Support individual Keychain item deletion

chrome/browser/password_manager/password_store_mac_unittest.cc

 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "testing/gtest/include/gtest/gtest.h"
 
 #include "base/basictypes.h"
 #include "base/stl_util-inl.h"
 #include "chrome/browser/keychain_mock_mac.h"
 #include "chrome/browser/password_manager/password_store_mac.h"
@@ skipping 302 matching lines @@
     { { PasswordForm::SCHEME_DIGEST, "https://some.domain.com/high_security",
         NULL, NULL, NULL, NULL, NULL, NULL, NULL, false, true, 0 }, 1 },
     // Digest auth with the wrong domain.
     { { PasswordForm::SCHEME_DIGEST, "https://some.domain.com/other_domain",
         NULL, NULL, NULL, NULL, NULL, NULL, NULL, false, true, 0 }, 0 },
     // Garbage forms should have no matches.
     { { PasswordForm::SCHEME_HTML, "foo/bar/baz",
         NULL, NULL, NULL, NULL, NULL, NULL, NULL, false, false, 0 }, 0 },
   };
 
-  MacKeychainPasswordFormAdapter keychainAdapter(keychain_);
+  MacKeychainPasswordFormAdapter keychain_adapter(keychain_);
+  MacKeychainPasswordFormAdapter owned_keychain_adapter(keychain_);
+  owned_keychain_adapter.SetFindsOnlyOwnedItems(true);
   for (unsigned int i = 0; i < ARRAYSIZE_UNSAFE(test_data); ++i) {
     scoped_ptr<PasswordForm> query_form(
         CreatePasswordFormFromData(test_data[i].data));
     std::vector<PasswordForm*> matching_items =
-        keychainAdapter.PasswordsMatchingForm(*query_form);
+        keychain_adapter.PasswordsMatchingForm(*query_form);
     EXPECT_EQ(test_data[i].expected_matches, matching_items.size());
     STLDeleteElements(&matching_items);
+
+    // None of the pre-seeded items are owned by us, so none should match an
+    // owned-passwords-only search.
+    matching_items = owned_keychain_adapter.PasswordsMatchingForm(*query_form);
+    EXPECT_EQ(0U, matching_items.size());
+    STLDeleteElements(&matching_items);
   }
 }
 
 // Changes just the origin path of |form|.
 static void SetPasswordFormPath(PasswordForm* form, const char* path) {
   GURL::Replacements replacement;
   std::string new_value(path);
   replacement.SetPathStr(new_value);
   form->origin = form->origin.ReplaceComponents(replacement);
 }
@@ skipping 10 matching lines @@
 // Changes just the signon_ream auth realm of |form|.
 static void SetPasswordFormRealm(PasswordForm* form, const char* realm) {
   GURL::Replacements replacement;
   std::string new_value(realm);
   replacement.SetPathStr(new_value);
   GURL signon_gurl = GURL(form->signon_realm);
   form->signon_realm = signon_gurl.ReplaceComponents(replacement).spec();
 }
 
 TEST_F(PasswordStoreMacTest, TestKeychainExactSearch) {
-  MacKeychainPasswordFormAdapter keychainAdapter(keychain_);
+  MacKeychainPasswordFormAdapter keychain_adapter(keychain_);
 
   PasswordFormData base_form_data[] = {
     { PasswordForm::SCHEME_HTML, "http://some.domain.com/",
       "http://some.domain.com/insecure.html",
       NULL, NULL, NULL, NULL, L"joe_user", NULL, true, false, 0 },
     { PasswordForm::SCHEME_BASIC, "http://some.domain.com:4567/low_security",
       "http://some.domain.com:4567/insecure.html",
       NULL, NULL, NULL, NULL, L"basic_auth_user", NULL, true, false, 0 },
     { PasswordForm::SCHEME_DIGEST, "https://some.domain.com/high_security",
       "https://some.domain.com",
       NULL, NULL, NULL, NULL, L"digest_auth_user", NULL, true, true, 0 },
   };
 
   for (unsigned int i = 0; i < arraysize(base_form_data); ++i) {
     // Create a base form and make sure we find a match.
     scoped_ptr<PasswordForm> base_form(CreatePasswordFormFromData(
         base_form_data[i]));
     PasswordForm* match =
-        keychainAdapter.PasswordExactlyMatchingForm(*base_form);
+        keychain_adapter.PasswordExactlyMatchingForm(*base_form);
     EXPECT_TRUE(match != NULL);
     if (match) {
       EXPECT_EQ(base_form->scheme, match->scheme);
       EXPECT_EQ(base_form->origin, match->origin);
       EXPECT_EQ(base_form->username_value, match->username_value);
       delete match;
     }
 
