mirror of
https://github.com/fosrl/pangolin.git
synced 2026-07-08 23:24:54 +02:00
Merge pull request #3200 from Adityakk9031/#3001
fix: redirect lost after Pangolin auth session timeout (#3001)
This commit is contained in:
@@ -2756,6 +2756,9 @@
|
|||||||
"twoFactorSetupRequired": "Two-factor authentication setup is required. Please log in again via {dashboardUrl}/auth/login complete this step. Then, come back here.",
|
"twoFactorSetupRequired": "Two-factor authentication setup is required. Please log in again via {dashboardUrl}/auth/login complete this step. Then, come back here.",
|
||||||
"additionalSecurityRequired": "Additional Security Required",
|
"additionalSecurityRequired": "Additional Security Required",
|
||||||
"organizationRequiresAdditionalSteps": "This organization requires additional security steps before you can access resources.",
|
"organizationRequiresAdditionalSteps": "This organization requires additional security steps before you can access resources.",
|
||||||
|
"sessionExpired": "Session Expired",
|
||||||
|
"sessionExpiredReauthRequired": "Your session has expired per your organization's security policy. Please re-authenticate to continue.",
|
||||||
|
"reauthenticate": "Re-authenticate",
|
||||||
"completeTheseSteps": "Complete these steps",
|
"completeTheseSteps": "Complete these steps",
|
||||||
"enableTwoFactorAuthentication": "Enable two-factor authentication",
|
"enableTwoFactorAuthentication": "Enable two-factor authentication",
|
||||||
"completeSecuritySteps": "Complete Security Steps",
|
"completeSecuritySteps": "Complete Security Steps",
|
||||||
|
|||||||
@@ -166,11 +166,13 @@ export default async function ResourceAuthPage(props: {
|
|||||||
|
|
||||||
// If user is not compliant with org policies, show policy requirements
|
// If user is not compliant with org policies, show policy requirements
|
||||||
if (orgPolicyCheck && !orgPolicyCheck.allowed && orgPolicyCheck.policies) {
|
if (orgPolicyCheck && !orgPolicyCheck.allowed && orgPolicyCheck.policies) {
|
||||||
|
const resourceAuthPageUrl = `/auth/resource/${authInfo.resourceGuid}${redirectUrl !== authInfo.url ? `?redirect=${encodeURIComponent(redirectUrl)}` : ""}`;
|
||||||
return (
|
return (
|
||||||
<div className="w-full max-w-md">
|
<div className="w-full max-w-md">
|
||||||
<OrgPolicyRequired
|
<OrgPolicyRequired
|
||||||
orgId={authInfo.orgId}
|
orgId={authInfo.orgId}
|
||||||
policies={orgPolicyCheck.policies}
|
policies={orgPolicyCheck.policies}
|
||||||
|
redirectAfterAuth={resourceAuthPageUrl}
|
||||||
/>
|
/>
|
||||||
</div>
|
</div>
|
||||||
);
|
);
|
||||||
|
|||||||
@@ -11,24 +11,79 @@ import {
|
|||||||
import { Shield, ArrowRight } from "lucide-react";
|
import { Shield, ArrowRight } from "lucide-react";
|
||||||
import Link from "next/link";
|
import Link from "next/link";
|
||||||
import { useTranslations } from "next-intl";
|
import { useTranslations } from "next-intl";
|
||||||
|
import { useRouter } from "next/navigation";
|
||||||
|
import { createApiClient } from "@app/lib/api";
|
||||||
|
import { useEnvContext } from "@app/hooks/useEnvContext";
|
||||||
|
|
||||||
type OrgPolicyRequiredProps = {
|
type OrgPolicyRequiredProps = {
|
||||||
orgId: string;
|
orgId: string;
|
||||||
policies: {
|
policies: {
|
||||||
requiredTwoFactor?: boolean;
|
requiredTwoFactor?: boolean;
|
||||||
|
maxSessionLength?: {
|
||||||
|
compliant: boolean;
|
||||||
|
maxSessionLengthHours: number;
|
||||||
|
sessionAgeHours: number;
|
||||||
|
};
|
||||||
|
passwordAge?: {
|
||||||
|
compliant: boolean;
|
||||||
|
maxPasswordAgeDays: number;
|
||||||
|
passwordAgeDays: number;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
redirectAfterAuth?: string;
|
||||||
};
|
};
|
||||||
|
|
||||||
export default function OrgPolicyRequired({
|
export default function OrgPolicyRequired({
|
||||||
orgId,
|
orgId,
|
||||||
policies
|
policies,
|
||||||
|
redirectAfterAuth
|
||||||
}: OrgPolicyRequiredProps) {
|
}: OrgPolicyRequiredProps) {
|
||||||
const t = useTranslations();
|
const t = useTranslations();
|
||||||
|
const router = useRouter();
|
||||||
|
|
||||||
const policySteps = [];
|
const api = createApiClient(useEnvContext());
|
||||||
|
|
||||||
if (policies?.requiredTwoFactor === false) {
|
const sessionExpired =
|
||||||
policySteps.push(t("enableTwoFactorAuthentication"));
|
policies?.maxSessionLength &&
|
||||||
|
policies.maxSessionLength.compliant === false;
|
||||||
|
|
||||||
|
function reauthenticate() {
|
||||||
|
api.post("/auth/logout")
|
||||||
|
.catch(() => {})
|
||||||
|
.then(() => {
|
||||||
|
const destination = redirectAfterAuth ?? `/${orgId}`;
|
||||||
|
router.push(destination);
|
||||||
|
router.refresh();
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sessionExpired) {
|
||||||
|
return (
|
||||||
|
<Card className="w-full max-w-md">
|
||||||
|
<CardHeader className="text-center">
|
||||||
|
<div className="mx-auto mb-4 flex h-12 w-12 items-center justify-center rounded-full bg-orange-100">
|
||||||
|
<Shield className="h-6 w-6 text-orange-600" />
|
||||||
|
</div>
|
||||||
|
<CardTitle className="text-xl font-semibold">
|
||||||
|
{t("sessionExpired")}
|
||||||
|
</CardTitle>
|
||||||
|
<CardDescription>
|
||||||
|
{t("sessionExpiredReauthRequired")}
|
||||||
|
</CardDescription>
|
||||||
|
</CardHeader>
|
||||||
|
<CardContent className="space-y-4">
|
||||||
|
<div className="pt-4">
|
||||||
|
<Button
|
||||||
|
className="w-full"
|
||||||
|
onClick={reauthenticate}
|
||||||
|
>
|
||||||
|
{t("reauthenticate")}
|
||||||
|
<ArrowRight className="ml-2 h-4 w-4" />
|
||||||
|
</Button>
|
||||||
|
</div>
|
||||||
|
</CardContent>
|
||||||
|
</Card>
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
return (
|
return (
|
||||||
|
|||||||
Reference in New Issue
Block a user