From 03555f0339091fe22c159bbb1f6e400332ee82df Mon Sep 17 00:00:00 2001
From: Henry Oswald <henry.oswald@sharelatex.com>
Date: Fri, 20 Jan 2017 14:50:38 +0000
Subject: [PATCH 1/5] added chris and removed geri from pics

---
 services/web/public/img/about/chris.jpg | Bin 0 -> 7021 bytes
 services/web/public/img/about/geri.jpg  | Bin 5579 -> 0 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 services/web/public/img/about/chris.jpg
 delete mode 100644 services/web/public/img/about/geri.jpg

diff --git a/services/web/public/img/about/chris.jpg b/services/web/public/img/about/chris.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..d317be783a48c772b7e76b51f4f930ae855d535f
GIT binary patch
literal 7021
zcmbW5cT^M4+xC~<4MmU+Qk0G$LBK#zq^W=)5IQJLKtQCo(4<I<pj0VJkxuBn3IUO(
zw9q>uO%p%}kdOzzzu);j=e&PC=e=fk_Bv<oxpzN1GiUb<ahkXcFy7bD)&NLI0Kn#=
z0K^p_Ufs{h0RVJ#05Jdnr~wKRW`OL%kz5pjgcG3n#{<B960U!}0g1?eV@LrY+6f^4
zZ;aW+^{;F$&Wqmvy^?((`QMBmNdJv~`GM?TA8-*35cdFuN6*~7+&!PUzu><qbpuei
ztF1%+H~WSD@xuRD#tEMI83a&6z7<N7zKgpHCw2i$)Ib36l8i(EAY~#UV<I8;0(=)w
zK|%75{^@p6k&u#+Q&3V-)6mjg1k^JEq$Ffyq~v526n}3+5`57PkTX#*UzNE-$)f*+
zO2Ff?Y*^AqYQekJ-K+-RF+w+=z6__KWxK-8!6|(0x`?Ql99aIAf})bzJ#`IDE$#b{
z4ULRpCZ=Y#cJ>aA&zzh+y}W&V{rm$WUPVSl$GnbBe)}#ZH7z|OGcUiO@KaH7Noh@O
zU427iQ*+Dbo?cX6|CfQUW8)K(Q|RfL*_G9`^^G5!Kex8A`v-@Aj*f9Br+>LF-sgX?
zF6#e~{Xbkx7hI&|<YeSjf4N9VegA?pkyBiip=7?JPxZuuML;%;`tseRkJa5Yf;SB?
ztWRHlr)3k8TM@?oMf->B{{|NR|3&sM*#C0P0crs0KO!T&7$q{Yi;*I~5Cs**Ur|w0
z{UhrCiuNDT{T0K%B3>jRxyW(RneyUbprNAqx9$IIhzl3flA1UR(36o|OeQiW016QB
zd9flur6X$bCMGwuj;`}E4h^gMb{NOH<PjL6WZunw?8|R=#G?~5b7pcr4Fy5%t!W62
z=6%(x*>^d(G%$GPa!-qtwc$*)BzNa>RVOW>+!WUNNa%>>>vMU$A)y*BYQ7lsa8g=Y
zfSIh&NnXEY%jad(3G*yTcKjXwdF>X5eu?~bj)^jMDJL%dk7CLCuTOKa<L9)5<#tk+
z1eRs#==Z2AOuzIiT<DLKJWl-lTqkuVwz8gNJiV(VgB)H6JR%UP;4&`x+T(awN&do$
z;CH;J3v0OSv7&nBPtj3X@aJOopZ>@Xh~3{9>lM7u>E>&>6YmP+1=e+Kd-r+Qb=G*>
zA$y3MAo$xHZs&8R)!V>g{OxatKMxO0c~3{U9BL-06dj&Z_`nnut=qS(EFUh?X^H3j
zfkc^)XpWv<3Ga||QBt4E$5Np<6SBufSS7u0?+ja+3e3{Hv~RMB_LvLH%0w9AoUklC
z;XImmu=JjK5>H)IVQ91Gks5jfLf2hxQSmFC`Xcir&#&X4y_~^W0e#t?js?!N#^QsN
zHj&dS@h3w?<ZCZ;)4su^EBuOoULl>+$5f-`qC!y=Ki-$ns5V->8q!-&Cmcm7a_5NW
zfSZek#yUT4De2Os%7*wKR3@Cco`2_~ue7Zjhgh!0U9Jnx(fF`5E5Bc*FuUZM=(@a?
zkSwLCX8k;fp9qAbTzp{ir;dHU>E^Z@;(Z3no&hrpB|<j!@xQQIz(`PQLN8%LvFoJD
zFHRL36}ReySESfWKxMbNhOq8Z^giQYEcf%F$R_EIr>|1xY>QsKwL9Y)T;e`f>9ylj
z&n8_kV8=-pcx<>Np~q62zCrebzU{_3x=4?SqOjaAy<GBs;&JPt<{v7I=Nb|CER6`b
ziiWfKC6AjW@~ezLkGE~FwZ&hNA9KxQ+l$iQvl_7OMMQgBza|1yL4my0D+zk~7<5dX
z<D)bgEmt=tGPk+rFj%-wr^l3*9gks7?ziLJ2SkA4@|eo4K^M&68r6)KJCEZ2bLo!)
z%20EDN7@1+kZ)zfY$H^VF3G}cq_ie?1j!hC=L<CyDd3JZ%jdsXG-SkY1Uxb;#EA&Z
zl8ztw<6Jye%Yv`{?o}e}yjKQk*2Zd^ZDS|ijI&S18-EAoI8k@$*V)e)5-5tT&74wi
zai)HhHJ_dBJ<ySecGl#!slCbDttx~*IKb{4)!+uPWT?!Xl4ZYLNx85WSSK29w=pFX
z(Ox$qAdBB$8-CJvivog#q?cQW%xG_q;4hJW5^kjMYJ^A)uDJIi5*8(!vB#*}(d}5?
zT3O2l27P&n;<ghyE|1GHpN!ejuXqO898RNkzr(qLK;LJVx~Ebb(rQShq#;!Yl#0US
z30XFWdseoX@m{zbmaX}TH<olOujAQ_v3F=6;)fSw?=5ay=*?Ta^*eCMTFfNsP1V$s
zmi->~#eMd7DT2*pQT@n}fD?LMNzZywi?g9?EXVpUA~Q9I;1FEV%FdrmX~vmFOZC*@
z-iM=gw!gC&?<gPH!NMA<E7i-@N^o4gury;qfd>wD{<d-Kgm3mjVUzFhiy2#18>_kD
z4UHXkIlNeknS-zshK}K$y!{8F?1w17YacNWR)s$`Q<fEJefn|5LRK{Xhf0Rg@;W_l
z#;_&lgex{Frst`2Ieo?L)$*#HeVlZ^{?+=M8GFA3iGYT|zDKM0e%}~blnrSrcUa~r
zd=kRsyF6XK(bD>=`}%wOeTG^!8AX{^<X}YZu?Y;!x7)s^7o)0OxfOQI^S#X$#Qx;#
zuP!0aZ;6_$zj7D}iSVmVRpxVZ+fr{t$e5)w_I(Vv6#EM;Ei7+KY5bn{3u<WXl-2R?
z?AqtyGx^qbi)Sw<)m3MBEy~|9+eQ{@Bt<>wJFB>ZGVjbB+wXgzIi8<BttNEpI`$>;
zDDCWipCHGgeou;!P1t^-Qn04<t_)jI(f!%RB*`wd`d1cAXmajD<+62izQ{#kjC}s8
zx$AvZ``V6hCT@>q_GyG<zAhl9_qdDdT1)ZM@nnPXiGJ3wY=s5WQ##~NdFv~X%MHh$
z=C@O~+^QBIMr?Rrz1H}&fRO{kcnI4Ii#;iY&K#qrF4mO%sD9KBMau8hlPPO98ay6f
zt0*kB_(Q+m0T3S#UFMedyrb@!`#Bt3R#kM=a%6wES@J?pr3rilMj$8}G8j5)<&0ff
z2FPU}l5rSt1M8cWN@tU6E?-|M7ucO^%9By(u|OTcB}dY`H_udYM4+#O+d2x$x##v6
zr6eb~%ZciG1b#2aPWYu{rAjHhOao(<zC8(56UVSvV*6vg=1jp$R6CuHlM=$_Wn3{y
zCYo~AvTW9?cm2G-%oiX72x&MPti#}%<L3pI{wWM0ar+maxIxWzNylQfeT%!ncbkMk
z8h6?4IDdcj1jokddE;{A1C!e>zstvTb{*Xp$!m|;L=e9d-r$Z`T8RJ`UZn#AP8m0?
zY#_g4P_!ujAu5TA;I#re6GCrx6JiT5+3A?}KaRiTayVz1v^l|{`Xz>(Z)i%skFUq#
z&;BVmS6Ll7^yh_X_H#K!(c9io&LDeCpamwkH(R{B1zwh5wm$@ck*KBHChO!!e*plk
z<$dvANCrIT_sYEbhDoajpBfWvLDCX)niA7pijX8L!L{55=-xu%?0jg$IL>G6Swsk9
z+$h!l(@RuH@Ud>@Jx>b#x)Nk0>WQf46%lZr<4<;OOVbtB2WP{)<{=p0o~eztGWHv|
zlcXCxd{Z?Q=O8~HaU9Y<^rk4eXg3gu{`S~^Ow@)7z{d7Hvje4e{SF%i&ttq&OO-gj
z_dn(Kw-<=ad0jAFthIbkKb``xWqnqkjF>Ox7}aww@fNDQv@kewbG*=T$c&%Pj%B=_
zx%BP#E1Xh##;y>ofXwm{*;MCkBJd1B$spdF#(VWm3gXdgPxcjy@|Zd8Q&7JGvQ1?y
zEG2!du|DYc*~8Ciyr5f&8ecB$ZRTN@W@{^?{0{!8B}hBWGtcAu+rPmF?Ljd-sUlLn
z`x3FYlr+=GWf3i<O?b_E@8b@x23*?5Eo@7JF*TBPZGgXuwufv<5xi;J|LvIyU)|U*
zz4zS54^#JTn4hGqGxvcWe!LFN4(2&yc0PTc%Um}sO9VhJrQIPe^m+#rDMk*u?JAE#
zI1fKkS<%wW)b^GcEBGsd1G)bc^-z3kQ<Qr%pt24jjekiIoN~tIH=;+68`<eP7Lr7~
z7PvVV?@AZ!oI_ZD#Y6<2qk`+sFMkt$)iw3#om;+5|9&Z(3MHm5yV%^>*yj<-!%1wI
