1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_FORM_MANAGER_H_ 6 #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_FORM_MANAGER_H_ 7 8 #include <string> 9 #include <vector> 10 11 #include "build/build_config.h" 12 13 #include "base/stl_util.h" 14 #include "components/autofill/core/common/password_form.h" 15 #include "components/password_manager/core/browser/password_manager_driver.h" 16 #include "components/password_manager/core/browser/password_store.h" 17 #include "components/password_manager/core/browser/password_store_consumer.h" 18 19 namespace content { 20 class WebContents; 21 } // namespace content 22 23 namespace password_manager { 24 25 class PasswordManager; 26 class PasswordManagerClient; 27 28 // Per-password-form-{on-page, dialog} class responsible for interactions 29 // between a given form, the per-tab PasswordManager, and the PasswordStore. 30 class PasswordFormManager : public PasswordStoreConsumer { 31 public: 32 // |password_manager| owns this object 33 // |form_on_page| is the form that may be submitted and could need login data. 34 // |ssl_valid| represents the security of the page containing observed_form, 35 // used to filter login results from database. 36 PasswordFormManager(PasswordManager* password_manager, 37 PasswordManagerClient* client, 38 PasswordManagerDriver* driver, 39 const autofill::PasswordForm& observed_form, 40 bool ssl_valid); 41 virtual ~PasswordFormManager(); 42 43 enum ActionMatch { 44 ACTION_MATCH_REQUIRED, 45 ACTION_MATCH_NOT_REQUIRED 46 }; 47 48 enum OtherPossibleUsernamesAction { 49 ALLOW_OTHER_POSSIBLE_USERNAMES, 50 IGNORE_OTHER_POSSIBLE_USERNAMES 51 }; 52 53 // Compare basic data of observed_form_ with argument. Only check the action 54 // URL when action match is required. 55 bool DoesManage(const autofill::PasswordForm& form, 56 ActionMatch action_match) const; 57 58 // Retrieves potential matching logins from the database. 59 // |prompt_policy| indicates whether it's permissible to prompt the user to 60 // authorize access to locked passwords. This argument is only used on 61 // platforms that support prompting the user for access (such as Mac OS). 62 void FetchMatchingLoginsFromPasswordStore( 63 PasswordStore::AuthorizationPromptPolicy prompt_policy); 64 65 // Simple state-check to verify whether this object as received a callback 66 // from the PasswordStore and completed its matching phase. Note that the 67 // callback in question occurs on the same (and only) main thread from which 68 // instances of this class are ever used, but it is required since it is 69 // conceivable that a user (or ui test) could attempt to submit a login 70 // prompt before the callback has occured, which would InvokeLater a call to 71 // PasswordManager::ProvisionallySave, which would interact with this object 72 // before the db has had time to answer with matching password entries. 73 // This is intended to be a one-time check; if the return value is false the 74 // expectation is caller will give up. This clearly won't work if you put it 75 // in a loop and wait for matching to complete; you're (supposed to be) on 76 // the same thread! 77 bool HasCompletedMatching(); 78 79 // Determines if the user opted to 'never remember' passwords for this form. 80 bool IsBlacklisted(); 81 82 // Used by PasswordManager to determine whether or not to display 83 // a SavePasswordBar when given the green light to save the PasswordForm 84 // managed by this. 85 bool IsNewLogin(); 86 87 // Returns true if the current pending credentials were found using 88 // origin matching of the public suffix, instead of the signon realm of the 89 // form. 90 bool IsPendingCredentialsPublicSuffixMatch(); 91 92 // Checks if the form is a valid password form. Forms which lack either 93 // login or password field are not considered valid. 94 bool HasValidPasswordForm(); 95 96 // These functions are used to determine if this form has had it's password 97 // auto generated by the browser. 98 bool HasGeneratedPassword(); 99 void SetHasGeneratedPassword(); 100 101 // Determines if we need to autofill given the results of the query. 102 // Takes ownership of the elements in |result|. 103 void OnRequestDone(const std::vector<autofill::PasswordForm*>& result); 104 105 virtual void OnGetPasswordStoreResults( 106 const std::vector<autofill::PasswordForm*>& results) OVERRIDE; 107 108 // A user opted to 'never remember' passwords for this form. 109 // Blacklist it so that from now on when it is seen we ignore it. 110 // TODO: Make this private once we switch to the new UI. 111 void PermanentlyBlacklist(); 112 113 // Sets whether the password form should use additional password 114 // authentication if available before being used for autofill. 