From 2fbfc9dffa7d0e8d1367ae0c76c67973922bbee7 Mon Sep 17 00:00:00 2001 From: Robin Ward Date: Tue, 7 Oct 2014 16:46:01 -0400 Subject: [PATCH] FIX: Editing a topic's title should be rate limited too. --- app/controllers/topics_controller.rb | 1 + spec/controllers/topics_controller_spec.rb | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/app/controllers/topics_controller.rb b/app/controllers/topics_controller.rb index e89cc0812da..f8cdbac396a 100644 --- a/app/controllers/topics_controller.rb +++ b/app/controllers/topics_controller.rb @@ -129,6 +129,7 @@ class TopicsController < ApplicationController Topic.transaction do success = topic.save success &= topic.change_category_to_id(params[:category_id].to_i) unless topic.private_message? + EditRateLimiter.new(current_user).performed! end # this is used to return the title to the client as it may have been changed by "TextCleaner" diff --git a/spec/controllers/topics_controller_spec.rb b/spec/controllers/topics_controller_spec.rb index 477192c3bc8..116814b514c 100644 --- a/spec/controllers/topics_controller_spec.rb +++ b/spec/controllers/topics_controller_spec.rb @@ -770,6 +770,12 @@ describe TopicsController do expect(response).not_to be_success end + it "returns errors when the rate limit is exceeded" do + EditRateLimiter.any_instance.expects(:performed!).raises(RateLimiter::LimitExceeded.new(60)) + xhr :put, :update, topic_id: @topic.id, slug: @topic.title, title: 'This is a new title for the topic' + response.should_not be_success + end + it "returns errors with invalid categories" do Topic.any_instance.expects(:change_category_to_id).returns(false) xhr :put, :update, topic_id: @topic.id, slug: @topic.title