#!/usr/bin/python

# A wrapper script over ldapadd

from os import remove
from secrets import token_urlsafe
from subprocess import run, call, check_output
from sys import argv


def adduser(username, firstname, lastname, email, password):
    """Add a new user"""

    # Get UID
    output = check_output(['ldapsearch', '-x', 'uidNumber']).decode('utf-8')
    used = {int(line.split()[1]) for line in output.split('\n') if line.startswith('uid')}
    uid = next(u for u in range(1001, 10000) if u not in used)

    if firstname == lastname:
        fullname = firstname
    else:
        fullname = f'{firstname} {lastname}'

    # Generate password hash using OpenSSL
    with open('password', 'w') as f:
        f.write(password)
    hashed_password = check_output(['openssl', 'passwd', '-6', '-in', 'password']).decode('utf-8')[:-1]
    remove('password')

    # Construct LDIF
    ldif = f'''dn: uid={username},ou=People,dc=exozy,dc=me
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: {username}
cn: {fullname}
sn: {lastname}
givenName: {firstname}
userPassword: {{CRYPT}}{hashed_password}
mail: {email}
loginShell: /bin/fish
uidNumber: {uid}
gidNumber: {uid}
homeDirectory: /home/{username}

dn: cn={username},ou=Group,dc=exozy,dc=me
objectClass: top
objectClass: posixGroup
cn: {username}
gidNumber: {uid}'''

    # Write to file
    filename = username + '.ldif'
    with open(filename, 'w') as f:
        f.write(ldif)

    # Add user
    ret = call(['ldapadd', '-D', 'cn=Manager,dc=exozy,dc=me', '-w',
                open('/etc/ldappass', 'r').read(), '-f', filename])
    if ret != 0:
        return
    remove(filename)

    # Configure and set up user
    # Make home directory
    run(['sudo', 'mkhomedir_helper', username, '077'])
    run(['sudo', '-u', username, 'mkdir', '/home/' + username + '/.config'])
    # Set up Flatpak
    # This is a workaround for the error "flatpak refusing to operate under sudo with --user"
    run(['sudo', '-u', username, 'sh', '-c',
        'flatpak remote-add flathub https://dl.flathub.org/repo/flathub.flatpakrepo --user'])
    # Set default browser
    # xdg-settings uses KDE_SESSION_VERSION to determine which KDE commands to use
    # For instance, kwriteconfig5 instead of kwriteconfig from Plasma 4
    run(['sudo', '-u', username, 'env', 'KDE_SESSION_VERSION=5', 'xdg-settings',
        'set', 'default-web-browser', 'firefox.desktop'])


# Generate temporary password
password = token_urlsafe(6)
print('Temporary password:', password)

adduser(*argv[1:], password)