From 69ad8e62f308c7418b13bf9ebecff0ad282229f0 Mon Sep 17 00:00:00 2001 From: Brady Wied Date: Tue, 9 Dec 2025 13:08:50 -0700 Subject: [PATCH 1/2] add IP address client overload --- src/FusionAuth/FusionAuthClient.php | 90 +++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/src/FusionAuth/FusionAuthClient.php b/src/FusionAuth/FusionAuthClient.php index 9b61341..25ebb9d 100644 --- a/src/FusionAuth/FusionAuthClient.php +++ b/src/FusionAuth/FusionAuthClient.php @@ -265,6 +265,28 @@ public function checkChangePasswordUsingId($changePasswordId) ->go(); } + /** + * Check to see if the user must obtain a Trust Token Id in order to complete a change password request. + * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change + * your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication. + * + * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API. + * + * @param string $changePasswordId The change password Id used to find the user. This value is generated by FusionAuth once the change password workflow has been initiated. + * @param string $ipAddress (Optional) IP address of the user changing their password. This is used for MFA risk assessment. + * + * @return ClientResponse The ClientResponse. + * @throws \Exception + */ + public function checkChangePasswordUsingIdAndIPAddress($changePasswordId, $ipAddress = NULL) + { + return $this->startAnonymous()->uri("/api/user/change-password") + ->urlSegment($changePasswordId) + ->urlParameter("ipAddress", $ipAddress) + ->get() + ->go(); + } + /** * Check to see if the user must obtain a Trust Token Id in order to complete a change password request. * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change @@ -285,6 +307,28 @@ public function checkChangePasswordUsingJWT($encodedJWT) ->go(); } + /** + * Check to see if the user must obtain a Trust Token Id in order to complete a change password request. + * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change + * your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication. + * + * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API. + * + * @param string $encodedJWT The encoded JWT (access token). + * @param string $ipAddress (Optional) IP address of the user changing their password. This is used for MFA risk assessment. + * + * @return ClientResponse The ClientResponse. + * @throws \Exception + */ + public function checkChangePasswordUsingJWT($encodedJWT, $ipAddress = NULL) + { + return $this->startAnonymous()->uri("/api/user/change-password") + ->authorization("Bearer " . $encodedJWT) + ->urlParameter("ipAddress", $ipAddress) + ->get() + ->go(); + } + /** * Check to see if the user must obtain a Trust Request Id in order to complete a change password request. * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change @@ -305,6 +349,28 @@ public function checkChangePasswordUsingLoginId($loginId) ->go(); } + /** + * Check to see if the user must obtain a Trust Request Id in order to complete a change password request. + * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change + * your password, you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication. + * + * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API. + * + * @param string $loginId The loginId (email or username) of the User that you intend to change the password for. + * @param string $ipAddress (Optional) IP address of the user changing their password. This is used for MFA risk assessment. + * + * @return ClientResponse The ClientResponse. + * @throws \Exception + */ + public function checkChangePasswordUsingLoginId($loginId, $ipAddress = NULL) + { + return $this->start()->uri("/api/user/change-password") + ->urlParameter("loginId", $loginId) + ->urlParameter("ipAddress", $ipAddress) + ->get() + ->go(); + } + /** * Check to see if the user must obtain a Trust Request Id in order to complete a change password request. * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change @@ -327,6 +393,30 @@ public function checkChangePasswordUsingLoginIdAndLoginIdTypes($loginId, $loginI ->go(); } + /** + * Check to see if the user must obtain a Trust Request Id in order to complete a change password request. + * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change + * your password, you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication. + * + * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API. + * + * @param string $loginId The loginId of the User that you intend to change the password for. + * @param array $loginIdTypes The identity types that FusionAuth will compare the loginId to. + * @param string $ipAddress (Optional) IP address of the user changing their password. This is used for MFA risk assessment. + * + * @return ClientResponse The ClientResponse. + * @throws \Exception + */ + public function checkChangePasswordUsingLoginIdAndLoginIdTypes($loginId, $loginIdTypes, $ipAddress = NULL) + { + return $this->start()->uri("/api/user/change-password") + ->urlParameter("loginId", $loginId) + ->urlParameter("loginIdTypes", $loginIdTypes) + ->urlParameter("ipAddress", $ipAddress) + ->get() + ->go(); + } + /** * Make a Client Credentials grant request to obtain an access token. * From 67f30fc79b62fa1fc115d2b79224f67852443303 Mon Sep 17 00:00:00 2001 From: Brady Wied Date: Tue, 9 Dec 2025 14:13:38 -0700 Subject: [PATCH 2/2] forgot to update method names --- src/FusionAuth/FusionAuthClient.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/FusionAuth/FusionAuthClient.php b/src/FusionAuth/FusionAuthClient.php index 25ebb9d..447cebf 100644 --- a/src/FusionAuth/FusionAuthClient.php +++ b/src/FusionAuth/FusionAuthClient.php @@ -320,7 +320,7 @@ public function checkChangePasswordUsingJWT($encodedJWT) * @return ClientResponse The ClientResponse. * @throws \Exception */ - public function checkChangePasswordUsingJWT($encodedJWT, $ipAddress = NULL) + public function checkChangePasswordUsingJWTAndIPAddress($encodedJWT, $ipAddress = NULL) { return $this->startAnonymous()->uri("/api/user/change-password") ->authorization("Bearer " . $encodedJWT) @@ -362,7 +362,7 @@ public function checkChangePasswordUsingLoginId($loginId) * @return ClientResponse The ClientResponse. * @throws \Exception */ - public function checkChangePasswordUsingLoginId($loginId, $ipAddress = NULL) + public function checkChangePasswordUsingLoginIdAndIPAddress($loginId, $ipAddress = NULL) { return $this->start()->uri("/api/user/change-password") ->urlParameter("loginId", $loginId) @@ -407,7 +407,7 @@ public function checkChangePasswordUsingLoginIdAndLoginIdTypes($loginId, $loginI * @return ClientResponse The ClientResponse. * @throws \Exception */ - public function checkChangePasswordUsingLoginIdAndLoginIdTypes($loginId, $loginIdTypes, $ipAddress = NULL) + public function checkChangePasswordUsingLoginIdAndLoginIdTypesAndIPAddress($loginId, $loginIdTypes, $ipAddress = NULL) { return $this->start()->uri("/api/user/change-password") ->urlParameter("loginId", $loginId)