Passwords PSL Matching on Gnome: overwrite realm and origin

chrome/browser/password_manager/native_backend_gnome_x_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <stdarg.h>
 
 #include "base/basictypes.h"
 #include "base/prefs/pref_service.h"
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
@@ skipping 264 matching lines @@
     mock_keyring_items.clear();
     mock_keyring_reject_local_ids = false;
     return true;
   }
 };
 
 }  // anonymous namespace
 
 class NativeBackendGnomeTest : public testing::Test {
  protected:
+  enum UpdateType {  // Used in CheckPSLUpdate().
+    UPDATE_BY_UPDATELOGIN,
+    UPDATE_BY_ADDLOGIN,
+  };
+
   NativeBackendGnomeTest()
       : ui_thread_(BrowserThread::UI, &message_loop_),
         db_thread_(BrowserThread::DB) {
   }
 
   virtual void SetUp() {
     ASSERT_TRUE(db_thread_.Start());
 
     ASSERT_TRUE(MockGnomeKeyringLoader::LoadMockGnomeKeyring());
 
@@ skipping 94 matching lines @@
     CheckUint32Attribute(item, "ssl_valid", form.ssl_valid);
     CheckUint32Attribute(item, "preferred", form.preferred);
     // We don't check the date created. It varies.
     CheckUint32Attribute(item, "blacklisted_by_user", form.blacklisted_by_user);
     CheckUint32Attribute(item, "type", form.type);
     CheckUint32Attribute(item, "times_used", form.times_used);
     CheckUint32Attribute(item, "scheme", form.scheme);
     CheckStringAttribute(item, "application", app_string);
   }
 
-  // Checks (using EXPECT_* macros), that |credentials| are accessible for
-  // filling in for a page with |origin| iff
-  // |should_credential_be_available_to_url| is true.
-  void CheckCredentialAvailability(const PasswordForm& credentials,
-                                   const std::string& url,
-                                   bool should_credential_be_available_to_url) {
-    password_manager::PSLMatchingHelper helper;
-    ASSERT_TRUE(helper.IsMatchingEnabled())
-        << "PSL matching needs to be enabled.";
-
+  // Saves |credentials| and then gets login for origin and realm |url|. Returns
+  // true when something is found, and in such case copies the result to
+  // |result| when |result| is not NULL. (Note that there can be max. 1 result,
+  // derived from |credentials|.)
+  bool CheckCredentialAvailability(const PasswordForm& credentials,
+                                   const GURL& url,
+                                   PasswordForm* result) {
     NativeBackendGnome backend(321);
     backend.Init();
 
     BrowserThread::PostTask(
         BrowserThread::DB,
         FROM_HERE,
         base::Bind(base::IgnoreResult(&NativeBackendGnome::AddLogin),
                    base::Unretained(&backend),
                    credentials));
 
     PasswordForm target_form;
-    target_form.origin = GURL(url);
-    target_form.signon_realm = url;
+    target_form.origin = url;
+    target_form.signon_realm = url.spec();
     std::vector<PasswordForm*> form_list;
     BrowserThread::PostTask(
         BrowserThread::DB,
         FROM_HERE,
         base::Bind(base::IgnoreResult(&NativeBackendGnome::GetLogins),
                    base::Unretained(&backend),
                    target_form,
                    &form_list));
 
     RunBothThreads();
 
     EXPECT_EQ(1u, mock_keyring_items.size());
     if (mock_keyring_items.size() > 0)
       CheckMockKeyringItem(&mock_keyring_items[0], credentials, "chrome-321");
 
-    if (should_credential_be_available_to_url)
-      EXPECT_EQ(1u, form_list.size());
-    else
-      EXPECT_EQ(0u, form_list.size());
+    if (form_list.empty())
+      return false;
+    EXPECT_EQ(1u, form_list.size());
+    if (result)
+      *result = *form_list[0];
+    STLDeleteElements(&form_list);
+    return true;
+  }
+
+  // Test that updating does not use PSL matching: Add a www.facebook.com
+  // password, then use PSL matching to get a copy of it for m.facebook.com, and
+  // add that copy as well. Now update the www.facebook.com password -- the
+  // m.facebook.com password should not get updated. Depending on the argument,
+  // the credential update is done via UpdateLogin or AddLogin.

[Garrett Casto, 2014/04/24 06:15:24]

Depending on what we end up doing with sync, it's not totally clear that calling
AddLogin for a an existing credential is going to be valid in the future. That
being said, for now it can still happen so it's reasonable to test.

