Fix news related permission issues

2026-04-21 19:38:58 -05:00 · 2024-08-01 15:24:19 +02:00
1455 changed files with 48345 additions and 70243 deletions
@@ -9,4 +9,4 @@
      }
    ]
  ]
-}
+}
@@ -7,14 +7,5 @@ module.exports = {
  rules: {
    'prefer-regex-literals': 'warn',
    'import/no-extraneous-dependencies': 'off',
-    'require-await': 'error',
  },
-  overrides: [
-    {
-      files: ['migrations/**', 'gulp/**'], // Or *.test.js
-      rules: {
-        'require-await': 'off',
-      },
-    },
-  ],
 };
@@ -1,13 +1,6 @@
 name: Test

-on:
-  push:
-    branches-ignore:
-    - 'phillip/**'
-    - 'sabrecat/**'
-    - 'kalista/**'
-    - 'natalie/**'
-  pull_request:
+on: [push, pull_request]

 permissions:
  contents: read
@@ -26,8 +19,7 @@ jobs:
      uses: actions/setup-node@v4
      with:
        node-version: ${{ matrix.node-version }}
-    - run: sudo apt update
-    - run: sudo apt -y install libkrb5-dev
+    - run: sudo apt-get -y install libkrb5-dev
    - run: cp config.json.example config.json
    - name: npm install
      run: |
@@ -49,8 +41,7 @@ jobs:
      uses: actions/setup-node@v4
      with:
        node-version: ${{ matrix.node-version }}
-    - run: sudo apt update
-    - run: sudo apt -y install libkrb5-dev
+    - run: sudo apt-get -y install libkrb5-dev
    - run: cp config.json.example config.json
    - name: npm install
      run: |
@@ -72,8 +63,7 @@ jobs:
      uses: actions/setup-node@v4
      with:
        node-version: ${{ matrix.node-version }}
-    - run: sudo apt update
-    - run: sudo apt -y install libkrb5-dev
+    - run: sudo apt-get -y install libkrb5-dev
    - run: cp config.json.example config.json
    - name: npm install
      run: |
@@ -82,7 +72,7 @@ jobs:
        CI: true
        NODE_ENV: test
    - run: npm run test:sanity
-
+  
  common:
    runs-on: ubuntu-latest
    strategy:
@@ -96,8 +86,7 @@ jobs:
      uses: actions/setup-node@v4
      with:
        node-version: ${{ matrix.node-version }}
-    - run: sudo apt update
-    - run: sudo apt -y install libkrb5-dev
+    - run: sudo apt-get -y install libkrb5-dev
    - run: cp config.json.example config.json
    - name: npm install
      run: |
@@ -119,8 +108,7 @@ jobs:
      uses: actions/setup-node@v4
      with:
        node-version: ${{ matrix.node-version }}
-    - run: sudo apt update
-    - run: sudo apt -y install libkrb5-dev
+    - run: sudo apt-get -y install libkrb5-dev
    - run: cp config.json.example config.json
    - name: npm install
      run: |
@@ -129,13 +117,13 @@ jobs:
        CI: true
        NODE_ENV: test
    - run: npm run test:content
-
+  
  api-unit:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [21.x]
-        mongodb-version: [7.0]
+        mongodb-version: [4.2]
    steps:
    - uses: actions/checkout@v4
      with:
@@ -144,15 +132,12 @@ jobs:
      uses: actions/setup-node@v4
      with:
        node-version: ${{ matrix.node-version }}
-
    - name: Start MongoDB ${{ matrix.mongodb-version }} Replica Set
-      uses: supercharge/mongodb-github-action@1.11.0
+      uses: supercharge/mongodb-github-action@1.3.0
      with:
        mongodb-version: ${{ matrix.mongodb-version }}
        mongodb-replica-set: rs
-
-    - run: sudo apt update
-    - run: sudo apt -y install libkrb5-dev
+    - run: sudo apt-get -y install libkrb5-dev
    - run: cp config.json.example config.json
    - name: npm install
      run: |
@@ -160,17 +145,15 @@ jobs:
      env:
        CI: true
        NODE_ENV: test
-
    - run: npm run test:api:unit
      env:
        REQUIRES_SERVER=true: true
-
  api-v3-integration:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [21.x]
-        mongodb-version: [7.0]
+        mongodb-version: [4.2]
    steps:
    - uses: actions/checkout@v4
      with:
@@ -180,13 +163,11 @@ jobs:
      with:
        node-version: ${{ matrix.node-version }}
    - name: Start MongoDB ${{ matrix.mongodb-version }} Replica Set
-      uses: supercharge/mongodb-github-action@1.11.0
+      uses: supercharge/mongodb-github-action@1.3.0
      with:
        mongodb-version: ${{ matrix.mongodb-version }}
        mongodb-replica-set: rs
-
-    - run: sudo apt update
-    - run: sudo apt -y install libkrb5-dev
+    - run: sudo apt-get -y install libkrb5-dev
    - run: cp config.json.example config.json
    - name: npm install
      run: |
@@ -194,18 +175,15 @@ jobs:
      env:
        CI: true
        NODE_ENV: test
-
    - run: npm run test:api-v3:integration
      env:
        REQUIRES_SERVER=true: true
-
  api-v4-integration:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [21.x]
-        mongodb-version: [7.0]
-
+        mongodb-version: [4.2]
    steps:
    - uses: actions/checkout@v4
      with:
@@ -215,13 +193,11 @@ jobs:
      with:
        node-version: ${{ matrix.node-version }}
    - name: Start MongoDB ${{ matrix.mongodb-version }} Replica Set
-      uses: supercharge/mongodb-github-action@1.11.0
+      uses: supercharge/mongodb-github-action@1.3.0
      with:
        mongodb-version: ${{ matrix.mongodb-version }}
        mongodb-replica-set: rs
-
-    - run: sudo apt update
-    - run: sudo apt -y install libkrb5-dev
+    - run: sudo apt-get -y install libkrb5-dev
    - run: cp config.json.example config.json
    - name: npm install
      run: |
@@ -229,7 +205,6 @@ jobs:
      env:
        CI: true
        NODE_ENV: test
-
    - run: npm run test:api-v4:integration
      env:
        REQUIRES_SERVER=true: true
@@ -247,8 +222,7 @@ jobs:
      uses: actions/setup-node@v4
      with:
        node-version: ${{ matrix.node-version }}
-    - run: sudo apt update
-    - run: sudo apt -y install libkrb5-dev
+    - run: sudo apt-get -y install libkrb5-dev
    - run: cp config.json.example config.json
    - name: npm install
      run: |
@@ -272,8 +246,7 @@ jobs:
      uses: actions/setup-node@v4
      with:
        node-version: ${{ matrix.node-version }}
-    - run: sudo apt update
-    - run: sudo apt -y install libkrb5-dev
+    - run: sudo apt-get -y install libkrb5-dev
    - run: cp config.json.example config.json
    - name: npm install
      run: |
@@ -47,5 +47,5 @@ webpack.webstorm.config

 # mongodb replica set for local dev
 mongodb-*.tgz
-/mongodb-*
+/mongodb-data
 /.nyc_output
@@ -1,25 +0,0 @@
-#!/bin/bash
-
-DEVELOPER="someone"
-if git rev-parse --git-dir > /dev/null 2>&1; then
-    DEVELOPERS=$(git log -5 --pretty=format:'%an')
-    IFS=$'\n'
-    DEVELOPER=""
-    for dev in $DEVELOPERS
-    do
-        if [ "$DEVELOPER" == "someone" ]; then
-            if [[ ${dev} != *"[bot]"* ]]; then
-                DEVELOPER=$dev
-                continue
-            fi
-            continue
-        fi
-    done
-fi
-
-PARTS=$(cut -d"." -f1 <<< $BASE_URL)
-SERVER_NAME=$(cut -d"/" -f3 <<< ${PARTS[0]})
-
-SERVER_NAME=":$SERVER_EMOJI: $SERVER_NAME"
-
-wget $SLACK_DEPLOY_URL --post-data="{\"server_name\": \"$SERVER_NAME\", \"developer\": \"$DEVELOPER\", \"base_url\": \"$BASE_URL\"}" -O /dev/null
@@ -2,4 +2,4 @@

 This webpage includes the documentation for version 3 of the [Habitica](https://habitica.com) API.

-If you're developing a 3rd party tool that uses the Habitica API, read the [API Usage Guidelines](https://github.com/HabitRPG/habitica/wiki/API-Usage-Guidelines), which describe how to be a responsible user of our server resources!
+If you're developing a 3rd party tool that uses the Habitica API you should read the [Guidance for Comrades](https://habitica.fandom.com/wiki/Guidance_for_Comrades) and in particular the section called [Rules for Third-Party Tools](https://habitica.fandom.com/wiki/Guidance_for_Comrades#Rules_for_Third-Party_Tools) which includes suggestions on how to best use the API and the rules to follow when interacting with it.
@@ -8,26 +8,18 @@
  "AMAZON_PAYMENTS_SELLER_ID": "SELLER_ID",
  "AMPLITUDE_KEY": "AMPLITUDE_KEY",
  "AMPLITUDE_SECRET": "AMPLITUDE_SECRET",
-  "APPLE_AUTH_CLIENT_ID": "",
-  "APPLE_AUTH_KEY_ID": "",
-  "APPLE_AUTH_PRIVATE_KEY": "",
-  "APPLE_TEAM_ID": "",
  "BASE_URL": "http://localhost:3000",
-  "BLOCKED_IPS": "",
-  "CONTENT_SWITCHOVER_TIME_OFFSET": 8,
  "CRON_SAFE_MODE": "false",
  "CRON_SEMI_SAFE_MODE": "false",
-  "DEBUG_ENABLED": "false",
  "DISABLE_REQUEST_LOGGING": "true",
-  "EMAIL_SERVER_AUTH_PASSWORD": "password",
-  "EMAIL_SERVER_AUTH_USER": "user",
-  "EMAIL_SERVER_URL": "http://example.com",
  "EMAILS_COMMUNITY_MANAGER_EMAIL": "admin@habitica.com",
  "EMAILS_PRESS_ENQUIRY_EMAIL": "admin@habitica.com",
  "EMAILS_TECH_ASSISTANCE_EMAIL": "admin@habitica.com",
+  "EMAIL_SERVER_AUTH_PASSWORD": "password",
+  "EMAIL_SERVER_AUTH_USER": "user",
+  "EMAIL_SERVER_URL": "http://example.com",
  "ENABLE_CONSOLE_LOGS_IN_PROD": "false",
  "ENABLE_CONSOLE_LOGS_IN_TEST": "false",
-  "ENABLE_STACKDRIVER_TRACING": "false",
  "FACEBOOK_KEY": "123456789012345",
  "FACEBOOK_SECRET": "aaaabbbbccccddddeeeeffff00001111",
  "FLAG_REPORT_EMAIL": "email@example.com, email2@example.com",
@@ -37,16 +29,14 @@
  "IAP_GOOGLE_KEYDIR": "/path/to/google/public/key/dir/",
  "IGNORE_REDIRECT": "true",
  "ITUNES_SHARED_SECRET": "aaaabbbbccccddddeeeeffff00001111",
-  "LIVELINESS_PROBE_KEY": "",
-  "LOG_AMPLITUDE_EVENTS": "false",
-  "LOG_REQUESTS_EXCESSIVE_MODE": "false",
  "LOGGLY_CLIENT_TOKEN": "token",
  "LOGGLY_SUBDOMAIN": "example-subdomain",
  "LOGGLY_TOKEN": "example-token",
+  "LOG_REQUESTS_EXCESSIVE_MODE": "false",
  "MAINTENANCE_MODE": "false",
+  "NODE_DB_URI": "mongodb://localhost:27017/habitica-dev?replicaSet=rs",
+  "TEST_DB_URI": "mongodb://localhost:27017/habitica-test?replicaSet=rs",
  "MONGODB_POOL_SIZE": "10",
-  "MONGODB_SOCKET_TIMEOUT": "20000",
-  "NODE_DB_URI": "mongodb://localhost:27017/habitica-dev?replicaSet=rs&directConnection=true&readPreference=secondary",
  "NODE_ENV": "development",
  "PATH": "bin:node_modules/.bin:/usr/local/bin:/usr/bin:/bin",
  "PAYPAL_BILLING_PLANS_basic_12mo": "basic_12mo",
@@ -64,33 +54,43 @@
  "PLAY_API_REFRESH_TOKEN": "aaaabbbbccccddddeeeeffff00001111",
  "PORT": 3000,
  "PUSH_CONFIGS_APN_ENABLED": "false",
-  "PUSH_CONFIGS_APN_KEY_ID": "xxxxxxxxxx",
  "PUSH_CONFIGS_APN_KEY": "xxxxxxxxxx",
+  "PUSH_CONFIGS_APN_KEY_ID": "xxxxxxxxxx",
  "PUSH_CONFIGS_APN_TEAM_ID": "aaabbbcccd",
  "PUSH_CONFIGS_FCM_SERVER_API_KEY": "aaabbbcccd",
-  "RATE_LIMITER_ENABLED": "false",
-  "REDIS_HOST": "aaabbbcccdddeeefff",
-  "REDIS_PASSWORD": "12345678",
-  "REDIS_PORT": "1234",
  "S3_ACCESS_KEY_ID": "accessKeyId",
  "S3_BUCKET": "bucket",
  "S3_SECRET_ACCESS_KEY": "secretAccessKey",
-  "SESSION_SECRET_KEY": "1234567891234567891234567891234567891234567891234567891234567891",
  "SESSION_SECRET": "YOUR SECRET HERE",
+  "SESSION_SECRET_IV": "12345678912345678912345678912345",
+  "SESSION_SECRET_KEY": "1234567891234567891234567891234567891234567891234567891234567891",
  "SITE_HTTP_AUTH_ENABLED": "false",
  "SITE_HTTP_AUTH_PASSWORDS": "password,wordpass,passkey",
  "SITE_HTTP_AUTH_USERNAMES": "admin,tester,contributor",
-  "SKIP_SSL_CHECK_KEY": "key",
  "SLACK_FLAGGING_FOOTER_LINK": "https://habitrpg.github.io/flag-o-rama/",
  "SLACK_FLAGGING_URL": "https://hooks.slack.com/services/id/id/id",
  "SLACK_SUBSCRIPTIONS_URL": "https://hooks.slack.com/services/id/id/id",
  "SLACK_URL": "https://hooks.slack.com/services/some-url",
-  "SLOW_REQUEST_THRESHOLD": 1000,
  "STRIPE_API_KEY": "aaaabbbbccccddddeeeeffff00001111",
  "STRIPE_PUB_KEY": "22223333444455556666777788889999",
  "STRIPE_WEBHOOKS_ENDPOINT_SECRET": "111111",
-  "TEST_DB_URI": "mongodb://localhost:27017/habitica-test?replicaSet=rs&directConnection=true&readPreference=secondary",
-  "TIME_TRAVEL_ENABLED": "false",
+  "TRANSIFEX_SLACK_CHANNEL": "transifex",
+  "WEB_CONCURRENCY": 1,
+  "SKIP_SSL_CHECK_KEY": "key",
+  "ENABLE_STACKDRIVER_TRACING": "false",
+  "APPLE_AUTH_PRIVATE_KEY": "",
+  "APPLE_TEAM_ID": "",
+  "APPLE_AUTH_CLIENT_ID": "",
+  "APPLE_AUTH_KEY_ID": "",
+  "BLOCKED_IPS": "",
+  "LOG_AMPLITUDE_EVENTS": "false",
+  "RATE_LIMITER_ENABLED": "false",
+  "LIVELINESS_PROBE_KEY": "",
+  "REDIS_HOST": "aaabbbcccdddeeefff",
+  "REDIS_PORT": "1234",
+  "REDIS_PASSWORD": "12345678",
  "TRUSTED_DOMAINS": "localhost,https://habitica.com",
-  "WEB_CONCURRENCY": 1
+  "TIME_TRAVEL_ENABLED": "false",
+  "DEBUG_ENABLED": "false",
+  "CONTENT_SWITCHOVER_TIME_OFFSET": 8
 }
@@ -0,0 +1,43 @@
+services:
+  client:
+    build:
+      context: .
+      dockerfile: ./Dockerfile-Dev
+    command: ["npm", "run", "client:dev"]
+    depends_on:
+      - server
+    environment:
+      - BASE_URL=http://server:3000
+    networks:
+      - habitica
+    ports:
+      - "8080:8080"
+    volumes:
+      - .:/usr/src/habitica
+      - /usr/src/habitica/node_modules
+      - /usr/src/habitica/website/client/node_modules
+  server:
+    build:
+      context: .
+      dockerfile: ./Dockerfile-Dev
+    command: ["npm", "start"]
+    depends_on:
+      - mongo
+    environment:
+      - NODE_DB_URI=mongodb://mongo/habitrpg
+    networks:
+      - habitica
+    ports:
+      - "3000:3000"
+    volumes:
+      - .:/usr/src/habitica
+      - /usr/src/habitica/node_modules
+  mongo:
+    image: mongo:3.6
+    networks:
+      - habitica
+    ports:
+      - "27017:27017"
+networks:
+  habitica:
+    driver: bridge
@@ -1,24 +0,0 @@
-networks:
-  mongodb-network:
-    name: "mongodb-network"
-    driver: bridge
-services:
-  mongodb:
-    image: "mongo:7.0"
-    container_name: "habitica-mongodb-only"
-    networks:
-      - mongodb-network
-    hostname: "mongodb"
-    ports:
-      - "27017:27017"
-    restart: "unless-stopped"
-    volumes:
-      - "./mongodb-data-docker:/data/db"
-    entrypoint: [ "/usr/bin/mongod", "--bind_ip_all", "--replSet", "rs" ]
-    healthcheck:
-      test: echo "try { rs.status() } catch (err) { rs.initiate() }" | mongosh --port 27017 --quiet
-      interval: 10s
-      timeout: 30s
-      start_period: 0s
-      retries: 30
-  
@@ -1,23 +0,0 @@
-networks:
-  mongodb-network:
-    name: "mongodb-network"
-    driver: bridge
-services:
-  mongodb:
-    image: "mongo:7.0"
-    container_name: "habitica-mongodb-test"
-    networks:
-      - mongodb-network
-    hostname: "mongodb"
-    ports:
-      - "27017:27017"
-    restart: "unless-stopped"
-    volumes:
-      - "./mongodb-data-docker-testing:/data/db"
-    entrypoint: [ "/usr/bin/mongod", "--bind_ip_all", "--replSet", "rs" ]
-    healthcheck:
-      test: echo "try { rs.status() } catch (err) { rs.initiate() }" | mongosh --port 27017 --quiet
-      interval: 10s
-      timeout: 30s
-      start_period: 0s
-      retries: 30
@@ -1,56 +1,35 @@
+version: "3"
 services:
+
  client:
-    build:
-      context: .
-      dockerfile: ./Dockerfile-Dev
-    command: ["npm", "run", "client:dev:docker"]
-    depends_on:
-      - server
+    build: .
+    networks:
+      - habitica
    environment:
      - BASE_URL=http://server:3000
-    networks:
-      - habitica
    ports:
-      - "5173:5173"
-    volumes:
-      - .:/usr/src/habitica
-      - /usr/src/habitica/node_modules
-      - /usr/src/habitica/website/client/node_modules
-  server:
-    build:
-      context: .
-      dockerfile: ./Dockerfile-Dev
-    command: ["npm", "start"]
+        - "8080:8080"
+    command: ["npm", "run", "client:dev"]
    depends_on:
-      mongo:
-        condition: service_healthy
-    environment:
-      - NODE_DB_URI=mongodb://mongo/habitrpg
-    networks:
-      - habitica
+      - server
+
+  server:
+    build: .
    ports:
      - "3000:3000"
-    volumes:
-      - .:/usr/src/habitica
-      - /usr/src/habitica/node_modules
-  mongo:
-    image: "mongo:7.0"
-    container_name: "habitica-mongodb"
    networks:
      - habitica
-    hostname: "mongodb"
+    environment:
+      - NODE_DB_URI=mongodb://mongo/habitrpg
+    depends_on:
+      - mongo
+
+  mongo:
+    image: mongo:3.6
    ports:
      - "27017:27017"
-    restart: "unless-stopped"
-    volumes:
-      - "./mongodb-data-docker:/data/db"
-    entrypoint: [ "/usr/bin/mongod", "--bind_ip_all", "--replSet", "rs" ]
-    healthcheck:
-      test: echo "try { rs.status() } catch (err) { rs.initiate() }" | mongosh --port 27017 --quiet
-      interval: 10s
-      timeout: 30s
-      start_period: 0s
-      retries: 30
+    networks:
+      - habitica

 networks:
  habitica:
@@ -5,7 +5,7 @@ import path from 'path';
 import babel from 'gulp-babel';
 import os from 'os';
 import fs from 'fs';
-import spawn from 'cross-spawn';
+import spawn from 'cross-spawn'; // eslint-disable-line import/no-extraneous-dependencies
 import clean from 'rimraf';

 gulp.task('build:babel:server', () => gulp.src('website/server/**/*.js')
@@ -35,7 +35,7 @@ gulp.task('build:prod', gulp.series(
 // When used on windows `run-rs` must first be run without the `--keep` option
 // in order to be setup correctly, afterwards it can be used.

-const MONGO_PATH = path.join(__dirname, '/../mongodb-data-docker/');
+const MONGO_PATH = path.join(__dirname, '/../mongodb-data/');

 gulp.task('build:prepare-mongo', async () => {
  if (fs.existsSync(MONGO_PATH)) {
@@ -51,32 +51,29 @@ gulp.task('build:prepare-mongo', async () => {
  console.log('MongoDB data folder is missing, setting up.'); // eslint-disable-line no-console

  // use run-rs without --keep, kill it as soon as the replica set starts
-  const dockerMongoProcess = spawn('npm', ['run', 'docker:mongo:dev']);
+  const runRsProcess = spawn('run-rs', ['-v', '4.1.1', '-l', 'ubuntu1804', '--dbpath', 'mongodb-data', '--number', '1', '--quiet']);

-  let manuallyStopped = false;
-
-  for await (const chunk of dockerMongoProcess.stdout) {
+  for await (const chunk of runRsProcess.stdout) {
    const stringChunk = chunk.toString();
    console.log(stringChunk); // eslint-disable-line no-console
    // kills the process after the replica set is setup
-    if (stringChunk.includes('mongod startup complete')) {
+    if (stringChunk.includes('Started replica set')) {
      console.log('MongoDB setup correctly.'); // eslint-disable-line no-console
-      dockerMongoProcess.kill();
-      manuallyStopped = true;
+      runRsProcess.kill();
    }
  }

  let error = '';
-  for await (const chunk of dockerMongoProcess.stderr) {
+  for await (const chunk of runRsProcess.stderr) {
    const stringChunk = chunk.toString();
    error += stringChunk;
  }

  const exitCode = await new Promise(resolve => {
-    dockerMongoProcess.on('close', resolve);
+    runRsProcess.on('close', resolve);
  });

-  if (!manuallyStopped && (exitCode || error.length > 0)) {
+  if (exitCode || error.length > 0) {
    // remove any leftover files
    clean.sync(MONGO_PATH);

@@ -6,21 +6,9 @@ gulp.task('cache:content', done => {
  // Requiring at runtime because these files access `common`
  // code which in production works only if transpiled so after
  // gulp build:babel:common has run
-  const {
-    CONTENT_CACHE_PATH,
-    getLocalizedContentResponse,
-    IOS_FILTER,
-    ANDROID_FILTER,
-    buildFilterObject,
-    hashForFilter,
-  } = require('../website/server/libs/content'); // eslint-disable-line global-require
+  const { CONTENT_CACHE_PATH, getLocalizedContentResponse } = require('../website/server/libs/content'); // eslint-disable-line global-require
  const { langCodes } = require('../website/server/libs/i18n'); // eslint-disable-line global-require

-  const iosHash = hashForFilter(IOS_FILTER);
-  const iosFilterObj = buildFilterObject(IOS_FILTER);
-  const androidHash = hashForFilter(ANDROID_FILTER);
-  const androidFilterObj = buildFilterObject(ANDROID_FILTER);
-
  try {
    // create the cache folder (if it doesn't exist)
    try {
@@ -38,18 +26,6 @@ gulp.task('cache:content', done => {
        getLocalizedContentResponse(langCode),
        'utf8',
      );
-
-      fs.writeFileSync(
-        `${CONTENT_CACHE_PATH}${langCode}${iosHash}.json`,
-        getLocalizedContentResponse(langCode, iosFilterObj),
-        'utf8',
-      );
-
-      fs.writeFileSync(
-        `${CONTENT_CACHE_PATH}${langCode}${androidHash}.json`,
-        getLocalizedContentResponse(langCode, androidFilterObj),
-        'utf8',
-      );
    });
    done();
  } catch (err) {
@@ -57,37 +33,26 @@ gulp.task('cache:content', done => {
  }
 });

-function safeMkdir (path) {
-  try {
-    fs.mkdirSync(path);
-  } catch (err) {
-    if (err.code !== 'EEXIST') throw err;
-  }
-}
-
 gulp.task('cache:i18n', done => {
  // Requiring at runtime because these files access `common`
  // code which in production works only if transpiled so after
  // gulp build:babel:common has run
-  const { BROWSER_SCRIPT_CACHE_PATH, geti18nCoreBrowserScript, geti18nContentBrowserScript } = require('../website/server/libs/i18n'); // eslint-disable-line global-require
+  const { BROWSER_SCRIPT_CACHE_PATH, geti18nBrowserScript } = require('../website/server/libs/i18n'); // eslint-disable-line global-require
  const { langCodes } = require('../website/server/libs/i18n'); // eslint-disable-line global-require

  try {
-    // create the cache folders (if they doesn't exist)
-    safeMkdir(BROWSER_SCRIPT_CACHE_PATH);
-    safeMkdir(`${BROWSER_SCRIPT_CACHE_PATH}core/`);
-    safeMkdir(`${BROWSER_SCRIPT_CACHE_PATH}content/`);
+    // create the cache folder (if it doesn't exist)
+    try {
+      fs.mkdirSync(BROWSER_SCRIPT_CACHE_PATH);
+    } catch (err) {
+      if (err.code !== 'EEXIST') throw err;
+    }

