| // Copyright 2014 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_LOGIN_DATABASE_H_ |
| #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_LOGIN_DATABASE_H_ |
| |
| #include <memory> |
| #include <string> |
| #include <vector> |
| |
| #include "base/compiler_specific.h" |
| #include "base/files/file_path.h" |
| #include "base/macros.h" |
| #include "base/pickle.h" |
| #include "base/strings/string16.h" |
| #include "build/build_config.h" |
| #include "components/password_manager/core/browser/password_store.h" |
| #include "components/password_manager/core/browser/password_store_change.h" |
| #include "components/password_manager/core/browser/psl_matching_helper.h" |
| #include "components/password_manager/core/browser/statistics_table.h" |
| #include "components/sync/model/metadata_batch.h" |
| #include "components/sync/model/sync_metadata_store.h" |
| #include "components/sync/protocol/model_type_state.pb.h" |
| #include "sql/database.h" |
| #include "sql/meta_table.h" |
| |
| #if defined(OS_IOS) |
| #include "base/gtest_prod_util.h" |
| #endif |
| |
| #if defined(OS_MACOSX) && !defined(OS_IOS) |
| #include "components/password_manager/core/browser/password_recovery_util_mac.h" |
| #endif |
| |
| namespace password_manager { |
| |
| class SQLTableBuilder; |
| |
| extern const int kCurrentVersionNumber; |
| extern const int kCompatibleVersionNumber; |
| |
| // Interface to the database storage of login information, intended as a helper |
| // for PasswordStore on platforms that need internal storage of some or all of |
| // the login information. |
| class LoginDatabase : public syncer::SyncMetadataStore { |
| public: |
| explicit LoginDatabase(const base::FilePath& db_path); |
| ~LoginDatabase() override; |
| |
| // Actually creates/opens the database. If false is returned, no other method |
| // should be called. |
| virtual bool Init(); |
| |
| #if defined(OS_MACOSX) && !defined(OS_IOS) |
| // Registers utility which is used to save password recovery status on MacOS. |
| void InitPasswordRecoveryUtil( |
| std::unique_ptr<PasswordRecoveryUtilMac> password_recovery_util); |
| #endif |
| |
| // Reports usage metrics to UMA. |
| void ReportMetrics(const std::string& sync_username, |
| bool custom_passphrase_sync_enabled); |
| |
| // Adds |form| to the list of remembered password forms. Returns the list of |
| // changes applied ({}, {ADD}, {REMOVE, ADD}). If it returns {REMOVE, ADD} |
| // then the REMOVE is associated with the form that was added. Thus only the |
| // primary key columns contain the values associated with the removed form. |
| PasswordStoreChangeList AddLogin(const autofill::PasswordForm& form) |
| WARN_UNUSED_RESULT; |
| |
| // This function does the same thing as AddLogin() with the difference that |
| // doesn't check if a site is already blacklisted before adding it. This is |
| // needed for tests that will require to have duplicates in the database. |
| PasswordStoreChangeList AddBlacklistedLoginForTesting( |
| const autofill::PasswordForm& form) WARN_UNUSED_RESULT; |
| |
| // Updates existing password form. Returns the list of applied changes |
| // ({}, {UPDATE}). The password is looked up by the tuple {origin, |
| // username_element, username_value, password_element, signon_realm}. |
| // These columns stay intact. |
| PasswordStoreChangeList UpdateLogin(const autofill::PasswordForm& form) |
| WARN_UNUSED_RESULT; |
| |
| // Removes |form| from the list of remembered password forms. Returns true if |
| // |form| was successfully removed from the database. |
| bool RemoveLogin(const autofill::PasswordForm& form) WARN_UNUSED_RESULT; |
| |
| // Removes the form with |id| from the list of remembered password forms. |
| // Returns true if the form was successfully removed from the database. |
| bool RemoveLoginById(int id) WARN_UNUSED_RESULT; |
