| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <string> | 5 #include <string> |
| 6 #include <utility> | 6 #include <utility> |
| 7 | 7 |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/macros.h" | 9 #include "base/macros.h" |
| 10 #include "base/memory/ptr_util.h" | 10 #include "base/memory/ptr_util.h" |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 60 #include "net/url_request/test_url_fetcher_factory.h" | 60 #include "net/url_request/test_url_fetcher_factory.h" |
| 61 #include "testing/gmock/include/gmock/gmock.h" | 61 #include "testing/gmock/include/gmock/gmock.h" |
| 62 #include "third_party/WebKit/public/platform/WebInputEvent.h" | 62 #include "third_party/WebKit/public/platform/WebInputEvent.h" |
| 63 #include "ui/events/keycodes/keyboard_codes.h" | 63 #include "ui/events/keycodes/keyboard_codes.h" |
| 64 #include "ui/gfx/geometry/point.h" | 64 #include "ui/gfx/geometry/point.h" |
| 65 | 65 |
| 66 using testing::_; | 66 using testing::_; |
| 67 | 67 |
| 68 namespace { | 68 namespace { |
| 69 | 69 |
| 70 // Fixture with the Form-Not-Secure in-field warning feature enabled. |
| 71 class PasswordManagerBrowserTestWarning |
| 72 : public PasswordManagerBrowserTestBase { |
| 73 public: |
| 74 PasswordManagerBrowserTestWarning() {} |
| 75 |
| 76 void SetUpCommandLine(base::CommandLine* command_line) override { |
| 77 // We need to set the feature state before the render process is created, |
| 78 // in order for it to inherit the feature state from the browser process. |
| 79 // SetUp() runs too early, and SetUpOnMainThread() runs too late. |
| 80 scoped_feature_list_.InitAndEnableFeature( |
| 81 security_state::kHttpFormWarningFeature); |
| 82 } |
| 83 |
| 84 protected: |
| 85 base::test::ScopedFeatureList scoped_feature_list_; |
| 86 |
| 87 private: |
| 88 DISALLOW_COPY_AND_ASSIGN(PasswordManagerBrowserTestWarning); |
| 89 }; |
| 90 |
| 70 class MockLoginModelObserver : public password_manager::LoginModelObserver { | 91 class MockLoginModelObserver : public password_manager::LoginModelObserver { |
| 71 public: | 92 public: |
| 72 MOCK_METHOD2(OnAutofillDataAvailableInternal, | 93 MOCK_METHOD2(OnAutofillDataAvailableInternal, |
| 73 void(const base::string16&, const base::string16&)); | 94 void(const base::string16&, const base::string16&)); |
| 74 | 95 |
| 75 private: | 96 private: |
| 76 void OnLoginModelDestroying() override {} | 97 void OnLoginModelDestroying() override {} |
| 77 }; | 98 }; |
| 78 | 99 |
| 79 GURL GetFileURL(const char* filename) { | 100 GURL GetFileURL(const char* filename) { |
| (...skipping 1741 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1821 "window.domAutomationController.send(usernameRect.left);", | 1842 "window.domAutomationController.send(usernameRect.left);", |
| 1822 &left)); | 1843 &left)); |
| 1823 | 1844 |
| 1824 content::SimulateMouseClickAt( | 1845 content::SimulateMouseClickAt( |
| 1825 WebContents(), 0, blink::WebMouseEvent::Button::Left, gfx::Point(left + 1, | 1846 WebContents(), 0, blink::WebMouseEvent::Button::Left, gfx::Point(left + 1, |
| 1826 top + 1)); | 1847 top + 1)); |
| 1827 // Make sure the popup would be shown. | 1848 // Make sure the popup would be shown. |
| 1828 observing_autofill_client->Wait(); | 1849 observing_autofill_client->Wait(); |
| 1829 } | 1850 } |
| 1830 | 1851 |
| 1831 // Flaky on official builds (?): https://crbug.com/693717 | |
| 1832 IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTestBase, | |
| 1833 DISABLED_ShowFormNotSecureOnUsernameField) { | |
| 1834 password_manager::ContentPasswordManagerDriverFactory* driver_factory = | |
| 1835 password_manager::ContentPasswordManagerDriverFactory::FromWebContents( | |
| 1836 WebContents()); | |
| 1837 ObservingAutofillClient::CreateForWebContents(WebContents()); | |
| 1838 ObservingAutofillClient* observing_autofill_client = | |
| 1839 ObservingAutofillClient::FromWebContents(WebContents()); | |
| 1840 password_manager::ContentPasswordManagerDriver* driver = | |
