New issue
Advanced search Search tips

Issue 687968 link

Starred by 2 users
Status: Fixed
Owner:
jdoerrie@chromium.org
Closed: Apr 2018
Cc:
vasi...@chromium.org
palmer@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Delete obsolete HTTP credentials for HSTS sites

Project Member Reported by jdoerrie@chromium.org, Feb 2 2017 
When discussing the HTTP -> HTTPS migration of credentials it was mentioned that it is beneficial to remove old HTTP credentials during the migration when a site switches to HTTPS with HSTS active.

In addition, obsolete HTTP passwords should be cleaned up for HSTS sites, regardless of whether a migration takes place.

It is the purpose of this bug to track efforts towards implementing this feature.
Project Member

Comment 2 by bugdroid1@chromium.org, Feb 8 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8302e38b44617b92c635a8d0d8b80d9eb7c2b153

commit 8302e38b44617b92c635a8d0d8b80d9eb7c2b153
Author: jdoerrie <jdoerrie@chromium.org>
Date: Wed Feb 08 12:40:00 2017

Introduce Obsolete HTTP Cleaner

This change introduces a password store consumer that will delete obsolete
credentials, blacklisted hosts and site stats for sites that switched to HTTPS
and have HSTS enabled.

BUG= 687968 
R=vasilii@chromium.org

Review-Url: https://codereview.chromium.org/2673053002
Cr-Commit-Position: refs/heads/master@{#448967}

[modify] https://crrev.com/8302e38b44617b92c635a8d0d8b80d9eb7c2b153/chrome/browser/password_manager/chrome_password_manager_client.cc
[modify] https://crrev.com/8302e38b44617b92c635a8d0d8b80d9eb7c2b153/chrome/browser/password_manager/chrome_password_manager_client.h
[modify] https://crrev.com/8302e38b44617b92c635a8d0d8b80d9eb7c2b153/components/password_manager/core/browser/BUILD.gn
[add] https://crrev.com/8302e38b44617b92c635a8d0d8b80d9eb7c2b153/components/password_manager/core/browser/obsolete_http_cleaner.cc
[add] https://crrev.com/8302e38b44617b92c635a8d0d8b80d9eb7c2b153/components/password_manager/core/browser/obsolete_http_cleaner.h
[add] https://crrev.com/8302e38b44617b92c635a8d0d8b80d9eb7c2b153/components/password_manager/core/browser/obsolete_http_cleaner_unittest.cc
[modify] https://crrev.com/8302e38b44617b92c635a8d0d8b80d9eb7c2b153/components/password_manager/core/browser/password_manager_client.cc
[modify] https://crrev.com/8302e38b44617b92c635a8d0d8b80d9eb7c2b153/components/password_manager/core/browser/password_manager_client.h
Project Member

Comment 3 by bugdroid1@chromium.org, Feb 17 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d467321ca5b51ba137007694a7cf4260392e6609

commit d467321ca5b51ba137007694a7cf4260392e6609
Author: jdoerrie <jdoerrie@chromium.org>
Date: Fri Feb 17 14:10:44 2017

Implement PasswordStore::GetAllStats

In anticipation of the cleanup for obsolete HTTP data this change implements
PasswordStore::GetAllStats as a convenient way to obtain statistics for all
sites.

BUG= 687968 
R=vasilii@chromium.org

Review-Url: https://codereview.chromium.org/2695233004
Cr-Commit-Position: refs/heads/master@{#451298}

