[PasswordManager] Improve detection of ignorable change password forms.

components/password_manager/core/browser/password_form_manager.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_FORM_MANAGER_H_
 #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_FORM_MANAGER_H_
 
 #include <string>
 #include <vector>
 
@@ skipping 66 matching lines @@
   // conceivable that a user (or ui test) could attempt to submit a login
   // prompt before the callback has occured, which would InvokeLater a call to
   // PasswordManager::ProvisionallySave, which would interact with this object
   // before the db has had time to answer with matching password entries.
   // This is intended to be a one-time check; if the return value is false the
   // expectation is caller will give up. This clearly won't work if you put it
   // in a loop and wait for matching to complete; you're (supposed to be) on
   // the same thread!
   bool HasCompletedMatching() const;
 
-  // Returns true if the observed form has both the current and new password
-  // fields, and the username field was not explicitly marked with
-  // autocomplete=username. In these cases it is not clear whether the username
-  // field is the right guess (often such change password forms do not contain
-  // the username at all), and the user should not be bothered with saving a
-  // potentially malformed credential. Once we handle change password forms
-  // correctly, or http://crbug.com/448351 gets implemented, this method should
-  // be replaced accordingly.
-  bool IsIgnorableChangePasswordForm() const;
-
   // Determines if the user opted to 'never remember' passwords for this form.
   bool IsBlacklisted() const;
 
   // Used by PasswordManager to determine whether or not to display
   // a SavePasswordBar when given the green light to save the PasswordForm
   // managed by this.
   bool IsNewLogin() const;
 
   // Returns true if the current pending credentials were found using
   // origin matching of the public suffix, instead of the signon realm of the
@@ skipping 16 matching lines @@
   void ProcessFrame(const base::WeakPtr<PasswordManagerDriver>& driver);
 
   void OnGetPasswordStoreResults(
       const std::vector<autofill::PasswordForm*>& results) override;
 
   // A user opted to 'never remember' passwords for this form.
   // Blacklist it so that from now on when it is seen we ignore it.
   // TODO: Make this private once we switch to the new UI.
   void PermanentlyBlacklist();
 
-  // If the user has submitted observed_form_, provisionally hold on to
+  // If the user has submitted |observed_form_|, provisionally hold on to
   // the submitted credentials until we are told by PasswordManager whether
   // or not the login was successful. |action| describes how we deal with
   // possible usernames. If |action| is ALLOW_OTHER_POSSIBLE_USERNAMES we will
   // treat a possible usernames match as a sign that our original heuristics
   // were wrong and that the user selected the correct username from the
-  // Autofill UI.
-  void ProvisionallySave(const autofill::PasswordForm& credentials,
+  // Autofill UI. If the |observed_form_| is a ignorable change-password form
+  // having non-matching credentials to that of in |best_matches_|, this
+  // functions returns false; for all other cases returns true.
+  bool ProvisionallySave(const autofill::PasswordForm& credentials,
                          OtherPossibleUsernamesAction action);
 
   // Handles save-as-new or update of the form managed by this manager.
   // Note the basic data of updated_credentials must match that of
   // observed_form_ (e.g DoesManage(pending_credentials_) == true).
   // TODO: Make this private once we switch to the new UI.
   void Save();
 
   // Call these if/when we know the form submission worked or failed.
   // These routines are used to update internal statistics ("ActionsTaken").
@@ skipping 124 matching lines @@
 
   // Remove possible_usernames that may contains sensitive information and
   // duplicates.
   void SanitizePossibleUsernames(autofill::PasswordForm* form);
 
   // Helper function to delegate uploading to the AutofillManager.
   virtual void UploadPasswordForm(
       const autofill::FormData& form_data,
       const autofill::ServerFieldType& password_type);
 
+  // Returns true if the observed form has both the current and new password
+  // fields, and the username field was not explicitly marked with
+  // autocomplete=username. In these cases it is not clear whether the username
+  // field is the right guess (often such change password forms do not contain
+  // the username at all), and the user should not be bothered with saving a
+  // potentially malformed credential. Once we handle change password forms
+  // correctly, or http://crbug.com/448351 gets implemented, this method should
+  // be replaced accordingly.
+  bool IsIgnorableChangePasswordForm() const;
+
   // Set of PasswordForms from the DB that best match the form
   // being managed by this. Use a map instead of vector, because we most
   // frequently require lookups by username value in IsNewLogin.
   autofill::PasswordFormMap best_matches_;
 
   // Cleans up when best_matches_ goes out of scope.
   STLValueDeleter<autofill::PasswordFormMap> best_matches_deleter_;
 
   // The PasswordForm from the page or dialog managed by |this|.
   const autofill::PasswordForm observed_form_;
@@ skipping 58 matching lines @@
   ManagerAction manager_action_;
   UserAction user_action_;
   SubmitResult submit_result_;
 
   DISALLOW_COPY_AND_ASSIGN(PasswordFormManager);
 };
 
 }  // namespace password_manager
 
 #endif  // COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_FORM_MANAGER_H_