Merge branch 'develop' into qa/turtle

5.40.2
Translated using Weblate (Japanese)
2025-10-26 18:52:37 +01:00 · 2025-09-09 16:00:52 -05:00 · 2025-09-08 15:40:45 -05:00 · 2025-09-08 22:12:28 +02:00 · 2025-09-05 11:10:20 +02:00 · 2025-09-05 11:02:59 +02:00
857 changed files with 20802 additions and 17753 deletions
--- a/.babelrc
+++ b/.babelrc
@@ -9,4 +9,4 @@
      }
    ]
  ]
-}
+}
--- a/config.json.example
+++ b/config.json.example
@@ -8,18 +8,26 @@
  "AMAZON_PAYMENTS_SELLER_ID": "SELLER_ID",
  "AMPLITUDE_KEY": "AMPLITUDE_KEY",
  "AMPLITUDE_SECRET": "AMPLITUDE_SECRET",
+  "APPLE_AUTH_CLIENT_ID": "",
+  "APPLE_AUTH_KEY_ID": "",
+  "APPLE_AUTH_PRIVATE_KEY": "",
+  "APPLE_TEAM_ID": "",
  "BASE_URL": "http://localhost:3000",
+  "BLOCKED_IPS": "",
+  "CONTENT_SWITCHOVER_TIME_OFFSET": 8,
  "CRON_SAFE_MODE": "false",
  "CRON_SEMI_SAFE_MODE": "false",
+  "DEBUG_ENABLED": "false",
  "DISABLE_REQUEST_LOGGING": "true",
-  "EMAILS_COMMUNITY_MANAGER_EMAIL": "admin@habitica.com",
-  "EMAILS_PRESS_ENQUIRY_EMAIL": "admin@habitica.com",
-  "EMAILS_TECH_ASSISTANCE_EMAIL": "admin@habitica.com",
  "EMAIL_SERVER_AUTH_PASSWORD": "password",
  "EMAIL_SERVER_AUTH_USER": "user",
  "EMAIL_SERVER_URL": "http://example.com",
+  "EMAILS_COMMUNITY_MANAGER_EMAIL": "admin@habitica.com",
+  "EMAILS_PRESS_ENQUIRY_EMAIL": "admin@habitica.com",
+  "EMAILS_TECH_ASSISTANCE_EMAIL": "admin@habitica.com",
  "ENABLE_CONSOLE_LOGS_IN_PROD": "false",
  "ENABLE_CONSOLE_LOGS_IN_TEST": "false",
+  "ENABLE_STACKDRIVER_TRACING": "false",
  "FACEBOOK_KEY": "123456789012345",
  "FACEBOOK_SECRET": "aaaabbbbccccddddeeeeffff00001111",
  "FLAG_REPORT_EMAIL": "email@example.com, email2@example.com",
@@ -29,15 +37,16 @@
  "IAP_GOOGLE_KEYDIR": "/path/to/google/public/key/dir/",
  "IGNORE_REDIRECT": "true",
  "ITUNES_SHARED_SECRET": "aaaabbbbccccddddeeeeffff00001111",
+  "LIVELINESS_PROBE_KEY": "",
+  "LOG_AMPLITUDE_EVENTS": "false",
+  "LOG_REQUESTS_EXCESSIVE_MODE": "false",
  "LOGGLY_CLIENT_TOKEN": "token",
  "LOGGLY_SUBDOMAIN": "example-subdomain",
  "LOGGLY_TOKEN": "example-token",
-  "LOG_REQUESTS_EXCESSIVE_MODE": "false",
  "MAINTENANCE_MODE": "false",
-  "NODE_DB_URI": "mongodb://localhost:27017/habitica-dev?replicaSet=rs",
-  "TEST_DB_URI": "mongodb://localhost:27017/habitica-test?replicaSet=rs",
  "MONGODB_POOL_SIZE": "10",
  "MONGODB_SOCKET_TIMEOUT": "20000",
+  "NODE_DB_URI": "mongodb://localhost:27017/habitica-dev?replicaSet=rs",
  "NODE_ENV": "development",
  "PATH": "bin:node_modules/.bin:/usr/local/bin:/usr/bin:/bin",
  "PAYPAL_BILLING_PLANS_basic_12mo": "basic_12mo",
@@ -55,44 +64,34 @@
  "PLAY_API_REFRESH_TOKEN": "aaaabbbbccccddddeeeeffff00001111",
  "PORT": 3000,
  "PUSH_CONFIGS_APN_ENABLED": "false",
-  "PUSH_CONFIGS_APN_KEY": "xxxxxxxxxx",
  "PUSH_CONFIGS_APN_KEY_ID": "xxxxxxxxxx",
+  "PUSH_CONFIGS_APN_KEY": "xxxxxxxxxx",
  "PUSH_CONFIGS_APN_TEAM_ID": "aaabbbcccd",
  "PUSH_CONFIGS_FCM_SERVER_API_KEY": "aaabbbcccd",
+  "RATE_LIMITER_ENABLED": "false",
+  "REDIS_HOST": "aaabbbcccdddeeefff",
+  "REDIS_PASSWORD": "12345678",
+  "REDIS_PORT": "1234",
  "S3_ACCESS_KEY_ID": "accessKeyId",
  "S3_BUCKET": "bucket",
  "S3_SECRET_ACCESS_KEY": "secretAccessKey",
-  "SESSION_SECRET": "YOUR SECRET HERE",
  "SESSION_SECRET_IV": "12345678912345678912345678912345",
  "SESSION_SECRET_KEY": "1234567891234567891234567891234567891234567891234567891234567891",
+  "SESSION_SECRET": "YOUR SECRET HERE",
  "SITE_HTTP_AUTH_ENABLED": "false",
  "SITE_HTTP_AUTH_PASSWORDS": "password,wordpass,passkey",
  "SITE_HTTP_AUTH_USERNAMES": "admin,tester,contributor",
+  "SKIP_SSL_CHECK_KEY": "key",
  "SLACK_FLAGGING_FOOTER_LINK": "https://habitrpg.github.io/flag-o-rama/",
  "SLACK_FLAGGING_URL": "https://hooks.slack.com/services/id/id/id",
  "SLACK_SUBSCRIPTIONS_URL": "https://hooks.slack.com/services/id/id/id",
  "SLACK_URL": "https://hooks.slack.com/services/some-url",
+  "SLOW_REQUEST_THRESHOLD": 1000,
  "STRIPE_API_KEY": "aaaabbbbccccddddeeeeffff00001111",
  "STRIPE_PUB_KEY": "22223333444455556666777788889999",
  "STRIPE_WEBHOOKS_ENDPOINT_SECRET": "111111",
-  "TRANSIFEX_SLACK_CHANNEL": "transifex",
-  "WEB_CONCURRENCY": 1,
-  "SKIP_SSL_CHECK_KEY": "key",
-  "ENABLE_STACKDRIVER_TRACING": "false",
-  "APPLE_AUTH_PRIVATE_KEY": "",
-  "APPLE_TEAM_ID": "",
-  "APPLE_AUTH_CLIENT_ID": "",
-  "APPLE_AUTH_KEY_ID": "",
-  "BLOCKED_IPS": "",
-  "LOG_AMPLITUDE_EVENTS": "false",
-  "RATE_LIMITER_ENABLED": "false",
-  "LIVELINESS_PROBE_KEY": "",
-  "REDIS_HOST": "aaabbbcccdddeeefff",
-  "REDIS_PORT": "1234",
-  "REDIS_PASSWORD": "12345678",
-  "TRUSTED_DOMAINS": "localhost,https://habitica.com",
+  "TEST_DB_URI": "mongodb://localhost:27017/habitica-test?replicaSet=rs",
  "TIME_TRAVEL_ENABLED": "false",
-  "DEBUG_ENABLED": "false",
-  "CONTENT_SWITCHOVER_TIME_OFFSET": 8,
-  "SLOW_REQUEST_THRESHOLD": 1000
+  "TRUSTED_DOMAINS": "localhost,https://habitica.com",
+  "WEB_CONCURRENCY": 1
 }
--- a/gulp/gulp-start.js
+++ b/gulp/gulp-start.js
@@ -1,11 +0,0 @@
-import gulp from 'gulp';
-import nodemon from 'gulp-nodemon';
-
-import pkg from '../package.json';
-
-gulp.task('nodemon', done => {
-  nodemon({
-    script: pkg.main,
-  });
-  done();
-});
--- a/gulp/gulp-tests.js
+++ b/gulp/gulp-tests.js
@@ -49,12 +49,6 @@ function integrationTestCommand (testDir) {
 }

 /* Test task definitions */
-gulp.task('test:nodemon', gulp.series(done => {
-  process.env.PORT = TEST_SERVER_PORT; // eslint-disable-line no-process-env
-  process.env.NODE_DB_URI = TEST_DB_URI; // eslint-disable-line no-process-env
-  done();
-}, 'nodemon'));
-
 gulp.task('test:prepare:mongo', cb => {
  const mongooseOptions = getDefaultConnectionOptions();
  const connectionUrl = getDevelopmentConnectionUrl(TEST_DB_URI);
--- a/gulpfile.js
+++ b/gulpfile.js
@@ -21,7 +21,6 @@ if (process.env.NODE_ENV === 'production') { // eslint-disable-line no-process-e
  require('./gulp/gulp-build'); // eslint-disable-line global-require
  require('./gulp/gulp-console'); // eslint-disable-line global-require
  require('./gulp/gulp-sprites'); // eslint-disable-line global-require
-  require('./gulp/gulp-start'); // eslint-disable-line global-require
  require('./gulp/gulp-tests'); // eslint-disable-line global-require
  require('./gulp/gulp-transifex-test'); // eslint-disable-line global-require
  require('gulp').task('default', gulp.series('test')); // eslint-disable-line global-require
--- a/2
+++ b/2
--- a/migrations/archive/api_v3/groups.js
+++ b/migrations/archive/api_v3/groups.js
@@ -37,7 +37,7 @@ let consoleStamp = require('console-stamp');
 consoleStamp(console);

 // Initialize configuration
-require('../../website/server/libs/api-v3/setupNconf')();
+require('../../website/server/libs/api-v3/setupNconf').default();

 let MONGODB_OLD = nconf.get('MONGODB_OLD');
 let MONGODB_NEW = nconf.get('MONGODB_NEW');
--- a/migrations/archive/api_v3/users.js
+++ b/migrations/archive/api_v3/users.js
@@ -32,7 +32,7 @@ let moment = require('moment');
 consoleStamp(console);

 // Initialize configuration
-require('../../website/server/libs/api-v3/setupNconf')();
+require('../../website/server/libs/api-v3/setupNconf').default();

 let MONGODB_OLD = nconf.get('MONGODB_OLD');
 let MONGODB_NEW = nconf.get('MONGODB_NEW');
--- a/migrations/migration-runner.js
+++ b/migrations/migration-runner.js
@@ -6,11 +6,11 @@ require('@babel/register'); // eslint-disable-line import/no-extraneous-dependen
 function setUpServer () {
  const nconf = require('nconf'); // eslint-disable-line global-require, no-unused-vars
  const mongoose = require('mongoose'); // eslint-disable-line global-require, no-unused-vars
-  const setupNconf = require('../website/server/libs/setupNconf'); // eslint-disable-line global-require
+  const setupNconf = require('../website/server/libs/setupNconf').default; // eslint-disable-line global-require

  setupNconf();

-  // We require src/server and npt src/index because
+  // We require src/server and not src/index because
  // 1. nconf is already setup
  // 2. we don't need clustering
  require('../website/server/server'); // eslint-disable-line global-require
--- a/migrations/users/full-gear.js
+++ b/migrations/users/full-gear.js
@@ -11,7 +11,7 @@ const progressCount = 1000;
 let count = 0;

 /*
- * Award users every extant pet and mount
+ * Award every extant piece of equippable gear
 */

 async function updateUser (user) {
--- a/migrations/users/take-this.js
+++ b/migrations/users/take-this.js
@@ -3,7 +3,8 @@ import { v4 as uuid } from 'uuid';

 import { model as User } from '../../website/server/models/user';

-const MIGRATION_NAME = '20181203_take_this';
+const MIGRATION_NAME = 'YYYYMMDD_take_this';
+const CHALLENGE_ID = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx';

 const progressCount = 1000;
 let count = 0;
@@ -41,15 +42,15 @@ async function updateUser (user) {
  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);

  if (push) {
-    return User.update({ _id: user._id }, { $set: set, $push: push }).exec();
+    return User.updateOne({ _id: user._id }, { $set: set, $push: push }).exec();
  }
-  return User.update({ _id: user._id }, { $set: set }).exec();
+  return User.updateOne({ _id: user._id }, { $set: set }).exec();
 }

 export default async function processUsers () {
  const query = {
    migration: { $ne: MIGRATION_NAME },
-    challenges: '00708425-d477-41a5-bf27-6270466e7976',
+    challenges: CHALLENGE_ID,
  };

  const fields = {
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -1,12 +1,13 @@
 {
  "name": "habitica",
  "description": "A habit tracker app which treats your goals like a Role Playing Game.",
-  "version": "5.34.4",
+  "version": "5.40.2",
  "main": "./website/server/index.js",
  "dependencies": {
    "@babel/core": "^7.22.10",
    "@babel/preset-env": "^7.22.10",
    "@babel/register": "^7.22.15",
+    "@google-analytics/data": "^4.12.1",
    "@google-cloud/trace-agent": "^7.1.2",
    "@parse/node-apn": "^5.2.3",
    "@slack/webhook": "^6.1.0",
@@ -19,8 +20,8 @@
    "bcrypt": "^5.1.1",
    "body-parser": "^1.20.3",
    "bootstrap": "^4.6.2",
-    "compression": "^1.7.4",
-    "cookie-session": "^2.0.0",
+    "compression": "^1.8.1",
+    "cookie-session": "^2.1.1",
    "coupon-code": "^0.4.5",
    "csv-stringify": "^5.6.5",
    "cwait": "^1.1.1",
@@ -38,7 +39,6 @@
    "gulp-babel": "^8.0.0",
    "gulp-filter": "^7.0.0",
    "gulp-imagemin": "^7.1.0",
-    "gulp-nodemon": "^2.5.0",
    "gulp.spritesmith": "^6.13.0",
    "habitica-markdown": "^3.0.0",
    "helmet": "^4.6.0",
@@ -50,13 +50,12 @@
    "merge-stream": "^2.0.0",
    "method-override": "^3.0.0",
    "moment": "^2.29.4",
-    "moment-recur": "^1.0.7",
-    "mongoose": "^7.8.3",
-    "morgan": "^1.10.0",
+    "moment-recur": "git://github.com/HabitRPG/moment-recur.git#d3e8e6da0806f13b74dd2e4d7d9053e6a63db119",
+    "mongoose": "^8.9.5",
+    "morgan": "^1.10.1",
    "nconf": "^0.12.1",
    "node-gcm": "^1.0.5",
-    "nodemon": "^2.0.20",
-    "on-headers": "^1.0.2",
+    "on-headers": "^1.1.0",
    "passport": "^0.5.3",
    "passport-facebook": "^3.0.0",
    "passport-google-oauth2": "^0.2.0",
@@ -72,7 +71,6 @@
    "sinon": "^15.2.0",
    "stripe": "^12.18.0",
    "superagent": "^8.1.2",
-    "universal-analytics": "^0.5.3",
    "useragent": "^2.1.9",
    "uuid": "^9.0.0",
    "validator": "^13.11.0",
@@ -100,23 +98,22 @@
    "test:sanity": "nyc --silent --no-clean mocha test/sanity --recursive",
    "test:common": "nyc --silent --no-clean mocha test/common --recursive",
    "test:content": "nyc --silent --no-clean mocha test/content --recursive",
-    "test:nodemon": "gulp test:nodemon",
    "coverage": "nyc report --reporter=html --report-dir coverage/results; open coverage/results/index.html",
    "sprites": "gulp sprites:compile",
    "client:dev": "cd website/client && npm run serve",
    "client:build": "cd website/client && npm run build",
    "client:unit": "cd website/client && npm run test:unit",
-    "start": "gulp nodemon",
+    "start": "node --watch ./website/server/index.js",
    "start:simple": "node ./website/server/index.js",
-    "debug": "gulp nodemon --inspect",
-    "mongo:dev": "run-rs -v 5.0.23 -l ubuntu1804 --keep --dbpath mongodb-data --number 1 --quiet",
-    "mongo:test": "run-rs -v 5.0.23 -l ubuntu1804 --keep --dbpath mongodb-data-testing --number 1 --quiet",
+    "debug": "node --watch --inspect ./website/server/index.js",
+    "mongo:dev": "run-rs -v 7.0.23 -l ubuntu2204 --keep --dbpath mongodb-data --number 1 --quiet",
+    "mongo:test": "run-rs -v 7.0.23 -l ubuntu2204 --keep --dbpath mongodb-data-testing --number 1 --quiet",
    "postinstall": "git config --global url.\"https://\".insteadOf git:// && gulp build && cd website/client && npm install",
    "apidoc": "gulp apidoc",
    "heroku-postbuild": ".heroku/report_deploy.sh"
  },
  "devDependencies": {
-    "axios": "^1.7.4",
+    "axios": "^1.8.2",
    "chai": "^4.3.7",
    "chai-as-promised": "^7.1.1",
    "chai-moment": "^0.1.0",
--- a/scripts/gdpr-delete-users.js
+++ b/scripts/gdpr-delete-users.js
@@ -71,15 +71,14 @@ async function deleteHabiticaData (user, email) {
 }

 async function processEmailAddress (email) {
-  const emailRegex = new RegExp(`^${email}$`, 'i');
  const localUsers = await User.find(
-    { 'auth.local.email': emailRegex },
+    { 'auth.local.email': email },
    { _id: 1, apiToken: 1, auth: 1 },
  ).exec();

  const socialUsers = await User.find(
    {
-      'auth.local.email': { $not: emailRegex },
+      'auth.local.email': { $ne: email },
      $or: [
        { 'auth.facebook.emails.value': email },
        { 'auth.google.emails.value': email },
--- a/scripts/team-cron.js
+++ b/scripts/team-cron.js
@@ -8,7 +8,17 @@ const TASK_VALUE_CHANGE_FACTOR = 0.9747;
 const MIN_TASK_VALUE = -47.27;

 async function updateTeamTasks (team) {
+  if (team.purchased.plan.dateTerminated) {
+    const dateTerminated = new Date(team.purchased.plan.dateTerminated);
+    if (dateTerminated < new Date()) {
+      team.purchased.plan.customerId = undefined;
+      team.markModified('purchased.plan');
+      return team.save();
+    }
+  }
+
  const toSave = [];
+
  let teamLeader = await User.findOne({ _id: team.leader }, 'preferences').exec();

  if (!teamLeader) { // why would this happen?
@@ -93,12 +103,7 @@ async function updateTeamTasks (team) {
 export default async function processTeamsCron () {
  const activeTeams = await Group.find({
    'purchased.plan.customerId': { $exists: true },
-    $or: [
-      { 'purchased.plan.dateTerminated': { $exists: false } },
-      { 'purchased.plan.dateTerminated': null },
-      { 'purchased.plan.dateTerminated': { $gt: new Date() } },
-    ],
-  }).exec();
+  }, { cron: 1, leader: 1, purchased: 1 }).exec();

  const cronPromises = activeTeams.map(updateTeamTasks);
  return Promise.all(cronPromises);
--- a/test/api/unit/libs/analyticsService.test.js
+++ b/test/api/unit/libs/analyticsService.test.js
@@ -1,15 +1,11 @@
 /* eslint-disable camelcase */
 import nconf from 'nconf';
 import Amplitude from 'amplitude';
-import { Visitor } from 'universal-analytics';
 import * as analyticsService from '../../../../website/server/libs/analyticsService';

 describe('analyticsService', () => {
  beforeEach(() => {
    sandbox.stub(Amplitude.prototype, 'track').returns(Promise.resolve());
-
-    sandbox.stub(Visitor.prototype, 'event');
-    sandbox.stub(Visitor.prototype, 'transaction');
  });

  afterEach(() => {
@@ -37,8 +33,6 @@ describe('analyticsService', () => {
      data;

    beforeEach(() => {
-      Visitor.prototype.event.yields();
-
      eventType = 'Cron';
      data = {
        category: 'behavior',
@@ -49,6 +43,11 @@ describe('analyticsService', () => {
          'x-client': 'habitica-web',
          'user-agent': '',
        },
+        user: {
+          preferences: {
+            analyticsConsent: true,
+          },
+        },
      };
    });

@@ -295,6 +294,9 @@ describe('analyticsService', () => {
          rewards: [{ _id: 'reward' }],
          balance: 12,
          loginIncentives: 1,
+          preferences: {
+            analyticsConsent: true,
+          },
        };

        data.user = user;
@@ -326,37 +328,12 @@ describe('analyticsService', () => {
          });
      });
    });
-
-    context('GA', () => {
-      it('calls out to GA', () => analyticsService.track(eventType, data)
-        .then(() => {
-          expect(Visitor.prototype.event).to.be.calledOnce;
-        }));
-
-      it('sends details about event', () => analyticsService.track(eventType, data)
-        .then(() => {
-          expect(Visitor.prototype.event).to.be.calledWith({
-            ea: 'Cron',
-            ec: 'behavior',
-          });
-        }));
-    });
  });

  describe('#trackPurchase', () => {
-    let data; let
-      itemSpy;
+    let data;

    beforeEach(() => {
-      Visitor.prototype.event.yields();
-
-      itemSpy = sandbox.stub().returnsThis();
-
-      Visitor.prototype.transaction.returns({
-        item: itemSpy,
-        send: sandbox.stub().yields(),
-      });
-
      data = {
        uuid: 'user-id',
        sku: 'paypal-checkout',
@@ -370,6 +347,11 @@ describe('analyticsService', () => {
          'x-client': 'habitica-web',
          'user-agent': '',
        },
+        user: {
+          preferences: {
+            analyticsConsent: true,
+          },
+        },
      };
    });

@@ -533,6 +515,9 @@ describe('analyticsService', () => {
          dailys: [{ _id: 'daily' }],
          todos: [{ _id: 'todo' }],
          rewards: [{ _id: 'reward' }],
+          preferences: {
+            analyticsConsent: true,
+          },
        };

        data.user = user;
@@ -561,26 +546,6 @@ describe('analyticsService', () => {
          });
      });
    });
-
-    context('GA', () => {
-      it('calls out to GA', () => analyticsService.trackPurchase(data)
-        .then(() => {
-          expect(Visitor.prototype.event).to.be.calledOnce;
-          expect(Visitor.prototype.transaction).to.be.calledOnce;
-        }));
-
-      it('sends details about purchase', () => analyticsService.trackPurchase(data)
-        .then(() => {
-          expect(Visitor.prototype.event).to.be.calledWith({
-            ea: 'checkout',
-            ec: 'commerce',
-            el: 'PayPal',
-            ev: 8,
-          });
-          expect(Visitor.prototype.transaction).to.be.calledWith('user-id', 8);
-          expect(itemSpy).to.be.calledWith(8, 1, 'paypal-checkout', 'Gems', 'checkout');
-        }));
-    });
  });

  describe('mockAnalyticsService', () => {
--- a/test/api/unit/libs/bug-report.test.js
+++ b/test/api/unit/libs/bug-report.test.js
@@ -34,6 +34,7 @@ describe('bug-report', () => {
      emailData: {
        BROWSER_UA: userAgent,
        REPORT_MSG: userMessage,
+        USER_ANALYTICS: undefined,
        USER_CLASS: 'warrior',
        USER_CONSECUTIVE_MONTHS: 0,
        USER_COSTUME: 'false',
--- a/test/api/unit/libs/cron.test.js
+++ b/test/api/unit/libs/cron.test.js
@@ -2,13 +2,22 @@
 import moment from 'moment';
 import nconf from 'nconf';
 import requireAgain from 'require-again';
-import { recoverCron, cron } from '../../../../website/server/libs/cron';
+import { v4 as generateUUID } from 'uuid';
+import {
+  generateRes,
+  generateReq,
+  generateTodo,
+  generateDaily,
+} from '../../../helpers/api-unit.helper';
+import { cron, cronWrapper } from '../../../../website/server/libs/cron';
 import { model as User } from '../../../../website/server/models/user';
 import * as Tasks from '../../../../website/server/models/task';
 import common from '../../../../website/common';
 import * as analytics from '../../../../website/server/libs/analyticsService';
+import { model as Group } from '../../../../website/server/models/group';

-// const scoreTask = common.ops.scoreTask;
+const CRON_TIMEOUT_WAIT = new Date(5 * 60 * 1000).getTime();
+const CRON_TIMEOUT_UNIT = new Date(60 * 1000).getTime();

 const pathToCronLib = '../../../../website/server/libs/cron';

@@ -1200,7 +1209,7 @@ describe('cron', async () => {
    it('increments perfect day achievement if all (at least 1) due dailies were completed', async () => {
      daysMissed = 1;
      tasksByType.dailys[0].completed = true;
-      tasksByType.dailys[0].startDate = moment(new Date()).subtract({ days: 1 });
+      tasksByType.dailys[0].isDue = true;

      await cron({
        user, tasksByType, daysMissed, analytics,
@@ -1212,7 +1221,7 @@ describe('cron', async () => {
    it('does not increment perfect day achievement if no due dailies', async () => {
      daysMissed = 1;
      tasksByType.dailys[0].completed = true;
-      tasksByType.dailys[0].startDate = moment(new Date()).add({ days: 1 });
+      tasksByType.dailys[0].isDue = false;

      await cron({
        user, tasksByType, daysMissed, analytics,
@@ -1224,7 +1233,7 @@ describe('cron', async () => {
    it('gives perfect day buff if all (at least 1) due dailies were completed', async () => {
      daysMissed = 1;
      tasksByType.dailys[0].completed = true;
-      tasksByType.dailys[0].startDate = moment(new Date()).subtract({ days: 1 });
+      tasksByType.dailys[0].isDue = true;

      const previousBuffs = user.stats.buffs.toObject();

@@ -1242,7 +1251,7 @@ describe('cron', async () => {
      user.preferences.sleep = true;
      daysMissed = 1;
      tasksByType.dailys[0].completed = true;
-      tasksByType.dailys[0].startDate = moment(new Date()).subtract({ days: 1 });
+      tasksByType.dailys[0].isDue = true;

      const previousBuffs = user.stats.buffs.toObject();

