Integrate compromised passwords notifications into

ManagePasswordsUIController Bug: 1049200 Change-Id: I980f4bde45a75e0706489bff24d00a1cb78c0677 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2257858 Commit-Queue: Vasilii Sukhanov <vasilii@chromium.org> Reviewed-by: Friedrich [CET] <fhorschig@chromium.org> Cr-Commit-Position: refs/heads/master@{#781287}

Integrate compromised passwords notifications into
ManagePasswordsUIController Bug: 1049200 Change-Id: I980f4bde45a75e0706489bff24d00a1cb78c0677 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2257858 Commit-Queue: Vasilii Sukhanov <vasilii@chromium.org> Reviewed-by: Friedrich [CET] <fhorschig@chromium.org> Cr-Commit-Position: refs/heads/master@{#781287}
76bb6f54 · Vasilii Sukhanov · Commit Bot · 93afe627 · 76bb6f54 · 76bb6f54
Commit 76bb6f54 authored Jun 23, 2020 by Vasilii Sukhanov Committed by Commit Bot Jun 23, 2020
10 changed files
--- a/chrome/browser/ui/passwords/manage_passwords_state.cc
+++ b/chrome/browser/ui/passwords/manage_passwords_state.cc
@@ -179,7 +179,11 @@ void ManagePasswordsState::OnPasswordMovable(
 void ManagePasswordsState::TransitionToState(
    password_manager::ui::State state) {
  DCHECK_NE(password_manager::ui::INACTIVE_STATE, state_);
-  DCHECK_EQ(password_manager::ui::MANAGE_STATE, state);
+  DCHECK(state == password_manager::ui::MANAGE_STATE ||
+         state == password_manager::ui::PASSWORD_UPDATED_SAFE_STATE ||
+         state == password_manager::ui::PASSWORD_UPDATED_MORE_TO_FIX ||
+         state == password_manager::ui::PASSWORD_UPDATED_UNSAFE_STATE)
+      << state_;
  if (state_ == password_manager::ui::CREDENTIAL_REQUEST_STATE) {
    if (!credentials_callback_.is_null()) {
      credentials_callback_.Run(nullptr);

--- a/chrome/browser/ui/passwords/manage_passwords_state.h
+++ b/chrome/browser/ui/passwords/manage_passwords_state.h
@@ -84,6 +84,7 @@ class ManagePasswordsState {

  // Moves the object to |state| without resetting the internal data. Allowed:
  // * -> MANAGE_STATE
+  // * -> PASSWORD_UPDATED_*
  void TransitionToState(password_manager::ui::State state);

  // Updates the internal state applying |changes|.

--- a/chrome/browser/ui/passwords/manage_passwords_ui_controller.cc
+++ b/chrome/browser/ui/passwords/manage_passwords_ui_controller.cc
@@ -483,6 +483,20 @@ void ManagePasswordsUIController::SavePassword(const base::string16& username,
  }
  save_fallback_timer_.Stop();
  passwords_data_.form_manager()->Save();
+  if (base::FeatureList::IsEnabled(
+          password_manager::features::kCompromisedPasswordsReengagement)) {
+    post_save_compromised_helper_ =
+        std::make_unique<password_manager::PostSaveCompromisedHelper>(
+            passwords_data_.form_manager()->GetCompromisedCredentials(),
+            username);
+    post_save_compromised_helper_->AnalyzeLeakedCredentials(
+        passwords_data_.client()->GetProfilePasswordStore(),
+        Profile::FromBrowserContext(web_contents()->GetBrowserContext())
+            ->GetPrefs(),
+        base::Bind(
+            &ManagePasswordsUIController::OnTriggerPostSaveCompromisedBubble,
+            weak_ptr_factory_.GetWeakPtr()));
+  }
  passwords_data_.TransitionToState(password_manager::ui::MANAGE_STATE);
  // The icon is to be updated after the bubble (either "Save password" or "Sign
  // in to Chrome") is closed.
@@ -794,4 +808,30 @@ void ManagePasswordsUIController::AuthenticateUserForAccountStoreOptInCallback(
  UpdateBubbleAndIconVisibility();
 }

+void ManagePasswordsUIController::OnTriggerPostSaveCompromisedBubble(
+    password_manager::PostSaveCompromisedHelper::BubbleType type,
+    size_t count_compromised_passwords_) {
+  using password_manager::PostSaveCompromisedHelper;
+  if (passwords_data_.state() != password_manager::ui::MANAGE_STATE)
+    return;
+  password_manager::ui::State state;
+  switch (type) {
+    case PostSaveCompromisedHelper::BubbleType::kNoBubble:
+      post_save_compromised_helper_.reset();
+      return;
+    case PostSaveCompromisedHelper::BubbleType::kPasswordUpdatedSafeState:
+      state = password_manager::ui::PASSWORD_UPDATED_SAFE_STATE;
+      break;
+    case PostSaveCompromisedHelper::BubbleType::kPasswordUpdatedWithMoreToFix:
+      state = password_manager::ui::PASSWORD_UPDATED_MORE_TO_FIX;
+      break;
+    case PostSaveCompromisedHelper::BubbleType::kUnsafeState:
+      state = password_manager::ui::PASSWORD_UPDATED_UNSAFE_STATE;
+      break;
+  }
+  passwords_data_.TransitionToState(state);
+  bubble_status_ = BubbleStatus::SHOULD_POP_UP;
+  UpdateBubbleAndIconVisibility();
+}
+
 WEB_CONTENTS_USER_DATA_KEY_IMPL(ManagePasswordsUIController)
--- a/chrome/browser/ui/passwords/manage_passwords_ui_controller.h
+++ b/chrome/browser/ui/passwords/manage_passwords_ui_controller.h
@@ -17,6 +17,7 @@
 #include "chrome/common/buildflags.h"
 #include "components/password_manager/core/browser/password_manager_client.h"
 #include "components/password_manager/core/browser/password_store.h"
+#include "components/password_manager/core/browser/ui/post_save_compromised_helper.h"
 #include "content/public/browser/web_contents_observer.h"
 #include "content/public/browser/web_contents_user_data.h"

