Merge branch 'release/1.19.0'

Author: karolsojko

migrations/1630905831679-add-cancelled-flag.ts

@@ -0,0 +1,11 @@
+import { MigrationInterface, QueryRunner } from 'typeorm'
+
+export class addCancelledFlag1630905831679 implements MigrationInterface {
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query('ALTER TABLE `user_subscriptions` ADD `cancelled` tinyint NOT NULL DEFAULT 0')
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query('ALTER TABLE `user_subscriptions` DROP COLUMN `cancelled`')
+  }
+}

package.json

@@ -27,7 +27,7 @@
     "@standardnotes/common": "1.0.0",
     "@standardnotes/domain-events": "2.1.0",
     "@standardnotes/domain-events-infra": "1.0.1",
-    "@standardnotes/features": "1.3.0",
+    "@standardnotes/features": "1.6.2",
     "@standardnotes/settings": "1.1.0",
     "@standardnotes/sncrypto-common": "1.3.0",
     "@standardnotes/sncrypto-node": "1.3.0",

src/Bootstrap/Container.ts

@@ -48,7 +48,6 @@ import { TokenDecoder } from '../Domain/Auth/TokenDecoder'
 import { AuthenticationMethodResolver } from '../Domain/Auth/AuthenticationMethodResolver'
 import { RevokedSession } from '../Domain/Session/RevokedSession'
 import { UserRegisteredEventHandler } from '../Domain/Handler/UserRegisteredEventHandler'
-import { ChangePassword } from '../Domain/UseCase/ChangePassword'
 import { DomainEventFactory } from '../Domain/Event/DomainEventFactory'
 import { AuthenticateRequest } from '../Domain/UseCase/AuthenticateRequest'
 import { Role } from '../Domain/Role/Role'
@@ -96,6 +95,8 @@ import { FeatureService } from '../Domain/Feature/FeatureService'
 import { SettingServiceInterface } from '../Domain/Setting/SettingServiceInterface'
 import { ExtensionKeyGrantedEventHandler } from '../Domain/Handler/ExtensionKeyGrantedEventHandler'
 import { RedisDomainEventPublisher, RedisDomainEventSubscriberFactory, RedisEventMessageHandler, SNSDomainEventPublisher, SQSDomainEventSubscriberFactory, SQSEventMessageHandler, SQSNewRelicEventMessageHandler } from '@standardnotes/domain-events-infra'
+import { GetUserSubscription } from '../Domain/UseCase/GetUserSubscription/GetUserSubscription'
+import { ChangeCredentials } from '../Domain/UseCase/ChangeCredentials/ChangeCredentials'
 
 export class ContainerConfigLoader {
   async load(): Promise<Container> {
@@ -247,7 +248,7 @@ export class ContainerConfigLoader {
     container.bind<GetActiveSessionsForUser>(TYPES.GetActiveSessionsForUser).to(GetActiveSessionsForUser)
     container.bind<DeletePreviousSessionsForUser>(TYPES.DeletePreviousSessionsForUser).to(DeletePreviousSessionsForUser)
     container.bind<DeleteSessionForUser>(TYPES.DeleteSessionForUser).to(DeleteSessionForUser)
-    container.bind<ChangePassword>(TYPES.ChangePassword).to(ChangePassword)
+    container.bind<ChangeCredentials>(TYPES.ChangeCredentials).to(ChangeCredentials)
     container.bind<GetSettings>(TYPES.GetSettings).to(GetSettings)
     container.bind<GetSetting>(TYPES.GetSetting).to(GetSetting)
     container.bind<GetUserFeatures>(TYPES.GetUserFeatures).to(GetUserFeatures)
@@ -257,6 +258,7 @@ export class ContainerConfigLoader {
     container.bind<DeleteAccount>(TYPES.DeleteAccount).to(DeleteAccount)
     container.bind<AddWebSocketsConnection>(TYPES.AddWebSocketsConnection).to(AddWebSocketsConnection)
     container.bind<RemoveWebSocketsConnection>(TYPES.RemoveWebSocketsConnection).to(RemoveWebSocketsConnection)
+    container.bind<GetUserSubscription>(TYPES.GetUserSubscription).to(GetUserSubscription)
 
     // Handlers
     container.bind<UserRegisteredEventHandler>(TYPES.UserRegisteredEventHandler).to(UserRegisteredEventHandler)

src/Bootstrap/Types.ts

@@ -68,7 +68,7 @@ const TYPES = {
   GetActiveSessionsForUser: Symbol.for('GetActiveSessionsForUser'),
   DeletePreviousSessionsForUser: Symbol.for('DeletePreviousSessionsForUser'),
   DeleteSessionForUser: Symbol.for('DeleteSessionForUser'),
-  ChangePassword: Symbol.for('ChangePassword'),
+  ChangeCredentials: Symbol.for('ChangePassword'),
   GetSettings: Symbol.for('GetSettings'),
   GetSetting: Symbol.for('GetSetting'),
   GetUserFeatures: Symbol.for('GetUserFeatures'),
@@ -78,6 +78,7 @@ const TYPES = {
   DeleteAccount: Symbol.for('DeleteAccount'),
   AddWebSocketsConnection: Symbol.for('AddWebSocketsConnection'),
   RemoveWebSocketsConnection: Symbol.for('RemoveWebSocketsConnection'),
+  GetUserSubscription: Symbol.for('GetUserSubscription'),
   // Handlers
   UserRegisteredEventHandler: Symbol.for('UserRegisteredEventHandler'),
   AccountDeletionRequestedEventHandler: Symbol.for('AccountDeletionRequestedEventHandler'),

src/Controller/AuthController.spec.ts

@@ -16,7 +16,6 @@ import { GetUserKeyParams } from '../Domain/UseCase/GetUserKeyParams/GetUserKeyP
 import { User } from '../Domain/User/User'
 import { Session } from '../Domain/Session/Session'
 import { Register } from '../Domain/UseCase/Register'
-import { ChangePassword } from '../Domain/UseCase/ChangePassword'
 import { GetAuthMethods } from '../Domain/UseCase/GetAuthMethods/GetAuthMethods'
 import { DomainEventFactoryInterface } from '../Domain/Event/DomainEventFactoryInterface'
 
@@ -28,7 +27,6 @@ describe('AuthController', () => {
   let clearLoginAttempts: ClearLoginAttempts
   let increaseLoginAttempts: IncreaseLoginAttempts
   let register: Register
-  let changePassword: ChangePassword
   let domainEventPublisher: DomainEventPublisherInterface
   let domainEventFactory: DomainEventFactoryInterface
   let event: DomainEventInterface
@@ -47,7 +45,6 @@ describe('AuthController', () => {
     clearLoginAttempts,
     increaseLoginAttempts,
     register,
-    changePassword,
     domainEventPublisher,
     domainEventFactory,
     logger,
@@ -70,9 +67,6 @@ describe('AuthController', () => {
     register = {} as jest.Mocked<Register>
     register.execute = jest.fn()
 
-    changePassword = {} as jest.Mocked<ChangePassword>
-    changePassword.execute = jest.fn()
-
     user = {} as jest.Mocked<User>
     user.email = 'test@test.te'
 
@@ -138,113 +132,6 @@ describe('AuthController', () => {
     expect(await result.content.readAsStringAsync()).toEqual('{"user":{"email":"test@test.te"}}')
   })
 
-  it('should change a password', async () => {
-    request.body.version = '004'
-    request.body.api = '20190520'
-    request.body.current_password = 'test123'
-    request.body.new_password = 'test234'
-    request.body.pw_nonce = 'asdzxc'
-    request.body.origination = 'change-password'
-    request.body.created = '123'
-    request.headers['user-agent'] = 'Google Chrome'
-    response.locals.user = user
-
-    changePassword.execute = jest.fn().mockReturnValue({ success: true, authResponse: { foo: 'bar' } })
-
-    const httpResponse = <results.JsonResult> await createController().changePassword(request, response)
-    const result = await httpResponse.executeAsync()
-
-    expect(changePassword.execute).toHaveBeenCalledWith({
-      apiVersion: '20190520',
-      updatedWithUserAgent: 'Google Chrome',
-      currentPassword: 'test123',
-      newPassword: 'test234',
-      kpCreated: '123',
-      kpOrigination: 'change-password',
-      pwNonce: 'asdzxc',
-      protocolVersion: '004',
-      user: {
-        email: 'test@test.te',
-      },
-    })
-
-    expect(clearLoginAttempts.execute).toHaveBeenCalled()
-
-    expect(result.statusCode).toEqual(200)
-    expect(await result.content.readAsStringAsync()).toEqual('{"foo":"bar"}')
-  })
-
-  it('should indicate if changing a password fails', async () => {
-    request.body.version = '004'
-    request.body.api = '20190520'
-    request.body.current_password = 'test123'
-    request.body.new_password = 'test234'
-    request.body.pw_nonce = 'asdzxc'
-    request.headers['user-agent'] = 'Google Chrome'
-    response.locals.user = user
-
-    changePassword.execute = jest.fn().mockReturnValue({ success: false, errorMessage: 'Something bad happened' })
-
-    const httpResponse = <results.JsonResult> await createController().changePassword(request, response)
-    const result = await httpResponse.executeAsync()
-
-    expect(increaseLoginAttempts.execute).toHaveBeenCalled()
-
-    expect(result.statusCode).toEqual(401)
-    expect(await result.content.readAsStringAsync()).toEqual('{"error":{"message":"Something bad happened"}}')
-  })
-
-  it('should not change a password if current password is missing', async () => {
-    request.body.version = '004'
-    request.body.api = '20190520'
-    request.body.new_password = 'test234'
-    request.body.pw_nonce = 'asdzxc'
-    request.headers['user-agent'] = 'Google Chrome'
-    response.locals.user = user
-
-    const httpResponse = <results.JsonResult> await createController().changePassword(request, response)
-    const result = await httpResponse.executeAsync()
-
-    expect(changePassword.execute).not.toHaveBeenCalled()
-
-    expect(result.statusCode).toEqual(400)
-    expect(await result.content.readAsStringAsync()).toEqual('{"error":{"message":"Your current password is required to change your password. Please update your application if you do not see this option."}}')
-  })
-
-  it('should not change a password if new password is missing', async () => {
-    request.body.version = '004'
-    request.body.api = '20190520'
-    request.body.current_password = 'test123'
-    request.body.pw_nonce = 'asdzxc'
-    request.headers['user-agent'] = 'Google Chrome'
-    response.locals.user = user
-
-    const httpResponse = <results.JsonResult> await createController().changePassword(request, response)
-    const result = await httpResponse.executeAsync()
-
-    expect(changePassword.execute).not.toHaveBeenCalled()
-
-    expect(result.statusCode).toEqual(400)
-    expect(await result.content.readAsStringAsync()).toEqual('{"error":{"message":"Your new password is required to change your password. Please try again."}}')
-  })
-
-  it('should not change a password if password nonce is missing', async () => {
-    request.body.version = '004'
-    request.body.api = '20190520'
-    request.body.current_password = 'test123'
-    request.body.new_password = 'test234'
-    request.headers['user-agent'] = 'Google Chrome'
-    response.locals.user = user
-
-    const httpResponse = <results.JsonResult> await createController().changePassword(request, response)
-    const result = await httpResponse.executeAsync()
-
-    expect(changePassword.execute).not.toHaveBeenCalled()
-
-    expect(result.statusCode).toEqual(400)
-    expect(await result.content.readAsStringAsync()).toEqual('{"error":{"message":"The change password request is missing new auth parameters. Please try again."}}')
-  })
-
   it('should register a user - with 001 version', async () => {
     request.body.email = 'test@test.te'
     request.body.password = 'asdzxc'

