password_form_manager.cc revision c5cede9ae108bb15f6b7a8aea21c7e1fefa2834c
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "components/password_manager/core/browser/password_form_manager.h" 6 7#include <algorithm> 8 9#include "base/metrics/histogram.h" 10#include "base/strings/string_split.h" 11#include "base/strings/string_util.h" 12#include "components/autofill/core/browser/autofill_manager.h" 13#include "components/autofill/core/browser/form_structure.h" 14#include "components/autofill/core/browser/validation.h" 15#include "components/autofill/core/common/password_form.h" 16#include "components/password_manager/core/browser/password_manager.h" 17#include "components/password_manager/core/browser/password_manager_client.h" 18#include "components/password_manager/core/browser/password_manager_driver.h" 19#include "components/password_manager/core/browser/password_store.h" 20 21using autofill::FormStructure; 22using autofill::PasswordForm; 23using autofill::PasswordFormMap; 24using base::Time; 25 26namespace password_manager { 27 28namespace { 29 30enum PasswordGenerationSubmissionEvent { 31 // Generated password was submitted and saved. 32 PASSWORD_SUBMITTED, 33 34 // Generated password submission failed. These passwords aren't saved. 35 PASSWORD_SUBMISSION_FAILED, 36 37 // Generated password was not submitted before navigation. Currently these 38 // passwords are not saved. 39 PASSWORD_NOT_SUBMITTED, 40 41 // Generated password was overridden by a non-generated one. This generally 42 // signals that the user was unhappy with the generated password for some 43 // reason. 44 PASSWORD_OVERRIDDEN, 45 46 // Number of enum entries, used for UMA histogram reporting macros. 47 SUBMISSION_EVENT_ENUM_COUNT 48}; 49 50void LogPasswordGenerationSubmissionEvent( 51 PasswordGenerationSubmissionEvent event) { 52 UMA_HISTOGRAM_ENUMERATION("PasswordGeneration.SubmissionEvent", 53 event, SUBMISSION_EVENT_ENUM_COUNT); 54} 55 56} // namespace 57 58PasswordFormManager::PasswordFormManager(PasswordManager* password_manager, 59 PasswordManagerClient* client, 60 PasswordManagerDriver* driver, 61 const PasswordForm& observed_form, 62 bool ssl_valid) 63 : best_matches_deleter_(&best_matches_), 64 observed_form_(observed_form), 65 is_new_login_(true), 66 has_generated_password_(false), 67 password_manager_(password_manager), 68 preferred_match_(NULL), 69 state_(PRE_MATCHING_PHASE), 70 client_(client), 71 driver_(driver), 72 manager_action_(kManagerActionNone), 73 user_action_(kUserActionNone), 74 submit_result_(kSubmitResultNotSubmitted) { 75 if (observed_form_.origin.is_valid()) 76 base::SplitString(observed_form_.origin.path(), '/', &form_path_tokens_); 77 observed_form_.ssl_valid = ssl_valid; 78} 79 80PasswordFormManager::~PasswordFormManager() { 81 UMA_HISTOGRAM_ENUMERATION( 82 "PasswordManager.ActionsTakenV3", GetActionsTaken(), kMaxNumActionsTaken); 83 if (has_generated_password_ && submit_result_ == kSubmitResultNotSubmitted) 84 LogPasswordGenerationSubmissionEvent(PASSWORD_NOT_SUBMITTED); 85} 86 87int PasswordFormManager::GetActionsTaken() { 88 return user_action_ + kUserActionMax * (manager_action_ + 89 kManagerActionMax * submit_result_); 90}; 91 92// TODO(timsteele): use a hash of some sort in the future? 93bool PasswordFormManager::DoesManage(const PasswordForm& form, 94 ActionMatch action_match) const { 95 if (form.scheme != PasswordForm::SCHEME_HTML) 96 return observed_form_.signon_realm == form.signon_realm; 97 98 // HTML form case. 99 // At a minimum, username and password element must match. 100 if (!((form.username_element == observed_form_.username_element) && 101 (form.password_element == observed_form_.password_element))) { 102 return false; 103 } 104 105 // When action match is required, the action URL must match, but 106 // the form is allowed to have an empty action URL (See bug 1107719). 107 // Otherwise ignore action URL, this is to allow saving password form with 108 // dynamically changed action URL (See bug 27246). 