// Copyright 2008, Google Inc. // All rights reserved. // // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions are // met: // // * Redistributions of source code must retain the above copyright // notice, this list of conditions and the following disclaimer. // * Redistributions in binary form must reproduce the above // copyright notice, this list of conditions and the following disclaimer // in the documentation and/or other materials provided with the // distribution. // * Neither the name of Google Inc. nor the names of its // contributors may be used to endorse or promote products derived from // this software without specific prior written permission. // // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #ifndef CHROME_BROWSER_PASSWORD_FORM_MANAGER_H__ #define CHROME_BROWSER_PASSWORD_FORM_MANAGER_H__ #include "chrome/common/stl_util-inl.h" #include "chrome/browser/webdata/web_data_service.h" #include "webkit/glue/password_form.h" class PasswordManager; class Profile; // Per-password-form-{on-page, dialog} class responsible for interactions // between a given form, the per-tab PasswordManager, and the web database. class PasswordFormManager : public WebDataServiceConsumer { public: // web_data_service allows access to current profile's Web Data // password_manager owns this object // form_on_page is the form that may be submitted and could need login data. // ssl_valid represents the security of the page containing observed_form, // used to filter login results from database. PasswordFormManager(Profile* profile, PasswordManager* password_manager, const PasswordForm& observed_form, bool ssl_valid); virtual ~PasswordFormManager(); // Compare basic data of observed_form_ with argument. bool DoesManage(const PasswordForm& form) const; // Retrieves potential matching logins from the database. void FetchMatchingLoginsFromWebDatabase(); void FetchMatchingIE7LoginFromWebDatabase(); // Simple state-check to verify whether this object as received a callback // from the web database and completed its matching phase. Note that the // callback in question occurs on the same (and only) main thread from which // instances of this class are ever used, but it is required since it is // conceivable that a user (or ui test) could attempt to submit a login // prompt before the callback has occured, which would InvokeLater a call to // PasswordManager::ProvisionallySave, which would interact with this object // before the db has had time to answer with matching password entries. // This is intended to be a one-time check; if the return value is false the // expectation is caller will give up. This clearly won't work if you put it // in a loop and wait for matching to complete; you're (supposed to be) on // the same thread! bool HasCompletedMatching(); // Determines if the user opted to 'never remember' passwords for this form. bool IsBlacklisted(); // Used by PasswordManager to determine whether or not to display // a SavePasswordBar when given the green light to save the PasswordForm // managed by this. bool IsNewLogin(); // WebDataServiceConsumer implementation. If matches were found // (in *result), this is where we determine we need to autofill. virtual void OnWebDataServiceRequestDone(WebDataService::Handle h, const WDTypedResult* result); // Determines if we need to autofill given the results of the query. void OnRequestDone(WebDataService::Handle h, const WDTypedResult* result); // Determines if we need to autofill given the results of the query in the // ie7_password table. void OnIE7RequestDone(WebDataService::Handle h, const WDTypedResult* result); // A user opted to 'never remember' passwords for this form. // Blacklist it so that from now on when it is seen we ignore it. void PermanentlyBlacklist(); // If the user has submitted observed_form_, provisionally hold on to // the submitted credentials until we are told by PasswordManager whether // or not the login was successful. void ProvisionallySave(const PasswordForm& credentials); // Handles save-as-new or update of the form managed by this manager. // Note the basic data of updated_credentials must match that of // observed_form_ (e.g DoesManage(pending_credentials_) == true). void Save(); private: friend class PasswordFormManagerTest; // Called by destructor to ensure if this object is deleted, no potential // outstanding callbacks can call OnWebDataServiceRequestDone. void CancelLoginsQuery(); // Helper for OnWebDataServiceRequestDone to determine whether or not // the given result form is worth scoring. bool IgnoreResult(const PasswordForm& form) const; // Helper for Save in the case that best_matches.size() == 0, meaning // we have no prior record of this form/username/password and the user // has opted to 'Save Password'. void SaveAsNewLogin(); // Helper for OnWebDataServiceRequestDone to score an individual result // against the observed_form_. int ScoreResult(const PasswordForm& form) const; // Helper for Save in the case that best_matches.size() > 0, meaning // we have at least one match for this form/username/password. This // Updates the form managed by this object, as well as any matching forms // that now need to have preferred bit changed, since updated_credentials // is now implicitly 'preferred'. void UpdateLogin(); // Set of PasswordForms from the DB that best match the form // being managed by this. Use a map instead of vector, because we most // frequently require lookups by username value in IsNewLogin. PasswordFormMap best_matches_; // Cleans up when best_matches_ goes out of scope. STLValueDeleter best_matches_deleter_; // The PasswordForm from the page or dialog managed by this. PasswordForm observed_form_; // The origin url path of observed_form_ tokenized, for convenience when // scoring. std::vector form_path_tokens_; // Stores updated credentials when the form was submitted but success is // still unknown. PasswordForm pending_credentials_; // Whether pending_credentials_ stores a new login or is an update // to an existing one. bool is_new_login_; // PasswordManager owning this. const PasswordManager* const password_manager_; // Handle to any pending WebDataService::GetLogins query. WebDataService::Handle pending_login_query_; // Convenience pointer to entry in best_matches_ that is marked // as preferred. This is only allowed to be null if there are no best matches // at all, since there will always be one preferred login when there are // multiple matches (when first saved, a login is marked preferred). const PasswordForm* preferred_match_; typedef enum { PRE_MATCHING_PHASE, // Have not yet invoked a GetLogins query to find // matching login information from DB. MATCHING_PHASE, // We've made a GetLogins request, but // haven't received or finished processing result. POST_MATCHING_PHASE // We've queried the DB and processed matching // login results. } PasswordFormManagerState; // State of matching process, used to verify that we don't call methods // assuming we've already processed the web data request for matching logins, // when we actually haven't. PasswordFormManagerState state_; // The profile from which we get the WebDataService. Profile* profile_; DISALLOW_EVIL_CONSTRUCTORS(PasswordFormManager); }; #endif // CHROME_BROWSER_PASSWORD_FORM_MANAGER_H__