FIX: Suspend API to require `suspend_until` and `reason` params

FIX: Suspend API to require suspend_until and reason params

These fields are required when using the UI and if suspend_until params isn’t used the user never is actually suspended so we should require these fields when suspending a user.

diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index 921c589..0deed95 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -92,6 +92,8 @@ class Admin::UsersController < Admin::AdminController
 
   def suspend
     guardian.ensure_can_suspend!(@user)
+    params.require([:suspend_until, :reason])
+
     @user.suspended_till = params[:suspend_until]
     @user.suspended_at = DateTime.now
 
diff --git a/spec/requests/admin/users_controller_spec.rb b/spec/requests/admin/users_controller_spec.rb
index e010f36..14a6cb0 100644
--- a/spec/requests/admin/users_controller_spec.rb
+++ b/spec/requests/admin/users_controller_spec.rb
@@ -149,6 +149,22 @@ RSpec.describe Admin::UsersController do
       expect(log.details).to match(/because I said so/)
     end
 
+    it "requires suspend_until and reason" do
+      expect(user).not_to be_suspended
+      put "/admin/users/#{user.id}/suspend.json", params: {}
+      expect(response.status).to eq(400)
+      user.reload
+      expect(user).not_to be_suspended
+
+      expect(user).not_to be_suspended
+      put "/admin/users/#{user.id}/suspend.json", params: {
+        suspend_until: 5.hours.from_now
+      }
+      expect(response.status).to eq(400)
+      user.reload
+      expect(user).not_to be_suspended
+    end
+
     context "with an associated post" do
       it "can have an associated post" do
         put "/admin/users/#{user.id}/suspend.json", params: suspend_params

GitHub sha: 02833e13

1 Like