4.24.0

Also ends Winter Wonderland event

.eslintignore

@@ -6,6 +6,9 @@ website/transpiled-babel/
 website/common/transpiled-babel/
 dist/
 dist-client/
+apidoc_build/
+content_cache/
+node_modules/
 
 # Not linted
 website/client-old/
@@ -16,5 +19,3 @@ migrations/*
 scripts/*
 website/common/browserify.js
 Gruntfile.js
-gulpfile.js
-gulp

.github/CONTRIBUTING.md

@@ -4,7 +4,7 @@
 
 # Pull Request
 
-[Please see these instructions for adding a pull request](http://habitica.wikia.com/wiki/Using_Habitica_Git#Pull_Request)
+[Please see these instructions for adding a pull request](http://habitica.wikia.com/wiki/Using_Your_Local_Install_to_Modify_Habitica%27s_Website_and_API)
 
 # Requesting a feature
 

.github/ISSUE_TEMPLATE.md

@@ -6,7 +6,7 @@
 
 [//]: # (For more guidelines see https://github.com/HabitRPG/habitica/issues/2760)
 
-[//]: # (Fill out relevant information - UUID is found in Settings -> API)
+[//]: # (Fill out relevant information - UUID is found from the Habitia website at User Icon > Settings > API)
 ### General Info
   * UUID: 
   * Browser: 

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,4 +1,4 @@
-[//]: # (Note: See http://habitica.wikia.com/wiki/Using_Habitica_Git#Pull_Request for more info)
+[//]: # (Note: See http://habitica.wikia.com/wiki/Using_Your_Local_Install_to_Modify_Habitica%27s_Website_and_API for more info)
 
 [//]: # (Put Issue # or URL here, if applicable. This will automatically close the issue if your PR is merged in)
 Fixes put_issue_url_here
@@ -8,7 +8,7 @@ Fixes put_issue_url_here
 
 
 
-[//]: # (Put User ID in here - found in Settings -> API)
+[//]: # (Put User ID in here - found on the Habitica website at User Icon > Settings > API)
 
 ----
 UUID: 

.travis.yml

@@ -1,32 +1,22 @@
 language: node_js
 node_js:
   - '6'
-sudo: required
-dist: precise
 services:
   - mongodb
-addons:
-  apt:
-    sources:
-      - ubuntu-toolchain-r-test
-    packages:
-      - g++-4.8
+cache:
+  directories:
+    - 'node_modules'
 before_install:
-  - $CXX --version
   - npm install -g npm@5
-  - if [ $REQUIRES_SERVER ]; then sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10; echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | sudo tee /etc/apt/sources.list.d/mongodb.list; sudo apt-get update; sudo apt-get install mongodb-org-server; fi
-install:
-  - npm install &> npm.install.log || (cat npm.install.log; false)
 before_script:
   - npm run test:build
   - cp config.json.example config.json
-  - sleep 15
+  - sleep 5
 script:
   - npm run $TEST
   - if [ $COVERAGE ]; then ./node_modules/.bin/lcov-result-merger 'coverage/**/*.info' | ./node_modules/coveralls/bin/coveralls.js; fi
 env:
   global:
-    - CXX=g++-4.8
     - DISABLE_REQUEST_LOGGING=true
   matrix:
     - TEST="lint"
@@ -34,5 +24,4 @@ env:
     - TEST="test:sanity"
     - TEST="test:content" COVERAGE=true
     - TEST="test:common" COVERAGE=true
-    - TEST="client:unit" COVERAGE=true
     - TEST="apidoc"

Dockerfile-Production

@@ -1,5 +1,16 @@
 FROM node:boron
 
+ENV ADMIN_EMAIL admin@habitica.com
+ENV AMAZON_PAYMENTS_CLIENT_ID amzn1.application-oa2-client.68ed9e6904ef438fbc1bf86bf494056e
+ENV AMAZON_PAYMENTS_SELLER_ID AMQ3SB4SG5E91
+ENV AMPLITUDE_KEY e8d4c24b3d6ef3ee73eeba715023dd43
+ENV BASE_URL https://habitica.com
+ENV FACEBOOK_KEY 128307497299777
+ENV GA_ID UA-33510635-1
+ENV GOOGLE_CLIENT_ID 1035232791481-32vtplgnjnd1aufv3mcu1lthf31795fq.apps.googleusercontent.com
+ENV NODE_ENV production
+ENV STRIPE_PUB_KEY pk_85fQ0yMECHNfHTSsZoxZXlPSwSNfA
+
 # Upgrade NPM to v5 (Yarn is needed because of this bug https://github.com/npm/npm/issues/16807)
 # The used solution is suggested here https://github.com/npm/npm/issues/16807#issuecomment-313591975
 RUN yarn global add npm@5
@@ -9,7 +20,7 @@ RUN npm install -g gulp mocha
 # Clone Habitica repo and install dependencies
 RUN mkdir -p /usr/src/habitrpg
 WORKDIR /usr/src/habitrpg
-RUN git clone --branch v4.0.3 https://github.com/HabitRPG/habitica.git /usr/src/habitrpg
+RUN git clone --branch v4.23.2 https://github.com/HabitRPG/habitica.git /usr/src/habitrpg
 RUN npm install
 RUN gulp build:prod --force
 

Vagrantfile.example

@@ -16,5 +16,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   config.vm.hostname = "habitrpg"
   config.vm.network "forwarded_port", guest: 3000, host: 3000, auto_correct: true
   config.vm.usable_port_range = (3000..3050)
+  config.vm.network "forwarded_port", guest: 8080, host: 8080, auto_correct: true
+  config.vm.usable_port_range = (8080..8130)
   config.vm.provision :shell, :path => "vagrant_scripts/vagrant.sh"
 end

config.json.example

@@ -22,6 +22,8 @@
     "CRON_SEMI_SAFE_MODE":"false",
     "MAINTENANCE_MODE": "false",
     "SESSION_SECRET":"YOUR SECRET HERE",
+    "SESSION_SECRET_KEY": "1234567891234567891234567891234567891234567891234567891234567891",
+    "SESSION_SECRET_IV": "12345678912345678912345678912345",
     "ADMIN_EMAIL": "you@example.com",
     "SMTP_USER":"user@example.com",
     "SMTP_PASS":"password",
@@ -71,6 +73,7 @@
     },
     "IAP_GOOGLE_KEYDIR": "/path/to/google/public/key/dir/",
     "LOGGLY_TOKEN": "token",
+    "LOGGLY_CLIENT_TOKEN": "token",
     "LOGGLY_ACCOUNT": "account",
     "PUSH_CONFIGS": {
         "GCM_SERVER_API_KEY": "",

docker-compose.dev.yml

@@ -1,3 +1,10 @@
-web:
-  volumes:
-    - '.:/usr/src/habitrpg'
+version: "3"
+services:
+
+  client:
+    volumes:
+      - '.:/usr/src/habitrpg'
+
+  server:
+    volumes:
+      - '.:/usr/src/habitrpg'

docker-compose.yml

@@ -1,13 +1,36 @@
-web:
-  build: .
-  ports:
-    - "3000:3000"
-  links:
-    - mongo
-  environment:
-    - NODE_DB_URI=mongodb://mongo/habitrpg
+version: "3"
+services:
 
-mongo:
-  image: mongo
-  ports:
-    - "27017:27017"
+  client:
+    build: .
+    networks:
+      - habitica
+    environment:
+      - BASE_URL=http://server:3000
+    ports:
+        - "8080:8080"
+    command: ["npm", "run", "client:dev"]
+    depends_on:
+      - server
+
+  server:
+    build: .
+    ports:
+      - "3000:3000"
+    networks:
+      - habitica
+    environment:
+      - NODE_DB_URI=mongodb://mongo/habitrpg
+    depends_on:
+      - mongo
+
+  mongo:
+    image: mongo
+    ports:
+      - "27017:27017"
+    networks:
+      - habitica
+
+networks:
+  habitica:
+    driver: bridge

gulp/.eslintrc

@@ -1,10 +0,0 @@
-{
-  "root": true,
-  "env": {
-    "node": true,
-  },
-  "extends": [
-    "habitrpg/server",
-    "habitrpg/babel"
-  ],
-}

gulp/gulp-apidoc.js

@@ -22,5 +22,5 @@ gulp.task('apidoc', ['apidoc:clean'], (done) => {
 });
 
 gulp.task('apidoc:watch', ['apidoc'], () => {
-  return gulp.watch(APIDOC_SRC_PATH + '/**/*.js', ['apidoc']);
+  return gulp.watch(`${APIDOC_SRC_PATH}/**/*.js`, ['apidoc']);
 });

gulp/gulp-bootstrap.js

@@ -1,36 +0,0 @@
-import gulp from 'gulp';
-import fs from 'fs';
-
-// Copy Bootstrap 4 config variables from /website /node_modules so we can check
-// them into Git
-
-const BOOSTRAP_NEW_CONFIG_PATH = 'website/client/assets/scss/bootstrap_config.scss';
-const BOOTSTRAP_ORIGINAL_CONFIG_PATH = 'node_modules/bootstrap/scss/_custom.scss';
-
-// https://stackoverflow.com/a/14387791/969528
-function copyFile(source, target, cb) {
-  let cbCalled = false;
-
-  function done(err) {
-    if (!cbCalled) {
-      cb(err);
-      cbCalled = true;
-    }
-  }
-
-  let rd = fs.createReadStream(source);
-  rd.on('error', done);
-  let wr = fs.createWriteStream(target);
-  wr.on('error', done);
-  wr.on('close', () => done());
-  rd.pipe(wr);
-}
-
-gulp.task('bootstrap', (done) => {
-  // use new config
-  copyFile(
-    BOOSTRAP_NEW_CONFIG_PATH,
-    BOOTSTRAP_ORIGINAL_CONFIG_PATH,
-    done,
-  );
-});

gulp/gulp-build.js

@@ -1,10 +1,9 @@
 import gulp from 'gulp';
-import runSequence from 'run-sequence';
 import babel from 'gulp-babel';
 import webpackProductionBuild from '../webpack/build';
 
 gulp.task('build', () => {
-  if (process.env.NODE_ENV === 'production') {
+  if (process.env.NODE_ENV === 'production') { // eslint-disable-line no-process-env
     gulp.start('build:prod');
   }
 });
@@ -24,15 +23,15 @@ gulp.task('build:common', () => {
 gulp.task('build:server', ['build:src', 'build:common']);
 
 // Client Production Build
-gulp.task('build:client', ['bootstrap'], (done) => {
+gulp.task('build:client', (done) => {
   webpackProductionBuild((err, output) => {
     if (err) return done(err);
-    console.log(output);
+    console.log(output); // eslint-disable-line no-console
   });
 });
 
 gulp.task('build:prod', [
-  'build:server', 
+  'build:server',
   'build:client',
   'apidoc',
 ]);

gulp/gulp-console.js

@@ -7,10 +7,11 @@ import gulp     from 'gulp';
 
 // Add additional properties to the repl's context
 let improveRepl = (context) => {
-
   // Let "exit" and "quit" terminate the console
   ['exit', 'quit'].forEach((term) => {
-    Object.defineProperty(context, term, { get () { process.exit(); }});
+    Object.defineProperty(context, term, { get () {
+      process.exit();
+    }});
   });
 
   // "clear" clears the screen
@@ -18,12 +19,12 @@ let improveRepl = (context) => {
     process.stdout.write('\u001B[2J\u001B[0;0f');
   }});
 
-  context.Challenge = require('../website/server/models/challenge').model;
-  context.Group     = require('../website/server/models/group').model;
-  context.User      = require('../website/server/models/user').model;
+  context.Challenge = require('../website/server/models/challenge').model; // eslint-disable-line global-require
+  context.Group     = require('../website/server/models/group').model; // eslint-disable-line global-require
+  context.User      = require('../website/server/models/user').model; // eslint-disable-line global-require
 
-  var isProd = nconf.get('NODE_ENV') === 'production';
-  var mongooseOptions = !isProd ? {} : {
+  const isProd = nconf.get('NODE_ENV') === 'production';
+  const mongooseOptions = !isProd ? {} : {
     replset: { socketOptions: { keepAlive: 1, connectTimeoutMS: 30000 } },
     server: { socketOptions: { keepAlive: 1, connectTimeoutMS: 30000 } },
   };
@@ -31,16 +32,15 @@ let improveRepl = (context) => {
     mongoose.connect(
       nconf.get('NODE_DB_URI'),
       mongooseOptions,
-      function (err) {
+      (err) => {
         if (err) throw err;
         logger.info('Connected with Mongoose');
       }
     )
   );
-
 };
 
-gulp.task('console', (cb) => {
+gulp.task('console', () => {
   improveRepl(repl.start({
     prompt: 'Habitica > ',
   }).context);

gulp/gulp-sprites.js

@@ -11,78 +11,38 @@ import {each} from 'lodash';
 // https://github.com/Ensighten/grunt-spritesmith/issues/67#issuecomment-34786248
 const MAX_SPRITESHEET_SIZE = 1024 * 1024 * 3;
 
-const IMG_DIST_PATH = 'website/static/sprites/';
+const IMG_DIST_PATH = 'website/client/assets/images/sprites/';
 const CSS_DIST_PATH = 'website/client/assets/css/sprites/';
 
-gulp.task('sprites:compile', ['sprites:clean', 'sprites:main', 'sprites:largeSprites', 'sprites:checkCompiledDimensions']);
+function checkForSpecialTreatment (name) {
+  let regex = /^hair|skin|beard|mustach|shirt|flower|^headAccessory_special_\w+Ears|^eyewear_special_\w+TopFrame/;
+  return name.match(regex) || name === 'head_0';
+}
 
-gulp.task('sprites:main', () => {
-  let mainSrc = sync('website/raw_sprites/spritesmith/**/*.png');
-  return createSpritesStream('main', mainSrc);
-});
+function calculateImgDimensions (img, addPadding) {
+  let dims = sizeOf(img);
 
-gulp.task('sprites:largeSprites', () => {
-  let largeSrc = sync('website/raw_sprites/spritesmith_large/**/*.png');
-  return createSpritesStream('largeSprites', largeSrc);
-});
-
-gulp.task('sprites:clean', (done) => {
-  clean(`${IMG_DIST_PATH}spritesmith*,${CSS_DIST_PATH}spritesmith*}`, done);
-});
-
-gulp.task('sprites:checkCompiledDimensions', ['sprites:main', 'sprites:largeSprites'], () => {
-  console.log('Verifiying that images do not exceed max dimensions');
-
-  let numberOfSheetsThatAreTooBig = 0;
-
-  let distSpritesheets = sync(`${IMG_DIST_PATH}*.png`);
-
-  each(distSpritesheets, (img, index) => {
-    let spriteSize = calculateImgDimensions(img);
-
-    if (spriteSize > MAX_SPRITESHEET_SIZE) {
-      numberOfSheetsThatAreTooBig++;
-      let name = basename(img, '.png');
-      console.error(`WARNING: ${name} might be too big - ${spriteSize} > ${MAX_SPRITESHEET_SIZE}`);
-    }
-  });
-
-  if (numberOfSheetsThatAreTooBig > 0) {
-    console.error(`${numberOfSheetsThatAreTooBig} sheets might too big for mobile Safari to be able to handle them, but there is a margin of error in these calculations so it is probably okay. Mention this to an admin so they can test a staging site on mobile Safari after your PR is merged.`); // https://github.com/HabitRPG/habitica/pull/6683#issuecomment-185462180
-  } else {
-    console.log('All images are within the correct dimensions');
+  let requiresSpecialTreatment = checkForSpecialTreatment(img);
+  if (requiresSpecialTreatment) {
+    let newWidth = dims.width < 90 ? 90 : dims.width;
+    let newHeight = dims.height < 90 ? 90 : dims.height;
+    dims = {
+      width: newWidth,
+      height: newHeight,
+    };
   }
-});
 
-function createSpritesStream (name, src) {
-  let spritesheetSliceIndicies = calculateSpritesheetsSrcIndicies(src);
-  let stream = mergeStream();
+  let padding = 0;
 
-  each(spritesheetSliceIndicies, (start, index) => {
-    let slicedSrc = src.slice(start, spritesheetSliceIndicies[index + 1]);
+  if (addPadding) {
+    padding = dims.width * 8 + dims.height * 8;
+  }
 
-    let spriteData = gulp.src(slicedSrc)
-      .pipe(spritesmith({
-        imgName: `spritesmith-${name}-${index}.png`,
-        cssName: `spritesmith-${name}-${index}.css`,
-        algorithm: 'binary-tree',
-        padding: 1,
-        cssTemplate: 'website/raw_sprites/css/css.template.handlebars',
-        cssVarMap: cssVarMap,
-      }));
+  if (!dims.width || !dims.height) console.error('MISSING DIMENSIONS:', dims); // eslint-disable-line no-console
 
-    let imgStream = spriteData.img
-      .pipe(imagemin())
-      .pipe(gulp.dest(IMG_DIST_PATH));
+  let totalPixelSize = dims.width * dims.height + padding;
 
-    let cssStream = spriteData.css
-      .pipe(gulp.dest(CSS_DIST_PATH));
-
-    stream.add(imgStream);
-    stream.add(cssStream);
-  });
-
-  return stream;
+  return totalPixelSize;
 }
 
 function calculateSpritesheetsSrcIndicies (src) {
@@ -102,37 +62,6 @@ function calculateSpritesheetsSrcIndicies (src) {
   return slices;
 }
 
-function calculateImgDimensions (img, addPadding) {
-  let dims = sizeOf(img);
-
-  let requiresSpecialTreatment = checkForSpecialTreatment(img);
-  if (requiresSpecialTreatment) {
-    let newWidth = dims.width < 90 ? 90 : dims.width;
-    let newHeight = dims.height < 90 ? 90 : dims.height;
-    dims = {
-      width: newWidth,
-      height: newHeight,
-    };
-  }
-
-  let padding = 0;
-
-  if (addPadding) {
-    padding = (dims.width * 8) + (dims.height * 8);
-  }
-
-  if (!dims.width || !dims.height) console.error('MISSING DIMENSIONS:', dims);
-
-  let totalPixelSize = (dims.width * dims.height) + padding;
-
-  return totalPixelSize;
-}
-
-function checkForSpecialTreatment (name) {
-  let regex = /^hair|skin|beard|mustach|shirt|flower|^headAccessory_special_\w+Ears|^eyewear_special_\w+TopFrame/;
-  return name.match(regex) || name === 'head_0';
-}
-
 function cssVarMap (sprite) {
   // For hair, skins, beards, etc. we want to output a '.customize-options.WHATEVER' class, which works as a
   // 60x60 image pointing at the proper part of the 90x90 sprite.
@@ -141,18 +70,93 @@ function cssVarMap (sprite) {
   if (requiresSpecialTreatment) {
     sprite.custom = {
       px: {
-        offset_x: `-${ sprite.x + 25 }px`,
-        offset_y: `-${ sprite.y + 15 }px`,
+        offsetX: `-${ sprite.x + 25 }px`,
+        offsetY: `-${ sprite.y + 15 }px`,
         width: '60px',
         height: '60px',
       },
     };
   }
-  if (~sprite.name.indexOf('shirt'))
-    sprite.custom.px.offset_y = `-${ sprite.y + 30 }px`; // even more for shirts
-  if (~sprite.name.indexOf('hair_base')) {
-    let styleArray = sprite.name.split('_').slice(2,3);
+  if (sprite.name.indexOf('shirt') !== -1)
+    sprite.custom.px.offsetY = `-${ sprite.y + 35 }px`; // even more for shirts
+  if (sprite.name.indexOf('hair_base') !== -1) {
+    let styleArray = sprite.name.split('_').slice(2, 3);
     if (Number(styleArray[0]) > 14)
-      sprite.custom.px.offset_y = `-${ sprite.y }px`; // don't crop updos
+      sprite.custom.px.offsetY = `-${ sprite.y }px`; // don't crop updos
   }
 }
+
+function createSpritesStream (name, src) {
+  let spritesheetSliceIndicies = calculateSpritesheetsSrcIndicies(src);
+  let stream = mergeStream();
+
+  each(spritesheetSliceIndicies, (start, index) => {
+    let slicedSrc = src.slice(start, spritesheetSliceIndicies[index + 1]);
+
+    let spriteData = gulp.src(slicedSrc)
+      .pipe(spritesmith({
+        imgName: `spritesmith-${name}-${index}.png`,
+        cssName: `spritesmith-${name}-${index}.css`,
+        algorithm: 'binary-tree',
+        padding: 1,
+        cssTemplate: 'website/raw_sprites/css/css.template.handlebars',
+        cssVarMap,
+      }));
+
+    let imgStream = spriteData.img
+      .pipe(imagemin())
+      .pipe(gulp.dest(IMG_DIST_PATH));
+
+    let cssStream = spriteData.css
+      .pipe(gulp.dest(CSS_DIST_PATH));
+
+    stream.add(imgStream);
+    stream.add(cssStream);
+  });
+
+  return stream;
+}
+
+gulp.task('sprites:compile', ['sprites:clean', 'sprites:main', 'sprites:largeSprites', 'sprites:checkCompiledDimensions']);
+
+gulp.task('sprites:main', () => {
+  let mainSrc = sync('website/raw_sprites/spritesmith/**/*.png');
+  return createSpritesStream('main', mainSrc);
+});
+
+gulp.task('sprites:largeSprites', () => {
+  let largeSrc = sync('website/raw_sprites/spritesmith_large/**/*.png');
+  return createSpritesStream('largeSprites', largeSrc);
+});
+
+gulp.task('sprites:clean', (done) => {
+  clean(`${IMG_DIST_PATH}spritesmith*,${CSS_DIST_PATH}spritesmith*}`, done);
+});
+
+gulp.task('sprites:checkCompiledDimensions', ['sprites:main', 'sprites:largeSprites'], () => {
+  console.log('Verifiying that images do not exceed max dimensions'); // eslint-disable-line no-console
+
+  let numberOfSheetsThatAreTooBig = 0;
+
+  let distSpritesheets = sync(`${IMG_DIST_PATH}*.png`);
+
+  each(distSpritesheets, (img) => {
+    let spriteSize = calculateImgDimensions(img);
+
+    if (spriteSize > MAX_SPRITESHEET_SIZE) {
+      numberOfSheetsThatAreTooBig++;
+      let name = basename(img, '.png');
+      console.error(`WARNING: ${name} might be too big - ${spriteSize} > ${MAX_SPRITESHEET_SIZE}`); // eslint-disable-line no-console
+    }
+  });
+
+  if (numberOfSheetsThatAreTooBig > 0) {
+    // https://github.com/HabitRPG/habitica/pull/6683#issuecomment-185462180
+    console.error( // eslint-disable-line no-console
+      `${numberOfSheetsThatAreTooBig} sheets might too big for mobile Safari to be able to handle
+      them, but there is a margin of error in these calculations so it is probably okay. Mention
+      this to an admin so they can test a staging site on mobile Safari after your PR is merged.`);
+  } else {
+    console.log('All images are within the correct dimensions'); // eslint-disable-line no-console
+  }
+});

gulp/gulp-tests.js

@@ -1,21 +1,12 @@
 import {
   pipe,
-  awaitPort,
-  kill,
-  runMochaTests,
 }  from './taskHelper';
-import { server as karma }        from 'karma';
 import mongoose                   from 'mongoose';
 import { exec }                   from 'child_process';
-import psTree                     from 'ps-tree';
 import gulp                       from 'gulp';
-import Bluebird                   from 'bluebird';
 import runSequence                from 'run-sequence';
 import os                         from 'os';
 import nconf                      from 'nconf';
-import fs from 'fs';
-
-const i18n = require('../website/server/libs/i18n');
 
 // TODO rewrite
 
@@ -24,7 +15,6 @@ let server;
 
 const TEST_DB_URI       = nconf.get('TEST_DB_URI');
 
-const API_V3_TEST_COMMAND = 'npm run test:api-v3';
 const SANITY_TEST_COMMAND = 'npm run test:sanity';
 const COMMON_TEST_COMMAND = 'npm run test:common';
 const CONTENT_TEST_COMMAND = 'npm run test:content';
@@ -34,14 +24,14 @@ const CONTENT_OPTIONS = {maxBuffer: 1024 * 500};
 let testResults = [];
 let testCount = (stdout, regexp) => {
   let match = stdout.match(regexp);
-  return parseInt(match && match[1] || 0);
+  return parseInt(match && match[1] || 0, 10);
 };
 
 let testBin = (string, additionalEnvVariables = '') => {
   if (os.platform() === 'win32') {
-    if (additionalEnvVariables != '') {
+    if (additionalEnvVariables !== '') {
       additionalEnvVariables = additionalEnvVariables.split(' ').join('&&set ');
-      additionalEnvVariables = 'set ' + additionalEnvVariables + '&&';
+      additionalEnvVariables = `set ${additionalEnvVariables}&&`;
     }
     return `set NODE_ENV=test&&${additionalEnvVariables}${string}`;
   } else {
@@ -49,9 +39,9 @@ let testBin = (string, additionalEnvVariables = '') => {
   }
 };
 
-gulp.task('test:nodemon', (done) => {
-  process.env.PORT = TEST_SERVER_PORT;
-  process.env.NODE_DB_URI = TEST_DB_URI;
+gulp.task('test:nodemon', () => {
+  process.env.PORT = TEST_SERVER_PORT; // eslint-disable-line no-process-env
+  process.env.NODE_DB_URI = TEST_DB_URI; // eslint-disable-line no-process-env
 
   runSequence('nodemon');
 });
@@ -68,8 +58,12 @@ gulp.task('test:prepare:mongo', (cb) => {
 gulp.task('test:prepare:server', ['test:prepare:mongo'], () => {
   if (!server) {
     server = exec(testBin('node ./website/server/index.js', `NODE_DB_URI=${TEST_DB_URI} PORT=${TEST_SERVER_PORT}`), (error, stdout, stderr) => {
-      if (error) { throw `Problem with the server: ${error}`; }
-      if (stderr) { console.error(stderr); }
+      if (error) {
+        throw new Error(`Problem with the server: ${error}`);
+      }
+      if (stderr) {
+        console.error(stderr); // eslint-disable-line no-console
+      }
     });
   }
 });
@@ -84,7 +78,7 @@ gulp.task('test:prepare', [
 gulp.task('test:sanity', (cb) => {
   let runner = exec(
     testBin(SANITY_TEST_COMMAND),
-    (err, stdout, stderr) => {
+    (err) => {
       if (err) {
         process.exit(1);
       }
@@ -97,7 +91,7 @@ gulp.task('test:sanity', (cb) => {
 gulp.task('test:common', ['test:prepare:build'], (cb) => {
   let runner = exec(
     testBin(COMMON_TEST_COMMAND),
-    (err, stdout, stderr) => {
+    (err) => {
       if (err) {
         process.exit(1);
       }
@@ -118,7 +112,7 @@ gulp.task('test:common:watch', ['test:common:clean'], () => {
 gulp.task('test:common:safe', ['test:prepare:build'], (cb) => {
   let runner = exec(
     testBin(COMMON_TEST_COMMAND),
-    (err, stdout, stderr) => {
+    (err, stdout) => { // eslint-disable-line handle-callback-err
       testResults.push({
         suite: 'Common Specs\t',
         pass: testCount(stdout, /(\d+) passing/),
@@ -135,7 +129,7 @@ gulp.task('test:content', ['test:prepare:build'], (cb) => {
   let runner = exec(
     testBin(CONTENT_TEST_COMMAND),
     CONTENT_OPTIONS,
-    (err, stdout, stderr) => {
+    (err) => {
       if (err) {
         process.exit(1);
       }
@@ -157,7 +151,7 @@ gulp.task('test:content:safe', ['test:prepare:build'], (cb) => {
   let runner = exec(
     testBin(CONTENT_TEST_COMMAND),
     CONTENT_OPTIONS,
-    (err, stdout, stderr) => {
+    (err, stdout) => {  // eslint-disable-line handle-callback-err
       testResults.push({
         suite: 'Content Specs\t',
         pass: testCount(stdout, /(\d+) passing/),
@@ -173,7 +167,7 @@ gulp.task('test:content:safe', ['test:prepare:build'], (cb) => {
 gulp.task('test:api-v3:unit', (done) => {
   let runner = exec(
     testBin('node_modules/.bin/istanbul cover --dir coverage/api-v3-unit --report lcovonly node_modules/mocha/bin/_mocha -- test/api/v3/unit --recursive --require ./test/helpers/start-server'),
-    (err, stdout, stderr) => {
+    (err) => {
       if (err) {
         process.exit(1);
       }
@@ -192,7 +186,7 @@ gulp.task('test:api-v3:integration', (done) => {
   let runner = exec(
     testBin('node_modules/.bin/istanbul cover --dir coverage/api-v3-integration --report lcovonly node_modules/mocha/bin/_mocha -- test/api/v3/integration --recursive --require ./test/helpers/start-server'),
     {maxBuffer: 500 * 1024},
-    (err, stdout, stderr) => {
+    (err) => {
       if (err) {
         process.exit(1);
       }
@@ -212,7 +206,7 @@ gulp.task('test:api-v3:integration:separate-server', (done) => {
   let runner = exec(
     testBin('mocha test/api/v3/integration --recursive --require ./test/helpers/start-server', 'LOAD_SERVER=0'),
     {maxBuffer: 500 * 1024},
-    (err, stdout, stderr) => done(err)
+    (err) => done(err)
   );
 
   pipe(runner);

gulp/gulp-transifex-test.js

@@ -1,6 +1,5 @@
 import fs       from 'fs';
 import _        from 'lodash';
-import nconf    from 'nconf';
 import gulp     from 'gulp';
 import { postToSlack, conf } from './taskHelper';
 
@@ -12,8 +11,82 @@ const SLACK_CONFIG = {
 
 const LOCALES = './website/common/locales/';
 const ENGLISH_LOCALE = `${LOCALES}en/`;
+
+
+function getArrayOfLanguages () {
+  let languages = fs.readdirSync(LOCALES);
+  languages.shift(); // Remove README.md from array of languages
+
+  return languages;
+}
+
 const ALL_LANGUAGES = getArrayOfLanguages();
 
