OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <string> | 5 #include <string> |
6 #include <utility> | 6 #include <utility> |
7 | 7 |
8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
9 #include "base/macros.h" | 9 #include "base/macros.h" |
10 #include "base/memory/ptr_util.h" | 10 #include "base/memory/ptr_util.h" |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
60 #include "net/url_request/test_url_fetcher_factory.h" | 60 #include "net/url_request/test_url_fetcher_factory.h" |
61 #include "testing/gmock/include/gmock/gmock.h" | 61 #include "testing/gmock/include/gmock/gmock.h" |
62 #include "third_party/WebKit/public/platform/WebInputEvent.h" | 62 #include "third_party/WebKit/public/platform/WebInputEvent.h" |
63 #include "ui/events/keycodes/keyboard_codes.h" | 63 #include "ui/events/keycodes/keyboard_codes.h" |
64 #include "ui/gfx/geometry/point.h" | 64 #include "ui/gfx/geometry/point.h" |
65 | 65 |
66 using testing::_; | 66 using testing::_; |
67 | 67 |
68 namespace { | 68 namespace { |
69 | 69 |
| 70 // Fixture with the Form-Not-Secure in-field warning feature enabled. |
| 71 class PasswordManagerBrowserTestWarning |
| 72 : public PasswordManagerBrowserTestBase { |
| 73 public: |
| 74 PasswordManagerBrowserTestWarning() {} |
| 75 |
| 76 void SetUpCommandLine(base::CommandLine* command_line) override { |
| 77 // We need to set the feature state before the render process is created, |
| 78 // in order for it to inherit the feature state from the browser process. |
| 79 // SetUp() runs too early, and SetUpOnMainThread() runs too late. |
| 80 scoped_feature_list_.InitAndEnableFeature( |
| 81 security_state::kHttpFormWarningFeature); |
| 82 } |
| 83 |
| 84 protected: |
| 85 base::test::ScopedFeatureList scoped_feature_list_; |
| 86 |
| 87 private: |
| 88 DISALLOW_COPY_AND_ASSIGN(PasswordManagerBrowserTestWarning); |
| 89 }; |
| 90 |
70 class MockLoginModelObserver : public password_manager::LoginModelObserver { | 91 class MockLoginModelObserver : public password_manager::LoginModelObserver { |
71 public: | 92 public: |
72 MOCK_METHOD2(OnAutofillDataAvailableInternal, | 93 MOCK_METHOD2(OnAutofillDataAvailableInternal, |
73 void(const base::string16&, const base::string16&)); | 94 void(const base::string16&, const base::string16&)); |
74 | 95 |
75 private: | 96 private: |
76 void OnLoginModelDestroying() override {} | 97 void OnLoginModelDestroying() override {} |
77 }; | 98 }; |
78 | 99 |
79 GURL GetFileURL(const char* filename) { | 100 GURL GetFileURL(const char* filename) { |
(...skipping 1741 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1821 "window.domAutomationController.send(usernameRect.left);", | 1842 "window.domAutomationController.send(usernameRect.left);", |
1822 &left)); | 1843 &left)); |
1823 | 1844 |
1824 content::SimulateMouseClickAt( | 1845 content::SimulateMouseClickAt( |
1825 WebContents(), 0, blink::WebMouseEvent::Button::Left, gfx::Point(left + 1, | 1846 WebContents(), 0, blink::WebMouseEvent::Button::Left, gfx::Point(left + 1, |
1826 top + 1)); | 1847 top + 1)); |
1827 // Make sure the popup would be shown. | 1848 // Make sure the popup would be shown. |
1828 observing_autofill_client->Wait(); | 1849 observing_autofill_client->Wait(); |
1829 } | 1850 } |
1830 | 1851 |
1831 // Flaky on official builds (?): https://crbug.com/693717 | |
1832 IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTestBase, | |
1833 DISABLED_ShowFormNotSecureOnUsernameField) { | |
1834 password_manager::ContentPasswordManagerDriverFactory* driver_factory = | |
1835 password_manager::ContentPasswordManagerDriverFactory::FromWebContents( | |
1836 WebContents()); | |
1837 ObservingAutofillClient::CreateForWebContents(WebContents()); | |
1838 ObservingAutofillClient* observing_autofill_client = | |
1839 ObservingAutofillClient::FromWebContents(WebContents()); | |
1840 password_manager::ContentPasswordManagerDriver* driver = | |