109 if (form.action.is_valid() && (form.action != observed_form_.action)) { 110 if (action_match == ACTION_MATCH_REQUIRED) 111 return false; 112 } 113 114 // If this is a replay of the same form in the case a user entered an invalid 115 // password, the origin of the new form may equal the action of the "first" 116 // form. 117 if (!((form.origin == observed_form_.origin) || 118 (form.origin == observed_form_.action))) { 119 if (form.origin.SchemeIsSecure() && 120 !observed_form_.origin.SchemeIsSecure()) { 121 // Compare origins, ignoring scheme. There is no easy way to do this 122 // with GURL because clearing the scheme would result in an invalid url. 123 // This is for some sites (such as Hotmail) that begin on an http page and 124 // head to https for the retry when password was invalid. 125 std::string::const_iterator after_scheme1 = form.origin.spec().begin() + 126 form.origin.scheme().length(); 127 std::string::const_iterator after_scheme2 = 128 observed_form_.origin.spec().begin() + 129 observed_form_.origin.scheme().length(); 130 return std::search(after_scheme1, 131 form.origin.spec().end(), 132 after_scheme2, 133 observed_form_.origin.spec().end()) 134 != form.origin.spec().end(); 135 } 136 return false; 137 } 138 return true; 139} 140 141bool PasswordFormManager::IsBlacklisted() { 142 DCHECK_EQ(state_, POST_MATCHING_PHASE); 143 if (preferred_match_ && preferred_match_->blacklisted_by_user) 144 return true; 145 return false; 146} 147 148void PasswordFormManager::PermanentlyBlacklist() { 149 DCHECK_EQ(state_, POST_MATCHING_PHASE); 150 151 // Configure the form about to be saved for blacklist status. 152 pending_credentials_.preferred = true; 153 pending_credentials_.blacklisted_by_user = true; 154 pending_credentials_.username_value.clear(); 155 pending_credentials_.password_value.clear(); 156 157 // Retroactively forget existing matches for this form, so we NEVER prompt or 158 // autofill it again. 159 int num_passwords_deleted = 0; 160 if (!best_matches_.empty()) { 161 PasswordFormMap::const_iterator iter; 162 PasswordStore* password_store = client_->GetPasswordStore(); 163 if (!password_store) { 164 NOTREACHED(); 165 return; 166 } 167 for (iter = best_matches_.begin(); iter != best_matches_.end(); ++iter) { 168 // We want to remove existing matches for this form so that the exact 169 // origin match with |blackisted_by_user == true| is the only result that 170 // shows up in the future for this origin URL. However, we don't want to 171 // delete logins that were actually saved on a different page (hence with 172 // different origin URL) and just happened to match this form because of 173 // the scoring algorithm. See bug 1204493. 174 if (iter->second->origin == observed_form_.origin) { 175 password_store->RemoveLogin(*iter->second); 176 ++num_passwords_deleted; 177 } 178 } 179 } 180 181 UMA_HISTOGRAM_COUNTS("PasswordManager.NumPasswordsDeletedWhenBlacklisting", 182 num_passwords_deleted); 183 184 // Save the pending_credentials_ entry marked as blacklisted. 185 SaveAsNewLogin(false); 186} 187 188void PasswordFormManager::SetUseAdditionalPasswordAuthentication( 189 bool use_additional_authentication) { 190 pending_credentials_.use_additional_authentication = 191 use_additional_authentication; 192} 193 194bool PasswordFormManager::IsNewLogin() { 195 DCHECK_EQ(state_, POST_MATCHING_PHASE); 196 return is_new_login_; 197} 198 199bool PasswordFormManager::IsPendingCredentialsPublicSuffixMatch() { 200 return pending_credentials_.IsPublicSuffixMatch(); 201} 202 203void PasswordFormManager::SetHasGeneratedPassword() { 204 has_generated_password_ = true; 205} 206 207bool PasswordFormManager::HasGeneratedPassword() { 208 // This check is permissive, as the user may have generated a password and 209 // then edited it in the form itself. However, even in this case the user 210 // has already given consent, so we treat these cases the same. 211 return has_generated_password_; 212} 213 214bool PasswordFormManager::HasValidPasswordForm() { 215 DCHECK_EQ(state_, POST_MATCHING_PHASE); 216 // Non-HTML password forms (primarily HTTP and FTP autentication) 217 // do not contain username_element and password_element values. 