Issue 1384283003: Do not involve PasswordManagerDriver in filling HTTP-auth forms; also check realm

Issue 1384283003: Do not involve PasswordManagerDriver in filling HTTP-auth forms; also check realm (Closed)

Created:
5 years, 2 months ago by vabr (Chromium)

Modified:
5 years, 2 months ago

Reviewers:
melandory, Peter Kasting, davidben

CC:
chromium-reviews, asanka, benjhayden+dwatch_chromium.org, tfarina, vabr+watchlist_chromium.org, dzhioev+watch_chromium.org, achuith+watch_chromium.org, gcasto+watchlist_chromium.org, mkwst+watchlist-passwords_chromium.org

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Do not involve PasswordManagerDriver in filling HTTP-auth forms; also check realm The HTTP authentication is not tied to a renderer and happens completely browser-side. This CL simplifies the password manager API for filling these forms to avoid referencing the renderer. It also enhances LoginModelObserver to filter irrelevant credentials by realm. BUG=537823 Committed: https://crrev.com/e0e1e99f39349e912612e58249393f2281de4d00 Cr-Commit-Position: refs/heads/master@{#352816}

Patch Set 1 : #

Patch Set 2 : Fixed tests #

Patch Set 3 : Complete with new tests #

Total comments: 4

Patch Set 4 : Just rebased #

Patch Set 5 : Comments addressed #

Patch Set 6 : Fix a code comment #

Patch Set 7 : Fix Mac #

Total comments: 16

Created: 5 years, 2 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+398 lines, -120 lines)			Patch
M	chrome/browser/password_manager/password_manager_browsertest.cc	View	1	3 chunks	+68 lines, -0 lines	0 comments	Download
M	chrome/browser/ui/android/login_prompt_android.cc	View	1 2 3 4	4 chunks	+10 lines, -7 lines	0 comments	Download
M	chrome/browser/ui/cocoa/login_prompt_cocoa.mm	View	1 2 3 4 5 6	3 chunks	+10 lines, -6 lines	0 comments	Download
M	chrome/browser/ui/login/login_prompt.h	View	1 2 3 4	4 chunks	+28 lines, -8 lines	4 comments	Download
M	chrome/browser/ui/login/login_prompt.cc	View	1 2 3 4	11 chunks	+38 lines, -35 lines	8 comments	Download
M	chrome/browser/ui/views/login_prompt_views.cc	View	1 2 3 4	4 chunks	+7 lines, -6 lines	0 comments	Download
M	chrome/browser/ui/views/login_view.h	View	1 2 3 4 5	3 chunks	+8 lines, -5 lines	0 comments	Download
M	chrome/browser/ui/views/login_view.cc	View	1 2 3 4	4 chunks	+9 lines, -6 lines	0 comments	Download
M	components/autofill/core/common/save_password_progress_logger.h	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	components/autofill/core/common/save_password_progress_logger.cc	View		1 chunk	+2 lines, -0 lines	0 comments	Download
M	components/components_tests.gyp	View	1 2 3	1 chunk	+1 line, -0 lines	0 comments	Download
M	components/password_manager.gypi	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	components/password_manager/core/browser/BUILD.gn	View	1 2	2 chunks	+2 lines, -0 lines	0 comments	Download
M	components/password_manager/core/browser/login_model.h	View		1 chunk	+43 lines, -10 lines	0 comments	Download
A	components/password_manager/core/browser/login_model.cc	View		1 chunk	+27 lines, -0 lines	0 comments	Download
A	components/password_manager/core/browser/login_model_unittest.cc	View	1 2	1 chunk	+66 lines, -0 lines	0 comments	Download
M	components/password_manager/core/browser/password_form_manager.h	View		1 chunk	+3 lines, -0 lines	0 comments	Download
M	components/password_manager/core/browser/password_form_manager.cc	View		5 chunks	+17 lines, -1 line	0 comments	Download
M	components/password_manager/core/browser/password_manager.h	View		1 chunk	+8 lines, -1 line	0 comments	Download
M	components/password_manager/core/browser/password_manager.cc	View		5 chunks	+49 lines, -35 lines	4 comments	Download

Messages

Total messages: 26 (10 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

vabr (Chromium)

Hi all, please have a look as follows: pkasting: //chrome/browser/ui/* davidben: Please review the whole ...

