[Password Manager] Remove PSL matching for non-HTML forms

chrome/browser/password_manager/native_backend_gnome_x_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <stdarg.h>
 
 #include "base/basictypes.h"
 #include "base/prefs/pref_service.h"
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
@@ skipping 306 matching lines @@
     form_facebook_.signon_realm = "http://www.facebook.com/";
 
     form_isc_.origin = GURL("http://www.isc.org/");
     form_isc_.action = GURL("http://www.isc.org/auth");
     form_isc_.username_element = UTF8ToUTF16("id");
     form_isc_.username_value = UTF8ToUTF16("janedoe");
     form_isc_.password_element = UTF8ToUTF16("passwd");
     form_isc_.password_value = UTF8ToUTF16("ihazabukkit");
     form_isc_.submit_element = UTF8ToUTF16("login");
     form_isc_.signon_realm = "http://www.isc.org/";
+
+    other_auth_.origin = GURL("http://www.example.com/");
+    other_auth_.username_value = UTF8ToUTF16("username");
+    other_auth_.password_value = UTF8ToUTF16("pass");
+    other_auth_.signon_realm = "http://www.example.com/Realm";
   }
 
   virtual void TearDown() {
     base::MessageLoop::current()->PostTask(FROM_HERE,
                                            base::MessageLoop::QuitClosure());
     base::MessageLoop::current()->Run();
     db_thread_.Stop();
   }
 
   void RunBothThreads() {
@@ skipping 57 matching lines @@
     CheckUint32Attribute(item, "ssl_valid", form.ssl_valid);
     CheckUint32Attribute(item, "preferred", form.preferred);
     // We don't check the date created. It varies.
     CheckUint32Attribute(item, "blacklisted_by_user", form.blacklisted_by_user);
     CheckUint32Attribute(item, "type", form.type);
     CheckUint32Attribute(item, "times_used", form.times_used);
     CheckUint32Attribute(item, "scheme", form.scheme);
     CheckStringAttribute(item, "application", app_string);
   }
 
   // Saves |credentials| and then gets login for origin and realm |url|. Returns

[vabr (Chromium), 2014/05/09 09:19:58]

nit: "|url|" -> "|url|, and |scheme|"

[Garrett Casto, 2014/05/09 18:32:13]

Done.

   // true when something is found, and in such case copies the result to
   // |result| when |result| is not NULL. (Note that there can be max. 1 result,
   // derived from |credentials|.)
   bool CheckCredentialAvailability(const PasswordForm& credentials,
                                    const GURL& url,
+                                   const PasswordForm::Scheme& scheme,
                                    PasswordForm* result) {
     NativeBackendGnome backend(321);
     backend.Init();
 
     BrowserThread::PostTask(
         BrowserThread::DB,
         FROM_HERE,
         base::Bind(base::IgnoreResult(&NativeBackendGnome::AddLogin),
                    base::Unretained(&backend),
                    credentials));
 
     PasswordForm target_form;
     target_form.origin = url;
     target_form.signon_realm = url.spec();
+    if (scheme != PasswordForm::SCHEME_HTML) {
+      // For non-HTML forms, the realm used for authentication
+      // (http://tools.ietf.org/html/rfc1945#section-10.2) is appended to the
+      // signon_realm. Just use a default value for now.
+      target_form.signon_realm.append("Realm");
+      target_form.scheme = scheme;
+    }
     std::vector<PasswordForm*> form_list;
     BrowserThread::PostTask(
         BrowserThread::DB,
         FROM_HERE,
         base::Bind(base::IgnoreResult(&NativeBackendGnome::GetLogins),
                    base::Unretained(&backend),
                    target_form,
                    &form_list));
 
     RunBothThreads();
 
     EXPECT_EQ(1u, mock_keyring_items.size());
     if (mock_keyring_items.size() > 0)
       CheckMockKeyringItem(&mock_keyring_items[0], credentials, "chrome-321");
+    mock_keyring_items.clear();
 
     if (form_list.empty())
       return false;
     EXPECT_EQ(1u, form_list.size());
     if (result)
       *result = *form_list[0];
     STLDeleteElements(&form_list);
     return true;
   }
 
@@ skipping 109 matching lines @@
     index_non_psl = 0;
     if (!form_list[index_non_psl]->original_signon_realm.empty())
       index_non_psl = 1;
     EXPECT_EQ(form_facebook_.origin, form_list[index_non_psl]->origin);
     EXPECT_EQ(form_facebook_.signon_realm,
               form_list[index_non_psl]->signon_realm);
     EXPECT_EQ(kNewPassword, form_list[index_non_psl]->password_value);
     STLDeleteElements(&form_list);
   }
 
