3.81.0

* feat(event): Spring Fling 2017

* fix(sprites): adjustments
Also enables pastel hair/skin purchases

.eslintignore

@@ -8,16 +8,13 @@ dist/
 dist-client/
 
 # Not linted
-migrations/*
 website/client-old/
-scripts/*
-test/server_side/**/*
 test/client-old/spec/**/*
 
 # Temporarilly disabled. These should be removed when the linting errors are fixed TODO
-website/common/script/content/index.js
+migrations/*
+scripts/*
 website/common/browserify.js
-test/content/**/*
 Gruntfile.js
 gulpfile.js
 gulp

bower.json

@@ -30,7 +30,7 @@
     "bootstrap-tour": "0.10.1",
     "css-social-buttons": "samcollins/css-social-buttons#v1.1.1 ",
     "github-buttons": "mdo/github-buttons#v3.0.0",
-    "hello": "1.13.4",
+    "hello": "1.14.1",
     "jquery": "2.1.0",
     "jquery-colorbox": "1.4.36",
     "jquery-ui": "1.10.3",

config.json.example

@@ -73,7 +73,7 @@
     "LOGGLY_ACCOUNT": "account",
     "PUSH_CONFIGS": {
         "GCM_SERVER_API_KEY": "",
-        "APN_ENABLED": "true",
+        "APN_ENABLED": "false",
         "FCM_SERVER_API_KEY": ""
     },
     "PUSHER": {
@@ -86,5 +86,6 @@
         "FLAGGING_URL": "https://hooks.slack.com/services/id/id/id",
         "FLAGGING_FOOTER_LINK": "https://habitrpg.github.io/flag-o-rama/",
         "SUBSCRIPTIONS_URL": "https://hooks.slack.com/services/id/id/id"
-    }
+    },
+    "ITUNES_SHARED_SECRET": "aaaabbbbccccddddeeeeffff00001111"
 }

gulp/gulp-build.js

@@ -25,7 +25,7 @@ gulp.task('build:common', () => {
 
 gulp.task('build:server', ['build:src', 'build:common']);
 
-gulp.task('build:dev', ['browserify', 'prepare:staticNewStuff', 'semantic-ui'], (done) => {
+gulp.task('build:dev', ['browserify', 'prepare:staticNewStuff'], (done) => {
   gulp.start('grunt-build:dev', done);
 });
 
@@ -33,7 +33,7 @@ gulp.task('build:dev:watch', ['build:dev'], () => {
   gulp.watch(['website/client-old/**/*.styl', 'website/common/script/*']);
 });
 
-gulp.task('build:prod', ['browserify', 'build:server', 'prepare:staticNewStuff', 'semantic-ui'], (done) => {
+gulp.task('build:prod', ['browserify', 'build:server', 'prepare:staticNewStuff'], (done) => {
   runSequence(
     'grunt-build:prod',
     'apidoc',

gulp/gulp-semanticui.js

@@ -1,43 +0,0 @@
-import gulp from 'gulp';
-import fs from 'fs';
-
-// Make semantic-ui-less work with a theme in a different folder
-// Code taken from https://www.artembutusov.com/webpack-semantic-ui/
-
-// Relative to node_modules/semantic-ui-less
-const SEMANTIC_THEME_PATH = '../../website/client/assets/less/semantic-ui/theme.config';
-
-// fix well known bug with default distribution
-function fixFontPath (filename) {
-  return new Promise((resolve, reject) => {
-    fs.readFile(filename, 'utf8', (err, content) => {
-      if (err) return reject(err);
-
-      let newContent = content.replace(
-        '@fontPath  : \'../../themes/',
-        '@fontPath  : \'../../../themes/'
-      );
-
-      fs.writeFile(filename, newContent, 'utf8', (err1) => {
-        if (err) return reject(err1);
-        resolve();
-      });
-    });
-  });
-}
-
-gulp.task('semantic-ui', (done) => {
-  // relocate default config
-  fs.writeFile(
-    'node_modules/semantic-ui-less/theme.config',
-    `@import '${SEMANTIC_THEME_PATH}';\n`,
-    'utf8',
-    (err) => {
-      if (err) return done(err);
-
-      fixFontPath('node_modules/semantic-ui-less/themes/default/globals/site.variables')
-        .then(() => done())
-        .catch(done);
-    }
-  );
-});

gulp/gulp-transifex-test.js

@@ -67,7 +67,7 @@ gulp.task('transifex:malformedStrings', () => {
   let stringsWithIncorrectNumberOfInterpolations = [];
 
   let count = 0;
-  _(ALL_LANGUAGES).each(function (lang) {
+  _.each(ALL_LANGUAGES, function (lang) {
 
     _.each(stringsToLookFor, function (strings, file) {
       let translationFile = fs.readFileSync(LOCALES + lang + '/' + file);
@@ -89,7 +89,7 @@ gulp.task('transifex:malformedStrings', () => {
         }
       });
     });
-  }).value();
+  });
 
   if (!_.isEmpty(stringsWithMalformedInterpolations)) {
     let message = 'The following strings have malformed or missing interpolations';
@@ -114,7 +114,7 @@ function getArrayOfLanguages () {
 function eachTranslationFile (languages, cb) {
   let jsonFiles = stripOutNonJsonFiles(fs.readdirSync(ENGLISH_LOCALE));
 
-  _(languages).each((lang) => {
+  _.each(languages, (lang) => {
     _.each(jsonFiles, (filename) => {
       try {
         var translationFile = fs.readFileSync(LOCALES + lang + '/' + filename);
@@ -128,7 +128,7 @@ function eachTranslationFile (languages, cb) {
 
       cb(null, lang, filename, parsedEnglishFile, parsedTranslationFile);
     });
-  }).value();
+  });
 }
 
 function eachTranslationString (languages, cb) {
@@ -153,7 +153,7 @@ function formatMessageForPosting (msg, items) {
 function getStringsWith (json, interpolationRegex) {
   var strings = {};
 
-  _(json).each(function (file_name) {
+  _.each(json, function (file_name) {
     var raw_file = fs.readFileSync(ENGLISH_LOCALE + file_name);
     var parsed_json = JSON.parse(raw_file);
 
@@ -162,7 +162,7 @@ function getStringsWith (json, interpolationRegex) {
       var match = value.match(interpolationRegex);
       if (match) strings[file_name][key] = match;
     });
-  }).value();
+  });
 
   return strings;
 }

gulpfile.js

@@ -9,7 +9,6 @@
 require('babel-register');
 
 if (process.env.NODE_ENV === 'production') {
-  require('./gulp/gulp-semanticui');
   require('./gulp/gulp-apidoc');
   require('./gulp/gulp-newstuff');
   require('./gulp/gulp-build');

migrations/20130204_count_habits.js

@@ -1,5 +1,12 @@
 // %mongo server:27017/dbname underscore.js my_commands.js
 // %mongo server:27017/dbname underscore.js --shell
+
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var habits = 0,
     dailies = 0,
     todos = 0,

migrations/20130326_migrate_pets.js

@@ -3,6 +3,12 @@
  */
 // mongo habitrpg ./node_modules/underscore/underscore.js ./migrations/20130326_migrate_pets.js
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var mapping = {
     bearcub: {name:'BearCub', modifier: 'Base'},
     cactus: {name:'Cactus', modifier:'Base'},

migrations/20130327_apply_tokens.js

@@ -4,6 +4,12 @@
 
 // mongo habitrpg ./node_modules/underscore/underscore.js migrations/20130327_apply_tokens.js
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var mapping = [
     {
         tier: 1,

migrations/20130508_fix_duff_party_subscriptions.js

@@ -6,6 +6,11 @@
  * mongo habitrpg ./node_modules/underscore/underscore.js ./migrations/20130508_fix_duff_party_subscriptions.js
  */
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
 
 // since our primary subscription will first hit parties now, we *definitely* need an index there
 db.parties.ensureIndex( { 'members': 1}, {background: true} );

migrations/20130602_survey_rewards.js

@@ -1,5 +1,11 @@
 //mongo habitrpg ./node_modules/lodash/lodash.js migrations/20130602_survey_rewards.js
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var members = []
 members = _.uniq(members);
 

migrations/20130908_cleanup_derby_corruption.js

@@ -3,6 +3,12 @@
 // Racer was notorious for adding duplicates, randomly deleting documents, etc. Once we pull the plug on old.habit,
 // run this migration to cleanup all the corruption
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 db.users.find().forEach(function(user){
 
   // remove corrupt tasks, which will either be null-value or no id

migrations/20131028_task_subdocs_tags_invites.js

@@ -5,6 +5,12 @@
 // @see http://stackoverflow.com/questions/14867697/mongoose-full-collection-scan
 //Also, what do we think of a Mongoose Migration module? something like https://github.com/madhums/mongoose-migrate
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 db.users.find().forEach(function(user){
 
   // Add invites to groups

migrations/20131104_restore_lost_task_data.js

@@ -8,6 +8,12 @@
 var mongo = require('mongoskin');
 var _ = require('lodash');
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var backupUsers = mongo.db('localhost:27017/habitrpg_old?auto_reconnect').collection('users');
 var liveUsers = mongo.db('localhost:27017/habitrpg_new?auto_reconnect').collection('users');
 

migrations/20131127_restore_dayStart.js

@@ -1,5 +1,11 @@
 // node .migrations/20131127_restore_dayStart.js
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var mongo = require('mongoskin');
 var _ = require('lodash');
 

migrations/20131214_classes.coffee

@@ -8,6 +8,12 @@ mongo = require('mongoskin')
 _ = require('lodash')
 async = require('async')
 
+# IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+# We've now upgraded to lodash v4 but the code used in this migration has not been
+# adapted to work with it. Before this migration is used again any lodash method should
+# be checked for compatibility against the v4 changelog and changed if necessary.
+# https://github.com/lodash/lodash/wiki/Changelog#v400
+
 db = mongo.db('localhost:27017/habitrpg?auto_reconnect')
 
 ###

migrations/20131221_restore_NaN_history.js

@@ -1,5 +1,11 @@
 // node .migrations/20131221_restore_NaN_history.js
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 /**
  * After the classes migration, users lost some history entries
  */

migrations/20131225_restore_streaks.js

@@ -1,5 +1,11 @@
 // node .migrations/20131225_restore_streaks.js
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 /**
  * After the classes migration, users lost some history entries
  */

migrations/20140823_remove_undefined_and_false_notifications.js

@@ -5,6 +5,12 @@ var migrationName = '20140823_remove_undefined_and_false_notifications';
 var authorName = 'Alys'; // in case script author needs to know when their ...
 var authorUuid = 'd904bd62-da08-416b-a816-ba797c9ee265'; //... own data is done
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 /**
  * https://github.com/HabitRPG/habitrpg/pull/3907
  */

migrations/20140829_change_headAccessory_to_eyewear.js

@@ -4,6 +4,12 @@ var migrationName = '20140829_change_headAccessory_to_eyewear';
 var authorName = 'Alys'; // in case script author needs to know when their ...
 var authorUuid = 'd904bd62-da08-416b-a816-ba797c9ee265'; //... own data is done
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 /**
  * https://github.com/HabitRPG/habitrpg/issues/3645
  */

migrations/20140831_increase_gems_for_previous_contributions.js

@@ -4,6 +4,11 @@
 //
 // node 20140831_increase_gems_for_previous_contributions.js  > 20140831_increase_gems_for_previous_contributions_output.txt
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
 
 var migrationName = '20140831_increase_gems_for_previous_contributions';
 

migrations/20140914_upgrade_admin_contrib_tiers.js

@@ -8,6 +8,12 @@ var authorUuid = 'd904bd62-da08-416b-a816-ba797c9ee265'; //... own data is done
  * Convert Tier 7 contributors with admin flag to Tier 8 (moderators).
  */
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var mongo = require('mongoskin');
 var _ = require('lodash');
 

migrations/20141117_consecutive_months.js

@@ -1,3 +1,9 @@
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 // require moment, lodash
 db.users.find(
   {'purchased.plan.customerId':{$ne:null}},

migrations/20150124_mountmaster_fix.js

@@ -9,6 +9,12 @@ var authorUuid = 'd904bd62-da08-416b-a816-ba797c9ee265'; //... own data is done
 
 var dbserver = 'localhost:27017' // CHANGE THIS FOR PRODUCTION DATABASE
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var mongo = require('mongoskin');
 var _ = require('lodash');
 

migrations/20150131_birthday_goodies_fix_remove_robe.js

@@ -8,6 +8,12 @@ var authorUuid = 'd904bd62-da08-416b-a816-ba797c9ee265'; //... own data is done
 
 var dbserver = 'localhost:27017' // CHANGE THIS FOR PRODUCTION DATABASE
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var mongo = require('mongoskin');
 var _ = require('lodash');
 

migrations/20150201_convert_creation_date_from_string_to_object.js

@@ -19,6 +19,12 @@ var authorUuid = 'd904bd62-da08-416b-a816-ba797c9ee265'; //... own data is done
 
 var dbserver = 'localhost:27017' // CHANGE THIS FOR PRODUCTION DATABASE
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var mongo = require('mongoskin');
 var _ = require('lodash');
 var moment = require('moment');

migrations/20150224_force_resting_in_inn.js

@@ -6,6 +6,12 @@ var authorUuid = 'd904bd62-da08-416b-a816-ba797c9ee265'; //... own data is done
  * force all active players to rest in the inn due to massive server fail
  */
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var dbserver = 'localhost:27017' // CHANGE THIS FOR PRODUCTION DATABASE
 
 var mongo = require('mongoskin');

migrations/20150604_ultimateGearSets.js

@@ -19,6 +19,12 @@ var authorUuid = 'd904bd62-da08-416b-a816-ba797c9ee265'; //... own data is done
  * means minimal new testing.
  */
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var dbserver = 'localhost:27017' // FOR TEST DATABASE
 // var dbserver = 'username:password@ds031379-a0.mongolab.com:31379' // FOR PRODUCTION DATABASE
 var dbname = 'habitrpg';

migrations/20160111_challenges_condense_same_day_history_entries.js

@@ -7,6 +7,12 @@ var migrationName = '20160111_challenges_condense_same_day_history_entries.js';
 var dbserver = '';
 var dbname = '';
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var mongo = require('mongoskin');
 var _ = require('lodash');
 var moment = require('moment');

migrations/20160129_habit_birthday.js

@@ -11,6 +11,12 @@ var dbserver = 'localhost:27017'; // FOR TEST DATABASE
 // var dbserver = 'username:password@ds031379-a0.mongolab.com:31379'; // FOR PRODUCTION DATABASE
 var dbname = 'habitrpg';
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var mongo = require('mongoskin');
 var _ = require('lodash');
 

migrations/20160521_veteran_ladder.js

@@ -14,6 +14,12 @@ var dbname = 'habitrpg';
 var mongo = require('mongoskin');
 var _ = require('lodash');
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var dbUsers = mongo.db(dbserver + '/' + dbname + '?auto_reconnect').collection('users');
 
 // specify a query to limit the affected users (empty for all users):

migrations/20160527_fix_empty_checklist_id.js

@@ -2,6 +2,12 @@ var uuid = require('uuid').v4;
 var mongo = require('mongodb').MongoClient;
 var _ = require('lodash');
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 var taskIds = require('checklists-no-id.json').map(function (obj) {
   return obj._id;
 });

migrations/api_v3/challenges.js

@@ -6,6 +6,12 @@
 
 // Due to some big user profiles it needs more RAM than is allowed by default by v8 (arounf 1.7GB).
 // Run the script with --max-old-space-size=4096 to allow up to 4GB of RAM
+
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
 console.log('Starting migrations/api_v3/challenges.js.');
 
 require('babel-register');

migrations/api_v3/challengesMembers.js

@@ -9,6 +9,12 @@
 // Run the script with --max-old-space-size=4096 to allow up to 4GB of RAM
 console.log('Starting migrations/api_v3/challengesMembers.js.');
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 require('babel-register');
 require('babel-polyfill');
 

migrations/api_v3/coupons.js

@@ -8,6 +8,12 @@
 // Run the script with --max-old-space-size=4096 to allow up to 4GB of RAM
 console.log('Starting migrations/api_v3/coupons.js.');
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 require('babel-register');
 require('babel-polyfill');
 

migrations/api_v3/emailUnsubscriptions.js

@@ -8,6 +8,12 @@
 // Run the script with --max-old-space-size=4096 to allow up to 4GB of RAM
 console.log('Starting migrations/api_v3/unsubscriptions.js.');
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 require('babel-register');
 require('babel-polyfill');
 

migrations/api_v3/groups.js

@@ -16,6 +16,12 @@
 // Run the script with --max-old-space-size=4096 to allow up to 4GB of RAM
 console.log('Starting migrations/api_v3/groups.js.');
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 require('babel-register');
 require('babel-polyfill');
 

migrations/api_v3/users.js

@@ -9,6 +9,12 @@
 // Run the script with --max-old-space-size=4096 to allow up to 4GB of RAM
 console.log('Starting migrations/api_v3/users.js.');
 
+// IMPORTANT NOTE: this migration was written when we were using version 3 of lodash.
+// We've now upgraded to lodash v4 but the code used in this migration has not been
+// adapted to work with it. Before this migration is used again any lodash method should
+// be checked for compatibility against the v4 changelog and changed if necessary.
+// https://github.com/lodash/lodash/wiki/Changelog#v400
+
 require('babel-register');
 require('babel-polyfill');
 

migrations/find_unique_user.js

@@ -7,6 +7,6 @@
 
 db.users.find().forEach(function(user){
   user.tasks = user.habits.concat(user.dailys).concat(user.todos).concat(user.rewards);
-  var found = _.any(user.tasks, {text: ""})
+  var found = _.some(user.tasks, {text: ""})
   if (found) printjson({id:user._id, auth:user.auth});
 })

migrations/groups/add-unlimited-subscription.js

@@ -0,0 +1,33 @@
+var migrationName = 'AddUnlimitedSubscription';
+var authorName = 'TheHollidayInn'; // in case script author needs to know when their ...
+var authorUuid = ''; //... own data is done
+
+/*
+ * This migrations will add a free subscription to a specified group
+ */
+
+import { model as Group } from '../../website/server/models/group';
+
+// @TODO: this should probably be a GroupManager library method
+async function addUnlimitedSubscription (groupId) {
+    let group = await Group.findById(groupId);
+
+    group.purchased.plan.customerId = "group-unlimited";
+    group.purchased.plan.dateCreated = new Date();
+    group.purchased.plan.dateUpdated = new Date();
+    group.purchased.plan.paymentMethod = "Group Unlimited";
+    group.purchased.plan.planId = "group_monthly";
+    group.purchased.plan.dateTerminated = null;
+    // group.purchased.plan.owner = ObjectId();
+    group.purchased.plan.subscriptionId = "";
+
+    return group.save();
+};
+
+module.exports = async function addUnlimitedSubscriptionCreator () {
+    let groupId = process.argv[2];
+
+    if (!groupId) throw Error('Group ID is required');
+
+    let result = await addUnlimitedSubscription(groupId)
+};

migrations/groups/create-group.js

@@ -0,0 +1,32 @@
+import Bluebird from 'bluebird';
+
+import { model as Group } from '../../website/server/models/group';
+import { model as User } from '../../website/server/models/user';
+
+// @TODO: this should probably be a GroupManager library method
+async function createGroup (name, privacy, type, leaderId) {
+    let user = await User.findById(leaderId);
+    
+    let group = new Group({
+        name,
+        privacy,
+        type,
+    });
+
+    group.leader = user._id;
+    user.guilds.push(group._id);
+
+    return Bluebird.all([group.save(), user.save()]);
+};
+
+module.exports = async function groupCreator () {
+    let name = process.argv[2];
+    let privacy = process.argv[3];
+    let type = process.argv[4];
+    let leaderId  = process.argv[5];
+
+    let result = await createGroup(name, privacy, type, leaderId)
+};
+
+
+

migrations/groups/habitrpg-jackalopes.js

@@ -0,0 +1,46 @@
+var migrationName = 'Jackalopes for Unlimited Subscribers';
+
+/*
+ * This migration will find users with unlimited subscriptions who are also eligible for Jackalope mounts, and award them
+ */
+import Bluebird from 'bluebird';
+
+import { model as Group } from '../../website/server/models/group';
+import { model as User } from '../../website/server/models/user';
+import * as payments from '../../website/server/libs/payments';
+
+async function handOutJackalopes () {
+  let promises = [];
+  let cursor = User.find({
+    'purchased.plan.customerId':'habitrpg',
+  }).cursor();
+
+  cursor.on('data', async function(user) {
+    console.log('User: ' + user._id);
+
+    let groupList = [];
+    if (user.party._id) groupList.push(user.party._id);
+    groupList = groupList.concat(user.guilds);
+
+    let subscribedGroup =
+      await Group.findOne({
+        '_id': {$in: groupList},
+        'purchased.plan.planId': 'group_monthly',
+        'purchased.plan.dateTerminated': null,
+      },
+      {'_id':1}
+    );
+
+    if (subscribedGroup) {
+      User.update({'_id':user._id},{$set:{'items.mounts.Jackalope-RoyalPurple':true}}).exec();
+      promises.push(user.save());
+    }
+  });
+
+  cursor.on('close', async function() {
+    console.log('done');
+    return await Bluebird.all(promises);
+  });
+};
+
+module.exports = handOutJackalopes;

migrations/groups/update-groups-with-group-plans.js

@@ -0,0 +1,33 @@
+var migrationName = 'ResyncGroupPlanMembers';
+var authorName = 'TheHollidayInn'; // in case script author needs to know when their ...
+var authorUuid = ''; //... own data is done
+
+/*
+ * This migrations will iterate through all groups with a group plan a subscription and resync the free
+ * subscription to all members
+ */
+
+import Bluebird from 'bluebird';
+
+import { model as Group } from '../../website/server/models/group';
+import * as payments from '../../website/server/libs/payments';
+
+async function updateGroupsWithGroupPlans () {
+  let cursor = Group.find({
+    'purchased.plan.planId': 'group_monthly',
+    'purchased.plan.dateTerminated': null,
+  }).cursor();
+
+  let promises = [];
+
+  cursor.on('data', function(group) {
+    promises.push(payments.addSubscriptionToGroupUsers(group));
+    promises.push(group.save())
+  });
+
+  cursor.on('close', async function() {
+    return await Bluebird.all(promises);
+  });
+};
+
+module.exports = updateGroupsWithGroupPlans;

migrations/manual_password_reset.js

@@ -1,6 +1,9 @@
 // EMAIL="x@y.com" node ./migrations/manual_password_reset.js
 // Be sure to have PRODUCTION_DB in your config.json
 
