module Fig.Web.LDAP where

import Fig.Prelude

import System.Exit (ExitCode(..))
import qualified System.Process as Proc

import qualified Data.UUID as UUID
import qualified Data.UUID.V4 as UUID
import qualified Data.Text as Text

import Fig.Web.Utils

-- | Reset the password in LDAP for the specified user (creating the user if necessary)
resetUserPassword :: MonadIO m => Config -> Text -> Text -> m (Maybe Text)
resetUserPassword cfg user uid = do
  let login = Text.toLower user
  password <- UUID.toText <$> liftIO UUID.nextRandom
  exitCode <- liftIO $ Proc.withCreateProcess
    (Proc.proc cfg.lldapCli $ unpack <$>
     [ "-H", cfg.lldapHost
     , "-D", cfg.lldapUser
     , "-w", cfg.lldapPassword
     , "user", "add", login, login <> "@users.colonq.computer"
     , "-p", password
     , "-f", uid
     ])
    \_ _ _ h -> Proc.waitForProcess h
  liftIO $ Proc.withCreateProcess
    (Proc.proc cfg.lldapCli $ unpack <$>
     [ "-H", cfg.lldapHost
     , "-D", cfg.lldapUser
     , "-w", cfg.lldapPassword
     , "user", "group", "add", login, "fig_users"
     ])
    \_ _ _ h -> void $ Proc.waitForProcess h
  case exitCode of
    ExitSuccess -> pure $ Just password
    ExitFailure _ -> pure Nothing