1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_FORM_MANAGER_H_ 6 #define CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_FORM_MANAGER_H_ 7 8 #include <string> 9 #include <vector> 10 11 #include "build/build_config.h" 12 13 #include "base/stl_util.h" 14 #include "chrome/browser/password_manager/password_store_consumer.h" 15 #include "content/public/common/password_form.h" 16 17 namespace content { 18 class WebContents; 19 } // namespace content 20 21 class PasswordManager; 22 class PasswordStore; 23 class Profile; 24 25 // Per-password-form-{on-page, dialog} class responsible for interactions 26 // between a given form, the per-tab PasswordManager, and the PasswordStore. 27 class PasswordFormManager : public PasswordStoreConsumer { 28 public: 29 // profile contains the link to the PasswordStore and whether we're off 30 // the record 31 // password_manager owns this object 32 // form_on_page is the form that may be submitted and could need login data. 33 // ssl_valid represents the security of the page containing observed_form, 34 // used to filter login results from database. 35 PasswordFormManager(Profile* profile, 36 PasswordManager* password_manager, 37 content::WebContents* web_contents, 38 const content::PasswordForm& observed_form, 39 bool ssl_valid); 40 virtual ~PasswordFormManager(); 41 42 enum ActionMatch { 43 ACTION_MATCH_REQUIRED, 44 ACTION_MATCH_NOT_REQUIRED 45 }; 46 47 enum OtherPossibleUsernamesAction { 48 ALLOW_OTHER_POSSIBLE_USERNAMES, 49 IGNORE_OTHER_POSSIBLE_USERNAMES 50 }; 51 52 // Compare basic data of observed_form_ with argument. Only check the action 53 // URL when action match is required. 54 bool DoesManage(const content::PasswordForm& form, 55 ActionMatch action_match) const; 56 57 // Retrieves potential matching logins from the database. 58 void FetchMatchingLoginsFromPasswordStore(); 59 60 // Simple state-check to verify whether this object as received a callback 61 // from the PasswordStore and completed its matching phase. Note that the 62 // callback in question occurs on the same (and only) main thread from which 63 // instances of this class are ever used, but it is required since it is 64 // conceivable that a user (or ui test) could attempt to submit a login 65 // prompt before the callback has occured, which would InvokeLater a call to 66 // PasswordManager::ProvisionallySave, which would interact with this object 67 // before the db has had time to answer with matching password entries. 68 // This is intended to be a one-time check; if the return value is false the 69 // expectation is caller will give up. This clearly won't work if you put it 70 // in a loop and wait for matching to complete; you're (supposed to be) on 71 // the same thread! 72 bool HasCompletedMatching(); 73 74 // Determines if the user opted to 'never remember' passwords for this form. 75 bool IsBlacklisted(); 76 77 // Used by PasswordManager to determine whether or not to display 78 // a SavePasswordBar when given the green light to save the PasswordForm 79 // managed by this. 80 bool IsNewLogin(); 81 82 // Returns true if the current pending credentials were found using 83 // origin matching of the public suffix, instead of the signon realm of the 84 // form. 85 bool IsPendingCredentialsPublicSuffixMatch(); 86 87 // Checks if the form is a valid password form. Forms which lack either 88 // login or password field are not considered valid. 89 bool HasValidPasswordForm(); 90 91 // These functions are used to determine if this form has had it's password 92 // auto generated by the browser. 93 bool HasGeneratedPassword(); 94 void SetHasGeneratedPassword(); 95 96 // Determines if we need to autofill given the results of the query. 97 void OnRequestDone(const std::vector<content::PasswordForm*>& result); 98 99 // PasswordStoreConsumer implementation. 