1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_FORM_MANAGER_H_ 6 #define CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_FORM_MANAGER_H_ 7 8 #include <string> 9 #include <vector> 10 11 #include "build/build_config.h" 12 13 #include "base/stl_util.h" 14 #include "chrome/browser/password_manager/password_store.h" 15 #include "chrome/browser/password_manager/password_store_consumer.h" 16 #include "components/autofill/core/common/password_form.h" 17 18 namespace content { 19 class WebContents; 20 } // namespace content 21 22 class PasswordManager; 23 class Profile; 24 25 // Per-password-form-{on-page, dialog} class responsible for interactions 26 // between a given form, the per-tab PasswordManager, and the PasswordStore. 27 class PasswordFormManager : public PasswordStoreConsumer { 28 public: 29 // profile contains the link to the PasswordStore and whether we're off 30 // the record 31 // password_manager owns this object 32 // form_on_page is the form that may be submitted and could need login data. 33 // ssl_valid represents the security of the page containing observed_form, 34 // used to filter login results from database. 35 PasswordFormManager(Profile* profile, 36 PasswordManager* password_manager, 37 content::WebContents* web_contents, 38 const autofill::PasswordForm& observed_form, 39 bool ssl_valid); 40 virtual ~PasswordFormManager(); 41 42 enum ActionMatch { 43 ACTION_MATCH_REQUIRED, 44 ACTION_MATCH_NOT_REQUIRED 45 }; 46 47 enum OtherPossibleUsernamesAction { 48 ALLOW_OTHER_POSSIBLE_USERNAMES, 49 IGNORE_OTHER_POSSIBLE_USERNAMES 50 }; 51 52 // Compare basic data of observed_form_ with argument. Only check the action 53 // URL when action match is required. 54 bool DoesManage(const autofill::PasswordForm& form, 55 ActionMatch action_match) const; 56 57 // Retrieves potential matching logins from the database. 58 // |prompt_policy| indicates whether it's permissible to prompt the user to 59 // authorize access to locked passwords. This argument is only used on 60 // platforms that support prompting the user for access (such as Mac OS). 61 void FetchMatchingLoginsFromPasswordStore( 62 PasswordStore::AuthorizationPromptPolicy prompt_policy); 63 64 // Simple state-check to verify whether this object as received a callback 65 // from the PasswordStore and completed its matching phase. Note that the 66 // callback in question occurs on the same (and only) main thread from which 67 // instances of this class are ever used, but it is required since it is 68 // conceivable that a user (or ui test) could attempt to submit a login 69 // prompt before the callback has occured, which would InvokeLater a call to 70 // PasswordManager::ProvisionallySave, which would interact with this object 71 // before the db has had time to answer with matching password entries. 72 // This is intended to be a one-time check; if the return value is false the 73 // expectation is caller will give up. This clearly won't work if you put it 74 // in a loop and wait for matching to complete; you're (supposed to be) on 75 // the same thread! 76 bool HasCompletedMatching(); 77 78 // Determines if the user opted to 'never remember' passwords for this form. 79 bool IsBlacklisted(); 80 81 // Used by PasswordManager to determine whether or not to display 82 // a SavePasswordBar when given the green light to save the PasswordForm 83 // managed by this. 84 bool IsNewLogin(); 85 86 // Returns true if the current pending credentials were found using 87 // origin matching of the public suffix, instead of the signon realm of the 88 // form. 89 bool IsPendingCredentialsPublicSuffixMatch(); 90 91 // Checks if the form is a valid password form. Forms which lack either 92 // login or password field are not considered valid. 93 bool HasValidPasswordForm(); 94 95 // These functions are used to determine if this form has had it's password 96 // auto generated by the browser. 97 bool HasGeneratedPassword(); 98 void SetHasGeneratedPassword(); 99 100 // Determines if we need to autofill given the results of the query. 101 void OnRequestDone(const std::vector<autofill::PasswordForm*>& result); 102 103 // PasswordStoreConsumer implementation. 