diff options
Diffstat (limited to 'chromium/components/safe_browsing/password_protection/password_protection_request.cc')
-rw-r--r-- | chromium/components/safe_browsing/password_protection/password_protection_request.cc | 102 |
1 files changed, 74 insertions, 28 deletions
diff --git a/chromium/components/safe_browsing/password_protection/password_protection_request.cc b/chromium/components/safe_browsing/password_protection/password_protection_request.cc index 182070830a2..3c5ac791456 100644 --- a/chromium/components/safe_browsing/password_protection/password_protection_request.cc +++ b/chromium/components/safe_browsing/password_protection/password_protection_request.cc @@ -1,18 +1,22 @@ // Copyright 2017 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. + #include "components/safe_browsing/password_protection/password_protection_request.h" #include "base/memory/ptr_util.h" #include "base/memory/weak_ptr.h" #include "base/metrics/histogram_macros.h" #include "components/data_use_measurement/core/data_use_user_data.h" +#include "components/password_manager/core/browser/password_reuse_detector.h" +#include "components/safe_browsing_db/whitelist_checker_client.h" #include "content/public/browser/web_contents.h" #include "net/base/escape.h" #include "net/base/load_flags.h" #include "net/base/url_util.h" #include "net/http/http_status_code.h" #include "net/traffic_annotation/network_traffic_annotation.h" +#include "url/origin.h" using content::BrowserThread; using content::WebContents; @@ -26,6 +30,7 @@ PasswordProtectionRequest::PasswordProtectionRequest( const GURL& password_form_frame_url, const std::string& saved_domain, LoginReputationClientRequest::TriggerType type, + bool password_field_exists, PasswordProtectionService* pps, int request_timeout_in_ms) : web_contents_(web_contents), @@ -33,11 +38,14 @@ PasswordProtectionRequest::PasswordProtectionRequest( password_form_action_(password_form_action), password_form_frame_url_(password_form_frame_url), saved_domain_(saved_domain), - request_type_(type), + trigger_type_(type), + password_field_exists_(password_field_exists), password_protection_service_(pps), request_timeout_in_ms_(request_timeout_in_ms), weakptr_factory_(this) { DCHECK_CURRENTLY_ON(BrowserThread::UI); + DCHECK(trigger_type_ == LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE || + trigger_type_ == LoginReputationClientRequest::PASSWORD_REUSE_EVENT); } PasswordProtectionRequest::~PasswordProtectionRequest() { @@ -46,26 +54,37 @@ PasswordProtectionRequest::~PasswordProtectionRequest() { void PasswordProtectionRequest::Start() { DCHECK_CURRENTLY_ON(BrowserThread::UI); - CheckWhitelistOnUIThread(); + CheckWhitelist(); } -void PasswordProtectionRequest::CheckWhitelistOnUIThread() { +void PasswordProtectionRequest::CheckWhitelist() { DCHECK_CURRENTLY_ON(BrowserThread::UI); - bool* match_whitelist = new bool(false); - tracker_.PostTaskAndReply( + // Start a task on the IO thread to check the whitelist. It may + // callback immediately on the IO thread or take some time if a full-hash- + // check is required. + auto result_callback = base::Bind(&OnWhitelistCheckDoneOnIO, GetWeakPtr()); + tracker_.PostTask( BrowserThread::GetTaskRunnerForThread(BrowserThread::IO).get(), FROM_HERE, - base::Bind(&PasswordProtectionService::CheckCsdWhitelistOnIOThread, - base::Unretained(password_protection_service_), - main_frame_url_, match_whitelist), - base::Bind(&PasswordProtectionRequest::OnWhitelistCheckDone, this, - base::Owned(match_whitelist))); + base::Bind(&WhitelistCheckerClient::StartCheckCsdWhitelist, + password_protection_service_->database_manager(), + main_frame_url_, result_callback)); +} + +// static +void PasswordProtectionRequest::OnWhitelistCheckDoneOnIO( + base::WeakPtr<PasswordProtectionRequest> weak_request, + bool match_whitelist) { + // Don't access weak_request on IO thread. Move it back to UI thread first. + BrowserThread::PostTask( + BrowserThread::UI, FROM_HERE, + base::Bind(&PasswordProtectionRequest::OnWhitelistCheckDone, weak_request, + match_whitelist)); } -void PasswordProtectionRequest::OnWhitelistCheckDone( - const bool* match_whitelist) { +void PasswordProtectionRequest::OnWhitelistCheckDone(bool match_whitelist) { DCHECK_CURRENTLY_ON(BrowserThread::UI); - if (*match_whitelist) + if (match_whitelist) Finish(PasswordProtectionService::MATCHED_WHITELIST, nullptr); else CheckCachedVerdicts(); @@ -81,7 +100,7 @@ void PasswordProtectionRequest::CheckCachedVerdicts() { std::unique_ptr<LoginReputationClientResponse> cached_response = base::MakeUnique<LoginReputationClientResponse>(); auto verdict = password_protection_service_->GetCachedVerdict( - main_frame_url_, cached_response.get()); + main_frame_url_, trigger_type_, cached_response.get()); if (verdict != LoginReputationClientResponse::VERDICT_TYPE_UNSPECIFIED) Finish(PasswordProtectionService::RESPONSE_ALREADY_CACHED, std::move(cached_response)); @@ -92,11 +111,11 @@ void PasswordProtectionRequest::CheckCachedVerdicts() { void PasswordProtectionRequest::FillRequestProto() { request_proto_ = base::MakeUnique<LoginReputationClientRequest>(); request_proto_->set_page_url(main_frame_url_.spec()); - request_proto_->set_trigger_type(request_type_); - password_protection_service_->FillUserPopulation(request_type_, + request_proto_->set_trigger_type(trigger_type_); + password_protection_service_->FillUserPopulation(trigger_type_, request_proto_.get()); request_proto_->set_stored_verdict_cnt( - password_protection_service_->GetStoredVerdictCount()); + password_protection_service_->GetStoredVerdictCount(trigger_type_)); LoginReputationClientRequest::Frame* main_frame = request_proto_->add_frames(); main_frame->set_url(main_frame_url_.spec()); @@ -104,7 +123,7 @@ void PasswordProtectionRequest::FillRequestProto() { password_protection_service_->FillReferrerChain( main_frame_url_, -1 /* tab id not available */, main_frame); - switch (request_type_) { + switch (trigger_type_) { case LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE: { LoginReputationClientRequest::Frame::Form* password_form; if (password_form_frame_url_ == main_frame_url_) { @@ -124,7 +143,21 @@ void PasswordProtectionRequest::FillRequestProto() { break; } case LoginReputationClientRequest::PASSWORD_REUSE_EVENT: { - // TODO(jialiul): Fill more password reuse related information when ready. + main_frame->set_has_password_field(password_field_exists_); + LoginReputationClientRequest::PasswordReuseEvent* reuse_event = + request_proto_->mutable_password_reuse_event(); + reuse_event->set_is_chrome_signin_password( + saved_domain_ == std::string(password_manager::kSyncPasswordDomain)); + if (reuse_event->is_chrome_signin_password()) { + reuse_event->set_sync_account_type( + password_protection_service_->GetSyncAccountType()); + UMA_HISTOGRAM_ENUMERATION( + "PasswordProtection.PasswordReuseSyncAccountType", + reuse_event->sync_account_type(), + LoginReputationClientRequest::PasswordReuseEvent:: + SyncAccountType_MAX + + 1); + } break; } default: @@ -238,17 +271,21 @@ void PasswordProtectionRequest::Finish( std::unique_ptr<LoginReputationClientResponse> response) { DCHECK_CURRENTLY_ON(BrowserThread::UI); tracker_.TryCancelAll(); - - if (request_type_ == LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE) { + bool is_sync_password = + saved_domain_ == std::string(password_manager::kSyncPasswordDomain); + if (trigger_type_ == LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE) { UMA_HISTOGRAM_ENUMERATION(kPasswordOnFocusRequestOutcomeHistogramName, outcome, PasswordProtectionService::MAX_OUTCOME); + } else if (is_sync_password) { + UMA_HISTOGRAM_ENUMERATION(kSyncPasswordEntryRequestOutcomeHistogramName, + outcome, PasswordProtectionService::MAX_OUTCOME); } else { UMA_HISTOGRAM_ENUMERATION(kPasswordEntryRequestOutcomeHistogramName, outcome, PasswordProtectionService::MAX_OUTCOME); } - if (response) { - switch (request_type_) { + if (outcome == PasswordProtectionService::SUCCEEDED && response) { + switch (trigger_type_) { case LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE: UMA_HISTOGRAM_ENUMERATION( "PasswordProtection.Verdict.PasswordFieldOnFocus", @@ -256,10 +293,17 @@ void PasswordProtectionRequest::Finish( LoginReputationClientResponse_VerdictType_VerdictType_MAX + 1); break; case LoginReputationClientRequest::PASSWORD_REUSE_EVENT: - UMA_HISTOGRAM_ENUMERATION( - "PasswordProtection.Verdict.ProtectedPasswordEntry", - response->verdict_type(), - LoginReputationClientResponse_VerdictType_VerdictType_MAX + 1); + if (is_sync_password) { + UMA_HISTOGRAM_ENUMERATION( + "PasswordProtection.Verdict.SyncProtectedPasswordEntry", + response->verdict_type(), + LoginReputationClientResponse_VerdictType_VerdictType_MAX + 1); + } else { + UMA_HISTOGRAM_ENUMERATION( + "PasswordProtection.Verdict.ProtectedPasswordEntry", + response->verdict_type(), + LoginReputationClientResponse_VerdictType_VerdictType_MAX + 1); + } break; default: NOTREACHED(); @@ -267,7 +311,9 @@ void PasswordProtectionRequest::Finish( } DCHECK(password_protection_service_); - password_protection_service_->RequestFinished(this, std::move(response)); + password_protection_service_->RequestFinished( + this, outcome == PasswordProtectionService::RESPONSE_ALREADY_CACHED, + std::move(response)); } void PasswordProtectionRequest::Cancel(bool timed_out) { |