src/chrome/browser/password_manager/password_manager.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/password_manager/password_manager.h"
   6
   7 #include "base/command_line.h"
   8 #include "base/metrics/field_trial.h"
   9 #include "base/metrics/histogram.h"
  10 #include "base/prefs/pref_service.h"
  11 #include "base/strings/string_util.h"
  12 #include "base/strings/utf_string_conversions.h"
  13 #include "base/threading/platform_thread.h"
  14 #include "chrome/browser/password_manager/password_form_manager.h"
  15 #include "chrome/browser/password_manager/password_manager_delegate.h"
  16 #include "chrome/browser/password_manager/password_manager_metrics_util.h"
  17 #include "chrome/browser/password_manager/password_manager_util.h"
  18 #include "chrome/browser/profiles/profile.h"
  19 #include "chrome/browser/ui/passwords/manage_passwords_bubble_ui_controller.h"
  20 #include "chrome/common/chrome_switches.h"
  21 #include "chrome/common/chrome_version_info.h"
  22 #include "chrome/common/pref_names.h"
  23 #include "components/autofill/content/common/autofill_messages.h"
  24 #include "components/autofill/core/common/password_autofill_util.h"
  25 #include "components/user_prefs/pref_registry_syncable.h"
  26 #include "content/public/browser/browser_thread.h"
  27 #include "content/public/browser/navigation_details.h"
  28 #include "content/public/browser/user_metrics.h"
  29 #include "content/public/browser/web_contents.h"
  30 #include "content/public/common/frame_navigate_params.h"
  31 #include "grit/generated_resources.h"
  32
  33 using autofill::PasswordForm;
  34 using autofill::PasswordFormMap;
  35 using base::UserMetricsAction;
  36 using content::BrowserThread;
  37 using content::WebContents;
  38
  39 DEFINE_WEB_CONTENTS_USER_DATA_KEY(PasswordManager);
  40
  41 namespace {
  42
  43 const char kSpdyProxyRealm[] = "/SpdyProxy";
  44 const char kOtherPossibleUsernamesExperiment[] =
  45     "PasswordManagerOtherPossibleUsernames";
  46
  47 void ReportOsPassword() {
  48   password_manager_util::OsPasswordStatus status =
  49       password_manager_util::GetOsPasswordStatus();
  50
  51   UMA_HISTOGRAM_ENUMERATION("PasswordManager.OsPasswordStatus",
  52                             status,
  53                             password_manager_util::MAX_PASSWORD_STATUS);
  54 }
  55
  56 // This routine is called when PasswordManagers are constructed.
  57 //
  58 // Currently we report metrics only once at startup. We require
  59 // that this is only ever called from a single thread in order to
  60 // avoid needing to lock (a static boolean flag is then sufficient to
  61 // guarantee running only once).
  62 void ReportMetrics(bool password_manager_enabled) {
  63   static base::PlatformThreadId initial_thread_id =
  64       base::PlatformThread::CurrentId();
  65   DCHECK(initial_thread_id == base::PlatformThread::CurrentId());
  66
  67   static bool ran_once = false;
  68   if (ran_once)
  69     return;
  70   ran_once = true;
  71
  72   // Avoid checking OS password until later on in browser startup
  73   // since it calls a few Windows APIs.