@@ -33,6 +34,7 @@ enum class CredentialType;
 struct InteractionsStats;
 class PasswordFeatureManager;
 class PasswordFormManagerForUI;
+class PostSaveCompromisedHelper;
 }  // namespace password_manager

 class AccountChooserPrompt;
@@ -272,6 +274,10 @@ class ManagePasswordsUIController
      password_manager::PasswordManagerClient::ReauthSucceeded
          reauth_succeeded);

+  void OnTriggerPostSaveCompromisedBubble(
+      password_manager::PostSaveCompromisedHelper::BubbleType type,
+      size_t count_compromised_passwords_);
+
  // Timeout in seconds for the manual fallback for saving.
  static int save_fallback_timeout_in_seconds_;

@@ -281,6 +287,10 @@ class ManagePasswordsUIController
  // The controller for the blocking dialogs.
  std::unique_ptr<PasswordBaseDialogController> dialog_controller_;

+  // The helper to pop up a reminder about compromised passwords.
+  std::unique_ptr<password_manager::PostSaveCompromisedHelper>
+      post_save_compromised_helper_;
+
  BubbleStatus bubble_status_ = BubbleStatus::NOT_SHOWN;

  // The timer that controls whether the fallback for saving should be

--- a/chrome/browser/ui/passwords/manage_passwords_ui_controller_unittest.cc
+++ b/chrome/browser/ui/passwords/manage_passwords_ui_controller_unittest.cc
--- a/chrome/browser/ui/views/passwords/manage_passwords_icon_views.cc
+++ b/chrome/browser/ui/views/passwords/manage_passwords_icon_views.cc
@@ -88,6 +88,9 @@ base::string16 ManagePasswordsIconViews::GetTextForTooltipAndAccessibleName()
    case password_manager::ui::CHROME_SIGN_IN_PROMO_STATE:
    case password_manager::ui::WILL_DELETE_UNSYNCED_ACCOUNT_PASSWORDS_STATE:
    case password_manager::ui::MANAGE_STATE:
+    case password_manager::ui::PASSWORD_UPDATED_SAFE_STATE:
+    case password_manager::ui::PASSWORD_UPDATED_MORE_TO_FIX:
+    case password_manager::ui::PASSWORD_UPDATED_UNSAFE_STATE:
      return l10n_util::GetStringUTF16(IDS_PASSWORD_MANAGER_TOOLTIP_MANAGE);
    case password_manager::ui::PENDING_PASSWORD_UPDATE_STATE:
    case password_manager::ui::PENDING_PASSWORD_STATE:

--- a/components/password_manager/core/browser/ui/post_save_compromised_helper.cc
+++ b/components/password_manager/core/browser/ui/post_save_compromised_helper.cc
@@ -30,6 +30,8 @@ void PostSaveCompromisedHelper::AnalyzeLeakedCredentials(
    PasswordStore* store,
    PrefService* prefs,
    BubbleCallback callback) {
+  DCHECK(store);
+  DCHECK(prefs);
  callback_ = std::move(callback);
  prefs_ = prefs;
  store->GetAllCompromisedCredentials(this);

--- a/components/password_manager/core/common/password_manager_features.cc
+++ b/components/password_manager/core/common/password_manager_features.cc
@@ -17,6 +17,11 @@ namespace features {
 const base::Feature kBiometricTouchToFill = {"BiometricTouchToFill",
                                             base::FEATURE_DISABLED_BY_DEFAULT};

+// After saving/updating a password show a bubble reminder about the status of
+// other compromised credentials.
+const base::Feature kCompromisedPasswordsReengagement = {
+    "CompromisedPasswordsReengagement", base::FEATURE_DISABLED_BY_DEFAULT};
+
 // Enables the editing of passwords in chrome://settings/passwords, i.e. the
 // Desktop passwords settings page.
 const base::Feature kEditPasswordsInDesktopSettings = {

--- a/components/password_manager/core/common/password_manager_features.h
+++ b/components/password_manager/core/common/password_manager_features.h
@@ -18,6 +18,7 @@ namespace features {
 // alongside the definition of their values in the .cc file.

 extern const base::Feature kBiometricTouchToFill;
+extern const base::Feature kCompromisedPasswordsReengagement;
 extern const base::Feature kEditPasswordsInDesktopSettings;
 extern const base::Feature kDeleteCorruptedPasswords;
 extern const base::Feature kEnableOverwritingPlaceholderUsernames;

--- a/components/password_manager/core/common/password_manager_ui.h
+++ b/components/password_manager/core/common/password_manager_ui.h
@@ -46,6 +46,15 @@ enum State {
  // The user used a profile credential to log in successfully and should see a
  // prompt that allows them to move the credential to their account store.
  CAN_MOVE_PASSWORD_TO_ACCOUNT_STATE,
+
+  // Last compromised password was updated and the user is safe.
+  PASSWORD_UPDATED_SAFE_STATE,
+
+  // A compromised password was updated and the user has more to fix.
+  PASSWORD_UPDATED_MORE_TO_FIX,
+
+  // Remind the user to fix the compromised passwords.
+  PASSWORD_UPDATED_UNSAFE_STATE,
 };

 }  // namespace ui