    // create and save the i18n browser script for each language
    langCodes.forEach(languageCode => {
      fs.writeFileSync(
-        `${BROWSER_SCRIPT_CACHE_PATH}core/${languageCode}.js`,
-        geti18nCoreBrowserScript(languageCode),
-        'utf8',
-      );
-      fs.writeFileSync(
-        `${BROWSER_SCRIPT_CACHE_PATH}content/${languageCode}.js`,
-        geti18nContentBrowserScript(languageCode),
+        `${BROWSER_SCRIPT_CACHE_PATH}${languageCode}.js`,
+        geti18nBrowserScript(languageCode),
        'utf8',
      );
    });
@@ -64,15 +64,6 @@ function filterFile (file) {
  if (file.relative.indexOf('icon_background') === 0) {
    return false;
  }
-  if (file.relative.indexOf('notif_') === 0) {
-    return false;
-  }
-  if (file.relative.indexOf('quest_') === 0) {
-    return false;
-  }
-  if (file.relative.indexOf('inventory_quest_') === 0) {
-    return false;
-  }
  return true;
 }

@@ -0,0 +1,11 @@
+import gulp from 'gulp';
+import nodemon from 'gulp-nodemon';
+
+import pkg from '../package.json';
+
+gulp.task('nodemon', done => {
+  nodemon({
+    script: pkg.main,
+  });
+  done();
+});
@@ -49,15 +49,16 @@ function integrationTestCommand (testDir) {
 }

 /* Test task definitions */
+gulp.task('test:nodemon', gulp.series(done => {
+  process.env.PORT = TEST_SERVER_PORT; // eslint-disable-line no-process-env
+  process.env.NODE_DB_URI = TEST_DB_URI; // eslint-disable-line no-process-env
+  done();
+}, 'nodemon'));
+
 gulp.task('test:prepare:mongo', cb => {
  const mongooseOptions = getDefaultConnectionOptions();
  const connectionUrl = getDevelopmentConnectionUrl(TEST_DB_URI);

-  console.info({
-    mongooseOptions,
-    connectionUrl,
-  });
-
  mongoose.connect(connectionUrl, mongooseOptions)
    .then(() => mongoose.connection.dropDatabase())
    .then(() => mongoose.connection.close()).then(() => {
@@ -21,6 +21,7 @@ if (process.env.NODE_ENV === 'production') { // eslint-disable-line no-process-e
  require('./gulp/gulp-build'); // eslint-disable-line global-require
  require('./gulp/gulp-console'); // eslint-disable-line global-require
  require('./gulp/gulp-sprites'); // eslint-disable-line global-require
+  require('./gulp/gulp-start'); // eslint-disable-line global-require
  require('./gulp/gulp-tests'); // eslint-disable-line global-require
  require('./gulp/gulp-transifex-test'); // eslint-disable-line global-require
  require('gulp').task('default', gulp.series('test')); // eslint-disable-line global-require
@@ -1,47 +0,0 @@
-/* eslint-disable no-console */
-import { model as User } from '../../../website/server/models/user';
-
-const MIGRATION_NAME = '2024_purge_invite_accepted';
-const progressCount = 1000;
-let count = 0;
-
-async function updateUsers (userIds) {
-  count += userIds.length;
-  if (count % progressCount === 0) console.warn(`${count} ${userIds[0]}`);
-
-  return await User.updateMany(
-    { _id: { $in: userIds } },
-    { $pull: { notifications: { type: 'GROUP_INVITE_ACCEPTED' } } },
-  ).exec();
-}
-
-export default async function processUsers () {
-  let query = {
-    migration: { $ne: MIGRATION_NAME },
-    'notifications.type': 'GROUP_INVITE_ACCEPTED',
-    'auth.timestamps.loggedin': { $gt: new Date('2024-06-25') },
-  };
-
-  while (true) { // eslint-disable-line no-constant-condition
-    const users = await User // eslint-disable-line no-await-in-loop
-      .find(query)
-      .limit(250)
-      .sort({ _id: 1 })
-      .select({ _id: 1 })
-      .exec();
-
-    if (users.length === 0) {
-      console.warn('All appropriate users found and modified.');
-      console.warn(`\n${count} users processed\n`);
-      break;
-    } else {
-      query._id = {
-        $gt: users[users.length - 1],
-      };
-    }
-
-    const userIds = users.map(user => user._id);
-
-    await updateUsers(userIds); // eslint-disable-line no-await-in-loop
-  }
-};
@@ -1,115 +0,0 @@
-/* eslint-disable no-console */
-const MIGRATION_NAME = '20241119_gem_caps_hourglasses';
-import { model as User } from '../../../website/server/models/user';
-
-const progressCount = 1000;
-let count = 0;
-
-async function updateUser (user) {
-  count += 1;
-  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
-
-  const { consecutive, customerId, dateTerminated, planId } = user.purchased.plan;
-  const isRecurring = customerId !== 'Gift' && !dateTerminated;
-  const updateOp = {
-    $set: {
-      migration: MIGRATION_NAME,
-      'purchased.plan.consecutive.gemCapExtra': Math.max(2 * Math.ceil((consecutive.gemCapExtra + 1) / 2, 26)),
-    },
-    $inc: {},
-  };
-
-  let hourglassBonus = 0;
-
-  if (isRecurring) {
-    await user.updateBalance(
-      5,
-      'admin_update_balance',
-      '',
-      'Subscription Reward Migration',
-    );
-    updateOp.$inc.balance = 5;
-    switch (planId) {
-      case 'basic':
-      case 'basic_earned':
-      case 'group_plan_auto':
-        hourglassBonus = 2;
-        break;
-      case 'basic_3mo':
-      case 'basic_6mo':
-      case 'google_6mo':
-        hourglassBonus = 4;
-        break;
-      case 'basic_12mo':
-        hourglassBonus = 12;
-        updateOp.$set['purchased.plan.hourglassPromoReceived'] = new Date();
-        break;
-      default:
-        hourglassBonus = 0;
-    }
-
-    if (hourglassBonus) {
-      updateOp.$inc['purchased.plan.consecutive.trinkets'] = hourglassBonus;
-      await user.updateHourglasses(
-        hourglassBonus,
-        'admin_update_balance',
-        '',
-        'Subscription Reward Migration',
-      );
-    }
-    updateOp.$push = {
-      notifications: {
-        type: 'ITEM_RECEIVED',
-        data: {
-          icon: 'notif_subscriber_reward',
-          title: 'Thanks for being a subscriber!',
-          text: 'Enjoy these extra Mystic Hourglasses and Gems to celebrate our new benefits.',
-        },
-        seen: false,
-      },
-    };
-  }
-
-  return await User.updateOne(
-    { _id: user._id },
-    updateOp,
-  ).exec();
-}
-
-export default async function processUsers () {
-  let query = {
-    migration: { $ne: MIGRATION_NAME },
-    'purchased.plan.customerId': { $exists: true },
-    $or: [
-      { 'purchased.plan.dateTerminated': { $exists: false } },
-      { 'purchased.plan.dateTerminated': null },
-      { 'purchased.plan.dateTerminated': { $gt: new Date() } },
-    ],
-  };
-
-  const fields = {
-    _id: 1,
-    purchased: 1,
-  };
-
-  while (true) { // eslint-disable-line no-constant-condition
-    const users = await User // eslint-disable-line no-await-in-loop
-      .find(query)
-      .limit(250)
-      .sort({_id: 1})
-      .select(fields)
-      .exec();
-
-    if (users.length === 0) {
-      console.warn('All appropriate users found and modified.');
-      console.warn(`\n${count} users processed\n`);
-      break;
-    } else {
-      query._id = {
-        $gt: users[users.length - 1],
-      };
-    }
-
-    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
-  }
-};
@@ -37,7 +37,7 @@ let consoleStamp = require('console-stamp');
 consoleStamp(console);

 // Initialize configuration
-require('../../website/server/libs/api-v3/setupNconf').default();
+require('../../website/server/libs/api-v3/setupNconf')();

 let MONGODB_OLD = nconf.get('MONGODB_OLD');
 let MONGODB_NEW = nconf.get('MONGODB_NEW');
@@ -32,7 +32,7 @@ let moment = require('moment');
 consoleStamp(console);

 // Initialize configuration
-require('../../website/server/libs/api-v3/setupNconf').default();
+require('../../website/server/libs/api-v3/setupNconf')();

 let MONGODB_OLD = nconf.get('MONGODB_OLD');
 let MONGODB_NEW = nconf.get('MONGODB_NEW');
@@ -6,11 +6,11 @@ require('@babel/register'); // eslint-disable-line import/no-extraneous-dependen
 function setUpServer () {
  const nconf = require('nconf'); // eslint-disable-line global-require, no-unused-vars
  const mongoose = require('mongoose'); // eslint-disable-line global-require, no-unused-vars
-  const setupNconf = require('../website/server/libs/setupNconf').default; // eslint-disable-line global-require
+  const setupNconf = require('../website/server/libs/setupNconf'); // eslint-disable-line global-require

  setupNconf();

-  // We require src/server and not src/index because
+  // We require src/server and npt src/index because
  // 1. nconf is already setup
  // 2. we don't need clustering
  require('../website/server/server'); // eslint-disable-line global-require
@@ -26,7 +26,7 @@ async function updateUser (user) {
    [{ name: 'BASE_URL', content: BASE_URL }], // Add variables from template
  );

-  return User.updateOne({ _id: user._id }, { $set: { migration: MIGRATION_NAME } }).exec();
+  return User.update({ _id: user._id }, { $set: { migration: MIGRATION_NAME } }).exec();
 }

 export default async function processUsers () {
@@ -11,7 +11,7 @@ const progressCount = 1000;
 let count = 0;

 /*
- * Award every extant piece of equippable gear
+ * Award users every extant pet and mount
 */

 async function updateUser (user) {
@@ -27,13 +27,13 @@ async function updateUser (user) {

  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);

-  return User.updateOne({ _id: user._id }, { $set: set }).exec();
+  return User.update({ _id: user._id }, { $set: set }).exec();
 }

 export default async function processUsers () {
  const query = {
    migration: { $ne: MIGRATION_NAME },
-    'auth.local.username': 'ExampleHabitican',
+    'auth.local.lowerCaseUsername': 'olson1',
  };

  const fields = {
@@ -57,7 +57,7 @@ async function updateUser (user) {
 export default async function processUsers () {
  const query = {
    migration: { $ne: MIGRATION_NAME },
-    'auth.local.username': 'ExampleHabitican',
+    'auth.local.username': 'SabreTest',
  };

  const fields = {
@@ -1,175 +0,0 @@
-/*
- * Award Habitoween ladder items to participants in this month's Habitoween festivities
- */
-/* eslint-disable no-console */
-import { model as User } from '../../website/server/models/user';
-
-const MIGRATION_NAME = '20241030_habitoween_ladder'; // Update when running in future years
-
-const progressCount = 1000;
-let count = 0;
-
-async function updateUser (user) {
-  count += 1;
-
-  const set = { migration: MIGRATION_NAME };
-  const inc = {
-    'items.food.Candy_Skeleton': 1,
-    'items.food.Candy_Base': 1,
-    'items.food.Candy_CottonCandyBlue': 1,
-    'items.food.Candy_CottonCandyPink': 1,
-    'items.food.Candy_Shade': 1,
-    'items.food.Candy_White': 1,
-    'items.food.Candy_Golden': 1,
-    'items.food.Candy_Zombie': 1,
-    'items.food.Candy_Desert': 1,
-    'items.food.Candy_Red': 1,
-  };
-  const push = { notifications: { $each: [] } };
-
-  if (user && user.items && user.items.mounts && user.items.mounts['JackOLantern-RoyalPurple']) {
-    push.notifications.$each.push({
-      type: 'ITEM_RECEIVED',
-      data: {
-        icon: 'notif_habitoween_candy',
-        title: 'Happy Habitoween!',
-        text: 'For this spooky celebration, you\'ve received an assortment of candy for your Pets!',
-        destination: '/inventory/stable',
-      },
-      seen: false,
-    });
-  } else if (user && user.items && user.items.pets && user.items.pets['JackOLantern-RoyalPurple']) {
-    set['items.mounts.JackOLantern-RoyalPurple'] = true;
-    push.notifications.$each.push({
-      type: 'ITEM_RECEIVED',
-      data: {
-        icon: 'notif_habitoween_purple_mount',
-        title: 'Happy Habitoween!',
-        text: 'For this spooky celebration, you\'ve received a Royal Purple Jack-O-Lantern Mount and an assortment of candy for your Pets!',
-        destination: '/inventory/stable',
-      },
-      seen: false,
-    });
-  } else if (user && user.items && user.items.mounts && user.items.mounts['JackOLantern-Glow']) {
-    set['items.pets.JackOLantern-RoyalPurple'] = 5;
-    push.notifications.$each.push({
-      type: 'ITEM_RECEIVED',
-      data: {
-        icon: 'notif_habitoween_purple_pet',
-        title: 'Happy Habitoween!',
-        text: 'For this spooky celebration, you\'ve received a Royal Purple Jack-O-Lantern Pet and an assortment of candy for your Pets!',
-        destination: '/inventory/stable',
-      },
-      seen: false,
-    });
-  } else if (user && user.items && user.items.pets && user.items.pets['JackOLantern-Glow']) {
-    set['items.mounts.JackOLantern-Glow'] = true;
-    push.notifications.$each.push({
-      type: 'ITEM_RECEIVED',
-      data: {
-        icon: 'notif_habitoween_glow_mount',
-        title: 'Happy Habitoween!',
-        text: 'For this spooky celebration, you\'ve received a Glow-in-the-Dark Jack-O-Lantern Mount and an assortment of candy for your Pets!',
-        destination: '/inventory/stable',
-      },
-      seen: false,
-    });
-  } else if (user && user.items && user.items.mounts && user.items.mounts['JackOLantern-Ghost']) {
-    set['items.pets.JackOLantern-Glow'] = 5;
-    push.notifications.$each.push({
-      type: 'ITEM_RECEIVED',
-      data: {
-        icon: 'notif_habitoween_glow_pet',
-        title: 'Happy Habitoween!',
-        text: 'For this spooky celebration, you\'ve received a Glow-in-the-Dark Jack-O-Lantern Pet and an assortment of candy for your Pets!',
-        destination: '/inventory/stable',
-      },
-      seen: false,
-    });
-  } else if (user && user.items && user.items.pets && user.items.pets['JackOLantern-Ghost']) {
-    set['items.mounts.JackOLantern-Ghost'] = true;
-    push.notifications.$each.push({
-      type: 'ITEM_RECEIVED',
-      data: {
-        icon: 'notif_habitoween_ghost_mount',
-        title: 'Happy Habitoween!',
-        text: 'For this spooky celebration, you\'ve received a Ghost Jack-O-Lantern Mount and an assortment of candy for your Pets!',
-        destination: '/inventory/stable',
-      },
-      seen: false,
-    });
-  } else if (user && user.items && user.items.mounts && user.items.mounts['JackOLantern-Base']) {
-    set['items.pets.JackOLantern-Ghost'] = 5;
-    push.notifications.$each.push({
-      type: 'ITEM_RECEIVED',
-      data: {
-        icon: 'notif_habitoween_ghost_pet',
-        title: 'Happy Habitoween!',
-        text: 'For this spooky celebration, you\'ve received a Ghost Jack-O-Lantern Pet and an assortment of candy for your Pets!',
-        destination: '/inventory/stable',
-      },
-      seen: false,
-    });
-  } else if (user && user.items && user.items.pets && user.items.pets['JackOLantern-Base']) {
-    set['items.mounts.JackOLantern-Base'] = true;
-    push.notifications.$each.push({
-      type: 'ITEM_RECEIVED',
-      data: {
-        icon: 'notif_habitoween_base_mount',
-        title: 'Happy Habitoween!',
-        text: 'For this spooky celebration, you\'ve received a Jack-O-Lantern Mount and an assortment of candy for your Pets!',
-        destination: '/inventory/stable',
-      },
-      seen: false,
-    });
-  } else {
-    set['items.pets.JackOLantern-Base'] = 5;
-    push.notifications.$each.push({
-      type: 'ITEM_RECEIVED',
-      data: {
-        icon: 'notif_habitoween_base_pet',
-        title: 'Happy Habitoween!',
-        text: 'For this spooky celebration, you\'ve received a Jack-O-Lantern Pet and an assortment of candy for your Pets!',
-        destination: '/inventory/stable',
-      },
-      seen: false,
-    });
-  }
-
-  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
-  return User.updateOne({ _id: user._id }, { $inc: inc, $push: push, $set: set }).exec();
-}
-
-export default async function processUsers () {
-  const query = {
-    migration: { $ne: MIGRATION_NAME },
-    'auth.timestamps.loggedin': { $gt: new Date('2024-10-01') },
-  };
-
-  const fields = {
-    _id: 1,
-    items: 1,
-  };
-
-  while (true) { // eslint-disable-line no-constant-condition
-    const users = await User // eslint-disable-line no-await-in-loop
-      .find(query)
-      .limit(250)
-      .sort({ _id: 1 })
-      .select(fields)
-      .lean()
-      .exec();
-
-    if (users.length === 0) {
-      console.warn('All appropriate users found and modified.');
-      console.warn(`\n${count} users processed\n`);
-      break;
-    } else {
-      query._id = {
-        $gt: users[users.length - 1],
-      };
-    }
-
-    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
-  }
-}
@@ -1,167 +0,0 @@
-/* eslint-disable no-console */
-import { model as User } from '../../website/server/models/user';
-
-const MIGRATION_NAME = '20241120_harvest_feast';
-const progressCount = 1000;
-let count = 0;
-
-async function updateUser (user) {
-  count += 1;
-
-  const updateOp = {
-    $set: { migration: MIGRATION_NAME },
-  };
-
-  if (typeof user.items.gear.owned.head_special_turkeyHelmGilded !== 'undefined') {
-    updateOp.$inc = {
-      'items.food.Pie_Base': 1,
-      'items.food.Pie_CottonCandyBlue': 1,
-      'items.food.Pie_CottonCandyPink': 1,
-      'items.food.Pie_Desert': 1,
-      'items.food.Pie_Golden': 1,
-      'items.food.Pie_Red': 1,
-      'items.food.Pie_Shade': 1,
-      'items.food.Pie_Skeleton': 1,
-      'items.food.Pie_Zombie': 1,
-      'items.food.Pie_White': 1,
-    };
-    updateOp.$push = {
-      notifications: {
-        type: 'ITEM_RECEIVED',
-        data: {
-          icon: 'notif_harvestfeast_pie',
-          title: 'Happy Harvest Feast!',
-          text: 'Gobble gobble, you\'ve received an assortment of pie for your Pets!',
-          destination: '/inventory/stable',
-        },
-        seen: false,
-      },
-    };
-  } else if (typeof user.items.gear.owned.armor_special_turkeyArmorBase !== 'undefined') {
-    updateOp.$set['items.gear.owned.head_special_turkeyHelmGilded'] = true;
-    updateOp.$set['items.gear.owned.armor_special_turkeyArmorGilded'] = true;
-    updateOp.$set['items.gear.owned.back_special_turkeyTailGilded'] = true;
-    updateOp.$push = {
-      notifications: {
-        type: 'ITEM_RECEIVED',
-        data: {
-          icon: 'notif_harvestfeast_gilded_set',
-          title: 'Happy Harvest Feast!',
-          text: 'Gobble gobble, you\'ve received the Gilded Turkey Armor, Helm, and Tail!',
-          destination: '/inventory/equipment',
-        },
-        seen: false,
-      },
-    };
-  } else if (user.items && user.items.mounts && user.items.mounts['Turkey-Gilded']) {
-    updateOp.$set['items.gear.owned.head_special_turkeyHelmBase'] = true;
-    updateOp.$set['items.gear.owned.armor_special_turkeyArmorBase'] = true;
-    updateOp.$set['items.gear.owned.back_special_turkeyTailBase'] = true;
-    updateOp.$push = {
-      notifications: {
-        type: 'ITEM_RECEIVED',
-        data: {
-          icon: 'notif_harvestfeast_base_set',
-          title: 'Happy Harvest Feast!',
-          text: 'Gobble gobble, you\'ve received the Turkey Armor, Helm, and Tail!',
-          destination: '/inventory/equipment',
-        },
-        seen: false,
-      },
-    };
-  } else if (user.items && user.items.pets && user.items.pets['Turkey-Gilded']) {
-    updateOp.$set['items.mounts.Turkey-Gilded'] = true;
-    updateOp.$push = {
-      notifications: {
-        type: 'ITEM_RECEIVED',
-        data: {
-          icon: 'notif_harvestfeast_gilded_mount',
-          title: 'Happy Harvest Feast!',
-          text: 'Gobble gobble, you\'ve received the Gilded Turkey Mount!',
-          destination: '/inventory/stable',
-        },
-        seen: false,
-      },
-    };
-  } else if (user.items && user.items.mounts && user.items.mounts['Turkey-Base']) {
-    updateOp.$set['items.pets.Turkey-Gilded'] = 5;
-    updateOp.$push = {
-      notifications: {
-        type: 'ITEM_RECEIVED',
-        data: {
-          icon: 'notif_harvestfeast_gilded_pet',
-          title: 'Happy Harvest Feast!',
-          text: 'Gobble gobble, you\'ve received the Gilded Turkey Pet!',
-          destination: '/inventory/stable',
-        },
-        seen: false,
-      },
-    };
-  } else if (user.items && user.items.pets && user.items.pets['Turkey-Base']) {
-    updateOp.$set['items.mounts.Turkey-Base'] = true;
-    updateOp.$push = {
-      notifications: {
-        type: 'ITEM_RECEIVED',
-        data: {
-          icon: 'notif_harvestfeast_base_mount',
-          title: 'Happy Harvest Feast!',
-          text: 'Gobble gobble, you\'ve received the Turkey Mount!',
-          destination: '/inventory/stable',
-        },
-        seen: false,
-      },
-    };
-  } else {
-    updateOp.$set['items.pets.Turkey-Base'] = 5;
-    updateOp.$push = {
-      notifications: {
-        type: 'ITEM_RECEIVED',
-        data: {
-          icon: 'notif_harvestfeast_base_pet',
-          title: 'Happy Harvest Feast!',
-          text: 'Gobble gobble, you\'ve received the Turkey Pet!',
-          destination: '/inventory/stable',
-        },
-        seen: false,
-      },
-    };
-  }
-
-  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
-
-  return User.updateOne({ _id: user._id }, updateOp).exec();
-}
-
-export default async function processUsers () {
-  const query = {
-    migration: { $ne: MIGRATION_NAME },
-    'auth.timestamps.loggedin': { $gt: new Date('2024-10-20') },
-  };
-
-  const fields = {
-    _id: 1,
-    items: 1,
-  };
-
-  while (true) { // eslint-disable-line no-constant-condition
-    const users = await User // eslint-disable-line no-await-in-loop
-      .find(query)
-      .limit(250)
-      .sort({ _id: 1 })
-      .select(fields)
-      .lean()
-      .exec();
-
-    if (users.length === 0) {
-      console.warn('All appropriate users found and modified.');
-      console.warn(`\n${count} users processed\n`);
-      break;
-    } else {
-      query._id = {
-        $gt: users[users.length - 1],
-      };
-    }
-
-    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
-  }
-}
@@ -1,125 +0,0 @@
-/* eslint-disable no-console */
-import { model as User } from '../../website/server/models/user';
-
-const MIGRATION_NAME = '20231228_nye';
-const progressCount = 1000;
-let count = 0;
-
-async function updateUser (user) {
-  count += 1;
-
-  const updateOp = {
-    $set: { migration: MIGRATION_NAME },
-    $push: { },
-  };
-  const data = {
-    title: 'Happy New Year!',
-    destination: '/inventory/equipment',
-  };
-
-  if (typeof user.items.gear.owned.head_special_nye2023 !== 'undefined') {
-    updateOp.$inc = {
-      'items.food.Candy_Skeleton': 1,
-      'items.food.Candy_Base': 1,
-      'items.food.Candy_CottonCandyBlue': 1,
-      'items.food.Candy_CottonCandyPink': 1,
-      'items.food.Candy_Shade': 1,
-      'items.food.Candy_White': 1,
-      'items.food.Candy_Golden': 1,
-      'items.food.Candy_Zombie': 1,
-      'items.food.Candy_Desert': 1,
-      'items.food.Candy_Red': 1,
-    };
-    data.icon = 'notif_candy_nye';
-    data.text = 'You’ve received an assortment of candy to celebrate with your Pets!';
-    data.destination = '/inventory/stable';
-  } else if (typeof user.items.gear.owned.head_special_nye2022 !== 'undefined') {
-    updateOp.$set['items.gear.owned.head_special_nye2023'] = true;
-    data.icon = 'notif_2023hat_nye';
-    data.text = 'Take on your resolutions with style in this Ludicrous Party Hat!';
-  } else if (typeof user.items.gear.owned.head_special_nye2021 !== 'undefined') {
-    updateOp.$set['items.gear.owned.head_special_nye2022'] = true;
-    data.icon = 'notif_2022hat_nye';
-    data.text = 'Take on your resolutions with style in this Fabulous Party Hat!';
-  } else if (typeof user.items.gear.owned.head_special_nye2020 !== 'undefined') {
-    updateOp.$set['items.gear.owned.head_special_nye2021'] = true;
-    data.icon = 'notif_2021hat_nye';
-    data.text = 'Take on your resolutions with style in this Preposterous Party Hat!';
-  } else if (typeof user.items.gear.owned.head_special_nye2019 !== 'undefined') {
-    updateOp.$set['items.gear.owned.head_special_nye2020'] = true;
-    data.icon = 'notif_2020hat_nye';
-    data.text = 'Take on your resolutions with style in this Extravagant Party Hat!';
-  } else if (typeof user.items.gear.owned.head_special_nye2018 !== 'undefined') {
-    updateOp.$set['items.gear.owned.head_special_nye2019'] = true;
-    data.icon = 'notif_2019hat_nye';
-    data.text = 'Take on your resolutions with style in this Outrageous Party Hat!';
-  } else if (typeof user.items.gear.owned.head_special_nye2017 !== 'undefined') {
-    updateOp.$set['items.gear.owned.head_special_nye2018'] = true;
-    data.icon = 'notif_2018hat_nye';
-    data.text = 'Take on your resolutions with style in this Outlandish Party Hat!';
-  } else if (typeof user.items.gear.owned.head_special_nye2016 !== 'undefined') {
-    updateOp.$set['items.gear.owned.head_special_nye2017'] = true;
-    data.icon = 'notif_2017hat_nye';
-    data.text = 'Take on your resolutions with style in this Fanciful Party Hat!';
-  } else if (typeof user.items.gear.owned.head_special_nye2015 !== 'undefined') {
-    updateOp.$set['items.gear.owned.head_special_nye2016'] = true;
-    data.icon = 'notif_2016hat_nye';
-    data.text = 'Take on your resolutions with style in this Whimsical Party Hat!';
-  } else if (typeof user.items.gear.owned.head_special_nye2014 !== 'undefined') {
-    updateOp.$set['items.gear.owned.head_special_nye2015'] = true;
-    data.icon = 'notif_2015hat_nye';
-    data.text = 'Take on your resolutions with style in this Ridiculous Party Hat!';
-  } else if (typeof user.items.gear.owned.head_special_nye !== 'undefined') {
-    updateOp.$set['items.gear.owned.head_special_nye2014'] = true;
-    data.icon = 'notif_2014hat_nye';
-    data.text = 'Take on your resolutions with style in this Silly Party Hat!';
-  } else {
-    updateOp.$set['items.gear.owned.head_special_nye'] = true;
-    data.icon = 'notif_2013hat_nye';
-    data.text = 'Take on your resolutions with style in this Absurd Party Hat!';
-  }
-
-  updateOp.$push.notifications = {
-    type: 'ITEM_RECEIVED',
-    data,
-    seen: false,
-  };
-
-  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);
-
-  return User.updateOne({ _id: user._id }, updateOp).exec();
-}
-
-export default async function processUsers () {
-  const query = {
-    'auth.timestamps.loggedin': { $gt: new Date('2023-12-01') },
-    migration: { $ne: MIGRATION_NAME },
-  };
-
-  const fields = {
-    _id: 1,
-    items: 1,
-  };
-
-  while (true) { // eslint-disable-line no-constant-condition
-    const users = await User // eslint-disable-line no-await-in-loop
-      .find(query)
-      .limit(250)
-      .sort({ _id: 1 })
-      .select(fields)
-      .lean()
-      .exec();
-
-    if (users.length === 0) {
-      console.warn('All appropriate users found and modified.');
-      console.warn(`\n${count} users processed\n`);
-      break;
-    } else {
-      query._id = {
-        $gt: users[users.length - 1],
-      };
-    }
-
-    await Promise.all(users.map(updateUser)); // eslint-disable-line no-await-in-loop
-  }
-}
@@ -3,8 +3,7 @@ import { v4 as uuid } from 'uuid';

 import { model as User } from '../../website/server/models/user';

