Skip to content
This repository has been archived by the owner on Jan 4, 2019. It is now read-only.

Commit

Permalink
Do not prompt users to save password on passphrase confirmation page
Browse files Browse the repository at this point in the history
fix brave/browser-laptop#12563

Auditors: @bridiver, @diracdeltas

Test plan:
1. Make sure built-in password manager is enabled
2. Male sure passphrase is set on trezor wallet
3. Plugin trezor and open wallet
4. Type passphrase and submit
5. Brave shouldn't prompt any messages to save password

1. Make sure built-in password manager is enabled
2. Sign up account for https://trac.torproject.org
3. Brave should ask users to save password, click deny
4. Logout and Login
5. Brave should ask users to save password, click allow
6. Change password
7. Brave should ask users to update password, click allow
8. Logout and use the save credentials to login
9. It should be able to login sucessfully
  • Loading branch information
darkdh authored and bridiver committed Jan 16, 2018
1 parent c9191fa commit 9ec68df
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 1 deletion.
15 changes: 14 additions & 1 deletion brave/browser/password_manager/brave_password_manager_client.cc
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
#include "base/memory/singleton.h"
#include "base/metrics/field_trial.h"
#include "base/metrics/histogram_macros.h"
#include "base/strings/utf_string_conversions.h"
#include "build/build_config.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/browsing_data/browsing_data_helper.h"
Expand Down Expand Up @@ -92,6 +93,15 @@ void BravePasswordManagerClient::CreateForWebContentsWithAutofillClient(
base::MakeUnique<BravePasswordManagerClient>(contents, autofill_client));
}

// static
bool BravePasswordManagerClient::IsPossibleConfirmPasswordForm(
const autofill::PasswordForm& form) {
return form.new_password_element.empty() &&
form.layout != autofill::PasswordForm::Layout::LAYOUT_LOGIN_AND_SIGNUP &&
// https://chromium.googlesource.com/chromium/src/+/fdef64500de7e7cdfcc1a77ae7e82ad4a39d264f
form.username_element == base::UTF8ToUTF16("anonymous_username");
}

BravePasswordManagerClient::BravePasswordManagerClient(
content::WebContents* web_contents,
autofill::AutofillClient* autofill_client)
Expand Down Expand Up @@ -210,7 +220,10 @@ bool BravePasswordManagerClient::PromptUserToSaveOrUpdatePassword(
if (!CanShowBubbleOnURL(web_contents()->GetLastCommittedURL()))
return false;
const autofill::PasswordForm *form = form_to_save->submitted_form();
form_to_save_ = std::move(form_to_save);
// Don't save password for confirmation page (ex. Trezor passphrase)
if (IsPossibleConfirmPasswordForm(*form))
return false;
form_to_save_ = std::move(form_to_save);
if (update_password) {
api_web_contents_->Emit("update-password", form->username_value,
form->signon_realm);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,8 @@ class BravePasswordManagerClient
content::WebContents* contents,
autofill::AutofillClient* autofill_client);

static bool IsPossibleConfirmPasswordForm(const autofill::PasswordForm& form);

// Observer for PasswordGenerationPopup events. Used for testing.
void SetTestObserver(autofill::PasswordGenerationPopupObserver* observer);

Expand Down

0 comments on commit 9ec68df

Please sign in to comment.