From 9ec68df3674ec6379dab6cdfcd1a2ec7368674b6 Mon Sep 17 00:00:00 2001
From: Anthony Tseng <darkdh@gmail.com>
Date: Tue, 9 Jan 2018 16:03:55 -0800
Subject: [PATCH] Do not prompt users to save password on passphrase
 confirmation page fix https://github.com/brave/browser-laptop/issues/12563

Auditors: @bridiver, @diracdeltas

Test plan:
1. Make sure built-in password manager is enabled
2. Male sure passphrase is set on trezor wallet
3. Plugin trezor and open wallet
4. Type passphrase and submit
5. Brave shouldn't prompt any messages to save password

1. Make sure built-in password manager is enabled
2. Sign up account for https://trac.torproject.org
3. Brave should ask users to save password, click deny
4. Logout and Login
5. Brave should ask users to save password, click allow
6. Change password
7. Brave should ask users to update password, click allow
8. Logout and use the save credentials to login
9. It should be able to login sucessfully
---
 .../brave_password_manager_client.cc              | 15 ++++++++++++++-
 .../brave_password_manager_client.h               |  2 ++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/brave/browser/password_manager/brave_password_manager_client.cc b/brave/browser/password_manager/brave_password_manager_client.cc
index 4dffc9a86d..b7caae924a 100644
--- a/brave/browser/password_manager/brave_password_manager_client.cc
+++ b/brave/browser/password_manager/brave_password_manager_client.cc
@@ -15,6 +15,7 @@
 #include "base/memory/singleton.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram_macros.h"
+#include "base/strings/utf_string_conversions.h"
 #include "build/build_config.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/browsing_data/browsing_data_helper.h"
@@ -92,6 +93,15 @@ void BravePasswordManagerClient::CreateForWebContentsWithAutofillClient(
       base::MakeUnique<BravePasswordManagerClient>(contents, autofill_client));
 }
 
+// static
+bool BravePasswordManagerClient::IsPossibleConfirmPasswordForm(
+    const autofill::PasswordForm& form) {
+  return form.new_password_element.empty() &&
+    form.layout != autofill::PasswordForm::Layout::LAYOUT_LOGIN_AND_SIGNUP &&
+    // https://chromium.googlesource.com/chromium/src/+/fdef64500de7e7cdfcc1a77ae7e82ad4a39d264f
+    form.username_element == base::UTF8ToUTF16("anonymous_username");
+}
+
 BravePasswordManagerClient::BravePasswordManagerClient(
     content::WebContents* web_contents,
     autofill::AutofillClient* autofill_client)
@@ -210,7 +220,10 @@ bool BravePasswordManagerClient::PromptUserToSaveOrUpdatePassword(
   if (!CanShowBubbleOnURL(web_contents()->GetLastCommittedURL()))
     return false;
   const autofill::PasswordForm *form = form_to_save->submitted_form();
-    form_to_save_ = std::move(form_to_save);
+  // Don't save password for confirmation page (ex. Trezor passphrase)
+  if (IsPossibleConfirmPasswordForm(*form))
+    return false;
+  form_to_save_ = std::move(form_to_save);
   if (update_password) {
     api_web_contents_->Emit("update-password", form->username_value,
                             form->signon_realm);
diff --git a/brave/browser/password_manager/brave_password_manager_client.h b/brave/browser/password_manager/brave_password_manager_client.h
index 4477db8fb4..8b3299b433 100644
--- a/brave/browser/password_manager/brave_password_manager_client.h
+++ b/brave/browser/password_manager/brave_password_manager_client.h
@@ -151,6 +151,8 @@ class BravePasswordManagerClient
       content::WebContents* contents,
       autofill::AutofillClient* autofill_client);
 
+  static bool IsPossibleConfirmPasswordForm(const autofill::PasswordForm& form);
+
   // Observer for PasswordGenerationPopup events. Used for testing.
   void SetTestObserver(autofill::PasswordGenerationPopupObserver* observer);