-const MIGRATION_NAME = 'YYYYMMDD_take_this';
-const CHALLENGE_ID = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx';
+const MIGRATION_NAME = '20181203_take_this';

 const progressCount = 1000;
 let count = 0;
@@ -42,15 +41,15 @@ async function updateUser (user) {
  if (count % progressCount === 0) console.warn(`${count} ${user._id}`);

  if (push) {
-    return User.updateOne({ _id: user._id }, { $set: set, $push: push }).exec();
+    return User.update({ _id: user._id }, { $set: set, $push: push }).exec();
  }
-  return User.updateOne({ _id: user._id }, { $set: set }).exec();
+  return User.update({ _id: user._id }, { $set: set }).exec();
 }

 export default async function processUsers () {
  const query = {
    migration: { $ne: MIGRATION_NAME },
-    challenges: CHALLENGE_ID,
+    challenges: '00708425-d477-41a5-bf27-6270466e7976',
  };

  const fields = {
@@ -73,7 +72,7 @@ export default async function processUsers () {
      break;
    } else {
      query._id = {
-        $gt: users[users.length - 1]._id,
+        $gt: users[users.length - 1],
      };
    }

@@ -1,7 +1,7 @@
 {
  "name": "habitica",
  "description": "A habit tracker app which treats your goals like a Role Playing Game.",
-  "version": "5.47.1",
+  "version": "5.27.0",
  "main": "./website/server/index.js",
  "dependencies": {
    "@babel/core": "^7.22.10",
@@ -15,12 +15,11 @@
    "amplitude": "^6.0.0",
    "apidoc": "^0.54.0",
    "apple-auth": "^1.0.9",
-    "babel-preset-env": "^1.7.0",
    "bcrypt": "^5.1.1",
-    "body-parser": "^1.20.3",
+    "body-parser": "^1.20.2",
    "bootstrap": "^4.6.2",
-    "compression": "^1.8.1",
-    "cookie-session": "^2.1.1",
+    "compression": "^1.7.4",
+    "cookie-session": "^2.0.0",
    "coupon-code": "^0.4.5",
    "csv-stringify": "^5.6.5",
    "cwait": "^1.1.1",
@@ -28,7 +27,7 @@
    "eslint": "^8.55.0",
    "eslint-config-habitrpg": "^6.2.3",
    "eslint-plugin-mocha": "^5.0.0",
-    "express": "^4.21.1",
+    "express": "^4.19.2",
    "express-basic-auth": "^1.2.1",
    "express-validator": "^5.2.0",
    "firebase-admin": "^12.1.1",
@@ -38,9 +37,9 @@
    "gulp-babel": "^8.0.0",
    "gulp-filter": "^7.0.0",
    "gulp-imagemin": "^7.1.0",
+    "gulp-nodemon": "^2.5.0",
    "gulp.spritesmith": "^6.13.0",
-    "habitica-markdown": "^4.1.0",
-    "heapdump": "^0.3.15",
+    "habitica-markdown": "^3.0.0",
    "helmet": "^4.6.0",
    "in-app-purchase": "^1.11.3",
    "js2xmlparser": "^5.0.0",
@@ -49,15 +48,14 @@
    "lodash": "^4.17.21",
    "merge-stream": "^2.0.0",
    "method-override": "^3.0.0",
-    "micromustache": "^8.0.3",
    "moment": "^2.29.4",
-    "moment-recur": "git://github.com/HabitRPG/moment-recur.git#d3e8e6da0806f13b74dd2e4d7d9053e6a63db119",
-    "mongoose": "^8.23.0",
-    "morgan": "^1.10.1",
-    "nan": "^2.25.0",
+    "moment-recur": "^1.0.7",
+    "mongoose": "^7.6.3",
+    "morgan": "^1.10.0",
    "nconf": "^0.12.1",
    "node-gcm": "^1.0.5",
-    "on-headers": "^1.1.0",
+    "nodemon": "^2.0.20",
+    "on-headers": "^1.0.2",
    "passport": "^0.5.3",
    "passport-facebook": "^3.0.0",
    "passport-google-oauth2": "^0.2.0",
@@ -73,10 +71,10 @@
    "sinon": "^15.2.0",
    "stripe": "^12.18.0",
    "superagent": "^8.1.2",
+    "universal-analytics": "^0.5.3",
    "useragent": "^2.1.9",
    "uuid": "^9.0.0",
    "validator": "^13.11.0",
-    "webpack-bundle-analyzer": "^4.10.2",
    "winston": "^3.10.0",
    "winston-loggly-bulk": "^3.3.0",
    "xml2js": "^0.6.2"
@@ -100,34 +98,31 @@
    "test:sanity": "nyc --silent --no-clean mocha test/sanity --recursive",
    "test:common": "nyc --silent --no-clean mocha test/common --recursive",
    "test:content": "nyc --silent --no-clean mocha test/content --recursive",
+    "test:nodemon": "gulp test:nodemon",
    "coverage": "nyc report --reporter=html --report-dir coverage/results; open coverage/results/index.html",
    "sprites": "gulp sprites:compile",
    "client:dev": "cd website/client && npm run serve",
-    "client:dev:docker": "cd website/client && npm run serve:docker",
    "client:build": "cd website/client && npm run build",
    "client:unit": "cd website/client && npm run test:unit",
-    "start": "node --watch ./website/server/index.js",
-    "debug": "node --watch --inspect ./website/server/index.js",
-    "docker:aio": "docker compose -f docker-compose.yml up",
-    "docker:mongo:dev": "docker compose -f docker-compose.mongo-only.yml up",
-    "docker:mongo:dev:down": "docker compose -f docker-compose.mongo-only.yml down",
-    "docker:mongo:test": "docker compose -f docker-compose.mongo-test-local.yml up",
-    "mongo:test": "node scripts/start-local-mongo.mjs --test-db",
+    "start": "gulp nodemon",
+    "debug": "gulp nodemon --inspect",
+    "mongo:dev": "run-rs -v 5.0.23 -l ubuntu1804 --keep --dbpath mongodb-data --number 1 --quiet",
    "postinstall": "git config --global url.\"https://\".insteadOf git:// && gulp build && cd website/client && npm install",
    "apidoc": "gulp apidoc",
-    "heroku-postbuild": ".heroku/report_deploy.sh"
+    "heroku-postbuild": "npm run client:build"
  },
  "devDependencies": {
-    "axios": "^1.8.2",
+    "axios": "^1.4.0",
    "chai": "^4.3.7",
    "chai-as-promised": "^7.1.1",
    "chai-moment": "^0.1.0",
    "chalk": "^5.3.0",
-    "cross-spawn": "^7.0.5",
+    "cross-spawn": "^7.0.3",
    "mocha": "^5.1.1",
    "monk": "^7.3.4",
    "nyc": "^15.1.0",
    "require-again": "^2.0.0",
+    "run-rs": "^0.7.7",
    "sinon-chai": "^3.7.0",
    "sinon-stub-promise": "^4.0.0"
  }
@@ -71,14 +71,15 @@ async function deleteHabiticaData (user, email) {
 }

 async function processEmailAddress (email) {
+  const emailRegex = new RegExp(`^${email}$`, 'i');
  const localUsers = await User.find(
-    { 'auth.local.email': email },
+    { 'auth.local.email': emailRegex },
    { _id: 1, apiToken: 1, auth: 1 },
  ).exec();

  const socialUsers = await User.find(
    {
-      'auth.local.email': { $ne: email },
+      'auth.local.email': { $not: emailRegex },
      $or: [
        { 'auth.facebook.emails.value': email },
        { 'auth.google.emails.value': email },
@@ -8,17 +8,7 @@ const TASK_VALUE_CHANGE_FACTOR = 0.9747;
 const MIN_TASK_VALUE = -47.27;

 async function updateTeamTasks (team) {
-  if (team.purchased.plan.dateTerminated) {
-    const dateTerminated = new Date(team.purchased.plan.dateTerminated);
-    if (dateTerminated < new Date()) {
-      team.purchased.plan.customerId = undefined;
-      team.markModified('purchased.plan');
-      return team.save();
-    }
-  }
-
  const toSave = [];
-
  let teamLeader = await User.findOne({ _id: team.leader }, 'preferences').exec();

  if (!teamLeader) { // why would this happen?
@@ -103,7 +93,12 @@ async function updateTeamTasks (team) {
 export default async function processTeamsCron () {
  const activeTeams = await Group.find({
    'purchased.plan.customerId': { $exists: true },
-  }, { cron: 1, leader: 1, purchased: 1 }).exec();
+    $or: [
+      { 'purchased.plan.dateTerminated': { $exists: false } },
+      { 'purchased.plan.dateTerminated': null },
+      { 'purchased.plan.dateTerminated': { $gt: new Date() } },
+    ],
+  }).exec();

  const cronPromises = activeTeams.map(updateTeamTasks);
  return Promise.all(cronPromises);
@@ -0,0 +1,595 @@
+/* eslint-disable camelcase */
+import nconf from 'nconf';
+import Amplitude from 'amplitude';
+import { Visitor } from 'universal-analytics';
+import * as analyticsService from '../../../../website/server/libs/analyticsService';
+
+describe('analyticsService', () => {
+  beforeEach(() => {
+    sandbox.stub(Amplitude.prototype, 'track').returns(Promise.resolve());
+
+    sandbox.stub(Visitor.prototype, 'event');
+    sandbox.stub(Visitor.prototype, 'transaction');
+  });
+
+  afterEach(() => {
+    sandbox.restore();
+  });
+
+  describe('#getServiceByEnvironment', () => {
+    it('returns mock methods when not in production', () => {
+      sandbox.stub(nconf, 'get').withArgs('IS_PROD').returns(false);
+      expect(analyticsService.getAnalyticsServiceByEnvironment())
+        .to.equal(analyticsService.mockAnalyticsService);
+    });
+
+    it('returns real methods when in production', () => {
+      sandbox.stub(nconf, 'get').withArgs('IS_PROD').returns(true);
+      expect(analyticsService.getAnalyticsServiceByEnvironment().track)
+        .to.equal(analyticsService.track);
+      expect(analyticsService.getAnalyticsServiceByEnvironment().trackPurchase)
+        .to.equal(analyticsService.trackPurchase);
+    });
+  });
+
+  describe('#track', () => {
+    let eventType; let
+      data;
+
+    beforeEach(() => {
+      Visitor.prototype.event.yields();
+
+      eventType = 'Cron';
+      data = {
+        category: 'behavior',
+        uuid: 'unique-user-id',
+        resting: true,
+        cronCount: 5,
+        headers: {
+          'x-client': 'habitica-web',
+          'user-agent': '',
+        },
+      };
+    });
+
+    context('Amplitude', () => {
+      it('calls out to amplitude', () => analyticsService.track(eventType, data)
+        .then(() => {
+          expect(Amplitude.prototype.track).to.be.calledOnce;
+        }));
+
+      it('uses a dummy user id if none is provided', () => {
+        delete data.uuid;
+
+        return analyticsService.track(eventType, data)
+          .then(() => {
+            expect(Amplitude.prototype.track).to.be.calledWithMatch({
+              user_id: 'no-user-id-was-provided',
+            });
+          });
+      });
+
+      context('platform', () => {
+        it('logs web platform', () => {
+          data.headers = { 'x-client': 'habitica-web' };
+
+          return analyticsService.track(eventType, data)
+            .then(() => {
+              expect(Amplitude.prototype.track).to.be.calledWithMatch({
+                platform: 'Web',
+              });
+            });
+        });
+
+        it('logs iOS platform', () => {
+          data.headers = { 'x-client': 'habitica-ios' };
+
+          return analyticsService.track(eventType, data)
+            .then(() => {
+              expect(Amplitude.prototype.track).to.be.calledWithMatch({
+                platform: 'iOS',
+              });
+            });
+        });
+
+        it('logs Android platform', () => {
+          data.headers = { 'x-client': 'habitica-android' };
+
+          return analyticsService.track(eventType, data)
+            .then(() => {
+              expect(Amplitude.prototype.track).to.be.calledWithMatch({
+                platform: 'Android',
+              });
+            });
+        });
+
+        it('logs 3rd Party platform', () => {
+          data.headers = { 'x-client': 'some-third-party' };
+
+          return analyticsService.track(eventType, data)
+            .then(() => {
+              expect(Amplitude.prototype.track).to.be.calledWithMatch({
+                platform: '3rd Party',
+              });
+            });
+        });
+
+        it('logs unknown if headers are not passed in', () => {
+          delete data.headers;
+
+          return analyticsService.track(eventType, data)
+            .then(() => {
+              expect(Amplitude.prototype.track).to.be.calledWithMatch({
+                platform: 'Unknown',
+              });
+            });
+        });
+      });
+
+      context('Operating System', () => {
+        it('sets default', () => {
+          data.headers = {
+            'x-client': 'third-party',
+            'user-agent': 'foo',
+          };
+
+          return analyticsService.track(eventType, data)
+            .then(() => {
+              expect(Amplitude.prototype.track).to.be.calledWithMatch({
+                os_name: 'Other',
+                os_version: '0',
+              });
+            });
+        });
+
+        it('sets iOS', () => {
+          data.headers = {
+            'x-client': 'habitica-ios',
+            'user-agent': 'Habitica/148 (iPhone; iOS 9.3; Scale/2.00)',
+          };
+
+          return analyticsService.track(eventType, data)
+            .then(() => {
+              expect(Amplitude.prototype.track).to.be.calledWithMatch({
+                os_name: 'iOS',
+                os_version: '9.3.0',
+              });
+            });
+        });
+
+        it('sets Android', () => {
+          data.headers = {
+            'x-client': 'habitica-android',
+            'user-agent': 'Mozilla/5.0 (Linux; Android 4.0.4; Galaxy Nexus Build/IMM76B) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.133 Mobile Safari/535.19',
+          };
+
+          return analyticsService.track(eventType, data)
+            .then(() => {
+              expect(Amplitude.prototype.track).to.be.calledWithMatch({
+                os_name: 'Android',
+                os_version: '4.0.4',
+              });
+            });
+        });
+
+        it('sets Unknown if headers are not passed in', () => {
+          delete data.headers;
+
+          return analyticsService.track(eventType, data)
+            .then(() => {
+              expect(Amplitude.prototype.track).to.be.calledWithMatch({
+                os_name: undefined,
+                os_version: undefined,
+              });
+            });
+        });
+      });
+
+      it('sends details about event', () => analyticsService.track(eventType, data)
+        .then(() => {
+          expect(Amplitude.prototype.track).to.be.calledWithMatch({
+            event_properties: {
+              category: 'behavior',
+              resting: true,
+              cronCount: 5,
+            },
+          });
+        }));
+
+      it('sends english item name for gear if itemKey is provided', () => {
+        data.itemKey = 'headAccessory_special_foxEars';
+
+        return analyticsService.track(eventType, data)
+          .then(() => {
+            expect(Amplitude.prototype.track).to.be.calledWithMatch({
+              event_properties: {
+                itemKey: data.itemKey,
+                itemName: 'Fox Ears',
+              },
+            });
+          });
+      });
+
+      it('sends english item name for egg if itemKey is provided', () => {
+        data.itemKey = 'Wolf';
+
+        return analyticsService.track(eventType, data)
+          .then(() => {
+            expect(Amplitude.prototype.track).to.be.calledWithMatch({
+              event_properties: {
+                itemKey: data.itemKey,
+                itemName: 'Wolf Egg',
+              },
+            });
+          });
+      });
+
+      it('sends english item name for food if itemKey is provided', () => {
+        data.itemKey = 'Cake_Skeleton';
+
+        return analyticsService.track(eventType, data)
+          .then(() => {
+            expect(Amplitude.prototype.track).to.be.calledWithMatch({
+              event_properties: {
+                itemKey: data.itemKey,
+                itemName: 'Bare Bones Cake',
+              },
+            });
+          });
+      });
+
+      it('sends english item name for hatching potion if itemKey is provided', () => {
+        data.itemKey = 'Golden';
+
+        return analyticsService.track(eventType, data)
+          .then(() => {
+            expect(Amplitude.prototype.track).to.be.calledWithMatch({
+              event_properties: {
+                itemKey: data.itemKey,
+                itemName: 'Golden Hatching Potion',
+              },
+            });
+          });
+      });
+
+      it('sends english item name for quest if itemKey is provided', () => {
+        data.itemKey = 'atom1';
+
+        return analyticsService.track(eventType, data)
+          .then(() => {
+            expect(Amplitude.prototype.track).to.be.calledWithMatch({
+              event_properties: {
+                itemKey: data.itemKey,
+                itemName: 'Attack of the Mundane, Part 1: Dish Disaster!',
+              },
+            });
+          });
+      });
+
+      it('sends english item name for purchased spell if itemKey is provided', () => {
+        data.itemKey = 'seafoam';
+
+        return analyticsService.track(eventType, data)
+          .then(() => {
+            expect(Amplitude.prototype.track).to.be.calledWithMatch({
+              event_properties: {
+                itemKey: data.itemKey,
+                itemName: 'Seafoam',
+              },
+            });
+          });
+      });
+
+      it('sends user data if provided', () => {
+        const stats = {
+          class: 'wizard', exp: 5, gp: 23, hp: 10, lvl: 4, mp: 30,
+        };
+        const user = {
+          stats,
+          contributor: { level: 1 },
+          purchased: { plan: { planId: 'foo-plan' } },
+          flags: { tour: { intro: -2 } },
+          habits: [{ _id: 'habit' }],
+          dailys: [{ _id: 'daily' }],
+          todos: [{ _id: 'todo' }],
+          rewards: [{ _id: 'reward' }],
+          balance: 12,
+          loginIncentives: 1,
+        };
+
+        data.user = user;
+
+        return analyticsService.track(eventType, data)
+          .then(() => {
+            expect(Amplitude.prototype.track).to.be.calledWithMatch({
+              user_properties: {
+                Class: 'wizard',
+                Experience: 5,
+                Gold: 23,
+                Health: 10,
+                Level: 4,
+                Mana: 30,
+                tutorialComplete: true,
+                'Number Of Tasks': {
+                  habits: 1,
+                  dailys: 1,
+                  todos: 1,
+                  rewards: 1,
+                },
+                contributorLevel: 1,
+                subscription: 'foo-plan',
+                balance: 12,
+                balanceGemAmount: 48,
+                loginIncentives: 1,
+              },
+            });
+          });
+      });
+    });
+
+    context('GA', () => {
+      it('calls out to GA', () => analyticsService.track(eventType, data)
+        .then(() => {
+          expect(Visitor.prototype.event).to.be.calledOnce;
+        }));
+
+      it('sends details about event', () => analyticsService.track(eventType, data)
+        .then(() => {
+          expect(Visitor.prototype.event).to.be.calledWith({
+            ea: 'Cron',
+            ec: 'behavior',
+          });
+        }));
+    });
+  });
+
+  describe('#trackPurchase', () => {
+    let data; let
+      itemSpy;
+
+    beforeEach(() => {
+      Visitor.prototype.event.yields();
+
+      itemSpy = sandbox.stub().returnsThis();
+
+      Visitor.prototype.transaction.returns({
+        item: itemSpy,
+        send: sandbox.stub().yields(),
+      });
+
+      data = {
+        uuid: 'user-id',
+        sku: 'paypal-checkout',
+        paymentMethod: 'PayPal',
+        itemPurchased: 'Gems',
+        purchaseValue: 8,
+        purchaseType: 'checkout',
+        gift: false,
+        quantity: 1,
+        headers: {
+          'x-client': 'habitica-web',
+          'user-agent': '',
+        },
+      };
+    });
+
+    context('Amplitude', () => {
+      it('calls out to amplitude', () => analyticsService.trackPurchase(data)
+        .then(() => {
+          expect(Amplitude.prototype.track).to.be.calledOnce;
+        }));
+
+      it('uses a dummy user id if none is provided', () => {
+        delete data.uuid;
+
+        return analyticsService.trackPurchase(data)
+          .then(() => {
+            expect(Amplitude.prototype.track).to.be.calledWithMatch({
+              user_id: 'no-user-id-was-provided',
+            });
+          });
+      });
+
+      context('platform', () => {
+        it('logs web platform', () => {
+          data.headers = { 'x-client': 'habitica-web' };
+
+          return analyticsService.trackPurchase(data)
+            .then(() => {
+              expect(Amplitude.prototype.track).to.be.calledWithMatch({
+                platform: 'Web',
+              });
+            });
+        });
+
+        it('logs iOS platform', () => {
+          data.headers = { 'x-client': 'habitica-ios' };
+
+          return analyticsService.trackPurchase(data)
+            .then(() => {
+              expect(Amplitude.prototype.track).to.be.calledWithMatch({
+                platform: 'iOS',
+              });
+            });
+        });
+
+        it('logs Android platform', () => {
+          data.headers = { 'x-client': 'habitica-android' };
+
+          return analyticsService.trackPurchase(data)
+            .then(() => {
+              expect(Amplitude.prototype.track).to.be.calledWithMatch({
+                platform: 'Android',
+              });
+            });
+        });
+
+        it('logs 3rd Party platform', () => {
+          data.headers = { 'x-client': 'some-third-party' };
+
+          return analyticsService.trackPurchase(data)
+            .then(() => {
+              expect(Amplitude.prototype.track).to.be.calledWithMatch({
+                platform: '3rd Party',
+              });
+            });
+        });
+
+        it('logs unknown if headers are not passed in', () => {
+          delete data.headers;
+
+          return analyticsService.trackPurchase(data)
+            .then(() => {
+              expect(Amplitude.prototype.track).to.be.calledWithMatch({
+                platform: 'Unknown',
+              });
+            });
+        });
+      });
+
+      context('Operating System', () => {
+        it('sets default', () => {
+          data.headers = {
+            'x-client': 'third-party',
+            'user-agent': 'foo',
+          };
+
+          return analyticsService.trackPurchase(data)
+            .then(() => {
+              expect(Amplitude.prototype.track).to.be.calledWithMatch({
+                os_name: 'Other',
+                os_version: '0',
+              });
+            });
+        });
+
+        it('sets iOS', () => {
+          data.headers = {
+            'x-client': 'habitica-ios',
+            'user-agent': 'Habitica/148 (iPhone; iOS 9.3; Scale/2.00)',
+          };
+
+          return analyticsService.trackPurchase(data)
+            .then(() => {
+              expect(Amplitude.prototype.track).to.be.calledWithMatch({
+                os_name: 'iOS',
+                os_version: '9.3.0',
+              });
+            });
+        });
+
+        it('sets Android', () => {
+          data.headers = {
+            'x-client': 'habitica-android',
+            'user-agent': 'Mozilla/5.0 (Linux; Android 4.0.4; Galaxy Nexus Build/IMM76B) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.133 Mobile Safari/535.19',
+          };
+
+          return analyticsService.trackPurchase(data)
+            .then(() => {
+              expect(Amplitude.prototype.track).to.be.calledWithMatch({
+                os_name: 'Android',
+                os_version: '4.0.4',
+              });
+            });
+        });
+
+        it('sets Unknown if headers are not passed in', () => {
+          delete data.headers;
+
+          return analyticsService.trackPurchase(data)
+            .then(() => {
+              expect(Amplitude.prototype.track).to.be.calledWithMatch({
+                os_name: undefined,
+                os_version: undefined,
+              });
+            });
+        });
+      });
+
+      it('sends details about purchase', () => analyticsService.trackPurchase(data)
+        .then(() => {
+          expect(Amplitude.prototype.track).to.be.calledWithMatch({
+            event_properties: {
+              gift: false,
+              itemPurchased: 'Gems',
+              paymentMethod: 'PayPal',
+              purchaseType: 'checkout',
+              quantity: 1,
+              sku: 'paypal-checkout',
+            },
+          });
+        }));
+
+      it('sends user data if provided', () => {
+        const stats = {
+          class: 'wizard', exp: 5, gp: 23, hp: 10, lvl: 4, mp: 30,
+        };
+        const user = {
+          stats,
+          contributor: { level: 1 },
+          purchased: { plan: { planId: 'foo-plan' } },
+          flags: { tour: { intro: -2 } },
+          habits: [{ _id: 'habit' }],
+          dailys: [{ _id: 'daily' }],
+          todos: [{ _id: 'todo' }],
+          rewards: [{ _id: 'reward' }],
+        };
+
+        data.user = user;
+
+        return analyticsService.trackPurchase(data)
+          .then(() => {
+            expect(Amplitude.prototype.track).to.be.calledWithMatch({
+              user_properties: {
+                Class: 'wizard',
+                Experience: 5,
+                Gold: 23,
+                Health: 10,
+                Level: 4,
+                Mana: 30,
+                tutorialComplete: true,
+                'Number Of Tasks': {
+                  habits: 1,
+                  dailys: 1,
+                  todos: 1,
+                  rewards: 1,
+                },
+                contributorLevel: 1,
+                subscription: 'foo-plan',
+              },
+            });
+          });
+      });
+    });
+
+    context('GA', () => {
+      it('calls out to GA', () => analyticsService.trackPurchase(data)
+        .then(() => {
+          expect(Visitor.prototype.event).to.be.calledOnce;
+          expect(Visitor.prototype.transaction).to.be.calledOnce;
+        }));
+
+      it('sends details about purchase', () => analyticsService.trackPurchase(data)
+        .then(() => {
+          expect(Visitor.prototype.event).to.be.calledWith({
+            ea: 'checkout',
+            ec: 'commerce',
+            el: 'PayPal',
+            ev: 8,
+          });
+          expect(Visitor.prototype.transaction).to.be.calledWith('user-id', 8);
+          expect(itemSpy).to.be.calledWith(8, 1, 'paypal-checkout', 'Gems', 'checkout');
+        }));
+    });
+  });
+
+  describe('mockAnalyticsService', () => {
+    it('has stubbed track method', () => {
+      expect(analyticsService.mockAnalyticsService).to.respondTo('track');
+    });
+
+    it('has stubbed trackPurchase method', () => {
+      expect(analyticsService.mockAnalyticsService).to.respondTo('trackPurchase');
+    });
+  });
+});
@@ -34,7 +34,6 @@ describe('bug-report', () => {
      emailData: {
        BROWSER_UA: userAgent,
        REPORT_MSG: userMessage,
-        USER_ANALYTICS: undefined,
        USER_CLASS: 'warrior',
        USER_CONSECUTIVE_MONTHS: 0,
        USER_COSTUME: 'false',
@@ -45,6 +44,7 @@ describe('bug-report', () => {
        USER_HOURGLASSES: 0,
        USER_ID: userId,
        USER_LEVEL: 1,
+        USER_OFFSET_MONTHS: 0,
        USER_PAYMENT_PLATFORM: undefined,
        USER_SUBSCRIPTION: undefined,
        USER_TIMEZONE_OFFSET: 0,
@@ -150,7 +150,7 @@ describe('emails', () => {

      sendTxn(mailingInfo, emailType);
      expect(got.post).to.be.called;
-      expect(got.post).to.be.calledWith('http://example.com/job', sinon.match({
+      expect(got.post).to.be.calledWith('undefined/job', sinon.match({
        json: {
          data: {
            emailType: sinon.match.same(emailType),
@@ -171,23 +171,23 @@ describe('emails', () => {
      expect(got.post).not.to.be.called;
    });

