From ade92fe82d3ae23ad9a4eb7c43d4235450d47301 Mon Sep 17 00:00:00 2001
From: Brady Wied <wied03@users.noreply.github.com>
Date: Mon, 8 Dec 2025 21:25:38 -0700
Subject: [PATCH 1/3] Merge wied03/ENG-3603/mfa-retrieve-status-post (#65)

* client generation/new method

* better method name
---
 src/FusionAuth/FusionAuthClient.php | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/FusionAuth/FusionAuthClient.php b/src/FusionAuth/FusionAuthClient.php
index 9bd00c6..9b61341 100644
--- a/src/FusionAuth/FusionAuthClient.php
+++ b/src/FusionAuth/FusionAuthClient.php
@@ -4330,6 +4330,26 @@ public function retrieveTwoFactorStatus($userId, $applicationId, $twoFactorTrust
         ->go();
   }
 
+  /**
+   * Retrieve a user's two-factor status.
+   * 
+   * This can be used to see if a user will need to complete a two-factor challenge to complete a login,
+   * and optionally identify the state of the two-factor trust across various applications. This operation
+   * provides more payload options than retrieveTwoFactorStatus.
+   *
+   * @param array $request The request object that contains all the information used to check the status.
+   *
+   * @return ClientResponse The ClientResponse.
+   * @throws \Exception
+   */
+  public function retrieveTwoFactorStatusUsing($request)
+  {
+    return $this->start()->uri("/api/two-factor/status")
+        ->bodyHandler(new JSONBodyHandler($request))
+        ->post()
+        ->go();
+  }
+
   /**
    * Retrieves the user for the given Id.
    *

From 891d9561ab963ec18eb4e69963de4ac3ebfe15dd Mon Sep 17 00:00:00 2001
From: Brady Wied <wied03@users.noreply.github.com>
Date: Tue, 9 Dec 2025 19:13:49 -0700
Subject: [PATCH 2/3] Merge wied03/ENG-3608/mfa-change-password (#67)

* add IP address client overload

* forgot to update method names
---
 src/FusionAuth/FusionAuthClient.php | 90 +++++++++++++++++++++++++++++
 1 file changed, 90 insertions(+)

diff --git a/src/FusionAuth/FusionAuthClient.php b/src/FusionAuth/FusionAuthClient.php
index 9b61341..447cebf 100644
--- a/src/FusionAuth/FusionAuthClient.php
+++ b/src/FusionAuth/FusionAuthClient.php
@@ -265,6 +265,28 @@ public function checkChangePasswordUsingId($changePasswordId)
         ->go();
   }
 
+  /**
+   * Check to see if the user must obtain a Trust Token Id in order to complete a change password request.
+   * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
+   * your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication.
+   * 
+   * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
+   *
+   * @param string $changePasswordId The change password Id used to find the user. This value is generated by FusionAuth once the change password workflow has been initiated.
+   * @param string $ipAddress (Optional) IP address of the user changing their password. This is used for MFA risk assessment.
+   *
+   * @return ClientResponse The ClientResponse.
+   * @throws \Exception
+   */
+  public function checkChangePasswordUsingIdAndIPAddress($changePasswordId, $ipAddress = NULL)
+  {
+    return $this->startAnonymous()->uri("/api/user/change-password")
+        ->urlSegment($changePasswordId)
+        ->urlParameter("ipAddress", $ipAddress)
+        ->get()
+        ->go();
+  }
+
   /**
    * Check to see if the user must obtain a Trust Token Id in order to complete a change password request.
    * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
@@ -285,6 +307,28 @@ public function checkChangePasswordUsingJWT($encodedJWT)
         ->go();
   }
 
