password_form.h revision a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7
1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef COMPONENTS_AUTOFILL_CORE_COMMON_PASSWORD_FORM_H__ 6#define COMPONENTS_AUTOFILL_CORE_COMMON_PASSWORD_FORM_H__ 7 8#include <map> 9#include <string> 10#include <vector> 11 12#include "base/time/time.h" 13#include "components/autofill/core/common/form_data.h" 14#include "url/gurl.h" 15 16namespace autofill { 17 18// The PasswordForm struct encapsulates information about a login form, 19// which can be an HTML form or a dialog with username/password text fields. 20// 21// The Web Data database stores saved username/passwords and associated form 22// metdata using a PasswordForm struct, typically one that was created from 23// a parsed HTMLFormElement or LoginDialog, but the saved entries could have 24// also been created by imported data from another browser. 25// 26// The PasswordManager implements a fuzzy-matching algorithm to compare saved 27// PasswordForm entries against PasswordForms that were created from a parsed 28// HTML or dialog form. As one might expect, the more data contained in one 29// of the saved PasswordForms, the better the job the PasswordManager can do 30// in matching it against the actual form it was saved on, and autofill 31// accurately. But it is not always possible, especially when importing from 32// other browsers with different data models, to copy over all the information 33// about a particular "saved password entry" to our PasswordForm 34// representation. 35// 36// The field descriptions in the struct specification below are intended to 37// describe which fields are not strictly required when adding a saved password 38// entry to the database and how they can affect the matching process. 39 40struct PasswordForm { 41 // Enum to differentiate between HTML form based authentication, and dialogs 42 // using basic or digest schemes. Default is SCHEME_HTML. Only PasswordForms 43 // of the same Scheme will be matched/autofilled against each other. 44 enum Scheme { 45 SCHEME_HTML, 46 SCHEME_BASIC, 47 SCHEME_DIGEST, 48 SCHEME_OTHER 49 } scheme; 50 51 // The "Realm" for the sign-on (scheme, host, port for SCHEME_HTML, and 52 // contains the HTTP realm for dialog-based forms). 53 // The signon_realm is effectively the primary key used for retrieving 54 // data from the database, so it must not be empty. 55 std::string signon_realm; 56 57 // The original "Realm" for the sign-on (scheme, host, port for SCHEME_HTML, 58 // and contains the HTTP realm for dialog-based forms). This realm is only set 59 // when two PasswordForms are matched when trying to find a login/pass pair 60 // for a site. It is only set to a non-empty value during a match of the 61 // original stored login/pass and the current observed form if all these 62 // statements are true: 63 // 1) The full signon_realm is not the same. 64 // 2) The registry controlled domain is the same. For example; example.com, 65 // m.example.com, foo.login.example.com and www.example.com would all resolve 66 // to example.com since .com is the public suffix. 67 // 3) The scheme is the same. 68 // 4) The port is the same. 69 // For example, if there exists a stored password for http://www.example.com 70 // (where .com is the public suffix) and the observed form is 71 // http://m.example.com, |original_signon_realm| must be set to 72 // http://www.example.com. 73 std::string original_signon_realm; 74 75 // The URL (minus query parameters) containing the form. This is the primary 76 // data used by the PasswordManager to decide (in longest matching prefix 77 // fashion) whether or not a given PasswordForm result from the database is a 78 // good fit for a particular form on a page, so it must not be empty. 79 GURL origin; 80 81 // The action target of the form. This is the primary data used by the 82 // PasswordManager for form autofill; that is, the action of the saved 83 // credentials must match the action of the form on the page to be autofilled. 84 // If this is empty / not available, it will result in a "restricted" 85 // IE-like autofill policy, where we wait for the user to type in his 86 // username before autofilling the password. In these cases, after successful 87 // login the action URL will automatically be assigned by the 88 // PasswordManager. 