@@ -1259,7 +1268,7 @@ describe('cron', async () => {
    it('clears buffs if user does not have a perfect day (no due dailys)', async () => {
      daysMissed = 1;
      tasksByType.dailys[0].completed = true;
-      tasksByType.dailys[0].startDate = moment(new Date()).add({ days: 1 });
+      tasksByType.dailys[0].isDue = false;

      user.stats.buffs = {
        str: 1,
@@ -1488,78 +1497,6 @@ describe('cron', async () => {
    });
  });

-  describe('notifications', async () => {
-    it('adds a user notification', async () => {
-      const mpBefore = user.stats.mp;
-      tasksByType.dailys[0].completed = true;
-
-      const statsComputedRes = common.statsComputed(user);
-      const stubbedStatsComputed = sinon.stub(common, 'statsComputed');
-      stubbedStatsComputed.returns(Object.assign(statsComputedRes, { maxMP: 100 }));
-
-      daysMissed = 1;
-      const hpBefore = user.stats.hp;
-      tasksByType.dailys[0].startDate = moment(new Date()).subtract({ days: 1 });
-
-      await cron({
-        user, tasksByType, daysMissed, analytics,
-      });
-
-      expect(user.notifications.length).to.be.greaterThan(0);
-      expect(user.notifications[1].type).to.equal('CRON');
-      expect(user.notifications[1].data).to.eql({
-        hp: user.stats.hp - hpBefore,
-        mp: user.stats.mp - mpBefore,
-      });
-
-      common.statsComputed.restore();
-    });
-
-    it('condenses multiple notifications into one', async () => {
-      const mpBefore1 = user.stats.mp;
-      tasksByType.dailys[0].completed = true;
-
-      const statsComputedRes = common.statsComputed(user);
-      const stubbedStatsComputed = sinon.stub(common, 'statsComputed');
-      stubbedStatsComputed.returns(Object.assign(statsComputedRes, { maxMP: 100 }));
-
-      daysMissed = 1;
-      const hpBefore1 = user.stats.hp;
-      tasksByType.dailys[0].startDate = moment(new Date()).subtract({ days: 1 });
-
-      await cron({
-        user, tasksByType, daysMissed, analytics,
-      });
-
-      expect(user.notifications.length).to.be.greaterThan(0);
-      expect(user.notifications[1].type).to.equal('CRON');
-      expect(user.notifications[1].data).to.eql({
-        hp: user.stats.hp - hpBefore1,
-        mp: user.stats.mp - mpBefore1,
-      });
-
-      const notifsBefore2 = user.notifications.length;
-      const hpBefore2 = user.stats.hp;
-      const mpBefore2 = user.stats.mp;
-
-      user.lastCron = moment(new Date()).subtract({ days: 2 });
-
-      await cron({
-        user, tasksByType, daysMissed, analytics,
-      });
-
-      expect(user.notifications.length - notifsBefore2).to.equal(0);
-      expect(user.notifications[0].type).to.not.equal('CRON');
-      expect(user.notifications[1].type).to.equal('CRON');
-      expect(user.notifications[1].data).to.eql({
-        hp: user.stats.hp - hpBefore2 - (hpBefore2 - hpBefore1),
-        mp: user.stats.mp - mpBefore2 - (mpBefore2 - mpBefore1),
-      });
-      expect(user.notifications[0].type).to.not.equal('CRON');
-      common.statsComputed.restore();
-    });
-  });
-
  describe('private messages', async () => {
    let lastMessageId;

@@ -1606,7 +1543,7 @@ describe('cron', async () => {
      await cron({
        user, tasksByType, daysMissed, analytics,
      });
-      expect(user.notifications.length).to.be.greaterThan(1);
+      expect(user.notifications.length).to.eql(1);
      expect(user.notifications[0].type).to.eql('LOGIN_INCENTIVE');
    });

@@ -1820,64 +1757,258 @@ describe('cron', async () => {
  });
 });

-describe('recoverCron', async () => {
-  let locals; let status; let
-    execStub;
+describe('cron wrapper', () => {
+  let res; let
+    req;
+  let user;

  beforeEach(async () => {
-    execStub = sandbox.stub();
-    sandbox.stub(User, 'findOne').returns({ exec: execStub });
-
-    status = { times: 0 };
-    locals = {
-      user: new User({
-        auth: {
-          local: {
-            username: 'username',
-            lowerCaseUsername: 'username',
-            email: 'email@example.com',
-            salt: 'salt',
-            hashed_password: 'hashed_password', // eslint-disable-line camelcase
-          },
-        },
-      }),
-    };
+    res = generateRes();
+    req = generateReq();
+    user = await res.locals.user.save();
+    res.analytics = analytics;
  });

-  afterEach(async () => {
+  afterEach(() => {
    sandbox.restore();
  });

-  it('throws an error if user cannot be found', async () => {
-    execStub.returns(Promise.resolve(null));
+  it('calls next when user is not attached', async () => {
+    res.locals.user = null;
+    await cronWrapper(req, res);
+  });
+
+  it('calls next when days have not been missed', async () => {
+    await cronWrapper(req, res);
+  });
+
+  it('should clear todos older than 30 days for free users', async () => {
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    const task = generateTodo(user);
+    task.dateCompleted = moment(new Date()).subtract({ days: 31 });
+    task.completed = true;
+    await task.save();
+    await user.save();
+
+    await cronWrapper(req, res);
+    const taskRes = await Tasks.Task.findOne({ _id: task._id });
+    expect(taskRes).to.not.exist;
+  });
+
+  it('should not clear todos older than 30 days for subscribed users', async () => {
+    user.purchased.plan.customerId = 'subscribedId';
+    user.purchased.plan.dateUpdated = moment('012013', 'MMYYYY');
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    const task = generateTodo(user);
+    task.dateCompleted = moment(new Date()).subtract({ days: 31 });
+    task.completed = true;
+    await Promise.all([task.save(), user.save()]);
+
+    await cronWrapper(req, res);
+    const taskRes = await Tasks.Task.findOne({ _id: task._id });
+    expect(taskRes).to.exist;
+  });
+
+  it('should clear todos older than 90 days for subscribed users', async () => {
+    user.purchased.plan.customerId = 'subscribedId';
+    user.purchased.plan.dateUpdated = moment('012013', 'MMYYYY');
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+
+    const task = generateTodo(user);
+    task.dateCompleted = moment(new Date()).subtract({ days: 91 });
+    task.completed = true;
+    await task.save();
+    await user.save();
+
+    await cronWrapper(req, res);
+    const taskRes = await Tasks.Task.findOne({ _id: task._id });
+    expect(taskRes).to.not.exist;
+  });
+
+  it('should call next if user was not modified after cron', async () => {
+    const hpBefore = user.stats.hp;
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    await user.save();
+
+    await cronWrapper(req, res);
+    expect(hpBefore).to.equal(user.stats.hp);
+  });
+
+  it('runs cron if previous cron was incomplete', async () => {
+    user.lastCron = moment(new Date()).subtract({ days: 1 });
+    user.auth.timestamps.loggedin = moment(new Date()).subtract({ days: 4 });
+    const now = new Date();
+    await user.save();
+
+    await cronWrapper(req, res);
+    expect(moment(now).isSame(user.lastCron, 'day'));
+    expect(moment(now).isSame(user.auth.timestamps.loggedin, 'day'));
+  });
+
+  it('updates user.auth.timestamps.loggedin and lastCron', async () => {
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    const now = new Date();
+    await user.save();
+
+    await cronWrapper(req, res);
+    expect(moment(now).isSame(user.lastCron, 'day'));
+    expect(moment(now).isSame(user.auth.timestamps.loggedin, 'day'));
+  });
+
+  it('does damage for missing dailies', async () => {
+    const hpBefore = user.stats.hp;
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    const daily = generateDaily(user);
+    daily.startDate = moment(new Date()).subtract({ days: 2 });
+    await daily.save();
+    await user.save();
+
+    await cronWrapper(req, res);
+    const updatedUser = await User.findOne({ _id: user._id });
+    expect(updatedUser.stats.hp).to.be.lessThan(hpBefore);
+  });
+
+  it('updates tasks', async () => {
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    const todo = generateTodo(user);
+    const todoValueBefore = todo.value;
+    await Promise.all([todo.save(), user.save()]);
+
+    await cronWrapper(req, res);
+    const todoFound = await Tasks.Task.findOne({ _id: todo._id });
+    expect(todoFound.value).to.be.lessThan(todoValueBefore);
+  });
+
+  it('updates large number of tasks', async () => {
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    const todo = generateTodo(user);
+    const todoValueBefore = todo.value;
+    const start = new Date();
+    const saves = [todo.save(), user.save()];
+    for (let i = 0; i < 200; i += 1) {
+      const newTodo = generateTodo(user);
+      newTodo.value = i;
+      saves.push(newTodo.save());
+    }
+    await Promise.all(saves);
+
+    await cronWrapper(req, res);
+    const duration = new Date() - start;
+    expect(duration).to.be.lessThan(1000);
+    const todoFound = await Tasks.Task.findOne({ _id: todo._id });
+    expect(moment(start).isSame(user.lastCron, 'day'));
+    expect(moment(start).isSame(user.auth.timestamps.loggedin, 'day'));
+    expect(todoFound.value).to.be.lessThan(todoValueBefore);
+  });
+
+  it('fails entire cron if one task is failing', async () => {
+    const lastCron = moment(new Date()).subtract({ days: 2 });
+    user.lastCron = lastCron;
+    const todo = generateTodo(user);
+    const todoValueBefore = todo.value;
+    const badTodo = generateTodo(user);
+    badTodo.text = 'bad todo';
+    badTodo.attribute = 'bad';
+    await Promise.all([badTodo.save({ validateBeforeSave: false }), todo.save(), user.save()]);

    try {
-      await recoverCron(status, locals);
-      throw new Error('no exception when user cannot be found');
+      await cronWrapper(req, res);
    } catch (err) {
-      expect(err.message).to.eql(`User ${locals.user._id} not found while recovering.`);
+      expect(err).to.exist;
+    }
+    const todoFound = await Tasks.Task.findOne({ _id: todo._id });
+    expect(moment(lastCron).isSame(user.lastCron, 'day'));
+    expect(todoFound.value).to.be.equal(todoValueBefore);
+  });
+
+  it('applies quest progress', async () => {
+    const hpBefore = user.stats.hp;
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    const daily = generateDaily(user);
+    daily.startDate = moment(new Date()).subtract({ days: 2 });
+    await daily.save();
+
+    const questKey = 'dilatory';
+    user.party.quest.key = questKey;
+
+    const party = new Group({
+      type: 'party',
+      name: generateUUID(),
+      leader: user._id,
+    });
+    party.quest.members[user._id] = true;
+    party.quest.key = questKey;
+    await party.save();
+
+    user.party._id = party._id;
+    await user.save();
+
+    party.startQuest(user);
+
+    await cronWrapper(req, res);
+    const updatedUser = await User.findOne({ _id: user._id });
+    expect(updatedUser.stats.hp).to.be.lessThan(hpBefore);
+  });
+
+  it('cronSignature less than 5 minutes ago should error', async () => {
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    const now = new Date();
+    await User.updateOne({
+      _id: user._id,
+    }, {
+      $set: {
+        _cronSignature: now.getTime() - CRON_TIMEOUT_WAIT + CRON_TIMEOUT_UNIT,
+      },
+    }).exec();
+    await user.save();
+    try {
+      await cronWrapper(req, res);
+    } catch (err) {
+      expect(err).to.exist;
    }
  });

-  it('increases status.times count and reruns up to 4 times', async () => {
-    execStub.returns(Promise.resolve({ _cronSignature: 'RUNNING_CRON' }));
-    execStub.onCall(4).returns(Promise.resolve({ _cronSignature: 'NOT_RUNNING' }));
+  it('cronSignature longer than an hour ago should allow cron', async () => {
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    const now = new Date();
+    await User.updateOne({
+      _id: user._id,
+    }, {
+      $set: {
+        _cronSignature: now.getTime() - CRON_TIMEOUT_WAIT - CRON_TIMEOUT_UNIT,
+      },
+    }).exec();
+    await user.save();

-    await recoverCron(status, locals);
-
-    expect(status.times).to.eql(4);
-    expect(locals.user).to.eql({ _cronSignature: 'NOT_RUNNING' });
+    await cronWrapper(req, res);
+    expect(moment(now).isSame(user.auth.timestamps.loggedin, 'day'));
+    expect(user._cronSignature).to.be.equal('NOT_RUNNING');
  });

-  it('throws an error if recoverCron runs 5 times', async () => {
-    execStub.returns(Promise.resolve({ _cronSignature: 'RUNNING_CRON' }));
+  it('cron should not run more than once', async () => {
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    await user.save();

-    try {
-      await recoverCron(status, locals);
-      throw new Error('no exception when recoverCron runs 5 times');
-    } catch (err) {
-      expect(status.times).to.eql(5);
-      expect(err.message).to.eql(`Impossible to recover from cron for user ${locals.user._id}.`);
-    }
+    const result = await Promise.allSettled([
+      cronWrapper(req, res),
+      cronWrapper(req, res),
+      new Promise((resolve, reject) => {
+        setTimeout(async () => {
+          try {
+            const runResult = await cronWrapper(req, res);
+            if (runResult !== null) {
+              reject(new Error('cron ran more than once'));
+            } else {
+              resolve();
+            }
+          } catch (err) {
+            reject(err);
+          }
+        }, 200);
+      }),
+    ]);
+
+    expect(result.filter(r => r.status === 'fulfilled')).to.have.lengthOf(2);
+    expect(result.filter(r => r.status === 'rejected')).to.have.lengthOf(1);
  });
 });
--- a/test/api/unit/libs/mongodb.js
+++ b/test/api/unit/libs/mongodb.js
@@ -1,5 +1,4 @@
 import os from 'os';
-import nconf from 'nconf';
 import requireAgain from 'require-again';

 const pathToMongoLib = '../../../../website/server/libs/mongodb';
@@ -29,22 +28,4 @@ describe('mongodb', () => {
      expect(string).to.equal('mongodb://hostname:3030');
    });
  });
-
-  describe('getDefaultConnectionOptions', () => {
-    it('returns development config when IS_PROD is false', () => {
-      sandbox.stub(nconf, 'get').withArgs('IS_PROD').returns(false);
-      const mongoLibOverride = requireAgain(pathToMongoLib);
-
-      const options = mongoLibOverride.getDefaultConnectionOptions();
-      expect(options).to.have.all.keys(['useNewUrlParser', 'useUnifiedTopology']);
-    });
-
-    it('returns production config when IS_PROD is true', () => {
-      sandbox.stub(nconf, 'get').withArgs('IS_PROD').returns(true);
-      const mongoLibOverride = requireAgain(pathToMongoLib);
-
-      const options = mongoLibOverride.getDefaultConnectionOptions();
-      expect(options).to.have.all.keys(['useNewUrlParser', 'useUnifiedTopology']);
-    });
-  });
 });
--- a/test/api/unit/middlewares/auth.test.js
+++ b/test/api/unit/middlewares/auth.test.js
@@ -1,8 +1,11 @@
+import nconf from 'nconf';
+import requireAgain from 'require-again';
 import {
  generateRes,
  generateReq,
 } from '../../../helpers/api-unit.helper';
-import { authWithHeaders as authWithHeadersFactory } from '../../../../website/server/middlewares/auth';
+
+const authPath = '../../../../website/server/middlewares/auth';

 describe('auth middleware', () => {
  let res; let req; let
@@ -16,6 +19,7 @@ describe('auth middleware', () => {

  describe('auth with headers', () => {
    it('allows to specify a list of user field that we do not want to load', done => {
+      const authWithHeadersFactory = requireAgain(authPath).authWithHeaders;
      const authWithHeaders = authWithHeadersFactory({
        userFieldsToExclude: ['items'],
      });
@@ -35,6 +39,7 @@ describe('auth middleware', () => {
    });

    it('makes sure some fields are always included', done => {
+      const authWithHeadersFactory = requireAgain(authPath).authWithHeaders;
      const authWithHeaders = authWithHeadersFactory({
        userFieldsToExclude: [
          'items', 'auth.timestamps',
@@ -60,5 +65,57 @@ describe('auth middleware', () => {
        return done();
      });
    });
+
+    it('errors with InvalidCredentialsError and code when token is wrong', done => {
+      const authWithHeadersFactory = requireAgain(authPath).authWithHeaders;
+      const authWithHeaders = authWithHeadersFactory({ userFieldsToExclude: [] });
+
+      req.headers['x-api-user'] = user._id;
+      req.headers['x-api-key'] = 'totally-wrong-token';
+
+      authWithHeaders(req, res, err => {
+        expect(err).to.exist;
+        expect(err.name).to.equal('InvalidCredentialsError');
+        expect(err.code).to.equal('invalid_credentials');
+        expect(err.message).to.equal(res.t('invalidCredentials'));
+        return done();
+      });
+    });
+
+    describe('when ENFORCE_CLIENT_HEADER is true', () => {
+      let authFactory;
+
+      beforeEach(() => {
+        sandbox.stub(nconf, 'get').withArgs('ENFORCE_CLIENT_HEADER').returns('true');
+        authFactory = requireAgain(authPath).authWithHeaders;
+      });
+
+      it('errors with missingClientHeader when x-client header is not present', done => {
+        const authWithHeaders = authFactory({ userFieldsToExclude: [] });
+
+        req.headers['x-api-user'] = user._id;
+        req.headers['x-api-key'] = user;
+        authWithHeaders(req, res, err => {
+          expect(err).to.exist;
+          expect(err.name).to.equal('BadRequest');
+          expect(err.message).to.equal(res.t('missingClientHeader'));
+          return done();
+        });
+      });
+
+      it('allows request to pass when x-client header is present', done => {
+        const authWithHeaders = authFactory({ userFieldsToExclude: [] });
+
+        req.headers['x-api-user'] = user._id;
+        req.headers['x-api-key'] = user.apiToken;
+        req.headers['x-client'] = 'habitica-web';
+
+        authWithHeaders(req, res, err => {
+          if (err) return done(err);
+          expect(res.locals.user).to.exist;
+          return done();
+        });
+      });
+    });
  });
 });
--- a/test/api/unit/middlewares/blocker.test.js
+++ b/test/api/unit/middlewares/blocker.test.js
@@ -0,0 +1,197 @@
+import nconf from 'nconf';
+import requireAgain from 'require-again';
+import {
+  generateRes,
+  generateReq,
+  generateNext,
+} from '../../../helpers/api-unit.helper';
+import { Forbidden } from '../../../../website/server/libs/errors';
+import { apiError } from '../../../../website/server/libs/apiError';
+import { model as Blocker } from '../../../../website/server/models/blocker';
+
+function checkIPBlockedErrorThrown (next) {
+  expect(next).to.have.been.calledOnce;
+  const calledWith = next.getCall(0).args;
+  expect(calledWith[0].message).to.equal(apiError('ipAddressBlocked'));
+  expect(calledWith[0] instanceof Forbidden).to.equal(true);
+}
+
+function checkClientBlockedErrorThrown (next) {
+  expect(next).to.have.been.calledOnce;
+  const calledWith = next.getCall(0).args;
+  expect(calledWith[0].message).to.equal(apiError('clientBlocked'));
+  expect(calledWith[0] instanceof Forbidden).to.equal(true);
+}
+
+function checkErrorNotThrown (next) {
+  expect(next).to.have.been.calledOnce;
+  const calledWith = next.getCall(0).args;
+  expect(typeof calledWith[0] === 'undefined').to.equal(true);
+}
+
+describe('Blocker middleware', () => {
+  const pathToBlocker = '../../../../website/server/middlewares/blocker';
+
+  let res; let req; let next;
+
+  beforeEach(() => {
+    res = generateRes();
+    req = generateReq();
+    next = generateNext();
+  });
+
+  describe('Blocking IPs', () => {
+    it('is disabled when the env var is not defined', () => {
+      sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns(undefined);
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkErrorNotThrown(next);
+    });
+
+    it('is disabled when the env var is an empty string', () => {
+      sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('');
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkErrorNotThrown(next);
+    });
+
+    it('is disabled when the env var contains comma separated empty strings', () => {
+      sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns(' , , ');
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkErrorNotThrown(next);
+    });
+
+    it('does not throw when the ip does not match', () => {
+      req.ip = '192.168.1.1';
+      sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('192.168.1.2');
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkErrorNotThrown(next);
+    });
+
+    it('does not throw when the blocker IP does not match', async () => {
+      req.ip = '192.168.1.1';
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          if (event === 'change') {
+            callback({ operation: 'add', blocker: { type: 'ipaddress', area: 'full', value: '192.168.1.2' } });
+          }
+        },
+      });
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkErrorNotThrown(next);
+    });
+
+    it('does not throw when a client is blocked', async () => {
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          if (event === 'change') {
+            callback({ operation: 'add', blocker: { type: 'client', area: 'full', value: '192.168.1.1' } });
+          }
+        },
+      });
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkErrorNotThrown(next);
+    });
+
+    it('throws when the blocker IP is blocked', async () => {
+      req.ip = '192.168.1.1';
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          if (event === 'change') {
+            callback({ operation: 'add', blocker: { type: 'ipaddress', area: 'full', value: '192.168.1.1' } });
+          }
+        },
+      });
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkIPBlockedErrorThrown(next);
+    });
+  });
+
+  describe('Blocking clients', () => {
+    beforeEach(() => {
+      sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('');
+      req.headers['x-client'] = 'test-client';
+    });
+    it('is disabled when no clients are blocked', () => {
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkErrorNotThrown(next);
+    });
+
+    it('does not throw when the client does not match', async () => {
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          if (event === 'change') {
+            callback({ operation: 'add', blocker: { type: 'client', area: 'full', value: 'another-client' } });
+          }
+        },
+      });
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkErrorNotThrown(next);
+    });
+
+    it('throws when the client is blocked', async () => {
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          if (event === 'change') {
+            callback({ operation: 'add', blocker: { type: 'client', area: 'full', value: 'test-client' } });
+          }
+        },
+      });
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkClientBlockedErrorThrown(next);
+    });
+
+    it('does not throw when an ip is blocked', async () => {
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          if (event === 'change') {
+            callback({ operation: 'add', blocker: { type: 'ipaddress', area: 'full', value: 'test-client' } });
+          }
+        },
+      });
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkErrorNotThrown(next);
+    });
+
+    it('updates the list when data changes', async () => {
+      let blockCallback;
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          blockCallback = callback;
+          if (event === 'change') {
+            callback({ operation: 'add', blocker: { type: 'client', area: 'full', value: 'another-client' } });
+          }
+        },
+      });
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+      checkErrorNotThrown(next);
+      blockCallback({ operation: 'add', blocker: { type: 'client', area: 'full', value: 'test-client' } });
+      attachBlocker(req, res, next);
+      expect(next).to.have.been.calledTwice;
+      const calledWith = next.getCall(1).args;
+      expect(calledWith[0].message).to.equal(apiError('clientBlocked'));
+      expect(calledWith[0] instanceof Forbidden).to.equal(true);
+    });
+  });
+});
--- a/test/api/unit/middlewares/cronMiddleware.js
+++ b/test/api/unit/middlewares/cronMiddleware.js
@@ -1,332 +0,0 @@
-import moment from 'moment';
-import { v4 as generateUUID } from 'uuid';
-import {
-  generateRes,
-  generateReq,
-  generateTodo,
-  generateDaily,
-} from '../../../helpers/api-unit.helper';
-import cronMiddleware from '../../../../website/server/middlewares/cron';
-import { model as User } from '../../../../website/server/models/user';
-import { model as Group } from '../../../../website/server/models/group';
-import * as Tasks from '../../../../website/server/models/task';
-import * as analyticsService from '../../../../website/server/libs/analyticsService';
-import * as cronLib from '../../../../website/server/libs/cron';
-
-const CRON_TIMEOUT_WAIT = new Date(60 * 60 * 1000).getTime();
-const CRON_TIMEOUT_UNIT = new Date(60 * 1000).getTime();
-
-describe('cron middleware', () => {
-  let res; let
-    req;
-  let user;
-
-  beforeEach(async () => {
-    res = generateRes();
-    req = generateReq();
-    user = await res.locals.user.save();
-    res.analytics = analyticsService;
-  });
-
-  afterEach(() => {
-    sandbox.restore();
-  });
-
-  it('calls next when user is not attached', done => {
-    res.locals.user = null;
-    cronMiddleware(req, res, done);
-  });
-
-  it('calls next when days have not been missed', done => {
-    cronMiddleware(req, res, done);
-  });
-
-  it('should clear todos older than 30 days for free users', async () => {
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    const task = generateTodo(user);
-    task.dateCompleted = moment(new Date()).subtract({ days: 31 });
-    task.completed = true;
-    await task.save();
-    await user.save();
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-
-        Tasks.Task.findOne({ _id: task }).then(foundTask => {
-          expect(foundTask).to.not.exist;
-          resolve();
-        });
-
-        return null;
-      });
-    });
-  });
-
-  it('should not clear todos older than 30 days for subscribed users', async () => {
-    user.purchased.plan.customerId = 'subscribedId';
-    user.purchased.plan.dateUpdated = moment('012013', 'MMYYYY');
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    const task = generateTodo(user);
-    task.dateCompleted = moment(new Date()).subtract({ days: 31 });
-    task.completed = true;
-    await task.save();
-    await user.save();
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        Tasks.Task.findOne({ _id: task }).then(foundTask => {
-          expect(foundTask).to.exist;
-          return resolve();
-        });
-        return null;
-      });
-    });
-  });
-
-  it('should clear todos older than 90 days for subscribed users', async () => {
-    user.purchased.plan.customerId = 'subscribedId';
-    user.purchased.plan.dateUpdated = moment('012013', 'MMYYYY');
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-
-    const task = generateTodo(user);
-    task.dateCompleted = moment(new Date()).subtract({ days: 91 });
-    task.completed = true;
-    await task.save();
-    await user.save();
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        Tasks.Task.findOne({ _id: task }).then(foundTask => {
-          expect(foundTask).to.not.exist;
-          return resolve();
-        });
-        return null;
-      });
-    });
-  });
-
-  it('should call next if user was not modified after cron', async () => {
-    const hpBefore = user.stats.hp;
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    await user.save();
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        expect(hpBefore).to.equal(user.stats.hp);
-        return resolve();
-      });
-    });
-  });
-
-  it('runs cron if previous cron was incomplete', async () => {
-    user.lastCron = moment(new Date()).subtract({ days: 1 });
-    user.auth.timestamps.loggedin = moment(new Date()).subtract({ days: 4 });
-    const now = new Date();
-    await user.save();
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        expect(moment(now).isSame(user.lastCron, 'day'));
-        expect(moment(now).isSame(user.auth.timestamps.loggedin, 'day'));
-        return resolve();
-      });
-    });
-  });
-
-  it('updates user.auth.timestamps.loggedin and lastCron', async () => {
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    const now = new Date();
-    await user.save();
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        expect(moment(now).isSame(user.lastCron, 'day'));
-        expect(moment(now).isSame(user.auth.timestamps.loggedin, 'day'));
-        return resolve();
-      });
-    });
-  });
-
-  it('does damage for missing dailies', async () => {
-    const hpBefore = user.stats.hp;
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    const daily = generateDaily(user);
-    daily.startDate = moment(new Date()).subtract({ days: 2 });
-    await daily.save();
-    await user.save();
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        return User.findOne({ _id: user._id }).then(updatedUser => {
-          expect(updatedUser.stats.hp).to.be.lessThan(hpBefore);
-          return resolve();
-        });
-      });
-    });
-  });
-
-  it('updates tasks', async () => {
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    const todo = generateTodo(user);
-    const todoValueBefore = todo.value;
-    await Promise.all([todo.save(), user.save()]);
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        return Tasks.Task.findOne({ _id: todo._id }).then(todoFound => {
-          expect(todoFound.value).to.be.lessThan(todoValueBefore);
-          return resolve();
-        });
-      });
-    });
-  });
-
-  it('applies quest progress', async () => {
-    const hpBefore = user.stats.hp;
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    const daily = generateDaily(user);
-    daily.startDate = moment(new Date()).subtract({ days: 2 });
-    await daily.save();
-
-    const questKey = 'dilatory';
-    user.party.quest.key = questKey;
-
-    const party = new Group({
-      type: 'party',
-      name: generateUUID(),
-      leader: user._id,
-    });
-    party.quest.members[user._id] = true;
-    party.quest.key = questKey;
-    await party.save();
-
-    user.party._id = party._id;
-    await user.save();
-
-    party.startQuest(user);
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        return User.findOne({ _id: user._id }).then(updatedUser => {
-          expect(updatedUser.stats.hp).to.be.lessThan(hpBefore);
-          return resolve();
-        });
-      });
-    });
-  });
-
-  it('recovers from failed cron and does not error when user is already cronning', async () => {
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    await user.save();
-
-    const updatedUser = user.toObject();
-    updatedUser.matchedCount = 0;
-
-    sandbox.spy(cronLib, 'recoverCron');
-
-    sandbox.stub(User, 'updateOne')
-      .withArgs({
-        _id: user._id,
-        $or: [
-          { _cronSignature: 'NOT_RUNNING' },
-          { _cronSignature: { $lt: sinon.match.number } },
-        ],
-      })
-      .returns({
-        exec () {
-          return Promise.resolve(updatedUser);
-        },
-      });
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        expect(cronLib.recoverCron).to.be.calledOnce;
-
-        return resolve();
-      });
-    });
-  });
-
-  it('cronSignature less than an hour ago should error', async () => {
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    const now = new Date();
-    await User.updateOne({
-      _id: user._id,
-    }, {
-      $set: {
-        _cronSignature: now.getTime() - CRON_TIMEOUT_WAIT + CRON_TIMEOUT_UNIT,
-      },
-    }).exec();
-    await user.save();
-    const expectedErrMessage = `Impossible to recover from cron for user ${user._id}.`;
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (!err) return reject(new Error('Cron should have failed.'));
-        expect(err.message).to.be.equal(expectedErrMessage);
-        return resolve();
-      });
-    });
-  });
-
-  it('cronSignature longer than an hour ago should allow cron', async () => {
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    const now = new Date();
-    await User.updateOne({
-      _id: user._id,
-    }, {
-      $set: {
-        _cronSignature: now.getTime() - CRON_TIMEOUT_WAIT - CRON_TIMEOUT_UNIT,
-      },
-    }).exec();
-    await user.save();
-
-    await new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        expect(moment(now).isSame(user.auth.timestamps.loggedin, 'day'));
-        expect(user._cronSignature).to.be.equal('NOT_RUNNING');
-        return resolve();
-      });
-    });
-  });
-
-  it('cron should not run more than once', async () => {
-    user.lastCron = moment(new Date()).subtract({ days: 2 });
-    await user.save();
-
-    sandbox.spy(cronLib, 'cron');
-
-    await Promise.all([new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        return resolve();
-      });
-    }), new Promise((resolve, reject) => {
-      cronMiddleware(req, res, err => {
-        if (err) return reject(err);
-        return resolve();
-      });
-    }), new Promise((resolve, reject) => {
-      setTimeout(() => {
-        cronMiddleware(req, res, err => {
-          if (err) return reject(err);
-          return resolve();
-        });
-      }, 400);
-    }),
-    ]);
-
-    expect(cronLib.cron).to.be.calledOnce;
-  });
-});
--- a/test/api/unit/middlewares/ipBlocker.test.js
+++ b/test/api/unit/middlewares/ipBlocker.test.js
@@ -1,76 +0,0 @@
-import nconf from 'nconf';
-import requireAgain from 'require-again';
-import {
-  generateRes,
-  generateReq,
-  generateNext,
-} from '../../../helpers/api-unit.helper';
-import { Forbidden } from '../../../../website/server/libs/errors';
-import { apiError } from '../../../../website/server/libs/apiError';
-
-function checkErrorThrown (next) {
-  expect(next).to.have.been.calledOnce;
-  const calledWith = next.getCall(0).args;
-  expect(calledWith[0].message).to.equal(apiError('ipAddressBlocked'));
-  expect(calledWith[0] instanceof Forbidden).to.equal(true);
-}
-
-function checkErrorNotThrown (next) {
-  expect(next).to.have.been.calledOnce;
-  const calledWith = next.getCall(0).args;
-  expect(typeof calledWith[0] === 'undefined').to.equal(true);
-}
-
-describe('ipBlocker middleware', () => {
-  const pathToIpBlocker = '../../../../website/server/middlewares/ipBlocker';
-
-  let res; let req; let next;
-
-  beforeEach(() => {
-    res = generateRes();
-    req = generateReq();
-    next = generateNext();
-  });
-
-  it('is disabled when the env var is not defined', () => {
-    sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns(undefined);
-    const attachIpBlocker = requireAgain(pathToIpBlocker).default;
-    attachIpBlocker(req, res, next);
-
-    checkErrorNotThrown(next);
-  });
-
-  it('is disabled when the env var is an empty string', () => {
-    sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('');
-    const attachIpBlocker = requireAgain(pathToIpBlocker).default;
-    attachIpBlocker(req, res, next);
-
-    checkErrorNotThrown(next);
-  });
-
-  it('is disabled when the env var contains comma separated empty strings', () => {
-    sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns(' , , ');
-    const attachIpBlocker = requireAgain(pathToIpBlocker).default;
-    attachIpBlocker(req, res, next);
-
-    checkErrorNotThrown(next);
-  });
-
-  it('does not throw when the ip does not match', () => {
-    req.ip = '192.168.1.1';
-    sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('192.168.1.2');
-    const attachIpBlocker = requireAgain(pathToIpBlocker).default;
-    attachIpBlocker(req, res, next);
-
-    checkErrorNotThrown(next);
-  });
-
-  it('throws when the ip is blocked', () => {
-    req.ip = '192.168.1.1';
-    sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('192.168.1.1');
-    const attachIpBlocker = requireAgain(pathToIpBlocker).default;
-    attachIpBlocker(req, res, next);
-
-    checkErrorThrown(next);
-  });
-});
--- a/test/api/unit/models/user.test.js
+++ b/test/api/unit/models/user.test.js
@@ -1,9 +1,13 @@
 import moment from 'moment';
+import requireAgain from 'require-again';
 import { model as User } from '../../../../website/server/models/user';
 import { model as NewsPost } from '../../../../website/server/models/newsPost';
 import { model as Group } from '../../../../website/server/models/group';
+import { model as Blocker } from '../../../../website/server/models/blocker';
 import common from '../../../../website/common';

