From 2e76c426b9e66ece90cee803765dda81b754c195 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Fri, 4 Sep 2020 11:53:40 +0200
Subject: [PATCH 01/20] [TASK] Extend request bundle model

---
 Classes/Backend/ConfirmationFactory.php |  9 ++++
 Classes/Backend/RequestMetaData.php     | 60 +++++++++++++++++++++++++
 2 files changed, 69 insertions(+)

diff --git a/Classes/Backend/ConfirmationFactory.php b/Classes/Backend/ConfirmationFactory.php
index 4478873..eedc1f7 100644
--- a/Classes/Backend/ConfirmationFactory.php
+++ b/Classes/Backend/ConfirmationFactory.php
@@ -100,9 +100,18 @@ public function createRequestFromArray(array $data): ConfirmationRequest
     public function createRequestMetaDataFromArray(array $data): RequestMetaData
     {
         $target = GeneralUtility::makeInstance(RequestMetaData::class);
+        if (isset($data['scope'])) {
+            $target = $target->withScope($data['scope']);
+        }
         if (isset($data['returnUrl'])) {
             $target = $target->withReturnUrl($data['returnUrl']);
         }
+        if (isset($data['eventName'])) {
+            $target = $target->withEventName($data['eventName']);
+        }
+        if (isset($data['jsonData'])) {
+            $target = $target->withJsonData($data['jsonData']);
+        }
         return $target;
     }
 }
diff --git a/Classes/Backend/RequestMetaData.php b/Classes/Backend/RequestMetaData.php
index c058253..f2930e0 100644
--- a/Classes/Backend/RequestMetaData.php
+++ b/Classes/Backend/RequestMetaData.php
@@ -17,16 +17,38 @@
 
 class RequestMetaData implements \JsonSerializable
 {
+    /**
+     * @var string|null
+     */
+    protected $scope;
+
     /**
      * @var string|null
      */
     protected $returnUrl;
 
+    /**
+     * @var string|null
+     */
+    protected $eventName;
+
+    /**
+     * @var array|null
+     */
+    protected $jsonData;
+
     public function jsonSerialize(): array
     {
         return get_object_vars($this);
     }
 
+    public function withScope(string $scope): self
+    {
+        $target = clone $this;
+        $target->scope = $scope;
+        return $target;
+    }
+
     public function withReturnUrl(string $returnUrl): self
     {
         $target = clone $this;
@@ -34,6 +56,28 @@ public function withReturnUrl(string $returnUrl): self
         return $target;
     }
 
+    public function withEventName(string $eventName): self
+    {
+        $target = clone $this;
+        $target->eventName = $eventName;
+        return $target;
+    }
+
+    public function withJsonData(array $jsonData): self
+    {
+        $target = clone $this;
+        $target->jsonData = $jsonData;
+        return $target;
+    }
+
+    /**
+     * @return string|null
+     */
+    public function getScope(): ?string
+    {
+        return $this->scope;
+    }
+
     /**
      * @return string|null
      */
@@ -41,4 +85,20 @@ public function getReturnUrl(): ?string
     {
         return $this->returnUrl;
     }
+
+    /**
+     * @return string|null
+     */
+    public function getEventName(): ?string
+    {
+        return $this->eventName;
+    }
+
+    /**
+     * @return array|null
+     */
+    public function getJsonData(): ?array
+    {
+        return $this->jsonData;
+    }
 }

From c3a8b6cc18bcf0b99f5135be6df639ba91769e75 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Fri, 4 Sep 2020 11:54:12 +0200
Subject: [PATCH 02/20] [TASK] Add (internal) option to purge bundles

---
 Classes/Backend/ConfirmationHandler.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/Classes/Backend/ConfirmationHandler.php b/Classes/Backend/ConfirmationHandler.php
index 2ce8bee..098c8dd 100644
--- a/Classes/Backend/ConfirmationHandler.php
+++ b/Classes/Backend/ConfirmationHandler.php
@@ -52,6 +52,11 @@ class ConfirmationHandler implements LoggerAwareInterface
      */
     protected $currentTimestamp;
 
+    /**
+     * @var bool
+     */
+    private $immediatePurge = false;
+
     public function __construct(ConfirmationFactory $factory = null, Behavior $behavior = null)
     {
         $this->factory = $factory ?? GeneralUtility::makeInstance(ConfirmationFactory::class);
@@ -159,7 +164,7 @@ protected function purgeSubjects(AbstractUserAuthentication $user, array $sessio
                 continue;
             }
             foreach ($sessionData[$type] as $key => $item) {
-                if (is_int($item) && $item >= $this->currentTimestamp) {
+                if (!$this->immediatePurge && is_int($item) && $item >= $this->currentTimestamp) {
                     continue;
                 }
                 unset($sessionData[$type][$key]);
@@ -174,7 +179,7 @@ protected function purgeBundles(AbstractUserAuthentication $user, array $session
         $purged = false;
         foreach ($sessionData as $key => $item) {
             $expirationTimestamp = $item['expiration'] ?? 0;
-            if ($expirationTimestamp >= $this->currentTimestamp) {
+            if (!$this->immediatePurge && $expirationTimestamp >= $this->currentTimestamp) {
                 continue;
             }
             $data = json_decode($item['bundle'] ?? '', true);

From 0b46f9cc79fecb939643997c9ba9a1ef1836e4c9 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Fri, 4 Sep 2020 11:56:11 +0200
Subject: [PATCH 03/20] [TASK] Split into HTML and JSON route handlers

---
 Classes/Backend/RouteManager.php              |  8 +--
 ...teHandler.php => CoreHtmlRouteHandler.php} | 16 ++----
 Classes/Scope/CoreJsonRouteHandler.php        | 54 +++++++++++++++++++
 Classes/Scope/RouteHandlerTrait.php           | 31 +++++++++++
 4 files changed, 95 insertions(+), 14 deletions(-)
 rename Classes/Scope/{CoreRouteHandler.php => CoreHtmlRouteHandler.php} (90%)
 create mode 100644 Classes/Scope/CoreJsonRouteHandler.php
 create mode 100644 Classes/Scope/RouteHandlerTrait.php

diff --git a/Classes/Backend/RouteManager.php b/Classes/Backend/RouteManager.php
index 5bb6936..970e744 100644
--- a/Classes/Backend/RouteManager.php
+++ b/Classes/Backend/RouteManager.php
@@ -15,7 +15,8 @@
  * The TYPO3 project - inspiring people to share!
  */
 
-use FriendsOfTYPO3\SudoMode\Scope\CoreRouteHandler;
+use FriendsOfTYPO3\SudoMode\Scope\CoreHtmlRouteHandler;
+use FriendsOfTYPO3\SudoMode\Scope\CoreJsonRouteHandler;
 use Psr\Http\Message\ServerRequestInterface;
 use TYPO3\CMS\Backend\Routing\Route;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
@@ -24,10 +25,11 @@ class RouteManager
 {
     /**
      * @var RouteHandlerInterface[]
-    // @todo Add possibility to register 3rd party handlers
+     * @todo Add possibility to register 3rd party handlers
      */
     protected $handlerClassNames = [
-        CoreRouteHandler::class,
+        CoreHtmlRouteHandler::class,
+        CoreJsonRouteHandler::class,
     ];
 
     /**
diff --git a/Classes/Scope/CoreRouteHandler.php b/Classes/Scope/CoreHtmlRouteHandler.php
similarity index 90%
rename from Classes/Scope/CoreRouteHandler.php
rename to Classes/Scope/CoreHtmlRouteHandler.php
index d1e8882..fd1c74e 100644
--- a/Classes/Scope/CoreRouteHandler.php
+++ b/Classes/Scope/CoreHtmlRouteHandler.php
@@ -22,12 +22,9 @@
 use TYPO3\CMS\Backend\Routing\UriBuilder;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 
-class CoreRouteHandler implements RouteHandlerInterface
+class CoreHtmlRouteHandler implements RouteHandlerInterface
 {
-    /**
-     * @var \Closure[]
-     */
-    protected $handlers;
+    use RouteHandlerTrait;
 
