1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "components/autofill/content/renderer/password_generation_agent.h" 6 7 #include "base/command_line.h" 8 #include "base/logging.h" 9 #include "base/memory/scoped_ptr.h" 10 #include "components/autofill/content/common/autofill_messages.h" 11 #include "components/autofill/content/renderer/form_autofill_util.h" 12 #include "components/autofill/content/renderer/password_form_conversion_utils.h" 13 #include "components/autofill/core/common/autofill_switches.h" 14 #include "components/autofill/core/common/form_data.h" 15 #include "components/autofill/core/common/password_form.h" 16 #include "components/autofill/core/common/password_generation_util.h" 17 #include "content/public/renderer/render_view.h" 18 #include "google_apis/gaia/gaia_urls.h" 19 #include "third_party/WebKit/public/platform/WebCString.h" 20 #include "third_party/WebKit/public/platform/WebRect.h" 21 #include "third_party/WebKit/public/platform/WebVector.h" 22 #include "third_party/WebKit/public/web/WebDocument.h" 23 #include "third_party/WebKit/public/web/WebFormElement.h" 24 #include "third_party/WebKit/public/web/WebInputElement.h" 25 #include "third_party/WebKit/public/web/WebLocalFrame.h" 26 #include "third_party/WebKit/public/web/WebSecurityOrigin.h" 27 #include "third_party/WebKit/public/web/WebView.h" 28 #include "ui/gfx/rect.h" 29 30 namespace autofill { 31 32 namespace { 33 34 // Returns true if we think that this form is for account creation. |passwords| 35 // is filled with the password field(s) in the form. 36 bool GetAccountCreationPasswordFields( 37 const blink::WebFormElement& form, 38 std::vector<blink::WebInputElement>* passwords) { 39 // Grab all of the passwords for the form. 40 blink::WebVector<blink::WebFormControlElement> control_elements; 41 form.getFormControlElements(control_elements); 42 43 size_t num_input_elements = 0; 44 for (size_t i = 0; i < control_elements.size(); i++) { 45 blink::WebInputElement* input_element = 46 toWebInputElement(&control_elements[i]); 47 // Only pay attention to visible password fields. 48 if (input_element && 49 input_element->isTextField() && 50 input_element->hasNonEmptyBoundingBox()) { 51 num_input_elements++; 52 if (input_element->isPasswordField()) 53 passwords->push_back(*input_element); 54 } 55 } 56 57 // This may be too lenient, but we assume that any form with at least three 58 // input elements where at least one of them is a password is an account 59 // creation form. 60 if (!passwords->empty() && num_input_elements >= 3) { 61 // We trim |passwords| because occasionally there are forms where the 62 // security question answers are put in password fields and we don't want 63 // to fill those. 64 if (passwords->size() > 2) 65 passwords->resize(2); 66 67 return true; 68 } 69 70 return false; 71 } 72 73 bool ContainsURL(const std::vector<GURL>& urls, const GURL& url) { 74 return std::find(urls.begin(), urls.end(), url) != urls.end(); 75 } 76 77 // Returns true if the |form1| is essentially equal to |form2|. 78 bool FormsAreEqual(const autofill::FormData& form1, 79 const PasswordForm& form2) { 80 // TODO(zysxqn): use more signals than just origin to compare. 81 // Note that FormData strips the fragement from the url while PasswordForm 82 // strips both the fragement and the path, so we can't just compare these 83 // two directly. 84 return form1.origin.GetOrigin() == form2.origin.GetOrigin(); 85 } 86 87 bool ContainsForm(const std::vector<autofill::FormData>& forms, 88 const PasswordForm& form) { 89 for (std::vector<autofill::FormData>::const_iterator it = 90 forms.begin(); it != forms.end(); ++it) { 91 if (FormsAreEqual(*it, form)) 92 return true; 93 } 94 return false; 95 } 96 97 } // namespace 98 99 PasswordGenerationAgent::PasswordGenerationAgent( 100 content::RenderView* render_view) 101 : content::RenderViewObserver(render_view), 102 render_view_(render_view), 103 password_is_generated_(false), 104 password_edited_(false), 105 enabled_(password_generation::IsPasswordGenerationEnabled()) { 106 DVLOG(2) << "Password Generation is " << (enabled_ ? "Enabled" : "Disabled"); 107 } 108 PasswordGenerationAgent::~PasswordGenerationAgent() {} 109 110 void PasswordGenerationAgent::DidFinishDocumentLoad( 111 blink::WebLocalFrame* frame) { 112 // In every navigation, the IPC message sent by the password autofill manager 113 // to query whether the current form is blacklisted or not happens when the 114 // document load finishes, so we need to clear previous states here before we 115 // hear back from the browser. We only clear this state on main frame load 116 // as we don't want subframe loads to clear state that we have received from 117 // the main frame. Note that we assume there is only one account creation 118 // form, but there could be multiple password forms in each frame. 