[autofill] Pass along frame URL and SSL status, only allow requests for credit card info when secure.

BUG=157270,162785 R=estade@chromium.org,isherman@chromium.org,jam@chromium.org Review URL: https://codereview.chromium.org/11369236 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@171387 0039d316-1c4b-4281-b951-d872f2087c98
author: dbeam@chromium.org <dbeam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-12-06 03:09:12 +0000
committer: dbeam@chromium.org <dbeam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-12-06 03:09:12 +0000
commit: e4495213d466250ed455f57b97d46281408236f8 (patch)
tree: ca4524a707290d4f49d936811a997ecd82830bc7 /chrome/browser
parent: da983ab0f33178103ea9788a34963a95ac9606e6 (diff)
download: chromium_src-e4495213d466250ed455f57b97d46281408236f8.zip
chromium_src-e4495213d466250ed455f57b97d46281408236f8.tar.gz
chromium_src-e4495213d466250ed455f57b97d46281408236f8.tar.bz2
4 files changed, 74 insertions, 5 deletions
diff --git a/chrome/browser/autofill/autofill_manager.cc b/chrome/browser/autofill/autofill_manager.cc
index 4a62634..89ce8f4 100644
--- a/chrome/browser/autofill/autofill_manager.cc
+++ b/chrome/browser/autofill/autofill_manager.cc
@@ -774,16 +774,29 @@ void AutofillManager::OnSetDataList(const std::vector<string16>& values,
   }
 }
 
-void AutofillManager::OnRequestAutocomplete(const FormData& form) {
+void AutofillManager::OnRequestAutocomplete(
+    const FormData& form,
+    const GURL& frame_url,
+    const content::SSLStatus& ssl_status) {
   base::Callback<void(const FormStructure*)> callback =
       base::Bind(&AutofillManager::ReturnAutocompleteData, this);
   autofill::AutofillDialogController* controller =
       new autofill::AutofillDialogController(web_contents(),
                                              form,
+                                             frame_url,
+                                             ssl_status,
                                              callback);
   controller->Show();
 }
 
+void AutofillManager::ReturnAutocompleteError() {
+  RenderViewHost* host = web_contents()->GetRenderViewHost();
+  if (!host)
+    return;
+
+  host->Send(new AutofillMsg_RequestAutocompleteError(host->GetRoutingID()));
+}
+
 void AutofillManager::ReturnAutocompleteData(const FormStructure* result) {
   // web_contents() will be NULL when the interactive autocomplete is closed due
   // to a tab or browser window closing.
@@ -795,7 +808,7 @@ void AutofillManager::ReturnAutocompleteData(const FormStructure* result) {
     return;
 
   if (!result) {
-    host->Send(new AutofillMsg_RequestAutocompleteError(host->GetRoutingID()));
+    ReturnAutocompleteError();
     return;
   }
 
diff --git a/chrome/browser/autofill/autofill_manager.h b/chrome/browser/autofill/autofill_manager.h
index 44bf2b8..20e4ae9 100644
--- a/chrome/browser/autofill/autofill_manager.h
+++ b/chrome/browser/autofill/autofill_manager.h
@@ -26,6 +26,7 @@
 #include "chrome/browser/autofill/field_types.h"
 #include "chrome/browser/autofill/form_structure.h"
 #include "content/public/browser/web_contents_observer.h"
+#include "content/public/common/ssl_status.h"
 
 class AutofillExternalDelegate;
 class AutofillField;
@@ -33,6 +34,7 @@ class AutofillProfile;
 class AutofillMetrics;
 class CreditCard;
 class FormGroup;
+class GURL;
 class PersonalDataManager;
 class PrefService;
 class ProfileSyncService;
@@ -226,11 +228,16 @@ class AutofillManager : public content::WebContentsObserver,
                      const std::vector<int>& unique_ids);
 
   // Requests an interactive autocomplete UI be shown.
-  void OnRequestAutocomplete(const FormData& form);
+  void OnRequestAutocomplete(const FormData& form,
+                             const GURL& frame_url,
+                             const content::SSLStatus& ssl_status);
 
   // Passes return data for an OnRequestAutocomplete call back to the page.
   void ReturnAutocompleteData(const FormStructure* result);
 
+  // Tell the renderer the current interactive autocomplete failed somehow.
+  void ReturnAutocompleteError();
+
   // Fills |host| with the RenderViewHost for this tab.
   // Returns false if Autofill is disabled or if the host is unavailable.
   bool GetHost(content::RenderViewHost** host) const WARN_UNUSED_RESULT;
diff --git a/chrome/browser/ui/autofill/autofill_dialog_controller.cc b/chrome/browser/ui/autofill/autofill_dialog_controller.cc
index a97c5ab..5cdeb26 100644
--- a/chrome/browser/ui/autofill/autofill_dialog_controller.cc
+++ b/chrome/browser/ui/autofill/autofill_dialog_controller.cc
@@ -8,12 +8,16 @@
 #include "base/utf_string_conversions.h"
 #include "chrome/browser/autofill/autofill_country.h"
 #include "chrome/browser/autofill/autofill_manager.h"
+#include "chrome/browser/autofill/autofill_type.h"
 #include "chrome/browser/autofill/personal_data_manager.h"
 #include "chrome/browser/autofill/personal_data_manager_factory.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ui/autofill/autofill_dialog_view.h"
 #include "chrome/common/form_data.h"
 #include "content/public/browser/web_contents.h"
+#include "content/public/common/url_constants.h"
+#include "googleurl/src/gurl.h"
+#include "net/base/cert_status_flags.h"
 
