#! /bin/bash
#
# Requires jq - see https://stedolan.github.io/jq/
#
# Assumes that the following env vars are set:
#
# CLIENT_ID - the client ID for your OAuth 2 app
# JWT_KEY_FILE - path to the private key for creating a JWT
# HUB_USERNAME - authentication username

# JWT login
sfdx force:auth:jwt:grant --clientid ${CLIENT_ID} \
  --jwtkeyfile ${JWT_KEY_FILE} --username ${HUB_USERNAME} \
  --setdefaultdevhubusername > /dev/null

# Create an org
created="$(sfdx force:org:create -s -f scratch-def.json --json)"

orgId="$(echo ${created} | jq -r .result.orgId)"
username="$(echo ${created} | jq -r .result.username)"

# Emit username
echo -n ${username}

# Generate user password
password="$(sfdx force:user:password:generate -u ${username} --json | jq -r .result.password)"

# Get accessToken, instanceUrl etc
org="$(sfdx force:org:display -u ${username} --json)"

accessToken="$(echo ${org} | jq -r .result.accessToken)"
instanceUrl="$(echo ${org} | jq -r .result.instanceUrl)"

# Get my IP address
myip="$(curl -s http://ipinfo.io/ip)"

# Wait until new instance resolves
until host ${instanceUrl} > /dev/null
do
  sleep 10
done

# Set IP range
opened="$(curl -s ${instanceUrl}/services/Soap/m/39.0/${orgId} \
  -H "Content-Type: text/xml; charset=UTF-8" \
  -H "SOAPAction: updateMetadata" \
  -d '<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <env:Header>
    <SessionHeader xmlns="http://soap.sforce.com/2006/04/metadata">
      <sessionId>'${accessToken}'</sessionId>
    </SessionHeader>
  </env:Header>
  <env:Body>
    <m:updateMetadata xmlns:m="http://soap.sforce.com/2006/04/metadata" xmlns:sobj="null">
      <m:metadata xsi:type="m:SecuritySettings">
        <m:networkAccess>
          <m:ipRanges>
            <m:start>'${myip}'</m:start>
            <m:end>'${myip}'</m:end>
          </m:ipRanges>
        </m:networkAccess>
      </m:metadata>
    </m:updateMetadata>
  </env:Body>
</env:Envelope>')"

# Password might have characters that need to be escaped for XML!
esc_password="$(echo ${password} | sed 's/&/\&amp;/g; s/</\&lt;/g; s/>/\&gt;/g; s/"/\&quot;/g; s/'"'"'/\&#39;/g')"

# Test login with username and password
login="$(curl -s https://test.salesforce.com/services/Soap/u/39.0 \
  -H "Content-Type: text/xml; charset=UTF-8" \
  -H "SOAPAction: login" \
  -d '<?xml version="1.0" encoding="utf-8" ?>
<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Body>
    <n1:login xmlns:n1="urn:partner.soap.sforce.com">
      <n1:username>'${username}'</n1:username>
      <n1:password>'${esc_password}'</n1:password>
    </n1:login>
  </env:Body>
</env:Envelope>')"

if [[ $(echo ${login} | xpath '/soapenv:Envelope/soapenv:Body/loginResponse' 2> /dev/null) ]]; then
  # All is good
  exit 0
fi

# No loginResponse!
exit 1