
+    });
+}
+
+let progressCount = 1000;
+let count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  let userPromises = users.map(updateUser);
+  let lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+    .then(() => delay(7000))
+    .then(() => {
+      processUsers(lastUser._id);
+    });
+}
+
+function updateUser (user) {
+  count++;
+
+  dbUsers.update({_id: user._id}, {$set: {migration: MIGRATION_NAME}});
+
+  sendTxn(
+    user,
+    'username-change',
+    [{name: 'UNSUB_EMAIL_TYPE_URL', content: '/user/settings/notifications?unsubFrom=importantAnnouncements'},
+     {name: 'LOGIN_NAME', content: user.auth.local.username}]
+  );
+
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
+  if (user._id === authorUuid) console.warn(`${authorName} processed`);
+}
+
+function displayData () {
+  console.warn(`\n${count} users processed\n`);
+  return exiting(0);
+}
+
+function delay (t, v) {
+  return new Promise(function batchPause (resolve) {
+    setTimeout(resolve.bind(null, v), t);
+  });
+}
+
+function exiting (code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) {
+    msg = 'ERROR!';
+  }
+  if (msg) {
+    if (code) {
+      console.error(msg);
+    } else      {
+      console.log(msg);
+    }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;
--- a/migrations/archive/2018/20181023_veteran_pet_ladder.js
+++ b/migrations/archive/2018/20181023_veteran_pet_ladder.js
@@ -0,0 +1,66 @@
+/* eslint-disable no-console */
+const MIGRATION_NAME = '20181023_veteran_pet_ladder';
+import { model as User } from '../../website/server/models/user';
+
+const progressCount = 1000;
+let count = 0;
+
+async function updateUser (user) {
+  count++;
+
+  const set = {};
+
+  set.migration = MIGRATION_NAME;
+
+  if (user.items.pets['Bear-Veteran']) {
+    set['items.pets.Fox-Veteran'] = 5;
+  } else if (user.items.pets['Lion-Veteran']) {
+    set['items.pets.Bear-Veteran'] = 5;
+  } else if (user.items.pets['Tiger-Veteran']) {
+    set['items.pets.Lion-Veteran'] = 5;
+  } else if (user.items.pets['Wolf-Veteran']) {
+    set['items.pets.Tiger-Veteran'] = 5;
+  } else {
+    set['items.pets.Wolf-Veteran'] = 5;
+  }
+
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
+
+  return await User.update({_id: user._id}, {$set: set}).exec();
+}
+
+module.exports = async function processUsers () {
+  let query = {
+    migration: {$ne: MIGRATION_NAME},
+    'flags.verifiedUsername': true,
+  };
+
+  const fields = {
+    _id: 1,
+    items: 1,
+    migration: 1,
+    flags: 1,
+  };
+
+  while (true) { // eslint-disable-line no-constant-condition
+    const users = await User // eslint-disable-line no-await-in-loop
+      .find(query)
+      .limit(250)
+      .sort({_id: 1})
+      .select(fields)
+      .lean()
+      .exec();
+
+    if (users.length === 0) {
+      console.warn('All appropriate users found and modified.');
+      console.warn(`\n${count} users processed\n`);
+      break;
+    } else {
+      query._id = {
+        $gt: users[users.length - 1],
+      };
+    }
+
+    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
+  }
+};
--- a/migrations/archive/2018/20181030_habitoween_ladder.js
+++ b/migrations/archive/2018/20181030_habitoween_ladder.js
@@ -0,0 +1,116 @@
+/*
+ * Award Habitoween ladder items to participants in this month's Habitoween festivities
+ */
+
+import monk from 'monk';
+import nconf from 'nconf';
+const MIGRATION_NAME = '20181030_habitoween_ladder.js'; // Update when running in future years
+const CONNECTION_STRING = nconf.get('MIGRATION_CONNECT_STRING');
+const AUTHOR_NAME = 'Sabe'; // in case script author needs to know when their ...
+const AUTHOR_UUID = '7f14ed62-5408-4e1b-be83-ada62d504931'; // ... own data is done
+
+let dbUsers = monk(CONNECTION_STRING).get('users', { castIds: false });
+
+function processUsers (lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  let query = {
+    migration: {$ne: MIGRATION_NAME},
+    'auth.timestamps.loggedin': {$gt: new Date('2018-10-01')},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId,
+    };
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [
+      'items.mounts',
+      'items.pets',
+    ], // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+    .then(updateUsers)
+    .catch((err) => {
+      console.log(err);
+      return exiting(1, `ERROR! ${err}`);
+    });
+}
+
+const PROGRESS_COUNT = 1000;
+let count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  let userPromises = users.map(updateUser);
+  let lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+    .then(() => {
+      processUsers(lastUser._id);
+    });
+}
+
+function updateUser (user) {
+  count++;
+
+  let set = {};
+  let inc = {
+    'items.food.Candy_Skeleton': 1,
+    'items.food.Candy_Base': 1,
+    'items.food.Candy_CottonCandyBlue': 1,
+    'items.food.Candy_CottonCandyPink': 1,
+    'items.food.Candy_Shade': 1,
+    'items.food.Candy_White': 1,
+    'items.food.Candy_Golden': 1,
+    'items.food.Candy_Zombie': 1,
+    'items.food.Candy_Desert': 1,
+    'items.food.Candy_Red': 1,
+  };
+
+  if (user && user.items && user.items.pets && user.items.mounts['JackOLantern-Ghost']) {
+    set['items.pets.JackOLantern-Glow'] = 5;
+  } else if (user && user.items && user.items.pets && user.items.pets['JackOLantern-Ghost']) {
+    set['items.mounts.JackOLantern-Ghost'] = true;
+  } else if (user && user.items && user.items.mounts && user.items.mounts['JackOLantern-Base']) {
+    set['items.pets.JackOLantern-Ghost'] = 5;
+  } else if (user && user.items && user.items.pets && user.items.pets['JackOLantern-Base']) {
+    set['items.mounts.JackOLantern-Base'] = true;
+  } else {
+    set['items.pets.JackOLantern-Base'] = 5;
+  }
+
+  dbUsers.update({_id: user._id}, {$set: set, $inc: inc});
+
+  if (count % PROGRESS_COUNT === 0) console.warn(`${count} ${user._id}`);
+  if (user._id === AUTHOR_UUID) console.warn(`${AUTHOR_NAME} processed`);
+}
+
+function displayData () {
+  console.warn(`\n${count} users processed\n`);
+  return exiting(0);
+}
+
+function exiting (code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) {
+    msg = 'ERROR!';
+  }
+  if (msg) {
+    if (code) {
+      console.error(msg);
+    } else      {
+      console.log(msg);
+    }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;
--- a/migrations/archive/2018/20181108_username_email.js
+++ b/migrations/archive/2018/20181108_username_email.js
@@ -0,0 +1,109 @@
+const MIGRATION_NAME = '20181108_username_email.js';
+const AUTHOR_NAME = 'Sabe'; // in case script author needs to know when their ...
+const AUTHOR_UUID = '7f14ed62-5408-4e1b-be83-ada62d504931'; // ... own data is done
+
+/*
+ * Send emails to eligible users announcing upcoming username changes
+ */
+
+import monk from 'monk';
+import nconf from 'nconf';
+import { sendTxn } from '../../../website/server/libs/email';
+const CONNECTION_STRING = nconf.get('MIGRATION_CONNECT_STRING');
+const BASE_URL = nconf.get('BASE_URL');
+let dbUsers = monk(CONNECTION_STRING).get('users', { castIds: false });
+
+function processUsers (lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  let query = {
+    migration: {$ne: MIGRATION_NAME},
+    'flags.verifiedUsername': {$ne: true},
+    'auth.timestamps.loggedin': {$gt: new Date('2018-10-25')},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId,
+    };
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 100,
+    fields: [
+      '_id',
+      'auth',
+      'preferences',
+      'profile',
+    ], // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+    .then(updateUsers)
+    .catch((err) => {
+      console.log(err);
+      return exiting(1, `ERROR! ${  err}`);
+    });
+}
+
+let progressCount = 1000;
+let count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  let userPromises = users.map(updateUser);
+  let lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+    .then(() => delay(7000))
+    .then(() => {
+      processUsers(lastUser._id);
+    });
+}
+
+function updateUser (user) {
+  count++;
+
+  dbUsers.update({_id: user._id}, {$set: {migration: MIGRATION_NAME}});
+
+  sendTxn(
+    user,
+    'username-change-follow-up',
+    [{name: 'LOGIN_NAME', content: user.auth.local.username},
+     {name: 'BASE_URL', content: BASE_URL}]
+  );
+
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
+  if (user._id === AUTHOR_UUID) console.warn(`${AUTHOR_NAME} processed`);
+}
+
+function displayData () {
+  console.warn(`\n${count} users processed\n`);
+  return exiting(0);
+}
+
+function delay (t, v) {
+  return new Promise(function batchPause (resolve) {
+    setTimeout(resolve.bind(null, v), t);
+  });
+}
+
+function exiting (code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) {
+    msg = 'ERROR!';
+  }
+  if (msg) {
+    if (code) {
+      console.error(msg);
+    } else      {
+      console.log(msg);
+    }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;
--- a/migrations/archive/2018/20181122_turkey_day.js
+++ b/migrations/archive/2018/20181122_turkey_day.js
@@ -0,0 +1,109 @@
+/* eslint-disable no-console */
+const MIGRATION_NAME = '20181122_turkey_day';
+import mongoose from 'mongoose';
+import { model as User } from '../../website/server/models/user';
+
+const progressCount = 1000;
+let count = 0;
+
+async function updateUser (user) {
+  count++;
+
+  const set = {};
+  let push;
+
+  set.migration = MIGRATION_NAME;
+
+  if (typeof user.items.gear.owned.armor_special_turkeyArmorBase !== 'undefined') {
+    set['items.gear.owned.head_special_turkeyHelmGilded'] = false;
+    set['items.gear.owned.armor_special_turkeyArmorGilded'] = false;
+    set['items.gear.owned.back_special_turkeyTailGilded'] = false;
+    push = [
+      {
+        type: 'marketGear',
+        path: 'gear.flat.head_special_turkeyHelmGilded',
+        _id: new mongoose.Types.ObjectId(),
+      },
+      {
+        type: 'marketGear',
+        path: 'gear.flat.armor_special_turkeyArmorGilded',
+        _id: new mongoose.Types.ObjectId(),
+      },
+      {
+        type: 'marketGear',
+        path: 'gear.flat.back_special_turkeyTailGilded',
+        _id: new mongoose.Types.ObjectId(),
+      },
+    ];
+  } else if (user.items && user.items.mounts && user.items.mounts['Turkey-Gilded']) {
+    set['items.gear.owned.head_special_turkeyHelmBase'] = false;
+    set['items.gear.owned.armor_special_turkeyArmorBase'] = false;
+    set['items.gear.owned.back_special_turkeyTailBase'] = false;
+    push = [
+      {
+        type: 'marketGear',
+        path: 'gear.flat.head_special_turkeyHelmBase',
+        _id: new mongoose.Types.ObjectId(),
+      },
+      {
+        type: 'marketGear',
+        path: 'gear.flat.armor_special_turkeyArmorBase',
+        _id: new mongoose.Types.ObjectId(),
+      },
+      {
+        type: 'marketGear',
+        path: 'gear.flat.back_special_turkeyTailBase',
+        _id: new mongoose.Types.ObjectId(),
+      },
+    ];
+  } else if (user.items && user.items.pets && user.items.pets['Turkey-Gilded']) {
+    set['items.mounts.Turkey-Gilded'] = true;
+  } else if (user.items && user.items.mounts && user.items.mounts['Turkey-Base']) {
+    set['items.pets.Turkey-Gilded'] = 5;
+  } else if (user.items && user.items.pets && user.items.pets['Turkey-Base']) {
+    set['items.mounts.Turkey-Base'] = true;
+  } else {
+    set['items.pets.Turkey-Base'] = 5;
+  }
+
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
+
+  if (push) {
+    return await User.update({_id: user._id}, {$set: set, $push: {pinnedItems: {$each: push}}}).exec();
+  } else {
+    return await User.update({_id: user._id}, {$set: set}).exec();
+  }
+}
+
+module.exports = async function processUsers () {
+  let query = {
+    migration: {$ne: MIGRATION_NAME},
+  };
+
+  const fields = {
+    _id: 1,
+    items: 1,
+  };
+
+  while (true) { // eslint-disable-line no-constant-condition
+    const users = await User // eslint-disable-line no-await-in-loop
+      .find(query)
+      .limit(250)
+      .sort({_id: 1})
+      .select(fields)
+      .lean()
+      .exec();
+
+    if (users.length === 0) {
+      console.warn('All appropriate users found and modified.');
+      console.warn(`\n${count} users processed\n`);
+      break;
+    } else {
+      query._id = {
+        $gt: users[users.length - 1],
+      };
+    }
+
+    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
+  }
+};
--- a/migrations/archive/2018/20181231_nye.js
+++ b/migrations/archive/2018/20181231_nye.js
@@ -0,0 +1,110 @@
+/* eslint-disable no-console */
+const MIGRATION_NAME = '20181231_nye';
+import { model as User } from '../../../website/server/models/user';
+import mongoose from 'mongoose';
+import { v4 as uuid } from 'uuid';
+
+const progressCount = 1000;
+let count = 0;
+
+async function updateUser (user) {
+  count++;
+
+  const set = {'flags.newStuff': true};
+  let push;
+
+  set.migration = MIGRATION_NAME;
+
+  if (typeof user.items.gear.owned.head_special_nye2017 !== 'undefined') {
+    set['items.gear.owned.head_special_nye2018'] = false;
+    push = [
+      {
+        type: 'marketGear',
+        path: 'gear.flat.head_special_nye2018',
+        _id: uuid(),
+      },
+    ];
+  } else if (typeof user.items.gear.owned.head_special_nye2016 !== 'undefined') {
+    set['items.gear.owned.head_special_nye2017'] = false;
+    push = [
+      {
+        type: 'marketGear',
+        path: 'gear.flat.head_special_nye2017',
+        _id: uuid(),
+      },
+    ];
+  } else if (typeof user.items.gear.owned.head_special_nye2015 !== 'undefined') {
+    set['items.gear.owned.head_special_nye2016'] = false;
+    push = [
+      {
+        type: 'marketGear',
+        path: 'gear.flat.head_special_nye2016',
+        _id: uuid(),
+      },
+    ];
+  } else if (typeof user.items.gear.owned.head_special_nye2014 !== 'undefined') {
+    set['items.gear.owned.head_special_nye2015'] = false;
+    push = [
+      {
+        type: 'marketGear',
+        path: 'gear.flat.head_special_nye2015',
+        _id: uuid(),
+      },
+    ];
+  } else if (typeof user.items.gear.owned.head_special_nye !== 'undefined') {
+    set['items.gear.owned.head_special_nye2014'] = false;
+    push = [
+      {
+        type: 'marketGear',
+        path: 'gear.flat.head_special_nye2014',
+        _id: uuid(),
+      },
+    ];
+  } else {
+    set['items.gear.owned.head_special_nye'] = false;
+    push = [
+      {
+        type: 'marketGear',
+        path: 'gear.flat.head_special_nye',
+        _id: uuid(),
+      },
+    ];
+  }
+
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
+
+  return await User.update({_id: user._id}, {$set: set, $push: {pinnedItems: {$each: push}}}).exec();
+}
+
+module.exports = async function processUsers () {
+  let query = {
+    migration: {$ne: MIGRATION_NAME},
+  };
+
+  const fields = {
+    _id: 1,
+    items: 1,
+  };
+
+  while (true) { // eslint-disable-line no-constant-condition
+    const users = await User // eslint-disable-line no-await-in-loop
+      .find(query)
+      .limit(250)
+      .sort({_id: 1})
+      .select(fields)
+      .lean()
+      .exec();
+
+    if (users.length === 0) {
+      console.warn('All appropriate users found and modified.');
+      console.warn(`\n${count} users processed\n`);
+      break;
+    } else {
+      query._id = {
+        $gt: users[users.length - 1],
+      };
+    }
+
+    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
+  }
+};
--- a/migrations/archive/mystery-items-old.js
+++ b/migrations/archive/mystery-items-old.js
@@ -0,0 +1,110 @@
+import monk from 'monk';
+import nconf from 'nconf';
+
+const migrationName = 'mystery-items-201808.js'; // Update per month
+const authorName = 'Sabe'; // in case script author needs to know when their ...
+const authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; // ... own data is done
+
+/*
+ * Award this month's mystery items to subscribers
+ */
+const MYSTERY_ITEMS = ['armor_mystery_201810', 'head_mystery_201810'];
+const CONNECTION_STRING = nconf.get('MIGRATION_CONNECT_STRING');
+
+let dbUsers = monk(CONNECTION_STRING).get('users', { castIds: false });
+let UserNotification = require('../../website/server/models/userNotification').model;
+
+function processUsers (lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  let query = {
+    migration: {$ne: migrationName},
+    'purchased.plan.customerId': { $ne: null },
+    $or: [
+      { 'purchased.plan.dateTerminated': { $gte: new Date() } },
+      { 'purchased.plan.dateTerminated': { $exists: false } },
+      { 'purchased.plan.dateTerminated': { $eq: null } },
+    ],
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId,
+    };
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [
+    ], // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+    .then(updateUsers)
+    .catch((err) => {
+      console.log(err);
+      return exiting(1, `ERROR! ${  err}`);
+    });
+}
+
+let progressCount = 1000;
+let count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  let userPromises = users.map(updateUser);
+  let lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+    .then(() => {
+      processUsers(lastUser._id);
+    });
+}
+
+function updateUser (user) {
+  count++;
+
+  const addToSet = {
+    'purchased.plan.mysteryItems': {
+      $each: MYSTERY_ITEMS,
+    },
+  };
+  const push = {
+    notifications: (new UserNotification({
+      type: 'NEW_MYSTERY_ITEMS',
+      data: {
+        MYSTERY_ITEMS,
+      },
+    })).toJSON(),
+  };
+
+  dbUsers.update({_id: user._id}, {$addToSet: addToSet, $push: push});
+
+  if (count % progressCount === 0) console.warn(`${count  } ${  user._id}`);
+  if (user._id === authorUuid) console.warn(`${authorName  } processed`);
+}
+
+function displayData () {
+  console.warn(`\n${  count  } users processed\n`);
+  return exiting(0);
+}
+
+function exiting (code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) {
+    msg = 'ERROR!';
+  }
+  if (msg) {
+    if (code) {
+      console.error(msg);
+    } else      {
+      console.log(msg);
+    }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;
--- a/migrations/archive/takeThis.js
+++ b/migrations/archive/takeThis.js
@@ -1,4 +1,4 @@
-let migrationName = '20180702_takeThis.js'; // Update per month
+let migrationName = '20180904_takeThis.js'; // Update per month
 let authorName = 'Sabe'; // in case script author needs to know when their ...
 let authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; // ... own data is done

@@ -15,7 +15,7 @@ function processUsers (lastId) {
  // specify a query to limit the affected users (empty for all users):
  let query = {
    migration: {$ne: migrationName},
-    challenges: {$in: ['f0481f95-1dde-4ae7-a876-d19502a45d61']}, // Update per month
+    challenges: {$in: ['1044ec0c-4a85-48c5-9f36-d51c0c62c7d3']}, // Update per month
  };

  if (lastId) {
--- a/migrations/migration-runner.js
+++ b/migrations/migration-runner.js
@@ -17,5 +17,12 @@ function setUpServer () {
 setUpServer();

 // Replace this with your migration
-const processUsers = require('./tasks/habits-one-history-entry-per-day-challenges.js');
-processUsers();
+const processUsers = require('./archive/2018/20181231_nye.js');
+processUsers()
+  .then(function success () {
+    process.exit(0);
+  })
+  .catch(function failure (err) {
+    console.log(err);
+    process.exit(1);
+  });
--- a/migrations/users/bulk-email.js
+++ b/migrations/users/bulk-email.js
@@ -0,0 +1,61 @@
+/* eslint-disable no-console */
+import { sendTxn } from '../../../website/server/libs/email';
+import { model as User } from '../../website/server/models/user';
+import moment from 'moment';
+import nconf from 'nconf';
+const BASE_URL = nconf.get('BASE_URL');
+const EMAIL_SLUG = 'mandrill-email-slug'; // Set email template to send
+const MIGRATION_NAME = 'bulk-email';
+
+const progressCount = 1000;
+let count = 0;
+
+async function updateUser (user) {
+  count++;
+
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
+
+  sendTxn(
+    user,
+    EMAIL_SLUG,
+    [{name: 'BASE_URL', content: BASE_URL}] // Add variables from template
+  );
+
+  return await User.update({_id: user._id}, {$set: {migration: MIGRATION_NAME}}).exec();
+}
+
+module.exports = async function processUsers () {
+  let query = {
+    migration: {$ne: MIGRATION_NAME},
+    'auth.timestamps.loggedin': {$gt: moment().subtract(2, 'weeks').toDate()}, // customize or remove to target different populations
+  };
+
+  const fields = {
+    _id: 1,
+    auth: 1,
+    preferences: 1,
+    profile: 1,
+  };
+
+  while (true) { // eslint-disable-line no-constant-condition
+    const users = await User // eslint-disable-line no-await-in-loop
+      .find(query)
+      .limit(250)
+      .sort({_id: 1})
+      .select(fields)
+      .lean()
+      .exec();
+
+    if (users.length === 0) {
+      console.warn('All appropriate users found and modified.');
+      console.warn(`\n${count} users processed\n`);
+      break;
+    } else {
+      query._id = {
+        $gt: users[users.length - 1],
+      };
+    }
+
+    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
+  }
+};
--- a/migrations/users/mystery-items.js
+++ b/migrations/users/mystery-items.js
@@ -1,70 +1,13 @@
-import monk from 'monk';
-import nconf from 'nconf';
+/* eslint-disable no-console */
+const MIGRATION_NAME = 'mystery_items_201812';
+const MYSTERY_ITEMS = ['headAccessory_mystery_201812', 'back_mystery_201812'];
+import { model as User } from '../../website/server/models/user';
+import { model as UserNotification } from '../../website/server/models/userNotification';

-const migrationName = 'mystery-items-201806.js'; // Update per month
-const authorName = 'Sabe'; // in case script author needs to know when their ...
-const authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; // ... own data is done
-
-/*
- * Award this month's mystery items to subscribers
- */
-const MYSTERY_ITEMS = ['armor_mystery_201806', 'head_mystery_201806'];
-const CONNECTION_STRING = nconf.get('MIGRATION_CONNECT_STRING');
-
-let dbUsers = monk(CONNECTION_STRING).get('users', { castIds: false });
-let UserNotification = require('../../website/server/models/userNotification').model;
-
-function processUsers (lastId) {
-  // specify a query to limit the affected users (empty for all users):
-  let query = {
-    migration: {$ne: migrationName},
-    'purchased.plan.customerId': { $ne: null },
-    $or: [
-      { 'purchased.plan.dateTerminated': { $gte: new Date() } },
-      { 'purchased.plan.dateTerminated': { $exists: false } },
-      { 'purchased.plan.dateTerminated': { $eq: null } },
-    ],
-  };
-
-  if (lastId) {
-    query._id = {
-      $gt: lastId,
-    };
-  }
-
-  dbUsers.find(query, {
-    sort: {_id: 1},
-    limit: 250,
-    fields: [
-    ], // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
-  })
-    .then(updateUsers)
-    .catch((err) => {
-      console.log(err);
-      return exiting(1, `ERROR! ${  err}`);
-    });
-}
-
-let progressCount = 1000;
+const progressCount = 1000;
 let count = 0;

-function updateUsers (users) {
-  if (!users || users.length === 0) {
-    console.warn('All appropriate users found and modified.');
-    displayData();
-    return;
-  }
-
-  let userPromises = users.map(updateUser);
-  let lastUser = users[users.length - 1];
-
-  return Promise.all(userPromises)
-    .then(() => {
-      processUsers(lastUser._id);
-    });
-}
-
-function updateUser (user) {
+async function updateUser (user) {
  count++;

  const addToSet = {
@@ -80,31 +23,49 @@ function updateUser (user) {
      },
    })).toJSON(),
  };
+  const set = {
+    migration: MIGRATION_NAME,
+  };

-  dbUsers.update({_id: user._id}, {$addToSet: addToSet, $push: push});
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);

-  if (count % progressCount === 0) console.warn(`${count  } ${  user._id}`);
-  if (user._id === authorUuid) console.warn(`${authorName  } processed`);
+  return await User.update({_id: user._id}, {$set: set, $push: push, $addToSet: addToSet}).exec();
 }

-function displayData () {
-  console.warn(`\n${  count  } users processed\n`);
-  return exiting(0);
-}
+module.exports = async function processUsers () {
+  let query = {
+    migration: {$ne: MIGRATION_NAME},
+    'purchased.plan.customerId': { $ne: null },
+    $or: [
+      { 'purchased.plan.dateTerminated': { $gte: new Date() } },
+      { 'purchased.plan.dateTerminated': { $exists: false } },
+      { 'purchased.plan.dateTerminated': { $eq: null } },
+    ],
+  };

