password_store.cc revision 010d83a9304c5a91596085d917d248abff47903a
1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "components/password_manager/core/browser/password_store.h" 6 7#include "base/bind.h" 8#include "base/memory/scoped_ptr.h" 9#include "base/message_loop/message_loop.h" 10#include "base/message_loop/message_loop_proxy.h" 11#include "base/metrics/histogram.h" 12#include "base/stl_util.h" 13#include "components/autofill/core/common/password_form.h" 14#include "components/password_manager/core/browser/password_store_consumer.h" 15#include "components/password_manager/core/browser/password_syncable_service.h" 16 17#if defined(PASSWORD_MANAGER_ENABLE_SYNC) 18#include "components/password_manager/core/browser/password_syncable_service.h" 19#endif 20 21using autofill::PasswordForm; 22 23namespace password_manager { 24 25namespace { 26 27// Calls |consumer| back with the request result, if |consumer| is still alive. 28// Takes ownership of the elements in |result|, passing ownership to |consumer| 29// if it is still alive. 30void MaybeCallConsumerCallback(base::WeakPtr<PasswordStoreConsumer> consumer, 31 scoped_ptr<std::vector<PasswordForm*> > result) { 32 if (consumer.get()) 33 consumer->OnGetPasswordStoreResults(*result); 34 else 35 STLDeleteElements(result.get()); 36} 37 38} // namespace 39 40PasswordStore::GetLoginsRequest::GetLoginsRequest( 41 PasswordStoreConsumer* consumer) 42 : consumer_weak_(consumer->GetWeakPtr()), 43 result_(new std::vector<PasswordForm*>()) { 44 DCHECK(thread_checker_.CalledOnValidThread()); 45 origin_loop_ = base::MessageLoopProxy::current(); 46} 47 48PasswordStore::GetLoginsRequest::~GetLoginsRequest() { 49} 50 51void PasswordStore::GetLoginsRequest::ApplyIgnoreLoginsCutoff() { 52 if (!ignore_logins_cutoff_.is_null()) { 53 // Count down rather than up since we may be deleting elements. 54 // Note that in principle it could be more efficient to copy the whole array 55 // since that's worst-case linear time, but we expect that elements will be 56 // deleted rarely and lists will be small, so this avoids the copies. 57 for (size_t i = result_->size(); i > 0; --i) { 58 if ((*result_)[i - 1]->date_created < ignore_logins_cutoff_) { 59 delete (*result_)[i - 1]; 60 result_->erase(result_->begin() + (i - 1)); 61 } 62 } 63 } 64} 65 66void PasswordStore::GetLoginsRequest::ForwardResult() { 67 origin_loop_->PostTask(FROM_HERE, 68 base::Bind(&MaybeCallConsumerCallback, 69 consumer_weak_, 70 base::Passed(result_.Pass()))); 71} 72 73PasswordStore::PasswordStore( 74 scoped_refptr<base::SingleThreadTaskRunner> main_thread_runner, 75 scoped_refptr<base::SingleThreadTaskRunner> db_thread_runner) 76 : main_thread_runner_(main_thread_runner), 77 db_thread_runner_(db_thread_runner), 78 observers_(new ObserverListThreadSafe<Observer>()), 79 shutdown_called_(false) {} 80 81bool PasswordStore::Init(const syncer::SyncableService::StartSyncFlare& flare) { 82 ReportMetrics(); 83#if defined(PASSWORD_MANAGER_ENABLE_SYNC) 84 ScheduleTask(base::Bind(&PasswordStore::InitSyncableService, this, flare)); 85#endif 86 return true; 87} 88 89void PasswordStore::AddLogin(const PasswordForm& form) { 90 ScheduleTask( 91 base::Bind(&PasswordStore::WrapModificationTask, this, 92 base::Bind(&PasswordStore::AddLoginImpl, this, form))); 93} 94 95void PasswordStore::UpdateLogin(const PasswordForm& form) { 96 ScheduleTask( 97 base::Bind(&PasswordStore::WrapModificationTask, this, 98 base::Bind(&PasswordStore::UpdateLoginImpl, this, form))); 99} 100 101void PasswordStore::RemoveLogin(const PasswordForm& form) { 102 ScheduleTask( 103 base::Bind(&PasswordStore::WrapModificationTask, this, 104 base::Bind(&PasswordStore::RemoveLoginImpl, this, form))); 105} 106 107void PasswordStore::RemoveLoginsCreatedBetween(const base::Time& delete_begin, 108 const base::Time& delete_end) { 109 ScheduleTask( 110 base::Bind(&PasswordStore::WrapModificationTask, this, 111 base::Bind(&PasswordStore::RemoveLoginsCreatedBetweenImpl, 112 this, delete_begin, delete_end))); 113} 114 115void PasswordStore::GetLogins( 116 const PasswordForm& form, 117 AuthorizationPromptPolicy prompt_policy, 118 PasswordStoreConsumer* consumer) { 119 // Per http://crbug.com/121738, we deliberately ignore saved logins for 120 // http*://www.google.com/ that were stored prior to 2012. (Google now uses 121 // https://accounts.google.com/ for all login forms, so these should be 122 // unused.) We don't delete them just yet, and they'll still be visible in the 123 // password manager, but we won't use them to autofill any forms. This is a 124 // security feature to help minimize damage that can be done by XSS attacks. 125 // TODO(mdm): actually delete them at some point, say M24 or so. 126 base::Time ignore_logins_cutoff; // the null time 127 if (form.scheme == PasswordForm::SCHEME_HTML && 128 (form.signon_realm == "http://www.google.com" || 129 form.signon_realm == "http://www.google.com/" || 130 form.signon_realm == "https://www.google.com" || 131 form.signon_realm == "https://www.google.com/")) { 132 static const base::Time::Exploded exploded_cutoff = 133 { 2012, 1, 0, 1, 0, 0, 0, 0 }; // 00:00 Jan 1 2012 134 ignore_logins_cutoff = base::Time::FromUTCExploded(exploded_cutoff); 135 } 136 GetLoginsRequest* request = new GetLoginsRequest(consumer); 137 request->set_ignore_logins_cutoff(ignore_logins_cutoff); 138 139 ConsumerCallbackRunner callback_runner = 140 base::Bind(&PasswordStore::CopyAndForwardLoginsResult, 141 this, base::Owned(request)); 142 ScheduleTask(base::Bind(&PasswordStore::GetLoginsImpl, 143 this, form, prompt_policy, callback_runner)); 144} 145 146void PasswordStore::GetAutofillableLogins(PasswordStoreConsumer* consumer) { 147 Schedule(&PasswordStore::GetAutofillableLoginsImpl, consumer); 148} 149 150void PasswordStore::GetBlacklistLogins(PasswordStoreConsumer* consumer) { 151 Schedule(&PasswordStore::GetBlacklistLoginsImpl, consumer); 152} 153 154void PasswordStore::ReportMetrics() { 155 ScheduleTask(base::Bind(&PasswordStore::ReportMetricsImpl, this)); 156} 157 158void PasswordStore::AddObserver(Observer* observer) { 159 observers_->AddObserver(observer); 160} 161 162void PasswordStore::RemoveObserver(Observer* observer) { 163 observers_->RemoveObserver(observer); 164} 165 166bool PasswordStore::ScheduleTask(const base::Closure& task) { 167 scoped_refptr<base::SingleThreadTaskRunner> task_runner( 168 GetBackgroundTaskRunner()); 169 if (task_runner.get()) 170 return task_runner->PostTask(FROM_HERE, task); 171 return false; 172} 173 174void PasswordStore::Shutdown() { 175#if defined(PASSWORD_MANAGER_ENABLE_SYNC) 176 ScheduleTask(base::Bind(&PasswordStore::DestroySyncableService, this)); 177#endif 178 shutdown_called_ = true; 179} 180 181#if defined(PASSWORD_MANAGER_ENABLE_SYNC) 182base::WeakPtr<syncer::SyncableService> 183 PasswordStore::GetPasswordSyncableService() { 184 DCHECK(GetBackgroundTaskRunner()->BelongsToCurrentThread()); 185 DCHECK(syncable_service_); 186 return syncable_service_->AsWeakPtr(); 187} 188#endif 189 190PasswordStore::~PasswordStore() { DCHECK(shutdown_called_); } 191 192scoped_refptr<base::SingleThreadTaskRunner> 193PasswordStore::GetBackgroundTaskRunner() { 194 return db_thread_runner_; 195} 196 197void PasswordStore::ForwardLoginsResult(GetLoginsRequest* request) { 198 request->ApplyIgnoreLoginsCutoff(); 199 request->ForwardResult(); 200} 201 202void PasswordStore::CopyAndForwardLoginsResult( 203 PasswordStore::GetLoginsRequest* request, 204 const std::vector<PasswordForm*>& matched_forms) { 205 // Copy the contents of |matched_forms| into the request. The request takes 206 // ownership of the PasswordForm elements. 207 *(request->result()) = matched_forms; 208 ForwardLoginsResult(request); 209} 210 211void PasswordStore::LogStatsForBulkDeletion(int num_deletions) { 212 UMA_HISTOGRAM_COUNTS("PasswordManager.NumPasswordsDeletedByBulkDelete", 213 num_deletions); 214} 215 216template<typename BackendFunc> 217void PasswordStore::Schedule( 218 BackendFunc func, 219 PasswordStoreConsumer* consumer) { 220 GetLoginsRequest* request = new GetLoginsRequest(consumer); 221 consumer->cancelable_task_tracker()->PostTask( 222 GetBackgroundTaskRunner(), 223 FROM_HERE, 224 base::Bind(func, this, base::Owned(request))); 225} 226 227void PasswordStore::WrapModificationTask(ModificationTask task) { 228 PasswordStoreChangeList changes = task.Run(); 229 NotifyLoginsChanged(changes); 230} 231 232void PasswordStore::NotifyLoginsChanged( 233 const PasswordStoreChangeList& changes) { 234 DCHECK(GetBackgroundTaskRunner()->BelongsToCurrentThread()); 235 if (!changes.empty()) { 236 observers_->Notify(&Observer::OnLoginsChanged, changes); 237#if defined(PASSWORD_MANAGER_ENABLE_SYNC) 238 if (syncable_service_) 239 syncable_service_->ActOnPasswordStoreChanges(changes); 240#endif 241 } 242} 243 244#if defined(PASSWORD_MANAGER_ENABLE_SYNC) 245void PasswordStore::InitSyncableService( 246 const syncer::SyncableService::StartSyncFlare& flare) { 247 DCHECK(GetBackgroundTaskRunner()->BelongsToCurrentThread()); 248 DCHECK(!syncable_service_); 249 syncable_service_.reset(new PasswordSyncableService(this)); 250 syncable_service_->InjectStartSyncFlare(flare); 251} 252 253void PasswordStore::DestroySyncableService() { 254 DCHECK(GetBackgroundTaskRunner()->BelongsToCurrentThread()); 255 syncable_service_.reset(); 256} 257#endif 258 259} // namespace password_manager 260