[FEAT]: Endpoint to Update a Testimonial

[theijhay]

Description

Create a secure API endpoint that permits only authenticated users to modify their testimonial. The endpoint must correctly handle validation errors and return the modified testimonial with the correct status codes.

Acceptance Criteria

Authentication

The endpoint must be secured and necessitate user authentication.
If the user is not authenticated, the endpoint should issue a 401 Unauthorized status accompanied by a suitable error message.

Authorization

Implement an authorization check to ensure that only the owner of the testimonial (the user who created it) has the capability to make updates.

Endpoint Implementation:

The endpoint should be accessible at /api/v1/testimonials/{testimonial_id}.
The endpoint should accept http PATCH request.

Data Validation and Sanitization:

The API should validate the request payload to ensure the required field content is present and valid.

Update Testimonial

Upon successful validation, the API should update the specified user testimonial.

• Response:

On success, the API should return a 200 Ok status code with the success message.
On Validation failure, the API should return a 422 Unprocessable Entity error with detailed error messages.
On failure, the API should return a 400 Bad Request status code with appropriate error messages.

Endpoint:

[PATCH] /api/v1/testimonials/{testimonial_id}

Requests

PATCH /api/v1/testimonials/{testimonial_id}

• Successful Response

{
  "status": "success",
  "message": "Testimonial updated successfully",
  "data": {
	“user_id”: “uuid”,
	“content”: "string",
	“updated_at”: "DateTime"
    }
}

• Unsuccessful Response

{
  "status": "Bad Request",
  "message": "Client error",
  "status_code": 400
}

• Not authenticated Error Message

{
  "status":  "Unauthorized",
  "message":  "Not Authenticated. Please log in.",
  “status_code”: 401
}

• Validation Error Message

{
  "errors": [
    {
      "field": "string",
      "message": "string"
    }
  ]
}

Purpose

• Develop a backend service that enables users to modify their testimonials, incorporating appropriate authentication, authorization, and validation mechanisms.

Requirements

• Ensure that only the owner of a testimonial can update it by implementing an authorization check.
• Develop the server-side logic required to update a user testimonial.
• Validate every field in the request body.
• Ensure that the returned testimonial objects contain all the necessary fields.
• Make sure the endpoint returns appropriate error messages for validation failures, unauthorized access, and internal server errors.

Expected Outcome

• The API endpoint allows users to update their testimonials with appropriate validation and authentication

Task

• Create the endpoint HTTP PATCH /api/v1/testimonials/{testimonial_id} to update a user's testimonial.
• Implement authentication middleware to validate JWT tokens.
• Implement an authorization check to ensure that only the testimonial's owner has the ability to update it.
• Validate all fields in the request body.
• Validate the request param {testimonial_id}
• Write unit tests for all scenarios, including successful testimonial update, validation errors, and authentication/authorization checks.
• Perform security testing to ensure data protection and compliance.

Testing

• Write unit tests for successful update of user testimonial.
• Write unit tests for fields validation.
• Write unit tests for bad client requests.
• Write unit tests for authentication and authorization checks.
• Perform security testing to ensure data protection and compliance.

[joboy-dev]

Approved

[eniiku]

@theijhay are you assigned to this issue?

[theijhay]

@eniiku Pick it if it has not been worked on

[eniiku]

sharp! thanks @theijhay . Can you please assign this to me @joboy-dev @Takinnuoye5