[modify] https://crrev.com/d467321ca5b51ba137007694a7cf4260392e6609/chrome/browser/password_manager/password_store_mac.cc
[modify] https://crrev.com/d467321ca5b51ba137007694a7cf4260392e6609/chrome/browser/password_manager/password_store_mac.h
[modify] https://crrev.com/d467321ca5b51ba137007694a7cf4260392e6609/chrome/browser/password_manager/password_store_proxy_mac.cc
[modify] https://crrev.com/d467321ca5b51ba137007694a7cf4260392e6609/chrome/browser/password_manager/password_store_proxy_mac.h
[modify] https://crrev.com/d467321ca5b51ba137007694a7cf4260392e6609/components/password_manager/core/browser/mock_password_store.h
[modify] https://crrev.com/d467321ca5b51ba137007694a7cf4260392e6609/components/password_manager/core/browser/password_store.cc
[modify] https://crrev.com/d467321ca5b51ba137007694a7cf4260392e6609/components/password_manager/core/browser/password_store.h
[modify] https://crrev.com/d467321ca5b51ba137007694a7cf4260392e6609/components/password_manager/core/browser/password_store_default.cc
[modify] https://crrev.com/d467321ca5b51ba137007694a7cf4260392e6609/components/password_manager/core/browser/password_store_default.h
[modify] https://crrev.com/d467321ca5b51ba137007694a7cf4260392e6609/components/password_manager/core/browser/statistics_table.cc
[modify] https://crrev.com/d467321ca5b51ba137007694a7cf4260392e6609/components/password_manager/core/browser/statistics_table.h
[modify] https://crrev.com/d467321ca5b51ba137007694a7cf4260392e6609/components/password_manager/core/browser/statistics_table_unittest.cc
[modify] https://crrev.com/d467321ca5b51ba137007694a7cf4260392e6609/components/password_manager/core/browser/test_password_store.cc
[modify] https://crrev.com/d467321ca5b51ba137007694a7cf4260392e6609/components/password_manager/core/browser/test_password_store.h
Project Member

Comment 4 by bugdroid1@chromium.org, Mar 14 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5cda81b4d16e323763e51f22582a9144dc64c30e

commit 5cda81b4d16e323763e51f22582a9144dc64c30e
Author: jdoerrie <jdoerrie@chromium.org>
Date: Tue Mar 14 14:59:55 2017

Move Credentials when migrating to HSTS page

This change enables moving credentials during migration when the corresponding
site has HSTS enabled. Prior to this change old HTTP credentials were kept,
leading to unnecessary duplication.

R=vasilii@chromium.org,isherman@chromium.org
BUG= 687968 

Review-Url: https://codereview.chromium.org/2721663002
Cr-Commit-Position: refs/heads/master@{#456704}

[modify] https://crrev.com/5cda81b4d16e323763e51f22582a9144dc64c30e/chrome/browser/password_manager/chrome_password_manager_client.cc
[modify] https://crrev.com/5cda81b4d16e323763e51f22582a9144dc64c30e/chrome/browser/password_manager/chrome_password_manager_client.h
[modify] https://crrev.com/5cda81b4d16e323763e51f22582a9144dc64c30e/chrome/browser/password_manager/credential_manager_browsertest.cc
[modify] https://crrev.com/5cda81b4d16e323763e51f22582a9144dc64c30e/chrome/browser/password_manager/password_manager_browsertest.cc
[modify] https://crrev.com/5cda81b4d16e323763e51f22582a9144dc64c30e/chrome/browser/password_manager/password_manager_test_base.cc
[modify] https://crrev.com/5cda81b4d16e323763e51f22582a9144dc64c30e/chrome/browser/password_manager/password_manager_test_base.h
[modify] https://crrev.com/5cda81b4d16e323763e51f22582a9144dc64c30e/components/password_manager/core/browser/credential_manager_pending_request_task.cc
[modify] https://crrev.com/5cda81b4d16e323763e51f22582a9144dc64c30e/components/password_manager/core/browser/form_fetcher_impl.cc
[modify] https://crrev.com/5cda81b4d16e323763e51f22582a9144dc64c30e/components/password_manager/core/browser/http_password_migrator.cc
[modify] https://crrev.com/5cda81b4d16e323763e51f22582a9144dc64c30e/components/password_manager/core/browser/http_password_migrator.h
[modify] https://crrev.com/5cda81b4d16e323763e51f22582a9144dc64c30e/components/password_manager/core/browser/http_password_migrator_unittest.cc
[modify] https://crrev.com/5cda81b4d16e323763e51f22582a9144dc64c30e/components/password_manager/core/browser/obsolete_http_cleaner.cc
[modify] https://crrev.com/5cda81b4d16e323763e51f22582a9144dc64c30e/components/password_manager/core/browser/obsolete_http_cleaner_unittest.cc
[modify] https://crrev.com/5cda81b4d16e323763e51f22582a9144dc64c30e/components/password_manager/core/browser/password_manager_client.cc
[modify] https://crrev.com/5cda81b4d16e323763e51f22582a9144dc64c30e/components/password_manager/core/browser/password_manager_client.h
[modify] https://crrev.com/5cda81b4d16e323763e51f22582a9144dc64c30e/components/password_manager/core/browser/password_manager_metrics_util.cc
[modify] https://crrev.com/5cda81b4d16e323763e51f22582a9144dc64c30e/components/password_manager/core/browser/password_manager_metrics_util.h
[modify] https://crrev.com/5cda81b4d16e323763e51f22582a9144dc64c30e/tools/metrics/histograms/histograms.xml
Project Member