  74   BrowserThread::PostDelayedTask(BrowserThread::UI,
  75                                  FROM_HERE,
  76                                  base::Bind(&ReportOsPassword),
  77                                  base::TimeDelta::FromSeconds(10));
  78
  79   UMA_HISTOGRAM_BOOLEAN("PasswordManager.Enabled", password_manager_enabled);
  80 }
  81
  82 }  // namespace
  83
  84 // static
  85 void PasswordManager::RegisterProfilePrefs(
  86     user_prefs::PrefRegistrySyncable* registry) {
  87   registry->RegisterBooleanPref(
  88       prefs::kPasswordManagerEnabled,
  89       true,
  90       user_prefs::PrefRegistrySyncable::SYNCABLE_PREF);
  91   registry->RegisterBooleanPref(
  92       prefs::kPasswordManagerAllowShowPasswords,
  93       true,
  94       user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
  95   registry->RegisterListPref(prefs::kPasswordManagerGroupsForDomains,
  96                              user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
  97 }
  98
  99 // static
 100 void PasswordManager::CreateForWebContentsAndDelegate(
 101     content::WebContents* contents,
 102     PasswordManagerDelegate* delegate) {
 103   if (FromWebContents(contents)) {
 104     DCHECK_EQ(delegate, FromWebContents(contents)->delegate_);
 105     return;
 106   }
 107
 108   contents->SetUserData(UserDataKey(),
 109                         new PasswordManager(contents, delegate));
 110 }
 111
 112 PasswordManager::PasswordManager(WebContents* web_contents,
 113                                  PasswordManagerDelegate* delegate)
 114     : content::WebContentsObserver(web_contents),
 115       delegate_(delegate) {
 116   DCHECK(delegate_);
 117   password_manager_enabled_.Init(prefs::kPasswordManagerEnabled,
 118                                  delegate_->GetProfile()->GetPrefs());
 119
 120   ReportMetrics(*password_manager_enabled_);
 121 }
 122
 123 PasswordManager::~PasswordManager() {
 124   FOR_EACH_OBSERVER(LoginModelObserver, observers_, OnLoginModelDestroying());
 125 }
 126
 127 void PasswordManager::SetFormHasGeneratedPassword(const PasswordForm& form) {
 128   for (ScopedVector<PasswordFormManager>::iterator iter =
 129            pending_login_managers_.begin();
 130        iter != pending_login_managers_.end(); ++iter) {
 131     if ((*iter)->DoesManage(
 132         form, PasswordFormManager::ACTION_MATCH_REQUIRED)) {
 133       (*iter)->SetHasGeneratedPassword();
 134       return;
 135     }
 136   }
 137   // If there is no corresponding PasswordFormManager, we create one. This is
 138   // not the common case, and should only happen when there is a bug in our
 139   // ability to detect forms.
 140   bool ssl_valid = (form.origin.SchemeIsSecure() &&
 141                     !delegate_->DidLastPageLoadEncounterSSLErrors());
 142   PasswordFormManager* manager =
 143       new PasswordFormManager(delegate_->GetProfile(),
 144                               this,
 145                               web_contents(),
 146                               form,
 147                               ssl_valid);
 148   pending_login_managers_.push_back(manager);
 149   manager->SetHasGeneratedPassword();
 150   // TODO(gcasto): Add UMA stats to track this.
 151 }
 152
 153 bool PasswordManager::IsSavingEnabled() const {
 154   return *password_manager_enabled_ &&
 155          !delegate_->GetProfile()->IsOffTheRecord();
 156 }
 157
 158 void PasswordManager::ProvisionallySavePassword(const PasswordForm& form) {
 159   if (!IsSavingEnabled()) {
 160     RecordFailure(SAVING_DISABLED, form.origin.host());
 161     return;
 162   }
 163
 164   // No password to save? Then don't.
 165   if (form.password_value.empty()) {
 166     RecordFailure(EMPTY_PASSWORD, form.origin.host());
 167     return;
 168   }
 169
 170   scoped_ptr<PasswordFormManager> manager;
 171   ScopedVector<PasswordFormManager>::iterator matched_manager_it =
 172       pending_login_managers_.end();
 173   for (ScopedVector<PasswordFormManager>::iterator iter =
 174            pending_login_managers_.begin();
 175        iter != pending_login_managers_.end(); ++iter) {
 176     // If we find a manager that exactly matches the submitted form including
 177     // the action URL, exit the loop.
 178     if ((*iter)->DoesManage(
 179         form, PasswordFormManager::ACTION_MATCH_REQUIRED)) {
 180       matched_manager_it = iter;
 181       break;
 182     // If the current manager matches the submitted form excluding the action
 183     // URL, remember it as a candidate and continue searching for an exact
 184     // match.
 185     } else if ((*iter)->DoesManage(
 186         form, PasswordFormManager::ACTION_MATCH_NOT_REQUIRED)) {
 187       matched_manager_it = iter;
 188     }
 189   }
 190   // If we didn't find a manager, this means a form was submitted without
 191   // first loading the page containing the form. Don't offer to save
 192   // passwords in this case.
 193   if (matched_manager_it != pending_login_managers_.end()) {
 194     // Transfer ownership of the manager from |pending_login_managers_| to
 195     // |manager|.
