Home | History | Annotate | Download | only in browser 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_FORM_MANAGER_H_
      6 #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_FORM_MANAGER_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include "build/build_config.h"
     12 
     13 #include "base/stl_util.h"
     14 #include "components/autofill/core/common/password_form.h"
     15 #include "components/password_manager/core/browser/password_manager_driver.h"
     16 #include "components/password_manager/core/browser/password_store.h"
     17 #include "components/password_manager/core/browser/password_store_consumer.h"
     18 
     19 namespace content {
     20 class WebContents;
     21 }  // namespace content
     22 
     23 namespace password_manager {
     24 
     25 class PasswordManager;
     26 class PasswordManagerClient;
     27 
     28 // Per-password-form-{on-page, dialog} class responsible for interactions
     29 // between a given form, the per-tab PasswordManager, and the PasswordStore.
     30 class PasswordFormManager : public PasswordStoreConsumer {
     31  public:
     32   // |password_manager| owns this object
     33   // |form_on_page| is the form that may be submitted and could need login data.
     34   // |ssl_valid| represents the security of the page containing observed_form,
     35   //           used to filter login results from database.
     36   PasswordFormManager(PasswordManager* password_manager,
     37                       PasswordManagerClient* client,
     38                       PasswordManagerDriver* driver,
     39                       const autofill::PasswordForm& observed_form,
     40                       bool ssl_valid);
     41   virtual ~PasswordFormManager();
     42 
     43   enum ActionMatch {
     44     ACTION_MATCH_REQUIRED,
     45     ACTION_MATCH_NOT_REQUIRED
     46   };
     47 
     48   enum OtherPossibleUsernamesAction {
     49     ALLOW_OTHER_POSSIBLE_USERNAMES,
     50     IGNORE_OTHER_POSSIBLE_USERNAMES
     51   };
     52 
     53   // Compare basic data of observed_form_ with argument. Only check the action
     54   // URL when action match is required.
     55   bool DoesManage(const autofill::PasswordForm& form,
     56                   ActionMatch action_match) const;
     57 
     58   // Retrieves potential matching logins from the database.
     59   // |prompt_policy| indicates whether it's permissible to prompt the user to
     60   // authorize access to locked passwords. This argument is only used on
     61   // platforms that support prompting the user for access (such as Mac OS).
     62   void FetchMatchingLoginsFromPasswordStore(
     63       PasswordStore::AuthorizationPromptPolicy prompt_policy);
     64 
     65   // Simple state-check to verify whether this object as received a callback
     66   // from the PasswordStore and completed its matching phase. Note that the
     67   // callback in question occurs on the same (and only) main thread from which
     68   // instances of this class are ever used, but it is required since it is
     69   // conceivable that a user (or ui test) could attempt to submit a login
     70   // prompt before the callback has occured, which would InvokeLater a call to
     71   // PasswordManager::ProvisionallySave, which would interact with this object
     72   // before the db has had time to answer with matching password entries.
     73   // This is intended to be a one-time check; if the return value is false the
     74   // expectation is caller will give up. This clearly won't work if you put it
     75   // in a loop and wait for matching to complete; you're (supposed to be) on
     76   // the same thread!
     77   bool HasCompletedMatching();
     78 
     79   // Determines if the user opted to 'never remember' passwords for this form.
     80   bool IsBlacklisted();
     81 
     82   // Used by PasswordManager to determine whether or not to display
     83   // a SavePasswordBar when given the green light to save the PasswordForm
     84   // managed by this.
     85   bool IsNewLogin();
     86 
     87   // Returns true if the current pending credentials were found using
     88   // origin matching of the public suffix, instead of the signon realm of the
     89   // form.
     90   bool IsPendingCredentialsPublicSuffixMatch();
     91 
     92   // Checks if the form is a valid password form. Forms which lack either
     93   // login or password field are not considered valid.
     94   bool HasValidPasswordForm();
     95 
     96   // These functions are used to determine if this form has had it's password
     97   // auto generated by the browser.
     98   bool HasGeneratedPassword();
     99   void SetHasGeneratedPassword();
    100 
    101   // Determines if we need to autofill given the results of the query.
    102   // Takes ownership of the elements in |result|.
    103   void OnRequestDone(const std::vector<autofill::PasswordForm*>& result);
    104 
    105   virtual void OnGetPasswordStoreResults(
    106       const std::vector<autofill::PasswordForm*>& results) OVERRIDE;
    107 
    108   // A user opted to 'never remember' passwords for this form.
    109   // Blacklist it so that from now on when it is seen we ignore it.
