[FEAT]: API Endpoint to Update a Single User Profile

[aniebietafia]

Description

Implement an endpoint that allows registered and authenticated users to update their profile.

Endpoint Features

• Authenticated users are able to update their profile.
• Users should not be able to update another user profile.

Acceptance Criteria

• [ ] The endpoint should be accessible at PUT /api/v1/users/:user_id.
• [ ] User must be authenticated to access the endpoint.
• [ ] The endpoint accepts an HTTP PUT request.
• [ ] The request body should contain the field(s) to be updated.
• [ ] It should only update the fields that are provided in the request body.
• [ ] The endpoint should return a 200 status code if the update is successful.
• [ ] The endpoint should return a 401 status code if the user is not authenticated.
• [ ] The endpoint should return the user payload showing the updated fields.
• [ ] The endpoint must accept access token Authorization: Bearer: <token>

API Endpoint

PUT /api/v1/users/:user_id

Request Example

{
  "firstName": "John"
}

Response Example

{
  "message": "Profile updated successfully",
  "status_code": 200,
  "data": {
    "id": "wr54dgh-67dnut763-t36ud89",
    "firstName": "John",
    "lastName": "Doe",
    "location": "Nigeria",
    "created_at": TimeStamp,
    "updated_at": TimeStamp
  }
}

Data Validation

Input Validation

• The firstName field must be a string.
• The lastName field must be a string.
• The location field must be a string.

{
  "status_code": 422,
  "message": "Validation failed",
  "errors": {
    "firstName": "First name is a string",
    "lastName": "Last name is a string",
    "location": "Location is a string"
  }
}

Authentication and Authorization

Authentication

• The endpoint should be protected and only authenticated users should be able to access it.
• The endpoint should return a 401 status code if the user is not authenticated.

{
  "status_code": 401,
  "message": "Unauthorized"
}

Authorization

• Users should not be able to update another user profile.
• The endpoint should return a 403 status code if the user is not authorized to update the profile.

{
  "status_code": 403,
  "message": "Forbidden"
}

Error Handling

Error Response

• The endpoint should return a 404 status code if the user is not found.

{
  "status_code": 404,
  "message": "User not found"
}

• The endpoint should return a 500 status code if the server cannot process the request.

{
  "status_code": 500,
  "message": "Internal server error"
}

Security

• Implement rate limiting to prevent abuse of the API.
• Implement proper error handling to prevent information disclosure.
• Implement proper logging to monitor the API.
• Implement proper validation to prevent injection attacks.

Documentation

• The endpoint should be properly documented.
• The documentation should include the request and response examples.
• The documentation should include the data validation rules.
• The documentation should include the authentication and authorization rules.
• The documentation should include the error handling rules.

Testing

• Write tests for the endpoint.
• Test the endpoint with valid and invalid data.
• Test the endpoint with authenticated and unauthenticated users.
• Test the endpoint with authorized and unauthorized users.
• Test the endpoint with valid and invalid access tokens.
• Test the endpoint with valid and invalid user IDs.
• Test the endpoint with valid and invalid request payloads.
• Test the endpoint with valid and invalid data validation rules.

[incredible-phoenix246]

Sorry for not updating you

It is now update profile alone

So no preference

[aniebietafia]

Alright. Thanks

[aniebietafia]

I have updated the ticket.