Describe the bug
Duplication of products on different pages when requesting from the backend

To Reproduce
Steps to reproduce the behavior:

1. Request: https://iced-latte.uk/backend/api/v1/products?page=0&size=6&sort_attribute=averageRating&sort_direction=desc
2. Request: https://iced-latte.uk/backend/api/v1/products?page=1&size=6&sort_attribute=averageRating&sort_direction=desc
   GET-request
   Only page changed! Other parameters are the same!

Expected behavior
We get different products

Screenshots

Actual behavior
Product with id="e70f1d94-d55f-4e0e-8a6b-28e2ca3c6c34" repeated on two pages

Describe the bug
When sent request post the review with empty rating, system should reject the request and return clear error message.

Precondition: user registered and got Bearer token, user has not posted a review on a product yet.

Step to reproduce:
Execute a request like the below with a valid token :
curl --location 'https://iced-latte.uk/backend/api/v1/products/ba5f15c4-1f72-4b97-b9cf-4437e5c6c2fa/reviews'
--header 'Content-Type: application/json'
--header 'Authorization: {token}'
--data '{
"text": "Espresso is a beloved coffee that stands as the foundation of many coffee beverages, cherished for its rich, intense flavor and versatility. When crafted correctly, an espresso shot is a concentrated, full-bodied coffee experience that delights the senses. The perfect espresso shot starts with high-quality coffee beans, meticulously sourced and freshly ground just before brewing. ",
"rating": ""
}'

Expected behavior
The system should reject a request and return an error message = "Rating or review should be filled in", "HTTP status code": 400

Actual result
The system rejects a request with "HTTP status code": 400, and anunclear error message = "[{ ErrorMessage: must not be null }]

Description: According to the requirements when user sends a request to reset the password with an invalid format/mask email user should get a clear error message.

Step to reproduce:

Sent POST request as below:

curl --location 'http://0.0.0.0:8083/api/v1/auth/password/change'
--header 'Content-Type: application/json'
--data-raw '{
"email": "@‌gmail.com",
"code": "123-123-123",
"password": "password12345"
}'

Expected result: "Email must be valid" and HTTP CODE = 400 ‘Bad request’

Actual result: "message": "User with id = null is not found.", and HTTP Status CODE = 401Unauthorized

Description: According to the requirements password must be at least 8 characters long and contain at least one letter, one digit, and may include special characters @$!%*?&.

Precondition: User is registered

Step to reproduce:

Execute the POST request as below. Replace code and email with valid data.

curl --location 'http://0.0.0.0:8083/api/v1/auth/password/change'
--header 'Content-Type: application/json'
--data-raw '{
"email": "email to resent password",
"code": "code to reset password",
"password": "t"
}'

Expected result: App should reject password, HTTP status code = 400, error message = ”Password must be at least 8 characters long and contain at least one letter, one digit, and may include special characters @$!%*?&")”.

Actual result: The app allows saving password that do not meet requirements, HTTP status code = 200

Description: According to requirements the "First Name" and "Last Name" fields are expected to accept string lengths ranging from 2 to 128 characters. However, attempts to update these fields with strings of length greater than 55 characters result in an internal server error, indicating a discrepancy between the implementation and the specified requirements.

Precondition: User is registered and authenticated.

Steps to Reproduce:

1. Send an HTTP PUT request to the user update endpoint at http://0.0.0.0:8083/api/v1/users.
   In the request body, in "First Name" or "Last Name" input a string of 56, 64 characters, or 128 characters, using only Latin letters.
2. Observe the response.

Expected Result: The fields "Last Name" and "First Name" accept lengths of 56, 64, or 128 characters.
The user profile is successfully updated with the new values.
HTTP status code 200 is returned, along with a response body containing the updated user information.

Actual Result: The app rejects the request to update "Last Name" and "First Name" fields with lengths greater than 55 characters.
The API response is { "message": "Internal server error" }.
HTTP status code returned is 500, indicating a server error.

Description: When a user tries to update a password that does not meet requirements(Password must be at least 8 characters long and contain at least one letter, one digit, and may include special characters @$!%*?&), the system should return a clear error message that explains the password requirements easily. However, the app displays a regular expression that is hard to understand.

Preconditions:
User is registered and the bearer token is obtained.

