4.78.0

* feat(subscription): promo banner in modal

* feat(subscription): promo banner on main page

* fix(banners): remove extraneous margin adjustment

* fix(banners): various

* feat(promotion): gift 1, get 1

* fix(promo): various

* chore(promo): add Bailey

* fix(promo): use different email template for promo beneficiary

* fix(promo): turns out Winter is meaningful

.nvmrc

@@ -1 +1 @@
-8
+10

.travis.yml

@@ -1,6 +1,6 @@
 language: node_js
 node_js:
-  - '8'
+  - '10'
 services:
   - mongodb
 cache:

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:8
+FROM node:10
 
 ENV ADMIN_EMAIL admin@habitica.com
 ENV AMAZON_PAYMENTS_CLIENT_ID amzn1.application-oa2-client.68ed9e6904ef438fbc1bf86bf494056e

Dockerfile-Dev

@@ -1,4 +1,4 @@
-FROM node:8
+FROM node:10
 
 # Install global packages
 RUN npm install -g gulp-cli mocha

config.json.example

@@ -1,120 +1,81 @@
 {
-    "PORT":3000,
-    "ENABLE_CONSOLE_LOGS_IN_PROD":"false",
-    "IP":"0.0.0.0",
-    "WEB_CONCURRENCY":1,
-    "BASE_URL":"http://localhost:3000",
-    "FACEBOOK_KEY":"123456789012345",
-    "FACEBOOK_SECRET":"aaaabbbbccccddddeeeeffff00001111",
-    "GOOGLE_CLIENT_ID":"123456789012345",
-    "GOOGLE_CLIENT_SECRET":"aaaabbbbccccddddeeeeffff00001111",
-    "PLAY_API": {
-      "CLIENT_ID": "aaaabbbbccccddddeeeeffff00001111",
-      "CLIENT_SECRET": "aaaabbbbccccddddeeeeffff00001111",
-      "ACCESS_TOKEN":"aaaabbbbccccddddeeeeffff00001111",
-      "REFRESH_TOKEN":"aaaabbbbccccddddeeeeffff00001111"
-    },
-    "NODE_DB_URI":"mongodb://localhost/habitrpg",
-    "TEST_DB_URI":"mongodb://localhost/habitrpg_test",
-    "NODE_ENV":"development",
-    "ENABLE_CONSOLE_LOGS_IN_TEST": "false",
-    "CRON_SAFE_MODE":"false",
-    "CRON_SEMI_SAFE_MODE":"false",
-    "MAINTENANCE_MODE": "false",
-    "SESSION_SECRET":"YOUR SECRET HERE",
-    "SESSION_SECRET_KEY": "1234567891234567891234567891234567891234567891234567891234567891",
-    "SESSION_SECRET_IV": "12345678912345678912345678912345",
-    "ADMIN_EMAIL": "you@example.com",
-    "SMTP_USER":"user@example.com",
-    "SMTP_PASS":"password",
-    "SMTP_SERVICE":"Gmail",
-    "SMTP_HOST":"example.com",
-    "SMTP_PORT": 587,
-    "SMTP_TLS": true,
-    "STRIPE_API_KEY":"aaaabbbbccccddddeeeeffff00001111",
-    "STRIPE_PUB_KEY":"22223333444455556666777788889999",
-    "NEW_RELIC_LICENSE_KEY":"NEW_RELIC_LICENSE_KEY",
-    "NEW_RELIC_NO_CONFIG_FILE":"true",
-    "NEW_RELIC_APPLICATION_ID":"NEW_RELIC_APPLICATION_ID",
-    "NEW_RELIC_API_KEY":"NEW_RELIC_API_KEY",
-    "GA_ID": "GA_ID",
-    "AMPLITUDE_KEY": "AMPLITUDE_KEY",
-    "AMAZON_PAYMENTS": {
-        "SELLER_ID": "SELLER_ID",
-        "CLIENT_ID": "CLIENT_ID",
-        "MWS_KEY": "",
-        "MWS_SECRET": ""
-    },
-    "FLAG_REPORT_EMAIL": "email@mod.com,email2@mod.com",
-    "EMAIL_SERVER": {
-        "url": "http://example.com",
-        "authUser": "user",
-        "authPassword": "password"
-    },
-    "S3":{
-        "bucket":"bucket",
-        "accessKeyId":"accessKeyId",
-        "secretAccessKey":"secretAccessKey"
-    },
-    "SLACK_URL": "https://hooks.slack.com/services/some-url",
-    "TRANSIFEX_SLACK_CHANNEL": "transifex",
-    "PAYPAL":{
-        "billing_plans": {
-            "basic_earned":"basic_earned",
-            "basic_3mo":"basic_3mo",
-            "basic_6mo":"basic_6mo",
-            "google_6mo":"google_6mo",
-            "basic_12mo":"basic_12mo"
-        },
-        "mode":"sandbox",
-        "client_id":"client_id",
-        "client_secret":"client_secret",
-        "experience_profile_id": ""
-    },
-    "IAP_GOOGLE_KEYDIR": "/path/to/google/public/key/dir/",
-    "LOGGLY_TOKEN": "token",
-    "LOGGLY_CLIENT_TOKEN": "token",
-    "LOGGLY_ACCOUNT": "account",
-    "PUSH_CONFIGS": {
-        "GCM_SERVER_API_KEY": "",
-        "APN_ENABLED": "false",
-        "APN_KEY_ID": "xxxxxxxxxx",
-        "APN_KEY": "xxxxxxxxxx",
-        "APN_TEAM_ID": "aaabbbcccd",
-        "FCM_SERVER_API_KEY": ""
-    },
-    "SITE_HTTP_AUTH": {
-        "ENABLED": "false",
-        "USERNAME": "admin",
-        "PASSWORD": "password"
-    },
-    "PUSHER": {
-        "ENABLED": "false",
-        "APP_ID": "appId",
-        "KEY": "key",
-        "SECRET": "secret"
-    },
-    "SLACK": {
-        "FLAGGING_URL": "https://hooks.slack.com/services/id/id/id",
-        "FLAGGING_FOOTER_LINK": "https://habitrpg.github.io/flag-o-rama/",
-        "SUBSCRIPTIONS_URL": "https://hooks.slack.com/services/id/id/id"
-    },
-    "ITUNES_SHARED_SECRET": "aaaabbbbccccddddeeeeffff00001111",
-    "EMAILS" : {
-        "COMMUNITY_MANAGER_EMAIL" : "admin@habitica.com",
-        "TECH_ASSISTANCE_EMAIL" : "admin@habitica.com",
-        "PRESS_ENQUIRY_EMAIL" : "admin@habitica.com"
-    },
-    "LOGGLY" : {
-        "TOKEN" : "example-token",
-        "SUBDOMAIN" : "exmaple-subdomain"
-    },
-    "KAFKA": {
-      "GROUP_ID": "",
-      "CLOUDKARAFKA_BROKERS": "",
-      "CLOUDKARAFKA_USERNAME": "",
-      "CLOUDKARAFKA_PASSWORD": "",
-      "CLOUDKARAFKA_TOPIC_PREFIX": ""
-    },
-    "MIGRATION_CONNECT_STRING": "mongodb://localhost:27017/habitrpg?auto_reconnect=true"
+  "ADMIN_EMAIL": "you@example.com",
+  "AMAZON_PAYMENTS_CLIENT_ID": "CLIENT_ID",
+  "AMAZON_PAYMENTS_MODE": "sandbox",
+  "AMAZON_PAYMENTS_MWS_KEY": "MWS_KEY",
+  "AMAZON_PAYMENTS_MWS_SECRET": "MWS_SECRET",
+  "AMAZON_PAYMENTS_SELLER_ID": "SELLER_ID",
+  "AMPLITUDE_KEY": "AMPLITUDE_KEY",
+  "AMPLITUDE_SECRET": "AMPLITUDE_SECRET",
+  "BASE_URL": "http://localhost:3000",
+  "CRON_SAFE_MODE": "false",
+  "CRON_SEMI_SAFE_MODE": "false",
+  "DISABLE_REQUEST_LOGGING": "true",
+  "EMAILS_COMMUNITY_MANAGER_EMAIL": "admin@habitica.com",
+  "EMAILS_PRESS_ENQUIRY_EMAIL": "admin@habitica.com",
+  "EMAILS_TECH_ASSISTANCE_EMAIL": "admin@habitica.com",
+  "EMAIL_SERVER_AUTH_PASSWORD": "password",
+  "EMAIL_SERVER_AUTH_USER": "user",
+  "EMAIL_SERVER_URL": "http://example.com",
+  "ENABLE_CONSOLE_LOGS_IN_PROD": "false",
+  "ENABLE_CONSOLE_LOGS_IN_TEST": "false",
+  "FACEBOOK_KEY": "123456789012345",
+  "FACEBOOK_SECRET": "aaaabbbbccccddddeeeeffff00001111",
+  "FLAG_REPORT_EMAIL": "email@example.com, email2@example.com",
+  "GA_ID": "GA_ID",
+  "GOOGLE_CLIENT_ID": "123456789012345",
+  "GOOGLE_CLIENT_SECRET": "aaaabbbbccccddddeeeeffff00001111",
+  "IAP_GOOGLE_KEYDIR": "/path/to/google/public/key/dir/",
+  "IGNORE_REDIRECT": "true",
+  "ITUNES_SHARED_SECRET": "aaaabbbbccccddddeeeeffff00001111",
+  "LOGGLY_CLIENT_TOKEN": "token",
+  "LOGGLY_SUBDOMAIN": "example-subdomain",
+  "LOGGLY_TOKEN": "example-token",
+  "MAINTENANCE_MODE": "false",
+  "NODE_DB_URI": "mongodb://localhost/habitrpg",
+  "NODE_ENV": "development",
+  "PATH": "bin:node_modules/.bin:/usr/local/bin:/usr/bin:/bin",
+  "PAYPAL_BILLING_PLANS_basic_12mo": "basic_12mo",
+  "PAYPAL_BILLING_PLANS_basic_3mo": "basic_3mo",
+  "PAYPAL_BILLING_PLANS_basic_6mo": "basic_6mo",
+  "PAYPAL_BILLING_PLANS_basic_earned": "basic_earned",
+  "PAYPAL_BILLING_PLANS_google_6mo": "google_6mo",
+  "PAYPAL_CLIENT_ID": "client_id",
+  "PAYPAL_CLIENT_SECRET": "client_secret",
+  "PAYPAL_EXPERIENCE_PROFILE_ID": "xp_profile_id",
+  "PAYPAL_MODE": "sandbox",
+  "PLAY_API_ACCESS_TOKEN": "aaaabbbbccccddddeeeeffff00001111",
+  "PLAY_API_CLIENT_ID": "aaaabbbbccccddddeeeeffff00001111",
+  "PLAY_API_CLIENT_SECRET": "aaaabbbbccccddddeeeeffff00001111",
+  "PLAY_API_REFRESH_TOKEN": "aaaabbbbccccddddeeeeffff00001111",
+  "PORT": 3000,
+  "PUSH_CONFIGS_APN_ENABLED": "false",
+  "PUSH_CONFIGS_APN_KEY": "xxxxxxxxxx",
+  "PUSH_CONFIGS_APN_KEY_ID": "xxxxxxxxxx",
+  "PUSH_CONFIGS_APN_TEAM_ID": "aaabbbcccd",
+  "PUSH_CONFIGS_FCM_SERVER_API_KEY": "aaabbbcccd",
+  "S3_ACCESS_KEY_ID": "accessKeyId",
+  "S3_BUCKET": "bucket",
+  "S3_SECRET_ACCESS_KEY": "secretAccessKey",
+  "SESSION_SECRET": "YOUR SECRET HERE",
+  "SESSION_SECRET_IV": "12345678912345678912345678912345",
+  "SESSION_SECRET_KEY": "1234567891234567891234567891234567891234567891234567891234567891",
+  "SITE_HTTP_AUTH_ENABLED": "false",
+  "SITE_HTTP_AUTH_PASSWORD": "password",
+  "SITE_HTTP_AUTH_USERNAME": "admin",
+  "SLACK_FLAGGING_FOOTER_LINK": "https://habitrpg.github.io/flag-o-rama/",
+  "SLACK_FLAGGING_URL": "https://hooks.slack.com/services/id/id/id",
+  "SLACK_SUBSCRIPTIONS_URL": "https://hooks.slack.com/services/id/id/id",
+  "SLACK_URL": "https://hooks.slack.com/services/some-url",
+  "SMTP_HOST": "example.com",
+  "SMTP_PASS": "password",
+  "SMTP_PORT": 587,
+  "SMTP_SERVICE": "Gmail",
+  "SMTP_TLS": "true",
+  "SMTP_USER": "user@example.com",
+  "STRIPE_API_KEY": "aaaabbbbccccddddeeeeffff00001111",
+  "STRIPE_PUB_KEY": "22223333444455556666777788889999",
+  "TEST_DB_URI": "mongodb://localhost/habitrpg_test",
+  "TRANSIFEX_SLACK_CHANNEL": "transifex",
+  "WEB_CONCURRENCY": 1
 }

database_reports/20181001_backtoschool_challenge.js

@@ -0,0 +1,48 @@
+import monk from 'monk';
+import nconf from 'nconf';
+
+/*
+ * Output data on users who completed all the To-Do tasks in the 2018 Back-to-School Challenge.
+ * User ID,Profile Name
+ */
+const CONNECTION_STRING = nconf.get('MIGRATION_CONNECT_STRING');
+const CHALLENGE_ID = '0acb1d56-1660-41a4-af80-9259f080b62b';
+
+let dbUsers = monk(CONNECTION_STRING).get('users', { castIds: false });
+let dbTasks = monk(CONNECTION_STRING).get('tasks', { castIds: false });
+
+function usersReport() {
+  console.info('User ID,Profile Name');
+  let userCount = 0;
+
+  dbUsers.find(
+    {challenges: CHALLENGE_ID},
+    {fields:
+      {_id: 1, 'profile.name': 1}
+    },
+  ).each((user, {close, pause, resume}) => {
+    pause();
+    userCount++;
+    let completedTodos = 0;
+    return dbTasks.find(
+      {
+        userId: user._id,
+        'challenge.id': CHALLENGE_ID,
+        type: 'todo',
+      },
+      {fields: {completed: 1}}
+    ).each((task) => {
+      if (task.completed) completedTodos++;
+    }).then(() => {
+      if (completedTodos >= 7) {
+        console.info(`${user._id},${user.profile.name}`);
+      }
+      resume();
+    });
+  }).then(() => {
+    console.info(`${userCount} users reviewed`);
+    return process.exit(0);
+  });
+}
+
+module.exports = usersReport;

gulp/gulp-tests.js

@@ -167,7 +167,7 @@ gulp.task('test:content:safe', gulp.series('test:prepare:build', (cb) => {
 
 gulp.task('test:api:unit', (done) => {
   let runner = exec(
-    testBin('node_modules/.bin/istanbul cover --dir coverage/api-unit node_modules/mocha/bin/_mocha -- test/api/unit --recursive --require ./test/helpers/start-server'),
+    testBin('istanbul cover --dir coverage/api-unit node_modules/mocha/bin/_mocha -- test/api/unit --recursive --require ./test/helpers/start-server'),
     (err) => {
       if (err) {
         process.exit(1);
@@ -180,12 +180,12 @@ gulp.task('test:api:unit', (done) => {
 });
 
 gulp.task('test:api:unit:watch', () => {
-  return gulp.watch(['website/server/libs/*', 'test/api/v3/unit/**/*', 'website/server/controllers/**/*'], gulp.series('test:api:unit', done => done()));
+  return gulp.watch(['website/server/libs/*', 'test/api/unit/**/*', 'website/server/controllers/**/*'], gulp.series('test:api:unit', done => done()));
 });
 
 gulp.task('test:api-v3:integration', (done) => {
   let runner = exec(
-    testBin('node_modules/.bin/istanbul cover --dir coverage/api-v3-integration --report lcovonly node_modules/mocha/bin/_mocha -- test/api/v3/integration --recursive --require ./test/helpers/start-server'),
+    testBin('istanbul cover --dir coverage/api-v3-integration --report lcovonly node_modules/mocha/bin/_mocha -- test/api/v3/integration --recursive --require ./test/helpers/start-server'),
     {maxBuffer: 500 * 1024},
     (err) => {
       if (err) {
@@ -217,7 +217,7 @@ gulp.task('test:api-v3:integration:separate-server', (done) => {
 
 gulp.task('test:api-v4:integration', (done) => {
   let runner = exec(
-    testBin('node_modules/.bin/istanbul cover --dir coverage/api-v4-integration --report lcovonly node_modules/mocha/bin/_mocha -- test/api/v4 --recursive --require ./test/helpers/start-server'),
+    testBin('istanbul cover --dir coverage/api-v4-integration --report lcovonly node_modules/mocha/bin/_mocha -- test/api/v4 --recursive --require ./test/helpers/start-server'),
     {maxBuffer: 500 * 1024},
     (err) => {
       if (err) {
@@ -254,4 +254,4 @@ gulp.task('test:api-v3', gulp.series(
   'test:api:unit',
   'test:api-v3:integration',
   done => done()
-));
+));

migrations/archive/2018/20180811_inboxOutsideUser.js

@@ -8,6 +8,7 @@ const authorUuid = 'ed4c688c-6652-4a92-9d03-a5a79844174a'; // ... own data is do
 
 const monk = require('monk');
 const nconf = require('nconf');
+const uuid = require('uuid').v4;
 
 const Inbox = require('../website/server/models/message').inboxModel;
 const connectionString = nconf.get('MIGRATION_CONNECT_STRING'); // FOR TEST DATABASE
@@ -84,16 +85,39 @@ function updateUser (user) {
     return newMsg.toJSON();
   });
 
-  return dbInboxes.insert(newInboxMessages)
-    .then(() => {
+  const promises = newInboxMessages.map(newMsg => {
+    return (async function fn () {
+      const existing = await dbInboxes.find({_id: newMsg._id});
+
+      if (existing.length > 0) {
+        if (
+          existing[0].ownerId === newMsg.ownerId &&
+          existing[0].text === newMsg.text &&
+          existing[0].uuid === newMsg.uuid &&
+          existing[0].sent === newMsg.sent
+        ) {
+          return null;
+        }
+
+        newMsg.id = newMsg._id = uuid();
+      }
+
+      return newMsg;
+    })();
+  });
+
+  return Promise.all(promises)
+    .then((filteredNewMsg) => {
+      filteredNewMsg = filteredNewMsg.filter(m => Boolean(m && m.id && m._id && m.id == m._id));
+      return dbInboxes.insert(filteredNewMsg);
+    }).then(() => {
       return dbUsers.update({_id: user._id}, {
         $set: {
           migration: migrationName,
           'inbox.messages': {},
         },
       });
-    })
-    .catch((err) => {
+    }).catch((err) => {
       console.log(err);
       return exiting(1, `ERROR! ${  err}`);
     });

migrations/archive/2018/20181002_username_email.js

@@ -0,0 +1,107 @@
+const MIGRATION_NAME = '20181003_username_email.js';
+let authorName = 'Sabe'; // in case script author needs to know when their ...
+let authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; // ... own data is done
+
+/*
+ * Send emails to eligible users announcing upcoming username changes
+ */
+
+import monk from 'monk';
+import nconf from 'nconf';
+import { sendTxn } from '../../website/server/libs/email';
+const CONNECTION_STRING = nconf.get('MIGRATION_CONNECT_STRING');
+let dbUsers = monk(CONNECTION_STRING).get('users', { castIds: false });
+
+function processUsers (lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  let query = {
+    migration: {$ne: MIGRATION_NAME},
+    'auth.timestamps.loggedin': {$gt: new Date('2018-04-01')},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId,
+    };
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 100,
+    fields: [
+      '_id',
+      'auth',
+      'preferences',
+      'profile',
+    ], // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+    .then(updateUsers)
+    .catch((err) => {
+      console.log(err);
+      return exiting(1, `ERROR! ${  err}`);
+    });
+}
+
+let progressCount = 1000;
+let count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  let userPromises = users.map(updateUser);
+  let lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+    .then(() => delay(7000))
+    .then(() => {
+      processUsers(lastUser._id);
+    });
+}
+
+function updateUser (user) {
+  count++;
+
+  dbUsers.update({_id: user._id}, {$set: {migration: MIGRATION_NAME}});
+
+  sendTxn(
+    user,
+    'username-change',
+    [{name: 'UNSUB_EMAIL_TYPE_URL', content: '/user/settings/notifications?unsubFrom=importantAnnouncements'},
+     {name: 'LOGIN_NAME', content: user.auth.local.username}]
+  );
+
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
+  if (user._id === authorUuid) console.warn(`${authorName} processed`);
+}
+
+function displayData () {
+  console.warn(`\n${count} users processed\n`);
+  return exiting(0);
+}
+
+function delay (t, v) {
+  return new Promise(function batchPause (resolve) {
+    setTimeout(resolve.bind(null, v), t);
+  });
+}
+
+function exiting (code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) {
+    msg = 'ERROR!';
+  }
+  if (msg) {
+    if (code) {
+      console.error(msg);
+    } else      {
+      console.log(msg);
+    }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;

