1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_FORM_MANAGER_H_
6 #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_FORM_MANAGER_H_
11 #include "build/build_config.h"
13 #include "base/stl_util.h"
14 #include "components/autofill/core/browser/field_types.h"
15 #include "components/autofill/core/common/password_form.h"
16 #include "components/password_manager/core/browser/password_manager_driver.h"
17 #include "components/password_manager/core/browser/password_store.h"
18 #include "components/password_manager/core/browser/password_store_consumer.h"
22 } // namespace content
24 namespace password_manager {
26 class PasswordManager;
27 class PasswordManagerClient;
29 // Per-password-form-{on-page, dialog} class responsible for interactions
30 // between a given form, the per-tab PasswordManager, and the PasswordStore.
31 class PasswordFormManager : public PasswordStoreConsumer {
33 // |password_manager| owns this object
34 // |form_on_page| is the form that may be submitted and could need login data.
35 // |ssl_valid| represents the security of the page containing observed_form,
36 // used to filter login results from database.
37 PasswordFormManager(PasswordManager* password_manager,
38 PasswordManagerClient* client,
39 PasswordManagerDriver* driver,
40 const autofill::PasswordForm& observed_form,
42 virtual ~PasswordFormManager();
44 // Flags describing the result of comparing two forms as performed by
45 // DoesMatch. Individual flags are only relevant for HTML forms, but
46 // RESULT_COMPLETE_MATCH will also be returned to indicate non-HTML forms
47 // completely matching.
48 enum MatchResultFlags {
50 RESULT_MANDATORY_ATTRIBUTES_MATCH = 1 << 0, // Bare minimum to be a match.
51 RESULT_ACTION_MATCH = 1 << 1, // Action URLs match too.
52 RESULT_COMPLETE_MATCH =
53 RESULT_MANDATORY_ATTRIBUTES_MATCH | RESULT_ACTION_MATCH
55 // Use MatchResultMask to contain combinations of MatchResultFlags values.
56 // It's a signed int rather than unsigned to avoid signed/unsigned mismatch
57 // caused by the enum values implicitly converting to signed int.
58 typedef int MatchResultMask;
60 enum OtherPossibleUsernamesAction {
61 ALLOW_OTHER_POSSIBLE_USERNAMES,
62 IGNORE_OTHER_POSSIBLE_USERNAMES
65 // Compares basic data of |observed_form_| with |form| and returns how much
66 // they match. The return value is a MatchResultMask bitmask.
67 MatchResultMask DoesManage(const autofill::PasswordForm& form) const;
69 // Retrieves potential matching logins from the database.
70 // |prompt_policy| indicates whether it's permissible to prompt the user to
71 // authorize access to locked passwords. This argument is only used on
72 // platforms that support prompting the user for access (such as Mac OS).
73 void FetchMatchingLoginsFromPasswordStore(
74 PasswordStore::AuthorizationPromptPolicy prompt_policy);
76 // Simple state-check to verify whether this object as received a callback
77 // from the PasswordStore and completed its matching phase. Note that the
78 // callback in question occurs on the same (and only) main thread from which
79 // instances of this class are ever used, but it is required since it is
80 // conceivable that a user (or ui test) could attempt to submit a login
81 // prompt before the callback has occured, which would InvokeLater a call to
82 // PasswordManager::ProvisionallySave, which would interact with this object
83 // before the db has had time to answer with matching password entries.
84 // This is intended to be a one-time check; if the return value is false the
85 // expectation is caller will give up. This clearly won't work if you put it
86 // in a loop and wait for matching to complete; you're (supposed to be) on
88 bool HasCompletedMatching();
90 // Determines if the user opted to 'never remember' passwords for this form.
93 // Used by PasswordManager to determine whether or not to display
94 // a SavePasswordBar when given the green light to save the PasswordForm
98 // Returns true if the current pending credentials were found using
99 // origin matching of the public suffix, instead of the signon realm of the
101 bool IsPendingCredentialsPublicSuffixMatch();
103 // Checks if the form is a valid password form. Forms which lack either
104 // login or password field are not considered valid.
105 bool HasValidPasswordForm();
107 // These functions are used to determine if this form has had it's password
108 // auto generated by the browser.
