3.104.1

* Moved notifications to be read after yesterdailies

* Prevent when user needs cron

* Updated tests

.github/CONTRIBUTING.md

@@ -1,6 +1,6 @@
 # Reporting Bugs
 
-[Please see these instructions for reporting bugs](https://github.com/HabitRPG/habitrpg/issues/2760)
+[Please see these instructions for reporting bugs](https://github.com/HabitRPG/habitica/issues/2760)
 
 # Pull Request
 

.github/ISSUE_TEMPLATE.md

@@ -1,21 +1,19 @@
-[//]: # (Before logging this issue, look through common problems at https://github.com/HabitRPG/habitrpg/issues If you find your issue there, read at least the first post to see if there is a workaround for you)
+[//]: # (Before logging this issue, please post to the Report a Bug guild from the Habitica website's Help menu. Most bugs can be handled quickly there. If a GitHub issue is needed, you will be advised of that by a moderator or staff member -- a player with a dark blue or purple name. It is recommended that you don't create a new issue unless advised to.)
 
-[//]: # (Github is primarily used for reporting bugs. If you have a feature request, use "Help > Request a Feature" so that the feature request can be vetted by the larger Habitica community)
+[//]: # (Bugs in the mobile apps can also be reported there.)
 
-[//]: # (To report a bug in one of the mobile apps, please report it in the correct repository. Android: https://github.com/HabitRPG/habitrpg-android, iOS: https://github.com/HabitRPG/habitrpg-ios)
+[//]: # (If you have a feature request, use "Help > Request a Feature", not GitHub or the Report a Bug guild.)
 
-[//]: # (For more guidelines see https://github.com/HabitRPG/habitrpg/issues/2760)
+[//]: # (For more guidelines see https://github.com/HabitRPG/habitica/issues/2760)
 
 [//]: # (Fill out relevant information - UUID is found in Settings -> API)
-General Info
+### General Info
   * UUID: 
   * Browser: 
   * OS: 
 
 ### Description
-[//]: # (Describe bug in detail here. Include pictures if helpful.)
-
-
+[//]: # (Describe bug in detail here. Include screenshots if helpful.)
 
 #### Console Errors
 [//]: # (Include any JavaScript console errors here.)

.travis.yml

@@ -2,6 +2,8 @@ language: node_js
 node_js:
   - '6'
 sudo: required
+services:
+  - mongodb
 addons:
   apt:
     sources:
@@ -12,22 +14,25 @@ before_install:
   - $CXX --version
   - npm install -g npm@4
   - if [ $REQUIRES_SERVER ]; then sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10; echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | sudo tee /etc/apt/sources.list.d/mongodb.list; sudo apt-get update; sudo apt-get install mongodb-org-server; fi
+install:
+  - npm install &> npm.install.log || (cat npm.install.log; false)
 before_script:
   - npm run test:build
   - cp config.json.example config.json
   - if [ $REQUIRES_SERVER ]; then until nc -z localhost 27017; do echo Waiting for MongoDB; sleep 1; done; export DISPLAY=:99; fi
-after_script:
-  - ./node_modules/.bin/lcov-result-merger 'coverage/**/*.info' | ./node_modules/coveralls/bin/coveralls.js
-script: npm run $TEST
+script:
+  - npm run $TEST
+  - if [ $COVERAGE ]; then ./node_modules/.bin/lcov-result-merger 'coverage/**/*.info' | ./node_modules/coveralls/bin/coveralls.js; fi
 env:
   global:
     - CXX=g++-4.8
     - DISABLE_REQUEST_LOGGING=true
   matrix:
     - TEST="lint"
-    - TEST="test:api-v3" REQUIRES_SERVER=true
+    - TEST="test:api-v3" REQUIRES_SERVER=true COVERAGE=true
     - TEST="test:sanity"
-    - TEST="test:content"
-    - TEST="test:common"
-    - TEST="test:karma"
-    - TEST="client:unit"
+    - TEST="test:content" COVERAGE=true
+    - TEST="test:common" COVERAGE=true
+    - TEST="test:karma" COVERAGE=true
+    - TEST="client:unit" COVERAGE=true
+    - TEST="apidoc"

Dockerfile

@@ -1,45 +1,18 @@
-FROM ubuntu:trusty
-
-MAINTAINER Sabe Jones <sabe@habitica.com>
-
-# Avoid ERROR: invoke-rc.d: policy-rc.d denied execution of start.
-RUN echo -e '#!/bin/sh\nexit 0' > /usr/sbin/policy-rc.d
-
-# Install prerequisites
-RUN apt-get update
-RUN apt-get install -y \
-    build-essential \
-    curl \
-    git \
-    libfontconfig1 \
-    libfreetype6 \
-    libkrb5-dev \
-    python
-
-# Install NodeJS
-RUN curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
-RUN apt-get install -y nodejs
-
-# Install npm@latest
-RUN curl -sL https://www.npmjs.org/install.sh | sh
-
-# Clean up package management
-RUN apt-get clean
-RUN rm -rf /var/lib/apt/lists/*
-
-# Install global packages
-RUN npm install -g gulp grunt-cli bower mocha
-
-# Clone Habitica repo and install dependencies
-WORKDIR /habitrpg
-RUN git clone https://github.com/HabitRPG/habitica.git /habitrpg
-RUN npm install
-RUN bower install --allow-root
-
-# Create environment config file and build directory
-RUN cp config.json.example config.json
-RUN mkdir -p ./website/build
-
-# Start Habitica
-EXPOSE 3000
-CMD ["npm", "start"]
+FROM node:boron
+
+# Install global packages
+RUN npm install -g gulp grunt-cli bower mocha
+
+# Clone Habitica repo and install dependencies
+RUN mkdir -p /usr/src/habitrpg
+WORKDIR /usr/src/habitrpg
+RUN git clone https://github.com/HabitRPG/habitica.git /usr/src/habitrpg
+RUN npm install
+RUN bower install --allow-root
+
+# Create Build dir
+RUN mkdir -p ./website/build
+
+# Start Habitica
+EXPOSE 3000
+CMD ["npm", "start"]

Dockerfile-Production

@@ -0,0 +1,19 @@
+FROM node:boron
+
+# Install global packages
+RUN npm install -g gulp grunt-cli bower mocha
+
+# Clone Habitica repo and install dependencies
+RUN mkdir -p /usr/src/habitrpg
+WORKDIR /usr/src/habitrpg
+RUN git clone --branch v3.102.2 https://github.com/HabitRPG/habitica.git /usr/src/habitrpg
+RUN npm install
+RUN bower install --allow-root
+RUN gulp build:prod --force
+
+# Create Build dir
+RUN mkdir -p ./website/build
+
+# Start Habitica
+EXPOSE 3000
+CMD ["node", "./website/transpiled-babel/index.js"]

README.md

@@ -5,8 +5,7 @@ Habitica [![Build Status](https://travis-ci.org/HabitRPG/habitica.svg?branch=dev
 
 We need more programmers! Your assistance will be greatly appreciated.
 
-For an introduction to the technologies used and how the software is organized, refer to [Contributing to Habitica](http://habitica.wikia.com/wiki/Contributing_to_Habitica#Coders_.28Web_.26_Mobile.29) - "Coders (Web & Mobile)" section.
+For an introduction to the technologies used and how the software is organized, refer to [Guidance for Blacksmiths](http://habitica.wikia.com/wiki/Guidance_for_Blacksmiths).
 
-To set up a local install of Habitica for development and testing, see [Setting up Habitica Locally](http://habitica.wikia.com/wiki/Setting_up_Habitica_Locally), which contains instructions for Windows, *nix / Mac OS, and Vagrant.
+To set up a local install of Habitica for development and testing on various platforms, see [Setting up Habitica Locally](http://habitica.wikia.com/wiki/Setting_up_Habitica_Locally).
 
-Then read [Guidance for Blacksmiths](http://habitica.wikia.com/wiki/Guidance_for_Blacksmiths) for additional instructions and useful tips.

config.json.example

@@ -66,7 +66,8 @@
         },
         "mode":"sandbox",
         "client_id":"client_id",
-        "client_secret":"client_secret"
+        "client_secret":"client_secret",
+        "experience_profile_id": ""
     },
     "IAP_GOOGLE_KEYDIR": "/path/to/google/public/key/dir/",
     "LOGGLY_TOKEN": "token",
@@ -76,6 +77,11 @@
         "APN_ENABLED": "false",
         "FCM_SERVER_API_KEY": ""
     },
+    "SITE_HTTP_AUTH": {
+        "ENABLED": "false",
+        "USERNAME": "admin",
+        "PASSWORD": "password"
+    },
     "PUSHER": {
         "ENABLED": "false",
         "APP_ID": "appId",
@@ -87,5 +93,14 @@
         "FLAGGING_FOOTER_LINK": "https://habitrpg.github.io/flag-o-rama/",
         "SUBSCRIPTIONS_URL": "https://hooks.slack.com/services/id/id/id"
     },
-    "ITUNES_SHARED_SECRET": "aaaabbbbccccddddeeeeffff00001111"
+    "ITUNES_SHARED_SECRET": "aaaabbbbccccddddeeeeffff00001111",
+    "EMAILS" : {
+        "COMMUNITY_MANAGER_EMAIL" : "leslie@habitica.com",
+        "TECH_ASSISTANCE_EMAIL" : "admin@habitica.com",
+        "PRESS_ENQUIRY_EMAIL" : "leslie@habitica.com"
+    },
+    "LOGGLY" : {
+        "TOKEN" : "example-token",
+        "SUBDOMAIN" : "exmaple-subdomain"
+    }
 }

database_reports/count_users_who_own_specified_gear.js

@@ -3,7 +3,7 @@ var authorUuid = 'd904bd62-da08-416b-a816-ba797c9ee265'; //... own data is done
 
 /**
  * database_reports/count_users_who_own_specified_gear.js
- * https://github.com/HabitRPG/habitrpg/pull/3884
+ * https://github.com/HabitRPG/habitica/pull/3884
  */
 
 var thingsOfInterest = {

gulp/gulp-bootstrap.js

@@ -0,0 +1,36 @@
+import gulp from 'gulp';
+import fs from 'fs';
+
+// Copy Bootstrap 4 config variables from /website /node_modules so we can check
+// them into Git
+
+const BOOSTRAP_NEW_CONFIG_PATH = 'website/client/assets/scss/bootstrap_config.scss';
+const BOOTSTRAP_ORIGINAL_CONFIG_PATH = 'node_modules/bootstrap/scss/_custom.scss';
+
+// https://stackoverflow.com/a/14387791/969528
+function copyFile(source, target, cb) {
+  let cbCalled = false;
+
+  function done(err) {
+    if (!cbCalled) {
+      cb(err);
+      cbCalled = true;
+    }
+  }
+
+  let rd = fs.createReadStream(source);
+  rd.on('error', done);
+  let wr = fs.createWriteStream(target);
+  wr.on('error', done);
+  wr.on('close', () => done());
+  rd.pipe(wr);
+}
+
+gulp.task('bootstrap', (done) => {
+  // use new config
+  copyFile(
+    BOOSTRAP_NEW_CONFIG_PATH,
+    BOOTSTRAP_ORIGINAL_CONFIG_PATH,
+    done,
+  );
+});

gulp/gulp-sprites.js

@@ -49,7 +49,7 @@ gulp.task('sprites:checkCompiledDimensions', ['sprites:main', 'sprites:largeSpri
   });
 
   if (numberOfSheetsThatAreTooBig > 0) {
-    console.error(`${numberOfSheetsThatAreTooBig} sheets might too big for mobile Safari to be able to handle them, but there is a margin of error in these calculations so it is probably okay. Mention this to an admin so they can test a staging site on mobile Safari after your PR is merged.`); // https://github.com/HabitRPG/habitrpg/pull/6683#issuecomment-185462180
+    console.error(`${numberOfSheetsThatAreTooBig} sheets might too big for mobile Safari to be able to handle them, but there is a margin of error in these calculations so it is probably okay. Mention this to an admin so they can test a staging site on mobile Safari after your PR is merged.`); // https://github.com/HabitRPG/habitica/pull/6683#issuecomment-185462180
   } else {
     console.log('All images are within the correct dimensions');
   }

gulp/gulp-tests.js

@@ -280,7 +280,7 @@ gulp.task('test:e2e:safe', ['test:prepare', 'test:prepare:server'], (cb) => {
 
 gulp.task('test:api-v3:unit', (done) => {
   let runner = exec(
-    testBin('mocha test/api/v3/unit --recursive --require ./test/helpers/start-server'),
+    testBin('node_modules/.bin/istanbul cover --dir coverage/api-v3-unit --report lcovonly node_modules/mocha/bin/_mocha -- test/api/v3/unit --recursive --require ./test/helpers/start-server'),
     (err, stdout, stderr) => {
       if (err) {
         process.exit(1);
@@ -298,7 +298,7 @@ gulp.task('test:api-v3:unit:watch', () => {
 
 gulp.task('test:api-v3:integration', (done) => {
   let runner = exec(
-    testBin('mocha test/api/v3/integration --recursive --require ./test/helpers/start-server'),
+    testBin('node_modules/.bin/istanbul cover --dir coverage/api-v3-integration --report lcovonly node_modules/mocha/bin/_mocha -- test/api/v3/integration --recursive --require ./test/helpers/start-server'),
     {maxBuffer: 500 * 1024},
     (err, stdout, stderr) => {
       if (err) {

gulpfile.js

@@ -13,6 +13,7 @@ if (process.env.NODE_ENV === 'production') {
   require('./gulp/gulp-newstuff');
   require('./gulp/gulp-build');
   require('./gulp/gulp-babelify');
+  require('./gulp/gulp-bootstrap');
 } else {
   require('glob').sync('./gulp/gulp-*').forEach(require);
   require('gulp').task('default', ['test']);

kubernetes/README.md

@@ -0,0 +1,60 @@
+# Habitica in Kubernetes
+This is a set of sample Kubernetes configuration files to launch Habitica under AWS, both as a single-node web frontend as well as a multi-node web frontend.
+
+## Prerequisites
+* An AWS account.
+* A working Kubernetes installation.
+* A basic understanding of how to use Kubernetes. https://kubernetes.io/
+* A persistent volume for MongoDB data.
+* Docker images of Habitica.
+  + You can use your own, or use the one included in the YAML files.
+  + If you use your own, you'll need a fork of the Habitica GitHub repo and your own Docker Hub repo, both of which are free.
+
+## Before you begin
+1. Set up Kubernetes.
+2. Create an EBS volume for MongoDB data.
+   + Make a note of the name, you'll need it later.
+
+## Starting MongoDB
+1. Edit mongo.yaml
+  + Find the volumeID line.
+  + Change the volume to the one created in the section above.
+2. Run the following commands:
+  + `kubectl.sh create -f mongo.yaml`
+  + `kubectl.sh create -f mongo-service.yaml`
+3. Wait for the MongoDB pod to start up.
+
+## Starting a Single Web Frontend
+
+1. Run the following commands:
+  + `kubectl.sh create -f habitica.yaml`
+  + `kubectl.sh create -f habitica-service.yaml`
+2. Wait for the frontend to start up.
+
+## Starting Multi-node Web Frontend
+1. Run the following commands :
+  + `kubectl.sh create -f habitica-rc.yaml`
+  + `kubectl.sh create -f habitica-service.yaml`
+2. Wait for the frontend to start up.
+
+## Accessing Your Habitica web interface
+Using `kubectl describe svc habiticaweb` get the hostname generated for the Habitica service. Open a browser and go to http://hostname:3000 to access the web front-end for the installations above.
+
+## Shutting down
+Shutting down is basically done by reversing the steps above:
++ `kubectl.sh delete -f habitica-service.yaml`
++ `kubectl.sh delete -f habitica.yaml (or habitica-rc.yaml)`
++ `kubectl.sh delete -f mongo-service.yaml`
++ `kubectl.sh delete -f mongo.yaml`
+
+You can also just shut down all of Kubernetes as well.
+
+## Notes
++ MongoDB data will be persistent! If you need to start with a fresh database, you'll need to remove the volume and re-create it.
++ On AWS, you probably want to use at least t2.medium minion nodes for Kubernetes. The default t2.small is too small for more than two Habitica nodes.
+
+## Future Plans
++ Multi-node MongoDB.
++ Monitoring
++ Instructions for a better hostname. The default generated ones stink.
++ More to come....

kubernetes/habitica-rc.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: habitica
+  labels:
+    name: habitica
+spec:
+  replicas: 4
+  selector:
+    name: habitica
+  template:
+    metadata:
+      labels:
+        name: habitica
+    spec:
+      containers:
+      - name: habitica
+        image: ksonney/habitrpg:latest
+        env:
+          - name: NODE_DB_URI
+            value: mongodb://mongosvc/habitrpg
+        ports:
+          - containerPort: 3000
+            hostPort: 3000
+            name: habitica

kubernetes/habitica-service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata: 
+  labels: 
+    name: habiticaweb
+  name: habiticaweb
+spec: 
+  ports:
+    # the port that this service should serve on
+    - port: 3000
+  # label keys and values that must match in order to receive traffic for this service
+  selector: 
+    name: habitica
+  type: LoadBalancer

kubernetes/habitica.yaml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: habitica
+  labels:
+    name: habitica
+spec:
+  containers:
+#    - image: mongo:latest
+#      name: mongo
+#      ports:
+#        - containerPort: 27017
+#          name: mongo
+    - image: ksonney/habitrpg:latest
+      name: habitica
+      env:
+        - name: NODE_DB_URI
+          value: mongodb://mongosvc/habitrpg
+      ports: 
+        - containerPort: 3000
+          hostPort: 3000
+          name: habitica

kubernetes/mongo-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata: 
+  labels: 
+    name: mongosvc
+  name: mongosvc
+spec: 
+  ports:
+    # the port that this service should serve on
+    - port: 27017
+  # label keys and values that must match in order to receive traffic for this service
+  selector: 
+    name: mongodb

kubernetes/mongo.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: mongodb
+  labels: 
+    name: mongodb
+spec: 
+  containers: 
+    - resources:
+        limits :
+          cpu: 0.5
+      image: mongo
+      name: mongodb
+      ports: 
+        - containerPort: 27017
+          hostPort: 27017
+          name: mongo
+      volumeMounts:
+#         # name must match the volume name below
+        - name: mongo-persistent-storage
+#          # mount path within the container
+          mountPath: /data/db
+  volumes:
+    - name: mongo-persistent-storage
+      awsElasticBlockStore:
+        volumeID: aws://YOUR-REGION/YOUR-VOLNAME
+        fsType: ext3
+

migrations/20170111_announce_collection_quest_change_in_parties.js

@@ -0,0 +1,110 @@
+'use strict';
+
+/****************************************
+ * Author: @Alys
+ *
+ * Reason: Collection quests are being changed
+ * to require fewer items collected:
+ * https://github.com/HabitRPG/habitrpg/pull/7987
+ * This will cause existing quests to end sooner
+ * than the party is expecting.
+ * This script inserts an explanatory `system`
+ * message into the chat for affected parties.
+ ***************************************/
+
+global.Promise = require('bluebird');
+const uuid = require('uuid');
+const TaskQueue = require('cwait').TaskQueue;
+const logger = require('./utils/logger');
+const Timer = require('./utils/timer');
+const connectToDb = require('./utils/connect').connectToDb;
+const closeDb = require('./utils/connect').closeDb;
+
+const message = '`This party\'s collection quest has been made easier! For details, refer to http://habitica.wikia.com/wiki/User_blog:LadyAlys/Collection_Quests_are_Now_Easier`';
+
+const timer = new Timer();
+
+// PROD: Enable prod db
+// const DB_URI = 'mongodb://username:password@dsXXXXXX-a0.mlab.com:XXXXX,dsXXXXXX-a1.mlab.com:XXXXX/habitica?replicaSet=rs-dsXXXXXX';
+const DB_URI = 'mongodb://localhost/habitrpg';
+
+const COLLECTION_QUESTS = [
+  'vice2',
+  'egg',
+  'moonstone1',
+  'goldenknight1',
+  'dilatoryDistress1',
+];
+
+let Groups;
+
+connectToDb(DB_URI).then((db) => {
+  Groups = db.collection('groups');
+
+  return Promise.resolve();
+})
+.then(findPartiesWithCollectionQuest)
+// .then(displayGroups) // for testing only
+.then(addMessageToGroups)
+.then(() => {
+  timer.stop();
+  closeDb();
+}).catch(reportError);
+
+function reportError (err) {
+  logger.error('Uh oh, an error occurred');
+  closeDb();
+  timer.stop();
+  throw err;
+}
+
+function findPartiesWithCollectionQuest () {
+  logger.info('Looking up groups on collection quests...');
+
+  return Groups.find({'quest.key': {$in: COLLECTION_QUESTS}}, ['name','quest']).toArray().then((groups) => {
+    logger.success('Found', groups.length, 'parties on collection quests');
+
+    return Promise.resolve(groups);
+  })
+}
+
+function displayGroups (groups) { // for testing only
+  logger.info('Displaying parties...');
+  console.log(groups);
+  return Promise.resolve(groups);
+}
+
+function updateGroupById (group) {
+  var newMessage = {
+    'id' : uuid.v4(),
+    'text' : message,
+    'timestamp': Date.now(),
+    'likes': {},
+    'flags': {},
+    'flagCount': 0,
+    'uuid': 'system'
+  };
+  return Groups.findOneAndUpdate({_id: group._id}, {$push:{"chat" :{$each: [newMessage], $position:0}}}, {returnOriginal: false});
+  // Does not set the newMessage flag for all party members because I don't think it's essential and
+  // I don't want to run the extra code (extra database load, extra opportunity for bugs).
+}
+
+function addMessageToGroups (groups) {
+  let queue = new TaskQueue(Promise, 300);
+
+  logger.info('About to update', groups.length, 'parties...');
+
+  return Promise.map(groups, queue.wrap(updateGroupById)).then((result) => {
+    let updates = result.filter(res => res.lastErrorObject && res.lastErrorObject.updatedExisting)
+    let failures = result.filter(res => !(res.lastErrorObject && res.lastErrorObject.updatedExisting));
+
+    logger.success(updates.length, 'parties have been notified');
+
+    if (failures.length > 0) {
+      logger.error(failures.length, 'parties could not be notified');
+    }
+
+    return Promise.resolve();
+  });
+}
+

migrations/20170418_subscriber_jackalopes.js

@@ -0,0 +1,88 @@
+var migrationName = '20170418_subscriber_jackalopes.js';
+var authorName = 'Sabe'; // in case script author needs to know when their ...
+var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
+
+/*
+ * Award Royal Purple Jackalope pet to all current subscribers
+ */
+
+var monk = require('monk');
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbUsers = monk(connectionString).get('users', { castIds: false });
+var now = new Date();
+
+function processUsers(lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  var query = {
+    'purchased.plan.customerId': {$type: 2},
+    $or: [
+      {'purchased.plan.dateTerminated': null},
+      {'purchased.plan.dateTerminated': {$exists: false}},
+      {'purchased.plan.dateTerminated': {$gt: now}},
+    ]
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [] // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+  .then(updateUsers)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  var userPromises = users.map(updateUser);
+  var lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+  .then(function () {
+    processUsers(lastUser._id);
+  });
+}
+
+function updateUser (user) {
+  count++;
+
+  var set = {'items.pets.Jackalope-RoyalPurple': 5};
+
+  dbUsers.update({_id: user._id}, {$set:set});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + user._id);
+  if (user._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' users processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;

migrations/20170425_missing_incentives.js

@@ -0,0 +1,207 @@
+var migrationName = '20170425_missing_incentives';
+var authorName = 'Sabe'; // in case script author needs to know when their ...
+var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
+
+/*
+ * Award missing Royal Purple Hatching Potion to users with 55+ check-ins
+ * Reduce users with impossible check-in counts to a reasonable number
+ */
+
+import monk from 'monk';
+import common from '../website/common';
+
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbUsers = monk(connectionString).get('users', { castIds: false });
+
+function processUsers(lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  var query = {
+    'loginIncentives': {$gt:99},
+    'migration': {$ne: migrationName},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [] // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+  .then(updateUsers)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  var userPromises = users.map(updateUser);
+  var lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+  .then(function () {
+    processUsers(lastUser._id);
+  });
+}
+
+function updateUser (user) {
+  count++;
+  var language = user.preferences.language || 'en';
+  var set = {'migration': migrationName};
+  var inc = {
+    'items.eggs.BearCub': 0,
+    'items.eggs.Cactus': 0,
+    'items.eggs.Dragon': 0,
+    'items.eggs.FlyingPig': 0,
+    'items.eggs.Fox': 0,
+    'items.eggs.LionCub': 0,
+    'items.eggs.PandaCub': 0,
+    'items.eggs.TigerCub': 0,
+    'items.eggs.Wolf': 0,
+    'items.food.Chocolate': 0,
+    'items.food.CottonCandyBlue': 0,
+    'items.food.CottonCandyPink': 0,
+    'items.food.Fish': 0,
+    'items.food.Honey': 0,
+    'items.food.Meat': 0,
+    'items.food.Milk': 0,
+    'items.food.Potatoe': 0,
+    'items.food.RottenMeat': 0,
+    'items.food.Strawberry': 0,
+    'items.hatchingPotions.Base': 0,
+    'items.hatchingPotions.CottonCandyBlue': 0,
+    'items.hatchingPotions.CottonCandyPink': 0,
+    'items.hatchingPotions.Desert': 0,
+    'items.hatchingPotions.Golden': 0,
+    'items.hatchingPotions.Red': 0,
+    'items.hatchingPotions.RoyalPurple': 0,
+    'items.hatchingPotions.Shade': 0,
+    'items.hatchingPotions.Skeleton': 0,
+    'items.hatchingPotions.White': 0,
+    'items.hatchingPotions.Zombie': 0,
+  };
+  var nextReward;
+
+  if (user.loginIncentives >= 105) {
+    inc['items.hatchingPotions.RoyalPurple'] += 1;
+    nextReward = 110;
+  }
+  if (user.loginIncentives >= 110) {
+    inc['items.eggs.BearCub'] += 1;
+    inc['items.eggs.Cactus'] += 1;
+    inc['items.eggs.Dragon'] += 1;
+    inc['items.eggs.FlyingPig'] += 1;
+    inc['items.eggs.Fox'] += 1;
+    inc['items.eggs.LionCub'] += 1;
+    inc['items.eggs.PandaCub'] += 1;
+    inc['items.eggs.TigerCub'] += 1;
+    inc['items.eggs.Wolf'] += 1;
+    nextReward = 115;
+  }
+  if (user.loginIncentives >= 115) {
+    inc['items.hatchingPotions.RoyalPurple'] += 1;
+    nextReward = 120;
+  }
+  if (user.loginIncentives >= 120) {
+    inc['items.hatchingPotions.Base'] += 1;
+    inc['items.hatchingPotions.CottonCandyBlue'] += 1;
+    inc['items.hatchingPotions.CottonCandyPink'] += 1;
+    inc['items.hatchingPotions.Desert'] += 1;
+    inc['items.hatchingPotions.Golden'] += 1;
+    inc['items.hatchingPotions.Red'] += 1;
+    inc['items.hatchingPotions.Shade'] += 1;
+    inc['items.hatchingPotions.Skeleton'] += 1;
+    inc['items.hatchingPotions.White'] += 1;
+    inc['items.hatchingPotions.Zombie'] += 1;
+    nextReward = 125;
+  }
+  if (user.loginIncentives >= 125) {
+    inc['items.hatchingPotions.RoyalPurple'] += 1;
+    nextReward = 130;
+  }
+  if (user.loginIncentives >= 130) {
+    inc['items.food.Chocolate'] += 3;
+    inc['items.food.CottonCandyBlue'] += 3;
+    inc['items.food.CottonCandyPink'] += 3;
+    inc['items.food.Fish'] += 3;
+    inc['items.food.Honey'] += 3;
+    inc['items.food.Meat'] += 3;
+    inc['items.food.Milk'] += 3;
+    inc['items.food.Potatoe'] += 3;
+    inc['items.food.RottenMeat'] += 3;
+    inc['items.food.Strawberry'] += 3;
+  }
+  if (user.loginIncentives >= 135) {
+    inc['items.hatchingPotions.RoyalPurple'] += 1;
+    nextReward = 140;
+  }
+  if (user.loginIncentives >= 140) {
+    set['items.gear.owned.weapon_special_skeletonKey'] = true;
+    set['items.gear.owned.shield_special_lootBag'] = true;
+    nextReward = 145;
+  }
+  if (user.loginIncentives >= 145) {
+    inc['items.hatchingPotions.RoyalPurple'] += 1;
+    nextReward = 150;
+  }
+  if (user.loginIncentives >= 150) {
+    set['items.gear.owned.head_special_clandestineCowl'] = true;
+    set['items.gear.owned.armor_special_sneakthiefRobes'] = true;
+    nextReward = 155;
+  }
+  if (user.loginIncentives > 155) {
+    set.loginIncentives = 155;
+    nextReward = 160;
+  }
+
+  var push = {
+    'notifications': {
+      'type': 'LOGIN_INCENTIVE',
+      'data': {
+        'nextRewardAt': nextReward,
+        'rewardKey': [
+          'shop_armoire',
+        ],
+        'rewardText': common.i18n.t('checkInRewards', language),
+        'reward': [],
+        'message': common.i18n.t('backloggedCheckInRewards', language),
+      },
+      'id': common.uuid(),
+    }
+  };
+
+  dbUsers.update({_id: user._id}, {$set:set, $push:push, $inc:inc});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + user._id);
+  if (user._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' users processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;

