Home | History | Annotate | Download | only in browser 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_MANAGER_H_
      6 #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_MANAGER_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include "base/callback.h"
     12 #include "base/memory/scoped_ptr.h"
     13 #include "base/memory/scoped_vector.h"
     14 #include "base/observer_list.h"
     15 #include "base/prefs/pref_member.h"
     16 #include "base/stl_util.h"
     17 #include "components/autofill/core/common/password_form.h"
     18 #include "components/autofill/core/common/password_form_fill_data.h"
     19 #include "components/password_manager/core/browser/login_model.h"
     20 #include "components/password_manager/core/browser/password_form_manager.h"
     21 
     22 class PrefRegistrySimple;
     23 
     24 namespace content {
     25 class WebContents;
     26 }
     27 
     28 namespace user_prefs {
     29 class PrefRegistrySyncable;
     30 }
     31 
     32 namespace password_manager {
     33 
     34 class BrowserSavePasswordProgressLogger;
     35 class PasswordManagerClient;
     36 class PasswordManagerDriver;
     37 class PasswordManagerTest;
     38 class PasswordFormManager;
     39 
     40 // Per-tab password manager. Handles creation and management of UI elements,
     41 // receiving password form data from the renderer and managing the password
     42 // database through the PasswordStore. The PasswordManager is a LoginModel
     43 // for purposes of supporting HTTP authentication dialogs.
     44 class PasswordManager : public LoginModel {
     45  public:
     46   static const char kOtherPossibleUsernamesExperiment[];
     47 
     48   static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
     49 #if defined(OS_WIN)
     50   static void RegisterLocalPrefs(PrefRegistrySimple* registry);
     51 #endif
     52   explicit PasswordManager(PasswordManagerClient* client);
     53   virtual ~PasswordManager();
     54 
     55   typedef base::Callback<void(const autofill::PasswordForm&)>
     56       PasswordSubmittedCallback;
     57 
     58   // There is no corresponding remove function as currently all of the
     59   // owners of these callbacks have sufficient lifetimes so that the callbacks
     60   // should always be valid when called.
     61   void AddSubmissionCallback(const PasswordSubmittedCallback& callback);
     62 
     63   // Is saving new data for password autofill enabled for the current profile
     64   // and page? For example, saving new data is disabled in Incognito mode,
     65   // whereas filling data is not. Also, saving data is disabled in the presence
     66   // of SSL errors on a page.
     67   bool IsSavingEnabledForCurrentPage() const;
     68 
     69   // Called by a PasswordFormManager when it decides a form can be autofilled
     70   // on the page.
     71   virtual void Autofill(const autofill::PasswordForm& form_for_autofill,
     72                         const autofill::PasswordFormMap& best_matches,
     73                         const autofill::PasswordForm& preferred_match,
     74                         bool wait_for_username) const;
     75 
     76   // LoginModel implementation.
     77   virtual void AddObserver(LoginModelObserver* observer) OVERRIDE;
     78   virtual void RemoveObserver(LoginModelObserver* observer) OVERRIDE;
     79 
     80   // Mark this form as having a generated password.
     81   void SetFormHasGeneratedPassword(const autofill::PasswordForm& form);
     82 
     83   // TODO(isherman): This should not be public, but is currently being used by
     84   // the LoginPrompt code.
     85   // When a form is submitted, we prepare to save the password but wait
     86   // until we decide the user has successfully logged in. This is step 1
     87   // of 2 (see SavePassword).
     88   void ProvisionallySavePassword(const autofill::PasswordForm& form);
     89 
     90   // Should be called when the user navigates the main frame.
     91   void DidNavigateMainFrame(bool is_in_page);
     92 
     93   // Handles password forms being parsed.
     94   void OnPasswordFormsParsed(
     95       const std::vector<autofill::PasswordForm>& forms);
     96 
     97   // Handles password forms being rendered.
     98   void OnPasswordFormsRendered(
     99       const std::vector<autofill::PasswordForm>& visible_forms,
    100       bool did_stop_loading);
    101 
    102   // Handles a password form being submitted.
    103   virtual void OnPasswordFormSubmitted(
    104       const autofill::PasswordForm& password_form);
    105 
    106   PasswordManagerClient* client() { return client_; }
    107 
    108  private:
    109   enum ProvisionalSaveFailure {
    110     SAVING_DISABLED,
    111     EMPTY_PASSWORD,
    112     NO_MATCHING_FORM,
    113     MATCHING_NOT_COMPLETE,
    114     FORM_BLACKLISTED,
    115     INVALID_FORM,
    116     AUTOCOMPLETE_OFF,
    117     SYNC_CREDENTIAL,
    118     MAX_FAILURE_VALUE
    119   };
    120 
    121   // Returns if the password manager is enabled for this page. There are certain
    122   // situations (e.g. bad SSL cert) where we disable the password manager
    123   // temporarily.
