OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ui/passwords/password_manager_presenter.h" | 5 #include "chrome/browser/ui/passwords/password_manager_presenter.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
9 #include "base/metrics/user_metrics_action.h" | 9 #include "base/metrics/user_metrics_action.h" |
10 #include "base/prefs/pref_service.h" | 10 #include "base/prefs/pref_service.h" |
(...skipping 22 matching lines...) Expand all Loading... |
33 require_reauthentication_ = !CommandLine::ForCurrentProcess()->HasSwitch( | 33 require_reauthentication_ = !CommandLine::ForCurrentProcess()->HasSwitch( |
34 switches::kDisablePasswordManagerReauthentication); | 34 switches::kDisablePasswordManagerReauthentication); |
35 } | 35 } |
36 | 36 |
37 PasswordManagerPresenter::~PasswordManagerPresenter() { | 37 PasswordManagerPresenter::~PasswordManagerPresenter() { |
38 PasswordStore* store = GetPasswordStore(); | 38 PasswordStore* store = GetPasswordStore(); |
39 if (store) | 39 if (store) |
40 store->RemoveObserver(this); | 40 store->RemoveObserver(this); |
41 } | 41 } |
42 | 42 |
| 43 // static |
| 44 bool PasswordManagerPresenter::CheckOriginValidityForAdding( |
| 45 const GURL& origin) { |
| 46 // Restrict the URL scheme to http and https since a manually-added |
| 47 // PasswordForm entry's |scheme| is assumed to be SCHEME_HTML. |
| 48 return origin.is_valid() && (origin.SchemeIs(url::kHttpScheme) || |
| 49 origin.SchemeIs(url::kHttpsScheme)); |
| 50 } |
| 51 |
43 void PasswordManagerPresenter::Initialize() { | 52 void PasswordManagerPresenter::Initialize() { |
44 // Due to the way that handlers are (re)initialized under certain types of | 53 // Due to the way that handlers are (re)initialized under certain types of |
45 // navigation, the presenter may already be initialized. (See bugs 88986 | 54 // navigation, the presenter may already be initialized. (See bugs 88986 |
46 // and 86448). If this is the case, return immediately. This is a hack. | 55 // and 86448). If this is the case, return immediately. This is a hack. |
47 // TODO(mdm): remove this hack once it is no longer necessary. | 56 // TODO(mdm): remove this hack once it is no longer necessary. |
48 if (!show_passwords_.GetPrefName().empty()) | 57 if (!show_passwords_.GetPrefName().empty()) |
49 return; | 58 return; |
50 | 59 |
51 show_passwords_.Init( | 60 show_passwords_.Init( |
52 password_manager::prefs::kPasswordManagerAllowShowPasswords, | 61 password_manager::prefs::kPasswordManagerAllowShowPasswords, |
(...skipping 23 matching lines...) Expand all Loading... |
76 last_authentication_time_ = base::TimeTicks(); | 85 last_authentication_time_ = base::TimeTicks(); |
77 | 86 |
78 // Reset the current lists. | 87 // Reset the current lists. |
79 password_list_.clear(); | 88 password_list_.clear(); |
80 password_exception_list_.clear(); | 89 password_exception_list_.clear(); |
81 | 90 |
82 populater_.Populate(); | 91 populater_.Populate(); |
83 exception_populater_.Populate(); | 92 exception_populater_.Populate(); |
84 } | 93 } |
85 | 94 |
| 95 void PasswordManagerPresenter::AddPassword( |
| 96 const GURL& origin, |
| 97 const base::string16& username_value, |
| 98 const base::string16& password_value) { |
| 99 #if defined(OS_ANDROID) |
| 100 NOTREACHED(); |
| 101 #else |
| 102 if (!CheckOriginValidityForAdding(origin) || password_value.empty()) { |
| 103 // Invalid |origin| or empty |password_value| can only come from a |
| 104 // compromised renderer. |
| 105 NOTREACHED(); |