zB`@^r;5?(ULd8!zBT=IS6T=z8rX*Y--yHN9WRQkxOmjTWIeGiwAmFj#??+$#1O>5$
z-G7ilxC7!CA^AOuR7dHzrC&@KrzX{;VNS?ZD<j7<H9yMVx7{DPLe|5^kpVL~#@3Mr
zY#h=>$?!r&WdG*)H4R_+&EG8JNbsfl<c>{mh{XFAm04U;Db5$QRA>D;mlx-=C6p{!
z{IfCU6|-$BRgS#M*QbJ5WSKN1WSN0dVSNf*CNBRuepn1SJkAq<{&BtA^7>vUi<g#z
z8rzmIEfMGq`}o2%xC{IX$_O!EfksPpFxTRoiv1?>smZ<#^|#3FhyZuZ6IO(k32fkp
zk)e#+{n_cWpj?pX%4MOW=402ixFF>+)!HrC)Uk(_LNX0&H$Fkd^0BVEiY>?)|8!hM
z#p(1)3~C`Q6!K)biN4jx!jwZYqc)y|PP;CE833QEuMD~~;W|IRaXFfM^Dx6G>Au2|
zJtV@SwtvdNYaXl|>u-NaYtl%0%2#Q$7ex2726~jT{vwo)aUuE;DFUqv=@D;Ts+qH#
zUr4#0?wb9Uj8JaN`v;3gWxMUDqNM~TcctCeL&FD{Az{AUVu{oe{ri=7;1IkW=2gR~
zbmaM^`a>2JcbV+GeZxTRySMBlXg=B0lb1?IKk{SB%yfi&pWg5i5x#Z|)sjQ<`B|gH
zh`=;VMq5J7BhH6A0v$1LuyZPvyQaf?(36?@mSIANLt(?0-p;WJncPOU#uI`%E%${>
zVbuGhzzQ3WZt>4Q=2q}KCT;%HeT1xgUU`*CsF$%jpsG)AO<k$9;KY1-q@GvH(izSc
z^a!W!yR65mmp9MWc0Sa`e@$2B>KE}j4~sL{SV)b1T?nXSV9jNiO-KE`DO=S%Bov%>
z6hT2@hzVFunnpL`eQ^Pc{J5e|14Z4!!+mAX$A+1+MA*91s}JWDt~aiVE-?h%Dbrku
zBT)5my0(|%;9X1eavmp7Z@+h3x`g+B+U1Ei9d?0nC=`zs7F23jzI&Wi`qYCK6FUia
z+-9!NSbnIIQ39Gl(20yrb#e<6KBx$C3~l+vQd13{#87oAR=)q7%XiN2oFhC|_da6+
z<>`I-CF5{*xj*t-J_pzb@nw5P88H*+swLc}-4;}wU%V^kzNdbU!=wCNKX|&(EE0ij
zbZ6C38JG3h=*ifIObe7aP6%inZ_A~y+WMs!C7Ra<ZEk}7FdBLL@|IX$j@FiS`JzbO
znQ~5PL>Pba9U?$xk&6bO1iqB&O(sFKP2-3COi|j8kDPo|Y6XipD}&~q!Ei6$I$1N-
z(Ul1DTF(YG^gj_u`GVg$e7Sk|t!a&YeM_Jqq9djVq1MEW-sFvtYgm;0Ug?JT^|T{0
zE8?3Q>v02eO`Jz+cu|{FBjS3N7gEefwArfBc1z?*Y5hR-;%2UNSDE=JV`Wi=U-)nR
z{ka#RV)wEG-`wo453GnR>_8L@xHyMuvT&2^im!t%1wC!YUaZQWZLEczGv)k4X})4w
z3f!;A4<+$sJ8{E~59`Lq=7*Zao0~UzUdvVS!KMr++jWQLKyi;F#m0WP=b7^|tx8AF
z`o{feN;bf>?HxdLswWcD!6QyfB=u#AF%i9J21?CKrDL|^DowvF8(&jqlsO%<Fx;Er
zW{c8V-(N7f^Z^lKfgU;M#GMsyrS<f{<(bXr-NfC!WSQ-`FNJiD3$&eLdQfLO@S^s+
z>?Pj`6BTX=e1;}|_J<EV+?kwYju+la^iMSCm`?H=SILUZ_E2pri@&PIeWdHHbiCBm
z-5*d7N|f-fPoAAlSl?T#Dm$9?E4wp&;B14vZ!yW%n>QlL_Mlfa?WM-lmZIfQ>^!$`
zf4v`7KaJPIwPCzu(Td}QF^BXk+qaycv>|2FtT1#aMKFse!{L#GveFZ}4>xbJ&iiQ4
z-5}$C`9kpzGTwXVto`X}u$um3$=>0EYTgJS7+7t6ahL{i)(+rx6K6XS*2t<4L<(*a
zG&LF!QqBGCmKdFP`hKJ8DSGqmug<y3iYHe`?nIC&mo`R}FRt||f$Kzq2HY#wRH=ls
zKO-j4Q;(3pazSyQQI`2fWjf>Zncn5^;fGAQ!|Imj1JDHmgU?hdc6PSsInXOp9t>>(
z%GmYpoWRs)R)2;NCkXx6UZJ09Flt%jD^z^C;@GK+DR9ffVkBzpNdt@<qyav&FP`Zy
zHW{^*xq3YzU&xy)N>;hw3~z#cr?mMh$h-{aXeJ;&tg?OYg=$Ye&-X9Q+~qN9WWN*p
z+Ty2Vf)XDzA7()fe6s{bq|Q)R^ixt?izwI?*0M^5gF#qvy(#>i6_GZzmG@CzE%mXU
zOxNG+e8GdvPR4eu--Q>H@ZeYvq21P;<~wF!bQJQa?$qgkDWvn+W_EtF#u{%_hp+61
zQiFDI^-;5~lvml=Zw-IPT_WIA==Zp<F;zusa`#E+1dy!oqggBN2G3=gfv#QgITg{L
zaOJbd!^?4D{*H2Xa!_a0D}*VorphfiHC_>$7VXUg?ah=-{pebJlS(SKm;RT*C0Pz#
zYW{Ere`HJty>q6W@xaP!FM^r4U9$Xx!Hl}IT^ljVOrF837Qw3-$^@6#NRAfKSt1a2
zh+v^vRi1IF-hfkKV6mSjI_B1BKEX7;mRY!~hAc<`e0TJ48}7@k!B>T*z~Yv2W}$-+
zw0<vZEBD*1%@3ug$Dc1gf=lxi^(mDpD`&p1BpPp-MfR15ykRsQyCFcYMGly}cp31t
z#hMa6lzYh)9EsI!Wx+*T9B^v6)zd?KHeTCQsUHiFDLkT7-PSHO3`UQBoG~yGbU1|6
zuEhF98??nvSWE6jsCV2hM(|V4>bE*JDWifP=b4yodCI+cJCv1${cZGz+RK`{@JnON
zJ&rCeL%W>KLdTh5<=xQ8>9T`MFKCppi*3(}6lao*^EQriqQ5P&x0n}B%;zTasHp86
zHz8mDswXICL>)q9&b^O1KhKfDTM{#W4HC+pPi@`cle<S&9}0QV55c(XAFE>TaenGt
zl_uYLqiMTpP3H^?aLaee5t1Lfe1$0@OK6}$wOLp#)N_JxeucU)G67c8etxjO3zzBP
zQ*tRaR=)VJFscd4D*7QlLj>%Xs8MTramE3us6c6ks}n^}!XazvdlP4A5?vwH)-uky
z_Vu86UX^Y9klqKfWIa`?$0&FUd<aT|_}m$-&v0K_+5&Cr&GV4g?3z8P2y`#rkBU&!
z-|oF4eE((rtw3HYTZ8hezblSZ;_;#(wBD>+xsVXzBmv*&vSB@|w=CDmBH@bHS<(7n
z&Ac_Z;redZeD2|T?~oG2E;T;apq)!_yHuR>(AM};){(<>(7m6-hM)duu8!26$>JSb
z_|2UfVwLX^fue=tAn`Mmpb!iqrUG)O$i$pOVtud=&2DPz#w+V{_~dl8Qy(s47Ie27
zGrSa|a%D!nZ2QQgu1G6s>RJcw%^Dh>RJkl7K>emvX1V4M@=L{ob6VxKIqE;+Tu55&
zf*m%gDWrYr)$l-<a<ZCL?vofp?qx)}O^KKqFRj0hNbB|Mo)iAV{${XAAE>&Q|FycN
z^ZvHi<v-rLy!V%R=fgv(Aowkj!4}uJB7-GyNh+z2C*;T)5_Cb}ecxT%Rpr1nP&ix+
zx724=h&p~P3DI^S0&Z_o_XW?$K{X1sF?$ox)A}y%Mu`V}URdcq5F<`fJv!!aYCeCX
zCB{EVt3AUc0399QRSwp3l!U4Ms<9ZW6yqIxtDibl<bu(B)X>Ddts;<lD7yB-2DD>2
z_H6A=?b46%oi6falAS-u%WZ_hASgIpQuJ<7QlcIXmOY9Mfngt3Q064C)-toMQ-$go
z@n|0-Web>f2Xb``jApH-%yRmREvB7eIbNM|KI_Z5YcD-VpVKB!_$NE?(q%>RAaF3M
zg1X(}@i(@>o2HHT6X<q47~_h5U8z0}lImmYP2)*FHX-QQCQ|5Hhh^W-Dsdi_=8G@7
z|30hmSN;r~`R9T8tV)RjK(W7eY<rCO20N%fgZX71_bfGB?_GG@Q!96c$uAPpfN15S
z1A7bRQ}TyHD?)T{>N$ScvJ)t0Yw%!GT$b>NPYxj&hKrq#SXZHALY@(U*bYI$M-`>%
zc_%pSRNI~4Qm0v+v9>EMdu_={ZuSWc?d?gCw)EUIj@^KSrYt-ovZo&u{U{(ed951B
z6yuG4JQrd^1YY?P0k(?6rNkVial5)PiBFORW+NnV2CZ>`m4@sCv)-BgIC^dV`DS$u
z_i28hG!vd{TWB)3m1*B*+>lybaN`aw^=hm_-{d_bK&+S@peKQe$3}6caFsfvePxla
zOH7OO7iTFh>zk+Z5vTsMPmN3uc?O*kTmkKIIH&PSRln86GSv9{z^{&d?JoY@o-|!1
z+^e|xHN#Stq>G>PG$7V#&PIivfatWBz6>9#zSuy}MArvG8K-dwqwu4??Zs=6v$MDD
zLJKg8HpxM4dk)6j37uX6jj<{${znI<=EW`5&(mEu_}attFyg!%FkE05Dp)DN&_F;5
zzYUsjs6pOk9W!ED3LO$#aU6b#_rrx@9y$4rgA<w(j+yn*P6QXk_cp;wwLsQ#`QBDc
zalR+t2kzXjoyK@mcXFh_Ag2O^@hf#-@OE0nVS?D~$f~)ExL<aq#Z4itat%%Lu(uZ8
zFLTVTeD%JZHF-QRfjf=qY)zbuu5@<qX{_Gs#2Q-Z)a<7woL7&Qr?0@i`(JMl4lelF
z=@=%tyEjG6NTF`D|6TQvb;_ihRD)I{)?-41HOLF83DV8sgw&-C;hy))R>T!=7;Vjc
rOw5!l^YqFKA_8>rMH@@lico<4a^0i##m#J+yjW2{U;Q!(apr#joIg<^

