Merge branch 'develop' into feat2240-host-view

.codeclimate.yml

@@ -1,5 +1,42 @@
----
-engines:
+version: "2"
+checks:
+  argument-count:
+    enabled: true
+    config:
+      threshold: 4
+  complex-logic:
+    enabled: true
+    config:
+      threshold: 4
+  file-lines:
+    enabled: true
+    config:
+      threshold: 300
+  method-complexity:
+    enabled: false
+  method-count:
+    enabled: true
+    config:
+      threshold: 20
+  method-lines:
+    enabled: true
+    config:
+      threshold: 50
+  nested-control-flow:
+    enabled: true
+    config:
+      threshold: 4
+  return-statements:
+    enabled: false
+  similar-code:
+    enabled: true
+    config:
+      threshold: #language-specific defaults. overrides affect all languages.
+  identical-code:
+    enabled: true
+    config:
+      threshold: #language-specific defaults. overrides affect all languages.
+plugins:
   gofmt:
     enabled: true
   golint:
@@ -20,10 +57,5 @@ engines:
       config: .eslintrc.yml
   fixme:
     enabled: true
-ratings:
-  paths:
-  - "**.css"
-  - "**.js"
-  - "**.go"
-exclude_paths:
+exclude_patterns:
 - test/

api/bolt/datastore.go

@@ -21,6 +21,7 @@ import (
 	"github.com/portainer/portainer/bolt/template"
 	"github.com/portainer/portainer/bolt/user"
 	"github.com/portainer/portainer/bolt/version"
+	"github.com/portainer/portainer/bolt/webhook"
 )
 
 const (
@@ -47,6 +48,7 @@ type Store struct {
 	TemplateService        *template.Service
 	UserService            *user.Service
 	VersionService         *version.Service
+	WebhookService         *webhook.Service
 }
 
 // NewStore initializes a new Store and the associated services
@@ -232,5 +234,11 @@ func (store *Store) initServices() error {
 	}
 	store.VersionService = versionService
 
+	webhookService, err := webhook.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.WebhookService = webhookService
+
 	return nil
 }

api/bolt/webhook/webhook.go

@@ -0,0 +1,151 @@
+package webhook
+
+import (
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/internal"
+
+	"github.com/boltdb/bolt"
+)
+
+const (
+	// BucketName represents the name of the bucket where this service stores data.
+	BucketName = "webhooks"
+)
+
+// Service represents a service for managing webhook data.
+type Service struct {
+	db *bolt.DB
+}
+
+// NewService creates a new instance of a service.
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Service{
+		db: db,
+	}, nil
+}
+
+//Webhooks returns an array of all webhooks
+func (service *Service) Webhooks() ([]portainer.Webhook, error) {
+	var webhooks = make([]portainer.Webhook, 0)
+
+	err := service.db.View(func(tx *bolt.Tx) error {
+		bucket := tx.Bucket([]byte(BucketName))
+
+		cursor := bucket.Cursor()
+		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
+			var webhook portainer.Webhook
+			err := internal.UnmarshalObject(v, &webhook)
+			if err != nil {
+				return err
+			}
+			webhooks = append(webhooks, webhook)
+		}
+
+		return nil
+	})
+
+	return webhooks, err
+}
+
+// Webhook returns a webhook by ID.
+func (service *Service) Webhook(ID portainer.WebhookID) (*portainer.Webhook, error) {
+	var webhook portainer.Webhook
+	identifier := internal.Itob(int(ID))
+
+	err := internal.GetObject(service.db, BucketName, identifier, &webhook)
+	if err != nil {
+		return nil, err
+	}
+
+	return &webhook, nil
+}
+
+// WebhookByResourceID returns a webhook by the ResourceID it is associated with.
+func (service *Service) WebhookByResourceID(ID string) (*portainer.Webhook, error) {
+	var webhook *portainer.Webhook
+
+	err := service.db.View(func(tx *bolt.Tx) error {
+		bucket := tx.Bucket([]byte(BucketName))
+		cursor := bucket.Cursor()
+
+		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
+			var w portainer.Webhook
+			err := internal.UnmarshalObject(v, &w)
+			if err != nil {
+				return err
+			}
+
+			if w.ResourceID == ID {
+				webhook = &w
+				break
+			}
+		}
+
+		if webhook == nil {
+			return portainer.ErrObjectNotFound
+		}
+
+		return nil
+	})
+
+	return webhook, err
+}
+
+// WebhookByToken returns a webhook by the random token it is associated with.
+func (service *Service) WebhookByToken(token string) (*portainer.Webhook, error) {
+	var webhook *portainer.Webhook
+
+	err := service.db.View(func(tx *bolt.Tx) error {
+		bucket := tx.Bucket([]byte(BucketName))
+		cursor := bucket.Cursor()
+
+		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
+			var w portainer.Webhook
+			err := internal.UnmarshalObject(v, &w)
+			if err != nil {
+				return err
+			}
+
+			if w.Token == token {
+				webhook = &w
+				break
+			}
+		}
+
+		if webhook == nil {
+			return portainer.ErrObjectNotFound
+		}
+
+		return nil
+	})
+
+	return webhook, err
+}
+
+// DeleteWebhook deletes a webhook.
+func (service *Service) DeleteWebhook(ID portainer.WebhookID) error {
+	identifier := internal.Itob(int(ID))
+	return internal.DeleteObject(service.db, BucketName, identifier)
+}
+
+// CreateWebhook assign an ID to a new webhook and saves it.
+func (service *Service) CreateWebhook(webhook *portainer.Webhook) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
+		bucket := tx.Bucket([]byte(BucketName))
+
+		id, _ := bucket.NextSequence()
+		webhook.ID = portainer.WebhookID(id)
+
+		data, err := internal.MarshalObject(webhook)
+		if err != nil {
+			return err
+		}
+
+		return bucket.Put(internal.Itob(int(webhook.ID)), data)
+	})
+}

api/cmd/portainer/main.go

@@ -178,6 +178,10 @@ func initSettings(settingsService portainer.SettingsService, flags *portainer.CL
 			SnapshotInterval:                   *flags.SnapshotInterval,
 		}
 
+		if *flags.Templates != "" {
+			settings.TemplatesURL = *flags.Templates
+		}
+
 		if *flags.Labels != nil {
 			settings.BlackListedLabels = *flags.Labels
 		} else {
@@ -501,6 +505,7 @@ func main() {
 		StackService:           store.StackService,
 		TagService:             store.TagService,
 		TemplateService:        store.TemplateService,
+		WebhookService:         store.WebhookService,
 		SwarmStackManager:      swarmStackManager,
 		ComposeStackManager:    composeStackManager,
 		CryptoService:          cryptoService,
@@ -514,6 +519,7 @@ func main() {
 		SSL:                    *flags.SSL,
 		SSLCert:                *flags.SSLCert,
 		SSLKey:                 *flags.SSLKey,
+		DockerClientFactory:    clientFactory,
 	}
 
 	log.Printf("Starting Portainer %s on %s", portainer.APIVersion, *flags.Addr)

api/docker/snapshotter.go

@@ -22,6 +22,7 @@ func (snapshotter *Snapshotter) CreateSnapshot(endpoint *portainer.Endpoint) (*p
 	if err != nil {
 		return nil, err
 	}
+	defer cli.Close()
 
 	return snapshot(cli)
 }

api/errors.go

@@ -93,3 +93,9 @@ type Error string
 
 // Error returns the error message.
 func (e Error) Error() string { return string(e) }
+
+// Webhook errors
+const (
+	ErrWebhookAlreadyExists   = Error("A webhook for this resource already exists")
+	ErrUnsupportedWebhookType = Error("Webhooks for this resource are not currently supported")
+)

api/http/error/error.go

@@ -17,6 +17,7 @@ type (
 	}
 	errorResponse struct {
 		Err     string `json:"err,omitempty"`
+		Details string `json:"details,omitempty"`
 	}
 )
 
@@ -31,7 +32,7 @@ func writeErrorResponse(rw http.ResponseWriter, err *HandlerError) {
 	log.Printf("http error: %s (err=%s) (code=%d)\n", err.Message, err.Err, err.StatusCode)
 	rw.Header().Set("Content-Type", "application/json")
 	rw.WriteHeader(err.StatusCode)
-	json.NewEncoder(rw).Encode(&errorResponse{Err: err.Message})
+	json.NewEncoder(rw).Encode(&errorResponse{Err: err.Message, Details: err.Err.Error()})
 }
 
