Implemented CredentialManager methods + tests

Implemented CredentialManager methods:
 * HandleScriptCommandCallback
 * SendGetResponse
 * SendStoreResponse
 * SendPreventSilentAccessResponse
 * constructor (register script command callback)
 * destructor (remove script command callback)

Added unit tests for this class, which test it via public
API i.e. exposed JavaScript interface. Tests are meant to
ensure that:
 * calling exposed navigator.credentials method
|get|, |store| or |preventSilentAccess| results in calling
proper method on CredentialManagerImpl
 * that arguments are validated before that happens
 * that calls from insecure context are ignored
 * that Promises returned by navigator.credentials methods
|get|, |store|, |preventSilentAccess| resolve with correct
type and correct value or reject with error of right type.

Change-Id: Ia82c0ec29b9011fc763abc952b888c7483b4b840
Reviewed-on: https://chromium-review.googlesource.com/649610
Commit-Queue: Tomasz Garbus <tgarbus@chromium.org>
Reviewed-by: Eugene But <eugenebut@chromium.org>
Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org>
Cr-Commit-Position: refs/heads/master@{#501235}

ios/chrome/browser/passwords/credential_manager.h

@@ -7,6 +7,10 @@
 
 #include "components/password_manager/core/browser/credential_manager_impl.h"
 
+namespace web {
+class WebState;
+}
+
 namespace credential_manager {
 
 // Owned by PasswordController. It is responsible for registering and handling
@@ -25,7 +29,8 @@ namespace credential_manager {
 //     website.
 class CredentialManager {
  public:
-  explicit CredentialManager(password_manager::PasswordManagerClient* client);
+  CredentialManager(password_manager::PasswordManagerClient* client,
+                    web::WebState* web_state);
   ~CredentialManager();
 
  private:
@@ -46,6 +51,7 @@ class CredentialManager {
   void SendStoreResponse(int promise_id);
 
   password_manager::CredentialManagerImpl impl_;
+  web::WebState* web_state_;
 
   DISALLOW_COPY_AND_ASSIGN(CredentialManager);
 };

ios/chrome/browser/passwords/credential_manager.mm

@@ -5,7 +5,10 @@
 #import "ios/chrome/browser/passwords/credential_manager.h"
 
 #import "base/mac/bind_objc_block.h"
+#include "base/strings/utf_string_conversions.h"
 #include "ios/chrome/browser/passwords/credential_manager_util.h"
+#include "ios/chrome/browser/passwords/js_credential_manager.h"
+#import "ios/web/public/web_state/web_state.h"
 
 #if !defined(__has_feature) || !__has_feature(objc_arc)
 #error "This file requires ARC support."
@@ -18,46 +21,80 @@ using password_manager::CredentialMediationRequirement;
 
 namespace credential_manager {
 
+namespace {
+
+// Script command prefix for CM API calls. Possible commands to be sent from
+// injected JS are 'credentials.get', 'credentials.store' and
+// 'credentials.preventSilentAccess'.
+constexpr char kCommandPrefix[] = "credentials";
+
+}  // namespace
+
 CredentialManager::CredentialManager(
-    password_manager::PasswordManagerClient* client)
-    : impl_(client) {
-  // TODO(crbug.com/435047): Register a script command callback for prefix
-  // "credentials" and HandleScriptCommand method.
+    password_manager::PasswordManagerClient* client,
+    web::WebState* web_state)
+    : impl_(client), web_state_(web_state) {
+  web_state_->AddScriptCommandCallback(
+      base::Bind(&CredentialManager::HandleScriptCommand,
+                 base::Unretained(this)),
+      kCommandPrefix);
 }
 
