Credential Manager: Respect the 'skip_zero_click' flag for 'request()'.

components/password_manager/content/browser/credential_manager_dispatcher.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/password_manager/content/browser/credential_manager_dispatcher.h"
 
 #include "base/bind.h"
 #include "base/memory/scoped_vector.h"
 #include "base/strings/string16.h"
 #include "base/strings/utf_string_conversions.h"
@@ skipping 35 matching lines @@
   // PasswordStoreConsumer implementation.
   void OnGetPasswordStoreResults(
       const std::vector<autofill::PasswordForm*>& results) override {
     // We own the PasswordForm instances, so we're responsible for cleaning
     // up the instances we don't add to |local_results| or |federated_results|.
     //
     // TODO(mkwst): Switch this and PromptUserToChooseCredentials() to use
     // ScopedVector.
     std::vector<autofill::PasswordForm*> local_results;
     std::vector<autofill::PasswordForm*> federated_results;
+    autofill::PasswordForm* zero_click_form_to_return = nullptr;
+    bool found_zero_clickable_credential = false;
     for (autofill::PasswordForm* form : results) {
-      if (form->origin == origin_)
+      if (form->origin == origin_) {
         local_results.push_back(form);
-      else if (federations_.count(form->origin.spec()))
+
+        // If this is a zero-clickable PasswordForm, and we haven't found any
+        // other zero-clickable PasswordForms, then store this one for later.
+        // If we have found other zero-clickable PasswordForms, then clear
+        // the stored form (we return zero-click forms iff there is a single,
+        // unambigious choice).
+        if (!form->skip_zero_click) {
+          zero_click_form_to_return =
+              found_zero_clickable_credential ? nullptr : form;
+          found_zero_clickable_credential = true;
+        }
+      } else if (federations_.count(form->origin.spec()))
         federated_results.push_back(form);
       else
         delete form;
     }
 
     if ((local_results.empty() && federated_results.empty()) ||
         dispatcher_->web_contents()->GetLastCommittedURL().GetOrigin() !=
             origin_) {
       dispatcher_->SendCredential(id_, CredentialInfo());
       return;
     }
-    if (local_results.size() == 1 && dispatcher_->IsZeroClickAllowed()) {
-      // TODO(mkwst): Use the `one_time_disable_zero_click` flag on the result
-      // to prevent auto-sign-in, once that flag is implemented.
-      CredentialInfo info(*local_results[0],
-                          local_results[0]->federation_url.is_empty()
+    if (zero_click_form_to_return && dispatcher_->IsZeroClickAllowed()) {
+      CredentialInfo info(*zero_click_form_to_return,
+                          zero_click_form_to_return->federation_url.is_empty()
                               ? CredentialType::CREDENTIAL_TYPE_LOCAL
                               : CredentialType::CREDENTIAL_TYPE_FEDERATED);
       STLDeleteElements(&local_results);
       STLDeleteElements(&federated_results);
       dispatcher_->SendCredential(id_, info);
       return;
     }
 
     if (zero_click_only_ ||
         !dispatcher_->client()->PromptUserToChooseCredentials(
@@ skipping 229 matching lines @@
           pending_request_->id(), info));
   pending_request_.reset();
 }
 
 void CredentialManagerDispatcher::DoneSigningOut() {
   DCHECK(pending_sign_out_);
   pending_sign_out_.reset();
 }
 
 }  // namespace password_manager