From 68aea91fef3465f79cb4bdcbb0a064b8ebad9088 Mon Sep 17 00:00:00 2001
From: Benjamin Cutler <benjamincutler@gamesdonequick.com>
Date: Fri, 21 Aug 2020 18:33:06 -0400
Subject: [PATCH] negative limit on search returns a 400 instead of throwing

[#174583704]
---
 tests/test_api.py | 5 +++++
 views/api.py      | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/tests/test_api.py b/tests/test_api.py
index 2973a17fc..1b779bd8c 100755
--- a/tests/test_api.py
+++ b/tests/test_api.py
@@ -61,6 +61,11 @@ def test_search_with_offset_and_limit(self):
         # bad request if limit is set above server config
         self.parseJSON(tracker.views.api.search(request), status_code=400)
 
+        request = self.factory.get('/api/v1/search', dict(type='donation', limit=-1),)
+        request.user = self.anonymous_user
+        # bad request if limit is negative
+        self.parseJSON(tracker.views.api.search(request), status_code=400)
+
     def test_add_log(self):
         request = self.factory.post(
             '/api/v1/add',
diff --git a/views/api.py b/views/api.py
index f7971f9f7..9c7ec3ca1 100755
--- a/views/api.py
+++ b/views/api.py
@@ -359,6 +359,8 @@ def search(request):
     limit_param = int(single(search_params, 'limit', limit))
     if limit_param > limit:
         raise ValueError('limit can not be above %d' % limit)
+    if limit_param < 1:
+        raise ValueError('limit must be at least 1')
     limit = min(limit, limit_param)
 
     qs = search_filters.run_model_query(search_type, search_params, request.user,)