Fixed a MailChimp test. Fixed payment and subscription handlers to deny anonymous users. Hid the subscribe button from anonymous users.

app/templates/account/payments-view.jade

@@ -13,7 +13,7 @@ block content
   if subscribed
     button.end-subscription-button.btn.btn-lg.btn-warning(data-i18n="subscribe.unsubscribe") Unsubscribe
     .payment-status(data-i18n="account.status_subscribed")
-  else
+  else if !me.isAnonymous()
     button.start-subscription-button.btn.btn-lg.btn-success(data-i18n="subscribe.subscribe") Subscribe
     if active
       .payment-status(data-i18n="account.status_unsubscribed_active")

server/payments/payment_handler.coffee

@@ -56,6 +56,9 @@ PaymentHandler = class PaymentHandler extends Handler
     payment
 
   post: (req, res) ->
+    if (not req.user) or req.user.isAnonymous()
+      return @sendForbiddenError(res)
+    
     appleReceipt = req.body.apple?.rawReceipt
     appleTransactionID = req.body.apple?.transactionID
     appleLocalPrice = req.body.apple?.localPrice

server/payments/subscription_handler.coffee

@@ -16,6 +16,9 @@ class SubscriptionHandler extends Handler
     console.warn "Subscription Error: #{req.user.get('slug')} (#{req.user._id}): '#{msg}'"
 
   subscribeUser: (req, user, done) ->
+    if (not req.user) or req.user.isAnonymous()
+      return done({res: 'You must be signed in to subscribe.', code: 403})
+
     stripeToken = req.body.stripe?.token
     extantCustomerID = user.get('stripe')?.customerID
     if not (stripeToken or extantCustomerID)

test/server/functional/payment.spec.coffee

@@ -32,6 +32,12 @@ describe '/db/payment', ->
 
   describe 'posting Apple IAPs', ->
     
+    it 'denies anonymous users trying to pay', (done) ->
+      request.get getURL('/auth/whoami'), ->
+        request.post {uri: paymentURL, json: firstApplePayment}, (err, res, body) ->
+          expect(res.statusCode).toBe 403
+          done()
+      
     it 'creates a payment object and credits gems to the user', (done) ->
       loginJoe ->
         request.post {uri: paymentURL, json: firstApplePayment}, (err, res, body) ->

test/server/functional/subscription.spec.coffee

@@ -91,6 +91,14 @@ describe '/db/user, editing stripe property', ->
       throw err if err
       done()
 
+  it 'denies anonymous users trying to subscribe', (done) ->
+    request.get getURL('/auth/whoami'), (err, res, body) ->
+      body = JSON.parse(body)
+      body.stripe = { planID: 'basic', token: '12345' }
+      request.put {uri: userURL, json: body}, (err, res, body) ->
+        expect(res.statusCode).toBe 403
+        done()
+
   #- shared data between tests
   joeData = null
   firstSubscriptionID = null
@@ -202,7 +210,6 @@ describe '/db/user, editing stripe property', ->
     joeData.email = 'newEmail@gmail.com'
     request.put {uri: userURL, json: joeData }, (err, res, body) ->
       f = -> stripe.customers.retrieve joeData.stripe.customerID, (err, customer) ->
-        console.log 'customer?', customer
         expect(customer.email).toBe('newEmail@gmail.com')
         done()
       setTimeout(f, 500) # bit of a race condition here, response returns before stripe has been updated

test/server/functional/user.spec.coffee

@@ -28,7 +28,7 @@ describe 'Server user object', ->
     expect(JSON.stringify(user.get('emailSubscriptions'))).toBe(JSON.stringify(['tester', 'level_creator']))
     done()
 
-describe 'User.updateMailChimp', ->
+describe 'User.updateServiceSettings', ->
   makeMC = (callback) ->
     GLOBAL.mc =
       lists:
@@ -40,7 +40,7 @@ describe 'User.updateMailChimp', ->
       done()
 
     user = new User({emailSubscriptions: ['announcement'], email: 'tester@gmail.com'})
-    User.updateMailChimp(user)
+    User.updateServiceSettings(user)
 
 describe 'POST /db/user', ->