Allow editing passwords in settings/passwords

chrome/browser/ui/passwords/password_manager_presenter.cc

Index: chrome/browser/ui/passwords/password_manager_presenter.cc
diff --git a/chrome/browser/ui/passwords/password_manager_presenter.cc b/chrome/browser/ui/passwords/password_manager_presenter.cc
index 52d2eb80ef518a453732bff1da87088fde0da24f..f81097a1ebc7b29f8646dc277e0b0de31fbd3eca 100644
--- a/chrome/browser/ui/passwords/password_manager_presenter.cc
+++ b/chrome/browser/ui/passwords/password_manager_presenter.cc
@@ -83,6 +83,72 @@ void PasswordManagerPresenter::UpdatePasswordLists() {
   exception_populater_.Populate();
 }
 
+// static
+bool PasswordManagerPresenter::CheckOriginValidityForAdding(
+    const GURL& origin) {
+  // Restrict the URL scheme to http and https since a manually-added
+  // PasswordForm entry's |scheme| is assumed to be SCHEME_HTML.
+  return origin.is_valid() && (origin.SchemeIs(url::kHttpScheme) ||
+                               origin.SchemeIs(url::kHttpsScheme));
+}
+
+void PasswordManagerPresenter::AddPassword(
+    const GURL& origin,
+    const base::string16& username_value,
+    const base::string16& password_value) {
+#if defined(OS_ANDROID)
+  NOTREACHED();
+#else
+  if (!CheckOriginValidityForAdding(origin) || password_value.empty()) {
+    // Invalid |origin| or empty |password_value| can only come from a
+    // compromised renderer.
+    NOTREACHED();
+    return;
+  }
+  PasswordStore* store = GetPasswordStore();
+  if (!store)
+    return;
+
+  GURL::Replacements replacements;
+  replacements.ClearUsername();
+  replacements.ClearPassword();
+  replacements.ClearQuery();
+  replacements.ClearRef();
+  autofill::PasswordForm form;
+  form.origin = origin.ReplaceComponents(replacements);
+  form.username_value = username_value;
+  form.password_value = password_value;
+  form.signon_realm = origin.GetOrigin().spec();
+  form.ssl_valid = origin.SchemeIsSecure();

[Dan Beam, 2014/09/11 05:17:58]

are all secure schemes SSL encrypted?  does an HTTPS origin mean the SSL is
actually valid?

[jaekyeom, 2014/09/12 10:35:58]

Done.
I added the comment.

+  form.date_created = base::Time::Now();
+
+  store->AddLogin(form);
+#endif
+}
+
+void PasswordManagerPresenter::UpdatePassword(
+    size_t index,
+    const base::string16& password_value) {
+#if defined(OS_ANDROID)
+  NOTREACHED();
+#else
+  if (index >= password_list_.size() || password_value.empty()) {
+    // |index| out of bounds might come from a compromised renderer, don't let
+    // it crash the browser. http://crbug.com/362054
+    // Similarly, empty |password_value| also might come from a compromised
+    // renderer.  So use the same logic to prevent saving it.
+    NOTREACHED();
+    return;
+  }
+  PasswordStore* store = GetPasswordStore();
+  if (!store)
+    return;
+  autofill::PasswordForm form(*password_list_[index]);
+  form.password_value = password_value;
+  store->UpdateLogin(form);
+#endif
+}
+
 void PasswordManagerPresenter::RemoveSavedPassword(size_t index) {
   if (index >= password_list_.size()) {
     // |index| out of bounds might come from a compromised renderer, don't let