218 if (observed_form_.scheme != PasswordForm::SCHEME_HTML) 219 return true; 220 return !observed_form_.username_element.empty() && 221 !observed_form_.password_element.empty(); 222} 223 224void PasswordFormManager::ProvisionallySave( 225 const PasswordForm& credentials, 226 OtherPossibleUsernamesAction action) { 227 DCHECK_EQ(state_, POST_MATCHING_PHASE); 228 DCHECK(DoesManage(credentials, ACTION_MATCH_NOT_REQUIRED)); 229 230 // Make sure the important fields stay the same as the initially observed or 231 // autofilled ones, as they may have changed if the user experienced a login 232 // failure. 233 // Look for these credentials in the list containing auto-fill entries. 234 PasswordFormMap::const_iterator it = 235 best_matches_.find(credentials.username_value); 236 if (it != best_matches_.end()) { 237 // The user signed in with a login we autofilled. 238 pending_credentials_ = *it->second; 239 240 // Public suffix matches should always be new logins, since we want to store 241 // them so they can automatically be filled in later. 242 is_new_login_ = IsPendingCredentialsPublicSuffixMatch(); 243 if (is_new_login_) 244 user_action_ = kUserActionChoosePslMatch; 245 246 // Check to see if we're using a known username but a new password. 247 if (pending_credentials_.password_value != credentials.password_value) 248 user_action_ = kUserActionOverridePassword; 249 } else if (action == ALLOW_OTHER_POSSIBLE_USERNAMES && 250 UpdatePendingCredentialsIfOtherPossibleUsername( 251 credentials.username_value)) { 252 // |pending_credentials_| is now set. Note we don't update 253 // |pending_credentials_.username_value| to |credentials.username_value| 254 // yet because we need to keep the original username to modify the stored 255 // credential. 256 selected_username_ = credentials.username_value; 257 is_new_login_ = false; 258 } else { 259 // User typed in a new, unknown username. 260 user_action_ = kUserActionOverrideUsernameAndPassword; 261 pending_credentials_ = observed_form_; 262 pending_credentials_.username_value = credentials.username_value; 263 pending_credentials_.other_possible_usernames = 264 credentials.other_possible_usernames; 265 } 266 267 pending_credentials_.action = credentials.action; 268 // If the user selected credentials we autofilled from a PasswordForm 269 // that contained no action URL (IE6/7 imported passwords, for example), 270 // bless it with the action URL from the observed form. See bug 1107719. 271 if (pending_credentials_.action.is_empty()) 272 pending_credentials_.action = observed_form_.action; 273 // Similarly, bless incomplete credentials with *_element info. 274 if (pending_credentials_.password_element.empty()) 275 pending_credentials_.password_element = observed_form_.password_element; 276 if (pending_credentials_.username_element.empty()) 277 pending_credentials_.username_element = observed_form_.username_element; 278 if (pending_credentials_.submit_element.empty()) 279 pending_credentials_.submit_element = observed_form_.submit_element; 280 281 pending_credentials_.password_value = credentials.password_value; 282 pending_credentials_.preferred = credentials.preferred; 283 284 if (user_action_ == kUserActionOverridePassword && 285 pending_credentials_.type == PasswordForm::TYPE_GENERATED && 286 !has_generated_password_) { 287 LogPasswordGenerationSubmissionEvent(PASSWORD_OVERRIDDEN); 288 } 289 290 if (has_generated_password_) 291 pending_credentials_.type = PasswordForm::TYPE_GENERATED; 292} 293 294void PasswordFormManager::Save() { 295 DCHECK_EQ(state_, POST_MATCHING_PHASE); 296 DCHECK(!driver_->IsOffTheRecord()); 297 298 if (IsNewLogin()) 299 SaveAsNewLogin(true); 300 else 301 UpdateLogin(); 302} 303 304void PasswordFormManager::FetchMatchingLoginsFromPasswordStore( 305 PasswordStore::AuthorizationPromptPolicy prompt_policy) { 306 DCHECK_EQ(state_, PRE_MATCHING_PHASE); 307 state_ = MATCHING_PHASE; 308 PasswordStore* password_store = client_->GetPasswordStore(); 309 if (!password_store) { 310 NOTREACHED(); 311 return; 312 } 313 password_store->GetLogins(observed_form_, prompt_policy, this); 314} 315 316bool PasswordFormManager::HasCompletedMatching() { 317 return state_ == POST_MATCHING_PHASE; 318} 319 320void PasswordFormManager::OnRequestDone( 321 const std::vector<PasswordForm*>& logins_result) { 322 // Note that the result gets deleted after this call completes, but we own 323 // the PasswordForm objects pointed to by the result vector, thus we keep 324 // copies to a minimum here. 325 326 int best_score = 0; 327 // These credentials will be in the final result regardless of score. 328 std::vector<PasswordForm> credentials_to_keep; 329 for (size_t i = 0; i < logins_result.size(); i++) { 330 if (IgnoreResult(*logins_result[i])) { 331 delete logins_result[i]; 332 continue; 333 } 334 // Score and update best matches. 335 int current_score = ScoreResult(*logins_result[i]); 336 // This check is here so we can append empty path matches in the event 337 // they don't score as high as others and aren't added to best_matches_. 338 // This is most commonly imported firefox logins. We skip blacklisted 339 // ones because clearly we don't want to autofill them, and secondly 340 // because they only mean something when we have no other matches already 341 // saved in Chrome - in which case they'll make it through the regular 342 // scoring flow below by design. Note signon_realm == origin implies empty 343 // path logins_result, since signon_realm is a prefix of origin for HTML 344 // password forms. 345 // TODO(timsteele): Bug 1269400. We probably should do something more 346 // elegant for any shorter-path match instead of explicitly handling empty 347 // path matches. 348 if ((observed_form_.scheme == PasswordForm::SCHEME_HTML) && 349 (observed_form_.signon_realm == logins_result[i]->origin.spec()) && 350 (current_score > 0) && (!logins_result[i]->blacklisted_by_user)) { 351 credentials_to_keep.push_back(*logins_result[i]); 352 } 353 354 // Always keep generated passwords as part of the result set. If a user 355 // generates a password on a signup form, it should show on a login form 356 // even if they have a previous login saved. 357 // TODO(gcasto): We don't want to cut credentials that were saved on signup 358 // forms even if they weren't generated, but currently it's hard to 359 // distinguish between those forms and two different login forms on the 360 // same domain. Filed http://crbug.com/294468 to look into this. 361 if (logins_result[i]->type == PasswordForm::TYPE_GENERATED) 362 credentials_to_keep.push_back(*logins_result[i]); 363 364 if (current_score < best_score) { 365 delete logins_result[i]; 366 continue; 367 } 368 if (current_score == best_score) { 369 best_matches_[logins_result[i]->username_value] = logins_result[i]; 370 } else if (current_score > best_score) { 371 best_score = current_score; 372 // This new login has a better score than all those up to this point 373 // Note 'this' owns all the PasswordForms in best_matches_. 374 STLDeleteValues(&best_matches_); 375 best_matches_.clear(); 376 preferred_match_ = NULL; // Don't delete, its owned by best_matches_. 377 best_matches_[logins_result[i]->username_value] = logins_result[i]; 378 } 379 preferred_match_ = logins_result[i]->preferred ? logins_result[i] 380 : preferred_match_; 381 } 382 // We're done matching now. 383 state_ = POST_MATCHING_PHASE; 384 385 if (best_score <= 0) { 386 return; 387 } 388 389 for (std::vector<PasswordForm>::const_iterator it = 390 credentials_to_keep.begin(); 391 it != credentials_to_keep.end(); ++it) { 392 // If we don't already have a result with the same username, add the 393 // lower-scored match (if it had equal score it would already be in 394 // best_matches_). 395 if (best_matches_.find(it->username_value) == best_matches_.end()) 396 best_matches_[it->username_value] = new PasswordForm(*it); 397 } 398 399 UMA_HISTOGRAM_COUNTS("PasswordManager.NumPasswordsNotShown", 400 logins_result.size() - best_matches_.size()); 401 402 // It is possible we have at least one match but have no preferred_match_, 403 // because a user may have chosen to 'Forget' the preferred match. So we 404 // just pick the first one and whichever the user selects for submit will 405 // be saved as preferred. 406 DCHECK(!best_matches_.empty()); 407 if (!preferred_match_) 408 preferred_match_ = best_matches_.begin()->second; 409 410 // Check to see if the user told us to ignore this site in the past. 411 if (preferred_match_->blacklisted_by_user) { 412 client_->PasswordAutofillWasBlocked(); 413 manager_action_ = kManagerActionBlacklisted; 414 return; 415 } 416 417 // If not blacklisted, inform the driver that password generation is allowed 418 // for |observed_form_|. 419 driver_->AllowPasswordGenerationForForm(&observed_form_); 420 421 // Proceed to autofill. 422 // Note that we provide the choices but don't actually prefill a value if: 423 // (1) we are in Incognito mode, (2) the ACTION paths don't match, 424 // or (3) if it matched using public suffix domain matching. 425 bool wait_for_username = 426 driver_->IsOffTheRecord() || 427 observed_form_.action.GetWithEmptyPath() != 428 preferred_match_->action.GetWithEmptyPath() || 429 preferred_match_->IsPublicSuffixMatch(); 430 if (wait_for_username) 431 manager_action_ = kManagerActionNone; 432 else 433 manager_action_ = kManagerActionAutofilled; 434 password_manager_->Autofill(observed_form_, best_matches_, 435 *preferred_match_, wait_for_username); 436} 437 438void PasswordFormManager::OnGetPasswordStoreResults( 439 const std::vector<autofill::PasswordForm*>& results) { 440 DCHECK_EQ(state_, MATCHING_PHASE); 441 442 if (results.empty()) { 443 state_ = POST_MATCHING_PHASE; 444 // No result means that we visit this site the first time so we don't need 445 // to check whether this site is blacklisted or not. Just send a message 446 // to allow password generation. 447 driver_->AllowPasswordGenerationForForm(&observed_form_); 448 return; 449 } 450 OnRequestDone(results); 451} 452 453bool PasswordFormManager::IgnoreResult(const PasswordForm& form) const { 454 // Ignore change password forms until we have some change password 455 // functionality 456 if (observed_form_.old_password_element.length() != 0) { 457 return true; 458 } 459 // Don't match an invalid SSL form with one saved under secure 460 // circumstances. 461 if (form.ssl_valid && !observed_form_.ssl_valid) { 462 return true; 463 } 464 return false; 465} 466 467void PasswordFormManager::SaveAsNewLogin(bool reset_preferred_login) { 468 DCHECK_EQ(state_, POST_MATCHING_PHASE); 469 DCHECK(IsNewLogin()); 470 // The new_form is being used to sign in, so it is preferred. 471 DCHECK(pending_credentials_.preferred); 472 // new_form contains the same basic data as observed_form_ (because its the 473 // same form), but with the newly added credentials. 474 475 DCHECK(!driver_->IsOffTheRecord()); 476 477 PasswordStore* password_store = client_->GetPasswordStore(); 478 if (!password_store) { 479 NOTREACHED(); 480 return; 481 } 482 483 pending_credentials_.date_created = Time::Now(); 484 SanitizePossibleUsernames(&pending_credentials_); 485 password_store->AddLogin(pending_credentials_); 486 487 if (reset_preferred_login) { 488 UpdatePreferredLoginState(password_store); 489 } 490} 491 492void PasswordFormManager::SanitizePossibleUsernames(PasswordForm* form) { 493 // Remove any possible usernames that could be credit cards or SSN for privacy 494 // reasons. Also remove duplicates, both in other_possible_usernames and 495 // between other_possible_usernames and username_value. 496 std::set<base::string16> set; 497 for (std::vector<base::string16>::iterator it = 498 form->other_possible_usernames.begin(); 499 it != form->other_possible_usernames.end(); ++it) { 500 if (!autofill::IsValidCreditCardNumber(*it) && !autofill::IsSSN(*it)) 501 set.insert(*it); 502 } 503 set.erase(form->username_value); 504 std::vector<base::string16> temp(set.begin(), set.end()); 505 form->other_possible_usernames.swap(temp); 506} 507 508void PasswordFormManager::UpdatePreferredLoginState( 509 PasswordStore* password_store) { 510 DCHECK(password_store); 511 PasswordFormMap::iterator iter; 512 for (iter = best_matches_.begin(); iter != best_matches_.end(); iter++) { 513 if (iter->second->username_value != pending_credentials_.username_value && 514 iter->second->preferred) { 515 // This wasn't the selected login but it used to be preferred. 