1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "components/password_manager/core/browser/password_form_manager.h"
9 #include "base/metrics/histogram.h"
10 #include "base/metrics/user_metrics.h"
11 #include "base/strings/string_split.h"
12 #include "base/strings/string_util.h"
13 #include "base/strings/utf_string_conversions.h"
14 #include "components/autofill/core/browser/autofill_manager.h"
15 #include "components/autofill/core/browser/form_structure.h"
16 #include "components/autofill/core/browser/validation.h"
17 #include "components/autofill/core/common/password_form.h"
18 #include "components/password_manager/core/browser/password_manager.h"
19 #include "components/password_manager/core/browser/password_manager_client.h"
20 #include "components/password_manager/core/browser/password_manager_driver.h"
21 #include "components/password_manager/core/browser/password_store.h"
23 using autofill::FormStructure;
24 using autofill::PasswordForm;
25 using autofill::PasswordFormMap;
28 namespace password_manager {
32 enum PasswordGenerationSubmissionEvent {
33 // Generated password was submitted and saved.
36 // Generated password submission failed. These passwords aren't saved.
37 PASSWORD_SUBMISSION_FAILED,
39 // Generated password was not submitted before navigation. Currently these
40 // passwords are not saved.
41 PASSWORD_NOT_SUBMITTED,
43 // Generated password was overridden by a non-generated one. This generally
44 // signals that the user was unhappy with the generated password for some
48 // Number of enum entries, used for UMA histogram reporting macros.
49 SUBMISSION_EVENT_ENUM_COUNT
52 void LogPasswordGenerationSubmissionEvent(
53 PasswordGenerationSubmissionEvent event) {
54 UMA_HISTOGRAM_ENUMERATION("PasswordGeneration.SubmissionEvent",
55 event, SUBMISSION_EVENT_ENUM_COUNT);
58 PasswordForm CopyAndModifySSLValidity(const PasswordForm& orig,
60 PasswordForm result(orig);
61 result.ssl_valid = ssl_valid;
67 PasswordFormManager::PasswordFormManager(PasswordManager* password_manager,
68 PasswordManagerClient* client,
69 PasswordManagerDriver* driver,
70 const PasswordForm& observed_form,
72 : best_matches_deleter_(&best_matches_),
73 observed_form_(CopyAndModifySSLValidity(observed_form, ssl_valid)),
75 has_generated_password_(false),
76 password_manager_(password_manager),
77 preferred_match_(NULL),
78 state_(PRE_MATCHING_PHASE),
81 manager_action_(kManagerActionNone),
82 user_action_(kUserActionNone),
83 submit_result_(kSubmitResultNotSubmitted) {
84 if (observed_form_.origin.is_valid())
85 base::SplitString(observed_form_.origin.path(), '/', &form_path_tokens_);
88 PasswordFormManager::~PasswordFormManager() {
89 UMA_HISTOGRAM_ENUMERATION(
90 "PasswordManager.ActionsTakenV3", GetActionsTaken(), kMaxNumActionsTaken);
91 if (has_generated_password_ && submit_result_ == kSubmitResultNotSubmitted)
92 LogPasswordGenerationSubmissionEvent(PASSWORD_NOT_SUBMITTED);
95 int PasswordFormManager::GetActionsTaken() {
96 return user_action_ + kUserActionMax * (manager_action_ +
97 kManagerActionMax * submit_result_);
100 // TODO(timsteele): use a hash of some sort in the future?
101 PasswordFormManager::MatchResultMask PasswordFormManager::DoesManage(
102 const PasswordForm& form) const {
103 // Non-HTML form case.
104 if (observed_form_.scheme != PasswordForm::SCHEME_HTML ||
105 form.scheme != PasswordForm::SCHEME_HTML) {
106 const bool forms_match = observed_form_.signon_realm == form.signon_realm &&
107 observed_form_.scheme == form.scheme;
108 return forms_match ? RESULT_COMPLETE_MATCH : RESULT_NO_MATCH;
112 MatchResultMask result = RESULT_NO_MATCH;
114 // Easiest case of matching origins.