+function stripOutNonJsonFiles (collection) {
+  let onlyJson = _.filter(collection, (file) => {
+    return file.match(/[a-zA-Z]*\.json/);
+  });
+
+  return onlyJson;
+}
+
+function eachTranslationFile (languages, cb) {
+  let jsonFiles = stripOutNonJsonFiles(fs.readdirSync(ENGLISH_LOCALE));
+
+  _.each(languages, (lang) => {
+    _.each(jsonFiles, (filename) => {
+      let parsedTranslationFile;
+      try {
+        const translationFile = fs.readFileSync(`${LOCALES}${lang}/${filename}`);
+        parsedTranslationFile = JSON.parse(translationFile);
+      } catch (err) {
+        return cb(err);
+      }
+
+      let englishFile = fs.readFileSync(ENGLISH_LOCALE + filename);
+      let parsedEnglishFile = JSON.parse(englishFile);
+
+      cb(null, lang, filename, parsedEnglishFile, parsedTranslationFile);
+    });
+  });
+}
+
+function eachTranslationString (languages, cb) {
+  eachTranslationFile(languages, (error, language, filename, englishJSON, translationJSON) => {
+    if (error) return;
+    _.each(englishJSON, (string, key) => {
+      const translationString = translationJSON[key];
+      cb(language, filename, key, string, translationString);
+    });
+  });
+}
+
+function formatMessageForPosting (msg, items) {
+  let body = `*Warning:* ${msg}`;
+  body += '\n\n```\n';
+  body += items.join('\n');
+  body += '\n```';
+
+  return body;
+}
+
+function getStringsWith (json, interpolationRegex) {
+  let strings = {};
+
+  _.each(json, (fileName) => {
+    const rawFile = fs.readFileSync(ENGLISH_LOCALE + fileName);
+    const parsedJson = JSON.parse(rawFile);
+
+    strings[fileName] = {};
+    _.each(parsedJson, (value, key) => {
+      const match = value.match(interpolationRegex);
+      if (match) strings[fileName][key] = match;
+    });
+  });
+
+  return strings;
+}
+
 const malformedStringExceptions = {
   messageDropFood: true,
   armoireFood: true,
@@ -23,7 +96,6 @@ const malformedStringExceptions = {
 gulp.task('transifex', ['transifex:missingFiles', 'transifex:missingStrings', 'transifex:malformedStrings']);
 
 gulp.task('transifex:missingFiles', () => {
-
   let missingStrings = [];
 
   eachTranslationFile(ALL_LANGUAGES, (error) => {
@@ -40,7 +112,6 @@ gulp.task('transifex:missingFiles', () => {
 });
 
 gulp.task('transifex:missingStrings', () => {
-
   let missingStrings = [];
 
   eachTranslationString(ALL_LANGUAGES, (language, filename, key, englishString, translationString) => {
@@ -58,7 +129,6 @@ gulp.task('transifex:missingStrings', () => {
 });
 
 gulp.task('transifex:malformedStrings', () => {
-
   let jsonFiles = stripOutNonJsonFiles(fs.readdirSync(ENGLISH_LOCALE));
   let interpolationRegex = /<%= [a-zA-Z]* %>/g;
   let stringsToLookFor = getStringsWith(jsonFiles, interpolationRegex);
@@ -66,25 +136,23 @@ gulp.task('transifex:malformedStrings', () => {
   let stringsWithMalformedInterpolations = [];
   let stringsWithIncorrectNumberOfInterpolations = [];
 
-  let count = 0;
-  _.each(ALL_LANGUAGES, function (lang) {
-
-    _.each(stringsToLookFor, function (strings, file) {
-      let translationFile = fs.readFileSync(LOCALES + lang + '/' + file);
+  _.each(ALL_LANGUAGES, (lang) => {
+    _.each(stringsToLookFor, (strings, filename) => {
+      let translationFile = fs.readFileSync(`${LOCALES}${lang}/${filename}`);
       let parsedTranslationFile = JSON.parse(translationFile);
 
-      _.each(strings, function (value, key) {
+      _.each(strings, (value, key) => { // eslint-disable-line max-nested-callbacks
         let translationString = parsedTranslationFile[key];
         if (!translationString) return;
 
-        let englishOccurences = stringsToLookFor[file][key];
+        let englishOccurences = stringsToLookFor[filename][key];
         let translationOccurences = translationString.match(interpolationRegex);
 
         if (!translationOccurences) {
-          let malformedString = `${lang} - ${file} - ${key} - ${translationString}`;
+          let malformedString = `${lang} - ${filename} - ${key} - ${translationString}`;
           stringsWithMalformedInterpolations.push(malformedString);
         } else if (englishOccurences.length !== translationOccurences.length && !malformedStringExceptions[key]) {
-          let missingInterpolationString = `${lang} - ${file} - ${key} - ${translationString}`;
+          let missingInterpolationString = `${lang} - ${filename} - ${key} - ${translationString}`;
           stringsWithIncorrectNumberOfInterpolations.push(missingInterpolationString);
         }
       });
@@ -103,74 +171,3 @@ gulp.task('transifex:malformedStrings', () => {
     postToSlack(formattedMessage, SLACK_CONFIG);
   }
 });
-
-function getArrayOfLanguages () {
-  let languages = fs.readdirSync(LOCALES);
-  languages.shift(); // Remove README.md from array of languages
-
-  return languages;
-}
-
-function eachTranslationFile (languages, cb) {
-  let jsonFiles = stripOutNonJsonFiles(fs.readdirSync(ENGLISH_LOCALE));
-
-  _.each(languages, (lang) => {
-    _.each(jsonFiles, (filename) => {
-      try {
-        var translationFile = fs.readFileSync(LOCALES + lang + '/' + filename);
-        var parsedTranslationFile = JSON.parse(translationFile);
-      } catch (err) {
-        return cb(err);
-      }
-
-      let englishFile = fs.readFileSync(ENGLISH_LOCALE + filename);
-      let parsedEnglishFile = JSON.parse(englishFile);
-
-      cb(null, lang, filename, parsedEnglishFile, parsedTranslationFile);
-    });
-  });
-}
-
-function eachTranslationString (languages, cb) {
-  eachTranslationFile(languages, (error, language, filename, englishJSON, translationJSON) => {
-    if (error) return;
-    _.each(englishJSON, (string, key) => {
-      var translationString = translationJSON[key];
-      cb(language, filename, key, string, translationString);
-    });
-  });
-}
-
-function formatMessageForPosting (msg, items) {
-  let body = `*Warning:* ${msg}`;
-  body += '\n\n```\n';
-  body += items.join('\n');
-  body += '\n```';
-
-  return body;
-}
-
-function getStringsWith (json, interpolationRegex) {
-  var strings = {};
-
-  _.each(json, function (file_name) {
-    var raw_file = fs.readFileSync(ENGLISH_LOCALE + file_name);
-    var parsed_json = JSON.parse(raw_file);
-
-    strings[file_name] = {};
-    _.each(parsed_json, function (value, key) {
-      var match = value.match(interpolationRegex);
-      if (match) strings[file_name][key] = match;
-    });
-  });
-
-  return strings;
-}
-
-function stripOutNonJsonFiles (collection) {
-  let onlyJson = _.filter(collection, (file) => {
-    return file.match(/[a-zA-Z]*\.json/);
-  });
-
-  return onlyJson;
-}

gulp/taskHelper.js

@@ -12,7 +12,7 @@ import { resolve }                from 'path';
  * Get access to configruable values
  */
 nconf.argv().env().file({ file: 'config.json' });
-export var conf = nconf;
+export const conf = nconf;
 
 /*
  * Kill a child process and any sub-children that process may have spawned.
@@ -26,11 +26,12 @@ export function kill (proc) {
         pids.forEach(kill); return;
       }
       try {
-        exec(/^win/.test(process.platform)
-          ? `taskkill /PID ${pid} /T /F`
-          : `kill -9 ${pid}`);
+        exec(/^win/.test(process.platform) ?
+          `taskkill /PID ${pid} /T /F` :
+          `kill -9 ${pid}`);
+      } catch (e) {
+        console.log(e); // eslint-disable-line no-console
       }
-      catch (e) { console.log(e); }
     });
   };
 
@@ -44,21 +45,25 @@ export function kill (proc) {
  * before failing.
  */
 export function awaitPort (port, max = 60) {
-  return new Bluebird((reject, resolve) => {
-    let socket, timeout, interval;
+  return new Bluebird((rej, res) => {
+    let socket;
+    let timeout;
+    let interval;
 
     timeout = setTimeout(() => {
       clearInterval(interval);
-      reject(`Timed out after ${max} seconds`);
+      rej(`Timed out after ${max} seconds`);
     }, max * 1000);
 
     interval = setInterval(() => {
-      socket = net.connect({port: port}, () => {
+      socket = net.connect({port}, () => {
         clearInterval(interval);
         clearTimeout(timeout);
         socket.destroy();
-        resolve();
-      }).on('error', () => { socket.destroy; });
+        res();
+      }).on('error', () => {
+        socket.destroy();
+      });
     }, 1000);
   });
 }
@@ -67,8 +72,12 @@ export function awaitPort (port, max = 60) {
  * Pipe the child's stdin and stderr to the parent process.
  */
 export function pipe (child) {
-  child.stdout.on('data', (data) => { process.stdout.write(data); });
-  child.stderr.on('data', (data) => { process.stderr.write(data); });
+  child.stdout.on('data', (data) => {
+    process.stdout.write(data);
+  });
+  child.stderr.on('data', (data) => {
+    process.stderr.write(data);
+  });
 }
 
 /*
@@ -78,8 +87,8 @@ export function postToSlack (msg, config = {}) {
   let slackUrl = nconf.get('SLACK_URL');
 
   if (!slackUrl) {
-    console.error('No slack post url specified. Your message was:');
-    console.log(msg);
+    console.error('No slack post url specified. Your message was:'); // eslint-disable-line no-console
+    console.log(msg); // eslint-disable-line no-console
 
     return;
   }
@@ -89,15 +98,15 @@ export function postToSlack (msg, config = {}) {
       channel: `#${config.channel || '#general'}`,
       username: config.username || 'gulp task',
       text: msg,
-      icon_emoji: `:${config.emoji || 'gulp'}:`,
+      icon_emoji: `:${config.emoji || 'gulp'}:`, // eslint-disable-line camelcase
     })
-    .end((err, res) => {
-      if (err) console.error('Unable to post to slack', err);
+    .end((err) => {
+      if (err) console.error('Unable to post to slack', err); // eslint-disable-line no-console
     });
 }
 
 export function runMochaTests (files, server, cb) {
-  require('../test/helpers/globals.helper');
+  require('../test/helpers/globals.helper'); // eslint-disable-line global-require
 
   let mocha = new Mocha({reporter: 'spec'});
   let tests = glob(files);
@@ -108,7 +117,7 @@ export function runMochaTests (files, server, cb) {
   });
 
   mocha.run((numberOfFailures) => {
-    if (!process.env.RUN_INTEGRATION_TEST_FOREVER) {
+    if (!process.env.RUN_INTEGRATION_TEST_FOREVER) { // eslint-disable-line no-process-env
       if (server) kill(server);
       process.exit(numberOfFailures);
     }

gulpfile.js

@@ -8,11 +8,10 @@
 
 require('babel-register');
 
-if (process.env.NODE_ENV === 'production') {
-  require('./gulp/gulp-apidoc');
-  require('./gulp/gulp-build');
-  require('./gulp/gulp-bootstrap');
+if (process.env.NODE_ENV === 'production') { // eslint-disable-line no-process-env
+  require('./gulp/gulp-apidoc'); // eslint-disable-line global-require
+  require('./gulp/gulp-build'); // eslint-disable-line global-require
 } else {
-  require('glob').sync('./gulp/gulp-*').forEach(require);
-  require('gulp').task('default', ['test']);
+  require('glob').sync('./gulp/gulp-*').forEach(require); // eslint-disable-line global-require
+  require('gulp').task('default', ['test']); // eslint-disable-line global-require
 }

migrations/20140831_increase_gems_for_previous_contributions.js

@@ -16,7 +16,7 @@ var migrationName = '20140831_increase_gems_for_previous_contributions';
  * https://github.com/HabitRPG/habitrpg/issues/3933
  * Increase Number of Gems for Contributors
  * author: Alys (d904bd62-da08-416b-a816-ba797c9ee265)
- * 
+ *
  * Increase everyone's gems per their contribution level.
  * Originally they were given 2 gems per tier.
  * Now they are given 3 gems per tier for tiers 1,2,3
@@ -70,7 +70,7 @@ dbUsers.findEach(query, fields, function(err, user) {
     var extraGems = tier; // tiers 1,2,3
     if (tier > 3)  { extraGems = 3 + (tier - 3) * 2; }
     if (tier == 8) { extraGems = 11; }
-    extraBalance = extraGems / 4;
+    var extraBalance = extraGems / 4;
     set['balance'] = user.balance + extraBalance;
 
     // Capture current state of user:

migrations/20151021_usernames_emails_lowercase.js

@@ -39,7 +39,7 @@ function findUsers(gt){
       console.log('User: ', countUsers, user._id);
 
       var update = {
-        $set: {};
+        $set: {}
       };
 
       if(user.auth && user.auth.local) {
@@ -60,4 +60,4 @@ function findUsers(gt){
   });
 };
 
-findUsers();
+findUsers();

migrations/20171030_jackolanterns.js

@@ -0,0 +1,111 @@
+var migrationName = '20171030_jackolanterns.js';
+var authorName = 'Sabe'; // in case script author needs to know when their ...
+var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
+
+/*
+ * Award the Jack-O'-Lantern ladder:
+ * Ghost Jack-O-Lantern Mount to owners of Ghost Jack-O-Lantern Pet
+ * Ghost Jack-O-Lantern Pet to owners of Jack-O-Lantern Mount
+ * Jack-O-Lantern Mount to owners of Jack-O-Lantern Pet
+ * Jack-O-Lantern Pet to everyone else
+ */
+
+var monk = require('monk');
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbUsers = monk(connectionString).get('users', { castIds: false });
+
+function processUsers(lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  var query = {
+    'migration':{$ne:migrationName},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [
+      'items.pets',
+      'items.mounts',
+    ] // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+  .then(updateUsers)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  var userPromises = users.map(updateUser);
+  var lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+  .then(function () {
+    processUsers(lastUser._id);
+  });
+}
+
+function updateUser (user) {
+  count++;
+
+  var set = {};
+  var inc = {
+    'items.food.Candy_Skeleton': 1,
+    'items.food.Candy_Base': 1,
+    'items.food.Candy_CottonCandyBlue': 1,
+    'items.food.Candy_CottonCandyPink': 1,
+    'items.food.Candy_Shade': 1,
+    'items.food.Candy_White': 1,
+    'items.food.Candy_Golden': 1,
+    'items.food.Candy_Zombie': 1,
+    'items.food.Candy_Desert': 1,
+    'items.food.Candy_Red': 1,
+  };
+
+  if (user && user.items && user.items.pets && user.items.pets['JackOLantern-Ghost']) {
+    set = {'migration':migrationName, 'items.mounts.JackOLantern-Ghost': true};
+  } else if (user && user.items && user.items.mounts && user.items.mounts['JackOLantern-Base']) {
+    set = {'migration':migrationName, 'items.pets.JackOLantern-Ghost': 5};
+  } else if (user && user.items && user.items.pets && user.items.pets['JackOLantern-Base']) {
+    set = {'migration':migrationName, 'items.mounts.JackOLantern-Base': true};
+  } else {
+    set = {'migration':migrationName, 'items.pets.JackOLantern-Base': 5};
+  }
+
+  dbUsers.update({_id: user._id}, {$set:set, $inc:inc});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + user._id);
+  if (user._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' users processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;

migrations/20171117_turkey_ladder.js

@@ -0,0 +1,128 @@
+var migrationName = '20171117_turkey_ladder.js';
+var authorName = 'Sabe'; // in case script author needs to know when their ...
+var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
+
+/*
+ * Award the Turkey Day ladder:
+ * Grant Turkey Costume to those who have the Gilded Turkey mount
+ * Grant Gilded Turkey mount to those who have the Gilded Turkey pet
+ * Grant Gilded Turkey pet to those who have the Base Turkey mount
+ * Grant Base Turkey mount to those who have the Base Turkey pet
+ * Grant Base Turkey pet to those who have none of the above yet
+ */
+
+var monk = require('monk');
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbUsers = monk(connectionString).get('users', { castIds: false });
+
+function processUsers(lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  var query = {
+    'migration':{$ne:migrationName},
+    'auth.timestamps.loggedin':{$gt:new Date('2017-11-01')},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [
+      'items.pets',
+      'items.mounts',
+    ] // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+  .then(updateUsers)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  var userPromises = users.map(updateUser);
+  var lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+  .then(function () {
+    processUsers(lastUser._id);
+  });
+}
+
+function updateUser (user) {
+  count++;
+
+  var set = {};
+
+  if (user && user.items && user.items.mounts && user.items.mounts['Turkey-Gilded']) {
+    set = {
+      migration: migrationName,
+      'items.gear.owned.head_special_turkeyHelmBase': false,
+      'items.gear.owned.armor_special_turkeyArmorBase': false,
+      'items.gear.owned.back_special_turkeyTailBase': false,
+    };
+    var push = [
+      {
+        type: 'marketGear',
+        path: 'gear.flat.head_special_turkeyHelmBase',
+        _id: monk.id(),
+      },
+      {
+        type: 'marketGear',
+        path: 'gear.flat.armor_special_turkeyArmorBase',
+        _id: monk.id(),
+      },
+      {
+        type: 'marketGear',
+        path: 'gear.flat.back_special_turkeyTailBase',
+        _id: monk.id(),
+      },
+    ];
+  } else if (user && user.items && user.items.pets && user.items.pets['Turkey-Gilded']) {
+    set = {'migration':migrationName, 'items.mounts.Turkey-Gilded':true};
+  } else if (user && user.items && user.items.mounts && user.items.mounts['Turkey-Base']) {
+    set = {'migration':migrationName, 'items.pets.Turkey-Gilded':5};
+  } else if (user && user.items && user.items.pets && user.items.pets['Turkey-Base']) {
+    set = {'migration':migrationName, 'items.mounts.Turkey-Base':true};
+  } else {
+    set = {'migration':migrationName, 'items.pets.Turkey-Base':5};
+  }
+
+  dbUsers.update({_id: user._id}, {$set: set});
+  if (push) {
+    dbUsers.update({_id: user._id}, {$push: {pinnedItems: {$each: push}}});
+  }
+
+  if (count % progressCount == 0) console.warn(count + ' ' + user._id);
+  if (user._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' users processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;

migrations/20171230_nye_hats.js

@@ -0,0 +1,103 @@
+var migrationName = '20171230_nye_hats.js';
+var authorName = 'Sabe'; // in case script author needs to know when their ...
+var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
+
+/*
+ * Award New Year's Eve party hats to users in sequence
+ */
+
+var monk = require('monk');
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbUsers = monk(connectionString).get('users', { castIds: false });
+
+function processUsers(lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  var query = {
+    'migration': {$ne:migrationName},
+    'auth.timestamps.loggedin': {$gt:new Date('2017-11-30')},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [
+      'items.gear.owned',
+    ] // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+  .then(updateUsers)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  var userPromises = users.map(updateUser);
+  var lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+  .then(function () {
+    processUsers(lastUser._id);
+  });
+}
+
+function updateUser (user) {
+  count++;
+
+  var set = {};
+  var push = {};
+
+  if (typeof user.items.gear.owned.head_special_nye2016 !== 'undefined') {
+    set = {'migration':migrationName, 'items.gear.owned.head_special_nye2017':false};
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.head_special_nye2017', '_id': monk.id()}};
+  } else if (typeof user.items.gear.owned.head_special_nye2015 !== 'undefined') {
+    set = {'migration':migrationName, 'items.gear.owned.head_special_nye2016':false};
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.head_special_nye2016', '_id': monk.id()}};
+  } else if (typeof user.items.gear.owned.head_special_nye2014 !== 'undefined') {
+    set = {'migration':migrationName, 'items.gear.owned.head_special_nye2015':false};
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.head_special_nye2015', '_id': monk.id()}};
+  } else if (typeof user.items.gear.owned.head_special_nye !== 'undefined') {
+    set = {'migration':migrationName, 'items.gear.owned.head_special_nye2014':false};
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.head_special_nye2014', '_id': monk.id()}};
+  } else {
+    set = {'migration':migrationName, 'items.gear.owned.head_special_nye':false};
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.head_special_nye', '_id': monk.id()}};
+  }
+
+  dbUsers.update({_id: user._id}, {$set: set, $push: push});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + user._id);
+  if (user._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' users processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;

migrations/20180110_nextPaymentProcessing.js

@@ -0,0 +1,79 @@
+/*
+ * Convert purchased.plan.nextPaymentProcessing from a double to a date field for Apple subscribers
+ */
+
+var monk = require('monk');
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbUsers = monk(connectionString).get('users', { castIds: false });
+
+function processUsers(lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  var query = {
+    'purchased.plan.paymentMethod': "Apple",
+    'purchased.plan.nextPaymentProcessing': {$type: 'double'},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+  })
+  .then(updateUsers)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 100;
+var count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  var userPromises = users.map(updateUser);
+  var lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+  .then(function () {
+    processUsers(lastUser._id);
+  });
+}
+
+function updateUser (user) {
+  count++;
+
+  var set = {
+    'purchased.plan.nextPaymentProcessing': new Date(user.purchased.plan.nextPaymentProcessing),
+  };
+
+  dbUsers.update({_id: user._id}, {$set: set});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + user._id);
+}
+
+function displayData() {
+  console.warn('\n' + count + ' users processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;

migrations/20180125_clean_new_notifications.js

@@ -0,0 +1,93 @@
+const UserNotification = require('../website/server/models/userNotification').model;
+const content = require('../website/common/script/content/index');
+
+const migrationName = '20180125_clean_new_migrations';
+const authorName = 'paglias'; // in case script author needs to know when their ...
+const authorUuid = 'ed4c688c-6652-4a92-9d03-a5a79844174a'; // ... own data is done
+
+/*
+ * Clean new migration types for processed users
+ */
+
+const monk = require('monk');
+const connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+const dbUsers = monk(connectionString).get('users', { castIds: false });
+
+const progressCount = 1000;
+let count = 0;
+
+function updateUser (user) {
+  count++;
+
+  const types = ['NEW_MYSTERY_ITEMS', 'CARD_RECEIVED', 'NEW_CHAT_MESSAGE'];
+
+  dbUsers.update({_id: user._id}, {
+    $pull: {notifications: { type: {$in: types } } },
+    $set: {migration: migrationName},
+  });
+
+  if (count % progressCount === 0) console.warn(`${count  } ${  user._id}`);
+  if (user._id === authorUuid) console.warn(`${authorName  } processed`);
+}
+
+function exiting (code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) {
+    msg = 'ERROR!';
+  }
+  if (msg) {
+    if (code) {
+      console.error(msg);
+    } else      {
+      console.log(msg);
+    }
+  }
+  process.exit(code);
+}
+
+function displayData () {
+  console.warn(`\n${  count  } users processed\n`);
+  return exiting(0);
+}
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  const userPromises = users.map(updateUser);
+  const lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+    .then(() => {
+      processUsers(lastUser._id);
+    });
+}
+
+function processUsers (lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  const query = {
+    migration: {$ne: migrationName},
+    'auth.timestamps.loggedin': {$gt: new Date('2010-01-24')},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId,
+    };
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+  })
+    .then(updateUsers)
+    .catch((err) => {
+      console.log(err);
+      return exiting(1, `ERROR! ${  err}`);
+    });
+}
+
+module.exports = processUsers;

migrations/20180125_notifications.js

@@ -0,0 +1,149 @@
+const UserNotification = require('../website/server/models/userNotification').model;
+const content = require('../website/common/script/content/index');
+
+const migrationName = '20180125_migrations-v2';
+const authorName = 'paglias'; // in case script author needs to know when their ...
+const authorUuid = 'ed4c688c-6652-4a92-9d03-a5a79844174a'; // ... own data is done
+
+/*
+ * Migrate to new notifications system
+ */
+
+const monk = require('monk');
+const connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+const dbUsers = monk(connectionString).get('users', { castIds: false });
+
+const progressCount = 1000;
+let count = 0;
+
+function updateUser (user) {
+  count++;
+
+  const notifications = [];
+
+  // UNALLOCATED_STATS_POINTS skipped because added on each save
+  // NEW_STUFF skipped because it's a new type
+  // GROUP_TASK_NEEDS_WORK because it's a new type
+  // NEW_INBOX_MESSAGE not implemented yet
+
+
+  // NEW_MYSTERY_ITEMS
+  const mysteryItems = user.purchased && user.purchased.plan && user.purchased.plan.mysteryItems;
+  if (Array.isArray(mysteryItems) && mysteryItems.length > 0) {
+    const newMysteryNotif = new UserNotification({
+      type: 'NEW_MYSTERY_ITEMS',
+      data: {
+        items: mysteryItems,
+      },
+    }).toJSON();
+    notifications.push(newMysteryNotif);
+  }
+
+  // CARD_RECEIVED
+  Object.keys(content.cardTypes).forEach(cardType => {
+    const existingCards = user.items.special[`${cardType}Received`] || [];
+    existingCards.forEach(sender => {
+      const newNotif = new UserNotification({
+        type: 'CARD_RECEIVED',
+        data: {
+          card: cardType,
+          from: {
+            // id is missing in old notifications
+            name: sender,
+          },
+        },
+      }).toJSON();
+
+      notifications.push(newNotif);
+    });
+  });
+
+  // NEW_CHAT_MESSAGE
+  Object.keys(user.newMessages).forEach(groupId => {
+    const existingNotif = user.newMessages[groupId];
+
+    if (existingNotif) {
+      const newNotif = new UserNotification({
+        type: 'NEW_CHAT_MESSAGE',
+        data: {
+          group: {
+            id: groupId,
+            name: existingNotif.name,
+          },
+        },
+      }).toJSON();
+
+      notifications.push(newNotif);
+    }
+  });
+
+  dbUsers.update({_id: user._id}, {
+    $push: {notifications: { $each: notifications } },
+    $set: {migration: migrationName},
+  });
+
+  if (count % progressCount === 0) console.warn(`${count  } ${  user._id}`);
+  if (user._id === authorUuid) console.warn(`${authorName  } processed`);
+}
+
+function exiting (code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) {
+    msg = 'ERROR!';
+  }
+  if (msg) {
+    if (code) {
+      console.error(msg);
+    } else      {
+      console.log(msg);
+    }
+  }
+  process.exit(code);
+}
+
+function displayData () {
+  console.warn(`\n${  count  } users processed\n`);
+  return exiting(0);
+}
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  const userPromises = users.map(updateUser);
+  const lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+    .then(() => {
+      processUsers(lastUser._id);
+    });
+}
+
+function processUsers (lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  const query = {
+    migration: {$ne: migrationName},
+    'auth.timestamps.loggedin': {$gt: new Date('2010-01-24')},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId,
+    };
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+  })
+    .then(updateUsers)
+    .catch((err) => {
+      console.log(err);
+      return exiting(1, `ERROR! ${  err}`);
+    });
+}
+
+module.exports = processUsers;

migrations/20180130_habit_birthday.js

@@ -0,0 +1,118 @@
+var migrationName = '20180130_habit_birthday.js';
+var authorName = 'Sabe'; // in case script author needs to know when their ...
+var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
+
+/*
+ * Award party robes: most recent user doesn't have of 2014-2018. Also cake!
+ */
+
+var monk = require('monk');
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbUsers = monk(connectionString).get('users', { castIds: false });
+
+function processUsers(lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  var query = {
+    'migration':{$ne:migrationName},
+    'auth.timestamps.loggedin':{$gt:new Date('2018-01-01')}, // remove after first run to cover remaining users
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [ // specify fields we are interested in to limit retrieved data (empty if we're not reading data)
+      'items.gear.owned'
+    ],
+  })
+  .then(updateUsers)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  var userPromises = users.map(updateUser);
+  var lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+  .then(function () {
+    processUsers(lastUser._id);
+  });
+}
+
+function updateUser (user) {
+  count++;
+
+  var push;
+  var set = {'migration':migrationName};
+
+  if (user.items && user.items.gear && user.items.gear.owned && user.items.gear.owned.hasOwnProperty('armor_special_birthday2017')) {
+    set['items.gear.owned.armor_special_birthday2018'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.armor_special_birthday2018', '_id': monk.id()}};
+  } else if (user.items && user.items.gear && user.items.gear.owned && user.items.gear.owned.hasOwnProperty('armor_special_birthday2016')) {
+    set['items.gear.owned.armor_special_birthday2017'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.armor_special_birthday2017', '_id': monk.id()}};
+  } else if (user.items && user.items.gear && user.items.gear.owned && user.items.gear.owned.hasOwnProperty('armor_special_birthday2015')) {
+    set['items.gear.owned.armor_special_birthday2016'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.armor_special_birthday2016', '_id': monk.id()}};
+  } else if (user.items && user.items.gear && user.items.gear.owned && user.items.gear.owned.hasOwnProperty('armor_special_birthday')) {
+    set['items.gear.owned.armor_special_birthday2015'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.armor_special_birthday2015', '_id': monk.id()}};
+  } else {
+    set['items.gear.owned.armor_special_birthday'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.armor_special_birthday', '_id': monk.id()}};
+  }
+
+  var inc = {
+    'items.food.Cake_Skeleton':1,
+    'items.food.Cake_Base':1,
+    'items.food.Cake_CottonCandyBlue':1,
+    'items.food.Cake_CottonCandyPink':1,
+    'items.food.Cake_Shade':1,
+    'items.food.Cake_White':1,
+    'items.food.Cake_Golden':1,
+    'items.food.Cake_Zombie':1,
+    'items.food.Cake_Desert':1,
+    'items.food.Cake_Red':1,
+    'achievements.habitBirthdays':1
+  };
+
+  dbUsers.update({_id: user._id}, {$set: set, $inc: inc, $push: push});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + user._id);
+  if (user._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' users processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;
+

migrations/docs/mongo-indexes.md

@@ -0,0 +1,58 @@
+# Indexes
+
+This file contains a list of indexes that are on Habitica's production Mongo server.
+If we ever have an issue, use this list to reindex.
+
+## Challenges
+ - `{ "group": 1, "official": -1, "timestamp": -1 }`
+ - `{ "leader": 1, "official": -1, "timestamp": -1 }`
+ - `{ "official": -1, "timestamp": -1 }`
+
+## Groups
+ - `{ "privacy": 1, "type": 1, "memberCount": -1 }`
+ - `{ "privacy": 1 }`
+ - `{ "purchased.plan.customerId": 1 }`
+ - `{ "purchased.plan.paymentMethod": 1 }`
+ - `{ "purchased.plan.planId": 1, "purchased.plan.dateTerminated": 1 }`
+ - `{ "type": 1, "memberCount": -1, "_id": 1 }`
+ - `{ "type": 1 }`
+
+## Tasks
+ - `{ "challenge.id": 1 }`
+ - `{ "challenge.taskId": 1 }`
+ - `{ "group.id": 1 }`
+ - `{ "group.taskId": 1 }`
+ - `{ "type": 1, "everyX": 1, "frequency": 1 }`
+ - `{ "userId": 1 }`
+ - `{ "yesterDaily": 1, "type": 1 }`
+
+## Users
+ - `{ "_id": 1, "apiToken": 1 }`
+ - `{ "auth.facebook.emails.value": 1 }`
+ - `{ "auth.facebook.id": 1 }`
+ - `{ "auth.google.emails.value": 1 }`
+ - `{ "auth.google.id": 1 }`
+ - `{ "auth.local.email": 1 }`
+ - `{ "auth.local.lowerCaseUsername": 1 }`
+ - `{ "auth.local.username": 1 }`
+ - `{ "auth.timestamps.created": 1 }`
+ - `{ "auth.timestamps.loggedin": 1, "_lastPushNotification": 1, "preferences.timezoneOffset": 1 }`
+ - `{ "auth.timestamps.loggedin": 1 }`
+ - `{ "backer.tier": -1 }`
+ - `{ "challenges": 1, "_id": 1 }`
+ - `{ "contributor.admin": 1, "contributor.level": -1, "backer.npc": -1, "profile.name": 1 }`
+ - `{ "contributor.level": 1 }`
+ - `{ "flags.newStuff": 1 }`
+ - `{ "guilds": 1, "_id": 1 }`
+ - `{ "invitations.guilds.id": 1, "_id": 1 }`
+ - `{ "invitations.party.id": 1 }`
+ - `{ "loginIncentives": 1 }`
+ - `{ "migration": 1 }`
+ - {` "party._id": 1, "_id": 1 }`
+ - `{ "preferences.sleep": 1, "_id": 1, "flags.lastWeeklyRecap": 1, "preferences.emailNotifications.unsubscribeFromAll": 1, "preferences.emailNotifications.weeklyRecaps": 1 }`
+ - `{ "preferences.sleep": 1, "_id": 1, "lastCron": 1, "preferences.emailNotifications.importantAnnouncements": 1, "preferences.emailNotifications.unsubscribeFromAll": 1, "flags.recaptureEmailsPhase": 1 }`
+ - `{ "profile.name": 1 }`
+ - `{ "purchased.plan.customerId": 1 }`
+ - `{ "purchased.plan.paymentMethod": 1 }`
+ - `{ "stats.score.overall": 1 }`
+ - `{ "webhooks.type": 1 }`

migrations/migration-runner.js

@@ -17,8 +17,5 @@ function setUpServer () {
 setUpServer();
 
