"""Reset password for office@lonestarelectrical.net so Kyla can login and set up MFA"""
import secrets
import string
from google.oauth2 import service_account
from googleapiclient.discovery import build

SCOPES = [
    'https://www.googleapis.com/auth/admin.directory.user',
    'https://www.googleapis.com/auth/admin.directory.user.security',
]

creds = service_account.Credentials.from_service_account_file(
    'temp/acg-msp-access-8f72339997e5.json', scopes=SCOPES
)
delegated = creds.with_subject('sysadmin@lonestarelectrical.net')
service = build('admin', 'directory_v1', credentials=delegated)

user_email = 'office@lonestarelectrical.net'

# Check current user status
print(f"=== Checking {user_email} ===")
try:
    user = service.users().get(userKey=user_email).execute()
    print(f"Name: {user.get('name', {}).get('fullName', 'N/A')}")
    print(f"Suspended: {user.get('suspended', 'N/A')}")
    print(f"Archived: {user.get('archived', 'N/A')}")
    print(f"2FA Enrolled: {user.get('isEnrolledIn2Sv', 'N/A')}")
    print(f"2FA Enforced: {user.get('isEnforcedIn2Sv', 'N/A')}")
    print(f"Last Login: {user.get('lastLoginTime', 'N/A')}")
    print(f"Creation: {user.get('creationTime', 'N/A')}")
except Exception as e:
    print(f"[ERROR] Could not get user: {e}")
    exit(1)

# Generate a temp password
alphabet = string.ascii_letters + string.digits + "!@#$"
temp_pass = ''.join(secrets.choice(alphabet) for _ in range(16))

# Reset password, require change on next login
print(f"\n=== Resetting password ===")
try:
    service.users().update(
        userKey=user_email,
        body={
            'password': temp_pass,
            'changePasswordAtNextLogin': True,
            'suspended': False,
        }
    ).execute()
    print(f"[OK] Password reset successful")
    print(f"[OK] Account unsuspended (if it was)")
    print(f"[OK] Must change password on first login")
    print(f"\nTemporary password: {temp_pass}")
    print(f"\nGive Kyla:")
    print(f"  Email: {user_email}")
    print(f"  Password: {temp_pass}")
    print(f"  URL: https://accounts.google.com")
    print(f"  She will be prompted to change password and set up MFA")
except Exception as e:
    print(f"[ERROR] Password reset failed: {e}")