[vabr (Chromium), 2014/04/24 08:33:47]

I agree. Added a TODO comment below to make it easier for the person who bans
AddLogin from acting on existing logins and observes PSLUpdatingStrictAddLogin
being broken.

+  void CheckPSLUpdate(UpdateType update_type) {
+    password_manager::PSLMatchingHelper helper;
+    ASSERT_TRUE(helper.IsMatchingEnabled());
+
+    NativeBackendGnome backend(321);
+    backend.Init();
+
+    // Add |form_facebook_| to saved logins.
+    BrowserThread::PostTask(
+        BrowserThread::DB,
+        FROM_HERE,
+        base::Bind(base::IgnoreResult(&NativeBackendGnome::AddLogin),
+                   base::Unretained(&backend),
+                   form_facebook_));
+
+    // Get the PSL-matched copy of the saved login for m.facebook.
+    const GURL kMobileURL("http://m.facebook.com/");
+    PasswordForm m_facebook_lookup;
+    m_facebook_lookup.origin = kMobileURL;
+    m_facebook_lookup.signon_realm = kMobileURL.spec();
+    std::vector<PasswordForm*> form_list;
+    BrowserThread::PostTask(
+        BrowserThread::DB,
+        FROM_HERE,
+        base::Bind(base::IgnoreResult(&NativeBackendGnome::GetLogins),
+                   base::Unretained(&backend),
+                   m_facebook_lookup,
+                   &form_list));
+    RunBothThreads();
+    EXPECT_EQ(1u, mock_keyring_items.size());
+    EXPECT_EQ(1u, form_list.size());
+    PasswordForm m_facebook = *form_list[0];
+    STLDeleteElements(&form_list);
+    EXPECT_EQ(kMobileURL, m_facebook.origin);
+    EXPECT_EQ(kMobileURL.spec(), m_facebook.signon_realm);
+
+    // Add the PSL-matched copy to saved logins.
+    BrowserThread::PostTask(
+        BrowserThread::DB,
+        FROM_HERE,
+        base::Bind(base::IgnoreResult(&NativeBackendGnome::AddLogin),
+                   base::Unretained(&backend),
+                   m_facebook));
+    RunBothThreads();
+    EXPECT_EQ(2u, mock_keyring_items.size());
+
+    // Update www.facebook.com login.
+    PasswordForm new_facebook(form_facebook_);
+    const base::string16 kOldPassword(form_facebook_.password_value);
+    const base::string16 kNewPassword(UTF8ToUTF16("new_b"));
+    EXPECT_NE(kOldPassword, kNewPassword);
+    new_facebook.password_value = kNewPassword;
+    switch (update_type) {
+      case UPDATE_BY_UPDATELOGIN:
+        BrowserThread::PostTask(
+            BrowserThread::DB,
+            FROM_HERE,
+            base::Bind(base::IgnoreResult(&NativeBackendGnome::UpdateLogin),
+                       base::Unretained(&backend),
+                       new_facebook));
+        break;
+      case UPDATE_BY_ADDLOGIN:
+        BrowserThread::PostTask(
+            BrowserThread::DB,
+            FROM_HERE,
+            base::Bind(base::IgnoreResult(&NativeBackendGnome::AddLogin),
+                       base::Unretained(&backend),
+                       new_facebook));
+        break;
+    }
+
+    RunBothThreads();
+    EXPECT_EQ(2u, mock_keyring_items.size());
+
+    // Check that m.facebook.com login was not modified by the update.
+    BrowserThread::PostTask(
+        BrowserThread::DB,
+        FROM_HERE,
+        base::Bind(base::IgnoreResult(&NativeBackendGnome::GetLogins),
+                   base::Unretained(&backend),
+                   m_facebook_lookup,
+                   &form_list));
+    RunBothThreads();
+    // There should be two results -- the exact one, and the PSL-matched one.
+    EXPECT_EQ(2u, form_list.size());
+    size_t index_non_psl = 0;
+    if (!form_list[index_non_psl]->original_signon_realm.empty())
+      index_non_psl = 1;
+    EXPECT_EQ(kMobileURL, form_list[index_non_psl]->origin);
+    EXPECT_EQ(kMobileURL.spec(), form_list[index_non_psl]->signon_realm);
+    EXPECT_EQ(kOldPassword, form_list[index_non_psl]->password_value);
+    STLDeleteElements(&form_list);
+
+    // Check that www.facebook.com login was modified by the update.
+    BrowserThread::PostTask(
+        BrowserThread::DB,
+        FROM_HERE,
+        base::Bind(base::IgnoreResult(&NativeBackendGnome::GetLogins),
+                   base::Unretained(&backend),
+                   form_facebook_,
+                   &form_list));
+    RunBothThreads();
+    // There should be two results -- the exact one, and the PSL-matched one.
+    EXPECT_EQ(2u, form_list.size());
+    index_non_psl = 0;
+    if (!form_list[index_non_psl]->original_signon_realm.empty())
+      index_non_psl = 1;
+    EXPECT_EQ(form_facebook_.origin, form_list[index_non_psl]->origin);
+    EXPECT_EQ(form_facebook_.signon_realm,
+              form_list[index_non_psl]->signon_realm);
+    EXPECT_EQ(kNewPassword, form_list[index_non_psl]->password_value);
     STLDeleteElements(&form_list);
   }
 
