Move JS-related password manager code upstream

ios/chrome/browser/passwords/credential_manager.mm

+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#import "ios/chrome/browser/passwords/credential_manager.h"
+
+#include "base/ios/ios_util.h"
+#import "base/ios/weak_nsobject.h"
+#include "base/mac/bind_objc_block.h"
+#include "base/memory/scoped_vector.h"
+#include "base/message_loop/message_loop.h"
+#include "base/strings/sys_string_conversions.h"
+#include "components/password_manager/core/browser/password_store_consumer.h"
+#include "components/password_manager/core/common/credential_manager_types.h"
+#include "components/password_manager/core/common/password_manager_pref_names.h"
+#import "ios/chrome/browser/passwords/js_credential_manager.h"
+#import "ios/web/public/url_scheme_util.h"
+#include "ios/web/public/web_state/credential.h"
+#include "ios/web/public/web_state/url_verification_constants.h"
+#include "ios/web/public/web_state/web_state.h"
+
+namespace {
+
+// Converts a password_manager::CredentialInfo to a web::Credential.
+web::Credential WebCredentialFromCredentialInfo(
+    const password_manager::CredentialInfo& credential_info) {
+  web::Credential credential;
+  switch (credential_info.type) {
+    case password_manager::CredentialType::CREDENTIAL_TYPE_EMPTY:
+      credential.type = web::CredentialType::CREDENTIAL_TYPE_EMPTY;
+      break;
+    case password_manager::CredentialType::CREDENTIAL_TYPE_PASSWORD:
+      credential.type = web::CredentialType::CREDENTIAL_TYPE_PASSWORD;
+      break;
+    case password_manager::CredentialType::CREDENTIAL_TYPE_FEDERATED:
+      credential.type = web::CredentialType::CREDENTIAL_TYPE_FEDERATED;
+      break;
+  }
+  credential.id = credential_info.id;
+  credential.name = credential_info.name;
+  credential.avatar_url = credential_info.icon;
+  credential.password = credential_info.password;
+  credential.federation_url = credential_info.federation;
+  return credential;
+}
+
+// Converts a web::Credential to a password_manager::CredentialInfo.
+password_manager::CredentialInfo CredentialInfoFromWebCredential(
+    const web::Credential& credential) {
+  password_manager::CredentialInfo credential_info;
+  switch (credential.type) {
+    case web::CredentialType::CREDENTIAL_TYPE_EMPTY:
+      credential_info.type =
+          password_manager::CredentialType::CREDENTIAL_TYPE_EMPTY;
+      break;
+    case web::CredentialType::CREDENTIAL_TYPE_PASSWORD:
+      credential_info.type =
+          password_manager::CredentialType::CREDENTIAL_TYPE_PASSWORD;
+      break;
+    case web::CredentialType::CREDENTIAL_TYPE_FEDERATED:
+      credential_info.type =
+          password_manager::CredentialType::CREDENTIAL_TYPE_FEDERATED;
+      break;
+  }
+  credential_info.id = credential.id;
+  credential_info.name = credential.name;
+  credential_info.icon = credential.avatar_url;
+  credential_info.password = credential.password;
+  credential_info.federation = credential.federation_url;
+  return credential_info;
+}
+
+}  // namespace
+
+CredentialManager::CredentialManager(
+    web::WebState* web_state,
+    password_manager::PasswordManagerClient* client,
+    password_manager::PasswordManagerDriver* driver,
+    JSCredentialManager* js_manager)
+    : web::WebStateObserver(web_state),
+      pending_request_(nullptr),
+      form_manager_(nullptr),
+      js_manager_([js_manager retain]),
+      client_(client),
+      driver_(driver),
+      weak_factory_(this) {
+  zero_click_sign_in_enabled_.Init(
+      password_manager::prefs::kPasswordManagerAutoSignin, client_->GetPrefs());
+}
+
+CredentialManager::~CredentialManager() = default;
+
+void CredentialManager::PageLoaded(
+    web::PageLoadCompletionStatus load_completion_status) {
+  // Ensure the JavaScript is loaded when the page finishes loading.
