[Passwords] Don't save empty passwords in HttpAuthManager

This change modifies HttpAuthManagerImpl to not invoke ProvisionallySaveForm in case the submitted HTTP auth dialog contains an empty password. Fixed: 1147249 Change-Id: I74305bc30285fd87c56f6ff9babd28edfb0b897d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2532215Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org> Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org> Cr-Commit-Position: refs/heads/master@{#826262}

[Passwords] Don't save empty passwords in HttpAuthManager
This change modifies HttpAuthManagerImpl to not invoke ProvisionallySaveForm in case the submitted HTTP auth dialog contains an empty password. Fixed: 1147249 Change-Id: I74305bc30285fd87c56f6ff9babd28edfb0b897d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2532215Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org> Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org> Cr-Commit-Position: refs/heads/master@{#826262}
6e7d5466 · Jan Wilken Dörrie · Commit Bot · 0b40b2e8 · 6e7d5466 · 6e7d5466
Commit 6e7d5466 authored Nov 11, 2020 by Jan Wilken Dörrie Committed by Commit Bot Nov 11, 2020
2 changed files
--- a/components/password_manager/core/browser/http_auth_manager_impl.cc
+++ b/components/password_manager/core/browser/http_auth_manager_impl.cc
@@ -82,8 +82,10 @@ void HttpAuthManagerImpl::Autofill(
 void HttpAuthManagerImpl::OnPasswordFormSubmitted(
    const PasswordForm& password_form) {
-  if (client_->IsSavingAndFillingEnabled(password_form.url))
+  if (client_->IsSavingAndFillingEnabled(password_form.url) &&
+      !password_form.password_value.empty()) {
    ProvisionallySaveForm(password_form);
+  }
 }
 void HttpAuthManagerImpl::OnPasswordFormDismissed() {

--- a/components/password_manager/core/browser/http_auth_manager_unittest.cc
+++ b/components/password_manager/core/browser/http_auth_manager_unittest.cc
@@ -209,6 +209,35 @@ TEST_F(HttpAuthManagerTest, HttpAuthSaving) {
  }
 }
+TEST_F(HttpAuthManagerTest, DontSaveEmptyPasswords) {
+  EXPECT_CALL(client_, IsSavingAndFillingEnabled).WillRepeatedly(Return(true));
+  PasswordForm observed_form;
+  observed_form.scheme = PasswordForm::Scheme::kBasic;
+  observed_form.url = GURL("http://proxy.com/");
+  observed_form.signon_realm = "proxy.com/realm";
+  MockHttpAuthObserver observer;
+  EXPECT_CALL(*store_, GetLogins)
+      .WillOnce(WithArg<1>(InvokeEmptyConsumerWithForms(store_.get())));
+  // Initiate creating a form manager.
+  httpauth_manager()->SetObserverAndDeliverCredentials(&observer,
+                                                       observed_form);
+  // Emulate that http auth credentials submitted with an empty password.
+  PasswordForm submitted_form = observed_form;
+  submitted_form.username_value = ASCIIToUTF16("user");
+  submitted_form.password_value = base::string16();
+  httpauth_manager()->OnPasswordFormSubmitted(submitted_form);
+  httpauth_manager()->OnPasswordFormDismissed();
+  // Expect no save prompt on successful submission.
+  std::unique_ptr<PasswordFormManagerForUI> form_manager_to_save;
+  EXPECT_CALL(client_, PromptUserToSaveOrUpdatePasswordPtr()).Times(0);
+  httpauth_manager()->OnDidFinishMainFrameNavigation();
+  testing::Mock::VerifyAndClearExpectations(&client_);
+  httpauth_manager()->DetachObserver(&observer);
+}
 TEST_F(HttpAuthManagerTest, NavigationWithoutSubmission) {
  EXPECT_CALL(client_, IsSavingAndFillingEnabled(_))
      .WillRepeatedly(Return(true));