mirror of
https://github.com/discourse/discourse.git
synced 2024-12-09 18:15:48 +08:00
24 lines
714 B
Ruby
24 lines
714 B
Ruby
|
# frozen_string_literal: true
|
||
|
|
||
|
RSpec.shared_examples "invalid limit params" do |endpoint, max_limit, extra_params|
|
||
|
let(:params) { extra_params&.dig(:params) || {} }
|
||
|
|
||
|
it "returns 400 response code when limit params is negative" do
|
||
|
get endpoint, params: { limit: -1 }.merge(params)
|
||
|
|
||
|
expect(response.status).to eq(400)
|
||
|
end
|
||
|
|
||
|
it "returns 400 response code when limit params is suspicious" do
|
||
|
get endpoint, params: { limit: "1; DROP TABLE users" }.merge(params)
|
||
|
|
||
|
expect(response.status).to eq(400)
|
||
|
end
|
||
|
|
||
|
it "returns 400 response code when limit params exceeds the max limit" do
|
||
|
get endpoint, params: { limit: max_limit + 1 }.merge(params)
|
||
|
|
||
|
expect(response.status).to eq(400)
|
||
|
end
|
||
|
end
|