[Password manager] Recognise squashed login+sign-up forms

components/autofill/content/renderer/password_form_conversion_utils.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/autofill/content/renderer/password_form_conversion_utils.h"
 
+#include "base/memory/singleton.h"
 #include "base/strings/string_util.h"
 #include "components/autofill/content/renderer/form_autofill_util.h"
 #include "components/autofill/core/common/password_form.h"
 #include "third_party/WebKit/public/platform/WebString.h"
 #include "third_party/WebKit/public/web/WebDocument.h"
 #include "third_party/WebKit/public/web/WebFormControlElement.h"
 #include "third_party/WebKit/public/web/WebInputElement.h"
+#include "third_party/icu/source/i18n/unicode/regex.h"
 
 using blink::WebDocument;
 using blink::WebFormControlElement;
 using blink::WebFormElement;
 using blink::WebInputElement;
 using blink::WebString;
 using blink::WebVector;
 
 namespace autofill {
 namespace {
 
+// Layout classification of password forms
+// A layout sequence of a form is the sequence of it's non-password and password
+// input fields, represented by "N" and "P", respectively. A form like this
+// <form>
+//   <input type='text' ...>
+//   <input type='hidden' ...>
+//   <input type='password' ...>
+//   <input type='submit' ...>
+// </form>
+// has the layout sequence "NP" -- "N" for the first field, and "P" for the
+// third. The second and fourth fields are ignored, because they are not text
+// fields.
+//
+// The code below classifies the layout (see PasswordForm::Layout) of a form
+// based on its layout sequence. This is done by assigning layouts regular
+// expressions over the alphabet {N, P}. LAYOUT_OTHER is implicitly the type
+// corresponding to all layout sequences not matching any other layout.
+//
+// LAYOUT_LOGIN_AND_SIGNUP is classified by NPN+P.*. This corresponds to a form
+// which starts with a login section (NP) and continues with a sign-up section
+// (N+P.*). The aim is to distinguish such forms from change password-forms
+// (N*PPP?.*) and forms which use password fields to store private but
+// non-password data (could look like, e.g., PN+P.*).
+const char kLoginAndSignupRegex[] = "NPN+P.*";
+
+// A singleton class that serves as a cache of the compiled regex pattern from
+// above.
+class LayoutRegex {
+ public:
+  static LayoutRegex* GetInstance();
+
+  // Returns the compiled regex matcher.
+  icu::RegexMatcher* GetLoginAndSignupMatcher();
+
+ private:
+  LayoutRegex();
+  ~LayoutRegex();
+  friend struct DefaultSingletonTraits<LayoutRegex>;
+
+  scoped_ptr<icu::RegexMatcher> login_and_signup_matcher_;
+
+  DISALLOW_COPY_AND_ASSIGN(LayoutRegex);
+};
+
+// static
+LayoutRegex* LayoutRegex::GetInstance() {
+  return Singleton<LayoutRegex>::get();
+}
+
+LayoutRegex::LayoutRegex() {
+}
+
+LayoutRegex::~LayoutRegex() {
+}

[Ilya Sherman, 2015/03/20 22:43:08]

Since you only have a single regex used in this file, I think it's easier to
just define a base::LazyInstance for the compiled ICU regex, rather than using a
cache as we do in the browser code (where we compute lots of different regexes).

[vabr (Chromium), 2015/03/23 14:23:44]

Good call, I forgot about LazyInstance.
Done.

+
+icu::RegexMatcher* LayoutRegex::GetLoginAndSignupMatcher() {
+  if (!login_and_signup_matcher_) {
+    const icu::UnicodeString icu_pattern(kLoginAndSignupRegex);
+
+    UErrorCode status = U_ZERO_ERROR;
+    login_and_signup_matcher_.reset(
+        new icu::RegexMatcher(icu_pattern, UREGEX_CASE_INSENSITIVE, status));
+    DCHECK(U_SUCCESS(status));
+  }
+  return login_and_signup_matcher_.get();
+}
+
+bool MatchesLoginAndSignupPattern(base::StringPiece layout_sequence) {
+  icu::RegexMatcher* matcher =
+      LayoutRegex::GetInstance()->GetLoginAndSignupMatcher();
+  icu::UnicodeString icu_input(icu::UnicodeString::fromUTF8(
+      icu::StringPiece(layout_sequence.data(), layout_sequence.length())));
+  matcher->reset(icu_input);
+
+  UErrorCode status = U_ZERO_ERROR;
+  UBool match = matcher->find(0, status);
+  DCHECK(U_SUCCESS(status));
+  return match == TRUE;

[Ilya Sherman, 2015/03/20 22:43:08]

Man, I forgot how much uglier ICU's regex code is than RE2... alas.

Historically, we've used ICU rather than RE2 because ICU regexes were faster
(once compiled -- compiling them is slow, hence the cache).  It would be
interesting to see whether this is still the case; and if not, possibly switch
to RE2 throughout the component.

[vabr (Chromium), 2015/03/23 14:23:44]

It looks like RE2 outperforms ICU significantly: see the benchmark at
https://codereview.chromium.org/1026003002/. Whether we decide to switch the
whole component to RE2 or not, in this CL I suggest sticking to ICU, though
(provided it lands before the switch to RE2). Even with the ICU syntax, the
boilerplate is not too bad for a single matcher.

+}
+
+// Given the sequence of non-password and password text input fields of a form,
+// represented as a string of Ns (non-password) and Ps (password), computes the
+// layout type of that form.
+PasswordForm::Layout SequenceToLayout(base::StringPiece layout_sequence) {
+  if (MatchesLoginAndSignupPattern(layout_sequence))
+    return PasswordForm::Layout::LAYOUT_LOGIN_AND_SIGNUP;
+  return PasswordForm::Layout::LAYOUT_OTHER;
+}
+
 // Checks in a case-insensitive way if the autocomplete attribute for the given
 // |element| is present and has the specified |value_in_lowercase|.
 bool HasAutocompleteAttributeValue(const WebInputElement& element,
                                    const char* value_in_lowercase) {
   return LowerCaseEqualsASCII(element.getAttribute("autocomplete"),
                               value_in_lowercase);
 }
 
 // Helper to determine which password is the main (current) one, and which is
 // the new password (e.g., on a sign-up or change password form), if any.
@@ skipping 83 matching lines @@
         nonscript_modified_values) {
   WebInputElement latest_input_element;
   WebInputElement username_element;
   password_form->username_marked_by_site = false;
   std::vector<WebInputElement> passwords;
   std::vector<base::string16> other_possible_usernames;
 
   WebVector<WebFormControlElement> control_elements;
   form.getFormControlElements(control_elements);
 
+  std::string layout_sequence;
+  layout_sequence.reserve(control_elements.size());
   for (size_t i = 0; i < control_elements.size(); ++i) {
     WebFormControlElement control_element = control_elements[i];
     if (control_element.isActivatedSubmit())
       password_form->submit_element = control_element.formControlName();
 
     WebInputElement* input_element = toWebInputElement(&control_element);
     if (!input_element || !input_element->isEnabled())
       continue;
 
+    if (input_element->isTextField()) {
+      if (input_element->isPasswordField())
+        layout_sequence.push_back('P');
+      else
+        layout_sequence.push_back('N');
+    }
+
     if (input_element->isPasswordField()) {
       passwords.push_back(*input_element);
       // If we have not yet considered any element to be the username so far,
       // provisionally select the input element just before the first password
       // element to be the username. This choice will be overruled if we later
       // find an element with autocomplete='username'.
       if (username_element.isNull() && !latest_input_element.isNull()) {
         username_element = latest_input_element;
         // Remove the selected username from other_possible_usernames.
         if (!latest_input_element.value().isEmpty()) {
@@ skipping 40 matching lines @@
           // out to be a password. Save a non-empty username as a possible
           // alternative, at least for now.
           if (username_element.isNull())
             latest_input_element = *input_element;
           if (!input_element->value().isEmpty())
             other_possible_usernames.push_back(input_element->value());
         }
       }
     }
   }
+  password_form->layout = SequenceToLayout(layout_sequence);
 
   if (!username_element.isNull()) {
     password_form->username_element = username_element.nameForAutofill();
     base::string16 username_value = username_element.value();
     if (nonscript_modified_values != nullptr) {
       auto username_iterator =
         nonscript_modified_values->find(username_element);
       if (username_iterator != nonscript_modified_values->end()) {
         base::string16 typed_username_value = username_iterator->second;
         if (!StartsWith(username_value, typed_username_value, false)) {
@@ skipping 80 matching lines @@
                            blink::WebFormControlElement(),
                            REQUIRE_NONE,
                            EXTRACT_NONE,
                            &password_form->form_data,
                            NULL /* FormFieldData */);
 
   return password_form.Pass();
 }
 
 }  // namespace autofill