Merge degroff/ENG-1/issue1 (#155)

* Client library updates from enums

* latest client updates

* Updated version for go-client to 1.55.0

* Domain / Client Builder sync

* Domain sync

* domain sync

* Updated version for go-client to 1.56.0

* domain sync

* Merge wied03/ENG-1/tenant-mode-internal-user-removal (#94)

* Updated go client

* api version removal

* update without InternalUser

* update without InternalUser part 2

* add top-level user.phoneNumber field ENG-2208

* merge develop into issue1

* updates from app (#97)

* updates after cleanup (#98)

* sync clients with latest degroff/ENG-1/issue1

* add LoginIdType of phoneNumber (#99)

* Merge wied03/ENG-2307/user-api-response-verification (#100)

* client builder/API updates

* Update

* generate for identity verification external id configuration

* generate clients
ENG-1918

* external Id updates

* add phone verification complete template and unverified behavior

* Merge wied03/ENG-1963/phone_gating (#106)

* client updates and ignore internal TODOs and comments

* Separate verify start and complete

* update after verify request changes

* one more phone rename

* regenerate after merge

* regen client libraries (#108)

ENG-2442

* phone clickable updates (#109)

* add new login API response field (#110)

* add application.registrationConfiguration.requirePassword boolean (#115)

* client regen

* new API field (#117)

* remove application requirePassword, add tenant passwordEnabled (#118)

* updates (#119)

* Merge wied03/dev_merge (#121)

* client built with sorted domain types (#120)

* reapply issue 1 changes

---------

Co-authored-by: Brent Halsey <[email protected]>

* ENG-2608 - New APIs/method overloads (#124)

* capture current cli state

* test on all PRs

* go generic String->string issue

* Test this code path

* add report method

* make go format fail explicitly (was hiding an error)

* now that this overload does not have opt params, remove defaults

* Merge spencer/eng-1807/change-password-phone (#123)

* forgot password via sms
* regen clients

* Merge wied03/ENG-2546/phone_passwordless_formfield (#126)

* field rename

* remove unneeded field

* rename to PasswordlessLoginOneTimeCode

* Merge wied03/ENG-2002/sms-send-set-pass (#127)

* new API field

* fail builds if compiles fail

* add tenant phone verification and template configs (#128)

* add state to verify complete response and start request (#130)

* client builder sb build

* Merge spencer/eng-2577/admin-phone-verif (#132)

add /api/user/verify and request to clients

* Merge wied03/ENG-1677/rate_limiting (#133)

* rate limiting config change for pwless send phone

* client update

* wrong branch, another client update

* updated stuff from issue 1 branch

* remove VerifySendRequest.oneTimeCode. it is not used on that endpoint (#135)

* add Application.phoneConfiguration for phone template overrides (#137)

* sb build updates (#138)

* add UserIdentityUpdateEvent (#139)

* identity verified to user identity verified (#143)

* remove passwordEnabled field (#142)

* sb build follow up

* Merge wied03/ENG-3045/import_verified (#151)

* verifiedReason updates

* ripple through comment updates

* use enums on api requests (#154)

* use PasswordlessStrategy enum for API request
* use VerificationStrategy enum for API request

* GHA ifs need to include success, or a previous step failure will not stop the run

* match latest developer scripts

* go mod tidy

* roles property does not exist at the RegistrationRequest body level. It goes inside the registration

---------

Co-authored-by: Daniel DeGroff <[email protected]>
Co-authored-by: Spencer Witt <[email protected]>
Co-authored-by: Brent Halsey <[email protected]>
Co-authored-by: Spencer Witt <[email protected]>
Co-authored-by: Brent Halsey <[email protected]>

Author: 4 people

.github/kickstart/kickstart.json

@@ -70,9 +70,6 @@
             "admin"
           ]
         },
-        "roles": [
-          "admin"
-        ],
         "skipRegistrationVerification": true,
         "user": {
           "birthDate": "1981-06-04",

.github/workflows/deploy.yaml

@@ -6,8 +6,6 @@ on:
     branches:
       - main
   pull_request:
-    branches:
-      - main
   workflow_dispatch:
     inputs:
       command:
@@ -56,28 +54,28 @@ jobs:
           go-version: oldstable
 
       - name: Compile
-        if: inputs.command != 'release'
+        if: success() && inputs.command != 'release'
         run: sb compile
 
       - name: Copy our kickstart file over so it gets picked up
-        if: inputs.command != 'release'
+        if: success() && inputs.command != 'release'
         run: |
           mkdir faDockerComposeFilePath
           cp -r .github/kickstart faDockerComposeFilePath
           cp .github/kickstart/kickstart.json faDockerComposeFilePath/kickstart/k2.json
           cp .github/kickstart/kickstart.json .github/kickstart/k2.json
 
