Implement Federated PSL Matches in Native Backends

components/password_manager/core/browser/psl_matching_helper_unittest.cc

Index: components/password_manager/core/browser/psl_matching_helper_unittest.cc
diff --git a/components/password_manager/core/browser/psl_matching_helper_unittest.cc b/components/password_manager/core/browser/psl_matching_helper_unittest.cc
index 68381d2c84219ab2a4eb5d2c9382c17ffa2df25e..e3bdc2eff48dd490235e50389b355c10152a5455 100644
--- a/components/password_manager/core/browser/psl_matching_helper_unittest.cc
+++ b/components/password_manager/core/browser/psl_matching_helper_unittest.cc
@@ -14,6 +14,148 @@ namespace password_manager {
 
 namespace {
 
+TEST(PSLMatchingUtilsTest, GetMatchResult) {
+  struct TestData {
+    const char* form_signon_realm;
+    const char* form_federation_origin;
+    autofill::PasswordForm::Scheme digest_scheme;
+    const char* digest_signon_realm;
+    const char* digest_origin;
+    MatchResult match_result;
+  };
+
+  const TestData cases[] = {
+      {"http://facebook.com", "", autofill::PasswordForm::SCHEME_HTML,

[vasilii, 2017/01/26 13:35:18]

I think signon_realm has a trailing '/'

[jdoerrie, 2017/01/26 14:47:56]

Done.

+       "http://facebook.com", "", MatchResult::EXACT_MATCH},
+
+      {"http://facebook.com/path", "", autofill::PasswordForm::SCHEME_HTML,

[vasilii, 2017/01/26 13:35:17]

I don't think that this is a valid input for signon_realm. See
password_specifics.proto

[jdoerrie, 2017/01/26 14:47:56]

Done.

+       "http://facebook.com/path", "", MatchResult::EXACT_MATCH},
+
+      {"http://m.facebook.com/", "", autofill::PasswordForm::SCHEME_HTML,
+       "http://m.facebook.com/", "", MatchResult::EXACT_MATCH},
+
+      {"http://example.com/has space", "", autofill::PasswordForm::SCHEME_HTML,
+       "http://example.com/has space", "", MatchResult::EXACT_MATCH},
+
+      // Test PSL Matches.
+      {"http://facebook.com/", "", autofill::PasswordForm::SCHEME_HTML,
+       "http://m.facebook.com/", "", MatchResult::PSL_MATCH},
+
+      // Don't apply PSL matching to Google domains.
+      {"http://google.com/", "", autofill::PasswordForm::SCHEME_HTML,
+       "http://m.google.com/", "", MatchResult::NO_MATCH},
+
+      {"http://facebook.com/path", "", autofill::PasswordForm::SCHEME_HTML,
+       "http://m.facebook.com/path", "", MatchResult::PSL_MATCH},

[vasilii, 2017/01/26 13:35:18]

As above it looks like an origin. The realm is without path.

[jdoerrie, 2017/01/26 14:47:56]

Done.

+
+      {"http://facebook.com/path1", "", autofill::PasswordForm::SCHEME_HTML,
+       "http://m.facebook.com/path2", "", MatchResult::PSL_MATCH},
+
+      {"http://www.example.com/", "", autofill::PasswordForm::SCHEME_HTML,
+       "http://wwwexample.com/", "", MatchResult::NO_MATCH},
+
+      {"http://www.example.com/", "", autofill::PasswordForm::SCHEME_HTML,
+       "https://www.example.com/", "", MatchResult::NO_MATCH},
+
+      {"http://www.example.com:123/", "", autofill::PasswordForm::SCHEME_HTML,
+       "http://www.example.com/", "", MatchResult::NO_MATCH},
+
+      {"http://www.example.org/", "", autofill::PasswordForm::SCHEME_HTML,
+       "http://www.example.com/", "", MatchResult::NO_MATCH},
+
+      // URLs without registry controlled domains should not match.
+      {"http://localhost/", "", autofill::PasswordForm::SCHEME_HTML,
+       "http://127.0.0.1/", "", MatchResult::NO_MATCH},
+
+      {"http://www.example.com", "", autofill::PasswordForm::SCHEME_HTML,
+       "http://", "", MatchResult::NO_MATCH},
+
+      {"", "", autofill::PasswordForm::SCHEME_HTML, "http://www.example.com",
+       "", MatchResult::NO_MATCH},
+
+      {"http://www.example.com", "", autofill::PasswordForm::SCHEME_HTML,
+       "bad url", "", MatchResult::NO_MATCH},
+
+      // Test Federated Matches.
+      {"federation://example.com/google.com", "",

[vasilii, 2017/01/26 13:35:18]

Did you want to test the wrong input here?

