// Copyright 2013 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "components/autofill/content/renderer/password_autofill_agent.h" #include #include #include "base/bind.h" #include "base/command_line.h" #include "base/i18n/case_conversion.h" #include "base/memory/scoped_ptr.h" #include "base/message_loop/message_loop.h" #include "base/metrics/field_trial.h" #include "base/metrics/histogram_macros.h" #include "base/strings/utf_string_conversions.h" #include "build/build_config.h" #include "components/autofill/content/common/autofill_messages.h" #include "components/autofill/content/renderer/form_autofill_util.h" #include "components/autofill/content/renderer/password_form_conversion_utils.h" #include "components/autofill/content/renderer/renderer_save_password_progress_logger.h" #include "components/autofill/core/common/autofill_constants.h" #include "components/autofill/core/common/autofill_switches.h" #include "components/autofill/core/common/autofill_util.h" #include "components/autofill/core/common/form_field_data.h" #include "components/autofill/core/common/password_form.h" #include "components/autofill/core/common/password_form_fill_data.h" #include "content/public/renderer/document_state.h" #include "content/public/renderer/navigation_state.h" #include "content/public/renderer/render_frame.h" #include "content/public/renderer/render_view.h" #include "third_party/WebKit/public/platform/WebVector.h" #include "third_party/WebKit/public/web/WebAutofillClient.h" #include "third_party/WebKit/public/web/WebDocument.h" #include "third_party/WebKit/public/web/WebElement.h" #include "third_party/WebKit/public/web/WebFormElement.h" #include "third_party/WebKit/public/web/WebInputEvent.h" #include "third_party/WebKit/public/web/WebLocalFrame.h" #include "third_party/WebKit/public/web/WebNode.h" #include "third_party/WebKit/public/web/WebSecurityOrigin.h" #include "third_party/WebKit/public/web/WebUserGestureIndicator.h" #include "third_party/WebKit/public/web/WebView.h" #include "ui/base/page_transition_types.h" #include "ui/events/keycodes/keyboard_codes.h" #include "url/gurl.h" namespace autofill { namespace { // The size above which we stop triggering autocomplete. static const size_t kMaximumTextSizeForAutocomplete = 1000; // Experiment information const char kFillOnAccountSelectFieldTrialName[] = "FillOnAccountSelect"; const char kFillOnAccountSelectFieldTrialEnabledWithHighlightGroup[] = "EnableWithHighlight"; const char kFillOnAccountSelectFieldTrialEnabledWithNoHighlightGroup[] = "EnableWithNoHighlight"; const char kDummyUsernameField[] = "anonymous_username"; const char kDummyPasswordField[] = "anonymous_password"; // Maps element names to the actual elements to simplify form filling. typedef std::map FormInputElementMap; // Use the shorter name when referencing SavePasswordProgressLogger::StringID // values to spare line breaks. The code provides enough context for that // already. typedef SavePasswordProgressLogger Logger; typedef std::vector FormElementsList; bool FillDataContainsFillableUsername(const PasswordFormFillData& fill_data) { return !fill_data.username_field.name.empty() && (!fill_data.additional_logins.empty() || !fill_data.username_field.value.empty()); } // Returns true if password form has username and password fields with either // same or no name and id attributes supplied. bool DoesFormContainAmbiguousOrEmptyNames( const PasswordFormFillData& fill_data) { return (fill_data.username_field.name == fill_data.password_field.name) || (fill_data.password_field.name == base::ASCIIToUTF16(kDummyPasswordField) && (!FillDataContainsFillableUsername(fill_data) || fill_data.username_field.name == base::ASCIIToUTF16(kDummyUsernameField))); } bool IsPasswordField(const FormFieldData& field) { return (field.form_control_type == "password"); } // Returns true if any password field within |control_elements| is supplied with // either |autocomplete='current-password'| or |autocomplete='new-password'| // attribute. bool HasPasswordWithAutocompleteAttribute( const std::vector& control_elements) { for (const blink::WebFormControlElement& control_element : control_elements) { if (!control_element.hasHTMLTagName("input")) continue; const blink::WebInputElement input_element = control_element.toConst(); if (input_element.isPasswordField() && (HasAutocompleteAttributeValue(input_element, "current-password") || HasAutocompleteAttributeValue(input_element, "new-password"))) return true; } return false; } // Returns the |field|'s autofillable name. If |ambiguous_or_empty_names| is set // to true returns a dummy name instead. base::string16 FieldName(const FormFieldData& field, bool ambiguous_or_empty_names) { return ambiguous_or_empty_names ? IsPasswordField(field) ? base::ASCIIToUTF16(kDummyPasswordField) : base::ASCIIToUTF16(kDummyUsernameField) : field.name; } bool IsUnownedPasswordFormVisible(blink::WebFrame* frame, const GURL& action, const GURL& origin, const FormData& form_data, const FormsPredictionsMap& form_predictions) { scoped_ptr unowned_password_form( CreatePasswordFormFromUnownedInputElements(*frame, nullptr, &form_predictions)); if (!unowned_password_form) return false; std::vector control_elements = form_util::GetUnownedAutofillableFormFieldElements( frame->document().all(), nullptr); if (!form_util::IsSomeControlElementVisible(control_elements)) return false; #if !defined(OS_MACOSX) && !defined(OS_ANDROID) const bool action_is_empty = action == origin; bool forms_are_same = action_is_empty ? form_data.SameFormAs(unowned_password_form->form_data) : action == unowned_password_form->action; return forms_are_same; #else // OS_MACOSX or OS_ANDROID return action == unowned_password_form->action; #endif } // Utility function to find the unique entry of |control_elements| for the // specified input |field|. On successful find, adds it to |result| and returns // |true|. Otherwise clears the references from each |HTMLInputElement| from // |result| and returns |false|. bool FindFormInputElement( const std::vector& control_elements, const FormFieldData& field, bool ambiguous_or_empty_names, FormInputElementMap* result) { // Match the first input element, if any. bool found_input = false; bool is_password_field = IsPasswordField(field); bool