From 35d16ac6835b8b3dc68e302d711136715b2fce48 Mon Sep 17 00:00:00 2001 From: Aditya kumar singh <143548997+Adityakk9031@users.noreply.github.com> Date: Mon, 1 Jun 2026 15:53:10 +0530 Subject: [PATCH 1/2] fix: redirect lost after Pangolin auth session timeout (#3001) --- messages/en-US.json | 3 + src/app/auth/resource/[resourceGuid]/page.tsx | 2 + src/components/OrgPolicyRequired.tsx | 60 +++++++++++++++++-- 3 files changed, 61 insertions(+), 4 deletions(-) diff --git a/messages/en-US.json b/messages/en-US.json index 4a3937d5b..4920dd8e4 100644 --- a/messages/en-US.json +++ b/messages/en-US.json @@ -2401,6 +2401,9 @@ "twoFactorSetupRequired": "Two-factor authentication setup is required. Please log in again via {dashboardUrl}/auth/login complete this step. Then, come back here.", "additionalSecurityRequired": "Additional Security Required", "organizationRequiresAdditionalSteps": "This organization requires additional security steps before you can access resources.", + "sessionExpired": "Session Expired", + "sessionExpiredReauthRequired": "Your session has expired per your organization's security policy. Please re-authenticate to continue.", + "reauthenticate": "Re-authenticate", "completeTheseSteps": "Complete these steps", "enableTwoFactorAuthentication": "Enable two-factor authentication", "completeSecuritySteps": "Complete Security Steps", diff --git a/src/app/auth/resource/[resourceGuid]/page.tsx b/src/app/auth/resource/[resourceGuid]/page.tsx index c78c277b6..c3f604476 100644 --- a/src/app/auth/resource/[resourceGuid]/page.tsx +++ b/src/app/auth/resource/[resourceGuid]/page.tsx @@ -166,11 +166,13 @@ export default async function ResourceAuthPage(props: { // If user is not compliant with org policies, show policy requirements if (orgPolicyCheck && !orgPolicyCheck.allowed && orgPolicyCheck.policies) { + const resourceAuthPageUrl = `/auth/resource/${authInfo.resourceGuid}${redirectUrl !== authInfo.url ? `?redirect=${encodeURIComponent(redirectUrl)}` : ""}`; return (
); diff --git a/src/components/OrgPolicyRequired.tsx b/src/components/OrgPolicyRequired.tsx index efc3d5321..444be5a46 100644 --- a/src/components/OrgPolicyRequired.tsx +++ b/src/components/OrgPolicyRequired.tsx @@ -11,24 +11,76 @@ import { import { Shield, ArrowRight } from "lucide-react"; import Link from "next/link"; import { useTranslations } from "next-intl"; +import { useRouter } from "next/navigation"; +import { api } from "@app/lib/api"; type OrgPolicyRequiredProps = { orgId: string; policies: { requiredTwoFactor?: boolean; + maxSessionLength?: { + compliant: boolean; + maxSessionLengthHours: number; + sessionAgeHours: number; + }; + passwordAge?: { + compliant: boolean; + maxPasswordAgeDays: number; + passwordAgeDays: number; + }; }; + redirectAfterAuth?: string; }; export default function OrgPolicyRequired({ orgId, - policies + policies, + redirectAfterAuth }: OrgPolicyRequiredProps) { const t = useTranslations(); + const router = useRouter(); - const policySteps = []; + const sessionExpired = + policies?.maxSessionLength && + policies.maxSessionLength.compliant === false; - if (policies?.requiredTwoFactor === false) { - policySteps.push(t("enableTwoFactorAuthentication")); + function reauthenticate() { + api.post("/auth/logout") + .catch(() => {}) + .then(() => { + const destination = redirectAfterAuth ?? `/${orgId}`; + router.push(destination); + router.refresh(); + }); + } + + if (sessionExpired) { + return ( + + +
+ +
+ + {t("sessionExpired")} + + + {t("sessionExpiredReauthRequired")} + +
+ +
+ +
+
+
+ ); } return ( From f667ee4febe38fde0f0dd2364d15497145fa67a7 Mon Sep 17 00:00:00 2001 From: miloschwartz Date: Wed, 8 Jul 2026 12:29:23 -0400 Subject: [PATCH 2/2] fix api reference --- src/components/OrgPolicyRequired.tsx | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/components/OrgPolicyRequired.tsx b/src/components/OrgPolicyRequired.tsx index 444be5a46..3765cd1bf 100644 --- a/src/components/OrgPolicyRequired.tsx +++ b/src/components/OrgPolicyRequired.tsx @@ -12,7 +12,8 @@ import { Shield, ArrowRight } from "lucide-react"; import Link from "next/link"; import { useTranslations } from "next-intl"; import { useRouter } from "next/navigation"; -import { api } from "@app/lib/api"; +import { createApiClient } from "@app/lib/api"; +import { useEnvContext } from "@app/hooks/useEnvContext"; type OrgPolicyRequiredProps = { orgId: string; @@ -40,6 +41,8 @@ export default function OrgPolicyRequired({ const t = useTranslations(); const router = useRouter(); + const api = createApiClient(useEnvContext()); + const sessionExpired = policies?.maxSessionLength && policies.maxSessionLength.compliant === false;