109 bool HasGeneratedPassword();
110 void SetHasGeneratedPassword();
112 // Determines if we need to autofill given the results of the query.
113 // Takes ownership of the elements in |result|.
114 void OnRequestDone(const std::vector<autofill::PasswordForm*>& result);
116 virtual void OnGetPasswordStoreResults(
117 const std::vector<autofill::PasswordForm*>& results) OVERRIDE;
119 // A user opted to 'never remember' passwords for this form.
120 // Blacklist it so that from now on when it is seen we ignore it.
121 // TODO: Make this private once we switch to the new UI.
122 void PermanentlyBlacklist();
124 // Sets whether the password form should use additional password
125 // authentication if available before being used for autofill.
126 void SetUseAdditionalPasswordAuthentication(
127 bool use_additional_authentication);
129 // If the user has submitted observed_form_, provisionally hold on to
130 // the submitted credentials until we are told by PasswordManager whether
131 // or not the login was successful. |action| describes how we deal with
132 // possible usernames. If |action| is ALLOW_OTHER_POSSIBLE_USERNAMES we will
133 // treat a possible usernames match as a sign that our original heuristics
134 // were wrong and that the user selected the correct username from the
136 void ProvisionallySave(const autofill::PasswordForm& credentials,
137 OtherPossibleUsernamesAction action);
139 // Handles save-as-new or update of the form managed by this manager.
140 // Note the basic data of updated_credentials must match that of
141 // observed_form_ (e.g DoesManage(pending_credentials_) == true).
142 // TODO: Make this private once we switch to the new UI.
145 // Call these if/when we know the form submission worked or failed.
146 // These routines are used to update internal statistics ("ActionsTaken").
150 // Returns the username associated with the credentials.
151 const base::string16& associated_username() const {
152 return pending_credentials_.username_value;
155 // Returns the pending credentials.
156 const autofill::PasswordForm& pending_credentials() const {
157 return pending_credentials_;
160 // Returns the best matches.
161 const autofill::PasswordFormMap& best_matches() const {
162 return best_matches_;
165 const autofill::PasswordForm* preferred_match() const {
166 return preferred_match_;
169 // Returns the realm URL for the form managed my this manager.
170 const std::string& realm() const {
171 return pending_credentials_.signon_realm;
175 friend class PasswordFormManagerTest;
177 // ManagerAction - What does the manager do with this form? Either it
178 // fills it, or it doesn't. If it doesn't fill it, that's either
179 // because it has no match, or it is blacklisted, or it is disabled
180 // via the AUTOCOMPLETE=off attribute. Note that if we don't have
181 // an exact match, we still provide candidates that the user may
184 kManagerActionNone = 0,
185 kManagerActionAutofilled,
186 kManagerActionBlacklisted,
190 // UserAction - What does the user do with this form? If he or she
191 // does nothing (either by accepting what the password manager did, or
192 // by simply (not typing anything at all), you get None. If there were
193 // multiple choices and the user selects one other than the default,
194 // you get Choose, if user selects an entry from matching against the Public
195 // Suffix List you get ChoosePslMatch, if the user types in a new value
196 // for just the password you get OverridePassword, and if the user types in a
197 // new value for the username and password you get
198 // OverrideUsernameAndPassword.
202 kUserActionChoosePslMatch,
203 kUserActionOverridePassword,
204 kUserActionOverrideUsernameAndPassword,
208 // Result - What happens to the form?
210 kSubmitResultNotSubmitted = 0,
216 // The maximum number of combinations of the three preceding enums.
217 // This is used when recording the actions taken by the form in UMA.
218 static const int kMaxNumActionsTaken = kManagerActionMax * kUserActionMax *
221 // Helper for OnGetPasswordStoreResults to determine whether or not
222 // the given result form is worth scoring.
223 bool ShouldIgnoreResult(const autofill::PasswordForm& form) const;
225 // Helper for Save in the case that best_matches.size() == 0, meaning
226 // we have no prior record of this form/username/password and the user
227 // has opted to 'Save Password'. If |reset_preferred_login| is set,
228 // the previously preferred login from |best_matches_| will be reset.
