Popular sites on the NTP: check that experiment group StartsWith (rather than IS...
[chromium-blink-merge.git] / chrome / browser / password_manager / password_store_x.cc
blob186964ba4f1bd76e1be25889cce772d7b828c1a4
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/password_manager/password_store_x.h"
7 #include <algorithm>
8 #include <map>
9 #include <vector>
11 #include "base/bind.h"
12 #include "base/logging.h"
13 #include "base/prefs/pref_service.h"
14 #include "base/stl_util.h"
15 #include "chrome/browser/chrome_notification_types.h"
16 #include "components/password_manager/core/browser/password_store_change.h"
17 #include "components/password_manager/core/common/password_manager_pref_names.h"
18 #include "components/pref_registry/pref_registry_syncable.h"
19 #include "content/public/browser/browser_thread.h"
20 #include "content/public/browser/notification_service.h"
22 using autofill::PasswordForm;
23 using content::BrowserThread;
24 using password_manager::PasswordStoreChange;
25 using password_manager::PasswordStoreChangeList;
26 using password_manager::PasswordStoreDefault;
28 namespace {
30 bool AddLoginToBackend(const scoped_ptr<PasswordStoreX::NativeBackend>& backend,
31 const PasswordForm& form,
32 PasswordStoreChangeList* changes) {
33 *changes = backend->AddLogin(form);
34 return (!changes->empty() &&
35 changes->back().type() == PasswordStoreChange::ADD);
38 } // namespace
40 PasswordStoreX::PasswordStoreX(
41 scoped_refptr<base::SingleThreadTaskRunner> main_thread_runner,
42 scoped_refptr<base::SingleThreadTaskRunner> db_thread_runner,
43 scoped_ptr<password_manager::LoginDatabase> login_db,
44 NativeBackend* backend)
45 : PasswordStoreDefault(main_thread_runner,
46 db_thread_runner,
47 login_db.Pass()),
48 backend_(backend),
49 migration_checked_(!backend),
50 allow_fallback_(false) {
53 PasswordStoreX::~PasswordStoreX() {}
55 PasswordStoreChangeList PasswordStoreX::AddLoginImpl(const PasswordForm& form) {
56 CheckMigration();
57 PasswordStoreChangeList changes;
58 if (use_native_backend() && AddLoginToBackend(backend_, form, &changes)) {
59 allow_fallback_ = false;
60 } else if (allow_default_store()) {
61 changes = PasswordStoreDefault::AddLoginImpl(form);
63 return changes;
66 PasswordStoreChangeList PasswordStoreX::UpdateLoginImpl(
67 const PasswordForm& form) {
68 CheckMigration();
69 PasswordStoreChangeList changes;
70 if (use_native_backend() && backend_->UpdateLogin(form, &changes)) {
71 allow_fallback_ = false;
72 } else if (allow_default_store()) {
73 changes = PasswordStoreDefault::UpdateLoginImpl(form);
75 return changes;
78 PasswordStoreChangeList PasswordStoreX::RemoveLoginImpl(
79 const PasswordForm& form) {
80 CheckMigration();
81 PasswordStoreChangeList changes;
82 if (use_native_backend() && backend_->RemoveLogin(form, &changes)) {
83 allow_fallback_ = false;
84 } else if (allow_default_store()) {
85 changes = PasswordStoreDefault::RemoveLoginImpl(form);
87 return changes;
90 PasswordStoreChangeList PasswordStoreX::RemoveLoginsCreatedBetweenImpl(
91 base::Time delete_begin,
92 base::Time delete_end) {
93 CheckMigration();
94 PasswordStoreChangeList changes;
95 if (use_native_backend() &&
96 backend_->RemoveLoginsCreatedBetween(
97 delete_begin, delete_end, &changes)) {
98 LogStatsForBulkDeletion(changes.size());
99 allow_fallback_ = false;
100 } else if (allow_default_store()) {
101 changes = PasswordStoreDefault::RemoveLoginsCreatedBetweenImpl(delete_begin,
102 delete_end);
104 return changes;
107 PasswordStoreChangeList PasswordStoreX::RemoveLoginsSyncedBetweenImpl(
108 base::Time delete_begin,
109 base::Time delete_end) {
110 CheckMigration();
111 PasswordStoreChangeList changes;
112 if (use_native_backend() &&
113 backend_->RemoveLoginsSyncedBetween(delete_begin, delete_end, &changes)) {
114 LogStatsForBulkDeletionDuringRollback(changes.size());
115 allow_fallback_ = false;
116 } else if (allow_default_store()) {
117 changes = PasswordStoreDefault::RemoveLoginsSyncedBetweenImpl(delete_begin,
118 delete_end);
120 return changes;
123 namespace {
125 struct LoginLessThan {
126 bool operator()(const PasswordForm* a, const PasswordForm* b) {
127 return a->origin < b->origin;
131 // Sorts |list| by origin, like the ORDER BY clause in login_database.cc.
