search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Disable view source for Developer Tools.
[chromium-blink-merge.git] / chrome / browser / password_manager / password_store_x.cc
blobe0f724d8daf165aaec4ef6bf40ef8c5294dffb2b
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/password_manager/password_store_x.h"
6
7 #include <algorithm>
8 #include <map>
9 #include <vector>
10
11 #include "base/bind.h"
12 #include "base/logging.h"
13 #include "base/prefs/pref_service.h"
14 #include "base/stl_util.h"
15 #include "chrome/browser/chrome_notification_types.h"
16 #include "chrome/browser/password_manager/password_store_change.h"
17 #include "chrome/common/pref_names.h"
18 #include "components/user_prefs/pref_registry_syncable.h"
19 #include "content/public/browser/browser_thread.h"
20 #include "content/public/browser/notification_service.h"
21
22 using autofill::PasswordForm;
23 using content::BrowserThread;
24 using std::vector;
25
26 PasswordStoreX::PasswordStoreX(LoginDatabase* login_db,
27 Profile* profile,
28 NativeBackend* backend)
29 : PasswordStoreDefault(login_db, profile),
30 backend_(backend), migration_checked_(!backend), allow_fallback_(false) {
31 }
32
33 PasswordStoreX::~PasswordStoreX() {}
34
35 void PasswordStoreX::AddLoginImpl(const PasswordForm& form) {
36 CheckMigration();
37 if (use_native_backend() && backend_->AddLogin(form)) {
38 PasswordStoreChangeList changes;
39 changes.push_back(PasswordStoreChange(PasswordStoreChange::ADD, form));
40 content::NotificationService::current()->Notify(
41 chrome::NOTIFICATION_LOGINS_CHANGED,
42 content::Source<PasswordStore>(this),
43 content::Details<PasswordStoreChangeList>(&changes));
44 allow_fallback_ = false;
45 } else if (allow_default_store()) {
46 PasswordStoreDefault::AddLoginImpl(form);
47 }
48 }
49
50 void PasswordStoreX::UpdateLoginImpl(const PasswordForm& form) {
51 CheckMigration();
52 if (use_native_backend() && backend_->UpdateLogin(form)) {
53 PasswordStoreChangeList changes;
54 changes.push_back(PasswordStoreChange(PasswordStoreChange::UPDATE, form));
55 content::NotificationService::current()->Notify(
56 chrome::NOTIFICATION_LOGINS_CHANGED,
57 content::Source<PasswordStore>(this),
58 content::Details<PasswordStoreChangeList>(&changes));
59 allow_fallback_ = false;
60 } else if (allow_default_store()) {
61 PasswordStoreDefault::UpdateLoginImpl(form);
62 }
63 }
64
65 void PasswordStoreX::RemoveLoginImpl(const PasswordForm& form) {
66 CheckMigration();
67 if (use_native_backend() && backend_->RemoveLogin(form)) {
68 PasswordStoreChangeList changes;
69 changes.push_back(PasswordStoreChange(PasswordStoreChange::REMOVE, form));
70 content::NotificationService::current()->Notify(
71 chrome::NOTIFICATION_LOGINS_CHANGED,
72 content::Source<PasswordStore>(this),
73 content::Details<PasswordStoreChangeList>(&changes));
74 allow_fallback_ = false;
75 } else if (allow_default_store()) {
76 PasswordStoreDefault::RemoveLoginImpl(form);
77 }
78 }
79
80 void PasswordStoreX::RemoveLoginsCreatedBetweenImpl(
81 const base::Time& delete_begin,
82 const base::Time& delete_end) {
83 CheckMigration();
84 vector<PasswordForm*> forms;
85 if (use_native_backend() &&
86 backend_->GetLoginsCreatedBetween(delete_begin, delete_end, &forms) &&
87 backend_->RemoveLoginsCreatedBetween(delete_begin, delete_end)) {
88 PasswordStoreChangeList changes;
89 for (vector<PasswordForm*>::const_iterator it = forms.begin();
90 it != forms.end(); ++it) {
91 changes.push_back(PasswordStoreChange(PasswordStoreChange::REMOVE,
92 **it));
93 }
94 LogStatsForBulkDeletion(changes.size());
95 content::NotificationService::current()->Notify(
96 chrome::NOTIFICATION_LOGINS_CHANGED,
97 content::Source<PasswordStore>(this),
98 content::Details<PasswordStoreChangeList>(&changes));
99 allow_fallback_ = false;
100 } else if (allow_default_store()) {
101 PasswordStoreDefault::RemoveLoginsCreatedBetweenImpl(delete_begin,
102 delete_end);
103 }
104 STLDeleteElements(&forms);
105 }
106
107 namespace {
108 struct LoginLessThan {
109 bool operator()(const PasswordForm* a, const PasswordForm* b) {
110 return a->origin < b->origin;
111 }
112 };
113 } // anonymous namespace
114
115 void PasswordStoreX::SortLoginsByOrigin(NativeBackend::PasswordFormList* list) {
116 // In login_database.cc, the query has ORDER BY origin_url. Simulate that.
