FIX: Fail gracefully if username parameter is missing when creating user

app/controllers/users_controller.rb

@@ -331,6 +331,7 @@ class UsersController < ApplicationController
 
   def create
     params.require(:email)
+    params.require(:username)
     params.permit(:user_fields)
 
     unless SiteSetting.allow_new_registrations

spec/requests/users_controller_spec.rb

@@ -963,6 +963,7 @@ describe UsersController do
     shared_examples 'failed signup' do
       it 'should not create a new User' do
         expect { post "/u.json", params: create_params }.to_not change { User.count }
+        expect(response.status).to eq(200)
       end
 
       it 'should report failed' do
@@ -997,6 +998,15 @@ describe UsersController do
       include_examples 'failed signup'
     end
 
+    context 'with a missing username' do
+      let(:create_params) { { name: @user.name, email: @user.email, password: "x" * 20 } }
+
+      it 'should not create a new User' do
+        expect { post "/u.json", params: create_params }.to_not change { User.count }
+        expect(response.status).to eq(400)
+      end
+    end
+
     context 'when an Exception is raised' do
       before { User.any_instance.stubs(:save).raises(ActiveRecord::StatementInvalid.new('Oh no')) }