115 bool origins_match = form.origin == observed_form_.origin;
116 // If this is a replay of the same form in the case a user entered an invalid
117 // password, the origin of the new form may equal the action of the "first"
119 origins_match = origins_match || (form.origin == observed_form_.action);
120 // Otherwise, if action hosts are the same, the old URL scheme is HTTP while
121 // the new one is HTTPS, and the new path equals to or extends the old path,
122 // we also consider the actions a match. This is to accommodate cases where
123 // the original login form is on an HTTP page, but a failed login attempt
124 // redirects to HTTPS (as in http://example.org -> https://example.org/auth).
125 if (!origins_match && !observed_form_.origin.SchemeIsSecure() &&
126 form.origin.SchemeIsSecure()) {
127 const std::string& old_path = observed_form_.origin.path();
128 const std::string& new_path = form.origin.path();
130 observed_form_.origin.host() == form.origin.host() &&
131 observed_form_.origin.port() == form.origin.port() &&
132 StartsWithASCII(new_path, old_path, /*case_sensitive=*/true);
135 if (form.username_element == observed_form_.username_element &&
136 form.password_element == observed_form_.password_element &&
138 result |= RESULT_MANDATORY_ATTRIBUTES_MATCH;
141 // Note: although saved password forms might actually have an empty action
142 // URL if they were imported (see bug 1107719), the |form| we see here comes
143 // never from the password store, and should have an exactly matching action.
144 if (form.action == observed_form_.action)
145 result |= RESULT_ACTION_MATCH;
150 bool PasswordFormManager::IsBlacklisted() {
151 DCHECK_EQ(state_, POST_MATCHING_PHASE);
152 if (preferred_match_ && preferred_match_->blacklisted_by_user)
157 void PasswordFormManager::PermanentlyBlacklist() {
158 DCHECK_EQ(state_, POST_MATCHING_PHASE);
160 // Configure the form about to be saved for blacklist status.
161 pending_credentials_.preferred = true;
162 pending_credentials_.blacklisted_by_user = true;
163 pending_credentials_.username_value.clear();
164 pending_credentials_.password_value.clear();
166 // Retroactively forget existing matches for this form, so we NEVER prompt or
167 // autofill it again.
168 int num_passwords_deleted = 0;
169 if (!best_matches_.empty()) {
170 PasswordFormMap::const_iterator iter;
171 PasswordStore* password_store = client_->GetPasswordStore();
172 if (!password_store) {
176 for (iter = best_matches_.begin(); iter != best_matches_.end(); ++iter) {
177 // We want to remove existing matches for this form so that the exact
178 // origin match with |blackisted_by_user == true| is the only result that
179 // shows up in the future for this origin URL. However, we don't want to
180 // delete logins that were actually saved on a different page (hence with
181 // different origin URL) and just happened to match this form because of
182 // the scoring algorithm. See bug 1204493.
183 if (iter->second->origin == observed_form_.origin) {
184 password_store->RemoveLogin(*iter->second);
185 ++num_passwords_deleted;
190 UMA_HISTOGRAM_COUNTS("PasswordManager.NumPasswordsDeletedWhenBlacklisting",
191 num_passwords_deleted);
193 // Save the pending_credentials_ entry marked as blacklisted.
194 SaveAsNewLogin(false);
197 void PasswordFormManager::SetUseAdditionalPasswordAuthentication(
198 bool use_additional_authentication) {
199 pending_credentials_.use_additional_authentication =
200 use_additional_authentication;
203 bool PasswordFormManager::IsNewLogin() {
204 DCHECK_EQ(state_, POST_MATCHING_PHASE);
205 return is_new_login_;
208 bool PasswordFormManager::IsPendingCredentialsPublicSuffixMatch() {
209 return pending_credentials_.IsPublicSuffixMatch();
212 void PasswordFormManager::SetHasGeneratedPassword() {
213 has_generated_password_ = true;
216 bool PasswordFormManager::HasGeneratedPassword() {
217 // This check is permissive, as the user may have generated a password and
218 // then edited it in the form itself. However, even in this case the user
219 // has already given consent, so we treat these cases the same.