-    it('throws error when mail target is only a string', async () => {
+    it('throws error when mail target is only a string', () => {
      const emailType = 'an email type';
      const mailingInfo = 'my email';

-      await expect(sendTxn(mailingInfo, emailType)).to.be.rejectedWith('Argument Error mailingInfoArray: does not contain email or _id');
+      expect(sendTxn(mailingInfo, emailType)).to.throw;
    });

-    it('throws error when mail target has no _id or email', async () => {
+    it('throws error when mail target has no _id or email', () => {
      const emailType = 'an email type';
      const mailingInfo = {

      };

-      await expect(sendTxn(mailingInfo, emailType)).to.be.rejectedWith('Argument Error mailingInfoArray: does not contain email or _id');
+      expect(sendTxn(mailingInfo, emailType)).to.throw;
    });

-    it('throws error when variables not an array', async () => {
+    it('throws error when variables not an array', () => {
      const emailType = 'an email type';
      const mailingInfo = {
        name: 'my name',
@@ -195,10 +195,9 @@ describe('emails', () => {
      };
      const variables = {};

-      await expect(sendTxn(mailingInfo, emailType, variables)).to.be.rejectedWith('Argument Error variables: is not an array');
+      expect(sendTxn(mailingInfo, emailType, variables)).to.throw;
    });
-
-    it('throws error when variables array not contain name/content', async () => {
+    it('throws error when variables array not contain name/content', () => {
      const emailType = 'an email type';
      const mailingInfo = {
        name: 'my name',
@@ -210,9 +209,8 @@ describe('emails', () => {
        },
      ];

-      await expect(sendTxn(mailingInfo, emailType, variables)).to.be.rejectedWith('Argument Error variables: does not contain name or content');
+      expect(sendTxn(mailingInfo, emailType, variables)).to.throw;
    });
-
    it('throws no error when variables array contain name but no content', () => {
      const emailType = 'an email type';
      const mailingInfo = {
@@ -234,7 +232,7 @@ describe('emails', () => {

      sendTxn(mailingInfo, emailType);
      expect(got.post).to.be.called;
-      expect(got.post).to.be.calledWith('http://example.com/job', sinon.match({
+      expect(got.post).to.be.calledWith('undefined/job', sinon.match({
        json: {
          data: {
            emailType: sinon.match.same(emailType),
@@ -254,7 +252,7 @@ describe('emails', () => {

      sendTxn(mailingInfo, emailType, variables);
      expect(got.post).to.be.called;
-      expect(got.post).to.be.calledWith('http://example.com/job', sinon.match({
+      expect(got.post).to.be.calledWith('undefined/job', sinon.match({
        json: {
          data: {
            variables: sinon.match(value => value[0].name === 'BASE_URL', 'matches variables'),
@@ -47,12 +47,6 @@ describe('highlightMentions', () => {
    expect(result[0]).to.equal('[@user-dash](/profile/444): message [@user_underscore](/profile/555)');
  });

-  it('highlights users with case-insensitive matching', async () => {
-    const text = '@USER: message @User2 @USER3';
-    const result = await highlightMentions(text);
-    expect(result[0]).to.equal('[@USER](/profile/111): message [@User2](/profile/222) [@USER3](/profile/333)');
-  });
-
  it('doesn\'t highlight nonexisting users', async () => {
    const text = '@nouser message';
    const result = await highlightMentions(text);
@@ -1,100 +0,0 @@
-import nconf from 'nconf';
-import requireAgain from 'require-again';
-import { model as User } from '../../../../website/server/models/user';
-import { RegistrationEventModel } from '../../../../website/server/models/analytics/registrationEvent';
-import { SubscriptionEventModel } from '../../../../website/server/models/analytics/subscriptionEvent';
-
-describe('localAnalytics', () => {
-  let user;
-  let localAnalytics;
-  before(() => {
-    const nconfGetStub = sandbox.stub(nconf, 'get');
-    nconfGetStub.withArgs('ANALYTICS_DB').returns('analytics');
-    nconfGetStub.withArgs('DISABLE_LOCAL_ANALYTICS').returns(false);
-    localAnalytics = requireAgain('../../../../website/server/libs/localAnalytics');
-  });
-
-  beforeEach(async () => {
-    user = new User({
-      auth: {
-        local: {
-          username: 'username',
-          email: 'email@example.com',
-        },
-      },
-      registeredThrough: 'habitica-web',
-    });
-  });
-
-  describe('trackRegistrationEvent', () => {
-    afterEach(async () => {
-      await RegistrationEventModel.deleteMany({});
-    });
-
-    it('creates a registration event when a user registers', async () => {
-      user._id = '00000000-0000-0000-0000-000000000001';
-      await localAnalytics.trackRegistrationEvent({ user, ipAddress: '127.0.0.1' });
-
-      const registrationEvents = await RegistrationEventModel.find({ userId: user._id });
-      expect(registrationEvents).to.have.lengthOf(1);
-      expect(registrationEvents[0]).to.have.property('userId', user._id);
-      expect(registrationEvents[0]).to.have.property('ipAddress', '127.0.0.1');
-    });
-
-    it('saves the correct data to the database', async () => {
-      user._id = '00000000-0000-0000-0000-000000000002';
-      user.auth.google = { id: 'abc', emails: [{ value: 'email@example.com' }] };
-      await localAnalytics.trackRegistrationEvent({ user, ipAddress: '127.0.0.2' });
-
-      const registrationEvent = await RegistrationEventModel.findOne({ userId: user._id });
-      expect(registrationEvent).to.have.property('userId', user._id);
-      expect(registrationEvent).to.have.property('ipAddress', '127.0.0.2');
-      expect(registrationEvent).to.have.property('authenticationMethod', 'google');
-    });
-  });
-
-  describe('trackSubscriptionEvent', () => {
-    afterEach(async () => {
-      await SubscriptionEventModel.deleteMany({});
-    });
-
-    it('creates a subscription event when a user subscribes', async () => {
-      user._id = '00000000-0000-0000-0000-000000000003';
-      await localAnalytics.trackSubscriptionEvent({
-        eventType: 'subscribed',
-        user,
-        paymentMethod: 'stripe',
-        customerId: 'cus_123',
-        planId: 'plan_123',
-      });
-
-      const subscriptionEvents = await SubscriptionEventModel.find({ userId: user._id });
-      expect(subscriptionEvents).to.have.lengthOf(1);
-      expect(subscriptionEvents[0]).to.have.property('userId', user._id);
-      expect(subscriptionEvents[0]).to.have.property('eventType', 'subscribed');
-      expect(subscriptionEvents[0]).to.have.property('paymentMethod', 'stripe');
-      expect(subscriptionEvents[0]).to.have.property('customerId', 'cus_123');
-      expect(subscriptionEvents[0]).to.have.property('planId', 'plan_123');
-    });
-
-    it('creates a subscription event with cancellation reason when a user cancels', async () => {
-      user._id = '00000000-0000-0000-0000-000000000004';
-      await localAnalytics.trackSubscriptionEvent({
-        eventType: 'cancelled',
-        user,
-        paymentMethod: 'stripe',
-        customerId: 'cus_456',
-        planId: 'plan_456',
-        cancellationReason: 'No longer needed',
-      });
-
-      const subscriptionEvent = await SubscriptionEventModel.findOne({ userId: user._id });
-      expect(subscriptionEvent).to.have.property('userId', user._id);
-      expect(subscriptionEvent).to.have.property('eventType', 'cancelled');
-      expect(subscriptionEvent).to.have.property('paymentMethod', 'stripe');
-      expect(subscriptionEvent).to.have.property('customerId', 'cus_456');
-      expect(subscriptionEvent).to.have.property('planId', 'plan_456');
-      expect(subscriptionEvent).to.have.property('cancellationReason', 'No longer needed');
-    });
-  });
-});
@@ -1,4 +1,5 @@
 import os from 'os';
+import nconf from 'nconf';
 import requireAgain from 'require-again';

 const pathToMongoLib = '../../../../website/server/libs/mongodb';
@@ -28,4 +29,22 @@ describe('mongodb', () => {
      expect(string).to.equal('mongodb://hostname:3030');
    });
  });
+
+  describe('getDefaultConnectionOptions', () => {
+    it('returns development config when IS_PROD is false', () => {
+      sandbox.stub(nconf, 'get').withArgs('IS_PROD').returns(false);
+      const mongoLibOverride = requireAgain(pathToMongoLib);
+
+      const options = mongoLibOverride.getDefaultConnectionOptions();
+      expect(options).to.have.all.keys(['useNewUrlParser', 'useUnifiedTopology']);
+    });
+
+    it('returns production config when IS_PROD is true', () => {
+      sandbox.stub(nconf, 'get').withArgs('IS_PROD').returns(true);
+      const mongoLibOverride = requireAgain(pathToMongoLib);
+
+      const options = mongoLibOverride.getDefaultConnectionOptions();
+      expect(options).to.have.all.keys(['useNewUrlParser', 'useUnifiedTopology']);
+    });
+  });
 });
@@ -66,15 +66,13 @@ describe('Amazon Payments - Cancel Subscription', () => {
    group = generateGroup({
      name: 'test group',
      type: 'guild',
-      privacy: 'private',
+      privacy: 'public',
      leader: user._id,
    });
    group.purchased.plan.customerId = 'customer-id';
    group.purchased.plan.planId = subKey;
    group.purchased.plan.lastBillingDate = new Date();
    await group.save();
-    user.guilds.push(group._id);
-    await user.save();

    subscriptionBlock = common.content.subscriptionBlocks[subKey];
    subscriptionLength = subscriptionBlock.months * 30;
@@ -30,14 +30,12 @@ describe('Amazon Payments - Subscribe', () => {
    group = generateGroup({
      name: 'test group',
      type: 'guild',
-      privacy: 'private',
+      privacy: 'public',
      leader: user._id,
    });
    group.purchased.plan.customerId = 'customer-id';
    group.purchased.plan.planId = subKey;
    await group.save();
-    user.guilds.push(group._id);
-    await user.save();

    amount = common.content.subscriptionBlocks[subKey].price;
    billingAgreementId = 'billingAgreementId';
@@ -248,6 +246,11 @@ describe('Amazon Payments - Subscribe', () => {
    user.guilds.push(groupId);
    await user.save();

+    // Add existing users
+    user = new User();
+    user.guilds.push(groupId);
+    await user.save();
+
    // Set expected amount
    sub.key = 'group_monthly';
    sub.price = 9;
@@ -12,33 +12,11 @@ const { i18n } = common;
 describe('Apple Payments', () => {
  const subKey = 'basic_3mo';

-  let iapSetupStub;
-  let iapValidateStub;
-  let iapIsValidatedStub;
-  let iapIsCanceledStub;
-  let iapIsExpiredStub;
-  let paymentBuySkuStub;
-  let iapGetPurchaseDataStub;
-  let validateGiftMessageStub;
-  let paymentsCreateSubscritionStub;
-
-  beforeEach(() => {
-    iapSetupStub = sinon.stub(iap, 'setup').resolves();
-    iapValidateStub = sinon.stub(iap, 'validate').resolves({});
-  });
-
-  afterEach(() => {
-    iap.setup.restore();
-    iap.validate.restore();
-    iap.isValidated.restore();
-    iap.isExpired.restore();
-    iap.isCanceled.restore();
-    iap.getPurchaseData.restore();
-  });
-
  describe('verifyPurchase', () => {
    let sku; let user; let token; let receipt; let
      headers;
+    let iapSetupStub; let iapValidateStub; let iapIsValidatedStub; let paymentBuySkuStub; let
+      iapGetPurchaseDataStub; let validateGiftMessageStub;

    beforeEach(() => {
      token = 'testToken';
@@ -47,9 +25,13 @@ describe('Apple Payments', () => {
      receipt = `{"token": "${token}", "productId": "${sku}"}`;
      headers = {};

+      iapSetupStub = sinon.stub(iap, 'setup')
+        .resolves();
+      iapValidateStub = sinon.stub(iap, 'validate')
+        .resolves({});
      iapIsValidatedStub = sinon.stub(iap, 'isValidated').returns(true);
-      iapIsCanceledStub = sinon.stub(iap, 'isCanceled').returns(false);
-      iapIsExpiredStub = sinon.stub(iap, 'isExpired').returns(false);
+      sinon.stub(iap, 'isExpired').returns(false);
+      sinon.stub(iap, 'isCanceled').returns(false);
      iapGetPurchaseDataStub = sinon.stub(iap, 'getPurchaseData')
        .returns([{
          productId: 'com.habitrpg.ios.Habitica.21gems',
@@ -60,6 +42,12 @@ describe('Apple Payments', () => {
    });

    afterEach(() => {
+      iap.setup.restore();
+      iap.validate.restore();
+      iap.isValidated.restore();
+      iap.isExpired.restore();
+      iap.isCanceled.restore();
+      iap.getPurchaseData.restore();
      payments.buySkuItem.restore();
      gems.validateGiftMessage.restore();
    });
@@ -221,6 +209,9 @@ describe('Apple Payments', () => {
  describe('subscribe', () => {
    let sub; let sku; let user; let token; let receipt; let headers; let
      nextPaymentProcessing;
+    let iapSetupStub; let iapValidateStub; let iapIsValidatedStub;
+    let paymentsCreateSubscritionStub; let
+      iapGetPurchaseDataStub;

    beforeEach(() => {
      sub = common.content.subscriptionBlocks[subKey];
@@ -232,10 +223,12 @@ describe('Apple Payments', () => {
      nextPaymentProcessing = moment.utc().add({ days: 2 });
      user = new User();

+      iapSetupStub = sinon.stub(iap, 'setup')
+        .resolves();
+      iapValidateStub = sinon.stub(iap, 'validate')
+        .resolves({});
      iapIsValidatedStub = sinon.stub(iap, 'isValidated')
        .returns(true);
-      iapIsCanceledStub = sinon.stub(iap, 'isCanceled').returns(false);
-      iapIsExpiredStub = sinon.stub(iap, 'isExpired').returns(false);
      iapGetPurchaseDataStub = sinon.stub(iap, 'getPurchaseData')
        .returns([{
          expirationDate: moment.utc().subtract({ day: 1 }).toDate(),
@@ -257,6 +250,10 @@ describe('Apple Payments', () => {
    });

    afterEach(() => {
+      iap.setup.restore();
+      iap.validate.restore();
+      iap.isValidated.restore();
+      iap.getPurchaseData.restore();
      if (payments.createSubscription.restore) payments.createSubscription.restore();
    });

@@ -273,29 +270,6 @@ describe('Apple Payments', () => {
        });
    });

-    it('should throw an error if no active subscription is found', async () => {
-      iap.isCanceled.restore();
-      iapIsCanceledStub = sinon.stub(iap, 'isCanceled')
-        .returns(true);
-
-      iap.getPurchaseData.restore();
-      iapGetPurchaseDataStub = sinon.stub(iap, 'getPurchaseData')
-        .returns([{
-          expirationDate: moment.utc().add({ day: -2 }).toDate(),
-          purchaseDate: new Date(),
-          productId: 'subscription1month',
-          transactionId: token,
-          originalTransactionId: token,
-        }]);
-
-      await expect(applePayments.subscribe(user, receipt, headers, nextPaymentProcessing))
-        .to.eventually.be.rejected.and.to.eql({
-          httpCode: 401,
-          name: 'NotAuthorized',
-          message: applePayments.constants.RESPONSE_NO_ITEM_PURCHASED,
-        });
-    });
-
    const subOptions = [
      {
        sku: 'subscription1month',
@@ -600,7 +574,8 @@ describe('Apple Payments', () => {
  describe('cancelSubscribe ', () => {
    let user; let token; let receipt; let headers; let customerId; let
      expirationDate;
-    let paymentCancelSubscriptionSpy;
+    let iapSetupStub; let iapValidateStub; let iapIsValidatedStub; let iapGetPurchaseDataStub; let
+      paymentCancelSubscriptionSpy;

    beforeEach(async () => {
      token = 'test-token';
@@ -609,7 +584,8 @@ describe('Apple Payments', () => {
      customerId = 'test-customerId';
      expirationDate = moment.utc();

-      iapValidateStub.restore();
+      iapSetupStub = sinon.stub(iap, 'setup')
+        .resolves();
      iapValidateStub = sinon.stub(iap, 'validate')
        .resolves({
          expirationDate,
@@ -617,8 +593,8 @@ describe('Apple Payments', () => {
      iapGetPurchaseDataStub = sinon.stub(iap, 'getPurchaseData')
        .returns([{ expirationDate: expirationDate.toDate() }]);
      iapIsValidatedStub = sinon.stub(iap, 'isValidated').returns(true);
-      iapIsCanceledStub = sinon.stub(iap, 'isCanceled').returns(false);
-      iapIsExpiredStub = sinon.stub(iap, 'isExpired').returns(true);
+      sinon.stub(iap, 'isCanceled').returns(false);
+      sinon.stub(iap, 'isExpired').returns(true);
      user = new User();
      user.profile.name = 'sender';
      user.purchased.plan.paymentMethod = applePayments.constants.PAYMENT_METHOD_APPLE;
@@ -630,7 +606,13 @@ describe('Apple Payments', () => {
    });

    afterEach(() => {
-      paymentCancelSubscriptionSpy.restore();
+      iap.setup.restore();
+      iap.validate.restore();
+      iap.isValidated.restore();
+      iap.isExpired.restore();
+      iap.isCanceled.restore();
+      iap.getPurchaseData.restore();
+      payments.cancelSubscription.restore();
    });

    it('should throw an error if we are missing a subscription', async () => {
@@ -713,8 +695,6 @@ describe('Apple Payments', () => {
      expect(iapIsValidatedStub).to.be.calledWith({
        expirationDate,
      });
-      expect(iapIsCanceledStub).to.be.calledOnce;
-      expect(iapIsExpiredStub).to.be.calledOnce;
      expect(iapGetPurchaseDataStub).to.be.calledOnce;

      expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
@@ -11,36 +11,12 @@ const { i18n } = common;

 describe('Google Payments', () => {
  const subKey = 'basic_3mo';
-  let iapSetupStub;
-  let iapValidateStub;
-  let iapIsValidatedStub;
-  let paymentBuySkuStub;
-  let validateGiftMessageStub;
-
-  beforeEach(() => {
-    iapSetupStub = sinon.stub(iap, 'setup')
-      .resolves();
-    iapIsValidatedStub = sinon.stub(iap, 'isValidated')
-      .returns(true);
-    sinon.stub(iap, 'isCanceled').returns(false);
-    sinon.stub(iap, 'isExpired').returns(false);
-    paymentBuySkuStub = sinon.stub(payments, 'buySkuItem').resolves({});
-    validateGiftMessageStub = sinon.stub(gems, 'validateGiftMessage');
-  });
-
-  afterEach(() => {
-    iap.setup.restore();
-    iap.validate.restore();
-    iap.isValidated.restore();
-    iap.isCanceled.restore();
-    iap.isExpired.restore();
-    payments.buySkuItem.restore();
-    gems.validateGiftMessage.restore();
-  });

  describe('verifyPurchase', () => {
    let sku; let user; let token; let receipt; let signature; let
      headers;
+    let iapSetupStub; let iapValidateStub; let iapIsValidatedStub; let
+      paymentBuySkuStub; let validateGiftMessageStub;

    beforeEach(() => {
      sku = 'com.habitrpg.android.habitica.iap.21gems';
@@ -49,7 +25,21 @@ describe('Google Payments', () => {
      signature = '';
      headers = {};

+      iapSetupStub = sinon.stub(iap, 'setup')
+        .resolves();
      iapValidateStub = sinon.stub(iap, 'validate').resolves({ productId: sku });
+      iapIsValidatedStub = sinon.stub(iap, 'isValidated')
+        .returns(true);
+      paymentBuySkuStub = sinon.stub(payments, 'buySkuItem').resolves({});
+      validateGiftMessageStub = sinon.stub(gems, 'validateGiftMessage');
+    });
+
+    afterEach(() => {
+      iap.setup.restore();
+      iap.validate.restore();
+      iap.isValidated.restore();
+      payments.buySkuItem.restore();
+      gems.validateGiftMessage.restore();
    });

    it('should throw an error if receipt is invalid', async () => {
@@ -170,7 +160,8 @@ describe('Google Payments', () => {
  describe('subscribe', () => {
    let sub; let sku; let user; let token; let receipt; let signature; let headers; let
      nextPaymentProcessing;
-    let paymentsCreateSubscritionStub;
+    let iapSetupStub; let iapValidateStub; let iapIsValidatedStub; let
+      paymentsCreateSubscritionStub;

    beforeEach(() => {
      sub = common.content.subscriptionBlocks[subKey];
@@ -182,12 +173,19 @@ describe('Google Payments', () => {
      signature = '';
      nextPaymentProcessing = moment.utc().add({ days: 2 });

+      iapSetupStub = sinon.stub(iap, 'setup')
+        .resolves();
      iapValidateStub = sinon.stub(iap, 'validate')
        .resolves({});
+      iapIsValidatedStub = sinon.stub(iap, 'isValidated')
+        .returns(true);
      paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').resolves({});
    });

    afterEach(() => {
+      iap.setup.restore();
+      iap.validate.restore();
+      iap.isValidated.restore();
      payments.createSubscription.restore();
    });

@@ -245,7 +243,7 @@ describe('Google Payments', () => {
  describe('cancelSubscribe ', () => {
    let user; let token; let receipt; let signature; let headers; let customerId; let
      expirationDate;
-    let iapGetPurchaseDataStub; let
+    let iapSetupStub; let iapValidateStub; let iapIsValidatedStub; let iapGetPurchaseDataStub; let
      paymentCancelSubscriptionSpy;

    beforeEach(async () => {
@@ -255,12 +253,17 @@ describe('Google Payments', () => {
      signature = '';
      customerId = 'test-customerId';
      expirationDate = moment.utc();
+
+      iapSetupStub = sinon.stub(iap, 'setup')
+        .resolves();
      iapValidateStub = sinon.stub(iap, 'validate')
        .resolves({
          expirationDate,
        });
      iapGetPurchaseDataStub = sinon.stub(iap, 'getPurchaseData')
        .returns([{ expirationDate: expirationDate.toDate(), autoRenewing: false }]);
+      iapIsValidatedStub = sinon.stub(iap, 'isValidated')
+        .returns(true);

      user = new User();
      user.profile.name = 'sender';
@@ -273,6 +276,9 @@ describe('Google Payments', () => {
    });

    afterEach(() => {
+      iap.setup.restore();
+      iap.validate.restore();
+      iap.isValidated.restore();
      iap.getPurchaseData.restore();
      payments.cancelSubscription.restore();
    });
@@ -302,8 +308,6 @@ describe('Google Payments', () => {
    });

    it('should cancel a user subscription', async () => {
-      iap.isCanceled.restore();
-      iap.isCanceled = sinon.stub(iap, 'isCanceled').returns(true);
      await googlePayments.cancelSubscribe(user, headers);

      expect(iapSetupStub).to.be.calledOnce;
@@ -328,20 +332,11 @@ describe('Google Payments', () => {
    });

    it('should cancel a user subscription with multiple inactive subscriptions', async () => {
-      iap.isCanceled.restore();
-      iap.isCanceled = sinon.stub(iap, 'isCanceled').returns(true);
      const laterDate = moment.utc().add(7, 'days');
      iap.getPurchaseData.restore();
      iapGetPurchaseDataStub = sinon.stub(iap, 'getPurchaseData')
-        .returns([{
-          startTimeMillis: expirationDate.valueOf(),
-          expirationDate,
-          autoRenewing: false,
-        }, {
-          startTimeMillis: laterDate.valueOf(),
-          expirationDate: laterDate,
-          autoRenewing: false,
-        },
+        .returns([{ expirationDate, autoRenewing: false },
+          { expirationDate: laterDate, autoRenewing: false },
        ]);
      await googlePayments.cancelSubscribe(user, headers);