-function exiting (code, msg) {
-  code = code || 0; // 0 = success
-  if (code && !msg) {
-    msg = 'ERROR!';
-  }
-  if (msg) {
-    if (code) {
-      console.error(msg);
-    } else      {
-      console.log(msg);
+  const fields = {
+    _id: 1,
+  };
+
+  while (true) { // eslint-disable-line no-constant-condition
+    const users = await User // eslint-disable-line no-await-in-loop
+      .find(query)
+      .limit(250)
+      .sort({_id: 1})
+      .select(fields)
+      .lean()
+      .exec();
+
+    if (users.length === 0) {
+      console.warn('All appropriate users found and modified.');
+      console.warn(`\n${count} users processed\n`);
+      break;
+    } else {
+      query._id = {
+        $gt: users[users.length - 1],
+      };
    }
-  }
-  process.exit(code);
-}

-module.exports = processUsers;
+    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
+  }
+};
--- a/migrations/users/take-this.js
+++ b/migrations/users/take-this.js
@@ -0,0 +1,81 @@
+/* eslint-disable no-console */
+const MIGRATION_NAME = '20181203_take_this';
+import { v4 as uuid } from 'uuid';
+
+import { model as User } from '../../website/server/models/user';
+
+const progressCount = 1000;
+let count = 0;
+
+async function updateUser (user) {
+  count++;
+
+  const set = {};
+  let push;
+
+  set.migration = MIGRATION_NAME;
+
+  if (typeof user.items.gear.owned.back_special_takeThis !== 'undefined') {
+    push = false;
+  } else if (typeof user.items.gear.owned.body_special_takeThis !== 'undefined') {
+    set['items.gear.owned.back_special_takeThis'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.back_special_takeThis', _id: uuid()}};
+  } else if (typeof user.items.gear.owned.head_special_takeThis !== 'undefined') {
+    set['items.gear.owned.body_special_takeThis'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.body_special_takeThis', _id: uuid()}};
+  } else if (typeof user.items.gear.owned.armor_special_takeThis !== 'undefined') {
+    set['items.gear.owned.head_special_takeThis'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.head_special_takeThis', _id: uuid()}};
+  } else if (typeof user.items.gear.owned.weapon_special_takeThis !== 'undefined') {
+    set['items.gear.owned.armor_special_takeThis'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.armor_special_takeThis', _id: uuid()}};
+  } else if (typeof user.items.gear.owned.shield_special_takeThis !== 'undefined') {
+    set['items.gear.owned.weapon_special_takeThis'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.weapon_special_takeThis', _id: uuid()}};
+  } else {
+    set['items.gear.owned.shield_special_takeThis'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.shield_special_takeThis', _id: uuid()}};
+  }
+
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
+
+  if (push) {
+    return await User.update({_id: user._id}, {$set: set, $push: push}).exec();
+  } else {
+    return await User.update({_id: user._id}, {$set: set}).exec();
+  }
+}
+
+module.exports = async function processUsers () {
+  let query = {
+    migration: {$ne: MIGRATION_NAME},
+    challenges: '00708425-d477-41a5-bf27-6270466e7976',
+  };
+
+  const fields = {
+    _id: 1,
+    items: 1,
+  };
+
+  while (true) { // eslint-disable-line no-constant-condition
+    const users = await User // eslint-disable-line no-await-in-loop
+      .find(query)
+      .limit(250)
+      .sort({_id: 1})
+      .select(fields)
+      .lean()
+      .exec();
+
+    if (users.length === 0) {
+      console.warn('All appropriate users found and modified.');
+      console.warn(`\n${count} users processed\n`);
+      break;
+    } else {
+      query._id = {
+        $gt: users[users.length - 1],
+      };
+    }
+
+    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
+  }
+};
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "habitica",
  "description": "A habit tracker app which treats your goals like a Role Playing Game.",
-  "version": "4.52.0",
+  "version": "4.80.7",
  "main": "./website/server/index.js",
  "dependencies": {
    "@slack/client": "^3.8.1",
@@ -9,9 +9,9 @@
    "amazon-payments": "^0.2.7",
    "amplitude": "^3.5.0",
    "apidoc": "^0.17.5",
-    "autoprefixer": "^8.5.0",
-    "aws-sdk": "^2.239.1",
    "apn": "^2.2.0",
+    "autoprefixer": "^8.5.0",
+    "aws-sdk": "^2.329.0",
    "axios": "^0.18.0",
    "axios-progress-bar": "^1.2.0",
    "babel-core": "^6.26.3",
@@ -26,16 +26,16 @@
    "babel-preset-es2015": "^6.6.0",
    "babel-register": "^6.6.0",
    "babel-runtime": "^6.11.6",
-    "bcrypt": "^2.0.0",
+    "bcrypt": "^3.0.1",
    "body-parser": "^1.18.3",
    "bootstrap": "^4.1.1",
    "bootstrap-vue": "^2.0.0-rc.9",
    "compression": "^1.7.2",
    "cookie-session": "^1.2.0",
    "coupon-code": "^0.4.5",
-    "cross-env": "^5.1.5",
+    "cross-env": "^5.2.0",
    "css-loader": "^0.28.11",
-    "csv-stringify": "^2.1.0",
+    "csv-stringify": "^4.3.1",
    "cwait": "^1.1.1",
    "domain-middleware": "~0.1.0",
    "express": "^4.16.3",
@@ -43,32 +43,32 @@
    "express-validator": "^5.2.0",
    "extract-text-webpack-plugin": "^3.0.2",
    "glob": "^7.1.2",
-    "got": "^8.3.1",
+    "got": "^9.0.0",
    "gulp": "^4.0.0",
    "gulp-babel": "^7.0.1",
-    "gulp-imagemin": "^4.1.0",
-    "gulp-nodemon": "^2.2.1",
+    "gulp-imagemin": "^5.0.3",
+    "gulp-nodemon": "^2.4.1",
    "gulp.spritesmith": "^6.9.0",
    "habitica-markdown": "^1.3.0",
    "hellojs": "^1.15.1",
    "html-webpack-plugin": "^3.2.0",
    "image-size": "^0.6.2",
-    "in-app-purchase": "^1.9.4",
+    "in-app-purchase": "^1.10.2",
    "intro.js": "^2.9.3",
    "jquery": ">=3.0.0",
    "js2xmlparser": "^3.0.0",
    "lodash": "^4.17.10",
    "merge-stream": "^1.0.0",
-    "method-override": "^2.3.5",
+    "method-override": "^3.0.0",
    "moment": "^2.22.1",
    "moment-recur": "^1.0.7",
-    "mongoose": "^5.1.2",
+    "mongoose": "^5.3.4",
    "morgan": "^1.7.0",
    "nconf": "^0.10.0",
-    "node-gcm": "^0.14.4",
+    "node-gcm": "^1.0.2",
    "node-sass": "^4.9.0",
    "nodemailer": "^4.6.4",
-    "ora": "^2.1.0",
+    "ora": "^3.0.0",
    "pageres": "^4.1.1",
    "passport": "^0.4.0",
    "passport-facebook": "^2.0.0",
@@ -79,23 +79,24 @@
    "postcss-easy-import": "^3.0.0",
    "ps-tree": "^1.0.0",
    "pug": "^2.0.3",
-    "pusher": "^1.3.0",
    "rimraf": "^2.4.3",
-    "sass-loader": "^7.0.0",
+    "sass-loader": "^7.0.3",
    "shelljs": "^0.8.2",
+    "short-uuid": "^3.0.0",
+    "smartbanner.js": "^1.9.1",
    "stripe": "^5.9.0",
-    "superagent": "^3.8.3",
+    "superagent": "^4.0.0",
    "svg-inline-loader": "^0.8.0",
    "svg-url-loader": "^2.3.2",
    "svgo": "^1.0.5",
    "svgo-loader": "^2.1.0",
-    "universal-analytics": "^0.4.16",
+    "universal-analytics": "^0.4.17",
    "update": "^0.7.4",
    "upgrade": "^1.1.0",
    "url-loader": "^1.0.0",
    "useragent": "^2.1.9",
    "uuid": "^3.0.1",
-    "validator": "^9.4.1",
+    "validator": "^10.5.0",
    "vinyl-buffer": "^1.0.1",
    "vue": "^2.5.16",
    "vue-loader": "^14.2.2",
@@ -106,15 +107,15 @@
    "vuedraggable": "^2.15.0",
    "vuejs-datepicker": "git://github.com/habitrpg/vuejs-datepicker.git#5d237615463a84a23dd6f3f77c6ab577d68593ec",
    "webpack": "^3.12.0",
-    "webpack-merge": "^4.0.0",
-    "winston": "^2.4.2",
+    "webpack-merge": "^4.1.3",
+    "winston": "^2.4.3",
    "winston-loggly-bulk": "^2.0.2",
    "xml2js": "^0.4.4"
  },
  "private": true,
  "engines": {
-    "node": "^8.9.4",
-    "npm": "^5.6.0"
+    "node": "^10",
+    "npm": "^6"
  },
  "scripts": {
    "lint": "eslint --ext .js,.vue .",
@@ -143,13 +144,13 @@
    "apidoc": "gulp apidoc"
  },
  "devDependencies": {
-    "@vue/test-utils": "^1.0.0-beta.16",
+    "@vue/test-utils": "^1.0.0-beta.19",
    "babel-plugin-istanbul": "^4.1.6",
    "babel-plugin-syntax-object-rest-spread": "^6.13.0",
    "chai": "^4.1.2",
    "chai-as-promised": "^7.1.1",
    "chalk": "^2.4.1",
-    "chromedriver": "^2.38.3",
+    "chromedriver": "^2.40.0",
    "connect-history-api-fallback": "^1.1.0",
    "coveralls": "^3.0.1",
    "cross-spawn": "^6.0.5",
@@ -161,36 +162,33 @@
    "eslint-plugin-mocha": "^5.0.0",
    "eventsource-polyfill": "^0.9.6",
    "expect.js": "^0.3.1",
-    "http-proxy-middleware": "^0.18.0",
+    "http-proxy-middleware": "^0.19.0",
    "istanbul": "^1.1.0-alpha.1",
-    "karma": "^2.0.2",
+    "karma": "^3.1.3",
    "karma-babel-preprocessor": "^7.0.0",
    "karma-chai-plugins": "^0.9.0",
    "karma-chrome-launcher": "^2.2.0",
    "karma-coverage": "^1.1.2",
    "karma-mocha": "^1.3.0",
    "karma-mocha-reporter": "^2.2.5",
-    "karma-sinon-chai": "^1.3.4",
+    "karma-sinon-chai": "^2.0.0",
    "karma-sinon-stub-promise": "^1.0.0",
    "karma-sourcemap-loader": "^0.3.7",
    "karma-spec-reporter": "0.0.32",
    "karma-webpack": "^3.0.0",
-    "lcov-result-merger": "^2.0.0",
+    "lcov-result-merger": "^3.0.0",
    "mocha": "^5.1.1",
    "monk": "^6.0.6",
    "nightwatch": "^0.9.21",
-    "puppeteer": "^1.4.0",
+    "puppeteer": "^1.5.0",
    "require-again": "^2.0.0",
    "selenium-server": "^3.12.0",
-    "sinon": "^4.5.0",
+    "sinon": "^6.3.5",
    "sinon-chai": "^3.0.0",
    "sinon-stub-promise": "^4.0.0",
    "webpack-bundle-analyzer": "^2.12.0",
    "webpack-dev-middleware": "^2.0.5",
    "webpack-hot-middleware": "^2.22.2"
  },
-  "optionalDependencies": {
-    "memwatch-next": "^0.3.0",
-    "node-rdkafka": "^2.3.0"
-  }
+  "optionalDependencies": {}
 }
--- a/scripts/gdpr-delete-users.js
+++ b/scripts/gdpr-delete-users.js
@@ -0,0 +1,89 @@
+/* eslint-disable no-console */
+import axios from 'axios';
+import { model as User } from '../website/server/models/user';
+import nconf from 'nconf';
+
+const AMPLITUDE_KEY = nconf.get('AMPLITUDE_KEY');
+const AMPLITUDE_SECRET = nconf.get('AMPLITUDE_SECRET');
+const BASE_URL = nconf.get('BASE_URL');
+
+async function _deleteAmplitudeData (userId, email) {
+  const response = await axios.post(
+    'https://amplitude.com/api/2/deletions/users',
+    {
+      user_ids: userId, // eslint-disable-line camelcase
+      requester: email,
+    },
+    {
+      auth: {
+        username: AMPLITUDE_KEY,
+        password: AMPLITUDE_SECRET,
+      },
+    }
+  ).catch((err) => {
+    console.log(err.response.data);
+  });
+
+  if (response) console.log(`${response.status} ${response.statusText}`);
+}
+
+async function _deleteHabiticaData (user, email) {
+  await User.update(
+    {_id: user._id},
+    {$set: {
+      'auth.local.email': email,
+      'auth.local.hashed_password': '$2a$10$QDnNh1j1yMPnTXDEOV38xOePEWFd4X8DSYwAM8XTmqmacG5X0DKjW',
+      'auth.local.passwordHashMethod': 'bcrypt',
+    }}
+  );
+  const response = await axios.delete(
+    `${BASE_URL}/api/v3/user`,
+    {
+      data: {
+        password: 'test',
+      },
+      headers: {
+        'x-api-user': user._id,
+        'x-api-key': user.apiToken,
+      },
+    }
+  ).catch((err) => {
+    console.log(err.response.data);
+  });
+
+  if (response) {
+    console.log(`${response.status} ${response.statusText}`);
+    if (response.status === 200) console.log(`${user._id} removed. Last login: ${user.auth.timestamps.loggedin}`);
+  }
+}
+
+async function _processEmailAddress (email) {
+  const emailRegex = new RegExp(`^${email}`, 'i');
+  const users = await User.find({
+    $or: [
+      {'auth.local.email': emailRegex},
+      {'auth.facebook.emails.value': emailRegex},
+      {'auth.google.emails.value': emailRegex},
+    ]},
+  {
+    _id: 1,
+    apiToken: 1,
+    auth: 1,
+  }).exec();
+
+  if (users.length < 1) {
+    console.log(`No users found with email address ${email}`);
+  } else {
+    for (const user of users) {
+      await _deleteAmplitudeData(user._id, email); // eslint-disable-line no-await-in-loop
+      await _deleteHabiticaData(user, email); // eslint-disable-line no-await-in-loop
+    }
+  }
+}
+
+function deleteUserData (emails) {
+  const emailPromises = emails.map(_processEmailAddress);
+  return Promise.all(emailPromises);
+}
+
+module.exports = deleteUserData;
--- a/scripts/paypalBillingSetup.js
+++ b/scripts/paypalBillingSetup.js
@@ -12,28 +12,27 @@ const nconf = require('nconf');
 const _ = require('lodash');
 const paypal = require('paypal-rest-sdk');
 const blocks = require('../website/common').content.subscriptionBlocks;
-const live = nconf.get('PAYPAL:mode') === 'live';
+const live = nconf.get('PAYPAL_MODE') === 'live';

 nconf.argv().env().file('user', path.join(path.resolve(__dirname, '../config.json')));

-let OP = 'create'; // list create update remove
+let OP = 'create'; // list get update create create-webprofile

 paypal.configure({
-  mode: nconf.get('PAYPAL:mode'), // sandbox or live
-  client_id: nconf.get('PAYPAL:client_id'),
-  client_secret: nconf.get('PAYPAL:client_secret'),
+  mode: nconf.get('PAYPAL_MODE'), // sandbox or live
+  client_id: nconf.get('PAYPAL_CLIENT_ID'),
+  client_secret: nconf.get('PAYPAL_CLIENT_SECRET'),
 });

 // https://developer.paypal.com/docs/api/#billing-plans-and-agreements
 let billingPlanTitle = 'Habitica Subscription';
 let billingPlanAttributes = {
-  name: billingPlanTitle,
  description: billingPlanTitle,
  type: 'INFINITE',
  merchant_preferences: {
    auto_bill_amount: 'yes',
    cancel_url: live ? 'https://habitica.com' : 'http://localhost:3000',
-    return_url: `${live ? 'https://habitica.com' : 'http://localhost:3000'  }/paypal/subscribe/success`,
+    return_url: `${live ? 'https://habitica.com' : 'http://localhost:3000'}/paypal/subscribe/success`,
  },
  payment_definitions: [{
    type: 'REGULAR',
@@ -45,7 +44,7 @@ let billingPlanAttributes = {
 _.each(blocks, (block) => {
  block.definition = _.cloneDeep(billingPlanAttributes);
  _.merge(block.definition.payment_definitions[0], {
-    name: `${billingPlanTitle  } ($${block.price} every ${block.months} months, recurring)`,
+    name: `${billingPlanTitle} ($${block.price} every ${block.months} months, recurring)`,
    frequency_interval: `${block.months}`,
    amount: {
      currency: 'USD',
@@ -63,7 +62,7 @@ switch (OP) {
    });
    break;
  case 'get':
-    paypal.billingPlan.get(nconf.get('PAYPAL:billing_plans:12'), (err, plan) => {
+    paypal.billingPlan.get(nconf.get('PAYPAL_BILLING_PLANS_basic_12mo'), (err, plan) => {
      console.log({err, plan});
    });
    break;
@@ -75,7 +74,7 @@ switch (OP) {
        cancel_url: 'https://habitica.com',
      },
    };
-    paypal.billingPlan.update(nconf.get('PAYPAL:billing_plans:12'), updatePayload, (err, res) => {
+    paypal.billingPlan.update(nconf.get('PAYPAL_BILLING_PLANS_basic_12mo'), updatePayload, (err, res) => {
      console.log({err, plan: res});
    });
    break;
@@ -101,9 +100,6 @@ switch (OP) {
      });
    });
    break;
-
-  case 'remove': break;
-
  case 'create-webprofile':
    let webexpinfo = {
      name: 'HabiticaProfile',
@@ -116,4 +112,4 @@ switch (OP) {
      console.log(error, result);
    });
    break;
-}
+}
--- a/test/api/unit/libs/baseModel.test.js
+++ b/test/api/unit/libs/baseModel.test.js
@@ -5,10 +5,17 @@ describe('Base model plugin', () => {
  let schema;

  beforeEach(() => {
-    schema = new mongoose.Schema();
+    schema = new mongoose.Schema({}, {
+      typeKey: '$type',
+    });
    sandbox.stub(schema, 'add');
  });

+  it('throws if "typeKey" is not set to $type', () => {
+    const schemaWithoutTypeKey = new mongoose.Schema();
+    expect(() => schemaWithoutTypeKey.plugin(baseModel)).to.throw;
+  });
+
  it('adds a _id field to the schema', () => {
    schema.plugin(baseModel);

--- a/test/api/unit/libs/cron.test.js
+++ b/test/api/unit/libs/cron.test.js
@@ -65,6 +65,12 @@ describe('cron', () => {
    expect(analytics.track.callCount).to.equal(1);
  });

+  it('calls analytics when user is sleeping', () => {
+    user.preferences.sleep = true;
+    cron({user, tasksByType, daysMissed, analytics});
+    expect(analytics.track.callCount).to.equal(1);
+  });
+
  describe('end of the month perks', () => {
    beforeEach(() => {
      user.purchased.plan.customerId = 'subscribedId';
@@ -655,76 +661,6 @@ describe('cron', () => {
    });
  });

-  describe('user is sleeping', () => {
-    beforeEach(() => {
-      user.preferences.sleep = true;
-    });
-
-    it('calls analytics', () => {
-      cron({user, tasksByType, daysMissed, analytics});
-      expect(analytics.track.callCount).to.equal(1);
-    });
-
-    it('clears user buffs', () => {
-      user.stats.buffs = {
-        str: 1,
-        int: 1,
-        per: 1,
-        con: 1,
-        stealth: 1,
-        streaks: true,
-      };
-
-      cron({user, tasksByType, daysMissed, analytics});
-
-      expect(user.stats.buffs.str).to.equal(0);
-      expect(user.stats.buffs.int).to.equal(0);
-      expect(user.stats.buffs.per).to.equal(0);
-      expect(user.stats.buffs.con).to.equal(0);
-      expect(user.stats.buffs.stealth).to.equal(0);
-      expect(user.stats.buffs.streaks).to.be.false;
-    });
-
-    it('resets all dailies without damaging user', () => {
-      let daily = {
-        text: 'test daily',
-        type: 'daily',
-        frequency: 'daily',
-        everyX: 5,
-        startDate: new Date(),
-      };
-
-      let task = new Tasks.daily(Tasks.Task.sanitize(daily)); // eslint-disable-line new-cap
-      tasksByType.dailys.push(task);
-      tasksByType.dailys[0].completed = true;
-
-      let healthBefore = user.stats.hp;
-
-      cron({user, tasksByType, daysMissed, analytics});
-
-      expect(tasksByType.dailys[0].completed).to.be.false;
-      expect(user.stats.hp).to.equal(healthBefore);
-    });
-
-    it('sets isDue for daily', () => {
-      let daily = {
-        text: 'test daily',
-        type: 'daily',
-        frequency: 'daily',
-        everyX: 5,
-        startDate: new Date(),
-      };
-
-      let task = new Tasks.daily(Tasks.Task.sanitize(daily)); // eslint-disable-line new-cap
-      tasksByType.dailys.push(task);
-      tasksByType.dailys[0].completed = true;
-
-      cron({user, tasksByType, daysMissed, analytics});
-
-      expect(tasksByType.dailys[0].isDue).to.be.exist;
-    });
-  });
-
  describe('todos', () => {
    beforeEach(() => {
      let todo = {
@@ -846,6 +782,15 @@ describe('cron', () => {
      expect(tasksByType.dailys[0].isDue).to.be.false;
    });

+    it('computes isDue when user is sleeping', () => {
+      user.preferences.sleep = true;
+      tasksByType.dailys[0].frequency = 'daily';
+      tasksByType.dailys[0].everyX = 5;
+      tasksByType.dailys[0].startDate = moment().toDate();
+      cron({user, tasksByType, daysMissed, analytics});
+      expect(tasksByType.dailys[0].isDue).to.exist;
+    });
+
    it('computes nextDue', () => {
      tasksByType.dailys[0].frequency = 'daily';
      tasksByType.dailys[0].everyX = 5;
@@ -865,6 +810,13 @@ describe('cron', () => {
      expect(tasksByType.dailys[0].completed).to.be.false;
    });

+    it('should set tasks completed to false when user is sleeping', () => {
+      user.preferences.sleep = true;
+      tasksByType.dailys[0].completed = true;
+      cron({user, tasksByType, daysMissed, analytics});
+      expect(tasksByType.dailys[0].completed).to.be.false;
+    });
+
    it('should reset task checklist for completed dailys', () => {
      tasksByType.dailys[0].checklist.push({title: 'test', completed: false});
      tasksByType.dailys[0].completed = true;
@@ -872,6 +824,14 @@ describe('cron', () => {
      expect(tasksByType.dailys[0].checklist[0].completed).to.be.false;
    });

+    it('should reset task checklist for completed dailys when user is sleeping', () => {
+      user.preferences.sleep = true;
+      tasksByType.dailys[0].checklist.push({title: 'test', completed: false});
+      tasksByType.dailys[0].completed = true;
+      cron({user, tasksByType, daysMissed, analytics});
+      expect(tasksByType.dailys[0].checklist[0].completed).to.be.false;
+    });
+
    it('should reset task checklist for dailys with scheduled misses', () => {
      daysMissed = 10;
      tasksByType.dailys[0].checklist.push({title: 'test', completed: false});
@@ -884,12 +844,19 @@ describe('cron', () => {
      daysMissed = 1;
      let hpBefore = user.stats.hp;
      tasksByType.dailys[0].startDate = moment(new Date()).subtract({days: 1});
-
      cron({user, tasksByType, daysMissed, analytics});
-
      expect(user.stats.hp).to.be.lessThan(hpBefore);
    });

+    it('should not do damage for missing a daily when user is sleeping', () => {
+      user.preferences.sleep = true;
+      daysMissed = 1;
+      let hpBefore = user.stats.hp;
+      tasksByType.dailys[0].startDate = moment(new Date()).subtract({days: 1});
+      cron({user, tasksByType, daysMissed, analytics});
+      expect(user.stats.hp).to.equal(hpBefore);
+    });
+
    it('should not do damage for missing a daily when CRON_SAFE_MODE is set', () => {
      sandbox.stub(nconf, 'get').withArgs('CRON_SAFE_MODE').returns('true');
      let cronOverride = requireAgain(pathToCronLib).cron;
@@ -930,7 +897,7 @@ describe('cron', () => {
      expect(hpDifferenceOfPartiallyIncompleteDaily).to.be.lessThan(hpDifferenceOfFullyIncompleteDaily);
    });

-    it('should decrement quest progress down for missing a daily', () => {
+    it('should decrement quest.progress.down for missing a daily', () => {
      daysMissed = 1;
      tasksByType.dailys[0].startDate = moment(new Date()).subtract({days: 1});

@@ -939,6 +906,16 @@ describe('cron', () => {
      expect(progress.down).to.equal(-1);
    });

+    it('should not decrement quest.progress.down for missing a daily when user is sleeping', () => {
+      user.preferences.sleep = true;
+      daysMissed = 1;
+      tasksByType.dailys[0].startDate = moment(new Date()).subtract({days: 1});
+
+      let progress = cron({user, tasksByType, daysMissed, analytics});
+
+      expect(progress.down).to.equal(0);
+    });
+
    it('should do damage for only yesterday\'s dailies', () => {
      daysMissed = 3;
      tasksByType.dailys[0].startDate = moment(new Date()).subtract({days: 1});
@@ -1017,7 +994,7 @@ describe('cron', () => {
        expect(tasksByType.habits[0].counterDown).to.equal(0);
      });

-      it('should reset habit counters even if user is resting in the Inn', () => {
+      it('should reset habit counters even if user is sleeping', () => {
        user.preferences.sleep = true;
        tasksByType.habits[0].counterUp = 1;
        tasksByType.habits[0].counterDown = 1;
@@ -1278,7 +1255,23 @@ describe('cron', () => {
      expect(user.achievements.perfect).to.equal(0);
    });

