5.18.1

Merge branch 'develop' into release
Update Melior Image (#15116 )
2026-05-23 02:49:46 -05:00 · 2024-02-15 14:50:54 -06:00 · 2024-02-15 14:50:49 -06:00 · 2024-02-15 20:48:42 +00:00 · 2024-02-15 17:42:11 +01:00 · 2024-02-08 14:50:11 -06:00
496 changed files with 17216 additions and 6983 deletions
@@ -1,6 +1,10 @@
+/* eslint-disable import/no-commonjs */
 module.exports = {
  root: true,
  extends: [
-    'habitrpg/lib/node'
+    'habitrpg/lib/node',
  ],
-}
+  rules: {
+    'import/no-extraneous-dependencies': 'off',
+  },
+};
@@ -40,6 +40,7 @@ yarn.lock
 !.elasticbeanstalk/*.global.yml

 /.vscode
+habitica.code-workspace

 # webstorm fake webpack for path intellisense
 webpack.webstorm.config
@@ -1,30 +0,0 @@
-FROM node:14
-
-ENV ADMIN_EMAIL admin@habitica.com
-ENV EMAILS_COMMUNITY_MANAGER_EMAIL admin@habitica.com
-ENV AMAZON_PAYMENTS_CLIENT_ID amzn1.application-oa2-client.68ed9e6904ef438fbc1bf86bf494056e
-ENV AMAZON_PAYMENTS_SELLER_ID AMQ3SB4SG5E91
-ENV AMPLITUDE_KEY e8d4c24b3d6ef3ee73eeba715023dd43
-ENV BASE_URL https://habitica.com
-ENV FACEBOOK_KEY 128307497299777
-ENV GA_ID UA-33510635-1
-ENV GOOGLE_CLIENT_ID 1035232791481-32vtplgnjnd1aufv3mcu1lthf31795fq.apps.googleusercontent.com
-ENV LOGGLY_CLIENT_TOKEN ab5663bf-241f-4d14-8783-7d80db77089a
-ENV NODE_ENV production
-ENV STRIPE_PUB_KEY pk_85fQ0yMECHNfHTSsZoxZXlPSwSNfA
-ENV APPLE_AUTH_CLIENT_ID 9Q9SMRMCNN.com.habitrpg.ios.Habitica
-
-# Install global packages
-RUN npm install -g gulp-cli mocha
-
-# Clone Habitica repo and install dependencies
-RUN mkdir -p /usr/src/habitrpg
-WORKDIR /usr/src/habitrpg
-RUN git clone --branch release --depth 1 https://github.com/HabitRPG/habitica.git /usr/src/habitrpg
-RUN git config --global url."https://".insteadOf git://
-RUN npm set unsafe-perm true
-RUN npm install
-
-# Start Habitica
-EXPOSE 80 8080 36612
-CMD ["node", "./website/transpiled-babel/index.js"]
@@ -2,7 +2,6 @@ import mongoose from 'mongoose';
 import nconf from 'nconf';
 import repl from 'repl';
 import gulp from 'gulp';
-import logger from '../website/server/libs/logger';
 import {
  getDevelopmentConnectionUrl,
  getDefaultConnectionOptions,
@@ -39,10 +38,6 @@ const improveRepl = context => {
  mongoose.connect(
    connectionUrl,
    mongooseOptions,
-    err => {
-      if (err) throw err;
-      logger.info('Connected with Mongoose');
-    },
  );
 };

@@ -59,13 +59,15 @@ gulp.task('test:prepare:mongo', cb => {
  const mongooseOptions = getDefaultConnectionOptions();
  const connectionUrl = getDevelopmentConnectionUrl(TEST_DB_URI);

-  mongoose.connect(connectionUrl, mongooseOptions, err => {
-    if (err) return cb(`Unable to connect to mongo database. Are you sure it's running? \n\n${err}`);
-    return mongoose.connection.dropDatabase(err2 => {
-      if (err2) return cb(err2);
-      return mongoose.connection.close(cb);
+  mongoose.connect(connectionUrl, mongooseOptions)
+    .then(() => mongoose.connection.dropDatabase())
+    .then(() => mongoose.connection.close()).then(() => {
+      cb();
+    })
+    .catch(err => {
+      if (err) return cb(`Unable to connect to mongo database. Are you sure it's running? \n\n${err}`);
+      throw err;
    });
-  });
 });

 gulp.task('test:prepare:server', gulp.series('test:prepare:mongo', done => {
@@ -116,8 +118,10 @@ gulp.task('test:common:safe', gulp.series('test:prepare:build', cb => {
  pipe(runner);
 }));

-gulp.task('test:content', gulp.series('test:prepare:build',
-  runInChildProcess(CONTENT_TEST_COMMAND, LIMIT_MAX_BUFFER_OPTIONS)));
+gulp.task('test:content', gulp.series(
+  'test:prepare:build',
+  runInChildProcess(CONTENT_TEST_COMMAND, LIMIT_MAX_BUFFER_OPTIONS),
+));

 gulp.task('test:content:clean', cb => {
  pipe(exec(testBin(CONTENT_TEST_COMMAND), LIMIT_MAX_BUFFER_OPTIONS, () => cb()));
@@ -142,16 +146,20 @@ gulp.task('test:content:safe', gulp.series('test:prepare:build', cb => {
  pipe(runner);
 }));

-gulp.task('test:api:unit:run',
-  runInChildProcess(integrationTestCommand('test/api/unit', 'coverage/api-unit')));
+gulp.task(
+  'test:api:unit:run',
+  runInChildProcess(integrationTestCommand('test/api/unit', 'coverage/api-unit')),
+);

 gulp.task('test:api:unit:watch', () => gulp.watch(['website/server/libs/*', 'test/api/unit/**/*', 'website/server/controllers/**/*'], gulp.series('test:api:unit:run', done => done())));

-gulp.task('test:api-v3:integration', gulp.series('test:prepare:mongo',
+gulp.task('test:api-v3:integration', gulp.series(
+  'test:prepare:mongo',
  runInChildProcess(
    integrationTestCommand('test/api/v3/integration', 'coverage/api-v3-integration'),
    LIMIT_MAX_BUFFER_OPTIONS,
-  )));
+  ),
+));

 gulp.task('test:api-v3:integration:watch', () => gulp.watch([
  'website/server/controllers/api-v3/**/*', 'common/script/ops/*', 'website/server/libs/*.js',
@@ -164,11 +172,13 @@ gulp.task('test:api-v3:integration:separate-server', runInChildProcess(
  'LOAD_SERVER=0',
 ));

-gulp.task('test:api-v4:integration', gulp.series('test:prepare:mongo',
+gulp.task('test:api-v4:integration', gulp.series(
+  'test:prepare:mongo',
  runInChildProcess(
    integrationTestCommand('test/api/v4', 'api-v4-integration'),
    LIMIT_MAX_BUFFER_OPTIONS,
-  )));
+  ),
+));

 gulp.task('test:api-v4:integration:separate-server', runInChildProcess(
  'mocha test/api/v4 --recursive --require ./test/helpers/start-server',
@@ -3,6 +3,6 @@ module.exports = {
  root: false,
  rules: {
    'no-console': 0,
-    'no-use-before-define': ['error', { functions: false }]
-  }
-}
+    'no-use-before-define': ['error', { functions: false }],
+  },
+};
@@ -51,7 +51,8 @@ function getAchievementUpdate (newUser, oldUser) {
  // Rebirth level
  if (achievementsUpdate.rebirthLevel) {
    achievementsUpdate.rebirthLevel = Math.max(
-      achievementsUpdate.rebirthLevel, oldAchievements.rebirthLevel,
+      achievementsUpdate.rebirthLevel,
+      oldAchievements.rebirthLevel,
    );
  } else if (oldAchievements.rebirthLevel) {
    achievementsUpdate.rebirthLevel = oldAchievements.rebirthLevel;
@@ -61,7 +61,7 @@ async function updateUser (user) {

 export default async function processUsers () {
  let query = {
-    // migration: {$ne: MIGRATION_NAME},
+    migration: {$ne: MIGRATION_NAME},
    'auth.timestamps.loggedin': {$gt: new Date('2021-01-01')},
  };

@@ -105,7 +105,7 @@ async function updateUser (user) {

 export default async function processUsers () {
  let query = {
-    // migration: { $ne: MIGRATION_NAME },
+    migration: { $ne: MIGRATION_NAME },
    'auth.timestamps.loggedin': { $gt: new Date('2021-08-01') },
  };

@@ -145,7 +145,7 @@ async function updateUser (user) {

 export default async function processUsers () {
  let query = {
-    // migration: { $ne: MIGRATION_NAME },
+    migration: { $ne: MIGRATION_NAME },
    'auth.timestamps.loggedin': { $gt: new Date('2021-08-01') },
  };

@@ -105,7 +105,7 @@ async function updateUser (user) {

 export default async function processUsers () {
  let query = {
-    // migration: { $ne: MIGRATION_NAME },
+    migration: { $ne: MIGRATION_NAME },
    'auth.timestamps.loggedin': { $gt: new Date('2021-08-01') },
  };

@@ -95,7 +95,7 @@ async function updateUser (user) {

 export default async function processUsers () {
  let query = {
-    // migration: { $ne: MIGRATION_NAME },
+    migration: { $ne: MIGRATION_NAME },
    'auth.timestamps.loggedin': { $gt: new Date('2022-01-01') },
  };

@@ -86,7 +86,7 @@ async function updateUser (user) {

 export default async function processUsers () {
  let query = {
-    // migration: { $ne: MIGRATION_NAME },
+    migration: { $ne: MIGRATION_NAME },
    'auth.timestamps.loggedin': { $gt: new Date('2022-01-01') },
  };

@@ -63,7 +63,7 @@ async function updateUser (user) {
      && pets['Wolf-Shade']
      && pets['Wolf-Skeleton']
      && pets['Wolf-White']
-      && pets['Wolf-Zombie'] {
+      && pets['Wolf-Zombie']) {
        set['achievements.polarPro'] = true;
      }
  }
@@ -75,7 +75,7 @@ async function updateUser (user) {

 export default async function processUsers () {
  let query = {
-    // migration: { $ne: MIGRATION_NAME },
+    migration: { $ne: MIGRATION_NAME },
    'auth.timestamps.loggedin': { $gt: new Date('2022-11-01') },
  };

@@ -125,7 +125,7 @@ async function updateUser (user) {

 export default async function processUsers () {
  let query = {
-    // migration: { $ne: MIGRATION_NAME },
+    migration: { $ne: MIGRATION_NAME },
    'auth.timestamps.loggedin': { $gt: new Date('2023-04-15') },
  };

