Trigger protected password entry request on password reuse event.

components/safe_browsing/password_protection/password_protection_service_unittest.cc

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 #include "components/safe_browsing/password_protection/password_protection_service.h"
 
 #include "base/memory/ptr_util.h"
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/test/histogram_tester.h"
 #include "base/test/null_task_runner.h"
 #include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "components/safe_browsing/password_protection/password_protection_request.h"
 #include "components/safe_browsing_db/test_database_manager.h"
 #include "components/sync_preferences/testing_pref_service_syncable.h"
 #include "content/public/test/test_browser_thread_bundle.h"
 #include "net/url_request/test_url_fetcher_factory.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace {
 
-const char kPasswordReuseMatchWhitelistHistogramName[] =
-    "PasswordManager.PasswordReuse.MainFrameMatchCsdWhitelist";
-const char kWhitelistedUrl[] = "http://inwhitelist.com";
-const char kNoneWhitelistedUrl[] = "http://notinwhitelist.com";
-const char kTargetUrl[] = "http://foo.com";
+const char kFormActionUrl[] = "https://form_action.com/";
+const char kPasswordFrameUrl[] = "https://password_frame.com/";
+const char kSavedDomain[] = "saved_domain.com";
+const char kTargetUrl[] = "http://foo.com/";
 const char kVerdictHistogramName[] =
     "PasswordProtection.Verdict.PasswordFieldOnFocus";
 
 }  // namespace
 
 namespace safe_browsing {
 
 class MockSafeBrowsingDatabaseManager : public TestSafeBrowsingDatabaseManager {
  public:
   MockSafeBrowsingDatabaseManager() {}
@@ skipping 29 matching lines @@
  public:
   TestPasswordProtectionService(
       const scoped_refptr<SafeBrowsingDatabaseManager>& database_manager,
       scoped_refptr<net::URLRequestContextGetter> request_context_getter,
       scoped_refptr<HostContentSettingsMap> content_setting_map)
       : PasswordProtectionService(database_manager,
                                   request_context_getter,
                                   nullptr,
                                   content_setting_map.get()),
         is_extended_reporting_(true),
-        is_incognito_(false) {}
+        is_incognito_(false),
+        latest_request_(nullptr) {}
 
   void RequestFinished(
       PasswordProtectionRequest* request,
       std::unique_ptr<LoginReputationClientResponse> response) override {
+    latest_request_ = request;
     latest_response_ = std::move(response);
   }
 
   // Since referrer chain logic has been thoroughly tested in
   // SBNavigationObserverBrowserTest class, we intentionally leave this function
   // as a no-op here.
   void FillReferrerChain(const GURL& event_url,
                          int event_tab_id,
                          LoginReputationClientRequest::Frame* frame) override {}
 
@@ skipping 15 matching lines @@
   bool IsHistorySyncEnabled() override { return false; }
 
   LoginReputationClientResponse* latest_response() {
     return latest_response_.get();
   }
 
   ~TestPasswordProtectionService() override {}
 
   size_t GetPendingRequestsCount() { return requests_.size(); }
 
+  LoginReputationClientRequest* GetLatestRequestProto() {
+    return latest_request_ ? latest_request_->request_proto() : nullptr;
+  }
+
  private:
   bool is_extended_reporting_;
   bool is_incognito_;
+  PasswordProtectionRequest* latest_request_;
   std::unique_ptr<LoginReputationClientResponse> latest_response_;
   DISALLOW_COPY_AND_ASSIGN(TestPasswordProtectionService);
 };
 
 class PasswordProtectionServiceTest : public testing::Test {
  public:
   PasswordProtectionServiceTest(){};
 
   LoginReputationClientResponse CreateVerdictProto(
       LoginReputationClientResponse::VerdictType verdict,
@@ skipping 15 matching lines @@
     dummy_request_context_getter_ = new DummyURLRequestContextGetter();
     password_protection_service_ =
         base::MakeUnique<TestPasswordProtectionService>(
             database_manager_, dummy_request_context_getter_,
             content_setting_map_);
   }
 
