[Fixes #1618] Consider returning a 404 in the DownloadPersonalData.OnGet

2018-03-29 07:24:55 -07:00 · 2018-03-29 07:24:55 -07:00 · 1e7ca96b51
--- a/src/UI/Areas/Identity/Pages/Account/Manage/DownloadPersonalData.cshtml.cs
+++ b/src/UI/Areas/Identity/Pages/Account/Manage/DownloadPersonalData.cshtml.cs
@ -16,6 +16,8 @@ namespace Microsoft.AspNetCore.Identity.UI.Pages.Account.Manage.Internal
    [IdentityDefaultUI(typeof(DownloadPersonalDataModel<>))]
    public abstract class DownloadPersonalDataModel : PageModel
    {
+        public virtual IActionResult OnGet() => throw new NotImplementedException();
+
        public virtual Task<IActionResult> OnPostAsync() => throw new NotImplementedException();
    }

@ -32,6 +34,11 @@ namespace Microsoft.AspNetCore.Identity.UI.Pages.Account.Manage.Internal
            _logger = logger;
        }

+        public override IActionResult OnGet()
+        {
+            return NotFound();
+        }
+
        public override async Task<IActionResult> OnPostAsync()
        {
            var user = await _userManager.GetUserAsync(User);
--- a/test/Identity.FunctionalTests/AuthorizationTests.cs
+++ b/test/Identity.FunctionalTests/AuthorizationTests.cs
@ -66,7 +66,6 @@ namespace Microsoft.AspNetCore.Identity.FunctionalTests
            {
                "/Identity/Account/Manage/ChangePassword",
                "/Identity/Account/Manage/DeletePersonalData",
-                "/Identity/Account/Manage/DownloadPersonalData",
                "/Identity/Account/Manage/EnableAuthenticator",
                "/Identity/Account/Manage/ExternalLogins",
                "/Identity/Account/Manage/Index",
--- a/test/Identity.FunctionalTests/ManagementTests.cs
+++ b/test/Identity.FunctionalTests/ManagementTests.cs
@ -4,6 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Net;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Identity.DefaultUI.WebSite;
@ -220,6 +221,23 @@ namespace Microsoft.AspNetCore.Identity.FunctionalTests
            }
        }

+        [Fact]
+        public async Task GetOnDownloadPersonalData_ReturnsNotFound()
+        {
+            using (StartLog(out var loggerFactory))
+            {
+                // Arrange
+                var client = ServerFactory.CreateDefaultClient(loggerFactory);
+                await UserStories.RegisterNewUserAsync(client);
+
+                // Act
+                var response = await client.GetAsync("/Identity/Account/Manage/DownloadPersonalData");
+
+                // Assert
+                Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+            }
+        }
+
        [Fact]
        public async Task CanDeleteUser()
        {