Add metadata to content::PasswordForm to keep track of the password usage.

chrome/browser/password_manager/login_database.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/password_manager/login_database.h"
 
 #include <algorithm>
 #include <limits>
 
 #include "base/file_util.h"
 #include "base/files/file_path.h"
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
 #include "base/pickle.h"
+#include "base/stringprintf.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/time.h"
 #include "base/utf_string_conversions.h"
 #include "sql/statement.h"
 #include "sql/transaction.h"
 
 using content::PasswordForm;
 
-static const int kCurrentVersionNumber = 2;
+static const int kCurrentVersionNumber = 3;
 static const int kCompatibleVersionNumber = 1;
 
 namespace {
 
 // Convenience enum for interacting with SQL queries that use all the columns.
 enum LoginTableColumns {
   COLUMN_ORIGIN_URL = 0,
   COLUMN_ACTION_URL,
   COLUMN_USERNAME_ELEMENT,
   COLUMN_USERNAME_VALUE,
   COLUMN_PASSWORD_ELEMENT,
   COLUMN_PASSWORD_VALUE,
   COLUMN_SUBMIT_ELEMENT,
   COLUMN_SIGNON_REALM,
   COLUMN_SSL_VALID,
   COLUMN_PREFERRED,
   COLUMN_DATE_CREATED,
   COLUMN_BLACKLISTED_BY_USER,
   COLUMN_SCHEME,
   COLUMN_PASSWORD_TYPE,
-  COLUMN_POSSIBLE_USERNAMES
+  COLUMN_POSSIBLE_USERNAMES,
+  COLUMN_TIMES_USED
 };
 
 }  // namespace
 
 LoginDatabase::LoginDatabase() {
 }
 
 LoginDatabase::~LoginDatabase() {
 }
 
@@ skipping 42 matching lines @@
 
   if (!transaction.Commit()) {
     db_.Close();
     return false;
   }
   return true;
 }
 
 bool LoginDatabase::MigrateOldVersionsAsNeeded() {
   switch (meta_table_.GetVersionNumber()) {
-    case kCompatibleVersionNumber:
+    case 1:
       if (!db_.Execute("ALTER TABLE logins "
                        "ADD COLUMN password_type INTEGER") ||
           !db_.Execute("ALTER TABLE logins "
                        "ADD COLUMN possible_usernames BLOB")) {
         return false;
-      } else {
-        meta_table_.SetVersionNumber(kCurrentVersionNumber);
       }
+    case 2:
+      if (!db_.Execute("ALTER TABLE logins "
+                       "ADD COLUMN times_used INTEGER")) {
+        return false;
+      }
+      break;
+    case kCurrentVersionNumber:
+      // Already up to date
+      return true;
+      break;
+    default:
+      NOTREACHED();
+      return false;
   }
+  meta_table_.SetVersionNumber(kCurrentVersionNumber);
   return true;
 }
 
 bool LoginDatabase::InitLoginsTable() {
   if (!db_.DoesTableExist("logins")) {
     if (!db_.Execute("CREATE TABLE logins ("
                      "origin_url VARCHAR NOT NULL, "
                      "action_url VARCHAR, "
                      "username_element VARCHAR, "
                      "username_value VARCHAR, "
                      "password_element VARCHAR, "
                      "password_value BLOB, "
                      "submit_element VARCHAR, "
                      "signon_realm VARCHAR NOT NULL,"
                      "ssl_valid INTEGER NOT NULL,"
                      "preferred INTEGER NOT NULL,"
                      "date_created INTEGER NOT NULL,"
                      "blacklisted_by_user INTEGER NOT NULL,"
                      "scheme INTEGER NOT NULL,"
                      "password_type INTEGER,"
                      "possible_usernames BLOB,"
+                     "times_used INTEGER,"
                      "UNIQUE "
                      "(origin_url, username_element, "
                      "username_value, password_element, "
                      "submit_element, signon_realm))")) {
       NOTREACHED();
       return false;
     }
     if (!db_.Execute("CREATE INDEX logins_signon ON "
                      "logins (signon_realm)")) {
       NOTREACHED();
@@ skipping 13 matching lines @@
 
   int total_accounts = 0;
   while (s.Step()) {
     int accounts_per_site = s.ColumnInt(1);
     total_accounts += accounts_per_site;
     UMA_HISTOGRAM_CUSTOM_COUNTS("PasswordManager.AccountsPerSite",
                                 accounts_per_site, 0, 32, 6);
   }
   UMA_HISTOGRAM_CUSTOM_COUNTS("PasswordManager.TotalAccounts",
                               total_accounts, 0, 32, 6);
+
+  sql::Statement usage_statement(db_.GetCachedStatement(
+      SQL_FROM_HERE,
+      "SELECT password_type, times_used FROM logins"));
+
+  if (!usage_statement.is_valid())
+    return;
+
+  while (usage_statement.Step()) {
+    PasswordForm::Type type = static_cast<PasswordForm::Type>(
+        usage_statement.ColumnInt(0));
+
+    std::string password_type = "";
+    if (type == PasswordForm::TYPE_GENERATED)
+      password_type = "Generated";
+
+    UMA_HISTOGRAM_CUSTOM_COUNTS(
+        base::StringPrintf("PasswordManager.Times%sPasswordUsed",

