Move JS-related password manager code upstream

ios/chrome/browser/passwords/credential_manager.mm

Index: ios/chrome/browser/passwords/credential_manager.mm
diff --git a/ios/chrome/browser/passwords/credential_manager.mm b/ios/chrome/browser/passwords/credential_manager.mm
new file mode 100644
index 0000000000000000000000000000000000000000..c2c6a8c5a78d0d1755ffc0281912781e90f0c081
--- /dev/null
+++ b/ios/chrome/browser/passwords/credential_manager.mm
@@ -0,0 +1,369 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#import "ios/chrome/browser/passwords/credential_manager.h"
+
+#include "base/ios/ios_util.h"
+#include "base/ios/weak_nsobject.h"

[Eugene But (OOO till 7-30), 2015/11/18 17:06:48]

s/include/import

[vabr (Chromium), 2015/11/19 10:02:27]

Done.

+#include "base/mac/bind_objc_block.h"
+#include "base/memory/scoped_vector.h"
+#include "base/message_loop/message_loop.h"
+#include "base/strings/sys_string_conversions.h"
+#include "components/password_manager/core/browser/password_store_consumer.h"
+#include "components/password_manager/core/common/credential_manager_types.h"
+#include "components/password_manager/core/common/password_manager_pref_names.h"
+#import "ios/chrome/browser/passwords/js_credential_manager.h"
+#include "ios/web/public/url_scheme_util.h"

[Eugene But (OOO till 7-30), 2015/11/18 17:06:48]

s/include/import

[vabr (Chromium), 2015/11/19 10:02:27]

Done.

+#include "ios/web/public/web_state/credential.h"
+#include "ios/web/public/web_state/url_verification_constants.h"
+#include "ios/web/public/web_state/web_state.h"
+
+namespace ios {
+namespace passwords {
+
+namespace {
+
+// Converts a password_manager::CredentialInfo to a web::Credential.
+web::Credential WebCredentialFromCredentialInfo(
+    const password_manager::CredentialInfo& credential_info) {
+  web::Credential credential;
+  switch (credential_info.type) {
+    case password_manager::CredentialType::CREDENTIAL_TYPE_EMPTY:
+      credential.type = web::CredentialType::CREDENTIAL_TYPE_EMPTY;
+      break;
+    case password_manager::CredentialType::CREDENTIAL_TYPE_PASSWORD:
+      credential.type = web::CredentialType::CREDENTIAL_TYPE_PASSWORD;
+      break;
+    case password_manager::CredentialType::CREDENTIAL_TYPE_FEDERATED:
+      credential.type = web::CredentialType::CREDENTIAL_TYPE_FEDERATED;
+      break;
+    default:

[droger, 2015/11/18 16:24:17]

Remove the default case, this way there will be a compile error if somebody adds
a new value.

[vabr (Chromium), 2015/11/18 16:52:28]

Done.

+      NOTREACHED();
+  }
+  credential.id = credential_info.id;
+  credential.name = credential_info.name;
+  credential.avatar_url = credential_info.icon;
+  credential.password = credential_info.password;
+  credential.federation_url = credential_info.federation;
+  return credential;
+}
+
+// Converts a web::Credential to a password_manager::CredentialInfo.
+password_manager::CredentialInfo CredentialInfoFromWebCredential(
+    const web::Credential& credential) {
+  password_manager::CredentialInfo credential_info;
+  switch (credential.type) {
+    case web::CredentialType::CREDENTIAL_TYPE_EMPTY:
+      credential_info.type =
+          password_manager::CredentialType::CREDENTIAL_TYPE_EMPTY;
+      break;
+    case web::CredentialType::CREDENTIAL_TYPE_PASSWORD:
+      credential_info.type =
+          password_manager::CredentialType::CREDENTIAL_TYPE_PASSWORD;
+      break;
+    case web::CredentialType::CREDENTIAL_TYPE_FEDERATED:
+      credential_info.type =
+          password_manager::CredentialType::CREDENTIAL_TYPE_FEDERATED;
+      break;
+    default:

[droger, 2015/11/18 16:24:17]

Same here.

[vabr (Chromium), 2015/11/18 16:52:28]

Done.

+      NOTREACHED();
+  }
+  credential_info.id = credential.id;
+  credential_info.name = credential.name;
+  credential_info.icon = credential.avatar_url;
+  credential_info.password = credential.password;
+  credential_info.federation = credential.federation_url;
+  return credential_info;
+}
+
+}  // namespace
+
+CredentialManager::CredentialManager(
+    web::WebState* web_state,
+    password_manager::PasswordManagerClient* client,
+    password_manager::PasswordManagerDriver* driver,
+    JSCredentialManager* js_manager)
+    : web::WebStateObserver(web_state),
+      pending_request_(nullptr),
+      form_manager_(nullptr),
+      js_manager_([js_manager retain]),
+      client_(client),
+      driver_(driver),
+      weak_factory_(this) {
+  zero_click_sign_in_enabled_.Init(
+      password_manager::prefs::kPasswordManagerAutoSignin, client_->GetPrefs());
+}
+
+CredentialManager::~CredentialManager() = default;
+
+// Ensure the JavaScript is loaded when the page finishes loading.

