Fill on account select in the password manager behind a flag

components/autofill/content/renderer/password_autofill_agent.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/autofill/content/renderer/password_autofill_agent.h"
 
 #include "base/bind.h"
+#include "base/command_line.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
+#include "base/metrics/field_trial.h"
 #include "base/metrics/histogram.h"
 #include "base/strings/utf_string_conversions.h"
 #include "components/autofill/content/common/autofill_messages.h"
 #include "components/autofill/content/renderer/form_autofill_util.h"
 #include "components/autofill/content/renderer/password_form_conversion_utils.h"
 #include "components/autofill/content/renderer/renderer_save_password_progress_logger.h"
 #include "components/autofill/core/common/autofill_constants.h"
+#include "components/autofill/core/common/autofill_switches.h"
 #include "components/autofill/core/common/form_field_data.h"
 #include "components/autofill/core/common/password_form.h"
 #include "components/autofill/core/common/password_form_fill_data.h"
 #include "content/public/renderer/document_state.h"
 #include "content/public/renderer/navigation_state.h"
 #include "content/public/renderer/render_frame.h"
 #include "content/public/renderer/render_view.h"
 #include "third_party/WebKit/public/platform/WebVector.h"
 #include "third_party/WebKit/public/web/WebAutofillClient.h"
 #include "third_party/WebKit/public/web/WebDocument.h"
 #include "third_party/WebKit/public/web/WebElement.h"
 #include "third_party/WebKit/public/web/WebFormElement.h"
 #include "third_party/WebKit/public/web/WebInputEvent.h"
 #include "third_party/WebKit/public/web/WebLocalFrame.h"
 #include "third_party/WebKit/public/web/WebNode.h"
 #include "third_party/WebKit/public/web/WebNodeList.h"
 #include "third_party/WebKit/public/web/WebSecurityOrigin.h"
 #include "third_party/WebKit/public/web/WebUserGestureIndicator.h"
 #include "third_party/WebKit/public/web/WebView.h"
 #include "ui/base/page_transition_types.h"
 #include "ui/events/keycodes/keyboard_codes.h"
 #include "url/gurl.h"
 
 namespace autofill {
 namespace {
 
 // The size above which we stop triggering autocomplete.
 static const size_t kMaximumTextSizeForAutocomplete = 1000;
 
+// Experiment information
+const char kFillOnAccountSelectFieldTrialName[] = "FillOnAccountSelect";
+const char kFillOnAccountSelectFieldTrialEnabledGroup[] = "Enable";
+
 // Maps element names to the actual elements to simplify form filling.
 typedef std::map<base::string16, blink::WebInputElement> FormInputElementMap;
 
 // Use the shorter name when referencing SavePasswordProgressLogger::StringID
 // values to spare line breaks. The code provides enough context for that
 // already.
 typedef SavePasswordProgressLogger Logger;
 
 // Utility struct for form lookup and autofill. When we parse the DOM to look up
 // a form, in addition to action and origin URL's we have to compare all
@@ skipping 58 matching lines @@
   // iteration remain in the result set.
   // Note: clear will remove a reference from each InputElement.
   if (!found_input) {
     result->input_elements.clear();
     return false;
   }
 
   return true;
 }
 
+bool ShouldFillOnAccountSelect() {
+  if (CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kDisableFillOnAccountSelect)) {
+    return false;
+  }
+
+  if (CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kEnableFillOnAccountSelect)) {
+    return true;
+  }
+
+  std::string group_name =
+      base::FieldTrialList::FindFullName(kFillOnAccountSelectFieldTrialName);

[Ilya Sherman, 2014/12/11 23:28:55]

You should query the field trial first, before checking the flags.  This ensures
that the field trial data will be uploaded for users who are using the flags.

[jww, 2014/12/12 00:17:43]

Don't we want the opposite of that though? Namely, if the user flips the flag,
we don't want to consider their field trial group (b/c their not getting the
behavior of the field trial).

[Ilya Sherman, 2014/12/12 00:25:50]

The ordering should be

// Call FieldTrialList::FindFullName
// Check the disable flag.
// Check the enable flag.
// Check the field trial group.

By querying first, you cause users to be assigned into groups like
"Enabled_Forced" and "Disabled_Forced" (or whatever you've named them).  If
that's not clear, the "Forcing Flags" page at go/finch might help clarify.

[jww, 2014/12/12 00:54:55]

Done.

+  return group_name.compare(kFillOnAccountSelectFieldTrialEnabledGroup) == 0;

[Ilya Sherman, 2014/12/11 23:28:55]

Optional nit: I think operator== is clearer here.

