# @See https://raw.githubusercontent.com/snipe/snipe-it/master/app/Models/Setting.php
---
- name: "Wait until the Snipe-IT Login is available"
  uri:
    url: "{{ snipe_it_url }}/login"
    method: GET
    return_content: no
    status_code: 200
  register: snipeit_admin_check
  retries: 30
  delay: 5
  until: snipeit_admin_check.status == 200
  when: not ( applications | is_feature_enabled('oauth2', application_id))

- name: "Debug: show APP_KEY in container shell"
  shell: |
    docker-compose exec -T \
      -u www-data \
      -e XDG_CONFIG_HOME=/tmp \
      -e APP_KEY='{{ applications[application_id].credentials.app_key }}' \
      application \
      sh -c 'echo "SHELL sees APP_KEY=$APP_KEY"'
  args:
    chdir: "/opt/docker/snipe-it/"

- name: "Debug: show APP_KEY in container shell"
  shell: |
    docker-compose exec -T -u www-data \
    -e XDG_CONFIG_HOME=/tmp \
    -e APP_KEY="{{ applications[application_id].credentials.app_key }}" \
    application \
    php artisan tinker --execute="echo 'CONFIG app.key: ' . config('app.key') . PHP_EOL;"
  args:
    chdir: "/opt/docker/snipe-it/"

- name: "Set all LDAP settings via Laravel Setting model (inside container as www-data)"
  shell: |
    docker-compose exec -T \
    -e APP_KEY='{{ applications[application_id].credentials.app_key }}' \ 
    -e XDG_CONFIG_HOME=/tmp \ 
    -u www-data application \ 
    sh -c 'php artisan tinker << "EOF"
    $s = \App\Models\Setting::getSettings();
    $s->ldap_enabled             = 1;
    $s->ldap_server              = "{{ ldap.server.uri }}";
    $s->ldap_port                = {{ ldap.server.port }};
    $s->ldap_uname               = "{{ ldap.dn.administrator.data }}";
    $s->ldap_pword               = "{{ ldap.bind_credential }}";
    $s->ldap_basedn              = "{{ ldap.dn.users }}";
    $s->ldap_filter              = "&(objectClass=inetOrgPerson)";
    $s->ldap_username_field      = "{{ ldap.attributes.user_id }}";
    $s->ldap_fname_field         = "{{ ldap.attributes.firstname }}";
    $s->ldap_lname_field         = "{{ ldap.attributes.surname }}";
    $s->ldap_auth_filter_query   = "uid=";
    $s->ldap_version             = 3;
    $s->ldap_pw_sync             = 0;
    $s->is_ad                    = 0;
    $s->ad_domain                = "";
    $s->ldap_default_group       = "";
    $s->ldap_email               = "{{ ldap.attributes.mail }}";
    $s->custom_forgot_pass_url   = "{{ oidc.client.reset_credentials }}";
    $s->save();
    EOF'
  args:
    chdir: "{{ docker_compose.directories.instance }}"
  register: ldap_tinker
  failed_when: >
    ldap_tinker.stdout_lines is not defined
    or ldap_tinker.stdout_lines[0] != '= true'
  changed_when: >
    ldap_tinker.stdout_lines is defined
    and ldap_tinker.stdout_lines[0] == '= true'
  notify: docker compose up

- name: Encrypt & save LDAP bind password via Crypt + DB façade
  shell: |
    docker-compose exec -T \
      -u www-data \
      -e APP_KEY="{{ applications[application_id].credentials.app_key }}" \
      -e XDG_CONFIG_HOME=/tmp \
      application \
      php artisan tinker --execute="
        use Illuminate\Support\Facades\Crypt;
        use Illuminate\Support\Facades\DB;

        /* encrypt the clear-text password */
        \$encrypted = Crypt::encrypt('{{ ldap.bind_credential }}');

        /* write it straight into settings.ldap_pword */
        /* update the one and only row in `settings` */
        DB::table('settings')->update([
          'ldap_pword' => \$encrypted
        ]);
        echo 'Stored: ' . \$encrypted . PHP_EOL;
      "
  args:
    chdir: "/opt/docker/snipe-it/"
  register: ldap_encrypt
  failed_when: ldap_encrypt.rc != 0

- name: "Clear Laravel config & cache (inside container as www-data)"
  shell: |
    docker-compose exec -T -u www-data application php artisan config:clear
    docker-compose exec -T -u www-data application php artisan cache:clear
  args:
    chdir: "{{ docker_compose.directories.instance }}"
  notify: docker compose up