#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

. /usr/sbin/so-common

usage() {
    echo "Usage: $0 <new-user-name>"
    echo ""
    echo "Adds a new user to Fleet. The new password will be read from STDIN."
    exit 1
}

if [ $# -ne 1 ]; then
  usage
fi

USER=$1

MYSQL_PASS=$(lookup_pillar_secret mysql)
FLEET_IP=$(lookup_pillar fleet_ip)
FLEET_USER=$USER

# Read password for new user from stdin
test -t 0
if [[ $? == 0 ]]; then
  echo "Enter new password:"
fi
read -rs FLEET_PASS

if ! check_password "$FLEET_PASS"; then
  echo "Password is invalid. Please exclude single quotes, double quotes and backslashes from the password."
  exit 2
fi

FLEET_HASH=$(docker exec so-soctopus python -c "import bcrypt; print(bcrypt.hashpw('$FLEET_PASS'.encode('utf-8'), bcrypt.gensalt()).decode('utf-8'));" 2>&1)
if [[ $? -ne 0 ]]; then
	echo "Failed to generate Fleet password hash"
	exit 2
fi

MYSQL_OUTPUT=$(docker exec so-mysql mysql -u root --password=$MYSQL_PASS fleet -e \
    "INSERT INTO users (password,salt,username,email,admin,enabled) VALUES ('$FLEET_HASH','','$FLEET_USER','$FLEET_USER',1,1)" 2>&1)

if [[ $? -eq 0 ]]; then
    echo "Successfully added user to Fleet"
else
    echo "Unable to add user to Fleet; user might already exist"
    echo "$MYSQL_OUTPUT"
    exit 2
fi