migrations/archive/2018/20181023_veteran_pet_ladder.js

@@ -0,0 +1,66 @@
+/* eslint-disable no-console */
+const MIGRATION_NAME = '20181023_veteran_pet_ladder';
+import { model as User } from '../../website/server/models/user';
+
+const progressCount = 1000;
+let count = 0;
+
+async function updateUser (user) {
+  count++;
+
+  const set = {};
+
+  set.migration = MIGRATION_NAME;
+
+  if (user.items.pets['Bear-Veteran']) {
+    set['items.pets.Fox-Veteran'] = 5;
+  } else if (user.items.pets['Lion-Veteran']) {
+    set['items.pets.Bear-Veteran'] = 5;
+  } else if (user.items.pets['Tiger-Veteran']) {
+    set['items.pets.Lion-Veteran'] = 5;
+  } else if (user.items.pets['Wolf-Veteran']) {
+    set['items.pets.Tiger-Veteran'] = 5;
+  } else {
+    set['items.pets.Wolf-Veteran'] = 5;
+  }
+
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
+
+  return await User.update({_id: user._id}, {$set: set}).exec();
+}
+
+module.exports = async function processUsers () {
+  let query = {
+    migration: {$ne: MIGRATION_NAME},
+    'flags.verifiedUsername': true,
+  };
+
+  const fields = {
+    _id: 1,
+    items: 1,
+    migration: 1,
+    flags: 1,
+  };
+
+  while (true) { // eslint-disable-line no-constant-condition
+    const users = await User // eslint-disable-line no-await-in-loop
+      .find(query)
+      .limit(250)
+      .sort({_id: 1})
+      .select(fields)
+      .lean()
+      .exec();
+
+    if (users.length === 0) {
+      console.warn('All appropriate users found and modified.');
+      console.warn(`\n${count} users processed\n`);
+      break;
+    } else {
+      query._id = {
+        $gt: users[users.length - 1],
+      };
+    }
+
+    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
+  }
+};

migrations/archive/2018/20181030_habitoween_ladder.js

@@ -0,0 +1,116 @@
+/*
+ * Award Habitoween ladder items to participants in this month's Habitoween festivities
+ */
+
+import monk from 'monk';
+import nconf from 'nconf';
+const MIGRATION_NAME = '20181030_habitoween_ladder.js'; // Update when running in future years
+const CONNECTION_STRING = nconf.get('MIGRATION_CONNECT_STRING');
+const AUTHOR_NAME = 'Sabe'; // in case script author needs to know when their ...
+const AUTHOR_UUID = '7f14ed62-5408-4e1b-be83-ada62d504931'; // ... own data is done
+
+let dbUsers = monk(CONNECTION_STRING).get('users', { castIds: false });
+
+function processUsers (lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  let query = {
+    migration: {$ne: MIGRATION_NAME},
+    'auth.timestamps.loggedin': {$gt: new Date('2018-10-01')},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId,
+    };
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [
+      'items.mounts',
+      'items.pets',
+    ], // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+    .then(updateUsers)
+    .catch((err) => {
+      console.log(err);
+      return exiting(1, `ERROR! ${err}`);
+    });
+}
+
+const PROGRESS_COUNT = 1000;
+let count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  let userPromises = users.map(updateUser);
+  let lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+    .then(() => {
+      processUsers(lastUser._id);
+    });
+}
+
+function updateUser (user) {
+  count++;
+
+  let set = {};
+  let inc = {
+    'items.food.Candy_Skeleton': 1,
+    'items.food.Candy_Base': 1,
+    'items.food.Candy_CottonCandyBlue': 1,
+    'items.food.Candy_CottonCandyPink': 1,
+    'items.food.Candy_Shade': 1,
+    'items.food.Candy_White': 1,
+    'items.food.Candy_Golden': 1,
+    'items.food.Candy_Zombie': 1,
+    'items.food.Candy_Desert': 1,
+    'items.food.Candy_Red': 1,
+  };
+
+  if (user && user.items && user.items.pets && user.items.mounts['JackOLantern-Ghost']) {
+    set['items.pets.JackOLantern-Glow'] = 5;
+  } else if (user && user.items && user.items.pets && user.items.pets['JackOLantern-Ghost']) {
+    set['items.mounts.JackOLantern-Ghost'] = true;
+  } else if (user && user.items && user.items.mounts && user.items.mounts['JackOLantern-Base']) {
+    set['items.pets.JackOLantern-Ghost'] = 5;
+  } else if (user && user.items && user.items.pets && user.items.pets['JackOLantern-Base']) {
+    set['items.mounts.JackOLantern-Base'] = true;
+  } else {
+    set['items.pets.JackOLantern-Base'] = 5;
+  }
+
+  dbUsers.update({_id: user._id}, {$set: set, $inc: inc});
+
+  if (count % PROGRESS_COUNT === 0) console.warn(`${count} ${user._id}`);
+  if (user._id === AUTHOR_UUID) console.warn(`${AUTHOR_NAME} processed`);
+}
+
+function displayData () {
+  console.warn(`\n${count} users processed\n`);
+  return exiting(0);
+}
+
+function exiting (code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) {
+    msg = 'ERROR!';
+  }
+  if (msg) {
+    if (code) {
+      console.error(msg);
+    } else      {
+      console.log(msg);
+    }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;

migrations/archive/2018/20181108_username_email.js

@@ -0,0 +1,109 @@
+const MIGRATION_NAME = '20181108_username_email.js';
+const AUTHOR_NAME = 'Sabe'; // in case script author needs to know when their ...
+const AUTHOR_UUID = '7f14ed62-5408-4e1b-be83-ada62d504931'; // ... own data is done
+
+/*
+ * Send emails to eligible users announcing upcoming username changes
+ */
+
+import monk from 'monk';
+import nconf from 'nconf';
+import { sendTxn } from '../../../website/server/libs/email';
+const CONNECTION_STRING = nconf.get('MIGRATION_CONNECT_STRING');
+const BASE_URL = nconf.get('BASE_URL');
+let dbUsers = monk(CONNECTION_STRING).get('users', { castIds: false });
+
+function processUsers (lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  let query = {
+    migration: {$ne: MIGRATION_NAME},
+    'flags.verifiedUsername': {$ne: true},
+    'auth.timestamps.loggedin': {$gt: new Date('2018-10-25')},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId,
+    };
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 100,
+    fields: [
+      '_id',
+      'auth',
+      'preferences',
+      'profile',
+    ], // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+    .then(updateUsers)
+    .catch((err) => {
+      console.log(err);
+      return exiting(1, `ERROR! ${  err}`);
+    });
+}
+
+let progressCount = 1000;
+let count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  let userPromises = users.map(updateUser);
+  let lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+    .then(() => delay(7000))
+    .then(() => {
+      processUsers(lastUser._id);
+    });
+}
+
+function updateUser (user) {
+  count++;
+
+  dbUsers.update({_id: user._id}, {$set: {migration: MIGRATION_NAME}});
+
+  sendTxn(
+    user,
+    'username-change-follow-up',
+    [{name: 'LOGIN_NAME', content: user.auth.local.username},
+     {name: 'BASE_URL', content: BASE_URL}]
+  );
+
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
+  if (user._id === AUTHOR_UUID) console.warn(`${AUTHOR_NAME} processed`);
+}
+
+function displayData () {
+  console.warn(`\n${count} users processed\n`);
+  return exiting(0);
+}
+
+function delay (t, v) {
+  return new Promise(function batchPause (resolve) {
+    setTimeout(resolve.bind(null, v), t);
+  });
+}
+
+function exiting (code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) {
+    msg = 'ERROR!';
+  }
+  if (msg) {
+    if (code) {
+      console.error(msg);
+    } else      {
+      console.log(msg);
+    }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;

migrations/archive/2018/20181122_turkey_day.js

@@ -0,0 +1,109 @@
+/* eslint-disable no-console */
+const MIGRATION_NAME = '20181122_turkey_day';
+import mongoose from 'mongoose';
+import { model as User } from '../../website/server/models/user';
+
+const progressCount = 1000;
+let count = 0;
+
+async function updateUser (user) {
+  count++;
+
+  const set = {};
+  let push;
+
+  set.migration = MIGRATION_NAME;
+
+  if (typeof user.items.gear.owned.armor_special_turkeyArmorBase !== 'undefined') {
+    set['items.gear.owned.head_special_turkeyHelmGilded'] = false;
+    set['items.gear.owned.armor_special_turkeyArmorGilded'] = false;
+    set['items.gear.owned.back_special_turkeyTailGilded'] = false;
+    push = [
+      {
+        type: 'marketGear',
+        path: 'gear.flat.head_special_turkeyHelmGilded',
+        _id: new mongoose.Types.ObjectId(),
+      },
+      {
+        type: 'marketGear',
+        path: 'gear.flat.armor_special_turkeyArmorGilded',
+        _id: new mongoose.Types.ObjectId(),
+      },
+      {
+        type: 'marketGear',
+        path: 'gear.flat.back_special_turkeyTailGilded',
+        _id: new mongoose.Types.ObjectId(),
+      },
+    ];
+  } else if (user.items && user.items.mounts && user.items.mounts['Turkey-Gilded']) {
+    set['items.gear.owned.head_special_turkeyHelmBase'] = false;
+    set['items.gear.owned.armor_special_turkeyArmorBase'] = false;
+    set['items.gear.owned.back_special_turkeyTailBase'] = false;
+    push = [
+      {
+        type: 'marketGear',
+        path: 'gear.flat.head_special_turkeyHelmBase',
+        _id: new mongoose.Types.ObjectId(),
+      },
+      {
+        type: 'marketGear',
+        path: 'gear.flat.armor_special_turkeyArmorBase',
+        _id: new mongoose.Types.ObjectId(),
+      },
+      {
+        type: 'marketGear',
+        path: 'gear.flat.back_special_turkeyTailBase',
+        _id: new mongoose.Types.ObjectId(),
+      },
+    ];
+  } else if (user.items && user.items.pets && user.items.pets['Turkey-Gilded']) {
+    set['items.mounts.Turkey-Gilded'] = true;
+  } else if (user.items && user.items.mounts && user.items.mounts['Turkey-Base']) {
+    set['items.pets.Turkey-Gilded'] = 5;
+  } else if (user.items && user.items.pets && user.items.pets['Turkey-Base']) {
+    set['items.mounts.Turkey-Base'] = true;
+  } else {
+    set['items.pets.Turkey-Base'] = 5;
+  }
+
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
+
+  if (push) {
+    return await User.update({_id: user._id}, {$set: set, $push: {pinnedItems: {$each: push}}}).exec();
+  } else {
+    return await User.update({_id: user._id}, {$set: set}).exec();
+  }
+}
+
+module.exports = async function processUsers () {
+  let query = {
+    migration: {$ne: MIGRATION_NAME},
+  };
+
+  const fields = {
+    _id: 1,
+    items: 1,
+  };
+
+  while (true) { // eslint-disable-line no-constant-condition
+    const users = await User // eslint-disable-line no-await-in-loop
+      .find(query)
+      .limit(250)
+      .sort({_id: 1})
+      .select(fields)
+      .lean()
+      .exec();
+
+    if (users.length === 0) {
+      console.warn('All appropriate users found and modified.');
+      console.warn(`\n${count} users processed\n`);
+      break;
+    } else {
+      query._id = {
+        $gt: users[users.length - 1],
+      };
+    }
+
+    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
+  }
+};

migrations/archive/2018/20181231_nye.js

@@ -0,0 +1,110 @@
+/* eslint-disable no-console */
+const MIGRATION_NAME = '20181231_nye';
+import { model as User } from '../../../website/server/models/user';
+import mongoose from 'mongoose';
+import { v4 as uuid } from 'uuid';
+
+const progressCount = 1000;
+let count = 0;
+
+async function updateUser (user) {
+  count++;
+
+  const set = {'flags.newStuff': true};
+  let push;
+
+  set.migration = MIGRATION_NAME;
+
+  if (typeof user.items.gear.owned.head_special_nye2017 !== 'undefined') {
+    set['items.gear.owned.head_special_nye2018'] = false;
+    push = [
+      {
+        type: 'marketGear',
+        path: 'gear.flat.head_special_nye2018',
+        _id: uuid(),
+      },
+    ];
+  } else if (typeof user.items.gear.owned.head_special_nye2016 !== 'undefined') {
+    set['items.gear.owned.head_special_nye2017'] = false;
+    push = [
+      {
+        type: 'marketGear',
+        path: 'gear.flat.head_special_nye2017',
+        _id: uuid(),
+      },
+    ];
+  } else if (typeof user.items.gear.owned.head_special_nye2015 !== 'undefined') {
+    set['items.gear.owned.head_special_nye2016'] = false;
+    push = [
+      {
+        type: 'marketGear',
+        path: 'gear.flat.head_special_nye2016',
+        _id: uuid(),
+      },
+    ];
+  } else if (typeof user.items.gear.owned.head_special_nye2014 !== 'undefined') {
+    set['items.gear.owned.head_special_nye2015'] = false;
+    push = [
+      {
+        type: 'marketGear',
+        path: 'gear.flat.head_special_nye2015',
+        _id: uuid(),
+      },
+    ];
+  } else if (typeof user.items.gear.owned.head_special_nye !== 'undefined') {
+    set['items.gear.owned.head_special_nye2014'] = false;
+    push = [
+      {
+        type: 'marketGear',
+        path: 'gear.flat.head_special_nye2014',
+        _id: uuid(),
+      },
+    ];
+  } else {
+    set['items.gear.owned.head_special_nye'] = false;
+    push = [
+      {
+        type: 'marketGear',
+        path: 'gear.flat.head_special_nye',
+        _id: uuid(),
+      },
+    ];
+  }
+
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
+
+  return await User.update({_id: user._id}, {$set: set, $push: {pinnedItems: {$each: push}}}).exec();
+}
+
+module.exports = async function processUsers () {
+  let query = {
+    migration: {$ne: MIGRATION_NAME},
+  };
+
+  const fields = {
+    _id: 1,
+    items: 1,
+  };
+
+  while (true) { // eslint-disable-line no-constant-condition
+    const users = await User // eslint-disable-line no-await-in-loop
+      .find(query)
+      .limit(250)
+      .sort({_id: 1})
+      .select(fields)
+      .lean()
+      .exec();
+
+    if (users.length === 0) {
+      console.warn('All appropriate users found and modified.');
+      console.warn(`\n${count} users processed\n`);
+      break;
+    } else {
+      query._id = {
+        $gt: users[users.length - 1],
+      };
+    }
+
+    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
+  }
+};

migrations/archive/mystery-items-old.js

@@ -0,0 +1,110 @@
+import monk from 'monk';
+import nconf from 'nconf';
+
+const migrationName = 'mystery-items-201808.js'; // Update per month
+const authorName = 'Sabe'; // in case script author needs to know when their ...
+const authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; // ... own data is done
+
+/*
+ * Award this month's mystery items to subscribers
+ */
+const MYSTERY_ITEMS = ['armor_mystery_201810', 'head_mystery_201810'];
+const CONNECTION_STRING = nconf.get('MIGRATION_CONNECT_STRING');
+
+let dbUsers = monk(CONNECTION_STRING).get('users', { castIds: false });
+let UserNotification = require('../../website/server/models/userNotification').model;
+
+function processUsers (lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  let query = {
+    migration: {$ne: migrationName},
+    'purchased.plan.customerId': { $ne: null },
+    $or: [
+      { 'purchased.plan.dateTerminated': { $gte: new Date() } },
+      { 'purchased.plan.dateTerminated': { $exists: false } },
+      { 'purchased.plan.dateTerminated': { $eq: null } },
+    ],
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId,
+    };
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [
+    ], // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+    .then(updateUsers)
+    .catch((err) => {
+      console.log(err);
+      return exiting(1, `ERROR! ${  err}`);
+    });
+}
+
+let progressCount = 1000;
+let count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  let userPromises = users.map(updateUser);
+  let lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+    .then(() => {
+      processUsers(lastUser._id);
+    });
+}
+
+function updateUser (user) {
+  count++;
+
+  const addToSet = {
+    'purchased.plan.mysteryItems': {
+      $each: MYSTERY_ITEMS,
+    },
+  };
+  const push = {
+    notifications: (new UserNotification({
+      type: 'NEW_MYSTERY_ITEMS',
+      data: {
+        MYSTERY_ITEMS,
+      },
+    })).toJSON(),
+  };
+
+  dbUsers.update({_id: user._id}, {$addToSet: addToSet, $push: push});
+
+  if (count % progressCount === 0) console.warn(`${count  } ${  user._id}`);
+  if (user._id === authorUuid) console.warn(`${authorName  } processed`);
+}
+
+function displayData () {
+  console.warn(`\n${  count  } users processed\n`);
+  return exiting(0);
+}
+
+function exiting (code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) {
+    msg = 'ERROR!';
+  }
+  if (msg) {
+    if (code) {
+      console.error(msg);
+    } else      {
+      console.log(msg);
+    }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;

migrations/migration-runner.js

@@ -17,5 +17,12 @@ function setUpServer () {
 setUpServer();
 
 // Replace this with your migration
-const processUsers = require('./users/takeThis.js');
-processUsers();
+const processUsers = require('./archive/2018/20181231_nye.js');
+processUsers()
+  .then(function success () {
+    process.exit(0);
+  })
+  .catch(function failure (err) {
+    console.log(err);
+    process.exit(1);
+  });

migrations/users/bulk-email.js

@@ -0,0 +1,61 @@
+/* eslint-disable no-console */
+import { sendTxn } from '../../../website/server/libs/email';
+import { model as User } from '../../website/server/models/user';
+import moment from 'moment';
+import nconf from 'nconf';
+const BASE_URL = nconf.get('BASE_URL');
+const EMAIL_SLUG = 'mandrill-email-slug'; // Set email template to send
+const MIGRATION_NAME = 'bulk-email';
+
+const progressCount = 1000;
+let count = 0;
+
+async function updateUser (user) {
+  count++;
+
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
+
+  sendTxn(
+    user,
+    EMAIL_SLUG,
+    [{name: 'BASE_URL', content: BASE_URL}] // Add variables from template
+  );
+
+  return await User.update({_id: user._id}, {$set: {migration: MIGRATION_NAME}}).exec();
+}
+
+module.exports = async function processUsers () {
+  let query = {
+    migration: {$ne: MIGRATION_NAME},
+    'auth.timestamps.loggedin': {$gt: moment().subtract(2, 'weeks').toDate()}, // customize or remove to target different populations
+  };
+
+  const fields = {
+    _id: 1,
+    auth: 1,
+    preferences: 1,
+    profile: 1,
+  };
+
+  while (true) { // eslint-disable-line no-constant-condition
+    const users = await User // eslint-disable-line no-await-in-loop
+      .find(query)
+      .limit(250)
+      .sort({_id: 1})
+      .select(fields)
+      .lean()
+      .exec();
+
+    if (users.length === 0) {
+      console.warn('All appropriate users found and modified.');
+      console.warn(`\n${count} users processed\n`);
+      break;
+    } else {
+      query._id = {
+        $gt: users[users.length - 1],
+      };
+    }
+
+    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
+  }
+};

migrations/users/mystery-items.js

@@ -1,70 +1,13 @@
-import monk from 'monk';
-import nconf from 'nconf';
+/* eslint-disable no-console */
+const MIGRATION_NAME = 'mystery_items_201812';
+const MYSTERY_ITEMS = ['headAccessory_mystery_201812', 'back_mystery_201812'];
+import { model as User } from '../../website/server/models/user';
+import { model as UserNotification } from '../../website/server/models/userNotification';
 
-const migrationName = 'mystery-items-201808.js'; // Update per month
-const authorName = 'Sabe'; // in case script author needs to know when their ...
-const authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; // ... own data is done
-
-/*
- * Award this month's mystery items to subscribers
- */
-const MYSTERY_ITEMS = ['armor_mystery_201809', 'head_mystery_201809'];
-const CONNECTION_STRING = nconf.get('MIGRATION_CONNECT_STRING');
-
-let dbUsers = monk(CONNECTION_STRING).get('users', { castIds: false });
-let UserNotification = require('../../website/server/models/userNotification').model;
-
-function processUsers (lastId) {
-  // specify a query to limit the affected users (empty for all users):
-  let query = {
-    migration: {$ne: migrationName},
-    'purchased.plan.customerId': { $ne: null },
-    $or: [
-      { 'purchased.plan.dateTerminated': { $gte: new Date() } },
-      { 'purchased.plan.dateTerminated': { $exists: false } },
-      { 'purchased.plan.dateTerminated': { $eq: null } },
-    ],
-  };
-
-  if (lastId) {
-    query._id = {
-      $gt: lastId,
-    };
-  }
-
-  dbUsers.find(query, {
-    sort: {_id: 1},
-    limit: 250,
-    fields: [
-    ], // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
-  })
-    .then(updateUsers)
-    .catch((err) => {
-      console.log(err);
-      return exiting(1, `ERROR! ${  err}`);
-    });
-}
-
-let progressCount = 1000;
+const progressCount = 1000;
 let count = 0;
 
