/**
 * Dependencies
 */
var OAuth2Strategy      = require('passport-oauth2')
  , InternalOAuthError  = require('passport-oauth2').InternalOAuthError
  , util                = require('util');

/**
 * `Strategy` constructor.
 *
 * The Icy Network authentication strategy authenticates requests by delegating
 * to Icy Network via the OAuth2.0 protocol
 *
 * Applications must supply a `verify` callback which accepts an `accessToken`,
 * `refreshToken` and service-specific `profile`, and then calls the `cb`
 * callback supplying a `user`, which should be set to `false` if the
 * credentials are not valid. If an exception occured, `err` should be set.
 *
 * Options:
 *   - `clientID`       OAuth ID to icynet
 *   - `clientSecret`   OAuth Secret to verify client to icynet
 *   - `callbackURL`    URL that icynet will redirect to after auth
 *   - `scope`          Array of permission scopes to request
 *                      Check the official documentation for valid scopes to pass as an array.
 * 
 * @constructor
 * @param {object} options
 * @param {function} verify
 * @access public
 */
function Strategy(options, verify) {
  options = options || {};
  options.authorizationURL = options.authorizationURL || 'https://icynet.eu/oauth2/authorize';
  options.tokenURL = options.tokenURL || 'https://icynet.eu/oauth2/token';
  options.scopeSeparator = options.scopeSeparator || ' ';

  OAuth2Strategy.call(this, options, verify);
  this.name = 'icynet';
  this._oauth2.useAuthorizationHeaderforGET(true);
}

/**
 * Inherits from `OAuth2Strategy`
 */
util.inherits(Strategy, OAuth2Strategy);

/**
 * Retrieve user profile from Icy Network.
 *
 * This function constructs a normalized profile.
 * Along with the properties returned from /oauth2/user, properties returned include:
 *   - `email`            Email address if you requested this scope
 *   - `image`            Profile picture if you requested this scope
 *   - `privilege`        Icy Network privilege level if you requested this scope
 *   - `accessToken`      The access token used to fetch the (may be useful for refresh)
 *
 * @param {string} accessToken
 * @param {function} done
 * @access protected
 */
Strategy.prototype.userProfile = function(accessToken, done) {
  var self = this;
  this._oauth2.get('https://icynet.eu/oauth2/user', accessToken, function(err, body, res) {
    if (err) {
      return done(new InternalOAuthError('Failed to fetch the user profile.', err))
    }

    try {
      var parsedData = JSON.parse(body);
    } catch (e) {
      return done(new Error('Failed to parse the user profile.'));
    }

    var profile = parsedData; // has the basic user stuff
    profile.provider = 'icynet';
    profile.accessToken = accessToken;

    done(null, profile)
  });
};

/**
 * Expose `Strategy`.
 */
module.exports = Strategy;