+const pathToUserSchema = '../../../../website/server/models/user/schema';
+
 describe('User Model', () => {
  describe('.toJSON()', () => {
    it('keeps user._tmp when calling .toJSON', () => {
@@ -912,4 +916,73 @@ describe('User Model', () => {
      expect(user.toJSON().flags.newStuff).to.equal(true);
    });
  });
+
+  describe('validates email', () => {
+    it('does not throw an error for a valid email', () => {
+      const user = new User();
+      user.auth.local.email = 'hello@example.com';
+      const errors = user.validateSync();
+      expect(errors.errors['auth.local.email']).to.not.exist;
+    });
+
+    it('throws an error if email is not valid', () => {
+      const user = new User();
+      user.auth.local.email = 'invalid-email';
+      const errors = user.validateSync();
+      expect(errors.errors['auth.local.email'].message).to.equal(common.i18n.t('invalidEmail'));
+    });
+
+    it('throws an error if email is using a restricted domain', () => {
+      const user = new User();
+      user.auth.local.email = 'scammer@habitica.com';
+      const errors = user.validateSync();
+      expect(errors.errors['auth.local.email'].message).to.equal(common.i18n.t('invalidEmailDomain', { domains: 'habitica.com, habitrpg.com' }));
+    });
+
+    it('throws an error if email was blocked specifically', () => {
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          callback({ operation: 'add', blocker: { type: 'email', area: 'full', value: 'blocked@example.com' } });
+        },
+      });
+      const schema = requireAgain(pathToUserSchema).UserSchema;
+      const valid = schema.paths['auth.local.email'].options.validate.every(v => v.validator('blocked@example.com'));
+      expect(valid).to.equal(false);
+    });
+
+    it('throws an error if email domain was blocked', () => {
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          callback({ operation: 'add', blocker: { type: 'email', area: 'full', value: '@example.com' } });
+        },
+      });
+      const schema = requireAgain(pathToUserSchema).UserSchema;
+      const valid = schema.paths['auth.local.email'].options.validate.every(v => v.validator('blocked@example.com'));
+      expect(valid).to.equal(false);
+    });
+
+    it('throws an error if user portion of email was blocked', () => {
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          callback({ operation: 'add', blocker: { type: 'email', area: 'full', value: 'blocked@' } });
+        },
+      });
+      const schema = requireAgain(pathToUserSchema).UserSchema;
+      const valid = schema.paths['auth.local.email'].options.validate.every(v => v.validator('blocked@example.com'));
+      expect(valid).to.equal(false);
+    });
+
+    it('does not throw an error if email is not blocked', () => {
+      sandbox.stub(Blocker, 'watchBlockers').returns({
+        on: (event, callback) => {
+          callback({ operation: 'add', blocker: { type: 'email', area: 'full', value: '@example.com' } });
+          callback({ operation: 'add', blocker: { type: 'email', area: 'full', value: 'blocked@' } });
+          callback({ operation: 'add', blocker: { type: 'email', area: 'full', value: 'bad@test.com' } });
+        },
+      });
+      const schema = requireAgain(pathToUserSchema).UserSchema;
+      const valid = schema.paths['auth.local.email'].options.validate.every(v => v.validator('good@test.com'));
+      expect(valid).to.equal(true);
+    });
+  });
 });
--- a/test/api/v3/integration/content/GET-content.test.js
+++ b/test/api/v3/integration/content/GET-content.test.js
@@ -1,6 +1,7 @@
 import {
  requester,
  translate as t,
+  generateUser,
 } from '../../../../helpers/api-integration/v3';
 import i18n from '../../../../../website/common/script/i18n';

@@ -56,4 +57,28 @@ describe('GET /content', () => {
    const res = await requester().get('/content?filter=backgroundsFlat,invalid');
    expect(res).to.not.have.property('backgroundsFlat');
  });
+
+  describe('authenticated user', () => {
+    let user;
+    it('returns content in user\'s preferred language when no language parameter is provided', async () => {
+      user = await generateUser({ 'preferences.language': 'de' });
+      const res = await user.get('/content');
+      expect(res).to.have.nested.property('backgrounds.backgrounds062014.beach');
+      expect(res.backgrounds.backgrounds062014.beach.text).to.equal(i18n.t('backgroundBeachText', 'de'));
+    });
+
+    it('respects language parameter over user\'s preferred language', async () => {
+      user = await generateUser({ 'preferences.language': 'de' });
+      const res = await user.get('/content?language=fr');
+      expect(res).to.have.nested.property('backgrounds.backgrounds062014.beach');
+      expect(res.backgrounds.backgrounds062014.beach.text).to.equal(i18n.t('backgroundBeachText', 'fr'));
+    });
+
+    it('falls back to English if user\'s preferred language is invalid', async () => {
+      user = await generateUser({ 'preferences.language': 'invalid_lang' });
+      const res = await user.get('/content');
+      expect(res).to.have.nested.property('backgrounds.backgrounds062014.beach');
+      expect(res.backgrounds.backgrounds062014.beach.text).to.equal(t('backgroundBeachText'));
+    });
+  });
 });
--- a/test/api/v3/integration/tasks/GET-tasks_user.test.js
+++ b/test/api/v3/integration/tasks/GET-tasks_user.test.js
@@ -101,34 +101,6 @@ describe('GET /tasks/user', () => {
    expect(allCompletedTodos[allCompletedTodos.length - 1].text).to.equal('todo to complete 2');
  });

-  it('returns only some completed todos if req.query.type is "completedTodos" or "_allCompletedTodos"', async () => {
-    const LIMIT = 30;
-    const numberOfTodos = LIMIT + 1;
-    const todosInput = [];
-
-    for (let i = 0; i < numberOfTodos; i += 1) {
-      todosInput[i] = { text: `todo to complete ${i}`, type: 'todo' };
-    }
-    const todos = await user.post('/tasks/user', todosInput);
-    await user.sync();
-    const initialTodoCount = user.tasksOrder.todos.length;
-
-    for (let i = 0; i < numberOfTodos; i += 1) {
-      const id = todos[i]._id;
-
-      await user.post(`/tasks/${id}/score/up`); // eslint-disable-line no-await-in-loop
-    }
-    await user.sync();
-
-    expect(user.tasksOrder.todos.length).to.equal(initialTodoCount - numberOfTodos);
-
-    const completedTodos = await user.get('/tasks/user?type=completedTodos');
-    expect(completedTodos.length).to.equal(LIMIT);
-
-    const allCompletedTodos = await user.get('/tasks/user?type=_allCompletedTodos');
-    expect(allCompletedTodos.length).to.equal(numberOfTodos);
-  });
-
  it('returns dailies with isDue for the date specified', async () => {
    // @TODO Add required format
    const startDate = moment().subtract('1', 'days').toISOString();
--- a/test/api/v3/integration/user/auth/GET-user_auth_apple.test.js
+++ b/test/api/v3/integration/user/auth/GET-user_auth_apple.test.js
@@ -25,7 +25,7 @@ describe('GET /user/auth/apple', () => {
  });

  it('registers a new user', async () => {
-    const response = await api.get(appleEndpoint);
+    const response = await api.get(`${appleEndpoint}?allowRegister=true`);

    expect(response.apiToken).to.exist;
    expect(response.id).to.exist;
@@ -35,7 +35,7 @@ describe('GET /user/auth/apple', () => {
  });

  it('logs an existing user in', async () => {
-    const registerResponse = await api.get(appleEndpoint);
+    const registerResponse = await api.get(`${appleEndpoint}?allowRegister=true`);

    const response = await api.get(appleEndpoint);

--- a/test/api/v3/integration/user/auth/POST-auth_reset-password-set-new-one.js
+++ b/test/api/v3/integration/user/auth/POST-auth_reset-password-set-new-one.js
@@ -238,6 +238,28 @@ describe('POST /user/auth/reset-password-set-new-one', () => {
    expect(isPassValid).to.equal(true);
  });

+  it('changes the apiToken on password reset', async () => {
+    const user = await generateUser();
+    const previousToken = user.apiToken;
+
+    const code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({ days: 1 }),
+    }));
+    await user.updateOne({
+      'auth.local.passwordResetCode': code,
+    });
+
+    await api.post(`${endpoint}`, {
+      newPassword: 'my new password',
+      confirmPassword: 'my new password',
+      code,
+    });
+
+    await user.sync();
+    expect(user.apiToken).to.not.eql(previousToken);
+  });
+
  it('renders the success page and convert the password from sha1 to bcrypt', async () => {
    const user = await generateUser();

--- a/test/api/v3/integration/user/auth/POST-login-local.test.js
+++ b/test/api/v3/integration/user/auth/POST-login-local.test.js
@@ -110,6 +110,18 @@ describe('POST /user/auth/local/login', () => {
    expect(isValidPassword).to.equal(true);
  });

+  it('sets auth.timestamps.updated', async () => {
+    const oldUpdated = new Date(user.auth.timestamps.updated);
+    // login
+    await api.post(endpoint, {
+      username: user.auth.local.email,
+      password,
+    });
+
+    await user.sync();
+    expect(user.auth.timestamps.updated).to.be.greaterThan(oldUpdated);
+  });
+
  it('user uses social authentication and has no password', async () => {
    await user.unset({
      'auth.local.hashed_password': 1,
--- a/test/api/v3/integration/user/auth/POST-user_auth_social.test.js
+++ b/test/api/v3/integration/user/auth/POST-user_auth_social.test.js
@@ -6,6 +6,7 @@ import {
  translate as t,
  getProperty,
 } from '../../../../../helpers/api-integration/v3';
+import apiErrorMessages from '../../../../../../website/common/script/errors/apiErrorMessages';

 describe('POST /user/auth/social', () => {
  let api;
@@ -64,6 +65,18 @@ describe('POST /user/auth/social', () => {
      await expect(getProperty('users', response.id, 'profile.name')).to.eventually.equal('a google user');
    });

+    it('fails if allowRegister is false and user does not exist', async () => {
+      await expect(api.post(endpoint, {
+        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
+        network,
+        allowRegister: false,
+      })).to.eventually.be.rejected.and.eql({
+        code: 404,
+        error: 'NotFound',
+        message: `${apiErrorMessages.socialFlowUserNotFound} ${user.auth.local.username}+google@example.com`,
+      });
+    });
+
    it('logs an existing user in', async () => {
      const registerResponse = await api.post(endpoint, {
        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
@@ -131,6 +144,36 @@ describe('POST /user/auth/social', () => {
      expect(response.newUser).to.be.false;
    });

+    it('logs an existing user into their social account if allowRegister is false', async () => {
+      const registerResponse = await api.post(endpoint, {
+        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
+        network,
+      });
+      expect(registerResponse.newUser).to.be.true;
+      // This is important for existing accounts before the new social handling
+      passport._strategies.google.userProfile.restore();
+      const expectedResult = {
+        id: randomGoogleId,
+        displayName: 'a google user',
+        emails: [
+          { value: user.auth.local.email },
+        ],
+      };
+      sandbox.stub(passport._strategies.google, 'userProfile').yields(null, expectedResult);
+
+      const response = await api.post(endpoint, {
+        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
+        network,
+        allowRegister: false,
+      });
+
+      expect(response.apiToken).to.eql(registerResponse.apiToken);
+      expect(response.id).to.eql(registerResponse.id);
+      expect(response.apiToken).not.to.eql(user.apiToken);
+      expect(response.id).not.to.eql(user._id);
+      expect(response.newUser).to.be.false;
+    });
+
    it('add social auth to an existing user', async () => {
      const response = await user.post(endpoint, {
        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
@@ -167,5 +210,24 @@ describe('POST /user/auth/social', () => {

      await expect(getProperty('users', user._id, '_ABtests')).to.eventually.be.a('object');
    });
+
+    it('sets auth.timestamps.updated', async () => {
+      let oldUpdated = new Date(user.auth.timestamps.updated);
+      await user.post(endpoint, {
+        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
+        network,
+      });
+      await user.sync();
+      expect(user.auth.timestamps.updated).to.be.greaterThan(oldUpdated);
+      oldUpdated = new Date(user.auth.timestamps.updated);
+
+      // Do it again to ensure it updates even when nothing else changes
+      await api.post(endpoint, {
+        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
+        network,
+      });
+      await user.sync();
+      expect(user.auth.timestamps.updated).to.be.greaterThan(oldUpdated);
+    });
  });
 });
--- a/test/api/v3/integration/user/auth/PUT-user_update_password.test.js
+++ b/test/api/v3/integration/user/auth/PUT-user_update_password.test.js
@@ -27,11 +27,30 @@ describe('PUT /user/auth/update-password', async () => {
      newPassword,
      confirmPassword: newPassword,
    });
-    expect(response).to.eql({});
+
+    expect(response).to.exist;
+    expect(response.apiToken).to.exist;
+
    await user.sync();
    expect(user.auth.local.hashed_password).to.not.eql(previousHashedPassword);
  });

+  it('should change the apiToken on password change', async () => {
+    const previousToken = user.apiToken;
+    const response = await user.put(ENDPOINT, {
+      password,
+      newPassword,
+      confirmPassword: newPassword,
+    });
+
+    const newToken = response.apiToken;
+    expect(newToken).to.exist;
+
+    await user.sync();
+    expect(user.apiToken).to.eql(newToken);
+    expect(user.apiToken).to.not.eql(previousToken);
+  });
+
  it('returns an error when confirmPassword does not match newPassword', async () => {
    await expect(user.put(ENDPOINT, {
      password,
--- a/test/api/v4/user/auth/POST-check_email.test.js
+++ b/test/api/v4/user/auth/POST-check_email.test.js
@@ -0,0 +1,66 @@
+import {
+  translate as t,
+  requester,
+  generateUser,
+} from '../../../../helpers/api-integration/v4';
+
+const ENDPOINT = '/user/auth/check-email';
+
+describe('POST /user/auth/check-email', () => {
+  const email = 'SOmE-nEw-emAIl_2@example.net';
+  let api;
+
+  beforeEach(async () => {
+    api = requester();
+  });
+
+  it('returns email if it is not used yet', async () => {
+    const response = await api.post(ENDPOINT, {
+      email,
+    });
+    expect(response.email).to.eql(email);
+    expect(response.valid).to.be.true;
+  });
+
+  it('rejects if email is not provided', async () => {
+    await expect(api.post(ENDPOINT, {
+    })).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: 'Invalid request parameters.',
+    });
+  });
+
+  it('rejects if email is already taken', async () => {
+    const user = await generateUser();
+
+    const response = await api.post(ENDPOINT, {
+      email: user.auth.local.email,
+    });
+    expect(response).to.eql({
+      valid: false,
+      email: user.auth.local.email,
+      error: t('cannotFulfillReq'),
+    });
+  });
+
+  it('rejects if casing is different', async () => {
+    const user = await generateUser();
+
+    const response = await api.post(ENDPOINT, {
+      email: user.auth.local.email.toUpperCase(),
+    });
+    expect(response).to.eql({
+      valid: false,
+      email: user.auth.local.email.toUpperCase(),
+      error: t('cannotFulfillReq'),
+    });
+  });
+
+  it('rejects if email uses restricted domain', async () => {
+    const response = await api.post(ENDPOINT, {
+      email: 'fake@habitica.com',
+    });
+    expect(response.valid).to.be.false;
+  });
+});
--- a/test/content/schedule.test.js
+++ b/test/content/schedule.test.js
@@ -133,21 +133,21 @@ describe('Content Schedule', () => {
  });

  it('sets the end date for a gala', () => {
-    const date = new Date('2024-05-20');
+    const date = new Date('2024-05-31');
    const matchers = getAllScheduleMatchingGroups(date);
-    expect(matchers.seasonalGear.end).to.eql(moment.utc(`2024-06-21T${String(switchoverTime).padStart(2, '0')}:00:00.000Z`).toDate());
+    expect(matchers.seasonalGear.end).to.eql(moment.utc(`2024-06-01T${String(switchoverTime).padStart(2, '0')}:00:00.000Z`).toDate());
  });

  it('sets the end date for a winter gala', () => {
-    const date = new Date('2024-12-22');
+    const date = new Date('2025-02-28');
    const matchers = getAllScheduleMatchingGroups(date);
-    expect(matchers.seasonalGear.end).to.eql(moment.utc(`2025-03-21T${String(switchoverTime).padStart(2, '0')}:00:00.000Z`).toDate());
+    expect(matchers.seasonalGear.end).to.eql(moment.utc(`2025-03-01T${String(switchoverTime).padStart(2, '0')}:00:00.000Z`).toDate());
  });

  it('sets the end date in new year for a winter gala', () => {
-    const date = new Date('2025-01-04');
+    const date = new Date('2025-02-28');
    const matchers = getAllScheduleMatchingGroups(date);
-    expect(matchers.seasonalGear.end).to.eql(moment.utc(`2025-03-21T${String(switchoverTime).padStart(2, '0')}:00:00.000Z`).toDate());
+    expect(matchers.seasonalGear.end).to.eql(moment.utc(`2025-03-01T${String(switchoverTime).padStart(2, '0')}:00:00.000Z`).toDate());
  });

  it('uses correct date for first hours of the month', () => {
@@ -190,7 +190,7 @@ describe('Content Schedule', () => {
    const date = new Date('2024-04-15');
    const matchers = getAllScheduleMatchingGroups(date);
    expect(matchers.premiumHatchingPotions).to.exist;
-    expect(matchers.premiumHatchingPotions.items.length).to.equal(5);
+    expect(matchers.premiumHatchingPotions.items.length).to.equal(6);
    expect(matchers.premiumHatchingPotions.items.indexOf('Veggie')).to.not.equal(-1);
    expect(matchers.premiumHatchingPotions.items.indexOf('Porcelain')).to.not.equal(-1);
  });
--- a/test/content/shop-featuredItems.test.js
+++ b/test/content/shop-featuredItems.test.js
@@ -18,7 +18,7 @@ describe('Shop Featured Items', () => {
    });

    it('contains the current premium hatching potions', () => {
-      clock = Sinon.useFakeTimers(new Date('2024-04-08'));
+      clock = Sinon.useFakeTimers(new Date('2024-04-09'));
      const items = featuredItems.market();
      expect(_.find(items, item => item.path === 'premiumHatchingPotions.Porcelain')).to.exist;
    });
--- a/test/helpers/globals.helper.js
+++ b/test/helpers/globals.helper.js
@@ -19,6 +19,6 @@ const sinonStubPromise = require('sinon-stub-promise');
 sinonStubPromise(global.sinon);
 global.sandbox = sinon.createSandbox();