220 return has_generated_password_;
223 bool PasswordFormManager::HasValidPasswordForm() {
224 DCHECK_EQ(state_, POST_MATCHING_PHASE);
225 // Non-HTML password forms (primarily HTTP and FTP autentication)
226 // do not contain username_element and password_element values.
227 if (observed_form_.scheme != PasswordForm::SCHEME_HTML)
229 return !observed_form_.username_element.empty() &&
230 (!observed_form_.password_element.empty() ||
231 !observed_form_.new_password_element.empty());
234 void PasswordFormManager::ProvisionallySave(
235 const PasswordForm& credentials,
236 OtherPossibleUsernamesAction action) {
237 DCHECK_EQ(state_, POST_MATCHING_PHASE);
238 DCHECK_NE(RESULT_NO_MATCH, DoesManage(credentials));
240 // If this was a sign-up or change password form, we want to persist the new
241 // password; if this was a login form, then the current password (which might
242 // still be "new" in the sense that we see these credentials for the first
243 // time, or that the user manually entered his actual password to overwrite an
244 // obsolete password we had in the store).
245 base::string16 password_to_save(credentials.new_password_element.empty() ?
246 credentials.password_value : credentials.new_password_value);
248 // Make sure the important fields stay the same as the initially observed or
249 // autofilled ones, as they may have changed if the user experienced a login
251 // Look for these credentials in the list containing auto-fill entries.
252 PasswordFormMap::const_iterator it =
253 best_matches_.find(credentials.username_value);
254 if (it != best_matches_.end()) {
255 // The user signed in with a login we autofilled.
256 pending_credentials_ = *it->second;
257 bool password_changed =
258 pending_credentials_.password_value != password_to_save;
259 if (IsPendingCredentialsPublicSuffixMatch()) {
260 // If the autofilled credentials were only a PSL match, store a copy with
261 // the current origin and signon realm. This ensures that on the next
262 // visit, a precise match is found.
263 is_new_login_ = true;
264 user_action_ = password_changed ? kUserActionChoosePslMatch
265 : kUserActionOverridePassword;
266 // Normally, the copy of the PSL matched credentials, adapted for the
267 // current domain, is saved automatically without asking the user, because
268 // the copy likely represents the same account, i.e., the one for which
269 // the user already agreed to store a password.
271 // However, if the user changes the suggested password, it might indicate
272 // that the autofilled credentials and |credentials| actually correspond
273 // to two different accounts (see http://crbug.com/385619). In that case
274 // the user should be asked again before saving the password. This is
275 // ensured by clearing |original_signon_realm| on |pending_credentials_|,
276 // which unmarks it as a PSL match.
278 // There is still the edge case when the autofilled credentials represent
279 // the same account as |credentials| but the stored password was out of
280 // date. In that case, the user just had to manually enter the new
281 // password, which is now in |credentials|. The best thing would be to
282 // save automatically, and also update the original credentials. However,
283 // we have no way to tell if this is the case. This will likely happen
284 // infrequently, and the inconvenience put on the user by asking them is
285 // not significant, so we are fine with asking here again.
286 if (password_changed) {
287 pending_credentials_.original_signon_realm.clear();
288 DCHECK(!IsPendingCredentialsPublicSuffixMatch());
290 } else { // Not a PSL match.
291 is_new_login_ = false;
292 if (password_changed)
293 user_action_ = kUserActionOverridePassword;
295 } else if (action == ALLOW_OTHER_POSSIBLE_USERNAMES &&
296 UpdatePendingCredentialsIfOtherPossibleUsername(
297 credentials.username_value)) {
298 // |pending_credentials_| is now set. Note we don't update
299 // |pending_credentials_.username_value| to |credentials.username_value|
300 // yet because we need to keep the original username to modify the stored
302 selected_username_ = credentials.username_value;
303 is_new_login_ = false;
305 // User typed in a new, unknown username.
