Report the number of empty usernames without a nonempty pair.

In the process of investigation of empty username occurences in the password manager, we suspect re-authentication forms to be a frequent cause. This metric will show us in how many cases this is not the cause. We interpret occurences of an empty and nonempty username pair on the same signon realm as a presence of both a first-time authentication and re-authentication form. We report the number of password forms with an empty username in the login database, for which there isn't another password form with a nonempty username on the same signon realm. Out of several possible approaches: a) SELECT ... WHERE NOT EXISTS b) SELECT DISTINCT ... FROM ... JOIN ... ON a.signon_realm=b.signon_realm c) SELECT DISTINCT ... FROM ... WHERE ... AND a.signon_realm=b.signon_realm d) SELECT, put into std::set<>, SELECT, iterate and search the set we implemented a), as manual testing on 1000 random samples seemed to be the fastest. BUG=456728 Review URL: https://codereview.chromium.org/1087233002 Cr-Commit-Position: refs/heads/master@{#325451}

Report the number of empty usernames without a nonempty pair.
In the process of investigation of empty username occurences in the password manager, we suspect re-authentication forms to be a frequent cause. This metric will show us in how many cases this is not the cause. We interpret occurences of an empty and nonempty username pair on the same signon realm as a presence of both a first-time authentication and re-authentication form. We report the number of password forms with an empty username in the login database, for which there isn't another password form with a nonempty username on the same signon realm. Out of several possible approaches: a) SELECT ... WHERE NOT EXISTS b) SELECT DISTINCT ... FROM ... JOIN ... ON a.signon_realm=b.signon_realm c) SELECT DISTINCT ... FROM ... WHERE ... AND a.signon_realm=b.signon_realm d) SELECT, put into std::set<>, SELECT, iterate and search the set we implemented a), as manual testing on 1000 random samples seemed to be the fastest. BUG=456728 Review URL: https://codereview.chromium.org/1087233002 Cr-Commit-Position: refs/heads/master@{#325451}
e8ca3576 · msramek · Commit bot · c7d0777c · e8ca3576 · e8ca3576
Commit e8ca3576 authored Apr 16, 2015 by msramek Committed by Commit bot Apr 16, 2015
3 changed files
--- a/components/password_manager/core/browser/login_database.cc
+++ b/components/password_manager/core/browser/login_database.cc
@@ -504,6 +504,19 @@ void LoginDatabase::ReportMetrics(const std::string& sync_username,
    UMA_HISTOGRAM_COUNTS_100("PasswordManager.EmptyUsernames.CountInDatabase",
                             empty_forms);
  }
+
+  sql::Statement standalone_empty_usernames_statement(db_.GetCachedStatement(
+      SQL_FROM_HERE, "SELECT COUNT(*) FROM logins a "
+                     "WHERE a.blacklisted_by_user=0 AND a.username_value='' "
+                     "AND NOT EXISTS (SELECT * FROM logins b "
+                     "WHERE b.blacklisted_by_user=0 AND b.username_value!='' "
+                     "AND a.signon_realm = b.signon_realm)"));
+  if (standalone_empty_usernames_statement.Step()) {
+    int num_entries = standalone_empty_usernames_statement.ColumnInt(0);
+    UMA_HISTOGRAM_COUNTS_100(
+        "PasswordManager.EmptyUsernames.WithoutCorrespondingNonempty",
+        num_entries);
+  }
 }

 PasswordStoreChangeList LoginDatabase::AddLogin(const PasswordForm& form) {

--- a/components/password_manager/core/browser/login_database_unittest.cc
+++ b/components/password_manager/core/browser/login_database_unittest.cc
@@ -1055,12 +1055,25 @@ TEST_F(LoginDatabaseTest, ReportMetricsTest) {
  password_form.blacklisted_by_user = true;
  EXPECT_EQ(AddChangeForForm(password_form), db().AddLogin(password_form));

+  password_form.origin = GURL("http://sixth.example.com/");
+  password_form.signon_realm = "http://sixth.example.com/";
+  password_form.username_value = ASCIIToUTF16("");
+  password_form.password_value = ASCIIToUTF16("my_password");
+  password_form.blacklisted_by_user = false;
+  EXPECT_EQ(AddChangeForForm(password_form), db().AddLogin(password_form));
+
+  password_form.username_element = ASCIIToUTF16("some_other_input");
+  EXPECT_EQ(AddChangeForForm(password_form), db().AddLogin(password_form));
+
+  password_form.username_value = ASCIIToUTF16("my_username");
+  EXPECT_EQ(AddChangeForForm(password_form), db().AddLogin(password_form));
+
  base::HistogramTester histogram_tester;
  db().ReportMetrics("", false);

  histogram_tester.ExpectUniqueSample(
      "PasswordManager.TotalAccounts.UserCreated.WithoutCustomPassphrase",
-      4,
+      6,
      1);
  histogram_tester.ExpectBucketCount(
      "PasswordManager.AccountsPerSite.UserCreated.WithoutCustomPassphrase",
@@ -1069,7 +1082,7 @@ TEST_F(LoginDatabaseTest, ReportMetricsTest) {
  histogram_tester.ExpectBucketCount(
      "PasswordManager.AccountsPerSite.UserCreated.WithoutCustomPassphrase",
      2,
-      1);
+      2);
  histogram_tester.ExpectBucketCount(
      "PasswordManager.TimesPasswordUsed.UserCreated.WithoutCustomPassphrase",
      0,
@@ -1100,6 +1113,10 @@ TEST_F(LoginDatabaseTest, ReportMetricsTest) {
      1);
  histogram_tester.ExpectUniqueSample(
      "PasswordManager.EmptyUsernames.CountInDatabase",
+      3,
+      1);
+  histogram_tester.ExpectUniqueSample(
+      "PasswordManager.EmptyUsernames.WithoutCorrespondingNonempty",
      1,
      1);
 }

--- a/tools/metrics/histograms/histograms.xml
+++ b/tools/metrics/histograms/histograms.xml
@@ -25397,6 +25397,17 @@ Therefore, the affected-histogram name has to have at least one dot in it.
  </summary>
 </histogram>

+<histogram name="PasswordManager.EmptyUsernames.WithoutCorrespondingNonempty">
+  <owner>msramek@chromium.org</owner>
+  <owner>vasilii@chromium.org</owner>
+  <summary>
+    Number of password forms with empty username in the Login Database for which
+    there is not another password form from the same realm with a nonempty
+    username. In other words, number of password forms with empty username which
+    we do not suspect to be reauthentication forms.
+  </summary>
+</histogram>
+
 <histogram name="PasswordManager.Enabled" enum="BooleanEnabled">
  <owner>dubroy@chromium.org</owner>
  <owner>vabr@chromium.org</owner>