+  web::URLVerificationTrustLevel trust_level =
+      web::URLVerificationTrustLevel::kNone;
+  const GURL page_url(web_state()->GetCurrentURL(&trust_level));
+  if (!base::ios::IsRunningOnIOS8OrLater() ||
+      trust_level != web::URLVerificationTrustLevel::kAbsolute ||
+      !web::UrlHasWebScheme(page_url) || !web_state()->ContentIsHTML()) {
+    return;
+  }
+  [js_manager_ inject];
+}
+
+void CredentialManager::CredentialsRequested(
+    int request_id,
+    const GURL& source_url,
+    bool zero_click_only,
+    const std::vector<std::string>& federations,
+    bool is_user_initiated) {
+  // Invoked when the page invokes navigator.credentials.request(), this
+  // function will attempt to retrieve a Credential from the PasswordStore that
+  // meets the specified parameters and, if successful, send it back to the page
+  // via SendCredential.
+  DCHECK_GE(request_id, 0);
+  password_manager::PasswordStore* store = GetPasswordStore();
+
+  // If there's an outstanding request, or the PasswordStore isn't loaded yet,
+  // the request should fail outright and the JS Promise should be rejected
+  // with an appropriate error.
+  if (pending_request_ || !store) {
+    base::MessageLoop::current()->PostTask(
+        FROM_HERE,
+        base::Bind(&CredentialManager::RejectPromise,
+                   weak_factory_.GetWeakPtr(), request_id,
+                   pending_request_ ? ERROR_TYPE_PENDING_REQUEST
+                                    : ERROR_TYPE_PASSWORD_STORE_UNAVAILABLE));
+    return;
+  }
+
+  // If the page requested a zero-click credential -- one that can be returned
+  // without first asking the user -- and if zero-click isn't currently
+  // available, send back an empty credential.
+  if (zero_click_only && !IsZeroClickAllowed()) {
+    base::MessageLoop::current()->PostTask(
+        FROM_HERE, base::Bind(&CredentialManager::SendCredential,
+                              weak_factory_.GetWeakPtr(), request_id,
+                              password_manager::CredentialInfo()));
+    return;
+  }
+
+  // If the page origin is untrusted, the request should be rejected.
+  GURL page_url;
+  if (!GetUrlWithAbsoluteTrust(&page_url)) {
+    RejectPromise(request_id, ERROR_TYPE_SECURITY_ERROR_UNTRUSTED_ORIGIN);
+    return;
+  }
+
+  // Bundle up the arguments and forward them to the PasswordStore, which will
+  // asynchronously return the resulting Credential by invoking
+  // |SendCredential|.
+  std::vector<GURL> federation_urls;
+  for (const auto& federation : federations)
+    federation_urls.push_back(GURL(federation));
+  std::vector<std::string> realms;
+  pending_request_.reset(
+      new password_manager::CredentialManagerPendingRequestTask(
+          this, request_id, zero_click_only, page_url, federation_urls,
+          realms));
+  store->GetAutofillableLogins(pending_request_.get());
+}
+
+void CredentialManager::SignedIn(int request_id,
+                                 const GURL& source_url,
+                                 const web::Credential& credential) {
+  // Invoked when the page invokes navigator.credentials.notifySignedIn(), this
+  // function stores the signed-in |credential| and sends a message back to the
+  // page to resolve the Promise associated with |request_id|.
+  DCHECK(credential.type != web::CredentialType::CREDENTIAL_TYPE_EMPTY);
+  DCHECK_GE(request_id, 0);
+
+  // Requests from untrusted origins should be rejected.
+  GURL page_url;
+  if (!GetUrlWithAbsoluteTrust(&page_url)) {
+    RejectPromise(request_id, ERROR_TYPE_SECURITY_ERROR_UNTRUSTED_ORIGIN);
+    return;
+  }
+
+  // Notify the page that the notification was successful to avoid blocking the
+  // page while storing the credential. This is okay because the notification
+  // doesn't imply that the credential will be stored, just that it might be.