119 if (!frame->parent()) { 120 not_blacklisted_password_form_origins_.clear(); 121 generation_enabled_forms_.clear(); 122 generation_element_.reset(); 123 possible_account_creation_form_.reset(new PasswordForm()); 124 password_elements_.clear(); 125 password_is_generated_ = false; 126 if (password_edited_) { 127 password_generation::LogPasswordGenerationEvent( 128 password_generation::PASSWORD_EDITED); 129 } 130 password_edited_ = false; 131 } 132 } 133 134 void PasswordGenerationAgent::DidFinishLoad(blink::WebLocalFrame* frame) { 135 if (!enabled_) 136 return; 137 138 // We don't want to generate passwords if the browser won't store or sync 139 // them. 140 if (!ShouldAnalyzeDocument(frame->document())) 141 return; 142 143 blink::WebVector<blink::WebFormElement> forms; 144 frame->document().forms(forms); 145 for (size_t i = 0; i < forms.size(); ++i) { 146 if (forms[i].isNull()) 147 continue; 148 149 // If we can't get a valid PasswordForm, we skip this form because the 150 // the password won't get saved even if we generate it. 151 scoped_ptr<PasswordForm> password_form( 152 CreatePasswordForm(forms[i])); 153 if (!password_form.get()) { 154 DVLOG(2) << "Skipping form as it would not be saved"; 155 continue; 156 } 157 158 // Do not generate password for GAIA since it is used to retrieve the 159 // generated paswords. 160 GURL realm(password_form->signon_realm); 161 if (realm == GaiaUrls::GetInstance()->gaia_login_form_realm()) 162 continue; 163 164 std::vector<blink::WebInputElement> passwords; 165 if (GetAccountCreationPasswordFields(forms[i], &passwords)) { 166 DVLOG(2) << "Account creation form detected"; 167 password_generation::LogPasswordGenerationEvent( 168 password_generation::SIGN_UP_DETECTED); 169 password_elements_ = passwords; 170 possible_account_creation_form_.swap(password_form); 171 DetermineGenerationElement(); 172 // We assume that there is only one account creation field per URL. 173 return; 174 } 175 } 176 password_generation::LogPasswordGenerationEvent( 177 password_generation::NO_SIGN_UP_DETECTED); 178 } 179 180 bool PasswordGenerationAgent::ShouldAnalyzeDocument( 181 const blink::WebDocument& document) const { 182 // Make sure that this security origin is allowed to use password manager. 183 // Generating a password that can't be saved is a bad idea. 184 blink::WebSecurityOrigin origin = document.securityOrigin(); 185 if (!origin.canAccessPasswordManager()) { 186 DVLOG(1) << "No PasswordManager access"; 187 return false; 188 } 189 190 return true; 191 } 192 193 bool PasswordGenerationAgent::OnMessageReceived(const IPC::Message& message) { 194 bool handled = true; 195 IPC_BEGIN_MESSAGE_MAP(PasswordGenerationAgent, message) 196 IPC_MESSAGE_HANDLER(AutofillMsg_FormNotBlacklisted, 197 OnFormNotBlacklisted) 198 IPC_MESSAGE_HANDLER(AutofillMsg_GeneratedPasswordAccepted, 199 OnPasswordAccepted) 200 IPC_MESSAGE_HANDLER(AutofillMsg_AccountCreationFormsDetected, 201 OnAccountCreationFormsDetected) 202 IPC_MESSAGE_UNHANDLED(handled = false) 203 IPC_END_MESSAGE_MAP() 204 return handled; 205 } 206 207 void PasswordGenerationAgent::OnFormNotBlacklisted(const PasswordForm& form) { 208 not_blacklisted_password_form_origins_.push_back(form.origin); 209 DetermineGenerationElement(); 210 } 211 212 void PasswordGenerationAgent::OnPasswordAccepted( 213 const base::string16& password) { 214 password_is_generated_ = true; 215 password_generation::LogPasswordGenerationEvent( 216 password_generation::PASSWORD_ACCEPTED); 217 for (std::vector<blink::WebInputElement>::iterator it = 218 password_elements_.begin(); 219 it != password_elements_.end(); ++it) { 220 it->setValue(password); 221 it->setAutofilled(true); 222 // Advance focus to the next input field. We assume password fields in 223 // an account creation form are always adjacent. 