+// IMPORTANT: this script isn't updated to use the new password encryption that uses bcrypt
+// using it will break accounts and should not be used until upgraded
+
 var nconf = require('nconf'),
   path = require('path');
 nconf.argv().env().file('user', path.join(path.resolve(__dirname, '../config.json')));

migrations/migration-runner.js

@@ -1,21 +1,24 @@
-require("babel-register");
-require("babel-polyfill");
-
-// This file must use ES5, everything required can be in ES6
-
-function setUpServer () {
-  var nconf = require('nconf');
-  var mongoose = require('mongoose');
-  var Bluebird = require('bluebird');
-  var setupNconf = require('../website/server/libs/setupNconf');
-  setupNconf();
-  // We require src/server and npt src/index because
-  // 1. nconf is already setup
-  // 2. we don't need clustering
-  require('../website/server/server'); // eslint-disable-line global-require
-}
-setUpServer();
-
-// Replace this with your migration
-var processUsers = require('./new_stuff');
-processUsers();
+require("babel-register");
+require("babel-polyfill");
+
+// This file must use ES5, everything required can be in ES6
+
+function setUpServer () {
+  var nconf = require('nconf');
+  var mongoose = require('mongoose');
+  var Bluebird = require('bluebird');
+  var setupNconf = require('../website/server/libs/setupNconf');
+  setupNconf();
+  // We require src/server and npt src/index because
+  // 1. nconf is already setup
+  // 2. we don't need clustering
+  require('../website/server/server'); // eslint-disable-line global-require
+}
+setUpServer();
+
+// Replace this with your migration
+var processUsers = require('./groups/update-groups-with-group-plans');
+processUsers()
+  .catch(function (err) {
+      console.log(err)
+  })

migrations/mystery_items.js

@@ -2,7 +2,7 @@ var _id = '';
 var update = {
   $addToSet: {
     'purchased.plan.mysteryItems':{
-      $each:['shield_mystery_201701','eyewear_mystery_201701']
+      $each:['head_mystery_201702','back_mystery_201702']
     }
   }
 };

package.json

@@ -1,14 +1,14 @@
 {
   "name": "habitica",
   "description": "A habit tracker app which treats your goals like a Role Playing Game.",
-  "version": "3.75.0",
+  "version": "3.81.0",
   "main": "./website/server/index.js",
   "dependencies": {
-    "@slack/client": "3.6.0",
+    "@slack/client": "^3.8.1",
     "accepts": "^1.3.2",
     "amazon-payments": "0.0.4",
     "amplitude": "^2.0.3",
-    "apidoc": "^0.16.0",
+    "apidoc": "^0.17.5",
     "apn": "^1.7.6",
     "async": "^1.5.0",
     "autoprefixer": "^6.4.0",
@@ -28,13 +28,14 @@
     "bcrypt": "^1.0.2",
     "bluebird": "^3.3.5",
     "body-parser": "^1.15.0",
+    "bootstrap": "^4.0.0-alpha.6",
     "bower": "~1.3.12",
     "browserify": "~12.0.1",
     "compression": "^1.6.1",
     "connect-ratelimit": "0.0.7",
     "cookie-session": "^1.2.0",
     "coupon-code": "^0.4.5",
-    "css-loader": "^0.23.1",
+    "css-loader": "^0.26.1",
     "csv-stringify": "^1.0.2",
     "cwait": "^1.0.0",
     "domain-middleware": "~0.1.0",
@@ -42,8 +43,8 @@
     "express": "~4.14.0",
     "express-csv": "~0.6.0",
     "express-validator": "^2.18.0",
-    "extract-text-webpack-plugin": "^1.0.1",
-    "file-loader": "^0.8.4",
+    "extract-text-webpack-plugin": "^2.0.0-rc.3",
+    "file-loader": "^0.10.0",
     "glob": "^4.3.5",
     "got": "^6.1.1",
     "grunt": "~0.4.1",
@@ -68,62 +69,59 @@
     "image-size": "~0.3.2",
     "in-app-purchase": "^1.1.6",
     "jade": "~1.11.0",
-    "jquery": "https://registry.npmjs.org/jquery/-/jquery-3.1.1.tgz",
+    "jquery": "^3.1.1",
     "js2xmlparser": "~1.0.0",
-    "json-loader": "^0.5.4",
-    "less": "^2.7.1",
-    "less-loader": "^2.2.3",
-    "lodash": "^3.10.1",
-    "lodash.pickby": "^4.2.0",
-    "lodash.setwith": "^4.2.0",
+    "lodash": "^4.17.4",
     "merge-stream": "^1.0.0",
     "method-override": "^2.3.5",
     "moment": "^2.13.0",
-    "mongoose": "^4.7.1",
+    "moment-recur": "habitrpg/moment-recur#v1.0.6",
+    "mongoose": "^4.8.6",
     "mongoose-id-autoinc": "~2013.7.14-4",
     "morgan": "^1.7.0",
     "nconf": "~0.8.2",
-    "newrelic": "^1.27.2",
     "nib": "^1.1.0",
     "node-gcm": "^0.14.4",
+    "node-sass": "^4.5.0",
     "nodemailer": "^2.3.2",
     "object-path": "^0.9.2",
-    "ora": "^0.2.0",
+    "ora": "^1.1.0",
     "pageres": "^4.1.1",
-    "passport": "~0.2.1",
-    "passport-facebook": "2.0.0",
+    "passport": "^0.3.2",
+    "passport-facebook": "^2.0.0",
     "passport-google-oauth20": "1.0.0",
     "paypal-ipn": "3.0.0",
     "paypal-rest-sdk": "^1.2.1",
-    "postcss-easy-import": "^1.0.1",
+    "postcss-easy-import": "^2.0.0",
     "pretty-data": "^0.40.0",
     "ps-tree": "^1.0.0",
-    "pug": "^2.0.0-beta6",
+    "pug": "^2.0.0-beta11",
     "push-notify": "habitrpg/push-notify#v1.2.0",
     "pusher": "^1.3.0",
     "request": "~2.74.0",
     "rimraf": "^2.4.3",
     "run-sequence": "^1.1.4",
     "s3-upload-stream": "^1.0.6",
-    "semantic-ui-less": "~2.2.4",
+    "sass-loader": "^6.0.2",
     "serve-favicon": "^2.3.0",
-    "shelljs": "^0.6.0",
+    "shelljs": "^0.7.6",
     "stripe": "^4.2.0",
-    "superagent": "^1.8.3",
+    "superagent": "^3.4.3",
     "universal-analytics": "~0.3.2",
     "url-loader": "^0.5.7",
-    "useragent": "2.1.9",
-    "uuid": "^2.0.1",
+    "useragent": "^2.1.9",
+    "uuid": "^3.0.1",
     "validator": "^4.9.0",
     "vinyl-buffer": "^1.0.0",
     "vinyl-source-stream": "^1.1.0",
     "vue": "^2.1.0",
-    "vue-hot-reload-api": "^1.2.0",
-    "vue-loader": "^10.0.0",
+    "vue-loader": "^11.0.0",
+    "vue-mugen-scroll": "^0.2.1",
     "vue-router": "^2.0.0-rc.5",
-    "vue-template-compiler": "^2.1.0",
-    "webpack": "^1.12.2",
-    "webpack-merge": "^0.8.3",
+    "vue-style-loader": "^2.0.0",
+    "vue-template-compiler": "^2.1.10",
+    "webpack": "^2.2.1",
+    "webpack-merge": "^2.6.1",
     "winston": "^2.1.0",
     "xml2js": "^0.4.4"
   },
@@ -153,36 +151,37 @@
     "sprites": "gulp sprites:compile",
     "client:dev": "node webpack/dev-server.js",
     "client:build": "node webpack/build.js",
-    "client:unit": "karma start test/client/unit/karma.conf.js --single-run",
-    "client:unit:watch": "karma start test/client/unit/karma.conf.js",
+    "client:unit": "cross-env NODE_ENV=test karma start test/client/unit/karma.conf.js --single-run",
+    "client:unit:watch": "cross-env NODE_ENV=test karma start test/client/unit/karma.conf.js",
     "client:e2e": "node test/client/e2e/runner.js",
     "client:test": "npm run client:unit && npm run client:e2e",
     "start": "gulp run:dev",
     "postinstall": "bower --config.interactive=false install -f; gulp build; npm run client:build"
   },
   "devDependencies": {
+    "babel-plugin-istanbul": "^4.0.0",
     "chai": "^3.4.0",
     "chai-as-promised": "^5.1.0",
     "chalk": "^1.1.3",
-    "chromedriver": "^2.21.2",
+    "chromedriver": "^2.27.2",
     "connect-history-api-fallback": "^1.1.0",
     "coveralls": "^2.11.2",
-    "cross-spawn": "^2.1.5",
+    "cross-env": "^3.1.4",
+    "cross-spawn": "^5.0.1",
     "csv": "~0.3.6",
     "deep-diff": "~0.1.4",
     "eslint": "^3.0.0",
-    "eslint-config-habitrpg": "^2.0.0",
+    "eslint-config-habitrpg": "^3.0.0",
     "eslint-friendly-formatter": "^2.0.5",
     "eslint-loader": "^1.3.0",
-    "eslint-plugin-html": "^1.3.0",
+    "eslint-plugin-html": "^2.0.0",
     "eslint-plugin-mocha": "^4.7.0",
     "event-stream": "^3.2.2",
     "eventsource-polyfill": "^0.9.6",
     "expect.js": "~0.2.0",
     "grunt-karma": "~0.12.1",
-    "http-proxy-middleware": "^0.12.0",
-    "inject-loader": "^2.0.1",
-    "isparta-loader": "^2.0.0",
+    "http-proxy-middleware": "^0.17.0",
+    "inject-loader": "^3.0.0-beta4",
     "istanbul": "^0.3.14",
     "karma": "^1.3.0",
     "karma-babel-preprocessor": "^6.0.1",
@@ -192,27 +191,29 @@
     "karma-mocha-reporter": "^1.1.1",
     "karma-phantomjs-launcher": "^1.0.0",
     "karma-sinon-chai": "^1.2.0",
+    "karma-sinon-stub-promise": "^1.0.0",
     "karma-sourcemap-loader": "^0.3.7",
     "karma-spec-reporter": "0.0.24",
-    "karma-webpack": "^1.7.0",
+    "karma-webpack": "^2.0.2",
     "lcov-result-merger": "^1.0.2",
     "lolex": "^1.4.0",
     "mocha": "^2.3.3",
     "mongodb": "^2.0.46",
     "mongoskin": "~2.1.0",
-    "monk": "^3.1.3",
-    "nightwatch": "^0.8.18",
+    "monk": "^4.0.0",
+    "nightwatch": "^0.9.12",
     "phantomjs-prebuilt": "^2.1.12",
     "protractor": "^3.1.1",
     "require-again": "^2.0.0",
     "rewire": "^2.3.3",
-    "selenium-server": "2.53.0",
+    "selenium-server": "^3.0.1",
     "sinon": "^1.17.2",
     "sinon-chai": "^2.8.0",
     "sinon-stub-promise": "^4.0.0",
     "superagent-defaults": "^0.1.13",
     "vinyl-transform": "^1.0.0",
-    "webpack-dev-middleware": "^1.4.0",
-    "webpack-hot-middleware": "^2.6.0"
+    "webpack-bundle-analyzer": "^2.2.1",
+    "webpack-dev-middleware": "^1.10.0",
+    "webpack-hot-middleware": "^2.6.1"
   }
 }

test/api/v3/integration/challenges/POST-challenges_challengeId_leave.test.js

@@ -117,7 +117,6 @@ describe('POST /challenges/:challengeId/leave', () => {
       });
 
       expect(testTask).to.not.be.undefined;
-      expect(testTask.challenge).to.eql({});
     });
   });
 });

test/api/v3/integration/groups/GET-groups.test.js

@@ -7,6 +7,7 @@ import {
 import {
   TAVERN_ID,
 } from '../../../../../website/server/models/group';
+import apiMessages from '../../../../../website/server/libs/apiMessages';
 
 describe('GET /groups', () => {
   let user;
@@ -14,6 +15,7 @@ describe('GET /groups', () => {
   const NUMBER_OF_PUBLIC_GUILDS_USER_IS_MEMBER = 1;
   const NUMBER_OF_USERS_PRIVATE_GUILDS = 1;
   const NUMBER_OF_GROUPS_USER_CAN_VIEW = 5;
+  const GUILD_PER_PAGE = 30;
 
   before(async () => {
     await resetHabiticaDB();
@@ -98,6 +100,60 @@ describe('GET /groups', () => {
       .to.eventually.have.a.lengthOf(NUMBER_OF_PUBLIC_GUILDS);
   });
 
+  describe('public guilds pagination', () => {
+    it('req.query.paginate must be a boolean string', async () => {
+      await expect(user.get('/groups?paginate=aString&type=publicGuilds'))
+        .to.eventually.be.rejected.and.eql({
+          code: 400,
+          error: 'BadRequest',
+          message: 'Invalid request parameters.',
+        });
+    });
+
+    it('req.query.paginate can only be true when req.query.type includes publicGuilds', async () => {
+      await expect(user.get('/groups?paginate=true&type=notPublicGuilds'))
+        .to.eventually.be.rejected.and.eql({
+          code: 400,
+          error: 'BadRequest',
+          message: apiMessages('guildsOnlyPaginate'),
+        });
+    });
+
+    it('req.query.page can\'t be negative', async () => {
+      await expect(user.get('/groups?paginate=true&page=-1&type=publicGuilds'))
+        .to.eventually.be.rejected.and.eql({
+          code: 400,
+          error: 'BadRequest',
+          message: 'Invalid request parameters.',
+        });
+    });
+
+    it('returns 30 guilds per page ordered by number of members', async () => {
+      await user.update({balance: 9000});
+      let groups = await Promise.all(_.times(60, (i) => {
+        return generateGroup(user, {
+          name: `public guild ${i} - is member`,
+          type: 'guild',
+          privacy: 'public',
+        });
+      }));
+
+      // update group number 32 and not the first to make sure sorting works
+      await groups[32].update({name: 'guild with most members', memberCount: 199});
+      await groups[33].update({name: 'guild with less members', memberCount: -100});
+
+      let page0 = await expect(user.get('/groups?type=publicGuilds&paginate=true'))
+        .to.eventually.have.a.lengthOf(GUILD_PER_PAGE);
+      expect(page0[0].name).to.equal('guild with most members');
+
+      await expect(user.get('/groups?type=publicGuilds&paginate=true&page=1'))
+        .to.eventually.have.a.lengthOf(GUILD_PER_PAGE);
+      let page2 = await expect(user.get('/groups?type=publicGuilds&paginate=true&page=2'))
+        .to.eventually.have.a.lengthOf(1 + 2); // 1 created now, 2 by other tests
+      expect(page2[2].name).to.equal('guild with less members');
+    });
+  });
+
   it('returns all the user\'s guilds when guilds passed in as query', async () => {
     await expect(user.get('/groups?type=guilds'))
       .to.eventually.have.a.lengthOf(NUMBER_OF_PUBLIC_GUILDS_USER_IS_MEMBER + NUMBER_OF_USERS_PRIVATE_GUILDS);

test/api/v3/integration/groups/GET-groups_groupId_members.test.js

@@ -84,7 +84,7 @@ describe('GET /groups/:groupId/members', () => {
     expect(Object.keys(memberRes.auth)).to.eql(['timestamps']);
     expect(Object.keys(memberRes.preferences).sort()).to.eql([
       'size', 'hair', 'skin', 'shirt',
-      'chair', 'costume', 'sleep', 'background',
+      'chair', 'costume', 'sleep', 'background', 'tasks',
     ].sort());
 
     expect(memberRes.stats.maxMP).to.exist;

test/api/v3/integration/groups/POST-groups_groupId_leave.js

@@ -78,7 +78,7 @@ describe('POST /groups/:groupId/leave', () => {
         expect(leader.newMessages[groupToLeave._id]).to.be.empty;
       });
 
-      context('With challenges', () => {
+      context('with challenges', () => {
         let challenge;
 
         beforeEach(async () => {
@@ -106,10 +106,25 @@ describe('POST /groups/:groupId/leave', () => {
 
           let userWithChallengeTasks = await leader.get('/user');
 
-          expect(userWithChallengeTasks.challenges).to.not.include(challenge._id);
           // @TODO find elegant way to assert against the task existing
           expect(userWithChallengeTasks.tasksOrder.habits).to.not.be.empty;
         });
+
+        it('keeps the user in the challenge when the keepChallenges parameter is set to remain-in-challenges', async () => {
+          await leader.post(`/groups/${groupToLeave._id}/leave`, {keepChallenges: 'remain-in-challenges'});
+
+          let userWithChallengeTasks = await leader.get('/user');
+
+          expect(userWithChallengeTasks.challenges).to.include(challenge._id);
+        });
+
+        it('drops the user in the challenge when the keepChallenges parameter isn\'t set', async () => {
+          await leader.post(`/groups/${groupToLeave._id}/leave`);
+
+          let userWithChallengeTasks = await leader.get('/user');
+
+          expect(userWithChallengeTasks.challenges).to.not.include(challenge._id);
+        });
       });
 
       it('prevents quest leader from leaving a groupToLeave');

test/api/v3/integration/groups/POST-groups_invite.test.js

@@ -1,5 +1,6 @@
 import {
   generateUser,
+  generateGroup,
   translate as t,
 } from '../../../../helpers/api-v3-integration.helper';
 import { v4 as generateUUID } from 'uuid';
@@ -12,7 +13,7 @@ describe('Post /groups/:groupId/invite', () => {
   let groupName = 'Test Public Guild';
 
   beforeEach(async () => {
-    inviter = await generateUser({balance: 1});
+    inviter = await generateUser({balance: 4});
     group = await inviter.post('/groups', {
       name: groupName,
       type: 'guild',
@@ -265,6 +266,25 @@ describe('Post /groups/:groupId/invite', () => {
       expect(invitedUser.invitations.guilds[0].id).to.equal(group._id);
       expect(invite).to.exist;
     });
+
+    it('invites marks invite with cancelled plan', async () => {
+      let cancelledPlanGroup = await generateGroup(inviter, {
+        type: 'guild',
+        name: generateUUID(),
+      });
+      await cancelledPlanGroup.createCancelledSubscription();
+
+      let newUser = await generateUser();
+      let invite = await inviter.post(`/groups/${cancelledPlanGroup._id}/invite`, {
+        uuids: [newUser._id],
+        emails: [{name: 'test', email: 'test@habitica.com'}],
+      });
+      let invitedUser = await newUser.get('/user');
+
+      expect(invitedUser.invitations.guilds[0].id).to.equal(cancelledPlanGroup._id);
+      expect(invitedUser.invitations.guilds[0].cancelledPlan).to.be.true;
+      expect(invite).to.exist;
+    });
   });
 
   describe('guild invites', () => {

test/api/v3/integration/groups/PUT-groups.test.js

@@ -43,4 +43,15 @@ describe('PUT /group', () => {
     expect(updatedGroup.leader.profile.name).to.eql(leader.profile.name);
     expect(updatedGroup.name).to.equal(groupUpdatedName);
   });
+
+  it('allows a leader to change leaders', async () => {
+    let updatedGroup = await leader.put(`/groups/${groupToUpdate._id}`, {
+      name: groupUpdatedName,
+      leader: nonLeader._id,
+    });
+
+    expect(updatedGroup.leader._id).to.eql(nonLeader._id);
+    expect(updatedGroup.leader.profile.name).to.eql(nonLeader.profile.name);
+    expect(updatedGroup.name).to.equal(groupUpdatedName);
+  });
 });

test/api/v3/integration/hall/PUT-hall_heores_heroId.test.js

@@ -40,13 +40,14 @@ describe('PUT /heroes/:heroId', () => {
     });
   });
 
-  it('updates contributor level, balance, ads, blocked', async () => {
+  it('change contributor level, balance, ads', async () => {
     let hero = await generateUser();
+    let prevBlockState = hero.auth.blocked;
+    let prevSleepState = hero.preferences.sleep;
     let heroRes = await user.put(`/hall/heroes/${hero._id}`, {
       balance: 3,
       contributor: {level: 1},
       purchased: {ads: true},
-      auth: {blocked: true},
     });
 
     // test response
@@ -61,18 +62,47 @@ describe('PUT /heroes/:heroId', () => {
     expect(heroRes.balance).to.equal(3 + 0.75); // 3+0.75 for first contrib level
     expect(heroRes.contributor.level).to.equal(1);
     expect(heroRes.purchased.ads).to.equal(true);
-    expect(heroRes.auth.blocked).to.equal(true);
     // test hero values
     await hero.sync();
     expect(hero.balance).to.equal(3 + 0.75); // 3+0.75 for first contrib level
     expect(hero.contributor.level).to.equal(1);
     expect(hero.purchased.ads).to.equal(true);
-    expect(hero.auth.blocked).to.equal(true);
-    expect(hero.preferences.sleep).to.equal(true);
+    expect(hero.auth.blocked).to.equal(prevBlockState);
+    expect(hero.preferences.sleep).to.equal(prevSleepState);
     expect(hero.notifications.length).to.equal(1);
     expect(hero.notifications[0].type).to.equal('NEW_CONTRIBUTOR_LEVEL');
   });
 