[jww, 2014/12/12 00:17:43]

Done.

+}
+
 // Helper to search the given form element for the specified input elements in
 // |data|, and add results to |result|.
 bool FindFormInputElements(blink::WebFormElement* form_element,
                            const PasswordFormFillData& data,
                            FormElements* result) {
   return FindFormInputElement(form_element, data.password_field, result) &&
          (!FillDataContainsUsername(data) ||
           FindFormInputElement(form_element, data.username_field, result));
 }
 
@@ skipping 134 matching lines @@
     }
   }
 
   return false;
 }
 
 // This function attempts to fill |username_element| and |password_element|
 // with values from |fill_data|. The |password_element| will only have the
 // |suggestedValue| set, and will be registered for copying that to the real
 // value through |registration_callback|. The function returns true when
-// selected username comes from |fill_data.other_possible_usernames|.
+// selected username comes from |fill_data.other_possible_usernames|. |options|
+// should be a bitwise mask of FillUserNameAndPasswordOptions values.
 bool FillUserNameAndPassword(
     blink::WebInputElement* username_element,
     blink::WebInputElement* password_element,
     const PasswordFormFillData& fill_data,
     bool exact_username_match,
     bool set_selection,
     base::Callback<void(blink::WebInputElement*)> registration_callback) {
   bool other_possible_username_selected = false;
   // Don't fill username if password can't be set.
   if (!IsElementAutocompletable(*password_element))
@@ skipping 95 matching lines @@
   // Do not fill if the password field is in an iframe.
   DCHECK(password_element.document().frame());
   if (password_element.document().frame()->parent())
     return false;
 
   // If we can't modify the password, don't try to set the username
   if (!IsElementAutocompletable(password_element))
     return false;
 
   bool form_contains_username_field = FillDataContainsUsername(fill_data);
-  // Try to set the username to the preferred name, but only if the field
-  // can be set and isn't prefilled.
-  if (form_contains_username_field &&
-      IsElementAutocompletable(username_element) &&
-      username_element.value().isEmpty()) {
-    // TODO(tkent): Check maxlength and pattern.
-    username_element.setValue(fill_data.username_field.value, true);
+  // If the form contains a username field, try to set the username to the
+  // preferred name, but only if:
+  //   (a) The username element is autocompletable, and
+  //   (b) The fill-on-account-select flag is not set, and
+  //   (c) The username element isn't prefilled
+  //
+  // If (a) is true but (b) is false, then just mark the username element as
+  // autofilled and return so the fill step is skipped.
+  //
+  // If (a) is false but (b) is true, then the username element should not be
+  // autofilled, but the user should still be able to select to fill the
+  // password element, so the password element must be marked as autofilled and
+  // the fill step should also be skipped.
+  //
+  // In all other cases, do nothing.
+  if (form_contains_username_field) {
+    if (IsElementAutocompletable(username_element)) {
+      if (ShouldFillOnAccountSelect()) {
+        username_element.setAutofilled(true);
+        return false;
+      } else if (username_element.value().isEmpty()) {
+        // TODO(tkent): Check maxlength and pattern.
+        username_element.setValue(fill_data.username_field.value, true);
+      }
+    } else if (ShouldFillOnAccountSelect()) {
+      password_element.setAutofilled(true);
+      return false;
+    }
   }
 
   // Fill if we have an exact match for the username. Note that this sets
   // username to autofilled.
   return FillUserNameAndPassword(&username_element,
                                  &password_element,
                                  fill_data,
                                  true /* exact_username_match */,
                                  false /* set_selection */,
                                  registration_callback);
@@ skipping 91 matching lines @@
 
   blink::WebInputElement password = password_info.password_field;
   if (!IsElementEditable(password))
     return false;
 
   blink::WebInputElement username = element;  // We need a non-const.
 
   // Do not set selection when ending an editing session, otherwise it can
   // mess with focus.
   if (FillUserNameAndPassword(
-          &username,
-          &password,
-          fill_data,
-          true /* exact_username_match */,
-          false /* set_selection */,
+          &username, &password, fill_data, true, false,
           base::Bind(&PasswordValueGatekeeper::RegisterElement,
                      base::Unretained(&gatekeeper_)))) {
     usernames_usage_ = OTHER_POSSIBLE_USERNAME_SELECTED;
   }
   return true;
 }
 
 bool PasswordAutofillAgent::TextDidChangeInTextField(
     const blink::WebInputElement& element) {
   // TODO(vabr): Get a mutable argument instead. http://crbug.com/397083
@@ skipping 41 matching lines @@
 
   if (!element.isText() || !IsElementAutocompletable(element) ||
       !IsElementAutocompletable(password)) {
     return false;
   }
 
   // Don't inline autocomplete if the user is deleting, that would be confusing.
   // But refresh the popup.  Note, since this is ours, return true to signal
   // no further processing is required.
   if (iter->second.backspace_pressed_last) {
-    ShowSuggestionPopup(iter->second.fill_data, element, false);
+    ShowSuggestionPopup(iter->second.fill_data, element, false, false);
     return true;
   }
 
   blink::WebString name = element.nameForAutofill();
   if (name.isEmpty())
     return false;  // If the field has no name, then we won't have values.
 