@@ -110,7 +110,7 @@ async function updateUser (user) {
 export default async function processUsers () {
  let query = {
    migration: {$ne: MIGRATION_NAME},
-    // 'auth.timestamps.loggedin': { $gt: new Date('2023-07-08') },
+    'auth.timestamps.loggedin': { $gt: new Date('2023-07-08') },
  };

  const fields = {
@@ -1,118 +0,0 @@
-let migrationName = '20180904_takeThis.js'; // Update per month
-let authorName = 'Sabe'; // in case script author needs to know when their ...
-let authorUuid = '7f14ed62-5408-4e1b-be83-ada62d504931'; // ... own data is done
-
-/*
- * Award Take This ladder items to participants in this month's challenge
- */
-
-import monk from 'monk';
-import nconf from 'nconf';
-const CONNECTION_STRING = nconf.get('MIGRATION_CONNECT_STRING'); // FOR TEST DATABASE
-let dbUsers = monk(CONNECTION_STRING).get('users', { castIds: false });
-
-function processUsers (lastId) {
-  // specify a query to limit the affected users (empty for all users):
-  let query = {
-    migration: {$ne: migrationName},
-    challenges: {$in: ['1044ec0c-4a85-48c5-9f36-d51c0c62c7d3']}, // Update per month
-  };
-
-  if (lastId) {
-    query._id = {
-      $gt: lastId,
-    };
-  }
-
-  dbUsers.find(query, {
-    sort: {_id: 1},
-    limit: 250,
-    fields: [
-      'items.gear.owned',
-    ], // specify fields we are interested in to limit retrieved data (empty if we're not reading data):
-  })
-    .then(updateUsers)
-    .catch((err) => {
-      console.log(err);
-      return exiting(1, `ERROR! ${  err}`);
-    });
-}
-
-let progressCount = 1000;
-let count = 0;
-
-function updateUsers (users) {
-  if (!users || users.length === 0) {
-    console.warn('All appropriate users found and modified.');
-    displayData();
-    return;
-  }
-
-  let userPromises = users.map(updateUser);
-  let lastUser = users[users.length - 1];
-
-  return Promise.all(userPromises)
-    .then(() => {
-      processUsers(lastUser._id);
-    });
-}
-
-function updateUser (user) {
-  count++;
-
-  let set = {};
-  let push;
-
-  if (typeof user.items.gear.owned.back_special_takeThis !== 'undefined') {
-    set = {migration: migrationName};
-  } else if (typeof user.items.gear.owned.body_special_takeThis !== 'undefined') {
-    set = {migration: migrationName, 'items.gear.owned.back_special_takeThis': false};
-    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.back_special_takeThis', _id: monk.id()}};
-  } else if (typeof user.items.gear.owned.head_special_takeThis !== 'undefined') {
-    set = {migration: migrationName, 'items.gear.owned.body_special_takeThis': false};
-    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.body_special_takeThis', _id: monk.id()}};
-  } else if (typeof user.items.gear.owned.armor_special_takeThis !== 'undefined') {
-    set = {migration: migrationName, 'items.gear.owned.head_special_takeThis': false};
-    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.head_special_takeThis', _id: monk.id()}};
-  } else if (typeof user.items.gear.owned.weapon_special_takeThis !== 'undefined') {
-    set = {migration: migrationName, 'items.gear.owned.armor_special_takeThis': false};
-    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.armor_special_takeThis', _id: monk.id()}};
-  } else if (typeof user.items.gear.owned.shield_special_takeThis !== 'undefined') {
-    set = {migration: migrationName, 'items.gear.owned.weapon_special_takeThis': false};
-    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.weapon_special_takeThis', _id: monk.id()}};
-  } else {
-    set = {migration: migrationName, 'items.gear.owned.shield_special_takeThis': false};
-    push = {pinnedItems: {type: 'marketGear', path: 'gear.flat.shield_special_takeThis', _id: monk.id()}};
-  }
-
-  if (push) {
-    dbUsers.update({_id: user._id}, {$set: set, $push: push});
-  } else {
-    dbUsers.update({_id: user._id}, {$set: set});
-  }
-
-  if (count % progressCount === 0) console.warn(`${count  } ${  user._id}`);
-  if (user._id === authorUuid) console.warn(`${authorName  } processed`);
-}
-
-function displayData () {
-  console.warn(`\n${  count  } users processed\n`);
-  return exiting(0);
-}
-
-function exiting (code, msg) {
-  code = code || 0; // 0 = success
-  if (code && !msg) {
-    msg = 'ERROR!';
-  }
-  if (msg) {
-    if (code) {
-      console.error(msg);
-    } else      {
-      console.log(msg);
-    }
-  }
-  process.exit(code);
-}
-
-module.exports = processUsers;
@@ -1,10 +0,0 @@
-import csv
-
-with open(r"/home/slappybag/Documents/SurveyScrape.csv") as f:
-     reader = csv.reader(f, delimiter=',', quotechar='"')
-     column = []
-     for row in reader:
-        if row:
-            column.append(row[4])
-
-print column
@@ -21,12 +21,14 @@ async function handOutJackalopes () {
    if (user.party._id) groupList.push(user.party._id);
    groupList = groupList.concat(user.guilds);

-    const subscribedGroup = await Group.findOne({
-      _id: { $in: groupList },
-      'purchased.plan.planId': 'group_monthly',
-      'purchased.plan.dateTerminated': null,
-    },
-    { _id: 1 });
+    const subscribedGroup = await Group.findOne(
+      {
+        _id: { $in: groupList },
+        'purchased.plan.planId': 'group_monthly',
+        'purchased.plan.dateTerminated': null,
+      },
+      { _id: 1 },
+    );

    if (subscribedGroup) {
      User.update({ _id: user._id }, { $set: { 'items.mounts.Jackalope-RoyalPurple': true } }).exec();
@@ -16,6 +16,7 @@ async function updateUser (user) {

  if (count % progressCount === 0) {
    console.warn(`${count} ${user._id}`);
+    // eslint-disable-next-line no-promise-executor-return
    await new Promise(resolve => setTimeout(resolve, 5000));
  }

@@ -1,7 +1,7 @@
 {
  "name": "habitica",
  "description": "A habit tracker app which treats your goals like a Role Playing Game.",
-  "version": "5.15.1",
+  "version": "5.18.1",
  "main": "./website/server/index.js",
  "dependencies": {
    "@babel/core": "^7.22.10",
@@ -24,8 +24,8 @@
    "csv-stringify": "^5.6.5",
    "cwait": "^1.1.1",
    "domain-middleware": "~0.1.0",
-    "eslint": "^6.8.0",
-    "eslint-config-habitrpg": "^6.2.0",
+    "eslint": "^8.55.0",
+    "eslint-config-habitrpg": "^6.2.3",
    "eslint-plugin-mocha": "^5.0.0",
    "express": "^4.18.2",
    "express-basic-auth": "^1.2.1",
@@ -36,11 +36,9 @@
    "gulp-babel": "^8.0.0",
    "gulp-imagemin": "^7.1.0",
    "gulp-nodemon": "^2.5.0",
-    "nodemon": "^2.0.20",
    "gulp.spritesmith": "^6.13.0",
    "habitica-markdown": "^3.0.0",
    "helmet": "^4.6.0",
-    "image-size": "^1.0.2",
    "in-app-purchase": "^1.11.3",
    "js2xmlparser": "^5.0.0",
    "jsonwebtoken": "^9.0.2",
@@ -50,10 +48,11 @@
    "method-override": "^3.0.0",
    "moment": "^2.29.4",
    "moment-recur": "^1.0.7",
-    "mongoose": "^5.13.20",
+    "mongoose": "^7.6.3",
    "morgan": "^1.10.0",
    "nconf": "^0.12.1",
    "node-gcm": "^1.0.5",
+    "nodemon": "^2.0.20",
    "on-headers": "^1.0.2",
    "passport": "^0.5.3",
    "passport-facebook": "^3.0.0",
@@ -64,7 +63,6 @@
    "ps-tree": "^1.0.0",
    "rate-limiter-flexible": "^2.4.2",
    "redis": "^3.1.2",
-    "regenerator-runtime": "^0.13.11",
    "remove-markdown": "^0.5.0",
    "rimraf": "^3.0.2",
    "short-uuid": "^4.2.2",
@@ -74,7 +72,6 @@
    "useragent": "^2.1.9",
    "uuid": "^9.0.0",
    "validator": "^13.11.0",
-    "vinyl-buffer": "^1.0.1",
    "winston": "^3.10.0",
    "winston-loggly-bulk": "^3.3.0",
    "xml2js": "^0.6.2"
@@ -106,7 +103,7 @@
    "client:unit": "cd website/client && npm run test:unit",
    "start": "gulp nodemon",
    "debug": "gulp nodemon --inspect",
-    "mongo:dev": "run-rs -v 4.1.1 -l ubuntu1804 --keep --dbpath mongodb-data --number 1 --quiet",
+    "mongo:dev": "run-rs -v 5.0.23 -l ubuntu1804 --keep --dbpath mongodb-data --number 1 --quiet",
    "postinstall": "git config --global url.\"https://\".insteadOf git:// && gulp build && cd website/client && npm install",
    "apidoc": "gulp apidoc"
  },
@@ -44,6 +44,7 @@ async function deleteHabiticaData (user, email) {
    { _id: user._id },
    { $set: set },
  );
+  // eslint-disable-next-line no-promise-executor-return
  await new Promise(resolve => setTimeout(resolve, 1000));
  const response = await axios.delete(
    `${BASE_URL}/api/v3/user`,
@@ -96,6 +97,7 @@ async function processEmailAddress (email) {
    return console.log(`No users found with email address ${email}`);
  }

+  // eslint-disable-next-line no-promise-executor-return
  await new Promise(resolve => setTimeout(resolve, 1000));
  return Promise.all(users.map(user => (async () => {
    await deleteAmplitudeData(user._id, email); // eslint-disable-line no-await-in-loop
@@ -1,3 +1,5 @@
+/* eslint-disable import/no-commonjs */
+
 module.exports = {
  extends: [
    'habitrpg/lib/mocha',
@@ -7,6 +9,9 @@ module.exports = {
    chai: true,
    expect: true,
    sinon: true,
-    sandbox: true
+    sandbox: true,
  },
-}
+  rules: {
+    'import/no-extraneous-dependencies': 'off',
+  },
+};
@@ -26,9 +26,7 @@ describe('bug-report', () => {
      _id: userId,
    });

-    const result = await bugReportLogic(
-      user, userMail, userMessage, userAgent,
-    );
+    const result = await bugReportLogic(user, userMail, userMessage, userAgent);

    expect(emailLib.sendTxn).to.be.called;
    expect(result).to.deep.equal({
@@ -44,7 +44,7 @@ describe('mongodb', () => {
      const mongoLibOverride = requireAgain(pathToMongoLib);

      const options = mongoLibOverride.getDefaultConnectionOptions();
-      expect(options).to.have.all.keys(['useNewUrlParser', 'useUnifiedTopology', 'keepAlive', 'keepAliveInitialDelay']);
+      expect(options).to.have.all.keys(['useNewUrlParser', 'useUnifiedTopology']);
    });
  });
 });
@@ -227,7 +227,7 @@ describe('Password Utilities', () => {
        expiresAt: moment().subtract({ minutes: 1 }),
      }));

-      await user.update({
+      await user.updateOne({
        'auth.local.passwordResetCode': code,
      });

@@ -264,7 +264,7 @@ describe('Password Utilities', () => {
        expiresAt: moment().add({ days: 1 }),
      }));

-      await user.update({
+      await user.updateOne({
        'auth.local.passwordResetCode': 'invalid',
      });

@@ -280,7 +280,7 @@ describe('Password Utilities', () => {
        expiresAt: moment().add({ days: 1 }),
      }));

-      await user.update({
+      await user.updateOne({
        'auth.local.passwordResetCode': code,
      });

@@ -342,10 +342,12 @@ describe('Apple Payments', () => {
            }]);
          sub = common.content.subscriptionBlocks[newOption.subKey];

-          await applePayments.subscribe(user,
+          await applePayments.subscribe(
+            user,
            receipt,
            headers,
-            nextPaymentProcessing);
+            nextPaymentProcessing,
+          );

          expect(iapSetupStub).to.be.calledOnce;
          expect(iapValidateStub).to.be.calledOnce;
@@ -387,10 +389,12 @@ describe('Apple Payments', () => {
            }]);
          sub = common.content.subscriptionBlocks[newOption.subKey];