+  // It isn't the page's concern to know whether the storage took place or not.
+  ResolvePromise(request_id);
+
+  // Do nothing if the password manager isn't active.
+  if (!client_->IsSavingAndFillingEnabledForCurrentPage())
+    return;
+
+  // Store the signed-in credential so that the user can save it, if desired.
+  // Prompting the user and saving are handled by the PasswordFormManager.
+  scoped_ptr<autofill::PasswordForm> form(
+      password_manager::CreatePasswordFormFromCredentialInfo(
+          CredentialInfoFromWebCredential(credential), page_url));
+  form->skip_zero_click = !IsZeroClickAllowed();
+
+  // TODO(mkwst): This is a stub; we should be checking the PasswordStore to
+  // determine whether or not the credential exists, and calling UpdateLogin
+  // accordingly.
+  form_manager_.reset(
+      new password_manager::CredentialManagerPasswordFormManager(
+          client_, driver_->AsWeakPtr(), *form, this));
+}
+
+void CredentialManager::SignedOut(int request_id, const GURL& source_url) {
+  // Invoked when the page invokes navigator.credentials.notifySignedOut, this
+  // function notifies the PasswordStore that zero-click sign-in should be
+  // disabled for the current page origin.
+  DCHECK_GE(request_id, 0);
+
+  // Requests from untrusted origins should be rejected.
+  GURL page_url;
+  if (!GetUrlWithAbsoluteTrust(&page_url)) {
+    RejectPromise(request_id, ERROR_TYPE_SECURITY_ERROR_UNTRUSTED_ORIGIN);
+    return;
+  }
+
+  // The user signed out of the current page, so future zero-click credential
+  // requests for this page should fail: otherwise, the next time the user
+  // visits the page, if zero-click requests succeeded, the user might be auto-
+  // signed-in again with the credential that they just signed out. Forward this
+  // information to the PasswordStore via an asynchronous task.
+  password_manager::PasswordStore* store = GetPasswordStore();
+  if (store) {
+    // Bundle the origins that are sent to the PasswordStore if the task hasn't
+    // yet resolved. This task lives across page-loads to enable this bundling.
+    if (pending_require_user_mediation_) {
+      pending_require_user_mediation_->AddOrigin(page_url);
+    } else {
+      pending_require_user_mediation_.reset(
+          new password_manager::
+              CredentialManagerPendingRequireUserMediationTask(
+                  this, page_url, std::vector<std::string>()));
+
+      // This will result in a callback to
+      // CredentialManagerPendingSignedOutTask::OnGetPasswordStoreResults().
+      store->GetAutofillableLogins(pending_require_user_mediation_.get());
+    }
+  }
+
+  // Acknowledge the page's signOut notification without waiting for the
+  // PasswordStore interaction to complete. The implementation of the sign-out
+  // notification isn't the page's concern.
+  ResolvePromise(request_id);
+}
+
+void CredentialManager::WebStateDestroyed() {
+  // When the WebState is destroyed, clean up everything that depends on it.
+  js_manager_.reset();
+}
+
+bool CredentialManager::IsZeroClickAllowed() const {
+  // Zero-click sign-in is only allowed when the user hasn't turned it off and
+  // when the user isn't in incognito mode.
+  return *zero_click_sign_in_enabled_ && !client_->IsOffTheRecord();
+}
+
+GURL CredentialManager::GetOrigin() const {
+  web::URLVerificationTrustLevel trust_level =
+      web::URLVerificationTrustLevel::kNone;
+  const GURL page_url(web_state()->GetCurrentURL(&trust_level));
+  DCHECK_EQ(trust_level, web::URLVerificationTrustLevel::kAbsolute);
+  return page_url;
+}
+
+void CredentialManager::SendCredential(
+    int request_id,
+    const password_manager::CredentialInfo& credential) {
+  // Invoked when the asynchronous interaction with the PasswordStore completes,
+  // this function forwards a |credential| back to the page via |js_manager_| by
+  // resolving the JavaScript Promise associated with |request_id|.