Steps to Reproduce:
replace the token with valid data

Execute the following CURL command to attempt to update the user password:
curl --location --request PATCH 'http://0.0.0.0:8083/api/v1/users'
--header 'Content-Type: application/json'
--header 'Authorization: Bearer {token}'
--data '{
"newPassword": "password",
"oldPassword": "password12345"
}'
Observe the response.
Expected Result:

The system should reject the "newPassword" containing only letters.
HTTP status code 400 (Bad Request) should be returned.
Error message should clearly state: { "message": "Password must be at least 8 characters long and contain at least one letter, one digit, and may include special characters @$!%*?&" }.
Actual Result:

The "newPassword" field is correctly rejected for not meeting the requirement.
HTTP status code - 400.
The error message provided is unclear and technical: "message": "[{ ErrorMessage: must match "^(?=.[A-Za-z])(?=.\d)[A-Za-z\d@$!%*?&]{8,}$" }]".

Description: When attempting to update a password that does not meet the specified requirements as outlined in the Personal_Account_page+requirements, the system returns an error message that is inconsistent with the expected documentation. The error message should clearly state the password requirements, but instead provides a regular expression that is less understandable to end-users.

Preconditions:

User must be registered and authenticated.

Steps to Reproduce:

Execute the following CURL command to attempt updating the user password:curl --location --request PATCH 'http://0.0.0.0:8083/api/v1/users' --header 'Content-Type: application/json' --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJpY2VkbGF0ZS50ZXN0QGdtYWlsLmNvbSIsImlhdCI6MTcwOTgzNTE5NiwiZXhwIjoxNzA5ODM1NDM2fQ.UNpNvUOVNLNWsx60okbKTi6UM_CmRWsaGm8f_oWbNoY' --data '{"newPassword": "","oldPassword": "password12345"}'

Observe the response.

Expected Result:

The system should reject the "newPassword" with empty field.

HTTP status code 400 (Bad Request) should be returned.

Error message should clearly state: { "message": "Password is the mandatory attribute}.

Actual Result:

The "newPassword" field is correctly rejected for not meeting the requirement.

HTTP status code 400 is returned.

The error message provided is unclear and technical: "message": "[{ ErrorMessage: must match "^(?=.[A-Za-z])(?=.\d)[A-Za-z\d@$!%*?&]{8,}$" }]".

Describe the bug
When the request for a like product review is sent again, all previous likes and dislikes, both mine and those of other users, are removed.

Expected Result
Upon resending the request with
{
"isLike" : "true"
}
the previously set like should be removed.

Actual Result
Upon resending the request
{
"isLike" : "true"
}
all likes/dislikes are removed.

Describe the bug
The system allows it to save when sending a POST review request with non-Latin text.

Precondition:
User is registered, the Bearer token is obtained, and the user has not posted a review on a product.

To Reproduce
Send the POST request as below, and use a valid Bearer token.

curl --location 'https://iced-latte.uk/backend/api/v1/products/3ea8e601-24c9-49b1-8c65-8db8b3a5c7a3/reviews'
--header 'Content-Type: application/json'
--header 'Authorization: {token}'
--data '{
"text":"Купил эспрессо онлайн, и был в восторге от качества. Аромат свежесмолотых зерен наполнил кухню, а вкус готового напитка был богатым и сбалансированным, с нотками шоколада и фруктов. Отличный сервис и быстрая доставка — обязательно закажу снова",
"rating": "5"

}'
Expected behavior
The system should reject a request with 400 HTTP Status code and return the appropriate error message.

Actual result
The system accept the request, HTTP Status code = 200, and review posted non-Latin text.

Describe the bug
When sending a second POST review request from the same user, a message in the response body contains mismatched data in ID product and ID user.

Precondition:
The user is registered, the Bearer token is obtained, and the user has already posted a review on a product.

To Reproduce
Send the POST request as below, and use a valid Bearer token.
curl --location 'https://iced-latte.uk/backend/api/v1/products/3ea8e601-24c9-49b1-8c65-8db8b3a5c7a3/reviews'
--header 'Content-Type: application/json'
--header 'Authorization: {token}'
--data '{
"text":"hjjkkll;;;;;;;",
"rating": "5"
}'

Expected behavior
The system should reject request with 400 HTTP Status code and return the appropriate error message = "
Creation of the product's review for the user with userId = '99999999-9999-9999-9999-999999999999' and the product with productId = '3ea8e601-24c9-49b1-8c65-8db8b3a5c7a3' is denied. Delete the previous product's review '00c106c9-fe66-4d4c-ac76-013eec3bcc29' first."

