| blob | 60daf7d6e6076eaf4525c39d8074b75301307754 |
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is mozilla.org code.
15 *
16 * The Initial Developer of the Original Code is Mozilla Corporation.
17 * Portions created by the Initial Developer are Copyright (C) 2007
18 * the Initial Developer. All Rights Reserved.
19 *
20 * Contributor(s):
21 * Justin Dolske <dolske@mozilla.com> (original author)
22 *
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
34 *
35 * ***** END LICENSE BLOCK ***** */
45 }
56 /* ---------- private memebers ---------- */
65 },
74 },
84 },
93 },
110 }
119 }
120 }
123 },
132 /*
133 * init
134 *
135 * Initialize the Login Manager. Automatically called when service
136 * is created.
137 *
138 * Note: Service created in /browser/base/content/browser.js,
139 * delayedStartup()
140 */
143 // Cache references to current |this| in utility objects
149 // Preferences. Add observer so we get notified of changes.
155 // Get current preference values.
161 // Get constructor for nsILoginInfo
166 // Form submit observer checks forms for new logins and pw changes.
170 // WebProgressListener for getting notification of new doc loads.
177 },
180 /*
181 * log
182 *
183 * Internal function for logging debug messages to the Error Console window
184 */
190 },
193 /* ---------- Utility objects ---------- */
196 /*
197 * _observer object
198 *
199 * Internal utility object, implements the nsIObserver interface.
200 * Used to receive notification for: form submission, preference changes.
201 */
202 _observer : {
210 // nsFormSubmitObserver
214 // We're invoked before the content's |onsubmit| handlers, so we
215 // can grab form data before it might be modified (see bug 257781).
221 }
224 },
226 // nsObserver
241 }
247 }
251 }
252 }
253 },
256 /*
257 * _webProgressListener object
258 *
259 * Internal utility object, implements nsIWebProgressListener interface.
260 * This is attached to the document loader service, so we get
261 * notifications about all page loads.
262 */
263 _webProgressListener : {
274 // STATE_START is too early, doc is still the old page.
284 // Only process things which might have HTML forms.
292 // Fastback doesn't fire DOMContentLoaded, so process forms now.
296 }
298 // Add event listener to process page when DOM is complete.
302 },
304 // stubs for the nsIWebProgressListener interfaces which we don't use.
309 },
312 /*
313 * _domEventListener object
314 *
315 * Internal utility object, implements nsIDOMEventListener
316 * Used to catch certain DOM events needed to properly implement form fill.
317 */
318 _domEventListener : {
344 }
345 }
346 },
351 /* ---------- Primary Public interfaces ---------- */
356 /*
357 * addLogin
358 *
359 * Add a new login to login storage.
360 */
362 // Sanity check the login
366 // For logins w/o a username, set to "", not null.
374 // We have a form submit URL. Can't have a HTTP realm.
378 // We have a HTTP realm. Can't have a form submit URL.
382 // Need one or the other!
384 }
387 // Look for an existing entry.
396 },
399 /*
400 * removeLogin
401 *
402 * Remove the specified login from the stored logins.
403 */
407 },
410 /*
411 * modifyLogin
412 *
413 * Change the specified login to match the new login.
414 */
418 },
421 /*
422 * getAllLogins
423 *
424 * Get a dump of all stored logins. Used by the login manager UI.
425 *
426 * |count| is only needed for XPCOM.
427 *
428 * Returns an array of logins. If there are no logins, the array is empty.
429 */
433 },
436 /*
437 * removeAllLogins
438 *
439 * Remove all stored logins.
440 */
444 },
446 /*
447 * getAllDisabledHosts
448 *
449 * Get a list of all hosts for which logins are disabled.
450 *
451 * |count| is only needed for XPCOM.
452 *
453 * Returns an array of disabled logins. If there are no disabled logins,
454 * the array is empty.
455 */
459 },
462 /*
463 * findLogins
464 *
465 * Search for the known logins for entries matching the specified criteria.
466 */
472 httpRealm);
473 },
476 /*
477 * countLogins
478 *
479 * Search for the known logins for entries matching the specified criteria,
480 * returns only the count.
481 */
487 },
490 /*
491 * getLoginSavingEnabled
492 *
493 * Check to see if user has disabled saving logins for the host.
494 */
501 },
504 /*
505 * setLoginSavingEnabled
506 *
507 * Enable or disable storing logins for the specified host.
508 */
510 // Nulls won't round-trip with getAllDisabledHosts().