 196     manager.reset(*matched_manager_it);
 197     pending_login_managers_.weak_erase(matched_manager_it);
 198   } else {
 199     RecordFailure(NO_MATCHING_FORM, form.origin.host());
 200     return;
 201   }
 202
 203   // If we found a manager but it didn't finish matching yet, the user has
 204   // tried to submit credentials before we had time to even find matching
 205   // results for the given form and autofill. If this is the case, we just
 206   // give up.
 207   if (!manager->HasCompletedMatching()) {
 208     RecordFailure(MATCHING_NOT_COMPLETE, form.origin.host());
 209     return;
 210   }
 211
 212   // Also get out of here if the user told us to 'never remember' passwords for
 213   // this form.
 214   if (manager->IsBlacklisted()) {
 215     RecordFailure(FORM_BLACKLISTED, form.origin.host());
 216     return;
 217   }
 218
 219   // Bail if we're missing any of the necessary form components.
 220   if (!manager->HasValidPasswordForm()) {
 221     RecordFailure(INVALID_FORM, form.origin.host());
 222     return;
 223   }
 224
 225   // Always save generated passwords, as the user expresses explicit intent for
 226   // Chrome to manage such passwords. For other passwords, respect the
 227   // autocomplete attribute if autocomplete='off' is not ignored.
 228   if (!autofill::ShouldIgnoreAutocompleteOffForPasswordFields() &&
 229       !manager->HasGeneratedPassword() &&
 230       !form.password_autocomplete_set) {
 231     RecordFailure(AUTOCOMPLETE_OFF, form.origin.host());
 232     return;
 233   }
 234
 235   PasswordForm provisionally_saved_form(form);
 236   provisionally_saved_form.ssl_valid = form.origin.SchemeIsSecure() &&
 237       !delegate_->DidLastPageLoadEncounterSSLErrors();
 238   provisionally_saved_form.preferred = true;
 239   PasswordFormManager::OtherPossibleUsernamesAction action =
 240       PasswordFormManager::IGNORE_OTHER_POSSIBLE_USERNAMES;
 241   if (OtherPossibleUsernamesEnabled())
 242     action = PasswordFormManager::ALLOW_OTHER_POSSIBLE_USERNAMES;
 243   manager->ProvisionallySave(provisionally_saved_form, action);
 244   provisional_save_manager_.swap(manager);
 245 }
 246
 247 void PasswordManager::RecordFailure(ProvisionalSaveFailure failure,
 248                                     const std::string& form_origin) {
 249   UMA_HISTOGRAM_ENUMERATION("PasswordManager.ProvisionalSaveFailure",
 250                             failure, MAX_FAILURE_VALUE);
 251
 252   std::string group_name = password_manager_metrics_util::GroupIdToString(
 253       password_manager_metrics_util::MonitoredDomainGroupId(
 254           form_origin, delegate_->GetProfile()->GetPrefs()));
 255   if (!group_name.empty()) {
 256     password_manager_metrics_util::LogUMAHistogramEnumeration(
 257         "PasswordManager.ProvisionalSaveFailure_" + group_name, failure,
 258         MAX_FAILURE_VALUE);
 259   }
 260 }
 261
 262 void PasswordManager::AddSubmissionCallback(
 263     const PasswordSubmittedCallback& callback) {
 264   submission_callbacks_.push_back(callback);
 265 }
 266
 267 void PasswordManager::AddObserver(LoginModelObserver* observer) {
 268   observers_.AddObserver(observer);
 269 }
 270
 271 void PasswordManager::RemoveObserver(LoginModelObserver* observer) {
 272   observers_.RemoveObserver(observer);
 273 }
 274
 275 void PasswordManager::DidNavigateMainFrame(
 276       const content::LoadCommittedDetails& details,
 277       const content::FrameNavigateParams& params) {
 278   // Clear data after main frame navigation. We don't want to clear data after
 279   // subframe navigation as there might be password forms on other frames that
 280   // could be submitted.
