1 files changed, 39 insertions, 0 deletions

diff --git a/fig-web/src/Fig/Web/LDAP.hs b/fig-web/src/Fig/Web/LDAP.hs
new file mode 100644
index 0000000..e9861a9
--- /dev/null
+++ b/fig-web/src/Fig/Web/LDAP.hs
@@ -0,0 +1,39 @@
+module Fig.Web.LDAP where
+
+import Fig.Prelude
+
+import System.Exit (ExitCode(..))
+import qualified System.Process as Proc
+
+import qualified Data.UUID as UUID
+import qualified Data.UUID.V4 as UUID
+import qualified Data.Text as Text
+
+import Fig.Web.Utils
+
+-- | Reset the password in LDAP for the specified user (creating the user if necessary)
+resetUserPassword :: MonadIO m => Config -> Text -> Text -> m (Maybe Text)
+resetUserPassword cfg user uid = do
+  let login = Text.toLower user
+  password <- UUID.toText <$> liftIO UUID.nextRandom
+  exitCode <- liftIO $ Proc.withCreateProcess
+    (Proc.proc cfg.lldapCli $ unpack <$>
+     [ "-H", cfg.lldapHost
+     , "-D", cfg.lldapUser
+     , "-w", cfg.lldapPassword
+     , "user", "add", login, login <> "@users.colonq.computer"
+     , "-p", password
+     , "-f", uid
+     ])
+    \_ _ _ h -> Proc.waitForProcess h
+  liftIO $ Proc.withCreateProcess
+    (Proc.proc cfg.lldapCli $ unpack <$>
+     [ "-H", cfg.lldapHost
+     , "-D", cfg.lldapUser
+     , "-w", cfg.lldapPassword
+     , "user", "group", "add", login, "fig_users"
+     ])
+    \_ _ _ h -> void $ Proc.waitForProcess h
+  case exitCode of
+    ExitSuccess -> pure $ Just password
+    ExitFailure _ -> pure Nothing