5 years, 2 months ago (2015-10-06 14:06:13 UTC) #3

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1384283003/60001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1384283003/60001

5 years, 2 months ago (2015-10-06 14:07:47 UTC) #5

vabr (Chromium)

Tanja, could you please review the password_manager part? Cheers, Vaclav

5 years, 2 months ago (2015-10-06 14:23:22 UTC) #7

melandory

On 2015/10/06 14:23:22, vabr (Chromium) wrote: > Tanja, could you please review the password_manager part? ...

5 years, 2 months ago (2015-10-06 14:46:22 UTC) #8

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

5 years, 2 months ago (2015-10-06 15:04:17 UTC) #10

Peter Kasting

LGTM https://codereview.chromium.org/1384283003/diff/60001/chrome/browser/ui/login/login_prompt.cc File chrome/browser/ui/login/login_prompt.cc (right): https://codereview.chromium.org/1384283003/diff/60001/chrome/browser/ui/login/login_prompt.cc#newcode152 chrome/browser/ui/login/login_prompt.cc:152: return client->GetPasswordManager(); Nit: Shorter: return client ? client->GetPasswordManager() ...

5 years, 2 months ago (2015-10-06 22:14:49 UTC) #11

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1384283003/120001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1384283003/120001

5 years, 2 months ago (2015-10-07 09:04:03 UTC) #13

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1384283003/140001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1384283003/140001

5 years, 2 months ago (2015-10-07 10:02:25 UTC) #15

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

5 years, 2 months ago (2015-10-07 10:21:34 UTC) #17

vabr (Chromium)

Thanks, Peter, for the speedy review! I addressed your comments. The second one was a ...

5 years, 2 months ago (2015-10-07 10:29:23 UTC) #18

Thanks, Peter, for the speedy review!

I addressed your comments. The second one was a bit tricky, so I did my best,
and will be landing this asap (once I check that this change works on iOS as
well). I'm happy to do any follow-ups you request.

David, I won't wait for your review this time, because I have OWNERS coverage,
and you seemed happy in general with my proposal on the bug. Again, I'm happy to
do follow-ups.

Cheers,
Vaclav

https://codereview.chromium.org/1384283003/diff/60001/chrome/browser/ui/login...
File chrome/browser/ui/login/login_prompt.cc (right):

https://codereview.chromium.org/1384283003/diff/60001/chrome/browser/ui/login...
chrome/browser/ui/login/login_prompt.cc:152: return
client->GetPasswordManager();
On 2015/10/06 22:14:49, Peter Kasting wrote:
> Nit: Shorter:
> 
>   return client ? client->GetPasswordManager() : nullptr;

Done.

https://codereview.chromium.org/1384283003/diff/60001/chrome/browser/ui/login...
File chrome/browser/ui/login/login_prompt.h (right):

https://codereview.chromium.org/1384283003/diff/60001/chrome/browser/ui/login...
chrome/browser/ui/login/login_prompt.h:58: const autofill::PasswordForm*
observed_form) = 0;
On 2015/10/06 22:14:49, Peter Kasting wrote:
> I can't say I love the pervasive
> 
>   DCHECK_EQ(manager == nullptr, observed_form == nullptr);
> 
> that this generates.  I wonder if it would make sense to split this into two
> functions, one of which takes an explanation, and one of which takes a
non-null
> manager and observed_form as well.  Maybe not, since most implementations seem
> to want to act similarly on both.
> 
> Maybe we should just move |manager| to be the second arg (to keep it next to
> |observed_form| since they both seem to be optional)?  The DCHECK could also
be
> shortened:
> 
>   DCHECK_EQ(!manager, !observed_form);
> 
> ...but I'm not sure that's more readable.

You raise a good point. I attempted to solve this by bundling the login model
and the form into a struct, to enforce passing both or none.

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1384283003/140001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1384283003/140001

5 years, 2 months ago (2015-10-07 11:00:26 UTC) #21

commit-bot: I haz the power

Patchset 7 (id:??) landed as https://crrev.com/e0e1e99f39349e912612e58249393f2281de4d00 Cr-Commit-Position: refs/heads/master@{#352816}

5 years, 2 months ago (2015-10-07 11:07:17 UTC) #23

Peter Kasting

LGTM, this solution is better than mine were. https://codereview.chromium.org/1384283003/diff/140001/chrome/browser/ui/login/login_prompt.cc File chrome/browser/ui/login/login_prompt.cc (right): https://codereview.chromium.org/1384283003/diff/140001/chrome/browser/ui/login/login_prompt.cc#newcode286 chrome/browser/ui/login/login_prompt.cc:286: login_model_->RemoveObserver(this); ...

