1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef COMPONENTS_AUTOFILL_CORE_COMMON_PASSWORD_FORM_H__
6 #define COMPONENTS_AUTOFILL_CORE_COMMON_PASSWORD_FORM_H__
12 #include "base/time/time.h"
13 #include "components/autofill/core/common/form_data.h"
18 // The PasswordForm struct encapsulates information about a login form,
19 // which can be an HTML form or a dialog with username/password text fields.
21 // The Web Data database stores saved username/passwords and associated form
22 // metdata using a PasswordForm struct, typically one that was created from
23 // a parsed HTMLFormElement or LoginDialog, but the saved entries could have
24 // also been created by imported data from another browser.
26 // The PasswordManager implements a fuzzy-matching algorithm to compare saved
27 // PasswordForm entries against PasswordForms that were created from a parsed
28 // HTML or dialog form. As one might expect, the more data contained in one
29 // of the saved PasswordForms, the better the job the PasswordManager can do
30 // in matching it against the actual form it was saved on, and autofill
31 // accurately. But it is not always possible, especially when importing from
32 // other browsers with different data models, to copy over all the information
33 // about a particular "saved password entry" to our PasswordForm
36 // The field descriptions in the struct specification below are intended to
37 // describe which fields are not strictly required when adding a saved password
38 // entry to the database and how they can affect the matching process.
41 // Enum to differentiate between HTML form based authentication, and dialogs
42 // using basic or digest schemes. Default is SCHEME_HTML. Only PasswordForms
43 // of the same Scheme will be matched/autofilled against each other.
51 // The "Realm" for the sign-on (scheme, host, port for SCHEME_HTML, and
52 // contains the HTTP realm for dialog-based forms).
53 // The signon_realm is effectively the primary key used for retrieving
54 // data from the database, so it must not be empty.
55 std::string signon_realm;
57 // The original "Realm" for the sign-on (scheme, host, port for SCHEME_HTML,
58 // and contains the HTTP realm for dialog-based forms). This realm is only set
59 // when two PasswordForms are matched when trying to find a login/pass pair
60 // for a site. It is only set to a non-empty value during a match of the
61 // original stored login/pass and the current observed form if all these
62 // statements are true:
63 // 1) The full signon_realm is not the same.
64 // 2) The registry controlled domain is the same. For example; example.com,
65 // m.example.com, foo.login.example.com and www.example.com would all resolve
66 // to example.com since .com is the public suffix.
67 // 3) The scheme is the same.
68 // 4) The port is the same.
69 // For example, if there exists a stored password for http://www.example.com
70 // (where .com is the public suffix) and the observed form is
71 // http://m.example.com, |original_signon_realm| must be set to
72 // http://www.example.com.
73 std::string original_signon_realm;
75 // The URL (minus query parameters) containing the form. This is the primary
76 // data used by the PasswordManager to decide (in longest matching prefix
77 // fashion) whether or not a given PasswordForm result from the database is a
78 // good fit for a particular form on a page, so it must not be empty.
81 // The action target of the form. This is the primary data used by the
82 // PasswordManager for form autofill; that is, the action of the saved
83 // credentials must match the action of the form on the page to be autofilled.
84 // If this is empty / not available, it will result in a "restricted"
85 // IE-like autofill policy, where we wait for the user to type in his
86 // username before autofilling the password. In these cases, after successful
87 // login the action URL will automatically be assigned by the
90 // When parsing an HTML form, this must always be set.
93 // The name of the submit button used. Optional; only used in scoring
94 // of PasswordForm results from the database to make matches as tight as
97 // When parsing an HTML form, this must always be set.
98 base::string16 submit_element;
100 // The name of the username input element. Optional (improves scoring).
102 // When parsing an HTML form, this must always be set.
103 base::string16 username_element;
105 // The username. Optional.
107 // When parsing an HTML form, this is typically empty unless the site
108 // has implemented some form of autofill.
109 base::string16 username_value;
111 // This member is populated in cases where we there are multiple input
112 // elements that could possibly be the username. Used when our heuristics for
113 // determining the username are incorrect. Optional.
115 // When parsing an HTML form, this is typically empty.
116 std::vector<base::string16> other_possible_usernames;
118 // The name of the password input element, Optional (improves scoring).
120 // When parsing an HTML form, this must always be set.
121 base::string16 password_element;
123 // The password. Required.
125 // When parsing an HTML form, this is typically empty.
126 base::string16 password_value;
128 // False if autocomplete is set to "off" for the password input element;
130 bool password_autocomplete_set;
132 // If the form was a change password form, the name of the
133 // 'old password' input element. Optional.
134 base::string16 old_password_element;
136 // The old password. Optional.
137 base::string16 old_password_value;
139 // Whether or not this login was saved under an HTTPS session with a valid
140 // SSL cert. We will never match or autofill a PasswordForm where
141 // ssl_valid == true with a PasswordForm where ssl_valid == false. This means
142 // passwords saved under HTTPS will never get autofilled onto an HTTP page.
143 // When importing, this should be set to true if the page URL is HTTPS, thus
144 // giving it "the benefit of the doubt" that the SSL cert was valid when it
145 // was saved. Default to false.
148 // True if this PasswordForm represents the last username/password login the
149 // user selected to log in to the site. If there is only one saved entry for
150 // the site, this will always be true, but when there are multiple entries
151 // the PasswordManager ensures that only one of them has a preferred bit set
152 // to true. Default to false.
154 // When parsing an HTML form, this is not used.
157 // When the login was saved (by chrome).
159 // When parsing an HTML form, this is not used.
160 base::Time date_created;
162 // Tracks if the user opted to never remember passwords for this form. Default
165 // When parsing an HTML form, this is not used.
166 bool blacklisted_by_user;
168 // Enum to differentiate between manually filled forms and forms with auto
169 // generated passwords.
173 TYPE_LAST = TYPE_GENERATED
176 // The form type. Not used yet. Please see http://crbug.com/152422
179 // The number of times that this username/password has been used to
180 // authenticate the user.
182 // When parsing an HTML form, this is not used.
185 // True if additional system level authentication should be used
186 // (if available) before using this password for autofill.
189 bool use_additional_authentication;
191 // Autofill representation of this form. Used to communicate with the
192 // Autofill servers if necessary. Currently this is only used to help
193 // determine forms where we can trigger password generation.
195 // When parsing an HTML form, this is normally set.
198 // Returns true if this match was found using public suffix matching.
199 bool IsPublicSuffixMatch() const;
201 // Equality operators for testing.
202 bool operator==(const PasswordForm& form) const;
203 bool operator!=(const PasswordForm& form) const;
209 // Map username to PasswordForm* for convenience. See password_form_manager.h.
210 typedef std::map<base::string16, PasswordForm*> PasswordFormMap;
213 std::ostream& operator<<(std::ostream& os,
214 const autofill::PasswordForm& form);
216 } // namespace autofill
218 #endif // COMPONENTS_AUTOFILL_CORE_COMMON_PASSWORD_FORM_H__