From 5b7f97dc733e83fa87b9ae3e9e82ff3d114d1474 Mon Sep 17 00:00:00 2001
From: Thiago Gonzaga <thiago.gonzaga@icloud.com>
Date: Mon, 2 Mar 2026 22:10:58 -0300
Subject: [PATCH 1/9] ci: add format/lint jobs and align PR checks across all
 repos

- Add concurrency block to cancel stale runs
- Add format and lint jobs (repo-specific tooling)
- Gate test/build on format+lint passing
- Add PR docker-build job with Trivy vulnerability scan
- Align job structure with Go/Node.js/Python pattern
---
 .editorconfig                                 |   4 +
 .github/workflows/ci.yml                      |  49 +-
 Controllers/UserController.cs                 | 351 ++++----
 DTOs/UserDto.cs                               |  83 +-
 Data/UserDbContext.cs                         |  82 +-
 ...CompatibleSystemTextJsonOutputFormatter.cs |  55 +-
 Models/User.cs                                |  35 +-
 Program.cs                                    |  14 +-
 Services/UserService.cs                       | 268 +++---
 .../UserControllerHelperMethodsTests.cs       | 165 ++--
 .../UserControllerIntegrationTests.cs         | 796 +++++++++--------
 .../Controllers/UserControllerUnitTests.cs    | 601 +++++++------
 UserApi.Tests/DTOs/UserDtoValidationTests.cs  | 502 +++++------
 UserApi.Tests/GlobalUsings.cs                 |  10 +-
 UserApi.Tests/Models/UserModelTests.cs        | 139 ++-
 UserApi.Tests/Services/UserServiceTests.cs    | 802 +++++++++---------
 UserApi.Tests/TestConfiguration.cs            |  45 +-
 UserApi.Tests/TestUtilities.cs                |  67 +-
 18 files changed, 2011 insertions(+), 2057 deletions(-)

diff --git a/.editorconfig b/.editorconfig
index 901e6b4..f987fd7 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -76,6 +76,10 @@ dotnet_style_prefer_conditional_expression_over_return = true:silent
 # C# preferences
 csharp_prefer_braces = true:warning
 csharp_prefer_simple_using_statement = true:suggestion
+csharp_style_namespace_declarations = file_scoped:warning
+csharp_using_directive_placement = outside_namespace:warning
+dotnet_sort_system_directives_first = true
+dotnet_separate_import_directive_groups = false
 csharp_style_deconstructed_variable_declaration = true:suggestion
 csharp_prefer_simple_default_expression = true:suggestion
 csharp_style_pattern_matching_over_is_with_cast_check = true:suggestion
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 86b0f9f..21d6760 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -350,6 +350,53 @@ jobs:
       run: dotnet sonarscanner end /d:sonar.token="$SONAR_TOKEN"
 
   docker-build:
+    runs-on: ubuntu-latest
+    needs: [build, test, code-quality]
+    if: github.event_name == 'pull_request'
+    permissions:
+      contents: read
+      security-events: write
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v6
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Build Docker image for PR validation
+      uses: docker/build-push-action@v6
+      with:
+        context: .
+        push: false
+        tags: otel-core-example:pr-${{ github.event.pull_request.number }}
+        load: true
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+
+    - name: Verify Docker image was built
+      run: |
+        echo "Listing Docker images:"
+        docker images
+        echo "Checking if our image exists:"
+        docker inspect otel-core-example:pr-${{ github.event.pull_request.number }}
+
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: otel-core-example:pr-${{ github.event.pull_request.number }}
+        format: 'sarif'
+        output: 'trivy-results.sarif'
+      env:
+        TRIVY_SKIP_VERSION_CHECK: true
+
+    - name: Upload Trivy scan results to GitHub Security tab
+      uses: github/codeql-action/upload-sarif@v4
+      if: always()
+      with:
+        sarif_file: 'trivy-results.sarif'
+
+  docker-publish:
     runs-on: ubuntu-latest
     needs: [build, test, code-quality]
     if: github.ref == 'refs/heads/main'
@@ -393,7 +440,7 @@ jobs:
 
   deploy:
     runs-on: ubuntu-latest
-    needs: [docker-build]
+    needs: [docker-publish]
     if: github.ref == 'refs/heads/main'
     permissions:
       contents: read
diff --git a/Controllers/UserController.cs b/Controllers/UserController.cs
index 1d81d16..7899d2a 100644
--- a/Controllers/UserController.cs
+++ b/Controllers/UserController.cs
@@ -1,222 +1,221 @@
-using Microsoft.AspNetCore.Mvc;
 using System.Diagnostics;
+using Microsoft.AspNetCore.Mvc;
 using UserApi.DTOs;
 using UserApi.Services;
 
-namespace UserApi.Controllers
+namespace UserApi.Controllers;
+
+[ApiController]
+[Route("api/[controller]")]
+public class UserController : ControllerBase
 {
-    [ApiController]
-    [Route("api/[controller]")]
-    public class UserController : ControllerBase
+    private readonly IUserService _userService;
+    private readonly ILogger<UserController> _logger;
+    private static readonly ActivitySource ActivitySource = new("UserApi");
+
+    public UserController(IUserService userService, ILogger<UserController> logger)
+    {
+        _userService = userService;
+        _logger = logger;
+    }
+
+    /// <summary>
+    /// Get all users
+    /// </summary>
+    [HttpGet]
+    public async Task<ActionResult<IEnumerable<UserResponseDto>>> GetUsers()
     {
-        private readonly IUserService _userService;
-        private readonly ILogger<UserController> _logger;
-        private static readonly ActivitySource ActivitySource = new("UserApi");
+        using var activity = ActivitySource.StartActivity("GetUsers");
+        activity?.SetTag("operation", "get_all_users");
 
-        public UserController(IUserService userService, ILogger<UserController> logger)
+        try
         {
-            _userService = userService;
-            _logger = logger;
+            var users = await _userService.GetAllUsersAsync();
+            return Ok(users);
         }
-
-        /// <summary>
-        /// Get all users
-        /// </summary>
-        [HttpGet]
-        public async Task<ActionResult<IEnumerable<UserResponseDto>>> GetUsers()
+        catch (Exception ex)
         {
-            using var activity = ActivitySource.StartActivity("GetUsers");
-            activity?.SetTag("operation", "get_all_users");
+            _logger.LogError(ex, "Error occurred while getting all users");
+            activity?.SetStatus(ActivityStatusCode.Error, ex.Message);
+            return StatusCode(500, "An error occurred while retrieving users");
+        }
+    }
 
-            try
-            {
-                var users = await _userService.GetAllUsersAsync();
-                return Ok(users);
-            }
-            catch (Exception ex)
+    /// <summary>
+    /// Get a user by ID
+    /// </summary>
+    [HttpGet("{id}")]
+    public async Task<ActionResult<UserResponseDto>> GetUser(int id)
+    {
+        using var activity = ActivitySource.StartActivity("GetUser");
+        activity?.SetTag("operation", "get_user_by_id");
+        activity?.SetTag("user.id", id);
+
+        try
+        {
+            var user = await _userService.GetUserByIdAsync(id);
+            if (user == null)
             {
-                _logger.LogError(ex, "Error occurred while getting all users");
-                activity?.SetStatus(ActivityStatusCode.Error, ex.Message);
-                return StatusCode(500, "An error occurred while retrieving users");
+                activity?.SetStatus(ActivityStatusCode.Error, "User not found");
+                return NotFound($"User with ID {id} not found");
             }
-        }
 
-        /// <summary>
-        /// Get a user by ID
-        /// </summary>
-        [HttpGet("{id}")]
-        public async Task<ActionResult<UserResponseDto>> GetUser(int id)
+            return Ok(user);
+        }
+        catch (Exception ex)
         {
-            using var activity = ActivitySource.StartActivity("GetUser");
-            activity?.SetTag("operation", "get_user_by_id");
-            activity?.SetTag("user.id", id);
+            _logger.LogError(ex, "Error occurred while getting user with ID {UserId}", id);
+            activity?.SetStatus(ActivityStatusCode.Error, ex.Message);
+            return StatusCode(500, "An error occurred while retrieving the user");
+        }
+    }
 
-            try
-            {
-                var user = await _userService.GetUserByIdAsync(id);
-                if (user == null)
-                {
-                    activity?.SetStatus(ActivityStatusCode.Error, "User not found");
-                    return NotFound($"User with ID {id} not found");
-                }
-
-                return Ok(user);
-            }
-            catch (Exception ex)
+    /// <summary>
+    /// Create a new user
+    /// </summary>
+    [HttpPost]
+    public async Task<ActionResult<UserResponseDto>> CreateUser(CreateUserDto createUserDto)
+    {
+        using var activity = ActivitySource.StartActivity("CreateUser");
+        activity?.SetTag("operation", "create_user");
+        // Avoid logging PII in traces - use a sanitized version or omit entirely
+        activity?.SetTag("user.email.domain", GetEmailDomain(createUserDto.Email));
+
+        try
+        {
+            if (!ModelState.IsValid)
             {
-                _logger.LogError(ex, "Error occurred while getting user with ID {UserId}", id);
-                activity?.SetStatus(ActivityStatusCode.Error, ex.Message);
-                return StatusCode(500, "An error occurred while retrieving the user");
+                activity?.SetStatus(ActivityStatusCode.Error, "Invalid model state");
+                return BadRequest(ModelState);
             }
-        }
 
-        /// <summary>
-        /// Create a new user
-        /// </summary>
-        [HttpPost]
-        public async Task<ActionResult<UserResponseDto>> CreateUser(CreateUserDto createUserDto)
+            var user = await _userService.CreateUserAsync(createUserDto);
+            return CreatedAtAction(nameof(GetUser), new { id = user.Id }, user);
+        }
+        catch (InvalidOperationException ex)
+        {
+            var sanitizedEmail = SanitizeEmailForLogging(createUserDto.Email);
+            _logger.LogWarning(ex, "Invalid operation while creating user with email {Email}", sanitizedEmail);
+            activity?.SetStatus(ActivityStatusCode.Error, ex.Message);
+            return Conflict(ex.Message);
+        }
+        catch (Exception ex)
         {
-            using var activity = ActivitySource.StartActivity("CreateUser");
-            activity?.SetTag("operation", "create_user");
-            // Avoid logging PII in traces - use a sanitized version or omit entirely
-            activity?.SetTag("user.email.domain", GetEmailDomain(createUserDto.Email));
+            var sanitizedEmail = SanitizeEmailForLogging(createUserDto.Email);
+            _logger.LogError(ex, "Error occurred while creating user with email {Email}", sanitizedEmail);
+            activity?.SetStatus(ActivityStatusCode.Error, ex.Message);
+            return StatusCode(500, "An error occurred while creating the user");
+        }
+    }
 
-            try
-            {
-                if (!ModelState.IsValid)
-                {
-                    activity?.SetStatus(ActivityStatusCode.Error, "Invalid model state");
-                    return BadRequest(ModelState);
-                }
-
-                var user = await _userService.CreateUserAsync(createUserDto);
-                return CreatedAtAction(nameof(GetUser), new { id = user.Id }, user);
-            }
-            catch (InvalidOperationException ex)
+    /// <summary>
+    /// Update an existing user
+    /// </summary>
+    [HttpPut("{id}")]
+    public async Task<ActionResult<UserResponseDto>> UpdateUser(int id, UpdateUserDto updateUserDto)
+    {
+        using var activity = ActivitySource.StartActivity("UpdateUser");
+        activity?.SetTag("operation", "update_user");
+        activity?.SetTag("user.id", id);
+
+        try
+        {
+            if (!ModelState.IsValid)
             {
-                var sanitizedEmail = SanitizeEmailForLogging(createUserDto.Email);
-                _logger.LogWarning(ex, "Invalid operation while creating user with email {Email}", sanitizedEmail);
-                activity?.SetStatus(ActivityStatusCode.Error, ex.Message);
-                return Conflict(ex.Message);
+                activity?.SetStatus(ActivityStatusCode.Error, "Invalid model state");
+                return BadRequest(ModelState);
             }
-            catch (Exception ex)
+
+            var user = await _userService.UpdateUserAsync(id, updateUserDto);
+            if (user == null)
             {
-                var sanitizedEmail = SanitizeEmailForLogging(createUserDto.Email);
-                _logger.LogError(ex, "Error occurred while creating user with email {Email}", sanitizedEmail);
-                activity?.SetStatus(ActivityStatusCode.Error, ex.Message);
-                return StatusCode(500, "An error occurred while creating the user");
+                activity?.SetStatus(ActivityStatusCode.Error, "User not found");
+                return NotFound($"User with ID {id} not found");
             }
-        }
 
-        /// <summary>
-        /// Update an existing user
-        /// </summary>
-        [HttpPut("{id}")]
-        public async Task<ActionResult<UserResponseDto>> UpdateUser(int id, UpdateUserDto updateUserDto)
+            return Ok(user);
+        }
+        catch (InvalidOperationException ex)
+        {
+            _logger.LogWarning(ex, "Invalid operation while updating user with ID {UserId}", id);
+            activity?.SetStatus(ActivityStatusCode.Error, ex.Message);
+            return Conflict(ex.Message);
+        }
+        catch (Exception ex)
         {
-            using var activity = ActivitySource.StartActivity("UpdateUser");
-            activity?.SetTag("operation", "update_user");
-            activity?.SetTag("user.id", id);
+            _logger.LogError(ex, "Error occurred while updating user with ID {UserId}", id);
+            activity?.SetStatus(ActivityStatusCode.Error, ex.Message);
+            return StatusCode(500, "An error occurred while updating the user");
+        }
+    }
 
-            try
-            {
-                if (!ModelState.IsValid)
-                {
-                    activity?.SetStatus(ActivityStatusCode.Error, "Invalid model state");
-                    return BadRequest(ModelState);
-                }
-
-                var user = await _userService.UpdateUserAsync(id, updateUserDto);
-                if (user == null)
-                {
-                    activity?.SetStatus(ActivityStatusCode.Error, "User not found");
-                    return NotFound($"User with ID {id} not found");
-                }
-
-                return Ok(user);
-            }
-            catch (InvalidOperationException ex)
-            {
-                _logger.LogWarning(ex, "Invalid operation while updating user with ID {UserId}", id);
-                activity?.SetStatus(ActivityStatusCode.Error, ex.Message);
-                return Conflict(ex.Message);
-            }
-            catch (Exception ex)
+    /// <summary>
+    /// Delete a user
+    /// </summary>
+    [HttpDelete("{id}")]
+    public async Task<ActionResult> DeleteUser(int id)
+    {
+        using var activity = ActivitySource.StartActivity("DeleteUser");
+        activity?.SetTag("operation", "delete_user");
+        activity?.SetTag("user.id", id);
+
+        try
+        {
+            var deleted = await _userService.DeleteUserAsync(id);
+            if (!deleted)
             {
-                _logger.LogError(ex, "Error occurred while updating user with ID {UserId}", id);
-                activity?.SetStatus(ActivityStatusCode.Error, ex.Message);
-                return StatusCode(500, "An error occurred while updating the user");
+                activity?.SetStatus(ActivityStatusCode.Error, "User not found");
+                return NotFound($"User with ID {id} not found");
             }
-        }
 
-        /// <summary>
-        /// Delete a user
-        /// </summary>
-        [HttpDelete("{id}")]
-        public async Task<ActionResult> DeleteUser(int id)
+            return NoContent();
+        }
+        catch (Exception ex)
         {
-            using var activity = ActivitySource.StartActivity("DeleteUser");
-            activity?.SetTag("operation", "delete_user");
-            activity?.SetTag("user.id", id);
+            _logger.LogError(ex, "Error occurred while deleting user with ID {UserId}", id);
+            activity?.SetStatus(ActivityStatusCode.Error, ex.Message);
+            return StatusCode(500, "An error occurred while deleting the user");
+        }
+    }
 
-            try
-            {
-                var deleted = await _userService.DeleteUserAsync(id);
-                if (!deleted)
-                {
-                    activity?.SetStatus(ActivityStatusCode.Error, "User not found");
-                    return NotFound($"User with ID {id} not found");
-                }
-
-                return NoContent();
-            }
-            catch (Exception ex)
-            {
-                _logger.LogError(ex, "Error occurred while deleting user with ID {UserId}", id);
-                activity?.SetStatus(ActivityStatusCode.Error, ex.Message);
-                return StatusCode(500, "An error occurred while deleting the user");
-            }
+    private static string SanitizeEmailForLogging(string email)
+    {
+        if (string.IsNullOrEmpty(email))
+        {
+            return "[empty]";
         }
 
-        private static string SanitizeEmailForLogging(string email)
+        var atIndex = email.IndexOf('@');
+        if (atIndex < 0)
         {
-            if (string.IsNullOrEmpty(email))
-            {
-                return "[empty]";
-            }
+            return "[invalid]";
+        }
 
-            var atIndex = email.IndexOf('@');
-            if (atIndex < 0)
-            {
-                return "[invalid]";
-            }
+        // Keep first character and domain, mask the rest
+        var localPart = email.Substring(0, atIndex);
+        var domain = email.Substring(atIndex);
 
-            // Keep first character and domain, mask the rest
-            var localPart = email.Substring(0, atIndex);
-            var domain = email.Substring(atIndex);
+        if (localPart.Length <= 1)
+        {
+            return $"*{domain}";
+        }
 
-            if (localPart.Length <= 1)
-            {
-                return $"*{domain}";
-            }
+        return $"{localPart[0]}***{domain}";
+    }
 
-            return $"{localPart[0]}***{domain}";
+    private static string GetEmailDomain(string email)
+    {
+        if (string.IsNullOrEmpty(email))
+        {
+            return "[empty]";
         }
 
-        private static string GetEmailDomain(string email)
+        var atIndex = email.IndexOf('@');
+        if (atIndex < 0)
         {
-            if (string.IsNullOrEmpty(email))
-            {
-                return "[empty]";
-            }
-
-            var atIndex = email.IndexOf('@');
-            if (atIndex < 0)
-            {
-                return "[invalid]";
-            }
-
-            return email.Substring(atIndex + 1);
+            return "[invalid]";
         }
+
+        return email.Substring(atIndex + 1);
     }
 }
diff --git a/DTOs/UserDto.cs b/DTOs/UserDto.cs
index 1449a2b..630ad7b 100644
--- a/DTOs/UserDto.cs
+++ b/DTOs/UserDto.cs
@@ -1,50 +1,41 @@
 using System.ComponentModel.DataAnnotations;
 
-namespace UserApi.DTOs
+namespace UserApi.DTOs;
+
+public class CreateUserDto
+{
+    [Required]
+    [StringLength(100)]
+    public string Name { get; set; } = string.Empty;
+
+    [Required]
+    [EmailAddress]
+    [StringLength(255)]
+    public string Email { get; set; } = string.Empty;
+
+    [StringLength(500)]
+    public string? Bio { get; set; }
+}
+
+public class UpdateUserDto
+{
+    [StringLength(100)]
+    public string? Name { get; set; }
+
+    [EmailAddress]
+    [StringLength(255)]
+    public string? Email { get; set; }
+
+    [StringLength(500)]
+    public string? Bio { get; set; }
+}
+
+public class UserResponseDto
 {
-    public class CreateUserDto
-    {
-        [Required]
-        [StringLength(100)]
-        public string FirstName { get; set; } = string.Empty;
-
-        [Required]
-        [StringLength(100)]
-        public string LastName { get; set; } = string.Empty;
-
-        [Required]
-        [EmailAddress]
-        [StringLength(255)]
-        public string Email { get; set; } = string.Empty;
-
-        [StringLength(20)]
-        public string? PhoneNumber { get; set; }
-    }
-
-    public class UpdateUserDto
-    {
-        [StringLength(100)]
-        public string? FirstName { get; set; }
-
-        [StringLength(100)]
-        public string? LastName { get; set; }
-
-        [EmailAddress]
-        [StringLength(255)]
-        public string? Email { get; set; }
-
-        [StringLength(20)]
-        public string? PhoneNumber { get; set; }
-    }
-
-    public class UserResponseDto
-    {
-        public int Id { get; set; }
-        public string FirstName { get; set; } = string.Empty;
-        public string LastName { get; set; } = string.Empty;
-        public string Email { get; set; } = string.Empty;
-        public string? PhoneNumber { get; set; }
-        public DateTime CreatedAt { get; set; }
-        public DateTime UpdatedAt { get; set; }
-    }
+    public int Id { get; set; }
+    public string Name { get; set; } = string.Empty;
+    public string Email { get; set; } = string.Empty;
+    public string? Bio { get; set; }
+    public DateTime CreatedAt { get; set; }
+    public DateTime UpdatedAt { get; set; }
 }
diff --git a/Data/UserDbContext.cs b/Data/UserDbContext.cs
index b12bd53..ce7b337 100644
--- a/Data/UserDbContext.cs
+++ b/Data/UserDbContext.cs
@@ -1,55 +1,51 @@
 using Microsoft.EntityFrameworkCore;
 using UserApi.Models;
 
-namespace UserApi.Data
+namespace UserApi.Data;
+
+public class UserDbContext : DbContext
 {
-    public class UserDbContext : DbContext
+    public UserDbContext(DbContextOptions<UserDbContext> options) : base(options)
     {
-        public UserDbContext(DbContextOptions<UserDbContext> options) : base(options)
-        {
-        }
+    }
 
-        public DbSet<User> Users { get; set; } = null!;
+    public DbSet<User> Users { get; set; } = null!;
 
-        protected override void OnModelCreating(ModelBuilder modelBuilder)
-        {
-            base.OnModelCreating(modelBuilder);
+    protected override void OnModelCreating(ModelBuilder modelBuilder)
+    {
+        base.OnModelCreating(modelBuilder);
 
-            modelBuilder.Entity<User>(entity =>
-            {
-                entity.HasKey(e => e.Id);
-                entity.Property(e => e.Email).IsRequired();
-                entity.HasIndex(e => e.Email).IsUnique();
-                entity.Property(e => e.FirstName).IsRequired();
-                entity.Property(e => e.LastName).IsRequired();
-            });
+        modelBuilder.Entity<User>(entity =>
+        {
+            entity.HasKey(e => e.Id);
+            entity.Property(e => e.Email).IsRequired();
+            entity.HasIndex(e => e.Email).IsUnique();
+            entity.Property(e => e.Name).IsRequired();
+        });
 
-            // Seed some initial data (only for production database, not test databases)
-            if (Database.ProviderName != "Microsoft.EntityFrameworkCore.InMemory")
-            {
-                modelBuilder.Entity<User>().HasData(
-                    new User
-                    {
-                        Id = 1,
-                        FirstName = "John",
-                        LastName = "Doe",
-                        Email = "john.doe@example.com",
-                        PhoneNumber = "+1234567890",
-                        CreatedAt = DateTime.UtcNow,
-                        UpdatedAt = DateTime.UtcNow
-                    },
-                    new User
-                    {
-                        Id = 2,
-                        FirstName = "Jane",
-                        LastName = "Smith",
-                        Email = "jane.smith@example.com",
-                        PhoneNumber = "+0987654321",
-                        CreatedAt = DateTime.UtcNow,
-                        UpdatedAt = DateTime.UtcNow
-                    }
-                );
-            }
+        // Seed some initial data (only for production database, not test databases)
+        if (Database.ProviderName != "Microsoft.EntityFrameworkCore.InMemory")
+        {
+            modelBuilder.Entity<User>().HasData(
+                new User
+                {
+                    Id = 1,
+                    Name = "John Doe",
+                    Email = "john.doe@example.com",
+                    Bio = "Software Engineer",
+                    CreatedAt = DateTime.UtcNow,
+                    UpdatedAt = DateTime.UtcNow
+                },
+                new User
+                {
+                    Id = 2,
+                    Name = "Jane Smith",
+                    Email = "jane.smith@example.com",
+                    Bio = "Product Manager",
+                    CreatedAt = DateTime.UtcNow,
+                    UpdatedAt = DateTime.UtcNow
+                }
+            );
         }
     }
 }
diff --git a/Infrastructure/CompatibleSystemTextJsonOutputFormatter.cs b/Infrastructure/CompatibleSystemTextJsonOutputFormatter.cs
index 7c05a95..c837ad1 100644
--- a/Infrastructure/CompatibleSystemTextJsonOutputFormatter.cs
+++ b/Infrastructure/CompatibleSystemTextJsonOutputFormatter.cs
@@ -1,39 +1,38 @@
-using Microsoft.AspNetCore.Mvc.Formatters;
 using System.Text;
 using System.Text.Json;
+using Microsoft.AspNetCore.Mvc.Formatters;
 
