comment_controller: add skip_auth to rescue error block (#5728)

forem · Jan 27, 2020 · 385a831 · 385a831
1 parent 6321fba
commit 385a831
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb
@@ -107,6 +107,8 @@ def create
   rescue Pundit::NotAuthorizedError
     raise
   rescue StandardError => e
+    skip_authorization
+
     Rails.logger.error(e)
     message = "There was an error in your markdown: #{e}"
     render json: { error: message }, status: :unprocessable_entity

diff --git a/spec/requests/comments_create_spec.rb b/spec/requests/comments_create_spec.rb
@@ -59,4 +59,21 @@
       expect(new_comment.id).not_to eq(nil)
     end
   end
+
+  context "when an error is raised before authorization is performed" do
+    let(:rate_limit_checker) { instance_double(RateLimitChecker) }
+
+    before do
+      allow(RateLimitChecker).to receive(:new).and_return(rate_limit_checker)
+      allow(rate_limit_checker).to receive(:limit_by_action).and_raise(StandardError)
+    end
+
+    it "returns an unprocessable_entity response code" do
+      post "/comments", params: {
+        comment: { body_markdown: "something not allowed", commentable_id: article.id, commentable_type: "Article" }
+      }
+
+      expect(response).to have_http_status(:unprocessable_entity)
+    end
+  end
 end