src/Controller/AuthController.ts

@@ -19,7 +19,6 @@ import { IncreaseLoginAttempts } from '../Domain/UseCase/IncreaseLoginAttempts'
 import { Logger } from 'winston'
 import { GetUserKeyParams } from '../Domain/UseCase/GetUserKeyParams/GetUserKeyParams'
 import { Register } from '../Domain/UseCase/Register'
-import { ChangePassword } from '../Domain/UseCase/ChangePassword'
 import { GetAuthMethods } from '../Domain/UseCase/GetAuthMethods/GetAuthMethods'
 import { DomainEventFactoryInterface } from '../Domain/Event/DomainEventFactoryInterface'
 
@@ -33,7 +32,6 @@ export class AuthController extends BaseHttpController {
     @inject(TYPES.ClearLoginAttempts) private clearLoginAttempts: ClearLoginAttempts,
     @inject(TYPES.IncreaseLoginAttempts) private increaseLoginAttempts: IncreaseLoginAttempts,
     @inject(TYPES.Register) private registerUser: Register,
-    @inject(TYPES.ChangePassword) private changePasswordUseCase: ChangePassword,
     @inject(TYPES.DomainEventPublisher) private domainEventPublisher: DomainEventPublisherInterface,
     @inject(TYPES.DomainEventFactory) private domainEventFactory: DomainEventFactoryInterface,
     @inject(TYPES.Logger) private logger: Logger,
@@ -156,59 +154,6 @@ export class AuthController extends BaseHttpController {
     return this.statusCode(204)
   }
 
-  @httpPost('/change_pw', TYPES.AuthMiddleware)
-  async changePassword(request: Request, response: Response): Promise<results.JsonResult> {
-    if (!request.body.current_password) {
-      return this.json({
-        error: {
-          message: 'Your current password is required to change your password. Please update your application if you do not see this option.',
-        },
-      }, 400)
-    }
-
-    if (!request.body.new_password) {
-      return this.json({
-        error: {
-          message: 'Your new password is required to change your password. Please try again.',
-        },
-      }, 400)
-    }
-
-    if (!request.body.pw_nonce) {
-      return this.json({
-        error: {
-          message: 'The change password request is missing new auth parameters. Please try again.',
-        },
-      }, 400)
-    }
-
-    const changePasswordResult = await this.changePasswordUseCase.execute({
-      user: response.locals.user,
-      apiVersion: request.body.api,
-      currentPassword: request.body.current_password,
-      newPassword: request.body.new_password,
-      pwNonce: request.body.pw_nonce,
-      kpCreated: request.body.created,
-      kpOrigination: request.body.origination,
-      updatedWithUserAgent: <string> request.headers['user-agent'],
-      protocolVersion: request.body.version,
-    })
-
-    if (!changePasswordResult.success) {
-      await this.increaseLoginAttempts.execute({ email: response.locals.user.email })
-
-      return this.json({
-        error: {
-          message: changePasswordResult.errorMessage,
-        },
-      }, 401)
-    }
-
-    await this.clearLoginAttempts.execute({ email: response.locals.user.email })
-
-    return this.json(changePasswordResult.authResponse)
-  }
-
   @httpPost('/')
   async register(request: Request): Promise<results.JsonResult> {
     if (!request.body.email || !request.body.password) {

src/Controller/UsersController.spec.ts

@@ -8,11 +8,19 @@ import { User } from '../Domain/User/User'
 import { UpdateUser } from '../Domain/UseCase/UpdateUser'
 import { GetUserKeyParams } from '../Domain/UseCase/GetUserKeyParams/GetUserKeyParams'
 import { DeleteAccount } from '../Domain/UseCase/DeleteAccount/DeleteAccount'
+import { GetUserSubscription } from '../Domain/UseCase/GetUserSubscription/GetUserSubscription'
+import { ClearLoginAttempts } from '../Domain/UseCase/ClearLoginAttempts'
+import { IncreaseLoginAttempts } from '../Domain/UseCase/IncreaseLoginAttempts'
+import { ChangeCredentials } from '../Domain/UseCase/ChangeCredentials/ChangeCredentials'
 
 describe('UsersController', () => {
   let updateUser: UpdateUser
   let deleteAccount: DeleteAccount
   let getUserKeyParams: GetUserKeyParams
+  let getUserSubscription: GetUserSubscription
+  let clearLoginAttempts: ClearLoginAttempts
+  let increaseLoginAttempts: IncreaseLoginAttempts
+  let changeCredentials: ChangeCredentials
 
   let request: express.Request
   let response: express.Response
@@ -22,6 +30,10 @@ describe('UsersController', () => {
     updateUser,
     getUserKeyParams,
     deleteAccount,
+    getUserSubscription,
+    clearLoginAttempts,
+    increaseLoginAttempts,
+    changeCredentials
   )
 
   beforeEach(() => {
@@ -33,10 +45,23 @@ describe('UsersController', () => {
 
     user = {} as jest.Mocked<User>
     user.uuid = '123'
+    user.email = 'test@test.te'
 
     getUserKeyParams = {} as jest.Mocked<GetUserKeyParams>
     getUserKeyParams.execute = jest.fn()
 
+    getUserSubscription = {} as jest.Mocked<GetUserSubscription>
+    getUserSubscription.execute = jest.fn()
+
+    changeCredentials = {} as jest.Mocked<ChangeCredentials>
+    changeCredentials.execute = jest.fn()
+
+    clearLoginAttempts = {} as jest.Mocked<ClearLoginAttempts>
+    clearLoginAttempts.execute = jest.fn()
+
+    increaseLoginAttempts = {} as jest.Mocked<IncreaseLoginAttempts>
+    increaseLoginAttempts.execute = jest.fn()
+
     request = {
       headers: {},
       body: {},
@@ -52,7 +77,6 @@ describe('UsersController', () => {
     request.body.version = '002'
     request.body.api = '20190520'
     request.body.origination = 'test'
-    request.body.email = 'newemail@test.te'
     request.params.userId = '123'
     request.headers['user-agent'] = 'Google Chrome'
     response.locals.user = user
@@ -66,10 +90,10 @@ describe('UsersController', () => {
       apiVersion: '20190520',
       kpOrigination: 'test',
       updatedWithUserAgent: 'Google Chrome',
-      email: 'newemail@test.te',
       version: '002',
       user: {
         uuid: '123',
+        email: 'test@test.te',
       },
     })
 
@@ -81,7 +105,6 @@ describe('UsersController', () => {
     request.body.version = '002'
     request.body.api = '20190520'
     request.body.origination = 'test'
-    request.body.email = 'newemail@test.te'
     request.params.userId = '123'
     request.headers['user-agent'] = 'Google Chrome'
     response.locals.user = user
@@ -95,10 +118,10 @@ describe('UsersController', () => {
       apiVersion: '20190520',
       kpOrigination: 'test',
       updatedWithUserAgent: 'Google Chrome',
-      email: 'newemail@test.te',
       version: '002',
       user: {
         uuid: '123',
+        email: 'test@test.te',
       },
     })
 
