3.111.5

chore(i18n): update locales
chore(news): Last Chance Bailey
2026-05-10 11:09:46 -05:00 · 2017-08-30 17:43:51 +00:00 · 2017-08-30 17:43:36 +00:00 · 2017-08-30 17:36:37 +00:00 · 2017-08-28 22:36:13 +00:00 · 2017-08-28 15:45:51 -06:00
1826 changed files with 123915 additions and 68734 deletions
@@ -1,6 +1,7 @@
 {
  "presets": ["es2015"],
  "plugins": [
+    "transform-object-rest-spread",
    ["transform-async-to-module-method", {
      "module": "bluebird",
      "method": "coroutine"
@@ -1,6 +1,6 @@
 # Reporting Bugs

-[Please see these instructions for reporting bugs](https://github.com/HabitRPG/habitrpg/issues/2760)
+[Please see these instructions for reporting bugs](https://github.com/HabitRPG/habitica/issues/2760)

 # Pull Request

@@ -4,7 +4,7 @@

 [//]: # (If you have a feature request, use "Help > Request a Feature", not GitHub or the Report a Bug guild.)

-[//]: # (For more guidelines see https://github.com/HabitRPG/habitrpg/issues/2760)
+[//]: # (For more guidelines see https://github.com/HabitRPG/habitica/issues/2760)

 [//]: # (Fill out relevant information - UUID is found in Settings -> API)
 ### General Info
@@ -2,6 +2,9 @@ language: node_js
 node_js:
  - '6'
 sudo: required
+dist: precise
+services:
+  - mongodb
 addons:
  apt:
    sources:
@@ -17,7 +20,7 @@ install:
 before_script:
  - npm run test:build
  - cp config.json.example config.json
-  - if [ $REQUIRES_SERVER ]; then until nc -z localhost 27017; do echo Waiting for MongoDB; sleep 1; done; export DISPLAY=:99; fi
+  - sleep 15
 script:
  - npm run $TEST
  - if [ $COVERAGE ]; then ./node_modules/.bin/lcov-result-merger 'coverage/**/*.info' | ./node_modules/coveralls/bin/coveralls.js; fi
@@ -33,3 +36,4 @@ env:
    - TEST="test:common" COVERAGE=true
    - TEST="test:karma" COVERAGE=true
    - TEST="client:unit" COVERAGE=true
+    - TEST="apidoc"
@@ -1,18 +1,19 @@
-FROM node:boron
-
-# Install global packages
-RUN npm install -g gulp grunt-cli bower mocha
-
-# Clone Habitica repo and install dependencies
-RUN mkdir -p /usr/src/habitrpg
-WORKDIR /usr/src/habitrpg
-RUN git clone https://github.com/HabitRPG/habitica.git /usr/src/habitrpg
-RUN npm install
-RUN bower install --allow-root
-
-# Create Build dir
-RUN mkdir -p ./website/build
-
-# Start Habitica
-EXPOSE 3000
-CMD ["npm", "start"]
+FROM node:boron
+
+# Install global packages
+RUN npm install -g gulp grunt-cli bower mocha
+
+# Clone Habitica repo and install dependencies
+RUN mkdir -p /usr/src/habitrpg
+WORKDIR /usr/src/habitrpg
+RUN git clone https://github.com/HabitRPG/habitica.git /usr/src/habitrpg
+RUN cp config.json.example config.json
+RUN npm install
+RUN bower install --allow-root
+
+# Create Build dir
+RUN mkdir -p ./website/build
+
+# Start Habitica
+EXPOSE 3000
+CMD ["npm", "start"]
@@ -0,0 +1,19 @@
+FROM node:boron
+
+# Install global packages
+RUN npm install -g gulp grunt-cli bower mocha
+
+# Clone Habitica repo and install dependencies
+RUN mkdir -p /usr/src/habitrpg
+WORKDIR /usr/src/habitrpg
+RUN git clone --branch v3.111.5 https://github.com/HabitRPG/habitica.git /usr/src/habitrpg
+RUN npm install
+RUN bower install --allow-root
+RUN gulp build:prod --force
+
+# Create Build dir
+RUN mkdir -p ./website/build
+
+# Start Habitica
+EXPOSE 3000
+CMD ["node", "./website/transpiled-babel/index.js"]
@@ -66,7 +66,8 @@
        },
        "mode":"sandbox",
        "client_id":"client_id",
-        "client_secret":"client_secret"
+        "client_secret":"client_secret",
+        "experience_profile_id": ""
    },
    "IAP_GOOGLE_KEYDIR": "/path/to/google/public/key/dir/",
    "LOGGLY_TOKEN": "token",
@@ -3,7 +3,7 @@ var authorUuid = 'd904bd62-da08-416b-a816-ba797c9ee265'; //... own data is done

 /**
 * database_reports/count_users_who_own_specified_gear.js
- * https://github.com/HabitRPG/habitrpg/pull/3884
+ * https://github.com/HabitRPG/habitica/pull/3884
 */

 var thingsOfInterest = {
@@ -1,3 +1,3 @@
 web:
  volumes:
-    - '.:/habitrpg'
+    - '.:/usr/src/habitrpg'
@@ -0,0 +1,36 @@
+import gulp from 'gulp';
+import fs from 'fs';
+
+// Copy Bootstrap 4 config variables from /website /node_modules so we can check
+// them into Git
+
+const BOOSTRAP_NEW_CONFIG_PATH = 'website/client/assets/scss/bootstrap_config.scss';
+const BOOTSTRAP_ORIGINAL_CONFIG_PATH = 'node_modules/bootstrap/scss/_custom.scss';
+
+// https://stackoverflow.com/a/14387791/969528
+function copyFile(source, target, cb) {
+  let cbCalled = false;
+
+  function done(err) {
+    if (!cbCalled) {
+      cb(err);
+      cbCalled = true;
+    }
+  }
+
+  let rd = fs.createReadStream(source);
+  rd.on('error', done);
+  let wr = fs.createWriteStream(target);
+  wr.on('error', done);
+  wr.on('close', () => done());
+  rd.pipe(wr);
+}
+
+gulp.task('bootstrap', (done) => {
+  // use new config
+  copyFile(
+    BOOSTRAP_NEW_CONFIG_PATH,
+    BOOTSTRAP_ORIGINAL_CONFIG_PATH,
+    done,
+  );
+});
@@ -49,7 +49,7 @@ gulp.task('sprites:checkCompiledDimensions', ['sprites:main', 'sprites:largeSpri
  });

