Restrict CM API interface request and message dispatch.

chrome/browser/password_manager/credential_manager_browsertest.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/macros.h"
 #include "base/stl_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/browser/password_manager/password_manager_test_base.h"
 #include "chrome/browser/password_manager/password_store_factory.h"
 #include "chrome/browser/profiles/profile.h"
@@ skipping 227 matching lines @@
   NavigationObserver observer(WebContents());
   observer.SetPathToWaitFor("/password/done.html");
   observer.Wait();
 
   BubbleObserver prompt_observer(WebContents());
   // The autofill password manager shouldn't react to the successful login
   // because it was suppressed when the site got the credential back.
   EXPECT_FALSE(prompt_observer.IsShowingSavePrompt());
 }
 
+// Regression test for https://crbug.com/736357.
+IN_PROC_BROWSER_TEST_F(CredentialManagerBrowserTest, StoreRace) {
+  GURL example_url =
+      https_test_server().GetURL("www.example.com", "/password/other.html");
+  GURL evil_url =
+      https_test_server().GetURL("www.evil.com", "/password/other.html");
+
+  // Got to `www.example.com` and start spamming credentials.store().
+  ui_test_utils::NavigateToURL(browser(), example_url);
+  ASSERT_TRUE(content::ExecuteScript(
+      RenderViewHost(),
+      "window.setTimeout(() => {"
+      "  for(;;) {"
+      "    var c = new PasswordCredential({ id: 'user', password: 'hunter2' });"
+      "    navigator.credentials.store(c);"
+      "  }"
+      "}, 0);"));
+
+  // Navigate cross-domain to `www.evil.com`.
+  ui_test_utils::NavigateToURL(browser(), evil_url);
+  WaitForPasswordStore();

[vasilii, 2017/06/23 18:58:28]

It's excessive.

[engedy, 2017/06/28 16:26:58]

Reworked tests, N/A anymore.

+
+  // The Mojo pipe where the flood is coming from should be cut when the
+  // cross-origin navigation is committed, so that the last credetials.store()
+  // request process is still associated with `example.com`.
+  BubbleObserver prompt_observer(WebContents());
+  prompt_observer.WaitForSavePrompt();
+  ASSERT_TRUE(prompt_observer.IsShowingSavePrompt());
+  prompt_observer.AcceptSavePrompt();
+
+  WaitForPasswordStore();
+  password_manager::TestPasswordStore::PasswordMap stored =
+      static_cast<password_manager::TestPasswordStore*>(
+          PasswordStoreFactory::GetForProfile(
+              browser()->profile(), ServiceAccessType::IMPLICIT_ACCESS)
+              .get())
+          ->stored_passwords();
+  ASSERT_EQ(1u, stored.size());
+  autofill::PasswordForm signin_form = stored.begin()->second[0];
+  EXPECT_EQ(base::ASCIIToUTF16("user"), signin_form.username_value);
+  EXPECT_EQ(base::ASCIIToUTF16("hunter2"), signin_form.password_value);
+  EXPECT_EQ(example_url.host(), signin_form.origin.host());

[vasilii, 2017/06/23 18:58:28]

Do I understand right that this condition is flaky without the fix?

[engedy, 2017/06/28 16:26:58]

Reworked tests -- they are not flaky anymore in any scenario (be it
pass/failure, with/without the fix).

+}
+
 IN_PROC_BROWSER_TEST_F(CredentialManagerBrowserTest, SaveViaAPIAndAutofill) {
   NavigateToFile("/password/password_form.html");
 
   ASSERT_TRUE(content::ExecuteScript(
       RenderViewHost(),
       "document.getElementById('input_submit_button').addEventListener('click',"
       "function(event) {"
         "var c = new PasswordCredential({ id: 'user', password: 'API' });"
         "navigator.credentials.store(c);"
       "});"));
@@ skipping 91 matching lines @@
 
   // Reload the page and make sure it's autofilled.
   NavigateToFile("/password/password_form.html");
   WaitForElementValue("username_field", "user");
   content::SimulateMouseClickAt(
       WebContents(), 0, blink::WebMouseEvent::Button::kLeft, gfx::Point(1, 1));
   WaitForElementValue("password_field", "12345");
 }
 
 }  // namespace