-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
comment_controller: add skip_auth to rescue error block #5728
Conversation
I'm honestly not entirely sure if this is the solution but I haven't fully understood the issue coming from HB I guess |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This makes sense to me, I suspected that the error being raised had something to do with the rate limiter being triggered.
@rhymes basically the issue is that a common path, like the rate limit being hit, is raising a Honeybadger when it should just be returning an error to the user since it requires no action from us.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This makes, any exception we handle would trigger the after action and raise an authorization exception.
@@ -107,6 +107,8 @@ def create | |||
rescue Pundit::NotAuthorizedError | |||
raise |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unrelated to this PR, but why are we rescuing from this exception only to immediately re-raise it?
If you call
raise
with no arguments, while inside of arescue
block, Ruby will re-raise the original rescued exception.
😕
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had the exact same question when this was created, this is why.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @mstruve, I'll literally make a PR to leave this as a comment in the code before we confuse more people with this in the future.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Huh, one heck of an edge case. Thanks for the PR!
What type of PR is this? (check all applicable)
Description
A
Pundit::AuthorizationNotPerformedError
in the CommentsController#create
path (https://app.honeybadger.io/fault/66984/9508988843fe9435805fbb822bbe8242). It appears this is happening in the rescue error block since that is the only data path that doesn't useskip_authorize
orauthorize
.It's not immediately clear from HoneyBadger how this occurring and I wasn't able to reproduce the error naturally (I was able to repro it with
binding.pry
). But it appears an error is occurring before the authorization puttingskip_authorization
in the rescue block will ensure all data paths are covered.Related Tickets & Documents
Closes #5717
Added to documentation?
[optional] What gif best describes this PR or how it makes you feel?
cc: @mstruve @citizen428 @rhymes