   // Don't attempt to autofill with values that are too large.
   if (element.value().length() > kMaximumTextSizeForAutocomplete)
     return false;
@@ skipping 76 matching lines @@
     const blink::WebNode& node) {
   blink::WebInputElement username_element;
   PasswordInfo* password_info;
   if (!FindLoginInfo(node, &username_element, &password_info))
     return false;
 
   ClearPreview(&username_element, &password_info->password_field);
   return true;
 }
 
+bool PasswordAutofillAgent::FindPasswordInfoForElement(
+    const blink::WebInputElement& element,
+    const blink::WebInputElement** username_element,
+    PasswordInfo** password_info) {
+  DCHECK(username_element && password_info);
+  if (!element.isPasswordField()) {
+    *username_element = &element;
+  } else {
+    PasswordToLoginMap::const_iterator password_iter =
+        password_to_username_.find(element);
+    if (password_iter == password_to_username_.end())
+      return false;
+    *username_element = &password_iter->second;
+  }
+
+  LoginToPasswordInfoMap::iterator iter =
+      login_to_password_info_.find(**username_element);
+
+  if (iter == login_to_password_info_.end())
+    return false;
+
+  *password_info = &iter->second;
+  return true;
+}
+
 bool PasswordAutofillAgent::ShowSuggestions(
     const blink::WebInputElement& element,
     bool show_all) {
-  LoginToPasswordInfoMap::const_iterator iter =
-      login_to_password_info_.find(element);
-  if (iter == login_to_password_info_.end())
+  const blink::WebInputElement* username_element;
+  PasswordInfo* password_info;
+  if (!FindPasswordInfoForElement(element, &username_element, &password_info))
     return false;
 
   // If autocomplete='off' is set on the form elements, no suggestion dialog
   // should be shown. However, return |true| to indicate that this is a known
   // password form and that the request to show suggestions has been handled (as
   // a no-op).
   if (!IsElementAutocompletable(element) ||
-      !IsElementAutocompletable(iter->second.password_field))
+      !IsElementAutocompletable(password_info->password_field))
     return true;
 
-  return ShowSuggestionPopup(iter->second.fill_data, element, show_all);
+  // If the element is a password field, a popup should only be shown if the
+  // corresponding username element is not editable since it is only in that
+  // case that the username element does not have a suggestions popup.
+  if (element.isPasswordField() && IsElementEditable(*username_element))
+    return true;
+
+  // Chrome should never show more than one account for a password element since
+  // this implies that the username element cannot be modified. Thus even if
+  // |show_all| is true, check if the element in question is a password element
+  // for the call to ShowSuggestionPopup.
+  return ShowSuggestionPopup(password_info->fill_data, *username_element,
+                             show_all && !element.isPasswordField(),
+                             element.isPasswordField());
 }
 
 bool PasswordAutofillAgent::OriginCanAccessPasswordManager(
     const blink::WebSecurityOrigin& origin) {
   return origin.canAccessPasswordManager();
 }
 
 void PasswordAutofillAgent::OnDynamicFormsSeen() {
   SendPasswordForms(false /* only_visible */);
 }
@@ skipping 333 matching lines @@
 ////////////////////////////////////////////////////////////////////////////////
 // PasswordAutofillAgent, private:
 
 PasswordAutofillAgent::PasswordInfo::PasswordInfo()
     : backspace_pressed_last(false), password_was_edited_last(false) {
 }
 
 bool PasswordAutofillAgent::ShowSuggestionPopup(
     const PasswordFormFillData& fill_data,
     const blink::WebInputElement& user_input,
-    bool show_all) {
+    bool show_all,
+    bool show_on_password_field) {
   blink::WebFrame* frame = user_input.document().frame();
   if (!frame)
     return false;
 
   blink::WebView* webview = frame->view();
   if (!webview)
     return false;
 