117 std::sort(list->begin(), list->end(), LoginLessThan());
118 }
119
120 void PasswordStoreX::GetLoginsImpl(
121 const autofill::PasswordForm& form,
122 AuthorizationPromptPolicy prompt_policy,
123 const ConsumerCallbackRunner& callback_runner) {
124 CheckMigration();
125 std::vector<autofill::PasswordForm*> matched_forms;
126 if (use_native_backend() && backend_->GetLogins(form, &matched_forms)) {
127 SortLoginsByOrigin(&matched_forms);
128 callback_runner.Run(matched_forms);
129 // The native backend may succeed and return no data even while locked, if
130 // the query did not match anything stored. So we continue to allow fallback
131 // until we perform a write operation, or until a read returns actual data.
132 if (matched_forms.size() > 0)
133 allow_fallback_ = false;
134 } else if (allow_default_store()) {
135 DCHECK(matched_forms.empty());
136 PasswordStoreDefault::GetLoginsImpl(form, prompt_policy, callback_runner);
137 } else {
138 // The consumer will be left hanging unless we reply.
139 callback_runner.Run(matched_forms);
140 }
141 }
142
143 void PasswordStoreX::GetAutofillableLoginsImpl(GetLoginsRequest* request) {
144 CheckMigration();
145 if (use_native_backend() &&
146 backend_->GetAutofillableLogins(&request->value)) {
147 SortLoginsByOrigin(&request->value);
148 ForwardLoginsResult(request);
149 // See GetLoginsImpl() for why we disallow fallback conditionally here.
150 if (request->value.size() > 0)
151 allow_fallback_ = false;
152 } else if (allow_default_store()) {
153 PasswordStoreDefault::GetAutofillableLoginsImpl(request);
154 } else {
155 // The consumer will be left hanging unless we reply.
156 ForwardLoginsResult(request);
157 }
158 }
159
160 void PasswordStoreX::GetBlacklistLoginsImpl(GetLoginsRequest* request) {
161 CheckMigration();
162 if (use_native_backend() &&
163 backend_->GetBlacklistLogins(&request->value)) {
164 SortLoginsByOrigin(&request->value);
165 ForwardLoginsResult(request);
166 // See GetLoginsImpl() for why we disallow fallback conditionally here.
167 if (request->value.size() > 0)
168 allow_fallback_ = false;
169 } else if (allow_default_store()) {
170 PasswordStoreDefault::GetBlacklistLoginsImpl(request);
171 } else {
172 // The consumer will be left hanging unless we reply.
173 ForwardLoginsResult(request);
174 }
175 }
176
177 bool PasswordStoreX::FillAutofillableLogins(vector<PasswordForm*>* forms) {
178 CheckMigration();
179 if (use_native_backend() && backend_->GetAutofillableLogins(forms)) {
180 // See GetLoginsImpl() for why we disallow fallback conditionally here.
181 if (forms->size() > 0)
182 allow_fallback_ = false;
183 return true;
184 }
185 if (allow_default_store())
186 return PasswordStoreDefault::FillAutofillableLogins(forms);
187 return false;
188 }
189
190 bool PasswordStoreX::FillBlacklistLogins(vector<PasswordForm*>* forms) {
191 CheckMigration();
192 if (use_native_backend() && backend_->GetBlacklistLogins(forms)) {
193 // See GetLoginsImpl() for why we disallow fallback conditionally here.
194 if (forms->size() > 0)
195 allow_fallback_ = false;
196 return true;
197 }
198 if (allow_default_store())
199 return PasswordStoreDefault::FillBlacklistLogins(forms);
200 return false;
201 }
202
203 void PasswordStoreX::CheckMigration() {
204 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB));
205 if (migration_checked_ || !backend_.get())
206 return;
207 migration_checked_ = true;
208 ssize_t migrated = MigrateLogins();
209 if (migrated > 0) {
210 VLOG(1) << "Migrated " << migrated << " passwords to native store.";
211 } else if (migrated == 0) {
212 // As long as we are able to migrate some passwords, we know the native
213 // store is working. But if there is nothing to migrate, the "migration"
214 // can succeed even when the native store would fail. In this case we
215 // allow a later fallback to the default store. Once any later operation
216 // succeeds on the native store, we will no longer allow fallback.
