Clear SSL user data on committed navigations on iOS

This adds a |DidFinishNavigation| method to InsecureInputTabHelper, which
clears the SSL user data for committed navigations that aren't same-document
(where form input is still retained). When a user enters text in a form on
an HTTP page, the security state is downgraded to the "dangerous triangle"
icon -- clearing the SSL user data causes this state to correctly reset on
when reloading the page.

Bug: 810374
Change-Id: I95456131689de9653688ab5d4061d338f92fa4e3
Reviewed-on: https://chromium-review.googlesource.com/c/1292055
Commit-Queue: Christopher Thompson <cthomp@chromium.org>
Reviewed-by: Eugene But <eugenebut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#605093}

ios/chrome/browser/ssl/insecure_input_tab_helper.h

@@ -48,6 +48,8 @@ class InsecureInputTabHelper
       const autofill::FormActivityParams& params) override;
 
   // WebStateObserver implementation.
+  void DidFinishNavigation(web::WebState* web_state,
+                           web::NavigationContext* navigation_context) override;
   void WebStateDestroyed(web::WebState* web_state) override;
 
   // The WebState this instance is observing. Will be null after

ios/chrome/browser/ssl/insecure_input_tab_helper.mm

@@ -15,8 +15,10 @@
 #import "ios/web/public/navigation_item.h"
 #import "ios/web/public/navigation_manager.h"
 #import "ios/web/public/origin_util.h"
+#import "ios/web/public/web_state/navigation_context.h"
 #import "ios/web/public/web_state/web_state.h"
 #import "ios/web/public/web_state/web_state_user_data.h"
+#include "ui/base/page_transition_types.h"
 
 #if !defined(__has_feature) || !__has_feature(objc_arc)
 #error "This file requires ARC support."
@@ -131,6 +133,24 @@ void InsecureInputTabHelper::FormActivityRegistered(
   }
 }
 
+void InsecureInputTabHelper::DidFinishNavigation(
+    web::WebState* web_state,
+    web::NavigationContext* navigation_context) {
+  DCHECK_EQ(web_state_, web_state);
+  // Check if the navigation should clear insecure input event data (i.e., not a
+  // same-document navigation).
+  if (!web::IsOriginSecure(web_state->GetLastCommittedURL()) &&
+      navigation_context->HasCommitted() &&
+      !navigation_context->IsSameDocument()) {
+    security_state::SSLStatusInputEventData* input_events =
+        GetOrCreateSSLStatusInputEventData(web_state_);
+    if (!input_events)
+      return;
+    input_events->input_events()->insecure_field_edited = false;
+    web_state_->DidChangeVisibleSecurityState();
+  }
+}
+
 void InsecureInputTabHelper::WebStateDestroyed(web::WebState* web_state) {
   DCHECK_EQ(web_state_, web_state);
   autofill::FormActivityTabHelper::GetOrCreateForWebState(web_state)

ios/chrome/browser/ssl/ios_security_state_tab_helper_unittest.mm

@@ -138,3 +138,18 @@ TEST_F(IOSSecurityStateTabHelperTest, SecurityInfoWithInsecureCreditCardField) {
   events = GetInsecureInputEventData();
   EXPECT_TRUE(events.credit_card_field_edited);
 }
+
+// Ensures that re-navigating to the same page does not keep
+// |insecure_field_set| set.
+TEST_F(IOSSecurityStateTabHelperTest, InsecureInputClearedOnRenavigation) {
+  // Simulate an edit and verify |insecure_field_edited| is noted in the
+  // insecure_input_events.
+  insecure_input()->DidEditFieldInInsecureContext();
+  security_state::InsecureInputEventData events = GetInsecureInputEventData();
+  EXPECT_TRUE(events.insecure_field_edited);
+
+  // Navigate to the same page again.
+  LoadHtml(@"<html><body></body></html>", GURL("http://chromium.test"));
+  events = GetInsecureInputEventData();
+  EXPECT_FALSE(events.insecure_field_edited);
+}