summaryrefslogtreecommitdiff
path: root/chromium/components/safe_browsing/password_protection/password_protection_request.cc
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/components/safe_browsing/password_protection/password_protection_request.cc')
-rw-r--r--chromium/components/safe_browsing/password_protection/password_protection_request.cc102
1 files changed, 74 insertions, 28 deletions
diff --git a/chromium/components/safe_browsing/password_protection/password_protection_request.cc b/chromium/components/safe_browsing/password_protection/password_protection_request.cc
index 182070830a2..3c5ac791456 100644
--- a/chromium/components/safe_browsing/password_protection/password_protection_request.cc
+++ b/chromium/components/safe_browsing/password_protection/password_protection_request.cc
@@ -1,18 +1,22 @@
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
+
#include "components/safe_browsing/password_protection/password_protection_request.h"
#include "base/memory/ptr_util.h"
#include "base/memory/weak_ptr.h"
#include "base/metrics/histogram_macros.h"
#include "components/data_use_measurement/core/data_use_user_data.h"
+#include "components/password_manager/core/browser/password_reuse_detector.h"
+#include "components/safe_browsing_db/whitelist_checker_client.h"
#include "content/public/browser/web_contents.h"
#include "net/base/escape.h"
#include "net/base/load_flags.h"
#include "net/base/url_util.h"
#include "net/http/http_status_code.h"
#include "net/traffic_annotation/network_traffic_annotation.h"
+#include "url/origin.h"
using content::BrowserThread;
using content::WebContents;
@@ -26,6 +30,7 @@ PasswordProtectionRequest::PasswordProtectionRequest(
const GURL& password_form_frame_url,
const std::string& saved_domain,
LoginReputationClientRequest::TriggerType type,
+ bool password_field_exists,
PasswordProtectionService* pps,
int request_timeout_in_ms)
: web_contents_(web_contents),
@@ -33,11 +38,14 @@ PasswordProtectionRequest::PasswordProtectionRequest(
password_form_action_(password_form_action),
password_form_frame_url_(password_form_frame_url),
saved_domain_(saved_domain),
- request_type_(type),
+ trigger_type_(type),
+ password_field_exists_(password_field_exists),
password_protection_service_(pps),
request_timeout_in_ms_(request_timeout_in_ms),
weakptr_factory_(this) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
+ DCHECK(trigger_type_ == LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE ||
+ trigger_type_ == LoginReputationClientRequest::PASSWORD_REUSE_EVENT);
}
PasswordProtectionRequest::~PasswordProtectionRequest() {
@@ -46,26 +54,37 @@ PasswordProtectionRequest::~PasswordProtectionRequest() {
void PasswordProtectionRequest::Start() {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
- CheckWhitelistOnUIThread();
+ CheckWhitelist();
}
-void PasswordProtectionRequest::CheckWhitelistOnUIThread() {
+void PasswordProtectionRequest::CheckWhitelist() {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
- bool* match_whitelist = new bool(false);
- tracker_.PostTaskAndReply(
+ // Start a task on the IO thread to check the whitelist. It may
+ // callback immediately on the IO thread or take some time if a full-hash-
+ // check is required.
+ auto result_callback = base::Bind(&OnWhitelistCheckDoneOnIO, GetWeakPtr());
+ tracker_.PostTask(
BrowserThread::GetTaskRunnerForThread(BrowserThread::IO).get(), FROM_HERE,
- base::Bind(&PasswordProtectionService::CheckCsdWhitelistOnIOThread,
- base::Unretained(password_protection_service_),
- main_frame_url_, match_whitelist),
- base::Bind(&PasswordProtectionRequest::OnWhitelistCheckDone, this,
- base::Owned(match_whitelist)));
+ base::Bind(&WhitelistCheckerClient::StartCheckCsdWhitelist,
+ password_protection_service_->database_manager(),
+ main_frame_url_, result_callback));
+}
+
+// static
+void PasswordProtectionRequest::OnWhitelistCheckDoneOnIO(
+ base::WeakPtr<PasswordProtectionRequest> weak_request,
+ bool match_whitelist) {
+ // Don't access weak_request on IO thread. Move it back to UI thread first.