306 user_action_ = kUserActionOverrideUsernameAndPassword;
307 pending_credentials_ = observed_form_;
308 pending_credentials_.username_value = credentials.username_value;
309 pending_credentials_.other_possible_usernames =
310 credentials.other_possible_usernames;
312 // The password value will be filled in later, remove any garbage for now.
313 pending_credentials_.password_value.clear();
314 pending_credentials_.new_password_value.clear();
316 // If this was a sign-up or change password form, the names of the elements
317 // are likely different than those on a login form, so do not bother saving
318 // them. We will fill them with meaningful values in UpdateLogin() when the
319 // user goes onto a real login form for the first time.
320 if (!credentials.new_password_element.empty()) {
321 pending_credentials_.password_element.clear();
322 pending_credentials_.new_password_element.clear();
326 pending_credentials_.action = credentials.action;
327 // If the user selected credentials we autofilled from a PasswordForm
328 // that contained no action URL (IE6/7 imported passwords, for example),
329 // bless it with the action URL from the observed form. See bug 1107719.
330 if (pending_credentials_.action.is_empty())
331 pending_credentials_.action = observed_form_.action;
333 pending_credentials_.password_value = password_to_save;
334 pending_credentials_.preferred = credentials.preferred;
336 if (user_action_ == kUserActionOverridePassword &&
337 pending_credentials_.type == PasswordForm::TYPE_GENERATED &&
338 !has_generated_password_) {
339 LogPasswordGenerationSubmissionEvent(PASSWORD_OVERRIDDEN);
342 if (has_generated_password_)
343 pending_credentials_.type = PasswordForm::TYPE_GENERATED;
346 void PasswordFormManager::Save() {
347 DCHECK_EQ(state_, POST_MATCHING_PHASE);
348 DCHECK(!driver_->IsOffTheRecord());
351 SaveAsNewLogin(true);
356 void PasswordFormManager::FetchMatchingLoginsFromPasswordStore(
357 PasswordStore::AuthorizationPromptPolicy prompt_policy) {
358 DCHECK_EQ(state_, PRE_MATCHING_PHASE);
359 state_ = MATCHING_PHASE;
360 PasswordStore* password_store = client_->GetPasswordStore();
361 if (!password_store) {
365 password_store->GetLogins(observed_form_, prompt_policy, this);
368 bool PasswordFormManager::HasCompletedMatching() {
369 return state_ == POST_MATCHING_PHASE;
372 void PasswordFormManager::OnRequestDone(
373 const std::vector<PasswordForm*>& logins_result) {
374 // Note that the result gets deleted after this call completes, but we own
375 // the PasswordForm objects pointed to by the result vector, thus we keep
376 // copies to a minimum here.
379 // These credentials will be in the final result regardless of score.
380 std::vector<PasswordForm> credentials_to_keep;
381 for (size_t i = 0; i < logins_result.size(); i++) {
382 if (ShouldIgnoreResult(*logins_result[i])) {
383 delete logins_result[i];
386 // Score and update best matches.
387 int current_score = ScoreResult(*logins_result[i]);
388 // This check is here so we can append empty path matches in the event
389 // they don't score as high as others and aren't added to best_matches_.
390 // This is most commonly imported firefox logins. We skip blacklisted
391 // ones because clearly we don't want to autofill them, and secondly
392 // because they only mean something when we have no other matches already
393 // saved in Chrome - in which case they'll make it through the regular
394 // scoring flow below by design. Note signon_realm == origin implies empty
395 // path logins_result, since signon_realm is a prefix of origin for HTML
397 // TODO(timsteele): Bug 1269400. We probably should do something more
398 // elegant for any shorter-path match instead of explicitly handling empty
400 if ((observed_form_.scheme == PasswordForm::SCHEME_HTML) &&
401 (observed_form_.signon_realm == logins_result[i]->origin.spec()) &&
402 (current_score > 0) && (!logins_result[i]->blacklisted_by_user)) {
403 credentials_to_keep.push_back(*logins_result[i]);
406 // Always keep generated passwords as part of the result set. If a user
407 // generates a password on a signup form, it should show on a login form
408 // even if they have a previous login saved.