-          await applePayments.subscribe(user,
+          await applePayments.subscribe(
+            user,
            receipt,
            headers,
-            nextPaymentProcessing);
+            nextPaymentProcessing,
+          );

          expect(iapSetupStub).to.be.calledOnce;
          expect(iapValidateStub).to.be.calledOnce;
@@ -517,9 +521,7 @@ describe('Apple Payments', () => {

        const secondUser = new User();
        await secondUser.save();
-        await expect(applePayments.subscribe(
-          secondUser, receipt, headers, nextPaymentProcessing,
-        ))
+        await expect(applePayments.subscribe(secondUser, receipt, headers, nextPaymentProcessing))
          .to.eventually.be.rejected.and.to.eql({
            httpCode: 401,
            name: 'NotAuthorized',
@@ -559,9 +561,7 @@ describe('Apple Payments', () => {

        const thirdUser = new User();
        await thirdUser.save();
-        await expect(applePayments.subscribe(
-          thirdUser, receipt, headers, nextPaymentProcessing,
-        ))
+        await expect(applePayments.subscribe(thirdUser, receipt, headers, nextPaymentProcessing))
          .to.eventually.be.rejected.and.to.eql({
            httpCode: 401,
            name: 'NotAuthorized',
@@ -1382,18 +1382,6 @@ describe('payments/index', () => {
        expect(user.purchased.plan.mysteryItems).to.have.a.lengthOf(1);
        expect(user.purchased.plan.mysteryItems).to.include('head_mystery_201605');
      });
-
-      it('does not award mystery item when user already has the item in the mystery box', async () => {
-        user.purchased.plan.mysteryItems = [mayMysteryItem];
-
-        sandbox.spy(user.purchased.plan.mysteryItems, 'push');
-
-        data = { paymentMethod: 'PaymentMethod', user, sub: { key: 'basic_3mo' } };
-        await api.createSubscription(data);
-
-        expect(user.purchased.plan.mysteryItems.push).to.be.calledOnce;
-        expect(user.purchased.plan.mysteryItems.push).to.be.calledWith('head_mystery_201605');
-      });
    });
  });

@@ -1599,10 +1587,10 @@ describe('payments/index', () => {
      it('sends gem donation message in each participant\'s language', async () => {
        // TODO using english for both users because other languages are not loaded
        // for api.buyGems
-        await recipient.update({
+        await recipient.updateOne({
          'preferences.language': 'en',
        });
-        await user.update({
+        await user.updateOne({
          'preferences.language': 'en',
        });
        await api.buyGems(data);
@@ -53,11 +53,9 @@ describe('cron middleware', () => {
      cronMiddleware(req, res, err => {
        if (err) return reject(err);

-        Tasks.Task.findOne({ _id: task }, (secondErr, taskFound) => {
-          if (secondErr) return reject(err);
-          expect(secondErr).to.not.exist;
-          expect(taskFound).to.not.exist;
-          return resolve();
+        Tasks.Task.findOne({ _id: task }).then(foundTask => {
+          expect(foundTask).to.not.exist;
+          resolve();
        });

        return null;
@@ -78,10 +76,8 @@ describe('cron middleware', () => {
    await new Promise((resolve, reject) => {
      cronMiddleware(req, res, err => {
        if (err) return reject(err);
-        Tasks.Task.findOne({ _id: task }, (secondErr, taskFound) => {
-          if (secondErr) return reject(secondErr);
-          expect(secondErr).to.not.exist;
-          expect(taskFound).to.exist;
+        Tasks.Task.findOne({ _id: task }).then(foundTask => {
+          expect(foundTask).to.exist;
          return resolve();
        });
        return null;
@@ -103,10 +99,8 @@ describe('cron middleware', () => {
    await new Promise((resolve, reject) => {
      cronMiddleware(req, res, err => {
        if (err) return reject(err);
-        Tasks.Task.findOne({ _id: task }, (secondErr, taskFound) => {
-          if (secondErr) return reject(secondErr);
-          expect(secondErr).to.not.exist;
-          expect(taskFound).to.not.exist;
+        Tasks.Task.findOne({ _id: task }).then(foundTask => {
+          expect(foundTask).to.not.exist;
          return resolve();
        });
        return null;
@@ -170,8 +164,7 @@ describe('cron middleware', () => {
    await new Promise((resolve, reject) => {
      cronMiddleware(req, res, err => {
        if (err) return reject(err);
-        return User.findOne({ _id: user._id }, (secondErr, updatedUser) => {
-          if (secondErr) return reject(secondErr);
+        return User.findOne({ _id: user._id }).then(updatedUser => {
          expect(updatedUser.stats.hp).to.be.lessThan(hpBefore);
          return resolve();
        });
@@ -188,8 +181,7 @@ describe('cron middleware', () => {
    await new Promise((resolve, reject) => {
      cronMiddleware(req, res, err => {
        if (err) return reject(err);
-        return Tasks.Task.findOne({ _id: todo._id }, (secondErr, todoFound) => {
-          if (secondErr) return reject(secondErr);
+        return Tasks.Task.findOne({ _id: todo._id }).then(todoFound => {
          expect(todoFound.value).to.be.lessThan(todoValueBefore);
          return resolve();
        });
@@ -224,8 +216,7 @@ describe('cron middleware', () => {
    await new Promise((resolve, reject) => {
      cronMiddleware(req, res, err => {
        if (err) return reject(err);
-        return User.findOne({ _id: user._id }, (secondErr, updatedUser) => {
-          if (secondErr) return reject(secondErr);
+        return User.findOne({ _id: user._id }).then(updatedUser => {
          expect(updatedUser.stats.hp).to.be.lessThan(hpBefore);
          return resolve();
        });
@@ -238,7 +229,7 @@ describe('cron middleware', () => {
    await user.save();

    const updatedUser = user.toObject();
-    updatedUser.nMatched = 0;
+    updatedUser.matchedCount = 0;

    sandbox.spy(cronLib, 'recoverCron');

@@ -269,7 +260,7 @@ describe('cron middleware', () => {
  it('cronSignature less than an hour ago should error', async () => {
    user.lastCron = moment(new Date()).subtract({ days: 2 });
    const now = new Date();
-    await User.update({
+    await User.updateOne({
      _id: user._id,
    }, {
      $set: {
@@ -291,7 +282,7 @@ describe('cron middleware', () => {
  it('cronSignature longer than an hour ago should allow cron', async () => {
    user.lastCron = moment(new Date()).subtract({ days: 2 });
    const now = new Date();
-    await User.update({
+    await User.updateOne({
      _id: user._id,
    }, {
      $set: {
@@ -1358,7 +1358,7 @@ describe('Group Model', () => {

    describe('#sendChat', () => {
      beforeEach(() => {
-        sandbox.spy(User, 'update');
+        sandbox.spy(User, 'updateOne');
        sandbox.spy(User, 'updateMany');
      });

@@ -1450,7 +1450,7 @@ describe('Group Model', () => {

        party.sendChat({ message: 'message' });

-        expect(User.update).to.not.be.called;
+        expect(User.updateMany).to.not.be.called;
      });

      it('skips sending messages to the tavern', () => {
@@ -1458,7 +1458,7 @@ describe('Group Model', () => {

        party.sendChat({ message: 'message' });

-        expect(User.update).to.not.be.called;
+        expect(User.updateMany).to.not.be.called;
      });
    });

@@ -103,7 +103,7 @@ describe('NewsPost Model', () => {

    beforeEach(async () => {
      // Delete all existing posts from the database
-      await NewsPost.remove();
+      await NewsPost.deleteMany();
    });

    afterEach(() => {
@@ -116,7 +116,7 @@ describe('NewsPost Model', () => {
        _id: v4(), publishDate: new Date(), published: true,
      };
      NewsPost.updateLastNewsPost(previousPost);
-      intervalId = refreshNewsPost(50); // refreshes every 50ms
+      intervalId = refreshNewsPost(100); // refreshes every 100ms

      await sleep(0.1); // wait 100ms to make sure the new post has a more recent publishDate
      const newPost = await NewsPost.create({
@@ -221,7 +221,8 @@ describe('Task Model', () => {

      it('returns task by alias', async () => {
        const foundTasks = await Tasks.Task.findMultipleByIdOrAlias(
-          [taskWithAlias.alias], user._id,
+          [taskWithAlias.alias],
+          user._id,
        );

        expect(foundTasks[0].text).to.eql(taskWithAlias.text);
@@ -229,7 +230,8 @@ describe('Task Model', () => {

      it('returns multiple tasks', async () => {
        const foundTasks = await Tasks.Task.findMultipleByIdOrAlias(
-          [taskWithAlias.alias, secondTask._id], user._id,
+          [taskWithAlias.alias, secondTask._id],
+          user._id,
        );

        expect(foundTasks.length).to.eql(2);
@@ -239,7 +241,8 @@ describe('Task Model', () => {

      it('returns a task only once if searched by both id and alias', async () => {
        const foundTasks = await Tasks.Task.findMultipleByIdOrAlias(
-          [taskWithAlias.alias, taskWithAlias._id], user._id,
+          [taskWithAlias.alias, taskWithAlias._id],
+          user._id,
        );

        expect(foundTasks.length).to.eql(1);
@@ -188,7 +188,7 @@ describe('User Model', () => {
    it('removes invalid tags when loading the user', async () => {
      let user = new User();
      await user.save();
-      await user.update({
+      await user.updateOne({
        $set: {
          tags: [
            null, // invalid, not an object
@@ -212,7 +212,7 @@ describe('User Model', () => {
    it('removes invalid push devices when loading the user', async () => {
      let user = new User();
      await user.save();
-      await user.update({
+      await user.updateOne({
        $set: {
          pushDevices: [
            null, // invalid, not an object
@@ -236,7 +236,7 @@ describe('User Model', () => {
    it('removes duplicate push devices when loading the user', async () => {
      let user = new User();
      await user.save();
-      await user.update({
+      await user.updateOne({
        $set: {
          pushDevices: [
            { type: 'android', regId: '1234' },
@@ -258,7 +258,7 @@ describe('User Model', () => {
    it('removes invalid notifications when loading the user', async () => {
      let user = new User();
      await user.save();
-      await user.update({
+      await user.updateOne({
        $set: {
          notifications: [
            null, // invalid, not an object
@@ -284,7 +284,7 @@ describe('User Model', () => {
    it('removes multiple NEW_CHAT_MESSAGE for the same group', async () => {
      let user = new User();
      await user.save();
-      await user.update({
+      await user.updateOne({
        $set: {
          notifications: [
            {
@@ -87,7 +87,7 @@ describe('DELETE /challenges/:challengeId', () => {
      const testTask = _.find(tasks, task => task.text === taskText);

      expect(testTask.challenge.broken).to.eql('CHALLENGE_DELETED');
-      expect(testTask.challenge.winner).to.be.null;
+      expect(testTask.challenge.winner).to.be.undefined;
    });
  });
 });
@@ -74,7 +74,7 @@ describe('GET /challenges/:challengeId/export/csv', () => {
  });

  it('should successfully return when it contains erroneous residue user data', async () => {
-    await members[0].update({ challenges: [] });
+    await members[0].updateOne({ challenges: [] });
    const res = await members[1].get(`/challenges/${challenge._id}/export/csv`);
    const sortedMembers = _.sortBy([members[1], members[2], groupLeader], '_id');
    const splitRes = res.split('\n');
@@ -186,7 +186,7 @@ describe('GET challenges/groups/:groupId', () => {

    before(async () => {
      user = await generateUser();
-      await user.update({ balance: 0.5 });
+      await user.updateOne({ balance: 0.5 });
      tavern = await user.get(`/groups/${TAVERN_ID}`);

      challenge = await generateChallenge(user, tavern, { prize: 1 });
@@ -269,7 +269,7 @@ describe('GET challenges/groups/:groupId', () => {
      let officialChallenge; let unofficialChallenges;

      before(async () => {
-        await user.update({
+        await user.updateOne({
          'permissions.challengeAdmin': true,
          balance: 3,
        });
@@ -68,7 +68,7 @@ describe('GET challenges/user', () => {

      challenge = await generateChallenge(user, group);
      challenge2 = await generateChallenge(user, group);
-      await user.update({ balance: 0.25 });
+      await user.updateOne({ balance: 0.25 });
      publicChallenge = await generateChallenge(user, tavern, { prize: 1 });

      await member.post(`/challenges/${challenge._id}/join`);
@@ -234,7 +234,7 @@ describe('GET challenges/user', () => {
        upgradeToGroupPlan: true,
      }));