-    it('increments user buffs if all (at least 1) due dailies were completed', () => {
+    it('gives perfect day buff if all (at least 1) due dailies were completed', () => {
+      daysMissed = 1;
+      tasksByType.dailys[0].completed = true;
+      tasksByType.dailys[0].startDate = moment(new Date()).subtract({days: 1});
+
+      let previousBuffs = user.stats.buffs.toObject();
+
+      cron({user, tasksByType, daysMissed, analytics});
+
+      expect(user.stats.buffs.str).to.be.greaterThan(previousBuffs.str);
+      expect(user.stats.buffs.int).to.be.greaterThan(previousBuffs.int);
+      expect(user.stats.buffs.per).to.be.greaterThan(previousBuffs.per);
+      expect(user.stats.buffs.con).to.be.greaterThan(previousBuffs.con);
+    });
+
+    it('gives perfect day buff if all (at least 1) due dailies were completed when user is sleeping', () => {
+      user.preferences.sleep = true;
      daysMissed = 1;
      tasksByType.dailys[0].completed = true;
      tasksByType.dailys[0].startDate = moment(new Date()).subtract({days: 1});
@@ -1317,6 +1310,31 @@ describe('cron', () => {
      expect(user.stats.buffs.streaks).to.be.false;
    });

+    it('clears buffs if user does not have a perfect day (no due dailys) when user is sleeping', () => {
+      user.preferences.sleep = true;
+      daysMissed = 1;
+      tasksByType.dailys[0].completed = true;
+      tasksByType.dailys[0].startDate = moment(new Date()).add({days: 1});
+
+      user.stats.buffs = {
+        str: 1,
+        int: 1,
+        per: 1,
+        con: 1,
+        stealth: 0,
+        streaks: true,
+      };
+
+      cron({user, tasksByType, daysMissed, analytics});
+
+      expect(user.stats.buffs.str).to.equal(0);
+      expect(user.stats.buffs.int).to.equal(0);
+      expect(user.stats.buffs.per).to.equal(0);
+      expect(user.stats.buffs.con).to.equal(0);
+      expect(user.stats.buffs.stealth).to.equal(0);
+      expect(user.stats.buffs.streaks).to.be.false;
+    });
+
    it('clears buffs if user does not have a perfect day (at least one due daily not completed)', () => {
      daysMissed = 1;
      tasksByType.dailys[0].completed = false;
@@ -1341,7 +1359,50 @@ describe('cron', () => {
      expect(user.stats.buffs.streaks).to.be.false;
    });

-    it('still grants a perfect day when CRON_SAFE_MODE is set', () => {
+    it('clears buffs if user does not have a perfect day (at least one due daily not completed) when user is sleeping', () => {
+      user.preferences.sleep = true;
+      daysMissed = 1;
+      tasksByType.dailys[0].completed = false;
+      tasksByType.dailys[0].startDate = moment(new Date()).subtract({days: 1});
+
+      user.stats.buffs = {
+        str: 1,
+        int: 1,
+        per: 1,
+        con: 1,
+        stealth: 0,
+        streaks: true,
+      };
+
+      cron({user, tasksByType, daysMissed, analytics});
+
+      expect(user.stats.buffs.str).to.equal(0);
+      expect(user.stats.buffs.int).to.equal(0);
+      expect(user.stats.buffs.per).to.equal(0);
+      expect(user.stats.buffs.con).to.equal(0);
+      expect(user.stats.buffs.stealth).to.equal(0);
+      expect(user.stats.buffs.streaks).to.be.false;
+    });
+
+    it('always grants a perfect day buff when CRON_SAFE_MODE is set', () => {
+      sandbox.stub(nconf, 'get').withArgs('CRON_SAFE_MODE').returns('true');
+      let cronOverride = requireAgain(pathToCronLib).cron;
+      daysMissed = 1;
+      tasksByType.dailys[0].completed = false;
+      tasksByType.dailys[0].startDate = moment(new Date()).subtract({days: 1});
+
+      let previousBuffs = user.stats.buffs.toObject();
+
+      cronOverride({user, tasksByType, daysMissed, analytics});
+
+      expect(user.stats.buffs.str).to.be.greaterThan(previousBuffs.str);
+      expect(user.stats.buffs.int).to.be.greaterThan(previousBuffs.int);
+      expect(user.stats.buffs.per).to.be.greaterThan(previousBuffs.per);
+      expect(user.stats.buffs.con).to.be.greaterThan(previousBuffs.con);
+    });
+
+    it('always grants a perfect day buff when CRON_SAFE_MODE is set when user is sleeping', () => {
+      user.preferences.sleep = true;
      sandbox.stub(nconf, 'get').withArgs('CRON_SAFE_MODE').returns('true');
      let cronOverride = requireAgain(pathToCronLib).cron;
      daysMissed = 1;
@@ -1373,6 +1434,20 @@ describe('cron', () => {
      common.statsComputed.restore();
    });

+    it('should not add mp to user when user is sleeping', () => {
+      const statsComputedRes = common.statsComputed(user);
+      const stubbedStatsComputed = sinon.stub(common, 'statsComputed');
+
+      user.preferences.sleep = true;
+      let mpBefore = user.stats.mp;
+      tasksByType.dailys[0].completed = true;
+      stubbedStatsComputed.returns(Object.assign(statsComputedRes, {maxMP: 100}));
+      cron({user, tasksByType, daysMissed, analytics});
+      expect(user.stats.mp).to.equal(mpBefore);
+
+      common.statsComputed.restore();
+    });
+
    it('set user\'s mp to statsComputed.maxMP when user.stats.mp is greater', () => {
      const statsComputedRes = common.statsComputed(user);
      const stubbedStatsComputed = sinon.stub(common, 'statsComputed');
@@ -1514,27 +1589,6 @@ describe('cron', () => {
        flagCount: 0,
      };
    });
-
-    xit('does not clear pms under 200', () => {
-      cron({user, tasksByType, daysMissed, analytics});
-      expect(user.inbox.messages[lastMessageId]).to.exist;
-    });
-
-    xit('clears pms over 200', () => {
-      let messageId = common.uuid();
-      user.inbox.messages[messageId] = {
-        id: messageId,
-        text: `test ${messageId}`,
-        timestamp: Number(new Date()),
-        likes: {},
-        flags: {},
-        flagCount: 0,
-      };
-
-      cron({user, tasksByType, daysMissed, analytics});
-
-      expect(user.inbox.messages[messageId]).to.not.exist;
-    });
  });

  describe('login incentives', () => {
@@ -1568,7 +1622,7 @@ describe('cron', () => {
      expect(user.loginIncentives).to.eql(1);
    });

-    it('increments loginIncentives by 1 even if user has Dailies paused', () => {
+    it('increments loginIncentives by 1 even if user is sleeping', () => {
      user.preferences.sleep = true;
      cron({user, tasksByType, daysMissed, analytics});
      expect(user.loginIncentives).to.eql(1);
--- a/test/api/unit/libs/password.test.js
+++ b/test/api/unit/libs/password.test.js
@@ -107,6 +107,25 @@ describe('Password Utilities', () => {
      }
    });

+    it('defaults to SHA1 encryption if salt is provided', async () => {
+      let textPassword = 'mySecretPassword';
+      let salt = sha1MakeSalt();
+      let hashedPassword = sha1EncryptPassword(textPassword, salt);
+
+      let user = {
+        auth: {
+          local: {
+            hashed_password: hashedPassword,
+            salt,
+            passwordHashMethod: '',
+          },
+        },
+      };
+
+      let isValidPassword = await compare(user, textPassword);
+      expect(isValidPassword).to.eql(true);
+    });
+
    it('throws an error if an invalid hashing method is used', async () => {
      try {
        await compare({
@@ -226,7 +245,9 @@ describe('Password Utilities', () => {

    it('returns false if the user has no local auth', async () => {
      let user = await generateUser({
-        auth: 'not an object with valid fields',
+        auth: {
+          facebook: {},
+        },
      });
      let res = await validatePasswordResetCodeAndFindUser(encrypt(JSON.stringify({
        userId: user._id,
--- a/test/api/unit/libs/payments/amazon/cancel.test.js
+++ b/test/api/unit/libs/payments/amazon/cancel.test.js
@@ -48,7 +48,6 @@ describe('Amazon Payments - Cancel Subscription', () => {

  function expectBillingAggreementDetailSpy () {
    getBillingAgreementDetailsSpy = sinon.stub(amzLib, 'getBillingAgreementDetails')
-      .returnsPromise()
      .resolves({
        BillingAgreementDetails: {
          BillingAgreementStatus: {State: 'Open'},
@@ -80,14 +79,14 @@ describe('Amazon Payments - Cancel Subscription', () => {
    headers = {};

    getBillingAgreementDetailsSpy = sinon.stub(amzLib, 'getBillingAgreementDetails');
-    getBillingAgreementDetailsSpy.returnsPromise().resolves({
+    getBillingAgreementDetailsSpy.resolves({
      BillingAgreementDetails: {
        BillingAgreementStatus: {State: 'Closed'},
      },
    });

    paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription');
-    paymentCancelSubscriptionSpy.returnsPromise().resolves({});
+    paymentCancelSubscriptionSpy.resolves({});
  });

  afterEach(function () {
@@ -118,7 +117,7 @@ describe('Amazon Payments - Cancel Subscription', () => {
  it('should close a user subscription if amazon not closed', async () => {
    amzLib.getBillingAgreementDetails.restore();
    expectBillingAggreementDetailSpy();
-    let closeBillingAgreementSpy = sinon.stub(amzLib, 'closeBillingAgreement').returnsPromise().resolves({});
+    let closeBillingAgreementSpy = sinon.stub(amzLib, 'closeBillingAgreement').resolves({});
    billingAgreementId = user.purchased.plan.customerId;

    await amzLib.cancelSubscription({user, headers});
@@ -164,7 +163,7 @@ describe('Amazon Payments - Cancel Subscription', () => {
  it('should close a group subscription if amazon not closed', async () => {
    amzLib.getBillingAgreementDetails.restore();
    expectBillingAggreementDetailSpy();
-    let closeBillingAgreementSpy = sinon.stub(amzLib, 'closeBillingAgreement').returnsPromise().resolves({});
+    let closeBillingAgreementSpy = sinon.stub(amzLib, 'closeBillingAgreement').resolves({});
    billingAgreementId = group.purchased.plan.customerId;

    await amzLib.cancelSubscription({user, groupId: group._id, headers});
--- a/test/api/unit/libs/payments/amazon/checkout.test.js
+++ b/test/api/unit/libs/payments/amazon/checkout.test.js
@@ -68,22 +68,22 @@ describe('Amazon Payments - Checkout', () => {
    orderReferenceId = 'orderReferenceId';

    setOrderReferenceDetailsSpy = sinon.stub(amzLib, 'setOrderReferenceDetails');
-    setOrderReferenceDetailsSpy.returnsPromise().resolves({});
+    setOrderReferenceDetailsSpy.resolves({});

    confirmOrderReferenceSpy = sinon.stub(amzLib, 'confirmOrderReference');
-    confirmOrderReferenceSpy.returnsPromise().resolves({});
+    confirmOrderReferenceSpy.resolves({});

    authorizeSpy = sinon.stub(amzLib, 'authorize');
-    authorizeSpy.returnsPromise().resolves({});
+    authorizeSpy.resolves({});

    closeOrderReferenceSpy = sinon.stub(amzLib, 'closeOrderReference');
-    closeOrderReferenceSpy.returnsPromise().resolves({});
+    closeOrderReferenceSpy.resolves({});

    paymentBuyGemsStub = sinon.stub(payments, 'buyGems');
-    paymentBuyGemsStub.returnsPromise().resolves({});
+    paymentBuyGemsStub.resolves({});

    paymentCreateSubscritionStub = sinon.stub(payments, 'createSubscription');
-    paymentCreateSubscritionStub.returnsPromise().resolves({});
+    paymentCreateSubscritionStub.resolves({});

    sinon.stub(common, 'uuid').returns('uuid-generated');
  });
@@ -111,7 +111,7 @@ describe('Amazon Payments - Checkout', () => {
  }

  it('should purchase gems', async () => {
-    sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
+    sinon.stub(user, 'canGetGems').resolves(true);
    await amzLib.checkout({user, orderReferenceId, headers});

    expectBuyGemsStub(amzLib.constants.PAYMENT_METHOD);
@@ -140,7 +140,7 @@ describe('Amazon Payments - Checkout', () => {
  });

  it('should error if user cannot get gems gems', async () => {
-    sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+    sinon.stub(user, 'canGetGems').resolves(false);
    await expect(amzLib.checkout({user, orderReferenceId, headers})).to.eventually.be.rejected.and.to.eql({
      httpCode: 401,
      message: i18n.t('groupPolicyCannotGetGems'),
--- a/test/api/unit/libs/payments/amazon/subscribe.test.js
+++ b/test/api/unit/libs/payments/amazon/subscribe.test.js
@@ -46,16 +46,16 @@ describe('Amazon Payments - Subscribe', () => {
    headers = {};

    amazonSetBillingAgreementDetailsSpy = sinon.stub(amzLib, 'setBillingAgreementDetails');
-    amazonSetBillingAgreementDetailsSpy.returnsPromise().resolves({});
+    amazonSetBillingAgreementDetailsSpy.resolves({});

    amazonConfirmBillingAgreementSpy = sinon.stub(amzLib, 'confirmBillingAgreement');
-    amazonConfirmBillingAgreementSpy.returnsPromise().resolves({});
+    amazonConfirmBillingAgreementSpy.resolves({});

    amazonAuthorizeOnBillingAgreementSpy = sinon.stub(amzLib, 'authorizeOnBillingAgreement');
-    amazonAuthorizeOnBillingAgreementSpy.returnsPromise().resolves({});
+    amazonAuthorizeOnBillingAgreementSpy.resolves({});

    createSubSpy = sinon.stub(payments, 'createSubscription');
-    createSubSpy.returnsPromise().resolves({});
+    createSubSpy.resolves({});

    sinon.stub(common, 'uuid').returns('uuid-generated');
  });
--- a/test/api/unit/libs/payments/amazon/upgrade-groupplan.test.js
+++ b/test/api/unit/libs/payments/amazon/upgrade-groupplan.test.js
@@ -37,7 +37,7 @@ describe('#upgradeGroupPlan', () => {
    await group.save();

    spy = sinon.stub(amzLib, 'authorizeOnBillingAgreement');
-    spy.returnsPromise().resolves([]);
+    spy.resolves([]);

    uuidString = 'uuid-v4';
    sinon.stub(uuid, 'v4').returns(uuidString);
--- a/test/api/unit/libs/payments/apple.test.js
+++ b/test/api/unit/libs/payments/apple.test.js
@@ -6,6 +6,7 @@ import iap from '../../../../../website/server/libs/inAppPurchases';
 import {model as User} from '../../../../../website/server/models/user';
 import common from '../../../../../website/common';
 import moment from 'moment';
+import {mockFindById, restoreFindById} from '../../../../helpers/mongoose.helper';

 const i18n = common.i18n;

@@ -24,16 +25,16 @@ describe('Apple Payments', ()  => {
      headers = {};

      iapSetupStub = sinon.stub(iapModule, 'setup')
-        .returnsPromise().resolves();
+        .resolves();
      iapValidateStub = sinon.stub(iapModule, 'validate')
-        .returnsPromise().resolves({});
+        .resolves({});
      iapIsValidatedStub = sinon.stub(iapModule, 'isValidated')
        .returns(true);
      iapGetPurchaseDataStub = sinon.stub(iapModule, 'getPurchaseData')
        .returns([{productId: 'com.habitrpg.ios.Habitica.21gems',
                   transactionId: token,
        }]);
-      paymentBuyGemsStub = sinon.stub(payments, 'buyGems').returnsPromise().resolves({});
+      paymentBuyGemsStub = sinon.stub(payments, 'buyGems').resolves({});
    });

    afterEach(() => {
@@ -49,7 +50,7 @@ describe('Apple Payments', ()  => {
      iapIsValidatedStub = sinon.stub(iapModule, 'isValidated')
        .returns(false);

-      await expect(applePayments.verifyGemPurchase(user, receipt, headers))
+      await expect(applePayments.verifyGemPurchase({user, receipt, headers}))
        .to.eventually.be.rejected.and.to.eql({
          httpCode: 401,
          name: 'NotAuthorized',
@@ -61,7 +62,7 @@ describe('Apple Payments', ()  => {
      iapGetPurchaseDataStub.restore();
      iapGetPurchaseDataStub = sinon.stub(iapModule, 'getPurchaseData').returns([]);

-      await expect(applePayments.verifyGemPurchase(user, receipt, headers))
+      await expect(applePayments.verifyGemPurchase({user, receipt, headers}))
        .to.eventually.be.rejected.and.to.eql({
          httpCode: 401,
          name: 'NotAuthorized',
@@ -70,8 +71,8 @@ describe('Apple Payments', ()  => {
    });

    it('errors if the user cannot purchase gems', async () => {
-      sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
-      await expect(applePayments.verifyGemPurchase(user, receipt, headers))
+      sinon.stub(user, 'canGetGems').resolves(false);
+      await expect(applePayments.verifyGemPurchase({user, receipt, headers}))
        .to.eventually.be.rejected.and.to.eql({
          httpCode: 401,
          name: 'NotAuthorized',
@@ -82,14 +83,14 @@ describe('Apple Payments', ()  => {
    });

    it('errors if amount does not exist', async () => {
-      sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
+      sinon.stub(user, 'canGetGems').resolves(true);
      iapGetPurchaseDataStub.restore();
      iapGetPurchaseDataStub = sinon.stub(iapModule, 'getPurchaseData')
        .returns([{productId: 'badProduct',
                   transactionId: token,
        }]);

-      await expect(applePayments.verifyGemPurchase(user, receipt, headers))
+      await expect(applePayments.verifyGemPurchase({user, receipt, headers}))
        .to.eventually.be.rejected.and.to.eql({
          httpCode: 401,
          name: 'NotAuthorized',
@@ -130,8 +131,8 @@ describe('Apple Payments', ()  => {
                     transactionId: token,
          }]);

-        sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
-        await applePayments.verifyGemPurchase(user, receipt, headers);
+        sinon.stub(user, 'canGetGems').resolves(true);
+        await applePayments.verifyGemPurchase({user, receipt, headers});

        expect(iapSetupStub).to.be.calledOnce;
        expect(iapValidateStub).to.be.calledOnce;
@@ -151,6 +152,38 @@ describe('Apple Payments', ()  => {
        user.canGetGems.restore();
      });
    });
+
+    it('gifts gems', async () => {
+      const receivingUser = new User();
+      await receivingUser.save();
+
+      mockFindById(receivingUser);
+
+      iapGetPurchaseDataStub.restore();
+      iapGetPurchaseDataStub = sinon.stub(iapModule, 'getPurchaseData')
+        .returns([{productId: gemsCanPurchase[0].productId,
+                   transactionId: token,
+        }]);
+
+      const gift = {uuid: receivingUser._id};
+      await applePayments.verifyGemPurchase({user, gift, receipt, headers});
+
+      expect(iapSetupStub).to.be.calledOnce;
+      expect(iapValidateStub).to.be.calledOnce;
+      expect(iapValidateStub).to.be.calledWith(iap.APPLE, receipt);
+      expect(iapIsValidatedStub).to.be.calledOnce;
+      expect(iapIsValidatedStub).to.be.calledWith({});
+      expect(iapGetPurchaseDataStub).to.be.calledOnce;
+
+      expect(paymentBuyGemsStub).to.be.calledOnce;
+      expect(paymentBuyGemsStub).to.be.calledWith({
+        user: receivingUser,
+        paymentMethod: applePayments.constants.PAYMENT_METHOD_APPLE,
+        amount: gemsCanPurchase[0].amount,
+        headers,
+      });
+      restoreFindById();
+    });
  });

  describe('subscribe', () => {
@@ -167,9 +200,9 @@ describe('Apple Payments', ()  => {
      nextPaymentProcessing = moment.utc().add({days: 2});

      iapSetupStub = sinon.stub(iapModule, 'setup')
-        .returnsPromise().resolves();
+        .resolves();
      iapValidateStub = sinon.stub(iapModule, 'validate')
-        .returnsPromise().resolves({});
+        .resolves({});
      iapIsValidatedStub = sinon.stub(iapModule, 'isValidated')
        .returns(true);
      iapGetPurchaseDataStub = sinon.stub(iapModule, 'getPurchaseData')
@@ -186,7 +219,7 @@ describe('Apple Payments', ()  => {
          productId: sku,
          transactionId: token,
        }]);
-      paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').returnsPromise().resolves({});
+      paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').resolves({});
    });

    afterEach(() => {
@@ -297,9 +330,9 @@ describe('Apple Payments', ()  => {
      expirationDate = moment.utc();

      iapSetupStub = sinon.stub(iapModule, 'setup')
-        .returnsPromise().resolves();
+        .resolves();
      iapValidateStub = sinon.stub(iapModule, 'validate')
-        .returnsPromise().resolves({
+        .resolves({
          expirationDate,
        });
      iapGetPurchaseDataStub = sinon.stub(iapModule, 'getPurchaseData')
@@ -314,7 +347,7 @@ describe('Apple Payments', ()  => {
      user.purchased.plan.planId = subKey;
      user.purchased.plan.additionalData = receipt;

-      paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+      paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').resolves({});
    });

    afterEach(function () {
--- a/test/api/unit/libs/payments/google.test.js
+++ b/test/api/unit/libs/payments/google.test.js
@@ -6,6 +6,7 @@ import iap from '../../../../../website/server/libs/inAppPurchases';
 import {model as User} from '../../../../../website/server/models/user';
 import common from '../../../../../website/common';
 import moment from 'moment';
+import {mockFindById, restoreFindById} from '../../../../helpers/mongoose.helper';

 const i18n = common.i18n;

@@ -24,12 +25,12 @@ describe('Google Payments', ()  => {
      headers = {};

      iapSetupStub = sinon.stub(iapModule, 'setup')
-        .returnsPromise().resolves();
+        .resolves();
      iapValidateStub = sinon.stub(iapModule, 'validate')
-        .returnsPromise().resolves({});
+        .resolves({});
      iapIsValidatedStub = sinon.stub(iapModule, 'isValidated')
        .returns(true);
-      paymentBuyGemsStub = sinon.stub(payments, 'buyGems').returnsPromise().resolves({});
+      paymentBuyGemsStub = sinon.stub(payments, 'buyGems').resolves({});
    });

    afterEach(() => {
@@ -44,7 +45,7 @@ describe('Google Payments', ()  => {
      iapIsValidatedStub = sinon.stub(iapModule, 'isValidated')
        .returns(false);

-      await expect(googlePayments.verifyGemPurchase(user, receipt, signature, headers))
+      await expect(googlePayments.verifyGemPurchase({user, receipt, signature, headers}))
        .to.eventually.be.rejected.and.to.eql({
          httpCode: 401,
          name: 'NotAuthorized',
@@ -55,7 +56,7 @@ describe('Google Payments', ()  => {
    it('should throw an error if productId is invalid', async () => {
      receipt = `{"token": "${token}", "productId": "invalid"}`;

-      await expect(googlePayments.verifyGemPurchase(user, receipt, signature, headers))
+      await expect(googlePayments.verifyGemPurchase({user, receipt, signature, headers}))
        .to.eventually.be.rejected.and.to.eql({
          httpCode: 401,
          name: 'NotAuthorized',
@@ -64,9 +65,9 @@ describe('Google Payments', ()  => {
    });

    it('should throw an error if user cannot purchase gems', async () => {
-      sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+      sinon.stub(user, 'canGetGems').resolves(false);

-      await expect(googlePayments.verifyGemPurchase(user, receipt, signature, headers))
+      await expect(googlePayments.verifyGemPurchase({user, receipt, signature, headers}))
        .to.eventually.be.rejected.and.to.eql({
          httpCode: 401,
          name: 'NotAuthorized',
@@ -77,8 +78,8 @@ describe('Google Payments', ()  => {
    });

    it('purchases gems', async () => {
-      sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
-      await googlePayments.verifyGemPurchase(user, receipt, signature, headers);
+      sinon.stub(user, 'canGetGems').resolves(true);
+      await googlePayments.verifyGemPurchase({user, receipt, signature, headers});

      expect(iapSetupStub).to.be.calledOnce;
      expect(iapValidateStub).to.be.calledOnce;
@@ -99,6 +100,34 @@ describe('Google Payments', ()  => {
      expect(user.canGetGems).to.be.calledOnce;
      user.canGetGems.restore();
    });
+
+    it('gifts gems', async () => {
+      const receivingUser = new User();
+      await receivingUser.save();
+
+      mockFindById(receivingUser);
+
+      const gift = {uuid: receivingUser._id};
+      await googlePayments.verifyGemPurchase({user, gift, receipt, signature, headers});
+
+      expect(iapSetupStub).to.be.calledOnce;
+      expect(iapValidateStub).to.be.calledOnce;
+      expect(iapValidateStub).to.be.calledWith(iap.GOOGLE, {
+        data: receipt,
+        signature,
+      });
+      expect(iapIsValidatedStub).to.be.calledOnce;
+      expect(iapIsValidatedStub).to.be.calledWith({});
+
+      expect(paymentBuyGemsStub).to.be.calledOnce;
+      expect(paymentBuyGemsStub).to.be.calledWith({
+        user: receivingUser,
+        paymentMethod: googlePayments.constants.PAYMENT_METHOD_GOOGLE,
+        amount: 5.25,
+        headers,
+      });
+      restoreFindById();
+    });
  });

  describe('subscribe', () => {
@@ -116,12 +145,12 @@ describe('Google Payments', ()  => {
      nextPaymentProcessing = moment.utc().add({days: 2});

      iapSetupStub = sinon.stub(iapModule, 'setup')
-        .returnsPromise().resolves();
+        .resolves();
      iapValidateStub = sinon.stub(iapModule, 'validate')
-        .returnsPromise().resolves({});
+        .resolves({});
      iapIsValidatedStub = sinon.stub(iapModule, 'isValidated')
        .returns(true);
-      paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').returnsPromise().resolves({});
+      paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').resolves({});
    });

    afterEach(() => {
@@ -193,9 +222,9 @@ describe('Google Payments', ()  => {
      expirationDate = moment.utc();

      iapSetupStub = sinon.stub(iapModule, 'setup')
-        .returnsPromise().resolves();
+        .resolves();
      iapValidateStub = sinon.stub(iapModule, 'validate')
-        .returnsPromise().resolves({
+        .resolves({
          expirationDate,
        });
      iapGetPurchaseDataStub = sinon.stub(iapModule, 'getPurchaseData')
@@ -210,7 +239,7 @@ describe('Google Payments', ()  => {
      user.purchased.plan.planId = subKey;
      user.purchased.plan.additionalData = {data: receipt, signature};