literal 0
HcmV?d00001

diff --git a/services/web/public/img/about/geri.jpg b/services/web/public/img/about/geri.jpg
deleted file mode 100644
index 0de2f9a20e76f60d7993b467832d8c3ad98a368b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 5579
zcmb7IWmr^eyPg4NXqlnAV}|aOl#m7`q+5xR2Bo`uNCD|aQhI|hNDf1Tw9*0!8w5c>
z;o#nW-#LHJvwptU^<HZ|cRcsAZWnLY0T2yUbyWZm2n0O5djPj9fCm6D4hRgw0fRwc
zTwE|70fc}6AD@8y9tjbIikzC7iky;?mVtwbmX3{{l9HL1nT?YR&JCww;uGY9339;T
zu-}&eadB}8@Ce8V2*_Zxl(ew_cir{_pm+d(fGai-3c!K_v7x}*0RSBUfQ9}0ZU0+1
zAS`S!5EpQFNDBn~KKnn1KrC#)-N)Q61BkGJ04xYL1ONceT;51A+%&F~%Fd&tB-`xl
z>ohk^13qZYLj5btHY@X#ZhD5d?5~6Fd4n|;<4hh-(RORG%^tG*W%=knKrbc-97(;L
z`|dqcK}mz(9o9l~I38uwPy@3)!EzG*?)aLxnq~8`XRE7rXnZB{L;GBN4qoPdFx;$8
zi%a4R&--94XPTEq3lXD>`7(L-snqMa{Olzq(oM#$TUXO>a=NNYc350jy!b`VBeFb;
z_5pw6^4(QskJADYm2gq#u6+|a(AQ)(6%Nk#yNcM{Ej-d{a@+d>`OB5hZ1M7V+4s<o
zl}VV38hV9f1!*jA_&;fwF1y<_4D9w{I8iFBu>QoAxl@fATR&;%-Mur$;Pf#r?ztvs
z1%>k69%QEIrd#EJ#pTIQ3;siKMyryu-2Ew4GY3I(cv(N~>)PdsfzN99bW<vgr&$7T
z4wEs2nT-d~BunZ56-@P%Un2(GPb7fT(^fn#1-8KRM!b7IKQ_QQ{tMiMEv_EQUw`TP
zL995!u2rh&MTXUD8%tsew@3Tg1=Yn_uz{q;-91NIG&k5hVIov2(O^(rmh{KpZJS5p
z$XB~t?Bpoj6=lZ=3b#9);Sd1UT>-JNaj^g8!5z*x04Ru*3_{LA!79Ye#x5qRsB{NA
z-W?l&AgnksVsW}%19i()YxlH3u{Qk?Uqa`t%C^m0K(p?Nl%7#LXMq0BP+ltSU(i)P
zdCe37q>R;^x>t#4Wc$<cUsF0$V~;S8XLkyFbkuJFQKP+x9dLsRT5;0_utajbn)GpA
zUXmj2cr?5v@jmG@bgOal4xQFGLoE-#=QbVP_y$5g*8sEIz(D$}#c0y8NY-b8Pmh@?
zpCrMhN~rB+A(3tknqjZLnO7Gj#c8f{JbK=%wO?=_qP3WD1Qr$O_NMY>oyj5C`_kZ`
z&pUnCGB%=YTWG~7QXmq33wU}Vyfp?VpRFAV-5`7?=f&%bblOeY0KaP;Q#Ega38q9O
z`M#K}GBLl(teB7lvQ*JNT!#>_JsW;|m~AO2Z1`<C2XGi8TfK&MPMrf<Z*5<H2~4oY
z>o~hM58YDZWx$gcmK&Ay?5=j`bi4&b&WdW&7l;>22`$S#EUJ5YKe@_??^FgUlZt;P
zWrR&!;E||5UYd5YVZHT97a?9mMsJ@Dap7_=y)jReOEv#>^b|b_!}jLAC~2l%h6gs4
zIlS#3Lo(Ljb|4Q!IDH47*NeuQ#M}AwAK)k!GQX-B1?{z5Y#mHo*vCU@zkU0`+&Acf
zXk!$0h)?TF*B~jE@8pc>dausJx>ZVyV`H?IQ={fTyOOtn+$~Ar%2od~gRk{S(UnF>
zS;pmTgR*m!T9XZZ6Epkkrl54{rr|f4?%V|nh;zrL|Bwj)#DZc&NLhrKSru`}^vT%-
z6>L1h{vp$yy~qP6F-z2=s*5}O0%s<{y=PY>=C2TgeC=$67pWtOG4}67$1&URD<*fX
z<(eqkFB-H>Tz1TzTqmVhTF7*lZ7X%os$cX!IARcWUsUM4mxFrBimp$-Mrv2BuiGy~
z(ckk>%D2MLU`aGpw?ZmYez4o_60jJy&wS~>SGYYmpTP}f6+O#kueC@MA6Oy(Y89ST
zvgcyC%z1e5S@nMMUZK4-Z}WZ#*sNB_7x7N((Yk5LkovoB;Z5XF1xB`T-9&aq32I5w
zZ_;kNJe^GJX#xwVkUP`<A!eJqa6b8H8a}+Pb16-pG;Av@ZORrPA>z@wpKR`=;<%$+
z9!#<R+8bV3u^lwo_p$bh=}-57I6y4$oh$#b<U1`wprkBhLO9H<!ixGz9-=m3#s72<
z>v#7&7Np>4emFFxnkgsCpm(P5WYaJn8UKr9Sx#R#W>k0eMS>jEEKXFfY?(IxC|Gq|
z+<qyqnKvEQ4c*wbh&oh@O`aXq9H`<I4(3pgZ$`Fhy%I)@j9IE!rTZ+Vv@LbtF^XtD
zhxG<*KiX7F0q+f)%H1jDROS(u{n<5R@#&Xzi%<-^VZ#G+<(gJBB=f{!ywQ3;sI)9O
zS0%(fy8O(3+o^ubLCC6R;!Sc{A<pG?f<%b;0~(UN?I=!kMiA?hI782Y=qUS#M&niW
z%ID96NMEkkbdIL8zI#a1Bc1xmKx#v%y9wnia?T!|dPw>7Z2ya~)R93pb#rx2{D`Bk
zIcdezkLCmW@A+wwqaLVLbF<d!VJ8|U*@;|H)k39;%$i{$Rg>`y^S=nB-}s3QcZ?iz
zG^4mZm6R&wiyvur{_@M5Z~pqVyYR04q7cBH3j#qPTx`%EC%l`L*epV%kl($>A!D`)
zV-rz&<dN1yF6e0+ftud<V~SvTEXN1_{Doz)T@|37lG4w`l0H@P@ZpLE^rjp2Zb3-)
zjz9lot@LW{^M0ylB0=)|MmG<GDD$uQ#0yXGJ1*kt$_E#w)!F~5HsNp(J4CO#7uY<O
z<xZ_ic@>}Do&IyZ2oMx$Ly*LYB>>a2{!#Wi%NS%*3-YVqt<xs4ndi!#v8WO^og0?~
z3Z|sL?}>`z{z@3h%ZFGAgiXm^3&zb@I{*T8G8u`{?6&|!omR0PlZu{HzIM`Q=H})%
zhUiTd#igWN6aBJF3lGsC(+0zcy;?^9*vFRjQL<S*8fh=10;7l*D*VWIFT_x8Pzg)S
zm_{khJR$W;k7e;SjN+im$26+@IDd8?x5Yv-^uvT*uHQkdv2YVX>NZi8>wVf|r7~@y
z6Pn9(bH8fkH${eR1|iBi3r?HF>Grgfe)@-w7Q_9cwnta=MNqrW(zUtOQ^lif`D&vk
zy?kJMgyCQ95fubQ=hWUYLD>gvu^0_8p6g+AKbXR-H^mTDx7kF7y795EKgl!jx=PZZ
z?7YvT^iwUfy@+re9t5(th;J6xda35BtN-)4k@H*Y+Vu^~ujYy#Afi^5aRpV$*EY?A
z<~rks^t6=gVNIoZ25(*&cQu;UbV=WHaPf&@ne8)K+$?<;5_3~$XlWjJ9)lwhp{rDB
zrdHFVw>90azqGWLT(LuC;NjI(xYGA4<&H{Rkh_3%CuJNU=#P?t04R%)qP~p>BrL5M
z)ik|ve8T*nkt)x^S@#Cn6;tbE1E!MW5Q9FSg=GDG49$un`k_-TUsj`5>psLbpwRA)
z=;?hzqKoEd;ArKMme&{2);y&M5h%eTp4?L=`r1O{R;FR?;<r%pe2iAM{L0C=zdA1D