       - name: Start FusionAuth
-        if: inputs.command != 'release'
+        if: success() && inputs.command != 'release'
         uses: fusionauth/fusionauth-github-action@v1
         with:
           FUSIONAUTH_APP_KICKSTART_FILENAME: k2.json
           FUSIONAUTH_APP_KICKSTART_DIRECTORY_PATH: .github/kickstart
 
       - name: Run tests
-        if: inputs.command != 'release'
+        if: success() && inputs.command != 'release'
         run: sleep 30 && sb test
 
       - name: release to svn
-        if: inputs.command == 'release'
+        if: success() && inputs.command == 'release'
         run: sb release

build.savant

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019-2024, FusionAuth, All Rights Reserved
+ * Copyright (c) 2019-2025, FusionAuth, All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -50,7 +50,7 @@ target(name: "format", description: "Formats the source code") {
 
   def process = pb.start()
   process.consumeProcessOutput(System.out, System.err)
-  process.waitFor()
+  assert process.waitFor() == 0
 }
 
 target(name: "compile", description: "Compiles the source code", dependsOn: ["format"]) {
@@ -60,7 +60,7 @@ target(name: "compile", description: "Compiles the source code", dependsOn: ["fo
 
   def process = pb.start()
   process.consumeProcessOutput(System.out, System.err)
-  process.waitFor()
+  assert process.waitFor() == 0
 }
 
 target(name: "test", description: "Runs the project's unit tests", dependsOn: ["compile"]) {
@@ -70,7 +70,7 @@ target(name: "test", description: "Runs the project's unit tests", dependsOn: ["
 
   def process = pb.start()
   process.consumeProcessOutput(System.out, System.err)
-  process.waitFor()
+  assert process.waitFor() == 0
 }
 
 target(name: "int", description: "Releases a local integration build of the project", dependsOn: ["compile"]) {

pkg/fusionauth/Client.go

@@ -654,6 +654,33 @@ func (c *FusionAuthClient) CommentOnUserWithContext(ctx context.Context, request
 	return &resp, &errors, err
 }
 
+// CompleteVerifyIdentity
+// Completes verification of an identity using verification codes from the Verify Start API.
+//
+//	VerifyCompleteRequest request The identity verify complete request that contains all the information used to verify the identity.
+func (c *FusionAuthClient) CompleteVerifyIdentity(request VerifyCompleteRequest) (*VerifyCompleteResponse, *Errors, error) {
+	return c.CompleteVerifyIdentityWithContext(context.TODO(), request)
+}
+
+// CompleteVerifyIdentityWithContext
+// Completes verification of an identity using verification codes from the Verify Start API.
+//
+//	VerifyCompleteRequest request The identity verify complete request that contains all the information used to verify the identity.
+func (c *FusionAuthClient) CompleteVerifyIdentityWithContext(ctx context.Context, request VerifyCompleteRequest) (*VerifyCompleteResponse, *Errors, error) {
+	var resp VerifyCompleteResponse
+	var errors Errors
+
+	restClient := c.Start(&resp, &errors)
+	err := restClient.WithUri("/api/identity/verify/complete").
+		WithJSONBody(request).
+		WithMethod(http.MethodPost).
+		Do(ctx)
+	if restClient.ErrorRef == nil {
+		return &resp, nil, err
+	}
+	return &resp, &errors, err
+}
+
 // CompleteWebAuthnAssertion
 // Complete a WebAuthn authentication ceremony by validating the signature against the previously generated challenge without logging the user in
 //
@@ -7057,6 +7084,36 @@ func (c *FusionAuthClient) RetrieveUserByLoginIdWithContext(ctx context.Context,
 	return &resp, &errors, err
 }
 
+// RetrieveUserByLoginIdWithLoginIdTypes
+// Retrieves the user for the loginId, using specific loginIdTypes.
+//
+//	string loginId The email or username of the user.
+//	[]string loginIdTypes the identity types that FusionAuth will compare the loginId to.
+func (c *FusionAuthClient) RetrieveUserByLoginIdWithLoginIdTypes(loginId string, loginIdTypes []string) (*UserResponse, *Errors, error) {
+	return c.RetrieveUserByLoginIdWithLoginIdTypesWithContext(context.TODO(), loginId, loginIdTypes)
+}
+
+// RetrieveUserByLoginIdWithLoginIdTypesWithContext
+// Retrieves the user for the loginId, using specific loginIdTypes.
+//
+//	string loginId The email or username of the user.
+//	[]string loginIdTypes the identity types that FusionAuth will compare the loginId to.
+func (c *FusionAuthClient) RetrieveUserByLoginIdWithLoginIdTypesWithContext(ctx context.Context, loginId string, loginIdTypes []string) (*UserResponse, *Errors, error) {
+	var resp UserResponse
+	var errors Errors
+
+	restClient := c.Start(&resp, &errors)
+	err := restClient.WithUri("/api/user").
+		WithParameter("loginId", loginId).
+		WithParameter("loginIdTypes", loginIdTypes).
+		WithMethod(http.MethodGet).
+		Do(ctx)
+	if restClient.ErrorRef == nil {
+		return &resp, nil, err
+	}
+	return &resp, &errors, err
+}
+
 // RetrieveUserByUsername
 // Retrieves the user for the given username.
 //
@@ -7393,6 +7450,47 @@ func (c *FusionAuthClient) RetrieveUserLoginReportByLoginIdWithContext(ctx conte
 	return &resp, &errors, err
 }
 