-      paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+      paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').resolves({});
    });

    afterEach(function () {
--- a/test/api/unit/libs/payments/group-plans/group-payments-create.test.js
+++ b/test/api/unit/libs/payments/group-plans/group-payments-create.test.js
@@ -69,11 +69,11 @@ describe('Purchasing a group plan for group', () => {
    };

    let subscriptionId = 'subId';
-    sinon.stub(stripe.customers, 'del').returnsPromise().resolves({});
+    sinon.stub(stripe.customers, 'del').resolves({});

    let currentPeriodEndTimeStamp = moment().add(3, 'months').unix();
    sinon.stub(stripe.customers, 'retrieve')
-      .returnsPromise().resolves({
+      .resolves({
        subscriptions: {
          data: [{id: subscriptionId, current_period_end: currentPeriodEndTimeStamp}], // eslint-disable-line camelcase
        },
@@ -216,7 +216,6 @@ describe('Purchasing a group plan for group', () => {

  it('sends one email to subscribed member of group, stating subscription is cancelled (Amazon)', async () => {
    sinon.stub(amzLib, 'getBillingAgreementDetails')
-      .returnsPromise()
      .resolves({
        BillingAgreementDetails: {
          BillingAgreementStatus: {State: 'Closed'},
@@ -251,9 +250,9 @@ describe('Purchasing a group plan for group', () => {
  });

  it('sends one email to subscribed member of group, stating subscription is cancelled (PayPal)', async () => {
-    sinon.stub(paypalPayments, 'paypalBillingAgreementCancel').returnsPromise().resolves({});
+    sinon.stub(paypalPayments, 'paypalBillingAgreementCancel').resolves({});
    sinon.stub(paypalPayments, 'paypalBillingAgreementGet')
-      .returnsPromise().resolves({
+      .resolves({
        agreement_details: { // eslint-disable-line camelcase
          next_billing_date: moment().add(3, 'months').toDate(), // eslint-disable-line camelcase
          cycles_completed: 1, // eslint-disable-line camelcase
@@ -449,7 +448,6 @@ describe('Purchasing a group plan for group', () => {

  it('adds months to members with existing recurring subscription (Amazon)', async () => {
    sinon.stub(amzLib, 'getBillingAgreementDetails')
-      .returnsPromise()
      .resolves({
        BillingAgreementDetails: {
          BillingAgreementStatus: {State: 'Closed'},
@@ -478,9 +476,9 @@ describe('Purchasing a group plan for group', () => {
  });

  it('adds months to members with existing recurring subscription (Paypal)', async () => {
-    sinon.stub(paypalPayments, 'paypalBillingAgreementCancel').returnsPromise().resolves({});
+    sinon.stub(paypalPayments, 'paypalBillingAgreementCancel').resolves({});
    sinon.stub(paypalPayments, 'paypalBillingAgreementGet')
-      .returnsPromise().resolves({
+      .resolves({
        agreement_details: { // eslint-disable-line camelcase
          next_billing_date: moment().add(3, 'months').toDate(), // eslint-disable-line camelcase
          cycles_completed: 1, // eslint-disable-line camelcase
--- a/test/api/unit/libs/payments/payments.test.js
+++ b/test/api/unit/libs/payments/payments.test.js
@@ -446,6 +446,19 @@ describe('payments/index', () => {
        fakeClock.restore();
      });

+      it('does not add a notification for mystery items if none was awarded', async () => {
+        const noMysteryItemTimeframe = 1462183920000; // May 2nd 2016
+        let fakeClock = sinon.useFakeTimers(noMysteryItemTimeframe);
+        data = { paymentMethod: 'PaymentMethod', user, sub: { key: 'basic_3mo' } };
+
+        await api.createSubscription(data);
+
+        expect(user.purchased.plan.mysteryItems).to.have.a.lengthOf(0);
+        expect(user.notifications.find(n => n.type === 'NEW_MYSTERY_ITEMS')).to.be.undefined;
+
+        fakeClock.restore();
+      });
+
      it('does not award mystery item when user already owns the item', async () => {
        let mayMysteryItemTimeframe = 1464725113000; // May 31st 2016
        let fakeClock = sinon.useFakeTimers(mayMysteryItemTimeframe);
--- a/test/api/unit/libs/payments/paypal/checkout-success.test.js
+++ b/test/api/unit/libs/payments/paypal/checkout-success.test.js
@@ -13,9 +13,9 @@ describe('checkout success', () => {
    customerId = 'customerId-test';
    paymentId = 'paymentId-test';

-    paypalPaymentExecuteStub = sinon.stub(paypalPayments, 'paypalPaymentExecute').returnsPromise().resolves({});
-    paymentBuyGemsStub = sinon.stub(payments, 'buyGems').returnsPromise().resolves({});
-    paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').returnsPromise().resolves({});
+    paypalPaymentExecuteStub = sinon.stub(paypalPayments, 'paypalPaymentExecute').resolves({});
+    paymentBuyGemsStub = sinon.stub(payments, 'buyGems').resolves({});
+    paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').resolves({});
  });

  afterEach(() => {
--- a/test/api/unit/libs/payments/paypal/checkout.test.js
+++ b/test/api/unit/libs/payments/paypal/checkout.test.js
@@ -15,6 +15,7 @@ describe('checkout', () => {

  function getPaypalCreateOptions (description, amount) {
    return {
+      experience_profile_id: 'xp_profile_id',
      intent: 'sale',
      payer: { payment_method: 'Paypal' },
      redirect_urls: {
@@ -42,7 +43,7 @@ describe('checkout', () => {
  beforeEach(() => {
    approvalHerf = 'approval_href';
    paypalPaymentCreateStub = sinon.stub(paypalPayments, 'paypalPaymentCreate')
-      .returnsPromise().resolves({
+      .resolves({
        links: [{ rel: 'approval_url', href: approvalHerf }],
      });
  });
@@ -80,7 +81,7 @@ describe('checkout', () => {

  it('should error if the user cannot get gems', async () => {
    let user = new User();
-    sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+    sinon.stub(user, 'canGetGems').resolves(false);

    await expect(paypalPayments.checkout({user})).to.eventually.be.rejected.and.to.eql({
      httpCode: 401,
--- a/test/api/unit/libs/payments/paypal/ipn.test.js
+++ b/test/api/unit/libs/payments/paypal/ipn.test.js
@@ -34,8 +34,8 @@ describe('ipn', () => {
    group.purchased.plan.lastBillingDate = new Date();
    await group.save();

-    ipnVerifyAsyncStub = sinon.stub(paypalPayments, 'ipnVerifyAsync').returnsPromise().resolves({});
-    paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+    ipnVerifyAsyncStub = sinon.stub(paypalPayments, 'ipnVerifyAsync').resolves({});
+    paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').resolves({});
  });

  afterEach(function () {
--- a/test/api/unit/libs/payments/paypal/subscribe-cancel.test.js
+++ b/test/api/unit/libs/payments/paypal/subscribe-cancel.test.js
@@ -38,15 +38,15 @@ describe('subscribeCancel', () => {

    nextBillingDate = new Date();

-    paypalBillingAgreementCancelStub = sinon.stub(paypalPayments, 'paypalBillingAgreementCancel').returnsPromise().resolves({});
+    paypalBillingAgreementCancelStub = sinon.stub(paypalPayments, 'paypalBillingAgreementCancel').resolves({});
    paypalBillingAgreementGetStub = sinon.stub(paypalPayments, 'paypalBillingAgreementGet')
-      .returnsPromise().resolves({
+      .resolves({
        agreement_details: {
          next_billing_date: nextBillingDate,
          cycles_completed: 1,
        },
      });
-    paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+    paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').resolves({});
  });

  afterEach(function () {
--- a/test/api/unit/libs/payments/paypal/subscribe-success.test.js
+++ b/test/api/unit/libs/payments/paypal/subscribe-success.test.js
@@ -28,10 +28,10 @@ describe('subscribeSuccess', () => {
    customerId = 'test-customerId';

    paypalBillingAgreementExecuteStub = sinon.stub(paypalPayments, 'paypalBillingAgreementExecute')
-      .returnsPromise({}).resolves({
+      .resolves({
        id: customerId,
      });
-    paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').returnsPromise().resolves({});
+    paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').resolves({});
  });

  afterEach(() => {
--- a/test/api/unit/libs/payments/paypal/subscribe.test.js
+++ b/test/api/unit/libs/payments/paypal/subscribe.test.js
@@ -18,7 +18,7 @@ describe('subscribe', () => {
    sub = Object.assign({}, common.content.subscriptionBlocks[subKey]);

    paypalBillingAgreementCreateStub = sinon.stub(paypalPayments, 'paypalBillingAgreementCreate')
-      .returnsPromise().resolves({
+      .resolves({
        links: [{ rel: 'approval_url', href: approvalHerf }],
      });
  });
--- a/test/api/unit/libs/payments/stripe/cancel-subscription.test.js
+++ b/test/api/unit/libs/payments/stripe/cancel-subscription.test.js
@@ -82,12 +82,12 @@ describe('cancel subscription', () => {

    beforeEach(() => {
      subscriptionId = 'subId';
-      stripeDeleteCustomerStub = sinon.stub(stripe.customers, 'del').returnsPromise().resolves({});
-      paymentsCancelSubStub = sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+      stripeDeleteCustomerStub = sinon.stub(stripe.customers, 'del').resolves({});
+      paymentsCancelSubStub = sinon.stub(payments, 'cancelSubscription').resolves({});

      currentPeriodEndTimeStamp = (new Date()).getTime();
      stripeRetrieveStub = sinon.stub(stripe.customers, 'retrieve')
-        .returnsPromise().resolves({
+        .resolves({
          subscriptions: {
            data: [{id: subscriptionId, current_period_end: currentPeriodEndTimeStamp}], // eslint-disable-line camelcase
          },
--- a/test/api/unit/libs/payments/stripe/checkout-subscription.test.js
+++ b/test/api/unit/libs/payments/stripe/checkout-subscription.test.js
@@ -54,7 +54,7 @@ describe('checkout with subscription', () => {
    token = 'test-token';

    spy = sinon.stub(stripe.subscriptions, 'update');
-    spy.returnsPromise().resolves;
+    spy.resolves;

    stripeCreateCustomerSpy = sinon.stub(stripe.customers, 'create');
    let stripCustomerResponse = {
@@ -63,10 +63,10 @@ describe('checkout with subscription', () => {
        data: [{id: subscriptionId}],
      },
    };
-    stripeCreateCustomerSpy.returnsPromise().resolves(stripCustomerResponse);
+    stripeCreateCustomerSpy.resolves(stripCustomerResponse);

    stripePaymentsCreateSubSpy = sinon.stub(payments, 'createSubscription');
-    stripePaymentsCreateSubSpy.returnsPromise().resolves({});
+    stripePaymentsCreateSubSpy.resolves({});

    data.groupId = group._id;
    data.sub.quantity = 3;
--- a/test/api/unit/libs/payments/stripe/checkout.test.js
+++ b/test/api/unit/libs/payments/stripe/checkout.test.js
@@ -26,9 +26,9 @@ describe('checkout', () => {
    let stripCustomerResponse = {
      id: customerIdResponse,
    };
-    stripeChargeStub = sinon.stub(stripe.charges, 'create').returnsPromise().resolves(stripCustomerResponse);
-    paymentBuyGemsStub = sinon.stub(payments, 'buyGems').returnsPromise().resolves({});
-    paymentCreateSubscritionStub = sinon.stub(payments, 'createSubscription').returnsPromise().resolves({});
+    stripeChargeStub = sinon.stub(stripe.charges, 'create').resolves(stripCustomerResponse);
+    paymentBuyGemsStub = sinon.stub(payments, 'buyGems').resolves({});
+    paymentCreateSubscritionStub = sinon.stub(payments, 'createSubscription').resolves({});
  });

  afterEach(() => {
@@ -82,7 +82,7 @@ describe('checkout', () => {

  it('should error if user cannot get gems', async () => {
    gift = undefined;
-    sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+    sinon.stub(user, 'canGetGems').resolves(false);

    await expect(stripePayments.checkout({
      token,
@@ -101,7 +101,7 @@ describe('checkout', () => {

  it('should purchase gems', async () => {
    gift = undefined;
-    sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
+    sinon.stub(user, 'canGetGems').resolves(true);

    await stripePayments.checkout({
      token,
--- a/test/api/unit/libs/payments/stripe/edit-subscription.test.js
+++ b/test/api/unit/libs/payments/stripe/edit-subscription.test.js
@@ -98,11 +98,11 @@ describe('edit subscription', () => {
    beforeEach(() => {
      subscriptionId = 'subId';
      stripeListSubscriptionStub = sinon.stub(stripe.customers, 'listSubscriptions')
-        .returnsPromise().resolves({
+        .resolves({
          data: [{id: subscriptionId}],
        });

-      stripeUpdateSubscriptionStub = sinon.stub(stripe.customers, 'updateSubscription').returnsPromise().resolves({});
+      stripeUpdateSubscriptionStub = sinon.stub(stripe.customers, 'updateSubscription').resolves({});
    });

    afterEach(() => {
--- a/test/api/unit/libs/payments/stripe/handle-webhook.test.js
+++ b/test/api/unit/libs/payments/stripe/handle-webhook.test.js
@@ -22,7 +22,7 @@ describe('Stripe - Webhooks', () => {
    const eventRetrieved = {type: eventType};

    beforeEach(() => {
-      sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves(eventRetrieved);
+      sinon.stub(stripe.events, 'retrieve').resolves(eventRetrieved);
      sinon.stub(logger, 'error');
    });

@@ -52,8 +52,8 @@ describe('Stripe - Webhooks', () => {
    const eventType = 'customer.subscription.deleted';

    beforeEach(() => {
-      sinon.stub(stripe.customers, 'del').returnsPromise().resolves({});
-      sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+      sinon.stub(stripe.customers, 'del').resolves({});
+      sinon.stub(payments, 'cancelSubscription').resolves({});
    });

    afterEach(() => {
@@ -62,7 +62,7 @@ describe('Stripe - Webhooks', () => {
    });

    it('does not do anything if event.request is null (subscription cancelled manually)', async () => {
-      sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+      sinon.stub(stripe.events, 'retrieve').resolves({
        id: 123,
        type: eventType,
        request: 123,
@@ -79,7 +79,7 @@ describe('Stripe - Webhooks', () => {
    describe('user subscription', () => {
      it('throws an error if the user is not found', async () => {
        const customerId = 456;
-        sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+        sinon.stub(stripe.events, 'retrieve').resolves({
          id: 123,
          type: eventType,
          data: {
@@ -113,7 +113,7 @@ describe('Stripe - Webhooks', () => {
        subscriber.purchased.plan.paymentMethod = 'Stripe';
        await subscriber.save();

-        sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+        sinon.stub(stripe.events, 'retrieve').resolves({
          id: 123,
          type: eventType,
          data: {
@@ -146,7 +146,7 @@ describe('Stripe - Webhooks', () => {
    describe('group plan subscription', () => {
      it('throws an error if the group is not found', async () => {
        const customerId = 456;
-        sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+        sinon.stub(stripe.events, 'retrieve').resolves({
          id: 123,
          type: eventType,
          data: {
@@ -185,7 +185,7 @@ describe('Stripe - Webhooks', () => {
        subscriber.purchased.plan.paymentMethod = 'Stripe';
        await subscriber.save();

-        sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+        sinon.stub(stripe.events, 'retrieve').resolves({
          id: 123,
          type: eventType,
          data: {
@@ -227,7 +227,7 @@ describe('Stripe - Webhooks', () => {
        subscriber.purchased.plan.paymentMethod = 'Stripe';
        await subscriber.save();

-        sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+        sinon.stub(stripe.events, 'retrieve').resolves({
          id: 123,
          type: eventType,
          data: {
--- a/test/api/unit/libs/payments/stripe/upgrade-group-plan.test.js
+++ b/test/api/unit/libs/payments/stripe/upgrade-group-plan.test.js
@@ -38,7 +38,7 @@ describe('Stripe - Upgrade Group Plan', () => {
    await group.save();

    spy = sinon.stub(stripe.subscriptions, 'update');
-    spy.returnsPromise().resolves([]);
+    spy.resolves([]);
    data.groupId = group._id;
    data.sub.quantity = 3;
    stripePayments.setStripeApi(stripe);
--- a/test/api/unit/libs/slack.js
+++ b/test/api/unit/libs/slack.js
@@ -58,7 +58,7 @@ describe('slack', () => {
          title: 'Flag in Some group - (private guild)',
          title_link: undefined,
          text: 'some text',
-          footer: sandbox.match(/<.*?groupId=group-id&chatId=chat-id\|Flag this message>/),
+          footer: sandbox.match(/<.*?groupId=group-id&chatId=chat-id\|Flag this message.>/),
          mrkdwn_in: [
            'text',
          ],
@@ -110,7 +110,7 @@ describe('slack', () => {
    });

    it('noops if no flagging url is provided', () => {
-      sandbox.stub(nconf, 'get').withArgs('SLACK:FLAGGING_URL').returns('');
+      sandbox.stub(nconf, 'get').withArgs('SLACK_FLAGGING_URL').returns('');
      sandbox.stub(logger, 'error');
      let reRequiredSlack = requireAgain('../../../../website/server/libs/slack');

--- a/test/api/unit/libs/taskManager.js
+++ b/test/api/unit/libs/taskManager.js
@@ -178,4 +178,12 @@ describe('taskManager', () => {

    expect(order).to.eql(['task-id-2', 'task-id-1']);
  });
+
+  it('moves tasks to a specified position out of length', async () => {
+    let order = ['task-id-1'];
+
+    moveTask(order, 'task-id-2', 2);
+
+    expect(order).to.eql(['task-id-1', 'task-id-2']);
+  });
 });
--- a/test/api/unit/middlewares/redirects.js
+++ b/test/api/unit/middlewares/redirects.js
@@ -73,6 +73,39 @@ describe('redirects middleware', () => {

      expect(res.redirect).to.have.not.been.called;
    });
+
+    it('does not redirect if passed skip ssl request param is passed with corrrect key', () => {
+      let nconfStub = sandbox.stub(nconf, 'get');
+      nconfStub.withArgs('BASE_URL').returns('https://habitica.com');
+      nconfStub.withArgs('IS_PROD').returns(true);
+      nconfStub.withArgs('SKIP_SSL_CHECK_KEY').returns('test-key');
+
+      req.header = sandbox.stub().withArgs('x-forwarded-proto').returns('http');
+      req.originalUrl = '/static/front';
+      req.query.skipSSLCheck = 'test-key';
+
+      const attachRedirects = requireAgain(pathToRedirectsMiddleware);
+      attachRedirects.forceSSL(req, res, next);
+
+      expect(res.redirect).to.have.not.been.called;
+    });
+
+    it('does redirect if skip ssl request param is passed with incorrrect key', () => {
+      let nconfStub = sandbox.stub(nconf, 'get');
+      nconfStub.withArgs('BASE_URL').returns('https://habitica.com');
+      nconfStub.withArgs('IS_PROD').returns(true);
+      nconfStub.withArgs('SKIP_SSL_CHECK_KEY').returns('test-key');
+
+      req.header = sandbox.stub().withArgs('x-forwarded-proto').returns('http');
+      req.originalUrl = '/static/front?skipSSLCheck=INVALID';
+      req.query.skipSSLCheck = 'INVALID';
+
+      const attachRedirects = requireAgain(pathToRedirectsMiddleware);
+      attachRedirects.forceSSL(req, res, next);
+
+      expect(res.redirect).to.be.calledOnce;
+      expect(res.redirect).to.be.calledWith('https://habitica.com/static/front?skipSSLCheck=INVALID');
+    });
  });

  context('forceHabitica', () => {
--- a/test/api/unit/models/group.test.js
+++ b/test/api/unit/models/group.test.js
@@ -20,7 +20,7 @@ import { TAVERN_ID } from '../../../../website/common/script/';
 import shared from '../../../../website/common';

 describe('Group Model', () => {
-  let party, questLeader, participatingMember, nonParticipatingMember, undecidedMember;
+  let party, questLeader, participatingMember, sleepingParticipatingMember, nonParticipatingMember, undecidedMember;

  beforeEach(async () => {
    sandbox.stub(email, 'sendTxn');
@@ -32,8 +32,19 @@ describe('Group Model', () => {
      privacy: 'private',
    });

+    let _progress = {
+      up: 10,
+      down: 8,
+      collectedItems: 5,
+    };
+
    questLeader = new User({
-      party: { _id: party._id },
+      party: {
+        _id: party._id,
+        quest: {
+          progress: _progress,
+        },
+      },
      profile: { name: 'Quest Leader' },
      items: {
        quests: {
@@ -45,15 +56,40 @@ describe('Group Model', () => {
    party.leader = questLeader._id;

    participatingMember = new User({
-      party: { _id: party._id },
+      party: {
+        _id: party._id,
+        quest: {
+          progress: _progress,
+        },
+      },
      profile: { name: 'Participating Member' },
    });
+    sleepingParticipatingMember = new User({
+      party: {
+        _id: party._id,
+        quest: {
+          progress: _progress,
+        },
+      },
+      profile: { name: 'Sleeping Participating Member' },
+      preferences: { sleep: true },
+    });
    nonParticipatingMember = new User({
-      party: { _id: party._id },
+      party: {
+        _id: party._id,
+        quest: {
+          progress: _progress,
+        },
+      },
      profile: { name: 'Non-Participating Member' },
    });
    undecidedMember = new User({
-      party: { _id: party._id },
+      party: {
+        _id: party._id,
+        quest: {
+          progress: _progress,
+        },
+      },
      profile: { name: 'Undecided Member' },
    });

