1ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// Use of this source code is governed by a BSD-style license that can be 3c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// found in the LICENSE file. 4c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 5c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include "chrome/browser/password_manager/password_form_manager.h" 6c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 7c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include <algorithm> 8c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 9731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick#include "base/metrics/histogram.h" 103345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick#include "base/string_split.h" 11c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include "base/string_util.h" 12c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include "chrome/browser/password_manager/password_manager.h" 13ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen#include "chrome/browser/password_manager/password_store.h" 1421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#include "chrome/browser/profiles/profile.h" 15c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include "webkit/glue/password_form_dom_manager.h" 16c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 17c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochusing base::Time; 18c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochusing webkit_glue::PasswordForm; 19c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochusing webkit_glue::PasswordFormMap; 20c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 21c407dc5cd9bdc5668497f21b26b09d988ab439deBen MurdochPasswordFormManager::PasswordFormManager(Profile* profile, 22c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch PasswordManager* password_manager, 23c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch const PasswordForm& observed_form, 24c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch bool ssl_valid) 25c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch : best_matches_deleter_(&best_matches_), 26c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch observed_form_(observed_form), 27c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch is_new_login_(true), 28c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch password_manager_(password_manager), 29c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch pending_login_query_(0), 30c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch preferred_match_(NULL), 31c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch state_(PRE_MATCHING_PHASE), 32c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch profile_(profile), 33c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch manager_action_(kManagerActionNone), 34c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch user_action_(kUserActionNone), 35c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch submit_result_(kSubmitResultNotSubmitted) { 36c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK(profile_); 37c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (observed_form_.origin.is_valid()) 38731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick base::SplitString(observed_form_.origin.path(), '/', &form_path_tokens_); 39c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch observed_form_.ssl_valid = ssl_valid; 40c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 41c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 42c407dc5cd9bdc5668497f21b26b09d988ab439deBen MurdochPasswordFormManager::~PasswordFormManager() { 43c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch UMA_HISTOGRAM_ENUMERATION("PasswordManager.ActionsTaken", 44c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch GetActionsTaken(), 45c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch kMaxNumActionsTaken); 46c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 47c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 48c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochint PasswordFormManager::GetActionsTaken() { 49c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return user_action_ + kUserActionMax * (manager_action_ + 50c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch kManagerActionMax * submit_result_); 51c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch}; 52c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 53c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// TODO(timsteele): use a hash of some sort in the future? 54c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochbool PasswordFormManager::DoesManage(const PasswordForm& form) const { 55c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (form.scheme != PasswordForm::SCHEME_HTML) 56c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return observed_form_.signon_realm == form.signon_realm; 57c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 58c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // HTML form case. 59c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // At a minimum, username and password element must match. 60c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (!((form.username_element == observed_form_.username_element) && 61c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch (form.password_element == observed_form_.password_element))) { 62c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return false; 63c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 64c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 65c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // The action URL must also match, but the form is allowed to have an empty 66c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // action URL (See bug 1107719). 67c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (form.action.is_valid() && (form.action != observed_form_.action)) 68c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return false; 69c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 70c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // If this is a replay of the same form in the case a user entered an invalid 71c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // password, the origin of the new form may equal the action of the "first" 72c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // form. 73c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (!((form.origin == observed_form_.origin) || 74c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch (form.origin == observed_form_.action))) { 75c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (form.origin.SchemeIsSecure() && 76c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch !observed_form_.origin.SchemeIsSecure()) { 77c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Compare origins, ignoring scheme. There is no easy way to do this 78c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // with GURL because clearing the scheme would result in an invalid url. 79c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // This is for some sites (such as Hotmail) that begin on an http page and 80c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // head to https for the retry when password was invalid. 81c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch std::string::const_iterator after_scheme1 = form.origin.spec().begin() + 82c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch form.origin.scheme().length(); 83c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch std::string::const_iterator after_scheme2 = 84c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch observed_form_.origin.spec().begin() + 85c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch observed_form_.origin.scheme().length(); 86c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return std::search(after_scheme1, 87c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch form.origin.spec().end(), 88c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch after_scheme2, 89c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch observed_form_.origin.spec().end()) 90c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch != form.origin.spec().end(); 91c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 92c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return false; 93c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 94c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return true; 95c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 96c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 97c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochbool PasswordFormManager::IsBlacklisted() { 98c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK_EQ(state_, POST_MATCHING_PHASE); 99c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (preferred_match_ && preferred_match_->blacklisted_by_user) 100c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return true; 101c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return false; 102c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 103c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 104c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochvoid PasswordFormManager::PermanentlyBlacklist() { 105c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK_EQ(state_, POST_MATCHING_PHASE); 106c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 107c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Configure the form about to be saved for blacklist status. 108c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch pending_credentials_.preferred = true; 109c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch pending_credentials_.blacklisted_by_user = true; 110c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch pending_credentials_.username_value.clear(); 111c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch pending_credentials_.password_value.clear(); 112c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 113c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Retroactively forget existing matches for this form, so we NEVER prompt or 114c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // autofill it again. 115c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (!best_matches_.empty()) { 116c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch PasswordFormMap::const_iterator iter; 117c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch PasswordStore* password_store = 118c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch profile_->GetPasswordStore(Profile::EXPLICIT_ACCESS); 119c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (!password_store) { 120c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch NOTREACHED(); 121c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return; 122c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 123c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch for (iter = best_matches_.begin(); iter != best_matches_.end(); ++iter) { 124c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // We want to remove existing matches for this form so that the exact 125c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // origin match with |blackisted_by_user == true| is the only result that 126c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // shows up in the future for this origin URL. However, we don't want to 127c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // delete logins that were actually saved on a different page (hence with 128c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // different origin URL) and just happened to match this form because of 129c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // the scoring algorithm. See bug 1204493. 130c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (iter->second->origin == observed_form_.origin) 131c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch password_store->RemoveLogin(*iter->second); 132c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 133c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 134c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 135c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Save the pending_credentials_ entry marked as blacklisted. 136c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch SaveAsNewLogin(false); 137c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 138c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 139c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochbool PasswordFormManager::IsNewLogin() { 140c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK_EQ(state_, POST_MATCHING_PHASE); 141c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return is_new_login_; 142c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 143c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 144c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochbool PasswordFormManager::HasValidPasswordForm() { 145c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK_EQ(state_, POST_MATCHING_PHASE); 1463345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick // Non-HTML password forms (primarily HTTP and FTP autentication) 1473345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick // do not contain username_element and password_element values. 1483345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick if (observed_form_.scheme != PasswordForm::SCHEME_HTML) 1493345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick return true; 150c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return !observed_form_.username_element.empty() && 151c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch !observed_form_.password_element.empty(); 152c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 153c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 154c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochvoid PasswordFormManager::ProvisionallySave(const PasswordForm& credentials) { 155c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK_EQ(state_, POST_MATCHING_PHASE); 156c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK(DoesManage(credentials)); 157c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 158c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Make sure the important fields stay the same as the initially observed or 159c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // autofilled ones, as they may have changed if the user experienced a login 160c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // failure. 161c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Look for these credentials in the list containing auto-fill entries. 162c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch PasswordFormMap::const_iterator it = 163c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch best_matches_.find(credentials.username_value); 164c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (it != best_matches_.end()) { 165c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // The user signed in with a login we autofilled. 166c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch pending_credentials_ = *it->second; 167c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch is_new_login_ = false; 168c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // If the user selected credentials we autofilled from a PasswordForm 169c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // that contained no action URL (IE6/7 imported passwords, for example), 170c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // bless it with the action URL from the observed form. See bug 1107719. 171c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (pending_credentials_.action.is_empty()) 172c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch pending_credentials_.action = observed_form_.action; 173c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 174c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Check to see if we're using a known username but a new password. 175c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (pending_credentials_.password_value != credentials.password_value) 176c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch user_action_ = kUserActionOverride; 177c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } else { 178c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // User typed in a new, unknown username. 179c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch user_action_ = kUserActionOverride; 180c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch pending_credentials_ = observed_form_; 181c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch pending_credentials_.username_value = credentials.username_value; 182c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 183c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 184c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch pending_credentials_.password_value = credentials.password_value; 185c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch pending_credentials_.preferred = credentials.preferred; 186c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 187c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 188c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochvoid PasswordFormManager::Save() { 189c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK_EQ(state_, POST_MATCHING_PHASE); 190c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK(!profile_->IsOffTheRecord()); 191c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 192c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (IsNewLogin()) 193c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch SaveAsNewLogin(true); 194c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch else 