1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_MANAGER_H_
6#define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_MANAGER_H_
7
8#include <string>
9#include <vector>
10
11#include "base/callback.h"
12#include "base/memory/scoped_ptr.h"
13#include "base/memory/scoped_vector.h"
14#include "base/observer_list.h"
15#include "base/prefs/pref_member.h"
16#include "base/stl_util.h"
17#include "components/autofill/core/common/password_form.h"
18#include "components/autofill/core/common/password_form_fill_data.h"
19#include "components/password_manager/core/browser/login_model.h"
20#include "components/password_manager/core/browser/password_form_manager.h"
21
22class PrefRegistrySimple;
23
24namespace content {
25class WebContents;
26}
27
28namespace user_prefs {
29class PrefRegistrySyncable;
30}
31
32namespace password_manager {
33
34class BrowserSavePasswordProgressLogger;
35class PasswordManagerClient;
36class PasswordManagerDriver;
37class PasswordManagerTest;
38class PasswordFormManager;
39
40// Per-tab password manager. Handles creation and management of UI elements,
41// receiving password form data from the renderer and managing the password
42// database through the PasswordStore. The PasswordManager is a LoginModel
43// for purposes of supporting HTTP authentication dialogs.
44class PasswordManager : public LoginModel {
45 public:
46  static const char kOtherPossibleUsernamesExperiment[];
47
48  static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
49#if defined(OS_WIN)
50  static void RegisterLocalPrefs(PrefRegistrySimple* registry);
51#endif
52  explicit PasswordManager(PasswordManagerClient* client);
53  virtual ~PasswordManager();
54
55  typedef base::Callback<void(const autofill::PasswordForm&)>
56      PasswordSubmittedCallback;
57
58  // There is no corresponding remove function as currently all of the
59  // owners of these callbacks have sufficient lifetimes so that the callbacks
60  // should always be valid when called.
61  void AddSubmissionCallback(const PasswordSubmittedCallback& callback);
62
63  // Is saving new data for password autofill enabled for the current profile
64  // and page? For example, saving new data is disabled in Incognito mode,
65  // whereas filling data is not. Also, saving data is disabled in the presence
66  // of SSL errors on a page.
67  bool IsSavingEnabledForCurrentPage() const;
68
69  // Called by a PasswordFormManager when it decides a form can be autofilled
70  // on the page.
71  virtual void Autofill(const autofill::PasswordForm& form_for_autofill,
72                        const autofill::PasswordFormMap& best_matches,
73                        const autofill::PasswordForm& preferred_match,
74                        bool wait_for_username) const;
75
76  // LoginModel implementation.
77  virtual void AddObserver(LoginModelObserver* observer) OVERRIDE;
78  virtual void RemoveObserver(LoginModelObserver* observer) OVERRIDE;
79
80  // Mark this form as having a generated password.
81  void SetFormHasGeneratedPassword(const autofill::PasswordForm& form);
82
83  // TODO(isherman): This should not be public, but is currently being used by
84  // the LoginPrompt code.
85  // When a form is submitted, we prepare to save the password but wait
86  // until we decide the user has successfully logged in. This is step 1
87  // of 2 (see SavePassword).
88  void ProvisionallySavePassword(const autofill::PasswordForm& form);
89
90  // Should be called when the user navigates the main frame.
91  void DidNavigateMainFrame(bool is_in_page);
92
93  // Handles password forms being parsed.
94  void OnPasswordFormsParsed(
95      const std::vector<autofill::PasswordForm>& forms);
96
97  // Handles password forms being rendered.
98  void OnPasswordFormsRendered(
99      const std::vector<autofill::PasswordForm>& visible_forms,
100      bool did_stop_loading);
101
102  // Handles a password form being submitted.
103  virtual void OnPasswordFormSubmitted(
104      const autofill::PasswordForm& password_form);
105
106  PasswordManagerClient* client() { return client_; }
107
108 private:
109  enum ProvisionalSaveFailure {
110    SAVING_DISABLED,
111    EMPTY_PASSWORD,
112    NO_MATCHING_FORM,
113    MATCHING_NOT_COMPLETE,
114    FORM_BLACKLISTED,
115    INVALID_FORM,
116    AUTOCOMPLETE_OFF,
117    SYNC_CREDENTIAL,
118    MAX_FAILURE_VALUE
119  };
120
121  // Returns if the password manager is enabled for this page. There are certain
122  // situations (e.g. bad SSL cert) where we disable the password manager
123  // temporarily.
