#!/usr/bin/lua

--[[

test authenticate

* If user exist in acf db and passwd field is not 'x' then use this password.

* If user exist in acf db and passwd field is 'x' then use password hash in
  /etc/shadow.

* If user does not exit in acf db, then authenticate against /etc/shadow
  If success then create new user with no roles in acf db.

]]--

shadow = require("auth.shadow")
acfdb = require("auth.acfpasswd")

user = arg[1]
entry, errmsg  = acfdb.getent(user)

authenticate = acfdb.authenticate
if entry == nil then
	print("Failed to read user '"..user.."' in "..acfdb.file)
	if not shadow.getent(user) then
		print("Faild to read user in "..shadow.file)
		-- We could fallback to ldap, imaps or similar here
		return 1
	end
	authenticate = shadow.authenticate
elseif entry.passwd == "x" then
	-- if passwd field is set to 'x' it means we use password in shadow
	authenticate = shadow.authenticate
end

io.write("Enter password (WARNING: will echo): ")
passwd = io.read("*line")

if not authenticate(user, passwd) then
	print("Authentication failed")
	return 1
end

print("User "..user.." is authenticated")
if entry == nil then
	print("A new account should be created here")
	-- passwd = confirm_password(passwd)
	-- acfdb.setent(user, passwd, "New User", "NEWUSER")
end