[Android][Mfill] Disable AllPasswordsBottomSheet feature in HTTP sites

This CL disable the filling passwords across origins feature by not adding "Use other password" footer command if the current site scheme is not cryptographic. Bug: 1104132 Change-Id: I55039494325c81a5b263e734c0ba4783990d7195 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2431084 Commit-Queue: Reda Tawfik <redatawfik@google.com> Reviewed-by: Friedrich [CET] <fhorschig@chromium.org> Reviewed-by: Ioana Pandele <ioanap@chromium.org> Cr-Commit-Position: refs/heads/master@{#811992}

[Android][Mfill] Disable AllPasswordsBottomSheet feature in HTTP sites
This CL disable the filling passwords across origins feature by not adding "Use other password" footer command if the current site scheme is not cryptographic. Bug: 1104132 Change-Id: I55039494325c81a5b263e734c0ba4783990d7195 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2431084 Commit-Queue: Reda Tawfik <redatawfik@google.com> Reviewed-by: Friedrich [CET] <fhorschig@chromium.org> Reviewed-by: Ioana Pandele <ioanap@chromium.org> Cr-Commit-Position: refs/heads/master@{#811992}
fd1b8fe0 · Reda Tawfik · Commit Bot · d9bade00 · fd1b8fe0 · fd1b8fe0
Commit fd1b8fe0 authored Sep 30, 2020 by Reda Tawfik Committed by Commit Bot Sep 30, 2020
2 changed files
--- a/chrome/browser/password_manager/android/password_accessory_controller_impl.cc
+++ b/chrome/browser/password_manager/android/password_accessory_controller_impl.cc
@@ -271,7 +271,8 @@ void PasswordAccessoryControllerImpl::RefreshSuggestionsForField(
    }
  }

-  if (base::FeatureList::IsEnabled(
+  if (origin.GetURL().SchemeIsCryptographic() &&
+      base::FeatureList::IsEnabled(
          password_manager::features::kFillingPasswordsFromAnyOrigin)) {
    // TODO(crbug.com/1104132): Disable the feature in insecure websites.
    base::string16 button_title =

--- a/chrome/browser/password_manager/android/password_accessory_controller_impl_unittest.cc
+++ b/chrome/browser/password_manager/android/password_accessory_controller_impl_unittest.cc
@@ -68,6 +68,7 @@ using FillingSource = ManualFillingController::FillingSource;
 using IsPslMatch = autofill::UserInfo::IsPslMatch;

 constexpr char kExampleSite[] = "https://example.com";
+constexpr char kExampleHttpSite[] = "http://example.com";
 constexpr char kExampleSiteMobile[] = "https://m.example.com";
 constexpr char kExampleSignonRealm[] = "https://example.com/";
 constexpr char kExampleDomain[] = "example.com";
@@ -675,6 +676,27 @@ TEST_F(PasswordAccessoryControllerTest, AddsShowOtherUsername) {
      /*is_manual_generation_available=*/false);
 }

+TEST_F(PasswordAccessoryControllerTest,
+       AddsShowOtherPasswordForOnlySecuredSites) {
+  // `Setup` method sets the URL to https but http is required for this method.
+  NavigateAndCommit(GURL(kExampleHttpSite));
+  FocusWebContentsOnMainFrame();
+
+  base::test::ScopedFeatureList scoped_feature_list;
+  scoped_feature_list.InitAndEnableFeature(
+      password_manager::features::kFillingPasswordsFromAnyOrigin);
+  AccessorySheetData::Builder data_builder(
+      AccessoryTabType::PASSWORDS, passwords_empty_str(kExampleHttpSite));
+  data_builder.AppendFooterCommand(manage_passwords_str(),
+                                   autofill::AccessoryAction::MANAGE_PASSWORDS);
+  EXPECT_CALL(mock_manual_filling_controller_,
+              RefreshSuggestions(std::move(data_builder).Build()));
+
+  controller()->RefreshSuggestionsForField(
+      FocusedFieldType::kFillablePasswordField,
+      /*is_manual_generation_available=*/false);
+}
+
 TEST_F(PasswordAccessoryControllerTest, HidesShowOtherPasswordsIfDisabled) {
  base::test::ScopedFeatureList scoped_feature_list;
  scoped_feature_list.InitAndDisableFeature(