   void TearDown() override { content_setting_map_->ShutdownOnUIThread(); }
 
   // Sets up |database_manager_| and |requests_| as needed.
-  void InitializeAndStartRequest(bool match_whitelist, int timeout_in_ms) {
+  void InitializeAndStartPasswordOnFocusRequest(bool match_whitelist,
+                                                int timeout_in_ms) {
     GURL target_url(kTargetUrl);
     EXPECT_CALL(*database_manager_.get(), MatchCsdWhitelistUrl(target_url))
         .WillRepeatedly(testing::Return(match_whitelist));
 
     request_ = new PasswordProtectionRequest(
-        target_url, GURL(), GURL(),
-        LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE,
+        target_url, GURL(kFormActionUrl), GURL(kPasswordFrameUrl),
+        std::string(), LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE,
         password_protection_service_.get(), timeout_in_ms);
     request_->Start();
   }
+
+  void InitializeAndStartPasswordEntryRequest(bool match_whitelist,
+                                              int timeout_in_ms) {
+    GURL target_url(kTargetUrl);
+    EXPECT_CALL(*database_manager_.get(), MatchCsdWhitelistUrl(target_url))
+        .WillRepeatedly(testing::Return(match_whitelist));
+
+    request_ = new PasswordProtectionRequest(
+        target_url, GURL(), GURL(), std::string(kSavedDomain),
+        LoginReputationClientRequest::PASSWORD_REUSE_EVENT,
+        password_protection_service_.get(), timeout_in_ms);
+    request_->Start();
+  }
 
   bool PathVariantsMatchCacheExpression(const GURL& url,
                                         const std::string& cache_expression) {
     std::vector<std::string> paths;
     PasswordProtectionService::GeneratePathVariantsWithoutQuery(url, &paths);
     return PasswordProtectionService::PathVariantsMatchCacheExpression(
         paths,
         PasswordProtectionService::GetCacheExpressionPath(cache_expression));
   }
 
@@ skipping 18 matching lines @@
   content::TestBrowserThreadBundle thread_bundle_;
   scoped_refptr<MockSafeBrowsingDatabaseManager> database_manager_;
   sync_preferences::TestingPrefServiceSyncable test_pref_service_;
   scoped_refptr<HostContentSettingsMap> content_setting_map_;
   scoped_refptr<DummyURLRequestContextGetter> dummy_request_context_getter_;
   std::unique_ptr<TestPasswordProtectionService> password_protection_service_;
   scoped_refptr<PasswordProtectionRequest> request_;
   base::HistogramTester histograms_;
 };
 
-TEST_F(PasswordProtectionServiceTest,
-       TestPasswordReuseMatchWhitelistHistogram) {
-  const GURL whitelisted_url(kWhitelistedUrl);
-  const GURL not_whitelisted_url(kNoneWhitelistedUrl);
-  EXPECT_CALL(*database_manager_.get(), MatchCsdWhitelistUrl(whitelisted_url))
-      .WillOnce(testing::Return(true));
-  EXPECT_CALL(*database_manager_.get(),
-              MatchCsdWhitelistUrl(not_whitelisted_url))
-      .WillOnce(testing::Return(false));
-  histograms_.ExpectTotalCount(kPasswordReuseMatchWhitelistHistogramName, 0);
-
-  // Empty url should increase "True" bucket by 1.
-  password_protection_service_->RecordPasswordReuse(GURL());
-  base::RunLoop().RunUntilIdle();
-  EXPECT_THAT(
-      histograms_.GetAllSamples(kPasswordReuseMatchWhitelistHistogramName),
-      testing::ElementsAre(base::Bucket(1, 1)));
-
-  // Whitelisted url should increase "True" bucket by 1.
-  password_protection_service_->RecordPasswordReuse(whitelisted_url);
-  base::RunLoop().RunUntilIdle();
-  EXPECT_THAT(
-      histograms_.GetAllSamples(kPasswordReuseMatchWhitelistHistogramName),
-      testing::ElementsAre(base::Bucket(1, 2)));
-
-  // Non-whitelisted url should increase "False" bucket by 1.
-  password_protection_service_->RecordPasswordReuse(not_whitelisted_url);
-  base::RunLoop().RunUntilIdle();
-  EXPECT_THAT(
-      histograms_.GetAllSamples(kPasswordReuseMatchWhitelistHistogramName),
-      testing::ElementsAre(base::Bucket(0, 1), base::Bucket(1, 2)));
-}
-
 TEST_F(PasswordProtectionServiceTest, TestParseInvalidVerdictEntry) {
   std::unique_ptr<base::DictionaryValue> invalid_verdict_entry =
       base::MakeUnique<base::DictionaryValue>();
   invalid_verdict_entry->SetString("cache_creation_time", "invalid_time");
 
   int cache_creation_time;
   LoginReputationClientResponse response;
   // ParseVerdictEntry fails if input is empty.
   EXPECT_FALSE(PasswordProtectionService::ParseVerdictEntry(
       nullptr, &cache_creation_time, &response));
@@ skipping 181 matching lines @@
 