| 1841 driver_factory->GetDriverForFrame(RenderViewHost()->GetMainFrame()); | |
| 1842 DCHECK(driver); | |
| 1843 driver->GetPasswordAutofillManager()->set_autofill_client( | |
| 1844 observing_autofill_client); | |
| 1845 | |
| 1846 // We need to serve from a non-localhost context for the form to be treated as | |
| 1847 // Not Secure. | |
| 1848 host_resolver()->AddRule("example.com", "127.0.0.1"); | |
| 1849 NavigationObserver observer(WebContents()); | |
| 1850 ui_test_utils::NavigateToURL( | |
| 1851 browser(), embedded_test_server()->GetURL( | |
| 1852 "example.com", "/password/password_form.html")); | |
| 1853 observer.Wait(); | |
| 1854 | |
| 1855 ASSERT_TRUE(content::ExecuteScript( | |
| 1856 RenderViewHost(), | |
| 1857 "var inputRect = document.getElementById('username_field_no_name')" | |
| 1858 ".getBoundingClientRect();")); | |
| 1859 | |
| 1860 // Click on the username field to verify the warning is shown. | |
| 1861 int top; | |
| 1862 ASSERT_TRUE(content::ExecuteScriptAndExtractInt( | |
| 1863 RenderViewHost(), "window.domAutomationController.send(inputRect.top);", | |
| 1864 &top)); | |
| 1865 int left; | |
| 1866 ASSERT_TRUE(content::ExecuteScriptAndExtractInt( | |
| 1867 RenderViewHost(), "window.domAutomationController.send(inputRect.left);", | |
| 1868 &left)); | |
| 1869 | |
| 1870 const char kHistogram[] = | |
| 1871 "PasswordManager.ShowedFormNotSecureWarningOnCurrentNavigation"; | |
| 1872 base::HistogramTester histograms; | |
| 1873 | |
| 1874 content::SimulateMouseClickAt(WebContents(), 0, | |
| 1875 blink::WebMouseEvent::Button::Left, | |
| 1876 gfx::Point(left + 1, top + 1)); | |
| 1877 // Ensure the warning would be shown. | |
| 1878 observing_autofill_client->Wait(); | |
| 1879 // Ensure the histogram was updated. | |
| 1880 histograms.ExpectUniqueSample(kHistogram, true, 1); | |
| 1881 } | |
| 1882 | |
| 1883 IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTestBase, | |
| 1884 DoNotShowFormNotSecureOnUnrelatedField) { | |
| 1885 password_manager::ContentPasswordManagerDriverFactory* driver_factory = | |
| 1886 password_manager::ContentPasswordManagerDriverFactory::FromWebContents( | |
| 1887 WebContents()); | |
| 1888 ObservingAutofillClient::CreateForWebContents(WebContents()); | |
| 1889 ObservingAutofillClient* observing_autofill_client = | |
| 1890 ObservingAutofillClient::FromWebContents(WebContents()); | |
| 1891 password_manager::ContentPasswordManagerDriver* driver = | |
| 1892 driver_factory->GetDriverForFrame(RenderViewHost()->GetMainFrame()); | |
| 1893 DCHECK(driver); | |
| 1894 driver->GetPasswordAutofillManager()->set_autofill_client( | |
| 1895 observing_autofill_client); | |
| 1896 | |
| 1897 // We need to serve from a non-localhost context for the form to be treated as | |
| 1898 // Not Secure. | |
| 1899 host_resolver()->AddRule("example.com", "127.0.0.1"); | |
| 1900 NavigationObserver observer(WebContents()); | |
| 1901 ui_test_utils::NavigateToURL( | |
| 1902 browser(), embedded_test_server()->GetURL( | |
| 1903 "example.com", "/password/password_form.html")); | |
| 1904 observer.Wait(); | |
| 1905 | |
| 1906 ASSERT_TRUE(content::ExecuteScript( | |
| 1907 RenderViewHost(), | |
| 1908 "var inputRect = document.getElementById('ef_extra')" | |
| 1909 ".getBoundingClientRect();")); | |
| 1910 | |
| 1911 // Click on the non-username text field. | |
| 1912 int top; | |
| 1913 ASSERT_TRUE(content::ExecuteScriptAndExtractInt( | |
| 1914 RenderViewHost(), "window.domAutomationController.send(inputRect.top);", | |
| 1915 &top)); | |
| 1916 int left; | |
| 1917 ASSERT_TRUE(content::ExecuteScriptAndExtractInt( | |
| 1918 RenderViewHost(), "window.domAutomationController.send(inputRect.left);", | |
| 1919 &left)); | |
| 1920 | |
| 1921 const char kHistogram[] = | |
| 1922 "PasswordManager.ShowedFormNotSecureWarningOnCurrentNavigation"; | |
| 1923 base::HistogramTester histograms; | |
| 1924 | |
| 1925 content::SimulateMouseClickAt(WebContents(), 0, | |
| 1926 blink::WebMouseEvent::Button::Left, | |
