Refactor Autofill for out of process iframes (OOPIF).

components/autofill/content/renderer/password_autofill_agent.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/autofill/content/renderer/password_autofill_agent.h"
 
 #include "base/bind.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/metrics/histogram.h"
 #include "base/strings/utf_string_conversions.h"
 #include "components/autofill/content/common/autofill_messages.h"
 #include "components/autofill/content/renderer/form_autofill_util.h"
 #include "components/autofill/content/renderer/password_form_conversion_utils.h"
 #include "components/autofill/content/renderer/renderer_save_password_progress_logger.h"
 #include "components/autofill/core/common/form_field_data.h"
 #include "components/autofill/core/common/password_form.h"
 #include "components/autofill/core/common/password_form_fill_data.h"
 #include "content/public/renderer/document_state.h"
 #include "content/public/renderer/navigation_state.h"
+#include "content/public/renderer/render_frame.h"
 #include "content/public/renderer/render_view.h"
 #include "third_party/WebKit/public/platform/WebVector.h"
 #include "third_party/WebKit/public/web/WebAutofillClient.h"
 #include "third_party/WebKit/public/web/WebDocument.h"
 #include "third_party/WebKit/public/web/WebElement.h"
 #include "third_party/WebKit/public/web/WebFormElement.h"
 #include "third_party/WebKit/public/web/WebInputEvent.h"
 #include "third_party/WebKit/public/web/WebLocalFrame.h"
 #include "third_party/WebKit/public/web/WebNode.h"
 #include "third_party/WebKit/public/web/WebNodeList.h"
@@ skipping 83 matching lines @@
     // Note: clear will remove a reference from each InputElement.
     if (!found_input) {
       result->input_elements.clear();
       return false;
     }
   }
   return true;
 }
 
 // Helper to locate form elements identified by |data|.
-void FindFormElements(blink::WebView* view,
+void FindFormElements(content::RenderFrame* render_frame,
                       const FormData& data,
                       FormElementsList* results) {
-  DCHECK(view);
   DCHECK(results);
-  blink::WebFrame* main_frame = view->mainFrame();
-  if (!main_frame)
-    return;
 
   GURL::Replacements rep;
   rep.ClearQuery();
   rep.ClearRef();
 
-  // Loop through each frame.
-  for (blink::WebFrame* f = main_frame; f; f = f->traverseNext(false)) {
-    blink::WebDocument doc = f->document();
-    if (!doc.isHTMLDocument())
+  blink::WebDocument doc = render_frame->GetWebFrame()->document();
+  if (!doc.isHTMLDocument())
+    return;
+
+  GURL full_origin(doc.url());
+  if (data.origin != full_origin.ReplaceComponents(rep))
+    return;
+
+  blink::WebVector<blink::WebFormElement> forms;
+  doc.forms(forms);
+
+  for (size_t i = 0; i < forms.size(); ++i) {
+    blink::WebFormElement fe = forms[i];
+
+    GURL full_action(doc.completeURL(fe.action()));
+    if (full_action.is_empty()) {
+      // The default action URL is the form's origin.
+      full_action = full_origin;
+    }
+
+    // Action URL must match.
+    if (data.action != full_action.ReplaceComponents(rep))
       continue;
 
-    GURL full_origin(doc.url());
-    if (data.origin != full_origin.ReplaceComponents(rep))
+    scoped_ptr<FormElements> curr_elements(new FormElements);
+    if (!FindFormInputElements(&fe, data, curr_elements.get()))
       continue;
 