-      await user.update({
+      await user.updateOne({
        'permissions.challengeAdmin': true,
      });

@@ -308,7 +308,7 @@ describe('GET challenges/user', () => {
      guild = group;
      member = members[0]; // eslint-disable-line prefer-destructuring

-      await user.update({ balance: 20 });
+      await user.updateOne({ balance: 20 });

      for (let i = 0; i < 11; i += 1) {
        let challenge = await generateChallenge(user, group); // eslint-disable-line
@@ -41,7 +41,7 @@ describe('POST /challenges/:challengeId/flag', () => {
  });

  it('flags a challenge with a higher count when from an admin', async () => {
-    await user.update({ 'contributor.admin': true });
+    await user.updateOne({ 'contributor.admin': true });

    const flagResult = await user.post(`/challenges/${challenge._id}/flag`);

@@ -23,7 +23,7 @@ describe('POST /challenges/:challengeId/clearflags', () => {
    admin = groupLeader;
    [nonAdmin] = members;

-    await admin.update({ 'permissions.moderator': true });
+    await admin.updateOne({ 'permissions.moderator': true });

    challenge = await generateChallenge(admin, group);
    await admin.post(`/challenges/${challenge._id}/flag`);
@@ -79,7 +79,7 @@ describe('POST /challenges', () => {
      });

      groupLeader = await populatedGroup.groupLeader.sync();
-      await groupLeader.update({ permissions: {} });
+      await groupLeader.updateOne({ permissions: {} });
      group = populatedGroup.group;
      groupMember = populatedGroup.members[0]; // eslint-disable-line prefer-destructuring
    });
@@ -177,7 +177,7 @@ describe('POST /challenges', () => {
      const oldUserBalance = groupLeader.balance;
      const prize = 8;

-      await group.update({ balance: 0 });
+      await group.updateOne({ balance: 0 });
      await groupLeader.post('/challenges', {
        group: group._id,
        name: 'Test Challenge',
@@ -202,7 +202,7 @@ describe('POST /challenges', () => {
    });

    it('sets challenge as official if created by admin and official flag is set', async () => {
-      await groupLeader.update({
+      await groupLeader.updateOne({
        permissions: {
          challengeAdmin: true,
        },
@@ -128,10 +128,10 @@ describe('POST /challenges/:challengeId/winner/:winnerId', () => {
      const oldBalance = winningUser.balance;
      const oldLeaderBalance = (await groupLeader.sync()).balance;

-      await winningUser.update({
+      await winningUser.updateOne({
        'purchased.plan.customerId': 'group-plan',
      });
-      await group.update({
+      await group.updateOne({
        'leaderOnly.getGems': true,
        'purchased.plan.customerId': 123,
      });
@@ -28,7 +28,7 @@ describe('DELETE /groups/:groupId/chat/:chatId', () => {
    message = message.message;
    userThatDidNotCreateChat = members[0]; // eslint-disable-line prefer-destructuring
    admin = members[1]; // eslint-disable-line prefer-destructuring
-    await admin.update({ permissions: { moderator: true } });
+    await admin.updateOne({ permissions: { moderator: true } });
  });

  context('Chat errors', () => {
@@ -27,11 +27,11 @@ describe('POST /chat/:chatId/flag', () => {
    }));

    [admin, anotherUser, newUser, userToDelete] = members;
-    await user.update({ permissions: {} });
-    await admin.update({ permissions: { moderator: true } });
-    await anotherUser.update({ 'auth.timestamps.created': moment().subtract(USER_AGE_FOR_FLAGGING + 1, 'days').toDate() });
-    await newUser.update({ 'auth.timestamps.created': moment().subtract(1, 'days').toDate() });
-    await userToDelete.update({
+    await user.updateOne({ permissions: {} });
+    await admin.updateOne({ permissions: { moderator: true } });
+    await anotherUser.updateOne({ 'auth.timestamps.created': moment().subtract(USER_AGE_FOR_FLAGGING + 1, 'days').toDate() });
+    await newUser.updateOne({ 'auth.timestamps.created': moment().subtract(1, 'days').toDate() });
+    await userToDelete.updateOne({
      'auth.timestamps.created': moment().subtract(1, 'days').toDate(),
      'purchased.plan.dateTerminated': moment().subtract(1, 'minutes').toDate(),
    });
@@ -27,7 +27,7 @@ describe('POST /chat/:chatId/like', () => {
    }));

    [anotherUser] = members;
-    await anotherUser.update({ 'auth.timestamps.created': new Date('2022-01-01') });
+    await anotherUser.updateOne({ 'auth.timestamps.created': new Date('2022-01-01') });
  });

  it('Returns an error when chat message is not found', async () => {
@@ -39,17 +39,6 @@ describe('POST /chat/:chatId/like', () => {
      });
  });

-  it('Returns an error when user tries to like their own message', async () => {
-    const message = await user.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage });
-
-    await expect(user.post(`/groups/${groupWithChat._id}/chat/${message.message.id}/like`))
-      .to.eventually.be.rejected.and.eql({
-        code: 404,
-        error: 'NotFound',
-        message: t('messageGroupChatLikeOwnMessage'),
-      });
-  });
-
  it('Likes a chat', async () => {
    const message = await anotherUser.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage });

@@ -63,6 +52,19 @@ describe('POST /chat/:chatId/like', () => {
    expect(messageToCheck.likes[user._id]).to.equal(true);
  });

+  it('Allows to likes their own chat message', async () => {
+    const message = await user.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage });
+
+    const likeResult = await user.post(`/groups/${groupWithChat._id}/chat/${message.message.id}/like`);
+
+    expect(likeResult.likes[user._id]).to.equal(true);
+
+    const groupWithChatLikes = await user.get(`/groups/${groupWithChat._id}`);
+
+    const messageToCheck = find(groupWithChatLikes.chat, { id: message.message.id });
+    expect(messageToCheck.likes[user._id]).to.equal(true);
+  });
+
  it('Unlikes a chat', async () => {
    const message = await anotherUser.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage });

@@ -30,14 +30,14 @@ describe('POST /chat', () => {
      upgradeToGroupPlan: true,
    });
    user = groupLeader;
-    await user.update({
+    await user.updateOne({
      'contributor.level': SPAM_MIN_EXEMPT_CONTRIB_LEVEL,
      'auth.timestamps.created': new Date('2022-01-01'),
    }); // prevent tests accidentally throwing messageGroupChatSpam
    groupWithChat = group;
    [member, additionalMember] = members;
-    await member.update({ 'auth.timestamps.created': new Date('2022-01-01') });
-    await additionalMember.update({ 'auth.timestamps.created': new Date('2022-01-01') });
+    await member.updateOne({ 'auth.timestamps.created': new Date('2022-01-01') });
+    await additionalMember.updateOne({ 'auth.timestamps.created': new Date('2022-01-01') });
  });

  it('Returns an error when no message is provided', async () => {
@@ -77,11 +77,11 @@ describe('POST /chat', () => {

  describe('mute user', () => {
    afterEach(() => {
-      member.update({ 'flags.chatRevoked': false });
+      member.updateOne({ 'flags.chatRevoked': false });
    });

    it('does not error when chat privileges are revoked when sending a message to a private guild', async () => {
-      await member.update({
+      await member.updateOne({
        'flags.chatRevoked': true,
      });

@@ -101,7 +101,7 @@ describe('POST /chat', () => {
      });

      const privatePartyMemberWithChatsRevoked = members[0];
-      await privatePartyMemberWithChatsRevoked.update({
+      await privatePartyMemberWithChatsRevoked.updateOne({
        'flags.chatRevoked': true,
        'auth.timestamps.created': new Date('2022-01-01'),
      });
@@ -120,11 +120,11 @@ describe('POST /chat', () => {

    afterEach(() => {
      sandbox.restore();
-      member.update({ 'flags.chatShadowMuted': false });
+      member.updateOne({ 'flags.chatShadowMuted': false });
    });

    it('creates a chat with zero flagCount when sending a message to a private guild', async () => {
-      await member.update({
+      await member.updateOne({
        'flags.chatShadowMuted': true,
      });

@@ -145,7 +145,7 @@ describe('POST /chat', () => {
      });

      const userWithChatShadowMuted = members[0];
-      await userWithChatShadowMuted.update({
+      await userWithChatShadowMuted.updateOne({
        'flags.chatShadowMuted': true,
        'auth.timestamps.created': new Date('2022-01-01'),
      });
@@ -167,7 +167,7 @@ describe('POST /chat', () => {
        },
        members: 1,
      });
-      await members[0].update({ 'auth.timestamps.created': new Date('2022-01-01') });
+      await members[0].updateOne({ 'auth.timestamps.created': new Date('2022-01-01') });

      const message = await members[0].post(`/groups/${group._id}/chat`, { message: testBannedWordMessage });

@@ -189,7 +189,7 @@ describe('POST /chat', () => {

    afterEach(() => {
      sandbox.restore();
-      user.update({ 'flags.chatRevoked': false });
+      user.updateOne({ 'flags.chatRevoked': false });
    });

    it('allows slurs in private groups', async () => {
@@ -201,7 +201,7 @@ describe('POST /chat', () => {
        },
        members: 1,
      });
-      await members[0].update({ 'auth.timestamps.created': new Date('2022-01-01') });
+      await members[0].updateOne({ 'auth.timestamps.created': new Date('2022-01-01') });

      const message = await members[0].post(`/groups/${group._id}/chat`, { message: testSlurMessage });

