#!/bin/bash

# Get the directory where this script is located
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"

# Parse arguments
while [[ $# -gt 0 ]]; do
  case $1 in
    --username)
      username="$2"
      shift 2
      ;;
    --email)
      email="$2"
      shift 2
      ;;
    *)
      echo "Unknown option: $1"
      exit 1
      ;;
  esac
done

# Check if username and email are provided
if [[ -z "$username" || -z "$email" ]]; then
  echo "Usage: $0 --username <username> --email <email>"
  exit 1
fi

# Generate keycloak credentials (do not print secret)
pass_mgr generate --username "$username" --key keycloak >/dev/null

# Get the generated username and password
user=$(pass_mgr get-username --key keycloak)
pass=$(pass_mgr get-secret --key keycloak)

realm="Hangman-Lab"

# Create keycloak user
"$SCRIPT_DIR/kcadm" create users -r "$realm" -s "username=$user" -s "enabled=true" -s "email=$email" || true

# Set password for the user
"$SCRIPT_DIR/kcadm" set-password -r "$realm" --username "$user" --new-password "$pass"

# Verify email and set profile fields to avoid VERIFY_PROFILE during first OIDC login
"$SCRIPT_DIR/verify-email" --username "$user"
"$SCRIPT_DIR/set-name" --username "$user" >/dev/null 2>&1 || "$SCRIPT_DIR/set-name"

echo "Keycloak account created for: $user (realm: $realm)"