zEssiG0HJ5Uj~AT=$tX2Hb~YOYe?&3c;#x4%?xUKHld_JJtB^RK1KDsufpveOph{#=
z4m_g9hs>aOEmI7O1C~L&dEnf_#6A<XI)<S*#A9AcT4>Qe8eGVk#p(7>FnrHX@TgpS
z=>uJvVEKBIit}UVadv*KfnwfLN0T(XWs~wsx$rtJ7QLoA7NxB^QdGyjO{8tH$^QMN
z-AQjm#{v_QVLO-N6zesga-HM}X+>_+b~y8fAd3xlGrkh5YH`AQjF6VcJonl;WcHjU
z8oP@GV}W?`nYZ;#uyvJ4fS`qzdCqhajN1_tV>x;u_5~e1G<B)6M;J|)c_q0i3BMxa
zolTH;I+<|%<do{%`%1+IGZ(*vf%KVjej@a65m3%Fg-$#V6w(LCYJ6i^(<m4L^hY1a
zC&}(&jD<@Hyl23uRWN(6GvTg~y)XMPx!^J{_CQ-2O^?WBrnu>_g_Ew|1M^KXpJ-+g
zx5#ID%Va`NN8-&;m}ZVHLd#vprl(xq^K0`4#kM;6vGXm9d;Ed(m{{P0&lhlqbs54?
zSEUbZA8flDdKI7ZRb$99WH%GI=U3kPDSbLRjZawVy{J;ID@XNa++b8BvX(#7Ti>4r
zWtG|-`lYmBWHh=O^Ce>6vWqS^Cm3bOe<a%v6A=g#^AKYrnBN6Cd3kZkDM8`S3~yHb
zXE+eDiqy<2%Je0Flk4ov=T1y<y%jZjI-{s8=kBh^h+Jk;B;ODkI`fX8r-GLbpXt1R
zH%agBCd@L5sWCr81(C@qSAM6a`zbgTOX}QqC0BtryztZU%PjybS9r(ef3^a^?+^*;
zP%+5Lf5}_8_E*B&S<3W5MGu%E7WO7isL__989xWpe#r2R$V^Q9C|rWnf{5nXr%GEN
z1RvV?l%1><Q_FLDB0NR#k}4neq^7=~(tMO%GL`G_PF8Ht-y6xDwC?KPu=+<<5F3x;
zuqNi|<9{UeJ6J&aUa;YZQ%3z1pzReFlvmHa$-mjYj_zHHkh8m~%(>}3I9H@0k<+Zb
z;M;j|3m~HnAeofN&SF^jWd=O?bU>^n&&w*lb_)=3rb$`7UZfN`5C76!^cZQfB7Q{Q
zP%W|Ol07#<5|ujfs~?H-M+K^%Mt;MMeD*MaCCdvxp!sKmB0ho;Un`j^p+ly8-+l;V
z*PCWs>J=&yHPys$$$0)GahlPT6#0|yNWp7<T>4<luW|Mv;1HF{(H0_nKLHWUcb#f4
zS)<#ilWNPr{5R4@J`9vrma&j-n1~614yh8!lPztd*0KXGK(S9iBc2n50Rw1={ctu>
zQU<>~b)eZx<mCkd6t8?7xAVoiqM3$kuIIzYukM}q%#`{*pI&gQJYz@uBXwA=Ld`CC
zyFL%*6->zB@4NcB3d++5^V9p<RV~si;Ru9Kfo?3%O|}E4&rM|uSx;89f^>DBG~uY3
zeC!R^PP7abc4$n@&SDb5`<`<Ph)qEq)@%9wuocL=gNp<D8>+iJ^S^QCj|)OP!qS?K
zi&4`j{{Z$o%Rqds70mS1j<oCDb$L^V(ZSTCem?~FS1w>-E1RCN?t3Ae%zyt3CwMo@
z|FhvMTk4?qS#tR3sXP4BLvg>iYdN9T2?hq`87=*_Htf=5(}g*MR%^pS3GzZUk`7p>
zS4uEvcJ;^jk2rU%IqtD^yP~7#Vec={<fd}T4#+gMxR(Q^IN~fE5_}@2>>S1OK%5b|
zS%o6shoMP@baCB=gdPrKu|8Mw`n+rlXR2o7$Ff(KL+U#qbj4OUpRIv+FX7lJKV{e<
zXzF@cFQ{<)#glOm3Onk8O*Mx{?`t$$N0?g~+eSt45N_`|2MRbPa`DE1!-tnpg_3)f
zRYCE=;dPkGSb@4;-xQ{CSXcMLGrZo$)da7pwyIw5X{&yn&d4VI(o2jg5$Jk{#w`Da
zH%sX~6~z%xiK*(WW+E^3V0Z0+n(U;iO}6yspL1_tTpVhwrE06T@NY7x@j<v*9DZ;!
zmY$N3bx$~S9I<qoR2PP+H%N9K@WqPS<V0nkQaleEfAwJ#I2)&Se@y93y;&xPxrZjC
zph**f!;c8$?x4h!b{faoe$NqoNqLU08dul51=xKQ%xR#il<ScTP%H;A1?{G-l0SwU
z`Nqwjkh`A_Xv+L#`V{xFqIkV0kO>!>t8MY14!iFM!^AU@-{kl`BL5ZgAA0<EM1~co
zHK8EWC;y38cjV{@g*i5#UdF76y>LDWTy1%U98!4c!|l2dt-s)MK@>@TIZkr`A7x?^
zVUB8S@m9+Qj}x1}e?o^#zP#hUWc{;(F1)EN_1V1gIFx%RgDD1s!`ZBckK2B2b<M{@
z8Q3CMbTBkiwlPQachvr&5p070@AzHe>li-Dl5Mi!a>}Ezj>}<d!?o*ENS0s7+XjdY
z_5sf+4~{R;h*FLWGQFDN<z2`w(4WA)6yycdp5yGkTkdw!?}cVQAO2iRpeSC{g6kGr
zDXOpVkq|pk6W*X66h#HYnwL<5HHd-q-;HXLsB+*L_j3#qX<Wu@<cTLK)%Dv=ea*xT
zW^=G{@`c?3M&?Zk;q(hpU`e}#fX3h<Jlf$b71Q$px2b{rLNA2{jM}T~M6Pd&e{EX^
zX^Gtj(t!%_I)ye__#=bfr;=Xs!)9<}!!})vPbnkmHhxApQQGT1xaTX)9pf^9)84B5
zUWYpK5iS|?GAMeSUKjg2i5+s|9A3;(_+8rzd~Hy~6#C$s;(di)qhyzR(5r;~R>|60
z_YytFtGKSChp6CtwgwynBRS~iRLUQ&hKt4<DP<T_Mvj~Cd(gR{P7V4tL8+;reo$u(
z(^8Zy>YZ>-S+Gd7-Aa!3Op)msGvTxkSaV2Vc+P%N`~z2qxji?x>q=2v4OF2d<>?o4
z`{=JlWs5%#>}cHhVw0wyhUS~gNUmr1*jg|naQC7W6x*0E#-rY@y(~diB7x1nNQaNe
zl59+F0m!j-Xo#3TPnH-3Y#L!r`*g${^){EA_<>zMkjV*`JJI=zWE4TUO!VtCLG2Ia
z35c$K>R#O=dn!1&lteTGOkyb1{bi0j;((zQF;?5^oUe@4LV7AxRL?L}*R9$^fLpQf
zoiW{^+O}Qza~#4jYtf1?bB<46qZt-dyCtG{{~Ntvap3eShwFRn!5~e?QZ&JHejh`m
zF;A;eIR!Ik464Kv&7*G%Us*MS4#YqjSB{KZbamW|*IkgGUO50{DmVhFGuu10Dw6y0
zj|^n+3KB063&eg=?$3zGGd>vTM2w86^$*?sNYIlpZUr#b2<=3(IYhb&cpe@`E}|`z
ziXMP?@#N&I>SEyz>902XE|rek>ghJ+)G7b!qdNAls!Xgqd(YKWpTqga^?=uqPIae%
zr7~8sd12`Q*Z6f*%?9f!cK7?|;rl78=7$RK!vGXzcAj^#S1WA<c#3M1np*6hOon@Q
z!zdvONbopy8PWvTcFJ|rzn7xzsv>gC7Ypm7KGuk~Xa^Ly=xJe*o0OyXqynKbj)b`1
z_})S|?6O}+Tr;N*qId<6;BpOqhEyamP}y2<N5G89Un<&%oA0$T`rE0R{tSk^+S*3)
zMgA1}G=<YDV#a9-#uzS^LV6bQ8doN4j;{^3{UcLc;|F8hBXOdyE7G0~IZ;zdA^4Yc
z-zB1abX-vDr32>E)idxnL)B((uilF1rA=e?dCJh-0-$uZ$Bua-u}-%D#^6e_+ok^j
DbA9q*