     public function __construct()
     {
@@ -71,11 +68,8 @@ public function resolveMetaData(ServerRequestInterface $request, Route $route):
     {
         $routePath = $this->normalizeRoutePath($route);
         $returnUrl = $this->handlers[$routePath]($route, $request);
-        return (new RequestMetaData())->withReturnUrl($returnUrl);
-    }
-
-    protected function normalizeRoutePath(Route $route): string
-    {
-        return rtrim($route->getPath(), '/');
+        return (new RequestMetaData())
+            ->withScope('html')
+            ->withReturnUrl($returnUrl);
     }
 }
diff --git a/Classes/Scope/CoreJsonRouteHandler.php b/Classes/Scope/CoreJsonRouteHandler.php
new file mode 100644
index 0000000..bc4b890
--- /dev/null
+++ b/Classes/Scope/CoreJsonRouteHandler.php
@@ -0,0 +1,54 @@
+<?php
+declare(strict_types = 1);
+namespace FriendsOfTYPO3\SudoMode\Scope;
+
+/*
+ * This file is part of the TYPO3 CMS project.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+use FriendsOfTYPO3\SudoMode\Backend\RouteHandlerInterface;
+use FriendsOfTYPO3\SudoMode\Backend\RequestMetaData;
+use Psr\Http\Message\ServerRequestInterface;
+use TYPO3\CMS\Backend\Routing\Route;
+
+class CoreJsonRouteHandler implements RouteHandlerInterface
+{
+    use RouteHandlerTrait;
+
+    public function __construct()
+    {
+        // TYPO3 v10
+        $this->handlers = [
+            '/ajax/record/process' => function(Route $route, ServerRequestInterface $request, RequestMetaData $metaData): RequestMetaData {
+                return $metaData
+                    ->withEventName('sudo-mode:confirmation-request')
+                    ->withJsonData([]);
+            },
+        ];
+
+        // TYPO3 v9
+        // $this->handlers['/user/setup'] = $this->handlers['/module/user/setup'];
+    }
+
+    public function canHandle(ServerRequestInterface $request, Route $route): bool
+    {
+        $routePath = $this->normalizeRoutePath($route);
+        return in_array($routePath, array_keys($this->handlers), true);
+    }
+
+    public function resolveMetaData(ServerRequestInterface $request, Route $route): RequestMetaData
+    {
+        $routePath = $this->normalizeRoutePath($route);
+        $metaData = (new RequestMetaData())->withScope('json');
+        return $this->handlers[$routePath]($route, $request, $metaData);
+    }
+}
diff --git a/Classes/Scope/RouteHandlerTrait.php b/Classes/Scope/RouteHandlerTrait.php
new file mode 100644
index 0000000..7dc8497
--- /dev/null
+++ b/Classes/Scope/RouteHandlerTrait.php
@@ -0,0 +1,31 @@
+<?php
+declare(strict_types = 1);
+namespace FriendsOfTYPO3\SudoMode\Scope;
+
+/*
+ * This file is part of the TYPO3 CMS project.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+use TYPO3\CMS\Backend\Routing\Route;
+
+trait RouteHandlerTrait
+{
+    /**
+     * @var \Closure[]
+     */
+    protected $handlers;
+
+    protected function normalizeRoutePath(Route $route): string
+    {
+        return rtrim($route->getPath(), '/');
+    }
+}

From 4df252c00e8e2d4d9b7456672da4519e5683321d Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Fri, 4 Sep 2020 11:59:41 +0200
Subject: [PATCH 04/20] [TASK] Add LanguageService to controller

---
 Classes/Backend/ConfirmationController.php | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/Classes/Backend/ConfirmationController.php b/Classes/Backend/ConfirmationController.php
index 394aa1e..17cead9 100644
--- a/Classes/Backend/ConfirmationController.php
+++ b/Classes/Backend/ConfirmationController.php
@@ -28,6 +28,7 @@
 use TYPO3\CMS\Core\Http\HtmlResponse;
 use TYPO3\CMS\Core\Http\JsonResponse;
 use TYPO3\CMS\Core\Http\RedirectResponse;
+use TYPO3\CMS\Core\Localization\LanguageService;
 use TYPO3\CMS\Core\Utility\ExtensionManagementUtility;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Extbase\Mvc\View\ViewInterface;
@@ -43,6 +44,8 @@ class ConfirmationController implements LoggerAwareInterface
     use LoggerAwareTrait;
     use LoggerAccessorTrait;
 
+    private const LANGUAGE_PREFIX = 'LLL:EXT:sudo_mode/Resources/Private/Language/locallang.xlf';
+
     protected const FLAG_INVALID_PASSWORD = 1;
 
     /**
@@ -60,10 +63,21 @@ class ConfirmationController implements LoggerAwareInterface
      */
     protected $uriBuilder;
 
-    public function __construct(ConfirmationHandler $handler = null, BackendUserAuthentication $user = null, UriBuilder $uriBuilder = null)
+    /**
+     * @var LanguageService
+     */
+    protected $languageService;
+
+    public function __construct(
+        ConfirmationHandler $handler = null,
+        BackendUserAuthentication $user = null,
+        UriBuilder $uriBuilder = null,
+        LanguageService $languageService = null
+    )
     {
         $this->handler = $handler ?? GeneralUtility::makeInstance(ConfirmationHandler::class);
         $this->uriBuilder = $uriBuilder ?? GeneralUtility::makeInstance(UriBuilder::class);
+        $this->languageService = $languageService ?? GeneralUtility::makeInstance(LanguageService::class);
         $this->user = $user ?? $GLOBALS['BE_USER'];
     }
 
@@ -281,5 +295,9 @@ protected function getAuthServices(string $subType, array $loginData, array $aut
     protected function isJsonRequest(ServerRequestInterface $request): bool
     {
         return strpos($request->getHeaderLine('content-type'), 'application/json') === 0;
+
+    private function resolveLabel(string $identifier): string
+    {
+        return $this->languageService->sL(self::LANGUAGE_PREFIX . ':' . $identifier);
     }
 }

From 93d72fd5380ac6b16fc876ba326d33ec7f06349b Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Fri, 4 Sep 2020 12:00:38 +0200
Subject: [PATCH 05/20] [TASK] Clean up code

---
 Classes/Backend/ConfirmationController.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Classes/Backend/ConfirmationController.php b/Classes/Backend/ConfirmationController.php
index 17cead9..eb24cc3 100644
--- a/Classes/Backend/ConfirmationController.php
+++ b/Classes/Backend/ConfirmationController.php
@@ -170,7 +170,9 @@ protected function cancelAction(ServerRequestInterface $request, ConfirmationBun
     protected function errorAction(ServerRequestInterface $request): ResponseInterface
     {
         $view = $this->createView('Error');
-        $view->assign('returnUrl', $request->getQueryParams()['returnUrl'] ?? '');
+        $view->assignMultiple([
+            'returnUrl' => $request->getQueryParams()['returnUrl'] ?? '',
+        ]);
         return new HtmlResponse($view->render());
     }
 

From 3a9424fdc183e8828465b3eafcef0e5ca0809bc2 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Fri, 4 Sep 2020 12:01:39 +0200
Subject: [PATCH 06/20] [TASK] Consider JSON scope in URL generation

---
 Classes/Backend/ConfirmationController.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/Classes/Backend/ConfirmationController.php b/Classes/Backend/ConfirmationController.php
index eb24cc3..e99c36c 100644
--- a/Classes/Backend/ConfirmationController.php
+++ b/Classes/Backend/ConfirmationController.php
@@ -180,18 +180,20 @@ public function buildActionUriFromBundle(string $actionName, ConfirmationBundle
     {
         return $this->buildActionUri(
             $actionName,
-            $bundle->getRequestMetaData()->getReturnUrl(),
             $bundle->getIdentifier(),
+            $bundle->getRequestMetaData()->getReturnUrl(),
+            $bundle->getRequestMetaData()->getScope(),
             $flags
         );
     }
 
-    protected function buildActionUri(string $actionName, string $returnUrl, string $bundleIdentifier, int $flags = null): UriInterface
+    protected function buildActionUri(string $actionName, string $bundleIdentifier, string $returnUrl = null, string $scope = null,  int $flags = null): UriInterface
     {
         $parameters = [
             'action' => $actionName,
-            'returnUrl' => $returnUrl,
             'bundle' => $bundleIdentifier,
+            'returnUrl' => $returnUrl,
+            'scope' => $scope,
             'flags' => $flags,
         ];
         $parameters['hmac'] = $this->signParameters($parameters);
@@ -211,7 +213,7 @@ protected function resolveUriParameters(ServerRequestInterface $request): array
 
     protected function filterParameters(array $parameters): array
     {
-        return array_intersect_key($parameters, array_flip(['action', 'returnUrl', 'bundle', 'flags', 'hmac']));
+        return array_intersect_key($parameters, array_flip(['action', 'bundle', 'returnUrl', 'scope', 'flags', 'hmac']));
     }
 
     protected function signParameters(array $parameters): string

From 2bf33245717ad9ed62b0fd574df5d2d6acd99e17 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Fri, 4 Sep 2020 12:05:32 +0200
Subject: [PATCH 07/20] [TASK] Prepare views for HTML and JSON scopes

