Add test for showing confirmation dialog for unsecure signin

chrome/browser/ui/webui/signin/inline_login_handler_impl.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/webui/signin/inline_login_handler_impl.h"
 
 #include <string>
 
 #include "base/bind.h"
 #include "base/strings/string_number_conversions.h"
@@ skipping 208 matching lines @@
     return;
 
   // Returns early if this is not a gaia iframe navigation.
   const GURL kGaiaExtOrigin(
       "chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/");
   content::RenderFrameHost* gaia_iframe = InlineLoginUI::GetAuthIframe(
       web_contents(), kGaiaExtOrigin, "signin-frame");
   if (render_frame_host != gaia_iframe)
     return;
 
-  // Loading any untrusted (e.g., HTTP) URLs in the privileged sign-in process

[Charlie Reis, 2014/07/24 18:14:38]

Looks like you're changing the actual fix.  How does that affect what would be
merged to other branches?

[guohui, 2014/07/24 18:31:21]

This CL changes the continue URL (from https://www.google.com/something to
chrome-extension://mfff.../success.html), and the continue URL has to be
excluded from the untrusted-domain-check, thus the logic here needs to be
updated. Security wise, there should be no negative impact, since we just switch
from a blank google web page to a blank chrome local page.

I did the change here, because it prevents issues that Chrome signin flow could
be broken by unexpected URL changes of google servers (see crbug/333869), and
second it is easier to write tests since i dont need to set up a fake server for
google.com.

[Charlie Reis, 2014/07/24 18:47:11]

Works for me, but please leave the explanatory comment in place.

[guohui, 2014/07/24 19:37:18]

Done.

-  // will require confirmation before the sign in takes effect.
-  if (url.spec() != url::kAboutBlankURL &&
-      !gaia::IsGaiaSignonRealm(url.GetOrigin()) &&
-      !signin::IsContinueUrlForWebBasedSigninFlow(url)) {
-    confirm_untrusted_signin_ = true;
+  if (!url.is_empty()) {
+    GURL origin(url.GetOrigin());
+    if (url.spec() != url::kAboutBlankURL &&
+        origin != kGaiaExtOrigin &&
+        !gaia::IsGaiaSignonRealm(origin)) {
+      confirm_untrusted_signin_ = true;
+    }
   }
 }
 
 void InlineLoginHandlerImpl::SetExtraInitParams(base::DictionaryValue& params) {
   params.SetString("service", "chromiumsync");
 
   content::WebContents* contents = web_ui()->GetWebContents();
   const GURL& current_url = contents->GetURL();
   std::string is_constrained;
   net::GetValueForKeyInQuery(current_url, "constrained", &is_constrained);
@@ skipping 178 matching lines @@
       }
     }
 
     if (show_account_management) {
       browser->window()->ShowAvatarBubbleFromAvatarButton(
             BrowserWindow::AVATAR_BUBBLE_MODE_ACCOUNT_MANAGEMENT,
             signin::ManageAccountsParams());
     }
   }
 }