[jdoerrie, 2017/01/26 14:47:56]

Yes, made it hopefully more clear now.

+       autofill::PasswordForm::SCHEME_HTML, "https://www.example.com/", "",
+       MatchResult::NO_MATCH},
+
+      {"https://facebook.com", "", autofill::PasswordForm::SCHEME_HTML, "",
+       "https://facebook.com", MatchResult::NO_MATCH},

[vasilii, 2017/01/26 13:35:18]

Unsure about two things:
- how is it related to federations
- Why is it no match?

Basically in all your examples you should specify both digest_signon_realm and
digest_origin

[jdoerrie, 2017/01/26 14:47:56]

Done.

+
+      {"https://facebook.com", "", autofill::PasswordForm::SCHEME_HTML, "", "",
+       MatchResult::NO_MATCH},

[vasilii, 2017/01/26 13:35:18]

Doesn't fit into the federation bucket.

[jdoerrie, 2017/01/26 14:47:56]

Done.

+
+      {"federation://example.com/google.com", "https://google.com",
+       autofill::PasswordForm::SCHEME_HTML, "", "https://example.com",
+       MatchResult::FEDERATED_MATCH},
+
+      {"federation://example.com/google.com", "https://google.com",
+       autofill::PasswordForm::SCHEME_HTML, "", "http://example.com",
+       MatchResult::FEDERATED_MATCH},

[vasilii, 2017/01/26 13:35:17]

That's actually shouldn't work. The federated credentials are saved only for
https and shouldn't match http.

[jdoerrie, 2017/01/26 14:47:56]

Discussed offline, currently they do match. Will follow up in another CL.

+
+      {"federation://example.com/google.com", "https://google.com",
+       autofill::PasswordForm::SCHEME_HTML, "", "example.com",
+       MatchResult::NO_MATCH},
+
+      {"federation://example.com/", "", autofill::PasswordForm::SCHEME_HTML, "",
+       "http://example.com", MatchResult::NO_MATCH},
+
+      {"federation://example.com/google.com", "https://google.com",
+       autofill::PasswordForm::SCHEME_HTML, "", "example",
+       MatchResult::NO_MATCH},
+
+      // Test Federated PSL Matches.
+      {"federation://sub.example.com/google.com", "https://google.com",
+       autofill::PasswordForm::SCHEME_HTML, "", "http://sub.example.com",

[vasilii, 2017/01/26 13:35:18]

https://sub.example.com

[jdoerrie, 2017/01/26 14:47:56]

Done.

+       MatchResult::FEDERATED_MATCH},
+
+      {"federation://sub1.example.com/google.com", "https://google.com",
+       autofill::PasswordForm::SCHEME_HTML, "https://example.com",
+       "https://sub2.example.com", MatchResult::FEDERATED_PSL_MATCH},
+
+      // Federated PSL matches do not apply to HTTP.
+      {"federation://sub1.example.com/google.com", "https://google.com",
+       autofill::PasswordForm::SCHEME_HTML, "http://example.com",

[vasilii, 2017/01/26 13:35:18]

Here and below: signon_realm and origin should match each other.

[jdoerrie, 2017/01/26 14:47:56]

Done.

+       "http://sub2.example.com", MatchResult::NO_MATCH},
+
+      {"federation://example.com/google.com", "https://google.com",
+       autofill::PasswordForm::SCHEME_HTML, "https://example.com",
+       "https://sub.example.com", MatchResult::FEDERATED_PSL_MATCH},
+
+      {"federation://example.com/google.com", "https://google.com",
+       autofill::PasswordForm::SCHEME_HTML, "http://example.com",
+       "http://sub.example.com", MatchResult::NO_MATCH},
+
+      // Federated PSL matches do not apply to Google.