-const setupNconf = require('../../website/server/libs/setupNconf');
+const setupNconf = require('../../website/server/libs/setupNconf').default;

 setupNconf('./config.json.example');
--- a/test/helpers/mongo.js
+++ b/test/helpers/mongo.js
@@ -74,15 +74,10 @@ export async function getDocument (collectionName, doc) {
 }

 before(done => {
-  mongoose.connection.on('open', err => {
-    if (err) return done(err);
-    return resetHabiticaDB()
-      .then(() => {
-        done();
-      })
-      .catch(error => {
-        throw error;
-      });
+  mongoose.connection.once('open', async err => {
+    if (err) throw err;
+    await resetHabiticaDB();
+    done();
  });
 });

--- a/test/helpers/start-server.js
+++ b/test/helpers/start-server.js
@@ -3,7 +3,7 @@

 const nconf = require('nconf');
 const mongoose = require('mongoose');
-const setupNconf = require('../../website/server/libs/setupNconf');
+const setupNconf = require('../../website/server/libs/setupNconf').default;

 // fix further imports of require/import syntaxes
 require('@babel/register');
--- a/website/client/.eslintrc.js
+++ b/website/client/.eslintrc.js
@@ -3,6 +3,7 @@ module.exports = {
  root: true,
  env: {
    node: true,
+    es2021: true,
  },
  extends: [
    'habitrpg/lib/vue',
@@ -39,7 +40,4 @@ module.exports = {
      order: ['template', 'style', 'script'],
    }],
  },
-  parserOptions: {
-    parser: 'babel-eslint',
-  },
 };
--- a/website/client/babel.config.js
+++ b/website/client/babel.config.js
@@ -1,9 +0,0 @@
-/* eslint-disable import/no-commonjs */
-module.exports = {
-  presets: [
-    '@vue/cli-plugin-babel/preset',
-  ],
-  plugins: [
-    '@babel/plugin-proposal-optional-chaining',
-  ],
-};
--- a/website/client/public/index.html
+++ b/website/client/public/index.html
@@ -12,6 +12,7 @@
    <link rel="shortcut icon" sizes="192x192" href="/static/icons/favicon_192x192.png">
    <link rel="mask-icon" href="/static/icons/favicon.ico">
    <meta property="og:image" content="/static/emails/images/meta-image.png" />
+    <script type="module" src="/src/main.js"></script>
  </head>
  <body>
    <div id="loading-screen">
@@ -28,10 +29,9 @@
    </div>

    <div id="app"></div>
-    <!-- built files will be auto injected -->

    <script type="text/javascript" src="//cloudfront.loggly.com/js/loggly.tracker-latest.min.js" async></script>
    <!-- Translations -->
-    <script type='text/javascript' src='/api/v4/i18n/browser-script'></script>
+    <script type='text/javascript' src='/api/v4/i18n/browser-script' vite-ignore></script>
  </body>
 </html>
--- a/website/client/package-lock.json
+++ b/website/client/package-lock.json
--- a/website/client/package.json
+++ b/website/client/package.json
@@ -3,62 +3,64 @@
  "version": "1.0.0",
  "private": true,
  "scripts": {
-    "serve": "vue-cli-service serve",
-    "build": "vue-cli-service build",
-    "test:unit": "vue-cli-service test:unit --require ./tests/unit/helpers.js",
-    "lint": "vue-cli-service lint .",
-    "lint-no-fix": "vue-cli-service lint --no-fix .",
+    "serve": "vite",
+    "build": "vite build",
+    "preview": "vite preview",
+    "test:unit": "vitest run",
+    "test:unit:watch": "vitest watch",
+    "lint": "eslint --ext .js,.vue --ignore-path ../../.gitignore --fix .",
+    "lint-no-fix": "eslint --ext .js,.vue --no-fix src",
    "postinstall": "node ./scripts/npm-postinstall.js"
  },
  "dependencies": {
-    "@vue/cli-plugin-babel": "^5.0.8",
-    "@vue/cli-plugin-eslint": "^5.0.8",
-    "@vue/cli-plugin-router": "^5.0.8",
-    "@vue/cli-plugin-unit-mocha": "^5.0.8",
-    "@vue/cli-service": "^5.0.8",
+    "@froxz/vite-plugin-s3": "^1.6.0",
+    "@vitejs/plugin-vue2": "^2.3.3",
    "@vue/test-utils": "1.0.0-beta.29",
    "amplitude-js": "^8.21.3",
    "assert": "^2.1.0",
+    "autoprefixer": "^10.4.20",
    "axios": "^0.28.0",
    "axios-progress-bar": "^1.2.0",
-    "babel-eslint": "^10.1.0",
    "bootstrap": "^4.6.0",
    "bootstrap-vue": "^2.23.1",
-    "core-js": "^3.33.1",
    "eslint": "7.32.0",
    "eslint-config-habitrpg": "6.2.0",
    "eslint-plugin-mocha": "5.3.0",
    "eslint-plugin-vue": "7.20.0",
+    "ga-gtag": "^1.2.0",
    "habitica-markdown": "^3.0.0",
    "hellojs": "^1.20.0",
    "intro.js": "^7.2.0",
    "jquery": "^3.7.1",
    "lodash": "^4.17.21",
+    "markdown-it": "^14.0.0",
    "moment": "^2.29.4",
-    "moment-locales-webpack-plugin": "^1.2.0",
    "nconf": "^0.12.1",
    "sass": "^1.63.4",
-    "sass-loader": "^14.1.1",
    "sinon": "^17.0.1",
    "stopword": "^2.0.8",
    "timers-browserify": "^2.0.12",
    "uuid": "^9.0.1",
    "validator": "^13.9.0",
+    "vite": "^6.0.0",
+    "vite-plugin-compression2": "^1.3.3",
    "vue": "^2.7.10",
    "vue-fragment": "^1.6.0",
    "vue-mugen-scroll": "^0.2.6",
    "vue-router": "^3.6.5",
-    "vue-template-babel-compiler": "^2.0.0",
-    "vue-template-compiler": "^2.7.10",
    "vuedraggable": "^2.24.3",
    "vuejs-datepicker": "git://github.com/habitrpg/vuejs-datepicker.git#153d339e4dbebb73733658aeda1d5b7fcc55b0a0"
  },
  "devDependencies": {
    "@babel/plugin-proposal-optional-chaining": "^7.21.0",
+    "@vitest/browser": "^3.0.5",
    "babel-plugin-lodash": "^3.3.4",
-    "chai": "^5.1.0",
    "inspectpack": "^4.7.1",
+    "jsdom": "^26.0.0",
+    "mocha": "^11.1.0",
+    "playwright": "^1.50.1",
    "terser-webpack-plugin": "^5.3.10",
+    "vitest": "^3.0.5",
    "webpack": "^5.94.0"
  }
 }
--- a/website/client/src/app.vue
+++ b/website/client/src/app.vue
@@ -29,12 +29,14 @@
    </div>
    <snackbars />
    <router-view v-if="!isUserLoggedIn || isStaticPage" />
-    <user-main v-else />
+    <div v-else>
+      <user-main />
+    </div>
  </div>
 </template>

 <style lang='scss' scoped>
-  @import '~@/assets/scss/colors.scss';
+  @import '@/assets/scss/colors.scss';

  #loading-screen-inapp {
    #melior {
@@ -90,7 +92,7 @@
 </style>

 <style lang='scss'>
-  @import '~@/assets/scss/colors.scss';
+  @import '@/assets/scss/colors.scss';

  .modal-backdrop {
    opacity: .9 !important;
@@ -106,18 +108,17 @@
 <script>
 import axios from 'axios';

-import * as Analytics from '@/libs/analytics';
 import { mapState } from '@/libs/store';
-import userMain from '@/pages/user-main';
 import snackbars from '@/components/snackbars/notifications';
+import { LOCALSTORAGE_AUTH_KEY } from '@/libs/auth';

-const COMMUNITY_MANAGER_EMAIL = process.env.EMAILS_COMMUNITY_MANAGER_EMAIL; // eslint-disable-line
+const COMMUNITY_MANAGER_EMAIL = import.meta.env.EMAILS_COMMUNITY_MANAGER_EMAIL;

 export default {
  name: 'App',
  components: {
    snackbars,
-    userMain,
+    userMain: () => import('@/pages/user-main'),
  },
  data () {
    return {
@@ -148,10 +149,6 @@ export default {
        this.hideLoadingScreen();
      }
    });
-    this.$nextTick(() => {
-      // Load external scripts after the app has been rendered
-      Analytics.load();
-    });

    axios.interceptors.response.use(response => { // Set up Response interceptors
      // Verify that the user was not updated from another browser/app/client
@@ -210,22 +207,33 @@ export default {
        const isBanned = this.checkForBannedUser(error);
        if (isBanned === true) return null; // eslint-disable-line consistent-return

-        // Don't show errors from getting user details. These users have delete their account,
+        // Don't show errors from getting user details. These users have deleted their account,
        // but their chat message still exists.
        const configExists = Boolean(error.response) && Boolean(error.response.config);
-        if (configExists && error.response.config.method === 'get' && error.response.config.url.indexOf('/api/v4/members/') !== -1) {
-          // @TODO: We resolve the promise because we need our caching to cache this user as tried
-          // Chat paging should help this, but maybe we can also find another solution..
-          return Promise.resolve(error);
+        if (configExists) {
+          if (error.response.config.method === 'get' && error.response.config.url.indexOf('/api/v4/members/') !== -1) {
+            // @TODO: We resolve the promise because we need our caching to cache this user as tried
+            // Chat paging should help this, but maybe we can also find another solution..
+            return Promise.resolve(error);
+          }
+          // Also, a 404 occurs during routine attempt to log in with social,
+          // when we check for account already existing.
+          if (error.response.config.method === 'post' && (error.response.config.url.indexOf('/api/v4/user/auth/social') !== -1
+            || error.response.config.url.indexOf('/api/v4/user/auth/apple') !== -1)) {
+            const socialEmail = error.response.data.message.split(': ')[1];
+            if (socialEmail) {
+              window.sessionStorage.setItem('social-email', socialEmail);
+            }
+            return Promise.resolve(error);
+          }
        }

        const errorData = error.response.data;
        const errorMessage = errorData.message || errorData;
+        const errorCode = errorData.error;

-        // Check for conditions to reset the user auth
-        // TODO use a specific error like NotificationNotFound instead of checking for the string
-        const invalidUserMessage = [this.$t('invalidCredentials'), 'Missing authentication headers.'];
-        if (invalidUserMessage.indexOf(errorMessage) !== -1) {
+        // If 'invalid_credentials' signaled, force logout
+        if (error.response.status === 401 && errorCode === 'invalid_credentials') {
          this.$store.dispatch('auth:logout', { redirectToLogin: true });
          return null;
        }
@@ -268,16 +276,29 @@ export default {
    const loadingScreen = document.getElementById('loading-screen');
    if (loadingScreen) document.body.removeChild(loadingScreen);

-    if (this.isStaticPage || !this.isUserLoggedIn) {
-      this.hideLoadingScreen();
+    // Check if we need to show password change success message
+    if (sessionStorage.getItem('passwordChangeSuccess') === 'true') {
+      sessionStorage.removeItem('passwordChangeSuccess');
+      this.$store.dispatch('snackbars:add', {
+        title: 'Habitica',
+        text: this.$t('passwordSuccess'),
+        type: 'success',
+        timeout: true,
+      });
    }
+
+    this.$router.onReady(() => {
+      if (this.isStaticPage || !this.isUserLoggedIn) {
+        this.hideLoadingScreen();
+      }
+    });
  },
  methods: {
    hideLoadingScreen () {
      this.loading = false;
    },
    checkForBannedUser (error) {
-      const AUTH_SETTINGS = localStorage.getItem('habit-mobile-settings');
+      const AUTH_SETTINGS = localStorage.getItem(LOCALSTORAGE_AUTH_KEY);
      const parseSettings = JSON.parse(AUTH_SETTINGS);
      const errorMessage = error.response.data.message;

@@ -301,4 +322,3 @@ export default {
 </script>

 <style src="@/assets/scss/index.scss" lang="scss"></style>
-<style src="@/assets/scss/sprites.scss" lang="scss"></style>
--- a/website/client/src/assets/css/sprites.css
+++ b/website/client/src/assets/css/sprites.css
@@ -22,7 +22,8 @@
  height: 219px;
 }

-.Pet_HatchingPotion_Dessert, .Pet_HatchingPotion_Veggie, .Pet_HatchingPotion_Windup, .Pet_HatchingPotion_VirtualPet, .Pet_HatchingPotion_Fungi {
+.Pet_HatchingPotion_Dessert, .Pet_HatchingPotion_Veggie, .Pet_HatchingPotion_Windup,
+.Pet_HatchingPotion_VirtualPet, .Pet_HatchingPotion_Fungi, .Pet_HatchingPotion_Cryptid {
  width: 68px;
  height: 68px;
 }
@@ -47,6 +48,10 @@
  background: url("https://habitica-assets.s3.amazonaws.com/mobileApp/images/Pet_HatchingPotion_Fungi.gif") no-repeat;
 }

+.Pet_HatchingPotion_Cryptid {
+  background: url("https://habitica-assets.s3.amazonaws.com/mobileApp/images/Pet_HatchingPotion_Cryptid.gif") no-repeat;
+}
+
 .Gems {
  display:inline-block;
  margin-right:5px;
@@ -172,7 +177,7 @@
  height: 96px;
 }

-.Mount_Head_Gryphon-Gryphatrice, .Mount_Body_Gryphon-Gryphatrice {
+.Mount_Head_Gryphon-Gryphatrice, .Mount_Body_Gryphon-Gryphatrice, .Mount_Head_Dragon-Hydra, .Mount_Body_Dragon-Hydra {
  width: 135px;
  height: 135px;
 }
@@ -185,6 +190,14 @@
  background: url("https://habitica-assets.s3.amazonaws.com/mobileApp/images/BackerOnly-Mount-Body-Gryphatrice.gif") no-repeat;
 }

+.Mount_Head_Dragon-Hydra {
+  background: url("https://habitica-assets.s3.amazonaws.com/mobileApp/images/Mount_Head_Dragon-Hydra.gif") no-repeat;
+}
+
+.Mount_Body_Dragon-Hydra {
+  background: url("https://habitica-assets.s3.amazonaws.com/mobileApp/images/Mount_Body_Dragon-Hydra.gif") no-repeat;
+}
+
 .background_airship, .background_clocktower, .background_steamworks {
  width: 141px;
  height: 147px;
--- a/website/client/src/assets/css/sprites/spritesmith-main.css
+++ b/website/client/src/assets/css/sprites/spritesmith-main.css
--- a/website/client/src/assets/images/home/signup-quill@2x.png
+++ b/website/client/src/assets/images/home/signup-quill@2x.png
--- a/website/client/src/assets/scss/animals.scss
+++ b/website/client/src/assets/scss/animals.scss
@@ -19,7 +19,7 @@
  top: -16px !important;
 }

-$foolPets: Veggie, Dessert, VirtualPet, TeaShop, Fungi;
+$foolPets: Veggie, Dessert, VirtualPet, TeaShop, Fungi, Cryptid;

@each $foolPet in $foolPets {
  .Pet.Pet-FlyingPig-#{$foolPet} {
--- a/website/client/src/assets/scss/banner.scss
+++ b/website/client/src/assets/scss/banner.scss
@@ -1,5 +1,5 @@

-@import '~@/assets/scss/colors.scss';
+@import '@/assets/scss/colors.scss';

 .featured-label {
  width: auto;
--- a/website/client/src/assets/scss/bootstrap.scss
+++ b/website/client/src/assets/scss/bootstrap.scss
@@ -2,7 +2,7 @@
 $grid-gutter-width: 24px;

 // Bootstrap and its default variables
-@import 'node_modules/bootstrap/scss/bootstrap';
+@import '~/bootstrap/scss/bootstrap';

 // Bootstrap Vue styles
-@import 'node_modules/bootstrap-vue/dist/bootstrap-vue';
+@import '~/bootstrap-vue/dist/bootstrap-vue';
--- a/website/client/src/assets/scss/button.scss
+++ b/website/client/src/assets/scss/button.scss
@@ -10,7 +10,7 @@
  box-shadow: 0 1px 3px 0 rgba($black, 0.12), 0 1px 2px 0 rgba($black, 0.24);
  color: $white;

-  &:hover, &:focus {
+  &:hover:not(:disabled):not(.disabled), &:focus {
    box-shadow: 0 3px 6px 0 rgba($black, 0.16), 0 3px 6px 0 rgba($black, 0.24);

    &.btn-flat {
@@ -28,8 +28,8 @@

  &:disabled, &.disabled {
    cursor: default;
-    color: $gray-50;
-    opacity: 0.75;
+    color: $gray-200;
+    opacity: 1;
    box-shadow: none;
    background-color: $gray-700;
    border: 2px solid transparent;
@@ -164,7 +164,6 @@
  border: 2px solid transparent;
  box-shadow: 0 1px 3px 0 rgba($black, 0.16), 0 1px 3px 0 rgba($black, 0.24);

-
  &:hover:not(:disabled):not(.disabled) {
    background: $maroon-100;
    border: 2px solid transparent;
@@ -242,29 +241,32 @@
 }

 .btn-info {
-  background: $blue-50;
+  background-color: $blue-100;
+  color: $black;
+  font-weight: 700;
  border: 2px solid transparent;
-  box-shadow: 0 1px 3px 0 rgba($black, 0.16), 0 1px 3px 0 rgba($black, 0.24);
+  box-shadow: 0 1px 3px 0 rgba($black, 0.16), 0 1px 2px 0 rgba($black, 0.24);

  &:disabled {
-    background: $blue-50;
+    background-color: $white;
    box-shadow: none;
  }

-  &:hover {
+  &:hover:not(:disabled):not(.disabled) {
    border: 2px solid transparent;
    box-shadow: 0 3px 6px 0 rgba($black, 0.16), 0 3px 6px 0 rgba($black, 0.24);
  }
-
+  
  &:focus {
    background: $blue-100;
    border: 2px solid $purple-400;
    box-shadow: 0 3px 6px 0 rgba($black, 0.16), 0 3px 6px 0 rgba($black, 0.24);
+    color: $black;
  }
-
+  
  &:hover:not(:disabled):not(.disabled) {
-    background-color: $blue-100;
-    box-shadow: 0 3px 6px 0 rgba($black, 0.16), 0 3px 6px 0 rgba($black, 0.24);
+    background-color: $blue-50;
+    color: $black;
  }

  &:active:not(:disabled):not(.disabled), &.active:not(:disabled):not(.disabled) {
@@ -316,3 +318,9 @@
  line-height: 2;
  padding: 2px 2px;
 }
+
+.btn-lg {
+  font-size: 1.25rem;
+  line-height: 1.5;
+  padding: .5rem 1rem;
+}
--- a/website/client/src/assets/scss/faq.scss
+++ b/website/client/src/assets/scss/faq.scss
@@ -1,4 +1,4 @@
-@import '~@/assets/scss/colors.scss';
+@import '@/assets/scss/colors.scss';

 h1 {
  margin-top: 0px;
--- a/website/client/src/assets/scss/form.scss
+++ b/website/client/src/assets/scss/form.scss
@@ -61,13 +61,13 @@ input, textarea, input.form-control, textarea.form-control {

  &.input-valid {
    padding-right: 27px;
-    background-image: url(~@/assets/svg/for-css/check.svg);
+    background-image: url(@/assets/svg/for-css/check.svg);
    background-size: 1rem;
  }

  &.input-invalid {
    padding-right: 40px;
-    background-image: url(~@/assets/svg/for-css/alert.svg);
+    background-image: url(@/assets/svg/for-css/alert.svg);
    background-size: 16px 16px;
    border-color: $red-100 !important;
  }
@@ -239,7 +239,7 @@ $bg-disabled-control: $gray-10;
    &:checked~.custom-control-label::after {
      width: 18px;
      height: 18px;
-      background-image: url(~@/assets/svg/for-css/checkbox-white.svg);
+      background-image: url(@/assets/svg/for-css/checkbox-white.svg);
      background-size: 13px 10px;
    }

--- a/website/client/src/assets/scss/forms.scss
+++ b/website/client/src/assets/scss/forms.scss
@@ -0,0 +1,168 @@
+// Inputs and textareas
+
+input, textarea, input.form-control, textarea.form-control {
+  border-radius: 3px;
+  font-size: 14px;
+  line-height: 1.714;
+  padding: 4px 12px;
+  color: $gray-50;
+  border: 1px solid $gray-400;
+
+  &:hover:not(:disabled):not(:read-only):not(:focus):not(:disabled):not(.input-valid):not(.input-invalid):not(.dark) {
+    border-color: $gray-200;
+  }
+
+  &:active:not(:disabled):not(:read-only), &:focus:not(:disabled):not(:read-only),
+  &:active:not(:disabled):not(:read-only).dark, &:focus:not(:disabled):not(:read-only).dark {
+    border: 1px solid $purple-400;
+    outline: 1px solid $purple-400;
+    box-shadow: none;
+  }
+
+  &.input-valid {
+    padding-right: 27px;
+    background-image: url(@/assets/svg/for-css/check.svg);
+    background-size: 1rem;
+    border-color: $green-10;
+  }
+
+  &.input-invalid, .input-invalid:hover {
+    padding-right: 40px;
+    background-image: url(@/assets/svg/for-css/alert.svg);
+    background-size: 16px 16px;
+    border-color: $red-100;
+  }
+
+  &::-webkit-input-placeholder { /* Chrome/Opera/Safari */
+    color: $gray-200;
+  }
+  &::-moz-placeholder { /* Firefox 19+ */
+    color: $gray-200;
+  }
+  &:-ms-input-placeholder { /* IE 10+ */
+    color: $gray-200;
+  }
+  &:-moz-placeholder { /* Firefox 18- */
+    color: $gray-200;
+  }
+  &::placeholder { //  Standard browsers
+    color: $gray-200;
+  }
+
+  .input-invalid.input-with-error {
+    margin-bottom: 0.5em;
+  }
+
+  &.dark {
+    background-color: $purple-100;
+    color: $white;
+
+    &:not(.input-valid):not(.input-invalid) {
+      border: 1px solid $purple-300;
+    }
+
+    &:focus {
+      background-color: $purple-100;
+      color: $white;
+    }
+
+    &:hover:not(:focus):not(:disabled):not(.input-valid):not(.input-invalid) {
+      border-color: $purple-400;
+    }
+
+    &::-webkit-input-placeholder { /* Chrome/Opera/Safari */
+      color: $purple-500;
+    }
+    &::-moz-placeholder { /* Firefox 19+ */
+      color: $purple-500;
+    }
+    &:-ms-input-placeholder { /* IE 10+ */
+      color: $purple-500;
+    }
+    &:-moz-placeholder { /* Firefox 18- */
+      color: $purple-500;
+    }
+    &::placeholder { //  Standard browsers
+      color: $purple-500;
+    }
+  }
+}
+
+.input-error {
+  font-size: 12px;
+  line-height: 1.33;
+  color: $maroon-500;
+}
+
+// checkboxes
+.custom-checkbox {
+  .custom-control-label::before {
+    border-radius: 2px;
+  }
+
+  .custom-control-input {
+    &:hover~.custom-control-label::before {
+      border-color: $gray-100;
+    }
+
+    &:checked~.custom-control-label::before {
+      background-color: $purple-300;
+      border-color: $purple-300;
+    }
+
+    &:hover:checked:not(:disabled)~.custom-control-label::before,
+    &:active:not(:disabled)~.custom-control-label::before {
+      background-color: $purple-400;
+      border-color: $purple-400;
+    }
+
+    &:checked~.custom-control-label::after {
+      width: 18px;
+      height: 18px;
+      background-image: url(@/assets/svg/for-css/checkbox-white.svg);
+      background-size: 13px 10px;
+    }
+
+    &:checked:disabled~.custom-control-label::after {
+      background-image: url(@/assets/svg/for-css/checkbox-gray.svg);
+    }
+
+    &:active~.custom-control-label::before {
+      background-color: inherit;
+    }
+
+    &:focus~.custom-control-label::before,
+    &:active~.custom-control-label::before  {
+      border-color: $purple-400;
+      box-shadow: none;
+    }
+
+    &:disabled~.custom-control-label::before, &:disabled:checked~.custom-control-label::before {
+      border-color: $gray-400;
+      background-color: $gray-400;
+    }
+
+    &.dark {
+      ~.custom-control-label::before {
+        border-color: $purple-100;
+      }
+      &:hover~.custom-control-label::before,
+      &:active~.custom-control-label::before {
+        border-color: $purple-50;
+      }
+      &:checked~.custom-control-label::before {
+        background-color: $purple-100;
+        border-color: $purple-100;
+      }
+      &:focus~.custom-control-label::before,
+      &:active~.custom-control-label::before  {
+        border-color: $purple-400;
+        box-shadow: none;
+      }
+      &:disabled~.custom-control-label::before, &:disabled:checked~.custom-control-label::before {
+        border-color: $gray-400;
+        background-color: $gray-400;
+      }
+    }
+  }
+}
--- a/website/client/src/assets/scss/iconalert.scss
+++ b/website/client/src/assets/scss/iconalert.scss
@@ -29,13 +29,13 @@
 }

 .iconalert-success::before {
-  background-image: url(~@/assets/svg/for-css/checkbox-white.svg);
+  background-image: url(@/assets/svg/for-css/checkbox-white.svg);
  background-size: 13px 10px;
  background-color: #1ca372;
 }

 .iconalert-warning::before, .iconalert-error::before {
-  background-image: url(~@/assets/svg/for-css/alert-white.svg);
+  background-image: url(@/assets/svg/for-css/alert-white.svg);
  background-size: 16px 16px;
 }

