Merge branch 'new-ui-with-sync-image' of https://github.com/vmware/harbor into new-ui-with-sync-image

2024-09-20 23:49:51 +00:00 · 2016-07-06 16:39:53 +08:00 · 2016-07-06 16:39:53 +08:00 · 1e0f31ac13
commit 1e0f31ac13
parent bf06a2e1b0 efd2ce9dd7
20 changed files with 396 additions and 202 deletions
--- a/api/replication_job.go
+++ b/api/replication_job.go
@ -61,6 +61,7 @@ func (ra *RepJobAPI) List() {
 	var policyID int64
 	var repository, status string
 	var startTime, endTime *time.Time
+	var num int
 	var err error

 	policyIDStr := ra.GetString("policy_id")
@ -71,6 +72,17 @@ func (ra *RepJobAPI) List() {
 		}
 	}

+	numStr := ra.GetString("num")
+	if len(numStr) != 0 {
+		num, err = strconv.Atoi(numStr)
+		if err != nil {
+			ra.CustomAbort(http.StatusBadRequest, fmt.Sprintf("invalid num: %s", numStr))
+		}
+	}
+	if num <= 0 {
+		num = 200
+	}
+
 	endTimeStr := ra.GetString("end_time")
 	if len(endTimeStr) != 0 {
 		i, err := strconv.ParseInt(endTimeStr, 10, 64)
@ -100,7 +112,7 @@ func (ra *RepJobAPI) List() {
 	repository = ra.GetString("repository")
 	status = ra.GetString("status")

-	jobs, err := dao.FilterRepJobs(policyID, repository, status, startTime, endTime, 1000)
+	jobs, err := dao.FilterRepJobs(policyID, repository, status, startTime, endTime, num)
 	if err != nil {
 		log.Errorf("failed to filter jobs according policy ID %d, repository %s, status %s: %v", policyID, repository, status, err)
 		ra.RenderError(http.StatusInternalServerError, "Failed to query job")
--- a/api/repository.go
+++ b/api/repository.go
@ -39,8 +39,6 @@ import (

 // RepositoryAPI handles request to /api/repositories /api/repositories/tags /api/repositories/manifests, the parm has to be put
 // in the query string as the web framework can not parse the URL if it contains veriadic sectors.
-// For repostiories, we won't check the session in this API due to search functionality, querying manifest will be contorlled by
-// the security of registry
 type RepositoryAPI struct {
 	BaseAPI
 }
@ -115,6 +113,20 @@ func (ra *RepositoryAPI) Delete() {
 		ra.CustomAbort(http.StatusBadRequest, "repo_name is nil")
 	}

+	projectName := getProjectName(repoName)
+	project, err := dao.GetProjectByName(projectName)
+	if err != nil {
+		log.Errorf("failed to get project %s: %v", projectName, err)
+		ra.CustomAbort(http.StatusInternalServerError, "")
+	}
+
+	if project.Public == 0 {
+		userID := ra.ValidateUser()
+		if !hasProjectAdminRole(userID, project.ProjectID) {
+			ra.CustomAbort(http.StatusForbidden, "")
+		}
+	}
+
 	rc, err := ra.initRepositoryClient(repoName)
 	if err != nil {
 		log.Errorf("error occurred while initializing repository client for %s: %v", repoName, err)
@ -144,10 +156,6 @@ func (ra *RepositoryAPI) Delete() {
 		tags = append(tags, tag)
 	}

-	project := ""
-	if strings.Contains(repoName, "/") {
-		project = repoName[0:strings.LastIndex(repoName, "/")]
-	}
 	user, _, ok := ra.Ctx.Request.BasicAuth()
 	if !ok {
 		user, err = ra.getUsername()
@ -169,7 +177,7 @@ func (ra *RepositoryAPI) Delete() {
 		go TriggerReplicationByRepository(repoName, []string{t}, models.RepOpDelete)

 		go func(tag string) {
-			if err := dao.AccessLog(user, project, repoName, tag, "delete"); err != nil {
+			if err := dao.AccessLog(user, projectName, repoName, tag, "delete"); err != nil {
 				log.Errorf("failed to add access log: %v", err)
 			}
 		}(t)
@ -195,6 +203,20 @@ func (ra *RepositoryAPI) GetTags() {
 		ra.CustomAbort(http.StatusBadRequest, "repo_name is nil")
 	}

+	projectName := getProjectName(repoName)
+	project, err := dao.GetProjectByName(projectName)
+	if err != nil {
+		log.Errorf("failed to get project %s: %v", projectName, err)
+		ra.CustomAbort(http.StatusInternalServerError, "")
+	}
+
+	if project.Public == 0 {
+		userID := ra.ValidateUser()
+		if !checkProjectPermission(userID, project.ProjectID) {
+			ra.CustomAbort(http.StatusForbidden, "")
+		}
+	}
+
 	rc, err := ra.initRepositoryClient(repoName)
 	if err != nil {
 		log.Errorf("error occurred while initializing repository client for %s: %v", repoName, err)
@ -230,6 +252,20 @@ func (ra *RepositoryAPI) GetManifests() {
 		ra.CustomAbort(http.StatusBadRequest, "repo_name or tag is nil")
 	}

