comment_controller: add skip_auth to rescue error block

[sunny-b]

What type of PR is this? (check all applicable)

• Bug Fix

Description

A Pundit::AuthorizationNotPerformedError in the CommentsController #create path (https://app.honeybadger.io/fault/66984/9508988843fe9435805fbb822bbe8242). It appears this is happening in the rescue error block since that is the only data path that doesn't use skip_authorize or authorize.

It's not immediately clear from HoneyBadger how this occurring and I wasn't able to reproduce the error naturally (I was able to repro it with binding.pry). But it appears an error is occurring before the authorization putting skip_authorization in the rescue block will ensure all data paths are covered.

Related Tickets & Documents

Closes #5717

Added to documentation?

• no documentation needed

[optional] What gif best describes this PR or how it makes you feel?

cc: @mstruve @citizen428 @rhymes

[rhymes]

I'm honestly not entirely sure if this is the solution but I haven't fully understood the issue coming from HB I guess

[mstruve]

This makes sense to me, I suspected that the error being raised had something to do with the rate limiter being triggered.

@rhymes basically the issue is that a common path, like the rate limit being hit, is raising a Honeybadger when it should just be returning an error to the user since it requires no action from us.

[citizen428]

This makes, any exception we handle would trigger the after action and raise an authorization exception.

[citizen428]

Unrelated to this PR, but why are we rescuing from this exception only to immediately re-raise it?

If you call raise with no arguments, while inside of a rescue block, Ruby will re-raise the original rescued exception.

😕

[mstruve]

I had the exact same question when this was created, this is why.

[citizen428]

Thanks @mstruve, I'll literally make a PR to leave this as a comment in the code before we confuse more people with this in the future.

[Zhao-Andy]

Huh, one heck of an edge case. Thanks for the PR!