From 35d16ac6835b8b3dc68e302d711136715b2fce48 Mon Sep 17 00:00:00 2001
From: Aditya kumar singh <143548997+Adityakk9031@users.noreply.github.com>
Date: Mon, 1 Jun 2026 15:53:10 +0530
Subject: [PATCH 1/2] fix: redirect lost after Pangolin auth session timeout
(#3001)
---
messages/en-US.json | 3 +
src/app/auth/resource/[resourceGuid]/page.tsx | 2 +
src/components/OrgPolicyRequired.tsx | 60 +++++++++++++++++--
3 files changed, 61 insertions(+), 4 deletions(-)
diff --git a/messages/en-US.json b/messages/en-US.json
index 4a3937d5b..4920dd8e4 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -2401,6 +2401,9 @@
"twoFactorSetupRequired": "Two-factor authentication setup is required. Please log in again via {dashboardUrl}/auth/login complete this step. Then, come back here.",
"additionalSecurityRequired": "Additional Security Required",
"organizationRequiresAdditionalSteps": "This organization requires additional security steps before you can access resources.",
+ "sessionExpired": "Session Expired",
+ "sessionExpiredReauthRequired": "Your session has expired per your organization's security policy. Please re-authenticate to continue.",
+ "reauthenticate": "Re-authenticate",
"completeTheseSteps": "Complete these steps",
"enableTwoFactorAuthentication": "Enable two-factor authentication",
"completeSecuritySteps": "Complete Security Steps",
diff --git a/src/app/auth/resource/[resourceGuid]/page.tsx b/src/app/auth/resource/[resourceGuid]/page.tsx
index c78c277b6..c3f604476 100644
--- a/src/app/auth/resource/[resourceGuid]/page.tsx
+++ b/src/app/auth/resource/[resourceGuid]/page.tsx
@@ -166,11 +166,13 @@ export default async function ResourceAuthPage(props: {
// If user is not compliant with org policies, show policy requirements
if (orgPolicyCheck && !orgPolicyCheck.allowed && orgPolicyCheck.policies) {
+ const resourceAuthPageUrl = `/auth/resource/${authInfo.resourceGuid}${redirectUrl !== authInfo.url ? `?redirect=${encodeURIComponent(redirectUrl)}` : ""}`;
return (
);
diff --git a/src/components/OrgPolicyRequired.tsx b/src/components/OrgPolicyRequired.tsx
index efc3d5321..444be5a46 100644
--- a/src/components/OrgPolicyRequired.tsx
+++ b/src/components/OrgPolicyRequired.tsx
@@ -11,24 +11,76 @@ import {
import { Shield, ArrowRight } from "lucide-react";
import Link from "next/link";
import { useTranslations } from "next-intl";
+import { useRouter } from "next/navigation";
+import { api } from "@app/lib/api";
type OrgPolicyRequiredProps = {
orgId: string;
policies: {
requiredTwoFactor?: boolean;
+ maxSessionLength?: {
+ compliant: boolean;
+ maxSessionLengthHours: number;
+ sessionAgeHours: number;
+ };
+ passwordAge?: {
+ compliant: boolean;
+ maxPasswordAgeDays: number;
+ passwordAgeDays: number;
+ };
};
+ redirectAfterAuth?: string;
};
export default function OrgPolicyRequired({
orgId,
- policies
+ policies,
+ redirectAfterAuth
}: OrgPolicyRequiredProps) {
const t = useTranslations();
+ const router = useRouter();
- const policySteps = [];
+ const sessionExpired =
+ policies?.maxSessionLength &&
+ policies.maxSessionLength.compliant === false;
- if (policies?.requiredTwoFactor === false) {
- policySteps.push(t("enableTwoFactorAuthentication"));
+ function reauthenticate() {
+ api.post("/auth/logout")
+ .catch(() => {})
+ .then(() => {
+ const destination = redirectAfterAuth ?? `/${orgId}`;
+ router.push(destination);
+ router.refresh();
+ });
+ }
+
+ if (sessionExpired) {
+ return (
+
+
+
+
+
+
+ {t("sessionExpired")}
+
+
+ {t("sessionExpiredReauthRequired")}
+
+
+
+
+
+
+
+
+ );
}
return (
From f667ee4febe38fde0f0dd2364d15497145fa67a7 Mon Sep 17 00:00:00 2001
From: miloschwartz
Date: Wed, 8 Jul 2026 12:29:23 -0400
Subject: [PATCH 2/2] fix api reference
---
src/components/OrgPolicyRequired.tsx | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/components/OrgPolicyRequired.tsx b/src/components/OrgPolicyRequired.tsx
index 444be5a46..3765cd1bf 100644
--- a/src/components/OrgPolicyRequired.tsx
+++ b/src/components/OrgPolicyRequired.tsx
@@ -12,7 +12,8 @@ import { Shield, ArrowRight } from "lucide-react";
import Link from "next/link";
import { useTranslations } from "next-intl";
import { useRouter } from "next/navigation";
-import { api } from "@app/lib/api";
+import { createApiClient } from "@app/lib/api";
+import { useEnvContext } from "@app/hooks/useEnvContext";
type OrgPolicyRequiredProps = {
orgId: string;
@@ -40,6 +41,8 @@ export default function OrgPolicyRequired({
const t = useTranslations();
const router = useRouter();
+ const api = createApiClient(useEnvContext());
+
const sessionExpired =
policies?.maxSessionLength &&
policies.maxSessionLength.compliant === false;