• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2009 Google Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are
6  * met:
7  *
8  *     * Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  *     * Redistributions in binary form must reproduce the above
11  * copyright notice, this list of conditions and the following disclaimer
12  * in the documentation and/or other materials provided with the
13  * distribution.
14  *     * Neither the name of Google Inc. nor the names of its
15  * contributors may be used to endorse or promote products derived from
16  * this software without specific prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29  */
30 
31 #include "config.h"
32 #include "WebPasswordFormData.h"
33 
34 #include "Document.h"
35 #include "DocumentLoader.h"
36 #include "Frame.h"
37 #include "FrameLoader.h"
38 #include "HTMLFormElement.h"
39 #include "HTMLInputElement.h"
40 #include "HTMLNames.h"
41 #include "KURL.h"
42 
43 #include "DOMUtilitiesPrivate.h"
44 #include "WebPasswordFormUtils.h"
45 
46 using namespace WebCore;
47 
48 namespace WebKit {
49 
50 namespace {
51 
52 // Helper to determine which password is the main one, and which is
53 // an old password (e.g on a "make new password" form), if any.
locateSpecificPasswords(PasswordFormFields * fields,HTMLInputElement ** password,HTMLInputElement ** oldPassword)54 bool locateSpecificPasswords(PasswordFormFields* fields,
55                              HTMLInputElement** password,
56                              HTMLInputElement** oldPassword)
57 {
58     ASSERT(fields);
59     ASSERT(password);
60     ASSERT(oldPassword);
61     switch (fields->passwords.size()) {
62     case 1:
63         // Single password, easy.
64         *password = fields->passwords[0];
65         break;
66     case 2:
67         if (fields->passwords[0]->value() == fields->passwords[1]->value())
68             // Treat two identical passwords as a single password.
69             *password = fields->passwords[0];
70         else {
71             // Assume first is old password, second is new (no choice but to guess).
72             *oldPassword = fields->passwords[0];
73             *password = fields->passwords[1];
74         }
75         break;
76     case 3:
77         if (fields->passwords[0]->value() == fields->passwords[1]->value()
78             && fields->passwords[0]->value() == fields->passwords[2]->value()) {
79             // All three passwords the same? Just treat as one and hope.
80             *password = fields->passwords[0];
81         } else if (fields->passwords[0]->value() == fields->passwords[1]->value()) {
82             // Two the same and one different -> old password is duplicated one.
83             *oldPassword = fields->passwords[0];
84             *password = fields->passwords[2];
85         } else if (fields->passwords[1]->value() == fields->passwords[2]->value()) {
86             *oldPassword = fields->passwords[0];
87             *password = fields->passwords[1];
88         } else {
89             // Three different passwords, or first and last match with middle
90             // different. No idea which is which, so no luck.
91             return false;
92         }
93         break;
94     default:
95         return false;
96     }
97     return true;
98 }
99 
100 // Helped method to clear url of unneeded parts.
stripURL(const KURL & url)101 KURL stripURL(const KURL& url)
102 {
103     KURL strippedURL = url;
104     strippedURL.setUser(String());
105     strippedURL.setPass(String());
106     strippedURL.setQuery(String());
107     strippedURL.setFragmentIdentifier(String());
108     return strippedURL;
109 }
110 
111 // Helper to gather up the final form data and create a PasswordForm.
assemblePasswordFormResult(const KURL & fullOrigin,const KURL & fullAction,HTMLFormControlElement * submit,HTMLInputElement * userName,HTMLInputElement * oldPassword,HTMLInputElement * password,WebPasswordFormData * result)112 void assemblePasswordFormResult(const KURL& fullOrigin,
113                                 const KURL& fullAction,
114                                 HTMLFormControlElement* submit,
115                                 HTMLInputElement* userName,
116                                 HTMLInputElement* oldPassword,
117                                 HTMLInputElement* password,
118                                 WebPasswordFormData* result)
119 {
120     // We want to keep the path but strip any authentication data, as well as
121     // query and ref portions of URL, for the form action and form origin.
122     result->action = stripURL(fullAction);
123     result->origin = stripURL(fullOrigin);
124 
125     // Naming is confusing here because we have both the HTML form origin URL
126     // the page where the form was seen), and the "origin" components of the url
127     // (scheme, host, and port).
128     KURL signonRealmURL = stripURL(fullOrigin);
129     signonRealmURL.setPath("");
130     result->signonRealm = signonRealmURL;
131 
132     if (submit)
133         result->submitElement = submit->name();
134     if (userName) {
135         result->userNameElement = userName->name();
136         result->userNameValue = userName->value();
137     }
138     if (password) {
139         result->passwordElement = password->name();
140         result->passwordValue = password->value();
141     }
142     if (oldPassword) {
143         result->oldPasswordElement = oldPassword->name();
144         result->oldPasswordValue = oldPassword->value();
145     }
146 }
147 
148 } // namespace
149 
WebPasswordFormData(const WebFormElement & webForm)150 WebPasswordFormData::WebPasswordFormData(const WebFormElement& webForm)
151 {
152     RefPtr<HTMLFormElement> form = webForm.operator PassRefPtr<HTMLFormElement>();
153 
154     Frame* frame = form->document()->frame();
155     if (!frame)
156         return;
157 
158     PasswordFormFields fields;
159     findPasswordFormFields(form.get(), &fields);
160 
161     // Get the document URL
162     KURL fullOrigin(ParsedURLString, form->document()->documentURI());
163 
164     // Calculate the canonical action URL
165     String action = form->action();
166     if (action.isNull())
167         action = ""; // missing 'action' attribute implies current URL
168     KURL fullAction = frame->loader()->completeURL(action);
169     if (!fullAction.isValid())
170         return;
171 
172     // Determine the types of the password fields
173     HTMLInputElement* password = 0;
174     HTMLInputElement* oldPassword = 0;
175     if (!locateSpecificPasswords(&fields, &password, &oldPassword))
176         return;
177 
178     assemblePasswordFormResult(fullOrigin, fullAction,
179                                fields.submit, fields.userName,
180                                oldPassword, password, this);
181 }
182 
183 } // namespace WebKit
184