[password generation] Always allow generated passwords to be shown.

chrome/browser/password_manager/password_form_manager.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/password_manager/password_form_manager.h"
 
 #include <algorithm>
 
 #include "base/metrics/histogram.h"
 #include "base/strings/string_split.h"
@@ skipping 274 matching lines @@
   return state_ == POST_MATCHING_PHASE;
 }
 
 void PasswordFormManager::OnRequestDone(
     const std::vector<PasswordForm*>& logins_result) {
   // Note that the result gets deleted after this call completes, but we own
   // the PasswordForm objects pointed to by the result vector, thus we keep
   // copies to a minimum here.
 
   int best_score = 0;
-  std::vector<PasswordForm> empties;  // Empty-path matches in result set.
+  // These credentials will be in the final result regardless of score.
+  std::vector<PasswordForm> credentials_to_keep;
   for (size_t i = 0; i < logins_result.size(); i++) {
     if (IgnoreResult(*logins_result[i])) {
       delete logins_result[i];
       continue;
     }
     // Score and update best matches.
     int current_score = ScoreResult(*logins_result[i]);
     // This check is here so we can append empty path matches in the event
     // they don't score as high as others and aren't added to best_matches_.
     // This is most commonly imported firefox logins. We skip blacklisted
     // ones because clearly we don't want to autofill them, and secondly
     // because they only mean something when we have no other matches already
     // saved in Chrome - in which case they'll make it through the regular
     // scoring flow below by design. Note signon_realm == origin implies empty
     // path logins_result, since signon_realm is a prefix of origin for HTML
     // password forms.
     // TODO(timsteele): Bug 1269400. We probably should do something more
     // elegant for any shorter-path match instead of explicitly handling empty
     // path matches.
     if ((observed_form_.scheme == PasswordForm::SCHEME_HTML) &&
         (observed_form_.signon_realm == logins_result[i]->origin.spec()) &&
         (current_score > 0) && (!logins_result[i]->blacklisted_by_user)) {
-      empties.push_back(*logins_result[i]);
+      credentials_to_keep.push_back(*logins_result[i]);
     }
 
+    // Always keep generated passwords as part of the result set. If a user
+    // generates a password on a signup form, it should show on a login form
+    // even if they have a previous login saved.
+    // TODO(gcasto): We don't want to cut credentials that were saved on signup
+    // forms even if they weren't generated, but currently it's hard to
+    // distinguish between those forms and two different login forms on the
+    // same domain. Filed http://crbug.com/294468 to look into this.
+    if (logins_result[i]->type == PasswordForm::TYPE_GENERATED)
+      credentials_to_keep.push_back(*logins_result[i]);
+
     if (current_score < best_score) {
       delete logins_result[i];
       continue;
     }
     if (current_score == best_score) {
       best_matches_[logins_result[i]->username_value] = logins_result[i];
     } else if (current_score > best_score) {
       best_score = current_score;
       // This new login has a better score than all those up to this point
       // Note 'this' owns all the PasswordForms in best_matches_.
       STLDeleteValues(&best_matches_);
       best_matches_.clear();
       preferred_match_ = NULL;  // Don't delete, its owned by best_matches_.
       best_matches_[logins_result[i]->username_value] = logins_result[i];
     }
     preferred_match_ = logins_result[i]->preferred ? logins_result[i]
                                                    : preferred_match_;
   }
   // We're done matching now.
   state_ = POST_MATCHING_PHASE;
 
   if (best_score <= 0) {
     return;
   }
 
-  for (std::vector<PasswordForm>::const_iterator it = empties.begin();
-       it != empties.end(); ++it) {
+  for (std::vector<PasswordForm>::const_iterator it =
+           credentials_to_keep.begin();
+       it != credentials_to_keep.end(); ++it) {
     // If we don't already have a result with the same username, add the
-    // lower-scored empty-path match (if it had equal score it would already be
-    // in best_matches_).
+    // lower-scored match (if it had equal score it would already be in
+    // best_matches_).
     if (best_matches_.find(it->username_value) == best_matches_.end())
       best_matches_[it->username_value] = new PasswordForm(*it);
   }
 
   // It is possible we have at least one match but have no preferred_match_,
   // because a user may have chosen to 'Forget' the preferred match. So we
   // just pick the first one and whichever the user selects for submit will
   // be saved as preferred.
   DCHECK(!best_matches_.empty());
   if (!preferred_match_)
@@ skipping 255 matching lines @@
 
 void PasswordFormManager::SubmitFailed() {
   submit_result_ = kSubmitResultFailed;
 }
 
 void PasswordFormManager::SendNotBlacklistedToRenderer() {
   content::RenderViewHost* host = web_contents_->GetRenderViewHost();
   host->Send(new AutofillMsg_FormNotBlacklisted(host->GetRoutingID(),
                                                  observed_form_));
 }