does_password_field_has_ambigous_or_empty_name = ambiguous_or_empty_names && is_password_field; bool ambiguous_and_multiple_password_fields_with_autocomplete = does_password_field_has_ambigous_or_empty_name && HasPasswordWithAutocompleteAttribute(control_elements); base::string16 field_name = FieldName(field, ambiguous_or_empty_names); for (const blink::WebFormControlElement& control_element : control_elements) { if (!ambiguous_or_empty_names && control_element.nameForAutofill() != field_name) { continue; } if (!control_element.hasHTMLTagName("input")) continue; // Only fill saved passwords into password fields and usernames into text // fields. const blink::WebInputElement input_element = control_element.toConst(); if (input_element.isPasswordField() != is_password_field) continue; // For change password form with ambiguous or empty names keep only the // first password field having |autocomplete='current-password'| attribute // set. Also make sure we avoid keeping password fields having // |autocomplete='new-password'| attribute set. if (ambiguous_and_multiple_password_fields_with_autocomplete && !HasAutocompleteAttributeValue(input_element, "current-password")) { continue; } // Check for a non-unique match. if (found_input) { // For change password form keep only the first password field entry. if (does_password_field_has_ambigous_or_empty_name) { if (!form_util::IsWebNodeVisible((*result)[field_name])) { // If a previously chosen field was invisible then take the current // one. (*result)[field_name] = input_element; } continue; } found_input = false; break; } (*result)[field_name] = input_element; found_input = true; } // A required element was not found. This is not the right form. // Make sure no input elements from a partially matched form in this // iteration remain in the result set. // Note: clear will remove a reference from each InputElement. if (!found_input) { result->clear(); return false; } return true; } bool ShouldFillOnAccountSelect() { std::string group_name = base::FieldTrialList::FindFullName(kFillOnAccountSelectFieldTrialName); if (base::CommandLine::ForCurrentProcess()->HasSwitch( switches::kDisableFillOnAccountSelect)) { return false; } if (base::CommandLine::ForCurrentProcess()->HasSwitch( switches::kEnableFillOnAccountSelect) || base::CommandLine::ForCurrentProcess()->HasSwitch( switches::kEnableFillOnAccountSelectNoHighlighting)) { return true; } return group_name == kFillOnAccountSelectFieldTrialEnabledWithHighlightGroup || group_name == kFillOnAccountSelectFieldTrialEnabledWithNoHighlightGroup; } bool ShouldHighlightFields() { std::string group_name = base::FieldTrialList::FindFullName(kFillOnAccountSelectFieldTrialName); if (base::CommandLine::ForCurrentProcess()->HasSwitch( switches::kDisableFillOnAccountSelect) || base::CommandLine::ForCurrentProcess()->HasSwitch( switches::kEnableFillOnAccountSelect)) { return true; } if (base::CommandLine::ForCurrentProcess()->HasSwitch( switches::kEnableFillOnAccountSelectNoHighlighting)) { return false; } return group_name != kFillOnAccountSelectFieldTrialEnabledWithNoHighlightGroup; } // Helper to search through |control_elements| for the specified input elements // in |data|, and add results to |result|. bool FindFormInputElements( const std::vector& control_elements, const PasswordFormFillData& data, bool ambiguous_or_empty_names, FormInputElementMap* result) { return FindFormInputElement(control_elements, data.password_field, ambiguous_or_empty_names, result) && (!FillDataContainsFillableUsername(data) || FindFormInputElement(control_elements, data.username_field, ambiguous_or_empty_names, result)); } // Helper to locate form elements identified by |data|. void FindFormElements(content::RenderFrame* render_frame, const PasswordFormFillData& data, bool ambiguous_or_empty_names, FormElementsList* results) { DCHECK(results); blink::WebDocument doc = render_frame->GetWebFrame()->document(); if (!doc.isHTMLDocument()) return; if (data.origin != form_util::GetCanonicalOriginForDocument(doc)) return; blink::WebVector forms; doc.forms(forms); for (size_t i = 0; i < forms.size(); ++i) { blink::WebFormElement fe = forms[i]; // Action URL must match. if (data.action != form_util::GetCanonicalActionForForm(fe)) continue; std::vector control_elements = form_util::ExtractAutofillableElementsInForm(fe); FormInputElementMap cur_map; if (FindFormInputElements(control_elements, data, ambiguous_or_empty_names, &cur_map)) results->push_back(cur_map); } // If the element to be filled are not in a
element, the "action" and // origin should be the same. if (data.action != data.origin) return; std::vector control_elements = form_util::GetUnownedAutofillableFormFieldElements(doc.all(), nullptr); FormInputElementMap unowned_elements_map; if (FindFormInputElements(control_elements, data, ambiguous_or_empty_names, &unowned_elements_map)) results->push_back(unowned_elements_map); } bool IsElementEditable(const blink::WebInputElement& element) { return element.isEnabled() && !element.isReadOnly(); } bool DoUsernamesMatch(const base::string16& username1, const base::string16& username2, bool exact_match) { if (exact_match) return username1 == username2; return FieldIsSuggestionSubstringStartingOnTokenBoundary(username1, username2, true); } // Returns |true| if the given element is editable. Otherwise, returns |false|. bool IsElementAutocompletable(const blink::WebInputElement& element) { return IsElementEditable(element); } // Return true if either password_value or new_password_value is not empty and // not default. bool FormContainsNonDefaultPasswordValue(const PasswordForm& password_form) { return (!password_form.password_value.empty() && !password_form.password_value_is_default) || (!password_form.new_password_value.empty() && !password_form.new_password_value_is_default); } // Log a message including the name, method and action of |form|. void LogHTMLForm(SavePasswordProgressLogger* logger, SavePasswordProgressLogger::StringID message_id, const blink::WebFormElement& form) { logger->LogHTMLForm(message_id, form.name().utf8(), GURL(form.action().utf8())); } // Returns true if there are any suggestions to be derived from |fill_data|. // Unless |show_all| is true, only considers suggestions with usernames having // |current_username| as a prefix. bool CanShowSuggestion(const PasswordFormFillData& fill_data, const base::string16& current_username, bool show_all) { base::string16 current_username_lower = base::i18n::ToLower(current_username); for (const auto& usernames : fill_data.other_possible_usernames) { for (size_t i = 0; i < usernames.second.size(); ++i) { if (show_all || base::StartsWith( base::i18n::ToLower(base::string16(usernames.second[i])), current_username_lower, base::CompareCase::SENSITIVE)) { return true; } } } if (show_all || base::StartsWith(base::i18n::ToLower(fill_data.username_field.value), current_username_lower, base::CompareCase::SENSITIVE)) { return true; } for (const auto& login : fill_data.additional_logins) { if (show_all || base::StartsWith(base::i18n::ToLower(login.first), current_username_lower, base::CompareCase::SENSITIVE)) { return true; } } return false; } // Returns true if there exists a credential suggestion whose username field is // an exact match to the current username (not just a prefix). bool HasExactMatchSuggestion(const PasswordFormFillData& fill_data, const base::string16& current_username) { if (fill_data.username_field.value == current_username) return true; for (const auto& usernames : fill_data.other_possible_usernames) { for (const auto& username_string : usernames.second) { if (username_string == current_username) return true; } } for (const auto& login : fill_data.additional_logins) { if (login.first == current_username) return true; } return false; } // This function attempts to fill |username_element| and |password_element| // with values from |fill_data|. The |password_element| will only have the // suggestedValue set, and will be registered for copying that to the real // value through |registration_callback|. If a match is found, return true and // |nonscript_modified_values| will be modified with the autofilled credentials. bool FillUserNameAndPassword( blink::WebInputElement* username_element, blink::WebInputElement* password_element, const PasswordFormFillData& fill_data, bool exact_username_match, bool set_selection, std::map* nonscript_modified_values, base::Callback registration_callback) { // Don't fill username if password can't be set. if (!IsElementAutocompletable(*password_element)) return false; base::string16 current_username; if (!username_element->isNull()) { current_username = username_element->value(); } // username and password will contain the match found if any. base::string16 username; base::string16 password; // Look for any suitable matches to current field text. if (DoUsernamesMatch(fill_data.username_field.value, current_username, exact_username_match)) { username = fill_data.username_field.value; password = fill_data.password_field.value; } else { // Scan additional logins for a match. for (const auto& it : fill_data.additional_logins) { if (DoUsernamesMatch(it.first, current_username, exact_username_match)) { username = it.first; password = it.second.password; break; } } // Check possible usernames. if (username.empty() && password.empty()) { for (const auto& it : fill_data.other_possible_usernames) { for (size_t i = 0; i < it.second.size(); ++i) { if (DoUsernamesMatch( it.second[i], current_username, exact_username_match)) { username = it.second[i]; password = it.first.password; break; } } if (!username.empty() && !password.empty()) break; } } } if (password.empty()) return false; // TODO(tkent): Check maxlength and pattern for both username and password // fields. // Input matches the username, fill in required values. if (!username_element->isNull() && IsElementAutocompletable(*username_element)) { // TODO(vabr): Why not setSuggestedValue? http://crbug.com/507714 username_element->setValue(username, true); (*nonscript_modified_values)[*username_element] = username; username_element->setAutofilled(true); if (set_selection) { form_util::PreviewSuggestion(username, current_username, username_element); } } else if (current_username != username) { // If the username can't be filled and it doesn't match a saved password // as is, don't autofill a password. return false; } // Wait to fill in the password until a user gesture occurs. This is to make // sure that we do not fill in the DOM with a password until we believe the // user is intentionally interacting with the page. password_element->setSuggestedValue(password); (*nonscript_modified_values)[*password_element] = password; registration_callback.Run(password_element); password_element->setAutofilled(true); return true; } // Attempts to fill |username_element| and |password_element| with the // |fill_data|. Will use the data corresponding to the preferred username, // unless the |username_element| already has a value set. In that case, // attempts to fill the password matching the already filled username, if // such a password exists. The |password_element| will have the // |suggestedValue| set, and |suggestedValue| will be registered for copying to // the real value through |registration_callback|. Returns true if the password // is filled. bool FillFormOnPasswordReceived( const PasswordFormFillData& fill_data, blink::WebInputElement username_element, blink::WebInputElement password_element, std::map* nonscript_modified_values, base::Callback registration_callback) { // Do not fill if the password field is in a chain of iframes not having // identical origin. blink::WebFrame* cur_frame = password_element.document().frame(); blink::WebString bottom_frame_origin = cur_frame->securityOrigin().toString(); DCHECK(cur_frame); while (cur_frame->parent()) { cur_frame = cur_frame->parent(); if (!bottom_frame_origin.equals(cur_frame->securityOrigin().toString())) return false; } // If we can't modify the password, don't try to set the username if (!IsElementAutocompletable(password_element)) return false; bool form_contains_fillable_username_field = FillDataContainsFillableUsername(fill_data); bool ambiguous_or_empty_names = DoesFormContainAmbiguousOrEmptyNames(fill_data); base::string16 username_field_name; if (form_contains_fillable_username_field) username_field_name = FieldName(fill_data.username_field, ambiguous_or_empty_names); // If the form contains an autocompletable username field, try to set the // username to the preferred name, but only if: // (a) The fill-on-account-select flag is not set, and // (b) The username element isn't prefilled // // If (a) is false, then just mark the username element as autofilled if the // user is not in the "no highlighting" group and return so the fill step is // skipped. // // If there is no autocompletable username field, and (a) is false, then the // username element cannot be autofilled, but the user should still be able to // select to fill the password element, so the password element must be marked // as autofilled and the fill step should also be skipped if the user is not // in the "no highlighting" group. // // In all other cases, do nothing. bool form_has_fillable_username = !username_field_name.empty() && IsElementAutocompletable(username_element); if (ShouldFillOnAccountSelect()) { if (!ShouldHighlightFields()) { return false; } if (form_has_fillable_username) { username_element.setAutofilled(true); } else if (username_element.isNull() || HasExactMatchSuggestion(fill_data, username_element.value())) { password_element.setAutofilled(true); } return false; } if (form_has_fillable_username && username_element.value().isEmpty()) { // TODO(tkent): Check maxlength and pattern. username_element.setValue(fill_data.username_field.value, true); } // Fill if we have an exact match for the username. Note that this sets // username to autofilled. return FillUserNameAndPassword(&username_element, &password_element, fill_data, true /* exact_username_match */, false /* set_selection */, nonscript_modified_values, registration_callback); } // Takes a |map| with pointers as keys and linked_ptr as values, and returns // true if |key| is not NULL and |map| contains a non-NULL entry for |key|. // Makes sure not to create an entry as a side effect of using the operator []. template bool ContainsNonNullEntryForNonNullKey( const std::map>& map, Key* key) { if (!key) return false; auto it = map.find(key); return it != map.end() && it->second.get(); } } // namespace //////////////////////////////////////////////////////////////////////////////// // PasswordAutofillAgent, public: PasswordAutofillAgent::PasswordAutofillAgent(content::RenderFrame* render_frame) : content::RenderFrameObserver(render_frame), logging_state_active_(false), was_username_autofilled_(false), was_password_autofilled_(false), weak_ptr_factory_(this) { Send(new AutofillHostMsg_PasswordAutofillAgentConstructed(routing_id())); } PasswordAutofillAgent::~PasswordAutofillAgent() { } PasswordAutofillAgent::PasswordValueGatekeeper::PasswordValueGatekeeper() : was_user_gesture_seen_(false) { } PasswordAutofillAgent::PasswordValueGatekeeper::~PasswordValueGatekeeper() { } void PasswordAutofillAgent::PasswordValueGatekeeper::RegisterElement( blink::WebInputElement* element) { if (was_user_gesture_seen_) ShowValue(element); else elements_.push_back(*element); } void PasswordAutofillAgent::PasswordValueGatekeeper::OnUserGesture() { was_user_gesture_seen_ = true; for (blink::WebInputElement& element : elements_) ShowValue(&element); elements_.clear(); } void PasswordAutofillAgent::PasswordValueGatekeeper::Reset() { was_user_gesture_seen_ = false; elements_.clear(); } void PasswordAutofillAgent::PasswordValueGatekeeper::ShowValue( blink::WebInputElement* element) { if (!element->isNull() && !element->suggestedValue().isEmpty()) element->setValue(element->suggestedValue(), true); } bool PasswordAutofillAgent::TextFieldDidEndEditing( const blink::WebInputElement& element) { WebInputToPasswordInfoMap::const_iterator iter = web_input_to_password_info_.find(element); if (iter == web_input_to_password_info_.end()) return false; const PasswordInfo& password_info = iter->second; // Don't let autofill overwrite an explicit change made by the user. if (password_info.password_was_edited_last) return false; const PasswordFormFillData& fill_data = password_info.fill_data; // If wait_for_username is false, we should have filled when the text changed. if (!fill_data.wait_for_username) return false; blink::WebInputElement password = password_info.password_field; if (!IsElementEditable(password)) return false; blink::WebInputElement username = element; // We need a non-const. // Do not set selection when ending an editing session, otherwise it can // mess with focus. FillUserNameAndPassword( &username, &password, fill_data, true, false, &nonscript_modified_values_, base::Bind(&PasswordValueGatekeeper::RegisterElement, base::Unretained(&gatekeeper_))); return true; } bool PasswordAutofillAgent::TextDidChangeInTextField( const blink::WebInputElement& element) { // TODO(vabr): Get a mutable argument instead. http://crbug.com/397083 blink::WebInputElement mutable_element = element; // We need a non-const. mutable_element.setAutofilled(false); WebInputToPasswordInfoMap::iterator iter = web_input_to_password_info_.find(element); if (iter != web_input_to_password_info_.end()) { iter->second.password_was_edited_last = false; // If wait_for_username is true we will fill when the username loses focus. if (iter->second.fill_data.wait_for_username) return false; } // Show the popup with the list of available usernames. return ShowSuggestions(element, false, false); } void PasswordAutofillAgent::UpdateStateForTextChange( const blink::WebInputElement& element) { // TODO(vabr): Get a mutable argument instead. http://crbug.com/397083 blink::WebInputElement mutable_element = element; // We need a non-const. if (element.isTextField()) nonscript_modified_values_[element] = element.value(); WebInputToPasswordInfoMap::iterator password_info_iter = web_input_to_password_info_.find(element); if (password_info_iter != web_input_to_password_info_.end()) { password_info_iter->second.username_was_edited = true; } DCHECK_EQ(element.document().frame(), render_frame()->GetWebFrame()); // Some login forms have event handlers that put a hash of the password into // a hidden field and then clear the password (http://crbug.com/28910, // http://crbug.com/391693). This method gets called before any of those // handlers run, so save away a copy of the password in case it gets lost. // To honor the user having explicitly cleared the password, even an empty // password will be saved here. scoped_ptr password_form; if (element.form().isNull()) { password_form = CreatePasswordFormFromUnownedInputElements( *element.document().frame(), &nonscript_modified_values_, &form_predictions_); } else { password_form = CreatePasswordFormFromWebForm( element.form(), &nonscript_modified_values_, &form_predictions_); } ProvisionallySavePassword(std::move(password_form), RESTRICTION_NONE); if (element.isPasswordField()) { PasswordToLoginMap::iterator iter = password_to_username_.find(element); if (iter != password_to_username_.end()) { web_input_to_password_info_[iter->second].password_was_edited_last = true; // Note that the suggested value of |mutable_element| was reset when its // value changed. mutable_element.setAutofilled(false); } } } bool PasswordAutofillAgent::FillSuggestion( const blink::WebNode& node, const blink::WebString& username, const blink::WebString& password) { // The element in context of the suggestion popup. blink::WebInputElement filled_element; PasswordInfo* password_info; if (!FindLoginInfo(node, &filled_element, &password_info) || !IsElementAutocompletable(filled_element) || !IsElementAutocompletable(password_info->password_field)) { return false; } password_info->password_was_edited_last = false; // Note that in cases where filled_element is the password element, the value // gets overwritten with the correct one below. filled_element.setValue(username, true); filled_element.setAutofilled(true); nonscript_modified_values_[filled_element] = username; password_info->password_field.setValue(password, true); password_info->password_field.setAutofilled(true); nonscript_modified_values_[password_info->password_field] = password; filled_element.setSelectionRange(filled_element.value().length(), filled_element.value().length()); return true; } bool PasswordAutofillAgent::PreviewSuggestion( const blink::WebNode& node, const blink::WebString& username, const blink::WebString& password) { blink::WebInputElement username_element; PasswordInfo* password_info; if (!FindLoginInfo(node, &username_element, &password_info) || !IsElementAutocompletable(username_element) || !IsElementAutocompletable(password_info->password_field)) { return false; } if (username_query_prefix_.empty()) username_query_prefix_ = username_element.value(); was_username_autofilled_ = username_element.isAutofilled(); username_element.setSuggestedValue(username); username_element.setAutofilled(true); form_util::PreviewSuggestion(username_element.suggestedValue(), username_query_prefix_, &username_element); was_password_autofilled_ = password_info->password_field.isAutofilled(); password_info->password_field.setSuggestedValue(password); password_info->password_field.setAutofilled(true); return true; } bool PasswordAutofillAgent::DidClearAutofillSelection( const blink::WebNode& node) { blink::WebInputElement username_element; PasswordInfo* password_info; if (!FindLoginInfo(node, &username_element, &password_info)) return false; ClearPreview(&username_element, &password_info->password_field); return true; } bool PasswordAutofillAgent::FindPasswordInfoForElement( const blink::WebInputElement& element, const blink::WebInputElement** username_element, PasswordInfo** password_info) { DCHECK(username_element && password_info); if (!element.isPasswordField()) { *username_element = &element; } else { WebInputToPasswordInfoMap::iterator iter = web_input_to_password_info_.find(element); if (iter != web_input_to_password_info_.end()) { // It's a password field without corresponding username field. *username_element = nullptr; *password_info = &iter->second; return true; } PasswordToLoginMap::const_iterator password_iter = password_to_username_.find(element); if (password_iter == password_to_username_.end()) return false; *username_element = &password_iter->second; } WebInputToPasswordInfoMap::iterator iter = web_input_to_password_info_.find(**username_element); if (iter == web_input_to_password_info_.end()) return false; *password_info = &iter->second; return true; } bool PasswordAutofillAgent::ShowSuggestions( const blink::WebInputElement& element, bool show_all, bool generation_popup_showing) { const blink::WebInputElement* username_element; PasswordInfo* password_info; if (!FindPasswordInfoForElement(element, &username_element, &password_info)) return false; // If autocomplete='off' is set on the form elements, no suggestion dialog // should be shown. However, return |true| to indicate that this is a known // password form and that the request to show suggestions has been handled (as // a no-op). if (!element.isTextField() || !IsElementAutocompletable(element) || !IsElementAutocompletable(password_info->password_field)) return true; if (element.nameForAutofill().isEmpty() && !DoesFormContainAmbiguousOrEmptyNames(password_info->fill_data)) { return false; // If the field has no name, then we won't have values. } // Don't attempt to autofill with values that are too large. if (element.value().length() > kMaximumTextSizeForAutocomplete) return false; bool username_is_available = username_element && !username_element->isNull() && IsElementEditable(*username_element); // If the element is a password field, a popup should only be shown if there // is no username or the corresponding username element is not editable since // it is only in that case that the username element does not have a // suggestions popup. if (element.isPasswordField() && username_is_available && (!password_info->fill_data.is_possible_change_password_form || password_info->username_was_edited)) return true; UMA_HISTOGRAM_BOOLEAN( "PasswordManager.AutocompletePopupSuppressedByGeneration", generation_popup_showing); if (generation_popup_showing) return false; // Chrome should never show more than one account for a password element since // this implies that the username element cannot be modified. Thus even if // |show_all| is true, check if the element in question is a password element // for the call to ShowSuggestionPopup. return ShowSuggestionPopup( password_info->fill_data, (!username_element || username_element->isNull()) ? element : *username_element, show_all && !element.isPasswordField(), element.isPasswordField()); } bool PasswordAutofillAgent::OriginCanAccessPasswordManager( const blink::WebSecurityOrigin& origin) { return origin.canAccessPasswordManager(); } void PasswordAutofillAgent::OnDynamicFormsSeen() { SendPasswordForms(false /* only_visible */); } void PasswordAutofillAgent::AJAXSucceeded() { OnSamePageNavigationCompleted(); } void PasswordAutofillAgent::OnSamePageNavigationCompleted() { if (!ProvisionallySavedPasswordIsValid()) return; // Prompt to save only if the form is now gone, either invisible or // removed from the DOM. blink::WebFrame* frame = render_frame()->GetWebFrame(); if (form_util::IsFormVisible(frame, provisionally_saved_form_->action, provisionally_saved_form_->origin, provisionally_saved_form_->form_data) || IsUnownedPasswordFormVisible(frame, provisionally_saved_form_->action, provisionally_saved_form_->origin, provisionally_saved_form_->form_data, form_predictions_)) { return; } Send(new AutofillHostMsg_InPageNavigation(routing_id(), *provisionally_saved_form_)); provisionally_saved_form_.reset(); } void PasswordAutofillAgent::FirstUserGestureObserved() { gatekeeper_.OnUserGesture(); } void PasswordAutofillAgent::SendPasswordForms(bool only_visible) { scoped_ptr logger; if (logging_state_active_) { logger.reset(new RendererSavePasswordProgressLogger(this, routing_id())); logger->LogMessage(Logger::STRING_SEND_PASSWORD_FORMS_METHOD); logger->LogBoolean(Logger::STRING_ONLY_VISIBLE, only_visible); } blink::WebFrame* frame = render_frame()->GetWebFrame(); // Make sure that this security origin is allowed to use password manager. blink::WebSecurityOrigin origin = frame->document().securityOrigin(); if (logger) { logger->LogURL(Logger::STRING_SECURITY_ORIGIN, GURL(origin.toString().utf8())); } if (!OriginCanAccessPasswordManager(origin)) { if (logger) { logger->LogMessage(Logger::STRING_SECURITY_ORIGIN_FAILURE); } return; } // Checks whether the webpage is a redirect page or an empty page. if (form_util::IsWebpageEmpty(frame)) { if (logger) { logger->LogMessage(Logger::STRING_WEBPAGE_EMPTY); } return; } blink::WebVector forms; frame->document().forms(forms); if (logger) logger->LogNumber(Logger::STRING_NUMBER_OF_ALL_FORMS, forms.size()); std::vector password_forms; for (const blink::WebFormElement& form : forms) { if (only_visible) { bool is_form_visible = form_util::AreFormContentsVisible(form); if (logger) { LogHTMLForm(logger.get(), Logger::STRING_FORM_FOUND_ON_PAGE, form); logger->LogBoolean(Logger::STRING_FORM_IS_VISIBLE, is_form_visible); } // If requested, ignore non-rendered forms, e.g., those styled with // display:none. if (!is_form_visible) continue; } scoped_ptr password_form( CreatePasswordFormFromWebForm(form, nullptr, &form_predictions_)); if (password_form) { if (logger) { logger->LogPasswordForm(Logger::STRING_FORM_IS_PASSWORD, *password_form); } password_forms.push_back(*password_form); } } // See if there are any unattached input elements that could be used for // password submission. bool add_unowned_inputs = true; if (only_visible) { std::vector control_elements = form_util::GetUnownedAutofillableFormFieldElements( frame->document().all(), nullptr); add_unowned_inputs = form_util::IsSomeControlElementVisible(control_elements); if (logger) { logger->LogBoolean(Logger::STRING_UNOWNED_INPUTS_VISIBLE, add_unowned_inputs); } } if (add_unowned_inputs) { scoped_ptr password_form( CreatePasswordFormFromUnownedInputElements(*frame, nullptr, &form_predictions_)); if (password_form) { if (logger) { logger->LogPasswordForm(Logger::STRING_FORM_IS_PASSWORD, *password_form); } password_forms.push_back(*password_form); } } if (password_forms.empty() && !only_visible) { // We need to send the PasswordFormsRendered message regardless of whether // there are any forms visible, as this is also the code path that triggers // showing the infobar. return; } if (only_visible) { blink::WebFrame* main_frame = render_frame()->GetWebFrame()->top(); bool did_stop_loading = !main_frame || !main_frame->isLoading(); Send(new AutofillHostMsg_PasswordFormsRendered(routing_id(), password_forms, did_stop_loading)); } else { Send(new AutofillHostMsg_PasswordFormsParsed(routing_id(), password_forms)); } } bool PasswordAutofillAgent::OnMessageReceived(const IPC::Message& message) { bool handled = true; IPC_BEGIN_MESSAGE_MAP(PasswordAutofillAgent, message) IPC_MESSAGE_HANDLER(AutofillMsg_FillPasswordForm, OnFillPasswordForm) IPC_MESSAGE_HANDLER(AutofillMsg_SetLoggingState, OnSetLoggingState) IPC_MESSAGE_HANDLER(AutofillMsg_AutofillUsernameAndPasswordDataReceived, OnAutofillUsernameAndPasswordDataReceived) IPC_MESSAGE_HANDLER(AutofillMsg_FindFocusedPasswordForm, OnFindFocusedPasswordForm) IPC_MESSAGE_UNHANDLED(handled = false) IPC_END_MESSAGE_MAP() return handled; } void PasswordAutofillAgent::DidFinishDocumentLoad() { // The |frame| contents have been parsed, but not yet rendered. Let the // PasswordManager know that forms are loaded, even though we can't yet tell // whether they're visible. SendPasswordForms(false); } void PasswordAutofillAgent::DidFinishLoad() { // The |frame| contents have been rendered. Let the PasswordManager know // which of the loaded frames are actually visible to the user. This also // triggers the "Save password?" infobar if the user just submitted a password // form. SendPasswordForms(true); } void PasswordAutofillAgent::FrameWillClose() { FrameClosing(); } void PasswordAutofillAgent::DidCommitProvisionalLoad( bool is_new_navigation, bool is_same_page_navigation) { if (is_same_page_navigation) { OnSamePageNavigationCompleted(); } } void PasswordAutofillAgent::FrameDetached() { // If a sub frame has been destroyed while the user was entering information // into a password form, try to save the data. See https://crbug.com/450806 // for examples of sites that perform login using this technique. if (render_frame()->GetWebFrame()->parent() && ProvisionallySavedPasswordIsValid()) { Send(new AutofillHostMsg_InPageNavigation(routing_id(), *provisionally_saved_form_)); } FrameClosing(); } void PasswordAutofillAgent::WillSendSubmitEvent( const blink::WebFormElement& form) { // Forms submitted via XHR are not seen by WillSubmitForm if the default // onsubmit handler is overridden. Such submission first gets detected in // DidStartProvisionalLoad, which no longer knows about the particular form, // and uses the candidate stored in |provisionally_saved_form_|. // // User-typed password will get stored to |provisionally_saved_form_| in // TextDidChangeInTextField. Autofilled or JavaScript-copied passwords need to // be saved here. // // Only non-empty passwords are saved here. Empty passwords were likely // cleared by some scripts (http://crbug.com/28910, http://crbug.com/391693). // Had the user cleared the password, |provisionally_saved_form_| would // already have been updated in TextDidChangeInTextField. scoped_ptr password_form = CreatePasswordFormFromWebForm( form, &nonscript_modified_values_, &form_predictions_); ProvisionallySavePassword(std::move(password_form), RESTRICTION_NON_EMPTY_PASSWORD); } void PasswordAutofillAgent::WillSubmitForm(const blink::WebFormElement& form) { scoped_ptr logger; if (logging_state_active_) { logger.reset(new RendererSavePasswordProgressLogger(this, routing_id())); logger->LogMessage(Logger::STRING_WILL_SUBMIT_FORM_METHOD); LogHTMLForm(logger.get(), Logger::STRING_HTML_FORM_FOR_SUBMIT, form); } scoped_ptr submitted_form = CreatePasswordFormFromWebForm(form, &nonscript_modified_values_, &form_predictions_); // If there is a provisionally saved password, copy over the previous // password value so we get the user's typed password, not the value that // may have been transformed for submit. // TODO(gcasto): Do we need to have this action equality check? Is it trying // to prevent accidentally copying over passwords from a different form? if (submitted_form) { if (logger) { logger->LogPasswordForm(Logger::STRING_CREATED_PASSWORD_FORM, *submitted_form); } if (provisionally_saved_form_ && submitted_form->action == provisionally_saved_form_->action) { if (logger) logger->LogMessage(Logger::STRING_SUBMITTED_PASSWORD_REPLACED); submitted_form->password_value = provisionally_saved_form_->password_value; submitted_form->new_password_value = provisionally_saved_form_->new_password_value; submitted_form->username_value = provisionally_saved_form_->username_value; } // Some observers depend on sending this information now instead of when // the frame starts loading. If there are redirects that cause a new // RenderView to be instantiated (such as redirects to the WebStore) // we will never get to finish the load. Send(new AutofillHostMsg_PasswordFormSubmitted(routing_id(), *submitted_form)); provisionally_saved_form_.reset(); } else if (logger) { logger->LogMessage(Logger::STRING_FORM_IS_NOT_PASSWORD); } } void PasswordAutofillAgent::DidStartProvisionalLoad() { scoped_ptr logger; if (logging_state_active_) { logger.reset(new RendererSavePasswordProgressLogger(this, routing_id())); logger->LogMessage(Logger::STRING_DID_START_PROVISIONAL_LOAD_METHOD); } const blink::WebLocalFrame* navigated_frame = render_frame()->GetWebFrame(); if (navigated_frame->parent()) { if (logger) logger->LogMessage(Logger::STRING_FRAME_NOT_MAIN_FRAME); return; } // Bug fix for crbug.com/368690. isProcessingUserGesture() is false when // the user is performing actions outside the page (e.g. typed url, // history navigation). We don't want to trigger saving in these cases. content::DocumentState* document_state = content::DocumentState::FromDataSource( navigated_frame->provisionalDataSource()); content::NavigationState* navigation_state = document_state->navigation_state(); ui::PageTransition type = navigation_state->GetTransitionType(); if (ui::PageTransitionIsWebTriggerable(type) && ui::PageTransitionIsNewNavigation(type) && !blink::WebUserGestureIndicator::isProcessingUserGesture()) { // If onsubmit has been called, try and save that form. if (provisionally_saved_form_) { if (logger) { logger->LogPasswordForm( Logger::STRING_PROVISIONALLY_SAVED_FORM_FOR_FRAME, *provisionally_saved_form_); } Send(new AutofillHostMsg_PasswordFormSubmitted( routing_id(), *provisionally_saved_form_)); provisionally_saved_form_.reset(); } else { ScopedVector possible_submitted_forms; // Loop through the forms on the page looking for one that has been // filled out. If one exists, try and save the credentials. blink::WebVector forms; render_frame()->GetWebFrame()->document().forms(forms); bool password_forms_found = false; for (size_t i = 0; i < forms.size(); ++i) { blink::WebFormElement form_element = forms[i]; if (logger) { LogHTMLForm(logger.get(), Logger::STRING_FORM_FOUND_ON_PAGE, form_element); } possible_submitted_forms.push_back(CreatePasswordFormFromWebForm( form_element, &nonscript_modified_values_, &form_predictions_)); } possible_submitted_forms.push_back( CreatePasswordFormFromUnownedInputElements( *render_frame()->GetWebFrame(), &nonscript_modified_values_, &form_predictions_)); for (const PasswordForm* password_form : possible_submitted_forms) { if (password_form && !password_form->username_value.empty() && FormContainsNonDefaultPasswordValue(*password_form)) { password_forms_found = true; if (logger) { logger->LogPasswordForm(Logger::STRING_PASSWORD_FORM_FOUND_ON_PAGE, *password_form); } Send(new AutofillHostMsg_PasswordFormSubmitted(routing_id(), *password_form)); break; } } if (!password_forms_found && logger) logger->LogMessage(Logger::STRING_PASSWORD_FORM_NOT_FOUND_ON_PAGE); } } // This is a new navigation, so require a new user gesture before filling in // passwords. gatekeeper_.Reset(); } void PasswordAutofillAgent::OnFillPasswordForm( int key, const PasswordFormFillData& form_data) { bool ambiguous_or_empty_names = DoesFormContainAmbiguousOrEmptyNames(form_data); FormElementsList forms; FindFormElements(render_frame(), form_data, ambiguous_or_empty_names, &forms); for (const auto& form : forms) { base::string16 username_field_name; base::string16 password_field_name = FieldName(form_data.password_field, ambiguous_or_empty_names); bool form_contains_fillable_username_field = FillDataContainsFillableUsername(form_data); if (form_contains_fillable_username_field) { username_field_name = FieldName(form_data.username_field, ambiguous_or_empty_names); } // Attach autocomplete listener to enable selecting alternate logins. blink::WebInputElement username_element; blink::WebInputElement password_element; // Check whether the password form has a username input field. if (!username_field_name.empty()) { const auto it = form.find(username_field_name); DCHECK(it != form.end()); username_element = it->second; } // No password field, bail out. if (password_field_name.empty()) break; // Get pointer to password element. (We currently only