From 57f2173e5be1d181007de7f838a8a26d01227c97 Mon Sep 17 00:00:00 2001 From: Brady Wied Date: Mon, 8 Dec 2025 21:25:42 -0700 Subject: [PATCH 1/3] Merge wied03/ENG-3603/mfa-retrieve-status-post (#51) * client generation/new method * better method name --- lib/fusionauth/fusionauth_client.rb | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/lib/fusionauth/fusionauth_client.rb b/lib/fusionauth/fusionauth_client.rb index 9b576a6..56b54ed 100644 --- a/lib/fusionauth/fusionauth_client.rb +++ b/lib/fusionauth/fusionauth_client.rb @@ -3340,6 +3340,22 @@ def retrieve_two_factor_status(user_id, application_id, two_factor_trust_id) .go end + # + # Retrieve a user's two-factor status. + # + # This can be used to see if a user will need to complete a two-factor challenge to complete a login, + # and optionally identify the state of the two-factor trust across various applications. This operation + # provides more payload options than retrieveTwoFactorStatus. + # + # @param request [OpenStruct, Hash] The request object that contains all the information used to check the status. + # @return [FusionAuth::ClientResponse] The ClientResponse object. + def retrieve_two_factor_status_using(request) + start.uri('/api/two-factor/status') + .body_handler(FusionAuth::JSONBodyHandler.new(request)) + .post + .go + end + # # Retrieves the user for the given Id. # From b76d42b227618c707944124cc03e257d716a0264 Mon Sep 17 00:00:00 2001 From: Brady Wied Date: Tue, 9 Dec 2025 19:13:53 -0700 Subject: [PATCH 2/3] Merge wied03/ENG-3608/mfa-change-password (#53) * add IP address client overload * forgot to update method names --- lib/fusionauth/fusionauth_client.rb | 74 +++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/lib/fusionauth/fusionauth_client.rb b/lib/fusionauth/fusionauth_client.rb index 56b54ed..daf4a7d 100644 --- a/lib/fusionauth/fusionauth_client.rb +++ b/lib/fusionauth/fusionauth_client.rb @@ -199,6 +199,24 @@ def check_change_password_using_id(change_password_id) .go end + # + # Check to see if the user must obtain a Trust Token Id in order to complete a change password request. + # When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change + # your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication. + # + # An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API. + # + # @param change_password_id [string] The change password Id used to find the user. This value is generated by FusionAuth once the change password workflow has been initiated. + # @param ip_address [string] (Optional) IP address of the user changing their password. This is used for MFA risk assessment. + # @return [FusionAuth::ClientResponse] The ClientResponse object. + def check_change_password_using_id_and_ip_address(change_password_id, ip_address) + startAnonymous.uri('/api/user/change-password') + .url_segment(change_password_id) + .url_parameter('ipAddress', ip_address) + .get + .go + end + # # Check to see if the user must obtain a Trust Token Id in order to complete a change password request. # When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change @@ -215,6 +233,24 @@ def check_change_password_using_jwt(encoded_jwt) .go end + # + # Check to see if the user must obtain a Trust Token Id in order to complete a change password request. + # When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change + # your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication. + # + # An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API. + # + # @param encoded_jwt [string] The encoded JWT (access token). + # @param ip_address [string] (Optional) IP address of the user changing their password. This is used for MFA risk assessment. + # @return [FusionAuth::ClientResponse] The ClientResponse object. + def check_change_password_using_jwt_and_ip_address(encoded_jwt, ip_address) + startAnonymous.uri('/api/user/change-password') + .authorization('Bearer ' + encoded_jwt) + .url_parameter('ipAddress', ip_address) + .get + .go + end + # # Check to see if the user must obtain a Trust Request Id in order to complete a change password request. # When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change @@ -231,6 +267,24 @@ def check_change_password_using_login_id(login_id) .go end + # + # Check to see if the user must obtain a Trust Request Id in order to complete a change password request. + # When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change + # your password, you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication. + # + # An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API. + # + # @param login_id [string] The loginId (email or username) of the User that you intend to change the password for. + # @param ip_address [string] (Optional) IP address of the user changing their password. This is used for MFA risk assessment. + # @return [FusionAuth::ClientResponse] The ClientResponse object. + def check_change_password_using_login_id_and_ip_address(login_id, ip_address) + start.uri('/api/user/change-password') + .url_parameter('loginId', login_id) + .url_parameter('ipAddress', ip_address) + .get + .go + end + # # Check to see if the user must obtain a Trust Request Id in order to complete a change password request. # When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change @@ -249,6 +303,26 @@ def check_change_password_using_login_id_and_login_id_types(login_id, login_id_t .go end + # + # Check to see if the user must obtain a Trust Request Id in order to complete a change password request. + # When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change + # your password, you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication. + # + # An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API. + # + # @param login_id [string] The loginId of the User that you intend to change the password for. + # @param login_id_types [Array] The identity types that FusionAuth will compare the loginId to. + # @param ip_address [string] (Optional) IP address of the user changing their password. This is used for MFA risk assessment. + # @return [FusionAuth::ClientResponse] The ClientResponse object. + def check_change_password_using_login_id_and_login_id_types_and_ip_address(login_id, login_id_types, ip_address) + start.uri('/api/user/change-password') + .url_parameter('loginId', login_id) + .url_parameter('loginIdTypes', login_id_types) + .url_parameter('ipAddress', ip_address) + .get + .go + end + # # Make a Client Credentials grant request to obtain an access token. # From 045d22b17a10d7e2643137f990e32e3dc4d46c8a Mon Sep 17 00:00:00 2001 From: Brady Wied Date: Wed, 10 Dec 2025 16:53:32 -0700 Subject: [PATCH 3/3] naming advice --- lib/fusionauth/fusionauth_client.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/fusionauth/fusionauth_client.rb b/lib/fusionauth/fusionauth_client.rb index ac1a682..3134839 100644 --- a/lib/fusionauth/fusionauth_client.rb +++ b/lib/fusionauth/fusionauth_client.rb @@ -3435,7 +3435,7 @@ def retrieve_two_factor_status(user_id, application_id, two_factor_trust_id) # # @param request [OpenStruct, Hash] The request object that contains all the information used to check the status. # @return [FusionAuth::ClientResponse] The ClientResponse object. - def retrieve_two_factor_status_using(request) + def retrieve_two_factor_status_with_request(request) start.uri('/api/two-factor/status') .body_handler(FusionAuth::JSONBodyHandler.new(request)) .post