-namespace UserApi.Infrastructure
+namespace UserApi.Infrastructure;
+
+/// <summary>
+/// Custom JSON Output Formatter to fix .NET 9 PipeWriter compatibility issue.
+/// Uses Response.Body (Stream) instead of Response.BodyWriter (PipeWriter) to avoid
+/// the "PipeWriter does not implement PipeWriter.UnflushedBytes" error.
+/// </summary>
+public class CompatibleSystemTextJsonOutputFormatter : TextOutputFormatter
 {
-    /// <summary>
-    /// Custom JSON Output Formatter to fix .NET 9 PipeWriter compatibility issue.
-    /// Uses Response.Body (Stream) instead of Response.BodyWriter (PipeWriter) to avoid
-    /// the "PipeWriter does not implement PipeWriter.UnflushedBytes" error.
-    /// </summary>
-    public class CompatibleSystemTextJsonOutputFormatter : TextOutputFormatter
-    {
-        private readonly JsonSerializerOptions _jsonSerializerOptions;
+    private readonly JsonSerializerOptions _jsonSerializerOptions;
 
-        public CompatibleSystemTextJsonOutputFormatter(JsonSerializerOptions jsonSerializerOptions)
-        {
-            _jsonSerializerOptions = jsonSerializerOptions ?? new JsonSerializerOptions();
+    public CompatibleSystemTextJsonOutputFormatter(JsonSerializerOptions jsonSerializerOptions)
+    {
+        _jsonSerializerOptions = jsonSerializerOptions ?? new JsonSerializerOptions();
 
-            SupportedMediaTypes.Add("application/json");
-            SupportedMediaTypes.Add("text/json");
-            SupportedMediaTypes.Add("application/*+json");
+        SupportedMediaTypes.Add("application/json");
+        SupportedMediaTypes.Add("text/json");
+        SupportedMediaTypes.Add("application/*+json");
 
-            SupportedEncodings.Add(Encoding.UTF8);
-            SupportedEncodings.Add(Encoding.Unicode);
-        }
+        SupportedEncodings.Add(Encoding.UTF8);
+        SupportedEncodings.Add(Encoding.Unicode);
+    }
 
-        public override async Task WriteResponseBodyAsync(OutputFormatterWriteContext context, Encoding selectedEncoding)
-        {
-            var response = context.HttpContext.Response;
+    public override async Task WriteResponseBodyAsync(OutputFormatterWriteContext context, Encoding selectedEncoding)
+    {
+        var response = context.HttpContext.Response;
 
-            // Use Response.Body (Stream) instead of Response.BodyWriter (PipeWriter) to avoid .NET 9 issue
-            await using var writer = new StreamWriter(response.Body, selectedEncoding, leaveOpen: true);
-            var json = JsonSerializer.Serialize(context.Object, context.ObjectType ?? typeof(object), _jsonSerializerOptions);
-            await writer.WriteAsync(json);
-            await writer.FlushAsync();
-        }
+        // Use Response.Body (Stream) instead of Response.BodyWriter (PipeWriter) to avoid .NET 9 issue
+        await using var writer = new StreamWriter(response.Body, selectedEncoding, leaveOpen: true);
+        var json = JsonSerializer.Serialize(context.Object, context.ObjectType ?? typeof(object), _jsonSerializerOptions);
+        await writer.WriteAsync(json);
+        await writer.FlushAsync();
     }
 }
diff --git a/Models/User.cs b/Models/User.cs
index c38c35d..0e19fd2 100644
--- a/Models/User.cs
+++ b/Models/User.cs
@@ -1,29 +1,24 @@
 using System.ComponentModel.DataAnnotations;
 
-namespace UserApi.Models
-{
-    public class User
-    {
-        public int Id { get; set; }
+namespace UserApi.Models;
 
-        [Required]
-        [StringLength(100)]
-        public string FirstName { get; set; } = string.Empty;
+public class User
+{
+    public int Id { get; set; }
 
-        [Required]
-        [StringLength(100)]
-        public string LastName { get; set; } = string.Empty;
+    [Required]
+    [StringLength(100)]
+    public string Name { get; set; } = string.Empty;
 
-        [Required]
-        [EmailAddress]
-        [StringLength(255)]
-        public string Email { get; set; } = string.Empty;
+    [Required]
+    [EmailAddress]
+    [StringLength(255)]
+    public string Email { get; set; } = string.Empty;
 
-        [StringLength(20)]
-        public string? PhoneNumber { get; set; }
+    [StringLength(500)]
+    public string? Bio { get; set; }
 
-        public DateTime CreatedAt { get; set; } = DateTime.UtcNow;
+    public DateTime CreatedAt { get; set; } = DateTime.UtcNow;
 
-        public DateTime UpdatedAt { get; set; } = DateTime.UtcNow;
-    }
+    public DateTime UpdatedAt { get; set; } = DateTime.UtcNow;
 }
diff --git a/Program.cs b/Program.cs
index 6d857a4..139e186 100644
--- a/Program.cs
+++ b/Program.cs
@@ -1,17 +1,17 @@
+using System.Diagnostics;
+using System.Diagnostics.Metrics;
+using System.Text.Json;
+using Microsoft.AspNetCore.Mvc.Formatters;
 using Microsoft.EntityFrameworkCore;
 using OpenTelemetry;
+using OpenTelemetry.Logs;
+using OpenTelemetry.Metrics;
 using OpenTelemetry.Resources;
 using OpenTelemetry.Trace;
-using OpenTelemetry.Metrics;
-using OpenTelemetry.Logs;
 using Serilog;
 using UserApi.Data;
-using UserApi.Services;
 using UserApi.Infrastructure;
-using Microsoft.AspNetCore.Mvc.Formatters;
-using System.Text.Json;
-using System.Diagnostics.Metrics;
-using System.Diagnostics;
+using UserApi.Services;
 
 var builder = WebApplication.CreateBuilder(args);
 
diff --git a/Services/UserService.cs b/Services/UserService.cs
index 1b9d300..cfd0234 100644
--- a/Services/UserService.cs
+++ b/Services/UserService.cs
@@ -5,192 +5,184 @@
 using UserApi.DTOs;
 using UserApi.Models;
 
-namespace UserApi.Services
+namespace UserApi.Services;
+
+public interface IUserService
 {
-    public interface IUserService
+    Task<IEnumerable<UserResponseDto>> GetAllUsersAsync();
+    Task<UserResponseDto?> GetUserByIdAsync(int id);
+    Task<UserResponseDto> CreateUserAsync(CreateUserDto createUserDto);
+    Task<UserResponseDto?> UpdateUserAsync(int id, UpdateUserDto updateUserDto);
+    Task<bool> DeleteUserAsync(int id);
+}
+
+public class UserService : IUserService
+{
+    private readonly UserDbContext _context;
+    private readonly ILogger<UserService> _logger;
+
+    public UserService(UserDbContext context, ILogger<UserService> logger)
     {
-        Task<IEnumerable<UserResponseDto>> GetAllUsersAsync();
-        Task<UserResponseDto?> GetUserByIdAsync(int id);
-        Task<UserResponseDto> CreateUserAsync(CreateUserDto createUserDto);
-        Task<UserResponseDto?> UpdateUserAsync(int id, UpdateUserDto updateUserDto);
-        Task<bool> DeleteUserAsync(int id);
+        _context = context;
+        _logger = logger;
     }
 
-    public class UserService : IUserService
+    public async Task<IEnumerable<UserResponseDto>> GetAllUsersAsync()
     {
-        private readonly UserDbContext _context;
-        private readonly ILogger<UserService> _logger;
+        _logger.LogInformation("Getting all users");
 
-        public UserService(UserDbContext context, ILogger<UserService> logger)
-        {
-            _context = context;
-            _logger = logger;
-        }
+        var users = await _context.Users.ToListAsync();
 
-        public async Task<IEnumerable<UserResponseDto>> GetAllUsersAsync()
-        {
-            _logger.LogInformation("Getting all users");
+        return users.Select(MapToResponseDto);
+    }
 
-            var users = await _context.Users.ToListAsync();
+    public async Task<UserResponseDto?> GetUserByIdAsync(int id)
+    {
+        _logger.LogInformation("Getting user with ID: {UserId}", id);
 
-            return users.Select(MapToResponseDto);
-        }
+        var user = await _context.Users.FindAsync(id);
 
-        public async Task<UserResponseDto?> GetUserByIdAsync(int id)
+        if (user == null)
         {
-            _logger.LogInformation("Getting user with ID: {UserId}", id);
+            _logger.LogWarning("User with ID {UserId} not found", id);
+            return null;
+        }
 
-            var user = await _context.Users.FindAsync(id);
+        return MapToResponseDto(user);
+    }
 
-            if (user == null)
-            {
-                _logger.LogWarning("User with ID {UserId} not found", id);
-                return null;
-            }
+    public async Task<UserResponseDto> CreateUserAsync(CreateUserDto createUserDto)
+    {
+        var sanitizedEmail = SanitizeEmail(createUserDto.Email);
+        _logger.LogInformation("Creating new user with email: {Email}", sanitizedEmail);
 
-            return MapToResponseDto(user);
+        // Check if email already exists
+        var existingUser = await _context.Users.FirstOrDefaultAsync(u => u.Email == createUserDto.Email);
+        if (existingUser != null)
+        {
+            _logger.LogWarning("User with email {Email} already exists", sanitizedEmail);
+            throw new InvalidOperationException("A user with this email already exists.");
         }
 
-        public async Task<UserResponseDto> CreateUserAsync(CreateUserDto createUserDto)
+        var user = new User
         {
-            var sanitizedEmail = SanitizeEmail(createUserDto.Email);
-            _logger.LogInformation("Creating new user with email: {Email}", sanitizedEmail);
+            Name = createUserDto.Name,
+            Email = createUserDto.Email,
+            Bio = createUserDto.Bio,
+            CreatedAt = DateTime.UtcNow,
+            UpdatedAt = DateTime.UtcNow
+        };
 
-            // Check if email already exists
-            var existingUser = await _context.Users.FirstOrDefaultAsync(u => u.Email == createUserDto.Email);
-            if (existingUser != null)
-            {
-                _logger.LogWarning("User with email {Email} already exists", sanitizedEmail);
-                throw new InvalidOperationException("A user with this email already exists.");
-            }
+        _context.Users.Add(user);
+        await _context.SaveChangesAsync();
 
-            var user = new User
-            {
-                FirstName = createUserDto.FirstName,
-                LastName = createUserDto.LastName,
-                Email = createUserDto.Email,
-                PhoneNumber = createUserDto.PhoneNumber,
-                CreatedAt = DateTime.UtcNow,
-                UpdatedAt = DateTime.UtcNow
-            };
+        _logger.LogInformation("User created successfully with ID: {UserId}", user.Id);
 
-            _context.Users.Add(user);
-            await _context.SaveChangesAsync();
+        return MapToResponseDto(user);
+    }
 
-            _logger.LogInformation("User created successfully with ID: {UserId}", user.Id);
+    public async Task<UserResponseDto?> UpdateUserAsync(int id, UpdateUserDto updateUserDto)
+    {
+        _logger.LogInformation("Updating user with ID: {UserId}", id);
 
-            return MapToResponseDto(user);
+        var user = await _context.Users.FindAsync(id);
+        if (user == null)
+        {
+            _logger.LogWarning("User with ID {UserId} not found for update", id);
+            return null;
         }
 
-        public async Task<UserResponseDto?> UpdateUserAsync(int id, UpdateUserDto updateUserDto)
+        // Check if email is being changed and if it already exists
+        if (!string.IsNullOrEmpty(updateUserDto.Email) && updateUserDto.Email != user.Email)
         {
-            _logger.LogInformation("Updating user with ID: {UserId}", id);
-
-            var user = await _context.Users.FindAsync(id);
-            if (user == null)
-            {
-                _logger.LogWarning("User with ID {UserId} not found for update", id);
-                return null;
-            }
-
-            // Check if email is being changed and if it already exists
-            if (!string.IsNullOrEmpty(updateUserDto.Email) && updateUserDto.Email != user.Email)
+            var existingUser = await _context.Users.FirstOrDefaultAsync(u => u.Email == updateUserDto.Email);
+            if (existingUser != null)
             {
-                var existingUser = await _context.Users.FirstOrDefaultAsync(u => u.Email == updateUserDto.Email);
-                if (existingUser != null)
-                {
-                    var sanitizedEmail = SanitizeEmail(updateUserDto.Email);
-                    _logger.LogWarning("User with email {Email} already exists", sanitizedEmail);
-                    throw new InvalidOperationException("A user with this email already exists.");
-                }
+                var sanitizedEmail = SanitizeEmail(updateUserDto.Email);
+                _logger.LogWarning("User with email {Email} already exists", sanitizedEmail);
+                throw new InvalidOperationException("A user with this email already exists.");
             }
+        }
 
-            // Update only provided fields
-            if (!string.IsNullOrEmpty(updateUserDto.FirstName))
-            {
-                user.FirstName = updateUserDto.FirstName;
-            }
+        // Update only provided fields
+        if (!string.IsNullOrEmpty(updateUserDto.Name))
+        {
+            user.Name = updateUserDto.Name;
+        }
 
-            if (!string.IsNullOrEmpty(updateUserDto.LastName))
-            {
-                user.LastName = updateUserDto.LastName;
-            }
+        if (!string.IsNullOrEmpty(updateUserDto.Email))
+        {
+            user.Email = updateUserDto.Email;
+        }
 
-            if (!string.IsNullOrEmpty(updateUserDto.Email))
-            {
-                user.Email = updateUserDto.Email;
-            }
+        if (updateUserDto.Bio != null)
+        {
+            user.Bio = updateUserDto.Bio;
+        }
 
-            if (updateUserDto.PhoneNumber != null)
-            {
-                user.PhoneNumber = updateUserDto.PhoneNumber;
-            }
+        user.UpdatedAt = DateTime.UtcNow;
 
-            user.UpdatedAt = DateTime.UtcNow;
+        await _context.SaveChangesAsync();
 
-            await _context.SaveChangesAsync();
+        _logger.LogInformation("User with ID {UserId} updated successfully", id);
 
-            _logger.LogInformation("User with ID {UserId} updated successfully", id);
+        return MapToResponseDto(user);
+    }
 
-            return MapToResponseDto(user);
-        }
+    public async Task<bool> DeleteUserAsync(int id)
+    {
+        _logger.LogInformation("Deleting user with ID: {UserId}", id);
 
-        public async Task<bool> DeleteUserAsync(int id)
+        var user = await _context.Users.FindAsync(id);
+        if (user == null)
         {
-            _logger.LogInformation("Deleting user with ID: {UserId}", id);
+            _logger.LogWarning("User with ID {UserId} not found for deletion", id);
+            return false;
+        }
 
-            var user = await _context.Users.FindAsync(id);
-            if (user == null)
-            {
-                _logger.LogWarning("User with ID {UserId} not found for deletion", id);
-                return false;
-            }
+        _context.Users.Remove(user);
+        await _context.SaveChangesAsync();
 
-            _context.Users.Remove(user);
-            await _context.SaveChangesAsync();
+        _logger.LogInformation("User with ID {UserId} deleted successfully", id);
 
-            _logger.LogInformation("User with ID {UserId} deleted successfully", id);
+        return true;
+    }
 
-            return true;
-        }
+    private static UserResponseDto MapToResponseDto(User user)
+    {
+        return new UserResponseDto
+        {
+            Id = user.Id,
+            Name = user.Name,
+            Email = user.Email,
+            Bio = user.Bio,
+            CreatedAt = user.CreatedAt,
+            UpdatedAt = user.UpdatedAt
+        };
+    }
 
-        private static UserResponseDto MapToResponseDto(User user)
+    private static string SanitizeEmail(string email)
+    {
+        if (string.IsNullOrEmpty(email))
         {
-            return new UserResponseDto
-            {
-                Id = user.Id,
-                FirstName = user.FirstName,
-                LastName = user.LastName,
-                Email = user.Email,
-                PhoneNumber = user.PhoneNumber,
-                CreatedAt = user.CreatedAt,
-                UpdatedAt = user.UpdatedAt
-            };
+            return "[empty]";
         }
 
-        private static string SanitizeEmail(string email)
+        var atIndex = email.IndexOf('@');
+        if (atIndex < 0)
         {
-            if (string.IsNullOrEmpty(email))
-            {
-                return "[empty]";
-            }
-
-            var atIndex = email.IndexOf('@');
-            if (atIndex < 0)
-            {
-                return "[invalid]";
-            }
+            return "[invalid]";
+        }
 
-            // Keep first character and domain, mask the rest
-            var localPart = email.Substring(0, atIndex);
-            var domain = email.Substring(atIndex);
+        // Keep first character and domain, mask the rest
+        var localPart = email.Substring(0, atIndex);
+        var domain = email.Substring(atIndex);
 
-            if (localPart.Length <= 1)
-            {
-                return $"*{domain}";
-            }
-
-            return $"{localPart[0]}***{domain}";
+        if (localPart.Length <= 1)
+        {
+            return $"*{domain}";
         }
+
+        return $"{localPart[0]}***{domain}";
     }
 }
diff --git a/UserApi.Tests/Controllers/UserControllerHelperMethodsTests.cs b/UserApi.Tests/Controllers/UserControllerHelperMethodsTests.cs
index 1f855fa..2d9e389 100644
--- a/UserApi.Tests/Controllers/UserControllerHelperMethodsTests.cs
+++ b/UserApi.Tests/Controllers/UserControllerHelperMethodsTests.cs
@@ -1,103 +1,102 @@
+using System.Reflection;
+using FluentAssertions;
 using UserApi.Controllers;
 using Xunit;
-using FluentAssertions;
-using System.Reflection;
 
-namespace UserApi.Tests.Controllers
+namespace UserApi.Tests.Controllers;
+
+public class UserControllerHelperMethodsTests
 {
-    public class UserControllerHelperMethodsTests
+    [Theory]
+    [InlineData("test@example.com", "t***@example.com")]
+    [InlineData("a@example.com", "*@example.com")]
+    [InlineData("", "[empty]")]
+    [InlineData("invalid-email", "[invalid]")]
+    [InlineData("@example.com", "*@example.com")]
+    [InlineData("test", "[invalid]")]
+    public void SanitizeEmailForLogging_WithVariousInputs_ShouldReturnExpectedResults(string input, string expected)
     {
-        [Theory]
-        [InlineData("test@example.com", "t***@example.com")]
-        [InlineData("a@example.com", "*@example.com")]
-        [InlineData("", "[empty]")]
-        [InlineData("invalid-email", "[invalid]")]
-        [InlineData("@example.com", "*@example.com")]
-        [InlineData("test", "[invalid]")]
-        public void SanitizeEmailForLogging_WithVariousInputs_ShouldReturnExpectedResults(string input, string expected)
-        {
-            // Act
-            var result = InvokeSanitizeEmailForLogging(input);
+        // Act
+        var result = InvokeSanitizeEmailForLogging(input);
 
-            // Assert
-            result.Should().Be(expected);
-        }
+        // Assert
+        result.Should().Be(expected);
+    }
 
-        [Theory]
-        [InlineData("test@example.com", "example.com")]
-        [InlineData("user@domain.org", "domain.org")]
-        [InlineData("", "[empty]")]
-        [InlineData("invalid-email", "[invalid]")]
-        [InlineData("test@", "")]
-        [InlineData("@domain.com", "domain.com")]
-        public void GetEmailDomain_WithVariousInputs_ShouldReturnExpectedResults(string input, string expected)
-        {
-            // Act
-            var result = InvokeGetEmailDomain(input);
+    [Theory]
+    [InlineData("test@example.com", "example.com")]
+    [InlineData("user@domain.org", "domain.org")]
+    [InlineData("", "[empty]")]
+    [InlineData("invalid-email", "[invalid]")]
+    [InlineData("test@", "")]
+    [InlineData("@domain.com", "domain.com")]
+    public void GetEmailDomain_WithVariousInputs_ShouldReturnExpectedResults(string input, string expected)
+    {
+        // Act
+        var result = InvokeGetEmailDomain(input);
 
-            // Assert
-            result.Should().Be(expected);
-        }
+        // Assert
+        result.Should().Be(expected);
+    }
 
-        [Theory]
-        [InlineData("ab@example.com", "a***@example.com")]
-        [InlineData("abc@example.com", "a***@example.com")]
-        [InlineData("abcdef@example.com", "a***@example.com")]
-        [InlineData("verylongemail@example.com", "v***@example.com")]
-        public void SanitizeEmailForLogging_WithDifferentLengths_ShouldAlwaysShowFirstCharAndDomain(string input, string expected)
-        {
-            // Act
-            var result = InvokeSanitizeEmailForLogging(input);
+    [Theory]
+    [InlineData("ab@example.com", "a***@example.com")]
+    [InlineData("abc@example.com", "a***@example.com")]
+    [InlineData("abcdef@example.com", "a***@example.com")]
+    [InlineData("verylongemail@example.com", "v***@example.com")]
+    public void SanitizeEmailForLogging_WithDifferentLengths_ShouldAlwaysShowFirstCharAndDomain(string input, string expected)
+    {
+        // Act
+        var result = InvokeSanitizeEmailForLogging(input);
 
-            // Assert
-            result.Should().Be(expected);
-        }
+        // Assert
+        result.Should().Be(expected);
+    }
 
-        [Theory]
-        [InlineData("test@sub.domain.com", "sub.domain.com")]
-        [InlineData("user@localhost", "localhost")]
-        [InlineData("admin@127.0.0.1", "127.0.0.1")]
-        public void GetEmailDomain_WithComplexDomains_ShouldReturnFullDomain(string input, string expected)
-        {
-            // Act
-            var result = InvokeGetEmailDomain(input);
+    [Theory]
+    [InlineData("test@sub.domain.com", "sub.domain.com")]
+    [InlineData("user@localhost", "localhost")]
+    [InlineData("admin@127.0.0.1", "127.0.0.1")]
+    public void GetEmailDomain_WithComplexDomains_ShouldReturnFullDomain(string input, string expected)
+    {
+        // Act
+        var result = InvokeGetEmailDomain(input);
 
-            // Assert
-            result.Should().Be(expected);
-        }
+        // Assert
+        result.Should().Be(expected);
+    }
 
-        [Fact]
-        public void SanitizeEmailForLogging_WithNullInput_ShouldReturnEmpty()
-        {
-            // Act
-            var result = InvokeSanitizeEmailForLogging(null);
+    [Fact]
+    public void SanitizeEmailForLogging_WithNullInput_ShouldReturnEmpty()
+    {
+        // Act
+        var result = InvokeSanitizeEmailForLogging(null);
 