    110   // TODO: Make this private once we switch to the new UI.
    111   void PermanentlyBlacklist();
    112 
    113   // Sets whether the password form should use additional password
    114   // authentication if available before being used for autofill.
    115   void SetUseAdditionalPasswordAuthentication(
    116       bool use_additional_authentication);
    117 
    118   // If the user has submitted observed_form_, provisionally hold on to
    119   // the submitted credentials until we are told by PasswordManager whether
    120   // or not the login was successful. |action| describes how we deal with
    121   // possible usernames. If |action| is ALLOW_OTHER_POSSIBLE_USERNAMES we will
    122   // treat a possible usernames match as a sign that our original heuristics
    123   // were wrong and that the user selected the correct username from the
    124   // Autofill UI.
    125   void ProvisionallySave(const autofill::PasswordForm& credentials,
    126                          OtherPossibleUsernamesAction action);
    127 
    128   // Handles save-as-new or update of the form managed by this manager.
    129   // Note the basic data of updated_credentials must match that of
    130   // observed_form_ (e.g DoesManage(pending_credentials_) == true).
    131   // TODO: Make this private once we switch to the new UI.
    132   void Save();
    133 
    134   // Call these if/when we know the form submission worked or failed.
    135   // These routines are used to update internal statistics ("ActionsTaken").
    136   void SubmitPassed();
    137   void SubmitFailed();
    138 
    139   // Returns the username associated with the credentials.
    140   const base::string16& associated_username() const {
    141     return pending_credentials_.username_value;
    142   }
    143 
    144   // Returns the pending credentials.
    145   const autofill::PasswordForm& pending_credentials() const {
    146     return pending_credentials_;
    147   }
    148 
    149   // Returns the best matches.
    150   const autofill::PasswordFormMap best_matches() const {
    151     return best_matches_;
    152   }
    153 
    154   // Returns the realm URL for the form managed my this manager.
    155   const std::string& realm() const {
    156     return pending_credentials_.signon_realm;
    157   }
    158 
    159  private:
    160   friend class PasswordFormManagerTest;
    161 
    162   // ManagerAction - What does the manager do with this form? Either it
    163   // fills it, or it doesn't. If it doesn't fill it, that's either
    164   // because it has no match, or it is blacklisted, or it is disabled
    165   // via the AUTOCOMPLETE=off attribute. Note that if we don't have
    166   // an exact match, we still provide candidates that the user may
    167   // end up choosing.
    168   enum ManagerAction {
    169     kManagerActionNone = 0,
    170     kManagerActionAutofilled,
    171     kManagerActionBlacklisted,
    172     kManagerActionMax
    173   };
    174 
    175   // UserAction - What does the user do with this form? If he or she
    176   // does nothing (either by accepting what the password manager did, or
    177   // by simply (not typing anything at all), you get None. If there were
    178   // multiple choices and the user selects one other than the default,
    179   // you get Choose, if user selects an entry from matching against the Public
    180   // Suffix List you get ChoosePslMatch, if the user types in a new value
    181   // for just the password you get OverridePassword, and if the user types in a
    182   // new value for the username and password you get
    183   // OverrideUsernameAndPassword.
    184   enum UserAction {
    185     kUserActionNone = 0,
    186     kUserActionChoose,
    187     kUserActionChoosePslMatch,
    188     kUserActionOverridePassword,
    189     kUserActionOverrideUsernameAndPassword,
    190     kUserActionMax
    191   };
    192 
    193   // Result - What happens to the form?
    194   enum SubmitResult {
    195     kSubmitResultNotSubmitted = 0,
    196     kSubmitResultFailed,
    197     kSubmitResultPassed,
    198     kSubmitResultMax
    199   };
    200 
    201   // The maximum number of combinations of the three preceding enums.
    202   // This is used when recording the actions taken by the form in UMA.
    203   static const int kMaxNumActionsTaken = kManagerActionMax * kUserActionMax *
    204                                          kSubmitResultMax;
    205 
    206   // Helper for OnGetPasswordStoreResults to determine whether or not
    207   // the given result form is worth scoring.
    208   bool IgnoreResult(const autofill::PasswordForm& form) const;
    209 
    210   // Helper for Save in the case that best_matches.size() == 0, meaning
    211   // we have no prior record of this form/username/password and the user
    212   // has opted to 'Save Password'. If |reset_preferred_login| is set,
    213   // the previously preferred login from |best_matches_| will be reset.
    214   void SaveAsNewLogin(bool reset_preferred_login);
    215 
    216   // Helper for OnGetPasswordStoreResults to score an individual result
    217   // against the observed_form_.
