Fetch federated PSL-matches from the password store.

components/password_manager/core/browser/login_database.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/password_manager/core/browser/login_database.h"
 
 #include <stddef.h>
 #include <stdint.h>
 #include <algorithm>
 #include <limits>
@@ skipping 1075 matching lines @@
     std::string regexp = "^(" + scheme + ":\\/\\/)([\\w-]+\\.)*" +
                          registered_domain + "(:" + port + ")?\\/$";
     s.BindString(placeholder++, regexp);
   }
   if (should_federated_apply) {
     std::string expression =
         base::StringPrintf("federation://%s/%%", form.origin.host().c_str());
     s.BindString(placeholder++, expression);
   }
 
+  if (should_PSL_matching_apply && should_federated_apply) {
+    std::string federation_regexp = "^federation://([\\w-]+\\.)*" +
+                                    registered_domain + "(:" +
+                                    signon_realm.port() + ")?/.+$";

[jdoerrie, 2017/01/16 18:04:14]

Couple questions here:
- Do federated matches ever have a port? I believe so, but I am not quite sure.
- Should the match for the path be more restrictive? Currently it matches
anything that is non-empty (not counting '/').

[vasilii, 2017/01/17 12:41:24]

No, we don't save port.
That is correct for the regexp. There is another code running later to filter
the results on some conditions (see StatementToForms).

[jdoerrie, 2017/01/17 13:37:18]

Acknowledged.

+    s.BindString(placeholder++, federation_regexp);
+  }
+
   if (!should_PSL_matching_apply && !should_federated_apply) {
     // Otherwise the histogram is reported in StatementToForms.
     UMA_HISTOGRAM_ENUMERATION("PasswordManager.PslDomainMatchTriggering",
                               PSL_DOMAIN_MATCH_NOT_USED,
                               PSL_DOMAIN_MATCH_COUNT);
   }
 
   bool success = StatementToForms(
       &s, should_PSL_matching_apply || should_federated_apply ? &form : nullptr,
       forms);
@@ skipping 108 matching lines @@
       if (new_form->scheme != PasswordForm::SCHEME_HTML)
         continue;  // Ignore non-HTML matches.
 
       if (IsPublicSuffixDomainMatch(new_form->signon_realm,
                                     matched_form->signon_realm)) {
         psl_domain_match_metric = PSL_DOMAIN_MATCH_FOUND;
         new_form->is_public_suffix_match = true;
       } else if (!new_form->federation_origin.unique() &&
                  IsFederatedMatch(new_form->signon_realm,
                                   matched_form->origin)) {
+      } else if (!new_form->federation_origin.unique() &&
+                 IsFederatedPSLMatch(new_form->signon_realm,
+                                     matched_form->origin)) {
+        psl_domain_match_metric = PSL_DOMAIN_MATCH_FOUND;

[jdoerrie, 2017/01/16 18:04:14]

Should we consider adding a new value to |PSLDomainMatchMetric| for this
federated PSL match case?

[vasilii, 2017/01/17 12:41:24]

Sure.

+        new_form->is_public_suffix_match = true;
       } else {
         continue;
       }
     }
     forms->push_back(std::move(new_form));
   }
 
   if (matched_form) {
     UMA_HISTOGRAM_ENUMERATION("PasswordManager.PslDomainMatchTriggering",
                               psl_domain_match_metric, PSL_DOMAIN_MATCH_COUNT);
@@ skipping 34 matching lines @@
   delete_statement_ = "DELETE FROM logins WHERE " + all_unique_key_column_names;
   DCHECK(autosignin_statement_.empty());
   autosignin_statement_ = "SELECT " + all_column_names +
                           " FROM logins "
                           "WHERE skip_zero_click = 0 ORDER BY origin_url";
   DCHECK(get_statement_.empty());
   get_statement_ = "SELECT " + all_column_names +
                    " FROM logins "
                    "WHERE signon_realm == ?";
   std::string psl_statement = "OR signon_realm REGEXP ? ";
   std::string federated_statement =

[vasilii, 2017/01/17 12:41:24]

Seems to be obsolete

[jdoerrie, 2017/01/17 13:37:18]

Acknowledged. It's obsolete for matching federated PSL credentials, but still
has value for federated matches without PSL.

       "OR (signon_realm LIKE ? AND password_type == 2) ";
+  std::string psl_federated_statement =
+      "OR (signon_realm REGEXP ? AND password_type == 2) ";
   DCHECK(get_statement_psl_.empty());
   get_statement_psl_ = get_statement_ + psl_statement;
   DCHECK(get_statement_federated_.empty());
   get_statement_federated_ = get_statement_ + federated_statement;
   DCHECK(get_statement_psl_federated_.empty());
-  get_statement_psl_federated_ =
-      get_statement_ + psl_statement + federated_statement;
+  get_statement_psl_federated_ = get_statement_ + psl_statement +
+                                 federated_statement + psl_federated_statement;
   DCHECK(created_statement_.empty());
   created_statement_ =
       "SELECT " + all_column_names +
       " FROM logins WHERE date_created >= ? AND date_created < "
       "? ORDER BY origin_url";
   DCHECK(synced_statement_.empty());
   synced_statement_ = "SELECT " + all_column_names +
                       " FROM logins WHERE date_synced >= ? AND date_synced < "
                       "? ORDER BY origin_url";
   DCHECK(blacklisted_statement_.empty());
   blacklisted_statement_ =
       "SELECT " + all_column_names +
       " FROM logins WHERE blacklisted_by_user == ? ORDER BY origin_url";
   DCHECK(encrypted_statement_.empty());
   encrypted_statement_ =
       "SELECT password_value FROM logins WHERE " + all_unique_key_column_names;
 }
 
 }  // namespace password_manager