-function updateUsers (users) {
-  if (!users || users.length === 0) {
-    console.warn('All appropriate users found and modified.');
-    displayData();
-    return;
-  }
-
-  let userPromises = users.map(updateUser);
-  let lastUser = users[users.length - 1];
-
-  return Promise.all(userPromises)
-    .then(() => {
-      processUsers(lastUser._id);
-    });
-}
-
-function updateUser (user) {
+async function updateUser (user) {
   count++;
 
   const addToSet = {
@@ -80,31 +23,49 @@ function updateUser (user) {
       },
     })).toJSON(),
   };
+  const set = {
+    migration: MIGRATION_NAME,
+  };
 
-  dbUsers.update({_id: user._id}, {$addToSet: addToSet, $push: push});
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
 
-  if (count % progressCount === 0) console.warn(`${count  } ${  user._id}`);
-  if (user._id === authorUuid) console.warn(`${authorName  } processed`);
+  return await User.update({_id: user._id}, {$set: set, $push: push, $addToSet: addToSet}).exec();
 }
 
-function displayData () {
-  console.warn(`\n${  count  } users processed\n`);
-  return exiting(0);
-}
+module.exports = async function processUsers () {
+  let query = {
+    migration: {$ne: MIGRATION_NAME},
+    'purchased.plan.customerId': { $ne: null },
+    $or: [
+      { 'purchased.plan.dateTerminated': { $gte: new Date() } },
+      { 'purchased.plan.dateTerminated': { $exists: false } },
+      { 'purchased.plan.dateTerminated': { $eq: null } },
+    ],
+  };
 
-function exiting (code, msg) {
-  code = code || 0; // 0 = success
-  if (code && !msg) {
-    msg = 'ERROR!';
-  }
-  if (msg) {
-    if (code) {
-      console.error(msg);
-    } else      {
-      console.log(msg);
+  const fields = {
+    _id: 1,
+  };
+
+  while (true) { // eslint-disable-line no-constant-condition
+    const users = await User // eslint-disable-line no-await-in-loop
+      .find(query)
+      .limit(250)
+      .sort({_id: 1})
+      .select(fields)
+      .lean()
+      .exec();
+
+    if (users.length === 0) {
+      console.warn('All appropriate users found and modified.');
+      console.warn(`\n${count} users processed\n`);
+      break;
+    } else {
+      query._id = {
+        $gt: users[users.length - 1],
+      };
     }
-  }
-  process.exit(code);
-}
 
-module.exports = processUsers;
+    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
+  }
+};

migrations/users/take-this.js

@@ -0,0 +1,81 @@
+/* eslint-disable no-console */
+const MIGRATION_NAME = '20181203_take_this';
+import { v4 as uuid } from 'uuid';
+
+import { model as User } from '../../website/server/models/user';
+
+const progressCount = 1000;
+let count = 0;
+
+async function updateUser (user) {
+  count++;
+
+  const set = {};
+  let push;
+
+  set.migration = MIGRATION_NAME;
+
+  if (typeof user.items.gear.owned.back_special_takeThis !== 'undefined') {
+    push = false;
+  } else if (typeof user.items.gear.owned.body_special_takeThis !== 'undefined') {
+    set['items.gear.owned.back_special_takeThis'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.back_special_takeThis', _id: uuid()}};
+  } else if (typeof user.items.gear.owned.head_special_takeThis !== 'undefined') {
+    set['items.gear.owned.body_special_takeThis'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.body_special_takeThis', _id: uuid()}};
+  } else if (typeof user.items.gear.owned.armor_special_takeThis !== 'undefined') {
+    set['items.gear.owned.head_special_takeThis'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.head_special_takeThis', _id: uuid()}};
+  } else if (typeof user.items.gear.owned.weapon_special_takeThis !== 'undefined') {
+    set['items.gear.owned.armor_special_takeThis'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.armor_special_takeThis', _id: uuid()}};
+  } else if (typeof user.items.gear.owned.shield_special_takeThis !== 'undefined') {
+    set['items.gear.owned.weapon_special_takeThis'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.weapon_special_takeThis', _id: uuid()}};
+  } else {
+    set['items.gear.owned.shield_special_takeThis'] = false;
+    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.shield_special_takeThis', _id: uuid()}};
+  }
+
+  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
+
+  if (push) {
+    return await User.update({_id: user._id}, {$set: set, $push: push}).exec();
+  } else {
+    return await User.update({_id: user._id}, {$set: set}).exec();
+  }
+}
+
+module.exports = async function processUsers () {
+  let query = {
+    migration: {$ne: MIGRATION_NAME},
+    challenges: '00708425-d477-41a5-bf27-6270466e7976',
+  };
+
+  const fields = {
+    _id: 1,
+    items: 1,
+  };
+
+  while (true) { // eslint-disable-line no-constant-condition
+    const users = await User // eslint-disable-line no-await-in-loop
+      .find(query)
+      .limit(250)
+      .sort({_id: 1})
+      .select(fields)
+      .lean()
+      .exec();
+
+    if (users.length === 0) {
+      console.warn('All appropriate users found and modified.');
+      console.warn(`\n${count} users processed\n`);
+      break;
+    } else {
+      query._id = {
+        $gt: users[users.length - 1],
+      };
+    }
+
+    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
+  }
+};

package.json

@@ -1,7 +1,7 @@
 {
   "name": "habitica",
   "description": "A habit tracker app which treats your goals like a Role Playing Game.",
-  "version": "4.64.0",
+  "version": "4.78.0",
   "main": "./website/server/index.js",
   "dependencies": {
     "@slack/client": "^3.8.1",
@@ -11,7 +11,7 @@
     "apidoc": "^0.17.5",
     "apn": "^2.2.0",
     "autoprefixer": "^8.5.0",
-    "aws-sdk": "^2.239.1",
+    "aws-sdk": "^2.329.0",
     "axios": "^0.18.0",
     "axios-progress-bar": "^1.2.0",
     "babel-core": "^6.26.3",
@@ -33,9 +33,9 @@
     "compression": "^1.7.2",
     "cookie-session": "^1.2.0",
     "coupon-code": "^0.4.5",
-    "cross-env": "^5.1.5",
+    "cross-env": "^5.2.0",
     "css-loader": "^0.28.11",
-    "csv-stringify": "^3.0.0",
+    "csv-stringify": "^4.3.1",
     "cwait": "^1.1.1",
     "domain-middleware": "~0.1.0",
     "express": "^4.16.3",
@@ -46,29 +46,29 @@
     "got": "^9.0.0",
     "gulp": "^4.0.0",
     "gulp-babel": "^7.0.1",
-    "gulp-imagemin": "^4.1.0",
-    "gulp-nodemon": "^2.2.1",
+    "gulp-imagemin": "^5.0.3",
+    "gulp-nodemon": "^2.4.1",
     "gulp.spritesmith": "^6.9.0",
     "habitica-markdown": "^1.3.0",
     "hellojs": "^1.15.1",
     "html-webpack-plugin": "^3.2.0",
     "image-size": "^0.6.2",
-    "in-app-purchase": "^1.9.4",
+    "in-app-purchase": "^1.10.2",
     "intro.js": "^2.9.3",
     "jquery": ">=3.0.0",
     "js2xmlparser": "^3.0.0",
     "lodash": "^4.17.10",
     "merge-stream": "^1.0.0",
-    "method-override": "^2.3.5",
+    "method-override": "^3.0.0",
     "moment": "^2.22.1",
     "moment-recur": "^1.0.7",
-    "mongoose": "^5.1.3",
+    "mongoose": "^5.3.4",
     "morgan": "^1.7.0",
     "nconf": "^0.10.0",
-    "node-gcm": "^0.14.4",
+    "node-gcm": "^1.0.2",
     "node-sass": "^4.9.0",
     "nodemailer": "^4.6.4",
-    "ora": "^2.1.0",
+    "ora": "^3.0.0",
     "pageres": "^4.1.1",
     "passport": "^0.4.0",
     "passport-facebook": "^2.0.0",
@@ -79,19 +79,18 @@
     "postcss-easy-import": "^3.0.0",
     "ps-tree": "^1.0.0",
     "pug": "^2.0.3",
-    "pusher": "^1.3.0",
     "rimraf": "^2.4.3",
-    "sass-loader": "^7.0.0",
+    "sass-loader": "^7.0.3",
     "shelljs": "^0.8.2",
     "short-uuid": "^3.0.0",
     "smartbanner.js": "^1.9.1",
     "stripe": "^5.9.0",
-    "superagent": "^3.8.3",
+    "superagent": "^4.0.0",
     "svg-inline-loader": "^0.8.0",
     "svg-url-loader": "^2.3.2",
     "svgo": "^1.0.5",
     "svgo-loader": "^2.1.0",
-    "universal-analytics": "^0.4.16",
+    "universal-analytics": "^0.4.17",
     "update": "^0.7.4",
     "upgrade": "^1.1.0",
     "url-loader": "^1.0.0",
@@ -108,15 +107,15 @@
     "vuedraggable": "^2.15.0",
     "vuejs-datepicker": "git://github.com/habitrpg/vuejs-datepicker.git#5d237615463a84a23dd6f3f77c6ab577d68593ec",
     "webpack": "^3.12.0",
-    "webpack-merge": "^4.0.0",
-    "winston": "^2.4.2",
+    "webpack-merge": "^4.1.3",
+    "winston": "^2.4.3",
     "winston-loggly-bulk": "^2.0.2",
     "xml2js": "^0.4.4"
   },
   "private": true,
   "engines": {
-    "node": "^8.9.4",
-    "npm": "^5.6.0"
+    "node": "^10",
+    "npm": "^6"
   },
   "scripts": {
     "lint": "eslint --ext .js,.vue .",
@@ -145,13 +144,13 @@
     "apidoc": "gulp apidoc"
   },
   "devDependencies": {
-    "@vue/test-utils": "^1.0.0-beta.16",
+    "@vue/test-utils": "^1.0.0-beta.19",
     "babel-plugin-istanbul": "^4.1.6",
     "babel-plugin-syntax-object-rest-spread": "^6.13.0",
     "chai": "^4.1.2",
     "chai-as-promised": "^7.1.1",
     "chalk": "^2.4.1",
-    "chromedriver": "^2.38.3",
+    "chromedriver": "^2.40.0",
     "connect-history-api-fallback": "^1.1.0",
     "coveralls": "^3.0.1",
     "cross-spawn": "^6.0.5",
@@ -163,9 +162,9 @@
     "eslint-plugin-mocha": "^5.0.0",
     "eventsource-polyfill": "^0.9.6",
     "expect.js": "^0.3.1",
-    "http-proxy-middleware": "^0.18.0",
+    "http-proxy-middleware": "^0.19.0",
     "istanbul": "^1.1.0-alpha.1",
-    "karma": "^3.0.0",
+    "karma": "^3.1.3",
     "karma-babel-preprocessor": "^7.0.0",
     "karma-chai-plugins": "^0.9.0",
     "karma-chrome-launcher": "^2.2.0",
@@ -181,18 +180,15 @@
     "mocha": "^5.1.1",
     "monk": "^6.0.6",
     "nightwatch": "^0.9.21",
-    "puppeteer": "^1.4.0",
+    "puppeteer": "^1.5.0",
     "require-again": "^2.0.0",
     "selenium-server": "^3.12.0",
-    "sinon": "^4.5.0",
+    "sinon": "^6.3.5",
     "sinon-chai": "^3.0.0",
     "sinon-stub-promise": "^4.0.0",
     "webpack-bundle-analyzer": "^2.12.0",
     "webpack-dev-middleware": "^2.0.5",
     "webpack-hot-middleware": "^2.22.2"
   },
-  "optionalDependencies": {
-    "memwatch-next": "^0.3.0",
-    "node-rdkafka": "^2.3.0"
-  }
+  "optionalDependencies": {}
 }

scripts/gdpr-delete-users.js

@@ -0,0 +1,89 @@
+/* eslint-disable no-console */
+import axios from 'axios';
+import { model as User } from '../website/server/models/user';
+import nconf from 'nconf';
+
+const AMPLITUDE_KEY = nconf.get('AMPLITUDE_KEY');
+const AMPLITUDE_SECRET = nconf.get('AMPLITUDE_SECRET');
+const BASE_URL = nconf.get('BASE_URL');
+
+async function _deleteAmplitudeData (userId, email) {
+  const response = await axios.post(
+    'https://amplitude.com/api/2/deletions/users',
+    {
+      user_ids: userId, // eslint-disable-line camelcase
+      requester: email,
+    },
+    {
+      auth: {
+        username: AMPLITUDE_KEY,
+        password: AMPLITUDE_SECRET,
+      },
+    }
+  ).catch((err) => {
+    console.log(err.response.data);
+  });
+
+  if (response) console.log(`${response.status} ${response.statusText}`);
+}
+
+async function _deleteHabiticaData (user, email) {
+  await User.update(
+    {_id: user._id},
+    {$set: {
+      'auth.local.email': email,
+      'auth.local.hashed_password': '$2a$10$QDnNh1j1yMPnTXDEOV38xOePEWFd4X8DSYwAM8XTmqmacG5X0DKjW',
+      'auth.local.passwordHashMethod': 'bcrypt',
+    }}
+  );
+  const response = await axios.delete(
+    `${BASE_URL}/api/v3/user`,
+    {
+      data: {
+        password: 'test',
+      },
+      headers: {
+        'x-api-user': user._id,
+        'x-api-key': user.apiToken,
+      },
+    }
+  ).catch((err) => {
+    console.log(err.response.data);
+  });
+
+  if (response) {
+    console.log(`${response.status} ${response.statusText}`);
+    if (response.status === 200) console.log(`${user._id} removed. Last login: ${user.auth.timestamps.loggedin}`);
+  }
+}
+
+async function _processEmailAddress (email) {
+  const emailRegex = new RegExp(`^${email}`, 'i');
+  const users = await User.find({
+    $or: [
+      {'auth.local.email': emailRegex},
+      {'auth.facebook.emails.value': emailRegex},
+      {'auth.google.emails.value': emailRegex},
+    ]},
+  {
+    _id: 1,
+    apiToken: 1,
+    auth: 1,
+  }).exec();
+
+  if (users.length < 1) {
+    console.log(`No users found with email address ${email}`);
+  } else {
+    for (const user of users) {
+      await _deleteAmplitudeData(user._id, email); // eslint-disable-line no-await-in-loop
+      await _deleteHabiticaData(user, email); // eslint-disable-line no-await-in-loop
+    }
+  }
+}
+
+function deleteUserData (emails) {
+  const emailPromises = emails.map(_processEmailAddress);
+  return Promise.all(emailPromises);
+}
+
+module.exports = deleteUserData;

scripts/paypalBillingSetup.js

@@ -12,28 +12,27 @@ const nconf = require('nconf');
 const _ = require('lodash');
 const paypal = require('paypal-rest-sdk');
 const blocks = require('../website/common').content.subscriptionBlocks;
-const live = nconf.get('PAYPAL:mode') === 'live';
+const live = nconf.get('PAYPAL_MODE') === 'live';
 
 nconf.argv().env().file('user', path.join(path.resolve(__dirname, '../config.json')));
 
-let OP = 'create'; // list create update remove
+let OP = 'create'; // list get update create create-webprofile
 
 paypal.configure({
-  mode: nconf.get('PAYPAL:mode'), // sandbox or live
-  client_id: nconf.get('PAYPAL:client_id'),
-  client_secret: nconf.get('PAYPAL:client_secret'),
+  mode: nconf.get('PAYPAL_MODE'), // sandbox or live
+  client_id: nconf.get('PAYPAL_CLIENT_ID'),
+  client_secret: nconf.get('PAYPAL_CLIENT_SECRET'),
 });
 
 // https://developer.paypal.com/docs/api/#billing-plans-and-agreements
 let billingPlanTitle = 'Habitica Subscription';
 let billingPlanAttributes = {
-  name: billingPlanTitle,
   description: billingPlanTitle,
   type: 'INFINITE',
   merchant_preferences: {
     auto_bill_amount: 'yes',
     cancel_url: live ? 'https://habitica.com' : 'http://localhost:3000',
-    return_url: `${live ? 'https://habitica.com' : 'http://localhost:3000'  }/paypal/subscribe/success`,
+    return_url: `${live ? 'https://habitica.com' : 'http://localhost:3000'}/paypal/subscribe/success`,
   },
   payment_definitions: [{
     type: 'REGULAR',
@@ -45,7 +44,7 @@ let billingPlanAttributes = {
 _.each(blocks, (block) => {
   block.definition = _.cloneDeep(billingPlanAttributes);
   _.merge(block.definition.payment_definitions[0], {
-    name: `${billingPlanTitle  } ($${block.price} every ${block.months} months, recurring)`,
+    name: `${billingPlanTitle} ($${block.price} every ${block.months} months, recurring)`,
     frequency_interval: `${block.months}`,
     amount: {
       currency: 'USD',
@@ -63,7 +62,7 @@ switch (OP) {
     });
     break;
   case 'get':
-    paypal.billingPlan.get(nconf.get('PAYPAL:billing_plans:12'), (err, plan) => {
+    paypal.billingPlan.get(nconf.get('PAYPAL_BILLING_PLANS_basic_12mo'), (err, plan) => {
       console.log({err, plan});
     });
     break;
@@ -75,7 +74,7 @@ switch (OP) {
         cancel_url: 'https://habitica.com',
       },
     };
-    paypal.billingPlan.update(nconf.get('PAYPAL:billing_plans:12'), updatePayload, (err, res) => {
+    paypal.billingPlan.update(nconf.get('PAYPAL_BILLING_PLANS_basic_12mo'), updatePayload, (err, res) => {
       console.log({err, plan: res});
     });
     break;
@@ -101,9 +100,6 @@ switch (OP) {
       });
     });
     break;
-
-  case 'remove': break;
-
   case 'create-webprofile':
     let webexpinfo = {
       name: 'HabiticaProfile',
@@ -116,4 +112,4 @@ switch (OP) {
       console.log(error, result);
     });
     break;
-}
+}

test/api/unit/libs/baseModel.test.js

@@ -5,10 +5,17 @@ describe('Base model plugin', () => {
   let schema;
 
   beforeEach(() => {
-    schema = new mongoose.Schema();
+    schema = new mongoose.Schema({}, {
+      typeKey: '$type',
+    });
     sandbox.stub(schema, 'add');
   });
 
