Don't allow the empty new password to overwrite the existing one.

BUG=404012,410798 Review URL: https://codereview.chromium.org/545433003 Cr-Commit-Position: refs/heads/master@{#293492}

Don't allow the empty new password to overwrite the existing one.
BUG=404012,410798 Review URL: https://codereview.chromium.org/545433003 Cr-Commit-Position: refs/heads/master@{#293492}
d2de6078 · vasilii · Commit bot · 7e2f448d · d2de6078 · d2de6078
Commit d2de6078 authored Sep 05, 2014 by vasilii Committed by Commit bot Sep 05, 2014
2 changed files
--- a/components/password_manager/core/browser/password_manager.cc
+++ b/components/password_manager/core/browser/password_manager.cc
@@ -173,7 +173,8 @@ void PasswordManager::ProvisionallySavePassword(const PasswordForm& form) {
  }

  // No password to save? Then don't.
-  if (form.password_value.empty() && form.new_password_value.empty()) {
+  if ((form.new_password_element.empty() && form.password_value.empty()) ||
+      (!form.new_password_element.empty() && form.new_password_value.empty())) {
    RecordFailure(EMPTY_PASSWORD, form.origin.host(), logger.get());
    return;
  }

--- a/components/password_manager/core/browser/password_manager_unittest.cc
+++ b/components/password_manager/core/browser/password_manager_unittest.cc
@@ -798,4 +798,31 @@ TEST_F(PasswordManagerTest,
  observed.clear();
 }

+// Create a form with a new_password_element. Submit the form with the empty
+// new password value. It shouldn't overwrite the existing password.
+TEST_F(PasswordManagerTest, DoNotUpdateWithEmptyPassword) {
+  std::vector<PasswordForm*> result;  // Empty password store.
+  EXPECT_CALL(*store_.get(), GetLogins(_, _, _))
+      .WillOnce(DoAll(WithArg<2>(InvokeConsumer(result)), Return()));
+  std::vector<PasswordForm> observed;
+  PasswordForm form(MakeSimpleForm());
+  form.new_password_element = ASCIIToUTF16("new_password_element");
+  form.new_password_value.clear();
+  observed.push_back(form);
+  manager()->OnPasswordFormsParsed(observed);    // The initial load.
+  manager()->OnPasswordFormsRendered(observed, true);  // The initial layout.
+
+  // And the form submit contract is to call ProvisionallySavePassword.
+  OnPasswordFormSubmitted(form);
+
+  scoped_ptr<PasswordFormManager> form_to_save;
+  EXPECT_CALL(client_, PromptUserToSavePasswordPtr(_)).Times(0);
+
+  // Now the password manager waits for the login to complete successfully.
+  observed.clear();
+  manager()->OnPasswordFormsParsed(observed);    // The post-navigation load.
+  manager()->OnPasswordFormsRendered(observed,
+                                     true);  // The post-navigation layout.
+}
+
 }  // namespace password_manager