+  /**
+   * Check to see if the user must obtain a Trust Token Id in order to complete a change password request.
+   * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
+   * your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication.
+   * 
+   * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
+   *
+   * @param string $encodedJWT The encoded JWT (access token).
+   * @param string $ipAddress (Optional) IP address of the user changing their password. This is used for MFA risk assessment.
+   *
+   * @return ClientResponse The ClientResponse.
+   * @throws \Exception
+   */
+  public function checkChangePasswordUsingJWTAndIPAddress($encodedJWT, $ipAddress = NULL)
+  {
+    return $this->startAnonymous()->uri("/api/user/change-password")
+        ->authorization("Bearer " . $encodedJWT)
+        ->urlParameter("ipAddress", $ipAddress)
+        ->get()
+        ->go();
+  }
+
   /**
    * Check to see if the user must obtain a Trust Request Id in order to complete a change password request.
    * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
@@ -305,6 +349,28 @@ public function checkChangePasswordUsingLoginId($loginId)
         ->go();
   }
 
+  /**
+   * Check to see if the user must obtain a Trust Request Id in order to complete a change password request.
+   * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
+   * your password, you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication.
+   * 
+   * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
+   *
+   * @param string $loginId The loginId (email or username) of the User that you intend to change the password for.
+   * @param string $ipAddress (Optional) IP address of the user changing their password. This is used for MFA risk assessment.
+   *
+   * @return ClientResponse The ClientResponse.
+   * @throws \Exception
+   */
+  public function checkChangePasswordUsingLoginIdAndIPAddress($loginId, $ipAddress = NULL)
+  {
+    return $this->start()->uri("/api/user/change-password")
+        ->urlParameter("loginId", $loginId)
+        ->urlParameter("ipAddress", $ipAddress)
+        ->get()
+        ->go();
+  }
+
   /**
    * Check to see if the user must obtain a Trust Request Id in order to complete a change password request.
    * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
@@ -327,6 +393,30 @@ public function checkChangePasswordUsingLoginIdAndLoginIdTypes($loginId, $loginI
         ->go();
   }
 
+  /**
+   * Check to see if the user must obtain a Trust Request Id in order to complete a change password request.
+   * When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
+   * your password, you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication.
+   * 
+   * An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
+   *
+   * @param string $loginId The loginId of the User that you intend to change the password for.
+   * @param array $loginIdTypes The identity types that FusionAuth will compare the loginId to.
+   * @param string $ipAddress (Optional) IP address of the user changing their password. This is used for MFA risk assessment.
+   *
+   * @return ClientResponse The ClientResponse.
+   * @throws \Exception
+   */
+  public function checkChangePasswordUsingLoginIdAndLoginIdTypesAndIPAddress($loginId, $loginIdTypes, $ipAddress = NULL)
+  {
+    return $this->start()->uri("/api/user/change-password")
+        ->urlParameter("loginId", $loginId)
+        ->urlParameter("loginIdTypes", $loginIdTypes)
+        ->urlParameter("ipAddress", $ipAddress)
+        ->get()
+        ->go();
+  }
+
   /**
    * Make a Client Credentials grant request to obtain an access token.
    *

From 35a014c9b7c459e23a196ee3dbc599e977e718ef Mon Sep 17 00:00:00 2001
From: Brady Wied <brady.wied@fusionauth.io>
Date: Wed, 10 Dec 2025 16:53:32 -0700
Subject: [PATCH 3/3] naming advice

---
 src/FusionAuth/FusionAuthClient.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/FusionAuth/FusionAuthClient.php b/src/FusionAuth/FusionAuthClient.php
index 99c012e..48d0f39 100644
--- a/src/FusionAuth/FusionAuthClient.php
+++ b/src/FusionAuth/FusionAuthClient.php
@@ -4448,7 +4448,7 @@ public function retrieveTwoFactorStatus($userId, $applicationId, $twoFactorTrust
    * @return ClientResponse The ClientResponse.
    * @throws \Exception
    */
-  public function retrieveTwoFactorStatusUsing($request)
+  public function retrieveTwoFactorStatusWithRequest($request)
   {
     return $this->start()->uri("/api/two-factor/status")
         ->bodyHandler(new JSONBodyHandler($request))