squash merge degroff/change-password-lockout

Author: robotdan

build.savant

@@ -14,7 +14,7 @@
  * language governing permissions and limitations under the License.
  */
 
-project(group: "io.fusionauth", name: "fusionauth-typescript-client", version: "1.41.3", licenses: ["ApacheV2_0"]) {
+project(group: "io.fusionauth", name: "fusionauth-typescript-client", version: "1.42.0", licenses: ["ApacheV2_0"]) {
   workflow {
     fetch {
       cache()

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@fusionauth/typescript-client",
-  "version": "1.41.3",
+  "version": "1.42.0",
   "description": "A typescript implementation of the FusionAuth client.",
   "main": "build/index.js",
   "types": "build/index.d.ts",

package.json

@@ -1371,11 +1371,11 @@ export class FusionAuthClient {
   }
 
   /**
-   * Disable Two Factor authentication for a user.
+   * Disable two-factor authentication for a user.
    *
-   * @param {UUID} userId The Id of the User for which you're disabling Two Factor authentication.
+   * @param {UUID} userId The Id of the User for which you're disabling two-factor authentication.
    * @param {string} methodId The two-factor method identifier you wish to disable
-   * @param {string} code The Two Factor code used verify the the caller knows the Two Factor secret.
+   * @param {string} code The two-factor code used verify the the caller knows the two-factor secret.
    * @returns {Promise<ClientResponse<void>>}
    */
   disableTwoFactor(userId: UUID, methodId: string, code: string): Promise<ClientResponse<void>> {
@@ -1389,9 +1389,9 @@ export class FusionAuthClient {
   }
 
   /**
-   * Disable Two Factor authentication for a user using a JSON body rather than URL parameters.
+   * Disable two-factor authentication for a user using a JSON body rather than URL parameters.
    *
-   * @param {UUID} userId The Id of the User for which you're disabling Two Factor authentication.
+   * @param {UUID} userId The Id of the User for which you're disabling two-factor authentication.
    * @param {TwoFactorDisableRequest} request The request information that contains the code and methodId along with any event information.
    * @returns {Promise<ClientResponse<void>>}
    */
@@ -1405,10 +1405,10 @@ export class FusionAuthClient {
   }
 
   /**
-   * Enable Two Factor authentication for a user.
+   * Enable two-factor authentication for a user.
    *
-   * @param {UUID} userId The Id of the user to enable Two Factor authentication.
-   * @param {TwoFactorRequest} request The two factor enable request information.
+   * @param {UUID} userId The Id of the user to enable two-factor authentication.
+   * @param {TwoFactorRequest} request The two-factor enable request information.
    * @returns {Promise<ClientResponse<TwoFactorResponse>>}
    */
   enableTwoFactor(userId: UUID, request: TwoFactorRequest): Promise<ClientResponse<TwoFactorResponse>> {
@@ -1425,7 +1425,7 @@ export class FusionAuthClient {
    * Makes a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint for an access token.
    *
    * @param {string} code The authorization code returned on the /oauth2/authorize response.
-   * @param {string} client_id The unique client identifier. The client Id is the Id of the FusionAuth Application in which you you are attempting to authenticate.
+   * @param {string} client_id The unique client identifier. The client Id is the Id of the FusionAuth Application in which you are attempting to authenticate.
    * @param {string} client_secret (Optional) The client secret. This value will be required if client authentication is enabled.
    * @param {string} redirect_uri The URI to redirect to upon a successful request.
    * @returns {Promise<ClientResponse<AccessToken>>}
@@ -1450,7 +1450,7 @@ export class FusionAuthClient {
    * Makes a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint and a code_verifier for an access token.
    *
    * @param {string} code The authorization code returned on the /oauth2/authorize response.
-   * @param {string} client_id (Optional) The unique client identifier. The client Id is the Id of the FusionAuth Application in which you you are attempting to authenticate. This parameter is optional when the Authorization header is provided.
+   * @param {string} client_id (Optional) The unique client identifier. The client Id is the Id of the FusionAuth Application in which you are attempting to authenticate. This parameter is optional when the Authorization header is provided.
    * @param {string} client_secret (Optional) The client secret. This value may optionally be provided in the request body instead of the Authorization header.
    * @param {string} redirect_uri The URI to redirect to upon a successful request.
    * @param {string} code_verifier The random string generated previously. Will be compared with the code_challenge sent previously, which allows the OAuth provider to authenticate your app.
@@ -1477,7 +1477,7 @@ export class FusionAuthClient {
    * If you will be using the Refresh Token Grant, you will make a request to the Token endpoint to exchange the user’s refresh token for an access token.
    *
    * @param {string} refresh_token The refresh token that you would like to use to exchange for an access token.
-   * @param {string} client_id (Optional) The unique client identifier. The client Id is the Id of the FusionAuth Application in which you you are attempting to authenticate. This parameter is optional when the Authorization header is provided.
+   * @param {string} client_id (Optional) The unique client identifier. The client Id is the Id of the FusionAuth Application in which you are attempting to authenticate. This parameter is optional when the Authorization header is provided.
    * @param {string} client_secret (Optional) The client secret. This value may optionally be provided in the request body instead of the Authorization header.
    * @param {string} scope (Optional) This parameter is optional and if omitted, the same scope requested during the authorization request will be used. If provided the scopes must match those requested during the initial authorization request.
    * @param {string} user_code (Optional) The end-user verification code. This code is required if using this endpoint to approve the Device Authorization.
@@ -1519,7 +1519,7 @@ export class FusionAuthClient {
    *
    * @param {string} username The login identifier of the user. The login identifier can be either the email or the username.
    * @param {string} password The user’s password.
-   * @param {string} client_id (Optional) The unique client identifier. The client Id is the Id of the FusionAuth Application in which you you are attempting to authenticate. This parameter is optional when the Authorization header is provided.
+   * @param {string} client_id (Optional) The unique client identifier. The client Id is the Id of the FusionAuth Application in which you are attempting to authenticate. This parameter is optional when the Authorization header is provided.
    * @param {string} client_secret (Optional) The client secret. This value may optionally be provided in the request body instead of the Authorization header.
    * @param {string} scope (Optional) This parameter is optional and if omitted, the same scope requested during the authorization request will be used. If provided the scopes must match those requested during the initial authorization request.
    * @param {string} user_code (Optional) The end-user verification code. This code is required if using this endpoint to approve the Device Authorization.
@@ -6692,14 +6692,25 @@ export interface FacebookIdentityProvider extends BaseIdentityProvider<FacebookA
   permissions?: string;
 }
 