@@ -210,14 +210,14 @@ describe('POST /chat', () => {
  });

  it('errors when user account is too young', async () => {
-    await user.update({ 'auth.timestamps.created': new Date() });
+    await user.updateOne({ 'auth.timestamps.created': new Date() });
    await expect(user.post(`/groups/${groupWithChat._id}/chat`, { message: 'hi im new' }))
      .to.eventually.be.rejected.and.eql({
        code: 400,
        error: 'BadRequest',
        message: t('chatTemporarilyUnavailable'),
      });
-    await user.update({ 'auth.timestamps.created': new Date('2022-01-01') });
+    await user.updateOne({ 'auth.timestamps.created': new Date('2022-01-01') });
  });

  it('creates a chat', async () => {
@@ -258,7 +258,7 @@ describe('POST /chat', () => {

  it('chat message with mentions - mention link should not count towards 3000 chars limit', async () => {
    const memberUsername = 'memberUsername';
-    await member.update({ 'auth.local.username': memberUsername });
+    await member.updateOne({ 'auth.local.username': memberUsername });

    const messageWithMentions = `hi @${memberUsername} 123456789
     123456789 123456789 123456789 123456789 123456789 123456789 89 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 12345678 END.`;
@@ -278,7 +278,7 @@ describe('POST /chat', () => {
    const mount = 'test-mount';
    const pet = 'test-pet';
    const style = 'test-style';
-    await user.update({
+    await user.updateOne({
      'items.currentMount': mount,
      'items.currentPet': pet,
      'preferences.style': style,
@@ -308,7 +308,7 @@ describe('POST /chat', () => {
  });

  it('creates costume to user styles', async () => {
-    await user.update({ 'preferences.costume': true });
+    await user.updateOne({ 'preferences.costume': true });

    const message = await user.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage });

@@ -323,7 +323,7 @@ describe('POST /chat', () => {
      tier: 800,
      tokensApplied: true,
    };
-    await user.update({
+    await user.updateOne({
      backer: backerInfo,
    });

@@ -375,7 +375,7 @@ describe('POST /chat', () => {

  context('chat notifications', () => {
    beforeEach(() => {
-      member.update({ newMessages: {}, notifications: [] });
+      member.updateOne({ newMessages: {}, notifications: [] });
    });

    it('notifies other users of new messages for a guild', async () => {
@@ -28,8 +28,8 @@ describe('POST /groups/:id/chat/:id/clearflags', () => {
    groupWithChat = group;
    author = groupLeader;
    [nonAdmin, admin] = members;
-    await nonAdmin.update({ 'auth.timestamps.created': moment().subtract(USER_AGE_FOR_FLAGGING + 1, 'days').toDate() });
-    await admin.update({ 'permissions.moderator': true });
+    await nonAdmin.updateOne({ 'auth.timestamps.created': moment().subtract(USER_AGE_FOR_FLAGGING + 1, 'days').toDate() });
+    await admin.updateOne({ 'permissions.moderator': true });

    message = await author.post(`/groups/${groupWithChat._id}/chat`, { message: 'Some message' });
    message = message.message;
@@ -71,7 +71,7 @@ describe('POST /groups/:id/chat/:id/clearflags', () => {
        members: 2,
      });

-      await members[0].update({ 'auth.timestamps.created': new Date('2022-01-01') });
+      await members[0].updateOne({ 'auth.timestamps.created': new Date('2022-01-01') });
      let privateMessage = await members[0].post(`/groups/${group._id}/chat`, { message: 'Some message' });
      privateMessage = privateMessage.message;

@@ -104,7 +104,7 @@ describe('POST /groups/:id/chat/:id/clearflags', () => {
      const member = members[0];

      // make member that can use skills
-      await member.update({
+      await member.updateOne({
        'stats.lvl': 100,
        'stats.mp': 400,
        'stats.class': 'wizard',
@@ -24,7 +24,7 @@ describe('GET /coupons/', () => {
  });

  it('should return the coupons in CSV format ordered by creation date', async () => {
-    await user.update({
+    await user.updateOne({
      'permissions.coupons': true,
    });

@@ -19,7 +19,7 @@ describe('POST /coupons/generate/:event', () => {
  });

  it('returns an error if user has no coupons permission', async () => {
-    await user.update({
+    await user.updateOne({
      'permissions.coupons': false,
    });

@@ -47,7 +47,7 @@ describe('POST /coupons/generate/:event', () => {
  });

  it('should generate coupons', async () => {
-    await user.update({
+    await user.updateOne({
      'permissions.coupons': true,
    });

@@ -24,7 +24,7 @@ describe('POST /debug/quest-progress', () => {
  });

  it('increases boss quest progress by 1000', async () => {
-    await user.update({
+    await user.updateOne({
      'party.quest.key': 'whale',
    });

@@ -36,7 +36,7 @@ describe('POST /debug/quest-progress', () => {
  });

  it('increases collection quest progress by 300 items', async () => {
-    await user.update({
+    await user.updateOne({
      'party.quest.key': 'evilsanta2',
    });

@@ -37,7 +37,7 @@ describe('GET /groups', () => {
      upgradeToGroupPlan: true,
    }));
    [user] = members;
-    await user.update({ balance: 4 });
+    await user.updateOne({ balance: 4 });

    ({ group: secondGroup, groupLeader: secondLeader } = await createAndPopulateGroup({
      groupDetails: {
@@ -153,7 +153,7 @@ describe('GET /groups/:id', () => {
    it('removes non-existent guild from user\'s guild list', async () => {
      const guildId = generateUUID();

-      await user.update({
+      await user.updateOne({
        guilds: [guildId, generateUUID()],
      });

@@ -173,7 +173,7 @@ describe('GET /groups/:id', () => {
    it('removes non-existent party from user\'s party object', async () => {
      const partyId = generateUUID();

-      await user.update({
+      await user.updateOne({
        party: { _id: partyId },
      });

@@ -290,7 +290,7 @@ describe('GET /groups/:id', () => {

      beforeEach(async () => {
        [admin] = members;
-        await admin.update({ permissions: { moderator: true } });
+        await admin.updateOne({ permissions: { moderator: true } });
      });

      it('includes all messages', async () => {
@@ -110,7 +110,7 @@ describe('POST /group', () => {
    });

    it('creates a party when the user has no chat privileges', async () => {
-      await user.update({ 'flags.chatRevoked': true });
+      await user.updateOne({ 'flags.chatRevoked': true });
      const party = await user.post('/groups', {
        name: partyName,
        type: partyType,
@@ -120,7 +120,7 @@ describe('POST /group', () => {
    });

    it('does not require gems to create a party', async () => {
-      await user.update({ balance: 0 });
+      await user.updateOne({ balance: 0 });

      const party = await user.post('/groups', {
        name: partyName,
@@ -78,7 +78,7 @@ describe('POST /group/:groupId/join', () => {
      });

      it('does not increment basilist quest count to inviter with basilist when joining a guild', async () => {
-        await user.update({ 'items.quests.basilist': 1 });
+        await user.updateOne({ 'items.quests.basilist': 1 });

        await invitedUser.post(`/groups/${guild._id}/join`);

@@ -146,7 +146,7 @@ describe('POST /group/:groupId/join', () => {
      });

      it('Issue #12291: accepting a redundant party invite will let the user stay in the party', async () => {
-        await invitedUser.update({
+        await invitedUser.updateOne({
          'party._id': party._id,
        });
        await expect(invitedUser.get('/user')).to.eventually.have.nested.property('party._id', party._id);
@@ -193,7 +193,7 @@ describe('POST /group/:groupId/join', () => {
      });

      it('increments basilist quest item count to inviter when joining a party', async () => {
-        await user.update({ 'items.quests.basilist': 1 });
+        await user.updateOne({ 'items.quests.basilist': 1 });

        await invitedUser.post(`/groups/${party._id}/join`);

@@ -201,7 +201,7 @@ describe('POST /group/:groupId/join', () => {
      });

      it('invites joining member to active quest', async () => {
-        await user.update({
+        await user.updateOne({
          [`items.quests.${PET_QUEST}`]: 1,
        });
        await user.post(`/groups/${party._id}/quests/invite/${PET_QUEST}`);
@@ -30,7 +30,7 @@ describe('POST /groups/:groupId/leave', () => {

      [member] = members;
      memberCount = groupToLeave.memberCount;
-      await leader.update({ 'auth.timestamps.created': new Date('2022-01-01') });
+      await leader.updateOne({ 'auth.timestamps.created': new Date('2022-01-01') });
    });

    it('prevents non members from leaving', async () => {
@@ -135,7 +135,7 @@ describe('POST /groups/:groupId/leave', () => {
      [member] = members;
      [invitedUser] = invitees;
      memberCount = groupToLeave.memberCount;
-      await leader.update({ 'auth.timestamps.created': new Date('2022-01-01') });
+      await leader.updateOne({ 'auth.timestamps.created': new Date('2022-01-01') });
    });

    it('prevents non members from leaving', async () => {
@@ -317,7 +317,7 @@ describe('POST /groups/:groupId/leave', () => {
          upgradeToGroupPlan: true,
        }));
        [member] = members;
-        await member.update({
+        await member.updateOne({
          'purchased.plan.extraMonths': extraMonths,
        });
      });
@@ -212,7 +212,7 @@ describe('POST /groups/:groupId/removeMember/:memberId', () => {

    it('removes user from quest when removing user from party after quest starts', async () => {
      const petQuest = 'whale';
-      await partyLeader.update({
+      await partyLeader.updateOne({
        [`items.quests.${petQuest}`]: 1,
      });

@@ -234,7 +234,7 @@ describe('POST /groups/:groupId/removeMember/:memberId', () => {

    it('removes user from quest when removing user from party before quest starts', async () => {
      const petQuest = 'whale';
-      await partyLeader.update({
+      await partyLeader.updateOne({
        [`items.quests.${petQuest}`]: 1,
      });
      await partyInvitedUser.post(`/groups/${party._id}/join`);
@@ -257,7 +257,7 @@ describe('POST /groups/:groupId/removeMember/:memberId', () => {

    it('prevents user from being removed if they are the quest owner', async () => {
      const petQuest = 'whale';
-      await partyMember.update({
+      await partyMember.updateOne({
        [`items.quests.${petQuest}`]: 1,
      });

@@ -49,7 +49,7 @@ describe('Post /groups/:groupId/invite', () => {
    });

    it('returns error when recipient has blocked the senders', async () => {
-      const inviterNoBlocks = await inviter.update({ 'inbox.blocks': [] });
+      const inviterNoBlocks = await inviter.updateOne({ 'inbox.blocks': [] });
      const userWithBlockedInviter = await generateUser({ 'inbox.blocks': [inviter._id] });
      await expect(inviterNoBlocks.post(`/groups/${group._id}/invite`, {
        usernames: [userWithBlockedInviter.auth.local.lowerCaseUsername],
@@ -107,7 +107,7 @@ describe('Post /groups/:groupId/invite', () => {

  describe('user id invites', () => {
    it('returns an error when inviter has no chat privileges', async () => {
-      const inviterMuted = await inviter.update({ 'flags.chatRevoked': true });
+      const inviterMuted = await inviter.updateOne({ 'flags.chatRevoked': true });
      const userToInvite = await generateUser();
      await expect(inviterMuted.post(`/groups/${group._id}/invite`, {
        uuids: [userToInvite._id],
@@ -197,7 +197,7 @@ describe('Post /groups/:groupId/invite', () => {
    });

    it('returns error when recipient has blocked the senders', async () => {
-      const inviterNoBlocks = await inviter.update({ 'inbox.blocks': [] });
+      const inviterNoBlocks = await inviter.updateOne({ 'inbox.blocks': [] });
      const userWithBlockedInviter = await generateUser({ 'inbox.blocks': [inviter._id] });
      await expect(inviterNoBlocks.post(`/groups/${group._id}/invite`, {
        uuids: [userWithBlockedInviter._id],
@@ -269,7 +269,7 @@ describe('Post /groups/:groupId/invite', () => {
    const testInvite = { name: 'test', email: 'test@habitica.com' };

    it('returns an error when inviter has no chat privileges', async () => {
-      const inviterMuted = await inviter.update({ 'flags.chatRevoked': true });
+      const inviterMuted = await inviter.updateOne({ 'flags.chatRevoked': true });
      await expect(inviterMuted.post(`/groups/${group._id}/invite`, {
        emails: [testInvite],
        inviter: 'inviter name',
@@ -439,7 +439,7 @@ describe('Post /groups/:groupId/invite', () => {

