[Password Manager] Autofill forms with field name and id attributes missing.

components/autofill/content/renderer/password_autofill_agent.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/autofill/content/renderer/password_autofill_agent.h"
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/i18n/case_conversion.h"
 #include "base/memory/scoped_ptr.h"
@@ skipping 36 matching lines @@
 
 // The size above which we stop triggering autocomplete.
 static const size_t kMaximumTextSizeForAutocomplete = 1000;
 
 // Experiment information
 const char kFillOnAccountSelectFieldTrialName[] = "FillOnAccountSelect";
 const char kFillOnAccountSelectFieldTrialEnabledWithHighlightGroup[] =
     "EnableWithHighlight";
 const char kFillOnAccountSelectFieldTrialEnabledWithNoHighlightGroup[] =
     "EnableWithNoHighlight";
+const char kDummyUsernameField[] = "anonymous_username";
+const char kDummyPasswordField[] = "anonymous_password";
 
 // Maps element names to the actual elements to simplify form filling.
 typedef std::map<base::string16, blink::WebInputElement> FormInputElementMap;
 
 // Use the shorter name when referencing SavePasswordProgressLogger::StringID
 // values to spare line breaks. The code provides enough context for that
 // already.
 typedef SavePasswordProgressLogger Logger;
 
 typedef std::vector<FormInputElementMap> FormElementsList;
@@ skipping 10 matching lines @@
     const std::vector<blink::WebFormControlElement>& control_elements,
     const base::string16& name) {
   for (size_t i = 0; i < control_elements.size(); ++i) {
     if (control_elements[i].nameForAutofill() == name) {
       return IsWebNodeVisible(control_elements[i]);
     }
   }
   return false;
 }
 
+// Returns true if password form has username and password fields with either
+// same or no name and id attributes supplied.
+bool PasswordFormWithAmbiguousOrNoNameAndIdAttribute(
+    const PasswordFormFillData& fill_data) {
+  return (fill_data.username_field.name == fill_data.password_field.name) ||
+         (fill_data.username_field.name ==
+              base::ASCIIToUTF16(kDummyUsernameField) &&
+          fill_data.password_field.name ==
+              base::ASCIIToUTF16(kDummyPasswordField));
+}
+
+bool IsPasswordField(const FormFieldData& field) {
+  return (field.form_control_type == "password");
+}
+
+// Returns the |field|'s autofillable name. If no name or id attribute is
+// specified returns a dummy name.
+base::string16 FieldName(const FormFieldData& field,
+                         bool ambiguous_or_no_name_and_id_attribute) {
+  return ambiguous_or_no_name_and_id_attribute
+             ? IsPasswordField(field) ? base::ASCIIToUTF16(kDummyPasswordField)
+                                      : base::ASCIIToUTF16(kDummyUsernameField)
+             : field.name;
+}
+
 // Utility function to find the unique entry of |control_elements| for the
 // specified input |field|. On successful find, adds it to |result| and returns
 // |true|. Otherwise clears the references from each |HTMLInputElement| from
 // |result| and returns |false|.
 bool FindFormInputElement(
     const std::vector<blink::WebFormControlElement>& control_elements,
     const FormFieldData& field,
+    bool ambiguous_or_no_name_and_id_attribute,
     FormInputElementMap* result) {
   // Match the first input element, if any.
-  // If more than one match is made, then we have ambiguity (due to misuse
-  // of "name" attribute) so is it considered not found.
   bool found_input = false;
+  base::string16 field_name =
+      FieldName(field, ambiguous_or_no_name_and_id_attribute);
   for (size_t i = 0; i < control_elements.size(); ++i) {
-    if (control_elements[i].nameForAutofill() != field.name)
+    if (!control_elements[i].hasHTMLTagName("input"))
       continue;
 
-    if (!control_elements[i].hasHTMLTagName("input"))
+    // Only fill saved passwords into password fields and usernames into text
+    // fields.
+    const blink::WebInputElement input_element =
+        control_elements[i].toConst<blink::WebInputElement>();
+    bool is_password_field = IsPasswordField(field);
+    if (input_element.isPasswordField() != is_password_field)
       continue;
 
+    // For change password form keep only the first password field entry.

[dvadym, 2015/09/11 14:15:34]

Could you please test case when we have more than one password and no id/name
attributes?

[Pritam Nikam, 2015/09/12 06:51:44]

Done.

Added a test:
PasswordManagerBrowserTestBase.AutofillSuggetionsForChangePasswordFormWithoutNameOrIdAttribute

+    FormInputElementMap::const_iterator old_entry = result->find(field_name);

[dvadym, 2015/09/11 14:15:34]

It seems that we don't need to make look-up in a map. Since if we already found
this element then found_input = true and the names of username and password
fields should be different since you've implemented this.