+	projectName := getProjectName(repoName)
+	project, err := dao.GetProjectByName(projectName)
+	if err != nil {
+		log.Errorf("failed to get project %s: %v", projectName, err)
+		ra.CustomAbort(http.StatusInternalServerError, "")
+	}
+
+	if project.Public == 0 {
+		userID := ra.ValidateUser()
+		if !checkProjectPermission(userID, project.ProjectID) {
+			ra.CustomAbort(http.StatusForbidden, "")
+		}
+	}
+
 	rc, err := ra.initRepositoryClient(repoName)
 	if err != nil {
 		log.Errorf("error occurred while initializing repository client for %s: %v", repoName, err)
@ -362,3 +398,11 @@ func newRepositoryClient(endpoint string, insecure bool, username, password, rep
 	}
 	return client, nil
 }
+
+func getProjectName(repository string) string {
+	project := ""
+	if strings.Contains(repository, "/") {
+		project = repository[0:strings.LastIndex(repository, "/")]
+	}
+	return project
+}
--- a/controllers/changepassword.go
+++ b/controllers/changepassword.go
@ -0,0 +1,11 @@
+package controllers
+
+// ChangePasswordController handles request to /change_password
+type ChangePasswordController struct {
+	BaseController
+}
+
+// Get renders the change password page
+func (asc *ChangePasswordController) Get() {
+	asc.Forward("page_title_change_password", "change-password.htm")
+}
--- a/dao/dao_test.go
+++ b/dao/dao_test.go
@ -1139,24 +1139,40 @@ func TestGetRepPolicyByProject(t *testing.T) {
 func TestGetRepJobByPolicy(t *testing.T) {
 	jobs, err := GetRepJobByPolicy(999)
 	if err != nil {
-		log.Errorf("Error occured in GetRepJobByPolicy: %v, policy ID: %d", err, 999)
+		t.Errorf("Error occured in GetRepJobByPolicy: %v, policy ID: %d", err, 999)
 		return
 	}
 	if len(jobs) > 0 {
-		log.Errorf("Unexpected length of jobs, expected: 0, in fact: %d", len(jobs))
+		t.Errorf("Unexpected length of jobs, expected: 0, in fact: %d", len(jobs))
 		return
 	}
 	jobs, err = GetRepJobByPolicy(policyID)
 	if err != nil {
-		log.Errorf("Error occured in GetRepJobByPolicy: %v, policy ID: %d", err, policyID)
+		t.Errorf("Error occured in GetRepJobByPolicy: %v, policy ID: %d", err, policyID)
 		return
 	}
 	if len(jobs) != 1 {
-		log.Errorf("Unexpected length of jobs, expected: 1, in fact: %d", len(jobs))
+		t.Errorf("Unexpected length of jobs, expected: 1, in fact: %d", len(jobs))
 		return
 	}
 	if jobs[0].ID != jobID {
-		log.Errorf("Unexpected job ID in the result, expected: %d, in fact: %d", jobID, jobs[0].ID)
+		t.Errorf("Unexpected job ID in the result, expected: %d, in fact: %d", jobID, jobs[0].ID)
+		return
+	}
+}
+
+func TestFilterRepJobs(t *testing.T) {
+	jobs, err := FilterRepJobs(policyID, "", "", nil, nil, 1000)
+	if err != nil {
+		t.Errorf("Error occured in FilterRepJobs: %v, policy ID: %d", err, policyID)
+		return
+	}
+	if len(jobs) != 1 {
+		t.Errorf("Unexpected length of jobs, expected: 1, in fact: %d", len(jobs))
+		return
+	}
+	if jobs[0].ID != jobID {
+		t.Errorf("Unexpected job ID in the result, expected: %d, in fact: %d", jobID, jobs[0].ID)
 		return
 	}
 }
@ -1179,22 +1195,6 @@ func TestDeleteRepJob(t *testing.T) {
 	}
 }

-func TestFilterRepJobs(t *testing.T) {
-	jobs, err := FilterRepJobs(policyID, "", "", nil, nil, 1000)
-	if err != nil {
-		log.Errorf("Error occured in FilterRepJobs: %v, policy ID: %d", err, policyID)
-		return
-	}
-	if len(jobs) != 1 {
-		log.Errorf("Unexpected length of jobs, expected: 1, in fact: %d", len(jobs))
-		return
-	}
-	if jobs[0].ID != jobID {
-		log.Errorf("Unexpected job ID in the result, expected: %d, in fact: %d", jobID, jobs[0].ID)
-		return
-	}
-}
-
 func TestGetRepoJobToStop(t *testing.T) {
 	jobs := [...]models.RepJob{
 		models.RepJob{
@ -1265,7 +1265,7 @@ func TestDeleteRepTarget(t *testing.T) {
 func TestFilterRepPolicies(t *testing.T) {
 	_, err := FilterRepPolicies("name", 0)
 	if err != nil {
-		t.Fatalf("failed to filter policy")
+		t.Fatalf("failed to filter policy: %v", err)
 	}
 }

--- a/dao/replication_job.go
+++ b/dao/replication_job.go
@ -150,10 +150,13 @@ func FilterRepPolicies(name string, projectID int64) ([]*models.RepPolicy, error

 	sql := `select rp.id, rp.project_id, p.name as project_name, rp.target_id, 
 				rt.name as target_name, rp.name, rp.enabled, rp.description,
-				rp.cron_str, rp.start_time, rp.creation_time, rp.update_time  
+				rp.cron_str, rp.start_time, rp.creation_time, rp.update_time, 
+				count(rj.status) as error_job_count 
 			from replication_policy rp 
-			join project p on rp.project_id=p.project_id 
-			join replication_target rt on rp.target_id=rt.id `
+			left join project p on rp.project_id=p.project_id 
+			left join replication_target rt on rp.target_id=rt.id 
+			left join replication_job rj on rp.id=rj.policy_id and (rj.status="error" 
+				or rj.status="retrying") `

 	if len(name) != 0 && projectID != 0 {
 		sql += `where rp.name like ? and rp.project_id = ? `
@ -167,7 +170,7 @@ func FilterRepPolicies(name string, projectID int64) ([]*models.RepPolicy, error
 		args = append(args, projectID)
 	}