    218   int ScoreResult(const autofill::PasswordForm& form) const;
    219 
    220   // Helper for Save in the case that best_matches.size() > 0, meaning
    221   // we have at least one match for this form/username/password. This
    222   // Updates the form managed by this object, as well as any matching forms
    223   // that now need to have preferred bit changed, since updated_credentials
    224   // is now implicitly 'preferred'.
    225   void UpdateLogin();
    226 
    227   // Check to see if |pending| corresponds to an account creation form. If we
    228   // think that it does, we label it as such and upload this state to the
    229   // Autofill server, so that we will trigger password generation in the future.
    230   void CheckForAccountCreationForm(const autofill::PasswordForm& pending,
    231                                    const autofill::PasswordForm& observed);
    232 
    233   // Update all login matches to reflect new preferred state - preferred flag
    234   // will be reset on all matched logins that different than the current
    235   // |pending_credentials_|.
    236   void UpdatePreferredLoginState(PasswordStore* password_store);
    237 
    238   // Returns true if |username| is one of the other possible usernames for a
    239   // password form in |best_matches_| and sets |pending_credentials_| to the
    240   // match which had this username.
    241   bool UpdatePendingCredentialsIfOtherPossibleUsername(
    242       const base::string16& username);
    243 
    244   // Converts the "ActionsTaken" fields into an int so they can be logged to
    245   // UMA.
    246   int GetActionsTaken();
    247 
    248   // Remove possible_usernames that may contains sensitive information and
    249   // duplicates.
    250   void SanitizePossibleUsernames(autofill::PasswordForm* form);
    251 
    252   // Set of PasswordForms from the DB that best match the form
    253   // being managed by this. Use a map instead of vector, because we most
    254   // frequently require lookups by username value in IsNewLogin.
    255   autofill::PasswordFormMap best_matches_;
    256 
    257   // Cleans up when best_matches_ goes out of scope.
    258   STLValueDeleter<autofill::PasswordFormMap> best_matches_deleter_;
    259 
    260   // The PasswordForm from the page or dialog managed by this.
    261   autofill::PasswordForm observed_form_;
    262 
    263   // The origin url path of observed_form_ tokenized, for convenience when
    264   // scoring.
    265   std::vector<std::string> form_path_tokens_;
    266 
    267   // Stores updated credentials when the form was submitted but success is
    268   // still unknown.
    269   autofill::PasswordForm pending_credentials_;
    270 
    271   // Whether pending_credentials_ stores a new login or is an update
    272   // to an existing one.
    273   bool is_new_login_;
    274 
    275   // Whether this form has an auto generated password.
    276   bool has_generated_password_;
    277 
    278   // Set if the user has selected one of the other possible usernames in
    279   // |pending_credentials_|.
    280   base::string16 selected_username_;
    281 
    282   // PasswordManager owning this.
    283   const PasswordManager* const password_manager_;
    284 
    285   // Convenience pointer to entry in best_matches_ that is marked
    286   // as preferred. This is only allowed to be null if there are no best matches
    287   // at all, since there will always be one preferred login when there are
    288   // multiple matches (when first saved, a login is marked preferred).
    289   const autofill::PasswordForm* preferred_match_;
    290 
    291   typedef enum {
    292     PRE_MATCHING_PHASE,      // Have not yet invoked a GetLogins query to find
    293                              // matching login information from password store.
    294     MATCHING_PHASE,          // We've made a GetLogins request, but
    295                              // haven't received or finished processing result.
    296     POST_MATCHING_PHASE      // We've queried the DB and processed matching
    297                              // login results.
    298   } PasswordFormManagerState;
    299 
    300   // State of matching process, used to verify that we don't call methods
    301   // assuming we've already processed the request for matching logins,
    302   // when we actually haven't.
    303   PasswordFormManagerState state_;
    304 
    305   // The client which implements embedder-specific PasswordManager operations.
    306   PasswordManagerClient* client_;
    307 
    308   // The driver which implements platform-specific PasswordManager operations.
    309   PasswordManagerDriver* driver_;
    310 
    311   // These three fields record the "ActionsTaken" by the browser and
    312   // the user with this form, and the result. They are combined and
    313   // recorded in UMA when the manager is destroyed.
    314   ManagerAction manager_action_;
    315   UserAction user_action_;
    316   SubmitResult submit_result_;
    317 
    318   DISALLOW_COPY_AND_ASSIGN(PasswordFormManager);
    319 };
    320 
    321 }  // namespace password_manager
    322 
    323 #endif  // COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_FORM_MANAGER_H_
    324