-    blink::WebVector<blink::WebFormElement> forms;
-    doc.forms(forms);
-
-    for (size_t i = 0; i < forms.size(); ++i) {
-      blink::WebFormElement fe = forms[i];
-
-      GURL full_action(f->document().completeURL(fe.action()));
-      if (full_action.is_empty()) {
-        // The default action URL is the form's origin.
-        full_action = full_origin;
-      }
-
-      // Action URL must match.
-      if (data.action != full_action.ReplaceComponents(rep))
-        continue;
-
-      scoped_ptr<FormElements> curr_elements(new FormElements);
-      if (!FindFormInputElements(&fe, data, curr_elements.get()))
-        continue;
-
-      // We found the right element.
-      // Note: this assignment adds a reference to |fe|.
-      curr_elements->form_element = fe;
-      results->push_back(curr_elements.release());
-    }
+    // We found the right element.
+    // Note: this assignment adds a reference to |fe|.
+    curr_elements->form_element = fe;
+    results->push_back(curr_elements.release());
   }
 }
 
 bool IsElementEditable(const blink::WebInputElement& element) {
   return element.isEnabled() && !element.isReadOnly();
 }
 
 bool DoUsernamesMatch(const base::string16& username1,
                       const base::string16& username2,
                       bool exact_match) {
@@ skipping 240 matching lines @@
     return false;
   auto it = map.find(key);
   return it != map.end() && it->second.get();
 }
 
 }  // namespace
 
 ////////////////////////////////////////////////////////////////////////////////
 // PasswordAutofillAgent, public:
 
-PasswordAutofillAgent::PasswordAutofillAgent(content::RenderView* render_view)
-    : content::RenderViewObserver(render_view),
+PasswordAutofillAgent::PasswordAutofillAgent(content::RenderFrame* render_frame)
+    : content::RenderFrameObserver(render_frame),
+      legacy_(render_frame->GetRenderView(), this),
       usernames_usage_(NOTHING_TO_AUTOFILL),
-      web_view_(render_view->GetWebView()),
       logging_state_active_(false),
       was_username_autofilled_(false),
       was_password_autofilled_(false),
       username_selection_start_(0),
       did_stop_loading_(false),
       weak_ptr_factory_(this) {
   Send(new AutofillHostMsg_PasswordAutofillAgentConstructed(routing_id()));
 }
 
 PasswordAutofillAgent::~PasswordAutofillAgent() {
@@ skipping 74 matching lines @@
     usernames_usage_ = OTHER_POSSIBLE_USERNAME_SELECTED;
   }
   return true;
 }
 
 bool PasswordAutofillAgent::TextDidChangeInTextField(
     const blink::WebInputElement& element) {
   // TODO(vabr): Get a mutable argument instead. http://crbug.com/397083
   blink::WebInputElement mutable_element = element;  // We need a non-const.
 
+  DCHECK_EQ(element.document().frame(), render_frame()->GetWebFrame());
+
   if (element.isPasswordField()) {
     // Some login forms have event handlers that put a hash of the password into
     // a hidden field and then clear the password (http://crbug.com/28910,
     // http://crbug.com/391693). This method gets called before any of those
     // handlers run, so save away a copy of the password in case it gets lost.
     // To honor the user having explicitly cleared the password, even an empty
     // password will be saved here.
-    if (blink::WebLocalFrame* element_frame = element.document().frame()) {
-      ProvisionallySavePassword(
-          element_frame, element.form(), RESTRICTION_NONE);
-    }
+    ProvisionallySavePassword(element.form(), RESTRICTION_NONE);
 
     PasswordToLoginMap::iterator iter = password_to_username_.find(element);
     if (iter != password_to_username_.end()) {
       login_to_password_info_[iter->second].password_was_edited_last = true;
       // Note that the suggested value of |mutable_element| was reset when its
       // value changed.
       mutable_element.setAutofilled(false);
     }
     return false;
   }
@@ skipping 140 matching lines @@
     return true;
 
   return ShowSuggestionPopup(iter->second.fill_data, element, show_all);
 }
 
 bool PasswordAutofillAgent::OriginCanAccessPasswordManager(
     const blink::WebSecurityOrigin& origin) {
   return origin.canAccessPasswordManager();
 }
 