104 virtual void OnPasswordStoreRequestDone( 105 CancelableRequestProvider::Handle handle, 106 const std::vector<autofill::PasswordForm*>& result) OVERRIDE; 107 virtual void OnGetPasswordStoreResults( 108 const std::vector<autofill::PasswordForm*>& results) OVERRIDE; 109 110 // A user opted to 'never remember' passwords for this form. 111 // Blacklist it so that from now on when it is seen we ignore it. 112 // TODO: Make this private once we switch to the new UI. 113 void PermanentlyBlacklist(); 114 115 // If the user has submitted observed_form_, provisionally hold on to 116 // the submitted credentials until we are told by PasswordManager whether 117 // or not the login was successful. |action| describes how we deal with 118 // possible usernames. If |action| is ALLOW_OTHER_POSSIBLE_USERNAMES we will 119 // treat a possible usernames match as a sign that our original heuristics 120 // were wrong and that the user selected the correct username from the 121 // Autofill UI. 122 void ProvisionallySave(const autofill::PasswordForm& credentials, 123 OtherPossibleUsernamesAction action); 124 125 // Handles save-as-new or update of the form managed by this manager. 126 // Note the basic data of updated_credentials must match that of 127 // observed_form_ (e.g DoesManage(pending_credentials_) == true). 128 // TODO: Make this private once we switch to the new UI. 129 void Save(); 130 131 // Call these if/when we know the form submission worked or failed. 132 // These routines are used to update internal statistics ("ActionsTaken"). 133 void SubmitPassed(); 134 void SubmitFailed(); 135 136 // Returns the username associated with the credentials. 137 const base::string16& associated_username() const { 138 return pending_credentials_.username_value; 139 } 140 141 // Returns the pending credentials. 142 const autofill::PasswordForm pending_credentials() const { 143 return pending_credentials_; 144 } 145 146 // Returns the best matches. 147 const autofill::PasswordFormMap best_matches() const { 148 return best_matches_; 149 } 150 151 // Returns the realm URL for the form managed my this manager. 152 const std::string& realm() const { 153 return pending_credentials_.signon_realm; 154 } 155 156 private: 157 friend class PasswordFormManagerTest; 158 159 // ManagerAction - What does the manager do with this form? Either it 160 // fills it, or it doesn't. If it doesn't fill it, that's either 161 // because it has no match, or it is blacklisted, or it is disabled 162 // via the AUTOCOMPLETE=off attribute. Note that if we don't have 163 // an exact match, we still provide candidates that the user may 164 // end up choosing. 165 enum ManagerAction { 166 kManagerActionNone = 0, 167 kManagerActionAutofilled, 168 kManagerActionBlacklisted, 169 kManagerActionMax 170 }; 171 172 // UserAction - What does the user do with this form? If he or she 173 // does nothing (either by accepting what the password manager did, or 174 // by simply (not typing anything at all), you get None. If there were 175 // multiple choices and the user selects one other than the default, 176 // you get Choose, if user selects an entry from matching against the Public 177 // Suffix List you get ChoosePslMatch, and if the user types in a new value, 178 // you get Override. 179 enum UserAction { 180 kUserActionNone = 0, 181 kUserActionChoose, 182 kUserActionChoosePslMatch, 183 kUserActionOverride, 184 kUserActionMax 185 }; 186 187 // Result - What happens to the form? 188 enum SubmitResult { 189 kSubmitResultNotSubmitted = 0, 190 kSubmitResultFailed, 191 kSubmitResultPassed, 192 kSubmitResultMax 193 }; 194 195 // The maximum number of combinations of the three preceding enums. 196 // This is used when recording the actions taken by the form in UMA. 197 static const int kMaxNumActionsTaken = kManagerActionMax * kUserActionMax * 198 kSubmitResultMax; 199 200 // Helper for OnPasswordStoreRequestDone to determine whether or not 201 // the given result form is worth scoring. 202 bool IgnoreResult(const autofill::PasswordForm& form) const; 203 204 // Helper for Save in the case that best_matches.size() == 0, meaning 205 // we have no prior record of this form/username/password and the user 206 // has opted to 'Save Password'. If |reset_preferred_login| is set, 207 // the previously preferred login from |best_matches_| will be reset. 208 void SaveAsNewLogin(bool reset_preferred_login); 209 210 // Helper for OnPasswordStoreRequestDone to score an individual result 211 // against the observed_form_. 212 int ScoreResult(const autofill::PasswordForm& form) const; 213 214 // Helper for Save in the case that best_matches.size() > 0, meaning 215 // we have at least one match for this form/username/password. This 216 // Updates the form managed by this object, as well as any matching forms 217 // that now need to have preferred bit changed, since updated_credentials 218 // is now implicitly 'preferred'. 