Comment 5 by bugdroid1@chromium.org, Mar 22 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7dc7688b853c5ae80cae066021d02c591e06a1e2

commit 7dc7688b853c5ae80cae066021d02c591e06a1e2
Author: jdoerrie <jdoerrie@chromium.org>
Date: Wed Mar 22 19:25:46 2017

Remove Obsolete HTTP SiteStatistics From PasswordStore during Migration

As a follow up to a comment in http://crrev.com/2721663002 this change
implements the removal of obsolete site statistics when a site migrated to HTTPS
and has HSTS enabled.

BUG= 687968 
R=vasilii@chromium.org

Review-Url: https://codereview.chromium.org/2748933005
Cr-Commit-Position: refs/heads/master@{#458836}

[modify] https://crrev.com/7dc7688b853c5ae80cae066021d02c591e06a1e2/components/password_manager/core/browser/BUILD.gn
[modify] https://crrev.com/7dc7688b853c5ae80cae066021d02c591e06a1e2/components/password_manager/core/browser/credential_manager_pending_request_task.cc
[modify] https://crrev.com/7dc7688b853c5ae80cae066021d02c591e06a1e2/components/password_manager/core/browser/credential_manager_pending_request_task.h
[modify] https://crrev.com/7dc7688b853c5ae80cae066021d02c591e06a1e2/components/password_manager/core/browser/form_fetcher_impl.cc
[modify] https://crrev.com/7dc7688b853c5ae80cae066021d02c591e06a1e2/components/password_manager/core/browser/form_fetcher_impl.h
[modify] https://crrev.com/7dc7688b853c5ae80cae066021d02c591e06a1e2/components/password_manager/core/browser/form_fetcher_impl_unittest.cc
[rename] https://crrev.com/7dc7688b853c5ae80cae066021d02c591e06a1e2/components/password_manager/core/browser/http_password_store_migrator.cc
[rename] https://crrev.com/7dc7688b853c5ae80cae066021d02c591e06a1e2/components/password_manager/core/browser/http_password_store_migrator.h
[rename] https://crrev.com/7dc7688b853c5ae80cae066021d02c591e06a1e2/components/password_manager/core/browser/http_password_store_migrator_unittest.cc
Project Member

Comment 6 by bugdroid1@chromium.org, Apr 4 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2c18c898b5e93b53737e884e54e66d2c7f633a33

commit 2c18c898b5e93b53737e884e54e66d2c7f633a33
Author: jdoerrie <jdoerrie@chromium.org>
Date: Tue Apr 04 15:51:19 2017

Clean Obsolete HTTP Data from the Password Store

This change introduces a method to delete obsolete HTTP data from the password
store. This method is executed 40 seconds after start up and will delete HTTP
passwords, blacklist information and statistics for sites that have migrated to
HTTPS and have HSTS enabled.

