Move JS-related password manager code upstream

ios/chrome/browser/passwords/resources/password_controller.js

+// Copyright 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// This file adheres to closure-compiler conventions in order to enable
+// compilation with ADVANCED_OPTIMIZATIONS. See http://goo.gl/FwOgy
+//
+// Installs password management functions on the |__gCrWeb| object.
+//
+// Finds all password forms in the current document and extracts
+// their attributes and elements using the same logic as
+// third_party/WebKit/Source/WebCore/html/HTMLFormElement.cpp
+//
+// Returns a JSON string representing an array of objects,
+// where each object represents a password form with the discovered
+// elements and their values.
+//
+// The search for password form fields follows the same algorithm
+// as the WebKit implementation, see http://goo.gl/4hwh6
+
+// Only install the password management functions once.
+if (__gCrWeb && !__gCrWeb['fillPasswordForm']) {
+
+  /**
+   * Finds all password forms in the window and returns form data as a JSON
+   * string.
+   * @return {string} Form data as a JSON string.
+   */
+  __gCrWeb['findPasswordForms'] = function() {
+    var formDataList = [];
+    if (__gCrWeb.hasPasswordField()) {
+      __gCrWeb.getPasswordFormDataList(formDataList, window);
+    }
+    return __gCrWeb.stringify(formDataList);
+  };
+
+  /**
+   * Returns the password form with the given |name| as a JSON string.
+   * @param {string} name The name of the form to extract.
+   * @return {string} The password form.
+   */
+  __gCrWeb['getPasswordForm'] = function(name) {
+    var el = __gCrWeb.common.getFormElementFromIdentifier(name);
+    if (!el)
+      return 'noPasswordsFound';
+    var formData = __gCrWeb.getPasswordFormData(el);
+    if (!formData)
+      return 'noPasswordsFound';
+    return __gCrWeb.stringify(formData);
+  };
+
+  /**
+   * Returns an array of forms on the page that match the structure described by
+   * |formData|. The form matching logic follows that in
+   * chrome/renderer/autofill/password_autofill_manager.h.
+   * @param {Object} formData Form data.
+   * @param {Object} doc A document containing formData.
+   * @param {string=} opt_normalizedAction The action URL to compare to.
+   * @return {Array.<Element>} Array of forms found.
+   */
+  __gCrWeb.findMatchingPasswordForms = function(formData, doc,
+                                                opt_normalizedAction) {
+    var forms = doc.forms;
+    var fields = formData['fields'];
+    var matching = [];
+    for (var i = 0; i < forms.length; i++) {

[Eugene But (OOO till 7-30), 2015/11/18 17:06:48]

Optional NIT: the body of this for-loop is large, so I would replace i with
FormIndex name

[vabr (Chromium), 2015/11/19 10:02:27]

Sorry, I don't understand. Do you mean to rename i -> formIndex, or do you mean
something else?
Also, while the loop is large, |i| is only used on its first line, where it is
"transformed" into |form|.
What exactly is the concern here? Maybe I don't understand that.

+      var form = forms[i];
+      var normalizedFormAction = opt_normalizedAction ||
+          __gCrWeb.common.removeQueryAndReferenceFromURL(
+              __gCrWeb.common.absoluteURL(doc, form.action));
+      if (formData.action != normalizedFormAction) {
+        continue;
+      }
+
+      // We need to find all input fields matching |formData| in this form,
+      // otherwise it is the wrong form.
+      var inputs = form.getElementsByTagName('input');
+      var foundAllFields = true;
+      for (var j = 0; j < fields.length; j++) {

[Eugene But (OOO till 7-30), 2015/11/18 17:06:48]

Optional NIT: s/j/fieldIndex

[vabr (Chromium), 2015/11/19 10:02:27]

Done.

+        var name = fields[j]['name'];
+        var value = fields[j]['value'];
+        // The first field in |formData| is always the username field,
+        // the second is always the password field.
+        var findingUsername = j == 0;
+        var findingPassword = j == 1;
+        var foundField = false;
+        for (var k = 0; k < inputs.length; k++) {

[Eugene But (OOO till 7-30), 2015/11/18 17:06:48]

Optional NIT: s/k/inputElementIndex

[vabr (Chromium), 2015/11/19 10:02:27]

I considered this, but because |input| instead of |k| is used in the loop body,
I went with a shorter statement on line 87.