-            // Assert
-            result.Should().Be("[empty]");
-        }
+        // Assert
+        result.Should().Be("[empty]");
+    }
 
-        [Fact]
-        public void GetEmailDomain_WithNullInput_ShouldReturnEmpty()
-        {
-            // Act
-            var result = InvokeGetEmailDomain(null);
+    [Fact]
+    public void GetEmailDomain_WithNullInput_ShouldReturnEmpty()
+    {
+        // Act
+        var result = InvokeGetEmailDomain(null);
 
-            // Assert
-            result.Should().Be("[empty]");
-        }
+        // Assert
+        result.Should().Be("[empty]");
+    }
 
-        private static string InvokeSanitizeEmailForLogging(string? email)
-        {
-            var method = typeof(UserController).GetMethod("SanitizeEmailForLogging",
-                BindingFlags.NonPublic | BindingFlags.Static);
-            return (string)method!.Invoke(null, new object?[] { email })!;
-        }
+    private static string InvokeSanitizeEmailForLogging(string? email)
+    {
+        var method = typeof(UserController).GetMethod("SanitizeEmailForLogging",
+            BindingFlags.NonPublic | BindingFlags.Static);
+        return (string)method!.Invoke(null, new object?[] { email })!;
+    }
 
-        private static string InvokeGetEmailDomain(string? email)
-        {
-            var method = typeof(UserController).GetMethod("GetEmailDomain",
-                BindingFlags.NonPublic | BindingFlags.Static);
-            return (string)method!.Invoke(null, new object?[] { email })!;
-        }
+    private static string InvokeGetEmailDomain(string? email)
+    {
+        var method = typeof(UserController).GetMethod("GetEmailDomain",
+            BindingFlags.NonPublic | BindingFlags.Static);
+        return (string)method!.Invoke(null, new object?[] { email })!;
     }
 }
diff --git a/UserApi.Tests/Controllers/UserControllerIntegrationTests.cs b/UserApi.Tests/Controllers/UserControllerIntegrationTests.cs
index 1f11bda..b2e21bc 100644
--- a/UserApi.Tests/Controllers/UserControllerIntegrationTests.cs
+++ b/UserApi.Tests/Controllers/UserControllerIntegrationTests.cs
@@ -1,444 +1,434 @@
-using Microsoft.AspNetCore.Mvc.Testing;
-using Microsoft.EntityFrameworkCore;
-using Microsoft.Extensions.DependencyInjection;
 using System.Net;
 using System.Text;
 using System.Text.Json;
+using AutoFixture;
+using FluentAssertions;
+using Microsoft.AspNetCore.Mvc.Testing;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.DependencyInjection;
 using UserApi.Data;
 using UserApi.DTOs;
-using FluentAssertions;
-using AutoFixture;
 using UserApi.Tests;
 
-namespace UserApi.Tests.Controllers
+namespace UserApi.Tests.Controllers;
+
+public class UserControllerIntegrationTests : IDisposable
 {
-    public class UserControllerIntegrationTests : IDisposable
+    private readonly TestWebApplicationFactory _factory;
+    private readonly HttpClient _client;
+    private readonly IFixture _fixture;
+    private readonly IServiceScope _scope;
+    private readonly UserDbContext _context;
+
+    public UserControllerIntegrationTests()
     {
-        private readonly TestWebApplicationFactory _factory;
-        private readonly HttpClient _client;
-        private readonly IFixture _fixture;
-        private readonly IServiceScope _scope;
-        private readonly UserDbContext _context;
+        _factory = new TestWebApplicationFactory();
+        _client = _factory.CreateClient();
+        _fixture = new Fixture();
+
+        // Configure AutoFixture to generate valid data
+        _fixture.Customize<CreateUserDto>(c => c
+            .With(x => x.Email, () => _fixture.Create<string>() + "@example.com")
+            .With(x => x.Name, () => "Test" + _fixture.Create<string>().Substring(0, 5))
+            .With(x => x.Bio, () => "Test Bio"));
+
+        _fixture.Customize<UpdateUserDto>(c => c
+            .With(x => x.Email, () => _fixture.Create<string>() + "@example.com")
+            .With(x => x.Name, () => "Updated" + _fixture.Create<string>().Substring(0, 5))
+            .With(x => x.Bio, () => "Updated Bio"));
+
+        _fixture.Customize<User>(c => c
+            .With(x => x.Email, () => _fixture.Create<string>() + "@example.com")
+            .With(x => x.Name, () => "Test" + _fixture.Create<string>().Substring(0, 5))
+            .With(x => x.Bio, () => "Test Bio")
+            .With(x => x.CreatedAt, () => DateTime.UtcNow)
+            .With(x => x.UpdatedAt, () => DateTime.UtcNow)
+            .Without(x => x.Id));
+
+        _scope = _factory.Services.CreateScope();
+        _context = _scope.ServiceProvider.GetRequiredService<UserDbContext>();
+    }
 
-        public UserControllerIntegrationTests()
-        {
-            _factory = new TestWebApplicationFactory();
-            _client = _factory.CreateClient();
-            _fixture = new Fixture();
-
-            // Configure AutoFixture to generate valid data
-            _fixture.Customize<CreateUserDto>(c => c
-                .With(x => x.Email, () => _fixture.Create<string>() + "@example.com")
-                .With(x => x.FirstName, () => "Test" + _fixture.Create<string>().Substring(0, 5))
-                .With(x => x.LastName, () => "User" + _fixture.Create<string>().Substring(0, 5))
-                .With(x => x.PhoneNumber, () => "+1234567890"));
-
-            _fixture.Customize<UpdateUserDto>(c => c
-                .With(x => x.Email, () => _fixture.Create<string>() + "@example.com")
-                .With(x => x.FirstName, () => "Updated" + _fixture.Create<string>().Substring(0, 5))
-                .With(x => x.LastName, () => "User" + _fixture.Create<string>().Substring(0, 5))
-                .With(x => x.PhoneNumber, () => "+9876543210"));
-
-            _fixture.Customize<User>(c => c
-                .With(x => x.Email, () => _fixture.Create<string>() + "@example.com")
-                .With(x => x.FirstName, () => "Test" + _fixture.Create<string>().Substring(0, 5))
-                .With(x => x.LastName, () => "User" + _fixture.Create<string>().Substring(0, 5))
-                .With(x => x.PhoneNumber, () => "+1234567890")
-                .With(x => x.CreatedAt, () => DateTime.UtcNow)
-                .With(x => x.UpdatedAt, () => DateTime.UtcNow)
-                .Without(x => x.Id));
-
-            _scope = _factory.Services.CreateScope();
-            _context = _scope.ServiceProvider.GetRequiredService<UserDbContext>();
-        }
-
-
-        [Fact]
-        public async Task GetUsers_ShouldReturnOkWithUsers()
-        {
-            // Arrange
-            var users = _fixture.CreateMany<User>(2).ToList();
-            _context.Users.AddRange(users);
-            await _context.SaveChangesAsync();
-
-            // Act
-            var response = await _client.GetAsync("/api/user");
-
-            // Assert
-            response.StatusCode.Should().Be(HttpStatusCode.OK);
-            var content = await response.Content.ReadAsStringAsync();
-            var result = JsonSerializer.Deserialize<List<UserResponseDto>>(content, new JsonSerializerOptions
-            {
-                PropertyNameCaseInsensitive = true
-            });
-
-            result.Should().NotBeNull();
-            result.Should().HaveCount(2);
-        }
-
-        [Fact]
-        public async Task GetUser_WithValidId_ShouldReturnOkWithUser()
+
+    [Fact]
+    public async Task GetUsers_ShouldReturnOkWithUsers()
+    {
+        // Arrange
+        var users = _fixture.CreateMany<User>(2).ToList();
+        _context.Users.AddRange(users);
+        await _context.SaveChangesAsync();
+
+        // Act
+        var response = await _client.GetAsync("/api/user");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+        var content = await response.Content.ReadAsStringAsync();
+        var result = JsonSerializer.Deserialize<List<UserResponseDto>>(content, new JsonSerializerOptions
         {
-            // Arrange
-            var user = _fixture.Create<User>();
-            _context.Users.Add(user);
-            await _context.SaveChangesAsync();
-
-            // Act
-            var response = await _client.GetAsync($"/api/user/{user.Id}");
-
-            // Assert
-            response.StatusCode.Should().Be(HttpStatusCode.OK);
-            var content = await response.Content.ReadAsStringAsync();
-            var result = JsonSerializer.Deserialize<UserResponseDto>(content, new JsonSerializerOptions
-            {
-                PropertyNameCaseInsensitive = true
-            });
-
-            result.Should().NotBeNull();
-            result!.Id.Should().Be(user.Id);
-            result.FirstName.Should().Be(user.FirstName);
-        }
-
-        [Fact]
-        public async Task GetUser_WithInvalidId_ShouldReturnNotFound()
+            PropertyNameCaseInsensitive = true
+        });
+
+        result.Should().NotBeNull();
+        result.Should().HaveCount(2);
+    }
+
+    [Fact]
+    public async Task GetUser_WithValidId_ShouldReturnOkWithUser()
+    {
+        // Arrange
+        var user = _fixture.Create<User>();
+        _context.Users.Add(user);
+        await _context.SaveChangesAsync();
+
+        // Act
+        var response = await _client.GetAsync($"/api/user/{user.Id}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+        var content = await response.Content.ReadAsStringAsync();
+        var result = JsonSerializer.Deserialize<UserResponseDto>(content, new JsonSerializerOptions
         {
-            // Arrange
-            var invalidId = 999;
+            PropertyNameCaseInsensitive = true
+        });
+
+        result.Should().NotBeNull();
+        result!.Id.Should().Be(user.Id);
+        result.Name.Should().Be(user.Name);
+    }
 
-            // Act
-            var response = await _client.GetAsync($"/api/user/{invalidId}");
+    [Fact]
+    public async Task GetUser_WithInvalidId_ShouldReturnNotFound()
+    {
+        // Arrange
+        var invalidId = 999;
 
-            // Assert
-            response.StatusCode.Should().Be(HttpStatusCode.NotFound);
-        }
+        // Act
+        var response = await _client.GetAsync($"/api/user/{invalidId}");
 
-        [Fact]
-        public async Task CreateUser_WithValidData_ShouldReturnCreated()
-        {
-            // Arrange
-            var createUserDto = _fixture.Create<CreateUserDto>();
-            var json = JsonSerializer.Serialize(createUserDto);
-            var content = new StringContent(json, Encoding.UTF8, "application/json");
-
-            // Act
-            var response = await _client.PostAsync("/api/user", content);
-
-            // Assert
-            response.StatusCode.Should().Be(HttpStatusCode.Created);
-            var responseContent = await response.Content.ReadAsStringAsync();
-            var result = JsonSerializer.Deserialize<UserResponseDto>(responseContent, new JsonSerializerOptions
-            {
-                PropertyNameCaseInsensitive = true
-            });
-
-            result.Should().NotBeNull();
-            result!.Id.Should().BeGreaterThan(0);
-            result.FirstName.Should().Be(createUserDto.FirstName);
-            result.LastName.Should().Be(createUserDto.LastName);
-            result.Email.Should().Be(createUserDto.Email);
-        }
-
-        [Fact]
-        public async Task CreateUser_WithInvalidData_ShouldReturnBadRequest()
-        {
-            // Arrange
-            var createUserDto = new CreateUserDto
-            {
-                FirstName = "", // Invalid: empty string
-                LastName = "", // Invalid: empty string
-                Email = "invalid-email" // Invalid: not a valid email
-            };
-            var json = JsonSerializer.Serialize(createUserDto);
-            var content = new StringContent(json, Encoding.UTF8, "application/json");
-
-            // Act
-            var response = await _client.PostAsync("/api/user", content);
-
-            // Assert
-            response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
-        }
-
-        [Fact]
-        public async Task CreateUser_WithDuplicateEmail_ShouldReturnConflict()
-        {
-            // Arrange
-            var existingUser = _fixture.Create<User>();
-            _context.Users.Add(existingUser);
-            await _context.SaveChangesAsync();
-
-            var createUserDto = _fixture.Build<CreateUserDto>()
-                .With(x => x.Email, existingUser.Email)
-                .Create();
-            var json = JsonSerializer.Serialize(createUserDto);
-            var content = new StringContent(json, Encoding.UTF8, "application/json");
-
-            // Act
-            var response = await _client.PostAsync("/api/user", content);
-
-            // Assert
-            response.StatusCode.Should().Be(HttpStatusCode.Conflict);
-        }
-
-        [Fact]
-        public async Task UpdateUser_WithValidData_ShouldReturnOk()
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.NotFound);
+    }
+
+    [Fact]
+    public async Task CreateUser_WithValidData_ShouldReturnCreated()
+    {
+        // Arrange
+        var createUserDto = _fixture.Create<CreateUserDto>();
+        var json = JsonSerializer.Serialize(createUserDto);
+        var content = new StringContent(json, Encoding.UTF8, "application/json");
+
+        // Act
+        var response = await _client.PostAsync("/api/user", content);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.Created);
+        var responseContent = await response.Content.ReadAsStringAsync();
+        var result = JsonSerializer.Deserialize<UserResponseDto>(responseContent, new JsonSerializerOptions
         {
-            // Arrange
-            var user = _fixture.Create<User>();
-            _context.Users.Add(user);
-            await _context.SaveChangesAsync();
-
-            var updateUserDto = _fixture.Build<UpdateUserDto>()
-                .With(x => x.FirstName, "UpdatedFirstName")
-                .With(x => x.LastName, "UpdatedLastName")
-                .With(x => x.Email, "updated@example.com")
-                .Create();
-            var json = JsonSerializer.Serialize(updateUserDto);
-            var content = new StringContent(json, Encoding.UTF8, "application/json");
-
-            // Act
-            var response = await _client.PutAsync($"/api/user/{user.Id}", content);
-
-            // Assert
-            response.StatusCode.Should().Be(HttpStatusCode.OK);
-            var responseContent = await response.Content.ReadAsStringAsync();
-            var result = JsonSerializer.Deserialize<UserResponseDto>(responseContent, new JsonSerializerOptions
-            {
-                PropertyNameCaseInsensitive = true
-            });
-
-            result.Should().NotBeNull();
-            result!.Id.Should().Be(user.Id);
-            result.FirstName.Should().Be(updateUserDto.FirstName);
-            result.LastName.Should().Be(updateUserDto.LastName);
-            result.Email.Should().Be(updateUserDto.Email);
-        }
-
-        [Fact]
-        public async Task UpdateUser_WithInvalidId_ShouldReturnNotFound()
+            PropertyNameCaseInsensitive = true
+        });
+
+        result.Should().NotBeNull();
+        result!.Id.Should().BeGreaterThan(0);
+        result.Name.Should().Be(createUserDto.Name);
+        result.Email.Should().Be(createUserDto.Email);
+    }
+
+    [Fact]
+    public async Task CreateUser_WithInvalidData_ShouldReturnBadRequest()
+    {
+        // Arrange
+        var createUserDto = new CreateUserDto
         {
-            // Arrange
-            var invalidId = 999;
-            var updateUserDto = _fixture.Create<UpdateUserDto>();
-            var json = JsonSerializer.Serialize(updateUserDto);
-            var content = new StringContent(json, Encoding.UTF8, "application/json");
+            Name = "", // Invalid: empty string
+            Email = "invalid-email" // Invalid: not a valid email
+        };
+        var json = JsonSerializer.Serialize(createUserDto);
+        var content = new StringContent(json, Encoding.UTF8, "application/json");
+
+        // Act
+        var response = await _client.PostAsync("/api/user", content);
 
-            // Act
-            var response = await _client.PutAsync($"/api/user/{invalidId}", content);
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+    }
 
-            // Assert
-            response.StatusCode.Should().Be(HttpStatusCode.NotFound);
-        }
+    [Fact]
+    public async Task CreateUser_WithDuplicateEmail_ShouldReturnConflict()
+    {
+        // Arrange
+        var existingUser = _fixture.Create<User>();
+        _context.Users.Add(existingUser);
+        await _context.SaveChangesAsync();
+
+        var createUserDto = _fixture.Build<CreateUserDto>()
+            .With(x => x.Email, existingUser.Email)
+            .Create();
+        var json = JsonSerializer.Serialize(createUserDto);
+        var content = new StringContent(json, Encoding.UTF8, "application/json");
+
+        // Act
+        var response = await _client.PostAsync("/api/user", content);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.Conflict);
+    }
 
-        [Fact]
-        public async Task DeleteUser_WithValidId_ShouldReturnNoContent()
+    [Fact]
+    public async Task UpdateUser_WithValidData_ShouldReturnOk()
+    {
+        // Arrange
+        var user = _fixture.Create<User>();
+        _context.Users.Add(user);
+        await _context.SaveChangesAsync();
+
+        var updateUserDto = _fixture.Build<UpdateUserDto>()
+            .With(x => x.Name, "Updated Name")
+            .With(x => x.Email, "updated@example.com")
+            .Create();
+        var json = JsonSerializer.Serialize(updateUserDto);
+        var content = new StringContent(json, Encoding.UTF8, "application/json");
+
+        // Act
+        var response = await _client.PutAsync($"/api/user/{user.Id}", content);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+        var responseContent = await response.Content.ReadAsStringAsync();
+        var result = JsonSerializer.Deserialize<UserResponseDto>(responseContent, new JsonSerializerOptions
         {
-            // Arrange
-            var user = _fixture.Create<User>();
-            _context.Users.Add(user);
-            await _context.SaveChangesAsync();
+            PropertyNameCaseInsensitive = true
+        });
 
-            // Act
-            var response = await _client.DeleteAsync($"/api/user/{user.Id}");
+        result.Should().NotBeNull();
+        result!.Id.Should().Be(user.Id);
+        result.Name.Should().Be(updateUserDto.Name);
+        result.Email.Should().Be(updateUserDto.Email);
+    }
 
-            // Assert
-            response.StatusCode.Should().Be(HttpStatusCode.NoContent);
+    [Fact]
+    public async Task UpdateUser_WithInvalidId_ShouldReturnNotFound()
+    {
+        // Arrange
+        var invalidId = 999;
+        var updateUserDto = _fixture.Create<UpdateUserDto>();
+        var json = JsonSerializer.Serialize(updateUserDto);
+        var content = new StringContent(json, Encoding.UTF8, "application/json");
 
-            // Verify user was deleted - refresh context to see changes from API
-            _context.ChangeTracker.Clear();
-            var deletedUser = await _context.Users.FindAsync(user.Id);
-            deletedUser.Should().BeNull();
-        }
+        // Act
+        var response = await _client.PutAsync($"/api/user/{invalidId}", content);
 
-        [Fact]
-        public async Task DeleteUser_WithInvalidId_ShouldReturnNotFound()
-        {
-            // Arrange
-            var invalidId = 999;
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.NotFound);
+    }
+
+    [Fact]
+    public async Task DeleteUser_WithValidId_ShouldReturnNoContent()
+    {
+        // Arrange
+        var user = _fixture.Create<User>();
+        _context.Users.Add(user);
+        await _context.SaveChangesAsync();
 
-            // Act
-            var response = await _client.DeleteAsync($"/api/user/{invalidId}");
+        // Act
+        var response = await _client.DeleteAsync($"/api/user/{user.Id}");
 
-            // Assert
-            response.StatusCode.Should().Be(HttpStatusCode.NotFound);
-        }
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.NoContent);
 
-        [Fact]
-        public async Task HealthCheck_ShouldReturnOk()
-        {
-            // Arrange
+        // Verify user was deleted - refresh context to see changes from API
+        _context.ChangeTracker.Clear();
+        var deletedUser = await _context.Users.FindAsync(user.Id);
+        deletedUser.Should().BeNull();
+    }
 
-            // Act
-            var response = await _client.GetAsync("/health");
+    [Fact]
+    public async Task DeleteUser_WithInvalidId_ShouldReturnNotFound()
+    {
+        // Arrange
+        var invalidId = 999;
 
-            // Assert
-            response.StatusCode.Should().Be(HttpStatusCode.OK);
-            var content = await response.Content.ReadAsStringAsync();
-            content.Should().Contain("Healthy");
-        }
+        // Act
+        var response = await _client.DeleteAsync($"/api/user/{invalidId}");
 
-        [Fact]
-        public async Task InfoEndpoint_ShouldReturnServiceInfo()
-        {
-            // Act
-            var response = await _client.GetAsync("/info");
-
-            // Assert
-            response.StatusCode.Should().Be(HttpStatusCode.OK);
-            var content = await response.Content.ReadAsStringAsync();
-            content.Should().Contain("service");
-            content.Should().Contain("version");
-            content.Should().Contain("status");
-        }
-
-        [Fact]
-        public async Task CreateUser_WithMissingRequiredFields_ShouldReturnBadRequest()
-        {
-            // Arrange
-            var createUserDto = new CreateUserDto
-            {
-                // Missing required fields
-                FirstName = "",
-                LastName = "",
-                Email = ""
-            };
-            var json = JsonSerializer.Serialize(createUserDto);
-            var content = new StringContent(json, Encoding.UTF8, "application/json");
-
-            // Act
-            var response = await _client.PostAsync("/api/user", content);
-
-            // Assert
-            response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
-        }
-
-        [Fact]
-        public async Task UpdateUser_WithDuplicateEmail_ShouldReturnConflict()
-        {
-            // Arrange
-            var user1 = _fixture.Create<User>();
-            var user2 = _fixture.Create<User>();
-            _context.Users.AddRange(user1, user2);
-            await _context.SaveChangesAsync();
-
-            var updateUserDto = _fixture.Build<UpdateUserDto>()
-                .With(x => x.Email, user2.Email)
-                .Create();
-            var json = JsonSerializer.Serialize(updateUserDto);
-            var content = new StringContent(json, Encoding.UTF8, "application/json");
-
-            // Act
-            var response = await _client.PutAsync($"/api/user/{user1.Id}", content);
-
-            // Assert
-            response.StatusCode.Should().Be(HttpStatusCode.Conflict);
-        }
-
-        [Fact]
-        public async Task GetUsers_WithMultipleUsers_ShouldReturnAllUsers()
-        {
-            // Arrange
-            var users = _fixture.CreateMany<User>(5).ToList();
-            _context.Users.AddRange(users);
-            await _context.SaveChangesAsync();
-
-            // Act
-            var response = await _client.GetAsync("/api/user");
-
-            // Assert
-            response.StatusCode.Should().Be(HttpStatusCode.OK);
-            var content = await response.Content.ReadAsStringAsync();
-            var result = JsonSerializer.Deserialize<List<UserResponseDto>>(content, new JsonSerializerOptions
-            {
-                PropertyNameCaseInsensitive = true
-            });
-
-            result.Should().NotBeNull();
-            result.Should().HaveCount(5);
-        }
-
-        [Fact]
-        public async Task UpdateUser_WithPartialData_ShouldUpdateOnlyProvidedFields()
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.NotFound);
+    }
+
+    [Fact]
+    public async Task HealthCheck_ShouldReturnOk()
+    {
+        // Arrange
+
+        // Act
+        var response = await _client.GetAsync("/health");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+        var content = await response.Content.ReadAsStringAsync();
+        content.Should().Contain("Healthy");
+    }
+
+    [Fact]
+    public async Task InfoEndpoint_ShouldReturnServiceInfo()
+    {
+        // Act
+        var response = await _client.GetAsync("/info");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+        var content = await response.Content.ReadAsStringAsync();
+        content.Should().Contain("service");
+        content.Should().Contain("version");
+        content.Should().Contain("status");
+    }
+
+    [Fact]
+    public async Task CreateUser_WithMissingRequiredFields_ShouldReturnBadRequest()
+    {
+        // Arrange
+        var createUserDto = new CreateUserDto
         {
-            // Arrange
-            var user = _fixture.Create<User>();
-            _context.Users.Add(user);
-            await _context.SaveChangesAsync();
-
-            var updateUserDto = new UpdateUserDto
-            {
-                FirstName = "UpdatedFirstName"
-                // Other fields are null
-            };
-            var json = JsonSerializer.Serialize(updateUserDto);
-            var content = new StringContent(json, Encoding.UTF8, "application/json");
-
-            // Act
-            var response = await _client.PutAsync($"/api/user/{user.Id}", content);
-
-            // Assert
-            response.StatusCode.Should().Be(HttpStatusCode.OK);
-            var responseContent = await response.Content.ReadAsStringAsync();
-            var result = JsonSerializer.Deserialize<UserResponseDto>(responseContent, new JsonSerializerOptions
-            {
-                PropertyNameCaseInsensitive = true
-            });
-
-            result.Should().NotBeNull();
-            result!.FirstName.Should().Be("UpdatedFirstName");
-            result.LastName.Should().Be(user.LastName);
-            result.Email.Should().Be(user.Email);
-        }
-
-        [Theory]
-        [InlineData(-1)]
-        [InlineData(0)]
-        public async Task GetUser_WithInvalidIdFormat_ShouldReturnNotFound(int invalidId)
+            // Missing required fields
+            Name = "",
+            Email = ""
+        };
+        var json = JsonSerializer.Serialize(createUserDto);
+        var content = new StringContent(json, Encoding.UTF8, "application/json");
+
+        // Act
+        var response = await _client.PostAsync("/api/user", content);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
+    }
+
+    [Fact]
+    public async Task UpdateUser_WithDuplicateEmail_ShouldReturnConflict()
+    {
+        // Arrange
+        var user1 = _fixture.Create<User>();
+        var user2 = _fixture.Create<User>();
+        _context.Users.AddRange(user1, user2);
+        await _context.SaveChangesAsync();
+
+        var updateUserDto = _fixture.Build<UpdateUserDto>()
+            .With(x => x.Email, user2.Email)
+            .Create();
+        var json = JsonSerializer.Serialize(updateUserDto);
+        var content = new StringContent(json, Encoding.UTF8, "application/json");
+
+        // Act
+        var response = await _client.PutAsync($"/api/user/{user1.Id}", content);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.Conflict);
+    }
+
+    [Fact]
+    public async Task GetUsers_WithMultipleUsers_ShouldReturnAllUsers()
+    {
+        // Arrange
+        var users = _fixture.CreateMany<User>(5).ToList();
+        _context.Users.AddRange(users);
+        await _context.SaveChangesAsync();
+
+        // Act
+        var response = await _client.GetAsync("/api/user");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+        var content = await response.Content.ReadAsStringAsync();
+        var result = JsonSerializer.Deserialize<List<UserResponseDto>>(content, new JsonSerializerOptions
         {
-            // Act
-            var response = await _client.GetAsync($"/api/user/{invalidId}");
+            PropertyNameCaseInsensitive = true
+        });
 
