From cce5a9ed537c469c576fb0e0cc1d5744c72503fe Mon Sep 17 00:00:00 2001
From: Mitchell Gerber <mgerb42@gmail.com>
Date: Sat, 13 Jan 2018 13:24:41 -0600
Subject: [PATCH] server - validate character exists on user update

---
 lib/myapp_web/controllers/user_controller.ex | 24 ++++++++++++++------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/lib/myapp_web/controllers/user_controller.ex b/lib/myapp_web/controllers/user_controller.ex
index 56ae5f1..c5d11ce 100644
--- a/lib/myapp_web/controllers/user_controller.ex
+++ b/lib/myapp_web/controllers/user_controller.ex
@@ -37,16 +37,26 @@ defmodule MyAppWeb.UserController do
   end
 
   def update_selected_character(conn, params) do
-    id = conn
+    %{"id" => user_id, "access_token" => access_token} = conn
     |> MyApp.Guardian.Plug.current_claims
-    |> Map.get("id")
+    |> Map.take(["id", "access_token"])
     
-    params = params
-    |> Map.put("id", id)
-    |> Map.put_new("character_guild", nil) # set guild to nil if it doesn't exist
+    # validate the character exists in users WoW profile
+    {:ok, characterList} = BattleNet.User.get_user_characters(user_id, access_token)
+    exists = Enum.find(characterList["characters"], fn(char) ->
+      char["name"] == params["character_name"] && char["realm"] == params["character_realm"]
+    end)
 
-    {output, status} = params
-    |> Data.User.update_character
+    {output, status} = case exists do
+      nil -> {:error, "character doesn't exist"}
+      _ -> 
+        params = params
+        |> Map.put("id", user_id)
+        |> Map.put_new("character_guild", nil) # set guild to nil if it doesn't exist
+
+        params
+        |> Data.User.update_character
+    end
     |> Response.put_resp
 
     conn