Use an MutationObserver to check when a password form disappears after XHR

components/autofill/content/renderer/password_autofill_agent.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/autofill/content/renderer/password_autofill_agent.h"
 
 #include <stddef.h>
 
 #include <memory>
 #include <string>
@@ skipping 26 matching lines @@
 #include "content/public/renderer/render_view.h"
 #include "services/service_manager/public/cpp/binder_registry.h"
 #include "services/service_manager/public/cpp/interface_provider.h"
 #include "third_party/WebKit/public/platform/WebInputEvent.h"
 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h"
 #include "third_party/WebKit/public/platform/WebVector.h"
 #include "third_party/WebKit/public/web/WebAutofillClient.h"
 #include "third_party/WebKit/public/web/WebDocument.h"
 #include "third_party/WebKit/public/web/WebElement.h"
 #include "third_party/WebKit/public/web/WebFormElement.h"
+#include "third_party/WebKit/public/web/WebFormElementObserverCallback.h"
 #include "third_party/WebKit/public/web/WebLocalFrame.h"
 #include "third_party/WebKit/public/web/WebNode.h"
 #include "third_party/WebKit/public/web/WebUserGestureIndicator.h"
 #include "third_party/WebKit/public/web/WebView.h"
 #include "ui/base/page_transition_types.h"
 #include "ui/events/keycodes/keyboard_codes.h"
 #include "url/gurl.h"
 
 namespace autofill {
 namespace {
@@ skipping 554 matching lines @@
           element.To<blink::WebFormControlElement>();
       if (control.FormControlType() == kPassword)
         return true;
     }
   }
   return false;
 }
 
 }  // namespace
 
+class PasswordAutofillAgent::FormElementObserver
+    : public blink::WebFormElementObserverCallback {
+ public:
+  explicit FormElementObserver(PasswordAutofillAgent* agent) : agent_(agent) {}
+  ~FormElementObserver() override { Detach(); }
+
+  void Detach() {
+    if (agent_) {
+      DCHECK_EQ(agent_->form_element_observer_, this);
+      agent_->form_element_observer_ = nullptr;
+    }
+    agent_ = nullptr;
+  }
+
+  void ElementWasHiddenOrRemoved() override {
+    if (!agent_)
+      return;
+    agent_->OnSameDocumentNavigationCompleted(
+        PasswordForm::SubmissionIndicatorEvent::DOM_MUTATION_AFTER_XHR);
+    // The above call will delete "this".
+  }
+
+ private:
+  PasswordAutofillAgent* agent_;
+
+  DISALLOW_COPY_AND_ASSIGN(FormElementObserver);
+};
+
 ////////////////////////////////////////////////////////////////////////////////
 // PasswordAutofillAgent, public:
 
 PasswordAutofillAgent::PasswordAutofillAgent(content::RenderFrame* render_frame)
     : content::RenderFrameObserver(render_frame),
       logging_state_active_(false),
       was_username_autofilled_(false),
       was_password_autofilled_(false),
       sent_request_to_store_(false),
       checked_safe_browsing_reputation_(false),
-      binding_(this) {
+      binding_(this),
+      form_element_observer_(nullptr) {
   // PasswordAutofillAgent is guaranteed to outlive |render_frame|.
   render_frame->GetInterfaceRegistry()->AddInterface(
       base::Bind(&PasswordAutofillAgent::BindRequest, base::Unretained(this)));
 }
 