--- a/website/client/src/assets/scss/modal.scss
+++ b/website/client/src/assets/scss/modal.scss
@@ -1,4 +1,4 @@
-@import '~@/assets/scss/colors.scss';
+@import '@/assets/scss/colors.scss';

 .modal {
  z-index: 1350;
--- a/website/client/src/assets/scss/privacy.scss
+++ b/website/client/src/assets/scss/privacy.scss
@@ -0,0 +1,16 @@
+.privacy-banner {
+  position: fixed;
+  bottom: 24px;
+  border-radius: 8px;
+  background-color: $white;
+  z-index: 5;
+  box-shadow: 0px 3px 6px 0px rgba(26, 24, 29, 0.16), 0px 3px 6px 0px rgba(26, 24, 29, 0.24);
+  width: calc(66vw + 96px);
+
+  @media only screen and (max-width: 992px) {
+    margin: auto 12.5%;
+  }
+  @media only screen and (min-width: 992px) {
+    margin: auto 14.5%;
+  }
+}
--- a/website/client/src/assets/scss/shops.scss
+++ b/website/client/src/assets/scss/shops.scss
@@ -46,13 +46,11 @@

    .background {
      background-repeat: repeat-x;
-
+      height:216px;
      width: 100%;
      position: absolute;
-
      top: 0;
      left: 0;
-
      display: flex;
      flex-direction: column;
      justify-content: center;
@@ -67,6 +65,13 @@
      flex-direction: column;
    }

+    .shop-message {
+      position: relative;
+      height: 76px;
+      margin: 71px auto;
+      width: 240px;
+    }
+    
    .npc {
      position: absolute;
      left: 0;
--- a/website/client/src/assets/scss/static.scss
+++ b/website/client/src/assets/scss/static.scss
@@ -1,4 +1,4 @@
-@import '~@/assets/scss/colors.scss';
+@import '@/assets/scss/colors.scss';

 .container-fluid.static-view {
  margin: 5em 2em 0 2em;
@@ -14,7 +14,7 @@
    color: $purple-200;
  }

-  li, p {
+  li, p:not(.purple-600) {
    font-size: 16px;
  }

--- a/website/client/src/assets/scss/typography.scss
+++ b/website/client/src/assets/scss/typography.scss
@@ -111,6 +111,10 @@ h4 {
  background-color: $green-100 !important;
 }

+.bg-purple-50 {
+  background-color: $purple-50 !important;
+}
+
 .bg-purple-100 {
  background-color: $purple-100 !important;
 }
@@ -131,6 +135,10 @@ h4 {
  color: $gray-50 !important;
 }

+.gray-100 {
+  color: $gray-100 !important;
+}
+
 .gray-200 {
  color: $gray-200 !important;
 }
--- a/website/client/src/assets/svg/for-css/checkbox-gray.svg
+++ b/website/client/src/assets/svg/for-css/checkbox-gray.svg
@@ -0,0 +1,3 @@
+<svg xmlns="http://www.w3.org/2000/svg"  viewBox="0 0 13 10">
+    <path fill="#878190" fill-rule="evenodd" d="M4.662 9.832c-.312 0-.61-.123-.83-.344L0 5.657l1.662-1.662 2.934 2.934L10.534 0l1.785 1.529-6.764 7.893a1.182 1.182 0 0 1-.848.409l-.045.001"/>
+</svg>
--- a/website/client/src/assets/svg/habitica-logo.svg
+++ b/website/client/src/assets/svg/habitica-logo.svg
@@ -1,5 +1,5 @@
-<svg width="217" height="48" viewBox="0 0 217 48" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M108.785 0.0195312C106.343 0.0195312 104.355 1.99967 104.355 4.44184C104.355 6.88401 106.343 8.86415 108.785 8.86415C111.227 8.86415 113.215 6.87668 113.215 4.44184C113.215 2.007 111.227 0.0195312 108.785 0.0195312Z" fill="#FF6165"/>
-<path d="M148.564 0.0195312C146.121 0.0195312 144.134 1.99967 144.134 4.44184C144.134 6.88401 146.121 8.86415 148.564 8.86415C151.006 8.86415 152.993 6.87668 152.993 4.44184C152.993 2.007 151.006 0.0195312 148.564 0.0195312Z" fill="#50B5E9"/>
-<path d="M184.2 42.1989C181.332 45.8879 177.005 48 172.319 48C164.355 48 157.776 41.8176 157.344 33.9264C157.322 33.5303 157.322 28.8367 157.322 28.7927C157.322 20.5788 164.047 13.8976 172.319 13.8976C176.411 13.8976 180.379 15.5917 183.195 18.54C184.053 19.4347 184.515 20.6154 184.478 21.8548C184.449 23.0943 183.928 24.2457 183.019 25.0964C181.156 26.8565 178.201 26.7759 176.426 24.9277C175.341 23.7983 173.881 23.1749 172.312 23.1749C169.188 23.1749 166.65 25.6904 166.65 28.7853C166.65 29.2694 166.65 32.995 166.665 33.5083C166.841 36.4052 169.327 38.7154 172.312 38.7154C174.087 38.7154 175.722 37.916 176.8 36.5225C178.369 34.4984 181.31 34.1244 183.342 35.6865C184.332 36.4419 184.962 37.5346 185.124 38.7667C185.285 39.9988 184.948 41.2162 184.192 42.1989H184.2ZM216.82 18.4739V43.4164C216.82 45.9392 214.774 47.9927 212.258 47.9927C210.916 47.9927 209.669 47.3986 208.819 46.4159C206.787 47.45 204.543 47.9927 202.262 47.9927C194.533 47.9927 188.145 41.9129 187.727 34.1464C187.705 33.7577 187.705 29.152 187.705 29.1007C187.705 21.0261 194.239 14.4623 202.262 14.4623C204.419 14.4623 206.545 14.9537 208.503 15.8924C209.332 14.6677 210.726 13.8903 212.266 13.8903C214.781 13.8903 216.827 15.9438 216.827 18.4666L216.82 18.4739ZM207.689 33.721C207.697 33.1196 207.704 29.5774 207.704 29.108C207.704 26.0791 205.262 23.6223 202.262 23.6223C199.263 23.6223 196.821 26.0865 196.821 29.108C196.821 29.5701 196.821 33.2443 196.836 33.7577C197.004 36.5812 199.395 38.84 202.262 38.84C205.13 38.84 207.506 36.5959 207.689 33.721ZM63.3042 18.4739V43.4164C63.3042 45.9392 61.2581 47.9927 58.7426 47.9927C57.4006 47.9927 56.1539 47.3986 55.3032 46.4159C53.2717 47.45 51.0276 47.9927 48.7469 47.9927C41.0099 47.9927 34.6296 41.9129 34.2115 34.1464C34.1895 33.8017 34.1895 30.2008 34.1895 29.1007C34.1895 21.0261 40.7238 14.4623 48.7469 14.4623C50.903 14.4623 53.0371 14.9537 54.9878 15.8924C55.8165 14.6677 57.2099 13.8903 58.75 13.8903C61.2654 13.8903 63.3115 15.9438 63.3115 18.4666L63.3042 18.4739ZM48.7469 23.6223C45.7474 23.6223 43.3053 26.0865 43.3053 29.108C43.3053 29.5847 43.3053 33.237 43.32 33.7503C43.4886 36.5812 45.8794 38.84 48.7469 38.84C51.6143 38.84 53.9904 36.5959 54.1738 33.721C54.1811 33.1196 54.1884 29.5847 54.1884 29.108C54.1884 26.0791 51.7463 23.6223 48.7469 23.6223ZM108.78 14.1396C106.338 14.1396 104.351 16.1931 104.351 18.716V43.4164C104.351 45.9392 106.338 47.9927 108.78 47.9927C111.222 47.9927 113.21 45.9392 113.21 43.4164V18.716C113.21 16.1931 111.222 14.1396 108.78 14.1396ZM148.558 14.1396C146.116 14.1396 144.129 16.1931 144.129 18.716V43.4164C144.129 45.9392 146.116 47.9927 148.558 47.9927C151 47.9927 152.988 45.9392 152.988 43.4164V18.716C152.988 16.1931 151 14.1396 148.558 14.1396ZM98.7551 28.866C98.7551 28.91 98.7551 33.5817 98.7331 33.9704C98.3151 41.8396 91.9275 48 84.1978 48C81.917 48 79.6729 47.45 77.6415 46.4012C76.7908 47.3986 75.5441 48 74.1947 48C71.6792 48 69.6331 45.9245 69.6331 43.3797V4.62032C69.6331 2.07548 71.6792 0 74.1947 0C76.7101 0 78.7562 2.07548 78.7562 4.62032V15.1224C80.487 14.411 82.3351 14.037 84.1978 14.037C92.2282 14.037 98.7551 20.6888 98.7551 28.866ZM84.1978 23.285C81.1983 23.285 78.7562 25.7858 78.7562 28.866C78.7562 29.35 78.7562 33.0536 78.7709 33.5743C78.9469 36.4565 81.3303 38.752 84.1978 38.752C87.0653 38.752 89.434 36.4712 89.6247 33.5523C89.6247 32.929 89.6394 29.328 89.6394 28.866C89.6394 25.7858 87.1973 23.285 84.1978 23.285ZM14.3887 14.037C12.6139 14.037 10.8612 14.3597 9.21109 14.9757V4.62766C9.21109 2.08281 7.14299 0.00733401 4.60554 0.00733401C2.06809 0.00733401 0 2.08281 0 4.62766V43.3797C0 45.9319 2.06809 48 4.60554 48C7.14299 48 9.21109 45.9245 9.21109 43.3797V26.5412C9.40176 26.3358 11.1178 23.285 14.3887 23.285C17.4395 23.285 19.9182 25.7858 19.9182 28.866C19.9182 29.482 19.9182 42.529 19.9036 43.2623C19.8376 45.7852 21.759 47.868 24.2524 47.9927C24.3404 47.9927 24.4211 47.9927 24.5091 47.9927C26.9586 47.9927 28.9753 46.0639 29.1 43.607C29.122 43.2257 29.122 29.0053 29.122 28.866C29.122 20.6888 22.5144 14.037 14.3887 14.037ZM136.399 14.037H133.7V4.62032C133.7 2.07548 131.61 0 129.036 0C126.462 0 124.372 2.07548 124.372 4.62032V14.037H121.673C119.106 14.037 117.009 16.1125 117.009 18.6646C117.009 21.2168 119.099 23.285 121.673 23.285H124.372V43.3797C124.372 45.9319 126.462 48 129.036 48C131.61 48 133.7 45.9245 133.7 43.3797V23.285H136.399C138.973 23.285 141.063 21.2095 141.063 18.6646C141.063 16.1198 138.973 14.037 136.399 14.037Z" fill="white"/>
+<svg width="145" height="32" viewBox="0 0 145 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M72.7484 0.0131836C71.1152 0.0131836 69.7861 1.33328 69.7861 2.96139C69.7861 4.5895 71.1152 5.90959 72.7484 5.90959C74.3816 5.90959 75.7106 4.58461 75.7106 2.96139C75.7106 1.33816 74.3816 0.0131836 72.7484 0.0131836Z" fill="#FF6165"/>
+<path d="M99.3498 0.0131836C97.7166 0.0131836 96.3875 1.33328 96.3875 2.96139C96.3875 4.5895 97.7166 5.90959 99.3498 5.90959C100.983 5.90959 102.312 4.58461 102.312 2.96139C102.312 1.33816 100.983 0.0131836 99.3498 0.0131836Z" fill="#50B5E9"/>
+<path d="M123.181 28.1326C121.263 30.5919 118.37 32 115.236 32C109.91 32 105.511 27.8784 105.221 22.6176C105.207 22.3536 105.207 19.2244 105.207 19.1951C105.207 13.7192 109.704 9.26509 115.236 9.26509C117.973 9.26509 120.626 10.3945 122.509 12.36C123.083 12.9565 123.392 13.7436 123.367 14.5699C123.348 15.3962 122.999 16.1638 122.391 16.7309C121.146 17.9044 119.169 17.8506 117.982 16.6185C117.256 15.8655 116.281 15.45 115.231 15.45C113.142 15.45 111.445 17.127 111.445 19.1902C111.445 19.5129 111.445 21.9966 111.455 22.3389C111.572 24.2701 113.235 25.8102 115.231 25.8102C116.418 25.8102 117.511 25.2773 118.232 24.3484C119.282 22.9989 121.249 22.7496 122.607 23.791C123.269 24.2946 123.691 25.0231 123.799 25.8445C123.907 26.6659 123.681 27.4775 123.176 28.1326H123.181ZM144.995 12.316V28.9442C144.995 30.6261 143.627 31.9951 141.945 31.9951C141.047 31.9951 140.213 31.5991 139.645 30.9439C138.286 31.6333 136.785 31.9951 135.26 31.9951C130.091 31.9951 125.819 27.9419 125.54 22.7642C125.525 22.5051 125.525 19.4347 125.525 19.4005C125.525 14.0174 129.895 9.64156 135.26 9.64156C136.702 9.64156 138.124 9.96914 139.434 10.595C139.988 9.77846 140.92 9.2602 141.95 9.2602C143.632 9.2602 145 10.6292 145 12.3111L144.995 12.316ZM138.889 22.4807C138.894 22.0798 138.899 19.7183 138.899 19.4053C138.899 17.3861 137.266 15.7482 135.26 15.7482C133.254 15.7482 131.621 17.391 131.621 19.4053C131.621 19.7134 131.621 22.1629 131.631 22.5051C131.744 24.3875 133.343 25.8934 135.26 25.8934C137.178 25.8934 138.767 24.3972 138.889 22.4807ZM42.3338 12.316V28.9442C42.3338 30.6261 40.9655 31.9951 39.2833 31.9951C38.3858 31.9951 37.5521 31.5991 36.9832 30.9439C35.6247 31.6333 34.124 31.9951 32.5988 31.9951C27.4247 31.9951 23.158 27.9419 22.8785 22.7642C22.8638 22.5345 22.8638 20.1338 22.8638 19.4005C22.8638 14.0174 27.2335 9.64156 32.5988 9.64156C34.0406 9.64156 35.4678 9.96914 36.7723 10.595C37.3265 9.77846 38.2583 9.2602 39.2882 9.2602C40.9704 9.2602 42.3387 10.6292 42.3387 12.3111L42.3338 12.316ZM32.5988 15.7482C30.5929 15.7482 28.9598 17.391 28.9598 19.4053C28.9598 19.7231 28.9598 22.158 28.9696 22.5002C29.0824 24.3875 30.6812 25.8934 32.5988 25.8934C34.5163 25.8934 36.1053 24.3972 36.2279 22.4807C36.2328 22.0798 36.2377 19.7231 36.2377 19.4053C36.2377 17.3861 34.6046 15.7482 32.5988 15.7482ZM72.7452 9.42643C71.1121 9.42643 69.783 10.7954 69.783 12.4773V28.9442C69.783 30.6261 71.1121 31.9951 72.7452 31.9951C74.3783 31.9951 75.7074 30.6261 75.7074 28.9442V12.4773C75.7074 10.7954 74.3783 9.42643 72.7452 9.42643ZM99.346 9.42643C97.7129 9.42643 96.3838 10.7954 96.3838 12.4773V28.9442C96.3838 30.6261 97.7129 31.9951 99.346 31.9951C100.979 31.9951 102.308 30.6261 102.308 28.9442V12.4773C102.308 10.7954 100.979 9.42643 99.346 9.42643ZM66.041 19.244C66.041 19.2733 66.0411 22.3878 66.0264 22.6469C65.7468 27.893 61.4752 32 56.3061 32C54.7808 32 53.2801 31.6333 51.9216 30.9342C51.3527 31.5991 50.519 32 49.6166 32C47.9344 32 46.5662 30.6164 46.5662 28.9198V3.08021C46.5662 1.38365 47.9344 0 49.6166 0C51.2988 0 52.6671 1.38365 52.6671 3.08021V10.0816C53.8245 9.60734 55.0604 9.35798 56.3061 9.35798C61.6762 9.35798 66.041 13.7925 66.041 19.244ZM56.3061 15.5233C54.3002 15.5233 52.6671 17.1905 52.6671 19.244C52.6671 19.5667 52.6671 22.0358 52.6769 22.3829C52.7946 24.3044 54.3885 25.8347 56.3061 25.8347C58.2236 25.8347 59.8077 24.3141 59.9352 22.3682C59.9352 21.9526 59.945 19.552 59.945 19.244C59.945 17.1905 58.3119 15.5233 56.3061 15.5233ZM9.62221 9.35798C8.43537 9.35798 7.26325 9.57311 6.15978 9.98381V3.0851C6.15978 1.38854 4.77677 0.00488934 3.07989 0.00488934C1.38301 0.00488934 0 1.38854 0 3.0851V28.9198C0 30.6212 1.38301 32 3.07989 32C4.77677 32 6.15978 30.6164 6.15978 28.9198V17.6941C6.28729 17.5572 7.4349 15.5233 9.62221 15.5233C11.6624 15.5233 13.32 17.1905 13.32 19.244C13.32 19.6547 13.32 28.3526 13.3102 28.8416C13.2661 30.5235 14.551 31.912 16.2185 31.9951C16.2773 31.9951 16.3313 31.9951 16.3901 31.9951C18.0281 31.9951 19.3768 30.7092 19.4602 29.0714C19.4749 28.8171 19.4749 19.3369 19.4749 19.244C19.4749 13.7925 15.0561 9.35798 9.62221 9.35798ZM91.2147 9.35798H89.41V3.08021C89.41 1.38365 88.0122 0 86.2908 0C84.5694 0 83.1717 1.38365 83.1717 3.08021V9.35798H81.3669C79.6504 9.35798 78.2478 10.7416 78.2478 12.4431C78.2478 14.1445 79.6455 15.5233 81.3669 15.5233H83.1717V28.9198C83.1717 30.6212 84.5694 32 86.2908 32C88.0122 32 89.41 30.6164 89.41 28.9198V15.5233H91.2147C92.9361 15.5233 94.3339 14.1396 94.3339 12.4431C94.3339 10.7465 92.9361 9.35798 91.2147 9.35798Z" fill="white"/>
 </svg>
--- a/website/client/src/components/404.vue
+++ b/website/client/src/components/404.vue
@@ -4,7 +4,7 @@
      <!-- @TODO i18n. How to setup the strings with the router-link inside?-->
      <img
        :class="retiredChatPage ? 'mt-5' : 'image-404'"
-        src="~@/assets/images/404.png"
+        src="@/assets/images/404.png"
      >
      <div v-if="retiredChatPage">
        <h1>
@@ -48,7 +48,7 @@ export default {
 </script>

 <style lang="scss" scoped>
-@import '~@/assets/scss/colors.scss';
+@import '@/assets/scss/colors.scss';

 h1, .static-wrapper h1 {
  color: $purple-200;
--- a/website/client/src/components/achievements/chooseClass.vue
+++ b/website/client/src/components/achievements/chooseClass.vue
@@ -107,7 +107,7 @@
 </template>

 <style lang="scss" scoped>
-  @import '~@/assets/scss/colors.scss';
+  @import '@/assets/scss/colors.scss';

  .btn-primary:active {
      border: 2px solid $purple-400 !important;
@@ -193,10 +193,10 @@
 import Avatar from '../avatar';
 import { mapState } from '@/libs/store';
 import markdownDirective from '@/directives/markdown';
-import warriorIcon from '@/assets/svg/warrior.svg';
-import rogueIcon from '@/assets/svg/rogue.svg';
-import healerIcon from '@/assets/svg/healer.svg';
-import wizardIcon from '@/assets/svg/wizard.svg';
+import warriorIcon from '@/assets/svg/warrior.svg?raw';
+import rogueIcon from '@/assets/svg/rogue.svg?raw';
+import healerIcon from '@/assets/svg/healer.svg?raw';
+import wizardIcon from '@/assets/svg/wizard.svg?raw';

 export default {
  components: {
--- a/website/client/src/components/achievements/firstDrops.vue
+++ b/website/client/src/components/achievements/firstDrops.vue
@@ -70,7 +70,7 @@
 </style>

 <style lang="scss" scoped>
-  @import '~@/assets/scss/colors.scss';
+  @import '@/assets/scss/colors.scss';

  h2 {
    color: $purple-200;
@@ -100,7 +100,7 @@
 </style>

 <script>
-import closeIcon from '@/assets/svg/close.svg';
+import closeIcon from '@/assets/svg/close.svg?raw';
 import Sprite from '@/components/ui/sprite.vue';

 export default {
--- a/website/client/src/components/achievements/genericAchievement.vue
+++ b/website/client/src/components/achievements/genericAchievement.vue
@@ -45,7 +45,7 @@
 </template>

 <style lang="scss">
-  @import '~@/assets/scss/mixins.scss';
+  @import '@/assets/scss/mixins.scss';

  #generic-achievement {
    @include centeredModal();
@@ -61,7 +61,7 @@
 </style>

 <style scoped lang="scss">
-  @import '~@/assets/scss/colors.scss';
+  @import '@/assets/scss/colors.scss';

  .content {
    text-align: center;
@@ -98,7 +98,7 @@
 <script>
 import achievements from '@/../../common/script/content/achievements';
 import { mapState } from '@/libs/store';
-import svgClose from '@/assets/svg/close.svg';
+import svgClose from '@/assets/svg/close.svg?raw';
 import Sprite from '@/components/ui/sprite.vue';

 export default {
--- a/website/client/src/components/achievements/levelUp.vue
+++ b/website/client/src/components/achievements/levelUp.vue
@@ -58,7 +58,7 @@ label(style='display:inline-block') {{ $t('dontShowAgain') }}
 </template>

 <style lang="scss">
-  @import '~@/assets/scss/colors.scss';
+  @import '@/assets/scss/colors.scss';

  #level-up {
    .modal-content {
@@ -157,8 +157,8 @@ label(style='display:inline-block') {{ $t('dontShowAgain') }}
 import Avatar from '../avatar';
 import Sprite from '@/components/ui/sprite';
 import { mapState } from '@/libs/store';
-import starGroup from '@/assets/svg/star-group.svg';
-import sparkles from '@/assets/svg/sparkles-left.svg';
+import starGroup from '@/assets/svg/star-group.svg?raw';
+import sparkles from '@/assets/svg/sparkles-left.svg?raw';

 const levelQuests = {
  15: 'atom1',
--- a/website/client/src/components/achievements/onboardingComplete.vue
+++ b/website/client/src/components/achievements/onboardingComplete.vue
@@ -17,7 +17,7 @@
      </h2>
      <img
        class="onboarding-complete-banner d-block"
-        src="~@/assets/images/onboarding-complete-banner@2x.png"
+        src="@/assets/images/onboarding-complete-banner@2x.png"
      >
      <p
        v-once
@@ -59,7 +59,7 @@
 </style>

 <style lang="scss" scoped>
-@import '~@/assets/scss/colors.scss';
+@import '@/assets/scss/colors.scss';

 h2 {
  color: $purple-200;
@@ -100,7 +100,7 @@ button {
 </style>

 <script>
-import svgClose from '@/assets/svg/close.svg';
+import svgClose from '@/assets/svg/close.svg?raw';

 export default {
  data () {
--- a/website/client/src/components/achievements/questInvitation.vue
+++ b/website/client/src/components/achievements/questInvitation.vue
@@ -97,9 +97,9 @@ import { mapState } from '@/libs/store';
 import Sprite from '@/components/ui/sprite';

 export default {
-  components: [
+  components: {
    Sprite,
-  ],
+  },
  data () {
    return {
      maxHealth,
--- a/website/client/src/components/achievements/wonChallenge.vue
+++ b/website/client/src/components/achievements/wonChallenge.vue
@@ -73,7 +73,7 @@
 </template>

 <style lang="scss">
-  @import '~@/assets/scss/colors.scss';
+  @import '@/assets/scss/colors.scss';

  #won-challenge {
    .modal-body {
@@ -96,7 +96,7 @@
 </style>

 <style lang="scss" scoped>
-  @import '~@/assets/scss/colors.scss';
+  @import '@/assets/scss/colors.scss';

  .purple {
    color: $purple-300;
@@ -146,9 +146,9 @@
 <script>
 import habiticaMarkdown from 'habitica-markdown';
 import closeIcon from '@/components/shared/closeIcon';
-import sparkles from '@/assets/svg/star-group.svg';
-import gem from '@/assets/svg/gem.svg';
-import stars from '@/assets/svg/sparkles-left.svg';
+import sparkles from '@/assets/svg/star-group.svg?raw';
+import gem from '@/assets/svg/gem.svg?raw';
+import stars from '@/assets/svg/sparkles-left.svg?raw';
 import { mapState } from '@/libs/store';

 export default {
--- a/website/client/src/components/admin/admin-panel/filters/formatDate.js
+++ b/website/client/src/components/admin/admin-panel/filters/formatDate.js
--- a/website/client/src/components/admin/admin-panel/index.vue
+++ b/website/client/src/components/admin/admin-panel/index.vue
@@ -1,7 +1,7 @@
 <template>
  <div class="row standard-page col-12 d-flex justify-content-center">
    <div class="admin-panel-content">
-      <h1>Admin Panel</h1>
+      <h1>{{ $t("adminPanel") }}</h1>
      <form
        class="form-inline"
        @submit.prevent="searchUsers(userIdentifier)"
@@ -72,7 +72,7 @@ export default {
  },
  mounted () {
    this.$store.dispatch('common:setTitle', {
-      section: 'Admin Panel',
+      section: this.$t('adminPanel'),
    });
  },
  methods: {
--- a/website/client/src/components/admin/admin-panel/mixins/getItemDescription.js
+++ b/website/client/src/components/admin/admin-panel/mixins/getItemDescription.js
--- a/website/client/src/components/admin/admin-panel/mixins/saveHero.js
+++ b/website/client/src/components/admin/admin-panel/mixins/saveHero.js
--- a/website/client/src/components/admin/admin-panel/search.vue
+++ b/website/client/src/components/admin/admin-panel/search.vue
@@ -55,7 +55,7 @@
 <script>
 import VueRouter from 'vue-router';
 import { mapState } from '@/libs/store';
-import LoadingSpinner from '../ui/loadingSpinner';
+import LoadingSpinner from '../../ui/loadingSpinner';

 const { isNavigationFailure, NavigationFailureType } = VueRouter;