195c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch UpdateLogin(); 196c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 197c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 198c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochvoid PasswordFormManager::FetchMatchingLoginsFromPasswordStore() { 199c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK_EQ(state_, PRE_MATCHING_PHASE); 200c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK(!pending_login_query_); 201c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch state_ = MATCHING_PHASE; 202c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch PasswordStore* password_store = 203c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch profile_->GetPasswordStore(Profile::EXPLICIT_ACCESS); 204c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (!password_store) { 205c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch NOTREACHED(); 206c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return; 207c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 208c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch pending_login_query_ = password_store->GetLogins(observed_form_, this); 209c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 210c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 211c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochbool PasswordFormManager::HasCompletedMatching() { 212c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return state_ == POST_MATCHING_PHASE; 213c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 214c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 215c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochvoid PasswordFormManager::OnRequestDone(int handle, 216c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch const std::vector<PasswordForm*>& logins_result) { 217c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Note that the result gets deleted after this call completes, but we own 218c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // the PasswordForm objects pointed to by the result vector, thus we keep 219c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // copies to a minimum here. 220c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 221c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch int best_score = 0; 222c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch std::vector<PasswordForm> empties; // Empty-path matches in result set. 223c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch for (size_t i = 0; i < logins_result.size(); i++) { 224c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (IgnoreResult(*logins_result[i])) { 225c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch delete logins_result[i]; 226c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch continue; 227c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 228c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Score and update best matches. 229c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch int current_score = ScoreResult(*logins_result[i]); 230c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // This check is here so we can append empty path matches in the event 231c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // they don't score as high as others and aren't added to best_matches_. 232c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // This is most commonly imported firefox logins. We skip blacklisted 233c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // ones because clearly we don't want to autofill them, and secondly 234c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // because they only mean something when we have no other matches already 235c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // saved in Chrome - in which case they'll make it through the regular 236c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // scoring flow below by design. Note signon_realm == origin implies empty 237c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // path logins_result, since signon_realm is a prefix of origin for HTML 238c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // password forms. 239c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // TODO(timsteele): Bug 1269400. We probably should do something more 240c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // elegant for any shorter-path match instead of explicitly handling empty 241c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // path matches. 242c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if ((observed_form_.scheme == PasswordForm::SCHEME_HTML) && 243c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch (observed_form_.signon_realm == logins_result[i]->origin.spec()) && 244c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch (current_score > 0) && (!logins_result[i]->blacklisted_by_user)) { 245c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch empties.push_back(*logins_result[i]); 246c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 247c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 248c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (current_score < best_score) { 249c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch delete logins_result[i]; 250c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch continue; 251c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 252c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (current_score == best_score) { 253c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch best_matches_[logins_result[i]->username_value] = logins_result[i]; 254c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } else if (current_score > best_score) { 255c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch best_score = current_score; 256c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // This new login has a better score than all those up to this point 257c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Note 'this' owns all the PasswordForms in best_matches_. 258c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch STLDeleteValues(&best_matches_); 259c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch best_matches_.clear(); 260c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch preferred_match_ = NULL; // Don't delete, its owned by best_matches_. 261c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch best_matches_[logins_result[i]->username_value] = logins_result[i]; 262c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 263c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch preferred_match_ = logins_result[i]->preferred ? logins_result[i] 264c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch : preferred_match_; 265c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 266c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // We're done matching now. 267c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch state_ = POST_MATCHING_PHASE; 268c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 269c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (best_score <= 0) { 270c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return; 271c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 272c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 273c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch for (std::vector<PasswordForm>::const_iterator it = empties.begin(); 274c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch it != empties.end(); ++it) { 275c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // If we don't already have a result with the same username, add the 276c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // lower-scored empty-path match (if it had equal score it would already be 277c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // in best_matches_). 278c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (best_matches_.find(it->username_value) == best_matches_.end()) 279c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch best_matches_[it->username_value] = new PasswordForm(*it); 280c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 281c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 282c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // It is possible we have at least one match but have no preferred_match_, 283c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // because a user may have chosen to 'Forget' the preferred match. So we 284c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // just pick the first one and whichever the user selects for submit will 285c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // be saved as preferred. 