   FormData form;
   FormFieldData field;
   FindFormAndFieldForFormControlElement(
       user_input, &form, &field, REQUIRE_NONE);
 
   blink::WebInputElement selected_element = user_input;
+  if (show_on_password_field) {
+    LoginToPasswordInfoMap::const_iterator iter =
+        login_to_password_info_.find(user_input);
+    DCHECK(iter != login_to_password_info_.end());
+    selected_element = iter->second.password_field;
+  }
   gfx::Rect bounding_box(selected_element.boundsInViewportSpace());
 
   LoginToPasswordInfoKeyMap::const_iterator key_it =
       login_to_password_info_key_.find(user_input);
   DCHECK(key_it != login_to_password_info_key_.end());
 
   float scale =
       render_frame()->GetRenderView()->GetWebView()->pageScaleFactor();
   gfx::RectF bounding_box_scaled(bounding_box.x() * scale,
                                  bounding_box.y() * scale,
                                  bounding_box.width() * scale,
                                  bounding_box.height() * scale);
   int options = 0;
   if (show_all)
     options |= SHOW_ALL;
+  if (show_on_password_field)
+    options |= IS_PASSWORD_FIELD;
   Send(new AutofillHostMsg_ShowPasswordSuggestions(
       routing_id(), key_it->second, field.text_direction, user_input.value(),
       options, bounding_box_scaled));
 
   bool suggestions_present = false;
   if (GetSuggestionsStats(fill_data, user_input.value(), show_all,
                           &suggestions_present)) {
     usernames_usage_ = OTHER_POSSIBLE_USERNAME_SHOWN;
   }
   return suggestions_present;
@@ skipping 10 matching lines @@
   blink::WebInputElement password = password_input;
 
   // Don't inline autocomplete if the caret is not at the end.
   // TODO(jcivelli): is there a better way to test the caret location?
   if (username.selectionStart() != username.selectionEnd() ||
       username.selectionEnd() != static_cast<int>(username.value().length())) {
     return;
   }
 
   // Show the popup with the list of available usernames.
-  ShowSuggestionPopup(fill_data, username, false);
+  ShowSuggestionPopup(fill_data, username, false, false);
 
 #if !defined(OS_ANDROID)
   // Fill the user and password field with the most relevant match. Android
   // only fills in the fields after the user clicks on the suggestion popup.
   if (FillUserNameAndPassword(
           &username,
           &password,
           fill_data,
           false /* exact_username_match */,
-          true /* set_selection */,
+          true /* set selection */,
           base::Bind(&PasswordValueGatekeeper::RegisterElement,
                      base::Unretained(&gatekeeper_)))) {
     usernames_usage_ = OTHER_POSSIBLE_USERNAME_SELECTED;
   }
 #endif
 }
 
 void PasswordAutofillAgent::FrameClosing() {
   for (auto const& iter : login_to_password_info_) {
     login_to_password_info_key_.erase(iter.first);
     password_to_username_.erase(iter.second.password_field);
   }
   login_to_password_info_.clear();
   provisionally_saved_form_.reset();
 }
 
 bool PasswordAutofillAgent::FindLoginInfo(const blink::WebNode& node,
                                           blink::WebInputElement* found_input,
                                           PasswordInfo** found_password) {
   if (!node.isElementNode())
     return false;
 
   blink::WebElement element = node.toConst<blink::WebElement>();
   if (!element.hasHTMLTagName("input"))
     return false;
 
-  blink::WebInputElement input = element.to<blink::WebInputElement>();
-  LoginToPasswordInfoMap::iterator iter = login_to_password_info_.find(input);
-  if (iter == login_to_password_info_.end())
-    return false;
-
-  *found_input = input;
-  *found_password = &iter->second;
-  return true;
+  *found_input = element.to<blink::WebInputElement>();
+  const blink::WebInputElement* username_element;  // ignored
+  return FindPasswordInfoForElement(*found_input, &username_element,
+                                    found_password);
 }
 
 void PasswordAutofillAgent::ClearPreview(
     blink::WebInputElement* username,
     blink::WebInputElement* password) {
   if (!username->suggestedValue().isEmpty()) {
     username->setSuggestedValue(blink::WebString());
     username->setAutofilled(was_username_autofilled_);
     username->setSelectionRange(username_selection_start_,
                                 username->value().length());
@@ skipping 56 matching lines @@
   agent_->WillSendSubmitEvent(frame, form);
 }
 
 void PasswordAutofillAgent::LegacyPasswordAutofillAgent::WillSubmitForm(
     blink::WebLocalFrame* frame,
     const blink::WebFormElement& form) {
   agent_->WillSubmitForm(frame, form);
 }
 
 }  // namespace autofill