[droger, 2015/11/18 16:24:16]

Move this comment to the .h or inside the function.

[vabr (Chromium), 2015/11/18 16:52:28]

Done. Moved all inside the functions, because the methods are overloaded, and
the "public" description is already at the original declaration.

[Eugene But (OOO till 7-30), 2015/11/18 17:06:48]

NIT: If you choose to move this comment to .h, then please s/Ensure/Ensures,
since method comments should be descriptive rather than imperative.

[vabr (Chromium), 2015/11/19 10:02:27]

Acknowledged.

+void CredentialManager::PageLoaded(
+    web::PageLoadCompletionStatus load_completion_status) {
+  web::URLVerificationTrustLevel trust_level =
+      web::URLVerificationTrustLevel::kNone;
+  const GURL page_url(web_state()->GetCurrentURL(&trust_level));
+  if (!base::ios::IsRunningOnIOS8OrLater() ||
+      trust_level != web::URLVerificationTrustLevel::kAbsolute ||
+      !web::UrlHasWebScheme(page_url) || !web_state()->ContentIsHTML()) {
+    return;
+  }
+  [js_manager_ inject];
+}
+
+// Invoked when the page invokes navigator.credentials.request(), this function
+// will attempt to retrieve a Credential from the PasswordStore that meets the
+// specified parameters and, if successful, send it back to the page via
+// SendCredential.

[droger, 2015/11/18 16:24:16]

Move this comment to the .h or inside the function.

[vabr (Chromium), 2015/11/18 16:52:28]

Done.

+void CredentialManager::CredentialsRequested(
+    int request_id,
+    const GURL& source_url,
+    bool zero_click_only,
+    const std::vector<std::string>& federations,
+    bool is_user_initiated) {
+  DCHECK_GE(request_id, 0);
+  password_manager::PasswordStore* store = GetPasswordStore();
+
+  // If there's an outstanding request, or the PasswordStore isn't loaded yet,
+  // the request should fail outright and the JS Promise should be rejected
+  // with an appropriate error.
+  if (pending_request_ || !store) {
+    base::MessageLoop::current()->PostTask(
+        FROM_HERE,
+        base::Bind(&CredentialManager::RejectPromise,
+                   weak_factory_.GetWeakPtr(), request_id,
+                   pending_request_ ? ERROR_TYPE_PENDING_REQUEST
+                                    : ERROR_TYPE_PASSWORD_STORE_UNAVAILABLE));
+    return;
+  }
+
+  // If the page requested a zero-click credential -- one that can be returned
+  // without first asking the user -- and if zero-click isn't currently
+  // available, send back an empty credential.
+  if (zero_click_only && !IsZeroClickAllowed()) {
+    base::MessageLoop::current()->PostTask(
+        FROM_HERE, base::Bind(&CredentialManager::SendCredential,
+                              weak_factory_.GetWeakPtr(), request_id,
+                              password_manager::CredentialInfo()));
+    return;
+  }
+
+  // If the page origin is untrusted, the request should be rejected.
+  GURL page_url;
+  if (!GetURLWithAbsoluteTrust(&page_url)) {
+    RejectPromise(request_id, ERROR_TYPE_SECURITY_ERROR_UNTRUSTED_ORIGIN);
+    return;
+  }
+
+  // Bundle up the arguments and forward them to the PasswordStore, which will
+  // asynchronously return the resulting Credential by invoking
+  // |SendCredential|.
+  std::vector<GURL> federation_urls;
+  for (const auto& federation : federations)
+    federation_urls.push_back(GURL(federation));
+  std::vector<std::string> realms;
+  pending_request_.reset(
+      new password_manager::CredentialManagerPendingRequestTask(
+          this, request_id, zero_click_only, page_url, federation_urls,
+          realms));
+  store->GetAutofillableLogins(pending_request_.get());
+}
+
+// Invoked when the page invokes navigator.credentials.notifySignedIn(), this
+// function stores the signed-in |credential| and sends a message back to the
+// page to resolve the Promise associated with |request_id|.

[droger, 2015/11/18 16:24:16]

Move this comment to the .h or inside the function.

[vabr (Chromium), 2015/11/18 16:52:28]

Done.