 // WriteError is a convenience function that creates a new HandlerError before calling writeErrorResponse.

api/http/handler/endpoints/endpoint_create.go

@@ -35,7 +35,7 @@ type endpointCreatePayload struct {
 func (payload *endpointCreatePayload) Validate(r *http.Request) error {
 	name, err := request.RetrieveMultiPartFormValue(r, "Name", false)
 	if err != nil {
-		return portainer.Error("Invalid stack name")
+		return portainer.Error("Invalid endpoint name")
 	}
 	payload.Name = name
 

api/http/handler/file/handler.go

@@ -33,5 +33,9 @@ func (handler *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	} else {
 		w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
 	}
+
+	w.Header().Add("X-Frame-Options", "DENY")
+	w.Header().Add("X-XSS-Protection", "1; mode=block")
+	w.Header().Add("X-Content-Type-Options", "nosniff")
 	handler.Handler.ServeHTTP(w, r)
 }

api/http/handler/handler.go

@@ -22,6 +22,7 @@ import (
 	"github.com/portainer/portainer/http/handler/templates"
 	"github.com/portainer/portainer/http/handler/upload"
 	"github.com/portainer/portainer/http/handler/users"
+	"github.com/portainer/portainer/http/handler/webhooks"
 	"github.com/portainer/portainer/http/handler/websocket"
 )
 
@@ -47,6 +48,7 @@ type Handler struct {
 	UploadHandler          *upload.Handler
 	UserHandler            *users.Handler
 	WebSocketHandler       *websocket.Handler
+	WebhookHandler         *webhooks.Handler
 }
 
 // ServeHTTP delegates a request to the appropriate subhandler.
@@ -95,6 +97,8 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		http.StripPrefix("/api", h.TeamMembershipHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/websocket"):
 		http.StripPrefix("/api", h.WebSocketHandler).ServeHTTP(w, r)
+	case strings.HasPrefix(r.URL.Path, "/api/webhooks"):
+		http.StripPrefix("/api", h.WebhookHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/"):
 		h.FileHandler.ServeHTTP(w, r)
 	}

api/http/handler/users/admin_init.go

@@ -39,7 +39,7 @@ func (handler *Handler) adminInit(w http.ResponseWriter, r *http.Request) *httpe
 	}
 
 	if len(users) != 0 {
-		return &httperror.HandlerError{http.StatusConflict, "Unable to retrieve users from the database", portainer.ErrAdminAlreadyInitialized}
+		return &httperror.HandlerError{http.StatusConflict, "Unable to create administrator user", portainer.ErrAdminAlreadyInitialized}
 	}
 
 	user := &portainer.User{

api/http/handler/users/handler.go

@@ -26,7 +26,7 @@ type Handler struct {
 }
 
 // NewHandler creates a handler to manage user operations.
-func NewHandler(bouncer *security.RequestBouncer) *Handler {
+func NewHandler(bouncer *security.RequestBouncer, rateLimiter *security.RateLimiter) *Handler {
 	h := &Handler{
 		Router: mux.NewRouter(),
 	}
@@ -43,7 +43,7 @@ func NewHandler(bouncer *security.RequestBouncer) *Handler {
 	h.Handle("/users/{id}/memberships",
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.userMemberships))).Methods(http.MethodGet)
 	h.Handle("/users/{id}/passwd",
-		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.userPassword))).Methods(http.MethodPost)
+		rateLimiter.LimitAccess(bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.userUpdatePassword)))).Methods(http.MethodPut)
 	h.Handle("/users/admin/check",
 		bouncer.PublicAccess(httperror.LoggerHandler(h.adminCheck))).Methods(http.MethodGet)
 	h.Handle("/users/admin/init",

api/http/handler/users/user_password.go

@@ -1,57 +0,0 @@
-package users
-
-import (
-	"net/http"
-
-	"github.com/asaskevich/govalidator"
-	"github.com/portainer/portainer"
-	httperror "github.com/portainer/portainer/http/error"
-	"github.com/portainer/portainer/http/request"
-	"github.com/portainer/portainer/http/response"
-)
-
-type userPasswordPayload struct {
-	Password string
-}
-
-func (payload *userPasswordPayload) Validate(r *http.Request) error {
-	if govalidator.IsNull(payload.Password) {
-		return portainer.Error("Invalid password")
-	}
-	return nil
-}
-
-type userPasswordResponse struct {
-	Valid bool `json:"valid"`
-}
-
-// POST request on /api/users/:id/passwd
-func (handler *Handler) userPassword(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	userID, err := request.RetrieveNumericRouteVariableValue(r, "id")
-	if err != nil {
-		return &httperror.HandlerError{http.StatusBadRequest, "Invalid user identifier route variable", err}
-	}
-
-	var payload userPasswordPayload
-	err = request.DecodeAndValidateJSONPayload(r, &payload)
-	if err != nil {
-		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
-	}
-
-	var password = payload.Password
-
-	u, err := handler.UserService.User(portainer.UserID(userID))
-	if err == portainer.ErrObjectNotFound {
-		return &httperror.HandlerError{http.StatusNotFound, "Unable to find a user with the specified identifier inside the database", err}
-	} else if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a user with the specified identifier inside the database", err}
-	}
-
-	valid := true
-	err = handler.CryptoService.CompareHashAndData(u.Password, password)
-	if err != nil {
-		valid = false
-	}
-
-	return response.JSON(w, &userPasswordResponse{Valid: valid})
-}

api/http/handler/users/user_update_password.go

@@ -0,0 +1,74 @@
+package users
+
+import (
+	"net/http"
+
+	"github.com/asaskevich/govalidator"
+	"github.com/portainer/portainer"
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/request"
+	"github.com/portainer/portainer/http/response"
+	"github.com/portainer/portainer/http/security"
+)
+
+type userUpdatePasswordPayload struct {
+	Password    string
+	NewPassword string
+}
+
+func (payload *userUpdatePasswordPayload) Validate(r *http.Request) error {
+	if govalidator.IsNull(payload.Password) {
+		return portainer.Error("Invalid current password")
+	}
+	if govalidator.IsNull(payload.NewPassword) {
+		return portainer.Error("Invalid new password")
+	}
+	return nil
+}
+
+// PUT request on /api/users/:id/passwd
+func (handler *Handler) userUpdatePassword(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	userID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid user identifier route variable", err}
+	}
+
+	tokenData, err := security.RetrieveTokenData(r)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve user authentication token", err}
+	}
+
+	if tokenData.Role != portainer.AdministratorRole && tokenData.ID != portainer.UserID(userID) {
+		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to update user", portainer.ErrUnauthorized}
+	}
+
+	var payload userUpdatePasswordPayload
+	err = request.DecodeAndValidateJSONPayload(r, &payload)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
+	}
+
+	user, err := handler.UserService.User(portainer.UserID(userID))
+	if err == portainer.ErrObjectNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to find a user with the specified identifier inside the database", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a user with the specified identifier inside the database", err}
+	}
+
+	err = handler.CryptoService.CompareHashAndData(user.Password, payload.Password)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusForbidden, "Specified password do not match actual password", portainer.ErrUnauthorized}
+	}
+
+	user.Password, err = handler.CryptoService.Hash(payload.NewPassword)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to hash user password", portainer.ErrCryptoHashFailure}
+	}
+
+	err = handler.UserService.UpdateUser(user.ID, user)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist user changes inside the database", err}
+	}
+
+	return response.Empty(w)
+}

api/http/handler/webhooks/handler.go

@@ -0,0 +1,35 @@
+package webhooks
+
+import (
+	"net/http"
+
+	"github.com/gorilla/mux"
+	portainer "github.com/portainer/portainer"
+	"github.com/portainer/portainer/docker"
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/security"
+)
+
+// Handler is the HTTP handler used to handle webhook operations.
+type Handler struct {
+	*mux.Router
+	WebhookService      portainer.WebhookService
+	EndpointService     portainer.EndpointService
+	DockerClientFactory *docker.ClientFactory
+}
+
+// NewHandler creates a handler to manage settings operations.
+func NewHandler(bouncer *security.RequestBouncer) *Handler {
+	h := &Handler{
+		Router: mux.NewRouter(),
+	}
+	h.Handle("/webhooks",
+		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.webhookCreate))).Methods(http.MethodPost)
+	h.Handle("/webhooks",
+		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.webhookList))).Methods(http.MethodGet)
+	h.Handle("/webhooks/{id}",
+		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.webhookDelete))).Methods(http.MethodDelete)
+	h.Handle("/webhooks/{token}",
+		bouncer.PublicAccess(httperror.LoggerHandler(h.webhookExecute))).Methods(http.MethodPost)
+	return h
+}

