Move Credentials when migrating to HSTS page

chrome/browser/password_manager/credential_manager_browsertest.cc

Index: chrome/browser/password_manager/credential_manager_browsertest.cc
diff --git a/chrome/browser/password_manager/credential_manager_browsertest.cc b/chrome/browser/password_manager/credential_manager_browsertest.cc
index 452068586d8b402d1dde38cd67b4425a7b31bc46..4553680a8cf60a4b7c36432bb0707d27ef4ef578 100644
--- a/chrome/browser/password_manager/credential_manager_browsertest.cc
+++ b/chrome/browser/password_manager/credential_manager_browsertest.cc
@@ -186,6 +186,75 @@ IN_PROC_BROWSER_TEST_F(CredentialManagerBrowserTest,
 }
 
 IN_PROC_BROWSER_TEST_F(CredentialManagerBrowserTest,
+                       ObsoleteHttpCredentialMovedOnMigrationToHstsSite) {
+  auto cert = https_test_server().GetCertificate();
+  net::CertVerifyResult verify_result;
+  verify_result.cert_status = 0;
+  verify_result.is_issued_by_known_root = true;
+  verify_result.verified_cert = cert;
+  mock_cert_verifier().AddResultForCert(cert.get(), verify_result, net::OK);

[vasilii, 2017/03/08 13:31:16]

Why do we need this setup?

[jdoerrie, 2017/03/09 18:35:49]

Because otherwise |CredentialManagerImpl::Get| never seems to get called. I
don't fully understand this yet, will further investigate.

[vasilii, 2017/03/10 10:21:00]

Strange because other CredentialManagerBrowserTest tests don't require any
special set up. Something to investigate.

[jdoerrie, 2017/03/10 13:53:10]

The other tests pass because they are not making use of the https_test_server.
Here we need it to trigger the migration. Without the cert setup we can't
execute JavaScript due to the insecure origin.

+  // Add an http credential to the password store.
+  GURL https_origin = https_test_server().base_url();
+  ASSERT_TRUE(https_origin.SchemeIs(url::kHttpsScheme));
+  GURL::Replacements rep;
+  rep.SetSchemeStr(url::kHttpScheme);
+  GURL http_origin = https_origin.ReplaceComponents(rep);
+  autofill::PasswordForm http_form;
+  http_form.signon_realm = http_origin.spec();
+  http_form.origin = http_origin;
+  // Assume that the previous action was already HTTPS one matching the current
+  // page.
+  http_form.action = https_origin;
+  http_form.username_value = base::ASCIIToUTF16("user");
+  http_form.password_value = base::ASCIIToUTF16("12345");
+  scoped_refptr<password_manager::TestPasswordStore> password_store =
+      static_cast<password_manager::TestPasswordStore*>(
+          PasswordStoreFactory::GetForProfile(
+              browser()->profile(), ServiceAccessType::IMPLICIT_ACCESS)
+              .get());
+  password_store->AddLogin(http_form);
+  WaitForPasswordStore();
+
+  // Treat the host of the HTTPS test server as HSTS.
+  AddHSTSHost(https_test_server().host_port_pair().host());
+
+  // Navigate to HTTPS page and trigger the migration.
+  ui_test_utils::NavigateToURL(
+      browser(), https_test_server().GetURL("/password/password_form.html"));

[vasilii, 2017/03/08 13:31:16]

I'm afraid that you are testing the autofill web page. Can you navigate to blank
page without any password form?

[jdoerrie, 2017/03/09 18:35:49]

Done.

+
+  // Call the API to trigger |get| and |store| and redirect.
+  ASSERT_TRUE(
+      content::ExecuteScript(RenderViewHost(),
+                             "navigator.credentials.get({password: true})"

[vasilii, 2017/03/08 13:31:16]

I think get() should be enough to trigger the migration.

[jdoerrie, 2017/03/09 18:35:49]

Done.

+                             ".then(cred => "
+                             "navigator.credentials.store(cred)"
+                             ".then(cred => "
+                             "window.location = '/password/done.html'))"));
+
+  WaitForPasswordStore();
+  ASSERT_EQ(password_manager::ui::CREDENTIAL_REQUEST_STATE,
+            PasswordsModelDelegateFromWebContents(WebContents())->GetState());
+  PasswordsModelDelegateFromWebContents(WebContents())
+      ->ChooseCredential(
+          http_form,
+          password_manager::CredentialType::CREDENTIAL_TYPE_PASSWORD);
+
+  NavigationObserver observer(WebContents());
+  observer.SetPathToWaitFor("/password/done.html");
+  observer.Wait();

[vasilii, 2017/03/08 13:31:16]

I think it's all excessive.

[jdoerrie, 2017/03/09 18:35:49]

Done.

+
+  // Wait for the password store before checking the prompt because it pops up
+  // after the store replies.
+  WaitForPasswordStore();
+
+  // Only HTTPS passwords should be present.
+  EXPECT_TRUE(
+      password_store->stored_passwords().at(http_origin.spec()).empty());
+  EXPECT_FALSE(
+      password_store->stored_passwords().at(https_origin.spec()).empty());
+}
+
+IN_PROC_BROWSER_TEST_F(CredentialManagerBrowserTest,
                        AutoSigninOldCredentialAndNavigation) {
   // Save credentials with 'skip_zero_click' false.
   scoped_refptr<password_manager::TestPasswordStore> password_store =