@@ -189,4 +212,167 @@ describe('UsersController', () => {
 
     expect(result.statusCode).toEqual(400)
   })
+
+  it('should get user subscription', async () => {
+    request.params.userUuid = '1-2-3'
+    response.locals.user = {
+      uuid: '1-2-3',
+    }
+
+    getUserSubscription.execute = jest.fn().mockReturnValue({
+      success: true,
+    })
+
+    const httpResponse = <results.JsonResult> await createController().getSubscription(request, response)
+    const result = await httpResponse.executeAsync()
+
+    expect(getUserSubscription.execute).toHaveBeenCalledWith({
+      userUuid: '1-2-3',
+    })
+
+    expect(result.statusCode).toEqual(200)
+  })
+
+  it('should not get user subscription if the user with provided uuid does not exist', async () => {
+    request.params.userUuid = '1-2-3'
+    response.locals.user = {
+      uuid: '1-2-3',
+    }
+
+    getUserSubscription.execute = jest.fn().mockReturnValue({
+      success: false,
+    })
+
+    const httpResponse = <results.JsonResult> await createController().getSubscription(request, response)
+    const result = await httpResponse.executeAsync()
+
+    expect(getUserSubscription.execute).toHaveBeenCalledWith({ userUuid: '1-2-3' })
+
+    expect(result.statusCode).toEqual(400)
+
+  })
+
+  it('should not get user subscription if not allowed', async () => {
+    request.params.userUuid = '1-2-3'
+    response.locals.user = {
+      uuid: '2-3-4',
+    }
+
+    getUserSubscription.execute = jest.fn()
+
+    const httpResponse = <results.JsonResult> await createController().getSubscription(request, response)
+    const result = await httpResponse.executeAsync()
+
+    expect(getUserSubscription.execute).not.toHaveBeenCalled()
+
+    expect(result.statusCode).toEqual(401)
+  })
+
+  it('should change a password', async () => {
+    request.body.version = '004'
+    request.body.api = '20190520'
+    request.body.current_password = 'test123'
+    request.body.new_password = 'test234'
+    request.body.pw_nonce = 'asdzxc'
+    request.body.origination = 'change-password'
+    request.body.created = '123'
+    request.headers['user-agent'] = 'Google Chrome'
+    response.locals.user = user
+
+    changeCredentials.execute = jest.fn().mockReturnValue({ success: true, authResponse: { foo: 'bar' } })
+
+    const httpResponse = <results.JsonResult> await createController().changeCredentials(request, response)
+    const result = await httpResponse.executeAsync()
+
+    expect(changeCredentials.execute).toHaveBeenCalledWith({
+      apiVersion: '20190520',
+      updatedWithUserAgent: 'Google Chrome',
+      currentPassword: 'test123',
+      newPassword: 'test234',
+      kpCreated: '123',
+      kpOrigination: 'change-password',
+      pwNonce: 'asdzxc',
+      protocolVersion: '004',
+      user: {
+        uuid: '123',
+        email: 'test@test.te',
+      },
+    })
+
+    expect(clearLoginAttempts.execute).toHaveBeenCalled()
+
+    expect(result.statusCode).toEqual(200)
+    expect(await result.content.readAsStringAsync()).toEqual('{"foo":"bar"}')
+  })
+
+  it('should indicate if changing a password fails', async () => {
+    request.body.version = '004'
+    request.body.api = '20190520'
+    request.body.current_password = 'test123'
+    request.body.new_password = 'test234'
+    request.body.pw_nonce = 'asdzxc'
+    request.headers['user-agent'] = 'Google Chrome'
+    response.locals.user = user
+
+    changeCredentials.execute = jest.fn().mockReturnValue({ success: false, errorMessage: 'Something bad happened' })
+
+    const httpResponse = <results.JsonResult> await createController().changeCredentials(request, response)
+    const result = await httpResponse.executeAsync()
+
+    expect(increaseLoginAttempts.execute).toHaveBeenCalled()
+
+    expect(result.statusCode).toEqual(401)
+    expect(await result.content.readAsStringAsync()).toEqual('{"error":{"message":"Something bad happened"}}')
+  })
+
+  it('should not change a password if current password is missing', async () => {
+    request.body.version = '004'
+    request.body.api = '20190520'
+    request.body.new_password = 'test234'
+    request.body.pw_nonce = 'asdzxc'
+    request.headers['user-agent'] = 'Google Chrome'
+    response.locals.user = user
+
+    const httpResponse = <results.JsonResult> await createController().changeCredentials(request, response)
+    const result = await httpResponse.executeAsync()
+
+    expect(changeCredentials.execute).not.toHaveBeenCalled()
+
+    expect(result.statusCode).toEqual(400)
+    expect(await result.content.readAsStringAsync()).toEqual('{"error":{"message":"Your current password is required to change your password. Please update your application if you do not see this option."}}')
+  })
+
+  it('should not change a password if new password is missing', async () => {
+    request.body.version = '004'
+    request.body.api = '20190520'
+    request.body.current_password = 'test123'
+    request.body.pw_nonce = 'asdzxc'
+    request.headers['user-agent'] = 'Google Chrome'
+    response.locals.user = user
+
+    const httpResponse = <results.JsonResult> await createController().changeCredentials(request, response)
+    const result = await httpResponse.executeAsync()
+
+    expect(changeCredentials.execute).not.toHaveBeenCalled()
+
+    expect(result.statusCode).toEqual(400)
+    expect(await result.content.readAsStringAsync()).toEqual('{"error":{"message":"Your new password is required to change your password. Please try again."}}')
+  })
+
+  it('should not change a password if password nonce is missing', async () => {
+    request.body.version = '004'
+    request.body.api = '20190520'
+    request.body.current_password = 'test123'
+    request.body.new_password = 'test234'
+    request.headers['user-agent'] = 'Google Chrome'
+    response.locals.user = user
+
+    const httpResponse = <results.JsonResult> await createController().changeCredentials(request, response)
+    const result = await httpResponse.executeAsync()
+
+    expect(changeCredentials.execute).not.toHaveBeenCalled()
+
+    expect(result.statusCode).toEqual(400)
+    expect(await result.content.readAsStringAsync()).toEqual('{"error":{"message":"The change password request is missing new auth parameters. Please try again."}}')
+  })
 })

src/Controller/UsersController.ts

@@ -6,20 +6,29 @@ import {
   httpDelete,
   httpGet,
   httpPatch,
+  httpPut,
   // eslint-disable-next-line @typescript-eslint/no-unused-vars
   results,
 } from 'inversify-express-utils'
 import TYPES from '../Bootstrap/Types'
 import { DeleteAccount } from '../Domain/UseCase/DeleteAccount/DeleteAccount'
 import { GetUserKeyParams } from '../Domain/UseCase/GetUserKeyParams/GetUserKeyParams'
 import { UpdateUser } from '../Domain/UseCase/UpdateUser'
+import { GetUserSubscription } from '../Domain/UseCase/GetUserSubscription/GetUserSubscription'
+import { ClearLoginAttempts } from '../Domain/UseCase/ClearLoginAttempts'
+import { IncreaseLoginAttempts } from '../Domain/UseCase/IncreaseLoginAttempts'
+import { ChangeCredentials } from '../Domain/UseCase/ChangeCredentials/ChangeCredentials'
 
 @controller('/users')
 export class UsersController extends BaseHttpController {
   constructor(
     @inject(TYPES.UpdateUser) private updateUser: UpdateUser,
     @inject(TYPES.GetUserKeyParams) private getUserKeyParams: GetUserKeyParams,
     @inject(TYPES.DeleteAccount) private doDeleteAccount: DeleteAccount,
+    @inject(TYPES.GetUserSubscription) private doGetUserSubscription: GetUserSubscription,
+    @inject(TYPES.ClearLoginAttempts) private clearLoginAttempts: ClearLoginAttempts,
+    @inject(TYPES.IncreaseLoginAttempts) private increaseLoginAttempts: IncreaseLoginAttempts,
+    @inject(TYPES.ChangeCredentials) private changeCredentialsUseCase: ChangeCredentials,
   ) {
     super()
   }
@@ -40,7 +49,6 @@ export class UsersController extends BaseHttpController {
       apiVersion: request.body.api,
       pwFunc: request.body.pw_func,
       pwAlg: request.body.pw_alg,
-      email: request.body.email,
       pwCost: request.body.pw_cost,
       pwKeySize: request.body.pw_key_size,
       pwNonce: request.body.pw_nonce,
@@ -91,4 +99,79 @@ export class UsersController extends BaseHttpController {
 
     return this.json({ message: result.message }, result.responseCode)
   }
+
+  @httpGet('/:userUuid/subscription', TYPES.AuthMiddleware)
+  async getSubscription(request: Request, response: Response): Promise<results.JsonResult> {
+    if (request.params.userUuid !== response.locals.user.uuid) {
+      return this.json({
+        error: {
+          message: 'Operation not allowed.',
+        },
+      }, 401)
+    }
+
+    const result = await this.doGetUserSubscription.execute({
+      userUuid: request.params.userUuid,
+    })
+
+    if (result.success) {
+      return this.json(result)
+    }
+
+    return this.json(result, 400)
+  }
+
+  @httpPut('/:userId/attributes/credentials', TYPES.AuthMiddleware)
+  async changeCredentials(request: Request, response: Response): Promise<results.JsonResult> {
+    if (!request.body.current_password) {
+      return this.json({
+        error: {
+          message: 'Your current password is required to change your password. Please update your application if you do not see this option.',
+        },
+      }, 400)
+    }
+
+    if (!request.body.new_password) {
+      return this.json({
+        error: {
+          message: 'Your new password is required to change your password. Please try again.',
+        },
+      }, 400)
+    }
+
+    if (!request.body.pw_nonce) {
+      return this.json({
+        error: {
+          message: 'The change password request is missing new auth parameters. Please try again.',
+        },
+      }, 400)
+    }
+
+    const changeCredentialsResult = await this.changeCredentialsUseCase.execute({
+      user: response.locals.user,
+      apiVersion: request.body.api,
+      currentPassword: request.body.current_password,
+      newPassword: request.body.new_password,
+      newEmail: request.body.new_email,
+      pwNonce: request.body.pw_nonce,
+      kpCreated: request.body.created,
+      kpOrigination: request.body.origination,
+      updatedWithUserAgent: <string> request.headers['user-agent'],
+      protocolVersion: request.body.version,
+    })
+
+    if (!changeCredentialsResult.success) {
+      await this.increaseLoginAttempts.execute({ email: response.locals.user.email })
+
+      return this.json({
+        error: {
+          message: changeCredentialsResult.errorMessage,
+        },
+      }, 401)
+    }
+
+    await this.clearLoginAttempts.execute({ email: response.locals.user.email })
+
+    return this.json(changeCredentialsResult.authResponse)
+  }
 }

src/Domain/Feature/FeatureService.spec.ts

@@ -59,6 +59,7 @@ describe('FeatureService', () => {
       planName: SubscriptionName.CorePlan,
       endsAt: 555,
       user: Promise.resolve(user),
+      cancelled: false,
     }
 
     subscription2 = {
@@ -68,6 +69,7 @@ describe('FeatureService', () => {
       planName: SubscriptionName.ProPlan,
       endsAt: 777,
       user: Promise.resolve(user),
+      cancelled: false,
     }
 
     user = {
@@ -85,27 +87,27 @@ describe('FeatureService', () => {
     settingService.findSetting = jest.fn().mockReturnValue(extensionKeySetting)
   })
 
-  it('should return user features with `expiresAt` field', async () => {
+  it('should return user features with `expires_at` field', async () => {
     expect(await createService().getFeaturesForUser(user)).toEqual([
       {
-        'contentType': 'SN|Theme',
+        'content_type': 'SN|Theme',
         'description': 'A theme for writers and readers.',
-        'dockIcon': {
-          'backgroundColor': '#9D7441',
-          'borderColor': '#9D7441',
-          'foregroundColor': '#ECE4DB',
+        'dock_icon': {
+          'background_color': '#9D7441',
+          'border_color': '#9D7441',
+          'foreground_color': '#ECE4DB',
           'type': 'circle',
         },
-        'downloadUrl': 'https://github.com/standardnotes/autobiography-theme/archive/1.0.0.zip',
-        'expiresAt': 555,
+        'download_url': 'https://github.com/standardnotes/autobiography-theme/archive/1.0.0.zip',
+        'expires_at': 555,
         'flags': [
           'New',
         ],
         'identifier': 'org.standardnotes.theme-autobiography',
-        'permissionName': 'theme:autobiography',
-        'marketingUrl': '',
+        'permission_name': 'theme:autobiography',
+        'marketing_url': '',
         'name': 'Autobiography',
-        'thumbnailUrl': 'https://s3.amazonaws.com/standard-notes/screenshots/models/themes/autobiography.jpg',
+        'thumbnail_url': 'https://s3.amazonaws.com/standard-notes/screenshots/models/themes/autobiography.jpg',
         'url': 'https://extension-server/abc123/themes/autobiography',
         'version': '1.0.0',
       },
@@ -129,24 +131,24 @@ describe('FeatureService', () => {
 
