[Password Manager] Setup experiment to restrict autofilling of sync credential

chrome/browser/password_manager/chrome_password_manager_client.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/password_manager/chrome_password_manager_client.h"
 
 #include "base/bind_helpers.h"
 #include "base/command_line.h"
 #include "base/memory/singleton.h"
 #include "base/metrics/histogram.h"
+#include "base/strings/utf_string_conversions.h"
 #include "chrome/browser/password_manager/password_manager_util.h"
 #include "chrome/browser/password_manager/password_store_factory.h"
 #include "chrome/browser/password_manager/save_password_infobar_delegate.h"
 #include "chrome/browser/password_manager/sync_metrics.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/browser/sync/profile_sync_service_factory.h"
 #include "chrome/browser/ui/autofill/password_generation_popup_controller_impl.h"
 #include "chrome/browser/ui/passwords/manage_passwords_ui_controller.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/chrome_version_info.h"
 #include "chrome/common/url_constants.h"
 #include "components/autofill/content/common/autofill_messages.h"
 #include "components/autofill/core/browser/password_generator.h"
 #include "components/autofill/core/common/password_form.h"
 #include "components/password_manager/content/browser/password_manager_internals_service_factory.h"
 #include "components/password_manager/core/browser/log_receiver.h"
 #include "components/password_manager/core/browser/password_form_manager.h"
 #include "components/password_manager/core/browser/password_manager.h"
 #include "components/password_manager/core/browser/password_manager_internals_service.h"
 #include "components/password_manager/core/browser/password_manager_metrics_util.h"
 #include "components/password_manager/core/common/password_manager_switches.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/web_contents.h"
+#include "google_apis/gaia/gaia_urls.h"
+#include "net/base/url_util.h"
 
 #if defined(OS_ANDROID)
 #include "chrome/browser/android/password_authentication_manager.h"
 #endif  // OS_ANDROID
 
 using password_manager::PasswordManagerInternalsService;
 using password_manager::PasswordManagerInternalsServiceFactory;
 
+namespace pm_switches = password_manager::switches;

[Ilya Sherman, 2014/08/13 20:48:14]

nit: Please don't use acronyms or abbreviations when naming code.  Either use
the full namespace name, or just alias it 'switches' or something.

[Garrett Casto, 2014/08/13 23:12:54]

Changed to switches. I don't normally do this, but in this case it made fitting
under 80 chars quite difficult.

+
 DEFINE_WEB_CONTENTS_USER_DATA_KEY(ChromePasswordManagerClient);
 
 // static
 void ChromePasswordManagerClient::CreateForWebContentsWithAutofillClient(
     content::WebContents* contents,
     autofill::AutofillClient* autofill_client) {
   if (FromWebContents(contents))
     return;
 
   contents->SetUserData(
       UserDataKey(),
       new ChromePasswordManagerClient(contents, autofill_client));
 }
 
 ChromePasswordManagerClient::ChromePasswordManagerClient(
     content::WebContents* web_contents,
     autofill::AutofillClient* autofill_client)
     : content::WebContentsObserver(web_contents),
       profile_(Profile::FromBrowserContext(web_contents->GetBrowserContext())),
       driver_(web_contents, this, autofill_client),
       observer_(NULL),
       weak_factory_(this),
-      can_use_log_router_(false) {
+      can_use_log_router_(false),
+      autofill_sync_state_(ALLOW_SYNC_CREDENTIALS) {
   PasswordManagerInternalsService* service =
       PasswordManagerInternalsServiceFactory::GetForBrowserContext(profile_);
   if (service)
     can_use_log_router_ = service->RegisterClient(this);
+  SetUpAutofillSyncState();
 }
 
 ChromePasswordManagerClient::~ChromePasswordManagerClient() {
   PasswordManagerInternalsService* service =
       PasswordManagerInternalsServiceFactory::GetForBrowserContext(profile_);
   if (service)
     service->UnregisterClient(this);
 }
 
 bool ChromePasswordManagerClient::IsAutomaticPasswordSavingEnabled() const {
   return CommandLine::ForCurrentProcess()->HasSwitch(
-             password_manager::switches::kEnableAutomaticPasswordSaving) &&
+             pm_switches::kEnableAutomaticPasswordSaving) &&
          chrome::VersionInfo::GetChannel() ==
              chrome::VersionInfo::CHANNEL_UNKNOWN;
 }
 
 bool ChromePasswordManagerClient::IsPasswordManagerEnabledForCurrentPage()
     const {
   if (EnabledForSyncSignin())
     return true;
 
   DCHECK(web_contents());
   content::NavigationEntry* entry =
       web_contents()->GetController().GetLastCommittedEntry();
   if (!entry) {
     // TODO(gcasto): Determine if fix for crbug.com/388246 is relevant here.
     return true;
   }
   // Do not fill nor save password when a user is signing in for sync. This
   // is because users need to remember their password if they are syncing as
   // this is effectively their master password.
   return entry->GetURL().host() != chrome::kChromeUIChromeSigninHost;
 }
 