| 106 return; |
| 107 } |
| 108 PasswordStore* store = GetPasswordStore(); |
| 109 if (!store) |
| 110 return; |
| 111 |
| 112 GURL::Replacements replacements; |
| 113 replacements.ClearUsername(); |
| 114 replacements.ClearPassword(); |
| 115 replacements.ClearQuery(); |
| 116 replacements.ClearRef(); |
| 117 autofill::PasswordForm form; |
| 118 form.origin = origin.ReplaceComponents(replacements); |
| 119 form.username_value = username_value; |
| 120 form.password_value = password_value; |
| 121 form.signon_realm = origin.GetOrigin().spec(); |
| 122 form.date_created = base::Time::Now(); |
| 123 |
| 124 // Because a secure scheme does not imply the presence of a valid certificate, |
| 125 // this is not precise. However we give it the benefit of the doubt so that |
| 126 // PasswordForms with a https origin will not be auto-filled unless the form |
| 127 // comes with a valid SSL certificate. |
| 128 form.ssl_valid = origin.SchemeIsSecure(); |
| 129 |
| 130 store->AddLogin(form); |
| 131 #endif |
| 132 } |
| 133 |
| 134 void PasswordManagerPresenter::UpdatePassword( |
| 135 size_t index, |
| 136 const base::string16& password_value) { |
| 137 #if defined(OS_ANDROID) |
| 138 NOTREACHED(); |
| 139 #else |
| 140 if (index >= password_list_.size() || password_value.empty()) { |
| 141 // |index| out of bounds might come from a compromised renderer, don't let |
| 142 // it crash the browser. http://crbug.com/362054 |
| 143 // Similarly, empty |password_value| also might come from a compromised |
| 144 // renderer. So use the same logic to prevent saving it. |
| 145 NOTREACHED(); |
| 146 return; |
| 147 } |
| 148 PasswordStore* store = GetPasswordStore(); |
| 149 if (!store) |
| 150 return; |
| 151 autofill::PasswordForm form(*password_list_[index]); |
| 152 form.password_value = password_value; |
| 153 store->UpdateLogin(form); |
| 154 #endif |
| 155 } |
| 156 |
86 void PasswordManagerPresenter::RemoveSavedPassword(size_t index) { | 157 void PasswordManagerPresenter::RemoveSavedPassword(size_t index) { |
87 if (index >= password_list_.size()) { | 158 if (index >= password_list_.size()) { |
88 // |index| out of bounds might come from a compromised renderer, don't let | 159 // |index| out of bounds might come from a compromised renderer, don't let |
89 // it crash the browser. http://crbug.com/362054 | 160 // it crash the browser. http://crbug.com/362054 |
90 NOTREACHED(); | 161 NOTREACHED(); |
91 return; | 162 return; |
92 } | 163 } |
93 PasswordStore* store = GetPasswordStore(); | 164 PasswordStore* store = GetPasswordStore(); |
94 if (!store) | 165 if (!store) |
95 return; | 166 return; |
(...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
232 } | 303 } |
233 | 304 |
234 void PasswordManagerPresenter::PasswordExceptionListPopulater:: | 305 void PasswordManagerPresenter::PasswordExceptionListPopulater:: |
235 OnGetPasswordStoreResults( | 306 OnGetPasswordStoreResults( |
236 const std::vector<autofill::PasswordForm*>& results) { | 307 const std::vector<autofill::PasswordForm*>& results) { |
237 page_->password_exception_list_.clear(); | 308 page_->password_exception_list_.clear(); |
238 page_->password_exception_list_.insert(page_->password_exception_list_.end(), | 309 page_->password_exception_list_.insert(page_->password_exception_list_.end(), |
239 results.begin(), results.end()); | 310 results.begin(), results.end()); |
240 page_->SetPasswordExceptionList(); | 311 page_->SetPasswordExceptionList(); |
241 } | 312 } |
OLD | NEW |