#!/usr/bin/python3
# pylint: disable=missing-module-docstring
#
# Copyright (c) 2014--2015 Red Hat, Inc.
# Copyright (c) 2025 SUSE LLC
#
# This software is licensed to you under the GNU General Public License,
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
# along with this software; if not, see
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
#
# Red Hat trademarks are not licensed under GPLv2. No permission is
# granted to use or replicate Red Hat trademarks that are incorporated
# in this software or its documentation.

import getpass
import sys

from spacewalk.server import db_config
from spacewalk.server import rhnSQL, rhnUser


def print_help():
    print("Usage: satpasswd [OPTIONS] user\n")
    print("Options:")
    print("\t-h, --help\tPrint this help message.")
    print("\t-s, --stdin\tRead the password from standard input.")


# pylint: disable-next=redefined-outer-name
def read_passwd(stdin, msg):
    # pylint: disable-next=redefined-outer-name,invalid-name
    passwordIn = None
    if stdin:
        # pylint: disable-next=invalid-name
        passwordIn = sys.stdin.readline().rstrip("\n")
    else:
        # pylint: disable-next=invalid-name
        passwordIn = getpass.getpass(msg)
    return passwordIn


if __name__ == "__main__":
    if "-h" in sys.argv or "--help" in sys.argv:
        print_help()
        sys.exit(0)

    stdin = False
    for a in ("-s", "--stdin"):
        if a in sys.argv:
            stdin = True
            sys.argv.remove(a)

    if len(sys.argv) != 2:
        print_help()
        sys.exit(1)

    userIn = sys.argv.pop()

    rhnSQL.initDB()

    user = rhnUser.search(userIn)
    if not user:
        # pylint: disable-next=consider-using-f-string
        print("User %s is not a valid Satellite user." % userIn)
        sys.exit(1)

    passwordIn = read_passwd(stdin, "Password:")
    passwordCheck = read_passwd(stdin, "Retype password:")

    if passwordIn != passwordCheck:
        print("Sorry, passwords do not match.")
        sys.exit(1)

    if len(passwordIn) == 0:
        print("Empty password is not permitted.")
        sys.exit(1)

    MIN_PASSWD_LEN = db_config.value("PSW_CHECK_LENGTH_MIN")
    if len(passwordIn) < MIN_PASSWD_LEN:
        # pylint: disable-next=consider-using-f-string
        print(("User password should be at least %d characters long.") % MIN_PASSWD_LEN)
        sys.exit(1)

    user.contact["password"] = rhnUser.encrypt_password(passwordIn)
    user.contact.save()
    rhnSQL.commit()