516 },
519 /*
520 * autoCompleteSearch
521 *
522 * Yuck. This is called directly by satchel:
523 * nsFormFillController::StartSearch()
524 * [toolkit/components/satchel/src/nsFormFillController.cpp]
525 *
526 * We really ought to have a simple way for code to register an
527 * auto-complete provider, and not have satchel calling pwmgr directly.
528 */
530 // aPreviousResult & aResult are nsIAutoCompleteResult,
531 // aElement is nsIDOMHTMLInputElement
544 // We have a list of results for a shorter search string, so just
545 // filter them further based on the new search string.
546 // Count backwards, because result.matchCount is decremented
547 // when we remove an entry.
551 // Remove results that are too short, or have different prefix.
555 {
558 }
559 }
575 {
577 }
578 }
581 }
584 },
589 /* ------- Internal methods / callbacks for document integration ------- */
594 /*
595 * _getPasswordFields
596 *
597 * Returns an array of password field elements for the specified form.
598 * If no pw fields are found, or if more than 3 are found, then null
599 * is returned.
600 *
601 * skipEmptyFields can be set to ignore password fields with no value.
602 */
604 // Locate the password fields in the form.
616 };
617 }
619 // If too few or too many fields, bail out.
627 }
630 },
633 /*
634 * _getFormFields
635 *
636 * Returns the username and password fields found in the form.
637 * Can handle complex forms by trying to figure out what the
638 * relevant fields are.
639 *
640 * Returns: [usernameField, newPasswordField, oldPasswordField]
641 *
642 * usernameField may be null.
643 * newPasswordField will always be non-null.
644 * oldPasswordField may be null. If null, newPasswordField is just
645 * "theLoginField". If not null, the form is apparently a
646 * change-password field, with oldPasswordField containing the password
647 * that is being changed.
648 */
652 // Locate the password field(s) in the form. Up to 3 supported.
653 // If there's no password field, there's nothing for us to do.
659 // Locate the username field in the form by searching backwards
660 // from the first passwordfield, assume the first text field is the
661 // username. We might not find a username field if the user is
662 // already logged in to the site.
667 }
668 }
674 // If we're not submitting a form (it's a page load), there are no
675 // password field values for us to use for identifying fields. So,
676 // just assume the first password field is the one to be filled in.
681 // Try to figure out WTF is in the form based on the password values.
688 // Look for two identical passwords, that's the new password
691 // All 3 passwords the same? Weird! Treat as if 1 pw field.
701 // A bit odd, but could make sense with the right page layout.
705 // We can't tell which of the 3 passwords should be saved.
708 }
711 // Treat as if 1 pw field
715 // Just assume that the 2nd password is the new password
718 }
719 }
722 },
725 /*
726 * _isAutoCompleteDisabled
727 *
728 * Returns true if the page requests autocomplete be disabled for the
729 * specified form input.
730 */
737 },
739 /*
740 * _onFormSubmit
741 *
742 * Called by the our observer when notified of a form submission.
743 * [Note that this happens before any DOM onsubmit handlers are invoked.]
744 * Looks for a password change in the submitted form, so we can update
745 * our stored password.
746 */
749 // local helper function
755 }
760 // If password saving is disabled (globally or for host), bail out now.
770 }
773 // Get the appropriate fields from the form.
777 // Need at least 1 valid password field to do anything.
781 // Check for autocomplete=off attribute. We don't use it to prevent
782 // autofilling (for existing logins), but won't save logins when it's
783 // present.
790 }
800 // If we didn't find a username field, but seem to be changing a
801 // password, allow the user to select from a list of applicable
802 // logins to update the password for.
808 // Could prompt to save this as a new password-only login.
809 // This seems uncommon, and might be wrong, so ignore.
812 }
825 }
828 }
831 // Look for an existing login that matches the form login.
838 // If one login has a username but the other doesn't, ignore
839 // the username when comparing and only match if they have the
840 // same password. Otherwise, compare the logins and match even
841 // if the passwords differ.
853 }
858 }
859 }
864 /*
865 * Change password if needed.
866 *
867 * If the login has a username, change the password w/o prompting
868 * (because we can be fairly sure there's only one password
869 * associated with the username). But for logins without a
870 * username, ask the user... Some sites use a password-only "login"
871 * in different contexts (enter your PIN, answer a security
872 * question, etc), and without a username we can't be sure if
873 * modifying an existing login is the right thing to do.