   base::MessageLoopForUI message_loop_;
   content::TestBrowserThread ui_thread_;
   content::TestBrowserThread db_thread_;
 
   // Provide some test forms to avoid having to set them up in each test.
   PasswordForm form_google_;
   PasswordForm form_facebook_;
@@ skipping 38 matching lines @@
   EXPECT_EQ(1u, form_list.size());
   STLDeleteElements(&form_list);
 
   EXPECT_EQ(1u, mock_keyring_items.size());
   if (mock_keyring_items.size() > 0)
     CheckMockKeyringItem(&mock_keyring_items[0], form_google_, "chrome-42");
 }
 
 // Save a password for www.facebook.com and see it suggested for m.facebook.com.
 TEST_F(NativeBackendGnomeTest, PSLMatchingPositive) {
-  CheckCredentialAvailability(form_facebook_,
-                              "http://m.facebook.com/",
-                              /*should_credential_be_available_to_url=*/true);
+  PasswordForm result;
+  const GURL kMobileURL("http://m.facebook.com/");
+  password_manager::PSLMatchingHelper helper;
+  ASSERT_TRUE(helper.IsMatchingEnabled());
+  EXPECT_TRUE(CheckCredentialAvailability(form_facebook_, kMobileURL, &result));
+  EXPECT_EQ(kMobileURL, result.origin);
+  EXPECT_EQ(kMobileURL.spec(), result.signon_realm);
 }
 
 // Save a password for www.facebook.com and see it not suggested for
 // m-facebook.com.
 TEST_F(NativeBackendGnomeTest, PSLMatchingNegativeDomainMismatch) {
-  CheckCredentialAvailability(form_facebook_,
-                              "http://m-facebook.com/",
-                              /*should_credential_be_available_to_url=*/false);
+  password_manager::PSLMatchingHelper helper;
+  ASSERT_TRUE(helper.IsMatchingEnabled());
+  EXPECT_FALSE(CheckCredentialAvailability(
+      form_facebook_, GURL("http://m-facebook.com/"), NULL));
 }
 
 // Test PSL matching is off for domains excluded from it.
 TEST_F(NativeBackendGnomeTest, PSLMatchingDisabledDomains) {
-  CheckCredentialAvailability(form_google_,
-                              "http://one.google.com/",
-                              /*should_credential_be_available_to_url=*/false);
+  password_manager::PSLMatchingHelper helper;
+  ASSERT_TRUE(helper.IsMatchingEnabled());
+  EXPECT_FALSE(CheckCredentialAvailability(
+      form_google_, GURL("http://one.google.com/"), NULL));
+}
+
+TEST_F(NativeBackendGnomeTest, PSLUpdatingStrictUpdateLogin) {
+  CheckPSLUpdate(UPDATE_BY_UPDATELOGIN);
+}
+
+TEST_F(NativeBackendGnomeTest, PSLUpdatingStrictAddLogin) {
+  CheckPSLUpdate(UPDATE_BY_ADDLOGIN);
 }
 
 TEST_F(NativeBackendGnomeTest, BasicUpdateLogin) {
   NativeBackendGnome backend(42);
   backend.Init();
 
   // First add google login.
   BrowserThread::PostTask(
       BrowserThread::DB, FROM_HERE,
       base::Bind(base::IgnoreResult(&NativeBackendGnome::AddLogin),
@@ skipping 135 matching lines @@
   // Quick check that we got two results back.
   EXPECT_EQ(2u, form_list.size());
   STLDeleteElements(&form_list);
 
   EXPECT_EQ(1u, mock_keyring_items.size());
   if (mock_keyring_items.size() > 0)
     CheckMockKeyringItem(&mock_keyring_items[0], form_google_, "chrome-42");
 }
 
 // TODO(mdm): add more basic tests here at some point.