Return 400 errors for ?_sort errors, closes #1950

2022-12-13 14:23:07 -08:00 · 2022-12-13 14:23:07 -08:00 · f84acae98e
commit f84acae98e
--- a/datasette/views/table.py
+++ b/datasette/views/table.py
@ -387,17 +387,19 @@ class TableView(DataView):
            sort_desc = table_metadata.get("sort_desc")

        if sort and sort_desc:
-            raise DatasetteError("Cannot use _sort and _sort_desc at the same time")
+            raise DatasetteError(
+                "Cannot use _sort and _sort_desc at the same time", status=400
+            )

        if sort:
            if sort not in sortable_columns:
-                raise DatasetteError(f"Cannot sort table by {sort}")
+                raise DatasetteError(f"Cannot sort table by {sort}", status=400)

            order_by = escape_sqlite(sort)

        if sort_desc:
            if sort_desc not in sortable_columns:
-                raise DatasetteError(f"Cannot sort table by {sort_desc}")
+                raise DatasetteError(f"Cannot sort table by {sort_desc}", status=400)

            order_by = f"{escape_sqlite(sort_desc)} desc"

--- a/tests/test_table_html.py
+++ b/tests/test_table_html.py
@ -891,6 +891,36 @@ def test_custom_table_include():
        ) == str(Soup(response.text, "html.parser").select_one("div.custom-table-row"))


+@pytest.mark.parametrize("json", (True, False))
+@pytest.mark.parametrize(
+    "params,error",
+    (
+        ("?_sort=bad", "Cannot sort table by bad"),
+        ("?_sort_desc=bad", "Cannot sort table by bad"),
+        (
+            "?_sort=state&_sort_desc=state",
+            "Cannot use _sort and _sort_desc at the same time",
+        ),
+    ),
+)
+def test_sort_errors(app_client, json, params, error):
+    path = "/fixtures/facetable{}{}".format(
+        ".json" if json else "",
+        params,
+    )
+    response = app_client.get(path)
+    assert response.status == 400
+    if json:
+        assert response.json == {
+            "ok": False,
+            "error": error,
+            "status": 400,
+            "title": None,
+        }
+    else:
+        assert error in response.text
+
+
 def test_metadata_sort(app_client):
    response = app_client.get("/fixtures/facet_cities")
    assert response.status == 200