Commit c0b57e15 authored by Andreas Brandl's avatar Andreas Brandl

Fix issue with blank keyset pagination parameters

Refers to https://gitlab.com/gitlab-org/gitlab/-/issues/227166
parent f425177f
---
title: Fix issue with blank keyset pagination parameters
merge_request: 37351
author:
type: fixed
...@@ -559,8 +559,8 @@ module API ...@@ -559,8 +559,8 @@ module API
finder_params[:search_namespaces] = true if params[:search_namespaces].present? finder_params[:search_namespaces] = true if params[:search_namespaces].present?
finder_params[:user] = params.delete(:user) if params[:user] finder_params[:user] = params.delete(:user) if params[:user]
finder_params[:custom_attributes] = params[:custom_attributes] if params[:custom_attributes] finder_params[:custom_attributes] = params[:custom_attributes] if params[:custom_attributes]
finder_params[:id_after] = params[:id_after] if params[:id_after] finder_params[:id_after] = sanitize_id_param(params[:id_after]) if params[:id_after]
finder_params[:id_before] = params[:id_before] if params[:id_before] finder_params[:id_before] = sanitize_id_param(params[:id_before]) if params[:id_before]
finder_params[:last_activity_after] = params[:last_activity_after] if params[:last_activity_after] finder_params[:last_activity_after] = params[:last_activity_after] if params[:last_activity_after]
finder_params[:last_activity_before] = params[:last_activity_before] if params[:last_activity_before] finder_params[:last_activity_before] = params[:last_activity_before] if params[:last_activity_before]
finder_params[:repository_storage] = params[:repository_storage] if params[:repository_storage] finder_params[:repository_storage] = params[:repository_storage] if params[:repository_storage]
...@@ -659,6 +659,10 @@ module API ...@@ -659,6 +659,10 @@ module API
def ip_address def ip_address
env["action_dispatch.remote_ip"].to_s || request.ip env["action_dispatch.remote_ip"].to_s || request.ip
end end
def sanitize_id_param(id)
id.present? ? id.to_i : nil
end
end end
end end
......
...@@ -386,6 +386,14 @@ RSpec.describe API::Projects do ...@@ -386,6 +386,14 @@ RSpec.describe API::Projects do
let(:current_user) { user } let(:current_user) { user }
let(:projects) { [public_project, project, project2, project3].select { |p| p.id > project2.id } } let(:projects) { [public_project, project, project2, project3].select { |p| p.id > project2.id } }
end end
context 'regression: empty string is ignored' do
it_behaves_like 'projects response' do
let(:filter) { { id_after: '' } }
let(:current_user) { user }
let(:projects) { [public_project, project, project2, project3] }
end
end
end end
context 'and using id_before' do context 'and using id_before' do
...@@ -394,6 +402,14 @@ RSpec.describe API::Projects do ...@@ -394,6 +402,14 @@ RSpec.describe API::Projects do
let(:current_user) { user } let(:current_user) { user }
let(:projects) { [public_project, project, project2, project3].select { |p| p.id < project2.id } } let(:projects) { [public_project, project, project2, project3].select { |p| p.id < project2.id } }
end end
context 'regression: empty string is ignored' do
it_behaves_like 'projects response' do
let(:filter) { { id_before: '' } }
let(:current_user) { user }
let(:projects) { [public_project, project, project2, project3] }
end
end
end end
context 'and using both id_after and id_before' do context 'and using both id_after and id_before' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment