// Copyright 2015 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #import "ios/chrome/browser/passwords/credential_manager.h" #include #include "base/ios/ios_util.h" #import "base/ios/weak_nsobject.h" #include "base/mac/bind_objc_block.h" #include "base/memory/scoped_vector.h" #include "base/message_loop/message_loop.h" #include "base/strings/sys_string_conversions.h" #include "components/password_manager/core/browser/password_store_consumer.h" #include "components/password_manager/core/common/credential_manager_types.h" #include "components/password_manager/core/common/password_manager_pref_names.h" #import "ios/chrome/browser/passwords/js_credential_manager.h" #import "ios/web/public/url_scheme_util.h" #include "ios/web/public/web_state/credential.h" #include "ios/web/public/web_state/url_verification_constants.h" #include "ios/web/public/web_state/web_state.h" #include "url/origin.h" namespace { // Converts a password_manager::CredentialInfo to a web::Credential. web::Credential WebCredentialFromCredentialInfo( const password_manager::CredentialInfo& credential_info) { web::Credential credential; switch (credential_info.type) { case password_manager::CredentialType::CREDENTIAL_TYPE_EMPTY: credential.type = web::CredentialType::CREDENTIAL_TYPE_EMPTY; break; case password_manager::CredentialType::CREDENTIAL_TYPE_PASSWORD: credential.type = web::CredentialType::CREDENTIAL_TYPE_PASSWORD; break; case password_manager::CredentialType::CREDENTIAL_TYPE_FEDERATED: credential.type = web::CredentialType::CREDENTIAL_TYPE_FEDERATED; break; } credential.id = credential_info.id; credential.name = credential_info.name; credential.avatar_url = credential_info.icon; credential.password = credential_info.password; credential.federation_origin = credential_info.federation; return credential; } // Converts a web::Credential to a password_manager::CredentialInfo. password_manager::CredentialInfo CredentialInfoFromWebCredential( const web::Credential& credential) { password_manager::CredentialInfo credential_info; switch (credential.type) { case web::CredentialType::CREDENTIAL_TYPE_EMPTY: credential_info.type = password_manager::CredentialType::CREDENTIAL_TYPE_EMPTY; break; case web::CredentialType::CREDENTIAL_TYPE_PASSWORD: credential_info.type = password_manager::CredentialType::CREDENTIAL_TYPE_PASSWORD; break; case web::CredentialType::CREDENTIAL_TYPE_FEDERATED: credential_info.type = password_manager::CredentialType::CREDENTIAL_TYPE_FEDERATED; break; } credential_info.id = credential.id; credential_info.name = credential.name; credential_info.icon = credential.avatar_url; credential_info.password = credential.password; credential_info.federation = credential.federation_origin; return credential_info; } } // namespace CredentialManager::CredentialManager( web::WebState* web_state, password_manager::PasswordManagerClient* client, password_manager::PasswordManagerDriver* driver, JSCredentialManager* js_manager) : web::WebStateObserver(web_state), pending_request_(nullptr), form_manager_(nullptr), js_manager_([js_manager retain]), client_(client), driver_(driver), weak_factory_(this) { zero_click_sign_in_enabled_.Init( password_manager::prefs::kCredentialsEnableAutosignin, client_->GetPrefs()); } CredentialManager::~CredentialManager() = default; void CredentialManager::PageLoaded( web::PageLoadCompletionStatus load_completion_status) { // Ensure the JavaScript is loaded when the page finishes loading. web::URLVerificationTrustLevel trust_level = web::URLVerificationTrustLevel::kNone; const GURL page_url(web_state()->GetCurrentURL(&trust_level)); if (!base::ios::IsRunningOnIOS8OrLater() || trust_level != web::URLVerificationTrustLevel::kAbsolute || !web::UrlHasWebScheme(page_url) || !web_state()->ContentIsHTML()) { return; } [js_manager_ inject]; } void CredentialManager::CredentialsRequested( int request_id, const GURL& source_url, bool zero_click_only, const std::vector& federations, bool is_user_initiated) { // Invoked when the page invokes navigator.credentials.request(), this // function will attempt to retrieve a Credential from the PasswordStore that // meets the specified parameters and, if successful, send it back to the page // via SendCredential. DCHECK_GE(request_id, 0); password_manager::PasswordStore* store = GetPasswordStore(); // If there's an outstanding request, or the PasswordStore isn't loaded yet, // the request should fail outright and the JS Promise should be rejected // with an appropriate error. if (pending_request_ || !store) { base::MessageLoop::current()->PostTask( FROM_HERE, base::Bind(&CredentialManager::RejectPromise, weak_factory_.GetWeakPtr(), request_id, pending_request_ ? ERROR_TYPE_PENDING_REQUEST : ERROR_TYPE_PASSWORD_STORE_UNAVAILABLE)); return; } // If the page requested a zero-click credential -- one that can be returned // without first asking the user -- and if zero-click isn't currently // available, send back an empty credential. if (zero_click_only && !IsZeroClickAllowed()) { base::MessageLoop::current()->PostTask( FROM_HERE, base::Bind(&CredentialManager::SendCredential, weak_factory_.GetWeakPtr(), request_id, password_manager::CredentialInfo())); return; } // If the page origin is untrusted, the request should be rejected. GURL page_url; if (!GetUrlWithAbsoluteTrust(&page_url)) { RejectPromise(request_id, ERROR_TYPE_SECURITY_ERROR_UNTRUSTED_ORIGIN); return; } // Bundle up the arguments and forward them to the PasswordStore, which will // asynchronously return the resulting Credential by invoking // |SendCredential|. std::vector federation_urls; for (const auto& federation : federations) federation_urls.push_back(GURL(federation)); std::vector realms; pending_request_.reset( new password_manager::CredentialManagerPendingRequestTask( this, request_id, zero_click_only, page_url, true, federation_urls, realms)); store->GetAutofillableLogins(pending_request_.get()); } void CredentialManager::SignedIn(int request_id, const GURL& source_url, const web::Credential& credential) { // Invoked when the page invokes navigator.credentials.notifySignedIn(), this // function stores the signed-in |credential| and sends a message back to the // page to resolve the Promise associated with |request_id|. DCHECK(credential.type != web::CredentialType::CREDENTIAL_TYPE_EMPTY); DCHECK_GE(request_id, 0); // Requests from untrusted origins should be rejected. GURL page_url; if (!GetUrlWithAbsoluteTrust(&page_url)) { RejectPromise(request_id, ERROR_TYPE_SECURITY_ERROR_UNTRUSTED_ORIGIN); return; } // Notify the page that the notification was successful to avoid blocking the // page while storing the credential. This is okay because the notification // doesn't imply that the credential will be stored, just that it might be. // It isn't the page's concern to know whether the storage took place or not. ResolvePromise(request_id); // Do nothing if the password manager isn't active. if (!client_->IsSavingAndFillingEnabledForCurrentPage()) return; // Store the signed-in credential so that the user can save it, if desired. // Prompting the user and saving are handled by the PasswordFormManager. scoped_ptr form( password_manager::CreatePasswordFormFromCredentialInfo( CredentialInfoFromWebCredential(credential), page_url)); form->skip_zero_click = !IsZeroClickAllowed(); // TODO(mkwst): This is a stub; we should be checking the PasswordStore to // determine whether or not the credential exists, and calling UpdateLogin // accordingly. form_manager_.reset( new password_manager::CredentialManagerPasswordFormManager( client_, driver_->AsWeakPtr(), *form, this)); } void CredentialManager::SignedOut(int request_id, const GURL& source_url) { // Invoked when the page invokes navigator.credentials.notifySignedOut, this // function notifies the PasswordStore that zero-click sign-in should be // disabled for the current page origin. DCHECK_GE(request_id, 0); // Requests from untrusted origins should be rejected. GURL page_url; if (!GetUrlWithAbsoluteTrust(&page_url)) { RejectPromise(request_id, ERROR_TYPE_SECURITY_ERROR_UNTRUSTED_ORIGIN); return; } // The user signed out of the current page, so future zero-click credential // requests for this page should fail: otherwise, the next time the user // visits the page, if zero-click requests succeeded, the user might be auto- // signed-in again with the credential that they just signed out. Forward this // information to the PasswordStore via an asynchronous task. password_manager::PasswordStore* store = GetPasswordStore(); if (store) { // Bundle the origins that are sent to the PasswordStore if the task hasn't // yet resolved. This task lives across page-loads to enable this bundling. if (pending_require_user_mediation_) { pending_require_user_mediation_->AddOrigin(page_url); } else { pending_require_user_mediation_.reset( new password_manager:: CredentialManagerPendingRequireUserMediationTask( this, page_url, std::vector())); // This will result in a callback to // CredentialManagerPendingSignedOutTask::OnGetPasswordStoreResults(). store->GetAutofillableLogins(pending_require_user_mediation_.get()); } } // Acknowledge the page's signOut notification without waiting for the // PasswordStore interaction to complete. The implementation of the sign-out // notification isn't the page's concern. ResolvePromise(request_id); } void CredentialManager::WebStateDestroyed() { // When the WebState is destroyed, clean up everything that depends on it. js_manager_.reset(); } bool CredentialManager::IsZeroClickAllowed() const { // Zero-click sign-in is only allowed when the user hasn't turned it off and // when the user isn't in incognito mode. return *zero_click_sign_in_enabled_ && !client_->IsOffTheRecord(); } GURL CredentialManager::GetOrigin() const { web::URLVerificationTrustLevel trust_level = web::URLVerificationTrustLevel::kNone; const GURL page_url(web_state()->GetCurrentURL(&trust_level)); DCHECK_EQ(trust_level, web::URLVerificationTrustLevel::kAbsolute); return page_url; } void CredentialManager::SendCredential( int request_id, const password_manager::CredentialInfo& credential) { // Invoked when the asynchronous interaction with the PasswordStore completes, // this function forwards a |credential| back to the page via |js_manager_| by // resolving the JavaScript Promise associated with |request_id|. base::WeakPtr weak_this = weak_factory_.GetWeakPtr(); [js_manager_ resolvePromiseWithRequestID:request_id credential:WebCredentialFromCredentialInfo(credential) completionHandler:^(BOOL) { if (weak_this) weak_this->pending_request_.reset(); }]; } password_manager::PasswordManagerClient* CredentialManager::client() const { return client_; } autofill::PasswordForm CredentialManager::GetSynthesizedFormForOrigin() const { autofill::PasswordForm synthetic_form; synthetic_form.origin = web_state()->GetLastCommittedURL().GetOrigin(); synthetic_form.signon_realm = synthetic_form.origin.spec(); synthetic_form.scheme = autofill::PasswordForm::SCHEME_HTML; synthetic_form.ssl_valid = synthetic_form.origin.SchemeIsCryptographic() && !client_->DidLastPageLoadEncounterSSLErrors(); return synthetic_form; } void CredentialManager::OnProvisionalSaveComplete() { // Invoked after a credential sent up by the page was stored in a FormManager // by |SignedIn|, this function asks the user if the password should be stored // in the password manager. DCHECK(form_manager_); if (client_->IsSavingAndFillingEnabledForCurrentPage() && !form_manager_->IsBlacklisted()) { client_->PromptUserToSaveOrUpdatePassword( std::move(form_manager_), password_manager::CredentialSourceType::CREDENTIAL_SOURCE_API, false); } } password_manager::PasswordStore* CredentialManager::GetPasswordStore() { return client_ ? client_->GetPasswordStore() : nullptr; } void CredentialManager::DoneRequiringUserMediation() { // Invoked when the PasswordStore has finished processing the list of origins // that should have zero-click sign-in disabled. DCHECK(pending_require_user_mediation_); pending_require_user_mediation_.reset(); } void CredentialManager::ResolvePromise(int request_id) { [js_manager_ resolvePromiseWithRequestID:request_id completionHandler:nil]; } void CredentialManager::RejectPromise(int request_id, ErrorType error_type) { NSString* type = nil; NSString* message = nil; switch (error_type) { case ERROR_TYPE_PENDING_REQUEST: type = base::SysUTF8ToNSString(kCredentialsPendingRequestErrorType); message = base::SysUTF8ToNSString(kCredentialsPendingRequestErrorMessage); break; case ERROR_TYPE_PASSWORD_STORE_UNAVAILABLE: type = base::SysUTF8ToNSString( kCredentialsPasswordStoreUnavailableErrorType); message = base::SysUTF8ToNSString( kCredentialsPasswordStoreUnavailableErrorMessage); break; case ERROR_TYPE_SECURITY_ERROR_UNTRUSTED_ORIGIN: type = base::SysUTF8ToNSString(kCredentialsSecurityErrorType); message = base::SysUTF8ToNSString( kCredentialsSecurityErrorMessageUntrustedOrigin); break; } [js_manager_ rejectPromiseWithRequestID:request_id errorType:type message:message completionHandler:nil]; } bool CredentialManager::GetUrlWithAbsoluteTrust(GURL* page_url) { web::URLVerificationTrustLevel trust_level = web::URLVerificationTrustLevel::kNone; const GURL possibly_untrusted_url(web_state()->GetCurrentURL(&trust_level)); if (trust_level == web::URLVerificationTrustLevel::kAbsolute) { *page_url = possibly_untrusted_url; return true; } return false; }