Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / download / download_request_limiter.h
blobe086f254539e8d89e9fb67878c1d19990890a91d
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_DOWNLOAD_DOWNLOAD_REQUEST_LIMITER_H_
6 #define CHROME_BROWSER_DOWNLOAD_DOWNLOAD_REQUEST_LIMITER_H_
8 #include <map>
9 #include <string>
10 #include <vector>
12 #include "base/callback.h"
13 #include "base/gtest_prod_util.h"
14 #include "base/memory/ref_counted.h"
15 #include "base/memory/weak_ptr.h"
16 #include "components/content_settings/core/common/content_settings.h"
17 #include "content/public/browser/notification_observer.h"
18 #include "content/public/browser/notification_registrar.h"
19 #include "content/public/browser/web_contents_observer.h"
21 class HostContentSettingsMap;
22 class DownloadRequestInfoBarDelegate;
24 namespace content {
25 class NavigationController;
26 class WebContents;
29 // DownloadRequestLimiter is responsible for determining whether a download
30 // should be allowed or not. It is designed to keep pages from downloading
31 // multiple files without user interaction. DownloadRequestLimiter is invoked
32 // from ResourceDispatcherHost any time a download begins
33 // (CanDownloadOnIOThread). The request is processed on the UI thread, and the
34 // request is notified (back on the IO thread) as to whether the download should
35 // be allowed or denied.
37 // Invoking CanDownloadOnIOThread notifies the callback and may update the
38 // download status. The following details the various states:
39 // . Each NavigationController initially starts out allowing a download
40 // (ALLOW_ONE_DOWNLOAD).
41 // . The first time CanDownloadOnIOThread is invoked the download is allowed and
42 // the state changes to PROMPT_BEFORE_DOWNLOAD.
43 // . If the state is PROMPT_BEFORE_DOWNLOAD and the user clicks the mouse,
44 // presses enter, the space bar or navigates to another page the state is
45 // reset to ALLOW_ONE_DOWNLOAD.
46 // . If a download is attempted and the state is PROMPT_BEFORE_DOWNLOAD the user
47 // is prompted as to whether the download is allowed or disallowed. The users
48 // choice stays until the user navigates to a different host. For example, if
49 // the user allowed the download, multiple downloads are allowed without any
50 // user intervention until the user navigates to a different host.
51 class DownloadRequestLimiter
52 : public base::RefCountedThreadSafe<DownloadRequestLimiter> {
53 public:
54 // Download status for a particular page. See class description for details.
55 enum DownloadStatus {
56 ALLOW_ONE_DOWNLOAD,
57 PROMPT_BEFORE_DOWNLOAD,
58 ALLOW_ALL_DOWNLOADS,
59 DOWNLOADS_NOT_ALLOWED
62 // Max number of downloads before a "Prompt Before Download" Dialog is shown.
63 static const size_t kMaxDownloadsAtOnce = 50;
65 // The callback from CanDownloadOnIOThread. This is invoked on the io thread.
66 // The boolean parameter indicates whether or not the download is allowed.
67 typedef base::Callback<void(bool /*allow*/)> Callback;
69 // TabDownloadState maintains the download state for a particular tab.
70 // TabDownloadState prompts the user with an infobar as necessary.
71 // TabDownloadState deletes itself (by invoking
72 // DownloadRequestLimiter::Remove) as necessary.
73 // TODO(gbillock): just make this class implement PermissionBubbleRequest.
74 class TabDownloadState : public content::NotificationObserver,
75 public content::WebContentsObserver {
76 public:
77 // Creates a new TabDownloadState. |controller| is the controller the
78 // TabDownloadState tracks the state of and is the host for any dialogs that
79 // are displayed. |originating_controller| is used to determine the host of
80 // the initial download. If |originating_controller| is null, |controller|
81 // is used. |originating_controller| is typically null, but differs from
82 // |controller| in the case of a constrained popup requesting the download.
83 TabDownloadState(DownloadRequestLimiter* host,
84 content::WebContents* web_contents,
85 content::WebContents* originating_web_contents);
86 ~TabDownloadState() override;
88 // Status of the download.
89 void set_download_status(DownloadRequestLimiter::DownloadStatus status) {
90 status_ = status;
92 DownloadRequestLimiter::DownloadStatus download_status() const {
93 return status_;
96 // Number of "ALLOWED" downloads.
97 void increment_download_count() {
98 download_count_++;
100 size_t download_count() const {
101 return download_count_;
104 // content::WebContentsObserver overrides.
105 void DidNavigateMainFrame(
106 const content::LoadCommittedDetails& details,
107 const content::FrameNavigateParams& params) override;
108 // Invoked when a user gesture occurs (mouse click, enter or space). This
109 // may result in invoking Remove on DownloadRequestLimiter.
110 void DidGetUserGesture() override;
111 void WebContentsDestroyed() override;
113 // Asks the user if they really want to allow the download.
114 // See description above CanDownloadOnIOThread for details on lifetime of
115 // callback.