+  it('throws if "typeKey" is not set to $type', () => {
+    const schemaWithoutTypeKey = new mongoose.Schema();
+    expect(() => schemaWithoutTypeKey.plugin(baseModel)).to.throw;
+  });
+
   it('adds a _id field to the schema', () => {
     schema.plugin(baseModel);
 

test/api/unit/libs/password.test.js

@@ -245,7 +245,9 @@ describe('Password Utilities', () => {
 
     it('returns false if the user has no local auth', async () => {
       let user = await generateUser({
-        auth: 'not an object with valid fields',
+        auth: {
+          facebook: {},
+        },
       });
       let res = await validatePasswordResetCodeAndFindUser(encrypt(JSON.stringify({
         userId: user._id,

test/api/unit/libs/payments/amazon/cancel.test.js

@@ -48,7 +48,6 @@ describe('Amazon Payments - Cancel Subscription', () => {
 
   function expectBillingAggreementDetailSpy () {
     getBillingAgreementDetailsSpy = sinon.stub(amzLib, 'getBillingAgreementDetails')
-      .returnsPromise()
       .resolves({
         BillingAgreementDetails: {
           BillingAgreementStatus: {State: 'Open'},
@@ -80,14 +79,14 @@ describe('Amazon Payments - Cancel Subscription', () => {
     headers = {};
 
     getBillingAgreementDetailsSpy = sinon.stub(amzLib, 'getBillingAgreementDetails');
-    getBillingAgreementDetailsSpy.returnsPromise().resolves({
+    getBillingAgreementDetailsSpy.resolves({
       BillingAgreementDetails: {
         BillingAgreementStatus: {State: 'Closed'},
       },
     });
 
     paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription');
-    paymentCancelSubscriptionSpy.returnsPromise().resolves({});
+    paymentCancelSubscriptionSpy.resolves({});
   });
 
   afterEach(function () {
@@ -118,7 +117,7 @@ describe('Amazon Payments - Cancel Subscription', () => {
   it('should close a user subscription if amazon not closed', async () => {
     amzLib.getBillingAgreementDetails.restore();
     expectBillingAggreementDetailSpy();
-    let closeBillingAgreementSpy = sinon.stub(amzLib, 'closeBillingAgreement').returnsPromise().resolves({});
+    let closeBillingAgreementSpy = sinon.stub(amzLib, 'closeBillingAgreement').resolves({});
     billingAgreementId = user.purchased.plan.customerId;
 
     await amzLib.cancelSubscription({user, headers});
@@ -164,7 +163,7 @@ describe('Amazon Payments - Cancel Subscription', () => {
   it('should close a group subscription if amazon not closed', async () => {
     amzLib.getBillingAgreementDetails.restore();
     expectBillingAggreementDetailSpy();
-    let closeBillingAgreementSpy = sinon.stub(amzLib, 'closeBillingAgreement').returnsPromise().resolves({});
+    let closeBillingAgreementSpy = sinon.stub(amzLib, 'closeBillingAgreement').resolves({});
     billingAgreementId = group.purchased.plan.customerId;
 
     await amzLib.cancelSubscription({user, groupId: group._id, headers});

test/api/unit/libs/payments/amazon/checkout.test.js

@@ -68,22 +68,22 @@ describe('Amazon Payments - Checkout', () => {
     orderReferenceId = 'orderReferenceId';
 
     setOrderReferenceDetailsSpy = sinon.stub(amzLib, 'setOrderReferenceDetails');
-    setOrderReferenceDetailsSpy.returnsPromise().resolves({});
+    setOrderReferenceDetailsSpy.resolves({});
 
     confirmOrderReferenceSpy = sinon.stub(amzLib, 'confirmOrderReference');
-    confirmOrderReferenceSpy.returnsPromise().resolves({});
+    confirmOrderReferenceSpy.resolves({});
 
     authorizeSpy = sinon.stub(amzLib, 'authorize');
-    authorizeSpy.returnsPromise().resolves({});
+    authorizeSpy.resolves({});
 
     closeOrderReferenceSpy = sinon.stub(amzLib, 'closeOrderReference');
-    closeOrderReferenceSpy.returnsPromise().resolves({});
+    closeOrderReferenceSpy.resolves({});
 
     paymentBuyGemsStub = sinon.stub(payments, 'buyGems');
-    paymentBuyGemsStub.returnsPromise().resolves({});
+    paymentBuyGemsStub.resolves({});
 
     paymentCreateSubscritionStub = sinon.stub(payments, 'createSubscription');
-    paymentCreateSubscritionStub.returnsPromise().resolves({});
+    paymentCreateSubscritionStub.resolves({});
 
     sinon.stub(common, 'uuid').returns('uuid-generated');
   });
@@ -111,7 +111,7 @@ describe('Amazon Payments - Checkout', () => {
   }
 
   it('should purchase gems', async () => {
-    sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
+    sinon.stub(user, 'canGetGems').resolves(true);
     await amzLib.checkout({user, orderReferenceId, headers});
 
     expectBuyGemsStub(amzLib.constants.PAYMENT_METHOD);
@@ -140,7 +140,7 @@ describe('Amazon Payments - Checkout', () => {
   });
 
   it('should error if user cannot get gems gems', async () => {
-    sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+    sinon.stub(user, 'canGetGems').resolves(false);
     await expect(amzLib.checkout({user, orderReferenceId, headers})).to.eventually.be.rejected.and.to.eql({
       httpCode: 401,
       message: i18n.t('groupPolicyCannotGetGems'),

test/api/unit/libs/payments/amazon/subscribe.test.js

@@ -46,16 +46,16 @@ describe('Amazon Payments - Subscribe', () => {
     headers = {};
 
     amazonSetBillingAgreementDetailsSpy = sinon.stub(amzLib, 'setBillingAgreementDetails');
-    amazonSetBillingAgreementDetailsSpy.returnsPromise().resolves({});
+    amazonSetBillingAgreementDetailsSpy.resolves({});
 
     amazonConfirmBillingAgreementSpy = sinon.stub(amzLib, 'confirmBillingAgreement');
-    amazonConfirmBillingAgreementSpy.returnsPromise().resolves({});
+    amazonConfirmBillingAgreementSpy.resolves({});
 
     amazonAuthorizeOnBillingAgreementSpy = sinon.stub(amzLib, 'authorizeOnBillingAgreement');
-    amazonAuthorizeOnBillingAgreementSpy.returnsPromise().resolves({});
+    amazonAuthorizeOnBillingAgreementSpy.resolves({});
 
     createSubSpy = sinon.stub(payments, 'createSubscription');
-    createSubSpy.returnsPromise().resolves({});
+    createSubSpy.resolves({});
 
     sinon.stub(common, 'uuid').returns('uuid-generated');
   });

test/api/unit/libs/payments/amazon/upgrade-groupplan.test.js

@@ -37,7 +37,7 @@ describe('#upgradeGroupPlan', () => {
     await group.save();
 
     spy = sinon.stub(amzLib, 'authorizeOnBillingAgreement');
-    spy.returnsPromise().resolves([]);
+    spy.resolves([]);
 
     uuidString = 'uuid-v4';
     sinon.stub(uuid, 'v4').returns(uuidString);

test/api/unit/libs/payments/apple.test.js

@@ -24,16 +24,16 @@ describe('Apple Payments', ()  => {
       headers = {};
 
       iapSetupStub = sinon.stub(iapModule, 'setup')
-        .returnsPromise().resolves();
+        .resolves();
       iapValidateStub = sinon.stub(iapModule, 'validate')
-        .returnsPromise().resolves({});
+        .resolves({});
       iapIsValidatedStub = sinon.stub(iapModule, 'isValidated')
         .returns(true);
       iapGetPurchaseDataStub = sinon.stub(iapModule, 'getPurchaseData')
         .returns([{productId: 'com.habitrpg.ios.Habitica.21gems',
                    transactionId: token,
         }]);
-      paymentBuyGemsStub = sinon.stub(payments, 'buyGems').returnsPromise().resolves({});
+      paymentBuyGemsStub = sinon.stub(payments, 'buyGems').resolves({});
     });
 
     afterEach(() => {
@@ -70,7 +70,7 @@ describe('Apple Payments', ()  => {
     });
 
     it('errors if the user cannot purchase gems', async () => {
-      sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+      sinon.stub(user, 'canGetGems').resolves(false);
       await expect(applePayments.verifyGemPurchase(user, receipt, headers))
         .to.eventually.be.rejected.and.to.eql({
           httpCode: 401,
@@ -82,7 +82,7 @@ describe('Apple Payments', ()  => {
     });
 
     it('errors if amount does not exist', async () => {
-      sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
+      sinon.stub(user, 'canGetGems').resolves(true);
       iapGetPurchaseDataStub.restore();
       iapGetPurchaseDataStub = sinon.stub(iapModule, 'getPurchaseData')
         .returns([{productId: 'badProduct',
@@ -130,7 +130,7 @@ describe('Apple Payments', ()  => {
                      transactionId: token,
           }]);
 
-        sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
+        sinon.stub(user, 'canGetGems').resolves(true);
         await applePayments.verifyGemPurchase(user, receipt, headers);
 
         expect(iapSetupStub).to.be.calledOnce;
@@ -167,9 +167,9 @@ describe('Apple Payments', ()  => {
       nextPaymentProcessing = moment.utc().add({days: 2});
 
       iapSetupStub = sinon.stub(iapModule, 'setup')
-        .returnsPromise().resolves();
+        .resolves();
       iapValidateStub = sinon.stub(iapModule, 'validate')
-        .returnsPromise().resolves({});
+        .resolves({});
       iapIsValidatedStub = sinon.stub(iapModule, 'isValidated')
         .returns(true);
       iapGetPurchaseDataStub = sinon.stub(iapModule, 'getPurchaseData')
@@ -186,7 +186,7 @@ describe('Apple Payments', ()  => {
           productId: sku,
           transactionId: token,
         }]);
-      paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').returnsPromise().resolves({});
+      paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').resolves({});
     });
 
     afterEach(() => {
@@ -297,9 +297,9 @@ describe('Apple Payments', ()  => {
       expirationDate = moment.utc();
 
       iapSetupStub = sinon.stub(iapModule, 'setup')
-        .returnsPromise().resolves();
+        .resolves();
       iapValidateStub = sinon.stub(iapModule, 'validate')
-        .returnsPromise().resolves({
+        .resolves({
           expirationDate,
         });
       iapGetPurchaseDataStub = sinon.stub(iapModule, 'getPurchaseData')
@@ -314,7 +314,7 @@ describe('Apple Payments', ()  => {
       user.purchased.plan.planId = subKey;
       user.purchased.plan.additionalData = receipt;
 
-      paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+      paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').resolves({});
     });
 
     afterEach(function () {

test/api/unit/libs/payments/google.test.js

@@ -24,12 +24,12 @@ describe('Google Payments', ()  => {
       headers = {};
 
       iapSetupStub = sinon.stub(iapModule, 'setup')
-        .returnsPromise().resolves();
+        .resolves();
       iapValidateStub = sinon.stub(iapModule, 'validate')
-        .returnsPromise().resolves({});
+        .resolves({});
       iapIsValidatedStub = sinon.stub(iapModule, 'isValidated')
         .returns(true);
-      paymentBuyGemsStub = sinon.stub(payments, 'buyGems').returnsPromise().resolves({});
+      paymentBuyGemsStub = sinon.stub(payments, 'buyGems').resolves({});
     });
 
     afterEach(() => {
@@ -64,7 +64,7 @@ describe('Google Payments', ()  => {
     });
 
     it('should throw an error if user cannot purchase gems', async () => {
-      sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+      sinon.stub(user, 'canGetGems').resolves(false);
 
       await expect(googlePayments.verifyGemPurchase(user, receipt, signature, headers))
         .to.eventually.be.rejected.and.to.eql({
@@ -77,7 +77,7 @@ describe('Google Payments', ()  => {
     });
 
     it('purchases gems', async () => {
-      sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
+      sinon.stub(user, 'canGetGems').resolves(true);
       await googlePayments.verifyGemPurchase(user, receipt, signature, headers);
 
       expect(iapSetupStub).to.be.calledOnce;
@@ -116,12 +116,12 @@ describe('Google Payments', ()  => {
       nextPaymentProcessing = moment.utc().add({days: 2});
 
       iapSetupStub = sinon.stub(iapModule, 'setup')
-        .returnsPromise().resolves();
+        .resolves();
       iapValidateStub = sinon.stub(iapModule, 'validate')
-        .returnsPromise().resolves({});
+        .resolves({});
       iapIsValidatedStub = sinon.stub(iapModule, 'isValidated')
         .returns(true);
-      paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').returnsPromise().resolves({});
+      paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').resolves({});
     });
 
     afterEach(() => {
@@ -193,9 +193,9 @@ describe('Google Payments', ()  => {
       expirationDate = moment.utc();
 
       iapSetupStub = sinon.stub(iapModule, 'setup')
-        .returnsPromise().resolves();
+        .resolves();
       iapValidateStub = sinon.stub(iapModule, 'validate')
-        .returnsPromise().resolves({
+        .resolves({
           expirationDate,
         });
       iapGetPurchaseDataStub = sinon.stub(iapModule, 'getPurchaseData')
@@ -210,7 +210,7 @@ describe('Google Payments', ()  => {
       user.purchased.plan.planId = subKey;
       user.purchased.plan.additionalData = {data: receipt, signature};
 
-      paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+      paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').resolves({});
     });
 
     afterEach(function () {

test/api/unit/libs/payments/group-plans/group-payments-create.test.js

@@ -69,11 +69,11 @@ describe('Purchasing a group plan for group', () => {
     };
 
     let subscriptionId = 'subId';
-    sinon.stub(stripe.customers, 'del').returnsPromise().resolves({});
+    sinon.stub(stripe.customers, 'del').resolves({});
 
     let currentPeriodEndTimeStamp = moment().add(3, 'months').unix();
     sinon.stub(stripe.customers, 'retrieve')
-      .returnsPromise().resolves({
+      .resolves({
         subscriptions: {
           data: [{id: subscriptionId, current_period_end: currentPeriodEndTimeStamp}], // eslint-disable-line camelcase
         },
@@ -216,7 +216,6 @@ describe('Purchasing a group plan for group', () => {
 
   it('sends one email to subscribed member of group, stating subscription is cancelled (Amazon)', async () => {
     sinon.stub(amzLib, 'getBillingAgreementDetails')
-      .returnsPromise()
       .resolves({
         BillingAgreementDetails: {
           BillingAgreementStatus: {State: 'Closed'},
@@ -251,9 +250,9 @@ describe('Purchasing a group plan for group', () => {
   });
 
   it('sends one email to subscribed member of group, stating subscription is cancelled (PayPal)', async () => {
-    sinon.stub(paypalPayments, 'paypalBillingAgreementCancel').returnsPromise().resolves({});
+    sinon.stub(paypalPayments, 'paypalBillingAgreementCancel').resolves({});
     sinon.stub(paypalPayments, 'paypalBillingAgreementGet')
-      .returnsPromise().resolves({
+      .resolves({
         agreement_details: { // eslint-disable-line camelcase
           next_billing_date: moment().add(3, 'months').toDate(), // eslint-disable-line camelcase
           cycles_completed: 1, // eslint-disable-line camelcase
@@ -449,7 +448,6 @@ describe('Purchasing a group plan for group', () => {
 
   it('adds months to members with existing recurring subscription (Amazon)', async () => {
     sinon.stub(amzLib, 'getBillingAgreementDetails')
-      .returnsPromise()
       .resolves({
         BillingAgreementDetails: {
           BillingAgreementStatus: {State: 'Closed'},
@@ -478,9 +476,9 @@ describe('Purchasing a group plan for group', () => {
   });
 
   it('adds months to members with existing recurring subscription (Paypal)', async () => {
-    sinon.stub(paypalPayments, 'paypalBillingAgreementCancel').returnsPromise().resolves({});
+    sinon.stub(paypalPayments, 'paypalBillingAgreementCancel').resolves({});
     sinon.stub(paypalPayments, 'paypalBillingAgreementGet')
-      .returnsPromise().resolves({
+      .resolves({
         agreement_details: { // eslint-disable-line camelcase
           next_billing_date: moment().add(3, 'months').toDate(), // eslint-disable-line camelcase
           cycles_completed: 1, // eslint-disable-line camelcase

test/api/unit/libs/payments/payments.test.js

@@ -209,7 +209,7 @@ describe('payments/index', () => {
         await api.createSubscription(data);
         let msg = '\`Hello recipient, sender has sent you 3 months of subscription!\`';
 
-        expect(user.sendMessage).to.be.calledOnce;
+        expect(user.sendMessage).to.be.calledTwice;
         expect(user.sendMessage).to.be.calledWith(recipient, { receiverMsg: msg, senderMsg: msg, save: false });
       });
 
@@ -247,6 +247,77 @@ describe('payments/index', () => {
           },
         });
       });
+
+      context('Winter 2018-19 Gift-1-Get-1 Promotion', async () => {
+        it('creates a gift subscription for purchaser and recipient if none exist', async () => {
+          await api.createSubscription(data);
+
+          expect(user.items.pets['Jackalope-RoyalPurple']).to.eql(5);
+          expect(user.purchased.plan.customerId).to.eql('Gift');
+          expect(user.purchased.plan.dateTerminated).to.exist;
+          expect(user.purchased.plan.dateUpdated).to.exist;
+          expect(user.purchased.plan.dateCreated).to.exist;
+
+          expect(recipient.items.pets['Jackalope-RoyalPurple']).to.eql(5);
+          expect(recipient.purchased.plan.customerId).to.eql('Gift');
+          expect(recipient.purchased.plan.dateTerminated).to.exist;
+          expect(recipient.purchased.plan.dateUpdated).to.exist;
+          expect(recipient.purchased.plan.dateCreated).to.exist;
+        });
+
+        it('adds extraMonths to existing subscription for purchaser and creates a gift subscription for recipient without sub', async () => {
+          user.purchased.plan = plan;
+
+          expect(user.purchased.plan.extraMonths).to.eql(0);
+
+          await api.createSubscription(data);
+
+          expect(user.purchased.plan.extraMonths).to.eql(3);
+
+          expect(recipient.items.pets['Jackalope-RoyalPurple']).to.eql(5);
+          expect(recipient.purchased.plan.customerId).to.eql('Gift');
+          expect(recipient.purchased.plan.dateTerminated).to.exist;
+          expect(recipient.purchased.plan.dateUpdated).to.exist;
+          expect(recipient.purchased.plan.dateCreated).to.exist;
+        });
+
+        it('adds extraMonths to existing subscription for recipient and creates a gift subscription for purchaser without sub', async () => {
+          recipient.purchased.plan = plan;
+
+          expect(recipient.purchased.plan.extraMonths).to.eql(0);
+
+          await api.createSubscription(data);
+
+          expect(recipient.purchased.plan.extraMonths).to.eql(3);
+
+          expect(user.items.pets['Jackalope-RoyalPurple']).to.eql(5);
+          expect(user.purchased.plan.customerId).to.eql('Gift');
+          expect(user.purchased.plan.dateTerminated).to.exist;
+          expect(user.purchased.plan.dateUpdated).to.exist;
+          expect(user.purchased.plan.dateCreated).to.exist;
+        });
+
+        it('adds extraMonths to existing subscriptions for purchaser and recipient', async () => {
+          user.purchased.plan = plan;
+          recipient.purchased.plan = plan;
+
+          expect(user.purchased.plan.extraMonths).to.eql(0);
+          expect(recipient.purchased.plan.extraMonths).to.eql(0);
+
+          await api.createSubscription(data);
+
+          expect(user.purchased.plan.extraMonths).to.eql(3);
+          expect(recipient.purchased.plan.extraMonths).to.eql(3);
+        });
+
+        it('sends a private message about the promotion', async () => {
+          await api.createSubscription(data);
+          let msg = '\`Hello sender, you received 3 months of subscription as part of our holiday gift-giving promotion!\`';
+
+          expect(user.sendMessage).to.be.calledTwice;
+          expect(user.sendMessage).to.be.calledWith(user, { senderMsg: msg });
+        });
+      });
     });
 
     context('Purchasing a subscription for self', () => {
@@ -446,6 +517,19 @@ describe('payments/index', () => {
         fakeClock.restore();
       });
 
+      it('does not add a notification for mystery items if none was awarded', async () => {
+        const noMysteryItemTimeframe = 1462183920000; // May 2nd 2016
+        let fakeClock = sinon.useFakeTimers(noMysteryItemTimeframe);
+        data = { paymentMethod: 'PaymentMethod', user, sub: { key: 'basic_3mo' } };
+
+        await api.createSubscription(data);
+
+        expect(user.purchased.plan.mysteryItems).to.have.a.lengthOf(0);
+        expect(user.notifications.find(n => n.type === 'NEW_MYSTERY_ITEMS')).to.be.undefined;
+
+        fakeClock.restore();
+      });
+
       it('does not award mystery item when user already owns the item', async () => {
         let mayMysteryItemTimeframe = 1464725113000; // May 31st 2016
         let fakeClock = sinon.useFakeTimers(mayMysteryItemTimeframe);

test/api/unit/libs/payments/paypal/checkout-success.test.js

@@ -13,9 +13,9 @@ describe('checkout success', () => {
     customerId = 'customerId-test';
     paymentId = 'paymentId-test';
 
-    paypalPaymentExecuteStub = sinon.stub(paypalPayments, 'paypalPaymentExecute').returnsPromise().resolves({});
-    paymentBuyGemsStub = sinon.stub(payments, 'buyGems').returnsPromise().resolves({});
-    paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').returnsPromise().resolves({});
+    paypalPaymentExecuteStub = sinon.stub(paypalPayments, 'paypalPaymentExecute').resolves({});
+    paymentBuyGemsStub = sinon.stub(payments, 'buyGems').resolves({});
+    paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').resolves({});
   });
 
   afterEach(() => {

test/api/unit/libs/payments/paypal/checkout.test.js

@@ -15,6 +15,7 @@ describe('checkout', () => {
 
   function getPaypalCreateOptions (description, amount) {
     return {
+      experience_profile_id: 'xp_profile_id',
       intent: 'sale',
       payer: { payment_method: 'Paypal' },
       redirect_urls: {
@@ -42,7 +43,7 @@ describe('checkout', () => {
   beforeEach(() => {
     approvalHerf = 'approval_href';
     paypalPaymentCreateStub = sinon.stub(paypalPayments, 'paypalPaymentCreate')
-      .returnsPromise().resolves({
+      .resolves({
         links: [{ rel: 'approval_url', href: approvalHerf }],
       });
   });
@@ -80,7 +81,7 @@ describe('checkout', () => {
 
   it('should error if the user cannot get gems', async () => {
     let user = new User();
-    sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+    sinon.stub(user, 'canGetGems').resolves(false);
 
     await expect(paypalPayments.checkout({user})).to.eventually.be.rejected.and.to.eql({
       httpCode: 401,

test/api/unit/libs/payments/paypal/ipn.test.js

@@ -34,8 +34,8 @@ describe('ipn', () => {
     group.purchased.plan.lastBillingDate = new Date();
     await group.save();
 
