Merge pull request #36 from davellanedam/development

Development

Author: davellanedam

CHANGELOG.md

@@ -1,3 +1,7 @@
+## v6.1.13 (May 18, 2019)
+
+-   Add role validation to User creator, Fixes [#35](https://github.com/davellanedam/node-express-mongodb-jwt-rest-api-skeleton/issues/35)
+
 ## v6.1.12 (May 17, 2019)
 
 -   NPM updated

app/controllers/users.validate.js

@@ -35,7 +35,9 @@ exports.createItem = [
     .withMessage('MISSING')
     .not()
     .isEmpty()
-    .withMessage('IS_EMPTY'),
+    .withMessage('IS_EMPTY')
+    .isIn(['user', 'admin'])
+    .withMessage('USER_NOT_IN_KNOWN_ROLE'),
   check('phone')
     .exists()
     .withMessage('MISSING')

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "node-express-mongodb-jwt-rest-api-skeleton",
-  "version": "6.1.12",
+  "version": "6.1.13",
   "description": "Node.js express.js MongoDB JWT REST API - This is a basic API REST skeleton written on JavaScript using async/await. Great for building a starter web API for your front-end (Android, iOS, Vue, react, angular, or anything that can consume an API)",
   "license": "MIT",
   "repository": {

package.json

@@ -131,6 +131,25 @@ describe('*********** USERS ***********', () => {
           done()
         })
     })
+    it('it should NOT POST a user with not known role', done => {
+      const user = {
+        name: faker.random.words(),
+        email,
+        password: faker.random.words(),
+        role: faker.random.words()
+      }
+      chai
+        .request(server)
+        .post('/users')
+        .set('Authorization', `Bearer ${token}`)
+        .send(user)
+        .end((err, res) => {
+          res.should.have.status(422)
+          res.body.should.be.a('object')
+          res.body.should.have.property('errors')
+          done()
+        })
+    })
   })
   describe('/GET/:id user', () => {
     it('it should GET a user by the given id', done => {