[Passwords] Don't migrate http->https credentials on non-HTML forms

Bug: 852356 Change-Id: I360bb3e3e1c91c42f4e12d724508fc2614ae9624 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2398679 Commit-Queue: Mohamed Amir Yosef <mamir@chromium.org> Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org> Cr-Commit-Position: refs/heads/master@{#804993}

[Passwords] Don't migrate http->https credentials on non-HTML forms
Bug: 852356 Change-Id: I360bb3e3e1c91c42f4e12d724508fc2614ae9624 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2398679 Commit-Queue: Mohamed Amir Yosef <mamir@chromium.org> Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org> Cr-Commit-Position: refs/heads/master@{#804993}
8339dba5 · Mohamed Amir Yosef · Commit Bot · 0304a30d · 8339dba5 · 8339dba5
Commit 8339dba5 authored Sep 08, 2020 by Mohamed Amir Yosef Committed by Commit Bot Sep 08, 2020
3 changed files
--- a/components/password_manager/core/browser/form_fetcher_impl.cc
+++ b/components/password_manager/core/browser/form_fetcher_impl.cc
@@ -73,7 +73,9 @@ FormFetcherImpl::FormFetcherImpl(PasswordStore::FormDigest form_digest,
                                 bool should_migrate_http_passwords)
    : form_digest_(std::move(form_digest)),
      client_(client),
-      should_migrate_http_passwords_(should_migrate_http_passwords) {}
+      should_migrate_http_passwords_(
+          should_migrate_http_passwords &&
+          form_digest_.scheme == autofill::PasswordForm::Scheme::kHtml) {}

 FormFetcherImpl::~FormFetcherImpl() = default;


--- a/components/password_manager/core/browser/form_fetcher_impl.h
+++ b/components/password_manager/core/browser/form_fetcher_impl.h
@@ -101,7 +101,8 @@ class FormFetcherImpl : public FormFetcher,
  // List of compromised credentials for the current domain.
  std::vector<CompromisedCredentials> compromised_credentials_;

-  // Indicates whether HTTP passwords should be migrated to HTTPS.
+  // Indicates whether HTTP passwords should be migrated to HTTPS. This is
+  // always false for non HTML forms.
  const bool should_migrate_http_passwords_;

 private:

--- a/components/password_manager/core/browser/form_fetcher_impl_unittest.cc
+++ b/components/password_manager/core/browser/form_fetcher_impl_unittest.cc
@@ -566,6 +566,35 @@ TEST_P(FormFetcherImplTest, DoNotTryToMigrateHTTPPasswordsOnHTTPSites) {
  EXPECT_FALSE(form_fetcher_->IsBlacklisted());
 }

+// Test that ensures HTTP passwords are not migrated on non HTML forms.
+TEST_P(FormFetcherImplTest, DoNotTryToMigrateHTTPPasswordsOnNonHTMLForms) {
+  GURL::Replacements https_rep;
+  https_rep.SetSchemeStr(url::kHttpsScheme);
+  const GURL https_url = form_digest_.url.ReplaceComponents(https_rep);
+  form_digest_ = PasswordStore::FormDigest(
+      PasswordForm::Scheme::kBasic, https_url.GetOrigin().spec(), https_url);
+
+  // A new form fetcher is created to be able to set the form digest and
+  // migration flag.
+  form_fetcher_ = std::make_unique<FormFetcherImpl>(
+      form_digest_, &client_, true /* should_migrate_http_passwords */);
+  EXPECT_CALL(consumer_, OnFetchCompleted);
+  form_fetcher_->AddConsumer(&consumer_);
+
+  Fetch();
+  // No migration takes places upon receiving empty results from the store, and
+  // hence no data are read/added from/to the store.
+  EXPECT_CALL(*mock_store_, GetLogins).Times(0);
+  EXPECT_CALL(*mock_store_, AddLogin).Times(0);
+  EXPECT_CALL(consumer_, OnFetchCompleted);
+  std::vector<PasswordForm> empty_forms;
+  store_consumer()->OnGetPasswordStoreResultsFrom(mock_store_.get(),
+                                                  MakeResults(empty_forms));
+  EXPECT_THAT(form_fetcher_->GetNonFederatedMatches(), IsEmpty());
+  EXPECT_THAT(form_fetcher_->GetFederatedMatches(), IsEmpty());
+  EXPECT_FALSE(form_fetcher_->IsBlacklisted());
+}
+
 // Test that ensures HTTP passwords are only migrated on HTTPS sites when no
 // HTTPS credentials are available.
 TEST_P(FormFetcherImplTest, TryToMigrateHTTPPasswordsOnHTTPSSites) {