Validate channel_id as UUID in remove_self endpoint #5780
Description
❌ This issue is not open for contribution. Visit Contributing guidelines to learn about the contributing process and how to find suitable issues.
Target branch: develop
Observed behavior
The remove_self endpoint in ChannelUserViewSet does not explicitly validate channel_id as a UUID before querying the database.
When a malformed UUID (e.g., not-a-valid-uuid) is provided, it results in an unhandled exception and results in a 500 Internal Server Error response.
Errors and logs
ValueError: badly formed hexadecimal UUID string
User-facing consequences
Users receive a 500 Internal Server Error when providing invalid input instead of a proper validation error (400 Bad Request). This leads to a poor user experience and unclear API behavior.
Steps to reproduce
- Call the
remove_selfendpoint - Provide an invalid
channel_id(e.g.,not-a-valid-uuid) - Observe that the response is a 500 error instead of a 400 Bad Request
Context
- Application version: current develop branch
- Operating system: any
- Browser: any
AI usage
I used AI assistance to help structure and refine this issue description. The issue itself was identified, reproduced, and validated manually.