-	sql += `order by rp.creation_time`
+	sql += `group by rp.id order by rp.creation_time`

 	var policies []*models.RepPolicy
 	if _, err := o.Raw(sql, args).QueryRows(&policies); err != nil {
--- a/job/replication/delete.go
+++ b/job/replication/delete.go
@ -44,14 +44,7 @@ type Deleter struct {
 }

 // NewDeleter returns a Deleter
-func NewDeleter(repository string, tags []string, dstURL, dstUsr, dstPwd string, insecure bool, logger *log.Logger) (*Deleter, error) {
-	dstCred := auth.NewBasicAuthCredential(dstUsr, dstPwd)
-	dstClient, err := newRepositoryClient(dstURL, insecure, dstCred,
-		repository, "repository", repository, "pull", "push", "*")
-	if err != nil {
-		return nil, err
-	}
-
+func NewDeleter(repository string, tags []string, dstURL, dstUsr, dstPwd string, insecure bool, logger *log.Logger) *Deleter {
 	deleter := &Deleter{
 		repository: repository,
 		tags:       tags,
@ -59,12 +52,11 @@ func NewDeleter(repository string, tags []string, dstURL, dstUsr, dstPwd string,
 		dstUsr:     dstUsr,
 		dstPwd:     dstPwd,
 		insecure:   insecure,
-		dstClient:  dstClient,
 		logger:     logger,
 	}
 	deleter.logger.Infof("initialization completed: repository: %s, tags: %v, destination URL: %s, insecure: %v, destination user: %s",
 		deleter.repository, deleter.tags, deleter.dstURL, deleter.insecure, deleter.dstUsr)
-	return deleter, nil
+	return deleter
 }

 // Exit ...
@ -81,10 +73,18 @@ func (d *Deleter) Enter() (string, error) {
 	}

 	return state, err
-
 }

 func (d *Deleter) enter() (string, error) {
+	dstCred := auth.NewBasicAuthCredential(d.dstUsr, d.dstPwd)
+	dstClient, err := newRepositoryClient(d.dstURL, d.insecure, dstCred,
+		d.repository, "repository", d.repository, "pull", "push", "*")
+	if err != nil {
+		d.logger.Errorf("an error occurred while creating destination repository client: %v", err)
+		return "", err
+	}
+
+	d.dstClient = dstClient

 	if len(d.tags) == 0 {
 		tags, err := d.dstClient.ListTag()
--- a/job/replication/error.go
+++ b/job/replication/error.go
@ -23,7 +23,7 @@ func retry(err error) bool {
 	if err == nil {
 		return false
 	}
-	return isTemporary(err)
+	return isNetworkErr(err)
 }

 func isTemporary(err error) bool {
@ -32,3 +32,8 @@ func isTemporary(err error) bool {
 	}
 	return false
 }
+
+func isNetworkErr(err error) bool {
+	_, ok := err.(net.Error)
+	return ok
+}
--- a/job/replication/transfer.go
+++ b/job/replication/transfer.go
@ -35,6 +35,8 @@ import (
 )

 const (
+	// StateInitialize ...
+	StateInitialize = "initialize"
 	// StateCheck ...
 	StateCheck = "check"
 	// StatePullManifest ...
@ -56,7 +58,8 @@ type BaseHandler struct {
 	repository string // prject_name/repo_name
 	tags       []string

-	srcURL string // url of source registry
+	srcURL    string // url of source registry
+	srcSecret string

 	dstURL string // url of target registry
 	dstUsr string // username ...
@ -76,18 +79,15 @@ type BaseHandler struct {
 	logger *log.Logger
 }

-// InitBaseHandler initializes a BaseHandler: creating clients for source and destination registry,
-// listing tags of the repository if parameter tags is nil.
+// InitBaseHandler initializes a BaseHandler.
 func InitBaseHandler(repository, srcURL, srcSecret,
-	dstURL, dstUsr, dstPwd string, insecure bool, tags []string, logger *log.Logger) (*BaseHandler, error) {
-
-	logger.Infof("initializing: repository: %s, tags: %v, source URL: %s, destination URL: %s, insecure: %v, destination user: %s",
-		repository, tags, srcURL, dstURL, insecure, dstUsr)
+	dstURL, dstUsr, dstPwd string, insecure bool, tags []string, logger *log.Logger) *BaseHandler {

 	base := &BaseHandler{
 		repository:     repository,
 		tags:           tags,
 		srcURL:         srcURL,
+		srcSecret:      srcSecret,
 		dstURL:         dstURL,
 		dstUsr:         dstUsr,
 		dstPwd:         dstPwd,
@ -98,39 +98,7 @@ func InitBaseHandler(repository, srcURL, srcSecret,

 	base.project = getProjectName(base.repository)