@@ -370,12 +365,7 @@ describe('Google Payments', () => {
      iap.getPurchaseData.restore();
      iapGetPurchaseDataStub = sinon.stub(iap, 'getPurchaseData')
        .returns([{ autoRenewing: true }]);
-      await expect(googlePayments.cancelSubscribe(user, headers))
-        .to.eventually.be.rejected.and.to.eql({
-          httpCode: 401,
-          name: 'NotAuthorized',
-          message: googlePayments.constants.RESPONSE_STILL_VALID,
-        });
+      await googlePayments.cancelSubscribe(user, headers);

      expect(iapSetupStub).to.be.calledOnce;
      expect(iapValidateStub).to.be.calledOnce;
@@ -398,12 +388,8 @@ describe('Google Payments', () => {
        .returns([{ expirationDate, autoRenewing: false },
          { autoRenewing: true },
          { expirationDate, autoRenewing: false }]);
-      await expect(googlePayments.cancelSubscribe(user, headers))
-        .to.eventually.be.rejected.and.to.eql({
-          httpCode: 401,
-          name: 'NotAuthorized',
-          message: googlePayments.constants.RESPONSE_STILL_VALID,
-        });
+      await googlePayments.cancelSubscribe(user, headers);
+
      expect(iapSetupStub).to.be.calledOnce;
      expect(iapValidateStub).to.be.calledOnce;
      expect(iapValidateStub).to.be.calledWith(iap.GOOGLE, {
@@ -128,12 +128,11 @@ describe('Purchasing a group plan for group', () => {
    expect(publicGroup.purchased.plan.planId).to.not.exist;
    data.groupId = publicGroup._id;

-    // Public Guilds are no longer even findable
    await expect(api.createSubscription(data))
      .to.eventually.be.rejected.and.to.eql({
-        httpCode: 404,
-        name: 'NotFound',
-        message: i18n.t('groupNotFound'),
+        httpCode: 401,
+        name: 'NotAuthorized',
+        message: i18n.t('onlyPrivateGuildsCanUpgrade'),
      });

    const updatedGroup = await Group.findById(publicGroup._id).exec();
@@ -716,7 +715,7 @@ describe('Purchasing a group plan for group', () => {
    const mysteryItem = { title: 'item' };
    const mysteryItems = [mysteryItem];
    const consecutive = {
-      trinkets: 4,
+      trinkets: 3,
      gemCapExtra: 20,
      offset: 1,
      count: 13,
@@ -30,15 +30,13 @@ describe('paypal - subscribeCancel', () => {
    group = generateGroup({
      name: 'test group',
      type: 'guild',
-      privacy: 'private',
+      privacy: 'public',
      leader: user._id,
    });
    group.purchased.plan.customerId = groupCustomerId;
    group.purchased.plan.planId = subKey;
    group.purchased.plan.lastBillingDate = new Date();
    await group.save();
-    user.guilds.push(group._id);
-    await user.save();

    nextBillingDate = new Date();

@@ -51,7 +51,6 @@ describe('Stripe - Checkout', () => {
        gift: undefined,
        sub: undefined,
        gemsBlock: gemsBlockKey,
-        server_url: BASE_URL,
      };

      expect(gems.validateGiftMessage).to.not.be.called;
@@ -102,7 +101,6 @@ describe('Stripe - Checkout', () => {
        gift: JSON.stringify(gift),
        sub: undefined,
        gemsBlock: undefined,
-        server_url: BASE_URL,
      };

      expect(gems.validateGiftMessage).to.be.calledOnce;
@@ -157,7 +155,6 @@ describe('Stripe - Checkout', () => {
        gift: JSON.stringify(gift),
        sub: undefined,
        gemsBlock: undefined,
-        server_url: BASE_URL,
      };

      expect(oneTimePayments.getOneTimePaymentInfo).to.be.calledOnce;
@@ -195,7 +192,6 @@ describe('Stripe - Checkout', () => {
        userId: user._id,
        gift: undefined,
        sub: JSON.stringify(sub),
-        server_url: BASE_URL,
      };

      expect(subscriptions.checkSubData).to.be.calledOnce;
@@ -236,7 +232,7 @@ describe('Stripe - Checkout', () => {
      const group = generateGroup({
        name: 'test group',
        type: 'guild',
-        privacy: 'private',
+        privacy: 'public',
        leader: user._id,
      });
      const groupId = group._id;
@@ -262,7 +258,6 @@ describe('Stripe - Checkout', () => {
        userId: user._id,
        gift: undefined,
        sub: JSON.stringify(sub),
-        server_url: BASE_URL,
        groupId,
      };

@@ -333,9 +328,8 @@ describe('Stripe - Checkout', () => {
      user.purchased.plan.customerId = customerId;

      const metadata = {
-        type: 'edit-card-user',
        userId: user._id,
-        server_url: BASE_URL,
+        type: 'edit-card-user',
      };

      const res = await createEditCardCheckoutSession({ user }, stripe);
@@ -376,13 +370,11 @@ describe('Stripe - Checkout', () => {
        group = generateGroup({
          name: 'test group',
          type: 'guild',
-          privacy: 'private',
+          privacy: 'public',
          leader: user._id,
        });
        groupId = group._id;
        await group.save();
-        user.guilds.push(group._id);
-        await user.save();
      });

      it('throws if user is not allowed to change group plan', async () => {
@@ -426,7 +418,6 @@ describe('Stripe - Checkout', () => {
        const metadata = {
          userId: user._id,
          type: 'edit-card-group',
-          server_url: BASE_URL,
          groupId,
        };

@@ -464,7 +455,6 @@ describe('Stripe - Checkout', () => {
          userId: anotherUser._id,
          type: 'edit-card-group',
          groupId,
-          server_url: BASE_URL,
        };

        const res = await createEditCardCheckoutSession({ user: anotherUser, groupId }, stripe);
@@ -308,7 +308,6 @@ describe('Stripe - One Time Payments', () => {
          customerId,
          paymentMethod: 'Gift',
          gift,
-          autoRenews: false,
          gemsBlock: undefined,
        });
      });
@@ -136,7 +136,7 @@ describe('Stripe - Subscriptions', () => {
      group = generateGroup({
        name: 'test group',
        type: 'guild',
-        privacy: 'private',
+        privacy: 'public',
        leader: user._id,
      });
      groupId = group._id;
@@ -173,7 +173,6 @@ describe('Stripe - Subscriptions', () => {
        paymentMethod: 'Stripe',
        sub: sinon.match({ ...sub }),
        groupId: null,
-        autoRenews: true,
      });
    });

@@ -198,7 +197,6 @@ describe('Stripe - Subscriptions', () => {
        paymentMethod: 'Stripe',
        sub: sinon.match({ ...sub }),
        groupId,
-        autoRenews: true,
      });
    });

@@ -233,7 +231,6 @@ describe('Stripe - Subscriptions', () => {
        paymentMethod: 'Stripe',
        sub: sinon.match({ ...sub }),
        groupId,
-        autoRenews: true,
      });
    });
  });
@@ -315,14 +312,12 @@ describe('Stripe - Subscriptions', () => {
      group = generateGroup({
        name: 'test group',
        type: 'guild',
-        privacy: 'private',
+        privacy: 'public',
        leader: user._id,
      });
      group.purchased.plan.customerId = 'customer-id';
      group.purchased.plan.planId = subKey;
      await group.save();
-      user.guilds.push(group._id);
-      await user.save();

      groupId = group._id;
    });
@@ -16,7 +16,6 @@ import * as subscriptions from '../../../../../../website/server/libs/payments/s
 const { i18n } = common;

 describe('Stripe - Webhooks', () => {
-  const BASE_URL = nconf.get('BASE_URL');
  const stripe = stripeModule('test');
  const endpointSecret = nconf.get('STRIPE_WEBHOOKS_ENDPOINT_SECRET');
  const headers = {};
@@ -285,9 +284,7 @@ describe('Stripe - Webhooks', () => {
    const session = {};

    beforeEach(() => {
-      session.metadata = {
-        server_url: BASE_URL,
-      };
+      session.metadata = {};
      event = { type: eventType, data: { object: session } };
      constructEventStub = sandbox.stub(stripe.webhooks, 'constructEvent');
      constructEventStub.returns(event);
@@ -0,0 +1,50 @@
+/* eslint-disable global-require */
+import nconf from 'nconf';
+import requireAgain from 'require-again';
+import {
+  generateRes,
+  generateReq,
+  generateNext,
+} from '../../../helpers/api-unit.helper';
+import * as analyticsService from '../../../../website/server/libs/analyticsService';
+
+describe('analytics middleware', () => {
+  let res; let req; let
+    next;
+  const pathToAnalyticsMiddleware = '../../../../website/server/middlewares/analytics';
+
+  beforeEach(() => {
+    res = generateRes();
+    req = generateReq();
+    next = generateNext();
+  });
+
+  it('attaches analytics object to res', () => {
+    const attachAnalytics = requireAgain(pathToAnalyticsMiddleware).default;
+
+    attachAnalytics(req, res, next);
+
+    expect(res.analytics).to.exist;
+  });
+
+  it('attaches stubbed methods for non-prod environments', () => {
+    sandbox.stub(nconf, 'get').withArgs('IS_PROD').returns(false);
+    const attachAnalytics = requireAgain(pathToAnalyticsMiddleware).default;
+
+    attachAnalytics(req, res, next);
+
+    expect(res.analytics.track).to.eql(analyticsService.mockAnalyticsService.track);
+    expect(res.analytics.trackPurchase).to.eql(analyticsService.mockAnalyticsService.trackPurchase);
+  });
+
+  it('attaches real methods for prod environments', () => {
+    sandbox.stub(nconf, 'get').withArgs('IS_PROD').returns(true);
+
+    const attachAnalytics = requireAgain(pathToAnalyticsMiddleware).default;
+
+    attachAnalytics(req, res, next);
+
+    expect(res.analytics.track).to.eql(analyticsService.track);
+    expect(res.analytics.trackPurchase).to.eql(analyticsService.trackPurchase);
+  });
+});
@@ -1,11 +1,8 @@
-import nconf from 'nconf';
-import requireAgain from 'require-again';
 import {
  generateRes,
  generateReq,
 } from '../../../helpers/api-unit.helper';
-
-const authPath = '../../../../website/server/middlewares/auth';
+import { authWithHeaders as authWithHeadersFactory } from '../../../../website/server/middlewares/auth';

 describe('auth middleware', () => {
  let res; let req; let
@@ -19,7 +16,6 @@ describe('auth middleware', () => {

  describe('auth with headers', () => {
    it('allows to specify a list of user field that we do not want to load', done => {
-      const authWithHeadersFactory = requireAgain(authPath).authWithHeaders;
      const authWithHeaders = authWithHeadersFactory({
        userFieldsToExclude: ['items'],
      });
@@ -39,7 +35,6 @@ describe('auth middleware', () => {
    });

    it('makes sure some fields are always included', done => {
-      const authWithHeadersFactory = requireAgain(authPath).authWithHeaders;
      const authWithHeaders = authWithHeadersFactory({
        userFieldsToExclude: [
          'items', 'auth.timestamps',
@@ -65,57 +60,5 @@ describe('auth middleware', () => {
        return done();
      });
    });
-
-    it('errors with InvalidCredentialsError and code when token is wrong', done => {
-      const authWithHeadersFactory = requireAgain(authPath).authWithHeaders;
-      const authWithHeaders = authWithHeadersFactory({ userFieldsToExclude: [] });
-
-      req.headers['x-api-user'] = user._id;
-      req.headers['x-api-key'] = 'totally-wrong-token';
-
-      authWithHeaders(req, res, err => {
-        expect(err).to.exist;
-        expect(err.name).to.equal('InvalidCredentialsError');
-        expect(err.code).to.equal('invalid_credentials');
-        expect(err.message).to.equal(res.t('invalidCredentials'));
-        return done();
-      });
-    });
-
-    describe('when ENFORCE_CLIENT_HEADER is true', () => {
-      let authFactory;
-
-      beforeEach(() => {
-        sandbox.stub(nconf, 'get').withArgs('ENFORCE_CLIENT_HEADER').returns('true');
-        authFactory = requireAgain(authPath).authWithHeaders;
-      });
-
-      it('errors with missingClientHeader when x-client header is not present', done => {
-        const authWithHeaders = authFactory({ userFieldsToExclude: [] });
-
-        req.headers['x-api-user'] = user._id;
-        req.headers['x-api-key'] = user;
-        authWithHeaders(req, res, err => {
-          expect(err).to.exist;
-          expect(err.name).to.equal('BadRequest');
-          expect(err.message).to.equal(res.t('missingClientHeader'));
-          return done();
-        });
-      });
-
-      it('allows request to pass when x-client header is present', done => {
-        const authWithHeaders = authFactory({ userFieldsToExclude: [] });
-
-        req.headers['x-api-user'] = user._id;
-        req.headers['x-api-key'] = user.apiToken;
-        req.headers['x-client'] = 'habitica-web';
-
-        authWithHeaders(req, res, err => {
-          if (err) return done(err);
-          expect(res.locals.user).to.exist;
-          return done();
-        });
-      });
-    });
  });
 });
@@ -1,197 +0,0 @@
-import nconf from 'nconf';
-import requireAgain from 'require-again';
-import {
-  generateRes,
-  generateReq,
-  generateNext,
-} from '../../../helpers/api-unit.helper';
-import { Forbidden } from '../../../../website/server/libs/errors';
-import { apiError } from '../../../../website/server/libs/apiError';
-import { model as Blocker } from '../../../../website/server/models/blocker';
-
-function checkIPBlockedErrorThrown (next) {
-  expect(next).to.have.been.calledOnce;
-  const calledWith = next.getCall(0).args;
-  expect(calledWith[0].message).to.equal(apiError('ipAddressBlocked'));
-  expect(calledWith[0] instanceof Forbidden).to.equal(true);
-}
-
-function checkClientBlockedErrorThrown (next) {
-  expect(next).to.have.been.calledOnce;
-  const calledWith = next.getCall(0).args;
-  expect(calledWith[0].message).to.equal(apiError('clientBlocked'));
-  expect(calledWith[0] instanceof Forbidden).to.equal(true);
-}
-
-function checkErrorNotThrown (next) {
-  expect(next).to.have.been.calledOnce;
-  const calledWith = next.getCall(0).args;
-  expect(typeof calledWith[0] === 'undefined').to.equal(true);
-}
-
-describe('Blocker middleware', () => {
-  const pathToBlocker = '../../../../website/server/middlewares/blocker';
-
-  let res; let req; let next;
-
-  beforeEach(() => {
-    res = generateRes();
-    req = generateReq();
-    next = generateNext();
-  });
-
-  describe('Blocking IPs', () => {
-    it('is disabled when the env var is not defined', () => {
-      sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns(undefined);
-      const attachBlocker = requireAgain(pathToBlocker).default;
-      attachBlocker(req, res, next);
-
-      checkErrorNotThrown(next);
-    });
-
-    it('is disabled when the env var is an empty string', () => {
-      sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('');
-      const attachBlocker = requireAgain(pathToBlocker).default;
-      attachBlocker(req, res, next);
-
-      checkErrorNotThrown(next);
-    });
-
-    it('is disabled when the env var contains comma separated empty strings', () => {
-      sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns(' , , ');
-      const attachBlocker = requireAgain(pathToBlocker).default;
-      attachBlocker(req, res, next);
-
-      checkErrorNotThrown(next);
-    });
-
-    it('does not throw when the ip does not match', () => {
-      req.ip = '192.168.1.1';
-      sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('192.168.1.2');
-      const attachBlocker = requireAgain(pathToBlocker).default;
-      attachBlocker(req, res, next);
-
-      checkErrorNotThrown(next);
-    });
-
-    it('does not throw when the blocker IP does not match', async () => {
-      req.ip = '192.168.1.1';
-      sandbox.stub(Blocker, 'watchBlockers').returns({
-        on: (event, callback) => {
-          if (event === 'change') {
-            callback({ operation: 'add', blocker: { type: 'ipaddress', area: 'full', value: '192.168.1.2' } });
-          }
-        },
-      });
-      const attachBlocker = requireAgain(pathToBlocker).default;
-      attachBlocker(req, res, next);
-
-      checkErrorNotThrown(next);
-    });
-
-    it('does not throw when a client is blocked', async () => {
-      sandbox.stub(Blocker, 'watchBlockers').returns({
-        on: (event, callback) => {
-          if (event === 'change') {
-            callback({ operation: 'add', blocker: { type: 'client', area: 'full', value: '192.168.1.1' } });
-          }
-        },
-      });
-      const attachBlocker = requireAgain(pathToBlocker).default;
-      attachBlocker(req, res, next);
-
-      checkErrorNotThrown(next);
-    });
-
-    it('throws when the blocker IP is blocked', async () => {
-      req.ip = '192.168.1.1';
-      sandbox.stub(Blocker, 'watchBlockers').returns({
-        on: (event, callback) => {
-          if (event === 'change') {
-            callback({ operation: 'add', blocker: { type: 'ipaddress', area: 'full', value: '192.168.1.1' } });
-          }
-        },
-      });
-      const attachBlocker = requireAgain(pathToBlocker).default;
-      attachBlocker(req, res, next);
-
-      checkIPBlockedErrorThrown(next);
-    });
-  });
-
-  describe('Blocking clients', () => {
-    beforeEach(() => {
-      sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('');
-      req.headers['x-client'] = 'test-client';
-    });
-    it('is disabled when no clients are blocked', () => {
-      const attachBlocker = requireAgain(pathToBlocker).default;
-      attachBlocker(req, res, next);
-
-      checkErrorNotThrown(next);
-    });
-
-    it('does not throw when the client does not match', async () => {
-      sandbox.stub(Blocker, 'watchBlockers').returns({
-        on: (event, callback) => {
-          if (event === 'change') {
-            callback({ operation: 'add', blocker: { type: 'client', area: 'full', value: 'another-client' } });
-          }
-        },
-      });
-      const attachBlocker = requireAgain(pathToBlocker).default;
-      attachBlocker(req, res, next);
-
-      checkErrorNotThrown(next);
-    });
-
-    it('throws when the client is blocked', async () => {
-      sandbox.stub(Blocker, 'watchBlockers').returns({
-        on: (event, callback) => {
-          if (event === 'change') {
-            callback({ operation: 'add', blocker: { type: 'client', area: 'full', value: 'test-client' } });
-          }
-        },
-      });
-      const attachBlocker = requireAgain(pathToBlocker).default;
-      attachBlocker(req, res, next);
-
-      checkClientBlockedErrorThrown(next);
-    });
-
-    it('does not throw when an ip is blocked', async () => {
-      sandbox.stub(Blocker, 'watchBlockers').returns({
-        on: (event, callback) => {
-          if (event === 'change') {
-            callback({ operation: 'add', blocker: { type: 'ipaddress', area: 'full', value: 'test-client' } });
-          }
-        },
-      });
-      const attachBlocker = requireAgain(pathToBlocker).default;
-      attachBlocker(req, res, next);
-
-      checkErrorNotThrown(next);
-    });
-
-    it('updates the list when data changes', async () => {
-      let blockCallback;
-      sandbox.stub(Blocker, 'watchBlockers').returns({
-        on: (event, callback) => {
-          blockCallback = callback;
-          if (event === 'change') {
-            callback({ operation: 'add', blocker: { type: 'client', area: 'full', value: 'another-client' } });
-          }
-        },
-      });
-      const attachBlocker = requireAgain(pathToBlocker).default;
-      attachBlocker(req, res, next);
-      checkErrorNotThrown(next);
-      blockCallback({ operation: 'add', blocker: { type: 'client', area: 'full', value: 'test-client' } });
-      attachBlocker(req, res, next);
-      expect(next).to.have.been.calledTwice;
-      const calledWith = next.getCall(1).args;
-      expect(calledWith[0].message).to.equal(apiError('clientBlocked'));
-      expect(calledWith[0] instanceof Forbidden).to.equal(true);
-    });
-  });
-});
@@ -0,0 +1,332 @@
+import moment from 'moment';
+import { v4 as generateUUID } from 'uuid';
+import {
+  generateRes,
+  generateReq,
+  generateTodo,
+  generateDaily,
+} from '../../../helpers/api-unit.helper';
+import cronMiddleware from '../../../../website/server/middlewares/cron';
+import { model as User } from '../../../../website/server/models/user';
+import { model as Group } from '../../../../website/server/models/group';
+import * as Tasks from '../../../../website/server/models/task';
+import * as analyticsService from '../../../../website/server/libs/analyticsService';
+import * as cronLib from '../../../../website/server/libs/cron';
+
+const CRON_TIMEOUT_WAIT = new Date(60 * 60 * 1000).getTime();
+const CRON_TIMEOUT_UNIT = new Date(60 * 1000).getTime();
+
+describe('cron middleware', () => {
+  let res; let
+    req;
+  let user;
+
+  beforeEach(async () => {
+    res = generateRes();
+    req = generateReq();
+    user = await res.locals.user.save();
+    res.analytics = analyticsService;
+  });
+
+  afterEach(() => {
+    sandbox.restore();
+  });
+
+  it('calls next when user is not attached', done => {
+    res.locals.user = null;
+    cronMiddleware(req, res, done);
+  });
+
+  it('calls next when days have not been missed', done => {
+    cronMiddleware(req, res, done);
+  });
+
+  it('should clear todos older than 30 days for free users', async () => {
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    const task = generateTodo(user);
+    task.dateCompleted = moment(new Date()).subtract({ days: 31 });
+    task.completed = true;
+    await task.save();
+    await user.save();
+
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, err => {
+        if (err) return reject(err);
+
+        Tasks.Task.findOne({ _id: task }).then(foundTask => {
+          expect(foundTask).to.not.exist;
+          resolve();
+        });
+
+        return null;
+      });
+    });
+  });
+
+  it('should not clear todos older than 30 days for subscribed users', async () => {
+    user.purchased.plan.customerId = 'subscribedId';
+    user.purchased.plan.dateUpdated = moment('012013', 'MMYYYY');
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    const task = generateTodo(user);
+    task.dateCompleted = moment(new Date()).subtract({ days: 31 });
+    task.completed = true;
+    await task.save();
+    await user.save();
+
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, err => {
+        if (err) return reject(err);
+        Tasks.Task.findOne({ _id: task }).then(foundTask => {
+          expect(foundTask).to.exist;
+          return resolve();
+        });
+        return null;
+      });
+    });
+  });
+
+  it('should clear todos older than 90 days for subscribed users', async () => {
+    user.purchased.plan.customerId = 'subscribedId';
+    user.purchased.plan.dateUpdated = moment('012013', 'MMYYYY');
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+
+    const task = generateTodo(user);
+    task.dateCompleted = moment(new Date()).subtract({ days: 91 });
+    task.completed = true;
+    await task.save();
+    await user.save();
+
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, err => {
+        if (err) return reject(err);
+        Tasks.Task.findOne({ _id: task }).then(foundTask => {
+          expect(foundTask).to.not.exist;
+          return resolve();
+        });
+        return null;
+      });
+    });
+  });
+
+  it('should call next if user was not modified after cron', async () => {
+    const hpBefore = user.stats.hp;
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    await user.save();
+
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, err => {
+        if (err) return reject(err);
+        expect(hpBefore).to.equal(user.stats.hp);
+        return resolve();
+      });
+    });
+  });
+
+  it('runs cron if previous cron was incomplete', async () => {
+    user.lastCron = moment(new Date()).subtract({ days: 1 });
+    user.auth.timestamps.loggedin = moment(new Date()).subtract({ days: 4 });
+    const now = new Date();
+    await user.save();
+
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, err => {
+        if (err) return reject(err);
+        expect(moment(now).isSame(user.lastCron, 'day'));
+        expect(moment(now).isSame(user.auth.timestamps.loggedin, 'day'));
+        return resolve();
+      });
+    });
+  });
+
+  it('updates user.auth.timestamps.loggedin and lastCron', async () => {
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    const now = new Date();
+    await user.save();
+
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, err => {
+        if (err) return reject(err);
+        expect(moment(now).isSame(user.lastCron, 'day'));
+        expect(moment(now).isSame(user.auth.timestamps.loggedin, 'day'));
+        return resolve();
+      });
+    });
+  });
+
+  it('does damage for missing dailies', async () => {
+    const hpBefore = user.stats.hp;
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    const daily = generateDaily(user);
+    daily.startDate = moment(new Date()).subtract({ days: 2 });
+    await daily.save();
+    await user.save();
+
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, err => {
+        if (err) return reject(err);
+        return User.findOne({ _id: user._id }).then(updatedUser => {
+          expect(updatedUser.stats.hp).to.be.lessThan(hpBefore);
+          return resolve();
+        });
+      });
+    });
+  });
+
+  it('updates tasks', async () => {
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    const todo = generateTodo(user);
+    const todoValueBefore = todo.value;
+    await Promise.all([todo.save(), user.save()]);
+
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, err => {
+        if (err) return reject(err);
+        return Tasks.Task.findOne({ _id: todo._id }).then(todoFound => {
+          expect(todoFound.value).to.be.lessThan(todoValueBefore);
+          return resolve();
+        });
+      });
+    });
+  });
+
+  it('applies quest progress', async () => {
+    const hpBefore = user.stats.hp;
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    const daily = generateDaily(user);
+    daily.startDate = moment(new Date()).subtract({ days: 2 });
+    await daily.save();
+
+    const questKey = 'dilatory';
+    user.party.quest.key = questKey;
+
+    const party = new Group({
+      type: 'party',
+      name: generateUUID(),
+      leader: user._id,
+    });
+    party.quest.members[user._id] = true;
+    party.quest.key = questKey;
+    await party.save();
+
+    user.party._id = party._id;
+    await user.save();
+
+    party.startQuest(user);
+
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, err => {
+        if (err) return reject(err);
+        return User.findOne({ _id: user._id }).then(updatedUser => {
+          expect(updatedUser.stats.hp).to.be.lessThan(hpBefore);
+          return resolve();
+        });
+      });
+    });
+  });
+
+  it('recovers from failed cron and does not error when user is already cronning', async () => {
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    await user.save();
+
+    const updatedUser = user.toObject();
+    updatedUser.matchedCount = 0;
+
+    sandbox.spy(cronLib, 'recoverCron');
+
+    sandbox.stub(User, 'updateOne')
+      .withArgs({
+        _id: user._id,
+        $or: [
+          { _cronSignature: 'NOT_RUNNING' },
+          { _cronSignature: { $lt: sinon.match.number } },
+        ],
+      })
+      .returns({
+        exec () {
+          return Promise.resolve(updatedUser);
+        },
+      });
+
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, err => {
+        if (err) return reject(err);
+        expect(cronLib.recoverCron).to.be.calledOnce;
+
+        return resolve();
+      });
+    });
+  });
+
+  it('cronSignature less than an hour ago should error', async () => {
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    const now = new Date();
+    await User.updateOne({
+      _id: user._id,
+    }, {
+      $set: {
+        _cronSignature: now.getTime() - CRON_TIMEOUT_WAIT + CRON_TIMEOUT_UNIT,
+      },
+    }).exec();
+    await user.save();
+    const expectedErrMessage = `Impossible to recover from cron for user ${user._id}.`;
+
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, err => {
+        if (!err) return reject(new Error('Cron should have failed.'));
+        expect(err.message).to.be.equal(expectedErrMessage);
+        return resolve();
+      });
+    });
+  });
+
+  it('cronSignature longer than an hour ago should allow cron', async () => {
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    const now = new Date();
+    await User.updateOne({
+      _id: user._id,
+    }, {
+      $set: {
+        _cronSignature: now.getTime() - CRON_TIMEOUT_WAIT - CRON_TIMEOUT_UNIT,
+      },
+    }).exec();
+    await user.save();
+
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, err => {
+        if (err) return reject(err);
+        expect(moment(now).isSame(user.auth.timestamps.loggedin, 'day'));
+        expect(user._cronSignature).to.be.equal('NOT_RUNNING');
+        return resolve();
+      });
+    });
+  });
+
+  it('cron should not run more than once', async () => {
+    user.lastCron = moment(new Date()).subtract({ days: 2 });
+    await user.save();
+
+    sandbox.spy(cronLib, 'cron');
+
+    await Promise.all([new Promise((resolve, reject) => {
+      cronMiddleware(req, res, err => {
+        if (err) return reject(err);
+        return resolve();
+      });
+    }), new Promise((resolve, reject) => {
+      cronMiddleware(req, res, err => {
+        if (err) return reject(err);
+        return resolve();
+      });
+    }), new Promise((resolve, reject) => {
+      setTimeout(() => {
+        cronMiddleware(req, res, err => {
+          if (err) return reject(err);
+          return resolve();
+        });
+      }, 400);
+    }),
+    ]);
+
+    expect(cronLib.cron).to.be.calledOnce;
+  });
+});
@@ -0,0 +1,76 @@
+import nconf from 'nconf';
+import requireAgain from 'require-again';
+import {
+  generateRes,
+  generateReq,
+  generateNext,
+} from '../../../helpers/api-unit.helper';
+import { Forbidden } from '../../../../website/server/libs/errors';
+import { apiError } from '../../../../website/server/libs/apiError';
+
+function checkErrorThrown (next) {
+  expect(next).to.have.been.calledOnce;
+  const calledWith = next.getCall(0).args;
+  expect(calledWith[0].message).to.equal(apiError('ipAddressBlocked'));
+  expect(calledWith[0] instanceof Forbidden).to.equal(true);
+}
+
+function checkErrorNotThrown (next) {
+  expect(next).to.have.been.calledOnce;
+  const calledWith = next.getCall(0).args;
+  expect(typeof calledWith[0] === 'undefined').to.equal(true);
+}
+
+describe('ipBlocker middleware', () => {
+  const pathToIpBlocker = '../../../../website/server/middlewares/ipBlocker';
+
+  let res; let req; let next;
+
+  beforeEach(() => {
+    res = generateRes();
+    req = generateReq();
+    next = generateNext();
+  });
+
+  it('is disabled when the env var is not defined', () => {
+    sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns(undefined);
+    const attachIpBlocker = requireAgain(pathToIpBlocker).default;
+    attachIpBlocker(req, res, next);
+
+    checkErrorNotThrown(next);
+  });
+
+  it('is disabled when the env var is an empty string', () => {
+    sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('');
+    const attachIpBlocker = requireAgain(pathToIpBlocker).default;
+    attachIpBlocker(req, res, next);
+
+    checkErrorNotThrown(next);
+  });
+
+  it('is disabled when the env var contains comma separated empty strings', () => {
+    sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns(' , , ');
+    const attachIpBlocker = requireAgain(pathToIpBlocker).default;
+    attachIpBlocker(req, res, next);
+
+    checkErrorNotThrown(next);
+  });
+
+  it('does not throw when the ip does not match', () => {
+    req.ip = '192.168.1.1';
+    sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('192.168.1.2');
+    const attachIpBlocker = requireAgain(pathToIpBlocker).default;
+    attachIpBlocker(req, res, next);
+
+    checkErrorNotThrown(next);
+  });
+
+  it('throws when the ip is blocked', () => {
+    req.ip = '192.168.1.1';
+    sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('192.168.1.1');
+    const attachIpBlocker = requireAgain(pathToIpBlocker).default;
+    attachIpBlocker(req, res, next);
+
+    checkErrorThrown(next);
+  });
+});
@@ -54,7 +54,6 @@ describe('rateLimiter middleware', () => {

