From 968a1419df9b93e484b080bd5bbae004146742ba Mon Sep 17 00:00:00 2001
From: Martin Brennan <mjrbrennan@gmail.com>
Date: Wed, 30 Oct 2019 16:32:48 +1000
Subject: [PATCH] FIX: Require q param in /tags/filter/search route (#8263)

* Require q param in /tags/filter/search route.
* If not provided this route was causing a 500 error when
  DiscourseTagging.clean_tag was called, because .downcase
  was being called on the param (which was nil).
* Now return a 400 error instead.
---
 app/controllers/tags_controller.rb    | 2 ++
 spec/requests/tags_controller_spec.rb | 9 +++++++++
 2 files changed, 11 insertions(+)

diff --git a/app/controllers/tags_controller.rb b/app/controllers/tags_controller.rb
index 19629600ae0..18a4f6e000f 100644
--- a/app/controllers/tags_controller.rb
+++ b/app/controllers/tags_controller.rb
@@ -193,6 +193,8 @@ class TagsController < ::ApplicationController
   end
 
   def search
+    params.require(:q)
+
     clean_name = DiscourseTagging.clean_tag(params[:q])
     category = params[:categoryId] ? Category.find_by_id(params[:categoryId]) : nil
 
diff --git a/spec/requests/tags_controller_spec.rb b/spec/requests/tags_controller_spec.rb
index 26bf9591706..a68977112b2 100644
--- a/spec/requests/tags_controller_spec.rb
+++ b/spec/requests/tags_controller_spec.rb
@@ -428,6 +428,15 @@ describe TagsController do
         json = ::JSON.parse(response.body)
         expect(json["results"].map { |j| j["id"] }).to eq(['тема-в-разработке'])
       end
+
+      context 'when tag query parameter is not provided' do
+        it 'does not cause a 500 error, returns a param required message' do
+          get "/tags/filter/search.json", params: {}
+          expect(response.status).to eq(400)
+          json = ::JSON.parse(response.body)
+          expect(json['errors']).to include('param is missing or the value is empty: q')
+        end
+      end
     end
   end