-            // Assert
-            response.StatusCode.Should().Be(HttpStatusCode.NotFound);
-        }
+        result.Should().NotBeNull();
+        result.Should().HaveCount(5);
+    }
+
+    [Fact]
+    public async Task UpdateUser_WithPartialData_ShouldUpdateOnlyProvidedFields()
+    {
+        // Arrange
+        var user = _fixture.Create<User>();
+        _context.Users.Add(user);
+        await _context.SaveChangesAsync();
 
-        [Theory]
-        [InlineData(-1)]
-        [InlineData(0)]
-        public async Task UpdateUser_WithInvalidIdFormat_ShouldReturnNotFound(int invalidId)
+        var updateUserDto = new UpdateUserDto
         {
-            // Arrange
-            var updateUserDto = _fixture.Create<UpdateUserDto>();
-            var json = JsonSerializer.Serialize(updateUserDto);
-            var content = new StringContent(json, Encoding.UTF8, "application/json");
-
-            // Act
-            var response = await _client.PutAsync($"/api/user/{invalidId}", content);
-
-            // Assert
-            response.StatusCode.Should().Be(HttpStatusCode.NotFound);
-        }
-
-        [Theory]
-        [InlineData(-1)]
-        [InlineData(0)]
-        public async Task DeleteUser_WithInvalidIdFormat_ShouldReturnNotFound(int invalidId)
+            Name = "Updated Name"
+            // Other fields are null
+        };
+        var json = JsonSerializer.Serialize(updateUserDto);
+        var content = new StringContent(json, Encoding.UTF8, "application/json");
+
+        // Act
+        var response = await _client.PutAsync($"/api/user/{user.Id}", content);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+        var responseContent = await response.Content.ReadAsStringAsync();
+        var result = JsonSerializer.Deserialize<UserResponseDto>(responseContent, new JsonSerializerOptions
         {
-            // Act
-            var response = await _client.DeleteAsync($"/api/user/{invalidId}");
+            PropertyNameCaseInsensitive = true
+        });
 
-            // Assert
-            response.StatusCode.Should().Be(HttpStatusCode.NotFound);
-        }
+        result.Should().NotBeNull();
+        result!.Name.Should().Be("Updated Name");
+        result.Email.Should().Be(user.Email);
+    }
 
-        public void Dispose()
-        {
-            // Clean up database
-            _context?.Database.EnsureDeleted();
-            _context?.Dispose();
-            _scope?.Dispose();
-            _client?.Dispose();
-            _factory?.Dispose();
-        }
+    [Theory]
+    [InlineData(-1)]
+    [InlineData(0)]
+    public async Task GetUser_WithInvalidIdFormat_ShouldReturnNotFound(int invalidId)
+    {
+        // Act
+        var response = await _client.GetAsync($"/api/user/{invalidId}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.NotFound);
+    }
+
+    [Theory]
+    [InlineData(-1)]
+    [InlineData(0)]
+    public async Task UpdateUser_WithInvalidIdFormat_ShouldReturnNotFound(int invalidId)
+    {
+        // Arrange
+        var updateUserDto = _fixture.Create<UpdateUserDto>();
+        var json = JsonSerializer.Serialize(updateUserDto);
+        var content = new StringContent(json, Encoding.UTF8, "application/json");
+
+        // Act
+        var response = await _client.PutAsync($"/api/user/{invalidId}", content);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.NotFound);
+    }
+
+    [Theory]
+    [InlineData(-1)]
+    [InlineData(0)]
+    public async Task DeleteUser_WithInvalidIdFormat_ShouldReturnNotFound(int invalidId)
+    {
+        // Act
+        var response = await _client.DeleteAsync($"/api/user/{invalidId}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.NotFound);
+    }
+
+    public void Dispose()
+    {
+        // Clean up database
+        _context?.Database.EnsureDeleted();
+        _context?.Dispose();
+        _scope?.Dispose();
+        _client?.Dispose();
+        _factory?.Dispose();
     }
 }
diff --git a/UserApi.Tests/Controllers/UserControllerUnitTests.cs b/UserApi.Tests/Controllers/UserControllerUnitTests.cs
index 934ead7..13c2124 100644
--- a/UserApi.Tests/Controllers/UserControllerUnitTests.cs
+++ b/UserApi.Tests/Controllers/UserControllerUnitTests.cs
@@ -1,3 +1,6 @@
+using System.Diagnostics;
+using AutoFixture;
+using FluentAssertions;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 using Moq;
@@ -5,309 +8,305 @@
 using UserApi.DTOs;
 using UserApi.Services;
 using Xunit;
-using FluentAssertions;
-using AutoFixture;
-using System.Diagnostics;
 
-namespace UserApi.Tests.Controllers
+namespace UserApi.Tests.Controllers;
+
+public class UserControllerUnitTests
 {
-    public class UserControllerUnitTests
+    private readonly Mock<IUserService> _mockUserService;
+    private readonly Mock<ILogger<UserController>> _mockLogger;
+    private readonly UserController _controller;
+    private readonly IFixture _fixture;
+
+    public UserControllerUnitTests()
+    {
+        _mockUserService = new Mock<IUserService>();
+        _mockLogger = new Mock<ILogger<UserController>>();
+        _controller = new UserController(_mockUserService.Object, _mockLogger.Object);
+        _fixture = new Fixture();
+
+        // Configure AutoFixture
+        _fixture.Customize<CreateUserDto>(c => c
+            .With(x => x.Email, () => _fixture.Create<string>() + "@example.com"));
+    }
+
+    [Fact]
+    public async Task GetUsers_WhenServiceThrowsException_ShouldReturn500()
+    {
+        // Arrange
+        _mockUserService.Setup(x => x.GetAllUsersAsync())
+            .ThrowsAsync(new Exception("Database error"));
+
+        // Act
+        var result = await _controller.GetUsers();
+
+        // Assert
+        var objectResult = result.Result.Should().BeOfType<ObjectResult>().Subject;
+        objectResult.StatusCode.Should().Be(500);
+        objectResult.Value.Should().Be("An error occurred while retrieving users");
+    }
+
+    [Fact]
+    public async Task GetUser_WhenServiceThrowsException_ShouldReturn500()
+    {
+        // Arrange
+        var userId = 1;
+        _mockUserService.Setup(x => x.GetUserByIdAsync(userId))
+            .ThrowsAsync(new Exception("Database error"));
+
+        // Act
+        var result = await _controller.GetUser(userId);
+
+        // Assert
+        var objectResult = result.Result.Should().BeOfType<ObjectResult>().Subject;
+        objectResult.StatusCode.Should().Be(500);
+        objectResult.Value.Should().Be("An error occurred while retrieving the user");
+    }
+
+    [Fact]
+    public async Task CreateUser_WhenServiceThrowsException_ShouldReturn500()
     {
-        private readonly Mock<IUserService> _mockUserService;
-        private readonly Mock<ILogger<UserController>> _mockLogger;
-        private readonly UserController _controller;
-        private readonly IFixture _fixture;
-
-        public UserControllerUnitTests()
-        {
-            _mockUserService = new Mock<IUserService>();
-            _mockLogger = new Mock<ILogger<UserController>>();
-            _controller = new UserController(_mockUserService.Object, _mockLogger.Object);
-            _fixture = new Fixture();
-
-            // Configure AutoFixture
-            _fixture.Customize<CreateUserDto>(c => c
-                .With(x => x.Email, () => _fixture.Create<string>() + "@example.com"));
-        }
-
-        [Fact]
-        public async Task GetUsers_WhenServiceThrowsException_ShouldReturn500()
-        {
-            // Arrange
-            _mockUserService.Setup(x => x.GetAllUsersAsync())
-                .ThrowsAsync(new Exception("Database error"));
-
-            // Act
-            var result = await _controller.GetUsers();
-
-            // Assert
-            var objectResult = result.Result.Should().BeOfType<ObjectResult>().Subject;
-            objectResult.StatusCode.Should().Be(500);
-            objectResult.Value.Should().Be("An error occurred while retrieving users");
-        }
-
-        [Fact]
-        public async Task GetUser_WhenServiceThrowsException_ShouldReturn500()
-        {
-            // Arrange
-            var userId = 1;
-            _mockUserService.Setup(x => x.GetUserByIdAsync(userId))
-                .ThrowsAsync(new Exception("Database error"));
-
-            // Act
-            var result = await _controller.GetUser(userId);
-
-            // Assert
-            var objectResult = result.Result.Should().BeOfType<ObjectResult>().Subject;
-            objectResult.StatusCode.Should().Be(500);
-            objectResult.Value.Should().Be("An error occurred while retrieving the user");
-        }
-
-        [Fact]
-        public async Task CreateUser_WhenServiceThrowsException_ShouldReturn500()
-        {
-            // Arrange
-            var createUserDto = _fixture.Create<CreateUserDto>();
-            _mockUserService.Setup(x => x.CreateUserAsync(createUserDto))
-                .ThrowsAsync(new Exception("Database error"));
-
-            // Act
-            var result = await _controller.CreateUser(createUserDto);
-
-            // Assert
-            var objectResult = result.Result.Should().BeOfType<ObjectResult>().Subject;
-            objectResult.StatusCode.Should().Be(500);
-            objectResult.Value.Should().Be("An error occurred while creating the user");
-        }
-
-        [Fact]
-        public async Task CreateUser_WithInvalidModelState_ShouldReturnBadRequest()
-        {
-            // Arrange
-            var createUserDto = _fixture.Create<CreateUserDto>();
-            _controller.ModelState.AddModelError("Email", "Invalid email format");
-
-            // Act
-            var result = await _controller.CreateUser(createUserDto);
-
-            // Assert
-            result.Result.Should().BeOfType<BadRequestObjectResult>();
-        }
-
-        [Fact]
-        public async Task CreateUser_WhenServiceThrowsInvalidOperationException_ShouldReturnConflict()
-        {
-            // Arrange
-            var createUserDto = _fixture.Create<CreateUserDto>();
-            _mockUserService.Setup(x => x.CreateUserAsync(createUserDto))
-                .ThrowsAsync(new InvalidOperationException("User already exists"));
-
-            // Act
-            var result = await _controller.CreateUser(createUserDto);
-
-            // Assert
-            var conflictResult = result.Result.Should().BeOfType<ConflictObjectResult>().Subject;
-            conflictResult.Value.Should().Be("User already exists");
-        }
-
-        [Fact]
-        public async Task UpdateUser_WhenServiceThrowsException_ShouldReturn500()
-        {
-            // Arrange
-            var userId = 1;
-            var updateUserDto = _fixture.Create<UpdateUserDto>();
-            _mockUserService.Setup(x => x.UpdateUserAsync(userId, updateUserDto))
-                .ThrowsAsync(new Exception("Database error"));
-
-            // Act
-            var result = await _controller.UpdateUser(userId, updateUserDto);
-
-            // Assert
-            var objectResult = result.Result.Should().BeOfType<ObjectResult>().Subject;
-            objectResult.StatusCode.Should().Be(500);
-            objectResult.Value.Should().Be("An error occurred while updating the user");
-        }
-
-        [Fact]
-        public async Task UpdateUser_WithInvalidModelState_ShouldReturnBadRequest()
-        {
-            // Arrange
-            var userId = 1;
-            var updateUserDto = _fixture.Create<UpdateUserDto>();
-            _controller.ModelState.AddModelError("Email", "Invalid email format");
-
-            // Act
-            var result = await _controller.UpdateUser(userId, updateUserDto);
-
-            // Assert
-            result.Result.Should().BeOfType<BadRequestObjectResult>();
-        }
-
-        [Fact]
-        public async Task UpdateUser_WhenServiceThrowsInvalidOperationException_ShouldReturnConflict()
-        {
-            // Arrange
-            var userId = 1;
-            var updateUserDto = _fixture.Create<UpdateUserDto>();
-            _mockUserService.Setup(x => x.UpdateUserAsync(userId, updateUserDto))
-                .ThrowsAsync(new InvalidOperationException("Email already exists"));
-
-            // Act
-            var result = await _controller.UpdateUser(userId, updateUserDto);
-
-            // Assert
-            var conflictResult = result.Result.Should().BeOfType<ConflictObjectResult>().Subject;
-            conflictResult.Value.Should().Be("Email already exists");
-        }
-
-        [Fact]
-        public async Task DeleteUser_WhenServiceThrowsException_ShouldReturn500()
-        {
-            // Arrange
-            var userId = 1;
-            _mockUserService.Setup(x => x.DeleteUserAsync(userId))
-                .ThrowsAsync(new Exception("Database error"));
-
-            // Act
-            var result = await _controller.DeleteUser(userId);
-
-            // Assert
-            var objectResult = result.Should().BeOfType<ObjectResult>().Subject;
-            objectResult.StatusCode.Should().Be(500);
-            objectResult.Value.Should().Be("An error occurred while deleting the user");
-        }
-
-        [Fact]
-        public async Task GetUsers_WithValidRequest_ShouldReturnOk()
-        {
-            // Arrange
-            var users = _fixture.CreateMany<UserResponseDto>(2).ToList();
-            _mockUserService.Setup(x => x.GetAllUsersAsync())
-                .ReturnsAsync(users);
-
-            // Act
-            var result = await _controller.GetUsers();
-
-            // Assert
-            var okResult = result.Result.Should().BeOfType<OkObjectResult>().Subject;
-            okResult.Value.Should().BeEquivalentTo(users);
-        }
-
-        [Fact]
-        public async Task GetUser_WithValidId_ShouldReturnOk()
-        {
-            // Arrange
-            var userId = 1;
-            var user = _fixture.Create<UserResponseDto>();
-            _mockUserService.Setup(x => x.GetUserByIdAsync(userId))
-                .ReturnsAsync(user);
-
-            // Act
-            var result = await _controller.GetUser(userId);
-
-            // Assert
-            var okResult = result.Result.Should().BeOfType<OkObjectResult>().Subject;
-            okResult.Value.Should().BeEquivalentTo(user);
-        }
-
-        [Fact]
-        public async Task GetUser_WithInvalidId_ShouldReturnNotFound()
-        {
-            // Arrange
-            var userId = 999;
-            _mockUserService.Setup(x => x.GetUserByIdAsync(userId))
-                .ReturnsAsync((UserResponseDto?)null);
-
-            // Act
-            var result = await _controller.GetUser(userId);
-
-            // Assert
-            var notFoundResult = result.Result.Should().BeOfType<NotFoundObjectResult>().Subject;
-            notFoundResult.Value.Should().Be($"User with ID {userId} not found");
-        }
-
-        [Fact]
-        public async Task CreateUser_WithValidData_ShouldReturnCreated()
-        {
-            // Arrange
-            var createUserDto = _fixture.Create<CreateUserDto>();
-            var createdUser = _fixture.Create<UserResponseDto>();
-            _mockUserService.Setup(x => x.CreateUserAsync(createUserDto))
-                .ReturnsAsync(createdUser);
-
-            // Act
-            var result = await _controller.CreateUser(createUserDto);
-
-            // Assert
-            var createdResult = result.Result.Should().BeOfType<CreatedAtActionResult>().Subject;
-            createdResult.Value.Should().BeEquivalentTo(createdUser);
-            createdResult.ActionName.Should().Be(nameof(UserController.GetUser));
-        }
-
-        [Fact]
-        public async Task UpdateUser_WithValidData_ShouldReturnOk()
-        {
-            // Arrange
-            var userId = 1;
-            var updateUserDto = _fixture.Create<UpdateUserDto>();
-            var updatedUser = _fixture.Create<UserResponseDto>();
-            _mockUserService.Setup(x => x.UpdateUserAsync(userId, updateUserDto))
-                .ReturnsAsync(updatedUser);
-
-            // Act
-            var result = await _controller.UpdateUser(userId, updateUserDto);
-
-            // Assert
-            var okResult = result.Result.Should().BeOfType<OkObjectResult>().Subject;
-            okResult.Value.Should().BeEquivalentTo(updatedUser);
-        }
-
-        [Fact]
-        public async Task UpdateUser_WithInvalidId_ShouldReturnNotFound()
-        {
-            // Arrange
-            var userId = 999;
-            var updateUserDto = _fixture.Create<UpdateUserDto>();
-            _mockUserService.Setup(x => x.UpdateUserAsync(userId, updateUserDto))
-                .ReturnsAsync((UserResponseDto?)null);
-
-            // Act
-            var result = await _controller.UpdateUser(userId, updateUserDto);
-
-            // Assert
-            var notFoundResult = result.Result.Should().BeOfType<NotFoundObjectResult>().Subject;
-            notFoundResult.Value.Should().Be($"User with ID {userId} not found");
-        }
-
-        [Fact]
-        public async Task DeleteUser_WithValidId_ShouldReturnNoContent()
-        {
-            // Arrange
-            var userId = 1;
-            _mockUserService.Setup(x => x.DeleteUserAsync(userId))
-                .ReturnsAsync(true);
-
-            // Act
-            var result = await _controller.DeleteUser(userId);
-
-            // Assert
-            result.Should().BeOfType<NoContentResult>();
-        }
-
-        [Fact]
-        public async Task DeleteUser_WithInvalidId_ShouldReturnNotFound()
-        {
-            // Arrange
-            var userId = 999;
-            _mockUserService.Setup(x => x.DeleteUserAsync(userId))
-                .ReturnsAsync(false);
-
-            // Act
-            var result = await _controller.DeleteUser(userId);
-
-            // Assert
-            var notFoundResult = result.Should().BeOfType<NotFoundObjectResult>().Subject;
-            notFoundResult.Value.Should().Be($"User with ID {userId} not found");
-        }
+        // Arrange
+        var createUserDto = _fixture.Create<CreateUserDto>();
+        _mockUserService.Setup(x => x.CreateUserAsync(createUserDto))
+            .ThrowsAsync(new Exception("Database error"));
+
+        // Act
+        var result = await _controller.CreateUser(createUserDto);
+
+        // Assert
+        var objectResult = result.Result.Should().BeOfType<ObjectResult>().Subject;
+        objectResult.StatusCode.Should().Be(500);
+        objectResult.Value.Should().Be("An error occurred while creating the user");
+    }
+
+    [Fact]
+    public async Task CreateUser_WithInvalidModelState_ShouldReturnBadRequest()
+    {
+        // Arrange
+        var createUserDto = _fixture.Create<CreateUserDto>();
+        _controller.ModelState.AddModelError("Email", "Invalid email format");
+
+        // Act
+        var result = await _controller.CreateUser(createUserDto);
+
+        // Assert
+        result.Result.Should().BeOfType<BadRequestObjectResult>();
+    }
+
+    [Fact]
+    public async Task CreateUser_WhenServiceThrowsInvalidOperationException_ShouldReturnConflict()
+    {
+        // Arrange
+        var createUserDto = _fixture.Create<CreateUserDto>();
+        _mockUserService.Setup(x => x.CreateUserAsync(createUserDto))
+            .ThrowsAsync(new InvalidOperationException("User already exists"));
+
+        // Act
+        var result = await _controller.CreateUser(createUserDto);
+
+        // Assert
+        var conflictResult = result.Result.Should().BeOfType<ConflictObjectResult>().Subject;
+        conflictResult.Value.Should().Be("User already exists");
+    }
+
+    [Fact]
+    public async Task UpdateUser_WhenServiceThrowsException_ShouldReturn500()
+    {
+        // Arrange
+        var userId = 1;
+        var updateUserDto = _fixture.Create<UpdateUserDto>();
+        _mockUserService.Setup(x => x.UpdateUserAsync(userId, updateUserDto))
+            .ThrowsAsync(new Exception("Database error"));
+
+        // Act
+        var result = await _controller.UpdateUser(userId, updateUserDto);
+
+        // Assert
+        var objectResult = result.Result.Should().BeOfType<ObjectResult>().Subject;
+        objectResult.StatusCode.Should().Be(500);
+        objectResult.Value.Should().Be("An error occurred while updating the user");
+    }
+
+    [Fact]
+    public async Task UpdateUser_WithInvalidModelState_ShouldReturnBadRequest()
+    {
+        // Arrange
+        var userId = 1;
+        var updateUserDto = _fixture.Create<UpdateUserDto>();
+        _controller.ModelState.AddModelError("Email", "Invalid email format");
+
+        // Act
+        var result = await _controller.UpdateUser(userId, updateUserDto);
+
+        // Assert
+        result.Result.Should().BeOfType<BadRequestObjectResult>();
+    }
+
+    [Fact]
+    public async Task UpdateUser_WhenServiceThrowsInvalidOperationException_ShouldReturnConflict()
+    {
+        // Arrange
+        var userId = 1;
+        var updateUserDto = _fixture.Create<UpdateUserDto>();
+        _mockUserService.Setup(x => x.UpdateUserAsync(userId, updateUserDto))
+            .ThrowsAsync(new InvalidOperationException("Email already exists"));
+
+        // Act
+        var result = await _controller.UpdateUser(userId, updateUserDto);
+
+        // Assert
+        var conflictResult = result.Result.Should().BeOfType<ConflictObjectResult>().Subject;
+        conflictResult.Value.Should().Be("Email already exists");
+    }
+
+    [Fact]
+    public async Task DeleteUser_WhenServiceThrowsException_ShouldReturn500()
+    {
+        // Arrange
+        var userId = 1;
+        _mockUserService.Setup(x => x.DeleteUserAsync(userId))
+            .ThrowsAsync(new Exception("Database error"));
+
+        // Act
+        var result = await _controller.DeleteUser(userId);
+
+        // Assert
+        var objectResult = result.Should().BeOfType<ObjectResult>().Subject;
+        objectResult.StatusCode.Should().Be(500);
+        objectResult.Value.Should().Be("An error occurred while deleting the user");
+    }
+
+    [Fact]
+    public async Task GetUsers_WithValidRequest_ShouldReturnOk()
+    {
+        // Arrange
+        var users = _fixture.CreateMany<UserResponseDto>(2).ToList();
+        _mockUserService.Setup(x => x.GetAllUsersAsync())
+            .ReturnsAsync(users);
+
+        // Act
+        var result = await _controller.GetUsers();
+
+        // Assert
+        var okResult = result.Result.Should().BeOfType<OkObjectResult>().Subject;
+        okResult.Value.Should().BeEquivalentTo(users);
+    }
+
+    [Fact]
+    public async Task GetUser_WithValidId_ShouldReturnOk()
+    {
+        // Arrange
+        var userId = 1;
+        var user = _fixture.Create<UserResponseDto>();
+        _mockUserService.Setup(x => x.GetUserByIdAsync(userId))
+            .ReturnsAsync(user);
+
+        // Act
+        var result = await _controller.GetUser(userId);
+
+        // Assert
+        var okResult = result.Result.Should().BeOfType<OkObjectResult>().Subject;
+        okResult.Value.Should().BeEquivalentTo(user);
+    }
+
+    [Fact]
+    public async Task GetUser_WithInvalidId_ShouldReturnNotFound()
+    {
+        // Arrange
+        var userId = 999;
+        _mockUserService.Setup(x => x.GetUserByIdAsync(userId))
+            .ReturnsAsync((UserResponseDto?)null);
+
+        // Act
+        var result = await _controller.GetUser(userId);
+
+        // Assert
+        var notFoundResult = result.Result.Should().BeOfType<NotFoundObjectResult>().Subject;
+        notFoundResult.Value.Should().Be($"User with ID {userId} not found");
+    }
+
+    [Fact]
+    public async Task CreateUser_WithValidData_ShouldReturnCreated()
+    {
+        // Arrange
+        var createUserDto = _fixture.Create<CreateUserDto>();
+        var createdUser = _fixture.Create<UserResponseDto>();
+        _mockUserService.Setup(x => x.CreateUserAsync(createUserDto))
+            .ReturnsAsync(createdUser);
+
+        // Act
+        var result = await _controller.CreateUser(createUserDto);
+
+        // Assert
+        var createdResult = result.Result.Should().BeOfType<CreatedAtActionResult>().Subject;
+        createdResult.Value.Should().BeEquivalentTo(createdUser);
+        createdResult.ActionName.Should().Be(nameof(UserController.GetUser));
+    }
+
+    [Fact]
+    public async Task UpdateUser_WithValidData_ShouldReturnOk()
+    {
+        // Arrange
+        var userId = 1;
+        var updateUserDto = _fixture.Create<UpdateUserDto>();
+        var updatedUser = _fixture.Create<UserResponseDto>();
+        _mockUserService.Setup(x => x.UpdateUserAsync(userId, updateUserDto))
+            .ReturnsAsync(updatedUser);
+
+        // Act
+        var result = await _controller.UpdateUser(userId, updateUserDto);
+
+        // Assert
+        var okResult = result.Result.Should().BeOfType<OkObjectResult>().Subject;
+        okResult.Value.Should().BeEquivalentTo(updatedUser);
+    }
+
+    [Fact]
+    public async Task UpdateUser_WithInvalidId_ShouldReturnNotFound()
+    {
+        // Arrange
+        var userId = 999;
+        var updateUserDto = _fixture.Create<UpdateUserDto>();
+        _mockUserService.Setup(x => x.UpdateUserAsync(userId, updateUserDto))
+            .ReturnsAsync((UserResponseDto?)null);
+
+        // Act
+        var result = await _controller.UpdateUser(userId, updateUserDto);
+
+        // Assert
+        var notFoundResult = result.Result.Should().BeOfType<NotFoundObjectResult>().Subject;
+        notFoundResult.Value.Should().Be($"User with ID {userId} not found");
+    }
+
+    [Fact]
+    public async Task DeleteUser_WithValidId_ShouldReturnNoContent()
+    {
+        // Arrange
+        var userId = 1;
+        _mockUserService.Setup(x => x.DeleteUserAsync(userId))
+            .ReturnsAsync(true);
+
+        // Act
+        var result = await _controller.DeleteUser(userId);
+
+        // Assert
+        result.Should().BeOfType<NoContentResult>();
+    }
+
+    [Fact]
+    public async Task DeleteUser_WithInvalidId_ShouldReturnNotFound()
+    {
+        // Arrange
+        var userId = 999;
+        _mockUserService.Setup(x => x.DeleteUserAsync(userId))
+            .ReturnsAsync(false);
+
+        // Act
+        var result = await _controller.DeleteUser(userId);
+
+        // Assert
+        var notFoundResult = result.Should().BeOfType<NotFoundObjectResult>().Subject;
+        notFoundResult.Value.Should().Be($"User with ID {userId} not found");
     }
 }
diff --git a/UserApi.Tests/DTOs/UserDtoValidationTests.cs b/UserApi.Tests/DTOs/UserDtoValidationTests.cs
index b072a18..8c93467 100644
--- a/UserApi.Tests/DTOs/UserDtoValidationTests.cs
+++ b/UserApi.Tests/DTOs/UserDtoValidationTests.cs
@@ -1,289 +1,253 @@
 using System.ComponentModel.DataAnnotations;
+using FluentAssertions;
 using UserApi.DTOs;
 using Xunit;
-using FluentAssertions;
 
