github-starred/pangolin
2
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-11 00:18:55 -05:00
Code Issues 564 Packages Projects Releases 72 Wiki Activity

[PR #1757] [MERGED] Enforce org user compliance #1210

New Issue
Closed
opened 2025-11-13 12:20:34 -06:00 by GiteaMirror · 0 comments
GiteaMirror commented 2025-11-13 12:20:34 -06:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/fosrl/pangolin/pull/1757
Author: @oschwartz10612
Created: 10/27/2025
Status: Merged
Merged: 10/27/2025
Merged by: @oschwartz10612

Base: devHead: user-compliance

📝 Commits (10+)

  • ddcf77a add basic org policy check in middleware
  • 629f172 2fa policy check working
  • 39d6b93 enforce max session length
  • 1e70e42 add password expiry enforcement
  • 460df46 update translation and send password reset email
  • 9ce81b3 add confirm dialog to update security settings
  • 8973726 add org policy check to verify session
  • 1227b3c use alert instead of badge for unlock status
  • 4431673 enforce resource session length
  • cbf9c53 redirect to org login via query param

📊 Changes

34 files changed (+2262 additions, -132 deletions)

View changed files

📝 cli/commands/setAdminCredentials.ts (+2 -1)
📝 messages/en-US.json (+67 -0)
📝 server/auth/sessions/app.ts (+2 -1)
📝 server/auth/sessions/resource.ts (+2 -1)
📝 server/db/pg/schema/schema.ts (+9 -3)
📝 server/db/queries/verifySessionQueries.ts (+8 -2)
📝 server/db/sqlite/schema/schema.ts (+9 -3)
server/lib/checkOrgAccessPolicy.ts (+41 -0)
📝 server/license/license.ts (+4 -0)
📝 server/middlewares/verifyOrgAccess.ts (+26 -6)
server/private/lib/checkOrgAccessPolicy.ts (+201 -0)
📝 server/private/routers/loginPage/loadLoginPage.ts (+3 -4)
📝 server/routers/auth/changePassword.ts (+60 -5)
📝 server/routers/auth/resetPassword.ts (+2 -5)
📝 server/routers/auth/setServerAdmin.ts (+2 -1)
📝 server/routers/auth/signup.ts (+3 -5)
📝 server/routers/badger/verifySession.ts (+42 -7)
📝 server/routers/external.ts (+6 -8)
server/routers/org/checkOrgUserAccess.ts (+136 -0)
📝 server/routers/org/index.ts (+1 -0)

...and 14 more files

📄 Description

Community Contribution License Agreement

By creating this pull request, I grant the project maintainers an unlimited,
perpetual license to use, modify, and redistribute these contributions under any terms they
choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
represent that I have the right to grant this license for all contributed content.

Description

Enforce compliance at the org level with security policies. Included is:

  • Password rotation
  • MFA Enabled
  • Session Length

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/fosrl/pangolin/pull/1757 **Author:** [@oschwartz10612](https://github.com/oschwartz10612) **Created:** 10/27/2025 **Status:** ✅ Merged **Merged:** 10/27/2025 **Merged by:** [@oschwartz10612](https://github.com/oschwartz10612) **Base:** `dev` ← **Head:** `user-compliance` --- ### 📝 Commits (10+) - [`ddcf77a`](https://github.com/fosrl/pangolin/commit/ddcf77a62d8a723c0a9122e9e3d84bec9c9d7b91) add basic org policy check in middleware - [`629f172`](https://github.com/fosrl/pangolin/commit/629f17294ab871562c864ab7a20e920eb8f3251b) 2fa policy check working - [`39d6b93`](https://github.com/fosrl/pangolin/commit/39d6b93d4231382d44ba645485079ef47283ed4e) enforce max session length - [`1e70e42`](https://github.com/fosrl/pangolin/commit/1e70e4289bf0b4e8d832714bc96adf470e95e1a4) add password expiry enforcement - [`460df46`](https://github.com/fosrl/pangolin/commit/460df46abcbdbd581267e0d4d7a728932ce394aa) update translation and send password reset email - [`9ce81b3`](https://github.com/fosrl/pangolin/commit/9ce81b34c91b9f4ce4c65ac9db6bb01be0ffe30f) add confirm dialog to update security settings - [`8973726`](https://github.com/fosrl/pangolin/commit/8973726f6331ef26feb02277d424e1c16b832df9) add org policy check to verify session - [`1227b3c`](https://github.com/fosrl/pangolin/commit/1227b3c11a4f74082fc6d78c1b40de7d0f4568ca) use alert instead of badge for unlock status - [`4431673`](https://github.com/fosrl/pangolin/commit/44316731c06e2e222ea008cef70659dab098f51e) enforce resource session length - [`cbf9c53`](https://github.com/fosrl/pangolin/commit/cbf9c5361e55defa38e7608be34e6851f0666c4d) redirect to org login via query param ### 📊 Changes **34 files changed** (+2262 additions, -132 deletions) <details> <summary>View changed files</summary> 📝 `cli/commands/setAdminCredentials.ts` (+2 -1) 📝 `messages/en-US.json` (+67 -0) 📝 `server/auth/sessions/app.ts` (+2 -1) 📝 `server/auth/sessions/resource.ts` (+2 -1) 📝 `server/db/pg/schema/schema.ts` (+9 -3) 📝 `server/db/queries/verifySessionQueries.ts` (+8 -2) 📝 `server/db/sqlite/schema/schema.ts` (+9 -3) ➕ `server/lib/checkOrgAccessPolicy.ts` (+41 -0) 📝 `server/license/license.ts` (+4 -0) 📝 `server/middlewares/verifyOrgAccess.ts` (+26 -6) ➕ `server/private/lib/checkOrgAccessPolicy.ts` (+201 -0) 📝 `server/private/routers/loginPage/loadLoginPage.ts` (+3 -4) 📝 `server/routers/auth/changePassword.ts` (+60 -5) 📝 `server/routers/auth/resetPassword.ts` (+2 -5) 📝 `server/routers/auth/setServerAdmin.ts` (+2 -1) 📝 `server/routers/auth/signup.ts` (+3 -5) 📝 `server/routers/badger/verifySession.ts` (+42 -7) 📝 `server/routers/external.ts` (+6 -8) ➕ `server/routers/org/checkOrgUserAccess.ts` (+136 -0) 📝 `server/routers/org/index.ts` (+1 -0) _...and 14 more files_ </details> ### 📄 Description ## Community Contribution License Agreement By creating this pull request, I grant the project maintainers an unlimited, perpetual license to use, modify, and redistribute these contributions under any terms they choose, including both the AGPLv3 and the Fossorial Commercial license terms. I represent that I have the right to grant this license for all contributed content. ## Description Enforce compliance at the org level with security policies. Included is: * Password rotation * MFA Enabled * Session Length --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2025-11-13 12:20:34 -06:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
api
authentication
bug
config
dependencies
docker
documentation
enhancement
good first issue
help wanted
Improvement
Look Into
needs investigating
networking
new feature
non-critical bug
potential bug
pull-request
Mirrored from GitHub Pull Request
 question
reverse proxy
Security
stale
ui
wontfix
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#1210
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?