+/**
+ * A policy to configure if and when the user-action is canceled prior to the expiration of the action.
+ *
+ * @author Daniel DeGroff
+ */
+export interface FailedAuthenticationActionCancelPolicy {
+  onPasswordReset?: boolean;
+}
+
 /**
  * Configuration for the behavior of failed login attempts. This helps us protect against brute force password attacks.
  *
  * @author Daniel DeGroff
  */
 export interface FailedAuthenticationConfiguration {
+  actionCancelPolicy?: FailedAuthenticationActionCancelPolicy;
   actionDuration?: number;
   actionDurationUnit?: ExpiryUnit;
+  emailUser?: boolean;
   resetCountInSeconds?: number;
   tooManyAttempts?: number;
   userActionId?: UUID;
@@ -8094,6 +8105,7 @@ export interface LoginResponse {
   actions?: Array<LoginPreventedResponse>;
   changePasswordId?: string;
   changePasswordReason?: ChangePasswordReason;
+  configurableMethods?: Array<string>;
   emailVerificationId?: string;
   methods?: Array<TwoFactorMethod>;
   pendingIdPLinkId?: string;
@@ -8297,7 +8309,8 @@ export interface MultiFactorEmailTemplate {
  */
 export enum MultiFactorLoginPolicy {
   Disabled = "Disabled",
-  Enabled = "Enabled"
+  Enabled = "Enabled",
+  Required = "Required"
 }
 
 export interface MultiFactorSMSMethod extends Enableable {
@@ -8938,6 +8951,7 @@ export interface RefreshTokenResponse {
  */
 export interface RefreshTokenRevocationPolicy {
   onLoginPrevented?: boolean;
+  onMultiFactorEnable?: boolean;
   onPasswordChanged?: boolean;
 }
 
@@ -9434,6 +9448,8 @@ export interface Templates {
   oauth2Register?: string;
   oauth2StartIdPLink?: string;
   oauth2TwoFactor?: string;
+  oauth2TwoFactorEnable?: string;
+  oauth2TwoFactorEnableComplete?: string;
   oauth2TwoFactorMethods?: string;
   oauth2Wait?: string;
   oauth2WebAuthn?: string;
@@ -9880,12 +9896,14 @@ export interface TwoFactorRequest extends BaseEventRequest {
   mobilePhone?: string;
   secret?: string;
   secretBase32Encoded?: string;
+  twoFactorId?: string;
 }
 
 /**
  * @author Daniel DeGroff
  */
 export interface TwoFactorResponse {
+  code?: string;
   recoveryCodes?: Array<string>;
 }