iOS: Mark HTTP pages with password fields with an omnibox icon.

ios/chrome/browser/passwords/password_controller_unittest.mm

 // Copyright 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #import "ios/chrome/browser/passwords/password_controller.h"
 
 #import <Foundation/Foundation.h>
 
 #include <memory>
 #include <utility>
@@ skipping 10 matching lines @@
 #include "components/password_manager/core/browser/log_manager.h"
 #include "components/password_manager/core/browser/mock_password_store.h"
 #include "components/password_manager/core/browser/stub_password_manager_client.h"
 #include "components/password_manager/core/common/password_manager_pref_names.h"
 #include "components/prefs/pref_registry_simple.h"
 #include "components/prefs/testing_pref_service.h"
 #import "ios/chrome/browser/autofill/form_input_accessory_view_controller.h"
 #import "ios/chrome/browser/autofill/form_suggestion_controller.h"
 #include "ios/chrome/browser/browser_state/test_chrome_browser_state.h"
 #import "ios/chrome/browser/passwords/js_password_manager.h"
+#import "ios/web/public/navigation_item.h"
+#import "ios/web/public/navigation_manager.h"
 #import "ios/web/public/web_state/web_state.h"
+#include "ios/web/public/ssl_status.h"
 #import "ios/web/public/test/web_test_with_web_state.h"
 #import "ios/web/public/test/test_web_state.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "testing/gtest_mac.h"
 #import "third_party/ocmock/OCMock/OCMock.h"
 #import "third_party/ocmock/OCMock/OCPartialMockObject.h"
 #include "url/gurl.h"
 
 #if !defined(__has_feature) || !__has_feature(objc_arc)
@@ skipping 932 matching lines @@
        "<input id='pw0' type='password' name='p0'>"
        "</form>"));
   // Form fill should fail with 'readonly' attribute on password.
   EXPECT_FALSE(BasicFormFill(
       @"<form>"
        "<input id='un0' type='text' name='u0'>"
        "<input id='pw0' type='password' name='p0' readonly='readonly'>"
        "</form>"));
 }
 
+// An HTML page without a password form.
+static NSString* kHtmlWithoutPasswordForm =
+    @"<h2>The rain in Spain stays <i>mainly</i> in the plain.</h2>";
+
 // An HTML page containing one password form.  The username input field
 // also has custom event handlers.  We need to verify that those event
 // handlers are still triggered even though we override them with our own.
 static NSString* kHtmlWithPasswordForm =
     @"<form>"
      "<input id='un' type='text' name=\"u'\""
      "  onkeyup='window.onKeyUpCalled_=true'"
      "  onchange='window.onChangeCalled_=true'>"
      "<input id='pw' type='password' name=\"p'\">"
      "</form>";
@@ skipping 285 matching lines @@
               LogSavePasswordProgress(testing::Ne(
                   "Message: \"PasswordManager::OnPasswordFormsRendered\"\n")))
       .Times(testing::AnyNumber());
   EXPECT_CALL(*weak_client, GetLogManager())
       .WillRepeatedly(Return(&log_manager));
 
   web_state.SetContentIsHTML(false);
   web_state.SetCurrentURL(GURL("https://example.com"));
   [passwordController webStateDidLoadPage:&web_state];
 }
+
+// Tests that an HTTP page without a password field does not update the SSL
+// status to indicate DISPLAYED_PASSWORD_FIELD_ON_HTTP.
+TEST_F(PasswordControllerTest, HTTPNoPassword) {
+  LoadHtml(kHtmlWithoutPasswordForm, GURL("http://chromium.test"));
+
+  web::SSLStatus ssl_status =
+      web_state()->GetNavigationManager()->GetLastCommittedItem()->GetSSL();
+  EXPECT_FALSE(ssl_status.content_status &
+               web::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP);
+}
+
+// Tests that an HTTP page with a password field updates the SSL status
+// to indicate DISPLAYED_PASSWORD_FIELD_ON_HTTP.
+TEST_F(PasswordControllerTest, HTTPPassword) {
+  LoadHtml(kHtmlWithPasswordForm, GURL("http://chromium.test"));
+
+  web::SSLStatus ssl_status =
+      web_state()->GetNavigationManager()->GetLastCommittedItem()->GetSSL();
+  EXPECT_TRUE(ssl_status.content_status &
+              web::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP);
+}
+
+// Tests that an HTTPS page without a password field does not update the SSL
+// status to indicate DISPLAYED_PASSWORD_FIELD_ON_HTTP.
+TEST_F(PasswordControllerTest, HTTPSNoPassword) {
+  LoadHtml(kHtmlWithoutPasswordForm, GURL("https://chromium.test"));
+
+  web::SSLStatus ssl_status =
+      web_state()->GetNavigationManager()->GetLastCommittedItem()->GetSSL();
+  EXPECT_FALSE(ssl_status.content_status &
+               web::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP);
+}
+
+// Tests that an HTTPS page with a password field does not update the SSL status
+// to indicate DISPLAYED_PASSWORD_FIELD_ON_HTTP.
+TEST_F(PasswordControllerTest, HTTPSPassword) {
+  LoadHtml(kHtmlWithPasswordForm, GURL("https://chromium.test"));
+
+  web::SSLStatus ssl_status =
+      web_state()->GetNavigationManager()->GetLastCommittedItem()->GetSSL();
+  EXPECT_FALSE(ssl_status.content_status &
+               web::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP);
+}