---
 Classes/Backend/ConfirmationController.php    | 34 ++++++----
 Resources/Private/Layouts/Backend/Module.html | 18 +++++-
 Resources/Private/Layouts/Backend/None.html   |  8 +++
 .../Backend/InvalidPasswordMessageBlock.html  | 11 ++++
 .../Partials/Backend/PasswordInputBlock.html  | 19 ++++++
 .../Private/Templates/Backend/Error.html      | 38 +++++------
 .../Private/Templates/Backend/Request.html    | 64 +++++++------------
 7 files changed, 116 insertions(+), 76 deletions(-)
 create mode 100644 Resources/Private/Layouts/Backend/None.html
 create mode 100644 Resources/Private/Partials/Backend/InvalidPasswordMessageBlock.html
 create mode 100644 Resources/Private/Partials/Backend/PasswordInputBlock.html

diff --git a/Classes/Backend/ConfirmationController.php b/Classes/Backend/ConfirmationController.php
index e99c36c..4b834f1 100644
--- a/Classes/Backend/ConfirmationController.php
+++ b/Classes/Backend/ConfirmationController.php
@@ -104,18 +104,22 @@ public function mainAction(ServerRequestInterface $request): ResponseInterface
 
     protected function requestAction(ServerRequestInterface $request, ConfirmationBundle $bundle): ResponseInterface
     {
+        $isJsonRequest = $this->isJsonRequest($request);
         $flags = (int)($request->getQueryParams()['flags'] ?? 0);
 
-        if (!$this->isJsonRequest($request)) {
-            $view = $this->createView('Request');
-            $view->assignMultiple([
-                'bundle' => $bundle,
-                'verifyUri' => (string)$this->buildActionUriFromBundle('verify', $bundle),
-                'flagInvalidPassword' => $flags & self::FLAG_INVALID_PASSWORD,
-            ]);
-            if (!empty($bundle->getRequestMetaData()->getReturnUrl())) {
-                $view->assign('cancelUri', (string)$this->buildActionUriFromBundle('cancel', $bundle));
-            }
+        $view = $this->createView('Request');
+        $view->assignMultiple([
+            'bundle' => $bundle,
+            'verifyUri' => (string)$this->buildActionUriFromBundle('verify', $bundle),
+            'flagInvalidPassword' => $flags & self::FLAG_INVALID_PASSWORD,
+            'layout' => $isJsonRequest ? 'None' : 'Module',
+            'isJsonRequest' => $isJsonRequest,
+        ]);
+        if (!empty($bundle->getRequestMetaData()->getReturnUrl())) {
+            $view->assign('cancelUri', (string)$this->buildActionUriFromBundle('cancel', $bundle));
+        }
+
+        if (!$isJsonRequest) {
             $this->applyAdditionalJavaScriptModules();
             return new HtmlResponse($view->render());
         }
@@ -298,7 +302,15 @@ protected function getAuthServices(string $subType, array $loginData, array $aut
 
     protected function isJsonRequest(ServerRequestInterface $request): bool
     {
-        return strpos($request->getHeaderLine('content-type'), 'application/json') === 0;
+        return strpos($request->getHeaderLine('content-type'), 'application/json') === 0
+            || ($request->getQueryParams()['scope'] ?? null) === 'json';
+    }
+
+    protected function reduceSpaces(string $value): string
+    {
+        $value = preg_replace('#\s{2,}#', ' ', $value);
+        return trim($value);
+    }
 
     private function resolveLabel(string $identifier): string
     {
diff --git a/Resources/Private/Layouts/Backend/Module.html b/Resources/Private/Layouts/Backend/Module.html
index 40bca53..c56bc84 100644
--- a/Resources/Private/Layouts/Backend/Module.html
+++ b/Resources/Private/Layouts/Backend/Module.html
@@ -5,7 +5,23 @@
 
 	<be:moduleLayout>
 		<f:render section="Buttons" />
-		<f:render section="Content" />
+
+		<div class="modal-backdrop in"></div>
+		<div class="modal modal-severity-warning modal-size-small" tabindex="-1" role="dialog" style="display: block;">
+			<div class="modal-dialog" role="document">
+				<div class="modal-content">
+					<div class="modal-header">
+						<f:render section="ModalHeader" />
+					</div>
+					<div class="modal-body">
+						<f:render section="ModalBody" />
+					</div>
+					<div class="modal-footer">
+						<f:render section="ModalFooter" />
+					</div>
+				</div>
+			</div>
+		</div>
 	</be:moduleLayout>
 
 </html>
diff --git a/Resources/Private/Layouts/Backend/None.html b/Resources/Private/Layouts/Backend/None.html
new file mode 100644
index 0000000..15c3167
--- /dev/null
+++ b/Resources/Private/Layouts/Backend/None.html
@@ -0,0 +1,8 @@
+<html
+    xmlns:f="http://typo3.org/ns/TYPO3/CMS/Fluid/ViewHelpers"
+    xmlns:be="http://typo3.org/ns/TYPO3/CMS/Backend/ViewHelpers"
+    data-namespace-typo3-fluid="true">
+
+	<f:render section="ModalBody" />
+
+</html>
diff --git a/Resources/Private/Partials/Backend/InvalidPasswordMessageBlock.html b/Resources/Private/Partials/Backend/InvalidPasswordMessageBlock.html
new file mode 100644
index 0000000..501ec53
--- /dev/null
+++ b/Resources/Private/Partials/Backend/InvalidPasswordMessageBlock.html
@@ -0,0 +1,11 @@
+<html
+        xmlns:f="http://typo3.org/ns/TYPO3/CMS/Fluid/ViewHelpers"
+        xmlns:core="http://typo3.org/ns/TYPO3/CMS/Core/ViewHelpers"
+        xmlns:be="http://typo3.org/ns/TYPO3/CMS/Backend/ViewHelpers"
+        data-namespace-typo3-fluid="true">
+
+    <div class="alert alert-danger" id="invalid-sudo">
+        <f:translate key="LLL:EXT:sudo_mode/Resources/Private/Language/locallang.xlf:sudoPasswordInvalid" />
+    </div>
+
+</html>
diff --git a/Resources/Private/Partials/Backend/PasswordInputBlock.html b/Resources/Private/Partials/Backend/PasswordInputBlock.html
new file mode 100644
index 0000000..edf80a1
--- /dev/null
+++ b/Resources/Private/Partials/Backend/PasswordInputBlock.html
@@ -0,0 +1,19 @@
+<html
+        xmlns:f="http://typo3.org/ns/TYPO3/CMS/Fluid/ViewHelpers"
+        xmlns:core="http://typo3.org/ns/TYPO3/CMS/Core/ViewHelpers"
+        xmlns:be="http://typo3.org/ns/TYPO3/CMS/Backend/ViewHelpers"
+        data-namespace-typo3-fluid="true">
+
+    <f:form id="confirm-sudo" class="form" method="post" actionUri="{verifyUri}" absolute="true">
+        <div class="form-group">
+            <div class="form-control-holder">
+                <f:form.password name="confirmationPassword" class="form-control" placeholder="Password"
+                                 data="{rsa-encryption: 'confirmationPasswordInternal'}"
+                                 additionalAttributes="{required: 'required'}" />
+                <!-- Internal password field, e.g. used for ext:rsaauth -->
+                <f:form.hidden name="confirmationPasswordInternal" id="confirmationPasswordInternal" />
+            </div>
+        </div>
+    </f:form>
+
+</html>
diff --git a/Resources/Private/Templates/Backend/Error.html b/Resources/Private/Templates/Backend/Error.html
index fe9c7d4..3f1ec26 100644
--- a/Resources/Private/Templates/Backend/Error.html
+++ b/Resources/Private/Templates/Backend/Error.html
@@ -4,34 +4,26 @@
     xmlns:be="http://typo3.org/ns/TYPO3/CMS/Backend/ViewHelpers"
     data-namespace-typo3-fluid="true">
 
-    <f:layout name="Module" />
+    <f:layout name="{layout}" />
 
     <f:section name="Buttons" />
 
-    <f:section name="Content">
-        <div class="modal-backdrop in"></div>
+    <f:section name="ModalHeader">
+        <h4 class="modal-title">
+            <f:translate key="LLL:EXT:sudo_mode/Resources/Private/Language/locallang.xlf:sudoPasswordConfirm" />
+        </h4>
+    </f:section>
 
-        <div class="modal modal-severity-warning modal-size-small" tabindex="-1" role="dialog" style="display: block;">
-            <div class="modal-dialog" role="document">
-                <div class="modal-content">
-                    <div class="modal-header">
-                        <h4 class="modal-title">
-                            <f:translate key="LLL:EXT:sudo_mode/Resources/Private/Language/locallang.xlf:sudoPasswordConfirm" />
-                        </h4>
-                    </div>
-                    <div class="modal-body">
-                        <div class="alert alert-warning">
-                            <f:translate key="LLL:EXT:sudo_mode/Resources/Private/Language/locallang.xlf:confirmationExpired" />
-                        </div>
-                    </div>
-                    <div class="modal-footer">
-                        <a href="{returnUrl}" class="btn btn-default" role="button">
-                            <f:translate key="LLL:EXT:sudo_mode/Resources/Private/Language/locallang.xlf:cancel" />
-                        </a>
-                    </div>
-                </div>
-            </div>
+    <f:section name="ModalBody">
+        <div class="alert alert-warning">
+            <f:translate key="LLL:EXT:sudo_mode/Resources/Private/Language/locallang.xlf:confirmationExpired" />
         </div>
     </f:section>
 
