• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_MANAGER_H_
6 #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_MANAGER_H_
7 
8 #include <string>
9 #include <vector>
10 
11 #include "base/callback.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "base/memory/scoped_vector.h"
14 #include "base/observer_list.h"
15 #include "base/prefs/pref_member.h"
16 #include "base/stl_util.h"
17 #include "components/autofill/core/common/password_form.h"
18 #include "components/autofill/core/common/password_form_fill_data.h"
19 #include "components/password_manager/core/browser/login_model.h"
20 #include "components/password_manager/core/browser/password_form_manager.h"
21 
22 class PrefRegistrySimple;
23 
24 namespace content {
25 class WebContents;
26 }
27 
28 namespace user_prefs {
29 class PrefRegistrySyncable;
30 }
31 
32 namespace password_manager {
33 
34 class BrowserSavePasswordProgressLogger;
35 class PasswordManagerClient;
36 class PasswordManagerDriver;
37 class PasswordManagerTest;
38 class PasswordFormManager;
39 
40 // Per-tab password manager. Handles creation and management of UI elements,
41 // receiving password form data from the renderer and managing the password
42 // database through the PasswordStore. The PasswordManager is a LoginModel
43 // for purposes of supporting HTTP authentication dialogs.
44 class PasswordManager : public LoginModel {
45  public:
46   static const char kOtherPossibleUsernamesExperiment[];
47 
48   static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
49 #if defined(OS_WIN)
50   static void RegisterLocalPrefs(PrefRegistrySimple* registry);
51 #endif
52   explicit PasswordManager(PasswordManagerClient* client);
53   virtual ~PasswordManager();
54 
55   typedef base::Callback<void(const autofill::PasswordForm&)>
56       PasswordSubmittedCallback;
57 
58   // There is no corresponding remove function as currently all of the
59   // owners of these callbacks have sufficient lifetimes so that the callbacks
60   // should always be valid when called.
61   void AddSubmissionCallback(const PasswordSubmittedCallback& callback);
62 
63   // Is saving new data for password autofill enabled for the current profile
64   // and page? For example, saving new data is disabled in Incognito mode,
65   // whereas filling data is not. Also, saving data is disabled in the presence
66   // of SSL errors on a page.
67   bool IsSavingEnabledForCurrentPage() const;
68 
69   // Called by a PasswordFormManager when it decides a form can be autofilled
70   // on the page.
71   virtual void Autofill(const autofill::PasswordForm& form_for_autofill,
72                         const autofill::PasswordFormMap& best_matches,
73                         const autofill::PasswordForm& preferred_match,
74                         bool wait_for_username) const;
75 
76   // LoginModel implementation.
77   virtual void AddObserver(LoginModelObserver* observer) OVERRIDE;
78   virtual void RemoveObserver(LoginModelObserver* observer) OVERRIDE;
79 
80   // Mark this form as having a generated password.
81   void SetFormHasGeneratedPassword(const autofill::PasswordForm& form);
82 
83   // TODO(isherman): This should not be public, but is currently being used by
84   // the LoginPrompt code.
85   // When a form is submitted, we prepare to save the password but wait
86   // until we decide the user has successfully logged in. This is step 1
87   // of 2 (see SavePassword).
88   void ProvisionallySavePassword(const autofill::PasswordForm& form);
89 
90   // Should be called when the user navigates the main frame.
91   void DidNavigateMainFrame(bool is_in_page);
92 
93   // Handles password forms being parsed.
94   void OnPasswordFormsParsed(
95       const std::vector<autofill::PasswordForm>& forms);
96 
97   // Handles password forms being rendered.
98   void OnPasswordFormsRendered(
99       const std::vector<autofill::PasswordForm>& visible_forms,
100       bool did_stop_loading);
101 
102   // Handles a password form being submitted.
103   virtual void OnPasswordFormSubmitted(
104       const autofill::PasswordForm& password_form);
105 
client()106   PasswordManagerClient* client() { return client_; }
107 
108  private:
109   enum ProvisionalSaveFailure {
110     SAVING_DISABLED,
111     EMPTY_PASSWORD,
112     NO_MATCHING_FORM,
113     MATCHING_NOT_COMPLETE,
114     FORM_BLACKLISTED,
115     INVALID_FORM,
116     AUTOCOMPLETE_OFF,
117     SYNC_CREDENTIAL,
118     MAX_FAILURE_VALUE
119   };
120 
121   // Returns if the password manager is enabled for this page. There are certain
122   // situations (e.g. bad SSL cert) where we disable the password manager
123   // temporarily.