api/http/handler/webhooks/webhook_create.go

@@ -0,0 +1,66 @@
+package webhooks
+
+import (
+	"net/http"
+
+	"github.com/asaskevich/govalidator"
+	"github.com/portainer/portainer"
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/request"
+	"github.com/portainer/portainer/http/response"
+	"github.com/satori/go.uuid"
+)
+
+type webhookCreatePayload struct {
+	ResourceID  string
+	EndpointID  int
+	WebhookType int
+}
+
+func (payload *webhookCreatePayload) Validate(r *http.Request) error {
+	if govalidator.IsNull(payload.ResourceID) {
+		return portainer.Error("Invalid ResourceID")
+	}
+	if payload.EndpointID == 0 {
+		return portainer.Error("Invalid EndpointID")
+	}
+	if payload.WebhookType != 1 {
+		return portainer.Error("Invalid WebhookType")
+	}
+	return nil
+}
+
+func (handler *Handler) webhookCreate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	var payload webhookCreatePayload
+	err := request.DecodeAndValidateJSONPayload(r, &payload)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
+	}
+
+	webhook, err := handler.WebhookService.WebhookByResourceID(payload.ResourceID)
+	if err != nil && err != portainer.ErrObjectNotFound {
+		return &httperror.HandlerError{http.StatusInternalServerError, "An error occurred retrieving webhooks from the database", err}
+	}
+	if webhook != nil {
+		return &httperror.HandlerError{http.StatusConflict, "A webhook for this resource already exists", portainer.ErrWebhookAlreadyExists}
+	}
+
+	token, err := uuid.NewV4()
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Error creating unique token", err}
+	}
+
+	webhook = &portainer.Webhook{
+		Token:       token.String(),
+		ResourceID:  payload.ResourceID,
+		EndpointID:  portainer.EndpointID(payload.EndpointID),
+		WebhookType: portainer.WebhookType(payload.WebhookType),
+	}
+
+	err = handler.WebhookService.CreateWebhook(webhook)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist the webhook inside the database", err}
+	}
+
+	return response.JSON(w, webhook)
+}

api/http/handler/webhooks/webhook_delete.go

@@ -0,0 +1,25 @@
+package webhooks
+
+import (
+	"net/http"
+
+	"github.com/portainer/portainer"
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/request"
+	"github.com/portainer/portainer/http/response"
+)
+
+// DELETE request on /api/webhook/:serviceID
+func (handler *Handler) webhookDelete(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	id, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid webhook id", err}
+	}
+
+	err = handler.WebhookService.DeleteWebhook(portainer.WebhookID(id))
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to remove the webhook from the database", err}
+	}
+
+	return response.Empty(w)
+}

api/http/handler/webhooks/webhook_execute.go

@@ -0,0 +1,71 @@
+package webhooks
+
+import (
+	"context"
+	"net/http"
+	"strings"
+
+	dockertypes "github.com/docker/docker/api/types"
+	"github.com/portainer/portainer"
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/request"
+	"github.com/portainer/portainer/http/response"
+)
+
+// Acts on a passed in token UUID to restart the docker service
+func (handler *Handler) webhookExecute(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+
+	webhookToken, err := request.RetrieveRouteVariableValue(r, "token")
+
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Invalid service id parameter", err}
+	}
+
+	webhook, err := handler.WebhookService.WebhookByToken(webhookToken)
+
+	if err == portainer.ErrObjectNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to find a webhook with this token", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve webhook from the database", err}
+	}
+
+	resourceID := webhook.ResourceID
+	endpointID := webhook.EndpointID
+	webhookType := webhook.WebhookType
+
+	endpoint, err := handler.EndpointService.Endpoint(portainer.EndpointID(endpointID))
+	if err == portainer.ErrObjectNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to find an endpoint with the specified identifier inside the database", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find an endpoint with the specified identifier inside the database", err}
+	}
+	switch webhookType {
+	case portainer.ServiceWebhook:
+		return handler.executeServiceWebhook(w, endpoint, resourceID)
+	default:
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unsupported webhook type", portainer.ErrUnsupportedWebhookType}
+	}
+
+}
+
+func (handler *Handler) executeServiceWebhook(w http.ResponseWriter, endpoint *portainer.Endpoint, resourceID string) *httperror.HandlerError {
+	dockerClient, err := handler.DockerClientFactory.CreateClient(endpoint)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Error creating docker client", err}
+	}
+	defer dockerClient.Close()
+
+	service, _, err := dockerClient.ServiceInspectWithRaw(context.Background(), resourceID, dockertypes.ServiceInspectOptions{InsertDefaults: true})
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Error looking up service", err}
+	}
+
+	service.Spec.TaskTemplate.ForceUpdate++
+
+	service.Spec.TaskTemplate.ContainerSpec.Image = strings.Split(service.Spec.TaskTemplate.ContainerSpec.Image, "@sha")[0]
+	_, err = dockerClient.ServiceUpdate(context.Background(), resourceID, service.Version, service.Spec, dockertypes.ServiceUpdateOptions{QueryRegistry: true})
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Error updating service", err}
+	}
+	return response.Empty(w)
+}

api/http/handler/webhooks/webhook_list.go

@@ -0,0 +1,47 @@
+package webhooks
+
+import (
+	"net/http"
+
+	"github.com/portainer/portainer"
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/request"
+	"github.com/portainer/portainer/http/response"
+)
+
+type webhookListOperationFilters struct {
+	ResourceID string `json:"ResourceID"`
+	EndpointID int    `json:"EndpointID"`
+}
+
+// GET request on /api/webhooks?(filters=<filters>)
+func (handler *Handler) webhookList(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	var filters webhookListOperationFilters
+	err := request.RetrieveJSONQueryParameter(r, "filters", &filters, true)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid query parameter: filters", err}
+	}
+
+	webhooks, err := handler.WebhookService.Webhooks()
+	webhooks = filterWebhooks(webhooks, &filters)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve webhooks from the database", err}
+	}
+
+	return response.JSON(w, webhooks)
+}
+
+func filterWebhooks(webhooks []portainer.Webhook, filters *webhookListOperationFilters) []portainer.Webhook {
+	if filters.EndpointID == 0 && filters.ResourceID == "" {
+		return webhooks
+	}
+
+	filteredWebhooks := make([]portainer.Webhook, 0, len(webhooks))
+	for _, webhook := range webhooks {
+		if webhook.EndpointID == portainer.EndpointID(filters.EndpointID) && webhook.ResourceID == string(filters.ResourceID) {
+			filteredWebhooks = append(filteredWebhooks, webhook)
+		}
+	}
+
+	return filteredWebhooks
+}

api/http/security/bouncer.go

@@ -114,8 +114,9 @@ func (bouncer *RequestBouncer) EndpointAccess(r *http.Request, endpoint *portain
 // mwSecureHeaders provides secure headers middleware for handlers.
 func mwSecureHeaders(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Add("X-Content-Type-Options", "nosniff")
 		w.Header().Add("X-Frame-Options", "DENY")
+		w.Header().Add("X-XSS-Protection", "1; mode=block")
+		w.Header().Add("X-Content-Type-Options", "nosniff")
 		next.ServeHTTP(w, r)
 	})
 }

api/http/server.go

@@ -4,6 +4,7 @@ import (
 	"time"
 
 	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/docker"
 	"github.com/portainer/portainer/http/handler"
 	"github.com/portainer/portainer/http/handler/auth"
 	"github.com/portainer/portainer/http/handler/dockerhub"
@@ -23,6 +24,7 @@ import (
 	"github.com/portainer/portainer/http/handler/templates"
 	"github.com/portainer/portainer/http/handler/upload"
 	"github.com/portainer/portainer/http/handler/users"
+	"github.com/portainer/portainer/http/handler/webhooks"
 	"github.com/portainer/portainer/http/handler/websocket"
 	"github.com/portainer/portainer/http/proxy"
 	"github.com/portainer/portainer/http/security"
@@ -60,10 +62,12 @@ type Server struct {
 	TeamMembershipService  portainer.TeamMembershipService
 	TemplateService        portainer.TemplateService
 	UserService            portainer.UserService
+	WebhookService         portainer.WebhookService
 	Handler                *handler.Handler
 	SSL                    bool
 	SSLCert                string
 	SSLKey                 string
+	DockerClientFactory    *docker.ClientFactory
 }
 