 281   if (!details.is_in_page)
 282     pending_login_managers_.clear();
 283 }
 284
 285 bool PasswordManager::OnMessageReceived(const IPC::Message& message) {
 286   bool handled = true;
 287   IPC_BEGIN_MESSAGE_MAP(PasswordManager, message)
 288     IPC_MESSAGE_HANDLER(AutofillHostMsg_PasswordFormsParsed,
 289                         OnPasswordFormsParsed)
 290     IPC_MESSAGE_HANDLER(AutofillHostMsg_PasswordFormsRendered,
 291                         OnPasswordFormsRendered)
 292     IPC_MESSAGE_HANDLER(AutofillHostMsg_PasswordFormSubmitted,
 293                         OnPasswordFormSubmitted)
 294     IPC_MESSAGE_UNHANDLED(handled = false)
 295   IPC_END_MESSAGE_MAP()
 296   return handled;
 297 }
 298
 299 void PasswordManager::OnPasswordFormSubmitted(
 300     const PasswordForm& password_form) {
 301   ProvisionallySavePassword(password_form);
 302   for (size_t i = 0; i < submission_callbacks_.size(); ++i) {
 303     submission_callbacks_[i].Run(password_form);
 304   }
 305
 306   pending_login_managers_.clear();
 307 }
 308
 309 void PasswordManager::OnPasswordFormsParsed(
 310     const std::vector<PasswordForm>& forms) {
 311   // Ask the SSLManager for current security.
 312   bool had_ssl_error = delegate_->DidLastPageLoadEncounterSSLErrors();
 313
 314   for (std::vector<PasswordForm>::const_iterator iter = forms.begin();
 315        iter != forms.end(); ++iter) {
 316     // Don't involve the password manager if this form corresponds to
 317     // SpdyProxy authentication, as indicated by the realm.
 318     if (EndsWith(iter->signon_realm, kSpdyProxyRealm, true))
 319       continue;
 320
 321     bool ssl_valid = iter->origin.SchemeIsSecure() && !had_ssl_error;
 322     PasswordFormManager* manager =
 323         new PasswordFormManager(delegate_->GetProfile(),
 324                                 this,
 325                                 web_contents(),
 326                                 *iter,
 327                                 ssl_valid);
 328     pending_login_managers_.push_back(manager);
 329
 330     // Avoid prompting the user for access to a password if they don't have
 331     // password saving enabled.
 332     PasswordStore::AuthorizationPromptPolicy prompt_policy =
 333         *password_manager_enabled_ ? PasswordStore::ALLOW_PROMPT
 334                                    : PasswordStore::DISALLOW_PROMPT;
 335
 336     manager->FetchMatchingLoginsFromPasswordStore(prompt_policy);
 337   }
 338 }
 339
 340 bool PasswordManager::ShouldShowSavePasswordInfoBar() const {
 341   return provisional_save_manager_->IsNewLogin() &&
 342          !provisional_save_manager_->HasGeneratedPassword() &&
 343          !provisional_save_manager_->IsPendingCredentialsPublicSuffixMatch();
 344 }
 345
 346 void PasswordManager::OnPasswordFormsRendered(
 347     const std::vector<PasswordForm>& visible_forms) {
 348   if (!provisional_save_manager_.get())
 349     return;
 350
 351   DCHECK(IsSavingEnabled());
 352
 353   // If we see the login form again, then the login failed.
 354   for (size_t i = 0; i < visible_forms.size(); ++i) {
 355     // TODO(vabr): The similarity check is just action equality for now. If it
 356     // becomes more complex, it may make sense to consider modifying and using
 357     // PasswordFormManager::DoesManage for it.
 358     if (visible_forms[i].action.is_valid() &&
 359         provisional_save_manager_->pending_credentials().action ==
 360             visible_forms[i].action) {
 361       provisional_save_manager_->SubmitFailed();
 362       provisional_save_manager_.reset();
 363       return;
 364     }
 365   }
 366
 367   // Looks like a successful login attempt. Either show an infobar or
 368   // automatically save the login data. We prompt when the user hasn't already
 369   // given consent, either through previously accepting the infobar or by having
 370   // the browser generate the password.