  if (numberOfSheetsThatAreTooBig > 0) {
-    console.error(`${numberOfSheetsThatAreTooBig} sheets might too big for mobile Safari to be able to handle them, but there is a margin of error in these calculations so it is probably okay. Mention this to an admin so they can test a staging site on mobile Safari after your PR is merged.`); // https://github.com/HabitRPG/habitrpg/pull/6683#issuecomment-185462180
+    console.error(`${numberOfSheetsThatAreTooBig} sheets might too big for mobile Safari to be able to handle them, but there is a margin of error in these calculations so it is probably okay. Mention this to an admin so they can test a staging site on mobile Safari after your PR is merged.`); // https://github.com/HabitRPG/habitica/pull/6683#issuecomment-185462180
  } else {
    console.log('All images are within the correct dimensions');
  }
@@ -13,6 +13,7 @@ if (process.env.NODE_ENV === 'production') {
  require('./gulp/gulp-newstuff');
  require('./gulp/gulp-build');
  require('./gulp/gulp-babelify');
+  require('./gulp/gulp-bootstrap');
 } else {
  require('glob').sync('./gulp/gulp-*').forEach(require);
  require('gulp').task('default', ['test']);
@@ -0,0 +1,60 @@
+# Habitica in Kubernetes
+This is a set of sample Kubernetes configuration files to launch Habitica under AWS, both as a single-node web frontend as well as a multi-node web frontend.
+
+## Prerequisites
+* An AWS account.
+* A working Kubernetes installation.
+* A basic understanding of how to use Kubernetes. https://kubernetes.io/
+* A persistent volume for MongoDB data.
+* Docker images of Habitica.
+  + You can use your own, or use the one included in the YAML files.
+  + If you use your own, you'll need a fork of the Habitica GitHub repo and your own Docker Hub repo, both of which are free.
+
+## Before you begin
+1. Set up Kubernetes.
+2. Create an EBS volume for MongoDB data.
+   + Make a note of the name, you'll need it later.
+
+## Starting MongoDB
+1. Edit mongo.yaml
+  + Find the volumeID line.
+  + Change the volume to the one created in the section above.
+2. Run the following commands:
+  + `kubectl.sh create -f mongo.yaml`
+  + `kubectl.sh create -f mongo-service.yaml`
+3. Wait for the MongoDB pod to start up.
+
+## Starting a Single Web Frontend
+
+1. Run the following commands:
+  + `kubectl.sh create -f habitica.yaml`
+  + `kubectl.sh create -f habitica-service.yaml`
+2. Wait for the frontend to start up.
+
+## Starting Multi-node Web Frontend
+1. Run the following commands :
+  + `kubectl.sh create -f habitica-rc.yaml`
+  + `kubectl.sh create -f habitica-service.yaml`
+2. Wait for the frontend to start up.
+
+## Accessing Your Habitica web interface
+Using `kubectl describe svc habiticaweb` get the hostname generated for the Habitica service. Open a browser and go to http://hostname:3000 to access the web front-end for the installations above.
+
+## Shutting down
+Shutting down is basically done by reversing the steps above:
+ `kubectl.sh delete -f habitica-service.yaml`
+ `kubectl.sh delete -f habitica.yaml (or habitica-rc.yaml)`
+ `kubectl.sh delete -f mongo-service.yaml`
+ `kubectl.sh delete -f mongo.yaml`
+
+You can also just shut down all of Kubernetes as well.
+
+## Notes
+ MongoDB data will be persistent! If you need to start with a fresh database, you'll need to remove the volume and re-create it.
+ On AWS, you probably want to use at least t2.medium minion nodes for Kubernetes. The default t2.small is too small for more than two Habitica nodes.
+
+## Future Plans
+ Multi-node MongoDB.
+ Monitoring
+ Instructions for a better hostname. The default generated ones stink.
+ More to come....
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: habitica
+  labels:
+    name: habitica
+spec:
+  replicas: 4
+  selector:
+    name: habitica
+  template:
+    metadata:
+      labels:
+        name: habitica
+    spec:
+      containers:
+      - name: habitica
+        image: ksonney/habitrpg:latest
+        env:
+          - name: NODE_DB_URI
+            value: mongodb://mongosvc/habitrpg
+        ports:
+          - containerPort: 3000
+            hostPort: 3000
+            name: habitica
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata: 
+  labels: 
+    name: habiticaweb
+  name: habiticaweb
+spec: 
+  ports:
+    # the port that this service should serve on
+    - port: 3000
+  # label keys and values that must match in order to receive traffic for this service
+  selector: 
+    name: habitica
+  type: LoadBalancer
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: habitica
+  labels:
+    name: habitica
+spec:
+  containers:
+#    - image: mongo:latest
+#      name: mongo
+#      ports:
+#        - containerPort: 27017
+#          name: mongo
+    - image: ksonney/habitrpg:latest
+      name: habitica
+      env:
+        - name: NODE_DB_URI
+          value: mongodb://mongosvc/habitrpg
+      ports: 
+        - containerPort: 3000
+          hostPort: 3000
+          name: habitica
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata: 
+  labels: 
+    name: mongosvc
+  name: mongosvc
+spec: 
+  ports:
+    # the port that this service should serve on
+    - port: 27017
+  # label keys and values that must match in order to receive traffic for this service
+  selector: 
+    name: mongodb
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: mongodb
+  labels: 
+    name: mongodb
+spec: 
+  containers: 
+    - resources:
+        limits :
+          cpu: 0.5
+      image: mongo
+      name: mongodb
+      ports: 
+        - containerPort: 27017
+          hostPort: 27017
+          name: mongo
+      volumeMounts:
+#         # name must match the volume name below
+        - name: mongo-persistent-storage
+#          # mount path within the container
+          mountPath: /data/db
+  volumes:
+    - name: mongo-persistent-storage
+      awsElasticBlockStore:
+        volumeID: aws://YOUR-REGION/YOUR-VOLNAME
+        fsType: ext3
+
@@ -0,0 +1,110 @@
+'use strict';
+
+/****************************************
+ * Author: @Alys
+ *
+ * Reason: Collection quests are being changed
+ * to require fewer items collected:
+ * https://github.com/HabitRPG/habitrpg/pull/7987
+ * This will cause existing quests to end sooner
+ * than the party is expecting.
+ * This script inserts an explanatory `system`
+ * message into the chat for affected parties.
+ ***************************************/
+
+global.Promise = require('bluebird');
+const uuid = require('uuid');
+const TaskQueue = require('cwait').TaskQueue;
+const logger = require('./utils/logger');
+const Timer = require('./utils/timer');
+const connectToDb = require('./utils/connect').connectToDb;
+const closeDb = require('./utils/connect').closeDb;
+
+const message = '`This party\'s collection quest has been made easier! For details, refer to http://habitica.wikia.com/wiki/User_blog:LadyAlys/Collection_Quests_are_Now_Easier`';
+
+const timer = new Timer();
+
+// PROD: Enable prod db
+// const DB_URI = 'mongodb://username:password@dsXXXXXX-a0.mlab.com:XXXXX,dsXXXXXX-a1.mlab.com:XXXXX/habitica?replicaSet=rs-dsXXXXXX';
+const DB_URI = 'mongodb://localhost/habitrpg';
+
+const COLLECTION_QUESTS = [
+  'vice2',
+  'egg',
+  'moonstone1',
+  'goldenknight1',
+  'dilatoryDistress1',
+];
+
+let Groups;
+
+connectToDb(DB_URI).then((db) => {
+  Groups = db.collection('groups');
+
+  return Promise.resolve();
+})
+.then(findPartiesWithCollectionQuest)
+// .then(displayGroups) // for testing only
+.then(addMessageToGroups)
+.then(() => {
+  timer.stop();
+  closeDb();
+}).catch(reportError);
+
+function reportError (err) {
+  logger.error('Uh oh, an error occurred');
+  closeDb();
+  timer.stop();
+  throw err;
+}
+
+function findPartiesWithCollectionQuest () {
+  logger.info('Looking up groups on collection quests...');
+
+  return Groups.find({'quest.key': {$in: COLLECTION_QUESTS}}, ['name','quest']).toArray().then((groups) => {
+    logger.success('Found', groups.length, 'parties on collection quests');
+
+    return Promise.resolve(groups);
+  })
+}
+
+function displayGroups (groups) { // for testing only
+  logger.info('Displaying parties...');
+  console.log(groups);
+  return Promise.resolve(groups);
+}
+
+function updateGroupById (group) {
+  var newMessage = {
+    'id' : uuid.v4(),
+    'text' : message,
+    'timestamp': Date.now(),
+    'likes': {},
+    'flags': {},
+    'flagCount': 0,
+    'uuid': 'system'
+  };
+  return Groups.findOneAndUpdate({_id: group._id}, {$push:{"chat" :{$each: [newMessage], $position:0}}}, {returnOriginal: false});
+  // Does not set the newMessage flag for all party members because I don't think it's essential and
+  // I don't want to run the extra code (extra database load, extra opportunity for bugs).
+}
+
+function addMessageToGroups (groups) {
+  let queue = new TaskQueue(Promise, 300);
+
+  logger.info('About to update', groups.length, 'parties...');
+
+  return Promise.map(groups, queue.wrap(updateGroupById)).then((result) => {
+    let updates = result.filter(res => res.lastErrorObject && res.lastErrorObject.updatedExisting)
+    let failures = result.filter(res => !(res.lastErrorObject && res.lastErrorObject.updatedExisting));
+
+    logger.success(updates.length, 'parties have been notified');
+
+    if (failures.length > 0) {
+      logger.error(failures.length, 'parties could not be notified');
+    }
+
+    return Promise.resolve();
+  });
+}
+
@@ -0,0 +1,114 @@
+var migrationName = '20170616_achievements';
+var authorName = 'Sabe'; // in case script author needs to know when their ...
+var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
+
+/*
+ * Updates to achievements for June 16, 2017 biweekly merge
+ * 1. Multiply various collection quest achievements based on difficulty reduction
+ * 2. Award Joined Challenge achievement to those who should have it already
+ */
+
+import monk from 'monk';
+
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbUsers = monk(connectionString).get('users', { castIds: false });
+
+function processUsers(lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  var query = {
+    $or: [
+      {'achievements.quests.dilatoryDistress1': {$gt:0}},
+      {'achievements.quests.egg': {$gt:0}},
+      {'achievements.quests.goldenknight1': {$gt:0}},
+      {'achievements.quests.moonstone1': {$gt:0}},
+      {'achievements.quests.vice2': {$gt:0}},
+      {'achievements.challenges': {$exists: true, $ne: []}},
+      {'challenges': {$exists: true, $ne: []}},
+    ],
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [ // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+      'achievements',
+      'challenges',
+    ],
+  })
+  .then(updateUsers)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  var userPromises = users.map(updateUser);
+  var lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+  .then(function () {
+    processUsers(lastUser._id);
+  });
+}
+
+function updateUser (user) {
+  count++;
+  var set = {'migration': migrationName};
+
+  if (user.challenges.length > 0 || user.achievements.challenges.length > 0) {
+    set['achievements.joinedChallenge'] = true;
+  }
+  if (user.achievements.quests.dilatoryDistress1) {
+    set['achievements.quests.dilatoryDistress1'] = Math.ceil(user.achievements.quests.dilatoryDistress1 * 1.25);
+  }
+  if (user.achievements.quests.egg) {
+    set['achievements.quests.egg'] = Math.ceil(user.achievements.quests.egg * 2.5);
+  }
+  if (user.achievements.quests.goldenknight1) {
+    set['achievements.quests.goldenknight1'] = user.achievements.quests.goldenknight1 * 5;
+  }
+  if (user.achievements.quests.moonstone1) {
+    set['achievements.quests.moonstone1'] = user.achievements.quests.moonstone1 * 5;
+  }
+  if (user.achievements.quests.vice2) {
+    set['achievements.quests.vice2'] = Math.ceil(user.achievements.quests.vice2 * 1.5);
+  }
+
+  dbUsers.update({_id: user._id}, {$set:set});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + user._id);
+  if (user._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' users processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;
@@ -0,0 +1,90 @@
+var migrationName = '20170711_orcas.js';
+var authorName = 'Sabe'; // in case script author needs to know when their ...
+var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
+
+/*
+ * Award Orca pets to owners of Orca mount, and Orca mount to everyone else
+ */
+
+var monk = require('monk');
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbUsers = monk(connectionString).get('users', { castIds: false });
+
+function processUsers(lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  var query = {
+    'migration':{$ne:migrationName},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [
+      'items.mounts',
+    ] // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+  .then(updateUsers)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  var userPromises = users.map(updateUser);
+  var lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+  .then(function () {
+    processUsers(lastUser._id);
+  });
+}
+
+function updateUser (user) {
+  count++;
+
+  var set = {};
+
+  if (user.items.mounts['Orca-Base']) {
+    set = {'migration':migrationName, 'items.pets.Orca-Base': 5};
+  } else {
+    set = {'migration':migrationName, 'items.mounts.Orca-Base': true};
+  }
+
+  dbUsers.update({_id: user._id}, {$set:set});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + user._id);
+  if (user._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' users processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;
@@ -0,0 +1,109 @@
+var migrationName = '20170731_naming_day.js';
+var authorName = 'Sabe'; // in case script author needs to know when their ...
+var authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; //... own data is done
+
+/*
+ * Award Royal Purple Gryphon Helm to Royal Purple Gryphon pet owners,
+ * award Royal Purple Gryphon pet to Royal Purple Gryphon mount owners,
+ * award Royal Purple Gryphon mount to everyone else
+ */
+
+var monk = require('monk');
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbUsers = monk(connectionString).get('users', { castIds: false });
+
+function processUsers(lastId) {
+  // specify a query to limit the affected users (empty for all users):
+  var query = {
+    'migration':{$ne:migrationName},
+    'auth.timestamps.loggedin': {$gt: new Date('2017-01-01')},
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbUsers.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [
+      'items.mounts',
+      'items.pets',
+    ] // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+  })
+  .then(updateUsers)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateUsers (users) {
+  if (!users || users.length === 0) {
+    console.warn('All appropriate users found and modified.');
+    displayData();
+    return;
+  }
+
+  var userPromises = users.map(updateUser);
+  var lastUser = users[users.length - 1];
+
+  return Promise.all(userPromises)
+  .then(function () {
+    processUsers(lastUser._id);
+  });
+}
+
+function updateUser (user) {
+  count++;
+
+  var set = {};
+  var inc = {
+    'achievements.habiticaDays': 1,
+    'items.food.Cake_Skeleton': 1,
+    'items.food.Cake_Base': 1,
+    'items.food.Cake_CottonCandyBlue': 1,
+    'items.food.Cake_CottonCandyPink': 1,
+    'items.food.Cake_Shade': 1,
+    'items.food.Cake_White': 1,
+    'items.food.Cake_Golden': 1,
+    'items.food.Cake_Zombie': 1,
+    'items.food.Cake_Desert': 1,
+    'items.food.Cake_Red': 1
+  };
+
+  if (user.items.pets['Gryphon-RoyalPurple']) {
+    set = {'migration':migrationName, 'items.gear.owned.head_special_namingDay2017': false};
+  } else if (user.items.mounts['Gryphon-RoyalPurple']) {
+    set = {'migration':migrationName, 'items.pets.Gryphon-RoyalPurple': 5};
+  } else {
+    set = {'migration':migrationName, 'items.mounts.Gryphon-RoyalPurple': true};
+  }
+
+  dbUsers.update({_id: user._id}, {$set: set, $inc: inc});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + user._id);
+  if (user._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' users processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processUsers;
@@ -1,47 +1,47 @@
-import Bluebird from 'Bluebird';
-
-import { model as Challenges } from '../../website/server/models/challenge';
-import { model as User } from '../../website/server/models/user';
-
-async function syncChallengeToMembers (challenges) {
-  let challengSyncPromises = challenges.map(async function (challenge) {
-    let users = await User.find({
-      // _id: '',
-      challenges: challenge._id,
-    }).exec();
-
-    let promises = [];
-    users.forEach(function (user) {
-      promises.push(challenge.syncToUser(user));
-      promises.push(challenge.save());
-      promises.push(user.save());
-    });
-
-    return Bluebird.all(promises);
-  });
-
-  return await Bluebird.all(challengSyncPromises);
-}
-
-async function syncChallenges (lastChallengeDate) {
-  let query = {
-    // _id: '',
-  };
-
-  if (lastChallengeDate) {
-    query.createdOn = { $lte: lastChallengeDate };
-  }
-
-  let challengesFound = await Challenges.find(query)
-    .limit(10)
-    .sort('-createdAt')
-    .exec();
-
-  let syncedChallenges = await syncChallengeToMembers(challengesFound)
-    .catch(reason => console.error(reason));
-  let lastChallenge = challengesFound[challengesFound.length - 1];
-  if (lastChallenge) syncChallenges(lastChallenge.createdAt);
-  return syncedChallenges;
-};
-
-module.exports = syncChallenges;
+import Bluebird from 'Bluebird';
+
+import { model as Challenges } from '../../website/server/models/challenge';
+import { model as User } from '../../website/server/models/user';
+
+async function syncChallengeToMembers (challenges) {
+  let challengSyncPromises = challenges.map(async function (challenge) {
+    let users = await User.find({
+      // _id: '',
+      challenges: challenge._id,
+    }).exec();
+
+    let promises = [];
+    users.forEach(function (user) {
+      promises.push(challenge.syncToUser(user));
+      promises.push(challenge.save());
+      promises.push(user.save());
+    });
+
+    return Bluebird.all(promises);
+  });
+
+  return await Bluebird.all(challengSyncPromises);
+}
+
+async function syncChallenges (lastChallengeDate) {
+  let query = {
+    // _id: '',
+  };
+
+  if (lastChallengeDate) {
+    query.createdOn = { $lte: lastChallengeDate };
+  }
+
+  let challengesFound = await Challenges.find(query)
+    .limit(10)
+    .sort('-createdAt')
+    .exec();
+
+  let syncedChallenges = await syncChallengeToMembers(challengesFound)
+    .catch(reason => console.error(reason));
+  let lastChallenge = challengesFound[challengesFound.length - 1];
+  if (lastChallenge) syncChallenges(lastChallenge.createdAt);
+  return syncedChallenges;
+};
+
+module.exports = syncChallenges;
@@ -21,4 +21,4 @@ var processUsers = require('./groups/update-groups-with-group-plans');
 processUsers()
  .catch(function (err) {
      console.log(err)
-  })
+  })
@@ -2,7 +2,7 @@ var _id = '';
 var update = {
  $addToSet: {
    'purchased.plan.mysteryItems':{
-      $each:['body_mystery_201705','head_mystery_201705']
+      $each:['shield_mystery_201708','weapon_mystery_201708']
    }
  }
 };
@@ -0,0 +1,83 @@
+var migrationName = 'tasks-set-yesterdaily';
+var authorName = 'TheHollidayInn'; // in case script author needs to know when their ...
+var authorUuid = ''; //... own data is done
+
+/*
+ * Iterates over all tasks and sets the yseterDaily field to True
+ */
+
+import monk from 'monk';
+
+var connectionString = 'mongodb://localhost:27017/habitrpg?auto_reconnect=true'; // FOR TEST DATABASE
+var dbTasks = monk(connectionString).get('tasks', { castIds: false });
+
+function processTasks(lastId) {
+  // specify a query to limit the affected tasks (empty for all tasks):
+  var query = {
+    yesterDaily: false,
+  };
+
+  if (lastId) {
+    query._id = {
+      $gt: lastId
+    }
+  }
+
+  dbTasks.find(query, {
+    sort: {_id: 1},
+    limit: 250,
+    fields: [ // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
+    ],
+  })
+  .then(updateTasks)
+  .catch(function (err) {
+    console.log(err);
+    return exiting(1, 'ERROR! ' + err);
+  });
+}
+
+var progressCount = 1000;
+var count = 0;
+
+function updateTasks (tasks) {
+  if (!tasks || tasks.length === 0) {
+    console.warn('All appropriate tasks found and modified.');
+    displayData();
+    return;
+  }
+
+  var taskPromises = tasks.map(updatetask);
+  var lasttask = tasks[tasks.length - 1];
+
+  return Promise.all(taskPromises)
+  .then(function () {
+    processtasks(lasttask._id);
+  });
+}
+
+function updatetask (task) {
+  count++;
+  var set = {'yesterDaily': true};
+
+  dbTasks.update({_id: task._id}, {$set:set});
+
+  if (count % progressCount == 0) console.warn(count + ' ' + task._id);
+  if (task._id == authorUuid) console.warn(authorName + ' processed');
+}
+
+function displayData() {
+  console.warn('\n' + count + ' tasks processed\n');
+  return exiting(0);
+}
+
+function exiting(code, msg) {
+  code = code || 0; // 0 = success
+  if (code && !msg) { msg = 'ERROR!'; }
+  if (msg) {
+    if (code) { console.error(msg); }
+    else      { console.log(  msg); }
+  }
+  process.exit(code);
+}
+
+module.exports = processtasks;
@@ -0,0 +1,109 @@
+var migrationName = 'UserFromProdToTest';
+var authorName = 'TheHollidayInn'; // in case script author needs to know when their ...
+var authorUuid = ''; //... own data is done
+
+/*
+ * This migraition will copy user data from prod to test
+ */
+
+var monk = require('monk');
+var testConnectionSting = ''; // FOR TEST DATABASE
+var usersTest = monk(testConnectionSting).get('users', { castIds: false });
+var groupsTest = monk(testConnectionSting).get('groups', { castIds: false });
+var challengesTest = monk(testConnectionSting).get('challenges', { castIds: false });
+var tasksTest = monk(testConnectionSting).get('tasks', { castIds: false });
+
+var monk2 = require('monk');
+var liveConnectString = ''; // FOR TEST DATABASE
+var userLive = monk2(liveConnectString).get('users', { castIds: false });
+var groupsLive = monk2(liveConnectString).get('groups', { castIds: false });
+var challengesLive = monk2(liveConnectString).get('challenges', { castIds: false });
+var tasksLive = monk2(liveConnectString).get('tasks', { castIds: false });
+
+import uniq from 'lodash/uniq';
+import Bluebird from 'bluebird';
+
+// Variabls for updating
+let userIds = [
+  '206039c6-24e4-4b9f-8a31-61cbb9aa3f66',
+];
+
+let groupIds = [];
+let challengeIds = [];
+let tasksIds = [];
+
+async function processUsers () {
+  let userPromises = [];
+  //{_id: {$in: userIds}}
+
+  return userLive.find({guilds: 'b0764d64-8276-45a1-afa5-5ca9a5c64ca0'})
+    .each((user, {close, pause, resume}) => {
+      if (user.guilds.length > 0) groupIds = groupIds.concat(user.guilds);
+      if (user.party._id) groupIds.push(user.party._id);
+      if (user.challenges.length > 0) challengeIds = challengeIds.concat(user.challenges);
+      if (user.tasksOrder.rewards.length > 0) tasksIds = tasksIds.concat(user.tasksOrder.rewards);
+      if (user.tasksOrder.todos.length > 0) tasksIds = tasksIds.concat(user.tasksOrder.todos);
+      if (user.tasksOrder.dailys.length > 0) tasksIds = tasksIds.concat(user.tasksOrder.dailys);
+      if (user.tasksOrder.habits.length > 0) tasksIds = tasksIds.concat(user.tasksOrder.habits);
+
+      let userPromise = usersTest.update({'_id': user._id}, user, {upsert:true});
+      userPromises.push(userPromise);
+    }).then(() => {
+      return Bluebird.all(userPromises);
+    })
+    .then(() => {
+      console.log("Done User");
+    });
+}
+
+function processGroups () {
+  let promises = [];
+  let groupsToQuery = uniq(groupIds);
+  return groupsLive.find({_id: {$in: groupsToQuery}})
+    .each((group, {close, pause, resume}) => {
+      let promise = groupsTest.update({_id: group._id}, group, {upsert:true});
+      promises.push(promise);
+    }).then(() => {
+      return Bluebird.all(promises);
+    })
+    .then(() => {
+      console.log("Done Group");
+    });
+}
+
+function processChallenges () {
+  let promises = [];
+  let challengesToQuery = uniq(challengeIds);
+  return challengesLive.find({_id: {$in: challengesToQuery}})
+    .each((challenge, {close, pause, resume}) => {
+      let promise = challengesTest.update({_id: challenge._id}, challenge, {upsert:true});
+      promises.push(promise);
+    }).then(() => {
+      return Bluebird.all(promises);
+    })
+    .then(() => {
+      console.log("Done Challenge");
+    });
+}
+
+function processTasks () {
+  let promises = [];
+  let tasksToQuery = uniq(tasksIds);
+  return tasksLive.find({_id: {$in: tasksToQuery}})
+    .each((task, {close, pause, resume}) => {
+      let promise = tasksTest.update({_id: task._id}, task, {upsert:true});
+      promises.push(promise);
+    }).then(() => {
+      return Bluebird.all(promises);
+    })
+    .then(() => {
+      console.log("Done Tasks");
+    });
+}
+
+module.exports = async function prodToTest () {
+  await processUsers();
+  await processGroups();
+  await processChallenges();
+  await processTasks();
+};
@@ -1,7 +1,7 @@
 {
  "name": "habitica",
  "description": "A habit tracker app which treats your goals like a Role Playing Game.",
-  "version": "3.92.0",
+  "version": "3.111.5",
  "main": "./website/server/index.js",
  "dependencies": {
    "@slack/client": "^3.8.1",
@@ -15,8 +15,10 @@
    "aws-sdk": "^2.0.25",
    "axios": "^0.16.0",
    "babel-core": "^6.0.0",
+    "babel-eslint": "^7.2.3",
    "babel-loader": "^6.0.0",
    "babel-plugin-syntax-async-functions": "^6.13.0",
+    "babel-plugin-syntax-dynamic-import": "^6.18.0",
    "babel-plugin-transform-async-to-module-method": "^6.8.0",
    "babel-plugin-transform-object-rest-spread": "^6.16.0",
    "babel-plugin-transform-regenerator": "^6.16.1",
@@ -29,7 +31,7 @@
    "bluebird": "^3.3.5",
    "body-parser": "^1.15.0",
    "bootstrap": "^4.0.0-alpha.6",
-    "bootstrap-vue": "^0.15.8",
+    "bootstrap-vue": "^0.18.0",
    "bower": "~1.3.12",
    "browserify": "~12.0.1",
    "compression": "^1.6.1",
@@ -38,7 +40,7 @@
    "coupon-code": "^0.4.5",
    "css-loader": "^0.28.0",
    "csv-stringify": "^1.0.2",
-    "cwait": "^1.0.0",
+    "cwait": "~1.0.1",
    "domain-middleware": "~0.1.0",
    "estraverse": "^4.1.1",
    "express": "~4.14.0",
@@ -67,9 +69,11 @@
    "gulp-uglify": "^1.4.2",
    "gulp.spritesmith": "^4.1.0",
    "habitica-markdown": "^1.3.0",
+    "hellojs": "^1.15.1",
    "html-webpack-plugin": "^2.8.1",
    "image-size": "~0.3.2",
    "in-app-purchase": "^1.1.6",
+    "intro.js": "^2.6.0",
    "jade": "~1.11.0",
    "jquery": "^3.1.1",
    "js2xmlparser": "~1.0.0",
@@ -78,7 +82,7 @@
    "method-override": "^2.3.5",
    "moment": "^2.13.0",
    "moment-recur": "habitrpg/moment-recur#v1.0.6",
-    "mongoose": "^4.8.6",
+    "mongoose": "~4.8.6",
    "mongoose-id-autoinc": "~2013.7.14-4",
    "morgan": "^1.7.0",
    "nconf": "~0.8.2",
@@ -109,6 +113,9 @@
    "shelljs": "^0.7.6",
    "stripe": "^4.2.0",
    "superagent": "^3.4.3",
+    "svg-inline-loader": "^0.7.1",
+    "svg-url-loader": "^2.0.2",
+    "svgo-loader": "^1.2.1",
    "universal-analytics": "~0.3.2",
    "url-loader": "^0.5.7",
    "useragent": "^2.1.9",
@@ -119,9 +126,11 @@
    "vue": "^2.1.0",
    "vue-loader": "^11.0.0",
    "vue-mugen-scroll": "^0.2.1",
+    "vue-notification": "^1.3.2",
    "vue-router": "^2.0.0-rc.5",
    "vue-style-loader": "^3.0.0",
    "vue-template-compiler": "^2.1.10",
+    "vuejs-datepicker": "^0.9.4",
    "webpack": "^2.2.1",
    "webpack-merge": "^4.0.0",
    "winston": "^2.1.0",
@@ -135,7 +144,7 @@
  },
  "scripts": {
    "lint": "eslint --ext .js,.vue .",
-    "test": "npm run lint && gulp test && npm run client:unit",
+    "test": "npm run lint && gulp test && npm run client:unit && gulp apidoc",
    "test:build": "gulp test:prepare:build",
    "test:api-v3": "gulp test:api-v3",
    "test:api-v3:unit": "gulp test:api-v3:unit",
@@ -152,14 +161,15 @@
    "test:nodemon": "gulp test:nodemon",
    "coverage": "COVERAGE=true mocha --require register-handlers.js --reporter html-cov > coverage.html; open coverage.html",
    "sprites": "gulp sprites:compile",
-    "client:dev": "node webpack/dev-server.js",
-    "client:build": "node webpack/build.js",
+    "client:dev": "gulp bootstrap && node webpack/dev-server.js",
+    "client:build": "gulp bootstrap && node webpack/build.js",
    "client:unit": "cross-env NODE_ENV=test karma start test/client/unit/karma.conf.js --single-run",
    "client:unit:watch": "cross-env NODE_ENV=test karma start test/client/unit/karma.conf.js",
    "client:e2e": "node test/client/e2e/runner.js",
    "client:test": "npm run client:unit && npm run client:e2e",
    "start": "gulp run:dev",
-    "postinstall": "bower --config.interactive=false install -f; gulp build; npm run client:build"
+    "postinstall": "bower --config.interactive=false install -f && gulp build && npm run client:build",
+    "apidoc": "gulp apidoc"
  },
  "devDependencies": {
    "babel-plugin-istanbul": "^4.0.0",
@@ -207,6 +217,7 @@
    "nightwatch": "^0.9.12",
    "phantomjs-prebuilt": "^2.1.12",
    "protractor": "^3.1.1",
+    "raw-loader": "^0.5.1",
    "require-again": "^2.0.0",
    "rewire": "^2.3.3",
    "selenium-server": "^3.0.1",
@@ -1,3 +1,5 @@
+require("babel-register");
+require("babel-polyfill");
 // This file is used for creating paypal billing plans. PayPal doesn't have a web interface for setting up recurring
 // payment plan definitions, instead you have to create it via their REST SDK and keep it updated the same way. So this
 // file will be used once for initing your billing plan (then you get the resultant plan.id to store in config.json),
@@ -7,10 +9,10 @@ var path = require('path');
 var nconf = require('nconf');
 var _ = require('lodash');
 var paypal = require('paypal-rest-sdk');
-var blocks = require('../../../../common').content.subscriptionBlocks;
+var blocks = require('../website/common').content.subscriptionBlocks;
 var live = nconf.get('PAYPAL:mode')=='live';

-nconf.argv().env().file('user', path.join(path.resolve(__dirname, '../../../config.json')));
+nconf.argv().env().file('user', path.join(path.resolve(__dirname, '../config.json')));

 var OP = 'create'; // list create update remove

@@ -49,6 +51,8 @@ _.each(blocks, function(block){
  });
 })

+// @TODO: Add cli library for this
+
 switch(OP) {
  case "list":
    paypal.billingPlan.list({status: 'ACTIVE'}, function(err, plans){
@@ -91,4 +95,17 @@ switch(OP) {
    });
    break;
  case "remove": break;
+
+  case 'create-webprofile':
+    let webexpinfo = {
+      "name": "HabiticaProfile",
+      "input_fields": {
+        "no_shipping": 1,
+      },
+    };
+
+    paypal.webProfile.create(webexpinfo, (error, result) => {
+      console.log(error, result)
+    })
+    break;
 }
@@ -304,5 +304,15 @@ describe('POST /challenges', () => {

      await expect(groupLeader.sync()).to.eventually.have.property('challenges').to.include(challenge._id);
    });
+
+    it('awards achievement if this is creator\'s first challenge', async () => {
+      await groupLeader.post('/challenges', {
+        group: group._id,
+        name: 'Test Challenge',
+        shortName: 'TC Label',
+      });
+      groupLeader = await groupLeader.sync();
+      expect(groupLeader.achievements.joinedChallenge).to.be.true;
+    });
  });
 });
@@ -123,5 +123,12 @@ describe('POST /challenges/:challengeId/join', () => {

      await expect(authorizedUser.get('/tags')).to.eventually.have.length(userTagsLength + 1);
    });
+
+    it('awards achievement if this is user\'s first challenge', async () => {
+      await authorizedUser.post(`/challenges/${challenge._id}/join`);
+
+      await authorizedUser.sync();
+      expect(authorizedUser.achievements.joinedChallenge).to.be.true;
+    });
  });
 });
@@ -32,18 +32,20 @@ describe('POST /challenges/:challengeId/leave', () => {
    let group;
    let challenge;
    let notInChallengeUser;
+    let notInGroupLeavingUser;
    let leavingUser;
    let taskText;

    beforeEach(async () => {
      let populatedGroup = await createAndPopulateGroup({
-        members: 2,
+        members: 3,
      });

      groupLeader = populatedGroup.groupLeader;
      group = populatedGroup.group;
      leavingUser = populatedGroup.members[0];
      notInChallengeUser = populatedGroup.members[1];
+      notInGroupLeavingUser = populatedGroup.members[2];

      challenge = await generateChallenge(groupLeader, group);

@@ -55,17 +57,16 @@ describe('POST /challenges/:challengeId/leave', () => {

      await leavingUser.post(`/challenges/${challenge._id}/join`);

+      await notInGroupLeavingUser.post(`/challenges/${challenge._id}/join`);
+      await notInGroupLeavingUser.post(`/groups/${group._id}/leave`, {
+        keepChallenges: 'remain-in-challenges',
+      });
+
      await challenge.sync();
    });

-    it('returns an error when user doesn\'t have permissions to view the challenge', async () => {
-      let unauthorizedUser = await generateUser();
-
-      await expect(unauthorizedUser.post(`/challenges/${challenge._id}/leave`)).to.eventually.be.rejected.and.eql({
-        code: 404,
-        error: 'NotFound',
-        message: t('challengeNotFound'),
-      });
+    it('lets user leave when not a member of the challenge group', async () => {
+      await expect(notInGroupLeavingUser.post(`/challenges/${challenge._id}/leave`)).to.eventually.be.ok;
    });

    it('returns an error when user isn\'t a member of the challenge', async () => {
@@ -100,8 +100,8 @@ describe('POST /challenges/:challengeId/winner/:winnerId', () => {
      await sleep(0.5);

      await expect(winningUser.sync()).to.eventually.have.deep.property('achievements.challenges').to.include(challenge.name);
-      expect(winningUser.notifications.length).to.equal(1);
-      expect(winningUser.notifications[0].type).to.equal('WON_CHALLENGE');
+      expect(winningUser.notifications.length).to.equal(2); // 2 because winningUser just joined the challenge, which now awards an achievement
+      expect(winningUser.notifications[1].type).to.equal('WON_CHALLENGE');
    });

    it('gives winner gems as reward', async () => {
@@ -114,6 +114,26 @@ describe('POST /challenges/:challengeId/winner/:winnerId', () => {
      await expect(winningUser.sync()).to.eventually.have.property('balance', oldBalance + challenge.prize / 4);
    });

+    it('doesn\'t gives winner gems if group policy prevents it', async () => {
+      let oldBalance = winningUser.balance;
+      let oldLeaderBalance = (await groupLeader.sync()).balance;
+
+      await winningUser.update({
+        'purchased.plan.customerId': 'group-plan',
+      });
+      await group.update({
+        'leaderOnly.getGems': true,
+        'purchased.plan.customerId': 123,
+      });
+
+      await groupLeader.post(`/challenges/${challenge._id}/selectWinner/${winningUser._id}`);
+
+      await sleep(0.5);
+
+      await expect(winningUser.sync()).to.eventually.have.property('balance', oldBalance);
+      await expect(groupLeader.sync()).to.eventually.have.property('balance', oldLeaderBalance + challenge.prize / 4);
+    });
+
    it('doesn\'t refund gems to group leader', async () => {
      let oldBalance = (await groupLeader.sync()).balance;

