Allow editing passwords in settings/passwords

chrome/browser/ui/passwords/password_manager_presenter.cc

Index: chrome/browser/ui/passwords/password_manager_presenter.cc
diff --git a/chrome/browser/ui/passwords/password_manager_presenter.cc b/chrome/browser/ui/passwords/password_manager_presenter.cc
index 52d2eb80ef518a453732bff1da87088fde0da24f..441f77ebd1280d29d0e9d00464f5e5175dc0d112 100644
--- a/chrome/browser/ui/passwords/password_manager_presenter.cc
+++ b/chrome/browser/ui/passwords/password_manager_presenter.cc
@@ -40,6 +40,15 @@ PasswordManagerPresenter::~PasswordManagerPresenter() {
     store->RemoveObserver(this);
 }
 
+// static
+bool PasswordManagerPresenter::CheckOriginValidityForAdding(
+    const GURL& origin) {
+  // Restrict the URL scheme to http and https since a manually-added
+  // PasswordForm entry's |scheme| is assumed to be SCHEME_HTML.
+  return origin.is_valid() && (origin.SchemeIs(url::kHttpScheme) ||
+                               origin.SchemeIs(url::kHttpsScheme));
+}
+
 void PasswordManagerPresenter::Initialize() {
   // Due to the way that handlers are (re)initialized under certain types of
   // navigation, the presenter may already be initialized. (See bugs 88986
@@ -83,6 +92,68 @@ void PasswordManagerPresenter::UpdatePasswordLists() {
   exception_populater_.Populate();
 }
 
+void PasswordManagerPresenter::AddPassword(
+    const GURL& origin,
+    const base::string16& username_value,
+    const base::string16& password_value) {
+#if defined(OS_ANDROID)
+  NOTREACHED();
+#else
+  if (!CheckOriginValidityForAdding(origin) || password_value.empty()) {
+    // Invalid |origin| or empty |password_value| can only come from a
+    // compromised renderer.
+    NOTREACHED();
+    return;
+  }
+  PasswordStore* store = GetPasswordStore();
+  if (!store)
+    return;
+
+  GURL::Replacements replacements;
+  replacements.ClearUsername();
+  replacements.ClearPassword();
+  replacements.ClearQuery();
+  replacements.ClearRef();
+  autofill::PasswordForm form;
+  form.origin = origin.ReplaceComponents(replacements);
+  form.username_value = username_value;
+  form.password_value = password_value;
+  form.signon_realm = origin.GetOrigin().spec();
+  form.date_created = base::Time::Now();
+
+  // Because a secure scheme does not imply the presence of a valid certificate,
+  // this is not precise. However we give it the benefit of the doubt so that
+  // PasswordForms with a https origin will not be auto-filled unless the form
+  // comes with a valid SSL certificate.
+  form.ssl_valid = origin.SchemeIsSecure();
+
+  store->AddLogin(form);
+#endif
+}
+
+void PasswordManagerPresenter::UpdatePassword(
+    size_t index,
+    const base::string16& password_value) {
+#if defined(OS_ANDROID)
+  NOTREACHED();
+#else
+  if (index >= password_list_.size() || password_value.empty()) {
+    // |index| out of bounds might come from a compromised renderer, don't let
+    // it crash the browser. http://crbug.com/362054
+    // Similarly, empty |password_value| also might come from a compromised
+    // renderer. So use the same logic to prevent saving it.
+    NOTREACHED();
+    return;
+  }
+  PasswordStore* store = GetPasswordStore();
+  if (!store)
+    return;
+  autofill::PasswordForm form(*password_list_[index]);
+  form.password_value = password_value;
+  store->UpdateLogin(form);
+#endif
+}
+
 void PasswordManagerPresenter::RemoveSavedPassword(size_t index) {
   if (index >= password_list_.size()) {
     // |index| out of bounds might come from a compromised renderer, don't let