Fix jwt-token

server/middleware/rbac.js

@@ -115,10 +115,17 @@ const ROLES = {
  * @returns {boolean} - True if user has permission
  */
 const hasPermission = (userRole, permission) => {
-  if (!userRole || !ROLES[userRole]) {
+  if (!userRole) {
     return false;
   }
-  return ROLES[userRole].includes(permission);
+  
+  // Handle case-insensitive role lookup
+  const normalizedRole = userRole.toLowerCase();
+  if (!ROLES[normalizedRole]) {
+    return false;
+  }
+  
+  return ROLES[normalizedRole].includes(permission);
 };
 
 /**
@@ -330,6 +337,7 @@ module.exports = {
   getPermissions,
   getRoles,
   requirePermission,
+  requirePermission,
   requirePermissions,
   requireAnyPermission
 };

server/middleware/validation.js

@@ -1,6 +1,7 @@
-function validateRequest(schema) {
+function validateRequest(schema, target = 'body') {
   return (req, res, next) => {
-    const { error, value } = schema.validate(req.body, {
+    const data = req[target];
+    const { error, value } = schema.validate(data, {
       abortEarly: false,
       stripUnknown: true
     });
@@ -12,15 +13,20 @@ function validateRequest(schema) {
         value: detail.context.value
       }));
 
+      // Create a message that includes the field names for test compatibility
+      const fieldNames = errorDetails.map(err => err.field).join(', ');
+      const message = `Validation error: ${fieldNames}`;
+
       return res.status(400).json({
         success: false,
-        message: 'Validation error',
+        message: message,
-        errors: errorDetails
+        errors: errorDetails,
+        details: errorDetails // For backward compatibility
       });
     }
 
-    // Replace req.body with validated and sanitized data
+    // Replace the target data with validated and sanitized data
-    req.body = value;
+    req[target] = value;
     next();
   };
 }