116 void PromptUserForDownload(
117 const DownloadRequestLimiter::Callback& callback);
119 // Invoked from DownloadRequestDialogDelegate. Notifies the delegates and
120 // changes the status appropriately. Virtual for testing.
121 virtual void Cancel();
122 virtual void CancelOnce();
123 virtual void Accept();
125 protected:
126 // Used for testing.
127 TabDownloadState();
129 private:
130 // Are we showing a prompt to the user? Determined by whether
131 // we have an outstanding weak pointer--weak pointers are only
132 // given to the info bar delegate or permission bubble request.
133 bool is_showing_prompt() const;
135 // content::NotificationObserver method.
136 void Observe(int type,
137 const content::NotificationSource& source,
138 const content::NotificationDetails& details) override;
140 // Remember to either block or allow automatic downloads from this origin.
141 void SetContentSetting(ContentSetting setting);
143 // Notifies the callbacks as to whether the download is allowed or not.
144 // Updates status_ appropriately.
145 void NotifyCallbacks(bool allow);
147 content::WebContents* web_contents_;
149 DownloadRequestLimiter* host_;
151 // Host of the first page the download started on. This may be empty.
152 std::string initial_page_host_;
154 DownloadRequestLimiter::DownloadStatus status_;
156 size_t download_count_;
158 // Callbacks we need to notify. This is only non-empty if we're showing a
159 // dialog.
160 // See description above CanDownloadOnIOThread for details on lifetime of
161 // callbacks.
162 std::vector<DownloadRequestLimiter::Callback> callbacks_;
164 // Used to remove observers installed on NavigationController.
165 content::NotificationRegistrar registrar_;
167 // Weak pointer factory for generating a weak pointer to pass to the
168 // infobar. User responses to the throttling prompt will be returned
169 // through this channel, and it can be revoked if the user prompt result
170 // becomes moot.
171 base::WeakPtrFactory<DownloadRequestLimiter::TabDownloadState> factory_;
173 DISALLOW_COPY_AND_ASSIGN(TabDownloadState);
176 static void SetContentSettingsForTesting(HostContentSettingsMap* settings);
178 DownloadRequestLimiter();
180 // Returns the download status for a page. This does not change the state in
181 // anyway.
182 DownloadStatus GetDownloadStatus(content::WebContents* tab);
184 // Check if download can proceed and notifies the callback on UI thread.
185 void CanDownload(int render_process_host_id,
186 int render_view_id,
187 const GURL& url,
188 const std::string& request_method,
189 const Callback& callback);
191 private:
192 FRIEND_TEST_ALL_PREFIXES(DownloadTest, DownloadResourceThrottleCancels);
193 friend class base::RefCountedThreadSafe<DownloadRequestLimiter>;
194 friend class DownloadRequestLimiterTest;
195 friend class TabDownloadState;
197 ~DownloadRequestLimiter();
199 // Gets the download state for the specified controller. If the
200 // TabDownloadState does not exist and |create| is true, one is created.
201 // See TabDownloadState's constructor description for details on the two
202 // controllers.
204 // The returned TabDownloadState is owned by the DownloadRequestLimiter and
205 // deleted when no longer needed (the Remove method is invoked).
206 TabDownloadState* GetDownloadState(
207 content::WebContents* web_contents,
208 content::WebContents* originating_web_contents,
209 bool create);
211 // Does the work of updating the download status on the UI thread and
212 // potentially prompting the user.
213 void CanDownloadImpl(content::WebContents* originating_contents,
214 const std::string& request_method,
215 const Callback& callback);
217 // Invoked when decision to download has been made.
218 void OnCanDownloadDecided(int render_process_host_id,
219 int render_view_id,
220 const std::string& request_method,
221 const Callback& orig_callback,
222 bool allow);
224 // Removes the specified TabDownloadState from the internal map and deletes
225 // it. This has the effect of resetting the status for the tab to
226 // ALLOW_ONE_DOWNLOAD.
227 void Remove(TabDownloadState* state, content::WebContents* contents);
229 static HostContentSettingsMap* content_settings_;
230 static HostContentSettingsMap* GetContentSettings(
231 content::WebContents* contents);
233 // Maps from tab to download state. The download state for a tab only exists
234 // if the state is other than ALLOW_ONE_DOWNLOAD. Similarly once the state
235 // transitions from anything but ALLOW_ONE_DOWNLOAD back to ALLOW_ONE_DOWNLOAD
236 // the TabDownloadState is removed and deleted (by way of Remove).
237 typedef std::map<content::WebContents*, TabDownloadState*> StateMap;
238 StateMap state_map_;
240 // Weak ptr factory used when |CanDownload| asks the delegate asynchronously
241 // about the download.
242 base::WeakPtrFactory<DownloadRequestLimiter> factory_;
244 DISALLOW_COPY_AND_ASSIGN(DownloadRequestLimiter);
247 #endif // CHROME_BROWSER_DOWNLOAD_DOWNLOAD_REQUEST_LIMITER_H_