migrations/20170616_achievements.js

@@ -0,0 +1,114 @@
+var migrationName = '20170616_achievements';
+var authorName = 'Sabe'; // in case script author needs to know when their ...
+var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
+
+/*
+ * Updates to achievements for June 16, 2017 biweekly merge
+ * 1. Multiply various collection quest achievements based on difficulty reduction
+ * 2. Award Joined Challenge achievement to those who should have it already
+ */
+
+import monk from 'monk';
+
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbUsers = monk(connectionString).get('users', { castIds: false });
+
+function processUsers(lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  var query = {
+    $or: [
+      {'achievements.quests.dilatoryDistress1': {$gt:0}},
+      {'achievements.quests.egg': {$gt:0}},
+      {'achievements.quests.goldenknight1': {$gt:0}},
+      {'achievements.quests.moonstone1': {$gt:0}},
+      {'achievements.quests.vice2': {$gt:0}},
+      {'achievements.challenges': {$exists: true, $ne: []}},
+      {'challenges': {$exists: true, $ne: []}},
+    ],
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [ // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+      'achievements',
+      'challenges',
+    ],
+  })
+  .then(updateUsers)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  var userPromises = users.map(updateUser);
+  var lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+  .then(function () {
+    processUsers(lastUser._id);
+  });
+}
+
+function updateUser (user) {
+  count++;
+  var set = {'migration': migrationName};
+
+  if (user.challenges.length > 0 || user.achievements.challenges.length > 0) {
+    set['achievements.joinedChallenge'] = true;
+  }
+  if (user.achievements.quests.dilatoryDistress1) {
+    set['achievements.quests.dilatoryDistress1'] = Math.ceil(user.achievements.quests.dilatoryDistress1 * 1.25);
+  }
+  if (user.achievements.quests.egg) {
+    set['achievements.quests.egg'] = Math.ceil(user.achievements.quests.egg * 2.5);
+  }
+  if (user.achievements.quests.goldenknight1) {
+    set['achievements.quests.goldenknight1'] = user.achievements.quests.goldenknight1 * 5;
+  }
+  if (user.achievements.quests.moonstone1) {
+    set['achievements.quests.moonstone1'] = user.achievements.quests.moonstone1 * 5;
+  }
+  if (user.achievements.quests.vice2) {
+    set['achievements.quests.vice2'] = Math.ceil(user.achievements.quests.vice2 * 1.5);
+  }
+
+  dbUsers.update({_id: user._id}, {$set:set});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + user._id);
+  if (user._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' users processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;

migrations/20170711_orcas.js

@@ -0,0 +1,90 @@
+var migrationName = '20170711_orcas.js';
+var authorName = 'Sabe'; // in case script author needs to know when their ...
+var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
+
+/*
+ * Award Orca pets to owners of Orca mount, and Orca mount to everyone else
+ */
+
+var monk = require('monk');
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbUsers = monk(connectionString).get('users', { castIds: false });
+
+function processUsers(lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  var query = {
+    'migration':{$ne:migrationName},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [
+      'items.mounts',
+    ] // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+  .then(updateUsers)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  var userPromises = users.map(updateUser);
+  var lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+  .then(function () {
+    processUsers(lastUser._id);
+  });
+}
+
+function updateUser (user) {
+  count++;
+
+  var set = {};
+
+  if (user.items.mounts['Orca-Base']) {
+    set = {'migration':migrationName, 'items.pets.Orca-Base': 5};
+  } else {
+    set = {'migration':migrationName, 'items.mounts.Orca-Base': true};
+  }
+
+  dbUsers.update({_id: user._id}, {$set:set});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + user._id);
+  if (user._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' users processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;

migrations/challenges/sync-all-challenges.js

@@ -0,0 +1,47 @@
+import Bluebird from 'Bluebird';
+
+import { model as Challenges } from '../../website/server/models/challenge';
+import { model as User } from '../../website/server/models/user';
+
+async function syncChallengeToMembers (challenges) {
+  let challengSyncPromises = challenges.map(async function (challenge) {
+    let users = await User.find({
+      // _id: '',
+      challenges: challenge._id,
+    }).exec();
+
+    let promises = [];
+    users.forEach(function (user) {
+      promises.push(challenge.syncToUser(user));
+      promises.push(challenge.save());
+      promises.push(user.save());
+    });
+
+    return Bluebird.all(promises);
+  });
+
+  return await Bluebird.all(challengSyncPromises);
+}
+
+async function syncChallenges (lastChallengeDate) {
+  let query = {
+    // _id: '',
+  };
+
+  if (lastChallengeDate) {
+    query.createdOn = { $lte: lastChallengeDate };
+  }
+
+  let challengesFound = await Challenges.find(query)
+    .limit(10)
+    .sort('-createdAt')
+    .exec();
+
+  let syncedChallenges = await syncChallengeToMembers(challengesFound)
+    .catch(reason => console.error(reason));
+  let lastChallenge = challengesFound[challengesFound.length - 1];
+  if (lastChallenge) syncChallenges(lastChallenge.createdAt);
+  return syncedChallenges;
+};
+
+module.exports = syncChallenges;

migrations/groups/add-unlimited-subscription.js

@@ -5,11 +5,12 @@ var authorUuid = ''; //... own data is done
 /*
  * This migrations will add a free subscription to a specified group
  */
+import moment from 'moment';
 
 import { model as Group } from '../../website/server/models/group';
 
 // @TODO: this should probably be a GroupManager library method
-async function addUnlimitedSubscription (groupId) {
+async function addUnlimitedSubscription (groupId, dateTerminated) {
     let group = await Group.findById(groupId);
 
     group.purchased.plan.customerId = "group-unlimited";
@@ -18,6 +19,10 @@ async function addUnlimitedSubscription (groupId) {
     group.purchased.plan.paymentMethod = "Group Unlimited";
     group.purchased.plan.planId = "group_monthly";
     group.purchased.plan.dateTerminated = null;
+    if (dateTerminated) {
+        let dateToEnd = moment(dateTerminated).toDate();
+        group.purchased.plan.dateTerminated = dateToEnd;
+    }
     // group.purchased.plan.owner = ObjectId();
     group.purchased.plan.subscriptionId = "";
 
@@ -29,5 +34,7 @@ module.exports = async function addUnlimitedSubscriptionCreator () {
 
     if (!groupId) throw Error('Group ID is required');
 
-    let result = await addUnlimitedSubscription(groupId)
+    let dateTerminated = process.argv[3];
+
+    let result = await addUnlimitedSubscription(groupId, dateTerminated);
 };

migrations/mystery_items.js

@@ -2,7 +2,7 @@ var _id = '';
 var update = {
   $addToSet: {
     'purchased.plan.mysteryItems':{
-      $each:['head_mystery_201703','armor_mystery_201703']
+      $each:['body_mystery_201706','back_mystery_201706']
     }
   }
 };

migrations/takeThis.js

@@ -1,4 +1,4 @@
-var migrationName = '20170201_takeThis.js'; // Update per month
+var migrationName = '20170502_takeThis.js'; // Update per month
 var authorName = 'Sabe'; // in case script author needs to know when their ...
 var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
 
@@ -14,7 +14,7 @@ function processUsers(lastId) {
   // specify a query to limit the affected users (empty for all users):
   var query = {
     'migration':{$ne:migrationName},
-    'challenges':{$in:['b1d436b5-c784-42e3-9b07-7072479a6f8e']} // Update per month
+    'challenges':{$in:['69999331-d4ea-45a0-8c3f-f725d22b56c8']} // Update per month
   };
 
   if (lastId) {

migrations/tasks/tasks-set-yesterdailies.js

@@ -0,0 +1,83 @@
+var migrationName = 'tasks-set-yesterdaily';
+var authorName = 'TheHollidayInn'; // in case script author needs to know when their ...
+var authorUuid = ''; //... own data is done
+
+/*
+ * Iterates over all tasks and sets the yseterDaily field to True
+ */
+
+import monk from 'monk';
+
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbTasks = monk(connectionString).get('tasks', { castIds: false });
+
+function processTasks(lastId) {
+  // specify a query to limit the affected tasks (empty for all tasks):
+  var query = {
+    yesterDaily: false,
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbTasks.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [ // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+    ],
+  })
+  .then(updateTasks)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateTasks (tasks) {
+  if (!tasks || tasks.length === 0) {
+    console.warn('All appropriate tasks found and modified.');
+    displayData();
+    return;
+  }
+
+  var taskPromises = tasks.map(updatetask);
+  var lasttask = tasks[tasks.length - 1];
+
+  return Promise.all(taskPromises)
+  .then(function () {
+    processtasks(lasttask._id);
+  });
+}
+
+function updatetask (task) {
+  count++;
+  var set = {'yesterDaily': true};
+
+  dbTasks.update({_id: task._id}, {$set:set});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + task._id);
+  if (task._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' tasks processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processtasks;

migrations/users/users-to-test.js

@@ -0,0 +1,109 @@
+var migrationName = 'UserFromProdToTest';
+var authorName = 'TheHollidayInn'; // in case script author needs to know when their ...
+var authorUuid = ''; //... own data is done
+
+/*
+ * This migraition will copy user data from prod to test
+ */
+
+var monk = require('monk');
+var testConnectionSting = ''; // FOR TEST DATABASE
+var usersTest = monk(testConnectionSting).get('users', { castIds: false });
+var groupsTest = monk(testConnectionSting).get('groups', { castIds: false });
+var challengesTest = monk(testConnectionSting).get('challenges', { castIds: false });
+var tasksTest = monk(testConnectionSting).get('tasks', { castIds: false });
+
+var monk2 = require('monk');
+var liveConnectString = ''; // FOR TEST DATABASE
+var userLive = monk2(liveConnectString).get('users', { castIds: false });
+var groupsLive = monk2(liveConnectString).get('groups', { castIds: false });
+var challengesLive = monk2(liveConnectString).get('challenges', { castIds: false });
+var tasksLive = monk2(liveConnectString).get('tasks', { castIds: false });
+
+import uniq from 'lodash/uniq';
+import Bluebird from 'bluebird';
+
+// Variabls for updating
+let userIds = [
+  '206039c6-24e4-4b9f-8a31-61cbb9aa3f66',
+];
+
+let groupIds = [];
+let challengeIds = [];
+let tasksIds = [];
+
+async function processUsers () {
+  let userPromises = [];
+  //{_id: {$in: userIds}}
+
+  return userLive.find({guilds: 'b0764d64-8276-45a1-afa5-5ca9a5c64ca0'})
+    .each((user, {close, pause, resume}) => {
+      if (user.guilds.length > 0) groupIds = groupIds.concat(user.guilds);
+      if (user.party._id) groupIds.push(user.party._id);
+      if (user.challenges.length > 0) challengeIds = challengeIds.concat(user.challenges);
+      if (user.tasksOrder.rewards.length > 0) tasksIds = tasksIds.concat(user.tasksOrder.rewards);
+      if (user.tasksOrder.todos.length > 0) tasksIds = tasksIds.concat(user.tasksOrder.todos);
+      if (user.tasksOrder.dailys.length > 0) tasksIds = tasksIds.concat(user.tasksOrder.dailys);
+      if (user.tasksOrder.habits.length > 0) tasksIds = tasksIds.concat(user.tasksOrder.habits);
+
+      let userPromise = usersTest.update({'_id': user._id}, user, {upsert:true});
+      userPromises.push(userPromise);
+    }).then(() => {
+      return Bluebird.all(userPromises);
+    })
+    .then(() => {
+      console.log("Done User");
+    });
+}
+
+function processGroups () {
+  let promises = [];
+  let groupsToQuery = uniq(groupIds);
+  return groupsLive.find({_id: {$in: groupsToQuery}})
+    .each((group, {close, pause, resume}) => {
+      let promise = groupsTest.update({_id: group._id}, group, {upsert:true});
+      promises.push(promise);
+    }).then(() => {
+      return Bluebird.all(promises);
+    })
+    .then(() => {
+      console.log("Done Group");
+    });
+}
+
+function processChallenges () {
+  let promises = [];
+  let challengesToQuery = uniq(challengeIds);
+  return challengesLive.find({_id: {$in: challengesToQuery}})
+    .each((challenge, {close, pause, resume}) => {
+      let promise = challengesTest.update({_id: challenge._id}, challenge, {upsert:true});
+      promises.push(promise);
+    }).then(() => {
+      return Bluebird.all(promises);
+    })
+    .then(() => {
+      console.log("Done Challenge");
+    });
+}
+
+function processTasks () {
+  let promises = [];
+  let tasksToQuery = uniq(tasksIds);
+  return tasksLive.find({_id: {$in: tasksToQuery}})
+    .each((task, {close, pause, resume}) => {
+      let promise = tasksTest.update({_id: task._id}, task, {upsert:true});
+      promises.push(promise);
+    }).then(() => {
+      return Bluebird.all(promises);
+    })
+    .then(() => {
+      console.log("Done Tasks");
+    });
+}
+
+module.exports = async function prodToTest () {
+  await processUsers();
+  await processGroups();
+  await processChallenges();
+  await processTasks();
+};

package.json

@@ -1,7 +1,7 @@
 {
   "name": "habitica",
   "description": "A habit tracker app which treats your goals like a Role Playing Game.",
-  "version": "3.82.0",
+  "version": "3.104.1",
   "main": "./website/server/index.js",
   "dependencies": {
     "@slack/client": "^3.8.1",
@@ -13,10 +13,12 @@
     "async": "^1.5.0",
     "autoprefixer": "^6.4.0",
     "aws-sdk": "^2.0.25",
-    "axios": "^0.15.3",
+    "axios": "^0.16.0",
     "babel-core": "^6.0.0",
+    "babel-eslint": "^7.2.3",
     "babel-loader": "^6.0.0",
     "babel-plugin-syntax-async-functions": "^6.13.0",
+    "babel-plugin-syntax-dynamic-import": "^6.18.0",
     "babel-plugin-transform-async-to-module-method": "^6.8.0",
     "babel-plugin-transform-object-rest-spread": "^6.16.0",
     "babel-plugin-transform-regenerator": "^6.16.1",
@@ -29,18 +31,20 @@
     "bluebird": "^3.3.5",
     "body-parser": "^1.15.0",
     "bootstrap": "^4.0.0-alpha.6",
+    "bootstrap-vue": "^0.16.1",
     "bower": "~1.3.12",
     "browserify": "~12.0.1",
     "compression": "^1.6.1",
     "connect-ratelimit": "0.0.7",
     "cookie-session": "^1.2.0",
     "coupon-code": "^0.4.5",
-    "css-loader": "^0.26.1",
+    "css-loader": "^0.28.0",
     "csv-stringify": "^1.0.2",
     "cwait": "^1.0.0",
     "domain-middleware": "~0.1.0",
     "estraverse": "^4.1.1",
     "express": "~4.14.0",
+    "express-basic-auth": "^1.0.1",
     "express-csv": "~0.6.0",
     "express-validator": "^2.18.0",
     "extract-text-webpack-plugin": "^2.0.0-rc.3",
@@ -55,7 +59,7 @@
     "grunt-contrib-stylus": "~0.20.0",
     "grunt-contrib-uglify": "~0.6.0",
     "grunt-contrib-watch": "~0.6.1",
-    "grunt-hashres": "~0.4.1",
+    "grunt-hashres": "habitrpg/grunt-hashres#v0.4.2",
     "gulp": "^3.9.0",
     "gulp-babel": "^6.1.2",
     "gulp-grunt": "^0.5.2",
@@ -65,6 +69,7 @@
     "gulp-uglify": "^1.4.2",
     "gulp.spritesmith": "^4.1.0",
     "habitica-markdown": "^1.3.0",
+    "hellojs": "^1.15.1",
     "html-webpack-plugin": "^2.8.1",
     "image-size": "~0.3.2",
     "in-app-purchase": "^1.1.6",
@@ -95,7 +100,7 @@
     "postcss-easy-import": "^2.0.0",
     "pretty-data": "^0.40.0",
     "ps-tree": "^1.0.0",
-    "pug": "^2.0.0-beta11",
+    "pug": "^2.0.0-beta.12",
     "push-notify": "habitrpg/push-notify#v1.2.0",
     "pusher": "^1.3.0",
     "request": "~2.74.0",
@@ -107,6 +112,9 @@
     "shelljs": "^0.7.6",
     "stripe": "^4.2.0",
     "superagent": "^3.4.3",
+    "svg-inline-loader": "^0.7.1",
+    "svg-url-loader": "^2.0.2",
+    "svgo-loader": "^1.2.1",
     "universal-analytics": "~0.3.2",
     "url-loader": "^0.5.7",
     "useragent": "^2.1.9",
@@ -118,11 +126,12 @@
     "vue-loader": "^11.0.0",
     "vue-mugen-scroll": "^0.2.1",
     "vue-router": "^2.0.0-rc.5",
-    "vue-style-loader": "^2.0.0",
+    "vue-style-loader": "^3.0.0",
     "vue-template-compiler": "^2.1.10",
     "webpack": "^2.2.1",
-    "webpack-merge": "^2.6.1",
+    "webpack-merge": "^4.0.0",
     "winston": "^2.1.0",
+    "winston-loggly-bulk": "^1.4.2",
     "xml2js": "^0.4.4"
   },
   "private": true,
@@ -132,15 +141,15 @@
   },
   "scripts": {
     "lint": "eslint --ext .js,.vue .",
-    "test": "npm run lint && gulp test && npm run client:unit",
+    "test": "npm run lint && gulp test && npm run client:unit && gulp apidoc",
     "test:build": "gulp test:prepare:build",
     "test:api-v3": "gulp test:api-v3",
     "test:api-v3:unit": "gulp test:api-v3:unit",
     "test:api-v3:integration": "gulp test:api-v3:integration",
     "test:api-v3:integration:separate-server": "NODE_ENV=test gulp test:api-v3:integration:separate-server",
-    "test:sanity": "mocha test/sanity --recursive",
-    "test:common": "mocha test/common --recursive",
-    "test:content": "mocha test/content --recursive",
+    "test:sanity": "istanbul cover --dir coverage/sanity --report lcovonly node_modules/mocha/bin/_mocha -- test/sanity --recursive",
+    "test:common": "istanbul cover --dir coverage/common --report lcovonly node_modules/mocha/bin/_mocha -- test/common --recursive",
+    "test:content": "istanbul cover --dir coverage/content --report lcovonly node_modules/mocha/bin/_mocha -- test/content --recursive",
     "test:karma": "karma start test/client-old/spec/karma.conf.js --single-run",
     "test:karma:watch": "karma start test/client-old/spec/karma.conf.js",
     "test:prepare:webdriver": "webdriver-manager update",
@@ -149,14 +158,15 @@
     "test:nodemon": "gulp test:nodemon",
     "coverage": "COVERAGE=true mocha --require register-handlers.js --reporter html-cov > coverage.html; open coverage.html",
     "sprites": "gulp sprites:compile",
-    "client:dev": "node webpack/dev-server.js",
-    "client:build": "node webpack/build.js",
+    "client:dev": "gulp bootstrap && node webpack/dev-server.js",
+    "client:build": "gulp bootstrap && node webpack/build.js",
     "client:unit": "cross-env NODE_ENV=test karma start test/client/unit/karma.conf.js --single-run",
     "client:unit:watch": "cross-env NODE_ENV=test karma start test/client/unit/karma.conf.js",
     "client:e2e": "node test/client/e2e/runner.js",
     "client:test": "npm run client:unit && npm run client:e2e",
     "start": "gulp run:dev",
-    "postinstall": "bower --config.interactive=false install -f; gulp build; npm run client:build"
+    "postinstall": "bower --config.interactive=false install -f && gulp build && npm run client:build",
+    "apidoc": "gulp apidoc"
   },
   "devDependencies": {
     "babel-plugin-istanbul": "^4.0.0",
@@ -166,7 +176,7 @@
     "chromedriver": "^2.27.2",
     "connect-history-api-fallback": "^1.1.0",
     "coveralls": "^2.11.2",
-    "cross-env": "^3.1.4",
+    "cross-env": "^4.0.0",
     "cross-spawn": "^5.0.1",
     "csv": "~0.3.6",
     "deep-diff": "~0.1.4",
@@ -182,7 +192,7 @@
     "grunt-karma": "~0.12.1",
     "http-proxy-middleware": "^0.17.0",
     "inject-loader": "^3.0.0-beta4",
-    "istanbul": "^0.3.14",
+    "istanbul": "^1.1.0-alpha.1",
     "karma": "^1.3.0",
     "karma-babel-preprocessor": "^6.0.1",
     "karma-chai-plugins": "~0.6.0",
@@ -190,20 +200,21 @@
     "karma-mocha": "^0.2.0",
     "karma-mocha-reporter": "^1.1.1",
     "karma-phantomjs-launcher": "^1.0.0",
-    "karma-sinon-chai": "^1.2.0",
+    "karma-sinon-chai": "~1.2.0",
     "karma-sinon-stub-promise": "^1.0.0",
     "karma-sourcemap-loader": "^0.3.7",
     "karma-spec-reporter": "0.0.24",
     "karma-webpack": "^2.0.2",
     "lcov-result-merger": "^1.0.2",
     "lolex": "^1.4.0",
-    "mocha": "^2.3.3",
+    "mocha": "^3.2.0",
     "mongodb": "^2.0.46",
     "mongoskin": "~2.1.0",
     "monk": "^4.0.0",
     "nightwatch": "^0.9.12",
     "phantomjs-prebuilt": "^2.1.12",
     "protractor": "^3.1.1",
+    "raw-loader": "^0.5.1",
     "require-again": "^2.0.0",
     "rewire": "^2.3.3",
     "selenium-server": "^3.0.1",

scripts/paypalBillingSetup.js

@@ -1,3 +1,5 @@
+require("babel-register");
+require("babel-polyfill");
 // This file is used for creating paypal billing plans. PayPal doesn't have a web interface for setting up recurring
 // payment plan definitions, instead you have to create it via their REST SDK and keep it updated the same way. So this
 // file will be used once for initing your billing plan (then you get the resultant plan.id to store in config.json),
@@ -7,10 +9,10 @@ var path = require('path');
 var nconf = require('nconf');
 var _ = require('lodash');
 var paypal = require('paypal-rest-sdk');
-var blocks = require('../../../../common').content.subscriptionBlocks;
+var blocks = require('../website/common').content.subscriptionBlocks;
 var live = nconf.get('PAYPAL:mode')=='live';
 
-nconf.argv().env().file('user', path.join(path.resolve(__dirname, '../../../config.json')));
+nconf.argv().env().file('user', path.join(path.resolve(__dirname, '../config.json')));
 
 var OP = 'create'; // list create update remove
 
@@ -49,6 +51,8 @@ _.each(blocks, function(block){
   });
 })
 
+// @TODO: Add cli library for this
+
 switch(OP) {
   case "list":
     paypal.billingPlan.list({status: 'ACTIVE'}, function(err, plans){
@@ -91,4 +95,17 @@ switch(OP) {
     });
     break;
   case "remove": break;
+
+  case 'create-webprofile':
+    let webexpinfo = {
+      "name": "HabiticaProfile",
+      "input_fields": {
+        "no_shipping": 1,
+      },
+    };
+
+    paypal.webProfile.create(webexpinfo, (error, result) => {
+      console.log(error, result)
+    })
+    break;
 }

test/README.md

@@ -0,0 +1 @@
+For information about writing and running tests, see [Using Your Local Install to Modify Habitica's Website and API](http://habitica.wikia.com/wiki/Using_Your_Local_Install_to_Modify_Habitica%27s_Website_and_API).