-    ipnVerifyAsyncStub = sinon.stub(paypalPayments, 'ipnVerifyAsync').returnsPromise().resolves({});
-    paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+    ipnVerifyAsyncStub = sinon.stub(paypalPayments, 'ipnVerifyAsync').resolves({});
+    paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').resolves({});
   });
 
   afterEach(function () {

test/api/unit/libs/payments/paypal/subscribe-cancel.test.js

@@ -38,15 +38,15 @@ describe('subscribeCancel', () => {
 
     nextBillingDate = new Date();
 
-    paypalBillingAgreementCancelStub = sinon.stub(paypalPayments, 'paypalBillingAgreementCancel').returnsPromise().resolves({});
+    paypalBillingAgreementCancelStub = sinon.stub(paypalPayments, 'paypalBillingAgreementCancel').resolves({});
     paypalBillingAgreementGetStub = sinon.stub(paypalPayments, 'paypalBillingAgreementGet')
-      .returnsPromise().resolves({
+      .resolves({
         agreement_details: {
           next_billing_date: nextBillingDate,
           cycles_completed: 1,
         },
       });
-    paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+    paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').resolves({});
   });
 
   afterEach(function () {

test/api/unit/libs/payments/paypal/subscribe-success.test.js

@@ -28,10 +28,10 @@ describe('subscribeSuccess', () => {
     customerId = 'test-customerId';
 
     paypalBillingAgreementExecuteStub = sinon.stub(paypalPayments, 'paypalBillingAgreementExecute')
-      .returnsPromise({}).resolves({
+      .resolves({
         id: customerId,
       });
-    paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').returnsPromise().resolves({});
+    paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').resolves({});
   });
 
   afterEach(() => {

test/api/unit/libs/payments/paypal/subscribe.test.js

@@ -18,7 +18,7 @@ describe('subscribe', () => {
     sub = Object.assign({}, common.content.subscriptionBlocks[subKey]);
 
     paypalBillingAgreementCreateStub = sinon.stub(paypalPayments, 'paypalBillingAgreementCreate')
-      .returnsPromise().resolves({
+      .resolves({
         links: [{ rel: 'approval_url', href: approvalHerf }],
       });
   });

test/api/unit/libs/payments/stripe/cancel-subscription.test.js

@@ -82,12 +82,12 @@ describe('cancel subscription', () => {
 
     beforeEach(() => {
       subscriptionId = 'subId';
-      stripeDeleteCustomerStub = sinon.stub(stripe.customers, 'del').returnsPromise().resolves({});
-      paymentsCancelSubStub = sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+      stripeDeleteCustomerStub = sinon.stub(stripe.customers, 'del').resolves({});
+      paymentsCancelSubStub = sinon.stub(payments, 'cancelSubscription').resolves({});
 
       currentPeriodEndTimeStamp = (new Date()).getTime();
       stripeRetrieveStub = sinon.stub(stripe.customers, 'retrieve')
-        .returnsPromise().resolves({
+        .resolves({
           subscriptions: {
             data: [{id: subscriptionId, current_period_end: currentPeriodEndTimeStamp}], // eslint-disable-line camelcase
           },

test/api/unit/libs/payments/stripe/checkout-subscription.test.js

@@ -54,7 +54,7 @@ describe('checkout with subscription', () => {
     token = 'test-token';
 
     spy = sinon.stub(stripe.subscriptions, 'update');
-    spy.returnsPromise().resolves;
+    spy.resolves;
 
     stripeCreateCustomerSpy = sinon.stub(stripe.customers, 'create');
     let stripCustomerResponse = {
@@ -63,10 +63,10 @@ describe('checkout with subscription', () => {
         data: [{id: subscriptionId}],
       },
     };
-    stripeCreateCustomerSpy.returnsPromise().resolves(stripCustomerResponse);
+    stripeCreateCustomerSpy.resolves(stripCustomerResponse);
 
     stripePaymentsCreateSubSpy = sinon.stub(payments, 'createSubscription');
-    stripePaymentsCreateSubSpy.returnsPromise().resolves({});
+    stripePaymentsCreateSubSpy.resolves({});
 
     data.groupId = group._id;
     data.sub.quantity = 3;

test/api/unit/libs/payments/stripe/checkout.test.js

@@ -26,9 +26,9 @@ describe('checkout', () => {
     let stripCustomerResponse = {
       id: customerIdResponse,
     };
-    stripeChargeStub = sinon.stub(stripe.charges, 'create').returnsPromise().resolves(stripCustomerResponse);
-    paymentBuyGemsStub = sinon.stub(payments, 'buyGems').returnsPromise().resolves({});
-    paymentCreateSubscritionStub = sinon.stub(payments, 'createSubscription').returnsPromise().resolves({});
+    stripeChargeStub = sinon.stub(stripe.charges, 'create').resolves(stripCustomerResponse);
+    paymentBuyGemsStub = sinon.stub(payments, 'buyGems').resolves({});
+    paymentCreateSubscritionStub = sinon.stub(payments, 'createSubscription').resolves({});
   });
 
   afterEach(() => {
@@ -82,7 +82,7 @@ describe('checkout', () => {
 
   it('should error if user cannot get gems', async () => {
     gift = undefined;
-    sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+    sinon.stub(user, 'canGetGems').resolves(false);
 
     await expect(stripePayments.checkout({
       token,
@@ -101,7 +101,7 @@ describe('checkout', () => {
 
   it('should purchase gems', async () => {
     gift = undefined;
-    sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
+    sinon.stub(user, 'canGetGems').resolves(true);
 
     await stripePayments.checkout({
       token,

test/api/unit/libs/payments/stripe/edit-subscription.test.js

@@ -98,11 +98,11 @@ describe('edit subscription', () => {
     beforeEach(() => {
       subscriptionId = 'subId';
       stripeListSubscriptionStub = sinon.stub(stripe.customers, 'listSubscriptions')
-        .returnsPromise().resolves({
+        .resolves({
           data: [{id: subscriptionId}],
         });
 
-      stripeUpdateSubscriptionStub = sinon.stub(stripe.customers, 'updateSubscription').returnsPromise().resolves({});
+      stripeUpdateSubscriptionStub = sinon.stub(stripe.customers, 'updateSubscription').resolves({});
     });
 
     afterEach(() => {

test/api/unit/libs/payments/stripe/handle-webhook.test.js

@@ -22,7 +22,7 @@ describe('Stripe - Webhooks', () => {
     const eventRetrieved = {type: eventType};
 
     beforeEach(() => {
-      sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves(eventRetrieved);
+      sinon.stub(stripe.events, 'retrieve').resolves(eventRetrieved);
       sinon.stub(logger, 'error');
     });
 
@@ -52,8 +52,8 @@ describe('Stripe - Webhooks', () => {
     const eventType = 'customer.subscription.deleted';
 
     beforeEach(() => {
-      sinon.stub(stripe.customers, 'del').returnsPromise().resolves({});
-      sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+      sinon.stub(stripe.customers, 'del').resolves({});
+      sinon.stub(payments, 'cancelSubscription').resolves({});
     });
 
     afterEach(() => {
@@ -62,7 +62,7 @@ describe('Stripe - Webhooks', () => {
     });
 
     it('does not do anything if event.request is null (subscription cancelled manually)', async () => {
-      sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+      sinon.stub(stripe.events, 'retrieve').resolves({
         id: 123,
         type: eventType,
         request: 123,
@@ -79,7 +79,7 @@ describe('Stripe - Webhooks', () => {
     describe('user subscription', () => {
       it('throws an error if the user is not found', async () => {
         const customerId = 456;
-        sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+        sinon.stub(stripe.events, 'retrieve').resolves({
           id: 123,
           type: eventType,
           data: {
@@ -113,7 +113,7 @@ describe('Stripe - Webhooks', () => {
         subscriber.purchased.plan.paymentMethod = 'Stripe';
         await subscriber.save();
 
-        sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+        sinon.stub(stripe.events, 'retrieve').resolves({
           id: 123,
           type: eventType,
           data: {
@@ -146,7 +146,7 @@ describe('Stripe - Webhooks', () => {
     describe('group plan subscription', () => {
       it('throws an error if the group is not found', async () => {
         const customerId = 456;
-        sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+        sinon.stub(stripe.events, 'retrieve').resolves({
           id: 123,
           type: eventType,
           data: {
@@ -185,7 +185,7 @@ describe('Stripe - Webhooks', () => {
         subscriber.purchased.plan.paymentMethod = 'Stripe';
         await subscriber.save();
 
-        sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+        sinon.stub(stripe.events, 'retrieve').resolves({
           id: 123,
           type: eventType,
           data: {
@@ -227,7 +227,7 @@ describe('Stripe - Webhooks', () => {
         subscriber.purchased.plan.paymentMethod = 'Stripe';
         await subscriber.save();
 
-        sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+        sinon.stub(stripe.events, 'retrieve').resolves({
           id: 123,
           type: eventType,
           data: {

test/api/unit/libs/payments/stripe/upgrade-group-plan.test.js

@@ -38,7 +38,7 @@ describe('Stripe - Upgrade Group Plan', () => {
     await group.save();
 
     spy = sinon.stub(stripe.subscriptions, 'update');
-    spy.returnsPromise().resolves([]);
+    spy.resolves([]);
     data.groupId = group._id;
     data.sub.quantity = 3;
     stripePayments.setStripeApi(stripe);

test/api/unit/libs/slack.js

@@ -110,7 +110,7 @@ describe('slack', () => {
     });
 
     it('noops if no flagging url is provided', () => {
-      sandbox.stub(nconf, 'get').withArgs('SLACK:FLAGGING_URL').returns('');
+      sandbox.stub(nconf, 'get').withArgs('SLACK_FLAGGING_URL').returns('');
       sandbox.stub(logger, 'error');
       let reRequiredSlack = requireAgain('../../../../website/server/libs/slack');
 

test/api/unit/models/group.test.js

@@ -477,7 +477,7 @@ describe('Group Model', () => {
           party.quest.active = false;
 
           await party.startQuest(questLeader);
-          Group.prototype.sendChat.reset();
+          Group.prototype.sendChat.resetHistory();
           await party.save();
 
           await Group.processQuestProgress(participatingMember, progress);
@@ -496,7 +496,7 @@ describe('Group Model', () => {
           party.quest.active = false;
 
           await party.startQuest(questLeader);
-          Group.prototype.sendChat.reset();
+          Group.prototype.sendChat.resetHistory();
           await party.save();
 
           await Group.processQuestProgress(participatingMember, progress);
@@ -569,7 +569,7 @@ describe('Group Model', () => {
       });
 
       it('throws an error if no uuids or emails are passed in', async () => {
-        await expect(Group.validateInvitations(null, null, res)).to.eventually.be.rejected.and.eql({
+        await expect(Group.validateInvitations({}, res)).to.eventually.be.rejected.and.eql({
           httpCode: 400,
           message: 'Bad request.',
           name: 'BadRequest',
@@ -579,7 +579,7 @@ describe('Group Model', () => {
       });
 
       it('throws an error if only uuids are passed in, but they are not an array', async () => {
-        await expect(Group.validateInvitations({ uuid: 'user-id'}, null, res)).to.eventually.be.rejected.and.eql({
+        await expect(Group.validateInvitations({ uuids: 'user-id'}, res)).to.eventually.be.rejected.and.eql({
           httpCode: 400,
           message: 'Bad request.',
           name: 'BadRequest',
@@ -589,7 +589,7 @@ describe('Group Model', () => {
       });
 
       it('throws an error if only emails are passed in, but they are not an array', async () => {
-        await expect(Group.validateInvitations(null, { emails: 'user@example.com'}, res)).to.eventually.be.rejected.and.eql({
+        await expect(Group.validateInvitations({emails: 'user@example.com'}, res)).to.eventually.be.rejected.and.eql({
           httpCode: 400,
           message: 'Bad request.',
           name: 'BadRequest',
@@ -599,27 +599,27 @@ describe('Group Model', () => {
       });
 
       it('throws an error if emails are not passed in, and uuid array is empty', async () => {
-        await expect(Group.validateInvitations([], null, res)).to.eventually.be.rejected.and.eql({
+        await expect(Group.validateInvitations({uuids: []},  res)).to.eventually.be.rejected.and.eql({
           httpCode: 400,
           message: 'Bad request.',
           name: 'BadRequest',
         });
         expect(res.t).to.be.calledOnce;
-        expect(res.t).to.be.calledWith('inviteMissingUuid');
+        expect(res.t).to.be.calledWith('inviteMustNotBeEmpty');
       });
 
       it('throws an error if uuids are not passed in, and email array is empty', async () => {
-        await expect(Group.validateInvitations(null, [], res)).to.eventually.be.rejected.and.eql({
+        await expect(Group.validateInvitations({emails: []},  res)).to.eventually.be.rejected.and.eql({
           httpCode: 400,
           message: 'Bad request.',
           name: 'BadRequest',
         });
         expect(res.t).to.be.calledOnce;
-        expect(res.t).to.be.calledWith('inviteMissingEmail');
+        expect(res.t).to.be.calledWith('inviteMustNotBeEmpty');
       });
 
       it('throws an error if uuids and emails are passed in as empty arrays', async () => {
-        await expect(Group.validateInvitations([], [], res)).to.eventually.be.rejected.and.eql({
+        await expect(Group.validateInvitations({emails: [], uuids: []}, res)).to.eventually.be.rejected.and.eql({
           httpCode: 400,
           message: 'Bad request.',
           name: 'BadRequest',
@@ -639,7 +639,7 @@ describe('Group Model', () => {
 
         uuids.push('one-more-uuid'); // to put it over the limit
 
-        await expect(Group.validateInvitations(uuids, emails, res)).to.eventually.be.rejected.and.eql({
+        await expect(Group.validateInvitations({uuids, emails}, res)).to.eventually.be.rejected.and.eql({
           httpCode: 400,
           message: 'Bad request.',
           name: 'BadRequest',
@@ -657,33 +657,33 @@ describe('Group Model', () => {
           emails.push(`user-${i}@example.com`);
         }
 
-        await Group.validateInvitations(uuids, emails, res);
+        await Group.validateInvitations({uuids, emails}, res);
         expect(res.t).to.not.be.called;
       });
 
 
       it('does not throw an error if only user ids are passed in', async () => {
-        await Group.validateInvitations(['user-id', 'user-id2'], null, res);
+        await Group.validateInvitations({uuids: ['user-id', 'user-id2']}, res);
         expect(res.t).to.not.be.called;
       });
 
       it('does not throw an error if only emails are passed in', async () => {
-        await Group.validateInvitations(null, ['user1@example.com', 'user2@example.com'], res);
+        await Group.validateInvitations({emails: ['user1@example.com', 'user2@example.com']}, res);
         expect(res.t).to.not.be.called;
       });
 
       it('does not throw an error if both uuids and emails are passed in', async () => {
-        await Group.validateInvitations(['user-id', 'user-id2'], ['user1@example.com', 'user2@example.com'], res);
+        await Group.validateInvitations({uuids: ['user-id', 'user-id2'], emails: ['user1@example.com', 'user2@example.com']}, res);
         expect(res.t).to.not.be.called;
       });
 
       it('does not throw an error if uuids are passed in and emails are an empty array', async () => {
-        await Group.validateInvitations(['user-id', 'user-id2'], [], res);
+        await Group.validateInvitations({uuids: ['user-id', 'user-id2'], emails: []}, res);
         expect(res.t).to.not.be.called;
       });
 
       it('does not throw an error if emails are passed in and uuids are an empty array', async () => {
-        await Group.validateInvitations([], ['user1@example.com', 'user2@example.com'], res);
+        await Group.validateInvitations({uuids: [], emails: ['user1@example.com', 'user2@example.com']}, res);
         expect(res.t).to.not.be.called;
       });
     });
@@ -1843,6 +1843,62 @@ describe('Group Model', () => {
         expect(options.chat).to.eql(chat);
       });
 
+      it('sends webhooks for users with webhooks triggered by system messages', async () => {
+        let guild = new Group({
+          name: 'some guild',
+          type: 'guild',
+        });
+
+        let memberWithWebhook = new User({
+          guilds: [guild._id],
+          webhooks: [{
+            type: 'groupChatReceived',
+            url: 'http://someurl.com',
+            options: {
+              groupId: guild._id,
+            },
+          }],
+        });
+        let memberWithoutWebhook = new User({
+          guilds: [guild._id],
+        });
+        let nonMemberWithWebhooks = new User({
+          webhooks: [{
+            type: 'groupChatReceived',
+            url: 'http://a-different-url.com',
+            options: {
+              groupId: generateUUID(),
+            },
+          }],
+        });
+
+        await Promise.all([
+          memberWithWebhook.save(),
+          memberWithoutWebhook.save(),
+          nonMemberWithWebhooks.save(),
+        ]);
+
+        guild.leader = memberWithWebhook._id;
+
+        await guild.save();
+
+        const groupMessage = guild.sendChat('Test message.');
+        await groupMessage.save();
+
+        await sleep();
+
+        expect(groupChatReceivedWebhook.send).to.be.calledOnce;
+
+        let args = groupChatReceivedWebhook.send.args[0];
+        let webhooks = args[0].webhooks;
+        let options = args[1];
+
+        expect(webhooks).to.have.a.lengthOf(1);
+        expect(webhooks[0].id).to.eql(memberWithWebhook.webhooks[0].id);
+        expect(options.group).to.eql(guild);
+        expect(options.chat).to.eql(groupMessage);
+      });
+
       it('sends webhooks for each user with webhooks in group', async () => {
         let guild = new Group({
           name: 'some guild',
@@ -1932,28 +1988,54 @@ describe('Group Model', () => {
 
     context('hasNotCancelled', () => {
       it('returns false if group does not have customer id', () => {
-        expect(party.hasNotCancelled()).to.be.undefined;
+        expect(party.hasNotCancelled()).to.be.false;
       });
 
-      it('returns true if party does not have plan.dateTerminated', () => {
+      it('returns true if group does not have plan.dateTerminated', () => {
         party.purchased.plan.customerId = 'test-id';
 
         expect(party.hasNotCancelled()).to.be.true;
       });
 
-      it('returns false if party if plan.dateTerminated is after today', () => {
+      it('returns false if group if plan.dateTerminated is after today', () => {
         party.purchased.plan.customerId = 'test-id';
         party.purchased.plan.dateTerminated = moment().add(1, 'days').toDate();
 
         expect(party.hasNotCancelled()).to.be.false;
       });
 
-      it('returns false if party if plan.dateTerminated is before today', () => {
+      it('returns false if group if plan.dateTerminated is before today', () => {
         party.purchased.plan.customerId = 'test-id';
         party.purchased.plan.dateTerminated = moment().subtract(1, 'days').toDate();
 
         expect(party.hasNotCancelled()).to.be.false;
       });
     });
+
+    context('hasCancelled', () => {
+      it('returns false if group does not have customer id', () => {
+        expect(party.hasCancelled()).to.be.false;
+      });
+
+      it('returns false if group does not have plan.dateTerminated', () => {
+        party.purchased.plan.customerId = 'test-id';
+
+        expect(party.hasCancelled()).to.be.false;
+      });
+
+      it('returns true if group if plan.dateTerminated is after today', () => {
+        party.purchased.plan.customerId = 'test-id';
+        party.purchased.plan.dateTerminated = moment().add(1, 'days').toDate();
+
+        expect(party.hasCancelled()).to.be.true;
+      });
+
+      it('returns false if group if plan.dateTerminated is before today', () => {
+        party.purchased.plan.customerId = 'test-id';
+        party.purchased.plan.dateTerminated = moment().subtract(1, 'days').toDate();
+
+        expect(party.hasCancelled()).to.be.false;
+      });
+    });
   });
 });

test/api/unit/models/user.test.js

@@ -315,9 +315,8 @@ describe('User Model', () => {
       user = new User();
     });
 
-
     it('returns false if user does not have customer id', () => {
-      expect(user.hasNotCancelled()).to.be.undefined;
+      expect(user.hasNotCancelled()).to.be.false;
     });
 
     it('returns true if user does not have plan.dateTerminated', () => {
@@ -341,6 +340,38 @@ describe('User Model', () => {
     });
   });
 