@@ -84,6 +84,10 @@ describe('POST /chat/:chatId/flag', () => {
      type: 'party',
      privacy: 'private',
    });
+    await user.post(`/groups/${privateGroup._id}/invite`, {
+      uuids: [anotherUser._id],
+    });
+    await anotherUser.post(`/groups/${privateGroup._id}/join`);
    let { message } = await user.post(`/groups/${privateGroup._id}/chat`, {message: TEST_MESSAGE});

    let flagResult = await admin.post(`/groups/${privateGroup._id}/chat/${message.id}/flag`);
@@ -91,7 +95,7 @@ describe('POST /chat/:chatId/flag', () => {
    expect(flagResult.flags[admin._id]).to.equal(true);
    expect(flagResult.flagCount).to.equal(5);

-    let groupWithFlags = await user.get(`/groups/${privateGroup._id}`);
+    let groupWithFlags = await anotherUser.get(`/groups/${privateGroup._id}`);
    let messageToCheck = find(groupWithFlags.chat, {id: message.id});

    expect(messageToCheck).to.not.exist;
@@ -125,4 +129,20 @@ describe('POST /chat/:chatId/flag', () => {
        message: t('messageGroupChatFlagAlreadyReported'),
      });
  });
+
+  it('shows a hidden message to the original poster', async () => {
+    let { message } = await user.post(`/groups/${group._id}/chat`, {message: TEST_MESSAGE});
+
+    await admin.post(`/groups/${group._id}/chat/${message.id}/flag`);
+
+    let groupWithFlags = await user.get(`/groups/${group._id}`);
+    let messageToCheck = find(groupWithFlags.chat, {id: message.id});
+
+    expect(messageToCheck).to.exist;
+
+    let auGroupWithFlags = await anotherUser.get(`/groups/${group._id}`);
+    let auMessageToCheck = find(auGroupWithFlags.chat, {id: message.id});
+
+    expect(auMessageToCheck).to.not.exist;
+  });
 });
@@ -10,11 +10,22 @@ import {
  TAVERN_ID,
 } from '../../../../../website/server/models/group';
 import { v4 as generateUUID } from 'uuid';
+import { getMatchesByWordArray, removePunctuationFromString } from '../../../../../website/server/libs/stringUtils';
+import bannedWords from '../../../../../website/server/libs/bannedWords';
+import * as email from '../../../../../website/server/libs/email';
+import { IncomingWebhook } from '@slack/client';
+import nconf from 'nconf';
+
+const BASE_URL = nconf.get('BASE_URL');

 describe('POST /chat', () => {
  let user, groupWithChat, member, additionalMember;
  let testMessage = 'Test Message';
  let testBannedWordMessage = 'TEST_PLACEHOLDER_SWEAR_WORD_HERE';
+  let testSlurMessage = 'message with TEST_PLACEHOLDER_SLUR_WORD_HERE';
+  let bannedWordErrorMessage = t('bannedWordUsed').split('.');
+  bannedWordErrorMessage[0] += ` (${removePunctuationFromString(testBannedWordMessage.toLowerCase())})`;
+  bannedWordErrorMessage = bannedWordErrorMessage.join('.');

  before(async () => {
    let { group, groupLeader, members } = await createAndPopulateGroup({
@@ -25,7 +36,6 @@ describe('POST /chat', () => {
      },
      members: 2,
    });
-
    user = groupLeader;
    groupWithChat = group;
    member = members[0];
@@ -70,20 +80,20 @@ describe('POST /chat', () => {
  it('returns an error when chat privileges are revoked when sending a message to a public guild', async () => {
    let userWithChatRevoked = await member.update({'flags.chatRevoked': true});
    await expect(userWithChatRevoked.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage})).to.eventually.be.rejected.and.eql({
-      code: 404,
-      error: 'NotFound',
-      message: 'Your chat privileges have been revoked.',
+      code: 401,
+      error: 'NotAuthorized',
+      message: t('chatPrivilegesRevoked'),
    });
  });

  context('banned word', () => {
    it('returns an error when chat message contains a banned word in tavern', async () => {
      await expect(user.post('/groups/habitrpg/chat', { message: testBannedWordMessage}))
-      .to.eventually.be.rejected.and.eql({
-        code: 400,
-        error: 'BadRequest',
-        message: t('bannedWordUsed'),
-      });
+        .to.eventually.be.rejected.and.eql({
+          code: 400,
+          error: 'BadRequest',
+          message: bannedWordErrorMessage,
+        });
    });

    it('errors when word is part of a phrase', async () => {
@@ -92,7 +102,7 @@ describe('POST /chat', () => {
      .to.eventually.be.rejected.and.eql({
        code: 400,
        error: 'BadRequest',
-        message: t('bannedWordUsed'),
+        message: bannedWordErrorMessage,
      });
    });

@@ -102,10 +112,26 @@ describe('POST /chat', () => {
      .to.eventually.be.rejected.and.eql({
        code: 400,
        error: 'BadRequest',
-        message: t('bannedWordUsed'),
+        message: bannedWordErrorMessage,
      });
    });

+    it('checks error message has the banned words used', async () => {
+      let randIndex = Math.floor(Math.random() * (bannedWords.length + 1));
+      let testBannedWords = bannedWords.slice(randIndex, randIndex + 2).map((w) => w.replace(/\\/g, ''));
+      let chatMessage = `Mixing ${testBannedWords[0]} and ${testBannedWords[1]} is bad for you.`;
+      await expect(user.post('/groups/habitrpg/chat', { message: chatMessage}))
+        .to.eventually.be.rejected
+        .and.have.property('message')
+        .that.includes(testBannedWords.join(', '));
+    });
+
+    it('check all banned words are matched', async () => {
+      let message = bannedWords.join(',').replace(/\\/g, '');
+      let matches = getMatchesByWordArray(message, bannedWords);
+      expect(matches.length).to.equal(bannedWords.length);
+    });
+
    it('does not error when bad word is suffix of a word', async () => {
      let wordAsSuffix = `prefix${testBannedWordMessage}`;
      let message = await user.post('/groups/habitrpg/chat', { message: wordAsSuffix});
@@ -166,6 +192,114 @@ describe('POST /chat', () => {
    });
  });

+  context('banned slur', () => {
+    beforeEach(() => {
+      sandbox.spy(email, 'sendTxn');
+      sandbox.stub(IncomingWebhook.prototype, 'send');
+    });
+
+    afterEach(() => {
+      sandbox.restore();
+    });
+
+    it('errors and revokes privileges when chat message contains a banned slur', async () => {
+      await expect(user.post(`/groups/${groupWithChat._id}/chat`, { message: testSlurMessage})).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('bannedSlurUsed'),
+      });
+
+      // Email sent to mods
+      await sleep(0.5);
+      expect(email.sendTxn).to.be.calledOnce;
+      expect(email.sendTxn.args[0][1]).to.be.eql('slur-report-to-mods');
+
+      // Slack message to mods
+      expect(IncomingWebhook.prototype.send).to.be.calledOnce;
+      /* eslint-disable camelcase */
+      expect(IncomingWebhook.prototype.send).to.be.calledWith({
+        text: `${user.profile.name} (${user.id}) tried to post a slur`,
+        attachments: [{
+          fallback: 'Slur Message',
+          color: 'danger',
+          author_name: `${user.profile.name} - ${user.auth.local.email} - ${user._id}`,
+          title: 'Slur in Test Guild',
+          title_link: `${BASE_URL}/#/options/groups/guilds/${groupWithChat.id}`,
+          text: testSlurMessage,
+          // footer: sandbox.match(/<.*?groupId=group-id&chatId=chat-id\|Flag this message>/),
+          mrkdwn_in: [
+            'text',
+          ],
+        }],
+      });
+      /* eslint-enable camelcase */
+
+      // Chat privileges are revoked
+      await expect(user.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage})).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('chatPrivilegesRevoked'),
+      });
+
+      // Restore chat privileges to continue testing
+      user.flags.chatRevoked = false;
+      await user.update({'flags.chatRevoked': false});
+    });
+
+    it('does not allow slurs in private groups', async () => {
+      let { group, members } = await createAndPopulateGroup({
+        groupDetails: {
+          name: 'Party',
+          type: 'party',
+          privacy: 'private',
+        },
+        members: 1,
+      });
+
+      await expect(members[0].post(`/groups/${group._id}/chat`, { message: testSlurMessage})).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('bannedSlurUsed'),
+      });
+
+      // Email sent to mods
+      await sleep(0.5);
+      expect(email.sendTxn).to.be.calledThrice;
+      expect(email.sendTxn.args[2][1]).to.be.eql('slur-report-to-mods');
+
+      // Slack message to mods
+      expect(IncomingWebhook.prototype.send).to.be.calledOnce;
+      /* eslint-disable camelcase */
+      expect(IncomingWebhook.prototype.send).to.be.calledWith({
+        text: `${members[0].profile.name} (${members[0].id}) tried to post a slur`,
+        attachments: [{
+          fallback: 'Slur Message',
+          color: 'danger',
+          author_name: `${members[0].profile.name} - ${members[0].auth.local.email} - ${members[0]._id}`,
+          title: 'Slur in Party - (private party)',
+          title_link: undefined,
+          text: testSlurMessage,
+          // footer: sandbox.match(/<.*?groupId=group-id&chatId=chat-id\|Flag this message>/),
+          mrkdwn_in: [
+            'text',
+          ],
+        }],
+      });
+      /* eslint-enable camelcase */
+
+      // Chat privileges are revoked
+      await expect(members[0].post(`/groups/${groupWithChat._id}/chat`, { message: testMessage})).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('chatPrivilegesRevoked'),
+      });
+
+      // Restore chat privileges to continue testing
+      members[0].flags.chatRevoked = false;
+      await members[0].update({'flags.chatRevoked': false});
+    });
+  });
+
  it('does not error when sending a message to a private guild with a user with revoked chat', async () => {
    let { group, members } = await createAndPopulateGroup({
      groupDetails: {
@@ -16,6 +16,12 @@ describe('GET /groups', () => {
  const NUMBER_OF_USERS_PRIVATE_GUILDS = 1;
  const NUMBER_OF_GROUPS_USER_CAN_VIEW = 5;
  const GUILD_PER_PAGE = 30;
+  let categories = [{
+    slug: 'newCat',
+    name: 'New Category',
+  }];
+  let publicGuildNotMember;
+  let privateGuildUserIsMemberOf;

  before(async () => {
    await resetHabiticaDB();
@@ -31,16 +37,18 @@ describe('GET /groups', () => {
    await leader.post(`/groups/${publicGuildUserIsMemberOf._id}/invite`, { uuids: [user._id]});
    await user.post(`/groups/${publicGuildUserIsMemberOf._id}/join`);

-    await generateGroup(leader, {
+    publicGuildNotMember = await generateGroup(leader, {
      name: 'public guild - is not member',
      type: 'guild',
      privacy: 'public',
+      categories,
    });

-    let privateGuildUserIsMemberOf = await generateGroup(leader, {
+    privateGuildUserIsMemberOf = await generateGroup(leader, {
      name: 'private guild - is member',
      type: 'guild',
      privacy: 'private',
+      categories,
    });
    await leader.post(`/groups/${privateGuildUserIsMemberOf._id}/invite`, { uuids: [user._id]});
    await user.post(`/groups/${privateGuildUserIsMemberOf._id}/join`);
@@ -100,6 +108,50 @@ describe('GET /groups', () => {
      .to.eventually.have.a.lengthOf(NUMBER_OF_PUBLIC_GUILDS);
  });

+  describe('filters', () => {
+    it('returns public guilds filtered by category', async () => {
+      let guilds = await user.get(`/groups?type=publicGuilds&categories=${categories[0].slug}`);
+
+      expect(guilds[0]._id).to.equal(publicGuildNotMember._id);
+    });
+
+    it('returns private guilds filtered by category', async () => {
+      let guilds = await user.get(`/groups?type=privateGuilds&categories=${categories[0].slug}`);
+
+      expect(guilds[0]._id).to.equal(privateGuildUserIsMemberOf._id);
+    });
+
+    it('filters public guilds by size', async () => {
+      await generateGroup(user, {
+        name: 'guild1',
+        type: 'guild',
+        privacy: 'public',
+        memberCount: 1,
+      });
+
+      // @TODO: anyway to set higher memberCount in tests right now?
+
+      let guilds = await user.get('/groups?type=publicGuilds&minMemberCount=3');
+
+      expect(guilds.length).to.equal(0);
+    });
+
+    it('filters private guilds by size', async () => {
+      await generateGroup(user, {
+        name: 'guild1',
+        type: 'guild',
+        privacy: 'private',
+        memberCount: 1,
+      });
+
+      // @TODO: anyway to set higher memberCount in tests right now?
+
+      let guilds = await user.get('/groups?type=privateGuilds&minMemberCount=3');
+
+      expect(guilds.length).to.equal(0);
+    });
+  });
+
  describe('public guilds pagination', () => {
    it('req.query.paginate must be a boolean string', async () => {
      await expect(user.get('/groups?paginate=aString&type=publicGuilds'))
@@ -149,8 +201,8 @@ describe('GET /groups', () => {
      await expect(user.get('/groups?type=publicGuilds&paginate=true&page=1'))
        .to.eventually.have.a.lengthOf(GUILD_PER_PAGE);
      let page2 = await expect(user.get('/groups?type=publicGuilds&paginate=true&page=2'))
-        .to.eventually.have.a.lengthOf(1 + 2); // 1 created now, 2 by other tests
-      expect(page2[2].name).to.equal('guild with less members');
+        .to.eventually.have.a.lengthOf(1 + 3); // 1 created now, 3 by other tests
+      expect(page2[3].name).to.equal('guild with less members');
    });
  });

@@ -66,11 +66,25 @@ describe('GET /groups/:groupId/members', () => {
    expect(res[0].profile).to.have.all.keys(['name']);
  });

-  it('req.query.includeAllPublicFields === true only works with parties', async () => {
+  it('req.query.includeAllPublicFields === true works with guilds', async () => {
    let group = await generateGroup(user, {type: 'guild', name: generateUUID()});
-    let res = await user.get(`/groups/${group._id}/members?includeAllPublicFields=true`);
-    expect(res[0]).to.have.all.keys(['_id', 'id', 'profile']);
-    expect(res[0].profile).to.have.all.keys(['name']);
+    let [memberRes] = await user.get(`/groups/${group._id}/members?includeAllPublicFields=true`);
+
+    expect(memberRes).to.have.all.keys([ // works as: object has all and only these keys
+      '_id', 'id', 'preferences', 'profile', 'stats', 'achievements', 'party',
+      'backer', 'contributor', 'auth', 'items', 'inbox',
+    ]);
+    expect(Object.keys(memberRes.auth)).to.eql(['timestamps']);
+    expect(Object.keys(memberRes.preferences).sort()).to.eql([
+      'size', 'hair', 'skin', 'shirt',
+      'chair', 'costume', 'sleep', 'background', 'tasks',
+    ].sort());
+
+    expect(memberRes.stats.maxMP).to.exist;
+    expect(memberRes.stats.maxHealth).to.equal(common.maxHealth);
+    expect(memberRes.stats.toNextLevel).to.equal(common.tnl(memberRes.stats.lvl));
+    expect(memberRes.inbox.optOut).to.exist;
+    expect(memberRes.inbox.messages).to.not.exist;
  });

  it('populates all public fields if req.query.includeAllPublicFields === true and it is a party', async () => {
@@ -220,7 +220,7 @@ describe('POST /group/:groupId/join', () => {
      it('clears invitation from user when joining party', async () => {
        await invitedUser.post(`/groups/${party._id}/join`);

-        await expect(invitedUser.get('/user')).to.eventually.not.have.deep.property('invitations.party.id');
+        await expect(invitedUser.get('/user')).to.eventually.not.have.deep.property('invitations.parties[0].id');
      });

      it('increments memberCount when joining party', async () => {
@@ -247,7 +247,7 @@ describe('POST /groups/:groupId/leave', () => {

        let userWithoutInvitation = await invitedUser.get('/user');

-        expect(userWithoutInvitation.invitations.party).to.be.empty;
+        expect(userWithoutInvitation.invitations.parties[0]).to.be.empty;
      });
    });

@@ -107,7 +107,7 @@ describe('POST /group/:groupId/reject-invite', () => {
    it('clears invitation from user', async () => {
      await invitedUser.post(`/groups/${party._id}/reject-invite`);

-      await expect(invitedUser.get('/user')).to.eventually.not.have.deep.property('invitations.party.id');
+      await expect(invitedUser.get('/user')).to.eventually.not.have.deep.property('invitations.parties[0].id');
    });
  });
 });
@@ -11,6 +11,7 @@ describe('POST /groups/:groupId/removeMember/:memberId', () => {
  let guild;
  let member;
  let member2;
+  let adminUser;

  beforeEach(async () => {
    let { group, groupLeader, invitees, members } = await createAndPopulateGroup({
@@ -28,6 +29,7 @@ describe('POST /groups/:groupId/removeMember/:memberId', () => {
    invitedUser = invitees[0];
    member = members[0];
    member2 = members[1];
+    adminUser = await generateUser({ 'contributor.admin': true });
  });

  context('All Groups', () => {
@@ -42,7 +44,7 @@ describe('POST /groups/:groupId/removeMember/:memberId', () => {
        });
    });

-    it('returns an error when user is a non-leader member of a group', async () => {
+    it('returns an error when user is a non-leader member of a group and not an admin', async () => {
      expect(member2.post(`/groups/${guild._id}/removeMember/${member._id}`))
        .to.eventually.be.rejected.and.eql({
          code: 401,
@@ -87,7 +89,30 @@ describe('POST /groups/:groupId/removeMember/:memberId', () => {

      let invitedUserWithoutInvite = await invitedUser.get('/user');

-      expect(_.findIndex(invitedUserWithoutInvite.invitations.guilds, {id: guild._id})).eql(-1);
+      expect(_.findIndex(invitedUserWithoutInvite.invitations.guilds, { id: guild._id })).eql(-1);
+    });
+
+    it('allows an admin to remove other members', async () => {
+      await adminUser.post(`/groups/${guild._id}/removeMember/${member._id}`);
+      let memberRemoved = await member.get('/user');
+
+      expect(memberRemoved.guilds.indexOf(guild._id)).eql(-1);
+    });
+
+    it('allows an admin to remove other invites', async () => {
+      await adminUser.post(`/groups/${guild._id}/removeMember/${invitedUser._id}`);
+
+      let invitedUserWithoutInvite = await invitedUser.get('/user');
+
+      expect(_.findIndex(invitedUserWithoutInvite.invitations.guilds, { id: guild._id })).eql(-1);
+    });
+
+    it('does not allow an admin to remove a leader', async () => {
+      expect(adminUser.post(`/groups/${guild._id}/removeMember/${leader._id}`))
+        .to.eventually.be.rejected.and.eql({
+          code: 401,
+          text: t('cannotRemoveCurrentLeader'),
+        });
    });

    it('sends email to user with rescinded invite', async () => {
@@ -152,13 +177,13 @@ describe('POST /groups/:groupId/removeMember/:memberId', () => {
    });

    it('can remove other invites', async () => {
-      expect(partyInvitedUser.invitations.party).to.not.be.empty;
+      expect(partyInvitedUser.invitations.parties[0]).to.not.be.empty;

      await partyLeader.post(`/groups/${party._id}/removeMember/${partyInvitedUser._id}`);

      let invitedUserWithoutInvite = await partyInvitedUser.get('/user');

-      expect(invitedUserWithoutInvite.invitations.party).to.be.empty;
+      expect(invitedUserWithoutInvite.invitations.parties[0]).to.be.empty;
    });

    it('removes new messages from a member who is removed', async () => {
@@ -440,7 +440,38 @@ describe('Post /groups/:groupId/invite', () => {
      await inviter.post(`/groups/${party._id}/invite`, {
        uuids: [userToInvite._id],
      });
-      expect((await userToInvite.get('/user')).invitations.party.id).to.equal(party._id);
+      expect((await userToInvite.get('/user')).invitations.parties[0].id).to.equal(party._id);
+    });
+
+    it('allow inviting a user to 2 different parties', async () => {
+      // Create another inviter
+      let inviter2 = await generateUser();
+
+      // Create user to invite
+      let userToInvite = await generateUser();
+
+      // Create second group
+      let party2 = await inviter2.post('/groups', {
+        name: 'Test Party 2',
+        type: 'party',
+      });
+
+      // Invite to first party
+      await inviter.post(`/groups/${party._id}/invite`, {
+        uuids: [userToInvite._id],
+      });
+
+      // Invite to second party
+      await inviter2.post(`/groups/${party2._id}/invite`, {
+        uuids: [userToInvite._id],
+      });
+
+      // Get updated user
+      let invitedUser = await userToInvite.get('/user');
+
+      expect(invitedUser.invitations.parties.length).to.equal(2);
+      expect(invitedUser.invitations.parties[0].id).to.equal(party._id);
+      expect(invitedUser.invitations.parties[1].id).to.equal(party2._id);
    });

    it('allow inviting a user if party id is not associated with a real party', async () => {
@@ -451,7 +482,7 @@ describe('Post /groups/:groupId/invite', () => {
      await inviter.post(`/groups/${party._id}/invite`, {
        uuids: [userToInvite._id],
      });
-      expect((await userToInvite.get('/user')).invitations.party.id).to.equal(party._id);
+      expect((await userToInvite.get('/user')).invitations.parties[0].id).to.equal(party._id);
    });

    it('allows 30 members in a party', async () => {
@@ -1,10 +1,11 @@
 import {
  createAndPopulateGroup,
+  generateUser,
  translate as t,
 } from '../../../../helpers/api-v3-integration.helper';

 describe('PUT /group', () => {
-  let leader, nonLeader, groupToUpdate;
+  let leader, nonLeader, groupToUpdate, adminUser;
  let groupName = 'Test Public Guild';
  let groupType = 'guild';
  let groupUpdatedName = 'Test Public Guild Updated';
@@ -18,13 +19,13 @@ describe('PUT /group', () => {
      },
      members: 1,
    });
-
+    adminUser = await generateUser({ 'contributor.admin': true });
    groupToUpdate = group;
    leader = groupLeader;
    nonLeader = members[0];
  });

