Separate origin from explanation in HTTP Auth dialogs.

chrome/browser/ui/login/login_prompt.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/login/login_prompt.h"
 
 #include <string>
 #include <vector>
 
 #include "base/bind.h"
@@ skipping 104 matching lines @@
 
   std::string languages;
   content::WebContents* web_contents = handler->GetWebContentsForLogin();
   if (web_contents) {
     Profile* profile =
         Profile::FromBrowserContext(web_contents->GetBrowserContext());
     if (profile)
       languages = profile->GetPrefs()->GetString(prefs::kAcceptLanguages);
   }
 
-  base::string16 authority =
-      url_formatter::FormatUrlForSecurityDisplay(request_url, languages);
-  base::string16 explanation =
-      elided_realm.empty()
-          ? l10n_util::GetStringFUTF16(IDS_LOGIN_DIALOG_DESCRIPTION_NO_REALM,
-                                       authority)
-          : l10n_util::GetStringFUTF16(IDS_LOGIN_DIALOG_DESCRIPTION, authority,
-                                       elided_realm);
-
+  base::string16 authority = l10n_util::GetStringFUTF16(
+      IDS_LOGIN_DIALOG_AUTHORITY,
+      url_formatter::FormatUrlForSecurityDisplay(request_url, languages));

[palmer, 2015/11/19 23:01:28]

Idea: Use FormatUrlForSecurityDisplayOmitScheme iff IsOriginSecure --> true;
otherwise, FormatUrlForSecurityDisplay.

Idea: Always use FormatUrlForSecurityDisplayOmitScheme; if IsOriginSecure -->
false, use an explanation string that says "This web site is not secure" (or
other bikeshedded string).

I don't know if these are good ideas.

+  base::string16 explanation;
+  if (!elided_realm.empty()) {
+    explanation =
+        l10n_util::GetStringFUTF16(IDS_LOGIN_DIALOG_DESCRIPTION, elided_realm);

[palmer, 2015/11/19 23:01:28]

As I mentioned on the bug, I really would like to not show the realm at all. I
don't like to display untrustworthy strings in browser chrome, which should
contain only trustworthy/verified information.

+  }
   password_manager::PasswordManager* password_manager =
       handler->GetPasswordManagerForLogin();
 
   if (!password_manager) {
 #if defined(ENABLE_EXTENSIONS)
     // A WebContents in a <webview> (a GuestView type) does not have a password
     // manager, but still needs to be able to show login prompts.
     if (guest_view::GuestViewBase::FromWebContents(parent_contents)) {
-      handler->BuildViewWithoutPasswordManager(explanation);
+      handler->BuildViewWithoutPasswordManager(authority, explanation);
       return;
     }
 #endif
     handler->CancelAuth();
     return;
   }
 
   if (password_manager && password_manager->client()->IsLoggingActive()) {
     password_manager::BrowserSavePasswordProgressLogger logger(
         password_manager->client());
     logger.LogMessage(
         autofill::SavePasswordProgressLogger::STRING_SHOW_LOGIN_PROMPT_METHOD);
   }
 
   PasswordForm observed_form(
       MakeInputForPasswordManager(request_url, auth_info));
-  handler->BuildViewWithPasswordManager(explanation, password_manager,
-                                        observed_form);
+  handler->BuildViewWithPasswordManager(authority, explanation,
+                                        password_manager, observed_form);
 }
 
 }  // namespace
 
 // ----------------------------------------------------------------------------
 // LoginHandler
 
 LoginHandler::LoginModelData::LoginModelData(
     password_manager::LoginModel* login_model,
     const autofill::PasswordForm& observed_form)
@@ skipping 33 matching lines @@
       "Why is OnRequestCancelled called from the UI thread?";
 
   // Reference is no longer valid.
   request_ = NULL;
 
   // Give up on auth if the request was cancelled.
   CancelAuth();
 }
 
 void LoginHandler::BuildViewWithPasswordManager(
+    const base::string16& authority,
     const base::string16& explanation,
     password_manager::PasswordManager* password_manager,
     const autofill::PasswordForm& observed_form) {
   password_manager_ = password_manager;
   password_form_ = observed_form;
   LoginHandler::LoginModelData model_data(password_manager, observed_form);
-  BuildViewImpl(explanation, &model_data);
+  BuildViewImpl(authority, explanation, &model_data);
 }
 
 void LoginHandler::BuildViewWithoutPasswordManager(
+    const base::string16& authority,
     const base::string16& explanation) {
-  BuildViewImpl(explanation, nullptr);
+  BuildViewImpl(authority, explanation, nullptr);
 }
 
 WebContents* LoginHandler::GetWebContentsForLogin() const {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
 
   content::RenderFrameHost* rfh = content::RenderFrameHost::FromID(
       render_process_host_id_, render_frame_id_);
   return WebContents::FromRenderFrameHost(rfh);
 }
 
@@ skipping 371 matching lines @@
     signon_realm = auth_info.challenger.ToString();
     signon_realm.append("/");
   } else {
     // Take scheme, host, and port from the url.
     signon_realm = url.GetOrigin().spec();
     // This ends with a "/".
   }
   signon_realm.append(auth_info.realm);
   return signon_realm;
 }