const _ = require('lodash')

/* global WIKI */

// ------------------------------------
// SAML Account
// ------------------------------------

const SAMLStrategy = require('passport-saml').Strategy

module.exports = {
  init (passport, conf) {
    let samlConfig = {
      callbackUrl: conf.callbackURL,
      entryPoint: conf.entryPoint,
      issuer: conf.issuer,
      signatureAlgorithm: conf.signatureAlgorithm,
      identifierFormat: conf.identifierFormat,
      acceptedClockSkewMs: _.toSafeInteger(conf.acceptedClockSkewMs),
      disableRequestedAuthnContext: conf.disableRequestedAuthnContext,
      authnContext: conf.authnContext,
      forceAuthn: conf.forceAuthn,
      providerName: conf.providerName,
      skipRequestCompression: conf.skipRequestCompression,
      authnRequestBinding: conf.authnRequestBinding
    }
    if (!_.isEmpty(conf.audience)) {
      samlConfig.audience = conf.audience
    }
    if (!_.isEmpty(conf.cert)) {
      samlConfig.cert = _.split(conf.cert, '|')
    }
    if (!_.isEmpty(conf.privateCert)) {
      samlConfig.privateCert = conf.privateCert
    }
    if (!_.isEmpty(conf.decryptionPvk)) {
      samlConfig.decryptionPvk = conf.decryptionPvk
    }
    passport.use('saml',
      new SAMLStrategy(samlConfig, async (profile, cb) => {
        try {
          const userId = _.get(profile, [conf.mappingUID], null) || _.get(profile, 'nameID', null)
          if (!userId) {
            throw new Error('Invalid or Missing Unique ID field!')
          }

          const user = await WIKI.models.users.processProfile({
            profile: {
              id: userId,
              email: _.get(profile, conf.mappingEmail, ''),
              displayName: _.get(profile, conf.mappingDisplayName, '???'),
              picture: _.get(profile, conf.mappingPicture, '')
            },
            providerKey: 'saml'
          })
          cb(null, user)
        } catch (err) {
          cb(err, null)
        }
      })
    )
  }
}