-  it('returns an error when a non group leader tries to update', async () => {
+  it('returns an error when a user that is not an admin or group leader tries to update', async () => {
    await expect(nonLeader.put(`/groups/${groupToUpdate._id}`, {
      name: groupUpdatedName,
    })).to.eventually.be.rejected.and.eql({
@@ -44,6 +45,29 @@ describe('PUT /group', () => {
    expect(updatedGroup.name).to.equal(groupUpdatedName);
  });

+  it('updates a group categories', async () => {
+    let categories = [{
+      slug: 'newCat',
+      name: 'New Category',
+    }];
+
+    let updatedGroup = await leader.put(`/groups/${groupToUpdate._id}`, {
+      categories,
+    });
+
+    expect(updatedGroup.categories[0].slug).to.eql(categories[0].slug);
+    expect(updatedGroup.categories[0].name).to.eql(categories[0].name);
+  });
+
+  it('allows an admin to update a guild', async () => {
+    let updatedGroup = await adminUser.put(`/groups/${groupToUpdate._id}`, {
+      name: groupUpdatedName,
+    });
+    expect(updatedGroup.leader._id).to.eql(leader._id);
+    expect(updatedGroup.leader.profile.name).to.eql(leader.profile.name);
+    expect(updatedGroup.name).to.equal(groupUpdatedName);
+  });
+
  it('allows a leader to change leaders', async () => {
    let updatedGroup = await leader.put(`/groups/${groupToUpdate._id}`, {
      name: groupUpdatedName,
@@ -0,0 +1,64 @@
+import {
+  generateUser,
+  translate as t,
+} from '../../../../helpers/api-v3-integration.helper';
+import { v4 as generateUUID } from 'uuid';
+
+describe('GET /members/:toUserId/objections/:interaction', () => {
+  let user;
+
+  before(async () => {
+    user = await generateUser();
+  });
+
+  it('validates req.params.memberId', async () => {
+    await expect(
+      user.get('/members/invalidUUID/objections/send-private-message')
+    ).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
+
+  it('handles non-existing members', async () => {
+    let dummyId = generateUUID();
+    await expect(
+      user.get(`/members/${dummyId}/objections/send-private-message`)
+    ).to.eventually.be.rejected.and.eql({
+      code: 404,
+      error: 'NotFound',
+      message: t('userWithIDNotFound', {userId: dummyId}),
+    });
+  });
+
+  it('handles non-existing interactions', async () => {
+    let receiver = await generateUser();
+
+    await expect(
+      user.get(`/members/${receiver._id}/objections/hug-a-whole-forest-of-trees`)
+    ).to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
+
+  it('returns an empty array if there are no objections', async () => {
+    let receiver = await generateUser();
+
+    await expect(
+      user.get(`/members/${receiver._id}/objections/send-private-message`)
+    ).to.eventually.be.fulfilled.and.eql([]);
+  });
+
+  it('returns an array of objections if any exist', async () => {
+    let receiver = await generateUser({'inbox.blocks': [user._id]});
+
+    await expect(
+      user.get(`/members/${receiver._id}/objections/send-private-message`)
+    ).to.eventually.be.fulfilled.and.eql([
+      t('notAuthorizedToSendMessageToThisUser'),
+    ]);
+  });
+});
@@ -82,6 +82,20 @@ describe('POST /members/send-private-message', () => {
    });
  });

+  it('returns an error when chat privileges are revoked', async () => {
+    let userWithChatRevoked = await generateUser({'flags.chatRevoked': true});
+    let receiver = await generateUser();
+
+    await expect(userWithChatRevoked.post('/members/send-private-message', {
+      message: messageToSend,
+      toUserId: receiver._id,
+    })).to.eventually.be.rejected.and.eql({
+      code: 401,
+      error: 'NotAuthorized',
+      message: t('chatPrivilegesRevoked'),
+    });
+  });
+
  it('sends a private message to a user', async () => {
    let receiver = await generateUser();

@@ -43,7 +43,7 @@ describe('POST /members/transfer-gems', () => {
    });
  });

-  it('returns error when to user is not found', async () => {
+  it('returns error when recipient is not found', async () => {
    await expect(userToSendMessage.post('/members/transfer-gems', {
      message,
      gemAmount,
@@ -55,7 +55,7 @@ describe('POST /members/transfer-gems', () => {
    });
  });

-  it('returns error when to user attempts to send gems to themselves', async () => {
+  it('returns error when user attempts to send gems to themselves', async () => {
    await expect(userToSendMessage.post('/members/transfer-gems', {
      message,
      gemAmount,
@@ -67,6 +67,64 @@ describe('POST /members/transfer-gems', () => {
    });
  });

+  it('returns error when recipient has blocked the sender', async () => {
+    let receiverWhoBlocksUser = await generateUser({'inbox.blocks': [userToSendMessage._id]});
+
+    await expect(userToSendMessage.post('/members/transfer-gems', {
+      message,
+      gemAmount,
+      toUserId: receiverWhoBlocksUser._id,
+    })).to.eventually.be.rejected.and.eql({
+      code: 401,
+      error: 'NotAuthorized',
+      message: t('notAuthorizedToSendMessageToThisUser'),
+    });
+  });
+
+  it('returns error when sender has blocked recipient', async () => {
+    let sender = await generateUser({'inbox.blocks': [receiver._id]});
+
+    await expect(sender.post('/members/transfer-gems', {
+      message,
+      gemAmount,
+      toUserId: receiver._id,
+    })).to.eventually.be.rejected.and.eql({
+      code: 401,
+      error: 'NotAuthorized',
+      message: t('notAuthorizedToSendMessageToThisUser'),
+    });
+  });
+
+  it('returns an error when chat privileges are revoked', async () => {
+    let userWithChatRevoked = await generateUser({'flags.chatRevoked': true});
+
+    await expect(userWithChatRevoked.post('/members/transfer-gems', {
+      message,
+      gemAmount,
+      toUserId: receiver._id,
+    })).to.eventually.be.rejected.and.eql({
+      code: 401,
+      error: 'NotAuthorized',
+      message: t('chatPrivilegesRevoked'),
+    });
+  });
+
+  it('works when only the recipient\'s chat privileges are revoked', async () => {
+    let receiverWithChatRevoked = await generateUser({'flags.chatRevoked': true});
+
+    await expect(userToSendMessage.post('/members/transfer-gems', {
+      message,
+      gemAmount,
+      toUserId: receiverWithChatRevoked._id,
+    })).to.eventually.be.fulfilled;
+
+    let updatedReceiver = await receiverWithChatRevoked.get('/user');
+    let updatedSender = await userToSendMessage.get('/user');
+
+    expect(updatedReceiver.balance).to.equal(gemAmount / 4);
+    expect(updatedSender.balance).to.equal(0);
+  });
+
  it('returns error when there is no gemAmount', async () => {
    await expect(userToSendMessage.post('/members/transfer-gems', {
      message,
@@ -144,7 +202,7 @@ describe('POST /members/transfer-gems', () => {
    expect(updatedSender.balance).to.equal(0);
  });

-  it('does not requrie a message', async () => {
+  it('does not require a message', async () => {
    await userToSendMessage.post('/members/transfer-gems', {
      gemAmount,
      toUserId: receiver._id,
@@ -0,0 +1,25 @@
+import {
+  generateUser,
+  translate as t,
+} from '../../../../helpers/api-integration/v3';
+
+describe('GET /shops/backgrounds', () => {
+  let user;
+
+  beforeEach(async () => {
+    user = await generateUser();
+  });
+
+  it('returns a valid shop object', async () => {
+    let shop = await user.get('/shops/backgrounds');
+    expect(shop.identifier).to.equal('backgroundShop');
+    expect(shop.text).to.eql(t('backgroundShop'));
+    expect(shop.notes).to.eql(t('backgroundShopText'));
+    expect(shop.imageName).to.equal('background_shop');
+    expect(shop.sets).to.be.an('array');
+
+    let sets = shop.sets.map(set => set.identifier);
+    expect(sets).to.include('incentiveBackgrounds');
+    expect(sets).to.include('backgrounds062014');
+  });
+});
@@ -1,3 +1,4 @@
+import moment from 'moment';
 import {
  generateUser,
 } from '../../../../helpers/api-integration/v3';
@@ -127,4 +128,106 @@ describe('GET /tasks/user', () => {
    let allCompletedTodos = await user.get('/tasks/user?type=_allCompletedTodos');
    expect(allCompletedTodos.length).to.equal(numberOfTodos);
  });
+
+  it('returns dailies with isDue for the date specified', async () => {
+    // @TODO Add required format
+    let startDate = moment().subtract('1', 'days').toISOString();
+    let createdTasks = await user.post('/tasks/user', [
+      {
+        text: 'test daily',
+        type: 'daily',
+        startDate,
+        frequency: 'daily',
+        everyX: 2,
+      },
+    ]);
+    let dailys = await user.get('/tasks/user?type=dailys');
+
+    expect(dailys.length).to.be.at.least(1);
+    expect(dailys[0]._id).to.equal(createdTasks._id);
+    expect(dailys[0].isDue).to.be.false;
+
+    let dailys2 = await user.get(`/tasks/user?type=dailys&dueDate=${startDate}`);
+    expect(dailys2[0]._id).to.equal(createdTasks._id);
+    expect(dailys2[0].isDue).to.be.true;
+  });
+
+  xit('returns dailies with isDue for the date specified and will add CDS offset if time is not supplied and assumes timezones', async () => {
+    let timezone = 420;
+    await user.update({
+      'preferences.dayStart': 0,
+      'preferences.timezoneOffset': timezone,
+    });
+    let startDate = moment().zone(timezone).subtract('4', 'days').startOf('day').toISOString();
+    await user.post('/tasks/user', [
+      {
+        text: 'test daily',
+        type: 'daily',
+        startDate,
+        frequency: 'daily',
+        everyX: 2,
+      },
+    ]);
+
+    let today = moment().format('YYYY-MM-DD');
+    let dailys = await user.get(`/tasks/user?type=dailys&dueDate=${today}`);
+    expect(dailys[0].isDue).to.be.true;
+
+    let yesterday = moment().subtract('1', 'days').format('YYYY-MM-DD');
+    let dailys2 = await user.get(`/tasks/user?type=dailys&dueDate=${yesterday}`);
+    expect(dailys2[0].isDue).to.be.false;
+  });
+
+
+  xit('returns dailies with isDue for the date specified and will add CDS offset if time is not supplied and assumes timezones', async () => {
+    let timezone = 240;
+    await user.update({
+      'preferences.dayStart': 0,
+      'preferences.timezoneOffset': timezone,
+    });
+    let startDate = moment().zone(timezone).subtract('4', 'days').startOf('day').toISOString();
+    await user.post('/tasks/user', [
+      {
+        text: 'test daily',
+        type: 'daily',
+        startDate,
+        frequency: 'daily',
+        everyX: 2,
+      },
+    ]);
+
+    let today = moment().format('YYYY-MM-DD');
+    let dailys = await user.get(`/tasks/user?type=dailys&dueDate=${today}`);
+    expect(dailys[0].isDue).to.be.true;
+
+    let yesterday = moment().subtract('1', 'days').format('YYYY-MM-DD');
+    let dailys2 = await user.get(`/tasks/user?type=dailys&dueDate=${yesterday}`);
+    expect(dailys2[0].isDue).to.be.false;
+  });
+
+  xit('returns dailies with isDue for the date specified and will add CDS offset if time is not supplied and assumes timezones', async () => {
+    let timezone = 540;
+    await user.update({
+      'preferences.dayStart': 0,
+      'preferences.timezoneOffset': timezone,
+    });
+    let startDate = moment().zone(timezone).subtract('4', 'days').startOf('day').toISOString();
+    await user.post('/tasks/user', [
+      {
+        text: 'test daily',
+        type: 'daily',
+        startDate,
+        frequency: 'daily',
+        everyX: 2,
+      },
+    ]);
+
+    let today = moment().format('YYYY-MM-DD');
+    let dailys = await user.get(`/tasks/user?type=dailys&dueDate=${today}`);
+    expect(dailys[0].isDue).to.be.true;
+
+    let yesterday = moment().subtract('1', 'days').format('YYYY-MM-DD');
+    let dailys2 = await user.get(`/tasks/user?type=dailys&dueDate=${yesterday}`);
+    expect(dailys2[0].isDue).to.be.false;
+  });
 });
@@ -215,6 +215,13 @@ describe('POST /tasks/:id/score/:direction', () => {
      expect(task.isDue).to.equal(true);
    });

+    it('computes nextDue', async () => {
+      await user.post(`/tasks/${daily._id}/score/up`);
+      let task = await user.get(`/tasks/${daily._id}`);
+
+      expect(task.nextDue.length).to.eql(6);
+    });
+
    it('scores up daily even if it is already completed'); // Yes?

    it('scores down daily even if it is already uncompleted'); // Yes?
@@ -0,0 +1,109 @@
+import {
+  generateUser,
+  generateGroup,
+  generateChallenge,
+  translate as t,
+} from '../../../../helpers/api-integration/v3';
+
+describe('POST /tasks/unlink-all/:challengeId', () => {
+  let user;
+  let guild;
+  let challenge;
+  let tasksToTest = {
+    habit: {
+      text: 'test habit',
+      type: 'habit',
+      up: false,
+      down: true,
+    },
+    todo: {
+      text: 'test todo',
+      type: 'todo',
+    },
+    daily: {
+      text: 'test daily',
+      type: 'daily',
+      frequency: 'daily',
+      everyX: 5,
+      startDate: new Date(),
+    },
+    reward: {
+      text: 'test reward',
+      type: 'reward',
+    },
+  };
+
+  beforeEach(async () => {
+    user = await generateUser();
+    guild = await generateGroup(user);
+    challenge = await generateChallenge(user, guild);
+  });
+
+  it('fails if no keep query', async () => {
+    await expect(user.post(`/tasks/unlink-all/${challenge._id}`))
+    .to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
+
+  it('fails if invalid challenge id', async () => {
+    await expect(user.post('/tasks/unlink-all/123?keep=remove-all'))
+    .to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
+
+  it('fails on an unbroken challenge', async () => {
+    await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.daily);
+    await expect(user.post(`/tasks/unlink-all/${challenge._id}?keep=remove-all`))
+    .to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('cantOnlyUnlinkChalTask'),
+    });
+  });
+
+  it('unlinks all tasks from a challenge and deletes them on keep=remove-all', async () => {
+    const daily = await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.daily);
+    await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.habit);
+    await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.reward);
+    await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.todo);
+    await user.del(`/challenges/${challenge._id}`);
+    const response = await user.post(`/tasks/unlink-all/${challenge._id}?keep=remove-all`);
+    expect(response).to.eql({});
+
+    await expect(user.get(`/tasks/${daily._id}`)).to.eventually.be.rejected.and.eql({
+      code: 404,
+      error: 'NotFound',
+      message: t('taskNotFound'),
+    });
+  });
+
+  it('unlinks a task from a challenge on keep=keep-all', async () => {
+    const daily = await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.daily);
+    const anotherUser = await generateUser();
+    await user.post(`/groups/${guild._id}/invite`, {
+        uuids: [anotherUser._id],
+    });
+    // Have the second user join the group and challenge
+    await anotherUser.post(`/groups/${guild._id}/join`);
+    await anotherUser.post(`/challenges/${challenge._id}/join`);
+    // Have the leader delete the challenge and unlink the tasks
+    await user.del(`/challenges/${challenge._id}`);
+    await user.post(`/tasks/unlink-all/${challenge._id}?keep=keep-all`);
+    // Get the second task for the second user
+    const [, anotherUserTask] = await anotherUser.get('/tasks/user');
+    // Expect the second user to still have the task, but unlinked
+    expect(anotherUserTask.challenge).to.eql({
+      taskId: daily._id,
+      id: challenge._id,
+      shortName: challenge.shortName,
+      broken: 'CHALLENGE_DELETED',
+      winner: null,
+    });
+  });
+});
@@ -0,0 +1,110 @@
+import {
+  generateUser,
+  generateGroup,
+  generateChallenge,
+  translate as t,
+} from '../../../../helpers/api-integration/v3';
+import { v4 as generateUUID } from 'uuid';
+
+describe('POST /tasks/unlink-one/:taskId', () => {
+  let user;
+  let guild;
+  let challenge;
+  let tasksToTest = {
+    habit: {
+      text: 'test habit',
+      type: 'habit',
+      up: false,
+      down: true,
+    },
+    todo: {
+      text: 'test todo',
+      type: 'todo',
+    },
+    daily: {
+      text: 'test daily',
+      type: 'daily',
+      frequency: 'daily',
+      everyX: 5,
+      startDate: new Date(),
+    },
+    reward: {
+      text: 'test reward',
+      type: 'reward',
+    },
+  };
+
+  beforeEach(async () => {
+    user = await generateUser();
+    guild = await generateGroup(user);
+    challenge = await generateChallenge(user, guild);
+  });
+
+  it('fails if no keep query', async () => {
+    const daily = await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.daily);
+    await expect(user.post(`/tasks/unlink-one/${daily._id}`))
+    .to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
+
+  it('fails if invalid task id', async () => {
+    await expect(user.post('/tasks/unlink-one/123?keep=remove'))
+    .to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
+    });
+  });
+
+  it('fails on task not found', async () => {
+    await expect(user.post(`/tasks/unlink-one/${generateUUID()}?keep=keep`))
+    .to.eventually.be.rejected.and.eql({
+      code: 404,
+      error: 'NotFound',
+      message: t('taskNotFound'),
+    });
+  });
+
+  it('fails on task unlinked to challenge', async () => {
+    let daily = await user.post('/tasks/user', tasksToTest.daily);
+    await expect(user.post(`/tasks/unlink-one/${daily._id}?keep=keep`))
+    .to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('cantOnlyUnlinkChalTask'),
+    });
+  });
+
+  it('fails on unbroken challenge', async () => {
+    await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.daily);
+    let [daily] = await user.get('/tasks/user');
+    await expect(user.post(`/tasks/unlink-one/${daily._id}?keep=keep`))
+    .to.eventually.be.rejected.and.eql({
+      code: 400,
+      error: 'BadRequest',
+      message: t('cantOnlyUnlinkChalTask'),
+    });
+  });
+
+  it('unlinks a task from a challenge and saves it on keep=keep', async () => {
+    await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.daily);
+    let [, daily] = await user.get('/tasks/user');
+    await user.del(`/challenges/${challenge._id}`);
+    await user.post(`/tasks/unlink-one/${daily._id}?keep=keep`);
+    [, daily] = await user.get('/tasks/user');
+    expect(daily.challenge).to.eql({});
+  });
+
+  it('unlinks a task from a challenge and deletes it on keep=remove', async () => {
+    await user.post(`/tasks/challenge/${challenge._id}`, tasksToTest.daily);
+    let [, daily] = await user.get('/tasks/user');
+    await user.del(`/challenges/${challenge._id}`);
+    await user.post(`/tasks/unlink-one/${daily._id}?keep=remove`);
+    const tasks = await user.get('/tasks/user');
+    // Only the default task should remain
+    expect(tasks.length).to.eql(1);
+  });
+});
@@ -133,6 +133,7 @@ describe('POST /tasks/user', () => {
      expect(task.completed).to.equal(false);
      expect(task.streak).not.to.equal('never');
      expect(task.value).not.to.equal(324);
+      expect(task.yesterDaily).to.equal(true);
    });

    it('ignores invalid fields', async () => {
@@ -510,6 +511,7 @@ describe('POST /tasks/user', () => {
      expect(task.weeksOfMonth).to.eql([3]);
      expect(new Date(task.startDate)).to.eql(now);
      expect(task.isDue).to.be.true;
+      expect(task.nextDue.length).to.eql(6);
    });

    it('creates multiple dailys', async () => {
@@ -614,6 +616,18 @@ describe('POST /tasks/user', () => {
      expect((new Date(task.startDate)).getDay()).to.eql(today);
    });