+  it('block a user', async () => {
+    let hero = await generateUser();
+    let heroRes = await user.put(`/hall/heroes/${hero._id}`, {
+      auth: {blocked: true},
+      preferences: {sleep: true},
+    });
+
+    // test response values
+    expect(heroRes.auth.blocked).to.equal(true);
+    // test hero values
+    await hero.sync();
+    expect(hero.auth.blocked).to.equal(true);
+    expect(hero.preferences.sleep).to.equal(true);
+  });
+
+  it('unblock a user', async () => {
+    let hero = await generateUser();
+    let prevSleepState = hero.preferences.sleep;
+    let heroRes = await user.put(`/hall/heroes/${hero._id}`, {
+      auth: {blocked: false},
+    });
+
+    // test response values
+    expect(heroRes.auth.blocked).to.equal(false);
+    // test hero values
+    await hero.sync();
+    expect(hero.auth.blocked).to.equal(false);
+    expect(hero.preferences.sleep).to.equal(prevSleepState);
+  });
+
   it('updates chatRevoked flag', async () => {
     let hero = await generateUser();
 

test/api/v3/integration/members/GET-members_id.test.js

@@ -37,7 +37,7 @@ describe('GET /members/:memberId', () => {
     expect(Object.keys(memberRes.auth)).to.eql(['timestamps']);
     expect(Object.keys(memberRes.preferences).sort()).to.eql([
       'size', 'hair', 'skin', 'shirt',
-      'chair', 'costume', 'sleep', 'background',
+      'chair', 'costume', 'sleep', 'background', 'tasks',
     ].sort());
 
     expect(memberRes.stats.maxMP).to.exist;

test/api/v3/integration/payments/amazon/GET-payments_amazon_subscribe_cancel.test.js

@@ -6,7 +6,7 @@ import {
 import amzLib from '../../../../../../website/server/libs/amazonPayments';
 
 describe('payments : amazon #subscribeCancel', () => {
-  let endpoint = '/amazon/subscribe/cancel';
+  let endpoint = '/amazon/subscribe/cancel?noRedirect=true';
   let user, group, amazonSubscribeCancelStub;
 
   beforeEach(async () => {
@@ -22,7 +22,7 @@ describe('payments : amazon #subscribeCancel', () => {
   });
 
   describe('success', () => {
-    beforeEach(async () => {
+    beforeEach(() => {
       amazonSubscribeCancelStub = sinon.stub(amzLib, 'cancelSubscription').returnsPromise().resolves({});
     });
 
@@ -66,7 +66,7 @@ describe('payments : amazon #subscribeCancel', () => {
         'purchased.plan.lastBillingDate': new Date(),
       });
 
-      await user.get(`${endpoint}?groupId=${group._id}`);
+      await user.get(`${endpoint}&groupId=${group._id}`);
 
       expect(amazonSubscribeCancelStub).to.be.calledOnce;
       expect(amazonSubscribeCancelStub.args[0][0].user._id).to.eql(user._id);

test/api/v3/integration/payments/apple/GET-payments_apple_cancelSubscribe.js

@@ -0,0 +1,41 @@
+import {generateUser} from '../../../../../helpers/api-integration/v3';
+import applePayments from '../../../../../../website/server/libs/applePayments';
+
+describe('payments : apple #cancelSubscribe', () => {
+  let endpoint = '/iap/ios/subscribe/cancel?noRedirect=true';
+  let user;
+
+  beforeEach(async () => {
+    user = await generateUser();
+  });
+
+  describe('success', () => {
+    let cancelStub;
+
+    beforeEach(async () => {
+      cancelStub = sinon.stub(applePayments, 'cancelSubscribe').returnsPromise().resolves({});
+    });
+
+    afterEach(() => {
+      applePayments.cancelSubscribe.restore();
+    });
+
+    it('cancels the subscription', async () => {
+      user = await generateUser({
+        'profile.name': 'sender',
+        'purchased.plan.paymentMethod': 'Apple',
+        'purchased.plan.customerId': 'customer-id',
+        'purchased.plan.planId': 'basic_3mo',
+        'purchased.plan.lastBillingDate': new Date(),
+        balance: 2,
+      });
+
+      await user.get(endpoint);
+
+      expect(cancelStub).to.be.calledOnce;
+      expect(cancelStub.args[0][0]._id).to.eql(user._id);
+      expect(cancelStub.args[0][1]['x-api-key']).to.eql(user.apiToken);
+      expect(cancelStub.args[0][1]['x-api-user']).to.eql(user._id);
+    });
+  });
+});

test/api/v3/integration/payments/apple/POST-payments_apple_verifyiap.js

@@ -0,0 +1,40 @@
+import {generateUser} from '../../../../../helpers/api-integration/v3';
+import applePayments from '../../../../../../website/server/libs/applePayments';
+
+describe('payments : apple #verify', () => {
+  let endpoint = '/iap/ios/verify';
+  let user;
+
+  beforeEach(async () => {
+    user = await generateUser();
+  });
+
+  describe('success', () => {
+    let verifyStub;
+
+    beforeEach(async () => {
+      verifyStub = sinon.stub(applePayments, 'verifyGemPurchase').returnsPromise().resolves({});
+    });
+
+    afterEach(() => {
+      applePayments.verifyGemPurchase.restore();
+    });
+
+    it('makes a purchase', async () => {
+      user = await generateUser({
+        balance: 2,
+      });
+
+      await user.post(endpoint, {
+      transaction: {
+        receipt: 'receipt',
+      }});
+
+      expect(verifyStub).to.be.calledOnce;
+      expect(verifyStub.args[0][0]._id).to.eql(user._id);
+      expect(verifyStub.args[0][1]).to.eql('receipt');
+      expect(verifyStub.args[0][2]['x-api-key']).to.eql(user.apiToken);
+      expect(verifyStub.args[0][2]['x-api-user']).to.eql(user._id);
+    });
+  });
+});

test/api/v3/integration/payments/apple/POST-payments_google_subscribe.test.js

@@ -0,0 +1,55 @@
+import {generateUser, translate as t} from '../../../../../helpers/api-integration/v3';
+import applePayments from '../../../../../../website/server/libs/applePayments';
+
+describe('payments : apple #subscribe', () => {
+  let endpoint = '/iap/ios/subscribe';
+  let user;
+
+  beforeEach(async () => {
+    user = await generateUser();
+  });
+
+  it('verifies sub key', async () => {
+    await expect(user.post(endpoint)).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('missingSubscriptionCode'),
+    });
+  });
+
+  describe('success', () => {
+    let subscribeStub;
+
+    beforeEach(async () => {
+      subscribeStub = sinon.stub(applePayments, 'subscribe').returnsPromise().resolves({});
+    });
+
+    afterEach(() => {
+      applePayments.subscribe.restore();
+    });
+
+    it('makes a purchase', async () => {
+      user = await generateUser({
+        'profile.name': 'sender',
+        'purchased.plan.customerId': 'customer-id',
+        'purchased.plan.planId': 'basic_3mo',
+        'purchased.plan.lastBillingDate': new Date(),
+        balance: 2,
+      });
+
+      let sku = 'com.habitrpg.ios.habitica.subscription.3month';
+
+      await user.post(endpoint, {
+        sku,
+        receipt: 'receipt',
+      });
+
+      expect(subscribeStub).to.be.calledOnce;
+      expect(subscribeStub.args[0][0]).to.eql(sku);
+      expect(subscribeStub.args[0][1]._id).to.eql(user._id);
+      expect(subscribeStub.args[0][2]).to.eql('receipt');
+      expect(subscribeStub.args[0][3]['x-api-key']).to.eql(user.apiToken);
+      expect(subscribeStub.args[0][3]['x-api-user']).to.eql(user._id);
+    });
+  });
+});

test/api/v3/integration/payments/google/GET-payments_google_cancelSubscribe.js

@@ -2,7 +2,7 @@ import {generateUser} from '../../../../../helpers/api-integration/v3';
 import googlePayments from '../../../../../../website/server/libs/googlePayments';
 
 describe('payments : google #cancelSubscribe', () => {
-  let endpoint = '/iap/android/subscribe/cancel';
+  let endpoint = '/iap/android/subscribe/cancel?noRedirect=true';
   let user;
 
   beforeEach(async () => {
@@ -23,6 +23,7 @@ describe('payments : google #cancelSubscribe', () => {
     it('makes a purchase', async () => {
       user = await generateUser({
         'profile.name': 'sender',
+        'purchased.plan.paymentMethod': 'Google',
         'purchased.plan.customerId': 'customer-id',
         'purchased.plan.planId': 'basic_3mo',
         'purchased.plan.lastBillingDate': new Date(),

test/api/v3/integration/payments/paypal/GET-payments_paypal_checkout.test.js

@@ -31,7 +31,7 @@ describe('payments : paypal #checkout', () => {
         balance: 2,
       });
 
-      await user.get(endpoint);
+      await user.get(`${endpoint}?noRedirect=true`);
 
       expect(checkoutStub).to.be.calledOnce;
       expect(checkoutStub.args[0][0].gift).to.eql(undefined);

test/api/v3/integration/payments/paypal/GET-payments_paypal_checkout_success.test.js

@@ -53,7 +53,7 @@ describe('payments : paypal #checkoutSuccess', () => {
         balance: 2,
       });
 
-      await user.get(`${endpoint}?PayerID=${customerId}&paymentId=${paymentId}`);
+      await user.get(`${endpoint}?PayerID=${customerId}&paymentId=${paymentId}&noRedirect=true`);
 
       expect(checkoutSuccessStub).to.be.calledOnce;
 

test/api/v3/integration/payments/paypal/GET-payments_paypal_subscribe.test.js

@@ -44,7 +44,7 @@ describe('payments : paypal #subscribe', () => {
         balance: 2,
       });
 
-      await user.get(`${endpoint}?sub=${subKey}`);
+      await user.get(`${endpoint}?sub=${subKey}&noRedirect=true`);
 
       expect(subscribeStub).to.be.calledOnce;
 

test/api/v3/integration/payments/paypal/GET-payments_paypal_subscribe_cancel.test.js

@@ -41,7 +41,7 @@ describe('payments : paypal #subscribeCancel', () => {
         balance: 2,
       });
 
-      await user.get(endpoint);
+      await user.get(`${endpoint}?noRedirect=true`);
 
       expect(subscribeCancelStub).to.be.calledOnce;
 

test/api/v3/integration/payments/paypal/GET-payments_paypal_subscribe_success.test.js

@@ -42,7 +42,7 @@ describe('payments : paypal #subscribeSuccess', () => {
         balance: 2,
       });
 
-      await user.get(`${endpoint}?token=${token}`);
+      await user.get(`${endpoint}?token=${token}&noRedirect=true`);
 
       expect(subscribeSuccessStub).to.be.calledOnce;
 

test/api/v3/integration/payments/stripe/GET-payments_stripe_subscribe_cancel.test.js

@@ -6,7 +6,7 @@ import {
 import stripePayments from '../../../../../../website/server/libs/stripePayments';
 
 describe('payments - stripe - #subscribeCancel', () => {
-  let endpoint = '/stripe/subscribe/cancel';
+  let endpoint = '/stripe/subscribe/cancel?redirect=none';
   let user, group, stripeCancelSubscriptionStub;
 
   beforeEach(async () => {
@@ -39,7 +39,7 @@ describe('payments - stripe - #subscribeCancel', () => {
         balance: 2,
       });
 
-      await user.get(`${endpoint}?redirect=none`);
+      await user.get(`${endpoint}`);
 
       expect(stripeCancelSubscriptionStub).to.be.calledOnce;
       expect(stripeCancelSubscriptionStub.args[0][0].user._id).to.eql(user._id);
@@ -64,7 +64,7 @@ describe('payments - stripe - #subscribeCancel', () => {
         'purchased.plan.lastBillingDate': new Date(),
       });
 
-      await user.get(`${endpoint}?groupId=${group._id}&redirect=none`);
+      await user.get(`${endpoint}&groupId=${group._id}`);
 
       expect(stripeCancelSubscriptionStub).to.be.calledOnce;
       expect(stripeCancelSubscriptionStub.args[0][0].user._id).to.eql(user._id);

test/api/v3/integration/tasks/POST-tasks_id_score_direction.test.js

@@ -315,6 +315,30 @@ describe('POST /tasks/:id/score/:direction', () => {
 
       expect(updatedUser.stats.gp).to.be.greaterThan(user.stats.gp);
     });
+
+    it('adds score notes to task', async () => {
+      let scoreNotesString = 'test-notes';
+
+      await user.post(`/tasks/${habit._id}/score/up`, {
+        scoreNotes: scoreNotesString,
+      });
+      let updatedTask = await user.get(`/tasks/${habit._id}`);
+
+      expect(updatedTask.history[0].scoreNotes).to.eql(scoreNotesString);
+    });
+
+    it('errors when score notes are too large', async () => {
+      let scoreNotesString = new Array(258).join('a');
+
+      await expect(user.post(`/tasks/${habit._id}/score/up`, {
+        scoreNotes: scoreNotesString,
+      }))
+      .to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('taskScoreNotesTooLong'),
+      });
+    });
   });
 
   context('reward', () => {

test/api/v3/integration/tasks/POST-tasks_user.test.js

@@ -496,6 +496,8 @@ describe('POST /tasks/user', () => {
         frequency: 'daily',
         everyX: 5,
         startDate: now,
+        daysOfMonth: [15],
+        weeksOfMonth: [3],
       });
 
       expect(task.userId).to.equal(user._id);
@@ -504,6 +506,8 @@ describe('POST /tasks/user', () => {
       expect(task.type).to.eql('daily');
       expect(task.frequency).to.eql('daily');
       expect(task.everyX).to.eql(5);
+      expect(task.daysOfMonth).to.eql([15]);
+      expect(task.weeksOfMonth).to.eql([3]);
       expect(new Date(task.startDate)).to.eql(now);
     });
 

test/api/v3/integration/user/DELETE-user.test.js

@@ -3,6 +3,7 @@ import {
   createAndPopulateGroup,
   generateGroup,
   generateUser,
+  generateChallenge,
   translate as t,
 } from '../../../../helpers/api-integration/v3';
 import {
@@ -64,6 +65,30 @@ describe('DELETE /user', () => {
     }));
   });
 
+  it('reduces memberCount in challenges user is linked to', async () => {
+    let populatedGroup = await createAndPopulateGroup({
+      members: 2,
+    });
+
+    let group = populatedGroup.group;
+    let authorizedUser = populatedGroup.members[1];
+
+    let challenge = await generateChallenge(populatedGroup.groupLeader, group);
+    await authorizedUser.post(`/challenges/${challenge._id}/join`);
+
+    await challenge.sync();
+
+    expect(challenge.memberCount).to.eql(2);
+
+    await authorizedUser.del('/user', {
+      password,
+    });
+
+    await challenge.sync();
+
+    expect(challenge.memberCount).to.eql(1);
+  });
+
   it('deletes the user', async () => {
     await user.del('/user', {
       password,

test/api/v3/integration/user/auth/GET-auth_reset-password-set-new-one.js

@@ -0,0 +1,140 @@
+import {
+  encrypt,
+} from '../../../../../../website/server/libs/encryption';
+import moment from 'moment';
+import {
+  generateUser,
+} from '../../../../../helpers/api-integration/v3';
+import superagent from 'superagent';
+import nconf from 'nconf';
+
+const API_TEST_SERVER_PORT = nconf.get('PORT');
+
+describe('GET /user/auth/local/reset-password-set-new-one', () => {
+  let endpoint = `http://localhost:${API_TEST_SERVER_PORT}/static/user/auth/local/reset-password-set-new-one`;
+
+  // Tests to validate the validatePasswordResetCodeAndFindUser function
+
+  it('renders an error page if the code is missing', async () => {
+    try {
+      await superagent.get(endpoint);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the code is invalid json', async () => {
+    try {
+      await superagent.get(`${endpoint}?code=invalid`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the code cannot be decrypted', async () => {
+    let user = await generateUser();
+
+    try {
+      let code = JSON.stringify({ // not encrypted
+        userId: user._id,
+        expiresAt: new Date(),
+      });
+      await superagent.get(`${endpoint}?code=${code}`);
+
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the code is expired', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().subtract({minutes: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': code,
+    });
+
+    try {
+      await superagent.get(`${endpoint}?code=${code}`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the user does not exist', async () => {
+    let code = encrypt(JSON.stringify({
+      userId: Date.now().toString(),
+      expiresAt: moment().add({days: 1}),
+    }));
+
+    try {
+      await superagent.get(`${endpoint}?code=${code}`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the user has no local auth', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      auth: 'not an object with valid fields',
+    });
+
+    try {
+      await superagent.get(`${endpoint}?code=${code}`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the code doesn\'t match the one saved at user.auth.passwordResetCode', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': 'invalid',
+    });
+
+    try {
+      await superagent.get(`${endpoint}?code=${code}`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  //
+
+  it('returns the password reset page if the password reset code is valid', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': code,
+    });
+
+    let res = await superagent.get(`${endpoint}?code=${code}`);
+    expect(res.status).to.equal(200);
+  });
+});
+

test/api/v3/integration/user/auth/POST-auth_reset-password-set-new-one.js

@@ -0,0 +1,267 @@
+import {
+  encrypt,
+} from '../../../../../../website/server/libs/encryption';
+import {
+  compare,
+  bcryptCompare,
+  sha1MakeSalt,
+  sha1Encrypt as sha1EncryptPassword,
+} from '../../../../../../website/server/libs/password';
+import moment from 'moment';
+import {
+  generateUser,
+} from '../../../../../helpers/api-integration/v3';
+import superagent from 'superagent';
+import nconf from 'nconf';
+
+const API_TEST_SERVER_PORT = nconf.get('PORT');
+
+describe('POST /user/auth/local/reset-password-set-new-one', () => {
+  let endpoint = `http://localhost:${API_TEST_SERVER_PORT}/static/user/auth/local/reset-password-set-new-one`;
+
+  // Tests to validate the validatePasswordResetCodeAndFindUser function
+
+  it('renders an error page if the code is missing', async () => {
+    try {
+      await superagent.post(endpoint);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the code is invalid json', async () => {
+    try {
+      await superagent.post(`${endpoint}?code=invalid`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the code cannot be decrypted', async () => {
+    let user = await generateUser();
+
+    try {
+      let code = JSON.stringify({ // not encrypted
+        userId: user._id,
+        expiresAt: new Date(),
+      });
+      await superagent.post(`${endpoint}?code=${code}`);
+
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the code is expired', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().subtract({minutes: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': code,
+    });
+
+    try {
+      await superagent.post(`${endpoint}?code=${code}`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the user does not exist', async () => {
+    let code = encrypt(JSON.stringify({
+      userId: Date.now().toString(),
+      expiresAt: moment().add({days: 1}),
+    }));
+
+    try {
+      await superagent.post(`${endpoint}?code=${code}`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the user has no local auth', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      auth: 'not an object with valid fields',
+    });
+
+    try {
+      await superagent.post(`${endpoint}?code=${code}`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders an error page if the code doesn\'t match the one saved at user.auth.passwordResetCode', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': 'invalid',
+    });
+
+    try {
+      await superagent.post(`${endpoint}?code=${code}`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  //
+
+  it('renders the error page if the new password is missing', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': code,
+    });
+
+    try {
+      await superagent.post(`${endpoint}?code=${code}`);
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders the error page if the password confirmation is missing', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': code,
+    });
+
+    try {
+      await superagent
+        .post(`${endpoint}?code=${code}`)
+        .send({newPassword: 'my new password'});
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders the error page if the password confirmation does not match', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': code,
+    });
+
+    try {
+      await superagent
+        .post(`${endpoint}?code=${code}`)
+        .send({
+          newPassword: 'my new password',
+          confirmPassword: 'not matching',
+        });
+      throw new Error('Request should fail.');
+    } catch (err) {
+      expect(err.status).to.equal(401);
+    }
+  });
+
+  it('renders the success page and save the user', async () => {
+    let user = await generateUser();
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': code,
+    });
+
+    let res = await superagent
+      .post(`${endpoint}?code=${code}`)
+      .send({
+        newPassword: 'my new password',
+        confirmPassword: 'my new password',
+      });
+
+    expect(res.status).to.equal(200);
+
+    await user.sync();
+    expect(user.auth.local.passwordResetCode).to.equal(undefined);
+    expect(user.auth.local.passwordHashMethod).to.equal('bcrypt');
+    expect(user.auth.local.salt).to.be.undefined;
+    let isPassValid = await compare(user, 'my new password');
+    expect(isPassValid).to.equal(true);
+  });
+
+  it('renders the success page and convert the password from sha1 to bcrypt', async () => {
+    let user = await generateUser();
+
+    let textPassword = 'mySecretPassword';
+    let salt = sha1MakeSalt();
+    let sha1HashedPassword = sha1EncryptPassword(textPassword, salt);
+
+    await user.update({
+      'auth.local.hashed_password': sha1HashedPassword,
+      'auth.local.passwordHashMethod': 'sha1',
+      'auth.local.salt': salt,
+    });
+
+    await user.sync();
+    expect(user.auth.local.passwordHashMethod).to.equal('sha1');
+    expect(user.auth.local.salt).to.equal(salt);
+    expect(user.auth.local.hashed_password).to.equal(sha1HashedPassword);
+
+    let code = encrypt(JSON.stringify({
+      userId: user._id,
+      expiresAt: moment().add({days: 1}),
+    }));
+    await user.update({
+      'auth.local.passwordResetCode': code,
+    });
+
+    let res = await superagent
+      .post(`${endpoint}?code=${code}`)
+      .send({
+        newPassword: 'my new password',
+        confirmPassword: 'my new password',
+      });
+
+    expect(res.status).to.equal(200);
+
+    await user.sync();
+    expect(user.auth.local.passwordResetCode).to.equal(undefined);
+    expect(user.auth.local.passwordHashMethod).to.equal('bcrypt');
+    expect(user.auth.local.salt).to.be.undefined;
+    expect(user.auth.local.hashed_password).not.to.equal(sha1HashedPassword);
+
+    let isValidPassword = await bcryptCompare('my new password', user.auth.local.hashed_password);
+    expect(isValidPassword).to.equal(true);
+  });
+});

test/api/v3/integration/user/auth/POST-register_local.test.js

@@ -5,6 +5,7 @@ import {
   createAndPopulateGroup,
   getProperty,
 } from '../../../../../helpers/api-integration/v3';
+import { ApiUser } from '../../../../../helpers/api-integration/api-classes';
 import { v4 as generateRandomUserName } from 'uuid';
 import { each } from 'lodash';
 import { encrypt } from '../../../../../../website/server/libs/encryption';
@@ -416,5 +417,37 @@ describe('POST /user/auth/local/register', () => {
 
       expect(user.tags).to.not.be.empty;
     });
+
+    it('adds the correct tags to the correct tasks', async () => {
+      let user = await api.post('/user/auth/local/register', {
+        username,
+        email,
+        password,
+        confirmPassword: password,
+      });
+
+      let requests = new ApiUser(user);
+
+      let habits = await requests.get('/tasks/user?type=habits');
+      let todos = await requests.get('/tasks/user?type=todos');
+
+      function findTag (tagName) {
+        let tag = user.tags.find((userTag) => {
+          return userTag.name === t(tagName);
+        });
+        return tag.id;
+      }
+
+      expect(habits[0].tags).to.have.a.lengthOf(3);
+      expect(habits[0].tags).to.include.members(['defaultTag1', 'defaultTag4', 'defaultTag6'].map(findTag));
+
+      expect(habits[1].tags).to.have.a.lengthOf(1);
+      expect(habits[1].tags).to.include.members(['defaultTag3'].map(findTag));
+
+      expect(habits[2].tags).to.have.a.lengthOf(2);
+      expect(habits[2].tags).to.include.members(['defaultTag2', 'defaultTag3'].map(findTag));
+
+      expect(todos[0].tags).to.have.a.lengthOf(0);
+    });
   });
 });

test/api/v3/integration/user/auth/POST-user_reset_password.test.js

@@ -2,10 +2,10 @@ import {
   generateUser,
   translate as t,
 } from '../../../../../helpers/api-integration/v3';
+import moment from 'moment';
 import {
-  sha1MakeSalt,
-  sha1Encrypt as sha1EncryptPassword,
-} from '../../../../../../website/server/libs/password';
+  decrypt,
+} from '../../../../../../website/server/libs/encryption';
 
 describe('POST /user/reset-password', async () => {
   let endpoint = '/user/reset-password';
@@ -25,33 +25,6 @@ describe('POST /user/reset-password', async () => {
     expect(user.auth.local.hashed_password).to.not.eql(previousPassword);
   });
 