test/api/README.md

@@ -1,123 +0,0 @@
-# So you want to write API integration tests?
-
-@TODO rewrite
-
-That's great! This README will serve as a quick primer for style conventions and practices for these tests.
-
-## What is this?
-
-These are integration tests for the Habitica API. They are performed by making HTTP requests to the API's endpoints and asserting on the data that is returned.
-
-If the javascript looks weird to you, that's because it's written in [ES2015](http://www.ecma-international.org/ecma-262/6.0/) and transpiled by [Babel](https://babeljs.io/docs/learn-es2015/).
-
-## How to run the tests
-
-First, install gulp.
-
-```bash
-$ npm install -g gulp
-```
-
-To run the api tests, make sure the mongo db is up and running and then type this on the command line:
-
-```bash
-$ gulp test:api-v2
-```
-
-It may take a little while to get going, since it requires the web server to start up before the tests can run.
-
-You can also run a watch command for the api tests. This will allow the tests to re-run automatically when you make changes in the `/test/api/v2/`.
-
-```bash
-$ gulp test:api-v2:watch
-```
-
-One caveat. If you have a severe syntax error in your files, the tests may fail to run, but they won't alert you that they are not running. If you ever find your test hanging for a while, run this to get the stackstrace. Once you've fixed the problem, you can resume running the watch comand.
-
-```bash
-$ gulp test:api:safe
-```
-
-If you'd like to run the tests individually and inspect the output from the server, in one pane you can run:
-
-```bash
-$ gulp test:nodemon
-```
-
-And run your tests in another pane:
-
-```bash
-$ mocha path/to/file.js
-
-# Mark a test with the `.only` attribute
-$ mocha
-```
-
-## Structure
-
-Each top level route has it's own directory. So, all the routes that begin with `/groups/` live in `/test/api/groups/`.
-
-Each test should:
-
-  * encompase a single route
-  * begin with the REST parameter for the route
-  * display the full name of the route, swapping out `/` for `_`
-  * end with test.js
-
-So, for the `POST` route `/groups/:id/leave`, it would be
-
-```bash
-POST-groups_id_leave.test.js
-```
-
-## Promises
-
-To mitigate [callback hell](http://callbackhell.com/) :imp:, we've written a helper method to generate a user object that can make http requests that [return promises](https://babeljs.io/docs/learn-es2015/#promises).  This makes it very easy to chain together commands. All you need to do to make a subsequent request is return another promise and then call `.then((result) => {})` on the surrounding block, like so:
-
-```js
-it('does something', () => {
-  let user;
-
-  return generateUser().then((_user) => { // We return the initial promise so this test can be run asyncronously
-    user = _user;
-
-    return user.post('/groups', {
-      type: 'party',
-    });
-  }).then((party) => { // the result of the promise above is the argument of the function
-    return user.put(`/groups/${party._id}`, {
-      name: 'My party',
-    });
-  }).then((result) => {
-    return user.get('/groups/party');
-  }).then((party) => {
-    expect(party.name).to.eql('My party');
-  });
-});
-```
-
-If the test is simple, you can use the [chai-as-promised](http://chaijs.com/plugins/chai-as-promised) `return expect(somePromise).to.eventually` syntax to make your assertion.
-
-```js
-it('makes the party creator the leader automatically', () => {
-  return expect(user.post('/groups', {
-    type: 'party',
-  })).to.eventually.have.deep.property('leader._id', user._id);
-});
-```
-
-If the test is checking that the request returns an error, use the `.eventually.be.rejected.and.eql` syntax.
-
-```js
-it('returns an error', () => {
-  return expect(user.get('/groups/id-of-a-party-that-user-does-not-belong-to'))
-    .to.eventually.be.rejected.and.eql({
-      code: 404,
-      text: t('messageGroupNotFound'),
-    });
-});
-```
-
-## Questions?
-
-Ask in the [Aspiring Coder's Guild](https://habitica.com/#/options/groups/guilds/68d4a01e-db97-4786-8ee3-05d612c5af6f)!

test/api/v3/README.md

@@ -1,4 +0,0 @@
-# How to run tests:
-
-1. `npm test` is equivalent to `gulp test:api-v3` which will run, in order, `gulp lint`, `gulp test:api-v3:unit` and `gulp test:api-v3:integration`. If one of these fails, the whole `npm test` command blocks and fails.  Each of these commands can also be run as a standalone command. 
-2. To run the server and the integrations tests in two different terminals (to better inspect the output in the server) run `npm start` in one and `npm test:api-v3:integration:separate-server` in the other

test/api/v3/integration/challenges/POST-challenges.test.js

@@ -304,5 +304,15 @@ describe('POST /challenges', () => {
 
       await expect(groupLeader.sync()).to.eventually.have.property('challenges').to.include(challenge._id);
     });
+
+    it('awards achievement if this is creator\'s first challenge', async () => {
+      await groupLeader.post('/challenges', {
+        group: group._id,
+        name: 'Test Challenge',
+        shortName: 'TC Label',
+      });
+      groupLeader = await groupLeader.sync();
+      expect(groupLeader.achievements.joinedChallenge).to.be.true;
+    });
   });
 });

test/api/v3/integration/challenges/POST-challenges_challengeId_join.test.js

@@ -123,5 +123,12 @@ describe('POST /challenges/:challengeId/join', () => {
 
       await expect(authorizedUser.get('/tags')).to.eventually.have.length(userTagsLength + 1);
     });
+
+    it('awards achievement if this is user\'s first challenge', async () => {
+      await authorizedUser.post(`/challenges/${challenge._id}/join`);
+
+      await authorizedUser.sync();
+      expect(authorizedUser.achievements.joinedChallenge).to.be.true;
+    });
   });
 });

test/api/v3/integration/challenges/POST-challenges_challengeId_winner_winnerId.test.js

@@ -100,8 +100,8 @@ describe('POST /challenges/:challengeId/winner/:winnerId', () => {
       await sleep(0.5);
 
       await expect(winningUser.sync()).to.eventually.have.deep.property('achievements.challenges').to.include(challenge.name);
-      expect(winningUser.notifications.length).to.equal(1);
-      expect(winningUser.notifications[0].type).to.equal('WON_CHALLENGE');
+      expect(winningUser.notifications.length).to.equal(2); // 2 because winningUser just joined the challenge, which now awards an achievement
+      expect(winningUser.notifications[1].type).to.equal('WON_CHALLENGE');
     });
 
     it('gives winner gems as reward', async () => {
@@ -114,6 +114,26 @@ describe('POST /challenges/:challengeId/winner/:winnerId', () => {
       await expect(winningUser.sync()).to.eventually.have.property('balance', oldBalance + challenge.prize / 4);
     });
 
+    it('doesn\'t gives winner gems if group policy prevents it', async () => {
+      let oldBalance = winningUser.balance;
+      let oldLeaderBalance = (await groupLeader.sync()).balance;
+
+      await winningUser.update({
+        'purchased.plan.customerId': 'group-plan',
+      });
+      await group.update({
+        'leaderOnly.getGems': true,
+        'purchased.plan.customerId': 123,
+      });
+
+      await groupLeader.post(`/challenges/${challenge._id}/selectWinner/${winningUser._id}`);
+
+      await sleep(0.5);
+
+      await expect(winningUser.sync()).to.eventually.have.property('balance', oldBalance);
+      await expect(groupLeader.sync()).to.eventually.have.property('balance', oldLeaderBalance + challenge.prize / 4);
+    });
+
     it('doesn\'t refund gems to group leader', async () => {
       let oldBalance = (await groupLeader.sync()).balance;
 

test/api/v3/integration/chat/POST-chat.flag.test.js

@@ -84,6 +84,10 @@ describe('POST /chat/:chatId/flag', () => {
       type: 'party',
       privacy: 'private',
     });
+    await user.post(`/groups/${privateGroup._id}/invite`, {
+      uuids: [anotherUser._id],
+    });
+    await anotherUser.post(`/groups/${privateGroup._id}/join`);
     let { message } = await user.post(`/groups/${privateGroup._id}/chat`, {message: TEST_MESSAGE});
 
     let flagResult = await admin.post(`/groups/${privateGroup._id}/chat/${message.id}/flag`);
@@ -91,7 +95,7 @@ describe('POST /chat/:chatId/flag', () => {
     expect(flagResult.flags[admin._id]).to.equal(true);
     expect(flagResult.flagCount).to.equal(5);
 
-    let groupWithFlags = await user.get(`/groups/${privateGroup._id}`);
+    let groupWithFlags = await anotherUser.get(`/groups/${privateGroup._id}`);
     let messageToCheck = find(groupWithFlags.chat, {id: message.id});
 
     expect(messageToCheck).to.not.exist;
@@ -125,4 +129,20 @@ describe('POST /chat/:chatId/flag', () => {
         message: t('messageGroupChatFlagAlreadyReported'),
       });
   });
+
+  it('shows a hidden message to the original poster', async () => {
+    let { message } = await user.post(`/groups/${group._id}/chat`, {message: TEST_MESSAGE});
+
+    await admin.post(`/groups/${group._id}/chat/${message.id}/flag`);
+
+    let groupWithFlags = await user.get(`/groups/${group._id}`);
+    let messageToCheck = find(groupWithFlags.chat, {id: message.id});
+
+    expect(messageToCheck).to.exist;
+
+    let auGroupWithFlags = await anotherUser.get(`/groups/${group._id}`);
+    let auMessageToCheck = find(auGroupWithFlags.chat, {id: message.id});
+
+    expect(auMessageToCheck).to.not.exist;
+  });
 });

test/api/v3/integration/chat/POST-chat.test.js

@@ -4,11 +4,17 @@ import {
   sleep,
   server,
 } from '../../../../helpers/api-v3-integration.helper';
+import {
+  SPAM_MESSAGE_LIMIT,
+  SPAM_MIN_EXEMPT_CONTRIB_LEVEL,
+  TAVERN_ID,
+} from '../../../../../website/server/models/group';
 import { v4 as generateUUID } from 'uuid';
 
 describe('POST /chat', () => {
-  let user, groupWithChat, userWithChatRevoked, member;
+  let user, groupWithChat, member, additionalMember;
   let testMessage = 'Test Message';
+  let testBannedWordMessage = 'TEST_PLACEHOLDER_SWEAR_WORD_HERE';
 
   before(async () => {
     let { group, groupLeader, members } = await createAndPopulateGroup({
@@ -22,8 +28,8 @@ describe('POST /chat', () => {
 
     user = groupLeader;
     groupWithChat = group;
-    userWithChatRevoked = await members[0].update({'flags.chatRevoked': true});
     member = members[0];
+    additionalMember = members[1];
   });
 
   it('Returns an error when no message is provided', async () => {
@@ -62,10 +68,101 @@ describe('POST /chat', () => {
   });
 
   it('returns an error when chat privileges are revoked when sending a message to a public guild', async () => {
+    let userWithChatRevoked = await member.update({'flags.chatRevoked': true});
     await expect(userWithChatRevoked.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage})).to.eventually.be.rejected.and.eql({
-      code: 404,
-      error: 'NotFound',
-      message: 'Your chat privileges have been revoked.',
+      code: 401,
+      error: 'NotAuthorized',
+      message: t('chatPrivilegesRevoked'),
+    });
+  });
+
+  context('banned word', () => {
+    it('returns an error when chat message contains a banned word in tavern', async () => {
+      await expect(user.post('/groups/habitrpg/chat', { message: testBannedWordMessage}))
+      .to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('bannedWordUsed'),
+      });
+    });
+
+    it('errors when word is part of a phrase', async () => {
+      let wordInPhrase = `phrase ${testBannedWordMessage} end`;
+      await expect(user.post('/groups/habitrpg/chat', { message: wordInPhrase}))
+      .to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('bannedWordUsed'),
+      });
+    });
+
+    it('errors when word is surrounded by non alphabet characters', async () => {
+      let wordInPhrase = `_!${testBannedWordMessage}@_`;
+      await expect(user.post('/groups/habitrpg/chat', { message: wordInPhrase}))
+      .to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('bannedWordUsed'),
+      });
+    });
+
+    it('does not error when bad word is suffix of a word', async () => {
+      let wordAsSuffix = `prefix${testBannedWordMessage}`;
+      let message = await user.post('/groups/habitrpg/chat', { message: wordAsSuffix});
+
+      expect(message.message.id).to.exist;
+    });
+
+    it('does not error when bad word is prefix of a word', async () => {
+      let wordAsPrefix = `${testBannedWordMessage}suffix`;
+      let message = await user.post('/groups/habitrpg/chat', { message: wordAsPrefix});
+
+      expect(message.message.id).to.exist;
+    });
+
+    it('does not error when sending a chat message containing a banned word to a party', async () => {
+      let { group, members } = await createAndPopulateGroup({
+        groupDetails: {
+          name: 'Party',
+          type: 'party',
+          privacy: 'private',
+        },
+        members: 1,
+      });
+
+      let message = await members[0].post(`/groups/${group._id}/chat`, { message: testBannedWordMessage});
+
+      expect(message.message.id).to.exist;
+    });
+
+    it('does not error when sending a chat message containing a banned word to a public guild', async () => {
+      let { group, members } = await createAndPopulateGroup({
+        groupDetails: {
+          name: 'public guild',
+          type: 'guild',
+          privacy: 'public',
+        },
+        members: 1,
+      });
+
+      let message = await members[0].post(`/groups/${group._id}/chat`, { message: testBannedWordMessage});
+
+      expect(message.message.id).to.exist;
+    });
+
+    it('does not error when sending a chat message containing a banned word to a private guild', async () => {
+      let { group, members } = await createAndPopulateGroup({
+        groupDetails: {
+          name: 'private guild',
+          type: 'guild',
+          privacy: 'private',
+        },
+        members: 1,
+      });
+
+      let message = await members[0].post(`/groups/${group._id}/chat`, { message: testBannedWordMessage});
+
+      expect(message.message.id).to.exist;
     });
   });
 
@@ -173,4 +270,30 @@ describe('POST /chat', () => {
     expect(message.message.id).to.exist;
     expect(memberWithNotification.newMessages[`${group._id}`]).to.exist;
   });
+
+  context('Spam prevention', () => {
+    it('Returns an error when the user has been posting too many messages', async () => {
+      // Post as many messages are needed to reach the spam limit
+      for (let i = 0; i < SPAM_MESSAGE_LIMIT; i++) {
+        let result = await additionalMember.post(`/groups/${TAVERN_ID}/chat`, { message: testMessage }); // eslint-disable-line no-await-in-loop
+        expect(result.message.id).to.exist;
+      }
+
+      await expect(additionalMember.post(`/groups/${TAVERN_ID}/chat`, { message: testMessage })).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('messageGroupChatSpam'),
+      });
+    });
+
+    it('contributor should not receive spam alert', async () => {
+      let userSocialite = await member.update({'contributor.level': SPAM_MIN_EXEMPT_CONTRIB_LEVEL, 'flags.chatRevoked': false});
+
+      // Post 1 more message than the spam limit to ensure they do not reach the limit
+      for (let i = 0; i < SPAM_MESSAGE_LIMIT + 1; i++) {
+        let result = await userSocialite.post(`/groups/${TAVERN_ID}/chat`, { message: testMessage }); // eslint-disable-line no-await-in-loop
+        expect(result.message.id).to.exist;
+      }
+    });
+  });
 });

test/api/v3/integration/groups/GET-groups_groupId_invites.test.js

@@ -63,15 +63,17 @@ describe('GET /groups/:groupId/invites', () => {
   });
 
   it('returns only first 30 invites', async () => {
-    let group = await generateGroup(user, {type: 'party', name: generateUUID()});
+    let leader = await generateUser({balance: 4});
+    let group = await generateGroup(leader, {type: 'guild', privacy: 'public', name: generateUUID()});
+
     let invitesToGenerate = [];
     for (let i = 0; i < 31; i++) {
       invitesToGenerate.push(generateUser());
     }
     let generatedInvites = await Promise.all(invitesToGenerate);
-    await user.post(`/groups/${group._id}/invite`, {uuids: generatedInvites.map(invite => invite._id)});
+    await leader.post(`/groups/${group._id}/invite`, {uuids: generatedInvites.map(invite => invite._id)});
 
-    let res = await user.get('/groups/party/invites');
+    let res = await leader.get(`/groups/${group._id}/invites`);
     expect(res.length).to.equal(30);
     res.forEach(member => {
       expect(member).to.have.all.keys(['_id', 'id', 'profile']);

test/api/v3/integration/groups/POST-group_remove_manager.test.js

@@ -0,0 +1,93 @@
+import {
+  createAndPopulateGroup,
+  translate as t,
+} from '../../../../helpers/api-v3-integration.helper';
+import { find } from 'lodash';
+
+describe('POST /group/:groupId/remove-manager', () => {
+  let leader, nonLeader, groupToUpdate;
+  let groupName = 'Test Public Guild';
+  let groupType = 'guild';
+  let nonManager;
+
+  function findAssignedTask (memberTask) {
+    return memberTask.group.id === groupToUpdate._id;
+  }
+
+  beforeEach(async () => {
+    let { group, groupLeader, members } = await createAndPopulateGroup({
+      groupDetails: {
+        name: groupName,
+        type: groupType,
+        privacy: 'public',
+      },
+      members: 1,
+    });
+
+    groupToUpdate = group;
+    leader = groupLeader;
+    nonLeader = members[0];
+    nonManager = members[0];
+  });
+
+  it('returns an error when a non group leader tries to add member', async () => {
+    await expect(nonLeader.post(`/groups/${groupToUpdate._id}/remove-manager`, {
+      managerId: nonLeader._id,
+    })).to.eventually.be.rejected.and.eql({
+      code: 401,
+      error: 'NotAuthorized',
+      message: t('messageGroupOnlyLeaderCanUpdate'),
+    });
+  });
+
+  it('returns an error when manager does not exist', async () => {
+    await expect(leader.post(`/groups/${groupToUpdate._id}/remove-manager`, {
+      managerId: nonManager._id,
+    })).to.eventually.be.rejected.and.eql({
+      code: 401,
+      error: 'NotAuthorized',
+      message: t('userIsNotManager'),
+    });
+  });
+
+  it('allows a leader to remove managers', async () => {
+    await leader.post(`/groups/${groupToUpdate._id}/add-manager`, {
+      managerId: nonLeader._id,
+    });
+
+    let updatedGroup = await leader.post(`/groups/${groupToUpdate._id}/remove-manager`, {
+      managerId: nonLeader._id,
+    });
+
+    expect(updatedGroup.managers[nonLeader._id]).to.not.exist;
+  });
+
+  it('removes group approval notifications from a manager that is removed', async () => {
+    await leader.post(`/groups/${groupToUpdate._id}/add-manager`, {
+      managerId: nonLeader._id,
+    });
+    let task = await leader.post(`/tasks/group/${groupToUpdate._id}`, {
+      text: 'test todo',
+      type: 'todo',
+      requiresApproval: true,
+    });
+    await nonLeader.post(`/tasks/${task._id}/assign/${leader._id}`);
+    let memberTasks = await leader.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+    await expect(leader.post(`/tasks/${syncedTask._id}/score/up`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('taskApprovalHasBeenRequested'),
+      });
+
+    let updatedGroup = await leader.post(`/groups/${groupToUpdate._id}/remove-manager`, {
+      managerId: nonLeader._id,
+    });
+
+    await nonLeader.sync();
+
+    expect(nonLeader.notifications.length).to.equal(0);
+    expect(updatedGroup.managers[nonLeader._id]).to.not.exist;
+  });
+});

test/api/v3/integration/groups/POST-groups.test.js

@@ -74,6 +74,18 @@ describe('POST /group', () => {
       expect(updatedUser.guilds).to.include(guild._id);
     });
 
+    it('awards the Joined Guild achievement', async () => {
+      await user.post('/groups', {
+        name: 'some guild',
+        type: 'guild',
+        privacy: 'public',
+      });
+
+      let updatedUser = await user.get('/user');
+
+      expect(updatedUser.achievements.joinedGuild).to.eql(true);
+    });
+
     context('public guild', () => {
       it('creates a group', async () => {
         let groupName = 'Test Public Guild';

test/api/v3/integration/groups/POST-groups_groupId_join.test.js

@@ -68,6 +68,12 @@ describe('POST /group/:groupId/join', () => {
 
       await expect(joiningUser.get(`/groups/${publicGuild._id}`)).to.eventually.have.property('memberCount', oldMemberCount + 1);
     });
+
+    it('awards Joined Guild achievement', async () => {
+      await joiningUser.post(`/groups/${publicGuild._id}/join`);
+
+      await expect(joiningUser.get('/user')).to.eventually.have.deep.property('achievements.joinedGuild', true);
+    });
   });
 
   context('Joining a private guild', () => {
@@ -147,8 +153,14 @@ describe('POST /group/:groupId/join', () => {
           }),
         };
 
-        expect(inviter.notifications[0].type).to.eql('GROUP_INVITE_ACCEPTED');
-        expect(inviter.notifications[0].data).to.eql(expectedData);
+        expect(inviter.notifications[1].type).to.eql('GROUP_INVITE_ACCEPTED');
+        expect(inviter.notifications[1].data).to.eql(expectedData);
+      });
+
+      it('awards Joined Guild achievement', async () => {
+        await invitedUser.post(`/groups/${guild._id}/join`);
+
+        await expect(invitedUser.get('/user')).to.eventually.have.deep.property('achievements.joinedGuild', true);
       });
     });
   });

test/api/v3/integration/groups/POST-groups_id_removeMember.test.js

@@ -11,6 +11,7 @@ describe('POST /groups/:groupId/removeMember/:memberId', () => {
   let guild;
   let member;
   let member2;
+  let adminUser;
 
   beforeEach(async () => {
     let { group, groupLeader, invitees, members } = await createAndPopulateGroup({
@@ -28,6 +29,7 @@ describe('POST /groups/:groupId/removeMember/:memberId', () => {
     invitedUser = invitees[0];
     member = members[0];
     member2 = members[1];
+    adminUser = await generateUser({ 'contributor.admin': true });
   });
 
   context('All Groups', () => {
@@ -42,7 +44,7 @@ describe('POST /groups/:groupId/removeMember/:memberId', () => {
         });
     });
 
-    it('returns an error when user is a non-leader member of a group', async () => {
+    it('returns an error when user is a non-leader member of a group and not an admin', async () => {
       expect(member2.post(`/groups/${guild._id}/removeMember/${member._id}`))
         .to.eventually.be.rejected.and.eql({
           code: 401,
@@ -87,7 +89,30 @@ describe('POST /groups/:groupId/removeMember/:memberId', () => {
 
       let invitedUserWithoutInvite = await invitedUser.get('/user');
 
-      expect(_.findIndex(invitedUserWithoutInvite.invitations.guilds, {id: guild._id})).eql(-1);
+      expect(_.findIndex(invitedUserWithoutInvite.invitations.guilds, { id: guild._id })).eql(-1);
+    });
+
+    it('allows an admin to remove other members', async () => {
+      await adminUser.post(`/groups/${guild._id}/removeMember/${member._id}`);
+      let memberRemoved = await member.get('/user');
+
+      expect(memberRemoved.guilds.indexOf(guild._id)).eql(-1);
+    });
+
+    it('allows an admin to remove other invites', async () => {
+      await adminUser.post(`/groups/${guild._id}/removeMember/${invitedUser._id}`);
+
+      let invitedUserWithoutInvite = await invitedUser.get('/user');
+
+      expect(_.findIndex(invitedUserWithoutInvite.invitations.guilds, { id: guild._id })).eql(-1);
+    });
+
+    it('does not allow an admin to remove a leader', async () => {
+      expect(adminUser.post(`/groups/${guild._id}/removeMember/${leader._id}`))
+        .to.eventually.be.rejected.and.eql({
+          code: 401,
+          text: t('cannotRemoveCurrentLeader'),
+        });
     });
 
     it('sends email to user with rescinded invite', async () => {

test/api/v3/integration/groups/POST-groups_invite.test.js

@@ -4,8 +4,11 @@ import {
   translate as t,
 } from '../../../../helpers/api-v3-integration.helper';
 import { v4 as generateUUID } from 'uuid';
+import nconf from 'nconf';
 
 const INVITES_LIMIT = 100;
+const PARTY_LIMIT_MEMBERS = 30;
+const MAX_EMAIL_INVITES_BY_USER = 200;
 
 describe('Post /groups/:groupId/invite', () => {
   let inviter;
@@ -204,13 +207,37 @@ describe('Post /groups/:groupId/invite', () => {
       });
     });
 
+    it('returns an error when a user has sent the max number of email invites', async () => {
+      let inviterWithMax = await generateUser({
+        invitesSent: MAX_EMAIL_INVITES_BY_USER,
+        balance: 4,
+      });
+      let tmpGroup = await inviterWithMax.post('/groups', {
+        name: groupName,
+        type: 'guild',
+      });
+
+      await expect(inviterWithMax.post(`/groups/${tmpGroup._id}/invite`, {
+        emails: [testInvite],
+        inviter: 'inviter name',
+      }))
+      .to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('inviteLimitReached', {techAssistanceEmail: nconf.get('EMAILS:TECH_ASSISTANCE_EMAIL')}),
+      });
+    });
+
     it('invites a user to a group by email', async () => {
       let res = await inviter.post(`/groups/${group._id}/invite`, {
         emails: [testInvite],
         inviter: 'inviter name',
       });
 
+      let updatedUser = await inviter.sync();
+
       expect(res).to.exist;
+      expect(updatedUser.invitesSent).to.eql(1);
     });
 
     it('invites multiple users to a group by email', async () => {
@@ -218,7 +245,10 @@ describe('Post /groups/:groupId/invite', () => {
         emails: [testInvite, {name: 'test2', email: 'test2@habitica.com'}],
       });
 
+      let updatedUser = await inviter.sync();
+
       expect(res).to.exist;
+      expect(updatedUser.invitesSent).to.eql(2);
     });
   });
 
@@ -321,6 +351,19 @@ describe('Post /groups/:groupId/invite', () => {
       });
     });
 