+    it('returns an error if the start date is empty', async () => {
+      await expect(user.post('/tasks/user', {
+        text: 'test daily',
+        type: 'daily',
+        startDate: '',
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: 'daily validation failed',
+      });
+    });
+
    it('can create checklists', async () => {
      let task = await user.post('/tasks/user', {
        text: 'test daily',
@@ -396,6 +396,7 @@ describe('PUT /tasks/:id', () => {
        notes: 'some new notes',
        frequency: 'daily',
        everyX: 5,
+        yesterDaily: false,
        startDate: moment().add(1, 'days').toDate(),
      });

@@ -404,6 +405,8 @@ describe('PUT /tasks/:id', () => {
      expect(savedDaily.frequency).to.eql('daily');
      expect(savedDaily.everyX).to.eql(5);
      expect(savedDaily.isDue).to.be.false;
+      expect(savedDaily.nextDue.length).to.eql(6);
+      expect(savedDaily.yesterDaily).to.be.false;
    });

    it('can update checklists (replace it)', async () => {
@@ -16,214 +16,330 @@ import {
  sha1MakeSalt,
  sha1Encrypt as sha1EncryptPassword,
 } from '../../../../../website/server/libs/password';
+import * as email from '../../../../../website/server/libs/email';
+
+const DELETE_CONFIRMATION = 'DELETE';

 describe('DELETE /user', () => {
  let user;
  let password = 'password'; // from habitrpg/test/helpers/api-integration/v3/object-generators.js

-  beforeEach(async () => {
-    user = await generateUser({balance: 10});
-  });
-
-  it('returns an errors if password is wrong', async () => {
-    await expect(user.del('/user', {
-      password: 'wrong-password',
-    })).to.eventually.be.rejected.and.eql({
-      code: 401,
-      error: 'NotAuthorized',
-      message: t('wrongPassword'),
-    });
-  });
-
-  it('returns an error if user has active subscription', async () => {
-    let userWithSubscription = await generateUser({'purchased.plan.customerId': 'fake-customer-id'});
-
-    await expect(userWithSubscription.del('/user', {
-      password,
-    })).to.be.rejected.and.to.eventually.eql({
-      code: 401,
-      error: 'NotAuthorized',
-      message: t('cannotDeleteActiveAccount'),
-    });
-  });
-
-  it('deletes the user\'s tasks', async () => {
-    // gets the user's tasks ids
-    let ids = [];
-    each(user.tasksOrder, (idsForOrder) => {
-      ids.push(...idsForOrder);
-    });
-
-    expect(ids.length).to.be.above(0); // make sure the user has some task to delete
-
-    await user.del('/user', {
-      password,
-    });
-
-    await Bluebird.all(map(ids, id => {
-      return expect(checkExistence('tasks', id)).to.eventually.eql(false);
-    }));
-  });
-
-  it('reduces memberCount in challenges user is linked to', async () => {
-    let populatedGroup = await createAndPopulateGroup({
-      members: 2,
-    });
-
-    let group = populatedGroup.group;
-    let authorizedUser = populatedGroup.members[1];
-
-    let challenge = await generateChallenge(populatedGroup.groupLeader, group);
-    await authorizedUser.post(`/challenges/${challenge._id}/join`);
-
-    await challenge.sync();
-
-    expect(challenge.memberCount).to.eql(2);
-
-    await authorizedUser.del('/user', {
-      password,
-    });
-
-    await challenge.sync();
-
-    expect(challenge.memberCount).to.eql(1);
-  });
-
-  it('deletes the user', async () => {
-    await user.del('/user', {
-      password,
-    });
-    await expect(checkExistence('users', user._id)).to.eventually.eql(false);
-  });
-
-  it('deletes the user with a legacy sha1 password', async () => {
-    let textPassword = 'mySecretPassword';
-    let salt = sha1MakeSalt();
-    let sha1HashedPassword = sha1EncryptPassword(textPassword, salt);
-
-    await user.update({
-      'auth.local.hashed_password': sha1HashedPassword,
-      'auth.local.passwordHashMethod': 'sha1',
-      'auth.local.salt': salt,
-    });
-
-    await user.sync();
-
-    expect(user.auth.local.passwordHashMethod).to.equal('sha1');
-    expect(user.auth.local.salt).to.equal(salt);
-    expect(user.auth.local.hashed_password).to.equal(sha1HashedPassword);
-
-    // delete the user
-    await user.del('/user', {
-      password: textPassword,
-    });
-    await expect(checkExistence('users', user._id)).to.eventually.eql(false);
-  });
-
-  context('last member of a party', () => {
-    let party;
-
+  context('user with local auth', async () => {
    beforeEach(async () => {
-      party = await generateGroup(user, {
-        type: 'party',
-        privacy: 'private',
+      user = await generateUser({balance: 10});
+    });
+
+    it('returns an error if password is wrong', async () => {
+      await expect(user.del('/user', {
+        password: 'wrong-password',
+      })).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('wrongPassword'),
      });
    });

-    it('deletes party when user is the only member', async () => {
+    it('returns an error if password is not supplied', async () => {
+      await expect(user.del('/user', {
+        password: '',
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('missingPassword'),
+      });
+    });
+
+    it('deletes the user', async () => {
      await user.del('/user', {
        password,
      });
-      await expect(checkExistence('party', party._id)).to.eventually.eql(false);
+      await expect(checkExistence('users', user._id)).to.eventually.eql(false);
    });
-  });

-  context('last member of a private guild', () => {
-    let privateGuild;
+    it('returns an error if excessive feedback is supplied', async () => {
+      let feedbackText = 'spam feedback ';
+      let feedback = feedbackText;
+      while (feedback.length < 10000) {
+        feedback = feedback + feedbackText;
+      }

-    beforeEach(async () => {
-      privateGuild = await generateGroup(user, {
-        type: 'guild',
-        privacy: 'private',
+      await expect(user.del('/user', {
+        password,
+        feedback,
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: 'Account deletion feedback is limited to 10,000 characters. For lengthy feedback, email admin@habitica.com.',
      });
    });

-    it('deletes guild when user is the only member', async () => {
+    it('returns an error if user has active subscription', async () => {
+      let userWithSubscription = await generateUser({'purchased.plan.customerId': 'fake-customer-id'});
+
+      await expect(userWithSubscription.del('/user', {
+        password,
+      })).to.be.rejected.and.to.eventually.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('cannotDeleteActiveAccount'),
+      });
+    });
+
+    it('deletes the user\'s tasks', async () => {
+      // gets the user's tasks ids
+      let ids = [];
+      each(user.tasksOrder, (idsForOrder) => {
+        ids.push(...idsForOrder);
+      });
+
+      expect(ids.length).to.be.above(0); // make sure the user has some task to delete
+
      await user.del('/user', {
        password,
      });
-      await expect(checkExistence('groups', privateGuild._id)).to.eventually.eql(false);
+
+      await Bluebird.all(map(ids, id => {
+        return expect(checkExistence('tasks', id)).to.eventually.eql(false);
+      }));
    });
-  });

-  context('groups user is leader of', () => {
-    let guild, oldLeader, newLeader;
-
-    beforeEach(async () => {
-      let { group, groupLeader, members } = await createAndPopulateGroup({
-        groupDetails: {
-          type: 'guild',
-          privacy: 'public',
-        },
-        members: 1,
+    it('reduces memberCount in challenges user is linked to', async () => {
+      let populatedGroup = await createAndPopulateGroup({
+        members: 2,
      });

-      guild = group;
-      newLeader = members[0];
-      oldLeader = groupLeader;
-    });
+      let group = populatedGroup.group;
+      let authorizedUser = populatedGroup.members[1];

-    it('chooses new group leader for any group user was the leader of', async () => {
-      await oldLeader.del('/user', {
+      let challenge = await generateChallenge(populatedGroup.groupLeader, group);
+      await authorizedUser.post(`/challenges/${challenge._id}/join`);
+
+      await challenge.sync();
+
+      expect(challenge.memberCount).to.eql(2);
+
+      await authorizedUser.del('/user', {
        password,
      });

-      let updatedGuild = await newLeader.get(`/groups/${guild._id}`);
+      await challenge.sync();

-      expect(updatedGuild.leader).to.exist;
-      expect(updatedGuild.leader._id).to.not.eql(oldLeader._id);
-    });
-  });
-
-  context('groups user is a part of', () => {
-    let group1, group2, userToDelete, otherUser;
-
-    beforeEach(async () => {
-      userToDelete = await generateUser({balance: 10});
-
-      group1 = await generateGroup(userToDelete, {
-        type: 'guild',
-        privacy: 'public',
-      });
-
-      let {group, members} = await createAndPopulateGroup({
-        groupDetails: {
-          type: 'guild',
-          privacy: 'public',
-        },
-        members: 3,
-      });
-
-      group2 = group;
-      otherUser = members[0];
-
-      await userToDelete.post(`/groups/${group2._id}/join`);
+      expect(challenge.memberCount).to.eql(1);
    });

-    it('removes user from all groups user was a part of', async () => {
-      await userToDelete.del('/user', {
+    it('sends feedback to the admin email', async () => {
+      sandbox.spy(email, 'sendTxn');
+
+      let feedback = 'Reasons for Deletion';
+      await user.del('/user', {
+        password,
+        feedback,
+      });
+
+      expect(email.sendTxn).to.be.calledOnce;
+
+      sandbox.restore();
+    });
+
+    it('does not send email if no feedback is supplied', async () => {
+      sandbox.spy(email, 'sendTxn');
+
+      await user.del('/user', {
        password,
      });

-      let updatedGroup1Members = await otherUser.get(`/groups/${group1._id}/members`);
-      let updatedGroup2Members = await otherUser.get(`/groups/${group2._id}/members`);
-      let userInGroup = find(updatedGroup2Members, (member) => {
-        return member._id === userToDelete._id;
+      expect(email.sendTxn).to.not.be.called;
+
+      sandbox.restore();
+    });
+
+    it('deletes the user with a legacy sha1 password', async () => {
+      let textPassword = 'mySecretPassword';
+      let salt = sha1MakeSalt();
+      let sha1HashedPassword = sha1EncryptPassword(textPassword, salt);
+
+      await user.update({
+        'auth.local.hashed_password': sha1HashedPassword,
+        'auth.local.passwordHashMethod': 'sha1',
+        'auth.local.salt': salt,
      });

-      expect(updatedGroup1Members).to.be.empty;
-      expect(updatedGroup2Members).to.not.be.empty;
-      expect(userInGroup).to.not.exist;
+      await user.sync();
+
+      expect(user.auth.local.passwordHashMethod).to.equal('sha1');
+      expect(user.auth.local.salt).to.equal(salt);
+      expect(user.auth.local.hashed_password).to.equal(sha1HashedPassword);
+
+      // delete the user
+      await user.del('/user', {
+        password: textPassword,
+      });
+      await expect(checkExistence('users', user._id)).to.eventually.eql(false);
+    });
+
+    context('last member of a party', () => {
+      let party;
+
+      beforeEach(async () => {
+        party = await generateGroup(user, {
+          type: 'party',
+          privacy: 'private',
+        });
+      });
+
+      it('deletes party when user is the only member', async () => {
+        await user.del('/user', {
+          password,
+        });
+        await expect(checkExistence('party', party._id)).to.eventually.eql(false);
+      });
+    });
+
+    context('last member of a private guild', () => {
+      let privateGuild;
+
+      beforeEach(async () => {
+        privateGuild = await generateGroup(user, {
+          type: 'guild',
+          privacy: 'private',
+        });
+      });
+
+      it('deletes guild when user is the only member', async () => {
+        await user.del('/user', {
+          password,
+        });
+        await expect(checkExistence('groups', privateGuild._id)).to.eventually.eql(false);
+      });
+    });
+
+    context('groups user is leader of', () => {
+      let guild, oldLeader, newLeader;
+
+      beforeEach(async () => {
+        let { group, groupLeader, members } = await createAndPopulateGroup({
+          groupDetails: {
+            type: 'guild',
+            privacy: 'public',
+          },
+          members: 1,
+        });
+
+        guild = group;
+        newLeader = members[0];
+        oldLeader = groupLeader;
+      });
+
+      it('chooses new group leader for any group user was the leader of', async () => {
+        await oldLeader.del('/user', {
+          password,
+        });
+
+        let updatedGuild = await newLeader.get(`/groups/${guild._id}`);
+
+        expect(updatedGuild.leader).to.exist;
+        expect(updatedGuild.leader._id).to.not.eql(oldLeader._id);
+      });
+    });
+
+    context('groups user is a part of', () => {
+      let group1, group2, userToDelete, otherUser;
+
+      beforeEach(async () => {
+        userToDelete = await generateUser({balance: 10});
+
+        group1 = await generateGroup(userToDelete, {
+          type: 'guild',
+          privacy: 'public',
+        });
+
+        let {group, members} = await createAndPopulateGroup({
+          groupDetails: {
+            type: 'guild',
+            privacy: 'public',
+          },
+          members: 3,
+        });
+
+        group2 = group;
+        otherUser = members[0];
+
+        await userToDelete.post(`/groups/${group2._id}/join`);
+      });
+
+      it('removes user from all groups user was a part of', async () => {
+        await userToDelete.del('/user', {
+          password,
+        });
+
+        let updatedGroup1Members = await otherUser.get(`/groups/${group1._id}/members`);
+        let updatedGroup2Members = await otherUser.get(`/groups/${group2._id}/members`);
+        let userInGroup = find(updatedGroup2Members, (member) => {
+          return member._id === userToDelete._id;
+        });
+
+        expect(updatedGroup1Members).to.be.empty;
+        expect(updatedGroup2Members).to.not.be.empty;
+        expect(userInGroup).to.not.exist;
+      });
+    });
+  });
+
+  context('user with Facebook auth', async () => {
+    beforeEach(async () => {
+      user = await generateUser({
+        auth: {
+          facebook: {
+            id: 'facebook-id',
+          },
+        },
+      });
+    });
+
+    it('returns an error if confirmation phrase is wrong', async () => {
+      await expect(user.del('/user', {
+        password: 'just-do-it',
+      })).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('incorrectDeletePhrase'),
+      });
+    });
+
+    it('returns an error if confirmation phrase is not supplied', async () => {
+      await expect(user.del('/user', {
+        password: '',
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('missingPassword'),
+      });
+    });
+
+    it('deletes a Facebook user', async () => {
+      await user.del('/user', {
+        password: DELETE_CONFIRMATION,
+      });
+      await expect(checkExistence('users', user._id)).to.eventually.eql(false);
+    });
+  });
+
+  context('user with Google auth', async () => {
+    beforeEach(async () => {
+      user = await generateUser({
+        auth: {
+          google: {
+            id: 'google-id',
+          },
+        },
+      });
+    });
+
+    it('deletes a Google user', async () => {
+      await user.del('/user', {
+        password: DELETE_CONFIRMATION,
+      });
+      await expect(checkExistence('users', user._id)).to.eventually.eql(false);
    });
  });
 });
@@ -221,6 +221,27 @@ describe('POST /user/class/cast/:spellId', () => {
    expect(syncedGroupTask.value).to.equal(0);
  });

+  it('increases both user\'s achievement values', async () => {
+    let party = await createAndPopulateGroup({
+      members: 1,
+    });
+    let leader = party.groupLeader;
+    let recipient = party.members[0];
+    await leader.update({'stats.gp': 10});
+    await leader.post(`/user/class/cast/birthday?targetId=${recipient._id}`);
+    await leader.sync();
+    await recipient.sync();
+    expect(leader.achievements.birthday).to.equal(1);
+    expect(recipient.achievements.birthday).to.equal(1);
+  });
+
+  it('only increases user\'s achievement one if target == caster', async () => {
+    await user.update({'stats.gp': 10});
+    await user.post(`/user/class/cast/birthday?targetId=${user._id}`);
+    await user.sync();
+    expect(user.achievements.birthday).to.equal(1);
+  });
+
  // TODO find a way to have sinon working in integration tests
  // it doesn't work when tests are running separately from server
  it('passes correct target to spell when targetType === \'task\'');
@@ -1,5 +1,6 @@
 import {
  generateUser,
+  createAndPopulateGroup,
  translate as t,
 } from '../../../../helpers/api-integration/v3';

@@ -31,4 +32,70 @@ describe('POST /user/purchase/:type/:key', () => {

    expect(user.items[type][key]).to.equal(1);
  });
+
+  it('can convert gold to gems if subscribed', async () => {
+    let oldBalance = user.balance;
+    await user.update({
+      'purchased.plan.customerId': 'group-plan',
+      'stats.gp': 1000,
+    });
+    await user.post('/user/purchase/gems/gem');
+    await user.sync();
+    expect(user.balance).to.equal(oldBalance + 0.25);
+  });
+
+  it('leader can convert gold to gems even if the group plan prevents it', async () => {
+    let { group, groupLeader } = await createAndPopulateGroup({
+      groupDetails: {
+        name: 'test',
+        type: 'guild',
+        privacy: 'private',
+      },
+    });
+    await group.update({
+      'leaderOnly.getGems': true,
+      'purchased.plan.customerId': 123,
+    });
+    await groupLeader.sync();
+    let oldBalance = groupLeader.balance;
+
+    await groupLeader.update({
+      'purchased.plan.customerId': 'group-plan',
+      'stats.gp': 1000,
+    });
+    await groupLeader.post('/user/purchase/gems/gem');
+
+    await groupLeader.sync();
+    expect(groupLeader.balance).to.equal(oldBalance + 0.25);
+  });
+
+  it('cannot convert gold to gems if the group plan prevents it', async () => {
+    let { group, members } = await createAndPopulateGroup({
+      groupDetails: {
+        name: 'test',
+        type: 'guild',
+        privacy: 'private',
+      },
+      members: 1,
+    });
+    await group.update({
+      'leaderOnly.getGems': true,
+      'purchased.plan.customerId': 123,
+    });
+    let oldBalance = members[0].balance;
+
+    await members[0].update({
+      'purchased.plan.customerId': 'group-plan',
+      'stats.gp': 1000,
+    });
+    await expect(members[0].post('/user/purchase/gems/gem'))
+      .to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('groupPolicyCannotGetGems'),
+      });
+
+    await members[0].sync();
+    expect(members[0].balance).to.equal(oldBalance);
+  });
 });
@@ -2,17 +2,34 @@ import {
  generateUser,
  translate as t,
 } from '../../../../helpers/api-integration/v3';
+import content from '../../../../../website/common/script/content/index';

 describe('POST /user/release-both', () => {
  let user;
  let animal = 'Wolf-Base';
+  const loadPets = () => {
+    let pets = {};
+    for (let p in content.pets) {
+      pets[p] = content.pets[p];
+      pets[p] = 5;
+    }
+    return pets;
+  };
+  const loadMounts = () => {
+    let mounts = {};
+    for (let m in content.pets) {
+      mounts[m] = content.pets[m];
+      mounts[m] = true;
+    }
+    return mounts;
+  };

  beforeEach(async () => {
    user = await generateUser({
      'items.currentMount': animal,
      'items.currentPet': animal,
-      'items.pets': {animal: 5},
-      'items.mounts': {animal: true},
+      'items.pets': loadPets(),
+      'items.mounts': loadMounts(),
    });
  });

@@ -2,15 +2,25 @@ import {
  generateUser,
  translate as t,
 } from '../../../../helpers/api-integration/v3';
+import content from '../../../../../website/common/script/content/index';

 describe('POST /user/release-mounts', () => {
  let user;
  let animal = 'Wolf-Base';

+  const loadMounts = () => {
+    let mounts = {};
+    for (let m in content.pets) {
+      mounts[m] = content.pets[m];
+      mounts[m] = true;
+    }
+    return mounts;
+  };
+
  beforeEach(async () => {
    user = await generateUser({
      'items.currentMount': animal,
-      'items.mounts': {animal: true},
+      'items.mounts': loadMounts(),
    });
  });

@@ -2,15 +2,25 @@ import {
  generateUser,
  translate as t,
 } from '../../../../helpers/api-integration/v3';
+import content from '../../../../../website/common/script/content/index';

 describe('POST /user/release-pets', () => {
  let user;
  let animal = 'Wolf-Base';

+  const loadPets = () => {
+    let pets = {};
+    for (let p in content.pets) {
+      pets[p] = content.pets[p];
+      pets[p] = 5;
+    }
+    return pets;
+  };
+
  beforeEach(async () => {
    user = await generateUser({
      'items.currentPet': animal,
-      'items.pets': {animal: 5},
+      'items.pets': loadPets(),
    });
  });

@@ -509,7 +509,73 @@ describe('POST /user/auth/local/register', () => {
        confirmPassword: password,
      });