     expect(await createService().getFeaturesForUser(user)).toEqual([
       {
-        'contentType': 'SN|Theme',
+        'content_type': 'SN|Theme',
         'description': 'A theme for writers and readers.',
-        'dockIcon': {
-          'backgroundColor': '#9D7441',
-          'borderColor': '#9D7441',
-          'foregroundColor': '#ECE4DB',
+        'dock_icon': {
+          'background_color': '#9D7441',
+          'border_color': '#9D7441',
+          'foreground_color': '#ECE4DB',
           'type': 'circle',
         },
-        'downloadUrl': 'https://github.com/standardnotes/autobiography-theme/archive/1.0.0.zip',
-        'expiresAt': 555,
+        'download_url': 'https://github.com/standardnotes/autobiography-theme/archive/1.0.0.zip',
+        'expires_at': 555,
         'flags': [
           'New',
         ],
         'identifier': 'org.standardnotes.theme-autobiography',
-        'permissionName': 'theme:autobiography',
-        'marketingUrl': '',
+        'permission_name': 'theme:autobiography',
+        'marketing_url': '',
         'name': 'Autobiography',
-        'thumbnailUrl': 'https://s3.amazonaws.com/standard-notes/screenshots/models/themes/autobiography.jpg',
+        'thumbnail_url': 'https://s3.amazonaws.com/standard-notes/screenshots/models/themes/autobiography.jpg',
         'url': '#{url_prefix}/themes/autobiography',
         'version': '1.0.0',
       },
@@ -158,31 +160,31 @@ describe('FeatureService', () => {
 
     expect(await createService().getFeaturesForUser(user)).toEqual([
       {
-        'contentType': 'SN|Theme',
+        'content_type': 'SN|Theme',
         'description': 'A theme for writers and readers.',
-        'dockIcon': {
-          'backgroundColor': '#9D7441',
-          'borderColor': '#9D7441',
-          'foregroundColor': '#ECE4DB',
+        'dock_icon': {
+          'background_color': '#9D7441',
+          'border_color': '#9D7441',
+          'foreground_color': '#ECE4DB',
           'type': 'circle',
         },
-        'downloadUrl': 'https://github.com/standardnotes/autobiography-theme/archive/1.0.0.zip',
-        'expiresAt': 555,
+        'download_url': 'https://github.com/standardnotes/autobiography-theme/archive/1.0.0.zip',
+        'expires_at': 555,
         'flags': [
           'New',
         ],
         'identifier': 'org.standardnotes.theme-autobiography',
-        'permissionName': 'theme:autobiography',
-        'marketingUrl': '',
+        'permission_name': 'theme:autobiography',
+        'marketing_url': '',
         'name': 'Autobiography',
-        'thumbnailUrl': 'https://s3.amazonaws.com/standard-notes/screenshots/models/themes/autobiography.jpg',
+        'thumbnail_url': 'https://s3.amazonaws.com/standard-notes/screenshots/models/themes/autobiography.jpg',
         'url': '#{url_prefix}/themes/autobiography',
         'version': '1.0.0',
       },
     ])
   })
 
-  it('should return user features with `expiresAt` field when user has more than 1 role & subscription', async () => {
+  it('should return user features with `expires_at` field when user has more than 1 role & subscription', async () => {
     roleToSubscriptionMap.getSubscriptionNameForRoleName = jest.fn()
       .mockReturnValueOnce(SubscriptionName.CorePlan)
       .mockReturnValueOnce(SubscriptionName.ProPlan)
@@ -195,39 +197,39 @@ describe('FeatureService', () => {
 
     expect(await createService().getFeaturesForUser(user)).toEqual([
       {
-        'contentType': 'SN|Theme',
+        'content_type': 'SN|Theme',
         'description': 'A theme for writers and readers.',
-        'dockIcon': {
-          'backgroundColor': '#9D7441',
-          'borderColor': '#9D7441',
-          'foregroundColor': '#ECE4DB',
+        'dock_icon': {
+          'background_color': '#9D7441',
+          'border_color': '#9D7441',
+          'foreground_color': '#ECE4DB',
           'type': 'circle',
         },
-        'downloadUrl': 'https://github.com/standardnotes/autobiography-theme/archive/1.0.0.zip',
-        'expiresAt': 555,
+        'download_url': 'https://github.com/standardnotes/autobiography-theme/archive/1.0.0.zip',
+        'expires_at': 555,
         'flags': [
           'New',
         ],
         'identifier': 'org.standardnotes.theme-autobiography',
-        'permissionName': 'theme:autobiography',
-        'marketingUrl': '',
+        'permission_name': 'theme:autobiography',
+        'marketing_url': '',
         'name': 'Autobiography',
-        'thumbnailUrl': 'https://s3.amazonaws.com/standard-notes/screenshots/models/themes/autobiography.jpg',
+        'thumbnail_url': 'https://s3.amazonaws.com/standard-notes/screenshots/models/themes/autobiography.jpg',
         'url': 'https://extension-server/abc123/themes/autobiography',
         'version': '1.0.0',
       },
       {
         'area': 'modal',
-        'contentType': 'SN|Component',
-        'description': '',
-        'downloadUrl': '',
-        'expiresAt': 777,
+        'content_type': 'SN|Component',
+        'description': 'Manage and install cloud backups, including Note History, Dropbox, Google Drive, OneDrive, and Daily Email Backups.',
+        'download_url': '',
+        'expires_at': 777,
         'identifier': 'org.standardnotes.cloudlink',
-        'permissionName': 'component:cloud-link',
-        'marketingUrl': '',
-        'name': '',
-        'url': '',
-        'version': '',
+        'permission_name': 'component:cloud-link',
+        'marketing_url': '',
+        'name': 'CloudLink',
+        'url': 'https://extension-server/abc123/components/cloudlink',
+        'version': '1.2.3',
       },
     ])
   })
@@ -249,39 +251,39 @@ describe('FeatureService', () => {
 
     expect(await createService().getFeaturesForUser(user)).toEqual([
       {
-        'contentType': 'SN|Theme',
+        'content_type': 'SN|Theme',
         'description': 'A theme for writers and readers.',
-        'dockIcon': {
-          'backgroundColor': '#9D7441',
-          'borderColor': '#9D7441',
-          'foregroundColor': '#ECE4DB',
+        'dock_icon': {
+          'background_color': '#9D7441',
+          'border_color': '#9D7441',
+          'foreground_color': '#ECE4DB',
           'type': 'circle',
         },
-        'downloadUrl': 'https://github.com/standardnotes/autobiography-theme/archive/1.0.0.zip',
-        'expiresAt': 777,
+        'download_url': 'https://github.com/standardnotes/autobiography-theme/archive/1.0.0.zip',
+        'expires_at': 777,
         'flags': [
           'New',
         ],
         'identifier': 'org.standardnotes.theme-autobiography',
-        'permissionName': 'theme:autobiography',
-        'marketingUrl': '',
+        'permission_name': 'theme:autobiography',
+        'marketing_url': '',
         'name': 'Autobiography',
-        'thumbnailUrl': 'https://s3.amazonaws.com/standard-notes/screenshots/models/themes/autobiography.jpg',
+        'thumbnail_url': 'https://s3.amazonaws.com/standard-notes/screenshots/models/themes/autobiography.jpg',
         'url': 'https://extension-server/abc123/themes/autobiography',
         'version': '1.0.0',
       },
       {
         'area': 'modal',
-        'contentType': 'SN|Component',
-        'description': '',
-        'downloadUrl': '',
-        'expiresAt': 777,
+        'content_type': 'SN|Component',
+        'description': 'Manage and install cloud backups, including Note History, Dropbox, Google Drive, OneDrive, and Daily Email Backups.',
+        'download_url': '',
+        'expires_at': 777,
         'identifier': 'org.standardnotes.cloudlink',
-        'permissionName': 'component:cloud-link',
-        'marketingUrl': '',
-        'name': '',
-        'url': '',
-        'version': '',
+        'permission_name': 'component:cloud-link',
+        'marketing_url': '',
+        'name': 'CloudLink',
+        'url': 'https://extension-server/abc123/components/cloudlink',
+        'version': '1.2.3',
       },
     ])
   })
@@ -305,39 +307,39 @@ describe('FeatureService', () => {
 
     expect(await createService().getFeaturesForUser(user)).toEqual([
       {
-        'contentType': 'SN|Theme',
+        'content_type': 'SN|Theme',
         'description': 'A theme for writers and readers.',
-        'dockIcon': {
-          'backgroundColor': '#9D7441',
-          'borderColor': '#9D7441',
-          'foregroundColor': '#ECE4DB',
+        'dock_icon': {
+          'background_color': '#9D7441',
+          'border_color': '#9D7441',
+          'foreground_color': '#ECE4DB',
           'type': 'circle',
         },
-        'downloadUrl': 'https://github.com/standardnotes/autobiography-theme/archive/1.0.0.zip',
-        'expiresAt': 555,
+        'download_url': 'https://github.com/standardnotes/autobiography-theme/archive/1.0.0.zip',
+        'expires_at': 555,
         'flags': [
           'New',
         ],
         'identifier': 'org.standardnotes.theme-autobiography',
-        'permissionName': 'theme:autobiography',
-        'marketingUrl': '',
+        'permission_name': 'theme:autobiography',
+        'marketing_url': '',
         'name': 'Autobiography',
-        'thumbnailUrl': 'https://s3.amazonaws.com/standard-notes/screenshots/models/themes/autobiography.jpg',
+        'thumbnail_url': 'https://s3.amazonaws.com/standard-notes/screenshots/models/themes/autobiography.jpg',
         'url': 'https://extension-server/abc123/themes/autobiography',
         'version': '1.0.0',
       },
       {
         'area': 'modal',
-        'contentType': 'SN|Component',
-        'description': '',
-        'downloadUrl': '',
-        'expiresAt': 111,
+        'content_type': 'SN|Component',
+        'description': 'Manage and install cloud backups, including Note History, Dropbox, Google Drive, OneDrive, and Daily Email Backups.',
+        'download_url': '',
+        'expires_at': 111,
         'identifier': 'org.standardnotes.cloudlink',
-        'permissionName': 'component:cloud-link',
-        'marketingUrl': '',
-        'name': '',
-        'url': '',
-        'version': '',
+        'permission_name': 'component:cloud-link',
+        'marketing_url': '',
+        'name': 'CloudLink',
+        'url': 'https://extension-server/abc123/components/cloudlink',
+        'version': '1.2.3',
       },
     ])
   })

src/Domain/Feature/FeatureService.ts

@@ -1,5 +1,5 @@
 import { RoleName } from '@standardnotes/auth'
-import { Feature, Features } from '@standardnotes/features'
+import { FeatureDescription, Features } from '@standardnotes/features'
 import { SettingName } from '@standardnotes/settings'
 import { inject, injectable } from 'inversify'
 import TYPES from '../../Bootstrap/Types'
@@ -20,7 +20,7 @@ export class FeatureService implements FeatureServiceInterface {
   ) {
   }
 