217 allow_fallback_ = true;
218 } else {
219 LOG(WARNING) << "Native password store migration failed! " <<
220 "Falling back on default (unencrypted) store.";
221 backend_.reset(NULL);
222 }
223 }
224
225 bool PasswordStoreX::allow_default_store() {
226 if (allow_fallback_) {
227 LOG(WARNING) << "Native password store failed! " <<
228 "Falling back on default (unencrypted) store.";
229 backend_.reset(NULL);
230 // Don't warn again. We'll use the default store because backend_ is NULL.
231 allow_fallback_ = false;
232 }
233 return !backend_.get();
234 }
235
236 ssize_t PasswordStoreX::MigrateLogins() {
237 DCHECK(backend_.get());
238 vector<PasswordForm*> forms;
239 bool ok = PasswordStoreDefault::FillAutofillableLogins(&forms) &&
240 PasswordStoreDefault::FillBlacklistLogins(&forms);
241 if (ok) {
242 // We add all the passwords (and blacklist entries) to the native backend
243 // before attempting to remove any from the login database, to make sure we
244 // don't somehow end up with some of the passwords in one store and some in
245 // another. We'll always have at least one intact store this way.
246 for (size_t i = 0; i < forms.size(); ++i) {
247 if (!backend_->AddLogin(*forms[i])) {
248 ok = false;
249 break;
250 }
251 }
252 if (ok) {
253 for (size_t i = 0; i < forms.size(); ++i) {
254 // If even one of these calls to RemoveLoginImpl() succeeds, then we
255 // should prefer the native backend to the now-incomplete login
256 // database. Thus we want to return a success status even in the case
257 // where some fail. The only real problem with this is that we might
258 // leave passwords in the login database and never come back to clean
259 // them out if any of these calls do fail.
260 PasswordStoreDefault::RemoveLoginImpl(*forms[i]);
261 }
262 // Finally, delete the database file itself. We remove the passwords from
263 // it before deleting the file just in case there is some problem deleting
264 // the file (e.g. directory is not writable, but file is), which would
265 // otherwise cause passwords to re-migrate next (or maybe every) time.
266 DeleteAndRecreateDatabaseFile();
267 }
268 }
269 ssize_t result = ok ? forms.size() : -1;
270 STLDeleteElements(&forms);
271 return result;
272 }
273
274 #if !defined(OS_MACOSX) && !defined(OS_CHROMEOS) && defined(OS_POSIX)
275 // static
276 void PasswordStoreX::RegisterProfilePrefs(
277 user_prefs::PrefRegistrySyncable* registry) {
278 // Normally we should be on the UI thread here, but in tests we might not.
279 registry->RegisterBooleanPref(
280 prefs::kPasswordsUseLocalProfileId,
281 // default: passwords don't use local ids
282 false,
283 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
284 }
285
286 // static
287 bool PasswordStoreX::PasswordsUseLocalProfileId(PrefService* prefs) {
288 // Normally we should be on the UI thread here, but in tests we might not.
289 return prefs->GetBoolean(prefs::kPasswordsUseLocalProfileId);
290 }
291
292 namespace {
293 // This function is a hack to do something not entirely thread safe: the pref
294 // service comes from the UI thread, but it's not ref counted. We keep a pointer
295 // to it on the DB thread, and need to invoke a method on the UI thread. This
296 // function does that for us without requiring ref counting the pref service.
297 // TODO(mdm): Fix this if it becomes a problem. Given that this function will
298 // be called once ever per profile, it probably will not cause a problem...
299 void UISetPasswordsUseLocalProfileId(PrefService* prefs) {
300 prefs->SetBoolean(prefs::kPasswordsUseLocalProfileId, true);
301 }
302 } // anonymous namespace
303
304 // static
305 void PasswordStoreX::SetPasswordsUseLocalProfileId(PrefService* prefs) {
306 // This method should work on any thread, but we expect the DB thread.
307 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB));
308 BrowserThread::PostTask(BrowserThread::UI, FROM_HERE,
309 base::Bind(&UISetPasswordsUseLocalProfileId, prefs));
310 }
311 #endif // !defined(OS_MACOSX) && !defined(OS_CHROMEOS) && defined(OS_POSIX)