[vadimb1, 2013/05/28 19:55:39]

Does this work if the histogram name changes between function call in the same
process run? From the source code of UMA_HISTOGRAM_CUSTOM_COUNTS based on
STATIC_HISTOGRAM_POINTER_BLOCK looks like it checks the name to be constant.
Even if this works it still could be better to have the names explicit when you
just have 2 possible names. This would make code analysis tools (that try to
extract histogram names from the code) work in this case.

[Garrett Casto, 2013/05/28 21:00:22]

Good catch. Changed.

+                           password_type.c_str()),
+        usage_statement.ColumnInt(1), 0, 100, 10);
+  }
 }
 
 bool LoginDatabase::AddLogin(const PasswordForm& form) {
   std::string encrypted_password;
   if (!EncryptedString(form.password_value, &encrypted_password))
     return false;
 
   // You *must* change LoginTableColumns if this query changes.
   sql::Statement s(db_.GetCachedStatement(SQL_FROM_HERE,
       "INSERT OR REPLACE INTO logins "
       "(origin_url, action_url, username_element, username_value, "
       " password_element, password_value, submit_element, "
-      " signon_realm, ssl_valid, preferred, date_created, "
-      " blacklisted_by_user, scheme, password_type, possible_usernames) "
+      " signon_realm, ssl_valid, preferred, date_created, blacklisted_by_user, "
+      " scheme, password_type, possible_usernames, times_used) "
       "VALUES "
-      "(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"));
+      "(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"));
   s.BindString(COLUMN_ORIGIN_URL, form.origin.spec());
   s.BindString(COLUMN_ACTION_URL, form.action.spec());
   s.BindString16(COLUMN_USERNAME_ELEMENT, form.username_element);
   s.BindString16(COLUMN_USERNAME_VALUE, form.username_value);
   s.BindString16(COLUMN_PASSWORD_ELEMENT, form.password_element);
   s.BindBlob(COLUMN_PASSWORD_VALUE, encrypted_password.data(),
               static_cast<int>(encrypted_password.length()));
   s.BindString16(COLUMN_SUBMIT_ELEMENT, form.submit_element);
   s.BindString(COLUMN_SIGNON_REALM, form.signon_realm);
   s.BindInt(COLUMN_SSL_VALID, form.ssl_valid);
   s.BindInt(COLUMN_PREFERRED, form.preferred);
   s.BindInt64(COLUMN_DATE_CREATED, form.date_created.ToTimeT());
   s.BindInt(COLUMN_BLACKLISTED_BY_USER, form.blacklisted_by_user);
   s.BindInt(COLUMN_SCHEME, form.scheme);
   s.BindInt(COLUMN_PASSWORD_TYPE, form.type);
   Pickle pickle = SerializeVector(form.possible_usernames);
   s.BindBlob(COLUMN_POSSIBLE_USERNAMES, pickle.data(), pickle.size());
+  s.BindInt(COLUMN_TIMES_USED, form.times_used);
 
   return s.Run();
 }
 
 bool LoginDatabase::UpdateLogin(const PasswordForm& form, int* items_changed) {
   std::string encrypted_password;
   if (!EncryptedString(form.password_value, &encrypted_password))
     return false;
 
   sql::Statement s(db_.GetCachedStatement(SQL_FROM_HERE,
       "UPDATE logins SET "
       "action_url = ?, "
       "password_value = ?, "
       "ssl_valid = ?, "
       "preferred = ?, "
-      "possible_usernames = ? "
+      "possible_usernames = ?, "
+      "times_used = ? "
       "WHERE origin_url = ? AND "
       "username_element = ? AND "
       "username_value = ? AND "
       "password_element = ? AND "
       "signon_realm = ?"));
   s.BindString(0, form.action.spec());
   s.BindBlob(1, encrypted_password.data(),
              static_cast<int>(encrypted_password.length()));
   s.BindInt(2, form.ssl_valid);
   s.BindInt(3, form.preferred);
   Pickle pickle = SerializeVector(form.possible_usernames);
   s.BindBlob(4, pickle.data(), pickle.size());
-  s.BindString(5, form.origin.spec());
-  s.BindString16(6, form.username_element);
-  s.BindString16(7, form.username_value);
-  s.BindString16(8, form.password_element);
-  s.BindString(9, form.signon_realm);
+  s.BindInt(5, form.times_used);
+  s.BindString(6, form.origin.spec());
+  s.BindString16(7, form.username_element);
+  s.BindString16(8, form.username_value);
+  s.BindString16(9, form.password_element);
+  s.BindString(10, form.signon_realm);
 
   if (!s.Run())
     return false;
 