--- a/website/client/src/components/admin/admin-panel/user-support/achievements.vue
+++ b/website/client/src/components/admin/admin-panel/user-support/achievements.vue
--- a/website/client/src/components/admin/admin-panel/user-support/avatarAndDrops.vue
+++ b/website/client/src/components/admin/admin-panel/user-support/avatarAndDrops.vue
--- a/website/client/src/components/admin/admin-panel/user-support/basicDetails.vue
+++ b/website/client/src/components/admin/admin-panel/user-support/basicDetails.vue
--- a/website/client/src/components/admin/admin-panel/user-support/contributorDetails.vue
+++ b/website/client/src/components/admin/admin-panel/user-support/contributorDetails.vue
@@ -38,12 +38,17 @@
          >
            <div class="custom-control custom-checkbox">
              <input
+                :id="permission.key"
                v-model="hero.permissions[permission.key]"
-                :disabled="!hasPermission(user, permission.key)"
+                :disabled="!hasPermission(user, permission.key)
+                  || (hero.permissions.fullAccess && permission.key !== 'fullAccess')"
                class="custom-control-input"
                type="checkbox"
              >
-              <label class="custom-control-label">
+              <label
+                class="custom-control-label"
+                :for="permission.key"
+              >
                {{ permission.name }}<br>
                <small class="text-secondary">{{ permission.description }}</small>
              </label>
@@ -124,7 +129,10 @@
          value="Save"
          class="btn btn-primary mt-1"
        >
-        <b v-if="hasUnsavedChanges" class="text-warning float-right">
+        <b
+          v-if="hasUnsavedChanges"
+          class="text-warning float-right"
+        >
          Unsaved changes
        </b>
      </div>
@@ -147,7 +155,7 @@ import markdownDirective from '@/directives/markdown';
 import saveHero from '../mixins/saveHero';

 import { mapState } from '@/libs/store';
-import { userStateMixin } from '../../../mixins/userState';
+import { userStateMixin } from '../../../../mixins/userState';

 const permissionList = [
  {
@@ -175,6 +183,11 @@ const permissionList = [
    name: 'Challenge Admin',
    description: 'Can create official habitica challenges and admin all challenges',
  },
+  {
+    key: 'accessControl',
+    name: 'Access Control',
+    description: 'Can manage IP-Address, Client and E-Mail blockers',
+  },
  {
    key: 'coupons',
    name: 'Coupon Creator',
--- a/website/client/src/components/admin/admin-panel/user-support/cronAndAuth.vue
+++ b/website/client/src/components/admin/admin-panel/user-support/cronAndAuth.vue
@@ -126,7 +126,7 @@
              @click="changeApiToken()"
            >
              Change API Token
-          </a>
+            </a>
            <div
              v-if="tokenModified"
            >
--- a/website/client/src/components/admin/admin-panel/user-support/customizationsOwned.vue
+++ b/website/client/src/components/admin/admin-panel/user-support/customizationsOwned.vue
@@ -46,7 +46,7 @@
                    :
                    <span :class="{ ownedItem: !item.neverOwned }">{{ item.text }}</span>
                  </span>
-                  - {{ itemType }}.{{item.key}} - <i> {{ item.set }}</i>
+                  - {{ itemType }}.{{ item.key }} - <i> {{ item.set }}</i>

                  <div
                    v-if="item.modified"
--- a/website/client/src/components/admin/admin-panel/user-support/index.vue
+++ b/website/client/src/components/admin/admin-panel/user-support/index.vue
@@ -16,9 +16,9 @@
          :hero="hero"
          :reset-counter="resetCounter"
          :has-unsaved-changes="hasUnsavedChanges([hero.flags, unModifiedHero.flags],
-                                                 [hero.auth, unModifiedHero.auth],
-                                                 [hero.balance, unModifiedHero.balance],
-                                                 [hero.secret, unModifiedHero.secret])"
+                                                  [hero.auth, unModifiedHero.auth],
+                                                  [hero.balance, unModifiedHero.balance],
+                                                  [hero.secret, unModifiedHero.secret])"
        />

        <subscription-and-perks
@@ -88,7 +88,7 @@

        <contributor-details
          :hero="hero"
-          :hasUnsavedChanges="hasUnsavedChanges(
+          :has-unsaved-changes="hasUnsavedChanges(
            [hero.contributor, unModifiedHero.contributor],
            [hero.permissions, unModifiedHero.permissions],
            [hero.secret, unModifiedHero.secret],
@@ -149,7 +149,7 @@ import Achievements from './achievements.vue';
 import UserHistory from './userHistory.vue';
 import Stats from './stats.vue';

-import { userStateMixin } from '../../../mixins/userState';
+import { userStateMixin } from '../../../../mixins/userState';

 export default {
  components: {
--- a/website/client/src/components/admin/admin-panel/user-support/itemsOwned.vue
+++ b/website/client/src/components/admin/admin-panel/user-support/itemsOwned.vue
--- a/website/client/src/components/admin/admin-panel/user-support/partyAndQuest.vue
+++ b/website/client/src/components/admin/admin-panel/user-support/partyAndQuest.vue
@@ -32,38 +32,43 @@
        ></p>
      </div>
      <div v-if="userHasParty">
-      <div class="form-group row">
-        <label class="col-sm-3 col-form-label">
-          Party ID
-        </label>
-        <strong class="col-sm-9 col-form-label">
-          {{ groupPartyData._id }}
-        </strong>
-      </div>
-      <div class="form-group row">
-        <label class="col-sm-3 col-form-label">
-          Estimated Member Count
-        </label>
-        <strong class="col-sm-9 col-form-label">
-          {{ groupPartyData.memberCount }}
-        </strong>
-      </div>
-      <div class="form-group row">
-        <label class="col-sm-3 col-form-label">
-          Leader
-        </label>
-        <strong class="col-sm-9 col-form-label">
-          <span v-if="userIsPartyLeader">User is the party leader</span>
-          <span v-else>Party leader is
-            <router-link :to="{'name': 'userProfile', 'params': {'userId': groupPartyData.leader}}">
-              {{ groupPartyData.leader }}
-            </router-link>
-          </span>
-        </strong>
-      </div>
-      <div
-        class="btn btn-danger"
-        @click="removeFromParty()">Remove from Party</div>
+        <div class="form-group row">
+          <label class="col-sm-3 col-form-label">
+            Party ID
+          </label>
+          <strong class="col-sm-9 col-form-label">
+            {{ groupPartyData._id }}
+          </strong>
+        </div>
+        <div class="form-group row">
+          <label class="col-sm-3 col-form-label">
+            Estimated Member Count
+          </label>
+          <strong class="col-sm-9 col-form-label">
+            {{ groupPartyData.memberCount }}
+          </strong>
+        </div>
+        <div class="form-group row">
+          <label class="col-sm-3 col-form-label">
+            Leader
+          </label>
+          <strong class="col-sm-9 col-form-label">
+            <span v-if="userIsPartyLeader">User is the party leader</span>
+            <span v-else>Party leader is
+              <router-link
+                :to="{'name': 'userProfile', 'params': {'userId': groupPartyData.leader}}"
+              >
+                {{ groupPartyData.leader }}
+              </router-link>
+            </span>
+          </strong>
+        </div>
+        <div
+          class="btn btn-danger"
+          @click="removeFromParty()"
+        >
+          Remove from Party
+        </div>
      </div>
      <strong v-else>User is not in a party.</strong>
      <div class="subsection-start">
--- a/website/client/src/components/admin/admin-panel/user-support/privilegesAndGems.vue
+++ b/website/client/src/components/admin/admin-panel/user-support/privilegesAndGems.vue
@@ -1,11 +1,13 @@
 <template>
-  <form @submit.prevent="saveHero({hero: {
-    _id: hero._id,
-    flags: hero.flags,
-    balance: hero.balance,
-    auth: hero.auth,
-    secret: hero.secret,
-  }, msg: 'Privileges or Gems or Moderation Notes'})">
+  <form
+    @submit.prevent="saveHero({hero: {
+      _id: hero._id,
+      flags: hero.flags,
+      balance: hero.balance,
+      auth: hero.auth,
+      secret: hero.secret,
+    }, msg: 'Privileges or Gems or Moderation Notes'})"
+  >
    <div class="card mt-2">
      <div class="card-header">
        <h3
@@ -14,9 +16,12 @@
          @click="expand = !expand"
        >
          Privileges, Gem Balance
-          <b v-if="hasUnsavedChanges && !expand" class="text-warning float-right">
-          Unsaved changes
-        </b>
+          <b
+            v-if="hasUnsavedChanges && !expand"
+            class="text-warning float-right"
+          >
+            Unsaved changes
+          </b>
        </h3>
      </div>
      <div
@@ -133,7 +138,10 @@
          value="Save"
          class="btn btn-primary mt-1"
        >
-        <b v-if="hasUnsavedChanges" class="text-warning float-right">
+        <b
+          v-if="hasUnsavedChanges"
+          class="text-warning float-right"
+        >
          Unsaved changes
        </b>
      </div>
--- a/website/client/src/components/admin/admin-panel/user-support/stats-row.vue
+++ b/website/client/src/components/admin/admin-panel/user-support/stats-row.vue
@@ -19,7 +19,7 @@
 </template>

 <style lang="scss" scoped>
-  @import '~@/assets/scss/colors.scss';
+  @import '@/assets/scss/colors.scss';

  .about-row {
    margin-left: 0px;
--- a/website/client/src/components/admin/admin-panel/user-support/stats.vue
+++ b/website/client/src/components/admin/admin-panel/user-support/stats.vue
@@ -8,9 +8,12 @@
          @click="expand = !expand"
        >
          Stats
-          <b v-if="hasUnsavedChanges && !expand" class="text-warning float-right">
-          Unsaved changes
-        </b>
+          <b
+            v-if="hasUnsavedChanges && !expand"
+            class="text-warning float-right"
+          >
+            Unsaved changes
+          </b>
        </h3>
      </div>
      <div
@@ -18,47 +21,60 @@
        class="card-body"
      >
        <stats-row
+          v-model="hero.stats.hp"
          label="Health"
          color="red-label"
          :max="maxHealth"
-          v-model="hero.stats.hp" />
+        />
        <stats-row
+          v-model="hero.stats.exp"
          label="Experience"
          color="yellow-label"
          min="0"
          :max="maxFieldHardCap"
-          v-model="hero.stats.exp" />
+        />
        <stats-row
+          v-model="hero.stats.mp"
          label="Mana"
          color="blue-label"
          min="0"
          :max="maxFieldHardCap"
-          v-model="hero.stats.mp" />
+        />
        <stats-row
+          v-model="hero.stats.lvl"
          label="Level"
          step="1"
          min="0"
          :max="maxLevelHardCap"
-          v-model="hero.stats.lvl" />
+        />
        <stats-row
+          v-model="hero.stats.gp"
          label="Gold"
          min="0"
          :max="maxFieldHardCap"
-          v-model="hero.stats.gp" />
+        />
        <div class="form-group row">
          <label class="col-sm-3 col-form-label">Selected Class</label>
          <div class="col-sm-9">
            <select
-                id="selectedClass"
-                v-model="hero.stats.class"
-                class="form-control"
-                :disabled="hero.stats.lvl < 10"
-              >
-                <option value="warrior">Warrior</option>
-                <option value="wizard">Mage</option>
-                <option value="healer">Healer</option>
-                <option value="rogue">Rogue</option>
-              </select>
+              id="selectedClass"
+              v-model="hero.stats.class"
+              class="form-control"
+              :disabled="hero.stats.lvl < 10"
+            >
+              <option value="warrior">
+                Warrior
+              </option>
+              <option value="wizard">
+                Mage
+              </option>
+              <option value="healer">
+                Healer
+              </option>
+              <option value="rogue">
+                Rogue
+              </option>
+            </select>
            <small>
              When changing class, players usually need stat points deallocated as well.
            </small>
@@ -67,50 +83,59 @@

        <h3>Stat Points</h3>
        <stats-row
+          v-model="hero.stats.points"
          label="Unallocated"
          min="0"
          step="1"
          :max="maxStatPoints"
-          v-model="hero.stats.points" />
+        />
        <stats-row
+          v-model="hero.stats.str"
          label="Strength"
          color="red-label"
          min="0"
          :max="maxStatPoints"
          step="1"
-          v-model="hero.stats.str" />
+        />
        <stats-row
+          v-model="hero.stats.int"
          label="Intelligence"
          color="blue-label"
          min="0"
          :max="maxStatPoints"
          step="1"
-          v-model="hero.stats.int" />
+        />
        <stats-row
+          v-model="hero.stats.per"
          label="Perception"
          color="purple-label"
          min="0"
          :max="maxStatPoints"
          step="1"
-          v-model="hero.stats.per" />
+        />
        <stats-row
+          v-model="hero.stats.con"
          label="Constitution"
          color="yellow-label"
          min="0"
          :max="maxStatPoints"
          step="1"
-          v-model="hero.stats.con" />
+        />
        <div class="form-group row">
          <div class="offset-sm-3 col-sm-9">
            <button
              type="button"
              class="btn btn-warning btn-sm"
-              @click="deallocateStatPoints">
+              @click="deallocateStatPoints"
+            >
              Deallocate all stat points
            </button>
          </div>
        </div>
-        <div class="form-group row" v-if="statPointsIncorrect">
+        <div
+          v-if="statPointsIncorrect"
+          class="form-group row"
+        >
          <div class="offset-sm-3 col-sm-9 text-danger">
            Error: Sum of stat points should equal the users level
          </div>
@@ -118,35 +143,40 @@

        <h3>Buffs</h3>
        <stats-row
+          v-model="hero.stats.buffs.str"
          label="Strength"
          color="red-label"
          min="0"
          step="1"
-          v-model="hero.stats.buffs.str" />
+        />
        <stats-row
+          v-model="hero.stats.buffs.int"
          label="Intelligence"
          color="blue-label"
          min="0"
          step="1"
-          v-model="hero.stats.buffs.int" />
+        />
        <stats-row
+          v-model="hero.stats.buffs.per"
          label="Perception"
          color="purple-label"
          min="0"
          step="1"
-          v-model="hero.stats.buffs.per" />
+        />
        <stats-row
+          v-model="hero.stats.buffs.con"
          label="Constitution"
          color="yellow-label"
          min="0"
          step="1"
-          v-model="hero.stats.buffs.con" />
+        />
        <div class="form-group row">
          <div class="offset-sm-3 col-sm-9">
            <button
              type="button"
              class="btn btn-warning btn-sm"
-              @click="resetBuffs">
+              @click="resetBuffs"
+            >
              Reset Buffs
            </button>
          </div>
@@ -161,7 +191,10 @@
          value="Save"
          class="btn btn-primary mt-1"
        >
-        <b v-if="hasUnsavedChanges" class="text-warning float-right">
+        <b
+          v-if="hasUnsavedChanges"
+          class="text-warning float-right"
+        >
          Unsaved changes
        </b>
      </div>
@@ -170,7 +203,7 @@
 </template>

 <style lang="scss" scoped>
-  @import '~@/assets/scss/colors.scss';
+  @import '@/assets/scss/colors.scss';

  .about-row {
    margin-left: 0px;
@@ -189,7 +222,7 @@ import markdownDirective from '@/directives/markdown';
 import saveHero from '../mixins/saveHero';

 import { mapState } from '@/libs/store';
-import { userStateMixin } from '../../../mixins/userState';
+import { userStateMixin } from '../../../../mixins/userState';

 import StatsRow from './stats-row';

--- a/website/client/src/components/admin/admin-panel/user-support/subscriptionAndPerks.vue
+++ b/website/client/src/components/admin/admin-panel/user-support/subscriptionAndPerks.vue
@@ -6,49 +6,71 @@
    }, msg: 'Subscription Perks' })"
  >
    <div class="card mt-2">
-      <div class="card-header"
-          @click="expand = !expand">
+      <div
+        class="card-header"
+        @click="expand = !expand"
+      >
        <h3
          class="mb-0 mt-0"
          :class="{ 'open': expand }"
        >
          Subscription, Monthly Perks
-        <b v-if="hasUnsavedChanges && !expand" class="text-warning float-right">
-          Unsaved changes
-        </b>
+          <b
+            v-if="hasUnsavedChanges && !expand"
+            class="text-warning float-right"
+          >
+            Unsaved changes
+          </b>
        </h3>
      </div>
      <div
        v-if="expand"
        class="card-body"
      >
-      <div
+        <div
          class="form-group row"
        >
          <label class="col-sm-3 col-form-label">
            Payment method:
          </label>
          <div class="col-sm-9">
-            <input v-model="hero.purchased.plan.paymentMethod"
+            <input
+              v-if="!isRegularPaymentMethod"
+              v-model="hero.purchased.plan.paymentMethod"
              class="form-control"
              type="text"
-              v-if="!isRegularPaymentMethod"
            >
-              <select
+            <select
              v-else
-                v-model="hero.purchased.plan.paymentMethod"
-                class="form-control"
-                type="text"
-              >
-                <option value="groupPlan">Group Plan</option>
-                <option value="Stripe">Stripe</option>
-                <option value="Apple">Apple</option>
-                <option value="Google">Google</option>
-                <option value="Amazon Payments">Amazon</option>
-                <option value="PayPal">PayPal</option>
-                <option value="Gift">Gift</option>
-                <option value="">Clear out</option>
-              </select>
+              v-model="hero.purchased.plan.paymentMethod"
+              class="form-control"
+              type="text"
+            >
+              <option value="groupPlan">
+                Group Plan
+              </option>
+              <option value="Stripe">
+                Stripe
+              </option>
+              <option value="Apple">
+                Apple
+              </option>
+              <option value="Google">
+                Google
+              </option>
+              <option value="Amazon Payments">
+                Amazon
+              </option>
+              <option value="PayPal">
+                PayPal
+              </option>
+              <option value="Gift">
+                Gift
+              </option>
+              <option value="">
+                Clear out
+              </option>
+            </select>
          </div>
        </div>
        <div
@@ -58,25 +80,40 @@
            Payment schedule:
          </label>
          <div class="col-sm-9">
-            <input v-model="hero.purchased.plan.planId"
+            <input
+              v-if="!isRegularPlanId"
+              v-model="hero.purchased.plan.planId"
              class="form-control"
              type="text"
-              v-if="!isRegularPlanId"
            >
-              <select
+            <select
              v-else
-                v-model="hero.purchased.plan.planId"
-                class="form-control"
-                type="text"
-              >
-                <option value="basic_earned">Monthly recurring</option>
-                <option value="basic_3mo">3 Months recurring</option>
-                <option value="basic_6mo">6 Months recurring</option>
-                <option value="basic_12mo">12 Months recurring</option>
-                <option value="group_monthly">Group Plan (legacy)</option>
-                <option value="group_plan_auto">Group Plan (auto)</option>
-                <option value="">Clear out</option>
-              </select>
+              v-model="hero.purchased.plan.planId"
+              class="form-control"
+              type="text"
+            >
+              <option value="basic_earned">
+                Monthly recurring
+              </option>
+              <option value="basic_3mo">
+                3 Months recurring
+              </option>
+              <option value="basic_6mo">
+                6 Months recurring
+              </option>
+              <option value="basic_12mo">
+                12 Months recurring
+              </option>
+              <option value="group_monthly">
+                Group Plan (legacy)
+              </option>
+              <option value="group_plan_auto">
+                Group Plan (auto)
+              </option>
+              <option value="">
+                Clear out
+              </option>
+            </select>
          </div>
        </div>
        <div
@@ -86,43 +123,50 @@
            Customer ID:
          </label>
          <div class="col-sm-9">
-              <input
-                v-model="hero.purchased.plan.customerId"
-                class="form-control"
-                type="text"
-              >
+            <input
+              v-model="hero.purchased.plan.customerId"
+              class="form-control"
+              type="text"
+            >
          </div>
        </div>
-        <div class="form-group row"
-          v-if="hero.purchased.plan.planId === 'group_plan_auto'">
+        <div
+          v-if="hero.purchased.plan.planId === 'group_plan_auto'"
+          class="form-group row"
+        >
          <label class="col-sm-3 col-form-label">
            Group Plan Memberships:
          </label>
          <div class="col-sm-9 col-form-label">
            <loading-spinner
-                v-if="!groupPlans"
-                dark-color=true
-              />
+              v-if="!groupPlans"
+              dark-color="true"
+            />
            <b
-            v-else-if="groupPlans.length === 0"
-            class="text-danger col-form-label"
+              v-else-if="groupPlans.length === 0"
+              class="text-danger col-form-label"
            >User is not part of an active group plan!</b>
            <div
-            v-else
              v-for="group in groupPlans"
+              v-else
              :key="group._id"
-              class="card mb-2">
+              class="card mb-2"
+            >
              <div class="card-body">
-                <h6 class="card-title">{{  group.name }}
+                <h6 class="card-title">
+                  {{ group.name }}
                  <small class="float-right">{{ group._id }}</small>
                </h6>
                <p class="card-text">
                  <strong>Leader: </strong>
-                <a
-                v-if="group.leader !== hero._id"
-                @click="switchUser(group.leader)"
-                >{{ group.leader }}</a>
-                <strong v-else class="text-success">This user</strong>
+                  <a
+                    v-if="group.leader !== hero._id"
+                    @click="switchUser(group.leader)"
+                  >{{ group.leader }}</a>
+                  <strong
+                    v-else
+                    class="text-success"
+                  >This user</strong>
                </p>
                <p class="card-text">
                  <strong>Members: </strong> {{ group.memberCount }}
@@ -190,16 +234,21 @@
                <strong class="input-group-text">
                  {{ dateFormat(hero.purchased.plan.dateTerminated) }}
                </strong>
-                <a class="btn btn-danger"
-              href="#"
+                <a
+                  v-if="!hero.purchased.plan.dateTerminated && hero.purchased.plan.planId"
                  v-b-modal.sub_termination_modal
-                  v-if="!hero.purchased.plan.dateTerminated && hero.purchased.plan.planId">
+                  class="btn btn-danger"
+                  href="#"
+                >
                  Terminate
-              </a>
+                </a>
              </div>
            </div>
-            <small v-if="!hero.purchased.plan.dateTerminated
-              && hero.purchased.plan.planId" class="text-success">
+            <small
+              v-if="!hero.purchased.plan.dateTerminated
+                && hero.purchased.plan.planId"
+              class="text-success"
+            >
              The subscription does not have a termination date and is active.
            </small>
          </div>
@@ -235,11 +284,13 @@
                step="any"
              >
              <div class="input-group-append">
-                <a class="btn btn-warning"
+                <a
+                  v-if="hero.purchased.plan.dateTerminated && hero.purchased.plan.extraMonths > 0"
+                  class="btn btn-warning"
                  @click="applyExtraMonths"
-                  v-if="hero.purchased.plan.dateTerminated && hero.purchased.plan.extraMonths > 0">
+                >
                  Apply Credit
-              </a>
+                </a>
              </div>
            </div>
            <small class="text-secondary">
@@ -339,19 +390,24 @@
            </span>
          </div>
        </div>
-        <div class="form-group row"
-              v-if="!isConvertingToGroupPlan && hero.purchased.plan.planId !== 'group_plan_auto'">
+        <div
+          v-if="!isConvertingToGroupPlan && hero.purchased.plan.planId !== 'group_plan_auto'"
+          class="form-group row"
+        >
          <div class="offset-sm-3 col-sm-9">
            <button
              type="button"
              class="btn btn-secondary btn-sm"
-              @click="beginGroupPlanConvert">
+              @click="beginGroupPlanConvert"
+            >
              Begin converting to group plan subscription
            </button>
          </div>
        </div>
-        <div class="form-group row"
-          v-if="isConvertingToGroupPlan">
+        <div
+          v-if="isConvertingToGroupPlan"
+          class="form-group row"
+        >
          <label class="col-sm-3 col-form-label">
            Group Plan group ID:
          </label>
@@ -374,25 +430,40 @@
          class="btn btn-primary mt-1"
          @click="saveClicked"
        >
-        <b v-if="hasUnsavedChanges" class="text-warning float-right">
+        <b
+          v-if="hasUnsavedChanges"
+          class="text-warning float-right"
+        >
          Unsaved changes
        </b>
      </div>
    </div>
-    <b-modal id="sub_termination_modal" title="Set Termination Date">
+    <b-modal
+      id="sub_termination_modal"
+      title="Set Termination Date"
+    >
      <p>
        You can set the sub benefit termination date to today or to the last
        day of the current billing cycle. Any extra subscription credit will
        then be processed and automatically added onto the selected date.
      </p>
      <template #modal-footer>
-        <div class="mt-3 btn btn-secondary" @click="$bvModal.hide('sub_termination_modal')">
+        <div
+          class="mt-3 btn btn-secondary"
+          @click="$bvModal.hide('sub_termination_modal')"
+        >
          Close
        </div>
-        <div class="mt-3 btn btn-danger" @click="terminateSubscription()">
+        <div
+          class="mt-3 btn btn-danger"
+          @click="terminateSubscription()"
+        >
          Set to Today
        </div>
-        <div class="mt-3 btn btn-danger" @click="terminateSubscription(todayWithRemainingCycle)">
+        <div
+          class="mt-3 btn btn-danger"
+          @click="terminateSubscription(todayWithRemainingCycle)"
+        >
          Set to {{ todayWithRemainingCycle.utc().format('MM/DD/YYYY') }}
        </div>
      </template>
@@ -401,7 +472,7 @@
 </template>

 <style lang="scss" scoped>
-  @import '~@/assets/scss/colors.scss';
+  @import '@/assets/scss/colors.scss';

 .input-group-append {
  width: auto;
@@ -420,15 +491,15 @@
 import isUUID from 'validator/es/lib/isUUID';
 import moment from 'moment';
 import { getPlanContext } from '@/../../common/script/cron';
+import subscriptionBlocks from '@/../../common/script/content/subscriptionBlocks';
 import saveHero from '../mixins/saveHero';
-import subscriptionBlocks from '../../../../../common/script/content/subscriptionBlocks';
 import LoadingSpinner from '@/components/ui/loadingSpinner';

 export default {
-  mixins: [saveHero],
  components: {
    LoadingSpinner,
  },
+  mixins: [saveHero],
  props: {
    hero: {
      type: Object,
--- a/website/client/src/components/admin/admin-panel/user-support/transactions.vue
+++ b/website/client/src/components/admin/admin-panel/user-support/transactions.vue
@@ -22,8 +22,8 @@
 </template>