  it('does not throw when there are available points', async () => {
    nconfGetStub.withArgs('RATE_LIMITER_ENABLED').returns('true');
-    nconfGetStub.withArgs('RATE_LIMITER_IP_COST').returns(1);
    const attachRateLimiter = requireAgain(pathToRateLimiter).default;
    await attachRateLimiter(req, res, next);

@@ -72,7 +71,6 @@ describe('rateLimiter middleware', () => {

  it('does not throw when an unknown error is thrown by the rate limiter', async () => {
    nconfGetStub.withArgs('RATE_LIMITER_ENABLED').returns('true');
-    nconfGetStub.withArgs('RATE_LIMITER_IP_COST').returns(1);
    sandbox.stub(logger, 'error');
    sandbox.stub(RateLimiterMemory.prototype, 'consume')
      .returns(Promise.reject(new Error('Unknown error.')));
@@ -106,7 +104,6 @@ describe('rateLimiter middleware', () => {
  it('limits when LIVELINESS_PROBE_KEY is incorrect', async () => {
    nconfGetStub.withArgs('RATE_LIMITER_ENABLED').returns('true');
    nconfGetStub.withArgs('LIVELINESS_PROBE_KEY').returns('abc');
-    nconfGetStub.withArgs('RATE_LIMITER_IP_COST').returns(1);
    const attachRateLimiter = requireAgain(pathToRateLimiter).default;

    req.query.liveliness = 'das';
@@ -123,7 +120,6 @@ describe('rateLimiter middleware', () => {
  it('limits when LIVELINESS_PROBE_KEY is not set', async () => {
    nconfGetStub.withArgs('RATE_LIMITER_ENABLED').returns('true');
    nconfGetStub.withArgs('LIVELINESS_PROBE_KEY').returns(undefined);
-    nconfGetStub.withArgs('RATE_LIMITER_IP_COST').returns(1);
    const attachRateLimiter = requireAgain(pathToRateLimiter).default;

    await attachRateLimiter(req, res, next);
@@ -139,7 +135,6 @@ describe('rateLimiter middleware', () => {
  it('throws when LIVELINESS_PROBE_KEY is blank', async () => {
    nconfGetStub.withArgs('RATE_LIMITER_ENABLED').returns('true');
    nconfGetStub.withArgs('LIVELINESS_PROBE_KEY').returns('');
-    nconfGetStub.withArgs('RATE_LIMITER_IP_COST').returns(1);
    const attachRateLimiter = requireAgain(pathToRateLimiter).default;

    req.query.liveliness = '';
@@ -155,7 +150,6 @@ describe('rateLimiter middleware', () => {

  it('throws when there are no available points remaining', async () => {
    nconfGetStub.withArgs('RATE_LIMITER_ENABLED').returns('true');
-    nconfGetStub.withArgs('RATE_LIMITER_IP_COST').returns(1);
    const attachRateLimiter = requireAgain(pathToRateLimiter).default;

    // call for 31 times
@@ -179,7 +173,6 @@ describe('rateLimiter middleware', () => {

  it('uses the user id if supplied or the ip address', async () => {
    nconfGetStub.withArgs('RATE_LIMITER_ENABLED').returns('true');
-    nconfGetStub.withArgs('RATE_LIMITER_IP_COST').returns(1);
    const attachRateLimiter = requireAgain(pathToRateLimiter).default;

    req.ip = 1;
@@ -206,51 +199,4 @@ describe('rateLimiter middleware', () => {
      'X-RateLimit-Reset': sinon.match(Date),
    });
  });
-
-  it('applies increased cost for registration calls with and without user id', async () => {
-    nconfGetStub.withArgs('RATE_LIMITER_ENABLED').returns('true');
-    nconfGetStub.withArgs('RATE_LIMITER_REGISTRATION_COST').returns(3);
-    const attachRateLimiter = requireAgain(pathToRateLimiter).default;
-    req.path = '/api/v4/user/auth/local/register';
-
-    req.ip = 1;
-    await attachRateLimiter(req, res, next);
-
-    req.headers['x-api-user'] = 'user-1';
-    await attachRateLimiter(req, res, next);
-    await attachRateLimiter(req, res, next);
-
-    // user id an ip are counted as separate sources
-    expect(res.set).to.have.been.calledWithMatch({
-      'X-RateLimit-Limit': 30,
-      'X-RateLimit-Remaining': 27, // 2 calls with user id
-      'X-RateLimit-Reset': sinon.match(Date),
-    });
-
-    req.headers['x-api-user'] = undefined;
-    await attachRateLimiter(req, res, next);
-    await attachRateLimiter(req, res, next);
-
-    expect(res.set).to.have.been.calledWithMatch({
-      'X-RateLimit-Limit': 30,
-      'X-RateLimit-Remaining': 24, // 3 calls with only ip
-      'X-RateLimit-Reset': sinon.match(Date),
-    });
-  });
-
-  it('applies increased cost for unauthenticated API calls', async () => {
-    nconfGetStub.withArgs('RATE_LIMITER_ENABLED').returns('true');
-    nconfGetStub.withArgs('RATE_LIMITER_IP_COST').returns(10);
-    const attachRateLimiter = requireAgain(pathToRateLimiter).default;
-
-    req.ip = 1;
-    await attachRateLimiter(req, res, next);
-    await attachRateLimiter(req, res, next);
-
-    expect(res.set).to.have.been.calledWithMatch({
-      'X-RateLimit-Limit': 30,
-      'X-RateLimit-Remaining': 10,
-      'X-RateLimit-Reset': sinon.match(Date),
-    });
-  });
 });
@@ -1,13 +1,9 @@
 import moment from 'moment';
-import requireAgain from 'require-again';
 import { model as User } from '../../../../website/server/models/user';
 import { model as NewsPost } from '../../../../website/server/models/newsPost';
 import { model as Group } from '../../../../website/server/models/group';
-import { model as Blocker } from '../../../../website/server/models/blocker';
 import common from '../../../../website/common';

-const pathToUserSchema = '../../../../website/server/models/user/schema';
-
 describe('User Model', () => {
  describe('.toJSON()', () => {
    it('keeps user._tmp when calling .toJSON', () => {
@@ -916,73 +912,4 @@ describe('User Model', () => {
      expect(user.toJSON().flags.newStuff).to.equal(true);
    });
  });
-
-  describe('validates email', () => {
-    it('does not throw an error for a valid email', () => {
-      const user = new User();
-      user.auth.local.email = 'hello@example.com';
-      const errors = user.validateSync();
-      expect(errors.errors['auth.local.email']).to.not.exist;
-    });
-
-    it('throws an error if email is not valid', () => {
-      const user = new User();
-      user.auth.local.email = 'invalid-email';
-      const errors = user.validateSync();
-      expect(errors.errors['auth.local.email'].message).to.equal(common.i18n.t('invalidEmail'));
-    });
-
-    it('throws an error if email is using a restricted domain', () => {
-      const user = new User();
-      user.auth.local.email = 'scammer@habitica.com';
-      const errors = user.validateSync();
-      expect(errors.errors['auth.local.email'].message).to.equal(common.i18n.t('invalidEmailDomain', { domains: 'habitica.com, habitrpg.com' }));
-    });
-
-    it('throws an error if email was blocked specifically', () => {
-      sandbox.stub(Blocker, 'watchBlockers').returns({
-        on: (event, callback) => {
-          callback({ operation: 'add', blocker: { type: 'email', area: 'full', value: 'blocked@example.com' } });
-        },
-      });
-      const schema = requireAgain(pathToUserSchema).UserSchema;
-      const valid = schema.paths['auth.local.email'].options.validate.every(v => v.validator('blocked@example.com'));
-      expect(valid).to.equal(false);
-    });
-
-    it('throws an error if email domain was blocked', () => {
-      sandbox.stub(Blocker, 'watchBlockers').returns({
-        on: (event, callback) => {
-          callback({ operation: 'add', blocker: { type: 'email', area: 'full', value: '@example.com' } });
-        },
-      });
-      const schema = requireAgain(pathToUserSchema).UserSchema;
-      const valid = schema.paths['auth.local.email'].options.validate.every(v => v.validator('blocked@example.com'));
-      expect(valid).to.equal(false);
-    });
-
-    it('throws an error if user portion of email was blocked', () => {
-      sandbox.stub(Blocker, 'watchBlockers').returns({
-        on: (event, callback) => {
-          callback({ operation: 'add', blocker: { type: 'email', area: 'full', value: 'blocked@' } });
-        },
-      });
-      const schema = requireAgain(pathToUserSchema).UserSchema;
-      const valid = schema.paths['auth.local.email'].options.validate.every(v => v.validator('blocked@example.com'));
-      expect(valid).to.equal(false);
-    });
-
-    it('does not throw an error if email is not blocked', () => {
-      sandbox.stub(Blocker, 'watchBlockers').returns({
-        on: (event, callback) => {
-          callback({ operation: 'add', blocker: { type: 'email', area: 'full', value: '@example.com' } });
-          callback({ operation: 'add', blocker: { type: 'email', area: 'full', value: 'blocked@' } });
-          callback({ operation: 'add', blocker: { type: 'email', area: 'full', value: 'bad@test.com' } });
-        },
-      });
-      const schema = requireAgain(pathToUserSchema).UserSchema;
-      const valid = schema.paths['auth.local.email'].options.validate.every(v => v.validator('good@test.com'));
-      expect(valid).to.equal(true);
-    });
-  });
 });
@@ -50,59 +50,5 @@ describe('UserNotification Model', () => {
      expect(safeNotifications[0].type).to.equal('NEW_CHAT_MESSAGE');
      expect(safeNotifications[0].id).to.equal('123');
    });
-
-    it('removes duplicate STREAK_ACHIEVEMENT notifications', () => {
-      // Fixes issue #13325 - Users receiving duplicate streak achievement notifications
-      const notifications = [
-        new UserNotification({
-          type: 'STREAK_ACHIEVEMENT',
-          id: 123,
-          data: {},
-        }),
-        new UserNotification({
-          type: 'STREAK_ACHIEVEMENT',
-          id: 456,
-          data: {},
-        }),
-        new UserNotification({
-          type: 'CRON',
-          id: 789,
-          data: {},
-        }), // different type, should be kept
-      ];
-
-      const safeNotifications = UserNotification.cleanupCorruptData(notifications);
-      expect(safeNotifications.length).to.equal(2);
-      expect(safeNotifications[0].type).to.equal('STREAK_ACHIEVEMENT');
-      expect(safeNotifications[0].id).to.equal('123');
-      expect(safeNotifications[1].type).to.equal('CRON');
-      expect(safeNotifications[1].id).to.equal('789');
-    });
-
-    it('handles multiple STREAK_ACHIEVEMENT duplicates correctly', () => {
-      // Test case: 3 duplicate STREAK_ACHIEVEMENT notifications
-      const notifications = [
-        new UserNotification({
-          type: 'STREAK_ACHIEVEMENT',
-          id: 111,
-          data: {},
-        }),
-        new UserNotification({
-          type: 'STREAK_ACHIEVEMENT',
-          id: 222,
-          data: {},
-        }),
-        new UserNotification({
-          type: 'STREAK_ACHIEVEMENT',
-          id: 333,
-          data: {},
-        }),
-      ];
-
-      const safeNotifications = UserNotification.cleanupCorruptData(notifications);
-      expect(safeNotifications.length).to.equal(1);
-      expect(safeNotifications[0].type).to.equal('STREAK_ACHIEVEMENT');
-      expect(safeNotifications[0].id).to.equal('111'); // Keep first one
-    });
  });
 });
@@ -0,0 +1,19 @@
+import {
+  generateUser,
+  requester,
+} from '../../../../helpers/api-integration/v3';
+import { mockAnalyticsService as analytics } from '../../../../../website/server/libs/analyticsService';
+
+describe('POST /analytics/track/:eventName', () => {
+  it('calls res.analytics', async () => {
+    const user = await generateUser();
+    sandbox.spy(analytics, 'track');
+
+    const requestWithHeaders = requester(user, { 'x-client': 'habitica-web' });
+    await requestWithHeaders.post('/analytics/track/eventName', { data: 'example' }, { 'x-client': 'habitica-web' });
+    expect(analytics.track).to.be.calledOnce;
+    expect(analytics.track).to.be.calledWith('eventName', sandbox.match({ data: 'example' }));
+
+    sandbox.restore();
+  });
+});
@@ -5,8 +5,6 @@ import {
  createAndPopulateGroup,
  translate as t,
 } from '../../../../helpers/api-integration/v3';
-import { model as Group } from '../../../../../website/server/models/group';
-import { TAVERN_ID } from '../../../../../website/common/script/constants';

 describe('POST /challenges/:challengeId/join', () => {
  it('returns error when challengeId is not a valid UUID', async () => {
@@ -29,37 +27,6 @@ describe('POST /challenges/:challengeId/join', () => {
    });
  });

-  context('public Guild', () => {
-    let group;
-    let groupLeader;
-    let members;
-    let challenge;
-    before(async () => {
-      ({ group, groupLeader, members } = await createAndPopulateGroup({
-        groupDetails: {
-          name: 'test group',
-          type: 'guild',
-          privacy: 'private',
-        },
-        members: 1,
-        upgradeToGroupPlan: true,
-      }));
-      challenge = await generateChallenge(groupLeader, group);
-      // Creation API is shut down, we need to simulate an extant public group
-      await Group.updateOne({ _id: group._id }, { $set: { privacy: 'public' }, $unset: { 'purchased.plan': 1 } }).exec();
-    });
-
-    it('returns error when challengeId is in an old public Guild', async () => {
-      const authorizedUser = members[0]; // eslint-disable-line prefer-destructuring
-
-      await expect(authorizedUser.post(`/challenges/${challenge._id}/join`)).to.eventually.be.rejected.and.eql({
-        code: 404,
-        error: 'NotFound',
-        message: t('challengeNotFound'),
-      });
-    });
-  });
-
  context('Joining a valid challenge', () => {
    let groupLeader;
    let group;
@@ -99,15 +66,6 @@ describe('POST /challenges/:challengeId/join', () => {
      expect(res.name).to.equal(challenge.name);
    });

-    it('succeeds when it\'s a Tavern challenge, even if the user isn\'t a "member" of Tavern', async () => {
-      const tavern = await groupLeader.get(`/groups/${TAVERN_ID}`);
-      const tavernChallenge = await generateChallenge(groupLeader, tavern, { prize: 1 });
-      const generalUser = await generateUser();
-
-      const res = await generalUser.post(`/challenges/${tavernChallenge._id}/join`);
-      expect(res.name).to.equal(tavernChallenge.name);
-    });
-
    it('returns challenge data', async () => {
      const res = await authorizedUser.post(`/challenges/${challenge._id}/join`);

@@ -62,9 +62,9 @@ describe('GET /groups/:groupId/chat', () => {

    it('returns error if user attempts to fetch a sunset Guild', async () => {
      await expect(user.get(`/groups/${group._id}/chat`)).to.eventually.be.rejected.and.eql({
-        code: 404,
-        error: 'NotFound',
-        message: t('groupNotFound'),
+        code: 400,
+        error: 'BadRequest',
+        message: t('featureRetired'),
      });
    });
  });
@@ -121,9 +121,9 @@ describe('POST /chat/:chatId/like', () => {

    await expect(user.post(`/groups/${groupWithChat._id}/chat/${message.message.id}/like`))
      .to.eventually.be.rejected.and.eql({
-        code: 404,
-        error: 'NotFound',
-        message: t('groupNotFound'),
+        code: 400,
+        error: 'BadRequest',
+        message: t('featureRetired'),
      });
  });
 });
@@ -9,7 +9,7 @@ import {
 import {
  SPAM_MIN_EXEMPT_CONTRIB_LEVEL,
 } from '../../../../../website/server/models/group';
-import { MAX_MESSAGE_LENGTH, CHAT_FLAG_FROM_SHADOW_MUTE } from '../../../../../website/common/script/constants';
+import { MAX_MESSAGE_LENGTH } from '../../../../../website/common/script/constants';
 import * as email from '../../../../../website/server/libs/email';

 describe('POST /chat', () => {
@@ -80,20 +80,17 @@ describe('POST /chat', () => {
      member.updateOne({ 'flags.chatRevoked': false });
    });

-    it('errors when chat privileges are revoked when sending a message to a private guild', async () => {
+    it('does not error when chat privileges are revoked when sending a message to a private guild', async () => {
      await member.updateOne({
        'flags.chatRevoked': true,
      });

-      await expect(member.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage }))
-        .to.eventually.be.rejected.and.eql({
-          code: 401,
-          error: 'NotAuthorized',
-          message: t('chatPrivilegesRevoked'),
-        });
+      const message = await member.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage });
+
+      expect(message.message.id).to.exist;
    });

-    it('errors when chat privileges are revoked when sending a message to a party', async () => {
+    it('does not error when chat privileges are revoked when sending a message to a party', async () => {
      const { group, members } = await createAndPopulateGroup({
        groupDetails: {
          name: 'Party',
@@ -109,12 +106,9 @@ describe('POST /chat', () => {
        'auth.timestamps.created': new Date('2022-01-01'),
      });

-      await expect(privatePartyMemberWithChatsRevoked.post(`/groups/${group._id}/chat`, { message: testMessage }))
-        .to.eventually.be.rejected.and.eql({
-          code: 401,
-          error: 'NotAuthorized',
-          message: t('chatPrivilegesRevoked'),
-        });
+      const message = await privatePartyMemberWithChatsRevoked.post(`/groups/${group._id}/chat`, { message: testMessage });
+
+      expect(message.message.id).to.exist;
    });
  });

@@ -129,7 +123,7 @@ describe('POST /chat', () => {
      member.updateOne({ 'flags.chatShadowMuted': false });
    });

-    it('creates a chat with flagCount set when sending a message to a private guild', async () => {
+    it('creates a chat with zero flagCount when sending a message to a private guild', async () => {
      await member.updateOne({
        'flags.chatShadowMuted': true,
      });
@@ -137,10 +131,10 @@ describe('POST /chat', () => {
      const message = await member.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage });

      expect(message.message.id).to.exist;
-      expect(message.message.flagCount).to.eql(CHAT_FLAG_FROM_SHADOW_MUTE);
+      expect(message.message.flagCount).to.eql(0);
    });

-    it('creates a chat with flagCount set when sending a message to a party', async () => {
+    it('creates a chat with zero flagCount when sending a message to a party', async () => {
      const { group, members } = await createAndPopulateGroup({
        groupDetails: {
          name: 'Party',
@@ -159,7 +153,7 @@ describe('POST /chat', () => {
      const message = await userWithChatShadowMuted.post(`/groups/${group._id}/chat`, { message: testMessage });

      expect(message.message.id).to.exist;
-      expect(message.message.flagCount).to.eql(CHAT_FLAG_FROM_SHADOW_MUTE);
+      expect(message.message.flagCount).to.eql(0);
    });
  });

@@ -244,18 +238,6 @@ describe('POST /chat', () => {
    expect(groupMessages[0].id).to.exist;
  });

-  it('creates a chat with case-insensitive mentions', async () => {
-    const originalUsername = member.auth.local.username;
-    const uppercaseUsername = originalUsername.toUpperCase();
-    const messageWithMentions = `hi @${uppercaseUsername}`;
-    const newMessage = await user.post(`/groups/${groupWithChat._id}/chat`, { message: messageWithMentions });
-    const groupMessages = await user.get(`/groups/${groupWithChat._id}/chat`);
-
-    expect(newMessage.message.id).to.exist;
-    expect(newMessage.message.text).to.include(`[@${uppercaseUsername}](/profile/${member._id})`);
-    expect(groupMessages[0].id).to.exist;
-  });
-
  it('creates a chat with a max length of 3000 chars', async () => {
    const veryLongMessage = `
    123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789.
@@ -1,7 +1,6 @@
 import {
  requester,
  translate as t,
-  generateUser,
 } from '../../../../helpers/api-integration/v3';
 import i18n from '../../../../../website/common/script/i18n';

@@ -57,28 +56,4 @@ describe('GET /content', () => {
    const res = await requester().get('/content?filter=backgroundsFlat,invalid');
    expect(res).to.not.have.property('backgroundsFlat');
  });
-
-  describe('authenticated user', () => {
-    let user;
-    it('returns content in user\'s preferred language when no language parameter is provided', async () => {
-      user = await generateUser({ 'preferences.language': 'de' });
-      const res = await user.get('/content');
-      expect(res).to.have.nested.property('backgrounds.backgrounds062014.beach');
-      expect(res.backgrounds.backgrounds062014.beach.text).to.equal(i18n.t('backgroundBeachText', 'de'));
-    });
-
-    it('respects language parameter over user\'s preferred language', async () => {
-      user = await generateUser({ 'preferences.language': 'de' });
-      const res = await user.get('/content?language=fr');
-      expect(res).to.have.nested.property('backgrounds.backgrounds062014.beach');
-      expect(res.backgrounds.backgrounds062014.beach.text).to.equal(i18n.t('backgroundBeachText', 'fr'));
-    });
-
-    it('falls back to English if user\'s preferred language is invalid', async () => {
-      user = await generateUser({ 'preferences.language': 'invalid_lang' });
-      const res = await user.get('/content');
-      expect(res).to.have.nested.property('backgrounds.backgrounds062014.beach');
-      expect(res.backgrounds.backgrounds062014.beach.text).to.equal(t('backgroundBeachText'));
-    });
-  });
 });
@@ -0,0 +1,35 @@
+import { v4 as generateUUID } from 'uuid';
+import {
+  generateUser,
+  translate as t,
+} from '../../../../helpers/api-integration/v3';
+
+xdescribe('GET /export/avatar-:memberId.html', () => {
+  let user;
+
+  before(async () => {
+    user = await generateUser();
+  });
+
+  it('validates req.params.memberId', async () => {
+    await expect(user.get('/export/avatar-:memberId.html')).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
+
+  it('handles non-existing members', async () => {
+    const dummyId = generateUUID();
+    await expect(user.get(`/export/avatar-${dummyId}.html`)).to.eventually.be.rejected.and.eql({
+      code: 404,
+      error: 'NotFound',
+      message: t('userWithIDNotFound', { userId: dummyId }),
+    });
+  });
+
+  it('returns an html page', async () => {
+    const res = await user.get(`/export/avatar-${user._id}.html`);
+    expect(res.substring(0, 100).indexOf('<!DOCTYPE html>')).to.equal(0);
+  });
+});
@@ -0,0 +1,3 @@
+// TODO how to test this route since it points to a file on AWS s3?
+
+describe('GET /export/avatar-:memberId.png', () => {});
@@ -38,7 +38,7 @@ describe('GET /export/inbox.html', () => {
  it('renders the markdown messages as html', async () => {
    const res = await user.get('/export/inbox.html');