1841 driver_factory->GetDriverForFrame(RenderViewHost()->GetMainFrame()); | |
1842 DCHECK(driver); | |
1843 driver->GetPasswordAutofillManager()->set_autofill_client( | |
1844 observing_autofill_client); | |
1845 | |
1846 // We need to serve from a non-localhost context for the form to be treated as | |
1847 // Not Secure. | |
1848 host_resolver()->AddRule("example.com", "127.0.0.1"); | |
1849 NavigationObserver observer(WebContents()); | |
1850 ui_test_utils::NavigateToURL( | |
1851 browser(), embedded_test_server()->GetURL( | |
1852 "example.com", "/password/password_form.html")); | |
1853 observer.Wait(); | |
1854 | |
1855 ASSERT_TRUE(content::ExecuteScript( | |
1856 RenderViewHost(), | |
1857 "var inputRect = document.getElementById('username_field_no_name')" | |
1858 ".getBoundingClientRect();")); | |
1859 | |
1860 // Click on the username field to verify the warning is shown. | |
1861 int top; | |
1862 ASSERT_TRUE(content::ExecuteScriptAndExtractInt( | |
1863 RenderViewHost(), "window.domAutomationController.send(inputRect.top);", | |
1864 &top)); | |
1865 int left; | |
1866 ASSERT_TRUE(content::ExecuteScriptAndExtractInt( | |
1867 RenderViewHost(), "window.domAutomationController.send(inputRect.left);", | |
1868 &left)); | |
1869 | |
1870 const char kHistogram[] = | |
1871 "PasswordManager.ShowedFormNotSecureWarningOnCurrentNavigation"; | |
1872 base::HistogramTester histograms; | |
1873 | |
1874 content::SimulateMouseClickAt(WebContents(), 0, | |
1875 blink::WebMouseEvent::Button::Left, | |
1876 gfx::Point(left + 1, top + 1)); | |
1877 // Ensure the warning would be shown. | |
1878 observing_autofill_client->Wait(); | |
1879 // Ensure the histogram was updated. | |
1880 histograms.ExpectUniqueSample(kHistogram, true, 1); | |
1881 } | |
1882 | |
1883 IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTestBase, | |
1884 DoNotShowFormNotSecureOnUnrelatedField) { | |
1885 password_manager::ContentPasswordManagerDriverFactory* driver_factory = | |
1886 password_manager::ContentPasswordManagerDriverFactory::FromWebContents( | |
1887 WebContents()); | |
1888 ObservingAutofillClient::CreateForWebContents(WebContents()); | |
1889 ObservingAutofillClient* observing_autofill_client = | |
1890 ObservingAutofillClient::FromWebContents(WebContents()); | |
1891 password_manager::ContentPasswordManagerDriver* driver = | |
1892 driver_factory->GetDriverForFrame(RenderViewHost()->GetMainFrame()); | |
1893 DCHECK(driver); | |
1894 driver->GetPasswordAutofillManager()->set_autofill_client( | |
1895 observing_autofill_client); | |
1896 | |
1897 // We need to serve from a non-localhost context for the form to be treated as | |
1898 // Not Secure. | |
1899 host_resolver()->AddRule("example.com", "127.0.0.1"); | |
1900 NavigationObserver observer(WebContents()); | |
1901 ui_test_utils::NavigateToURL( | |
1902 browser(), embedded_test_server()->GetURL( | |
1903 "example.com", "/password/password_form.html")); | |
1904 observer.Wait(); | |
1905 | |
1906 ASSERT_TRUE(content::ExecuteScript( | |
1907 RenderViewHost(), | |
1908 "var inputRect = document.getElementById('ef_extra')" | |
1909 ".getBoundingClientRect();")); | |
1910 | |
1911 // Click on the non-username text field. | |
1912 int top; | |
1913 ASSERT_TRUE(content::ExecuteScriptAndExtractInt( | |
1914 RenderViewHost(), "window.domAutomationController.send(inputRect.top);", | |
1915 &top)); | |
1916 int left; | |
1917 ASSERT_TRUE(content::ExecuteScriptAndExtractInt( | |
1918 RenderViewHost(), "window.domAutomationController.send(inputRect.left);", | |
1919 &left)); | |
1920 | |
1921 const char kHistogram[] = | |
1922 "PasswordManager.ShowedFormNotSecureWarningOnCurrentNavigation"; | |
1923 base::HistogramTester histograms; | |
1924 | |
1925 content::SimulateMouseClickAt(WebContents(), 0, | |
1926 blink::WebMouseEvent::Button::Left, | |
1927 gfx::Point(left + 1, top + 1)); | |