-	c := &http.Cookie{Name: models.UISecretCookie, Value: srcSecret}
-	srcCred := auth.NewCookieCredential(c)
-	//	srcCred := auth.NewBasicAuthCredential("admin", "Harbor12345")
-	srcClient, err := newRepositoryClient(base.srcURL, base.insecure, srcCred,
-		base.repository, "repository", base.repository, "pull", "push", "*")
-	if err != nil {
-		base.logger.Errorf("an error occurred while creating source repository client: %v", err)
-		return nil, err
-	}
-	base.srcClient = srcClient
-
-	dstCred := auth.NewBasicAuthCredential(base.dstUsr, base.dstPwd)
-	dstClient, err := newRepositoryClient(base.dstURL, base.insecure, dstCred,
-		base.repository, "repository", base.repository, "pull", "push", "*")
-	if err != nil {
-		base.logger.Errorf("an error occurred while creating destination repository client: %v", err)
-		return nil, err
-	}
-	base.dstClient = dstClient
-
-	if len(base.tags) == 0 {
-		tags, err := base.srcClient.ListTag()
-		if err != nil {
-			base.logger.Errorf("an error occurred while listing tags for source repository: %v", err)
-			return nil, err
-		}
-		base.tags = tags
-	}
-
-	base.logger.Infof("initialization completed: project: %s, repository: %s, tags: %v, source URL: %s, destination URL: %s, insecure: %v, destination user: %s",
-		base.project, base.repository, base.tags, base.srcURL, base.dstURL, base.insecure, base.dstUsr)
-
-	return base, nil
+	return base
 }

 // Exit ...
@ -144,6 +112,61 @@ func getProjectName(repository string) string {
 	return repository[:strings.LastIndex(repository, "/")]
 }

+// Initializer creates clients for source and destination registry,
+// lists tags of the repository if parameter tags is nil.
+type Initializer struct {
+	*BaseHandler
+}
+
+// Enter ...
+func (i *Initializer) Enter() (string, error) {
+	i.logger.Infof("initializing: repository: %s, tags: %v, source URL: %s, destination URL: %s, insecure: %v, destination user: %s",
+		i.repository, i.tags, i.srcURL, i.dstURL, i.insecure, i.dstUsr)
+
+	state, err := i.enter()
+	if err != nil && retry(err) {
+		i.logger.Info("waiting for retrying...")
+		return models.JobRetrying, nil
+	}
+
+	return state, err
+}
+
+func (i *Initializer) enter() (string, error) {
+	c := &http.Cookie{Name: models.UISecretCookie, Value: i.srcSecret}
+	srcCred := auth.NewCookieCredential(c)
+	srcClient, err := newRepositoryClient(i.srcURL, i.insecure, srcCred,
+		i.repository, "repository", i.repository, "pull", "push", "*")
+	if err != nil {
+		i.logger.Errorf("an error occurred while creating source repository client: %v", err)
+		return "", err
+	}
+	i.srcClient = srcClient
+
+	dstCred := auth.NewBasicAuthCredential(i.dstUsr, i.dstPwd)
+	dstClient, err := newRepositoryClient(i.dstURL, i.insecure, dstCred,
+		i.repository, "repository", i.repository, "pull", "push", "*")
+	if err != nil {
+		i.logger.Errorf("an error occurred while creating destination repository client: %v", err)
+		return "", err
+	}
+	i.dstClient = dstClient
+
+	if len(i.tags) == 0 {
+		tags, err := i.srcClient.ListTag()
+		if err != nil {
+			i.logger.Errorf("an error occurred while listing tags for source repository: %v", err)
+			return "", err
+		}
+		i.tags = tags
+	}
+
+	i.logger.Infof("initialization completed: project: %s, repository: %s, tags: %v, source URL: %s, destination URL: %s, insecure: %v, destination user: %s",
+		i.project, i.repository, i.tags, i.srcURL, i.dstURL, i.insecure, i.dstUsr)
+
+	return StateCheck, nil
+}
+
 // Checker checks the existence of project and the user's privlege to the project
 type Checker struct {
 	*BaseHandler
@ -159,7 +182,6 @@ func (c *Checker) Enter() (string, error) {
 	}

 	return state, err
-
 }

 func (c *Checker) enter() (string, error) {
--- a/job/statemachine.go
+++ b/job/statemachine.go
@ -252,9 +252,9 @@ func (sm *SM) Reset(jid int64) error {

 	switch sm.Parms.Operation {
 	case models.RepOpTransfer:
-		err = addImgTransferTransition(sm)
+		addImgTransferTransition(sm)
 	case models.RepOpDelete:
-		err = addImgDeleteTransition(sm)
+		addImgDeleteTransition(sm)
 	default:
 		err = fmt.Errorf("unsupported operation: %s", sm.Parms.Operation)
 	}
@ -268,31 +268,24 @@ func addTestTransition(sm *SM) error {
 	return nil
 }

-func addImgTransferTransition(sm *SM) error {
-	base, err := replication.InitBaseHandler(sm.Parms.Repository, sm.Parms.LocalRegURL, config.UISecret(),
+func addImgTransferTransition(sm *SM) {
+	base := replication.InitBaseHandler(sm.Parms.Repository, sm.Parms.LocalRegURL, config.UISecret(),
 		sm.Parms.TargetURL, sm.Parms.TargetUsername, sm.Parms.TargetPassword,
 		sm.Parms.Insecure, sm.Parms.Tags, sm.Logger)
-	if err != nil {
-		return err
-	}
-	sm.AddTransition(models.JobRunning, replication.StateCheck, &replication.Checker{BaseHandler: base})
+
+	sm.AddTransition(models.JobRunning, replication.StateInitialize, &replication.Initializer{BaseHandler: base})
+	sm.AddTransition(replication.StateInitialize, replication.StateCheck, &replication.Checker{BaseHandler: base})
 	sm.AddTransition(replication.StateCheck, replication.StatePullManifest, &replication.ManifestPuller{BaseHandler: base})
 	sm.AddTransition(replication.StatePullManifest, replication.StateTransferBlob, &replication.BlobTransfer{BaseHandler: base})
 	sm.AddTransition(replication.StatePullManifest, models.JobFinished, &StatusUpdater{sm.JobID, models.JobFinished})
 	sm.AddTransition(replication.StateTransferBlob, replication.StatePushManifest, &replication.ManifestPusher{BaseHandler: base})
 	sm.AddTransition(replication.StatePushManifest, replication.StatePullManifest, &replication.ManifestPuller{BaseHandler: base})
-	return nil
 }