 <script>
-import PurchaseHistoryTable from '../../ui/purchaseHistoryTable.vue';
-import { userStateMixin } from '../../../mixins/userState';
+import PurchaseHistoryTable from '../../../ui/purchaseHistoryTable.vue';
+import { userStateMixin } from '../../../../mixins/userState';

 export default {
  components: {
--- a/website/client/src/components/admin/admin-panel/user-support/userHistory.vue
+++ b/website/client/src/components/admin/admin-panel/user-support/userHistory.vue
@@ -150,7 +150,7 @@
 </template>

 <style lang="scss" scoped>
-  @import '~@/assets/scss/colors.scss';
+  @import '@/assets/scss/colors.scss';

  .page-header.btn-flat {
    background: transparent;
@@ -180,7 +180,7 @@

 <script>
 import moment from 'moment';
-import { userStateMixin } from '../../../mixins/userState';
+import { userStateMixin } from '../../../../mixins/userState';

 export default {
  filters: {
--- a/website/client/src/components/admin/admin-panel/user-support/userProfile.vue
+++ b/website/client/src/components/admin/admin-panel/user-support/userProfile.vue
@@ -13,9 +13,12 @@
          @click="expand = !expand"
        >
          User Profile
-          <b v-if="hasUnsavedChanges && !expand" class="text-warning float-right">
-          Unsaved changes
-        </b>
+          <b
+            v-if="hasUnsavedChanges && !expand"
+            class="text-warning float-right"
+          >
+            Unsaved changes
+          </b>
        </h3>
      </div>
      <div
@@ -66,7 +69,10 @@
          value="Save"
          class="btn btn-primary mt-1"
        >
-        <b v-if="hasUnsavedChanges" class="text-warning float-right">
+        <b
+          v-if="hasUnsavedChanges"
+          class="text-warning float-right"
+        >
          Unsaved changes
        </b>
      </div>
@@ -86,7 +92,7 @@ import markdownDirective from '@/directives/markdown';
 import saveHero from '../mixins/saveHero';

 import { mapState } from '@/libs/store';
-import { userStateMixin } from '../../../mixins/userState';
+import { userStateMixin } from '../../../../mixins/userState';

 function resetData (self) {
  self.expand = false;
--- a/website/client/src/components/admin/blocker/blocker_form.vue
+++ b/website/client/src/components/admin/blocker/blocker_form.vue
@@ -0,0 +1,133 @@
+<template>
+  <div style="display: contents">
+    <td>
+      <select
+        v-model="blocker.type"
+        class="form-control"
+        @change="onTypeChanged"
+      >
+        <option value="ipaddress">
+          IP-Address
+        </option>
+        <option value="client">
+          Client Identifier
+        </option>
+        <option value="email">
+          E-Mail
+        </option>
+      </select>
+    </td>
+    <td>
+      <select
+        v-model="blocker.area"
+        class="form-control"
+      >
+        <option value="full">
+          Full
+        </option>
+      </select>
+    </td>
+    <td>
+      <input
+        v-model="blocker.value"
+        class="form-control"
+        autocorrect="off"
+        autocapitalize="off"
+        :class="{ 'is-invalid input-invalid': !isValid }"
+        @input="validateValue"
+      >
+    </td>
+    <td>
+      <input
+        v-model="blocker.reason"
+        class="form-control"
+      >
+    </td>
+    <td
+      colspan="3"
+      class="text-right"
+    >
+      <button
+        class="btn btn-primary mr-2"
+        :disabled="!isValid"
+        :class="{ disabled: !isValid }"
+        @click="$emit('save', blocker)"
+      >
+        <span>Save</span>
+      </button>
+      <button
+        class="btn btn-danger"
+        @click="$emit('cancel')"
+      >
+        <span>Cancel</span>
+      </button>
+    </td>
+  </div>
+</template>
+
+<style lang="scss" scoped>
+ .btn-primary.disabled {
+    background: #4F2A93;
+    color: white;
+    cursor: not-allowed;
+    opacity: 0.5;
+ }
+</style>
+
+<script>
+import isIP from 'validator/es/lib/isIP';
+
+export default {
+  name: 'BlockerForm',
+  props: {
+    isNew: {
+      type: Boolean,
+      default: false,
+    },
+    blocker: {
+      type: Object,
+      default: () => ({
+        type: '',
+        area: '',
+        value: '',
+        reason: '',
+      }),
+    },
+  },
+  data () {
+    return {
+      isValid: false,
+    };
+  },
+  mounted () {
+    this.validateValue();
+  },
+  methods: {
+    onTypeChanged () {
+      if (this.blocker.type === 'email') {
+        this.blocker.area = 'full';
+      }
+      this.validateValue();
+    },
+    validateValue () {
+      if (this.blocker.type === 'ipaddress') {
+        this.validateValueAsIpAddress();
+      } else if (this.blocker.type === 'client') {
+        this.validateValueAsClient();
+      } else if (this.blocker.type === 'email') {
+        this.validateValueAsEmail();
+      }
+    },
+    validateValueAsEmail () {
+      const emailRegex = /^([a-zA-Z0-9._%+-]*)@(?:[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})?$/;
+      this.isValid = emailRegex.test(this.blocker.value) && this.blocker.value.length > 3;
+    },
+    validateValueAsIpAddress () {
+      this.isValid = isIP(this.blocker.value);
+    },
+    validateValueAsClient () {
+      this.isValid = this.blocker.value.length > 0;
+    },
+  },
+};
+</script>
--- a/website/client/src/components/admin/blocker/index.vue
+++ b/website/client/src/components/admin/blocker/index.vue
@@ -0,0 +1,238 @@
+<template>
+  <div class="row standard-page col-12 d-flex justify-content-center">
+    <div class="blocker-content">
+      <h1>
+        Blockers
+        <button
+          class="btn btn-primary float-right"
+          @click="showCreateForm = true"
+        >
+          Create
+        </button>
+      </h1>
+      <table class="table table-bordered">
+        <thead>
+          <tr>
+            <th>
+              Type <span
+                id="type_tooltip"
+                class="info-icon"
+              >?</span>
+              <b-tooltip
+                target="type_tooltip"
+              >
+                <b>IP-Address</b> - Block access for a specific IP-Address
+                <br>
+                <br>
+                <b>Client</b> - Block access for a client based on the "x-client" header.
+                <br>
+                <br>
+                <b>E-Mail</b> - Blocks e-mails from being used for signup.
+              </b-tooltip>
+            </th>
+            <th>
+              Area <span
+                id="area_tooltip"
+                class="info-icon"
+              >?</span>
+              <b-tooltip
+                target="area_tooltip"
+              >
+                <b>Full</b> - Block access to the entire site.
+                <br>
+                <br>
+                <b>Payments</b> - Block access to any payment related functionality.
+              </b-tooltip>
+            </th>
+            <th>Value</th>
+            <th>Reason</th>
+            <th>Source</th>
+            <th>Created at</th>
+            <th class="btncol"></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr v-if="showCreateForm">
+            <BlockerForm
+              :is-new="true"
+              :blocker="newBlocker"
+              @save="createBlocker"
+              @cancel="showCreateForm = false"
+            />
+          </tr>
+          <tr
+            v-for="blocker in blockers"
+            :key="blocker._id"
+          >
+            <BlockerForm
+              v-if="blocker._id === editedBlockerId"
+              :blocker="blocker"
+              @save="saveBlocker(blocker)"
+              @cancel="editedBlockerId = null"
+            />
+            <template v-else>
+              <td>{{ getTypeName(blocker.type) }}</td>
+              <td>{{ getAreaName(blocker.area) }}</td>
+              <td>{{ blocker.value }}</td>
+              <td>{{ blocker.reason || "--" }}</td>
+              <td>{{ blocker.blockSource }}</td>
+              <td>{{ blocker.createdAt }}</td>
+              <td>
+                <button
+                  class="btn btn-primary mr-2"
+                  @click="editBlocker(blocker._id)"
+                >
+                  <span
+                    v-once
+                    class="svg-icon icon-16"
+                    v-html="icons.editIcon"
+                  ></span>
+                </button>
+                <button
+                  class="btn btn-danger"
+                  @click="deleteBlocker(blocker._id)"
+                >
+                  <span
+                    v-once
+                    class="svg-icon icon-16"
+                    v-html="icons.deleteIcon"
+                  ></span>
+                </button>
+              </td>
+            </template>
+          </tr>
+        </tbody>
+      </table>
+    </div>
+  </div>
+</template>
+
+<style lang="scss" scoped>
+@import '@/assets/scss/colors.scss';
+
+  .blocker-content {
+    flex: 0 0 100%;
+    max-width: 1200px;
+  }
+
+  .btn {
+    padding: 0.4rem 0.75rem;
+  }
+
+  .btncol {
+    width: 123px;
+  }
+
+  td {
+    font-size: 1rem;
+  }
+
+  .info-icon {
+    font-size: 0.8rem;
+    color: $purple-400;
+    cursor: pointer;
+    margin-left: 0.5rem;
+    background-color: $gray-500;
+    padding: 0.1rem 0.3rem;
+    border-radius: 0.2rem;
+  }
+
+  .info-icon:hover {
+    background-color: $purple-400;
+    color: white;
+  }
+</style>
+
+<script>
+import { mapState } from '@/libs/store';
+
+import editIcon from '@/assets/svg/edit.svg?raw';
+import deleteIcon from '@/assets/svg/delete.svg?raw';
+import BlockerForm from './blocker_form.vue';
+
+export default {
+  components: {
+    BlockerForm,
+  },
+  data () {
+    return {
+      showCreateForm: false,
+      newBlocker: {
+        type: '',
+        area: 'full',
+        value: '',
+        reason: '',
+      },
+      blockers: [],
+      editedBlockerId: null,
+      icons: Object.freeze({
+        editIcon,
+        deleteIcon,
+      }),
+    };
+  },
+  computed: {
+    ...mapState({ user: 'user.data' }),
+  },
+  mounted () {
+    this.$store.dispatch('common:setTitle', {
+      section: this.$t('siteBlockers'),
+    });
+    this.loadBlockers();
+  },
+  methods: {
+    async loadBlockers () {
+      this.blockers = await this.$store.dispatch('blockers:getBlockers');
+    },
+    editBlocker (id) {
+      this.editedBlockerId = id;
+    },
+    async saveBlocker (blocker) {
+      await this.$store.dispatch('blockers:updateBlocker', { blocker });
+      this.editedBlockerId = null;
+      this.loadBlockers();
+    },
+    async deleteBlocker (blockerId) {
+      if (!window.confirm('Are you sure you want to delete this blocker?')) {
+        return;
+      }
+      await this.$store.dispatch('blockers:deleteBlocker', { blockerId });
+      this.loadBlockers();
+    },
+    async createBlocker (blocker) {
+      await this.$store.dispatch('blockers:createBlocker', { blocker });
+      this.showCreateForm = false;
+      this.newBlocker = {
+        type: '',
+        area: 'full',
+        value: '',
+        reason: '',
+      };
+      this.loadBlockers();
+    },
+
+    getTypeName (type) {
+      switch (type) {
+        case 'ipaddress':
+          return 'IP-Address';
+        case 'email':
+          return 'E-Mail';
+        case 'client':
+          return 'Client Identifier';
+        default:
+          return type;
+      }
+    },
+    getAreaName (area) {
+      switch (area) {
+        case 'full':
+          return 'Full';
+        case 'payments':
+          return 'Payments';
+        default:
+          return area;
+      }
+    },
+  },
+};
+</script>
--- a/website/client/src/components/admin/container.vue
+++ b/website/client/src/components/admin/container.vue
@@ -0,0 +1,40 @@
+<template>
+  <div class="row">
+    <secondary-menu class="col-12">
+      <router-link
+        v-if="hasPermission(user, 'userSupport')"
+        class="nav-link"
+        :to="{name: 'adminPanel'}"
+      >
+        {{ $t('adminPanel') }}
+      </router-link>
+      <router-link
+        v-if="hasPermission(user, 'accessControl')"
+        class="nav-link"
+        :to="{name: 'blockers'}"
+      >
+        {{ $t('siteBlockers') }}
+      </router-link>
+    </secondary-menu><div class="col-12">
+      <router-view />
+    </div>
+  </div>
+</template>
+
+<script>
+import { mapState } from '@/libs/store';
+import SecondaryMenu from '@/components/secondaryMenu';
+import { userStateMixin } from '../../mixins/userState';
+
+export default {
+  components: {
+    SecondaryMenu,
+  },
+  mixins: [
+    userStateMixin,
+  ],
+  computed: {
+    ...mapState({ user: 'user.data' }),
+  },
+};
+</script>
--- a/website/client/src/components/appFooter.vue
+++ b/website/client/src/components/appFooter.vue
@@ -1,6 +1,7 @@
 <template>
  <div>
    <buy-gems-modal v-if="user" />
+    <privacy-modal />
    <footer>
      <!-- Product -->
      <div class="product">
@@ -276,9 +277,9 @@
      </div>

      <div
-        class="time-travel"
        v-if="TIME_TRAVEL_ENABLED && user?.permissions?.fullAccess"
        :key="lastTimeJump"
+        class="time-travel"
      >
        <a
          class="btn btn-secondary mr-1"
@@ -299,7 +300,7 @@
            @click="resetTime()"
          >
            Reset
-        </a>
+          </a>
        </div>
        <a
          class="btn btn-secondary mr-1"
@@ -403,7 +404,7 @@
 </template>

 <style lang="scss" scoped>
-  @import '~@/assets/scss/colors.scss';
+  @import '@/assets/scss/colors.scss';
 .footer-row {
  margin: 0;
  flex: 0 1 auto;
@@ -838,30 +839,34 @@ import moment from 'moment';
 import Vue from 'vue';

 // images
-import melior from '@/assets/svg/melior.svg';
-import bluesky from '@/assets/svg/bluesky.svg';
-import facebook from '@/assets/svg/facebook.svg';
-import instagram from '@/assets/svg/instagram.svg';
-import tumblr from '@/assets/svg/tumblr.svg';
-import heart from '@/assets/svg/heart.svg';
+import melior from '@/assets/svg/melior.svg?raw';
+import bluesky from '@/assets/svg/bluesky.svg?raw';
+import facebook from '@/assets/svg/facebook.svg?raw';
+import instagram from '@/assets/svg/instagram.svg?raw';
+import tumblr from '@/assets/svg/tumblr.svg?raw';
+import heart from '@/assets/svg/heart.svg?raw';

 // components & modals
 import { mapState } from '@/libs/store';
 import buyGemsModal from './payments/buyGemsModal.vue';
+import privacyModal from './settings/privacyModal.vue';
 import reportBug from '@/mixins/reportBug.js';
 import { worldStateMixin } from '@/mixins/worldState';

-const DEBUG_ENABLED = process.env.DEBUG_ENABLED === 'true'; // eslint-disable-line no-process-env
-const TIME_TRAVEL_ENABLED = process.env.TIME_TRAVEL_ENABLED === 'true'; // eslint-disable-line no-process-env
+const DEBUG_ENABLED = import.meta.env.DEBUG_ENABLED === 'true';
+const TIME_TRAVEL_ENABLED = import.meta.env.TIME_TRAVEL_ENABLED === 'true';
+
 let sinon;
-if (TIME_TRAVEL_ENABLED) {
-  // eslint-disable-next-line global-require
-  sinon = await import('sinon');
+if (import.meta.env.TIME_TRAVEL_ENABLED === 'true') {
+  (async () => {
+    sinon = await import('sinon');
+  })();
 }

 export default {
  components: {
    buyGemsModal,
+    privacyModal,
  },
  mixins: [
    reportBug,
@@ -944,24 +949,28 @@ export default {
    },
    async jumpTime (amount) {
      const response = await axios.post('/api/v4/debug/jump-time', { offsetDays: amount });
-      if (amount > 0) {
-        Vue.config.clock.jump(amount * 24 * 60 * 60 * 1000);
-      } else {
-        Vue.config.clock.setSystemTime(moment().add(amount, 'days').toDate());
-      }
-      this.lastTimeJump = response.data.data.time;
-      this.triggerGetWorldState(true);
+      setTimeout(() => {
+        if (amount > 0) {
+          Vue.config.clock.jump(amount * 24 * 60 * 60 * 1000);
+        } else {
+          Vue.config.clock.setSystemTime(moment().add(amount, 'days').toDate());
+        }
+        this.lastTimeJump = response.data.data.time;
+        this.triggerGetWorldState(true);
+      }, 1000);
    },
    async resetTime () {
      const response = await axios.post('/api/v4/debug/jump-time', { reset: true });
      const time = new Date(response.data.data.time);
-      Vue.config.clock.restore();
-      Vue.config.clock = sinon.useFakeTimers({
-        now: time,
-        shouldAdvanceTime: true,
-      });
-      this.lastTimeJump = response.data.data.time;
-      this.triggerGetWorldState(true);
+      setTimeout(() => {
+        Vue.config.clock.restore();
+        Vue.config.clock = sinon.useFakeTimers({
+          now: time,
+          shouldAdvanceTime: true,
+        });
+        this.lastTimeJump = response.data.data.time;
+        this.triggerGetWorldState(true);
+      }, 1000);
    },
    addExp () {
      // @TODO: Name these variables better
--- a/website/client/src/components/auth/authForm.vue
+++ b/website/client/src/components/auth/authForm.vue
@@ -140,11 +140,6 @@
      >
        {{ $t('passwordConfirmationMatch') }}
      </div>
-      <small
-        v-once
-        class="form-text"
-        v-html="$t('termsAndAgreement')"
-      ></small>
    </div>
    <div class="text-center">
      <div
@@ -168,7 +163,7 @@
 </template>

 <style lang="scss" scoped>
-  @import '~@/assets/scss/colors.scss';
+  @import '@/assets/scss/colors.scss';

  .form {
    margin: 0 auto;
@@ -227,8 +222,8 @@ import debounce from 'lodash/debounce';
 import isEmail from 'validator/es/lib/isEmail';
 import { MINIMUM_PASSWORD_LENGTH } from '@/../../common/script/constants';
 import { setUpAxios, buildAppleAuthUrl } from '@/libs/auth';
-import googleIcon from '@/assets/svg/google.svg';
-import appleIcon from '@/assets/svg/apple_black.svg';
+import googleIcon from '@/assets/svg/google.svg?raw';
+import appleIcon from '@/assets/svg/apple_black.svg?raw';

 export default {
  name: 'AuthForm',
@@ -290,7 +285,7 @@ export default {
  },
  mounted () {
    hello.init({
-      google: process.env.GOOGLE_CLIENT_ID, // eslint-disable-line
+      google: import.meta.env.GOOGLE_CLIENT_ID, // eslint-disable-line
    });
  },
  methods: {
--- a/website/client/src/components/auth/registerLoginReset.vue
+++ b/website/client/src/components/auth/registerLoginReset.vue
@@ -3,6 +3,9 @@
    <div id="top-background">
      <div class="seamless_stars_varied_opacity_repeat"></div>
    </div>
+    <privacy-banner
+      class="privacy-banner"
+    />
    <form
      v-if="!forgotPassword && !resetPasswordSetNewOne"
      id="login-form"
@@ -10,17 +13,18 @@
    >
      <div class="text-center">
        <div>
-          <div
-            class="svg-icon svg habitica-logo"
+          <a
+            href="/static/home"
+            class="svg-icon svg habitica-logo mx-auto mb-4"
            v-html="icons.habiticaIcon"
-          ></div>
+          ></a>
        </div>
      </div>
-      <div class="form-group row text-center">
-        <div class="col-12 col-md-12">
+      <div class="form-group">
+        <div>
          <div
            class="btn btn-secondary social-button"
-            @click="socialAuth('google')"
+            @click="proceed('google')"
          >
            <div
              class="svg-icon social-icon"
@@ -29,18 +33,16 @@
            <div
              class="text"
            >
-              {{ registering
-                ? $t('signUpWithSocial', {social: 'Google'})
-                : $t('loginWithSocial', {social: 'Google'}) }}
+              {{ $t('signUpWithSocial', {social: 'Google'}) }}
            </div>
          </div>
        </div>
      </div>
-      <div class="form-group row text-center">
-        <div class="col-12 col-md-12">
+      <div class="form-group">
+        <div>
          <div
            class="btn btn-secondary social-button"
-            @click="socialAuth('apple')"
+            @click="proceed('apple')"
          >
            <div
              class="svg-icon social-icon"
@@ -49,43 +51,18 @@
            <div
              class="text"
            >
-              {{ registering
-                ? $t('signUpWithSocial', {social: 'Apple'})
-                : $t('loginWithSocial', {social: 'Apple'}) }}
+              {{ $t('signUpWithSocial', {social: 'Apple'}) }}
            </div>
          </div>
        </div>
      </div>
-      <div class="strike">
+      <div class="strike mb-3">
        <span>{{ $t('or') }}</span>
      </div>
-      <div
-        v-if="registering"
-        class="form-group"
-      >
-        <label
-          v-once
-          for="usernameInput"
-        >{{ $t('username') }}</label>
-        <input
-          id="usernameInput"
-          v-model="username"
-          class="form-control input-with-error"
-          type="text"
-          :placeholder="$t('usernamePlaceholder')"
-          :class="{'input-valid': usernameValid, 'input-invalid': usernameInvalid}"
-        >
-        <div
-          v-for="issue in usernameIssues"
-          :key="issue"
-          class="input-error"
-        >
-          {{ issue }}
-        </div>
-      </div>
      <div
        v-if="!registering"
        class="form-group"
+        :class="{ 'mb-2': usernameIssues.length > 0 }"
      >
        <label
          v-once
@@ -94,11 +71,22 @@
        <input
          id="usernameInput"
          v-model="username"
-          class="form-control"
+          class="form-control dark"
          type="text"
          :placeholder="$t('emailOrUsername')"
+          :class="{
+            'input-valid': usernameValid,
+            'input-invalid': usernameInvalid,
+          }"
        >
      </div>
+      <div
+        v-for="issue in usernameIssues"
+        :key="issue"
+        class="input-error"
+      >
+        {{ issue }}
+      </div>
      <div
        v-if="registering"
        class="form-group"
@@ -110,13 +98,25 @@
        <input
          id="emailInput"
          v-model="email"
-          class="form-control"
+          class="form-control dark"
          type="email"
          :placeholder="$t('emailPlaceholder')"
-          :class="{'input-invalid': emailInvalid, 'input-valid': emailValid}"
+          :class="{
+            'input-invalid input-with-error': emailError,
+            'input-valid': emailValid,
+          }"
        >
+        <div
+          v-if="emailError"
+          class="input-error"
+        >
+          {{ emailError }}
+        </div>
      </div>
-      <div class="form-group">
+      <div
+        class="form-group"
+        :class="{ 'mt-2': usernameIssues.length > 0 }"
+      >
        <label
          v-once
          for="passwordInput"
@@ -130,12 +130,12 @@
        <input
          id="passwordInput"
          v-model="password"
-          class="form-control"
+          class="form-control dark"
          type="password"
          :placeholder="$t(registering ? 'passwordPlaceholder' : 'password')"
          :class="{
-            'input-invalid input-with-error': registering && passwordInvalid,
-            'input-valid': registering && passwordValid
+            'input-invalid input-with-error': passwordInvalid,
+            'input-valid': passwordValid
          }"
        >
        <div
@@ -144,10 +144,16 @@
        >
          {{ $t('minPasswordLength') }}
        </div>
+        <div
+          v-if="passwordInvalid && !registering"
+          class="input-error"
+        >
+          {{ $t('minPasswordLengthLogin') }}
+        </div>
      </div>
      <div
        v-if="registering"
-        class="form-group"
+        class="form-group mb-4"
      >
        <label
          v-once
@@ -156,7 +162,7 @@
        <input
          id="confirmPasswordInput"
          v-model="passwordConfirm"
-          class="form-control input-with-error"
+          class="form-control dark input-with-error"
          type="password"
          :placeholder="$t('confirmPasswordPlaceholder')"
          :class="{'input-invalid': passwordConfirmInvalid, 'input-valid': passwordConfirmValid}"
@@ -167,30 +173,26 @@
        >
          {{ $t('passwordConfirmationMatch') }}
        </div>
-        <small
-          v-once
-          class="form-text"
-          v-html="$t('termsAndAgreement')"
-        ></small>
      </div>
      <div class="text-center">
        <button
          v-if="registering"
+          id="continue-button"
          type="submit"
-          class="btn btn-info"
-          :disabled="signupFormInvalid"
+          class="btn btn-info w-100 mb-4"
+          :disabled="!(emailValid && passwordValid && passwordConfirmValid)"
        >
-          {{ $t('joinHabitica') }}
+          {{ $t('continue') }}
        </button>
        <button
          v-if="!registering"
-          v-once
          type="submit"
-          class="btn btn-info"
+          class="btn btn-info w-100 mb-4"
+          :disabled="!usernameValid || !passwordValid"
        >
          {{ $t('login') }}
        </button>
-        <div class="toggle-links">
+        <div>
          <router-link
            v-if="registering"
            :to="{name: 'login'}"
@@ -198,7 +200,7 @@
          >
            <a
              v-once
-              class="toggle-link"
+              class="white"
              v-html="$t('alreadyHaveAccountLogin')"
            ></a>
          </router-link>
@@ -209,7 +211,7 @@
          >
            <a
              v-once
-              class="toggle-link"
+              class="white"
              v-html="$t('dontHaveAccountSignup')"
            ></a>
          </router-link>
@@ -220,47 +222,67 @@
      v-if="forgotPassword"
      id="forgot-form"
      @submit.prevent="handleSubmit"
-      @keyup.enter="handleSubmit"
    >
-      <div class="text-center">
+      <div>
        <div>
-          <div class="svg-icon gryphon"></div>
-        </div>
-        <div>
-          <div
-            class="svg-icon habitica-logo"
+          <a
+            href="/static/home"
+            class="svg-icon habitica-logo mx-auto mb-4"
            v-html="icons.habiticaIcon"
-          ></div>
+          ></a>
        </div>
        <div class="header">
-          <h2 v-once>
+          <h2
+            v-once
+            class="text-center"
+          >
            {{ $t('emailNewPass') }}
          </h2>
-          <p v-once>
+          <p
+            v-once
+            class="purple-600 text-left"
+          >
            {{ $t('forgotPasswordSteps') }}
          </p>
        </div>
-      </div>
-      <div class="form-group row text-center">
-        <label
-          v-once
-          for="usernameInput"
-        >{{ $t('emailOrUsername') }}</label>
-        <input
-          id="usernameInput"
-          v-model="username"
-          class="form-control"
-          type="text"
-          :placeholder="$t('emailUsernamePlaceholder')"
-        >
-      </div>
-      <div class="text-center">
        <div
-          v-once
-          class="btn btn-info"
-          @click="forgotPasswordLink()"
+          class="form-group"
+          :class="{
+            'mb-2': usernameIssues.length > 0,
+            'mb-4': usernameIssues.length === 0,
+          }"
        >
-          {{ $t('sendLink') }}
+          <label
+            v-once
+            for="usernameInput"
+          >{{ $t('emailOrUsername') }}</label>
+          <input
+            id="usernameInput"
+            v-model="username"
+            class="form-control dark"
+            type="text"
+            :placeholder="$t('emailUsernamePlaceholder')"
+            :class="{
+              'input-valid': usernameValid,
+              'input-invalid': usernameInvalid,
+            }"
+          >
+        </div>
+        <div
+          v-for="issue in usernameIssues"
+          :key="issue"
+          class="input-error mb-2"
+        >
+          {{ issue }}
+        </div>
+        <div class="text-center">
+          <button
+            class="btn btn-info w-100"
+            :disabled="!username || usernameIssues.length > 0"
+            @click="forgotPasswordLink()"
+          >
+            {{ $t('sendLink') }}
+          </button>
        </div>
      </div>
    </form>
@@ -268,14 +290,14 @@
      v-if="resetPasswordSetNewOne"
      id="reset-password-set-new-one-form"
      @submit.prevent="handleSubmit"
-      @keyup.enter="handleSubmit"
    >
      <div class="text-center">
        <div>
-          <div
-            class="svg-icon habitica-logo color"
+          <a
+            href="/static/home"
+            class="svg-icon habitica-logo mx-auto mb-4"
            v-html="icons.habiticaIcon"
-          ></div>
+          ></a>
        </div>
        <div class="header">
          <h2>{{ $t('passwordResetPage') }}</h2>
@@ -331,15 +353,6 @@
        </div>
      </div>
    </form>
-    <div
-      id="bottom-wrap"
-      :class="`bottom-wrap-${!registering ? 'login' : 'register'}`"
-    >
-      <div id="bottom-background">
-        <div class="seamless_mountains_demo_repeat"></div>
-        <div class="midground_foreground_extended2"></div>
-      </div>
-    </div>
  </div>
 </template>