  describe('party invites', () => {
    it('returns an error when inviter has no chat privileges', async () => {
-      const inviterMuted = await inviter.update({ 'flags.chatRevoked': true });
+      const inviterMuted = await inviter.updateOne({ 'flags.chatRevoked': true });
      const userToInvite = await generateUser();
      await expect(inviterMuted.post(`/groups/${group._id}/invite`, {
        uuids: [userToInvite._id],
@@ -170,7 +170,7 @@ describe('PUT /group', () => {
      },
      upgradeToGroupPlan: true,
    });
-    await groupLeader.update({ permissions: {} });
+    await groupLeader.updateOne({ permissions: {} });

    const updateGroupDetails = {
      id: group._id,
@@ -9,7 +9,7 @@ describe('GET /heroes/:heroId', () => {

  const heroFields = [
    '_id', 'id', 'auth', 'balance', 'contributor', 'flags', 'items',
-    'lastCron', 'party', 'preferences', 'profile', 'purchased', 'secret',
+    'lastCron', 'party', 'preferences', 'profile', 'purchased', 'secret', 'achievements',
  ];

  before(async () => {
@@ -10,7 +10,7 @@ describe('PUT /heroes/:heroId', () => {

  const heroFields = [
    '_id', 'auth', 'balance', 'contributor', 'flags', 'items', 'lastCron',
-    'party', 'preferences', 'profile', 'purchased', 'secret', 'permissions',
+    'party', 'preferences', 'profile', 'purchased', 'secret', 'permissions', 'achievements',
  ];

  before(async () => {
@@ -251,4 +251,159 @@ describe('PUT /heroes/:heroId', () => {
    expect(updatedHero.apiToken).to.not.equal(originalToken);
    expect(updatedHero.apiTokenObscured).to.not.exist;
  });
+
+  it('updates purchased hair customization', async () => {
+    const hero = await generateUser();
+    const heroRes = await user.put(`/hall/heroes/${hero._id}`, {
+      purchasedPath: 'purchased.hair.bangs.1',
+      purchasedVal: true,
+    });
+
+    // test response
+    expect(heroRes).to.have.all.keys(heroFields);
+    expect(heroRes.auth.local).not.to.have.keys(['salt', 'hashed_password']);
+    expect(heroRes.profile).to.have.all.keys(['name']);
+
+    // test response values
+    expect(heroRes.purchased.hair.bangs['1']).to.equal(true);
+    // test hero values
+    await hero.sync();
+    expect(hero.purchased.hair.bangs['1']).to.equal(true);
+  });
+
+  it('updates purchased customization', async () => {
+    const hero = await generateUser();
+    const heroRes = await user.put(`/hall/heroes/${hero._id}`, {
+      purchasedPath: 'purchased.background.beach',
+      purchasedVal: true,
+    });
+
+    // test response
+    expect(heroRes).to.have.all.keys(heroFields);
+    expect(heroRes.auth.local).not.to.have.keys(['salt', 'hashed_password']);
+    expect(heroRes.profile).to.have.all.keys(['name']);
+
+    // test response values
+    expect(heroRes.purchased.background.beach).to.equal(true);
+    // test hero values
+    await hero.sync();
+    expect(hero.purchased.background.beach).to.equal(true);
+  });
+
+  it('updates giving nested achievement', async () => {
+    const hero = await generateUser();
+    const heroRes = await user.put(`/hall/heroes/${hero._id}`, {
+      achievementPath: 'achievements.quests.dilatory',
+      achievementVal: 2,
+    });
+
+    // test response
+    expect(heroRes).to.have.all.keys(heroFields);
+    expect(heroRes.auth.local).not.to.have.keys(['salt', 'hashed_password']);
+    expect(heroRes.profile).to.have.all.keys(['name']);
+
+    // test response values
+    expect(heroRes.achievements.quests.dilatory).to.equal(2);
+    // test hero values
+    await hero.sync();
+    expect(hero.achievements.quests.dilatory).to.equal(2);
+  });
+
+  it('updates taking away nested achievement', async () => {
+    const hero = await generateUser({ 'achievements.quests.dilatory': 3 });
+    expect(hero.achievements.quests.dilatory).to.equal(3);
+    const heroRes = await user.put(`/hall/heroes/${hero._id}`, {
+      achievementPath: 'achievements.quests.dilatory',
+      achievementVal: 0,
+    });
+
+    // test response
+    expect(heroRes).to.have.all.keys(heroFields);
+    expect(heroRes.auth.local).not.to.have.keys(['salt', 'hashed_password']);
+    expect(heroRes.profile).to.have.all.keys(['name']);
+
+    // test response values
+    expect(heroRes.achievements.quests.dilatory).to.equal(0);
+    // test hero values
+    await hero.sync();
+    expect(hero.achievements.quests.dilatory).to.equal(0);
+  });
+
+  it('updates giving achievement', async () => {
+    const hero = await generateUser();
+    const heroRes = await user.put(`/hall/heroes/${hero._id}`, {
+      achievementPath: 'achievements.partyOn',
+      achievementVal: true,
+    });
+
+    // test response
+    expect(heroRes).to.have.all.keys(heroFields);
+    expect(heroRes.auth.local).not.to.have.keys(['salt', 'hashed_password']);
+    expect(heroRes.profile).to.have.all.keys(['name']);
+
+    // test response values
+    expect(heroRes.achievements.partyOn).to.equal(true);
+    // test hero values
+    await hero.sync();
+    expect(hero.achievements.partyOn).to.equal(true);
+  });
+
+  it('updates taking away achievement', async () => {
+    const hero = await generateUser({ 'achievements.partyUp': true });
+    expect(hero.achievements.partyUp).to.equal(true);
+    const heroRes = await user.put(`/hall/heroes/${hero._id}`, {
+      achievementPath: 'achievements.partyUp',
+      achievementVal: false,
+    });
+
+    // test response
+    expect(heroRes).to.have.all.keys(heroFields);
+    expect(heroRes.auth.local).not.to.have.keys(['salt', 'hashed_password']);
+    expect(heroRes.profile).to.have.all.keys(['name']);
+
+    // test response values
+    expect(heroRes.achievements.partyUp).to.equal(false);
+    // test hero values
+    await hero.sync();
+    expect(hero.achievements.partyUp).to.equal(false);
+  });
+
+  it('updates giving numbered achievement', async () => {
+    const hero = await generateUser();
+    const heroRes = await user.put(`/hall/heroes/${hero._id}`, {
+      achievementPath: 'achievements.streak',
+      achievementVal: 42,
+    });
+
+    // test response
+    expect(heroRes).to.have.all.keys(heroFields);
+    expect(heroRes.auth.local).not.to.have.keys(['salt', 'hashed_password']);
+    expect(heroRes.profile).to.have.all.keys(['name']);
+
+    // test response values
+    expect(heroRes.achievements.streak).to.equal(42);
+    // test hero values
+    await hero.sync();
+    expect(hero.achievements.streak).to.equal(42);
+  });
+
+  it('updates setting numbered achievement to 0', async () => {
+    const hero = await generateUser({ 'achievements.streak': 42 });
+    expect(hero.achievements.streak).to.equal(42);
+    const heroRes = await user.put(`/hall/heroes/${hero._id}`, {
+      achievementPath: 'achievements.streak',
+      achievementVal: 0,
+    });
+
+    // test response
+    expect(heroRes).to.have.all.keys(heroFields);
+    expect(heroRes.auth.local).not.to.have.keys(['salt', 'hashed_password']);
+    expect(heroRes.profile).to.have.all.keys(['name']);
+
+    // test response values
+    expect(heroRes.achievements.streak).to.equal(0);
+    // test hero values
+    await hero.sync();
+    expect(hero.achievements.streak).to.equal(0);
+  });
 });
@@ -69,8 +69,6 @@ describe('POST /members/:memberId/flag', () => {
      await reporter.post(`/members/${target._id}/flag`);
      const updatedTarget = await admin.get(`/hall/heroes/${target._id}`);
      expect(updatedTarget.profile.flags[reporter._id]).to.have.all.keys([
-        'comment',
-        'source',
        'timestamp',
      ]);
      expect(moment(updatedTarget.profile.flags[reporter._id].timestamp).toDate()).to.be.a('date');
@@ -181,7 +181,8 @@ describe('POST /members/transfer-gems', () => {
    const updatedSender = await userToSendMessage.get('/user');

    const sendersMessageInReceiversInbox = findMessage(
-      updatedReceiver.inbox.messages, userToSendMessage._id,
+      updatedReceiver.inbox.messages,
+      userToSendMessage._id,
    );
    const sendersMessageInSendersInbox = findMessage(updatedSender.inbox.messages, receiver._id);

@@ -212,7 +213,8 @@ describe('POST /members/transfer-gems', () => {
    const updatedSender = await userToSendMessage.get('/user');

    const sendersMessageInReceiversInbox = findMessage(
-      updatedReceiver.inbox.messages, userToSendMessage._id,
+      updatedReceiver.inbox.messages,
+      userToSendMessage._id,
    );
    const sendersMessageInSendersInbox = findMessage(updatedSender.inbox.messages, receiver._id);

@@ -233,10 +235,10 @@ describe('POST /members/transfer-gems', () => {
  });

  it('sends transfer gems message in each participant\'s language', async () => {
-    await receiver.update({
+    await receiver.updateOne({
      'preferences.language': 'es',
    });
-    await userToSendMessage.update({
+    await userToSendMessage.updateOne({
      'preferences.language': 'cs',
    });
    await userToSendMessage.post('/members/transfer-gems', {
@@ -248,7 +250,8 @@ describe('POST /members/transfer-gems', () => {
    const updatedSender = await userToSendMessage.get('/user');

    const sendersMessageInReceiversInbox = findMessage(
-      updatedReceiver.inbox.messages, userToSendMessage._id,
+      updatedReceiver.inbox.messages,
+      userToSendMessage._id,
    );
    const sendersMessageInSendersInbox = findMessage(updatedSender.inbox.messages, receiver._id);

@@ -27,7 +27,7 @@ describe('POST /notifications/:notificationId/read', () => {
    const id = generateUUID();
    const id2 = generateUUID();

-    await user.update({
+    await user.updateOne({
      notifications: [{
        id,
        type: 'DROPS_ENABLED',
@@ -27,7 +27,7 @@ describe('POST /notifications/:notificationId/see', () => {
    const id = generateUUID();
    const id2 = generateUUID();

-    await user.update({
+    await user.updateOne({
      notifications: [{
        id,
        type: 'DROPS_ENABLED',
@@ -30,7 +30,7 @@ describe('POST /notifications/read', () => {
    const id2 = generateUUID();
    const id3 = generateUUID();

-    await user.update({
+    await user.updateOne({
      notifications: [{
        id,
        type: 'DROPS_ENABLED',
@@ -30,7 +30,7 @@ describe('POST /notifications/see', () => {
    const id2 = generateUUID();
    const id3 = generateUUID();