-func addImgDeleteTransition(sm *SM) error {
-	deleter, err := replication.NewDeleter(sm.Parms.Repository, sm.Parms.Tags, sm.Parms.TargetURL,
+func addImgDeleteTransition(sm *SM) {
+	deleter := replication.NewDeleter(sm.Parms.Repository, sm.Parms.Tags, sm.Parms.TargetURL,
 		sm.Parms.TargetUsername, sm.Parms.TargetPassword, sm.Parms.Insecure, sm.Logger)
-	if err != nil {
-		return err
-	}

 	sm.AddTransition(models.JobRunning, replication.StateDelete, deleter)
 	sm.AddTransition(replication.StateDelete, models.JobFinished, &StatusUpdater{sm.JobID, models.JobFinished})
-
-	return nil
 }
--- a/models/replication_job.go
+++ b/models/replication_job.go
@ -56,12 +56,13 @@ type RepPolicy struct {
 	TargetName  string `json:"target_name,omitempty"`
 	Name        string `orm:"column(name)" json:"name"`
 	//	Target       RepTarget `orm:"-" json:"target"`
-	Enabled      int       `orm:"column(enabled)" json:"enabled"`
-	Description  string    `orm:"column(description)" json:"description"`
-	CronStr      string    `orm:"column(cron_str)" json:"cron_str"`
-	StartTime    time.Time `orm:"column(start_time)" json:"start_time"`
-	CreationTime time.Time `orm:"column(creation_time);auto_now_add" json:"creation_time"`
-	UpdateTime   time.Time `orm:"column(update_time);auto_now" json:"update_time"`
+	Enabled       int       `orm:"column(enabled)" json:"enabled"`
+	Description   string    `orm:"column(description)" json:"description"`
+	CronStr       string    `orm:"column(cron_str)" json:"cron_str"`
+	StartTime     time.Time `orm:"column(start_time)" json:"start_time"`
+	CreationTime  time.Time `orm:"column(creation_time);auto_now_add" json:"creation_time"`
+	UpdateTime    time.Time `orm:"column(update_time);auto_now" json:"update_time"`
+	ErrorJobCount int       `json:"error_job_count"`
 }

 // Valid ...
--- a/static/resources/js/harbor.module.js
+++ b/static/resources/js/harbor.module.js
@ -13,6 +13,7 @@
      'harbor.layout.sign.up',
      'harbor.layout.add.new',
      'harbor.layout.account.setting',
+      'harbor.layout.change.password',
      'harbor.layout.forgot.password',
      'harbor.layout.reset.password',
      'harbor.layout.index',
@ -48,4 +49,4 @@
      'harbor.inline.help',
      'harbor.dismissable.alerts'
    ]);
-})();
+})();
--- a/static/resources/js/layout/account-setting/account-setting.controller.js
+++ b/static/resources/js/layout/account-setting/account-setting.controller.js
@ -17,7 +17,6 @@
    vm.errorMessage = '';
    
    vm.reset = reset;    
-    vm.toggleChangePassword = toggleChangePassword;
    vm.confirm = confirm;
    vm.updateUser = updateUser;
    vm.cancel = cancel;
@ -52,14 +51,6 @@
      vm.errorMessage = '';
    }
     
-    function toggleChangePassword() {
-      if(vm.isOpen) {
-        vm.isOpen = false;
-      }else{
-        vm.isOpen = true;
-      }     
-    }
-    
    function confirm() {     
      $window.location.href = '/dashboard';
    }    
@ -67,37 +58,14 @@
    function updateUser(user) {
      vm.confirmOnly = true;
      vm.action = vm.confirm;
-      if(vm.isOpen){
-        if(user && angular.isDefined(user.oldPassword) && angular.isDefined(user.password)) {
-          ChangePasswordService(userId, user.oldPassword, user.password)
-            .success(changePasswordSuccess)
-            .error(changePasswordFailed);
-        }
-      }else{
-        if(user && angular.isDefined(user.username) && angular.isDefined(user.password) && 
-            angular.isDefined(user.realname)) {
-          UpdateUserService(userId, user)
-            .success(updateUserSuccess)
-            .error(updateUserFailed); 
-          currentUser.set(user);        
-        }
+      if(user && angular.isDefined(user.username) && angular.isDefined(user.realname)) {
+        UpdateUserService(userId, user)
+          .success(updateUserSuccess)
+          .error(updateUserFailed); 
+        currentUser.set(user);        
      }
    }
-    
-    function changePasswordSuccess(data, status) {
-      vm.modalTitle = $filter('tr')('change_password', []);
-      vm.modalMessage = $filter('tr')('successful_changed_password', []);
-      $scope.$broadcast('showDialog', true);
-    }
-    
-    function changePasswordFailed(data, status) {
-      console.log('Failed to changed password:' + data);
-      if(data == 'old_password_is_not_correct') {
-        vm.hasError = true;
-        vm.errorMessage = 'old_password_is_incorrect';
-      }
-    }
-    
+        
    function updateUserSuccess(data, status) {
      vm.modalTitle = $filter('tr')('change_profile', []);
      vm.modalMessage = $filter('tr')('successful_changed_profile', []);
@ -123,4 +91,4 @@
    