-CredentialManager::~CredentialManager() {}
+CredentialManager::~CredentialManager() {
+  web_state_->RemoveScriptCommandCallback(kCommandPrefix);
+}
 
 bool CredentialManager::HandleScriptCommand(const base::DictionaryValue& json,
                                             const GURL& origin_url,
                                             bool user_is_interacting) {
-  // TODO(crbug.com/435047): Check if context is secure.
-  std::string command;
-  if (!json.GetString("command", &command)) {
-    DLOG(ERROR) << "RECEIVED BAD json - NO VALID 'command' FIELD";
+  double promise_id_double = -1;
+  // |promiseId| field should be an integer value, but since JavaScript has only
+  // one type for numbers (64-bit float), all numbers in the messages are sent
+  // as doubles.
+  if (!json.GetDouble("promiseId", &promise_id_double)) {
+    DLOG(ERROR) << "Received bad json - no valid 'promiseId' field";
     return false;
   }
+  int promise_id = static_cast<int>(promise_id_double);
 
-  int promise_id;
-  if (!json.GetInteger("promiseId", &promise_id)) {
-    DLOG(ERROR) << "RECEIVED BAD json - NO VALID 'promiseId' FIELD";
+  if (!WebStateContentIsSecureHtml(web_state_)) {
+    RejectPromiseWithInvalidStateError(
+        web_state_, promise_id,
+        base::ASCIIToUTF16(
+            "Credential Manager API called from insecure context"));
+    return true;
+  }
+
+  std::string command;
+  if (!json.GetString("command", &command)) {
+    DLOG(ERROR) << "Received bad json - no valid 'command' field";
     return false;
   }
 
   if (command == "credentials.get") {
     CredentialMediationRequirement mediation;
     if (!ParseMediationRequirement(json, &mediation)) {
-      // TODO(crbug.com/435047): Reject promise with a TypeError.
-      return false;
+      RejectPromiseWithTypeError(
+          web_state_, promise_id,
+          base::ASCIIToUTF16(
+              "CredentialRequestOptions: Invalid 'mediation' value."));
+      return true;
     }
     bool include_passwords;
     if (!ParseIncludePasswords(json, &include_passwords)) {
-      // TODO(crbug.com/435047): Reject promise with a TypeError.
-      return false;
+      RejectPromiseWithTypeError(
+          web_state_, promise_id,
+          base::ASCIIToUTF16(
+              "CredentialRequestOptions: Invalid 'password' value."));
+      return true;
     }
     std::vector<GURL> federations;
     if (!ParseFederations(json, &federations)) {
-      // TODO(crbug.com/435047): Reject promise with a TypeError.
-      return false;
+      RejectPromiseWithTypeError(
+          web_state_, promise_id,
+          base::ASCIIToUTF16(
+              "CredentialRequestOptions: invalid 'providers' value."));
+      return true;
     }
     impl_.Get(mediation, include_passwords, federations,
               base::BindOnce(&CredentialManager::SendGetResponse,
@@ -67,7 +104,11 @@ bool CredentialManager::HandleScriptCommand(const base::DictionaryValue& json,
   if (command == "credentials.store") {
     CredentialInfo credential;
     if (!ParseCredentialDictionary(json, &credential)) {
-      // TODO(crbug.com/435047): Reject promise with a TypeError.
+      // TODO(crbug.com/435047): Refactor ParseCredentialDictionary method to
+      // provide more meaningful error message.
+      RejectPromiseWithTypeError(
+          web_state_, promise_id,
+          base::ASCIIToUTF16("Invalid Credential object."));
       return false;
     }
     impl_.Store(credential,
@@ -87,10 +128,39 @@ bool CredentialManager::HandleScriptCommand(const base::DictionaryValue& json,
 void CredentialManager::SendGetResponse(
     int promise_id,
     CredentialManagerError error,
-    const base::Optional<CredentialInfo>& info) {}
+    const base::Optional<CredentialInfo>& info) {
+  switch (error) {
+    case CredentialManagerError::SUCCESS:
+      ResolvePromiseWithCredentialInfo(web_state_, promise_id, info);
+      break;
+    case CredentialManagerError::DISABLED:
+      RejectPromiseWithInvalidStateError(
+          web_state_, promise_id,
+          base::ASCIIToUTF16("Credential Manager is disabled."));
+      break;
+    case CredentialManagerError::PENDINGREQUEST:
+      RejectPromiseWithInvalidStateError(
+          web_state_, promise_id,
+          base::ASCIIToUTF16("Pending 'get()' request."));
+      break;
+    case CredentialManagerError::PASSWORDSTOREUNAVAILABLE:
+      RejectPromiseWithNotSupportedError(
+          web_state_, promise_id,
+          base::ASCIIToUTF16("Password store is unavailable."));
+      break;
+    case CredentialManagerError::UNKNOWN:
+      RejectPromiseWithNotSupportedError(
+          web_state_, promise_id,
+          base::ASCIIToUTF16("Unknown error has occurred."));
+  }
+}
 