124   bool IsEnabledForCurrentPage() const;
125 
126   // Log failure for UMA. Logs additional metrics if the |form_origin|
127   // corresponds to one of the top, explicitly monitored websites. For some
128   // values of |failure| also sends logs to the internals page through |logger|,
129   // it |logger| is not NULL.
130   void RecordFailure(ProvisionalSaveFailure failure,
131                      const std::string& form_origin,
132                      BrowserSavePasswordProgressLogger* logger);
133 
134   // Possibly set up FieldTrial for testing other possible usernames. This only
135   // happens if there are other_possible_usernames to be shown and the
136   // experiment hasn't already been initialized. We setup the experiment at
137   // such a late time because this experiment will only affect a small number
138   // of users so we want to include a larger fraction of these users than the
139   // normal 10%.
140   void PossiblyInitializeUsernamesExperiment(
141       const autofill::PasswordFormMap& matches) const;
142 
143   // Returns true if we can show possible usernames to users in cases where
144   // the username for the form is ambigious.
145   bool OtherPossibleUsernamesEnabled() const;
146 
147   // Returns true if the user needs to be prompted before a password can be
148   // saved (instead of automatically saving
149   // the password), based on inspecting the state of
150   // |provisional_save_manager_|.
151   bool ShouldPromptUserToSavePassword() const;
152 
153   // Checks for every from in |forms| whether |pending_login_managers_| already
154   // contain a manager for that form. If not, adds a manager for each such form.
155   void CreatePendingLoginManagers(
156       const std::vector<autofill::PasswordForm>& forms);
157 
158   // Note about how a PasswordFormManager can transition from
159   // pending_login_managers_ to provisional_save_manager_ and the infobar.
160   //
161   // 1. form "seen"
162   //       |                                             new
163   //       |                                               ___ Infobar
164   // pending_login -- form submit --> provisional_save ___/
165   //             ^                            |           \___ (update DB)
166   //             |                           fail
167   //             |-----------<------<---------|          !new
168   //
169   // When a form is "seen" on a page, a PasswordFormManager is created
170   // and stored in this collection until user navigates away from page.
171 
172   ScopedVector<PasswordFormManager> pending_login_managers_;
173 
174   // When the user submits a password/credential, this contains the
175   // PasswordFormManager for the form in question until we deem the login
176   // attempt to have succeeded (as in valid credentials). If it fails, we
177   // send the PasswordFormManager back to the pending_login_managers_ set.
178   // Scoped in case PasswordManager gets deleted (e.g tab closes) between the
179   // time a user submits a login form and gets to the next page.
180   scoped_ptr<PasswordFormManager> provisional_save_manager_;
181 
182   // The embedder-level client. Must outlive this class.
183   PasswordManagerClient* const client_;
184 
185   // The platform-level driver. Must outlive this class.
186   PasswordManagerDriver* const driver_;
187 
188   // Set to false to disable password saving (will no longer ask if you
189   // want to save passwords but will continue to fill passwords).
190   BooleanPrefMember saving_passwords_enabled_;
191 
192   // Observers to be notified of LoginModel events.  This is mutable to allow
193   // notification in const member functions.
194   mutable ObserverList<LoginModelObserver> observers_;
195 
196   // Callbacks to be notified when a password form has been submitted.
197   std::vector<PasswordSubmittedCallback> submission_callbacks_;
198 
199   // Records all visible forms seen during a page load, in all frames of the
200   // page. When the page stops loading, the password manager checks if one of
201   // the recorded forms matches the login form from the previous page
202   // (to see if the login was a failure), and clears the vector.
203   std::vector<autofill::PasswordForm> all_visible_forms_;
204 
205   DISALLOW_COPY_AND_ASSIGN(PasswordManager);
206 };
207 
208 }  // namespace password_manager
209 
210 #endif  // COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_MANAGER_H_
211