[Pritam Nikam, 2015/09/12 06:51:44]

Done.

+    if (ambiguous_or_no_name_and_id_attribute && is_password_field &&
+        old_entry != result->end() && old_entry->second.isPasswordField()) {
+      continue;
+    }
+
     // Check for a non-unique match.
     if (found_input) {
       found_input = false;
       break;
     }
 
-    // Only fill saved passwords into password fields and usernames into
-    // text fields.
-    const blink::WebInputElement input_element =
-        control_elements[i].toConst<blink::WebInputElement>();
-    if (input_element.isPasswordField() !=
-        (field.form_control_type == "password"))
-      continue;
-
-    (*result)[field.name] = input_element;
+    (*result)[field_name] = input_element;
     found_input = true;
   }
 
   // A required element was not found. This is not the right form.
   // Make sure no input elements from a partially matched form in this
   // iteration remain in the result set.
   // Note: clear will remove a reference from each InputElement.
   if (!found_input) {
     result->clear();
     return false;
@@ skipping 41 matching lines @@
 
   return group_name !=
          kFillOnAccountSelectFieldTrialEnabledWithNoHighlightGroup;
 }
 
 // Helper to search through |control_elements| for the specified input elements
 // in |data|, and add results to |result|.
 bool FindFormInputElements(
     const std::vector<blink::WebFormControlElement>& control_elements,
     const PasswordFormFillData& data,
+    bool ambiguous_or_no_name_and_id_attribute,
     FormInputElementMap* result) {
-  return FindFormInputElement(control_elements, data.password_field, result) &&
-         (!FillDataContainsFillableUsername(data) ||
-          FindFormInputElement(control_elements, data.username_field, result));
+  return FindFormInputElement(control_elements, data.password_field,
+                              ambiguous_or_no_name_and_id_attribute, result) &&
+         (!(ambiguous_or_no_name_and_id_attribute ||
+            FillDataContainsFillableUsername(data)) ||
+          FindFormInputElement(control_elements, data.username_field,
+                               ambiguous_or_no_name_and_id_attribute, result));
 }
 
 // Helper to locate form elements identified by |data|.
 void FindFormElements(content::RenderFrame* render_frame,
                       const PasswordFormFillData& data,
+                      bool ambiguous_or_no_name_and_id_attribute,
                       FormElementsList* results) {
   DCHECK(results);
 
   blink::WebDocument doc = render_frame->GetWebFrame()->document();
   if (!doc.isHTMLDocument())
     return;
 
   if (data.origin != GetCanonicalOriginForDocument(doc))
     return;
 
   blink::WebVector<blink::WebFormElement> forms;
   doc.forms(forms);
 
   for (size_t i = 0; i < forms.size(); ++i) {
     blink::WebFormElement fe = forms[i];
 
     // Action URL must match.
     if (data.action != GetCanonicalActionForForm(fe))
       continue;
 
     std::vector<blink::WebFormControlElement> control_elements =
         ExtractAutofillableElementsInForm(fe);
     FormInputElementMap cur_map;
-    if (FindFormInputElements(control_elements, data, &cur_map))
+    if (FindFormInputElements(control_elements, data,
+                              ambiguous_or_no_name_and_id_attribute, &cur_map))
       results->push_back(cur_map);
   }
   // If the element to be filled are not in a <form> element, the "action" and
   // origin should be the same.
   if (data.action != data.origin)
     return;
 
   std::vector<blink::WebFormControlElement> control_elements =
       GetUnownedAutofillableFormFieldElements(doc.all(), nullptr);
   FormInputElementMap unowned_elements_map;
-  if (FindFormInputElements(control_elements, data, &unowned_elements_map))
+  if (FindFormInputElements(control_elements, data,
+                            ambiguous_or_no_name_and_id_attribute,
+                            &unowned_elements_map))
     results->push_back(unowned_elements_map);
 }
 
 bool IsElementEditable(const blink::WebInputElement& element) {
   return element.isEnabled() && !element.isReadOnly();
 }
 
 bool DoUsernamesMatch(const base::string16& username1,
                       const base::string16& username2,
                       bool exact_match) {
@@ skipping 208 matching lines @@
   while (cur_frame->parent()) {
     cur_frame = cur_frame->parent();
     if (!bottom_frame_origin.equals(cur_frame->securityOrigin().toString()))
       return false;
   }
 
   // If we can't modify the password, don't try to set the username
   if (!IsElementAutocompletable(password_element))
     return false;
 
