Merge pull request GamesDoneQuick#252 from GamesDoneQuick/174583704-n…

…egative-limit negative limit on search returns a 400 instead of throwing [#174583704]
RTAinJapan · Aug 31, 2020 · 2a2933b · 2a2933b
2 parents c54a483 + 68aea91
commit 2a2933b
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/tests/test_api.py b/tests/test_api.py
@@ -61,6 +61,11 @@ def test_search_with_offset_and_limit(self):
         # bad request if limit is set above server config
         self.parseJSON(tracker.views.api.search(request), status_code=400)
 
+        request = self.factory.get('/api/v1/search', dict(type='donation', limit=-1),)
+        request.user = self.anonymous_user
+        # bad request if limit is negative
+        self.parseJSON(tracker.views.api.search(request), status_code=400)
+
     def test_add_log(self):
         request = self.factory.post(
             '/api/v1/add',

diff --git a/views/api.py b/views/api.py
@@ -359,6 +359,8 @@ def search(request):
     limit_param = int(single(search_params, 'limit', limit))
     if limit_param > limit:
         raise ValueError('limit can not be above %d' % limit)
+    if limit_param < 1:
+        raise ValueError('limit must be at least 1')
     limit = min(limit, limit_param)
 
     qs = search_filters.run_model_query(search_type, search_params, request.user,)