 namespace autofill {
 
@@ -138,10 +142,14 @@ void FillFormGroupFromOutputs(const DetailOutputMap& detail_outputs,
 AutofillDialogController::AutofillDialogController(
     content::WebContents* contents,
     const FormData& form,
+    const GURL& source_url,
+    const content::SSLStatus& ssl_status,
     const base::Callback<void(const FormStructure*)>& callback)
     : profile_(Profile::FromBrowserContext(contents->GetBrowserContext())),
       contents_(contents),
       form_structure_(form),
+      source_url_(source_url),
+      ssl_status_(ssl_status),
       callback_(callback) {
   // TODO(estade): |this| should observe PersonalDataManager.
   // TODO(estade): remove duplicates from |form|?
@@ -161,6 +169,16 @@ void AutofillDialogController::Show() {
     return;
   }
 
+  // Any request for credit info has to be secure with no minor or major errors.
+  if (RequestingCreditCardInfo() &&
+      (!source_url_.SchemeIs(chrome::kHttpsScheme) ||
+       net::IsCertStatusError(ssl_status_.cert_status) ||
+       net::IsCertStatusMinorError(ssl_status_.cert_status))) {
+    callback_.Run(NULL);
+    delete this;
+    return;
+  }
+
   int row_id = 0;
 
   const DetailInput kEmailInputs[] = {
@@ -230,10 +248,14 @@ string16 AutofillDialogController::DialogTitle() const {
   return string16(ASCIIToUTF16("PaY"));
 }
 
+string16 AutofillDialogController::SiteLabel() const {
+  return UTF8ToUTF16(source_url_.host());
+}
+
 string16 AutofillDialogController::IntroText() const {
   // TODO(estade): real strings and l10n.
-  return string16(
-      ASCIIToUTF16("random.com has requested the following deets:"));
+  // TODO(dbeam): what's the clearest way to not confuse translators here?
+  return ASCIIToUTF16("Da following deets will be passed to ");
 }
 
 string16 AutofillDialogController::LabelForSection(DialogSection section)
@@ -282,6 +304,19 @@ bool AutofillDialogController::ConfirmButtonEnabled() const {
   return true;
 }
 
+bool AutofillDialogController::RequestingCreditCardInfo() const {
+  DCHECK_GT(form_structure_.field_count(), 0U);
+
+  for (size_t i = 0; i < form_structure_.field_count(); ++i) {
+    if (AutofillType(form_structure_.field(i)->type()).group() ==
+        AutofillType::CREDIT_CARD) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
 const DetailInputs& AutofillDialogController::RequestedFieldsForSection(
     DialogSection section) const {
   switch (section) {
diff --git a/chrome/browser/ui/autofill/autofill_dialog_controller.h b/chrome/browser/ui/autofill/autofill_dialog_controller.h
index fbdae70..288b81f 100644
--- a/chrome/browser/ui/autofill/autofill_dialog_controller.h
+++ b/chrome/browser/ui/autofill/autofill_dialog_controller.h
@@ -15,9 +15,11 @@
 #include "chrome/browser/autofill/field_types.h"
 #include "chrome/browser/autofill/form_structure.h"
 #include "chrome/browser/ui/autofill/autofill_dialog_comboboxes.h"
+#include "content/public/common/ssl_status.h"
 #include "ui/base/models/combobox_model.h"
 
 class FormGroup;
+class GURL;
 class Profile;
 
 namespace content {
@@ -73,6 +75,8 @@ class AutofillDialogController {
   AutofillDialogController(
       content::WebContents* contents,
       const FormData& form_structure,
+      const GURL& source_url,
+      const content::SSLStatus& ssl_status,
       const base::Callback<void(const FormStructure*)>& callback);
   ~AutofillDialogController();
 
@@ -80,6 +84,7 @@ class AutofillDialogController {
 
   // Called by the view.
   string16 DialogTitle() const;
+  string16 SiteLabel() const;
   string16 IntroText() const;
   string16 LabelForSection(DialogSection section) const;
   string16 UseBillingForShippingText() const;
@@ -106,6 +111,9 @@ class AutofillDialogController {
   typedef base::Callback<bool(const DetailInput& input,
                               const AutofillField& field)> InputFieldComparator;
 
+  // Whether or not the current request wants credit info back.
+  bool RequestingCreditCardInfo() const;
+
   // Initializes |suggested_email_| et al.
   void GenerateComboboxModels();
 
@@ -139,6 +147,12 @@ class AutofillDialogController {
 
   FormStructure form_structure_;
 
+  // The URL of the invoking site.
+  GURL source_url_;
+
+  // The SSL info from the invoking site.
+  content::SSLStatus ssl_status_;
+
   base::Callback<void(const FormStructure*)> callback_;
 
   // The fields for billing and shipping which the page has actually requested.
author	dbeam@chromium.org <dbeam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-12-06 03:09:12 +0000
committer	dbeam@chromium.org <dbeam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-12-06 03:09:12 +0000
commit	e4495213d466250ed455f57b97d46281408236f8 (patch)
tree	ca4524a707290d4f49d936811a997ecd82830bc7 /chrome/browser
parent	da983ab0f33178103ea9788a34963a95ac9606e6 (diff)
download	chromium_src-e4495213d466250ed455f57b97d46281408236f8.zip chromium_src-e4495213d466250ed455f57b97d46281408236f8.tar.gz chromium_src-e4495213d466250ed455f57b97d46281408236f8.tar.bz2