+    <f:section name="ModalFooter">
+        <a href="{returnUrl}" class="btn btn-default" role="button">
+            <f:translate key="LLL:EXT:sudo_mode/Resources/Private/Language/locallang.xlf:cancel" />
+        </a>
+    </f:section>
+
 </html>
diff --git a/Resources/Private/Templates/Backend/Request.html b/Resources/Private/Templates/Backend/Request.html
index 841b874..cd3a88e 100644
--- a/Resources/Private/Templates/Backend/Request.html
+++ b/Resources/Private/Templates/Backend/Request.html
@@ -4,53 +4,35 @@
     xmlns:be="http://typo3.org/ns/TYPO3/CMS/Backend/ViewHelpers"
     data-namespace-typo3-fluid="true">
 
-    <f:layout name="Module" />
+    <f:layout name="{layout}" />
 
     <f:section name="Buttons" />
 
-    <f:section name="Content">
-        <div class="modal-backdrop in"></div>
-
-        <div class="modal modal-severity-warning modal-size-small" tabindex="-1" role="dialog" style="display: block;">
-            <div class="modal-dialog" role="document">
-                <div class="modal-content">
-                    <div class="modal-header">
-                        <h4 class="modal-title">
-                            <f:translate key="LLL:EXT:sudo_mode/Resources/Private/Language/locallang.xlf:sudoPasswordConfirm" />
-                        </h4>
-                    </div>
-                    <div class="modal-body">
-                        <f:if condition="{flagInvalidPassword}">
-                            <div class="alert alert-danger">
-                                <f:translate key="LLL:EXT:sudo_mode/Resources/Private/Language/locallang.xlf:sudoPasswordInvalid" />
-                            </div>
-                        </f:if>
+    <f:section name="ModalHeader">
+        <h4 class="modal-title">
+            <f:translate key="LLL:EXT:sudo_mode/Resources/Private/Language/locallang.xlf:sudoPasswordConfirm" />
+        </h4>
+    </f:section>
 
-                        <f:form id="confirm-sudo" class="form" method="post" actionUri="{verifyUri}">
-                            <div class="form-group">
-                                <div class="form-control-holder">
-                                    <f:form.password name="confirmationPassword" class="form-control" placeholder="Password"
-                                                     additionalAttributes="{data-rsa-encryption: 'confirmationPasswordInternal'}" />
-                                    <!-- Internal password field, e.g. used for ext:rsaauth -->
-                                    <f:form.hidden name="confirmationPasswordInternal" id="confirmationPasswordInternal" />
-                                </div>
-                            </div>
-                        </f:form>
-                    </div>
-                    <div class="modal-footer">
-                        <f:if condition="{cancelUri}">
-                            <a href="{cancelUri}" class="btn btn-default" role="button">
-                                <f:translate key="LLL:EXT:sudo_mode/Resources/Private/Language/locallang.xlf:cancel" />
-                            </a>
-                        </f:if>
-                        <button type="submit" form="confirm-sudo" class="btn btn-warning" role="button">
-                            <f:translate key="LLL:EXT:sudo_mode/Resources/Private/Language/locallang.xlf:confirm" />
-                        </button>
-                    </div>
-                </div>
-            </div>
+    <f:section name="ModalBody">
+        <div>
+            <f:if condition="{flagInvalidPassword} || {isJsonRequest}">
+                <f:render partial="InvalidPasswordMessageBlock" arguments="{_all}" />
+            </f:if>
+            <f:render partial="PasswordInputBlock" arguments="{_all}" />
         </div>
     </f:section>
 
+    <f:section name="ModalFooter">
+        <f:if condition="{cancelUri}">
+            <a href="{cancelUri}" class="btn btn-default" role="button">
+                <f:translate key="LLL:EXT:sudo_mode/Resources/Private/Language/locallang.xlf:cancel" />
+            </a>
+        </f:if>
+        <button type="submit" form="confirm-sudo" class="btn btn-warning" role="button">
+            <f:translate key="LLL:EXT:sudo_mode/Resources/Private/Language/locallang.xlf:confirm" />
+        </button>
+    </f:section>
+
 </html>
 

From 0393393031ddfb3c085441452a335a4ba2f10019 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Fri, 4 Sep 2020 12:06:13 +0200
Subject: [PATCH 08/20] [BUGFIX] Use specific paths in .gitignore

---
 .gitignore | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index 42c24f1..ee4e287 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
-composer.lock
-public/
-vendor/
+/composer.lock
+/public/
+/vendor/

From 37fcfaa85f9c118e3c74eb95d3e05f3d167a3c73 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Fri, 4 Sep 2020 12:07:32 +0200
Subject: [PATCH 09/20] [BUGFIX] Handle and respond to AJAX requests

---
 Classes/Backend/ConfirmationController.php    |  34 +++--
 Classes/Hook/BackendResourceHook.php          |  32 +++++
 Classes/Middleware/RequestHandlerGuard.php    |  18 ++-
 .../Public/JavaScript/BackendEventListener.js |  27 ++++
 Resources/Public/JavaScript/EventHandler.js   | 126 ++++++++++++++++++
 Resources/Public/JavaScript/opt.js            |  40 ++++++
 ext_localconf.php                             |   2 +
 7 files changed, 269 insertions(+), 10 deletions(-)
 create mode 100644 Classes/Hook/BackendResourceHook.php
 create mode 100644 Resources/Public/JavaScript/BackendEventListener.js
 create mode 100644 Resources/Public/JavaScript/EventHandler.js
 create mode 100644 Resources/Public/JavaScript/opt.js

diff --git a/Classes/Backend/ConfirmationController.php b/Classes/Backend/ConfirmationController.php
index 4b834f1..e7e9291 100644
--- a/Classes/Backend/ConfirmationController.php
+++ b/Classes/Backend/ConfirmationController.php
@@ -124,7 +124,17 @@ protected function requestAction(ServerRequestInterface $request, ConfirmationBu
             return new HtmlResponse($view->render());
         }
         // @todo Add JSON handling
-        return new JsonResponse([], 500);
+        return new JsonResponse([
+            'formId' => 'confirm-sudo',
+            'invalidId' => 'invalid-sudo',
+            'severity' => 1, // warning in Modal/Severity,
+            'title' => $this->resolveLabel('sudoPasswordConfirm'),
+            'content' => $this->reduceSpaces($view->render()),
+            'buttons' => [
+                'cancel' => $this->resolveLabel('cancel'),
+                'confirm' => $this->resolveLabel('confirm'),
+            ],
+        ], 200);
     }
 
     /**
@@ -138,24 +148,30 @@ protected function applyAdditionalJavaScriptModules(): void
     protected function verifyAction(ServerRequestInterface $request, ConfirmationBundle $bundle): ResponseInterface
     {
         $parsedBody = $request->getParsedBody();
+        $isJsonRequest = $this->isJsonRequest($request);
         $confirmationPassword = empty($parsedBody['confirmationPasswordInternal'])
             ? (string)($parsedBody['confirmationPassword'] ?? '') // default field
             : $parsedBody['confirmationPasswordInternal']; // filled e.g. by `ext:rsaauth`
         $loggerContext = $this->createLoggerContext($bundle, $this->user);
 
-        if (!$this->isJsonRequest($request)) {
-            if ($this->isValidPassword($confirmationPassword)) {
-                $this->handler->grantSubjects($bundle, $this->user);
-                $this->logger->info('Password verification succeeded', $loggerContext);
+        if ($this->isValidPassword($confirmationPassword)) {
+            $this->handler->grantSubjects($bundle, $this->user);
+            $this->logger->info('Password verification succeeded', $loggerContext);
+            if (!$isJsonRequest) {
                 throw new ServerRequestInstructionException($bundle->getRequestInstruction());
+            } else {
+                return new JsonResponse(['status' => true], 200);
             }
+        }
 
