Fix check for user gesture on password autofill

chrome/browser/password_manager/password_manager_browsertest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <string>
 
 #include "base/command_line.h"
 #include "base/metrics/histogram_samples.h"
 #include "base/metrics/statistics_recorder.h"
 #include "chrome/browser/chrome_notification_types.h"
@@ skipping 13 matching lines @@
 #include "content/public/browser/notification_registrar.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/browser/web_contents_observer.h"
 #include "content/public/test/browser_test_utils.h"
 #include "content/public/test/test_utils.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 #include "net/url_request/test_url_fetcher_factory.h"
 #include "testing/gmock/include/gmock/gmock.h"
+#include "third_party/WebKit/public/web/WebInputEvent.h"
 #include "ui/events/keycodes/keyboard_codes.h"
 
 
 // NavigationObserver ---------------------------------------------------------
 
 namespace {
 
 // Observer that waits for navigation to complete and for the password infobar
 // to be shown.
 class NavigationObserver : public content::NotificationObserver,
@@ skipping 123 matching lines @@
   void NavigateToFile(const std::string& path) {
     if (!embedded_test_server()->Started())
       ASSERT_TRUE(embedded_test_server()->InitializeAndWaitUntilReady());
 
     NavigationObserver observer(WebContents());
     GURL url = embedded_test_server()->GetURL(path);
     ui_test_utils::NavigateToURL(browser(), url);
     observer.Wait();
   }
 
+  // Executes |script| and uses the EXPECT macros to check the return value
+  // against |expected_return_value|.
+  void CheckScriptReturnValue(std::string& script, bool expected_return_value);
+
  private:
   DISALLOW_COPY_AND_ASSIGN(PasswordManagerBrowserTest);
 };
 
+void PasswordManagerBrowserTest::CheckScriptReturnValue(
+    std::string& script,
+    bool expected_return_value) {
+  const std::string wrapped_script =
+      std::string("window.domAutomationController.send(") + script + ");";
+  bool return_value = !expected_return_value;
+  ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
+      RenderViewHost(), wrapped_script, &return_value));
+  EXPECT_EQ(expected_return_value, return_value) << "script = " << script;
+}
+
 // Actual tests ---------------------------------------------------------------
 IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTest,
                        PromptForNormalSubmit) {
   NavigateToFile("/password/password_form.html");
 
   // Fill a form and submit through a <input type="submit"> button. Nothing
   // special.
   NavigationObserver observer(WebContents());
   std::string fill_and_submit =
       "document.getElementById('username_field').value = 'temp';"
@@ skipping 247 matching lines @@
   ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), fill_and_submit));
 
   first_observer.Wait();
   ASSERT_TRUE(first_observer.infobar_shown());
 
   // Now navigate to a login form that has similar HTML markup.
   NavigateToFile("/password/password_form.html");
 
   // Simulate a user click to force an autofill of the form's DOM value, not
   // just the suggested value.
-  std::string click = "document.getElementById('testform_no_name').click()";
-  ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), click));
+  content::SimulateMouseClick(
+      WebContents(), 0, blink::WebMouseEvent::ButtonLeft);
 
   // The form should be filled with the previously submitted username.
   std::string get_username =
       "window.domAutomationController.send("
       "document.getElementById('username_field').value);";
   std::string actual_username;
   ASSERT_TRUE(content::ExecuteScriptAndExtractString(RenderViewHost(),
                                                      get_username,
                                                      &actual_username));
   ASSERT_EQ("my_username", actual_username);
@@ skipping 108 matching lines @@
       "document.getElementById('username_field').value = 'temp';"
       "document.getElementById('password_field').value = 'random';"
       "document.getElementById('input_submit_button').click();"
       "window.location.href = 'done.html';";
 
   ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), save_and_remove));
   ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), navigate_frame));
   observer.Wait();
   // The only thing we check here is that there is no use-after-free reported.
 }
+
+IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTest, PasswordValueAccessible) {
+  NavigateToFile("/password/form_and_link.html");
+
+  // Click on a link to open a new tab, then switch back to the first one.
+  EXPECT_EQ(1, browser()->tab_strip_model()->count());
+  std::string click =
+      "document.getElementById('testlink').click();";
+  ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), click));
+  EXPECT_EQ(2, browser()->tab_strip_model()->count());
+  browser()->tab_strip_model()->ActivateTabAt(0, false);
+
+  // Fill in the credentials, and make sure they are saved.
+  NavigationObserver form_submit_observer(WebContents());
+  std::string fill_and_submit =
+      "document.getElementById('username_field').value = 'temp';"
+      "document.getElementById('password_field').value = 'random';"
+      "document.getElementById('input_submit_button').click();";
+  ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), fill_and_submit));
+  form_submit_observer.Wait();
+  EXPECT_TRUE(form_submit_observer.infobar_shown());
+
+  // Reload the original page to have the saved credentials autofilled.
+  NavigationObserver reload_observer(WebContents());
+  NavigateToFile("/password/form_and_link.html");
+  reload_observer.Wait();
+
+  // Check that while the username is immediately available, the password value
+  // needs a user interaction to show up.
+  std::string check_username =
+      "document.getElementById('username_field').value == 'temp'";
+  std::string check_password =
+      "document.getElementById('password_field').value == 'random'";
+  CheckScriptReturnValue(check_username, true);
+  CheckScriptReturnValue(check_password, false);
+  content::SimulateMouseClick(
+      WebContents(), 0, blink::WebMouseEvent::ButtonLeft);
+  CheckScriptReturnValue(check_username, true);
+  CheckScriptReturnValue(check_password, true);
+}