5 years, 2 months ago (2015-10-07 22:27:07 UTC) #24

davidben

lgtm and sorry about the delay. Feel free to tackle or not tackle the "Existing ...

5 years, 2 months ago (2015-10-07 23:13:54 UTC) #25

Message was sent while issue was closed.

lgtm and sorry about the delay. Feel free to tackle or not tackle the "Existing
{un,tangentially-}related issue"s as you like. I'll doing a pass over this code
myself now that you've resolved the password manager bits.

(I'm moving the chrome/content boundary to be after the thread hops and surfaced
out of WebContentsDelegate so that this thing needn't mess with threads and IDs
and ref-counts and fun things like that.)

https://codereview.chromium.org/1384283003/diff/140001/chrome/browser/ui/logi...
File chrome/browser/ui/login/login_prompt.cc (right):

https://codereview.chromium.org/1384283003/diff/140001/chrome/browser/ui/logi...
chrome/browser/ui/login/login_prompt.cc:445: LoginHandler* handler) {
(Existing unrelated issue, but this and the two functions below probably want to
be in some anonymous namespace since they're not exported outside this header.)

https://codereview.chromium.org/1384283003/diff/140001/chrome/browser/ui/logi...
chrome/browser/ui/login/login_prompt.cc:470:
handler->SetPasswordForm(dialog_form);
(Existing unrelated issue, but it's pretty weird to have this function bother
return a PasswordForm and also stash it somewhere. Could remove the LoginHandler
parameter so this purely creates a PasswordForm and then move the
SetPasswordForm call to the caller.)

https://codereview.chromium.org/1384283003/diff/140001/chrome/browser/ui/logi...
chrome/browser/ui/login/login_prompt.cc:539: handler->BuildView(explanation,
&model_data);
(Existing tangentially-related issue, but it's pretty weird to have LoginHandler
receive PasswordManager and PasswordForm in two ways, both in
SetPassword{Form,Manager} and as a parameter to BuildView.)

https://codereview.chromium.org/1384283003/diff/140001/chrome/browser/ui/logi...
File chrome/browser/ui/login/login_prompt.h (right):

https://codereview.chromium.org/1384283003/diff/140001/chrome/browser/ui/logi...
chrome/browser/ui/login/login_prompt.h:31: class ContentPasswordManagerDriver;
No longer needed.

https://codereview.chromium.org/1384283003/diff/140001/components/password_ma...
File components/password_manager/core/browser/password_manager.cc (right):

https://codereview.chromium.org/1384283003/diff/140001/components/password_ma...
components/password_manager/core/browser/password_manager.cc:402: const
PasswordForm& observed_form) {
In a vacuum, I think an API like perhaps

  void PasswordManager::GetPreferredCredentials(
      const PasswordForm& observed_form,
      const base::Callback<std::string, std::string>& callback) {
    // Call |callback| if credentials are found.
  }

would be cleaner. (If you get two copies of the same prompt, I think this
observer mechanism will still double-signal. It just won't matter because the
realms will match.) But that seems a much more involved job and I'm not familiar
with this code, so I'll leave that judgement to you.

https://codereview.chromium.org/1384283003/diff/140001/components/password_ma...
components/password_manager/core/browser/password_manager.cc:751:
logger->LogMessage(Logger::STRING_PASSWORDMANAGER_AUTOFILLHTTPAUTH);
[I have no idea what this logger thing is for and will defer to you on whether
havnig a separate one for HTTP is what you want. :-) ]

vabr (Chromium)

5 years, 2 months ago (2015-10-08 10:24:12 UTC) #26

Message was sent while issue was closed.

Thanks for the additional comments!

I answered here, and uploaded https://codereview.chromium.org/1395473003/ with
the actual code changes.

Cheers,
Vaclav

https://codereview.chromium.org/1384283003/diff/140001/chrome/browser/ui/logi...
File chrome/browser/ui/login/login_prompt.cc (right):

https://codereview.chromium.org/1384283003/diff/140001/chrome/browser/ui/logi...
chrome/browser/ui/login/login_prompt.cc:286: login_model_->RemoveObserver(this);
On 2015/10/07 22:27:07, Peter Kasting wrote:
> Nit: I wonder if this should be a call to ResetModel() instead?
> 
> It doesn't matter much for this implementation; the question would be, let's
say
> someday we want resetting the model to include some more complicated logic or
> series of actions.  In that world, would we need to add that code to both
these
> functions?  If yes, then this should probably just call that.

