diff --git a/messages/en-US.json b/messages/en-US.json
index 4a3937d5b..4920dd8e4 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -2401,6 +2401,9 @@
"twoFactorSetupRequired": "Two-factor authentication setup is required. Please log in again via {dashboardUrl}/auth/login complete this step. Then, come back here.",
"additionalSecurityRequired": "Additional Security Required",
"organizationRequiresAdditionalSteps": "This organization requires additional security steps before you can access resources.",
+ "sessionExpired": "Session Expired",
+ "sessionExpiredReauthRequired": "Your session has expired per your organization's security policy. Please re-authenticate to continue.",
+ "reauthenticate": "Re-authenticate",
"completeTheseSteps": "Complete these steps",
"enableTwoFactorAuthentication": "Enable two-factor authentication",
"completeSecuritySteps": "Complete Security Steps",
diff --git a/src/app/auth/resource/[resourceGuid]/page.tsx b/src/app/auth/resource/[resourceGuid]/page.tsx
index c78c277b6..c3f604476 100644
--- a/src/app/auth/resource/[resourceGuid]/page.tsx
+++ b/src/app/auth/resource/[resourceGuid]/page.tsx
@@ -166,11 +166,13 @@ export default async function ResourceAuthPage(props: {
// If user is not compliant with org policies, show policy requirements
if (orgPolicyCheck && !orgPolicyCheck.allowed && orgPolicyCheck.policies) {
+ const resourceAuthPageUrl = `/auth/resource/${authInfo.resourceGuid}${redirectUrl !== authInfo.url ? `?redirect=${encodeURIComponent(redirectUrl)}` : ""}`;
return (
);
diff --git a/src/components/OrgPolicyRequired.tsx b/src/components/OrgPolicyRequired.tsx
index efc3d5321..444be5a46 100644
--- a/src/components/OrgPolicyRequired.tsx
+++ b/src/components/OrgPolicyRequired.tsx
@@ -11,24 +11,76 @@ import {
import { Shield, ArrowRight } from "lucide-react";
import Link from "next/link";
import { useTranslations } from "next-intl";
+import { useRouter } from "next/navigation";
+import { api } from "@app/lib/api";
type OrgPolicyRequiredProps = {
orgId: string;
policies: {
requiredTwoFactor?: boolean;
+ maxSessionLength?: {
+ compliant: boolean;
+ maxSessionLengthHours: number;
+ sessionAgeHours: number;
+ };
+ passwordAge?: {
+ compliant: boolean;
+ maxPasswordAgeDays: number;
+ passwordAgeDays: number;
+ };
};
+ redirectAfterAuth?: string;
};
export default function OrgPolicyRequired({
orgId,
- policies
+ policies,
+ redirectAfterAuth
}: OrgPolicyRequiredProps) {
const t = useTranslations();
+ const router = useRouter();
- const policySteps = [];
+ const sessionExpired =
+ policies?.maxSessionLength &&
+ policies.maxSessionLength.compliant === false;
- if (policies?.requiredTwoFactor === false) {
- policySteps.push(t("enableTwoFactorAuthentication"));
+ function reauthenticate() {
+ api.post("/auth/logout")
+ .catch(() => {})
+ .then(() => {
+ const destination = redirectAfterAuth ?? `/${orgId}`;
+ router.push(destination);
+ router.refresh();
+ });
+ }
+
+ if (sessionExpired) {
+ return (
+
+
+
+
+
+
+ {t("sessionExpired")}
+
+
+ {t("sessionExpiredReauthRequired")}
+
+
+
+
+
+
+
+
+ );
}
return (