-namespace UserApi.Tests.DTOs
+namespace UserApi.Tests.DTOs;
+
+public class UserDtoValidationTests
 {
-    public class UserDtoValidationTests
+    [Fact]
+    public void CreateUserDto_WithValidData_ShouldPassValidation()
     {
-        [Fact]
-        public void CreateUserDto_WithValidData_ShouldPassValidation()
-        {
-            // Arrange
-            var dto = new CreateUserDto
-            {
-                FirstName = "John",
-                LastName = "Doe",
-                Email = "john.doe@example.com",
-                PhoneNumber = "+1234567890"
-            };
-
-            // Act
-            var validationResults = ValidateModel(dto);
-
-            // Assert
-            validationResults.Should().BeEmpty();
-        }
-
-        [Theory]
-        [InlineData("")]
-        [InlineData("   ")]
-        public void CreateUserDto_WithInvalidFirstName_ShouldFailValidation(string firstName)
+        // Arrange
+        var dto = new CreateUserDto
         {
-            // Arrange
-            var dto = new CreateUserDto
-            {
-                FirstName = firstName,
-                LastName = "Doe",
-                Email = "john.doe@example.com",
-                PhoneNumber = "+1234567890"
-            };
-
-            // Act
-            var validationResults = ValidateModel(dto);
-
-            // Assert
-            validationResults.Should().NotBeEmpty();
-            validationResults.Should().Contain(vr => vr.MemberNames.Contains("FirstName"));
-        }
-
-        [Theory]
-        [InlineData("")]
-        [InlineData("   ")]
-        public void CreateUserDto_WithInvalidLastName_ShouldFailValidation(string lastName)
-        {
-            // Arrange
-            var dto = new CreateUserDto
-            {
-                FirstName = "John",
-                LastName = lastName,
-                Email = "john.doe@example.com",
-                PhoneNumber = "+1234567890"
-            };
-
-            // Act
-            var validationResults = ValidateModel(dto);
-
-            // Assert
-            validationResults.Should().NotBeEmpty();
-            validationResults.Should().Contain(vr => vr.MemberNames.Contains("LastName"));
-        }
-
-        [Theory]
-        [InlineData("")]
-        [InlineData("   ")]
-        [InlineData("invalid-email")]
-        [InlineData("@example.com")]
-        [InlineData("test@")]
-        public void CreateUserDto_WithInvalidEmail_ShouldFailValidation(string email)
+            Name = "John Doe",
+            Email = "john.doe@example.com",
+            Bio = "Software Engineer"
+        };
+
+        // Act
+        var validationResults = ValidateModel(dto);
+
+        // Assert
+        validationResults.Should().BeEmpty();
+    }
+
+    [Theory]
+    [InlineData("")]
+    [InlineData("   ")]
+    public void CreateUserDto_WithInvalidName_ShouldFailValidation(string name)
+    {
+        // Arrange
+        var dto = new CreateUserDto
         {
-            // Arrange
-            var dto = new CreateUserDto
-            {
-                FirstName = "John",
-                LastName = "Doe",
-                Email = email,
-                PhoneNumber = "+1234567890"
-            };
-
-            // Act
-            var validationResults = ValidateModel(dto);
-
-            // Assert
-            validationResults.Should().NotBeEmpty();
-            validationResults.Should().Contain(vr => vr.MemberNames.Contains("Email"));
-        }
-
-        [Fact]
-        public void CreateUserDto_WithNullFirstName_ShouldFailValidation()
+            Name = name,
+            Email = "john.doe@example.com",
+            Bio = "Engineer"
+        };
+
+        // Act
+        var validationResults = ValidateModel(dto);
+
+        // Assert
+        validationResults.Should().NotBeEmpty();
+        validationResults.Should().Contain(vr => vr.MemberNames.Contains("Name"));
+    }
+
+    [Fact]
+    public void CreateUserDto_WithNullBio_ShouldPassValidation()
+    {
+        // Arrange
+        var dto = new CreateUserDto
         {
-            // Arrange
-            var dto = new CreateUserDto
-            {
-                FirstName = null!,
-                LastName = "Doe",
-                Email = "john.doe@example.com",
-                PhoneNumber = "+1234567890"
-            };
-
-            // Act
-            var validationResults = ValidateModel(dto);
-
-            // Assert
-            validationResults.Should().NotBeEmpty();
-            validationResults.Should().Contain(vr => vr.MemberNames.Contains("FirstName"));
-        }
-
-        [Fact]
-        public void CreateUserDto_WithNullLastName_ShouldFailValidation()
+            Name = "John Doe",
+            Email = "john.doe@example.com",
+            Bio = null
+        };
+
+        // Act
+        var validationResults = ValidateModel(dto);
+
+        // Assert
+        validationResults.Should().BeEmpty();
+    }
+
+    [Theory]
+    [InlineData("")]
+    [InlineData("   ")]
+    [InlineData("invalid-email")]
+    [InlineData("@example.com")]
+    [InlineData("test@")]
+    public void CreateUserDto_WithInvalidEmail_ShouldFailValidation(string email)
+    {
+        // Arrange
+        var dto = new CreateUserDto
         {
-            // Arrange
-            var dto = new CreateUserDto
-            {
-                FirstName = "John",
-                LastName = null!,
-                Email = "john.doe@example.com",
-                PhoneNumber = "+1234567890"
-            };
-
-            // Act
-            var validationResults = ValidateModel(dto);
-
-            // Assert
-            validationResults.Should().NotBeEmpty();
-            validationResults.Should().Contain(vr => vr.MemberNames.Contains("LastName"));
-        }
-
-        [Fact]
-        public void CreateUserDto_WithNullEmail_ShouldFailValidation()
+            Name = "John Doe",
+            Email = email,
+            Bio = "Engineer"
+        };
+
+        // Act
+        var validationResults = ValidateModel(dto);
+
+        // Assert
+        validationResults.Should().NotBeEmpty();
+        validationResults.Should().Contain(vr => vr.MemberNames.Contains("Email"));
+    }
+
+    [Fact]
+    public void CreateUserDto_WithNullName_ShouldFailValidation()
+    {
+        // Arrange
+        var dto = new CreateUserDto
         {
-            // Arrange
-            var dto = new CreateUserDto
-            {
-                FirstName = "John",
-                LastName = "Doe",
-                Email = null!,
-                PhoneNumber = "+1234567890"
-            };
-
-            // Act
-            var validationResults = ValidateModel(dto);
-
-            // Assert
-            validationResults.Should().NotBeEmpty();
-            validationResults.Should().Contain(vr => vr.MemberNames.Contains("Email"));
-        }
-
-        [Fact]
-        public void UpdateUserDto_WithAllNullValues_ShouldPassValidation()
+            Name = null!,
+            Email = "john.doe@example.com",
+            Bio = "Engineer"
+        };
+
+        // Act
+        var validationResults = ValidateModel(dto);
+
+        // Assert
+        validationResults.Should().NotBeEmpty();
+        validationResults.Should().Contain(vr => vr.MemberNames.Contains("Name"));
+    }
+
+    [Fact]
+    public void CreateUserDto_WithNullEmail_ShouldFailValidation()
+    {
+        // Arrange
+        var dto = new CreateUserDto
         {
-            // Arrange
-            var dto = new UpdateUserDto
-            {
-                FirstName = null,
-                LastName = null,
-                Email = null,
-                PhoneNumber = null
-            };
-
-            // Act
-            var validationResults = ValidateModel(dto);
-
-            // Assert
-            validationResults.Should().BeEmpty();
-        }
-
-        [Fact]
-        public void UpdateUserDto_WithValidPartialData_ShouldPassValidation()
+            Name = "John Doe",
+            Email = null!,
+            Bio = "Engineer"
+        };
+
+        // Act
+        var validationResults = ValidateModel(dto);
+
+        // Assert
+        validationResults.Should().NotBeEmpty();
+        validationResults.Should().Contain(vr => vr.MemberNames.Contains("Email"));
+    }
+
+    [Fact]
+    public void UpdateUserDto_WithAllNullValues_ShouldPassValidation()
+    {
+        // Arrange
+        var dto = new UpdateUserDto
         {
-            // Arrange
-            var dto = new UpdateUserDto
-            {
-                FirstName = "UpdatedJohn",
-                LastName = null,
-                Email = "updated.john@example.com",
-                PhoneNumber = null
-            };
-
-            // Act
-            var validationResults = ValidateModel(dto);
-
-            // Assert
-            validationResults.Should().BeEmpty();
-        }
-
-        [Fact]
-        public void UpdateUserDto_WithEmptyFirstName_ShouldPassValidation()
+            Name = null,
+            Email = null,
+            Bio = null
+        };
+
+        // Act
+        var validationResults = ValidateModel(dto);
+
+        // Assert
+        validationResults.Should().BeEmpty();
+    }
+
+    [Fact]
+    public void UpdateUserDto_WithValidPartialData_ShouldPassValidation()
+    {
+        // Arrange
+        var dto = new UpdateUserDto
         {
-            // Arrange
-            var dto = new UpdateUserDto
-            {
-                FirstName = "",
-                LastName = "Doe",
-                Email = "john.doe@example.com"
-            };
-
-            // Act
-            var validationResults = ValidateModel(dto);
-
-            // Assert
-            validationResults.Should().BeEmpty();
-        }
-
-        [Fact]
-        public void UpdateUserDto_WithEmptyLastName_ShouldPassValidation()
+            Name = "Updated John",
+            Email = "updated.john@example.com",
+            Bio = null
+        };
+
+        // Act
+        var validationResults = ValidateModel(dto);
+
+        // Assert
+        validationResults.Should().BeEmpty();
+    }
+
+    [Fact]
+    public void UpdateUserDto_WithEmptyName_ShouldPassValidation()
+    {
+        // Arrange
+        var dto = new UpdateUserDto
         {
-            // Arrange
-            var dto = new UpdateUserDto
-            {
-                FirstName = "John",
-                LastName = "",
-                Email = "john.doe@example.com"
-            };
-
-            // Act
-            var validationResults = ValidateModel(dto);
-
-            // Assert
-            validationResults.Should().BeEmpty();
-        }
-
-        [Theory]
-        [InlineData("")]
-        [InlineData("   ")]
-        [InlineData("invalid-email")]
-        [InlineData("@example.com")]
-        [InlineData("test@")]
-        public void UpdateUserDto_WithInvalidEmail_ShouldFailValidation(string email)
+            Name = "",
+            Email = "john.doe@example.com"
+        };
+
+        // Act
+        var validationResults = ValidateModel(dto);
+
+        // Assert
+        validationResults.Should().BeEmpty();
+    }
+
+    [Fact]
+    public void UpdateUserDto_WithEmptyBio_ShouldPassValidation()
+    {
+        // Arrange
+        var dto = new UpdateUserDto
         {
-            // Arrange
-            var dto = new UpdateUserDto
-            {
-                FirstName = "John",
-                LastName = "Doe",
-                Email = email
-            };
-
-            // Act
-            var validationResults = ValidateModel(dto);
-
-            // Assert
-            validationResults.Should().NotBeEmpty();
-            validationResults.Should().Contain(vr => vr.MemberNames.Contains("Email"));
-        }
-
-        [Fact]
-        public void UserResponseDto_Properties_ShouldBeSettable()
+            Name = "John Doe",
+            Bio = "",
+            Email = "john.doe@example.com"
+        };
+
+        // Act
+        var validationResults = ValidateModel(dto);
+
+        // Assert
+        validationResults.Should().BeEmpty();
+    }
+
+    [Theory]
+    [InlineData("")]
+    [InlineData("   ")]
+    [InlineData("invalid-email")]
+    [InlineData("@example.com")]
+    [InlineData("test@")]
+    public void UpdateUserDto_WithInvalidEmail_ShouldFailValidation(string email)
+    {
+        // Arrange
+        var dto = new UpdateUserDto
         {
-            // Arrange & Act
-            var dto = new UserResponseDto
-            {
-                Id = 1,
-                FirstName = "John",
-                LastName = "Doe",
-                Email = "john.doe@example.com",
-                PhoneNumber = "+1234567890",
-                CreatedAt = DateTime.UtcNow,
-                UpdatedAt = DateTime.UtcNow
-            };
-
-            // Assert
-            dto.Id.Should().Be(1);
-            dto.FirstName.Should().Be("John");
-            dto.LastName.Should().Be("Doe");
-            dto.Email.Should().Be("john.doe@example.com");
-            dto.PhoneNumber.Should().Be("+1234567890");
-            dto.CreatedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromMinutes(1));
-            dto.UpdatedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromMinutes(1));
-        }
-
-        private static IList<ValidationResult> ValidateModel(object model)
+            Name = "John Doe",
+            Email = email
+        };
+
+        // Act
+        var validationResults = ValidateModel(dto);
+
+        // Assert
+        validationResults.Should().NotBeEmpty();
+        validationResults.Should().Contain(vr => vr.MemberNames.Contains("Email"));
+    }
+
+    [Fact]
+    public void UserResponseDto_Properties_ShouldBeSettable()
+    {
+        // Arrange & Act
+        var dto = new UserResponseDto
         {
-            var validationResults = new List<ValidationResult>();
-            var validationContext = new ValidationContext(model, null, null);
-            Validator.TryValidateObject(model, validationContext, validationResults, true);
-            return validationResults;
-        }
+            Id = 1,
+            Name = "John Doe",
+            Email = "john.doe@example.com",
+            Bio = "Software Engineer",
+            CreatedAt = DateTime.UtcNow,
+            UpdatedAt = DateTime.UtcNow
+        };
+
+        // Assert
+        dto.Id.Should().Be(1);
+        dto.Name.Should().Be("John Doe");
+        dto.Email.Should().Be("john.doe@example.com");
+        dto.Bio.Should().Be("Software Engineer");
+        dto.CreatedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromMinutes(1));
+        dto.UpdatedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromMinutes(1));
+    }
+
+    private static IList<ValidationResult> ValidateModel(object model)
+    {
+        var validationResults = new List<ValidationResult>();
+        var validationContext = new ValidationContext(model, null, null);
+        Validator.TryValidateObject(model, validationContext, validationResults, true);
+        return validationResults;
     }
 }
diff --git a/UserApi.Tests/GlobalUsings.cs b/UserApi.Tests/GlobalUsings.cs
index 8e39e0e..f9bbc99 100644
--- a/UserApi.Tests/GlobalUsings.cs
+++ b/UserApi.Tests/GlobalUsings.cs
@@ -1,15 +1,15 @@
-global using Xunit;
-global using FluentAssertions;
+global using System.Net;
+global using System.Text;
+global using System.Text.Json;
 global using AutoFixture;
 global using AutoFixture.Xunit2;
+global using FluentAssertions;
 global using Microsoft.AspNetCore.Mvc.Testing;
 global using Microsoft.EntityFrameworkCore;
 global using Microsoft.Extensions.DependencyInjection;
-global using System.Net;
-global using System.Text;
-global using System.Text.Json;
 global using UserApi.Data;
 global using UserApi.DTOs;
 global using UserApi.Models;
 global using UserApi.Services;
+global using Xunit;
 
diff --git a/UserApi.Tests/Models/UserModelTests.cs b/UserApi.Tests/Models/UserModelTests.cs
index 8aafcc9..71bda6c 100644
--- a/UserApi.Tests/Models/UserModelTests.cs
+++ b/UserApi.Tests/Models/UserModelTests.cs
@@ -1,90 +1,83 @@
+using FluentAssertions;
 using UserApi.Models;
 using Xunit;
-using FluentAssertions;
 
-namespace UserApi.Tests.Models
+namespace UserApi.Tests.Models;
+
+public class UserModelTests
 {
-    public class UserModelTests
+    [Fact]
+    public void User_Properties_ShouldBeSettableAndGettable()
     {
-        [Fact]
-        public void User_Properties_ShouldBeSettableAndGettable()
-        {
-            // Arrange
-            var user = new User();
-            var createdAt = DateTime.UtcNow;
-            var updatedAt = DateTime.UtcNow.AddMinutes(5);
+        // Arrange
+        var user = new User();
+        var createdAt = DateTime.UtcNow;
+        var updatedAt = DateTime.UtcNow.AddMinutes(5);
 
-            // Act
-            user.Id = 1;
-            user.FirstName = "John";
-            user.LastName = "Doe";
-            user.Email = "john.doe@example.com";
-            user.PhoneNumber = "+1234567890";
-            user.CreatedAt = createdAt;
-            user.UpdatedAt = updatedAt;
+        // Act
+        user.Id = 1;
+        user.Name = "John Doe";
+        user.Email = "john.doe@example.com";
+        user.Bio = "Software Engineer";
+        user.CreatedAt = createdAt;
+        user.UpdatedAt = updatedAt;
 