100 virtual void OnPasswordStoreRequestDone( 101 CancelableRequestProvider::Handle handle, 102 const std::vector<content::PasswordForm*>& result) OVERRIDE; 103 virtual void OnGetPasswordStoreResults( 104 const std::vector<content::PasswordForm*>& results) OVERRIDE; 105 106 // A user opted to 'never remember' passwords for this form. 107 // Blacklist it so that from now on when it is seen we ignore it. 108 void PermanentlyBlacklist(); 109 110 // If the user has submitted observed_form_, provisionally hold on to 111 // the submitted credentials until we are told by PasswordManager whether 112 // or not the login was successful. |action| describes how we deal with 113 // possible usernames. If |action| is ALLOW_OTHER_POSSIBLE_USERNAMES we will 114 // treat a possible usernames match as a sign that our original heuristics 115 // were wrong and that the user selected the correct username from the 116 // Autofill UI. 117 void ProvisionallySave(const content::PasswordForm& credentials, 118 OtherPossibleUsernamesAction action); 119 120 // Handles save-as-new or update of the form managed by this manager. 121 // Note the basic data of updated_credentials must match that of 122 // observed_form_ (e.g DoesManage(pending_credentials_) == true). 123 void Save(); 124 125 // Call these if/when we know the form submission worked or failed. 126 // These routines are used to update internal statistics ("ActionsTaken"). 127 void SubmitPassed(); 128 void SubmitFailed(); 129 130 // Return the username associated with the credentials. 131 const string16& associated_username() const { 132 return pending_credentials_.username_value; 133 } 134 135 // Returns the realm URL for the form managed my this manager. 136 const std::string& realm() const { 137 return pending_credentials_.signon_realm; 138 } 139 140 private: 141 friend class PasswordFormManagerTest; 142 143 // ManagerAction - What does the manager do with this form? Either it 144 // fills it, or it doesn't. If it doesn't fill it, that's either 145 // because it has no match, or it is blacklisted, or it is disabled 146 // via the AUTOCOMPLETE=off attribute. Note that if we don't have 147 // an exact match, we still provide candidates that the user may 148 // end up choosing. 149 enum ManagerAction { 150 kManagerActionNone = 0, 151 kManagerActionAutofilled, 152 kManagerActionBlacklisted, 153 kManagerActionDisabled, 154 kManagerActionMax 155 }; 156 157 // UserAction - What does the user do with this form? If he or she 158 // does nothing (either by accepting what the password manager did, or 159 // by simply (not typing anything at all), you get None. If there were 160 // multiple choices and the user selects one other than the default, 161 // you get Choose, and if the user types in a new value, you get 162 // Override. 163 enum UserAction { 164 kUserActionNone = 0, 165 kUserActionChoose, 166 kUserActionOverride, 167 kUserActionMax 168 }; 169 170 // Result - What happens to the form? 171 enum SubmitResult { 172 kSubmitResultNotSubmitted = 0, 173 kSubmitResultFailed, 174 kSubmitResultPassed, 175 kSubmitResultMax 176 }; 177 178 // The maximum number of combinations of the three preceding enums. 179 // This is used when recording the actions taken by the form in UMA. 180 static const int kMaxNumActionsTaken = kManagerActionMax * kUserActionMax * 181 kSubmitResultMax; 182 183 // Helper for OnPasswordStoreRequestDone to determine whether or not 184 // the given result form is worth scoring. 185 bool IgnoreResult(const content::PasswordForm& form) const; 186 187 // Helper for Save in the case that best_matches.size() == 0, meaning 188 // we have no prior record of this form/username/password and the user 189 // has opted to 'Save Password'. If |reset_preferred_login| is set, 190 // the previously preferred login from |best_matches_| will be reset. 191 void SaveAsNewLogin(bool reset_preferred_login); 192 193 // Helper for OnPasswordStoreRequestDone to score an individual result 194 // against the observed_form_. 195 int ScoreResult(const content::PasswordForm& form) const; 196 197 // Helper for Save in the case that best_matches.size() > 0, meaning 198 // we have at least one match for this form/username/password. This 199 // Updates the form managed by this object, as well as any matching forms 200 // that now need to have preferred bit changed, since updated_credentials 201 // is now implicitly 'preferred'. 