[Payment Request] Correctly validates and deduplicates URL-based methods.

- Correctly validates and deduplicates the URL-based payment methods
  according to the specs:
  https://www.w3.org/TR/payment-method-id/#dfn-validate-a-url-based-payment-method-identifier
- Also captures the canonical text of the URL instead.

Bug: 602666
Change-Id: I3ba0a8684be1e2e4f769ca551f9cbbf82e3eed36
Reviewed-on: https://chromium-review.googlesource.com/572853
Commit-Queue: mahmadi <mahmadi@chromium.org>
Reviewed-by: Rouslan Solomakhin <rouslan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#487101}

chrome/browser/ui/views/payments/payment_request_browsertest.cc

@@ -372,7 +372,7 @@ IN_PROC_BROWSER_TEST_F(PaymentRequestPaymentMethodIdentifierTest,
                        MultiplePaymentMethodIdentifiers) {
   InvokePaymentRequestWithJs(
       "buyHelper([{"
-      "  supportedMethods: ['https://bobpay.xyz']"
+      "  supportedMethods: ['https://bobpay.xyz', 'http://bobpay.xyz']"
       "}, {"
       "  supportedMethods: ['mastercard', 'visa', 'https://alicepay.com']"
       "}, {"

components/payments/core/payment_request_data_util.cc

@@ -106,6 +106,9 @@ void ParseSupportedMethods(
       "amex",       "diners", "discover", "jcb",
       "mastercard", "mir",    "unionpay", "visa"};
   std::set<std::string> remaining_card_networks(kBasicCardNetworks);
+
+  std::set<GURL> url_payment_method_identifiers;
+
   for (const PaymentMethodData& method_data_entry : method_data) {
     if (method_data_entry.supported_methods.empty())
       return;
@@ -156,10 +159,17 @@ void ParseSupportedMethods(
       } else {
         // Here |method| could be a repeated deprecated supported network (e.g.,
         // "visa"), some invalid string or a URL Payment Method Identifier.
-        // Capture this last category if the URL is https.
+        // Capture this last category if the URL is valid. A valid URL must have
+        // an https scheme and its username and password must be empty:
+        // https://www.w3.org/TR/payment-method-id/#dfn-validate-a-url-based-payment-method-identifier
+        // Avoid duplicate URLs.
         GURL url(method);
-        if (url.is_valid() && url.SchemeIs(url::kHttpsScheme))
-          out_url_payment_method_identifiers->push_back(method);
+        if (url.is_valid() && url.SchemeIs(url::kHttpsScheme) &&
+            !url.has_username() && !url.has_password()) {
+          const auto result = url_payment_method_identifiers.insert(url);
+          if (result.second)
+            out_url_payment_method_identifiers->push_back(method);
+        }
       }
     }
   }

ios/chrome/browser/payments/payment_request.h

@@ -182,6 +182,10 @@ class PaymentRequest : public PaymentOptionsProvider,
     return supported_card_networks_;
   }
 
+  const std::vector<std::string>& url_payment_method_identifiers() const {
+    return url_payment_method_identifiers_;
+  }
+
   const std::map<std::string, std::set<std::string>>& stringified_method_data()
       const {
     return stringified_method_data_;

ios/chrome/browser/payments/payment_request_unittest.mm

@@ -151,6 +151,8 @@ TEST_F(PaymentRequestTest, SupportedMethods) {
   method_datum1.supported_methods.push_back("invalid");
   method_datum1.supported_methods.push_back("");
   method_datum1.supported_methods.push_back("visa");
+  method_datum1.supported_methods.push_back("https://bobpay.com");
+  method_datum1.supported_methods.push_back("http://invalidpay.com");
   web_payment_request.method_data.push_back(method_datum1);
 
   TestPaymentRequest payment_request(web_payment_request,
@@ -159,6 +161,9 @@ TEST_F(PaymentRequestTest, SupportedMethods) {
   ASSERT_EQ(2U, payment_request.supported_card_networks().size());
   EXPECT_EQ("visa", payment_request.supported_card_networks()[0]);
   EXPECT_EQ("mastercard", payment_request.supported_card_networks()[1]);
+  ASSERT_EQ(1U, payment_request.url_payment_method_identifiers().size());
+  EXPECT_EQ("https://bobpay.com",
+            payment_request.url_payment_method_identifiers()[0]);
 }
 
 // Test that parsing supported methods in different method data entries (with
@@ -169,15 +174,18 @@ TEST_F(PaymentRequestTest, SupportedMethods_MultipleEntries) {
 
   PaymentMethodData method_datum1;
   method_datum1.supported_methods.push_back("visa");
+  method_datum1.supported_methods.push_back("https://bobpay.com");
   web_payment_request.method_data.push_back(method_datum1);
   PaymentMethodData method_datum2;
   method_datum2.supported_methods.push_back("mastercard");
   web_payment_request.method_data.push_back(method_datum2);
   PaymentMethodData method_datum3;
   method_datum3.supported_methods.push_back("");
+  method_datum3.supported_methods.push_back("http://invalidpay.com");
   web_payment_request.method_data.push_back(method_datum3);
   PaymentMethodData method_datum4;
   method_datum4.supported_methods.push_back("visa");
+  method_datum4.supported_methods.push_back("https://bobpay.com");
   web_payment_request.method_data.push_back(method_datum4);
 
   TestPaymentRequest payment_request(web_payment_request,
@@ -186,6 +194,9 @@ TEST_F(PaymentRequestTest, SupportedMethods_MultipleEntries) {
   ASSERT_EQ(2U, payment_request.supported_card_networks().size());
   EXPECT_EQ("visa", payment_request.supported_card_networks()[0]);
   EXPECT_EQ("mastercard", payment_request.supported_card_networks()[1]);
+  ASSERT_EQ(1U, payment_request.url_payment_method_identifiers().size());
+  EXPECT_EQ("https://bobpay.com",
+            payment_request.url_payment_method_identifiers()[0]);
 }
 
 // Test that only specifying basic-card means that all are supported.
@@ -211,6 +222,8 @@ TEST_F(PaymentRequestTest, SupportedMethods_OnlyBasicCard) {
   EXPECT_EQ("mir", payment_request.supported_card_networks()[5]);
   EXPECT_EQ("unionpay", payment_request.supported_card_networks()[6]);
   EXPECT_EQ("visa", payment_request.supported_card_networks()[7]);
+
+  EXPECT_TRUE(payment_request.url_payment_method_identifiers().empty());
 }
 
 // Test that specifying a method AND basic-card means that all are supported,