diff --git a/app/Http/Requests/UserEditRequest.php b/app/Http/Requests/UserEditRequest.php
index 02952ba..de95bfc 100644
--- a/app/Http/Requests/UserEditRequest.php
+++ b/app/Http/Requests/UserEditRequest.php
@@ -16,19 +16,12 @@ class UserEditRequest extends AuthorizedRequest
     public function rules(): array
     {
         return [
-            'user.last_name' => ['string'],
-            'user.name' => ['string'],
-            'user.middle_name' => ['string'],
-            'user.email' => ['email'],
-            'user.phone' => ['string', 'regex:'.User::PHONE_REGEX],
-            'user' => 'required',
+            'last_name' => ['string'],
+            'name' => ['string'],
+            'middle_name' => ['string'],
+            'email' => ['email'],
+            'phone' => ['string', 'regex:'.User::PHONE_REGEX],
             'password' => [Password::min(1)->rules([new ZxcvbnRule])],
-
-            'user.email_verified_at' => 'prohibited',
-            'user.created_at' => 'prohibited',
-            'user.updated_at' => 'prohibited',
-            'user.deleted_at' => 'prohibited',
-            'user.id' => 'prohibited',
         ];
     }
 }
diff --git a/app/Services/UserService.php b/app/Services/UserService.php
index c82de9c..ef09b7b 100644
--- a/app/Services/UserService.php
+++ b/app/Services/UserService.php
@@ -87,9 +87,10 @@ class UserService
 
         if (array_key_exists('password', $data)) {
             $this->setPassword(['email' => $user['email'], 'password' => $data['password']]);
+            unset($data['password']);
         }
 
-        $user->fill($data['user']);
+        $user->fill($data);
         $user->save();
 
         return $user;
diff --git a/public/openapi.yml b/public/openapi.yml
index a7c529b..6a0c42f 100644
--- a/public/openapi.yml
+++ b/public/openapi.yml
@@ -297,34 +297,29 @@ paths:
           description: User not found
       requestBody:
         description: |-
-          All fields of `user` are optional. If a field is specified, the database record will change to the field's value.
+          All fields are optional. If a field is specified, the database record will change to the field's value.
           
-          `password` is optional, only if you want to update the password.
-          
-          Note: updating password will not revoke all current sessions of the user
+          Note: updating the password will not revoke all current sessions of the user
         content:
           application/json:
             schema:
               type: object
               properties:
-                user:
-                  type: object
-                  properties:
-                    last_name:
-                      type: string
-                      example: doe
-                    name:
-                      type: string
-                      example: jade
-                    middle_name:
-                      type: string
-                      example: john
-                    email:
-                      type: string
-                      example: jdoe@example.com
-                    phone:
-                      type: string
-                      example: '+000000'
+                last_name:
+                  type: string
+                  example: doe
+                name:
+                  type: string
+                  example: jade
+                middle_name:
+                  type: string
+                  example: john
+                email:
+                  type: string
+                  example: jdoe@example.com
+                phone:
+                  type: string
+                  example: '+000000'
                 password:
                   type: string
                   example: 'very_strong_password123456'