124  bool IsEnabledForCurrentPage() const;
125
126  // Log failure for UMA. Logs additional metrics if the |form_origin|
127  // corresponds to one of the top, explicitly monitored websites. For some
128  // values of |failure| also sends logs to the internals page through |logger|,
129  // it |logger| is not NULL.
130  void RecordFailure(ProvisionalSaveFailure failure,
131                     const std::string& form_origin,
132                     BrowserSavePasswordProgressLogger* logger);
133
134  // Possibly set up FieldTrial for testing other possible usernames. This only
135  // happens if there are other_possible_usernames to be shown and the
136  // experiment hasn't already been initialized. We setup the experiment at
137  // such a late time because this experiment will only affect a small number
138  // of users so we want to include a larger fraction of these users than the
139  // normal 10%.
140  void PossiblyInitializeUsernamesExperiment(
141      const autofill::PasswordFormMap& matches) const;
142
143  // Returns true if we can show possible usernames to users in cases where
144  // the username for the form is ambigious.
145  bool OtherPossibleUsernamesEnabled() const;
146
147  // Returns true if the user needs to be prompted before a password can be
148  // saved (instead of automatically saving
149  // the password), based on inspecting the state of
150  // |provisional_save_manager_|.
151  bool ShouldPromptUserToSavePassword() const;
152
153  // Checks for every from in |forms| whether |pending_login_managers_| already
154  // contain a manager for that form. If not, adds a manager for each such form.
155  void CreatePendingLoginManagers(
156      const std::vector<autofill::PasswordForm>& forms);
157
158  // Note about how a PasswordFormManager can transition from
159  // pending_login_managers_ to provisional_save_manager_ and the infobar.
160  //
161  // 1. form "seen"
162  //       |                                             new
163  //       |                                               ___ Infobar
164  // pending_login -- form submit --> provisional_save ___/
165  //             ^                            |           \___ (update DB)
166  //             |                           fail
167  //             |-----------<------<---------|          !new
168  //
169  // When a form is "seen" on a page, a PasswordFormManager is created
170  // and stored in this collection until user navigates away from page.
171
172  ScopedVector<PasswordFormManager> pending_login_managers_;
173
174  // When the user submits a password/credential, this contains the
175  // PasswordFormManager for the form in question until we deem the login
176  // attempt to have succeeded (as in valid credentials). If it fails, we
177  // send the PasswordFormManager back to the pending_login_managers_ set.
178  // Scoped in case PasswordManager gets deleted (e.g tab closes) between the
179  // time a user submits a login form and gets to the next page.
180  scoped_ptr<PasswordFormManager> provisional_save_manager_;
181
182  // The embedder-level client. Must outlive this class.
183  PasswordManagerClient* const client_;
184
185  // The platform-level driver. Must outlive this class.
186  PasswordManagerDriver* const driver_;
187
188  // Set to false to disable password saving (will no longer ask if you
189  // want to save passwords but will continue to fill passwords).
190  BooleanPrefMember saving_passwords_enabled_;
191
192  // Observers to be notified of LoginModel events.  This is mutable to allow
193  // notification in const member functions.
194  mutable ObserverList<LoginModelObserver> observers_;
195
196  // Callbacks to be notified when a password form has been submitted.
197  std::vector<PasswordSubmittedCallback> submission_callbacks_;
198
199  // Records all visible forms seen during a page load, in all frames of the
200  // page. When the page stops loading, the password manager checks if one of
201  // the recorded forms matches the login form from the previous page
202  // (to see if the login was a failure), and clears the vector.
203  std::vector<autofill::PasswordForm> all_visible_forms_;
204
205  DISALLOW_COPY_AND_ASSIGN(PasswordManager);
206};
207
208}  // namespace password_manager
209
210#endif  // COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_MANAGER_H_
211