Merge feature/ENG-1111/mfa-lambda (#54)

wied03 · web-flow · commit f7f47dfe8d9d · 2025-12-17T14:23:48.000-07:00
* Merge wied03/ENG-3603/mfa-retrieve-status-post (#51) * client generation/new method * better method name * Merge wied03/ENG-3608/mfa-change-password (#53) * add IP address client overload * forgot to update method names * naming advice
diff --git a/lib/fusionauth/fusionauth_client.rb b/lib/fusionauth/fusionauth_client.rb
@@ -199,6 +199,24 @@ def check_change_password_using_id(change_password_id)
           .go
     end
 
+    #
+    # Check to see if the user must obtain a Trust Token Id in order to complete a change password request.
+    # When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
+    # your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication.
+    # 
+    # An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
+    #
+    # @param change_password_id [string] The change password Id used to find the user. This value is generated by FusionAuth once the change password workflow has been initiated.
+    # @param ip_address [string] (Optional) IP address of the user changing their password. This is used for MFA risk assessment.
+    # @return [FusionAuth::ClientResponse] The ClientResponse object.
+    def check_change_password_using_id_and_ip_address(change_password_id, ip_address)
+      startAnonymous.uri('/api/user/change-password')
+          .url_segment(change_password_id)
+          .url_parameter('ipAddress', ip_address)
+          .get
+          .go
+    end
+
     #
     # Check to see if the user must obtain a Trust Token Id in order to complete a change password request.
     # When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
@@ -215,6 +233,24 @@ def check_change_password_using_jwt(encoded_jwt)
           .go
     end
 
+    #
+    # Check to see if the user must obtain a Trust Token Id in order to complete a change password request.
+    # When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
+    # your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication.
+    # 
+    # An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
+    #
+    # @param encoded_jwt [string] The encoded JWT (access token).
+    # @param ip_address [string] (Optional) IP address of the user changing their password. This is used for MFA risk assessment.
+    # @return [FusionAuth::ClientResponse] The ClientResponse object.
+    def check_change_password_using_jwt_and_ip_address(encoded_jwt, ip_address)
+      startAnonymous.uri('/api/user/change-password')
+          .authorization('Bearer ' + encoded_jwt)
+          .url_parameter('ipAddress', ip_address)
+          .get
+          .go
+    end
+
     #
     # Check to see if the user must obtain a Trust Request Id in order to complete a change password request.
     # When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
@@ -231,6 +267,24 @@ def check_change_password_using_login_id(login_id)
           .go
     end
 
+    #
+    # Check to see if the user must obtain a Trust Request Id in order to complete a change password request.
+    # When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
+    # your password, you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication.
+    # 
+    # An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
+    #
+    # @param login_id [string] The loginId (email or username) of the User that you intend to change the password for.
+    # @param ip_address [string] (Optional) IP address of the user changing their password. This is used for MFA risk assessment.
+    # @return [FusionAuth::ClientResponse] The ClientResponse object.
+    def check_change_password_using_login_id_and_ip_address(login_id, ip_address)
+      start.uri('/api/user/change-password')
+          .url_parameter('loginId', login_id)
+          .url_parameter('ipAddress', ip_address)
+          .get
+          .go
+    end
+
     #
     # Check to see if the user must obtain a Trust Request Id in order to complete a change password request.
     # When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
@@ -249,6 +303,26 @@ def check_change_password_using_login_id_and_login_id_types(login_id, login_id_t
           .go
     end
 
+    #
+    # Check to see if the user must obtain a Trust Request Id in order to complete a change password request.
+    # When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
+    # your password, you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication.
+    # 
+    # An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
+    #
+    # @param login_id [string] The loginId of the User that you intend to change the password for.
+    # @param login_id_types [Array] The identity types that FusionAuth will compare the loginId to.
+    # @param ip_address [string] (Optional) IP address of the user changing their password. This is used for MFA risk assessment.
+    # @return [FusionAuth::ClientResponse] The ClientResponse object.
+    def check_change_password_using_login_id_and_login_id_types_and_ip_address(login_id, login_id_types, ip_address)
+      start.uri('/api/user/change-password')
+          .url_parameter('loginId', login_id)
+          .url_parameter('loginIdTypes', login_id_types)
+          .url_parameter('ipAddress', ip_address)
+          .get
+          .go
+    end
+
     #
     # Make a Client Credentials grant request to obtain an access token.
     #
@@ -3352,6 +3426,22 @@ def retrieve_two_factor_status(user_id, application_id, two_factor_trust_id)
           .go
     end
 
+    #
+    # Retrieve a user's two-factor status.
+    # 
+    # This can be used to see if a user will need to complete a two-factor challenge to complete a login,
+    # and optionally identify the state of the two-factor trust across various applications. This operation
+    # provides more payload options than retrieveTwoFactorStatus.
+    #
+    # @param request [OpenStruct, Hash] The request object that contains all the information used to check the status.
+    # @return [FusionAuth::ClientResponse] The ClientResponse object.
+    def retrieve_two_factor_status_with_request(request)
+      start.uri('/api/two-factor/status')
+          .body_handler(FusionAuth::JSONBodyHandler.new(request))
+          .post
+          .go
+    end
+
     #
     # Retrieves the user for the given Id.
     #