 // Replace this with your migration
-var processUsers = require('./groups/update-groups-with-group-plans');
-processUsers()
-  .catch(function (err) {
-      console.log(err)
-  })
+const processUsers = require('./20180125_clean_new_notifications.js');
+processUsers();

migrations/mystery_items.js

@@ -1,10 +1,23 @@
+var UserNotification = require('../website/server/models/userNotification').model
+
 var _id = '';
+
+var items = ['back_mystery_201801','headAccessory_mystery_201801']
+
 var update = {
   $addToSet: {
     'purchased.plan.mysteryItems':{
-      $each:['armor_mystery_201710','head_mystery_201710']
+      $each: items,
     }
-  }
+  },
+  $push: {
+    notifications: (new UserNotification({
+      type: 'NEW_MYSTERY_ITEMS',
+      data: {
+        items: items,
+      },
+    })).toJSON(),
+  },
 };
 
 /*var update = {

migrations/takeThis.js

@@ -1,4 +1,4 @@
-var migrationName = '20170502_takeThis.js'; // Update per month
+var migrationName = '20180102_takeThis.js'; // Update per month
 var authorName = 'Sabe'; // in case script author needs to know when their ...
 var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
 
@@ -7,14 +7,14 @@ var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
  */
 
 var monk = require('monk');
-var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var connectionString = 'mongodb://sabrecat:z8e8jyRA8CTofMQ@ds013393-a0.mlab.com:13393/habitica?auto_reconnect=true';
 var dbUsers = monk(connectionString).get('users', { castIds: false });
 
 function processUsers(lastId) {
   // specify a query to limit the affected users (empty for all users):
   var query = {
     'migration':{$ne:migrationName},
-    'challenges':{$in:['69999331-d4ea-45a0-8c3f-f725d22b56c8']} // Update per month
+    'challenges':{$in:['5f70ce5b-2d82-4114-8e44-ca65615aae62']} // Update per month
   };
 
   if (lastId) {
@@ -65,19 +65,29 @@ function updateUser (user) {
     set = {'migration':migrationName};
   } else if (typeof user.items.gear.owned.body_special_takeThis !== 'undefined') {
     set = {'migration':migrationName, 'items.gear.owned.back_special_takeThis':false};
+    var push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.back_special_takeThis', '_id': monk.id()}};
   } else if (typeof user.items.gear.owned.head_special_takeThis !== 'undefined') {
     set = {'migration':migrationName, 'items.gear.owned.body_special_takeThis':false};
+    var push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.body_special_takeThis', '_id': monk.id()}};
   } else if (typeof user.items.gear.owned.armor_special_takeThis !== 'undefined') {
     set = {'migration':migrationName, 'items.gear.owned.head_special_takeThis':false};
+    var push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.head_special_takeThis', '_id': monk.id()}};
   } else if (typeof user.items.gear.owned.weapon_special_takeThis !== 'undefined') {
     set = {'migration':migrationName, 'items.gear.owned.armor_special_takeThis':false};
+    var push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.armor_special_takeThis', '_id': monk.id()}};
   } else if (typeof user.items.gear.owned.shield_special_takeThis !== 'undefined') {
     set = {'migration':migrationName, 'items.gear.owned.weapon_special_takeThis':false};
+    var push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.weapon_special_takeThis', '_id': monk.id()}};
   } else {
     set = {'migration':migrationName, 'items.gear.owned.shield_special_takeThis':false};
+    var push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.shield_special_takeThis', '_id': monk.id()}};
   }
 
-  dbUsers.update({_id: user._id}, {$set:set});
+  if (push) {
+    dbUsers.update({_id: user._id}, {$set: set, $push: push});
+  } else {
+    dbUsers.update({_id: user._id}, {$set: set});
+  }
 
   if (count % progressCount == 0) console.warn(count + ' ' + user._id);
   if (user._id == authorUuid) console.warn(authorName + ' processed');

migrations/tasks/tasks-set-everyX.js

@@ -0,0 +1,88 @@
+var migrationName = 'tasks-set-everyX';
+var authorName = 'Sabe'; // in case script author needs to know when their ...
+var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
+
+/*
+ * Iterates over all tasks and sets invalid everyX values (less than 0 or more than 9999 or not an int) field to 0
+ */
+
+var monk = require('monk');
+var connectionString = 'mongodb://sabrecat:z8e8jyRA8CTofMQ@ds013393-a0.mlab.com:13393/habitica?auto_reconnect=true';
+var dbTasks = monk(connectionString).get('tasks', { castIds: false });
+
+function processTasks(lastId) {
+  // specify a query to limit the affected tasks (empty for all tasks):
+  var query = {
+    type: "daily",
+    everyX: {
+      $not: {
+        $gte: 0,
+        $lte: 9999,
+        $type: "int",
+      }
+    },
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbTasks.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [],
+  })
+  .then(updateTasks)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateTasks (tasks) {
+  if (!tasks || tasks.length === 0) {
+    console.warn('All appropriate tasks found and modified.');
+    displayData();
+    return;
+  }
+
+  var taskPromises = tasks.map(updatetask);
+  var lasttask = tasks[tasks.length - 1];
+
+  return Promise.all(taskPromises)
+  .then(function () {
+    processTasks(lasttask._id);
+  });
+}
+
+function updatetask (task) {
+  count++;
+  var set = {'everyX': 0};
+
+  dbTasks.update({_id: task._id}, {$set:set});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + task._id);
+  if (task._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' tasks processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processTasks;

migrations/users/account-transfer.js

@@ -0,0 +1,38 @@
+var migrationName = 'AccountTransfer';
+var authorName = 'TheHollidayInn'; // in case script author needs to know when their ...
+var authorUuid = ''; //... own data is done
+
+/*
+ * This migraition will copy user data from prod to test
+ */
+
+const monk = require('monk');
+const connectionString = '';
+const Users = monk(connectionString).get('users', { castIds: false });
+
+import uniq from 'lodash/uniq';
+import Bluebird from 'bluebird';
+
+
+module.exports = async function accountTransfer () {
+  const fromAccountId = '';
+  const toAccountId = '';
+
+  const fromAccount = await Users.findOne({_id: fromAccountId});
+  const toAccount = await Users.findOne({_id: toAccountId});
+
+  const newMounts = Object.assign({}, fromAccount.items.mounts, toAccount.items.mounts);
+  const newPets = Object.assign({}, fromAccount.items.pets, toAccount.items.pets);
+  const newBackgrounds = Object.assign({}, fromAccount.purchased.background, toAccount.purchased.background);
+
+  await Users.update({_id: toAccountId}, {
+    $set: {
+      'items.pets': newPets,
+      'items.mounts': newMounts,
+      'purchased.background': newBackgrounds,
+    },
+  })
+  .then((result) => {
+    console.log(result);
+  });
+};

migrations/users/achievement-restore.js

@@ -0,0 +1,93 @@
+const migrationName = 'AchievementRestore';
+const authorName = 'TheHollidayInn'; // in case script author needs to know when their ...
+const authorUuid = ''; //... own data is done
+
+/*
+ * This migraition will copy user data from prod to test
+ */
+import Bluebird from 'bluebird';
+
+const monk = require('monk');
+const connectionString = 'mongodb://localhost/new-habit';
+const Users = monk(connectionString).get('users', { castIds: false });
+
+const monkOld = require('monk');
+const oldConnectionSting = 'mongodb://localhost/old-habit';
+const UsersOld = monk(oldConnectionSting).get('users', { castIds: false });
+
+function getAchievementUpdate (newUser, oldUser) {
+  const oldAchievements = oldUser.achievements;
+  const newAchievements = newUser.achievements;
+
+  let achievementsUpdate = Object.assign({}, newAchievements);
+
+  // ultimateGearSets
+  if (!achievementsUpdate.ultimateGearSets && oldAchievements.ultimateGearSets) {
+    achievementsUpdate.ultimateGearSets = oldAchievements.ultimateGearSets;
+  } else if (oldAchievements.ultimateGearSets) {
+    for (let index in oldAchievements.ultimateGearSets) {
+      if (oldAchievements.ultimateGearSets[index]) achievementsUpdate.ultimateGearSets[index] = true;
+    }
+  }
+
+  // challenges
+  if (!newAchievements.challenges) newAchievements.challenges = [];
+  if (!oldAchievements.challenges) oldAchievements.challenges = [];
+  achievementsUpdate.challenges = newAchievements.challenges.concat(oldAchievements.challenges);
+
+  // Quests
+  if (!achievementsUpdate.quests) achievementsUpdate.quests = {};
+  for (let index in oldAchievements.quests) {
+    if (!achievementsUpdate.quests[index]) {
+      achievementsUpdate.quests[index] = oldAchievements.quests[index];
+    } else {
+      achievementsUpdate.quests[index] += oldAchievements.quests[index];
+    }
+  }
+
+  // Rebirth level
+  if (achievementsUpdate.rebirthLevel) {
+    achievementsUpdate.rebirthLevel = Math.max(achievementsUpdate.rebirthLevel, oldAchievements.rebirthLevel);
+  } else if (oldAchievements.rebirthLevel) {
+    achievementsUpdate.rebirthLevel = oldAchievements.rebirthLevel;
+  }
+
+  //All others
+  const indexsToIgnore = ['ultimateGearSets', 'challenges', 'quests', 'rebirthLevel'];
+  for (let index in oldAchievements) {
+    if (indexsToIgnore.indexOf(index) !== -1) continue;
+
+    if (!achievementsUpdate[index])  {
+      achievementsUpdate[index] = oldAchievements[index];
+      continue;
+    }
+
+    if (Number.isInteger(oldAchievements[index])) {
+      achievementsUpdate[index] += oldAchievements[index];
+    } else {
+      if (oldAchievements[index] === true) achievementsUpdate[index] = true;
+    }
+  }
+
+  return achievementsUpdate;
+}
+
+module.exports = async function achievementRestore () {
+  const userIds = [
+  ];
+
+  for (let index in userIds) {
+    const userId = userIds[index];
+    const oldUser = await UsersOld.findOne({_id: userId}, 'achievements');
+    const newUser = await Users.findOne({_id: userId}, 'achievements');
+    const achievementUpdate = getAchievementUpdate(newUser, oldUser);
+    await Users.update(
+      {_id: userId},
+      {
+        $set: {
+          'achievements': achievementUpdate,
+        },
+      });
+    console.log(`Updated ${userId}`);
+  }
+};

package.json

@@ -1,7 +1,7 @@
 {
   "name": "habitica",
   "description": "A habit tracker app which treats your goals like a Role Playing Game.",
-  "version": "4.6.3",
+  "version": "4.24.0",
   "main": "./website/server/index.js",
   "dependencies": {
     "@slack/client": "^3.8.1",
@@ -27,15 +27,12 @@
     "babel-preset-es2015": "^6.6.0",
     "babel-register": "^6.6.0",
     "babel-runtime": "^6.11.6",
-    "babelify": "^7.2.0",
     "bcrypt": "^1.0.2",
     "bluebird": "^3.3.5",
     "body-parser": "^1.15.0",
-    "bootstrap": "4.0.0-alpha.6",
-    "bootstrap-vue": "1.0.0-beta.7",
-    "browserify": "~12.0.1",
+    "bootstrap": "^4.0.0",
+    "bootstrap-vue": "^1.5.0",
     "compression": "^1.6.1",
-    "connect-ratelimit": "0.0.7",
     "cookie-session": "^1.2.0",
     "coupon-code": "^0.4.5",
     "cross-env": "^4.0.0",
@@ -43,13 +40,10 @@
     "csv-stringify": "^1.0.2",
     "cwait": "~1.0.1",
     "domain-middleware": "~0.1.0",
-    "estraverse": "^4.1.1",
     "express": "~4.14.0",
     "express-basic-auth": "^1.0.1",
-    "express-csv": "~0.6.0",
     "express-validator": "^2.18.0",
     "extract-text-webpack-plugin": "^2.0.0-rc.3",
-    "file-loader": "^0.10.0",
     "glob": "^4.3.5",
     "got": "^6.1.1",
     "gulp": "^3.9.0",
@@ -72,38 +66,32 @@
     "merge-stream": "^1.0.0",
     "method-override": "^2.3.5",
     "moment": "^2.13.0",
-    "moment-recur": "git://github.com/habitrpg/moment-recur#f147ef27bbc26ca67638385f3db4a44084c76626",
-    "mongoose": "~4.8.6",
+    "moment-recur": "git://github.com/habitrpg/moment-recur.git#f147ef27bbc26ca67638385f3db4a44084c76626",
+    "mongoose": "^4.8.6",
     "mongoose-id-autoinc": "~2013.7.14-4",
     "morgan": "^1.7.0",
     "nconf": "~0.8.2",
-    "nib": "^1.1.0",
     "node-gcm": "^0.14.4",
     "node-sass": "^4.5.0",
     "nodemailer": "^2.3.2",
-    "object-path": "^0.9.2",
     "ora": "^1.1.0",
     "pageres": "^4.1.1",
     "passport": "^0.3.2",
     "passport-facebook": "^2.0.0",
     "passport-google-oauth20": "1.0.0",
     "paypal-ipn": "3.0.0",
-    "paypal-rest-sdk": "^1.2.1",
-    "popper.js": "^1.11.0",
+    "paypal-rest-sdk": "^1.8.1",
+    "popper.js": "^1.13.0",
     "postcss-easy-import": "^2.0.0",
-    "pretty-data": "^0.40.0",
     "ps-tree": "^1.0.0",
     "pug": "^2.0.0-beta.12",
-    "push-notify": "git://github.com/habitrpg/push-notify#6bc2b5fdb1bdc9649b9ec1964d79ca50187fc8a9",
+    "push-notify": "git://github.com/habitrpg/push-notify.git#6bc2b5fdb1bdc9649b9ec1964d79ca50187fc8a9",
     "pusher": "^1.3.0",
     "request": "~2.74.0",
     "rimraf": "^2.4.3",
     "run-sequence": "^1.1.4",
-    "s3-upload-stream": "^1.0.6",
     "sass-loader": "^6.0.2",
-    "serve-favicon": "^2.3.0",
     "shelljs": "^0.7.6",
-    "sortablejs": "^1.6.1",
     "stripe": "^4.2.0",
     "superagent": "^3.4.3",
     "svg-inline-loader": "^0.7.1",
@@ -114,15 +102,14 @@
     "useragent": "^2.1.9",
     "uuid": "^3.0.1",
     "validator": "^4.9.0",
-    "vinyl-buffer": "^1.0.0",
-    "vinyl-source-stream": "^1.1.0",
-    "vue": "^2.1.0",
-    "vue-loader": "^11.0.0",
+    "vue": "^2.5.2",
+    "vue-loader": "^13.3.0",
     "vue-mugen-scroll": "^0.2.1",
-    "vue-router": "^2.0.0-rc.5",
+    "vue-router": "^3.0.0",
     "vue-style-loader": "^3.0.0",
-    "vue-template-compiler": "^2.1.10",
-    "vuejs-datepicker": "git://github.com/habitrpg/vuejs-datepicker#45e607a7bccf4e3e089761b3b7b33e3f2c5dc21f",
+    "vue-template-compiler": "^2.5.2",
+    "vuedraggable": "^2.15.0",
+    "vuejs-datepicker": "git://github.com/habitrpg/vuejs-datepicker.git#5d237615463a84a23dd6f3f77c6ab577d68593ec",
     "webpack": "^2.2.1",
     "webpack-merge": "^4.0.0",
     "winston": "^2.1.0",
@@ -136,7 +123,7 @@
   },
   "scripts": {
     "lint": "eslint --ext .js,.vue .",
-    "test": "npm run lint && gulp test && npm run client:unit && gulp apidoc",
+    "test": "npm run lint && gulp test && gulp apidoc",
     "test:build": "gulp test:prepare:build",
     "test:api-v3": "gulp test:api-v3",
     "test:api-v3:unit": "gulp test:api-v3:unit",
@@ -148,7 +135,7 @@
     "test:nodemon": "gulp test:nodemon",
     "coverage": "COVERAGE=true mocha --require register-handlers.js --reporter html-cov > coverage.html; open coverage.html",
     "sprites": "gulp sprites:compile",
-    "client:dev": "gulp bootstrap && node webpack/dev-server.js",
+    "client:dev": "node webpack/dev-server.js",
     "client:build": "gulp build:client",
     "client:unit": "cross-env NODE_ENV=test karma start test/client/unit/karma.conf.js --single-run",
     "client:unit:watch": "cross-env NODE_ENV=test karma start test/client/unit/karma.conf.js",
@@ -168,18 +155,15 @@
     "coveralls": "^2.11.2",
     "cross-spawn": "^5.0.1",
     "csv": "~0.3.6",
-    "deep-diff": "~0.1.4",
     "eslint": "^3.0.0",
     "eslint-config-habitrpg": "^3.0.0",
     "eslint-friendly-formatter": "^2.0.5",
     "eslint-loader": "^1.3.0",
     "eslint-plugin-html": "^2.0.0",
     "eslint-plugin-mocha": "^4.7.0",
-    "event-stream": "^3.2.2",
     "eventsource-polyfill": "^0.9.6",
     "expect.js": "~0.2.0",
     "http-proxy-middleware": "^0.17.0",
-    "inject-loader": "^3.0.0-beta4",
     "istanbul": "^1.1.0-alpha.1",
     "karma": "^1.3.0",
     "karma-babel-preprocessor": "^6.0.1",
@@ -194,23 +178,17 @@
     "karma-spec-reporter": "0.0.24",
     "karma-webpack": "^2.0.2",
     "lcov-result-merger": "^1.0.2",
-    "lolex": "^1.4.0",
     "mocha": "^3.2.0",
-    "mongodb": "^2.0.46",
+    "mongodb": "^2.2.33",
     "mongoskin": "~2.1.0",
     "monk": "^4.0.0",
     "nightwatch": "^0.9.12",
     "phantomjs-prebuilt": "^2.1.12",
-    "protractor": "^3.1.1",
-    "raw-loader": "^0.5.1",
     "require-again": "^2.0.0",
-    "rewire": "^2.3.3",
     "selenium-server": "^3.0.1",
-    "sinon": "^1.17.2",
+    "sinon": "^4.2.2",
     "sinon-chai": "^2.8.0",
     "sinon-stub-promise": "^4.0.0",
-    "superagent-defaults": "^0.1.13",
-    "vinyl-transform": "^1.0.0",
     "webpack-bundle-analyzer": "^2.2.1",
     "webpack-dev-middleware": "^1.10.0",
     "webpack-hot-middleware": "^2.6.1"

test/api/v3/integration/challenges/GET-challenges_challengeId_export_csv.test.js

@@ -64,11 +64,11 @@ describe('GET /challenges/:challengeId/export/csv', () => {
     let sortedMembers = _.sortBy([members[0], members[1], members[2], groupLeader], '_id');
     let splitRes = res.split('\n');
 
-    expect(splitRes[0]).to.equal('UUID,name,Task,Value,Notes,Task,Value,Notes');
-    expect(splitRes[1]).to.equal(`${sortedMembers[0]._id},${sortedMembers[0].profile.name},habit:Task 1,0,,todo:Task 2,0,`);
-    expect(splitRes[2]).to.equal(`${sortedMembers[1]._id},${sortedMembers[1].profile.name},habit:Task 1,0,,todo:Task 2,0,`);
-    expect(splitRes[3]).to.equal(`${sortedMembers[2]._id},${sortedMembers[2].profile.name},habit:Task 1,0,,todo:Task 2,0,`);
-    expect(splitRes[4]).to.equal(`${sortedMembers[3]._id},${sortedMembers[3].profile.name},habit:Task 1,0,,todo:Task 2,0,`);
+    expect(splitRes[0]).to.equal('UUID,name,Task,Value,Notes,Streak,Task,Value,Notes,Streak');
+    expect(splitRes[1]).to.equal(`${sortedMembers[0]._id},${sortedMembers[0].profile.name},habit:Task 1,0,,0,todo:Task 2,0,,0`);
+    expect(splitRes[2]).to.equal(`${sortedMembers[1]._id},${sortedMembers[1].profile.name},habit:Task 1,0,,0,todo:Task 2,0,,0`);
+    expect(splitRes[3]).to.equal(`${sortedMembers[2]._id},${sortedMembers[2].profile.name},habit:Task 1,0,,0,todo:Task 2,0,,0`);
+    expect(splitRes[4]).to.equal(`${sortedMembers[3]._id},${sortedMembers[3].profile.name},habit:Task 1,0,,0,todo:Task 2,0,,0`);
     expect(splitRes[5]).to.equal('');
   });
 });

test/api/v3/integration/challenges/GET-challenges_challengeId_members.test.js

@@ -149,7 +149,10 @@ describe('GET /challenges/:challengeId/members', () => {
 
     let usersToGenerate = [];
     for (let i = 0; i < 3; i++) {
-      usersToGenerate.push(generateUser({challenges: [challenge._id]}));
+      usersToGenerate.push(generateUser({
+        challenges: [challenge._id],
+        'profile.name': `${i}profilename`,
+      }));
     }
     let generatedUsers = await Promise.all(usersToGenerate);
     let profileNames = generatedUsers.map(generatedUser => generatedUser.profile.name);

test/api/v3/integration/challenges/GET-challenges_challengeId_members_memberId.test.js

@@ -95,13 +95,23 @@ describe('GET /challenges/:challengeId/members/:memberId', () => {
     expect(memberProgress.tasks[0].challenge.taskId).to.equal(chalTasks[0]._id);
   });
 
-  it('returns the tasks without the tags', async () => {
+  it('returns the tasks without the tags and checklist', async () => {
     let group = await generateGroup(user, {type: 'party', name: generateUUID()});
     let challenge = await generateChallenge(user, group);
     let taskText = 'Test Text';
-    await user.post(`/tasks/challenge/${challenge._id}`, [{type: 'habit', text: taskText}]);
+    await user.post(`/tasks/challenge/${challenge._id}`, [{
+      type: 'todo',
+      text: taskText,
+      checklist: [
+        {
+          _id: 123,
+          text: 'test',
+        },
+      ],
+    }]);
 
     let memberProgress = await user.get(`/challenges/${challenge._id}/members/${user._id}`);
     expect(memberProgress.tasks[0]).not.to.have.key('tags');
+    expect(memberProgress.tasks[0].checklist).to.eql([]);
   });
 });

test/api/v3/integration/challenges/GET-challenges_group_groupid.test.js

@@ -4,6 +4,7 @@ import {
   createAndPopulateGroup,
   translate as t,
 } from '../../../../helpers/api-v3-integration.helper';
+import { TAVERN_ID } from '../../../../../website/common/script/constants';
 
 describe('GET challenges/groups/:groupId', () => {
   context('Public Guild', () => {
@@ -181,4 +182,123 @@ describe('GET challenges/groups/:groupId', () => {
       expect(foundChallengeIndex).to.eql(1);
     });
   });
+
+  context('Party', () => {
+    let party, user, nonMember, challenge, challenge2;
+
+    before(async () => {
+      let { group, groupLeader } = await createAndPopulateGroup({
+        groupDetails: {
+          name: 'TestParty',
+          type: 'party',
+        },
+      });
+
+      party = group;
+      user = groupLeader;
+
+      nonMember = await generateUser();
+
+      challenge = await generateChallenge(user, group);
+      challenge2 = await generateChallenge(user, group);
+    });
+
+    it('should prevent non-member from seeing challenges', async () => {
+      await expect(nonMember.get(`/challenges/groups/${party._id}`))
+        .to.eventually.be.rejected.and.eql({
+          code: 404,
+          error: 'NotFound',
+          message: t('groupNotFound'),
+        });
+    });
+
+    it('should return group challenges for member with populated leader', async () => {
+      let challenges = await user.get(`/challenges/groups/${party._id}`);
+
+      let foundChallenge1 = _.find(challenges, { _id: challenge._id });
+      expect(foundChallenge1).to.exist;
+      expect(foundChallenge1.leader).to.eql({
+        _id: party.leader._id,
+        id: party.leader._id,
+        profile: {name: user.profile.name},
+      });
+      let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
+      expect(foundChallenge2).to.exist;
+      expect(foundChallenge2.leader).to.eql({
+        _id: party.leader._id,
+        id: party.leader._id,
+        profile: {name: user.profile.name},
+      });
+    });
+
+    it('should return group challenges for member using ID "party"', async () => {
+      let challenges = await user.get('/challenges/groups/party');
+
+      let foundChallenge1 = _.find(challenges, { _id: challenge._id });
+      expect(foundChallenge1).to.exist;
+      expect(foundChallenge1.leader).to.eql({
+        _id: party.leader._id,
+        id: party.leader._id,
+        profile: {name: user.profile.name},
+      });
+      let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
+      expect(foundChallenge2).to.exist;
+      expect(foundChallenge2.leader).to.eql({
+        _id: party.leader._id,
+        id: party.leader._id,
+        profile: {name: user.profile.name},
+      });
+    });
+  });
+
+  context('Tavern', () => {
+    let tavern, user, challenge, challenge2;
+
+    before(async () => {
+      user = await generateUser();
+      await user.update({balance: 0.5});
+      tavern = await user.get(`/groups/${TAVERN_ID}`);
+
+      challenge = await generateChallenge(user, tavern, {prize: 1});
+      challenge2 = await generateChallenge(user, tavern, {prize: 1});
+    });
+
+    it('should return tavern challenges with populated leader', async () => {
+      let challenges = await user.get(`/challenges/groups/${TAVERN_ID}`);
+
+      let foundChallenge1 = _.find(challenges, { _id: challenge._id });
+      expect(foundChallenge1).to.exist;
+      expect(foundChallenge1.leader).to.eql({
+        _id: user._id,
+        id: user._id,
+        profile: {name: user.profile.name},
+      });
+      let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
+      expect(foundChallenge2).to.exist;
+      expect(foundChallenge2.leader).to.eql({
+        _id: user._id,
+        id: user._id,
+        profile: {name: user.profile.name},
+      });
+    });
+
+    it('should return tavern challenges using ID "habitrpg', async () => {
+      let challenges = await user.get('/challenges/groups/habitrpg');
+
+      let foundChallenge1 = _.find(challenges, { _id: challenge._id });
+      expect(foundChallenge1).to.exist;
+      expect(foundChallenge1.leader).to.eql({
+        _id: user._id,
+        id: user._id,
+        profile: {name: user.profile.name},
+      });
+      let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
+      expect(foundChallenge2).to.exist;
+      expect(foundChallenge2.leader).to.eql({
+        _id: user._id,
+        id: user._id,
+        profile: {name: user.profile.name},
+      });
+    });
+  });
 });

test/api/v3/integration/challenges/POST-challenges_challengeId_join.test.js

@@ -101,19 +101,21 @@ describe('POST /challenges/:challengeId/join', () => {
     });
 
     it('syncs challenge tasks to joining user', async () => {
-      let taskText = 'A challenge task text';
-
+      const taskText = 'A challenge task text';
       await groupLeader.post(`/tasks/challenge/${challenge._id}`, [
-        {type: 'habit', text: taskText},
+        {type: 'daily', text: taskText},
       ]);
 
       await authorizedUser.post(`/challenges/${challenge._id}/join`);
-      let tasks = await authorizedUser.get('/tasks/user');
-      let tasksTexts = tasks.map((task) => {
-        return task.text;
+
+      const tasks = await authorizedUser.get('/tasks/user');
+      const syncedTask = tasks.find((task) => {
+        return task.text === taskText;
       });
 
-      expect(tasksTexts).to.include(taskText);
+      expect(syncedTask.text).to.eql(taskText);
+      expect(syncedTask.isDue).to.exist;
+      expect(syncedTask.nextDue).to.exist;
     });
 
     it('adds challenge tag to user tags', async () => {

test/api/v3/integration/challenges/POST-challenges_challengeId_winner_winnerId.test.js

@@ -149,13 +149,19 @@ describe('POST /challenges/:challengeId/winner/:winnerId', () => {
 
       await sleep(0.5);
 
-      let tasks = await winningUser.get('/tasks/user');
-      let testTask = _.find(tasks, (task) => {
+      const tasks = await winningUser.get('/tasks/user');
+      const testTask = _.find(tasks, (task) => {
         return task.text === taskText;
       });
 