-            // Assert
-            user.Id.Should().Be(1);
-            user.FirstName.Should().Be("John");
-            user.LastName.Should().Be("Doe");
-            user.Email.Should().Be("john.doe@example.com");
-            user.PhoneNumber.Should().Be("+1234567890");
-            user.CreatedAt.Should().Be(createdAt);
-            user.UpdatedAt.Should().Be(updatedAt);
-        }
+        // Assert
+        user.Id.Should().Be(1);
+        user.Name.Should().Be("John Doe");
+        user.Email.Should().Be("john.doe@example.com");
+        user.Bio.Should().Be("Software Engineer");
+        user.CreatedAt.Should().Be(createdAt);
+        user.UpdatedAt.Should().Be(updatedAt);
+    }
 
-        [Fact]
-        public void User_WithNullPhoneNumber_ShouldAllowNull()
+    [Fact]
+    public void User_WithNullBio_ShouldAllowNull()
+    {
+        // Arrange & Act
+        var user = new User
         {
-            // Arrange & Act
-            var user = new User
-            {
-                Id = 1,
-                FirstName = "John",
-                LastName = "Doe",
-                Email = "john.doe@example.com",
-                PhoneNumber = null,
-                CreatedAt = DateTime.UtcNow,
-                UpdatedAt = DateTime.UtcNow
-            };
+            Id = 1,
+            Name = "John Doe",
+            Email = "john.doe@example.com",
+            Bio = null,
+            CreatedAt = DateTime.UtcNow,
+            UpdatedAt = DateTime.UtcNow
+        };
 
-            // Assert
-            user.PhoneNumber.Should().BeNull();
-        }
+        // Assert
+        user.Bio.Should().BeNull();
+    }
 
-        [Fact]
-        public void User_DefaultValues_ShouldBeCorrect()
-        {
-            // Arrange & Act
-            var user = new User();
+    [Fact]
+    public void User_DefaultValues_ShouldBeCorrect()
+    {
+        // Arrange & Act
+        var user = new User();
 
-            // Assert
-            user.Id.Should().Be(0);
-            user.FirstName.Should().Be(string.Empty);
-            user.LastName.Should().Be(string.Empty);
-            user.Email.Should().Be(string.Empty);
-            user.PhoneNumber.Should().BeNull();
-            user.CreatedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromMinutes(1));
-            user.UpdatedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromMinutes(1));
-        }
+        // Assert
+        user.Id.Should().Be(0);
+        user.Name.Should().Be(string.Empty);
+        user.Email.Should().Be(string.Empty);
+        user.Bio.Should().BeNull();
+        user.CreatedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromMinutes(1));
+        user.UpdatedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromMinutes(1));
+    }
 
-        [Fact]
-        public void User_WithEmptyStrings_ShouldAllowEmptyStrings()
+    [Fact]
+    public void User_WithEmptyStrings_ShouldAllowEmptyStrings()
+    {
+        // Arrange & Act
+        var user = new User
         {
-            // Arrange & Act
-            var user = new User
-            {
-                FirstName = "",
-                LastName = "",
-                Email = "",
-                PhoneNumber = ""
-            };
+            Name = "",
+            Email = "",
+            Bio = ""
+        };
 
-            // Assert
-            user.FirstName.Should().Be("");
-            user.LastName.Should().Be("");
-            user.Email.Should().Be("");
-            user.PhoneNumber.Should().Be("");
-        }
+        // Assert
+        user.Name.Should().Be("");
+        user.Email.Should().Be("");
+        user.Bio.Should().Be("");
     }
 }
diff --git a/UserApi.Tests/Services/UserServiceTests.cs b/UserApi.Tests/Services/UserServiceTests.cs
index c30cd3e..1fa76d5 100644
--- a/UserApi.Tests/Services/UserServiceTests.cs
+++ b/UserApi.Tests/Services/UserServiceTests.cs
@@ -1,3 +1,6 @@
+using AutoFixture;
+using AutoFixture.Xunit2;
+using FluentAssertions;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Logging;
 using Moq;
@@ -6,444 +9,431 @@
 using UserApi.Models;
 using UserApi.Services;
 using Xunit;
-using FluentAssertions;
-using AutoFixture;
-using AutoFixture.Xunit2;
 
-namespace UserApi.Tests.Services
+namespace UserApi.Tests.Services;
+
+public class UserServiceTests : IDisposable
 {
-    public class UserServiceTests : IDisposable
+    private readonly UserDbContext _context;
+    private readonly Mock<ILogger<UserService>> _mockLogger;
+    private readonly UserService _userService;
+    private readonly IFixture _fixture;
+
+    public UserServiceTests()
     {
-        private readonly UserDbContext _context;
-        private readonly Mock<ILogger<UserService>> _mockLogger;
-        private readonly UserService _userService;
-        private readonly IFixture _fixture;
+        var options = new DbContextOptionsBuilder<UserDbContext>()
+            .UseInMemoryDatabase(databaseName: Guid.NewGuid().ToString())
+            .Options;
+
+        _context = new UserDbContext(options);
+        _mockLogger = new Mock<ILogger<UserService>>();
+        _userService = new UserService(_context, _mockLogger.Object);
+        _fixture = new Fixture();
+
+        // Configure AutoFixture to generate proper dates
+        _fixture.Customize<User>(c => c
+            .With(x => x.CreatedAt, () => DateTime.UtcNow.AddMinutes(-10)) // Past date
+            .With(x => x.UpdatedAt, () => DateTime.UtcNow.AddMinutes(-5))  // Past date, but after CreatedAt
+            .Without(x => x.Id));
+    }
 
-        public UserServiceTests()
-        {
-            var options = new DbContextOptionsBuilder<UserDbContext>()
-                .UseInMemoryDatabase(databaseName: Guid.NewGuid().ToString())
-                .Options;
-
-            _context = new UserDbContext(options);
-            _mockLogger = new Mock<ILogger<UserService>>();
-            _userService = new UserService(_context, _mockLogger.Object);
-            _fixture = new Fixture();
-
-            // Configure AutoFixture to generate proper dates
-            _fixture.Customize<User>(c => c
-                .With(x => x.CreatedAt, () => DateTime.UtcNow.AddMinutes(-10)) // Past date
-                .With(x => x.UpdatedAt, () => DateTime.UtcNow.AddMinutes(-5))  // Past date, but after CreatedAt
-                .Without(x => x.Id));
-        }
-
-        [Fact]
-        public async Task GetAllUsersAsync_ShouldReturnAllUsers()
-        {
-            // Arrange
-            var users = _fixture.CreateMany<User>(3).ToList();
-            _context.Users.AddRange(users);
-            await _context.SaveChangesAsync();
-
-            // Act
-            var result = await _userService.GetAllUsersAsync();
-
-            // Assert
-            result.Should().HaveCount(3);
-            result.Should().AllSatisfy(user =>
-            {
-                user.Id.Should().BeGreaterThan(0);
-                user.FirstName.Should().NotBeNullOrEmpty();
-                user.LastName.Should().NotBeNullOrEmpty();
-                user.Email.Should().NotBeNullOrEmpty();
-            });
-        }
-
-        [Fact]
-        public async Task GetUserByIdAsync_WithValidId_ShouldReturnUser()
-        {
-            // Arrange
-            var user = _fixture.Create<User>();
-            _context.Users.Add(user);
-            await _context.SaveChangesAsync();
-
-            // Act
-            var result = await _userService.GetUserByIdAsync(user.Id);
-
-            // Assert
-            result.Should().NotBeNull();
-            result!.Id.Should().Be(user.Id);
-            result.FirstName.Should().Be(user.FirstName);
-            result.LastName.Should().Be(user.LastName);
-            result.Email.Should().Be(user.Email);
-        }
-
-        [Fact]
-        public async Task GetUserByIdAsync_WithInvalidId_ShouldReturnNull()
+    [Fact]
+    public async Task GetAllUsersAsync_ShouldReturnAllUsers()
+    {
+        // Arrange
+        var users = _fixture.CreateMany<User>(3).ToList();
+        _context.Users.AddRange(users);
+        await _context.SaveChangesAsync();
+
+        // Act
+        var result = await _userService.GetAllUsersAsync();
+
+        // Assert
+        result.Should().HaveCount(3);
+        result.Should().AllSatisfy(user =>
         {
-            // Arrange
-            var invalidId = 999;
+            user.Id.Should().BeGreaterThan(0);
+            user.Name.Should().NotBeNullOrEmpty();
+            user.Email.Should().NotBeNullOrEmpty();
+        });
+    }
 
-            // Act
-            var result = await _userService.GetUserByIdAsync(invalidId);
+    [Fact]
+    public async Task GetUserByIdAsync_WithValidId_ShouldReturnUser()
+    {
+        // Arrange
+        var user = _fixture.Create<User>();
+        _context.Users.Add(user);
+        await _context.SaveChangesAsync();
+
+        // Act
+        var result = await _userService.GetUserByIdAsync(user.Id);
+
+        // Assert
+        result.Should().NotBeNull();
+        result!.Id.Should().Be(user.Id);
+        result.Name.Should().Be(user.Name);
+        result.Email.Should().Be(user.Email);
+    }
 
-            // Assert
-            result.Should().BeNull();
-        }
+    [Fact]
+    public async Task GetUserByIdAsync_WithInvalidId_ShouldReturnNull()
+    {
+        // Arrange
+        var invalidId = 999;
 
-        [Fact]
-        public async Task CreateUserAsync_WithValidData_ShouldCreateUser()
-        {
-            // Arrange
-            var createUserDto = _fixture.Create<CreateUserDto>();
-
-            // Act
-            var result = await _userService.CreateUserAsync(createUserDto);
-
-            // Assert
-            result.Should().NotBeNull();
-            result.Id.Should().BeGreaterThan(0);
-            result.FirstName.Should().Be(createUserDto.FirstName);
-            result.LastName.Should().Be(createUserDto.LastName);
-            result.Email.Should().Be(createUserDto.Email);
-            result.PhoneNumber.Should().Be(createUserDto.PhoneNumber);
-            result.CreatedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromMinutes(1));
-            result.UpdatedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromMinutes(1));
-
-            // Verify user was saved to database
-            var savedUser = await _context.Users.FindAsync(result.Id);
-            savedUser.Should().NotBeNull();
-        }
-
-        [Fact]
-        public async Task CreateUserAsync_WithDuplicateEmail_ShouldThrowInvalidOperationException()
-        {
-            // Arrange
-            var existingUser = _fixture.Create<User>();
-            _context.Users.Add(existingUser);
-            await _context.SaveChangesAsync();
-
-            var createUserDto = _fixture.Build<CreateUserDto>()
-                .With(x => x.Email, existingUser.Email)
-                .Create();
-
-            // Act & Assert
-            await _userService.Invoking(x => x.CreateUserAsync(createUserDto))
-                .Should().ThrowAsync<InvalidOperationException>()
-                .WithMessage("A user with this email already exists.");
-        }
-
-        [Fact]
-        public async Task UpdateUserAsync_WithValidData_ShouldUpdateUser()
-        {
-            // Arrange
-            var user = _fixture.Create<User>();
-            _context.Users.Add(user);
-            await _context.SaveChangesAsync();
-
-            var updateUserDto = _fixture.Build<UpdateUserDto>()
-                .With(x => x.FirstName, "UpdatedFirstName")
-                .With(x => x.LastName, "UpdatedLastName")
-                .With(x => x.Email, "updated@example.com")
-                .With(x => x.PhoneNumber, "+9999999999")
-                .Create();
-
-            var beforeUpdate = DateTime.UtcNow;
-
-            // Act
-            var result = await _userService.UpdateUserAsync(user.Id, updateUserDto);
-
-            // Assert
-            result.Should().NotBeNull();
-            result!.Id.Should().Be(user.Id);
-            result.FirstName.Should().Be(updateUserDto.FirstName);
-            result.LastName.Should().Be(updateUserDto.LastName);
-            result.Email.Should().Be(updateUserDto.Email);
-            result.PhoneNumber.Should().Be(updateUserDto.PhoneNumber);
-            result.UpdatedAt.Should().BeAfter(beforeUpdate.AddSeconds(-1)); // Allow for some time variance
-        }
-
-        [Fact]
-        public async Task UpdateUserAsync_WithInvalidId_ShouldReturnNull()
-        {
-            // Arrange
-            var invalidId = 999;
-            var updateUserDto = _fixture.Create<UpdateUserDto>();
+        // Act
+        var result = await _userService.GetUserByIdAsync(invalidId);
 
-            // Act
-            var result = await _userService.UpdateUserAsync(invalidId, updateUserDto);
+        // Assert
+        result.Should().BeNull();
+    }
 
-            // Assert
-            result.Should().BeNull();
-        }
+    [Fact]
+    public async Task CreateUserAsync_WithValidData_ShouldCreateUser()
+    {
+        // Arrange
+        var createUserDto = _fixture.Create<CreateUserDto>();
+
+        // Act
+        var result = await _userService.CreateUserAsync(createUserDto);
+
+        // Assert
+        result.Should().NotBeNull();
+        result.Id.Should().BeGreaterThan(0);
+        result.Name.Should().Be(createUserDto.Name);
+        result.Email.Should().Be(createUserDto.Email);
+        result.Bio.Should().Be(createUserDto.Bio);
+        result.CreatedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromMinutes(1));
+        result.UpdatedAt.Should().BeCloseTo(DateTime.UtcNow, TimeSpan.FromMinutes(1));
+
+        // Verify user was saved to database
+        var savedUser = await _context.Users.FindAsync(result.Id);
+        savedUser.Should().NotBeNull();
+    }
 
-        [Fact]
-        public async Task UpdateUserAsync_WithDuplicateEmail_ShouldThrowInvalidOperationException()
-        {
-            // Arrange
-            var user1 = _fixture.Create<User>();
-            var user2 = _fixture.Create<User>();
-            _context.Users.AddRange(user1, user2);
-            await _context.SaveChangesAsync();
-
-            var updateUserDto = _fixture.Build<UpdateUserDto>()
-                .With(x => x.Email, user2.Email)
-                .Create();
-
-            // Act & Assert
-            await _userService.Invoking(x => x.UpdateUserAsync(user1.Id, updateUserDto))
-                .Should().ThrowAsync<InvalidOperationException>()
-                .WithMessage("A user with this email already exists.");
-        }
-
-        [Fact]
-        public async Task UpdateUserAsync_WithPartialData_ShouldUpdateOnlyProvidedFields()
-        {
-            // Arrange
-            var user = _fixture.Create<User>();
-            _context.Users.Add(user);
-            await _context.SaveChangesAsync();
-
-            var updateUserDto = new UpdateUserDto
-            {
-                FirstName = "UpdatedFirstName"
-                // Other fields are null
-            };
-
-            // Act
-            var result = await _userService.UpdateUserAsync(user.Id, updateUserDto);
-
-            // Assert
-            result.Should().NotBeNull();
-            result!.Id.Should().Be(user.Id);
-            result.FirstName.Should().Be(updateUserDto.FirstName);
-            result.LastName.Should().Be(user.LastName);
-            result.Email.Should().Be(user.Email);
-            result.PhoneNumber.Should().Be(user.PhoneNumber);
-        }
-
-        [Fact]
-        public async Task DeleteUserAsync_WithValidId_ShouldDeleteUser()
-        {
-            // Arrange
-            var user = _fixture.Create<User>();
-            _context.Users.Add(user);
-            await _context.SaveChangesAsync();
+    [Fact]
+    public async Task CreateUserAsync_WithDuplicateEmail_ShouldThrowInvalidOperationException()
+    {
+        // Arrange
+        var existingUser = _fixture.Create<User>();
+        _context.Users.Add(existingUser);
+        await _context.SaveChangesAsync();
+
+        var createUserDto = _fixture.Build<CreateUserDto>()
+            .With(x => x.Email, existingUser.Email)
+            .Create();
+
+        // Act & Assert
+        await _userService.Invoking(x => x.CreateUserAsync(createUserDto))
+            .Should().ThrowAsync<InvalidOperationException>()
+            .WithMessage("A user with this email already exists.");
+    }
 
-            // Act
-            var result = await _userService.DeleteUserAsync(user.Id);
+    [Fact]
+    public async Task UpdateUserAsync_WithValidData_ShouldUpdateUser()
+    {
+        // Arrange
+        var user = _fixture.Create<User>();
+        _context.Users.Add(user);
+        await _context.SaveChangesAsync();
+
+        var updateUserDto = _fixture.Build<UpdateUserDto>()
+            .With(x => x.Name, "Updated Name")
+            .With(x => x.Email, "updated@example.com")
+            .With(x => x.Bio, "Updated Bio")
+            .Create();
+
+        var beforeUpdate = DateTime.UtcNow;
+
+        // Act
+        var result = await _userService.UpdateUserAsync(user.Id, updateUserDto);
+
+        // Assert
+        result.Should().NotBeNull();
+        result!.Id.Should().Be(user.Id);
+        result.Name.Should().Be(updateUserDto.Name);
+        result.Email.Should().Be(updateUserDto.Email);
+        result.Bio.Should().Be(updateUserDto.Bio);
+        result.UpdatedAt.Should().BeAfter(beforeUpdate.AddSeconds(-1)); // Allow for some time variance
+    }
 
-            // Assert
-            result.Should().BeTrue();
+    [Fact]
+    public async Task UpdateUserAsync_WithInvalidId_ShouldReturnNull()
+    {
+        // Arrange
+        var invalidId = 999;
+        var updateUserDto = _fixture.Create<UpdateUserDto>();
 
-            // Verify user was deleted from database
-            var deletedUser = await _context.Users.FindAsync(user.Id);
-            deletedUser.Should().BeNull();
-        }
+        // Act
+        var result = await _userService.UpdateUserAsync(invalidId, updateUserDto);
 
-        [Fact]
-        public async Task DeleteUserAsync_WithInvalidId_ShouldReturnFalse()
-        {
-            // Arrange
-            var invalidId = 999;
+        // Assert
+        result.Should().BeNull();
+    }
 
-            // Act
-            var result = await _userService.DeleteUserAsync(invalidId);
+    [Fact]
+    public async Task UpdateUserAsync_WithDuplicateEmail_ShouldThrowInvalidOperationException()
+    {
+        // Arrange
+        var user1 = _fixture.Create<User>();
+        var user2 = _fixture.Create<User>();
+        _context.Users.AddRange(user1, user2);
+        await _context.SaveChangesAsync();
+
+        var updateUserDto = _fixture.Build<UpdateUserDto>()
+            .With(x => x.Email, user2.Email)
+            .Create();
+
+        // Act & Assert
+        await _userService.Invoking(x => x.UpdateUserAsync(user1.Id, updateUserDto))
+            .Should().ThrowAsync<InvalidOperationException>()
+            .WithMessage("A user with this email already exists.");
+    }
 
-            // Assert
-            result.Should().BeFalse();
-        }
+    [Fact]
+    public async Task UpdateUserAsync_WithPartialData_ShouldUpdateOnlyProvidedFields()
+    {
+        // Arrange
+        var user = _fixture.Create<User>();
+        _context.Users.Add(user);
+        await _context.SaveChangesAsync();
 
-        [Theory]
-        [AutoData]
-        public async Task CreateUserAsync_WithAutoFixtureData_ShouldCreateUser(CreateUserDto createUserDto)
-        {
-            // Act
-            var result = await _userService.CreateUserAsync(createUserDto);
-
-            // Assert
-            result.Should().NotBeNull();
-            result.Id.Should().BeGreaterThan(0);
-            result.FirstName.Should().Be(createUserDto.FirstName);
-            result.LastName.Should().Be(createUserDto.LastName);
-            result.Email.Should().Be(createUserDto.Email);
-        }
-
-        [Fact]
-        public async Task UpdateUserAsync_WithEmptyEmail_ShouldUpdateWithoutEmailChange()
+        var updateUserDto = new UpdateUserDto
         {
-            // Arrange
-            var user = _fixture.Create<User>();
-            _context.Users.Add(user);
-            await _context.SaveChangesAsync();
-
-            var updateUserDto = new UpdateUserDto
-            {
-                FirstName = "UpdatedFirstName",
-                Email = ""
-            };
-
-            // Act
-            var result = await _userService.UpdateUserAsync(user.Id, updateUserDto);
-
-            // Assert
-            result.Should().NotBeNull();
-            result!.FirstName.Should().Be(updateUserDto.FirstName);
-            result.Email.Should().Be(user.Email);
-        }
-
-        [Fact]
-        public async Task UpdateUserAsync_WithNullPhoneNumber_ShouldKeepExistingPhoneNumber()
-        {
-            // Arrange
-            var user = _fixture.Create<User>();
-            _context.Users.Add(user);
-            await _context.SaveChangesAsync();
+            Name = "Updated Name"
+            // Other fields are null
+        };
+
+        // Act
+        var result = await _userService.UpdateUserAsync(user.Id, updateUserDto);
+
+        // Assert
+        result.Should().NotBeNull();
+        result!.Id.Should().Be(user.Id);
+        result.Name.Should().Be(updateUserDto.Name);
+        result.Email.Should().Be(user.Email);
+    }
+
+    [Fact]
+    public async Task DeleteUserAsync_WithValidId_ShouldDeleteUser()
+    {
+        // Arrange
+        var user = _fixture.Create<User>();
+        _context.Users.Add(user);
+        await _context.SaveChangesAsync();
+
+        // Act
+        var result = await _userService.DeleteUserAsync(user.Id);
+
+        // Assert
+        result.Should().BeTrue();
+
+        // Verify user was deleted from database
+        var deletedUser = await _context.Users.FindAsync(user.Id);
+        deletedUser.Should().BeNull();
+    }
+
+    [Fact]
+    public async Task DeleteUserAsync_WithInvalidId_ShouldReturnFalse()
+    {
+        // Arrange
+        var invalidId = 999;
 
-            var originalPhoneNumber = user.PhoneNumber;
+        // Act
+        var result = await _userService.DeleteUserAsync(invalidId);
 
-            var updateUserDto = new UpdateUserDto
-            {
-                PhoneNumber = null
-            };
+        // Assert
+        result.Should().BeFalse();
+    }
 
-            // Act
-            var result = await _userService.UpdateUserAsync(user.Id, updateUserDto);
+    [Theory]
+    [AutoData]
+    public async Task CreateUserAsync_WithAutoFixtureData_ShouldCreateUser(CreateUserDto createUserDto)
+    {
+        // Act
+        var result = await _userService.CreateUserAsync(createUserDto);
+
+        // Assert
+        result.Should().NotBeNull();
+        result.Id.Should().BeGreaterThan(0);
+        result.Name.Should().Be(createUserDto.Name);
+        result.Email.Should().Be(createUserDto.Email);
+    }
 
-            // Assert
-            result.Should().NotBeNull();
-            result!.PhoneNumber.Should().Be(originalPhoneNumber);
-        }
+    [Fact]
+    public async Task UpdateUserAsync_WithEmptyEmail_ShouldUpdateWithoutEmailChange()
+    {
+        // Arrange
+        var user = _fixture.Create<User>();
+        _context.Users.Add(user);
+        await _context.SaveChangesAsync();
 
-        [Fact]
-        public async Task UpdateUserAsync_WithSameEmail_ShouldNotThrowException()
+        var updateUserDto = new UpdateUserDto
         {
-            // Arrange
-            var user = _fixture.Create<User>();
-            _context.Users.Add(user);
-            await _context.SaveChangesAsync();
-
-            var updateUserDto = new UpdateUserDto
-            {
-                Email = user.Email // Same email should be allowed
-            };
-
-            // Act
-            var result = await _userService.UpdateUserAsync(user.Id, updateUserDto);
-
-            // Assert
-            result.Should().NotBeNull();
-            result!.Email.Should().Be(user.Email);
-        }
-
-        [Fact]
-        public async Task GetAllUsersAsync_WithEmptyDatabase_ShouldReturnEmptyList()
+            Name = "Updated Name",
+            Email = ""
+        };
+
+        // Act
+        var result = await _userService.UpdateUserAsync(user.Id, updateUserDto);
+
+        // Assert
+        result.Should().NotBeNull();
+        result!.Name.Should().Be(updateUserDto.Name);
+        result.Email.Should().Be(user.Email);
+    }
+
+    [Fact]
+    public async Task UpdateUserAsync_WithNullBio_ShouldKeepExistingBio()
+    {
+        // Arrange
+        var user = _fixture.Create<User>();
+        _context.Users.Add(user);
+        await _context.SaveChangesAsync();
+
+        var originalBio = user.Bio;
+
+        var updateUserDto = new UpdateUserDto
         {
-            // Act
-            var result = await _userService.GetAllUsersAsync();
+            Bio = null
+        };
 