@@ -61,6 +97,7 @@ describe('Group Model', () => {
      party.save(),
      questLeader.save(),
      participatingMember.save(),
+      sleepingParticipatingMember.save(),
      nonParticipatingMember.save(),
      undecidedMember.save(),
    ]);
@@ -80,6 +117,7 @@ describe('Group Model', () => {
        party.quest.members = {
          [questLeader._id]: true,
          [participatingMember._id]: true,
+          [sleepingParticipatingMember._id]: true,
          [nonParticipatingMember._id]: false,
          [undecidedMember._id]: null,
        };
@@ -175,6 +213,34 @@ describe('Group Model', () => {
          expect(party._processBossQuest).to.not.be.called;
          expect(Group.prototype._processCollectionQuest).to.be.calledOnce;
        });
+
+        it('does not call _processBossQuest when user is resting in the inn', async () => {
+          party.quest.key = 'whale';
+
+          await party.startQuest(questLeader);
+          await party.save();
+
+          await Group.processQuestProgress(sleepingParticipatingMember, progress);
+
+          party = await Group.findOne({_id: party._id});
+
+          expect(party._processBossQuest).to.not.be.called;
+          expect(party._processCollectionQuest).to.not.be.called;
+        });
+
+        it('does not call _processCollectionQuest when user is resting in the inn', async () => {
+          party.quest.key = 'evilsanta2';
+
+          await party.startQuest(questLeader);
+          await party.save();
+
+          await Group.processQuestProgress(sleepingParticipatingMember, progress);
+
+          party = await Group.findOne({_id: party._id});
+
+          expect(party._processBossQuest).to.not.be.called;
+          expect(party._processCollectionQuest).to.not.be.called;
+        });
      });

      context('Boss Quests', () => {
@@ -216,17 +282,20 @@ describe('Group Model', () => {
          let [
            updatedLeader,
            updatedParticipatingMember,
+            updatedSleepingParticipatingMember,
            updatedNonParticipatingMember,
            updatedUndecidedMember,
          ] = await Promise.all([
            User.findById(questLeader._id),
            User.findById(participatingMember._id),
+            User.findById(sleepingParticipatingMember._id),
            User.findById(nonParticipatingMember._id),
            User.findById(undecidedMember._id),
          ]);

          expect(updatedLeader.stats.hp).to.eql(42.5);
          expect(updatedParticipatingMember.stats.hp).to.eql(42.5);
+          expect(updatedSleepingParticipatingMember.stats.hp).to.eql(42.5);
          expect(updatedNonParticipatingMember.stats.hp).to.eql(50);
          expect(updatedUndecidedMember.stats.hp).to.eql(50);
        });
@@ -236,6 +305,7 @@ describe('Group Model', () => {
          party.quest.members = {
            [questLeader._id]: true,
            [participatingMember._id]: true,
+            [sleepingParticipatingMember._id]: true,
            [nonParticipatingMember._id]: false,
            [undecidedMember._id]: null,
          };
@@ -248,17 +318,20 @@ describe('Group Model', () => {
          let [
            updatedLeader,
            updatedParticipatingMember,
+            updatedSleepingParticipatingMember,
            updatedNonParticipatingMember,
            updatedUndecidedMember,
          ] = await Promise.all([
            User.findById(questLeader._id),
            User.findById(participatingMember._id),
+            User.findById(sleepingParticipatingMember._id),
            User.findById(nonParticipatingMember._id),
            User.findById(undecidedMember._id),
          ]);

          expect(updatedLeader.stats.hp).to.eql(42.5);
          expect(updatedParticipatingMember.stats.hp).to.eql(42.5);
+          expect(updatedSleepingParticipatingMember.stats.hp).to.eql(42.5);
          expect(updatedNonParticipatingMember.stats.hp).to.eql(50);
          expect(updatedUndecidedMember.stats.hp).to.eql(50);
        });
@@ -435,7 +508,7 @@ describe('Group Model', () => {
          party.quest.active = false;

          await party.startQuest(questLeader);
-          Group.prototype.sendChat.reset();
+          Group.prototype.sendChat.resetHistory();
          await party.save();

          await Group.processQuestProgress(participatingMember, progress);
@@ -454,7 +527,7 @@ describe('Group Model', () => {
          party.quest.active = false;

          await party.startQuest(questLeader);
-          Group.prototype.sendChat.reset();
+          Group.prototype.sendChat.resetHistory();
          await party.save();

          await Group.processQuestProgress(participatingMember, progress);
@@ -497,9 +570,11 @@ describe('Group Model', () => {
          let [
            updatedLeader,
            updatedParticipatingMember,
+            updatedSleepingParticipatingMember,
          ] = await Promise.all([
            User.findById(questLeader._id),
            User.findById(participatingMember._id),
+            User.findById(sleepingParticipatingMember._id),
          ]);

          expect(updatedLeader.achievements.quests[party.quest.key]).to.eql(1);
@@ -508,6 +583,9 @@ describe('Group Model', () => {
          expect(updatedParticipatingMember.achievements.quests[party.quest.key]).to.eql(1);
          expect(updatedParticipatingMember.stats.exp).to.be.greaterThan(0);
          expect(updatedParticipatingMember.stats.gp).to.be.greaterThan(0);
+          expect(updatedSleepingParticipatingMember.achievements.quests[party.quest.key]).to.eql(1);
+          expect(updatedSleepingParticipatingMember.stats.exp).to.be.greaterThan(0);
+          expect(updatedSleepingParticipatingMember.stats.gp).to.be.greaterThan(0);
        });
      });
    });
@@ -522,7 +600,7 @@ describe('Group Model', () => {
      });

      it('throws an error if no uuids or emails are passed in', async () => {
-        await expect(Group.validateInvitations(null, null, res)).to.eventually.be.rejected.and.eql({
+        await expect(Group.validateInvitations({}, res)).to.eventually.be.rejected.and.eql({
          httpCode: 400,
          message: 'Bad request.',
          name: 'BadRequest',
@@ -532,7 +610,7 @@ describe('Group Model', () => {
      });

      it('throws an error if only uuids are passed in, but they are not an array', async () => {
-        await expect(Group.validateInvitations({ uuid: 'user-id'}, null, res)).to.eventually.be.rejected.and.eql({
+        await expect(Group.validateInvitations({ uuids: 'user-id'}, res)).to.eventually.be.rejected.and.eql({
          httpCode: 400,
          message: 'Bad request.',
          name: 'BadRequest',
@@ -542,7 +620,7 @@ describe('Group Model', () => {
      });

      it('throws an error if only emails are passed in, but they are not an array', async () => {
-        await expect(Group.validateInvitations(null, { emails: 'user@example.com'}, res)).to.eventually.be.rejected.and.eql({
+        await expect(Group.validateInvitations({emails: 'user@example.com'}, res)).to.eventually.be.rejected.and.eql({
          httpCode: 400,
          message: 'Bad request.',
          name: 'BadRequest',
@@ -552,27 +630,27 @@ describe('Group Model', () => {
      });

      it('throws an error if emails are not passed in, and uuid array is empty', async () => {
-        await expect(Group.validateInvitations([], null, res)).to.eventually.be.rejected.and.eql({
+        await expect(Group.validateInvitations({uuids: []},  res)).to.eventually.be.rejected.and.eql({
          httpCode: 400,
          message: 'Bad request.',
          name: 'BadRequest',
        });
        expect(res.t).to.be.calledOnce;
-        expect(res.t).to.be.calledWith('inviteMissingUuid');
+        expect(res.t).to.be.calledWith('inviteMustNotBeEmpty');
      });

      it('throws an error if uuids are not passed in, and email array is empty', async () => {
-        await expect(Group.validateInvitations(null, [], res)).to.eventually.be.rejected.and.eql({
+        await expect(Group.validateInvitations({emails: []},  res)).to.eventually.be.rejected.and.eql({
          httpCode: 400,
          message: 'Bad request.',
          name: 'BadRequest',
        });
        expect(res.t).to.be.calledOnce;
-        expect(res.t).to.be.calledWith('inviteMissingEmail');
+        expect(res.t).to.be.calledWith('inviteMustNotBeEmpty');
      });

      it('throws an error if uuids and emails are passed in as empty arrays', async () => {
-        await expect(Group.validateInvitations([], [], res)).to.eventually.be.rejected.and.eql({
+        await expect(Group.validateInvitations({emails: [], uuids: []}, res)).to.eventually.be.rejected.and.eql({
          httpCode: 400,
          message: 'Bad request.',
          name: 'BadRequest',
@@ -592,7 +670,7 @@ describe('Group Model', () => {

        uuids.push('one-more-uuid'); // to put it over the limit

-        await expect(Group.validateInvitations(uuids, emails, res)).to.eventually.be.rejected.and.eql({
+        await expect(Group.validateInvitations({uuids, emails}, res)).to.eventually.be.rejected.and.eql({
          httpCode: 400,
          message: 'Bad request.',
          name: 'BadRequest',
@@ -610,33 +688,33 @@ describe('Group Model', () => {
          emails.push(`user-${i}@example.com`);
        }

-        await Group.validateInvitations(uuids, emails, res);
+        await Group.validateInvitations({uuids, emails}, res);
        expect(res.t).to.not.be.called;
      });


      it('does not throw an error if only user ids are passed in', async () => {
-        await Group.validateInvitations(['user-id', 'user-id2'], null, res);
+        await Group.validateInvitations({uuids: ['user-id', 'user-id2']}, res);
        expect(res.t).to.not.be.called;
      });

      it('does not throw an error if only emails are passed in', async () => {
-        await Group.validateInvitations(null, ['user1@example.com', 'user2@example.com'], res);
+        await Group.validateInvitations({emails: ['user1@example.com', 'user2@example.com']}, res);
        expect(res.t).to.not.be.called;
      });

      it('does not throw an error if both uuids and emails are passed in', async () => {
-        await Group.validateInvitations(['user-id', 'user-id2'], ['user1@example.com', 'user2@example.com'], res);
+        await Group.validateInvitations({uuids: ['user-id', 'user-id2'], emails: ['user1@example.com', 'user2@example.com']}, res);
        expect(res.t).to.not.be.called;
      });

      it('does not throw an error if uuids are passed in and emails are an empty array', async () => {
-        await Group.validateInvitations(['user-id', 'user-id2'], [], res);
+        await Group.validateInvitations({uuids: ['user-id', 'user-id2'], emails: []}, res);
        expect(res.t).to.not.be.called;
      });

      it('does not throw an error if emails are passed in and uuids are an empty array', async () => {
-        await Group.validateInvitations([], ['user1@example.com', 'user2@example.com'], res);
+        await Group.validateInvitations({uuids: [], emails: ['user1@example.com', 'user2@example.com']}, res);
        expect(res.t).to.not.be.called;
      });
    });
@@ -647,6 +725,7 @@ describe('Group Model', () => {
      it('returns an array of members whose quest status set to true', () => {
        party.quest.members = {
          [participatingMember._id]: true,
+          [sleepingParticipatingMember._id]: true,
          [questLeader._id]: true,
          [nonParticipatingMember._id]: false,
          [undecidedMember._id]: null,
@@ -654,6 +733,7 @@ describe('Group Model', () => {

        expect(party.getParticipatingQuestMembers()).to.eql([
          participatingMember._id,
+          sleepingParticipatingMember._id,
          questLeader._id,
        ]);
      });
@@ -756,11 +836,12 @@ describe('Group Model', () => {
      it('removes user from group quest', async () => {
        party.quest.members = {
          [participatingMember._id]: true,
+          [sleepingParticipatingMember._id]: true,
          [questLeader._id]: true,
          [nonParticipatingMember._id]: false,
          [undecidedMember._id]: null,
        };
-        party.memberCount = 4;
+        party.memberCount = 5;
        await party.save();

        await party.leave(participatingMember);
@@ -768,6 +849,7 @@ describe('Group Model', () => {
        party = await Group.findOne({_id: party._id});
        expect(party.quest.members).to.eql({
          [questLeader._id]: true,
+          [sleepingParticipatingMember._id]: true,
          [nonParticipatingMember._id]: false,
          [undecidedMember._id]: null,
        });
@@ -775,6 +857,7 @@ describe('Group Model', () => {

      it('deletes a private party when the last member leaves', async () => {
        await party.leave(participatingMember);
+        await party.leave(sleepingParticipatingMember);
        await party.leave(questLeader);
        await party.leave(nonParticipatingMember);
        await party.leave(undecidedMember);
@@ -846,6 +929,7 @@ describe('Group Model', () => {
        party.privacy = 'public';

        await party.leave(participatingMember);
+        await party.leave(sleepingParticipatingMember);
        await party.leave(questLeader);
        await party.leave(nonParticipatingMember);
        await party.leave(undecidedMember);
@@ -967,32 +1051,6 @@ describe('Group Model', () => {
        expect(chat.user).to.not.exist;
      });

-      it('cuts down chat to 200 messages', () => {
-        for (let i = 0; i < 220; i++) {
-          party.chat.push({ text: 'a message' });
-        }
-
-        expect(party.chat).to.have.a.lengthOf(220);
-
-        party.sendChat('message');
-
-        expect(party.chat).to.have.a.lengthOf(200);
-      });
-
-      it('cuts down chat to 400 messages when group is subcribed', () => {
-        party.purchased.plan.customerId = 'test-customer-id';
-
-        for (let i = 0; i < 420; i++) {
-          party.chat.push({ text: 'a message' });
-        }
-
-        expect(party.chat).to.have.a.lengthOf(420);
-
-        party.sendChat('message');
-
-        expect(party.chat).to.have.a.lengthOf(400);
-      });
-
      it('updates users about new messages in party', () => {
        party.sendChat('message');

@@ -1074,6 +1132,7 @@ describe('Group Model', () => {
          party.quest.members = {
            [questLeader._id]: true,
            [participatingMember._id]: true,
+            [sleepingParticipatingMember._id]: true,
            [nonParticipatingMember._id]: false,
            [undecidedMember._id]: null,
          };
@@ -1130,33 +1189,44 @@ describe('Group Model', () => {
          let expectedQuestMembers = {};
          expectedQuestMembers[questLeader._id] = true;
          expectedQuestMembers[participatingMember._id] = true;
+          expectedQuestMembers[sleepingParticipatingMember._id] = true;

          expect(party.quest.members).to.eql(expectedQuestMembers);
        });

-        it('applies updates to user object directly if user is participating', async () => {
+        it('applies updates to user object directly if user is participating (without resetting progress, except progress.down)', async () => {
          await party.startQuest(participatingMember);

          expect(participatingMember.party.quest.key).to.eql('whale');
+          expect(participatingMember.party.quest.progress.up).to.eql(10);
          expect(participatingMember.party.quest.progress.down).to.eql(0);
-          expect(participatingMember.party.quest.progress.collectedItems).to.eql(0);
+          expect(participatingMember.party.quest.progress.collectedItems).to.eql(5);
          expect(participatingMember.party.quest.completed).to.eql(null);
        });

-        it('applies updates to other participating members', async () => {
+        it('applies updates to other participating members (without resetting progress, except progress.down)', async () => {
          await party.startQuest(nonParticipatingMember);

          questLeader = await User.findById(questLeader._id);
          participatingMember = await User.findById(participatingMember._id);
+          sleepingParticipatingMember = await User.findById(sleepingParticipatingMember._id);

          expect(participatingMember.party.quest.key).to.eql('whale');
+          expect(participatingMember.party.quest.progress.up).to.eql(10);
          expect(participatingMember.party.quest.progress.down).to.eql(0);
-          expect(participatingMember.party.quest.progress.collectedItems).to.eql(0);
+          expect(participatingMember.party.quest.progress.collectedItems).to.eql(5);
          expect(participatingMember.party.quest.completed).to.eql(null);

+          expect(sleepingParticipatingMember.party.quest.key).to.eql('whale');
+          expect(sleepingParticipatingMember.party.quest.progress.up).to.eql(10);
+          expect(sleepingParticipatingMember.party.quest.progress.down).to.eql(0);
+          expect(sleepingParticipatingMember.party.quest.progress.collectedItems).to.eql(5);
+          expect(sleepingParticipatingMember.party.quest.completed).to.eql(null);
+
          expect(questLeader.party.quest.key).to.eql('whale');
+          expect(questLeader.party.quest.progress.up).to.eql(10);
          expect(questLeader.party.quest.progress.down).to.eql(0);
-          expect(questLeader.party.quest.progress.collectedItems).to.eql(0);
+          expect(questLeader.party.quest.progress.collectedItems).to.eql(5);
          expect(questLeader.party.quest.completed).to.eql(null);
        });

@@ -1167,14 +1237,19 @@ describe('Group Model', () => {
          undecidedMember = await User.findById(undecidedMember._id);

          expect(nonParticipatingMember.party.quest.key).to.not.eql('whale');
+          expect(nonParticipatingMember.party.quest.progress.up).to.eql(10);
+          expect(nonParticipatingMember.party.quest.progress.down).to.eql(8);
+          expect(nonParticipatingMember.party.quest.progress.collectedItems).to.eql(5);
          expect(undecidedMember.party.quest.key).to.not.eql('whale');
        });

        it('sends email to participating members that quest has started', async () => {
          participatingMember.preferences.emailNotifications.questStarted = true;
+          sleepingParticipatingMember.preferences.emailNotifications.questStarted = true;
          questLeader.preferences.emailNotifications.questStarted = true;
          await Promise.all([
            participatingMember.save(),
+            sleepingParticipatingMember.save(),
            questLeader.save(),
          ]);

@@ -1187,8 +1262,9 @@ describe('Group Model', () => {
          let memberIds = _.map(email.sendTxn.args[0][0], '_id');
          let typeOfEmail = email.sendTxn.args[0][1];

-          expect(memberIds).to.have.a.lengthOf(2);
+          expect(memberIds).to.have.a.lengthOf(3);
          expect(memberIds).to.include(participatingMember._id);
+          expect(memberIds).to.include(sleepingParticipatingMember._id);
          expect(memberIds).to.include(questLeader._id);
          expect(typeOfEmail).to.eql('quest-started');
        });
@@ -1202,6 +1278,13 @@ describe('Group Model', () => {
              questStarted: true,
            },
          }];
+          sleepingParticipatingMember.webhooks = [{
+            type: 'questActivity',
+            url: 'http://someurl.com',
+            options: {
+              questStarted: true,
+            },
+          }];
          questLeader.webhooks = [{
            type: 'questActivity',
            url: 'http://someurl.com',
@@ -1210,13 +1293,13 @@ describe('Group Model', () => {
            },
          }];

-          await Promise.all([participatingMember.save(), questLeader.save()]);
+          await Promise.all([participatingMember.save(), sleepingParticipatingMember.save(), questLeader.save()]);

          await party.startQuest(nonParticipatingMember);

          await sleep(0.5);

-          expect(questActivityWebhook.send).to.be.calledTwice; // for 2 participating members
+          expect(questActivityWebhook.send).to.be.calledThrice; // for 3 participating members

          let args = questActivityWebhook.send.args[0];
          let webhooks = args[0].webhooks;
@@ -1226,6 +1309,8 @@ describe('Group Model', () => {
          expect(webhooks).to.have.a.lengthOf(1);
          if (webhookOwner === questLeader._id) {
            expect(webhooks[0].id).to.eql(questLeader.webhooks[0].id);
+          } else if (webhookOwner === sleepingParticipatingMember._id) {
+            expect(webhooks[0].id).to.eql(sleepingParticipatingMember.webhooks[0].id);
          } else {
            expect(webhooks[0].id).to.eql(participatingMember.webhooks[0].id);
          }
@@ -1236,9 +1321,11 @@ describe('Group Model', () => {

        it('sends email only to members who have not opted out', async () => {
          participatingMember.preferences.emailNotifications.questStarted = false;
+          sleepingParticipatingMember.preferences.emailNotifications.questStarted = false;
          questLeader.preferences.emailNotifications.questStarted = true;
          await Promise.all([
            participatingMember.save(),
+            sleepingParticipatingMember.save(),
            questLeader.save(),
          ]);

@@ -1252,14 +1339,17 @@ describe('Group Model', () => {

          expect(memberIds).to.have.a.lengthOf(1);
          expect(memberIds).to.not.include(participatingMember._id);
+          expect(memberIds).to.not.include(sleepingParticipatingMember._id);
          expect(memberIds).to.include(questLeader._id);
        });

        it('does not send email to initiating member', async () => {
          participatingMember.preferences.emailNotifications.questStarted = true;
+          sleepingParticipatingMember.preferences.emailNotifications.questStarted = true;
          questLeader.preferences.emailNotifications.questStarted = true;
          await Promise.all([
            participatingMember.save(),
+            sleepingParticipatingMember.save(),
            questLeader.save(),
          ]);

@@ -1271,8 +1361,9 @@ describe('Group Model', () => {

          let memberIds = _.map(email.sendTxn.args[0][0], '_id');

-          expect(memberIds).to.have.a.lengthOf(1);
+          expect(memberIds).to.have.a.lengthOf(2);
          expect(memberIds).to.not.include(participatingMember._id);
+          expect(memberIds).to.include(sleepingParticipatingMember._id);
          expect(memberIds).to.include(questLeader._id);
        });

@@ -1281,7 +1372,7 @@ describe('Group Model', () => {

          await party.startQuest(nonParticipatingMember);

-          let members = [questLeader._id, participatingMember._id];
+          let members = [questLeader._id, participatingMember._id, sleepingParticipatingMember._id];

          expect(User.update).to.be.calledWith(
            { _id: { $in: members } },
@@ -1316,8 +1407,9 @@ describe('Group Model', () => {
          let userQuest = participatingMember.party.quest;

          expect(userQuest.key).to.eql('whale');
+          expect(userQuest.progress.up).to.eql(10);
          expect(userQuest.progress.down).to.eql(0);
-          expect(userQuest.progress.collectedItems).to.eql(0);
+          expect(userQuest.progress.collectedItems).to.eql(5);
          expect(userQuest.completed).to.eql(null);
        });

@@ -1346,6 +1438,7 @@ describe('Group Model', () => {
        party.quest.members = {
          [questLeader._id]: true,
          [participatingMember._id]: true,
+          [sleepingParticipatingMember._id]: true,
          [nonParticipatingMember._id]: false,
          [undecidedMember._id]: null,
        };
@@ -1368,7 +1461,7 @@ describe('Group Model', () => {

          await party.finishQuest(quest);

-          expect(User.update).to.be.calledTwice;
+          expect(User.update).to.be.calledThrice;
        });

        it('stops retrying when a successful update has occurred', async () => {
@@ -1378,7 +1471,7 @@ describe('Group Model', () => {

          await party.finishQuest(quest);

-          expect(User.update).to.be.calledThrice;
+          expect(User.update.callCount).to.equal(4);
        });

        it('retries failed updates at most five times per user', async () => {
@@ -1386,7 +1479,7 @@ describe('Group Model', () => {

          await expect(party.finishQuest(quest)).to.eventually.be.rejected;

-          expect(User.update.callCount).to.eql(10);
+          expect(User.update.callCount).to.eql(15); // for 3 users
        });
      });

@@ -1396,17 +1489,19 @@ describe('Group Model', () => {
        let [
          updatedLeader,
          updatedParticipatingMember,
+          updatedSleepingParticipatingMember,
        ] = await Promise.all([
          User.findById(questLeader._id),
          User.findById(participatingMember._id),
+          User.findById(sleepingParticipatingMember._id),
        ]);

        expect(updatedLeader.achievements.quests[quest.key]).to.eql(1);
        expect(updatedParticipatingMember.achievements.quests[quest.key]).to.eql(1);
+        expect(updatedSleepingParticipatingMember.achievements.quests[quest.key]).to.eql(1);
      });

-      // Disable test, it fails on TravisCI, but only there
-      xit('gives out super awesome Masterclasser achievement to the deserving', async () => {
+      it('gives out super awesome Masterclasser achievement to the deserving', async () => {
        quest = questScrolls.lostMasterclasser4;
        party.quest.key = quest.key;

@@ -1433,17 +1528,19 @@ describe('Group Model', () => {
        let [
          updatedLeader,
          updatedParticipatingMember,
+          updatedSleepingParticipatingMember,
        ] = await Promise.all([
          User.findById(questLeader._id).exec(),
          User.findById(participatingMember._id).exec(),
+          User.findById(sleepingParticipatingMember._id).exec(),
        ]);

        expect(updatedLeader.achievements.lostMasterclasser).to.eql(true);
        expect(updatedParticipatingMember.achievements.lostMasterclasser).to.not.eql(true);
+        expect(updatedSleepingParticipatingMember.achievements.lostMasterclasser).to.not.eql(true);
      });

-      // Disable test, it fails on TravisCI, but only there
-      xit('gives out super awesome Masterclasser achievement when quests done out of order', async () => {
+      it('gives out super awesome Masterclasser achievement when quests done out of order', async () => {
        quest = questScrolls.lostMasterclasser1;
        party.quest.key = quest.key;

@@ -1470,13 +1567,16 @@ describe('Group Model', () => {
        let [
          updatedLeader,
          updatedParticipatingMember,
+          updatedSleepingParticipatingMember,
        ] = await Promise.all([
          User.findById(questLeader._id).exec(),
          User.findById(participatingMember._id).exec(),
+          User.findById(sleepingParticipatingMember._id).exec(),
        ]);

        expect(updatedLeader.achievements.lostMasterclasser).to.eql(true);
        expect(updatedParticipatingMember.achievements.lostMasterclasser).to.not.eql(true);
+        expect(updatedSleepingParticipatingMember.achievements.lostMasterclasser).to.not.eql(true);
      });

      it('gives xp and gold', async () => {
@@ -1485,15 +1585,19 @@ describe('Group Model', () => {
        let [
          updatedLeader,
          updatedParticipatingMember,
+          updatedSleepingParticipatingMember,
        ] = await Promise.all([
          User.findById(questLeader._id),
          User.findById(participatingMember._id),
+          User.findById(sleepingParticipatingMember._id),
        ]);

        expect(updatedLeader.stats.exp).to.eql(quest.drop.exp);
        expect(updatedLeader.stats.gp).to.eql(quest.drop.gp);
        expect(updatedParticipatingMember.stats.exp).to.eql(quest.drop.exp);
        expect(updatedParticipatingMember.stats.gp).to.eql(quest.drop.gp);
+        expect(updatedSleepingParticipatingMember.stats.exp).to.eql(quest.drop.exp);
+        expect(updatedSleepingParticipatingMember.stats.gp).to.eql(quest.drop.gp);
      });

      context('drops', () => {
@@ -1593,25 +1697,35 @@ describe('Group Model', () => {
          sandbox.spy(User, 'update');
          await party.finishQuest(quest);

-          expect(User.update).to.be.calledTwice;
+          expect(User.update).to.be.calledThrice;
          expect(User.update).to.be.calledWithMatch({
            _id: questLeader._id,
          });
          expect(User.update).to.be.calledWithMatch({
            _id: participatingMember._id,
          });
+          expect(User.update).to.be.calledWithMatch({
+            _id: sleepingParticipatingMember._id,
+          });
        });

-        it('sets user quest object to a clean state', async () => {
+        it('updates participating members quest object to a clean state (except for progress)', async () => {
          await party.finishQuest(quest);

-          let updatedLeader = await User.findById(questLeader._id);
+          questLeader = await User.findById(questLeader._id);
+          participatingMember = await User.findById(participatingMember._id);

-          expect(updatedLeader.party.quest.completed).to.eql('whale');
-          expect(updatedLeader.party.quest.progress.up).to.eql(0);
-          expect(updatedLeader.party.quest.progress.down).to.eql(0);
-          expect(updatedLeader.party.quest.progress.collectedItems).to.eql(0);
-          expect(updatedLeader.party.quest.RSVPNeeded).to.eql(false);
+          expect(questLeader.party.quest.completed).to.eql('whale');
+          expect(questLeader.party.quest.progress.up).to.eql(10);
+          expect(questLeader.party.quest.progress.down).to.eql(8);
+          expect(questLeader.party.quest.progress.collectedItems).to.eql(5);
+          expect(questLeader.party.quest.RSVPNeeded).to.eql(false);
+
+          expect(participatingMember.party.quest.completed).to.eql('whale');
+          expect(participatingMember.party.quest.progress.up).to.eql(10);
+          expect(participatingMember.party.quest.progress.down).to.eql(8);
+          expect(participatingMember.party.quest.progress.collectedItems).to.eql(5);
+          expect(participatingMember.party.quest.RSVPNeeded).to.eql(false);
        });
      });