   if (items_changed)
     *items_changed = db_.GetLastChangeCount();
 
   return true;
 }
 
@@ skipping 56 matching lines @@
   int scheme_int = s.ColumnInt(COLUMN_SCHEME);
   DCHECK((scheme_int >= 0) && (scheme_int <= PasswordForm::SCHEME_OTHER));
   form->scheme = static_cast<PasswordForm::Scheme>(scheme_int);
   int type_int = s.ColumnInt(COLUMN_PASSWORD_TYPE);
   DCHECK(type_int >= 0 && type_int <= PasswordForm::TYPE_GENERATED);
   form->type = static_cast<PasswordForm::Type>(type_int);
   Pickle pickle(
       static_cast<const char*>(s.ColumnBlob(COLUMN_POSSIBLE_USERNAMES)),
       s.ColumnByteLength(COLUMN_POSSIBLE_USERNAMES));
   form->possible_usernames = DeserializeVector(pickle);
+  form->times_used = s.ColumnInt(COLUMN_TIMES_USED);
   return true;
 }
 
 bool LoginDatabase::GetLogins(const PasswordForm& form,
                               std::vector<PasswordForm*>* forms) const {
   DCHECK(forms);
   // You *must* change LoginTableColumns if this query changes.
   sql::Statement s(db_.GetCachedStatement(SQL_FROM_HERE,
       "SELECT origin_url, action_url, "
       "username_element, username_value, "
-      "password_element, password_value, "
-      "submit_element, signon_realm, ssl_valid, preferred, date_created, "
-      "blacklisted_by_user, scheme, password_type, possible_usernames "
+      "password_element, password_value, submit_element, "
+      "signon_realm, ssl_valid, preferred, date_created, blacklisted_by_user, "
+      "scheme, password_type, possible_usernames, times_used "
       "FROM logins WHERE signon_realm == ? "));
   s.BindString(0, form.signon_realm);
 
   while (s.Step()) {
     scoped_ptr<PasswordForm> new_form(new PasswordForm());
     if (!InitPasswordFormFromStatement(new_form.get(), s))
       return false;
     forms->push_back(new_form.release());
   }
   return s.Succeeded();
 }
 
 bool LoginDatabase::GetLoginsCreatedBetween(
     const base::Time begin,
     const base::Time end,
     std::vector<content::PasswordForm*>* forms) const {
   DCHECK(forms);
   sql::Statement s(db_.GetCachedStatement(SQL_FROM_HERE,
       "SELECT origin_url, action_url, "
       "username_element, username_value, "
-      "password_element, password_value, "
-      "submit_element, signon_realm, ssl_valid, preferred, date_created, "
-      "blacklisted_by_user, scheme, password_type, possible_usernames "
+      "password_element, password_value, submit_element, "
+      "signon_realm, ssl_valid, preferred, date_created, blacklisted_by_user, "
+      "scheme, password_type, possible_usernames, times_used "
       "FROM logins WHERE date_created >= ? AND date_created < ?"
       "ORDER BY origin_url"));
   s.BindInt64(0, begin.ToTimeT());
   s.BindInt64(1, end.is_null() ? std::numeric_limits<int64>::max()
                                : end.ToTimeT());
 
   while (s.Step()) {
     scoped_ptr<PasswordForm> new_form(new PasswordForm());
     if (!InitPasswordFormFromStatement(new_form.get(), s))
       return false;
@@ skipping 12 matching lines @@
   return GetAllLoginsWithBlacklistSetting(true, forms);
 }
 
 bool LoginDatabase::GetAllLoginsWithBlacklistSetting(
     bool blacklisted, std::vector<PasswordForm*>* forms) const {
   DCHECK(forms);
   // You *must* change LoginTableColumns if this query changes.
   sql::Statement s(db_.GetCachedStatement(SQL_FROM_HERE,
       "SELECT origin_url, action_url, "
       "username_element, username_value, "
-      "password_element, password_value, "
-      "submit_element, signon_realm, ssl_valid, preferred, date_created, "
-      "blacklisted_by_user, scheme, password_type, possible_usernames "
+      "password_element, password_value, submit_element, "
+      "signon_realm, ssl_valid, preferred, date_created, blacklisted_by_user, "
+      "scheme, password_type, possible_usernames, times_used "
       "FROM logins WHERE blacklisted_by_user == ? "
       "ORDER BY origin_url"));
   s.BindInt(0, blacklisted ? 1 : 0);
 
   while (s.Step()) {
     scoped_ptr<PasswordForm> new_form(new PasswordForm());
     if (!InitPasswordFormFromStatement(new_form.get(), s))
       return false;
     forms->push_back(new_form.release());
   }
@@ skipping 19 matching lines @@
 std::vector<string16> LoginDatabase::DeserializeVector(const Pickle& p) const {
   std::vector<string16> ret;
   string16 str;
 
   PickleIterator iterator(p);
   while (iterator.ReadString16(&str)) {
     ret.push_back(str);
   }
   return ret;
 }