  }
  
-})();
+})();
--- a/static/resources/js/layout/change-password/change-password.controller.js
+++ b/static/resources/js/layout/change-password/change-password.controller.js
@ -0,0 +1,96 @@
+(function() {
+  
+  'use strict';
+  
+  angular
+    .module('harbor.layout.change.password')
+    .controller('ChangePasswordController', ChangePasswordController);
+  
+  ChangePasswordController.$inject = ['ChangePasswordService', 'UpdateUserService', '$filter', 'trFilter', '$scope', '$window', 'currentUser'];
+  
+  function ChangePasswordController(ChangePasswordService, UpdateUserService, $filter, trFilter, $scope, $window, currentUser) {
+
+    var vm = this;
+    vm.isOpen = false;
+ 
+    vm.hasError = false;
+    vm.errorMessage = '';
+    
+    vm.reset = reset;    
+    
+    vm.confirm = confirm;
+    vm.updatePassword = updatePassword;
+    vm.cancel = cancel;
+    
+    $scope.user = currentUser.get();
+    var userId = $scope.user.user_id;
+
+    //Error message dialog handler for account setting.
+    $scope.$on('modalTitle', function(e, val) {
+      vm.modalTitle = val;
+    });
+    
+    $scope.$on('modalMessage', function(e, val) {
+      vm.modalMessage = val;
+    });
+       
+    $scope.$on('raiseError', function(e, val) {
+      if(val) {   
+        vm.action = function() {
+          $scope.$broadcast('showDialog', false);
+        };
+        vm.contentType = 'text/plain';    
+        vm.confirmOnly = true;  
+        $scope.$broadcast('showDialog', true);
+      }
+    });
+        
+    function reset() {
+      $scope.form.$setUntouched();
+      $scope.form.$setPristine();
+      vm.hasError = false;
+      vm.errorMessage = '';
+    }
+     
+    function confirm() {     
+      $window.location.href = '/dashboard';
+    }    
+                
+    function updatePassword(user) {
+      if(user && angular.isDefined(user.oldPassword) && angular.isDefined(user.password)) {
+        vm.action = vm.confirm;
+        ChangePasswordService(userId, user.oldPassword, user.password)
+          .success(changePasswordSuccess)
+          .error(changePasswordFailed);
+      }
+     
+    }
+    
+    function changePasswordSuccess(data, status) {
+      vm.modalTitle = $filter('tr')('change_password', []);
+      vm.modalMessage = $filter('tr')('successful_changed_password', []);
+      $scope.$broadcast('showDialog', true);
+    }
+    
+    function changePasswordFailed(data, status) {
+
+      var message;
+      $scope.$emit('modalTitle', $filter('tr')('error'));
+      console.log('Failed to change password:' + data);
+      if(data == 'old_password_is_not_correct') {
+        message = $filter('tr')('old_password_is_incorrect');
+      }else{
+        message = $filter('tr')('failed_to_change_password');
+      }
+
+      $scope.$emit('modalMessage', message);
+      $scope.$emit('raiseError', true);
+    }
+    
+    function cancel(form) {
+      $window.location.href = '/dashboard';
+    }
+    
+  }
+  
+})();
--- a/static/resources/js/layout/change-password/change-password.module.js
+++ b/static/resources/js/layout/change-password/change-password.module.js
@ -0,0 +1,9 @@
+(function() {
+  
+  'use strict';
+  
+  angular
+    .module('harbor.layout.change.password', [
+    'harbor.services.user']);
+  
+})();
--- a/static/resources/js/services/i18n/locale_messages_en-US.js
+++ b/static/resources/js/services/i18n/locale_messages_en-US.js
@ -48,6 +48,7 @@ var locale_messages = {
  'forgot_password_description': 'Please input the Email used when you signed up, a reset password Email will be sent to you.',
  'reset_password': 'Reset Password',
  'successful_reset_password': 'Password has been reset successfully.',
+  'failed_to_change_password': 'Failed to change password.',
  'summary': 'Summary',
  'projects': 'Projects',
  'public_projects': 'Public Projects', 
@ -250,4 +251,4 @@ var locale_messages = {
  'inline_help_publicity': 'Setting the project as public.',
  'alert_job_contains_error': 'Found errors in the current replication jobs, please look into it.',
  'caution': 'Caution'
-};
+};
--- a/static/resources/js/services/i18n/locale_messages_zh-CN.js
+++ b/static/resources/js/services/i18n/locale_messages_zh-CN.js
@ -48,6 +48,7 @@ var locale_messages = {
  'forgot_password_description': '重置邮件将发送到此邮箱。',
  'reset_password': '重置密码',
  'successful_reset_password': '重置密码成功。',
+  'failed_to_change_password': '修改密码失败。',
  'summary': '摘要',
  'projects': '项目',
  'public_projects': '公开项目',
@ -250,4 +251,4 @@ var locale_messages = {
  'inline_help_publicity': '设置该项目为公开。',
  'alert_job_contains_error': '当前复制任务中包含错误，请检查。',
  'caution': '注意'
-};
+};
--- a/ui/router.go
+++ b/ui/router.go
@ -37,6 +37,7 @@ func initRouters() {
 	beego.Router("/sign_up", &controllers.SignUpController{})
 	beego.Router("/add_new", &controllers.AddNewController{})
 	beego.Router("/account_setting", &controllers.AccountSettingController{})
+	beego.Router("/change_password", &controllers.ChangePasswordController{})
 	beego.Router("/admin_option", &controllers.AdminOptionController{})
 	beego.Router("/forgot_password", &controllers.ForgotPasswordController{})
 	beego.Router("/reset_password", &controllers.ResetPasswordController{})
--- a/views/account-settings.htm
+++ b/views/account-settings.htm
@ -15,8 +15,8 @@
            <div class="form-group">
              <label for="email" class="col-sm-3 control-label">// 'email' | tr //:</label>
              <div class="col-sm-7">