@@ -355,31 +368,11 @@
 </style>

 <style lang="scss" scoped>
-  @import '~@/assets/scss/colors.scss';
-
-  @media only screen  and (min-height: 1080px) {
-    .bottom-wrap-register {
-      margin-top: 6em;
-      position: fixed !important;
-      width: 100%;
-      bottom: 0;
-    }
-  }
-
-  @media only screen  and (min-height: 862px) {
-    .bottom-wrap-login {
-      margin-top: 6em;
-      position: fixed !important;
-      width: 100%;
-      bottom: 0;
-    }
-  }
+  @import '@/assets/scss/colors.scss';
+  @import '@/assets/scss/forms.scss';
+  @import '@/assets/scss/privacy.scss';

  @media only screen and (max-width: 768px) {
-    #login-form {
-      width: 100% !important;
-    }
-
    .form-group {
      padding-left: .5em;
      padding-right: .5em;
@@ -390,28 +383,28 @@
    background-color: $purple-200;
    background: $purple-200; /* For browsers that do not support gradients */
    background: linear-gradient(to bottom, #4f2a93, #6133b4); /* Standard syntax */
-    min-height: 100vh;
  }

  ::-webkit-input-placeholder { /* Chrome/Opera/Safari */
-    color: $purple-400;
+    color: $purple-500;
  }
  ::-moz-placeholder { /* Firefox 19+ */
-    color: $purple-400;
+    color: $purple-500;
  }
  :-ms-input-placeholder { /* IE 10+ */
-    color: $purple-400;
+    color: $purple-500;
  }
  :-moz-placeholder { /* Firefox 18- */
-    color: $purple-400;
+    color: $purple-500;
  }
  ::placeholder { //  Standard browsers
-    color: $purple-400;
+    color: $purple-500;
  }

  #login-form, #forgot-form, #reset-password-set-new-one-form {
    margin: 0 auto;
-    width: 40em;
+    width: 448px;
+    height: 700px;
    padding-top: 5em;
    padding-bottom: 4em;
    position: relative;
@@ -419,39 +412,23 @@

    .header {
      h2 {
+        font-size: 24px;
        color: $white;
      }

-      color: $white;
-    }
-
-    .gryphon {
-      background-size: cover;
-      color: $white;
-      height: 69.4px;
-      margin: 0 auto;
-      width: 63.2px;
+      p {
+        line-height: 1.714;
+      }
    }

    .habitica-logo {
-      width: 175px;
-      height: 64px;
-      margin: 2em auto 0;
-      z-index: 0;
+      width: 145px;
    }

    label {
      color: $white;
      font-weight: bold;
-    }
-
-    input {
-      margin-bottom: 2em;
-      border-radius: 2px;
-      background-color: #432874;
-      border-color: transparent;
-      height: 50px;
-      color: $white;
+      line-height: 1.714;
    }

    .input-with-error.input-invalid {
@@ -491,7 +468,7 @@

  #top-background {
    .seamless_stars_varied_opacity_repeat {
-      background-image: url('~@/assets/images/auth/seamless_stars_varied_opacity.png');
+      background-image: url('@/assets/images/auth/seamless_stars_varied_opacity.png');
      background-repeat: repeat-x;
      position: absolute;
      height: 500px;
@@ -499,54 +476,10 @@
    }
  }

-  #bottom-wrap {
-    margin-top: 6em;
-    position: static;
-    width: 100%;
-    bottom: 0;
-  }
-
-  #bottom-background {
-    position: relative;
-
-    .seamless_mountains_demo_repeat {
-      background-image: url('~@/assets/images/auth/seamless_mountains_demo.png');
-      background-repeat: repeat-x;
-      width: 100%;
-      height: 300px;
-      position: absolute;
-      z-index: 0;
-      bottom: 0;
-    }
-
-    .midground_foreground_extended2 {
-      background-image: url('~@/assets/images/auth/midground_foreground_extended2.png');
-      position: relative;
-      width: 1500px;
-      max-width: 100%;
-      height: 150px;
-      margin: 0 auto;
-    }
-  }
-
-  .toggle-links {
-    margin-top: 1em;
-  }
-
-  .toggle-link {
-    color: $white !important;
-  }
-
  .forgot-password {
    color: #bda8ff !important;
  }

-  .input-error {
-    color: #fff;
-    font-size: 90%;
-    width: 100%;
-  }
-
  .warning-banner {
    color: $white;
    background-color: $maroon-100;
@@ -571,14 +504,13 @@
    text-align: center;
    overflow: hidden;
    white-space: nowrap;
-    margin-top: 1.5em;
-    margin-bottom: 1.5em;
  }

  .strike > span {
+    font-weight: 700;
    position: relative;
    display: inline-block;
-    line-height: 1.14;
+    line-height: 1.714;
    color: #fff;
  }

@@ -589,7 +521,7 @@
    top: 50%;
    width: 9999px;
    height: 1px;
-    background: #fff;
+    background: $purple-400;
  }

  .strike > span:before {
@@ -605,26 +537,24 @@

 <script>
 import axios from 'axios';
-import hello from 'hellojs';
 import debounce from 'lodash/debounce';
 import isEmail from 'validator/es/lib/isEmail';
-import { MINIMUM_PASSWORD_LENGTH } from '@/../../common/script/constants';
-import { buildAppleAuthUrl } from '../../libs/auth';
+import PrivacyBanner from '@/components/header/banners/privacy';
+import notifications from '@/mixins/notifications';
 import sanitizeRedirect from '@/mixins/sanitizeRedirect';
-import exclamation from '@/assets/svg/exclamation.svg';
-import gryphon from '@/assets/svg/gryphon.svg';
-import habiticaIcon from '@/assets/svg/logo-horizontal.svg';
-import googleIcon from '@/assets/svg/google.svg';
-import appleIcon from '@/assets/svg/apple_black.svg';
+import accountCreation from '@/mixins/accountCreation';
+import exclamation from '@/assets/svg/exclamation.svg?raw';
+import habiticaIcon from '@/assets/svg/habitica-logo.svg?raw';
+import googleIcon from '@/assets/svg/google.svg?raw';
+import appleIcon from '@/assets/svg/apple_black.svg?raw';

 export default {
-  mixins: [sanitizeRedirect],
+  components: {
+    PrivacyBanner,
+  },
+  mixins: [accountCreation, notifications, sanitizeRedirect],
  data () {
    const data = {
-      username: '',
-      email: '',
-      password: '',
-      passwordConfirm: '',
      forgotPassword: false,
      resetPasswordSetNewOneData: {
        hasError: null,
@@ -635,7 +565,6 @@ export default {

    data.icons = Object.freeze({
      exclamation,
-      gryphon,
      habiticaIcon,
      googleIcon,
      appleIcon,
@@ -656,14 +585,6 @@ export default {
      }
      return false;
    },
-    emailValid () {
-      if (this.email.length < 1) return false;
-      return isEmail(this.email);
-    },
-    emailInvalid () {
-      if (this.email.length < 1) return false;
-      return !this.emailValid;
-    },
    usernameValid () {
      if (this.username.length < 1) return false;
      return this.usernameIssues.length === 0;
@@ -672,28 +593,6 @@ export default {
      if (this.username.length < 1) return false;
      return !this.usernameValid;
    },
-    passwordValid () {
-      if (this.password.length <= 0) return false;
-      return this.password.length >= MINIMUM_PASSWORD_LENGTH;
-    },
-    passwordInvalid () {
-      if (this.password.length <= 0) return false;
-      return this.password.length < MINIMUM_PASSWORD_LENGTH;
-    },
-    passwordConfirmValid () {
-      if (this.passwordConfirm.length <= 3) return false;
-      return this.passwordConfirm === this.password;
-    },
-    passwordConfirmInvalid () {
-      if (this.passwordConfirm.length <= 3) return false;
-      return !this.passwordConfirmValid;
-    },
-    signupFormInvalid () {
-      return this.usernameInvalid
-        || this.emailInvalid
-        || this.passwordInvalid
-        || this.passwordConfirmInvalid;
-    },
  },
  watch: {
    $route: {
@@ -726,72 +625,16 @@ export default {
  },
  mounted () {
    this.forgotPassword = this.$route.path.startsWith('/forgot-password');
-
-    hello.init({
-      google: process.env.GOOGLE_CLIENT_ID, // eslint-disable-line
-    });
+    if (this.forgotPassword) {
+      if (this.$route.query.email) {
+        this.username = this.$route.query.email;
+      }
+    }
  },
  methods: {
-    // eslint-disable-next-line func-names
-    validateUsername: debounce(function (username) {
-      if (username.length <= 3 || !this.registering) {
-        return;
-      }
-      this.$store.dispatch('auth:verifyUsername', {
-        username: this.username,
-      }).then(res => {
-        if (res.issues !== undefined) {
-          this.usernameIssues = res.issues;
-        } else {
-          this.usernameIssues = [];
-        }
-      });
-    }, 500),
-    async register () {
-      // @TODO do not use alert
-      if (!this.email) {
-        window.alert(this.$t('missingEmail')); // eslint-disable-line no-alert
-        return;
-      }
-
-      if (this.password !== this.passwordConfirm) {
-        window.alert(this.$t('passwordConfirmationMatch')); // eslint-disable-line no-alert
-        return;
-      }
-
-      // @TODO: implement language and invite accepting
-      // var url = ApiUrl.get() + "/api/v4/user/auth/local/register";
-      // if (location.search && location.search.indexOf('Invite=') !== -1)
-      // { // matches groupInvite and partyInvite
-      //   url += location.search;
-      // }
-      //
-      // if($rootScope.selectedLanguage) {
-      //   var toAppend = url.indexOf('?') !== -1 ? '&' : '?';
-      //   url = url + toAppend + 'lang=' + $rootScope.selectedLanguage.code;
-      // }
-
-      await this.$store.dispatch('auth:register', {
-        username: this.username,
-        email: this.email,
-        password: this.password,
-        passwordConfirm: this.passwordConfirm,
-      });
-
-      const redirectTo = this.sanitizeRedirect(this.$route.query.redirectTo);
-
-      // @TODO do not reload entire page
-      // problem is that app.vue created hook should be called again
-      // after user is logged in / just signed up
-      // ALSO it's the only way to make sure language data
-      // is reloaded and correct for the logged in user
-      // Same situation in login and socialAuth functions
-      window.location.href = redirectTo;
-    },
    async login () {
      await this.$store.dispatch('auth:login', {
        username: this.username,
-        // email: this.email,
        password: this.password,
      });

@@ -799,31 +642,6 @@ export default {

      window.location.href = redirectTo;
    },
-    // @TODO: Abstract hello in to action or lib
-    async socialAuth (network) {
-      if (network === 'apple') {
-        window.location.href = buildAppleAuthUrl();
-      } else {
-        try {
-          await hello(network).logout();
-        } catch (e) {} // eslint-disable-line
-
-        const redirectUrl = `${window.location.protocol}//${window.location.host}`;
-        const auth = await hello(network).login({
-          scope: 'email',
-          // explicitly pass the redirect url or it might redirect to /home
-          redirect_uri: redirectUrl, // eslint-disable-line camelcase
-        });
-
-        await this.$store.dispatch('auth:socialAuth', {
-          auth,
-        });
-
-        const redirectTo = this.sanitizeRedirect(this.$route.query.redirectTo);
-
-        window.location.href = redirectTo;
-      }
-    },
    setTitle () {
      if (this.resetPasswordSetNewOne) {
        return;
@@ -838,7 +656,7 @@ export default {
    },
    handleSubmit () {
      if (this.registering) {
-        this.register();
+        this.proceed('local');
        return;
      }

@@ -894,6 +712,20 @@ export default {
      this.resetPasswordSetNewOneData.hasError = false;
      this.$router.push({ name: 'login' });
    },
+    validateUsername: debounce(function valUsername (username) {
+      const usernameIssues = [];
+      if (username.length > 0 && !isEmail(username)) {
+        if (username.length > 20) {
+          usernameIssues.push(this.$t('usernameIssueLength'));
+        }
+        const invalidCharsRegex = /[^a-z0-9_-]/i;
+        const match = username.match(invalidCharsRegex);
+        if (match !== null && match[0] !== null) {
+          usernameIssues.push(this.$t('usernameIssueInvalidCharacters'));
+        }
+      }
+      this.usernameIssues = usernameIssues;
+    }, 500),
  },
 };
 </script>
--- a/website/client/src/components/auth/registerUsername.vue
+++ b/website/client/src/components/auth/registerUsername.vue
@@ -0,0 +1,267 @@
+<template>
+  <div class="gradient-bg">
+    <div
+      id="privacy-tos"
+      class="w-100"
+    >
+      <privacy-banner
+        class="privacy-banner"
+      />
+      <div class="d-flex flex-column mx-auto pt-5 w-448px">
+        <img
+          class="mx-auto"
+          src="@/assets/images/home/signup-quill@2x.png"
+          width="120px"
+        >
+        <h1 class="mt-0 mb-3 white mx-auto">
+          {{ $t('whatToCallYou') }}
+        </h1>
+        <form
+          class="form mx-auto"
+          @submit.prevent.stop="register()"
+        >
+          <input
+            id="usernameInput"
+            v-model="username"
+            class="form-control dark"
+            type="text"
+            :placeholder="$t('username')"
+            :class="{
+              'mb-3': !usernameInvalid,
+              'input-valid': username && usernameValid,
+              'input-invalid mb-2': usernameInvalid,
+            }"
+          >
+          <!-- eslint-disable vue/require-v-for-key -->
+          <div
+            v-for="issue in usernameIssues"
+            class="input-error"
+          >
+            <!-- eslint-enable vue/require-v-for-key -->
+            {{ issue }}
+          </div>
+          <p class="purple-600">
+            {{ $t('usernameLimitations') }}
+          </p>
+          <div class="custom-control custom-checkbox mb-4">
+            <input
+              id="privacyTOS"
+              v-model="privacyAccepted"
+              class="custom-control-input dark"
+              type="checkbox"
+            >
+            <label
+              v-once
+              class="custom-control-label purple-600"
+              for="privacyTOS"
+              v-html="$t('acceptPrivacyTOS')"
+            ></label>
+          </div>
+          <button
+            class="btn btn-info d-block w-100 sign-up mx-auto mb-5"
+            :disabled="!username || usernameInvalid || !privacyAccepted"
+            type="submit"
+          >
+            {{ $t('getStarted') }}
+          </button>
+        </form>
+      </div>
+    </div>
+  </div>
+</template>
+
+<style lang="scss">
+  @import '@/assets/scss/colors.scss';
+
+  #privacy-tos {
+    position: relative;
+    z-index: 2;
+    width: 448px;
+    background-image: url('@/assets/images/auth/seamless_stars_varied_opacity.png');
+    background-repeat: repeat-x;
+
+    a {
+      color: $white;
+      font-weight: bold;
+      text-decoration: underline;
+    }
+
+    .privacy-banner a {
+      color: $purple-300;
+      font-weight: normal;
+      text-decoration: none;
+
+      &:hover {
+        text-decoration: underline;
+      }
+    }
+  }
+</style>
+
+<style lang="scss" scoped>
+  @import '@/assets/scss/colors.scss';
+  @import '@/assets/scss/privacy.scss';
+  @import '@/assets/scss/forms.scss';
+
+  p.purple-600 {
+    line-height: 1.714;
+  }
+
+  .custom-checkbox {
+    .custom-control-label::before {
+      border-radius: 2px;
+      margin-top: 2px;
+    }
+
+    .custom-control-input:checked~.custom-control-label::after {
+      margin-top: 2px;
+    }
+  }
+
+  .gradient-bg {
+    background: linear-gradient(to bottom, $purple-200, $purple-300);
+    height: 700px;
+  }
+
+  .input-error {
+    font-size: 90%;
+    width: 100%;
+    margin-bottom: 1em;
+  }
+
+  .sign-up {
+    border: 2px solid transparent;
+    box-shadow: 0 1px 3px 0 rgba($black, 0.16), 0 1px 3px 0 rgba($black, 0.24);
+
+    &:focus, &:active {
+      background-color: $blue-50;
+      border: 2px solid $purple-400;
+      box-shadow: 0 3px 6px 0 rgba($black, 0.16), 0 3px 6px 0 rgba($black, 0.24);
+    }
+  }
+
+  .w-448px {
+    width: 448px;
+  }
+</style>
+
+<script>
+import debounce from 'lodash/debounce';
+import PrivacyBanner from '@/components/header/banners/privacy';
+import sanitizeRedirect from '@/mixins/sanitizeRedirect';
+
+export default {
+  components: {
+    PrivacyBanner,
+  },
+  mixins: [sanitizeRedirect],
+  data () {
+    return {
+      authData: {},
+      email: '',
+      password: '',
+      passwordConfirm: '',
+      privacyAccepted: false,
+      registrationMethod: null,
+      username: '',
+      usernameIssues: [],
+    };
+  },
+  computed: {
+    usernameValid () {
+      if (this.username?.length < 1) return false;
+      return this.usernameIssues.length === 0;
+    },
+    usernameInvalid () {
+      if (this.username?.length < 1) return false;
+      return !this.usernameValid;
+    },
+  },
+  watch: {
+    username () {
+      this.validateUsername(this.username || '');
+    },
+  },
+  mounted () {
+    if (window.sessionStorage.getItem('apple-token')) {
+      this.registrationMethod = 'apple';
+    } else if (!this.$store.state.registrationOptions.registrationMethod) {
+      this.$router.push('/');
+    } else {
+      this.registrationMethod = this.$store.state.registrationOptions.registrationMethod;
+    }
+    this.authData = this.$store.state.registrationOptions.authData;
+    this.email = this.$store.state.registrationOptions.email;
+    this.username = this.$store.state.registrationOptions.username;
+    this.password = this.$store.state.registrationOptions.password;
+    this.passwordConfirm = this.$store.state.registrationOptions.passwordConfirm;
+
+    if (!this.email) {
+      return;
+    }
+    const usernameToCheck = this.email.split('@')[0].replace(/[^a-zA-Z0-9\-_]/g, '');
+    this.$store.dispatch('auth:verifyUsername', {
+      username: usernameToCheck,
+    }).then(res => {
+      if (!res.issues) {
+        this.username = usernameToCheck;
+      }
+    });
+    document.getElementById('usernameInput').focus();
+  },
+  methods: {
+    async register () {
+      if (this.registrationMethod === 'local') {
+        let groupInvite = '';
+        if (this.$route.query && this.$route.query.p) {
+          groupInvite = this.$route.query.p;
+        }
+
+        if (this.$route.query && this.$route.query.groupInvite) {
+          groupInvite = this.$route.query.groupInvite;
+        }
+
+        await this.$store.dispatch('auth:register', {
+          username: this.username,
+          email: this.email,
+          password: this.password,
+          passwordConfirm: this.passwordConfirm,
+          groupInvite,
+        });
+
+        const redirect = this.sanitizeRedirect(this.$route.query.redirectTo);
+
+        window.location.href = redirect;
+      } else if (this.registrationMethod === 'apple') {
+        await this.$store.dispatch('auth:appleAuth', {
+          idToken: window.sessionStorage.getItem('apple-token'),
+          name: window.sessionStorage.getItem('apple-name'),
+          username: this.username,
+          allowRegister: true,
+        });
+      } else {
+        await this.$store.dispatch('auth:socialAuth', {
+          auth: this.authData,
+          username: this.username,
+        });
+      }
+      window.location.href = '/';
+    },
+    // eslint-disable-next-line func-names
+    validateUsername: debounce(function (username) {
+      if (username.length < 1) {
+        return;
+      }
+      this.$store.dispatch('auth:verifyUsername', {
+        username: this.username,
+      }).then(res => {
+        if (res.issues !== undefined) {
+          this.usernameIssues = res.issues;
+        } else {
+          this.usernameIssues = [];
+        }
+      });
+    }, 500),
+  },
+};
+</script>
--- a/website/client/src/components/avatar.vue
+++ b/website/client/src/components/avatar.vue
@@ -97,7 +97,7 @@
 </template>

 <style lang="scss" scoped>
-  @import '~@/assets/scss/colors.scss';
+  @import '@/assets/scss/colors.scss';

  .avatar {
    width: 141px;
@@ -155,7 +155,6 @@
 </style>

 <script>
-import some from 'lodash/some';
 import moment from 'moment';
 import { mapState } from '@/libs/store';
 import foolPet from '../mixins/foolPet';
@@ -203,11 +202,11 @@ export default {
    },
    width: {
      type: String,
-      default: '140px',
+      default: '141px',
    },
    height: {
      type: String,
-      default: undefined,
+      default: '147px',
    },
    centerAvatar: {
      type: Boolean,
@@ -322,11 +321,10 @@ export default {
      return null;
    },
    petClass () {
-      if (some(
-        this.currentEventList,
-        event => moment().isBetween(event.start, event.end) && event.aprilFools && event.aprilFools === 'Fungi',
-      )) {
-        return this.foolPet(this.member.items.currentPet);
+      const foolEvent = this.currentEventList?.find(event => event.aprilFools && moment()
+        .isBetween(event.start, event.end));
+      if (foolEvent) {
+        return this.foolPet(this.member.items.currentPet, foolEvent.aprilFools);
      }
      if (this.member?.items.currentPet) return `Pet-${this.member.items.currentPet}`;
      return '';
--- a/website/client/src/components/avatarModal/customize-banner.vue
+++ b/website/client/src/components/avatarModal/customize-banner.vue
@@ -27,7 +27,7 @@
 </template>

 <style lang="scss" scoped>
-  @import '~@/assets/scss/colors.scss';
+  @import '@/assets/scss/colors.scss';

  .bottom-banner {
    background: linear-gradient(114.26deg, $purple-300 0%, $purple-200 100%);
@@ -55,7 +55,7 @@
 </style>

 <script>
-import sparkles from '@/assets/svg/sparkles-left.svg';
+import sparkles from '@/assets/svg/sparkles-left.svg?raw';

 export default {
  data () {
--- a/website/client/src/components/avatarModal/customize-options.vue
+++ b/website/client/src/components/avatarModal/customize-options.vue
@@ -5,8 +5,8 @@
  >
    <div
      v-for="option in items"
-      :key="option.key"
      :id="option.imageName"
+      :key="option.key"
      class="outer-option-background"
      :class="{
        premium: Boolean(option.gem),
@@ -28,23 +28,22 @@
          v-if="!option.none"
          class="sprite"
          :prefix="option.isGear ? 'shop' : 'icon'"
-          :imageName="option.imageName"
          :image-name="option.imageName"
        />
-          <div
-            v-else
-            class="redline-outer"
-          >
-            <div class="redline"></div>
-          </div>
+        <div
+          v-else
+          class="redline-outer"
+        >
+          <div class="redline"></div>
+        </div>
      </div>
    </div>
  </div>
 </template>

 <script>
-import gem from '@/assets/svg/gem.svg';
-import gold from '@/assets/svg/gold.svg';
+import gem from '@/assets/svg/gem.svg?raw';
+import gold from '@/assets/svg/gold.svg?raw';
 import { avatarEditorUtilities } from '../../mixins/avatarEditUtilities';
 import Sprite from '@/components/ui/sprite.vue';

@@ -73,7 +72,7 @@ export default {
 </script>

 <style lang="scss" scoped>
-  @import '~@/assets/scss/colors.scss';
+  @import '@/assets/scss/colors.scss';

  .customize-options {
    width: 100%;
--- a/Show More
+++ b/Show More