BUG= 687968 
R=vasilii@chromium.org, vabr@chromium.org

Review-Url: https://codereview.chromium.org/2714543006
Cr-Commit-Position: refs/heads/master@{#461733}

[modify] https://crrev.com/2c18c898b5e93b53737e884e54e66d2c7f633a33/chrome/browser/password_manager/chrome_password_manager_client.cc
[modify] https://crrev.com/2c18c898b5e93b53737e884e54e66d2c7f633a33/chrome/browser/password_manager/password_store_factory.cc
[modify] https://crrev.com/2c18c898b5e93b53737e884e54e66d2c7f633a33/chrome/browser/ui/passwords/manage_passwords_bubble_model_unittest.cc
[modify] https://crrev.com/2c18c898b5e93b53737e884e54e66d2c7f633a33/components/password_manager/DEPS
[modify] https://crrev.com/2c18c898b5e93b53737e884e54e66d2c7f633a33/components/password_manager/core/browser/BUILD.gn
[add] https://crrev.com/2c18c898b5e93b53737e884e54e66d2c7f633a33/components/password_manager/core/browser/hsts_query.cc
[add] https://crrev.com/2c18c898b5e93b53737e884e54e66d2c7f633a33/components/password_manager/core/browser/hsts_query.h
[add] https://crrev.com/2c18c898b5e93b53737e884e54e66d2c7f633a33/components/password_manager/core/browser/hsts_query_unittest.cc
[add] https://crrev.com/2c18c898b5e93b53737e884e54e66d2c7f633a33/components/password_manager/core/browser/http_data_cleaner.cc
[add] https://crrev.com/2c18c898b5e93b53737e884e54e66d2c7f633a33/components/password_manager/core/browser/http_data_cleaner.h
[add] https://crrev.com/2c18c898b5e93b53737e884e54e66d2c7f633a33/components/password_manager/core/browser/http_data_cleaner_unittest.cc
[modify] https://crrev.com/2c18c898b5e93b53737e884e54e66d2c7f633a33/components/password_manager/core/browser/mock_password_store.h
[delete] https://crrev.com/c374eccb2b3eaafa9a0cd601e66add1556ed99a8/components/password_manager/core/browser/obsolete_http_cleaner.cc
[delete] https://crrev.com/c374eccb2b3eaafa9a0cd601e66add1556ed99a8/components/password_manager/core/browser/obsolete_http_cleaner.h
[delete] https://crrev.com/c374eccb2b3eaafa9a0cd601e66add1556ed99a8/components/password_manager/core/browser/obsolete_http_cleaner_unittest.cc
[modify] https://crrev.com/2c18c898b5e93b53737e884e54e66d2c7f633a33/components/password_manager/core/browser/password_manager.cc
[modify] https://crrev.com/2c18c898b5e93b53737e884e54e66d2c7f633a33/components/password_manager/core/browser/password_manager_test_utils.cc
[modify] https://crrev.com/2c18c898b5e93b53737e884e54e66d2c7f633a33/components/password_manager/core/browser/password_manager_test_utils.h
[modify] https://crrev.com/2c18c898b5e93b53737e884e54e66d2c7f633a33/components/password_manager/core/browser/password_store_consumer.h
[modify] https://crrev.com/2c18c898b5e93b53737e884e54e66d2c7f633a33/components/password_manager/core/common/password_manager_pref_names.cc
[modify] https://crrev.com/2c18c898b5e93b53737e884e54e66d2c7f633a33/components/password_manager/core/common/password_manager_pref_names.h
Project Member

Comment 7 by bugdroid1@chromium.org, Mar 9 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/09e3be47ad439df47ebc686cca6a6b8eb8d2c4db

commit 09e3be47ad439df47ebc686cca6a6b8eb8d2c4db
Author: Vasilii Sukhanov <vasilii@chromium.org>
Date: Fri Mar 09 11:47:23 2018

Remove DelayCleanObsoleteHttpDataForPasswordStoreAndPrefs.