-void PasswordAutofillAgent::OnDynamicFormsSeen(blink::WebFrame* frame) {
-  SendPasswordForms(frame, false /* only_visible */);
+void PasswordAutofillAgent::OnDynamicFormsSeen() {
+  SendPasswordForms(false /* only_visible */);
 }
 
 void PasswordAutofillAgent::FirstUserGestureObserved() {
   gatekeeper_.OnUserGesture();
 }
 
-void PasswordAutofillAgent::SendPasswordForms(blink::WebFrame* frame,
-                                              bool only_visible) {
+void PasswordAutofillAgent::SendPasswordForms(bool only_visible) {
   scoped_ptr<RendererSavePasswordProgressLogger> logger;
   if (logging_state_active_) {
     logger.reset(new RendererSavePasswordProgressLogger(this, routing_id()));
     logger->LogMessage(Logger::STRING_SEND_PASSWORD_FORMS_METHOD);
     logger->LogBoolean(Logger::STRING_ONLY_VISIBLE, only_visible);
   }
 
+  blink::WebFrame* frame = render_frame()->GetWebFrame();
   // Make sure that this security origin is allowed to use password manager.
   blink::WebSecurityOrigin origin = frame->document().securityOrigin();
   if (logger) {
     logger->LogURL(Logger::STRING_SECURITY_ORIGIN,
                    GURL(origin.toString().utf8()));
   }
   if (!OriginCanAccessPasswordManager(origin)) {
     if (logger) {
       logger->LogMessage(Logger::STRING_SECURITY_ORIGIN_FAILURE);
       logger->LogMessage(Logger::STRING_DECISION_DROP);
@@ skipping 58 matching lines @@
 bool PasswordAutofillAgent::OnMessageReceived(const IPC::Message& message) {
   bool handled = true;
   IPC_BEGIN_MESSAGE_MAP(PasswordAutofillAgent, message)
     IPC_MESSAGE_HANDLER(AutofillMsg_FillPasswordForm, OnFillPasswordForm)
     IPC_MESSAGE_HANDLER(AutofillMsg_SetLoggingState, OnSetLoggingState)
     IPC_MESSAGE_UNHANDLED(handled = false)
   IPC_END_MESSAGE_MAP()
   return handled;
 }
 
+void PasswordAutofillAgent::DidFinishDocumentLoad() {
+  // The |frame| contents have been parsed, but not yet rendered.  Let the
+  // PasswordManager know that forms are loaded, even though we can't yet tell
+  // whether they're visible.
+  SendPasswordForms(false);
+}
+
+void PasswordAutofillAgent::DidFinishLoad() {
+  // The |frame| contents have been rendered.  Let the PasswordManager know
+  // which of the loaded frames are actually visible to the user.  This also
+  // triggers the "Save password?" infobar if the user just submitted a password
+  // form.
+  SendPasswordForms(true);
+}
+
+void PasswordAutofillAgent::FrameWillClose() {
+  FrameClosing();
+}
+
 void PasswordAutofillAgent::DidStartLoading() {
   did_stop_loading_ = false;
   if (usernames_usage_ != NOTHING_TO_AUTOFILL) {
     UMA_HISTOGRAM_ENUMERATION("PasswordManager.OtherPossibleUsernamesUsage",
-                              usernames_usage_,
-                              OTHER_POSSIBLE_USERNAMES_MAX);
+                              usernames_usage_, OTHER_POSSIBLE_USERNAMES_MAX);
     usernames_usage_ = NOTHING_TO_AUTOFILL;
   }
 }
 