@@ -1632,7 +1746,7 @@ describe('Group Model', () => {
          },
        }];

-        await Promise.all([participatingMember.save(), questLeader.save()]);
+        await Promise.all([participatingMember.save(), sleepingParticipatingMember.save(), questLeader.save()]);

        await party.finishQuest(quest);

@@ -1775,6 +1889,62 @@ describe('Group Model', () => {
        expect(options.chat).to.eql(chat);
      });

+      it('sends webhooks for users with webhooks triggered by system messages', async () => {
+        let guild = new Group({
+          name: 'some guild',
+          type: 'guild',
+        });
+
+        let memberWithWebhook = new User({
+          guilds: [guild._id],
+          webhooks: [{
+            type: 'groupChatReceived',
+            url: 'http://someurl.com',
+            options: {
+              groupId: guild._id,
+            },
+          }],
+        });
+        let memberWithoutWebhook = new User({
+          guilds: [guild._id],
+        });
+        let nonMemberWithWebhooks = new User({
+          webhooks: [{
+            type: 'groupChatReceived',
+            url: 'http://a-different-url.com',
+            options: {
+              groupId: generateUUID(),
+            },
+          }],
+        });
+
+        await Promise.all([
+          memberWithWebhook.save(),
+          memberWithoutWebhook.save(),
+          nonMemberWithWebhooks.save(),
+        ]);
+
+        guild.leader = memberWithWebhook._id;
+
+        await guild.save();
+
+        const groupMessage = guild.sendChat('Test message.');
+        await groupMessage.save();
+
+        await sleep();
+
+        expect(groupChatReceivedWebhook.send).to.be.calledOnce;
+
+        let args = groupChatReceivedWebhook.send.args[0];
+        let webhooks = args[0].webhooks;
+        let options = args[1];
+
+        expect(webhooks).to.have.a.lengthOf(1);
+        expect(webhooks[0].id).to.eql(memberWithWebhook.webhooks[0].id);
+        expect(options.group).to.eql(guild);
+        expect(options.chat).to.eql(groupMessage);
+      });
+
      it('sends webhooks for each user with webhooks in group', async () => {
        let guild = new Group({
          name: 'some guild',
@@ -1864,28 +2034,54 @@ describe('Group Model', () => {

    context('hasNotCancelled', () => {
      it('returns false if group does not have customer id', () => {
-        expect(party.hasNotCancelled()).to.be.undefined;
+        expect(party.hasNotCancelled()).to.be.false;
      });

-      it('returns true if party does not have plan.dateTerminated', () => {
+      it('returns true if group does not have plan.dateTerminated', () => {
        party.purchased.plan.customerId = 'test-id';

        expect(party.hasNotCancelled()).to.be.true;
      });

-      it('returns false if party if plan.dateTerminated is after today', () => {
+      it('returns false if group if plan.dateTerminated is after today', () => {
        party.purchased.plan.customerId = 'test-id';
        party.purchased.plan.dateTerminated = moment().add(1, 'days').toDate();

        expect(party.hasNotCancelled()).to.be.false;
      });

-      it('returns false if party if plan.dateTerminated is before today', () => {
+      it('returns false if group if plan.dateTerminated is before today', () => {
        party.purchased.plan.customerId = 'test-id';
        party.purchased.plan.dateTerminated = moment().subtract(1, 'days').toDate();

        expect(party.hasNotCancelled()).to.be.false;
      });
    });
+
+    context('hasCancelled', () => {
+      it('returns false if group does not have customer id', () => {
+        expect(party.hasCancelled()).to.be.false;
+      });
+
+      it('returns false if group does not have plan.dateTerminated', () => {
+        party.purchased.plan.customerId = 'test-id';
+
+        expect(party.hasCancelled()).to.be.false;
+      });
+
+      it('returns true if group if plan.dateTerminated is after today', () => {
+        party.purchased.plan.customerId = 'test-id';
+        party.purchased.plan.dateTerminated = moment().add(1, 'days').toDate();
+
+        expect(party.hasCancelled()).to.be.true;
+      });
+
+      it('returns false if group if plan.dateTerminated is before today', () => {
+        party.purchased.plan.customerId = 'test-id';
+        party.purchased.plan.dateTerminated = moment().subtract(1, 'days').toDate();
+
+        expect(party.hasCancelled()).to.be.false;
+      });
+    });
  });
 });
--- a/test/api/unit/models/user.test.js
+++ b/test/api/unit/models/user.test.js
@@ -315,9 +315,8 @@ describe('User Model', () => {
      user = new User();
    });

-
    it('returns false if user does not have customer id', () => {
-      expect(user.hasNotCancelled()).to.be.undefined;
+      expect(user.hasNotCancelled()).to.be.false;
    });

    it('returns true if user does not have plan.dateTerminated', () => {
@@ -341,6 +340,38 @@ describe('User Model', () => {
    });
  });

+
+  context('hasCancelled', () => {
+    let user;
+    beforeEach(() => {
+      user = new User();
+    });
+
+    it('returns false if user does not have customer id', () => {
+      expect(user.hasCancelled()).to.be.false;
+    });
+
+    it('returns false if user does not have plan.dateTerminated', () => {
+      user.purchased.plan.customerId = 'test-id';
+
+      expect(user.hasCancelled()).to.be.false;
+    });
+
+    it('returns true if user if plan.dateTerminated is after today', () => {
+      user.purchased.plan.customerId = 'test-id';
+      user.purchased.plan.dateTerminated = moment().add(1, 'days').toDate();
+
+      expect(user.hasCancelled()).to.be.true;
+    });
+
+    it('returns false if user if plan.dateTerminated is before today', () => {
+      user.purchased.plan.customerId = 'test-id';
+      user.purchased.plan.dateTerminated = moment().subtract(1, 'days').toDate();
+
+      expect(user.hasCancelled()).to.be.false;
+    });
+  });
+
  context('pre-save hook', () => {
    it('does not try to award achievements when achievements or items not selected in query', async () => {
      let user = new User();
--- a/test/api/v3/integration/challenges/GET-challenges_challengeId.test.js
+++ b/test/api/v3/integration/challenges/GET-challenges_challengeId.test.js
@@ -47,6 +47,14 @@ describe('GET /challenges/:challengeId', () => {
        _id: groupLeader._id,
        id: groupLeader._id,
        profile: {name: groupLeader.profile.name},
+        auth: {
+          local: {
+            username: groupLeader.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
      expect(chal.group).to.eql({
        _id: group._id,
@@ -63,45 +71,56 @@ describe('GET /challenges/:challengeId', () => {

  context('private guild', () => {
    let groupLeader;
+    let challengeLeader;
    let group;
    let challenge;
    let members;
-    let user;
+    let nonMember;
+    let otherMember;

    beforeEach(async () => {
-      user = await generateUser();
+      nonMember = await generateUser();

      let populatedGroup = await createAndPopulateGroup({
        groupDetails: {type: 'guild', privacy: 'private'},
-        members: 1,
+        members: 2,
      });

      groupLeader = populatedGroup.groupLeader;
      group = populatedGroup.group;
      members = populatedGroup.members;

-      challenge = await generateChallenge(groupLeader, group);
-      await members[0].post(`/challenges/${challenge._id}/join`);
-      await groupLeader.post(`/challenges/${challenge._id}/join`);
+      challengeLeader = members[0];
+      otherMember = members[1];
+
+      challenge = await generateChallenge(challengeLeader, group);
    });

-    it('fails if user doesn\'t have access to the challenge', async () => {
-      await expect(user.get(`/challenges/${challenge._id}`)).to.eventually.be.rejected.and.eql({
+    it('fails if user isn\'t in the guild and isn\'t challenge leader', async () => {
+      await expect(nonMember.get(`/challenges/${challenge._id}`)).to.eventually.be.rejected.and.eql({
        code: 404,
        error: 'NotFound',
        message: t('challengeNotFound'),
      });
    });

-    it('should return challenge data', async () => {
-      let chal = await members[0].get(`/challenges/${challenge._id}`);
+    it('returns challenge data for any user in the guild', async () => {
+      let chal = await otherMember.get(`/challenges/${challenge._id}`);
      expect(chal.name).to.equal(challenge.name);
      expect(chal._id).to.equal(challenge._id);

      expect(chal.leader).to.eql({
-        _id: groupLeader._id,
-        id: groupLeader._id,
-        profile: {name: groupLeader.profile.name},
+        _id: challengeLeader._id,
+        id: challengeLeader._id,
+        profile: {name: challengeLeader.profile.name},
+        auth: {
+          local: {
+            username: challengeLeader.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
      expect(chal.group).to.eql({
        _id: group._id,
@@ -114,53 +133,88 @@ describe('GET /challenges/:challengeId', () => {
        leader: groupLeader.id,
      });
    });
+
+    it('returns challenge data if challenge leader isn\'t in the guild or challenge', async () => {
+      await challengeLeader.post(`/groups/${group._id}/leave`);
+      await challengeLeader.sync();
+      expect(challengeLeader.guilds).to.be.empty; // check that leaving worked
+
+      let chal = await challengeLeader.get(`/challenges/${challenge._id}`);
+      expect(chal.name).to.equal(challenge.name);
+      expect(chal._id).to.equal(challenge._id);
+
+      expect(chal.leader).to.eql({
+        _id: challengeLeader._id,
+        id: challengeLeader._id,
+        profile: {name: challengeLeader.profile.name},
+        auth: {
+          local: {
+            username: challengeLeader.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
+      });
+    });
  });

  context('party', () => {
    let groupLeader;
+    let challengeLeader;
    let group;
    let challenge;
    let members;
-    let user;
+    let nonMember;
+    let otherMember;

    beforeEach(async () => {
-      user = await generateUser();
+      nonMember = await generateUser();

      let populatedGroup = await createAndPopulateGroup({
-        groupDetails: {type: 'party'},
-        members: 1,
+        groupDetails: {type: 'party', privacy: 'private'},
+        members: 2,
      });

      groupLeader = populatedGroup.groupLeader;
      group = populatedGroup.group;
      members = populatedGroup.members;

-      challenge = await generateChallenge(groupLeader, group);
-      await members[0].post(`/challenges/${challenge._id}/join`);
-      await groupLeader.post(`/challenges/${challenge._id}/join`);
+      challengeLeader = members[0];
+      otherMember = members[1];
+
+      challenge = await generateChallenge(challengeLeader, group);
    });

-    it('fails if user doesn\'t have access to the challenge', async () => {
-      await expect(user.get(`/challenges/${challenge._id}`)).to.eventually.be.rejected.and.eql({
+    it('fails if user isn\'t in the party and isn\'t challenge leader', async () => {
+      await expect(nonMember.get(`/challenges/${challenge._id}`)).to.eventually.be.rejected.and.eql({
        code: 404,
        error: 'NotFound',
        message: t('challengeNotFound'),
      });
    });

-    it('should return challenge data', async () => {
-      let chal = await members[0].get(`/challenges/${challenge._id}`);
+    it('returns challenge data for any user in the party', async () => {
+      let chal = await otherMember.get(`/challenges/${challenge._id}`);
      expect(chal.name).to.equal(challenge.name);
      expect(chal._id).to.equal(challenge._id);

      expect(chal.leader).to.eql({
-        _id: groupLeader._id,
-        id: groupLeader.id,
-        profile: {name: groupLeader.profile.name},
+        _id: challengeLeader._id,
+        id: challengeLeader._id,
+        profile: {name: challengeLeader.profile.name},
+        auth: {
+          local: {
+            username: challengeLeader.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
      expect(chal.group).to.eql({
        _id: group._id,
-        id: group.id,
+        id: group._id,
        categories: [],
        name: group.name,
        summary: group.name,
@@ -169,5 +223,29 @@ describe('GET /challenges/:challengeId', () => {
        leader: groupLeader.id,
      });
    });
+
+    it('returns challenge data if challenge leader isn\'t in the party or challenge', async () => {
+      await challengeLeader.post('/groups/party/leave');
+      await challengeLeader.sync();
+      expect(challengeLeader.party._id).to.be.undefined; // check that leaving worked
+
+      let chal = await challengeLeader.get(`/challenges/${challenge._id}`);
+      expect(chal.name).to.equal(challenge.name);
+      expect(chal._id).to.equal(challenge._id);
+
+      expect(chal.leader).to.eql({
+        _id: challengeLeader._id,
+        id: challengeLeader._id,
+        profile: {name: challengeLeader.profile.name},
+        auth: {
+          local: {
+            username: challengeLeader.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
+      });
+    });
  });
 });
--- a/test/api/v3/integration/challenges/GET-challenges_challengeId_members.test.js
+++ b/test/api/v3/integration/challenges/GET-challenges_challengeId_members.test.js
@@ -1,6 +1,7 @@
 import {
  generateUser,
  generateGroup,
+  createAndPopulateGroup,
  generateChallenge,
  translate as t,
 } from '../../../../helpers/api-integration/v3';
@@ -10,7 +11,7 @@ describe('GET /challenges/:challengeId/members', () => {
  let user;

  beforeEach(async () => {
-    user = await generateUser();
+    user = await generateUser({ balance: 1 });
  });

  it('validates optional req.query.lastId to be an UUID', async () => {
@@ -21,7 +22,7 @@ describe('GET /challenges/:challengeId/members', () => {
    });
  });

-  it('fails if challenge doesn\'t exists', async () => {
+  it('fails if challenge doesn\'t exist', async () => {
    await expect(user.get(`/challenges/${generateUUID()}/members`)).to.eventually.be.rejected.and.eql({
      code: 404,
      error: 'NotFound',
@@ -29,8 +30,8 @@ describe('GET /challenges/:challengeId/members', () => {
    });
  });

-  it('fails if user doesn\'t have access to the challenge', async () => {
-    let group = await generateGroup(user);
+  it('fails if user isn\'t in the private group and isn\'t challenge leader', async () => {
+    let group = await generateGroup(user, {type: 'party', privacy: 'private'});
    let challenge = await generateChallenge(user, group);
    let anotherUser = await generateUser();

@@ -41,6 +42,35 @@ describe('GET /challenges/:challengeId/members', () => {
    });
  });

+  it('works if user isn\'t in the private group but is challenge leader', async () => {
+    let populatedGroup = await createAndPopulateGroup({
+      groupDetails: {type: 'party', privacy: 'private'},
+      members: 1,
+    });
+    let groupLeader = populatedGroup.groupLeader;
+    let challengeLeader = populatedGroup.members[0];
+    let challenge = await generateChallenge(challengeLeader, populatedGroup.group);
+    await groupLeader.post(`/challenges/${challenge._id}/join`);
+    await challengeLeader.post('/groups/party/leave');
+    await challengeLeader.sync();
+    expect(challengeLeader.party._id).to.be.undefined; // check that leaving worked
+
+    let res = await challengeLeader.get(`/challenges/${challenge._id}/members`);
+    expect(res[0]).to.eql({
+      _id: groupLeader._id,
+      id: groupLeader._id,
+      profile: {name: groupLeader.profile.name},
+      auth: {
+        local: {
+          username: groupLeader.auth.local.username,
+        },
+      },
+      flags: {
+        verifiedUsername: true,
+      },
+    });
+  });
+
  it('works with challenges belonging to public guild', async () => {
    let leader = await generateUser({balance: 4});
    let group = await generateGroup(leader, {type: 'guild', privacy: 'public', name: generateUUID()});
@@ -51,8 +81,16 @@ describe('GET /challenges/:challengeId/members', () => {
      _id: leader._id,
      id: leader._id,
      profile: {name: leader.profile.name},
+      auth: {
+        local: {
+          username: leader.auth.local.username,
+        },
+      },
+      flags: {
+        verifiedUsername: true,
+      },
    });
-    expect(res[0]).to.have.all.keys(['_id', 'id', 'profile']);
+    expect(res[0]).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
    expect(res[0].profile).to.have.all.keys(['name']);
  });

@@ -66,8 +104,16 @@ describe('GET /challenges/:challengeId/members', () => {
      _id: anotherUser._id,
      id: anotherUser._id,
      profile: {name: anotherUser.profile.name},
+      auth: {
+        local: {
+          username: anotherUser.auth.local.username,
+        },
+      },
+      flags: {
+        verifiedUsername: true,
+      },
    });
-    expect(res[0]).to.have.all.keys(['_id', 'id', 'profile']);
+    expect(res[0]).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
    expect(res[0].profile).to.have.all.keys(['name']);
  });

@@ -85,7 +131,7 @@ describe('GET /challenges/:challengeId/members', () => {
    let res = await user.get(`/challenges/${challenge._id}/members?includeAllMembers=not-true`);
    expect(res.length).to.equal(30);
    res.forEach(member => {
-      expect(member).to.have.all.keys(['_id', 'id', 'profile']);
+      expect(member).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
      expect(member.profile).to.have.all.keys(['name']);
    });
  });
@@ -104,7 +150,7 @@ describe('GET /challenges/:challengeId/members', () => {
    let res = await user.get(`/challenges/${challenge._id}/members`);
    expect(res.length).to.equal(30);
    res.forEach(member => {
-      expect(member).to.have.all.keys(['_id', 'id', 'profile']);
+      expect(member).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
      expect(member.profile).to.have.all.keys(['name']);
    });
  });
@@ -123,7 +169,7 @@ describe('GET /challenges/:challengeId/members', () => {
    let res = await user.get(`/challenges/${challenge._id}/members?includeAllMembers=true`);
    expect(res.length).to.equal(32);
    res.forEach(member => {
-      expect(member).to.have.all.keys(['_id', 'id', 'profile']);
+      expect(member).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
      expect(member.profile).to.have.all.keys(['name']);
    });
  });
--- a/test/api/v3/integration/challenges/GET-challenges_challengeId_members_memberId.test.js
+++ b/test/api/v3/integration/challenges/GET-challenges_challengeId_members_memberId.test.js
@@ -81,7 +81,7 @@ describe('GET /challenges/:challengeId/members/:memberId', () => {
    await groupLeader.post(`/tasks/challenge/${challenge._id}`, [{type: 'habit', text: taskText}]);

    let memberProgress = await user.get(`/challenges/${challenge._id}/members/${groupLeader._id}`);
-    expect(memberProgress).to.have.all.keys(['_id', 'id', 'profile', 'tasks']);
+    expect(memberProgress).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile', 'tasks']);
    expect(memberProgress.profile).to.have.all.keys(['name']);
    expect(memberProgress.tasks.length).to.equal(1);
  });
--- a/test/api/v3/integration/challenges/GET-challenges_group_groupid.test.js
+++ b/test/api/v3/integration/challenges/GET-challenges_group_groupid.test.js
@@ -39,6 +39,14 @@ describe('GET challenges/groups/:groupId', () => {
        _id: publicGuild.leader._id,
        id: publicGuild.leader._id,
        profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
      let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
      expect(foundChallenge2).to.exist;
@@ -46,6 +54,14 @@ describe('GET challenges/groups/:groupId', () => {
        _id: publicGuild.leader._id,
        id: publicGuild.leader._id,
        profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
    });

@@ -58,6 +74,14 @@ describe('GET challenges/groups/:groupId', () => {
        _id: publicGuild.leader._id,
        id: publicGuild.leader._id,
        profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
      let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
      expect(foundChallenge2).to.exist;
@@ -65,6 +89,14 @@ describe('GET challenges/groups/:groupId', () => {
        _id: publicGuild.leader._id,
        id: publicGuild.leader._id,
        profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
    });

@@ -125,6 +157,14 @@ describe('GET challenges/groups/:groupId', () => {
        _id: privateGuild.leader._id,
        id: privateGuild.leader._id,
        profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
      let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
      expect(foundChallenge2).to.exist;
@@ -132,6 +172,14 @@ describe('GET challenges/groups/:groupId', () => {
        _id: privateGuild.leader._id,
        id: privateGuild.leader._id,
        profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
    });
  });
@@ -235,6 +283,14 @@ describe('GET challenges/groups/:groupId', () => {
        _id: party.leader._id,
        id: party.leader._id,
        profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
      let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
      expect(foundChallenge2).to.exist;
@@ -242,6 +298,14 @@ describe('GET challenges/groups/:groupId', () => {
        _id: party.leader._id,
        id: party.leader._id,
        profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
    });

@@ -254,6 +318,14 @@ describe('GET challenges/groups/:groupId', () => {
        _id: party.leader._id,
        id: party.leader._id,
        profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
      let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
      expect(foundChallenge2).to.exist;
@@ -261,6 +333,14 @@ describe('GET challenges/groups/:groupId', () => {
        _id: party.leader._id,
        id: party.leader._id,
        profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
    });
  });
@@ -288,6 +368,14 @@ describe('GET challenges/groups/:groupId', () => {
        _id: user._id,
        id: user._id,
        profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
      let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
      expect(foundChallenge2).to.exist;
@@ -295,6 +383,14 @@ describe('GET challenges/groups/:groupId', () => {
        _id: user._id,
        id: user._id,
        profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
    });

@@ -307,6 +403,14 @@ describe('GET challenges/groups/:groupId', () => {
        _id: user._id,
        id: user._id,
        profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
      let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
      expect(foundChallenge2).to.exist;
@@ -314,6 +418,14 @@ describe('GET challenges/groups/:groupId', () => {
        _id: user._id,
        id: user._id,
        profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
    });
  });
--- a/test/api/v3/integration/challenges/GET-challenges_user.test.js
+++ b/test/api/v3/integration/challenges/GET-challenges_user.test.js
@@ -40,6 +40,14 @@ describe('GET challenges/user', () => {
        _id: publicGuild.leader._id,
        id: publicGuild.leader._id,
        profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
      expect(foundChallenge.group).to.eql({
        _id: publicGuild._id,
@@ -62,6 +70,14 @@ describe('GET challenges/user', () => {
        _id: publicGuild.leader._id,
        id: publicGuild.leader._id,
        profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
      expect(foundChallenge1.group).to.eql({
        _id: publicGuild._id,
@@ -79,6 +95,14 @@ describe('GET challenges/user', () => {
        _id: publicGuild.leader._id,
        id: publicGuild.leader._id,
        profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
      expect(foundChallenge2.group).to.eql({
        _id: publicGuild._id,
@@ -101,6 +125,14 @@ describe('GET challenges/user', () => {
        _id: publicGuild.leader._id,
        id: publicGuild.leader._id,
        profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
      expect(foundChallenge1.group).to.eql({
        _id: publicGuild._id,
@@ -118,6 +150,14 @@ describe('GET challenges/user', () => {
        _id: publicGuild.leader._id,
        id: publicGuild.leader._id,
        profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
      expect(foundChallenge2.group).to.eql({
        _id: publicGuild._id,
--- a/test/api/v3/integration/challenges/POST-challenges.test.js
+++ b/test/api/v3/integration/challenges/POST-challenges.test.js
@@ -94,16 +94,6 @@ describe('POST /challenges', () => {
      });
    });

-    it('returns an error when non-leader member creates a challenge in leaderOnly group', async () => {
-      await expect(groupMember.post('/challenges', {
-        group: group._id,
-      })).to.eventually.be.rejected.and.eql({
-        code: 401,
-        error: 'NotAuthorized',
-        message: t('onlyGroupLeaderChal'),
-      });
-    });
-
    it('allows non-leader member to create a challenge', async () => {
      let populatedGroup = await createAndPopulateGroup({
        members: 1,
@@ -304,14 +294,14 @@ describe('POST /challenges', () => {
      expect(groupLeader.challenges.length).to.equal(0);
    });

-    it('awards achievement if this is creator\'s first challenge', async () => {
+    it('does not award joinedChallenge achievement for creating a challenge', async () => {
      await groupLeader.post('/challenges', {
        group: group._id,
        name: 'Test Challenge',
        shortName: 'TC Label',
      });
      groupLeader = await groupLeader.sync();
-      expect(groupLeader.achievements.joinedChallenge).to.be.true;
+      expect(groupLeader.achievements.joinedChallenge).to.not.be.true;
    });

    it('sets summary to challenges name when not supplied', async () => {
--- a/test/api/v3/integration/challenges/POST-challenges_challengeId_join.test.js
+++ b/test/api/v3/integration/challenges/POST-challenges_challengeId_join.test.js
@@ -46,7 +46,7 @@ describe('POST /challenges/:challengeId/join', () => {
      await groupLeader.post(`/challenges/${challenge._id}/join`);
    });

-    it('returns an error when user doesn\'t have permissions to access the challenge', async () => {
+    it('returns an error when user isn\'t in the private group and isn\'t challenge leader', async () => {
      let unauthorizedUser = await generateUser();

      await expect(unauthorizedUser.post(`/challenges/${challenge._id}/join`)).to.eventually.be.rejected.and.eql({
@@ -56,6 +56,16 @@ describe('POST /challenges/:challengeId/join', () => {
      });
    });

+    it('succeeds when user isn\'t in the private group but is challenge leader', async () => {
+      await groupLeader.post(`/challenges/${challenge._id}/leave`);
+      await groupLeader.post(`/groups/${group._id}/leave`);
+      await groupLeader.sync();
+      expect(groupLeader.guilds).to.be.empty; // check that leaving worked
+
+      let res = await groupLeader.post(`/challenges/${challenge._id}/join`);
+      expect(res.name).to.equal(challenge.name);
+    });
+
    it('returns challenge data', async () => {
      let res = await authorizedUser.post(`/challenges/${challenge._id}/join`);