+
+  context('hasCancelled', () => {
+    let user;
+    beforeEach(() => {
+      user = new User();
+    });
+
+    it('returns false if user does not have customer id', () => {
+      expect(user.hasCancelled()).to.be.false;
+    });
+
+    it('returns false if user does not have plan.dateTerminated', () => {
+      user.purchased.plan.customerId = 'test-id';
+
+      expect(user.hasCancelled()).to.be.false;
+    });
+
+    it('returns true if user if plan.dateTerminated is after today', () => {
+      user.purchased.plan.customerId = 'test-id';
+      user.purchased.plan.dateTerminated = moment().add(1, 'days').toDate();
+
+      expect(user.hasCancelled()).to.be.true;
+    });
+
+    it('returns false if user if plan.dateTerminated is before today', () => {
+      user.purchased.plan.customerId = 'test-id';
+      user.purchased.plan.dateTerminated = moment().subtract(1, 'days').toDate();
+
+      expect(user.hasCancelled()).to.be.false;
+    });
+  });
+
   context('pre-save hook', () => {
     it('does not try to award achievements when achievements or items not selected in query', async () => {
       let user = new User();

test/api/v3/integration/challenges/GET-challenges_challengeId.test.js

@@ -47,6 +47,14 @@ describe('GET /challenges/:challengeId', () => {
         _id: groupLeader._id,
         id: groupLeader._id,
         profile: {name: groupLeader.profile.name},
+        auth: {
+          local: {
+            username: groupLeader.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
       expect(chal.group).to.eql({
         _id: group._id,
@@ -105,6 +113,14 @@ describe('GET /challenges/:challengeId', () => {
         _id: challengeLeader._id,
         id: challengeLeader._id,
         profile: {name: challengeLeader.profile.name},
+        auth: {
+          local: {
+            username: challengeLeader.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
       expect(chal.group).to.eql({
         _id: group._id,
@@ -131,6 +147,14 @@ describe('GET /challenges/:challengeId', () => {
         _id: challengeLeader._id,
         id: challengeLeader._id,
         profile: {name: challengeLeader.profile.name},
+        auth: {
+          local: {
+            username: challengeLeader.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
     });
   });
@@ -179,6 +203,14 @@ describe('GET /challenges/:challengeId', () => {
         _id: challengeLeader._id,
         id: challengeLeader._id,
         profile: {name: challengeLeader.profile.name},
+        auth: {
+          local: {
+            username: challengeLeader.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
       expect(chal.group).to.eql({
         _id: group._id,
@@ -205,6 +237,14 @@ describe('GET /challenges/:challengeId', () => {
         _id: challengeLeader._id,
         id: challengeLeader._id,
         profile: {name: challengeLeader.profile.name},
+        auth: {
+          local: {
+            username: challengeLeader.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
     });
   });

test/api/v3/integration/challenges/GET-challenges_challengeId_members.test.js

@@ -60,6 +60,14 @@ describe('GET /challenges/:challengeId/members', () => {
       _id: groupLeader._id,
       id: groupLeader._id,
       profile: {name: groupLeader.profile.name},
+      auth: {
+        local: {
+          username: groupLeader.auth.local.username,
+        },
+      },
+      flags: {
+        verifiedUsername: true,
+      },
     });
   });
 
@@ -73,8 +81,16 @@ describe('GET /challenges/:challengeId/members', () => {
       _id: leader._id,
       id: leader._id,
       profile: {name: leader.profile.name},
+      auth: {
+        local: {
+          username: leader.auth.local.username,
+        },
+      },
+      flags: {
+        verifiedUsername: true,
+      },
     });
-    expect(res[0]).to.have.all.keys(['_id', 'id', 'profile']);
+    expect(res[0]).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
     expect(res[0].profile).to.have.all.keys(['name']);
   });
 
@@ -88,8 +104,16 @@ describe('GET /challenges/:challengeId/members', () => {
       _id: anotherUser._id,
       id: anotherUser._id,
       profile: {name: anotherUser.profile.name},
+      auth: {
+        local: {
+          username: anotherUser.auth.local.username,
+        },
+      },
+      flags: {
+        verifiedUsername: true,
+      },
     });
-    expect(res[0]).to.have.all.keys(['_id', 'id', 'profile']);
+    expect(res[0]).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
     expect(res[0].profile).to.have.all.keys(['name']);
   });
 
@@ -107,7 +131,7 @@ describe('GET /challenges/:challengeId/members', () => {
     let res = await user.get(`/challenges/${challenge._id}/members?includeAllMembers=not-true`);
     expect(res.length).to.equal(30);
     res.forEach(member => {
-      expect(member).to.have.all.keys(['_id', 'id', 'profile']);
+      expect(member).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
       expect(member.profile).to.have.all.keys(['name']);
     });
   });
@@ -126,7 +150,7 @@ describe('GET /challenges/:challengeId/members', () => {
     let res = await user.get(`/challenges/${challenge._id}/members`);
     expect(res.length).to.equal(30);
     res.forEach(member => {
-      expect(member).to.have.all.keys(['_id', 'id', 'profile']);
+      expect(member).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
       expect(member.profile).to.have.all.keys(['name']);
     });
   });
@@ -145,7 +169,7 @@ describe('GET /challenges/:challengeId/members', () => {
     let res = await user.get(`/challenges/${challenge._id}/members?includeAllMembers=true`);
     expect(res.length).to.equal(32);
     res.forEach(member => {
-      expect(member).to.have.all.keys(['_id', 'id', 'profile']);
+      expect(member).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
       expect(member.profile).to.have.all.keys(['name']);
     });
   });

test/api/v3/integration/challenges/GET-challenges_challengeId_members_memberId.test.js

@@ -81,7 +81,7 @@ describe('GET /challenges/:challengeId/members/:memberId', () => {
     await groupLeader.post(`/tasks/challenge/${challenge._id}`, [{type: 'habit', text: taskText}]);
 
     let memberProgress = await user.get(`/challenges/${challenge._id}/members/${groupLeader._id}`);
-    expect(memberProgress).to.have.all.keys(['_id', 'id', 'profile', 'tasks']);
+    expect(memberProgress).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile', 'tasks']);
     expect(memberProgress.profile).to.have.all.keys(['name']);
     expect(memberProgress.tasks.length).to.equal(1);
   });

test/api/v3/integration/challenges/GET-challenges_group_groupid.test.js

@@ -39,6 +39,14 @@ describe('GET challenges/groups/:groupId', () => {
         _id: publicGuild.leader._id,
         id: publicGuild.leader._id,
         profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
       let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
       expect(foundChallenge2).to.exist;
@@ -46,6 +54,14 @@ describe('GET challenges/groups/:groupId', () => {
         _id: publicGuild.leader._id,
         id: publicGuild.leader._id,
         profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
     });
 
@@ -58,6 +74,14 @@ describe('GET challenges/groups/:groupId', () => {
         _id: publicGuild.leader._id,
         id: publicGuild.leader._id,
         profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
       let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
       expect(foundChallenge2).to.exist;
@@ -65,6 +89,14 @@ describe('GET challenges/groups/:groupId', () => {
         _id: publicGuild.leader._id,
         id: publicGuild.leader._id,
         profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
     });
 
@@ -125,6 +157,14 @@ describe('GET challenges/groups/:groupId', () => {
         _id: privateGuild.leader._id,
         id: privateGuild.leader._id,
         profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
       let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
       expect(foundChallenge2).to.exist;
@@ -132,6 +172,14 @@ describe('GET challenges/groups/:groupId', () => {
         _id: privateGuild.leader._id,
         id: privateGuild.leader._id,
         profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
     });
   });
@@ -235,6 +283,14 @@ describe('GET challenges/groups/:groupId', () => {
         _id: party.leader._id,
         id: party.leader._id,
         profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
       let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
       expect(foundChallenge2).to.exist;
@@ -242,6 +298,14 @@ describe('GET challenges/groups/:groupId', () => {
         _id: party.leader._id,
         id: party.leader._id,
         profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
     });
 
@@ -254,6 +318,14 @@ describe('GET challenges/groups/:groupId', () => {
         _id: party.leader._id,
         id: party.leader._id,
         profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
       let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
       expect(foundChallenge2).to.exist;
@@ -261,6 +333,14 @@ describe('GET challenges/groups/:groupId', () => {
         _id: party.leader._id,
         id: party.leader._id,
         profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
     });
   });
@@ -288,6 +368,14 @@ describe('GET challenges/groups/:groupId', () => {
         _id: user._id,
         id: user._id,
         profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
       let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
       expect(foundChallenge2).to.exist;
@@ -295,6 +383,14 @@ describe('GET challenges/groups/:groupId', () => {
         _id: user._id,
         id: user._id,
         profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
     });
 
@@ -307,6 +403,14 @@ describe('GET challenges/groups/:groupId', () => {
         _id: user._id,
         id: user._id,
         profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
       let foundChallenge2 = _.find(challenges, { _id: challenge2._id });
       expect(foundChallenge2).to.exist;
@@ -314,6 +418,14 @@ describe('GET challenges/groups/:groupId', () => {
         _id: user._id,
         id: user._id,
         profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
     });
   });

test/api/v3/integration/challenges/GET-challenges_user.test.js

@@ -40,6 +40,14 @@ describe('GET challenges/user', () => {
         _id: publicGuild.leader._id,
         id: publicGuild.leader._id,
         profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
       expect(foundChallenge.group).to.eql({
         _id: publicGuild._id,
@@ -62,6 +70,14 @@ describe('GET challenges/user', () => {
         _id: publicGuild.leader._id,
         id: publicGuild.leader._id,
         profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
       expect(foundChallenge1.group).to.eql({
         _id: publicGuild._id,
@@ -79,6 +95,14 @@ describe('GET challenges/user', () => {
         _id: publicGuild.leader._id,
         id: publicGuild.leader._id,
         profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
       expect(foundChallenge2.group).to.eql({
         _id: publicGuild._id,
@@ -101,6 +125,14 @@ describe('GET challenges/user', () => {
         _id: publicGuild.leader._id,
         id: publicGuild.leader._id,
         profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
       expect(foundChallenge1.group).to.eql({
         _id: publicGuild._id,
@@ -118,6 +150,14 @@ describe('GET challenges/user', () => {
         _id: publicGuild.leader._id,
         id: publicGuild.leader._id,
         profile: {name: user.profile.name},
+        auth: {
+          local: {
+            username: user.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
       expect(foundChallenge2.group).to.eql({
         _id: publicGuild._id,

test/api/v3/integration/challenges/POST-challenges_challengeId_join.test.js

@@ -79,6 +79,14 @@ describe('POST /challenges/:challengeId/join', () => {
         _id: groupLeader._id,
         id: groupLeader._id,
         profile: {name: groupLeader.profile.name},
+        auth: {
+          local: {
+            username: groupLeader.auth.local.username,
+          },
+        },
+        flags: {
+          verifiedUsername: true,
+        },
       });
       expect(res.name).to.equal(challenge.name);
     });

test/api/v3/integration/challenges/PUT-challenges_challengeId.test.js

@@ -79,6 +79,14 @@ describe('PUT /challenges/:challengeId', () => {
       _id: member._id,
       id: member._id,
       profile: {name: member.profile.name},
+      auth: {
+        local: {
+          username: member.auth.local.username,
+        },
+      },
+      flags: {
+        verifiedUsername: true,
+      },
     });
     expect(res.name).to.equal('New Challenge Name');
     expect(res.description).to.equal('New challenge description.');

test/api/v3/integration/chat/POST-groups_id_chat_id_clear_flags.test.js

@@ -106,7 +106,7 @@ describe('POST /groups/:id/chat/:id/clearflags', () => {
         .to.eventually.be.rejected.and.eql({
           code: 400,
           error: 'BadRequest',
-          message: t('messageCannotFlagSystemMessages', {communityManagerEmail: config.EMAILS.COMMUNITY_MANAGER_EMAIL}),
+          message: t('messageCannotFlagSystemMessages', {communityManagerEmail: config.EMAILS_COMMUNITY_MANAGER_EMAIL}),
         });
       // let messages = await members[0].get(`/groups/${group._id}/chat`);
       // expect(messages[0].id).to.eql(skillMsg.id);

test/api/v3/integration/groups/GET-groups.test.js

@@ -203,7 +203,7 @@ describe('GET /groups', () => {
       let page2 = await expect(user.get('/groups?type=publicGuilds&paginate=true&page=2'))
         .to.eventually.have.a.lengthOf(1 + 4); // 1 created now, 4 by other tests
       expect(page2[4].name).to.equal('guild with less members');
-    });
+    }).timeout(10000);
   });
 
   it('returns all the user\'s guilds when guilds passed in as query', async () => {

test/api/v3/integration/groups/GET-groups_groupId_invites.test.js

@@ -50,6 +50,14 @@ describe('GET /groups/:groupId/invites', () => {
       _id: invited._id,
       id: invited._id,
       profile: {name: invited.profile.name},
+      auth: {
+        local: {
+          username: invited.auth.local.username,
+        },
+      },
+      flags: {
+        verifiedUsername: true,
+      },
     });
   });
 
@@ -58,7 +66,7 @@ describe('GET /groups/:groupId/invites', () => {
     let invited = await generateUser();
     await user.post(`/groups/${group._id}/invite`, {uuids: [invited._id]});
     let res = await user.get('/groups/party/invites');
-    expect(res[0]).to.have.all.keys(['_id', 'id', 'profile']);
+    expect(res[0]).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
     expect(res[0].profile).to.have.all.keys(['name']);
   });
 
@@ -76,10 +84,10 @@ describe('GET /groups/:groupId/invites', () => {
     let res = await leader.get(`/groups/${group._id}/invites`);
     expect(res.length).to.equal(30);
     res.forEach(member => {
-      expect(member).to.have.all.keys(['_id', 'id', 'profile']);
+      expect(member).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
       expect(member.profile).to.have.all.keys(['name']);
     });
-  });
+  }).timeout(10000);
 
   it('supports using req.query.lastId to get more invites', async function () {
     this.timeout(30000); // @TODO: times out after 8 seconds

test/api/v3/integration/groups/GET-groups_groupId_members.test.js

@@ -56,13 +56,21 @@ describe('GET /groups/:groupId/members', () => {
       _id: user._id,
       id: user._id,
       profile: {name: user.profile.name},
+      auth: {
+        local: {
+          username: user.auth.local.username,
+        },
+      },
+      flags: {
+        verifiedUsername: true,
+      },
     });
   });
 
   it('populates only some fields', async () => {
     await generateGroup(user, {type: 'party', name: generateUUID()});
     let res = await user.get('/groups/party/members');
-    expect(res[0]).to.have.all.keys(['_id', 'id', 'profile']);
+    expect(res[0]).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
     expect(res[0].profile).to.have.all.keys(['name']);
   });
 
@@ -74,7 +82,7 @@ describe('GET /groups/:groupId/members', () => {
       '_id', 'id', 'preferences', 'profile', 'stats', 'achievements', 'party',
       'backer', 'contributor', 'auth', 'items', 'inbox', 'loginIncentives', 'flags',
     ]);
-    expect(Object.keys(memberRes.auth)).to.eql(['timestamps']);
+    expect(Object.keys(memberRes.auth)).to.eql(['local', 'timestamps']);
     expect(Object.keys(memberRes.preferences).sort()).to.eql([
       'size', 'hair', 'skin', 'shirt',
       'chair', 'costume', 'sleep', 'background', 'tasks', 'disableClasses',
@@ -95,7 +103,7 @@ describe('GET /groups/:groupId/members', () => {
       '_id', 'id', 'preferences', 'profile', 'stats', 'achievements', 'party',
       'backer', 'contributor', 'auth', 'items', 'inbox', 'loginIncentives', 'flags',
     ]);
-    expect(Object.keys(memberRes.auth)).to.eql(['timestamps']);
+    expect(Object.keys(memberRes.auth)).to.eql(['local', 'timestamps']);
     expect(Object.keys(memberRes.preferences).sort()).to.eql([
       'size', 'hair', 'skin', 'shirt',
       'chair', 'costume', 'sleep', 'background', 'tasks', 'disableClasses',
@@ -120,7 +128,7 @@ describe('GET /groups/:groupId/members', () => {
     let res = await user.get('/groups/party/members');
     expect(res.length).to.equal(30);
     res.forEach(member => {
-      expect(member).to.have.all.keys(['_id', 'id', 'profile']);
+      expect(member).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
       expect(member.profile).to.have.all.keys(['name']);
     });
   });
@@ -137,7 +145,7 @@ describe('GET /groups/:groupId/members', () => {
     let res = await user.get('/groups/party/members?includeAllMembers=true');
     expect(res.length).to.equal(30);
     res.forEach(member => {
-      expect(member).to.have.all.keys(['_id', 'id', 'profile']);
+      expect(member).to.have.all.keys(['_id', 'auth', 'flags', 'id', 'profile']);
       expect(member.profile).to.have.all.keys(['name']);
     });
   });

test/api/v3/integration/groups/POST-groups_invite.test.js

@@ -23,6 +23,73 @@ describe('Post /groups/:groupId/invite', () => {
     });
   });
 
+  describe('username invites', () => {
+    it('returns an error when invited user is not found', async () => {
+      const fakeID = 'fakeuserid';
+
+      await expect(inviter.post(`/groups/${group._id}/invite`, {
+        usernames: [fakeID],
+      }))
+        .to.eventually.be.rejected.and.eql({
+          code: 404,
+          error: 'NotFound',
+          message: t('userWithUsernameNotFound', {username: fakeID}),
+        });
+    });
+
+    it('returns an error when inviting yourself to a group', async () => {
+      await expect(inviter.post(`/groups/${group._id}/invite`, {
+        usernames: [inviter.auth.local.lowerCaseUsername],
+      }))
+        .to.eventually.be.rejected.and.eql({
+          code: 400,
+          error: 'BadRequest',
+          message: t('cannotInviteSelfToGroup'),
+        });
+    });
+
+    it('invites a user to a group by username', async () => {
+      const userToInvite = await generateUser();
+
+      await expect(inviter.post(`/groups/${group._id}/invite`, {
+        usernames: [userToInvite.auth.local.lowerCaseUsername],
+      })).to.eventually.deep.equal([{
+        id: group._id,
+        name: groupName,
+        inviter: inviter._id,
+        publicGuild: false,
+      }]);
+
+      await expect(userToInvite.get('/user'))
+        .to.eventually.have.nested.property('invitations.guilds[0].id', group._id);
+    });
+
+    it('invites multiple users to a group by uuid', async () => {
+      const userToInvite = await generateUser();
+      const userToInvite2 = await generateUser();
+
+      await expect(inviter.post(`/groups/${group._id}/invite`, {
+        usernames: [userToInvite.auth.local.lowerCaseUsername, userToInvite2.auth.local.lowerCaseUsername],
+      })).to.eventually.deep.equal([
+        {
+          id: group._id,
+          name: groupName,
+          inviter: inviter._id,
+          publicGuild: false,
+        },
+        {
+          id: group._id,
+          name: groupName,
+          inviter: inviter._id,
+          publicGuild: false,
+        },
+      ]);
+
+      await expect(userToInvite.get('/user')).to.eventually.have.nested.property('invitations.guilds[0].id', group._id);
+      await expect(userToInvite2.get('/user')).to.eventually.have.nested.property('invitations.guilds[0].id', group._id);
+    });
+  });
+
   describe('user id invites', () => {
     it('returns an error when inviter has no chat privileges', async () => {
       let inviterMuted = await inviter.update({'flags.chatRevoked': true});
@@ -93,7 +160,7 @@ describe('Post /groups/:groupId/invite', () => {
         .to.eventually.be.rejected.and.eql({
           code: 400,
           error: 'BadRequest',
-          message: t('inviteMissingUuid'),
+          message: t('inviteMustNotBeEmpty'),
         });
     });
 
@@ -228,7 +295,7 @@ describe('Post /groups/:groupId/invite', () => {
         .to.eventually.be.rejected.and.eql({
           code: 400,
           error: 'BadRequest',
-          message: t('inviteMissingEmail'),
+          message: t('inviteMustNotBeEmpty'),
         });
     });
 
@@ -266,7 +333,7 @@ describe('Post /groups/:groupId/invite', () => {
         .to.eventually.be.rejected.and.eql({
           code: 401,
           error: 'NotAuthorized',
-          message: t('inviteLimitReached', {techAssistanceEmail: nconf.get('EMAILS:TECH_ASSISTANCE_EMAIL')}),
+          message: t('inviteLimitReached', {techAssistanceEmail: nconf.get('EMAILS_TECH_ASSISTANCE_EMAIL')}),
         });
     });
 
@@ -417,7 +484,7 @@ describe('Post /groups/:groupId/invite', () => {
       expect(await inviter.post(`/groups/${group._id}/invite`, {
         uuids: generatedInvites.map(invite => invite._id),
       })).to.be.an('array');
-    });
+    }).timeout(10000);
 