-void PasswordAutofillAgent::DidFinishDocumentLoad(blink::WebLocalFrame* frame) {
-  // The |frame| contents have been parsed, but not yet rendered.  Let the
-  // PasswordManager know that forms are loaded, even though we can't yet tell
-  // whether they're visible.
-  SendPasswordForms(frame, false);
-}
-
-void PasswordAutofillAgent::DidFinishLoad(blink::WebLocalFrame* frame) {
-  // The |frame| contents have been rendered.  Let the PasswordManager know
-  // which of the loaded frames are actually visible to the user.  This also
-  // triggers the "Save password?" infobar if the user just submitted a password
-  // form.
-  SendPasswordForms(frame, true);
-}
-
 void PasswordAutofillAgent::DidStopLoading() {
   did_stop_loading_ = true;
 }
 
 void PasswordAutofillAgent::FrameDetached(blink::WebFrame* frame) {
-  FrameClosing(frame);
-}
-
-void PasswordAutofillAgent::FrameWillClose(blink::WebFrame* frame) {
-  FrameClosing(frame);
+  if (frame == render_frame()->GetWebFrame())
+    FrameClosing();
 }
 
 void PasswordAutofillAgent::WillSendSubmitEvent(
     blink::WebLocalFrame* frame,
     const blink::WebFormElement& form) {
+  if (frame != render_frame()->GetWebFrame())
+    return;
   // Forms submitted via XHR are not seen by WillSubmitForm if the default
   // onsubmit handler is overridden. Such submission first gets detected in
   // DidStartProvisionalLoad, which no longer knows about the particular form,
-  // and uses the candidate stored in |provisionally_saved_forms_|.
+  // and uses the candidate stored in |provisionally_saved_form_|.
   //
-  // User-typed password will get stored to |provisionally_saved_forms_| in
+  // User-typed password will get stored to |provisionally_saved_form_| in
   // TextDidChangeInTextField. Autofilled or JavaScript-copied passwords need to
   // be saved here.
   //
   // Only non-empty passwords are saved here. Empty passwords were likely
   // cleared by some scripts (http://crbug.com/28910, http://crbug.com/391693).
-  // Had the user cleared the password, |provisionally_saved_forms_| would
+  // Had the user cleared the password, |provisionally_saved_form_| would
   // already have been updated in TextDidChangeInTextField.
-  ProvisionallySavePassword(frame, form, RESTRICTION_NON_EMPTY_PASSWORD);
+  ProvisionallySavePassword(form, RESTRICTION_NON_EMPTY_PASSWORD);
 }
 
 void PasswordAutofillAgent::WillSubmitForm(blink::WebLocalFrame* frame,
                                            const blink::WebFormElement& form) {
-  DCHECK(frame);
+  if (frame != render_frame()->GetWebFrame())
+    return;
+
   scoped_ptr<RendererSavePasswordProgressLogger> logger;
   if (logging_state_active_) {
     logger.reset(new RendererSavePasswordProgressLogger(this, routing_id()));
     logger->LogMessage(Logger::STRING_WILL_SUBMIT_FORM_METHOD);
     LogHTMLForm(logger.get(), Logger::STRING_HTML_FORM_FOR_SUBMIT, form);
   }
 
   scoped_ptr<PasswordForm> submitted_form = CreatePasswordForm(form);
 
   // If there is a provisionally saved password, copy over the previous
   // password value so we get the user's typed password, not the value that
   // may have been transformed for submit.
   // TODO(gcasto): Do we need to have this action equality check? Is it trying
   // to prevent accidentally copying over passwords from a different form?
   if (submitted_form) {
     if (logger) {
       logger->LogPasswordForm(Logger::STRING_CREATED_PASSWORD_FORM,
                               *submitted_form);
     }
-    if (ContainsNonNullEntryForNonNullKey(
-            provisionally_saved_forms_, static_cast<blink::WebFrame*>(frame)) &&
-        submitted_form->action == provisionally_saved_forms_[frame]->action) {
+    if (provisionally_saved_form_.get() &&
+        submitted_form->action == provisionally_saved_form_->action) {
       if (logger)
         logger->LogMessage(Logger::STRING_SUBMITTED_PASSWORD_REPLACED);
       submitted_form->password_value =
-          provisionally_saved_forms_[frame]->password_value;
+          provisionally_saved_form_->password_value;
       submitted_form->new_password_value =
-          provisionally_saved_forms_[frame]->new_password_value;
+          provisionally_saved_form_->new_password_value;
     }
 