+void CredentialManager::SignedIn(int request_id,
+                                 const GURL& source_url,
+                                 const web::Credential& credential) {
+  DCHECK(credential.type != web::CredentialType::CREDENTIAL_TYPE_EMPTY);
+  DCHECK_GE(request_id, 0);
+
+  // Requests from untrusted origins should be rejected.
+  GURL page_url;
+  if (!GetURLWithAbsoluteTrust(&page_url)) {
+    RejectPromise(request_id, ERROR_TYPE_SECURITY_ERROR_UNTRUSTED_ORIGIN);
+    return;
+  }
+
+  // Notify the page that the notification was successful to avoid blocking the
+  // page while storing the credential. This is okay because the notification
+  // doesn't imply that the credential will be stored, just that it might be.
+  // It isn't the page's concern to know whether the storage took place or not.
+  ResolvePromise(request_id);
+
+  // Do nothing if the password manager isn't active.
+  if (!client_->IsSavingAndFillingEnabledForCurrentPage())
+    return;
+
+  // Store the signed-in credential so that the user can save it, if desired.
+  // Prompting the user and saving are handled by the PasswordFormManager.
+  scoped_ptr<autofill::PasswordForm> form(
+      password_manager::CreatePasswordFormFromCredentialInfo(
+          CredentialInfoFromWebCredential(credential), page_url));
+  form->skip_zero_click = !IsZeroClickAllowed();
+
+  // TODO(mkwst): This is a stub; we should be checking the PasswordStore to
+  // determine whether or not the credential exists, and calling UpdateLogin
+  // accordingly.
+  form_manager_.reset(
+      new password_manager::CredentialManagerPasswordFormManager(
+          client_, driver_->AsWeakPtr(), *form, this));
+}
+
+// Invoked when the page invokes navigator.credentials.notifySignedOut, this
+// function notifies the PasswordStore that zero-click sign-in should be
+// disabled for the current page origin.

[droger, 2015/11/18 16:24:16]

Move this comment to the .h or inside the function.

[vabr (Chromium), 2015/11/18 16:52:28]

Done.

+void CredentialManager::SignedOut(int request_id, const GURL& source_url) {
+  DCHECK_GE(request_id, 0);
+
+  // Requests from untrusted origins should be rejected.
+  GURL page_url;
+  if (!GetURLWithAbsoluteTrust(&page_url)) {
+    RejectPromise(request_id, ERROR_TYPE_SECURITY_ERROR_UNTRUSTED_ORIGIN);
+    return;
+  }
+
+  // The user signed out of the current page, so future zero-click credential
+  // requests for this page should fail: otherwise, the next time the user
+  // visits the page, if zero-click requests succeeded, the user might be auto-
+  // signed-in again with the credential that they just signed out. Forward this
+  // information to the PasswordStore via an asynchronous task.
+  password_manager::PasswordStore* store = GetPasswordStore();
+  if (store) {
+    // Bundle the origins that are sent to the PasswordStore if the task hasn't
+    // yet resolved. This task lives across page-loads to enable this bundling.
+    if (pending_require_user_mediation_) {
+      pending_require_user_mediation_->AddOrigin(page_url);
+    } else {
+      pending_require_user_mediation_.reset(
+          new password_manager::
+              CredentialManagerPendingRequireUserMediationTask(
+                  this, page_url, std::vector<std::string>()));
+
+      // This will result in a callback to
+      // CredentialManagerPendingSignedOutTask::OnGetPasswordStoreResults().
+      store->GetAutofillableLogins(pending_require_user_mediation_.get());
+    }
+  }
+
+  // Acknowledge the page's signOut notification without waiting for the
+  // PasswordStore interaction to complete. The implementation of the sign-out
+  // notification isn't the page's concern.
+  ResolvePromise(request_id);
+}
+
+// When the WebState is destroyed, clean up everything that depends on it.

[droger, 2015/11/18 16:24:16]

Move this comment to the .h or inside the function.

[vabr (Chromium), 2015/11/18 16:52:28]

Done.

+void CredentialManager::WebStateDestroyed() {
+  js_manager_.reset();
+}
+
+// Zero-click sign-in is only allowed when the user hasn't turned it off and
+// when the user isn't in incognito mode.

[droger, 2015/11/18 16:24:16]

Move this comment to the .h or inside the function.

[vabr (Chromium), 2015/11/18 16:52:28]

Done.

+bool CredentialManager::IsZeroClickAllowed() const {
+  return *zero_click_sign_in_enabled_ && !client_->IsOffTheRecord();
+}
+
+GURL CredentialManager::GetOrigin() const {
+  web::URLVerificationTrustLevel trust_level =
+      web::URLVerificationTrustLevel::kNone;
+  const GURL page_url(web_state()->GetCurrentURL(&trust_level));
+  DCHECK_EQ(trust_level, web::URLVerificationTrustLevel::kAbsolute);
+  return page_url;
+}
+
+// Invoked when the asynchronous interaction with the PasswordStore completes,
+// this function forwards a |credential| back to the page via |js_manager_| by
+// resolving the JavaScript Promise associated with |request_id|.