   // If main frame url is ftp, don't create request.
   password_protection_service_->MaybeStartPasswordFieldOnFocusRequest(
       GURL("ftp://foo.com:21"), GURL("http://foo.com/submit"),
       GURL("http://foo.com/frame"));
   EXPECT_EQ(0u, password_protection_service_->GetPendingRequestsCount());
 }
 
 TEST_F(PasswordProtectionServiceTest, TestNoRequestSentForWhitelistedURL) {
   histograms_.ExpectTotalCount(kPasswordOnFocusRequestOutcomeHistogramName, 0);
-  InitializeAndStartRequest(true /* match whitelist */,
-                            10000 /* timeout in ms*/);
+  InitializeAndStartPasswordOnFocusRequest(true /* match whitelist */,
+                                           10000 /* timeout in ms*/);
   base::RunLoop().RunUntilIdle();
   EXPECT_EQ(nullptr, password_protection_service_->latest_response());
   EXPECT_THAT(
       histograms_.GetAllSamples(kPasswordOnFocusRequestOutcomeHistogramName),
       testing::ElementsAre(base::Bucket(4 /* MATCHED_WHITELIST */, 1)));
 }
 
 TEST_F(PasswordProtectionServiceTest, TestNoRequestSentIfVerdictAlreadyCached) {
   histograms_.ExpectTotalCount(kPasswordOnFocusRequestOutcomeHistogramName, 0);
   CacheVerdict(GURL(kTargetUrl), LoginReputationClientResponse::LOW_REPUTATION,
                600, GURL(kTargetUrl).host(), base::Time::Now());
-  InitializeAndStartRequest(false /* match whitelist */,
-                            10000 /* timeout in ms*/);
+  InitializeAndStartPasswordOnFocusRequest(false /* match whitelist */,
+                                           10000 /* timeout in ms*/);
   base::RunLoop().RunUntilIdle();
   EXPECT_THAT(
       histograms_.GetAllSamples(kPasswordOnFocusRequestOutcomeHistogramName),
       testing::ElementsAre(base::Bucket(5 /* RESPONSE_ALREADY_CACHED */, 1)));
   EXPECT_EQ(LoginReputationClientResponse::LOW_REPUTATION,
             password_protection_service_->latest_response()->verdict_type());
 }
 
 TEST_F(PasswordProtectionServiceTest, TestResponseFetchFailed) {
   histograms_.ExpectTotalCount(kPasswordOnFocusRequestOutcomeHistogramName, 0);
   net::TestURLFetcher failed_fetcher(0, GURL("http://bar.com"), nullptr);
   // Set up failed response.
   failed_fetcher.set_status(
       net::URLRequestStatus(net::URLRequestStatus::FAILED, net::ERR_FAILED));
 
-  InitializeAndStartRequest(false /* match whitelist */,
-                            10000 /* timeout in ms*/);
+  InitializeAndStartPasswordOnFocusRequest(false /* match whitelist */,
+                                           10000 /* timeout in ms*/);
   request_->OnURLFetchComplete(&failed_fetcher);
   base::RunLoop().RunUntilIdle();
   EXPECT_EQ(nullptr, password_protection_service_->latest_response());
   EXPECT_THAT(
       histograms_.GetAllSamples(kPasswordOnFocusRequestOutcomeHistogramName),
       testing::ElementsAre(base::Bucket(9 /* FETCH_FAILED */, 1)));
 }
 
 TEST_F(PasswordProtectionServiceTest, TestMalformedResponse) {
   histograms_.ExpectTotalCount(kPasswordOnFocusRequestOutcomeHistogramName, 0);
   // Set up malformed response.
   net::TestURLFetcher fetcher(0, GURL("http://bar.com"), nullptr);
   fetcher.set_status(
       net::URLRequestStatus(net::URLRequestStatus::SUCCESS, net::OK));
   fetcher.set_response_code(200);
   fetcher.SetResponseString("invalid response");
 
