Home | History | Annotate | Download | only in browser 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_FORM_MANAGER_H_
      6 #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_FORM_MANAGER_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include "build/build_config.h"
     12 
     13 #include "base/stl_util.h"
     14 #include "components/autofill/core/browser/field_types.h"
     15 #include "components/autofill/core/common/password_form.h"
     16 #include "components/password_manager/core/browser/password_manager_driver.h"
     17 #include "components/password_manager/core/browser/password_store.h"
     18 #include "components/password_manager/core/browser/password_store_consumer.h"
     19 
     20 namespace content {
     21 class WebContents;
     22 }  // namespace content
     23 
     24 namespace password_manager {
     25 
     26 class PasswordManager;
     27 class PasswordManagerClient;
     28 
     29 // Per-password-form-{on-page, dialog} class responsible for interactions
     30 // between a given form, the per-tab PasswordManager, and the PasswordStore.
     31 class PasswordFormManager : public PasswordStoreConsumer {
     32  public:
     33   // |password_manager| owns this object
     34   // |form_on_page| is the form that may be submitted and could need login data.
     35   // |ssl_valid| represents the security of the page containing observed_form,
     36   //           used to filter login results from database.
     37   PasswordFormManager(PasswordManager* password_manager,
     38                       PasswordManagerClient* client,
     39                       PasswordManagerDriver* driver,
     40                       const autofill::PasswordForm& observed_form,
     41                       bool ssl_valid);
     42   virtual ~PasswordFormManager();
     43 
     44   // Flags describing the result of comparing two forms as performed by
     45   // DoesMatch. Individual flags are only relevant for HTML forms, but
     46   // RESULT_COMPLETE_MATCH will also be returned to indicate non-HTML forms
     47   // completely matching.
     48   enum MatchResultFlags {
     49     RESULT_NO_MATCH = 0,
     50     RESULT_MANDATORY_ATTRIBUTES_MATCH = 1 << 0,  // Bare minimum to be a match.
     51     RESULT_ACTION_MATCH = 1 << 1,                // Action URLs match too.
     52     RESULT_COMPLETE_MATCH =
     53         RESULT_MANDATORY_ATTRIBUTES_MATCH | RESULT_ACTION_MATCH
     54   };
     55   // Use MatchResultMask to contain combinations of MatchResultFlags values.
     56   // It's a signed int rather than unsigned to avoid signed/unsigned mismatch
     57   // caused by the enum values implicitly converting to signed int.
     58   typedef int MatchResultMask;
     59 
     60   enum OtherPossibleUsernamesAction {
     61     ALLOW_OTHER_POSSIBLE_USERNAMES,
     62     IGNORE_OTHER_POSSIBLE_USERNAMES
     63   };
     64 
     65   // Compares basic data of |observed_form_| with |form| and returns how much
     66   // they match. The return value is a MatchResultMask bitmask.
     67   MatchResultMask DoesManage(const autofill::PasswordForm& form) const;
     68 
     69   // Retrieves potential matching logins from the database.
     70   // |prompt_policy| indicates whether it's permissible to prompt the user to
     71   // authorize access to locked passwords. This argument is only used on
     72   // platforms that support prompting the user for access (such as Mac OS).
     73   void FetchMatchingLoginsFromPasswordStore(
     74       PasswordStore::AuthorizationPromptPolicy prompt_policy);
     75 
     76   // Simple state-check to verify whether this object as received a callback
     77   // from the PasswordStore and completed its matching phase. Note that the
     78   // callback in question occurs on the same (and only) main thread from which
     79   // instances of this class are ever used, but it is required since it is
     80   // conceivable that a user (or ui test) could attempt to submit a login
     81   // prompt before the callback has occured, which would InvokeLater a call to
     82   // PasswordManager::ProvisionallySave, which would interact with this object
     83   // before the db has had time to answer with matching password entries.
     84   // This is intended to be a one-time check; if the return value is false the
     85   // expectation is caller will give up. This clearly won't work if you put it
     86   // in a loop and wait for matching to complete; you're (supposed to be) on
     87   // the same thread!
     88   bool HasCompletedMatching();
     89 
     90   // Determines if the user opted to 'never remember' passwords for this form.
     91   bool IsBlacklisted();
     92 
     93   // Used by PasswordManager to determine whether or not to display
     94   // a SavePasswordBar when given the green light to save the PasswordForm
     95   // managed by this.
     96   bool IsNewLogin();
     97 
     98   // Returns true if the current pending credentials were found using
     99   // origin matching of the public suffix, instead of the signon realm of the
    100   // form.
    101   bool IsPendingCredentialsPublicSuffixMatch();
    102 
    103   // Checks if the form is a valid password form. Forms which lack password
    104   // field are not considered valid.
    105   bool HasValidPasswordForm();
    106 
    107   // These functions are used to determine if this form has had it's password
    108   // auto generated by the browser.
    109   bool HasGeneratedPassword();
    110   void SetHasGeneratedPassword();
    111 
    112   // Determines if we need to autofill given the results of the query.