+          var input = inputs[k];
+
+          // Ensure that the field is the right type.
+          if (findingPassword && input.type != 'password') {
+            continue;
+          }
+          if (!findingPassword && (input.type == 'password' ||
+                                   !__gCrWeb.common.isTextField(input))) {
+            continue;
+          }
+
+          // Skip read-only fields without a value since they cannot be filled.
+          if (input.readOnly && input.value == '') {
+            continue;
+          }
+
+          // If more than one match is made, then we have an ambiguity (due to
+          // misuse of 'name' attribute) and the form is considered a mismatch.
+          if (input.name == name) {
+            if (foundField) {
+              foundField = false;
+              break;
+            }
+            foundField = true;
+          }
+        }
+
+        if (!foundField) {
+          foundAllFields = false;
+          break;
+        }
+      }
+
+      if (foundAllFields) {
+        matching.push(form);
+      }
+    }
+    return matching;
+  };
+
+  /**
+   * Clears autofilled credentials in the form with the specified name.
+   * @param {string} formName The name of the form to clear.
+   * @return {boolean} Whether the form was successfully cleared.
+   */
+  __gCrWeb['clearAutofilledPasswords'] = function(formName) {
+    var el = __gCrWeb.common.getFormElementFromIdentifier(formName);
+    if (!el)
+      return false;
+    var formData = __gCrWeb.getPasswordFormData(el);
+    if (!formData)
+      return false;
+    var usernameElement =
+        __gCrWeb.getElementByNameWithParent(el, formData.usernameElement);
+    __gCrWeb.setAutofilled(usernameElement, false);
+    formData.passwords.forEach(function(password) {
+      var passwordElement =
+          __gCrWeb.getElementByNameWithParent(el, password.element);
+      if (__gCrWeb.isAutofilled(passwordElement)) {
+        __gCrWeb.setAutofilled(passwordElement, false);
+        passwordElement.value = '';
+      }
+    });
+    return true;
+  };
+
+  /**
+   * Finds the form described by |formData| and fills in the
+   * username and password values.
+   *
+   * This is a public function invoked by Chrome. There is no information
+   * passed to this function that the page does not have access to anyway.
+   *
+   * @param {!Object.<string, *>} formData Dictionary of parameters,
+   *    including:
+   *      'action': <string> The form action URL;
+   *      'fields': {Array.{Object.<string, string>}} Field name/value pairs;
+   * @param {string} username The username to fill.
+   * @param {string} password The password to fill.
+   * @param {string=} opt_normalizedOrigin The origin URL to compare to.
+   * @return {boolean} Whether a form field has been filled.
+   */
+  __gCrWeb['fillPasswordForm'] = function(formData, username, password,
+                                          opt_normalizedOrigin) {
+    return __gCrWeb.fillPasswordFormWithData(
+        formData, username, password, window, opt_normalizedOrigin);
+  };
+
+  /**
+   * Returns the element with the specified name that is a child of the
+   * specified parent element.
+   * @param {Element} parent The parent of the desired element.
+   * @param {string} name The name of the desired element.
+   * @return {Element} The element if found, otherwise null;
+   */
+  __gCrWeb['getElementByNameWithParent'] = function(parent, name) {
+    if (parent.name === name) {
+      return parent;
+    }
+    for (var i = 0; i < parent.children.length; i++) {
+      var el = __gCrWeb.getElementByNameWithParent(parent.children[i], name);
+      if (el) {
+        return el;
+      }
+    }
+    return null;
+  };
+
+  /**
+   * Given a description of a form (origin, action and input fields),
+   * finds that form on the page and fills in the specified username
+   * and password.
+   *
+   * @param {Object} formData Form data.
+   * @param {string} username The username to fill.
+   * @param {string} password The password to fill.
+   * @param {Object} win A window or a frame containing formData.
+   * @param {string=} opt_normalizedOrigin The origin URL to compare to.
+   * @return {boolean} Whether a form field has been filled.
+   */
+  __gCrWeb.fillPasswordFormWithData =
+      function(formData, username, password, win, opt_normalizedOrigin) {
+    var doc = win.document;
+
+    // If unable to read the 'document' property from a frame in a different
+    // origin, do nothing.
+    if (!doc) {
+      return false;
+    }
+
+    var origin = formData['origin'];
+    var normalizedOrigin = opt_normalizedOrigin ||
+        __gCrWeb.common.removeQueryAndReferenceFromURL(win.location.href);
+    if (origin != normalizedOrigin) {
+      return false;
+    }
+
+    var filled = false;
+
+    __gCrWeb.findMatchingPasswordForms(formData, doc, opt_normalizedOrigin).
+        forEach(function(form) {
+      var usernameInput =
+          __gCrWeb.getElementByNameWithParent(form, formData.fields[0].name);
+      var passwordInput =
+          __gCrWeb.getElementByNameWithParent(form, formData.fields[1].name);
+      if (!usernameInput.disabled && !passwordInput.disabled) {
+        // If username was provided on a read-only field and it matches the
+        // requested username, fill the form.
+        if (usernameInput.readOnly && usernameInput.value) {
+          if (usernameInput.value == username) {
+            passwordInput.value = password;
+            __gCrWeb.setAutofilled(passwordInput, true);
+            filled = true;
+          }
+        } else {
+          usernameInput.value = username;
+          passwordInput.value = password;
+          __gCrWeb.setAutofilled(passwordInput, true);
+          __gCrWeb.setAutofilled(usernameInput, true);
+          filled = true;
+        }
+      }
+    });
+
+    // Recursively invoke for all frames/iframes.
+    var frames = win.frames;
+    for (var i = 0; i < frames.length; i++) {
+      if (__gCrWeb.fillPasswordFormWithData(
+              formData, username, password, frames[i], opt_normalizedOrigin)) {
+        filled = true;
+      }
+    }
+
+    return filled;
+  };
+
+  /**
+   * Returns true if the supplied field |inputElement| was autofilled.
+   * @param {Element} inputElement The form field for which we need to
+   *     acquire the autofilled indicator.
+   * @return {boolean} Whether inputElement was autofilled.
+   */
+  __gCrWeb.isAutofilled = function(inputElement) {
+    return inputElement['__gCrWebAutofilled'];
+  };
+
+  /**
+   * Marks the supplied field as autofilled or not depending on the
+   * |value|.
+   * @param {Element} inputElement The form field for which the indicator
+   *    needs to be set.
+   * @param {boolean} value The new value of the indicator.
+   */
+  __gCrWeb.setAutofilled = function(inputElement, value) {
+    inputElement['__gCrWebAutofilled'] = value;
+  };
+
+  /**
+   * Selects text starting from |selectFrom| in the specified field.
+   * @param {string} formName The name of the form to select in.
+   * @param {string} fieldName The name of the field to select in.
+   * @param {number} selectFrom The starting index for selection.
+   * @return {boolean} Whether the operation was successful.
+   */
+  __gCrWeb['selectText'] = function(formName, fieldName, selectFrom) {
+    var form = __gCrWeb.common.getFormElementFromIdentifier(formName);
+    var el = __gCrWeb.getElementByNameWithParent(form, fieldName);
+    if (!el)
+      return false;
+    el.selectionStart = selectFrom;
+    el.selectionEnd = el.value.length;
+    return true;
+  };
+
+  /**
+   * Fills all password fields in the form identified by |formName|
+   * with |password| and marks them as autofilled.
+   *
+   * @param {string} formName The name of the form to fill.
+   * @param {string} password The password to fill.
+   * @return {boolean} Whether a password field has been filled.
+   */
+  __gCrWeb['fillPasswordFormWithGeneratedPassword'] =
+      function(formName, password) {
+    var form = __gCrWeb.common.getFormElementFromIdentifier(formName);
+    if (!form)
+      return false;
+    var fields = form.querySelectorAll('input[type=password]');
+    for (var i = 0; i < fields.length; i++) {
+      var field = fields[i];
+      field.value = password;
+      __gCrWeb.setAutofilled(field, true);
+    }
+    return fields.length > 0;
+  };
+
+  /**
+   * Finds all forms with passwords in the supplied window or frame and appends
+   * JS objects containing the form data to |formDataList|.
+   * @param {!Array.<Object>} formDataList A list that this function populates
+   *     with descriptions of discovered forms.
+   * @param {Window} win A window (or frame) in which the function should
+   *    look for password forms.
+   */
+  __gCrWeb.getPasswordFormDataList = function(formDataList, win) {
+    var doc = win.document;
+
+    // We may not be allowed to read the 'document' property from a frame
+    // that is in a different domain.
+    if (!doc) {
+      return;
+    }
+
+    var forms = doc.forms;
+    for (var i = 0; i < forms.length; i++) {
+      var formData = __gCrWeb.getPasswordFormData(forms[i]);
+      if (formData) {
+        formDataList.push(formData);
+      }
+    }
+
+    // Recursively invoke for all frames/iframes.
+    var frames = win.frames;
+    for (var i = 0; i < frames.length; i++) {
+      __gCrWeb.getPasswordFormDataList(formDataList, frames[i]);
+    }
+  };
+
+  /**
+   * Returns a JS object containing the data from |formElement|.
+   * @param {Element} formElement An HTML Form element.
+   * @return {Object} Object of data from formElement.
+   */
+  __gCrWeb.getPasswordFormData = function(formElement) {
+    var inputs = formElement.getElementsByTagName('input');
+
+    var fields = [];
+    var passwords = [];
+    var firstPasswordIndex = 0;
+    for (var j = 0; j < inputs.length; j++) {
+      // TODO(dplotnikov): figure out a way to identify the activated
+      // submit, which is the button that the user has already hit
+      // before this code is called.
+
+      var input = inputs[j];
+
+      fields.push({
+        'element': input.name,
+        'type': input.type
+      });
+
+      if (!input.disabled && input.type == 'password') {
+        if (passwords.length == 0) {
+          firstPasswordIndex = j;
+        }
+        passwords.push({
+          'element': input.name,
+          'value': input.value
+        });
+      }
+    }
+
+    if (passwords.length == 0)
+      return null;
+
+    var usernameElement = '';
+    var usernameValue = '';
+    for (var j = firstPasswordIndex - 1; j >= 0; j--) {
+      var input = inputs[j];
+      if (!input.disabled && __gCrWeb.common.isTextField(input)) {
+        usernameElement = input.name;
+        usernameValue = input.value;
+        break;
+      }
+    }
+
+    var origin = __gCrWeb.common.removeQueryAndReferenceFromURL(
+        formElement.ownerDocument.location.href);
+
+    return {
+      'action': formElement.getAttribute('action'),
+      'method': formElement.getAttribute('method'),
+      'name': __gCrWeb.common.getFormIdentifier(formElement),
+      'origin': origin,
+      'fields': fields,
+      'usernameElement': usernameElement,
+      'usernameValue': usernameValue,
+      'passwords': passwords
+    };
+  };
+}