[Password manager] Human readable origins for Android credentials on chrome://settings/passwords

chrome/browser/ui/webui/options/password_manager_handler.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/webui/options/password_manager_handler.h"
 
 #include "base/bind.h"
 #include "base/feature_list.h"
 #include "base/macros.h"
 #include "base/strings/string_number_conversions.h"
@@ skipping 27 matching lines @@
 
 #if defined(OS_WIN) && defined(USE_ASH)
 #include "chrome/browser/ui/ash/ash_util.h"
 #endif
 
 namespace options {
 
 namespace {
 // The following constants should be synchronized with the constants in
 // chrome/browser/resources/options/password_manager_list.js.
-const char kOriginField[] = "origin";
-const char kShownUrlField[] = "shownUrl";
+const char kUrlField[] = "url";
+const char kShownOriginField[] = "shownOrigin";
 const char kIsAndroidUriField[] = "isAndroidUri";
+const char kIsClickable[] = "isClickable";
 const char kIsSecureField[] = "isSecure";
 const char kUsernameField[] = "username";
 const char kPasswordField[] = "password";
 const char kFederationField[] = "federation";
 
 // Copies from |form| to |entry| the origin, shown origin, whether the origin is
 // Android URI, and whether the origin is secure.
 void CopyOriginInfoOfPasswordForm(const autofill::PasswordForm& form,
                                   const std::string& languages,
                                   base::DictionaryValue* entry) {
+  bool is_android_uri = false;
+  bool origin_is_clickable = false;
+  GURL link_url;
   entry->SetString(
-      kOriginField,
-      url_formatter::FormatUrl(
-          form.origin, languages, url_formatter::kFormatUrlOmitNothing,
-          net::UnescapeRule::SPACES, nullptr, nullptr, nullptr));
-  bool is_android_uri = false;
-  entry->SetString(kShownUrlField, password_manager::GetShownOrigin(
-                                       form, languages, &is_android_uri));
+      kShownOriginField,
+      password_manager::GetShownOriginAndLinkUrl(
+          form, languages, &is_android_uri, &link_url, &origin_is_clickable));
+  DCHECK(link_url.is_valid());

[engedy, 2016/03/02 14:22:10]

Hang on, how does this not fail for empty |link_url| for Android credentials
without matching web realms?

[kolos1, 2016/03/07 10:47:00]

It is not always PasswordForm.affiliated_web_realm. See into
GetShownOriginAndLinkUrl:
a) For non-Android forms: link_url is PasswordForm.origin.
b) For Android forms with non-empty affiliated_web_realm: it is
affiliated_web_realm. 
c) For Android forms with empty affiliated_web_realm: it is
PasswordForm.signon_realm. Could signon_realm be invalid URL? 

[engedy, 2016/03/08 17:36:37]

Please see my other comment. GetShownOriginAndLinkUrl() should return an empty
GURL as |link_url| in case (c).

+  entry->SetString(
+      kUrlField, url_formatter::FormatUrl(
+                     link_url, languages, url_formatter::kFormatUrlOmitNothing,
+                     net::UnescapeRule::SPACES, nullptr, nullptr, nullptr));
   entry->SetBoolean(kIsAndroidUriField, is_android_uri);
-  entry->SetBoolean(kIsSecureField, content::IsOriginSecure(form.origin));
+  entry->SetBoolean(kIsClickable, origin_is_clickable);
+  entry->SetBoolean(kIsSecureField, content::IsOriginSecure(link_url));

[engedy, 2016/03/02 14:22:10]

Nit: FWIW, Android credentials are always secure too, even if we don't know the
affiliated web realms.

[kolos1, 2016/03/07 10:47:00]

Thanks. 

Is it possible that the scheme of affiliated web realm is http? 

link_url is the URL where user will go to if he clicks on the origin on password
page. If we are going to show where the ulr is secure, let just check it. But
don't consider various cases. 

[engedy, 2016/03/08 17:36:37]

No, HTTP URLs are not valid facet URIs.
Let's discuss this offline tomorrow.

 }
 
 }  // namespace
 
 PasswordManagerHandler::PasswordManagerHandler()
     : password_manager_presenter_(this) {}
 
 PasswordManagerHandler::~PasswordManagerHandler() {}
 
 Profile* PasswordManagerHandler::GetProfile() {
@@ skipping 181 matching lines @@
     scoped_ptr<base::DictionaryValue> entry(new base::DictionaryValue);
     CopyOriginInfoOfPasswordForm(*exception, languages_, entry.get());
     entries.Append(entry.release());
   }
 
   web_ui()->CallJavascriptFunction("PasswordManager.setPasswordExceptionsList",
                                    entries);
 }
 
 }  // namespace options