-void CredentialManager::SendPreventSilentAccessResponse(int promise_id) {}
+void CredentialManager::SendPreventSilentAccessResponse(int promise_id) {
+  ResolvePromiseWithUndefined(web_state_, promise_id);
+}
 
-void CredentialManager::SendStoreResponse(int promise_id) {}
+void CredentialManager::SendStoreResponse(int promise_id) {
+  ResolvePromiseWithUndefined(web_state_, promise_id);
+}
 
 }  // namespace credential_manager

ios/chrome/browser/passwords/credential_manager_util.mm

@@ -40,20 +40,20 @@ security_state::SecurityLevel GetSecurityLevelForWebState(
 
 }  // namespace
 
-const char kCredentialIdKey[] = "id";
-const char kCredentialTypeKey[] = "type";
-const char kCredentialNameKey[] = "name";
-const char kCredentialIconKey[] = "iconURL";
-const char kPasswordCredentialPasswordKey[] = "password";
-const char kFederatedCredentialProviderKey[] = "provider";
+const char kCredentialIdKey[] = "_id";
+const char kCredentialTypeKey[] = "_type";
+const char kCredentialNameKey[] = "_name";
+const char kCredentialIconKey[] = "_iconURL";
+const char kPasswordCredentialPasswordKey[] = "_password";
+const char kFederatedCredentialProviderKey[] = "_provider";
 const char kCredentialRequestMediationKey[] = "mediation";
 const char kCredentialRequestPasswordKey[] = "password";
 const char kCredentialRequestProvidersKey[] = "providers";
 const char kMediationRequirementSilent[] = "silent";
 const char kMediationRequirementRequired[] = "required";
 const char kMediationRequirementOptional[] = "optional";
-const char kCredentialTypePassword[] = "PasswordCredential";
-const char kCredentialTypeFederated[] = "FederatedCredential";
+const char kCredentialTypePassword[] = "password";
+const char kCredentialTypeFederated[] = "federated";
 
 bool ParseMediationRequirement(const base::DictionaryValue& json,
                                CredentialMediationRequirement* mediation) {

ios/chrome/browser/passwords/js_credential_manager.mm

@@ -40,7 +40,7 @@ std::string CredentialInfoToJsCredential(
         base::GetQuotedJSONString(info.icon.spec()).c_str(),
         base::GetQuotedJSONString(info.password).c_str());
   }
-  NOTREACHED() << "Invalid CredentialType";
+  /* if (info.type == CREDENTIAL_TYPE_EMPTY) */
   return std::string();
 }
 

ios/chrome/browser/web/resources/credential_manager.js

@@ -183,10 +183,10 @@ function PasswordCredential(init) {
 
   // Perform following steps:
   // https://w3c.github.io/webappsec-credential-management/#abstract-opdef-create-a-passwordcredential-from-passwordcredentialdata
-  if (!data.id) {
+  if (!data.id || typeof data.id != 'string') {
     throw new TypeError('id must be a non-empty string');
   }
-  if (!data.password) {
+  if (!data.password || typeof data.password != 'string') {
     throw new TypeError('password must be a non-empty string');
   }
   if (data.iconURL && !data.iconURL.startsWith('https://')) {
@@ -260,10 +260,10 @@ Object.defineProperty(PasswordCredential.prototype, Symbol.toStringTag,
  * @constructor
  */
 function FederatedCredential(init) {
-  if (!init.id) {
+  if (!init.id || typeof init.id != 'string') {
     throw new TypeError('id must be a non-empty string');
   }
-  if (!init.provider) {
+  if (!init.provider || typeof init.provider != 'string') {
     throw new TypeError('provider must be a non-empty string');
   }
   if (!init.provider.startsWith('https://') &&