-  it('converts user with SHA1 encrypted password to bcrypt encryption', async () => {
-    let textPassword = 'mySecretPassword';
-    let salt = sha1MakeSalt();
-    let sha1HashedPassword = sha1EncryptPassword(textPassword, salt);
-
-    await user.update({
-      'auth.local.hashed_password': sha1HashedPassword,
-      'auth.local.passwordHashMethod': 'sha1',
-      'auth.local.salt': salt,
-    });
-
-    await user.sync();
-    expect(user.auth.local.passwordHashMethod).to.equal('sha1');
-    expect(user.auth.local.salt).to.equal(salt);
-    expect(user.auth.local.hashed_password).to.equal(sha1HashedPassword);
-
-    // update email
-    await user.post(endpoint, {
-      email: user.auth.local.email,
-    });
-
-    await user.sync();
-    expect(user.auth.local.passwordHashMethod).to.equal('bcrypt');
-    expect(user.auth.local.salt).to.be.undefined;
-    expect(user.auth.local.hashed_password).not.to.equal(sha1HashedPassword);
-  });
-
   it('same message on error as on success', async () => {
     let response = await user.post(endpoint, {
       email: 'nonExistent@email.com',
@@ -66,4 +39,19 @@ describe('POST /user/reset-password', async () => {
       message: t('invalidReqParams'),
     });
   });
+
+  it('sets a new password reset code on user.auth.local that expires in 1 day', async () => {
+    expect(user.auth.local.passwordResetCode).to.be.undefined;
+
+    await user.post(endpoint, {
+      email: user.auth.local.email,
+    });
+
+    await user.sync();
+
+    expect(user.auth.local.passwordResetCode).to.be.a.string;
+    let decryptedCode = JSON.parse(decrypt(user.auth.local.passwordResetCode));
+    expect(decryptedCode.userId).to.equal(user._id);
+    expect(moment(decryptedCode.expiresAt).isAfter(moment().add({hours: 23}))).to.equal(true);
+  });
 });

test/api/v3/unit/libs/amazonPayments.test.js

@@ -1,10 +1,12 @@
 import moment from 'moment';
 import cc from 'coupon-code';
+import uuid from 'uuid';
 
 import {
   generateGroup,
 } from '../../../../helpers/api-unit.helper.js';
 import { model as User } from '../../../../../website/server/models/user';
+import { model as Group } from '../../../../../website/server/models/group';
 import { model as Coupon } from '../../../../../website/server/models/coupon';
 import amzLib from '../../../../../website/server/libs/amazonPayments';
 import payments from '../../../../../website/server/libs/payments';
@@ -105,7 +107,7 @@ describe('Amazon Payments', () => {
       expect(paymentBuyGemsStub).to.be.calledOnce;
       expect(paymentBuyGemsStub).to.be.calledWith({
         user,
-        paymentMethod: amzLib.constants.PAYMENT_METHOD_AMAZON,
+        paymentMethod: amzLib.constants.PAYMENT_METHOD,
         headers,
       });
       expectAmazonStubs();
@@ -128,7 +130,7 @@ describe('Amazon Payments', () => {
       expect(paymentBuyGemsStub).to.be.calledOnce;
       expect(paymentBuyGemsStub).to.be.calledWith({
         user,
-        paymentMethod: amzLib.constants.PAYMENT_METHOD_AMAZON_GIFT,
+        paymentMethod: amzLib.constants.PAYMENT_METHOD_GIFT,
         headers,
         gift,
       });
@@ -153,7 +155,7 @@ describe('Amazon Payments', () => {
       expect(paymentCreateSubscritionStub).to.be.calledOnce;
       expect(paymentCreateSubscritionStub).to.be.calledWith({
         user,
-        paymentMethod: amzLib.constants.PAYMENT_METHOD_AMAZON_GIFT,
+        paymentMethod: amzLib.constants.PAYMENT_METHOD_GIFT,
         headers,
         gift,
       });
@@ -316,7 +318,7 @@ describe('Amazon Payments', () => {
       expect(createSubSpy).to.be.calledWith({
         user,
         customerId: billingAgreementId,
-        paymentMethod: amzLib.constants.PAYMENT_METHOD_AMAZON,
+        paymentMethod: amzLib.constants.PAYMENT_METHOD,
         sub,
         headers,
         groupId,
@@ -375,7 +377,73 @@ describe('Amazon Payments', () => {
       expect(createSubSpy).to.be.calledWith({
         user,
         customerId: billingAgreementId,
-        paymentMethod: amzLib.constants.PAYMENT_METHOD_AMAZON,
+        paymentMethod: amzLib.constants.PAYMENT_METHOD,
+        sub,
+        headers,
+        groupId,
+      });
+    });
+
+    it('subscribes with amazon with price to existing users', async () => {
+      user = new User();
+      user.guilds.push(groupId);
+      await user.save();
+      group.memberCount = 2;
+      await group.save();
+      sub.key = 'group_monthly';
+      sub.price = 9;
+      amount = 12;
+
+      await amzLib.subscribe({
+        billingAgreementId,
+        sub,
+        coupon,
+        user,
+        groupId,
+        headers,
+      });
+
+      expect(amazonSetBillingAgreementDetailsSpy).to.be.calledOnce;
+      expect(amazonSetBillingAgreementDetailsSpy).to.be.calledWith({
+        AmazonBillingAgreementId: billingAgreementId,
+        BillingAgreementAttributes: {
+          SellerNote: amzLib.constants.SELLER_NOTE_SUBSCRIPTION,
+          SellerBillingAgreementAttributes: {
+            SellerBillingAgreementId: common.uuid(),
+            StoreName: amzLib.constants.STORE_NAME,
+            CustomInformation: amzLib.constants.SELLER_NOTE_SUBSCRIPTION,
+          },
+        },
+      });
+
+      expect(amazonConfirmBillingAgreementSpy).to.be.calledOnce;
+      expect(amazonConfirmBillingAgreementSpy).to.be.calledWith({
+        AmazonBillingAgreementId: billingAgreementId,
+      });
+
+      expect(amazongAuthorizeOnBillingAgreementSpy).to.be.calledOnce;
+      expect(amazongAuthorizeOnBillingAgreementSpy).to.be.calledWith({
+        AmazonBillingAgreementId: billingAgreementId,
+        AuthorizationReferenceId: common.uuid().substring(0, 32),
+        AuthorizationAmount: {
+          CurrencyCode: amzLib.constants.CURRENCY_CODE,
+          Amount: amount,
+        },
+        SellerAuthorizationNote: amzLib.constants.SELLER_NOTE_ATHORIZATION_SUBSCRIPTION,
+        TransactionTimeout: 0,
+        CaptureNow: true,
+        SellerNote: amzLib.constants.SELLER_NOTE_ATHORIZATION_SUBSCRIPTION,
+        SellerOrderAttributes: {
+          SellerOrderId: common.uuid(),
+          StoreName: amzLib.constants.STORE_NAME,
+        },
+      });
+
+      expect(createSubSpy).to.be.calledOnce;
+      expect(createSubSpy).to.be.calledWith({
+        user,
+        customerId: billingAgreementId,
+        paymentMethod: amzLib.constants.PAYMENT_METHOD,
         sub,
         headers,
         groupId,
@@ -455,7 +523,7 @@ describe('Amazon Payments', () => {
         user,
         groupId: undefined,
         nextBill: moment(user.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
-        paymentMethod: amzLib.constants.PAYMENT_METHOD_AMAZON,
+        paymentMethod: amzLib.constants.PAYMENT_METHOD,
         headers,
       });
       expectAmazonStubs();
@@ -485,7 +553,7 @@ describe('Amazon Payments', () => {
         user,
         groupId: undefined,
         nextBill: moment(user.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
-        paymentMethod: amzLib.constants.PAYMENT_METHOD_AMAZON,
+        paymentMethod: amzLib.constants.PAYMENT_METHOD,
         headers,
       });
       amzLib.closeBillingAgreement.restore();
@@ -523,7 +591,7 @@ describe('Amazon Payments', () => {
         user,
         groupId: group._id,
         nextBill: moment(group.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
-        paymentMethod: amzLib.constants.PAYMENT_METHOD_AMAZON,
+        paymentMethod: amzLib.constants.PAYMENT_METHOD,
         headers,
       });
       expectAmazonStubs();
@@ -553,10 +621,84 @@ describe('Amazon Payments', () => {
         user,
         groupId: group._id,
         nextBill: moment(group.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
-        paymentMethod: amzLib.constants.PAYMENT_METHOD_AMAZON,
+        paymentMethod: amzLib.constants.PAYMENT_METHOD,
         headers,
       });
       amzLib.closeBillingAgreement.restore();
     });
   });
+
+  describe('#upgradeGroupPlan', () => {
+    let spy, data, user, group, uuidString;
+
+    beforeEach(async function () {
+      user = new User();
+      user.profile.name = 'sender';
+
+      data = {
+        user,
+        sub: {
+          key: 'basic_3mo', // @TODO: Validate that this is group
+        },
+        customerId: 'customer-id',
+        paymentMethod: 'Payment Method',
+        headers: {
+          'x-client': 'habitica-web',
+          'user-agent': '',
+        },
+      };
+
+      group = generateGroup({
+        name: 'test group',
+        type: 'guild',
+        privacy: 'public',
+        leader: user._id,
+      });
+      await group.save();
+
+      spy = sinon.stub(amzLib, 'authorizeOnBillingAgreement');
+      spy.returnsPromise().resolves([]);
+
+      uuidString = 'uuid-v4';
+      sinon.stub(uuid, 'v4').returns(uuidString);
+
+      data.groupId = group._id;
+      data.sub.quantity = 3;
+    });
+
+    afterEach(function () {
+      sinon.restore(amzLib.authorizeOnBillingAgreement);
+      uuid.v4.restore();
+    });
+
+    it('charges for a new member', async () => {
+      data.paymentMethod = amzLib.constants.PAYMENT_METHOD;
+      await payments.createSubscription(data);
+
+      let updatedGroup = await Group.findById(group._id).exec();
+
+      updatedGroup.memberCount += 1;
+      await updatedGroup.save();
+
+      await amzLib.chargeForAdditionalGroupMember(updatedGroup);
+
+      expect(spy.calledOnce).to.be.true;
+      expect(spy).to.be.calledWith({
+        AmazonBillingAgreementId: updatedGroup.purchased.plan.customerId,
+        AuthorizationReferenceId: uuidString.substring(0, 32),
+        AuthorizationAmount: {
+          CurrencyCode: amzLib.constants.CURRENCY_CODE,
+          Amount: 3,
+        },
+        SellerAuthorizationNote: amzLib.constants.SELLER_NOTE_GROUP_NEW_MEMBER,
+        TransactionTimeout: 0,
+        CaptureNow: true,
+        SellerNote: amzLib.constants.SELLER_NOTE_GROUP_NEW_MEMBER,
+        SellerOrderAttributes: {
+          SellerOrderId: uuidString,
+          StoreName: amzLib.constants.STORE_NAME,
+        },
+      });
+    });
+  });
 });

test/api/v3/unit/libs/apiMessages.js

@@ -0,0 +1,31 @@
+import apiMessages from '../../../../../website/server/libs/apiMessages';
+
+describe('API Messages', () => {
+  const message = 'Only public guilds support pagination.';
+  it('returns an API message', () => {
+    expect(apiMessages('guildsOnlyPaginate')).to.equal(message);
+  });
+
+  it('throws if the API message does not exist', () => {
+    expect(() => apiMessages('iDoNotExist')).to.throw;
+  });
+
+  it('clones the passed variables', () => {
+    let vars = {a: 1};
+    sandbox.stub(_, 'clone').returns({});
+    apiMessages('guildsOnlyPaginate', vars);
+    expect(_.clone).to.have.been.called.once;
+    expect(_.clone).to.have.been.calledWith(vars);
+  });
+
+  it('pass the message through _.template', () => {
+    let vars = {a: 1};
+    let stub = sinon.stub().returns('string');
+    sandbox.stub(_, 'template').returns(stub);
+    apiMessages('guildsOnlyPaginate', vars);
+    expect(_.template).to.have.been.called.once;
+    expect(_.template).to.have.been.calledWith(message);
+    expect(stub).to.have.been.called.once;
+    expect(stub).to.have.been.calledWith(vars);
+  });
+});

test/api/v3/unit/libs/applePayments.test.js

@@ -0,0 +1,258 @@
+/* eslint-disable camelcase */
+import iapModule from '../../../../../website/server/libs/inAppPurchases';
+import payments from '../../../../../website/server/libs/payments';
+import applePayments from '../../../../../website/server/libs/applePayments';
+import iap from '../../../../../website/server/libs/inAppPurchases';
+import {model as User} from '../../../../../website/server/models/user';
+import common from '../../../../../website/common';
+import moment from 'moment';
+
+const i18n = common.i18n;
+
+describe('Apple Payments', ()  => {
+  let subKey = 'basic_3mo';
+
+  describe('verifyGemPurchase', () => {
+    let sku, user, token, receipt, headers;
+    let iapSetupStub, iapValidateStub, iapIsValidatedStub, paymentBuyGemsStub, iapGetPurchaseDataStub;
+
+    beforeEach(() => {
+      token = 'testToken';
+      sku = 'com.habitrpg.ios.habitica.iap.21gems';
+      user = new User();
+      receipt = `{"token": "${token}", "productId": "${sku}"}`;
+      headers = {};
+
+      iapSetupStub = sinon.stub(iapModule, 'setup')
+        .returnsPromise().resolves();
+      iapValidateStub = sinon.stub(iapModule, 'validate')
+        .returnsPromise().resolves({});
+      iapIsValidatedStub = sinon.stub(iapModule, 'isValidated')
+        .returns(true);
+      iapGetPurchaseDataStub = sinon.stub(iapModule, 'getPurchaseData')
+        .returns([{productId: 'com.habitrpg.ios.Habitica.21gems',
+                   transactionId: token,
+        }]);
+      paymentBuyGemsStub = sinon.stub(payments, 'buyGems').returnsPromise().resolves({});
+    });
+
+    afterEach(() => {
+      iapModule.setup.restore();
+      iapModule.validate.restore();
+      iapModule.isValidated.restore();
+      iapModule.getPurchaseData.restore();
+      payments.buyGems.restore();
+    });
+
+    it('should throw an error if receipt is invalid', async () => {
+      iapModule.isValidated.restore();
+      iapIsValidatedStub = sinon.stub(iapModule, 'isValidated')
+        .returns(false);
+
+      await expect(applePayments.verifyGemPurchase(user, receipt, headers))
+        .to.eventually.be.rejected.and.to.eql({
+          httpCode: 401,
+          name: 'NotAuthorized',
+          message: applePayments.constants.RESPONSE_INVALID_RECEIPT,
+        });
+    });
+
+    it('purchases gems', async () => {
+      await applePayments.verifyGemPurchase(user, receipt, headers);
+
+      expect(iapSetupStub).to.be.calledOnce;
+      expect(iapValidateStub).to.be.calledOnce;
+      expect(iapValidateStub).to.be.calledWith(iap.APPLE, receipt);
+      expect(iapIsValidatedStub).to.be.calledOnce;
+      expect(iapIsValidatedStub).to.be.calledWith({});
+      expect(iapGetPurchaseDataStub).to.be.calledOnce;
+
+      expect(paymentBuyGemsStub).to.be.calledOnce;
+      expect(paymentBuyGemsStub).to.be.calledWith({
+        user,
+        paymentMethod: applePayments.constants.PAYMENT_METHOD_APPLE,
+        amount: 5.25,
+        headers,
+      });
+    });
+  });
+
+  describe('subscribe', () => {
+    let sub, sku, user, token, receipt, headers, nextPaymentProcessing;
+    let iapSetupStub, iapValidateStub, iapIsValidatedStub, paymentsCreateSubscritionStub, iapGetPurchaseDataStub;
+
+    beforeEach(() => {
+      sub = common.content.subscriptionBlocks[subKey];
+      sku = 'com.habitrpg.ios.habitica.subscription.3month';
+
+      token = 'test-token';
+      headers = {};
+      receipt = `{"token": "${token}"}`;
+      nextPaymentProcessing = moment.utc().add({days: 2});
+
+      iapSetupStub = sinon.stub(iapModule, 'setup')
+        .returnsPromise().resolves();
+      iapValidateStub = sinon.stub(iapModule, 'validate')
+        .returnsPromise().resolves({});
+      iapIsValidatedStub = sinon.stub(iapModule, 'isValidated')
+        .returns(true);
+      iapGetPurchaseDataStub = sinon.stub(iapModule, 'getPurchaseData')
+        .returns([{
+          expirationDate: moment.utc().subtract({day: 1}).toDate(),
+          productId: sku,
+          transactionId: token,
+        }, {
+          expirationDate: moment.utc().add({day: 1}).toDate(),
+          productId: 'wrongsku',
+          transactionId: token,
+        }, {
+          expirationDate: moment.utc().add({day: 1}).toDate(),
+          productId: sku,
+          transactionId: token,
+        }]);
+      paymentsCreateSubscritionStub = sinon.stub(payments, 'createSubscription').returnsPromise().resolves({});
+    });
+
+    afterEach(() => {
+      iapModule.setup.restore();
+      iapModule.validate.restore();
+      iapModule.isValidated.restore();
+      iapModule.getPurchaseData.restore();
+      payments.createSubscription.restore();
+    });
+
+    it('should throw an error if receipt is invalid', async () => {
+      iapModule.isValidated.restore();
+      iapIsValidatedStub = sinon.stub(iapModule, 'isValidated')
+        .returns(false);
+
+      await expect(applePayments.subscribe(sku, user, receipt, headers, nextPaymentProcessing))
+        .to.eventually.be.rejected.and.to.eql({
+          httpCode: 401,
+          name: 'NotAuthorized',
+          message: applePayments.constants.RESPONSE_INVALID_RECEIPT,
+        });
+    });
+
+    it('creates a user subscription', async () => {
+      await applePayments.subscribe(sku, user, receipt, headers, nextPaymentProcessing);
+
+      expect(iapSetupStub).to.be.calledOnce;
+      expect(iapValidateStub).to.be.calledOnce;
+      expect(iapValidateStub).to.be.calledWith(iap.APPLE, receipt);
+      expect(iapIsValidatedStub).to.be.calledOnce;
+      expect(iapIsValidatedStub).to.be.calledWith({});
+      expect(iapGetPurchaseDataStub).to.be.calledOnce;
+
+      expect(paymentsCreateSubscritionStub).to.be.calledOnce;
+      expect(paymentsCreateSubscritionStub).to.be.calledWith({
+        user,
+        customerId: token,
+        paymentMethod: applePayments.constants.PAYMENT_METHOD_APPLE,
+        sub,
+        headers,
+        additionalData: receipt,
+        nextPaymentProcessing,
+      });
+    });
+  });
+
+  describe('cancelSubscribe ', () => {
+    let user, token, receipt, headers, customerId, expirationDate;
+    let iapSetupStub, iapValidateStub, iapIsValidatedStub, iapGetPurchaseDataStub, paymentCancelSubscriptionSpy;
+
+    beforeEach(async () => {
+      token = 'test-token';
+      headers = {};
+      receipt = `{"token": "${token}"}`;
+      customerId = 'test-customerId';
+      expirationDate = moment.utc();
+
+      iapSetupStub = sinon.stub(iapModule, 'setup')
+        .returnsPromise().resolves();
+      iapValidateStub = sinon.stub(iapModule, 'validate')
+        .returnsPromise().resolves({
+          expirationDate,
+        });
+      iapGetPurchaseDataStub = sinon.stub(iapModule, 'getPurchaseData')
+        .returns([{expirationDate: expirationDate.toDate()}]);
+      iapIsValidatedStub = sinon.stub(iapModule, 'isValidated')
+        .returns(true);
+
+      user = new User();
+      user.profile.name = 'sender';
+      user.purchased.plan.paymentMethod = applePayments.constants.PAYMENT_METHOD_APPLE;
+      user.purchased.plan.customerId = customerId;
+      user.purchased.plan.planId = subKey;
+      user.purchased.plan.additionalData = receipt;
+
+      paymentCancelSubscriptionSpy = sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+    });
+
+    afterEach(function () {
+      iapModule.setup.restore();
+      iapModule.validate.restore();
+      iapModule.isValidated.restore();
+      iapModule.getPurchaseData.restore();
+      payments.cancelSubscription.restore();
+    });
+
+    it('should throw an error if we are missing a subscription', async () => {
+      user.purchased.plan.paymentMethod = undefined;
+
+      await expect(applePayments.cancelSubscribe(user, headers))
+        .to.eventually.be.rejected.and.to.eql({
+          httpCode: 401,
+          name: 'NotAuthorized',
+          message: i18n.t('missingSubscription'),
+        });
+    });
+
+    it('should throw an error if subscription is still valid', async () => {
+      iapModule.getPurchaseData.restore();
+      iapGetPurchaseDataStub = sinon.stub(iapModule, 'getPurchaseData')
+        .returns([{expirationDate: expirationDate.add({day: 1}).toDate()}]);
+
+      await expect(applePayments.cancelSubscribe(user, headers))
+        .to.eventually.be.rejected.and.to.eql({
+          httpCode: 401,
+          name: 'NotAuthorized',
+          message: applePayments.constants.RESPONSE_STILL_VALID,
+        });
+    });
+
+    it('should throw an error if receipt is invalid', async () => {
+      iapModule.isValidated.restore();
+      iapIsValidatedStub = sinon.stub(iapModule, 'isValidated')
+        .returns(false);
+
+      await expect(applePayments.cancelSubscribe(user, headers))
+        .to.eventually.be.rejected.and.to.eql({
+          httpCode: 401,
+          name: 'NotAuthorized',
+          message: applePayments.constants.RESPONSE_INVALID_RECEIPT,
+        });
+    });
+
+    it('should cancel a user subscription', async () => {
+      await applePayments.cancelSubscribe(user, headers);
+
+      expect(iapSetupStub).to.be.calledOnce;
+      expect(iapValidateStub).to.be.calledOnce;
+      expect(iapValidateStub).to.be.calledWith(iap.APPLE, receipt);
+      expect(iapIsValidatedStub).to.be.calledOnce;
+      expect(iapIsValidatedStub).to.be.calledWith({
+        expirationDate,
+      });
+      expect(iapGetPurchaseDataStub).to.be.calledOnce;
+
+      expect(paymentCancelSubscriptionSpy).to.be.calledOnce;
+      expect(paymentCancelSubscriptionSpy).to.be.calledWith({
+        user,
+        paymentMethod: applePayments.constants.PAYMENT_METHOD_APPLE,
+        nextBill: expirationDate.toDate(),
+        headers,
+      });
+    });
+  });
+});