| 1927 gfx::Point(left + 1, top + 1)); | |
| 1928 // Force a round-trip. | |
| 1929 ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), "var noop = 'noop';")); | |
| 1930 // Ensure the warning was not triggered. | |
| 1931 ASSERT_FALSE(observing_autofill_client->DidPopupAppear()); | |
| 1932 // Ensure the histogram remains empty. | |
| 1933 histograms.ExpectTotalCount(kHistogram, 0); | |
| 1934 } | |
| 1935 | |
| 1936 IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTestBase, | 1852 IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTestBase, |
| 1937 ChangePwdFormBubbleShown) { | 1853 ChangePwdFormBubbleShown) { |
| 1938 NavigateToFile("/password/password_form.html"); | 1854 NavigateToFile("/password/password_form.html"); |
| 1939 | 1855 |
| 1940 NavigationObserver observer(WebContents()); | 1856 NavigationObserver observer(WebContents()); |
| 1941 std::unique_ptr<BubbleObserver> prompt_observer( | 1857 std::unique_ptr<BubbleObserver> prompt_observer( |
| 1942 new BubbleObserver(WebContents())); | 1858 new BubbleObserver(WebContents())); |
| 1943 std::string fill_and_submit = | 1859 std::string fill_and_submit = |
| 1944 "document.getElementById('chg_username_field').value = 'temp';" | 1860 "document.getElementById('chg_username_field').value = 'temp';" |
| 1945 "document.getElementById('chg_password_field').value = 'random';" | 1861 "document.getElementById('chg_password_field').value = 'random';" |
| (...skipping 1380 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3326 // Check that the autofill and password manager driver factories are notified | 3242 // Check that the autofill and password manager driver factories are notified |
| 3327 // about all frames, not just the main one. The factories should receive | 3243 // about all frames, not just the main one. The factories should receive |
| 3328 // messages for non-main frames, in particular | 3244 // messages for non-main frames, in particular |
| 3329 // AutofillHostMsg_PasswordFormsParsed. If that were the first time the | 3245 // AutofillHostMsg_PasswordFormsParsed. If that were the first time the |
| 3330 // factories hear about such frames, this would crash. | 3246 // factories hear about such frames, this would crash. |
| 3331 tab_strip_model->AddWebContents(detached_web_contents.release(), -1, | 3247 tab_strip_model->AddWebContents(detached_web_contents.release(), -1, |
| 3332 ::ui::PAGE_TRANSITION_AUTO_TOPLEVEL, | 3248 ::ui::PAGE_TRANSITION_AUTO_TOPLEVEL, |
| 3333 TabStripModel::ADD_ACTIVE); | 3249 TabStripModel::ADD_ACTIVE); |
| 3334 } | 3250 } |
| 3335 | 3251 |
| 3252 // Verify the Form-Not-Secure warning is shown on a non-secure username field. |
| 3253 IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTestWarning, |
| 3254 ShowFormNotSecureOnUsernameField) { |
| 3255 ASSERT_TRUE( |
| 3256 base::FeatureList::IsEnabled(security_state::kHttpFormWarningFeature)); |
| 3257 |
| 3258 password_manager::ContentPasswordManagerDriverFactory* driver_factory = |
| 3259 password_manager::ContentPasswordManagerDriverFactory::FromWebContents( |
| 3260 WebContents()); |
| 3261 ObservingAutofillClient::CreateForWebContents(WebContents()); |
| 3262 ObservingAutofillClient* observing_autofill_client = |
| 3263 ObservingAutofillClient::FromWebContents(WebContents()); |
| 3264 password_manager::ContentPasswordManagerDriver* driver = |
| 3265 driver_factory->GetDriverForFrame(RenderViewHost()->GetMainFrame()); |
| 3266 DCHECK(driver); |
| 3267 driver->GetPasswordAutofillManager()->set_autofill_client( |
| 3268 observing_autofill_client); |
| 3269 |
| 3270 // We need to serve from a non-localhost context for the form to be treated as |
| 3271 // Not Secure. |
| 3272 host_resolver()->AddRule("example.com", "127.0.0.1"); |
| 3273 NavigationObserver observer(WebContents()); |
| 3274 ui_test_utils::NavigateToURL( |
| 3275 browser(), embedded_test_server()->GetURL( |
| 3276 "example.com", "/password/password_form.html")); |
| 3277 observer.Wait(); |
| 3278 |
