- name: "Ensure Mailu user {{ mailu_user }}@{{ mailu_domain }} exists"
  command: >
    docker compose exec admin flask mailu {{ mailu_action }}
      {{ mailu_user }} {{ mailu_domain }} '{{ mailu_password }}'
  args:
    chdir: "{{ mailu_compose_dir }}"
  register: mailu_user_result
  failed_when: >
    mailu_user_result.rc != 0 and
    (
      "exists, not created" not in mailu_user_result.stderr and
      "Duplicate entry"   not in mailu_user_result.stderr
    )
  changed_when: mailu_user_result.rc == 0

- name: "Change password for user {{ mailu_user }}@{{ mailu_domain }}"
  command: >
    docker compose exec admin flask mailu password
      {{ mailu_user }} {{ mailu_domain }} '{{ mailu_password }}'
  args:
    chdir: "{{ mailu_compose_dir }}"

- name: "Fetch existing API tokens via curl inside admin container"
  command: >-
    docker compose exec -T admin \
      curl -s -X GET http://127.0.0.1:8080/api/v1/token \
        -H "Authorization: Bearer {{ mailu_global_api_token }}"
  args:
    chdir: "{{ mailu_compose_dir }}"
  register: mailu_tokens_cli
  changed_when: false

- name: "Extract existing token info for {{ mailu_user }}"
  set_fact:
    mailu_user_existing_token: >-
      {{ (
           mailu_tokens_cli.stdout
           | default('[]')
           | from_json
           | selectattr('comment','equalto', mailu_user ~ " - ansible.cymais")
           | list
         ).0 | default(None) }}

- name: "Create API token for {{ mailu_user }} if none exists"
  command: >-
    docker compose exec -T admin \
      curl -s -X POST http://127.0.0.1:8080/api/v1/token \
        -H "Authorization: Bearer {{ mailu_global_api_token }}" \
        -H "Content-Type: application/json" \
        -d '{{ {
              "comment": mailu_user ~ " - ansible.cymais",
              "email": users[mailu_user].email,
              "ip": mailu_token_ip
            } | to_json }}'
  args:
    chdir: "{{ mailu_compose_dir }}"
  register: mailu_token_creation
  when: (mailu_user_existing_token | default('') | length) == 0

- name: "Add mailu_token to users dict if created"
  set_fact:
    users: >-
      {{ users
         | combine({
             mailu_user: (
               users[mailu_user]
               | combine({
                   'mailu_token': (mailu_token_creation.stdout | from_json).token
                 })
             )
           }, recursive=True)
      }}
  when:
    - mailu_token_creation is defined
    - (mailu_user_existing_token | default('') | length) == 0