Fix: return JSON for all enpoints

.github/workflows/.trivyignore

@@ -1,3 +1,11 @@
+#Waiting for libc6 2.36-9+deb12u4+:
+CVE-2024-2961
+#Waiting for libexpat1 2.5.0-1+:
+CVE-2023-52425
+#Waiting for libharfbuzz0b 6.0.0+dfsg-3+:
+CVE-2023-25193
+#Waiting for zlib1g 1:1.2.13.dfsg-1+:
+CVE-2023-45853
 #Waiting for logback 1.3+:
 CVE-2023-6378
 CVE-2023-6481

arlas-iam-core/src/main/java/io/arlas/iam/util/ArlasMessage.java

@@ -0,0 +1,17 @@
+package io.arlas.iam.util;
+
+
+public class ArlasMessage {
+    public String getMessage() {
+        return message;
+    }
+
+    public void setMessage(String message) {
+        this.message = message;
+    }
+
+    public String message;
+    public ArlasMessage(String message) {
+        this.message = message;
+    }
+}

arlas-iam-rest/src/main/java/io/arlas/iam/rest/service/IAMRestService.java

@@ -14,6 +14,7 @@
 import io.arlas.iam.rest.model.input.*;
 import io.arlas.iam.rest.model.output.*;
 import io.arlas.iam.util.ArlasAuthServerConfiguration;
+import io.arlas.iam.util.ArlasMessage;
 import io.dropwizard.hibernate.UnitOfWork;
 import io.swagger.annotations.*;
 import org.slf4j.Logger;
@@ -96,11 +97,11 @@ private void logUAM(HttpServletRequest request, HttpHeaders headers, String oid,
     @Timed
     @Path("auth")
     @GET
-    @Produces(MediaType.TEXT_PLAIN)
+    @Produces(UTF8JSON)
     @Consumes(UTF8JSON)
     @ApiOperation(authorizations = @Authorization("JWT"),
             value = "Validate authentication to another URI",
-            produces = MediaType.TEXT_PLAIN,
+            produces = UTF8JSON,
             consumes = UTF8JSON
     )
     @ApiResponses(value = {@ApiResponse(code = 200, message = "Successful operation", response = String.class),
@@ -113,8 +114,8 @@ public Response forwardAuth(
             @Context UriInfo uriInfo
     ) {
         return Response.ok(uriInfo.getRequestUriBuilder().build())
-                .entity("ok")
-                .type(MediaType.TEXT_PLAIN_TYPE)
+                .entity(new ArlasMessage("ok"))
+                .type(MediaType.APPLICATION_JSON_TYPE)
                 .build();
     }
 
@@ -185,7 +186,7 @@ public Response logout(
         return Response.ok(uriInfo.getRequestUriBuilder().build())
                 .entity("Session deleted.")
                 .header("Set-Cookie", "refresh_token=; Max-Age=0")
-                .type(MediaType.TEXT_PLAIN_TYPE)
+                .type(MediaType.APPLICATION_JSON_TYPE)
                 .build();
     }
 
@@ -298,8 +299,8 @@ public Response deleteApiKey(
         authService.deleteApiKey(getUser(headers), UUID.fromString(uid), UUID.fromString(oid), UUID.fromString(kid));
         logUAM(request, headers,  "users", String.format("delete-api-key (id=%s)", kid));
         return Response.accepted(uriInfo.getRequestUriBuilder().build())
-                .entity("Api key deleted.")
-                .type(MediaType.TEXT_PLAIN_TYPE)
+                .entity(new ArlasMessage("Api key deleted."))
+                .type(MediaType.APPLICATION_JSON_TYPE)
                 .build();
 
     }
@@ -361,8 +362,8 @@ public Response askPasswordReset(
         authService.askPasswordReset(email);
         logUAM(request, headers,  "users", "ask-password-reset");
         return Response.ok(uriInfo.getRequestUriBuilder().build())
-                .entity("ok")
-                .type(MediaType.TEXT_PLAIN)
+                .entity(new ArlasMessage("ok"))
+                .type(MediaType.APPLICATION_JSON_TYPE)
                 .build();
     }
 
@@ -499,8 +500,8 @@ public Response deleteUser(
         authService.deleteUser(UUID.fromString(id));
         logUAM(request, headers,  "users", "delete-user-account");
         return Response.accepted(uriInfo.getRequestUriBuilder().build())
-                .entity("User deleted.")
-                .type(MediaType.TEXT_PLAIN_TYPE)
+                .entity(new ArlasMessage("User deleted."))
+                .type(MediaType.APPLICATION_JSON_TYPE)
                 .build();
 
     }
@@ -631,8 +632,8 @@ public Response deleteOrganisation(
         authService.deleteOrganisation(getUser(headers), UUID.fromString(oid));
         logUAM(request, headers,  oid, "organisations", "delete-organisation");
         return Response.accepted(uriInfo.getRequestUriBuilder().build())
-                .entity("organisation deleted")
-                .type(MediaType.TEXT_PLAIN_TYPE)
+                .entity(new ArlasMessage("organisation deleted"))
+                .type(MediaType.APPLICATION_JSON_TYPE)
                 .build();
     }
 
@@ -920,8 +921,8 @@ public Response removeNameFromForbiddenOrganisation(
         authService.removeForbiddenOrganisation(getUser(headers), name);
         logUAM(request, headers,  "stoplist", String.format("remove-forbidden-name (name=%s)", name));
         return Response.accepted(uriInfo.getRequestUriBuilder().build())
-                .entity("ok")
-                .type(MediaType.TEXT_PLAIN)
+                .entity(new ArlasMessage("ok"))
+                .type(MediaType.APPLICATION_JSON_TYPE)
                 .build();
     }
 
@@ -1775,7 +1776,7 @@ public Response getPermissionToken(
     ) throws ArlasException {
         return Response.ok(uriInfo.getRequestUriBuilder().build())
                 .entity(authService.createPermissionToken(headers, orgFilter))
-                .type(MediaType.TEXT_PLAIN_TYPE)
+                .type(MediaType.APPLICATION_JSON_TYPE)
                 .build();
     }
 

docker/docker-files/Dockerfile

@@ -17,7 +17,7 @@ RUN mvn install \
 ###################
 # PACKAGING STAGE #
 ###################
-FROM gisaia/arlas-openjdk-17-distroless:20240325094836
+FROM gisaia/arlas-openjdk-17-distroless:20240422170042
 
 # application placed into /opt/app
 WORKDIR /opt/app

docker/docker-files/Dockerfile-package-only

@@ -1,7 +1,7 @@
 ###################
 # PACKAGING STAGE #
 ###################
-FROM gisaia/arlas-openjdk-17-distroless:20240325094836
+FROM gisaia/arlas-openjdk-17-distroless:20240422170042
 
 # application placed into /opt/app
 WORKDIR /opt/app