password_form.h revision a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7 
1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef COMPONENTS_AUTOFILL_CORE_COMMON_PASSWORD_FORM_H__
6#define COMPONENTS_AUTOFILL_CORE_COMMON_PASSWORD_FORM_H__
7
8#include <map>
9#include <string>
10#include <vector>
11
12#include "base/time/time.h"
13#include "components/autofill/core/common/form_data.h"
14#include "url/gurl.h"
15
16namespace autofill {
17
18// The PasswordForm struct encapsulates information about a login form,
19// which can be an HTML form or a dialog with username/password text fields.
20//
21// The Web Data database stores saved username/passwords and associated form
22// metdata using a PasswordForm struct, typically one that was created from
23// a parsed HTMLFormElement or LoginDialog, but the saved entries could have
24// also been created by imported data from another browser.
25//
26// The PasswordManager implements a fuzzy-matching algorithm to compare saved
27// PasswordForm entries against PasswordForms that were created from a parsed
28// HTML or dialog form. As one might expect, the more data contained in one
29// of the saved PasswordForms, the better the job the PasswordManager can do
30// in matching it against the actual form it was saved on, and autofill
31// accurately. But it is not always possible, especially when importing from
32// other browsers with different data models, to copy over all the information
33// about a particular "saved password entry" to our PasswordForm
34// representation.
35//
36// The field descriptions in the struct specification below are intended to
37// describe which fields are not strictly required when adding a saved password
38// entry to the database and how they can affect the matching process.
39
40struct PasswordForm {
41  // Enum to differentiate between HTML form based authentication, and dialogs
42  // using basic or digest schemes. Default is SCHEME_HTML. Only PasswordForms
43  // of the same Scheme will be matched/autofilled against each other.
44  enum Scheme {
45    SCHEME_HTML,
46    SCHEME_BASIC,
47    SCHEME_DIGEST,
48    SCHEME_OTHER
49  } scheme;
50
51  // The "Realm" for the sign-on (scheme, host, port for SCHEME_HTML, and
52  // contains the HTTP realm for dialog-based forms).
53  // The signon_realm is effectively the primary key used for retrieving
54  // data from the database, so it must not be empty.
55  std::string signon_realm;
56
57  // The original "Realm" for the sign-on (scheme, host, port for SCHEME_HTML,
58  // and contains the HTTP realm for dialog-based forms). This realm is only set
59  // when two PasswordForms are matched when trying to find a login/pass pair
60  // for a site. It is only set to a non-empty value during a match of the
61  // original stored login/pass and the current observed form if all these
62  // statements are true:
63  // 1) The full signon_realm is not the same.
64  // 2) The registry controlled domain is the same. For example; example.com,
65  // m.example.com, foo.login.example.com and www.example.com would all resolve
66  // to example.com since .com is the public suffix.
67  // 3) The scheme is the same.
68  // 4) The port is the same.
69  // For example, if there exists a stored password for http://www.example.com
70  // (where .com is the public suffix) and the observed form is
71  // http://m.example.com, |original_signon_realm| must be set to
72  // http://www.example.com.
73  std::string original_signon_realm;
74
75  // The URL (minus query parameters) containing the form. This is the primary
76  // data used by the PasswordManager to decide (in longest matching prefix
77  // fashion) whether or not a given PasswordForm result from the database is a
78  // good fit for a particular form on a page, so it must not be empty.
79  GURL origin;
80
81  // The action target of the form. This is the primary data used by the
82  // PasswordManager for form autofill; that is, the action of the saved
83  // credentials must match the action of the form on the page to be autofilled.
84  // If this is empty / not available, it will result in a "restricted"
85  // IE-like autofill policy, where we wait for the user to type in his
86  // username before autofilling the password. In these cases, after successful
87  // login the action URL will automatically be assigned by the
88  // PasswordManager.
89  //
90  // When parsing an HTML form, this must always be set.
91  GURL action;
92
93  // The name of the submit button used. Optional; only used in scoring
94  // of PasswordForm results from the database to make matches as tight as
95  // possible.
96  //
97  // When parsing an HTML form, this must always be set.
98  base::string16 submit_element;
99
100  // The name of the username input element. Optional (improves scoring).
101  //
102  // When parsing an HTML form, this must always be set.
103  base::string16 username_element;
104
105  // The username. Optional.
106  //
107  // When parsing an HTML form, this is typically empty unless the site
108  // has implemented some form of autofill.
109  base::string16 username_value;
110
111  // This member is populated in cases where we there are multiple input
112  // elements that could possibly be the username. Used when our heuristics for
113  // determining the username are incorrect. Optional.
114  //
115  // When parsing an HTML form, this is typically empty.
116  std::vector<base::string16> other_possible_usernames;
117
118  // The name of the password input element, Optional (improves scoring).
119  //
120  // When parsing an HTML form, this must always be set.
121  base::string16 password_element;
122
123  // The password. Required.
124  //
125  // When parsing an HTML form, this is typically empty.
126  base::string16 password_value;
127
128  // If the form was a change password form, the name of the
129  // 'old password' input element. Optional.
130  base::string16 old_password_element;
131
132  // The old password. Optional.
133  base::string16 old_password_value;
134
135  // Whether or not this login was saved under an HTTPS session with a valid
136  // SSL cert. We will never match or autofill a PasswordForm where
137  // ssl_valid == true with a PasswordForm where ssl_valid == false. This means
138  // passwords saved under HTTPS will never get autofilled onto an HTTP page.
139  // When importing, this should be set to true if the page URL is HTTPS, thus
140  // giving it "the benefit of the doubt" that the SSL cert was valid when it
141  // was saved. Default to false.
142  bool ssl_valid;
143
144  // True if this PasswordForm represents the last username/password login the
145  // user selected to log in to the site. If there is only one saved entry for
146  // the site, this will always be true, but when there are multiple entries
147  // the PasswordManager ensures that only one of them has a preferred bit set
148  // to true. Default to false.
149  //
150  // When parsing an HTML form, this is not used.
151  bool preferred;
152
153  // When the login was saved (by chrome).
154  //
155  // When parsing an HTML form, this is not used.
156  base::Time date_created;
157
158  // Tracks if the user opted to never remember passwords for this form. Default
159  // to false.
160  //
161  // When parsing an HTML form, this is not used.
162  bool blacklisted_by_user;
163
164  // Enum to differentiate between manually filled forms and forms with auto
165  // generated passwords.
166  enum Type {
167    TYPE_MANUAL,
168    TYPE_GENERATED,
169  };
170
171  // The form type. Not used yet. Please see http://crbug.com/152422
172  Type type;
173
174  // The number of times that this username/password has been used to
175  // authenticate the user.
176  //
177  // When parsing an HTML form, this is not used.
178  int times_used;
179
180  // Autofill representation of this form. Used to communicate with the
181  // Autofill servers if necessary. Currently this is only used to help
182  // determine forms where we can trigger password generation.
183  //
184  // When parsing an HTML form, this is normally set.
185  FormData form_data;
186
187  // Returns true if this match was found using public suffix matching.
188  bool IsPublicSuffixMatch() const;
189
190  // Equality operators for testing.
191  bool operator==(const PasswordForm& form) const;
192  bool operator!=(const PasswordForm& form) const;
193
194  PasswordForm();
195  ~PasswordForm();
196};
197
198// Map username to PasswordForm* for convenience. See password_form_manager.h.
199typedef std::map<base::string16, PasswordForm*> PasswordFormMap;
200
201// For testing.
202std::ostream& operator<<(std::ostream& os,
203                         const autofill::PasswordForm& form);
204
205}  // namespace autofill
206
207#endif  // COMPONENTS_AUTOFILL_CORE_COMMON_PASSWORD_FORM_H__
208