[iOS][Biometric-Auth] Don't prefill passwords when reauth is required

Adds a new WaitForUsernameReason to stop prefilling passwords when EnableAutofillPasswordReauthIOS is enabled. The decision is made on PasswordManagerClient::RequiresReauthToFill and overridden in IOSChromePasswordManagerClient. Bug: 1113119 Change-Id: Ic8cd1f1cc6e544502e2b6c1c5d9e9b10027bedb4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2339746 Commit-Queue: Javier Ernesto Flores Robles <javierrobles@chromium.org> Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org> Cr-Commit-Position: refs/heads/master@{#795881}

[iOS][Biometric-Auth] Don't prefill passwords when reauth is required
Adds a new WaitForUsernameReason to stop prefilling passwords when EnableAutofillPasswordReauthIOS is enabled. The decision is made on PasswordManagerClient::RequiresReauthToFill and overridden in IOSChromePasswordManagerClient. Bug: 1113119 Change-Id: Ic8cd1f1cc6e544502e2b6c1c5d9e9b10027bedb4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2339746 Commit-Queue: Javier Ernesto Flores Robles <javierrobles@chromium.org> Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org> Cr-Commit-Position: refs/heads/master@{#795881}
6f93f843 · Javier Ernesto Flores Robles · Commit Bot · 0c7f2b4e · 6f93f843 · 6f93f843
Commit 6f93f843 authored Aug 07, 2020 by Javier Ernesto Flores Robles Committed by Commit Bot Aug 07, 2020
8 changed files
--- a/components/password_manager/core/browser/password_form_filling.cc
+++ b/components/password_manager/core/browser/password_form_filling.cc
@@ -170,7 +170,9 @@ LikelyFormFilling SendFillInformationToRenderer(
      PasswordFormMetricsRecorder::WaitForUsernameReason;
  WaitForUsernameReason wait_for_username_reason =
      WaitForUsernameReason::kDontWait;
-  if (client->IsIncognito()) {
+  if (client->RequiresReauthToFill()) {
+    wait_for_username_reason = WaitForUsernameReason::kReauthRequired;
+  } else if (client->IsIncognito()) {
    wait_for_username_reason = WaitForUsernameReason::kIncognitoMode;
  } else if (preferred_match->is_public_suffix_match) {
    wait_for_username_reason = WaitForUsernameReason::kPublicSuffixMatch;

--- a/components/password_manager/core/browser/password_form_metrics_recorder.h
+++ b/components/password_manager/core/browser/password_form_metrics_recorder.h
@@ -204,6 +204,9 @@ class PasswordFormMetricsRecorder
  // credentials on page load but to wait for the user to confirm the credential
  // to be filled. This decision is only recorded for the first time, the
  // browser informs the renderer about credentials for a given form.
+  //
+  // Needs to stay in sync with PasswordManagerFirstWaitForUsernameReason in
+  // enums.xml.
  enum class WaitForUsernameReason {
    // Credentials may be filled on page load.
    kDontWait = 0,
@@ -221,7 +224,9 @@ class PasswordFormMetricsRecorder
    kTouchToFill = 5,
    // Show suggestion on account selection feature is enabled.
    kFoasFeature = 6,
-    kMaxValue = kFoasFeature,
+    // Re-authenticaion for filling passwords is required.
+    kReauthRequired = 7,
+    kMaxValue = kReauthRequired,
  };
  // This metric records the user experience with the passwords filling. The

--- a/components/password_manager/core/browser/password_manager_client.cc
+++ b/components/password_manager/core/browser/password_manager_client.cc
@@ -25,6 +25,10 @@ bool PasswordManagerClient::IsFillingFallbackEnabled(const GURL& url) const {
  return true;
 }
+bool PasswordManagerClient::RequiresReauthToFill() {
+  return false;
+}
 void PasswordManagerClient::ShowTouchToFill(PasswordManagerDriver* driver) {}
 BiometricAuthenticator* PasswordManagerClient::GetBiometricAuthenticator() {

--- a/components/password_manager/core/browser/password_manager_client.h
+++ b/components/password_manager/core/browser/password_manager_client.h
@@ -173,6 +173,10 @@ class PasswordManagerClient {
      const url::Origin& origin,
      const CredentialsCallback& callback) = 0;
+  // Indicates if re-auth with the device is needed before filling passwords.
+  // Currently only used by iOS.
+  virtual bool RequiresReauthToFill();
  // Instructs the client to show the Touch To Fill UI.
  virtual void ShowTouchToFill(PasswordManagerDriver* driver);

--- a/ios/chrome/browser/passwords/BUILD.gn
+++ b/ios/chrome/browser/passwords/BUILD.gn
@@ -85,6 +85,7 @@ source_set("passwords") {
    "//ios/chrome/browser/ssl",
    "//ios/chrome/browser/sync/glue",
    "//ios/chrome/browser/translate:translate",
+    "//ios/chrome/browser/ui:feature_flags",
    "//ios/chrome/browser/ui/alert_coordinator",
    "//ios/chrome/browser/ui/commands",
    "//ios/chrome/browser/ui/elements",

--- a/ios/chrome/browser/passwords/ios_chrome_password_manager_client.h
+++ b/ios/chrome/browser/passwords/ios_chrome_password_manager_client.h
@@ -58,6 +58,7 @@ class IOSChromePasswordManagerClient
  void PromptUserToMovePasswordToAccount(
      std::unique_ptr<password_manager::PasswordFormManagerForUI> form_to_move)
      override;
+  bool RequiresReauthToFill() override;
  bool ShowOnboarding(
      std::unique_ptr<password_manager::PasswordFormManagerForUI> form_to_save)
      override;

--- a/ios/chrome/browser/passwords/ios_chrome_password_manager_client.mm
+++ b/ios/chrome/browser/passwords/ios_chrome_password_manager_client.mm
@@ -34,6 +34,7 @@
 #include "ios/chrome/browser/sync/profile_sync_service_factory.h"
 #include "ios/chrome/browser/system_flags.h"
 #include "ios/chrome/browser/translate/chrome_ios_translate_client.h"
+#import "ios/chrome/browser/ui/ui_feature_flags.h"
 #include "net/cert/cert_status_flags.h"
 #include "services/metrics/public/cpp/ukm_recorder.h"
 #include "services/network/public/cpp/shared_url_loader_factory.h"
@@ -114,6 +115,10 @@ void IOSChromePasswordManagerClient::PromptUserToMovePasswordToAccount(
  NOTIMPLEMENTED();
 }
+bool IOSChromePasswordManagerClient::RequiresReauthToFill() {
+  return base::FeatureList::IsEnabled(kEnableAutofillPasswordReauthIOS);
+}
 bool IOSChromePasswordManagerClient::ShowOnboarding(
    std::unique_ptr<password_manager::PasswordFormManagerForUI> form_to_save) {
  return false;

--- a/tools/metrics/histograms/enums.xml
+++ b/tools/metrics/histograms/enums.xml
@@ -54326,6 +54326,9 @@ Called by update_net_trust_anchors.py.-->
  <int value="6" label="Fill On Select">
    User is browsing with the Fill On Select feature enabled.
  </int>
+  <int value="7" label="Reauth required">
+    Re-authenticaion for filling passwords is required.
+  </int>
 </enum>
 <enum name="PasswordManagerHttpCredentialType">