Move Credentials when migrating to HSTS page

components/password_manager/core/browser/http_password_migrator.h

Index: components/password_manager/core/browser/http_password_migrator.h
diff --git a/components/password_manager/core/browser/http_password_migrator.h b/components/password_manager/core/browser/http_password_migrator.h
index 7d9d0963df16164e7b6956c76683221c171329d9..93955b2ec51c22cd7afbdc9ab22ebab5eddcda8c 100644
--- a/components/password_manager/core/browser/http_password_migrator.h
+++ b/components/password_manager/core/browser/http_password_migrator.h
@@ -9,6 +9,7 @@
 #include <vector>
 
 #include "base/macros.h"
+#include "base/threading/thread_checker.h"
 #include "components/password_manager/core/browser/password_store_consumer.h"
 
 namespace autofill {
@@ -19,17 +20,16 @@ class GURL;
 
 namespace password_manager {
 
-class PasswordStore;
+class PasswordManagerClient;
 
 // The class is responsible for migrating the passwords saved on HTTP to HTTPS
-// origin.
+// origin. It automatically determines whether HTTP passwords should be moved or
+// copied depending on the site's HSTS status. If a site has HSTS enabled, the
+// HTTP password is considered obsolete and will be replaced by an HTTPS
+// version. If HSTS is not enabled, some parts of the site might still be served
+// via HTTP, which is why the password is copied in this case.
 class HttpPasswordMigrator : public PasswordStoreConsumer {
  public:
-  enum class MigrationMode {
-    MOVE,  // HTTP credentials are deleted after migration to HTTPS.
-    COPY,  // HTTP credentials are kept after migration to HTTPS.
-  };
-
   // API to be implemented by an embedder of HttpPasswordMigrator.
   class Consumer {
    public:
@@ -43,19 +43,35 @@ class HttpPasswordMigrator : public PasswordStoreConsumer {
 
   // |https_origin| should specify a valid HTTPS URL.
   HttpPasswordMigrator(const GURL& https_origin,
-                       MigrationMode mode,
-                       PasswordStore* password_store,
+                       const PasswordManagerClient* client,
                        Consumer* consumer);
   ~HttpPasswordMigrator() override;
 
   // PasswordStoreConsumer:
   void OnGetPasswordStoreResults(
       std::vector<std::unique_ptr<autofill::PasswordForm>> results) override;
+  void OnHSTSQueryResult(bool is_hsts);

[vasilii, 2017/03/08 13:31:16]

Is it PasswordStoreConsumer?
Why is it public?

[jdoerrie, 2017/03/09 18:35:49]

Not in PasswordStoreConsumer. This is public because we call it in
OnHSTSQueryResultHelper out of the anonymous namespace.

 
  private:
-  const MigrationMode mode_;
+  enum class MigrationMode {
+    MOVE,  // HTTP credentials are deleted after migration to HTTPS.
+    COPY,  // HTTP credentials are kept after migration to HTTPS.
+  };
+
+  void ProcessPasswordStoreResults();
+
+  const PasswordManagerClient* const client_;
   Consumer* consumer_;
-  PasswordStore* password_store_;
+
+  // |ProcessPasswordStoreResults| requires that both |OnHSTSQueryResult| and
+  // |OnGetPasswordStoreResults| have returned. Since this can happen in an
+  // arbitrary order, boolean flags are introduced to indicate completion. Only
+  // if both are set to true |ProcessPasswordStoreResults| gets called.
+  bool got_hsts_query_result_ = false;
+  bool got_password_store_results_ = false;
+  MigrationMode mode_;
+  std::vector<std::unique_ptr<autofill::PasswordForm>> results_;
+  base::ThreadChecker thread_checker_;
 
   DISALLOW_COPY_AND_ASSIGN(HttpPasswordMigrator);
 };