-            $this->logger->warning('Password verification failed', $loggerContext);
-            $uri = $this->buildActionUriFromBundle('request', $bundle, self::FLAG_INVALID_PASSWORD);
+        $this->logger->warning('Password verification failed', $loggerContext);
+        $uri = $this->buildActionUriFromBundle('request', $bundle, self::FLAG_INVALID_PASSWORD);
+
+        if (!$isJsonRequest) {
             return new RedirectResponse($uri, 401);
+        } else {
+            return new JsonResponse(['status' => false], 401);
         }
-        // @todo Add JSON handling
-        return new JsonResponse([], 500);
     }
 
     protected function cancelAction(ServerRequestInterface $request, ConfirmationBundle $bundle): ResponseInterface
diff --git a/Classes/Hook/BackendResourceHook.php b/Classes/Hook/BackendResourceHook.php
new file mode 100644
index 0000000..0d82f01
--- /dev/null
+++ b/Classes/Hook/BackendResourceHook.php
@@ -0,0 +1,32 @@
+<?php
+declare(strict_types = 1);
+namespace FriendsOfTYPO3\SudoMode\Hook;
+
+/*
+ * This file is part of the TYPO3 CMS project.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+use TYPO3\CMS\Backend\Controller\BackendController;
+use TYPO3\CMS\Core\Page\PageRenderer;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+
+/**
+ * Hook triggers loading resources (JavaScript, Stylesheets) in backend context.
+ */
+class BackendResourceHook
+{
+    public function applyResources(array $parameters, BackendController $backendController)
+    {
+        $pageRenderer = GeneralUtility::makeInstance(PageRenderer::class);
+        $pageRenderer->loadRequireJsModule('TYPO3/CMS/SudoMode/BackendEventListener');
+    }
+}
diff --git a/Classes/Middleware/RequestHandlerGuard.php b/Classes/Middleware/RequestHandlerGuard.php
index 8c40f7d..7ff1cfb 100644
--- a/Classes/Middleware/RequestHandlerGuard.php
+++ b/Classes/Middleware/RequestHandlerGuard.php
@@ -34,6 +34,7 @@
 use TYPO3\CMS\Backend\Routing\Router;
 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
 use TYPO3\CMS\Core\Context\Context;
+use TYPO3\CMS\Core\Http\JsonResponse;
 use TYPO3\CMS\Core\Http\RedirectResponse;
 use TYPO3\CMS\Core\Http\ServerRequestFactory;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
@@ -99,7 +100,22 @@ protected function processBundle(ConfirmationBundle $bundle): ResponseInterface
             ->commitConfirmationBundle($bundle, $this->getBackendUser());
         $uri = GeneralUtility::makeInstance(ConfirmationController::class)
             ->buildActionUriFromBundle('request', $bundle);
-        return GeneralUtility::makeInstance(RedirectResponse::class, $uri, 401);
+
+        if ($bundle->getRequestMetaData()->getScope() === 'json') {
+            $eventName = $bundle->getRequestMetaData()->getEventName();
+            $eventData = $bundle->getRequestMetaData()->getJsonData();
+            return GeneralUtility::makeInstance(
+                JsonResponse::class,
+                [
+                    'uri' => (string)$uri,
+                    'data' => $eventData,
+                ],
+                403,
+                $eventName ? ['X-TYPO3-EmitEvent' => $eventName] : []
+            );
+        } else {
+            return GeneralUtility::makeInstance(RedirectResponse::class, $uri, 401);
+        }
     }
 
     protected function resolveRoute(ServerRequestInterface $request): ?Route
diff --git a/Resources/Public/JavaScript/BackendEventListener.js b/Resources/Public/JavaScript/BackendEventListener.js
new file mode 100644
index 0000000..8625963
--- /dev/null
+++ b/Resources/Public/JavaScript/BackendEventListener.js
@@ -0,0 +1,27 @@
+/**
+ * @module TYPO3/CMS/SudoMode/BackendEventListener
+ */
+define(
+    ['require', 'exports', 'TYPO3/CMS/SudoMode/EventHandler'],
+    function (require, exports, EventHandler) {
+        'use strict';
+
+        function handle(evt) {
+            let action = resolveAction(evt);
+            new EventHandler(action, evt.detail.payload).handle();
+        }
+
+        function resolveAction(evt) {
+            switch (evt.type) {
+                case 'typo3:ajax-data-handler:toggle-process-failed':
+                    return 'toggle';
+                case 'typo3:ajax-data-handler:delete-process-failed':
+                    return 'delete';
+                default:
+                    throw new RangeError('Unexpected event type "' + evt.type + '"');
+            }
+        }
+
+        document.addEventListener('typo3:ajax-data-handler:toggle-process-failed', handle);
+        document.addEventListener('typo3:ajax-data-handler:delete-process-failed', handle);
+    });
diff --git a/Resources/Public/JavaScript/EventHandler.js b/Resources/Public/JavaScript/EventHandler.js
new file mode 100644
index 0000000..6edbc4b
--- /dev/null
+++ b/Resources/Public/JavaScript/EventHandler.js
@@ -0,0 +1,126 @@
+/**
+ * @module TYPO3/CMS/SudoMode/BackendEventListener
+ */
+define(
+    [
+            'require',
+            'exports',
+            'jquery',
+            'TYPO3/CMS/Backend/Modal',
+            'TYPO3/CMS/Backend/Severity',
+            // opt(ional) modules using loader plugin
+            'TYPO3/CMS/SudoMode/opt!TYPO3/CMS/Backend/BroadcastService',
+            'TYPO3/CMS/SudoMode/opt!TYPO3/CMS/Backend/BroadcastMessage',
+    ],
+    function (require, exports, $, Modal, Severity, broadcastService, BroadcastMessageModule) {
+        'use strict';
+
+        if (!broadcastService || !BroadcastMessageModule) {
+            console.info('BroadcastService or BroadcastMessage not found, which is fine in TYPO3 v9');
+        }
+
+        function EventHandler(action, message) {
+            this.action = action;
+            this.message = message;
+            this.response = message.response;
+            this.processToken = message.processToken;
+        }
+
+        EventHandler.prototype.handle = function() {
+            if (!this.isRelevant()) {
+                return;
+            }
+            this.requestAction();
+        }
+
+        EventHandler.prototype.showModal = function(instruction) {
+            const that = this;
+            let $content = $(instruction.content);
+            let $form = $content.find('#' + instruction.formId)
+                .on('submit', function(evt) {
+                    evt.preventDefault();
+                    that.verifyAction($form, $invalid);
+                });
+            let $invalid = $content.find('#' + instruction.invalidId)
+                .hide();
+
+            const modal = Modal.advanced({
+                type: Modal.types.default,
+                title: instruction.title,
+                content: $content,
+                severity: instruction.severity,
+                buttons: [
+                    {
+                        btnClass: 'btn-default',
+                        text: instruction.buttons.cancel,
+                        trigger: function(evt) {
+                            Modal.currentModal.trigger('modal-dismiss');
+                            // @todo cancel bundle
+                            // -> callback to server
+                            // -> cancelUri
+                        }
+                    },
+                    {
+                        btnClass: 'btn-warning',
+                        text: instruction.buttons.confirm,
+                        trigger: function(evt) {
+                            $form.submit();
+                        }
+                    },
+                ],
+            });
+        }
+
+        EventHandler.prototype.isRelevant = function() {
+            return this.response.headers
+                && this.response.headers.get('x-typo3-emitevent') === 'sudo-mode:confirmation-request';
+        }
+
+        EventHandler.prototype.requestAction = function() {
+            const that = this;
+            $.ajax({
+                method: 'GET',
+                dataType: 'json',
+                url: this.response.body.uri
+            }).done(function(response) {
+                that.showModal(response);
+            });
+        }
+
+        EventHandler.prototype.verifyAction = function($form, $invalid) {
+            const that = this;
+            let submitUri = $form.attr('action');
+            let formData = new FormData($form.get(0));
+            $invalid.hide();
+            $.ajax({
+                method: 'POST',
+                url: submitUri,
+                data: formData,
+                processData: false,
+                contentType: false
+            }).done(function(response, status, xhr) {
+                Modal.currentModal.trigger('modal-dismiss');
+                that.broadcast(that.action);
+            }).fail(function(xhr, status, error) {
+                $invalid.show();
+            });
+        }
+
+        EventHandler.prototype.broadcast = function(action) {
+            const instruction = {
+                action,
+                processToken: this.processToken,
+                elementIdentifier: this.message.elementIdentifier
+            };
+            broadcastService.post(
+                // class BroadcastMessage is wrapped in module object
+                new BroadcastMessageModule.BroadcastMessage(
+                    'ajax-data-handler',
+                    'instruction@' + this.processToken,
+                    instruction
+                )
+            );
+        }
+
+        return EventHandler;
+    });
diff --git a/Resources/Public/JavaScript/opt.js b/Resources/Public/JavaScript/opt.js
new file mode 100644
index 0000000..a6c5050
--- /dev/null
+++ b/Resources/Public/JavaScript/opt.js
@@ -0,0 +1,40 @@
+/**
+ * @module TYPO3/CMS/SudoMode/opt
+ */
+define({
+    /**
+     * Implements https://requirejs.org/docs/plugins.html,
+     * initial idea and code from https://stackoverflow.com/a/27422370/2854140
+     *
+     * @param {string} name
+     * @param {require} req
+     * @param {Function} onload
+     */
+    load: function(name, req, onload) {
+        let onLoadSuccess = function(moduleInstance){
+            // Module successfully loaded, call the onload callback so that
+            // requirejs can work its internal magic.
+            onload(moduleInstance);
+        }
+
+        let onLoadFailure = function(err) {
+            // optional module failed to load.
+            var failedId = err.requireModules && err.requireModules[0];
+            // console.warn('Could not load optional module: ' + failedId);
+
+            // Undefine the module to cleanup internal stuff in requireJS
+            requirejs.undef(failedId);
+
+            // If failed, this is the default value (can be anything)
+            define(failedId, [], null);
+
+            // Now require the module make sure that requireJS thinks
+            // that is it loaded. Since we've just defined it, requirejs
+            // will not attempt to download any more script files and
+            // will just call the onLoadSuccess handler immediately
+            req([failedId], onLoadSuccess);
+        }
+
+        req([name], onLoadSuccess, onLoadFailure);
+    }
+});
diff --git a/ext_localconf.php b/ext_localconf.php
index 1bca053..c1d5be6 100644
--- a/ext_localconf.php
+++ b/ext_localconf.php
@@ -3,3 +3,5 @@
 