From 6d35585847929930422b1d30c04d3d81e1b119cc Mon Sep 17 00:00:00 2001
From: Henry Oswald <henry.oswald@sharelatex.com>
Date: Sat, 21 Jan 2017 12:43:06 +0000
Subject: [PATCH 2/5] limit number of invites each user can do

done with the number of collaborators a user can add
prevents notifications getting filled up as well
---
 .../CollaboratorsInviteController.coffee      |  19 ++-
 .../CollaboratorsInviteControllerTests.coffee | 137 +++++++++---------
 2 files changed, 87 insertions(+), 69 deletions(-)

diff --git a/services/web/app/coffee/Features/Collaborators/CollaboratorsInviteController.coffee b/services/web/app/coffee/Features/Collaborators/CollaboratorsInviteController.coffee
index 460b62da1d..1fde81f5c9 100644
--- a/services/web/app/coffee/Features/Collaborators/CollaboratorsInviteController.coffee
+++ b/services/web/app/coffee/Features/Collaborators/CollaboratorsInviteController.coffee
@@ -10,6 +10,7 @@ EditorRealTimeController = require("../Editor/EditorRealTimeController")
 NotificationsBuilder = require("../Notifications/NotificationsBuilder")
 AnalyticsManger = require("../Analytics/AnalyticsManager")
 AuthenticationController = require("../Authentication/AuthenticationController")
+rateLimiter = require("../../infrastructure/RateLimiter")
 
 module.exports = CollaboratorsInviteController =
 
@@ -22,7 +23,7 @@ module.exports = CollaboratorsInviteController =
 				return next(err)
 			res.json({invites: invites})
 