229 void SaveAsNewLogin(bool reset_preferred_login);
231 // Helper for OnGetPasswordStoreResults to score an individual result
232 // against the observed_form_.
233 int ScoreResult(const autofill::PasswordForm& form) const;
235 // Helper for Save in the case that best_matches.size() > 0, meaning
236 // we have at least one match for this form/username/password. This
237 // Updates the form managed by this object, as well as any matching forms
238 // that now need to have preferred bit changed, since updated_credentials
239 // is now implicitly 'preferred'.
242 // Check to see if |pending| corresponds to an account creation form. If we
243 // think that it does, we label it as such and upload this state to the
244 // Autofill server, so that we will trigger password generation in the future.
245 void CheckForAccountCreationForm(const autofill::PasswordForm& pending,
246 const autofill::PasswordForm& observed);
248 // Update all login matches to reflect new preferred state - preferred flag
249 // will be reset on all matched logins that different than the current
250 // |pending_credentials_|.
251 void UpdatePreferredLoginState(PasswordStore* password_store);
253 // Returns true if |username| is one of the other possible usernames for a
254 // password form in |best_matches_| and sets |pending_credentials_| to the
255 // match which had this username.
256 bool UpdatePendingCredentialsIfOtherPossibleUsername(
257 const base::string16& username);
259 // Converts the "ActionsTaken" fields into an int so they can be logged to
261 int GetActionsTaken();
263 // Remove possible_usernames that may contains sensitive information and
265 void SanitizePossibleUsernames(autofill::PasswordForm* form);
267 // Helper function to delegate uploading to the AutofillManager.
268 virtual void UploadPasswordForm(
269 const autofill::FormData& form_data,
270 const autofill::ServerFieldType& password_type);
272 // Set of PasswordForms from the DB that best match the form
273 // being managed by this. Use a map instead of vector, because we most
274 // frequently require lookups by username value in IsNewLogin.
275 autofill::PasswordFormMap best_matches_;
277 // Cleans up when best_matches_ goes out of scope.
278 STLValueDeleter<autofill::PasswordFormMap> best_matches_deleter_;
280 // The PasswordForm from the page or dialog managed by |this|.
281 const autofill::PasswordForm observed_form_;
283 // The origin url path of observed_form_ tokenized, for convenience when
285 std::vector<std::string> form_path_tokens_;
287 // Stores updated credentials when the form was submitted but success is
289 autofill::PasswordForm pending_credentials_;
291 // Whether pending_credentials_ stores a new login or is an update
292 // to an existing one.
295 // Whether this form has an auto generated password.
296 bool has_generated_password_;
298 // Set if the user has selected one of the other possible usernames in
299 // |pending_credentials_|.
300 base::string16 selected_username_;
302 // PasswordManager owning this.
303 const PasswordManager* const password_manager_;
305 // Convenience pointer to entry in best_matches_ that is marked
306 // as preferred. This is only allowed to be null if there are no best matches
307 // at all, since there will always be one preferred login when there are
308 // multiple matches (when first saved, a login is marked preferred).
309 const autofill::PasswordForm* preferred_match_;
312 PRE_MATCHING_PHASE, // Have not yet invoked a GetLogins query to find
313 // matching login information from password store.
314 MATCHING_PHASE, // We've made a GetLogins request, but
315 // haven't received or finished processing result.
316 POST_MATCHING_PHASE // We've queried the DB and processed matching
318 } PasswordFormManagerState;
320 // State of matching process, used to verify that we don't call methods
321 // assuming we've already processed the request for matching logins,
322 // when we actually haven't.
323 PasswordFormManagerState state_;
325 // The client which implements embedder-specific PasswordManager operations.
326 PasswordManagerClient* client_;
328 // The driver which implements platform-specific PasswordManager operations.
329 PasswordManagerDriver* driver_;
331 // These three fields record the "ActionsTaken" by the browser and
332 // the user with this form, and the result. They are combined and
333 // recorded in UMA when the manager is destroyed.
334 ManagerAction manager_action_;
335 UserAction user_action_;
336 SubmitResult submit_result_;
338 DISALLOW_COPY_AND_ASSIGN(PasswordFormManager);
341 } // namespace password_manager
343 #endif // COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_FORM_MANAGER_H_