Fix VAPT risks

https://dev.wormwood.com.sg/zentao/task-view-341.html
https://dev.wormwood.com.sg/zentao/task-view-342.html

Strides-Admin/src/api/user.js

@@ -17,6 +17,9 @@ const user = {
   },
   refreshAuthMenu() {
     return get(prefix + "auth/resources")
+  },
+  logout() {
+    return get(prefix + "auth/log-out")
   }
 }
 

Strides-Admin/src/layout/components/Navbar.vue

@@ -117,6 +117,7 @@ import { mapGetters } from 'vuex'
 import Breadcrumb from '@/components/Breadcrumb'
 import Hamburger from '@/components/Hamburger'
 import {getUserName, getEmail, getRoleName} from '../../utils/auth.js'
+import apiUser from '@/api/user';
 
 export default {
   components: {
@@ -153,15 +154,27 @@ export default {
         confirmButtonText: 'OK',
         cancelButtonText: 'Cancel',
         type: 'warning',
-      }).then(async () => {
-        const path = this.$router.currentRoute.fullPath
-        //console.log('lougout+path', path);
-        this.$store.dispatch("user/logout").then(res => {
-          this.$store.commit('permission/SET_ROUTES', []);
-          this.$router.push({ path: "/login?redirect=" + path});
-        })
+      }).then(() => {
+        this.requestLogout();
       }).catch(err => {
         
+      });
+    },
+    requestLogout() {
+      apiUser.logout().then(res => {
+        
+      }).catch(err => {
+        
+      }).finally(() => {
+        this.handleLogout();
+      });
+    },
+    handleLogout() {
+      const path = this.$router.currentRoute.fullPath
+      //console.log('lougout+path', path);
+      this.$store.dispatch("user/logout").then(res => {
+        this.$store.commit('permission/SET_ROUTES', []);
+        this.$router.push({ path: "/login?redirect=" + path});
       })
     },
     onClickMessageButton() {

Strides-Admin/src/utils/auth.js

@@ -22,7 +22,7 @@ export function removeToken() {
 
 export function getAuthRoutes(back) {
   if (settings.enableOnlineAuth) {
-    const apiUser = require('../http/api/user').default;
+    const apiUser = require('../api/user').default;
     apiUser.refreshAuthMenu().then(res => {
       if (res.data) {
         setAuthRoutes(res.data)

Strides-Admin/src/views/access/DialogDetail.vue

@@ -3,6 +3,7 @@
     class="dialog-access"
     :visible="visible"
     :before-close="e => hideDialog(false)"
+    :close-on-click-modal="false"
     :title="isEdit ? 'Update User' : 'Add User'">
     <el-form
       ref="acsForm"
@@ -70,23 +71,22 @@
         <el-form-item
           class="form-item"
           label="SET PASSWORD:"
-          v-if="isEdit">
-          <el-input
-            v-model="form.password"
-            class="flex-item"
-            type="password"
-            maxlength="32"/>
-        </el-form-item>
-        <el-form-item
-          class="form-item"
-          label="SET PASSWORD:"
-          prop="password"
-          v-else>
+          prop="password">
           <el-input
             v-model="form.password"
             class="flex-item"
             type="password"
             maxlength="32"/>
+          <template slot="label">
+            SET PASSWORD:
+            <el-tooltip
+              effect="dark"
+              :content="passwordTips"
+              placement="top"
+              popper-class="access-password-strength-tips">
+              <i class="el-icon-info"/>
+            </el-tooltip>
+          </template>
         </el-form-item>
       </div>
       <div class="form-row">
@@ -241,9 +241,38 @@ export default {
           trigger: "change"
         }],
         password: [{
-          required: true,
-          message: "Passwrod is required",
-          trigger: "blur"
+          required: false,
+          //message: "Passwrod is required",
+          trigger: "change",
+          validator: (rule, value, callback) => {
+            if (value) {
+              var strength = 0;
+              if (value.length >= 12) {
+                strength += 1;
+              }
+              if (/\d{1,}/.test(value)) {
+                strength += 1;
+              }
+              if (/[a-z]{1,}/.test(value)) {
+                strength += 1;
+              }
+              if (/[A-Z]{1,}/.test(value)) {
+                strength += 1;
+              }
+              if (/\W{1,}/.test(value)) {
+                strength += 1;
+              }
+              if (strength>=5) {
+                callback()
+              } else {
+                callback("The password is not strength")
+              }
+            } else if (!this.isEdit) {
+              callback("Passwrod is required")
+            } else {
+              callback()
+            }
+          }
         }],
         providerPk: {
           required: true,
@@ -265,7 +294,8 @@ export default {
       siteOptions: [],
       groupOptions: [],
       callingOptions: [],
-      providerOptions: []
+      providerOptions: [],
+      passwordTips: "Passwords must be at least 12 characters long and include a combination of uppercase and lowercase letters, numbers, and special characters (e.g., !, @, #, $)"
     };
   },
   watch: {
@@ -471,4 +501,9 @@ export default {
     max-width: none;
   }
 }
+</style>
+<style>
+.access-password-strength-tips {
+  max-width: 270px;
+}
 </style>