-  bool form_contains_fillable_username_field =
-      FillDataContainsFillableUsername(fill_data);
+  base::string16 username_field_name =
+      FieldName(fill_data.username_field,
+                PasswordFormWithAmbiguousOrNoNameAndIdAttribute(fill_data));
   // If the form contains an autocompletable username field, try to set the
   // username to the preferred name, but only if:
   //   (a) The fill-on-account-select flag is not set, and
   //   (b) The username element isn't prefilled
   //
   // If (a) is false, then just mark the username element as autofilled if the
   // user is not in the "no highlighting" group and return so the fill step is
   // skipped.
   //
   // If there is no autocompletable username field, and (a) is false, then the
   // username element cannot be autofilled, but the user should still be able to
   // select to fill the password element, so the password element must be marked
   // as autofilled and the fill step should also be skipped if the user is not
   // in the "no highlighting" group.
   //
   // In all other cases, do nothing.
-  bool form_has_fillable_username = form_contains_fillable_username_field &&
+  bool form_has_fillable_username = !username_field_name.empty() &&
                                     IsElementAutocompletable(username_element);
 
   if (ShouldFillOnAccountSelect()) {
     if (!ShouldHighlightFields()) {
       return false;
     }
 
     if (form_has_fillable_username) {
       username_element.setAutofilled(true);
     } else if (username_element.isNull() ||
@@ skipping 174 matching lines @@
 
   // If wait_for_username is true we will fill when the username loses focus.
   if (iter->second.fill_data.wait_for_username)
     return false;
 
   if (!element.isText() || !IsElementAutocompletable(element) ||
       !IsElementAutocompletable(iter->second.password_field)) {
     return false;
   }
 
   if (element.nameForAutofill().isEmpty())

[dvadym, 2015/09/11 14:15:34]

We need to consider how to correctly show password suggestion in our case. FYI
this line moved in another CL to method ShowSuggestions, but it didn't change
anything.

[Pritam Nikam, 2015/09/12 06:51:44]

Done.

     return false;  // If the field has no name, then we won't have values.
 
   // Don't attempt to autofill with values that are too large.
   if (element.value().length() > kMaximumTextSizeForAutocomplete)
     return false;
 
   // Show the popup with the list of available usernames.
   ShowSuggestionPopup(iter->second.fill_data, element, false, false);
   return true;
 }
@@ skipping 518 matching lines @@
   }
 
   // This is a new navigation, so require a new user gesture before filling in
   // passwords.
   gatekeeper_.Reset();
 }
 
 void PasswordAutofillAgent::OnFillPasswordForm(
     int key,
     const PasswordFormFillData& form_data) {
-
+  bool ambiguous_or_no_name_and_id_attribute =
+      PasswordFormWithAmbiguousOrNoNameAndIdAttribute(form_data);
   FormElementsList forms;
-  FindFormElements(render_frame(), form_data, &forms);
+  FindFormElements(render_frame(), form_data,
+                   ambiguous_or_no_name_and_id_attribute, &forms);
   FormElementsList::iterator iter;
   for (iter = forms.begin(); iter != forms.end(); ++iter) {
     // Attach autocomplete listener to enable selecting alternate logins.
     blink::WebInputElement username_element, password_element;
 
+    base::string16 username_field_name = FieldName(
+        form_data.username_field, ambiguous_or_no_name_and_id_attribute);
+    base::string16 password_field_name = FieldName(
+        form_data.password_field, ambiguous_or_no_name_and_id_attribute);
+
     // Check whether the password form has a username input field.
-    bool form_contains_fillable_username_field =
-        FillDataContainsFillableUsername(form_data);
-    if (form_contains_fillable_username_field) {
-      username_element =
-          (*iter)[form_data.username_field.name];
+    if (!username_field_name.empty()) {
+      username_element = (*iter)[username_field_name];
     }
 
     // No password field, bail out.
-    if (form_data.password_field.name.empty())
+    if (password_field_name.empty())
       break;
 
     // We might have already filled this form if there are two <form> elements
     // with identical markup.
     if (login_to_password_info_.find(username_element) !=
         login_to_password_info_.end())
       continue;
 
     // Get pointer to password element. (We currently only support single
     // password forms).
-    password_element = (*iter)[form_data.password_field.name];
+    password_element = (*iter)[password_field_name];
 
     // If wait_for_username is true, we don't want to initially fill the form
     // until the user types in a valid username.
     if (!form_data.wait_for_username) {
       FillFormOnPasswordReceived(
           form_data,
           username_element,
           password_element,
           &nonscript_modified_values_,
           base::Bind(&PasswordValueGatekeeper::RegisterElement,
@@ skipping 194 matching lines @@
 void PasswordAutofillAgent::LegacyPasswordAutofillAgent::DidStopLoading() {
   agent_->DidStopLoading();
 }
 
 void PasswordAutofillAgent::LegacyPasswordAutofillAgent::
     DidStartProvisionalLoad(blink::WebLocalFrame* navigated_frame) {
   agent_->LegacyDidStartProvisionalLoad(navigated_frame);
 }
 
 }  // namespace autofill