 PasswordAutofillAgent::~PasswordAutofillAgent() {
+  if (form_element_observer_)
+    form_element_observer_->Detach();
 }
 
 void PasswordAutofillAgent::BindRequest(
     const service_manager::BindSourceInfo& source_info,
     mojom::PasswordAutofillAgentRequest request) {
   binding_.Bind(std::move(request));
 }
 
 void PasswordAutofillAgent::SetAutofillAgent(AutofillAgent* autofill_agent) {
   autofill_agent_ = autofill_agent;
@@ skipping 377 matching lines @@
 bool PasswordAutofillAgent::OriginCanAccessPasswordManager(
     const blink::WebSecurityOrigin& origin) {
   return origin.CanAccessPasswordManager();
 }
 
 void PasswordAutofillAgent::OnDynamicFormsSeen() {
   SendPasswordForms(false /* only_visible */);
 }
 
 void PasswordAutofillAgent::AJAXSucceeded() {
-  OnSameDocumentNavigationCompleted(false);
+  OnSameDocumentNavigationCompleted(
+      PasswordForm::SubmissionIndicatorEvent::XHR_SUCCEEDED);
 }
 
 void PasswordAutofillAgent::OnSameDocumentNavigationCompleted(
-    bool is_inpage_navigation) {
+    PasswordForm::SubmissionIndicatorEvent event) {
   if (!provisionally_saved_form_.IsPasswordValid())
     return;
 
-  provisionally_saved_form_.SetSubmissionIndicatorEvent(
-      is_inpage_navigation
-          ? PasswordForm::SubmissionIndicatorEvent::SAME_DOCUMENT_NAVIGATION
-          : PasswordForm::SubmissionIndicatorEvent::XHR_SUCCEEDED);
-
   // Prompt to save only if the form is now gone, either invisible or
   // removed from the DOM.
   blink::WebFrame* frame = render_frame()->GetWebFrame();
   const auto& password_form = provisionally_saved_form_.password_form();
   // TODO(crbug.com/720347): This method could be called often and checking form
   // visibility could be expesive. Add performance metrics for this.
-  if (form_util::IsFormVisible(frame, provisionally_saved_form_.form_element(),
-                               password_form.action, password_form.origin,
-                               password_form.form_data) ||
-      (provisionally_saved_form_.form_element().IsNull() &&
-       IsUnownedPasswordFormVisible(
-           frame, provisionally_saved_form_.input_element(),
-           password_form.action, password_form.origin, password_form.form_data,
-           form_predictions_))) {
+  if (event != PasswordForm::SubmissionIndicatorEvent::DOM_MUTATION_AFTER_XHR &&
+      (form_util::IsFormVisible(frame, provisionally_saved_form_.form_element(),
+                                password_form.action, password_form.origin,
+                                password_form.form_data) ||
+       (provisionally_saved_form_.form_element().IsNull() &&
+        IsUnownedPasswordFormVisible(
+            frame, provisionally_saved_form_.input_element(),
+            password_form.action, password_form.origin, password_form.form_data,
+            form_predictions_)))) {
+    if (!form_element_observer_) {
+      std::unique_ptr<FormElementObserver> observer(
+          new FormElementObserver(this));
+      form_element_observer_ = observer.get();
+      if (provisionally_saved_form_.form_element().IsNull()) {
+        provisionally_saved_form_.input_element()
+            .GetDocument()
+            .ObserveFormElement(provisionally_saved_form_.input_element(),
+                                std::move(observer));
+      } else {
+        provisionally_saved_form_.form_element()
+            .GetDocument()
+            .ObserveFormElement(provisionally_saved_form_.form_element(),
+                                std::move(observer));
+      }
+    }
     return;
   }
 
+  provisionally_saved_form_.SetSubmissionIndicatorEvent(event);
   GetPasswordManagerDriver()->InPageNavigation(password_form);
+  if (form_element_observer_)
+    form_element_observer_->Detach();
   provisionally_saved_form_.Reset();
 }
 
 void PasswordAutofillAgent::UserGestureObserved() {
   gatekeeper_.OnUserGesture();
 }
 
 void PasswordAutofillAgent::SendPasswordForms(bool only_visible) {
   std::unique_ptr<RendererSavePasswordProgressLogger> logger;
   if (logging_state_active_) {
@@ skipping 134 matching lines @@
 }
 
