From 802fb3baad8aed1c0f9dcfb040470947dfceb225 Mon Sep 17 00:00:00 2001
From: gruebel <anton.gruebel@gmail.com>
Date: Mon, 21 Oct 2019 22:51:00 +0200
Subject: [PATCH] Connect user with virtual mfa device

---
 moto/iam/models.py         | 21 +++++++++++++
 moto/iam/responses.py      | 10 +++----
 tests/test_iam/test_iam.py | 61 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 87 insertions(+), 5 deletions(-)

diff --git a/moto/iam/models.py b/moto/iam/models.py
index 8921244cd..d7e8f8657 100644
--- a/moto/iam/models.py
+++ b/moto/iam/models.py
@@ -1251,6 +1251,21 @@ class IAMBackend(BaseBackend):
                 "Device {0} already exists".format(serial_number)
             )
 
+        device = self.virtual_mfa_devices.get(serial_number, None)
+        if device:
+            device.enable_date = datetime.utcnow()
+            device.user = user
+            device.user_attribute = {
+                'Path': user.path,
+                'UserName': user.name,
+                'UserId': user.id,
+                'Arn': user.arn,
+                'CreateDate': user.created_iso_8601,
+                'PasswordLastUsed': None,  # not supported
+                'PermissionsBoundary': {},  # ToDo: add put_user_permissions_boundary() functionality
+                'Tags': {}  # ToDo: add tag_user() functionality
+            }
+
         user.enable_mfa_device(
             serial_number,
             authentication_code_1,
@@ -1265,6 +1280,12 @@ class IAMBackend(BaseBackend):
                 "Device {0} not found".format(serial_number)
             )
 
+        device = self.virtual_mfa_devices.get(serial_number, None)
+        if device:
+            device.enable_date = None
+            device.user = None
+            device.user_attribute = None
+
         user.deactivate_mfa_device(serial_number)
 
     def list_mfa_devices(self, user_name):
diff --git a/moto/iam/responses.py b/moto/iam/responses.py
index 8814a25a1..01cbeb712 100644
--- a/moto/iam/responses.py
+++ b/moto/iam/responses.py
@@ -1739,11 +1739,11 @@ LIST_VIRTUAL_MFA_DEVICES_TEMPLATE = """<ListVirtualMFADevicesResponse xmlns="htt
       {% endif %}
       {% if device.user %}
       <User>
-        <Path>{{ user.path }}</Path>
-        <UserName>{{ user.name }}</UserName>
-        <UserId>{{ user.id }}</UserId>
-        <CreateDate>{{ user.created_iso_8601 }}</CreateDate>
-        <Arn>{{ user.arn }}</Arn>
+        <Path>{{ device.user.path }}</Path>
+        <UserName>{{ device.user.name }}</UserName>
+        <UserId>{{ device.user.id }}</UserId>
+        <CreateDate>{{ device.user.created_iso_8601 }}</CreateDate>
+        <Arn>{{ device.user.arn }}</Arn>
       </User>
       {% endif %}
     </member>
diff --git a/tests/test_iam/test_iam.py b/tests/test_iam/test_iam.py
index ff02646c4..bf0d0d09e 100644
--- a/tests/test_iam/test_iam.py
+++ b/tests/test_iam/test_iam.py
@@ -919,6 +919,67 @@ def test_list_virtual_mfa_devices_errors():
     )
 
 
+@mock_iam
+def test_enable_virtual_mfa_device():
+    client = boto3.client('iam', region_name='us-east-1')
+    response = client.create_virtual_mfa_device(
+        VirtualMFADeviceName='test-device'
+    )
+    serial_number = response['VirtualMFADevice']['SerialNumber']
+
+    client.create_user(UserName='test-user')
+    client.enable_mfa_device(
+        UserName='test-user',
+        SerialNumber=serial_number,
+        AuthenticationCode1='234567',
+        AuthenticationCode2='987654'
+    )
+
+    response = client.list_virtual_mfa_devices(
+        AssignmentStatus='Unassigned'
+    )
+
+    response['VirtualMFADevices'].should.have.length_of(0)
+    response['IsTruncated'].should_not.be.ok
+
+    response = client.list_virtual_mfa_devices(
+        AssignmentStatus='Assigned'
+    )
+
+    device = response['VirtualMFADevices'][0]
+    device['SerialNumber'].should.equal(serial_number)
+    device['User']['Path'].should.equal('/')
+    device['User']['UserName'].should.equal('test-user')
+    device['User']['UserId'].should_not.be.empty
+    device['User']['Arn'].should.equal('arn:aws:iam::123456789012:user/test-user')
+    device['User']['CreateDate'].should.be.a(datetime)
+    device['EnableDate'].should.be.a(datetime)
+    response['IsTruncated'].should_not.be.ok
+
+    client.deactivate_mfa_device(
+        UserName='test-user',
+        SerialNumber=serial_number
+    )
+
+    response = client.list_virtual_mfa_devices(
+        AssignmentStatus='Assigned'
+    )
+
+    response['VirtualMFADevices'].should.have.length_of(0)
+    response['IsTruncated'].should_not.be.ok
+
+    response = client.list_virtual_mfa_devices(
+        AssignmentStatus = 'Unassigned'
+    )
+
+    response['VirtualMFADevices'].should.equal([
+        {
+            'SerialNumber': serial_number
+        }
+    ])
+    response['IsTruncated'].should_not.be.ok
+
+
 @mock_iam_deprecated()
 def test_delete_user_deprecated():
     conn = boto.connect_iam()