-            // Assert
-            result.Should().NotBeNull();
-            result.Should().BeEmpty();
-        }
+        // Act
+        var result = await _userService.UpdateUserAsync(user.Id, updateUserDto);
 
-        [Theory]
-        [InlineData("")]
-        public async Task UpdateUserAsync_WithEmptyFirstName_ShouldNotUpdateFirstName(string firstName)
+        // Assert
+        result.Should().NotBeNull();
+        result!.Bio.Should().Be(originalBio);
+    }
+
+    [Fact]
+    public async Task UpdateUserAsync_WithSameEmail_ShouldNotThrowException()
+    {
+        // Arrange
+        var user = _fixture.Create<User>();
+        _context.Users.Add(user);
+        await _context.SaveChangesAsync();
+
+        var updateUserDto = new UpdateUserDto
         {
-            // Arrange
-            var user = _fixture.Create<User>();
-            _context.Users.Add(user);
-            await _context.SaveChangesAsync();
-
-            var updateUserDto = new UpdateUserDto
-            {
-                FirstName = firstName,
-                LastName = "UpdatedLastName"
-            };
-
-            // Act
-            var result = await _userService.UpdateUserAsync(user.Id, updateUserDto);
-
-            // Assert
-            result.Should().NotBeNull();
-            result!.FirstName.Should().Be(user.FirstName);
-            result.LastName.Should().Be(updateUserDto.LastName);
-        }
-
-        [Theory]
-        [InlineData("")]
-        public async Task UpdateUserAsync_WithEmptyLastName_ShouldNotUpdateLastName(string lastName)
+            Email = user.Email // Same email should be allowed
+        };
+
+        // Act
+        var result = await _userService.UpdateUserAsync(user.Id, updateUserDto);
+
+        // Assert
+        result.Should().NotBeNull();
+        result!.Email.Should().Be(user.Email);
+    }
+
+    [Fact]
+    public async Task GetAllUsersAsync_WithEmptyDatabase_ShouldReturnEmptyList()
+    {
+        // Act
+        var result = await _userService.GetAllUsersAsync();
+
+        // Assert
+        result.Should().NotBeNull();
+        result.Should().BeEmpty();
+    }
+
+    [Theory]
+    [InlineData("")]
+    public async Task UpdateUserAsync_WithEmptyName_ShouldNotUpdateName(string name)
+    {
+        // Arrange
+        var user = _fixture.Create<User>();
+        _context.Users.Add(user);
+        await _context.SaveChangesAsync();
+
+        var updateUserDto = new UpdateUserDto
         {
-            // Arrange
-            var user = _fixture.Create<User>();
-            _context.Users.Add(user);
-            await _context.SaveChangesAsync();
-
-            var updateUserDto = new UpdateUserDto
-            {
-                FirstName = "UpdatedFirstName",
-                LastName = lastName
-            };
-
-            // Act
-            var result = await _userService.UpdateUserAsync(user.Id, updateUserDto);
-
-            // Assert
-            result.Should().NotBeNull();
-            result!.FirstName.Should().Be(updateUserDto.FirstName);
-            result.LastName.Should().Be(user.LastName);
-        }
-
-        [Fact]
-        public async Task UpdateUserAsync_WithNullFirstName_ShouldNotUpdateFirstName()
+            Name = name,
+            Email = "updated@example.com"
+        };
+
+        // Act
+        var result = await _userService.UpdateUserAsync(user.Id, updateUserDto);
+
+        // Assert
+        result.Should().NotBeNull();
+        result!.Name.Should().Be(user.Name);
+        result.Email.Should().Be(updateUserDto.Email);
+    }
+
+    [Theory]
+    [InlineData("")]
+    public async Task UpdateUserAsync_WithEmptyBio_ShouldUpdateBio(string bio)
+    {
+        // Arrange
+        var user = _fixture.Create<User>();
+        _context.Users.Add(user);
+        await _context.SaveChangesAsync();
+
+        var updateUserDto = new UpdateUserDto
         {
-            // Arrange
-            var user = _fixture.Create<User>();
-            _context.Users.Add(user);
-            await _context.SaveChangesAsync();
-
-            var updateUserDto = new UpdateUserDto
-            {
-                FirstName = null,
-                LastName = "UpdatedLastName"
-            };
-
-            // Act
-            var result = await _userService.UpdateUserAsync(user.Id, updateUserDto);
-
-            // Assert
-            result.Should().NotBeNull();
-            result!.FirstName.Should().Be(user.FirstName);
-            result.LastName.Should().Be(updateUserDto.LastName);
-        }
-
-        [Fact]
-        public async Task UpdateUserAsync_WithNullLastName_ShouldNotUpdateLastName()
+            Name = "Updated Name",
+            Bio = bio
+        };
+
+        // Act
+        var result = await _userService.UpdateUserAsync(user.Id, updateUserDto);
+
+        // Assert
+        result.Should().NotBeNull();
+        result!.Name.Should().Be(updateUserDto.Name);
+    }
+
+    [Fact]
+    public async Task UpdateUserAsync_WithNullName_ShouldNotUpdateName()
+    {
+        // Arrange
+        var user = _fixture.Create<User>();
+        _context.Users.Add(user);
+        await _context.SaveChangesAsync();
+
+        var updateUserDto = new UpdateUserDto
         {
-            // Arrange
-            var user = _fixture.Create<User>();
-            _context.Users.Add(user);
-            await _context.SaveChangesAsync();
-
-            var updateUserDto = new UpdateUserDto
-            {
-                FirstName = "UpdatedFirstName",
-                LastName = null
-            };
-
-            // Act
-            var result = await _userService.UpdateUserAsync(user.Id, updateUserDto);
-
-            // Assert
-            result.Should().NotBeNull();
-            result!.FirstName.Should().Be(updateUserDto.FirstName);
-            result.LastName.Should().Be(user.LastName);
-        }
-
-        public void Dispose()
+            Name = null,
+            Email = "updated@example.com"
+        };
+
+        // Act
+        var result = await _userService.UpdateUserAsync(user.Id, updateUserDto);
+
+        // Assert
+        result.Should().NotBeNull();
+        result!.Name.Should().Be(user.Name);
+        result.Email.Should().Be(updateUserDto.Email);
+    }
+
+    [Fact]
+    public async Task UpdateUserAsync_WithUpdatedNameAndNullBio_ShouldPreserveBio()
+    {
+        // Arrange
+        var user = _fixture.Create<User>();
+        _context.Users.Add(user);
+        await _context.SaveChangesAsync();
+
+        var updateUserDto = new UpdateUserDto
         {
-            _context.Dispose();
-        }
+            Name = "Updated Name",
+            Bio = null
+        };
+
+        // Act
+        var result = await _userService.UpdateUserAsync(user.Id, updateUserDto);
+
+        // Assert
+        result.Should().NotBeNull();
+        result!.Name.Should().Be(updateUserDto.Name);
+        result.Bio.Should().Be(user.Bio);
+    }
+
+    public void Dispose()
+    {
+        _context.Dispose();
     }
 }
diff --git a/UserApi.Tests/TestConfiguration.cs b/UserApi.Tests/TestConfiguration.cs
index b5568fc..fbfb4fc 100644
--- a/UserApi.Tests/TestConfiguration.cs
+++ b/UserApi.Tests/TestConfiguration.cs
@@ -1,38 +1,37 @@
+using System.Threading;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Mvc.Testing;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.DependencyInjection;
-using System.Threading;
 using UserApi.Data;
 
-namespace UserApi.Tests
+namespace UserApi.Tests;
+
+public class TestWebApplicationFactory : WebApplicationFactory<Program>
 {
-    public class TestWebApplicationFactory : WebApplicationFactory<Program>
-    {
-        private static int _databaseCounter = 0;
+    private static int _databaseCounter = 0;
 
-        protected override void ConfigureWebHost(IWebHostBuilder builder)
+    protected override void ConfigureWebHost(IWebHostBuilder builder)
+    {
+        builder.ConfigureServices(services =>
         {
-            builder.ConfigureServices(services =>
+            // Remove the existing DbContext registration
+            var descriptor = services.SingleOrDefault(d => d.ServiceType == typeof(DbContextOptions<UserDbContext>));
+            if (descriptor != null)
             {
-                // Remove the existing DbContext registration
-                var descriptor = services.SingleOrDefault(d => d.ServiceType == typeof(DbContextOptions<UserDbContext>));
-                if (descriptor != null)
-                {
-                    services.Remove(descriptor);
-                }
-
-                // Create a unique database name for each test run
-                var databaseName = $"TestDb_{Interlocked.Increment(ref _databaseCounter)}_{Guid.NewGuid()}";
+                services.Remove(descriptor);
+            }
 
-                // Add InMemory database for testing
-                services.AddDbContext<UserDbContext>(options =>
-                {
-                    options.UseInMemoryDatabase(databaseName);
-                });
+            // Create a unique database name for each test run
+            var databaseName = $"TestDb_{Interlocked.Increment(ref _databaseCounter)}_{Guid.NewGuid()}";
 
-                // Using custom JSON formatter to fix .NET 9 PipeWriter compatibility issues
+            // Add InMemory database for testing
+            services.AddDbContext<UserDbContext>(options =>
+            {
+                options.UseInMemoryDatabase(databaseName);
             });
-        }
+
+            // Using custom JSON formatter to fix .NET 9 PipeWriter compatibility issues
+        });
     }
 }
diff --git a/UserApi.Tests/TestUtilities.cs b/UserApi.Tests/TestUtilities.cs
index 5f372a8..d309ed2 100644
--- a/UserApi.Tests/TestUtilities.cs
+++ b/UserApi.Tests/TestUtilities.cs
@@ -1,49 +1,46 @@
 using System.Text.Json;
 using UserApi.DTOs;
 
-namespace UserApi.Tests
+namespace UserApi.Tests;
+
+public static class TestUtilities
 {
-    public static class TestUtilities
+    public static readonly JsonSerializerOptions JsonOptions = new()
     {
-        public static readonly JsonSerializerOptions JsonOptions = new()
-        {
-            PropertyNameCaseInsensitive = true,
-            PropertyNamingPolicy = JsonNamingPolicy.CamelCase
-        };
+        PropertyNameCaseInsensitive = true,
+        PropertyNamingPolicy = JsonNamingPolicy.CamelCase
+    };
 
-        public static StringContent CreateJsonContent<T>(T obj)
-        {
-            var json = JsonSerializer.Serialize(obj, JsonOptions);
-            return new StringContent(json, System.Text.Encoding.UTF8, "application/json");
-        }
+    public static StringContent CreateJsonContent<T>(T obj)
+    {
+        var json = JsonSerializer.Serialize(obj, JsonOptions);
+        return new StringContent(json, System.Text.Encoding.UTF8, "application/json");
+    }
 
-        public static async Task<T?> DeserializeResponse<T>(HttpResponseMessage response)
-        {
-            var content = await response.Content.ReadAsStringAsync();
-            return JsonSerializer.Deserialize<T>(content, JsonOptions);
-        }
+    public static async Task<T?> DeserializeResponse<T>(HttpResponseMessage response)
+    {
+        var content = await response.Content.ReadAsStringAsync();
+        return JsonSerializer.Deserialize<T>(content, JsonOptions);
+    }
 
-        public static CreateUserDto CreateValidUserDto()
+    public static CreateUserDto CreateValidUserDto()
+    {
+        return new CreateUserDto
         {
-            return new CreateUserDto
-            {
-                FirstName = "Test",
-                LastName = "User",
-                Email = "test@example.com",
-                PhoneNumber = "+1234567890"
-            };
-        }
+            Name = "Test User",
+            Email = "test@example.com",
+            Bio = "Software Engineer"
+        };
+    }
 
-        public static UpdateUserDto CreateValidUpdateUserDto()
+    public static UpdateUserDto CreateValidUpdateUserDto()
+    {
+        return new UpdateUserDto
         {
-            return new UpdateUserDto
-            {
-                FirstName = "Updated",
-                LastName = "User",
-                Email = "updated@example.com",
-                PhoneNumber = "+0987654321"
-            };
-        }
+            Name = "Updated User",
+            Email = "updated@example.com",
+            Bio = "Senior Engineer"
+        };
     }
 }
 

From 766439da3bbcf68cfe5befeeff97a586bd86ee2f Mon Sep 17 00:00:00 2001
From: Thiago Gonzaga <thiago.gonzaga@icloud.com>
Date: Tue, 3 Mar 2026 10:46:41 -0300
Subject: [PATCH 2/9] ci: address PR review comments from Copilot and Cursor

- Pin trivy-action from @master to @0.24.0 for supply-chain safety
- Guard SARIF upload to same-repo PRs only (fixes fork permission issue)
- Remove [InlineData("   ")] from name validation test: [Required] does not
  reject whitespace-only strings, making that case incorrect
- Replace Substring(0, 5) with Guid.NewGuid().ToString("N")[..5] in
  AutoFixture customizations to eliminate flaky ArgumentOutOfRangeException
---
 .github/workflows/ci.yml                                    | 4 ++--
 UserApi.Tests/Controllers/UserControllerIntegrationTests.cs | 6 +++---
 UserApi.Tests/DTOs/UserDtoValidationTests.cs                | 1 -
 3 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 21d6760..6bbfda9 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -382,7 +382,7 @@ jobs:
         docker inspect otel-core-example:pr-${{ github.event.pull_request.number }}
 
     - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
+      uses: aquasecurity/trivy-action@0.24.0
       with:
         image-ref: otel-core-example:pr-${{ github.event.pull_request.number }}
         format: 'sarif'
@@ -392,7 +392,7 @@ jobs:
 
     - name: Upload Trivy scan results to GitHub Security tab
       uses: github/codeql-action/upload-sarif@v4
-      if: always()
+      if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository }}
       with:
         sarif_file: 'trivy-results.sarif'
 
diff --git a/UserApi.Tests/Controllers/UserControllerIntegrationTests.cs b/UserApi.Tests/Controllers/UserControllerIntegrationTests.cs
index b2e21bc..30f217b 100644
--- a/UserApi.Tests/Controllers/UserControllerIntegrationTests.cs
+++ b/UserApi.Tests/Controllers/UserControllerIntegrationTests.cs
@@ -29,17 +29,17 @@ public UserControllerIntegrationTests()
         // Configure AutoFixture to generate valid data
         _fixture.Customize<CreateUserDto>(c => c
             .With(x => x.Email, () => _fixture.Create<string>() + "@example.com")
-            .With(x => x.Name, () => "Test" + _fixture.Create<string>().Substring(0, 5))
+            .With(x => x.Name, () => "Test" + Guid.NewGuid().ToString("N")[..5])
             .With(x => x.Bio, () => "Test Bio"));
 
         _fixture.Customize<UpdateUserDto>(c => c
             .With(x => x.Email, () => _fixture.Create<string>() + "@example.com")
-            .With(x => x.Name, () => "Updated" + _fixture.Create<string>().Substring(0, 5))
+            .With(x => x.Name, () => "Updated" + Guid.NewGuid().ToString("N")[..5])
             .With(x => x.Bio, () => "Updated Bio"));
 
         _fixture.Customize<User>(c => c
             .With(x => x.Email, () => _fixture.Create<string>() + "@example.com")
-            .With(x => x.Name, () => "Test" + _fixture.Create<string>().Substring(0, 5))
+            .With(x => x.Name, () => "Test" + Guid.NewGuid().ToString("N")[..5])
             .With(x => x.Bio, () => "Test Bio")
             .With(x => x.CreatedAt, () => DateTime.UtcNow)
             .With(x => x.UpdatedAt, () => DateTime.UtcNow)
diff --git a/UserApi.Tests/DTOs/UserDtoValidationTests.cs b/UserApi.Tests/DTOs/UserDtoValidationTests.cs
index 8c93467..75415d6 100644
--- a/UserApi.Tests/DTOs/UserDtoValidationTests.cs
+++ b/UserApi.Tests/DTOs/UserDtoValidationTests.cs
@@ -27,7 +27,6 @@ public void CreateUserDto_WithValidData_ShouldPassValidation()
 
     [Theory]
     [InlineData("")]
-    [InlineData("   ")]
     public void CreateUserDto_WithInvalidName_ShouldFailValidation(string name)
     {
         // Arrange

From e5a02f61eaa2570c4478ea757ff9e79508120f57 Mon Sep 17 00:00:00 2001
From: Thiago Gonzaga <thiago.gonzaga@icloud.com>
Date: Wed, 4 Mar 2026 09:12:12 -0300
Subject: [PATCH 3/9] ci: address review comments on CI workflow

- guard cancel-in-progress for main branch runs
- fix codecov deprecated 'file' param to 'files'
- pin docker/build-push-action to SHA in docker-build job
- upgrade trivy-action from 0.24.0 to 0.34.2
- add exit-code: '0' to trivy to prevent failure on findings
- remove unnecessary TRIVY_SKIP_VERSION_CHECK env var
---
 .github/workflows/ci.yml | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6bbfda9..a81de72 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -8,7 +8,7 @@ on:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 
 env:
   DOTNET_VERSION: '10.0.x'
@@ -168,7 +168,7 @@ jobs:
     - name: Upload coverage reports to Codecov
       uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de
       with:
-        file: ./coverage/coverage.cobertura.xml
+        files: ./coverage/coverage.cobertura.xml
         flags: unittests
         name: codecov-umbrella
         token: ${{ secrets.CODECOV_TOKEN }}
@@ -365,7 +365,7 @@ jobs:
       uses: docker/setup-buildx-action@v3
 
     - name: Build Docker image for PR validation
-      uses: docker/build-push-action@v6
+      uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
       with:
         context: .
         push: false
@@ -382,13 +382,12 @@ jobs:
         docker inspect otel-core-example:pr-${{ github.event.pull_request.number }}
 
     - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@0.24.0
+      uses: aquasecurity/trivy-action@0.34.2
       with:
         image-ref: otel-core-example:pr-${{ github.event.pull_request.number }}
         format: 'sarif'
         output: 'trivy-results.sarif'
-      env:
-        TRIVY_SKIP_VERSION_CHECK: true
+        exit-code: '0'
 
     - name: Upload Trivy scan results to GitHub Security tab
       uses: github/codeql-action/upload-sarif@v4

From 38fc25d21162e74198d32b11cabe8ca92944dea2 Mon Sep 17 00:00:00 2001
From: Thiago Gonzaga <thiago.gonzaga@icloud.com>
Date: Wed, 4 Mar 2026 09:19:26 -0300
Subject: [PATCH 4/9] ci: fix SonarCloud coverage by specifying download path

The coverage artifact was being extracted to the repo root instead
of the coverage/ directory, so SonarCloud couldn't find the
OpenCover.xml and Cobertura.xml reports. Add path: coverage to
the download-artifact step to restore the expected directory
structure.
---
 .github/workflows/ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a81de72..9f31a92 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -247,6 +247,7 @@ jobs:
       uses: actions/download-artifact@v8
       with:
         name: coverage-reports
+        path: coverage
 
     - name: Install SonarCloud scanner
       run: |

From bb6ebe83eed9745fe7d221aaa752763882c6f66c Mon Sep 17 00:00:00 2001
From: Thiago Gonzaga <thiago.gonzaga@icloud.com>
Date: Wed, 4 Mar 2026 09:38:39 -0300
Subject: [PATCH 5/9] fix: address review comments and improve test coverage

- add RegularExpression validation on CreateUserDto.Name to reject
  whitespace-only input (addresses Copilot review comment)
- add whitespace InlineData test case for name validation
- add UserDbContext tests with SQLite provider to cover seed data
  branch, unique email index, required fields, and primary key config
- add CompatibleSystemTextJsonOutputFormatter tests covering
  constructor, JSON serialization, null object, and Unicode encoding
- add Microsoft.EntityFrameworkCore.Sqlite test dependency

All 118 tests pass locally.
---
 DTOs/UserDto.cs                               |   3 +-
 UserApi.Tests/DTOs/UserDtoValidationTests.cs  |   1 +
 UserApi.Tests/Data/UserDbContextTests.cs      | 183 ++++++++++++++++++
 ...tibleSystemTextJsonOutputFormatterTests.cs | 132 +++++++++++++
 UserApi.Tests/UserApi.Tests.csproj            |   1 +
 5 files changed, 319 insertions(+), 1 deletion(-)
 create mode 100644 UserApi.Tests/Data/UserDbContextTests.cs
 create mode 100644 UserApi.Tests/Infrastructure/CompatibleSystemTextJsonOutputFormatterTests.cs

diff --git a/DTOs/UserDto.cs b/DTOs/UserDto.cs
index 630ad7b..1e40ebf 100644
--- a/DTOs/UserDto.cs
+++ b/DTOs/UserDto.cs
@@ -5,7 +5,8 @@ namespace UserApi.DTOs;
 public class CreateUserDto
 {
     [Required]
-    [StringLength(100)]
+    [StringLength(100, MinimumLength = 1)]
+    [RegularExpression(@".*\S.*", ErrorMessage = "Name cannot be whitespace only.")]
     public string Name { get; set; } = string.Empty;
 
     [Required]
diff --git a/UserApi.Tests/DTOs/UserDtoValidationTests.cs b/UserApi.Tests/DTOs/UserDtoValidationTests.cs
index 75415d6..8c93467 100644
--- a/UserApi.Tests/DTOs/UserDtoValidationTests.cs
+++ b/UserApi.Tests/DTOs/UserDtoValidationTests.cs
@@ -27,6 +27,7 @@ public void CreateUserDto_WithValidData_ShouldPassValidation()
 
