| blob | ee6259a8207b3e9348951d0efca2a983358d5197 |
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is mozilla.org code.
15 *
16 * The Initial Developer of the Original Code is Mozilla Corporation.
17 * Portions created by the Initial Developer are Copyright (C) 2007
18 * the Initial Developer. All Rights Reserved.
19 *
20 * Contributor(s):
21 * Justin Dolske <dolske@mozilla.com> (original author)
22 *
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
34 *
35 * ***** END LICENSE BLOCK ***** */
45 }
56 /* ---------- private memebers ---------- */
65 },
74 },
84 },
93 },
110 }
119 }
120 }
123 },
132 /*
133 * init
134 *
135 * Initialize the Login Manager. Automatically called when service
136 * is created.
137 *
138 * Note: Service created in /browser/base/content/browser.js,
139 * delayedStartup()
140 */
143 // Cache references to current |this| in utility objects
149 // Preferences. Add observer so we get notified of changes.
155 // Get current preference values.
161 // Get constructor for nsILoginInfo
166 // Form submit observer checks forms for new logins and pw changes.
170 // WebProgressListener for getting notification of new doc loads.
177 },
180 /*
181 * log
182 *
183 * Internal function for logging debug messages to the Error Console window
184 */
190 },
193 /* ---------- Utility objects ---------- */
196 /*
197 * _observer object
198 *
199 * Internal utility object, implements the nsIObserver interface.
200 * Used to receive notification for: form submission, preference changes.
201 */
202 _observer : {
210 // nsFormSubmitObserver
214 // We're invoked before the content's |onsubmit| handlers, so we
215 // can grab form data before it might be modified (see bug 257781).
221 }
224 },
226 // nsObserver
241 }
247 }
251 }
252 }
253 },
256 /*
257 * _webProgressListener object
258 *
259 * Internal utility object, implements nsIWebProgressListener interface.
260 * This is attached to the document loader service, so we get
261 * notifications about all page loads.
262 */
263 _webProgressListener : {
274 // STATE_START is too early, doc is still the old page.
284 // Only process things which might have HTML forms.
292 // Fastback doesn't fire DOMContentLoaded, so process forms now.
296 }
298 // Add event listener to process page when DOM is complete.
302 },
304 // stubs for the nsIWebProgressListener interfaces which we don't use.
309 },
312 /*
313 * _domEventListener object
314 *
315 * Internal utility object, implements nsIDOMEventListener
316 * Used to catch certain DOM events needed to properly implement form fill.
317 */
318 _domEventListener : {
337 // Make sure the username field fillForm will use is the
338 // same field as the autocomplete was activated on. If
339 // not, the DOM has been altered and we'll just give up.
343 // Clobber any existing password.
348 }
354 }
355 }
356 },
361 /* ---------- Primary Public interfaces ---------- */
366 /*
367 * addLogin
368 *
369 * Add a new login to login storage.
370 */
372 // Sanity check the login
376 // For logins w/o a username, set to "", not null.
384 // We have a form submit URL. Can't have a HTTP realm.
388 // We have a HTTP realm. Can't have a form submit URL.
392 // Need one or the other!
394 }
397 // Look for an existing entry.
406 },
409 /*
410 * removeLogin
411 *
412 * Remove the specified login from the stored logins.
413 */
417 },
420 /*
421 * modifyLogin
422 *
423 * Change the specified login to match the new login.
424 */
428 },
431 /*
432 * getAllLogins
433 *
434 * Get a dump of all stored logins. Used by the login manager UI.
435 *
436 * |count| is only needed for XPCOM.
437 *
438 * Returns an array of logins. If there are no logins, the array is empty.
439 */
443 },
446 /*
447 * removeAllLogins
448 *
449 * Remove all stored logins.
450 */
454 },
456 /*
457 * getAllDisabledHosts
458 *
459 * Get a list of all hosts for which logins are disabled.
460 *
461 * |count| is only needed for XPCOM.
462 *
463 * Returns an array of disabled logins. If there are no disabled logins,
464 * the array is empty.
465 */
469 },
472 /*
473 * findLogins
474 *
475 * Search for the known logins for entries matching the specified criteria.
476 */
482 httpRealm);
483 },
486 /*
487 * countLogins
488 *
489 * Search for the known logins for entries matching the specified criteria,
490 * returns only the count.