-                <input type="email" class="form-control" id="email" ng-model="user.email" name="uEmail"  ng-disabled="vm.isOpen" required>
-                <div ng-messages="form.$submitted && form.uEmail.$error">
+                <input type="email" class="form-control" id="email" ng-model="user.email" name="uEmail"  required>
+                <div class="error-message" ng-messages="form.uEmail.$touched && form.uEmail.$error">
                  <span ng-message="required">// 'email_is_required' | tr //</span>
                  <span ng-message="email">// 'email_content_illegal' | tr //</span>
                </div>
@ -28,8 +28,8 @@
            <div class="form-group">
              <label for="fullName" class="col-sm-3 control-label">// 'full_name' | tr //:</label>
              <div class="col-sm-7"> 
-                <input type="text" class="form-control" id="fullName" ng-model="user.realname" name="uFullName" ng-disabled="vm.isOpen" required maxlength="20" invalid-chars>
-                <div ng-messages="form.$submitted && form.uFullName.$error">
+                <input type="text" class="form-control" id="fullName" ng-model="user.realname" name="uFullName" required maxlength="20" invalid-chars>
+                <div class="error-message" ng-messages="form.uFullName.$touched && form.uFullName.$error">
                  <span ng-message="required">// 'full_name_is_required' | tr //</span>
                  <span ng-message="invalidChars">// 'full_name_contains_illegal_chars' | tr //</span>
                  <span ng-message="maxlength">// 'full_name_is_too_long' | tr //</span>
@ -42,59 +42,19 @@
            <div class="form-group">
              <label for="comments" class="col-sm-3 control-label">// 'comments' | tr //:</label>
              <div class="col-sm-7">
-                <input type="text" class="form-control" id="comments" ng-model="user.comment" name="uComments" ng-disabled="vm.isOpen" maxlength="20">
-                <div ng-messages="form.$submitted && form.uComments.$error">
+                <input type="text" class="form-control" id="comments" ng-model="user.comment" name="uComments" maxlength="20">
+                <div class="error-message" ng-messages="form.uComments.$touched && form.uComments.$error">
                  <span ng-show="maxlength">// 'comment_is_too_long' | tr //</span>
                </div>
              </div>
            </div>          
            <div class="form-group">
-              <label for="toggleChangePassword" class="col-sm-3 control-label"><a id="toggleChangePassword" href="#" ng-click="vm.toggleChangePassword()">// 'change_password' | tr //</a></label>
-            </div>
-            <div ng-show="vm.isOpen">
-              <hr/>
-              <div class="form-group">
-                <label for="oldPassword" class="col-sm-3 control-label">// 'old_password' | tr //:</label>
-                <div class="col-sm-7">
-                  <input type="password" class="form-control" id="oldPassword" ng-model="user.oldPassword" ng-change="vm.reset()" name="uOldPassword" required>
-                  <div class="error-message" ng-messages="vm.isOpen && form.$submitted && form.uOldPassword.$touched && form.uOldPassword.$error">
-                    <span ng-message="required">// 'old_password_is_required' | tr //</span>
-                  </div> 
-                </div>
-                <div class="col-sm-2">
-                  <span class="asterisk">*</span>
-                </div>
-              </div>
-              <div class="form-group">
-                <label for="password" class="col-sm-3 control-label">// 'new_password' | tr //:</label>
-                <div class="col-sm-7">
-                  <input type="password" class="form-control" id="password" ng-model="user.password" ng-change="vm.reset()" name="uPassword" required password>
-                  <div class="error-message" ng-messages="vm.isOpen && form.$submitted && form.uPassword.$touched && form.uPassword.$error">
-                    <span ng-message="required">// 'password_is_required' | tr //</span>
-                    <span ng-message="password">// 'password_is_invalid' | tr //</span>
-                  </div>
-                  <p class="help-block small-size-fonts">// 'password_desc' | tr //</p>
-                </div>
-                <div class="col-sm-2">
-                  <span class="asterisk">*</span>
-                </div>
-              </div>
-              <div class="form-group">
-                <label for="confirmPassword" class="col-sm-3 control-label">// 'confirm_password' | tr //:</label>
-                <div class="col-sm-7">
-                  <input type="password" class="form-control" id="confirmPassword" ng-model="user.confirmPassword" ng-change="vm.reset()" name="uConfirmPassword" ng-model-options="{ updateOn: 'blur' }" compare-to="user.password">
-                  <div class="error-message" ng-messages="vm.isOpen && form.$submitted && form.uConfirmPassword.$touched && form.uConfirmPassword.$error">
-                    <span ng-message="compareTo">// 'password_does_not_match' | tr //</span>
-                  </div>
-                </div>
-                <div class="col-sm-2">
-                  <span class="asterisk">*</span>
-                </div>
-              </div>
+              <label for="toggleChangePassword" class="col-sm-3 control-label"><a id="toggleChangePassword" href="/change_password" >// 'change_password' | tr //</a></label>
            </div>
+            
            <div class="form-group">