409 // TODO(gcasto): We don't want to cut credentials that were saved on signup
410 // forms even if they weren't generated, but currently it's hard to
411 // distinguish between those forms and two different login forms on the
412 // same domain. Filed http://crbug.com/294468 to look into this.
413 if (logins_result[i]->type == PasswordForm::TYPE_GENERATED)
414 credentials_to_keep.push_back(*logins_result[i]);
416 if (current_score < best_score) {
417 delete logins_result[i];
420 if (current_score == best_score) {
421 PasswordForm* old_form = best_matches_[logins_result[i]->username_value];
423 if (preferred_match_ == old_form)
424 preferred_match_ = NULL;
427 best_matches_[logins_result[i]->username_value] = logins_result[i];
428 } else if (current_score > best_score) {
429 best_score = current_score;
430 // This new login has a better score than all those up to this point
431 // Note 'this' owns all the PasswordForms in best_matches_.
432 STLDeleteValues(&best_matches_);
433 preferred_match_ = NULL; // Don't delete, its owned by best_matches_.
434 best_matches_[logins_result[i]->username_value] = logins_result[i];
436 preferred_match_ = logins_result[i]->preferred ? logins_result[i]
439 // We're done matching now.
440 state_ = POST_MATCHING_PHASE;
442 client_->AutofillResultsComputed();
444 if (best_score <= 0) {
448 for (std::vector<PasswordForm>::const_iterator it =
449 credentials_to_keep.begin();
450 it != credentials_to_keep.end(); ++it) {
451 // If we don't already have a result with the same username, add the
452 // lower-scored match (if it had equal score it would already be in
454 if (best_matches_.find(it->username_value) == best_matches_.end())
455 best_matches_[it->username_value] = new PasswordForm(*it);
458 UMA_HISTOGRAM_COUNTS("PasswordManager.NumPasswordsNotShown",
459 logins_result.size() - best_matches_.size());
461 // It is possible we have at least one match but have no preferred_match_,
462 // because a user may have chosen to 'Forget' the preferred match. So we
463 // just pick the first one and whichever the user selects for submit will
464 // be saved as preferred.
465 DCHECK(!best_matches_.empty());
466 if (!preferred_match_)
467 preferred_match_ = best_matches_.begin()->second;
469 // Check to see if the user told us to ignore this site in the past.
470 if (preferred_match_->blacklisted_by_user) {
471 client_->PasswordAutofillWasBlocked(best_matches_);
472 manager_action_ = kManagerActionBlacklisted;
476 // If not blacklisted, inform the driver that password generation is allowed
477 // for |observed_form_|.
478 driver_->AllowPasswordGenerationForForm(observed_form_);
480 // Proceed to autofill.
481 // Note that we provide the choices but don't actually prefill a value if:
482 // (1) we are in Incognito mode, (2) the ACTION paths don't match,
483 // or (3) if it matched using public suffix domain matching.
484 bool wait_for_username =
485 driver_->IsOffTheRecord() ||
486 observed_form_.action.GetWithEmptyPath() !=
487 preferred_match_->action.GetWithEmptyPath() ||
488 preferred_match_->IsPublicSuffixMatch();
489 if (wait_for_username)
490 manager_action_ = kManagerActionNone;
492 manager_action_ = kManagerActionAutofilled;
493 password_manager_->Autofill(observed_form_, best_matches_,
494 *preferred_match_, wait_for_username);
497 void PasswordFormManager::OnGetPasswordStoreResults(
498 const std::vector<autofill::PasswordForm*>& results) {
499 DCHECK_EQ(state_, MATCHING_PHASE);
501 if (results.empty()) {
502 state_ = POST_MATCHING_PHASE;
503 // No result means that we visit this site the first time so we don't need
504 // to check whether this site is blacklisted or not. Just send a message
505 // to allow password generation.