491 */
497 },
500 /*
501 * getLoginSavingEnabled
502 *
503 * Check to see if user has disabled saving logins for the host.
504 */
511 },
514 /*
515 * setLoginSavingEnabled
516 *
517 * Enable or disable storing logins for the specified host.
518 */
520 // Nulls won't round-trip with getAllDisabledHosts().
526 },
529 /*
530 * autoCompleteSearch
531 *
532 * Yuck. This is called directly by satchel:
533 * nsFormFillController::StartSearch()
534 * [toolkit/components/satchel/src/nsFormFillController.cpp]
535 *
536 * We really ought to have a simple way for code to register an
537 * auto-complete provider, and not have satchel calling pwmgr directly.
538 */
540 // aPreviousResult & aResult are nsIAutoCompleteResult,
541 // aElement is nsIDOMHTMLInputElement
554 // We have a list of results for a shorter search string, so just
555 // filter them further based on the new search string.
556 // Count backwards, because result.matchCount is decremented
557 // when we remove an entry.
561 // Remove results that are too short, or have different prefix.
565 {
568 }
569 }
585 {
587 }
588 }
591 }
594 },
599 /* ------- Internal methods / callbacks for document integration ------- */
604 /*
605 * _getPasswordFields
606 *
607 * Returns an array of password field elements for the specified form.
608 * If no pw fields are found, or if more than 3 are found, then null
609 * is returned.
610 *
611 * skipEmptyFields can be set to ignore password fields with no value.
612 */
614 // Locate the password fields in the form.
626 };
627 }
629 // If too few or too many fields, bail out.
637 }
640 },
643 /*
644 * _getFormFields
645 *
646 * Returns the username and password fields found in the form.
647 * Can handle complex forms by trying to figure out what the
648 * relevant fields are.
649 *
650 * Returns: [usernameField, newPasswordField, oldPasswordField]
651 *
652 * usernameField may be null.
653 * newPasswordField will always be non-null.
654 * oldPasswordField may be null. If null, newPasswordField is just
655 * "theLoginField". If not null, the form is apparently a
656 * change-password field, with oldPasswordField containing the password
657 * that is being changed.
658 */
662 // Locate the password field(s) in the form. Up to 3 supported.
663 // If there's no password field, there's nothing for us to do.
669 // Locate the username field in the form by searching backwards
670 // from the first passwordfield, assume the first text field is the
671 // username. We might not find a username field if the user is
672 // already logged in to the site.
677 }
678 }
684 // If we're not submitting a form (it's a page load), there are no
685 // password field values for us to use for identifying fields. So,
686 // just assume the first password field is the one to be filled in.
691 // Try to figure out WTF is in the form based on the password values.
698 // Look for two identical passwords, that's the new password
701 // All 3 passwords the same? Weird! Treat as if 1 pw field.
711 // A bit odd, but could make sense with the right page layout.
715 // We can't tell which of the 3 passwords should be saved.
718 }
721 // Treat as if 1 pw field
725 // Just assume that the 2nd password is the new password
728 }
729 }
732 },
735 /*
736 * _isAutoCompleteDisabled
737 *
738 * Returns true if the page requests autocomplete be disabled for the
739 * specified form input.
740 */
747 },
749 /*
750 * _onFormSubmit
751 *
752 * Called by the our observer when notified of a form submission.
753 * [Note that this happens before any DOM onsubmit handlers are invoked.]
754 * Looks for a password change in the submitted form, so we can update
755 * our stored password.
756 */
759 // local helper function
765 }
770 // If password saving is disabled (globally or for host), bail out now.
780 }
783 // Get the appropriate fields from the form.
787 // Need at least 1 valid password field to do anything.
791 // Check for autocomplete=off attribute. We don't use it to prevent
792 // autofilling (for existing logins), but won't save logins when it's
793 // present.
800 }
810 // If we didn't find a username field, but seem to be changing a
811 // password, allow the user to select from a list of applicable
812 // logins to update the password for.
818 // Could prompt to save this as a new password-only login.
819 // This seems uncommon, and might be wrong, so ignore.
822 }
835 }
838 }
841 // Look for an existing login that matches the form login.
848 // If one login has a username but the other doesn't, ignore
849 // the username when comparing and only match if they have the
850 // same password. Otherwise, compare the logins and match even
851 // if the passwords differ.