+      const updatedUser = await winningUser.sync();
+      const challengeTag = updatedUser.tags.find(tags => {
+        return tags.id === challenge._id;
+      });
+
       expect(testTask.challenge.broken).to.eql('CHALLENGE_CLOSED');
       expect(testTask.challenge.winner).to.eql(winningUser.profile.name);
+      expect(challengeTag.challenge).to.eql('false');
     });
   });
 });

test/api/v3/integration/challenges/POST_challenges_id_clone.test.js

@@ -0,0 +1,43 @@
+import {
+  generateUser,
+  generateGroup,
+} from '../../../../helpers/api-v3-integration.helper';
+
+describe('POST /challenges/:challengeId/clone', () => {
+  it('clones a challenge', async () => {
+    const user = await generateUser({balance: 10});
+    const group = await generateGroup(user);
+
+    const name = 'Test Challenge';
+    const shortName = 'TC Label';
+    const description = 'Test Description';
+    const prize = 1;
+
+    const challenge = await user.post('/challenges', {
+      group: group._id,
+      name,
+      shortName,
+      description,
+      prize,
+    });
+    const challengeTask = await user.post(`/tasks/challenge/${challenge._id}`, {
+      text: 'test habit',
+      type: 'habit',
+      up: false,
+      down: true,
+      notes: 1976,
+    });
+
+    const cloneChallengeResponse = await user.post(`/challenges/${challenge._id}/clone`, {
+      group: group._id,
+      name: `${name} cloned`,
+      shortName,
+      description,
+      prize,
+    });
+
+    expect(cloneChallengeResponse.clonedTasks[0].text).to.eql(challengeTask.text);
+    expect(cloneChallengeResponse.clonedTasks[0]._id).to.not.eql(challengeTask._id);
+    expect(cloneChallengeResponse.clonedTasks[0].challenge.id).to.eql(cloneChallengeResponse.clonedChallenge._id);
+  });
+});

test/api/v3/integration/chat/POST-chat.test.js

@@ -1,5 +1,6 @@
 import {
   createAndPopulateGroup,
+  generateUser,
   translate as t,
   sleep,
   server,
@@ -12,6 +13,7 @@ import {
 import { v4 as generateUUID } from 'uuid';
 import { getMatchesByWordArray, removePunctuationFromString } from '../../../../../website/server/libs/stringUtils';
 import bannedWords from '../../../../../website/server/libs/bannedWords';
+import guildsAllowingBannedWords from '../../../../../website/server/libs/guildsAllowingBannedWords';
 import * as email from '../../../../../website/server/libs/email';
 import { IncomingWebhook } from '@slack/client';
 import nconf from 'nconf';
@@ -96,6 +98,24 @@ describe('POST /chat', () => {
         });
     });
 
+    it('returns an error when chat message contains a banned word in a public guild', async () => {
+      let { group, members } = await createAndPopulateGroup({
+        groupDetails: {
+          name: 'public guild',
+          type: 'guild',
+          privacy: 'public',
+        },
+        members: 1,
+      });
+
+      await expect(members[0].post(`/groups/${group._id}/chat`, { message: testBannedWordMessage}))
+        .to.eventually.be.rejected.and.eql({
+          code: 400,
+          error: 'BadRequest',
+          message: bannedWordErrorMessage,
+        });
+    });
+
     it('errors when word is part of a phrase', async () => {
       let wordInPhrase = `phrase ${testBannedWordMessage} end`;
       await expect(user.post('/groups/habitrpg/chat', { message: wordInPhrase}))
@@ -161,7 +181,7 @@ describe('POST /chat', () => {
       expect(message.message.id).to.exist;
     });
 
-    it('does not error when sending a chat message containing a banned word to a public guild', async () => {
+    it('does not error when sending a chat message containing a banned word to a public guild in which banned words are allowed', async () => {
       let { group, members } = await createAndPopulateGroup({
         groupDetails: {
           name: 'public guild',
@@ -171,6 +191,8 @@ describe('POST /chat', () => {
         members: 1,
       });
 
+      guildsAllowingBannedWords[group._id] = true;
+
       let message = await members[0].post(`/groups/${group._id}/chat`, { message: testBannedWordMessage});
 
       expect(message.message.id).to.exist;
@@ -342,6 +364,24 @@ describe('POST /chat', () => {
     expect(message.message.id).to.exist;
   });
 
+  it('adds backer info to chat', async () => {
+    const backerInfo = {
+      npc: 'Town Crier',
+      tier: 800,
+      tokensApplied: true,
+    };
+    const backer = await generateUser({
+      backer: backerInfo,
+    });
+
+    const message = await backer.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage});
+    const messageBackerInfo = message.message.backer;
+
+    expect(messageBackerInfo.npc).to.equal(backerInfo.npc);
+    expect(messageBackerInfo.tier).to.equal(backerInfo.tier);
+    expect(messageBackerInfo.tokensApplied).to.equal(backerInfo.tokensApplied);
+  });
+
   it('sends group chat received webhooks', async () => {
     let userUuid = generateUUID();
     let memberUuid = generateUUID();
@@ -386,6 +426,9 @@ describe('POST /chat', () => {
 
     expect(message.message.id).to.exist;
     expect(memberWithNotification.newMessages[`${groupWithChat._id}`]).to.exist;
+    expect(memberWithNotification.notifications.find(n => {
+      return n.type === 'NEW_CHAT_MESSAGE' && n.data.group.id === groupWithChat._id;
+    })).to.exist;
   });
 
   it('notifies other users of new messages for a party', async () => {
@@ -403,6 +446,9 @@ describe('POST /chat', () => {
 
     expect(message.message.id).to.exist;
     expect(memberWithNotification.newMessages[`${group._id}`]).to.exist;
+    expect(memberWithNotification.notifications.find(n => {
+      return n.type === 'NEW_CHAT_MESSAGE' && n.data.group.id === group._id;
+    })).to.exist;
   });
 
   context('Spam prevention', () => {

test/api/v3/integration/chat/POST-chat_seen.test.js

@@ -24,10 +24,13 @@ describe('POST /groups/:id/chat/seen', () => {
     });
 
     it('clears new messages for a guild', async () => {
+      await guildMember.sync();
+      const initialNotifications = guildMember.notifications.length;
       await guildMember.post(`/groups/${guild._id}/chat/seen`);
 
       let guildThatHasSeenChat = await guildMember.get('/user');
 
+      expect(guildThatHasSeenChat.notifications.length).to.equal(initialNotifications - 1);
       expect(guildThatHasSeenChat.newMessages).to.be.empty;
     });
   });
@@ -53,10 +56,13 @@ describe('POST /groups/:id/chat/seen', () => {
     });
 
     it('clears new messages for a party', async () => {
+      await partyMember.sync();
+      const initialNotifications = partyMember.notifications.length;
       await partyMember.post(`/groups/${party._id}/chat/seen`);
 
       let partyMemberThatHasSeenChat = await partyMember.get('/user');
 
+      expect(partyMemberThatHasSeenChat.notifications.length).to.equal(initialNotifications - 1);
       expect(partyMemberThatHasSeenChat.newMessages).to.be.empty;
     });
   });

test/api/v3/integration/chat/POST-groups_id_chat_id_clear_flags.test.js

@@ -3,6 +3,7 @@ import {
   generateUser,
   translate as t,
 } from '../../../../helpers/api-v3-integration.helper';
+import config from '../../../../../config.json';
 import { v4 as generateUUID } from 'uuid';
 
 describe('POST /groups/:id/chat/:id/clearflags', () => {
@@ -74,7 +75,7 @@ describe('POST /groups/:id/chat/:id/clearflags', () => {
       expect(messages[0].flagCount).to.eql(0);
     });
 
-    it('can unflag a system message', async () => {
+    it('can\'t flag a system message', async () => {
       let { group, members } = await createAndPopulateGroup({
         groupDetails: {
           type: 'party',
@@ -95,13 +96,15 @@ describe('POST /groups/:id/chat/:id/clearflags', () => {
       await member.post('/user/class/cast/mpheal');
 
       let [skillMsg] = await member.get(`/groups/${group.id}/chat`);
-
-      await member.post(`/groups/${group._id}/chat/${skillMsg.id}/flag`);
-      await admin.post(`/groups/${group._id}/chat/${skillMsg.id}/clearflags`);
-
-      let messages = await members[0].get(`/groups/${group._id}/chat`);
-      expect(messages[0].id).to.eql(skillMsg.id);
-      expect(messages[0].flagCount).to.eql(0);
+      await expect(member.post(`/groups/${group._id}/chat/${skillMsg.id}/flag`))
+        .to.eventually.be.rejected.and.eql({
+          code: 400,
+          error: 'BadRequest',
+          message: t('messageCannotFlagSystemMessages', {communityManagerEmail: config.EMAILS.COMMUNITY_MANAGER_EMAIL}),
+        });
+      // let messages = await members[0].get(`/groups/${group._id}/chat`);
+      // expect(messages[0].id).to.eql(skillMsg.id);
+      // expect(messages[0].flagCount).to.eql(0);
     });
   });
 

test/api/v3/integration/coupons/GET-coupons.test.js

@@ -1,8 +1,8 @@
 import {
   generateUser,
-  translate as t,
   resetHabiticaDB,
 } from '../../../../helpers/api-v3-integration.helper';
+import apiMessages from '../../../../../website/server/libs/apiMessages';
 
 describe('GET /coupons/', () => {
   let user;
@@ -19,7 +19,7 @@ describe('GET /coupons/', () => {
     await expect(user.get('/coupons')).to.eventually.be.rejected.and.eql({
       code: 401,
       error: 'NotAuthorized',
-      message: t('noSudoAccess'),
+      message: apiMessages('noSudoAccess'),
     });
   });
 

test/api/v3/integration/coupons/POST-coupons_generate_event.test.js

@@ -4,6 +4,7 @@ import {
   resetHabiticaDB,
 } from '../../../../helpers/api-v3-integration.helper';
 import couponCode from 'coupon-code';
+import apiMessages from '../../../../../website/server/libs/apiMessages';
 
 describe('POST /coupons/generate/:event', () => {
   let user;
@@ -25,7 +26,7 @@ describe('POST /coupons/generate/:event', () => {
     await expect(user.post('/coupons/generate/aaa')).to.eventually.be.rejected.and.eql({
       code: 401,
       error: 'NotAuthorized',
-      message: t('noSudoAccess'),
+      message: apiMessages('noSudoAccess'),
     });
   });
 

test/api/v3/integration/groups/GET-groups_groupId_members.test.js

@@ -72,7 +72,7 @@ describe('GET /groups/:groupId/members', () => {
 
     expect(memberRes).to.have.all.keys([ // works as: object has all and only these keys
       '_id', 'id', 'preferences', 'profile', 'stats', 'achievements', 'party',
-      'backer', 'contributor', 'auth', 'items', 'inbox',
+      'backer', 'contributor', 'auth', 'items', 'inbox', 'loginIncentives',
     ]);
     expect(Object.keys(memberRes.auth)).to.eql(['timestamps']);
     expect(Object.keys(memberRes.preferences).sort()).to.eql([
@@ -93,7 +93,7 @@ describe('GET /groups/:groupId/members', () => {
 
     expect(memberRes).to.have.all.keys([ // works as: object has all and only these keys
       '_id', 'id', 'preferences', 'profile', 'stats', 'achievements', 'party',
-      'backer', 'contributor', 'auth', 'items', 'inbox',
+      'backer', 'contributor', 'auth', 'items', 'inbox', 'loginIncentives',
     ]);
     expect(Object.keys(memberRes.auth)).to.eql(['timestamps']);
     expect(Object.keys(memberRes.preferences).sort()).to.eql([
@@ -161,4 +161,19 @@ describe('GET /groups/:groupId/members', () => {
     let resIds = res.concat(res2).map(member => member._id);
     expect(resIds).to.eql(expectedIds.sort());
   });
+
+  it('searches members', async () => {
+    let group = await generateGroup(user, {type: 'party', name: generateUUID()});
+
+    let usersToGenerate = [];
+    for (let i = 0; i < 2; i++) {
+      usersToGenerate.push(generateUser({party: {_id: group._id}}));
+    }
+    const usersCreated = await Promise.all(usersToGenerate);
+    const userToSearch = usersCreated[0].profile.name;
+
+    let res = await user.get(`/groups/party/members?search=${userToSearch}`);
+    expect(res.length).to.equal(1);
+    expect(res[0].profile.name).to.equal(userToSearch);
+  });
 });

test/api/v3/integration/groups/POST-groups_groupId_leave.js

@@ -10,6 +10,8 @@ import { v4 as generateUUID } from 'uuid';
 import {
   each,
 } from 'lodash';
+import { model as User } from '../../../../../website/server/models/user';
+import * as payments from '../../../../../website/server/libs/payments';
 
 describe('POST /groups/:groupId/leave', () => {
   let typesOfGroups = {
@@ -68,13 +70,21 @@ describe('POST /groups/:groupId/leave', () => {
       it('removes new messages for that group from user', async () => {
         await member.post(`/groups/${groupToLeave._id}/chat`, { message: 'Some message' });
 
+        await sleep(0.5);
+
         await leader.sync();
 
+        expect(leader.notifications.find(n => {
+          return n.type === 'NEW_CHAT_MESSAGE' && n.data.group.id === groupToLeave._id;
+        })).to.exist;
         expect(leader.newMessages[groupToLeave._id]).to.not.be.empty;
 
         await leader.post(`/groups/${groupToLeave._id}/leave`);
         await leader.sync();
 
+        expect(leader.notifications.find(n => {
+          return n.type === 'NEW_CHAT_MESSAGE' && n.data.group.id === groupToLeave._id;
+        })).to.not.exist;
         expect(leader.newMessages[groupToLeave._id]).to.be.empty;
       });
 
@@ -264,4 +274,45 @@ describe('POST /groups/:groupId/leave', () => {
       expect(userWithNonExistentParty.party).to.eql({});
     });
   });
+
+  context('Leaving a group plan', () => {
+    it('cancels the free subscription', async () => {
+      // Create group
+      let { group, groupLeader, members } = await createAndPopulateGroup({
+        groupDetails: {
+          name: 'Test Private Guild',
+          type: 'guild',
+        },
+        members: 1,
+      });
+
+      let leader = groupLeader;
+      let member = members[0];
+      let userWithFreePlan = await User.findById(leader._id).exec();
+
+      // Create subscription
+      let paymentData = {
+        user: userWithFreePlan,
+        groupId: group._id,
+        sub: {
+          key: 'basic_3mo',
+        },
+        customerId: 'customer-id',
+        paymentMethod: 'Payment Method',
+        headers: {
+          'x-client': 'habitica-web',
+          'user-agent': '',
+        },
+      };
+      await payments.createSubscription(paymentData);
+      await member.sync();
+      expect(member.purchased.plan.planId).to.equal('group_plan_auto');
+      expect(member.purchased.plan.dateTerminated).to.not.exist;
+
+      // Leave
+      await member.post(`/groups/${group._id}/leave`);
+      await member.sync();
+      expect(member.purchased.plan.dateTerminated).to.exist;
+    });
+  });
 });

test/api/v3/integration/groups/POST-groups_id_removeMember.test.js

@@ -2,6 +2,7 @@ import {
   generateUser,
   createAndPopulateGroup,
   translate as t,
+  sleep,
 } from '../../../../helpers/api-v3-integration.helper';
 import * as email from '../../../../../website/server/libs/email';
 
@@ -188,13 +189,20 @@ describe('POST /groups/:groupId/removeMember/:memberId', () => {
 
     it('removes new messages from a member who is removed', async () => {
       await partyLeader.post(`/groups/${party._id}/chat`, { message: 'Some message' });
+      await sleep(0.5);
       await removedMember.sync();
 
+      expect(removedMember.notifications.find(n => {
+        return n.type === 'NEW_CHAT_MESSAGE' && n.data.group.id === party._id;
+      })).to.exist;
       expect(removedMember.newMessages[party._id]).to.not.be.empty;
 
       await partyLeader.post(`/groups/${party._id}/removeMember/${removedMember._id}`);
       await removedMember.sync();
 
+      expect(removedMember.notifications.find(n => {
+        return n.type === 'NEW_CHAT_MESSAGE' && n.data.group.id === party._id;
+      })).to.not.exist;
       expect(removedMember.newMessages[party._id]).to.be.empty;
     });
 

test/api/v3/integration/groups/POST-groups_invite.test.js

@@ -110,6 +110,7 @@ describe('Post /groups/:groupId/invite', () => {
         id: group._id,
         name: groupName,
         inviter: inviter._id,
+        publicGuild: false,
       }]);
 
       await expect(userToInvite.get('/user'))
@@ -127,11 +128,13 @@ describe('Post /groups/:groupId/invite', () => {
           id: group._id,
           name: groupName,
           inviter: inviter._id,
+          publicGuild: false,
         },
         {
           id: group._id,
           name: groupName,
           inviter: inviter._id,
+          publicGuild: false,
         },
       ]);
 

test/api/v3/integration/members/GET-members_id.test.js

@@ -32,7 +32,7 @@ describe('GET /members/:memberId', () => {
     let memberRes = await user.get(`/members/${member._id}`);
     expect(memberRes).to.have.all.keys([ // works as: object has all and only these keys
       '_id', 'id', 'preferences', 'profile', 'stats', 'achievements', 'party',
-      'backer', 'contributor', 'auth', 'items', 'inbox',
+      'backer', 'contributor', 'auth', 'items', 'inbox', 'loginIncentives',
     ]);
     expect(Object.keys(memberRes.auth)).to.eql(['timestamps']);
     expect(Object.keys(memberRes.preferences).sort()).to.eql([

test/api/v3/integration/members/POST-send_private_message.test.js

@@ -98,6 +98,7 @@ describe('POST /members/send-private-message', () => {
 
   it('sends a private message to a user', async () => {
     let receiver = await generateUser();
+    // const initialNotifications = receiver.notifications.length;
 
     await userToSendMessage.post('/members/send-private-message', {
       message: messageToSend,
@@ -115,6 +116,92 @@ describe('POST /members/send-private-message', () => {
       return message.uuid === receiver._id && message.text === messageToSend;
     });
 
+    // @TODO waiting for mobile support
+    // expect(updatedReceiver.notifications.length).to.equal(initialNotifications + 1);
+    // const notification = updatedReceiver.notifications[updatedReceiver.notifications.length - 1];
+
+    // expect(notification.type).to.equal('NEW_INBOX_MESSAGE');
+    // expect(notification.data.messageId).to.equal(sendersMessageInReceiversInbox.id);
+    // expect(notification.data.excerpt).to.equal(messageToSend);
+    // expect(notification.data.sender.id).to.equal(updatedSender._id);
+    // expect(notification.data.sender.name).to.equal(updatedSender.profile.name);
+
+    expect(sendersMessageInReceiversInbox).to.exist;
+    expect(sendersMessageInSendersInbox).to.exist;
+  });
+
+  // @TODO waiting for mobile support
+  xit('creates a notification with an excerpt if the message is too long', async () => {
+    let receiver = await generateUser();
+    let longerMessageToSend = 'A very long message, that for sure exceeds the limit of 100 chars for the excerpt that we set to 100 chars';
+    let messageExcerpt = `${longerMessageToSend.substring(0, 100)}...`;
+
+    await userToSendMessage.post('/members/send-private-message', {
+      message: longerMessageToSend,
+      toUserId: receiver._id,
+    });
+
+    let updatedReceiver = await receiver.get('/user');
+
+    let sendersMessageInReceiversInbox = _.find(updatedReceiver.inbox.messages, (message) => {
+      return message.uuid === userToSendMessage._id && message.text === longerMessageToSend;
+    });
+
+    const notification = updatedReceiver.notifications[updatedReceiver.notifications.length - 1];
+
+    expect(notification.type).to.equal('NEW_INBOX_MESSAGE');
+    expect(notification.data.messageId).to.equal(sendersMessageInReceiversInbox.id);
+    expect(notification.data.excerpt).to.equal(messageExcerpt);
+  });
+
+  it('allows admin to send when sender has blocked the admin', async () => {
+    userToSendMessage = await generateUser({
+      'contributor.admin': 1,
+    });
+    const receiver = await generateUser({'inbox.blocks': [userToSendMessage._id]});
+
+    await userToSendMessage.post('/members/send-private-message', {
+      message: messageToSend,
+      toUserId: receiver._id,
+    });
+
+    const updatedReceiver = await receiver.get('/user');
+    const updatedSender = await userToSendMessage.get('/user');
+
+    const sendersMessageInReceiversInbox = _.find(updatedReceiver.inbox.messages, (message) => {
+      return message.uuid === userToSendMessage._id && message.text === messageToSend;
+    });
+
+    const sendersMessageInSendersInbox = _.find(updatedSender.inbox.messages, (message) => {
+      return message.uuid === receiver._id && message.text === messageToSend;
+    });
+
+    expect(sendersMessageInReceiversInbox).to.exist;
+    expect(sendersMessageInSendersInbox).to.exist;
+  });
+
+  it('allows admin to send when to user has opted out of messaging', async () => {
+    userToSendMessage = await generateUser({
+      'contributor.admin': 1,
+    });
+    const receiver = await generateUser({'inbox.optOut': true});
+
+    await userToSendMessage.post('/members/send-private-message', {
+      message: messageToSend,
+      toUserId: receiver._id,
+    });
+
+    const updatedReceiver = await receiver.get('/user');
+    const updatedSender = await userToSendMessage.get('/user');
+
+    const sendersMessageInReceiversInbox = _.find(updatedReceiver.inbox.messages, (message) => {
+      return message.uuid === userToSendMessage._id && message.text === messageToSend;
+    });
+
+    const sendersMessageInSendersInbox = _.find(updatedSender.inbox.messages, (message) => {
+      return message.uuid === receiver._id && message.text === messageToSend;
+    });
+
     expect(sendersMessageInReceiversInbox).to.exist;
     expect(sendersMessageInSendersInbox).to.exist;
   });

test/api/v3/integration/news/GET-news.test.js

@@ -0,0 +1,16 @@
+import {
+  requester,
+} from '../../../../helpers/api-v3-integration.helper';
+
+describe('GET /news', () => {
+  let api;
+
+  beforeEach(async () => {
+    api = requester();
+  });
+
+  it('returns the latest news in html format, does not require authentication', async () => {
+    const res = await api.get('/news');
+    expect(res).to.be.a.string;
+  });
+});

test/api/v3/integration/news/POST-news_tell_me_later.test.js

@@ -0,0 +1,42 @@
+import {
+  generateUser,
+} from '../../../../helpers/api-v3-integration.helper';
+
+describe('POST /news/tell-me-later', () => {
+  let user;
+
+  beforeEach(async () => {
+    user = await generateUser({
+      'flags.newStuff': true,
+    });
+  });
+
+  it('marks new stuff as read and adds notification', async () => {
+    expect(user.flags.newStuff).to.equal(true);
+    const initialNotifications = user.notifications.length;
+
+    await user.post('/news/tell-me-later');
+    await user.sync();
+
+    expect(user.flags.newStuff).to.equal(false);
+    expect(user.notifications.length).to.equal(initialNotifications + 1);
+
+    const notification = user.notifications[user.notifications.length - 1];
+
+    expect(notification.type).to.equal('NEW_STUFF');
+     // should be marked as seen by default so it's not counted in the number of notifications
+    expect(notification.seen).to.equal(true);
+    expect(notification.data.title).to.be.a.string;
+  });
+
+  it('never adds two notifications', async () => {
+    const initialNotifications = user.notifications.length;
+
+    await user.post('/news/tell-me-later');
+    await user.post('/news/tell-me-later');
+
+    await user.sync();
+
+    expect(user.notifications.length).to.equal(initialNotifications + 1);
+  });
+});

test/api/v3/integration/notifications/POST-notifications_notificationId_read.test.js

@@ -13,14 +13,45 @@ describe('POST /notifications/:notificationId/read', () => {
 
   it('errors when notification is not found', async () => {
     let dummyId = generateUUID();
-    await expect(user.post(`/notifications/${dummyId}/read`))
-      .to.eventually.be.rejected.and.eql({
-        code: 404,
-        error: 'NotFound',
-        message: t('messageNotificationNotFound'),
-      });
+
+    await expect(user.post(`/notifications/${dummyId}/read`)).to.eventually.be.rejected.and.eql({
+      code: 404,
+      error: 'NotFound',
+      message: t('messageNotificationNotFound'),
+    });
   });
 
-  xit('removes a notification', async () => {
+  it('removes a notification', async () => {
+    expect(user.notifications.length).to.equal(0);
+
+    const id = generateUUID();
+    const id2 = generateUUID();
+
+    await user.update({
+      notifications: [{
+        id,
+        type: 'DROPS_ENABLED',
+        data: {},
+      }, {
+        id: id2,
+        type: 'LOGIN_INCENTIVE',
+        data: {},
+      }],
+    });
+
+    await user.sync();
+    expect(user.notifications.length).to.equal(2);
+
+    const res = await user.post(`/notifications/${id}/read`);
+    expect(res).to.deep.equal([{
+      id: id2,
+      type: 'LOGIN_INCENTIVE',
+      data: {},
+      seen: false,
+    }]);
+
+    await user.sync();
+    expect(user.notifications.length).to.equal(1);
+    expect(user.notifications[0].id).to.equal(id2);
   });
 });

test/api/v3/integration/notifications/POST-notifications_notificationId_see.test.js

@@ -0,0 +1,59 @@
+import {
+  generateUser,
+  translate as t,
+} from '../../../../helpers/api-v3-integration.helper';
+import { v4 as generateUUID } from 'uuid';
+
+describe('POST /notifications/:notificationId/see', () => {
+  let user;
+
+  before(async () => {
+    user = await generateUser();
+  });
+
+  it('errors when notification is not found', async () => {
+    let dummyId = generateUUID();
+
+    await expect(user.post(`/notifications/${dummyId}/see`)).to.eventually.be.rejected.and.eql({
+      code: 404,
+      error: 'NotFound',
+      message: t('messageNotificationNotFound'),
+    });
+  });
+
+  it('mark a notification as seen', async () => {
+    expect(user.notifications.length).to.equal(0);
+
+    const id = generateUUID();
+    const id2 = generateUUID();
+
+    await user.update({
+      notifications: [{
+        id,
+        type: 'DROPS_ENABLED',
+        data: {},
+      }, {
+        id: id2,
+        type: 'LOGIN_INCENTIVE',
+        data: {},
+      }],
+    });
+
+    const userObj = await user.get('/user'); // so we can check that defaults have been applied
+    expect(userObj.notifications.length).to.equal(2);
+    expect(userObj.notifications[0].seen).to.equal(false);
+
+    const res = await user.post(`/notifications/${id}/see`);
+    expect(res).to.deep.equal({
+      id,
+      type: 'DROPS_ENABLED',
+      data: {},
+      seen: true,
+    });
+
+    await user.sync();
+    expect(user.notifications.length).to.equal(2);
+    expect(user.notifications[0].id).to.equal(id);
+    expect(user.notifications[0].seen).to.equal(true);
+  });
+});

test/api/v3/integration/notifications/POST-notifications_read.test.js

@@ -0,0 +1,67 @@
+import {
+  generateUser,
+  translate as t,
+} from '../../../../helpers/api-v3-integration.helper';
+import { v4 as generateUUID } from 'uuid';
+
+describe('POST /notifications/read', () => {
+  let user;
+
+  before(async () => {
+    user = await generateUser();
+  });
+
+  it('errors when notification is not found', async () => {
+    let dummyId = generateUUID();
+
+    await expect(user.post('/notifications/read', {
+      notificationIds: [dummyId],
+    })).to.eventually.be.rejected.and.eql({
+      code: 404,
+      error: 'NotFound',
+      message: t('messageNotificationNotFound'),
+    });
+  });
+
+  it('removes multiple notifications', async () => {
+    expect(user.notifications.length).to.equal(0);
+
+    const id = generateUUID();
+    const id2 = generateUUID();
+    const id3 = generateUUID();
+
+    await user.update({
+      notifications: [{
+        id,
+        type: 'DROPS_ENABLED',
+        data: {},
+      }, {
+        id: id2,
+        type: 'LOGIN_INCENTIVE',
+        data: {},
+      }, {
+        id: id3,
+        type: 'CRON',
+        data: {},
+      }],
+    });
+
+    await user.sync();
+    expect(user.notifications.length).to.equal(3);
+
+    const res = await user.post('/notifications/read', {
+      notificationIds: [id, id3],
+    });
+
+    expect(res).to.deep.equal([{
+      id: id2,
+      type: 'LOGIN_INCENTIVE',
+      data: {},
+      seen: false,
+    }]);
+
+    await user.sync();
+    expect(user.notifications.length).to.equal(1);
+    expect(user.notifications[0].id).to.equal(id2);
+  });
+});

test/api/v3/integration/notifications/POST_notifications_see.test.js

@@ -0,0 +1,88 @@
+import {
+  generateUser,
+  translate as t,
+} from '../../../../helpers/api-v3-integration.helper';
+import { v4 as generateUUID } from 'uuid';
+
+describe('POST /notifications/see', () => {
+  let user;
+
+  before(async () => {
+    user = await generateUser();
+  });
+
+  it('errors when notification is not found', async () => {
+    let dummyId = generateUUID();
+
+    await expect(user.post('/notifications/see', {
+      notificationIds: [dummyId],
+    })).to.eventually.be.rejected.and.eql({
+      code: 404,
+      error: 'NotFound',
+      message: t('messageNotificationNotFound'),
+    });
+  });
+
+  it('mark multiple notifications as seen', async () => {
+    expect(user.notifications.length).to.equal(0);
+
+    const id = generateUUID();
+    const id2 = generateUUID();
+    const id3 = generateUUID();
+
+    await user.update({
+      notifications: [{
+        id,
+        type: 'DROPS_ENABLED',
+        data: {},
+        seen: false,
+      }, {
+        id: id2,
+        type: 'LOGIN_INCENTIVE',
+        data: {},
+        seen: false,
+      }, {
+        id: id3,
+        type: 'CRON',
+        data: {},
+        seen: false,
+      }],
+    });
+
+    await user.sync();
+    expect(user.notifications.length).to.equal(3);
+
+    const res = await user.post('/notifications/see', {
+      notificationIds: [id, id3],
+    });
+
+    expect(res).to.deep.equal([
+      {
+        id,
+        type: 'DROPS_ENABLED',
+        data: {},
+        seen: true,
+      }, {
+        id: id2,
+        type: 'LOGIN_INCENTIVE',
+        data: {},
+        seen: false,
+      }, {
+        id: id3,
+        type: 'CRON',
+        data: {},
+        seen: true,
+      }]);
+
+    await user.sync();
+    expect(user.notifications.length).to.equal(3);
+    expect(user.notifications[0].id).to.equal(id);
+    expect(user.notifications[0].seen).to.equal(true);
+
+    expect(user.notifications[1].id).to.equal(id2);
+    expect(user.notifications[1].seen).to.equal(false);
+
+    expect(user.notifications[2].id).to.equal(id3);
+    expect(user.notifications[2].seen).to.equal(true);
+  });
+});

test/api/v3/integration/tasks/DELETE-tasks_id.test.js

@@ -141,6 +141,16 @@ describe('DELETE /tasks/:id', () => {
       });
     });
 
