Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1736)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/password_manager/password_manager_browsertest.cc

Issue 2607413003: Add security feature to ProvisionalSavePassword (Closed)
Patch Set: Addressed comments. Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | components/autofill/core/common/save_password_progress_logger.h » ('j') | components/password_manager/core/browser/password_manager.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/password_manager/password_manager_browsertest.cc
diff --git a/chrome/browser/password_manager/password_manager_browsertest.cc b/chrome/browser/password_manager/password_manager_browsertest.cc
index a17d1f5b00776ca754c6640f3e636d550018bcfb..e7a017fbf2268526fc932617a820d344aa3298c9 100644
--- a/chrome/browser/password_manager/password_manager_browsertest.cc
+++ b/chrome/browser/password_manager/password_manager_browsertest.cc
@@ -1412,6 +1412,88 @@ IN_PROC_BROWSER_TEST_F(
EXPECT_FALSE(prompt_observer->IsShowingSavePrompt());
}
+IN_PROC_BROWSER_TEST_F(
+ PasswordManagerBrowserTestBase,
+ NoPromptForSeperateLoginFormWhenSwitchingFromHttpsToHttp) {
+ base::CommandLine::ForCurrentProcess()->AppendSwitch(
+ ::switches::kAllowRunningInsecureContent);
+ base::CommandLine::ForCurrentProcess()->AppendSwitch(
+ ::switches::kIgnoreCertificateErrors);
+ const base::FilePath::CharType kDocRoot[] =
+ FILE_PATH_LITERAL("chrome/test/data");
+ net::EmbeddedTestServer https_test_server(
+ net::EmbeddedTestServer::TYPE_HTTPS);
+ https_test_server.ServeFilesFromSourceDirectory(base::FilePath(kDocRoot));
+ ASSERT_TRUE(https_test_server.Start());
jdoerrie 2017/01/05 18:11:30 This part probably should be moved into its own me
vasilii 2017/01/09 14:16:55 Acknowledged.
+
+ std::string path = "/password/password_form.html";
+ GURL https_url(https_test_server.GetURL(path));
+ ASSERT_TRUE(https_url.SchemeIs(url::kHttpsScheme));
+
+ NavigationObserver form_observer(WebContents());
+ ui_test_utils::NavigateToURL(browser(), https_url);
+ form_observer.Wait();
+
+ std::string fill_and_submit_redirect =
+ "document.getElementById('username_redirect').value = 'user';"
+ "document.getElementById('password_redirect').value = 'password';"
+ "document.getElementById('submit_redirect').click()";
+ ASSERT_TRUE(
+ content::ExecuteScript(RenderViewHost(), fill_and_submit_redirect));
+
+ NavigationObserver redirect_observer(WebContents());
+ redirect_observer.SetPathToWaitFor("/password/redirect.html");
+ redirect_observer.Wait();
+
+ GURL http_url(embedded_test_server()->GetURL("/password/done.html"));
+ std::string http_redirect =
+ "window.location.href = '" + http_url.spec() + "';";
+ ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), http_redirect));
+
+ NavigationObserver first_done_observer(WebContents());
+ first_done_observer.SetPathToWaitFor("/password/done.html");
+ first_done_observer.Wait();
+
+ std::string attacker_redirect =
+ "window.location.href = 'simple_password.html'";
+ ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), attacker_redirect));
+
+ NavigationObserver attacker_observer(WebContents());
+ attacker_observer.SetPathToWaitFor("/password/simple_password.html");
+ attacker_observer.Wait();
+
+ std::string fill_and_submit_attacker_form =
+ "document.getElementById('username_field').value = 'attacker_username';"
+ "document.getElementById('password_field').value = 'attacker_password';"
+ "document.getElementById('input_submit_button').click()";
+ ASSERT_TRUE(
+ content::ExecuteScript(RenderViewHost(), fill_and_submit_attacker_form));
+
+ NavigationObserver second_done_observer(WebContents());
+ second_done_observer.SetPathToWaitFor("/password/done.html");
+ second_done_observer.Wait();
+
+ BubbleObserver prompt_observer(WebContents());
+ EXPECT_TRUE(prompt_observer.IsShowingSavePrompt());
+ prompt_observer.AcceptSavePrompt();
+
+ // Check that credentials are stored.
+ scoped_refptr<password_manager::TestPasswordStore> password_store =
+ static_cast<password_manager::TestPasswordStore*>(
+ PasswordStoreFactory::GetForProfile(
+ browser()->profile(), ServiceAccessType::IMPLICIT_ACCESS)
+ .get());
+
+ // Spin the message loop to make sure the password store had a chance to save
+ // the password.
+ base::RunLoop run_loop;
+ run_loop.RunUntilIdle();
+ EXPECT_FALSE(password_store->IsEmpty());
+
+ CheckThatCredentialsStored(password_store.get(), base::ASCIIToUTF16("user"),
+ base::ASCIIToUTF16("password"));
+}
+
IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTestBase,
PromptWhenPasswordFormWithoutUsernameFieldSubmitted) {
scoped_refptr<password_manager::TestPasswordStore> password_store =
« no previous file with comments | « no previous file | components/autofill/core/common/save_password_progress_logger.h » ('j') | components/password_manager/core/browser/password_manager.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698