File: virtual_mfa_device.rb

package info (click to toggle)
ruby-aws-sdk 1.67.0-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 6,840 kB
  • sloc: ruby: 28,436; makefile: 7
file content (139 lines) | stat: -rw-r--r-- 4,397 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"). You
# may not use this file except in compliance with the License. A copy of
# the License is located at
#
#     http://aws.amazon.com/apache2.0/
#
# or in the "license" file accompanying this file. This file is
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
# ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.

require 'base64'

module AWS
  class IAM

    # @attr_reader [String] base_32_string_seed The Base32 seed defined as
    #   specified in RFC3548.  Only accessible on newly created
    #   devices. This value is Base64-encoded.
    #
    # @attr_reader [Blob] qr_code_png A QR code PNG image that encodes
    #   otpauth://totp/$virtualMFADeviceName@$AccountName? secret=$Base32String
    #   where $virtualMFADeviceName is one of the create call arguments,
    #   AccountName is the user name if set (accountId otherwise), and
    #   Base32String is the seed in Base32 format.  Only accessible on newly
    #   created devices. This value is Base64-encoded.
    #
    # @attr_reader [DateTime] enable_date When this device was enabled.
    #   Returns nil if this device has not been enabled.
    #
    class VirtualMfaDevice < Resource

      # @api private
      def initialize serial_number, options = {}
        @serial_number = serial_number
        super
      end

      # @return [String] Returns the virtual MFA device serial number (ARN).
      attr_reader :serial_number

      alias_method :arn, :serial_number

      attribute :base_32_string_seed, :static => true

      attribute :qr_code_png, :static => true

      attribute :enable_date, :static => true

      attribute :user_details, :from => :user

      protected :user_details

      # @return [User,nil] Returns the user this device was enabled
      #   for, or nil if this device has not been enabled.
      def user
        if details = user_details
          User.new(details.user_name, :config => config)
        end
      end

      # Enables the MFA device and associates it with the specified user.
      # When enabled, the MFA device is required for every subsequent login
      # by the user name associated with the device.
      # @param [User,String] user The user (or user name string) you want
      #   to enable this device for.
      # @param [String] code1 An authentication code emitted by the device.
      # @param [String] code2 A subsequent authentication code emitted by
      #   the device.
      def enable user, code1, code2

        user_name = user.is_a?(User) ? user.name : user

        client.enable_mfa_device(
          :user_name => user_name,
          :serial_number => serial_number,
          :authentication_code_1 => format_auth_code(code1),
          :authentication_code_2 => format_auth_code(code2))

        nil

      end

      # @return [Boolean] Returns true if this device has been enabled
      #   for a user.
      def enabled?
        !!enable_date
      end

      # Deactivates the MFA device and removes it from association with
      # the user for which it was originally enabled.
      # @return [nil]
      def deactivate
        client_opts = {}
        client_opts[:user_name] = user.name
        client_opts[:serial_number] = serial_number
        client.deactivate_mfa_device(client_opts)
        nil
      end
      alias_method :disable, :deactivate

      # Deletes this virtual MFA device.
      # @return [nil]
      def delete
        client.delete_virtual_mfa_device(resource_options)
        nil
      end

      populates_from :create_virtual_mfa_device do |resp|
        if resp.virtual_mfa_device.serial_number == serial_number
          resp.virtual_mfa_device
        end
      end

      populates_from :list_virtual_mfa_devices do |resp|
        resp.virtual_mfa_devices.find { |d| d.serial_number == serial_number }
      end

      protected
      def format_auth_code(code)
        code.is_a?(Integer) ? sprintf("%06d", code) : code
      end

      protected
      def get_resource attr_name
        client.list_virtual_mfa_devices
      end

      protected
      def resource_identifiers
        [[:serial_number, serial_number]]
      end

    end

  end
end