/* * Copyright (C) 2009 Google Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following disclaimer * in the documentation and/or other materials provided with the * distribution. * * Neither the name of Google Inc. nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "config.h" #include "WebPasswordFormData.h" #include "HTMLNames.h" #include "core/dom/Document.h" #include "core/html/HTMLFormElement.h" #include "core/html/HTMLInputElement.h" #include "platform/weborigin/KURL.h" #include "DOMUtilitiesPrivate.h" #include "WebPasswordFormUtils.h" using namespace WebCore; namespace blink { namespace { // Helper to determine which password is the main one, and which is // an old password (e.g on a "make new password" form), if any. bool locateSpecificPasswords(PasswordFormFields* fields, HTMLInputElement** password, HTMLInputElement** oldPassword) { ASSERT(fields); ASSERT(password); ASSERT(oldPassword); switch (fields->passwords.size()) { case 1: // Single password, easy. *password = fields->passwords[0]; break; case 2: if (fields->passwords[0]->value() == fields->passwords[1]->value()) // Treat two identical passwords as a single password. *password = fields->passwords[0]; else { // Assume first is old password, second is new (no choice but to guess). *oldPassword = fields->passwords[0]; *password = fields->passwords[1]; } break; case 3: if (fields->passwords[0]->value() == fields->passwords[1]->value() && fields->passwords[0]->value() == fields->passwords[2]->value()) { // All three passwords the same? Just treat as one and hope. *password = fields->passwords[0]; } else if (fields->passwords[0]->value() == fields->passwords[1]->value()) { // Two the same and one different -> old password is duplicated one. *oldPassword = fields->passwords[0]; *password = fields->passwords[2]; } else if (fields->passwords[1]->value() == fields->passwords[2]->value()) { *oldPassword = fields->passwords[0]; *password = fields->passwords[1]; } else { // Three different passwords, or first and last match with middle // different. No idea which is which, so no luck. return false; } break; default: return false; } return true; } // Helped method to clear url of unneeded parts. KURL stripURL(const KURL& url) { KURL strippedURL = url; strippedURL.setUser(String()); strippedURL.setPass(String()); strippedURL.setQuery(String()); strippedURL.setFragmentIdentifier(String()); return strippedURL; } WebString getElementNameOrId(const HTMLInputElement& element) { return element.nameForAutofill(); } // Helper to gather up the final form data and create a PasswordForm. void assemblePasswordFormResult(const KURL& fullOrigin, const KURL& fullAction, HTMLFormControlElement* submit, HTMLInputElement* userName, const Vector& alternateUserNames, HTMLInputElement* oldPassword, HTMLInputElement* password, WebPasswordFormData* result) { // We want to keep the path but strip any authentication data, as well as // query and ref portions of URL, for the form action and form origin. result->action = stripURL(fullAction); result->origin = stripURL(fullOrigin); // Naming is confusing here because we have both the HTML form origin URL // the page where the form was seen), and the "origin" components of the url // (scheme, host, and port). KURL signonRealmURL = stripURL(fullOrigin); signonRealmURL.setPath(""); result->signonRealm = signonRealmURL; result->possibleUserNames = alternateUserNames; if (submit) result->submitElement = submit->name(); if (userName) { result->userNameElement = getElementNameOrId(*userName); result->userNameValue = userName->value(); } if (password) { result->passwordElement = getElementNameOrId(*password); result->passwordValue = password->value(); result->passwordShouldAutocomplete = password->shouldAutocomplete(); } if (oldPassword) { result->oldPasswordElement = getElementNameOrId(*oldPassword); result->oldPasswordValue = oldPassword->value(); } } } // namespace WebPasswordFormData::WebPasswordFormData(const WebFormElement& webForm) { RefPtr form = webForm.operator PassRefPtr(); PasswordFormFields fields; findPasswordFormFields(form.get(), &fields); // Get the document URL KURL fullOrigin(ParsedURLString, form->document().documentURI()); // Calculate the canonical action URL String action = form->action(); if (action.isNull()) action = ""; // missing 'action' attribute implies current URL KURL fullAction = form->document().completeURL(action); if (!fullAction.isValid()) return; // Determine the types of the password fields HTMLInputElement* password = 0; HTMLInputElement* oldPassword = 0; if (!locateSpecificPasswords(&fields, &password, &oldPassword)) return; assemblePasswordFormResult(fullOrigin, fullAction, fields.submit, fields.userName, fields.alternateUserNames, oldPassword, password, this); } } // namespace blink