224 render_view_->GetWebView()->advanceFocus(false); 225 } 226 } 227 228 void PasswordGenerationAgent::OnAccountCreationFormsDetected( 229 const std::vector<autofill::FormData>& forms) { 230 generation_enabled_forms_.insert( 231 generation_enabled_forms_.end(), forms.begin(), forms.end()); 232 DetermineGenerationElement(); 233 } 234 235 void PasswordGenerationAgent::DetermineGenerationElement() { 236 // Make sure local heuristics have identified a possible account creation 237 // form. 238 if (!possible_account_creation_form_.get() || password_elements_.empty()) { 239 DVLOG(2) << "Local hueristics have not detected a possible account " 240 << "creation form"; 241 return; 242 } 243 244 if (CommandLine::ForCurrentProcess()->HasSwitch( 245 switches::kLocalHeuristicsOnlyForPasswordGeneration)) { 246 DVLOG(2) << "Bypassing additional checks."; 247 } else if (not_blacklisted_password_form_origins_.empty() || 248 !ContainsURL(not_blacklisted_password_form_origins_, 249 possible_account_creation_form_->origin)) { 250 DVLOG(2) << "Have not received confirmation that password form isn't " 251 << "blacklisted"; 252 return; 253 } else if (generation_enabled_forms_.empty() || 254 !ContainsForm(generation_enabled_forms_, 255 *possible_account_creation_form_)) { 256 // Note that this message will never be sent if this feature is disabled 257 // (e.g. Password saving is disabled). 258 DVLOG(2) << "Have not received confirmation from Autofill that form is " 259 << "used for account creation"; 260 return; 261 } 262 263 DVLOG(2) << "Password generation eligible form found"; 264 generation_element_ = password_elements_[0]; 265 password_generation::LogPasswordGenerationEvent( 266 password_generation::GENERATION_AVAILABLE); 267 } 268 269 bool PasswordGenerationAgent::FocusedNodeHasChanged( 270 const blink::WebNode& node) { 271 if (!generation_element_.isNull()) 272 generation_element_.setShouldRevealPassword(false); 273 274 if (node.isNull() || !node.isElementNode()) 275 return false; 276 277 const blink::WebElement web_element = node.toConst<blink::WebElement>(); 278 if (!web_element.document().frame()) 279 return false; 280 281 const blink::WebInputElement* element = toWebInputElement(&web_element); 282 if (!element || *element != generation_element_) 283 return false; 284 285 if (password_is_generated_) { 286 generation_element_.setShouldRevealPassword(true); 287 ShowEditingPopup(); 288 return true; 289 } 290 291 // Assume that if the password field has less than kMaximumOfferSize 292 // characters then the user is not finished typing their password and display 293 // the password suggestion. 294 if (!element->isReadOnly() && 295 element->isEnabled() && 296 element->value().length() <= kMaximumOfferSize) { 297 ShowGenerationPopup(); 298 return true; 299 } 300 301 return false; 302 } 303 304 bool PasswordGenerationAgent::TextDidChangeInTextField( 305 const blink::WebInputElement& element) { 306 if (element != generation_element_) 307 return false; 308 309 if (element.value().isEmpty()) { 310 if (password_is_generated_) { 311 // User generated a password and then deleted it. 312 password_generation::LogPasswordGenerationEvent( 313 password_generation::PASSWORD_DELETED); 314 } 315 316 // Do not treat the password as generated. 317 // TODO(gcasto): Set PasswordForm::type in the browser to TYPE_NORMAL. 318 password_is_generated_ = false; 319 generation_element_.setShouldRevealPassword(false); 320 321 // Offer generation again. 322 ShowGenerationPopup(); 323 } else if (password_is_generated_) { 324 password_edited_ = true; 325 // Mirror edits to any confirmation password fields. 326 for (std::vector<blink::WebInputElement>::iterator it = 327 password_elements_.begin(); 328 it != password_elements_.end(); ++it) { 329 it->setValue(element.value()); 330 } 331 } else if (element.value().length() > kMaximumOfferSize) { 332 // User has rejected the feature and has started typing a password. 333 HidePopup(); 334 } else { 335 // Password isn't generated and there are fewer than kMaximumOfferSize 336 // characters typed, so keep offering the password. Note this function 337 // will just keep the previous popup if one is already showing. 338 ShowGenerationPopup(); 339 } 340 341 return true; 342 } 343 344 void PasswordGenerationAgent::ShowGenerationPopup() { 345 gfx::RectF bounding_box_scaled = 346 GetScaledBoundingBox(render_view_->GetWebView()->pageScaleFactor(), 347 &generation_element_); 348 349 Send(new AutofillHostMsg_ShowPasswordGenerationPopup( 350 routing_id(), 351 bounding_box_scaled, 352 generation_element_.maxLength(), 353 *possible_account_creation_form_)); 354 355 password_generation::LogPasswordGenerationEvent( 356 password_generation::GENERATION_POPUP_SHOWN); 357 } 358 359 void PasswordGenerationAgent::ShowEditingPopup() { 360 gfx::RectF bounding_box_scaled = 361 GetScaledBoundingBox(render_view_->GetWebView()->pageScaleFactor(), 362 &generation_element_); 363 364 Send(new AutofillHostMsg_ShowPasswordEditingPopup( 365 routing_id(), 366 bounding_box_scaled, 367 *possible_account_creation_form_)); 368 369 password_generation::LogPasswordGenerationEvent( 370 password_generation::EDITING_POPUP_SHOWN); 371 } 372 373 void PasswordGenerationAgent::HidePopup() { 374 Send(new AutofillHostMsg_HidePasswordGenerationPopup(routing_id())); 375 } 376 377 } // namespace autofill 378
