Password autofill should not override explicitly typed password

components/autofill/content/renderer/password_autofill_agent.h

Index: components/autofill/content/renderer/password_autofill_agent.h
diff --git a/components/autofill/content/renderer/password_autofill_agent.h b/components/autofill/content/renderer/password_autofill_agent.h
index b5fc205a04f729538bef11bfaf94368f76ee5078..d90791978d020942426fb98871a6486189359c59 100644
--- a/components/autofill/content/renderer/password_autofill_agent.h
+++ b/components/autofill/content/renderer/password_autofill_agent.h
@@ -94,15 +94,23 @@ class PasswordAutofillAgent : public content::RenderViewObserver {
     blink::WebInputElement password_field;
     PasswordFormFillData fill_data;
     bool backspace_pressed_last;
-    PasswordInfo() : backspace_pressed_last(false) {}
+    // "Wait for username change" before overwriting the password value -- if
+    // set to true, this flag means that after selecting a username for password
+    // autofill, the user overwrote the autofileld password. The agent should
+    // not restore it back to the autofilled password, so it holds on with
+    // changing the password value until the flag is reset. The flag is reset
+    // when the user chooses another username for autofill.
+    bool wait_for_username_change;

[engedy, 2014/08/06 10:18:17]

To be consistent with |backspace_pressed_last|, I would name this flag from the
"what happened" side and say |password_was_edited_last|.

I would also shorten the comment like:

  // The most recent <<insert antonym for NOOP her>> interaction with the form
was the user manually editing the password value.

[vabr (Chromium), 2014/08/25 14:53:29]

Done.
That's not entirely true if the form has more editable fields than the username
and password. So I reformulated your suggestion a little.

+    PasswordInfo();
   };
   typedef std::map<blink::WebElement, PasswordInfo> LoginToPasswordInfoMap;
+  typedef std::map<blink::WebElement, blink::WebElement> PasswordToLoginMap;
   typedef std::map<blink::WebFrame*,
                    linked_ptr<PasswordForm> > FrameToPasswordFormMap;
 
-  // This class holds a vector of autofilled password input elements and makes
-  // sure the autofilled password value is not accessible to JavaScript code
-  // until the user interacts with the page.
+  // This class keeps track of autofilled password input elements and makes sure
+  // the autofilled password value is not accessible to JavaScript code until
+  // the user interacts with the page.
   class PasswordValueGatekeeper {
    public:
     PasswordValueGatekeeper();
@@ -190,7 +198,7 @@ class PasswordAutofillAgent : public content::RenderViewObserver {
   // Finds login information for a |node| that was previously filled.
   bool FindLoginInfo(const blink::WebNode& node,
                      blink::WebInputElement* found_input,
-                     PasswordInfo* found_password);
+                     PasswordInfo** found_password);
 
   // Clears the preview for the username and password fields, restoring both to
   // their previous filled state.
@@ -210,6 +218,10 @@ class PasswordAutofillAgent : public content::RenderViewObserver {
 
   // The logins we have filled so far with their associated info.
   LoginToPasswordInfoMap login_to_password_info_;
+  // Maps password elements to the corresponding username elements, good for

[engedy, 2014/08/06 10:18:17]

nit: I would personally also consider shortening or dropping this comment.

[vabr (Chromium), 2014/08/25 14:53:29]

Done.

+  // looking up PasswordInfo associated with a password element in
+  // |login_to_password_info_|.
+  PasswordToLoginMap password_to_username_;
 
   // Used for UMA stats.
   OtherPossibleUsernamesUsage usernames_usage_;