test/api/v3/unit/libs/cron.test.js

@@ -6,7 +6,6 @@ import requireAgain from 'require-again';
 import { recoverCron, cron } from '../../../../../website/server/libs/cron';
 import { model as User } from '../../../../../website/server/models/user';
 import * as Tasks from '../../../../../website/server/models/task';
-import { clone } from 'lodash';
 import common from '../../../../../website/common';
 import analytics from '../../../../../website/server/libs/analyticsService';
 
@@ -135,7 +134,10 @@ describe('cron', () => {
       user.purchased.plan.dateUpdated = moment().subtract(6, 'months').toDate();
       user.purchased.plan.dateTerminated = moment().subtract(3, 'months').toDate();
       user.purchased.plan.consecutive.count = 5;
+      user.purchased.plan.consecutive.trinkets = 1;
+
       cron({user, tasksByType, daysMissed, analytics});
+
       expect(user.purchased.plan.consecutive.trinkets).to.equal(1);
     });
 
@@ -481,6 +483,67 @@ describe('cron', () => {
 
       expect(tasksByType.habits[0].value).to.equal(1);
     });
+
+    describe('counters', () => {
+      let notStartOfWeekOrMonth = new Date(2016, 9, 28).getTime(); // a Friday
+      let clock;
+
+      beforeEach(() => {
+        // Replace system clocks so we can get predictable results
+        clock = sinon.useFakeTimers(notStartOfWeekOrMonth);
+      });
+      afterEach(() => {
+        return clock.restore();
+      });
+
+      it('should reset a daily habit counter each day', () => {
+        tasksByType.habits[0].counterUp = 1;
+        tasksByType.habits[0].counterDown = 1;
+
+        cron({user, tasksByType, daysMissed, analytics});
+
+        expect(tasksByType.habits[0].counterUp).to.equal(0);
+        expect(tasksByType.habits[0].counterDown).to.equal(0);
+      });
+
+      it('should reset a weekly habit counter each Monday', () => {
+        tasksByType.habits[0].frequency = 'weekly';
+        tasksByType.habits[0].counterUp = 1;
+        tasksByType.habits[0].counterDown = 1;
+
+        // should not reset
+        cron({user, tasksByType, daysMissed, analytics});
+
+        expect(tasksByType.habits[0].counterUp).to.equal(1);
+        expect(tasksByType.habits[0].counterDown).to.equal(1);
+
+        // should reset
+        daysMissed = 8;
+        cron({user, tasksByType, daysMissed, analytics});
+
+        expect(tasksByType.habits[0].counterUp).to.equal(0);
+        expect(tasksByType.habits[0].counterDown).to.equal(0);
+      });
+
+      it('should reset a monthly habit counter the first day of each month', () => {
+        tasksByType.habits[0].frequency = 'monthly';
+        tasksByType.habits[0].counterUp = 1;
+        tasksByType.habits[0].counterDown = 1;
+
+        // should not reset
+        cron({user, tasksByType, daysMissed, analytics});
+
+        expect(tasksByType.habits[0].counterUp).to.equal(1);
+        expect(tasksByType.habits[0].counterDown).to.equal(1);
+
+        // should reset
+        daysMissed = 32;
+        cron({user, tasksByType, daysMissed, analytics});
+
+        expect(tasksByType.habits[0].counterUp).to.equal(0);
+        expect(tasksByType.habits[0].counterDown).to.equal(0);
+      });
+    });
   });
 
   describe('perfect day', () => {
@@ -533,7 +596,7 @@ describe('cron', () => {
       tasksByType.dailys[0].completed = true;
       tasksByType.dailys[0].startDate = moment(new Date()).subtract({days: 1});
 
-      let previousBuffs = clone(user.stats.buffs);
+      let previousBuffs = user.stats.buffs.toObject();
 
       cron({user, tasksByType, daysMissed, analytics});
 
@@ -598,7 +661,7 @@ describe('cron', () => {
       tasksByType.dailys[0].completed = false;
       tasksByType.dailys[0].startDate = moment(new Date()).subtract({days: 1});
 
-      let previousBuffs = clone(user.stats.buffs);
+      let previousBuffs = user.stats.buffs.toObject();
 
       cronOverride({user, tasksByType, daysMissed, analytics});
 

test/api/v3/unit/libs/googlePayments.test.js

@@ -190,6 +190,7 @@ describe('Google Payments', ()  => {
       user = new User();
       user.profile.name = 'sender';
       user.purchased.plan.customerId = customerId;
+      user.purchased.plan.paymentMethod = googlePayments.constants.PAYMENT_METHOD_GOOGLE;
       user.purchased.plan.planId = subKey;
       user.purchased.plan.additionalData = {data: receipt, signature};
 
@@ -205,7 +206,7 @@ describe('Google Payments', ()  => {
     });
 
     it('should throw an error if we are missing a subscription', async () => {
-      user.purchased.plan.additionalData = undefined;
+      user.purchased.plan.paymentMethod = undefined;
 
       await expect(googlePayments.cancelSubscribe(user, headers))
         .to.eventually.be.rejected.and.to.eql({

test/api/v3/unit/libs/password.test.js

@@ -1,5 +1,12 @@
 /* eslint-disable camelcase */
 
+import {
+  encrypt,
+} from '../../../../../website/server/libs/encryption';
+import moment from 'moment';
+import {
+  generateUser,
+} from '../../../../helpers/api-integration/v3';
 import {
   sha1Encrypt as sha1EncryptPassword,
   sha1MakeSalt,
@@ -7,6 +14,7 @@ import {
   bcryptCompare,
   compare,
   convertToBcrypt,
+  validatePasswordResetCodeAndFindUser,
 } from '../../../../../website/server/libs/password';
 
 describe('Password Utilities', () => {
@@ -172,6 +180,95 @@ describe('Password Utilities', () => {
     });
   });
 
+  describe('validatePasswordResetCodeAndFindUser', () => {
+    it('returns false if the code is missing', async () => {
+      let res = await validatePasswordResetCodeAndFindUser();
+      expect(res).to.equal(false);
+    });
+
+    it('returns false if the code is invalid json', async () => {
+      let res = await validatePasswordResetCodeAndFindUser('invalid json');
+      expect(res).to.equal(false);
+    });
+
+    it('returns false if the code cannot be decrypted', async () => {
+      let user = await generateUser();
+      let res = await validatePasswordResetCodeAndFindUser(JSON.stringify({ // not encrypted
+        userId: user._id,
+        expiresAt: new Date(),
+      }));
+      expect(res).to.equal(false);
+    });
+
+    it('returns false if the code is expired', async () => {
+      let user = await generateUser();
+
+      let code = encrypt(JSON.stringify({
+        userId: user._id,
+        expiresAt: moment().subtract({minutes: 1}),
+      }));
+
+      await user.update({
+        'auth.local.passwordResetCode': code,
+      });
+
+      let res = await validatePasswordResetCodeAndFindUser(code);
+      expect(res).to.equal(false);
+    });
+
+    it('returns false if the user does not exist', async () => {
+      let res = await validatePasswordResetCodeAndFindUser(encrypt(JSON.stringify({
+        userId: Date.now().toString(),
+        expiresAt: moment().add({days: 1}),
+      })));
+      expect(res).to.equal(false);
+    });
+
+    it('returns false if the user has no local auth', async () => {
+      let user = await generateUser({
+        auth: 'not an object with valid fields',
+      });
+      let res = await validatePasswordResetCodeAndFindUser(encrypt(JSON.stringify({
+        userId: user._id,
+        expiresAt: moment().add({days: 1}),
+      })));
+      expect(res).to.equal(false);
+    });
+
+    it('returns false if the code doesn\'t match the one saved at user.auth.passwordResetCode', async () => {
+      let user = await generateUser();
+
+      let code = encrypt(JSON.stringify({
+        userId: user._id,
+        expiresAt: moment().add({days: 1}),
+      }));
+
+      await user.update({
+        'auth.local.passwordResetCode': 'invalid',
+      });
+
+      let res = await validatePasswordResetCodeAndFindUser(code);
+      expect(res).to.equal(false);
+    });
+
+    it('returns the user if the password reset code is valid', async () => {
+      let user = await generateUser();
+
+      let code = encrypt(JSON.stringify({
+        userId: user._id,
+        expiresAt: moment().add({days: 1}),
+      }));
+
+      await user.update({
+        'auth.local.passwordResetCode': code,
+      });
+
+      let res = await validatePasswordResetCodeAndFindUser(code);
+      expect(res).not.to.equal(false);
+      expect(res._id).to.equal(user._id);
+    });
+  });
+
   describe('bcrypt', () => {
     describe('Hash', () => {
       it('returns a hashed string', async () => {

test/api/v3/unit/libs/payments.test.js

@@ -1,22 +1,18 @@
+import moment from 'moment';
+
 import * as sender from '../../../../../website/server/libs/email';
 import * as api from '../../../../../website/server/libs/payments';
 import analytics from '../../../../../website/server/libs/analyticsService';
 import notifications from '../../../../../website/server/libs/pushNotifications';
 import { model as User } from '../../../../../website/server/models/user';
-import { model as Group } from '../../../../../website/server/models/group';
-import stripeModule from 'stripe';
-import moment from 'moment';
 import { translate as t } from '../../../../helpers/api-v3-integration.helper';
 import {
   generateGroup,
 } from '../../../../helpers/api-unit.helper.js';
-import i18n from '../../../../../website/common/script/i18n';
 
 describe('payments/index', () => {
   let user, group, data, plan;
 
-  let stripe = stripeModule('test');
-
   beforeEach(async () => {
     user = new User();
     user.profile.name = 'sender';
@@ -319,53 +315,6 @@ describe('payments/index', () => {
       });
     });
 
-    context('Purchasing a subscription for group', () => {
-      it('creates a subscription', async () => {
-        expect(group.purchased.plan.planId).to.not.exist;
-        data.groupId = group._id;
-
-        await api.createSubscription(data);
-
-        let updatedGroup = await Group.findById(group._id).exec();
-
-        expect(updatedGroup.purchased.plan.planId).to.eql('basic_3mo');
-        expect(updatedGroup.purchased.plan.customerId).to.eql('customer-id');
-        expect(updatedGroup.purchased.plan.dateUpdated).to.exist;
-        expect(updatedGroup.purchased.plan.gemsBought).to.eql(0);
-        expect(updatedGroup.purchased.plan.paymentMethod).to.eql('Payment Method');
-        expect(updatedGroup.purchased.plan.extraMonths).to.eql(0);
-        expect(updatedGroup.purchased.plan.dateTerminated).to.eql(null);
-        expect(updatedGroup.purchased.plan.lastBillingDate).to.not.exist;
-        expect(updatedGroup.purchased.plan.dateCreated).to.exist;
-      });
-
-      it('sets extraMonths if plan has dateTerminated date', async () => {
-        group.purchased.plan = plan;
-        group.purchased.plan.dateTerminated = moment(new Date()).add(2, 'months');
-        await group.save();
-        expect(group.purchased.plan.extraMonths).to.eql(0);
-        data.groupId = group._id;
-
-        await api.createSubscription(data);
-
-        let updatedGroup = await Group.findById(group._id).exec();
-        expect(updatedGroup.purchased.plan.extraMonths).to.within(1.9, 2);
-      });
-
-      it('does not set negative extraMonths if plan has past dateTerminated date', async () => {
-        group.purchased.plan = plan;
-        group.purchased.plan.dateTerminated = moment(new Date()).subtract(2, 'months');
-        await group.save();
-        expect(group.purchased.plan.extraMonths).to.eql(0);
-        data.groupId = group._id;
-
-        await api.createSubscription(data);
-
-        let updatedGroup = await Group.findById(group._id).exec();
-        expect(updatedGroup.purchased.plan.extraMonths).to.eql(0);
-      });
-    });
-
     context('Block subscription perks', () => {
       it('adds block months to plan.consecutive.offset', async () => {
         await api.createSubscription(data);
@@ -485,7 +434,6 @@ describe('payments/index', () => {
         sandbox.spy(user.purchased.plan.mysteryItems, 'push');
 
         data = { paymentMethod: 'PaymentMethod', user, sub: { key: 'basic_3mo' } };
-
         await api.createSubscription(data);
 
         expect(user.purchased.plan.mysteryItems.push).to.be.calledOnce;
@@ -559,112 +507,6 @@ describe('payments/index', () => {
         expect(sender.sendTxn).to.be.calledWith(user, 'cancel-subscription');
       });
     });
-
-    context('Canceling a subscription for group', () => {
-      it('adds a month termination date by default', async () => {
-        data.groupId = group._id;
-        await api.cancelSubscription(data);
-
-        let now = new Date();
-        let updatedGroup = await Group.findById(group._id).exec();
-        let daysTillTermination = moment(updatedGroup.purchased.plan.dateTerminated).diff(now, 'days');
-
-        expect(daysTillTermination).to.be.within(29, 30); // 1 month +/- 1 days
-      });
-
-      it('adds extraMonths to dateTerminated value', async () => {
-        group.purchased.plan.extraMonths = 2;
-        await group.save();
-        data.groupId = group._id;
-
-        await api.cancelSubscription(data);
-
-        let now = new Date();
-        let updatedGroup = await Group.findById(group._id).exec();
-        let daysTillTermination = moment(updatedGroup.purchased.plan.dateTerminated).diff(now, 'days');
-
-        expect(daysTillTermination).to.be.within(89, 90); // 3 months +/- 1 days
-      });
-
-      it('handles extra month fractions', async () => {
-        group.purchased.plan.extraMonths = 0.3;
-        await group.save();
-        data.groupId = group._id;
-
-        await api.cancelSubscription(data);
-
-        let now = new Date();
-        let updatedGroup = await Group.findById(group._id).exec();
-        let daysTillTermination = moment(updatedGroup.purchased.plan.dateTerminated).diff(now, 'days');
-
-        expect(daysTillTermination).to.be.within(38, 39); // should be about 1 month + 1/3 month
-      });
-
-      it('terminates at next billing date if it exists', async () => {
-        data.nextBill = moment().add({ days: 15 });
-        data.groupId = group._id;
-
-        await api.cancelSubscription(data);
-
-        let now = new Date();
-        let updatedGroup = await Group.findById(group._id).exec();
-        let daysTillTermination = moment(updatedGroup.purchased.plan.dateTerminated).diff(now, 'days');
-
-        expect(daysTillTermination).to.be.within(13, 15);
-      });
-
-      it('resets plan.extraMonths', async () => {
-        group.purchased.plan.extraMonths = 5;
-        await group.save();
-        data.groupId = group._id;
-
-        await api.cancelSubscription(data);
-
-        let updatedGroup = await Group.findById(group._id).exec();
-        expect(updatedGroup.purchased.plan.extraMonths).to.eql(0);
-      });
-
-      it('sends an email', async () => {
-        data.groupId = group._id;
-        await api.cancelSubscription(data);
-
-        expect(sender.sendTxn).to.be.calledOnce;
-        expect(sender.sendTxn).to.be.calledWith(user, 'group-cancel-subscription');
-      });
-
-      it('prevents non group leader from manging subscription', async () => {
-        let groupMember = new User();
-        data.user = groupMember;
-        data.groupId = group._id;
-
-        await expect(api.cancelSubscription(data))
-          .eventually.be.rejected.and.to.eql({
-            httpCode: 401,
-            message: i18n.t('onlyGroupLeaderCanManageSubscription'),
-            name: 'NotAuthorized',
-          });
-      });
-
-      it('allows old group leader to cancel if they created the subscription', async () => {
-        data.groupId = group._id;
-        data.sub = {
-          key: 'group_monthly',
-        };
-        data.paymentMethod = 'Payment Method';
-        await api.createSubscription(data);
-
-        let updatedGroup = await Group.findById(group._id).exec();
-        let newLeader = new User();
-        updatedGroup.leader = newLeader._id;
-        await updatedGroup.save();
-
-        await api.cancelSubscription(data);
-
-        updatedGroup = await Group.findById(group._id).exec();
-
-        expect(updatedGroup.purchased.plan.dateTerminated).to.exist;
-      });
-    });
   });
 
   describe('#buyGems', () => {
@@ -772,49 +614,24 @@ describe('payments/index', () => {
     });
   });
 
-  describe('#upgradeGroupPlan', () => {
-    let spy;
-
-    beforeEach(function () {
-      spy = sinon.stub(stripe.subscriptions, 'update');
-      spy.returnsPromise().resolves([]);
+  describe('addSubToGroupUser', () => {
+    it('adds a group subscription to a new user', async () => {
+      expect(group.purchased.plan.planId).to.not.exist;
       data.groupId = group._id;
-      data.sub.quantity = 3;
-    });
 
-    afterEach(function () {
-      sinon.restore(stripe.subscriptions.update);
-    });
+      await api.addSubToGroupUser(user, group);
 
-    it('updates a group plan quantity', async () => {
-      data.paymentMethod = 'Stripe';
-      await api.createSubscription(data);
+      let updatedUser = await User.findById(user._id).exec();
 
