show fingerprint popup and fix policy check errors

2026-01-29 06:10:47 +00:00 · 2026-01-18 11:55:24 -08:00
parent 34e2fbefb9
commit 6a45151741
6 changed files with 344 additions and 150 deletions
--- a/server/routers/client/listClients.ts
+++ b/server/routers/client/listClients.ts
@@ -143,7 +143,14 @@ function queryClients(
            olmArchived: olms.archived,
            archived: clients.archived,
            blocked: clients.blocked,
-            deviceModel: fingerprints.deviceModel
+            deviceModel: fingerprints.deviceModel,
+            fingerprintPlatform: fingerprints.platform,
+            fingerprintOsVersion: fingerprints.osVersion,
+            fingerprintKernelVersion: fingerprints.kernelVersion,
+            fingerprintArch: fingerprints.arch,
+            fingerprintSerialNumber: fingerprints.serialNumber,
+            fingerprintUsername: fingerprints.username,
+            fingerprintHostname: fingerprints.hostname
        })
        .from(clients)
        .leftJoin(orgs, eq(clients.orgId, orgs.orgId))
--- a/server/routers/olm/handleOlmRegisterMessage.ts
+++ b/server/routers/olm/handleOlmRegisterMessage.ts
@@ -115,6 +115,8 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
            sessionId // this is the user token passed in the message
        });

+        logger.debug("Policy check result:", policyCheck);
+
        if (policyCheck?.error) {
            logger.error(
                `Error checking access policies for olm user ${olm.userId} in org ${orgId}: ${policyCheck?.error}`
@@ -123,7 +125,10 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
            return;
        }

-        if (policyCheck?.policies?.passwordAge?.compliant) {
+        if (
+            policyCheck?.policies?.passwordAge &&
+            !policyCheck.policies.passwordAge.compliant
+        ) {
            logger.warn(
                `Olm user ${olm.userId} has non-compliant password age for org ${orgId}`
            );
@@ -132,7 +137,10 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
                olm.olmId
            );
            return;
-        } else if (policyCheck?.policies?.maxSessionLength?.compliant) {
+        } else if (
+            policyCheck?.policies?.maxSessionLength &&
+            !policyCheck.policies.maxSessionLength.compliant
+        ) {
            logger.warn(
                `Olm user ${olm.userId} has non-compliant session length for org ${orgId}`
            );
@@ -141,7 +149,10 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
                olm.olmId
            );
            return;
-        } else if (policyCheck?.policies?.requiredTwoFactor) {
+        } else if (
+            policyCheck?.policies &&
+            !policyCheck.policies.requiredTwoFactor
+        ) {
            logger.warn(
                `Olm user ${olm.userId} does not have 2FA enabled for org ${orgId}`
            );