+// RetrieveUserLoginReportByLoginIdAndLoginIdTypes
+// Retrieves the login report between the two instants for a particular user by login Id, using specific loginIdTypes. If you specify an application id, it will only return the
+// login counts for that application.
+//
+//	string applicationId (Optional) The application id.
+//	string loginId The userId id.
+//	int64 start The start instant as UTC milliseconds since Epoch.
+//	int64 end The end instant as UTC milliseconds since Epoch.
+//	[]string loginIdTypes the identity types that FusionAuth will compare the loginId to.
+func (c *FusionAuthClient) RetrieveUserLoginReportByLoginIdAndLoginIdTypes(applicationId string, loginId string, start int64, end int64, loginIdTypes []string) (*LoginReportResponse, *Errors, error) {
+	return c.RetrieveUserLoginReportByLoginIdAndLoginIdTypesWithContext(context.TODO(), applicationId, loginId, start, end, loginIdTypes)
+}
+
+// RetrieveUserLoginReportByLoginIdAndLoginIdTypesWithContext
+// Retrieves the login report between the two instants for a particular user by login Id, using specific loginIdTypes. If you specify an application id, it will only return the
+// login counts for that application.
+//
+//	string applicationId (Optional) The application id.
+//	string loginId The userId id.
+//	int64 start The start instant as UTC milliseconds since Epoch.
+//	int64 end The end instant as UTC milliseconds since Epoch.
+//	[]string loginIdTypes the identity types that FusionAuth will compare the loginId to.
+func (c *FusionAuthClient) RetrieveUserLoginReportByLoginIdAndLoginIdTypesWithContext(ctx context.Context, applicationId string, loginId string, start int64, end int64, loginIdTypes []string) (*LoginReportResponse, *Errors, error) {
+	var resp LoginReportResponse
+	var errors Errors
+
+	restClient := c.Start(&resp, &errors)
+	err := restClient.WithUri("/api/report/login").
+		WithParameter("applicationId", applicationId).
+		WithParameter("loginId", loginId).
+		WithParameter("start", strconv.FormatInt(start, 10)).
+		WithParameter("end", strconv.FormatInt(end, 10)).
+		WithParameter("loginIdTypes", loginIdTypes).
+		WithMethod(http.MethodGet).
+		Do(ctx)
+	if restClient.ErrorRef == nil {
+		return &resp, nil, err
+	}
+	return &resp, &errors, err
+}
+
 // RetrieveUserRecentLogins
 // Retrieves the last number of login records for a user.
 //
@@ -8785,6 +8883,33 @@ func (c *FusionAuthClient) SendTwoFactorCodeForLoginUsingMethodWithContext(ctx c
 	return &resp, &errors, err
 }
 
+// SendVerifyIdentity
+// Send a verification code using the appropriate transport for the identity type being verified.
+//
+//	VerifySendRequest request The identity verify send request that contains all the information used send the code.
+func (c *FusionAuthClient) SendVerifyIdentity(request VerifySendRequest) (*BaseHTTPResponse, *Errors, error) {
+	return c.SendVerifyIdentityWithContext(context.TODO(), request)
+}
+
+// SendVerifyIdentityWithContext
+// Send a verification code using the appropriate transport for the identity type being verified.
+//
+//	VerifySendRequest request The identity verify send request that contains all the information used send the code.
+func (c *FusionAuthClient) SendVerifyIdentityWithContext(ctx context.Context, request VerifySendRequest) (*BaseHTTPResponse, *Errors, error) {
+	var resp BaseHTTPResponse
+	var errors Errors
+
+	restClient := c.Start(&resp, &errors)
+	err := restClient.WithUri("/api/identity/verify/send").
+		WithJSONBody(request).
+		WithMethod(http.MethodPost).
+		Do(ctx)
+	if restClient.ErrorRef == nil {
+		return &resp, nil, err
+	}
+	return &resp, &errors, err
+}
+
 // StartIdentityProviderLogin
 // Begins a login request for a 3rd party login that requires user interaction such as HYPR.
 //
@@ -8880,6 +9005,35 @@ func (c *FusionAuthClient) StartTwoFactorLoginWithContext(ctx context.Context, r
 	return &resp, &errors, err
 }
 