[vasilii, 2017/01/26 13:35:18]

Would be useful to have this test for normal PSLs too.

[jdoerrie, 2017/01/26 14:47:56]

Done in line 45 already.

+      {"federation://accounts.google.com/facebook.com", "https://facebook.com",
+       autofill::PasswordForm::SCHEME_HTML, "https://google.com",
+       "https://maps.google.com", MatchResult::NO_MATCH},
+
+      {"federation://accounts.google.com/facebook.com", "https://facebook.com",
+       autofill::PasswordForm::SCHEME_HTML, "http://google.com",
+       "http://maps.google.com", MatchResult::NO_MATCH},
+
+      {"federation://sub.example.com/google.com", "https://google.com",
+       autofill::PasswordForm::SCHEME_HTML, "", "https://sub.example.org",
+       MatchResult::NO_MATCH},
+  };
+
+  for (const TestData& data : cases) {
+    autofill::PasswordForm form;
+    form.signon_realm = data.form_signon_realm;
+    form.federation_origin = url::Origin(GURL(data.form_federation_origin));
+    PasswordStore::FormDigest digest(
+        data.digest_scheme, data.digest_signon_realm, GURL(data.digest_origin));
+
+    EXPECT_EQ(data.match_result, GetMatchResult(form, digest))
+        << "signon_realm = " << data.form_signon_realm
+        << ", federation_origin = " << data.form_federation_origin
+        << ", digest = " << digest;
+  }
+}
+
 TEST(PSLMatchingUtilsTest, IsPublicSuffixDomainMatch) {
   struct TestPair {
     const char* url1;
@@ -86,6 +228,46 @@ TEST(PSLMatchingUtilsTest, IsFederatedMatch) {
   }
 }
 
+TEST(PSLMatchingUtilsTest, IsFederatedPSLMatch) {
+  struct TestPair {
+    const char* signon_realm;
+    const char* origin;
+    bool should_match;
+  };
+
+  const TestPair pairs[] = {
+      {"https://facebook.com", "https://facebook.com", false},
+      {"", "", false},
+      {"", "https://facebook.com/", false},
+      {"https://facebook.com/", "", false},
+
+      {"federation://example.com/google.com", "https://example.com/", true},
+      {"federation://example.com/google.com", "http://example.com/", false},
+      {"federation://example.com/google.com", "example.com", false},
+      {"federation://example.com/", "http://example.com/", false},
+      {"federation://example.com/google.com", "example", false},
+
+      {"federation://sub.example.com/google.com", "https://sub.example.com/",
+       true},
+      {"federation://sub1.example.com/google.com", "https://sub2.example.com/",
+       true},
+      {"federation://example.com/google.com", "https://sub.example.com/", true},
+      {"federation://example.com/google.com", "http://sub.example.com/", false},
+      {"federation://example.com/google.com", "example.com", false},

[vasilii, 2017/01/26 13:35:18]

Copy/paste from 246?

[jdoerrie, 2017/01/26 14:47:56]

Done.

+      {"federation://sub.example.com/", "https://sub.example.com/", false},
+      {"federation://example.com/", "http://example.com/", false},

[vasilii, 2017/01/26 13:35:18]

247?

[jdoerrie, 2017/01/26 14:47:56]

Done.

+      {"federation://example.com/google.com", "example", false},

[vasilii, 2017/01/26 13:35:18]

SAme as 248?

[jdoerrie, 2017/01/26 14:47:56]

Done.

+  };
+
+  for (const TestPair& pair : pairs) {
+    std::string signon_realm = pair.signon_realm;
+    GURL origin(pair.origin);
+    EXPECT_EQ(pair.should_match, IsFederatedPSLMatch(signon_realm, origin))
+        << "signon_realm = " << pair.signon_realm
+        << ", origin = " << pair.origin;
+  }
+}
+
 }  // namespace
 
 }  // namespace password_manager