Autofill: Increase ratio of complete credential saves

[CDRussell]

Task/Issue URL: https://app.asana.com/0/72649045549333/1206048666874234/f

Description

Increases the ratio of complete credential saves by being able to capture a username-only form submission, and then re-attach it to a nearby password-only form submission. This is useful for scenarios like resetting passwords and multi-step logins.

Steps to test this PR

Logcat filter:
message~:"partial save" | message~:”backfill"

Simulating a multi-step login form

• Ensure no passwords currently saved (or none for autofill.me at least)
• Visit https://autofill.me/form/login-simple
• Enter username test
• Leave password blank
• Hit Login button (this simulates getting the first part of a multi-step login form)
• Now clear the username
• Enter password (>=4 characters)
• Hit Login button (this is submitting only a password now, simulating the second part of a multi-step login form)
• Save password when prompted, then go view it in the Password Management view (e.g., tap on View in snackbar)
• Verify it has username=test and password matches what you provided (i.e., the username was backfilled because the partial form submission’s username was later applied to the final form submission which didn’t have the username)

Updating password for the above (not backfilling)

• Visit https://autofill.me/form/login-simple (decline offer to autofill)
• Enter username test
• Enter a different password than what is stored already
• Hit Login button; verify you are offered to update the password
• Verify that when you decline, the saved password hasn’t changed
• Then repeat and accept the offer to update the password; verify it was updated correctly (and there are no dupes for that username)

Updating password (with backfilling)

• Visit https://autofill.me/form/login-simple (decline offer to autofill)
• Enter username test
• Leave password blank
• Hit Login button (this simulates getting the first part of a multi-step login form)
• Now clear the username
• Enter a different password than what is stored already
• Hit Login button; verify you are offered to update the password
• Verify Backfilling username [test] from partial save in logs
• Test both updating password when prompted, and declining and make sure in both cases the password is correct and there are no duplicates for that username

Password reset flow (with backfilling, automatic password generation)

• Visit scribd.com and create an account if you don’t have one (recommend using email address that you can get on the device you’re testing on, as you’ll need to click a reset password link)
• (Sign out if signed in)
• Click Forgot password? from scribd.com
• Enter your email address
• Get the email from them, and click the link to reset your password within 3 minutes
• Choose to use a generated password when prompted (note the last few characters so you can verify it later)
• Verify you are prompted to update your password (note, update, not to save a new one)
• Agree to Update Password. Verify the password is correct and there are no duplicate credentials.

Password reset flow (with backfilling, manual password entry)

• Visit scribd.com (sign out if signed in)
• Click Forgot password? from scribd.com
• Enter your email address
• Get the email from them, and click the link to reset your password within 3 minutes
• Choose to manually enter a password that conforms to their rules
• Verify you are prompted to update your password (note, update, not to save a new one)
• Agree to Update Password. Verify the password is correct and there are no duplicate credentials.

Password reset flow (no backfilling, automatic password generation)

• Visit scribd.com (sign out if signed in)
• Click Forgot password? from scribd.com
• Enter your email address
• Wait > 3 minutes
• Get the email from them, and click the link to reset your password
• Choose to use a generated password when prompted (note the last few characters so you can verify it later)
• Verify you see a snackbar that password has been saved. Note, this is a separate credential that is saved with no username attached (i.e, existing behaviour because this was ineligible for backfilling)

Password reset flow (no backfilling, manual password entry)

• Visit scribd.com (sign out if signed in)
• Click Forgot password? from scribd.com
• Enter your email address
• Wait > 3 minutes
• Get the email from them, and click the link to reset your password
• Choose to manually enter a password
• Verify you are prompted to save ❓. Note, this is a separate credential that is saved with no username attached (i.e, existing behaviour because this was ineligible for backfilling)

Email Protection, autofilling personal duck address contributes as username backfill candidate