     // @TODO: Add this after we are able to mock the group plan route
     xit('returns an error when a non-leader invites to a group plan', async () => {
@@ -564,7 +631,7 @@ describe('Post /groups/:groupId/invite', () => {
       expect(await inviter.post(`/groups/${party._id}/invite`, {
         uuids: generatedInvites.map(invite => invite._id),
       })).to.be.an('array');
-    });
+    }).timeout(10000);
 
     it('does not allow 30+ members in a party', async () => {
       let invitesToGenerate = [];
@@ -582,6 +649,6 @@ describe('Post /groups/:groupId/invite', () => {
           error: 'BadRequest',
           message: t('partyExceedsMembersLimit', {maxMembersParty: PARTY_LIMIT_MEMBERS}),
         });
-    });
+    }).timeout(10000);
   });
 });

test/api/v3/integration/hall/GET-hall_patrons.test.js

@@ -56,5 +56,5 @@ describe('GET /hall/patrons', () => {
     expect(morePatrons.length).to.equal(2);
     expect(morePatrons[0].backer.tier).to.equal(2);
     expect(morePatrons[1].backer.tier).to.equal(1);
-  });
+  }).timeout(10000);
 });

test/api/v3/integration/members/GET-members_id.test.js

@@ -34,7 +34,7 @@ describe('GET /members/:memberId', () => {
       '_id', 'id', 'preferences', 'profile', 'stats', 'achievements', 'party',
       'backer', 'contributor', 'auth', 'items', 'inbox', 'loginIncentives', 'flags',
     ]);
-    expect(Object.keys(memberRes.auth)).to.eql(['timestamps']);
+    expect(Object.keys(memberRes.auth)).to.eql(['local', 'timestamps']);
     expect(Object.keys(memberRes.preferences).sort()).to.eql([
       'size', 'hair', 'skin', 'shirt',
       'chair', 'costume', 'sleep', 'background', 'tasks', 'disableClasses',

test/api/v3/integration/payments/amazon/GET-payments_amazon_subscribe_cancel.test.js

@@ -23,7 +23,7 @@ describe('payments : amazon #subscribeCancel', () => {
 
   describe('success', () => {
     beforeEach(() => {
-      amazonSubscribeCancelStub = sinon.stub(amzLib, 'cancelSubscription').returnsPromise().resolves({});
+      amazonSubscribeCancelStub = sinon.stub(amzLib, 'cancelSubscription').resolves({});
     });
 
     afterEach(() => {

test/api/v3/integration/payments/amazon/POST-payments_amazon_checkout.test.js

@@ -21,7 +21,7 @@ describe('payments - amazon - #checkout', () => {
 
   describe('success', () => {
     beforeEach(async () => {
-      amazonCheckoutStub = sinon.stub(amzLib, 'checkout').returnsPromise().resolves({});
+      amazonCheckoutStub = sinon.stub(amzLib, 'checkout').resolves({});
     });
 
     afterEach(() => {

test/api/v3/integration/payments/amazon/POST-payments_amazon_subscribe.test.js

@@ -27,7 +27,7 @@ describe('payments - amazon - #subscribe', () => {
     let coupon;
 
     beforeEach(() => {
-      subscribeWithAmazonStub = sinon.stub(amzLib, 'subscribe').returnsPromise().resolves({});
+      subscribeWithAmazonStub = sinon.stub(amzLib, 'subscribe').resolves({});
     });
 
     afterEach(() => {

test/api/v3/integration/payments/apple/GET-payments_apple_cancelSubscribe.js

@@ -13,7 +13,7 @@ describe('payments : apple #cancelSubscribe', () => {
     let cancelStub;
 
     beforeEach(async () => {
-      cancelStub = sinon.stub(applePayments, 'cancelSubscribe').returnsPromise().resolves({});
+      cancelStub = sinon.stub(applePayments, 'cancelSubscribe').resolves({});
     });
 
     afterEach(() => {

test/api/v3/integration/payments/apple/POST-payments_apple_verifyiap.js

@@ -13,7 +13,7 @@ describe('payments : apple #verify', () => {
     let verifyStub;
 
     beforeEach(async () => {
-      verifyStub = sinon.stub(applePayments, 'verifyGemPurchase').returnsPromise().resolves({});
+      verifyStub = sinon.stub(applePayments, 'verifyGemPurchase').resolves({});
     });
 
     afterEach(() => {

test/api/v3/integration/payments/apple/POST-payments_google_subscribe.test.js

@@ -21,7 +21,7 @@ describe('payments : apple #subscribe', () => {
     let subscribeStub;
 
     beforeEach(async () => {
-      subscribeStub = sinon.stub(applePayments, 'subscribe').returnsPromise().resolves({});
+      subscribeStub = sinon.stub(applePayments, 'subscribe').resolves({});
     });
 
     afterEach(() => {

test/api/v3/integration/payments/google/GET-payments_google_cancelSubscribe.js

@@ -13,7 +13,7 @@ describe('payments : google #cancelSubscribe', () => {
     let cancelStub;
 
     beforeEach(async () => {
-      cancelStub = sinon.stub(googlePayments, 'cancelSubscribe').returnsPromise().resolves({});
+      cancelStub = sinon.stub(googlePayments, 'cancelSubscribe').resolves({});
     });
 
     afterEach(() => {

test/api/v3/integration/payments/google/POST-payments_google_subscribe.test.js

@@ -21,7 +21,7 @@ describe('payments : google #subscribe', () => {
     let subscribeStub;
 
     beforeEach(async () => {
-      subscribeStub = sinon.stub(googlePayments, 'subscribe').returnsPromise().resolves({});
+      subscribeStub = sinon.stub(googlePayments, 'subscribe').resolves({});
     });
 
     afterEach(() => {

test/api/v3/integration/payments/google/POST-payments_google_verifyiap.js

@@ -13,7 +13,7 @@ describe('payments : google #verify', () => {
     let verifyStub;
 
     beforeEach(async () => {
-      verifyStub = sinon.stub(googlePayments, 'verifyGemPurchase').returnsPromise().resolves({});
+      verifyStub = sinon.stub(googlePayments, 'verifyGemPurchase').resolves({});
     });
 
     afterEach(() => {

test/api/v3/integration/payments/paypal/GET-payments_paypal_checkout.test.js

@@ -15,7 +15,7 @@ describe('payments : paypal #checkout', () => {
     let checkoutStub;
 
     beforeEach(async () => {
-      checkoutStub = sinon.stub(paypalPayments, 'checkout').returnsPromise().resolves('/');
+      checkoutStub = sinon.stub(paypalPayments, 'checkout').resolves('/');
     });
 
     afterEach(() => {

test/api/v3/integration/payments/paypal/GET-payments_paypal_checkout_success.test.js

@@ -34,7 +34,7 @@ describe('payments : paypal #checkoutSuccess', () => {
     let checkoutSuccessStub;
 
     beforeEach(async () => {
-      checkoutSuccessStub = sinon.stub(paypalPayments, 'checkoutSuccess').returnsPromise().resolves({});
+      checkoutSuccessStub = sinon.stub(paypalPayments, 'checkoutSuccess').resolves({});
     });
 
     afterEach(() => {

test/api/v3/integration/payments/paypal/GET-payments_paypal_subscribe.test.js

@@ -25,7 +25,7 @@ describe('payments : paypal #subscribe', () => {
     let subscribeStub;
 
     beforeEach(async () => {
-      subscribeStub = sinon.stub(paypalPayments, 'subscribe').returnsPromise().resolves('/');
+      subscribeStub = sinon.stub(paypalPayments, 'subscribe').resolves('/');
     });
 
     afterEach(() => {

test/api/v3/integration/payments/paypal/GET-payments_paypal_subscribe_cancel.test.js

@@ -25,7 +25,7 @@ describe('payments : paypal #subscribeCancel', () => {
     let subscribeCancelStub;
 
     beforeEach(async () => {
-      subscribeCancelStub = sinon.stub(paypalPayments, 'subscribeCancel').returnsPromise().resolves('/');
+      subscribeCancelStub = sinon.stub(paypalPayments, 'subscribeCancel').resolves('/');
     });
 
     afterEach(() => {

test/api/v3/integration/payments/paypal/GET-payments_paypal_subscribe_success.test.js

@@ -24,7 +24,7 @@ describe('payments : paypal #subscribeSuccess', () => {
     let subscribeSuccessStub;
 
     beforeEach(async () => {
-      subscribeSuccessStub = sinon.stub(paypalPayments, 'subscribeSuccess').returnsPromise().resolves({});
+      subscribeSuccessStub = sinon.stub(paypalPayments, 'subscribeSuccess').resolves({});
     });
 
     afterEach(() => {

test/api/v3/integration/payments/paypal/POST-payments_paypal_ipn.test.js

@@ -20,7 +20,7 @@ describe('payments - paypal - #ipn', () => {
     let ipnStub;
 
     beforeEach(async () => {
-      ipnStub = sinon.stub(paypalPayments, 'ipn').returnsPromise().resolves({});
+      ipnStub = sinon.stub(paypalPayments, 'ipn').resolves({});
     });
 
     afterEach(() => {

test/api/v3/integration/payments/stripe/GET-payments_stripe_subscribe_cancel.test.js

@@ -23,7 +23,7 @@ describe('payments - stripe - #subscribeCancel', () => {
 
   describe('success', () => {
     beforeEach(async () => {
-      stripeCancelSubscriptionStub = sinon.stub(stripePayments, 'cancelSubscription').returnsPromise().resolves({});
+      stripeCancelSubscriptionStub = sinon.stub(stripePayments, 'cancelSubscription').resolves({});
     });
 
     afterEach(() => {

test/api/v3/integration/payments/stripe/POST-payments_stripe_checkout.test.js

@@ -24,7 +24,7 @@ describe('payments - stripe - #checkout', () => {
     let stripeCheckoutSubscriptionStub;
 
     beforeEach(async () => {
-      stripeCheckoutSubscriptionStub = sinon.stub(stripePayments, 'checkout').returnsPromise().resolves({});
+      stripeCheckoutSubscriptionStub = sinon.stub(stripePayments, 'checkout').resolves({});
     });
 
     afterEach(() => {

test/api/v3/integration/payments/stripe/POST-payments_stripe_subscribe_edit.test.js

@@ -25,7 +25,7 @@ describe('payments - stripe - #subscribeEdit', () => {
     let stripeEditSubscriptionStub;
 
     beforeEach(async () => {
-      stripeEditSubscriptionStub = sinon.stub(stripePayments, 'editSubscription').returnsPromise().resolves({});
+      stripeEditSubscriptionStub = sinon.stub(stripePayments, 'editSubscription').resolves({});
     });
 
     afterEach(() => {

test/api/v3/integration/user/DELETE-user_messages.test.js

@@ -20,8 +20,8 @@ describe('DELETE user message', () => {
 
     messagesId = Object.keys(userRes.inbox.messages);
     expect(messagesId.length).to.eql(2);
-    expect(userRes.inbox.messages[messagesId[0]].text).to.eql('first');
-    expect(userRes.inbox.messages[messagesId[1]].text).to.eql('second');
+    expect(userRes.inbox.messages[messagesId[0]].text).to.eql('second');
+    expect(userRes.inbox.messages[messagesId[1]].text).to.eql('first');
   });
 
   it('one message', async () => {
@@ -31,7 +31,7 @@ describe('DELETE user message', () => {
 
     let userRes = await user.get('/user');
     expect(Object.keys(userRes.inbox.messages).length).to.eql(1);
-    expect(userRes.inbox.messages[messagesId[0]].text).to.eql('second');
+    expect(userRes.inbox.messages[messagesId[0]].text).to.eql('first');
   });
 
   it('clear all', async () => {

test/api/v3/integration/user/GET-user_anonymized.test.js

@@ -18,7 +18,12 @@ describe('GET /user/anonymized', () => {
       'profile.name': 'profile',
       'purchased.plan': 'purchased plan',
       contributor: 'contributor',
-      invitations: 'invitations',
+      invitations: {
+        guilds: ['guild1', 'guild2'],
+        party: {
+          _id: 'partyid',
+        },
+      },
       'items.special.nyeReceived': 'some',
       'items.special.valentineReceived': 'some',
       webhooks: [{url: 'https://somurl.com'}],

test/api/v3/integration/user/POST-user_push_device.test.js

@@ -39,14 +39,16 @@ describe('POST /user/push-devices', () => {
       });
   });
 
-  it('returns an error if user already has the push device', async () => {
+  it('fails silently if user already has the push device', async () => {
     await user.post('/user/push-devices', {type, regId});
-    await expect(user.post('/user/push-devices', {type, regId}))
-      .to.eventually.be.rejected.and.eql({
-        code: 401,
-        error: 'NotAuthorized',
-        message: t('pushDeviceAlreadyAdded'),
-      });
+    const response = await user.post('/user/push-devices', {type, regId});
+    await user.sync();
+
+    expect(response.message).to.equal(t('pushDeviceAdded'));
+    expect(response.data[0].type).to.equal(type);
+    expect(response.data[0].regId).to.equal(regId);
+    expect(user.pushDevices[0].type).to.equal(type);
+    expect(user.pushDevices[0].regId).to.equal(regId);
   });
 
   it('adds a push device to the user', async () => {

test/api/v3/integration/user/auth/POST-auth_reset-password-set-new-one.js

@@ -94,9 +94,6 @@ describe('POST /user/auth/reset-password-set-new-one', () => {
       userId: user._id,
       expiresAt: moment().add({days: 1}),
     }));
-    await user.update({
-      auth: 'not an object with valid fields',
-    });
 
     await expect(api.post(`${endpoint}`, {
       code,

test/api/v3/integration/user/auth/POST-login-local.test.js

@@ -45,7 +45,7 @@ describe('POST /user/auth/local/login', () => {
     })).to.eventually.be.rejected.and.eql({
       code: 401,
       error: 'NotAuthorized',
-      message: t('accountSuspended', { communityManagerEmail: nconf.get('EMAILS:COMMUNITY_MANAGER_EMAIL'), userId: user._id }),
+      message: t('accountSuspended', { communityManagerEmail: nconf.get('EMAILS_COMMUNITY_MANAGER_EMAIL'), userId: user._id }),
     });
   });
 

test/api/v3/integration/user/auth/POST-register_local.test.js

@@ -276,7 +276,7 @@ describe('POST /user/auth/local/register', () => {
       });
     });
 
-    it('enrolls new users in an A/B test', async () => {
+    xit('enrolls new users in an A/B test', async () => {
       let username = generateRandomUserName();
       let email = `${username}@example.com`;
       let password = 'password';

test/api/v3/integration/user/auth/POST-user_auth_pusher.test.js

@@ -1,102 +0,0 @@
-/* eslint-disable camelcase */
-
-import {
-  generateUser,
-  requester,
-  translate as t,
-} from '../../../../../helpers/api-integration/v3';
-import { v4 as generateUUID } from 'uuid';
-
-describe('POST /user/auth/pusher', () => {
-  let user;
-  let endpoint = '/user/auth/pusher';
-
-  beforeEach(async () => {
-    user = await generateUser();
-  });
-
-  it('requires authentication', async () => {
-    let api = requester();
-
-    await expect(api.post(endpoint)).to.eventually.be.rejected.and.eql({
-      code: 401,
-      error: 'NotAuthorized',
-      message: t('missingAuthHeaders'),
-    });
-  });
-
-  it('returns an error if req.body.socket_id is missing', async () => {
-    await expect(user.post(endpoint, {
-      channel_name: '123',
-    })).to.eventually.be.rejected.and.eql({
-      code: 400,
-      error: 'BadRequest',
-      message: t('invalidReqParams'),
-    });
-  });
-
-  it('returns an error if req.body.channel_name is missing', async () => {
-    await expect(user.post(endpoint, {
-      socket_id: '123',
-    })).to.eventually.be.rejected.and.eql({
-      code: 400,
-      error: 'BadRequest',
-      message: t('invalidReqParams'),
-    });
-  });
-
-  it('returns an error if req.body.channel_name is badly formatted', async () => {
-    await expect(user.post(endpoint, {
-      channel_name: '123',
-      socket_id: '123',
-    })).to.eventually.be.rejected.and.eql({
-      code: 400,
-      error: 'BadRequest',
-      message: 'Invalid Pusher channel type.',
-    });
-  });
-
-  it('returns an error if an invalid channel type is passed', async () => {
-    await expect(user.post(endpoint, {
-      channel_name: 'invalid-group-123',
-      socket_id: '123',
-    })).to.eventually.be.rejected.and.eql({
-      code: 400,
-      error: 'BadRequest',
-      message: 'Invalid Pusher channel type.',
-    });
-  });
-
-  it('returns an error if an invalid resource type is passed', async () => {
-    await expect(user.post(endpoint, {
-      channel_name: 'presence-user-123',
-      socket_id: '123',
-    })).to.eventually.be.rejected.and.eql({
-      code: 400,
-      error: 'BadRequest',
-      message: 'Invalid Pusher resource type.',
-    });
-  });
-
-  it('returns an error if an invalid resource id is passed', async () => {
-    await expect(user.post(endpoint, {
-      channel_name: 'presence-group-123',
-      socket_id: '123',
-    })).to.eventually.be.rejected.and.eql({
-      code: 400,
-      error: 'BadRequest',
-      message: 'Invalid Pusher resource id, must be a UUID.',
-    });
-  });
-
-  it('returns an error if the passed resource id doesn\'t match the user\'s party', async () => {
-    await expect(user.post(endpoint, {
-      channel_name: `presence-group-${generateUUID()}`,
-      socket_id: '123',
-    })).to.eventually.be.rejected.and.eql({
-      code: 404,
-      error: 'NotFound',
-      message: 'Resource id must be the user\'s party.',
-    });
-  });
-});

test/api/v3/integration/user/auth/POST-user_auth_social.test.js

@@ -80,7 +80,7 @@ describe('POST /user/auth/social', () => {
       expect(response.newUser).to.be.false;
     });
 
-    it('enrolls a new user in an A/B test', async () => {
+    xit('enrolls a new user in an A/B test', async () => {
       await api.post(endpoint, {
         authResponse: {access_token: randomAccessToken}, // eslint-disable-line camelcase
         network,
@@ -136,7 +136,7 @@ describe('POST /user/auth/social', () => {
       expect(response.newUser).to.be.false;
     });
 
-    it('enrolls a new user in an A/B test', async () => {
+    xit('enrolls a new user in an A/B test', async () => {
       await api.post(endpoint, {
         authResponse: {access_token: randomAccessToken}, // eslint-disable-line camelcase
         network,

test/api/v3/integration/user/auth/PUT-user_update_email.test.js

@@ -71,7 +71,7 @@ describe('PUT /user/auth/update-email', () => {
       })).to.eventually.be.rejected.and.eql({
         code: 401,
         error: 'NotAuthorized',
-        message: t('cannotFulfillReq', { techAssistanceEmail: nconf.get('EMAILS:TECH_ASSISTANCE_EMAIL') }),
+        message: t('cannotFulfillReq', { techAssistanceEmail: nconf.get('EMAILS_TECH_ASSISTANCE_EMAIL') }),
       });
     });
 

test/api/v3/integration/user/auth/PUT-user_update_username.test.js

@@ -12,14 +12,14 @@ const ENDPOINT = '/user/auth/update-username';
 
 describe('PUT /user/auth/update-username', async () => {
   let user;
-  let newUsername = 'new-username';
-  let password = 'password'; // from habitrpg/test/helpers/api-integration/v3/object-generators.js
+  let password = 'password'; // from habitrpg/test/helpers/api-integration/v4/object-generators.js
 
   beforeEach(async () => {
     user = await generateUser();
   });
 
-  it('successfully changes username', async () => {
+  it('successfully changes username with password', async () => {
+    let newUsername = 'new-username';
     let response = await user.put(ENDPOINT, {
       username: newUsername,
       password,
@@ -29,6 +29,38 @@ describe('PUT /user/auth/update-username', async () => {
     expect(user.auth.local.username).to.eql(newUsername);
   });
 
+  it('successfully changes username without password', async () => {
+    let newUsername = 'new-username-nopw';
+    let response = await user.put(ENDPOINT, {
+      username: newUsername,
+    });
+    expect(response).to.eql({ username: newUsername });
+    await user.sync();
+    expect(user.auth.local.username).to.eql(newUsername);
+  });
+
+  it('successfully changes username containing number and underscore', async () => {
+    let newUsername = 'new_username9';
+    let response = await user.put(ENDPOINT, {
+      username: newUsername,
+    });
+    expect(response).to.eql({ username: newUsername });
+    await user.sync();
+    expect(user.auth.local.username).to.eql(newUsername);
+  });
+
+  it('sets verifiedUsername when changing username', async () => {
+    user.flags.verifiedUsername = false;
+    await user.sync();
+    let newUsername = 'new-username-verify';
+    let response = await user.put(ENDPOINT, {
+      username: newUsername,
+    });
+    expect(response).to.eql({ username: newUsername });
+    await user.sync();
+    expect(user.flags.verifiedUsername).to.eql(true);
+  });
+
   it('converts user with SHA1 encrypted password to bcrypt encryption', async () => {
     let myNewUsername = 'my-new-username';
     let textPassword = 'mySecretPassword';
@@ -80,6 +112,7 @@ describe('PUT /user/auth/update-username', async () => {
     });
 
     it('errors if password is wrong', async () => {
+      let newUsername = 'new-username';
       await expect(user.put(ENDPOINT, {
         username: newUsername,
         password: 'wrong-password',
@@ -90,19 +123,6 @@ describe('PUT /user/auth/update-username', async () => {
       });
     });
 