516 iter->second->preferred = false; 517 if (user_action_ == kUserActionNone) 518 user_action_ = kUserActionChoose; 519 password_store->UpdateLogin(*iter->second); 520 } 521 } 522} 523 524void PasswordFormManager::UpdateLogin() { 525 DCHECK_EQ(state_, POST_MATCHING_PHASE); 526 DCHECK(preferred_match_); 527 // If we're doing an Update, we either autofilled correctly and need to 528 // update the stats, or the user typed in a new password for autofilled 529 // username, or the user selected one of the non-preferred matches, 530 // thus requiring a swap of preferred bits. 531 DCHECK(!IsNewLogin() && pending_credentials_.preferred); 532 DCHECK(!driver_->IsOffTheRecord()); 533 534 PasswordStore* password_store = client_->GetPasswordStore(); 535 if (!password_store) { 536 NOTREACHED(); 537 return; 538 } 539 540 // Update metadata. 541 ++pending_credentials_.times_used; 542 543 // Check to see if this form is a candidate for password generation. 544 CheckForAccountCreationForm(pending_credentials_, observed_form_); 545 546 UpdatePreferredLoginState(password_store); 547 548 // Remove alternate usernames. At this point we assume that we have found 549 // the right username. 550 pending_credentials_.other_possible_usernames.clear(); 551 552 // Update the new preferred login. 553 if (!selected_username_.empty()) { 554 // An other possible username is selected. We set this selected username 555 // as the real username. The PasswordStore API isn't designed to update 556 // username, so we delete the old credentials and add a new one instead. 557 password_store->RemoveLogin(pending_credentials_); 558 pending_credentials_.username_value = selected_username_; 559 password_store->AddLogin(pending_credentials_); 560 } else if ((observed_form_.scheme == PasswordForm::SCHEME_HTML) && 561 (observed_form_.origin.spec().length() > 562 observed_form_.signon_realm.length()) && 563 (observed_form_.signon_realm == 564 pending_credentials_.origin.spec())) { 565 // Note origin.spec().length > signon_realm.length implies the origin has a 566 // path, since signon_realm is a prefix of origin for HTML password forms. 567 // 568 // The user logged in successfully with one of our autofilled logins on a 569 // page with non-empty path, but the autofilled entry was initially saved/ 570 // imported with an empty path. Rather than just mark this entry preferred, 571 // we create a more specific copy for this exact page and leave the "master" 572 // unchanged. This is to prevent the case where that master login is used 573 // on several sites (e.g site.com/a and site.com/b) but the user actually 574 // has a different preference on each site. For example, on /a, he wants the 575 // general empty-path login so it is flagged as preferred, but on /b he logs 576 // in with a different saved entry - we don't want to remove the preferred 577 // status of the former because upon return to /a it won't be the default- 578 // fill match. 579 // TODO(timsteele): Bug 1188626 - expire the master copies. 580 PasswordForm copy(pending_credentials_); 581 copy.origin = observed_form_.origin; 582 copy.action = observed_form_.action; 583 password_store->AddLogin(copy); 584 } else { 585 password_store->UpdateLogin(pending_credentials_); 586 } 587} 588 589bool PasswordFormManager::UpdatePendingCredentialsIfOtherPossibleUsername( 590 const base::string16& username) { 591 for (PasswordFormMap::const_iterator it = best_matches_.begin(); 592 it != best_matches_.end(); ++it) { 593 for (size_t i = 0; i < it->second->other_possible_usernames.size(); ++i) { 594 if (it->second->other_possible_usernames[i] == username) { 595 pending_credentials_ = *it->second; 596 return true; 597 } 598 } 599 } 600 return false; 601} 602 603void PasswordFormManager::CheckForAccountCreationForm( 604 const PasswordForm& pending, const PasswordForm& observed) { 605 // We