-  async getFeaturesForUser(user: User): Promise<Array<Feature>> {
+  async getFeaturesForUser(user: User): Promise<Array<FeatureDescription>> {
     const userRoles = await user.roles
     const userSubscriptions = await user.subscriptions
 
@@ -29,7 +29,7 @@ export class FeatureService implements FeatureServiceInterface {
       userUuid: user.uuid,
     })
 
-    const userFeatures: Map<string, Feature> = new Map()
+    const userFeatures: Map<string, FeatureDescription> = new Map()
     for (const role of userRoles) {
       const subscriptionName = this.roleToSubscriptionMap.getSubscriptionNameForRoleName(role.name as RoleName)
       const userSubscription = userSubscriptions.find(subscription => subscription.planName === subscriptionName) as UserSubscription
@@ -41,7 +41,7 @@ export class FeatureService implements FeatureServiceInterface {
       const rolePermissions = await role.permissions
 
       for (const rolePermission of rolePermissions) {
-        let featureForPermission = Features.find(feature => feature.permissionName === rolePermission.name) as Feature
+        let featureForPermission = Features.find(feature => feature.permission_name === rolePermission.name) as FeatureDescription
 
         if (extensionKeySetting !== undefined) {
           featureForPermission = {
@@ -54,13 +54,13 @@ export class FeatureService implements FeatureServiceInterface {
         if (alreadyAddedFeature === undefined) {
           userFeatures.set(rolePermission.name, {
             ...featureForPermission,
-            expiresAt,
+            expires_at: expiresAt,
           })
           continue
         }
 
-        if (expiresAt > (alreadyAddedFeature.expiresAt as number)) {
-          alreadyAddedFeature.expiresAt = expiresAt
+        if (expiresAt > (alreadyAddedFeature.expires_at as number)) {
+          alreadyAddedFeature.expires_at = expiresAt
         }
       }
     }

src/Domain/Feature/FeatureServiceInterface.ts

@@ -1,7 +1,7 @@
-import { Feature } from '@standardnotes/features'
+import { FeatureDescription } from '@standardnotes/features'
 
 import { User } from '../User/User'
 
 export interface FeatureServiceInterface {
-  getFeaturesForUser(user: User): Promise<Array<Feature>>
+  getFeaturesForUser(user: User): Promise<Array<FeatureDescription>>
 }

src/Domain/Handler/SubscriptionCancelledEventHandler.spec.ts

@@ -0,0 +1,75 @@
+import 'reflect-metadata'
+
+import { SubscriptionName } from '@standardnotes/auth'
+import { SubscriptionCancelledEvent } from '@standardnotes/domain-events'
+import { Logger } from 'winston'
+
+import * as dayjs from 'dayjs'
+
+import { User } from '../User/User'
+import { UserRepositoryInterface } from '../User/UserRepositoryInterface'
+import { UserSubscriptionRepositoryInterface } from '../User/UserSubscriptionRepositoryInterface'
+import { SubscriptionCancelledEventHandler } from './SubscriptionCancelledEventHandler'
+
+describe('SubscriptionCancelledEventHandler', () => {
+  let userRepository: UserRepositoryInterface
+  let userSubscriptionRepository: UserSubscriptionRepositoryInterface
+  let logger: Logger
+  let user: User
+  let event: SubscriptionCancelledEvent
+  let timestamp: number
+
+  const createHandler = () => new SubscriptionCancelledEventHandler(
+    userRepository,
+    userSubscriptionRepository,
+    logger
+  )
+
+  beforeEach(() => {
+    user = {
+      uuid: '123',
+    } as jest.Mocked<User>
+
+    userRepository = {} as jest.Mocked<UserRepositoryInterface>
+    userRepository.findOneByEmail = jest.fn().mockReturnValue(user)
+
+    userSubscriptionRepository = {} as jest.Mocked<UserSubscriptionRepositoryInterface>
+    userSubscriptionRepository.updateCancelled = jest.fn()
+
+    timestamp = dayjs.utc().valueOf()
+
+    event = {} as jest.Mocked<SubscriptionCancelledEvent>
+    event.createdAt = new Date(1)
+    event.payload = {
+      userEmail: 'test@test.com',
+      subscriptionName: SubscriptionName.ProPlan,
+      timestamp,
+    }
+
+    logger = {} as jest.Mocked<Logger>
+    logger.info = jest.fn()
+    logger.warn = jest.fn()
+  })
+
+  it('should update subscription cancelled', async () => {
+    await createHandler().handle(event)
+
+    expect(userRepository.findOneByEmail).toHaveBeenCalledWith('test@test.com')
+    expect(
+      userSubscriptionRepository.updateCancelled
+    ).toHaveBeenCalledWith(
+      SubscriptionName.ProPlan,
+      '123',
+      true,
+      timestamp,
+    )
+  })
+
+  it('should not do anything if no user is found for specified email', async () => {
+    userRepository.findOneByEmail = jest.fn().mockReturnValue(undefined)
+
+    await createHandler().handle(event)
+
+    expect(userSubscriptionRepository.updateCancelled).not.toHaveBeenCalled()
+  })
+})

src/Domain/Handler/SubscriptionCancelledEventHandler.ts

@@ -0,0 +1,54 @@
+import {
+  DomainEventHandlerInterface,
+  SubscriptionCancelledEvent,
+} from '@standardnotes/domain-events'
+import { inject, injectable } from 'inversify'
+import { Logger } from 'winston'
+
+import TYPES from '../../Bootstrap/Types'
+import { UserRepositoryInterface } from '../User/UserRepositoryInterface'
+import { UserSubscriptionRepositoryInterface } from '../User/UserSubscriptionRepositoryInterface'
+
+@injectable()
+export class SubscriptionCancelledEventHandler
+implements DomainEventHandlerInterface
+{
+  constructor(
+    @inject(TYPES.UserRepository) private userRepository: UserRepositoryInterface,
+    @inject(TYPES.UserSubscriptionRepository) private userSubscriptionRepository: UserSubscriptionRepositoryInterface,
+    @inject(TYPES.Logger) private logger: Logger
+  ) {}
+  async handle(
+    event: SubscriptionCancelledEvent
+  ): Promise<void> {
+    const user = await this.userRepository.findOneByEmail(
+      event.payload.userEmail
+    )
+
+    if (user === undefined) {
+      this.logger.warn(
+        `Could not find user with email: ${event.payload.userEmail}`
+      )
+      return
+    }
+
+    await this.updateSubscriptionCancelled(
+      event.payload.subscriptionName,
+      user.uuid,
+      event.payload.timestamp,
+    )
+  }
+
+  private async updateSubscriptionCancelled(
+    subscriptionName: string,
+    userUuid: string,
+    timestamp: number,
+  ): Promise<void> {
+    await this.userSubscriptionRepository.updateCancelled(
+      subscriptionName,
+      userUuid,
+      true,
+      timestamp,
+    )
+  }
+}

src/Domain/Handler/SubscriptionPurchasedEventHandler.spec.ts

@@ -88,6 +88,7 @@ describe('SubscriptionPurchasedEventHandler', () => {
       ...subscription,
       createdAt: expect.any(Number),
       updatedAt: expect.any(Number),
+      cancelled: false,
     })
   })
 

src/Domain/Handler/SubscriptionPurchasedEventHandler.ts

@@ -2,7 +2,6 @@ import { SubscriptionName } from '@standardnotes/auth'
 import {
   DomainEventHandlerInterface,
   SubscriptionPurchasedEvent,
-  SubscriptionRenewedEvent,
 } from '@standardnotes/domain-events'
 import { inject, injectable } from 'inversify'
 import { Logger } from 'winston'
@@ -26,7 +25,7 @@ implements DomainEventHandlerInterface
   ) {}
 
   async handle(
-    event: SubscriptionPurchasedEvent | SubscriptionRenewedEvent
+    event: SubscriptionPurchasedEvent
   ): Promise<void> {
     const user = await this.userRepository.findOneByEmail(
       event.payload.userEmail
@@ -68,6 +67,7 @@ implements DomainEventHandlerInterface
     subscription.createdAt = timestamp
     subscription.updatedAt = timestamp
     subscription.endsAt = subscriptionExpiresAt
+    subscription.cancelled = false
 
     await this.userSubscriptionRepository.save(subscription)
   }

src/Domain/Handler/SubscriptionRefundedEventHandler.ts

@@ -43,7 +43,6 @@ implements DomainEventHandlerInterface
       event.payload.timestamp,
     )
     await this.removeUserRole(user, event.payload.subscriptionName)
-
   }
 
   private async removeUserRole(

src/Domain/Handler/SubscriptionRenewedEventHandler.spec.ts

@@ -1,7 +1,7 @@
 import 'reflect-metadata'
 
 import { SubscriptionName } from '@standardnotes/auth'
-import { SubscriptionPurchasedEvent } from '@standardnotes/domain-events'
+import { SubscriptionRenewedEvent } from '@standardnotes/domain-events'
 import { Logger } from 'winston'
 
 import * as dayjs from 'dayjs'
@@ -16,7 +16,7 @@ describe('SubscriptionRenewedEventHandler', () => {
   let userSubscriptionRepository: UserSubscriptionRepositoryInterface
   let logger: Logger
   let user: User
-  let event: SubscriptionPurchasedEvent
+  let event: SubscriptionRenewedEvent
   let subscriptionExpirationDate: number
   let timestamp: number
 
@@ -40,7 +40,7 @@ describe('SubscriptionRenewedEventHandler', () => {
     timestamp = dayjs.utc().valueOf()
     subscriptionExpirationDate = dayjs.utc().valueOf() + 365*1000
 