 $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tcemain.php']['processDatamapClass'][\FriendsOfTYPO3\SudoMode\Hook\DataManipulationHook::class] = \FriendsOfTYPO3\SudoMode\Hook\DataManipulationHook::class;
 $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tcemain.php']['processCmdmapClass'][\FriendsOfTYPO3\SudoMode\Hook\DataManipulationHook::class] = \FriendsOfTYPO3\SudoMode\Hook\DataManipulationHook::class;
+
+$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/backend.php']['renderPreProcess'][\FriendsOfTYPO3\SudoMode\Hook\BackendResourceHook::class] = \FriendsOfTYPO3\SudoMode\Hook\BackendResourceHook::class . '->applyResources';

From 1d0dc2623628f59bc246206d476b15ad18c9aa89 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Fri, 4 Sep 2020 12:09:03 +0200
Subject: [PATCH 10/20] [TASK] Clean up code

---
 Classes/Backend/ConfirmationController.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Classes/Backend/ConfirmationController.php b/Classes/Backend/ConfirmationController.php
index e7e9291..584ffb5 100644
--- a/Classes/Backend/ConfirmationController.php
+++ b/Classes/Backend/ConfirmationController.php
@@ -123,7 +123,6 @@ protected function requestAction(ServerRequestInterface $request, ConfirmationBu
             $this->applyAdditionalJavaScriptModules();
             return new HtmlResponse($view->render());
         }
-        // @todo Add JSON handling
         return new JsonResponse([
             'formId' => 'confirm-sudo',
             'invalidId' => 'invalid-sudo',

From 5fa5963dd9d132727fa1d95e498aa4fc5a75f0d2 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Fri, 4 Sep 2020 12:56:10 +0200
Subject: [PATCH 11/20] [TASK] Clean up code

---
 .../Public/JavaScript/BackendEventListener.js  |  3 ++-
 Resources/Public/JavaScript/EventHandler.js    | 18 ++++++++----------
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/Resources/Public/JavaScript/BackendEventListener.js b/Resources/Public/JavaScript/BackendEventListener.js
index 8625963..41c916b 100644
--- a/Resources/Public/JavaScript/BackendEventListener.js
+++ b/Resources/Public/JavaScript/BackendEventListener.js
@@ -24,4 +24,5 @@ define(
 
         document.addEventListener('typo3:ajax-data-handler:toggle-process-failed', handle);
         document.addEventListener('typo3:ajax-data-handler:delete-process-failed', handle);
-    });
+    }
+);
diff --git a/Resources/Public/JavaScript/EventHandler.js b/Resources/Public/JavaScript/EventHandler.js
index 6edbc4b..7b63e13 100644
--- a/Resources/Public/JavaScript/EventHandler.js
+++ b/Resources/Public/JavaScript/EventHandler.js
@@ -3,16 +3,13 @@
  */
 define(
     [
-            'require',
-            'exports',
-            'jquery',
-            'TYPO3/CMS/Backend/Modal',
-            'TYPO3/CMS/Backend/Severity',
-            // opt(ional) modules using loader plugin
-            'TYPO3/CMS/SudoMode/opt!TYPO3/CMS/Backend/BroadcastService',
-            'TYPO3/CMS/SudoMode/opt!TYPO3/CMS/Backend/BroadcastMessage',
+        'jquery',
+        'TYPO3/CMS/Backend/Modal',
+        // opt(ional) modules using loader plugin
+        'TYPO3/CMS/SudoMode/opt!TYPO3/CMS/Backend/BroadcastService',
+        'TYPO3/CMS/SudoMode/opt!TYPO3/CMS/Backend/BroadcastMessage',
     ],
-    function (require, exports, $, Modal, Severity, broadcastService, BroadcastMessageModule) {
+    function ($, Modal, broadcastService, BroadcastMessageModule) {
         'use strict';
 
         if (!broadcastService || !BroadcastMessageModule) {
@@ -123,4 +120,5 @@ define(
         }
 
         return EventHandler;
-    });
+    }
+);

From 81bed0e75e47cc024822516ab13711ee6c3045bf Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Fri, 4 Sep 2020 12:56:32 +0200
Subject: [PATCH 12/20] [TASK] Allow to cancel confirmation via AJAX

---
 Classes/Backend/ConfirmationController.php  | 25 +++++++++------
 Resources/Public/JavaScript/EventHandler.js | 34 +++++++++++++--------
 2 files changed, 38 insertions(+), 21 deletions(-)

diff --git a/Classes/Backend/ConfirmationController.php b/Classes/Backend/ConfirmationController.php
index 584ffb5..9375421 100644
--- a/Classes/Backend/ConfirmationController.php
+++ b/Classes/Backend/ConfirmationController.php
@@ -107,16 +107,20 @@ protected function requestAction(ServerRequestInterface $request, ConfirmationBu
         $isJsonRequest = $this->isJsonRequest($request);
         $flags = (int)($request->getQueryParams()['flags'] ?? 0);
 
+        $verifyUri = (string)$this->buildActionUriFromBundle('verify', $bundle);
+        $cancelUri = (string)$this->buildActionUriFromBundle('cancel', $bundle);
+
         $view = $this->createView('Request');
         $view->assignMultiple([
             'bundle' => $bundle,
-            'verifyUri' => (string)$this->buildActionUriFromBundle('verify', $bundle),
+            'verifyUri' => $isJsonRequest ? '#' : $verifyUri,
             'flagInvalidPassword' => $flags & self::FLAG_INVALID_PASSWORD,
             'layout' => $isJsonRequest ? 'None' : 'Module',
             'isJsonRequest' => $isJsonRequest,
         ]);
+        // @todo Cannot cancel without knowing where to redirect to afterwards
         if (!empty($bundle->getRequestMetaData()->getReturnUrl())) {
-            $view->assign('cancelUri', (string)$this->buildActionUriFromBundle('cancel', $bundle));
+            $view->assign('cancelUri', $cancelUri);
         }
 
         if (!$isJsonRequest) {
@@ -129,7 +133,11 @@ protected function requestAction(ServerRequestInterface $request, ConfirmationBu
             'severity' => 1, // warning in Modal/Severity,
             'title' => $this->resolveLabel('sudoPasswordConfirm'),
             'content' => $this->reduceSpaces($view->render()),
-            'buttons' => [
+            'uri' => [
+                'verify' => $verifyUri,
+                'cancel' => $cancelUri,
+            ],
+            'button' => [
                 'cancel' => $this->resolveLabel('cancel'),
                 'confirm' => $this->resolveLabel('confirm'),
             ],
@@ -168,22 +176,21 @@ protected function verifyAction(ServerRequestInterface $request, ConfirmationBun
 
         if (!$isJsonRequest) {
             return new RedirectResponse($uri, 401);
-        } else {
-            return new JsonResponse(['status' => false], 401);
         }
+        return new JsonResponse(['status' => false], 401);
     }
 
     protected function cancelAction(ServerRequestInterface $request, ConfirmationBundle $bundle): ResponseInterface
     {
         $loggerContext = $this->createLoggerContext($bundle, $this->user);
 
+        $this->handler->removeConfirmationBundle($bundle, $this->user);
+        $this->logger->notice('Password verification cancelled', $loggerContext);
+
         if (!$this->isJsonRequest($request)) {
-            $this->handler->removeConfirmationBundle($bundle, $this->user);
-            $this->logger->notice('Password verification cancelled', $loggerContext);
             return new RedirectResponse($bundle->getRequestMetaData()->getReturnUrl(), 401);
         }
-        // @todo Add JSON handling
-        return new JsonResponse([], 500);
+        return new JsonResponse(['status' => true], 200);
     }
 
     protected function errorAction(ServerRequestInterface $request): ResponseInterface
diff --git a/Resources/Public/JavaScript/EventHandler.js b/Resources/Public/JavaScript/EventHandler.js
index 7b63e13..b0c0fa2 100644
--- a/Resources/Public/JavaScript/EventHandler.js
+++ b/Resources/Public/JavaScript/EventHandler.js
@@ -21,6 +21,7 @@ define(
             this.message = message;
             this.response = message.response;
             this.processToken = message.processToken;
+            this.modal = null;
         }
 