-  InitializeAndStartRequest(false /* match whitelist */,
-                            10000 /* timeout in ms*/);
+  InitializeAndStartPasswordOnFocusRequest(false /* match whitelist */,
+                                           10000 /* timeout in ms*/);
   request_->OnURLFetchComplete(&fetcher);
   base::RunLoop().RunUntilIdle();
   EXPECT_EQ(nullptr, password_protection_service_->latest_response());
   EXPECT_THAT(
       histograms_.GetAllSamples(kPasswordOnFocusRequestOutcomeHistogramName),
       testing::ElementsAre(base::Bucket(10 /* RESPONSE_MALFORMED */, 1)));
 }
 
 TEST_F(PasswordProtectionServiceTest, TestRequestTimedout) {
   histograms_.ExpectTotalCount(kPasswordOnFocusRequestOutcomeHistogramName, 0);
-  InitializeAndStartRequest(false /* match whitelist */,
-                            0 /* timeout immediately */);
+  InitializeAndStartPasswordOnFocusRequest(false /* match whitelist */,
+                                           0 /* timeout immediately */);
   base::RunLoop().RunUntilIdle();
   EXPECT_EQ(nullptr, password_protection_service_->latest_response());
   EXPECT_THAT(
       histograms_.GetAllSamples(kPasswordOnFocusRequestOutcomeHistogramName),
       testing::ElementsAre(base::Bucket(3 /* TIMEDOUT */, 1)));
 }
 
 TEST_F(PasswordProtectionServiceTest, TestRequestAndResponseSuccessfull) {
   histograms_.ExpectTotalCount(kPasswordOnFocusRequestOutcomeHistogramName, 0);
   // Set up valid response.
   net::TestURLFetcher fetcher(0, GURL("http://bar.com"), nullptr);
   fetcher.set_status(
       net::URLRequestStatus(net::URLRequestStatus::SUCCESS, net::OK));
   fetcher.set_response_code(200);
   LoginReputationClientResponse expected_response = CreateVerdictProto(
       LoginReputationClientResponse::PHISHING, 600, GURL(kTargetUrl).host());
   fetcher.SetResponseString(expected_response.SerializeAsString());
 
-  InitializeAndStartRequest(false /* match whitelist */,
-                            10000 /* timeout in ms*/);
+  InitializeAndStartPasswordOnFocusRequest(false /* match whitelist */,
+                                           10000 /* timeout in ms*/);
   request_->OnURLFetchComplete(&fetcher);
   base::RunLoop().RunUntilIdle();
   EXPECT_THAT(
       histograms_.GetAllSamples(kPasswordOnFocusRequestOutcomeHistogramName),
       testing::ElementsAre(base::Bucket(1 /* SUCCEEDED */, 1)));
   EXPECT_THAT(histograms_.GetAllSamples(kVerdictHistogramName),
               testing::ElementsAre(base::Bucket(3 /* PHISHING */, 1)));
   LoginReputationClientResponse* actual_response =
       password_protection_service_->latest_response();
   EXPECT_EQ(expected_response.verdict_type(), actual_response->verdict_type());
   EXPECT_EQ(expected_response.cache_expression(),
             actual_response->cache_expression());
   EXPECT_EQ(expected_response.cache_duration_sec(),
             actual_response->cache_duration_sec());
 }
 
 TEST_F(PasswordProtectionServiceTest, TestTearDownWithPendingRequests) {
   histograms_.ExpectTotalCount(kPasswordOnFocusRequestOutcomeHistogramName, 0);
   GURL target_url(kTargetUrl);
   EXPECT_CALL(*database_manager_.get(), MatchCsdWhitelistUrl(target_url))
       .WillRepeatedly(testing::Return(false));
   password_protection_service_->StartRequest(
       target_url, GURL("http://foo.com/submit"), GURL("http://foo.com/frame"),
-      LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE);
+      std::string(), LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE);
 
   // Destroy password_protection_service_ while there is one request pending.
   password_protection_service_.reset();
   base::RunLoop().RunUntilIdle();
 