-    it('removes a task from user.tasksOrder'); // TODO
+    it('removes a task from user.tasksOrder', async () => {
+      let task = await user.post('/tasks/user', {
+        text: 'test habit',
+        type: 'habit',
+      });
+
+      await user.del(`/tasks/${task._id}`);
+      await user.sync();
+
+      expect(user.tasksOrder.habits.indexOf(task._id)).to.eql(-1);
+    });
   });
 });

test/api/v3/integration/tasks/POST-tasks_id_score_direction.test.js

@@ -130,6 +130,7 @@ describe('POST /tasks/:id/score/:direction', () => {
     });
 
     it('uncompletes todo when direction is down', async () => {
+      await user.post(`/tasks/${todo._id}/score/up`);
       await user.post(`/tasks/${todo._id}/score/down`);
       let updatedTask = await user.get(`/tasks/${todo._id}`);
 
@@ -137,9 +138,23 @@ describe('POST /tasks/:id/score/:direction', () => {
       expect(updatedTask.dateCompleted).to.be.a('undefined');
     });
 
-    it('scores up todo even if it is already completed'); // Yes?
+    it('doesn\'t let a todo be completed twice', async () => {
+      await user.post(`/tasks/${todo._id}/score/up`);
+      await expect(user.post(`/tasks/${todo._id}/score/up`))
+      .to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('sessionOutdated'),
+      });
+    });
 
-    it('scores down todo even if it is already uncompleted'); // Yes?
+    it('doesn\'t let a todo be uncompleted twice', async () => {
+      await expect(user.post(`/tasks/${todo._id}/score/down`)).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('sessionOutdated'),
+      });
+    });
 
     context('user stats when direction is up', () => {
       let updatedUser;
@@ -163,23 +178,25 @@ describe('POST /tasks/:id/score/:direction', () => {
     });
 
     context('user stats when direction is down', () => {
-      let updatedUser;
+      let updatedUser, initialUser;
 
       beforeEach(async () => {
+        await user.post(`/tasks/${todo._id}/score/up`);
+        initialUser = await user.get('/user');
         await user.post(`/tasks/${todo._id}/score/down`);
         updatedUser = await user.get('/user');
       });
 
       it('decreases user\'s mp', () => {
-        expect(updatedUser.stats.mp).to.be.lessThan(user.stats.mp);
+        expect(updatedUser.stats.mp).to.be.lessThan(initialUser.stats.mp);
       });
 
       it('decreases user\'s exp', () => {
-        expect(updatedUser.stats.exp).to.be.lessThan(user.stats.exp);
+        expect(updatedUser.stats.exp).to.be.lessThan(initialUser.stats.exp);
       });
 
       it('decreases user\'s gold', () => {
-        expect(updatedUser.stats.gp).to.be.lessThan(user.stats.gp);
+        expect(updatedUser.stats.gp).to.be.lessThan(initialUser.stats.gp);
       });
     });
   });
@@ -202,6 +219,7 @@ describe('POST /tasks/:id/score/:direction', () => {
     });
 
     it('uncompletes daily when direction is down', async () => {
+      await user.post(`/tasks/${daily._id}/score/up`);
       await user.post(`/tasks/${daily._id}/score/down`);
       let task = await user.get(`/tasks/${daily._id}`);
 
@@ -222,9 +240,22 @@ describe('POST /tasks/:id/score/:direction', () => {
       expect(task.nextDue.length).to.eql(6);
     });
 
-    it('scores up daily even if it is already completed'); // Yes?
+    it('doesn\'t let a daily be completed twice', async () => {
+      await user.post(`/tasks/${daily._id}/score/up`);
+      await expect(user.post(`/tasks/${daily._id}/score/up`)).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('sessionOutdated'),
+      });
+    });
 
-    it('scores down daily even if it is already uncompleted'); // Yes?
+    it('doesn\'t let a daily be uncompleted twice', async () => {
+      await expect(user.post(`/tasks/${daily._id}/score/down`)).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('sessionOutdated'),
+      });
+    });
 
     context('user stats when direction is up', () => {
       let updatedUser;
@@ -248,23 +279,25 @@ describe('POST /tasks/:id/score/:direction', () => {
     });
 
     context('user stats when direction is down', () => {
-      let updatedUser;
+      let updatedUser, initialUser;
 
       beforeEach(async () => {
+        await user.post(`/tasks/${daily._id}/score/up`);
+        initialUser = await user.get('/user');
         await user.post(`/tasks/${daily._id}/score/down`);
         updatedUser = await user.get('/user');
       });
 
       it('decreases user\'s mp', () => {
-        expect(updatedUser.stats.mp).to.be.lessThan(user.stats.mp);
+        expect(updatedUser.stats.mp).to.be.lessThan(initialUser.stats.mp);
       });
 
       it('decreases user\'s exp', () => {
-        expect(updatedUser.stats.exp).to.be.lessThan(user.stats.exp);
+        expect(updatedUser.stats.exp).to.be.lessThan(initialUser.stats.exp);
       });
 
       it('decreases user\'s gold', () => {
-        expect(updatedUser.stats.gp).to.be.lessThan(user.stats.gp);
+        expect(updatedUser.stats.gp).to.be.lessThan(initialUser.stats.gp);
       });
     });
   });

test/api/v3/integration/tasks/POST-tasks_move_taskId_to_position.test.js

@@ -40,9 +40,13 @@ describe('POST /tasks/:taskId/move/to/:position', () => {
 
     let taskToMove = tasks[1];
     expect(taskToMove.text).to.equal('habit 2');
+
     let newOrder = await user.post(`/tasks/${tasks[1]._id}/move/to/3`);
+    await user.sync();
+
     expect(newOrder[3]).to.equal(taskToMove._id);
     expect(newOrder.length).to.equal(5);
+    expect(user.tasksOrder.habits).to.eql(newOrder);
   });
 
   it('can move task to new position using alias', async () => {

test/api/v3/integration/tasks/POST-tasks_user.test.js

@@ -302,6 +302,17 @@ describe('POST /tasks/user', () => {
 
       expect(task.alias).to.eql('a_alias012');
     });
+
+    // This is a special case for iOS requests
+    it('will round a priority (difficulty)', async () => {
+      let task = await user.post('/tasks/user', {
+        text: 'test habit',
+        type: 'habit',
+        priority: 0.10000000000005,
+      });
+
+      expect(task.priority).to.eql(0.1);
+    });
   });
 
   context('habits', () => {
@@ -628,6 +639,43 @@ describe('POST /tasks/user', () => {
       });
     });
 
+    it('returns an error if everyX is a non int', async () => {
+      await expect(user.post('/tasks/user', {
+        text: 'test daily',
+        type: 'daily',
+        everyX: 2.5,
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: 'daily validation failed',
+      });
+    });
+
+    it('returns an error if everyX is negative', async () => {
+      await expect(user.post('/tasks/user', {
+        text: 'test daily',
+        type: 'daily',
+        everyX: -1,
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: 'daily validation failed',
+      });
+    });
+
+    it('returns an error if everyX is above 9999', async () => {
+      await expect(user.post('/tasks/user', {
+        text: 'test daily',
+        type: 'daily',
+        everyX: 10000,
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: 'daily validation failed',
+      });
+    });
+
+
     it('can create checklists', async () => {
       let task = await user.post('/tasks/user', {
         text: 'test daily',

test/api/v3/integration/tasks/challenges/POST-tasks_challenges_challengeId_tasks_id_score_direction.test.js

@@ -82,6 +82,13 @@ describe('POST /tasks/:id/score/:direction', () => {
     });
 
     it('should update the history', async () => {
+      let newCron = new Date(2015, 11, 20);
+
+      await user.post('/debug/set-cron', {
+        lastCron: newCron,
+      });
+
+      await user.post('/cron');
       await user.post(`/tasks/${usersChallengeTaskId}/score/up`);
 
       let tasks = await user.get(`/tasks/challenge/${challenge._id}`);

test/api/v3/integration/tasks/challenges/PUT-tasks_challenge_challengeId.test.js

@@ -139,6 +139,23 @@ describe('PUT /tasks/:id', () => {
       expect(savedHabit.up).to.eql(false);
       expect(savedHabit.down).to.eql(false);
     });
+
+    it('allows user to update their copy', async () => {
+      const userTasks = await user.get('/tasks/user');
+      const userChallengeTasks = userTasks.filter(task => task.challenge.id === challenge._id);
+      const userCopyOfChallengeTask = userChallengeTasks[0];
+
+      await user.put(`/tasks/${userCopyOfChallengeTask._id}`, {
+        notes: 'some new notes',
+        counterDown: 1,
+        counterUp: 2,
+      });
+      const savedHabit = await user.get(`/tasks/${userCopyOfChallengeTask._id}`);
+
+      expect(savedHabit.notes).to.eql('some new notes');
+      expect(savedHabit.counterDown).to.eql(1);
+      expect(savedHabit.counterUp).to.eql(2);
+    });
   });
 
   context('todos', () => {

test/api/v3/integration/tasks/groups/POST-group_tasks_id_needs-work_userId.test.js

@@ -0,0 +1,189 @@
+import {
+  createAndPopulateGroup,
+  translate as t,
+} from '../../../../../helpers/api-integration/v3';
+import { find } from 'lodash';
+
+describe('POST /tasks/:id/needs-work/:userId', () => {
+  let user, guild, member, member2, task;
+
+  function findAssignedTask (memberTask) {
+    return memberTask.group.id === guild._id;
+  }
+
+  beforeEach(async () => {
+    let {group, members, groupLeader} = await createAndPopulateGroup({
+      groupDetails: {
+        name: 'Test Guild',
+        type: 'guild',
+      },
+      members: 2,
+    });
+
+    guild = group;
+    user = groupLeader;
+    member = members[0];
+    member2 = members[1];
+
+    task = await user.post(`/tasks/group/${guild._id}`, {
+      text: 'test todo',
+      type: 'todo',
+      requiresApproval: true,
+    });
+  });
+
+  it('errors when user is not assigned', async () => {
+    await expect(user.post(`/tasks/${task._id}/needs-work/${member._id}`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 404,
+        error: 'NotFound',
+        message: t('taskNotFound'),
+      });
+  });
+
+  it('errors when user is not the group leader', async () => {
+    await user.post(`/tasks/${task._id}/assign/${member._id}`);
+    await expect(member.post(`/tasks/${task._id}/needs-work/${member._id}`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('onlyGroupLeaderCanEditTasks'),
+      });
+  });
+
+  it('marks as task as needing more work', async () => {
+    const initialNotifications = member.notifications.length;
+
+    await user.post(`/tasks/${task._id}/assign/${member._id}`);
+
+    let memberTasks = await member.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+
+    // score task to require approval
+    await expect(member.post(`/tasks/${syncedTask._id}/score/up`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('taskApprovalHasBeenRequested'),
+      });
+
+    await user.post(`/tasks/${task._id}/needs-work/${member._id}`);
+
+    [memberTasks] = await Promise.all([member.get('/tasks/user'), member.sync()]);
+    syncedTask = find(memberTasks, findAssignedTask);
+
+    // Check that the notification approval request has been removed
+    expect(syncedTask.group.approval.requested).to.equal(false);
+    expect(syncedTask.group.approval.requestedDate).to.equal(undefined);
+
+    // Check that the notification is correct
+    expect(member.notifications.length).to.equal(initialNotifications + 1);
+    const notification = member.notifications[member.notifications.length - 1];
+    expect(notification.type).to.equal('GROUP_TASK_NEEDS_WORK');
+
+    const taskText = syncedTask.text;
+    const managerName = user.profile.name;
+
+    expect(notification.data.message).to.equal(t('taskNeedsWork', {taskText, managerName}));
+
+    expect(notification.data.task.id).to.equal(syncedTask._id);
+    expect(notification.data.task.text).to.equal(taskText);
+
+    expect(notification.data.group.id).to.equal(syncedTask.group.id);
+    expect(notification.data.group.name).to.equal(guild.name);
+
+    expect(notification.data.manager.id).to.equal(user._id);
+    expect(notification.data.manager.name).to.equal(managerName);
+
+    // Check that the managers' GROUP_TASK_APPROVAL notifications have been removed
+    await user.sync();
+
+    expect(user.notifications.find(n => {
+      n.data.taskId === syncedTask._id && n.type === 'GROUP_TASK_APPROVAL';
+    })).to.equal(undefined);
+  });
+
+  it('allows a manager to mark a task as needing work', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+    await member2.post(`/tasks/${task._id}/assign/${member._id}`);
+
+    let memberTasks = await member.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+
+    // score task to require approval
+    await expect(member.post(`/tasks/${syncedTask._id}/score/up`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('taskApprovalHasBeenRequested'),
+      });
+
+    const initialNotifications = member.notifications.length;
+
+    await member2.post(`/tasks/${task._id}/needs-work/${member._id}`);
+
+    [memberTasks] = await Promise.all([member.get('/tasks/user'), member.sync()]);
+    syncedTask = find(memberTasks, findAssignedTask);
+
+    // Check that the notification approval request has been removed
+    expect(syncedTask.group.approval.requested).to.equal(false);
+    expect(syncedTask.group.approval.requestedDate).to.equal(undefined);
+
+    expect(member.notifications.length).to.equal(initialNotifications + 1);
+    const notification = member.notifications[member.notifications.length - 1];
+    expect(notification.type).to.equal('GROUP_TASK_NEEDS_WORK');
+
+    const taskText = syncedTask.text;
+    const managerName = member2.profile.name;
+
+    expect(notification.data.message).to.equal(t('taskNeedsWork', {taskText, managerName}));
+
+    expect(notification.data.task.id).to.equal(syncedTask._id);
+    expect(notification.data.task.text).to.equal(taskText);
+
+    expect(notification.data.group.id).to.equal(syncedTask.group.id);
+    expect(notification.data.group.name).to.equal(guild.name);
+
+    expect(notification.data.manager.id).to.equal(member2._id);
+    expect(notification.data.manager.name).to.equal(managerName);
+
+    // Check that the managers' GROUP_TASK_APPROVAL notifications have been removed
+    await Promise.all([user.sync(), member2.sync()]);
+
+    expect(user.notifications.find(n => {
+      n.data.taskId === syncedTask._id && n.type === 'GROUP_TASK_APPROVAL';
+    })).to.equal(undefined);
+
+    expect(member2.notifications.find(n => {
+      n.data.taskId === syncedTask._id && n.type === 'GROUP_TASK_APPROVAL';
+    })).to.equal(undefined);
+  });
+
+  it('prevents marking a task as needing work if it was already approved', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+
+    await member2.post(`/tasks/${task._id}/assign/${member._id}`);
+    await member2.post(`/tasks/${task._id}/approve/${member._id}`);
+    await expect(user.post(`/tasks/${task._id}/needs-work/${member._id}`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('canOnlyApproveTaskOnce'),
+      });
+  });
+
+  it('prevents marking a task as needing work if it is not waiting for approval', async () => {
+    await user.post(`/tasks/${task._id}/assign/${member._id}`);
+
+    await expect(user.post(`/tasks/${task._id}/needs-work/${member._id}`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('taskApprovalWasNotRequested'),
+      });
+  });
+});

test/api/v3/integration/tasks/groups/POST-group_tasks_id_score_direction.test.js

@@ -41,8 +41,9 @@ describe('POST /tasks/:id/score/:direction', () => {
 
     let memberTasks = await member.get('/tasks/user');
     let syncedTask = find(memberTasks, findAssignedTask);
+    const direction = 'up';
 
-    await expect(member.post(`/tasks/${syncedTask._id}/score/up`))
+    await expect(member.post(`/tasks/${syncedTask._id}/score/${direction}`))
       .to.eventually.be.rejected.and.to.eql({
         code: 401,
         error: 'NotAuthorized',
@@ -58,6 +59,7 @@ describe('POST /tasks/:id/score/:direction', () => {
       user: member.auth.local.username,
       taskName: updatedTask.text,
       taskId: updatedTask._id,
+      direction,
     }, 'cs')); // This test only works if we have the notification translated
     expect(user.notifications[1].data.groupId).to.equal(guild._id);
 
@@ -71,8 +73,9 @@ describe('POST /tasks/:id/score/:direction', () => {
     });
     let memberTasks = await member.get('/tasks/user');
     let syncedTask = find(memberTasks, findAssignedTask);
+    const direction = 'up';
 
-    await expect(member.post(`/tasks/${syncedTask._id}/score/up`))
+    await expect(member.post(`/tasks/${syncedTask._id}/score/${direction}`))
       .to.eventually.be.rejected.and.to.eql({
         code: 401,
         error: 'NotAuthorized',
@@ -88,6 +91,7 @@ describe('POST /tasks/:id/score/:direction', () => {
       user: member.auth.local.username,
       taskName: updatedTask.text,
       taskId: updatedTask._id,
+      direction,
     }));
     expect(user.notifications[1].data.groupId).to.equal(guild._id);
 
@@ -97,6 +101,7 @@ describe('POST /tasks/:id/score/:direction', () => {
       user: member.auth.local.username,
       taskName: updatedTask.text,
       taskId: updatedTask._id,
+      direction,
     }));
     expect(member2.notifications[0].data.groupId).to.equal(guild._id);
   });

test/api/v3/integration/tasks/groups/POST-tasks_task_id_unassign.test.js

@@ -75,15 +75,6 @@ describe('POST /tasks/:taskId/unassign/:memberId', () => {
       });
   });
 
-  it('returns error when non leader tries to create a task', async () => {
-    await expect(member.post(`/tasks/${task._id}/unassign/${member._id}`))
-      .to.eventually.be.rejected.and.eql({
-        code: 401,
-        error: 'NotAuthorized',
-        message: t('onlyGroupLeaderCanEditTasks'),
-      });
-  });
-
   it('unassigns a user from a task', async () => {
     await user.post(`/tasks/${task._id}/unassign/${member._id}`);
 
@@ -129,4 +120,26 @@ describe('POST /tasks/:taskId/unassign/:memberId', () => {
     expect(groupTask[0].group.assignedUsers).to.not.contain(member._id);
     expect(syncedTask).to.not.exist;
   });
+
+  it('allows a user to unassign themselves', async () => {
+    await member.post(`/tasks/${task._id}/unassign/${member._id}`);
+
+    let groupTask = await user.get(`/tasks/group/${guild._id}`);
+    let memberTasks = await member.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+
+    expect(groupTask[0].group.assignedUsers).to.not.contain(member._id);
+    expect(syncedTask).to.not.exist;
+  });
+
+  // @TODO: Which do we want? The user to unassign themselves or not. This test was in
+  // here, but then we had a request to allow to unaissgn.
+  xit('returns error when non leader tries to unassign their a task', async () => {
+    await expect(member.post(`/tasks/${task._id}/unassign/${member._id}`))
+      .to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('onlyGroupLeaderCanEditTasks'),
+      });
+  });
 });

test/api/v3/integration/user/DELETE-user.test.js

@@ -308,7 +308,7 @@ describe('DELETE /user', () => {
       })).to.eventually.be.rejected.and.eql({
         code: 401,
         error: 'NotAuthorized',
-        message: t('incorrectDeletePhrase'),
+        message: t('incorrectDeletePhrase', {magicWord: 'DELETE'}),
       });
     });
 

test/api/v3/integration/user/GET-user.test.js

@@ -27,4 +27,13 @@ describe('GET /user', () => {
     expect(returnedUser.auth.local.salt).to.not.exist;
     expect(returnedUser.apiToken).to.not.exist;
   });
+
+  it('returns only user properties requested', async () => {
+    let returnedUser = await user.get('/user?userFields=achievements,items.mounts');
+
+    expect(returnedUser._id).to.equal(user._id);
+    expect(returnedUser.achievements).to.exist;
+    expect(returnedUser.items.mounts).to.exist;
+    expect(returnedUser.stats).to.not.exist;
+  });
 });

test/api/v3/integration/user/GET-user_anonymized.test.js

@@ -25,6 +25,7 @@ describe('GET /user/anonymized', () => {
       'achievements.challenges': 'some',
       'inbox.messages': [{ text: 'some text' }],
       tags: [{ name: 'some name', challenge: 'some challenge' }],
+      notifications: [],
     });
 
     await generateHabit({ userId: user._id });
@@ -65,6 +66,7 @@ describe('GET /user/anonymized', () => {
     expect(returnedUser.stats.toNextLevel).to.eql(common.tnl(user.stats.lvl));
     expect(returnedUser.stats.maxMP).to.eql(30); // TODO why 30?
     expect(returnedUser.newMessages).to.not.exist;
+    expect(returnedUser.notifications).to.not.exist;
     expect(returnedUser.profile).to.not.exist;
     expect(returnedUser.purchased.plan).to.not.exist;
     expect(returnedUser.contributor).to.not.exist;

test/api/v3/integration/user/POST-user_open_mystery_item.test.js

@@ -13,15 +13,20 @@ describe('POST /user/open-mystery-item', () => {
   beforeEach(async () => {
     user = await generateUser({
       'purchased.plan.mysteryItems': [mysteryItemKey],
+      notifications: [
+        {type: 'NEW_MYSTERY_ITEMS', data: { items: [mysteryItemKey] }},
+      ],
     });
   });
 
   // More tests in common code unit tests
 
   it('opens a mystery item', async () => {
+    expect(user.notifications.length).to.equal(1);
     let response = await user.post('/user/open-mystery-item');
     await user.sync();
 
+    expect(user.notifications.length).to.equal(0);
     expect(user.items.gear.owned[mysteryItemKey]).to.be.true;
     expect(response.message).to.equal(t('mysteryItemOpened'));
     expect(response.data.key).to.eql(mysteryItemKey);

test/api/v3/integration/user/POST-user_read_card.test.js

@@ -26,13 +26,21 @@ describe('POST /user/read-card/:cardType', () => {
     await user.update({
       'items.special.greetingReceived': [true],
       'flags.cardReceived': true,
+      notifications: [{
+        type: 'CARD_RECEIVED',
+        data: {card: cardType},
+      }],
     });
 
+    await user.sync();
+    expect(user.notifications.length).to.equal(1);
+
     let response = await user.post(`/user/read-card/${cardType}`);
     await user.sync();
 
     expect(response.message).to.equal(t('readCard', {cardType}));
     expect(user.items.special[`${cardType}Received`]).to.be.empty;
     expect(user.flags.cardReceived).to.be.false;
+    expect(user.notifications.length).to.equal(0);
   });
 });

test/api/v3/integration/user/POST-user_sleep.test.js

@@ -1,6 +1,7 @@
 import {
   generateUser,
 } from '../../../../helpers/api-integration/v3';
+import { mockAnalyticsService as analytics } from '../../../../../website/server/libs/analyticsService';
 
 describe('POST /user/sleep', () => {
   let user;
@@ -22,4 +23,15 @@ describe('POST /user/sleep', () => {
     await user.sync();
     expect(user.preferences.sleep).to.be.false;
   });
+
+  it('sends sleep status to analytics service', async () => {
+    sandbox.spy(analytics, 'track');
+
+    await user.post('/user/sleep');
+    await user.sync();
+    expect(analytics.track).to.be.calledOnce;
+    expect(analytics.track).to.be.calledWith('sleep', sandbox.match.has('status', user.preferences.sleep));
+
+    sandbox.restore();
+  });
 });

test/api/v3/integration/user/auth/POST-register_local.test.js

@@ -6,10 +6,14 @@ import {
   getProperty,
 } from '../../../../../helpers/api-integration/v3';
 import { ApiUser } from '../../../../../helpers/api-integration/api-classes';
-import { v4 as generateRandomUserName } from 'uuid';
+import { v4 as uuid } from 'uuid';
 import { each } from 'lodash';
 import { encrypt } from '../../../../../../website/server/libs/encryption';
 
+function generateRandomUserName () {
+  return (Date.now() + uuid()).substring(0, 20);
+}
+
 describe('POST /user/auth/local/register', () => {
   context('username and email are free', () => {
     let api;
@@ -37,6 +41,71 @@ describe('POST /user/auth/local/register', () => {
       expect(user.newUser).to.eql(true);
     });
 
+    xit('remove spaces from username', async () => {
+      // TODO can probably delete this test now
+      let username = ' usernamewithspaces ';
+      let email = 'test@example.com';
+      let password = 'password';
+
+      let user = await api.post('/user/auth/local/register', {
+        username,
+        email,
+        password,
+        confirmPassword: password,
+      });
+
+      expect(user.auth.local.username).to.eql(username.trim());
+      expect(user.profile.name).to.eql(username.trim());
+    });
+
+    context('validates username', () => {
+      const email = 'test@example.com';
+      const password = 'password';
+
+      it('requires to username to be less than 20', async () => {
+        const username = (Date.now() + uuid()).substring(0, 21);
+
+        await expect(api.post('/user/auth/local/register', {
+          username,
+          email,
+          password,
+          confirmPassword: password,
+        })).to.eventually.be.rejected.and.eql({
+          code: 400,
+          error: 'BadRequest',
+          message: 'Invalid request parameters.',
+        });
+      });
+
+      it('rejects chracters not in [-_a-zA-Z0-9]', async () => {
+        const username = 'a-zA_Z09*';
+
+        await expect(api.post('/user/auth/local/register', {
+          username,
+          email,
+          password,
+          confirmPassword: password,
+        })).to.eventually.be.rejected.and.eql({
+          code: 400,
+          error: 'BadRequest',
+          message: 'Invalid request parameters.',
+        });
+      });
+
+      it('allows only [-_a-zA-Z0-9] characters', async () => {
+        const username = 'a-zA_Z09';
+
+        const user = await api.post('/user/auth/local/register', {
+          username,
+          email,
+          password,
+          confirmPassword: password,
+        });
+
+        expect(user.auth.local.username).to.eql(username);
+      });
+    });
+
     context('provides default tags and tasks', async () => {
       it('for a generic API consumer', async () => {
         let username = generateRandomUserName();

test/api/v3/integration/user/buy/POST-user_buy_gear.test.js

@@ -25,12 +25,32 @@ describe('POST /user/buy-gear/:key', () => {
       });
   });
 
-  it('buys a piece of gear', async () => {
+  it('buys the first level weapon gear', async () => {
+    let key = 'weapon_warrior_0';
+
+    await user.post(`/user/buy-gear/${key}`);
+    await user.sync();
+
+    expect(user.items.gear.owned[key]).to.eql(true);
+  });
+
+  it('buys the first level armor gear', async () => {
     let key = 'armor_warrior_1';
 
     await user.post(`/user/buy-gear/${key}`);
     await user.sync();
 
