CORE-2040: fix query parameter coercion for the GET /users/logins endpoint

slr71 · slr71 · commit def7d1e5d570 · 2025-07-01T15:52:39.000-07:00
diff --git a/src/apps/routes/schemas/user.clj b/src/apps/routes/schemas/user.clj
@@ -3,7 +3,7 @@
    [apps.routes.params :refer [SecuredQueryParams]]
    [common-swagger-api.schema.sessions :as sessions-schema]
    [common-swagger-api.schema :refer [describe]]
-   [schema.core :refer [defschema optional-key conditional]])
+   [schema.core :refer [defschema optional-key]])
   (:import [java.util UUID]))
 
 (defschema User
@@ -25,4 +25,4 @@
 (defschema ListLoginsParams
   (merge SecuredQueryParams
          {(optional-key :limit)
-          (describe (conditional pos? Long) "Limits the response to X number of results.")}))
+          (describe Long "Limits the response to X number of results.")}))
diff --git a/src/apps/service/users.clj b/src/apps/service/users.clj
@@ -2,7 +2,8 @@
   (:require
    [apps.persistence.users :as up]
    [apps.service.oauth :as oauth]
-   [apps.util.conversions :refer [remove-nil-vals]]))
+   [apps.util.conversions :refer [remove-nil-vals]]
+   [clojure-commons.exception-util :refer [bad-request]]))
 
 (defn by-id
   [{:keys [ids]}]
@@ -19,4 +20,6 @@
 
 (defn list-logins
   [{:keys [username] :as _current-user} {:keys [limit] :or {limit 5}}]
+  (when-not (pos? limit)
+    (bad-request "the value of the 'limit' query parameter must be positive"))
   {:logins (mapv remove-nil-vals (up/list-logins username limit))})
