HTTP Bad: Add warning message to autofill dropdown for http sites

components/password_manager/core/browser/password_autofill_manager_unittest.cc

Index: components/password_manager/core/browser/password_autofill_manager_unittest.cc
diff --git a/components/password_manager/core/browser/password_autofill_manager_unittest.cc b/components/password_manager/core/browser/password_autofill_manager_unittest.cc
index 3e0d9c431d1df27aa4443c39776661465fa1f6f8..1b9a8419a382e6694b0c25c6a4178b4173e6ddcb 100644
--- a/components/password_manager/core/browser/password_autofill_manager_unittest.cc
+++ b/components/password_manager/core/browser/password_autofill_manager_unittest.cc
@@ -18,6 +18,7 @@
 #include "components/autofill/core/common/password_form_fill_data.h"
 #include "components/password_manager/core/browser/stub_password_manager_client.h"
 #include "components/password_manager/core/browser/stub_password_manager_driver.h"
+#include "components/security_state/switches.h"
 #include "components/strings/grit/components_strings.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -577,4 +578,109 @@ TEST_F(PasswordAutofillManagerTest, PreviewAndFillEmptyUsernameSuggestion) {
   testing::Mock::VerifyAndClearExpectations(client->mock_driver());
 }
 
+TEST_F(PasswordAutofillManagerTest, NonSecurePasswordFieldHttpWarningMessage) {
+  std::unique_ptr<TestPasswordManagerClient> client(

[vabr (Chromium), 2016/11/07 14:57:27]

nit: Please use

auto client = base::MakeUnique<TestPasswordManagerClient>()

because it does not duplicate the type name.

Also with unique_ptrs below.

[lshang, 2016/11/08 06:00:58]

Done.

+      new TestPasswordManagerClient);
+  std::unique_ptr<MockAutofillClient> autofill_client(new MockAutofillClient);
+  InitializePasswordAutofillManager(client.get(), autofill_client.get());
+
+  gfx::RectF element_bounds;
+  autofill::PasswordFormFillData data;
+  data.username_field.value = test_username_;
+  data.password_field.value = test_password_;
+  data.origin = GURL("http://foo.test");
+
+  int dummy_key = 0;
+  password_autofill_manager_->OnAddPasswordFormMapping(dummy_key, data);
+
+  // String "Login not secure" shown as a warning messages if password form is
+  // on http sites.
+  base::string16 warning_message =
+      l10n_util::GetStringUTF16(IDS_AUTOFILL_PASSWORD_HTTP_WARNING_MESSAGE);
+
+  // String "Use password for:" shown when displaying suggestions matching a
+  // username and specifying that the field is a password field.
+  base::string16 title =
+      l10n_util::GetStringUTF16(IDS_AUTOFILL_PASSWORD_FIELD_SUGGESTIONS_TITLE);
+
+  // Http warning message won't show with switch flag off.
+  EXPECT_CALL(*autofill_client,
+              ShowAutofillPopup(element_bounds, _,
+                                SuggestionVectorValuesAre(testing::ElementsAre(
+                                    title, test_username_)),
+                                _));
+  password_autofill_manager_->OnShowPasswordSuggestions(
+      dummy_key, base::i18n::RIGHT_TO_LEFT, test_username_,
+      autofill::IS_PASSWORD_FIELD, element_bounds);
+
+  base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(
+      security_state::switches::kMarkHttpAs,
+      security_state::switches::
+          kMarkHttpWithPasswordsOrCcWithChipAndFormWarning);
+
+  // Http warning message shows for non-secure context and switch flag on, so
+  // there are 3 suggestions in total, and the message comes first among
+  // suggestions.
+  EXPECT_CALL(*autofill_client,
+              ShowAutofillPopup(element_bounds, _,
+                                SuggestionVectorValuesAre(testing::ElementsAre(
+                                    warning_message, title, test_username_)),
+                                _));
+  password_autofill_manager_->OnShowPasswordSuggestions(
+      dummy_key, base::i18n::RIGHT_TO_LEFT, test_username_,
+      autofill::IS_PASSWORD_FIELD, element_bounds);
+}
+
+TEST_F(PasswordAutofillManagerTest, SecurePasswordFieldHttpWarningMessage) {
+  std::unique_ptr<TestPasswordManagerClient> client(
+      new TestPasswordManagerClient);
+  std::unique_ptr<MockAutofillClient> autofill_client(new MockAutofillClient);
+  InitializePasswordAutofillManager(client.get(), autofill_client.get());
+
+  gfx::RectF element_bounds;
+  autofill::PasswordFormFillData data;
+  data.username_field.value = test_username_;
+  data.password_field.value = test_password_;
+  data.origin = GURL("https://foo.test");
+
+  int dummy_key = 0;
+  password_autofill_manager_->OnAddPasswordFormMapping(dummy_key, data);
+
+  // String "Login not secure" shown as a warning messages if password form is
+  // on http sites.
+  base::string16 warning_message =
+      l10n_util::GetStringUTF16(IDS_AUTOFILL_PASSWORD_HTTP_WARNING_MESSAGE);
+
+  // String "Use password for:" shown when displaying suggestions matching a
+  // username and specifying that the field is a password field.
+  base::string16 title =
+      l10n_util::GetStringUTF16(IDS_AUTOFILL_PASSWORD_FIELD_SUGGESTIONS_TITLE);
+
+  // Http warning message won't show with switch flag off.
+  EXPECT_CALL(*autofill_client,
+              ShowAutofillPopup(element_bounds, _,
+                                SuggestionVectorValuesAre(testing::ElementsAre(
+                                    title, test_username_)),
+                                _));
+  password_autofill_manager_->OnShowPasswordSuggestions(
+      dummy_key, base::i18n::RIGHT_TO_LEFT, test_username_,
+      autofill::IS_PASSWORD_FIELD, element_bounds);
+
+  base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(
+      security_state::switches::kMarkHttpAs,
+      security_state::switches::
+          kMarkHttpWithPasswordsOrCcWithChipAndFormWarning);
+
+  // Http warning message won't show for secure context, even with switch flag

[vabr (Chromium), 2016/11/07 14:57:27]

Just for completeness, could we also have a test for when the context is not
secure but the flag is off?

At that point you might want to merge all the common work of the tests into a
single preparation method and call that, followed by the correct expectation
verification, from individual tests.

[lshang, 2016/11/08 06:00:58]

We have that test in the first test I added, when context is not secure and flag
is off, only shows title and username, and when flag is on, warning message
shows up.

[vabr (Chromium), 2016/11/08 07:43:34]

Ah, right, I missed that without-flag part in both tests. Sorry for the noise!

+  // on.
+  EXPECT_CALL(*autofill_client,
+              ShowAutofillPopup(element_bounds, _,
+                                SuggestionVectorValuesAre(testing::ElementsAre(
+                                    title, test_username_)),
+                                _));
+  password_autofill_manager_->OnShowPasswordSuggestions(
+      dummy_key, base::i18n::RIGHT_TO_LEFT, test_username_,
+      autofill::IS_PASSWORD_FIELD, element_bounds);
+}
+
 }  // namespace password_manager