Add finch flag for SecurePaymentConfirmation

This patch adds a browser-side flag that can be used to disable the feature regardless of the Blink feature state. Bug: 1131040 Change-Id: Ie879301e62404c6c73cf7dc39b2c12ad5908e4a8 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2430044 Commit-Queue: Nick Burris <nburris@chromium.org> Reviewed-by: Rouslan Solomakhin <rouslan@chromium.org> Cr-Commit-Position: refs/heads/master@{#810435}

Add finch flag for SecurePaymentConfirmation
This patch adds a browser-side flag that can be used to disable the feature regardless of the Blink feature state. Bug: 1131040 Change-Id: Ie879301e62404c6c73cf7dc39b2c12ad5908e4a8 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2430044 Commit-Queue: Nick Burris <nburris@chromium.org> Reviewed-by: Rouslan Solomakhin <rouslan@chromium.org> Cr-Commit-Position: refs/heads/master@{#810435}
12b6133d · Nick Burris · Commit Bot · 8e8bb6ea · 12b6133d · 12b6133d
Commit 12b6133d authored Sep 25, 2020 by Nick Burris Committed by Commit Bot Sep 25, 2020
4 changed files
--- a/chrome/browser/payments/secure_payment_confirmation_browsertest.cc
+++ b/chrome/browser/payments/secure_payment_confirmation_browsertest.cc
@@ -16,6 +16,7 @@
 #include "base/strings/string16.h"
 #include "base/strings/stringprintf.h"
 #include "base/test/metrics/histogram_tester.h"
+#include "base/test/scoped_feature_list.h"
 #include "base/threading/thread_restrictions.h"
 #include "build/build_config.h"
 #include "chrome/browser/profiles/profile.h"
@@ -23,6 +24,7 @@
 #include "chrome/test/payments/payment_request_platform_browsertest_base.h"
 #include "components/keyed_service/core/service_access_type.h"
 #include "components/payments/content/payment_manifest_web_data_service.h"
+#include "components/payments/core/features.h"
 #include "components/payments/core/secure_payment_confirmation_instrument.h"
 #include "components/webdata/common/web_data_service_consumer.h"
 #include "content/public/browser/authenticator_environment.h"
@@ -102,6 +104,12 @@ class SecurePaymentConfirmationTest
    : public PaymentRequestPlatformBrowserTestBase,
      public WebDataServiceConsumer {
 public:
+  SecurePaymentConfirmationTest() {
+    // Enable the browser-side feature flag as it's disabled by default on
+    // non-origin trial platforms.
+    feature_list_.InitAndEnableFeature(features::kSecurePaymentConfirmation);
+  }
  void SetUpCommandLine(base::CommandLine* command_line) override {
    PaymentRequestPlatformBrowserTestBase::SetUpCommandLine(command_line);
    command_line->AppendSwitch(
@@ -125,6 +133,7 @@ class SecurePaymentConfirmationTest
  bool databse_write_responded_ = false;
  bool confirm_payment_ = false;
+  base::test::ScopedFeatureList feature_list_;
 };
 IN_PROC_BROWSER_TEST_F(SecurePaymentConfirmationTest, NoAuthenticator) {
@@ -293,6 +302,55 @@ IN_PROC_BROWSER_TEST_F(SecurePaymentConfirmationDisabledTest,
  }
 }
+// Test that the feature can be disabled by the browser-side Finch flag
+class SecurePaymentConfirmationDisabledByFinchTest
+    : public PaymentRequestPlatformBrowserTestBase {
+ public:
+  SecurePaymentConfirmationDisabledByFinchTest() {
+    // The feature should get disabled by the feature state despite experimental
+    // web platform features being enabled.
+    feature_list_.InitAndDisableFeature(features::kSecurePaymentConfirmation);
+  }
+  void SetUpCommandLine(base::CommandLine* command_line) override {
+    PaymentRequestPlatformBrowserTestBase::SetUpCommandLine(command_line);
+    command_line->AppendSwitch(
+        switches::kEnableExperimentalWebPlatformFeatures);
+  }
+ private:
+  base::test::ScopedFeatureList feature_list_;
+};
+IN_PROC_BROWSER_TEST_F(SecurePaymentConfirmationDisabledByFinchTest,
+                       PaymentMethodNotSupported) {
+  test_controller()->SetHasAuthenticator(true);
+  NavigateTo("a.com", "/payment_handler_status.html");
+  // EvalJs waits for JavaScript promise to resolve.
+  EXPECT_EQ(
+      "The payment method \"secure-payment-confirmation\" is not supported.",
+      content::EvalJs(GetActiveWebContents(),
+                      getInvokePaymentRequestSnippet()));
+}
+IN_PROC_BROWSER_TEST_F(SecurePaymentConfirmationDisabledByFinchTest,
+                       CannotMakePayment) {
+  test_controller()->SetHasAuthenticator(true);
+  NavigateTo("a.com", "/can_make_payment_checker.html");
+  {
+    std::string snippet =
+        base::StringPrintf("canMakePaymentForMethodData(%s)", kTestMethodData);
+    EXPECT_EQ("false", content::EvalJs(GetActiveWebContents(), snippet));
+  }
+  {
+    std::string snippet = base::StringPrintf(
+        "hasEnrolledInstrumentForMethodData(%s)", kTestMethodData);
+    EXPECT_EQ("false", content::EvalJs(GetActiveWebContents(), snippet));
+  }
+}
 // Creation tests do not work on Android because there is not a way to
 // override authenticator creation.
 #if !defined(OS_ANDROID)