 // Start starts the HTTP server
@@ -159,7 +163,7 @@ func (server *Server) Start() error {
 	var uploadHandler = upload.NewHandler(requestBouncer)
 	uploadHandler.FileService = server.FileService
 
-	var userHandler = users.NewHandler(requestBouncer)
+	var userHandler = users.NewHandler(requestBouncer, rateLimiter)
 	userHandler.UserService = server.UserService
 	userHandler.TeamService = server.TeamService
 	userHandler.TeamMembershipService = server.TeamMembershipService
@@ -171,6 +175,11 @@ func (server *Server) Start() error {
 	websocketHandler.EndpointService = server.EndpointService
 	websocketHandler.SignatureService = server.SignatureService
 
+	var webhookHandler = webhooks.NewHandler(requestBouncer)
+	webhookHandler.WebhookService = server.WebhookService
+	webhookHandler.EndpointService = server.EndpointService
+	webhookHandler.DockerClientFactory = server.DockerClientFactory
+
 	server.Handler = &handler.Handler{
 		AuthHandler:            authHandler,
 		DockerHubHandler:       dockerHubHandler,
@@ -191,6 +200,7 @@ func (server *Server) Start() error {
 		UploadHandler:          uploadHandler,
 		UserHandler:            userHandler,
 		WebSocketHandler:       websocketHandler,
+		WebhookHandler:         webhookHandler,
 	}
 
 	if server.SSL {

api/portainer.go

@@ -220,6 +220,21 @@ type (
 		TLSKeyPath    string `json:"TLSKey,omitempty"`
 	}
 
+	// WebhookID represents an webhook identifier.
+	WebhookID int
+
+	// WebhookType represents the type of resource a webhook is related to
+	WebhookType int
+
+	// Webhook represents a url webhook that can be used to update a service
+	Webhook struct {
+		ID          WebhookID   `json:"Id"`
+		Token       string      `json:"Token"`
+		ResourceID  string      `json:"ResourceId"`
+		EndpointID  EndpointID  `json:"EndpointId"`
+		WebhookType WebhookType `json:"Type"`
+	}
+
 	// AzureCredentials represents the credentials used to connect to an Azure
 	// environment.
 	AzureCredentials struct {
@@ -506,6 +521,16 @@ type (
 		StoreDBVersion(version int) error
 	}
 
+	// WebhookService represents a service for managing webhook data.
+	WebhookService interface {
+		Webhooks() ([]Webhook, error)
+		Webhook(ID WebhookID) (*Webhook, error)
+		CreateWebhook(portainer *Webhook) error
+		WebhookByResourceID(resourceID string) (*Webhook, error)
+		WebhookByToken(token string) (*Webhook, error)
+		DeleteWebhook(serviceID WebhookID) error
+	}
+
 	// ResourceControlService represents a service for managing resource control data
 	ResourceControlService interface {
 		ResourceControl(ID ResourceControlID) (*ResourceControl, error)
@@ -732,3 +757,9 @@ const (
 	// EndpointStatusDown is used to represent an unavailable endpoint
 	EndpointStatusDown
 )
+
+const (
+	_ WebhookType = iota
+	// ServiceWebhook is a webhook for restarting a docker service
+	ServiceWebhook
+)

api/swagger.yaml

@@ -1336,7 +1336,7 @@ paths:
         in: "formData"
         type: "string"
         description: "Swarm cluster identifier. Required when method equals file and type equals 1."
-      - name: "StackFileContent"
+      - name: "file"
         in: "formData"
         type: "file"
         description: "Stack file. Required when method equals file."

app/constants.js

@@ -14,6 +14,7 @@ angular.module('portainer')
 .constant('API_ENDPOINT_TEAMS', 'api/teams')
 .constant('API_ENDPOINT_TEAM_MEMBERSHIPS', 'api/team_memberships')
 .constant('API_ENDPOINT_TEMPLATES', 'api/templates')
+.constant('API_ENDPOINT_WEBHOOKS', 'api/webhooks')
 .constant('DEFAULT_TEMPLATES_URL', 'https://raw.githubusercontent.com/portainer/templates/master/templates.json')
 .constant('PAGINATION_MAX_ITEMS', 10)
 .constant('APPLICATION_CACHE_VALIDITY', 3600)

app/docker/components/datatables/services-datatable/actions/servicesDatatableActionsController.js

@@ -1,6 +1,6 @@
 angular.module('portainer.docker')
-.controller('ServicesDatatableActionsController', ['$state', 'ServiceService', 'ServiceHelper', 'Notifications', 'ModalService', 'ImageHelper',
-function ($state, ServiceService, ServiceHelper, Notifications, ModalService, ImageHelper) {
+.controller('ServicesDatatableActionsController', ['$q', '$state', 'ServiceService', 'ServiceHelper', 'Notifications', 'ModalService', 'ImageHelper','WebhookService','EndpointProvider',
+function ($q, $state, ServiceService, ServiceHelper, Notifications, ModalService, ImageHelper, WebhookService, EndpointProvider) {
 
   this.scaleAction = function scaleService(service) {
     var config = ServiceHelper.serviceToConfig(service.Model);
@@ -71,7 +71,14 @@ function ($state, ServiceService, ServiceHelper, Notifications, ModalService, Im
   function removeServices(services) {
     var actionCount = services.length;
     angular.forEach(services, function (service) {
+
       ServiceService.remove(service)
+      .then(function success() {
+        return WebhookService.webhooks(service.Id, EndpointProvider.endpointID());
+      })
+      .then(function success(data) {
+        return $q.when(data.length !== 0 && WebhookService.deleteWebhook(data[0].Id));
+      })
       .then(function success() {
         Notifications.success('Service successfully removed', service.Name);
       })

app/docker/components/datatables/tasks-datatable/tasksDatatable.html

@@ -8,7 +8,7 @@
       </div>
       <div class="searchBar">
         <i class="fa fa-search searchIcon" aria-hidden="true"></i>
-        <input type="text" class="searchInput" ng-model="$ctrl.state.textFilter" placeholder="Search..." auto-focus>
+        <input type="text" class="searchInput" ng-model="$ctrl.state.textFilter" placeholder="Search...">
       </div>
       <div class="table-responsive">
         <table class="table table-hover nowrap-cells">

app/docker/views/images/import/importimage.html

@@ -21,7 +21,7 @@
           </div>
           <div class="form-group">
             <div class="col-sm-12">
-              <button class="btn btn-sm btn-primary" ngf-select ngf-min-size="10" ngf-accept="'application/x-tar'" ng-model="formValues.UploadFile">Select file</button>
+              <button class="btn btn-sm btn-primary" ngf-select ngf-min-size="10" ngf-accept="'application/x-tar,application/x-gzip'" ng-model="formValues.UploadFile">Select file</button>
               <span style="margin-left: 5px;">
                 {{ formValues.UploadFile.name }}
                 <i class="fa fa-times red-icon" ng-if="!formValues.UploadFile" aria-hidden="true"></i>

app/docker/views/services/create/createServiceController.js

@@ -1,6 +1,6 @@
-angular.module('portainer.docker')
-.controller('CreateServiceController', ['$q', '$scope', '$state', '$timeout', 'Service', 'ServiceHelper', 'ConfigService', 'ConfigHelper', 'SecretHelper', 'SecretService', 'VolumeService', 'NetworkService', 'ImageHelper', 'LabelHelper', 'Authentication', 'ResourceControlService', 'Notifications', 'FormValidator', 'PluginService', 'RegistryService', 'HttpRequestHelper', 'NodeService', 'SettingsService',
-function ($q, $scope, $state, $timeout, Service, ServiceHelper, ConfigService, ConfigHelper, SecretHelper, SecretService, VolumeService, NetworkService, ImageHelper, LabelHelper, Authentication, ResourceControlService, Notifications, FormValidator, PluginService, RegistryService, HttpRequestHelper, NodeService, SettingsService) {
+ angular.module('portainer.docker')
+.controller('CreateServiceController', ['$q', '$scope', '$state', '$timeout', 'Service', 'ServiceHelper', 'ConfigService', 'ConfigHelper', 'SecretHelper', 'SecretService', 'VolumeService', 'NetworkService', 'ImageHelper', 'LabelHelper', 'Authentication', 'ResourceControlService', 'Notifications', 'FormValidator', 'PluginService', 'RegistryService', 'HttpRequestHelper', 'NodeService', 'SettingsService', 'WebhookService','EndpointProvider',
+function ($q, $scope, $state, $timeout, Service, ServiceHelper, ConfigService, ConfigHelper, SecretHelper, SecretService, VolumeService, NetworkService, ImageHelper, LabelHelper, Authentication, ResourceControlService, Notifications, FormValidator, PluginService, RegistryService, HttpRequestHelper, NodeService, SettingsService, WebhookService,EndpointProvider) {
 
