Abort on invalid order param

harminius · harminius · commit 4bd3ddc4a1cf · 2026-01-22T12:15:25.000+01:00
diff --git a/server/mergin/tests/test_public_api_v2.py b/server/mergin/tests/test_public_api_v2.py
@@ -651,6 +651,11 @@ def test_list_workspace_projects(client):
     resp_data = json.loads(response.data)
     assert resp_data["projects"][0]["name"] == project_name
 
+    # invalid order param
+    response = client.get(url + f"?page=1&per_page=10&order_params=invalid DESC")
+    assert response.status_code == 400
+    assert response.json["detail"] == "Invalid order parameter"
+
     # no permissions to workspace
     user2 = add_user("user", "password")
     login(client, user2.username, "password")
diff --git a/server/mergin/utils.py b/server/mergin/utils.py
@@ -59,7 +59,7 @@ def get_order_param(
         attr = None
     order_attr = cls.__table__.c.get(col, None)
     if not isinstance(order_attr, Column):
-        return
+        abort(400, "Invalid order parameter")
     # sort by key in JSON field
     if attr:
         if not json_sort:
