1 /*
2 * Copyright (C) 2009 Google Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are
6 * met:
7 *
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above
11 * copyright notice, this list of conditions and the following disclaimer
12 * in the documentation and/or other materials provided with the
13 * distribution.
14 * * Neither the name of Google Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived from
16 * this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 #include "config.h"
32 #include "WebPasswordFormData.h"
33
34 #include "Document.h"
35 #include "DocumentLoader.h"
36 #include "Frame.h"
37 #include "FrameLoader.h"
38 #include "HTMLFormElement.h"
39 #include "HTMLInputElement.h"
40 #include "HTMLNames.h"
41 #include "KURL.h"
42
43 #include "DOMUtilitiesPrivate.h"
44 #include "WebPasswordFormUtils.h"
45
46 using namespace WebCore;
47
48 namespace WebKit {
49
50 namespace {
51
52 // Helper to determine which password is the main one, and which is
53 // an old password (e.g on a "make new password" form), if any.
locateSpecificPasswords(PasswordFormFields * fields,HTMLInputElement ** password,HTMLInputElement ** oldPassword)54 bool locateSpecificPasswords(PasswordFormFields* fields,
55 HTMLInputElement** password,
56 HTMLInputElement** oldPassword)
57 {
58 ASSERT(fields);
59 ASSERT(password);
60 ASSERT(oldPassword);
61 switch (fields->passwords.size()) {
62 case 1:
63 // Single password, easy.
64 *password = fields->passwords[0];
65 break;
66 case 2:
67 if (fields->passwords[0]->value() == fields->passwords[1]->value())
68 // Treat two identical passwords as a single password.
69 *password = fields->passwords[0];
70 else {
71 // Assume first is old password, second is new (no choice but to guess).
72 *oldPassword = fields->passwords[0];
73 *password = fields->passwords[1];
74 }
75 break;
76 case 3:
77 if (fields->passwords[0]->value() == fields->passwords[1]->value()
78 && fields->passwords[0]->value() == fields->passwords[2]->value()) {
79 // All three passwords the same? Just treat as one and hope.
80 *password = fields->passwords[0];
81 } else if (fields->passwords[0]->value() == fields->passwords[1]->value()) {
82 // Two the same and one different -> old password is duplicated one.
83 *oldPassword = fields->passwords[0];
84 *password = fields->passwords[2];
85 } else if (fields->passwords[1]->value() == fields->passwords[2]->value()) {
86 *oldPassword = fields->passwords[0];
87 *password = fields->passwords[1];
88 } else {
89 // Three different passwords, or first and last match with middle
90 // different. No idea which is which, so no luck.
91 return false;
92 }
93 break;
94 default:
95 return false;
96 }
97 return true;
98 }
99
100 // Helped method to clear url of unneeded parts.
stripURL(const KURL & url)101 KURL stripURL(const KURL& url)
102 {
103 KURL strippedURL = url;
104 strippedURL.setUser(String());
105 strippedURL.setPass(String());
106 strippedURL.setQuery(String());
107 strippedURL.setFragmentIdentifier(String());
108 return strippedURL;
109 }
110
111 // Helper to gather up the final form data and create a PasswordForm.
assemblePasswordFormResult(const KURL & fullOrigin,const KURL & fullAction,HTMLFormControlElement * submit,HTMLInputElement * userName,HTMLInputElement * oldPassword,HTMLInputElement * password,WebPasswordFormData * result)112 void assemblePasswordFormResult(const KURL& fullOrigin,
113 const KURL& fullAction,
114 HTMLFormControlElement* submit,
115 HTMLInputElement* userName,
116 HTMLInputElement* oldPassword,
117 HTMLInputElement* password,
118 WebPasswordFormData* result)
119 {
120 // We want to keep the path but strip any authentication data, as well as
121 // query and ref portions of URL, for the form action and form origin.
122 result->action = stripURL(fullAction);
123 result->origin = stripURL(fullOrigin);
124
125 // Naming is confusing here because we have both the HTML form origin URL
126 // the page where the form was seen), and the "origin" components of the url
127 // (scheme, host, and port).
128 KURL signonRealmURL = stripURL(fullOrigin);
129 signonRealmURL.setPath("");
130 result->signonRealm = signonRealmURL;
131
132 if (submit)
133 result->submitElement = submit->name();
134 if (userName) {
135 result->userNameElement = userName->name();
136 result->userNameValue = userName->value();
137 }
138 if (password) {
139 result->passwordElement = password->name();
140 result->passwordValue = password->value();
141 }
142 if (oldPassword) {
143 result->oldPasswordElement = oldPassword->name();
144 result->oldPasswordValue = oldPassword->value();
145 }
146 }
147
148 } // namespace
149
WebPasswordFormData(const WebFormElement & webForm)150 WebPasswordFormData::WebPasswordFormData(const WebFormElement& webForm)
151 {
152 RefPtr<HTMLFormElement> form = webForm.operator PassRefPtr<HTMLFormElement>();
153
154 Frame* frame = form->document()->frame();
155 if (!frame)
156 return;
157
158 PasswordFormFields fields;
159 findPasswordFormFields(form.get(), &fields);
160
161 // Get the document URL
162 KURL fullOrigin(ParsedURLString, form->document()->documentURI());
163
164 // Calculate the canonical action URL
165 String action = form->action();
166 if (action.isNull())
167 action = ""; // missing 'action' attribute implies current URL
168 KURL fullAction = frame->loader()->completeURL(action);
169 if (!fullAction.isValid())
170 return;
171
172 // Determine the types of the password fields
173 HTMLInputElement* password = 0;
174 HTMLInputElement* oldPassword = 0;
175 if (!locateSpecificPasswords(&fields, &password, &oldPassword))
176 return;
177
178 assemblePasswordFormResult(fullOrigin, fullAction,
179 fields.submit, fields.userName,
180 oldPassword, password, this);
181 }
182
183 } // namespace WebKit
184