1928 // Force a round-trip. | |
1929 ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), "var noop = 'noop';")); | |
1930 // Ensure the warning was not triggered. | |
1931 ASSERT_FALSE(observing_autofill_client->DidPopupAppear()); | |
1932 // Ensure the histogram remains empty. | |
1933 histograms.ExpectTotalCount(kHistogram, 0); | |
1934 } | |
1935 | |
1936 IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTestBase, | 1852 IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTestBase, |
1937 ChangePwdFormBubbleShown) { | 1853 ChangePwdFormBubbleShown) { |
1938 NavigateToFile("/password/password_form.html"); | 1854 NavigateToFile("/password/password_form.html"); |
1939 | 1855 |
1940 NavigationObserver observer(WebContents()); | 1856 NavigationObserver observer(WebContents()); |
1941 std::unique_ptr<BubbleObserver> prompt_observer( | 1857 std::unique_ptr<BubbleObserver> prompt_observer( |
1942 new BubbleObserver(WebContents())); | 1858 new BubbleObserver(WebContents())); |
1943 std::string fill_and_submit = | 1859 std::string fill_and_submit = |
1944 "document.getElementById('chg_username_field').value = 'temp';" | 1860 "document.getElementById('chg_username_field').value = 'temp';" |
1945 "document.getElementById('chg_password_field').value = 'random';" | 1861 "document.getElementById('chg_password_field').value = 'random';" |
(...skipping 1380 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3326 // Check that the autofill and password manager driver factories are notified | 3242 // Check that the autofill and password manager driver factories are notified |
3327 // about all frames, not just the main one. The factories should receive | 3243 // about all frames, not just the main one. The factories should receive |
3328 // messages for non-main frames, in particular | 3244 // messages for non-main frames, in particular |
3329 // AutofillHostMsg_PasswordFormsParsed. If that were the first time the | 3245 // AutofillHostMsg_PasswordFormsParsed. If that were the first time the |
3330 // factories hear about such frames, this would crash. | 3246 // factories hear about such frames, this would crash. |
3331 tab_strip_model->AddWebContents(detached_web_contents.release(), -1, | 3247 tab_strip_model->AddWebContents(detached_web_contents.release(), -1, |
3332 ::ui::PAGE_TRANSITION_AUTO_TOPLEVEL, | 3248 ::ui::PAGE_TRANSITION_AUTO_TOPLEVEL, |
3333 TabStripModel::ADD_ACTIVE); | 3249 TabStripModel::ADD_ACTIVE); |
3334 } | 3250 } |
3335 | 3251 |
| 3252 // Verify the Form-Not-Secure warning is shown on a non-secure username field. |
| 3253 IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTestWarning, |
| 3254 ShowFormNotSecureOnUsernameField) { |
| 3255 ASSERT_TRUE( |
| 3256 base::FeatureList::IsEnabled(security_state::kHttpFormWarningFeature)); |
| 3257 |
| 3258 password_manager::ContentPasswordManagerDriverFactory* driver_factory = |
| 3259 password_manager::ContentPasswordManagerDriverFactory::FromWebContents( |
| 3260 WebContents()); |
| 3261 ObservingAutofillClient::CreateForWebContents(WebContents()); |
| 3262 ObservingAutofillClient* observing_autofill_client = |
| 3263 ObservingAutofillClient::FromWebContents(WebContents()); |
| 3264 password_manager::ContentPasswordManagerDriver* driver = |
| 3265 driver_factory->GetDriverForFrame(RenderViewHost()->GetMainFrame()); |
| 3266 DCHECK(driver); |
| 3267 driver->GetPasswordAutofillManager()->set_autofill_client( |
| 3268 observing_autofill_client); |
| 3269 |
| 3270 // We need to serve from a non-localhost context for the form to be treated as |
| 3271 // Not Secure. |
| 3272 host_resolver()->AddRule("example.com", "127.0.0.1"); |
| 3273 NavigationObserver observer(WebContents()); |
| 3274 ui_test_utils::NavigateToURL( |
| 3275 browser(), embedded_test_server()->GetURL( |
| 3276 "example.com", "/password/password_form.html")); |
| 3277 observer.Wait(); |
| 3278 |