+  base::WeakPtr<CredentialManager> weak_this = weak_factory_.GetWeakPtr();
+  [js_manager_
+      resolvePromiseWithRequestID:request_id
+                       credential:WebCredentialFromCredentialInfo(credential)
+                completionHandler:^(BOOL) {
+                  if (weak_this)
+                    weak_this->pending_request_.reset();
+                }];
+}
+
+password_manager::PasswordManagerClient* CredentialManager::client() const {
+  return client_;
+}
+
+autofill::PasswordForm CredentialManager::GetSynthesizedFormForOrigin() const {
+  autofill::PasswordForm synthetic_form;
+  synthetic_form.origin = web_state()->GetLastCommittedURL().GetOrigin();
+  synthetic_form.signon_realm = synthetic_form.origin.spec();
+  synthetic_form.scheme = autofill::PasswordForm::SCHEME_HTML;
+  synthetic_form.ssl_valid = synthetic_form.origin.SchemeIsCryptographic() &&
+                             !client_->DidLastPageLoadEncounterSSLErrors();
+  return synthetic_form;
+}
+
+void CredentialManager::OnProvisionalSaveComplete() {
+  // Invoked after a credential sent up by the page was stored in a FormManager
+  // by |SignedIn|, this function asks the user if the password should be stored
+  // in the password manager.
+  DCHECK(form_manager_);
+  if (client_->IsSavingAndFillingEnabledForCurrentPage() &&
+      !form_manager_->IsBlacklisted()) {
+    client_->PromptUserToSaveOrUpdatePassword(
+        form_manager_.Pass(),
+        password_manager::CredentialSourceType::CREDENTIAL_SOURCE_API, false);
+  }
+}
+
+password_manager::PasswordStore* CredentialManager::GetPasswordStore() {
+  return client_ ? client_->GetPasswordStore() : nullptr;
+}
+
+void CredentialManager::DoneRequiringUserMediation() {
+  // Invoked when the PasswordStore has finished processing the list of origins
+  // that should have zero-click sign-in disabled.
+  DCHECK(pending_require_user_mediation_);
+  pending_require_user_mediation_.reset();
+}
+
+void CredentialManager::ResolvePromise(int request_id) {
+  [js_manager_ resolvePromiseWithRequestID:request_id completionHandler:nil];
+}
+
+void CredentialManager::RejectPromise(int request_id, ErrorType error_type) {
+  NSString* type = nil;
+  NSString* message = nil;
+  switch (error_type) {
+    case ERROR_TYPE_PENDING_REQUEST:
+      type = base::SysUTF8ToNSString(kCredentialsPendingRequestErrorType);
+      message = base::SysUTF8ToNSString(kCredentialsPendingRequestErrorMessage);
+      break;
+    case ERROR_TYPE_PASSWORD_STORE_UNAVAILABLE:
+      type = base::SysUTF8ToNSString(
+          kCredentialsPasswordStoreUnavailableErrorType);
+      message = base::SysUTF8ToNSString(
+          kCredentialsPasswordStoreUnavailableErrorMessage);
+      break;
+    case ERROR_TYPE_SECURITY_ERROR_UNTRUSTED_ORIGIN:
+      type = base::SysUTF8ToNSString(kCredentialsSecurityErrorType);
+      message = base::SysUTF8ToNSString(
+          kCredentialsSecurityErrorMessageUntrustedOrigin);
+      break;
+  }
+  [js_manager_ rejectPromiseWithRequestID:request_id
+                                errorType:type
+                                  message:message
+                        completionHandler:nil];
+}
+
+bool CredentialManager::GetUrlWithAbsoluteTrust(GURL* page_url) {
+  web::URLVerificationTrustLevel trust_level =
+      web::URLVerificationTrustLevel::kNone;
+  const GURL possibly_untrusted_url(web_state()->GetCurrentURL(&trust_level));
+  if (trust_level == web::URLVerificationTrustLevel::kAbsolute) {
+    *page_url = possibly_untrusted_url;
+    return true;
+  }
+  return false;
+}