-    expect(res).to.include('😄');
+    expect(res).to.include('img class="habitica-emoji"');
    expect(res).to.include('<h1>Hello!</h1>');
    expect(res).to.include('<li>list 1</li>');
  });
@@ -46,7 +46,7 @@ describe('GET /export/inbox.html', () => {
  it('sorts messages from newest to oldest', async () => {
    const res = await user.get('/export/inbox.html');

-    const emojiPosition = res.indexOf('😄');
+    const emojiPosition = res.indexOf('img class="habitica-emoji"');
    const headingPosition = res.indexOf('<h1>Hello!</h1>');
    const listPosition = res.indexOf('<li>list 1</li>');

@@ -1,73 +0,0 @@
-import nconf from 'nconf';
-import {
-  generateUser,
-  createAndPopulateGroup,
-} from '../../../../helpers/api-integration/v3';
-
-describe('POST /debug/boss-rage', () => {
-  let user;
-  let nconfStub;
-
-  beforeEach(async () => {
-    user = await generateUser();
-  });
-
-  beforeEach(() => {
-    nconfStub = sandbox.stub(nconf, 'get');
-    nconfStub.withArgs('DEBUG_ENABLED').returns(true);
-    nconfStub.withArgs('BASE_URL').returns('https://example.com');
-  });
-
-  afterEach(() => {
-    nconfStub.restore();
-  });
-
-  it('errors if user is not in a party', async () => {
-    await expect(user.post('/debug/boss-rage'))
-      .to.eventually.be.rejected.and.deep.equal({
-        code: 400,
-        error: 'BadRequest',
-        message: 'User not in a party.',
-      });
-  });
-
-  it('returns error when not in production mode', async () => {
-    nconfStub.withArgs('DEBUG_ENABLED').returns(false);
-
-    await expect(user.post('/debug/boss-rage'))
-      .to.eventually.be.rejected.and.deep.equal({
-        code: 404,
-        error: 'NotFound',
-        message: 'Not found.',
-      });
-  });
-
-  context('user is in a party', async () => {
-    let party;
-
-    beforeEach(async () => {
-      const { group, groupLeader } = await createAndPopulateGroup({
-        groupDetails: {
-          name: 'Test Party',
-          type: 'party',
-        },
-        members: 2,
-      });
-      party = group;
-      user = groupLeader;
-    });
-
-    it('increases boss rage to 50', async () => {
-      await user.post('/debug/boss-rage');
-      await party.sync();
-      expect(party.quest.progress.rage).to.eql(50);
-    });
-
-    it('increases boss rage to 100', async () => {
-      await user.post('/debug/boss-rage');
-      await user.post('/debug/boss-rage');
-      await party.sync();
-      expect(party.quest.progress.rage).to.eql(100);
-    });
-  });
-});
@@ -34,11 +34,9 @@ describe('POST /debug/jump-time', () => {
    expect(resultDate.getMonth()).to.eql(today.getMonth());
    expect(resultDate.getFullYear()).to.eql(today.getFullYear());
    const newResultDate = new Date((await user.post('/debug/jump-time', { offsetDays: 1 })).time);
-    const tomorrow = new Date(today.valueOf());
-    tomorrow.setDate(today.getDate() + 1);
-    expect(newResultDate.getDate()).to.eql(tomorrow.getDate());
-    expect(newResultDate.getMonth()).to.eql(tomorrow.getMonth());
-    expect(newResultDate.getFullYear()).to.eql(tomorrow.getFullYear());
+    expect(newResultDate.getDate()).to.eql(today.getDate() + 1);
+    expect(newResultDate.getMonth()).to.eql(today.getMonth());
+    expect(newResultDate.getFullYear()).to.eql(today.getFullYear());
  });

  it('jumps back', async () => {
@@ -47,11 +45,9 @@ describe('POST /debug/jump-time', () => {
    expect(resultDate.getMonth()).to.eql(today.getMonth());
    expect(resultDate.getFullYear()).to.eql(today.getFullYear());
    const newResultDate = new Date((await user.post('/debug/jump-time', { offsetDays: -1 })).time);
-    const yesterday = new Date(today.valueOf());
-    yesterday.setDate(today.getDate() - 1);
-    expect(newResultDate.getDate()).to.eql(yesterday.getDate());
-    expect(newResultDate.getMonth()).to.eql(yesterday.getMonth());
-    expect(newResultDate.getFullYear()).to.eql(yesterday.getFullYear());
+    expect(newResultDate.getDate()).to.eql(today.getDate() - 1);
+    expect(newResultDate.getMonth()).to.eql(today.getMonth());
+    expect(newResultDate.getFullYear()).to.eql(today.getFullYear());
  });

  it('can jump a lot', async () => {
@@ -59,7 +55,7 @@ describe('POST /debug/jump-time', () => {
    expect(resultDate.getDate()).to.eql(today.getDate());
    expect(resultDate.getMonth()).to.eql(today.getMonth());
    expect(resultDate.getFullYear()).to.eql(today.getFullYear());
-    const newResultDate = new Date((await user.post('/debug/jump-time', { offsetDays: 365 })).time);
+    const newResultDate = new Date((await user.post('/debug/jump-time', { offsetDays: 355 })).time);
    expect(newResultDate.getFullYear()).to.eql(today.getFullYear() + 1);
  });

@@ -85,6 +85,22 @@ describe('POST /group/:groupId/join', () => {
        await expect(user.get('/user')).to.eventually.have.nested.property('items.quests.basilist', 1);
      });

+      it('notifies inviting user that their invitation was accepted', async () => {
+        await invitedUser.post(`/groups/${guild._id}/join`);
+
+        const inviter = await user.get('/user');
+        const expectedData = {
+          headerText: t('invitationAcceptedHeader'),
+          bodyText: t('invitationAcceptedBody', {
+            username: invitedUser.auth.local.username,
+            groupName: guild.name,
+          }),
+        };
+
+        expect(inviter.notifications[1].type).to.eql('GROUP_INVITE_ACCEPTED');
+        expect(inviter.notifications[1].data).to.eql(expectedData);
+      });
+
      it('awards Joined Guild achievement', async () => {
        await invitedUser.post(`/groups/${guild._id}/join`);

@@ -139,6 +155,23 @@ describe('POST /group/:groupId/join', () => {
        await expect(invitedUser.get('/user')).to.eventually.have.nested.property('party._id', party._id);
      });

+      it('notifies inviting user that their invitation was accepted', async () => {
+        await invitedUser.post(`/groups/${party._id}/join`);
+
+        const inviter = await user.get('/user');
+
+        const expectedData = {
+          headerText: t('invitationAcceptedHeader'),
+          bodyText: t('invitationAcceptedBody', {
+            username: invitedUser.auth.local.username,
+            groupName: party.name,
+          }),
+        };
+
+        expect(inviter.notifications[0].type).to.eql('GROUP_INVITE_ACCEPTED');
+        expect(inviter.notifications[0].data).to.eql(expectedData);
+      });
+
      it('clears invitation from user when joining party', async () => {
        await invitedUser.post(`/groups/${party._id}/join`);

@@ -61,24 +61,6 @@ describe('Post /groups/:groupId/invite', () => {
        });
    });

-    it('fakes sending an invite if user is shadow muted', async () => {
-      const inviterMuted = await inviter.updateOne({ 'flags.chatShadowMuted': true });
-      const userToInvite = await generateUser();
-
-      const response = await inviterMuted.post(`/groups/${group._id}/invite`, {
-        usernames: [userToInvite.auth.local.lowerCaseUsername],
-      });
-      expect(response).to.be.an('Array');
-      expect(response[0]).to.have.all.keys(['_id', 'id', 'name', 'inviter']);
-      expect(response[0]._id).to.be.a('String');
-      expect(response[0].id).to.eql(group._id);
-      expect(response[0].name).to.eql(groupName);
-      expect(response[0].inviter).to.eql(inviter._id);
-
-      await expect(userToInvite.get('/user'))
-        .to.eventually.not.have.nested.property('invitations.parties[0].id', group._id);
-    });
-
    it('invites a user to a group by username', async () => {
      const userToInvite = await generateUser();

@@ -227,24 +209,6 @@ describe('Post /groups/:groupId/invite', () => {
        });
    });

-    it('fakes sending an invite if user is shadow muted', async () => {
-      const inviterMuted = await inviter.updateOne({ 'flags.chatShadowMuted': true });
-      const userToInvite = await generateUser();
-
-      const response = await inviterMuted.post(`/groups/${group._id}/invite`, {
-        uuids: [userToInvite._id],
-      });
-      expect(response).to.be.an('Array');
-      expect(response[0]).to.have.all.keys(['_id', 'id', 'name', 'inviter']);
-      expect(response[0]._id).to.be.a('String');
-      expect(response[0].id).to.eql(group._id);
-      expect(response[0].name).to.eql(groupName);
-      expect(response[0].inviter).to.eql(inviter._id);
-
-      await expect(userToInvite.get('/user'))
-        .to.eventually.not.have.nested.property('invitations.parties[0].id', group._id);
-    });
-
    it('invites a user to a group by uuid', async () => {
      const userToInvite = await generateUser();

@@ -317,19 +281,6 @@ describe('Post /groups/:groupId/invite', () => {
        });
    });

-    it('fakes sending invite when inviter is shadow muted', async () => {
-      const inviterMuted = await inviter.updateOne({ 'flags.chatShadowMuted': true });
-      const res = await inviterMuted.post(`/groups/${group._id}/invite`, {
-        emails: [testInvite],
-        inviter: 'inviter name',
-      });
-
-      const updatedUser = await inviterMuted.sync();
-
-      expect(res).to.exist;
-      expect(updatedUser.invitesSent).to.eql(1);
-    });
-
    it('returns an error when invite is missing an email', async () => {
      await expect(inviter.post(`/groups/${group._id}/invite`, {
        emails: [{ name: 'test' }],
@@ -454,19 +405,6 @@ describe('Post /groups/:groupId/invite', () => {
        });
    });

-    it('fakes sending an invite if user is shadow muted', async () => {
-      const inviterMuted = await inviter.updateOne({ 'flags.chatShadowMuted': true });
-      const newUser = await generateUser();
-      const invite = await inviterMuted.post(`/groups/${group._id}/invite`, {
-        uuids: [newUser._id],
-        emails: [{ name: 'test', email: 'test@habitica.com' }],
-      });
-      const invitedUser = await newUser.get('/user');
-
-      expect(invitedUser.invitations.parties[0]).to.not.exist;
-      expect(invite).to.exist;
-    });
-
    it('invites users to a group by uuid and email', async () => {
      const newUser = await generateUser();
      const invite = await inviter.post(`/groups/${group._id}/invite`, {
@@ -10,7 +10,6 @@ describe('GET /heroes/:heroId', () => {
  const heroFields = [
    '_id', 'id', 'auth', 'balance', 'contributor', 'flags', 'items',
    'lastCron', 'party', 'preferences', 'profile', 'purchased', 'secret', 'achievements',
-    'stats',
  ];

  before(async () => {
@@ -11,7 +11,6 @@ describe('PUT /heroes/:heroId', () => {
  const heroFields = [
    '_id', 'auth', 'balance', 'contributor', 'flags', 'items', 'lastCron',
    'party', 'preferences', 'profile', 'purchased', 'secret', 'permissions', 'achievements',
-    'stats',
  ];

  before(async () => {
@@ -61,12 +60,12 @@ describe('PUT /heroes/:heroId', () => {
    expect(heroRes.profile).to.have.all.keys(['name']);

    // test response values
-    expect(heroRes.balance).to.equal(3 + 2.5); // 3+2.5 for first contrib level
+    expect(heroRes.balance).to.equal(3 + 0.75); // 3+0.75 for first contrib level
    expect(heroRes.contributor.level).to.equal(1);
    expect(heroRes.purchased.ads).to.equal(true);
    // test hero values
    await hero.sync();
-    expect(hero.balance).to.equal(3 + 2.5); // 3+2.5 for first contrib level
+    expect(hero.balance).to.equal(3 + 0.75); // 3+0.75 for first contrib level
    expect(hero.contributor.level).to.equal(1);
    expect(hero.purchased.ads).to.equal(true);
    expect(hero.auth.blocked).to.equal(prevBlockState);
@@ -137,12 +136,12 @@ describe('PUT /heroes/:heroId', () => {
    expect(heroRes.profile).to.have.all.keys(['name']);

    // test response values
-    expect(heroRes.balance).to.equal(15); // 0+15 for sixth contrib level
+    expect(heroRes.balance).to.equal(1); // 0+1 for sixth contrib level
    expect(heroRes.contributor.level).to.equal(6);
    expect(heroRes.items.pets['Dragon-Hydra']).to.equal(5);
    // test hero values
    await hero.sync();
-    expect(hero.balance).to.equal(15); // 0+15 for sixth contrib level
+    expect(hero.balance).to.equal(1); // 0+1 for sixth contrib level
    expect(hero.contributor.level).to.equal(6);
    expect(hero.items.pets['Dragon-Hydra']).to.equal(5);
  });
@@ -47,7 +47,7 @@ describe('GET /inbox/messages', () => {
  it('returns four messages when using page-query ', async () => {
    const promises = [];

-    for (let i = 0; i < 50; i += 1) {
+    for (let i = 0; i < 10; i += 1) {
      promises.push(user.post('/members/send-private-message', {
        toUserId: user.id,
        message: 'fourth',
@@ -1,56 +0,0 @@
-import {
-  generateUser,
-  translate as t,
-} from '../../../../helpers/api-integration/v3';
-import common from '../../../../../website/common';
-
-describe('GET /members/username/:username', () => {
-  let user;
-
-  before(async () => {
-    user = await generateUser();
-  });
-
-  it('validates req.params.username', async () => {
-    await expect(user.get('/members/username/')).to.eventually.be.rejected.and.eql({
-      code: 400,
-      error: 'BadRequest',
-      message: t('invalidReqParams'),
-    });
-  });
-
-  it('returns a member\'s public data only', async () => {
-    // make sure user has all the fields that can be returned by the getMember call
-    const member = await generateUser({
-      contributor: { level: 1 },
-      backer: { tier: 3 },
-      preferences: {
-        costume: false,
-        background: 'volcano',
-      },
-      secret: {
-        text: 'Clark Kent',
-      },
-    });
-    const memberRes = await user.get(`/members/username/${member.auth.local.username}`);
-    expect(memberRes).to.have.all.keys([ // works as: object has all and only these keys
-      '_id', 'id', 'preferences', 'profile', 'stats', 'achievements', 'party',
-      'backer', 'contributor', 'auth', 'items', 'inbox', 'loginIncentives', 'flags',
-    ]);
-    expect(Object.keys(memberRes.auth)).to.eql(['local', 'timestamps']);
-    expect(Object.keys(memberRes.preferences).sort()).to.eql([
-      'size', 'hair', 'skin', 'shirt',
-      'chair', 'costume', 'sleep', 'background', 'tasks', 'disableClasses',
-    ].sort());
-
-    expect(memberRes.stats.maxMP).to.exist;
-    expect(memberRes.stats.maxHealth).to.equal(common.maxHealth);
-    expect(memberRes.stats.toNextLevel).to.equal(common.tnl(memberRes.stats.lvl));
-    expect(memberRes.inbox.optOut).to.exist;
-    expect(memberRes.inbox.canReceive).to.exist;
-    expect(memberRes.inbox.messages).to.not.exist;
-    expect(memberRes.secret).to.not.exist;
-
-    expect(memberRes.blocks).to.not.exist;
-  });
-});
@@ -43,7 +43,7 @@ describe('POST /members/send-private-message', () => {
    });
  });

-  it('returns error when recipient has blocked the sender', async () => {
+  it('returns error when to user has blocked the sender', async () => {
    const receiver = await generateUser({ 'inbox.blocks': [userToSendMessage._id] });

    await expect(userToSendMessage.post('/members/send-private-message', {
@@ -56,7 +56,7 @@ describe('POST /members/send-private-message', () => {
    });
  });

-  it('returns error when sender has blocked recipient', async () => {
+  it('returns error when sender has blocked to user', async () => {
    const receiver = await generateUser();
    const sender = await generateUser({ 'inbox.blocks': [receiver._id] });

@@ -70,7 +70,7 @@ describe('POST /members/send-private-message', () => {
    });
  });

-  it('returns error when recipient has opted out of messaging', async () => {
+  it('returns error when to user has opted out of messaging', async () => {
    const receiver = await generateUser({ 'inbox.optOut': true });

    await expect(userToSendMessage.post('/members/send-private-message', {
@@ -174,7 +174,7 @@ describe('POST /members/send-private-message', () => {
    expect(notification.data.excerpt).to.equal(messageExcerpt);
  });

-  it('allows admin to send when recipient has blocked the admin', async () => {
+  it('allows admin to send when sender has blocked the admin', async () => {
    userToSendMessage = await generateUser({
      'permissions.moderator': true,
    });
@@ -202,7 +202,7 @@ describe('POST /members/send-private-message', () => {
    expect(sendersMessageInSendersInbox).to.exist;
  });

-  it('allows admin to send when recipient has opted out of messaging', async () => {
+  it('allows admin to send when to user has opted out of messaging', async () => {
    userToSendMessage = await generateUser({
      'permissions.moderator': true,
    });
@@ -229,58 +229,4 @@ describe('POST /members/send-private-message', () => {
    expect(sendersMessageInReceiversInbox).to.exist;
    expect(sendersMessageInSendersInbox).to.exist;
  });
-
-  describe('sender is shadow muted', () => {
-    beforeEach(async () => {
-      userToSendMessage = await generateUser({
-        'flags.chatShadowMuted': true,
-      });
-    });
-
-    it('does not save the message in the receiver inbox', async () => {
-      const receiver = await generateUser();
-
-      const response = await userToSendMessage.post('/members/send-private-message', {
-        message: messageToSend,
-        toUserId: receiver._id,
-      });
-
-      expect(response.message.uuid).to.equal(receiver._id);
-
-      const updatedReceiver = await receiver.get('/user');
-      const updatedSender = await userToSendMessage.get('/user');
-
-      const sendersMessageInReceiversInbox = _.find(
-        updatedReceiver.inbox.messages,
-        message => message.uuid === userToSendMessage._id && message.text === messageToSend,
-      );
-
-      const sendersMessageInSendersInbox = _.find(
-        updatedSender.inbox.messages,
-        message => message.uuid === receiver._id && message.text === messageToSend,
-      );
-
-      expect(sendersMessageInReceiversInbox).to.not.exist;
-      expect(sendersMessageInSendersInbox).to.exist;
-    });
-
-    it('does not save the message message twice if recipient is sender', async () => {
-      const response = await userToSendMessage.post('/members/send-private-message', {
-        message: messageToSend,
-        toUserId: userToSendMessage._id,
-      });
-
-      expect(response.message.uuid).to.equal(userToSendMessage._id);
-
-      const updatedSender = await userToSendMessage.get('/user');
-
-      const sendersMessageInSendersInbox = _.find(
-        updatedSender.inbox.messages,
-        message => message.uuid === userToSendMessage._id && message.text === messageToSend,
-      );
-
-      expect(sendersMessageInSendersInbox).to.exist;
-      expect(Object.keys(updatedSender.inbox.messages).length).to.equal(1);
-    });
-  });
 });
@@ -101,6 +101,34 @@ describe('GET /tasks/user', () => {
    expect(allCompletedTodos[allCompletedTodos.length - 1].text).to.equal('todo to complete 2');
  });

+  it('returns only some completed todos if req.query.type is "completedTodos" or "_allCompletedTodos"', async () => {
+    const LIMIT = 30;
+    const numberOfTodos = LIMIT + 1;
+    const todosInput = [];
+
+    for (let i = 0; i < numberOfTodos; i += 1) {
+      todosInput[i] = { text: `todo to complete ${i}`, type: 'todo' };
+    }
+    const todos = await user.post('/tasks/user', todosInput);
+    await user.sync();
+    const initialTodoCount = user.tasksOrder.todos.length;
+
+    for (let i = 0; i < numberOfTodos; i += 1) {
+      const id = todos[i]._id;
+
+      await user.post(`/tasks/${id}/score/up`); // eslint-disable-line no-await-in-loop
+    }
+    await user.sync();
+
+    expect(user.tasksOrder.todos.length).to.equal(initialTodoCount - numberOfTodos);
+
+    const completedTodos = await user.get('/tasks/user?type=completedTodos');
+    expect(completedTodos.length).to.equal(LIMIT);
+
+    const allCompletedTodos = await user.get('/tasks/user?type=_allCompletedTodos');
+    expect(allCompletedTodos.length).to.equal(numberOfTodos);
+  });
+
  it('returns dailies with isDue for the date specified', async () => {
    // @TODO Add required format
    const startDate = moment().subtract('1', 'days').toISOString();
@@ -125,90 +125,6 @@ describe('POST /tasks/:id/score/:direction', () => {
        expect(body.finalLvl).to.eql(user.stats.lvl);
      });
    });
-
-    context('handles drops', async () => {
-      let randomStub;
-
-      afterEach(() => {
-        randomStub.restore();
-      });
-      it('gives user a drop', async () => {
-        user = await generateUser({
-          'stats.gp': 100,
-          'achievements.completedTask': true,
-          'items.eggs': {
-            Wolf: 1,
-          },
-        });
-        randomStub = sandbox.stub(Math, 'random').returns(0.1);
-        const task = await user.post('/tasks/user', {
-          text: 'test habit',
-          type: 'habit',
-        });
-
-        const res = await user.post(`/tasks/${task.id}/score/up`);
-        expect(res._tmp.drop).to.be.ok;
-      });
-
-      it('does not give a drop when non-sub drop cap is reached', async () => {
-        user = await generateUser({
-          'stats.gp': 100,
-          'achievements.completedTask': true,
-          'items.eggs': {
-            Wolf: 1,
-          },
-          'items.lastDrop.count': 5,
-        });
-        randomStub = sandbox.stub(Math, 'random').returns(0.1);
-        const task = await user.post('/tasks/user', {
-          text: 'test habit',
-          type: 'habit',
-        });
-
-        const res = await user.post(`/tasks/${task.id}/score/up`);
-        expect(res._tmp.drop).to.be.undefined;
-      });
-
-      it('gives a drop when subscriber is over regular cap but under subscriber cap', async () => {
-        user = await generateUser({
-          'stats.gp': 100,
-          'achievements.completedTask': true,
-          'items.eggs': {
-            Wolf: 1,
-          },
-          'items.lastDrop.count': 6,
-          'purchased.plan.customerId': '123',
-        });
-        randomStub = sandbox.stub(Math, 'random').returns(0.1);
-        const task = await user.post('/tasks/user', {
-          text: 'test habit',
-          type: 'habit',
-        });
-
-        const res = await user.post(`/tasks/${task.id}/score/up`);
-        expect(res._tmp.drop).to.be.ok;
-      });
-
-      it('does not give a drop when subscriber is at subscriber drop cap', async () => {
-        user = await generateUser({
-          'stats.gp': 100,
-          'achievements.completedTask': true,
-          'items.eggs': {
-            Wolf: 1,
-          },
-          'items.lastDrop.count': 10,
-          'purchased.plan.customerId': '123',
-        });
-        randomStub = sandbox.stub(Math, 'random').returns(0.1);
-        const task = await user.post('/tasks/user', {
-          text: 'test habit',
-          type: 'habit',
-        });
-
-        const res = await user.post(`/tasks/${task.id}/score/up`);
-        expect(res._tmp.drop).to.be.undefined;
-      });
-    });
  });

  context('todos', () => {
@@ -105,9 +105,9 @@ describe('POST /tasks/:taskId/assign/:memberId', () => {

    const groupTask = await user.get(`/tasks/group/${guild._id}`);

-    const lastNotification = member.notifications[member.notifications.length - 1];
-    expect(lastNotification.type).to.equal('GROUP_TASK_ASSIGNED');
-    expect(lastNotification.taskId).to.equal(groupTask._id);
+    expect(member.notifications.length).to.equal(2);
+    expect(member.notifications[1].type).to.equal('GROUP_TASK_ASSIGNED');
+    expect(member.notifications[1].taskId).to.equal(groupTask._id);
  });

  it('assigns a task to multiple users', async () => {
@@ -89,12 +89,10 @@ describe('POST /tasks/:taskId/unassign/:memberId', () => {
  });

  it('removes task assignment notification from unassigned user', async () => {
-    await member.sync();
-    const oldNotificationCount = member.notifications.length;
    await user.post(`/tasks/${task._id}/unassign/${member._id}`);

    await member.sync();
-    expect(member.notifications.length).to.equal(oldNotificationCount - 1);
+    expect(member.notifications.length).to.equal(1); // mystery items
  });

  it('unassigns a user and only that user from a task', async () => {
@@ -1,6 +1,7 @@
 import {
  generateUser,
 } from '../../../../helpers/api-integration/v3';
+import { mockAnalyticsService as analytics } from '../../../../../website/server/libs/analyticsService';

 describe('POST /user/sleep', () => {
  let user;
@@ -22,4 +23,15 @@ describe('POST /user/sleep', () => {
    await user.sync();
    expect(user.preferences.sleep).to.be.false;
  });
+
+  it('sends sleep status to analytics service', async () => {
+    sandbox.spy(analytics, 'track');
+
+    await user.post('/user/sleep');
+    await user.sync();
+    expect(analytics.track).to.be.calledOnce;
+    expect(analytics.track).to.be.calledWith('sleep', sandbox.match.has('status', user.preferences.sleep));
+
+    sandbox.restore();
+  });
 });
@@ -25,7 +25,7 @@ describe('GET /user/auth/apple', () => {
  });

  it('registers a new user', async () => {
-    const response = await api.get(`${appleEndpoint}?allowRegister=true`);
+    const response = await api.get(appleEndpoint);

    expect(response.apiToken).to.exist;
    expect(response.id).to.exist;
@@ -35,7 +35,7 @@ describe('GET /user/auth/apple', () => {
  });

  it('logs an existing user in', async () => {
-    const registerResponse = await api.get(`${appleEndpoint}?allowRegister=true`);
+    const registerResponse = await api.get(appleEndpoint);

    const response = await api.get(appleEndpoint);

