| Index: chrome/browser/password_manager/login_database.cc
|
| diff --git a/chrome/browser/password_manager/login_database.cc b/chrome/browser/password_manager/login_database.cc
|
| index ff431de6da21eaf71d8c70b57e09a046d6e46285..460ff9940fc8d637d10a58fb8fefd61cd2fc0ebf 100644
|
| --- a/chrome/browser/password_manager/login_database.cc
|
| +++ b/chrome/browser/password_manager/login_database.cc
|
| @@ -7,14 +7,18 @@
|
| #include <algorithm>
|
| #include <limits>
|
|
|
| +#include "base/command_line.h"
|
| #include "base/file_util.h"
|
| #include "base/files/file_path.h"
|
| #include "base/logging.h"
|
| #include "base/metrics/histogram.h"
|
| #include "base/pickle.h"
|
| +#include "base/string_util.h"
|
| #include "base/strings/string_number_conversions.h"
|
| #include "base/time.h"
|
| #include "base/utf_string_conversions.h"
|
| +#include "chrome/common/chrome_switches.h"
|
| +#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
|
| #include "sql/statement.h"
|
| #include "sql/transaction.h"
|
|
|
| @@ -45,6 +49,13 @@ enum LoginTableColumns {
|
| COLUMN_TIMES_USED
|
| };
|
|
|
| +std::string GetRegistryControlledDomain(const std::string& signon_realm_str) {
|
| + const GURL signon_realm(signon_realm_str);
|
| + return net::registry_controlled_domains::GetDomainAndRegistry(
|
| + signon_realm,
|
| + net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES);
|
| +}
|
| +
|
| } // namespace
|
|
|
| LoginDatabase::LoginDatabase() {
|
| @@ -100,6 +111,10 @@ bool LoginDatabase::Init(const base::FilePath& db_path) {
|
| db_.Close();
|
| return false;
|
| }
|
| +
|
| + psl_domain_matching_ = CommandLine::ForCurrentProcess()->HasSwitch(
|
| + switches::kEnablePasswordAutofillPSLDomainMatching);
|
| +
|
| return true;
|
| }
|
|
|
| @@ -334,6 +349,8 @@ bool LoginDatabase::InitPasswordFormFromStatement(PasswordForm* form,
|
| form->submit_element = s.ColumnString16(COLUMN_SUBMIT_ELEMENT);
|
| tmp = s.ColumnString(COLUMN_SIGNON_REALM);
|
| form->signon_realm = tmp;
|
| + form->original_signon_realm = "";
|
| + form->is_psl_origin_match = false;
|
| form->ssl_valid = (s.ColumnInt(COLUMN_SSL_VALID) > 0);
|
| form->preferred = (s.ColumnInt(COLUMN_PREFERRED) > 0);
|
| form->date_created = base::Time::FromTimeT(
|
| @@ -357,19 +374,63 @@ bool LoginDatabase::GetLogins(const PasswordForm& form,
|
| std::vector<PasswordForm*>* forms) const {
|
| DCHECK(forms);
|
| // You *must* change LoginTableColumns if this query changes.
|
| - sql::Statement s(db_.GetCachedStatement(SQL_FROM_HERE,
|
| - "SELECT origin_url, action_url, "
|
| + const std::string sql_query = "SELECT origin_url, action_url, "
|
| "username_element, username_value, "
|
| "password_element, password_value, submit_element, "
|
| "signon_realm, ssl_valid, preferred, date_created, blacklisted_by_user, "
|
| "scheme, password_type, possible_usernames, times_used "
|
| - "FROM logins WHERE signon_realm == ? "));
|
| - s.BindString(0, form.signon_realm);
|
| + "FROM logins WHERE signon_realm == ? ";
|
| + sql::Statement s;
|
| + if (psl_domain_matching_) {
|
| + const std::string extended_sql_query =
|
| + sql_query + "OR signon_realm REGEXP ? ";
|
| + // TODO(nyquist) Re-enable usage of cached statements if possible.
|
| + // s.Assign(db_.GetCachedStatement(SQL_FROM_HERE, sql_query.c_str()));
|
| + s.Assign(db_.GetUniqueStatement(extended_sql_query.c_str()));
|
| + std::string domain = GetRegistryControlledDomain(form.signon_realm);
|
| + // We need to escape ., - and _ in the domain. Since the domain has already
|
| + // been sanitized using GURL, we do not need to escape any other characters.
|
| + ReplaceChars(domain, ".", "\\.", &domain);
|
| + ReplaceChars(domain, "-", "\\-", &domain);
|
| + // For a domain such as foo.bar, this regexp will match domains for http
|
| + // and https and on the form: http://foo.bar/, http://www.foo.bar/,
|
| + // http://www.mobile.foo.bar/. It will not match http://notfoo.bar/.
|
| + // It also matches any port, such as http://foo.bar:8080/.
|
| + std::string regexp =
|
| + "^((http|https):\\/\\/)([\\w\\-_]+\\.)*" + domain + "(:\\d+)?\\/$";
|
| + s.BindString(0, form.signon_realm);
|
| + s.BindString(1, regexp);
|
| + } else {
|
| + s.Assign(db_.GetCachedStatement(SQL_FROM_HERE, sql_query.c_str()));
|
| + s.BindString(0, form.signon_realm);
|
| + }
|
|
|
| while (s.Step()) {
|
| scoped_ptr<PasswordForm> new_form(new PasswordForm());
|
| if (!InitPasswordFormFromStatement(new_form.get(), s))
|
| return false;
|
| + if (psl_domain_matching_) {
|
| + const std::string found_registry_controlled_domain =
|
| + GetRegistryControlledDomain(new_form->signon_realm);
|
| + const std::string form_registry_controlled_domain =
|
| + GetRegistryControlledDomain(form.signon_realm);
|
| + if (found_registry_controlled_domain != form_registry_controlled_domain) {
|
| + // The database returned results that should not match. Skipping result.
|
| + continue;
|
| + }
|
| + if (form.signon_realm != new_form->signon_realm) {
|
| + // This is not a perfect match, so we need to create a new valid result.
|
| + // We do this by copying over origin, signon realm and action from the
|
| + // observed form and setting the original signon realm to what we found
|
| + // in the database. We also set a flag to notify the caller that this
|
| + // is not a perfect match.
|
| + new_form->is_psl_origin_match = true;
|
| + new_form->original_signon_realm = new_form->signon_realm;
|
| + new_form->origin = form.origin;
|
| + new_form->signon_realm = form.signon_realm;
|
| + new_form->action = form.action;
|
| + }
|
| + }
|
| forms->push_back(new_form.release());
|
| }
|
| return s.Succeeded();
|
|
|
Chromium Code Reviews
Issue 15660018:
[autofill] Add support for PSL domain matching for password autofill. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src