              <div class="col-md-offset-7 col-md-10">
-                <input type="submit" class="btn btn-primary" ng-click="vm.updateUser(user)" value="// 'save' | tr //">                    
+                <input type="submit" class="btn btn-primary" ng-click="form.$valid && vm.updateUser(user)" value="// 'save' | tr //">                    
                <input type="button" class="btn btn-default" ng-click="vm.cancel(form)" value="// 'cancel' | tr //">
              </div>
            </div>  
@ -106,4 +66,4 @@
      </div>
    </div>
  </div>
-</div>
+</div>
--- a/views/change-password.htm
+++ b/views/change-password.htm
@ -0,0 +1,63 @@
+<div class="container-fluid container-fluid-custom" element-height ng-controller="ChangePasswordController as vm">
+  <modal-dialog modal-title="// vm.modalTitle //" modal-message="// vm.modalMessage //" confirm-only="vm.confirmOnly" action="vm.action()"></modal-dialog>
+  <div class="container container-custom">
+    <div class="row extend-height">
+	    <div class="section">
+		    <h1 class="col-md-12 col-md-offset-2 main-title title-color">// 'change_password' | tr //</h1>
+        <div class="col-md-12 col-md-offset-2 main-content">
+          <form name="form" class="css-form form-horizontal" novalidate>              
+            <div>
+              <div class="form-group">
+                <label for="oldPassword" class="col-sm-3 control-label">// 'old_password' | tr //:</label>
+                <div class="col-sm-7">
+                  <input type="password" class="form-control" id="oldPassword" ng-model="user.oldPassword" ng-change="vm.reset()" name="uOldPassword" required>
+                  <div class="error-message" ng-messages="form.uOldPassword.$touched && form.uOldPassword.$error">
+                    <span ng-message="required">// 'old_password_is_required' | tr //</span>
+                  </div> 
+                </div>
+                <div class="col-sm-2">
+                  <span class="asterisk">*</span>
+                </div>
+              </div>
+              <div class="form-group">
+                <label for="password" class="col-sm-3 control-label">// 'new_password' | tr //:</label>
+                <div class="col-sm-7">
+                  <input type="password" class="form-control" id="password" ng-model="user.password" ng-change="vm.reset()" name="uPassword" required password>
+                  <div class="error-message" ng-messages="form.uPassword.$touched && form.uPassword.$error">
+                    <span ng-message="required">// 'password_is_required' | tr //</span>
+                    <span ng-message="password">// 'password_is_invalid' | tr //</span>
+                  </div>
+                  <p class="help-block small-size-fonts">// 'password_desc' | tr //</p>
+                </div>
+                <div class="col-sm-2">
+                  <span class="asterisk">*</span>
+                </div>
+              </div>
+              <div class="form-group">
+                <label for="confirmPassword" class="col-sm-3 control-label">// 'confirm_password' | tr //:</label>
+                <div class="col-sm-7">
+                  <input type="password" class="form-control" id="confirmPassword" ng-model="user.confirmPassword" ng-change="vm.reset()" name="uConfirmPassword" ng-model-options="{ updateOn: 'blur' }" compare-to="user.password">
+                  <div class="error-message" ng-messages="form.uConfirmPassword.$touched && form.uConfirmPassword.$error">
+                    <span ng-message="compareTo">// 'password_does_not_match' | tr //</span>
+                  </div>
+                </div>
+                <div class="col-sm-2">
+                  <span class="asterisk">*</span>
+                </div>
+              </div>
+            </div>
+            <div class="form-group">
+              <div class="col-md-offset-7 col-md-10">
+                <input type="submit" class="btn btn-primary" ng-click="form.$valid && vm.updatePassword(user)" value="// 'save' | tr //">                    
+                <input type="button" class="btn btn-default" ng-click="vm.cancel(form)" value="// 'cancel' | tr //">
+              </div>
+            </div>  
+            <div class="error-message">
+              <span ng-show="vm.hasError">// vm.errorMessage | tr //</span>
+            </div>
+          </form>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
--- a/views/sections/header-include.htm
+++ b/views/sections/header-include.htm
@ -66,6 +66,9 @@
 <script src="/static/resources/js/layout/forgot-password/forgot-password.module.js"></script>
 <script src="/static/resources/js/layout/forgot-password/forgot-password.controller.js"></script>

+<script src="/static/resources/js/layout/change-password/change-password.module.js"></script>
+<script src="/static/resources/js/layout/change-password/change-password.controller.js"></script>
+
 <script src="/static/resources/js/layout/reset-password/reset-password.module.js"></script>
 <script src="/static/resources/js/layout/reset-password/reset-password.controller.js"></script>

@ -243,4 +246,4 @@
 <script src="/static/resources/js/components/inline-help/inline-help.directive.js"></script>

 <script src="/static/resources/js/components/dismissable-alerts/dismissable-alerts.module.js"></script>
-<script src="/static/resources/js/components/dismissable-alerts/dismissable-alerts.directive.js"></script>
+<script src="/static/resources/js/components/dismissable-alerts/dismissable-alerts.directive.js"></script>