 371   provisional_save_manager_->SubmitPassed();
 372   if (provisional_save_manager_->HasGeneratedPassword())
 373     UMA_HISTOGRAM_COUNTS("PasswordGeneration.Submitted", 1);
 374
 375   if (ShouldShowSavePasswordInfoBar()) {
 376     if (CommandLine::ForCurrentProcess()->HasSwitch(
 377           switches::kEnableSavePasswordBubble)) {
 378       ManagePasswordsBubbleUIController* manage_passwords_bubble_ui_controller =
 379           ManagePasswordsBubbleUIController::FromWebContents(web_contents());
 380       if (manage_passwords_bubble_ui_controller) {
 381         manage_passwords_bubble_ui_controller->OnPasswordSubmitted(
 382             provisional_save_manager_.release());
 383       } else {
 384         provisional_save_manager_.reset();
 385       }
 386     } else {
 387       delegate_->AddSavePasswordInfoBarIfPermitted(
 388           provisional_save_manager_.release());
 389     }
 390   } else {
 391     provisional_save_manager_->Save();
 392     provisional_save_manager_.reset();
 393   }
 394 }
 395
 396 void PasswordManager::PossiblyInitializeUsernamesExperiment(
 397     const PasswordFormMap& best_matches) const {
 398   if (base::FieldTrialList::Find(kOtherPossibleUsernamesExperiment))
 399     return;
 400
 401   bool other_possible_usernames_exist = false;
 402   for (autofill::PasswordFormMap::const_iterator it = best_matches.begin();
 403        it != best_matches.end(); ++it) {
 404     if (!it->second->other_possible_usernames.empty()) {
 405       other_possible_usernames_exist = true;
 406       break;
 407     }
 408   }
 409
 410   if (!other_possible_usernames_exist)
 411     return;
 412
 413   const base::FieldTrial::Probability kDivisor = 100;
 414   scoped_refptr<base::FieldTrial> trial(
 415       base::FieldTrialList::FactoryGetFieldTrial(
 416           kOtherPossibleUsernamesExperiment,
 417           kDivisor, "Disabled", 2013, 12, 31,
 418           base::FieldTrial::ONE_TIME_RANDOMIZED, NULL));
 419   base::FieldTrial::Probability enabled_probability = 0;
 420
 421   switch (chrome::VersionInfo::GetChannel()) {
 422     case chrome::VersionInfo::CHANNEL_DEV:
 423     case chrome::VersionInfo::CHANNEL_BETA:
 424       enabled_probability = 50;
 425       break;
 426     default:
 427       break;
 428   }
 429
 430   trial->AppendGroup("Enabled", enabled_probability);
 431 }
 432
 433 bool PasswordManager::OtherPossibleUsernamesEnabled() const {
 434   return base::FieldTrialList::FindFullName(
 435       kOtherPossibleUsernamesExperiment) == "Enabled";
 436 }
 437
 438 void PasswordManager::Autofill(
 439     const PasswordForm& form_for_autofill,
 440     const PasswordFormMap& best_matches,
 441     const PasswordForm& preferred_match,
 442     bool wait_for_username) const {
 443   PossiblyInitializeUsernamesExperiment(best_matches);
 444   switch (form_for_autofill.scheme) {
 445     case PasswordForm::SCHEME_HTML: {
 446       // Note the check above is required because the observers_ for a non-HTML
 447       // schemed password form may have been freed, so we need to distinguish.
 448       autofill::PasswordFormFillData fill_data;
 449       InitPasswordFormFillData(form_for_autofill,
 450                                best_matches,
 451                                &preferred_match,
 452                                wait_for_username,
 453                                OtherPossibleUsernamesEnabled(),
 454                                &fill_data);
 455       delegate_->FillPasswordForm(fill_data);
 456       break;
 457     }
 458     default:
 459       FOR_EACH_OBSERVER(
 460           LoginModelObserver,
 461           observers_,
 462           OnAutofillDataAvailable(preferred_match.username_value,
 463                                   preferred_match.password_value));
 464       break;
 465   }
 466
 467   ManagePasswordsBubbleUIController* manage_passwords_bubble_ui_controller =
 468       ManagePasswordsBubbleUIController::FromWebContents(web_contents());
 469   if (manage_passwords_bubble_ui_controller &&
 470       CommandLine::ForCurrentProcess()->HasSwitch(
 471           switches::kEnableSavePasswordBubble)) {
 472     manage_passwords_bubble_ui_controller->OnPasswordAutofilled(best_matches);
 473   }
 474 }