check to see if the saved form_data is the same as the observed 606 // form_data, which should never be true for passwords saved on account 607 // creation forms. This check is only made the first time a password is used 608 // to cut down on false positives. Specifically a site may have multiple login 609 // forms with different markup, which might look similar to a signup form. 610 if (pending.times_used == 1) { 611 FormStructure pending_structure(pending.form_data); 612 FormStructure observed_structure(observed.form_data); 613 // Ignore |pending_structure| if its FormData has no fields. This is to 614 // weed out those credentials that were saved before FormData was added 615 // to PasswordForm. Even without this check, these FormStructure's won't 616 // be uploaded, but it makes it hard to see if we are encountering 617 // unexpected errors. 618 if (!pending.form_data.fields.empty() && 619 pending_structure.FormSignature() != 620 observed_structure.FormSignature()) { 621 autofill::AutofillManager* autofill_manager; 622 if ((autofill_manager = driver_->GetAutofillManager())) { 623 // Note that this doesn't guarantee that the upload succeeded, only that 624 // |pending.form_data| is considered uploadable. 625 bool success = 626 autofill_manager->UploadPasswordGenerationForm(pending.form_data); 627 UMA_HISTOGRAM_BOOLEAN("PasswordGeneration.UploadStarted", success); 628 } 629 } 630 } 631} 632 633int PasswordFormManager::ScoreResult(const PasswordForm& candidate) const { 634 DCHECK_EQ(state_, MATCHING_PHASE); 635 // For scoring of candidate login data: 636 // The most important element that should match is the origin, followed by 637 // the action, the password name, the submit button name, and finally the 638 // username input field name. 639 // Exact origin match gives an addition of 64 (1 << 6) + # of matching url 640 // dirs. 641 // Partial match gives an addition of 32 (1 << 5) + # matching url dirs 642 // That way, a partial match cannot trump an exact match even if 643 // the partial one matches all other attributes (action, elements) (and 644 // regardless of the matching depth in the URL path). 645 // If public suffix origin match was not used, it gives an addition of 646 // 16 (1 << 4). 647 int score = 0; 648 if (candidate.origin == observed_form_.origin) { 649 // This check is here for the most common case which 650 // is we have a single match in the db for the given host, 651 // so we don't generally need to walk the entire URL path (the else 652 // clause). 653 score += (1 << 6) + static_cast<int>(form_path_tokens_.size()); 654 } else { 655 // Walk the origin URL paths one directory at a time to see how 656 // deep the two match. 657 std::vector<std::string> candidate_path_tokens; 658 base::SplitString(candidate.origin.path(), '/', &candidate_path_tokens); 659 size_t depth = 0; 660 size_t max_dirs = std::min(form_path_tokens_.size(), 661 candidate_path_tokens.size()); 662 while ((depth < max_dirs) && (form_path_tokens_[depth] == 663 candidate_path_tokens[depth])) { 664 depth++; 665 score++; 666 } 667 // do we have a partial match? 668 score += (depth > 0) ? 1 << 5 : 0; 669 } 670 if (observed_form_.scheme == PasswordForm::SCHEME_HTML) { 671 if (!candidate.IsPublicSuffixMatch()) 672 score += 1 << 4; 673 if (candidate.action == observed_form_.action) 674 score += 1 << 3; 675 if (candidate.password_element == observed_form_.password_element) 676 score += 1 << 2; 677 if (candidate.submit_element == observed_form_.submit_element) 678 score += 1 << 1; 679 if (candidate.username_element == observed_form_.username_element) 680 score += 1 << 0; 681 } 682 683 return score; 684} 685 686void PasswordFormManager::SubmitPassed() { 687 submit_result_ = kSubmitResultPassed; 688 if (has_generated_password_) 689 LogPasswordGenerationSubmissionEvent(PASSWORD_SUBMITTED); 690} 691 692void PasswordFormManager::SubmitFailed() { 693 submit_result_ = kSubmitResultFailed; 694 if (has_generated_password_) 695 LogPasswordGenerationSubmissionEvent(PASSWORD_SUBMISSION_FAILED); 696} 697 698} // namespace password_manager 699