     // Some observers depend on sending this information now instead of when
     // the frame starts loading. If there are redirects that cause a new
     // RenderView to be instantiated (such as redirects to the WebStore)
     // we will never get to finish the load.
-    Send(new AutofillHostMsg_PasswordFormSubmitted(routing_id(),
-                                                   *submitted_form));
-    // Remove reference since we have already submitted this form.
-    provisionally_saved_forms_.erase(frame);
+    Send(new AutofillHostMsg_PasswordFormSubmitted(
+        routing_id(), *provisionally_saved_form_.release()));
   } else if (logger) {
     logger->LogMessage(Logger::STRING_DECISION_DROP);
   }
 }
 
-blink::WebFrame* PasswordAutofillAgent::CurrentOrChildFrameWithSavedForms(
-    const blink::WebFrame* current_frame) {
-  for (FrameToPasswordFormMap::const_iterator it =
-           provisionally_saved_forms_.begin();
-       it != provisionally_saved_forms_.end();
-       ++it) {
-    blink::WebFrame* form_frame = it->first;
-    // The check that the returned frame is related to |current_frame| is mainly
-    // for double-checking. There should not be any unrelated frames in
-    // |provisionally_saved_forms_|, because the map is cleared after
-    // navigation. If there are reasons to remove this check in the future and
-    // keep just the first frame found, it might be a good idea to add a UMA
-    // statistic or a similar check on how many frames are here to choose from.
-    if (current_frame == form_frame ||
-        current_frame->findChildByName(form_frame->assignedName())) {
-      return form_frame;
-    }
-  }
-  return NULL;
-}
-
-void PasswordAutofillAgent::DidStartProvisionalLoad(
-    blink::WebLocalFrame* frame) {
+void PasswordAutofillAgent::DidStartProvisionalLoad() {
   scoped_ptr<RendererSavePasswordProgressLogger> logger;
   if (logging_state_active_) {
     logger.reset(new RendererSavePasswordProgressLogger(this, routing_id()));
     logger->LogMessage(Logger::STRING_DID_START_PROVISIONAL_LOAD_METHOD);
   }
 
-  if (!frame->parent()) {
-    // If the navigation is not triggered by a user gesture, e.g. by some ajax
-    // callback, then inherit the submitted password form from the previous
-    // state. This fixes the no password save issue for ajax login, tracked in
-    // [http://crbug/43219]. Note that this still fails for sites that use
-    // synchonous XHR as isProcessingUserGesture() will return true.
-    blink::WebFrame* form_frame = CurrentOrChildFrameWithSavedForms(frame);
-    if (logger) {
-      logger->LogBoolean(Logger::STRING_FORM_FRAME_EQ_FRAME,
-                         form_frame == frame);
-    }
-    // Bug fix for crbug.com/368690. isProcessingUserGesture() is false when
-    // the user is performing actions outside the page (e.g. typed url,
-    // history navigation). We don't want to trigger saving in these cases.
-    content::DocumentState* document_state =
-        content::DocumentState::FromDataSource(
-            frame->provisionalDataSource());
-    content::NavigationState* navigation_state =
-        document_state->navigation_state();
-    if (ui::PageTransitionIsWebTriggerable(
-            navigation_state->transition_type()) &&
-        !blink::WebUserGestureIndicator::isProcessingUserGesture()) {
-      // If onsubmit has been called, try and save that form.
-      if (ContainsNonNullEntryForNonNullKey(provisionally_saved_forms_,
-                                            form_frame)) {
+  blink::WebFrame* frame = render_frame()->GetWebFrame();

[vabr (Chromium), 2014/11/10 14:34:40]

So here the behaviour seems changed -- we try to save passwords even on subframe
navigation. Originally this code path was meant as a last resort, if a password
form is submitted in a way not triggering WillSubmitForm, with the idea, that if
the whole page reloads, that might be a result of a non-standard submit "button"
clicked.