-      expect(user.invitations.party).to.eql({
+      expect(user.invitations.parties[0].id).to.eql(group._id);
+      expect(user.invitations.parties[0].name).to.eql(group.name);
+      expect(user.invitations.parties[0].inviter).to.eql(groupLeader._id);
+    });
+
+    it('awards achievement to inviter', async () => {
+      let { group, groupLeader } = await createAndPopulateGroup({
+        groupDetails: { type: 'party', privacy: 'private' },
+      });
+
+      let invite = encrypt(JSON.stringify({
+        id: group._id,
+        inviter: groupLeader._id,
+        sentAt: Date.now(),
+      }));
+
+      await api.post(`/user/auth/local/register?groupInvite=${invite}`, {
+        username,
+        email,
+        password,
+        confirmPassword: password,
+      });
+
+      await groupLeader.sync();
+      expect(groupLeader.achievements.invitedFriend).to.be.true;
+    });
+
+    it('user not added to a party on expired invite', async () => {
+      let { group, groupLeader } = await createAndPopulateGroup({
+        groupDetails: { type: 'party', privacy: 'private' },
+      });
+
+      let invite = encrypt(JSON.stringify({
+        id: group._id,
+        inviter: groupLeader._id,
+        sentAt: Date.now() - 6.912e8, // 8 days old
+      }));
+
+      let user = await api.post(`/user/auth/local/register?groupInvite=${invite}`, {
+        username,
+        email,
+        password,
+        confirmPassword: password,
+      });
+
+      expect(user.invitations.party).to.eql({});
+    });
+
+    it('adds a user to a guild on an invite of type other than party', async () => {
+      let { group, groupLeader } = await createAndPopulateGroup({
+          groupDetails: { type: 'guild', privacy: 'private' },
+      });
+
+      let invite = encrypt(JSON.stringify({
+        id: group._id,
+        inviter: groupLeader._id,
+        sentAt: Date.now(),
+      }));
+
+      let user = await api.post(`/user/auth/local/register?groupInvite=${invite}`, {
+        username,
+        email,
+        password,
+        confirmPassword: password,
+      });
+
+      expect(user.invitations.guilds[0]).to.eql({
        id: group._id,
        name: group.name,
        inviter: groupLeader._id,
@@ -102,6 +102,7 @@ describe('Amazon Payments', () => {
    });

    it('should purchase gems', async () => {
+      sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
      await amzLib.checkout({user, orderReferenceId, headers});

      expect(paymentBuyGemsStub).to.be.calledOnce;
@@ -111,22 +112,52 @@ describe('Amazon Payments', () => {
        headers,
      });
      expectAmazonStubs();
+      expect(user.canGetGems).to.be.calledOnce;
+      user.canGetGems.restore();
    });

-    it('should gift gems', async () => {
+    it('should error if gem amount is too low', async () => {
      let receivingUser = new User();
      receivingUser.save();
      let gift = {
        type: 'gems',
        gems: {
-          amount: 16,
+          amount: 0,
          uuid: receivingUser._id,
        },
      };
+
+      await expect(amzLib.checkout({gift, user, orderReferenceId, headers}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 400,
+        message: 'Amount must be at least 1.',
+        name: 'BadRequest',
+      });
+    });
+
+    it('should error if user cannot get gems gems', async () => {
+      sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+      await expect(amzLib.checkout({user, orderReferenceId, headers})).to.eventually.be.rejected.and.to.eql({
+        httpCode: 401,
+        message: i18n.t('groupPolicyCannotGetGems'),
+        name: 'NotAuthorized',
+      });
+      user.canGetGems.restore();
+    });
+
+    it('should gift gems', async () => {
+      let receivingUser = new User();
+      await receivingUser.save();
+      let gift = {
+        type: 'gems',
+        uuid: receivingUser._id,
+        gems: {
+          amount: 16,
+        },
+      };
      amount = 16 / 4;
      await amzLib.checkout({gift, user, orderReferenceId, headers});

-      gift.member = receivingUser;
      expect(paymentBuyGemsStub).to.be.calledOnce;
      expect(paymentBuyGemsStub).to.be.calledWith({
        user,
@@ -525,6 +556,7 @@ describe('Amazon Payments', () => {
        nextBill: moment(user.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
        paymentMethod: amzLib.constants.PAYMENT_METHOD,
        headers,
+        cancellationReason: undefined,
      });
      expectAmazonStubs();
    });
@@ -555,6 +587,7 @@ describe('Amazon Payments', () => {
        nextBill: moment(user.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
        paymentMethod: amzLib.constants.PAYMENT_METHOD,
        headers,
+        cancellationReason: undefined,
      });
      amzLib.closeBillingAgreement.restore();
    });
@@ -593,6 +626,7 @@ describe('Amazon Payments', () => {
        nextBill: moment(group.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
        paymentMethod: amzLib.constants.PAYMENT_METHOD,
        headers,
+        cancellationReason: undefined,
      });
      expectAmazonStubs();
    });
@@ -623,6 +657,7 @@ describe('Amazon Payments', () => {
        nextBill: moment(group.purchased.plan.lastBillingDate).add({ days: subscriptionLength }),
        paymentMethod: amzLib.constants.PAYMENT_METHOD,
        headers,
+        cancellationReason: undefined,
      });
      amzLib.closeBillingAgreement.restore();
    });
@@ -57,7 +57,20 @@ describe('Apple Payments', ()  => {
        });
    });

+    it('errors if the user cannot purchase gems', async () => {
+      sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+      await expect(applePayments.verifyGemPurchase(user, receipt, headers))
+        .to.eventually.be.rejected.and.to.eql({
+          httpCode: 401,
+          name: 'NotAuthorized',
+          message: i18n.t('groupPolicyCannotGetGems'),
+        });
+
+      user.canGetGems.restore();
+    });
+
    it('purchases gems', async () => {
+      sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
      await applePayments.verifyGemPurchase(user, receipt, headers);

      expect(iapSetupStub).to.be.calledOnce;
@@ -74,6 +87,8 @@ describe('Apple Payments', ()  => {
        amount: 5.25,
        headers,
      });
+      expect(user.canGetGems).to.be.calledOnce;
+      user.canGetGems.restore();
    });
  });

@@ -79,6 +79,13 @@ describe('cron', () => {
      expect(user.purchased.plan.gemsBought).to.equal(0);
    });

+    it('resets plan.gemsBought on a new month if user does not have purchased.plan.dateUpdated', () => {
+      user.purchased.plan.gemsBought = 10;
+      user.purchased.plan.dateUpdated = undefined;
+      cron({user, tasksByType, daysMissed, analytics});
+      expect(user.purchased.plan.gemsBought).to.equal(0);
+    });
+
    it('does not reset plan.gemsBought within the month', () => {
      let clock = sinon.useFakeTimers(moment().startOf('month').add(2, 'days').unix());
      user.purchased.plan.dateUpdated = moment().startOf('month').toDate();
@@ -313,6 +320,24 @@ describe('cron', () => {
      expect(tasksByType.dailys[0].completed).to.be.false;
      expect(user.stats.hp).to.equal(healthBefore);
    });
+
+    it('sets isDue for daily', () => {
+      let daily = {
+        text: 'test daily',
+        type: 'daily',
+        frequency: 'daily',
+        everyX: 5,
+        startDate: new Date(),
+      };
+
+      let task = new Tasks.daily(Tasks.Task.sanitize(daily)); // eslint-disable-line new-cap
+      tasksByType.dailys.push(task);
+      tasksByType.dailys[0].completed = true;
+
+      cron({user, tasksByType, daysMissed, analytics});
+
+      expect(tasksByType.dailys[0].isDue).to.be.exist;
+    });
  });

  describe('todos', () => {
@@ -366,6 +391,14 @@ describe('cron', () => {
      expect(tasksByType.dailys[0].isDue).to.be.false;
    });

+    it('computes nextDue', () => {
+      tasksByType.dailys[0].frequency = 'daily';
+      tasksByType.dailys[0].everyX = 5;
+      tasksByType.dailys[0].startDate = moment().add(1, 'days').toDate();
+      cron({user, tasksByType, daysMissed, analytics});
+      expect(tasksByType.dailys[0].nextDue.length).to.eql(6);
+    });
+
    it('should add history', () => {
      cron({user, tasksByType, daysMissed, analytics});
      expect(tasksByType.dailys[0].history).to.be.lengthOf(1);
@@ -450,6 +483,25 @@ describe('cron', () => {

      expect(progress.down).to.equal(-1);
    });
+
+    it('should do damage for only yesterday\'s dailies', () => {
+      daysMissed = 3;
+      tasksByType.dailys[0].startDate = moment(new Date()).subtract({days: 1});
+
+      let daily = {
+        text: 'test daily',
+        type: 'daily',
+      };
+      let task = new Tasks.daily(Tasks.Task.sanitize(daily)); // eslint-disable-line new-cap
+      tasksByType.dailys.push(task);
+      tasksByType.dailys[1].startDate = moment(new Date()).subtract({days: 2});
+      tasksByType.dailys[1].everyX = 2;
+      tasksByType.dailys[1].frequency = 'daily';
+
+      cron({user, tasksByType, daysMissed, analytics});
+
+      expect(user.stats.hp).to.equal(48);
+    });
  });

  describe('habits', () => {
@@ -514,6 +566,17 @@ describe('cron', () => {
        expect(tasksByType.habits[0].counterDown).to.equal(0);
      });

+      it('should reset habit counters even if user is resting in the Inn', () => {
+        user.preferences.sleep = true;
+        tasksByType.habits[0].counterUp = 1;
+        tasksByType.habits[0].counterDown = 1;
+
+        cron({user, tasksByType, daysMissed, analytics});
+
+        expect(tasksByType.habits[0].counterUp).to.equal(0);
+        expect(tasksByType.habits[0].counterDown).to.equal(0);
+      });
+
      it('should reset a weekly habit counter each Monday', () => {
        tasksByType.habits[0].frequency = 'weekly';
        tasksByType.habits[0].counterUp = 1;
@@ -533,6 +596,114 @@ describe('cron', () => {
        expect(tasksByType.habits[0].counterDown).to.equal(0);
      });

+      it('should reset a weekly habit counter with custom daily start', () => {
+        clock.restore();
+
+        // Server clock: Monday 12am UTC
+        let monday = new Date('May 22, 2017 00:00:00 GMT').getTime();
+        clock = sinon.useFakeTimers(monday);
+
+        // cron runs at 2am
+        user.preferences.dayStart = 2;
+
+        tasksByType.habits[0].frequency = 'weekly';
+        tasksByType.habits[0].counterUp = 1;
+        tasksByType.habits[0].counterDown = 1;
+        daysMissed = 1;
+
+        // should not reset
+        cron({user, tasksByType, daysMissed, analytics});
+
+        expect(tasksByType.habits[0].counterUp).to.equal(1);
+        expect(tasksByType.habits[0].counterDown).to.equal(1);
+
+        clock.restore();
+
+        // Server clock: Monday 3am UTC
+        monday = new Date('May 22, 2017 03:00:00 GMT').getTime();
+        clock = sinon.useFakeTimers(monday);
+
+        // should reset after user CDS
+        cron({user, tasksByType, daysMissed, analytics});
+
+        expect(tasksByType.habits[0].counterUp).to.equal(0);
+        expect(tasksByType.habits[0].counterDown).to.equal(0);
+      });
+
+      it('should not reset a weekly habit counter when server tz is Monday but user\'s tz is Tuesday', () => {
+        clock.restore();
+
+        // Server clock: Monday 11pm UTC
+        let monday = new Date('May 22, 2017 23:00:00 GMT').getTime();
+        clock = sinon.useFakeTimers(monday);
+
+        // User clock: Tuesday 1am UTC + 2
+        user.preferences.timezoneOffset = -120;
+
+        tasksByType.habits[0].frequency = 'weekly';
+        tasksByType.habits[0].counterUp = 1;
+        tasksByType.habits[0].counterDown = 1;
+        daysMissed = 1;
+
+        // should not reset
+        cron({user, tasksByType, daysMissed, analytics});
+
+        expect(tasksByType.habits[0].counterUp).to.equal(1);
+        expect(tasksByType.habits[0].counterDown).to.equal(1);
+
+        // User missed one cron, which will subtract User clock back to Monday 1am UTC + 2
+        // should reset
+        daysMissed = 2;
+        cron({user, tasksByType, daysMissed, analytics});
+
+        expect(tasksByType.habits[0].counterUp).to.equal(0);
+        expect(tasksByType.habits[0].counterDown).to.equal(0);
+      });
+
+      it('should reset a weekly habit counter when server tz is Sunday but user\'s tz is Monday', () => {
+        clock.restore();
+
+        // Server clock: Sunday 11pm UTC
+        let sunday = new Date('May 21, 2017 23:00:00 GMT').getTime();
+        clock = sinon.useFakeTimers(sunday);
+
+        // User clock: Monday 2am UTC + 3
+        user.preferences.timezoneOffset = -180;
+
+        tasksByType.habits[0].frequency = 'weekly';
+        tasksByType.habits[0].counterUp = 1;
+        tasksByType.habits[0].counterDown = 1;
+        daysMissed = 1;
+
+        // should reset
+        cron({user, tasksByType, daysMissed, analytics});
+
+        expect(tasksByType.habits[0].counterUp).to.equal(0);
+        expect(tasksByType.habits[0].counterDown).to.equal(0);
+      });
+
+      it('should not reset a weekly habit counter when server tz is Monday but user\'s tz is Sunday', () => {
+        clock.restore();
+
+        // Server clock: Monday 2am UTC
+        let monday = new Date('May 22, 2017 02:00:00 GMT').getTime();
+        clock = sinon.useFakeTimers(monday);
+
+        // User clock: Sunday 11pm UTC - 3
+        user.preferences.timezoneOffset = 180;
+
+        tasksByType.habits[0].frequency = 'weekly';
+        tasksByType.habits[0].counterUp = 1;
+        tasksByType.habits[0].counterDown = 1;
+        daysMissed = 1;
+
+        // should not reset
+        cron({user, tasksByType, daysMissed, analytics});
+
+        expect(tasksByType.habits[0].counterUp).to.equal(1);
+        expect(tasksByType.habits[0].counterDown).to.equal(1);
+      });
+
      it('should reset a monthly habit counter the first day of each month', () => {
        tasksByType.habits[0].frequency = 'monthly';
        tasksByType.habits[0].counterUp = 1;
@@ -551,6 +722,59 @@ describe('cron', () => {
        expect(tasksByType.habits[0].counterUp).to.equal(0);
        expect(tasksByType.habits[0].counterDown).to.equal(0);
      });
+
+      it('should reset a monthly habit counter when server tz is last day of month but user tz is first day of the month', () => {
+        clock.restore();
+        daysMissed = 0;
+
+        // Server clock: 4/30/17 11pm UTC
+        let monday = new Date('April 30, 2017 23:00:00 GMT').getTime();
+        clock = sinon.useFakeTimers(monday);
+
+        // User clock: 5/1/17 2am UTC + 3
+        user.preferences.timezoneOffset = -180;
+
+        tasksByType.habits[0].frequency = 'monthly';
+        tasksByType.habits[0].counterUp = 1;
+        tasksByType.habits[0].counterDown = 1;
+        daysMissed = 1;
+
+        // should reset
+        cron({user, tasksByType, daysMissed, analytics});
+
+        expect(tasksByType.habits[0].counterUp).to.equal(0);
+        expect(tasksByType.habits[0].counterDown).to.equal(0);
+      });
+
+      it('should not reset a monthly habit counter when server tz is first day of month but user tz is 2nd day of the month', () => {
+        clock.restore();
+
+        // Server clock: 5/1/17 11pm UTC
+        let monday = new Date('May 1, 2017 23:00:00 GMT').getTime();
+        clock = sinon.useFakeTimers(monday);
+
+        // User clock: 5/2/17 2am UTC + 3
+        user.preferences.timezoneOffset = -180;
+
+        tasksByType.habits[0].frequency = 'monthly';
+        tasksByType.habits[0].counterUp = 1;
+        tasksByType.habits[0].counterDown = 1;
+        daysMissed = 1;
+
+        // should not reset
+        cron({user, tasksByType, daysMissed, analytics});
+
+        expect(tasksByType.habits[0].counterUp).to.equal(1);
+        expect(tasksByType.habits[0].counterDown).to.equal(1);
+
+        // User missed one day, which will subtract User clock back to 5/1/17 2am UTC + 3
+        // should reset
+        daysMissed = 2;
+        cron({user, tasksByType, daysMissed, analytics});
+
+        expect(tasksByType.habits[0].counterUp).to.equal(0);
+        expect(tasksByType.habits[0].counterDown).to.equal(0);
+      });
    });
  });

@@ -63,7 +63,21 @@ describe('Google Payments', ()  => {
        });
    });

+    it('should throw an error if user cannot purchase gems', async () => {
+      sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+
+      await expect(googlePayments.verifyGemPurchase(user, receipt, signature, headers))
+        .to.eventually.be.rejected.and.to.eql({
+          httpCode: 401,
+          name: 'NotAuthorized',
+          message: i18n.t('groupPolicyCannotGetGems'),
+        });
+
+      user.canGetGems.restore();
+    });
+
    it('purchases gems', async () => {
+      sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
      await googlePayments.verifyGemPurchase(user, receipt, signature, headers);

      expect(iapSetupStub).to.be.calledOnce;
@@ -82,6 +96,8 @@ describe('Google Payments', ()  => {
        amount: 5.25,
        headers,
      });
+      expect(user.canGetGems).to.be.calledOnce;
+      user.canGetGems.restore();
    });
  });

@@ -16,6 +16,7 @@ describe('payments/index', () => {
  beforeEach(async () => {
    user = new User();
    user.profile.name = 'sender';
+    await user.save();

    group = generateGroup({
      name: 'test group',
@@ -504,6 +505,18 @@ describe('payments/index', () => {
        expect(daysTillTermination).to.be.within(13, 15);
      });

+      it('terminates at next billing date even if dateUpdated is prior to now', async () => {
+        data.nextBill = moment().add({ days: 15 });
+        data.user.purchased.plan.dateUpdated = moment().subtract({ days: 10 });
+
+        await api.cancelSubscription(data);
+
+        let now = new Date();
+        let daysTillTermination = moment(user.purchased.plan.dateTerminated).diff(now, 'days');
+
+        expect(daysTillTermination).to.be.within(13, 15);
+      });
+
      it('resets plan.extraMonths', async () => {
        user.purchased.plan.extraMonths = 5;

@@ -653,5 +666,32 @@ describe('payments/index', () => {

      expect(updatedUser.items.pets['Jackalope-RoyalPurple']).to.eql(5);
    });
+
+    it('saves previously unused Mystery Items and Hourglasses for an expired subscription', async () => {
+      let planExpirationDate = new Date();
+      planExpirationDate.setDate(planExpirationDate.getDate() - 2);
+      let mysteryItem = 'item';
+      let mysteryItems = [mysteryItem];
+      let consecutive = {
+        trinkets: 3,
+      };
+
+      // set expired plan with unused items
+      plan.mysteryItems = mysteryItems;
+      plan.consecutive = consecutive;
+      plan.dateCreated = planExpirationDate;
+      plan.dateTerminated = planExpirationDate;
+      plan.customerId = null;
+
+      user.purchased.plan = plan;
+
+      await user.save();
+      await api.addSubToGroupUser(user, group);
+
+      let updatedUser = await User.findById(user._id).exec();
+
+      expect(updatedUser.purchased.plan.mysteryItems[0]).to.eql(mysteryItem);
+      expect(updatedUser.purchased.plan.consecutive.trinkets).to.equal(consecutive.trinkets);
+    });
  });
 });
@@ -138,7 +138,7 @@ describe('Canceling a subscription for group', () => {
    ]);
  });

-  it('prevents non group leader from manging subscription', async () => {
+  it('prevents non group leader from managing subscription', async () => {
    let groupMember = new User();
    data.user = groupMember;
    data.groupId = group._id;
@@ -1,5 +1,6 @@
 import moment from 'moment';
 import stripeModule from 'stripe';
+import nconf from 'nconf';

 import * as sender from '../../../../../../../website/server/libs/email';
 import * as api from '../../../../../../../website/server/libs/payments';
@@ -12,17 +13,24 @@ import {
  generateGroup,
 } from '../../../../../../helpers/api-unit.helper.js';

-describe('Purchasing a subscription for group', () => {
+describe('Purchasing a group plan for group', () => {
+  const EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_GOOGLE = 'Google_subscription';
+  const EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_IOS = 'iOS_subscription';
+  const EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_NORMAL = 'normal_subscription';
+  const EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_NONE = 'no_subscription';
+
  let plan, group, user, data;
  let stripe = stripeModule('test');
+  let groupLeaderName = 'sender';
+  let groupName = 'test group';

  beforeEach(async () => {
    user = new User();
-    user.profile.name = 'sender';
+    user.profile.name = groupLeaderName;
    await user.save();

    group = generateGroup({
-      name: 'test group',
+      name: groupName,
      type: 'guild',
      privacy: 'public',
      leader: user._id,
@@ -81,7 +89,7 @@ describe('Purchasing a subscription for group', () => {
    sender.sendTxn.restore();
  });

-  it('creates a subscription', async () => {
+  it('creates a group plan', async () => {
    expect(group.purchased.plan.planId).to.not.exist;
    data.groupId = group._id;

@@ -157,7 +165,7 @@ describe('Purchasing a subscription for group', () => {
    expect(updatedLeader.items.mounts['Jackalope-RoyalPurple']).to.be.true;
  });

