[Password Manager] Disable password manager for password website reauth

chrome/browser/password_manager/chrome_password_manager_client.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/password_manager/chrome_password_manager_client.h"
 
 #include "base/bind_helpers.h"
 #include "base/command_line.h"
 #include "base/memory/singleton.h"
 #include "base/metrics/histogram.h"
@@ skipping 74 matching lines @@
 
 bool ChromePasswordManagerClient::IsAutomaticPasswordSavingEnabled() const {
   return CommandLine::ForCurrentProcess()->HasSwitch(
       password_manager::switches::kEnableAutomaticPasswordSaving) &&
          chrome::VersionInfo::GetChannel() ==
              chrome::VersionInfo::CHANNEL_UNKNOWN;
 }
 
 bool ChromePasswordManagerClient::IsPasswordManagerEnabledForCurrentPage()
     const {
-  if (EnabledForSyncSignin())
-    return true;
-
   DCHECK(web_contents());
   content::NavigationEntry* entry =
       web_contents()->GetController().GetLastCommittedEntry();
   if (!entry) {
     // TODO(gcasto): Determine if fix for crbug.com/388246 is relevant here.
     return true;
   }
+
+  // Disable the password manager for online password management.
+  if (IsURLPasswordWebsiteReauth(entry->GetURL()))
+    return false;
+
+  if (EnabledForSyncSignin())
+    return true;
+
   // Do not fill nor save password when a user is signing in for sync. This
   // is because users need to remember their password if they are syncing as
   // this is effectively their master password.
   return entry->GetURL().host() != chrome::kChromeUIChromeSigninHost;
 }
 
 bool ChromePasswordManagerClient::ShouldFilterAutofillResult(
     const autofill::PasswordForm& form) {
   if (!IsSyncAccountCredential(base::UTF16ToUTF8(form.username_value),
                                form.signon_realm))
@@ skipping 281 matching lines @@
       GaiaUrls::GetInstance()->gaia_url().GetOrigin())
     return false;
 
   // "rart" is the transactional reauth paramter.
   std::string ignored_value;
   return net::GetValueForKeyInQuery(entry->GetURL(),
                                     "rart",
                                     &ignored_value);
 }
 
+bool ChromePasswordManagerClient::IsURLPasswordWebsiteReauth(GURL url) const {
+  if (url.GetOrigin() != GaiaUrls::GetInstance()->gaia_url().GetOrigin())
+    return false;
+
+  // "rart" param signals this page is for transactional reauth.

[jww, 2014/08/22 22:42:10]

Seems like this might be worth factoring out as a generic "are we on a
transactional auth" page? Is there a chance we could use it elsewhere in the
future?

[Garrett Casto, 2014/08/25 08:16:49]

I'm not sure. I could imagine it possibly going in GaiaUrls() or some nearby
utility function, but I don't know if this sort of inspection is something that
they want to generally allow. I'll ping Roger about it tomorrow.

+  std::string param_value;
+  if (!net::GetValueForKeyInQuery(url, "rart", &param_value))
+    return false;
+
+  // Check the "continue" param to see if this reauth page is for the passwords
+  // website.
+  param_value.clear();
+  if (!net::GetValueForKeyInQuery(url, "continue", &param_value))
+    return false;
+
+  return GURL(param_value).GetOrigin() ==

[Mike West, 2014/08/24 05:37:57]

If a user changes the value of the continue param to 'http://whatever', we
wouldn't block autofill, but the magic of HSTS pinning would probably log the
user in anyway.

Perhaps we should check against the hostname instead?

[Garrett Casto, 2014/08/25 08:16:49]

Ah, interesting. I assumed that the server side checks would also verify that
https was used, but I guess it doesn't hurt to be permissive about that here.
Done.

+      GURL(chrome::kPasswordManagerAccountDashboardURL).GetOrigin();
+}
+
 bool ChromePasswordManagerClient::IsTheHotNewBubbleUIEnabled() {
 #if !defined(USE_AURA)
   return false;
 #endif
   CommandLine* command_line = CommandLine::ForCurrentProcess();
   if (command_line->HasSwitch(switches::kDisableSavePasswordBubble))
     return false;
 
   if (command_line->HasSwitch(switches::kEnableSavePasswordBubble))
     return true;
@@ skipping 45 matching lines @@
 
   if (group_name == "DisallowSyncCredentialsForReauth") {
     autofill_sync_state_ = DISALLOW_SYNC_CREDENTIALS_FOR_REAUTH;
   } else if (group_name == "DisallowSyncCredentials") {
       autofill_sync_state_ = DISALLOW_SYNC_CREDENTIALS;
   } else {
     // Allow by default.
     autofill_sync_state_ = ALLOW_SYNC_CREDENTIALS;
   }
 }