| |
| // Removes all logins created from |delete_begin| onwards (inclusive) and |
| // before |delete_end|. You may use a null Time value to do an unbounded |
| // delete in either direction. |
| bool RemoveLoginsCreatedBetween(base::Time delete_begin, |
| base::Time delete_end); |
| |
| // Removes all logins synced from |delete_begin| onwards (inclusive) and |
| // before |delete_end|. You may use a null Time value to do an unbounded |
| // delete in either direction. |
| bool RemoveLoginsSyncedBetween(base::Time delete_begin, |
| base::Time delete_end); |
| |
| // Sets the 'skip_zero_click' flag on all forms on |origin| to 'true'. |
| bool DisableAutoSignInForOrigin(const GURL& origin); |
| |
| // All Get* methods below overwrite |forms| with the returned credentials. On |
| // success, those methods return true. |
| |
| // Gets a list of credentials matching |form|, including blacklisted matches |
| // and federated credentials. |
| bool GetLogins(const PasswordStore::FormDigest& form, |
| std::vector<std::unique_ptr<autofill::PasswordForm>>* forms) |
| WARN_UNUSED_RESULT; |
| |
| // Retrieves all stored credentials with SCHEME_HTTP that have a realm whose |
| // organization-identifying name -- that is, the first domain name label below |
| // the effective TLD -- matches that of |signon_realm|. Return value indicates |
| // a successful query (but potentially no results). |
| // |
| // For example, the organization-identifying name of "https://foo.example.org" |
| // is `example`, and logins will be returned for "http://bar.example.co.uk", |
| // but not for "http://notexample.com" or "https://example.foo.com". |
| bool GetLoginsForSameOrganizationName( |
| const std::string& signon_realm, |
| std::vector<std::unique_ptr<autofill::PasswordForm>>* forms); |
| |
| // Gets all logins created from |begin| onwards (inclusive) and before |end|. |
| // You may use a null Time value to do an unbounded search in either |
| // direction. |
| bool GetLoginsCreatedBetween( |
| base::Time begin, |
| base::Time end, |
| std::vector<std::unique_ptr<autofill::PasswordForm>>* forms) |
| WARN_UNUSED_RESULT; |
| |
| // Gets all logins synced from |begin| onwards (inclusive) and before |end|. |
| // You may use a null Time value to do an unbounded search in either |
| // direction. |
| bool GetLoginsSyncedBetween( |
| base::Time begin, |
| base::Time end, |
| std::vector<std::unique_ptr<autofill::PasswordForm>>* forms) |
| WARN_UNUSED_RESULT; |
| |
| // Gets the complete list of not blacklisted credentials. |
| bool GetAutofillableLogins( |
| std::vector<std::unique_ptr<autofill::PasswordForm>>* forms) |
| WARN_UNUSED_RESULT; |
| |
| // Gets the complete list of blacklisted credentials. |
| bool GetBlacklistLogins(std::vector<std::unique_ptr<autofill::PasswordForm>>* |
| forms) WARN_UNUSED_RESULT; |
| |
| // Gets the list of auto-sign-inable credentials. |
| bool GetAutoSignInLogins(std::vector<std::unique_ptr<autofill::PasswordForm>>* |
| forms) WARN_UNUSED_RESULT; |
| |
| // Deletes the login database file on disk, and creates a new, empty database. |
| // This can be used after migrating passwords to some other store, to ensure |
| // that SQLite doesn't leave fragments of passwords in the database file. |
| // Returns true on success; otherwise, whether the file was deleted and |
| // whether further use of this login database will succeed is unspecified. |
| bool DeleteAndRecreateDatabaseFile(); |
| |
| // On MacOS, it deletes all logins from the database that cannot be decrypted |
| // when encryption key from Keychain is available. If the Keychain is locked, |
| // it does nothing and returns ENCRYPTION_UNAVAILABLE. If it's not running on |
| // MacOS, it does nothing and returns SUCCESS. This can be used when syncing |
| // logins from the cloud to rewrite entries that can't be used anymore (due to |