-    expect(user.items.gear.owned.armor_warrior_1).to.eql(true);
+    expect(user.items.gear.owned[key]).to.eql(true);
+  });
+
+  it('tries to buy subsequent, level gear', async () => {
+    let key = 'armor_warrior_2';
+
+    return expect(user.post(`/user/buy-gear/${key}`))
+      .to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: 'You need to purchase a lower level gear before this one.',
+      });
   });
 });

test/api/v3/integration/user/stats/POST-user_allocate.test.js

@@ -1,7 +1,7 @@
 import {
   generateUser,
   translate as t,
-} from '../../../../helpers/api-integration/v3';
+} from '../../../../../helpers/api-integration/v3';
 
 describe('POST /user/allocate', () => {
   let user;

test/api/v3/integration/user/stats/POST-user_allocate_bulk.test.js

@@ -0,0 +1,40 @@
+import {
+  generateUser,
+  translate as t,
+} from '../../../../../helpers/api-integration/v3';
+
+describe('POST /user/allocate-bulk', () => {
+  let user;
+  const statsUpdate = {
+    stats: {
+      con: 1,
+      str: 2,
+    },
+  };
+
+  beforeEach(async () => {
+    user = await generateUser();
+  });
+
+  // More tests in common code unit tests
+
+  it('returns an error if user does not have enough points', async () => {
+    await expect(user.post('/user/allocate-bulk', statsUpdate))
+      .to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('notEnoughAttrPoints'),
+      });
+  });
+
+  it('allocates attribute points', async () => {
+    await user.update({'stats.points': 3});
+
+    await user.post('/user/allocate-bulk', statsUpdate);
+    await user.sync();
+
+    expect(user.stats.con).to.equal(1);
+    expect(user.stats.str).to.equal(2);
+    expect(user.stats.points).to.equal(0);
+  });
+});

test/api/v3/integration/user/stats/POST-user_allocate_now.test.js

@@ -1,6 +1,6 @@
 import {
   generateUser,
-} from '../../../../helpers/api-integration/v3';
+} from '../../../../../helpers/api-integration/v3';
 
 describe('POST /user/allocate-now', () => {
   // More tests in common code unit tests

test/api/v3/unit/libs/amazonPayments.test.js

@@ -1,739 +0,0 @@
-import moment from 'moment';
-import cc from 'coupon-code';
-import uuid from 'uuid';
-
-import {
-  generateGroup,
-} from '../../../../helpers/api-unit.helper.js';
-import { model as User } from '../../../../../website/server/models/user';
-import { model as Group } from '../../../../../website/server/models/group';
-import { model as Coupon } from '../../../../../website/server/models/coupon';
-import amzLib from '../../../../../website/server/libs/amazonPayments';
-import payments from '../../../../../website/server/libs/payments';
-import common from '../../../../../website/common';
-
-const i18n = common.i18n;
-
-describe('Amazon Payments', () => {
-  let subKey = 'basic_3mo';
-
-  describe('checkout', () => {
-    let user, orderReferenceId, headers;
-    let setOrderReferenceDetailsSpy;
-    let confirmOrderReferenceSpy;
-    let authorizeSpy;
-    let closeOrderReferenceSpy;
-
-    let paymentBuyGemsStub;
-    let paymentCreateSubscritionStub;
-    let amount = 5;
-
-    function expectAmazonStubs () {
-      expect(setOrderReferenceDetailsSpy).to.be.calledOnce;
-      expect(setOrderReferenceDetailsSpy).to.be.calledWith({
-        AmazonOrderReferenceId: orderReferenceId,
-        OrderReferenceAttributes: {
-          OrderTotal: {
-            CurrencyCode: amzLib.constants.CURRENCY_CODE,
-            Amount: amount,
-          },
-          SellerNote: amzLib.constants.SELLER_NOTE,
-          SellerOrderAttributes: {
-            SellerOrderId: common.uuid(),
-            StoreName: amzLib.constants.STORE_NAME,
-          },
-        },
-      });
-
-      expect(confirmOrderReferenceSpy).to.be.calledOnce;
-      expect(confirmOrderReferenceSpy).to.be.calledWith({ AmazonOrderReferenceId: orderReferenceId });
-
-      expect(authorizeSpy).to.be.calledOnce;
-      expect(authorizeSpy).to.be.calledWith({
-        AmazonOrderReferenceId: orderReferenceId,
-        AuthorizationReferenceId: common.uuid().substring(0, 32),
-        AuthorizationAmount: {
-          CurrencyCode: amzLib.constants.CURRENCY_CODE,
-          Amount: amount,
-        },
-        SellerAuthorizationNote: amzLib.constants.SELLER_NOTE,
-        TransactionTimeout: 0,
-        CaptureNow: true,
-      });
-
-      expect(closeOrderReferenceSpy).to.be.calledOnce;
-      expect(closeOrderReferenceSpy).to.be.calledWith({ AmazonOrderReferenceId: orderReferenceId });
-    }
-
-    beforeEach(function () {
-      user = new User();
-      headers = {};
-      orderReferenceId = 'orderReferenceId';
-
-      setOrderReferenceDetailsSpy = sinon.stub(amzLib, 'setOrderReferenceDetails');
-      setOrderReferenceDetailsSpy.returnsPromise().resolves({});
-
-      confirmOrderReferenceSpy = sinon.stub(amzLib, 'confirmOrderReference');
-      confirmOrderReferenceSpy.returnsPromise().resolves({});
-
-      authorizeSpy = sinon.stub(amzLib, 'authorize');
-      authorizeSpy.returnsPromise().resolves({});
-
-      closeOrderReferenceSpy = sinon.stub(amzLib, 'closeOrderReference');
-      closeOrderReferenceSpy.returnsPromise().resolves({});
-
-      paymentBuyGemsStub = sinon.stub(payments, 'buyGems');
-      paymentBuyGemsStub.returnsPromise().resolves({});
-
-      paymentCreateSubscritionStub = sinon.stub(payments, 'createSubscription');
-      paymentCreateSubscritionStub.returnsPromise().resolves({});
-
-      sinon.stub(common, 'uuid').returns('uuid-generated');
-    });
-
-    afterEach(function () {
-      amzLib.setOrderReferenceDetails.restore();
-      amzLib.confirmOrderReference.restore();
-      amzLib.authorize.restore();
-      amzLib.closeOrderReference.restore();
-      payments.buyGems.restore();
-      payments.createSubscription.restore();
-      common.uuid.restore();
-    });
-
-    it('should purchase gems', async () => {
-      sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
-      await amzLib.checkout({user, orderReferenceId, headers});
-
-      expect(paymentBuyGemsStub).to.be.calledOnce;
-      expect(paymentBuyGemsStub).to.be.calledWith({
-        user,
-        paymentMethod: amzLib.constants.PAYMENT_METHOD,
-        headers,
-      });
-      expectAmazonStubs();
-      expect(user.canGetGems).to.be.calledOnce;
-      user.canGetGems.restore();
-    });
-
-    it('should error if gem amount is too low', async () => {
-      let receivingUser = new User();
-      receivingUser.save();
-      let gift = {
-        type: 'gems',
-        gems: {
-          amount: 0,
-          uuid: receivingUser._id,
-        },
-      };
-
-      await expect(amzLib.checkout({gift, user, orderReferenceId, headers}))
-      .to.eventually.be.rejected.and.to.eql({
-        httpCode: 400,
-        message: 'Amount must be at least 1.',
-        name: 'BadRequest',
-      });
-    });
-
-    it('should error if user cannot get gems gems', async () => {
-      sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
-      await expect(amzLib.checkout({user, orderReferenceId, headers})).to.eventually.be.rejected.and.to.eql({
-        httpCode: 401,
-        message: i18n.t('groupPolicyCannotGetGems'),
-        name: 'NotAuthorized',
-      });
-      user.canGetGems.restore();
-    });
-
-    it('should gift gems', async () => {
-      let receivingUser = new User();
-      await receivingUser.save();
-      let gift = {
-        type: 'gems',
-        uuid: receivingUser._id,
-        gems: {
-          amount: 16,
-        },
-      };
-      amount = 16 / 4;
-      await amzLib.checkout({gift, user, orderReferenceId, headers});
-
-      expect(paymentBuyGemsStub).to.be.calledOnce;
-      expect(paymentBuyGemsStub).to.be.calledWith({
-        user,
-        paymentMethod: amzLib.constants.PAYMENT_METHOD_GIFT,
-        headers,
-        gift,
-      });
-      expectAmazonStubs();
-    });
-
-    it('should gift a subscription', async () => {
-      let receivingUser = new User();
-      receivingUser.save();
-      let gift = {
-        type: 'subscription',
-        subscription: {
-          key: subKey,
-          uuid: receivingUser._id,
-        },
-      };
-      amount = common.content.subscriptionBlocks[subKey].price;
-
-      await amzLib.checkout({user, orderReferenceId, headers, gift});
-
-      gift.member = receivingUser;
-      expect(paymentCreateSubscritionStub).to.be.calledOnce;
-      expect(paymentCreateSubscritionStub).to.be.calledWith({
-        user,
-        paymentMethod: amzLib.constants.PAYMENT_METHOD_GIFT,
-        headers,
-        gift,
-      });
-      expectAmazonStubs();
-    });
-  });
-
-  describe('subscribe', () => {
-    let user, group, amount, billingAgreementId, sub, coupon, groupId, headers;
-    let amazonSetBillingAgreementDetailsSpy;
-    let amazonConfirmBillingAgreementSpy;
-    let amazongAuthorizeOnBillingAgreementSpy;
-    let createSubSpy;
-
-    beforeEach(async () => {
-      user = new User();
-      user.profile.name = 'sender';
-      user.purchased.plan.customerId = 'customer-id';
-      user.purchased.plan.planId = subKey;
-      user.purchased.plan.lastBillingDate = new Date();
-
-      group = generateGroup({
-        name: 'test group',
-        type: 'guild',
-        privacy: 'public',
-        leader: user._id,
-      });
-      group.purchased.plan.customerId = 'customer-id';
-      group.purchased.plan.planId = subKey;
-      await group.save();
-
-      amount = common.content.subscriptionBlocks[subKey].price;
-      billingAgreementId = 'billingAgreementId';
-      sub = {
-        key: subKey,
-        price: amount,
-      };
-      groupId = group._id;
-      headers = {};
-
-      amazonSetBillingAgreementDetailsSpy = sinon.stub(amzLib, 'setBillingAgreementDetails');
-      amazonSetBillingAgreementDetailsSpy.returnsPromise().resolves({});
-
-      amazonConfirmBillingAgreementSpy = sinon.stub(amzLib, 'confirmBillingAgreement');
-      amazonConfirmBillingAgreementSpy.returnsPromise().resolves({});
-
-      amazongAuthorizeOnBillingAgreementSpy = sinon.stub(amzLib, 'authorizeOnBillingAgreement');
-      amazongAuthorizeOnBillingAgreementSpy.returnsPromise().resolves({});
-
-      createSubSpy = sinon.stub(payments, 'createSubscription');
-      createSubSpy.returnsPromise().resolves({});
-
-      sinon.stub(common, 'uuid').returns('uuid-generated');
-    });
-
-    afterEach(function () {
-      amzLib.setBillingAgreementDetails.restore();
-      amzLib.confirmBillingAgreement.restore();
-      amzLib.authorizeOnBillingAgreement.restore();
-      payments.createSubscription.restore();
-      common.uuid.restore();
-    });
-
-    it('should throw an error if we are missing a subscription', async () => {
-      await expect(amzLib.subscribe({
-        billingAgreementId,
-        coupon,
-        user,
-        groupId,
-        headers,
-      }))
-      .to.eventually.be.rejected.and.to.eql({
-        httpCode: 400,
-        name: 'BadRequest',
-        message: i18n.t('missingSubscriptionCode'),
-      });
-    });
-
-    it('should throw an error if we are missing a billingAgreementId', async () => {
-      await expect(amzLib.subscribe({
-        sub,
-        coupon,
-        user,
-        groupId,
-        headers,
-      }))
-      .to.eventually.be.rejected.and.to.eql({
-        httpCode: 400,
-        name: 'BadRequest',
-        message: 'Missing req.body.billingAgreementId',
-      });
-    });
-
-    it('should throw an error when coupon code is missing', async () => {
-      sub.discount = 40;
-
-      await expect(amzLib.subscribe({
-        billingAgreementId,
-        sub,
-        coupon,
-        user,
-        groupId,
-        headers,
-      }))
-      .to.eventually.be.rejected.and.to.eql({
-        httpCode: 400,
-        name: 'BadRequest',
-        message: i18n.t('couponCodeRequired'),
-      });
-    });
-
-    it('should throw an error when coupon code is invalid', async () => {
-      sub.discount = 40;
-      sub.key = 'google_6mo';
-      coupon = 'example-coupon';
-
-      let couponModel = new Coupon();
-      couponModel.event = 'google_6mo';
-      await couponModel.save();
-
-      sinon.stub(cc, 'validate').returns('invalid');
-
-      await expect(amzLib.subscribe({
-        billingAgreementId,
-        sub,
-        coupon,
-        user,
-        groupId,
-        headers,
-      }))
-      .to.eventually.be.rejected.and.to.eql({
-        httpCode: 401,
-        name: 'NotAuthorized',
-        message: i18n.t('invalidCoupon'),
-      });
-      cc.validate.restore();
-    });
-
-    it('subscribes with amazon with a coupon', async () => {
-      sub.discount = 40;
-      sub.key = 'google_6mo';
-      coupon = 'example-coupon';
-
-      let couponModel = new Coupon();
-      couponModel.event = 'google_6mo';
-      let updatedCouponModel = await couponModel.save();
-
-      sinon.stub(cc, 'validate').returns(updatedCouponModel._id);
-
-      await amzLib.subscribe({
-        billingAgreementId,
-        sub,
-        coupon,
-        user,
-        groupId,
-        headers,
-      });
-
-      expect(createSubSpy).to.be.calledOnce;
-      expect(createSubSpy).to.be.calledWith({
-        user,
-        customerId: billingAgreementId,
-        paymentMethod: amzLib.constants.PAYMENT_METHOD,
-        sub,
-        headers,
-        groupId,
-      });
-
-      cc.validate.restore();
-    });
-
-    it('subscribes with amazon', async () => {
-      await amzLib.subscribe({
-        billingAgreementId,
-        sub,
-        coupon,
-        user,
-        groupId,
-        headers,
-      });
-
-      expect(amazonSetBillingAgreementDetailsSpy).to.be.calledOnce;
-      expect(amazonSetBillingAgreementDetailsSpy).to.be.calledWith({
-        AmazonBillingAgreementId: billingAgreementId,
-        BillingAgreementAttributes: {
-          SellerNote: amzLib.constants.SELLER_NOTE_SUBSCRIPTION,
-          SellerBillingAgreementAttributes: {
-            SellerBillingAgreementId: common.uuid(),
-            StoreName: amzLib.constants.STORE_NAME,
-            CustomInformation: amzLib.constants.SELLER_NOTE_SUBSCRIPTION,
-          },
-        },
-      });
-
-      expect(amazonConfirmBillingAgreementSpy).to.be.calledOnce;
-      expect(amazonConfirmBillingAgreementSpy).to.be.calledWith({
-        AmazonBillingAgreementId: billingAgreementId,
-      });
-
-      expect(amazongAuthorizeOnBillingAgreementSpy).to.be.calledOnce;
-      expect(amazongAuthorizeOnBillingAgreementSpy).to.be.calledWith({
-        AmazonBillingAgreementId: billingAgreementId,
-        AuthorizationReferenceId: common.uuid().substring(0, 32),
-        AuthorizationAmount: {
-          CurrencyCode: amzLib.constants.CURRENCY_CODE,
-          Amount: amount,
-        },
-        SellerAuthorizationNote: amzLib.constants.SELLER_NOTE_ATHORIZATION_SUBSCRIPTION,
-        TransactionTimeout: 0,
-        CaptureNow: true,
-        SellerNote: amzLib.constants.SELLER_NOTE_ATHORIZATION_SUBSCRIPTION,
-        SellerOrderAttributes: {
-          SellerOrderId: common.uuid(),
-          StoreName: amzLib.constants.STORE_NAME,
-        },
-      });
-
-      expect(createSubSpy).to.be.calledOnce;
-      expect(createSubSpy).to.be.calledWith({
-        user,
-        customerId: billingAgreementId,
-        paymentMethod: amzLib.constants.PAYMENT_METHOD,
-        sub,
-        headers,
-        groupId,
-      });
-    });
-
-    it('subscribes with amazon with price to existing users', async () => {
-      user = new User();
-      user.guilds.push(groupId);
-      await user.save();
-      group.memberCount = 2;
-      await group.save();
-      sub.key = 'group_monthly';
-      sub.price = 9;
-      amount = 12;
-
-      await amzLib.subscribe({
-        billingAgreementId,
-        sub,
-        coupon,
-        user,
-        groupId,
-        headers,
-      });
-
-      expect(amazonSetBillingAgreementDetailsSpy).to.be.calledOnce;
-      expect(amazonSetBillingAgreementDetailsSpy).to.be.calledWith({
-        AmazonBillingAgreementId: billingAgreementId,
-        BillingAgreementAttributes: {
-          SellerNote: amzLib.constants.SELLER_NOTE_SUBSCRIPTION,
-          SellerBillingAgreementAttributes: {
-            SellerBillingAgreementId: common.uuid(),
-            StoreName: amzLib.constants.STORE_NAME,
-            CustomInformation: amzLib.constants.SELLER_NOTE_SUBSCRIPTION,
-          },
-        },
-      });
-
-      expect(amazonConfirmBillingAgreementSpy).to.be.calledOnce;
-      expect(amazonConfirmBillingAgreementSpy).to.be.calledWith({
-        AmazonBillingAgreementId: billingAgreementId,
-      });
-
-      expect(amazongAuthorizeOnBillingAgreementSpy).to.be.calledOnce;
-      expect(amazongAuthorizeOnBillingAgreementSpy).to.be.calledWith({
-        AmazonBillingAgreementId: billingAgreementId,
-        AuthorizationReferenceId: common.uuid().substring(0, 32),
-        AuthorizationAmount: {
-          CurrencyCode: amzLib.constants.CURRENCY_CODE,
-          Amount: amount,
-        },
-        SellerAuthorizationNote: amzLib.constants.SELLER_NOTE_ATHORIZATION_SUBSCRIPTION,
-        TransactionTimeout: 0,
-        CaptureNow: true,
-        SellerNote: amzLib.constants.SELLER_NOTE_ATHORIZATION_SUBSCRIPTION,
-        SellerOrderAttributes: {
-          SellerOrderId: common.uuid(),
-          StoreName: amzLib.constants.STORE_NAME,
-        },
-      });
-
-      expect(createSubSpy).to.be.calledOnce;
-      expect(createSubSpy).to.be.calledWith({
-        user,
-        customerId: billingAgreementId,
-        paymentMethod: amzLib.constants.PAYMENT_METHOD,
-        sub,
-        headers,
-        groupId,
-      });
-    });
-  });
-
-  describe('cancelSubscription', () => {
-    let user, group, headers, billingAgreementId, subscriptionBlock, subscriptionLength;
-    let getBillingAgreementDetailsSpy;
-    let paymentCancelSubscriptionSpy;
-
-    function expectAmazonStubs () {
-      expect(getBillingAgreementDetailsSpy).to.be.calledOnce;
-      expect(getBillingAgreementDetailsSpy).to.be.calledWith({
-        AmazonBillingAgreementId: billingAgreementId,
-      });
-    }
-
-    beforeEach(async () => {
-      user = new User();
-      user.profile.name = 'sender';
-      user.purchased.plan.customerId = 'customer-id';
-      user.purchased.plan.planId = subKey;
-      user.purchased.plan.lastBillingDate = new Date();
-
-      group = generateGroup({
-        name: 'test group',
-        type: 'guild',
-        privacy: 'public',
-        leader: user._id,
-      });
-      group.purchased.plan.customerId = 'customer-id';
-      group.purchased.plan.planId = subKey;
-      group.purchased.plan.lastBillingDate = new Date();
-      await group.save();
-
-      subscriptionBlock = common.content.subscriptionBlocks[subKey];
-      subscriptionLength = subscriptionBlock.months * 30;
-
-      headers = {};
-
-      getBillingAgreementDetailsSpy = sinon.stub(amzLib, 'getBillingAgreementDetails');
-      getBillingAgreementDetailsSpy.returnsPromise().resolves({
-        BillingAgreementDetails: {
-          BillingAgreementStatus: {State: 'Closed'},
-        },
-      });
-
-      paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription');
-      paymentCancelSubscriptionSpy.returnsPromise().resolves({});
-    });
-
-    afterEach(function () {
-      amzLib.getBillingAgreementDetails.restore();
-      payments.cancelSubscription.restore();
-    });
-
-    it('should throw an error if we are missing a subscription', async () => {
-      user.purchased.plan.customerId = undefined;
-
-      await expect(amzLib.cancelSubscription({user}))
-        .to.eventually.be.rejected.and.to.eql({
-          httpCode: 401,
-          name: 'NotAuthorized',
-          message: i18n.t('missingSubscription'),
-        });
-    });
-
-    it('should cancel a user subscription', async () => {
-      billingAgreementId = user.purchased.plan.customerId;
-
-      await amzLib.cancelSubscription({user, headers});
-
-      expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
-      expect(paymentCancelSubscriptionSpy).to.be.calledWith({
-        user,
-        groupId: undefined,
-        nextBill: moment(user.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
-        paymentMethod: amzLib.constants.PAYMENT_METHOD,
-        headers,
-        cancellationReason: undefined,
-      });
-      expectAmazonStubs();
-    });
-
-    it('should close a user subscription if amazon not closed', async () => {
-      amzLib.getBillingAgreementDetails.restore();
-      getBillingAgreementDetailsSpy = sinon.stub(amzLib, 'getBillingAgreementDetails')
-        .returnsPromise()
-        .resolves({
-          BillingAgreementDetails: {
-            BillingAgreementStatus: {State: 'Open'},
-          },
-        });
-      let closeBillingAgreementSpy = sinon.stub(amzLib, 'closeBillingAgreement').returnsPromise().resolves({});
-      billingAgreementId = user.purchased.plan.customerId;
-
-      await amzLib.cancelSubscription({user, headers});
-
-      expectAmazonStubs();
-      expect(closeBillingAgreementSpy).to.be.calledOnce;
-      expect(closeBillingAgreementSpy).to.be.calledWith({
-        AmazonBillingAgreementId: billingAgreementId,
-      });
-      expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
-      expect(paymentCancelSubscriptionSpy).to.be.calledWith({
-        user,
-        groupId: undefined,
-        nextBill: moment(user.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
-        paymentMethod: amzLib.constants.PAYMENT_METHOD,
-        headers,
-        cancellationReason: undefined,
-      });
-      amzLib.closeBillingAgreement.restore();
-    });
-
-    it('should throw an error if group is not found', async () => {
-      await expect(amzLib.cancelSubscription({user, groupId: 'fake-id'}))
-        .to.eventually.be.rejected.and.to.eql({
-          httpCode: 404,
-          name: 'NotFound',
-          message: i18n.t('groupNotFound'),
-        });
-    });
-
-    it('should throw an error if user is not group leader', async () => {
-      let nonLeader = new User();
-      nonLeader.guilds.push(group._id);
-      await nonLeader.save();
-
-      await expect(amzLib.cancelSubscription({user: nonLeader, groupId: group._id}))
-        .to.eventually.be.rejected.and.to.eql({
-          httpCode: 401,
-          name: 'NotAuthorized',
-          message: i18n.t('onlyGroupLeaderCanManageSubscription'),
-        });
-    });
-
-    it('should cancel a group subscription', async () => {
-      billingAgreementId = group.purchased.plan.customerId;
-
-      await amzLib.cancelSubscription({user, groupId: group._id, headers});
-
-      expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
-      expect(paymentCancelSubscriptionSpy).to.be.calledWith({
-        user,
-        groupId: group._id,
-        nextBill: moment(group.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
-        paymentMethod: amzLib.constants.PAYMENT_METHOD,
-        headers,
-        cancellationReason: undefined,
-      });
-      expectAmazonStubs();
-    });
-
-    it('should close a group subscription if amazon not closed', async () => {
-      amzLib.getBillingAgreementDetails.restore();
-      getBillingAgreementDetailsSpy = sinon.stub(amzLib, 'getBillingAgreementDetails')
-        .returnsPromise()
-        .resolves({
-          BillingAgreementDetails: {
-            BillingAgreementStatus: {State: 'Open'},
-          },
-        });
-      let closeBillingAgreementSpy = sinon.stub(amzLib, 'closeBillingAgreement').returnsPromise().resolves({});
-      billingAgreementId = group.purchased.plan.customerId;
-
-      await amzLib.cancelSubscription({user, groupId: group._id, headers});
-
-      expectAmazonStubs();
-      expect(closeBillingAgreementSpy).to.be.calledOnce;
-      expect(closeBillingAgreementSpy).to.be.calledWith({
-        AmazonBillingAgreementId: billingAgreementId,
-      });
-      expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
-      expect(paymentCancelSubscriptionSpy).to.be.calledWith({
-        user,
-        groupId: group._id,
-        nextBill: moment(group.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
-        paymentMethod: amzLib.constants.PAYMENT_METHOD,
-        headers,
-        cancellationReason: undefined,
-      });
-      amzLib.closeBillingAgreement.restore();
-    });
-  });
-
-  describe('#upgradeGroupPlan', () => {
-    let spy, data, user, group, uuidString;
-
-    beforeEach(async function () {
-      user = new User();
-      user.profile.name = 'sender';
-
-      data = {
-        user,
-        sub: {
-          key: 'basic_3mo', // @TODO: Validate that this is group
-        },
-        customerId: 'customer-id',
-        paymentMethod: 'Payment Method',
-        headers: {
-          'x-client': 'habitica-web',
-          'user-agent': '',
-        },
-      };
-
-      group = generateGroup({
-        name: 'test group',
-        type: 'guild',
-        privacy: 'public',
-        leader: user._id,
-      });
-      await group.save();
-
-      spy = sinon.stub(amzLib, 'authorizeOnBillingAgreement');
-      spy.returnsPromise().resolves([]);
-
-      uuidString = 'uuid-v4';
-      sinon.stub(uuid, 'v4').returns(uuidString);
-
-      data.groupId = group._id;
-      data.sub.quantity = 3;
-    });
-
-    afterEach(function () {
-      sinon.restore(amzLib.authorizeOnBillingAgreement);
-      uuid.v4.restore();
-    });
-
-    it('charges for a new member', async () => {
-      data.paymentMethod = amzLib.constants.PAYMENT_METHOD;
-      await payments.createSubscription(data);
-
-      let updatedGroup = await Group.findById(group._id).exec();
-
-      updatedGroup.memberCount += 1;
-      await updatedGroup.save();
-
-      await amzLib.chargeForAdditionalGroupMember(updatedGroup);
-
-      expect(spy.calledOnce).to.be.true;
-      expect(spy).to.be.calledWith({
-        AmazonBillingAgreementId: updatedGroup.purchased.plan.customerId,
-        AuthorizationReferenceId: uuidString.substring(0, 32),
-        AuthorizationAmount: {
-          CurrencyCode: amzLib.constants.CURRENCY_CODE,
-          Amount: 3,
-        },
-        SellerAuthorizationNote: amzLib.constants.SELLER_NOTE_GROUP_NEW_MEMBER,
-        TransactionTimeout: 0,
-        CaptureNow: true,
-        SellerNote: amzLib.constants.SELLER_NOTE_GROUP_NEW_MEMBER,
-        SellerOrderAttributes: {
-          SellerOrderId: uuidString,
-          StoreName: amzLib.constants.STORE_NAME,
-        },
-      });
-    });
-  });
-});

test/api/v3/unit/libs/cron.test.js

@@ -365,6 +365,72 @@ describe('cron', () => {
 
       expect(user.history.todos).to.be.lengthOf(1);
     });
+
+    it('should remove completed todos from users taskOrder list', () => {
+      tasksByType.todos = [];
+      user.tasksOrder.todos = [];
+      let todo = {
+        text: 'test todo',
+        type: 'todo',
+        value: 0,
+      };
+
+      let task = new Tasks.todo(Tasks.Task.sanitize(todo)); // eslint-disable-line new-cap
+      tasksByType.todos.push(task);
+      task = new Tasks.todo(Tasks.Task.sanitize(todo)); // eslint-disable-line new-cap
+      tasksByType.todos.push(task);
+      tasksByType.todos[0].completed = true;
+
+      user.tasksOrder.todos = tasksByType.todos.map(taskTodo => {
+        return taskTodo._id;
+      });
+      // Since ideally tasksByType should not contain completed todos, fake ids should be filtered too
+      user.tasksOrder.todos.push('00000000-0000-0000-0000-000000000000');
+
+      expect(tasksByType.todos).to.be.lengthOf(2);
+      expect(user.tasksOrder.todos).to.be.lengthOf(3);
+
+      cron({user, tasksByType, daysMissed, analytics});
+
+      // user.tasksOrder.todos should be filtered while tasks by type remains unchanged
+      expect(tasksByType.todos).to.be.lengthOf(2);
+      expect(user.tasksOrder.todos).to.be.lengthOf(1);
+    });
+
+    it('should preserve todos order in task list', () => {
+      tasksByType.todos = [];
+      user.tasksOrder.todos = [];
+      let todo = {
+        text: 'test todo',
+        type: 'todo',
+        value: 0,
+      };
+
+      let task = new Tasks.todo(Tasks.Task.sanitize(todo)); // eslint-disable-line new-cap
+      tasksByType.todos.push(task);
+      task = new Tasks.todo(Tasks.Task.sanitize(todo)); // eslint-disable-line new-cap
+      tasksByType.todos.push(task);
+      task = new Tasks.todo(Tasks.Task.sanitize(todo)); // eslint-disable-line new-cap
+      tasksByType.todos.push(task);
+
+      // Set up user.tasksOrder list in a specific order
+      user.tasksOrder.todos = tasksByType.todos.map(todoTask => {
+        return todoTask._id;
+      }).reverse();
+      let original = user.tasksOrder.todos; // Preserve the original order
+
+      cron({user, tasksByType, daysMissed, analytics});
+
+      let listsAreEqual = true;
+      user.tasksOrder.todos.forEach((taskId, index) => {
+        if (original[index]._id !== taskId) {
+          listsAreEqual = false;
+        }
+      });
+
+      expect(listsAreEqual);
+      expect(user.tasksOrder.todos).to.be.lengthOf(original.length);
+    });
   });
 
   describe('dailys', () => {

test/api/v3/unit/libs/payments.test.js

@@ -153,6 +153,24 @@ describe('payments/index', () => {
         expect(recipient.purchased.plan.dateUpdated).to.exist;
       });
 
+      it('sets plan.dateUpdated if it did exist but the user has cancelled', async () => {
+        recipient.purchased.plan.dateUpdated = moment().subtract(1, 'days').toDate();
+        recipient.purchased.plan.dateTerminated = moment().subtract(1, 'days').toDate();
+        recipient.purchased.plan.customerId = 'testing';
+
+        await api.createSubscription(data);
+
+        expect(moment(recipient.purchased.plan.dateUpdated).date()).to.eql(moment().date());
+      });
+
+      it('sets plan.dateUpdated if it did exist but the user has a corrupt plan', async () => {
+        recipient.purchased.plan.dateUpdated = moment().subtract(1, 'days').toDate();
+
+        await api.createSubscription(data);
+
+        expect(moment(recipient.purchased.plan.dateUpdated).date()).to.eql(moment().date());
+      });
+
       it('sets plan.dateCreated if it did not previously exist', async () => {
         expect(recipient.purchased.plan.dateCreated).to.not.exist;
 
@@ -399,13 +417,19 @@ describe('payments/index', () => {
       it('awards mystery items when within the timeframe for a mystery item', async () => {
         let mayMysteryItemTimeframe = 1464725113000; // May 31st 2016
         let fakeClock = sinon.useFakeTimers(mayMysteryItemTimeframe);
+
         data = { paymentMethod: 'PaymentMethod', user, sub: { key: 'basic_3mo' } };
 
+        const oldNotificationsCount = user.notifications.length;
+
         await api.createSubscription(data);
 