-	_checkShouldInviteEmail: (email, callback=(err, shouldAllowInvite)->) ->
+	_checkShouldInviteEmail: (sendingUser, email, callback=(err, shouldAllowInvite)->) ->
 		if Settings.restrictInvitesToExistingAccounts == true
 			logger.log {email}, "checking if user exists with this email"
 			UserGetter.getUser {email: email}, {_id: 1}, (err, user) ->
@@ -30,7 +31,19 @@ module.exports = CollaboratorsInviteController =
 				userExists = user? and user?._id?
 				callback(null, userExists)
 		else
-			callback(null, true)
+			UserGetter.getUser sendingUser._id, {features:1, _id:1}, (err, user)->
+				if err?
+					return callback(err)
+				collabLimit = user?.features?.collaborators || 1
+				if collabLimit == -1 
+					collabLimit = 20
+				collabLimit = collabLimit * 10
+				opts = 
+					endpointName: "invite_to_project"
+					timeInterval: 60 * 30
+					subjectName: sendingUser._id
+					throttle: collabLimit
+				rateLimiter.addCount opts, callback
 
 	inviteToProject: (req, res, next) ->
 		projectId = req.params.Project_id
@@ -51,7 +64,7 @@ module.exports = CollaboratorsInviteController =
 			if !email? or email == ""
 				logger.log {projectId, email, sendingUserId}, "invalid email address"
 				return res.sendStatus(400)
-			CollaboratorsInviteController._checkShouldInviteEmail email, (err, shouldAllowInvite)->
+			CollaboratorsInviteController._checkShouldInviteEmail sendingUser, email, (err, shouldAllowInvite)->
 				if err?
 					logger.err {err, email, projectId, sendingUserId}, "error checking if we can invite this email address"
 					return next(err)
diff --git a/services/web/test/UnitTests/coffee/Collaborators/CollaboratorsInviteControllerTests.coffee b/services/web/test/UnitTests/coffee/Collaborators/CollaboratorsInviteControllerTests.coffee
index cf398e69da..bc1cb2e3b4 100644
--- a/services/web/test/UnitTests/coffee/Collaborators/CollaboratorsInviteControllerTests.coffee
+++ b/services/web/test/UnitTests/coffee/Collaborators/CollaboratorsInviteControllerTests.coffee
@@ -14,11 +14,20 @@ describe "CollaboratorsInviteController", ->
 		@user =
 			_id: 'id'
 		@AnalyticsManger = recordEvent: sinon.stub()
+		@sendingUser = null
 		@AuthenticationController =
-			getSessionUser: (req) => req.session.user
+			getSessionUser: (req) => 
+				@sendingUser = req.session.user
+				return @sendingUser
+		
+		@RateLimiter =
+			addCount: sinon.stub
+
+		@LimitationsManager = {}
+
 		@CollaboratorsInviteController = SandboxedModule.require modulePath, requires:
 			"../Project/ProjectGetter": @ProjectGetter = {}
-			'../Subscription/LimitationsManager' : @LimitationsManager = {}
+			'../Subscription/LimitationsManager' : @LimitationsManager
 			'../User/UserGetter': @UserGetter = {getUser: sinon.stub()}
 			"./CollaboratorsHandler": @CollaboratorsHandler = {}
 			"./CollaboratorsInviteHandler": @CollaboratorsInviteHandler = {}
@@ -28,6 +37,7 @@ describe "CollaboratorsInviteController", ->
 			"../Analytics/AnalyticsManager": @AnalyticsManger
 			'../Authentication/AuthenticationController': @AuthenticationController
 			'settings-sharelatex': @settings = {}
+			"../../infrastructure/RateLimiter":@RateLimiter
 		@res = new MockResponse()
 		@req = new MockRequest()
 
@@ -104,15 +114,10 @@ describe "CollaboratorsInviteController", ->
 		describe 'when all goes well', ->
 
 			beforeEach ->
-				@_checkShouldInviteEmail = sinon.stub(
-					@CollaboratorsInviteController, '_checkShouldInviteEmail'
-				).callsArgWith(1, null, true)
+				@CollaboratorsInviteController._checkShouldInviteEmail = sinon.stub().callsArgWith(2, null, true)
 				@LimitationsManager.canAddXCollaborators = sinon.stub().callsArgWith(2, null, true)
 				@CollaboratorsInviteController.inviteToProject @req, @res, @next
 
-			afterEach ->
-				@_checkShouldInviteEmail.restore()
-
 			it 'should produce json response', ->
 				@res.json.callCount.should.equal 1
 				({invite: @invite}).should.deep.equal(@res.json.firstCall.args[0])
@@ -122,8 +127,8 @@ describe "CollaboratorsInviteController", ->
 				@LimitationsManager.canAddXCollaborators.calledWith(@project_id).should.equal true
 
 			it 'should have called _checkShouldInviteEmail', ->
-				@_checkShouldInviteEmail.callCount.should.equal 1
-				@_checkShouldInviteEmail.calledWith(@targetEmail).should.equal true
+				@CollaboratorsInviteController._checkShouldInviteEmail.callCount.should.equal 1
+				@CollaboratorsInviteController._checkShouldInviteEmail.calledWith(@sendingUser, @targetEmail).should.equal true
 
 			it 'should have called inviteToProject', ->
 				@CollaboratorsInviteHandler.inviteToProject.callCount.should.equal 1
@@ -136,22 +141,17 @@ describe "CollaboratorsInviteController", ->
 		describe 'when the user is not allowed to add more collaborators', ->
 
 			beforeEach ->
-				@_checkShouldInviteEmail = sinon.stub(
-					@CollaboratorsInviteController, '_checkShouldInviteEmail'
-				).callsArgWith(1, null, true)
+				@CollaboratorsInviteController._checkShouldInviteEmail = sinon.stub().callsArgWith(2, null, true)
 				@LimitationsManager.canAddXCollaborators = sinon.stub().callsArgWith(2, null, false)
 				@CollaboratorsInviteController.inviteToProject @req, @res, @next
 
-			afterEach ->
-				@_checkShouldInviteEmail.restore()
-
 			it 'should produce json response without an invite', ->
 				@res.json.callCount.should.equal 1
 				({invite: null}).should.deep.equal(@res.json.firstCall.args[0])
 
 			it 'should not have called _checkShouldInviteEmail', ->
-				@_checkShouldInviteEmail.callCount.should.equal 0
-				@_checkShouldInviteEmail.calledWith(@targetEmail).should.equal false
+				@CollaboratorsInviteController._checkShouldInviteEmail.callCount.should.equal 0
+				@CollaboratorsInviteController._checkShouldInviteEmail.calledWith(@sendingUser, @targetEmail).should.equal false
 
 			it 'should not have called inviteToProject', ->
 				@CollaboratorsInviteHandler.inviteToProject.callCount.should.equal 0
@@ -159,23 +159,18 @@ describe "CollaboratorsInviteController", ->
 		describe 'when canAddXCollaborators produces an error', ->
 
 			beforeEach ->
-				@_checkShouldInviteEmail = sinon.stub(
-					@CollaboratorsInviteController, '_checkShouldInviteEmail'
-				).callsArgWith(1, null, true)
+				@CollaboratorsInviteController._checkShouldInviteEmail = sinon.stub().callsArgWith(2, null, true)
 				@err = new Error('woops')
 				@LimitationsManager.canAddXCollaborators = sinon.stub().callsArgWith(2, @err)
 				@CollaboratorsInviteController.inviteToProject @req, @res, @next
 