@@ -238,28 +238,6 @@ describe('POST /user/auth/reset-password-set-new-one', () => {
    expect(isPassValid).to.equal(true);
  });

-  it('changes the apiToken on password reset', async () => {
-    const user = await generateUser();
-    const previousToken = user.apiToken;
-
-    const code = encrypt(JSON.stringify({
-      userId: user._id,
-      expiresAt: moment().add({ days: 1 }),
-    }));
-    await user.updateOne({
-      'auth.local.passwordResetCode': code,
-    });
-
-    await api.post(`${endpoint}`, {
-      newPassword: 'my new password',
-      confirmPassword: 'my new password',
-      code,
-    });
-
-    await user.sync();
-    expect(user.apiToken).to.not.eql(previousToken);
-  });
-
  it('renders the success page and convert the password from sha1 to bcrypt', async () => {
    const user = await generateUser();

@@ -44,7 +44,7 @@ describe('POST /user/auth/local/login', () => {
    })).to.eventually.be.rejected.and.eql({
      code: 401,
      error: 'NotAuthorized',
-      message: t('accountSuspended', { communityManagerEmail: nconf.get('EMAILS_COMMUNITY_MANAGER_EMAIL'), userId: user._id, username: user.auth.local.username }),
+      message: t('accountSuspended', { communityManagerEmail: nconf.get('EMAILS_COMMUNITY_MANAGER_EMAIL'), userId: user._id }),
    });
  });

@@ -110,18 +110,6 @@ describe('POST /user/auth/local/login', () => {
    expect(isValidPassword).to.equal(true);
  });

-  it('sets auth.timestamps.updated', async () => {
-    const oldUpdated = new Date(user.auth.timestamps.updated);
-    // login
-    await api.post(endpoint, {
-      username: user.auth.local.email,
-      password,
-    });
-
-    await user.sync();
-    expect(user.auth.timestamps.updated).to.be.greaterThan(oldUpdated);
-  });
-
  it('user uses social authentication and has no password', async () => {
    await user.unset({
      'auth.local.hashed_password': 1,
@@ -9,7 +9,6 @@ import {
 } from '../../../../../helpers/api-integration/v3';
 import { ApiUser } from '../../../../../helpers/api-integration/api-classes';
 import { encrypt } from '../../../../../../website/server/libs/encryption';
-import { RegistrationEventModel } from '../../../../../../website/server/models/analytics/registrationEvent';

 function generateRandomUserName () {
  return (Date.now() + uuid()).substring(0, 20);
@@ -42,25 +41,6 @@ describe('POST /user/auth/local/register', () => {
      expect(user.newUser).to.eql(true);
    });

-    it('tracks a registration event', async () => {
-      const username = generateRandomUserName();
-      const email = `${username}@example.com`;
-      const password = 'password';
-
-      const user = await api.post('/user/auth/local/register', {
-        username,
-        email,
-        password,
-        confirmPassword: password,
-      });
-
-      const registrationEvent = await RegistrationEventModel.findOne({ userId: user._id });
-      expect(registrationEvent).to.exist;
-      expect(registrationEvent).to.have.property('userId', user._id);
-      expect(registrationEvent).to.have.property('ipAddress');
-      expect(registrationEvent).to.have.property('authenticationMethod', 'local');
-    });
-
    it('registers a new user and sets verifiedUsername to true', async () => {
      const username = generateRandomUserName();
      const email = `${username}@example.com`;
@@ -6,8 +6,6 @@ import {
  translate as t,
  getProperty,
 } from '../../../../../helpers/api-integration/v3';
-import apiErrorMessages from '../../../../../../website/common/script/errors/apiErrorMessages';
-import { RegistrationEventModel } from '../../../../../../website/server/models/analytics/registrationEvent';

 describe('POST /user/auth/social', () => {
  let api;
@@ -66,77 +64,6 @@ describe('POST /user/auth/social', () => {
      await expect(getProperty('users', response.id, 'profile.name')).to.eventually.equal('a google user');
    });

-    it('tracks a registration event', async () => {
-      const socialUser = await api.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-      });
-
-      const registrationEvent = await RegistrationEventModel.findOne({ userId: socialUser.id });
-      expect(registrationEvent).to.exist;
-      expect(registrationEvent).to.have.property('userId', socialUser.id);
-      expect(registrationEvent).to.have.property('ipAddress');
-      expect(registrationEvent).to.have.property('authenticationMethod', 'google');
-    });
-
-    it('includes sanitized version of provided username', async () => {
-      const response = await api.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-        username: 'Google User Name',
-      });
-
-      await expect(getProperty('users', response.id, 'auth.local.username')).to.eventually.equal('GoogleUserName');
-      await expect(getProperty('users', response.id, 'auth.local.lowerCaseUsername')).to.eventually.equal('googleusername');
-    });
-
-    it('generates a random username if provided username contains only disallowed characters', async () => {
-      const response = await api.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-        username: 'Áîüè',
-      });
-
-      await expect(getProperty('users', response.id, 'auth.local.username')).to.eventually.contain('hb-');
-      await expect(getProperty('users', response.id, 'auth.local.lowerCaseUsername')).to.eventually.contain('hb-');
-    });
-
-    it('generates a random username if provided username contains a disallowed word', async () => {
-      const response = await api.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-        username: 'i am a TESTPLACEHOLDERSLURWORDHERE',
-      });
-
-      await expect(getProperty('users', response.id, 'auth.local.username')).to.eventually.contain('hb-');
-      await expect(getProperty('users', response.id, 'auth.local.lowerCaseUsername')).to.eventually.contain('hb-');
-    });
-
-    it('generates a random username if sanitized username conflicts with an extant user', async () => {
-      user = await generateUser({ 'auth.local.username': 'GoogleUserName' });
-
-      const response = await api.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-        username: 'Google User Name',
-      });
-
-      await expect(getProperty('users', response.id, 'auth.local.username')).to.eventually.contain('hb-');
-      await expect(getProperty('users', response.id, 'auth.local.lowerCaseUsername')).to.eventually.contain('hb-');
-    });
-
-    it('fails if allowRegister is false and user does not exist', async () => {
-      await expect(api.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-        allowRegister: false,
-      })).to.eventually.be.rejected.and.eql({
-        code: 404,
-        error: 'NotFound',
-        message: `${apiErrorMessages.socialFlowUserNotFound} ${user.auth.local.username}+google@example.com`,
-      });
-    });
-
    it('logs an existing user in', async () => {
      const registerResponse = await api.post(endpoint, {
        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
@@ -204,36 +131,6 @@ describe('POST /user/auth/social', () => {
      expect(response.newUser).to.be.false;
    });

-    it('logs an existing user into their social account if allowRegister is false', async () => {
-      const registerResponse = await api.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-      });
-      expect(registerResponse.newUser).to.be.true;
-      // This is important for existing accounts before the new social handling
-      passport._strategies.google.userProfile.restore();
-      const expectedResult = {
-        id: randomGoogleId,
-        displayName: 'a google user',
-        emails: [
-          { value: user.auth.local.email },
-        ],
-      };
-      sandbox.stub(passport._strategies.google, 'userProfile').yields(null, expectedResult);
-
-      const response = await api.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-        allowRegister: false,
-      });
-
-      expect(response.apiToken).to.eql(registerResponse.apiToken);
-      expect(response.id).to.eql(registerResponse.id);
-      expect(response.apiToken).not.to.eql(user.apiToken);
-      expect(response.id).not.to.eql(user._id);
-      expect(response.newUser).to.be.false;
-    });
-
    it('add social auth to an existing user', async () => {
      const response = await user.post(endpoint, {
        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
@@ -245,17 +142,6 @@ describe('POST /user/auth/social', () => {
      expect(response.newUser).to.be.false;
    });

-    it('does not track a registration event for existing users', async () => {
-      const beforeEvents = await RegistrationEventModel.find({ userId: user._id });
-      await user.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-      });
-
-      const registrationEvents = await RegistrationEventModel.find({ userId: user._id });
-      expect(registrationEvents).to.have.lengthOf(beforeEvents.length);
-    });
-
    it('does not log into other account if social auth already exists', async () => {
      const registerResponse = await api.post(endpoint, {
        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
@@ -281,24 +167,5 @@ describe('POST /user/auth/social', () => {

      await expect(getProperty('users', user._id, '_ABtests')).to.eventually.be.a('object');
    });
-
-    it('sets auth.timestamps.updated', async () => {
-      let oldUpdated = new Date(user.auth.timestamps.updated);
-      await user.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-      });
-      await user.sync();
-      expect(user.auth.timestamps.updated).to.be.greaterThan(oldUpdated);
-      oldUpdated = new Date(user.auth.timestamps.updated);
-
-      // Do it again to ensure it updates even when nothing else changes
-      await api.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-      });
-      await user.sync();
-      expect(user.auth.timestamps.updated).to.be.greaterThan(oldUpdated);
-    });
  });
 });
@@ -27,30 +27,11 @@ describe('PUT /user/auth/update-password', async () => {
      newPassword,
      confirmPassword: newPassword,
    });
-
-    expect(response).to.exist;
-    expect(response.apiToken).to.exist;
-
+    expect(response).to.eql({});
    await user.sync();
    expect(user.auth.local.hashed_password).to.not.eql(previousHashedPassword);
  });

-  it('should change the apiToken on password change', async () => {
-    const previousToken = user.apiToken;
-    const response = await user.put(ENDPOINT, {
-      password,
-      newPassword,
-      confirmPassword: newPassword,
-    });
-
-    const newToken = response.apiToken;
-    expect(newToken).to.exist;
-
-    await user.sync();
-    expect(user.apiToken).to.eql(newToken);
-    expect(user.apiToken).to.not.eql(previousToken);
-  });
-
  it('returns an error when confirmPassword does not match newPassword', async () => {
    await expect(user.put(ENDPOINT, {
      password,
@@ -31,7 +31,7 @@ describe('POST /user/buy-mystery-set/:key', () => {

    expect(res.data).to.eql({
      items: JSON.parse(JSON.stringify(user.items)), // otherwise dates can't be compared
-      purchasedPlanConsecutive: JSON.parse(JSON.stringify(user.purchased.plan.consecutive)),
+      purchasedPlanConsecutive: user.purchased.plan.consecutive,
    });
    expect(res.message).to.equal(t('hourglassPurchaseSet'));
  });
@@ -66,7 +66,7 @@ describe('GET /inbox/conversations', () => {
  it('returns five messages when using page-query ', async () => {
    const promises = [];

-    for (let i = 0; i < 50; i += 1) {
+    for (let i = 0; i < 10; i += 1) {
      promises.push(user.post('/members/send-private-message', {
        toUserId: user.id,
        message: 'fourth',
@@ -1,104 +0,0 @@
-import find from 'lodash/find';
-import {
-  generateUser,
-  translate as t,
-} from '../../../helpers/api-integration/v4';
-
-/**
- * Checks the messages array if the uniqueMessageId has the like flag
- * @param {InboxMessage[]} messages
- * @param {String} uniqueMessageId
- * @param {String} userId
- * @param {Boolean} likeStatus
- */
-function expectMessagesLikeStatus (messages, uniqueMessageId, userId, likeStatus) {
-  const messageToCheck = find(messages, { uniqueMessageId });
-
-  expect(messageToCheck.likes[userId]).to.equal(likeStatus);
-}
-
-// eslint-disable-next-line mocha/no-exclusive-tests
-describe('POST /inbox/like-private-message/:messageId', () => {
-  let userToSendMessage;
-  const getLikeUrl = messageId => `/inbox/like-private-message/${messageId}`;
-
-  before(async () => {
-    userToSendMessage = await generateUser();
-  });
-
-  it('returns an error when private message is not found', async () => {
-    await expect(userToSendMessage.post(getLikeUrl('some-unknown-id')))
-      .to.eventually.be.rejected.and.eql({
-        code: 404,
-        error: 'NotFound',
-        message: t('messageGroupChatNotFound'),
-      });
-  });
-
-  it('likes a message', async () => {
-    const receiver = await generateUser();
-
-    const sentMessageResult = await userToSendMessage.post('/members/send-private-message', {
-      message: 'some message :)',
-      toUserId: receiver._id,
-    });
-
-    const { uniqueMessageId } = sentMessageResult.message;
-
-    const likeResult = await receiver.post(getLikeUrl(uniqueMessageId));
-    expect(likeResult.likes[receiver._id]).to.equal(true);
-
-    const senderMessages = await userToSendMessage.get('/inbox/messages');
-
-    expectMessagesLikeStatus(senderMessages, uniqueMessageId, receiver._id, true);
-
-    const receiversMessages = await receiver.get('/inbox/messages');
-
-    expectMessagesLikeStatus(receiversMessages, uniqueMessageId, receiver._id, true);
-  });
-
-  it('allows a user to like their own private message', async () => {
-    const receiver = await generateUser();
-
-    const sentMessageResult = await userToSendMessage.post('/members/send-private-message', {
-      message: 'some message :)',
-      toUserId: receiver._id,
-    });
-
-    const { uniqueMessageId } = sentMessageResult.message;
-
-    const likeResult = await userToSendMessage.post(getLikeUrl(uniqueMessageId));
-    expect(likeResult.likes[userToSendMessage._id]).to.equal(true);
-
-    const messages = await userToSendMessage.get('/inbox/messages');
-    expectMessagesLikeStatus(messages, uniqueMessageId, userToSendMessage._id, true);
-
-    const receiversMessages = await receiver.get('/inbox/messages');
-
-    expectMessagesLikeStatus(receiversMessages, uniqueMessageId, userToSendMessage._id, true);
-  });
-
-  it('unlikes a message', async () => {
-    const receiver = await generateUser();
-
-    const sentMessageResult = await userToSendMessage.post('/members/send-private-message', {
-      message: 'some message :)',
-      toUserId: receiver._id,
-    });
-
-    const { uniqueMessageId } = sentMessageResult.message;
-
-    const likeResult = await receiver.post(getLikeUrl(uniqueMessageId));
-
-    expect(likeResult.likes[receiver._id]).to.equal(true);
-
-    const unlikeResult = await receiver.post(getLikeUrl(uniqueMessageId));
-
-    expect(unlikeResult.likes[receiver._id]).to.equal(false);
-
-    const messages = await userToSendMessage.get('/inbox/messages');
-
-    const messageToCheck = find(messages, { id: sentMessageResult.message.id });
-    expect(messageToCheck.likes[receiver._id]).to.equal(false);
-  });
-});
@@ -40,24 +40,6 @@ describe('GET /user', () => {
    expect(returnedUser.stats).to.not.exist;
  });

-  it('returns when ALWAYS_LOADED paths are requested', async () => {
-    const returnedUser = await user.get('/user?userFields=_id,notifications,preferences,auth,flags,permissions');
-
-    expect(returnedUser._id).to.equal(user._id);
-    expect(returnedUser.notifications).to.exist;
-    expect(returnedUser.preferences).to.exist;
-    expect(returnedUser.auth).to.exist;
-    expect(returnedUser.flags).to.exist;
-    expect(returnedUser.permissions).to.exist;
-  });
-
-  it('returns when subpaths paths are requested', async () => {
-    const returnedUser = await user.get('/user?userFields=auth.local.username');
-
-    expect(returnedUser._id).to.equal(user._id);
-    expect(returnedUser.auth.local.username).to.exist;
-  });
-
  it('does not return requested private properties', async () => {
    const returnedUser = await user.get('/user?userFields=apiToken,secret.text');

@@ -1,66 +0,0 @@
-import {
-  translate as t,
-  requester,
-  generateUser,
-} from '../../../../helpers/api-integration/v4';
-
-const ENDPOINT = '/user/auth/check-email';
-
-describe('POST /user/auth/check-email', () => {
-  const email = 'SOmE-nEw-emAIl_2@example.net';
-  let api;
-
-  beforeEach(async () => {
-    api = requester();
-  });
-
-  it('returns email if it is not used yet', async () => {
-    const response = await api.post(ENDPOINT, {
-      email,
-    });
-    expect(response.email).to.eql(email);
-    expect(response.valid).to.be.true;
-  });
-
-  it('rejects if email is not provided', async () => {
-    await expect(api.post(ENDPOINT, {
-    })).to.eventually.be.rejected.and.eql({
-      code: 400,
-      error: 'BadRequest',
-      message: 'Invalid request parameters.',
-    });
-  });
-
-  it('rejects if email is already taken', async () => {
-    const user = await generateUser();
-
-    const response = await api.post(ENDPOINT, {
-      email: user.auth.local.email,
-    });
-    expect(response).to.eql({
-      valid: false,
-      email: user.auth.local.email,
-      error: t('cannotFulfillReq'),
-    });
-  });
-
-  it('rejects if casing is different', async () => {
-    const user = await generateUser();
-
-    const response = await api.post(ENDPOINT, {
-      email: user.auth.local.email.toUpperCase(),
-    });
-    expect(response).to.eql({
-      valid: false,
-      email: user.auth.local.email.toUpperCase(),
-      error: t('cannotFulfillReq'),
-    });
-  });
-
-  it('rejects if email uses restricted domain', async () => {
-    const response = await api.post(ENDPOINT, {
-      email: 'fake@habitica.com',
-    });
-    expect(response.valid).to.be.false;
-  });
-});
@@ -183,6 +183,8 @@ describe('cron utility functions', () => {
  });

  describe('getPlanContext', () => {
+    const now = new Date(2022, 5, 1);
+
    function baseUserData (count, offset, planId) {
      return {
        purchased: {
@@ -190,7 +192,7 @@ describe('cron utility functions', () => {
            consecutive: {
              count,
              offset,
-              gemCapExtra: 26,
+              gemCapExtra: 25,
              trinkets: 19,
            },
            quantity: 1,
@@ -211,19 +213,52 @@ describe('cron utility functions', () => {
      };
    }

-    it('elapsedMonths is 0 if its the same month', () => {
+    it('monthly plan, next date in 3 months', () => {
      const user = baseUserData(60, 0, 'group_plan_auto');
+      user.purchased.plan.perkMonthCount = 0;

-      const planContext = getPlanContext(user, new Date(2022, 4, 20));
-      expect(planContext.elapsedMonths).to.equal(0);
+      const planContext = getPlanContext(user, now);
+
+      expect(planContext.nextHourglassDate)
+        .to.be.sameMoment('2022-08-10T02:00:00.144Z');
    });

-    it('elapsedMonths is 1 after one month', () => {
-      const user = baseUserData(60, 0, 'group_plan_auto');
+    it('monthly plan, next date in 1 month', () => {
+      const user = baseUserData(62, 0, 'group_plan_auto');
+      user.purchased.plan.perkMonthCount = 2;

-      const planContext = getPlanContext(user, new Date(2022, 5, 11));
+      const planContext = getPlanContext(user, now);

-      expect(planContext.elapsedMonths).to.equal(1);
+      expect(planContext.nextHourglassDate)
+        .to.be.sameMoment('2022-06-10T02:00:00.144Z');
+    });
+
+    it('multi-month plan, no offset', () => {
+      const user = baseUserData(60, 0, 'basic_3mo');
+
+      const planContext = getPlanContext(user, now);
+
+      expect(planContext.nextHourglassDate)
+        .to.be.sameMoment('2022-06-10T02:00:00.144Z');
+    });
+
+    it('multi-month plan with offset', () => {
+      const user = baseUserData(60, 1, 'basic_3mo');
+
+      const planContext = getPlanContext(user, now);
+
+      expect(planContext.nextHourglassDate)
+        .to.be.sameMoment('2022-07-10T02:00:00.144Z');
+    });
+
+    it('multi-month plan with perk count', () => {
+      const user = baseUserData(60, 1, 'basic_3mo');
+      user.purchased.plan.perkMonthCount = 2;
+
+      const planContext = getPlanContext(user, now);
+
+      expect(planContext.nextHourglassDate)
+        .to.be.sameMoment('2022-07-10T02:00:00.144Z');
    });
  });
 });
@@ -1,67 +0,0 @@
-import md from 'habitica-markdown';
-
-describe('habiticaMarkdown emoji plugin', () => {
-  it('renders standard emoji as Unicode', () => {
-    const result = md.render(':smile:');
-    expect(result).to.include('😄');
-    expect(result).not.to.include('img');
-  });
-
-  it('renders thumbsup emoji as Unicode', () => {
-    const result = md.render(':thumbsup:');
-    expect(result).to.include('👍');
-  });
-
-  it('renders +1 emoji as Unicode', () => {
-    const result = md.render(':+1:');
-    expect(result).to.include('👍');
-  });
-
-  it('renders melior as an img tag', () => {
-    const result = md.render(':melior:');
-    expect(result).to.include('<img class="habitica-emoji"');
-    expect(result).to.include('src="https://s3.amazonaws.com/habitica-assets/cdn/emoji/melior.png"');
-    expect(result).to.include('alt="melior"');
-  });
-
-  it('does NOT convert emoji inside markdown links', () => {
-    const result = md.render('[:smile: link](http://example.com)');
-    expect(result).to.include(':smile: link');
-    expect(result).not.to.include('😄');
-  });
-
-  it('converts emoji outside of links normally', () => {
-    const result = md.render(':smile: [link](http://example.com)');
-    expect(result).to.include('😄');
-    expect(result).to.include('link');
-  });
-
-  it('leaves removed custom emoji (bowtie) as literal text', () => {
-    const result = md.render(':bowtie:');
-    expect(result).to.include(':bowtie:');
-    expect(result).not.to.include('img');
-  });
-
-  it('leaves unknown shortcodes as literal text', () => {
-    const result = md.render(':nonexistent_emoji_xyz:');
-    expect(result).to.include(':nonexistent_emoji_xyz:');
-  });
-
-  it('renders new emoji not in the old dataset', () => {
-    const result = md.render(':yawning_face:');
-    expect(result).to.include('🥱');
-  });
-
-  it('supports unsafeHTMLRender', () => {
-    const result = md.unsafeHTMLRender('<b>bold</b> :smile:');
-    expect(result).to.include('<b>bold</b>');
-    expect(result).to.include('😄');
-  });
-
-  it('supports renderWithMentions', () => {
-    const result = md.renderWithMentions(':smile: @testuser', { userName: 'testuser' });
-    expect(result).to.include('😄');
-    expect(result).to.include('at-text');
-    expect(result).to.include('at-highlight');
-  });
-});
@@ -47,17 +47,15 @@ describe('shops', () => {

    describe('premium hatching potions', () => {
      it('contains current scheduled premium hatching potions', async () => {
-        clock = sinon.useFakeTimers(new Date('2024-04-01T09:00:00.000Z'));
+        clock = sinon.useFakeTimers(new Date('2024-04-01'));
        const potions = shared.shops.getMarketCategories(user).find(x => x.identifier === 'premiumHatchingPotions');
-        expect(potions.items.length).to.eql(3);
+        expect(potions.items.length).to.eql(2);
      });

      it('does not contain past scheduled premium hatching potions', async () => {
-        clock = sinon.useFakeTimers(new Date('2024-04-01T09:00:00.000Z'));
        const potions = shared.shops.getMarketCategories(user).find(x => x.identifier === 'premiumHatchingPotions');
-        expect(potions.items.filter(x => x.key === 'Aquatic' || x.key === 'Celestial').length, 'Aquatic or Celestial found').to.eql(0);
+        expect(potions.items.filter(x => x.key === 'Aquatic' || x.key === 'Celestial').length).to.eql(0);
      });
-
      it('returns end date for scheduled premium potions', async () => {
        const potions = shared.shops.getMarketCategories(user).find(x => x.identifier === 'premiumHatchingPotions');
        potions.items.forEach(potion => {
@@ -75,9 +73,9 @@ describe('shops', () => {
      });

      it('does not contain locked quest premium hatching potions', async () => {
-        clock = sinon.useFakeTimers(new Date('2024-04-01T09:00:00.000Z'));
+        clock = sinon.useFakeTimers(new Date('2024-04-01'));
        const potions = shared.shops.getMarketCategories(user).find(x => x.identifier === 'premiumHatchingPotions');
-        expect(potions.items.length).to.eql(3);
+        expect(potions.items.length).to.eql(2);
        expect(potions.items.filter(x => x.key === 'Bronze' || x.key === 'BlackPearl').length).to.eql(0);
      });

@@ -13,6 +13,7 @@ import { errorMessage } from '../../../../website/common/script/libs/errorMessag

 describe('shared.ops.buy', () => {
  let user;
+  const analytics = { track () {} };

  beforeEach(() => {
    user = generateUser({
@@ -31,6 +32,12 @@ describe('shared.ops.buy', () => {
        },
      },
    });
+
+    sinon.stub(analytics, 'track');
+  });
+
+  afterEach(() => {
+    analytics.track.restore();
  });

  it('returns error when key is not provided', async () => {
@@ -44,8 +51,10 @@ describe('shared.ops.buy', () => {

  it('buys health potion', async () => {
    user.stats.hp = 30;
-    await buy(user, { params: { key: 'potion' } });
+    await buy(user, { params: { key: 'potion' } }, analytics);
    expect(user.stats.hp).to.eql(45);
+
+    expect(analytics.track).to.be.calledOnce;
  });

  it('adds equipment to inventory', async () => {
@@ -29,9 +29,10 @@ describe('shared.ops.buyArmoire', () => {
  const YIELD_EQUIPMENT = 0.5;
  const YIELD_FOOD = 0.7;
  const YIELD_EXP = 0.9;
+  const analytics = { track () {} };

-  async function buyArmoire (_user, _req) {
-    const buyOp = new BuyArmoireOperation(_user, _req);
+  async function buyArmoire (_user, _req, _analytics) {
+    const buyOp = new BuyArmoireOperation(_user, _req, _analytics);

    return buyOp.purchase();
  }
@@ -49,10 +50,12 @@ describe('shared.ops.buyArmoire', () => {
    user.items.food = {};

    sandbox.stub(randomValFns, 'trueRandom');
+    sinon.stub(analytics, 'track');
  });

  afterEach(() => {
    randomValFns.trueRandom.restore();
+    analytics.track.restore();
  });

  context('failure conditions', () => {
@@ -144,7 +147,7 @@ describe('shared.ops.buyArmoire', () => {

      expect(_.size(user.items.gear.owned)).to.equal(2);

-      await buyArmoire(user, {});
+      await buyArmoire(user, {}, analytics);

      expect(_.size(user.items.gear.owned)).to.equal(3);

@@ -152,6 +155,7 @@ describe('shared.ops.buyArmoire', () => {

      expect(armoireCount).to.eql(_.size(getFullArmoire()) - 2);
      expect(user.stats.gp).to.eql(100);
+      expect(analytics.track).to.be.calledTwice;
    });
  });
 });
--- a/Show More
+++ b/Show More