Issue 12713007: Fix the no password save issue for ajax login

Issue 12713007: Fix the no password save issue for ajax login (Closed)

Created:
7 years, 9 months ago by Garrett Casto

Modified:
7 years, 9 months ago

Reviewers:
Charlie Reis, Ilya Sherman, tim (not reviewing)

CC:
chromium-reviews, joi+watch-content_chromium.org, darin-cc_chromium.org, jam, guohui, Yue Zhang

Base URL:
svn://svn.chromium.org/chrome/trunk/src

Visibility:
Public.

More Reviews

Description

Fix the no password save issue for ajax login The idea is that if a navigation is triggered by non-user gesture after a password form is submitted, then we assume that this navigation is related to the previous form submit and chrome should prompt for saving password if all criteria for provisionally saving password are met. The link between the previous form submit and the coming navigation is weak, so its possible for chrome to inherit password forms from previous state when it should not. However most false cases would be aborted at PasswordManager::ProvisionallySavePassword, which does a list of sanity checks for saving password, such as if the form is already seen on the current page. BUG=43219 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=191024

Patch Set 1 #

Total comments: 33

Patch Set 2 : Address comments. #

Patch Set 3 : Remove dead code #

Total comments: 4

Patch Set 4 : More comments #

Patch Set 5 : Remove unneeded test variable #

Total comments: 6

Patch Set 6 : Address more comments #

Patch Set 7 : Again #

Created: 7 years, 9 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+184 lines, -1 line)			Patch
A	chrome/browser/password_manager/password_manager_browsertest.cc	View	1 2 3 4	1 chunk	+129 lines, -0 lines	0 comments	Download
M	chrome/chrome_tests.gypi	View	1 2 3 4	1 chunk	+1 line, -0 lines	0 comments	Download
A +	chrome/test/data/password/password_xhr_done.html	View	1 2 3 4	1 chunk	+1 line, -1 line	0 comments	Download
A	chrome/test/data/password/password_xhr_submit.html	View	1	1 chunk	+27 lines, -0 lines	0 comments	Download
M	content/public/renderer/document_state.h	View	1 2 3 4 5 6	1 chunk	+9 lines, -0 lines	0 comments	Download
M	content/renderer/render_view_impl.cc	View	1 2 3 4 5	1 chunk	+17 lines, -0 lines	0 comments	Download

Messages

Total messages: 11 (0 generated)

Expand Messages | Collapse Messages

Ilya Sherman

https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manager/password_manager_browsertest.cc File chrome/browser/password_manager/password_manager_browsertest.cc (right): https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manager/password_manager_browsertest.cc#newcode1 chrome/browser/password_manager/password_manager_browsertest.cc:1: // Copyright (c) 2013 The Chromium Authors. All rights ...

7 years, 9 months ago (2013-03-22 03:26:48 UTC) #2

Garrett Casto

7 years, 9 months ago (2013-03-22 21:05:05 UTC) #3

https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manag...
File chrome/browser/password_manager/password_manager_browsertest.cc (right):

https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manag...
chrome/browser/password_manager/password_manager_browsertest.cc:1: // Copyright
(c) 2013 The Chromium Authors. All rights reserved.
On 2013/03/22 03:26:48, Ilya Sherman wrote:
> ultra nit: Omit the "(c)"

Done.

https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manag...
chrome/browser/password_manager/password_manager_browsertest.cc:27: explicit
NavigationObserver(Browser* browser)
On 2013/03/22 03:26:48, Ilya Sherman wrote:
> nit: Can you pass in just the WebContents, rather than the full Browser?

Done.

https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manag...
chrome/browser/password_manager/password_manager_browsertest.cc:36:
content::NotificationService::AllSources());
On 2013/03/22 03:26:48, Ilya Sherman wrote:
> nit: Can you listen to notifications from a specific source?  Better yet, can
> you avoid listening for notifications at all, i.e. hook into this event in a
> more direct way?

Changed to use a specific source. I don't think that I can hook this in a more
direct way at the moment. I could add a hook into the PasswordManager where the
password is being saved, but I'm not sure if it's worth it.

https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manag...
chrome/browser/password_manager/password_manager_browsertest.cc:46:
infobar_service_->RemoveInfoBar(infobar);
On 2013/03/22 03:26:48, Ilya Sherman wrote:
> Hmm, why do you need to do this manually?  Doesn't calling Accept() on the
> infobar cause it to be closed?