+bool ChromePasswordManagerClient::ShouldFilterAutofillResult(
+    const autofill::PasswordForm& form) const {
+  if (!IsSyncAccountCredential(base::UTF16ToUTF8(form.username_value),
+                               form.signon_realm))
+    return false;
+
+  if (autofill_sync_state_ == DISALLOW_SYNC_CREDENTIALS)
+    return true;
+
+  if (autofill_sync_state_ == DISALLOW_SYNC_CREDENTIALS_FOR_REAUTH &&
+      LastLoadWasTransactionalReauthPage())
+    return true;
+
+  return false;
+}
+
 bool ChromePasswordManagerClient::IsSyncAccountCredential(
     const std::string& username, const std::string& origin) const {
   return password_manager_sync_metrics::IsSyncAccountCredential(
       profile_, username, origin);
 }
 
 void ChromePasswordManagerClient::PromptUserToSavePassword(
     scoped_ptr<password_manager::PasswordFormManager> form_to_save) {
   if (IsTheHotNewBubbleUIEnabled()) {
     ManagePasswordsUIController* manage_passwords_ui_controller =
@@ skipping 231 matching lines @@
   web_contents()->GetRenderViewHost()->Send(new AutofillMsg_SetLoggingState(
       web_contents()->GetRenderViewHost()->GetRoutingID(),
       can_use_log_router_));
 }
 
 void ChromePasswordManagerClient::CommitFillPasswordForm(
     autofill::PasswordFormFillData* data) {
   driver_.FillPasswordForm(*data);
 }
 
+bool ChromePasswordManagerClient::LastLoadWasTransactionalReauthPage() const {
+  DCHECK(web_contents());
+  content::NavigationEntry* entry =
+      web_contents()->GetController().GetLastCommittedEntry();
+  if (!entry)
+    return false;
+
+  if (entry->GetURL().GetOrigin() !=
+      GaiaUrls::GetInstance()->gaia_url().GetOrigin())
+    return false;
+
+  // "rart" is the transactional reauth paramter.
+  std::string ignored_value;
+  return net::GetValueForKeyInQuery(entry->GetURL(),
+                                    "rart",
+                                    &ignored_value);
+}
+
 bool ChromePasswordManagerClient::IsTheHotNewBubbleUIEnabled() {
 #if !defined(USE_AURA)
   return false;
 #endif
   CommandLine* command_line = CommandLine::ForCurrentProcess();
   if (command_line->HasSwitch(switches::kDisableSavePasswordBubble))
     return false;
 
   if (command_line->HasSwitch(switches::kEnableSavePasswordBubble))
     return true;
 
   std::string group_name =
       base::FieldTrialList::FindFullName("PasswordManagerUI");
 
   // The bubble should be the default case that runs on the bots.
   return group_name != "Infobar";
 }
 
 bool ChromePasswordManagerClient::EnabledForSyncSignin() {
   CommandLine* command_line = CommandLine::ForCurrentProcess();
   if (command_line->HasSwitch(
-          password_manager::switches::kDisableManagerForSyncSignin))
+          pm_switches::kDisableManagerForSyncSignin))
     return false;
 
   if (command_line->HasSwitch(
-          password_manager::switches::kEnableManagerForSyncSignin))
+          pm_switches::kEnableManagerForSyncSignin))
     return true;
 
   // Default is enabled.
   std::string group_name =
       base::FieldTrialList::FindFullName("PasswordManagerStateForSyncSignin");
   return group_name != "Disabled";
 }
+
+void ChromePasswordManagerClient::SetUpAutofillSyncState() {
+  std::string group_name =
+      base::FieldTrialList::FindFullName("AutofillSyncCredential");
+
+  CommandLine* command_line = CommandLine::ForCurrentProcess();
+  if (command_line->HasSwitch(
+          pm_switches::kAllowAutofillSyncCredential)) {
+    autofill_sync_state_ = ALLOW_SYNC_CREDENTIALS;
+    return;
+  }
+  if (command_line->HasSwitch(
+          pm_switches::kDisallowAutofillSyncCredentialForReauth)) {
+    autofill_sync_state_ = DISALLOW_SYNC_CREDENTIALS_FOR_REAUTH;
+    return;
+  }
+  if (command_line->HasSwitch(
+          pm_switches::kDisallowAutofillSyncCredential)) {
+    autofill_sync_state_ = DISALLOW_SYNC_CREDENTIALS;
+    return;
+  }
+
+  if (group_name == "DisallowSyncCredentialsForReauth") {
+    autofill_sync_state_ = DISALLOW_SYNC_CREDENTIALS_FOR_REAUTH;
+  } else if (group_name == "DisallowSyncCredentials") {
+      autofill_sync_state_ = DISALLOW_SYNC_CREDENTIALS;
+  } else {
+    // Allow by default.
+    autofill_sync_state_ = ALLOW_SYNC_CREDENTIALS;
+  }
+}