+    it('allows 30+ members in a guild', async () => {
+      let invitesToGenerate = [];
+      // Generate 30 users to invite (30 + leader = 31 members)
+      for (let i = 0; i < PARTY_LIMIT_MEMBERS; i++) {
+        invitesToGenerate.push(generateUser());
+      }
+      let generatedInvites = await Promise.all(invitesToGenerate);
+      // Invite users
+      expect(await inviter.post(`/groups/${group._id}/invite`, {
+        uuids: generatedInvites.map(invite => invite._id),
+      })).to.be.an('array');
+    });
+
     // @TODO: Add this after we are able to mock the group plan route
     xit('returns an error when a non-leader invites to a group plan', async () => {
       let userToInvite = await generateUser();
@@ -410,5 +453,36 @@ describe('Post /groups/:groupId/invite', () => {
       });
       expect((await userToInvite.get('/user')).invitations.party.id).to.equal(party._id);
     });
+
+    it('allows 30 members in a party', async () => {
+      let invitesToGenerate = [];
+      // Generate 29 users to invite (29 + leader = 30 members)
+      for (let i = 0; i < PARTY_LIMIT_MEMBERS - 1; i++) {
+        invitesToGenerate.push(generateUser());
+      }
+      let generatedInvites = await Promise.all(invitesToGenerate);
+      // Invite users
+      expect(await inviter.post(`/groups/${party._id}/invite`, {
+        uuids: generatedInvites.map(invite => invite._id),
+      })).to.be.an('array');
+    });
+
+    it('does not allow 30+ members in a party', async () => {
+      let invitesToGenerate = [];
+      // Generate 30 users to invite (30 + leader = 31 members)
+      for (let i = 0; i < PARTY_LIMIT_MEMBERS; i++) {
+        invitesToGenerate.push(generateUser());
+      }
+      let generatedInvites = await Promise.all(invitesToGenerate);
+      // Invite users
+      await expect(inviter.post(`/groups/${party._id}/invite`, {
+        uuids: generatedInvites.map(invite => invite._id),
+      }))
+      .to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('partyExceedsMembersLimit', {maxMembersParty: PARTY_LIMIT_MEMBERS}),
+      });
+    });
   });
 });

test/api/v3/integration/groups/POST-groups_manager.test.js

@@ -0,0 +1,85 @@
+import {
+  generateUser,
+  createAndPopulateGroup,
+  translate as t,
+} from '../../../../helpers/api-v3-integration.helper';
+
+describe('POST /group/:groupId/add-manager', () => {
+  let leader, nonLeader, groupToUpdate;
+  let groupName = 'Test Public Guild';
+  let groupType = 'guild';
+  let nonMember;
+
+  context('Guilds', () => {
+    beforeEach(async () => {
+      let { group, groupLeader, members } = await createAndPopulateGroup({
+        groupDetails: {
+          name: groupName,
+          type: groupType,
+          privacy: 'public',
+        },
+        members: 1,
+      });
+
+      groupToUpdate = group;
+      leader = groupLeader;
+      nonLeader = members[0];
+      nonMember = await generateUser();
+    });
+
+    it('returns an error when a non group leader tries to add member', async () => {
+      await expect(nonLeader.post(`/groups/${groupToUpdate._id}/add-manager`, {
+        managerId: nonLeader._id,
+      })).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('messageGroupOnlyLeaderCanUpdate'),
+      });
+    });
+
+    it('returns an error when trying to promote a non member', async () => {
+      await expect(leader.post(`/groups/${groupToUpdate._id}/add-manager`, {
+        managerId: nonMember._id,
+      })).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('userMustBeMember'),
+      });
+    });
+
+    it('allows a leader to add managers', async () => {
+      let updatedGroup = await leader.post(`/groups/${groupToUpdate._id}/add-manager`, {
+        managerId: nonLeader._id,
+      });
+
+      expect(updatedGroup.managers[nonLeader._id]).to.be.true;
+    });
+  });
+
+  context('Party', () => {
+    let party, partyLeader, partyNonLeader;
+
+    beforeEach(async () => {
+      let { group, groupLeader, members } = await createAndPopulateGroup({
+        groupDetails: {
+          name: groupName,
+          type: 'party',
+          privacy: 'private',
+        },
+        members: 1,
+      });
+
+      party = group;
+      partyLeader = groupLeader;
+      partyNonLeader = members[0];
+    });
+
+    it('allows leader of party to add managers', async () => {
+      let updatedGroup = await partyLeader.post(`/groups/${party._id}/add-manager`, {
+        managerId: partyNonLeader._id,
+      });
+
+      expect(updatedGroup.managers[partyNonLeader._id]).to.be.true;
+    });
+  });
+});

test/api/v3/integration/groups/PUT-groups.test.js

@@ -1,10 +1,11 @@
 import {
   createAndPopulateGroup,
+  generateUser,
   translate as t,
 } from '../../../../helpers/api-v3-integration.helper';
 
 describe('PUT /group', () => {
-  let leader, nonLeader, groupToUpdate;
+  let leader, nonLeader, groupToUpdate, adminUser;
   let groupName = 'Test Public Guild';
   let groupType = 'guild';
   let groupUpdatedName = 'Test Public Guild Updated';
@@ -18,13 +19,13 @@ describe('PUT /group', () => {
       },
       members: 1,
     });
-
+    adminUser = await generateUser({ 'contributor.admin': true });
     groupToUpdate = group;
     leader = groupLeader;
     nonLeader = members[0];
   });
 
-  it('returns an error when a non group leader tries to update', async () => {
+  it('returns an error when a user that is not an admin or group leader tries to update', async () => {
     await expect(nonLeader.put(`/groups/${groupToUpdate._id}`, {
       name: groupUpdatedName,
     })).to.eventually.be.rejected.and.eql({
@@ -44,6 +45,15 @@ describe('PUT /group', () => {
     expect(updatedGroup.name).to.equal(groupUpdatedName);
   });
 
+  it('allows an admin to update a guild', async () => {
+    let updatedGroup = await adminUser.put(`/groups/${groupToUpdate._id}`, {
+      name: groupUpdatedName,
+    });
+    expect(updatedGroup.leader._id).to.eql(leader._id);
+    expect(updatedGroup.leader.profile.name).to.eql(leader.profile.name);
+    expect(updatedGroup.name).to.equal(groupUpdatedName);
+  });
+
   it('allows a leader to change leaders', async () => {
     let updatedGroup = await leader.put(`/groups/${groupToUpdate._id}`, {
       name: groupUpdatedName,

test/api/v3/integration/members/GET-objections_interaction.test.js

@@ -0,0 +1,64 @@
+import {
+  generateUser,
+  translate as t,
+} from '../../../../helpers/api-v3-integration.helper';
+import { v4 as generateUUID } from 'uuid';
+
+describe('GET /members/:toUserId/objections/:interaction', () => {
+  let user;
+
+  before(async () => {
+    user = await generateUser();
+  });
+
+  it('validates req.params.memberId', async () => {
+    await expect(
+      user.get('/members/invalidUUID/objections/send-private-message')
+    ).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
+
+  it('handles non-existing members', async () => {
+    let dummyId = generateUUID();
+    await expect(
+      user.get(`/members/${dummyId}/objections/send-private-message`)
+    ).to.eventually.be.rejected.and.eql({
+      code: 404,
+      error: 'NotFound',
+      message: t('userWithIDNotFound', {userId: dummyId}),
+    });
+  });
+
+  it('handles non-existing interactions', async () => {
+    let receiver = await generateUser();
+
+    await expect(
+      user.get(`/members/${receiver._id}/objections/hug-a-whole-forest-of-trees`)
+    ).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
+
+  it('returns an empty array if there are no objections', async () => {
+    let receiver = await generateUser();
+
+    await expect(
+      user.get(`/members/${receiver._id}/objections/send-private-message`)
+    ).to.eventually.be.fulfilled.and.eql([]);
+  });
+
+  it('returns an array of objections if any exist', async () => {
+    let receiver = await generateUser({'inbox.blocks': [user._id]});
+
+    await expect(
+      user.get(`/members/${receiver._id}/objections/send-private-message`)
+    ).to.eventually.be.fulfilled.and.eql([
+      t('notAuthorizedToSendMessageToThisUser'),
+    ]);
+  });
+});

test/api/v3/integration/members/POST-send_private_message.test.js

@@ -82,6 +82,20 @@ describe('POST /members/send-private-message', () => {
     });
   });
 
+  it('returns an error when chat privileges are revoked', async () => {
+    let userWithChatRevoked = await generateUser({'flags.chatRevoked': true});
+    let receiver = await generateUser();
+
+    await expect(userWithChatRevoked.post('/members/send-private-message', {
+      message: messageToSend,
+      toUserId: receiver._id,
+    })).to.eventually.be.rejected.and.eql({
+      code: 401,
+      error: 'NotAuthorized',
+      message: t('chatPrivilegesRevoked'),
+    });
+  });
+
   it('sends a private message to a user', async () => {
     let receiver = await generateUser();
 

test/api/v3/integration/members/POST-transfer_gems.test.js

@@ -43,7 +43,7 @@ describe('POST /members/transfer-gems', () => {
     });
   });
 
-  it('returns error when to user is not found', async () => {
+  it('returns error when recipient is not found', async () => {
     await expect(userToSendMessage.post('/members/transfer-gems', {
       message,
       gemAmount,
@@ -55,7 +55,7 @@ describe('POST /members/transfer-gems', () => {
     });
   });
 
-  it('returns error when to user attempts to send gems to themselves', async () => {
+  it('returns error when user attempts to send gems to themselves', async () => {
     await expect(userToSendMessage.post('/members/transfer-gems', {
       message,
       gemAmount,
@@ -67,6 +67,64 @@ describe('POST /members/transfer-gems', () => {
     });
   });
 
+  it('returns error when recipient has blocked the sender', async () => {
+    let receiverWhoBlocksUser = await generateUser({'inbox.blocks': [userToSendMessage._id]});
+
+    await expect(userToSendMessage.post('/members/transfer-gems', {
+      message,
+      gemAmount,
+      toUserId: receiverWhoBlocksUser._id,
+    })).to.eventually.be.rejected.and.eql({
+      code: 401,
+      error: 'NotAuthorized',
+      message: t('notAuthorizedToSendMessageToThisUser'),
+    });
+  });
+
+  it('returns error when sender has blocked recipient', async () => {
+    let sender = await generateUser({'inbox.blocks': [receiver._id]});
+
+    await expect(sender.post('/members/transfer-gems', {
+      message,
+      gemAmount,
+      toUserId: receiver._id,
+    })).to.eventually.be.rejected.and.eql({
+      code: 401,
+      error: 'NotAuthorized',
+      message: t('notAuthorizedToSendMessageToThisUser'),
+    });
+  });
+
+  it('returns an error when chat privileges are revoked', async () => {
+    let userWithChatRevoked = await generateUser({'flags.chatRevoked': true});
+
+    await expect(userWithChatRevoked.post('/members/transfer-gems', {
+      message,
+      gemAmount,
+      toUserId: receiver._id,
+    })).to.eventually.be.rejected.and.eql({
+      code: 401,
+      error: 'NotAuthorized',
+      message: t('chatPrivilegesRevoked'),
+    });
+  });
+
+  it('works when only the recipient\'s chat privileges are revoked', async () => {
+    let receiverWithChatRevoked = await generateUser({'flags.chatRevoked': true});
+
+    await expect(userToSendMessage.post('/members/transfer-gems', {
+      message,
+      gemAmount,
+      toUserId: receiverWithChatRevoked._id,
+    })).to.eventually.be.fulfilled;
+
+    let updatedReceiver = await receiverWithChatRevoked.get('/user');
+    let updatedSender = await userToSendMessage.get('/user');
+
+    expect(updatedReceiver.balance).to.equal(gemAmount / 4);
+    expect(updatedSender.balance).to.equal(0);
+  });
+
   it('returns error when there is no gemAmount', async () => {
     await expect(userToSendMessage.post('/members/transfer-gems', {
       message,
@@ -144,7 +202,7 @@ describe('POST /members/transfer-gems', () => {
     expect(updatedSender.balance).to.equal(0);
   });
 
-  it('does not requrie a message', async () => {
+  it('does not require a message', async () => {
     await userToSendMessage.post('/members/transfer-gems', {
       gemAmount,
       toUserId: receiver._id,

test/api/v3/integration/shops/GET-shops_backgrounds.test.js

@@ -0,0 +1,25 @@
+import {
+  generateUser,
+  translate as t,
+} from '../../../../helpers/api-integration/v3';
+
+describe('GET /shops/backgrounds', () => {
+  let user;
+
+  beforeEach(async () => {
+    user = await generateUser();
+  });
+
+  it('returns a valid shop object', async () => {
+    let shop = await user.get('/shops/backgrounds');
+    expect(shop.identifier).to.equal('backgroundShop');
+    expect(shop.text).to.eql(t('backgroundShop'));
+    expect(shop.notes).to.eql(t('backgroundShopText'));
+    expect(shop.imageName).to.equal('background_shop');
+    expect(shop.sets).to.be.an('array');
+
+    let sets = shop.sets.map(set => set.identifier);
+    expect(sets).to.include('incentiveBackgrounds');
+    expect(sets).to.include('backgrounds062014');
+  });
+});

test/api/v3/integration/tasks/GET-tasks_user.test.js

@@ -1,3 +1,4 @@
+import moment from 'moment';
 import {
   generateUser,
 } from '../../../../helpers/api-integration/v3';
@@ -127,4 +128,106 @@ describe('GET /tasks/user', () => {
     let allCompletedTodos = await user.get('/tasks/user?type=_allCompletedTodos');
     expect(allCompletedTodos.length).to.equal(numberOfTodos);
   });
+
+  it('returns dailies with isDue for the date specified', async () => {
+    // @TODO Add required format
+    let startDate = moment().subtract('1', 'days').toISOString();
+    let createdTasks = await user.post('/tasks/user', [
+      {
+        text: 'test daily',
+        type: 'daily',
+        startDate,
+        frequency: 'daily',
+        everyX: 2,
+      },
+    ]);
+    let dailys = await user.get('/tasks/user?type=dailys');
+
+    expect(dailys.length).to.be.at.least(1);
+    expect(dailys[0]._id).to.equal(createdTasks._id);
+    expect(dailys[0].isDue).to.be.false;
+
+    let dailys2 = await user.get(`/tasks/user?type=dailys&dueDate=${startDate}`);
+    expect(dailys2[0]._id).to.equal(createdTasks._id);
+    expect(dailys2[0].isDue).to.be.true;
+  });
+
+  it('returns dailies with isDue for the date specified and will add CDS offset if time is not supplied and assumes timezones', async () => {
+    let timezone = 420;
+    await user.update({
+      'preferences.dayStart': 0,
+      'preferences.timezoneOffset': timezone,
+    });
+    let startDate = moment().zone(timezone).subtract('4', 'days').startOf('day').toISOString();
+    await user.post('/tasks/user', [
+      {
+        text: 'test daily',
+        type: 'daily',
+        startDate,
+        frequency: 'daily',
+        everyX: 2,
+      },
+    ]);
+
+    let today = moment().format('YYYY-MM-DD');
+    let dailys = await user.get(`/tasks/user?type=dailys&dueDate=${today}`);
+    expect(dailys[0].isDue).to.be.true;
+
+    let yesterday = moment().subtract('1', 'days').format('YYYY-MM-DD');
+    let dailys2 = await user.get(`/tasks/user?type=dailys&dueDate=${yesterday}`);
+    expect(dailys2[0].isDue).to.be.false;
+  });
+
+
+  it('returns dailies with isDue for the date specified and will add CDS offset if time is not supplied and assumes timezones', async () => {
+    let timezone = 240;
+    await user.update({
+      'preferences.dayStart': 0,
+      'preferences.timezoneOffset': timezone,
+    });
+    let startDate = moment().zone(timezone).subtract('4', 'days').startOf('day').toISOString();
+    await user.post('/tasks/user', [
+      {
+        text: 'test daily',
+        type: 'daily',
+        startDate,
+        frequency: 'daily',
+        everyX: 2,
+      },
+    ]);
+
+    let today = moment().format('YYYY-MM-DD');
+    let dailys = await user.get(`/tasks/user?type=dailys&dueDate=${today}`);
+    expect(dailys[0].isDue).to.be.true;
+
+    let yesterday = moment().subtract('1', 'days').format('YYYY-MM-DD');
+    let dailys2 = await user.get(`/tasks/user?type=dailys&dueDate=${yesterday}`);
+    expect(dailys2[0].isDue).to.be.false;
+  });
+
+  it('returns dailies with isDue for the date specified and will add CDS offset if time is not supplied and assumes timezones', async () => {
+    let timezone = 540;
+    await user.update({
+      'preferences.dayStart': 0,
+      'preferences.timezoneOffset': timezone,
+    });
+    let startDate = moment().zone(timezone).subtract('4', 'days').startOf('day').toISOString();
+    await user.post('/tasks/user', [
+      {
+        text: 'test daily',
+        type: 'daily',
+        startDate,
+        frequency: 'daily',
+        everyX: 2,
+      },
+    ]);
+
+    let today = moment().format('YYYY-MM-DD');
+    let dailys = await user.get(`/tasks/user?type=dailys&dueDate=${today}`);
+    expect(dailys[0].isDue).to.be.true;
+
+    let yesterday = moment().subtract('1', 'days').format('YYYY-MM-DD');
+    let dailys2 = await user.get(`/tasks/user?type=dailys&dueDate=${yesterday}`);
+    expect(dailys2[0].isDue).to.be.false;
+  });
 });

test/api/v3/integration/tasks/POST-tasks_id_score_direction.test.js

@@ -208,6 +208,20 @@ describe('POST /tasks/:id/score/:direction', () => {
       expect(task.completed).to.equal(false);
     });
 
+    it('computes isDue', async () => {
+      await user.post(`/tasks/${daily._id}/score/up`);
+      let task = await user.get(`/tasks/${daily._id}`);
+
+      expect(task.isDue).to.equal(true);
+    });
+
+    it('computes nextDue', async () => {
+      await user.post(`/tasks/${daily._id}/score/up`);
+      let task = await user.get(`/tasks/${daily._id}`);
+
+      expect(task.nextDue.length).to.eql(6);
+    });
+
     it('scores up daily even if it is already completed'); // Yes?
 
     it('scores down daily even if it is already uncompleted'); // Yes?

test/api/v3/integration/tasks/POST-tasks_unlink-all_challengeId.test.js

@@ -0,0 +1,109 @@
+import {
+  generateUser,
+  generateGroup,
+  generateChallenge,
+  translate as t,
+} from '../../../../helpers/api-integration/v3';
+
+describe('POST /tasks/unlink-all/:challengeId', () => {
+  let user;
+  let guild;
+  let challenge;
+  let tasksToTest = {
+    habit: {
+      text: 'test habit',
+      type: 'habit',
+      up: false,
+      down: true,
+    },
+    todo: {
+      text: 'test todo',
+      type: 'todo',
+    },
+    daily: {
+      text: 'test daily',
+      type: 'daily',
+      frequency: 'daily',
+      everyX: 5,
+      startDate: new Date(),
+    },
+    reward: {
+      text: 'test reward',
+      type: 'reward',
+    },
+  };
+
+  beforeEach(async () => {
+    user = await generateUser();
+    guild = await generateGroup(user);
+    challenge = await generateChallenge(user, guild);
+  });
+
+  it('fails if no keep query', async () => {
+    await expect(user.post(`/tasks/unlink-all/${challenge._id}`))
+    .to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
+
+  it('fails if invalid challenge id', async () => {
+    await expect(user.post('/tasks/unlink-all/123?keep=remove-all'))
+    .to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
+
+  it('fails on an unbroken challenge', async () => {
+    await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.daily);
+    await expect(user.post(`/tasks/unlink-all/${challenge._id}?keep=remove-all`))
+    .to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('cantOnlyUnlinkChalTask'),
+    });
+  });
+
+  it('unlinks all tasks from a challenge and deletes them on keep=remove-all', async () => {
+    const daily = await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.daily);
+    await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.habit);
+    await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.reward);
+    await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.todo);
+    await user.del(`/challenges/${challenge._id}`);
+    const response = await user.post(`/tasks/unlink-all/${challenge._id}?keep=remove-all`);
+    expect(response).to.eql({});
+
+    await expect(user.get(`/tasks/${daily._id}`)).to.eventually.be.rejected.and.eql({
+      code: 404,
+      error: 'NotFound',
+      message: t('taskNotFound'),
+    });
+  });
+
+  it('unlinks a task from a challenge on keep=keep-all', async () => {
+    const daily = await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.daily);
+    const anotherUser = await generateUser();
+    await user.post(`/groups/${guild._id}/invite`, {
+        uuids: [anotherUser._id],
+    });
+    // Have the second user join the group and challenge
+    await anotherUser.post(`/groups/${guild._id}/join`);
+    await anotherUser.post(`/challenges/${challenge._id}/join`);
+    // Have the leader delete the challenge and unlink the tasks
+    await user.del(`/challenges/${challenge._id}`);
+    await user.post(`/tasks/unlink-all/${challenge._id}?keep=keep-all`);
+    // Get the second task for the second user
+    const [, anotherUserTask] = await anotherUser.get('/tasks/user');
+    // Expect the second user to still have the task, but unlinked
+    expect(anotherUserTask.challenge).to.eql({
+      taskId: daily._id,
+      id: challenge._id,
+      shortName: challenge.shortName,
+      broken: 'CHALLENGE_DELETED',
+      winner: null,
+    });
+  });
+});

test/api/v3/integration/tasks/POST-tasks_unlink-one_taskId.test.js

@@ -0,0 +1,110 @@
+import {
+  generateUser,
+  generateGroup,
+  generateChallenge,
+  translate as t,
+} from '../../../../helpers/api-integration/v3';
+import { v4 as generateUUID } from 'uuid';
+
+describe('POST /tasks/unlink-one/:taskId', () => {
+  let user;
+  let guild;
+  let challenge;
+  let tasksToTest = {
+    habit: {
+      text: 'test habit',
+      type: 'habit',
+      up: false,
+      down: true,
+    },
+    todo: {
+      text: 'test todo',
+      type: 'todo',
+    },
+    daily: {
+      text: 'test daily',
+      type: 'daily',
+      frequency: 'daily',
+      everyX: 5,
+      startDate: new Date(),
+    },
+    reward: {
+      text: 'test reward',
+      type: 'reward',
+    },
+  };
+
+  beforeEach(async () => {
+    user = await generateUser();
+    guild = await generateGroup(user);
+    challenge = await generateChallenge(user, guild);
+  });
+
+  it('fails if no keep query', async () => {
+    const daily = await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.daily);
+    await expect(user.post(`/tasks/unlink-one/${daily._id}`))
+    .to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
+
+  it('fails if invalid task id', async () => {
+    await expect(user.post('/tasks/unlink-one/123?keep=remove'))
+    .to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
+
+  it('fails on task not found', async () => {
+    await expect(user.post(`/tasks/unlink-one/${generateUUID()}?keep=keep`))
+    .to.eventually.be.rejected.and.eql({
+      code: 404,
+      error: 'NotFound',
+      message: t('taskNotFound'),
+    });
+  });
+
+  it('fails on task unlinked to challenge', async () => {
+    let daily = await user.post('/tasks/user', tasksToTest.daily);
+    await expect(user.post(`/tasks/unlink-one/${daily._id}?keep=keep`))
+    .to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('cantOnlyUnlinkChalTask'),
+    });
+  });
+
+  it('fails on unbroken challenge', async () => {
+    await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.daily);
+    let [daily] = await user.get('/tasks/user');
+    await expect(user.post(`/tasks/unlink-one/${daily._id}?keep=keep`))
+    .to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('cantOnlyUnlinkChalTask'),
+    });
+  });
+
+  it('unlinks a task from a challenge and saves it on keep=keep', async () => {
+    await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.daily);
+    let [, daily] = await user.get('/tasks/user');
+    await user.del(`/challenges/${challenge._id}`);
+    await user.post(`/tasks/unlink-one/${daily._id}?keep=keep`);
+    [, daily] = await user.get('/tasks/user');
+    expect(daily.challenge).to.eql({});
+  });
+
+  it('unlinks a task from a challenge and deletes it on keep=remove', async () => {
+    await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.daily);
+    let [, daily] = await user.get('/tasks/user');
+    await user.del(`/challenges/${challenge._id}`);
+    await user.post(`/tasks/unlink-one/${daily._id}?keep=remove`);
+    const tasks = await user.get('/tasks/user');
+    // Only the default task should remain
+    expect(tasks.length).to.eql(1);
+  });
+});

test/api/v3/integration/tasks/POST-tasks_user.test.js

@@ -133,6 +133,7 @@ describe('POST /tasks/user', () => {
       expect(task.completed).to.equal(false);
       expect(task.streak).not.to.equal('never');
       expect(task.value).not.to.equal(324);
+      expect(task.yesterDaily).to.equal(true);
     });
 
     it('ignores invalid fields', async () => {
@@ -509,6 +510,8 @@ describe('POST /tasks/user', () => {
       expect(task.daysOfMonth).to.eql([15]);
       expect(task.weeksOfMonth).to.eql([3]);
       expect(new Date(task.startDate)).to.eql(now);
+      expect(task.isDue).to.be.true;
+      expect(task.nextDue.length).to.eql(6);
     });
 
     it('creates multiple dailys', async () => {
@@ -613,6 +616,18 @@ describe('POST /tasks/user', () => {
       expect((new Date(task.startDate)).getDay()).to.eql(today);
     });
 
+    it('returns an error if the start date is empty', async () => {
+      await expect(user.post('/tasks/user', {
+        text: 'test daily',
+        type: 'daily',
+        startDate: '',
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: 'daily validation failed',
+      });
+    });
+
     it('can create checklists', async () => {
       let task = await user.post('/tasks/user', {
         text: 'test daily',

test/api/v3/integration/tasks/PUT-tasks_id.test.js

@@ -1,3 +1,4 @@
+import moment from 'moment';
 import {
   generateUser,
   generateGroup,
@@ -395,12 +396,17 @@ describe('PUT /tasks/:id', () => {
         notes: 'some new notes',
         frequency: 'daily',
         everyX: 5,
+        yesterDaily: false,
+        startDate: moment().add(1, 'days').toDate(),
       });
 
       expect(savedDaily.text).to.eql('some new text');
       expect(savedDaily.notes).to.eql('some new notes');
       expect(savedDaily.frequency).to.eql('daily');
       expect(savedDaily.everyX).to.eql(5);
+      expect(savedDaily.isDue).to.be.false;
+      expect(savedDaily.nextDue.length).to.eql(6);
+      expect(savedDaily.yesterDaily).to.be.false;
     });
 
     it('can update checklists (replace it)', async () => {

test/api/v3/integration/tasks/groups/DELETE-group_tasks_id.test.js

@@ -4,7 +4,7 @@ import {
 } from '../../../../../helpers/api-integration/v3';
 import { find } from 'lodash';
 
-describe('DELETE /tasks/:id', () => {
+describe('Groups DELETE /tasks/:id', () => {
   let user, guild, member, member2, task;
 
   function findAssignedTask (memberTask) {
@@ -48,6 +48,21 @@ describe('DELETE /tasks/:id', () => {
       });
   });
 