506 driver_->AllowPasswordGenerationForForm(observed_form_);
509 OnRequestDone(results);
512 bool PasswordFormManager::ShouldIgnoreResult(const PasswordForm& form) const {
513 // Do not autofill on sign-up or change password forms (until we have some
514 // working change password functionality).
515 if (!observed_form_.new_password_element.empty())
517 // Don't match an invalid SSL form with one saved under secure circumstances.
518 if (form.ssl_valid && !observed_form_.ssl_valid)
521 if (client_->ShouldFilterAutofillResult(form))
527 void PasswordFormManager::SaveAsNewLogin(bool reset_preferred_login) {
528 DCHECK_EQ(state_, POST_MATCHING_PHASE);
529 DCHECK(IsNewLogin());
530 // The new_form is being used to sign in, so it is preferred.
531 DCHECK(pending_credentials_.preferred);
532 // new_form contains the same basic data as observed_form_ (because its the
533 // same form), but with the newly added credentials.
535 DCHECK(!driver_->IsOffTheRecord());
537 PasswordStore* password_store = client_->GetPasswordStore();
538 if (!password_store) {
543 // Upload credentials the first time they are saved. This data is used
544 // by password generation to help determine account creation sites.
545 // Blacklisted credentials will never be used, so don't upload a vote for
547 if (!pending_credentials_.blacklisted_by_user)
548 UploadPasswordForm(pending_credentials_.form_data, autofill::PASSWORD);
550 pending_credentials_.date_created = Time::Now();
551 SanitizePossibleUsernames(&pending_credentials_);
552 password_store->AddLogin(pending_credentials_);
554 if (reset_preferred_login) {
555 UpdatePreferredLoginState(password_store);
559 void PasswordFormManager::SanitizePossibleUsernames(PasswordForm* form) {
560 // Remove any possible usernames that could be credit cards or SSN for privacy
561 // reasons. Also remove duplicates, both in other_possible_usernames and
562 // between other_possible_usernames and username_value.
563 std::set<base::string16> set;
564 for (std::vector<base::string16>::iterator it =
565 form->other_possible_usernames.begin();
566 it != form->other_possible_usernames.end(); ++it) {
567 if (!autofill::IsValidCreditCardNumber(*it) && !autofill::IsSSN(*it))
570 set.erase(form->username_value);
571 std::vector<base::string16> temp(set.begin(), set.end());
572 form->other_possible_usernames.swap(temp);
575 void PasswordFormManager::UpdatePreferredLoginState(
576 PasswordStore* password_store) {
577 DCHECK(password_store);
578 PasswordFormMap::iterator iter;
579 for (iter = best_matches_.begin(); iter != best_matches_.end(); iter++) {
580 if (iter->second->username_value != pending_credentials_.username_value &&
581 iter->second->preferred) {
582 // This wasn't the selected login but it used to be preferred.
583 iter->second->preferred = false;
584 if (user_action_ == kUserActionNone)
585 user_action_ = kUserActionChoose;
586 password_store->UpdateLogin(*iter->second);
591 void PasswordFormManager::UpdateLogin() {
592 DCHECK_EQ(state_, POST_MATCHING_PHASE);
593 DCHECK(preferred_match_);
594 // If we're doing an Update, we either autofilled correctly and need to
595 // update the stats, or the user typed in a new password for autofilled
596 // username, or the user selected one of the non-preferred matches,
597 // thus requiring a swap of preferred bits.