I was considering this, and did not find compelling reasons to do so. But you
found one, and I agree, so will switch to ResetModel here.
Done.

https://codereview.chromium.org/1384283003/diff/140001/chrome/browser/ui/logi...
chrome/browser/ui/login/login_prompt.cc:445: LoginHandler* handler) {
On 2015/10/07 23:13:54, David Benjamin wrote:
> (Existing unrelated issue, but this and the two functions below probably want
to
> be in some anonymous namespace since they're not exported outside this
header.)

Done.

https://codereview.chromium.org/1384283003/diff/140001/chrome/browser/ui/logi...
chrome/browser/ui/login/login_prompt.cc:470:
handler->SetPasswordForm(dialog_form);
On 2015/10/07 23:13:54, David Benjamin wrote:
> (Existing unrelated issue, but it's pretty weird to have this function bother
> return a PasswordForm and also stash it somewhere. Could remove the
LoginHandler
> parameter so this purely creates a PasswordForm and then move the
> SetPasswordForm call to the caller.)

Done.

https://codereview.chromium.org/1384283003/diff/140001/chrome/browser/ui/logi...
chrome/browser/ui/login/login_prompt.cc:539: handler->BuildView(explanation,
&model_data);
On 2015/10/07 23:13:54, David Benjamin wrote:
> (Existing tangentially-related issue, but it's pretty weird to have
LoginHandler
> receive PasswordManager and PasswordForm in two ways, both in
> SetPassword{Form,Manager} and as a parameter to BuildView.)

Done.

https://codereview.chromium.org/1384283003/diff/140001/chrome/browser/ui/logi...
File chrome/browser/ui/login/login_prompt.h (right):

https://codereview.chromium.org/1384283003/diff/140001/chrome/browser/ui/logi...
chrome/browser/ui/login/login_prompt.h:31: class ContentPasswordManagerDriver;
On 2015/10/07 23:13:54, David Benjamin wrote:
> No longer needed.

Done.

https://codereview.chromium.org/1384283003/diff/140001/chrome/browser/ui/logi...
chrome/browser/ui/login/login_prompt.h:112: // Clear |login_model_| and remove
|this| as an observer.
On 2015/10/07 22:27:07, Peter Kasting wrote:
> Nit: "Clears", "removes"

Done.

https://codereview.chromium.org/1384283003/diff/140001/components/password_ma...
File components/password_manager/core/browser/password_manager.cc (right):

https://codereview.chromium.org/1384283003/diff/140001/components/password_ma...
components/password_manager/core/browser/password_manager.cc:402: const
PasswordForm& observed_form) {
On 2015/10/07 23:13:54, David Benjamin wrote:
> In a vacuum, I think an API like perhaps
> 
>   void PasswordManager::GetPreferredCredentials(
>       const PasswordForm& observed_form,
>       const base::Callback<std::string, std::string>& callback) {
>     // Call |callback| if credentials are found.
>   }
> 
> would be cleaner. (If you get two copies of the same prompt, I think this
> observer mechanism will still double-signal. It just won't matter because the
> realms will match.) But that seems a much more involved job and I'm not
familiar
> with this code, so I'll leave that judgement to you.

I agree with you that what you suggest would be a cleaner approach. On the other
hand, the observer list currently is there to guarantee that observers can get
removed and added any time in a safe way, so to use the callback, we would need
a weak pointer to the observer or something analogous.

The double-signal is not a big issue (not a security one, and performance-wise
we are not too concerned, given the expected number of the observers). We might
have a major redesign of the code during the coming year or so, so at this point
I'd prefer not to invest too much effort in clearing this particular issue. I'm
noting a TODO, nevertheless, so that your observation is kept once we get to the
redesign.

https://codereview.chromium.org/1384283003/diff/140001/components/password_ma...
components/password_manager/core/browser/password_manager.cc:751:
logger->LogMessage(Logger::STRING_PASSWORDMANAGER_AUTOFILLHTTPAUTH);
On 2015/10/07 23:13:54, David Benjamin wrote:
> [I have no idea what this logger thing is for and will defer to you on whether
> havnig a separate one for HTTP is what you want. :-) ]

This is for the chrome://password-manager-internals page. It has been useful to
have the logs indicate the code path taken by signatures of notable methods.
While it would probably be possible to deduce this from the other messages
currently, I don't see a harm in having it explicit.

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages