phi/src/phicli

#!/usr/bin/env python3
from pprint import pformat as pp
from getpass import getpass
import json

from phi.config import get_config
from phi.logging import setup_logging, get_logger
from phi import cli
import phi.ldap.client
from phi.ldap.user import get_user_by_uid, add_user, delete_user
from phi.ldap.group import get_group_by_cn, get_all_groups, add_group_member

log = get_logger(__name__)

JSON_ENC = json.JSONEncoder()
SHOW_PASSWORDS = False


def sanitize(obj):
    if isinstance(obj, list):
        return [sanitize(el) for el in obj]
    elif isinstance(obj, dict):
        return dict((sanitize(k), sanitize(v)) for k, v in obj.items())
    elif isinstance(obj, bytes):
        return [hex(el) for el in list(obj)]
    return obj


@cli.register("dispaly user fields", ["user identifier"])
def showuser(uid):
    user = get_user_by_uid(client, uid)
    if user is None:
        print("User {} not found".format(uid))
        return
    if not SHOW_PASSWORDS:
        user.pop("password")

    print(JSON_ENC.encode(sanitize(user)))


@cli.register("add a new user", ["user identifier"])
def adduser(uid):
    def ask(prompt, default):
        full_prompt = "{} [{}] ".format(prompt, default)
        return input(full_prompt) or default

    user = get_user_by_uid(client, uid)
    if user is not None:
        print("User {} already existing".format(uid))
        return

    cn = ask("Common name:", uid)
    sn = ask("Last name:", uid)
    mail = ask("Mail:", "{}@localhost".format(uid))

    password = getpass()
    pass_check = getpass("Retype password: ")
    if password != pass_check:
        print("Password not matching")
        return

    add_user(client, uid, cn, sn, mail, password)

    # Check
    user = get_user_by_uid(client, uid)
    if not SHOW_PASSWORDS:
        user.pop("password")

    print(JSON_ENC.encode(sanitize(user)))


@cli.register("delete an user", ["user identifier"])
def deluser(uid):
    check = input("Are you sure? [y/N] ") or "N"
    if check.lower() != "y":
        print("Ok then")
        return

    user = get_user_by_uid(client, uid)
    if user is not None:
        delete_user(client, user)
        print("Done")
    else:
        print("User {} not found".format(uid))


@cli.register("show a group", ["group common name"])
def showgroup(cn):
    group = get_group_by_cn(client, cn)
    if group is None:
        print("Group {} not found".format(gcn))
        return

    print(JSON_ENC.encode(sanitize(group)))


@cli.register("list all groups")
def listgroups():
    groups = get_all_groups(client)

    for group in groups:
        print(group["cn"])


@cli.register("add an user to a group", ["user identifier", "group common name"])
def addtogroup(uid, gcn):
    user = get_user_by_uid(client, uid)
    group = get_group_by_cn(client, gcn)

    if user is None:
        print("User {} not found".format(uid))
        return

    if group is None:
        print("Group {} not found".format(gcn))
        return

    if uid in group["members"]:
        print("User {} is already in group {}".format(uid, gcn))
        return

    add_group_member(client, group, user)


if __name__ == "__main__":
    cli.add_arg("--config", "config.yml", "custom configuration file")
    cli.add_flag("--show-passwords", "show the passwords bytes")
    args = cli.get_args()

    config_file = args["config"]
    SHOW_PASSWORDS = args["show_passwords"]

    config_file, config = get_config(config_file)
    setup_logging(config.get("logging", {}))
    log.info("Using configuration at '{}':\n{}".format(config_file, pp(config)))

    # TODO: check fields in config
    client = phi.ldap.client.Client(**config["ldap"])

    log.info("Opening LDAP client")
    client.open()

    log.info("Arguments: {}".format(pp(args)))

    cli.run(args)

    log.info("Closing LDAP client")
    client.close()