@@ -69,6 +79,14 @@ describe('POST /challenges/:challengeId/join', () => {
        _id: groupLeader._id,
        id: groupLeader._id,
        profile: {name: groupLeader.profile.name},
+        auth: {
+          local: {
+            username: groupLeader.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
      });
      expect(res.name).to.equal(challenge.name);
    });
--- a/test/api/v3/integration/challenges/PUT-challenges_challengeId.test.js
+++ b/test/api/v3/integration/challenges/PUT-challenges_challengeId.test.js
@@ -79,6 +79,14 @@ describe('PUT /challenges/:challengeId', () => {
      _id: member._id,
      id: member._id,
      profile: {name: member.profile.name},
+      auth: {
+        local: {
+          username: member.auth.local.username,
+        },
+      },
+      flags: {
+        verifiedUsername: true,
+      },
    });
    expect(res.name).to.equal('New Challenge Name');
    expect(res.description).to.equal('New challenge description.');
--- a/test/api/v3/integration/chat/POST-chat.flag.test.js
+++ b/test/api/v3/integration/chat/POST-chat.flag.test.js
@@ -3,15 +3,23 @@ import {
  translate as t,
 } from '../../../../helpers/api-integration/v3';
 import { find } from 'lodash';
+import moment from 'moment';
+import nconf from 'nconf';
+import { IncomingWebhook } from '@slack/client';
+
+const BASE_URL = nconf.get('BASE_URL');

 describe('POST /chat/:chatId/flag', () => {
-  let user, admin, anotherUser, group;
+  let user, admin, anotherUser, newUser, group;
  const TEST_MESSAGE = 'Test Message';
+  const USER_AGE_FOR_FLAGGING = 3;

  beforeEach(async () => {
-    user = await generateUser({balance: 1});
+    user = await generateUser({balance: 1, 'auth.timestamps.created': moment().subtract(USER_AGE_FOR_FLAGGING + 1, 'days').toDate()});
    admin = await generateUser({balance: 1, 'contributor.admin': true});
-    anotherUser = await generateUser();
+    anotherUser = await generateUser({'auth.timestamps.created': moment().subtract(USER_AGE_FOR_FLAGGING + 1, 'days').toDate()});
+    newUser = await generateUser({'auth.timestamps.created': moment().subtract(1, 'days').toDate()});
+    sandbox.stub(IncomingWebhook.prototype, 'send');

    group = await user.post('/groups', {
      name: 'Test Guild',
@@ -20,6 +28,10 @@ describe('POST /chat/:chatId/flag', () => {
    });
  });

+  afterEach(() => {
+    sandbox.restore();
+  });
+
  it('Returns an error when chat message is not found', async () => {
    await expect(user.post(`/groups/${group._id}/chat/incorrectMessage/flag`))
      .to.eventually.be.rejected.and.eql({
@@ -34,7 +46,7 @@ describe('POST /chat/:chatId/flag', () => {
    await expect(user.post(`/groups/${group._id}/chat/${message.message.id}/flag`)).to.eventually.be.ok;
  });

-  it('Flags a chat', async () => {
+  it('Flags a chat and sends normal message to moderator Slack when user is not new', async () => {
    let { message } = await anotherUser.post(`/groups/${group._id}/chat`, {message: TEST_MESSAGE});

    let flagResult = await user.post(`/groups/${group._id}/chat/${message.id}/flag`);
@@ -45,6 +57,62 @@ describe('POST /chat/:chatId/flag', () => {

    let messageToCheck = find(groupWithFlags.chat, {id: message.id});
    expect(messageToCheck.flags[user._id]).to.equal(true);
+
+    // Slack message to mods
+    const timestamp = `${moment(message.timestamp).utc().format('YYYY-MM-DD HH:mm')} UTC`;
+
+    /* eslint-disable camelcase */
+    expect(IncomingWebhook.prototype.send).to.be.calledWith({
+      text: `${user.profile.name} (${user.id}; language: en) flagged a message`,
+      attachments: [{
+        fallback: 'Flag Message',
+        color: 'danger',
+        author_name: `${anotherUser.profile.name} - ${anotherUser.auth.local.email} - ${anotherUser._id}\n${timestamp}`,
+        title: 'Flag in Test Guild',
+        title_link: `${BASE_URL}/groups/guild/${group._id}`,
+        text: TEST_MESSAGE,
+        footer: `<https://habitrpg.github.io/flag-o-rama/?groupId=${group._id}&chatId=${message.id}|Flag this message.>`,
+        mrkdwn_in: [
+          'text',
+        ],
+      }],
+    });
+    /* eslint-ensable camelcase */
+  });
+
+  it('Does not increment message flag count and sends different message to moderator Slack when user is new', async () => {
+    let automatedComment = `The post's flag count has not been increased because the flagger's account is less than ${USER_AGE_FOR_FLAGGING} days old.`;
+    let { message } = await newUser.post(`/groups/${group._id}/chat`, {message: TEST_MESSAGE});
+
+    let flagResult = await newUser.post(`/groups/${group._id}/chat/${message.id}/flag`);
+    expect(flagResult.flags[newUser._id]).to.equal(true);
+    expect(flagResult.flagCount).to.equal(0);
+
+    let groupWithFlags = await admin.get(`/groups/${group._id}`);
+
+    let messageToCheck = find(groupWithFlags.chat, {id: message.id});
+    expect(messageToCheck.flags[newUser._id]).to.equal(true);
+
+    // Slack message to mods
+    const timestamp = `${moment(message.timestamp).utc().format('YYYY-MM-DD HH:mm')} UTC`;
+
+    /* eslint-disable camelcase */
+    expect(IncomingWebhook.prototype.send).to.be.calledWith({
+      text: `${newUser.profile.name} (${newUser.id}; language: en) flagged a message`,
+      attachments: [{
+        fallback: 'Flag Message',
+        color: 'danger',
+        author_name: `${newUser.profile.name} - ${newUser.auth.local.email} - ${newUser._id}\n${timestamp}`,
+        title: 'Flag in Test Guild',
+        title_link: `${BASE_URL}/groups/guild/${group._id}`,
+        text: TEST_MESSAGE,
+        footer: `<https://habitrpg.github.io/flag-o-rama/?groupId=${group._id}&chatId=${message.id}|Flag this message.> ${automatedComment}`,
+        mrkdwn_in: [
+          'text',
+        ],
+      }],
+    });
+    /* eslint-ensable camelcase */
  });

  it('Flags a chat when the author\'s account was deleted', async () => {
@@ -117,7 +185,7 @@ describe('POST /chat/:chatId/flag', () => {
      });
  });

-  it('Returns an error when user tries to flag a message that is already flagged', async () => {
+  it('Returns an error when user tries to flag a message that they already flagged', async () => {
    let { message } = await anotherUser.post(`/groups/${group._id}/chat`, {message: TEST_MESSAGE});

    await user.post(`/groups/${group._id}/chat/${message.id}/flag`);
--- a/test/api/v3/integration/chat/POST-chat.test.js
+++ b/test/api/v3/integration/chat/POST-chat.test.js
@@ -1,3 +1,5 @@
+import { IncomingWebhook } from '@slack/client';
+import nconf from 'nconf';
 import {
  createAndPopulateGroup,
  generateUser,
@@ -15,8 +17,6 @@ import { getMatchesByWordArray } from '../../../../../website/server/libs/string
 import bannedWords from '../../../../../website/server/libs/bannedWords';
 import guildsAllowingBannedWords from '../../../../../website/server/libs/guildsAllowingBannedWords';
 import * as email from '../../../../../website/server/libs/email';
-import { IncomingWebhook } from '@slack/client';
-import nconf from 'nconf';

 const BASE_URL = nconf.get('BASE_URL');

@@ -80,12 +80,14 @@ describe('POST /chat', () => {
    });
  });

-  it('returns an error when chat privileges are revoked when sending a message to a public guild', async () => {
-    let userWithChatRevoked = await member.update({'flags.chatRevoked': true});
-    await expect(userWithChatRevoked.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage})).to.eventually.be.rejected.and.eql({
-      code: 401,
-      error: 'NotAuthorized',
-      message: t('chatPrivilegesRevoked'),
+  describe('mute user', () => {
+    it('returns an error when chat privileges are revoked when sending a message to a public guild', async () => {
+      const userWithChatRevoked = await member.update({'flags.chatRevoked': true});
+      await expect(userWithChatRevoked.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage})).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('chatPrivilegesRevoked'),
+      });
    });
  });

@@ -259,7 +261,6 @@ describe('POST /chat', () => {
          title: 'Slur in Test Guild',
          title_link: `${BASE_URL}/groups/guild/${groupWithChat.id}`,
          text: testSlurMessage,
-          // footer: sandbox.match(/<.*?groupId=group-id&chatId=chat-id\|Flag this message>/),
          mrkdwn_in: [
            'text',
          ],
@@ -274,6 +275,7 @@ describe('POST /chat', () => {
        message: t('chatPrivilegesRevoked'),
      });

+      // @TODO: The next test should not depend on this. We should reset the user test in a beforeEach
      // Restore chat privileges to continue testing
      user.flags.chatRevoked = false;
      await user.update({'flags.chatRevoked': false});
@@ -312,7 +314,6 @@ describe('POST /chat', () => {
          title: 'Slur in Party - (private party)',
          title_link: undefined,
          text: testSlurMessage,
-          // footer: sandbox.match(/<.*?groupId=group-id&chatId=chat-id\|Flag this message>/),
          mrkdwn_in: [
            'text',
          ],
@@ -388,6 +389,23 @@ describe('POST /chat', () => {
    expect(groupMessages[0].id).to.exist;
  });

+  it('creates a chat with a max length of 3000 chars', async () => {
+    const veryLongMessage = `
+    123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789.
+    THIS PART WON'T BE IN THE MESSAGE (over 3000)
+    `;
+
+    const newMessage = await user.post(`/groups/${groupWithChat._id}/chat`, { message: veryLongMessage});
+    const groupMessages = await user.get(`/groups/${groupWithChat._id}/chat`);
+
+    expect(newMessage.message.id).to.exist;
+    expect(groupMessages[0].id).to.exist;
+
+    expect(newMessage.message.text.length).to.eql(3000);
+    expect(newMessage.message.text).to.not.contain('MESSAGE');
+    expect(groupMessages[0].text.length).to.eql(3000);
+  });
+
  it('creates a chat with user styles', async () => {
    const mount = 'test-mount';
    const pet = 'test-pet';
--- a/test/api/v3/integration/chat/POST-groups_id_chat_id_clear_flags.test.js
+++ b/test/api/v3/integration/chat/POST-groups_id_chat_id_clear_flags.test.js
@@ -4,23 +4,24 @@ import {
  translate as t,
 } from '../../../../helpers/api-integration/v3';
 import config from '../../../../../config.json';
+import moment from 'moment';
 import { v4 as generateUUID } from 'uuid';

 describe('POST /groups/:id/chat/:id/clearflags', () => {
+  const USER_AGE_FOR_FLAGGING = 3;
  let groupWithChat, message, author, nonAdmin, admin;

  before(async () => {
-    let { group, groupLeader, members } = await createAndPopulateGroup({
+    let { group, groupLeader } = await createAndPopulateGroup({
      groupDetails: {
        type: 'guild',
        privacy: 'public',
      },
-      members: 1,
    });

    groupWithChat = group;
    author = groupLeader;
-    nonAdmin = members[0];
+    nonAdmin = await generateUser({'auth.timestamps.created': moment().subtract(USER_AGE_FOR_FLAGGING + 1, 'days').toDate()});
    admin = await generateUser({'contributor.admin': true});

    message = await author.post(`/groups/${groupWithChat._id}/chat`, { message: 'Some message' });
@@ -69,9 +70,14 @@ describe('POST /groups/:id/chat/:id/clearflags', () => {
      privateMessage = privateMessage.message;

      await admin.post(`/groups/${group._id}/chat/${privateMessage.id}/flag`);
+
+      // first test that the flag was actually successful
+      let messages = await members[0].get(`/groups/${group._id}/chat`);
+      expect(messages[0].flagCount).to.eql(5);
+
      await admin.post(`/groups/${group._id}/chat/${privateMessage.id}/clearflags`);

-      let messages = await members[0].get(`/groups/${group._id}/chat`);
+      messages = await members[0].get(`/groups/${group._id}/chat`);
      expect(messages[0].flagCount).to.eql(0);
    });

@@ -100,7 +106,7 @@ describe('POST /groups/:id/chat/:id/clearflags', () => {
        .to.eventually.be.rejected.and.eql({
          code: 400,
          error: 'BadRequest',
-          message: t('messageCannotFlagSystemMessages', {communityManagerEmail: config.EMAILS.COMMUNITY_MANAGER_EMAIL}),
+          message: t('messageCannotFlagSystemMessages', {communityManagerEmail: config.EMAILS_COMMUNITY_MANAGER_EMAIL}),
        });
      // let messages = await members[0].get(`/groups/${group._id}/chat`);
      // expect(messages[0].id).to.eql(skillMsg.id);
--- a/test/api/v3/integration/dataexport/GET-export_userdata.xml.test.js
+++ b/test/api/v3/integration/dataexport/GET-export_userdata.xml.test.js
@@ -23,6 +23,17 @@ describe('GET /export/userdata.xml', () => {

    ]);

+    // add pinnedItem
+    await user.get('/user/toggle-pinned-item/marketGear/gear.flat.shield_rogue_5');
+
+    // add a private message
+    let receiver = await generateUser();
+
+    user.post('/members/send-private-message', {
+      message: 'Your first message, hi!',
+      toUserId: receiver._id,
+    });
+
    let response = await user.get('/export/userdata.xml');
    let {user: res} = await parseStringAsync(response, {explicitArray: false});

--- a/test/api/v3/integration/groups/GET-groups.test.js
+++ b/test/api/v3/integration/groups/GET-groups.test.js
@@ -203,7 +203,7 @@ describe('GET /groups', () => {
      let page2 = await expect(user.get('/groups?type=publicGuilds&paginate=true&page=2'))
        .to.eventually.have.a.lengthOf(1 + 4); // 1 created now, 4 by other tests
      expect(page2[4].name).to.equal('guild with less members');
-    });
+    }).timeout(10000);
  });

  it('returns all the user\'s guilds when guilds passed in as query', async () => {
--- a/test/api/v3/integration/groups/GET-groups_groupId_invites.test.js
+++ b/test/api/v3/integration/groups/GET-groups_groupId_invites.test.js
@@ -50,6 +50,14 @@ describe('GET /groups/:groupId/invites', () => {
      _id: invited._id,
      id: invited._id,
      profile: {name: invited.profile.name},
+      auth: {
+        local: {
+          username: invited.auth.local.username,
+        },
+      },
+      flags: {
+        verifiedUsername: true,
+      },
    });
  });

@@ -58,7 +66,7 @@ describe('GET /groups/:groupId/invites', () => {
    let invited = await generateUser();
    await user.post(`/groups/${group._id}/invite`, {uuids: [invited._id]});
    let res = await user.get('/groups/party/invites');
-    expect(res[0]).to.have.all.keys(['_id', 'id', 'profile']);
+    expect(res[0]).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
    expect(res[0].profile).to.have.all.keys(['name']);
  });

@@ -76,10 +84,10 @@ describe('GET /groups/:groupId/invites', () => {
    let res = await leader.get(`/groups/${group._id}/invites`);
    expect(res.length).to.equal(30);
    res.forEach(member => {
-      expect(member).to.have.all.keys(['_id', 'id', 'profile']);
+      expect(member).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
      expect(member.profile).to.have.all.keys(['name']);
    });
-  });
+  }).timeout(10000);

  it('supports using req.query.lastId to get more invites', async function () {
    this.timeout(30000); // @TODO: times out after 8 seconds
--- a/test/api/v3/integration/groups/GET-groups_groupId_members.test.js
+++ b/test/api/v3/integration/groups/GET-groups_groupId_members.test.js
@@ -56,13 +56,21 @@ describe('GET /groups/:groupId/members', () => {
      _id: user._id,
      id: user._id,
      profile: {name: user.profile.name},
+      auth: {
+        local: {
+          username: user.auth.local.username,
+        },
+      },
+      flags: {
+        verifiedUsername: true,
+      },
    });
  });

  it('populates only some fields', async () => {
    await generateGroup(user, {type: 'party', name: generateUUID()});
    let res = await user.get('/groups/party/members');
-    expect(res[0]).to.have.all.keys(['_id', 'id', 'profile']);
+    expect(res[0]).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
    expect(res[0].profile).to.have.all.keys(['name']);
  });

@@ -74,10 +82,10 @@ describe('GET /groups/:groupId/members', () => {
      '_id', 'id', 'preferences', 'profile', 'stats', 'achievements', 'party',
      'backer', 'contributor', 'auth', 'items', 'inbox', 'loginIncentives', 'flags',
    ]);
-    expect(Object.keys(memberRes.auth)).to.eql(['timestamps']);
+    expect(Object.keys(memberRes.auth)).to.eql(['local', 'timestamps']);
    expect(Object.keys(memberRes.preferences).sort()).to.eql([
      'size', 'hair', 'skin', 'shirt',
-      'chair', 'costume', 'sleep', 'background', 'tasks',
+      'chair', 'costume', 'sleep', 'background', 'tasks', 'disableClasses',
    ].sort());

    expect(memberRes.stats.maxMP).to.exist;
@@ -95,10 +103,10 @@ describe('GET /groups/:groupId/members', () => {
      '_id', 'id', 'preferences', 'profile', 'stats', 'achievements', 'party',
      'backer', 'contributor', 'auth', 'items', 'inbox', 'loginIncentives', 'flags',
    ]);
-    expect(Object.keys(memberRes.auth)).to.eql(['timestamps']);
+    expect(Object.keys(memberRes.auth)).to.eql(['local', 'timestamps']);
    expect(Object.keys(memberRes.preferences).sort()).to.eql([
      'size', 'hair', 'skin', 'shirt',
-      'chair', 'costume', 'sleep', 'background', 'tasks',
+      'chair', 'costume', 'sleep', 'background', 'tasks', 'disableClasses',
    ].sort());

    expect(memberRes.stats.maxMP).to.exist;
@@ -120,7 +128,7 @@ describe('GET /groups/:groupId/members', () => {
    let res = await user.get('/groups/party/members');
    expect(res.length).to.equal(30);
    res.forEach(member => {
-      expect(member).to.have.all.keys(['_id', 'id', 'profile']);
+      expect(member).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
      expect(member.profile).to.have.all.keys(['name']);
    });
  });
@@ -137,7 +145,7 @@ describe('GET /groups/:groupId/members', () => {
    let res = await user.get('/groups/party/members?includeAllMembers=true');
    expect(res.length).to.equal(30);
    res.forEach(member => {
-      expect(member).to.have.all.keys(['_id', 'id', 'profile']);
+      expect(member).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
      expect(member.profile).to.have.all.keys(['name']);
    });
  });
--- a/test/api/v3/integration/groups/POST-groups_invite.test.js
+++ b/test/api/v3/integration/groups/POST-groups_invite.test.js
@@ -23,6 +23,73 @@ describe('Post /groups/:groupId/invite', () => {
    });
  });

+  describe('username invites', () => {
+    it('returns an error when invited user is not found', async () => {
+      const fakeID = 'fakeuserid';
+
+      await expect(inviter.post(`/groups/${group._id}/invite`, {
+        usernames: [fakeID],
+      }))
+        .to.eventually.be.rejected.and.eql({
+          code: 404,
+          error: 'NotFound',
+          message: t('userWithUsernameNotFound', {username: fakeID}),
+        });
+    });
+
+    it('returns an error when inviting yourself to a group', async () => {
+      await expect(inviter.post(`/groups/${group._id}/invite`, {
+        usernames: [inviter.auth.local.lowerCaseUsername],
+      }))
+        .to.eventually.be.rejected.and.eql({
+          code: 400,
+          error: 'BadRequest',
+          message: t('cannotInviteSelfToGroup'),
+        });
+    });
+
+    it('invites a user to a group by username', async () => {
+      const userToInvite = await generateUser();
+
+      await expect(inviter.post(`/groups/${group._id}/invite`, {
+        usernames: [userToInvite.auth.local.lowerCaseUsername],
+      })).to.eventually.deep.equal([{
+        id: group._id,
+        name: groupName,
+        inviter: inviter._id,
+        publicGuild: false,
+      }]);
+
+      await expect(userToInvite.get('/user'))
+        .to.eventually.have.nested.property('invitations.guilds[0].id', group._id);
+    });
+
+    it('invites multiple users to a group by uuid', async () => {
+      const userToInvite = await generateUser();
+      const userToInvite2 = await generateUser();
+
+      await expect(inviter.post(`/groups/${group._id}/invite`, {
+        usernames: [userToInvite.auth.local.lowerCaseUsername, userToInvite2.auth.local.lowerCaseUsername],
+      })).to.eventually.deep.equal([
+        {
+          id: group._id,
+          name: groupName,
+          inviter: inviter._id,
+          publicGuild: false,
+        },
+        {
+          id: group._id,
+          name: groupName,
+          inviter: inviter._id,
+          publicGuild: false,
+        },
+      ]);
+
+      await expect(userToInvite.get('/user')).to.eventually.have.nested.property('invitations.guilds[0].id', group._id);
+      await expect(userToInvite2.get('/user')).to.eventually.have.nested.property('invitations.guilds[0].id', group._id);
+    });
+  });
+
  describe('user id invites', () => {
    it('returns an error when inviter has no chat privileges', async () => {
      let inviterMuted = await inviter.update({'flags.chatRevoked': true});
@@ -93,7 +160,7 @@ describe('Post /groups/:groupId/invite', () => {
        .to.eventually.be.rejected.and.eql({
          code: 400,
          error: 'BadRequest',
-          message: t('inviteMissingUuid'),
+          message: t('inviteMustNotBeEmpty'),
        });
    });

@@ -228,7 +295,7 @@ describe('Post /groups/:groupId/invite', () => {
        .to.eventually.be.rejected.and.eql({
          code: 400,
          error: 'BadRequest',
-          message: t('inviteMissingEmail'),
+          message: t('inviteMustNotBeEmpty'),
        });
    });

@@ -266,7 +333,7 @@ describe('Post /groups/:groupId/invite', () => {
        .to.eventually.be.rejected.and.eql({
          code: 401,
          error: 'NotAuthorized',
-          message: t('inviteLimitReached', {techAssistanceEmail: nconf.get('EMAILS:TECH_ASSISTANCE_EMAIL')}),
+          message: t('inviteLimitReached', {techAssistanceEmail: nconf.get('EMAILS_TECH_ASSISTANCE_EMAIL')}),
        });
    });

@@ -417,7 +484,7 @@ describe('Post /groups/:groupId/invite', () => {
      expect(await inviter.post(`/groups/${group._id}/invite`, {
        uuids: generatedInvites.map(invite => invite._id),
      })).to.be.an('array');
-    });
+    }).timeout(10000);

    // @TODO: Add this after we are able to mock the group plan route
    xit('returns an error when a non-leader invites to a group plan', async () => {
@@ -564,7 +631,7 @@ describe('Post /groups/:groupId/invite', () => {
      expect(await inviter.post(`/groups/${party._id}/invite`, {
        uuids: generatedInvites.map(invite => invite._id),
      })).to.be.an('array');
-    });
+    }).timeout(10000);

    it('does not allow 30+ members in a party', async () => {
      let invitesToGenerate = [];
@@ -582,6 +649,6 @@ describe('Post /groups/:groupId/invite', () => {
          error: 'BadRequest',
          message: t('partyExceedsMembersLimit', {maxMembersParty: PARTY_LIMIT_MEMBERS}),
        });
-    });
+    }).timeout(10000);
  });
 });
--- a/test/api/v3/integration/hall/GET-hall_patrons.test.js
+++ b/test/api/v3/integration/hall/GET-hall_patrons.test.js
@@ -56,5 +56,5 @@ describe('GET /hall/patrons', () => {
    expect(morePatrons.length).to.equal(2);
    expect(morePatrons[0].backer.tier).to.equal(2);
    expect(morePatrons[1].backer.tier).to.equal(1);
-  });
+  }).timeout(10000);
 });
--- a/test/api/v3/integration/inbox/GET-inbox_messages.test.js
+++ b/test/api/v3/integration/inbox/GET-inbox_messages.test.js
@@ -1,6 +1,6 @@
 import {
  generateUser,
-} from '../../../helpers/api-integration/v4';
+} from '../../../../helpers/api-integration/v3';

 describe('GET /inbox/messages', () => {
  let user;
@@ -22,17 +22,27 @@ describe('GET /inbox/messages', () => {
      message: 'third',
    });

+    // message to yourself
+    await user.post('/members/send-private-message', {
+      toUserId: user.id,
+      message: 'fourth',
+    });
+
    await user.sync();
  });

  it('returns the user inbox messages as an array of ordered messages (from most to least recent)', async () => {
    const messages = await user.get('/inbox/messages');

-    expect(messages.length).to.equal(3);
-    expect(messages.length).to.equal(Object.keys(user.inbox.messages).length);
+    expect(messages.length).to.equal(4);

