[Task] Update schema require

config/authorization.yaml

@@ -13,5 +13,6 @@ services:
     tags: [ 'controller.service_arguments' ]
 
 
-  Pimcore\Bundle\StudioBackendBundle\Authorization\Service\TokenServiceInterface:
-    class: Pimcore\Bundle\StudioBackendBundle\Authorization\Service\TokenService
+  Pimcore\Bundle\StudioBackendBundle\Authorization\EventSubscriber\LogoutSubscriber:
+    tags:
+      - { name: 'kernel.event_subscriber', dispatcher: 'security.event_dispatcher.pimcore_studio' }

config/pimcore/config.yaml

@@ -1,3 +1,7 @@
+imports:
+    - { resource: security.yaml }
+    - { resource: firewall.yaml }
+
 pimcore:
     translations:
         domains:

config/pimcore/firewall.yaml

@@ -0,0 +1,14 @@
+pimcore_studio_backend:
+  security_firewall:
+    pattern: ^/studio/api(/.*)?$
+    user_checker: Pimcore\Security\User\UserChecker
+    context: pimcore_admin
+    provider: pimcore_studio_backend
+    stateless: false
+    login_throttling:
+      max_attempts: 3
+      interval: '5 minutes'
+    logout:
+      path: pimcore_studio_api_logout
+    json_login:
+      check_path: pimcore_studio_api_login

config/pimcore/security.yaml

@@ -0,0 +1,4 @@
+security:
+  providers:
+    pimcore_studio_backend:
+      id: Pimcore\Security\User\UserProvider

doc/01_Installation.md

@@ -37,4 +37,17 @@ bin/console pimcore:bundle:install PimcoreStudioBackendBundle
 ## Setting up generic data index
 Pimcore Studio Backend also requires the installation and setup of the generic data index. 
 The bundle is required by default and also automatically enabled in the bundles.
-To install the generic data index refer to [Generic-Data-Index](https://github.com/pimcore/generic-data-index-bundle?tab=readme-ov-file)
+To install the generic data index refer to [Generic-Data-Index](https://github.com/pimcore/generic-data-index-bundle?tab=readme-ov-file)
+
+## Enable Firewall settings
+
+To enable the firewall settings, add the following configuration to your `config/packages/security.yaml` file:
+
+```yaml
+security:
+    firewalls: 
+        pimcore_studio: '%pimcore_studio_backend.firewall_settings%'
+    access_control:
+      - { path: ^/studio/api/(docs|docs.json|translations)$, roles: PUBLIC_ACCESS }
+      - { path: ^/studio, roles: ROLE_PIMCORE_USER }
+```

src/Asset/Attributes/Request/UpdateAssetRequestBody.php

@@ -34,6 +34,7 @@ public function __construct()
         parent::__construct(
             required: true,
             content: new JsonContent(
+                required: ['data'],
                 properties: [
                     new Property('data',
                         properties: [

src/Asset/Controller/CollectionController.php

@@ -73,7 +73,6 @@ public function __construct(
         operationId: 'getAssets',
         description: 'Get paginated assets',
         summary: 'Get all assets',
-        security: self::SECURITY_SCHEME,
         tags: [Tags::Assets->name]
     )]
     #[PageParameter]

src/Asset/Controller/CustomSettingsController.php

@@ -55,7 +55,6 @@ public function __construct(
         operationId: 'getAssetCustomSettingsById',
         description: 'Get custom settings of an asset by its id by path parameter',
         summary: 'Get custom settings of an asset by id',
-        security: self::SECURITY_SCHEME,
         tags: [Tags::Assets->name]
     )]
     #[IdParameter(type: 'asset')]

src/Asset/Controller/Data/TextController.php

@@ -58,7 +58,6 @@ public function __construct(
         path: self::API_PATH . '/assets/{id}/text',
         operationId: 'getAssetDataTextById',
         summary: 'Get asset data in text UTF8 representation by id',
-        security: self::SECURITY_SCHEME,
         tags: [Tags::Assets->name]
     )]
     #[IdParameter(type: 'asset')]

src/Asset/Controller/GetController.php

@@ -54,7 +54,6 @@ public function __construct(
         operationId: 'getAssetById',
         description: 'Get assets by id by path parameter',
         summary: 'Get assets by id',
-        security: self::SECURITY_SCHEME,
         tags: [Tags::Assets->name]
     )]
     #[IdParameter(type: 'asset')]

src/Asset/Controller/UpdateController.php

@@ -54,7 +54,6 @@ public function __construct(
         operationId: 'updateAssetById',
         description: 'Update assets by id',
         summary: 'Update asset',
-        security: self::SECURITY_SCHEME,
         tags: [Tags::Assets->name]
     )]
     #[IdParameter(type: 'asset')]

src/Asset/Schema/Asset.php

@@ -29,6 +29,16 @@
  */
 #[Schema(
     title: 'Asset',
+    required: [
+        'iconName',
+        'hasChildren',
+        'type',
+        'filename',
+        'mimeType',
+        'metaData',
+        'hasWorkflowWithPermissions',
+        'fullPath'
+    ],
     type: 'object'
 )]
 class Asset extends Element implements AdditionalAttributesInterface