I actually just pulled this from autofill_browsertest, but it does look like it
isn't necessary. Removed.

https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manag...
chrome/browser/password_manager/password_manager_browsertest.cc:89: bool
has_run_message_loop_;
On 2013/03/22 03:26:48, Ilya Sherman wrote:
> Use content::MessageLoopRunner instead.

Done.

https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manag...
chrome/browser/password_manager/password_manager_browsertest.cc:95: };
On 2013/03/22 03:26:48, Ilya Sherman wrote:
> nit: Tuck this into an anonymous namespace.

Done.

https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manag...
chrome/browser/password_manager/password_manager_browsertest.cc:99:
content::RenderViewHost* render_view_host() {
On 2013/03/22 03:26:48, Ilya Sherman wrote:
> nit: This should use MixedCaps rather than hacker_case.

Done.

https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manag...
chrome/browser/password_manager/password_manager_browsertest.cc:105:
IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTest, PromptForXHRSubmit) {
On 2013/03/22 03:26:48, Ilya Sherman wrote:
> As long as you're adding test coverage (thanks!), could you add a test for the
> regular (non-XHR) case as well?

There is actually a full pyauto test suite for the password manager that I
didn't know about until recently. I was going to file a bug to migrate it to
BrowserTest. That would include testing for the normal case.

https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manag...
chrome/browser/password_manager/password_manager_browsertest.cc:112: // in it's
onsubmit handler but instead logs in/navigates via XHR.
On 2013/03/22 03:26:48, Ilya Sherman wrote:
> nit: "it's" -> "its"

Done.

https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manag...
chrome/browser/password_manager/password_manager_browsertest.cc:120:
ASSERT_TRUE(content::ExecuteScript(render_view_host(), fill_and_submit));
On 2013/03/22 03:26:48, Ilya Sherman wrote:
> Can you have the loaded page send a result when it's done loading (using
> something like ExecuteScriptAndExtractBool), and use a
> WindowedNotificationObserver that listens for that instead?  That seems like
it
> would be less code, and possibly less error-prone as well.

I'm not sure what exactly you have in mind here. I can imagine setting some
variable during onload of the next page, and then extracting it with
ExecuteScriptAndExtractBool, but this extraction would have to be a loop because
it may run before the page is finished loading, right? That seems like a step in
the wrong direction. Or were you thinking of some other way of doing this?

https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manag...
chrome/browser/password_manager/password_manager_browsertest.cc:122:
ASSERT_TRUE(observer.InfoBarWasShown());
On 2013/03/22 03:26:48, Ilya Sherman wrote:
> nit: I think this can be EXPECT_TRUE.

Done.

https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manag...
chrome/browser/password_manager/password_manager_browsertest.cc:143:
ASSERT_FALSE(observer.InfoBarWasShown());
On 2013/03/22 03:26:48, Ilya Sherman wrote:
> nit: I think this can be EXPECT_FALSE.

Done.

https://codereview.chromium.org/12713007/diff/1/content/renderer/render_view_...
File content/renderer/render_view_impl.cc (right):

https://codereview.chromium.org/12713007/diff/1/content/renderer/render_view_...
content/renderer/render_view_impl.cc:3434: // If the navigation is not triggered
by user gesture, e.g. by some ajax
On 2013/03/22 03:26:48, Ilya Sherman wrote:
> nit: "by user gesture" -> "by a user gesture"

Done.

https://codereview.chromium.org/12713007/diff/1/content/renderer/render_view_...
content/renderer/render_view_impl.cc:3437: // crbug/43219. Note that there are
still some sites that this fails for
On 2013/03/22 03:26:48, Ilya Sherman wrote:
> nit: Add "http://", and ideally find some way to separate the dot from the
URL,
> e.g. "[ http://crbug.com/43219 ].", so that linkified code is likely to work
> correctly.

Done.

https://codereview.chromium.org/12713007/diff/1/content/renderer/render_view_...
content/renderer/render_view_impl.cc:3447: scoped_ptr<content::PasswordForm>(
On 2013/03/22 03:26:48, Ilya Sherman wrote:
> nit: Consider using make_scoped_ptr() here.

Done.