-    await user.update({
+    await user.updateOne({
      notifications: [{
        id,
        type: 'DROPS_ENABLED',
@@ -25,7 +25,7 @@ describe('Prevent multiple notifications', () => {

    for (let i = 0; i < 4; i += 1) {
      for (let memberIndex = 0; memberIndex < partyMembers.length; memberIndex += 1) {
-        await partyMembers[memberIndex].update({ 'auth.timestamps.created': new Date('2022-01-01') }); // eslint-disable-line no-await-in-loop
+        await partyMembers[memberIndex].updateOne({ 'auth.timestamps.created': new Date('2022-01-01') }); // eslint-disable-line no-await-in-loop
        multipleChatMessages.push(
          partyMembers[memberIndex].post(`/groups/${party._id}/chat`, { message: `Message ${i}_${memberIndex}` }),
        );
@@ -26,7 +26,7 @@ describe('POST /groups/:groupId/quests/accept', () => {
    leader = groupLeader;
    partyMembers = members;

-    await leader.update({
+    await leader.updateOne({
      [`items.quests.${PET_QUEST}`]: 1,
    });
  });
@@ -23,7 +23,7 @@ describe('POST /groups/:groupId/quests/force-start', () => {
    leader = groupLeader;
    partyMembers = members;

-    await leader.update({
+    await leader.updateOne({
      [`items.quests.${PET_QUEST}`]: 1,
    });
  });
@@ -93,7 +93,7 @@ describe('POST /groups/:groupId/quests/force-start', () => {
  context('successfully force starting a quest', () => {
    it('allows quest leader to force start quest', async () => {
      const questLeader = partyMembers[0];
-      await questLeader.update({ [`items.quests.${PET_QUEST}`]: 1 });
+      await questLeader.updateOne({ [`items.quests.${PET_QUEST}`]: 1 });
      await questLeader.post(`/groups/${questingGroup._id}/quests/invite/${PET_QUEST}`);

      await questLeader.post(`/groups/${questingGroup._id}/quests/force-start`);
@@ -105,7 +105,7 @@ describe('POST /groups/:groupId/quests/force-start', () => {

    it('allows group leader to force start quest', async () => {
      const questLeader = partyMembers[0];
-      await questLeader.update({ [`items.quests.${PET_QUEST}`]: 1 });
+      await questLeader.updateOne({ [`items.quests.${PET_QUEST}`]: 1 });
      await questLeader.post(`/groups/${questingGroup._id}/quests/invite/${PET_QUEST}`);

      await leader.post(`/groups/${questingGroup._id}/quests/force-start`);
@@ -177,7 +177,7 @@ describe('POST /groups/:groupId/quests/force-start', () => {
      await leader.post(`/groups/${questingGroup._id}/quests/invite/${PET_QUEST}`);
      const notInPartyUser = await generateUser();

-      await questingGroup.update({
+      await questingGroup.updateOne({
        [`quest.members.${notInPartyUser._id}`]: true,
      });
      await questingGroup.sync();
@@ -217,7 +217,7 @@ describe('POST /groups/:groupId/quests/force-start', () => {
      await leader.post(`/groups/${questingGroup._id}/quests/invite/${PET_QUEST}`);
      await partyMembers[0].post(`/groups/${questingGroup._id}/quests/accept`);

-      await questingGroup.update({
+      await questingGroup.updateOne({
        [`quest.members.${partyMemberThatRejects._id}`]: false,
        [`quest.members.${partyMemberThatIgnores._id}`]: null,
      });
@@ -236,7 +236,7 @@ describe('POST /groups/:groupId/quests/force-start', () => {

    it('allows group leader to force start quest and verifies chat', async () => {
      const questLeader = partyMembers[0];
-      await questLeader.update({ [`items.quests.${PET_QUEST}`]: 1 });
+      await questLeader.updateOne({ [`items.quests.${PET_QUEST}`]: 1 });
      await questLeader.post(`/groups/${questingGroup._id}/quests/invite/${PET_QUEST}`);

      await leader.post(`/groups/${questingGroup._id}/quests/force-start`);
@@ -87,8 +87,8 @@ describe('POST /groups/:groupId/quests/invite/:questKey', () => {
      const leaderUpdate = {};
      leaderUpdate[`items.quests.${PET_QUEST}`] = 1;

-      await leader.update(leaderUpdate);
-      await questingGroup.update({ 'quest.key': QUEST_IN_PROGRESS });
+      await leader.updateOne(leaderUpdate);
+      await questingGroup.updateOne({ 'quest.key': QUEST_IN_PROGRESS });

      await expect(leader.post(`/groups/${questingGroup._id}/quests/invite/${PET_QUEST}`)).to.eventually.be.rejected.and.eql({
        code: 401,
@@ -104,8 +104,8 @@ describe('POST /groups/:groupId/quests/invite/:questKey', () => {
      memberUpdate[`items.quests.${PET_QUEST}`] = 1;

      await Promise.all([
-        leader.update(memberUpdate),
-        member.update(memberUpdate),
+        leader.updateOne(memberUpdate),
+        member.updateOne(memberUpdate),
      ]);
    });

@@ -202,7 +202,7 @@ describe('POST /groups/:groupId/quests/invite/:questKey', () => {
      leaderUpdate[`items.quests.${LEVELED_QUEST}`] = 1;
      leaderUpdate['stats.lvl'] = LEVELED_QUEST_REQ - 1;

-      await leader.update(leaderUpdate);
+      await leader.updateOne(leaderUpdate);

      await leader.post(`/groups/${questingGroup._id}/quests/invite/${LEVELED_QUEST}`);
    });
@@ -24,7 +24,7 @@ describe('POST /groups/:groupId/quests/abort', () => {
    leader = groupLeader;
    partyMembers = members;

-    await leader.update({
+    await leader.updateOne({
      [`items.quests.${PET_QUEST}`]: 1,
    });
    user = await generateUser();
@@ -24,7 +24,7 @@ describe('POST /groups/:groupId/quests/cancel', () => {
    leader = groupLeader;
    partyMembers = members;

-    await leader.update({
+    await leader.updateOne({
      [`items.quests.${PET_QUEST}`]: 1,
    });
    user = await generateUser();
@@ -23,7 +23,7 @@ describe('POST /groups/:groupId/quests/leave', () => {
    leader = groupLeader;
    partyMembers = members;

-    await leader.update({
+    await leader.updateOne({
      [`items.quests.${PET_QUEST}`]: 1,
    });
    user = await generateUser();
@@ -25,7 +25,7 @@ describe('POST /groups/:groupId/quests/reject', () => {
    leader = groupLeader;
    partyMembers = members;

-    await leader.update({
+    await leader.updateOne({
      [`items.quests.${PET_QUEST}`]: 1,
    });
    user = await generateUser();
@@ -27,7 +27,7 @@ describe('GET /shops/market', () => {
  });

  it('can purchase anything returned from the shops object using the /user/purchase route', async () => {
-    await user.update({
+    await user.updateOne({
      balance: 99999999,
      'stats.gp': 99999999,
    });
@@ -39,7 +39,7 @@ describe('GET /shops/time-travelers', () => {
  });

  it('returns active shop notes and imageName if user has trinkets', async () => {
-    await user.update({
+    await user.updateOne({
      'purchased.plan.consecutive.trinkets': 1,
    });

@@ -57,7 +57,7 @@ describe('GET /shops/time-travelers', () => {
  });

  it('does not return mystery sets that are already owned', async () => {
-    await user.update({
+    await user.updateOne({
      'items.gear.owned': {
        head_mystery_201606: true, // eslint-disable-line camelcase
        armor_mystery_201606: true, // eslint-disable-line camelcase
@@ -72,7 +72,7 @@ describe('GET /shops/time-travelers', () => {
  });

  it('does not return pets and mounts that user already owns', async () => {
-    await user.update({
+    await user.updateOne({
      'items.mounts': {
        'MantisShrimp-Base': true,
      },
@@ -86,7 +86,7 @@ describe('DELETE /tasks/:id', () => {
    it('does not send task activity webhooks if task is not user owned', async () => {
      const uuid = generateUUID();

-      await user.update({
+      await user.updateOne({
        balance: 10,
      });
      const guild = await generateGroup(user);
@@ -154,7 +154,7 @@ describe('GET /tasks/user', () => {

  xit('returns dailies with isDue for the date specified and will add CDS offset if time is not supplied and assumes timezones', async () => {
    const timezoneOffset = 420;
-    await user.update({
+    await user.updateOne({
      'preferences.dayStart': 0,
      'preferences.timezoneOffset': timezoneOffset,
    });
@@ -181,7 +181,7 @@ describe('GET /tasks/user', () => {

  xit('returns dailies with isDue for the date specified and will add CDS offset if time is not supplied and assumes timezones', async () => {
    const timezoneOffset = 240;
-    await user.update({
+    await user.updateOne({
      'preferences.dayStart': 0,
      'preferences.timezoneOffset': timezoneOffset,
    });
@@ -208,7 +208,7 @@ describe('GET /tasks/user', () => {

  xit('returns dailies with isDue for the date specified and will add CDS offset if time is not supplied and assumes timezones', async () => {
    const timezoneOffset = 540;
-    await user.update({
+    await user.updateOne({
      'preferences.dayStart': 0,
      'preferences.timezoneOffset': timezoneOffset,
    });
@@ -106,7 +106,7 @@ describe('POST /tasks/:id/score/:direction', () => {

        const initialLvl = user.stats.lvl;

-        await user.update({
+        await user.updateOne({
          'stats.exp': 3000,
        });
        const task = await user.post('/tasks/user', {
@@ -104,7 +104,6 @@ describe('POST /tasks/unlink-all/:challengeId', () => {
      id: challenge._id,
      shortName: challenge.shortName,
      broken: 'CHALLENGE_DELETED',
-      winner: null,
    });
  });
 });
@@ -200,7 +200,7 @@ describe('PUT /tasks/:id', () => {
    it('does not send task activity webhooks if task is not user owned', async () => {
      const uuid = generateUUID();

-      await user.update({
+      await user.updateOne({
        balance: 10,
      });
      const guild = await generateGroup(user);
@@ -48,6 +48,7 @@ describe('DELETE /user', () => {
    });

    it('deletes the user', async () => {
+      await expect(checkExistence('users', user._id)).to.eventually.eql(true);
      await user.del('/user', {
        password,
      });
@@ -157,11 +158,12 @@ describe('DELETE /user', () => {
    });

    it('deletes the user with a legacy sha1 password', async () => {
+      await expect(checkExistence('users', user._id)).to.eventually.eql(true);
      const textPassword = 'mySecretPassword';
      const salt = sha1MakeSalt();
      const sha1HashedPassword = sha1EncryptPassword(textPassword, salt);

-      await user.update({
+      await user.updateOne({
        'auth.local.hashed_password': sha1HashedPassword,
        'auth.local.passwordHashMethod': 'sha1',
        'auth.local.salt': salt,
@@ -211,6 +213,7 @@ describe('DELETE /user', () => {
    });

    it('deletes a Google user', async () => {
+      await expect(checkExistence('users', user._id)).to.eventually.eql(true);
      await user.del('/user', {
        password: DELETE_CONFIRMATION,
      });
@@ -230,6 +233,7 @@ describe('DELETE /user', () => {
    });

    it('deletes a Apple user', async () => {
+      await expect(checkExistence('users', user._id)).to.eventually.eql(true);
      await user.del('/user', {
        password: DELETE_CONFIRMATION,
      });
@@ -17,7 +17,7 @@ describe('GET /user/anonymized', () => {
        text: 'Clark Kent',
      },
    });
-    await user.update({
+    await user.updateOne({
      newMessages: ['some', 'new', 'messages'],
      'profile.name': 'profile',
      'purchased.plan': 'purchased plan',
@@ -52,7 +52,7 @@ describe('POST /user/move-pinned-item/:path/move/to/:position', () => {
    // For this test put seasonal items at the end so they stay out of the way
    testPinnedItemsOrder = testPinnedItemsOrder.concat(officialPinnedItemPaths);

