1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef COMPONENTS_AUTOFILL_CORE_COMMON_PASSWORD_FORM_H__ 6 #define COMPONENTS_AUTOFILL_CORE_COMMON_PASSWORD_FORM_H__ 7 8 #include <map> 9 #include <string> 10 #include <vector> 11 12 #include "base/time/time.h" 13 #include "components/autofill/core/common/form_data.h" 14 #include "url/gurl.h" 15 16 namespace autofill { 17 18 // The PasswordForm struct encapsulates information about a login form, 19 // which can be an HTML form or a dialog with username/password text fields. 20 // 21 // The Web Data database stores saved username/passwords and associated form 22 // metdata using a PasswordForm struct, typically one that was created from 23 // a parsed HTMLFormElement or LoginDialog, but the saved entries could have 24 // also been created by imported data from another browser. 25 // 26 // The PasswordManager implements a fuzzy-matching algorithm to compare saved 27 // PasswordForm entries against PasswordForms that were created from a parsed 28 // HTML or dialog form. As one might expect, the more data contained in one 29 // of the saved PasswordForms, the better the job the PasswordManager can do 30 // in matching it against the actual form it was saved on, and autofill 31 // accurately. But it is not always possible, especially when importing from 32 // other browsers with different data models, to copy over all the information 33 // about a particular "saved password entry" to our PasswordForm 34 // representation. 35 // 36 // The field descriptions in the struct specification below are intended to 37 // describe which fields are not strictly required when adding a saved password 38 // entry to the database and how they can affect the matching process. 39 40 struct PasswordForm { 41 // Enum to differentiate between HTML form based authentication, and dialogs 42 // using basic or digest schemes. Default is SCHEME_HTML. Only PasswordForms 43 // of the same Scheme will be matched/autofilled against each other. 44 enum Scheme { 45 SCHEME_HTML, 46 SCHEME_BASIC, 47 SCHEME_DIGEST, 48 SCHEME_OTHER, 49 SCHEME_LAST = SCHEME_OTHER 50 } scheme; 51 52 // The "Realm" for the sign-on (scheme, host, port for SCHEME_HTML, and 53 // contains the HTTP realm for dialog-based forms). 54 // The signon_realm is effectively the primary key used for retrieving 55 // data from the database, so it must not be empty. 56 std::string signon_realm; 57 58 // The original "Realm" for the sign-on (scheme, host, port for SCHEME_HTML, 59 // and contains the HTTP realm for dialog-based forms). This realm is only set 60 // when two PasswordForms are matched when trying to find a login/pass pair 61 // for a site. It is only set to a non-empty value during a match of the 62 // original stored login/pass and the current observed form if all these 63 // statements are true: 64 // 1) The full signon_realm is not the same. 65 // 2) The registry controlled domain is the same. For example; example.com, 66 // m.example.com, foo.login.example.com and www.example.com would all resolve 67 // to example.com since .com is the public suffix. 68 // 3) The scheme is the same. 69 // 4) The port is the same. 70 // For example, if there exists a stored password for http://www.example.com 71 // (where .com is the public suffix) and the observed form is 72 // http://m.example.com, |original_signon_realm| must be set to 73 // http://www.example.com. 74 std::string original_signon_realm; 75 76 // The URL (minus query parameters) containing the form. This is the primary 77 // data used by the PasswordManager to decide (in longest matching prefix 78 // fashion) whether or not a given PasswordForm result from the database is a 79 // good fit for a particular form on a page, so it must not be empty. 80 GURL origin; 81 82 // The action target of the form. This is the primary data used by the 83 // PasswordManager for form autofill; that is, the action of the saved 84 // credentials must match the action of the form on the page to be autofilled. 85 // If this is empty / not available, it will result in a "restricted" 86 // IE-like autofill policy, where we wait for the user to type in his 87 // username before autofilling the password. In these cases, after successful 88 // login the action URL will automatically be assigned by the 89 // PasswordManager. 90 // 91 // When parsing an HTML form, this must always be set. 92 GURL action; 93 94 // The name of the submit button used. Optional; only used in scoring 95 // of PasswordForm results from the database to make matches as tight as 96 // possible. 