| // modification of the encryption key). If one of the logins couldn't be |
| // removed from the database, returns ITEM_FAILURE. |
| DatabaseCleanupResult DeleteUndecryptableLogins(); |
| |
| // Returns the encrypted password value for the specified |form|. Returns an |
| // empty string if the row for this |form| is not found. |
| std::string GetEncryptedPassword(const autofill::PasswordForm& form) const; |
| |
| // syncer::SyncMetadataStore implementation. |
| bool UpdateSyncMetadata(syncer::ModelType model_type, |
| const std::string& storage_key, |
| const sync_pb::EntityMetadata& metadata) override; |
| bool ClearSyncMetadata(syncer::ModelType model_type, |
| const std::string& storage_key) override; |
| bool UpdateModelTypeState( |
| syncer::ModelType model_type, |
| const sync_pb::ModelTypeState& model_type_state) override; |
| bool ClearModelTypeState(syncer::ModelType model_type) override; |
| |
| // Callers that requires transaction support should call there methods to |
| // begin and commit transactions. They delegate to the transaction support of |
| // the underlying database. Only one transaction may exist at a time. |
| bool BeginTransaction(); |
| bool CommitTransaction(); |
| |
| // Returns the id for the specified |form|. Returns -1 if the row for this |
| // |form| is not found. |
| // TODO(crbug.com/902349): consider migrating away from this method and make |
| // AddLogin() return the inserted id of the inserted item (probably using an |
| // output parameter). |
| int GetIdForTesting(const autofill::PasswordForm& form) const; |
| |
| // Returns all the stored sync metadata. Returns null in case of failure. |
| std::unique_ptr<syncer::MetadataBatch> GetAllSyncMetadataForTesting(); |
| |
| StatisticsTable& stats_table() { return stats_table_; } |
| |
| #if defined(OS_POSIX) && !defined(OS_MACOSX) |
| // This instance should not encrypt/decrypt password values using OSCrypt. |
| void disable_encryption() { use_encryption_ = false; } |
| #endif // defined(OS_POSIX) |
| |
| private: |
| #if defined(OS_IOS) |
| friend class LoginDatabaseIOSTest; |
| FRIEND_TEST_ALL_PREFIXES(LoginDatabaseIOSTest, KeychainStorage); |
| |
| // On iOS, removes the keychain item that is used to store the |
| // encrypted password for the supplied |form|. |
| void DeleteEncryptedPassword(const autofill::PasswordForm& form); |
| |
| // Similar to DeleteEncryptedPassword() but uses |id| to look for the |
| // password. |
| void DeleteEncryptedPasswordById(int id); |
| |
| // Returns the encrypted password value for the specified |id|. Returns an |
| // empty string if the row for this |form| is not found. |
| std::string GetEncryptedPasswordById(int id) const; |
| #endif |
| |
| // Result values for encryption/decryption actions. |
| enum EncryptionResult { |
| // Success. |
| ENCRYPTION_RESULT_SUCCESS, |
| // Failure for a specific item (e.g., the encrypted value was manually |
| // moved from another machine, and can't be decrypted on this machine). |
| // This is presumed to be a permanent failure. |
| ENCRYPTION_RESULT_ITEM_FAILURE, |
| // A service-level failure (e.g., on a platform using a keyring, the keyring |
| // is temporarily unavailable). |
| // This is presumed to be a temporary failure. |
| ENCRYPTION_RESULT_SERVICE_FAILURE, |
| }; |
| |
| // Encrypts plain_text, setting the value of cipher_text and returning true if |
| // successful, or returning false and leaving cipher_text unchanged if |
| // encryption fails (e.g., if the underlying OS encryption system is |
| // temporarily unavailable). |
| EncryptionResult EncryptedString(const base::string16& plain_text, |
| std::string* cipher_text) const |
| WARN_UNUSED_RESULT; |
| |
| // Decrypts cipher_text, setting the value of plain_text and returning true if |