   $scope.formValues = {
     Name: '',
@@ -40,7 +40,8 @@ function ($q, $scope, $state, $timeout, Service, ServiceHelper, ConfigService, C
     RestartMaxAttempts: 0,
     RestartWindow: '0s',
     LogDriverName: '',
-    LogDriverOpts: []
+    LogDriverOpts: [],
+    Webhook: false
   };
 
   $scope.state = {
@@ -422,9 +423,14 @@ function ($q, $scope, $state, $timeout, Service, ServiceHelper, ConfigService, C
     var registry = $scope.formValues.Registry;
     var authenticationDetails = registry.Authentication ? RegistryService.encodedCredentials(registry) : '';
     HttpRequestHelper.setRegistryAuthenticationHeader(authenticationDetails);
+
+    var serviceIdentifier;
     Service.create(config).$promise
     .then(function success(data) {
-      var serviceIdentifier = data.ID;
+      serviceIdentifier = data.ID;
+      return $q.when($scope.formValues.Webhook && WebhookService.createServiceWebhook(serviceIdentifier, EndpointProvider.endpointID()));
+    })
+    .then(function success() {
       var userId = Authentication.getUserDetails().ID;
       return ResourceControlService.applyResourceControl('service', serviceIdentifier, userId, accessControlData, []);
     })

app/docker/views/services/create/createservice.html

@@ -101,6 +101,22 @@
             <!-- !port-mapping-input-list -->
           </div>
           <!-- !port-mapping -->
+          <!-- create-webhook -->
+          <div class="col-sm-12 form-section-title">
+            Webhooks
+          </div>
+          <div class="form-group">
+            <div class="col-sm-12">
+              <label class="control-label text-left">
+                Create a service webhook
+                <portainer-tooltip position="top" message="Create a webhook (or callback URI) to automate the update of this service. Sending a POST request to this callback URI (without requiring any authentication) will pull the most up-to-date version of the associated image and re-deploy this service."></portainer-tooltip>
+              </label>
+              <label class="switch" style="margin-left: 20px;">
+                <input type="checkbox" ng-model="formValues.Webhook"><i></i>
+              </label>
+            </div>
+          </div>
+          <!-- !create-webhook  -->
           <!-- access-control -->
           <por-access-control-form form-data="formValues.AccessControlData" ng-if="applicationState.application.authentication"></por-access-control-form>
           <!-- !access-control -->

app/docker/views/services/edit/service.html

@@ -70,6 +70,24 @@
                   <input type="text" class="form-control" uib-typeahead="image for image in availableImages | filter:$viewValue | limitTo:5"
                     ng-model="service.Image" ng-change="updateServiceAttribute(service, 'Image')" id="image_name" ng-disabled="isUpdating">
               </td>
+            </tr>
+            <tr>
+              <td colspan="{{webhookURL ? '1' : '2'}}">
+                Service webhook
+                <portainer-tooltip position="top" message="Webhook (or callback URI) used to automate the update of this service. Sending a POST request to this callback URI (without requiring any authentication) will pull the most up-to-date version of the associated image and re-deploy this service."></portainer-tooltip>
+                <label class="switch" style="margin-left: 20px;">
+                  <input type="checkbox" ng-model="WebhookExists" ng-click="updateWebhook(service)"><i></i>
+                </label>
+              </td>
+              <td ng-if="webhookURL">
+                <span class="text-muted">{{ webhookURL | truncatelr }}</span>
+                <button type="button" class="btn btn-sm btn-primary btn-sm space-left" ng-if="webhookURL" ng-click="copyWebhook()" >
+                  <span><i class="fa fa-copy space-right" aria-hidden="true"></i>Copy link</span>
+                </button>
+                <span>
+                  <i id="copyNotification" class="fa fa-check green-icon" aria-hidden="true" style="margin-left: 7px; display: none;"></i>
+                </span>
+              </td>
           </tr>
             <tr>
               <td colspan="2">
@@ -93,7 +111,7 @@
         </p>
         <div class="btn-toolbar" role="toolbar">
           <div class="btn-group" role="group">
-            <button type="button" class="btn btn-primary" ng-disabled="!hasChanges(service, ['Mode', 'Replicas', 'Image', 'Name'])" ng-click="updateService(service)">Apply changes</button>
+            <button type="button" class="btn btn-primary" ng-disabled="!hasChanges(service, ['Mode', 'Replicas', 'Image', 'Name', 'Webhooks'])" ng-click="updateService(service)">Apply changes</button>
             <button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
               <span class="caret"></span>
             </button>

app/docker/views/services/edit/serviceController.js

@@ -1,6 +1,6 @@
 angular.module('portainer.docker')
-.controller('ServiceController', ['$q', '$scope', '$transition$', '$state', '$location', '$timeout', '$anchorScroll', 'ServiceService', 'ConfigService', 'ConfigHelper', 'SecretService', 'ImageService', 'SecretHelper', 'Service', 'ServiceHelper', 'LabelHelper', 'TaskService', 'NodeService', 'ContainerService', 'TaskHelper', 'Notifications', 'ModalService', 'PluginService', 'Authentication', 'SettingsService', 'VolumeService', 'ImageHelper',
-function ($q, $scope, $transition$, $state, $location, $timeout, $anchorScroll, ServiceService, ConfigService, ConfigHelper, SecretService, ImageService, SecretHelper, Service, ServiceHelper, LabelHelper, TaskService, NodeService, ContainerService, TaskHelper, Notifications, ModalService, PluginService, Authentication, SettingsService, VolumeService, ImageHelper) {
+.controller('ServiceController', ['$q', '$scope', '$transition$', '$state', '$location', '$timeout', '$anchorScroll', 'ServiceService', 'ConfigService', 'ConfigHelper', 'SecretService', 'ImageService', 'SecretHelper', 'Service', 'ServiceHelper', 'LabelHelper', 'TaskService', 'NodeService', 'ContainerService', 'TaskHelper', 'Notifications', 'ModalService', 'PluginService', 'Authentication', 'SettingsService', 'VolumeService', 'ImageHelper', 'WebhookService', 'EndpointProvider', 'clipboard','WebhookHelper',
+function ($q, $scope, $transition$, $state, $location, $timeout, $anchorScroll, ServiceService, ConfigService, ConfigHelper, SecretService, ImageService, SecretHelper, Service, ServiceHelper, LabelHelper, TaskService, NodeService, ContainerService, TaskHelper, Notifications, ModalService, PluginService, Authentication, SettingsService, VolumeService, ImageHelper, WebhookService, EndpointProvider, clipboard, WebhookHelper) {
 
   $scope.state = {
     updateInProgress: false,
@@ -207,6 +207,36 @@ function ($q, $scope, $transition$, $state, $location, $timeout, $anchorScroll,
     updateServiceArray(service, 'Hosts', service.Hosts);
   };
 