We can discuss whether this should only happen on main frame navigation, but if
we are about to change it, that should happen in a different CL anyway. The goal
of this one is not to change the behaviour, but to make the agent observe frames
instead of views.

[Evan Stade, 2014/11/14 23:25:49]

reverted.

+  // Bug fix for crbug.com/368690. isProcessingUserGesture() is false when
+  // the user is performing actions outside the page (e.g. typed url,
+  // history navigation). We don't want to trigger saving in these cases.
+  content::DocumentState* document_state =
+      content::DocumentState::FromDataSource(frame->provisionalDataSource());
+  content::NavigationState* navigation_state =
+      document_state->navigation_state();
+  if (ui::PageTransitionIsWebTriggerable(navigation_state->transition_type()) &&
+      !blink::WebUserGestureIndicator::isProcessingUserGesture()) {
+    // If onsubmit has been called, try and save that form.
+    if (provisionally_saved_form_.get()) {
+      if (logger) {
+        logger->LogPasswordForm(
+            Logger::STRING_PROVISIONALLY_SAVED_FORM_FOR_FRAME,
+            *provisionally_saved_form_);
+      }
+      Send(new AutofillHostMsg_PasswordFormSubmitted(
+          routing_id(), *provisionally_saved_form_.release()));
+    } else {
+      // Loop through the forms on the page looking for one that has been
+      // filled out. If one exists, try and save the credentials.
+      blink::WebVector<blink::WebFormElement> forms;
+      frame->document().forms(forms);
+
+      bool password_forms_found = false;
+      for (size_t i = 0; i < forms.size(); ++i) {
+        blink::WebFormElement form_element = forms[i];
         if (logger) {
-          logger->LogPasswordForm(
-              Logger::STRING_PROVISIONALLY_SAVED_FORM_FOR_FRAME,
-              *provisionally_saved_forms_[form_frame]);
+          LogHTMLForm(logger.get(), Logger::STRING_FORM_FOUND_ON_PAGE,
+                      form_element);
         }
-        Send(new AutofillHostMsg_PasswordFormSubmitted(
-            routing_id(), *provisionally_saved_forms_[form_frame]));
-        provisionally_saved_forms_.erase(form_frame);
-      } else {
-        // Loop through the forms on the page looking for one that has been
-        // filled out. If one exists, try and save the credentials.
-        blink::WebVector<blink::WebFormElement> forms;
-        frame->document().forms(forms);
-
-        bool password_forms_found = false;
-        for (size_t i = 0; i < forms.size(); ++i) {
-          blink::WebFormElement form_element = forms[i];
+        scoped_ptr<PasswordForm> password_form(
+            CreatePasswordForm(form_element));
+        if (password_form.get() && !password_form->username_value.empty() &&
+            FormContainsNonDefaultPasswordValue(*password_form, form_element)) {
+          password_forms_found = true;
           if (logger) {
-            LogHTMLForm(
-                logger.get(), Logger::STRING_FORM_FOUND_ON_PAGE, form_element);
+            logger->LogPasswordForm(Logger::STRING_PASSWORD_FORM_FOUND_ON_PAGE,
+                                    *password_form);
           }
-          scoped_ptr<PasswordForm> password_form(
-              CreatePasswordForm(form_element));
-          if (password_form.get() && !password_form->username_value.empty() &&
-              FormContainsNonDefaultPasswordValue(
-                  *password_form, form_element)) {
-            password_forms_found = true;
-            if (logger) {
-              logger->LogPasswordForm(
-                  Logger::STRING_PASSWORD_FORM_FOUND_ON_PAGE, *password_form);
-            }
-            Send(new AutofillHostMsg_PasswordFormSubmitted(routing_id(),
-                                                           *password_form));
-          }
-        }
-        if (!password_forms_found && logger) {
-          logger->LogMessage(Logger::STRING_DECISION_DROP);
+          Send(new AutofillHostMsg_PasswordFormSubmitted(routing_id(),
+                                                         *password_form));
         }
       }
+      if (!password_forms_found && logger) {
+        logger->LogMessage(Logger::STRING_DECISION_DROP);
+      }
     }
-    // Clear the whole map during main frame navigation.
-    provisionally_saved_forms_.clear();
 
