#!/bin/bash
# info: change mail account password
# options: USER DOMAIN ACCOUNT PASSWORD
#
# example: v-change-mail-account-password admin mydomain.tld user p4$$vvOrD
#
# This function changes email account password.

#----------------------------------------------------------#
#                Variables & Functions                     #
#----------------------------------------------------------#

# Argument definition
user=$1
domain=$2
domain_idn=$2
account=$3
password=$4
HIDE=4

# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hest
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# shellcheck source=/usr/local/hestia/func/domain.sh
source $HESTIA/func/domain.sh
# load config file
source_conf "$HESTIA/conf/hestia.conf"

# Additional argument formatting
format_domain
format_domain_idn
# TODO: $domain_idn not used in this script - maybe $domain should be converted to $doman_idn ?

#----------------------------------------------------------#
#                    Verifications                         #
#----------------------------------------------------------#

check_args '4' "$#" 'USER DOMAIN ACCOUNT PASSWORD'
is_format_valid 'user' 'domain' 'account'
is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
is_object_valid 'mail' 'DOMAIN' "$domain"
is_object_unsuspended 'mail' 'DOMAIN' "$domain"
is_object_valid "mail/$domain" 'ACCOUNT' "$account"
is_object_unsuspended "mail/$domain" 'ACCOUNT' "$account"
is_password_valid

# Perform verification if read-only mode is enabled
check_hestia_demo_mode

#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

# Generating hashed password
if [ -n "$(doveadm pw -l | grep BLF-CRYPT)" ]; then
	set +H # disable ! style history substitution
	md5="$(doveadm pw -s BLF-CRYPT -p "$password")"
elif [ -n "$(doveadm pw -l | grep ARGON2ID)" ]; then
	# Fall back on Argon2id if bcrypt is not available
	set +H # disable ! style history substitution
	md5="$(doveadm pw -s ARGON2ID -p "$password")"
else
	# Fall back on MD5 if neither bcrypt nor argon2id is available
	salt=$(generate_password "$PW_MATRIX" "8")
	md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<< $password)"
fi

if [[ "$MAIL_SYSTEM" =~ exim ]]; then
	quota=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$QUOTA')
	if [ "$quota" = 'unlimited' ]; then
		quota=0
	fi
	sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
	str="$account:$md5:$user:mail::$HOMEDIR/$user:${quota}:userdb_quota_rule=*:storage=${quota}M"
	echo "$str" >> $HOMEDIR/$user/conf/mail/$domain/passwd
fi

#----------------------------------------------------------#
#                       Hestia                             #
#----------------------------------------------------------#

# Update md5
update_object_value "mail/$domain" 'ACCOUNT' "$account" '$MD5' "$md5"

# Logging
$BIN/v-log-action "$user" "Info" "Mail" "Mail account password changed (Account: $account@$domain)."
log_event "$OK" "$ARGUMENTS"

exit