Create MFA Report script

lib/data_pull.rb

@@ -39,6 +39,8 @@ def banner
 
         * #{basename} ig-request uuid1 uuid2 --requesting-issuer=ABC:DEF:GHI
 
+        * #{basename} mfa-report uuid1 uuid2
+
         * #{basename} profile-summary uuid1 uuid2
 
         * #{basename} uuid-convert partner-uuid1 partner-uuid2
@@ -59,6 +61,7 @@ def subtask(name)
       'email-lookup' => EmailLookup,
       'events-summary' => EventsSummary,
       'ig-request' => InspectorGeneralRequest,
+      'mfa-report' => MfaReport,
       'profile-summary' => ProfileSummary,
       'uuid-convert' => UuidConvert,
       'uuid-export' => UuidExport,
@@ -156,6 +159,44 @@ def run(args:, config:)
     end
   end
 
+  class MfaReport
+    def run(args:, config:)
+      require 'data_requests/deployed'
+      uuids = args
+
+      users, missing_uuids = uuids.map do |uuid|
+        DataRequests::Deployed::LookupUserByUuid.new(uuid).call || uuid
+      end.partition { |u| u.is_a?(User) }
+
+      output = users.map do |user|
+        output = DataRequests::Deployed::CreateMfaConfigurationsReport.new(user).call
+        output[:uuid] = user.uuid
+
+        output
+      end
+
+      if config.include_missing?
+        output += missing_uuids.map do |uuid|
+          {
+            uuid: uuid,
+            phone_configurations: [],
+            auth_app_configurations: [],
+            webauthn_configurations: [],
+            piv_cac_configurations: [],
+            backup_code_configurations: [],
+            not_found: true,
+          }
+        end
+      end
+
+      ScriptBase::Result.new(
+        subtask: 'mfa-report',
+        uuids: uuids,
+        json: output,
+      )
+    end
+  end
+
   class InspectorGeneralRequest
     def run(args:, config:)
       require 'data_requests/deployed'

lib/data_requests/deployed/create_mfa_configurations_report.rb

@@ -63,6 +63,7 @@ def webauthn_configurations_report
         user.webauthn_configurations.map do |webauthn_configuration|
           {
             name: webauthn_configuration.name,
+            platform_authenticator: webauthn_configuration.platform_authenticator,
             created_at: webauthn_configuration.created_at,
           }
         end

spec/lib/data_pull_spec.rb

@@ -293,6 +293,33 @@
     end
   end
 
+  describe DataPull::MfaReport do
+    subject(:subtask) { DataPull::MfaReport.new }
+
+    describe '#run' do
+      let(:user) { create(:user) }
+      let(:args) { [user.uuid] }
+      let(:config) { ScriptBase::Config.new }
+
+      subject(:result) { subtask.run(args:, config:) }
+
+      it 'runs the MFA report, has a JSON-only response', aggregate_failures: true do
+        expect(result.table).to be_nil
+        expect(result.json.first.keys).to contain_exactly(
+          :uuid,
+          :phone_configurations,
+          :auth_app_configurations,
+          :webauthn_configurations,
+          :piv_cac_configurations,
+          :backup_code_configurations,
+        )
+
+        expect(result.subtask).to eq('mfa-report')
+        expect(result.uuids).to eq([user.uuid])
+      end
+    end
+  end
+
   describe DataPull::InspectorGeneralRequest do
     subject(:subtask) { DataPull::InspectorGeneralRequest.new }
 

spec/lib/data_requests/deployed/create_mfa_configurations_report_spec.rb

@@ -41,6 +41,9 @@
       webauthn_data = result[:webauthn_configurations]
 
       expect(webauthn_data.first[:name]).to eq(webauthn_configuration.name)
+      expect(webauthn_data.first[:platform_authenticator]).to eq(
+        webauthn_configuration.platform_authenticator,
+      )
       expect(webauthn_data.first[:created_at]).to be_within(1.second).of(
         webauthn_configuration.created_at,
       )