-			afterEach ->
-				@_checkShouldInviteEmail.restore()
-
 			it 'should call next with an error', ->
 				@next.callCount.should.equal 1
 				@next.calledWith(@err).should.equal true
 
 			it 'should not have called _checkShouldInviteEmail', ->
-				@_checkShouldInviteEmail.callCount.should.equal 0
-				@_checkShouldInviteEmail.calledWith(@targetEmail).should.equal false
+				@CollaboratorsInviteController._checkShouldInviteEmail.callCount.should.equal 0
+				@CollaboratorsInviteController._checkShouldInviteEmail.calledWith(@sendingUser, @targetEmail).should.equal false
 
 			it 'should not have called inviteToProject', ->
 				@CollaboratorsInviteHandler.inviteToProject.callCount.should.equal 0
@@ -183,16 +178,11 @@ describe "CollaboratorsInviteController", ->
 		describe 'when inviteToProject produces an error', ->
 
 			beforeEach ->
-				@_checkShouldInviteEmail = sinon.stub(
-					@CollaboratorsInviteController, '_checkShouldInviteEmail'
-				).callsArgWith(1, null, true)
+				@CollaboratorsInviteController._checkShouldInviteEmail = sinon.stub().callsArgWith(2, null, true)
 				@err = new Error('woops')
 				@CollaboratorsInviteHandler.inviteToProject = sinon.stub().callsArgWith(4, @err)
 				@CollaboratorsInviteController.inviteToProject @req, @res, @next
 
-			afterEach ->
-				@_checkShouldInviteEmail.restore()
-
 			it 'should call next with an error', ->
 				@next.callCount.should.equal 1
 				@next.calledWith(@err).should.equal true
@@ -202,8 +192,8 @@ describe "CollaboratorsInviteController", ->
 				@LimitationsManager.canAddXCollaborators.calledWith(@project_id).should.equal true
 
 			it 'should have called _checkShouldInviteEmail', ->
-				@_checkShouldInviteEmail.callCount.should.equal 1
-				@_checkShouldInviteEmail.calledWith(@targetEmail).should.equal true
+				@CollaboratorsInviteController._checkShouldInviteEmail.callCount.should.equal 1
+				@CollaboratorsInviteController._checkShouldInviteEmail.calledWith(@sendingUser, @targetEmail).should.equal true
 
 			it 'should have called inviteToProject', ->
 				@CollaboratorsInviteHandler.inviteToProject.callCount.should.equal 1
@@ -212,22 +202,17 @@ describe "CollaboratorsInviteController", ->
 		describe 'when _checkShouldInviteEmail disallows the invite', ->
 
 			beforeEach ->
-				@_checkShouldInviteEmail = sinon.stub(
-					@CollaboratorsInviteController, '_checkShouldInviteEmail'
-				).callsArgWith(1, null, false)
+				@CollaboratorsInviteController._checkShouldInviteEmail = sinon.stub().callsArgWith(2, null, false)
 				@LimitationsManager.canAddXCollaborators = sinon.stub().callsArgWith(2, null, true)
 				@CollaboratorsInviteController.inviteToProject @req, @res, @next
 
-			afterEach ->
-				@_checkShouldInviteEmail.restore()
-
 			it 'should produce json response with no invite, and an error property', ->
 				@res.json.callCount.should.equal 1
 				({invite: null, error: 'cannot_invite_non_user'}).should.deep.equal(@res.json.firstCall.args[0])
 
 			it 'should have called _checkShouldInviteEmail', ->
-				@_checkShouldInviteEmail.callCount.should.equal 1
-				@_checkShouldInviteEmail.calledWith(@targetEmail).should.equal true
+				@CollaboratorsInviteController._checkShouldInviteEmail.callCount.should.equal 1
+				@CollaboratorsInviteController._checkShouldInviteEmail.calledWith(@sendingUser, @targetEmail).should.equal true
 
 			it 'should not have called inviteToProject', ->
 				@CollaboratorsInviteHandler.inviteToProject.callCount.should.equal 0
@@ -235,22 +220,17 @@ describe "CollaboratorsInviteController", ->
 		describe 'when _checkShouldInviteEmail produces an error', ->
 
 			beforeEach ->
-				@_checkShouldInviteEmail = sinon.stub(
-					@CollaboratorsInviteController, '_checkShouldInviteEmail'
-				).callsArgWith(1, new Error('woops'))
+				@CollaboratorsInviteController._checkShouldInviteEmail = sinon.stub().callsArgWith(2, new Error('woops'))
 				@LimitationsManager.canAddXCollaborators = sinon.stub().callsArgWith(2, null, true)
 				@CollaboratorsInviteController.inviteToProject @req, @res, @next
 
-			afterEach ->
-				@_checkShouldInviteEmail.restore()
-
 			it 'should call next with an error', ->
 				@next.callCount.should.equal 1
 				@next.calledWith(@err).should.equal true
 
 			it 'should have called _checkShouldInviteEmail', ->
-				@_checkShouldInviteEmail.callCount.should.equal 1
-				@_checkShouldInviteEmail.calledWith(@targetEmail).should.equal true
+				@CollaboratorsInviteController._checkShouldInviteEmail.callCount.should.equal 1
+				@CollaboratorsInviteController._checkShouldInviteEmail.calledWith(@sendingUser, @targetEmail).should.equal true
 
 			it 'should not have called inviteToProject', ->
 				@CollaboratorsInviteHandler.inviteToProject.callCount.should.equal 0
@@ -260,14 +240,10 @@ describe "CollaboratorsInviteController", ->
 			beforeEach ->
 				@req.session.user = {_id: 'abc', email: 'me@example.com'}
 				@req.body.email = 'me@example.com'
-				@_checkShouldInviteEmail = sinon.stub(
-					@CollaboratorsInviteController, '_checkShouldInviteEmail'
-				).callsArgWith(1, null, true)
+				@CollaboratorsInviteController._checkShouldInviteEmail = sinon.stub().callsArgWith(2, null, true)
 				@LimitationsManager.canAddXCollaborators = sinon.stub().callsArgWith(2, null, true)
 				@CollaboratorsInviteController.inviteToProject @req, @res, @next
 
-			afterEach ->
-				@_checkShouldInviteEmail.restore()
 
 			it 'should reject action, return json response with error code', ->
 				@res.json.callCount.should.equal 1
@@ -277,7 +253,7 @@ describe "CollaboratorsInviteController", ->
 				@LimitationsManager.canAddXCollaborators.callCount.should.equal 0
 
 			it 'should not have called _checkShouldInviteEmail', ->
-				@_checkShouldInviteEmail.callCount.should.equal 0
+				@CollaboratorsInviteController._checkShouldInviteEmail.callCount.should.equal 0
 
 			it 'should not have called inviteToProject', ->
 				@CollaboratorsInviteHandler.inviteToProject.callCount.should.equal 0
@@ -702,13 +678,14 @@ describe "CollaboratorsInviteController", ->
 
 		beforeEach ->
 			@email = 'user@example.com'
-			@call = (callback) =>
-				@CollaboratorsInviteController._checkShouldInviteEmail @email, callback
+
 
 		describe 'when we should be restricting to existing accounts', ->
 
 			beforeEach ->
 				@settings.restrictInvitesToExistingAccounts = true
+				@call = (callback) =>
+					@CollaboratorsInviteController._checkShouldInviteEmail {}, @email, callback
 
 			describe 'when user account is present', ->
 
@@ -753,18 +730,46 @@ describe "CollaboratorsInviteController", ->
 						expect(shouldAllow).to.equal undefined
 						done()
 
-		describe 'when we should not be restricting', ->
+		describe 'when we should not be restricting on only registered users but do rate limit', ->
 
 			beforeEach ->
 				@settings.restrictInvitesToExistingAccounts = false
+				@sendingUser = 
+					_id:"32312313"
+					features:
+						collaborators:17.8
+				@UserGetter.getUser = sinon.stub().callsArgWith(2, null, @sendingUser)
 