    113   // Takes ownership of the elements in |result|.
    114   void OnRequestDone(const std::vector<autofill::PasswordForm*>& result);
    115 
    116   virtual void OnGetPasswordStoreResults(
    117       const std::vector<autofill::PasswordForm*>& results) OVERRIDE;
    118 
    119   // A user opted to 'never remember' passwords for this form.
    120   // Blacklist it so that from now on when it is seen we ignore it.
    121   // TODO: Make this private once we switch to the new UI.
    122   void PermanentlyBlacklist();
    123 
    124   // Sets whether the password form should use additional password
    125   // authentication if available before being used for autofill.
    126   void SetUseAdditionalPasswordAuthentication(
    127       bool use_additional_authentication);
    128 
    129   // If the user has submitted observed_form_, provisionally hold on to
    130   // the submitted credentials until we are told by PasswordManager whether
    131   // or not the login was successful. |action| describes how we deal with
    132   // possible usernames. If |action| is ALLOW_OTHER_POSSIBLE_USERNAMES we will
    133   // treat a possible usernames match as a sign that our original heuristics
    134   // were wrong and that the user selected the correct username from the
    135   // Autofill UI.
    136   void ProvisionallySave(const autofill::PasswordForm& credentials,
    137                          OtherPossibleUsernamesAction action);
    138 
    139   // Handles save-as-new or update of the form managed by this manager.
    140   // Note the basic data of updated_credentials must match that of
    141   // observed_form_ (e.g DoesManage(pending_credentials_) == true).
    142   // TODO: Make this private once we switch to the new UI.
    143   void Save();
    144 
    145   // Call these if/when we know the form submission worked or failed.
    146   // These routines are used to update internal statistics ("ActionsTaken").
    147   void SubmitPassed();
    148   void SubmitFailed();
    149 
    150   // Returns the username associated with the credentials.
    151   const base::string16& associated_username() const {
    152     return pending_credentials_.username_value;
    153   }
    154 
    155   // Returns the pending credentials.
    156   const autofill::PasswordForm& pending_credentials() const {
    157     return pending_credentials_;
    158   }
    159 
    160   // Returns the best matches.
    161   const autofill::PasswordFormMap& best_matches() const {
    162     return best_matches_;
    163   }
    164 
    165   const autofill::PasswordForm* preferred_match() const {
    166     return preferred_match_;
    167   }
    168 
    169   // Returns the realm URL for the form managed my this manager.
    170   const std::string& realm() const {
    171     return pending_credentials_.signon_realm;
    172   }
    173 
    174  private:
    175   friend class PasswordFormManagerTest;
    176 
    177   // ManagerAction - What does the manager do with this form? Either it
    178   // fills it, or it doesn't. If it doesn't fill it, that's either
    179   // because it has no match, or it is blacklisted, or it is disabled
    180   // via the AUTOCOMPLETE=off attribute. Note that if we don't have
    181   // an exact match, we still provide candidates that the user may
    182   // end up choosing.
    183   enum ManagerAction {
    184     kManagerActionNone = 0,
    185     kManagerActionAutofilled,
    186     kManagerActionBlacklisted,
    187     kManagerActionMax
    188   };
    189 
    190   // UserAction - What does the user do with this form? If he or she
    191   // does nothing (either by accepting what the password manager did, or
    192   // by simply (not typing anything at all), you get None. If there were
    193   // multiple choices and the user selects one other than the default,
    194   // you get Choose, if user selects an entry from matching against the Public
    195   // Suffix List you get ChoosePslMatch, if the user types in a new value
    196   // for just the password you get OverridePassword, and if the user types in a
    197   // new value for the username and password you get
    198   // OverrideUsernameAndPassword.
    199   enum UserAction {
    200     kUserActionNone = 0,
    201     kUserActionChoose,
    202     kUserActionChoosePslMatch,
    203     kUserActionOverridePassword,
    204     kUserActionOverrideUsernameAndPassword,
    205     kUserActionMax
    206   };
    207 
    208   // Result - What happens to the form?
    209   enum SubmitResult {
    210     kSubmitResultNotSubmitted = 0,
    211     kSubmitResultFailed,
    212     kSubmitResultPassed,
    213     kSubmitResultMax
    214   };
    215 
    216   // The maximum number of combinations of the three preceding enums.
    217   // This is used when recording the actions taken by the form in UMA.
    218   static const int kMaxNumActionsTaken = kManagerActionMax * kUserActionMax *
    219                                          kSubmitResultMax;
    220 
    221   // Helper for OnGetPasswordStoreResults to determine whether or not
    222   // the given result form is worth scoring.
    223   bool ShouldIgnoreResult(const autofill::PasswordForm& form) const;
    224 
    225   // Helper for Save in the case that best_matches.size() == 0, meaning
    226   // we have no prior record of this form/username/password and the user
    227   // has opted to 'Save Password'. If |reset_preferred_login| is set,
    228   // the previously preferred login from |best_matches_| will be reset.