     // This is a new navigation, so require a new user gesture before filling in
     // passwords.
     gatekeeper_.Reset();
-  } else {
-    if (logger)
-      logger->LogMessage(Logger::STRING_DECISION_DROP);
   }
 }
 
 void PasswordAutofillAgent::OnFillPasswordForm(
     int key,
     const PasswordFormFillData& form_data) {
   if (usernames_usage_ == NOTHING_TO_AUTOFILL) {
     if (form_data.other_possible_usernames.size())
       usernames_usage_ = OTHER_POSSIBLE_USERNAMES_PRESENT;
     else if (usernames_usage_ == NOTHING_TO_AUTOFILL)
       usernames_usage_ = OTHER_POSSIBLE_USERNAMES_ABSENT;
   }
 
   FormElementsList forms;
   // We own the FormElements* in forms.
-  FindFormElements(render_view()->GetWebView(), form_data.basic_data, &forms);
+  FindFormElements(render_frame(), form_data.basic_data, &forms);
   FormElementsList::iterator iter;
   for (iter = forms.begin(); iter != forms.end(); ++iter) {
     scoped_ptr<FormElements> form_elements(*iter);
 
     // Attach autocomplete listener to enable selecting alternate logins.
     blink::WebInputElement username_element, password_element;
 
     // Check whether the password form has a username input field.
     bool form_contains_username_field = FillDataContainsUsername(form_data);
     if (form_contains_username_field) {
@@ skipping 64 matching lines @@
   FindFormAndFieldForFormControlElement(
       user_input, &form, &field, REQUIRE_NONE);
 
   blink::WebInputElement selected_element = user_input;
   gfx::Rect bounding_box(selected_element.boundsInViewportSpace());
 
   LoginToPasswordInfoKeyMap::const_iterator key_it =
       login_to_password_info_key_.find(user_input);
   DCHECK(key_it != login_to_password_info_key_.end());
 
-  float scale = web_view_->pageScaleFactor();
+  float scale =
+      render_frame()->GetRenderView()->GetWebView()->pageScaleFactor();
   gfx::RectF bounding_box_scaled(bounding_box.x() * scale,
                                  bounding_box.y() * scale,
                                  bounding_box.width() * scale,
                                  bounding_box.height() * scale);
   Send(new AutofillHostMsg_ShowPasswordSuggestions(
       routing_id(), key_it->second, field.text_direction, user_input.value(),
       show_all, bounding_box_scaled));
 
   bool suggestions_present = false;
   if (GetSuggestionsStats(fill_data, user_input.value(), show_all,
@@ skipping 32 matching lines @@
           fill_data,
           false /* exact_username_match */,
           true /* set_selection */,
           base::Bind(&PasswordValueGatekeeper::RegisterElement,
                      base::Unretained(&gatekeeper_)))) {
     usernames_usage_ = OTHER_POSSIBLE_USERNAME_SELECTED;
   }
 #endif
 }
 
-void PasswordAutofillAgent::FrameClosing(const blink::WebFrame* frame) {
+void PasswordAutofillAgent::FrameClosing() {
   for (LoginToPasswordInfoMap::iterator iter = login_to_password_info_.begin();
        iter != login_to_password_info_.end();) {
     // There may not be a username field, so get the frame from the password
     // field.
-    if (iter->second.password_field.document().frame() == frame) {
-      login_to_password_info_key_.erase(iter->first);
-      password_to_username_.erase(iter->second.password_field);
-      login_to_password_info_.erase(iter++);
-    } else {
-      ++iter;
-    }
+    DCHECK_EQ(iter->second.password_field.document().frame(),
+              render_frame()->GetWebFrame());
+    login_to_password_info_key_.erase(iter->first);
+    password_to_username_.erase(iter->second.password_field);
+    login_to_password_info_.erase(iter++);
   }
-  for (FrameToPasswordFormMap::iterator iter =
-           provisionally_saved_forms_.begin();
-       iter != provisionally_saved_forms_.end();) {
-    if (iter->first == frame)
-      provisionally_saved_forms_.erase(iter++);
-    else
-      ++iter;
-  }
+  provisionally_saved_form_.reset();
 }
 