+  it('allows a manager to delete a group task', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+
+    await member2.del(`/tasks/${task._id}`);
+
+    await expect(user.get(`/tasks/${task._id}`))
+      .to.eventually.be.rejected.and.eql({
+        code: 404,
+        error: 'NotFound',
+        message: t('taskNotFound'),
+      });
+  });
+
   it('unlinks assigned user', async () => {
     await user.del(`/tasks/${task._id}`);
 

test/api/v3/integration/tasks/groups/GET-approvals_group_id.test.js

@@ -55,4 +55,13 @@ describe('GET /approvals/group/:groupId', () => {
     let approvals = await user.get(`/approvals/group/${guild._id}`);
     expect(approvals[0]._id).to.equal(syncedTask._id);
   });
+
+  it('allows managers to get a list of task that need approval', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member._id,
+    });
+
+    let approvals = await member.get(`/approvals/group/${guild._id}`);
+    expect(approvals[0]._id).to.equal(syncedTask._id);
+  });
 });

test/api/v3/integration/tasks/groups/POST-group_tasks_id_approve_userId.test.js

@@ -5,7 +5,7 @@ import {
 import { find } from 'lodash';
 
 describe('POST /tasks/:id/approve/:userId', () => {
-  let user, guild, member, task;
+  let user, guild, member, member2, task;
 
   function findAssignedTask (memberTask) {
     return memberTask.group.id === guild._id;
@@ -17,12 +17,13 @@ describe('POST /tasks/:id/approve/:userId', () => {
         name: 'Test Guild',
         type: 'guild',
       },
-      members: 1,
+      members: 2,
     });
 
     guild = group;
     user = groupLeader;
     member = members[0];
+    member2 = members[1];
 
     task = await user.post(`/tasks/group/${guild._id}`, {
       text: 'test todo',
@@ -69,4 +70,74 @@ describe('POST /tasks/:id/approve/:userId', () => {
     expect(syncedTask.group.approval.approvingUser).to.equal(user._id);
     expect(syncedTask.group.approval.dateApproved).to.be.a('string'); // date gets converted to a string as json doesn't have a Date type
   });
+
+  it('allows a manager to approve an assigned user', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+
+    await member2.post(`/tasks/${task._id}/assign/${member._id}`);
+    await member2.post(`/tasks/${task._id}/approve/${member._id}`);
+
+    let memberTasks = await member.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+
+    await member.sync();
+
+    expect(member.notifications.length).to.equal(2);
+    expect(member.notifications[0].type).to.equal('GROUP_TASK_APPROVED');
+    expect(member.notifications[0].data.message).to.equal(t('yourTaskHasBeenApproved', {taskText: task.text}));
+    expect(member.notifications[1].type).to.equal('SCORED_TASK');
+    expect(member.notifications[1].data.message).to.equal(t('yourTaskHasBeenApproved', {taskText: task.text}));
+
+    expect(syncedTask.group.approval.approved).to.be.true;
+    expect(syncedTask.group.approval.approvingUser).to.equal(member2._id);
+    expect(syncedTask.group.approval.dateApproved).to.be.a('string'); // date gets converted to a string as json doesn't have a Date type
+  });
+
+  it('removes approval pending notifications from managers', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+
+    await member2.post(`/tasks/${task._id}/assign/${member._id}`);
+    let memberTasks = await member.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+    await expect(member.post(`/tasks/${syncedTask._id}/score/up`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('taskApprovalHasBeenRequested'),
+      });
+
+    await user.sync();
+    await member2.sync();
+    expect(user.notifications.length).to.equal(2);
+    expect(user.notifications[1].type).to.equal('GROUP_TASK_APPROVAL');
+    expect(member2.notifications.length).to.equal(1);
+    expect(member2.notifications[0].type).to.equal('GROUP_TASK_APPROVAL');
+
+    await member2.post(`/tasks/${task._id}/approve/${member._id}`);
+
+    await user.sync();
+    await member2.sync();
+
+    expect(user.notifications.length).to.equal(1);
+    expect(member2.notifications.length).to.equal(0);
+  });
+
+  it('prevents double approval on a task', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+
+    await member2.post(`/tasks/${task._id}/assign/${member._id}`);
+    await member2.post(`/tasks/${task._id}/approve/${member._id}`);
+    await expect(user.post(`/tasks/${task._id}/approve/${member._id}`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('canOnlyApproveTaskOnce'),
+      });
+  });
 });

test/api/v3/integration/tasks/groups/POST-group_tasks_id_score_direction.test.js

@@ -5,7 +5,7 @@ import {
 import { find } from 'lodash';
 
 describe('POST /tasks/:id/score/:direction', () => {
-  let user, guild, member, task;
+  let user, guild, member, member2, task;
 
   function findAssignedTask (memberTask) {
     return memberTask.group.id === guild._id;
@@ -17,12 +17,13 @@ describe('POST /tasks/:id/score/:direction', () => {
         name: 'Test Guild',
         type: 'guild',
       },
-      members: 1,
+      members: 2,
     });
 
     guild = group;
     user = groupLeader;
     member = members[0];
+    member2 = members[1];
 
     task = await user.post(`/tasks/group/${guild._id}`, {
       text: 'test todo',
@@ -51,18 +52,55 @@ describe('POST /tasks/:id/score/:direction', () => {
 
     await user.sync();
 
-    expect(user.notifications.length).to.equal(1);
-    expect(user.notifications[0].type).to.equal('GROUP_TASK_APPROVAL');
-    expect(user.notifications[0].data.message).to.equal(t('userHasRequestedTaskApproval', {
+    expect(user.notifications.length).to.equal(2);
+    expect(user.notifications[1].type).to.equal('GROUP_TASK_APPROVAL');
+    expect(user.notifications[1].data.message).to.equal(t('userHasRequestedTaskApproval', {
       user: member.auth.local.username,
       taskName: updatedTask.text,
+      taskId: updatedTask._id,
     }, 'cs')); // This test only works if we have the notification translated
-    expect(user.notifications[0].data.groupId).to.equal(guild._id);
+    expect(user.notifications[1].data.groupId).to.equal(guild._id);
 
     expect(updatedTask.group.approval.requested).to.equal(true);
     expect(updatedTask.group.approval.requestedDate).to.be.a('string'); // date gets converted to a string as json doesn't have a Date type
   });
 
+  it('sends notifications to all managers', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+    let memberTasks = await member.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+
+    await expect(member.post(`/tasks/${syncedTask._id}/score/up`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('taskApprovalHasBeenRequested'),
+      });
+    let updatedTask = await member.get(`/tasks/${syncedTask._id}`);
+    await user.sync();
+    await member2.sync();
+
+    expect(user.notifications.length).to.equal(2);
+    expect(user.notifications[1].type).to.equal('GROUP_TASK_APPROVAL');
+    expect(user.notifications[1].data.message).to.equal(t('userHasRequestedTaskApproval', {
+      user: member.auth.local.username,
+      taskName: updatedTask.text,
+      taskId: updatedTask._id,
+    }));
+    expect(user.notifications[1].data.groupId).to.equal(guild._id);
+
+    expect(member2.notifications.length).to.equal(1);
+    expect(member2.notifications[0].type).to.equal('GROUP_TASK_APPROVAL');
+    expect(member2.notifications[0].data.message).to.equal(t('userHasRequestedTaskApproval', {
+      user: member.auth.local.username,
+      taskName: updatedTask.text,
+      taskId: updatedTask._id,
+    }));
+    expect(member2.notifications[0].data.groupId).to.equal(guild._id);
+  });
+
   it('errors when approval has already been requested', async () => {
     let memberTasks = await member.get('/tasks/user');
     let syncedTask = find(memberTasks, findAssignedTask);

test/api/v3/integration/tasks/groups/POST-tasks_group_id.test.js

@@ -1,16 +1,29 @@
 import {
   generateUser,
-  generateGroup,
+  createAndPopulateGroup,
   translate as t,
 } from '../../../../../helpers/api-v3-integration.helper';
 import { v4 as generateUUID } from 'uuid';
 
 describe('POST /tasks/group/:groupid', () => {
-  let user, guild;
+  let user, guild, manager;
+  let groupName = 'Test Public Guild';
+  let groupType = 'guild';
 
   beforeEach(async () => {
     user = await generateUser({balance: 1});
-    guild = await generateGroup(user, {type: 'guild'});
+    let { group, groupLeader, members } = await createAndPopulateGroup({
+      groupDetails: {
+        name: groupName,
+        type: groupType,
+        privacy: 'private',
+      },
+      members: 1,
+    });
+
+    guild = group;
+    user = groupLeader;
+    manager = members[0];
   });
 
   it('returns error when group is not found', async () => {
@@ -116,4 +129,27 @@ describe('POST /tasks/group/:groupid', () => {
     expect(task.everyX).to.eql(5);
     expect(new Date(task.startDate)).to.eql(now);
   });
+
+  it('allows a manager to add a group task', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: manager._id,
+    });
+
+    let task = await manager.post(`/tasks/group/${guild._id}`, {
+      text: 'test habit',
+      type: 'habit',
+      up: false,
+      down: true,
+      notes: 1976,
+    });
+
+    let groupTask = await manager.get(`/tasks/group/${guild._id}`);
+
+    expect(groupTask[0].group.id).to.equal(guild._id);
+    expect(task.text).to.eql('test habit');
+    expect(task.notes).to.eql('1976');
+    expect(task.type).to.eql('habit');
+    expect(task.up).to.eql(false);
+    expect(task.down).to.eql(true);
+  });
 });

test/api/v3/integration/tasks/groups/POST-tasks_group_id_assign_user_id.test.js

@@ -6,7 +6,7 @@ import {
 import { v4 as generateUUID } from 'uuid';
 import { find } from 'lodash';
 
-describe('POST /tasks/:taskId', () => {
+describe('POST /tasks/:taskId/assign/:memberId', () => {
   let user, guild, member, member2, task;
 
   function findAssignedTask (memberTask) {
@@ -130,4 +130,19 @@ describe('POST /tasks/:taskId', () => {
     expect(member1SyncedTask).to.exist;
     expect(member2SyncedTask).to.exist;
   });
+
+  it('allows a manager to assign tasks', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+
+    await member2.post(`/tasks/${task._id}/assign/${member._id}`);
+
+    let groupTask = await member2.get(`/tasks/group/${guild._id}`);
+    let memberTasks = await member.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+
+    expect(groupTask[0].group.assignedUsers).to.contain(member._id);
+    expect(syncedTask).to.exist;
+  });
 });

test/api/v3/integration/tasks/groups/POST-tasks_task_id_unassign.test.js

@@ -114,4 +114,19 @@ describe('POST /tasks/:taskId/unassign/:memberId', () => {
     expect(groupTask[0].group.assignedUsers).to.contain(member2._id);
     expect(member2SyncedTask).to.exist;
   });
+
+  it('allows a manager to unassign a user from a task', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+
+    await member2.post(`/tasks/${task._id}/unassign/${member._id}`);
+
+    let groupTask = await member2.get(`/tasks/group/${guild._id}`);
+    let memberTasks = await member.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+
+    expect(groupTask[0].group.assignedUsers).to.not.contain(member._id);
+    expect(syncedTask).to.not.exist;
+  });
 });

test/api/v3/integration/tasks/groups/PUT-group_task_id.test.js

@@ -89,4 +89,25 @@ describe('PUT /tasks/:id', () => {
     expect(member2SyncedTask.up).to.eql(false);
     expect(member2SyncedTask.down).to.eql(false);
   });
+
+  it('updates the linked tasks', async () => {
+    await user.post(`/groups/${guild._id}/add-manager`, {
+      managerId: member2._id,
+    });
+
+    await member2.put(`/tasks/${task._id}`, {
+      text: 'some new text',
+      up: false,
+      down: false,
+      notes: 'some new notes',
+    });
+
+
+    let memberTasks = await member.get('/tasks/user');
+    let syncedTask = find(memberTasks, findAssignedTask);
+
+    expect(syncedTask.text).to.eql('some new text');
+    expect(syncedTask.up).to.eql(false);
+    expect(syncedTask.down).to.eql(false);
+  });
 });

test/api/v3/integration/user/DELETE-user.test.js

@@ -16,6 +16,7 @@ import {
   sha1MakeSalt,
   sha1Encrypt as sha1EncryptPassword,
 } from '../../../../../website/server/libs/password';
+import * as email from '../../../../../website/server/libs/email';
 
 describe('DELETE /user', () => {
   let user;
@@ -25,7 +26,7 @@ describe('DELETE /user', () => {
     user = await generateUser({balance: 10});
   });
 
-  it('returns an errors if password is wrong', async () => {
+  it('returns an error if password is wrong', async () => {
     await expect(user.del('/user', {
       password: 'wrong-password',
     })).to.eventually.be.rejected.and.eql({
@@ -35,6 +36,33 @@ describe('DELETE /user', () => {
     });
   });
 
+  it('returns an error if password is not supplied', async () => {
+    await expect(user.del('/user', {
+      password: '',
+    })).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('missingPassword'),
+    });
+  });
+
+  it('returns an error if excessive feedback is supplied', async () => {
+    let feedbackText = 'spam feedback ';
+    let feedback = feedbackText;
+    while (feedback.length < 10000) {
+      feedback = feedback + feedbackText;
+    }
+
+    await expect(user.del('/user', {
+      password,
+      feedback,
+    })).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: 'Account deletion feedback is limited to 10,000 characters. For lengthy feedback, email admin@habitica.com.',
+    });
+  });
+
   it('returns an error if user has active subscription', async () => {
     let userWithSubscription = await generateUser({'purchased.plan.customerId': 'fake-customer-id'});
 
@@ -96,6 +124,32 @@ describe('DELETE /user', () => {
     await expect(checkExistence('users', user._id)).to.eventually.eql(false);
   });
 
+  it('sends feedback to the admin email', async () => {
+    sandbox.spy(email, 'sendTxn');
+
+    let feedback = 'Reasons for Deletion';
+    await user.del('/user', {
+      password,
+      feedback,
+    });
+
+    expect(email.sendTxn).to.be.calledOnce;
+
+    sandbox.restore();
+  });
+
+  it('does not send email if no feedback is supplied', async () => {
+    sandbox.spy(email, 'sendTxn');
+
+    await user.del('/user', {
+      password,
+    });
+
+    expect(email.sendTxn).to.not.be.called;
+
+    sandbox.restore();
+  });
+
   it('deletes the user with a legacy sha1 password', async () => {
     let textPassword = 'mySecretPassword';
     let salt = sha1MakeSalt();

test/api/v3/integration/user/POST-user_class_cast_spellId.test.js

@@ -221,6 +221,27 @@ describe('POST /user/class/cast/:spellId', () => {
     expect(syncedGroupTask.value).to.equal(0);
   });
 
+  it('increases both user\'s achievement values', async () => {
+    let party = await createAndPopulateGroup({
+      members: 1,
+    });
+    let leader = party.groupLeader;
+    let recipient = party.members[0];
+    await leader.update({'stats.gp': 10});
+    await leader.post(`/user/class/cast/birthday?targetId=${recipient._id}`);
+    await leader.sync();
+    await recipient.sync();
+    expect(leader.achievements.birthday).to.equal(1);
+    expect(recipient.achievements.birthday).to.equal(1);
+  });
+
+  it('only increases user\'s achievement one if target == caster', async () => {
+    await user.update({'stats.gp': 10});
+    await user.post(`/user/class/cast/birthday?targetId=${user._id}`);
+    await user.sync();
+    expect(user.achievements.birthday).to.equal(1);
+  });
+
   // TODO find a way to have sinon working in integration tests
   // it doesn't work when tests are running separately from server
   it('passes correct target to spell when targetType === \'task\'');

test/api/v3/integration/user/POST-user_purchase.test.js

@@ -1,5 +1,6 @@
 import {
   generateUser,
+  createAndPopulateGroup,
   translate as t,
 } from '../../../../helpers/api-integration/v3';
 
@@ -31,4 +32,70 @@ describe('POST /user/purchase/:type/:key', () => {
 
     expect(user.items[type][key]).to.equal(1);
   });
+
+  it('can convert gold to gems if subscribed', async () => {
+    let oldBalance = user.balance;
+    await user.update({
+      'purchased.plan.customerId': 'group-plan',
+      'stats.gp': 1000,
+    });
+    await user.post('/user/purchase/gems/gem');
+    await user.sync();
+    expect(user.balance).to.equal(oldBalance + 0.25);
+  });
+
+  it('leader can convert gold to gems even if the group plan prevents it', async () => {
+    let { group, groupLeader } = await createAndPopulateGroup({
+      groupDetails: {
+        name: 'test',
+        type: 'guild',
+        privacy: 'private',
+      },
+    });
+    await group.update({
+      'leaderOnly.getGems': true,
+      'purchased.plan.customerId': 123,
+    });
+    await groupLeader.sync();
+    let oldBalance = groupLeader.balance;
+
+    await groupLeader.update({
+      'purchased.plan.customerId': 'group-plan',
+      'stats.gp': 1000,
+    });
+    await groupLeader.post('/user/purchase/gems/gem');
+
+    await groupLeader.sync();
+    expect(groupLeader.balance).to.equal(oldBalance + 0.25);
+  });
+
+  it('cannot convert gold to gems if the group plan prevents it', async () => {
+    let { group, members } = await createAndPopulateGroup({
+      groupDetails: {
+        name: 'test',
+        type: 'guild',
+        privacy: 'private',
+      },
+      members: 1,
+    });
+    await group.update({
+      'leaderOnly.getGems': true,
+      'purchased.plan.customerId': 123,
+    });
+    let oldBalance = members[0].balance;
+
+    await members[0].update({
+      'purchased.plan.customerId': 'group-plan',
+      'stats.gp': 1000,
+    });
+    await expect(members[0].post('/user/purchase/gems/gem'))
+      .to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('groupPolicyCannotGetGems'),
+      });
+
+    await members[0].sync();
+    expect(members[0].balance).to.equal(oldBalance);
+  });
 });

test/api/v3/integration/user/auth/POST-login-local.test.js

@@ -9,6 +9,8 @@ import {
   sha1Encrypt as sha1EncryptPassword,
 } from '../../../../../../website/server/libs/password';
 
+import nconf from 'nconf';
+
 describe('POST /user/auth/local/login', () => {
   let api;
   let user;
@@ -43,7 +45,7 @@ describe('POST /user/auth/local/login', () => {
     })).to.eventually.be.rejected.and.eql({
       code: 401,
       error: 'NotAuthorized',
-      message: t('accountSuspended', { userId: user._id }),
+      message: t('accountSuspended', { communityManagerEmail: nconf.get('EMAILS:COMMUNITY_MANAGER_EMAIL'), userId: user._id }),
     });
   });
 

test/api/v3/integration/user/auth/POST-register_local.test.js

@@ -34,25 +34,209 @@ describe('POST /user/auth/local/register', () => {
       expect(user.apiToken).to.exist;
       expect(user.auth.local.username).to.eql(username);
       expect(user.profile.name).to.eql(username);
+      expect(user.newUser).to.eql(true);
     });
 
-    it('provides default tags and tasks', async () => {
-      let username = generateRandomUserName();
-      let email = `${username}@example.com`;
-      let password = 'password';
+    context('provides default tags and tasks', async () => {
+      it('for a generic API consumer', async () => {
+        let username = generateRandomUserName();
+        let email = `${username}@example.com`;
+        let password = 'password';
 
-      let user = await api.post('/user/auth/local/register', {
-        username,
-        email,
-        password,
-        confirmPassword: password,
+        let user = await api.post('/user/auth/local/register', {
+          username,
+          email,
+          password,
+          confirmPassword: password,
+        });
+
+        let requests = new ApiUser(user);
+
+        let habits = await requests.get('/tasks/user?type=habits');
+        let dailys = await requests.get('/tasks/user?type=dailys');
+        let todos = await requests.get('/tasks/user?type=todos');
+        let rewards = await requests.get('/tasks/user?type=rewards');
+        let tags = await requests.get('/tags');
+
+        expect(habits).to.have.a.lengthOf(0);
+
+        expect(dailys).to.have.a.lengthOf(0);
+
+        expect(todos).to.have.a.lengthOf(1);
+        expect(todos[0].text).to.eql(t('defaultTodo1Text'));
+        expect(todos[0].notes).to.eql(t('defaultTodoNotes'));
+
+        expect(rewards).to.have.a.lengthOf(0);
+
+        expect(tags).to.have.a.lengthOf(7);
+        expect(tags[0].name).to.eql(t('defaultTag1'));
+        expect(tags[1].name).to.eql(t('defaultTag2'));
+        expect(tags[2].name).to.eql(t('defaultTag3'));
+        expect(tags[3].name).to.eql(t('defaultTag4'));
+        expect(tags[4].name).to.eql(t('defaultTag5'));
+        expect(tags[5].name).to.eql(t('defaultTag6'));
+        expect(tags[6].name).to.eql(t('defaultTag7'));
       });
 
-      expect(user.tags).to.have.a.lengthOf(7);
-      expect(user.tasksOrder.todos).to.have.a.lengthOf(1);
-      expect(user.tasksOrder.dailys).to.have.a.lengthOf(0);
-      expect(user.tasksOrder.rewards).to.have.a.lengthOf(0);
-      expect(user.tasksOrder.habits).to.have.a.lengthOf(0);
+      it('for Web', async () => {
+        api = requester(
+          null,
+          {'x-client': 'habitica-web'},
+        );
+        let username = generateRandomUserName();
+        let email = `${username}@example.com`;
+        let password = 'password';
+
+        let user = await api.post('/user/auth/local/register', {
+          username,
+          email,
+          password,
+          confirmPassword: password,
+        });
+
+        let requests = new ApiUser(user);
+
+        let habits = await requests.get('/tasks/user?type=habits');
+        let dailys = await requests.get('/tasks/user?type=dailys');
+        let todos = await requests.get('/tasks/user?type=todos');
+        let rewards = await requests.get('/tasks/user?type=rewards');
+        let tags = await requests.get('/tags');
+
+        expect(habits).to.have.a.lengthOf(3);
+        expect(habits[0].text).to.eql(t('defaultHabit1Text'));
+        expect(habits[0].notes).to.eql('');
+        expect(habits[1].text).to.eql(t('defaultHabit2Text'));
+        expect(habits[1].notes).to.eql('');
+        expect(habits[2].text).to.eql(t('defaultHabit3Text'));
+        expect(habits[2].notes).to.eql('');
+
+        expect(dailys).to.have.a.lengthOf(0);
+
+        expect(todos).to.have.a.lengthOf(1);
+        expect(todos[0].text).to.eql(t('defaultTodo1Text'));
+        expect(todos[0].notes).to.eql(t('defaultTodoNotes'));
+
+        expect(rewards).to.have.a.lengthOf(1);
+        expect(rewards[0].text).to.eql(t('defaultReward1Text'));
+        expect(rewards[0].notes).to.eql('');
+
+        expect(tags).to.have.a.lengthOf(7);
+        expect(tags[0].name).to.eql(t('defaultTag1'));
+        expect(tags[1].name).to.eql(t('defaultTag2'));
+        expect(tags[2].name).to.eql(t('defaultTag3'));
+        expect(tags[3].name).to.eql(t('defaultTag4'));
+        expect(tags[4].name).to.eql(t('defaultTag5'));
+        expect(tags[5].name).to.eql(t('defaultTag6'));
+        expect(tags[6].name).to.eql(t('defaultTag7'));
+      });
+
+      it('for Android', async () => {
+        api = requester(
+          null,
+          {'x-client': 'habitica-android'},
+        );
+        let username = generateRandomUserName();
+        let email = `${username}@example.com`;
+        let password = 'password';
+
+        let user = await api.post('/user/auth/local/register', {
+          username,
+          email,
+          password,
+          confirmPassword: password,
+        });
+
+        let requests = new ApiUser(user);
+
+        let habits = await requests.get('/tasks/user?type=habits');
+        let dailys = await requests.get('/tasks/user?type=dailys');
+        let todos = await requests.get('/tasks/user?type=todos');
+        let rewards = await requests.get('/tasks/user?type=rewards');
+        let tags = await requests.get('/tags');
+
+        expect(habits).to.have.a.lengthOf(2);
+        expect(habits[0].text).to.eql(t('defaultHabit4Text'));
+        expect(habits[0].notes).to.eql(t('defaultHabit4Notes'));
+        expect(habits[1].text).to.eql(t('defaultHabit5Text'));
+        expect(habits[1].notes).to.eql(t('defaultHabit5Notes'));
+
+        expect(dailys).to.have.a.lengthOf(1);
+        expect(dailys[0].text).to.eql(t('defaultDaily1Text'));
+        expect(dailys[0].notes).to.eql('');
+
+        expect(todos).to.have.a.lengthOf(2);
+        expect(todos[0].text).to.eql(t('defaultTodo1Text'));
+        expect(todos[0].notes).to.eql(t('defaultTodoNotes'));
+        expect(todos[1].text).to.eql(t('defaultTodo2Text'));
+        expect(todos[1].notes).to.eql(t('defaultTodo2Notes'));
+
+        expect(rewards).to.have.a.lengthOf(1);
+        expect(rewards[0].text).to.eql(t('defaultReward2Text'));
+        expect(rewards[0].notes).to.eql(t('defaultReward2Notes'));
+
+        expect(tags).to.have.a.lengthOf(7);
+        expect(tags[0].name).to.eql(t('defaultTag1'));
+        expect(tags[1].name).to.eql(t('defaultTag2'));
+        expect(tags[2].name).to.eql(t('defaultTag3'));
+        expect(tags[3].name).to.eql(t('defaultTag4'));
+        expect(tags[4].name).to.eql(t('defaultTag5'));
+        expect(tags[5].name).to.eql(t('defaultTag6'));
+        expect(tags[6].name).to.eql(t('defaultTag7'));
+      });
+
+      it('for iOS', async () => {
+        api = requester(
+          null,
+          {'x-client': 'habitica-ios'},
+        );
+        let username = generateRandomUserName();
+        let email = `${username}@example.com`;
+        let password = 'password';
+
+        let user = await api.post('/user/auth/local/register', {
+          username,
+          email,
+          password,
+          confirmPassword: password,
+        });
+
+        let requests = new ApiUser(user);
+
+        let habits = await requests.get('/tasks/user?type=habits');
+        let dailys = await requests.get('/tasks/user?type=dailys');
+        let todos = await requests.get('/tasks/user?type=todos');
+        let rewards = await requests.get('/tasks/user?type=rewards');
+        let tags = await requests.get('/tags');
+
+        expect(habits).to.have.a.lengthOf(2);
+        expect(habits[0].text).to.eql(t('defaultHabit4Text'));
+        expect(habits[0].notes).to.eql(t('defaultHabit4Notes'));
+        expect(habits[1].text).to.eql(t('defaultHabit5Text'));
+        expect(habits[1].notes).to.eql(t('defaultHabit5Notes'));
+
+        expect(dailys).to.have.a.lengthOf(1);
+        expect(dailys[0].text).to.eql(t('defaultDaily1Text'));
+        expect(dailys[0].notes).to.eql('');
+
+        expect(todos).to.have.a.lengthOf(2);
+        expect(todos[0].text).to.eql(t('defaultTodo1Text'));
+        expect(todos[0].notes).to.eql(t('defaultTodoNotes'));
+        expect(todos[1].text).to.eql(t('defaultTodo2Text'));
+        expect(todos[1].notes).to.eql(t('defaultTodo2Notes'));
+
+        expect(rewards).to.have.a.lengthOf(1);
+        expect(rewards[0].text).to.eql(t('defaultReward2Text'));
+        expect(rewards[0].notes).to.eql(t('defaultReward2Notes'));
+
+        expect(tags).to.have.a.lengthOf(7);
+        expect(tags[0].name).to.eql(t('defaultTag1'));
+        expect(tags[1].name).to.eql(t('defaultTag2'));
+        expect(tags[2].name).to.eql(t('defaultTag3'));
+        expect(tags[3].name).to.eql(t('defaultTag4'));
+        expect(tags[4].name).to.eql(t('defaultTag5'));
+        expect(tags[5].name).to.eql(t('defaultTag6'));
+        expect(tags[6].name).to.eql(t('defaultTag7'));
+      });
     });
 
     it('enrolls new users in an A/B test', async () => {
@@ -67,10 +251,26 @@ describe('POST /user/auth/local/register', () => {
         confirmPassword: password,
       });
 