-    event = {} as jest.Mocked<SubscriptionPurchasedEvent>
+    event = {} as jest.Mocked<SubscriptionRenewedEvent>
     event.createdAt = new Date(1)
     event.payload = {
       userEmail: 'test@test.com',

src/Domain/Handler/SubscriptionRenewedEventHandler.ts

@@ -1,6 +1,5 @@
 import {
   DomainEventHandlerInterface,
-  SubscriptionPurchasedEvent,
   SubscriptionRenewedEvent,
 } from '@standardnotes/domain-events'
 import { inject, injectable } from 'inversify'
@@ -20,7 +19,7 @@ implements DomainEventHandlerInterface
     @inject(TYPES.Logger) private logger: Logger
   ) {}
   async handle(
-    event: SubscriptionPurchasedEvent | SubscriptionRenewedEvent
+    event: SubscriptionRenewedEvent
   ): Promise<void> {
     const user = await this.userRepository.findOneByEmail(
       event.payload.userEmail

src/Domain/UseCase/ChangeCredentials/ChangeCredentials.spec.ts

@@ -0,0 +1,177 @@
+import 'reflect-metadata'
+import { DomainEventPublisherInterface, UserEmailChangedEvent } from '@standardnotes/domain-events'
+
+import { AuthResponseFactoryInterface } from '../../Auth/AuthResponseFactoryInterface'
+import { DomainEventFactoryInterface } from '../../Event/DomainEventFactoryInterface'
+
+import { AuthResponseFactoryResolverInterface } from '../../Auth/AuthResponseFactoryResolverInterface'
+import { User } from '../../User/User'
+import { UserRepositoryInterface } from '../../User/UserRepositoryInterface'
+
+import { ChangeCredentials } from './ChangeCredentials'
+
+describe('ChangeCredentials', () => {
+  let userRepository: UserRepositoryInterface
+  let authResponseFactoryResolver: AuthResponseFactoryResolverInterface
+  let authResponseFactory: AuthResponseFactoryInterface
+  let domainEventPublisher: DomainEventPublisherInterface
+  let domainEventFactory: DomainEventFactoryInterface
+  let user: User
+
+  const createUseCase = () => new ChangeCredentials(
+    userRepository,
+    authResponseFactoryResolver,
+    domainEventPublisher,
+    domainEventFactory,
+  )
+
+  beforeEach(() => {
+    userRepository = {} as jest.Mocked<UserRepositoryInterface>
+    userRepository.save = jest.fn()
+
+    authResponseFactory = {} as jest.Mocked<AuthResponseFactoryInterface>
+    authResponseFactory.createResponse = jest.fn().mockReturnValue({ foo: 'bar' })
+
+    authResponseFactoryResolver = {} as jest.Mocked<AuthResponseFactoryResolverInterface>
+    authResponseFactoryResolver.resolveAuthResponseFactoryVersion = jest.fn().mockReturnValue(authResponseFactory)
+
+    user = {} as jest.Mocked<User>
+    user.encryptedPassword = '$2a$11$K3g6XoTau8VmLJcai1bB0eD9/YvBSBRtBhMprJOaVZ0U3SgasZH3a'
+    user.uuid = '1-2-3'
+    user.email = 'test@test.te'
+
+    domainEventPublisher = {} as jest.Mocked<DomainEventPublisherInterface>
+    domainEventPublisher.publish = jest.fn()
+
+    domainEventFactory = {} as jest.Mocked<DomainEventFactoryInterface>
+    domainEventFactory.createUserEmailChangedEvent = jest.fn().mockReturnValue({} as jest.Mocked<UserEmailChangedEvent>)
+  })
+
+  it('should change password', async () => {
+    expect(await createUseCase().execute({
+      user,
+      apiVersion: '20190520',
+      currentPassword: 'qweqwe123123',
+      newPassword: 'test234',
+      pwNonce: 'asdzxc',
+      updatedWithUserAgent: 'Google Chrome',
+      kpCreated: '123',
+      kpOrigination: 'password-change',
+    })).toEqual({
+      success: true,
+      authResponse: {
+        foo: 'bar',
+      },
+    })
+
+    expect(userRepository.save).toHaveBeenCalledWith({
+      encryptedPassword: expect.any(String),
+      updatedWithUserAgent: 'Google Chrome',
+      pwNonce: 'asdzxc',
+      kpCreated: '123',
+      email: 'test@test.te',
+      uuid: '1-2-3',
+      kpOrigination: 'password-change',
+    })
+    expect(domainEventPublisher.publish).not.toHaveBeenCalled()
+    expect(domainEventFactory.createUserEmailChangedEvent).not.toHaveBeenCalled()
+  })
+
+  it('should change email', async () => {
+    userRepository.findOneByEmail = jest.fn().mockReturnValue(undefined)
+
+    expect(await createUseCase().execute({
+      user,
+      apiVersion: '20190520',
+      currentPassword: 'qweqwe123123',
+      newPassword: 'test234',
+      newEmail: 'new@test.te',
+      pwNonce: 'asdzxc',
+      updatedWithUserAgent: 'Google Chrome',
+      kpCreated: '123',
+      kpOrigination: 'password-change',
+    })).toEqual({
+      success: true,
+      authResponse: {
+        foo: 'bar',
+      },
+    })
+
+    expect(userRepository.save).toHaveBeenCalledWith({
+      encryptedPassword: expect.any(String),
+      email: 'new@test.te',
+      uuid: '1-2-3',
+      updatedWithUserAgent: 'Google Chrome',
+      pwNonce: 'asdzxc',
+      kpCreated: '123',
+      kpOrigination: 'password-change',
+    })
+    expect(domainEventFactory.createUserEmailChangedEvent).toHaveBeenCalledWith('1-2-3', 'test@test.te', 'new@test.te')
+    expect(domainEventPublisher.publish).toHaveBeenCalled()
+  })
+
+  it('should not change email if already taken', async () => {
+    userRepository.findOneByEmail = jest.fn().mockReturnValue({} as jest.Mocked<User>)
+
+    expect(await createUseCase().execute({
+      user,
+      apiVersion: '20190520',
+      currentPassword: 'qweqwe123123',
+      newPassword: 'test234',
+      newEmail: 'new@test.te',
+      pwNonce: 'asdzxc',
+      updatedWithUserAgent: 'Google Chrome',
+      kpCreated: '123',
+      kpOrigination: 'password-change',
+    })).toEqual({
+      success: false,
+      errorMessage: 'The email you entered is already taken. Please try again.',
+    })
+
+    expect(userRepository.save).not.toHaveBeenCalled()
+    expect(domainEventFactory.createUserEmailChangedEvent).not.toHaveBeenCalled()
+    expect(domainEventPublisher.publish).not.toHaveBeenCalled()
+  })
+
+  it('should not change password if current password is incorrect', async () => {
+    expect(await createUseCase().execute({
+      user,
+      apiVersion: '20190520',
+      currentPassword: 'test123',
+      newPassword: 'test234',
+      pwNonce: 'asdzxc',
+      updatedWithUserAgent: 'Google Chrome',
+    })).toEqual({
+      success: false,
+      errorMessage: 'The current password you entered is incorrect. Please try again.',
+    })
+
+    expect(userRepository.save).not.toHaveBeenCalled()
+  })
+
+  it('should update protocol version while changing password', async () => {
+    expect(await createUseCase().execute({
+      user,
+      apiVersion: '20190520',
+      currentPassword: 'qweqwe123123',
+      newPassword: 'test234',
+      pwNonce: 'asdzxc',
+      updatedWithUserAgent: 'Google Chrome',
+      protocolVersion: '004',
+    })).toEqual({
+      success: true,
+      authResponse: {
+        foo: 'bar',
+      },
+    })
+
+    expect(userRepository.save).toHaveBeenCalledWith({
+      encryptedPassword: expect.any(String),
+      updatedWithUserAgent: 'Google Chrome',
+      pwNonce: 'asdzxc',
+      version: '004',
+      email: 'test@test.te',
+      uuid: '1-2-3',
+    })
+  })
+})

src/Domain/UseCase/ChangeCredentials/ChangeCredentials.ts

@@ -0,0 +1,74 @@
+import * as bcrypt from 'bcryptjs'
+import { inject, injectable } from 'inversify'
+import TYPES from '../../../Bootstrap/Types'
+import { AuthResponseFactoryResolverInterface } from '../../Auth/AuthResponseFactoryResolverInterface'
+
+import { User } from '../../User/User'
+import { UserRepositoryInterface } from '../../User/UserRepositoryInterface'
+import { ChangeCredentialsDTO } from './ChangeCredentialsDTO'
+import { ChangeCredentialsResponse } from './ChangeCredentialsResponse'
+import { UseCaseInterface } from '../UseCaseInterface'
+import { DomainEventFactoryInterface } from '../../Event/DomainEventFactoryInterface'
+import { DomainEventPublisherInterface, UserEmailChangedEvent } from '@standardnotes/domain-events'
+
+@injectable()
+export class ChangeCredentials implements UseCaseInterface {
+  constructor(
+    @inject(TYPES.UserRepository) private userRepository: UserRepositoryInterface,
+    @inject(TYPES.AuthResponseFactoryResolver) private authResponseFactoryResolver: AuthResponseFactoryResolverInterface,
+    @inject(TYPES.DomainEventPublisher) private domainEventPublisher: DomainEventPublisherInterface,
+    @inject(TYPES.DomainEventFactory) private domainEventFactory: DomainEventFactoryInterface,
+  ) {
+  }
+
+  async execute(dto: ChangeCredentialsDTO): Promise<ChangeCredentialsResponse> {
+    if (!await bcrypt.compare(dto.currentPassword, dto.user.encryptedPassword)) {
+      return {
+        success: false,
+        errorMessage: 'The current password you entered is incorrect. Please try again.',
+      }
+    }
+
+    dto.user.encryptedPassword = await bcrypt.hash(dto.newPassword, User.PASSWORD_HASH_COST)
+
+    let userEmailChangedEvent: UserEmailChangedEvent | undefined = undefined
+    if (dto.newEmail !== undefined) {
+      const existingUser = await this.userRepository.findOneByEmail(dto.newEmail)
+      if (existingUser !== undefined) {
+        return {
+          success: false,
+          errorMessage: 'The email you entered is already taken. Please try again.',
+        }
+      }
+
+      userEmailChangedEvent = this.domainEventFactory.createUserEmailChangedEvent(dto.user.uuid, dto.user.email, dto.newEmail)
+
+      dto.user.email = dto.newEmail
+    }
+
+    dto.user.updatedWithUserAgent = dto.updatedWithUserAgent
+    dto.user.pwNonce = dto.pwNonce
+    if (dto.protocolVersion) {
+      dto.user.version = dto.protocolVersion
+    }
+    if (dto.kpCreated) {
+      dto.user.kpCreated = dto.kpCreated
+    }
+    if (dto.kpOrigination) {
+      dto.user.kpOrigination = dto.kpOrigination
+    }
+
+    const updatedUser = await this.userRepository.save(dto.user)
+
+    if (userEmailChangedEvent !== undefined) {
+      await this.domainEventPublisher.publish(userEmailChangedEvent)
+    }
+
+    const authResponseFactory = this.authResponseFactoryResolver.resolveAuthResponseFactoryVersion(dto.apiVersion)
+
+    return {
+      success: true,
+      authResponse: await authResponseFactory.createResponse(updatedUser, dto.apiVersion, dto.updatedWithUserAgent),
+    }
+  }
+}

src/Domain/UseCase/ChangePasswordDTO.ts src/Domain/UseCase/ChangeCredentials/ChangeCredentialsDTO.ts

