Don't always log non-sync modal warning dialog action.

The code assumes that whenever the signed-in non-sync user clicks on "protect account" that they are automatically recorded by the security event recorder. However, the code needs to make sure that the account is the unconsented primary account. Thus, to prevent confusion in the metrics, only log the action when we can actually mark the account at risk. Bug: 914410 Change-Id: I52fc1c8432ab64da37a6526f2d1dcfe1713c3279 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1834848Reviewed-by: Daniel Rubery <drubery@chromium.org> Reviewed-by: Varun Khaneja <vakh@chromium.org> Commit-Queue: Bettina Dea <bdea@chromium.org> Cr-Commit-Position: refs/heads/master@{#702486}

Don't always log non-sync modal warning dialog action.
The code assumes that whenever the signed-in non-sync user clicks on "protect account" that they are automatically recorded by the security event recorder. However, the code needs to make sure that the account is the unconsented primary account. Thus, to prevent confusion in the metrics, only log the action when we can actually mark the account at risk. Bug: 914410 Change-Id: I52fc1c8432ab64da37a6526f2d1dcfe1713c3279 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1834848Reviewed-by: Daniel Rubery <drubery@chromium.org> Reviewed-by: Varun Khaneja <vakh@chromium.org> Commit-Queue: Bettina Dea <bdea@chromium.org> Cr-Commit-Position: refs/heads/master@{#702486}
c9070aaa · Bettina · Commit Bot · e9c60d96 · c9070aaa
Commit c9070aaa authored Oct 03, 2019 by Bettina Committed by Commit Bot Oct 03, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 1 deletion

chrome/browser/safe_browsing/chrome_password_protection_service.cc ...owser/safe_browsing/chrome_password_protection_service.cc +16 -1

No files found.
--- a/chrome/browser/safe_browsing/chrome_password_protection_service.cc
+++ b/chrome/browser/safe_browsing/chrome_password_protection_service.cc
@@ -461,7 +461,16 @@ void ChromePasswordProtectionService::OnUserAction(
    const std::string& verdict_token,
    WarningUIType ui_type,
    WarningAction action) {
-  LogWarningAction(ui_type, action, password_type);
+  // Only log modal warning dialog action for all password types except for
+  // signed-in non-syncing type for now. We log for signed-in non-syncing type
+  // only when we are about to send the event to SecurityEventRecorder because
+  // we don't want to count non-unconsented primary accounts.
+  bool is_signed_in_non_syncing =
+      !password_type.is_account_syncing() &&
+      (password_type.account_type() == ReusedPasswordAccountType::GMAIL ||
+       password_type.account_type() == ReusedPasswordAccountType::GSUITE);
+  if (!is_signed_in_non_syncing)
+    LogWarningAction(ui_type, action, password_type);

  switch (ui_type) {
    case WarningUIType::PAGE_INFO:
@@ -668,6 +677,12 @@ void ChromePasswordProtectionService::
      // SecurityEventRecorder only supports unconsented primary accounts.
      if (gaia::AreEmailsSame(unconsented_primary_account_info.email,
                              username_for_last_shown_warning())) {
+        // We currently only send a security event recorder ONLY when a
+        // signed-in non-syncing user clicks on "Protect Account" button.
+        LogWarningAction(WarningUIType::MODAL_DIALOG,
+                         WarningAction::CHANGE_PASSWORD,
+                         GetPasswordProtectionReusedPasswordAccountType(
+                             password_type, username_for_last_shown_warning()));
        WebUIInfoSingleton::GetInstance()->AddToSecurityEvents(
            gaia_password_reuse_event);
        SecurityEventRecorderFactory::GetForProfile(profile_)