From 1e7ca96b51f9004f5e4684e42276262476a51beb Mon Sep 17 00:00:00 2001
From: Kiran Challa <kichalla@microsoft.com>
Date: Thu, 29 Mar 2018 07:24:55 -0700
Subject: [PATCH] [Fixes #1618] Consider returning a 404 in the
 DownloadPersonalData.OnGet

---
 .../Manage/DownloadPersonalData.cshtml.cs      |  7 +++++++
 .../AuthorizationTests.cs                      |  1 -
 .../ManagementTests.cs                         | 18 ++++++++++++++++++
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/UI/Areas/Identity/Pages/Account/Manage/DownloadPersonalData.cshtml.cs b/src/UI/Areas/Identity/Pages/Account/Manage/DownloadPersonalData.cshtml.cs
index c5feda5dd4..ddf0f2de14 100644
--- a/src/UI/Areas/Identity/Pages/Account/Manage/DownloadPersonalData.cshtml.cs
+++ b/src/UI/Areas/Identity/Pages/Account/Manage/DownloadPersonalData.cshtml.cs
@@ -16,6 +16,8 @@ namespace Microsoft.AspNetCore.Identity.UI.Pages.Account.Manage.Internal
     [IdentityDefaultUI(typeof(DownloadPersonalDataModel<>))]
     public abstract class DownloadPersonalDataModel : PageModel
     {
+        public virtual IActionResult OnGet() => throw new NotImplementedException();
+
         public virtual Task<IActionResult> OnPostAsync() => throw new NotImplementedException();
     }
 
@@ -32,6 +34,11 @@ namespace Microsoft.AspNetCore.Identity.UI.Pages.Account.Manage.Internal
             _logger = logger;
         }
 
+        public override IActionResult OnGet()
+        {
+            return NotFound();
+        }
+
         public override async Task<IActionResult> OnPostAsync()
         {
             var user = await _userManager.GetUserAsync(User);
diff --git a/test/Identity.FunctionalTests/AuthorizationTests.cs b/test/Identity.FunctionalTests/AuthorizationTests.cs
index 9d6875f35a..e3c2dfb541 100644
--- a/test/Identity.FunctionalTests/AuthorizationTests.cs
+++ b/test/Identity.FunctionalTests/AuthorizationTests.cs
@@ -66,7 +66,6 @@ namespace Microsoft.AspNetCore.Identity.FunctionalTests
             {
                 "/Identity/Account/Manage/ChangePassword",
                 "/Identity/Account/Manage/DeletePersonalData",
-                "/Identity/Account/Manage/DownloadPersonalData",
                 "/Identity/Account/Manage/EnableAuthenticator",
                 "/Identity/Account/Manage/ExternalLogins",
                 "/Identity/Account/Manage/Index",
diff --git a/test/Identity.FunctionalTests/ManagementTests.cs b/test/Identity.FunctionalTests/ManagementTests.cs
index 10224e561c..1bb2fd45e1 100644
--- a/test/Identity.FunctionalTests/ManagementTests.cs
+++ b/test/Identity.FunctionalTests/ManagementTests.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Net;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Identity.DefaultUI.WebSite;
@@ -220,6 +221,23 @@ namespace Microsoft.AspNetCore.Identity.FunctionalTests
             }
         }
 
+        [Fact]
+        public async Task GetOnDownloadPersonalData_ReturnsNotFound()
+        {
+            using (StartLog(out var loggerFactory))
+            {
+                // Arrange
+                var client = ServerFactory.CreateDefaultClient(loggerFactory);
+                await UserStories.RegisterNewUserAsync(client);
+
+                // Act
+                var response = await client.GetAsync("/Identity/Account/Manage/DownloadPersonalData");
+
+                // Assert
+                Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+            }
+        }
+
         [Fact]
         public async Task CanDeleteUser()
         {