MAGETWO-97947: Invalid action behavior

Author: ameysar

app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFolder.php

@@ -7,6 +7,7 @@
 namespace Magento\Cms\Controller\Adminhtml\Wysiwyg\Images;
 
 use Magento\Framework\App\Filesystem\DirectoryList;
+use Magento\Framework\Exception\NotFoundException;
 
 /**
  * Delete image folder.
@@ -57,11 +58,11 @@ public function __construct(
      */
     public function execute()
     {
-        try {
-            if (!$this->getRequest()->isPost()) {
-                throw new \Exception('Wrong request.');
-            }
+        if (!$this->getRequest()->isPost()) {
+            throw new NotFoundException(__('Page not found'));
+        }
 
+        try {
             $path = $this->getStorage()->getCmsWysiwygImages()->getCurrentPath();
             if (!$this->directoryResolver->validatePath($path, DirectoryList::MEDIA)) {
                 throw new \Magento\Framework\Exception\LocalizedException(

app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/NewFolder.php

@@ -7,6 +7,7 @@
 namespace Magento\Cms\Controller\Adminhtml\Wysiwyg\Images;
 
 use Magento\Framework\App\Filesystem\DirectoryList;
+use Magento\Framework\Exception\NotFoundException;
 
 /**
  * Creates new folder.
@@ -49,11 +50,11 @@ public function __construct(
      */
     public function execute()
     {
-        try {
-            if (!$this->getRequest()->isPost()) {
-                throw new \Exception('Wrong request.');
-            }
+        if (!$this->getRequest()->isPost()) {
+            throw new NotFoundException(__('Page not found'));
+        }
 
+        try {
             $this->_initAction();
             $name = $this->getRequest()->getPost('name');
             $path = $this->getStorage()->getSession()->getCurrentPath();

app/code/Magento/Sales/Test/Unit/Controller/Adminhtml/Order/CancelTest.php

@@ -103,8 +103,6 @@ protected function setUp()
             \Magento\Sales\Controller\Adminhtml\Order\Cancel::class,
             [
                 'context' => $this->context,
-                //'request' => $this->request,
-                //'response' => $this->response,
                 'orderRepository' => $this->orderRepositoryMock
             ]
         );

app/code/Magento/Widget/Controller/Adminhtml/Widget/BuildWidget.php

@@ -6,6 +6,8 @@
  */
 namespace Magento\Widget\Controller\Adminhtml\Widget;
 
+use Magento\Framework\App\ObjectManager;
+
 class BuildWidget extends \Magento\Backend\App\Action
 {
     /**
@@ -18,15 +20,25 @@ class BuildWidget extends \Magento\Backend\App\Action
      */
     protected $_widget;
 
+    /**
+     * @var \Magento\Framework\Serialize\SerializerInterface
+     */
+    private $serializer;
+
     /**
      * @param \Magento\Backend\App\Action\Context $context
      * @param \Magento\Widget\Model\Widget $widget
+     * @param \Magento\Framework\Serialize\SerializerInterface|null $serializer
      */
     public function __construct(
         \Magento\Backend\App\Action\Context $context,
-        \Magento\Widget\Model\Widget $widget
+        \Magento\Widget\Model\Widget $widget,
+        \Magento\Framework\Serialize\SerializerInterface $serializer = null
     ) {
         $this->_widget = $widget;
+        $this->serializer = $serializer ?: ObjectManager::getInstance()->get(
+            \Magento\Framework\Serialize\SerializerInterface::class
+        );
         parent::__construct($context);
     }
 
@@ -37,13 +49,17 @@ public function __construct(
      */
     public function execute()
     {
-        $html = '';
-        if ($this->getRequest()->isPost()) {
-            $type = $this->getRequest()->getPost('widget_type');
-            $params = $this->getRequest()->getPost('parameters', []);
-            $asIs = $this->getRequest()->getPost('as_is');
-            $html = $this->_widget->getWidgetDeclaration($type, $params, $asIs);
+        if (!$this->getRequest()->isPost()) {
+            $this->getResponse()->representJson(
+                $this->serializer->serialize(['error' => true, 'message' => 'Invalid request'])
+            );
+            return;
         }
+
+        $type = $this->getRequest()->getPost('widget_type');
+        $params = $this->getRequest()->getPost('parameters', []);
+        $asIs = $this->getRequest()->getPost('as_is');
+        $html = $this->_widget->getWidgetDeclaration($type, $params, $asIs);
         $this->getResponse()->setBody($html);
     }
 }

dev/tests/integration/testsuite/Magento/Customer/Controller/Adminhtml/GroupTest.php

@@ -86,7 +86,7 @@ public function testNewActionWithCustomerGroupDataInSession()
      */
     public function testDeleteActionNoGroupId()
     {
-        $this->getRequest()->setMethod(\Magento\Framework\App\Request\Http::METHOD_POST);
+        $this->getRequest()->setMethod(HttpRequest::METHOD_POST);
         $this->dispatch('backend/customer/group/delete');
         $this->assertRedirect($this->stringStartsWith(self::BASE_CONTROLLER_URL));
     }
@@ -100,7 +100,7 @@ public function testDeleteActionExistingGroup()
     {
         $groupId = $this->findGroupIdWithCode(self::CUSTOMER_GROUP_CODE);
         $this->getRequest()->setParam('id', $groupId);
-        $this->getRequest()->setMethod(\Magento\Framework\App\Request\Http::METHOD_POST);
+        $this->getRequest()->setMethod(HttpRequest::METHOD_POST);
         $this->dispatch('backend/customer/group/delete');
 
         /**
@@ -121,7 +121,7 @@ public function testDeleteActionExistingGroup()
     public function testDeleteActionNonExistingGroupId()
     {
         $this->getRequest()->setParam('id', 10000);
-        $this->getRequest()->setMethod(\Magento\Framework\App\Request\Http::METHOD_POST);
+        $this->getRequest()->setMethod(HttpRequest::METHOD_POST);
         $this->dispatch('backend/customer/group/delete');
 
         /**