| 3279 ASSERT_TRUE(content::ExecuteScript( |
| 3280 RenderViewHost(), |
| 3281 "var inputRect = document.getElementById('username_field_no_name')" |
| 3282 ".getBoundingClientRect();")); |
| 3283 |
| 3284 // Click on the username field to verify the warning is shown. |
| 3285 int top; |
| 3286 ASSERT_TRUE(content::ExecuteScriptAndExtractInt( |
| 3287 RenderViewHost(), "window.domAutomationController.send(inputRect.top);", |
| 3288 &top)); |
| 3289 int left; |
| 3290 ASSERT_TRUE(content::ExecuteScriptAndExtractInt( |
| 3291 RenderViewHost(), "window.domAutomationController.send(inputRect.left);", |
| 3292 &left)); |
| 3293 |
| 3294 const char kHistogram[] = |
| 3295 "PasswordManager.ShowedFormNotSecureWarningOnCurrentNavigation"; |
| 3296 base::HistogramTester histograms; |
| 3297 |
| 3298 content::SimulateMouseClickAt(WebContents(), 0, |
| 3299 blink::WebMouseEvent::Button::Left, |
| 3300 gfx::Point(left + 1, top + 1)); |
| 3301 // Ensure the warning would be shown. |
| 3302 observing_autofill_client->Wait(); |
| 3303 // Ensure the histogram was updated. |
| 3304 histograms.ExpectUniqueSample(kHistogram, true, 1); |
| 3305 } |
| 3306 |
| 3307 // Verify the Form-Not-Secure warning is not shown on a non-credential field. |
| 3308 IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTestWarning, |
| 3309 DoNotShowFormNotSecureOnUnrelatedField) { |
| 3310 ASSERT_TRUE( |
| 3311 base::FeatureList::IsEnabled(security_state::kHttpFormWarningFeature)); |
| 3312 |
| 3313 password_manager::ContentPasswordManagerDriverFactory* driver_factory = |
| 3314 password_manager::ContentPasswordManagerDriverFactory::FromWebContents( |
| 3315 WebContents()); |
| 3316 ObservingAutofillClient::CreateForWebContents(WebContents()); |
| 3317 ObservingAutofillClient* observing_autofill_client = |
| 3318 ObservingAutofillClient::FromWebContents(WebContents()); |
| 3319 password_manager::ContentPasswordManagerDriver* driver = |
| 3320 driver_factory->GetDriverForFrame(RenderViewHost()->GetMainFrame()); |
| 3321 DCHECK(driver); |
| 3322 driver->GetPasswordAutofillManager()->set_autofill_client( |
| 3323 observing_autofill_client); |
| 3324 |
| 3325 // We need to serve from a non-localhost context for the form to be treated as |
| 3326 // Not Secure. |
| 3327 host_resolver()->AddRule("example.com", "127.0.0.1"); |
| 3328 NavigationObserver observer(WebContents()); |
| 3329 ui_test_utils::NavigateToURL( |
| 3330 browser(), embedded_test_server()->GetURL( |
| 3331 "example.com", "/password/password_form.html")); |
| 3332 observer.Wait(); |
| 3333 |
| 3334 ASSERT_TRUE(content::ExecuteScript( |
| 3335 RenderViewHost(), |
| 3336 "var inputRect = document.getElementById('ef_extra')" |
| 3337 ".getBoundingClientRect();")); |
| 3338 |
| 3339 // Click on the non-username text field. |
| 3340 int top; |
| 3341 ASSERT_TRUE(content::ExecuteScriptAndExtractInt( |
| 3342 RenderViewHost(), "window.domAutomationController.send(inputRect.top);", |
| 3343 &top)); |
| 3344 int left; |
| 3345 ASSERT_TRUE(content::ExecuteScriptAndExtractInt( |
| 3346 RenderViewHost(), "window.domAutomationController.send(inputRect.left);", |
| 3347 &left)); |
| 3348 |
| 3349 const char kHistogram[] = |
| 3350 "PasswordManager.ShowedFormNotSecureWarningOnCurrentNavigation"; |
| 3351 base::HistogramTester histograms; |
| 3352 |
| 3353 content::SimulateMouseClickAt(WebContents(), 0, |
| 3354 blink::WebMouseEvent::Button::Left, |
| 3355 gfx::Point(left + 1, top + 1)); |
| 3356 // Force a round-trip. |
| 3357 ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), "var noop = 'noop';")); |
| 3358 // Ensure the warning was not triggered. |
| 3359 ASSERT_FALSE(observing_autofill_client->DidPopupAppear()); |
| 3360 // Ensure the histogram remains empty. |
| 3361 histograms.ExpectTotalCount(kHistogram, 0); |
| 3362 } |
| 3363 |
3336 } // namespace password_manager | 3364 } // namespace password_manager |
OLD | NEW |