[droger, 2015/11/18 16:24:16]

Move this comment to the .h or inside the function.

[vabr (Chromium), 2015/11/18 16:52:28]

Done.

+void CredentialManager::SendCredential(
+    int request_id,
+    const password_manager::CredentialInfo& credential) {
+  base::WeakPtr<CredentialManager> weak_this = weak_factory_.GetWeakPtr();
+  [js_manager_
+      resolvePromiseWithRequestID:request_id
+                       credential:WebCredentialFromCredentialInfo(credential)
+                completionHandler:^(BOOL) {
+                  if (weak_this)
+                    weak_this->pending_request_.reset();
+                }];
+}
+
+password_manager::PasswordManagerClient* CredentialManager::client() const {
+  return client_;
+}
+
+autofill::PasswordForm CredentialManager::GetSynthesizedFormForOrigin() const {
+  autofill::PasswordForm synthetic_form;
+  synthetic_form.origin = web_state()->GetLastCommittedURL().GetOrigin();
+  synthetic_form.signon_realm = synthetic_form.origin.spec();
+  synthetic_form.scheme = autofill::PasswordForm::SCHEME_HTML;
+  synthetic_form.ssl_valid = synthetic_form.origin.SchemeIsCryptographic() &&
+                             !client_->DidLastPageLoadEncounterSSLErrors();
+  return synthetic_form;
+}
+
+// Invoked after a credential sent up by the page was stored in a FormManager
+// by |SignedIn|, this function asks the user if the password should be stored
+// in the password manager.

[droger, 2015/11/18 16:24:16]

Move this comment to the .h or inside the function.

[vabr (Chromium), 2015/11/18 16:52:28]

Done.

+void CredentialManager::OnProvisionalSaveComplete() {
+  DCHECK(form_manager_);
+  if (client_->IsSavingAndFillingEnabledForCurrentPage() &&
+      !form_manager_->IsBlacklisted()) {
+    client_->PromptUserToSaveOrUpdatePassword(
+        form_manager_.Pass(),
+        password_manager::CredentialSourceType::CREDENTIAL_SOURCE_API, false);
+  }
+}
+
+password_manager::PasswordStore* CredentialManager::GetPasswordStore() {
+  return client_ ? client_->GetPasswordStore() : nullptr;
+}
+
+// Invoked when the PasswordStore has finished processing the list of origins
+// that should have zero-click sign-in disabled.

[droger, 2015/11/18 16:24:16]

Move this comment to the .h or inside the function.

[vabr (Chromium), 2015/11/18 16:52:28]

Done.

+void CredentialManager::DoneRequiringUserMediation() {
+  DCHECK(pending_require_user_mediation_);
+  pending_require_user_mediation_.reset();
+}
+
+void CredentialManager::ResolvePromise(int request_id) {
+  [js_manager_ resolvePromiseWithRequestID:request_id completionHandler:nil];
+}
+
+void CredentialManager::RejectPromise(int request_id, ErrorType error_type) {
+  NSString* type = nil;
+  NSString* message = nil;
+  switch (error_type) {
+    case ERROR_TYPE_PENDING_REQUEST:
+      type = base::SysUTF8ToNSString(kPendingRequestErrorType);
+      message = base::SysUTF8ToNSString(kPendingRequestErrorMessage);
+      break;
+    case ERROR_TYPE_PASSWORD_STORE_UNAVAILABLE:
+      type = base::SysUTF8ToNSString(kPasswordStoreUnavailableErrorType);
+      message = base::SysUTF8ToNSString(kPasswordStoreUnavailableErrorMessage);
+      break;
+    case ERROR_TYPE_SECURITY_ERROR_UNTRUSTED_ORIGIN:
+      type = base::SysUTF8ToNSString(kSecurityErrorType);
+      message = base::SysUTF8ToNSString(kSecurityErrorMessageUntrustedOrigin);
+      break;
+    default:

[droger, 2015/11/18 16:24:16]

Remove the default.

[vabr (Chromium), 2015/11/18 16:52:28]

Done.

+      NOTREACHED();
+  }
+  [js_manager_ rejectPromiseWithRequestID:request_id
+                                errorType:type
+                                  message:message
+                        completionHandler:nil];
+}
+
+bool CredentialManager::GetURLWithAbsoluteTrust(GURL* page_url) {
+  web::URLVerificationTrustLevel trust_level =
+      web::URLVerificationTrustLevel::kNone;
+  const GURL possibly_untrusted_url(web_state()->GetCurrentURL(&trust_level));
+  if (trust_level == web::URLVerificationTrustLevel::kAbsolute) {
+    *page_url = possibly_untrusted_url;
+    return true;
+  }
+  return false;
+}
+
+}  // namespace passwords
+}  // namespace ios