diff --git a/.github/workflows/.trivyignore b/.github/workflows/.trivyignore index eb6c319..fc2a6c1 100644 --- a/.github/workflows/.trivyignore +++ b/.github/workflows/.trivyignore @@ -1,3 +1,11 @@ +#Waiting for libc6 2.36-9+deb12u4+: +CVE-2024-2961 +#Waiting for libexpat1 2.5.0-1+: +CVE-2023-52425 +#Waiting for libharfbuzz0b 6.0.0+dfsg-3+: +CVE-2023-25193 +#Waiting for zlib1g 1:1.2.13.dfsg-1+: +CVE-2023-45853 #Waiting for logback 1.3+: CVE-2023-6378 CVE-2023-6481 \ No newline at end of file diff --git a/arlas-iam-core/src/main/java/io/arlas/iam/util/ArlasMessage.java b/arlas-iam-core/src/main/java/io/arlas/iam/util/ArlasMessage.java new file mode 100644 index 0000000..6b1fa71 --- /dev/null +++ b/arlas-iam-core/src/main/java/io/arlas/iam/util/ArlasMessage.java @@ -0,0 +1,17 @@ +package io.arlas.iam.util; + + +public class ArlasMessage { + public String getMessage() { + return message; + } + + public void setMessage(String message) { + this.message = message; + } + + public String message; + public ArlasMessage(String message) { + this.message = message; + } +} diff --git a/arlas-iam-rest/src/main/java/io/arlas/iam/rest/service/IAMRestService.java b/arlas-iam-rest/src/main/java/io/arlas/iam/rest/service/IAMRestService.java index 0ca10c2..2183454 100644 --- a/arlas-iam-rest/src/main/java/io/arlas/iam/rest/service/IAMRestService.java +++ b/arlas-iam-rest/src/main/java/io/arlas/iam/rest/service/IAMRestService.java @@ -14,6 +14,7 @@ import io.arlas.iam.rest.model.input.*; import io.arlas.iam.rest.model.output.*; import io.arlas.iam.util.ArlasAuthServerConfiguration; +import io.arlas.iam.util.ArlasMessage; import io.dropwizard.hibernate.UnitOfWork; import io.swagger.annotations.*; import org.slf4j.Logger; @@ -96,11 +97,11 @@ private void logUAM(HttpServletRequest request, HttpHeaders headers, String oid, @Timed @Path("auth") @GET - @Produces(MediaType.TEXT_PLAIN) + @Produces(UTF8JSON) @Consumes(UTF8JSON) @ApiOperation(authorizations = @Authorization("JWT"), value = "Validate authentication to another URI", - produces = MediaType.TEXT_PLAIN, + produces = UTF8JSON, consumes = UTF8JSON ) @ApiResponses(value = {@ApiResponse(code = 200, message = "Successful operation", response = String.class), @@ -113,8 +114,8 @@ public Response forwardAuth( @Context UriInfo uriInfo ) { return Response.ok(uriInfo.getRequestUriBuilder().build()) - .entity("ok") - .type(MediaType.TEXT_PLAIN_TYPE) + .entity(new ArlasMessage("ok")) + .type(MediaType.APPLICATION_JSON_TYPE) .build(); } @@ -185,7 +186,7 @@ public Response logout( return Response.ok(uriInfo.getRequestUriBuilder().build()) .entity("Session deleted.") .header("Set-Cookie", "refresh_token=; Max-Age=0") - .type(MediaType.TEXT_PLAIN_TYPE) + .type(MediaType.APPLICATION_JSON_TYPE) .build(); } @@ -298,8 +299,8 @@ public Response deleteApiKey( authService.deleteApiKey(getUser(headers), UUID.fromString(uid), UUID.fromString(oid), UUID.fromString(kid)); logUAM(request, headers, "users", String.format("delete-api-key (id=%s)", kid)); return Response.accepted(uriInfo.getRequestUriBuilder().build()) - .entity("Api key deleted.") - .type(MediaType.TEXT_PLAIN_TYPE) + .entity(new ArlasMessage("Api key deleted.")) + .type(MediaType.APPLICATION_JSON_TYPE) .build(); } @@ -361,8 +362,8 @@ public Response askPasswordReset( authService.askPasswordReset(email); logUAM(request, headers, "users", "ask-password-reset"); return Response.ok(uriInfo.getRequestUriBuilder().build()) - .entity("ok") - .type(MediaType.TEXT_PLAIN) + .entity(new ArlasMessage("ok")) + .type(MediaType.APPLICATION_JSON_TYPE) .build(); } @@ -499,8 +500,8 @@ public Response deleteUser( authService.deleteUser(UUID.fromString(id)); logUAM(request, headers, "users", "delete-user-account"); return Response.accepted(uriInfo.getRequestUriBuilder().build()) - .entity("User deleted.") - .type(MediaType.TEXT_PLAIN_TYPE) + .entity(new ArlasMessage("User deleted.")) + .type(MediaType.APPLICATION_JSON_TYPE) .build(); } @@ -631,8 +632,8 @@ public Response deleteOrganisation( authService.deleteOrganisation(getUser(headers), UUID.fromString(oid)); logUAM(request, headers, oid, "organisations", "delete-organisation"); return Response.accepted(uriInfo.getRequestUriBuilder().build()) - .entity("organisation deleted") - .type(MediaType.TEXT_PLAIN_TYPE) + .entity(new ArlasMessage("organisation deleted")) + .type(MediaType.APPLICATION_JSON_TYPE) .build(); } @@ -920,8 +921,8 @@ public Response removeNameFromForbiddenOrganisation( authService.removeForbiddenOrganisation(getUser(headers), name); logUAM(request, headers, "stoplist", String.format("remove-forbidden-name (name=%s)", name)); return Response.accepted(uriInfo.getRequestUriBuilder().build()) - .entity("ok") - .type(MediaType.TEXT_PLAIN) + .entity(new ArlasMessage("ok")) + .type(MediaType.APPLICATION_JSON_TYPE) .build(); } @@ -1775,7 +1776,7 @@ public Response getPermissionToken( ) throws ArlasException { return Response.ok(uriInfo.getRequestUriBuilder().build()) .entity(authService.createPermissionToken(headers, orgFilter)) - .type(MediaType.TEXT_PLAIN_TYPE) + .type(MediaType.APPLICATION_JSON_TYPE) .build(); } diff --git a/docker/docker-files/Dockerfile b/docker/docker-files/Dockerfile index b16f118..bf4f150 100644 --- a/docker/docker-files/Dockerfile +++ b/docker/docker-files/Dockerfile @@ -17,7 +17,7 @@ RUN mvn install \ ################### # PACKAGING STAGE # ################### -FROM gisaia/arlas-openjdk-17-distroless:20240325094836 +FROM gisaia/arlas-openjdk-17-distroless:20240422170042 # application placed into /opt/app WORKDIR /opt/app diff --git a/docker/docker-files/Dockerfile-package-only b/docker/docker-files/Dockerfile-package-only index 8042c36..f343ecb 100644 --- a/docker/docker-files/Dockerfile-package-only +++ b/docker/docker-files/Dockerfile-package-only @@ -1,7 +1,7 @@ ################### # PACKAGING STAGE # ################### -FROM gisaia/arlas-openjdk-17-distroless:20240325094836 +FROM gisaia/arlas-openjdk-17-distroless:20240422170042 # application placed into /opt/app WORKDIR /opt/app