@@ -1,10 +1,11 @@
-import { User } from '../User/User'
+import { User } from '../../User/User'
 
-export type ChangePasswordDTO = {
+export type ChangeCredentialsDTO = {
   user: User
   apiVersion: string
   currentPassword: string
   newPassword: string
+  newEmail?: string
   pwNonce: string
   updatedWithUserAgent: string
   protocolVersion?: string

src/Domain/UseCase/ChangeCredentials/ChangeCredentialsResponse.ts

@@ -0,0 +1,8 @@
+import { AuthResponse20161215 } from '../../Auth/AuthResponse20161215'
+import { AuthResponse20200115 } from '../../Auth/AuthResponse20200115'
+
+export type ChangeCredentialsResponse = {
+  success: boolean
+  authResponse?: AuthResponse20161215 | AuthResponse20200115
+  errorMessage?: string
+}

src/Domain/UseCase/ChangePassword.spec.ts

@@ -1,5 +1,5 @@
 import 'reflect-metadata'
-import { Feature } from '@standardnotes/features'
+import { FeatureDescription } from '@standardnotes/features'
 import { GetUserFeatures } from './GetUserFeatures'
 import { UserRepositoryInterface } from '../../User/UserRepositoryInterface'
 import { User } from '../../User/User'
@@ -8,7 +8,7 @@ import { FeatureServiceInterface } from '../../Feature/FeatureServiceInterface'
 describe('GetUserFeatures', () => {
   let user: User
   let userRepository: UserRepositoryInterface
-  let feature1: Feature
+  let feature1: FeatureDescription
   let featureService: FeatureServiceInterface
 
   const createUseCase = () => new GetUserFeatures(userRepository, featureService)
@@ -18,7 +18,7 @@ describe('GetUserFeatures', () => {
     userRepository = {} as jest.Mocked<UserRepositoryInterface>
     userRepository.findOneByUuid = jest.fn().mockReturnValue(user)
 
-    feature1 = { name: 'foobar' }  as jest.Mocked<Feature>
+    feature1 = { name: 'foobar' }  as jest.Mocked<FeatureDescription>
     featureService = {} as jest.Mocked<FeatureServiceInterface>
     featureService.getFeaturesForUser = jest.fn().mockReturnValue([feature1])
   })

src/Domain/UseCase/ChangePassword.ts

@@ -1,9 +1,9 @@
-import { Feature } from '@standardnotes/features'
+import { FeatureDescription } from '@standardnotes/features'
 
 export type GetUserFeaturesResponse = {
   success: true,
   userUuid: string,
-  features: Feature[]
+  features: FeatureDescription[]
 } | {
   success: false,
   error: {

src/Domain/UseCase/ChangePasswordResponse.ts

@@ -0,0 +1,49 @@
+import 'reflect-metadata'
+import { GetUserSubscription } from './GetUserSubscription'
+import { UserRepositoryInterface } from '../../User/UserRepositoryInterface'
+import { User } from '../../User/User'
+import { UserSubscriptionRepositoryInterface } from '../../User/UserSubscriptionRepositoryInterface'
+import { UserSubscription } from '../../User/UserSubscription'
+import { SubscriptionName } from '@standardnotes/auth'
+
+describe('GetUserSubscription', () => {
+  let user: User
+  let userSubscription: UserSubscription
+  let userRepository: UserRepositoryInterface
+  let userSubscriptionRepository: UserSubscriptionRepositoryInterface
+
+  const createUseCase = () => new GetUserSubscription(userRepository, userSubscriptionRepository)
+
+  beforeEach(() => {
+    user = {} as jest.Mocked<User>
+    userRepository = {} as jest.Mocked<UserRepositoryInterface>
+    userRepository.findOneByUuid = jest.fn().mockReturnValue(user)
+
+    userSubscription = {
+      planName: SubscriptionName.ProPlan,
+    } as jest.Mocked<UserSubscription>
+    userSubscriptionRepository = {} as jest.Mocked<UserSubscriptionRepositoryInterface>
+    userSubscriptionRepository.findOneByUserUuid = jest.fn().mockReturnValue(userSubscription)
+  })
+
+  it('should fail if a user is not found', async () => {
+    userRepository.findOneByUuid = jest.fn().mockReturnValue(undefined)
+
+    expect(await createUseCase().execute({ userUuid: 'user-1-1-1' })).toEqual({
+      success: false,
+      error: {
+        message: 'User user-1-1-1 not found.',
+      },
+    })
+  })
+
+  it('should return user subscription', async () => {
+    expect(await createUseCase().execute({ userUuid: 'user-1-1-1' })).toEqual({
+      success: true,
+      userUuid: 'user-1-1-1',
+      subscription: {
+        planName: SubscriptionName.ProPlan,
+      },
+    })
+  })
+})

src/Domain/UseCase/GetUserFeatures/GetUserFeatures.spec.ts

@@ -0,0 +1,39 @@
+import { UseCaseInterface } from '../UseCaseInterface'
+import { inject, injectable } from 'inversify'
+import TYPES from '../../../Bootstrap/Types'
+import { GetUserSubscriptionDto } from './GetUserSubscriptionDto'
+import { UserRepositoryInterface } from '../../User/UserRepositoryInterface'
+import { GetUserSubscriptionResponse } from './GetUserSubscriptionResponse'
+import { UserSubscriptionRepositoryInterface } from '../../User/UserSubscriptionRepositoryInterface'
+
+@injectable()
+export class GetUserSubscription implements UseCaseInterface {
+  constructor(
+    @inject(TYPES.UserRepository) private userRepository: UserRepositoryInterface,
+    @inject(TYPES.UserSubscriptionRepository) private userSubscriptionRepository: UserSubscriptionRepositoryInterface,
+  ) {
+  }
+
+  async execute(dto: GetUserSubscriptionDto): Promise<GetUserSubscriptionResponse> {
+    const { userUuid } = dto
+
+    const user = await this.userRepository.findOneByUuid(userUuid)
+
+    if (user === undefined) {
+      return {
+        success: false,
+        error: {
+          message: `User ${userUuid} not found.`,
+        },
+      }
+    }
+
+    const userSubscription = await this.userSubscriptionRepository.findOneByUserUuid(userUuid)
+
+    return {
+      success: true,
+      userUuid,
+      subscription: userSubscription,
+    }
+  }
+}

src/Domain/UseCase/GetUserFeatures/GetUserFeaturesResponse.ts

@@ -0,0 +1,5 @@
+import { Uuid } from '@standardnotes/common'
+
+export type GetUserSubscriptionDto = {
+  userUuid: Uuid,
+}

src/Domain/UseCase/GetUserSubscription/GetUserSubscription.spec.ts

@@ -0,0 +1,12 @@
+import { UserSubscription } from '../../User/UserSubscription'
+
+export type GetUserSubscriptionResponse = {
+  success: true,
+  userUuid: string,
+  subscription?: UserSubscription,
+} | {
+  success: false,
+  error: {
+    message: string
+  }
+}

src/Domain/UseCase/GetUserSubscription/GetUserSubscription.ts

@@ -6,22 +6,16 @@ import { AuthResponseFactoryInterface } from '../Auth/AuthResponseFactoryInterfa
 import { AuthResponseFactoryResolverInterface } from '../Auth/AuthResponseFactoryResolverInterface'
 
 import { UpdateUser } from './UpdateUser'
-import { DomainEventPublisherInterface, UserEmailChangedEvent } from '@standardnotes/domain-events'
-import { DomainEventFactoryInterface } from '../Event/DomainEventFactoryInterface'
 
 describe('UpdateUser', () => {
   let userRepository: UserRepositoryInterface
   let authResponseFactoryResolver: AuthResponseFactoryResolverInterface
   let authResponseFactory: AuthResponseFactoryInterface
-  let domainEventPublisher: DomainEventPublisherInterface
-  let domainEventFactory: DomainEventFactoryInterface
   let user: User
 
   const createUseCase = () => new UpdateUser(
     userRepository,
     authResponseFactoryResolver,
-    domainEventPublisher,
-    domainEventFactory
   )
 
   beforeEach(() => {
@@ -35,12 +29,6 @@ describe('UpdateUser', () => {
     authResponseFactoryResolver = {} as jest.Mocked<AuthResponseFactoryResolverInterface>
     authResponseFactoryResolver.resolveAuthResponseFactoryVersion = jest.fn().mockReturnValue(authResponseFactory)
 
-    domainEventPublisher = {} as jest.Mocked<DomainEventPublisherInterface>
-    domainEventPublisher.publish = jest.fn()
-
-    domainEventFactory = {} as jest.Mocked<DomainEventFactoryInterface>
-    domainEventFactory.createUserEmailChangedEvent = jest.fn().mockReturnValue({} as jest.Mocked<UserEmailChangedEvent>)
-
     user = {} as jest.Mocked<User>
     user.uuid = '123'
     user.email = 'test@test.te'
@@ -67,32 +55,5 @@ describe('UpdateUser', () => {
       uuid: '123',
       version: '004',
     })
-    expect(domainEventPublisher.publish).not.toHaveBeenCalled()
-    expect(domainEventFactory.createUserEmailChangedEvent).not.toHaveBeenCalled()
-  })
-
-  it('should fail to change user email if a user already exists with that email', async () => {
-    userRepository.findOneByEmail = jest.fn().mockReturnValue({} as jest.Mocked<User>)
-
-    expect(await createUseCase().execute({
-      user,
-      updatedWithUserAgent: 'Mozilla',
-      apiVersion: '20190520',
-      version: '004',
-      email: 'test2@test.te',
-    })).toEqual({ success: false })
-  })
-
-  it('should change user email', async () => {
-    expect(await createUseCase().execute({
-      user,
-      updatedWithUserAgent: 'Mozilla',
-      apiVersion: '20190520',
-      version: '004',
-      email: 'test2@test.te',
-    })).toEqual({ success: true, authResponse: { foo: 'bar' } })
-
-    expect(domainEventPublisher.publish).toHaveBeenCalledTimes(1)
-    expect(domainEventFactory.createUserEmailChangedEvent).toHaveBeenLastCalledWith('123', 'test@test.te', 'test2@test.te')
   })
 })

src/Domain/UseCase/GetUserSubscription/GetUserSubscriptionDto.ts

@@ -1,8 +1,6 @@
-import { DomainEventPublisherInterface, UserEmailChangedEvent } from '@standardnotes/domain-events'
 import { inject, injectable } from 'inversify'
 import TYPES from '../../Bootstrap/Types'
 import { AuthResponseFactoryResolverInterface } from '../Auth/AuthResponseFactoryResolverInterface'
-import { DomainEventFactoryInterface } from '../Event/DomainEventFactoryInterface'
 import { UserRepositoryInterface } from '../User/UserRepositoryInterface'
 import { UpdateUserDTO } from './UpdateUserDTO'
 import { UpdateUserResponse } from './UpdateUserResponse'
@@ -13,8 +11,6 @@ export class UpdateUser implements UseCaseInterface {
   constructor (
     @inject(TYPES.UserRepository) private userRepository: UserRepositoryInterface,
     @inject(TYPES.AuthResponseFactoryResolver) private authResponseFactoryResolver: AuthResponseFactoryResolverInterface,
-    @inject(TYPES.DomainEventPublisher) private domainEventPublisher: DomainEventPublisherInterface,
-    @inject(TYPES.DomainEventFactory) private domainEventFactory: DomainEventFactoryInterface,
   ) {
   }
 
