From d5cefc8d0539c5648b044a0633d15bf5e0188e8e Mon Sep 17 00:00:00 2001
From: Jeremy Lenz <jlenz@redhat.com>
Date: Fri, 30 Aug 2024 11:37:17 -0400
Subject: [PATCH 1/2] Fixes #37587 - ensure page and per_page are integers

---
 app/controllers/katello/api/v2/api_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/katello/api/v2/api_controller.rb b/app/controllers/katello/api/v2/api_controller.rb
index 8a683e5794a..d6317f37319 100644
--- a/app/controllers/katello/api/v2/api_controller.rb
+++ b/app/controllers/katello/api/v2/api_controller.rb
@@ -100,8 +100,8 @@ def scoped_search(query, default_sort_by, default_sort_order, options = {})
       else
         query = query.paginate(paginate_options)
       end
-      page = params[:page] || 1
-      per_page = params[:per_page] || Setting[:entries_per_page]
+      page = metadata_page # from Foreman Api::V2::BaseController
+      per_page = metadata_per_page
       query = (total.zero? || subtotal.zero?) ? blank_query : query
 
       if options[:csv]

From 5d2577fa1ddc77081f97dbfc64495d1790881e8e Mon Sep 17 00:00:00 2001
From: Jeremy Lenz <jlenz@redhat.com>
Date: Fri, 30 Aug 2024 16:08:17 -0400
Subject: [PATCH 2/2] Refs #37587 - add test

---
 test/controllers/api/v2/api_controller_test.rb | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/test/controllers/api/v2/api_controller_test.rb b/test/controllers/api/v2/api_controller_test.rb
index 471e4b4da94..386d2f057e7 100644
--- a/test/controllers/api/v2/api_controller_test.rb
+++ b/test/controllers/api/v2/api_controller_test.rb
@@ -55,6 +55,20 @@ def test_scoped_search_full_results_false
       assert_equal(2, response[:results].length)
     end
 
+    def test_scoped_search_casts_to_integer
+      params = { full_result: 'false', page: '1', per_page: '2' }
+      @controller.stubs(:params).returns(params)
+
+      response = @controller.scoped_search(@query, @default_sort[0], @default_sort[1], @options)
+      refute_empty response[:results], "results"
+      assert_nil response[:error], "error"
+      assert_equal 1, response[:page], "page"
+      assert_kind_of(Integer, response[:page])
+      assert_equal 2, response[:per_page], "per page"
+      assert_kind_of(Integer, response[:per_page])
+      assert_equal(2, response[:results].length)
+    end
+
     def test_scoped_search_no_results
       params = { :search => "asdfasdf" }
       @controller.stubs(:params).returns(params)