• Be signed into Email Protection
• remove any saved logins for https://privacy-test-pages.site
• Visit https://privacy-test-pages.site/autofill/autoprompt/0-standard-signup-form.html
• Tap on email field and autofill using your personal duck address. Do not submit the form.
• Now navigate to https://privacy-test-pages.site/autofill/password-update.html (use same tab)
• In the 2nd form, enter password manually into the New Password field (can leave other two password fields blank) and tap the button
• Verify you are prompted to save the password, and it successfully joins your duck address to the password you entered
• Repeat this, but use an autogenerated password. Verify this is autosaved (i.e., user not prompted) into a single, complete credential

Email Protection, autofilling private duck address contributes as username backfill candidate

• Be signed into Email Protection
• remove any saved logins for https://privacy-test-pages.site
• Visit https://privacy-test-pages.site/autofill/autoprompt/0-standard-signup-form.html
• Tap on email field and autofill using your private duck address. Do not submit the form.
• Now navigate to https://privacy-test-pages.site/autofill/password-update.html (use same tab)
• In the 2nd form, enter password manually into the New Password field (can leave other two password fields blank) and tap the button
• Verify you are prompted to update the password, and it successfully joins your duck address to the password you entered
• Repeat this, but use an autogenerated password. Verify this is autosaved (i.e., user not prompted) into a single, complete credential ⚠️

Disable feature flag

• Disable partialFormSaves
• Ensure no passwords currently saved for autofill.me
• Visit https://autofill.me/form/login-simple
• Enter username test
• Leave password blank
• Hit Login button (this simulates getting the first part of a multi-step login form)
• Now clear the username
• Enter password (>=4 characters)
• Hit Login button (this is submitting only a password now, simulating the second part of a multi-step login form)
• Accept to save the password. Verify this has no username (since it wasn’t allowed to backfill it)

Ensuring existing business rules are maintained

Autofill personal duck address and autogenerated password

• remove any saved logins for https://privacy-test-pages.site
• Be signed into Email Protection
• Visit https://privacy-test-pages.site/autofill/autoprompt/0-standard-signup-form.html
• Tap on email field and autofill using your personal duck address
• Tap on password field and autofill using autogenerated password
• Sign Sign Up button, verify a single, complete credential is saved with correct username+password

Autofill private duck address and autogenerated password

• remove any saved logins for https://privacy-test-pages.site
• Be signed into Email Protection
• Visit https://privacy-test-pages.site/autofill/autoprompt/0-standard-signup-form.html
• Tap on email field and autofill using your private duck address
• Tap on password field and autofill using autogenerated password
• Sign Sign Up button, verify a single, complete credential is saved with correct username+password

Autofill personal duck address and manual password

• remove any saved logins for https://privacy-test-pages.site
• Be signed into Email Protection
• Visit https://privacy-test-pages.site/autofill/autoprompt/0-standard-signup-form.html
• Tap on email field and autofill using your personal duck address
• Tap on password field and decline autogenerated password. Enter your own one (> 4 characters)
• Sign Sign Up button, verify you are prompted to save and upon accepting, a single, complete credential is saved with correct username+password

Autofill private duck address and manual password

• remove any saved logins for https://privacy-test-pages.site
• Be signed into Email Protection
• Visit https://privacy-test-pages.site/autofill/autoprompt/0-standard-signup-form.html
• Tap on email field and autofill using your private duck address
• Tap on password field and decline autogenerated password. Enter your own one (> 4 characters)
• Sign Sign Up button, verify you are prompted to save and upon accepting, a single, complete credential is saved with correct username+password

[CDRussell]

• Modify autofill update credential pixel to include backfilled parameter #5392
• Autofill: Increase ratio of complete credential saves #5386 👈 (View in Graphite)
• develop

This stack of pull requests is managed by Graphite. Learn more about stacking.

[CDRussell]

this is a small tidy up as these are types specifically for Moshi / JSON parsing, used internally in this class. but we don’t necessarily want the same types returned out of this class

for example, the trigger is nullable when parsing from JSON, but when returning we also want that non-nullable and defaulting to UNKNOWN if it couldn’t be parsed from the JSON