598 DCHECK(!IsNewLogin() && pending_credentials_.preferred);
599 DCHECK(!driver_->IsOffTheRecord());
601 PasswordStore* password_store = client_->GetPasswordStore();
602 if (!password_store) {
608 ++pending_credentials_.times_used;
610 if (client_->IsSyncAccountCredential(
611 base::UTF16ToUTF8(pending_credentials_.username_value),
612 pending_credentials_.signon_realm)) {
614 base::UserMetricsAction("PasswordManager_SyncCredentialUsed"));
617 // Check to see if this form is a candidate for password generation.
618 CheckForAccountCreationForm(pending_credentials_, observed_form_);
620 UpdatePreferredLoginState(password_store);
622 // Remove alternate usernames. At this point we assume that we have found
623 // the right username.
624 pending_credentials_.other_possible_usernames.clear();
626 // Update the new preferred login.
627 if (!selected_username_.empty()) {
628 // An other possible username is selected. We set this selected username
629 // as the real username. The PasswordStore API isn't designed to update
630 // username, so we delete the old credentials and add a new one instead.
631 password_store->RemoveLogin(pending_credentials_);
632 pending_credentials_.username_value = selected_username_;
633 password_store->AddLogin(pending_credentials_);
634 } else if ((observed_form_.scheme == PasswordForm::SCHEME_HTML) &&
635 (observed_form_.origin.spec().length() >
636 observed_form_.signon_realm.length()) &&
637 (observed_form_.signon_realm ==
638 pending_credentials_.origin.spec())) {
639 // Note origin.spec().length > signon_realm.length implies the origin has a
640 // path, since signon_realm is a prefix of origin for HTML password forms.
642 // The user logged in successfully with one of our autofilled logins on a
643 // page with non-empty path, but the autofilled entry was initially saved/
644 // imported with an empty path. Rather than just mark this entry preferred,
645 // we create a more specific copy for this exact page and leave the "master"
646 // unchanged. This is to prevent the case where that master login is used
647 // on several sites (e.g site.com/a and site.com/b) but the user actually
648 // has a different preference on each site. For example, on /a, he wants the
649 // general empty-path login so it is flagged as preferred, but on /b he logs
650 // in with a different saved entry - we don't want to remove the preferred
651 // status of the former because upon return to /a it won't be the default-
653 // TODO(timsteele): Bug 1188626 - expire the master copies.
654 PasswordForm copy(pending_credentials_);
655 copy.origin = observed_form_.origin;
656 copy.action = observed_form_.action;
657 password_store->AddLogin(copy);
658 } else if (observed_form_.new_password_element.empty() &&
659 (pending_credentials_.password_element.empty() ||
660 pending_credentials_.username_element.empty() ||
661 pending_credentials_.submit_element.empty())) {
662 // If |observed_form_| was a sign-up or change password form, there is no
663 // point in trying to update element names: they are likely going to be
664 // different than those on a login form.
665 // Otherwise, given that |password_element| and |username_element| can't be
666 // updated because they are part of Sync and PasswordStore primary key, we
667 // must delete the old credentials altogether and then add the new ones.
668 password_store->RemoveLogin(pending_credentials_);
669 pending_credentials_.password_element = observed_form_.password_element;
670 pending_credentials_.username_element = observed_form_.username_element;
671 pending_credentials_.submit_element = observed_form_.submit_element;
672 password_store->AddLogin(pending_credentials_);
674 password_store->UpdateLogin(pending_credentials_);
678 bool PasswordFormManager::UpdatePendingCredentialsIfOtherPossibleUsername(
679 const base::string16& username) {
680 for (PasswordFormMap::const_iterator it = best_matches_.begin();
681 it != best_matches_.end(); ++it) {
682 for (size_t i = 0; i < it->second->other_possible_usernames.size(); ++i) {
683 if (it->second->other_possible_usernames[i] == username) {
684 pending_credentials_ = *it->second;
692 void PasswordFormManager::CheckForAccountCreationForm(
693 const PasswordForm& pending, const PasswordForm& observed) {
694 // We check to see if the saved form_data is the same as the observed
695 // form_data, which should never be true for passwords saved on account
696 // creation forms. This check is only made the first time a password is used
697 // to cut down on false positives. Specifically a site may have multiple login
698 // forms with different markup, which might look similar to a signup form.