-    expect(messages[0].text).to.equal('third');
-    expect(messages[1].text).to.equal('second');
-    expect(messages[2].text).to.equal('first');
+    // message to yourself
+    expect(messages[0].text).to.equal('fourth');
+    expect(messages[0].sent).to.equal(false);
+    expect(messages[0].uuid).to.equal(user._id);
+
+    expect(messages[1].text).to.equal('third');
+    expect(messages[2].text).to.equal('second');
+    expect(messages[3].text).to.equal('first');
  });
-});
+});
--- a/test/api/v3/integration/members/GET-members_id.test.js
+++ b/test/api/v3/integration/members/GET-members_id.test.js
@@ -34,10 +34,10 @@ describe('GET /members/:memberId', () => {
      '_id', 'id', 'preferences', 'profile', 'stats', 'achievements', 'party',
      'backer', 'contributor', 'auth', 'items', 'inbox', 'loginIncentives', 'flags',
    ]);
-    expect(Object.keys(memberRes.auth)).to.eql(['timestamps']);
+    expect(Object.keys(memberRes.auth)).to.eql(['local', 'timestamps']);
    expect(Object.keys(memberRes.preferences).sort()).to.eql([
      'size', 'hair', 'skin', 'shirt',
-      'chair', 'costume', 'sleep', 'background', 'tasks',
+      'chair', 'costume', 'sleep', 'background', 'tasks', 'disableClasses',
    ].sort());

    expect(memberRes.stats.maxMP).to.exist;
--- a/test/api/v3/integration/members/POST-send_private_message.test.js
+++ b/test/api/v3/integration/members/POST-send_private_message.test.js
@@ -100,7 +100,7 @@ describe('POST /members/send-private-message', () => {
    let receiver = await generateUser();
    // const initialNotifications = receiver.notifications.length;

-    await userToSendMessage.post('/members/send-private-message', {
+    const response = await userToSendMessage.post('/members/send-private-message', {
      message: messageToSend,
      toUserId: receiver._id,
    });
@@ -116,6 +116,9 @@ describe('POST /members/send-private-message', () => {
      return message.uuid === receiver._id && message.text === messageToSend;
    });

+    expect(response.message.text).to.deep.equal(sendersMessageInSendersInbox.text);
+    expect(response.message.uuid).to.deep.equal(sendersMessageInSendersInbox.uuid);
+
    // @TODO waiting for mobile support
    // expect(updatedReceiver.notifications.length).to.equal(initialNotifications + 1);
    // const notification = updatedReceiver.notifications[updatedReceiver.notifications.length - 1];
--- a/test/api/v3/integration/notifications/prevent-multiple-notification.js
+++ b/test/api/v3/integration/notifications/prevent-multiple-notification.js
@@ -0,0 +1,39 @@
+import {
+  createAndPopulateGroup,
+} from '../../../../helpers/api-integration/v3';
+
+describe('Prevent multiple notifications', () => {
+  let partyLeader, partyMembers, party;
+
+  before(async () => {
+    let { group, groupLeader, members } = await createAndPopulateGroup({
+      groupDetails: {
+        type: 'party',
+        privacy: 'private',
+      },
+      members: 4,
+    });
+
+    party = group;
+    partyLeader = groupLeader;
+    partyMembers = members;
+  });
+
+  it('does not add the same notification twice', async () => {
+    const multipleChatMessages = [];
+
+    for (let i = 0; i < 4; i++) {
+      for (let memberIndex = 0; memberIndex < partyMembers.length; memberIndex++) {
+        multipleChatMessages.push(
+          partyMembers[memberIndex].post(`/groups/${party._id}/chat`, { message: `Message ${i}_${memberIndex}`}),
+        );
+      }
+    }
+
+    await Promise.all(multipleChatMessages);
+
+    const userWithNotification = await partyLeader.get('/user');
+
+    expect(userWithNotification.notifications.length).to.be.eq(1);
+  });
+});
--- a/test/api/v3/integration/payments/amazon/GET-payments_amazon_subscribe_cancel.test.js
+++ b/test/api/v3/integration/payments/amazon/GET-payments_amazon_subscribe_cancel.test.js
@@ -23,7 +23,7 @@ describe('payments : amazon #subscribeCancel', () => {

  describe('success', () => {
    beforeEach(() => {
-      amazonSubscribeCancelStub = sinon.stub(amzLib, 'cancelSubscription').returnsPromise().resolves({});
+      amazonSubscribeCancelStub = sinon.stub(amzLib, 'cancelSubscription').resolves({});
    });

    afterEach(() => {
--- a/test/api/v3/integration/payments/amazon/POST-payments_amazon_checkout.test.js
+++ b/test/api/v3/integration/payments/amazon/POST-payments_amazon_checkout.test.js
@@ -21,7 +21,7 @@ describe('payments - amazon - #checkout', () => {

  describe('success', () => {
    beforeEach(async () => {
-      amazonCheckoutStub = sinon.stub(amzLib, 'checkout').returnsPromise().resolves({});
+      amazonCheckoutStub = sinon.stub(amzLib, 'checkout').resolves({});
    });

    afterEach(() => {
--- a/test/api/v3/integration/payments/amazon/POST-payments_amazon_subscribe.test.js
+++ b/test/api/v3/integration/payments/amazon/POST-payments_amazon_subscribe.test.js
@@ -27,7 +27,7 @@ describe('payments - amazon - #subscribe', () => {
    let coupon;

    beforeEach(() => {
-      subscribeWithAmazonStub = sinon.stub(amzLib, 'subscribe').returnsPromise().resolves({});
+      subscribeWithAmazonStub = sinon.stub(amzLib, 'subscribe').resolves({});
    });

    afterEach(() => {
--- a/test/api/v3/integration/payments/apple/GET-payments_apple_cancelSubscribe.js
+++ b/test/api/v3/integration/payments/apple/GET-payments_apple_cancelSubscribe.js
@@ -13,7 +13,7 @@ describe('payments : apple #cancelSubscribe', () => {
    let cancelStub;

    beforeEach(async () => {
-      cancelStub = sinon.stub(applePayments, 'cancelSubscribe').returnsPromise().resolves({});
+      cancelStub = sinon.stub(applePayments, 'cancelSubscribe').resolves({});
    });

    afterEach(() => {
--- a/test/api/v3/integration/payments/apple/POST-payments_apple_norenewsubscribe.test.js
+++ b/test/api/v3/integration/payments/apple/POST-payments_apple_norenewsubscribe.test.js
@@ -0,0 +1,67 @@
+import {generateUser, translate as t} from '../../../../../helpers/api-integration/v3';
+import applePayments from '../../../../../../website/server/libs/payments/apple';
+
+describe('payments : apple #norenewsubscribe', () => {
+  let endpoint = '/iap/ios/norenew-subscribe';
+  let sku = 'com.habitrpg.ios.habitica.subscription.3month';
+  let user;
+
+  beforeEach(async () => {
+    user = await generateUser();
+  });
+
+  it('verifies sub key', async () => {
+    await expect(user.post(endpoint)).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('missingSubscriptionCode'),
+    });
+  });
+
+  it('verifies receipt existence', async () => {
+    await expect(user.post(endpoint, {
+      sku,
+    })).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('missingReceipt'),
+    });
+  });
+
+  describe('success', () => {
+    let subscribeStub;
+
+    beforeEach(async () => {
+      subscribeStub = sinon.stub(applePayments, 'noRenewSubscribe').resolves({});
+    });
+
+    afterEach(() => {
+      applePayments.noRenewSubscribe.restore();
+    });
+
+    it('makes a purchase', async () => {
+      user = await generateUser({
+        'profile.name': 'sender',
+        'purchased.plan.customerId': 'customer-id',
+        'purchased.plan.planId': 'basic_3mo',
+        'purchased.plan.lastBillingDate': new Date(),
+        balance: 2,
+      });
+
+      await user.post(endpoint, {
+        sku,
+        transaction: {receipt: 'receipt'},
+        gift: {
+          uuid: '1',
+        },
+      });
+
+      expect(subscribeStub).to.be.calledOnce;
+      expect(subscribeStub.args[0][0].user._id).to.eql(user._id);
+      expect(subscribeStub.args[0][0].sku).to.eql(sku);
+      expect(subscribeStub.args[0][0].receipt).to.eql('receipt');
+      expect(subscribeStub.args[0][0].headers['x-api-key']).to.eql(user.apiToken);
+      expect(subscribeStub.args[0][0].headers['x-api-user']).to.eql(user._id);
+    });
+  });
+});
--- a/test/api/v3/integration/payments/apple/POST-payments_google_subscribe.test.js
+++ b/test/api/v3/integration/payments/apple/POST-payments_google_subscribe.test.js
@@ -21,7 +21,7 @@ describe('payments : apple #subscribe', () => {
    let subscribeStub;

    beforeEach(async () => {
-      subscribeStub = sinon.stub(applePayments, 'subscribe').returnsPromise().resolves({});
+      subscribeStub = sinon.stub(applePayments, 'subscribe').resolves({});
    });

    afterEach(() => {
--- a/test/api/v3/integration/payments/apple/POST-payments_apple_verifyiap.js
+++ b/test/api/v3/integration/payments/apple/POST-payments_apple_verifyiap.js
@@ -1,4 +1,4 @@
-import {generateUser} from '../../../../../helpers/api-integration/v3';
+import {generateUser, translate as t} from '../../../../../helpers/api-integration/v3';
 import applePayments from '../../../../../../website/server/libs/payments/apple';

 describe('payments : apple #verify', () => {
@@ -9,11 +9,19 @@ describe('payments : apple #verify', () => {
    user = await generateUser();
  });

+  it('verifies receipt existence', async () => {
+    await expect(user.post(endpoint)).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('missingReceipt'),
+    });
+  });
+
  describe('success', () => {
    let verifyStub;

    beforeEach(async () => {
-      verifyStub = sinon.stub(applePayments, 'verifyGemPurchase').returnsPromise().resolves({});
+      verifyStub = sinon.stub(applePayments, 'verifyGemPurchase').resolves({});
    });

    afterEach(() => {
@@ -31,10 +39,31 @@ describe('payments : apple #verify', () => {
        }});

      expect(verifyStub).to.be.calledOnce;
-      expect(verifyStub.args[0][0]._id).to.eql(user._id);
-      expect(verifyStub.args[0][1]).to.eql('receipt');
-      expect(verifyStub.args[0][2]['x-api-key']).to.eql(user.apiToken);
-      expect(verifyStub.args[0][2]['x-api-user']).to.eql(user._id);
+      expect(verifyStub.args[0][0].user._id).to.eql(user._id);
+      expect(verifyStub.args[0][0].receipt).to.eql('receipt');
+      expect(verifyStub.args[0][0].headers['x-api-key']).to.eql(user.apiToken);
+      expect(verifyStub.args[0][0].headers['x-api-user']).to.eql(user._id);
+    });
+
+    it('gifts a purchase', async () => {
+      user = await generateUser({
+        balance: 2,
+      });
+
+      await user.post(endpoint, {
+        transaction: {
+          receipt: 'receipt',
+        },
+        gift: {
+          uuid: '1',
+        }});
+
+      expect(verifyStub).to.be.calledOnce;
+      expect(verifyStub.args[0][0].user._id).to.eql(user._id);
+      expect(verifyStub.args[0][0].receipt).to.eql('receipt');
+      expect(verifyStub.args[0][0].gift.uuid).to.eql('1');
+      expect(verifyStub.args[0][0].headers['x-api-key']).to.eql(user.apiToken);
+      expect(verifyStub.args[0][0].headers['x-api-user']).to.eql(user._id);
    });
  });
 });
--- a/test/api/v3/integration/payments/google/GET-payments_google_cancelSubscribe.js
+++ b/test/api/v3/integration/payments/google/GET-payments_google_cancelSubscribe.js
@@ -13,7 +13,7 @@ describe('payments : google #cancelSubscribe', () => {
    let cancelStub;

    beforeEach(async () => {
-      cancelStub = sinon.stub(googlePayments, 'cancelSubscribe').returnsPromise().resolves({});
+      cancelStub = sinon.stub(googlePayments, 'cancelSubscribe').resolves({});
    });

    afterEach(() => {
--- a/test/api/v3/integration/payments/google/POST-payments_google_norenewsubscribe.test.js
+++ b/test/api/v3/integration/payments/google/POST-payments_google_norenewsubscribe.test.js
@@ -0,0 +1,97 @@
+import {generateUser, translate as t} from '../../../../../helpers/api-integration/v3';
+import googlePayments from '../../../../../../website/server/libs/payments/google';
+
+describe('payments : google #norenewsubscribe', () => {
+  let endpoint = '/iap/android/norenew-subscribe';
+  let sku = 'com.habitrpg.android.habitica.subscription.3month';
+  let user;
+
+  beforeEach(async () => {
+    user = await generateUser();
+  });
+
+  it('verifies sub key', async () => {
+    await expect(user.post(endpoint)).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('missingSubscriptionCode'),
+    });
+  });
+
+  it('verifies receipt existence', async () => {
+    await expect(user.post(endpoint, {
+      sku,
+    })).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('missingReceipt'),
+    });
+  });
+
+  describe('success', () => {
+    let subscribeStub;
+
+    beforeEach(async () => {
+      subscribeStub = sinon.stub(googlePayments, 'noRenewSubscribe').resolves({});
+    });
+
+    afterEach(() => {
+      googlePayments.noRenewSubscribe.restore();
+    });
+
+    it('makes a purchase', async () => {
+      user = await generateUser({
+        'profile.name': 'sender',
+        'purchased.plan.customerId': 'customer-id',
+        'purchased.plan.planId': 'basic_3mo',
+        'purchased.plan.lastBillingDate': new Date(),
+        balance: 2,
+      });
+
+      await user.post(endpoint, {
+        sku,
+        transaction: {
+          receipt: 'receipt',
+          signature: 'signature',
+        },
+      });
+
+      expect(subscribeStub).to.be.calledOnce;
+      expect(subscribeStub.args[0][0].user._id).to.eql(user._id);
+      expect(subscribeStub.args[0][0].sku).to.eql(sku);
+      expect(subscribeStub.args[0][0].receipt).to.eql('receipt');
+      expect(subscribeStub.args[0][0].signature).to.eql('signature');
+      expect(subscribeStub.args[0][0].headers['x-api-key']).to.eql(user.apiToken);
+      expect(subscribeStub.args[0][0].headers['x-api-user']).to.eql(user._id);
+    });
+
+    it('gifts a purchase', async () => {
+      user = await generateUser({
+        'profile.name': 'sender',
+        'purchased.plan.customerId': 'customer-id',
+        'purchased.plan.planId': 'basic_3mo',
+        'purchased.plan.lastBillingDate': new Date(),
+        balance: 2,
+      });
+
+      await user.post(endpoint, {
+        sku,
+        transaction: {
+          receipt: 'receipt',
+          signature: 'signature',
+        },
+        gift: {
+          uuid: '1',
+        },
+      });
+
+      expect(subscribeStub).to.be.calledOnce;
+      expect(subscribeStub.args[0][0].user._id).to.eql(user._id);
+      expect(subscribeStub.args[0][0].sku).to.eql(sku);
+      expect(subscribeStub.args[0][0].receipt).to.eql('receipt');
+      expect(subscribeStub.args[0][0].signature).to.eql('signature');
+      expect(subscribeStub.args[0][0].headers['x-api-key']).to.eql(user.apiToken);
+      expect(subscribeStub.args[0][0].headers['x-api-user']).to.eql(user._id);
+    });
+  });
+});
--- a/test/api/v3/integration/payments/google/POST-payments_google_subscribe.test.js
+++ b/test/api/v3/integration/payments/google/POST-payments_google_subscribe.test.js
@@ -21,7 +21,7 @@ describe('payments : google #subscribe', () => {
    let subscribeStub;

    beforeEach(async () => {
-      subscribeStub = sinon.stub(googlePayments, 'subscribe').returnsPromise().resolves({});
+      subscribeStub = sinon.stub(googlePayments, 'subscribe').resolves({});
    });

    afterEach(() => {
--- a/test/api/v3/integration/payments/google/POST-payments_google_verifyiap.js
+++ b/test/api/v3/integration/payments/google/POST-payments_google_verifyiap.js
@@ -1,4 +1,4 @@
-import {generateUser} from '../../../../../helpers/api-integration/v3';
+import {generateUser, translate as t} from '../../../../../helpers/api-integration/v3';
 import googlePayments from '../../../../../../website/server/libs/payments/google';

 describe('payments : google #verify', () => {
@@ -9,11 +9,19 @@ describe('payments : google #verify', () => {
    user = await generateUser();
  });

+  it('verifies receipt existence', async () => {
+    await expect(user.post(endpoint)).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('missingReceipt'),
+    });
+  });
+
  describe('success', () => {
    let verifyStub;

    beforeEach(async () => {
-      verifyStub = sinon.stub(googlePayments, 'verifyGemPurchase').returnsPromise().resolves({});
+      verifyStub = sinon.stub(googlePayments, 'verifyGemPurchase').resolves({});
    });

    afterEach(() => {
@@ -30,11 +38,30 @@ describe('payments : google #verify', () => {
      });

      expect(verifyStub).to.be.calledOnce;
-      expect(verifyStub.args[0][0]._id).to.eql(user._id);
-      expect(verifyStub.args[0][1]).to.eql('receipt');
-      expect(verifyStub.args[0][2]).to.eql('signature');
-      expect(verifyStub.args[0][3]['x-api-key']).to.eql(user.apiToken);
-      expect(verifyStub.args[0][3]['x-api-user']).to.eql(user._id);
+      expect(verifyStub.args[0][0].user._id).to.eql(user._id);
+      expect(verifyStub.args[0][0].receipt).to.eql('receipt');
+      expect(verifyStub.args[0][0].signature).to.eql('signature');
+      expect(verifyStub.args[0][0].headers['x-api-key']).to.eql(user.apiToken);
+      expect(verifyStub.args[0][0].headers['x-api-user']).to.eql(user._id);
+    });
+
+    it('gifts a purchase', async () => {
+      user = await generateUser({
+        balance: 2,
+      });
+
+      await user.post(endpoint, {
+        transaction: {receipt: 'receipt', signature: 'signature'},
+        gift: {uuid: '1'},
+      });
+
+      expect(verifyStub).to.be.calledOnce;
+      expect(verifyStub.args[0][0].user._id).to.eql(user._id);
+      expect(verifyStub.args[0][0].receipt).to.eql('receipt');
+      expect(verifyStub.args[0][0].signature).to.eql('signature');
+      expect(verifyStub.args[0][0].gift.uuid).to.eql('1');
+      expect(verifyStub.args[0][0].headers['x-api-key']).to.eql(user.apiToken);
+      expect(verifyStub.args[0][0].headers['x-api-user']).to.eql(user._id);
    });
  });
 });
--- a/test/api/v3/integration/payments/paypal/GET-payments_paypal_checkout.test.js
+++ b/test/api/v3/integration/payments/paypal/GET-payments_paypal_checkout.test.js
@@ -15,7 +15,7 @@ describe('payments : paypal #checkout', () => {
    let checkoutStub;

    beforeEach(async () => {
-      checkoutStub = sinon.stub(paypalPayments, 'checkout').returnsPromise().resolves('/');
+      checkoutStub = sinon.stub(paypalPayments, 'checkout').resolves('/');
    });

    afterEach(() => {
--- a/test/api/v3/integration/payments/paypal/GET-payments_paypal_checkout_success.test.js
+++ b/test/api/v3/integration/payments/paypal/GET-payments_paypal_checkout_success.test.js
@@ -34,7 +34,7 @@ describe('payments : paypal #checkoutSuccess', () => {
    let checkoutSuccessStub;

    beforeEach(async () => {
-      checkoutSuccessStub = sinon.stub(paypalPayments, 'checkoutSuccess').returnsPromise().resolves({});
+      checkoutSuccessStub = sinon.stub(paypalPayments, 'checkoutSuccess').resolves({});
    });

    afterEach(() => {
--- a/test/api/v3/integration/payments/paypal/GET-payments_paypal_subscribe.test.js
+++ b/test/api/v3/integration/payments/paypal/GET-payments_paypal_subscribe.test.js
@@ -25,7 +25,7 @@ describe('payments : paypal #subscribe', () => {
    let subscribeStub;

    beforeEach(async () => {
-      subscribeStub = sinon.stub(paypalPayments, 'subscribe').returnsPromise().resolves('/');
+      subscribeStub = sinon.stub(paypalPayments, 'subscribe').resolves('/');
    });

    afterEach(() => {
--- a/test/api/v3/integration/payments/paypal/GET-payments_paypal_subscribe_cancel.test.js
+++ b/test/api/v3/integration/payments/paypal/GET-payments_paypal_subscribe_cancel.test.js
@@ -25,7 +25,7 @@ describe('payments : paypal #subscribeCancel', () => {
    let subscribeCancelStub;

    beforeEach(async () => {
-      subscribeCancelStub = sinon.stub(paypalPayments, 'subscribeCancel').returnsPromise().resolves('/');
+      subscribeCancelStub = sinon.stub(paypalPayments, 'subscribeCancel').resolves('/');
    });

    afterEach(() => {
--- a/test/api/v3/integration/payments/paypal/GET-payments_paypal_subscribe_success.test.js
+++ b/test/api/v3/integration/payments/paypal/GET-payments_paypal_subscribe_success.test.js
@@ -24,7 +24,7 @@ describe('payments : paypal #subscribeSuccess', () => {
    let subscribeSuccessStub;

    beforeEach(async () => {
-      subscribeSuccessStub = sinon.stub(paypalPayments, 'subscribeSuccess').returnsPromise().resolves({});
+      subscribeSuccessStub = sinon.stub(paypalPayments, 'subscribeSuccess').resolves({});
    });

    afterEach(() => {
--- a/test/api/v3/integration/payments/paypal/POST-payments_paypal_ipn.test.js
+++ b/test/api/v3/integration/payments/paypal/POST-payments_paypal_ipn.test.js
@@ -20,7 +20,7 @@ describe('payments - paypal - #ipn', () => {
    let ipnStub;

    beforeEach(async () => {
-      ipnStub = sinon.stub(paypalPayments, 'ipn').returnsPromise().resolves({});
+      ipnStub = sinon.stub(paypalPayments, 'ipn').resolves({});
    });

    afterEach(() => {
--- a/test/api/v3/integration/payments/stripe/GET-payments_stripe_subscribe_cancel.test.js
+++ b/test/api/v3/integration/payments/stripe/GET-payments_stripe_subscribe_cancel.test.js
@@ -6,7 +6,7 @@ import {
 import stripePayments from '../../../../../../website/server/libs/payments/stripe';

 describe('payments - stripe - #subscribeCancel', () => {
-  let endpoint = '/stripe/subscribe/cancel?redirect=none';
+  let endpoint = '/stripe/subscribe/cancel?noRedirect=true';
  let user, group, stripeCancelSubscriptionStub;

  beforeEach(async () => {
@@ -23,7 +23,7 @@ describe('payments - stripe - #subscribeCancel', () => {

  describe('success', () => {
    beforeEach(async () => {
-      stripeCancelSubscriptionStub = sinon.stub(stripePayments, 'cancelSubscription').returnsPromise().resolves({});
+      stripeCancelSubscriptionStub = sinon.stub(stripePayments, 'cancelSubscription').resolves({});
    });

    afterEach(() => {
--- a/test/api/v3/integration/payments/stripe/POST-payments_stripe_checkout.test.js
+++ b/test/api/v3/integration/payments/stripe/POST-payments_stripe_checkout.test.js
@@ -24,7 +24,7 @@ describe('payments - stripe - #checkout', () => {
    let stripeCheckoutSubscriptionStub;

    beforeEach(async () => {
-      stripeCheckoutSubscriptionStub = sinon.stub(stripePayments, 'checkout').returnsPromise().resolves({});
+      stripeCheckoutSubscriptionStub = sinon.stub(stripePayments, 'checkout').resolves({});
    });

    afterEach(() => {
--- a/test/api/v3/integration/payments/stripe/POST-payments_stripe_subscribe_edit.test.js
+++ b/test/api/v3/integration/payments/stripe/POST-payments_stripe_subscribe_edit.test.js
@@ -25,7 +25,7 @@ describe('payments - stripe - #subscribeEdit', () => {
    let stripeEditSubscriptionStub;

    beforeEach(async () => {
-      stripeEditSubscriptionStub = sinon.stub(stripePayments, 'editSubscription').returnsPromise().resolves({});
+      stripeEditSubscriptionStub = sinon.stub(stripePayments, 'editSubscription').resolves({});
    });

    afterEach(() => {
--- a/test/api/v3/integration/quests/POST-groups_groupId_quests_accept.test.js
+++ b/test/api/v3/integration/quests/POST-groups_groupId_quests_accept.test.js
@@ -4,7 +4,7 @@ import {
  generateUser,
  sleep,
 } from '../../../../helpers/api-integration/v3';
-import { model as Chat } from '../../../../../website/server/models/chat';
+import { chatModel as Chat } from '../../../../../website/server/models/message';

 describe('POST /groups/:groupId/quests/accept', () => {
  const PET_QUEST = 'whale';
--- a/test/api/v3/integration/quests/POST-groups_groupId_quests_force-start.test.js
+++ b/test/api/v3/integration/quests/POST-groups_groupId_quests_force-start.test.js
@@ -4,7 +4,7 @@ import {
  generateUser,
  sleep,
 } from '../../../../helpers/api-integration/v3';
-import { model as Chat } from '../../../../../website/server/models/chat';
+import { chatModel as Chat } from '../../../../../website/server/models/message';

 describe('POST /groups/:groupId/quests/force-start', () => {
  const PET_QUEST = 'whale';
--- a/Show More
+++ b/Show More