97 // 98 // When parsing an HTML form, this must always be set. 99 base::string16 submit_element; 100 101 // The name of the username input element. Optional (improves scoring). 102 // 103 // When parsing an HTML form, this must always be set. 104 base::string16 username_element; 105 106 // The username. Optional. 107 // 108 // When parsing an HTML form, this is typically empty unless the site 109 // has implemented some form of autofill. 110 base::string16 username_value; 111 112 // This member is populated in cases where we there are multiple input 113 // elements that could possibly be the username. Used when our heuristics for 114 // determining the username are incorrect. Optional. 115 // 116 // When parsing an HTML form, this is typically empty. 117 std::vector<base::string16> other_possible_usernames; 118 119 // The name of the password input element, Optional (improves scoring). 120 // 121 // When parsing an HTML form, this must always be set. 122 base::string16 password_element; 123 124 // The password. Required. 125 // 126 // When parsing an HTML form, this is typically empty. 127 base::string16 password_value; 128 129 // False if autocomplete is set to "off" for the password input element; 130 // True otherwise. 131 bool password_autocomplete_set; 132 133 // If the form was a change password form, the name of the 134 // 'old password' input element. Optional. 135 base::string16 old_password_element; 136 137 // The old password. Optional. 138 base::string16 old_password_value; 139 140 // Whether or not this login was saved under an HTTPS session with a valid 141 // SSL cert. We will never match or autofill a PasswordForm where 142 // ssl_valid == true with a PasswordForm where ssl_valid == false. This means 143 // passwords saved under HTTPS will never get autofilled onto an HTTP page. 144 // When importing, this should be set to true if the page URL is HTTPS, thus 145 // giving it "the benefit of the doubt" that the SSL cert was valid when it 146 // was saved. Default to false. 147 bool ssl_valid; 148 149 // True if this PasswordForm represents the last username/password login the 150 // user selected to log in to the site. If there is only one saved entry for 151 // the site, this will always be true, but when there are multiple entries 152 // the PasswordManager ensures that only one of them has a preferred bit set 153 // to true. Default to false. 154 // 155 // When parsing an HTML form, this is not used. 156 bool preferred; 157 158 // When the login was saved (by chrome). 159 // 160 // When parsing an HTML form, this is not used. 161 base::Time date_created; 162 163 // When the login was downloaded from the sync server. For local passwords is 164 // not used. 165 // 166 // When parsing an HTML form, this is not used. 167 base::Time date_synced; 168 169 // Tracks if the user opted to never remember passwords for this form. Default 170 // to false. 171 // 172 // When parsing an HTML form, this is not used. 173 bool blacklisted_by_user; 174 175 // Enum to differentiate between manually filled forms and forms with auto 176 // generated passwords. 177 enum Type { 178 TYPE_MANUAL, 179 TYPE_GENERATED, 180 TYPE_LAST = TYPE_GENERATED 181 }; 182 183 // The form type. Not used yet. Please see http://crbug.com/152422 184 Type type; 185 186 // The number of times that this username/password has been used to 187 // authenticate the user. 188 // 189 // When parsing an HTML form, this is not used. 190 int times_used; 191 192 // True if additional system level authentication should be used 193 // (if available) before using this password for autofill. 194 // 195 // Default to false. 196 bool use_additional_authentication; 197 198 // Autofill representation of this form. Used to communicate with the 199 // Autofill servers if necessary. Currently this is only used to help 200 // determine forms where we can trigger password generation. 201 // 202 // When parsing an HTML form, this is normally set. 203 FormData form_data; 204 205 // Returns true if this match was found using public suffix matching. 206 bool IsPublicSuffixMatch() const; 207 208 // Equality operators for testing. 209 bool operator==(const PasswordForm& form) const; 210 bool operator!=(const PasswordForm& form) const; 211 212 PasswordForm(); 213 ~PasswordForm(); 214 }; 215 216 // Map username to PasswordForm* for convenience. See password_form_manager.h. 217 typedef std::map<base::string16, PasswordForm*> PasswordFormMap; 218 219 // For testing. 220 std::ostream& operator<<(std::ostream& os, 221 const autofill::PasswordForm& form); 222 223 } // namespace autofill 224 225 #endif // COMPONENTS_AUTOFILL_CORE_COMMON_PASSWORD_FORM_H__ 226