support single // password forms). { const auto it = form.find(password_field_name); DCHECK(it != form.end()); password_element = it->second; } blink::WebInputElement main_element = username_element.isNull() ? password_element : username_element; // We might have already filled this form if there are two elements // with identical markup. if (web_input_to_password_info_.find(main_element) != web_input_to_password_info_.end()) continue; // If wait_for_username is true, we don't want to initially fill the form // until the user types in a valid username. if (!form_data.wait_for_username) { FillFormOnPasswordReceived( form_data, username_element, password_element, &nonscript_modified_values_, base::Bind(&PasswordValueGatekeeper::RegisterElement, base::Unretained(&gatekeeper_))); } PasswordInfo password_info; password_info.fill_data = form_data; password_info.password_field = password_element; web_input_to_password_info_[main_element] = password_info; password_to_username_[password_element] = username_element; web_element_to_password_info_key_[main_element] = key; } } void PasswordAutofillAgent::OnSetLoggingState(bool active) { logging_state_active_ = active; } void PasswordAutofillAgent::OnAutofillUsernameAndPasswordDataReceived( const FormsPredictionsMap& predictions) { form_predictions_.insert(predictions.begin(), predictions.end()); } void PasswordAutofillAgent::OnFindFocusedPasswordForm() { scoped_ptr password_form; blink::WebElement element = render_frame()->GetFocusedElement(); if (!element.isNull() && element.hasHTMLTagName("input")) { blink::WebInputElement input = element.to(); if (input.isPasswordField() && !input.form().isNull()) { if (!input.form().isNull()) { password_form = CreatePasswordFormFromWebForm( input.form(), &nonscript_modified_values_, &form_predictions_); } else { password_form = CreatePasswordFormFromUnownedInputElements( *render_frame()->GetWebFrame(), &nonscript_modified_values_, &form_predictions_); // Only try to use this form if |input| is one of the password elements // for |password_form|. if (password_form->password_element != input.nameForAutofill() && password_form->new_password_element != input.nameForAutofill()) password_form.reset(); } } } if (!password_form) password_form.reset(new PasswordForm()); Send(new AutofillHostMsg_FocusedPasswordFormFound( routing_id(), *password_form)); } //////////////////////////////////////////////////////////////////////////////// // PasswordAutofillAgent, private: PasswordAutofillAgent::PasswordInfo::PasswordInfo() : password_was_edited_last(false), username_was_edited(false) { } bool PasswordAutofillAgent::ShowSuggestionPopup( const PasswordFormFillData& fill_data, const blink::WebInputElement& user_input, bool show_all, bool show_on_password_field) { DCHECK(!user_input.isNull()); blink::WebFrame* frame = user_input.document().frame(); if (!frame) return false; blink::WebView* webview = frame->view(); if (!webview) return false; if (user_input.isPasswordField() && !user_input.isAutofilled() && !user_input.value().isEmpty()) { Send(new AutofillHostMsg_HidePopup(routing_id())); return false; } FormData form; FormFieldData field; form_util::FindFormAndFieldForFormControlElement(user_input, &form, &field); blink::WebInputElement selected_element = user_input; if (show_on_password_field && !selected_element.isPasswordField()) { WebInputToPasswordInfoMap::const_iterator iter = web_input_to_password_info_.find(user_input); DCHECK(iter != web_input_to_password_info_.end()); selected_element = iter->second.password_field; } blink::WebInputElement username; if (!show_on_password_field || !user_input.isPasswordField()) { username = user_input; } WebElementToPasswordInfoKeyMap::const_iterator key_it = web_element_to_password_info_key_.find(user_input); DCHECK(key_it != web_element_to_password_info_key_.end()); int options = 0; if (show_all) options |= SHOW_ALL; if (show_on_password_field) options |= IS_PASSWORD_FIELD; base::string16 username_string( username.isNull() ? base::string16() : static_cast(user_input.value())); Send(new AutofillHostMsg_ShowPasswordSuggestions( routing_id(), key_it->second, field.text_direction, username_string, options, render_frame()->GetRenderView()->ElementBoundsInWindow( selected_element))); username_query_prefix_ = username_string; return CanShowSuggestion(fill_data, username_string, show_all); } void PasswordAutofillAgent::FrameClosing() { for (auto const& iter : web_input_to_password_info_) { web_element_to_password_info_key_.erase(iter.first); password_to_username_.erase(iter.second.password_field); } web_input_to_password_info_.clear(); provisionally_saved_form_.reset(); nonscript_modified_values_.clear(); } bool PasswordAutofillAgent::FindLoginInfo(const blink::WebNode& node, blink::WebInputElement* found_input, PasswordInfo** found_password) { if (!node.isElementNode()) return false; blink::WebElement element = node.toConst(); if (!element.hasHTMLTagName("input")) return false; *found_input = element.to(); const blink::WebInputElement* username_element; // ignored return FindPasswordInfoForElement(*found_input, &username_element, found_password); } void PasswordAutofillAgent::ClearPreview( blink::WebInputElement* username, blink::WebInputElement* password) { if (!username->suggestedValue().isEmpty()) { username->setSuggestedValue(blink::WebString()); username->setAutofilled(was_username_autofilled_); username->setSelectionRange(username_query_prefix_.length(), username->value().length()); } if (!password->suggestedValue().isEmpty()) { password->setSuggestedValue(blink::WebString()); password->setAutofilled(was_password_autofilled_); } } void PasswordAutofillAgent::ProvisionallySavePassword( scoped_ptr password_form, ProvisionallySaveRestriction restriction) { if (!password_form || (restriction == RESTRICTION_NON_EMPTY_PASSWORD && password_form->password_value.empty() && password_form->new_password_value.empty())) { return; } provisionally_saved_form_ = std::move(password_form); } bool PasswordAutofillAgent::ProvisionallySavedPasswordIsValid() { return provisionally_saved_form_ && !provisionally_saved_form_->username_value.empty() && !(provisionally_saved_form_->password_value.empty() && provisionally_saved_form_->new_password_value.empty()); } } // namespace autofill