-			it 'should callback with `true`', (done) ->
-				@call (err, shouldAllow) =>
-					expect(err).to.equal null
-					expect(shouldAllow).to.equal true
+			it 'should callback with `true` when rate limit under', (done) ->
+				@RateLimiter.addCount = sinon.stub().callsArgWith(1, null, true)
+				@CollaboratorsInviteController._checkShouldInviteEmail @sendingUser, @email, (err, result)=>
+					@RateLimiter.addCount.called.should.equal true
+					result.should.equal true
 					done()
 
-			it 'should not have called getUser', (done) ->
-				@call (err, shouldAllow) =>
-					@UserGetter.getUser.callCount.should.equal 0
+			it 'should callback with `false` when rate limit hit', (done) ->
+				@RateLimiter.addCount = sinon.stub().callsArgWith(1, null, false)
+				@CollaboratorsInviteController._checkShouldInviteEmail @sendingUser, @email, (err, result)=>
+					@RateLimiter.addCount.called.should.equal true
+					result.should.equal false
 					done()
+		
+			it 'should call rate limiter with 10x the collaborators', (done) ->
+				@RateLimiter.addCount = sinon.stub().callsArgWith(1, null, true)
+				@CollaboratorsInviteController._checkShouldInviteEmail @sendingUser, @email, (err, result)=>
+					@RateLimiter.addCount.args[0][0].throttle.should.equal(178)
+					done()
+
+			it 'should call rate limiter with 200 when collaborators is -1', (done) ->
+				@sendingUser.features.collaborators = -1
+				@RateLimiter.addCount = sinon.stub().callsArgWith(1, null, true)
+				@CollaboratorsInviteController._checkShouldInviteEmail @sendingUser, @email, (err, result)=>
+					@RateLimiter.addCount.args[0][0].throttle.should.equal(200)
+					done()
+
+			it 'should call rate limiter with 10 when user has no collaborators set', (done) ->
+				delete @sendingUser.features
+				@RateLimiter.addCount = sinon.stub().callsArgWith(1, null, true)
+				@CollaboratorsInviteController._checkShouldInviteEmail @sendingUser, @email, (err, result)=>
+					@RateLimiter.addCount.args[0][0].throttle.should.equal(10)
+					done()
\ No newline at end of file

From 74240e28c78cf6059fa2ce48db100c322c9adead Mon Sep 17 00:00:00 2001
From: Henry Oswald <henry.oswald@sharelatex.com>
Date: Sat, 21 Jan 2017 12:44:09 +0000
Subject: [PATCH 3/5] rate limit via ip the number of invite to project
 requests

---
 .../Features/Collaborators/CollaboratorsRouter.coffee     | 8 +++++++-
 .../coffee/Features/Security/RateLimiterMiddlewear.coffee | 5 ++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/services/web/app/coffee/Features/Collaborators/CollaboratorsRouter.coffee b/services/web/app/coffee/Features/Collaborators/CollaboratorsRouter.coffee
index 4c7cc8c76a..8b130d27db 100644
--- a/services/web/app/coffee/Features/Collaborators/CollaboratorsRouter.coffee
+++ b/services/web/app/coffee/Features/Collaborators/CollaboratorsRouter.coffee
@@ -24,7 +24,13 @@ module.exports =
 			RateLimiterMiddlewear.rateLimit({
 				endpointName: "invite-to-project"
 				params: ["Project_id"]
-				maxRequests: 200
+				maxRequests: 100
+				timeInterval: 60 * 10
+			}),
+			RateLimiterMiddlewear.rateLimit({
+				endpointName: "invite-to-project-ip"
+				ipOnly:true
+				maxRequests: 100
 				timeInterval: 60 * 10
 			}),
 			AuthenticationController.requireLogin(),
diff --git a/services/web/app/coffee/Features/Security/RateLimiterMiddlewear.coffee b/services/web/app/coffee/Features/Security/RateLimiterMiddlewear.coffee
index f486e94493..04b81581bf 100644
--- a/services/web/app/coffee/Features/Security/RateLimiterMiddlewear.coffee
+++ b/services/web/app/coffee/Features/Security/RateLimiterMiddlewear.coffee
@@ -19,12 +19,15 @@ module.exports = RateLimiterMiddlewear =
 			user_id = AuthenticationController.getLoggedInUserId(req) || req.ip
 			params = (opts.params or []).map (p) -> req.params[p]
 			params.push user_id
+			subjectName = params.join(":")
+			if opts.ipOnly
+				subjectName = req.ip
 			if !opts.endpointName?
 				throw new Error("no endpointName provided")
 			options = {
 				endpointName: opts.endpointName
 				timeInterval: opts.timeInterval or 60
-				subjectName:  params.join(":")
+				subjectName:  subjectName
 				throttle:     opts.maxRequests or 6
 			}
 			RateLimiter.addCount options, (error, canContinue)->

From 9153ffac41f240a901992ccb918843d393963014 Mon Sep 17 00:00:00 2001
From: Henry Oswald <henry.oswald@sharelatex.com>
Date: Sat, 21 Jan 2017 12:58:16 +0000
Subject: [PATCH 4/5] limit project name in email to 40 chars

---
 .../web/app/coffee/Features/Email/EmailBuilder.coffee     | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/services/web/app/coffee/Features/Email/EmailBuilder.coffee b/services/web/app/coffee/Features/Email/EmailBuilder.coffee
index 0a06a2a175..5360adb7a8 100644
--- a/services/web/app/coffee/Features/Email/EmailBuilder.coffee
+++ b/services/web/app/coffee/Features/Email/EmailBuilder.coffee
@@ -97,7 +97,7 @@ Thank you
 
 
 templates.projectInvite =
-	subject: _.template "<%= project.name %> - shared by <%= owner.email %>"
+	subject: _.template "<%= project.name.slice(0, 40) %> - shared by <%= owner.email %>"
 	layout: BaseWithHeaderEmailLayout
 	type:"notification"
 	plainTextTemplate: _.template """
@@ -111,16 +111,16 @@ Thank you
 """
 	compiledTemplate: (opts) -> 
 		SingleCTAEmailBody({
-			title: "#{ opts.project.name } &ndash; shared by #{ opts.owner.email }"
+			title: "#{ opts.project.name.slice(0, 40) } &ndash; shared by #{ opts.owner.email }"
 			greeting: "Hi,"
-			message: "#{ opts.owner.email } wants to share &ldquo;#{ opts.project.name }&rdquo; with you."
+			message: "#{ opts.owner.email } wants to share &ldquo;#{ opts.project.name.slice(0, 40) }&rdquo; with you."
 			secondaryMessage: null
 			ctaText: "View project"
 			ctaURL: opts.inviteUrl
 			gmailGoToAction: 
 				target: opts.inviteUrl
 				name: "View project"
-				description: "Join #{ opts.project.name } at ShareLaTeX"
+				description: "Join #{ opts.project.name.slice(0, 40) } at ShareLaTeX"
 		})
 
 templates.completeJoinGroupAccount =

From 2813b16ebfe7da9272b7c1fb979ca6cfa1a1a8e3 Mon Sep 17 00:00:00 2001
From: James Allen <james@sharelatex.com>
Date: Mon, 23 Jan 2017 09:45:37 +0100
Subject: [PATCH 5/5] Use thread id for comment id

---
 .../web/public/coffee/ide/review-panel/RangesTracker.coffee     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/web/public/coffee/ide/review-panel/RangesTracker.coffee b/services/web/public/coffee/ide/review-panel/RangesTracker.coffee
index 722eab1aa5..7a679bb6e3 100644
--- a/services/web/public/coffee/ide/review-panel/RangesTracker.coffee
+++ b/services/web/public/coffee/ide/review-panel/RangesTracker.coffee
@@ -107,7 +107,7 @@ load = (EventEmitter) ->
 		addComment: (op, metadata) ->
 			# TODO: Don't allow overlapping comments?
 			@comments.push comment = {
-				id: @newId()
+				id: op.t or @newId()
 				op: # Copy because we'll modify in place
 					c: op.c
 					p: op.p