Add role validation to User creator

Author: davellanedam

CHANGELOG.md

@@ -1,3 +1,7 @@
+## v6.1.13 (May 18, 2019)
+
+-   Add role validation to User creator, Fixes [#35](https://github.com/davellanedam/node-express-mongodb-jwt-rest-api-skeleton/issues/35)
+
 ## v6.1.12 (May 17, 2019)
 
 -   NPM updated

app/controllers/users.validate.js

@@ -35,7 +35,9 @@ exports.createItem = [
     .withMessage('MISSING')
     .not()
     .isEmpty()
-    .withMessage('IS_EMPTY'),
+    .withMessage('IS_EMPTY')
+    .isIn(['user', 'admin'])
+    .withMessage('USER_NOT_IN_KNOWN_ROLE'),
   check('phone')
     .exists()
     .withMessage('MISSING')

test/users.js

@@ -131,6 +131,25 @@ describe('*********** USERS ***********', () => {
           done()
         })
     })
+    it('it should NOT POST a user with not known role', done => {
+      const user = {
+        name: faker.random.words(),
+        email,
+        password: faker.random.words(),
+        role: faker.random.words()
+      }
+      chai
+        .request(server)
+        .post('/users')
+        .set('Authorization', `Bearer ${token}`)
+        .send(user)
+        .end((err, res) => {
+          res.should.have.status(422)
+          res.body.should.be.a('object')
+          res.body.should.have.property('errors')
+          done()
+        })
+    })
   })
   describe('/GET/:id user', () => {
     it('it should GET a user by the given id', done => {