Charlie Reis

Thanks for adding the test and comments! https://codereview.chromium.org/12713007/diff/21001/content/public/renderer/document_state.h File content/public/renderer/document_state.h (right): https://codereview.chromium.org/12713007/diff/21001/content/public/renderer/document_state.h#newcode173 content/public/renderer/document_state.h:173: // navigation ...

7 years, 9 months ago (2013-03-23 01:00:26 UTC) #4

Ilya Sherman

Thanks, LGTM (but please wait for other reviewers as well). https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manager/password_manager_browsertest.cc File chrome/browser/password_manager/password_manager_browsertest.cc (right): https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manager/password_manager_browsertest.cc#newcode105 ...

7 years, 9 months ago (2013-03-23 01:10:58 UTC) #5

Thanks, LGTM (but please wait for other reviewers as well).

https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manag...
File chrome/browser/password_manager/password_manager_browsertest.cc (right):

https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manag...
chrome/browser/password_manager/password_manager_browsertest.cc:105:
IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTest, PromptForXHRSubmit) {
On 2013/03/22 21:05:05, Garrett Casto wrote:
> On 2013/03/22 03:26:48, Ilya Sherman wrote:
> > As long as you're adding test coverage (thanks!), could you add a test for
the
> > regular (non-XHR) case as well?
> 
> There is actually a full pyauto test suite for the password manager that I
> didn't know about until recently. I was going to file a bug to migrate it to
> BrowserTest. That would include testing for the normal case. 

Ok, fair enough :)

https://codereview.chromium.org/12713007/diff/1/chrome/browser/password_manag...
chrome/browser/password_manager/password_manager_browsertest.cc:120:
ASSERT_TRUE(content::ExecuteScript(render_view_host(), fill_and_submit));
On 2013/03/22 21:05:05, Garrett Casto wrote:
> On 2013/03/22 03:26:48, Ilya Sherman wrote:
> > Can you have the loaded page send a result when it's done loading (using
> > something like ExecuteScriptAndExtractBool), and use a
> > WindowedNotificationObserver that listens for that instead?  That seems like
> it
> > would be less code, and possibly less error-prone as well.
> 
> I'm not sure what exactly you have in mind here. I can imagine setting some
> variable during onload of the next page, and then extracting it with
> ExecuteScriptAndExtractBool, but this extraction would have to be a loop
because
> it may run before the page is finished loading, right? That seems like a step
in
> the wrong direction. Or were you thinking of some other way of doing this?

Hmm, I kind of ignored the fact that the JavaScript context probably doesn't
last across page loads.  So, never mind about this comment :)

https://codereview.chromium.org/12713007/diff/21001/chrome/browser/password_m...
File chrome/browser/password_manager/password_manager_browsertest.cc (right):

https://codereview.chromium.org/12713007/diff/21001/chrome/browser/password_m...
chrome/browser/password_manager/password_manager_browsertest.cc:85: }
nit: Please leave a blank line after this one.

Garrett Casto

https://codereview.chromium.org/12713007/diff/21001/chrome/browser/password_manager/password_manager_browsertest.cc File chrome/browser/password_manager/password_manager_browsertest.cc (right): https://codereview.chromium.org/12713007/diff/21001/chrome/browser/password_manager/password_manager_browsertest.cc#newcode85 chrome/browser/password_manager/password_manager_browsertest.cc:85: } On 2013/03/23 01:10:58, Ilya Sherman wrote: > nit: ...

7 years, 9 months ago (2013-03-26 00:00:26 UTC) #6

Charlie Reis

Hmm. I'd feel better if I knew where we were associating the actual password with ...

7 years, 9 months ago (2013-03-27 05:15:04 UTC) #7

Garrett Casto

On 2013/03/27 05:15:04, creis wrote: > Hmm. I'd feel better if I knew where we ...

7 years, 9 months ago (2013-03-27 18:57:25 UTC) #8

Garrett Casto

https://codereview.chromium.org/12713007/diff/45001/content/public/renderer/document_state.h File content/public/renderer/document_state.h (right): https://codereview.chromium.org/12713007/diff/45001/content/public/renderer/document_state.h#newcode178 content/public/renderer/document_state.h:178: // origin we associate it with, only if we ...

7 years, 9 months ago (2013-03-27 18:59:44 UTC) #9

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/gcasto@chromium.org/12713007/65001

7 years, 9 months ago (2013-03-27 19:02:48 UTC) #10

Message was sent while issue was closed.

Change committed as 191024

Expand Messages | Collapse Messages