The code is executed once per profile. As it was introduced one year ago, it's reasonable to assume that most users don't need it anymore.
It's a manual revert of https://codereview.chromium.org/2714543006/

Bug:  687968 
Change-Id: Ic9ef109c27ccccadc8b3fd75d156dec818cfc83c
Reviewed-on: https://chromium-review.googlesource.com/955568
Commit-Queue: Vasilii Sukhanov <vasilii@chromium.org>
Reviewed-by: Jan Wilken Dörrie <jdoerrie@chromium.org>
Cr-Commit-Position: refs/heads/master@{#542084}
[modify] https://crrev.com/09e3be47ad439df47ebc686cca6a6b8eb8d2c4db/chrome/browser/password_manager/password_store_factory.cc
[modify] https://crrev.com/09e3be47ad439df47ebc686cca6a6b8eb8d2c4db/components/password_manager/core/browser/BUILD.gn
[modify] https://crrev.com/09e3be47ad439df47ebc686cca6a6b8eb8d2c4db/components/password_manager/core/browser/hsts_query_unittest.cc
[delete] https://crrev.com/be06f2f2a79904493976ebca714c33a4e06635ba/components/password_manager/core/browser/http_data_cleaner.cc
[delete] https://crrev.com/be06f2f2a79904493976ebca714c33a4e06635ba/components/password_manager/core/browser/http_data_cleaner.h
[delete] https://crrev.com/be06f2f2a79904493976ebca714c33a4e06635ba/components/password_manager/core/browser/http_data_cleaner_unittest.cc
[modify] https://crrev.com/09e3be47ad439df47ebc686cca6a6b8eb8d2c4db/components/password_manager/core/browser/password_manager.cc
[modify] https://crrev.com/09e3be47ad439df47ebc686cca6a6b8eb8d2c4db/components/password_manager/core/browser/password_manager_test_utils.cc
[modify] https://crrev.com/09e3be47ad439df47ebc686cca6a6b8eb8d2c4db/components/password_manager/core/browser/password_manager_test_utils.h
[modify] https://crrev.com/09e3be47ad439df47ebc686cca6a6b8eb8d2c4db/components/password_manager/core/browser/password_store_consumer.h
[modify] https://crrev.com/09e3be47ad439df47ebc686cca6a6b8eb8d2c4db/components/password_manager/core/common/password_manager_pref_names.cc
[modify] https://crrev.com/09e3be47ad439df47ebc686cca6a6b8eb8d2c4db/components/password_manager/core/common/password_manager_pref_names.h

Comment 8 by jdoerrie@chromium.org, Apr 4 2018

Status: Fixed (was: Started)
Project Member

Comment 9 by bugdroid1@chromium.org, Nov 21 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b1721672e76a9dea39dfdad9897e7e5f43b7a7ce

commit b1721672e76a9dea39dfdad9897e7e5f43b7a7ce
Author: jdoerrie <jdoerrie@chromium.org>
Date: Wed Nov 21 19:18:38 2018

[Passwords] Don't replace federation:// in HttpPasswordStoreMigrator

This change modifies HttpPasswordStoreMigrator to not replace the
signon_realm if the previous signon_realm did not have a HTTP scheme.
While rare, this scenario can happen for federated credentials that have
been saved on a secure HTTP origin, such as http://localhost.

Bug:  687968 
Change-Id: Ib777aac0aadd1ca39723de40b40fd75193954f7e
Reviewed-on: https://chromium-review.googlesource.com/c/1346458
Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org>
Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org>
Cr-Commit-Position: refs/heads/master@{#610134}
[modify] https://crrev.com/b1721672e76a9dea39dfdad9897e7e5f43b7a7ce/components/password_manager/core/browser/http_password_store_migrator.cc
[modify] https://crrev.com/b1721672e76a9dea39dfdad9897e7e5f43b7a7ce/components/password_manager/core/browser/http_password_store_migrator_unittest.cc

Sign in to add a comment