| // successful, or returning false and leaving plain_text unchanged if |
| // decryption fails (e.g., if the underlying OS encryption system is |
| // temporarily unavailable). |
| EncryptionResult DecryptedString(const std::string& cipher_text, |
| base::string16* plain_text) const |
| WARN_UNUSED_RESULT; |
| |
| // Fills |form| from the values in the given statement (which is assumed to |
| // be of the form used by the Get*Logins methods). |
| // Returns the EncryptionResult from decrypting the password in |s|; if not |
| // ENCRYPTION_RESULT_SUCCESS, |form| is not filled. |
| EncryptionResult InitPasswordFormFromStatement(autofill::PasswordForm* form, |
| const sql::Statement& s) const |
| WARN_UNUSED_RESULT; |
| |
| // Gets all blacklisted or all non-blacklisted (depending on |blacklisted|) |
| // credentials. On success returns true and overwrites |forms| with the |
| // result. |
| bool GetAllLoginsWithBlacklistSetting( |
| bool blacklisted, |
| std::vector<std::unique_ptr<autofill::PasswordForm>>* forms); |
| |
| // Reads all the stored sync entities metadata in a MetadataBatch. Returns |
| // nullptr in case of failure. |
| std::unique_ptr<syncer::MetadataBatch> GetAllSyncEntityMetadataForTesting(); |
| |
| // Reads the stored ModelTypeState. Returns nullptr in case of failure. |
| std::unique_ptr<sync_pb::ModelTypeState> GetModelTypeStateForTesting(); |
| |
| // Overwrites |forms| with credentials retrieved from |statement|. If |
| // |matched_form| is not null, filters out all results but those PSL-matching |
| // |*matched_form| or federated credentials for it. If feature for recovering |
| // passwords is enabled, it removes all passwords that couldn't be decrypted |
| // when encryption was available from the database. On success returns true. |
| bool StatementToForms(sql::Statement* statement, |
| const PasswordStore::FormDigest* matched_form, |
| std::vector<std::unique_ptr<autofill::PasswordForm>>* |
| forms) WARN_UNUSED_RESULT; |
| |
| // Initializes all the *_statement_ data members with appropriate SQL |
| // fragments based on |builder|. |
| void InitializeStatementStrings(const SQLTableBuilder& builder); |
| |
| // On Mac, returns true if the feature for recovering lost passwords is |
| // enabled, or false otherwise. On all other platforms it returns false. |
| bool IsUsingCleanupMechanism() const; |
| |
| base::FilePath db_path_; |
| mutable sql::Database db_; |
| sql::MetaTable meta_table_; |
| StatisticsTable stats_table_; |
| |
| // These cached strings are used to build SQL statements. |
| std::string add_statement_; |
| std::string add_replace_statement_; |
| std::string update_statement_; |
| std::string delete_statement_; |
| std::string delete_by_id_statement_; |
| std::string autosignin_statement_; |
| std::string get_statement_; |
| std::string get_statement_psl_; |
| std::string get_statement_federated_; |
| std::string get_statement_psl_federated_; |
| std::string get_same_organization_name_logins_statement_; |
| std::string created_statement_; |
| std::string synced_statement_; |
| std::string blacklisted_statement_; |
| std::string encrypted_statement_; |
| std::string encrypted_password_statement_by_id_; |
| std::string id_statement_; |
| |
| #if defined(OS_MACOSX) && !defined(OS_IOS) |
| std::unique_ptr<PasswordRecoveryUtilMac> password_recovery_util_; |
| #endif |
| |
| #if defined(OS_POSIX) && !defined(OS_MACOSX) |
| // Whether password values should be encrypted. |
| // TODO(crbug.com/571003) Only linux doesn't use encryption. Remove this once |
| // Linux is fully migrated into LoginDatabase. |
| bool use_encryption_ = true; |
| #endif // defined(OS_POSIX) |
| |
| DISALLOW_COPY_AND_ASSIGN(LoginDatabase); |
| }; |
| |
| } // namespace password_manager |
| |
| #endif // COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_LOGIN_DATABASE_H_ |