   EXPECT_THAT(
       histograms_.GetAllSamples(kPasswordOnFocusRequestOutcomeHistogramName),
       testing::ElementsAre(base::Bucket(2 /* CANCELED */, 1)));
 }
 
@@ skipping 28 matching lines @@
   // No cached verdict for foo.com/def.
   EXPECT_EQ(LoginReputationClientResponse::VERDICT_TYPE_UNSPECIFIED,
             password_protection_service_->GetCachedVerdict(
                 GURL("https://foo.com/def/index.jsp"), &actual_verdict));
   // Nothing in content setting for bar.com.
   EXPECT_EQ(nullptr, content_setting_map_->GetWebsiteSetting(
                          GURL("https://bar.com"), GURL(),
                          CONTENT_SETTINGS_TYPE_PASSWORD_PROTECTION,
                          std::string(), nullptr));
 }
+
+TEST_F(PasswordProtectionServiceTest, VerifyPasswordOnFocusRequestProto) {
+  // Set up valid response.
+  net::TestURLFetcher fetcher(0, GURL("http://bar.com"), nullptr);
+  fetcher.set_status(
+      net::URLRequestStatus(net::URLRequestStatus::SUCCESS, net::OK));
+  fetcher.set_response_code(200);
+  LoginReputationClientResponse expected_response = CreateVerdictProto(
+      LoginReputationClientResponse::PHISHING, 600, GURL(kTargetUrl).host());
+  fetcher.SetResponseString(expected_response.SerializeAsString());
+
+  InitializeAndStartPasswordOnFocusRequest(false /* match whitelist */,
+                                           100000 /* timeout in ms*/);
+  base::RunLoop().RunUntilIdle();
+  request_->OnURLFetchComplete(&fetcher);
+  base::RunLoop().RunUntilIdle();
+
+  LoginReputationClientRequest* actual_request =
+      password_protection_service_->GetLatestRequestProto();
+  EXPECT_EQ(kTargetUrl, actual_request->page_url());
+  EXPECT_EQ(LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE,
+            actual_request->trigger_type());
+  ASSERT_EQ(2, actual_request->frames_size());
+  EXPECT_EQ(kTargetUrl, actual_request->frames(0).url());
+  EXPECT_EQ(kPasswordFrameUrl, actual_request->frames(1).url());
+  EXPECT_EQ(true, actual_request->frames(1).has_password_field());
+  ASSERT_EQ(1, actual_request->frames(1).forms_size());
+  EXPECT_EQ(kFormActionUrl, actual_request->frames(1).forms(0).action_url());
+}
+
+TEST_F(PasswordProtectionServiceTest,
+       VerifyProtectedPasswordEntryRequestProto) {
+  // Set up valid response.
+  net::TestURLFetcher fetcher(0, GURL("http://bar.com"), nullptr);
+  fetcher.set_status(
+      net::URLRequestStatus(net::URLRequestStatus::SUCCESS, net::OK));
+  fetcher.set_response_code(200);
+  LoginReputationClientResponse expected_response = CreateVerdictProto(
+      LoginReputationClientResponse::PHISHING, 600, GURL(kTargetUrl).host());
+  fetcher.SetResponseString(expected_response.SerializeAsString());
+  InitializeAndStartPasswordEntryRequest(false /* match whitelist */,
+                                         100000 /* timeout in ms*/);
+  base::RunLoop().RunUntilIdle();
+  request_->OnURLFetchComplete(&fetcher);
+  base::RunLoop().RunUntilIdle();
+
+  LoginReputationClientRequest* actual_request =
+      password_protection_service_->GetLatestRequestProto();
+  EXPECT_EQ(kTargetUrl, actual_request->page_url());
+  EXPECT_EQ(LoginReputationClientRequest::PASSWORD_REUSE_EVENT,
+            actual_request->trigger_type());
+  EXPECT_EQ(1, actual_request->frames_size());
+  EXPECT_EQ(kTargetUrl, actual_request->frames(0).url());
+  ASSERT_TRUE(actual_request->has_password_reuse_event());
+  ASSERT_EQ(1, actual_request->password_reuse_event()
+                   .password_reused_original_origins_size());
+  EXPECT_EQ(kSavedDomain, actual_request->password_reuse_event()
+                              .password_reused_original_origins(0));
+}
+
 }  // namespace safe_browsing