diff --git a/auth/main.go b/auth/main.go
index d976c675..ab76c2a0 100644
--- a/auth/main.go
+++ b/auth/main.go
@@ -53,7 +53,7 @@ type Validator struct {
 
 func (v *Validator) Validate(i any) error {
 	if err := v.validator.Struct(i); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, err.Error())
+		return echo.NewHTTPError(http.StatusUnprocessableEntity, err.Error())
 	}
 	return nil
 }
diff --git a/auth/tests/change-password.hurl b/auth/tests/change-password.hurl
new file mode 100644
index 00000000..5ff69a04
--- /dev/null
+++ b/auth/tests/change-password.hurl
@@ -0,0 +1,40 @@
+POST {{host}}/users
+{
+    "username": "edit-password",
+    "password": "password-login-user",
+    "email": "invalid-password-user@zoriya.dev"
+}
+HTTP 201
+[Captures]
+first_token: jsonpath "$.token"
+
+POST {{host}}/sessions
+{
+    "login": "edit-password",
+    "password": "password-login-user"
+}
+HTTP 201
+[Captures]
+token: jsonpath "$.token"
+
+GET {{host}}/jwt
+Authorization: Bearer {{token}}
+HTTP 200
+[Captures]
+jwt: jsonpath "$.token"
+
+PATCH {{host}}/users/me/password
+Authorization: Bearer {{jwt}}
+{
+	"password": "new-password"
+}
+HTTP 204
+
+# Invalid password login
+POST {{host}}/jwt
+Authorization: Bearer {{first_token}}
+HTTP 403
+
+DELETE {{host}}/users/me
+Authorization: Bearer {{jwt}}
+HTTP 200
diff --git a/auth/tests/edit-settings.hurl b/auth/tests/edit-settings.hurl
new file mode 100644
index 00000000..1fa1a2e0
--- /dev/null
+++ b/auth/tests/edit-settings.hurl
@@ -0,0 +1,36 @@
+POST {{host}}/users
+{
+    "username": "edit-settings",
+    "password": "password-login-user",
+    "email": "edit-settings@zoriya.dev"
+}
+HTTP 201
+[Captures]
+token: jsonpath "$.token"
+
+GET {{host}}/jwt
+Authorization: Bearer {{token}}
+HTTP 200
+[Captures]
+jwt: jsonpath "$.token"
+
+PATCH {{host}}/users/me
+Authorization: Bearer {{jwt}}
+{
+	"claims": {
+		"preferOriginal": true
+	}
+}
+HTTP 200
+[Asserts]
+jsonpath ".claims.preferOriginal" == true
+jsonpath ".username" == "edit-settings"
+
+# Invalid password login
+POST {{host}}/jwt
+Authorization: Bearer {{token}}
+HTTP 403
+
+DELETE {{host}}/users/me
+Authorization: Bearer {{jwt}}
+HTTP 200