Changes in HttpCredentialCleaner

This CL introduces a few improvements to HttpCredentialCleaner:
(1) A fix in removing the protocol from signon_realm,
(2) refactoring the unittest to use parameters,
(3) minor style fixes.

More details about (1):
HttpCredentialCleaner removes the protocol (HTTP or HTTPS) form
the signon_realm in order to compare the signon_realm of HTTP
credentials with the signon_realm of HTTPS credentials. Until now,
a GURL was created from the signon_realm of the form and then the
protocol was extracted from that GURL, resulting the signon_realm
excluding protocol. This can cause problems when the auth realm contains
characters that are forbidden in an url. This will lead in creating an
invalid url, and the resulting signon_realm with protocol exluded will
be an empty string.
This CL will avoid conversion from the signon_realm string to the GURL
and use other way to remove the protocol from the signon_realm.

More details about (2):
Unitests for this class were changed from one single test into a
bunch of parametrised tests in order to make debug easier in case
of failing test in the future.

Bug: 871140
Change-Id: Ic606d250f50806ae3a3fa07a480fcb01f5551c97
Reviewed-on: https://chromium-review.googlesource.com/1249104
Commit-Queue: Narcis Gemene <gemene@google.com>
Reviewed-by: Vaclav Brozek <vabr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#594826}

components/password_manager/core/browser/http_credentials_cleaner.cc

@@ -5,7 +5,6 @@
 #include "components/password_manager/core/browser/http_credentials_cleaner.h"
 
 #include "base/metrics/histogram_functions.h"
-#include "base/strings/string_piece.h"
 #include "components/password_manager/core/browser/password_manager_util.h"
 #include "url/gurl.h"
 
@@ -30,11 +29,10 @@ void HttpCredentialCleaner::OnGetPasswordStoreResults(
   });
 
   for (auto& form : results) {
-    // The next signon-realm has the protocol excluded. For example if original
-    // signon_realm is "https://google.com/". After excluding protocol it
-    // becomes "google.com/".
-    FormKey form_key({GURL(form->signon_realm).GetContent(), form->scheme,
-                      form->username_value});
+    FormKey form_key(
+        {std::string(
+             password_manager_util::GetSignonRealmWithProtocolExcluded(*form)),
+         form->scheme, form->username_value});
     if (form->origin.SchemeIs(url::kHttpScheme)) {
       PostHSTSQueryForHostAndNetworkContext(
           form->origin, network_context_getter_.Run(),

components/password_manager/core/browser/invalid_realm_credential_cleaner.cc

@@ -13,6 +13,7 @@
 
 #include "base/strings/string_piece.h"
 #include "components/autofill/core/common/password_form.h"
+#include "components/password_manager/core/browser/password_manager_util.h"
 #include "components/password_manager/core/browser/password_store.h"
 #include "components/password_manager/core/common/password_manager_pref_names.h"
 #include "components/prefs/pref_service.h"
@@ -198,12 +199,9 @@ void InvalidRealmCredentialCleaner::OnGetPasswordStoreResults(
   // HTTP forms to the expected signon_realm (excluding the protocol).
   std::map<FormKeyForHttpMatch, std::string> http_credentials_map;
   for (const auto& form : http_forms) {
-    base::StringPiece signon_realm = form->signon_realm;
-    // Find the web origin in the signon_realm and remove what is before it.
-    // This will result in removing the protocol ("http://").
-    signon_realm = signon_realm.substr(
-        signon_realm.find(form->origin.GetOrigin().GetContent()));
-    http_credentials_map.emplace(GetFormKeyForHttpMatch(*form), signon_realm);
+    http_credentials_map.emplace(
+        GetFormKeyForHttpMatch(*form),
+        password_manager_util::GetSignonRealmWithProtocolExcluded(*form));
   }
 
   // Separate HTML and non-HTML HTTPS credentials.

components/password_manager/core/browser/password_manager_util.cc

@@ -243,6 +243,20 @@ void RemoveUselessCredentials(
       base::TimeDelta::FromSeconds(delay_in_seconds));
 }
 
+base::StringPiece GetSignonRealmWithProtocolExcluded(const PasswordForm& form) {
+  base::StringPiece signon_realm_protocol_excluded = form.signon_realm;
+
+  // Find the web origin (with protocol excluded) in the signon_realm.
+  const size_t after_protocol =
+      signon_realm_protocol_excluded.find(form.origin.GetOrigin().GetContent());
+  DCHECK_NE(after_protocol, base::StringPiece::npos);
+
+  // Keep the string starting with position |after_protocol|.
+  signon_realm_protocol_excluded =
+      signon_realm_protocol_excluded.substr(after_protocol);
+  return signon_realm_protocol_excluded;
+}
+
 void FindBestMatches(
     std::vector<const PasswordForm*> matches,
     std::map<base::string16, const PasswordForm*>* best_matches,

components/password_manager/core/browser/password_manager_util.h

@@ -105,6 +105,14 @@ void RemoveUselessCredentials(
     PrefService* prefs,
     int delay_in_seconds);
 
+// Excluding protocol from a signon_realm means to remove from the signon_realm
+// what is before the web origin (with the protocol excluded as well). For
+// example if the signon_realm is "https://www.google.com/", after
+// excluding protocol it becomes "www.google.com/".
+// This assumes that the |form|'s origin is a substring of the signon_realm.
+base::StringPiece GetSignonRealmWithProtocolExcluded(
+    const autofill::PasswordForm& form);
+
 // Report metrics about HTTP to HTTPS migration process. This function cannot be
 // used on iOS platform because the HSTS query is not supported.
 // |network_context_getter| should return nullptr if it can't get the network

components/password_manager/core/browser/password_manager_util_unittest.cc

@@ -208,6 +208,18 @@ TEST(PasswordManagerUtil,
   }
 }
 
+TEST(PasswordManagerUtil, GetSignonRealmWithProtocolExcluded) {
+  autofill::PasswordForm http_form;
+  http_form.origin = GURL("http://www.google.com/page-1/");
+  http_form.signon_realm = "http://www.google.com/";
+  EXPECT_EQ(GetSignonRealmWithProtocolExcluded(http_form), "www.google.com/");
+
+  autofill::PasswordForm https_form;
+  https_form.origin = GURL("https://www.google.com/page-1/");
+  https_form.signon_realm = "https://www.google.com/";
+  EXPECT_EQ(GetSignonRealmWithProtocolExcluded(https_form), "www.google.com/");
+}
+
 TEST(PasswordManagerUtil, FindBestMatches) {
   const int kNotFound = -1;
   struct TestMatch {