115 void SetUseAdditionalPasswordAuthentication( 116 bool use_additional_authentication); 117 118 // If the user has submitted observed_form_, provisionally hold on to 119 // the submitted credentials until we are told by PasswordManager whether 120 // or not the login was successful. |action| describes how we deal with 121 // possible usernames. If |action| is ALLOW_OTHER_POSSIBLE_USERNAMES we will 122 // treat a possible usernames match as a sign that our original heuristics 123 // were wrong and that the user selected the correct username from the 124 // Autofill UI. 125 void ProvisionallySave(const autofill::PasswordForm& credentials, 126 OtherPossibleUsernamesAction action); 127 128 // Handles save-as-new or update of the form managed by this manager. 129 // Note the basic data of updated_credentials must match that of 130 // observed_form_ (e.g DoesManage(pending_credentials_) == true). 131 // TODO: Make this private once we switch to the new UI. 132 void Save(); 133 134 // Call these if/when we know the form submission worked or failed. 135 // These routines are used to update internal statistics ("ActionsTaken"). 136 void SubmitPassed(); 137 void SubmitFailed(); 138 139 // Returns the username associated with the credentials. 140 const base::string16& associated_username() const { 141 return pending_credentials_.username_value; 142 } 143 144 // Returns the pending credentials. 145 const autofill::PasswordForm& pending_credentials() const { 146 return pending_credentials_; 147 } 148 149 // Returns the best matches. 150 const autofill::PasswordFormMap best_matches() const { 151 return best_matches_; 152 } 153 154 // Returns the realm URL for the form managed my this manager. 155 const std::string& realm() const { 156 return pending_credentials_.signon_realm; 157 } 158 159 private: 160 friend class PasswordFormManagerTest; 161 162 // ManagerAction - What does the manager do with this form? Either it 163 // fills it, or it doesn't. If it doesn't fill it, that's either 164 // because it has no match, or it is blacklisted, or it is disabled 165 // via the AUTOCOMPLETE=off attribute. Note that if we don't have 166 // an exact match, we still provide candidates that the user may 167 // end up choosing. 168 enum ManagerAction { 169 kManagerActionNone = 0, 170 kManagerActionAutofilled, 171 kManagerActionBlacklisted, 172 kManagerActionMax 173 }; 174 175 // UserAction - What does the user do with this form? If he or she 176 // does nothing (either by accepting what the password manager did, or 177 // by simply (not typing anything at all), you get None. If there were 178 // multiple choices and the user selects one other than the default, 179 // you get Choose, if user selects an entry from matching against the Public 180 // Suffix List you get ChoosePslMatch, if the user types in a new value 181 // for just the password you get OverridePassword, and if the user types in a 182 // new value for the username and password you get 183 // OverrideUsernameAndPassword. 184 enum UserAction { 185 kUserActionNone = 0, 186 kUserActionChoose, 187 kUserActionChoosePslMatch, 188 kUserActionOverridePassword, 189 kUserActionOverrideUsernameAndPassword, 190 kUserActionMax 191 }; 192 193 // Result - What happens to the form? 194 enum SubmitResult { 195 kSubmitResultNotSubmitted = 0, 196 kSubmitResultFailed, 197 kSubmitResultPassed, 198 kSubmitResultMax 199 }; 200 201 // The maximum number of combinations of the three preceding enums. 202 // This is used when recording the actions taken by the form in UMA. 203 static const int kMaxNumActionsTaken = kManagerActionMax * kUserActionMax * 204 kSubmitResultMax; 205 206 // Helper for OnGetPasswordStoreResults to determine whether or not 207 // the given result form is worth scoring. 208 bool IgnoreResult(const autofill::PasswordForm& form) const; 209 210 // Helper for Save in the case that best_matches.size() == 0, meaning 211 // we have no prior record of this form/username/password and the user 212 // has opted to 'Save Password'. If |reset_preferred_login| is set, 213 // the previously preferred login from |best_matches_| will be reset. 214 void SaveAsNewLogin(bool reset_preferred_login); 215 216 // Helper for OnGetPasswordStoreResults to score an individual result 217 // against the observed_form_. 