summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBalazs Engedy <engedy@chromium.org>2015-10-06 22:08:46 +0200
committerBalazs Engedy <engedy@chromium.org>2015-10-06 20:11:23 +0000
commitbcfba5965ba4c7a90a00e8dbd0692c463a0944d5 (patch)
tree9b679b168415a7b82d7320bbeadb666961281122
parent5b950f951760ed062a8a373e2562657ede441ed1 (diff)
downloadchromium_src-bcfba5965ba4c7a90a00e8dbd0692c463a0944d5.zip
chromium_src-bcfba5965ba4c7a90a00e8dbd0692c463a0944d5.tar.gz
chromium_src-bcfba5965ba4c7a90a00e8dbd0692c463a0944d5.tar.bz2
Do not allow federated logins saved from Android apps to be affiliated matches.
BUG=539833 R=vabr@chromium.org,mkwst@chromium.org TBR=mkwst@chromium.org Review URL: https://codereview.chromium.org/1385563007 Cr-Commit-Position: refs/heads/master@{#352589} (cherry picked from commit 4e13fe538e97fefaa9044b70e152a3c5c808fd36) Review URL: https://codereview.chromium.org/1393583002 . Cr-Commit-Position: refs/branch-heads/2490@{#506} Cr-Branched-From: 7790a3535f2a81a03685eca31a32cf69ae0c114f-refs/heads/master@{#344925}
Diffstat
-rw-r--r--components/password_manager/core/browser/password_store.cc4
-rw-r--r--components/password_manager/core/browser/password_store.h3
-rw-r--r--components/password_manager/core/browser/password_store_unittest.cc7
3 files changed, 14 insertions, 0 deletions
diff --git a/components/password_manager/core/browser/password_store.cc b/components/password_manager/core/browser/password_store.cc
index 49d6738..e324ae5 100644
--- a/components/password_manager/core/browser/password_store.cc
+++ b/components/password_manager/core/browser/password_store.cc
@@ -389,6 +389,10 @@ void PasswordStore::GetLoginsWithAffiliationsImpl(
ScopedVector<PasswordForm> more_results(
AffiliatedMatchHelper::TransformAffiliatedAndroidCredentials(
form, FillMatchingLogins(android_form, DISALLOW_PROMPT)));
+ ScopedVector<PasswordForm>::iterator it_first_federated = std::partition(
+ more_results.begin(), more_results.end(),
+ [](PasswordForm* form) { return form->federation_url.is_empty(); });
+ more_results.erase(it_first_federated, more_results.end());
results.insert(results.end(), more_results.begin(), more_results.end());
more_results.weak_clear();
}
diff --git a/components/password_manager/core/browser/password_store.h b/components/password_manager/core/browser/password_store.h
index 07510a4..4e3442f 100644
--- a/components/password_manager/core/browser/password_store.h
+++ b/components/password_manager/core/browser/password_store.h
@@ -125,6 +125,9 @@ class PasswordStore : protected PasswordStoreSync,
// platforms that support prompting the user for access (such as Mac OS).
// NOTE: This means that this method can return different results depending
// on the value of |prompt_policy|.
+ // TODO(engedy): Currently, this will not return federated logins saved from
+ // Android applications that are affiliated with the realm of |form|. Need to
+ // decide if this is the desired behavior. See: https://crbug.com/539844.
virtual void GetLogins(const autofill::PasswordForm& form,
AuthorizationPromptPolicy prompt_policy,
PasswordStoreConsumer* consumer);
diff --git a/components/password_manager/core/browser/password_store_unittest.cc b/components/password_manager/core/browser/password_store_unittest.cc
index 0cc6b02..b99007b 100644
--- a/components/password_manager/core/browser/password_store_unittest.cc
+++ b/components/password_manager/core/browser/password_store_unittest.cc
@@ -562,6 +562,13 @@ TEST_F(PasswordStoreTest, GetLoginsWithAffiliations) {
"", "", L"", L"", L"",
L"username_value_4",
L"", true, true, 1},
+ // Federated credential for this second Android application; this should
+ // not be returned.
+ {PasswordForm::SCHEME_HTML,
+ kTestAndroidRealm2,
+ "", "", L"", L"", L"",
+ L"username_value_4b",
+ kTestingFederatedLoginMarker, true, true, 1},
// Credential for an unrelated Android application.
{PasswordForm::SCHEME_HTML,
kTestUnrelatedAndroidRealm,
generated by cgit v1.1 at 2024-06-01 21:26:45 +0000