89 // 90 // When parsing an HTML form, this must always be set. 91 GURL action; 92 93 // The name of the submit button used. Optional; only used in scoring 94 // of PasswordForm results from the database to make matches as tight as 95 // possible. 96 // 97 // When parsing an HTML form, this must always be set. 98 base::string16 submit_element; 99 100 // The name of the username input element. Optional (improves scoring). 101 // 102 // When parsing an HTML form, this must always be set. 103 base::string16 username_element; 104 105 // The username. Optional. 106 // 107 // When parsing an HTML form, this is typically empty unless the site 108 // has implemented some form of autofill. 109 base::string16 username_value; 110 111 // This member is populated in cases where we there are multiple input 112 // elements that could possibly be the username. Used when our heuristics for 113 // determining the username are incorrect. Optional. 114 // 115 // When parsing an HTML form, this is typically empty. 116 std::vector<base::string16> other_possible_usernames; 117 118 // The name of the password input element, Optional (improves scoring). 119 // 120 // When parsing an HTML form, this must always be set. 121 base::string16 password_element; 122 123 // The password. Required. 124 // 125 // When parsing an HTML form, this is typically empty. 126 base::string16 password_value; 127 128 // If the form was a change password form, the name of the 129 // 'old password' input element. Optional. 130 base::string16 old_password_element; 131 132 // The old password. Optional. 133 base::string16 old_password_value; 134 135 // Whether or not this login was saved under an HTTPS session with a valid 136 // SSL cert. We will never match or autofill a PasswordForm where 137 // ssl_valid == true with a PasswordForm where ssl_valid == false. This means 138 // passwords saved under HTTPS will never get autofilled onto an HTTP page. 139 // When importing, this should be set to true if the page URL is HTTPS, thus 140 // giving it "the benefit of the doubt" that the SSL cert was valid when it 141 // was saved. Default to false. 142 bool ssl_valid; 143 144 // True if this PasswordForm represents the last username/password login the 145 // user selected to log in to the site. If there is only one saved entry for 146 // the site, this will always be true, but when there are multiple entries 147 // the PasswordManager ensures that only one of them has a preferred bit set 148 // to true. Default to false. 149 // 150 // When parsing an HTML form, this is not used. 151 bool preferred; 152 153 // When the login was saved (by chrome). 154 // 155 // When parsing an HTML form, this is not used. 156 base::Time date_created; 157 158 // Tracks if the user opted to never remember passwords for this form. Default 159 // to false. 160 // 161 // When parsing an HTML form, this is not used. 162 bool blacklisted_by_user; 163 164 // Enum to differentiate between manually filled forms and forms with auto 165 // generated passwords. 166 enum Type { 167 TYPE_MANUAL, 168 TYPE_GENERATED, 169 }; 170 171 // The form type. Not used yet. Please see http://crbug.com/152422 172 Type type; 173 174 // The number of times that this username/password has been used to 175 // authenticate the user. 176 // 177 // When parsing an HTML form, this is not used. 178 int times_used; 179 180 // Autofill representation of this form. Used to communicate with the 181 // Autofill servers if necessary. Currently this is only used to help 182 // determine forms where we can trigger password generation. 183 // 184 // When parsing an HTML form, this is normally set. 185 FormData form_data; 186 187 // Returns true if this match was found using public suffix matching. 188 bool IsPublicSuffixMatch() const; 189 190 // Equality operators for testing. 191 bool operator==(const PasswordForm& form) const; 192 bool operator!=(const PasswordForm& form) const; 193 194 PasswordForm(); 195 ~PasswordForm(); 196}; 197 198// Map username to PasswordForm* for convenience. See password_form_manager.h. 199typedef std::map<base::string16, PasswordForm*> PasswordFormMap; 200 201// For testing. 202std::ostream& operator<<(std::ostream& os, 203 const autofill::PasswordForm& form); 204 205} // namespace autofill 206 207#endif // COMPONENTS_AUTOFILL_CORE_COMMON_PASSWORD_FORM_H__ 208