     // Make sure that the matching isn't looser than it should be by checking
     // that slightly altered forms don't match.
@@ skipping 15 matching lines @@
     modified_forms.back()->blacklisted_by_user = true;
 
     if (base_form->scheme == PasswordForm::SCHEME_BASIC ||
         base_form->scheme == PasswordForm::SCHEME_DIGEST) {
       modified_forms.push_back(new PasswordForm(*base_form));
       SetPasswordFormRealm(modified_forms.back(), "incorrect");
     }
 
     for (unsigned int j = 0; j < modified_forms.size(); ++j) {
       PasswordForm* match =
-          keychainAdapter.PasswordExactlyMatchingForm(*modified_forms[j]);
+          keychain_adapter.PasswordExactlyMatchingForm(*modified_forms[j]);
       EXPECT_EQ(NULL, match) << "In modified version " << j << " of base form "
                              << i;
     }
     STLDeleteElements(&modified_forms);
   }
 }
 
 TEST_F(PasswordStoreMacTest, TestKeychainAdd) {
   struct TestDataAndExpectation {
     PasswordFormData data;
@@ skipping 17 matching lines @@
     { { PasswordForm::SCHEME_HTML, "gobbledygook",
         "gobbledygook", NULL, NULL, NULL, NULL,
         L"anonymous", L"knock-knock", false, false, 0 }, false },
     // Test that failing to update a duplicate (forced using the magic failure
     // password; see MockKeychain::ItemModifyAttributesAndData) is reported.
     { { PasswordForm::SCHEME_HTML, "http://some.domain.com",
         "http://some.domain.com/insecure.html", NULL, NULL, NULL, NULL,
         L"joe_user", L"fail_me", false, false, 0 }, false },
   };
 
-  MacKeychainPasswordFormAdapter keychainAdapter(keychain_);
+  MacKeychainPasswordFormAdapter owned_keychain_adapter(keychain_);
+  owned_keychain_adapter.SetFindsOnlyOwnedItems(true);
 
   for (unsigned int i = 0; i < ARRAYSIZE_UNSAFE(test_data); ++i) {
     PasswordForm* in_form = CreatePasswordFormFromData(test_data[i].data);
-    bool add_succeeded = keychainAdapter.AddLogin(*in_form);
+    bool add_succeeded = owned_keychain_adapter.AddPassword(*in_form);
     EXPECT_EQ(test_data[i].should_succeed, add_succeeded);
     if (add_succeeded) {
       scoped_ptr<PasswordForm> out_form(
-          keychainAdapter.PasswordExactlyMatchingForm(*in_form));
+          owned_keychain_adapter.PasswordExactlyMatchingForm(*in_form));
       EXPECT_TRUE(out_form.get() != NULL);
       EXPECT_EQ(out_form->scheme, in_form->scheme);
       EXPECT_EQ(out_form->signon_realm, in_form->signon_realm);
       EXPECT_EQ(out_form->origin, in_form->origin);
       EXPECT_EQ(out_form->username_value, in_form->username_value);
       EXPECT_EQ(out_form->password_value, in_form->password_value);
     }
     delete in_form;
   }
 
   // Test that adding duplicate item updates the existing item.
   {
     PasswordFormData data = {
       PasswordForm::SCHEME_HTML, "http://some.domain.com",
       "http://some.domain.com/insecure.html", NULL,
       NULL, NULL, NULL, L"joe_user", L"updated_password", false, false, 0
     };
     PasswordForm* update_form = CreatePasswordFormFromData(data);
-    EXPECT_TRUE(keychainAdapter.AddLogin(*update_form));
+    MacKeychainPasswordFormAdapter keychain_adapter(keychain_);
+    EXPECT_TRUE(keychain_adapter.AddPassword(*update_form));
     SecKeychainItemRef keychain_item = reinterpret_cast<SecKeychainItemRef>(2);
     PasswordForm stored_form;
     internal_keychain_helpers::FillPasswordFormFromKeychainItem(*keychain_,
                                                                 keychain_item,
                                                                 &stored_form);
     EXPECT_EQ(update_form->password_value, stored_form.password_value);
     delete update_form;
   }
 }
 
