[Password Generation] Send votes about confirmation fields

components/autofill/content/renderer/password_form_conversion_utils.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/autofill/content/renderer/password_form_conversion_utils.h"
 
 #include <stddef.h>
 
 #include <algorithm>
 #include <string>
@@ skipping 136 matching lines @@
     const WebInputElement& username_element,
     std::vector<base::string16>* other_possible_usernames) {
   other_possible_usernames->erase(
       std::remove(other_possible_usernames->begin(),
                   other_possible_usernames->end(),
                   username_element.value()),
       other_possible_usernames->end());
 }
 
 // Helper to determine which password is the main (current) one, and which is
-// the new password (e.g., on a sign-up or change password form), if any.
+// the new password (e.g., on a sign-up or change password form), if any. If the
+// new password is found and there is another password field with the same user
+// input, the function also sets |confirmation_password| to this field.
 bool LocateSpecificPasswords(std::vector<WebInputElement> passwords,
                              WebInputElement* current_password,
-                             WebInputElement* new_password) {
+                             WebInputElement* new_password,
+                             WebInputElement* confirmation_password) {
   DCHECK(current_password && current_password->isNull());
   DCHECK(new_password && new_password->isNull());
+  DCHECK(confirmation_password && confirmation_password->isNull());
 
   // First, look for elements marked with either autocomplete='current-password'
   // or 'new-password' -- if we find any, take the hint, and treat the first of
   // each kind as the element we are looking for.
   for (const WebInputElement& it : passwords) {
     if (HasAutocompleteAttributeValue(it, kAutocompleteCurrentPassword) &&
         current_password->isNull()) {
       *current_password = it;
     } else if (HasAutocompleteAttributeValue(it, kAutocompleteNewPassword) &&
                new_password->isNull()) {
       *new_password = it;
+    } else if (!new_password->isNull() &&
+               (new_password->value() == it.value())) {
+      *confirmation_password = it;
     }
   }
 
   // If we have seen an element with either of autocomplete attributes above,
   // take that as a signal that the page author must have intentionally left the
   // rest of the password fields unmarked. Perhaps they are used for other
   // purposes, e.g., PINs, OTPs, and the like. So we skip all the heuristics we
   // normally do, and ignore the rest of the password fields.
   if (!current_password->isNull() || !new_password->isNull())
     return true;
 
   if (passwords.empty())
     return false;
 
   switch (passwords.size()) {
     case 1:
       // Single password, easy.
       *current_password = passwords[0];
       break;
     case 2:
       if (!passwords[0].value().isEmpty() &&
           passwords[0].value() == passwords[1].value()) {
         // Two identical non-empty passwords: assume we are seeing a new
         // password with a confirmation. This can be either a sign-up form or a
         // password change form that does not ask for the old password.
         *new_password = passwords[0];
+        *confirmation_password = passwords[1];
       } else {
         // Assume first is old password, second is new (no choice but to guess).
         // This case also includes empty passwords in order to allow filling of
         // password change forms (that also could autofill for sign up form, but
         // we can't do anything with this using only client side information).
         *current_password = passwords[0];
         *new_password = passwords[1];
       }
       break;
     default:
       if (!passwords[0].value().isEmpty() &&
           passwords[0].value() == passwords[1].value() &&
           passwords[0].value() == passwords[2].value()) {
         // All three passwords are the same and non-empty? This does not make
         // any sense, give up.
         return false;
       } else if (passwords[1].value() == passwords[2].value()) {
         // New password is the duplicated one, and comes second; or empty form
         // with 3 password fields, in which case we will assume this layout.
         *current_password = passwords[0];
         *new_password = passwords[1];
+        *confirmation_password = passwords[2];
       } else if (passwords[0].value() == passwords[1].value()) {
         // It is strange that the new password comes first, but trust more which
         // fields are duplicated than the ordering of fields. Assume that
         // any password fields after the new password contain sensitive
         // information that isn't actually a password (security hint, SSN, etc.)
         *new_password = passwords[0];
+        *confirmation_password = passwords[1];
       } else {
         // Three different passwords, or first and last match with middle
         // different. No idea which is which, so no luck.
         return false;
       }
   }
   return true;
 }
 
 // Checks the |form_predictions| map to see if there is a key associated with
@@ skipping 261 matching lines @@
             latest_input_element = *input_element;
           if (!input_element->value().isEmpty())
             other_possible_usernames.push_back(input_element->value());
         }
       }
     }
   }
 
   WebInputElement password;
   WebInputElement new_password;
-  if (!LocateSpecificPasswords(passwords, &password, &new_password))
+  WebInputElement confirmation_password;
+  if (!LocateSpecificPasswords(passwords, &password, &new_password,
+                               &confirmation_password))
     return false;
 
   DCHECK_EQ(passwords.size(), last_text_input_before_password.size());
   if (username_element.isNull()) {
     if (!password.isNull())
       username_element = last_text_input_before_password[password];
     if (username_element.isNull() && !new_password.isNull())
       username_element = last_text_input_before_password[new_password];
     if (!username_element.isNull())
       ExcludeUsernameFromOtherUsernamesList(username_element,
@@ skipping 58 matching lines @@
     password_form->password_value = password_value;
   }
   if (!new_password.isNull()) {
     password_form->new_password_element =
         FieldName(new_password, "anonymous_new_password");
     password_form->new_password_value = new_password.value();
     password_form->new_password_value_is_default =
         new_password.getAttribute("value") == new_password.value();
     if (HasAutocompleteAttributeValue(new_password, kAutocompleteNewPassword))
       password_form->new_password_marked_by_site = true;
+    if (!confirmation_password.isNull()) {
+      password_form->confirmation_password_element =
+          FieldName(confirmation_password, "anonymous_confirmation_password");
+    }
   }
 
   if (username_element.isNull()) {
     // To get a better idea on how password forms without a username field
     // look like, report the total number of text and password fields.
     UMA_HISTOGRAM_COUNTS_100(
         "PasswordManager.EmptyUsernames.TextAndPasswordFieldCount",
         layout_sequence.size());
     // For comparison, also report the number of password fields.
     UMA_HISTOGRAM_COUNTS_100(
@@ skipping 109 matching lines @@
 bool HasAutocompleteAttributeValue(const blink::WebInputElement& element,
                                    const char* value_in_lowercase) {
   base::string16 autocomplete_attribute(element.getAttribute("autocomplete"));
   std::vector<std::string> tokens = LowercaseAndTokenizeAttributeString(
       base::UTF16ToUTF8(autocomplete_attribute));
 
   return base::ContainsValue(tokens, value_in_lowercase);
 }
 
 }  // namespace autofill