     [Theory]
     [InlineData("")]
+    [InlineData("   ")]
     public void CreateUserDto_WithInvalidName_ShouldFailValidation(string name)
     {
         // Arrange
diff --git a/UserApi.Tests/Data/UserDbContextTests.cs b/UserApi.Tests/Data/UserDbContextTests.cs
new file mode 100644
index 0000000..a7d2b54
--- /dev/null
+++ b/UserApi.Tests/Data/UserDbContextTests.cs
@@ -0,0 +1,183 @@
+using FluentAssertions;
+using Microsoft.Data.Sqlite;
+using Microsoft.EntityFrameworkCore;
+using UserApi.Data;
+using UserApi.Models;
+using Xunit;
+
+namespace UserApi.Tests.Data;
+
+public class UserDbContextTests : IDisposable
+{
+    private readonly SqliteConnection _connection;
+    private readonly DbContextOptions<UserDbContext> _options;
+
+    public UserDbContextTests()
+    {
+        // Use SQLite in-memory so that Database.ProviderName != "InMemory"
+        // and the seed-data branch in OnModelCreating is exercised.
+        _connection = new SqliteConnection("DataSource=:memory:");
+        _connection.Open();
+
+        _options = new DbContextOptionsBuilder<UserDbContext>()
+            .UseSqlite(_connection)
+            .Options;
+    }
+
+    [Fact]
+    public void OnModelCreating_WithSqliteProvider_ShouldSeedData()
+    {
+        // Arrange & Act
+        using var context = new UserDbContext(_options);
+        context.Database.EnsureCreated();
+
+        // Assert — seed data should be present
+        var users = context.Users.ToList();
+        users.Should().HaveCount(2);
+
+        var john = users.First(u => u.Id == 1);
+        john.Name.Should().Be("John Doe");
+        john.Email.Should().Be("john.doe@example.com");
+        john.Bio.Should().Be("Software Engineer");
+
+        var jane = users.First(u => u.Id == 2);
+        jane.Name.Should().Be("Jane Smith");
+        jane.Email.Should().Be("jane.smith@example.com");
+        jane.Bio.Should().Be("Product Manager");
+    }
+
+    [Fact]
+    public void OnModelCreating_ShouldConfigureEmailAsUnique()
+    {
+        // Arrange
+        using var context = new UserDbContext(_options);
+        context.Database.EnsureCreated();
+        // Clear seed data so we control all entries
+        context.Users.RemoveRange(context.Users.ToList());
+        context.SaveChanges();
+
+        context.Users.Add(new User
+        {
+            Name = "User One",
+            Email = "unique@example.com",
+            Bio = "Bio",
+            CreatedAt = DateTime.UtcNow,
+            UpdatedAt = DateTime.UtcNow
+        });
+        context.SaveChanges();
+
+        context.Users.Add(new User
+        {
+            Name = "User Two",
+            Email = "unique@example.com",
+            Bio = "Bio",
+            CreatedAt = DateTime.UtcNow,
+            UpdatedAt = DateTime.UtcNow
+        });
+
+        // Act & Assert — duplicate email should violate unique index
+        var act = () => context.SaveChanges();
+        act.Should().Throw<DbUpdateException>();
+    }
+
+    [Fact]
+    public void OnModelCreating_ShouldConfigureEmailAsRequired()
+    {
+        // Arrange
+        using var context = new UserDbContext(_options);
+        context.Database.EnsureCreated();
+
+        context.Users.Add(new User
+        {
+            Name = "User",
+            Email = null!,
+            CreatedAt = DateTime.UtcNow,
+            UpdatedAt = DateTime.UtcNow
+        });
+
+        // Act & Assert
+        var act = () => context.SaveChanges();
+        act.Should().Throw<DbUpdateException>();
+    }
+
+    [Fact]
+    public void OnModelCreating_ShouldConfigureNameAsRequired()
+    {
+        // Arrange
+        using var context = new UserDbContext(_options);
+        context.Database.EnsureCreated();
+
+        context.Users.Add(new User
+        {
+            Name = null!,
+            Email = "test@example.com",
+            CreatedAt = DateTime.UtcNow,
+            UpdatedAt = DateTime.UtcNow
+        });
+
+        // Act & Assert
+        var act = () => context.SaveChanges();
+        act.Should().Throw<DbUpdateException>();
+    }
+
+    [Fact]
+    public void OnModelCreating_WithInMemoryProvider_ShouldNotSeedData()
+    {
+        // Arrange
+        var inMemoryOptions = new DbContextOptionsBuilder<UserDbContext>()
+            .UseInMemoryDatabase(databaseName: Guid.NewGuid().ToString())
+            .Options;
+
+        // Act
+        using var context = new UserDbContext(inMemoryOptions);
+        context.Database.EnsureCreated();
+
+        // Assert — InMemory provider should skip seed data
+        var users = context.Users.ToList();
+        users.Should().BeEmpty();
+    }
+
+    [Fact]
+    public void Constructor_ShouldInitializeDbSet()
+    {
+        // Arrange & Act
+        using var context = new UserDbContext(_options);
+
+        // Assert
+        context.Users.Should().NotBeNull();
+    }
+
+    [Fact]
+    public void OnModelCreating_ShouldConfigureIdAsPrimaryKey()
+    {
+        // Arrange
+        using var context = new UserDbContext(_options);
+        context.Database.EnsureCreated();
+        // Clear seed data
+        context.Users.RemoveRange(context.Users.ToList());
+        context.SaveChanges();
+
+        // Act
+        var user = new User
+        {
+            Name = "Test",
+            Email = "pk-test@example.com",
+            CreatedAt = DateTime.UtcNow,
+            UpdatedAt = DateTime.UtcNow
+        };
+        context.Users.Add(user);
+        context.SaveChanges();
+
+        // Assert — Id should be auto-generated
+        user.Id.Should().BeGreaterThan(0);
+
+        var loaded = context.Users.Find(user.Id);
+        loaded.Should().NotBeNull();
+        loaded!.Name.Should().Be("Test");
+    }
+
+    public void Dispose()
+    {
+        _connection.Dispose();
+    }
+}
diff --git a/UserApi.Tests/Infrastructure/CompatibleSystemTextJsonOutputFormatterTests.cs b/UserApi.Tests/Infrastructure/CompatibleSystemTextJsonOutputFormatterTests.cs
new file mode 100644
index 0000000..f907b8a
--- /dev/null
+++ b/UserApi.Tests/Infrastructure/CompatibleSystemTextJsonOutputFormatterTests.cs
@@ -0,0 +1,132 @@
+using System.Text;
+using System.Text.Json;
+using FluentAssertions;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc.Formatters;
+using UserApi.Infrastructure;
+using Xunit;
+
+namespace UserApi.Tests.Infrastructure;
+
+public class CompatibleSystemTextJsonOutputFormatterTests
+{
+    [Fact]
+    public void Constructor_WithOptions_ShouldSupportJsonMediaTypes()
+    {
+        // Arrange & Act
+        var formatter = new CompatibleSystemTextJsonOutputFormatter(new JsonSerializerOptions());
+
+        // Assert
+        formatter.SupportedMediaTypes.Should().Contain("application/json");
+        formatter.SupportedMediaTypes.Should().Contain("text/json");
+        formatter.SupportedMediaTypes.Should().Contain("application/*+json");
+    }
+
+    [Fact]
+    public void Constructor_WithOptions_ShouldSupportEncodings()
+    {
+        // Arrange & Act
+        var formatter = new CompatibleSystemTextJsonOutputFormatter(new JsonSerializerOptions());
+
+        // Assert
+        formatter.SupportedEncodings.Should().Contain(Encoding.UTF8);
+        formatter.SupportedEncodings.Should().Contain(Encoding.Unicode);
+    }
+
+    [Fact]
+    public void Constructor_WithNullOptions_ShouldUseDefaults()
+    {
+        // Arrange & Act
+        var formatter = new CompatibleSystemTextJsonOutputFormatter(null!);
+
+        // Assert
+        formatter.SupportedMediaTypes.Should().Contain("application/json");
+    }
+
+    [Fact]
+    public async Task WriteResponseBodyAsync_ShouldSerializeObject()
+    {
+        // Arrange
+        var options = new JsonSerializerOptions
+        {
+            PropertyNamingPolicy = JsonNamingPolicy.CamelCase
+        };
+        var formatter = new CompatibleSystemTextJsonOutputFormatter(options);
+
+        var testObject = new { Name = "John", Email = "john@example.com" };
+        var httpContext = new DefaultHttpContext();
+        httpContext.Response.Body = new MemoryStream();
+
+        var context = new OutputFormatterWriteContext(
+            httpContext,
+            (stream, encoding) => new StreamWriter(stream, encoding),
+            testObject.GetType(),
+            testObject);
+
+        // Act
+        await formatter.WriteResponseBodyAsync(context, Encoding.UTF8);
+
+        // Assert
+        httpContext.Response.Body.Position = 0;
+        using var reader = new StreamReader(httpContext.Response.Body, Encoding.UTF8);
+        var json = await reader.ReadToEndAsync();
+
+        json.Should().Contain("\"name\"");
+        json.Should().Contain("\"email\"");
+        json.Should().Contain("John");
+        json.Should().Contain("john@example.com");
+    }
+
+    [Fact]
+    public async Task WriteResponseBodyAsync_WithNullObject_ShouldWriteNull()
+    {
+        // Arrange
+        var formatter = new CompatibleSystemTextJsonOutputFormatter(new JsonSerializerOptions());
+
+        var httpContext = new DefaultHttpContext();
+        httpContext.Response.Body = new MemoryStream();
+
+        var context = new OutputFormatterWriteContext(
+            httpContext,
+            (stream, encoding) => new StreamWriter(stream, encoding),
+            typeof(object),
+            null);
+
+        // Act
+        await formatter.WriteResponseBodyAsync(context, Encoding.UTF8);
+
+        // Assert
+        httpContext.Response.Body.Position = 0;
+        using var reader = new StreamReader(httpContext.Response.Body, Encoding.UTF8);
+        var json = await reader.ReadToEndAsync();
+
+        json.Should().Be("null");
+    }
+
+    [Fact]
+    public async Task WriteResponseBodyAsync_WithUnicodeEncoding_ShouldWork()
+    {
+        // Arrange
+        var formatter = new CompatibleSystemTextJsonOutputFormatter(new JsonSerializerOptions());
+
+        var testObject = new { Message = "Hello World" };
+        var httpContext = new DefaultHttpContext();
+        httpContext.Response.Body = new MemoryStream();
+
+        var context = new OutputFormatterWriteContext(
+            httpContext,
+            (stream, encoding) => new StreamWriter(stream, encoding),
+            testObject.GetType(),
+            testObject);
+
+        // Act
+        await formatter.WriteResponseBodyAsync(context, Encoding.Unicode);
+
+        // Assert
+        httpContext.Response.Body.Position = 0;
+        using var reader = new StreamReader(httpContext.Response.Body, Encoding.Unicode);
+        var json = await reader.ReadToEndAsync();
+
+        json.Should().Contain("Hello World");
+    }
+}
diff --git a/UserApi.Tests/UserApi.Tests.csproj b/UserApi.Tests/UserApi.Tests.csproj
index 5853a44..fabce1a 100644
--- a/UserApi.Tests/UserApi.Tests.csproj
+++ b/UserApi.Tests/UserApi.Tests.csproj
@@ -17,6 +17,7 @@
     </PackageReference>
     <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="10.0.3" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="10.0.3" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="10.0.3" />
     <PackageReference Include="FluentAssertions" Version="8.8.0" />
     <PackageReference Include="Moq" Version="4.20.72" />
     <PackageReference Include="AutoFixture" Version="4.18.1" />

From 70b82ad92bf6b2162aac36a75566c07481fe0938 Mon Sep 17 00:00:00 2001
From: Thiago Gonzaga <thiago.gonzaga@icloud.com>
Date: Wed, 4 Mar 2026 11:54:24 -0300
Subject: [PATCH 6/9] ci: pin all actions to SHA hashes and fix SonarCloud
 coverage

- Pin docker/setup-buildx-action, aquasecurity/trivy-action,
  github/codeql-action/upload-sarif, and docker/login-action
  to full commit SHAs (resolves SonarCloud security hotspot S7637)
- Switch coverage report format from OpenCover (paid-only in
  reportgenerator) to SonarQube generic format
- Use sonar.coverageReportPaths instead of sonar.cs.opencover.reportsPaths
- Update coverage threshold check to use Cobertura XML
---
 .github/workflows/ci.yml | 34 ++++++++++++++++------------------
 1 file changed, 16 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 9f31a92..b9c3a00 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -153,7 +153,7 @@ jobs:
     - name: Generate coverage report
       run: |
         dotnet tool install -g dotnet-reportgenerator-globaltool
-        reportgenerator -reports:"coverage/**/coverage.cobertura.xml" -targetdir:"coverage/report" -reporttypes:"Html;Cobertura;OpenCover"
+        reportgenerator -reports:"coverage/**/coverage.cobertura.xml" -targetdir:"coverage/report" -reporttypes:"Html;Cobertura;SonarQube"
         # Copy the generated Cobertura file to the expected location
         cp coverage/report/Cobertura.xml coverage/coverage.cobertura.xml
 
@@ -177,11 +177,11 @@ jobs:
 
     - name: Check coverage threshold
       run: |
-        if [ -f "coverage/report/OpenCover.xml" ]; then
+        if [ -f "coverage/coverage.cobertura.xml" ]; then
           dotnet tool install -g dotnet-coverage
-          dotnet coverage report coverage/report/OpenCover.xml --threshold ${{ env.COVERAGE_THRESHOLD }}
+          dotnet coverage report coverage/coverage.cobertura.xml --threshold ${{ env.COVERAGE_THRESHOLD }}
         else
-          echo "OpenCover report not found, skipping threshold check"
+          echo "Coverage report not found, skipping threshold check"
         fi
 
   security-scan:
@@ -283,8 +283,7 @@ jobs:
             /d:sonar.pullrequest.key="$PR_NUMBER" \
             /d:sonar.pullrequest.branch="$BRANCH_NAME" \
              /d:sonar.pullrequest.base="$BASE_BRANCH" \
-            /d:sonar.cs.opencover.reportsPaths="coverage/report/OpenCover.xml" \
-            /d:sonar.cs.cobertura.reportsPaths="coverage/**/coverage.cobertura.xml" \
+            /d:sonar.coverageReportPaths="coverage/report/SonarQube.xml" \
             /d:sonar.coverage.exclusions="**/Program.cs,**/Migrations/**,**/bin/**,**/obj/**,**/*Tests*/**" \
             /d:sonar.exclusions="**/bin/**,**/obj/**,**/Migrations/**,**/coverage/**,**/test-coverage/**,**/TestResults/**,**/*.coverage,**/*.coveragexml,**/*.cobertura.xml"
         else
@@ -296,8 +295,7 @@ jobs:
             /d:sonar.host.url="https://sonarcloud.io" \
             /d:sonar.token="$SONAR_TOKEN" \
             /d:sonar.branch.name="${{ github.ref_name }}" \
-            /d:sonar.cs.opencover.reportsPaths="coverage/report/OpenCover.xml" \
-            /d:sonar.cs.cobertura.reportsPaths="coverage/**/coverage.cobertura.xml" \
+            /d:sonar.coverageReportPaths="coverage/report/SonarQube.xml" \
             /d:sonar.coverage.exclusions="**/Program.cs,**/Migrations/**,**/bin/**,**/obj/**,**/*Tests*/**" \
             /d:sonar.exclusions="**/bin/**,**/obj/**,**/Migrations/**,**/coverage/**,**/test-coverage/**,**/TestResults/**,**/*.coverage,**/*.coveragexml,**/*.cobertura.xml"
         fi
@@ -327,13 +325,13 @@ jobs:
           echo "Will use individual coverage files: coverage/**/coverage.cobertura.xml"
         fi
 
-        if [ -f "coverage/report/OpenCover.xml" ]; then
-          echo "✓ Found OpenCover file: coverage/report/OpenCover.xml"
+        if [ -f "coverage/report/SonarQube.xml" ]; then
+          echo "✓ Found SonarQube coverage file: coverage/report/SonarQube.xml"
         else
-          echo "✗ OpenCover file not found - reportgenerator may have failed"
+          echo "✗ SonarQube coverage file not found - reportgenerator may have failed"
           echo "Attempting to regenerate reports..."
           dotnet tool install -g dotnet-reportgenerator-globaltool || echo "ReportGenerator already installed"
-          reportgenerator -reports:"coverage/**/coverage.cobertura.xml" -targetdir:"coverage/report" -reporttypes:"Html;Cobertura;OpenCover" || echo "Report generation failed"
+          reportgenerator -reports:"coverage/**/coverage.cobertura.xml" -targetdir:"coverage/report" -reporttypes:"Html;Cobertura;SonarQube" || echo "Report generation failed"
 
           if [ -f "coverage/report/Cobertura.xml" ]; then
             cp coverage/report/Cobertura.xml coverage/coverage.cobertura.xml || echo "Failed to copy consolidated report"
@@ -342,7 +340,7 @@ jobs:
         fi
 
         echo "=== Final coverage file verification ==="
-        ls -la coverage/coverage.cobertura.xml coverage/report/OpenCover.xml 2>/dev/null || echo "Some consolidated files missing"
+        ls -la coverage/coverage.cobertura.xml coverage/report/SonarQube.xml 2>/dev/null || echo "Some consolidated files missing"
 
     - name: End SonarCloud analysis
       env:
@@ -363,7 +361,7 @@ jobs:
       uses: actions/checkout@v6
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
 
     - name: Build Docker image for PR validation
       uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
@@ -383,7 +381,7 @@ jobs:
         docker inspect otel-core-example:pr-${{ github.event.pull_request.number }}
 
     - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@0.34.2
+      uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # 0.34.2
       with:
         image-ref: otel-core-example:pr-${{ github.event.pull_request.number }}
         format: 'sarif'
@@ -391,7 +389,7 @@ jobs:
         exit-code: '0'
 
     - name: Upload Trivy scan results to GitHub Security tab
-      uses: github/codeql-action/upload-sarif@v4
+      uses: github/codeql-action/upload-sarif@c793b717bc78562f491db7b0e93a3a178b099162 # v4
       if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository }}
       with:
         sarif_file: 'trivy-results.sarif'
@@ -409,10 +407,10 @@ jobs:
       uses: actions/checkout@v6
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
 
     - name: Login to Docker Hub
-      uses: docker/login-action@v3
+      uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
       with:
         username: ${{ secrets.DOCKER_USERNAME }}
         password: ${{ secrets.DOCKER_PASSWORD }}

From 753f0fb710ae439327114bdfe638614ab553bc9a Mon Sep 17 00:00:00 2001
From: Thiago Gonzaga <thiago.gonzaga@icloud.com>
Date: Wed, 4 Mar 2026 12:02:25 -0300
Subject: [PATCH 7/9] ci: fix coverage threshold check with python3 XML parsing

Replace broken dotnet-coverage report command (removed in v18) with
python3 xml.etree to extract line-rate from Cobertura XML. The step
now fails the build if coverage is below the threshold or if the
coverage report file is missing.
---
 .github/workflows/ci.yml | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b9c3a00..774104c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -178,10 +178,23 @@ jobs:
     - name: Check coverage threshold
       run: |
         if [ -f "coverage/coverage.cobertura.xml" ]; then
-          dotnet tool install -g dotnet-coverage
-          dotnet coverage report coverage/coverage.cobertura.xml --threshold ${{ env.COVERAGE_THRESHOLD }}
+          # Extract line-rate from Cobertura XML root element
+          LINE_RATE=$(python3 -c "
+        import xml.etree.ElementTree as ET
+        tree = ET.parse('coverage/coverage.cobertura.xml')
+        print(tree.getroot().attrib.get('line-rate', '0'))
+        ")
+          COVERAGE=$(python3 -c "print(int(float('${LINE_RATE}') * 100))")
+          echo "Line coverage: ${COVERAGE}%"
+          if [ "$COVERAGE" -lt "${{ env.COVERAGE_THRESHOLD }}" ]; then
+            echo "::error::Coverage ${COVERAGE}% is below threshold ${{ env.COVERAGE_THRESHOLD }}%"
+            exit 1
+          else
+            echo "Coverage ${COVERAGE}% meets threshold ${{ env.COVERAGE_THRESHOLD }}%"
+          fi
         else
-          echo "Coverage report not found, skipping threshold check"
+          echo "::error::Coverage report not found at coverage/coverage.cobertura.xml"
+          exit 1
         fi
 
   security-scan:

From 2cd736ab083de37b3ea24136da7c64a99508967a Mon Sep 17 00:00:00 2001
From: Thiago Gonzaga <thiago.gonzaga@icloud.com>
Date: Wed, 4 Mar 2026 12:10:46 -0300
Subject: [PATCH 8/9] ci: exclude auto-generated code from coverage collection

Add coverlet.runsettings to exclude obj/ and Migrations/ paths plus
compiler-generated attributes from XPlat Code Coverage. Fixes false
65% line-rate caused by uncoverable OpenAPI source-generated files
in obj/. Actual project coverage is 98.2%.
---
 .github/workflows/ci.yml |  2 +-
 coverlet.runsettings     | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 coverlet.runsettings

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 774104c..42d3036 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -148,7 +148,7 @@ jobs:
       run: dotnet restore UserApi.sln
 
     - name: Run tests
-      run: dotnet test UserApi.sln --no-build --configuration Release --verbosity normal --collect:"XPlat Code Coverage" --results-directory ./coverage
+      run: dotnet test UserApi.sln --no-build --configuration Release --verbosity normal --collect:"XPlat Code Coverage" --results-directory ./coverage --settings coverlet.runsettings
 
     - name: Generate coverage report
       run: |
diff --git a/coverlet.runsettings b/coverlet.runsettings
new file mode 100644
index 0000000..a9535c5
--- /dev/null
+++ b/coverlet.runsettings
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<RunSettings>
+  <DataCollectionRunSettings>
+    <DataCollectors>
+      <DataCollector friendlyName="XPlat Code Coverage">
+        <Configuration>
+          <Format>cobertura</Format>
+          <ExcludeByFile>**/obj/**,**/Migrations/**</ExcludeByFile>
+          <ExcludeByAttribute>ExcludeFromCodeCoverage,CompilerGenerated,GeneratedCode</ExcludeByAttribute>
+        </Configuration>
+      </DataCollector>
+    </DataCollectors>
+  </DataCollectionRunSettings>
+</RunSettings>

From c62cc2e3b953de1ff4005a7ffbd4a202a88454ca Mon Sep 17 00:00:00 2001
From: Thiago Gonzaga <thiago.gonzaga@icloud.com>
Date: Wed, 4 Mar 2026 23:23:16 -0300
Subject: [PATCH 9/9] ci: exclude Models and DTOs from SonarCloud coverage

Pure POCO/DTO classes contain only auto-properties with no
executable logic. Coverlet cannot instrument them, so SonarCloud
sees uncovered new lines, dragging the new-code coverage to 70%.

Add **/Models/** and **/DTOs/** to sonar.coverage.exclusions in
both the PR-analysis and branch-analysis scanner blocks.
---
 .github/workflows/ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 42d3036..3f2c08d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -297,7 +297,7 @@ jobs:
             /d:sonar.pullrequest.branch="$BRANCH_NAME" \
              /d:sonar.pullrequest.base="$BASE_BRANCH" \
             /d:sonar.coverageReportPaths="coverage/report/SonarQube.xml" \
-            /d:sonar.coverage.exclusions="**/Program.cs,**/Migrations/**,**/bin/**,**/obj/**,**/*Tests*/**" \
+            /d:sonar.coverage.exclusions="**/Program.cs,**/Models/**,**/DTOs/**,**/Migrations/**,**/bin/**,**/obj/**,**/*Tests*/**" \
             /d:sonar.exclusions="**/bin/**,**/obj/**,**/Migrations/**,**/coverage/**,**/test-coverage/**,**/TestResults/**,**/*.coverage,**/*.coveragexml,**/*.cobertura.xml"
         else
           dotnet sonarscanner begin \
@@ -309,7 +309,7 @@ jobs:
             /d:sonar.token="$SONAR_TOKEN" \
             /d:sonar.branch.name="${{ github.ref_name }}" \
             /d:sonar.coverageReportPaths="coverage/report/SonarQube.xml" \
-            /d:sonar.coverage.exclusions="**/Program.cs,**/Migrations/**,**/bin/**,**/obj/**,**/*Tests*/**" \
+            /d:sonar.coverage.exclusions="**/Program.cs,**/Models/**,**/DTOs/**,**/Migrations/**,**/bin/**,**/obj/**,**/*Tests*/**" \
             /d:sonar.exclusions="**/bin/**,**/obj/**,**/Migrations/**,**/coverage/**,**/test-coverage/**,**/TestResults/**,**/*.coverage,**/*.coveragexml,**/*.cobertura.xml"
         fi