What happened?
The /api/recommend endpoint doesn't strictly validate the time parameter against its allowed values. If an unrecognized value is passed in the JSON payload, the backend attempts to look it up in a list using .index(), which throws an unhandled ValueError.
To make matters worse, because the app has a global 500 error handler that returns an HTML template (500.html), the API returns HTML instead of JSON. This violates the API contract and will instantly crash frontend JSON parsers expecting a structured response.
Steps to reproduce
-
Start the Flask development server locally.
-
Open a terminal and send a POST request with an invalid time value:
curl -X POST http://localhost:5000/api/recommend
-H "Content-Type: application/json"
-d '{"skills": "python", "level": "Beginner", "interest": "Web", "time": "unknown_value"}'
- Check the response—instead of a standard JSON error, you get a 500 status code containing the raw HTML of the 500.html error page.
Expected behaviour
The application should validate the input in validate_recommendation_inputs() and gracefully return a 400 Bad Request with a JSON payload, such as: {"error": "Please select a valid time availability."}
Area of the app affected
Recommendation results
Python version
3.11
Operating system
Windows 11
Relevant error output or logs
ValueError: 'unknown_value' is not in list
File "utils/recommender.py", in score_single_project
time_availability_index = TIME_AVAILABILITY.index(time_availability.strip().lower())Before submitting
What happened?
The /api/recommend endpoint doesn't strictly validate the time parameter against its allowed values. If an unrecognized value is passed in the JSON payload, the backend attempts to look it up in a list using .index(), which throws an unhandled ValueError.
To make matters worse, because the app has a global 500 error handler that returns an HTML template (500.html), the API returns HTML instead of JSON. This violates the API contract and will instantly crash frontend JSON parsers expecting a structured response.
Steps to reproduce
Start the Flask development server locally.
Open a terminal and send a POST request with an invalid time value:
curl -X POST http://localhost:5000/api/recommend
-H "Content-Type: application/json"
-d '{"skills": "python", "level": "Beginner", "interest": "Web", "time": "unknown_value"}'
Expected behaviour
The application should validate the input in validate_recommendation_inputs() and gracefully return a 400 Bad Request with a JSON payload, such as: {"error": "Please select a valid time availability."}
Area of the app affected
Recommendation results
Python version
3.11
Operating system
Windows 11
Relevant error output or logs
Before submitting