    229   void SaveAsNewLogin(bool reset_preferred_login);
    230 
    231   // Helper for OnGetPasswordStoreResults to score an individual result
    232   // against the observed_form_.
    233   int ScoreResult(const autofill::PasswordForm& form) const;
    234 
    235   // Helper for Save in the case that best_matches.size() > 0, meaning
    236   // we have at least one match for this form/username/password. This
    237   // Updates the form managed by this object, as well as any matching forms
    238   // that now need to have preferred bit changed, since updated_credentials
    239   // is now implicitly 'preferred'.
    240   void UpdateLogin();
    241 
    242   // Check to see if |pending| corresponds to an account creation form. If we
    243   // think that it does, we label it as such and upload this state to the
    244   // Autofill server, so that we will trigger password generation in the future.
    245   void CheckForAccountCreationForm(const autofill::PasswordForm& pending,
    246                                    const autofill::PasswordForm& observed);
    247 
    248   // Update all login matches to reflect new preferred state - preferred flag
    249   // will be reset on all matched logins that different than the current
    250   // |pending_credentials_|.
    251   void UpdatePreferredLoginState(PasswordStore* password_store);
    252 
    253   // Returns true if |username| is one of the other possible usernames for a
    254   // password form in |best_matches_| and sets |pending_credentials_| to the
    255   // match which had this username.
    256   bool UpdatePendingCredentialsIfOtherPossibleUsername(
    257       const base::string16& username);
    258 
    259   // Converts the "ActionsTaken" fields into an int so they can be logged to
    260   // UMA.
    261   int GetActionsTaken();
    262 
    263   // Remove possible_usernames that may contains sensitive information and
    264   // duplicates.
    265   void SanitizePossibleUsernames(autofill::PasswordForm* form);
    266 
    267   // Helper function to delegate uploading to the AutofillManager.
    268   virtual void UploadPasswordForm(
    269       const autofill::FormData& form_data,
    270       const autofill::ServerFieldType& password_type);
    271 
    272   // Set of PasswordForms from the DB that best match the form
    273   // being managed by this. Use a map instead of vector, because we most
    274   // frequently require lookups by username value in IsNewLogin.
    275   autofill::PasswordFormMap best_matches_;
    276 
    277   // Cleans up when best_matches_ goes out of scope.
    278   STLValueDeleter<autofill::PasswordFormMap> best_matches_deleter_;
    279 
    280   // The PasswordForm from the page or dialog managed by |this|.
    281   const autofill::PasswordForm observed_form_;
    282 
    283   // The origin url path of observed_form_ tokenized, for convenience when
    284   // scoring.
    285   std::vector<std::string> form_path_tokens_;
    286 
    287   // Stores updated credentials when the form was submitted but success is
    288   // still unknown.
    289   autofill::PasswordForm pending_credentials_;
    290 
    291   // Whether pending_credentials_ stores a new login or is an update
    292   // to an existing one.
    293   bool is_new_login_;
    294 
    295   // Whether this form has an auto generated password.
    296   bool has_generated_password_;
    297 
    298   // Set if the user has selected one of the other possible usernames in
    299   // |pending_credentials_|.
    300   base::string16 selected_username_;
    301 
    302   // PasswordManager owning this.
    303   const PasswordManager* const password_manager_;
    304 
    305   // Convenience pointer to entry in best_matches_ that is marked
    306   // as preferred. This is only allowed to be null if there are no best matches
    307   // at all, since there will always be one preferred login when there are
    308   // multiple matches (when first saved, a login is marked preferred).
    309   const autofill::PasswordForm* preferred_match_;
    310 
    311   typedef enum {
    312     PRE_MATCHING_PHASE,      // Have not yet invoked a GetLogins query to find
    313                              // matching login information from password store.
    314     MATCHING_PHASE,          // We've made a GetLogins request, but
    315                              // haven't received or finished processing result.
    316     POST_MATCHING_PHASE      // We've queried the DB and processed matching
    317                              // login results.
    318   } PasswordFormManagerState;
    319 
    320   // State of matching process, used to verify that we don't call methods
    321   // assuming we've already processed the request for matching logins,
    322   // when we actually haven't.
    323   PasswordFormManagerState state_;
    324 
    325   // The client which implements embedder-specific PasswordManager operations.
    326   PasswordManagerClient* client_;
    327 
    328   // The driver which implements platform-specific PasswordManager operations.
    329   PasswordManagerDriver* driver_;
    330 
    331   // These three fields record the "ActionsTaken" by the browser and
    332   // the user with this form, and the result. They are combined and
    333   // recorded in UMA when the manager is destroyed.
    334   ManagerAction manager_action_;
    335   UserAction user_action_;
    336   SubmitResult submit_result_;
    337 
    338   DISALLOW_COPY_AND_ASSIGN(PasswordFormManager);
    339 };
    340 
    341 }  // namespace password_manager
    342 
    343 #endif  // COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_FORM_MANAGER_H_
    344