+  void CheckMatchingWithScheme(const PasswordForm::Scheme& scheme) {
+    other_auth_.scheme = scheme;
+
+    // Don't match a non-HTML form with an HTML form.
+    EXPECT_FALSE(CheckCredentialAvailability(
+        other_auth_, GURL("http://www.example.com"),
+        PasswordForm::SCHEME_HTML, NULL));
+    // Don't match an HTML form with non-HTML auth form.
+    EXPECT_FALSE(CheckCredentialAvailability(
+        form_google_, GURL("http://www.google.com/"), scheme, NULL));
+    // Don't match two different non-HTML auth forms with different origin.
+    EXPECT_FALSE(CheckCredentialAvailability(
+        other_auth_, GURL("http://first.example.com"), scheme, NULL));
+  }
+
   base::MessageLoopForUI message_loop_;
   content::TestBrowserThread ui_thread_;
   content::TestBrowserThread db_thread_;
 
   // Provide some test forms to avoid having to set them up in each test.
   PasswordForm form_google_;
   PasswordForm form_facebook_;
   PasswordForm form_isc_;
+  PasswordForm other_auth_;
 };
 
 TEST_F(NativeBackendGnomeTest, BasicAddLogin) {
   NativeBackendGnome backend(42);
   backend.Init();
 
   BrowserThread::PostTask(
       BrowserThread::DB, FROM_HERE,
       base::Bind(base::IgnoreResult(&NativeBackendGnome::AddLogin),
                  base::Unretained(&backend), form_google_));
@@ skipping 31 matching lines @@
   if (mock_keyring_items.size() > 0)
     CheckMockKeyringItem(&mock_keyring_items[0], form_google_, "chrome-42");
 }
 
 // Save a password for www.facebook.com and see it suggested for m.facebook.com.
 TEST_F(NativeBackendGnomeTest, PSLMatchingPositive) {
   PasswordForm result;
   const GURL kMobileURL("http://m.facebook.com/");
   password_manager::PSLMatchingHelper helper;
   ASSERT_TRUE(helper.IsMatchingEnabled());
-  EXPECT_TRUE(CheckCredentialAvailability(form_facebook_, kMobileURL, &result));
+  EXPECT_TRUE(CheckCredentialAvailability(
+      form_facebook_, kMobileURL, PasswordForm::SCHEME_HTML, &result));
   EXPECT_EQ(kMobileURL, result.origin);
   EXPECT_EQ(kMobileURL.spec(), result.signon_realm);
 }
 
 // Save a password for www.facebook.com and see it not suggested for
 // m-facebook.com.
 TEST_F(NativeBackendGnomeTest, PSLMatchingNegativeDomainMismatch) {
   password_manager::PSLMatchingHelper helper;
   ASSERT_TRUE(helper.IsMatchingEnabled());
   EXPECT_FALSE(CheckCredentialAvailability(
-      form_facebook_, GURL("http://m-facebook.com/"), NULL));
+      form_facebook_, GURL("http://m-facebook.com/"),
+      PasswordForm::SCHEME_HTML, NULL));
 }
 
 // Test PSL matching is off for domains excluded from it.
 TEST_F(NativeBackendGnomeTest, PSLMatchingDisabledDomains) {
   password_manager::PSLMatchingHelper helper;
   ASSERT_TRUE(helper.IsMatchingEnabled());
   EXPECT_FALSE(CheckCredentialAvailability(
-      form_google_, GURL("http://one.google.com/"), NULL));
+      form_google_, GURL("http://one.google.com/"),
+      PasswordForm::SCHEME_HTML, NULL));
+}
+
+// Make sure PSL matches aren't available for non-HTML forms.
+TEST_F(NativeBackendGnomeTest, PSLMatchingDisabledForNonHTMLForms) {
+  password_manager::PSLMatchingHelper helper;
+  ASSERT_TRUE(helper.IsMatchingEnabled());
+
+  CheckMatchingWithScheme(PasswordForm::SCHEME_BASIC);
+  CheckMatchingWithScheme(PasswordForm::SCHEME_DIGEST);
+  CheckMatchingWithScheme(PasswordForm::SCHEME_OTHER);
+
 }
 
 TEST_F(NativeBackendGnomeTest, PSLUpdatingStrictUpdateLogin) {
   CheckPSLUpdate(UPDATE_BY_UPDATELOGIN);
 }
 
 TEST_F(NativeBackendGnomeTest, PSLUpdatingStrictAddLogin) {
   // TODO(vabr): if AddLogin becomes no longer valid for existing logins, then
   // just delete this test.
   CheckPSLUpdate(UPDATE_BY_ADDLOGIN);
@@ skipping 145 matching lines @@
   // Quick check that we got two results back.
   EXPECT_EQ(2u, form_list.size());
   STLDeleteElements(&form_list);
 
   EXPECT_EQ(1u, mock_keyring_items.size());
   if (mock_keyring_items.size() > 0)
     CheckMockKeyringItem(&mock_keyring_items[0], form_google_, "chrome-42");
 }
 
 // TODO(mdm): add more basic tests here at some point.