+  $scope.updateWebhook = function updateWebhook(service){
+    if ($scope.WebhookExists) {
+      WebhookService.deleteWebhook($scope.webhookID)
+      .then(function success() {
+        $scope.webhookURL = null;
+        $scope.webhookID = null;
+        $scope.WebhookExists = false;
+      })
+      .catch(function error(err) {
+        Notifications.error('Failure', err, 'Unable to delete webhook');
+      });
+    } else {
+      WebhookService.createServiceWebhook(service.Id,EndpointProvider.endpointID())
+      .then(function success(data) {
+        $scope.WebhookExists = true;
+        $scope.webhookID = data.Id;
+        $scope.webhookURL = WebhookHelper.returnWebhookUrl(data.Token);
+      })
+      .catch(function error(err) {
+        Notifications.error('Failure', err, 'Unable to create webhook');
+      });
+    }
+  };
+
+  $scope.copyWebhook = function copyWebhook(){
+    clipboard.copyText($scope.webhookURL);
+    $('#copyNotification').show();
+    $('#copyNotification').fadeOut(2000);
+  };
+
   $scope.cancelChanges = function cancelChanges(service, keys) {
     if (keys) { // clean out the keys only from the list of modified keys
       keys.forEach(function(key) {
@@ -340,6 +370,9 @@ function ($q, $scope, $transition$, $state, $location, $timeout, $anchorScroll,
   function removeService() {
     $scope.state.deletionInProgress = true;
     ServiceService.remove($scope.service)
+    .then(function success() {
+      return $q.when($scope.webhookID && WebhookService.deleteWebhook($scope.webhookID));
+    })
     .then(function success() {
       Notifications.success('Service successfully deleted');
       $state.go('docker.services', {});
@@ -445,7 +478,8 @@ function ($q, $scope, $transition$, $state, $location, $timeout, $anchorScroll,
         configs: apiVersion >= 1.30 ? ConfigService.configs() : [],
         availableImages: ImageService.images(),
         availableLoggingDrivers: PluginService.loggingPlugins(apiVersion < 1.25),
-        settings: SettingsService.publicSettings()
+        settings: SettingsService.publicSettings(),
+        webhooks: WebhookService.webhooks(service.Id, EndpointProvider.endpointID())
       });
     })
     .then(function success(data) {
@@ -459,6 +493,13 @@ function ($q, $scope, $transition$, $state, $location, $timeout, $anchorScroll,
       var userDetails = Authentication.getUserDetails();
       $scope.isAdmin = userDetails.role === 1;
 
+      if (data.webhooks.length > 0) {
+        var webhook = data.webhooks[0];
+        $scope.WebhookExists = true;
+        $scope.webhookID = webhook.Id;
+        $scope.webhookURL = WebhookHelper.returnWebhookUrl(webhook.Token);
+      }
+
       var tasks = data.tasks;
 
       if (agentProxy) {

app/portainer/__module.js

@@ -65,40 +65,6 @@ angular.module('portainer.app', [])
     }
   };
 
-  var init = {
-    name: 'portainer.init',
-    abstract: true,
-    url: '/init',
-    data: {
-      requiresLogin: false
-    },
-    views: {
-      'sidebar@': {}
-    }
-  };
-
-  var initEndpoint = {
-    name: 'portainer.init.endpoint',
-    url: '/endpoint',
-    views: {
-      'content@': {
-        templateUrl: 'app/portainer/views/init/endpoint/initEndpoint.html',
-        controller: 'InitEndpointController'
-      }
-    }
-  };
-
-  var initAdmin = {
-    name: 'portainer.init.admin',
-    url: '/admin',
-    views: {
-      'content@': {
-        templateUrl: 'app/portainer/views/init/admin/initAdmin.html',
-        controller: 'InitAdminController'
-      }
-    }
-  };
-
   var endpoints = {
     name: 'portainer.endpoints',
     url: '/endpoints',
@@ -198,6 +164,40 @@ angular.module('portainer.app', [])
     }
   };
 
+  var init = {
+    name: 'portainer.init',
+    abstract: true,
+    url: '/init',
+    data: {
+      requiresLogin: false
+    },
+    views: {
+      'sidebar@': {}
+    }
+  };
+
+  var initEndpoint = {
+    name: 'portainer.init.endpoint',
+    url: '/endpoint',
+    views: {
+      'content@': {
+        templateUrl: 'app/portainer/views/init/endpoint/initEndpoint.html',
+        controller: 'InitEndpointController'
+      }
+    }
+  };
+
+  var initAdmin = {
+    name: 'portainer.init.admin',
+    url: '/admin',
+    views: {
+      'content@': {
+        templateUrl: 'app/portainer/views/init/admin/initAdmin.html',
+        controller: 'InitAdminController'
+      }
+    }
+  };
+
   var registries = {
     name: 'portainer.registries',
     url: '/registries',
@@ -318,6 +318,18 @@ angular.module('portainer.app', [])
     }
   };
 
+  var updatePassword = {
+    name: 'portainer.updatePassword',
+    url: '/update-password',
+    views: {
+      'content@': {
+        templateUrl: 'app/portainer/views/update-password/updatePassword.html',
+        controller: 'UpdatePasswordController'
+      },
+      'sidebar@': {}
+    }
+  };
+
   var users = {
     name: 'portainer.users',
     url: '/users',
@@ -370,10 +382,6 @@ angular.module('portainer.app', [])
         templateUrl: 'app/portainer/views/templates/templates.html',
         controller: 'TemplatesController'
       }
-    },
-    params: {
-      key: 'containers',
-      hide_descriptions: false
     }
   };
 
@@ -404,9 +412,6 @@ angular.module('portainer.app', [])
   $stateRegistryProvider.register(about);
   $stateRegistryProvider.register(account);
   $stateRegistryProvider.register(authentication);
-  $stateRegistryProvider.register(init);
-  $stateRegistryProvider.register(initEndpoint);
-  $stateRegistryProvider.register(initAdmin);
   $stateRegistryProvider.register(endpoints);
   $stateRegistryProvider.register(endpoint);
   $stateRegistryProvider.register(endpointAccess);
@@ -416,6 +421,9 @@ angular.module('portainer.app', [])
   $stateRegistryProvider.register(groupAccess);
   $stateRegistryProvider.register(groupCreation);
   $stateRegistryProvider.register(home);
+  $stateRegistryProvider.register(init);
+  $stateRegistryProvider.register(initEndpoint);
+  $stateRegistryProvider.register(initAdmin);
   $stateRegistryProvider.register(registries);
   $stateRegistryProvider.register(registry);
   $stateRegistryProvider.register(registryAccess);
@@ -427,6 +435,7 @@ angular.module('portainer.app', [])
   $stateRegistryProvider.register(stackCreation);
   $stateRegistryProvider.register(support);
   $stateRegistryProvider.register(tags);
+  $stateRegistryProvider.register(updatePassword);
   $stateRegistryProvider.register(users);
   $stateRegistryProvider.register(user);
   $stateRegistryProvider.register(teams);

app/portainer/helpers/webhookHelper.js

@@ -0,0 +1,13 @@
+angular.module('portainer.app')
+.factory('WebhookHelper', ['$location', 'API_ENDPOINT_WEBHOOKS', function WebhookHelperFactory($location,API_ENDPOINT_WEBHOOKS) {
+  'use strict';
+  var helper = {};
+
+  helper.returnWebhookUrl = function(token) {
+    var displayPort = $location.protocol().toLowerCase() === 'http' && $location.port() === 80 || $location.protocol().toLowerCase() === 'https' && $location.port() === 443 ? '' : ':' + $location.port();
+    return $location.protocol() + '://' +  $location.host()
+    + displayPort + '/' + API_ENDPOINT_WEBHOOKS + '/' + token;
+  };
+
+  return helper;
+}]);

app/portainer/models/webhook.js

@@ -0,0 +1,7 @@
+function WebhookViewModel(data) {
+  this.Id = data.Id;
+  this.Token = data.Token;
+  this.ResourceId = data.ResourceID;
+  this.EndpointId = data.EndpointID;
+  this.WebhookType = data.WebhookType;
+}

app/portainer/rest/user.js

@@ -6,10 +6,9 @@ angular.module('portainer.app')
     query: { method: 'GET', isArray: true },
     get: { method: 'GET', params: { id: '@id' } },
     update: { method: 'PUT', params: { id: '@id' }, ignoreLoadingBar: true },
+    updatePassword: { method: 'PUT', params: { id: '@id', entity: 'passwd' } },
     remove: { method: 'DELETE', params: { id: '@id'} },
     queryMemberships: { method: 'GET', isArray: true, params: { id: '@id', entity: 'memberships' } },
-    // RPCs should be moved to a specific endpoint
-    checkPassword: { method: 'POST', params: { id: '@id', entity: 'passwd' }, ignoreLoadingBar: true },
     checkAdminUser: { method: 'GET', params: { id: 'admin', entity: 'check' }, isArray: true, ignoreLoadingBar: true },
     initAdminUser: { method: 'POST', params: { id: 'admin', entity: 'init' }, ignoreLoadingBar: true }
   });

app/portainer/rest/webhooks.js

@@ -0,0 +1,10 @@
+angular.module('portainer.app')
+.factory('Webhooks', ['$resource', 'API_ENDPOINT_WEBHOOKS',
+ function WebhooksFactory($resource, API_ENDPOINT_WEBHOOKS) {
+  'use strict';
+  return $resource(API_ENDPOINT_WEBHOOKS + '/:id', {}, {
+    query: { method: 'GET', isArray: true },
+    create: { method: 'POST' },
+    remove: { method: 'DELETE', params: { id: '@id'} }
+  });
+}]);

app/portainer/services/api/userService.js

@@ -73,24 +73,12 @@ angular.module('portainer.app')
   };
 
   service.updateUserPassword = function(id, currentPassword, newPassword) {
-    var deferred = $q.defer();
+    var payload = {
+      Password: currentPassword,
+      NewPassword: newPassword
+    };
 