src/Asset/Schema/CustomSettings/FixedCustomSettings.php

@@ -25,6 +25,7 @@
  */
 #[Schema(
     title: 'FixedCustomSettings',
+    required: ['embeddedMetaData', 'embeddedMetaDataExtracted'],
     type: 'object'
 )]
 final readonly class FixedCustomSettings

src/Asset/Schema/Type/Document.php

@@ -22,6 +22,10 @@
 
 #[Schema(
     title: 'Document',
+    required: [
+        'pageCount',
+        'imageThumbnailPath'
+    ],
     type: 'object'
 )]
 class Document extends Asset

src/Asset/Schema/Type/Image.php

@@ -22,6 +22,14 @@
 
 #[Schema(
     title: 'Image',
+    required: [
+        'format',
+        'width',
+        'height',
+        'isVectorGraphic',
+        'isAnimated',
+        'imageThumbnailPath'
+    ],
     type: 'object'
 )]
 final class Image extends Asset

src/Asset/Schema/Type/Image/FocalPoint.php

@@ -24,6 +24,10 @@
  */
 #[Schema(
     title: 'FocalPoint',
+    required: [
+        'x',
+        'y'
+    ],
     type: 'object'
 )]
 final readonly class FocalPoint

src/Authorization/Attributes/Request/TokenRequestBody.php → src/Authorization/Attributes/Response/InvalidCredentialsResponse.php

@@ -14,21 +14,25 @@
  *  @license    http://www.pimcore.org/license     GPLv3 and PCL
  */
 
-namespace Pimcore\Bundle\StudioBackendBundle\Authorization\Attributes\Request;
+namespace Pimcore\Bundle\StudioBackendBundle\Authorization\Attributes\Response;
 
 use Attribute;
 use OpenApi\Attributes\JsonContent;
-use OpenApi\Attributes\RequestBody;
-use Pimcore\Bundle\StudioBackendBundle\Authorization\Schema\Refresh;
+use OpenApi\Attributes\Response;
+use Pimcore\Bundle\StudioBackendBundle\Authorization\Schema\InvalidCredentials;
 
+/**
+ * @internal
+ */
 #[Attribute(Attribute::TARGET_METHOD)]
-final class TokenRequestBody extends RequestBody
+final class InvalidCredentialsResponse extends Response
 {
     public function __construct()
     {
         parent::__construct(
-            required: true,
-            content: new JsonContent(ref: Refresh::class)
+            response: 401,
+            description: 'Invalid credentials Response',
+            content: new JsonContent(ref: InvalidCredentials::class)
         );
     }
 }

src/Authorization/Controller/LoginController.php

@@ -0,0 +1,59 @@
+<?php
+declare(strict_types=1);
+
+/**
+ * Pimcore
+ *
+ * This source file is available under two different licenses:
+ * - GNU General Public License version 3 (GPLv3)
+ * - Pimcore Commercial License (PCL)
+ * Full copyright and license information is available in
+ * LICENSE.md which is distributed with this source code.
+ *
+ *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
+ *  @license    http://www.pimcore.org/license     GPLv3 and PCL
+ */
+
+namespace Pimcore\Bundle\StudioBackendBundle\Authorization\Controller;
+
+use OpenApi\Attributes\JsonContent;
+use OpenApi\Attributes\Post;
+use Pimcore\Bundle\StudioBackendBundle\Authorization\Attributes\Request\CredentialsRequestBody;
+use Pimcore\Bundle\StudioBackendBundle\Authorization\Attributes\Response\InvalidCredentialsResponse;
+use Pimcore\Bundle\StudioBackendBundle\Authorization\Schema\LoginSuccess;
+use Pimcore\Bundle\StudioBackendBundle\Controller\AbstractApiController;
+use Pimcore\Bundle\StudioBackendBundle\OpenApi\Attributes\Response\DefaultResponses;
+use Pimcore\Bundle\StudioBackendBundle\OpenApi\Attributes\Response\SuccessResponse;
+use Pimcore\Bundle\StudioBackendBundle\OpenApi\Config\Tags;
+use Pimcore\Security\User\User;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\Routing\Attribute\Route;
+use Symfony\Component\Security\Http\Attribute\CurrentUser;
+
+/**
+ * @internal
+ */
+final class LoginController extends AbstractApiController
+{
+    #[Route('/login', name: 'pimcore_studio_api_login', methods: ['POST'])]
+    #[Post(
+        path: self::API_PATH . '/login',
+        operationId: 'login',
+        summary: 'Login with user credentials and get access token',
+        tags: [Tags::Authorization->name]
+    )]
+    #[CredentialsRequestBody]
+    #[SuccessResponse(
+        description: 'Login successful',
+        content: new JsonContent(ref: LoginSuccess::class)
+    )]
+    #[InvalidCredentialsResponse]
+    #[DefaultResponses]
+    public function login(#[CurrentUser] User $user): JsonResponse
+    {
+        return $this->jsonResponse([
+            'username' => $user->getUserIdentifier(),
+            'roles' => $user->getRoles(),
+        ]);
+    }
+}