699 if (pending.times_used == 1) {
700 FormStructure pending_structure(pending.form_data);
701 FormStructure observed_structure(observed.form_data);
702 // Ignore |pending_structure| if its FormData has no fields. This is to
703 // weed out those credentials that were saved before FormData was added
704 // to PasswordForm. Even without this check, these FormStructure's won't
705 // be uploaded, but it makes it hard to see if we are encountering
706 // unexpected errors.
707 if (!pending.form_data.fields.empty() &&
708 pending_structure.FormSignature() !=
709 observed_structure.FormSignature()) {
710 UploadPasswordForm(pending.form_data,
711 autofill::ACCOUNT_CREATION_PASSWORD);
716 void PasswordFormManager::UploadPasswordForm(
717 const autofill::FormData& form_data,
718 const autofill::ServerFieldType& password_type) {
719 autofill::AutofillManager* autofill_manager =
720 driver_->GetAutofillManager();
721 if (!autofill_manager)
724 // Note that this doesn't guarantee that the upload succeeded, only that
725 // |form_data| is considered uploadable.
727 autofill_manager->UploadPasswordForm(
728 form_data, autofill::ACCOUNT_CREATION_PASSWORD);
729 UMA_HISTOGRAM_BOOLEAN("PasswordGeneration.UploadStarted", success);
732 int PasswordFormManager::ScoreResult(const PasswordForm& candidate) const {
733 DCHECK_EQ(state_, MATCHING_PHASE);
734 // For scoring of candidate login data:
735 // The most important element that should match is the signon_realm followed
736 // by the origin, the action, the password name, the submit button name, and
737 // finally the username input field name.
738 // If public suffix origin match was not used, it gives an addition of
740 // Exact origin match gives an addition of 64 (1 << 6) + # of matching url
742 // Partial match gives an addition of 32 (1 << 5) + # matching url dirs
743 // That way, a partial match cannot trump an exact match even if
744 // the partial one matches all other attributes (action, elements) (and
745 // regardless of the matching depth in the URL path).
747 if (!candidate.IsPublicSuffixMatch()) {
750 if (candidate.origin == observed_form_.origin) {
751 // This check is here for the most common case which
752 // is we have a single match in the db for the given host,
753 // so we don't generally need to walk the entire URL path (the else
755 score += (1 << 6) + static_cast<int>(form_path_tokens_.size());
757 // Walk the origin URL paths one directory at a time to see how
758 // deep the two match.
759 std::vector<std::string> candidate_path_tokens;
760 base::SplitString(candidate.origin.path(), '/', &candidate_path_tokens);
762 size_t max_dirs = std::min(form_path_tokens_.size(),
763 candidate_path_tokens.size());
764 while ((depth < max_dirs) && (form_path_tokens_[depth] ==
765 candidate_path_tokens[depth])) {
769 // do we have a partial match?
770 score += (depth > 0) ? 1 << 5 : 0;
772 if (observed_form_.scheme == PasswordForm::SCHEME_HTML) {
773 if (candidate.action == observed_form_.action)
775 if (candidate.password_element == observed_form_.password_element)
777 if (candidate.submit_element == observed_form_.submit_element)
779 if (candidate.username_element == observed_form_.username_element)
786 void PasswordFormManager::SubmitPassed() {
787 submit_result_ = kSubmitResultPassed;
788 if (has_generated_password_)
789 LogPasswordGenerationSubmissionEvent(PASSWORD_SUBMITTED);
792 void PasswordFormManager::SubmitFailed() {
793 submit_result_ = kSubmitResultFailed;
794 if (has_generated_password_)
795 LogPasswordGenerationSubmissionEvent(PASSWORD_SUBMISSION_FAILED);
798 } // namespace password_manager