286c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK(!best_matches_.empty()); 287c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (!preferred_match_) 288c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch preferred_match_ = best_matches_.begin()->second; 289c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 290c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Check to see if the user told us to ignore this site in the past. 291c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (preferred_match_->blacklisted_by_user) { 292c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch manager_action_ = kManagerActionBlacklisted; 293c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return; 294c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 295c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 296c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Proceed to autofill (note that we provide the choices but don't 297c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // actually prefill a value if the ACTION paths don't match). 298c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch bool wait_for_username = observed_form_.action.GetWithEmptyPath() != 299c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch preferred_match_->action.GetWithEmptyPath(); 300c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (wait_for_username) 301c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch manager_action_ = kManagerActionNone; 302c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch else 303ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen manager_action_ = kManagerActionAutofilled; 304c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch password_manager_->Autofill(observed_form_, best_matches_, 305c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch preferred_match_, wait_for_username); 306c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 307c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 308c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochvoid PasswordFormManager::OnPasswordStoreRequestDone( 309ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen CancelableRequestProvider::Handle handle, 310ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen const std::vector<PasswordForm*>& result) { 311c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK_EQ(state_, MATCHING_PHASE); 312c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK_EQ(pending_login_query_, handle); 313c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 314c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (result.empty()) { 315c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch state_ = POST_MATCHING_PHASE; 316c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return; 317c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 318c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 319c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch OnRequestDone(handle, result); 320ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen pending_login_query_ = 0; 321c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 322c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 323c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochbool PasswordFormManager::IgnoreResult(const PasswordForm& form) const { 324c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Ignore change password forms until we have some change password 325c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // functionality 326c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (observed_form_.old_password_element.length() != 0) { 327c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return true; 328c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 329c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Don't match an invalid SSL form with one saved under secure 330c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // circumstances. 331c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (form.ssl_valid && !observed_form_.ssl_valid) { 332c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return true; 333c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 334c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return false; 335c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 336c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 337c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochvoid PasswordFormManager::SaveAsNewLogin(bool reset_preferred_login) { 338c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK_EQ(state_, POST_MATCHING_PHASE); 339c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK(IsNewLogin()); 340c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // The new_form is being used to sign in, so it is preferred. 341c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK(pending_credentials_.preferred); 342c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // new_form contains the same basic data as observed_form_ (because its the 343c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // same form), but with the newly added credentials. 344c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 345c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK(!profile_->IsOffTheRecord()); 346c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 347c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch PasswordStore* password_store = 348c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch profile_->GetPasswordStore(Profile::IMPLICIT_ACCESS); 349c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (!password_store) { 350c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch NOTREACHED(); 351c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return; 352c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 353c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 354c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch pending_credentials_.date_created = Time::Now(); 355c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch password_store->AddLogin(pending_credentials_); 356c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 357c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (reset_preferred_login) { 358c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch UpdatePreferredLoginState(password_store); 359c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 360c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 361c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 362c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochvoid PasswordFormManager::UpdatePreferredLoginState( 363c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch PasswordStore* password_store) { 364c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK(password_store); 365c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch PasswordFormMap::iterator iter; 366c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch for (iter = best_matches_.begin(); iter != best_matches_.end(); iter++) { 367c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (iter->second->username_value != pending_credentials_.username_value && 368c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch iter->second->preferred) { 369c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // This wasn't the selected login but it used to be preferred. 370c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch iter->second->preferred = false; 371c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (user_action_ == kUserActionNone) 372c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch user_action_ = kUserActionChoose; 373c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch password_store->UpdateLogin(*iter->second); 374c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 375c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 376c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 377c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 378c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochvoid PasswordFormManager::UpdateLogin() { 379c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK_EQ(state_, POST_MATCHING_PHASE); 380c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK(preferred_match_); 381c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // If we're doing an Update, we either autofilled correctly and need to 382c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // update the stats, or the user typed in a new password for autofilled 383c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // username, or the user selected one of the non-preferred matches, 384c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // thus requiring a swap of preferred bits. 385c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK(!IsNewLogin() && pending_credentials_.preferred); 386c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK(!profile_->IsOffTheRecord()); 387c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 388c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch PasswordStore* password_store = 389c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch profile_->GetPasswordStore(Profile::IMPLICIT_ACCESS); 390c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (!password_store) { 391c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch NOTREACHED(); 392c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return; 393c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 394c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 395c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch UpdatePreferredLoginState(password_store); 396c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 397c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Update the new preferred login. 