         EventHandler.prototype.handle = function() {
@@ -36,12 +37,12 @@ define(
             let $form = $content.find('#' + instruction.formId)
                 .on('submit', function(evt) {
                     evt.preventDefault();
-                    that.verifyAction($form, $invalid);
+                    that.verifyAction(instruction, $form, $invalid);
                 });
             let $invalid = $content.find('#' + instruction.invalidId)
                 .hide();
 
-            const modal = Modal.advanced({
+            this.modal = Modal.advanced({
                 type: Modal.types.default,
                 title: instruction.title,
                 content: $content,
@@ -49,17 +50,14 @@ define(
                 buttons: [
                     {
                         btnClass: 'btn-default',
-                        text: instruction.buttons.cancel,
+                        text: instruction.button.cancel,
                         trigger: function(evt) {
-                            Modal.currentModal.trigger('modal-dismiss');
-                            // @todo cancel bundle
-                            // -> callback to server
-                            // -> cancelUri
+                            that.cancelAction(instruction);
                         }
                     },
                     {
                         btnClass: 'btn-warning',
-                        text: instruction.buttons.confirm,
+                        text: instruction.button.confirm,
                         trigger: function(evt) {
                             $form.submit();
                         }
@@ -84,25 +82,37 @@ define(
             });
         }
 
-        EventHandler.prototype.verifyAction = function($form, $invalid) {
+        EventHandler.prototype.verifyAction = function(instruction, $form, $invalid) {
             const that = this;
-            let submitUri = $form.attr('action');
             let formData = new FormData($form.get(0));
             $invalid.hide();
             $.ajax({
                 method: 'POST',
-                url: submitUri,
+                url: instruction.uri.verify,
                 data: formData,
                 processData: false,
                 contentType: false
             }).done(function(response, status, xhr) {
-                Modal.currentModal.trigger('modal-dismiss');
+                that.modal.trigger('modal-dismiss');
                 that.broadcast(that.action);
             }).fail(function(xhr, status, error) {
                 $invalid.show();
             });
         }
 
+        EventHandler.prototype.cancelAction = function(instruction) {
+            const that = this;
+            $.ajax({
+                method: 'GET',
+                url: instruction.uri.cancel
+            }).done(function(response, status, xhr) {
+                that.modal.trigger('modal-dismiss');
+                that.broadcast('revert');
+            }).fail(function(xhr, status, error) {
+                console.warn('Cancel action failed: ' + error);
+            })
+        }
+
         EventHandler.prototype.broadcast = function(action) {
             const instruction = {
                 action,

From a33461f075c42ff57507f4d82fbea88016f7395a Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Sat, 5 Sep 2020 00:29:28 +0200
Subject: [PATCH 13/20] [TASK] Integrate TYPO3 core changes

---
 Resources/Public/JavaScript/BackendEventListener.js | 7 +++----
 Resources/Public/JavaScript/EventHandler.js         | 4 ++--
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/Resources/Public/JavaScript/BackendEventListener.js b/Resources/Public/JavaScript/BackendEventListener.js
index 41c916b..2c41214 100644
--- a/Resources/Public/JavaScript/BackendEventListener.js
+++ b/Resources/Public/JavaScript/BackendEventListener.js
@@ -7,8 +7,7 @@ define(
         'use strict';
 
         function handle(evt) {
-            let action = resolveAction(evt);
-            new EventHandler(action, evt.detail.payload).handle();
+            new EventHandler(evt.detail.payload).handle();
         }
 
         function resolveAction(evt) {
@@ -22,7 +21,7 @@ define(
             }
         }
 
-        document.addEventListener('typo3:ajax-data-handler:toggle-process-failed', handle);
-        document.addEventListener('typo3:ajax-data-handler:delete-process-failed', handle);
+        document.addEventListener('typo3:ajax-data-handler:process-failed', handle);
+        document.addEventListener('typo3:ajax-data-handler:process-failed', handle);
     }
 );
diff --git a/Resources/Public/JavaScript/EventHandler.js b/Resources/Public/JavaScript/EventHandler.js
index b0c0fa2..347beef 100644
--- a/Resources/Public/JavaScript/EventHandler.js
+++ b/Resources/Public/JavaScript/EventHandler.js
@@ -16,9 +16,9 @@ define(
             console.info('BroadcastService or BroadcastMessage not found, which is fine in TYPO3 v9');
         }
 
-        function EventHandler(action, message) {
-            this.action = action;
+        function EventHandler(message) {
             this.message = message;
+            this.action = message.action;
             this.response = message.response;
             this.processToken = message.processToken;
             this.modal = null;

From 2f8739aa0193147bb53fb0327b3b40ecae0926d6 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Sat, 5 Sep 2020 00:32:11 +0200
Subject: [PATCH 14/20] [TASK] Cancel confirmation bundle on closing modal with
 key

---
 Resources/Public/JavaScript/EventHandler.js | 24 ++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/Resources/Public/JavaScript/EventHandler.js b/Resources/Public/JavaScript/EventHandler.js
index 347beef..a2881fb 100644
--- a/Resources/Public/JavaScript/EventHandler.js
+++ b/Resources/Public/JavaScript/EventHandler.js
@@ -17,6 +17,7 @@ define(
         }
 
         function EventHandler(message) {
+            this.canCancel = true;
             this.message = message;
             this.action = message.action;
             this.response = message.response;
@@ -52,7 +53,11 @@ define(
                         btnClass: 'btn-default',
                         text: instruction.button.cancel,
                         trigger: function(evt) {
-                            that.cancelAction(instruction);
+                            if (that.canCancel) {
+                                that.cancelAction(instruction);
+                                that.broadcast('revert');
+                            }
+                            that.modal.trigger('modal-dismiss');
                         }
                     },
                     {
@@ -63,6 +68,15 @@ define(
                         }
                     },
                 ],
+            }).on('hidden.bs.modal', function(evt) {
+                if (that.canCancel) {
+                    that.cancelAction(instruction);
+                    that.broadcast('revert');
+                }
+                // remove memory reference with next tick
+                setTimeout(function() {
+                    that.modal = null;
+                }, 0);
             });
         }
 
@@ -93,23 +107,23 @@ define(
                 processData: false,
                 contentType: false
             }).done(function(response, status, xhr) {
-                that.modal.trigger('modal-dismiss');
+                that.canCancel = false;
                 that.broadcast(that.action);
+                that.modal.trigger('modal-dismiss');
             }).fail(function(xhr, status, error) {
                 $invalid.show();
             });
         }
 
         EventHandler.prototype.cancelAction = function(instruction) {
+            this.canCancel = false;
             const that = this;
             $.ajax({
                 method: 'GET',
                 url: instruction.uri.cancel
-            }).done(function(response, status, xhr) {
-                that.modal.trigger('modal-dismiss');
-                that.broadcast('revert');
             }).fail(function(xhr, status, error) {
                 console.warn('Cancel action failed: ' + error);
+                that.canCancel = true;
             })
         }
 

From 106ba58c625e0166016891a809ed88be57262cbd Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Sat, 5 Sep 2020 01:46:22 +0200
Subject: [PATCH 15/20] [TASK] Clean up code

---
 Resources/Public/JavaScript/BackendEventListener.js | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/Resources/Public/JavaScript/BackendEventListener.js b/Resources/Public/JavaScript/BackendEventListener.js
index 2c41214..add24dc 100644
--- a/Resources/Public/JavaScript/BackendEventListener.js
+++ b/Resources/Public/JavaScript/BackendEventListener.js
@@ -10,17 +10,6 @@ define(
             new EventHandler(evt.detail.payload).handle();
         }
 
-        function resolveAction(evt) {
-            switch (evt.type) {
-                case 'typo3:ajax-data-handler:toggle-process-failed':
-                    return 'toggle';
-                case 'typo3:ajax-data-handler:delete-process-failed':
-                    return 'delete';
-                default:
-                    throw new RangeError('Unexpected event type "' + evt.type + '"');
-            }
-        }
-
         document.addEventListener('typo3:ajax-data-handler:process-failed', handle);
         document.addEventListener('typo3:ajax-data-handler:process-failed', handle);
     }

From 4e41f81a5a8403b412a67955e5cbf662711d23d3 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Mon, 7 Sep 2020 15:17:01 +0200
Subject: [PATCH 16/20] [TASK] Clean up code & provide more JS compatibility

---
 Resources/Public/JavaScript/EventHandler.js | 24 ++++++++++-----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/Resources/Public/JavaScript/EventHandler.js b/Resources/Public/JavaScript/EventHandler.js
index a2881fb..dd4f145 100644
--- a/Resources/Public/JavaScript/EventHandler.js
+++ b/Resources/Public/JavaScript/EventHandler.js
@@ -33,14 +33,14 @@ define(
         }
 