-      await expect(getProperty('users', user._id, '_ABtest')).to.eventually.be.a('string');
       await expect(getProperty('users', user._id, '_ABtests')).to.eventually.be.a('object');
     });
 
+    it('includes items awarded by default when creating a new user', async () => {
+      let username = generateRandomUserName();
+      let email = `${username}@example.com`;
+      let password = 'password';
+
+      let user = await api.post('/user/auth/local/register', {
+        username,
+        email,
+        password,
+        confirmPassword: password,
+      });
+
+      expect(user.items.quests.dustbunnies).to.equal(1);
+      expect(user.purchased.background.violet).to.be.ok;
+      expect(user.preferences.background).to.equal('violet');
+    });
+
     it('requires password and confirmPassword to match', async () => {
       let username = generateRandomUserName();
       let email = `${username}@example.com`;

test/api/v3/integration/user/auth/POST-user_auth_social.test.js

@@ -83,7 +83,7 @@ describe('POST /user/auth/social', () => {
         network,
       });
 
-      await expect(getProperty('users', user._id, '_ABtest')).to.eventually.be.a('string');
+      await expect(getProperty('users', user._id, '_ABtests')).to.eventually.be.a('object');
     });
   });
 
@@ -139,7 +139,7 @@ describe('POST /user/auth/social', () => {
         network,
       });
 
-      await expect(getProperty('users', user._id, '_ABtest')).to.eventually.be.a('string');
+      await expect(getProperty('users', user._id, '_ABtests')).to.eventually.be.a('object');
     });
   });
 });

test/api/v3/integration/user/auth/PUT-user_update_email.test.js

@@ -8,6 +8,8 @@ import {
   sha1Encrypt as sha1EncryptPassword,
 } from '../../../../../../website/server/libs/password';
 
+import nconf from 'nconf';
+
 const ENDPOINT = '/user/auth/update-email';
 
 describe('PUT /user/auth/update-email', () => {
@@ -68,7 +70,7 @@ describe('PUT /user/auth/update-email', () => {
       })).to.eventually.be.rejected.and.eql({
         code: 401,
         error: 'NotAuthorized',
-        message: t('cannotFulfillReq'),
+        message: t('cannotFulfillReq', { techAssistanceEmail: nconf.get('EMAILS:TECH_ASSISTANCE_EMAIL') }),
       });
     });
 

test/api/v3/unit/libs/amazonPayments.test.js

@@ -102,6 +102,7 @@ describe('Amazon Payments', () => {
     });
 
     it('should purchase gems', async () => {
+      sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
       await amzLib.checkout({user, orderReferenceId, headers});
 
       expect(paymentBuyGemsStub).to.be.calledOnce;
@@ -111,22 +112,52 @@ describe('Amazon Payments', () => {
         headers,
       });
       expectAmazonStubs();
+      expect(user.canGetGems).to.be.calledOnce;
+      user.canGetGems.restore();
     });
 
-    it('should gift gems', async () => {
+    it('should error if gem amount is too low', async () => {
       let receivingUser = new User();
       receivingUser.save();
       let gift = {
         type: 'gems',
         gems: {
-          amount: 16,
+          amount: 0,
           uuid: receivingUser._id,
         },
       };
+
+      await expect(amzLib.checkout({gift, user, orderReferenceId, headers}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 400,
+        message: 'Amount must be at least 1.',
+        name: 'BadRequest',
+      });
+    });
+
+    it('should error if user cannot get gems gems', async () => {
+      sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+      await expect(amzLib.checkout({user, orderReferenceId, headers})).to.eventually.be.rejected.and.to.eql({
+        httpCode: 401,
+        message: i18n.t('groupPolicyCannotGetGems'),
+        name: 'NotAuthorized',
+      });
+      user.canGetGems.restore();
+    });
+
+    it('should gift gems', async () => {
+      let receivingUser = new User();
+      await receivingUser.save();
+      let gift = {
+        type: 'gems',
+        uuid: receivingUser._id,
+        gems: {
+          amount: 16,
+        },
+      };
       amount = 16 / 4;
       await amzLib.checkout({gift, user, orderReferenceId, headers});
 
-      gift.member = receivingUser;
       expect(paymentBuyGemsStub).to.be.calledOnce;
       expect(paymentBuyGemsStub).to.be.calledWith({
         user,
@@ -525,6 +556,7 @@ describe('Amazon Payments', () => {
         nextBill: moment(user.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
         paymentMethod: amzLib.constants.PAYMENT_METHOD,
         headers,
+        cancellationReason: undefined,
       });
       expectAmazonStubs();
     });
@@ -555,6 +587,7 @@ describe('Amazon Payments', () => {
         nextBill: moment(user.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
         paymentMethod: amzLib.constants.PAYMENT_METHOD,
         headers,
+        cancellationReason: undefined,
       });
       amzLib.closeBillingAgreement.restore();
     });
@@ -593,6 +626,7 @@ describe('Amazon Payments', () => {
         nextBill: moment(group.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
         paymentMethod: amzLib.constants.PAYMENT_METHOD,
         headers,
+        cancellationReason: undefined,
       });
       expectAmazonStubs();
     });
@@ -623,6 +657,7 @@ describe('Amazon Payments', () => {
         nextBill: moment(group.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
         paymentMethod: amzLib.constants.PAYMENT_METHOD,
         headers,
+        cancellationReason: undefined,
       });
       amzLib.closeBillingAgreement.restore();
     });

test/api/v3/unit/libs/applePayments.test.js

@@ -57,7 +57,20 @@ describe('Apple Payments', ()  => {
         });
     });
 
+    it('errors if the user cannot purchase gems', async () => {
+      sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+      await expect(applePayments.verifyGemPurchase(user, receipt, headers))
+        .to.eventually.be.rejected.and.to.eql({
+          httpCode: 401,
+          name: 'NotAuthorized',
+          message: i18n.t('groupPolicyCannotGetGems'),
+        });
+
+      user.canGetGems.restore();
+    });
+
     it('purchases gems', async () => {
+      sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
       await applePayments.verifyGemPurchase(user, receipt, headers);
 
       expect(iapSetupStub).to.be.calledOnce;
@@ -74,6 +87,8 @@ describe('Apple Payments', ()  => {
         amount: 5.25,
         headers,
       });
+      expect(user.canGetGems).to.be.calledOnce;
+      user.canGetGems.restore();
     });
   });
 

test/api/v3/unit/libs/cron.test.js

@@ -79,6 +79,13 @@ describe('cron', () => {
       expect(user.purchased.plan.gemsBought).to.equal(0);
     });
 
+    it('resets plan.gemsBought on a new month if user does not have purchased.plan.dateUpdated', () => {
+      user.purchased.plan.gemsBought = 10;
+      user.purchased.plan.dateUpdated = undefined;
+      cron({user, tasksByType, daysMissed, analytics});
+      expect(user.purchased.plan.gemsBought).to.equal(0);
+    });
+
     it('does not reset plan.gemsBought within the month', () => {
       let clock = sinon.useFakeTimers(moment().startOf('month').add(2, 'days').unix());
       user.purchased.plan.dateUpdated = moment().startOf('month').toDate();
@@ -313,6 +320,24 @@ describe('cron', () => {
       expect(tasksByType.dailys[0].completed).to.be.false;
       expect(user.stats.hp).to.equal(healthBefore);
     });
+
+    it('sets isDue for daily', () => {
+      let daily = {
+        text: 'test daily',
+        type: 'daily',
+        frequency: 'daily',
+        everyX: 5,
+        startDate: new Date(),
+      };
+
+      let task = new Tasks.daily(Tasks.Task.sanitize(daily)); // eslint-disable-line new-cap
+      tasksByType.dailys.push(task);
+      tasksByType.dailys[0].completed = true;
+
+      cron({user, tasksByType, daysMissed, analytics});
+
+      expect(tasksByType.dailys[0].isDue).to.be.exist;
+    });
   });
 
   describe('todos', () => {
@@ -358,6 +383,22 @@ describe('cron', () => {
       };
     });
 
+    it('computes isDue', () => {
+      tasksByType.dailys[0].frequency = 'daily';
+      tasksByType.dailys[0].everyX = 5;
+      tasksByType.dailys[0].startDate = moment().add(1, 'days').toDate();
+      cron({user, tasksByType, daysMissed, analytics});
+      expect(tasksByType.dailys[0].isDue).to.be.false;
+    });
+
+    it('computes nextDue', () => {
+      tasksByType.dailys[0].frequency = 'daily';
+      tasksByType.dailys[0].everyX = 5;
+      tasksByType.dailys[0].startDate = moment().add(1, 'days').toDate();
+      cron({user, tasksByType, daysMissed, analytics});
+      expect(tasksByType.dailys[0].nextDue.length).to.eql(6);
+    });
+
     it('should add history', () => {
       cron({user, tasksByType, daysMissed, analytics});
       expect(tasksByType.dailys[0].history).to.be.lengthOf(1);
@@ -442,6 +483,25 @@ describe('cron', () => {
 
       expect(progress.down).to.equal(-1);
     });
+
+    it('should do damage for only yesterday\'s dailies', () => {
+      daysMissed = 3;
+      tasksByType.dailys[0].startDate = moment(new Date()).subtract({days: 1});
+
+      let daily = {
+        text: 'test daily',
+        type: 'daily',
+      };
+      let task = new Tasks.daily(Tasks.Task.sanitize(daily)); // eslint-disable-line new-cap
+      tasksByType.dailys.push(task);
+      tasksByType.dailys[1].startDate = moment(new Date()).subtract({days: 2});
+      tasksByType.dailys[1].everyX = 2;
+      tasksByType.dailys[1].frequency = 'daily';
+
+      cron({user, tasksByType, daysMissed, analytics});
+
+      expect(user.stats.hp).to.equal(48);
+    });
   });
 
   describe('habits', () => {

test/api/v3/unit/libs/googlePayments.test.js

@@ -63,7 +63,21 @@ describe('Google Payments', ()  => {
         });
     });
 
+    it('should throw an error if user cannot purchase gems', async () => {
+      sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+
+      await expect(googlePayments.verifyGemPurchase(user, receipt, signature, headers))
+        .to.eventually.be.rejected.and.to.eql({
+          httpCode: 401,
+          name: 'NotAuthorized',
+          message: i18n.t('groupPolicyCannotGetGems'),
+        });
+
+      user.canGetGems.restore();
+    });
+
     it('purchases gems', async () => {
+      sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
       await googlePayments.verifyGemPurchase(user, receipt, signature, headers);
 
       expect(iapSetupStub).to.be.calledOnce;
@@ -82,6 +96,8 @@ describe('Google Payments', ()  => {
         amount: 5.25,
         headers,
       });
+      expect(user.canGetGems).to.be.calledOnce;
+      user.canGetGems.restore();
     });
   });
 

test/api/v3/unit/libs/payments.test.js

@@ -16,6 +16,7 @@ describe('payments/index', () => {
   beforeEach(async () => {
     user = new User();
     user.profile.name = 'sender';
+    await user.save();
 
     group = generateGroup({
       name: 'test group',
@@ -83,6 +84,12 @@ describe('payments/index', () => {
         };
       });
 
+      it('awards the Royal Purple Jackalope pet', async () => {
+        await api.createSubscription(data);
+
+        expect(recipient.items.pets['Jackalope-RoyalPurple']).to.eql(5);
+      });
+
       it('adds extra months to an existing subscription', async () => {
         recipient.purchased.plan = plan;
 
@@ -241,6 +248,12 @@ describe('payments/index', () => {
         expect(user.purchased.plan.dateCreated).to.exist;
       });
 
+      it('awards the Royal Purple Jackalope pet', async () => {
+        await api.createSubscription(data);
+
+        expect(user.items.pets['Jackalope-RoyalPurple']).to.eql(5);
+      });
+
       it('sets extraMonths if plan has dateTerminated date', async () => {
         user.purchased.plan = plan;
         user.purchased.plan.dateTerminated = moment(new Date()).add(2, 'months');
@@ -492,6 +505,18 @@ describe('payments/index', () => {
         expect(daysTillTermination).to.be.within(13, 15);
       });
 
+      it('terminates at next billing date even if dateUpdated is prior to now', async () => {
+        data.nextBill = moment().add({ days: 15 });
+        data.user.purchased.plan.dateUpdated = moment().subtract({ days: 10 });
+
+        await api.cancelSubscription(data);
+
+        let now = new Date();
+        let daysTillTermination = moment(user.purchased.plan.dateTerminated).diff(now, 'days');
+
+        expect(daysTillTermination).to.be.within(13, 15);
+      });
+
       it('resets plan.extraMonths', async () => {
         user.purchased.plan.extraMonths = 5;
 
@@ -633,5 +658,40 @@ describe('payments/index', () => {
       expect(updatedUser.purchased.plan.lastBillingDate).to.not.exist;
       expect(updatedUser.purchased.plan.dateCreated).to.exist;
     });
+
+    it('awards the Royal Purple Jackalope pet', async () => {
+      await api.addSubToGroupUser(user, group);
+
+      let updatedUser = await User.findById(user._id).exec();
+
+      expect(updatedUser.items.pets['Jackalope-RoyalPurple']).to.eql(5);
+    });
+
+    it('saves previously unused Mystery Items and Hourglasses for an expired subscription', async () => {
+      let planExpirationDate = new Date();
+      planExpirationDate.setDate(planExpirationDate.getDate() - 2);
+      let mysteryItem = 'item';
+      let mysteryItems = [mysteryItem];
+      let consecutive = {
+        trinkets: 3,
+      };
+
+      // set expired plan with unused items
+      plan.mysteryItems = mysteryItems;
+      plan.consecutive = consecutive;
+      plan.dateCreated = planExpirationDate;
+      plan.dateTerminated = planExpirationDate;
+      plan.customerId = null;
+
+      user.purchased.plan = plan;
+
+      await user.save();
+      await api.addSubToGroupUser(user, group);
+
+      let updatedUser = await User.findById(user._id).exec();
+
+      expect(updatedUser.purchased.plan.mysteryItems[0]).to.eql(mysteryItem);
+      expect(updatedUser.purchased.plan.consecutive.trinkets).to.equal(consecutive.trinkets);
+    });
   });
 });

test/api/v3/unit/libs/payments/group-plans/group-payments-cancel.test.js

@@ -138,7 +138,7 @@ describe('Canceling a subscription for group', () => {
     ]);
   });
 
-  it('prevents non group leader from manging subscription', async () => {
+  it('prevents non group leader from managing subscription', async () => {
     let groupMember = new User();
     data.user = groupMember;
     data.groupId = group._id;

test/api/v3/unit/libs/payments/group-plans/group-payments-create.test.js

@@ -1,5 +1,6 @@
 import moment from 'moment';
 import stripeModule from 'stripe';
+import nconf from 'nconf';
 
 import * as sender from '../../../../../../../website/server/libs/email';
 import * as api from '../../../../../../../website/server/libs/payments';
@@ -12,17 +13,24 @@ import {
   generateGroup,
 } from '../../../../../../helpers/api-unit.helper.js';
 
-describe('Purchasing a subscription for group', () => {
+describe('Purchasing a group plan for group', () => {
+  const EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_GOOGLE = 'Google_subscription';
+  const EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_IOS = 'iOS_subscription';
+  const EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_NORMAL = 'normal_subscription';
+  const EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_NONE = 'no_subscription';
+
   let plan, group, user, data;
   let stripe = stripeModule('test');
+  let groupLeaderName = 'sender';
+  let groupName = 'test group';
 
   beforeEach(async () => {
     user = new User();
-    user.profile.name = 'sender';
+    user.profile.name = groupLeaderName;
     await user.save();
 
     group = generateGroup({
-      name: 'test group',
+      name: groupName,
       type: 'guild',
       privacy: 'public',
       leader: user._id,
@@ -81,7 +89,7 @@ describe('Purchasing a subscription for group', () => {
     sender.sendTxn.restore();
   });
 
-  it('creates a subscription', async () => {
+  it('creates a group plan', async () => {
     expect(group.purchased.plan.planId).to.not.exist;
     data.groupId = group._id;
 
@@ -157,7 +165,7 @@ describe('Purchasing a subscription for group', () => {
     expect(updatedLeader.items.mounts['Jackalope-RoyalPurple']).to.be.true;
   });
 
-  it('sends an email to members of group', async () => {
+  it('sends an email to member of group who was not a subscriber', async () => {
     let recipient = new User();
     recipient.profile.name = 'recipient';
     recipient.guilds.push(group._id);
@@ -169,11 +177,181 @@ describe('Purchasing a subscription for group', () => {
 
     expect(sender.sendTxn).to.be.calledTwice;
     expect(sender.sendTxn.firstCall.args[0]._id).to.equal(recipient._id);
-    expect(sender.sendTxn.firstCall.args[1]).to.equal('group-member-joining');
+    expect(sender.sendTxn.firstCall.args[1]).to.equal('group-member-join');
     expect(sender.sendTxn.firstCall.args[2]).to.eql([
       {name: 'LEADER', content: user.profile.name},
       {name: 'GROUP_NAME', content: group.name},
+      {name: 'PREVIOUS_SUBSCRIPTION_TYPE', content: EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_NONE},
     ]);
+    // confirm that the other email sent is appropriate:
+    expect(sender.sendTxn.secondCall.args[0]._id).to.equal(group.leader);
+    expect(sender.sendTxn.secondCall.args[1]).to.equal('group-subscription-begins');
+  });
+
+  it('sends one email to subscribed member of group, stating subscription is cancelled (Stripe)', async () => {
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    plan.key = 'basic_earned';
+    plan.paymentMethod = stripePayments.constants.PAYMENT_METHOD;
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    expect(sender.sendTxn).to.be.calledTwice;
+    expect(sender.sendTxn.firstCall.args[0]._id).to.equal(recipient._id);
+    expect(sender.sendTxn.firstCall.args[1]).to.equal('group-member-join');
+    expect(sender.sendTxn.firstCall.args[2]).to.eql([
+      {name: 'LEADER', content: user.profile.name},
+      {name: 'GROUP_NAME', content: group.name},
+      {name: 'PREVIOUS_SUBSCRIPTION_TYPE', content: EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_NORMAL},
+    ]);
+    // confirm that the other email sent is not a cancel-subscription email:
+    expect(sender.sendTxn.secondCall.args[0]._id).to.equal(group.leader);
+    expect(sender.sendTxn.secondCall.args[1]).to.equal('group-subscription-begins');
+  });
+
+  it('sends one email to subscribed member of group, stating subscription is cancelled (Amazon)', async () => {
+    sinon.stub(amzLib, 'getBillingAgreementDetails')
+      .returnsPromise()
+      .resolves({
+        BillingAgreementDetails: {
+          BillingAgreementStatus: {State: 'Closed'},
+        },
+      });
+
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    plan.planId = 'basic_earned';
+    plan.paymentMethod = amzLib.constants.PAYMENT_METHOD;
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    expect(sender.sendTxn).to.be.calledTwice;
+    expect(sender.sendTxn.firstCall.args[0]._id).to.equal(recipient._id);
+    expect(sender.sendTxn.firstCall.args[1]).to.equal('group-member-join');
+    expect(sender.sendTxn.firstCall.args[2]).to.eql([
+      {name: 'LEADER', content: user.profile.name},
+      {name: 'GROUP_NAME', content: group.name},
+      {name: 'PREVIOUS_SUBSCRIPTION_TYPE', content: EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_NORMAL},
+    ]);
+    // confirm that the other email sent is not a cancel-subscription email:
+    expect(sender.sendTxn.secondCall.args[0]._id).to.equal(group.leader);
+    expect(sender.sendTxn.secondCall.args[1]).to.equal('group-subscription-begins');
+
+    amzLib.getBillingAgreementDetails.restore();
+  });
+
+  it('sends one email to subscribed member of group, stating subscription is cancelled (PayPal)', async () => {
+    sinon.stub(paypalPayments, 'paypalBillingAgreementCancel').returnsPromise().resolves({});
+    sinon.stub(paypalPayments, 'paypalBillingAgreementGet')
+      .returnsPromise().resolves({
+        agreement_details: { // eslint-disable-line camelcase
+          next_billing_date: moment().add(3, 'months').toDate(), // eslint-disable-line camelcase
+          cycles_completed: 1, // eslint-disable-line camelcase
+        },
+      });
+
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    plan.planId = 'basic_earned';
+    plan.paymentMethod = paypalPayments.constants.PAYMENT_METHOD;
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    expect(sender.sendTxn).to.be.calledTwice;
+    expect(sender.sendTxn.firstCall.args[0]._id).to.equal(recipient._id);
+    expect(sender.sendTxn.firstCall.args[1]).to.equal('group-member-join');
+    expect(sender.sendTxn.firstCall.args[2]).to.eql([
+      {name: 'LEADER', content: user.profile.name},
+      {name: 'GROUP_NAME', content: group.name},
+      {name: 'PREVIOUS_SUBSCRIPTION_TYPE', content: EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_NORMAL},
+    ]);
+    // confirm that the other email sent is not a cancel-subscription email:
+    expect(sender.sendTxn.secondCall.args[0]._id).to.equal(group.leader);
+    expect(sender.sendTxn.secondCall.args[1]).to.equal('group-subscription-begins');
+
+    paypalPayments.paypalBillingAgreementGet.restore();
+    paypalPayments.paypalBillingAgreementCancel.restore();
+  });
+
+  it('sends appropriate emails when subscribed member of group must manually cancel recurring Android subscription', async () => {
+    const TECH_ASSISTANCE_EMAIL = nconf.get('TECH_ASSISTANCE_EMAIL');
+    plan.customerId = 'random';
+    plan.paymentMethod = api.constants.GOOGLE_PAYMENT_METHOD;
+
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    expect(sender.sendTxn).to.be.calledFourTimes;
+    expect(sender.sendTxn.args[0][0]._id).to.equal(TECH_ASSISTANCE_EMAIL);
+    expect(sender.sendTxn.args[0][1]).to.equal('admin-user-subscription-details');
+    expect(sender.sendTxn.args[1][0]._id).to.equal(recipient._id);
+    expect(sender.sendTxn.args[1][1]).to.equal('group-member-join');
+    expect(sender.sendTxn.args[1][2]).to.eql([
+      {name: 'LEADER', content: groupLeaderName},
+      {name: 'GROUP_NAME', content: groupName},
+      {name: 'PREVIOUS_SUBSCRIPTION_TYPE', content: EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_GOOGLE},
+    ]);
+    expect(sender.sendTxn.args[2][0]._id).to.equal(group.leader);
+    expect(sender.sendTxn.args[2][1]).to.equal('group-member-join');
+    expect(sender.sendTxn.args[3][0]._id).to.equal(group.leader);
+    expect(sender.sendTxn.args[3][1]).to.equal('group-subscription-begins');
+  });
+
+  it('sends appropriate emails when subscribed member of group must manually cancel recurring iOS subscription', async () => {
+    const TECH_ASSISTANCE_EMAIL = nconf.get('TECH_ASSISTANCE_EMAIL');
+    plan.customerId = 'random';
+    plan.paymentMethod = api.constants.IOS_PAYMENT_METHOD;
+
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    expect(sender.sendTxn).to.be.calledFourTimes;
+    expect(sender.sendTxn.args[0][0]._id).to.equal(TECH_ASSISTANCE_EMAIL);
+    expect(sender.sendTxn.args[0][1]).to.equal('admin-user-subscription-details');
+    expect(sender.sendTxn.args[1][0]._id).to.equal(recipient._id);
+    expect(sender.sendTxn.args[1][1]).to.equal('group-member-join');
+    expect(sender.sendTxn.args[1][2]).to.eql([
+      {name: 'LEADER', content: groupLeaderName},
+      {name: 'GROUP_NAME', content: groupName},
+      {name: 'PREVIOUS_SUBSCRIPTION_TYPE', content: EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_IOS},
+    ]);
+    expect(sender.sendTxn.args[2][0]._id).to.equal(group.leader);
+    expect(sender.sendTxn.args[2][1]).to.equal('group-member-join');
+    expect(sender.sendTxn.args[3][0]._id).to.equal(group.leader);
+    expect(sender.sendTxn.args[3][1]).to.equal('group-subscription-begins');
   });
 
   it('adds months to members with existing gift subscription', async () => {
@@ -333,7 +511,7 @@ describe('Purchasing a subscription for group', () => {
   });
 
   it('adds months to members with existing recurring subscription (Android)');
-  it('adds months to members with existing recurring subscription (iOs)');
+  it('adds months to members with existing recurring subscription (iOS)');
 
   it('adds months to members who already cancelled but not yet terminated recurring subscription', async () => {
     let recipient = new User();
@@ -418,7 +596,7 @@ describe('Purchasing a subscription for group', () => {
 
     let updatedUser = await User.findById(recipient._id).exec();
 
-    expect(updatedUser.purchased.plan.extraMonths).to.within(7, 8);
+    expect(updatedUser.purchased.plan.extraMonths).to.within(7, 9);
   });
 
   it('adds months to members with existing recurring subscription and ignores existing negative extraMonths', async () => {
@@ -603,6 +781,64 @@ describe('Purchasing a subscription for group', () => {
     expect(updatedUser.purchased.plan.dateCreated).to.exist;
   });
 
+  it('does not modify a user with an Android subscription', async () => {
+    plan.customerId = 'random';
+    plan.paymentMethod = api.constants.GOOGLE_PAYMENT_METHOD;
+
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedUser = await User.findById(recipient._id).exec();
+
+    expect(updatedUser.purchased.plan.planId).to.eql('basic_3mo');
+    expect(updatedUser.purchased.plan.customerId).to.eql('random');
+    expect(updatedUser.purchased.plan.dateUpdated).to.exist;
+    expect(updatedUser.purchased.plan.gemsBought).to.eql(0);
+    expect(updatedUser.purchased.plan.paymentMethod).to.eql(api.constants.GOOGLE_PAYMENT_METHOD);
+    expect(updatedUser.purchased.plan.extraMonths).to.eql(0);
+    expect(updatedUser.purchased.plan.dateTerminated).to.eql(null);
+    expect(updatedUser.purchased.plan.lastBillingDate).to.exist;
+    expect(updatedUser.purchased.plan.dateCreated).to.exist;
+  });
+
+  it('does not modify a user with an iOS subscription', async () => {
+    plan.customerId = 'random';
+    plan.paymentMethod = api.constants.IOS_PAYMENT_METHOD;
+
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    let updatedUser = await User.findById(recipient._id).exec();
+
+    expect(updatedUser.purchased.plan.planId).to.eql('basic_3mo');
+    expect(updatedUser.purchased.plan.customerId).to.eql('random');
+    expect(updatedUser.purchased.plan.dateUpdated).to.exist;
+    expect(updatedUser.purchased.plan.gemsBought).to.eql(0);
+    expect(updatedUser.purchased.plan.paymentMethod).to.eql(api.constants.IOS_PAYMENT_METHOD);
+    expect(updatedUser.purchased.plan.extraMonths).to.eql(0);
+    expect(updatedUser.purchased.plan.dateTerminated).to.eql(null);
+    expect(updatedUser.purchased.plan.lastBillingDate).to.exist;
+    expect(updatedUser.purchased.plan.dateCreated).to.exist;
+  });
+
   it('updates a user with a cancelled but active group subscription', async () => {
     plan.key = 'basic_earned';
     plan.customerId = api.constants.GROUP_PLAN_CUSTOMER_ID;

test/api/v3/unit/libs/paypalPayments.test.js

@@ -61,23 +61,54 @@ describe('Paypal Payments', ()  => {
     });
 
     it('creates a link for gem purchases', async () => {
-      let link = await paypalPayments.checkout();
+      let link = await paypalPayments.checkout({user: new User()});
 
       expect(paypalPaymentCreateStub).to.be.calledOnce;
       expect(paypalPaymentCreateStub).to.be.calledWith(getPaypalCreateOptions('Habitica Gems', 5.00));
       expect(link).to.eql(approvalHerf);
     });
 