398c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Note origin.spec().length > signon_realm.length implies the origin has a 399c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // path, since signon_realm is a prefix of origin for HTML password forms. 400c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if ((observed_form_.scheme == PasswordForm::SCHEME_HTML) && 401c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch (observed_form_.origin.spec().length() > 402c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch observed_form_.signon_realm.length()) && 403c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch (observed_form_.signon_realm == pending_credentials_.origin.spec())) { 404c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // The user logged in successfully with one of our autofilled logins on a 405c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // page with non-empty path, but the autofilled entry was initially saved/ 406c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // imported with an empty path. Rather than just mark this entry preferred, 407c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // we create a more specific copy for this exact page and leave the "master" 408c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // unchanged. This is to prevent the case where that master login is used 409c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // on several sites (e.g site.com/a and site.com/b) but the user actually 410c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // has a different preference on each site. For example, on /a, he wants the 411c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // general empty-path login so it is flagged as preferred, but on /b he logs 412c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // in with a different saved entry - we don't want to remove the preferred 413c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // status of the former because upon return to /a it won't be the default- 414c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // fill match. 415c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // TODO(timsteele): Bug 1188626 - expire the master copies. 416c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch PasswordForm copy(pending_credentials_); 417c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch copy.origin = observed_form_.origin; 418c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch copy.action = observed_form_.action; 419c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch password_store->AddLogin(copy); 420c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } else { 421c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch password_store->UpdateLogin(pending_credentials_); 422c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 423c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 424c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 425c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochint PasswordFormManager::ScoreResult(const PasswordForm& candidate) const { 426c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DCHECK_EQ(state_, MATCHING_PHASE); 427c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // For scoring of candidate login data: 428c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // The most important element that should match is the origin, followed by 429c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // the action, the password name, the submit button name, and finally the 430c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // username input field name. 431c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Exact origin match gives an addition of 32 (1 << 5) + # of matching url 432c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // dirs. 433c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Partial match gives an addition of 16 (1 << 4) + # matching url dirs 434c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // That way, a partial match cannot trump an exact match even if 435c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // the partial one matches all other attributes (action, elements) (and 436c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // regardless of the matching depth in the URL path). 437c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch int score = 0; 438c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (candidate.origin == observed_form_.origin) { 439c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // This check is here for the most common case which 440c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // is we have a single match in the db for the given host, 441c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // so we don't generally need to walk the entire URL path (the else 442c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // clause). 443c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch score += (1 << 5) + static_cast<int>(form_path_tokens_.size()); 444c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } else { 445c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Walk the origin URL paths one directory at a time to see how 446c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // deep the two match. 447c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch std::vector<std::string> candidate_path_tokens; 448731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick base::SplitString(candidate.origin.path(), '/', &candidate_path_tokens); 449c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch size_t depth = 0; 450c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch size_t max_dirs = std::min(form_path_tokens_.size(), 451c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch candidate_path_tokens.size()); 452c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch while ((depth < max_dirs) && (form_path_tokens_[depth] == 453c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch candidate_path_tokens[depth])) { 454c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch depth++; 455c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch score++; 456c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 457c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // do we have a partial match? 458c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch score += (depth > 0) ? 1 << 4 : 0; 459c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 460c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (observed_form_.scheme == PasswordForm::SCHEME_HTML) { 461c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (candidate.action == observed_form_.action) 462c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch score += 1 << 3; 463c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (candidate.password_element == observed_form_.password_element) 464c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch score += 1 << 2; 465c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (candidate.submit_element == observed_form_.submit_element) 466c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch score += 1 << 1; 467c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch if (candidate.username_element == observed_form_.username_element) 468c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch score += 1 << 0; 469c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch } 470c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 471c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch return score; 472c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 473c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 474c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochvoid PasswordFormManager::SubmitPassed() { 475c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch submit_result_ = kSubmitResultPassed; 476c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 477c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 478c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochvoid PasswordFormManager::SubmitFailed() { 479c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch submit_result_ = kSubmitResultFailed; 480c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} 481