Chromium Code Reviews Chromium Code Reviews
Issue 489103004:
Allow editing passwords in settings/passwords (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/ui/passwords/password_manager_presenter.cc |
| diff --git a/chrome/browser/ui/passwords/password_manager_presenter.cc b/chrome/browser/ui/passwords/password_manager_presenter.cc |
| index 52d2eb80ef518a453732bff1da87088fde0da24f..f2d6d2ccbe0d3bb60626ffb88e1fc00bd94203eb 100644 |
| --- a/chrome/browser/ui/passwords/password_manager_presenter.cc |
| +++ b/chrome/browser/ui/passwords/password_manager_presenter.cc |
| @@ -83,6 +83,68 @@ void PasswordManagerPresenter::UpdatePasswordLists() { |
| exception_populater_.Populate(); |
| } |
| +// static |
| +bool PasswordManagerPresenter::CheckOriginValidityForAdding( |
| + const GURL& origin) { |
| + // Restrict the URL scheme to http and https since a manually-added |
| + // PasswordForm entry's |scheme| is assumed to be SCHEME_HTML. |
| + return origin.is_valid() && (origin.SchemeIs(url::kHttpScheme) || |
| + origin.SchemeIs(url::kHttpsScheme)); |
| +} |
| + |
| +void PasswordManagerPresenter::AddPassword( |
| + const GURL& origin, |
| + const base::string16& username_value, |
| + const base::string16& password_value) { |
|
Dan Beam
2014/08/26 17:39:06
#if defined(OS_ANDROID)
NOTREACHED();
#else
..
jaekyeom
2014/08/27 12:28:54
Done.
|
| +#if !defined(OS_ANDROID) // This is never called on Android. |
| + if (!CheckOriginValidityForAdding(origin) || password_value.empty()) { |
| + // Invalid |origin| or empty |password_value| can only come from a |
| + // compromised renderer. |
| + NOTREACHED(); |
| + return; |
| + } |
| + PasswordStore* store = GetPasswordStore(); |
|
Dan Beam
2014/08/26 17:39:07
when is |store| NULL?
jaekyeom
2014/08/27 12:28:54
I believe that it will be NULL during testing with
|
| + if (!store) |
| + return; |
| + |
| + GURL::Replacements replacements; |
| + replacements.ClearUsername(); |
| + replacements.ClearPassword(); |
| + replacements.ClearQuery(); |
| + replacements.ClearRef(); |
| + autofill::PasswordForm form; |
| + form.origin = origin.ReplaceComponents(replacements); |
| + form.username_value = username_value; |
| + form.password_value = password_value; |
| + form.signon_realm = origin.GetOrigin().spec(); |
| + form.ssl_valid = origin.SchemeIsSecure(); |
| + form.date_created = base::Time::Now(); |
| + |
| + store->AddLogin(form); |
| +#endif |
| +} |
| + |
| +void PasswordManagerPresenter::UpdatePassword( |
| + size_t index, |
| + const base::string16& password_value) { |
| +#if !defined(OS_ANDROID) // This is never called on Android. |
|
Dan Beam
2014/08/26 17:39:06
same re: NOTREACHED()
jaekyeom
2014/08/27 12:28:53
Done.
|
| + if (index >= password_list_.size() || password_value.empty()) { |
| + // |index| out of bounds might come from a compromised renderer, don't let |
| + // it crash the browser. http://crbug.com/362054 |
| + // Similarly, empty |password_value| also might come from a compromised |
| + // renderer. So use the same logic to prevent saving it. |
| + NOTREACHED(); |
| + return; |
| + } |
| + PasswordStore* store = GetPasswordStore(); |
| + if (!store) |
| + return; |
| + autofill::PasswordForm form(*password_list_[index]); |
| + form.password_value = password_value; |
| + store->UpdateLogin(form); |
| +#endif |
| +} |
| + |
| void PasswordManagerPresenter::RemoveSavedPassword(size_t index) { |
| if (index >= password_list_.size()) { |
| // |index| out of bounds might come from a compromised renderer, don't let |
