FusionAuth · wied03 · Dec 9, 2025 · Dec 10, 2025 · Dec 10, 2025 · Dec 10, 2025
diff --git a/src/main/python/fusionauth/fusionauth_client.py b/src/main/python/fusionauth/fusionauth_client.py
@@ -194,6 +194,24 @@ def check_change_password_using_id(self, change_password_id):
             .get() \
             .go()
 
+    def check_change_password_using_id_and_ip_address(self, change_password_id, ip_address=None):
+        """
+        Check to see if the user must obtain a Trust Token Id in order to complete a change password request.
+        When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
+        your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication.
+
+        An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
+
+        Attributes:
+            change_password_id: The change password Id used to find the user. This value is generated by FusionAuth once the change password workflow has been initiated.
+            ip_address: (Optional) IP address of the user changing their password. This is used for MFA risk assessment.
+        """
+        return self.start_anonymous().uri('/api/user/change-password') \
+            .url_segment(change_password_id) \
+            .url_parameter('ipAddress', self.convert_true_false(ip_address)) \
+            .get() \
+            .go()
+
     def check_change_password_using_jwt(self, encoded_jwt):
         """
         Check to see if the user must obtain a Trust Token Id in order to complete a change password request.
@@ -210,6 +228,24 @@ def check_change_password_using_jwt(self, encoded_jwt):
             .get() \
             .go()
 
+    def check_change_password_using_jwt_and_ip_address(self, encoded_jwt, ip_address=None):
+        """
+        Check to see if the user must obtain a Trust Token Id in order to complete a change password request.
+        When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
+        your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication.
+
+        An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
+
+        Attributes:
+            encoded_jwt: The encoded JWT (access token).
+            ip_address: (Optional) IP address of the user changing their password. This is used for MFA risk assessment.
+        """
+        return self.start_anonymous().uri('/api/user/change-password') \
+            .authorization("Bearer " + encoded_jwt) \
+            .url_parameter('ipAddress', self.convert_true_false(ip_address)) \
+            .get() \
+            .go()
+
     def check_change_password_using_login_id(self, login_id):
         """
         Check to see if the user must obtain a Trust Request Id in order to complete a change password request.
@@ -226,6 +262,24 @@ def check_change_password_using_login_id(self, login_id):
             .get() \
             .go()
 
+    def check_change_password_using_login_id_and_ip_address(self, login_id, ip_address=None):
+        """
+        Check to see if the user must obtain a Trust Request Id in order to complete a change password request.
+        When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
+        your password, you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication.
+
+        An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
+
+        Attributes:
+            login_id: The loginId (email or username) of the User that you intend to change the password for.
+            ip_address: (Optional) IP address of the user changing their password. This is used for MFA risk assessment.
+        """
+        return self.start().uri('/api/user/change-password') \
+            .url_parameter('loginId', self.convert_true_false(login_id)) \
+            .url_parameter('ipAddress', self.convert_true_false(ip_address)) \
+            .get() \
+            .go()
+
     def check_change_password_using_login_id_and_login_id_types(self, login_id, login_id_types):
         """
         Check to see if the user must obtain a Trust Request Id in order to complete a change password request.
@@ -244,6 +298,26 @@ def check_change_password_using_login_id_and_login_id_types(self, login_id, logi
             .get() \
             .go()
 
+    def check_change_password_using_login_id_and_login_id_types_and_ip_address(self, login_id, login_id_types, ip_address=None):
+        """
+        Check to see if the user must obtain a Trust Request Id in order to complete a change password request.
+        When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change
+        your password, you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication.
+
+        An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API.
+
+        Attributes:
+            login_id: The loginId of the User that you intend to change the password for.
+            login_id_types: The identity types that FusionAuth will compare the loginId to.
+            ip_address: (Optional) IP address of the user changing their password. This is used for MFA risk assessment.
+        """
+        return self.start().uri('/api/user/change-password') \
+            .url_parameter('loginId', self.convert_true_false(login_id)) \
+            .url_parameter('loginIdTypes', self.convert_true_false(login_id_types)) \
+            .url_parameter('ipAddress', self.convert_true_false(ip_address)) \
+            .get() \
+            .go()
+
     def client_credentials_grant(self, client_id=None, client_secret=None, scope=None):
         """
         Make a Client Credentials grant request to obtain an access token.
@@ -3347,6 +3421,22 @@ def retrieve_two_factor_status(self, user_id, application_id, two_factor_trust_i
             .get() \
             .go()
 
+    def retrieve_two_factor_status_with_request(self, request):
+        """
+        Retrieve a user's two-factor status.
+
+        This can be used to see if a user will need to complete a two-factor challenge to complete a login,
+        and optionally identify the state of the two-factor trust across various applications. This operation
+        provides more payload options than retrieveTwoFactorStatus.
+
+        Attributes:
+            request: The request object that contains all the information used to check the status.
+        """
+        return self.start().uri('/api/two-factor/status') \
+            .body_handler(JSONBodyHandler(request)) \
+            .post() \
+            .go()
+
     def retrieve_user(self, user_id):
         """
         Retrieves the user for the given Id.