+ BrowserThread::PostTask(
+ BrowserThread::UI, FROM_HERE,
+ base::Bind(&PasswordProtectionRequest::OnWhitelistCheckDone, weak_request,
+ match_whitelist));
}
-void PasswordProtectionRequest::OnWhitelistCheckDone(
- const bool* match_whitelist) {
+void PasswordProtectionRequest::OnWhitelistCheckDone(bool match_whitelist) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
- if (*match_whitelist)
+ if (match_whitelist)
Finish(PasswordProtectionService::MATCHED_WHITELIST, nullptr);
else
CheckCachedVerdicts();
@@ -81,7 +100,7 @@ void PasswordProtectionRequest::CheckCachedVerdicts() {
std::unique_ptr<LoginReputationClientResponse> cached_response =
base::MakeUnique<LoginReputationClientResponse>();
auto verdict = password_protection_service_->GetCachedVerdict(
- main_frame_url_, cached_response.get());
+ main_frame_url_, trigger_type_, cached_response.get());
if (verdict != LoginReputationClientResponse::VERDICT_TYPE_UNSPECIFIED)
Finish(PasswordProtectionService::RESPONSE_ALREADY_CACHED,
std::move(cached_response));
@@ -92,11 +111,11 @@ void PasswordProtectionRequest::CheckCachedVerdicts() {
void PasswordProtectionRequest::FillRequestProto() {
request_proto_ = base::MakeUnique<LoginReputationClientRequest>();
request_proto_->set_page_url(main_frame_url_.spec());
- request_proto_->set_trigger_type(request_type_);
- password_protection_service_->FillUserPopulation(request_type_,
+ request_proto_->set_trigger_type(trigger_type_);
+ password_protection_service_->FillUserPopulation(trigger_type_,
request_proto_.get());
request_proto_->set_stored_verdict_cnt(
- password_protection_service_->GetStoredVerdictCount());
+ password_protection_service_->GetStoredVerdictCount(trigger_type_));
LoginReputationClientRequest::Frame* main_frame =
request_proto_->add_frames();
main_frame->set_url(main_frame_url_.spec());
@@ -104,7 +123,7 @@ void PasswordProtectionRequest::FillRequestProto() {
password_protection_service_->FillReferrerChain(
main_frame_url_, -1 /* tab id not available */, main_frame);
- switch (request_type_) {
+ switch (trigger_type_) {
case LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE: {
LoginReputationClientRequest::Frame::Form* password_form;
if (password_form_frame_url_ == main_frame_url_) {
@@ -124,7 +143,21 @@ void PasswordProtectionRequest::FillRequestProto() {
break;
}
case LoginReputationClientRequest::PASSWORD_REUSE_EVENT: {
- // TODO(jialiul): Fill more password reuse related information when ready.
+ main_frame->set_has_password_field(password_field_exists_);
+ LoginReputationClientRequest::PasswordReuseEvent* reuse_event =
+ request_proto_->mutable_password_reuse_event();
+ reuse_event->set_is_chrome_signin_password(
+ saved_domain_ == std::string(password_manager::kSyncPasswordDomain));
+ if (reuse_event->is_chrome_signin_password()) {
+ reuse_event->set_sync_account_type(
+ password_protection_service_->GetSyncAccountType());
+ UMA_HISTOGRAM_ENUMERATION(
+ "PasswordProtection.PasswordReuseSyncAccountType",
+ reuse_event->sync_account_type(),
+ LoginReputationClientRequest::PasswordReuseEvent::
+ SyncAccountType_MAX +
+ 1);
+ }
break;
}
default:
@@ -238,17 +271,21 @@ void PasswordProtectionRequest::Finish(
std::unique_ptr<LoginReputationClientResponse> response) {
DCHECK_CURRENTLY_ON(BrowserThread::UI);
tracker_.TryCancelAll();
-
- if (request_type_ == LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE) {
+ bool is_sync_password =
+ saved_domain_ == std::string(password_manager::kSyncPasswordDomain);
+ if (trigger_type_ == LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE) {
UMA_HISTOGRAM_ENUMERATION(kPasswordOnFocusRequestOutcomeHistogramName,
outcome, PasswordProtectionService::MAX_OUTCOME);
+ } else if (is_sync_password) {
+ UMA_HISTOGRAM_ENUMERATION(kSyncPasswordEntryRequestOutcomeHistogramName,
+ outcome, PasswordProtectionService::MAX_OUTCOME);
} else {
UMA_HISTOGRAM_ENUMERATION(kPasswordEntryRequestOutcomeHistogramName,
outcome, PasswordProtectionService::MAX_OUTCOME);
}
- if (response) {
- switch (request_type_) {
+ if (outcome == PasswordProtectionService::SUCCEEDED && response) {
+ switch (trigger_type_) {
case LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE:
UMA_HISTOGRAM_ENUMERATION(
"PasswordProtection.Verdict.PasswordFieldOnFocus",
@@ -256,10 +293,17 @@ void PasswordProtectionRequest::Finish(
LoginReputationClientResponse_VerdictType_VerdictType_MAX + 1);
break;
case LoginReputationClientRequest::PASSWORD_REUSE_EVENT:
- UMA_HISTOGRAM_ENUMERATION(
- "PasswordProtection.Verdict.ProtectedPasswordEntry",
- response->verdict_type(),
- LoginReputationClientResponse_VerdictType_VerdictType_MAX + 1);
+ if (is_sync_password) {
+ UMA_HISTOGRAM_ENUMERATION(
+ "PasswordProtection.Verdict.SyncProtectedPasswordEntry",
+ response->verdict_type(),
+ LoginReputationClientResponse_VerdictType_VerdictType_MAX + 1);
+ } else {
+ UMA_HISTOGRAM_ENUMERATION(
+ "PasswordProtection.Verdict.ProtectedPasswordEntry",
+ response->verdict_type(),
+ LoginReputationClientResponse_VerdictType_VerdictType_MAX + 1);
+ }
break;
default:
NOTREACHED();
@@ -267,7 +311,9 @@ void PasswordProtectionRequest::Finish(
}
DCHECK(password_protection_service_);
- password_protection_service_->RequestFinished(this, std::move(response));
+ password_protection_service_->RequestFinished(
+ this, outcome == PasswordProtectionService::RESPONSE_ALREADY_CACHED,
+ std::move(response));
}
void PasswordProtectionRequest::Cancel(bool timed_out) {
View Lorry Controller Status