--- a/components/payments/content/payment_app_service.cc
+++ b/components/payments/content/payment_app_service.cc
@@ -33,8 +33,12 @@ PaymentAppService::PaymentAppService(content::BrowserContext* context) {
        AndroidAppCommunication::GetForBrowserContext(context)));
  }
-  // Controlled by the Blink runtime feature "SecurePaymentConfirmation".
+  // SecurePaymentConfirmation is enabled if both the feature flag and the Blink
-  factories_.push_back(std::make_unique<SecurePaymentConfirmationAppFactory>());
+  // runtime feature "SecurePaymentConfirmation" are enabled.
+  if (base::FeatureList::IsEnabled(features::kSecurePaymentConfirmation)) {
+    factories_.push_back(
+        std::make_unique<SecurePaymentConfirmationAppFactory>());
+  }
 }
 PaymentAppService::~PaymentAppService() = default;

--- a/components/payments/core/features.cc
+++ b/components/payments/core/features.cc
@@ -79,5 +79,14 @@ const base::Feature kPaymentHandlerSecurityIcon{
 const base::Feature kEnforceFullDelegation{"EnforceFullDelegation",
                                           base::FEATURE_DISABLED_BY_DEFAULT};
+const base::Feature kSecurePaymentConfirmation {
+  "SecurePaymentConfirmation",
+#if defined(OS_MAC)
+      base::FEATURE_ENABLED_BY_DEFAULT
+#else
+      base::FEATURE_DISABLED_BY_DEFAULT
+#endif  // OS_MAC
+};
 }  // namespace features
 }  // namespace payments
--- a/components/payments/core/features.h
+++ b/components/payments/core/features.h
@@ -84,6 +84,12 @@ extern const base::Feature kPaymentHandlerSecurityIcon;
 // Used to reject the apps with partial delegation.
 extern const base::Feature kEnforceFullDelegation;
+// Browser-side feature flag for SecurePaymentConfirmation, which can be used to
+// disable the feature. The feature is also controlled by the Blink runtime
+// feature "SecurePaymentConfirmation". Both have to be enabled for
+// SecurePaymentConfirmation to be available.
+extern const base::Feature kSecurePaymentConfirmation;
 }  // namespace features
 }  // namespace payments