    124   bool IsEnabledForCurrentPage() const;
    125 
    126   // Log failure for UMA. Logs additional metrics if the |form_origin|
    127   // corresponds to one of the top, explicitly monitored websites. For some
    128   // values of |failure| also sends logs to the internals page through |logger|,
    129   // it |logger| is not NULL.
    130   void RecordFailure(ProvisionalSaveFailure failure,
    131                      const std::string& form_origin,
    132                      BrowserSavePasswordProgressLogger* logger);
    133 
    134   // Possibly set up FieldTrial for testing other possible usernames. This only
    135   // happens if there are other_possible_usernames to be shown and the
    136   // experiment hasn't already been initialized. We setup the experiment at
    137   // such a late time because this experiment will only affect a small number
    138   // of users so we want to include a larger fraction of these users than the
    139   // normal 10%.
    140   void PossiblyInitializeUsernamesExperiment(
    141       const autofill::PasswordFormMap& matches) const;
    142 
    143   // Returns true if we can show possible usernames to users in cases where
    144   // the username for the form is ambigious.
    145   bool OtherPossibleUsernamesEnabled() const;
    146 
    147   // Returns true if the user needs to be prompted before a password can be
    148   // saved (instead of automatically saving
    149   // the password), based on inspecting the state of
    150   // |provisional_save_manager_|.
    151   bool ShouldPromptUserToSavePassword() const;
    152 
    153   // Checks for every from in |forms| whether |pending_login_managers_| already
    154   // contain a manager for that form. If not, adds a manager for each such form.
    155   void CreatePendingLoginManagers(
    156       const std::vector<autofill::PasswordForm>& forms);
    157 
    158   // Note about how a PasswordFormManager can transition from
    159   // pending_login_managers_ to provisional_save_manager_ and the infobar.
    160   //
    161   // 1. form "seen"
    162   //       |                                             new
    163   //       |                                               ___ Infobar
    164   // pending_login -- form submit --> provisional_save ___/
    165   //             ^                            |           \___ (update DB)
    166   //             |                           fail
    167   //             |-----------<------<---------|          !new
    168   //
    169   // When a form is "seen" on a page, a PasswordFormManager is created
    170   // and stored in this collection until user navigates away from page.
    171 
    172   ScopedVector<PasswordFormManager> pending_login_managers_;
    173 
    174   // When the user submits a password/credential, this contains the
    175   // PasswordFormManager for the form in question until we deem the login
    176   // attempt to have succeeded (as in valid credentials). If it fails, we
    177   // send the PasswordFormManager back to the pending_login_managers_ set.
    178   // Scoped in case PasswordManager gets deleted (e.g tab closes) between the
    179   // time a user submits a login form and gets to the next page.
    180   scoped_ptr<PasswordFormManager> provisional_save_manager_;
    181 
    182   // The embedder-level client. Must outlive this class.
    183   PasswordManagerClient* const client_;
    184 
    185   // The platform-level driver. Must outlive this class.
    186   PasswordManagerDriver* const driver_;
    187 
    188   // Set to false to disable password saving (will no longer ask if you
    189   // want to save passwords but will continue to fill passwords).
    190   BooleanPrefMember saving_passwords_enabled_;
    191 
    192   // Observers to be notified of LoginModel events.  This is mutable to allow
    193   // notification in const member functions.
    194   mutable ObserverList<LoginModelObserver> observers_;
    195 
    196   // Callbacks to be notified when a password form has been submitted.
    197   std::vector<PasswordSubmittedCallback> submission_callbacks_;
    198 
    199   // Records all visible forms seen during a page load, in all frames of the
    200   // page. When the page stops loading, the password manager checks if one of
    201   // the recorded forms matches the login form from the previous page
    202   // (to see if the login was a failure), and clears the vector.
    203   std::vector<autofill::PasswordForm> all_visible_forms_;
    204 
    205   DISALLOW_COPY_AND_ASSIGN(PasswordManager);
    206 };
    207 
    208 }  // namespace password_manager
    209 
    210 #endif  // COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_MANAGER_H_
    211