Actual result
The system rejects the request with 400 HTTP Status code and error message = "Creation of the product's review for the user with userId = '3ea8e601-24c9-49b1-8c65-8db8b3a5c7a3' and the product with productId = '99999999-9999-9999-9999-999999999999' is denied. Delete the previous product's review '00c106c9-fe66-4d4c-ac76-013eec3bcc29' first."

Comment
In the error message instead, userId displayed productId and instead, productId displayed userId.

Description: When sending a request to retrieve user information, the user's ID is not utilized. Instead, a Bearer token is used to achieve this functionality. However, the Swagger documentation inaccurately mentions the need for a user's ID for this request.

Describe the bug
Product averageRating getting from endpoints -
/api/v1/products and /api/v1/products/{productId}/reviews/statistics has different data type.

/api/v1/products/{productId}/reviews/statistics has "avgRating": "string" - <class 'str'>
/api/v1/products has "averageRating": 0 - <class 'float'>

Description: When sending a request to update user's info with an empty body, the app return a clear error message in string format.

Precondition: The user authorized and gets Bearer token

Steps to Reproduce: replace token with valid data
Send a PUT request to the endpoint http://localhost:8083/api/v1/users using the HTTP PUT method with an empty JSON object {} as the body.
‌
curl --location --request PUT 'http://0.0.0.0:8083/api/v1/users'
--header 'Content-Type: application/json'
--header 'Authorization: Bearer {token}'{
}'
‌
2. Observe response message.

Expected result: format message should be a string. "First name is the mandatory attribute" and "Last name is the mandatory attribute"

Actual result: format message is list dictionary.

Describe the bug
When sending a POST review request with text =whitespaces, the system allows it to save.

Precondition:
User is registered, the Bearer token is obtained, and the user has not posted a review on a product.

To Reproduce
Send the POST request as below, and use a valid Bearer token.

curl --location 'https://iced-latte.uk/backend/api/v1/products/ba5f15c4-1f72-4b97-b9cf-4437e5c6c2fa/reviews'
--header 'Content-Type: application/json'
--header 'Authorization: {token}'
--data '{
"text": " ",
"rating": "5"

}'
Expected behavior
The system should reject request with 400 HTTP Status code and return the appropriate error message = "Invalid data".

Actual result
System accept the request, HTTP Status code = 200 and review posted with text = " "

ACTUAL:

Some API return JSON like `

{message: "error text",...}

, and some like

{error: "error text",...}

EXPECTED:

The same schema for all the endpoints and for any errors status (4xx).
Use this

{
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"message": {
"type": "string"
},
"httpStatusCode": {
"type": "integer"
},
"timestamp": {
"type": "string"
}
},
"required": [
"message",
"httpStatusCode",
"timestamp"
]

1. Delete all custom mappers/converters and replace them with Mapstruct.
2. Check if all tests are passed.
3. Check if the project works without any error by making the http request to REST API.

1. Add PostgreSQL to docker-compose.yaml.
2. Add PostgreSQL dependencies to pom.xml.
3. Add PostgreSQL configuration to project yaml config file.
4. Test.

1. Move Spring Security UserDetails fields from the UserEntity to somewhere else.
2. Check if all tests are passed.
3. Check if the project works without any error by making the http request to REST API.

Description: According to the requirements review input text field should accept extended Latin letters, digits, symbols .,&!(). But accepts - special char, links, non-Latin letters.

Precondition: User is registered and the Bearer token is obtained.

Step to reproduce:
Execute the POST request as below. Replace the Bearer token with valid data.

curl --location 'http://0.0.0.0:8083/api/v1/products/e0323d1b-1169-4a0e-8d7b-07ff3bfe7f7e/reviews'
--header 'Content-Type: application/json'
--header 'Authorization: Bearer token
--data '{
"text": "Заказал кофе ледяной латте на одном из известных сайтов, и результат превзошел все ожидания! Кофе был доставлен быстро и упакован так, что сохранял идеальную свежесть. Вкус напитка получился насыщенным и богатым, с ярко выраженными нотками жареного зерна. Очень понравилась гладкая текстура и то, как хорошо кофе сочетался с холодом. Этот ледяной латте стал отличным началом дня. Рекомендую к покупке на этом сайте",
"rating": "5"
}'

Expected result: The app should reject the text, HTTP status code = 400, and error message = ”Invalid data".
Actual result: The app allows saving text review that do not meet requirements, HTTP status code = 200

Before:

1. When sorting with parameters: 'sort_attribute=averageRating&sort_direction=desc' we get a list of products that first contains products with averageRating equal to null.
2. When sorting with parameters: 'sort_attribute=averageRating&sort_direction=asc' we get a list of products that last contains products with averageRating equal to null.