-    Users.checkPassword({id: id}, {password: currentPassword}).$promise
-    .then(function success(data) {
-      if (!data.valid) {
-        deferred.reject({invalidPassword: true});
-      } else {
-        return service.updateUser(id, newPassword, undefined);
-      }
-    })
-    .then(function success() {
-      deferred.resolve();
-    })
-    .catch(function error(err) {
-      deferred.reject({msg: 'Unable to update user password', err: err});
-    });
-
-    return deferred.promise;
+    return Users.updatePassword({ id: id }, payload).$promise;
   };
 
   service.userMemberships = function(id) {

app/portainer/services/api/webhookService.js

@@ -0,0 +1,33 @@
+angular.module('portainer.app')
+.factory('WebhookService', ['$q', 'Webhooks', function WebhookServiceFactory($q, Webhooks) {
+  'use strict';
+  var service = {};
+
+  service.webhooks = function(serviceID, endpointID) {
+    var deferred = $q.defer();
+    var filters = { ResourceID: serviceID, EndpointID: endpointID };
+
+    Webhooks.query({ filters:filters }).$promise
+    .then(function success(data) {
+      var webhooks = data.map(function (item) {
+        return new WebhookViewModel(item);
+      });
+      deferred.resolve(webhooks);
+    })
+    .catch(function error(err) {
+      deferred.reject({msg: 'Unable to retrieve webhooks', err: err});
+    });
+
+    return deferred.promise;
+  };
+
+  service.createServiceWebhook = function(serviceID, endpointID) {
+    return Webhooks.create({ ResourceID: serviceID, EndpointID: endpointID, WebhookType: 1 }).$promise;
+  };
+
+  service.deleteWebhook = function(id) {
+    return Webhooks.remove({ id: id }).$promise;
+  };
+
+  return service;
+}]);

app/portainer/views/account/account.html

@@ -20,12 +20,6 @@
             </div>
           </div>
           <!-- !current-password-input -->
-          <div class="form-group" ng-if="invalidPassword">
-            <div class="col-sm-12">
-              <i class="fa fa-times red-icon" aria-hidden="true"></i>
-              <span class="small text-muted">Current password is not valid</span>
-            </div>
-          </div>
           <!-- new-password-input -->
           <div class="form-group">
             <label for="new_password" class="col-sm-2 control-label text-left">New password</label>

app/portainer/views/account/accountController.js

@@ -1,6 +1,6 @@
 angular.module('portainer.app')
-.controller('AccountController', ['$scope', '$state', '$sanitize', 'Authentication', 'UserService', 'Notifications', 'SettingsService',
-function ($scope, $state, $sanitize, Authentication, UserService, Notifications, SettingsService) {
+.controller('AccountController', ['$scope', '$state', 'Authentication', 'UserService', 'Notifications', 'SettingsService',
+function ($scope, $state, Authentication, UserService, Notifications, SettingsService) {
   $scope.formValues = {
     currentPassword: '',
     newPassword: '',
@@ -8,21 +8,13 @@ function ($scope, $state, $sanitize, Authentication, UserService, Notifications,
   };
 
   $scope.updatePassword = function() {
-    $scope.invalidPassword = false;
-    var currentPassword = $sanitize($scope.formValues.currentPassword);
-    var newPassword = $sanitize($scope.formValues.newPassword);
-
-    UserService.updateUserPassword($scope.userID, currentPassword, newPassword)
+    UserService.updateUserPassword($scope.userID, $scope.formValues.currentPassword, $scope.formValues.newPassword)
     .then(function success() {
       Notifications.success('Success', 'Password successfully updated');
       $state.reload();
     })
     .catch(function error(err) {
-      if (err.invalidPassword) {
-        $scope.invalidPassword = true;
-      } else {
       Notifications.error('Failure', err, err.msg);
-      }
     });
   };
 

app/portainer/views/auth/authController.js

@@ -1,6 +1,6 @@
 angular.module('portainer.app')
-.controller('AuthenticationController', ['$scope', '$state', '$transition$', '$sanitize', 'Authentication', 'UserService', 'EndpointService', 'StateManager', 'Notifications', 'SettingsService',
-function ($scope, $state, $transition$, $sanitize, Authentication, UserService, EndpointService, StateManager, Notifications, SettingsService) {
+.controller('AuthenticationController', ['$q', '$scope', '$state', '$transition$', '$sanitize', 'Authentication', 'UserService', 'EndpointService', 'StateManager', 'Notifications', 'SettingsService',
+function ($q, $scope, $state, $transition$, $sanitize, Authentication, UserService, EndpointService, StateManager, Notifications, SettingsService) {
 
   $scope.logo = StateManager.getState().application.logo;
 
@@ -13,6 +13,31 @@ function ($scope, $state, $transition$, $sanitize, Authentication, UserService,
     AuthenticationError: ''
   };
 
+  $scope.authenticateUser = function() {
+    var username = $scope.formValues.Username;
+    var password = $scope.formValues.Password;
+
+    Authentication.login(username, password)
+    .then(function success() {
+      checkForEndpoints();
+    })
+    .catch(function error() {
+      SettingsService.publicSettings()
+      .then(function success(settings) {
+        if (settings.AuthenticationMethod === 1) {
+          return Authentication.login($sanitize(username), $sanitize(password));
+        }
+        return $q.reject();
+      })
+      .then(function success() {
+        $state.go('portainer.updatePassword');
+      })
+      .catch(function error() {
+        $scope.state.AuthenticationError = 'Invalid credentials';
+      });
+    });
+  };
+
   function unauthenticatedFlow() {
     EndpointService.endpoints()
     .then(function success(endpoints) {
@@ -39,35 +64,22 @@ function ($scope, $state, $transition$, $sanitize, Authentication, UserService,
     });
   }
 
-  $scope.authenticateUser = function() {
-    var username = $scope.formValues.Username;
-    var password = $scope.formValues.Password;
-
-    SettingsService.publicSettings()
-    .then(function success(data) {
-      var settings = data;
-      if (settings.AuthenticationMethod === 1) {
-        username = $sanitize(username);
-        password = $sanitize(password);
-      }
-      return Authentication.login(username, password);
-    })
-    .then(function success() {
-      return EndpointService.endpoints();
-    })
+  function checkForEndpoints() {
+    EndpointService.endpoints()
     .then(function success(data) {
       var endpoints = data;
       var userDetails = Authentication.getUserDetails();
+
       if (endpoints.length === 0 && userDetails.role === 1) {
         $state.go('portainer.init.endpoint');
       } else {
         $state.go('portainer.home');
       }
     })
-    .catch(function error() {
-      $scope.state.AuthenticationError = 'Invalid credentials';
+    .catch(function error(err) {
+      Notifications.error('Failure', err, 'Unable to retrieve endpoints');
     });
-  };
+  }
 
   function initView() {
     if ($transition$.params().logout || $transition$.params().error) {

app/portainer/views/init/admin/initAdminController.js

@@ -1,6 +1,6 @@
 angular.module('portainer.app')
-.controller('InitAdminController', ['$scope', '$state', '$sanitize', 'Notifications', 'Authentication', 'StateManager', 'UserService', 'EndpointService',
-function ($scope, $state, $sanitize, Notifications, Authentication, StateManager, UserService, EndpointService) {
+.controller('InitAdminController', ['$scope', '$state', 'Notifications', 'Authentication', 'StateManager', 'UserService', 'EndpointService',
+function ($scope, $state, Notifications, Authentication, StateManager, UserService, EndpointService) {
 
   $scope.logo = StateManager.getState().application.logo;
 
@@ -15,8 +15,8 @@ function ($scope, $state, $sanitize, Notifications, Authentication, StateManager
   };
 
   $scope.createAdminUser = function() {
-    var username = $sanitize($scope.formValues.Username);
-    var password = $sanitize($scope.formValues.Password);
+    var username = $scope.formValues.Username;
+    var password = $scope.formValues.Password;
 
