Skip to content

fix(profile): validate username uniqueness before profile updates#674

Merged
param20h merged 1 commit into
param20h:devfrom
sujitha-kotyada:fix/673-profile-username-validation
Jun 23, 2026
Merged

fix(profile): validate username uniqueness before profile updates#674
param20h merged 1 commit into
param20h:devfrom
sujitha-kotyada:fix/673-profile-username-validation

Conversation

@sujitha-kotyada

@sujitha-kotyada sujitha-kotyada commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

📋 PR Checklist

🔗 Related Issue

Closes #673

📝 What does this PR do?

This PR fixes a bug in the PUT /profile endpoint where username updates bypassed application-level uniqueness validation.

Previously, if a user attempted to change their username to one already used by another account, the database unique constraint would trigger an unhandled IntegrityError, resulting in a 500 Internal Server Error.

Changes made:

  • Added username uniqueness validation before updating the user record.
  • Excluded the current user from duplicate username checks.
  • Added IntegrityError handling with transaction rollback to safely handle race conditions.
  • Returned a user-friendly validation error instead of exposing a database exception.
  • Added regression tests covering duplicate, unchanged, and unique username update scenarios.

🗂️ Type of Change

  • 🐛 Bug fix
  • ✨ New feature
  • 🔧 Refactor / code cleanup
  • 📝 Documentation update
  • 🎨 UI / styling change
  • ⚙️ CI / tooling / config change
  • 🧪 Tests

🧪 How was this tested?

  • Ran the backend locally (uvicorn app.main:app --reload)
  • Ran the frontend locally (npm run dev inside frontend/)
  • Tested the affected API endpoints manually
  • Added / updated tests

Validation Performed

  • Added regression tests for:

    • Duplicate username update attempt
    • Keeping the existing username
    • Updating to a new unique username

  • Executed:

    backend/.venv/Scripts/pytest backend/tests/test_profile.py

  • Executed full backend test suite:

    backend/.venv/Scripts/pytest

📸 Screenshots (if UI change)

N/A (Backend-only change)

⚠️ Anything to flag for reviewers?

  • No schema or database migrations were required.
  • The change is isolated to the profile update endpoint.
  • Added defensive IntegrityError handling to protect against concurrent update race conditions.

✅ Self-Review Checklist

  • My branch is based on dev, not main
  • I have not added any secrets / API keys
  • I have not modified main branch or any HuggingFace deployment config
  • My code follows the existing style (no unnecessary formatting changes)
  • I have updated relevant docs / comments if needed

@param20h param20h merged commit 378d7bf into param20h:dev Jun 23, 2026
8 checks passed
@github-actions github-actions Bot added bug Something isn't working gssoc GirlScript Summer of Code 2026 issue/PR gssoc:approved Approved for GSSoC base points (+50 pts) mentor:param20h Mentor for this PR labels Jun 23, 2026
@param20h param20h added level:intermediate +35 pts type:bug +10 pts and removed bug Something isn't working gssoc GirlScript Summer of Code 2026 issue/PR labels Jun 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@param20h param20h param20h approved these changes

Assignees

No one assigned

Labels

gssoc:approved Approved for GSSoC base points (+50 pts) level:intermediate +35 pts mentor:param20h Mentor for this PR type:bug +10 pts

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] PUT /profile endpoint bypasses username uniqueness validation and returns IntegrityError

2 participants

@sujitha-kotyada @param20h