202 void UpdateLogin(); 203 204 // Update all login matches to reflect new preferred state - preferred flag 205 // will be reset on all matched logins that different than the current 206 // |pending_credentials_|. 207 void UpdatePreferredLoginState(PasswordStore* password_store); 208 209 // Returns true if |username| is one of the other possible usernames for a 210 // password form in |best_matches_| and sets |pending_credentials_| to the 211 // match which had this username. 212 bool UpdatePendingCredentialsIfOtherPossibleUsername( 213 const string16& username); 214 215 // Converts the "ActionsTaken" fields into an int so they can be logged to 216 // UMA. 217 int GetActionsTaken(); 218 219 // Informs the renderer that the user has not blacklisted observed_form_ by 220 // choosing "never save passwords for this site". This is used by the password 221 // generation manager to deside whether to show the password generation icon. 222 virtual void SendNotBlacklistedToRenderer(); 223 224 // Remove possible_usernames that may contains sensitive information and 225 // duplicates. 226 void SanitizePossibleUsernames(content::PasswordForm* form); 227 228 // Set of PasswordForms from the DB that best match the form 229 // being managed by this. Use a map instead of vector, because we most 230 // frequently require lookups by username value in IsNewLogin. 231 content::PasswordFormMap best_matches_; 232 233 // Cleans up when best_matches_ goes out of scope. 234 STLValueDeleter<content::PasswordFormMap> best_matches_deleter_; 235 236 // The PasswordForm from the page or dialog managed by this. 237 content::PasswordForm observed_form_; 238 239 // The origin url path of observed_form_ tokenized, for convenience when 240 // scoring. 241 std::vector<std::string> form_path_tokens_; 242 243 // Stores updated credentials when the form was submitted but success is 244 // still unknown. 245 content::PasswordForm pending_credentials_; 246 247 // Whether pending_credentials_ stores a new login or is an update 248 // to an existing one. 249 bool is_new_login_; 250 251 // Whether this form has an auto generated password. 252 bool has_generated_password_; 253 254 // Set if the user has selected one of the other possible usernames in 255 // |pending_credentials_|. 256 string16 selected_username_; 257 258 // PasswordManager owning this. 259 const PasswordManager* const password_manager_; 260 261 // Convenience pointer to entry in best_matches_ that is marked 262 // as preferred. This is only allowed to be null if there are no best matches 263 // at all, since there will always be one preferred login when there are 264 // multiple matches (when first saved, a login is marked preferred). 265 const content::PasswordForm* preferred_match_; 266 267 typedef enum { 268 PRE_MATCHING_PHASE, // Have not yet invoked a GetLogins query to find 269 // matching login information from password store. 270 MATCHING_PHASE, // We've made a GetLogins request, but 271 // haven't received or finished processing result. 272 POST_MATCHING_PHASE // We've queried the DB and processed matching 273 // login results. 274 } PasswordFormManagerState; 275 276 // State of matching process, used to verify that we don't call methods 277 // assuming we've already processed the request for matching logins, 278 // when we actually haven't. 279 PasswordFormManagerState state_; 280 281 // The profile from which we get the PasswordStore. 282 Profile* profile_; 283 284 // Web contents from which we get the RenderViewHost for sending messages to 285 // the corresponding renderer. 286 content::WebContents* web_contents_; 287 288 // These three fields record the "ActionsTaken" by the browser and 289 // the user with this form, and the result. They are combined and 290 // recorded in UMA when the manager is destroyed. 291 ManagerAction manager_action_; 292 UserAction user_action_; 293 SubmitResult submit_result_; 294 295 DISALLOW_COPY_AND_ASSIGN(PasswordFormManager); 296 }; 297 #endif // CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_FORM_MANAGER_H_ 298