Do not fire multiple password reuse events for the same page.

BUG=657041

Review-Url: https://codereview.chromium.org/2917883002
Cr-Commit-Position: refs/heads/master@{#476309}

components/password_manager/core/browser/password_reuse_detection_manager.cc

@@ -37,9 +37,14 @@ void PasswordReuseDetectionManager::DidNavigateMainFrame(
     const GURL& main_frame_url) {
   main_frame_url_ = main_frame_url;
   input_characters_.clear();
+  reuse_on_this_page_was_found_ = false;
 }
 
 void PasswordReuseDetectionManager::OnKeyPressed(const base::string16& text) {
+  // Do not check reuse if it was already found on this page.
+  if (reuse_on_this_page_was_found_)
+    return;
+
   // Clear the buffer if last keystoke was more than kMaxInactivityTime ago.
   Time now = clock_->Now();
   if (!last_keystroke_time_.is_null() &&
@@ -72,6 +77,7 @@ void PasswordReuseDetectionManager::OnReuseFound(
     const std::string& legitimate_domain,
     int saved_passwords,
     int number_matches) {
+  reuse_on_this_page_was_found_ = true;
   std::unique_ptr<BrowserSavePasswordProgressLogger> logger;
   if (password_manager_util::IsLoggingActive(client_)) {
     logger.reset(
@@ -80,9 +86,14 @@ void PasswordReuseDetectionManager::OnReuseFound(
                       legitimate_domain);
   }
 
-  metrics_util::LogPasswordReuse(
-      password.size(), saved_passwords, number_matches,
-      client_->GetPasswordManager()->IsPasswordFieldDetectedOnPage());
+  // PasswordManager could be nullptr in tests.
+  bool password_field_detected =
+      client_->GetPasswordManager()
+          ? client_->GetPasswordManager()->IsPasswordFieldDetectedOnPage()
+          : false;
+
+  metrics_util::LogPasswordReuse(password.size(), saved_passwords,
+                                 number_matches, password_field_detected);
 #if defined(SAFE_BROWSING_DB_LOCAL)
   // TODO(jialiul): After CSD whitelist being added to Android, we should gate
   // this by either SAFE_BROWSING_DB_LOCAL or SAFE_BROWSING_DB_REMOTE.

components/password_manager/core/browser/password_reuse_detection_manager.h

@@ -44,6 +44,7 @@ class PasswordReuseDetectionManager : public PasswordReuseDetectorConsumer {
   base::Time last_keystroke_time_;
   // Used to retrieve the current time, in base::Time units.
   std::unique_ptr<base::Clock> clock_;
+  bool reuse_on_this_page_was_found_ = false;
 
   DISALLOW_COPY_AND_ASSIGN(PasswordReuseDetectionManager);
 };

components/password_manager/core/browser/password_reuse_detection_manager_unittest.cc

@@ -130,6 +130,26 @@ TEST_F(PasswordReuseDetectionManagerTest, CheckThatBufferClearedAfterEnter) {
   manager.OnKeyPressed(base::ASCIIToUTF16("2"));
 }
 
+// Verify that after reuse found, no reuse checking happens till next main frame
+// navigation.
+TEST_F(PasswordReuseDetectionManagerTest, NoReuseCheckingAfterReuseFound) {
+  EXPECT_CALL(client_, GetPasswordStore())
+      .WillRepeatedly(testing::Return(store_.get()));
+  PasswordReuseDetectionManager manager(&client_);
+
+  // Simulate that reuse found.
+  manager.OnReuseFound(base::string16(), std::string(), 0, 0);
+
+  // Expect no checking of reuse.
+  EXPECT_CALL(*store_, CheckReuse(_, _, _)).Times(0);
+  manager.OnKeyPressed(base::ASCIIToUTF16("1"));
+
+  // Expect that after main frame navigation checking is restored.
+  manager.DidNavigateMainFrame(GURL("https://www.example.com"));
+  EXPECT_CALL(*store_, CheckReuse(base::ASCIIToUTF16("1"), _, _));
+  manager.OnKeyPressed(base::ASCIIToUTF16("1"));
+}
+
 }  // namespace
 
 }  // namespace password_manager