1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_FORM_MANAGER_H_
6#define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_FORM_MANAGER_H_
7
8#include <string>
9#include <vector>
10
11#include "build/build_config.h"
12
13#include "base/stl_util.h"
14#include "components/autofill/core/browser/field_types.h"
15#include "components/autofill/core/common/password_form.h"
16#include "components/password_manager/core/browser/password_manager_driver.h"
17#include "components/password_manager/core/browser/password_store.h"
18#include "components/password_manager/core/browser/password_store_consumer.h"
19
20namespace content {
21class WebContents;
22}  // namespace content
23
24namespace password_manager {
25
26class PasswordManager;
27class PasswordManagerClient;
28
29// Per-password-form-{on-page, dialog} class responsible for interactions
30// between a given form, the per-tab PasswordManager, and the PasswordStore.
31class PasswordFormManager : public PasswordStoreConsumer {
32 public:
33  // |password_manager| owns this object
34  // |form_on_page| is the form that may be submitted and could need login data.
35  // |ssl_valid| represents the security of the page containing observed_form,
36  //           used to filter login results from database.
37  PasswordFormManager(PasswordManager* password_manager,
38                      PasswordManagerClient* client,
39                      PasswordManagerDriver* driver,
40                      const autofill::PasswordForm& observed_form,
41                      bool ssl_valid);
42  virtual ~PasswordFormManager();
43
44  // Flags describing the result of comparing two forms as performed by
45  // DoesMatch. Individual flags are only relevant for HTML forms, but
46  // RESULT_COMPLETE_MATCH will also be returned to indicate non-HTML forms
47  // completely matching.
48  enum MatchResultFlags {
49    RESULT_NO_MATCH = 0,
50    RESULT_MANDATORY_ATTRIBUTES_MATCH = 1 << 0,  // Bare minimum to be a match.
51    RESULT_ACTION_MATCH = 1 << 1,                // Action URLs match too.
52    RESULT_COMPLETE_MATCH =
53        RESULT_MANDATORY_ATTRIBUTES_MATCH | RESULT_ACTION_MATCH
54  };
55  // Use MatchResultMask to contain combinations of MatchResultFlags values.
56  // It's a signed int rather than unsigned to avoid signed/unsigned mismatch
57  // caused by the enum values implicitly converting to signed int.
58  typedef int MatchResultMask;
59
60  enum OtherPossibleUsernamesAction {
61    ALLOW_OTHER_POSSIBLE_USERNAMES,
62    IGNORE_OTHER_POSSIBLE_USERNAMES
63  };
64
65  // Compares basic data of |observed_form_| with |form| and returns how much
66  // they match. The return value is a MatchResultMask bitmask.
67  MatchResultMask DoesManage(const autofill::PasswordForm& form) const;
68
69  // Retrieves potential matching logins from the database.
70  // |prompt_policy| indicates whether it's permissible to prompt the user to
71  // authorize access to locked passwords. This argument is only used on
72  // platforms that support prompting the user for access (such as Mac OS).
73  void FetchMatchingLoginsFromPasswordStore(
74      PasswordStore::AuthorizationPromptPolicy prompt_policy);
75
76  // Simple state-check to verify whether this object as received a callback
77  // from the PasswordStore and completed its matching phase. Note that the
78  // callback in question occurs on the same (and only) main thread from which
79  // instances of this class are ever used, but it is required since it is
80  // conceivable that a user (or ui test) could attempt to submit a login
81  // prompt before the callback has occured, which would InvokeLater a call to
82  // PasswordManager::ProvisionallySave, which would interact with this object
83  // before the db has had time to answer with matching password entries.
84  // This is intended to be a one-time check; if the return value is false the
85  // expectation is caller will give up. This clearly won't work if you put it
86  // in a loop and wait for matching to complete; you're (supposed to be) on
87  // the same thread!
88  bool HasCompletedMatching();
89
90  // Determines if the user opted to 'never remember' passwords for this form.
91  bool IsBlacklisted();
92
93  // Used by PasswordManager to determine whether or not to display
94  // a SavePasswordBar when given the green light to save the PasswordForm
95  // managed by this.
96  bool IsNewLogin();
97
98  // Returns true if the current pending credentials were found using
99  // origin matching of the public suffix, instead of the signon realm of the
100  // form.
101  bool IsPendingCredentialsPublicSuffixMatch();
102
103  // Checks if the form is a valid password form. Forms which lack password
104  // field are not considered valid.
105  bool HasValidPasswordForm();
106
107  // These functions are used to determine if this form has had it's password
108  // auto generated by the browser.
109  bool HasGeneratedPassword();
110  void SetHasGeneratedPassword();
111
112  // Determines if we need to autofill given the results of the query.