 bool PasswordAutofillAgent::FindLoginInfo(const blink::WebNode& node,
                                           blink::WebInputElement* found_input,
                                           PasswordInfo** found_password) {
   if (!node.isElementNode())
     return false;
 
   blink::WebElement element = node.toConst<blink::WebElement>();
   if (!element.hasHTMLTagName("input"))
@@ skipping 18 matching lines @@
     username->setSelectionRange(username_selection_start_,
                                 username->value().length());
   }
   if (!password->suggestedValue().isEmpty()) {
       password->setSuggestedValue(blink::WebString());
       password->setAutofilled(was_password_autofilled_);
   }
 }
 
 void PasswordAutofillAgent::ProvisionallySavePassword(
-    blink::WebLocalFrame* frame,
     const blink::WebFormElement& form,
     ProvisionallySaveRestriction restriction) {
-  // TODO(vabr): This is just to stop getting a NULL frame in
-  // |provisionally_saved_forms_|. Cases where we try to save password for a
-  // form in a NULL frame should not happen, and it's currently unclear how they
-  // happen (http://crbug.com/420519). This thing will be hopefully solved by
-  // migrating the PasswordAutofillAgent to observe frames directly
-  // (http://crbug.com/400186).
-  if (!frame)
-    return;
   scoped_ptr<PasswordForm> password_form(CreatePasswordForm(form));
   if (!password_form || (restriction == RESTRICTION_NON_EMPTY_PASSWORD &&
                          password_form->password_value.empty() &&
                          password_form->new_password_value.empty())) {
     return;
   }
-  provisionally_saved_forms_[frame].reset(password_form.release());
+  provisionally_saved_form_.reset(password_form.release());
+}
+
+// LegacyPasswordAutofillAgent -------------------------------------------------
+
+PasswordAutofillAgent::LegacyPasswordAutofillAgent::LegacyPasswordAutofillAgent(
+    content::RenderView* render_view,
+    PasswordAutofillAgent* agent)
+    : content::RenderViewObserver(render_view), agent_(agent) {
+}
+
+PasswordAutofillAgent::LegacyPasswordAutofillAgent::
+    ~LegacyPasswordAutofillAgent() {
+}
+
+void PasswordAutofillAgent::LegacyPasswordAutofillAgent::OnDestruct() {
+  // No op. Do not delete |this|.
+}
+
+void PasswordAutofillAgent::LegacyPasswordAutofillAgent::DidStartLoading() {
+  agent_->DidStartLoading();
+}
+
+void PasswordAutofillAgent::LegacyPasswordAutofillAgent::DidStopLoading() {
+  agent_->DidStopLoading();
+}
+
+void PasswordAutofillAgent::LegacyPasswordAutofillAgent::FrameDetached(
+    blink::WebFrame* frame) {
+  agent_->FrameDetached(frame);
+}
+
+void PasswordAutofillAgent::LegacyPasswordAutofillAgent::WillSendSubmitEvent(
+    blink::WebLocalFrame* frame,
+    const blink::WebFormElement& form) {
+  agent_->WillSendSubmitEvent(frame, form);
+}
+
+void PasswordAutofillAgent::LegacyPasswordAutofillAgent::WillSubmitForm(
+    blink::WebLocalFrame* frame,
+    const blink::WebFormElement& form) {
+  agent_->WillSubmitForm(frame, form);
 }
 
 }  // namespace autofill