-    it('creates a link for gifting gems', async () => {
+    it('should error if gem amount is too low', async () => {
       let receivingUser = new User();
+      receivingUser.save();
       let gift = {
         type: 'gems',
         gems: {
-          amount: 16,
+          amount: 0,
           uuid: receivingUser._id,
         },
       };
 
+      await expect(paypalPayments.checkout({gift}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 400,
+        message: 'Amount must be at least 1.',
+        name: 'BadRequest',
+      });
+    });
+
+    it('should error if the user cannot get gems', async () => {
+      let user = new User();
+      sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+
+      await expect(paypalPayments.checkout({user})).to.eventually.be.rejected.and.to.eql({
+        httpCode: 401,
+        message: i18n.t('groupPolicyCannotGetGems'),
+        name: 'NotAuthorized',
+      });
+    });
+
+    it('creates a link for gifting gems', async () => {
+      let receivingUser = new User();
+      await receivingUser.save();
+      let gift = {
+        type: 'gems',
+        uuid: receivingUser._id,
+        gems: {
+          amount: 16,
+        },
+      };
+
       let link = await paypalPayments.checkout({gift});
 
       expect(paypalPaymentCreateStub).to.be.calledOnce;
@@ -447,6 +478,7 @@ describe('Paypal Payments', ()  => {
         groupId,
         paymentMethod: 'Paypal',
         nextBill: nextBillingDate,
+        cancellationReason: undefined,
       });
     });
 
@@ -464,6 +496,7 @@ describe('Paypal Payments', ()  => {
         groupId: group._id,
         paymentMethod: 'Paypal',
         nextBill: nextBillingDate,
+        cancellationReason: undefined,
       });
     });
   });

test/api/v3/unit/libs/stripePayments.test.js

@@ -10,6 +10,9 @@ import { model as Coupon } from '../../../../../website/server/models/coupon';
 import stripePayments from '../../../../../website/server/libs/stripePayments';
 import payments from '../../../../../website/server/libs/payments';
 import common from '../../../../../website/common';
+import logger from '../../../../../website/server/libs/logger';
+import { v4 as uuid } from 'uuid';
+import moment from 'moment';
 
 const i18n = common.i18n;
 
@@ -45,7 +48,57 @@ describe('Stripe Payments', () => {
       payments.createSubscription.restore();
     });
 
+    it('should error if gem amount is too low', async () => {
+      let receivingUser = new User();
+      receivingUser.save();
+      gift = {
+        type: 'gems',
+        gems: {
+          amount: 0,
+          uuid: receivingUser._id,
+        },
+      };
+
+      await expect(stripePayments.checkout({
+        token,
+        user,
+        gift,
+        groupId,
+        email,
+        headers,
+        coupon,
+      }, stripe))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 400,
+        message: 'Amount must be at least 1.',
+        name: 'BadRequest',
+      });
+    });
+
+
+    it('should error if user cannot get gems', async () => {
+      gift = undefined;
+      sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+
+      await expect(stripePayments.checkout({
+        token,
+        user,
+        gift,
+        groupId,
+        email,
+        headers,
+        coupon,
+      }, stripe)).to.eventually.be.rejected.and.to.eql({
+        httpCode: 401,
+        message: i18n.t('groupPolicyCannotGetGems'),
+        name: 'NotAuthorized',
+      });
+    });
+
     it('should purchase gems', async () => {
+      gift = undefined;
+      sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
+
       await stripePayments.checkout({
         token,
         user,
@@ -70,16 +123,18 @@ describe('Stripe Payments', () => {
         paymentMethod: 'Stripe',
         gift,
       });
+      expect(user.canGetGems).to.be.calledOnce;
+      user.canGetGems.restore();
     });
 
     it('should gift gems', async () => {
       let receivingUser = new User();
-      receivingUser.save();
+      await receivingUser.save();
       gift = {
         type: 'gems',
+        uuid: receivingUser._id,
         gems: {
           amount: 16,
-          uuid: receivingUser._id,
         },
       };
 
@@ -93,7 +148,6 @@ describe('Stripe Payments', () => {
         coupon,
       }, stripe);
 
-      gift.member = receivingUser;
       expect(stripeChargeStub).to.be.calledOnce;
       expect(stripeChargeStub).to.be.calledWith({
         amount: '400',
@@ -680,6 +734,7 @@ describe('Stripe Payments', () => {
           groupId: undefined,
           nextBill: currentPeriodEndTimeStamp * 1000, // timestamp in seconds
           paymentMethod: 'Stripe',
+          cancellationReason: undefined,
         });
       });
 
@@ -699,6 +754,7 @@ describe('Stripe Payments', () => {
           groupId,
           nextBill: currentPeriodEndTimeStamp * 1000, // timestamp in seconds
           paymentMethod: 'Stripe',
+          cancellationReason: undefined,
         });
       });
     });
@@ -759,4 +815,245 @@ describe('Stripe Payments', () => {
       expect(updatedGroup.purchased.plan.quantity).to.eql(4);
     });
   });
+
+  describe('handleWebhooks', () => {
+    describe('all events', () => {
+      const eventType = 'account.updated';
+      const event = {id: 123};
+      const eventRetrieved = {type: eventType};
+
+      beforeEach(() => {
+        sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves(eventRetrieved);
+        sinon.stub(logger, 'error');
+      });
+
+      afterEach(() => {
+        stripe.events.retrieve.restore();
+        logger.error.restore();
+      });
+
+      it('logs an error if an unsupported webhook event is passed', async () => {
+        const error = new Error(`Missing handler for Stripe webhook ${eventType}`);
+        await stripePayments.handleWebhooks({requestBody: event}, stripe);
+        expect(logger.error).to.have.been.called.once;
+        expect(logger.error).to.have.been.calledWith(error, {event: eventRetrieved});
+      });
+
+      it('retrieves and validates the event from Stripe', async () => {
+        await stripePayments.handleWebhooks({requestBody: event}, stripe);
+        expect(stripe.events.retrieve).to.have.been.called.once;
+        expect(stripe.events.retrieve).to.have.been.calledWith(event.id);
+      });
+    });
+
+    describe('customer.subscription.deleted', () => {
+      const eventType = 'customer.subscription.deleted';
+
+      beforeEach(() => {
+        sinon.stub(stripe.customers, 'del').returnsPromise().resolves({});
+        sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+      });
+
+      afterEach(() => {
+        stripe.customers.del.restore();
+        payments.cancelSubscription.restore();
+      });
+
+      it('does not do anything if event.request is null (subscription cancelled manually)', async () => {
+        sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+          id: 123,
+          type: eventType,
+          request: 123,
+        });
+
+        await stripePayments.handleWebhooks({requestBody: {}}, stripe);
+
+        expect(stripe.events.retrieve).to.have.been.called.once;
+        expect(stripe.customers.del).to.not.have.been.called;
+        expect(payments.cancelSubscription).to.not.have.been.called;
+        stripe.events.retrieve.restore();
+      });
+
+      describe('user subscription', () => {
+        it('throws an error if the user is not found', async () => {
+          const customerId = 456;
+          sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+            id: 123,
+            type: eventType,
+            data: {
+              object: {
+                plan: {
+                  id: 'basic_earned',
+                },
+                customer: customerId,
+              },
+            },
+            request: null,
+          });
+
+          await expect(stripePayments.handleWebhooks({requestBody: {}}, stripe)).to.eventually.be.rejectedWith({
+            message: i18n.t('userNotFound'),
+            httpCode: 404,
+            name: 'NotFound',
+          });
+
+          expect(stripe.customers.del).to.not.have.been.called;
+          expect(payments.cancelSubscription).to.not.have.been.called;
+
+          stripe.events.retrieve.restore();
+        });
+
+        it('deletes the customer on Stripe and calls payments.cancelSubscription', async () => {
+          const customerId = '456';
+
+          let subscriber = new User();
+          subscriber.purchased.plan.customerId = customerId;
+          subscriber.purchased.plan.paymentMethod = 'Stripe';
+          await subscriber.save();
+
+          sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+            id: 123,
+            type: eventType,
+            data: {
+              object: {
+                plan: {
+                  id: 'basic_earned',
+                },
+                customer: customerId,
+              },
+            },
+            request: null,
+          });
+
+          await stripePayments.handleWebhooks({requestBody: {}}, stripe);
+
+          expect(stripe.customers.del).to.have.been.calledOnce;
+          expect(stripe.customers.del).to.have.been.calledWith(customerId);
+          expect(payments.cancelSubscription).to.have.been.calledOnce;
+
+          let cancelSubscriptionOpts = payments.cancelSubscription.lastCall.args[0];
+          expect(cancelSubscriptionOpts.user._id).to.equal(subscriber._id);
+          expect(cancelSubscriptionOpts.paymentMethod).to.equal('Stripe');
+          expect(Math.round(moment(cancelSubscriptionOpts.nextBill).diff(new Date(), 'days', true))).to.equal(3);
+          expect(cancelSubscriptionOpts.groupId).to.be.undefined;
+
+          stripe.events.retrieve.restore();
+        });
+      });
+
+      describe('group plan subscription', () => {
+        it('throws an error if the group is not found', async () => {
+          const customerId = 456;
+          sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+            id: 123,
+            type: eventType,
+            data: {
+              object: {
+                plan: {
+                  id: 'group_monthly',
+                },
+                customer: customerId,
+              },
+            },
+            request: null,
+          });
+
+          await expect(stripePayments.handleWebhooks({requestBody: {}}, stripe)).to.eventually.be.rejectedWith({
+            message: i18n.t('groupNotFound'),
+            httpCode: 404,
+            name: 'NotFound',
+          });
+
+          expect(stripe.customers.del).to.not.have.been.called;
+          expect(payments.cancelSubscription).to.not.have.been.called;
+
+          stripe.events.retrieve.restore();
+        });
+
+        it('throws an error if the group leader is not found', async () => {
+          const customerId = 456;
+
+          let subscriber = generateGroup({
+            name: 'test group',
+            type: 'guild',
+            privacy: 'public',
+            leader: uuid(),
+          });
+          subscriber.purchased.plan.customerId = customerId;
+          subscriber.purchased.plan.paymentMethod = 'Stripe';
+          await subscriber.save();
+
+          sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+            id: 123,
+            type: eventType,
+            data: {
+              object: {
+                plan: {
+                  id: 'group_monthly',
+                },
+                customer: customerId,
+              },
+            },
+            request: null,
+          });
+
+          await expect(stripePayments.handleWebhooks({requestBody: {}}, stripe)).to.eventually.be.rejectedWith({
+            message: i18n.t('userNotFound'),
+            httpCode: 404,
+            name: 'NotFound',
+          });
+
+          expect(stripe.customers.del).to.not.have.been.called;
+          expect(payments.cancelSubscription).to.not.have.been.called;
+
+          stripe.events.retrieve.restore();
+        });
+
+        it('deletes the customer on Stripe and calls payments.cancelSubscription', async () => {
+          const customerId = '456';
+
+          let leader = new User();
+          await leader.save();
+
+          let subscriber = generateGroup({
+            name: 'test group',
+            type: 'guild',
+            privacy: 'public',
+            leader: leader._id,
+          });
+          subscriber.purchased.plan.customerId = customerId;
+          subscriber.purchased.plan.paymentMethod = 'Stripe';
+          await subscriber.save();
+
+          sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+            id: 123,
+            type: eventType,
+            data: {
+              object: {
+                plan: {
+                  id: 'group_monthly',
+                },
+                customer: customerId,
+              },
+            },
+            request: null,
+          });
+
+          await stripePayments.handleWebhooks({requestBody: {}}, stripe);
+
+          expect(stripe.customers.del).to.have.been.calledOnce;
+          expect(stripe.customers.del).to.have.been.calledWith(customerId);
+          expect(payments.cancelSubscription).to.have.been.calledOnce;
+
+          let cancelSubscriptionOpts = payments.cancelSubscription.lastCall.args[0];
+          expect(cancelSubscriptionOpts.user._id).to.equal(leader._id);
+          expect(cancelSubscriptionOpts.paymentMethod).to.equal('Stripe');
+          expect(Math.round(moment(cancelSubscriptionOpts.nextBill).diff(new Date(), 'days', true))).to.equal(3);
+          expect(cancelSubscriptionOpts.groupId).to.equal(subscriber._id);
+
+          stripe.events.retrieve.restore();
+        });
+      });
+    });
+  });
 });

test/api/v3/unit/middlewares/redirects.js

@@ -0,0 +1,182 @@
+import {
+  generateRes,
+  generateReq,
+  generateNext,
+} from '../../../../helpers/api-unit.helper';
+import nconf from 'nconf';
+import requireAgain from 'require-again';
+
+describe('redirects middleware', () => {
+  let res, req, next;
+  let pathToRedirectsMiddleware = '../../../../../website/server/middlewares/redirects';
+
+  beforeEach(() => {
+    res = generateRes();
+    req = generateReq();
+    next = generateNext();
+  });
+
+  context('forceSSL', () => {
+    it('sends http requests to https', () => {
+      let nconfStub = sandbox.stub(nconf, 'get');
+      nconfStub.withArgs('BASE_URL').returns('https://habitica.com');
+      nconfStub.withArgs('IS_PROD').returns(true);
+      req.header = sandbox.stub().withArgs('x-forwarded-proto').returns('http');
+      req.originalUrl = '/static/front';
+
+      let attachRedirects = requireAgain(pathToRedirectsMiddleware);
+
+      attachRedirects.forceSSL(req, res, next);
+
+      expect(res.redirect).to.be.calledOnce;
+      expect(res.redirect).to.be.calledWith('https://habitica.com/static/front');
+    });
+
+    it('does not redirect https forwarded requests', () => {
+      let nconfStub = sandbox.stub(nconf, 'get');
+      nconfStub.withArgs('BASE_URL').returns('https://habitica.com');
+      nconfStub.withArgs('IS_PROD').returns(true);
+      req.header = sandbox.stub().withArgs('x-forwarded-proto').returns('https');
+      req.originalUrl = '/static/front';
+
+      let attachRedirects = requireAgain(pathToRedirectsMiddleware);
+
+      attachRedirects.forceSSL(req, res, next);
+
+      expect(res.redirect).to.be.notCalled;
+    });
+
+    it('does not redirect outside of production environments', () => {
+      let nconfStub = sandbox.stub(nconf, 'get');
+      nconfStub.withArgs('BASE_URL').returns('https://habitica.com');
+      nconfStub.withArgs('IS_PROD').returns(false);
+      req.header = sandbox.stub().withArgs('x-forwarded-proto').returns('http');
+      req.originalUrl = '/static/front';
+
+      let attachRedirects = requireAgain(pathToRedirectsMiddleware);
+
+      attachRedirects.forceSSL(req, res, next);
+
+      expect(res.redirect).to.be.notCalled;
+    });
+
+    it('does not redirect if base URL is not https', () => {
+      let nconfStub = sandbox.stub(nconf, 'get');
+      nconfStub.withArgs('BASE_URL').returns('http://habitica.com');
+      nconfStub.withArgs('IS_PROD').returns(true);
+      req.header = sandbox.stub().withArgs('x-forwarded-proto').returns('http');
+      req.originalUrl = '/static/front';
+
+      let attachRedirects = requireAgain(pathToRedirectsMiddleware);
+
+      attachRedirects.forceSSL(req, res, next);
+
+      expect(res.redirect).to.be.notCalled;
+    });
+  });
+
+  context('forceHabitica', () => {
+    it('sends requests with differing hostname to base URL host', () => {
+      let nconfStub = sandbox.stub(nconf, 'get');
+      nconfStub.withArgs('BASE_URL').returns('https://habitica.com');
+      nconfStub.withArgs('IGNORE_REDIRECT').returns('false');
+      nconfStub.withArgs('IS_PROD').returns(true);
+      req.hostname = 'www.habitica.com';
+      req.method = 'GET';
+      req.originalUrl = '/static/front';
+      req.url = '/static/front';
+
+      let attachRedirects = requireAgain(pathToRedirectsMiddleware);
+
+      attachRedirects.forceHabitica(req, res, next);
+
+      expect(res.redirect).to.be.calledOnce;
+      expect(res.redirect).to.be.calledWith(301, 'https://habitica.com/static/front');
+    });
+
+    it('does not redirect outside of production environments', () => {
+      let nconfStub = sandbox.stub(nconf, 'get');
+      nconfStub.withArgs('BASE_URL').returns('https://habitica.com');
+      nconfStub.withArgs('IGNORE_REDIRECT').returns('false');
+      nconfStub.withArgs('IS_PROD').returns(false);
+      req.hostname = 'www.habitica.com';
+      req.method = 'GET';
+      req.originalUrl = '/static/front';
+      req.url = '/static/front';
+
+      let attachRedirects = requireAgain(pathToRedirectsMiddleware);
+
+      attachRedirects.forceHabitica(req, res, next);
+
+      expect(res.redirect).to.be.notCalled;
+    });
+
+    it('does not redirect if env is set to ignore redirection', () => {
+      let nconfStub = sandbox.stub(nconf, 'get');
+      nconfStub.withArgs('BASE_URL').returns('https://habitica.com');
+      nconfStub.withArgs('IGNORE_REDIRECT').returns('true');
+      nconfStub.withArgs('IS_PROD').returns(true);
+      req.hostname = 'www.habitica.com';
+      req.method = 'GET';
+      req.originalUrl = '/static/front';
+      req.url = '/static/front';
+
+      let attachRedirects = requireAgain(pathToRedirectsMiddleware);
+
+      attachRedirects.forceHabitica(req, res, next);
+
+      expect(res.redirect).to.be.notCalled;
+    });
+
+    it('does not redirect if request hostname matches base URL host', () => {
+      let nconfStub = sandbox.stub(nconf, 'get');
+      nconfStub.withArgs('BASE_URL').returns('https://habitica.com');
+      nconfStub.withArgs('IGNORE_REDIRECT').returns('false');
+      nconfStub.withArgs('IS_PROD').returns(true);
+      req.hostname = 'habitica.com';
+      req.method = 'GET';
+      req.originalUrl = '/static/front';
+      req.url = '/static/front';
+
+      let attachRedirects = requireAgain(pathToRedirectsMiddleware);
+
+      attachRedirects.forceHabitica(req, res, next);
+
+      expect(res.redirect).to.be.notCalled;
+    });
+
+    it('does not redirect if request is an API URL', () => {
+      let nconfStub = sandbox.stub(nconf, 'get');
+      nconfStub.withArgs('BASE_URL').returns('https://habitica.com');
+      nconfStub.withArgs('IGNORE_REDIRECT').returns('false');
+      nconfStub.withArgs('IS_PROD').returns(true);
+      req.hostname = 'www.habitica.com';
+      req.method = 'GET';
+      req.originalUrl = '/api/v3/challenges';
+      req.url = '/api/v3/challenges';
+
+      let attachRedirects = requireAgain(pathToRedirectsMiddleware);
+
+      attachRedirects.forceHabitica(req, res, next);
+
+      expect(res.redirect).to.be.notCalled;
+    });
+
+    it('does not redirect if request method is not GET', () => {
+      let nconfStub = sandbox.stub(nconf, 'get');
+      nconfStub.withArgs('BASE_URL').returns('https://habitica.com');
+      nconfStub.withArgs('IGNORE_REDIRECT').returns('false');
+      nconfStub.withArgs('IS_PROD').returns(true);
+      req.hostname = 'www.habitica.com';
+      req.method = 'POST';
+      req.originalUrl = '/static/front';
+      req.url = '/static/front';
+
+      let attachRedirects = requireAgain(pathToRedirectsMiddleware);
+
+      attachRedirects.forceHabitica(req, res, next);
+
+      expect(res.redirect).to.be.notCalled;
+    });
+  });
+});

test/api/v3/unit/models/challenge.test.js

@@ -104,6 +104,40 @@ describe('Challenge Model', () => {
         expect(updatedNewMember.tags[7].id).to.equal(challenge._id);
         expect(updatedNewMember.tags[7].name).to.equal(challenge.shortName);
         expect(syncedTask).to.exist;
+        expect(syncedTask.attribute).to.eql('str');
+      });
+
+      it('syncs a challenge to a user with the existing task', async () => {
+        await challenge.addTasks([task]);
+
+        let updatedLeader = await User.findOne({_id: leader._id});
+        let updatedLeadersTasks = await Tasks.Task.find({_id: { $in: updatedLeader.tasksOrder[`${taskType}s`]}});
+        let syncedTask = find(updatedLeadersTasks, function findNewTask (updatedLeadersTask) {
+          return updatedLeadersTask.challenge.taskId === task._id;
+        });
+
+        let createdAtBefore = syncedTask.createdAt;
+        let attributeBefore = syncedTask.attribute;
+
+        let newTitle = 'newName';
+        task.text = newTitle;
+        task.attribute = 'int';
+        await task.save();
+        await challenge.syncToUser(leader);
+
+        updatedLeader = await User.findOne({_id: leader._id});
+        updatedLeadersTasks = await Tasks.Task.find({_id: { $in: updatedLeader.tasksOrder[`${taskType}s`]}});
+
+        syncedTask = find(updatedLeadersTasks, function findNewTask (updatedLeadersTask) {
+          return updatedLeadersTask.challenge.taskId === task._id;
+        });
+
+        let createdAtAfter = syncedTask.createdAt;
+        let attributeAfter = syncedTask.attribute;
+
+        expect(createdAtBefore).to.eql(createdAtAfter);
+        expect(attributeBefore).to.eql(attributeAfter);
+        expect(syncedTask.text).to.eql(newTitle);
       });
 
       it('updates tasks to challenge and challenge members', async () => {

test/api/v3/unit/models/group.test.js

@@ -2,11 +2,14 @@ import moment from 'moment';
 import { v4 as generateUUID } from 'uuid';
 import validator from 'validator';
 import { sleep } from '../../../../helpers/api-unit.helper';
-import { model as Group, INVITES_LIMIT } from '../../../../../website/server/models/group';
-import { model as User } from '../../../../../website/server/models/user';
 import {
-  BadRequest,
- } from '../../../../../website/server/libs/errors';
+  SPAM_MESSAGE_LIMIT,
+  SPAM_MIN_EXEMPT_CONTRIB_LEVEL,
+  SPAM_WINDOW_LENGTH,
+  INVITES_LIMIT,
+  model as Group,
+} from '../../../../../website/server/models/group';
+import { model as User } from '../../../../../website/server/models/user';
 import { quests as questScrolls } from '../../../../../website/common/script/content';
 import { groupChatReceivedWebhook } from '../../../../../website/server/libs/webhook';
 import * as email from '../../../../../website/server/libs/email';
@@ -225,7 +228,7 @@ describe('Group Model', () => {
         });
 
         it('applies damage only to participating members of party even under buggy conditions', async () => {
-          // stops unfair damage from mbugs like https://github.com/HabitRPG/habitrpg/issues/7653
+          // stops unfair damage from mbugs like https://github.com/HabitRPG/habitica/issues/7653
           party.quest.members = {
             [questLeader._id]: true,
             [participatingMember._id]: true,
@@ -460,73 +463,67 @@ describe('Group Model', () => {
         };
       });
 
-      it('throws an error if no uuids or emails are passed in', (done) => {
-        try {
-          Group.validateInvitations(null, null, res);
-        } catch (err) {
-          expect(err).to.be.an.instanceof(BadRequest);
-          expect(res.t).to.be.calledOnce;
-          expect(res.t).to.be.calledWith('canOnlyInviteEmailUuid');
-          done();
-        }
+      it('throws an error if no uuids or emails are passed in', async () => {
+        await expect(Group.validateInvitations(null, null, res)).to.eventually.be.rejected.and.eql({
+          httpCode: 400,
+          message: 'Bad request.',
+          name: 'BadRequest',
+        });
+        expect(res.t).to.be.calledOnce;
+        expect(res.t).to.be.calledWith('canOnlyInviteEmailUuid');
       });
 
-      it('throws an error if only uuids are passed in, but they are not an array', (done) => {
-        try {
-          Group.validateInvitations({ uuid: 'user-id'}, null, res);
-        } catch (err) {
-          expect(err).to.be.an.instanceof(BadRequest);
-          expect(res.t).to.be.calledOnce;
-          expect(res.t).to.be.calledWith('uuidsMustBeAnArray');
-          done();
-        }
+      it('throws an error if only uuids are passed in, but they are not an array', async () => {
+        await expect(Group.validateInvitations({ uuid: 'user-id'}, null, res)).to.eventually.be.rejected.and.eql({
+          httpCode: 400,
+          message: 'Bad request.',
+          name: 'BadRequest',
+        });
+        expect(res.t).to.be.calledOnce;
+        expect(res.t).to.be.calledWith('uuidsMustBeAnArray');
       });
 
-      it('throws an error if only emails are passed in, but they are not an array', (done) => {
-        try {
-          Group.validateInvitations(null, { emails: 'user@example.com'}, res);
-        } catch (err) {
-          expect(err).to.be.an.instanceof(BadRequest);
-          expect(res.t).to.be.calledOnce;
-          expect(res.t).to.be.calledWith('emailsMustBeAnArray');
-          done();
-        }
+      it('throws an error if only emails are passed in, but they are not an array', async () => {
+        await expect(Group.validateInvitations(null, { emails: 'user@example.com'}, res)).to.eventually.be.rejected.and.eql({
+          httpCode: 400,
+          message: 'Bad request.',
+          name: 'BadRequest',
+        });
+        expect(res.t).to.be.calledOnce;
+        expect(res.t).to.be.calledWith('emailsMustBeAnArray');
       });
 
-      it('throws an error if emails are not passed in, and uuid array is empty', (done) => {
-        try {
-          Group.validateInvitations([], null, res);
-        } catch (err) {
-          expect(err).to.be.an.instanceof(BadRequest);
-          expect(res.t).to.be.calledOnce;
-          expect(res.t).to.be.calledWith('inviteMissingUuid');
-          done();
-        }
+      it('throws an error if emails are not passed in, and uuid array is empty', async () => {
+        await expect(Group.validateInvitations([], null, res)).to.eventually.be.rejected.and.eql({
+          httpCode: 400,
+          message: 'Bad request.',
+          name: 'BadRequest',
+        });
+        expect(res.t).to.be.calledOnce;
+        expect(res.t).to.be.calledWith('inviteMissingUuid');
       });
 