-  it('sends an email to members of group', async () => {
+  it('sends an email to member of group who was not a subscriber', async () => {
    let recipient = new User();
    recipient.profile.name = 'recipient';
    recipient.guilds.push(group._id);
@@ -169,11 +177,181 @@ describe('Purchasing a subscription for group', () => {

    expect(sender.sendTxn).to.be.calledTwice;
    expect(sender.sendTxn.firstCall.args[0]._id).to.equal(recipient._id);
-    expect(sender.sendTxn.firstCall.args[1]).to.equal('group-member-joining');
+    expect(sender.sendTxn.firstCall.args[1]).to.equal('group-member-join');
    expect(sender.sendTxn.firstCall.args[2]).to.eql([
      {name: 'LEADER', content: user.profile.name},
      {name: 'GROUP_NAME', content: group.name},
+      {name: 'PREVIOUS_SUBSCRIPTION_TYPE', content: EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_NONE},
    ]);
+    // confirm that the other email sent is appropriate:
+    expect(sender.sendTxn.secondCall.args[0]._id).to.equal(group.leader);
+    expect(sender.sendTxn.secondCall.args[1]).to.equal('group-subscription-begins');
+  });
+
+  it('sends one email to subscribed member of group, stating subscription is cancelled (Stripe)', async () => {
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    plan.key = 'basic_earned';
+    plan.paymentMethod = stripePayments.constants.PAYMENT_METHOD;
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    expect(sender.sendTxn).to.be.calledTwice;
+    expect(sender.sendTxn.firstCall.args[0]._id).to.equal(recipient._id);
+    expect(sender.sendTxn.firstCall.args[1]).to.equal('group-member-join');
+    expect(sender.sendTxn.firstCall.args[2]).to.eql([
+      {name: 'LEADER', content: user.profile.name},
+      {name: 'GROUP_NAME', content: group.name},
+      {name: 'PREVIOUS_SUBSCRIPTION_TYPE', content: EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_NORMAL},
+    ]);
+    // confirm that the other email sent is not a cancel-subscription email:
+    expect(sender.sendTxn.secondCall.args[0]._id).to.equal(group.leader);
+    expect(sender.sendTxn.secondCall.args[1]).to.equal('group-subscription-begins');
+  });
+
+  it('sends one email to subscribed member of group, stating subscription is cancelled (Amazon)', async () => {
+    sinon.stub(amzLib, 'getBillingAgreementDetails')
+      .returnsPromise()
+      .resolves({
+        BillingAgreementDetails: {
+          BillingAgreementStatus: {State: 'Closed'},
+        },
+      });
+
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    plan.planId = 'basic_earned';
+    plan.paymentMethod = amzLib.constants.PAYMENT_METHOD;
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    expect(sender.sendTxn).to.be.calledTwice;
+    expect(sender.sendTxn.firstCall.args[0]._id).to.equal(recipient._id);
+    expect(sender.sendTxn.firstCall.args[1]).to.equal('group-member-join');
+    expect(sender.sendTxn.firstCall.args[2]).to.eql([
+      {name: 'LEADER', content: user.profile.name},
+      {name: 'GROUP_NAME', content: group.name},
+      {name: 'PREVIOUS_SUBSCRIPTION_TYPE', content: EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_NORMAL},
+    ]);
+    // confirm that the other email sent is not a cancel-subscription email:
+    expect(sender.sendTxn.secondCall.args[0]._id).to.equal(group.leader);
+    expect(sender.sendTxn.secondCall.args[1]).to.equal('group-subscription-begins');
+
+    amzLib.getBillingAgreementDetails.restore();
+  });
+
+  it('sends one email to subscribed member of group, stating subscription is cancelled (PayPal)', async () => {
+    sinon.stub(paypalPayments, 'paypalBillingAgreementCancel').returnsPromise().resolves({});
+    sinon.stub(paypalPayments, 'paypalBillingAgreementGet')
+      .returnsPromise().resolves({
+        agreement_details: { // eslint-disable-line camelcase
+          next_billing_date: moment().add(3, 'months').toDate(), // eslint-disable-line camelcase
+          cycles_completed: 1, // eslint-disable-line camelcase
+        },
+      });
+
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    plan.planId = 'basic_earned';
+    plan.paymentMethod = paypalPayments.constants.PAYMENT_METHOD;
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    expect(sender.sendTxn).to.be.calledTwice;
+    expect(sender.sendTxn.firstCall.args[0]._id).to.equal(recipient._id);
+    expect(sender.sendTxn.firstCall.args[1]).to.equal('group-member-join');
+    expect(sender.sendTxn.firstCall.args[2]).to.eql([
+      {name: 'LEADER', content: user.profile.name},
+      {name: 'GROUP_NAME', content: group.name},
+      {name: 'PREVIOUS_SUBSCRIPTION_TYPE', content: EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_NORMAL},
+    ]);
+    // confirm that the other email sent is not a cancel-subscription email:
+    expect(sender.sendTxn.secondCall.args[0]._id).to.equal(group.leader);
+    expect(sender.sendTxn.secondCall.args[1]).to.equal('group-subscription-begins');
+
+    paypalPayments.paypalBillingAgreementGet.restore();
+    paypalPayments.paypalBillingAgreementCancel.restore();
+  });
+
+  it('sends appropriate emails when subscribed member of group must manually cancel recurring Android subscription', async () => {
+    const TECH_ASSISTANCE_EMAIL = nconf.get('TECH_ASSISTANCE_EMAIL');
+    plan.customerId = 'random';
+    plan.paymentMethod = api.constants.GOOGLE_PAYMENT_METHOD;
+
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    expect(sender.sendTxn).to.be.calledFourTimes;
+    expect(sender.sendTxn.args[0][0]._id).to.equal(TECH_ASSISTANCE_EMAIL);
+    expect(sender.sendTxn.args[0][1]).to.equal('admin-user-subscription-details');
+    expect(sender.sendTxn.args[1][0]._id).to.equal(recipient._id);
+    expect(sender.sendTxn.args[1][1]).to.equal('group-member-join');
+    expect(sender.sendTxn.args[1][2]).to.eql([
+      {name: 'LEADER', content: groupLeaderName},
+      {name: 'GROUP_NAME', content: groupName},
+      {name: 'PREVIOUS_SUBSCRIPTION_TYPE', content: EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_GOOGLE},
+    ]);
+    expect(sender.sendTxn.args[2][0]._id).to.equal(group.leader);
+    expect(sender.sendTxn.args[2][1]).to.equal('group-member-join');
+    expect(sender.sendTxn.args[3][0]._id).to.equal(group.leader);
+    expect(sender.sendTxn.args[3][1]).to.equal('group-subscription-begins');
+  });
+
+  it('sends appropriate emails when subscribed member of group must manually cancel recurring iOS subscription', async () => {
+    const TECH_ASSISTANCE_EMAIL = nconf.get('TECH_ASSISTANCE_EMAIL');
+    plan.customerId = 'random';
+    plan.paymentMethod = api.constants.IOS_PAYMENT_METHOD;
+
+    let recipient = new User();
+    recipient.profile.name = 'recipient';
+    recipient.purchased.plan = plan;
+    recipient.guilds.push(group._id);
+    await recipient.save();
+
+    user.guilds.push(group._id);
+    await user.save();
+    data.groupId = group._id;
+
+    await api.createSubscription(data);
+
+    expect(sender.sendTxn).to.be.calledFourTimes;
+    expect(sender.sendTxn.args[0][0]._id).to.equal(TECH_ASSISTANCE_EMAIL);
+    expect(sender.sendTxn.args[0][1]).to.equal('admin-user-subscription-details');
+    expect(sender.sendTxn.args[1][0]._id).to.equal(recipient._id);
+    expect(sender.sendTxn.args[1][1]).to.equal('group-member-join');
+    expect(sender.sendTxn.args[1][2]).to.eql([
+      {name: 'LEADER', content: groupLeaderName},
+      {name: 'GROUP_NAME', content: groupName},
+      {name: 'PREVIOUS_SUBSCRIPTION_TYPE', content: EMAIL_TEMPLATE_SUBSCRIPTION_TYPE_IOS},
+    ]);
+    expect(sender.sendTxn.args[2][0]._id).to.equal(group.leader);
+    expect(sender.sendTxn.args[2][1]).to.equal('group-member-join');
+    expect(sender.sendTxn.args[3][0]._id).to.equal(group.leader);
+    expect(sender.sendTxn.args[3][1]).to.equal('group-subscription-begins');
  });

  it('adds months to members with existing gift subscription', async () => {
@@ -333,7 +511,7 @@ describe('Purchasing a subscription for group', () => {
  });

  it('adds months to members with existing recurring subscription (Android)');
-  it('adds months to members with existing recurring subscription (iOs)');
+  it('adds months to members with existing recurring subscription (iOS)');

  it('adds months to members who already cancelled but not yet terminated recurring subscription', async () => {
    let recipient = new User();
@@ -418,7 +596,7 @@ describe('Purchasing a subscription for group', () => {

    let updatedUser = await User.findById(recipient._id).exec();

-    expect(updatedUser.purchased.plan.extraMonths).to.within(7, 8);
+    expect(updatedUser.purchased.plan.extraMonths).to.within(7, 9);
  });

  it('adds months to members with existing recurring subscription and ignores existing negative extraMonths', async () => {
@@ -603,7 +781,7 @@ describe('Purchasing a subscription for group', () => {
    expect(updatedUser.purchased.plan.dateCreated).to.exist;
  });

-  it('does not modify a user with a Google subscription', async () => {
+  it('does not modify a user with an Android subscription', async () => {
    plan.customerId = 'random';
    plan.paymentMethod = api.constants.GOOGLE_PAYMENT_METHOD;

@@ -61,23 +61,54 @@ describe('Paypal Payments', ()  => {
    });

    it('creates a link for gem purchases', async () => {
-      let link = await paypalPayments.checkout();
+      let link = await paypalPayments.checkout({user: new User()});

      expect(paypalPaymentCreateStub).to.be.calledOnce;
      expect(paypalPaymentCreateStub).to.be.calledWith(getPaypalCreateOptions('Habitica Gems', 5.00));
      expect(link).to.eql(approvalHerf);
    });

-    it('creates a link for gifting gems', async () => {
+    it('should error if gem amount is too low', async () => {
      let receivingUser = new User();
+      receivingUser.save();
      let gift = {
        type: 'gems',
        gems: {
-          amount: 16,
+          amount: 0,
          uuid: receivingUser._id,
        },
      };

+      await expect(paypalPayments.checkout({gift}))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 400,
+        message: 'Amount must be at least 1.',
+        name: 'BadRequest',
+      });
+    });
+
+    it('should error if the user cannot get gems', async () => {
+      let user = new User();
+      sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+
+      await expect(paypalPayments.checkout({user})).to.eventually.be.rejected.and.to.eql({
+        httpCode: 401,
+        message: i18n.t('groupPolicyCannotGetGems'),
+        name: 'NotAuthorized',
+      });
+    });
+
+    it('creates a link for gifting gems', async () => {
+      let receivingUser = new User();
+      await receivingUser.save();
+      let gift = {
+        type: 'gems',
+        uuid: receivingUser._id,
+        gems: {
+          amount: 16,
+        },
+      };
+
      let link = await paypalPayments.checkout({gift});

      expect(paypalPaymentCreateStub).to.be.calledOnce;
@@ -447,6 +478,7 @@ describe('Paypal Payments', ()  => {
        groupId,
        paymentMethod: 'Paypal',
        nextBill: nextBillingDate,
+        cancellationReason: undefined,
      });
    });

@@ -464,6 +496,7 @@ describe('Paypal Payments', ()  => {
        groupId: group._id,
        paymentMethod: 'Paypal',
        nextBill: nextBillingDate,
+        cancellationReason: undefined,
      });
    });
  });
@@ -48,7 +48,57 @@ describe('Stripe Payments', () => {
      payments.createSubscription.restore();
    });

+    it('should error if gem amount is too low', async () => {
+      let receivingUser = new User();
+      receivingUser.save();
+      gift = {
+        type: 'gems',
+        gems: {
+          amount: 0,
+          uuid: receivingUser._id,
+        },
+      };
+
+      await expect(stripePayments.checkout({
+        token,
+        user,
+        gift,
+        groupId,
+        email,
+        headers,
+        coupon,
+      }, stripe))
+      .to.eventually.be.rejected.and.to.eql({
+        httpCode: 400,
+        message: 'Amount must be at least 1.',
+        name: 'BadRequest',
+      });
+    });
+
+
+    it('should error if user cannot get gems', async () => {
+      gift = undefined;
+      sinon.stub(user, 'canGetGems').returnsPromise().resolves(false);
+
+      await expect(stripePayments.checkout({
+        token,
+        user,
+        gift,
+        groupId,
+        email,
+        headers,
+        coupon,
+      }, stripe)).to.eventually.be.rejected.and.to.eql({
+        httpCode: 401,
+        message: i18n.t('groupPolicyCannotGetGems'),
+        name: 'NotAuthorized',
+      });
+    });
+
    it('should purchase gems', async () => {
+      gift = undefined;
+      sinon.stub(user, 'canGetGems').returnsPromise().resolves(true);
+
      await stripePayments.checkout({
        token,
        user,
@@ -73,16 +123,18 @@ describe('Stripe Payments', () => {
        paymentMethod: 'Stripe',
        gift,
      });
+      expect(user.canGetGems).to.be.calledOnce;
+      user.canGetGems.restore();
    });

    it('should gift gems', async () => {
      let receivingUser = new User();
-      receivingUser.save();
+      await receivingUser.save();
      gift = {
        type: 'gems',
+        uuid: receivingUser._id,
        gems: {
          amount: 16,
-          uuid: receivingUser._id,
        },
      };

@@ -96,7 +148,6 @@ describe('Stripe Payments', () => {
        coupon,
      }, stripe);

-      gift.member = receivingUser;
      expect(stripeChargeStub).to.be.calledOnce;
      expect(stripeChargeStub).to.be.calledWith({
        amount: '400',
@@ -683,6 +734,7 @@ describe('Stripe Payments', () => {
          groupId: undefined,
          nextBill: currentPeriodEndTimeStamp * 1000, // timestamp in seconds
          paymentMethod: 'Stripe',
+          cancellationReason: undefined,
        });
      });

@@ -702,6 +754,7 @@ describe('Stripe Payments', () => {
          groupId,
          nextBill: currentPeriodEndTimeStamp * 1000, // timestamp in seconds
          paymentMethod: 'Stripe',
+          cancellationReason: undefined,
        });
      });
    });
@@ -228,7 +228,7 @@ describe('Group Model', () => {
        });

        it('applies damage only to participating members of party even under buggy conditions', async () => {
-          // stops unfair damage from mbugs like https://github.com/HabitRPG/habitrpg/issues/7653
+          // stops unfair damage from mbugs like https://github.com/HabitRPG/habitica/issues/7653
          party.quest.members = {
            [questLeader._id]: true,
            [participatingMember._id]: true,
@@ -1,6 +1,7 @@
 import Bluebird from 'bluebird';
 import moment from 'moment';
 import { model as User } from '../../../../../website/server/models/user';
+import { model as Group } from '../../../../../website/server/models/group';
 import common from '../../../../../website/common';

 describe('User Model', () => {
@@ -179,6 +180,75 @@ describe('User Model', () => {
    });
  });

+  context('canGetGems', () => {
+    let user;
+    let group;
+    beforeEach(() => {
+      user = new User();
+      let leader = new User();
+      group = new Group({
+        name: 'test',
+        type: 'guild',
+        privacy: 'private',
+        leader: leader._id,
+      });
+    });
+
+    it('returns true if user is not subscribed', async () => {
+      expect(await user.canGetGems()).to.equal(true);
+    });
+
+    it('returns true if user is not subscribed with a group plan', async () => {
+      user.purchased.plan.customerId = 123;
+      expect(await user.canGetGems()).to.equal(true);
+    });
+
+    it('returns true if user is subscribed with a group plan', async () => {
+      user.purchased.plan.customerId = 'group-plan';
+      expect(await user.canGetGems()).to.equal(true);
+    });
+
+    it('returns true if user is part of a group', async () => {
+      user.guilds.push(group._id);
+      expect(await user.canGetGems()).to.equal(true);
+    });
+
+    it('returns true if user is part of a group with a subscription', async () => {
+      user.guilds.push(group._id);
+      user.purchased.plan.customerId = 'group-plan';
+      group.purchased.plan.customerId = 123;
+      await group.save();
+      expect(await user.canGetGems()).to.equal(true);
+    });
+
+    it('returns true if leader is part of a group with a subscription and canGetGems: false', async () => {
+      user.guilds.push(group._id);
+      user.purchased.plan.customerId = 'group-plan';
+      group.purchased.plan.customerId = 123;
+      group.leader = user._id;
+      group.leaderOnly.getGems = true;
+      await group.save();
+      expect(await user.canGetGems()).to.equal(true);
+    });
+
+    it('returns true if user is part of a group with no subscription but canGetGems: false', async () => {
+      user.guilds.push(group._id);
+      user.purchased.plan.customerId = 'group-plan';
+      group.leaderOnly.getGems = true;
+      await group.save();
+      expect(await user.canGetGems()).to.equal(true);
+    });
+
+    it('returns false if user is part of a group with a subscription and canGetGems: false', async () => {
+      user.guilds.push(group._id);
+      user.purchased.plan.customerId = 'group-plan';
+      group.purchased.plan.customerId = 123;
+      group.leaderOnly.getGems = true;
+      await group.save();
+      expect(await user.canGetGems()).to.equal(false);
+    });
+  });
+
  context('hasNotCancelled', () => {
    let user;
    beforeEach(() => {
@@ -112,6 +112,41 @@ describe('Groups Controller', function() {
    });
  });

+  describe('isAbleToEditGroup', () => {
+    var guild;
+
+    beforeEach(() => {
+      user.contributor = {};
+      guild = specHelper.newGroup({
+        _id: 'unique-guild-id',
+        type: 'guild',
+        members: ['not-user-id'],
+        $save: sandbox.spy(),
+      });
+    });
+
+    it('returns true if user is an admin', () => {
+      guild.leader = 'not-user-id';
+      user.contributor.admin = true;
+      expect(scope.isAbleToEditGroup(guild)).to.be.ok;
+    });
+
+    it('returns true if user is group leader', () => {
+      guild.leader = {_id: user._id}
+      expect(scope.isAbleToEditGroup(guild)).to.be.ok;
+    });
+
+    it('returns false is user is not a leader or admin', () => {
+      expect(scope.isAbleToEditGroup(guild)).to.not.be.ok;
+    });
+
+    it('returns false is user is an admin but group is a party', () => {
+      guild.type = 'party';
+      user.contributor.admin = true;
+      expect(scope.isAbleToEditGroup(guild)).to.not.be.ok;
+    });
+  });
+
  describe('editGroup', () => {
    var guild;

@@ -1,63 +1,63 @@
-describe('Group Tasks Meta Actions Controller', () => {
-  let rootScope, scope, user, userSerivce;
-
-  beforeEach(() => {
-    module(function($provide) {
-      $provide.value('User', {});
-    });
-
-    inject(($rootScope, $controller) => {
-      rootScope = $rootScope;
-
-      user = specHelper.newUser();
-      user._id = "unique-user-id";
-      userSerivce = {user: user};
-
-      scope = $rootScope.$new();
-
-      scope.task = {
-        group: {
-          assignedUsers: [],
-          approval: {
-            required: false,
-          }
-        },
-      };
-      scope.task._edit = angular.copy(scope.task);
-
-      $controller('GroupTaskActionsCtrl', {$scope: scope, User: userSerivce});
-    });
-  });
-
-  describe('toggleTaskRequiresApproval', function () {
-    it('toggles task approval required field from false to true', function () {
-      scope.toggleTaskRequiresApproval();
-      expect(scope.task._edit.group.approval.required).to.be.true;
-    });
-
-    it('toggles task approval required field from true to false', function () {
-      scope.task._edit.group.approval.required = true;
-      scope.toggleTaskRequiresApproval();
-      expect(scope.task._edit.group.approval.required).to.be.false;
-    });
-  });
-
-
-  describe('assign events', function () {
-    it('adds a group member to assigned users on "addedGroupMember" event ', () => {
-      var testId = 'test-id';
-      rootScope.$broadcast('addedGroupMember', testId);
-      expect(scope.task.group.assignedUsers).to.contain(testId);
-      expect(scope.task._edit.group.assignedUsers).to.contain(testId);
-    });
-
-    it('removes a group member to assigned users on "addedGroupMember" event ', () => {
-      var testId = 'test-id';
-      scope.task.group.assignedUsers.push(testId);
-      scope.task._edit.group.assignedUsers.push(testId);
-      rootScope.$broadcast('removedGroupMember', testId);
-      expect(scope.task.group.assignedUsers).to.not.contain(testId);
-      expect(scope.task._edit.group.assignedUsers).to.not.contain(testId);
-    });
-  });
-});
+describe('Group Tasks Meta Actions Controller', () => {
+  let rootScope, scope, user, userSerivce;
+
+  beforeEach(() => {
+    module(function($provide) {
+      $provide.value('User', {});
+    });
+
+    inject(($rootScope, $controller) => {
+      rootScope = $rootScope;
+
+      user = specHelper.newUser();
+      user._id = "unique-user-id";
+      userSerivce = {user: user};
+
+      scope = $rootScope.$new();
+
+      scope.task = {
+        group: {
+          assignedUsers: [],
+          approval: {
+            required: false,
+          }
+        },
+      };
+      scope.task._edit = angular.copy(scope.task);
+
+      $controller('GroupTaskActionsCtrl', {$scope: scope, User: userSerivce});
+    });
+  });
+
+  describe('toggleTaskRequiresApproval', function () {
+    it('toggles task approval required field from false to true', function () {
+      scope.toggleTaskRequiresApproval();
+      expect(scope.task._edit.group.approval.required).to.be.true;
+    });
+
+    it('toggles task approval required field from true to false', function () {
+      scope.task._edit.group.approval.required = true;
+      scope.toggleTaskRequiresApproval();
+      expect(scope.task._edit.group.approval.required).to.be.false;
+    });
+  });
+
+
+  describe('assign events', function () {
+    it('adds a group member to assigned users on "addedGroupMember" event ', () => {
+      var testId = 'test-id';
+      rootScope.$broadcast('addedGroupMember', testId);
+      expect(scope.task.group.assignedUsers).to.contain(testId);
+      expect(scope.task._edit.group.assignedUsers).to.contain(testId);
+    });
+
+    it('removes a group member to assigned users on "addedGroupMember" event ', () => {
+      var testId = 'test-id';
+      scope.task.group.assignedUsers.push(testId);
+      scope.task._edit.group.assignedUsers.push(testId);
+      rootScope.$broadcast('removedGroupMember', testId);
+      expect(scope.task.group.assignedUsers).to.not.contain(testId);
+      expect(scope.task._edit.group.assignedUsers).to.not.contain(testId);
+    });
+  });
+});
@@ -6,6 +6,7 @@ describe('Notification Controller', function() {
  beforeEach(function() {
    user = specHelper.newUser();
    user._id = "unique-user-id";
+    user.needsCron = false;