After:

1. Descending order: Products with averageRating equal to null should be the latest.
2. Ascending order: Products with averageRating equal to null should come first.

After we deleted the review on the product page, the data (avgRating and reviewsCount) that we get with request '/{productId}/reviews/statistics' changes
But
The data (averageRating and reviewsCount) that we get with request '/products' does not change

Description: When attempting to update a password, if the new password exceeds the maximum length requirement of 128 characters as specified in Personal_Account_page+requirements


, the system incorrectly allows the password to be saved. This behavior contradicts the documented password length constraint, which should restrict passwords to a maximum of 128 characters.

Preconditions:

User must be registered and authenticated.

Steps to Reproduce:

Execute any the following CURL commands to attempt updating the user password:

1.1 password with length = 129:
curl --location --request PATCH 'http://0.0.0.0:8083/api/v1/users'
--header 'Content-Type: application/json'
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJpY2VkbGF0ZS50ZXN0QGdtYWlsLmNvbSIsImlhdCI6MTcwOTgyNjk2NywiZXhwIjoxNzA5ODI3MjA3fQ.ebcUbpALQg7Imh207aznezB9AsJYxj0KmijMBEz_9W8'
--data-raw '{
"newPassword": "@OUiDQK3BFZNSk3NLN4Sp%w@CNOa!7xP5B&cx7Gw9E6sXl@x4GwPRlyjErQEW8G9YbW@x5kUnS0sTeY0DwKTIFUZSxd$UETcblOxsDGaxHagIB7aWN0%G5o4CqQo*H%",
"oldPassword": "password12345"
}'

1.2 password with length = 130: curl --location --request PATCH 'http://0.0.0.0:8083/api/v1/users'
--header 'Content-Type: application/json'
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJpY2VkbGF0ZS50ZXN0QGdtYWlsLmNvbSIsImlhdCI6MTcwOTgyNjk2NywiZXhwIjoxNzA5ODI3MjA3fQ.ebcUbpALQg7Imh207aznezB9AsJYxj0KmijMBEz_9W8'
--data-raw '{
"newPassword": "@OUiDQK3BFZNSk3NLN4Sp %w@CNOa!7xP5B&cx7Gw9E6sXl@x4Gw_PRlyjErQEW8G9YbW@x5kUnS0sTeY0DwKTIFUZSxd$UETcblOxsDGaxHagIB7aWN0_%G5o4CqQo*H%9",
"oldPassword": "password12345"
}'

2. Observe the response.

Expected Result:

The system should reject the "newPassword" if its length exceeds 128 characters.

An HTTP status code of 400 (Bad Request) should be returned.

The error message should clearly state: { "message": "Password should have a length between 8 and 128 characters" }.

Actual Result:

Passwords with lengths of 129 and 130 characters are incorrectly saved.

An HTTP status code of 200 (OK) is returned, indicating a successful operation contrary to expectations.

1. Update all version of our Maven dependecies in the project.
2. Check if all tests are passed.
3. Check if the project works without any error by making the http request to REST API.

1. Replace Maven with Gradle.
2. Check if all tests are passed.
3. Check if the project works without any error by making the http request to REST API.

1. Update the java version from 17 to 21 in the project.
2. Check if all tests are passed and project works without any error.

According to the implementation of the functionality, if a user tries to log in with an incorrect password for 5 attempts, the account should be blocked for 60 minutes.

Precondition: User is registered

Step to reproduce
Sent POST request 6 times using the example below: replace email with existing email in BD and incorrect password
curl --location 'http://0.0.0.0:8083/api/v1/auth/authenticate'
--header 'Content-Type: application/json'
--data-raw '{
"email": "email",
"password": "password"

}'

Expected result: error message: "The request was rejected due to an incorrect number of login attempts for the user with email='[email protected]'. Try again in 60 minutes or reset your password"

Actual result: error message: "The request was rejected due to an incorrect number of login attempts for the user with email='[email protected]'. Try again in 30 minutes or reset your password"