+        expect(user.notifications.find(n => n.type === 'NEW_MYSTERY_ITEMS')).to.not.be.undefined;
         expect(user.purchased.plan.mysteryItems).to.have.a.lengthOf(2);
         expect(user.purchased.plan.mysteryItems).to.include('armor_mystery_201605');
         expect(user.purchased.plan.mysteryItems).to.include('head_mystery_201605');
+        expect(user.notifications.length).to.equal(oldNotificationsCount + 1);
+        expect(user.notifications[0].type).to.equal('NEW_MYSTERY_ITEMS');
 
         fakeClock.restore();
       });

test/api/v3/unit/libs/payments/amazon/cancel.test.js

@@ -0,0 +1,180 @@
+import moment from 'moment';
+
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import { model as User } from '../../../../../../../website/server/models/user';
+import amzLib from '../../../../../../../website/server/libs/amazonPayments';
+import payments from '../../../../../../../website/server/libs/payments';
+import common from '../../../../../../../website/common';
+import { createNonLeaderGroupMember } from '../paymentHelpers';
+
+const i18n = common.i18n;
+
+describe('Amazon Payments - Cancel Subscription', () => {
+  const subKey = 'basic_3mo';
+
+  let user, group, headers, billingAgreementId, subscriptionBlock, subscriptionLength;
+  let getBillingAgreementDetailsSpy;
+  let paymentCancelSubscriptionSpy;
+
+  function expectAmazonStubs () {
+    expect(getBillingAgreementDetailsSpy).to.be.calledOnce;
+    expect(getBillingAgreementDetailsSpy).to.be.calledWith({
+      AmazonBillingAgreementId: billingAgreementId,
+    });
+  }
+
+  function expectAmazonCancelSubscriptionSpy (groupId, lastBillingDate) {
+    expect(paymentCancelSubscriptionSpy).to.be.calledWith({
+      user,
+      groupId,
+      nextBill: moment(lastBillingDate).add({ days: subscriptionLength }),
+      paymentMethod: amzLib.constants.PAYMENT_METHOD,
+      headers,
+      cancellationReason: undefined,
+    });
+  }
+
+  function expectAmazonCancelUserSubscriptionSpy () {
+    expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
+    expectAmazonCancelSubscriptionSpy(undefined, user.purchased.plan.lastBillingDate);
+  }
+
+  function expectAmazonCancelGroupSubscriptionSpy (groupId) {
+    expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
+    expectAmazonCancelSubscriptionSpy(groupId, group.purchased.plan.lastBillingDate);
+  }
+
+  function expectBillingAggreementDetailSpy () {
+    getBillingAgreementDetailsSpy = sinon.stub(amzLib, 'getBillingAgreementDetails')
+      .returnsPromise()
+      .resolves({
+        BillingAgreementDetails: {
+          BillingAgreementStatus: {State: 'Open'},
+        },
+      });
+  }
+
+  beforeEach(async () => {
+    user = new User();
+    user.profile.name = 'sender';
+    user.purchased.plan.customerId = 'customer-id';
+    user.purchased.plan.planId = subKey;
+    user.purchased.plan.lastBillingDate = new Date();
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    group.purchased.plan.customerId = 'customer-id';
+    group.purchased.plan.planId = subKey;
+    group.purchased.plan.lastBillingDate = new Date();
+    await group.save();
+
+    subscriptionBlock = common.content.subscriptionBlocks[subKey];
+    subscriptionLength = subscriptionBlock.months * 30;
+
+    headers = {};
+
+    getBillingAgreementDetailsSpy = sinon.stub(amzLib, 'getBillingAgreementDetails');
+    getBillingAgreementDetailsSpy.returnsPromise().resolves({
+      BillingAgreementDetails: {
+        BillingAgreementStatus: {State: 'Closed'},
+      },
+    });
+
+    paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription');
+    paymentCancelSubscriptionSpy.returnsPromise().resolves({});
+  });
+
+  afterEach(function () {
+    amzLib.getBillingAgreementDetails.restore();
+    payments.cancelSubscription.restore();
+  });
+
+  it('should throw an error if we are missing a subscription', async () => {
+    user.purchased.plan.customerId = undefined;
+
+    await expect(amzLib.cancelSubscription({user}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 401,
+        name: 'NotAuthorized',
+        message: i18n.t('missingSubscription'),
+      });
+  });
+
+  it('should cancel a user subscription', async () => {
+    billingAgreementId = user.purchased.plan.customerId;
+
+    await amzLib.cancelSubscription({user, headers});
+
+    expectAmazonCancelUserSubscriptionSpy();
+    expectAmazonStubs();
+  });
+
+  it('should close a user subscription if amazon not closed', async () => {
+    amzLib.getBillingAgreementDetails.restore();
+    expectBillingAggreementDetailSpy();
+    let closeBillingAgreementSpy = sinon.stub(amzLib, 'closeBillingAgreement').returnsPromise().resolves({});
+    billingAgreementId = user.purchased.plan.customerId;
+
+    await amzLib.cancelSubscription({user, headers});
+
+    expectAmazonStubs();
+    expect(closeBillingAgreementSpy).to.be.calledOnce;
+    expect(closeBillingAgreementSpy).to.be.calledWith({
+      AmazonBillingAgreementId: billingAgreementId,
+    });
+    expectAmazonCancelUserSubscriptionSpy();
+    amzLib.closeBillingAgreement.restore();
+  });
+
+  it('should throw an error if group is not found', async () => {
+    await expect(amzLib.cancelSubscription({user, groupId: 'fake-id'}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 404,
+        name: 'NotFound',
+        message: i18n.t('groupNotFound'),
+      });
+  });
+
+  it('should throw an error if user is not group leader', async () => {
+    let nonLeader = await createNonLeaderGroupMember(group);
+
+    await expect(amzLib.cancelSubscription({user: nonLeader, groupId: group._id}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 401,
+        name: 'NotAuthorized',
+        message: i18n.t('onlyGroupLeaderCanManageSubscription'),
+      });
+  });
+
+  it('should cancel a group subscription', async () => {
+    billingAgreementId = group.purchased.plan.customerId;
+
+    await amzLib.cancelSubscription({user, groupId: group._id, headers});
+
+    expectAmazonCancelGroupSubscriptionSpy(group._id);
+    expectAmazonStubs();
+  });
+
+  it('should close a group subscription if amazon not closed', async () => {
+    amzLib.getBillingAgreementDetails.restore();
+    expectBillingAggreementDetailSpy();
+    let closeBillingAgreementSpy = sinon.stub(amzLib, 'closeBillingAgreement').returnsPromise().resolves({});
+    billingAgreementId = group.purchased.plan.customerId;
+
+    await amzLib.cancelSubscription({user, groupId: group._id, headers});
+
+    expectAmazonStubs();
+    expect(closeBillingAgreementSpy).to.be.calledOnce;
+    expect(closeBillingAgreementSpy).to.be.calledWith({
+      AmazonBillingAgreementId: billingAgreementId,
+    });
+    expectAmazonCancelGroupSubscriptionSpy(group._id);
+    amzLib.closeBillingAgreement.restore();
+  });
+});

test/api/v3/unit/libs/payments/amazon/checkout.test.js

@@ -0,0 +1,193 @@
+import { model as User } from '../../../../../../../website/server/models/user';
+import amzLib from '../../../../../../../website/server/libs/amazonPayments';
+import payments from '../../../../../../../website/server/libs/payments';
+import common from '../../../../../../../website/common';
+
+const i18n = common.i18n;
+
+describe('Amazon Payments - Checkout', () => {
+  const subKey = 'basic_3mo';
+  let user, orderReferenceId, headers;
+  let setOrderReferenceDetailsSpy;
+  let confirmOrderReferenceSpy;
+  let authorizeSpy;
+  let closeOrderReferenceSpy;
+
+  let paymentBuyGemsStub;
+  let paymentCreateSubscritionStub;
+  let amount = 5;
+
+  function expectOrderReferenceSpy () {
+    expect(setOrderReferenceDetailsSpy).to.be.calledOnce;
+    expect(setOrderReferenceDetailsSpy).to.be.calledWith({
+      AmazonOrderReferenceId: orderReferenceId,
+      OrderReferenceAttributes: {
+        OrderTotal: {
+          CurrencyCode: amzLib.constants.CURRENCY_CODE,
+          Amount: amount,
+        },
+        SellerNote: amzLib.constants.SELLER_NOTE,
+        SellerOrderAttributes: {
+          SellerOrderId: common.uuid(),
+          StoreName: amzLib.constants.STORE_NAME,
+        },
+      },
+    });
+  }
+
+  function expectAuthorizeSpy () {
+    expect(authorizeSpy).to.be.calledOnce;
+    expect(authorizeSpy).to.be.calledWith({
+      AmazonOrderReferenceId: orderReferenceId,
+      AuthorizationReferenceId: common.uuid().substring(0, 32),
+      AuthorizationAmount: {
+        CurrencyCode: amzLib.constants.CURRENCY_CODE,
+        Amount: amount,
+      },
+      SellerAuthorizationNote: amzLib.constants.SELLER_NOTE,
+      TransactionTimeout: 0,
+      CaptureNow: true,
+    });
+  }
+
+  function expectAmazonStubs () {
+    expectOrderReferenceSpy();
+
+    expect(confirmOrderReferenceSpy).to.be.calledOnce;
+    expect(confirmOrderReferenceSpy).to.be.calledWith({ AmazonOrderReferenceId: orderReferenceId });
+
+    expectAuthorizeSpy();
+
+    expect(closeOrderReferenceSpy).to.be.calledOnce;
+    expect(closeOrderReferenceSpy).to.be.calledWith({ AmazonOrderReferenceId: orderReferenceId });
+  }
+
+  beforeEach(function () {
+    user = new User();
+    headers = {};
+    orderReferenceId = 'orderReferenceId';
+
+    setOrderReferenceDetailsSpy = sinon.stub(amzLib, 'setOrderReferenceDetails');
+    setOrderReferenceDetailsSpy.returnsPromise().resolves({});
+
+    confirmOrderReferenceSpy = sinon.stub(amzLib, 'confirmOrderReference');
+    confirmOrderReferenceSpy.returnsPromise().resolves({});
+
+    authorizeSpy = sinon.stub(amzLib, 'authorize');
+    authorizeSpy.returnsPromise().resolves({});
+
+    closeOrderReferenceSpy = sinon.stub(amzLib, 'closeOrderReference');
+    closeOrderReferenceSpy.returnsPromise().resolves({});
+
+    paymentBuyGemsStub = sinon.stub(payments, 'buyGems');
+    paymentBuyGemsStub.returnsPromise().resolves({});
+
+    paymentCreateSubscritionStub = sinon.stub(payments, 'createSubscription');
+    paymentCreateSubscritionStub.returnsPromise().resolves({});
+
+    sinon.stub(common, 'uuid').returns('uuid-generated');
+  });
+
+  afterEach(function () {
+    amzLib.setOrderReferenceDetails.restore();
+    amzLib.confirmOrderReference.restore();
+    amzLib.authorize.restore();
+    amzLib.closeOrderReference.restore();
+    payments.buyGems.restore();
+    payments.createSubscription.restore();
+    common.uuid.restore();
+  });
+
+  function expectBuyGemsStub (paymentMethod, gift) {
+    expect(paymentBuyGemsStub).to.be.calledOnce;
+
+    let expectedArgs = {
+      user,
+      paymentMethod,
+      headers,
+    };
+    if (gift) expectedArgs.gift = gift;
+    expect(paymentBuyGemsStub).to.be.calledWith(expectedArgs);
+  }
+
+  it('should purchase gems', async () => {
+    sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
+    await amzLib.checkout({user, orderReferenceId, headers});
+
+    expectBuyGemsStub(amzLib.constants.PAYMENT_METHOD);
+    expectAmazonStubs();
+    expect(user.canGetGems).to.be.calledOnce;
+    user.canGetGems.restore();
+  });
+
+  it('should error if gem amount is too low', async () => {
+    let receivingUser = new User();
+    receivingUser.save();
+    let gift = {
+      type: 'gems',
+      gems: {
+        amount: 0,
+        uuid: receivingUser._id,
+      },
+    };
+
+    await expect(amzLib.checkout({gift, user, orderReferenceId, headers}))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 400,
+      message: 'Amount must be at least 1.',
+      name: 'BadRequest',
+    });
+  });
+
+  it('should error if user cannot get gems gems', async () => {
+    sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+    await expect(amzLib.checkout({user, orderReferenceId, headers})).to.eventually.be.rejected.and.to.eql({
+      httpCode: 401,
+      message: i18n.t('groupPolicyCannotGetGems'),
+      name: 'NotAuthorized',
+    });
+    user.canGetGems.restore();
+  });
+
+  it('should gift gems', async () => {
+    let receivingUser = new User();
+    await receivingUser.save();
+    let gift = {
+      type: 'gems',
+      uuid: receivingUser._id,
+      gems: {
+        amount: 16,
+      },
+    };
+    amount = 16 / 4;
+    await amzLib.checkout({gift, user, orderReferenceId, headers});
+
+    expectBuyGemsStub(amzLib.constants.PAYMENT_METHOD_GIFT, gift);
+    expectAmazonStubs();
+  });
+
+  it('should gift a subscription', async () => {
+    let receivingUser = new User();
+    receivingUser.save();
+    let gift = {
+      type: 'subscription',
+      subscription: {
+        key: subKey,
+        uuid: receivingUser._id,
+      },
+    };
+    amount = common.content.subscriptionBlocks[subKey].price;
+
+    await amzLib.checkout({user, orderReferenceId, headers, gift});
+
+    gift.member = receivingUser;
+    expect(paymentCreateSubscritionStub).to.be.calledOnce;
+    expect(paymentCreateSubscritionStub).to.be.calledWith({
+      user,
+      paymentMethod: amzLib.constants.PAYMENT_METHOD_GIFT,
+      headers,
+      gift,
+    });
+    expectAmazonStubs();
+  });
+});

test/api/v3/unit/libs/payments/amazon/subscribe.test.js

@@ -0,0 +1,267 @@
+import cc from 'coupon-code';
+
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import { model as User } from '../../../../../../../website/server/models/user';
+import { model as Coupon } from '../../../../../../../website/server/models/coupon';
+import amzLib from '../../../../../../../website/server/libs/amazonPayments';
+import payments from '../../../../../../../website/server/libs/payments';
+import common from '../../../../../../../website/common';
+
+const i18n = common.i18n;
+
+describe('Amazon Payments - Subscribe', () => {
+  const subKey = 'basic_3mo';
+  let user, group, amount, billingAgreementId, sub, coupon, groupId, headers;
+  let amazonSetBillingAgreementDetailsSpy;
+  let amazonConfirmBillingAgreementSpy;
+  let amazonAuthorizeOnBillingAgreementSpy;
+  let createSubSpy;
+
+  beforeEach(async () => {
+    user = new User();
+    user.profile.name = 'sender';
+    user.purchased.plan.customerId = 'customer-id';
+    user.purchased.plan.planId = subKey;
+    user.purchased.plan.lastBillingDate = new Date();
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    group.purchased.plan.customerId = 'customer-id';
+    group.purchased.plan.planId = subKey;
+    await group.save();
+
+    amount = common.content.subscriptionBlocks[subKey].price;
+    billingAgreementId = 'billingAgreementId';
+    sub = {
+      key: subKey,
+      price: amount,
+    };
+    groupId = group._id;
+    headers = {};
+
+    amazonSetBillingAgreementDetailsSpy = sinon.stub(amzLib, 'setBillingAgreementDetails');
+    amazonSetBillingAgreementDetailsSpy.returnsPromise().resolves({});
+
+    amazonConfirmBillingAgreementSpy = sinon.stub(amzLib, 'confirmBillingAgreement');
+    amazonConfirmBillingAgreementSpy.returnsPromise().resolves({});
+
+    amazonAuthorizeOnBillingAgreementSpy = sinon.stub(amzLib, 'authorizeOnBillingAgreement');
+    amazonAuthorizeOnBillingAgreementSpy.returnsPromise().resolves({});
+
+    createSubSpy = sinon.stub(payments, 'createSubscription');
+    createSubSpy.returnsPromise().resolves({});
+
+    sinon.stub(common, 'uuid').returns('uuid-generated');
+  });
+
+  afterEach(function () {
+    amzLib.setBillingAgreementDetails.restore();
+    amzLib.confirmBillingAgreement.restore();
+    amzLib.authorizeOnBillingAgreement.restore();
+    payments.createSubscription.restore();
+    common.uuid.restore();
+  });
+
+  function expectAmazonAuthorizeBillingAgreementSpy () {
+    expect(amazonAuthorizeOnBillingAgreementSpy).to.be.calledOnce;
+    expect(amazonAuthorizeOnBillingAgreementSpy).to.be.calledWith({
+      AmazonBillingAgreementId: billingAgreementId,
+      AuthorizationReferenceId: common.uuid().substring(0, 32),
+      AuthorizationAmount: {
+        CurrencyCode: amzLib.constants.CURRENCY_CODE,
+        Amount: amount,
+      },
+      SellerAuthorizationNote: amzLib.constants.SELLER_NOTE_ATHORIZATION_SUBSCRIPTION,
+      TransactionTimeout: 0,
+      CaptureNow: true,
+      SellerNote: amzLib.constants.SELLER_NOTE_ATHORIZATION_SUBSCRIPTION,
+      SellerOrderAttributes: {
+        SellerOrderId: common.uuid(),
+        StoreName: amzLib.constants.STORE_NAME,
+      },
+    });
+  }
+
+  function expectAmazonSetBillingAgreementDetailsSpy () {
+    expect(amazonSetBillingAgreementDetailsSpy).to.be.calledOnce;
+    expect(amazonSetBillingAgreementDetailsSpy).to.be.calledWith({
+      AmazonBillingAgreementId: billingAgreementId,
+      BillingAgreementAttributes: {
+        SellerNote: amzLib.constants.SELLER_NOTE_SUBSCRIPTION,
+        SellerBillingAgreementAttributes: {
+          SellerBillingAgreementId: common.uuid(),
+          StoreName: amzLib.constants.STORE_NAME,
+          CustomInformation: amzLib.constants.SELLER_NOTE_SUBSCRIPTION,
+        },
+      },
+    });
+  }
+
+  function expectCreateSpy () {
+    expect(createSubSpy).to.be.calledOnce;
+    expect(createSubSpy).to.be.calledWith({
+      user,
+      customerId: billingAgreementId,
+      paymentMethod: amzLib.constants.PAYMENT_METHOD,
+      sub,
+      headers,
+      groupId,
+    });
+  }
+
+  it('should throw an error if we are missing a subscription', async () => {
+    await expect(amzLib.subscribe({
+      billingAgreementId,
+      coupon,
+      user,
+      groupId,
+      headers,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 400,
+      name: 'BadRequest',
+      message: i18n.t('missingSubscriptionCode'),
+    });
+  });
+
+  it('should throw an error if we are missing a billingAgreementId', async () => {
+    await expect(amzLib.subscribe({
+      sub,
+      coupon,
+      user,
+      groupId,
+      headers,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 400,
+      name: 'BadRequest',
+      message: 'Missing req.body.billingAgreementId',
+    });
+  });
+
+  it('should throw an error when coupon code is missing', async () => {
+    sub.discount = 40;
+
+    await expect(amzLib.subscribe({
+      billingAgreementId,
+      sub,
+      coupon,
+      user,
+      groupId,
+      headers,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 400,
+      name: 'BadRequest',
+      message: i18n.t('couponCodeRequired'),
+    });
+  });
+
+  it('should throw an error when coupon code is invalid', async () => {
+    sub.discount = 40;
+    sub.key = 'google_6mo';
+    coupon = 'example-coupon';
+
+    let couponModel = new Coupon();
+    couponModel.event = 'google_6mo';
+    await couponModel.save();
+
+    sinon.stub(cc, 'validate').returns('invalid');
+
+    await expect(amzLib.subscribe({
+      billingAgreementId,
+      sub,
+      coupon,
+      user,
+      groupId,
+      headers,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 401,
+      name: 'NotAuthorized',
+      message: i18n.t('invalidCoupon'),
+    });
+    cc.validate.restore();
+  });
+
+  it('subscribes with amazon with a coupon', async () => {
+    sub.discount = 40;
+    sub.key = 'google_6mo';
+    coupon = 'example-coupon';
+
+    let couponModel = new Coupon();
+    couponModel.event = 'google_6mo';
+    let updatedCouponModel = await couponModel.save();
+
+    sinon.stub(cc, 'validate').returns(updatedCouponModel._id);
+
+    await amzLib.subscribe({
+      billingAgreementId,
+      sub,
+      coupon,
+      user,
+      groupId,
+      headers,
+    });
+
+    expectCreateSpy();
+
+    cc.validate.restore();
+  });
+
+  it('subscribes with amazon', async () => {
+    await amzLib.subscribe({
+      billingAgreementId,
+      sub,
+      coupon,
+      user,
+      groupId,
+      headers,
+    });
+
+    expectAmazonSetBillingAgreementDetailsSpy();
+
+    expect(amazonConfirmBillingAgreementSpy).to.be.calledOnce;
+    expect(amazonConfirmBillingAgreementSpy).to.be.calledWith({
+      AmazonBillingAgreementId: billingAgreementId,
+    });
+
+    expectAmazonAuthorizeBillingAgreementSpy();
+
+    expectCreateSpy();
+  });
+
+  it('subscribes with amazon with price to existing users', async () => {
+    user = new User();
+    user.guilds.push(groupId);
+    await user.save();
+    group.memberCount = 2;
+    await group.save();
+    sub.key = 'group_monthly';
+    sub.price = 9;
+    amount = 12;
+
+    await amzLib.subscribe({
+      billingAgreementId,
+      sub,
+      coupon,
+      user,
+      groupId,
+      headers,
+    });
+
+    expectAmazonSetBillingAgreementDetailsSpy();
+    expect(amazonConfirmBillingAgreementSpy).to.be.calledOnce;
+    expect(amazonConfirmBillingAgreementSpy).to.be.calledWith({
+      AmazonBillingAgreementId: billingAgreementId,
+    });
+    expectAmazonAuthorizeBillingAgreementSpy();
+    expectCreateSpy();
+  });
+});

test/api/v3/unit/libs/payments/amazon/upgrade-groupplan.test.js

@@ -0,0 +1,83 @@
+import uuid from 'uuid';
+
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import { model as User } from '../../../../../../../website/server/models/user';
+import { model as Group } from '../../../../../../../website/server/models/group';
+import amzLib from '../../../../../../../website/server/libs/amazonPayments';
+import payments from '../../../../../../../website/server/libs/payments';
+
+describe('#upgradeGroupPlan', () => {
+  let spy, data, user, group, uuidString;
+
+  beforeEach(async function () {
+    user = new User();
+    user.profile.name = 'sender';
+
+    data = {
+      user,
+      sub: {
+        key: 'basic_3mo', // @TODO: Validate that this is group
+      },
+      customerId: 'customer-id',
+      paymentMethod: 'Payment Method',
+      headers: {
+        'x-client': 'habitica-web',
+        'user-agent': '',
+      },
+    };
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    await group.save();
+
+    spy = sinon.stub(amzLib, 'authorizeOnBillingAgreement');
+    spy.returnsPromise().resolves([]);
+
+    uuidString = 'uuid-v4';
+    sinon.stub(uuid, 'v4').returns(uuidString);
+
+    data.groupId = group._id;
+    data.sub.quantity = 3;
+  });
+
+  afterEach(function () {
+    amzLib.authorizeOnBillingAgreement.restore();
+    uuid.v4.restore();
+  });
+
+  it('charges for a new member', async () => {
+    data.paymentMethod = amzLib.constants.PAYMENT_METHOD;
+    await payments.createSubscription(data);
+
+    let updatedGroup = await Group.findById(group._id).exec();
+
+    updatedGroup.memberCount += 1;
+    await updatedGroup.save();
+
+    await amzLib.chargeForAdditionalGroupMember(updatedGroup);
+
+    expect(spy.calledOnce).to.be.true;
+    expect(spy).to.be.calledWith({
+      AmazonBillingAgreementId: updatedGroup.purchased.plan.customerId,
+      AuthorizationReferenceId: uuidString.substring(0, 32),
+      AuthorizationAmount: {
+        CurrencyCode: amzLib.constants.CURRENCY_CODE,
+        Amount: 3,
+      },
+      SellerAuthorizationNote: amzLib.constants.SELLER_NOTE_GROUP_NEW_MEMBER,
+      TransactionTimeout: 0,
+      CaptureNow: true,
+      SellerNote: amzLib.constants.SELLER_NOTE_GROUP_NEW_MEMBER,
+      SellerOrderAttributes: {
+        SellerOrderId: uuidString,
+        StoreName: amzLib.constants.STORE_NAME,
+      },
+    });
+  });
+});

test/api/v3/unit/libs/payments/group-plans/group-payments-create.test.js

@@ -475,7 +475,7 @@ describe('Purchasing a group plan for group', () => {
 
     let updatedUser = await User.findById(recipient._id).exec();
 
-    expect(updatedUser.purchased.plan.extraMonths).to.within(3, 4);
+    expect(updatedUser.purchased.plan.extraMonths).to.within(3, 5);
   });
 
   it('adds months to members with existing recurring subscription (Paypal)', async () => {

test/api/v3/unit/libs/payments/paymentHelpers.js

@@ -0,0 +1,7 @@
+import { model as User } from '../../../../../../website/server/models/user';
+
+export async function createNonLeaderGroupMember (group) {
+  let nonLeader = new User();
+  nonLeader.guilds.push(group._id);
+  return await nonLeader.save();
+}

test/api/v3/unit/libs/payments/paypal/checkout-success.test.js

@@ -0,0 +1,87 @@
+/* eslint-disable camelcase */
+import payments from '../../../../../../../website/server/libs/payments';
+import paypalPayments from '../../../../../../../website/server/libs/paypalPayments';
+import { model as User } from '../../../../../../../website/server/models/user';
+
+describe('checkout success', () => {
+  const subKey = 'basic_3mo';
+  let user, gift, customerId, paymentId;
+  let paypalPaymentExecuteStub, paymentBuyGemsStub, paymentsCreateSubscritionStub;
+
+  beforeEach(() => {
+    user = new User();
+    customerId = 'customerId-test';
+    paymentId = 'paymentId-test';
+
+    paypalPaymentExecuteStub = sinon.stub(paypalPayments, 'paypalPaymentExecute').returnsPromise().resolves({});
+    paymentBuyGemsStub = sinon.stub(payments, 'buyGems').returnsPromise().resolves({});
+    paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').returnsPromise().resolves({});
+  });
+
+  afterEach(() => {
+    paypalPayments.paypalPaymentExecute.restore();
+    payments.buyGems.restore();
+    payments.createSubscription.restore();
+  });
+
+  it('purchases gems', async () => {
+    await paypalPayments.checkoutSuccess({user, gift, paymentId, customerId});
+
+    expect(paypalPaymentExecuteStub).to.be.calledOnce;
+    expect(paypalPaymentExecuteStub).to.be.calledWith(paymentId, { payer_id: customerId });
+    expect(paymentBuyGemsStub).to.be.calledOnce;
+    expect(paymentBuyGemsStub).to.be.calledWith({
+      user,
+      customerId,
+      paymentMethod: 'Paypal',
+    });
+  });
+
+  it('gifts gems', async () => {
+    let receivingUser = new User();
+    await receivingUser.save();
+    gift = {
+      type: 'gems',
+      gems: {
+        amount: 16,
+        uuid: receivingUser._id,
+      },
+    };
+
+    await paypalPayments.checkoutSuccess({user, gift, paymentId, customerId});
+
+    expect(paypalPaymentExecuteStub).to.be.calledOnce;
+    expect(paypalPaymentExecuteStub).to.be.calledWith(paymentId, { payer_id: customerId });
+    expect(paymentBuyGemsStub).to.be.calledOnce;
+    expect(paymentBuyGemsStub).to.be.calledWith({
+      user,
+      customerId,
+      paymentMethod: 'PayPal (Gift)',
+      gift,
+    });
+  });
+
+  it('gifts subscription', async () => {
+    let receivingUser = new User();
+    await receivingUser.save();
+    gift = {
+      type: 'subscription',
+      subscription: {
+        key: subKey,
+        uuid: receivingUser._id,
+      },
+    };
+
+    await paypalPayments.checkoutSuccess({user, gift, paymentId, customerId});
+
+    expect(paypalPaymentExecuteStub).to.be.calledOnce;
+    expect(paypalPaymentExecuteStub).to.be.calledWith(paymentId, { payer_id: customerId });
+    expect(paymentsCreateSubscritionStub).to.be.calledOnce;
+    expect(paymentsCreateSubscritionStub).to.be.calledWith({
+      user,
+      customerId,
+      paymentMethod: 'PayPal (Gift)',
+      gift,
+    });
+  });
+});

test/api/v3/unit/libs/payments/paypal/checkout.test.js

@@ -0,0 +1,127 @@
+/* eslint-disable camelcase */
+import nconf from 'nconf';
+
+import paypalPayments from '../../../../../../../website/server/libs/paypalPayments';
+import { model as User } from '../../../../../../../website/server/models/user';
+import common from '../../../../../../../website/common';
+
+const BASE_URL = nconf.get('BASE_URL');
+const i18n = common.i18n;
+
+describe('checkout', () => {
+  const subKey = 'basic_3mo';
+  let paypalPaymentCreateStub;
+  let approvalHerf;
+
+  function getPaypalCreateOptions (description, amount) {
+    return {
+      intent: 'sale',
+      payer: { payment_method: 'Paypal' },
+      redirect_urls: {
+        return_url: `${BASE_URL}/paypal/checkout/success`,
+        cancel_url: `${BASE_URL}`,
+      },
+      transactions: [{
+        item_list: {
+          items: [{
+            name: description,
+            price: amount,
+            currency: 'USD',
+            quantity: 1,
+          }],
+        },
+        amount: {
+          currency: 'USD',
+          total: amount,
+        },
+        description,
+      }],
+    };
+  }
+
+  beforeEach(() => {
+    approvalHerf = 'approval_href';
+    paypalPaymentCreateStub = sinon.stub(paypalPayments, 'paypalPaymentCreate')
+      .returnsPromise().resolves({
+        links: [{ rel: 'approval_url', href: approvalHerf }],
+      });
+  });
+
+  afterEach(() => {
+    paypalPayments.paypalPaymentCreate.restore();
+  });
+
+  it('creates a link for gem purchases', async () => {
+    let link = await paypalPayments.checkout({user: new User()});
+
+    expect(paypalPaymentCreateStub).to.be.calledOnce;
+    expect(paypalPaymentCreateStub).to.be.calledWith(getPaypalCreateOptions('Habitica Gems', 5.00));
+    expect(link).to.eql(approvalHerf);
+  });
+
+  it('should error if gem amount is too low', async () => {
+    let receivingUser = new User();
+    receivingUser.save();
+    let gift = {
+      type: 'gems',
+      gems: {
+        amount: 0,
+        uuid: receivingUser._id,
+      },
+    };
+
+    await expect(paypalPayments.checkout({gift}))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 400,
+      message: 'Amount must be at least 1.',
+      name: 'BadRequest',
+    });
+  });
+
+  it('should error if the user cannot get gems', async () => {
+    let user = new User();
+    sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+
+    await expect(paypalPayments.checkout({user})).to.eventually.be.rejected.and.to.eql({
+      httpCode: 401,
+      message: i18n.t('groupPolicyCannotGetGems'),
+      name: 'NotAuthorized',
+    });
+  });
+
+  it('creates a link for gifting gems', async () => {
+    let receivingUser = new User();
+    await receivingUser.save();
+    let gift = {
+      type: 'gems',
+      uuid: receivingUser._id,
+      gems: {
+        amount: 16,
+      },
+    };
+
+    let link = await paypalPayments.checkout({gift});
+
+    expect(paypalPaymentCreateStub).to.be.calledOnce;
+    expect(paypalPaymentCreateStub).to.be.calledWith(getPaypalCreateOptions('Habitica Gems (Gift)', '4.00'));
+    expect(link).to.eql(approvalHerf);
+  });
+
+  it('creates a link for gifting a subscription', async () => {
+    let receivingUser = new User();
+    receivingUser.save();
+    let gift = {
+      type: 'subscription',
+      subscription: {
+        key: subKey,
+        uuid: receivingUser._id,
+      },
+    };
+
+    let link = await paypalPayments.checkout({gift});
+
+    expect(paypalPaymentCreateStub).to.be.calledOnce;
+    expect(paypalPaymentCreateStub).to.be.calledWith(getPaypalCreateOptions('mo. Habitica Subscription (Gift)', '15.00'));
+    expect(link).to.eql(approvalHerf);
+  });
+});

