#!/bin/bash

# Get the directory where this script is located
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"

# Get username and email from ego-mgr
username=$(ego-mgr get default-username)
email=$(ego-mgr get email)

# Check if username is provided
if [[ -z "$username" ]]; then
  echo "Error: default-username not set in ego-mgr, please contact ard"
  exit 1
fi

# Check if email is provided
if [[ -z "$email" ]]; then
  echo "Error: email not set in ego-mgr, please contact ard"
  exit 1
fi

# Generate keycloak credentials (do not print secret)
secret-mgr generate --username "$username" --key keycloak >/dev/null

# Get the generated username and password
user=$(secret-mgr get-username --key keycloak)
pass=$(secret-mgr get-secret --key keycloak)

realm="Hangman-Lab"

# Create keycloak user
"$SCRIPT_DIR/kcadm" create users -r "$realm" -s "username=$user" -s "enabled=true" -s "email=$email" || true

# Set password for the user
"$SCRIPT_DIR/kcadm" set-password -r "$realm" --username "$user" --new-password "$pass"

# Verify email and set profile fields to avoid VERIFY_PROFILE during first OIDC login
"$SCRIPT_DIR/verify-email" --username "$user"
"$SCRIPT_DIR/set-name" --username "$user" >/dev/null 2>&1 || "$SCRIPT_DIR/set-name"

echo "Keycloak account created for: $user (realm: $realm)"