| 3279 ASSERT_TRUE(content::ExecuteScript( |
| 3280 RenderViewHost(), |
| 3281 "var inputRect = document.getElementById('username_field_no_name')" |
| 3282 ".getBoundingClientRect();")); |
| 3283 |
| 3284 // Click on the username field to verify the warning is shown. |
| 3285 int top; |
| 3286 ASSERT_TRUE(content::ExecuteScriptAndExtractInt( |
| 3287 RenderViewHost(), "window.domAutomationController.send(inputRect.top);", |
| 3288 &top)); |
| 3289 int left; |
| 3290 ASSERT_TRUE(content::ExecuteScriptAndExtractInt( |
| 3291 RenderViewHost(), "window.domAutomationController.send(inputRect.left);", |
| 3292 &left)); |
| 3293 |
| 3294 const char kHistogram[] = |
| 3295 "PasswordManager.ShowedFormNotSecureWarningOnCurrentNavigation"; |
| 3296 base::HistogramTester histograms; |
| 3297 |
| 3298 content::SimulateMouseClickAt(WebContents(), 0, |
| 3299 blink::WebMouseEvent::Button::Left, |
| 3300 gfx::Point(left + 1, top + 1)); |
| 3301 // Ensure the warning would be shown. |
| 3302 observing_autofill_client->Wait(); |
| 3303 // Ensure the histogram was updated. |
| 3304 histograms.ExpectUniqueSample(kHistogram, true, 1); |
| 3305 } |
| 3306 |
| 3307 // Verify the Form-Not-Secure warning is not shown on a non-credential field. |
| 3308 IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTestWarning, |
| 3309 DoNotShowFormNotSecureOnUnrelatedField) { |
| 3310 ASSERT_TRUE( |
| 3311 base::FeatureList::IsEnabled(security_state::kHttpFormWarningFeature)); |
| 3312 |
| 3313 password_manager::ContentPasswordManagerDriverFactory* driver_factory = |
| 3314 password_manager::ContentPasswordManagerDriverFactory::FromWebContents( |
| 3315 WebContents()); |
| 3316 ObservingAutofillClient::CreateForWebContents(WebContents()); |
| 3317 ObservingAutofillClient* observing_autofill_client = |
| 3318 ObservingAutofillClient::FromWebContents(WebContents()); |
| 3319 password_manager::ContentPasswordManagerDriver* driver = |
| 3320 driver_factory->GetDriverForFrame(RenderViewHost()->GetMainFrame()); |
| 3321 DCHECK(driver); |
| 3322 driver->GetPasswordAutofillManager()->set_autofill_client( |
| 3323 observing_autofill_client); |
| 3324 |
| 3325 // We need to serve from a non-localhost context for the form to be treated as |
| 3326 // Not Secure. |
| 3327 host_resolver()->AddRule("example.com", "127.0.0.1"); |
| 3328 NavigationObserver observer(WebContents()); |
| 3329 ui_test_utils::NavigateToURL( |
| 3330 browser(), embedded_test_server()->GetURL( |
| 3331 "example.com", "/password/password_form.html")); |
| 3332 observer.Wait(); |
| 3333 |
| 3334 ASSERT_TRUE(content::ExecuteScript( |
| 3335 RenderViewHost(), |
| 3336 "var inputRect = document.getElementById('ef_extra')" |
| 3337 ".getBoundingClientRect();")); |
| 3338 |
| 3339 // Click on the non-username text field. |
| 3340 int top; |
| 3341 ASSERT_TRUE(content::ExecuteScriptAndExtractInt( |
| 3342 RenderViewHost(), "window.domAutomationController.send(inputRect.top);", |
| 3343 &top)); |
| 3344 int left; |
| 3345 ASSERT_TRUE(content::ExecuteScriptAndExtractInt( |
| 3346 RenderViewHost(), "window.domAutomationController.send(inputRect.left);", |
| 3347 &left)); |
| 3348 |
| 3349 const char kHistogram[] = |
| 3350 "PasswordManager.ShowedFormNotSecureWarningOnCurrentNavigation"; |
| 3351 base::HistogramTester histograms; |
| 3352 |
| 3353 content::SimulateMouseClickAt(WebContents(), 0, |
| 3354 blink::WebMouseEvent::Button::Left, |
| 3355 gfx::Point(left + 1, top + 1)); |
| 3356 // Force a round-trip. |
| 3357 ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), "var noop = 'noop';")); |
| 3358 // Ensure the warning was not triggered. |
| 3359 ASSERT_FALSE(observing_autofill_client->DidPopupAppear()); |
| 3360 // Ensure the histogram remains empty. |
| 3361 histograms.ExpectTotalCount(kHistogram, 0); |
| 3362 } |
| 3363 |
| 3336 } // namespace password_manager | 3364 } // namespace password_manager |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2709703003:
Enable HttpFormWarning feature for browser tests (Closed)