113  // Takes ownership of the elements in |result|.
114  void OnRequestDone(const std::vector<autofill::PasswordForm*>& result);
115
116  virtual void OnGetPasswordStoreResults(
117      const std::vector<autofill::PasswordForm*>& results) OVERRIDE;
118
119  // A user opted to 'never remember' passwords for this form.
120  // Blacklist it so that from now on when it is seen we ignore it.
121  // TODO: Make this private once we switch to the new UI.
122  void PermanentlyBlacklist();
123
124  // Sets whether the password form should use additional password
125  // authentication if available before being used for autofill.
126  void SetUseAdditionalPasswordAuthentication(
127      bool use_additional_authentication);
128
129  // If the user has submitted observed_form_, provisionally hold on to
130  // the submitted credentials until we are told by PasswordManager whether
131  // or not the login was successful. |action| describes how we deal with
132  // possible usernames. If |action| is ALLOW_OTHER_POSSIBLE_USERNAMES we will
133  // treat a possible usernames match as a sign that our original heuristics
134  // were wrong and that the user selected the correct username from the
135  // Autofill UI.
136  void ProvisionallySave(const autofill::PasswordForm& credentials,
137                         OtherPossibleUsernamesAction action);
138
139  // Handles save-as-new or update of the form managed by this manager.
140  // Note the basic data of updated_credentials must match that of
141  // observed_form_ (e.g DoesManage(pending_credentials_) == true).
142  // TODO: Make this private once we switch to the new UI.
143  void Save();
144
145  // Call these if/when we know the form submission worked or failed.
146  // These routines are used to update internal statistics ("ActionsTaken").
147  void SubmitPassed();
148  void SubmitFailed();
149
150  // Returns the username associated with the credentials.
151  const base::string16& associated_username() const {
152    return pending_credentials_.username_value;
153  }
154
155  // Returns the pending credentials.
156  const autofill::PasswordForm& pending_credentials() const {
157    return pending_credentials_;
158  }
159
160  // Returns the best matches.
161  const autofill::PasswordFormMap& best_matches() const {
162    return best_matches_;
163  }
164
165  const autofill::PasswordForm* preferred_match() const {
166    return preferred_match_;
167  }
168
169  // Returns the realm URL for the form managed my this manager.
170  const std::string& realm() const {
171    return pending_credentials_.signon_realm;
172  }
173
174 private:
175  friend class PasswordFormManagerTest;
176
177  // ManagerAction - What does the manager do with this form? Either it
178  // fills it, or it doesn't. If it doesn't fill it, that's either
179  // because it has no match, or it is blacklisted, or it is disabled
180  // via the AUTOCOMPLETE=off attribute. Note that if we don't have
181  // an exact match, we still provide candidates that the user may
182  // end up choosing.
183  enum ManagerAction {
184    kManagerActionNone = 0,
185    kManagerActionAutofilled,
186    kManagerActionBlacklisted,
187    kManagerActionMax
188  };
189
190  // UserAction - What does the user do with this form? If he or she
191  // does nothing (either by accepting what the password manager did, or
192  // by simply (not typing anything at all), you get None. If there were
193  // multiple choices and the user selects one other than the default,
194  // you get Choose, if user selects an entry from matching against the Public
195  // Suffix List you get ChoosePslMatch, if the user types in a new value
196  // for just the password you get OverridePassword, and if the user types in a
197  // new value for the username and password you get
198  // OverrideUsernameAndPassword.
199  enum UserAction {
200    kUserActionNone = 0,
201    kUserActionChoose,
202    kUserActionChoosePslMatch,
203    kUserActionOverridePassword,
204    kUserActionOverrideUsernameAndPassword,
205    kUserActionMax
206  };
207
208  // Result - What happens to the form?
209  enum SubmitResult {
210    kSubmitResultNotSubmitted = 0,
211    kSubmitResultFailed,
212    kSubmitResultPassed,
213    kSubmitResultMax
214  };
215
216  // The maximum number of combinations of the three preceding enums.
217  // This is used when recording the actions taken by the form in UMA.
218  static const int kMaxNumActionsTaken = kManagerActionMax * kUserActionMax *
219                                         kSubmitResultMax;
220
221  // Helper for OnGetPasswordStoreResults to determine whether or not
222  // the given result form is worth scoring.
223  bool ShouldIgnoreResult(const autofill::PasswordForm& form) const;
224
225  // Helper for Save in the case that best_matches.size() == 0, meaning
226  // we have no prior record of this form/username/password and the user
227  // has opted to 'Save Password'. If |reset_preferred_login| is set,
228  // the previously preferred login from |best_matches_| will be reset.