test/api/v3/unit/libs/payments/paypal/ipn.test.js

@@ -0,0 +1,66 @@
+/* eslint-disable camelcase */
+import payments from '../../../../../../../website/server/libs/payments';
+import paypalPayments from '../../../../../../../website/server/libs/paypalPayments';
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import { model as User } from '../../../../../../../website/server/models/user';
+
+describe('ipn', () => {
+  const subKey = 'basic_3mo';
+  let user, group, txn_type, userPaymentId, groupPaymentId;
+  let ipnVerifyAsyncStub, paymentCancelSubscriptionSpy;
+
+  beforeEach(async () => {
+    txn_type = 'recurring_payment_profile_cancel';
+    userPaymentId = 'userPaymentId-test';
+    groupPaymentId = 'groupPaymentId-test';
+
+    user = new User();
+    user.profile.name = 'sender';
+    user.purchased.plan.customerId = userPaymentId;
+    user.purchased.plan.planId = subKey;
+    user.purchased.plan.lastBillingDate = new Date();
+    await user.save();
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    group.purchased.plan.customerId = groupPaymentId;
+    group.purchased.plan.planId = subKey;
+    group.purchased.plan.lastBillingDate = new Date();
+    await group.save();
+
+    ipnVerifyAsyncStub = sinon.stub(paypalPayments, 'ipnVerifyAsync').returnsPromise().resolves({});
+    paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+  });
+
+  afterEach(function () {
+    paypalPayments.ipnVerifyAsync.restore();
+    payments.cancelSubscription.restore();
+  });
+
+  it('should cancel a user subscription', async () => {
+    await paypalPayments.ipn({txn_type, recurring_payment_id: userPaymentId});
+
+    expect(ipnVerifyAsyncStub).to.be.calledOnce;
+    expect(ipnVerifyAsyncStub).to.be.calledWith({txn_type, recurring_payment_id: userPaymentId});
+
+    expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
+    expect(paymentCancelSubscriptionSpy.args[0][0].user._id).to.eql(user._id);
+    expect(paymentCancelSubscriptionSpy.args[0][0].paymentMethod).to.eql('Paypal');
+  });
+
+  it('should cancel a group subscription', async () => {
+    await paypalPayments.ipn({txn_type, recurring_payment_id: groupPaymentId});
+
+    expect(ipnVerifyAsyncStub).to.be.calledOnce;
+    expect(ipnVerifyAsyncStub).to.be.calledWith({txn_type, recurring_payment_id: groupPaymentId});
+
+    expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
+    expect(paymentCancelSubscriptionSpy).to.be.calledWith({ groupId: group._id, paymentMethod: 'Paypal' });
+  });
+});

test/api/v3/unit/libs/payments/paypal/subscribe-cancel.test.js

@@ -0,0 +1,124 @@
+/* eslint-disable camelcase */
+import payments from '../../../../../../../website/server/libs/payments';
+import paypalPayments from '../../../../../../../website/server/libs/paypalPayments';
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import { model as User } from '../../../../../../../website/server/models/user';
+import common from '../../../../../../../website/common';
+import { createNonLeaderGroupMember } from '../paymentHelpers';
+
+const i18n = common.i18n;
+
+describe('subscribeCancel', () => {
+  const subKey = 'basic_3mo';
+  let user, group, groupId, customerId, groupCustomerId, nextBillingDate;
+  let paymentCancelSubscriptionSpy, paypalBillingAgreementCancelStub, paypalBillingAgreementGetStub;
+
+  beforeEach(async () => {
+    customerId = 'customer-id';
+    groupCustomerId = 'groupCustomerId-test';
+
+    user = new User();
+    user.profile.name = 'sender';
+    user.purchased.plan.customerId = customerId;
+    user.purchased.plan.planId = subKey;
+    user.purchased.plan.lastBillingDate = new Date();
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    group.purchased.plan.customerId = groupCustomerId;
+    group.purchased.plan.planId = subKey;
+    group.purchased.plan.lastBillingDate = new Date();
+    await group.save();
+
+    nextBillingDate = new Date();
+
+    paypalBillingAgreementCancelStub = sinon.stub(paypalPayments, 'paypalBillingAgreementCancel').returnsPromise().resolves({});
+    paypalBillingAgreementGetStub = sinon.stub(paypalPayments, 'paypalBillingAgreementGet')
+      .returnsPromise().resolves({
+        agreement_details: {
+          next_billing_date: nextBillingDate,
+          cycles_completed: 1,
+        },
+      });
+    paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+  });
+
+  afterEach(function () {
+    paypalPayments.paypalBillingAgreementGet.restore();
+    paypalPayments.paypalBillingAgreementCancel.restore();
+    payments.cancelSubscription.restore();
+  });
+
+  it('should throw an error if we are missing a subscription', async () => {
+    user.purchased.plan.customerId = undefined;
+
+    await expect(paypalPayments.subscribeCancel({user}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 401,
+        name: 'NotAuthorized',
+        message: i18n.t('missingSubscription'),
+      });
+  });
+
+  it('should throw an error if group is not found', async () => {
+    await expect(paypalPayments.subscribeCancel({user, groupId: 'fake-id'}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 404,
+        name: 'NotFound',
+        message: i18n.t('groupNotFound'),
+      });
+  });
+
+  it('should throw an error if user is not group leader', async () => {
+    let nonLeader = await createNonLeaderGroupMember(group);
+
+    await expect(paypalPayments.subscribeCancel({user: nonLeader, groupId: group._id}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 401,
+        name: 'NotAuthorized',
+        message: i18n.t('onlyGroupLeaderCanManageSubscription'),
+      });
+  });
+
+  it('should cancel a user subscription', async () => {
+    await paypalPayments.subscribeCancel({user});
+
+    expect(paypalBillingAgreementGetStub).to.be.calledOnce;
+    expect(paypalBillingAgreementGetStub).to.be.calledWith(customerId);
+    expect(paypalBillingAgreementCancelStub).to.be.calledOnce;
+    expect(paypalBillingAgreementCancelStub).to.be.calledWith(customerId, { note: i18n.t('cancelingSubscription') });
+
+    expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
+    expect(paymentCancelSubscriptionSpy).to.be.calledWith({
+      user,
+      groupId,
+      paymentMethod: 'Paypal',
+      nextBill: nextBillingDate,
+      cancellationReason: undefined,
+    });
+  });
+
+  it('should cancel a group subscription', async () => {
+    await paypalPayments.subscribeCancel({user, groupId: group._id});
+
+    expect(paypalBillingAgreementGetStub).to.be.calledOnce;
+    expect(paypalBillingAgreementGetStub).to.be.calledWith(groupCustomerId);
+    expect(paypalBillingAgreementCancelStub).to.be.calledOnce;
+    expect(paypalBillingAgreementCancelStub).to.be.calledWith(groupCustomerId, { note: i18n.t('cancelingSubscription') });
+
+    expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
+    expect(paymentCancelSubscriptionSpy).to.be.calledWith({
+      user,
+      groupId: group._id,
+      paymentMethod: 'Paypal',
+      nextBill: nextBillingDate,
+      cancellationReason: undefined,
+    });
+  });
+});

test/api/v3/unit/libs/payments/paypal/subscribe-success.test.js

@@ -0,0 +1,77 @@
+/* eslint-disable camelcase */
+import payments from '../../../../../../../website/server/libs/payments';
+import paypalPayments from '../../../../../../../website/server/libs/paypalPayments';
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import { model as User } from '../../../../../../../website/server/models/user';
+import common from '../../../../../../../website/common';
+
+describe('subscribeSuccess', () => {
+  const subKey = 'basic_3mo';
+  let user, group, block, groupId, token, headers, customerId;
+  let paypalBillingAgreementExecuteStub, paymentsCreateSubscritionStub;
+
+  beforeEach(async () => {
+    user = new User();
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+
+    token = 'test-token';
+    headers = {};
+    block = common.content.subscriptionBlocks[subKey];
+    customerId = 'test-customerId';
+
+    paypalBillingAgreementExecuteStub = sinon.stub(paypalPayments, 'paypalBillingAgreementExecute')
+      .returnsPromise({}).resolves({
+        id: customerId,
+      });
+    paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').returnsPromise().resolves({});
+  });
+
+  afterEach(() => {
+    paypalPayments.paypalBillingAgreementExecute.restore();
+    payments.createSubscription.restore();
+  });
+
+  it('creates a user subscription', async () => {
+    await paypalPayments.subscribeSuccess({user, block, groupId, token, headers});
+
+    expect(paypalBillingAgreementExecuteStub).to.be.calledOnce;
+    expect(paypalBillingAgreementExecuteStub).to.be.calledWith(token, {});
+
+    expect(paymentsCreateSubscritionStub).to.be.calledOnce;
+    expect(paymentsCreateSubscritionStub).to.be.calledWith({
+      user,
+      groupId,
+      customerId,
+      paymentMethod: 'Paypal',
+      sub: block,
+      headers,
+    });
+  });
+
+  it('create a group subscription', async () => {
+    groupId = group._id;
+
+    await paypalPayments.subscribeSuccess({user, block, groupId, token, headers});
+
+    expect(paypalBillingAgreementExecuteStub).to.be.calledOnce;
+    expect(paypalBillingAgreementExecuteStub).to.be.calledWith(token, {});
+
+    expect(paymentsCreateSubscritionStub).to.be.calledOnce;
+    expect(paymentsCreateSubscritionStub).to.be.calledWith({
+      user,
+      groupId,
+      customerId,
+      paymentMethod: 'Paypal',
+      sub: block,
+      headers,
+    });
+  });
+});

test/api/v3/unit/libs/payments/paypal/subscribe.test.js

@@ -0,0 +1,112 @@
+/* eslint-disable camelcase */
+import moment from 'moment';
+import cc from 'coupon-code';
+
+import paypalPayments from '../../../../../../../website/server/libs/paypalPayments';
+import { model as Coupon } from '../../../../../../../website/server/models/coupon';
+import common from '../../../../../../../website/common';
+
+const i18n = common.i18n;
+
+describe('subscribe', () => {
+  const subKey = 'basic_3mo';
+  let coupon, sub, approvalHerf;
+  let paypalBillingAgreementCreateStub;
+
+  beforeEach(() => {
+    approvalHerf = 'approvalHerf-test';
+    sub = Object.assign({}, common.content.subscriptionBlocks[subKey]);
+
+    paypalBillingAgreementCreateStub = sinon.stub(paypalPayments, 'paypalBillingAgreementCreate')
+      .returnsPromise().resolves({
+        links: [{ rel: 'approval_url', href: approvalHerf }],
+      });
+  });
+
+  afterEach(() => {
+    paypalPayments.paypalBillingAgreementCreate.restore();
+  });
+
+  it('should throw an error when coupon code is missing', async () => {
+    sub.discount = 40;
+
+    await expect(paypalPayments.subscribe({sub, coupon}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 400,
+        name: 'BadRequest',
+        message: i18n.t('couponCodeRequired'),
+      });
+  });
+
+  it('should throw an error when coupon code is invalid', async () => {
+    sub.discount = 40;
+    sub.key = 'google_6mo';
+    coupon = 'example-coupon';
+
+    let couponModel = new Coupon();
+    couponModel.event = 'google_6mo';
+    await couponModel.save();
+
+    sinon.stub(cc, 'validate').returns('invalid');
+
+    await expect(paypalPayments.subscribe({sub, coupon}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 401,
+        name: 'NotAuthorized',
+        message: i18n.t('invalidCoupon'),
+      });
+    cc.validate.restore();
+  });
+
+  it('subscribes with paypal with a coupon', async () => {
+    sub.discount = 40;
+    sub.key = 'google_6mo';
+    coupon = 'example-coupon';
+
+    let couponModel = new Coupon();
+    couponModel.event = 'google_6mo';
+    let updatedCouponModel = await couponModel.save();
+
+    sinon.stub(cc, 'validate').returns(updatedCouponModel._id);
+
+    let link = await paypalPayments.subscribe({sub, coupon});
+
+    expect(link).to.eql(approvalHerf);
+    expect(paypalBillingAgreementCreateStub).to.be.calledOnce;
+    let billingPlanTitle = `Habitica Subscription ($${sub.price} every ${sub.months} months, recurring)`;
+    expect(paypalBillingAgreementCreateStub).to.be.calledWith({
+      name: billingPlanTitle,
+      description: billingPlanTitle,
+      start_date: moment().add({ minutes: 5 }).format(),
+      plan: {
+        id: sub.paypalKey,
+      },
+      payer: {
+        payment_method: 'Paypal',
+      },
+    });
+
+    cc.validate.restore();
+  });
+
+  it('creates a link for a subscription', async () => {
+    delete sub.discount;
+
+    let link = await paypalPayments.subscribe({sub, coupon});
+
+    expect(link).to.eql(approvalHerf);
+    expect(paypalBillingAgreementCreateStub).to.be.calledOnce;
+    let billingPlanTitle = `Habitica Subscription ($${sub.price} every ${sub.months} months, recurring)`;
+    expect(paypalBillingAgreementCreateStub).to.be.calledWith({
+      name: billingPlanTitle,
+      description: billingPlanTitle,
+      start_date: moment().add({ minutes: 5 }).format(),
+      plan: {
+        id: sub.paypalKey,
+      },
+      payer: {
+        payment_method: 'Paypal',
+      },
+    });
+  });
+});

test/api/v3/unit/libs/payments/stripe/cancel-subscription.test.js

@@ -0,0 +1,143 @@
+import stripeModule from 'stripe';
+
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import { model as User } from '../../../../../../../website/server/models/user';
+import stripePayments from '../../../../../../../website/server/libs/stripePayments';
+import payments from '../../../../../../../website/server/libs/payments';
+import common from '../../../../../../../website/common';
+
+const i18n = common.i18n;
+
+describe('cancel subscription', () => {
+  const subKey = 'basic_3mo';
+  const stripe = stripeModule('test');
+  let user, groupId, group;
+
+  beforeEach(async () => {
+    user = new User();
+    user.profile.name = 'sender';
+    user.purchased.plan.customerId = 'customer-id';
+    user.purchased.plan.planId = subKey;
+    user.purchased.plan.lastBillingDate = new Date();
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    group.purchased.plan.customerId = 'customer-id';
+    group.purchased.plan.planId = subKey;
+    await group.save();
+
+    groupId = group._id;
+  });
+
+  it('throws an error if there is no customer id', async () => {
+    user.purchased.plan.customerId = undefined;
+
+    await expect(stripePayments.cancelSubscription({
+      user,
+      groupId: undefined,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 401,
+      name: 'NotAuthorized',
+      message: i18n.t('missingSubscription'),
+    });
+  });
+
+  it('throws an error if the group is not found', async () => {
+    await expect(stripePayments.cancelSubscription({
+      user,
+      groupId: 'fake-group',
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 404,
+      name: 'NotFound',
+      message: i18n.t('groupNotFound'),
+    });
+  });
+
+  it('throws an error if user is not the group leader', async () => {
+    let nonLeader = new User();
+    nonLeader.guilds.push(groupId);
+    await nonLeader.save();
+
+    await expect(stripePayments.cancelSubscription({
+      user: nonLeader,
+      groupId,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 401,
+      name: 'NotAuthorized',
+      message: i18n.t('onlyGroupLeaderCanManageSubscription'),
+    });
+  });
+
+  describe('success', () => {
+    let stripeDeleteCustomerStub, paymentsCancelSubStub, stripeRetrieveStub, subscriptionId, currentPeriodEndTimeStamp;
+
+    beforeEach(() => {
+      subscriptionId = 'subId';
+      stripeDeleteCustomerStub = sinon.stub(stripe.customers, 'del').returnsPromise().resolves({});
+      paymentsCancelSubStub = sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+
+      currentPeriodEndTimeStamp = (new Date()).getTime();
+      stripeRetrieveStub = sinon.stub(stripe.customers, 'retrieve')
+        .returnsPromise().resolves({
+          subscriptions: {
+            data: [{id: subscriptionId, current_period_end: currentPeriodEndTimeStamp}], // eslint-disable-line camelcase
+          },
+        });
+    });
+
+    afterEach(() => {
+      stripe.customers.del.restore();
+      stripe.customers.retrieve.restore();
+      payments.cancelSubscription.restore();
+    });
+
+    it('cancels a user subscription', async () => {
+      await stripePayments.cancelSubscription({
+        user,
+        groupId: undefined,
+      }, stripe);
+
+      expect(stripeDeleteCustomerStub).to.be.calledOnce;
+      expect(stripeDeleteCustomerStub).to.be.calledWith(user.purchased.plan.customerId);
+      expect(stripeRetrieveStub).to.be.calledOnce;
+      expect(stripeRetrieveStub).to.be.calledWith(user.purchased.plan.customerId);
+      expect(paymentsCancelSubStub).to.be.calledOnce;
+      expect(paymentsCancelSubStub).to.be.calledWith({
+        user,
+        groupId: undefined,
+        nextBill: currentPeriodEndTimeStamp * 1000, // timestamp in seconds
+        paymentMethod: 'Stripe',
+        cancellationReason: undefined,
+      });
+    });
+
+    it('cancels a group subscription', async () => {
+      await stripePayments.cancelSubscription({
+        user,
+        groupId,
+      }, stripe);
+
+      expect(stripeDeleteCustomerStub).to.be.calledOnce;
+      expect(stripeDeleteCustomerStub).to.be.calledWith(group.purchased.plan.customerId);
+      expect(stripeRetrieveStub).to.be.calledOnce;
+      expect(stripeRetrieveStub).to.be.calledWith(user.purchased.plan.customerId);
+      expect(paymentsCancelSubStub).to.be.calledOnce;
+      expect(paymentsCancelSubStub).to.be.calledWith({
+        user,
+        groupId,
+        nextBill: currentPeriodEndTimeStamp * 1000, // timestamp in seconds
+        paymentMethod: 'Stripe',
+        cancellationReason: undefined,
+      });
+    });
+  });
+});

test/api/v3/unit/libs/payments/stripe/checkout-subscription.test.js

@@ -0,0 +1,307 @@
+import stripeModule from 'stripe';
+import cc from 'coupon-code';
+
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import { model as User } from '../../../../../../../website/server/models/user';
+import { model as Coupon } from '../../../../../../../website/server/models/coupon';
+import stripePayments from '../../../../../../../website/server/libs/stripePayments';
+import payments from '../../../../../../../website/server/libs/payments';
+import common from '../../../../../../../website/common';
+
+const i18n = common.i18n;
+
+describe('checkout with subscription', () => {
+  const subKey = 'basic_3mo';
+  const stripe = stripeModule('test');
+  let user, group, data, gift, sub, groupId, email, headers, coupon, customerIdResponse, subscriptionId, token;
+  let spy;
+  let stripeCreateCustomerSpy;
+  let stripePaymentsCreateSubSpy;
+
+  beforeEach(async () => {
+    user = new User();
+    user.profile.name = 'sender';
+    user.purchased.plan.customerId = 'customer-id';
+    user.purchased.plan.planId = subKey;
+    user.purchased.plan.lastBillingDate = new Date();
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    group.purchased.plan.customerId = 'customer-id';
+    group.purchased.plan.planId = subKey;
+    await group.save();
+
+    sub = {
+      key: 'basic_3mo',
+    };
+
+    data = {
+      user,
+      sub,
+      customerId: 'customer-id',
+      paymentMethod: 'Payment Method',
+    };
+
+    email = 'example@example.com';
+    customerIdResponse = 'test-id';
+    subscriptionId = 'test-sub-id';
+    token = 'test-token';
+
+    spy = sinon.stub(stripe.subscriptions, 'update');
+    spy.returnsPromise().resolves;
+
+    stripeCreateCustomerSpy = sinon.stub(stripe.customers, 'create');
+    let stripCustomerResponse = {
+      id: customerIdResponse,
+      subscriptions: {
+        data: [{id: subscriptionId}],
+      },
+    };
+    stripeCreateCustomerSpy.returnsPromise().resolves(stripCustomerResponse);
+
+    stripePaymentsCreateSubSpy = sinon.stub(payments, 'createSubscription');
+    stripePaymentsCreateSubSpy.returnsPromise().resolves({});
+
+    data.groupId = group._id;
+    data.sub.quantity = 3;
+  });
+
+  afterEach(function () {
+    stripe.subscriptions.update.restore();
+    stripe.customers.create.restore();
+    payments.createSubscription.restore();
+  });
+
+  it('should throw an error if we are missing a token', async () => {
+    await expect(stripePayments.checkout({
+      user,
+      gift,
+      sub,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 400,
+      name: 'BadRequest',
+      message: 'Missing req.body.id',
+    });
+  });
+
+  it('should throw an error when coupon code is missing', async () => {
+    sub.discount = 40;
+
+    await expect(stripePayments.checkout({
+      token,
+      user,
+      gift,
+      sub,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 400,
+      name: 'BadRequest',
+      message: i18n.t('couponCodeRequired'),
+    });
+  });
+
+  it('should throw an error when coupon code is invalid', async () => {
+    sub.discount = 40;
+    sub.key = 'google_6mo';
+    coupon = 'example-coupon';
+
+    let couponModel = new Coupon();
+    couponModel.event = 'google_6mo';
+    await couponModel.save();
+
+    sinon.stub(cc, 'validate').returns('invalid');
+
+    await expect(stripePayments.checkout({
+      token,
+      user,
+      gift,
+      sub,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 400,
+      name: 'BadRequest',
+      message: i18n.t('invalidCoupon'),
+    });
+    cc.validate.restore();
+  });
+
+  it('subscribes with stripe with a coupon', async () => {
+    sub.discount = 40;
+    sub.key = 'google_6mo';
+    coupon = 'example-coupon';
+
+    let couponModel = new Coupon();
+    couponModel.event = 'google_6mo';
+    let updatedCouponModel = await couponModel.save();
+
+    sinon.stub(cc, 'validate').returns(updatedCouponModel._id);
+
+    await stripePayments.checkout({
+      token,
+      user,
+      gift,
+      sub,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }, stripe);
+
+    expect(stripeCreateCustomerSpy).to.be.calledOnce;
+    expect(stripeCreateCustomerSpy).to.be.calledWith({
+      email,
+      metadata: { uuid: user._id },
+      card: token,
+      plan: sub.key,
+    });
+
+    expect(stripePaymentsCreateSubSpy).to.be.calledOnce;
+    expect(stripePaymentsCreateSubSpy).to.be.calledWith({
+      user,
+      customerId: customerIdResponse,
+      paymentMethod: 'Stripe',
+      sub,
+      headers,
+      groupId: undefined,
+      subscriptionId: undefined,
+    });
+
+    cc.validate.restore();
+  });
+
+  it('subscribes a user', async () => {
+    sub = data.sub;
+
+    await stripePayments.checkout({
+      token,
+      user,
+      gift,
+      sub,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }, stripe);
+
+    expect(stripeCreateCustomerSpy).to.be.calledOnce;
+    expect(stripeCreateCustomerSpy).to.be.calledWith({
+      email,
+      metadata: { uuid: user._id },
+      card: token,
+      plan: sub.key,
+    });
+
+    expect(stripePaymentsCreateSubSpy).to.be.calledOnce;
+    expect(stripePaymentsCreateSubSpy).to.be.calledWith({
+      user,
+      customerId: customerIdResponse,
+      paymentMethod: 'Stripe',
+      sub,
+      headers,
+      groupId: undefined,
+      subscriptionId: undefined,
+    });
+  });
+
+  it('subscribes a group', async () => {
+    token = 'test-token';
+    sub = data.sub;
+    groupId = group._id;
+    email = 'test@test.com';
+    headers = {};
+
+    await stripePayments.checkout({
+      token,
+      user,
+      gift,
+      sub,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }, stripe);
+
+    expect(stripeCreateCustomerSpy).to.be.calledOnce;
+    expect(stripeCreateCustomerSpy).to.be.calledWith({
+      email,
+      metadata: { uuid: user._id },
+      card: token,
+      plan: sub.key,
+      quantity: 3,
+    });
+
+    expect(stripePaymentsCreateSubSpy).to.be.calledOnce;
+    expect(stripePaymentsCreateSubSpy).to.be.calledWith({
+      user,
+      customerId: customerIdResponse,
+      paymentMethod: 'Stripe',
+      sub,
+      headers,
+      groupId,
+      subscriptionId,
+    });
+  });
+
+  it('subscribes a group with the correct number of group members', async () => {
+    token = 'test-token';
+    sub = data.sub;
+    groupId = group._id;
+    email = 'test@test.com';
+    headers = {};
+    user = new User();
+    user.guilds.push(groupId);
+    await user.save();
+    group.memberCount = 2;
+    await group.save();
+
+    await stripePayments.checkout({
+      token,
+      user,
+      gift,
+      sub,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }, stripe);
+
+    expect(stripeCreateCustomerSpy).to.be.calledOnce;
+    expect(stripeCreateCustomerSpy).to.be.calledWith({
+      email,
+      metadata: { uuid: user._id },
+      card: token,
+      plan: sub.key,
+      quantity: 4,
+    });
+
+    expect(stripePaymentsCreateSubSpy).to.be.calledOnce;
+    expect(stripePaymentsCreateSubSpy).to.be.calledWith({
+      user,
+      customerId: customerIdResponse,
+      paymentMethod: 'Stripe',
+      sub,
+      headers,
+      groupId,
+      subscriptionId,
+    });
+  });
+});

test/api/v3/unit/libs/payments/stripe/checkout.test.js

@@ -0,0 +1,193 @@
+import stripeModule from 'stripe';
+
+import { model as User } from '../../../../../../../website/server/models/user';
+import stripePayments from '../../../../../../../website/server/libs/stripePayments';
+import payments from '../../../../../../../website/server/libs/payments';
+import common from '../../../../../../../website/common';
+
+const i18n = common.i18n;
+
+describe('checkout', () => {
+  const subKey = 'basic_3mo';
+  const stripe = stripeModule('test');
+  let stripeChargeStub, paymentBuyGemsStub, paymentCreateSubscritionStub;
+  let user, gift, groupId, email, headers, coupon, customerIdResponse, token;
+
+  beforeEach(() => {
+    user = new User();
+    user.profile.name = 'sender';
+    user.purchased.plan.customerId = 'customer-id';
+    user.purchased.plan.planId = subKey;
+    user.purchased.plan.lastBillingDate = new Date();
+
+    token = 'test-token';
+
+    customerIdResponse = 'example-customerIdResponse';
+    let stripCustomerResponse = {
+      id: customerIdResponse,
+    };
+    stripeChargeStub = sinon.stub(stripe.charges, 'create').returnsPromise().resolves(stripCustomerResponse);
+    paymentBuyGemsStub = sinon.stub(payments, 'buyGems').returnsPromise().resolves({});
+    paymentCreateSubscritionStub = sinon.stub(payments, 'createSubscription').returnsPromise().resolves({});
+  });
+
+  afterEach(() => {
+    stripe.charges.create.restore();
+    payments.buyGems.restore();
+    payments.createSubscription.restore();
+  });
+
+  it('should error if gem amount is too low', async () => {
+    let receivingUser = new User();
+    receivingUser.save();
+    gift = {
+      type: 'gems',
+      gems: {
+        amount: 0,
+        uuid: receivingUser._id,
+      },
+    };
+
+    await expect(stripePayments.checkout({
+      token,
+      user,
+      gift,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }, stripe))
+    .to.eventually.be.rejected.and.to.eql({
+      httpCode: 400,
+      message: 'Amount must be at least 1.',
+      name: 'BadRequest',
+    });
+  });
+
+
+  it('should error if user cannot get gems', async () => {
+    gift = undefined;
+    sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+
+    await expect(stripePayments.checkout({
+      token,
+      user,
+      gift,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }, stripe)).to.eventually.be.rejected.and.to.eql({
+      httpCode: 401,
+      message: i18n.t('groupPolicyCannotGetGems'),
+      name: 'NotAuthorized',
+    });
+  });
+
+  it('should purchase gems', async () => {
+    gift = undefined;
+    sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
+
+    await stripePayments.checkout({
+      token,
+      user,
+      gift,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }, stripe);
+
+    expect(stripeChargeStub).to.be.calledOnce;
+    expect(stripeChargeStub).to.be.calledWith({
+      amount: 500,
+      currency: 'usd',
+      card: token,
+    });
+
+    expect(paymentBuyGemsStub).to.be.calledOnce;
+    expect(paymentBuyGemsStub).to.be.calledWith({
+      user,
+      customerId: customerIdResponse,
+      paymentMethod: 'Stripe',
+      gift,
+    });
+    expect(user.canGetGems).to.be.calledOnce;
+    user.canGetGems.restore();
+  });
+
+  it('should gift gems', async () => {
+    let receivingUser = new User();
+    await receivingUser.save();
+    gift = {
+      type: 'gems',
+      uuid: receivingUser._id,
+      gems: {
+        amount: 16,
+      },
+    };
+
+    await stripePayments.checkout({
+      token,
+      user,
+      gift,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }, stripe);
+
+    expect(stripeChargeStub).to.be.calledOnce;
+    expect(stripeChargeStub).to.be.calledWith({
+      amount: '400',
+      currency: 'usd',
+      card: token,
+    });
+
+    expect(paymentBuyGemsStub).to.be.calledOnce;
+    expect(paymentBuyGemsStub).to.be.calledWith({
+      user,
+      customerId: customerIdResponse,
+      paymentMethod: 'Gift',
+      gift,
+    });
+  });
+
+  it('should gift a subscription', async () => {
+    let receivingUser = new User();
+    receivingUser.save();
+    gift = {
+      type: 'subscription',
+      subscription: {
+        key: subKey,
+        uuid: receivingUser._id,
+      },
+    };
+
+    await stripePayments.checkout({
+      token,
+      user,
+      gift,
+      groupId,
+      email,
+      headers,
+      coupon,
+    }, stripe);
+
+    gift.member = receivingUser;
+    expect(stripeChargeStub).to.be.calledOnce;
+    expect(stripeChargeStub).to.be.calledWith({
+      amount: '1500',
+      currency: 'usd',
+      card: token,
+    });
+
+    expect(paymentCreateSubscritionStub).to.be.calledOnce;
+    expect(paymentCreateSubscritionStub).to.be.calledWith({
+      user,
+      customerId: customerIdResponse,
+      paymentMethod: 'Gift',
+      gift,
+    });
+  });
+});