Fix false saving positives on accounts.google.com.

In the following case false positive on accounts.google.com happens:

1.Suppose that the user has 2 Gaia credentials (with usernames and passwords
u1/p1 and u2/p2). Let u1 be saved in Password Manager.

2.The user go to accounts.google.com, u1/p1 are autofilled by CPM (a username
field is visible, a password field is invisible).

3.The user is typing u2 in the username field and is clicking next button.

4.At that moment the page removes password form from the DOM and Password
Manager incorrectly thinks that it was successful submission with u2/p1

Video is on bug 764663 (actual_bubble).

This CL fixes this by ignoring accounts.google.com forms with submitted
type DOM_MUTATION_AFTER_XHR, which means that the form disappeared from the
DOM, without any visible submission.

Similar issues might be on different sites, this CL fixes only
accounts.google.com, because
1.A general solution is unlikely without more complex changes and server-side
support.
2.accounts.google.com is crucial for Chrome, in particular because it serves
the Chrome sign-in page.


Bug: 758155, 764663

Change-Id: I44f9878673bf8f419c49f63220335f6c0f26a6e4
Reviewed-on: https://chromium-review.googlesource.com/1194011
Commit-Queue: Vadym Doroshenko <dvadym@chromium.org>
Reviewed-by: Vaclav Brozek <vabr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#587115}

components/password_manager/core/browser/password_manager.cc

@@ -515,6 +515,16 @@ void PasswordManager::OnPasswordFormSubmittedNoChecks(
     logger.LogMessage(Logger::STRING_ON_SAME_DOCUMENT_NAVIGATION);
   }
 
+  if (gaia::IsGaiaSignonRealm(GURL(password_form.signon_realm)) &&
+      password_form.submission_event ==
+          PasswordForm::SubmissionIndicatorEvent::DOM_MUTATION_AFTER_XHR) {
+    // A Gaia form may disappear from DOM without a submission. For example it
+    // happens when the user chooses another account. So Gaia forms with
+    // DOM_MUTATION_AFTER_XHR submission type are not acctually submitted. Skip
+    // it.
+    return;
+  }
+
   if (is_new_form_parsing_for_saving_enabled_)
     ProcessSubmittedForm(password_form.form_data, driver);
 

components/password_manager/core/browser/password_manager_unittest.cc

@@ -2675,4 +2675,28 @@ TEST_F(PasswordManagerTest, ProcessingOtherSubmissionTypes) {
   manager()->OnPasswordFormSubmittedNoChecks(&driver_, submitted_form);
 }
 
+TEST_F(PasswordManagerTest, GaiaFormWithIncorrectSubmissionType) {
+  // Test that Gaia sign-in form is not considered successfully submitted when
+  // the submission type is DOM_MUTATION_AFTER_XHR. This submission type is
+  // known to be false positive for submission detection.
+  std::vector<PasswordForm> observed;
+  PasswordForm form(MakeSimpleGAIAForm());
+  observed.push_back(form);
+  EXPECT_CALL(*store_, GetLogins(_, _))
+      .WillRepeatedly(WithArg<1>(InvokeEmptyConsumerWithForms()));
+  manager()->OnPasswordFormsParsed(&driver_, observed);
+  manager()->OnPasswordFormsRendered(&driver_, observed, true);
+
+  EXPECT_CALL(client_, IsSavingAndFillingEnabledForCurrentPage())
+      .WillRepeatedly(Return(true));
+
+  form.username_value = ASCIIToUTF16("username");
+  form.password_value = ASCIIToUTF16("password");
+  form.submission_event =
+      PasswordForm::SubmissionIndicatorEvent::DOM_MUTATION_AFTER_XHR;
+
+  EXPECT_CALL(client_, PromptUserToSaveOrUpdatePasswordPtr(_)).Times(0);
+  manager()->OnPasswordFormSubmittedNoChecks(&driver_, form);
+}
+
 }  // namespace password_manager