229  void SaveAsNewLogin(bool reset_preferred_login);
230
231  // Helper for OnGetPasswordStoreResults to score an individual result
232  // against the observed_form_.
233  int ScoreResult(const autofill::PasswordForm& form) const;
234
235  // Helper for Save in the case that best_matches.size() > 0, meaning
236  // we have at least one match for this form/username/password. This
237  // Updates the form managed by this object, as well as any matching forms
238  // that now need to have preferred bit changed, since updated_credentials
239  // is now implicitly 'preferred'.
240  void UpdateLogin();
241
242  // Check to see if |pending| corresponds to an account creation form. If we
243  // think that it does, we label it as such and upload this state to the
244  // Autofill server, so that we will trigger password generation in the future.
245  void CheckForAccountCreationForm(const autofill::PasswordForm& pending,
246                                   const autofill::PasswordForm& observed);
247
248  // Update all login matches to reflect new preferred state - preferred flag
249  // will be reset on all matched logins that different than the current
250  // |pending_credentials_|.
251  void UpdatePreferredLoginState(PasswordStore* password_store);
252
253  // Returns true if |username| is one of the other possible usernames for a
254  // password form in |best_matches_| and sets |pending_credentials_| to the
255  // match which had this username.
256  bool UpdatePendingCredentialsIfOtherPossibleUsername(
257      const base::string16& username);
258
259  // Converts the "ActionsTaken" fields into an int so they can be logged to
260  // UMA.
261  int GetActionsTaken();
262
263  // Remove possible_usernames that may contains sensitive information and
264  // duplicates.
265  void SanitizePossibleUsernames(autofill::PasswordForm* form);
266
267  // Helper function to delegate uploading to the AutofillManager.
268  virtual void UploadPasswordForm(
269      const autofill::FormData& form_data,
270      const autofill::ServerFieldType& password_type);
271
272  // Set of PasswordForms from the DB that best match the form
273  // being managed by this. Use a map instead of vector, because we most
274  // frequently require lookups by username value in IsNewLogin.
275  autofill::PasswordFormMap best_matches_;
276
277  // Cleans up when best_matches_ goes out of scope.
278  STLValueDeleter<autofill::PasswordFormMap> best_matches_deleter_;
279
280  // The PasswordForm from the page or dialog managed by |this|.
281  const autofill::PasswordForm observed_form_;
282
283  // The origin url path of observed_form_ tokenized, for convenience when
284  // scoring.
285  std::vector<std::string> form_path_tokens_;
286
287  // Stores updated credentials when the form was submitted but success is
288  // still unknown.
289  autofill::PasswordForm pending_credentials_;
290
291  // Whether pending_credentials_ stores a new login or is an update
292  // to an existing one.
293  bool is_new_login_;
294
295  // Whether this form has an auto generated password.
296  bool has_generated_password_;
297
298  // Set if the user has selected one of the other possible usernames in
299  // |pending_credentials_|.
300  base::string16 selected_username_;
301
302  // PasswordManager owning this.
303  const PasswordManager* const password_manager_;
304
305  // Convenience pointer to entry in best_matches_ that is marked
306  // as preferred. This is only allowed to be null if there are no best matches
307  // at all, since there will always be one preferred login when there are
308  // multiple matches (when first saved, a login is marked preferred).
309  const autofill::PasswordForm* preferred_match_;
310
311  typedef enum {
312    PRE_MATCHING_PHASE,      // Have not yet invoked a GetLogins query to find
313                             // matching login information from password store.
314    MATCHING_PHASE,          // We've made a GetLogins request, but
315                             // haven't received or finished processing result.
316    POST_MATCHING_PHASE      // We've queried the DB and processed matching
317                             // login results.
318  } PasswordFormManagerState;
319
320  // State of matching process, used to verify that we don't call methods
321  // assuming we've already processed the request for matching logins,
322  // when we actually haven't.
323  PasswordFormManagerState state_;
324
325  // The client which implements embedder-specific PasswordManager operations.
326  PasswordManagerClient* client_;
327
328  // The driver which implements platform-specific PasswordManager operations.
329  PasswordManagerDriver* driver_;
330
331  // These three fields record the "ActionsTaken" by the browser and
332  // the user with this form, and the result. They are combined and
333  // recorded in UMA when the manager is destroyed.
334  ManagerAction manager_action_;
335  UserAction user_action_;
336  SubmitResult submit_result_;
337
338  DISALLOW_COPY_AND_ASSIGN(PasswordFormManager);
339};
340
341}  // namespace password_manager
342
343#endif  // COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_FORM_MANAGER_H_
344