-      let updatedGroup = await Group.findById(group._id).exec();
-      expect(updatedGroup.purchased.plan.quantity).to.eql(3);
-
-      updatedGroup.memberCount += 1;
-      await updatedGroup.save();
-
-      await api.updateStripeGroupPlan(updatedGroup, stripe);
-
-      expect(spy.calledOnce).to.be.true;
-      expect(updatedGroup.purchased.plan.quantity).to.eql(4);
-    });
-
-    it('does not update a group plan quantity that has a payment method other than stripe', async () => {
-      await api.createSubscription(data);
-
-      let updatedGroup = await Group.findById(group._id).exec();
-      expect(updatedGroup.purchased.plan.quantity).to.eql(3);
-
-      updatedGroup.memberCount += 1;
-      await updatedGroup.save();
-
-      await api.updateStripeGroupPlan(updatedGroup, stripe);
-
-      expect(spy.calledOnce).to.be.false;
-      expect(updatedGroup.purchased.plan.quantity).to.eql(3);
+      expect(updatedUser.purchased.plan.planId).to.eql('group_plan_auto');
+      expect(updatedUser.purchased.plan.customerId).to.eql('group-plan');
+      expect(updatedUser.purchased.plan.dateUpdated).to.exist;
+      expect(updatedUser.purchased.plan.gemsBought).to.eql(0);
+      expect(updatedUser.purchased.plan.paymentMethod).to.eql('Group Plan');
+      expect(updatedUser.purchased.plan.extraMonths).to.eql(0);
+      expect(updatedUser.purchased.plan.dateTerminated).to.eql(null);
+      expect(updatedUser.purchased.plan.lastBillingDate).to.not.exist;
+      expect(updatedUser.purchased.plan.dateCreated).to.exist;
     });
   });
 });

test/api/v3/unit/libs/payments/group-plans/group-payments-cancel.test.js

@@ -0,0 +1,326 @@
+import moment from 'moment';
+
+import * as sender from '../../../../../../../website/server/libs/email';
+import * as api from '../../../../../../../website/server/libs/payments';
+import { model as User } from '../../../../../../../website/server/models/user';
+import { model as Group } from '../../../../../../../website/server/models/group';
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+import i18n from '../../../../../../../website/common/script/i18n';
+
+describe('Canceling a subscription for group', () => {
+  let plan, group, user, data;
+
+  beforeEach(async () => {
+    user = new User();
+    user.profile.name = 'sender';
+    await user.save();
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    await group.save();
+
+    data = {
+      user,
+      sub: {
+        key: 'basic_3mo',
+      },
+      customerId: 'customer-id',
+      paymentMethod: 'Payment Method',
+      headers: {
+        'x-client': 'habitica-web',
+        'user-agent': '',
+      },
+    };
+
+    plan = {
+      planId: 'basic_3mo',
+      customerId: 'customer-id',
+      dateUpdated: new Date(),
+      gemsBought: 0,
+      paymentMethod: 'paymentMethod',
+      extraMonths: 0,
+      dateTerminated: null,
+      lastBillingDate: new Date(),
+      dateCreated: new Date(),
+      mysteryItems: [],
+      consecutive: {
+        trinkets: 0,
+        offset: 0,
+        gemCapExtra: 0,
+      },
+    };
+
+    sandbox.stub(sender, 'sendTxn');
+  });
+
+  afterEach(() => {
+    sender.sendTxn.restore();
+  });
+
+  it('adds a month termination date by default', async () => {
+    data.groupId = group._id;
+    await api.cancelSubscription(data);
+
+    let now = new Date();
+    let updatedGroup = await Group.findById(group._id).exec();
+    let daysTillTermination = moment(updatedGroup.purchased.plan.dateTerminated).diff(now, 'days');
+
+    expect(daysTillTermination).to.be.within(29, 30); // 1 month +/- 1 days
+  });
+
+  it('adds extraMonths to dateTerminated value', async () => {
+    group.purchased.plan.extraMonths = 2;
+    await group.save();
+    data.groupId = group._id;
+
+    await api.cancelSubscription(data);
+
+    let now = new Date();
+    let updatedGroup = await Group.findById(group._id).exec();
+    let daysTillTermination = moment(updatedGroup.purchased.plan.dateTerminated).diff(now, 'days');
+
+    expect(daysTillTermination).to.be.within(89, 90); // 3 months +/- 1 days
+  });
+
+  it('handles extra month fractions', async () => {
+    group.purchased.plan.extraMonths = 0.3;
+    await group.save();
+    data.groupId = group._id;
+
+    await api.cancelSubscription(data);
+
+    let now = new Date();
+    let updatedGroup = await Group.findById(group._id).exec();
+    let daysTillTermination = moment(updatedGroup.purchased.plan.dateTerminated).diff(now, 'days');
+
+    expect(daysTillTermination).to.be.within(38, 39); // should be about 1 month + 1/3 month
+  });
+
+  it('terminates at next billing date if it exists', async () => {
+    data.nextBill = moment().add({ days: 15 });
+    data.groupId = group._id;
+
+    await api.cancelSubscription(data);
+
+    let now = new Date();
+    let updatedGroup = await Group.findById(group._id).exec();
+    let daysTillTermination = moment(updatedGroup.purchased.plan.dateTerminated).diff(now, 'days');
+
+    expect(daysTillTermination).to.be.within(13, 15);
+  });
+
+  it('resets plan.extraMonths', async () => {
+    group.purchased.plan.extraMonths = 5;
+    await group.save();
+    data.groupId = group._id;
+
+    await api.cancelSubscription(data);
+
+    let updatedGroup = await Group.findById(group._id).exec();
+    expect(updatedGroup.purchased.plan.extraMonths).to.eql(0);
+  });
+
+  it('sends an email', async () => {
+    data.groupId = group._id;
+    await api.cancelSubscription(data);
+
+    expect(sender.sendTxn).to.be.calledOnce;
+    expect(sender.sendTxn.firstCall.args[0]._id).to.equal(user._id);
+    expect(sender.sendTxn.firstCall.args[1]).to.equal('group-cancel-subscription');
+    expect(sender.sendTxn.firstCall.args[2]).to.eql([
+      {name: 'GROUP_NAME', content: group.name},
+    ]);
+  });
+
+  it('prevents non group leader from manging subscription', async () => {
+    let groupMember = new User();
+    data.user = groupMember;
+    data.groupId = group._id;
+
+    await expect(api.cancelSubscription(data))
+      .eventually.be.rejected.and.to.eql({
+        httpCode: 401,
+        message: i18n.t('onlyGroupLeaderCanManageSubscription'),
+        name: 'NotAuthorized',
+      });
+  });
+
+  it('allows old group leader to cancel if they created the subscription', async () => {
+    data.groupId = group._id;
+    data.sub = {
+      key: 'group_monthly',
+    };
+    data.paymentMethod = 'Payment Method';
+    await api.createSubscription(data);
+
+    let updatedGroup = await Group.findById(group._id).exec();
+    let newLeader = new User();
+    updatedGroup.leader = newLeader._id;
+    await updatedGroup.save();
+
+    await api.cancelSubscription(data);
+
+    updatedGroup = await Group.findById(group._id).exec();
+
+    expect(updatedGroup.purchased.plan.dateTerminated).to.exist;
+  });
+
+  it('cancels member subscriptions', async () => {
+    data = {
+      user,
+      sub: {
+        key: 'basic_3mo',
+      },
+      customerId: 'customer-id',
+      paymentMethod: 'Payment Method',
+      headers: {
+        'x-client': 'habitica-web',
+        'user-agent': '',
+      },
+    };
+    user.guilds.push(group._id);
+    await user.save();
+    expect(group.purchased.plan.planId).to.not.exist;
+    data.groupId = group._id;
+    await api.createSubscription(data);
+
+    await api.cancelSubscription(data);
+
+    let now = new Date();
+    now.setHours(0, 0, 0, 0);
+    let updatedLeader = await User.findById(user._id).exec();
+    let daysTillTermination = moment(updatedLeader.purchased.plan.dateTerminated).diff(now, 'days');
+    expect(daysTillTermination).to.be.within(2, 3); // only a few days
+  });
+
+  it('sends an email to members of group', async () => {
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+    await api.cancelSubscription(data);
+
+    expect(sender.sendTxn).to.be.have.callCount(4);
+    expect(sender.sendTxn.thirdCall.args[0]._id).to.equal(recipient._id);
+    expect(sender.sendTxn.thirdCall.args[1]).to.equal('group-member-cancel');
+    expect(sender.sendTxn.thirdCall.args[2]).to.eql([
+      {name: 'LEADER', content: user.profile.name},
+      {name: 'GROUP_NAME', content: group.name},
+    ]);
+  });
+
+  it('does not cancel member subscriptions when member does not have a group plan sub (i.e. UNLIMITED_CUSTOMER_ID)', async () => {
+    plan.key = 'basic_earned';
+    plan.customerId = api.constants.UNLIMITED_CUSTOMER_ID;
+
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    data.groupId = group._id;
+
+    await api.cancelSubscription(data);
+
+    let updatedLeader = await User.findById(user._id).exec();
+    expect(updatedLeader.purchased.plan.dateTerminated).to.not.exist;
+  });
+
+  it('does not cancel a user subscription if they are still in another active group plan', async () => {
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    plan.key = 'basic_earned';
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedUser = await User.findById(recipient._id).exec();
+    let firstDateCreated = updatedUser.purchased.plan.dateCreated;
+    let extraMonthsBeforeSecond = updatedUser.purchased.plan.extraMonths;
+
+    let group2 = generateGroup({
+      name: 'test group2',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    data.groupId = group2._id;
+    await group2.save();
+    recipient.guilds.push(group2._id);
+    await recipient.save();
+
+    await api.createSubscription(data);
+
+    await api.cancelSubscription(data);
+
+    updatedUser = await User.findById(recipient._id).exec();
+
+    expect(updatedUser.purchased.plan.planId).to.eql('group_plan_auto');
+    expect(updatedUser.purchased.plan.customerId).to.eql('group-plan');
+    expect(updatedUser.purchased.plan.dateUpdated).to.exist;
+    expect(updatedUser.purchased.plan.gemsBought).to.eql(0);
+    expect(updatedUser.purchased.plan.paymentMethod).to.eql('Group Plan');
+    expect(updatedUser.purchased.plan.extraMonths).to.eql(extraMonthsBeforeSecond);
+    expect(updatedUser.purchased.plan.dateTerminated).to.eql(null);
+    expect(updatedUser.purchased.plan.lastBillingDate).to.not.exist;
+    expect(updatedUser.purchased.plan.dateCreated).to.eql(firstDateCreated);
+  });
+
+  it('does cancel a leader subscription with two cancelled group plans', async () => {
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedUser = await User.findById(user._id).exec();
+    let firstDateCreated = updatedUser.purchased.plan.dateCreated;
+    let extraMonthsBeforeSecond = updatedUser.purchased.plan.extraMonths;
+
+    let group2 = generateGroup({
+      name: 'test group2',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    user.guilds.push(group2._id);
+    await user.save();
+    data.groupId = group2._id;
+    await group2.save();
+
+    await api.createSubscription(data);
+    await api.cancelSubscription(data);
+
+    data.groupId = group._id;
+    await api.cancelSubscription(data);
+
+    updatedUser = await User.findById(user._id).exec();
+
+    expect(updatedUser.purchased.plan.planId).to.eql('group_plan_auto');
+    expect(updatedUser.purchased.plan.customerId).to.eql('group-plan');
+    expect(updatedUser.purchased.plan.dateUpdated).to.exist;
+    expect(updatedUser.purchased.plan.gemsBought).to.eql(0);
+    expect(updatedUser.purchased.plan.paymentMethod).to.eql('Group Plan');
+    expect(updatedUser.purchased.plan.extraMonths).to.eql(extraMonthsBeforeSecond);
+    expect(updatedUser.purchased.plan.dateTerminated).to.exist;
+    expect(updatedUser.purchased.plan.lastBillingDate).to.not.exist;
+    expect(updatedUser.purchased.plan.dateCreated).to.eql(firstDateCreated);
+  });
+});

test/api/v3/unit/libs/payments/group-plans/group-payments-create.test.js

@@ -0,0 +1,635 @@
+import moment from 'moment';
+import stripeModule from 'stripe';
+
+import * as sender from '../../../../../../../website/server/libs/email';
+import * as api from '../../../../../../../website/server/libs/payments';
+import amzLib from '../../../../../../../website/server/libs/amazonPayments';
+import stripePayments from '../../../../../../../website/server/libs/stripePayments';
+import paypalPayments from '../../../../../../../website/server/libs/paypalPayments';
+import { model as User } from '../../../../../../../website/server/models/user';
+import { model as Group } from '../../../../../../../website/server/models/group';
+import {
+  generateGroup,
+} from '../../../../../../helpers/api-unit.helper.js';
+
+describe('Purchasing a subscription for group', () => {
+  let plan, group, user, data;
+  let stripe = stripeModule('test');
+
+  beforeEach(async () => {
+    user = new User();
+    user.profile.name = 'sender';
+    await user.save();
+
+    group = generateGroup({
+      name: 'test group',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    await group.save();
+
+    data = {
+      user,
+      sub: {
+        key: 'basic_3mo',
+      },
+      customerId: 'customer-id',
+      paymentMethod: 'Payment Method',
+      headers: {
+        'x-client': 'habitica-web',
+        'user-agent': '',
+      },
+    };
+
+    plan = {
+      planId: 'basic_3mo',
+      customerId: 'customer-id',
+      dateUpdated: new Date(),
+      gemsBought: 0,
+      paymentMethod: 'paymentMethod',
+      extraMonths: 0,
+      dateTerminated: null,
+      lastBillingDate: new Date(),
+      dateCreated: new Date(),
+      mysteryItems: [],
+      consecutive: {
+        trinkets: 0,
+        offset: 0,
+        gemCapExtra: 0,
+      },
+    };
+
+    let subscriptionId = 'subId';
+    sinon.stub(stripe.customers, 'del').returnsPromise().resolves({});
+
+    let currentPeriodEndTimeStamp = moment().add(3, 'months').unix();
+    sinon.stub(stripe.customers, 'retrieve')
+      .returnsPromise().resolves({
+        subscriptions: {
+          data: [{id: subscriptionId, current_period_end: currentPeriodEndTimeStamp}], // eslint-disable-line camelcase
+        },
+      });
+
+    stripePayments.setStripeApi(stripe);
+    sandbox.stub(sender, 'sendTxn');
+  });
+
+  afterEach(() => {
+    stripe.customers.del.restore();
+    stripe.customers.retrieve.restore();
+    sender.sendTxn.restore();
+  });
+
+  it('creates a subscription', async () => {
+    expect(group.purchased.plan.planId).to.not.exist;
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedGroup = await Group.findById(group._id).exec();
+
+    expect(updatedGroup.purchased.plan.planId).to.eql('basic_3mo');
+    expect(updatedGroup.purchased.plan.customerId).to.eql('customer-id');
+    expect(updatedGroup.purchased.plan.dateUpdated).to.exist;
+    expect(updatedGroup.purchased.plan.gemsBought).to.eql(0);
+    expect(updatedGroup.purchased.plan.paymentMethod).to.eql('Payment Method');
+    expect(updatedGroup.purchased.plan.extraMonths).to.eql(0);
+    expect(updatedGroup.purchased.plan.dateTerminated).to.eql(null);
+    expect(updatedGroup.purchased.plan.lastBillingDate).to.not.exist;
+    expect(updatedGroup.purchased.plan.dateCreated).to.exist;
+  });
+
+  it('sends an email', async () => {
+    expect(group.purchased.plan.planId).to.not.exist;
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    expect(sender.sendTxn).to.be.calledWith(user, 'group-subscription-begins');
+  });
+
+  it('sets extraMonths if plan has dateTerminated date', async () => {
+    group.purchased.plan = plan;
+    group.purchased.plan.dateTerminated = moment(new Date()).add(2, 'months');
+    await group.save();
+    expect(group.purchased.plan.extraMonths).to.eql(0);
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedGroup = await Group.findById(group._id).exec();
+    expect(updatedGroup.purchased.plan.extraMonths).to.within(1.9, 2);
+  });
+
+  it('does not set negative extraMonths if plan has past dateTerminated date', async () => {
+    group.purchased.plan = plan;
+    group.purchased.plan.dateTerminated = moment(new Date()).subtract(2, 'months');
+    await group.save();
+    expect(group.purchased.plan.extraMonths).to.eql(0);
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedGroup = await Group.findById(group._id).exec();
+    expect(updatedGroup.purchased.plan.extraMonths).to.eql(0);
+  });
+
+  it('grants all members of a group a subscription', async () => {
+    user.guilds.push(group._id);
+    await user.save();
+    expect(group.purchased.plan.planId).to.not.exist;
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+    let updatedLeader = await User.findById(user._id).exec();
+
+    expect(updatedLeader.purchased.plan.planId).to.eql('group_plan_auto');
+    expect(updatedLeader.purchased.plan.customerId).to.eql('group-plan');
+    expect(updatedLeader.purchased.plan.dateUpdated).to.exist;
+    expect(updatedLeader.purchased.plan.gemsBought).to.eql(0);
+    expect(updatedLeader.purchased.plan.paymentMethod).to.eql('Group Plan');
+    expect(updatedLeader.purchased.plan.extraMonths).to.eql(0);
+    expect(updatedLeader.purchased.plan.dateTerminated).to.eql(null);
+    expect(updatedLeader.purchased.plan.lastBillingDate).to.not.exist;
+    expect(updatedLeader.purchased.plan.dateCreated).to.exist;
+
+    expect(updatedLeader.items.mounts['Jackalope-RoyalPurple']).to.be.true;
+  });
+
+  it('sends an email to members of group', async () => {
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    expect(sender.sendTxn).to.be.calledTwice;
+    expect(sender.sendTxn.firstCall.args[0]._id).to.equal(recipient._id);
+    expect(sender.sendTxn.firstCall.args[1]).to.equal('group-member-joining');
+    expect(sender.sendTxn.firstCall.args[2]).to.eql([
+      {name: 'LEADER', content: user.profile.name},
+      {name: 'GROUP_NAME', content: group.name},
+    ]);
+  });
+
+  it('adds months to members with existing gift subscription', async () => {
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    plan.planId = 'basic_earned';
+    plan.paymentMethod = 'paymentMethod';
+    data.gift = {
+      member: recipient,
+      subscription: {
+        key: 'basic_earned',
+        months: 1,
+      },
+    };
+    await api.createSubscription(data);
+    await recipient.save();
+
+    data.gift = undefined;
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedUser = await User.findById(recipient._id).exec();
+
+    expect(updatedUser.purchased.plan.planId).to.eql('group_plan_auto');
+    expect(updatedUser.purchased.plan.customerId).to.eql('group-plan');
+    expect(updatedUser.purchased.plan.dateUpdated).to.exist;
+    expect(updatedUser.purchased.plan.gemsBought).to.eql(0);
+    expect(updatedUser.purchased.plan.paymentMethod).to.eql('Group Plan');
+    expect(updatedUser.purchased.plan.extraMonths).to.within(1, 3);
+    expect(updatedUser.purchased.plan.dateTerminated).to.eql(null);
+    expect(updatedUser.purchased.plan.lastBillingDate).to.not.exist;
+    expect(updatedUser.purchased.plan.dateCreated).to.exist;
+  });
+
+  it('adds months to members with existing multi-month gift subscription', async () => {
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    data.gift = {
+      member: recipient,
+      subscription: {
+        key: 'basic_3mo',
+        months: 3,
+      },
+    };
+    await api.createSubscription(data);
+    await recipient.save();
+
+    data.gift = undefined;
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedUser = await User.findById(recipient._id).exec();
+
+    expect(updatedUser.purchased.plan.planId).to.eql('group_plan_auto');
+    expect(updatedUser.purchased.plan.customerId).to.eql('group-plan');
+    expect(updatedUser.purchased.plan.dateUpdated).to.exist;
+    expect(updatedUser.purchased.plan.gemsBought).to.eql(0);
+    expect(updatedUser.purchased.plan.paymentMethod).to.eql('Group Plan');
+    expect(updatedUser.purchased.plan.extraMonths).to.within(3, 5);
+    expect(updatedUser.purchased.plan.dateTerminated).to.eql(null);
+    expect(updatedUser.purchased.plan.lastBillingDate).to.not.exist;
+    expect(updatedUser.purchased.plan.dateCreated).to.exist;
+  });
+
+  it('adds months to members with existing recurring subscription (Stripe)', async () => {
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    plan.key = 'basic_earned';
+    plan.paymentMethod = stripePayments.constants.PAYMENT_METHOD;
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedUser = await User.findById(recipient._id).exec();
+
+    expect(updatedUser.purchased.plan.extraMonths).to.within(2, 3);
+  });
+
+  it('adds months to members with existing recurring subscription (Amazon)', async () => {
+    sinon.stub(amzLib, 'getBillingAgreementDetails')
+      .returnsPromise()
+      .resolves({
+        BillingAgreementDetails: {
+          BillingAgreementStatus: {State: 'Closed'},
+        },
+      });
+
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    plan.planId = 'basic_earned';
+    plan.paymentMethod = amzLib.constants.PAYMENT_METHOD;
+    plan.lastBillingDate = moment().add(3, 'months');
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedUser = await User.findById(recipient._id).exec();
+
+    expect(updatedUser.purchased.plan.extraMonths).to.within(3, 4);
+  });
+
+  it('adds months to members with existing recurring subscription (Paypal)', async () => {
+    sinon.stub(paypalPayments, 'paypalBillingAgreementCancel').returnsPromise().resolves({});
+    sinon.stub(paypalPayments, 'paypalBillingAgreementGet')
+      .returnsPromise().resolves({
+        agreement_details: { // eslint-disable-line camelcase
+          next_billing_date: moment().add(3, 'months').toDate(), // eslint-disable-line camelcase
+          cycles_completed: 1, // eslint-disable-line camelcase
+        },
+      });
+
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    plan.planId = 'basic_earned';
+    plan.paymentMethod = paypalPayments.constants.PAYMENT_METHOD;
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedUser = await User.findById(recipient._id).exec();
+
+    expect(updatedUser.purchased.plan.extraMonths).to.within(2, 3);
+    paypalPayments.paypalBillingAgreementGet.restore();
+    paypalPayments.paypalBillingAgreementCancel.restore();
+  });
+
+  it('adds months to members with existing recurring subscription (Android)');
+  it('adds months to members with existing recurring subscription (iOs)');
+
+  it('adds months to members who already cancelled but not yet terminated recurring subscription', async () => {
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    plan.key = 'basic_earned';
+    plan.paymentMethod = stripePayments.constants.PAYMENT_METHOD;
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await recipient.cancelSubscription();
+
+    await api.createSubscription(data);
+
+    let updatedUser = await User.findById(recipient._id).exec();
+
+    expect(updatedUser.purchased.plan.extraMonths).to.within(2, 3);
+  });
+
+  it('adds months to members who already cancelled but not yet terminated group plan subscription', async () => {
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    plan.key = 'basic_earned';
+    plan.paymentMethod = api.constants.GROUP_PLAN_PAYMENT_METHOD;
+    plan.extraMonths = 2.94;
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await recipient.cancelSubscription();
+
+    await api.createSubscription(data);
+
+    let updatedUser = await User.findById(recipient._id).exec();
+    expect(updatedUser.purchased.plan.extraMonths).to.within(3, 4);
+  });
+
+  it('resets date terminated if user has old subscription', async () => {
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    plan.key = 'basic_earned';
+    plan.paymentMethod = stripePayments.constants.PAYMENT_METHOD;
+    plan.dateTerminated = moment().subtract(1, 'days').toDate();
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedUser = await User.findById(recipient._id).exec();
+
+    expect(updatedUser.purchased.plan.dateTerminated).to.not.exist;
+  });
+
+  it('adds months to members with existing recurring subscription and includes existing extraMonths', async () => {
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    plan.key = 'basic_earned';
+    plan.paymentMethod = stripePayments.constants.PAYMENT_METHOD;
+    plan.extraMonths = 5;
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedUser = await User.findById(recipient._id).exec();
+
+    expect(updatedUser.purchased.plan.extraMonths).to.within(7, 8);
+  });
+
+  it('adds months to members with existing recurring subscription and ignores existing negative extraMonths', async () => {
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    plan.key = 'basic_earned';
+    plan.paymentMethod = stripePayments.constants.PAYMENT_METHOD;
+    plan.extraMonths = -5;
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedUser = await User.findById(recipient._id).exec();
+
+    expect(updatedUser.purchased.plan.extraMonths).to.within(2, 3);
+  });
+
+  it('does not override gemsBought, mysteryItems, dateCreated, and consective fields', async () => {
+    let planCreatedDate = moment().toDate();
+    let mysteryItem = {title: 'item'};
+    let mysteryItems = [mysteryItem];
+    let consecutive = {
+      trinkets: 3,
+      gemCapExtra: 20,
+      offset: 1,
+      count: 13,
+    };
+
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+
+    plan.key = 'basic_earned';
+    plan.gemsBought = 3;
+    plan.dateCreated = planCreatedDate;
+    plan.mysteryItems = mysteryItems;
+    plan.consecutive = consecutive;
+
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedUser = await User.findById(recipient._id).exec();
+
+    expect(updatedUser.purchased.plan.gemsBought).to.equal(3);
+    expect(updatedUser.purchased.plan.mysteryItems[0]).to.eql(mysteryItem);
+    expect(updatedUser.purchased.plan.consecutive.count).to.equal(consecutive.count);
+    expect(updatedUser.purchased.plan.consecutive.offset).to.equal(consecutive.offset);
+    expect(updatedUser.purchased.plan.consecutive.gemCapExtra).to.equal(consecutive.gemCapExtra);
+    expect(updatedUser.purchased.plan.consecutive.trinkets).to.equal(consecutive.trinkets);
+    expect(updatedUser.purchased.plan.dateCreated).to.eql(planCreatedDate);
+  });
+
+  it('does not modify a user with a group subscription when they join another group', async () => {
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    plan.key = 'basic_earned';
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedUser = await User.findById(recipient._id).exec();
+    let firstDateCreated = updatedUser.purchased.plan.dateCreated;
+    let extraMonthsBeforeSecond = updatedUser.purchased.plan.extraMonths;
+
+    let group2 = generateGroup({
+      name: 'test group2',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    data.groupId = group2._id;
+    await group2.save();
+    recipient.guilds.push(group2._id);
+    await recipient.save();
+
+    await api.createSubscription(data);
+
+    updatedUser = await User.findById(recipient._id).exec();
+
+    expect(updatedUser.purchased.plan.planId).to.eql('group_plan_auto');
+    expect(updatedUser.purchased.plan.customerId).to.eql('group-plan');
+    expect(updatedUser.purchased.plan.dateUpdated).to.exist;
+    expect(updatedUser.purchased.plan.gemsBought).to.eql(0);
+    expect(updatedUser.purchased.plan.paymentMethod).to.eql('Group Plan');
+    expect(updatedUser.purchased.plan.extraMonths).to.eql(extraMonthsBeforeSecond);
+    expect(updatedUser.purchased.plan.dateTerminated).to.eql(null);
+    expect(updatedUser.purchased.plan.lastBillingDate).to.not.exist;
+    expect(updatedUser.purchased.plan.dateCreated).to.eql(firstDateCreated);
+  });
+
+  it('does not remove a user who is in two groups plans and leaves one', async () => {
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    plan.key = 'basic_earned';
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedUser = await User.findById(recipient._id).exec();
+    let firstDateCreated = updatedUser.purchased.plan.dateCreated;
+    let extraMonthsBeforeSecond = updatedUser.purchased.plan.extraMonths;
+
+    let group2 = generateGroup({
+      name: 'test group2',
+      type: 'guild',
+      privacy: 'public',
+      leader: user._id,
+    });
+    data.groupId = group2._id;
+    await group2.save();
+    recipient.guilds.push(group2._id);
+    await recipient.save();
+
+    await api.createSubscription(data);
+
+    let updatedGroup = await Group.findById(group._id).exec();
+    await updatedGroup.leave(recipient);
+
+    updatedUser = await User.findById(recipient._id).exec();
+
+    expect(updatedUser.purchased.plan.planId).to.eql('group_plan_auto');
+    expect(updatedUser.purchased.plan.customerId).to.eql('group-plan');
+    expect(updatedUser.purchased.plan.dateUpdated).to.exist;
+    expect(updatedUser.purchased.plan.gemsBought).to.eql(0);
+    expect(updatedUser.purchased.plan.paymentMethod).to.eql('Group Plan');
+    expect(updatedUser.purchased.plan.extraMonths).to.eql(extraMonthsBeforeSecond);
+    expect(updatedUser.purchased.plan.dateTerminated).to.eql(null);
+    expect(updatedUser.purchased.plan.lastBillingDate).to.not.exist;
+    expect(updatedUser.purchased.plan.dateCreated).to.eql(firstDateCreated);
+  });
+
+  it('does not modify a user with an unlimited subscription', async () => {
+    plan.key = 'basic_earned';
+    plan.customerId = api.constants.UNLIMITED_CUSTOMER_ID;
+
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedUser = await User.findById(recipient._id).exec();
+
+    expect(updatedUser.purchased.plan.planId).to.eql('basic_3mo');
+    expect(updatedUser.purchased.plan.customerId).to.eql(api.constants.UNLIMITED_CUSTOMER_ID);
+    expect(updatedUser.purchased.plan.dateUpdated).to.exist;
+    expect(updatedUser.purchased.plan.gemsBought).to.eql(0);
+    expect(updatedUser.purchased.plan.paymentMethod).to.eql('paymentMethod');
+    expect(updatedUser.purchased.plan.extraMonths).to.eql(0);
+    expect(updatedUser.purchased.plan.dateTerminated).to.eql(null);
+    expect(updatedUser.purchased.plan.lastBillingDate).to.exist;
+    expect(updatedUser.purchased.plan.dateCreated).to.exist;
+  });
+
+  it('updates a user with a cancelled but active group subscription', async () => {
+    plan.key = 'basic_earned';
+    plan.customerId = api.constants.GROUP_PLAN_CUSTOMER_ID;
+    plan.dateTerminated = moment().add(1, 'months');
+
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedUser = await User.findById(recipient._id).exec();
+
+    expect(updatedUser.purchased.plan.planId).to.eql('group_plan_auto');
+    expect(updatedUser.purchased.plan.customerId).to.eql(api.constants.GROUP_PLAN_CUSTOMER_ID);
+    expect(updatedUser.purchased.plan.dateUpdated).to.exist;
+    expect(updatedUser.purchased.plan.gemsBought).to.eql(0);
+    expect(updatedUser.purchased.plan.paymentMethod).to.eql('Group Plan');
+    expect(updatedUser.purchased.plan.extraMonths).to.within(0, 2);
+    expect(updatedUser.purchased.plan.dateTerminated).to.eql(null);
+    expect(updatedUser.purchased.plan.lastBillingDate).to.not.exist;
+    expect(updatedUser.purchased.plan.dateCreated).to.exist;
+  });
+});

