Autofill: Increase ratio of complete credential saves

[CDRussell]

Task/Issue URL: https://app.asana.com/0/72649045549333/1206048666874234/f

Description

Increases the ratio of complete credential saves by being able to capture a username-only form submission, and then re-attach it to a nearby password-only form submission. This is useful for scenarios like resetting passwords and multi-step logins.

Steps to test this PR

Logcat filter:
message~:"partial save" | message~:”backfill"

Simulating a multi-step login form

• Ensure no passwords currently saved (or none for autofill.me at least)
• Visit https://autofill.me/form/login-simple
• Enter username test
• Leave password blank
• Hit Login button (this simulates getting the first part of a multi-step login form)
• Now clear the username
• Enter password (>=4 characters)
• Hit Login button (this is submitting only a password now, simulating the second part of a multi-step login form)
• Save password when prompted, then go view it in the Password Management view (e.g., tap on View in snackbar)
• Verify it has username=test and password matches what you provided (i.e., the username was backfilled because the partial form submission’s username was later applied to the final form submission which didn’t have the username)

Updating password for the above (not backfilling)

• Visit https://autofill.me/form/login-simple (decline offer to autofill)
• Enter username test
• Enter a different password than what is stored already
• Hit Login button; verify you are offered to update the password
• Verify that when you decline, the saved password hasn’t changed
• Then repeat and accept the offer to update the password; verify it was updated correctly (and there are no dupes for that username)

Updating password (with backfilling)

• Visit https://autofill.me/form/login-simple (decline offer to autofill)
• Enter username test
• Leave password blank
• Hit Login button (this simulates getting the first part of a multi-step login form)
• Now clear the username
• Enter a different password than what is stored already
• Hit Login button; verify you are offered to update the password
• Verify Backfilling username [test] from partial save in logs
• Test both updating password when prompted, and declining and make sure in both cases the password is correct and there are no duplicates for that username

Password reset flow (with backfilling, automatic password generation)

• Visit scribd.com and create an account if you don’t have one (recommend using email address that you can get on the device you’re testing on, as you’ll need to click a reset password link)
• (Sign out if signed in)
• Click Forgot password? from scribd.com
• Enter your email address
• Get the email from them, and click the link to reset your password within 3 minutes
• Choose to use a generated password when prompted (note the last few characters so you can verify it later)
• Verify the credential is saved. Verify the password is correct and there are no duplicate credentials.
• Repeat this flow when you have a password saved for that username already. This time after accepting autogenerated password, verify that you are prompted to update it with the new password.

Password reset flow (with backfilling, manual password entry)

• Visit scribd.com (sign out if signed in)
• Click Forgot password? from scribd.com
• Enter your email address
• Get the email from them, and click the link to reset your password within 3 minutes
• Choose to manually enter a password that conforms to their rules
• Verify you are prompted to update your password (note, update, not to save a new one)
• Agree to Update Password. Verify the password is correct and there are no duplicate credentials.

Password reset flow (no backfilling, automatic password generation)

• Visit scribd.com (sign out if signed in)
• Click Forgot password? from scribd.com
• Enter your email address
• Wait > 3 minutes
• Get the email from them, and click the link to reset your password
• Choose to use a generated password when prompted (note the last few characters so you can verify it later)
• Verify you see a snackbar that password has been saved. Note, this is a separate credential that is saved with no username attached (i.e, existing behaviour because this was ineligible for backfilling)

Password reset flow (no backfilling, manual password entry)

• Visit scribd.com (sign out if signed in)
• Click Forgot password? from scribd.com
• Enter your email address
• Wait > 3 minutes
• Get the email from them, and click the link to reset your password
• Choose to manually enter a password
• Verify you are prompted to save ❓. Note, this is a separate credential that is saved with no username attached (i.e, existing behaviour because this was ineligible for backfilling)

Email Protection, autofilling personal duck address contributes as username backfill candidate

• Be signed into Email Protection
• remove any saved logins for https://privacy-test-pages.site
• Visit https://privacy-test-pages.site/autofill/autoprompt/0-standard-signup-form.html
• Tap on email field and autofill using your personal duck address. Do not submit the form.
• Now navigate to https://privacy-test-pages.site/autofill/password-update.html (use same tab)
• In the 2nd form, enter password manually into the New Password field (can leave other two password fields blank) and tap the button
• Verify you are prompted to save the password, and it successfully joins your duck address to the password you entered
• Repeat this, but use an autogenerated password. Verify this is autosaved (i.e., user not prompted) into a single, complete credential

Email Protection, autofilling private duck address contributes as username backfill candidate

• Be signed into Email Protection
• remove any saved logins for https://privacy-test-pages.site
• Visit https://privacy-test-pages.site/autofill/autoprompt/0-standard-signup-form.html
• Tap on email field and autofill using your private duck address. Do not submit the form.
• Now navigate to https://privacy-test-pages.site/autofill/password-update.html (use same tab)
• In the 2nd form, enter password manually into the New Password field (can leave other two password fields blank) and tap the button
• Verify this is autosaved (i.e., user not prompted) into a single, complete credential
• Repeat this, but use an autogenerated password. Verify this is autosaved (i.e., user not prompted) into a single, complete credential