+TEST_F(PasswordStoreMacTest, TestKeychainRemove) {
+  struct TestDataAndExpectation {
+    PasswordFormData data;
+    bool should_succeed;
+  };
+  TestDataAndExpectation test_data[] = {
+    // Test deletion of an item that we add.
+    { { PasswordForm::SCHEME_HTML, "http://web.site.com/",
+        "http://web.site.com/path/to/page.html", NULL, NULL, NULL, NULL,
+        L"anonymous", L"knock-knock", false, false, 0 }, true },
+    // Make sure we don't delete items we don't own.
+    { { PasswordForm::SCHEME_HTML, "http://some.domain.com/",
+        "http://some.domain.com/insecure.html", NULL, NULL, NULL, NULL,
+        L"joe_user", NULL, true, false, 0 }, false },
+  };
+
+  MacKeychainPasswordFormAdapter owned_keychain_adapter(keychain_);
+  owned_keychain_adapter.SetFindsOnlyOwnedItems(true);
+
+  // Add our test item so that we can delete it.
+  PasswordForm* add_form = CreatePasswordFormFromData(test_data[0].data);
+  EXPECT_TRUE(owned_keychain_adapter.AddPassword(*add_form));
+  delete add_form;
+  
+  for (unsigned int i = 0; i < ARRAYSIZE_UNSAFE(test_data); ++i) {
+    scoped_ptr<PasswordForm> form(CreatePasswordFormFromData(
+        test_data[i].data));
+    EXPECT_EQ(test_data[i].should_succeed,
+              owned_keychain_adapter.RemovePassword(*form));
+
+    MacKeychainPasswordFormAdapter keychain_adapter(keychain_);
+    PasswordForm* match = keychain_adapter.PasswordExactlyMatchingForm(*form);
+    EXPECT_EQ(test_data[i].should_succeed, match == NULL);
+    if (match) {
+      delete match;
+    }
+  }
+}
+
 TEST_F(PasswordStoreMacTest, TestFormMatch) {
   PasswordForm base_form;
   base_form.signon_realm = std::string("http://some.domain.com/");
   base_form.origin = GURL("http://some.domain.com/page.html");
   base_form.username_value = std::wstring(L"joe_user");
 
   {
     // Check that everything unimportant can be changed.
     PasswordForm different_form(base_form);
     different_form.username_element = std::wstring(L"username");
     different_form.submit_element = std::wstring(L"submit");
     different_form.username_element = std::wstring(L"password");
     different_form.password_value = std::wstring(L"sekrit");
     different_form.action = GURL("http://some.domain.com/action.cgi");
     different_form.ssl_valid = true;
     different_form.preferred = true;
     different_form.date_created = base::Time::Now();
-    bool paths_match = false;
     EXPECT_TRUE(internal_keychain_helpers::FormsMatchForMerge(base_form,
-                                                              different_form,
-                                                              &paths_match));
-    EXPECT_TRUE(paths_match);
+                                                              different_form));
 
-    // Check that we detect path differences, but still match.
+    // Check that path differences don't prevent a match.
     base_form.origin = GURL("http://some.domain.com/other_page.html");
     EXPECT_TRUE(internal_keychain_helpers::FormsMatchForMerge(base_form,
-                                                              different_form,
-                                                              &paths_match));
-    EXPECT_FALSE(paths_match);
+                                                              different_form));
   }
 
   // Check that any one primary key changing is enough to prevent matching.
   {
     PasswordForm different_form(base_form);
     different_form.scheme = PasswordForm::SCHEME_DIGEST;
     EXPECT_FALSE(internal_keychain_helpers::FormsMatchForMerge(base_form,
-                                                               different_form,
-                                                               NULL));
+                                                               different_form));
   }
   {
     PasswordForm different_form(base_form);
     different_form.signon_realm = std::string("http://some.domain.com:8080/");
     EXPECT_FALSE(internal_keychain_helpers::FormsMatchForMerge(base_form,
-                                                               different_form,
-                                                               NULL));
+                                                               different_form));
   }
   {
     PasswordForm different_form(base_form);
     different_form.username_value = std::wstring(L"john.doe");
     EXPECT_FALSE(internal_keychain_helpers::FormsMatchForMerge(base_form,
-                                                               different_form,
-                                                               NULL));
+                                                               different_form));
   }
   {
     PasswordForm different_form(base_form);
     different_form.blacklisted_by_user = true;
     EXPECT_FALSE(internal_keychain_helpers::FormsMatchForMerge(base_form,
-                                                               different_form,
-                                                               NULL));
+                                                               different_form));
   }
 
   // Blacklist forms should *never* match for merging, even when identical
   // (and certainly not when only one is a blacklist entry).
   {
     PasswordForm form_a(base_form);
     form_a.blacklisted_by_user = true;
     PasswordForm form_b(form_a);
-    EXPECT_FALSE(internal_keychain_helpers::FormsMatchForMerge(form_a, form_b,
-                                                               NULL));
+    EXPECT_FALSE(internal_keychain_helpers::FormsMatchForMerge(form_a, form_b));
   }
 }
 
 TEST_F(PasswordStoreMacTest, TestFormMerge) {
   // Set up a bunch of test data to use in varying combinations.
   PasswordFormData keychain_user_1 =
       { PasswordForm::SCHEME_HTML, "http://some.domain.com/",
         "http://some.domain.com/", "", L"", L"", L"", L"joe_user", L"sekrit",
         false, false, 1010101010 };
   PasswordFormData keychain_user_1_with_path =
@@ skipping 137 matching lines @@
                 test_case);
     CHECK_FORMS(database_forms, test_data[DATABASE_OUTPUT][test_case],
                 test_case);
     CHECK_FORMS(merged_forms, test_data[MERGE_OUTPUT][test_case], test_case);
 
     STLDeleteElements(&keychain_forms);
     STLDeleteElements(&database_forms);
     STLDeleteElements(&merged_forms);
   }
 }