    var userSync = sinon.stub().returns({
      then: function then (f) { f(); }
@@ -1,35 +0,0 @@
-'use strict';
-
-describe('closeMenu Directive', function() {
-  var scope;
-
-  beforeEach(module('habitrpg'));
-
-  beforeEach(inject(function($rootScope) {
-    scope = $rootScope.$new();
-
-    scope.$digest();
-  }));
-
-  it('closes a connected menu when element is clicked', inject(function($compile) {
-    var menuElement = $compile('<a data-close-menu menu="mobile">')(scope);
-    scope._expandedMenu = { menu: 'mobile' };
-
-    menuElement.appendTo(document.body);
-    menuElement.triggerHandler('click');
-
-    expect(scope._expandedMenu.menu).to.eql(null)
-  }));
-
-  it('closes a connected menu when child element is clicked', inject(function($compile) {
-    var menuElementWithChild = $compile('<li></li>')(scope);
-    var menuElementChild = $compile('<a data-close-menu></a>')(scope);
-    scope._expandedMenu = { menu: 'mobile' };
-
-    menuElementWithChild.appendTo(document.body);
-    menuElementChild.appendTo(menuElementWithChild);
-    menuElementChild.triggerHandler('click');
-
-    expect(scope._expandedMenu.menu).to.eql(null)
-  }));
-});
@@ -1,35 +0,0 @@
-'use strict';
-
-describe('expandMenu Directive', function() {
-  var menuElement, scope;
-
-  beforeEach(module('habitrpg'));
-
-  beforeEach(inject(function($rootScope, $compile) {
-    scope = $rootScope.$new();
-
-    var element = '<a data-expand-menu menu="mobile"></a>';
-
-    menuElement = $compile(element)(scope);
-    scope.$digest();
-  }));
-
-  it('expands a connected menu when element is clicked', function() {
-    expect(scope._expandedMenu).to.not.exist;
-    menuElement.appendTo(document.body);
-
-    menuElement.triggerHandler('click');
-
-    expect(scope._expandedMenu.menu).to.eql('mobile')
-  });
-
-  it('closes a connected menu when it is already open', function() {
-    scope._expandedMenu = {};
-    scope._expandedMenu.menu = 'mobile';
-    menuElement.appendTo(document.body);
-
-    menuElement.triggerHandler('click');
-
-    expect(scope._expandedMenu.menu).to.eql(null)
-  });
-});
@@ -47,7 +47,7 @@ describe('memberServices', function() {

  it('calls get challenge members', function() {
    var challengeId = 1;
-    var memberUrl = apiV3Prefix + '/challenges/' + challengeId + '/members?includeAllMembers=true';
+    var memberUrl = apiV3Prefix + '/challenges/' + challengeId + '/members';
    $httpBackend.expectGET(memberUrl).respond({});
    members.getChallengeMembers(challengeId);
    $httpBackend.flush();
@@ -1,5 +1,5 @@
 import Vue from 'vue';
-import DrawerComponent from 'client/components/inventory/drawer.vue';
+import DrawerComponent from 'client/components/ui/drawer.vue';

 describe('DrawerComponent', () => {
  it('sets the correct default data', () => {
@@ -0,0 +1,20 @@
+import roundBigNumberFilter from 'client/filters/roundBigNumber';
+
+describe('round big number filter', () => {
+  it('can round a decimal number', () => {
+    expect(roundBigNumberFilter(4.567)).to.equal(4.57);
+    expect(roundBigNumberFilter(4.562)).to.equal(4.56);
+  });
+
+  it('can round thousands', () => {
+    expect(roundBigNumberFilter(70065)).to.equal('70.1k');
+  });
+
+  it('can round milions', () => {
+    expect(roundBigNumberFilter(10000987)).to.equal('10.0m');
+  });
+
+  it('can round bilions', () => {
+    expect(roundBigNumberFilter(1000000000)).to.equal('1.0b');
+  });
+});
@@ -9,7 +9,7 @@ describe('tasks actions', () => {
  });

  describe('fetchUserTasks', () => {
-    it('fetches user tasks', async () => {
+    xit('fetches user tasks', async () => {
      expect(store.state.tasks.loadingStatus).to.equal('NOT_LOADED');
      const tasks = [{_id: 1}];
      sandbox.stub(axios, 'get').withArgs('/api/v3/tasks/user').returns(Promise.resolve({data: {data: tasks}}));
@@ -36,7 +36,7 @@ describe('tasks actions', () => {
      expect(store.state.tasks.loadingStatus).to.equal('LOADED');
    });

-    it('can reload tasks if forceLoad is true', async () => {
+    xit('can reload tasks if forceLoad is true', async () => {
      store.state.tasks = {
        loadingStatus: 'LOADED',
        data: [{_id: 1}],
@@ -1,7 +1,7 @@
 import axios from 'axios';
 import generateStore from 'client/store';

-describe('tasks actions', () => {
+describe('user actions', () => {
  let store;

  beforeEach(() => {
@@ -121,6 +121,17 @@ describe('achievements', () => {
      });
    });

+    it('card achievements exist with counts', () => {
+      let cardTypes = ['greeting', 'thankyou', 'birthday', 'congrats', 'getwell', 'goodluck'];
+      cardTypes.forEach((card) => {
+        let cardAchiev = basicAchievs[`${card}Cards`];
+
+        expect(cardAchiev).to.exist;
+        expect(cardAchiev).to.have.property('optionalCount')
+          .that.is.a('number');
+      });
+    });
+
    it('rebirth achievement exists with no count', () => {
      let rebirth = basicAchievs.rebirth;

@@ -174,7 +185,7 @@ describe('achievements', () => {
    });

    it('card achievements exist with counts', () => {
-      let cardTypes = ['greeting', 'thankyou', 'nye', 'valentine', 'birthday'];
+      let cardTypes = ['nye', 'valentine'];
      cardTypes.forEach((card) => {
        let cardAchiev = seasonalAchievs[`${card}Cards`];

@@ -13,6 +13,12 @@ describe('shops', () => {
      expect(shopCategories.length).to.be.greaterThan(2);
    });

+    it('does not contain an empty category', () => {
+      _.each(shopCategories, (category) => {
+        expect(category.items.length).to.be.greaterThan(0);
+      });
+    });
+
    it('does not duplicate identifiers', () => {
      let identifiers = Array.from(new Set(shopCategories.map(cat => cat.identifier)));

@@ -76,5 +76,35 @@ describe('shared.ops.buyHealthPotion', () => {
        done();
      }
    });
+
+    it('does not allow potion purchases when hp is zero', (done) => {
+      user.stats.hp = 0;
+      user.stats.gp = 40;
+      try {
+        buyHealthPotion(user);
+      } catch (err) {
+        expect(err).to.be.an.instanceof(NotAuthorized);
+        expect(err.message).to.equal(i18n.t('messageHealthAlreadyMin'));
+        expect(user.stats.hp).to.eql(0);
+        expect(user.stats.gp).to.eql(40);
+
+        done();
+      }
+    });
+
+    it('does not allow potion purchases when hp is negative', (done) => {
+      user.stats.hp = -8;
+      user.stats.gp = 40;
+      try {
+        buyHealthPotion(user);
+      } catch (err) {
+        expect(err).to.be.an.instanceof(NotAuthorized);
+        expect(err.message).to.equal(i18n.t('messageHealthAlreadyMin'));
+        expect(user.stats.hp).to.eql(-8);
+        expect(user.stats.gp).to.eql(40);
+
+        done();
+      }
+    });
  });
 });
@@ -1,3 +1,5 @@
+/* eslint-disable camelcase */
+
 import changeClass from '../../../website/common/script/ops/changeClass';
 import {
  NotAuthorized,
@@ -58,7 +60,8 @@ describe('shared.ops.changeClass', () => {

    it('changes class', () => {
      user.stats.class = 'healer';
-      user.items.gear.owned.armor_rogue_1 = true; // eslint-disable-line camelcase
+      user.items.gear.owned.weapon_healer_3 = true;
+      user.items.gear.equipped.weapon = 'weapon_healer_3';

      let [data] = changeClass(user, {query: {class: 'rogue'}});
      expect(data).to.eql({
@@ -70,13 +73,10 @@ describe('shared.ops.changeClass', () => {

      expect(user.stats.class).to.equal('rogue');
      expect(user.flags.classSelected).to.be.true;
-      expect(user.items.gear.equipped.weapon).to.equal('weapon_rogue_0');
      expect(user.items.gear.owned.weapon_rogue_0).to.be.true;
-      expect(user.items.gear.equipped.armor).to.equal('armor_rogue_1');
-      expect(user.items.gear.owned.armor_rogue_1).to.be.true;
-      expect(user.items.gear.equipped.shield).to.equal('shield_rogue_0');
      expect(user.items.gear.owned.shield_rogue_0).to.be.true;
-      expect(user.items.gear.equipped.head).to.equal('head_base_0');
+      expect(user.items.gear.owned.weapon_healer_3).to.be.true;
+      expect(user.items.gear.equipped.weapon).to.equal('weapon_healer_3');
    });
  });

@@ -14,10 +14,18 @@ describe('shared.ops.releaseBoth', () => {

  beforeEach(() => {
    user = generateUser();
+    for (let p in content.pets) {
+      user.items.pets[p] = content.pets[p];
+      user.items.pets[p] = 5;
+    }
+
+    for (let m in content.pets) {
+      user.items.mounts[m] = content.pets[m];
+      user.items.mounts[m] = true;
+    }
+
    user.items.currentMount = animal;
    user.items.currentPet = animal;
-    user.items.pets[animal] = 5;
-    user.items.mounts[animal] = true;
    user.balance = 1.5;
  });

@@ -34,7 +42,7 @@ describe('shared.ops.releaseBoth', () => {
  });

  it('grants triad bingo with gems', () => {
-    let [, message] = releaseBoth(user);
+    let message = releaseBoth(user)[1];

    expect(message).to.equal(i18n.t('mountsAndPetsReleased'));
    expect(user.achievements.triadBingoCount).to.equal(1);
@@ -45,27 +53,79 @@ describe('shared.ops.releaseBoth', () => {
    user.achievements.triadBingo = 1;
    user.achievements.triadBingoCount = 1;

-    let [, message] = releaseBoth(user);
+    let message = releaseBoth(user)[1];

    expect(message).to.equal(i18n.t('mountsAndPetsReleased'));
    expect(user.achievements.triadBingoCount).to.equal(2);
  });

+  it('does not grant triad bingo if any pet has not been previously found', () => {
+    let triadBingoCountBeforeRelease = user.achievements.triadBingoCount;
+    user.items.pets[animal] = -1;
+    let message = releaseBoth(user)[1];
+
+    expect(message).to.equal(i18n.t('mountsAndPetsReleased'));
+    expect(user.achievements.triadBingoCount).to.equal(triadBingoCountBeforeRelease);
+  });
+
  it('releases pets', () => {
-    let [, message] = releaseBoth(user);
+    let message = releaseBoth(user)[1];

    expect(message).to.equal(i18n.t('mountsAndPetsReleased'));
    expect(user.items.pets[animal]).to.be.empty;
    expect(user.items.mounts[animal]).to.equal(null);
  });

+  it('does not increment beastMasterCount if any pet is level 0 (released)', () => {
+    let beastMasterCountBeforeRelease = user.achievements.beastMasterCount;
+    user.items.pets[animal] = 0;
+
+    releaseBoth(user);
+
+    expect(user.achievements.beastMasterCount).to.equal(beastMasterCountBeforeRelease);
+  });
+
+  it('does not increment beastMasterCount if any pet is missing (null)', () => {
+    let beastMasterCountBeforeRelease = user.achievements.beastMasterCount;
+    user.items.pets[animal] = null;
+    releaseBoth(user);
+
+    expect(user.achievements.beastMasterCount).to.equal(beastMasterCountBeforeRelease);
+  });
+
+  it('does not increment beastMasterCount if any pet is missing (undefined)', () => {
+    let beastMasterCountBeforeRelease = user.achievements.beastMasterCount;
+    delete user.items.pets[animal];
+    releaseBoth(user);
+
+    expect(user.achievements.beastMasterCount).to.equal(beastMasterCountBeforeRelease);
+  });
+
  it('releases mounts', () => {
-    let [, message] = releaseBoth(user);
+    let message = releaseBoth(user)[1];

    expect(message).to.equal(i18n.t('mountsAndPetsReleased'));
    expect(user.items.mounts[animal]).to.equal(null);
  });

+  it('does not increase mountMasterCount achievement if mount is missing (null)', () => {
+    let mountMasterCountBeforeRelease = user.achievements.mountMasterCount;
+    user.items.mounts[animal] = null;
+
+    releaseBoth(user);
+
+    expect(user.achievements.mountMasterCount).to.equal(mountMasterCountBeforeRelease);
+  });
+
+  it('does not increase mountMasterCount achievement if mount is missing (undefined)', () => {
+    let mountMasterCountBeforeRelease = user.achievements.mountMasterCount;
+    delete user.items.mounts[animal];
+
+    releaseBoth(user);
+
+    expect(user.achievements.mountMasterCount).to.equal(mountMasterCountBeforeRelease);
+  });
+
  it('removes drop currentPet', () => {
    let petInfo = content.petInfo[user.items.currentPet];
    expect(petInfo.type).to.equal('drop');
@@ -14,8 +14,12 @@ describe('shared.ops.releaseMounts', () => {

  beforeEach(() => {
    user = generateUser();
+    for (let k in content.pets) {
+      user.items.mounts[k] = content.pets[k];
+      user.items.mounts[k] = true;
+    }
+
    user.items.currentMount = animal;
-    user.items.mounts[animal] = true;
    user.balance = 1;
  });

@@ -32,7 +36,7 @@ describe('shared.ops.releaseMounts', () => {
  });

  it('releases mounts', () => {
-    let [, message] = releaseMounts(user);
+    let message = releaseMounts(user)[1];

    expect(message).to.equal(i18n.t('mountsReleased'));
    expect(user.items.mounts[animal]).to.equal(null);
@@ -60,10 +64,27 @@ describe('shared.ops.releaseMounts', () => {

  it('increases mountMasterCount achievement', () => {
    releaseMounts(user);
-
    expect(user.achievements.mountMasterCount).to.equal(1);
  });

+  it('does not increase mountMasterCount achievement if mount is missing (null)', () => {
+    let mountMasterCountBeforeRelease = user.achievements.mountMasterCount;
+    user.items.mounts[animal] = null;
+
+    releaseMounts(user);
+
+    expect(user.achievements.mountMasterCount).to.equal(mountMasterCountBeforeRelease);
+  });
+
+  it('does not increase mountMasterCount achievement if mount is missing (undefined)', () => {
+    let mountMasterCountBeforeRelease = user.achievements.mountMasterCount;
+    delete user.items.mounts[animal];
+
+    releaseMounts(user);
+
+    expect(user.achievements.mountMasterCount).to.equal(mountMasterCountBeforeRelease);
+  });
+
  it('subtracts gems from balance', () => {
    releaseMounts(user);

@@ -14,8 +14,12 @@ describe('shared.ops.releasePets', () => {

  beforeEach(() => {
    user = generateUser();
+    for (let k in content.pets) {
+      user.items.pets[k] = content.pets[k];
+      user.items.pets[k] = 5;
+    }
+
    user.items.currentPet = animal;
-    user.items.pets[animal] = 5;
    user.balance = 1;
  });

@@ -32,7 +36,7 @@ describe('shared.ops.releasePets', () => {
  });

  it('releases pets', () => {
-    let [, message] = releasePets(user);
+    let message = releasePets(user)[1];

    expect(message).to.equal(i18n.t('petsReleased'));
    expect(user.items.pets[animal]).to.equal(0);
@@ -69,4 +73,29 @@ describe('shared.ops.releasePets', () => {

    expect(user.achievements.beastMasterCount).to.equal(1);
  });
+
+  it('does not increment beastMasterCount if any pet is level 0 (released)', () => {
+    let beastMasterCountBeforeRelease = user.achievements.beastMasterCount;
+
+    user.items.pets[animal] = 0;
+    releasePets(user);
+
+    expect(user.achievements.beastMasterCount).to.equal(beastMasterCountBeforeRelease);
+  });
+
+  it('does not increment beastMasterCount if any pet is missing (null)', () => {
+    let beastMasterCountBeforeRelease = user.achievements.beastMasterCount;
+    user.items.pets[animal] = null;
+    releasePets(user);
+
+    expect(user.achievements.beastMasterCount).to.equal(beastMasterCountBeforeRelease);
+  });
+
+  it('does not increment beastMasterCount if any pet is missing (undefined)', () => {
+    let beastMasterCountBeforeRelease = user.achievements.beastMasterCount;
+    delete user.items.pets[animal];
+    releasePets(user);
+
+    expect(user.achievements.beastMasterCount).to.equal(beastMasterCountBeforeRelease);
+  });
 });
@@ -65,6 +65,16 @@ describe('shared.ops.sell', () => {
    }
  });

+  it('returns an error when the requested amount is above the available amount', (done) => {
+    try {
+      sell(user, {params: { type, key }, query: {amount: 2} });
+    } catch (err) {
+      expect(err).to.be.an.instanceof(NotFound);
+      expect(err.message).to.equal(i18n.t('userItemsNotEnough', {type}));
+      done();
+    }
+  });
+
  it('reduces item count from user', () => {
    sell(user, {params: { type, key } });

@@ -2,7 +2,7 @@

 ## Babel Paths for Production Environment

-In development, we [transpile at server start](https://github.com/HabitRPG/habitrpg/blob/1ed7e21542519abe7a3c601f396e1a07f9b050ae/website/server/index.js#L6-L8). This allows us to work quickly while developing, but is not suitable for production. So, in production we transpile the server code before the app starts.
+In development, we [transpile at server start](https://github.com/HabitRPG/habitica/blob/1ed7e21542519abe7a3c601f396e1a07f9b050ae/website/server/index.js#L6-L8). This allows us to work quickly while developing, but is not suitable for production. So, in production we transpile the server code before the app starts.

 This system means that requiring any files from `website/common/script` in `website/server/**/*.js` must be done through the `website/common/index.js` module. In development, it'll pass through to the pre-transpiled files, but in production it'll point to the transpiled versions. If you try to require or import a file directly, it will error in production as the server doesn't know what to do with some es2015isms (such as the import statement).

@@ -10,7 +10,7 @@ module.exports = {
    index: path.resolve(__dirname, '../../dist-client/index.html'),
    assetsRoot: path.resolve(__dirname, '../../dist-client'),
    assetsSubDirectory: 'static',
-    assetsPublicPath: '/new-app',
+    assetsPublicPath: '/new-app/',
    staticAssetsDirectory,
    productionSourceMap: true,
    // Gzip off by default as many popular static hosts such as
@@ -38,6 +38,18 @@ module.exports = {
        target: 'http://localhost:3000',
        changeOrigin: true,
      },
+      '/stripe': {
+        target: 'http://localhost:3000',
+        changeOrigin: true,
+      },
+      '/amazon': {
+        target: 'http://localhost:3000',
+        changeOrigin: true,
+      },
+      '/paypal': {
+        target: 'http://localhost:3000',
+        changeOrigin: true,
+      },
    },
    // CSS Sourcemaps off by default because relative paths are "buggy"
    // with this option, according to the CSS-Loader README
@@ -83,7 +83,7 @@ const baseConfig = {
        },
      },
      {
-        test: /\.(png|jpe?g|gif|svg)(\?.*)?$/,
+        test: /\.(png|jpe?g|gif)(\?.*)?$/,
        loader: 'url-loader',
        query: {
          limit: 10000,
@@ -98,6 +98,22 @@ const baseConfig = {
          name: utils.assetsPath('fonts/[name].[hash:7].[ext]'),
        },
      },
+      {
+        test: /\.svg$/,
+        use: [
+          { loader: 'svg-inline-loader' },
+          { loader: 'svgo-loader' },
+        ],
+        exclude: [path.resolve(projectRoot, 'website/client/assets/svg/for-css')],
+      },
+      {
+        test: /\.svg$/,
+        use: [
+          { loader: 'svg-url-loader' },
+          { loader: 'svgo-loader' },
+        ],
+        include: [path.resolve(projectRoot, 'website/client/assets/svg/for-css')],
+      },
    ],
  },
 };
--- a/Show More
+++ b/Show More