132 void SortLoginsByOrigin(std::vector<autofill::PasswordForm*>* list) {
133 std::sort(list->begin(), list->end(), LoginLessThan());
136 } // anonymous namespace
138 ScopedVector<autofill::PasswordForm> PasswordStoreX::FillMatchingLogins(
139 const autofill::PasswordForm& form,
140 AuthorizationPromptPolicy prompt_policy) {
141 CheckMigration();
142 ScopedVector<autofill::PasswordForm> matched_forms;
143 if (use_native_backend() && backend_->GetLogins(form, &matched_forms)) {
144 SortLoginsByOrigin(&matched_forms.get());
145 // The native backend may succeed and return no data even while locked, if
146 // the query did not match anything stored. So we continue to allow fallback
147 // until we perform a write operation, or until a read returns actual data.
148 if (!matched_forms.empty())
149 allow_fallback_ = false;
150 return matched_forms.Pass();
152 if (allow_default_store())
153 return PasswordStoreDefault::FillMatchingLogins(form, prompt_policy);
154 return ScopedVector<autofill::PasswordForm>();
157 bool PasswordStoreX::FillAutofillableLogins(
158 ScopedVector<autofill::PasswordForm>* forms) {
159 CheckMigration();
160 if (use_native_backend() && backend_->GetAutofillableLogins(forms)) {
161 SortLoginsByOrigin(&forms->get());
162 // See GetLoginsImpl() for why we disallow fallback conditionally here.
163 if (!forms->empty())
164 allow_fallback_ = false;
165 return true;
167 if (allow_default_store())
168 return PasswordStoreDefault::FillAutofillableLogins(forms);
169 return false;
172 bool PasswordStoreX::FillBlacklistLogins(
173 ScopedVector<autofill::PasswordForm>* forms) {
174 CheckMigration();
175 if (use_native_backend() && backend_->GetBlacklistLogins(forms)) {
176 // See GetLoginsImpl() for why we disallow fallback conditionally here.
177 SortLoginsByOrigin(&forms->get());
178 if (!forms->empty())
179 allow_fallback_ = false;
180 return true;
182 if (allow_default_store())
183 return PasswordStoreDefault::FillBlacklistLogins(forms);
184 return false;
187 void PasswordStoreX::CheckMigration() {
188 DCHECK_CURRENTLY_ON(BrowserThread::DB);
189 if (migration_checked_ || !backend_.get())
190 return;
191 migration_checked_ = true;
192 ssize_t migrated = MigrateLogins();
193 if (migrated > 0) {
194 VLOG(1) << "Migrated " << migrated << " passwords to native store.";
195 } else if (migrated == 0) {
196 // As long as we are able to migrate some passwords, we know the native
197 // store is working. But if there is nothing to migrate, the "migration"
198 // can succeed even when the native store would fail. In this case we
199 // allow a later fallback to the default store. Once any later operation
200 // succeeds on the native store, we will no longer allow fallback.
201 allow_fallback_ = true;
202 } else {
203 LOG(WARNING) << "Native password store migration failed! " <<
204 "Falling back on default (unencrypted) store.";
205 backend_.reset();
209 bool PasswordStoreX::allow_default_store() {
210 if (allow_fallback_) {
211 LOG(WARNING) << "Native password store failed! " <<
212 "Falling back on default (unencrypted) store.";
213 backend_.reset();
214 // Don't warn again. We'll use the default store because backend_ is NULL.
215 allow_fallback_ = false;
217 return !backend_.get();
220 ssize_t PasswordStoreX::MigrateLogins() {
221 DCHECK(backend_.get());
222 ScopedVector<autofill::PasswordForm> forms;
223 ScopedVector<autofill::PasswordForm> blacklist_forms;
224 bool ok = PasswordStoreDefault::FillAutofillableLogins(&forms) &&
225 PasswordStoreDefault::FillBlacklistLogins(&blacklist_forms);
226 forms.reserve(forms.size() + blacklist_forms.size());
227 forms.insert(forms.end(), blacklist_forms.begin(), blacklist_forms.end());
228 blacklist_forms.weak_clear();
229 if (ok) {
230 // We add all the passwords (and blacklist entries) to the native backend
231 // before attempting to remove any from the login database, to make sure we
232 // don't somehow end up with some of the passwords in one store and some in
233 // another. We'll always have at least one intact store this way.
234 for (size_t i = 0; i < forms.size(); ++i) {
235 PasswordStoreChangeList changes;
236 if (!AddLoginToBackend(backend_, *forms[i], &changes)) {
237 ok = false;
238 break;
241 if (ok) {
242 for (size_t i = 0; i < forms.size(); ++i) {
243 // If even one of these calls to RemoveLoginImpl() succeeds, then we
244 // should prefer the native backend to the now-incomplete login
245 // database. Thus we want to return a success status even in the case
246 // where some fail. The only real problem with this is that we might
247 // leave passwords in the login database and never come back to clean
248 // them out if any of these calls do fail.
249 PasswordStoreDefault::RemoveLoginImpl(*forms[i]);
251 // Finally, delete the database file itself. We remove the passwords from
252 // it before deleting the file just in case there is some problem deleting
253 // the file (e.g. directory is not writable, but file is), which would
254 // otherwise cause passwords to re-migrate next (or maybe every) time.
255 DeleteAndRecreateDatabaseFile();
258 ssize_t result = ok ? forms.size() : -1;
259 return result;