874 */
883 }
884 }
887 }
890 // Prompt user to save login (via dialog or notification bar)
893 },
896 /*
897 * _getPasswordOrigin
898 *
899 * Get the parts of the URL we want for identification.
900 */
911 // If the URI explicitly specified a port, only include it when
912 // it's not the default. (We never want "http://foo.com:80")
918 }
921 // bug 159484 - disallow url types that don't support a hostPort.
922 // (although we handle "javascript:..." as a special case above.)
925 }
928 },
933 // A blank or mission action submits to where it came from.
938 },
941 /*
942 * _fillDocument
943 *
944 * Called when a page has loaded. For each form in the document,
945 * we check to see if it can be filled with a stored login.
946 */
954 // If there are no logins for this site, bail out now.
968 // Only the actionOrigin might be changing, so if it's the same
969 // as the last form on the page we can reuse the same logins.
974 }
978 },
981 /*
982 * _fillform
983 *
984 * Fill the form with login information if we can find it. This will find
985 * an array of logins if not given any, otherwise it will use the logins
986 * passed in. The logins are returned so they can be reused for
987 * optimization. Success of action is also returned in format
988 * [success, foundLogins]. autofillForm denotes if we should fill the form
989 * in automatically, ignoreAutocomplete denotes if we should ignore
990 * autocomplete=off attributes, and foundLogins is an array of nsILoginInfo
991 * for optimization
992 */
994 // Heuristically determine what the user/pass fields are
995 // We do this before checking to see if logins are stored,
996 // so that the user isn't prompted for a master password
997 // without need.
1001 // Need a valid password field to do anything.
1005 // If the fields are disabled or read-only, there's nothing to do.
1011 }
1013 // If there's only a password field and it has a value, there's
1014 // nothing for us to do. (Don't clobber the existing value)
1018 // Need to get a list of logins if we weren't given them
1027 }
1029 // Discard logins which have username/password values that don't
1030 // fit into the fields (as specified by the maxlength attribute).
1031 // The user couldn't enter these values anyway, and it helps
1032 // with sites that have an extra PIN to be entered (bug 391514)
1036 // If attribute wasn't set, default is -1.
1052 // Nothing to do if we have no matching logins available.
1057 // Attach autocomplete stuff to the username field, if we have
1058 // one. This is normally used to select from multiple accounts,
1059 // but even with one account we should refill if the user edits.
1063 // If the form has an autocomplete=off attribute in play, don't
1064 // fill in the login automatically. We check this after attaching
1065 // the autocomplete stuff to the username field, so the user can
1066 // still manually select a login to be filled in.
1075 }
1077 // Variable such that we reduce code duplication and can be sure we
1078 // should be firing notifications if and only if we can fill the form.
1082 // If username was specified in the form, only fill in the
1083 // password if we find a matching login.
1091 });
1094 else
1099 // Special case, for sites which have a normal user+pass
1100 // login *and* a password-only login (eg, a PIN)...
1101 // When we have a username field and 1 of 2 available
1102 // logins is password-only, go ahead and prefill the
1103 // one with a username.
1112 }
1116 // Fill the form
1122 // For when autofillForm is false, but we still have the information
1123 // to fill a form, we notify observers.
1127 // For when autocomplete is off, but we still have the information
1128 // to fill a form, we notify observers.
1131 }
1134 },
1137 /*
1138 * fillForm
1139 *
1140 * Fill the form with login information if we can find it.
1141 */
1145 },
1148 /*
1149 * _attachToInput
1150 *
1151 * Hooks up autocomplete support to a username field, to allow
1152 * a user editing the field to select an existing login and have
1153 * the password field filled in.
1154 */
1162 },
1165 /*
1166 * _fillPassword
1167 *
1168 * The user has autocompleted a username field, so fill in the password.
1169 */
1179 // Find the password field. We should always have at least one,
1180 // or else something has gone rather wrong.
1185 // We want to know about this even if debugging is disabled.
1188 else
1192 }
1194 // If there are multiple passwords fields, we can't really figure
1195 // out what each field is for, so just fill out the last field.
1198 // Temporary LoginInfo with the info we know.
1204 // Look for a existing login and use its password.
1211 }))
1212 {
1215 }
1219 }
1225 // nsIAutoCompleteResult implementation
1238 };
1247 }
1248 }
1254 // private
1257 // Interfaces from idl...
1269 },
1273 },
1277 },
1281 },
1297 }
1298 },
1299 };
1304 }