 void PasswordAutofillAgent::WillCommitProvisionalLoad() {
   FrameClosing();
 }
 
 void PasswordAutofillAgent::DidCommitProvisionalLoad(
     bool is_new_navigation,
     bool is_same_document_navigation) {
   if (is_same_document_navigation) {
-    OnSameDocumentNavigationCompleted(true);
+    OnSameDocumentNavigationCompleted(
+        PasswordForm::SubmissionIndicatorEvent::SAME_DOCUMENT_NAVIGATION);
   } else {
     checked_safe_browsing_reputation_ = false;
   }
 }
 
 void PasswordAutofillAgent::FrameDetached() {
   // If a sub frame has been destroyed while the user was entering information
   // into a password form, try to save the data. See https://crbug.com/450806
   // for examples of sites that perform login using this technique.
   if (render_frame()->GetWebFrame()->Parent() &&
@@ skipping 61 matching lines @@
       submitted_form->username_value = saved_form.username_value;
       submitted_form->submission_event =
           PasswordForm::SubmissionIndicatorEvent::HTML_FORM_SUBMISSION;
     }
 
     // Some observers depend on sending this information now instead of when
     // the frame starts loading. If there are redirects that cause a new
     // RenderView to be instantiated (such as redirects to the WebStore)
     // we will never get to finish the load.
     GetPasswordManagerDriver()->PasswordFormSubmitted(*submitted_form);
+    if (form_element_observer_)
+      form_element_observer_->Detach();
     provisionally_saved_form_.Reset();
   } else if (logger) {
     logger->LogMessage(Logger::STRING_FORM_IS_NOT_PASSWORD);
   }
 }
 
 void PasswordAutofillAgent::OnDestruct() {
   binding_.Close();
   base::ThreadTaskRunnerHandle::Get()->DeleteSoon(FROM_HERE, this);
 }
@@ skipping 27 matching lines @@
       !blink::WebUserGestureIndicator::IsProcessingUserGesture()) {
     // If onsubmit has been called, try and save that form.
     if (provisionally_saved_form_.IsSet()) {
       if (logger) {
         logger->LogPasswordForm(
             Logger::STRING_PROVISIONALLY_SAVED_FORM_FOR_FRAME,
             provisionally_saved_form_.password_form());
       }
       GetPasswordManagerDriver()->PasswordFormSubmitted(
           provisionally_saved_form_.password_form());
+      if (form_element_observer_)
+        form_element_observer_->Detach();
       provisionally_saved_form_.Reset();
     } else {
       std::vector<std::unique_ptr<PasswordForm>> possible_submitted_forms;
       // Loop through the forms on the page looking for one that has been
       // filled out. If one exists, try and save the credentials.
       blink::WebVector<blink::WebFormElement> forms;
       render_frame()->GetWebFrame()->GetDocument().Forms(forms);
 
       bool password_forms_found = false;
       for (size_t i = 0; i < forms.size(); ++i) {
@@ skipping 263 matching lines @@
       render_frame()->GetRenderView()->ElementBoundsInWindow(user_input));
   username_query_prefix_ = username_string;
   return CanShowSuggestion(password_info.fill_data, username_string, show_all);
 }
 
 void PasswordAutofillAgent::FrameClosing() {
   for (auto const& iter : web_input_to_password_info_) {
     password_to_username_.erase(iter.second.password_field);
   }
   web_input_to_password_info_.clear();
+  if (form_element_observer_)
+    form_element_observer_->Detach();
   provisionally_saved_form_.Reset();
   field_value_and_properties_map_.clear();
   sent_request_to_store_ = false;
   checked_safe_browsing_reputation_ = false;
 }
 
 void PasswordAutofillAgent::ClearPreview(
     blink::WebInputElement* username,
     blink::WebInputElement* password) {
   if (!username->IsNull() && !username->SuggestedValue().IsEmpty()) {
@@ skipping 31 matching lines @@
 PasswordAutofillAgent::GetPasswordManagerDriver() {
   if (!password_manager_driver_) {
     render_frame()->GetRemoteInterfaces()->GetInterface(
         mojo::MakeRequest(&password_manager_driver_));
   }
 
   return password_manager_driver_;
 }
 
 }  // namespace autofill