         EventHandler.prototype.showModal = function(instruction) {
-            const that = this;
-            let $content = $(instruction.content);
-            let $form = $content.find('#' + instruction.formId)
+            var that = this;
+            var $content = $(instruction.content);
+            var $form = $content.find('#' + instruction.formId)
                 .on('submit', function(evt) {
                     evt.preventDefault();
                     that.verifyAction(instruction, $form, $invalid);
                 });
-            let $invalid = $content.find('#' + instruction.invalidId)
+            var $invalid = $content.find('#' + instruction.invalidId)
                 .hide();
 
             this.modal = Modal.advanced({
@@ -66,8 +66,8 @@ define(
                         trigger: function(evt) {
                             $form.submit();
                         }
-                    },
-                ],
+                    }
+                ]
             }).on('hidden.bs.modal', function(evt) {
                 if (that.canCancel) {
                     that.cancelAction(instruction);
@@ -86,7 +86,7 @@ define(
         }
 
         EventHandler.prototype.requestAction = function() {
-            const that = this;
+            var that = this;
             $.ajax({
                 method: 'GET',
                 dataType: 'json',
@@ -97,8 +97,8 @@ define(
         }
 
         EventHandler.prototype.verifyAction = function(instruction, $form, $invalid) {
-            const that = this;
-            let formData = new FormData($form.get(0));
+            var that = this;
+            var formData = new FormData($form.get(0));
             $invalid.hide();
             $.ajax({
                 method: 'POST',
@@ -117,7 +117,7 @@ define(
 
         EventHandler.prototype.cancelAction = function(instruction) {
             this.canCancel = false;
-            const that = this;
+            var that = this;
             $.ajax({
                 method: 'GET',
                 url: instruction.uri.cancel
@@ -128,8 +128,8 @@ define(
         }
 
         EventHandler.prototype.broadcast = function(action) {
-            const instruction = {
-                action,
+            var instruction = {
+                action: action,
                 processToken: this.processToken,
                 elementIdentifier: this.message.elementIdentifier
             };

From 8d0ba95ccbc6c629e0ec49fbdbae0ee2c9237610 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Mon, 7 Sep 2020 15:17:28 +0200
Subject: [PATCH 17/20] [TASK] Provide compatibility for TYPO3 v9

---
 Classes/Hook/BackendResourceHook.php        |  3 +++
 Resources/Public/JavaScript/EventHandler.js | 16 ++++++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/Classes/Hook/BackendResourceHook.php b/Classes/Hook/BackendResourceHook.php
index 0d82f01..d0783db 100644
--- a/Classes/Hook/BackendResourceHook.php
+++ b/Classes/Hook/BackendResourceHook.php
@@ -15,6 +15,7 @@
  * The TYPO3 project - inspiring people to share!
  */
 
+use FriendsOfTYPO3\SudoMode\Backend\ExternalServiceAdapter;
 use TYPO3\CMS\Backend\Controller\BackendController;
 use TYPO3\CMS\Core\Page\PageRenderer;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
@@ -28,5 +29,7 @@ public function applyResources(array $parameters, BackendController $backendCont
     {
         $pageRenderer = GeneralUtility::makeInstance(PageRenderer::class);
         $pageRenderer->loadRequireJsModule('TYPO3/CMS/SudoMode/BackendEventListener');
+        // load RSA auth JavaScript modules (if applicable)
+        GeneralUtility::makeInstance(ExternalServiceAdapter::class)->applyRsaAuthModules();
     }
 }
diff --git a/Resources/Public/JavaScript/EventHandler.js b/Resources/Public/JavaScript/EventHandler.js
index dd4f145..ebfbeae 100644
--- a/Resources/Public/JavaScript/EventHandler.js
+++ b/Resources/Public/JavaScript/EventHandler.js
@@ -8,8 +8,9 @@ define(
         // opt(ional) modules using loader plugin
         'TYPO3/CMS/SudoMode/opt!TYPO3/CMS/Backend/BroadcastService',
         'TYPO3/CMS/SudoMode/opt!TYPO3/CMS/Backend/BroadcastMessage',
+        'TYPO3/CMS/SudoMode/opt!TYPO3/CMS/Rsaauth/RsaEncryptionModule'
     ],
-    function ($, Modal, broadcastService, BroadcastMessageModule) {
+    function ($, Modal, broadcastService, BroadcastMessageModule, RsaEncryption) {
         'use strict';
 
         if (!broadcastService || !BroadcastMessageModule) {
@@ -68,6 +69,11 @@ define(
                         }
                     }
                 ]
+            }).on('shown.bs.modal', function(evt) {
+                if (RsaEncryption) {
+                    // TYPO3 v9 ext:rsaauth initialization
+                    RsaEncryption.registerForm($form.get(0));
+                }
             }).on('hidden.bs.modal', function(evt) {
                 if (that.canCancel) {
                     that.cancelAction(instruction);
@@ -81,8 +87,14 @@ define(
         }
 
         EventHandler.prototype.isRelevant = function() {
+            var expectedValue = 'sudo-mode:confirmation-request';
             return this.response.headers
-                && this.response.headers.get('x-typo3-emitevent') === 'sudo-mode:confirmation-request';
+                && (
+                    this.response.headers instanceof Map
+                        && this.response.headers.get('x-typo3-emitevent') === expectedValue
+                    || this.response.headers instanceof Object
+                        && this.response.headers['x-typo3-emitevent'] === expectedValue
+                );
         }
 
         EventHandler.prototype.requestAction = function() {

From 66bf99fba2d328c002c1f35940ddf15e79be25da Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Mon, 7 Sep 2020 17:24:24 +0200
Subject: [PATCH 18/20] [TASK] Add AJAX parameters round-trip

---
 Resources/Public/JavaScript/EventHandler.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Resources/Public/JavaScript/EventHandler.js b/Resources/Public/JavaScript/EventHandler.js
index ebfbeae..fe023c3 100644
--- a/Resources/Public/JavaScript/EventHandler.js
+++ b/Resources/Public/JavaScript/EventHandler.js
@@ -143,6 +143,7 @@ define(
             var instruction = {
                 action: action,
                 processToken: this.processToken,
+                parameters: this.message.parameters,
                 elementIdentifier: this.message.elementIdentifier
             };
             broadcastService.post(

From 0e601891f3d32fa7b51e523306bbb8ea014763b4 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Mon, 7 Sep 2020 17:24:32 +0200
Subject: [PATCH 19/20] [TASK] Clean up code

---
 Classes/Scope/CoreJsonRouteHandler.php | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/Classes/Scope/CoreJsonRouteHandler.php b/Classes/Scope/CoreJsonRouteHandler.php
index bc4b890..2a159be 100644
--- a/Classes/Scope/CoreJsonRouteHandler.php
+++ b/Classes/Scope/CoreJsonRouteHandler.php
@@ -26,17 +26,14 @@ class CoreJsonRouteHandler implements RouteHandlerInterface
 
     public function __construct()
     {
-        // TYPO3 v10
         $this->handlers = [
+            // \TYPO3\CMS\Backend\Controller\SimpleDataHandlerController::processAjaxRequest
             '/ajax/record/process' => function(Route $route, ServerRequestInterface $request, RequestMetaData $metaData): RequestMetaData {
                 return $metaData
                     ->withEventName('sudo-mode:confirmation-request')
                     ->withJsonData([]);
             },
         ];
-
-        // TYPO3 v9
-        // $this->handlers['/user/setup'] = $this->handlers['/module/user/setup'];
     }
 
     public function canHandle(ServerRequestInterface $request, Route $route): bool

From 244db20f736e9809e00ec6f2ae7096bde333648a Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Mon, 7 Sep 2020 17:24:56 +0200
Subject: [PATCH 20/20] [BUGFIX] Add missing context menu invocation
 (visibility)

---
 Classes/Scope/CoreHtmlRouteHandler.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Classes/Scope/CoreHtmlRouteHandler.php b/Classes/Scope/CoreHtmlRouteHandler.php
index fd1c74e..cc3235f 100644
--- a/Classes/Scope/CoreHtmlRouteHandler.php
+++ b/Classes/Scope/CoreHtmlRouteHandler.php
@@ -36,6 +36,12 @@ public function __construct()
                 $queryParams = $request->getQueryParams();
                 return GeneralUtility::sanitizeLocalUrl($parsedBody['returnUrl'] ?? $queryParams['returnUrl'] ?? null);
             },
+            // \TYPO3\CMS\Backend\Controller\SimpleDataHandlerController::mainAction
+            '/record/commit' => function(Route $route, ServerRequestInterface $request): string {
+                $parsedBody = $request->getParsedBody();
+                $queryParams = $request->getQueryParams();
+                return GeneralUtility::sanitizeLocalUrl($parsedBody['redirect'] ?? $queryParams['redirect'] ?? null);
+            },
             // \TYPO3\CMS\Setup\Controller\SetupModuleController
             '/module/user/setup' => function(Route $route, ServerRequestInterface $request): string {
                 $uriBuilder = GeneralUtility::makeInstance(UriBuilder::class);