FIX: return status 400 for invalid member params

previously error returned was a 500 which is not ideal
and is logged

app/controllers/groups_controller.rb

@@ -191,6 +191,15 @@ class GroupsController < ApplicationController
 
     limit = (params[:limit] || 20).to_i
     offset = params[:offset].to_i
+
+    if limit < 0
+      raise Discourse::InvalidParameters.new(:limit)
+    end
+
+    if offset < 0
+      raise Discourse::InvalidParameters.new(:offset)
+    end
+
     dir = (params[:desc] && !params[:desc].blank?) ? 'DESC' : 'ASC'
     order = ""
 

spec/requests/groups_controller_spec.rb

@@ -320,6 +320,17 @@ describe GroupsController do
   end
 
   describe "#members" do
+
+    it "returns correct error code with invalid params" do
+      sign_in(Fabricate(:user))
+
+      get "/groups/#{group.name}/members.json?limit=-1"
+      expect(response.status).to eq(400)
+
+      get "/groups/#{group.name}/members.json?offset=-1"
+      expect(response.status).to eq(400)
+    end
+
     it "ensures the group can be seen" do
       sign_in(Fabricate(:user))
       group.update!(visibility_level: Group.visibility_levels[:owners])