+// StartVerifyIdentity
+// Start a verification of an identity by generating a code. This code can be sent to the User using the Verify Send API
+// Verification Code API or using a mechanism outside of FusionAuth. The verification is completed by using the Verify Complete API with this code.
+//
+//	VerifyStartRequest request The identity verify start request that contains all the information used to begin the request.
+func (c *FusionAuthClient) StartVerifyIdentity(request VerifyStartRequest) (*VerifyStartResponse, *Errors, error) {
+	return c.StartVerifyIdentityWithContext(context.TODO(), request)
+}
+
+// StartVerifyIdentityWithContext
+// Start a verification of an identity by generating a code. This code can be sent to the User using the Verify Send API
+// Verification Code API or using a mechanism outside of FusionAuth. The verification is completed by using the Verify Complete API with this code.
+//
+//	VerifyStartRequest request The identity verify start request that contains all the information used to begin the request.
+func (c *FusionAuthClient) StartVerifyIdentityWithContext(ctx context.Context, request VerifyStartRequest) (*VerifyStartResponse, *Errors, error) {
+	var resp VerifyStartResponse
+	var errors Errors
+
+	restClient := c.Start(&resp, &errors)
+	err := restClient.WithUri("/api/identity/verify/start").
+		WithJSONBody(request).
+		WithMethod(http.MethodPost).
+		Do(ctx)
+	if restClient.ErrorRef == nil {
+		return &resp, nil, err
+	}
+	return &resp, &errors, err
+}
+
 // StartWebAuthnLogin
 // Start a WebAuthn authentication ceremony by generating a new challenge for the user
 //
@@ -10094,6 +10248,33 @@ func (c *FusionAuthClient) VerifyEmailAddressByUserIdWithContext(ctx context.Con
 	return &resp, &errors, err
 }
 
+// VerifyIdentity
+// Administratively verify a user identity.
+//
+//	VerifyRequest request The identity verify request that contains information to verify the identity.
+func (c *FusionAuthClient) VerifyIdentity(request VerifyRequest) (*BaseHTTPResponse, *Errors, error) {
+	return c.VerifyIdentityWithContext(context.TODO(), request)
+}
+
+// VerifyIdentityWithContext
+// Administratively verify a user identity.
+//
+//	VerifyRequest request The identity verify request that contains information to verify the identity.
+func (c *FusionAuthClient) VerifyIdentityWithContext(ctx context.Context, request VerifyRequest) (*BaseHTTPResponse, *Errors, error) {
+	var resp BaseHTTPResponse
+	var errors Errors
+
+	restClient := c.Start(&resp, &errors)
+	err := restClient.WithUri("/api/identity/verify").
+		WithJSONBody(request).
+		WithMethod(http.MethodPost).
+		Do(ctx)
+	if restClient.ErrorRef == nil {
+		return &resp, nil, err
+	}
+	return &resp, &errors, err
+}
+
 // VerifyRegistration
 // Confirms an application registration. The Id given is usually from an email sent to the user.
 //

pkg/fusionauth/Client_test.go

@@ -60,6 +60,28 @@ func TestRetrieveUserSuccess(t *testing.T) {
 	assert.Equal(t, 200, userResponse.StatusCode)
 }
 
+func TestRetrieveUserByLoginIdSuccess(t *testing.T) {
+	loginIdTypes := []string{"email"}
+
+	userResponse, errors, _ := faClient.RetrieveUserByLoginIdWithLoginIdTypes("[email protected]", loginIdTypes)
+	errJson, _ := json.Marshal(errors)
+	fmt.Println(string(errJson))
+
+	assert.Equal(t, (*Errors)(nil), errors)
+	assert.Equal(t, 200, userResponse.StatusCode)
+}
+
+// TODO: Will pass when issue 1 is released
+// func TestRetrieveUserByLoginIdWrongIdentityType(t *testing.T) {
+// 	loginIdTypes := []string{"phoneNumber"}
+//
+// 	userResponse, errors, _ := faClient.RetrieveUserByLoginIdWithLoginIdTypes("[email protected]", loginIdTypes)
+// 	errJson, _ := json.Marshal(errors)
+// 	fmt.Println(string(errJson))
+//
+// 	assert.Equal(t, 404, userResponse.StatusCode)
+// }
+
 func TestMain(m *testing.M) {
 	os.Exit(m.Run())
 }