     $scope.state.actionInProgress = true;
     UserService.initAdministrator(username, password)

app/portainer/views/teams/teamsController.js

@@ -1,6 +1,6 @@
 angular.module('portainer.app')
-.controller('TeamsController', ['$q', '$scope', '$state', 'TeamService', 'UserService', 'ModalService', 'Notifications', 'Authentication',
-function ($q, $scope, $state, TeamService, UserService, ModalService, Notifications, Authentication) {
+.controller('TeamsController', ['$q', '$scope', '$state', '$sanitize', 'TeamService', 'UserService', 'ModalService', 'Notifications', 'Authentication',
+function ($q, $scope, $state, $sanitize, TeamService, UserService, ModalService, Notifications, Authentication) {
   $scope.state = {
     actionInProgress: false
   };
@@ -22,7 +22,7 @@ function ($q, $scope, $state, TeamService, UserService, ModalService, Notificati
   };
 
   $scope.addTeam = function() {
-    var teamName = $scope.formValues.Name;
+    var teamName = $sanitize($scope.formValues.Name);
     var leaderIds = [];
     angular.forEach($scope.formValues.Leaders, function(user) {
       leaderIds.push(user.Id);

app/portainer/views/update-password/updatePassword.html

@@ -0,0 +1,72 @@
+<div class="page-wrapper">
+  <!--  box -->
+  <div class="container simple-box">
+    <div class="col-md-8 col-md-offset-2 col-sm-10 col-sm-offset-1">
+      <!--  panel -->
+      <div class="panel panel-default">
+        <div class="panel-body">
+          <form class="simple-box-form form-horizontal" name="updatePasswordForm">
+          <!-- note -->
+          <div class="form-group">
+            <div class="col-sm-12">
+              <span class="small text-muted">
+                Your password must be updated.
+              </span>
+            </div>
+          </div>
+          <!-- !note -->
+          <!-- current-password-input -->
+          <div class="form-group">
+            <label for="current_password" class="col-sm-4 control-label text-left">Current password</label>
+            <div class="col-sm-8">
+              <input type="password" class="form-control" ng-model="formValues.CurrentPassword" id="current_password" auto-focus required>
+            </div>
+          </div>
+          <!-- !current-password-input -->
+          <!-- new-password-input -->
+          <div class="form-group">
+            <label for="password" class="col-sm-4 control-label text-left">Password</label>
+            <div class="col-sm-8">
+              <input type="password" class="form-control" ng-model="formValues.Password" id="password" required>
+            </div>
+          </div>
+          <!-- !new-password-input -->
+          <!-- confirm-password-input -->
+          <div class="form-group">
+            <label for="confirm_password" class="col-sm-4 control-label text-left">Confirm password</label>
+            <div class="col-sm-8">
+              <div class="input-group">
+                <input type="password" class="form-control" ng-model="formValues.ConfirmPassword" id="confirm_password" required>
+                <span class="input-group-addon"><i ng-class="{true: 'fa fa-check green-icon', false: 'fa fa-times red-icon'}[formValues.Password !== '' && formValues.Password === formValues.ConfirmPassword]" aria-hidden="true"></i></span>
+              </div>
+            </div>
+          </div>
+          <!-- !confirm-password-input -->
+          <!-- note -->
+          <div class="form-group">
+            <div class="col-sm-12">
+              <span class="small text-muted">
+                <i ng-class="{true: 'fa fa-check green-icon', false: 'fa fa-times red-icon'}[formValues.Password.length >= 8]" aria-hidden="true"></i>
+                The password must be at least 8 characters long
+              </span>
+            </div>
+          </div>
+          <!-- !note -->
+          <!-- actions -->
+          <div class="form-group">
+            <div class="col-sm-12">
+              <button type="submit" class="btn btn-primary btn-sm" ng-disabled="state.actionInProgress || !updatePasswordForm.$valid || formValues.Password.length < 8 || formValues.Password !== formValues.ConfirmPassword" ng-click="updatePassword()" button-spinner="state.actionInProgress">
+                <span ng-hide="state.actionInProgress">Update password</span>
+                <span ng-show="state.actionInProgress">Updating password...</span>
+              </button>
+            </div>
+          </div>
+          <!-- !actions -->
+          </form>
+        </div>
+      </div>
+      <!-- ! panel -->
+    </div>
+  </div>
+  <!-- ! box -->
+</div>

app/portainer/views/update-password/updatePasswordController.js

@@ -0,0 +1,38 @@
+angular.module('portainer.app')
+.controller('UpdatePasswordController', ['$scope', '$state', '$transition$', '$sanitize', 'UserService', 'Authentication', 'Notifications',
+function UpdatePasswordController($scope, $state, $transition$, $sanitize, UserService, Authentication, Notifications) {
+
+  $scope.formValues = {
+    CurrentPassword: '',
+    Password: '',
+    ConfirmPassword: ''
+  };
+
+  $scope.state = {
+    actionInProgress: false
+  };
+
+  $scope.updatePassword = function() {
+    var userId = Authentication.getUserDetails().ID;
+
+    $scope.state.actionInProgress = true;
+    UserService.updateUserPassword(userId, $sanitize($scope.formValues.CurrentPassword), $scope.formValues.Password)
+    .then(function success() {
+      $state.go('portainer.home');
+    })
+    .catch(function error(err) {
+      Notifications.error('Failure', err, 'Unable to update password');
+    })
+    .finally(function final() {
+      $scope.state.actionInProgress = false;
+    });
+  };
+
+  function initView() {
+    if (!Authentication.isAuthenticated()) {
+      $state.go('portainer.auth');
+    }
+  }
+
+  initView();
+}]);

app/portainer/views/users/usersController.js

@@ -1,6 +1,6 @@
 angular.module('portainer.app')
-.controller('UsersController', ['$q', '$scope', '$state', '$sanitize', 'UserService', 'TeamService', 'TeamMembershipService', 'ModalService', 'Notifications', 'Authentication', 'SettingsService',
-function ($q, $scope, $state, $sanitize, UserService, TeamService, TeamMembershipService, ModalService, Notifications, Authentication, SettingsService) {
+.controller('UsersController', ['$q', '$scope', '$state', 'UserService', 'TeamService', 'TeamMembershipService', 'ModalService', 'Notifications', 'Authentication', 'SettingsService',
+function ($q, $scope, $state, UserService, TeamService, TeamMembershipService, ModalService, Notifications, Authentication, SettingsService) {
   $scope.state = {
     userCreationError: '',
     validUsername: false,
@@ -30,8 +30,8 @@ function ($q, $scope, $state, $sanitize, UserService, TeamService, TeamMembershi
   $scope.addUser = function() {
     $scope.state.actionInProgress = true;
     $scope.state.userCreationError = '';
-    var username = $sanitize($scope.formValues.Username);
-    var password = $sanitize($scope.formValues.Password);
+    var username = $scope.formValues.Username;
+    var password = $scope.formValues.Password;
     var role = $scope.formValues.Administrator ? 1 : 2;
     var teamIds = [];
     angular.forEach($scope.formValues.Teams, function(team) {

build/build_in_container.sh

@@ -4,7 +4,7 @@ binary="portainer-$1-$2"
 
 mkdir -p dist
 
-docker run --rm -tv $(pwd)/api:/src -e BUILD_GOOS="$1" -e BUILD_GOARCH="$2" portainer/golang-builder:cross-platform /src/cmd/portainer
+docker run --rm -tv "$(pwd)/api:/src" -e BUILD_GOOS="$1" -e BUILD_GOARCH="$2" portainer/golang-builder:cross-platform /src/cmd/portainer
 
 mv "api/cmd/portainer/$binary" dist/
 #sha256sum "dist/$binary" > portainer-checksum.txt

index.html

@@ -36,8 +36,8 @@
 
 <body ng-controller="MainController">
   <div id="page-wrapper" ng-class="{
-    open: toggle && ['portainer.auth', 'portainer.init.admin', 'portainer.init.endpoint'].indexOf($state.current.name) === -1,
-    nopadding: ['portainer.auth', 'portainer.init.admin', 'portainer.init.endpoint'].indexOf($state.current.name) > -1 || applicationState.loading
+    open: toggle && ['portainer.auth', 'portainer.updatePassword', 'portainer.init.admin', 'portainer.init.endpoint'].indexOf($state.current.name) === -1,
+    nopadding: ['portainer.auth', 'portainer.updatePassword', 'portainer.init.admin', 'portainer.init.endpoint'].indexOf($state.current.name) > -1 || applicationState.loading
   }"
   ng-cloak>
     <div id="sideview" ui-view="sidebar" ng-if="!applicationState.loading"></div>