-    await user.update({
+    await user.updateOne({
      pinnedItems: testPinnedItems,
      pinnedItemsOrder: testPinnedItemsOrder,
    });
@@ -96,7 +96,7 @@ describe('POST /user/move-pinned-item/:path/move/to/:position', () => {
      'potion',
    ];

-    await user.update({
+    await user.updateOne({
      pinnedItems: testPinnedItems,
      pinnedItemsOrder: testPinnedItemsOrder,
    });
@@ -138,7 +138,7 @@ describe('POST /user/move-pinned-item/:path/move/to/:position', () => {
      'potion',
    ];

-    await user.update({
+    await user.updateOne({
      pinnedItems: testPinnedItems,
      pinnedItemsOrder: testPinnedItemsOrder,
    });
@@ -171,7 +171,7 @@ describe('POST /user/move-pinned-item/:path/move/to/:position', () => {
    // add item to pinned
    officialPinnedItems.push({ type: 'armoire', path: 'armoire' });

-    await user.update({
+    await user.updateOne({
      pinnedItems: testPinnedItems,
      pinnedItemsOrder: testPinnedItemsOrder,
    });
@@ -201,7 +201,7 @@ describe('POST /user/move-pinned-item/:path/move/to/:position', () => {
      'potion',
    ];

-    await user.update({
+    await user.updateOne({
      pinnedItems: testPinnedItems,
      pinnedItemsOrder: testPinnedItemsOrder,
    });
@@ -225,7 +225,7 @@ describe('POST /user/move-pinned-item/:path/move/to/:position', () => {
      'potion',
    ];

-    await user.update({
+    await user.updateOne({
      pinnedItems: testPinnedItems,
      pinnedItemsOrder: testPinnedItemsOrder,
    });
@@ -18,7 +18,7 @@ describe('POST /user/class/cast/:spellId', () => {
  });

  it('returns an error if spell does not exist', async () => {
-    await user.update({ 'stats.class': 'rogue' });
+    await user.updateOne({ 'stats.class': 'rogue' });
    const spellId = 'invalidSpell';
    await expect(user.post(`/user/class/cast/${spellId}`))
      .to.eventually.be.rejected.and.eql({
@@ -39,7 +39,7 @@ describe('POST /user/class/cast/:spellId', () => {
  });

  it('returns an error if spell.mana > user.mana', async () => {
-    await user.update({ 'stats.class': 'rogue' });
+    await user.updateOne({ 'stats.class': 'rogue' });
    await expect(user.post('/user/class/cast/backStab'))
      .to.eventually.be.rejected.and.eql({
        code: 401,
@@ -58,7 +58,7 @@ describe('POST /user/class/cast/:spellId', () => {
  });

  it('returns an error if use Healing Light spell with full health', async () => {
-    await user.update({
+    await user.updateOne({
      'stats.class': 'healer',
      'stats.lvl': 11,
      'stats.hp': 50,
@@ -73,7 +73,7 @@ describe('POST /user/class/cast/:spellId', () => {
  });

  it('returns an error if spell.lvl > user.level', async () => {
-    await user.update({ 'stats.mp': 200, 'stats.class': 'wizard' });
+    await user.updateOne({ 'stats.mp': 200, 'stats.class': 'wizard' });
    await expect(user.post('/user/class/cast/earth'))
      .to.eventually.be.rejected.and.eql({
        code: 401,
@@ -101,7 +101,7 @@ describe('POST /user/class/cast/:spellId', () => {
  });

  it('returns an error if targetId is required but missing', async () => {
-    await user.update({ 'stats.class': 'rogue', 'stats.lvl': 11 });
+    await user.updateOne({ 'stats.class': 'rogue', 'stats.lvl': 11 });
    await expect(user.post('/user/class/cast/pickPocket'))
      .to.eventually.be.rejected.and.eql({
        code: 400,
@@ -111,7 +111,7 @@ describe('POST /user/class/cast/:spellId', () => {
  });

  it('returns an error if targeted task doesn\'t exist', async () => {
-    await user.update({ 'stats.class': 'rogue', 'stats.lvl': 11 });
+    await user.updateOne({ 'stats.class': 'rogue', 'stats.lvl': 11 });
    await expect(user.post(`/user/class/cast/pickPocket?targetId=${generateUUID()}`))
      .to.eventually.be.rejected.and.eql({
        code: 404,
@@ -127,7 +127,7 @@ describe('POST /user/class/cast/:spellId', () => {
    await groupLeader.post(`/tasks/challenge/${challenge._id}`, [
      { type: 'habit', text: 'task text' },
    ]);
-    await groupLeader.update({ 'stats.class': 'rogue', 'stats.lvl': 11 });
+    await groupLeader.updateOne({ 'stats.class': 'rogue', 'stats.lvl': 11 });
    await sleep(0.5);
    await groupLeader.sync();
    await expect(groupLeader.post(`/user/class/cast/pickPocket?targetId=${groupLeader.tasksOrder.habits[0]}`))
@@ -146,7 +146,7 @@ describe('POST /user/class/cast/:spellId', () => {
      type: 'todo',
    });
    await groupLeader.post(`/tasks/${groupTask._id}/assign`, [groupLeader._id]);
-    await groupLeader.update({ 'stats.class': 'rogue', 'stats.lvl': 11 });
+    await groupLeader.updateOne({ 'stats.class': 'rogue', 'stats.lvl': 11 });
    await sleep(0.5);
    await groupLeader.sync();

@@ -159,7 +159,7 @@ describe('POST /user/class/cast/:spellId', () => {
  });

  it('Issue #12361: returns an error if stealth has already been cast', async () => {
-    await user.update({
+    await user.updateOne({
      'stats.class': 'rogue',
      'stats.lvl': 15,
      'stats.mp': 400,
@@ -180,7 +180,7 @@ describe('POST /user/class/cast/:spellId', () => {
      groupDetails: { type: 'party', privacy: 'private' },
      members: 1,
    });
-    await groupLeader.update({ 'items.special.snowball': 3 });
+    await groupLeader.updateOne({ 'items.special.snowball': 3 });

    const target = generateUUID();
    await expect(groupLeader.post(`/user/class/cast/snowball?targetId=${target}`))
@@ -192,7 +192,7 @@ describe('POST /user/class/cast/:spellId', () => {
  });

  it('returns an error if party does not exists', async () => {
-    await user.update({ 'items.special.snowball': 3 });
+    await user.updateOne({ 'items.special.snowball': 3 });

    await expect(user.post(`/user/class/cast/snowball?targetId=${generateUUID()}`))
      .to.eventually.be.rejected.and.eql({
@@ -207,7 +207,7 @@ describe('POST /user/class/cast/:spellId', () => {
      groupDetails: { type: 'party', privacy: 'private' },
      members: 1,
    });
-    await groupLeader.update({ 'stats.mp': 200, 'stats.class': 'wizard', 'stats.lvl': 13 });
+    await groupLeader.updateOne({ 'stats.mp': 200, 'stats.class': 'wizard', 'stats.lvl': 13 });

    await groupLeader.post('/user/class/cast/earth');
    await sleep(1);
@@ -224,11 +224,11 @@ describe('POST /user/class/cast/:spellId', () => {
    });

    let promises = [];
-    promises.push(group.groupLeader.update({ 'stats.mp': 200, 'stats.class': 'wizard', 'stats.lvl': 20 }));
-    promises.push(group.members[0].update({ 'stats.mp': 0, 'stats.class': 'warrior', 'stats.lvl': 20 }));
-    promises.push(group.members[1].update({ 'stats.mp': 0, 'stats.class': 'wizard', 'stats.lvl': 20 }));
-    promises.push(group.members[2].update({ 'stats.mp': 0, 'stats.class': 'rogue', 'stats.lvl': 20 }));
-    promises.push(group.members[3].update({ 'stats.mp': 0, 'stats.class': 'healer', 'stats.lvl': 20 }));
+    promises.push(group.groupLeader.updateOne({ 'stats.mp': 200, 'stats.class': 'wizard', 'stats.lvl': 20 }));
+    promises.push(group.members[0].updateOne({ 'stats.mp': 0, 'stats.class': 'warrior', 'stats.lvl': 20 }));
+    promises.push(group.members[1].updateOne({ 'stats.mp': 0, 'stats.class': 'wizard', 'stats.lvl': 20 }));
+    promises.push(group.members[2].updateOne({ 'stats.mp': 0, 'stats.class': 'rogue', 'stats.lvl': 20 }));
+    promises.push(group.members[3].updateOne({ 'stats.mp': 0, 'stats.class': 'healer', 'stats.lvl': 20 }));
    await Promise.all(promises);

    await group.groupLeader.post('/user/class/cast/mpheal');
@@ -252,7 +252,7 @@ describe('POST /user/class/cast/:spellId', () => {
      members: 1,
    });

-    await groupLeader.update({ 'stats.mp': 200, 'stats.class': 'wizard', 'stats.lvl': 13 });
+    await groupLeader.updateOne({ 'stats.mp': 200, 'stats.class': 'wizard', 'stats.lvl': 13 });
    await groupLeader.post('/user/class/cast/earth', { quantity: 2 });

    await sleep(1);
@@ -275,7 +275,7 @@ describe('POST /user/class/cast/:spellId', () => {
      text: 'todo group',
      type: 'todo',
    });
-    await user.update({ 'stats.class': 'healer', 'stats.mp': 200, 'stats.lvl': 15 });
+    await user.updateOne({ 'stats.class': 'healer', 'stats.mp': 200, 'stats.lvl': 15 });
    await user.post(`/tasks/${groupTask._id}/assign`, [user._id]);
    await user.put('/user', {
      'preferences.tasks.mirrorGroupTasks': [guild._id],
@@ -305,7 +305,7 @@ describe('POST /user/class/cast/:spellId', () => {
    });
    const leader = party.groupLeader;
    const recipient = party.members[0];
-    await leader.update({ 'stats.gp': 10 });
+    await leader.updateOne({ 'stats.gp': 10 });
    await leader.post(`/user/class/cast/birthday?targetId=${recipient._id}`);
    await leader.sync();
    await recipient.sync();
@@ -314,14 +314,14 @@ describe('POST /user/class/cast/:spellId', () => {
  });

  it('only increases user\'s achievement one if target == caster', async () => {
-    await user.update({ 'stats.gp': 10 });
+    await user.updateOne({ 'stats.gp': 10 });
    await user.post(`/user/class/cast/birthday?targetId=${user._id}`);
    await user.sync();
    expect(user.achievements.birthday).to.equal(1);
  });

  it('passes correct target to spell when targetType === \'task\'', async () => {
-    await user.update({ 'stats.class': 'wizard', 'stats.lvl': 11 });
+    await user.updateOne({ 'stats.class': 'wizard', 'stats.lvl': 11 });

    const task = await user.post('/tasks/user', {
      text: 'test habit',
@@ -334,7 +334,7 @@ describe('POST /user/class/cast/:spellId', () => {
  });

  it('passes correct target to spell when targetType === \'self\'', async () => {
-    await user.update({ 'stats.class': 'wizard', 'stats.lvl': 14, 'stats.mp': 50 });
+    await user.updateOne({ 'stats.class': 'wizard', 'stats.lvl': 14, 'stats.mp': 50 });

    const result = await user.post('/user/class/cast/frost');

--- a/Show More
+++ b/Show More