219 void UpdateLogin(); 220 221 // Check to see if |pending| corresponds to an account creation form. If we 222 // think that it does, we label it as such and upload this state to the 223 // Autofill server, so that we will trigger password generation in the future. 224 void CheckForAccountCreationForm(const autofill::PasswordForm& pending, 225 const autofill::PasswordForm& observed); 226 227 // Update all login matches to reflect new preferred state - preferred flag 228 // will be reset on all matched logins that different than the current 229 // |pending_credentials_|. 230 void UpdatePreferredLoginState(PasswordStore* password_store); 231 232 // Returns true if |username| is one of the other possible usernames for a 233 // password form in |best_matches_| and sets |pending_credentials_| to the 234 // match which had this username. 235 bool UpdatePendingCredentialsIfOtherPossibleUsername( 236 const base::string16& username); 237 238 // Converts the "ActionsTaken" fields into an int so they can be logged to 239 // UMA. 240 int GetActionsTaken(); 241 242 // Informs the renderer that the user has not blacklisted observed_form_ by 243 // choosing "never save passwords for this site". This is used by the password 244 // generation manager to deside whether to show the password generation icon. 245 virtual void SendNotBlacklistedToRenderer(); 246 247 // Remove possible_usernames that may contains sensitive information and 248 // duplicates. 249 void SanitizePossibleUsernames(autofill::PasswordForm* form); 250 251 // Set of PasswordForms from the DB that best match the form 252 // being managed by this. Use a map instead of vector, because we most 253 // frequently require lookups by username value in IsNewLogin. 254 autofill::PasswordFormMap best_matches_; 255 256 // Cleans up when best_matches_ goes out of scope. 257 STLValueDeleter<autofill::PasswordFormMap> best_matches_deleter_; 258 259 // The PasswordForm from the page or dialog managed by this. 260 autofill::PasswordForm observed_form_; 261 262 // The origin url path of observed_form_ tokenized, for convenience when 263 // scoring. 264 std::vector<std::string> form_path_tokens_; 265 266 // Stores updated credentials when the form was submitted but success is 267 // still unknown. 268 autofill::PasswordForm pending_credentials_; 269 270 // Whether pending_credentials_ stores a new login or is an update 271 // to an existing one. 272 bool is_new_login_; 273 274 // Whether this form has an auto generated password. 275 bool has_generated_password_; 276 277 // Set if the user has selected one of the other possible usernames in 278 // |pending_credentials_|. 279 base::string16 selected_username_; 280 281 // PasswordManager owning this. 282 const PasswordManager* const password_manager_; 283 284 // Convenience pointer to entry in best_matches_ that is marked 285 // as preferred. This is only allowed to be null if there are no best matches 286 // at all, since there will always be one preferred login when there are 287 // multiple matches (when first saved, a login is marked preferred). 288 const autofill::PasswordForm* preferred_match_; 289 290 typedef enum { 291 PRE_MATCHING_PHASE, // Have not yet invoked a GetLogins query to find 292 // matching login information from password store. 293 MATCHING_PHASE, // We've made a GetLogins request, but 294 // haven't received or finished processing result. 295 POST_MATCHING_PHASE // We've queried the DB and processed matching 296 // login results. 297 } PasswordFormManagerState; 298 299 // State of matching process, used to verify that we don't call methods 300 // assuming we've already processed the request for matching logins, 301 // when we actually haven't. 302 PasswordFormManagerState state_; 303 304 // The profile from which we get the PasswordStore. 305 Profile* profile_; 306 307 // Web contents from which we get the RenderViewHost for sending messages to 308 // the corresponding renderer. 309 content::WebContents* web_contents_; 310 311 // These three fields record the "ActionsTaken" by the browser and 312 // the user with this form, and the result. They are combined and 313 // recorded in UMA when the manager is destroyed. 314 ManagerAction manager_action_; 315 UserAction user_action_; 316 SubmitResult submit_result_; 317 318 DISALLOW_COPY_AND_ASSIGN(PasswordFormManager); 319 }; 320 #endif // CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_FORM_MANAGER_H_ 321