Disable feature flag

• Disable partialFormSaves
• Ensure no passwords currently saved for autofill.me
• Visit https://autofill.me/form/login-simple
• Enter username test
• Leave password blank
• Hit Login button (this simulates getting the first part of a multi-step login form)
• Now clear the username
• Enter password (>=4 characters)
• Hit Login button (this is submitting only a password now, simulating the second part of a multi-step login form)
• Accept to save the password. Verify this has no username (since it wasn’t allowed to backfill it)

Ensuring existing business rules are maintained

Autofill personal duck address and autogenerated password

• remove any saved logins for https://privacy-test-pages.site
• Be signed into Email Protection
• Visit https://privacy-test-pages.site/autofill/autoprompt/0-standard-signup-form.html
• Tap on email field and autofill using your personal duck address
• Tap on password field and autofill using autogenerated password
• Sign Sign Up button, verify a single, complete credential is saved with correct username+password

Autofill private duck address and autogenerated password

• remove any saved logins for https://privacy-test-pages.site
• Be signed into Email Protection
• Visit https://privacy-test-pages.site/autofill/autoprompt/0-standard-signup-form.html
• Tap on email field and autofill using your private duck address
• Tap on password field and autofill using autogenerated password
• Sign Sign Up button, verify a single, complete credential is saved with correct username+password

Autofill personal duck address and manual password

• remove any saved logins for https://privacy-test-pages.site
• Be signed into Email Protection
• Visit https://privacy-test-pages.site/autofill/autoprompt/0-standard-signup-form.html
• Tap on email field and autofill using your personal duck address
• Tap on password field and decline autogenerated password. Enter your own one (> 4 characters)
• Sign Sign Up button, verify you are prompted to save and upon accepting, a single, complete credential is saved with correct username+password

Autofill private duck address and manual password

• remove any saved logins for https://privacy-test-pages.site
• Be signed into Email Protection
• Visit https://privacy-test-pages.site/autofill/autoprompt/0-standard-signup-form.html
• Tap on email field and autofill using your private duck address
• Tap on password field and decline autogenerated password. Enter your own one (> 4 characters)
• Sign Sign Up button, verify you are prompted to save and upon accepting, a single, complete credential is saved with correct username+password

[CDRussell]

• Modify autofill update credential pixel to include backfilled parameter #5392
• Autofill: Increase ratio of complete credential saves #5386 👈 (View in Graphite)
• develop

This stack of pull requests is managed by Graphite. Learn more about stacking.

[CDRussell]

this is a small tidy up as these are types specifically for Moshi / JSON parsing, used internally in this class. but we don’t necessarily want the same types returned out of this class

for example, the trigger is nullable when parsing from JSON, but when returning we also want that non-nullable and defaulting to UNKNOWN if it couldn’t be parsed from the JSON

[cmonfortep]

LGTM nothing major, we can discuss offline.

[cmonfortep]

Something is confusing here, but unsure what to recommend to change because I might be missing some details. So leaving my impressions:

• when reviewing the implementation part, I got confused in if (!usernameFromJavascript.isNullOrBlank()). I was not expecting that isBackFillingUsernameSupported requires an empty username.
• The logic inside just checks that nullability of the username and then calls getUsernameForBackFilling. why is not the caller checking that instead? I imagine this as "I don't have a username, let me check if I have a username for this url in the store", and then call that directly.
• If you prefer to have a class for that, then we should update the interface to make it more clear. A way how I imagine this, giving the responsability of completing partial LoginCredentials. You provide LoginCrendentials, and url, and this class can complete the missing data.

[CDRussell]

we should update the interface to make it more clear.

Happy to, though not totally sure what your suggestion is… can you elaborate? and how strongly do you feel? I’d rather not make deeper changes now if it could be avoided, tbh.

giving the responsability of completing partial LoginCredentials. You provide LoginCrendentials, and url, and this class can complete the missing data.

in one scenario we have LoginCredentials and in the other you have a loose username and password. We could build those loose creds into a LoginCredentials just to pass it in for completion, but seems better to work at the username level since it suits both scenarios.

the other part is that we also have to know if the backfilling happened, so it’s not just the case of passing in a username and getting a username back (or passing in LoginCredentials and getting LoginCredentials back) but we also want to know if the backfilling occurred. That’s why it’s wrapped into a BackFillResult which gives back everything the caller needs to make the updates (and know if the backfilling happened). The caller could infer it based on if the returned username is different, but seems better to me to have that wrapped up in the result type.

[cmonfortep]

Left to suggestions: removing this class or changing the interface (with an approach). However, change is optional and not blocking. My point here is the class seems just to have 1 check and a method call, and that could be a private method imho.
What confused me is that usernameFromJavascript holding a value will avoid executing the actual logic of trying to backfill, and return "not supported". Seems something the caller should validate, but subjective I assume.

[CDRussell]

Merge activity

• Jan 27, 4:43 AM EST: A user started a stack merge that includes this pull request via Graphite.
• Jan 27, 4:44 AM EST: A user merged this pull request with Graphite.