218 int ScoreResult(const autofill::PasswordForm& form) const; 219 220 // Helper for Save in the case that best_matches.size() > 0, meaning 221 // we have at least one match for this form/username/password. This 222 // Updates the form managed by this object, as well as any matching forms 223 // that now need to have preferred bit changed, since updated_credentials 224 // is now implicitly 'preferred'. 225 void UpdateLogin(); 226 227 // Check to see if |pending| corresponds to an account creation form. If we 228 // think that it does, we label it as such and upload this state to the 229 // Autofill server, so that we will trigger password generation in the future. 230 void CheckForAccountCreationForm(const autofill::PasswordForm& pending, 231 const autofill::PasswordForm& observed); 232 233 // Update all login matches to reflect new preferred state - preferred flag 234 // will be reset on all matched logins that different than the current 235 // |pending_credentials_|. 236 void UpdatePreferredLoginState(PasswordStore* password_store); 237 238 // Returns true if |username| is one of the other possible usernames for a 239 // password form in |best_matches_| and sets |pending_credentials_| to the 240 // match which had this username. 241 bool UpdatePendingCredentialsIfOtherPossibleUsername( 242 const base::string16& username); 243 244 // Converts the "ActionsTaken" fields into an int so they can be logged to 245 // UMA. 246 int GetActionsTaken(); 247 248 // Remove possible_usernames that may contains sensitive information and 249 // duplicates. 250 void SanitizePossibleUsernames(autofill::PasswordForm* form); 251 252 // Set of PasswordForms from the DB that best match the form 253 // being managed by this. Use a map instead of vector, because we most 254 // frequently require lookups by username value in IsNewLogin. 255 autofill::PasswordFormMap best_matches_; 256 257 // Cleans up when best_matches_ goes out of scope. 258 STLValueDeleter<autofill::PasswordFormMap> best_matches_deleter_; 259 260 // The PasswordForm from the page or dialog managed by this. 261 autofill::PasswordForm observed_form_; 262 263 // The origin url path of observed_form_ tokenized, for convenience when 264 // scoring. 265 std::vector<std::string> form_path_tokens_; 266 267 // Stores updated credentials when the form was submitted but success is 268 // still unknown. 269 autofill::PasswordForm pending_credentials_; 270 271 // Whether pending_credentials_ stores a new login or is an update 272 // to an existing one. 273 bool is_new_login_; 274 275 // Whether this form has an auto generated password. 276 bool has_generated_password_; 277 278 // Set if the user has selected one of the other possible usernames in 279 // |pending_credentials_|. 280 base::string16 selected_username_; 281 282 // PasswordManager owning this. 283 const PasswordManager* const password_manager_; 284 285 // Convenience pointer to entry in best_matches_ that is marked 286 // as preferred. This is only allowed to be null if there are no best matches 287 // at all, since there will always be one preferred login when there are 288 // multiple matches (when first saved, a login is marked preferred). 289 const autofill::PasswordForm* preferred_match_; 290 291 typedef enum { 292 PRE_MATCHING_PHASE, // Have not yet invoked a GetLogins query to find 293 // matching login information from password store. 294 MATCHING_PHASE, // We've made a GetLogins request, but 295 // haven't received or finished processing result. 296 POST_MATCHING_PHASE // We've queried the DB and processed matching 297 // login results. 298 } PasswordFormManagerState; 299 300 // State of matching process, used to verify that we don't call methods 301 // assuming we've already processed the request for matching logins, 302 // when we actually haven't. 303 PasswordFormManagerState state_; 304 305 // The client which implements embedder-specific PasswordManager operations. 306 PasswordManagerClient* client_; 307 308 // The driver which implements platform-specific PasswordManager operations. 309 PasswordManagerDriver* driver_; 310 311 // These three fields record the "ActionsTaken" by the browser and 312 // the user with this form, and the result. They are combined and 313 // recorded in UMA when the manager is destroyed. 314 ManagerAction manager_action_; 315 UserAction user_action_; 316 SubmitResult submit_result_; 317 318 DISALLOW_COPY_AND_ASSIGN(PasswordFormManager); 319 }; 320 321 } // namespace password_manager 322 323 #endif // COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_FORM_MANAGER_H_ 324