1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_MANAGER_H_ 6 #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_MANAGER_H_ 7 8 #include <vector> 9 10 #include "base/callback.h" 11 #include "base/memory/scoped_ptr.h" 12 #include "base/memory/scoped_vector.h" 13 #include "base/observer_list.h" 14 #include "base/prefs/pref_member.h" 15 #include "base/stl_util.h" 16 #include "components/autofill/core/common/password_form.h" 17 #include "components/autofill/core/common/password_form_fill_data.h" 18 #include "components/password_manager/core/browser/login_model.h" 19 #include "components/password_manager/core/browser/password_form_manager.h" 20 21 class PrefRegistrySimple; 22 23 namespace content { 24 class WebContents; 25 } 26 27 namespace user_prefs { 28 class PrefRegistrySyncable; 29 } 30 31 namespace password_manager { 32 33 class BrowserSavePasswordProgressLogger; 34 class PasswordManagerClient; 35 class PasswordManagerDriver; 36 class PasswordManagerTest; 37 class PasswordFormManager; 38 39 // Per-tab password manager. Handles creation and management of UI elements, 40 // receiving password form data from the renderer and managing the password 41 // database through the PasswordStore. The PasswordManager is a LoginModel 42 // for purposes of supporting HTTP authentication dialogs. 43 class PasswordManager : public LoginModel { 44 public: 45 static const char kOtherPossibleUsernamesExperiment[]; 46 47 static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry); 48 #if defined(OS_WIN) 49 static void RegisterLocalPrefs(PrefRegistrySimple* registry); 50 #endif 51 explicit PasswordManager(PasswordManagerClient* client); 52 virtual ~PasswordManager(); 53 54 typedef base::Callback<void(const autofill::PasswordForm&)> 55 PasswordSubmittedCallback; 56 57 // There is no corresponding remove function as currently all of the 58 // owners of these callbacks have sufficient lifetimes so that the callbacks 59 // should always be valid when called. 60 void AddSubmissionCallback(const PasswordSubmittedCallback& callback); 61 62 // Is saving new data for password autofill enabled for the current profile 63 // and page? For example, saving new data is disabled in Incognito mode, 64 // whereas filling data is not. Also, saving data is disabled in the presence 65 // of SSL errors on a page. 66 bool IsSavingEnabledForCurrentPage() const; 67 68 // Called by a PasswordFormManager when it decides a form can be autofilled 69 // on the page. 70 virtual void Autofill(const autofill::PasswordForm& form_for_autofill, 71 const autofill::PasswordFormMap& best_matches, 72 const autofill::PasswordForm& preferred_match, 73 bool wait_for_username) const; 74 75 // LoginModel implementation. 76 virtual void AddObserver(LoginModelObserver* observer) OVERRIDE; 77 virtual void RemoveObserver(LoginModelObserver* observer) OVERRIDE; 78 79 // Mark this form as having a generated password. 80 void SetFormHasGeneratedPassword(const autofill::PasswordForm& form); 81 82 // TODO(isherman): This should not be public, but is currently being used by 83 // the LoginPrompt code. 84 // When a form is submitted, we prepare to save the password but wait 85 // until we decide the user has successfully logged in. This is step 1 86 // of 2 (see SavePassword). 87 void ProvisionallySavePassword(const autofill::PasswordForm& form); 88 89 // Should be called when the user navigates the main frame. 90 void DidNavigateMainFrame(bool is_in_page); 91 92 // Handles password forms being parsed. 93 void OnPasswordFormsParsed( 94 const std::vector<autofill::PasswordForm>& forms); 95 96 // Handles password forms being rendered. 97 void OnPasswordFormsRendered( 98 const std::vector<autofill::PasswordForm>& visible_forms); 99 100 // Handles a password form being submitted. 101 virtual void OnPasswordFormSubmitted( 102 const autofill::PasswordForm& password_form); 103 104 PasswordManagerClient* client() { return client_; } 105 106 private: 107 enum ProvisionalSaveFailure { 108 SAVING_DISABLED, 109 EMPTY_PASSWORD, 110 NO_MATCHING_FORM, 111 MATCHING_NOT_COMPLETE, 112 FORM_BLACKLISTED, 113 INVALID_FORM, 114 AUTOCOMPLETE_OFF, 115 MAX_FAILURE_VALUE 116 }; 117 118 // Log failure for UMA. Logs additional metrics if the |form_origin| 119 // corresponds to one of the top, explicitly monitored websites. For some 120 // values of |failure| also sends logs to the internals page through |logger|, 121 // it |logger| is not NULL. 122 void RecordFailure(ProvisionalSaveFailure failure, 123 const std::string& form_origin, 124 BrowserSavePasswordProgressLogger* logger); 125 126 // Possibly set up FieldTrial for testing other possible usernames. This only 127 // happens if there are other_possible_usernames to be shown and the 128 // experiment hasn't already been initialized. We setup the experiment at 129 // such a late time because this experiment will only affect a small number 130 // of users so we want to include a larger fraction of these users than the 131 // normal 10%. 132 void PossiblyInitializeUsernamesExperiment( 133 const autofill::PasswordFormMap& matches) const; 134 135 // Returns true if we can show possible usernames to users in cases where 136 // the username for the form is ambigious. 137 bool OtherPossibleUsernamesEnabled() const; 138 139 // Returns true if the user needs to be prompted before a password can be 140 // saved (instead of automatically saving 141 // the password), based on inspecting the state of 142 // |provisional_save_manager_|. 143 bool ShouldPromptUserToSavePassword() const; 144 145 // Checks for every from in |forms| whether |pending_login_managers_| already 146 // contain a manager for that form. If not, adds a manager for each such form. 147 void CreatePendingLoginManagers( 148 const std::vector<autofill::PasswordForm>& forms); 149 150 // Note about how a PasswordFormManager can transition from 151 // pending_login_managers_ to provisional_save_manager_ and the infobar. 152 // 153 // 1. form "seen" 154 // | new 155 // | ___ Infobar 156 // pending_login -- form submit --> provisional_save ___/ 157 // ^ | \___ (update DB) 158 // | fail 159 // |-----------<------<---------| !new 160 // 161 // When a form is "seen" on a page, a PasswordFormManager is created 162 // and stored in this collection until user navigates away from page. 163 164 ScopedVector<PasswordFormManager> pending_login_managers_; 165 166 // When the user submits a password/credential, this contains the 167 // PasswordFormManager for the form in question until we deem the login 168 // attempt to have succeeded (as in valid credentials). If it fails, we 169 // send the PasswordFormManager back to the pending_login_managers_ set. 170 // Scoped in case PasswordManager gets deleted (e.g tab closes) between the 171 // time a user submits a login form and gets to the next page. 172 scoped_ptr<PasswordFormManager> provisional_save_manager_; 173 174 // The embedder-level client. Must outlive this class. 175 PasswordManagerClient* const client_; 176 177 // The platform-level driver. Must outlive this class. 178 PasswordManagerDriver* const driver_; 179 180 // Set to false to disable the password manager (will no longer ask if you 181 // want to save passwords but will continue to fill passwords). 182 BooleanPrefMember password_manager_enabled_; 183 184 // Observers to be notified of LoginModel events. This is mutable to allow 185 // notification in const member functions. 186 mutable ObserverList<LoginModelObserver> observers_; 187 188 // Callbacks to be notified when a password form has been submitted. 189 std::vector<PasswordSubmittedCallback> submission_callbacks_; 190 191 DISALLOW_COPY_AND_ASSIGN(PasswordManager); 192 }; 193 194 } // namespace password_manager 195 196 #endif // COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_MANAGER_H_ 197