chrome/browser/password_manager/chrome_password_manager_client.cc - Issue 2947413002: Restrict CM API interface request and message dispatch.

Unified Diff: chrome/browser/password_manager/chrome_password_manager_client.cc

Issue 2947413002: Restrict CM API interface request and message dispatch. (Closed)

Patch Set: With fix. Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « chrome/browser/password_manager/chrome_password_manager_client.h ('k') | chrome/browser/password_manager/credential_manager_browsertest.cc » ('j') | chrome/browser/password_manager/credential_manager_browsertest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/password_manager/chrome_password_manager_client.cc

diff --git a/chrome/browser/password_manager/chrome_password_manager_client.cc b/chrome/browser/password_manager/chrome_password_manager_client.cc

index b85147dd480d01941d6b859ea38b71b67b70e1e1..eba25146a91f8a537bdd996950137f9c24a3ab38 100644

--- a/chrome/browser/password_manager/chrome_password_manager_client.cc

+++ b/chrome/browser/password_manager/chrome_password_manager_client.cc

@@ -436,13 +436,19 @@ void ChromePasswordManagerClient::CheckProtectedPasswordEntry(

}

#endif

-// TODO(crbug.com/706392): Fix password reuse detection for Android.

-#if !defined(OS_ANDROID)

void ChromePasswordManagerClient::DidFinishNavigation(

content::NavigationHandle* navigation_handle) {

if (!navigation_handle->IsInMainFrame() || !navigation_handle->HasCommitted())

return;

+ // From this point on, the CredentialManagerImpl will service API calls in the

+ // context of the new WebContents::GetLastCommittedURL, which may very well be

+ // cross-origin. Disconnect existing client, and drop pending requests.

+ if (!navigation_handle->IsSameDocument())

+ credential_manager_impl_.DisconnectBinding();

+// TODO(crbug.com/706392): Fix password reuse detection for Android.

+#if !defined(OS_ANDROID)

password_reuse_detection_manager_.DidNavigateMainFrame(GetMainFrameURL());

// After some navigations RenderViewHost persists and just adding the observer

// will cause multiple call of OnInputEvent. Since Widget API doesn't allow to

@@ -451,8 +457,10 @@ void ChromePasswordManagerClient::DidFinishNavigation(

web_contents()->GetRenderViewHost()->GetWidget()->RemoveInputEventObserver(

this);

web_contents()->GetRenderViewHost()->GetWidget()->AddInputEventObserver(this);

+#endif

}

+#if !defined(OS_ANDROID)

void ChromePasswordManagerClient::OnInputEvent(

const blink::WebInputEvent& event) {

if (event.GetType() != blink::WebInputEvent::kChar)

@@ -704,6 +712,11 @@ void ChromePasswordManagerClient::BindCredentialManager(

content::WebContents::FromRenderFrameHost(render_frame_host);

DCHECK(web_contents);

+ // Only valid for the currently committed RenderFrameHost, and not, e.g. old

+ // zombie RFH's being swapped out following cross-origin navigations.

+ if (web_contents->GetMainFrame() != render_frame_host)

vasilii 2017/06/23 18:58:28 I don't mind this check to be on the safe side. Ou

engedy 2017/06/28 16:26:58 I have added browser tests to exercise this scenar

+ return;

ChromePasswordManagerClient* instance =

ChromePasswordManagerClient::FromWebContents(web_contents);