-    it('prevents social-only user from changing username', async () => {
-      let socialUser = await generateUser({ 'auth.local': { ok: true } });
-
-      await expect(socialUser.put(ENDPOINT, {
-        username: newUsername,
-        password,
-      })).to.eventually.be.rejected.and.eql({
-        code: 400,
-        error: 'BadRequest',
-        message: t('userHasNoLocalRegistration'),
-      });
-    });
-
     it('errors if new username is not provided', async () => {
       await expect(user.put(ENDPOINT, {
         password,
@@ -112,5 +132,93 @@ describe('PUT /user/auth/update-username', async () => {
         message: t('invalidReqParams'),
       });
     });
+
+    it('errors if new username is a slur', async () => {
+      await expect(user.put(ENDPOINT, {
+        username: 'TESTPLACEHOLDERSLURWORDHERE',
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: [t('usernameIssueLength'), t('usernameIssueSlur')].join(' '),
+      });
+    });
+
+    it('errors if new username contains a slur', async () => {
+      await expect(user.put(ENDPOINT, {
+        username: 'TESTPLACEHOLDERSLURWORDHERE_otherword',
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: [t('usernameIssueLength'), t('usernameIssueSlur')].join(' '),
+      });
+      await expect(user.put(ENDPOINT, {
+        username: 'something_TESTPLACEHOLDERSLURWORDHERE',
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: [t('usernameIssueLength'), t('usernameIssueSlur')].join(' '),
+      });
+      await expect(user.put(ENDPOINT, {
+        username: 'somethingTESTPLACEHOLDERSLURWORDHEREotherword',
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: [t('usernameIssueLength'), t('usernameIssueSlur')].join(' '),
+      });
+    });
+
+    it('errors if new username is not allowed', async () => {
+      await expect(user.put(ENDPOINT, {
+        username: 'support',
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('usernameIssueForbidden'),
+      });
+    });
+
+    it('errors if new username is not allowed regardless of casing', async () => {
+      await expect(user.put(ENDPOINT, {
+        username: 'SUppORT',
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('usernameIssueForbidden'),
+      });
+    });
+
+    it('errors if username has incorrect length', async () => {
+      await expect(user.put(ENDPOINT, {
+        username: 'thisisaverylongusernameover20characters',
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('usernameIssueLength'),
+      });
+    });
+
+    it('errors if new username contains invalid characters', async () => {
+      await expect(user.put(ENDPOINT, {
+        username: 'Eichhörnchen',
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('usernameIssueInvalidCharacters'),
+      });
+      await expect(user.put(ENDPOINT, {
+        username: 'test.name',
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('usernameIssueInvalidCharacters'),
+      });
+      await expect(user.put(ENDPOINT, {
+        username: '🤬',
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('usernameIssueInvalidCharacters'),
+      });
+    });
   });
 });

test/api/v3/integration/user/buy/POST-user_buy_gear.test.js

@@ -53,4 +53,15 @@ describe('POST /user/buy-gear/:key', () => {
         message: 'You need to purchase a lower level gear before this one.',
       });
   });
+
+  it('returns an error if tries to buy gear from a different class', async () => {
+    let key = 'armor_rogue_1';
+
+    return expect(user.post(`/user/buy-gear/${key}`))
+      .to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: 'You can\'t buy this item.',
+      });
+  });
 });

test/api/v4/user/GET-user.test.js

@@ -53,6 +53,6 @@ describe('GET /user', () => {
     let returnedUser = await user.get('/user');
 
     expect(returnedUser._id).to.equal(user._id);
-    expect(returnedUser.inbox.messages).to.be.empty;
+    expect(returnedUser.inbox.messages).to.be.undefined;
   });
 });

test/api/v4/user/auth/POST-user_verify_display_name.test.js

@@ -0,0 +1,57 @@
+import {
+  generateUser,
+  translate as t,
+} from '../../../../helpers/api-integration/v4';
+
+const ENDPOINT = '/user/auth/verify-display-name';
+
+describe('POST /user/auth/verify-display-name', async () => {
+  let user;
+
+  beforeEach(async () => {
+    user = await generateUser();
+  });
+
+  it('successfully verifies display name including funky characters', async () => {
+    let newDisplayName = 'Sabé 🤬';
+    let response = await user.post(ENDPOINT, {
+      displayName: newDisplayName,
+    });
+    expect(response).to.eql({ isUsable: true });
+  });
+
+  context('errors', async () => {
+    it('errors if display name is not provided', async () => {
+      await expect(user.post(ENDPOINT, {
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('invalidReqParams'),
+      });
+    });
+
+    it('errors if display name is a slur', async () => {
+      await expect(user.post(ENDPOINT, {
+        displayName: 'TESTPLACEHOLDERSLURWORDHERE',
+      })).to.eventually.eql({ isUsable: false, issues: [t('displaynameIssueSlur')] });
+    });
+
+    it('errors if display name contains a slur', async () => {
+      await expect(user.post(ENDPOINT, {
+        displayName: 'TESTPLACEHOLDERSLURWORDHERE_otherword',
+      })).to.eventually.eql({ isUsable: false, issues: [t('displaynameIssueLength'), t('displaynameIssueSlur')] });
+      await expect(user.post(ENDPOINT, {
+        displayName: 'something_TESTPLACEHOLDERSLURWORDHERE',
+      })).to.eventually.eql({ isUsable: false, issues: [t('displaynameIssueLength'), t('displaynameIssueSlur')] });
+      await expect(user.post(ENDPOINT, {
+        displayName: 'somethingTESTPLACEHOLDERSLURWORDHEREotherword',
+      })).to.eventually.eql({ isUsable: false, issues: [t('displaynameIssueLength'), t('displaynameIssueSlur')] });
+    });
+
+    it('errors if display name has incorrect length', async () => {
+      await expect(user.post(ENDPOINT, {
+        displayName: 'this is a very long display name over 30 characters',
+      })).to.eventually.eql({ isUsable: false, issues: [t('displaynameIssueLength')] });
+    });
+  });
+});

test/api/v4/user/auth/PUT-user_update_username.test.js

@@ -1,224 +0,0 @@
-import {
-  generateUser,
-  translate as t,
-} from '../../../../helpers/api-integration/v4';
-import {
-  bcryptCompare,
-  sha1MakeSalt,
-  sha1Encrypt as sha1EncryptPassword,
-} from '../../../../../website/server/libs/password';
-
-const ENDPOINT = '/user/auth/update-username';
-
-describe('PUT /user/auth/update-username', async () => {
-  let user;
-  let password = 'password'; // from habitrpg/test/helpers/api-integration/v4/object-generators.js
-
-  beforeEach(async () => {
-    user = await generateUser();
-  });
-
-  it('successfully changes username with password', async () => {
-    let newUsername = 'new-username';
-    let response = await user.put(ENDPOINT, {
-      username: newUsername,
-      password,
-    });
-    expect(response).to.eql({ username: newUsername });
-    await user.sync();
-    expect(user.auth.local.username).to.eql(newUsername);
-  });
-
-  it('successfully changes username without password', async () => {
-    let newUsername = 'new-username-nopw';
-    let response = await user.put(ENDPOINT, {
-      username: newUsername,
-    });
-    expect(response).to.eql({ username: newUsername });
-    await user.sync();
-    expect(user.auth.local.username).to.eql(newUsername);
-  });
-
-  it('successfully changes username containing number and underscore', async () => {
-    let newUsername = 'new_username9';
-    let response = await user.put(ENDPOINT, {
-      username: newUsername,
-    });
-    expect(response).to.eql({ username: newUsername });
-    await user.sync();
-    expect(user.auth.local.username).to.eql(newUsername);
-  });
-
-  it('sets verifiedUsername when changing username', async () => {
-    user.flags.verifiedUsername = false;
-    await user.sync();
-    let newUsername = 'new-username-verify';
-    let response = await user.put(ENDPOINT, {
-      username: newUsername,
-    });
-    expect(response).to.eql({ username: newUsername });
-    await user.sync();
-    expect(user.flags.verifiedUsername).to.eql(true);
-  });
-
-  it('converts user with SHA1 encrypted password to bcrypt encryption', async () => {
-    let myNewUsername = 'my-new-username';
-    let textPassword = 'mySecretPassword';
-    let salt = sha1MakeSalt();
-    let sha1HashedPassword = sha1EncryptPassword(textPassword, salt);
-
-    await user.update({
-      'auth.local.hashed_password': sha1HashedPassword,
-      'auth.local.passwordHashMethod': 'sha1',
-      'auth.local.salt': salt,
-    });
-
-    await user.sync();
-    expect(user.auth.local.passwordHashMethod).to.equal('sha1');
-    expect(user.auth.local.salt).to.equal(salt);
-    expect(user.auth.local.hashed_password).to.equal(sha1HashedPassword);
-
-    // update email
-    let response = await user.put(ENDPOINT, {
-      username: myNewUsername,
-      password: textPassword,
-    });
-    expect(response).to.eql({ username: myNewUsername });
-
-    await user.sync();
-
-    expect(user.auth.local.username).to.eql(myNewUsername);
-    expect(user.auth.local.passwordHashMethod).to.equal('bcrypt');
-    expect(user.auth.local.salt).to.be.undefined;
-    expect(user.auth.local.hashed_password).not.to.equal(sha1HashedPassword);
-
-    let isValidPassword = await bcryptCompare(textPassword, user.auth.local.hashed_password);
-    expect(isValidPassword).to.equal(true);
-  });
-
-  context('errors', async () => {
-    it('prevents username update if new username is already taken', async () => {
-      let existingUsername = 'existing-username';
-      await generateUser({'auth.local.username': existingUsername, 'auth.local.lowerCaseUsername': existingUsername });
-
-      await expect(user.put(ENDPOINT, {
-        username: existingUsername,
-        password,
-      })).to.eventually.be.rejected.and.eql({
-        code: 400,
-        error: 'BadRequest',
-        message: t('usernameTaken'),
-      });
-    });
-
-    it('errors if password is wrong', async () => {
-      let newUsername = 'new-username';
-      await expect(user.put(ENDPOINT, {
-        username: newUsername,
-        password: 'wrong-password',
-      })).to.eventually.be.rejected.and.eql({
-        code: 401,
-        error: 'NotAuthorized',
-        message: t('wrongPassword'),
-      });
-    });
-
-    it('errors if new username is not provided', async () => {
-      await expect(user.put(ENDPOINT, {
-        password,
-      })).to.eventually.be.rejected.and.eql({
-        code: 400,
-        error: 'BadRequest',
-        message: t('invalidReqParams'),
-      });
-    });
-
-    it('errors if new username is a slur', async () => {
-      await expect(user.put(ENDPOINT, {
-        username: 'TESTPLACEHOLDERSLURWORDHERE',
-      })).to.eventually.be.rejected.and.eql({
-        code: 400,
-        error: 'BadRequest',
-        message: [t('usernameIssueLength'), t('usernameIssueSlur')].join(' '),
-      });
-    });
-
-    it('errors if new username contains a slur', async () => {
-      await expect(user.put(ENDPOINT, {
-        username: 'TESTPLACEHOLDERSLURWORDHERE_otherword',
-      })).to.eventually.be.rejected.and.eql({
-        code: 400,
-        error: 'BadRequest',
-        message: [t('usernameIssueLength'), t('usernameIssueSlur')].join(' '),
-      });
-      await expect(user.put(ENDPOINT, {
-        username: 'something_TESTPLACEHOLDERSLURWORDHERE',
-      })).to.eventually.be.rejected.and.eql({
-        code: 400,
-        error: 'BadRequest',
-        message: [t('usernameIssueLength'), t('usernameIssueSlur')].join(' '),
-      });
-      await expect(user.put(ENDPOINT, {
-        username: 'somethingTESTPLACEHOLDERSLURWORDHEREotherword',
-      })).to.eventually.be.rejected.and.eql({
-        code: 400,
-        error: 'BadRequest',
-        message: [t('usernameIssueLength'), t('usernameIssueSlur')].join(' '),
-      });
-    });
-
-    it('errors if new username is not allowed', async () => {
-      await expect(user.put(ENDPOINT, {
-        username: 'support',
-      })).to.eventually.be.rejected.and.eql({
-        code: 400,
-        error: 'BadRequest',
-        message: t('usernameIssueForbidden'),
-      });
-    });
-
-    it('errors if new username is not allowed regardless of casing', async () => {
-      await expect(user.put(ENDPOINT, {
-        username: 'SUppORT',
-      })).to.eventually.be.rejected.and.eql({
-        code: 400,
-        error: 'BadRequest',
-        message: t('usernameIssueForbidden'),
-      });
-    });
-
-    it('errors if username has incorrect length', async () => {
-      await expect(user.put(ENDPOINT, {
-        username: 'thisisaverylongusernameover20characters',
-      })).to.eventually.be.rejected.and.eql({
-        code: 400,
-        error: 'BadRequest',
-        message: t('usernameIssueLength'),
-      });
-    });
-
-    it('errors if new username contains invalid characters', async () => {
-      await expect(user.put(ENDPOINT, {
-        username: 'Eichhörnchen',
-      })).to.eventually.be.rejected.and.eql({
-        code: 400,
-        error: 'BadRequest',
-        message: t('usernameIssueInvalidCharacters'),
-      });
-      await expect(user.put(ENDPOINT, {
-        username: 'test.name',
-      })).to.eventually.be.rejected.and.eql({
-        code: 400,
-        error: 'BadRequest',
-        message: t('usernameIssueInvalidCharacters'),
-      });
-      await expect(user.put(ENDPOINT, {
-        username: '🤬',
-      })).to.eventually.be.rejected.and.eql({
-        code: 400,
-        error: 'BadRequest',
-        message: t('usernameIssueInvalidCharacters'),
-      });
-    });
-  });
-});

test/client/unit/index.js

@@ -4,7 +4,7 @@ require('babel-polyfill');
 
 // Automatically setup SinonJS' sandbox for each test
 beforeEach(() => {
-  global.sandbox = sinon.sandbox.create();
+  global.sandbox = sinon.createSandbox();
 });
 
 afterEach(() => {

test/client/unit/specs/components/notifications.js

@@ -2,12 +2,14 @@ import { shallowMount, createLocalVue } from '@vue/test-utils';
 import NotificationsComponent from 'client/components/notifications.vue';
 import Store from 'client/libs/store';
 import { hasClass } from 'client/store/getters/members';
+import { toNextLevel } from 'common/script/statHelpers';
 
 const localVue = createLocalVue();
 localVue.use(Store);
 
 describe('Notifications', () => {
   let store;
+  let wrapper;
 
   beforeEach(() => {
     store = new Store({
@@ -29,16 +31,22 @@ describe('Notifications', () => {
       actions: {
         'user:fetch': () => {},
         'tasks:fetchUserTasks': () => {},
+        'snackbars:add': () => {},
       },
       getters: {
         'members:hasClass': hasClass,
       },
     });
+    wrapper = shallowMount(NotificationsComponent, {
+      store,
+      localVue,
+      mocks: {
+        $t: (string) => string,
+      },
+    });
   });
 
   it('set user has class computed prop', () => {
-    const wrapper = shallowMount(NotificationsComponent, { store, localVue });
-
     expect(wrapper.vm.userHasClass).to.be.false;
 
     store.state.user.data.stats.lvl = 10;
@@ -47,4 +55,130 @@ describe('Notifications', () => {
 
     expect(wrapper.vm.userHasClass).to.be.true;
   });
+  describe('user exp notifcation', () => {
+    it('notifies when user gets more exp', () => {
+      const expSpy = sinon.spy(wrapper.vm, 'exp');
+
+      const userLevel = 10;
+      store.state.user.data.stats.lvl = userLevel;
+
+      const userExpBefore = 10;
+      const userExpAfter = 12;
+      wrapper.vm.displayUserExpAndLvlNotifications(userExpAfter, userExpBefore, userLevel, userLevel);
+
+      expect(expSpy).to.be.calledWith(userExpAfter - userExpBefore);
+      expSpy.restore();
+    });
+
+    it('when user levels with exact xp', () => {
+      const expSpy = sinon.spy(wrapper.vm, 'exp');
+
+      const userLevelBefore = 9;
+      const userLevelAfter = 10;
+      store.state.user.data.stats.lvl = userLevelAfter;
+
+      const expEarned = 5;
+      const userExpBefore = toNextLevel(userLevelBefore) - expEarned;
+      const userExpAfter = 0;
+      wrapper.vm.displayUserExpAndLvlNotifications(userExpAfter, userExpBefore, userLevelAfter, userLevelBefore);
+
+      expect(expSpy).to.be.calledWith(expEarned);
+      expSpy.restore();
+    });
+
+    it('when user levels with exact more exp than needed', () => {
+      const expSpy = sinon.spy(wrapper.vm, 'exp');
+
+      const userLevelBefore = 9;
+      const userLevelAfter = 10;
+      store.state.user.data.stats.lvl = userLevelAfter;
+
+      const expEarned = 10;
+      const expNeeded = 5;
+      const userExpBefore = toNextLevel(userLevelBefore) - expNeeded;
+      const userExpAfter = 5;
+      wrapper.vm.displayUserExpAndLvlNotifications(userExpAfter, userExpBefore, userLevelAfter, userLevelBefore);
+
+      expect(expSpy).to.be.calledWith(expEarned);
+      expSpy.restore();
+    });
+
+    it('when user has more exp than needed then levels', () => {
+      const expSpy = sinon.spy(wrapper.vm, 'exp');
+
+      const userLevelBefore = 9;
+      const userLevelAfter = 10;
+      store.state.user.data.stats.lvl = userLevelAfter;
+
+      const expEarned = 10;
+      const expNeeded = -5;
+      const userExpBefore = toNextLevel(userLevelBefore) - expNeeded;
+      const userExpAfter = 15;
+      wrapper.vm.displayUserExpAndLvlNotifications(userExpAfter, userExpBefore, userLevelAfter, userLevelBefore);
+
+      expect(expSpy).to.be.calledWith(expEarned);
+      expSpy.restore();
+    });
+
+    it('when user multilevels', () => {
+      const expSpy = sinon.spy(wrapper.vm, 'exp');
+
+      const userLevelBefore = 8;
+      const userLevelAfter = 10;
+      store.state.user.data.stats.lvl = userLevelAfter;
+
+      const expEarned = 10 + toNextLevel(userLevelBefore + 1);
+      const expNeeded = 5;
+      const userExpBefore = toNextLevel(userLevelBefore) - expNeeded;
+      const userExpAfter = 5;
+      wrapper.vm.displayUserExpAndLvlNotifications(userExpAfter, userExpBefore, userLevelAfter, userLevelBefore);
+
+      expect(expSpy).to.be.calledWith(expEarned);
+      expSpy.restore();
+    });
+
+    it('when user looses xp', () => {
+      const expSpy = sinon.spy(wrapper.vm, 'exp');
+
+      const userLevel = 10;
+      store.state.user.data.stats.lvl = userLevel;
+
+      const userExpBefore = 10;
+      const userExpAfter = 5;
+      wrapper.vm.displayUserExpAndLvlNotifications(userExpAfter, userExpBefore, userLevel, userLevel);
+
+      expect(expSpy).to.be.calledWith(userExpAfter - userExpBefore);
+      expSpy.restore();
+    });
+
+    it('when user looses xp under 0', () => {
+      const expSpy = sinon.spy(wrapper.vm, 'exp');
+
+      const userLevel = 10;
+      store.state.user.data.stats.lvl = userLevel;
+
+      const userExpBefore = 5;
+      const userExpAfter = -3;
+      wrapper.vm.displayUserExpAndLvlNotifications(userExpAfter, userExpBefore, userLevel, userLevel);
+
+      expect(expSpy).to.be.calledWith(userExpAfter - userExpBefore);
+      expSpy.restore();
+    });
+
+    it('when user dies', () => {
+      const expSpy = sinon.spy(wrapper.vm, 'exp');
+
+      const userLevelBefore = 10;
+      const userLevelAfter = 9;
+      store.state.user.data.stats.lvl = userLevelAfter;
+
+      const expEarned = -20;
+      const userExpBefore = 20;
+      const userExpAfter = 0;
+      wrapper.vm.displayUserExpAndLvlNotifications(userExpAfter, userExpBefore, userLevelAfter, userLevelBefore);
+
+      expect(expSpy).to.be.calledWith(expEarned);
+      expSpy.restore();
+    });
+  });
 });