test/api/v3/unit/libs/stripePayments.test.js

@@ -5,6 +5,7 @@ import {
   generateGroup,
 } from '../../../../helpers/api-unit.helper.js';
 import { model as User } from '../../../../../website/server/models/user';
+import { model as Group } from '../../../../../website/server/models/group';
 import { model as Coupon } from '../../../../../website/server/models/coupon';
 import stripePayments from '../../../../../website/server/libs/stripePayments';
 import payments from '../../../../../website/server/libs/payments';
@@ -394,6 +395,50 @@ describe('Stripe Payments', () => {
         subscriptionId,
       });
     });
+
+    it('subscribes a group with the correct number of group members', async () => {
+      token = 'test-token';
+      sub = data.sub;
+      groupId = group._id;
+      email = 'test@test.com';
+      headers = {};
+      user = new User();
+      user.guilds.push(groupId);
+      await user.save();
+      group.memberCount = 2;
+      await group.save();
+
+      await stripePayments.checkout({
+        token,
+        user,
+        gift,
+        sub,
+        groupId,
+        email,
+        headers,
+        coupon,
+      }, stripe);
+
+      expect(stripeCreateCustomerSpy).to.be.calledOnce;
+      expect(stripeCreateCustomerSpy).to.be.calledWith({
+        email,
+        metadata: { uuid: user._id },
+        card: token,
+        plan: sub.key,
+        quantity: 4,
+      });
+
+      expect(stripePaymentsCreateSubSpy).to.be.calledOnce;
+      expect(stripePaymentsCreateSubSpy).to.be.calledWith({
+        user,
+        customerId: customerIdResponse,
+        paymentMethod: 'Stripe',
+        sub,
+        headers,
+        groupId,
+        subscriptionId,
+      });
+    });
   });
 
   describe('edit subscription', () => {
@@ -658,4 +703,60 @@ describe('Stripe Payments', () => {
       });
     });
   });
+
+  describe('#upgradeGroupPlan', () => {
+    let spy, data, user, group;
+
+    beforeEach(async function () {
+      user = new User();
+      user.profile.name = 'sender';
+
+      data = {
+        user,
+        sub: {
+          key: 'basic_3mo', // @TODO: Validate that this is group
+        },
+        customerId: 'customer-id',
+        paymentMethod: 'Payment Method',
+        headers: {
+          'x-client': 'habitica-web',
+          'user-agent': '',
+        },
+      };
+
+      group = generateGroup({
+        name: 'test group',
+        type: 'guild',
+        privacy: 'public',
+        leader: user._id,
+      });
+      await group.save();
+
+      spy = sinon.stub(stripe.subscriptions, 'update');
+      spy.returnsPromise().resolves([]);
+      data.groupId = group._id;
+      data.sub.quantity = 3;
+      stripePayments.setStripeApi(stripe);
+    });
+
+    afterEach(function () {
+      sinon.restore(stripe.subscriptions.update);
+    });
+
+    it('updates a group plan quantity', async () => {
+      data.paymentMethod = 'Stripe';
+      await payments.createSubscription(data);
+
+      let updatedGroup = await Group.findById(group._id).exec();
+      expect(updatedGroup.purchased.plan.quantity).to.eql(3);
+
+      updatedGroup.memberCount += 1;
+      await updatedGroup.save();
+
+      await stripePayments.chargeForAdditionalGroupMember(updatedGroup);
+
+      expect(spy.calledOnce).to.be.true;
+      expect(updatedGroup.purchased.plan.quantity).to.eql(4);
+    });
+  });
 });

test/api/v3/unit/middlewares/cronMiddleware.js

@@ -4,7 +4,6 @@ import {
   generateTodo,
   generateDaily,
 } from '../../../../helpers/api-unit.helper';
-import { cloneDeep } from 'lodash';
 import cronMiddleware from '../../../../../website/server/middlewares/cron';
 import moment from 'moment';
 import { model as User } from '../../../../../website/server/models/user';
@@ -60,7 +59,7 @@ describe('cron middleware', () => {
     cronMiddleware(req, res, done);
   });
 
-  it('should clear todos older than 30 days for free users', async (done) => {
+  it('should clear todos older than 30 days for free users', async () => {
     user.lastCron = moment(new Date()).subtract({days: 2});
     let task = generateTodo(user);
     task.dateCompleted = moment(new Date()).subtract({days: 31});
@@ -68,16 +67,21 @@ describe('cron middleware', () => {
     await task.save();
     await user.save();
 
-    cronMiddleware(req, res, (err) => {
-      Tasks.Task.findOne({_id: task}, function (secondErr, taskFound) {
-        expect(secondErr).to.not.exist;
-        expect(taskFound).to.not.exist;
-        done(err);
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, (err) => {
+        if (err) return reject(err);
+
+        Tasks.Task.findOne({_id: task}, function (secondErr, taskFound) {
+          if (secondErr) return reject(err);
+          expect(secondErr).to.not.exist;
+          expect(taskFound).to.not.exist;
+          resolve();
+        });
       });
     });
   });
 
-  it('should not clear todos older than 30 days for subscribed users', async (done) => {
+  it('should not clear todos older than 30 days for subscribed users', async () => {
     user.purchased.plan.customerId = 'subscribedId';
     user.purchased.plan.dateUpdated = moment('012013', 'MMYYYY');
     user.lastCron = moment(new Date()).subtract({days: 2});
@@ -87,16 +91,20 @@ describe('cron middleware', () => {
     await task.save();
     await user.save();
 
-    cronMiddleware(req, res, (err) => {
-      Tasks.Task.findOne({_id: task}, function (secondErr, taskFound) {
-        expect(secondErr).to.not.exist;
-        expect(taskFound).to.exist;
-        done(err);
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, (err) => {
+        if (err) return reject(err);
+        Tasks.Task.findOne({_id: task}, function (secondErr, taskFound) {
+          if (secondErr) return reject(secondErr);
+          expect(secondErr).to.not.exist;
+          expect(taskFound).to.exist;
+          resolve();
+        });
       });
     });
   });
 
-  it('should clear todos older than 90 days for subscribed users', async (done) => {
+  it('should clear todos older than 90 days for subscribed users', async () => {
     user.purchased.plan.customerId = 'subscribedId';
     user.purchased.plan.dateUpdated = moment('012013', 'MMYYYY');
     user.lastCron = moment(new Date()).subtract({days: 2});
@@ -107,39 +115,49 @@ describe('cron middleware', () => {
     await task.save();
     await user.save();
 
-    cronMiddleware(req, res, (err) => {
-      Tasks.Task.findOne({_id: task}, function (secondErr, taskFound) {
-        expect(secondErr).to.not.exist;
-        expect(taskFound).to.not.exist;
-        done(err);
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, (err) => {
+        if (err) return reject(err);
+        Tasks.Task.findOne({_id: task}, function (secondErr, taskFound) {
+          if (secondErr) return reject(secondErr);
+          expect(secondErr).to.not.exist;
+          expect(taskFound).to.not.exist;
+          resolve();
+        });
       });
     });
   });
 
-  it('should call next if user was not modified after cron', async (done) => {
+  it('should call next if user was not modified after cron', async () => {
     let hpBefore = user.stats.hp;
     user.lastCron = moment(new Date()).subtract({days: 2});
     await user.save();
 
-    cronMiddleware(req, res, (err) => {
-      expect(hpBefore).to.equal(user.stats.hp);
-      done(err);
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, (err) => {
+        if (err) return reject(err);
+        expect(hpBefore).to.equal(user.stats.hp);
+        resolve();
+      });
     });
   });
 
-  it('updates user.auth.timestamps.loggedin and lastCron', async (done) => {
+  it('updates user.auth.timestamps.loggedin and lastCron', async () => {
     user.lastCron = moment(new Date()).subtract({days: 2});
     let now = new Date();
     await user.save();
 
-    cronMiddleware(req, res, (err) => {
-      expect(moment(now).isSame(user.lastCron, 'day'));
-      expect(moment(now).isSame(user.auth.timestamps.loggedin, 'day'));
-      done(err);
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, (err) => {
+        if (err) return reject(err);
+        expect(moment(now).isSame(user.lastCron, 'day'));
+        expect(moment(now).isSame(user.auth.timestamps.loggedin, 'day'));
+        resolve();
+      });
     });
   });
 
-  it('does damage for missing dailies', async (done) => {
+  it('does damage for missing dailies', async () => {
     let hpBefore = user.stats.hp;
     user.lastCron = moment(new Date()).subtract({days: 2});
     let daily = generateDaily(user);
@@ -147,28 +165,34 @@ describe('cron middleware', () => {
     await daily.save();
     await user.save();
 
-    cronMiddleware(req, res, (err) => {
-      expect(user.stats.hp).to.be.lessThan(hpBefore);
-      done(err);
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, (err) => {
+        if (err) return reject(err);
+        expect(user.stats.hp).to.be.lessThan(hpBefore);
+        resolve();
+      });
     });
   });
 
-  it('updates tasks', async (done) => {
+  it('updates tasks', async () => {
     user.lastCron = moment(new Date()).subtract({days: 2});
     let todo = generateTodo(user);
     let todoValueBefore = todo.value;
     await user.save();
 
-    cronMiddleware(req, res, () => {
-      Tasks.Task.findOne({_id: todo._id}, function (err, todoFound) {
-        expect(err).to.not.exist;
-        expect(todoFound.value).to.be.lessThan(todoValueBefore);
-        done();
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, (err) => {
+        if (err) return reject(err);
+        Tasks.Task.findOne({_id: todo._id}, function (secondErr, todoFound) {
+          if (secondErr) return reject(secondErr);
+          expect(todoFound.value).to.be.lessThan(todoValueBefore);
+          resolve();
+        });
       });
     });
   });
 
-  it('applies quest progress', async (done) => {
+  it('applies quest progress', async () => {
     let hpBefore = user.stats.hp;
     user.lastCron = moment(new Date()).subtract({days: 2});
     let daily = generateDaily(user);
@@ -192,17 +216,20 @@ describe('cron middleware', () => {
 
     party.startQuest(user);
 
-    cronMiddleware(req, res, () => {
-      expect(user.stats.hp).to.be.lessThan(hpBefore);
-      done();
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, (err) => {
+        if (err) return reject(err);
+        expect(user.stats.hp).to.be.lessThan(hpBefore);
+        resolve();
+      });
     });
   });
 
-  it('recovers from failed cron and does not error when user is already cronning', async (done) => {
+  it('recovers from failed cron and does not error when user is already cronning', async () => {
     user.lastCron = moment(new Date()).subtract({days: 2});
     await user.save();
 
-    let updatedUser = cloneDeep(user);
+    let updatedUser = user.toObject();
     updatedUser.nMatched = 0;
 
     sandbox.spy(cronLib, 'recoverCron');
@@ -215,10 +242,13 @@ describe('cron middleware', () => {
         },
       });
 
-    cronMiddleware(req, res, () => {
-      expect(cronLib.recoverCron).to.be.calledOnce;
+    await new Promise((resolve, reject) => {
+      cronMiddleware(req, res, (err) => {
+        if (err) return reject(err);
+        expect(cronLib.recoverCron).to.be.calledOnce;
 
-      done();
+        resolve();
+      });
     });
   });
 });

test/api/v3/unit/models/group.test.js

@@ -1,3 +1,6 @@
+import moment from 'moment';
+import { v4 as generateUUID } from 'uuid';
+import validator from 'validator';
 import { sleep } from '../../../../helpers/api-unit.helper';
 import { model as Group, INVITES_LIMIT } from '../../../../../website/server/models/group';
 import { model as User } from '../../../../../website/server/models/user';
@@ -7,9 +10,7 @@ import {
 import { quests as questScrolls } from '../../../../../website/common/script/content';
 import { groupChatReceivedWebhook } from '../../../../../website/server/libs/webhook';
 import * as email from '../../../../../website/server/libs/email';
-import validator from 'validator';
 import { TAVERN_ID } from '../../../../../website/common/script/';
-import { v4 as generateUUID } from 'uuid';
 import shared from '../../../../../website/common';
 
 describe('Group Model', () => {
@@ -667,6 +668,49 @@ describe('Group Model', () => {
         expect(party.memberCount).to.eql(1);
       });
 
+      it('does not allow a leader to leave a group with an active subscription', async () => {
+        party.memberCount = 2;
+        party.purchased.plan.customerId = '110002222333';
+
+        await expect(party.leave(questLeader))
+          .to.eventually.be.rejected.and.to.eql({
+            name: 'NotAuthorized',
+            httpCode: 401,
+            message: shared.i18n.t('leaderCannotLeaveGroupWithActiveGroup'),
+          });
+
+        party = await Group.findOne({_id: party._id});
+        expect(party).to.exist;
+        expect(party.memberCount).to.eql(1);
+      });
+
+      it('deletes a private group when the last member leaves and a subscription is cancelled', async () => {
+        let guild = new Group({
+          name: 'test guild',
+          type: 'guild',
+          memberCount: 1,
+        });
+
+        let leader = new User({
+          guilds: [guild._id],
+        });
+
+        guild.leader = leader._id;
+
+        await Promise.all([
+          guild.save(),
+          leader.save(),
+        ]);
+
+        guild.purchased.plan.customerId = '110002222333';
+        guild.purchased.plan.dateTerminated = new Date();
+
+        await guild.leave(leader);
+
+        party = await Group.findOne({_id: guild._id});
+        expect(party).to.not.exist;
+      });
+
       it('does not delete a public group when the last member leaves', async () => {
         party.privacy = 'public';
 