-      it('throws an error if uuids are not passed in, and email array is empty', (done) => {
-        try {
-          Group.validateInvitations(null, [], res);
-        } catch (err) {
-          expect(err).to.be.an.instanceof(BadRequest);
-          expect(res.t).to.be.calledOnce;
-          expect(res.t).to.be.calledWith('inviteMissingEmail');
-          done();
-        }
+      it('throws an error if uuids are not passed in, and email array is empty', async () => {
+        await expect(Group.validateInvitations(null, [], res)).to.eventually.be.rejected.and.eql({
+          httpCode: 400,
+          message: 'Bad request.',
+          name: 'BadRequest',
+        });
+        expect(res.t).to.be.calledOnce;
+        expect(res.t).to.be.calledWith('inviteMissingEmail');
       });
 
-      it('throws an error if uuids and emails are passed in as empty arrays', (done) => {
-        try {
-          Group.validateInvitations([], [], res);
-        } catch (err) {
-          expect(err).to.be.an.instanceof(BadRequest);
-          expect(res.t).to.be.calledOnce;
-          expect(res.t).to.be.calledWith('inviteMustNotBeEmpty');
-          done();
-        }
+      it('throws an error if uuids and emails are passed in as empty arrays', async () => {
+        await expect(Group.validateInvitations([], [], res)).to.eventually.be.rejected.and.eql({
+          httpCode: 400,
+          message: 'Bad request.',
+          name: 'BadRequest',
+        });
+        expect(res.t).to.be.calledOnce;
+        expect(res.t).to.be.calledWith('inviteMustNotBeEmpty');
       });
 
-      it('throws an error if total invites exceed max invite constant', (done) => {
+      it('throws an error if total invites exceed max invite constant', async () => {
         let uuids = [];
         let emails = [];
 
@@ -537,17 +534,16 @@ describe('Group Model', () => {
 
         uuids.push('one-more-uuid'); // to put it over the limit
 
-        try {
-          Group.validateInvitations(uuids, emails, res);
-        } catch (err) {
-          expect(err).to.be.an.instanceof(BadRequest);
-          expect(res.t).to.be.calledOnce;
-          expect(res.t).to.be.calledWith('canOnlyInviteMaxInvites', {maxInvites: INVITES_LIMIT });
-          done();
-        }
+        await expect(Group.validateInvitations(uuids, emails, res)).to.eventually.be.rejected.and.eql({
+          httpCode: 400,
+          message: 'Bad request.',
+          name: 'BadRequest',
+        });
+        expect(res.t).to.be.calledOnce;
+        expect(res.t).to.be.calledWith('canOnlyInviteMaxInvites', {maxInvites: INVITES_LIMIT });
       });
 
-      it('does not throw error if number of invites matches max invite limit', () => {
+      it('does not throw error if number of invites matches max invite limit', async () => {
         let uuids = [];
         let emails = [];
 
@@ -556,49 +552,33 @@ describe('Group Model', () => {
           emails.push(`user-${i}@example.com`);
         }
 
-        expect(function () {
-          Group.validateInvitations(uuids, emails, res);
-        }).to.not.throw();
-      });
-
-
-      it('does not throw an error if only user ids are passed in', () => {
-        expect(function () {
-          Group.validateInvitations(['user-id', 'user-id2'], null, res);
-        }).to.not.throw();
-
+        await Group.validateInvitations(uuids, emails, res);
         expect(res.t).to.not.be.called;
       });
 
-      it('does not throw an error if only emails are passed in', () => {
-        expect(function () {
-          Group.validateInvitations(null, ['user1@example.com', 'user2@example.com'], res);
-        }).to.not.throw();
 
+      it('does not throw an error if only user ids are passed in', async () => {
+        await Group.validateInvitations(['user-id', 'user-id2'], null, res);
         expect(res.t).to.not.be.called;
       });
 
-      it('does not throw an error if both uuids and emails are passed in', () => {
-        expect(function () {
-          Group.validateInvitations(['user-id', 'user-id2'], ['user1@example.com', 'user2@example.com'], res);
-        }).to.not.throw();
-
+      it('does not throw an error if only emails are passed in', async () => {
+        await Group.validateInvitations(null, ['user1@example.com', 'user2@example.com'], res);
         expect(res.t).to.not.be.called;
       });
 
-      it('does not throw an error if uuids are passed in and emails are an empty array', () => {
-        expect(function () {
-          Group.validateInvitations(['user-id', 'user-id2'], [], res);
-        }).to.not.throw();
-
+      it('does not throw an error if both uuids and emails are passed in', async () => {
+        await Group.validateInvitations(['user-id', 'user-id2'], ['user1@example.com', 'user2@example.com'], res);
         expect(res.t).to.not.be.called;
       });
 
-      it('does not throw an error if emails are passed in and uuids are an empty array', () => {
-        expect(function () {
-          Group.validateInvitations([], ['user1@example.com', 'user2@example.com'], res);
-        }).to.not.throw();
+      it('does not throw an error if uuids are passed in and emails are an empty array', async () => {
+        await Group.validateInvitations(['user-id', 'user-id2'], [], res);
+        expect(res.t).to.not.be.called;
+      });
 
+      it('does not throw an error if emails are passed in and uuids are an empty array', async () => {
+        await Group.validateInvitations([], ['user1@example.com', 'user2@example.com'], res);
         expect(res.t).to.not.be.called;
       });
     });
@@ -621,6 +601,99 @@ describe('Group Model', () => {
       });
     });
 
+    describe('#checkChatSpam', () => {
+      let testUser, testTime, tavern;
+      let testUserID = '1';
+      beforeEach(async () => {
+        testTime = Date.now();
+
+        tavern = new Group({
+          name: 'test tavern',
+          type: 'guild',
+          privacy: 'public',
+        });
+        tavern._id = TAVERN_ID;
+
+        testUser = {
+          _id: testUserID,
+        };
+      });
+
+      function generateTestMessage (overrides = {}) {
+        return Object.assign({}, {
+          text: 'test message',
+          uuid: testUserID,
+          timestamp: testTime,
+        }, overrides);
+      }
+
+      it('group that is not the tavern returns false, while tavern returns true', async () => {
+        for (let i = 0; i < SPAM_MESSAGE_LIMIT; i++) {
+          party.chat.push(generateTestMessage());
+        }
+        expect(party.checkChatSpam(testUser)).to.eql(false);
+
+        for (let i = 0; i < SPAM_MESSAGE_LIMIT; i++) {
+          tavern.chat.push(generateTestMessage());
+        }
+        expect(tavern.checkChatSpam(testUser)).to.eql(true);
+      });
+
+      it('high enough contributor returns false', async () => {
+        let highContributor = testUser;
+        highContributor.contributor = {
+          level: SPAM_MIN_EXEMPT_CONTRIB_LEVEL,
+        };
+
+        for (let i = 0; i < SPAM_MESSAGE_LIMIT; i++) {
+          tavern.chat.push(generateTestMessage());
+        }
+
+        expect(tavern.checkChatSpam(highContributor)).to.eql(false);
+      });
+
+      it('chat with no messages returns false', async () => {
+        expect(tavern.chat.length).to.eql(0);
+        expect(tavern.checkChatSpam(testUser)).to.eql(false);
+      });
+
+      it('user has not reached limit but another one has returns false', async () => {
+        let otherUserID = '2';
+
+        for (let i = 0; i < SPAM_MESSAGE_LIMIT; i++) {
+          tavern.chat.push(generateTestMessage({uuid: otherUserID}));
+        }
+
+        expect(tavern.checkChatSpam(testUser)).to.eql(false);
+      });
+
+      it('user messages is less than the limit returns false', async () => {
+        for (let i = 0; i < SPAM_MESSAGE_LIMIT - 1; i++) {
+          tavern.chat.push(generateTestMessage());
+        }
+
+        expect(tavern.checkChatSpam(testUser)).to.eql(false);
+      });
+
+      it('user has reached the message limit outside of window returns false', async () => {
+        for (let i = 0; i < SPAM_MESSAGE_LIMIT - 1; i++) {
+          tavern.chat.push(generateTestMessage());
+        }
+        let earlierTimestamp = testTime - SPAM_WINDOW_LENGTH - 1;
+        tavern.chat.push(generateTestMessage({timestamp: earlierTimestamp}));
+
+        expect(tavern.checkChatSpam(testUser)).to.eql(false);
+      });
+
+      it('user has posted too many messages in limit returns true', async () => {
+        for (let i = 0; i < SPAM_MESSAGE_LIMIT; i++) {
+          tavern.chat.push(generateTestMessage());
+        }
+
+        expect(tavern.checkChatSpam(testUser)).to.eql(true);
+      });
+    });
+
     describe('#leaveGroup', () => {
       it('removes user from group quest', async () => {
         party.quest.members = {

test/api/v3/unit/models/user.test.js

@@ -1,6 +1,7 @@
 import Bluebird from 'bluebird';
 import moment from 'moment';
 import { model as User } from '../../../../../website/server/models/user';
+import { model as Group } from '../../../../../website/server/models/group';
 import common from '../../../../../website/common';
 
 describe('User Model', () => {
@@ -179,6 +180,75 @@ describe('User Model', () => {
     });
   });
 
+  context('canGetGems', () => {
+    let user;
+    let group;
+    beforeEach(() => {
+      user = new User();
+      let leader = new User();
+      group = new Group({
+        name: 'test',
+        type: 'guild',
+        privacy: 'private',
+        leader: leader._id,
+      });
+    });
+
+    it('returns true if user is not subscribed', async () => {
+      expect(await user.canGetGems()).to.equal(true);
+    });
+
+    it('returns true if user is not subscribed with a group plan', async () => {
+      user.purchased.plan.customerId = 123;
+      expect(await user.canGetGems()).to.equal(true);
+    });
+
+    it('returns true if user is subscribed with a group plan', async () => {
+      user.purchased.plan.customerId = 'group-plan';
+      expect(await user.canGetGems()).to.equal(true);
+    });
+
+    it('returns true if user is part of a group', async () => {
+      user.guilds.push(group._id);
+      expect(await user.canGetGems()).to.equal(true);
+    });
+
+    it('returns true if user is part of a group with a subscription', async () => {
+      user.guilds.push(group._id);
+      user.purchased.plan.customerId = 'group-plan';
+      group.purchased.plan.customerId = 123;
+      await group.save();
+      expect(await user.canGetGems()).to.equal(true);
+    });
+
+    it('returns true if leader is part of a group with a subscription and canGetGems: false', async () => {
+      user.guilds.push(group._id);
+      user.purchased.plan.customerId = 'group-plan';
+      group.purchased.plan.customerId = 123;
+      group.leader = user._id;
+      group.leaderOnly.getGems = true;
+      await group.save();
+      expect(await user.canGetGems()).to.equal(true);
+    });
+
+    it('returns true if user is part of a group with no subscription but canGetGems: false', async () => {
+      user.guilds.push(group._id);
+      user.purchased.plan.customerId = 'group-plan';
+      group.leaderOnly.getGems = true;
+      await group.save();
+      expect(await user.canGetGems()).to.equal(true);
+    });
+
+    it('returns false if user is part of a group with a subscription and canGetGems: false', async () => {
+      user.guilds.push(group._id);
+      user.purchased.plan.customerId = 'group-plan';
+      group.purchased.plan.customerId = 123;
+      group.leaderOnly.getGems = true;
+      await group.save();
+      expect(await user.canGetGems()).to.equal(false);
+    });
+  });
+
   context('hasNotCancelled', () => {
     let user;
     beforeEach(() => {

test/client-old/spec/controllers/groupCtrlSpec.js

@@ -112,6 +112,41 @@ describe('Groups Controller', function() {
     });
   });
 
+  describe('isAbleToEditGroup', () => {
+    var guild;
+
+    beforeEach(() => {
+      user.contributor = {};
+      guild = specHelper.newGroup({
+        _id: 'unique-guild-id',
+        type: 'guild',
+        members: ['not-user-id'],
+        $save: sandbox.spy(),
+      });
+    });
+
+    it('returns true if user is an admin', () => {
+      guild.leader = 'not-user-id';
+      user.contributor.admin = true;
+      expect(scope.isAbleToEditGroup(guild)).to.be.ok;
+    });
+
+    it('returns true if user is group leader', () => {
+      guild.leader = {_id: user._id}
+      expect(scope.isAbleToEditGroup(guild)).to.be.ok;
+    });
+
+    it('returns false is user is not a leader or admin', () => {
+      expect(scope.isAbleToEditGroup(guild)).to.not.be.ok;
+    });
+
+    it('returns false is user is an admin but group is a party', () => {
+      guild.type = 'party';
+      user.contributor.admin = true;
+      expect(scope.isAbleToEditGroup(guild)).to.not.be.ok;
+    });
+  });
+
   describe('editGroup', () => {
     var guild;
 

test/client-old/spec/controllers/groupTaskActionsCtrlSpec.js

@@ -1,63 +1,63 @@
-describe('Group Tasks Meta Actions Controller', () => {
-  let rootScope, scope, user, userSerivce;
-
-  beforeEach(() => {
-    module(function($provide) {
-      $provide.value('User', {});
-    });
-
-    inject(($rootScope, $controller) => {
-      rootScope = $rootScope;
-
-      user = specHelper.newUser();
-      user._id = "unique-user-id";
-      userSerivce = {user: user};
-
-      scope = $rootScope.$new();
-
-      scope.task = {
-        group: {
-          assignedUsers: [],
-          approval: {
-            required: false,
-          }
-        },
-      };
-      scope.task._edit = angular.copy(scope.task);
-
-      $controller('GroupTaskActionsCtrl', {$scope: scope, User: userSerivce});
-    });
-  });
-
-  describe('toggleTaskRequiresApproval', function () {
-    it('toggles task approval required field from false to true', function () {
-      scope.toggleTaskRequiresApproval();
-      expect(scope.task._edit.group.approval.required).to.be.true;
-    });
-
-    it('toggles task approval required field from true to false', function () {
-      scope.task._edit.group.approval.required = true;
-      scope.toggleTaskRequiresApproval();
-      expect(scope.task._edit.group.approval.required).to.be.false;
-    });
-  });
-
-
-  describe('assign events', function () {
-    it('adds a group member to assigned users on "addedGroupMember" event ', () => {
-      var testId = 'test-id';
-      rootScope.$broadcast('addedGroupMember', testId);
-      expect(scope.task.group.assignedUsers).to.contain(testId);
-      expect(scope.task._edit.group.assignedUsers).to.contain(testId);
-    });
-
-    it('removes a group member to assigned users on "addedGroupMember" event ', () => {
-      var testId = 'test-id';
-      scope.task.group.assignedUsers.push(testId);
-      scope.task._edit.group.assignedUsers.push(testId);
-      rootScope.$broadcast('removedGroupMember', testId);
-      expect(scope.task.group.assignedUsers).to.not.contain(testId);
-      expect(scope.task._edit.group.assignedUsers).to.not.contain(testId);
-    });
-  });
-});
+describe('Group Tasks Meta Actions Controller', () => {
+  let rootScope, scope, user, userSerivce;
+
+  beforeEach(() => {
+    module(function($provide) {
+      $provide.value('User', {});
+    });
+
+    inject(($rootScope, $controller) => {
+      rootScope = $rootScope;
+
+      user = specHelper.newUser();
+      user._id = "unique-user-id";
+      userSerivce = {user: user};
+
+      scope = $rootScope.$new();
+
+      scope.task = {
+        group: {
+          assignedUsers: [],
+          approval: {
+            required: false,
+          }
+        },
+      };
+      scope.task._edit = angular.copy(scope.task);
+
+      $controller('GroupTaskActionsCtrl', {$scope: scope, User: userSerivce});
+    });
+  });
+
+  describe('toggleTaskRequiresApproval', function () {
+    it('toggles task approval required field from false to true', function () {
+      scope.toggleTaskRequiresApproval();
+      expect(scope.task._edit.group.approval.required).to.be.true;
+    });
+
+    it('toggles task approval required field from true to false', function () {
+      scope.task._edit.group.approval.required = true;
+      scope.toggleTaskRequiresApproval();
+      expect(scope.task._edit.group.approval.required).to.be.false;
+    });
+  });
+
+
+  describe('assign events', function () {
+    it('adds a group member to assigned users on "addedGroupMember" event ', () => {
+      var testId = 'test-id';
+      rootScope.$broadcast('addedGroupMember', testId);
+      expect(scope.task.group.assignedUsers).to.contain(testId);
+      expect(scope.task._edit.group.assignedUsers).to.contain(testId);
+    });
+
+    it('removes a group member to assigned users on "addedGroupMember" event ', () => {
+      var testId = 'test-id';
+      scope.task.group.assignedUsers.push(testId);
+      scope.task._edit.group.assignedUsers.push(testId);
+      rootScope.$broadcast('removedGroupMember', testId);
+      expect(scope.task.group.assignedUsers).to.not.contain(testId);
+      expect(scope.task._edit.group.assignedUsers).to.not.contain(testId);
+    });
+  });
+});

test/client-old/spec/controllers/notificationCtrlSpec.js

@@ -6,6 +6,7 @@ describe('Notification Controller', function() {
   beforeEach(function() {
     user = specHelper.newUser();
     user._id = "unique-user-id";
+    user.needsCron = false;
 
     var userSync = sinon.stub().returns({
       then: function then (f) { f(); }

test/client-old/spec/controllers/settingsCtrlSpec.js

@@ -334,4 +334,34 @@ describe('Settings Controller', function () {
       });
     });
   });
+
+  context('Fixing character values', function () {
+    describe('#restore', function () {
+      var blankRestoreValues = {
+        stats: {
+          hp: 0,
+          exp: 0,
+          gp: 0,
+          lvl: 0,
+          mp: 0,
+        },
+        achievements: {
+          streak: 0,
+        },
+      };
+
+      it('doesn\'t update character values when level is less than 1', function () {
+        scope.restoreValues = blankRestoreValues;
+        scope.restore();
+        expect(User.set).to.not.be.called;
+      });
+
+      it('updates character values when level is at least 1', function () {
+        scope.restoreValues = blankRestoreValues;
+        scope.restoreValues.stats.lvl = 1;
+        scope.restore();
+        expect(User.set).to.be.called;
+      });
+    });
+  });
 });

test/client-old/spec/controllers/userCtrlSpec.js

@@ -0,0 +1,69 @@
+'use strict';
+
+describe('User Controller', function() {
+  var $rootScope, $window, User, shared, scope, ctrl, content;
+
+  beforeEach(function() {
+    module(function ($provide) {
+      var user = specHelper.newUser();
+      User = {user: user}
+      $provide.value('Guide', sandbox.stub());
+      $provide.value('User', User);
+      $provide.value('Achievement', sandbox.stub());
+      $provide.value('Social', sandbox.stub());
+      $provide.value('Shared', {
+        achievements: {
+          getAchievementsForProfile: sandbox.stub()
+        },
+        shops: {
+          getBackgroundShopSets: sandbox.stub()
+        }
+      });
+      $provide.value('Content', {
+        loginIncentives: sandbox.stub()
+      })
+    });
+
+    inject(function($rootScope, $controller, User, Content) {
+      scope = $rootScope.$new();
+      content = Content;
+      $controller('RootCtrl', { $scope: scope, User: User});
+      ctrl = $controller('UserCtrl', { $scope: scope, User: User, $window: $window});
+    });
+  });
+
+  describe('getProgressDisplay', function() {
+
+    beforeEach(() => {
+      sandbox.stub(window.env, 't');
+      window.env.t.onFirstCall().returns('Progress until next');
+    });
+
+    it('should return initial progress', function() {
+      scope.profile.loginIncentives = 0;
+      content.loginIncentives = [{
+        nextRewardAt: 1,
+        reward: true
+      }];
+      var actual = scope.getProgressDisplay();
+      expect(actual.trim()).to.eql('Progress until next 0/1');
+    });
+
+    it('should return progress between next reward and current reward', function() {
+      scope.profile.loginIncentives = 1;
+      content.loginIncentives = [{
+        nextRewardAt: 1,
+        reward: true
+      }, {
+        prevRewardAt: 0,
+        nextRewardAt: 2,
+        reward: true
+      }, {
+        prevRewardAt: 1,
+        nextRewardAt: 3
+      }];
+      var actual = scope.getProgressDisplay();
+      expect(actual.trim()).to.eql('Progress until next 0/1');
+    });
+  });
+});

test/client-old/spec/directives/close-menu.directive.js

@@ -1,35 +0,0 @@
-'use strict';
-
-describe('closeMenu Directive', function() {
-  var scope;
-
-  beforeEach(module('habitrpg'));
-
-  beforeEach(inject(function($rootScope) {
-    scope = $rootScope.$new();
-
-    scope.$digest();
-  }));
-
-  it('closes a connected menu when element is clicked', inject(function($compile) {
-    var menuElement = $compile('<a data-close-menu menu="mobile">')(scope);
-    scope._expandedMenu = { menu: 'mobile' };
-
-    menuElement.appendTo(document.body);
-    menuElement.triggerHandler('click');
-
-    expect(scope._expandedMenu.menu).to.eql(null)
-  }));
-
-  it('closes a connected menu when child element is clicked', inject(function($compile) {
-    var menuElementWithChild = $compile('<li></li>')(scope);
-    var menuElementChild = $compile('<a data-close-menu></a>')(scope);
-    scope._expandedMenu = { menu: 'mobile' };
-
-    menuElementWithChild.appendTo(document.body);
-    menuElementChild.appendTo(menuElementWithChild);
-    menuElementChild.triggerHandler('click');
-
-    expect(scope._expandedMenu.menu).to.eql(null)
-  }));
-});

test/client-old/spec/directives/expand-menu.directive.js

@@ -1,35 +0,0 @@
-'use strict';
-
-describe('expandMenu Directive', function() {
-  var menuElement, scope;
-
-  beforeEach(module('habitrpg'));
-
-  beforeEach(inject(function($rootScope, $compile) {
-    scope = $rootScope.$new();
-
-    var element = '<a data-expand-menu menu="mobile"></a>';
-
-    menuElement = $compile(element)(scope);
-    scope.$digest();
-  }));
-
-  it('expands a connected menu when element is clicked', function() {
-    expect(scope._expandedMenu).to.not.exist;
-    menuElement.appendTo(document.body);
-
-    menuElement.triggerHandler('click');
-
-    expect(scope._expandedMenu.menu).to.eql('mobile')
-  });
-
-  it('closes a connected menu when it is already open', function() {
-    scope._expandedMenu = {};
-    scope._expandedMenu.menu = 'mobile';
-    menuElement.appendTo(document.body);
-
-    menuElement.triggerHandler('click');
-
-    expect(scope._expandedMenu.menu).to.eql(null)
-  });
-});

test/client-old/spec/directives/task.directive.js

@@ -0,0 +1,35 @@
+describe('task Directive', () => {
+  var compile, scope, directiveElem, $modal;
+
+  beforeEach(function(){
+    module(function($provide) {
+      $modal = {
+        open: sandbox.spy(),
+      };
+      $provide.value('$modal', $modal);
+    });
+
+    inject(function($compile, $rootScope, $templateCache) {
+      compile = $compile;
+      scope = $rootScope.$new();
+
+      $templateCache.put('templates/task.html', '<div>Task</div>');
+    });
+
+
+    directiveElem = getCompiledElement();
+  });
+
+  function getCompiledElement(){
+    var element = angular.element('<task></task>');
+    var compiledElement = compile(element)(scope);
+    scope.$digest();
+    return compiledElement;
+  }
+
+  xit('opens task note modal', () => {
+    scope.showNoteDetails();
+
+    expect($modal.open).to.be.calledOnce;
+  });
+})

test/client-old/spec/karma.conf.js

@@ -81,8 +81,11 @@ module.exports = function karmaConfig (config) {
     },
 
     coverageReporter: {
-      type: 'lcov',
-      dir: 'coverage/karma',
+      reporters: [
+        { type: 'lcov', subdir: '.' },
+        { type: 'text-summary' },
+      ],
+      dir: '../../../coverage/karma',
     },
 
     // Enable mocha-style reporting, for better test visibility

test/client-old/spec/services/questServicesSpec.js

@@ -206,6 +206,20 @@ describe('Quests Service', function() {
       });
     });
 
+    context('quest bundles', function() {
+      it('sends bundle object', function(done) {
+        questsService.buyQuest('featheredFriends')
+          .then(function(res) {
+            expect(res).to.eql(content.bundles.featheredFriends);
+            expect(window.alert).to.not.be.called;
+            expect(rejectSpy).to.not.be.called;
+            done();
+          }, rejectSpy);
+
+        scope.$apply();
+      });
+    });
+
     context('all other quests', function() {
       it('sends quest object', function(done) {
         questsService.buyQuest('whale')

test/client/.eslintrc

@@ -2,5 +2,10 @@
   "env": {
     "node": true,
     "browser": true,
-  }
+  },
+  "extends": [
+    "habitrpg/browser",
+    "habitrpg/mocha",
+    "habitrpg/esnext",
+  ],
 }

test/client/unit/karma.conf.js

@@ -28,7 +28,7 @@ module.exports = function (config) {
       noInfo: true,
     },
     coverageReporter: {
-      dir: './coverage',
+      dir: '../../../coverage/client-unit',
       reporters: [
         { type: 'lcov', subdir: '.' },
         { type: 'text-summary' },

test/client/unit/specs/components/inventory/drawer.js

@@ -0,0 +1,19 @@
+import Vue from 'vue';
+import DrawerComponent from 'client/components/inventory/drawer.vue';
+
+describe('DrawerComponent', () => {
+  it('sets the correct default data', () => {
+    expect(DrawerComponent.data).to.be.a('function');
+    const defaultData = DrawerComponent.data();
+    expect(defaultData.open).to.be.true;
+  });
+
+  it('renders the correct title', () => {
+    const Ctor = Vue.extend(DrawerComponent);
+    const vm = new Ctor({propsData: {
+      title: 'My title',
+    }}).$mount();
+
+    expect(vm.$el.textContent).to.be.equal('My title');
+  });
+});

test/client/unit/specs/filters/roundBigNumber.js

@@ -0,0 +1,20 @@
+import roundBigNumberFilter from 'client/filters/roundBigNumber';
+
+describe('round big number filter', () => {
+  it('can round a decimal number', () => {
+    expect(roundBigNumberFilter(4.567)).to.equal(4.57);
+    expect(roundBigNumberFilter(4.562)).to.equal(4.56);
+  });
+
+  it('can round thousands', () => {
+    expect(roundBigNumberFilter(70065)).to.equal('70.1k');
+  });
+
+  it('can round milions', () => {
+    expect(roundBigNumberFilter(10000987)).to.equal('10.0m');
+  });
+
+  it('can round bilions', () => {
+    expect(roundBigNumberFilter(1000000000)).to.equal('1.0b');
+  });
+});