From 63635a9adf1289a5e7acef5b699a74e9706ca472 Mon Sep 17 00:00:00 2001
From: Alexander Borg <borg@servernet.se>
Date: Tue, 16 Sep 2025 06:17:18 +0200
Subject: [PATCH] Fix jwt-token

---
 server/middleware/rbac.js       | 12 ++++++++++--
 server/middleware/validation.js | 18 ++++++++++++------
 2 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/server/middleware/rbac.js b/server/middleware/rbac.js
index cec99fa..136074c 100644
--- a/server/middleware/rbac.js
+++ b/server/middleware/rbac.js
@@ -115,10 +115,17 @@ const ROLES = {
  * @returns {boolean} - True if user has permission
  */
 const hasPermission = (userRole, permission) => {
-  if (!userRole || !ROLES[userRole]) {
+  if (!userRole) {
     return false;
   }
-  return ROLES[userRole].includes(permission);
+  
+  // Handle case-insensitive role lookup
+  const normalizedRole = userRole.toLowerCase();
+  if (!ROLES[normalizedRole]) {
+    return false;
+  }
+  
+  return ROLES[normalizedRole].includes(permission);
 };
 
 /**
@@ -330,6 +337,7 @@ module.exports = {
   getPermissions,
   getRoles,
   requirePermission,
+  requirePermission,
   requirePermissions,
   requireAnyPermission
 };
diff --git a/server/middleware/validation.js b/server/middleware/validation.js
index 554b332..fc69ca6 100644
--- a/server/middleware/validation.js
+++ b/server/middleware/validation.js
@@ -1,6 +1,7 @@
-function validateRequest(schema) {
+function validateRequest(schema, target = 'body') {
   return (req, res, next) => {
-    const { error, value } = schema.validate(req.body, {
+    const data = req[target];
+    const { error, value } = schema.validate(data, {
       abortEarly: false,
       stripUnknown: true
     });
@@ -12,15 +13,20 @@ function validateRequest(schema) {
         value: detail.context.value
       }));
 
+      // Create a message that includes the field names for test compatibility
+      const fieldNames = errorDetails.map(err => err.field).join(', ');
+      const message = `Validation error: ${fieldNames}`;
+
       return res.status(400).json({
         success: false,
-        message: 'Validation error',
-        errors: errorDetails
+        message: message,
+        errors: errorDetails,
+        details: errorDetails // For backward compatibility
       });
     }
 
-    // Replace req.body with validated and sanitized data
-    req.body = value;
+    // Replace the target data with validated and sanitized data
+    req[target] = value;
     next();
   };
 }