@@ -27,26 +23,10 @@ export class UpdateUser implements UseCaseInterface {
         && delete updateFields[key]
     )
 
-    let UserEmailChangedEvent: UserEmailChangedEvent | undefined = undefined
-    if ('email' in updateFields) {
-      const existingUser = await this.userRepository.findOneByEmail(updateFields.email as string)
-      if (existingUser !== undefined) {
-        return {
-          success: false,
-        }
-      }
-
-      UserEmailChangedEvent = this.domainEventFactory.createUserEmailChangedEvent(user.uuid, user.email, updateFields.email as string)
-    }
-
     Object.assign(user, updateFields)
 
     await this.userRepository.save(user)
 
-    if (UserEmailChangedEvent) {
-      await this.domainEventPublisher.publish(UserEmailChangedEvent)
-    }
-
     const authResponseFactory = this.authResponseFactoryResolver.resolveAuthResponseFactoryVersion(apiVersion)
 
     return {

src/Domain/UseCase/GetUserSubscription/GetUserSubscriptionResponse.ts

@@ -32,6 +32,14 @@ export class UserSubscription {
   @Index('updated_at')
   updatedAt: number
 
+  @Column({
+    type: 'tinyint',
+    width: 1,
+    nullable: false,
+    default: 0,
+  })
+  cancelled: boolean
+
   @ManyToOne(
     /* istanbul ignore next */
     () => User,

src/Domain/UseCase/UpdateUser.spec.ts

@@ -1,6 +1,8 @@
 import { UserSubscription } from './UserSubscription'
 
 export interface UserSubscriptionRepositoryInterface {
+  findOneByUserUuid(userUuid: string): Promise<UserSubscription | undefined>
   updateEndsAtByNameAndUserUuid(name: string, userUuid: string, endsAt: number, updatedAt: number): Promise<void>
+  updateCancelled(name: string, userUuid: string, cancelled: boolean, updatedAt: number): Promise<void>
   save(subscription: UserSubscription): Promise<UserSubscription> 
 }

src/Domain/UseCase/UpdateUser.ts

@@ -1,46 +1,102 @@
+import { SubscriptionName } from '@standardnotes/auth'
 import 'reflect-metadata'
 
-import { UpdateQueryBuilder } from 'typeorm'
+import { SelectQueryBuilder, UpdateQueryBuilder } from 'typeorm'
 import { UserSubscription } from '../../Domain/User/UserSubscription'
 
 import { MySQLUserSubscriptionRepository } from './MySQLUserSubscriptionRepository'
 
 describe('MySQLUserSubscriptionRepository', () => {
   let repository: MySQLUserSubscriptionRepository
-  let queryBuilder: UpdateQueryBuilder<UserSubscription>
+  let selectQueryBuilder: SelectQueryBuilder<UserSubscription>
+  let updateQueryBuilder: UpdateQueryBuilder<UserSubscription>
+  let subscription: UserSubscription
 
   beforeEach(() => {
-    queryBuilder = {} as jest.Mocked<UpdateQueryBuilder<UserSubscription>>
+    selectQueryBuilder = {} as jest.Mocked<SelectQueryBuilder<UserSubscription>>
+    updateQueryBuilder = {} as jest.Mocked<UpdateQueryBuilder<UserSubscription>>
+    
+    subscription = {
+      planName: SubscriptionName.ProPlan,
+    } as jest.Mocked<UserSubscription>
 
     repository = new MySQLUserSubscriptionRepository()
     jest.spyOn(repository, 'createQueryBuilder')
-    repository.createQueryBuilder = jest.fn().mockImplementation(() => queryBuilder)
+  })
+
+  it('should find one by user uuid', async () => {
+    repository.createQueryBuilder = jest.fn().mockImplementation(() => selectQueryBuilder)
+
+    selectQueryBuilder.where = jest.fn().mockReturnThis()
+    selectQueryBuilder.orderBy = jest.fn().mockReturnThis()
+    selectQueryBuilder.getOne = jest.fn().mockReturnValue(subscription)
+
+    const result = await repository.findOneByUserUuid('123')
+
+    expect(selectQueryBuilder.where).toHaveBeenCalledWith(
+      'user_uuid = :user_uuid',
+      {
+        user_uuid: '123',
+      },
+    )
+    expect(selectQueryBuilder.orderBy).toHaveBeenCalledWith(
+      'ends_at', 'DESC'
+    )
+    expect(selectQueryBuilder.getOne).toHaveBeenCalled()
+    expect(result).toEqual(subscription)
   })
 
   it('should update ends at by name and user uuid', async () => {
-    repository.createQueryBuilder = jest.fn().mockImplementation(() => queryBuilder)
+    repository.createQueryBuilder = jest.fn().mockImplementation(() => updateQueryBuilder)
 
-    queryBuilder.update = jest.fn().mockReturnThis()
-    queryBuilder.set = jest.fn().mockReturnThis()
-    queryBuilder.where = jest.fn().mockReturnThis()
-    queryBuilder.execute = jest.fn()
+    updateQueryBuilder.update = jest.fn().mockReturnThis()
+    updateQueryBuilder.set = jest.fn().mockReturnThis()
+    updateQueryBuilder.where = jest.fn().mockReturnThis()
+    updateQueryBuilder.execute = jest.fn()
 
     await repository.updateEndsAtByNameAndUserUuid('test', '123', 1000, 1000)
 
-    expect(queryBuilder.update).toHaveBeenCalled()
-    expect(queryBuilder.set).toHaveBeenCalledWith(
+    expect(updateQueryBuilder.update).toHaveBeenCalled()
+    expect(updateQueryBuilder.set).toHaveBeenCalledWith(
       {
         updatedAt: expect.any(Number),
         endsAt: 1000,
       }
     )
-    expect(queryBuilder.where).toHaveBeenCalledWith(
+    expect(updateQueryBuilder.where).toHaveBeenCalledWith(
+      'plan_name = :plan_name AND user_uuid = :user_uuid',
+      {
+        plan_name: 'test',
+        user_uuid: '123',
+      }
+    )
+    expect(updateQueryBuilder.execute).toHaveBeenCalled()
+  })
+
+  it('should update cancelled by name and user uuid', async () => {
+    repository.createQueryBuilder = jest.fn().mockImplementation(() => updateQueryBuilder)
+
+    updateQueryBuilder.update = jest.fn().mockReturnThis()
+    updateQueryBuilder.set = jest.fn().mockReturnThis()
+    updateQueryBuilder.where = jest.fn().mockReturnThis()
+    updateQueryBuilder.execute = jest.fn()
+
+    await repository.updateCancelled('test', '123', true, 1000)
+
+    expect(updateQueryBuilder.update).toHaveBeenCalled()
+    expect(updateQueryBuilder.set).toHaveBeenCalledWith(
+      {
+        updatedAt: expect.any(Number),
+        cancelled: true,
+      }
+    )
+    expect(updateQueryBuilder.where).toHaveBeenCalledWith(
       'plan_name = :plan_name AND user_uuid = :user_uuid',
       {
         plan_name: 'test',
         user_uuid: '123',
       }
     )
-    expect(queryBuilder.execute).toHaveBeenCalled()
+    expect(updateQueryBuilder.execute).toHaveBeenCalled()
   })
 })

src/Domain/User/UserSubscription.ts

@@ -7,6 +7,18 @@ import { UserSubscriptionRepositoryInterface } from '../../Domain/User/UserSubsc
 @injectable()
 @EntityRepository(UserSubscription)
 export class MySQLUserSubscriptionRepository extends Repository<UserSubscription> implements UserSubscriptionRepositoryInterface {
+  async findOneByUserUuid(userUuid: string): Promise<UserSubscription | undefined> {
+    return await this.createQueryBuilder()
+      .where(
+        'user_uuid = :user_uuid',
+        {
+          user_uuid: userUuid,
+        }
+      )
+      .orderBy('ends_at', 'DESC')
+      .getOne()
+  }
+
   async updateEndsAtByNameAndUserUuid(name: string, userUuid: string, endsAt: number, updatedAt: number): Promise<void> {
     await this.createQueryBuilder()
       .update()
@@ -23,4 +35,21 @@ export class MySQLUserSubscriptionRepository extends Repository<UserSubscription
       )
       .execute()
   }
+
+  async updateCancelled(name: string, userUuid: string, cancelled: boolean, updatedAt: number): Promise<void> {
+    await this.createQueryBuilder()
+      .update()
+      .set({
+        cancelled,
+        updatedAt,
+      })
+      .where(
+        'plan_name = :plan_name AND user_uuid = :user_uuid',
+        {
+          plan_name: name,
+          user_uuid: userUuid,
+        }
+      )
+      .execute()
+  }
 }

src/Domain/User/UserSubscriptionRepositoryInterface.ts

@@ -715,12 +715,12 @@
   dependencies:
     "@standardnotes/auth" "^3.7.0"
 
-"@standardnotes/features@1.3.0":
-  version "1.3.0"
-  resolved "https://registry.yarnpkg.com/@standardnotes/features/-/features-1.3.0.tgz#a7894dfd6b00aa4917d613e7b831d97f7e5154f2"
-  integrity sha512-H11Jv3uPHmGMC9MmRAMN75ozTOeFS56Fif4egUShxj4mfNE6cRx85FFAqPf3URKukMHnPR1Rf+B24ezrgcnXIg==
+"@standardnotes/features@1.6.2":
+  version "1.6.2"
+  resolved "https://registry.yarnpkg.com/@standardnotes/features/-/features-1.6.2.tgz#98c5998426d9f93e06c2846c5bc7b6aef8d31063"
+  integrity sha512-s/rqRyG7mrrgxJOzckPSYlB68wsRpM9jlFwDE+7zQO5/xKh+37ueWfy3RoqOgkKLey6lMpnTurofIJCvqLM3dQ==
   dependencies:
-    "@standardnotes/common" "^1.0.0"
+    "@standardnotes/common" "^1.1.0"
 
 "@standardnotes/settings@1.1.0":
   version "1.1.0"