863 }
868 }
869 }
874 /*
875 * Change password if needed.
876 *
877 * If the login has a username, change the password w/o prompting
878 * (because we can be fairly sure there's only one password
879 * associated with the username). But for logins without a
880 * username, ask the user... Some sites use a password-only "login"
881 * in different contexts (enter your PIN, answer a security
882 * question, etc), and without a username we can't be sure if
883 * modifying an existing login is the right thing to do.
884 */
893 }
894 }
897 }
900 // Prompt user to save login (via dialog or notification bar)
903 },
906 /*
907 * _getPasswordOrigin
908 *
909 * Get the parts of the URL we want for identification.
910 */
921 // If the URI explicitly specified a port, only include it when
922 // it's not the default. (We never want "http://foo.com:80")
928 }
931 // bug 159484 - disallow url types that don't support a hostPort.
932 // (although we handle "javascript:..." as a special case above.)
935 }
938 },
943 // A blank or mission action submits to where it came from.
948 },
951 /*
952 * _fillDocument
953 *
954 * Called when a page has loaded. For each form in the document,
955 * we check to see if it can be filled with a stored login.
956 */
964 // If there are no logins for this site, bail out now.
978 // Only the actionOrigin might be changing, so if it's the same
979 // as the last form on the page we can reuse the same logins.
984 }
988 },
991 /*
992 * _fillform
993 *
994 * Fill the form with login information if we can find it. This will find
995 * an array of logins if not given any, otherwise it will use the logins
996 * passed in. The logins are returned so they can be reused for
997 * optimization. Success of action is also returned in format
998 * [success, foundLogins]. autofillForm denotes if we should fill the form
999 * in automatically, ignoreAutocomplete denotes if we should ignore
1000 * autocomplete=off attributes, and foundLogins is an array of nsILoginInfo
1001 * for optimization
1002 */
1004 // Heuristically determine what the user/pass fields are
1005 // We do this before checking to see if logins are stored,
1006 // so that the user isn't prompted for a master password
1007 // without need.
1011 // Need a valid password field to do anything.
1015 // If the fields are disabled or read-only, there's nothing to do.
1021 }
1023 // Need to get a list of logins if we weren't given them
1032 }
1034 // Discard logins which have username/password values that don't
1035 // fit into the fields (as specified by the maxlength attribute).
1036 // The user couldn't enter these values anyway, and it helps
1037 // with sites that have an extra PIN to be entered (bug 391514)
1041 // If attribute wasn't set, default is -1.
1057 // Nothing to do if we have no matching logins available.
1062 // Attach autocomplete stuff to the username field, if we have
1063 // one. This is normally used to select from multiple accounts,
1064 // but even with one account we should refill if the user edits.
1068 // Don't clobber an existing password.
1072 // If the form has an autocomplete=off attribute in play, don't
1073 // fill in the login automatically. We check this after attaching
1074 // the autocomplete stuff to the username field, so the user can
1075 // still manually select a login to be filled in.
1084 }
1086 // Variable such that we reduce code duplication and can be sure we
1087 // should be firing notifications if and only if we can fill the form.
1091 // If username was specified in the form, only fill in the
1092 // password if we find a matching login.
1100 });
1103 else
1108 // Special case, for sites which have a normal user+pass
1109 // login *and* a password-only login (eg, a PIN)...
1110 // When we have a username field and 1 of 2 available
1111 // logins is password-only, go ahead and prefill the
1112 // one with a username.
1121 }
1125 // Fill the form
1131 // For when autofillForm is false, but we still have the information
1132 // to fill a form, we notify observers.
1136 // For when autocomplete is off, but we still have the information
1137 // to fill a form, we notify observers.
1140 }
1143 },
1146 /*
1147 * fillForm
1148 *
1149 * Fill the form with login information if we can find it.
1150 */
1154 },
1157 /*
1158 * _attachToInput
1159 *
1160 * Hooks up autocomplete support to a username field, to allow
1161 * a user editing the field to select an existing login and have
1162 * the password field filled in.
1163 */
1171 }
1177 // nsIAutoCompleteResult implementation
1190 };
1199 }
1200 }
1206 // private
1209 // Interfaces from idl...
1221 },
1225 },
1229 },
1233 },
1249 }
1250 }
1251 };
1256 }