@@ -1045,7 +1089,7 @@ describe('Group Model', () => {
 
           expect(email.sendTxn).to.be.calledOnce;
 
-          let memberIds = _.pluck(email.sendTxn.args[0][0], '_id');
+          let memberIds = _.map(email.sendTxn.args[0][0], '_id');
           let typeOfEmail = email.sendTxn.args[0][1];
 
           expect(memberIds).to.have.a.lengthOf(2);
@@ -1068,7 +1112,7 @@ describe('Group Model', () => {
 
           expect(email.sendTxn).to.be.calledOnce;
 
-          let memberIds = _.pluck(email.sendTxn.args[0][0], '_id');
+          let memberIds = _.map(email.sendTxn.args[0][0], '_id');
 
           expect(memberIds).to.have.a.lengthOf(1);
           expect(memberIds).to.not.include(participatingMember._id);
@@ -1089,7 +1133,7 @@ describe('Group Model', () => {
 
           expect(email.sendTxn).to.be.calledOnce;
 
-          let memberIds = _.pluck(email.sendTxn.args[0][0], '_id');
+          let memberIds = _.map(email.sendTxn.args[0][0], '_id');
 
           expect(memberIds).to.have.a.lengthOf(1);
           expect(memberIds).to.not.include(participatingMember._id);
@@ -1545,5 +1589,57 @@ describe('Group Model', () => {
         expect(args.find(arg => arg[0][0].id === memberWithWebhook3.webhooks[0].id)).to.be.exist;
       });
     });
+
+    context('isSubscribed', () => {
+      it('returns false if group does not have customer id', () => {
+        expect(party.isSubscribed()).to.be.undefined;
+      });
+
+      it('returns true if group does not have plan.dateTerminated', () => {
+        party.purchased.plan.customerId = 'test-id';
+
+        expect(party.isSubscribed()).to.be.true;
+      });
+
+      it('returns true if group if plan.dateTerminated is after today', () => {
+        party.purchased.plan.customerId = 'test-id';
+        party.purchased.plan.dateTerminated = moment().add(1, 'days').toDate();
+
+        expect(party.isSubscribed()).to.be.true;
+      });
+
+      it('returns false if group if plan.dateTerminated is before today', () => {
+        party.purchased.plan.customerId = 'test-id';
+        party.purchased.plan.dateTerminated = moment().subtract(1, 'days').toDate();
+
+        expect(party.isSubscribed()).to.be.false;
+      });
+    });
+
+    context('hasNotCancelled', () => {
+      it('returns false if group does not have customer id', () => {
+        expect(party.hasNotCancelled()).to.be.undefined;
+      });
+
+      it('returns true if party does not have plan.dateTerminated', () => {
+        party.purchased.plan.customerId = 'test-id';
+
+        expect(party.hasNotCancelled()).to.be.true;
+      });
+
+      it('returns false if party if plan.dateTerminated is after today', () => {
+        party.purchased.plan.customerId = 'test-id';
+        party.purchased.plan.dateTerminated = moment().add(1, 'days').toDate();
+
+        expect(party.hasNotCancelled()).to.be.false;
+      });
+
+      it('returns false if party if plan.dateTerminated is before today', () => {
+        party.purchased.plan.customerId = 'test-id';
+        party.purchased.plan.dateTerminated = moment().subtract(1, 'days').toDate();
+
+        expect(party.hasNotCancelled()).to.be.false;
+      });
+    });
   });
 });

test/api/v3/unit/models/user.test.js

@@ -1,6 +1,7 @@
+import Bluebird from 'bluebird';
+import moment from 'moment';
 import { model as User } from '../../../../../website/server/models/user';
 import common from '../../../../../website/common';
-import Bluebird from 'bluebird';
 
 describe('User Model', () => {
   it('keeps user._tmp when calling .toJSON', () => {
@@ -145,4 +146,111 @@ describe('User Model', () => {
       });
     });
   });
+
+  context('isSubscribed', () => {
+    let user;
+    beforeEach(() => {
+      user = new User();
+    });
+
+
+    it('returns false if user does not have customer id', () => {
+      expect(user.isSubscribed()).to.be.undefined;
+    });
+
+    it('returns true if user does not have plan.dateTerminated', () => {
+      user.purchased.plan.customerId = 'test-id';
+
+      expect(user.isSubscribed()).to.be.true;
+    });
+
+    it('returns true if user if plan.dateTerminated is after today', () => {
+      user.purchased.plan.customerId = 'test-id';
+      user.purchased.plan.dateTerminated = moment().add(1, 'days').toDate();
+
+      expect(user.isSubscribed()).to.be.true;
+    });
+
+    it('returns false if user if plan.dateTerminated is before today', () => {
+      user.purchased.plan.customerId = 'test-id';
+      user.purchased.plan.dateTerminated = moment().subtract(1, 'days').toDate();
+
+      expect(user.isSubscribed()).to.be.false;
+    });
+  });
+
+  context('hasNotCancelled', () => {
+    let user;
+    beforeEach(() => {
+      user = new User();
+    });
+
+
+    it('returns false if user does not have customer id', () => {
+      expect(user.hasNotCancelled()).to.be.undefined;
+    });
+
+    it('returns true if user does not have plan.dateTerminated', () => {
+      user.purchased.plan.customerId = 'test-id';
+
+      expect(user.hasNotCancelled()).to.be.true;
+    });
+
+    it('returns false if user if plan.dateTerminated is after today', () => {
+      user.purchased.plan.customerId = 'test-id';
+      user.purchased.plan.dateTerminated = moment().add(1, 'days').toDate();
+
+      expect(user.hasNotCancelled()).to.be.false;
+    });
+
+    it('returns false if user if plan.dateTerminated is before today', () => {
+      user.purchased.plan.customerId = 'test-id';
+      user.purchased.plan.dateTerminated = moment().subtract(1, 'days').toDate();
+
+      expect(user.hasNotCancelled()).to.be.false;
+    });
+  });
+
+  context('pre-save hook', () => {
+    it('does not try to award achievements when achievements or items not selected in query', async () => {
+      let user = new User();
+      user = await user.save(); // necessary for user.isSelected to work correctly
+
+      // Create conditions for the Beast Master achievement to be awarded
+      user.achievements.beastMasterCount = 3;
+      expect(user.achievements.beastMaster).to.not.equal(true); // verify that it was not awarded initially
+
+      user = await user.save();
+      // verify that it's been awarded
+      expect(user.achievements.beastMaster).to.equal(true);
+
+      // reset the user
+      user.achievements.beastMasterCount = 0;
+      user.achievements.beastMaster = false;
+
+      user = await user.save();
+      // verify it's been removed
+      expect(user.achievements.beastMaster).to.equal(false);
+
+      // fetch the user without selecting the 'items' field
+      user = await User.findById(user._id).select('-items').exec();
+      expect(user.isSelected('items')).to.equal(false);
+
+      // create the conditions for the beast master achievement but this time it should not be awarded
+      user.achievements.beastMasterCount = 3;
+      user = await user.save();
+      expect(user.achievements.beastMaster).to.equal(false);
+
+      // reset
+      user.achievements.beastMasterCount = 0;
+      user = await user.save();
+
+      // this time with achievements not selected
+      user = await User.findById(user._id).select('-achievements').exec();
+      expect(user.isSelected('achievements')).to.equal(false);
+      user.achievements.beastMasterCount = 3;
+      user = await user.save();
+      expect(user.achievements.beastMaster).to.not.equal(true);
+    });
+  });
 });

test/client-old/spec/controllers/chatCtrlSpec.js

@@ -1,14 +1,14 @@
 'use strict';
 
 describe("Chat Controller", function() {
-  var scope, ctrl, user, $rootScope, $controller;
+  var scope, ctrl, user, $rootScope, $controller, $httpBackend, html;
 
   beforeEach(function() {
     module(function($provide) {
       $provide.value('User', {});
     });
 
-    inject(function(_$rootScope_, _$controller_){
+    inject(function(_$rootScope_, _$controller_, _$compile_, _$httpBackend_){
       user = specHelper.newUser();
       user._id = "unique-user-id";
       $rootScope = _$rootScope_;
@@ -16,13 +16,20 @@ describe("Chat Controller", function() {
       scope = _$rootScope_.$new();
 
       $controller = _$controller_;
+      $httpBackend = _$httpBackend_;
 
       // Load RootCtrl to ensure shared behaviors are loaded
       $controller('RootCtrl',  {$scope: scope, User: {user: user}});
 
-      ctrl = $controller('ChatCtrl', {$scope: scope});
+      html = _$compile_('<div><form ng-submit="postChat(group, message.content)"><textarea submit-on-meta-enter ng-model="message.content" ng-model-options="{debounce: 250}"></textarea></form></div>')(scope);
+      document.body.appendChild(html[0]);
+      ctrl = $controller('ChatCtrl', {$scope: scope, $element: html});
     });
   });
+  
+  afterEach(function() {
+    html.remove();
+  });
 
   describe('copyToDo', function() {
     it('when copying a user message it opens modal with information from message', function() {
@@ -68,5 +75,47 @@ describe("Chat Controller", function() {
       }));
     });
   });
+  
+  it('updates model on enter key press', function() {
+    // Set initial state of the page with some dummy data.
+    scope.group = { name: 'group' };
+    
+    // The main controller is going to try to fetch the template right off. 
+    // No big deal, just return an empty string.
+    $httpBackend.when('GET', 'partials/main.html').respond('');
+
+    // Let the page settle, and the controllers set their initial state.
+    $rootScope.$digest();
+
+    // Watch for calls to postChat & make sure it doesn't do anything.
+    let postChatSpy = sandbox.stub(scope, 'postChat');
+    
+    // Pretend we typed 'aaa' into the textarea.
+    var textarea = html.find('textarea');    
+    textarea[0].value = 'aaa';
+    let inputEvent = new Event('input');
+    textarea[0].dispatchEvent(inputEvent);
+
+    // Give a change for the ng-model watchers to notice that the value in the
+    // textarea has changed.
+    $rootScope.$digest();
+    
+    // Since no time has elapsed and we debounce the model change, we should 
+    // see no model update just yet.
+    expect(scope.message.content).to.equal('');
+    
+    // Now, press the enter key in the textarea. We use jquery here to paper 
+    // over browser differences with initializing the keyboard event.
+    var keyboardEvent = jQuery.Event('keydown', {keyCode: 13, key: 'Enter', metaKey: true});
+    jQuery(textarea).trigger(keyboardEvent);
+
+    // Now, allow the model to update given the changes to the page still
+    // without letting any time elapse...
+    $rootScope.$digest();
+    
+    // ... and nevertheless seeing the desired call to postChat with the right
+    // data. Yay!
+    postChatSpy.should.have.been.calledWith(scope.group, 'aaa');
+  });
 });
 

test/client-old/spec/controllers/inventoryCtrlSpec.js

@@ -30,7 +30,9 @@ describe('Inventory Controller', function() {
           suppressModals: {}
         },
         purchased: {
-          plan: {}
+          plan: {
+            mysteryItems: [],
+          },
         },
       });
 

test/client-old/spec/services/statServicesSpec.js

@@ -67,59 +67,6 @@ describe('Stats Service', function() {
     });
   });
 
-  describe('classBonus', function() {
-    it('calculates class bonus', function() {
-      var equippedGear = {
-        "weapon" : "weapon_warrior_1",
-        "shield" : "shield_warrior_1",
-        "head" : "head_warrior_1",
-        "armor" : "armor_warrior_1"
-      };
-      var user = {
-        fns: {
-          statsComputed: function () {
-            return { str: 50 };
-          },
-        },
-        stats: {
-          lvl: 10,
-          buffs: { str: 10 },
-          str: 10
-        },
-        items: {
-         gear: { equipped: equippedGear }
-        }
-      };
-      var stat = 'str';
-      var classBonus = statCalc.classBonus(user, stat);
-
-      expect(classBonus).to.eql(20)
-    });
-
-    it('does not return value if user has not been wrapped (_statComputed)', function() {
-      var equippedGear = {
-        "weapon" : "weapon_warrior_1",
-        "shield" : "shield_warrior_1",
-        "head" : "head_warrior_1",
-        "armor" : "armor_warrior_1"
-      };
-      var user = {
-        stats: {
-          lvl: 10,
-          buffs: { str: 10 },
-          str: 10
-        },
-        items: {
-         gear: { equipped: equippedGear }
-        }
-      };
-      var stat = 'str';
-      var classBonus = statCalc.classBonus(user, stat);
-
-      expect(classBonus).to.not.exist;
-    });
-  });
-
   describe('expDisplay', function() {
     it('displays exp as "exp / toNextLevelExp"', function() {
       user.stats.exp = 10;
@@ -138,27 +85,6 @@ describe('Stats Service', function() {
     });
   });
 
-  describe('equipmentStatBonus', function() {
-    it('tallies up stats from equipment that is equipped', function() {
-      var equippedGear = {
-        "weapon" : "weapon_special_1",
-        "shield" : "shield_special_1",
-        "head" : "head_special_1",
-        "armor" : "armor_special_1"
-      };
-
-      var strStat = statCalc.equipmentStatBonus('str', equippedGear);
-      var conStat = statCalc.equipmentStatBonus('con', equippedGear);
-      var intStat = statCalc.equipmentStatBonus('int', equippedGear);
-      var perStat = statCalc.equipmentStatBonus('per', equippedGear);
-
-      expect(strStat).to.eql(24);
-      expect(conStat).to.eql(24);
-      expect(intStat).to.eql(24);
-      expect(perStat).to.eql(24);
-    });
-  });
-
   describe('goldDisplay', function() {
     it('displays gold', function() {
       var gold = 30;
@@ -192,32 +118,6 @@ describe('Stats Service', function() {
     });
   });
 
-  describe('levelBonus', function() {
-    it('calculates bonus as half of level for even numbered level under 100', function() {
-      var level = 50;
-      var bonus = statCalc.levelBonus(level);
-      expect(bonus).to.eql(25);
-    });
-
-    it('calculates bonus as half of level, rounded down, for odd numbered level under 100', function() {
-      var level = 51;
-      var bonus = statCalc.levelBonus(level);
-      expect(bonus).to.eql(25);
-    });
-
-    it('calculates bonus as 50 for levels >= 100', function() {
-      var level = 150;
-      var bonus = statCalc.levelBonus(level);
-      expect(bonus).to.eql(50);
-    });
-
-    it('calculates bonus as 0 for level 1', function() {
-      var level = 1;
-      var bonus = statCalc.levelBonus(level);
-      expect(bonus).to.eql(0);
-    });
-  });
-
   describe('mountMasterProgress', function() {
     it('counts drop mounts that user has', function() {
       user.items.mounts = {

test/client/.babelrc

@@ -1,9 +1,18 @@
 {
-  "presets": ["es2015"],
+  "env": {
+    "test": {
+      plugins: [
+        ["istanbul"],
+      ],
+    },
+  },
+  "presets": [
+    ["es2015", { modules: false }],
+  ],
   "plugins": [
     "transform-object-rest-spread",
     "syntax-async-functions",
     "transform-regenerator",
   ],
-  "comments": false
+  "comments": false,
 }

test/client/e2e/nightwatch.conf.js

@@ -3,6 +3,7 @@
 require('babel-register');
 const config = require('../../../webpack/config');
 const chromeDriverPath = require('chromedriver').path;
+const seleniumServerPath = require('selenium-server').path;
 
 // http://nightwatchjs.org/guide#settings-file
 module.exports = {
@@ -12,7 +13,7 @@ module.exports = {
 
   selenium: {
     start_process: true,
-    server_path: 'node_modules/selenium-server/lib/runner/selenium-server-standalone-2.53.0.jar',
+    server_path: seleniumServerPath,
     host: '127.0.0.1',
     port: 4444,
     cli_args: {

test/client/unit/index.js

@@ -2,8 +2,17 @@
 // and babel-runtime doesn't affect external libraries
 require('babel-polyfill');
 
-// require all test files (files that ends with .spec.js)
-let testsContext = require.context('./specs', true, /\.spec$/);
+// Automatically setup SinonJS' sandbox for each test
+beforeEach(() => {
+  global.sandbox = sinon.sandbox.create();
+});
+
+afterEach(() => {
+  global.sandbox.restore();
+});
+
+// require all test files
+let testsContext = require.context('./specs', true, /\.js$/);
 testsContext.keys().forEach(testsContext);
 
 // require all .vue and .js files except main.js for coverage.

test/client/unit/karma.conf.js

@@ -3,53 +3,12 @@
 // we are also using it with karma-webpack
 //   https://github.com/webpack/karma-webpack
 
-const path = require('path');
-const merge = require('webpack-merge');
-const baseConfig = require('../../../webpack/webpack.base.conf');
-const utils = require('../../../webpack/utils');
-const webpack = require('webpack');
-const projectRoot = path.resolve(__dirname, '../../../');
-const testEnv = require('../../../webpack/config/test.env');
+// Necessary for babel to respect the env version of .babelrc which is necessary
+// Because inject-loader does not work with ["es2015", { modules: false }] that we use
+// in order to let webpack2 handle the imports
 
-const webpackConfig = merge(baseConfig, {
-  // use inline sourcemap for karma-sourcemap-loader
-  module: {
-    loaders: utils.styleLoaders(),
-  },
-  devtool: '#inline-source-map',
-  vue: {
-    loaders: {
-      js: 'isparta',
-    },
-  },
-  plugins: [
-    new webpack.DefinePlugin({
-      'process.env': testEnv,
-    }),
-  ],
-});
-
-// no need for app entry during tests
-delete webpackConfig.entry;
-
-// make sure isparta loader is applied before eslint
-webpackConfig.module.preLoaders = webpackConfig.module.preLoaders || [];
-webpackConfig.module.preLoaders.unshift({
-  test: /\.js$/,
-  loader: 'isparta',
-  include: [
-    path.resolve(projectRoot, 'website/client'),
-    path.resolve(projectRoot, 'website/common'),
-  ],
-});
-
-// only apply babel for test files when using isparta
-webpackConfig.module.loaders.some((loader) => {
-  if (loader.loader === 'babel') {
-    loader.include = path.resolve(projectRoot, 'test/client/unit');
-    return true;
-  }
-});
+process.env.BABEL_ENV = process.env.NODE_ENV; // eslint-disable-line no-process-env
+const webpackConfig = require('../../../webpack/webpack.test.conf');
 
 module.exports = function (config) {
   config.set({
@@ -58,7 +17,7 @@ module.exports = function (config) {
     //    http://karma-runner.github.io/0.13/config/browsers.html
     // 2. add it to the `browsers` array below.
     browsers: ['PhantomJS'],
-    frameworks: ['mocha', 'sinon-chai'],
+    frameworks: ['mocha', 'sinon-stub-promise', 'sinon-chai', 'chai-as-promised', 'chai'],
     reporters: ['spec', 'coverage'],
     files: ['./index.js'],
     preprocessors: {

test/client/unit/specs/libs/deepFreeze.js

@@ -0,0 +1,25 @@
+import deepFreeze from 'client/libs/deepFreeze';
+
+describe('deepFreeze', () => {
+  it('works as expected', () => {
+    let obj = {
+      a: 1,
+      b () {
+        return this.a;
+      },
+      nested: {
+        c: 2,
+        nestedTwice: {
+          d: 1,
+        },
+      },
+    };
+
+    let result = deepFreeze(obj);
+    expect(result).to.equal(obj);
+
+    expect(Object.isFrozen(obj)).to.equal(true);
+    expect(Object.isFrozen(obj.nested)).to.equal(true);
+    expect(Object.isFrozen(obj.nested.nestedTwice)).to.equal(true);
+  });
+});

test/client/unit/specs/mixins/groupsUtilities.js

@@ -0,0 +1,61 @@
+import groupsUtilities from 'client/mixins/groupsUtilities';
+import { TAVERN_ID } from 'common/script/constants';
+import Vue from 'vue';
+
+describe('Groups Utilities Mixin', () => {
+  let instance, user;
+
+  before(() => {
+    instance = new Vue({
+      mixins: [groupsUtilities],
+    });
+
+    user = {
+      _id: '123',
+      party: {
+        _id: '456',
+      },
+      guilds: ['789'],
+    };
+  });
+
+  describe('isMemberOfGroup', () => {
+    it('registers as a method', () => {
+      expect(instance.isMemberOfGroup).to.be.a.function;
+    });
+
+    it('returns true when the group is the Tavern', () => {
+      expect(instance.isMemberOfGroup(user, {
+        _id: TAVERN_ID,
+      })).to.equal(true);
+    });
+
+    it('returns true when the group is the user\'s party', () => {
+      expect(instance.isMemberOfGroup(user, {
+        type: 'party',
+        _id: user.party._id,
+      })).to.equal(true);
+    });
+
+    it('returns false when the group is not the user\'s party', () => {
+      expect(instance.isMemberOfGroup(user, {
+        type: 'party',
+        _id: 'not my party',
+      })).to.equal(false);
+    });
+
+    it('returns true when the group is not a guild of which the user is a member', () => {
+      expect(instance.isMemberOfGroup(user, {
+        type: 'guild',
+        _id: user.guilds[0],
+      })).to.equal(true);
+    });
+
+    it('returns false when the group is not a guild of which the user is a member', () => {
+      expect(instance.isMemberOfGroup(user, {
+        type: 'guild',
+        _id: 'not my guild',
+      })).to.equal(false);
+    });
+  });
+});