1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
|
// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_PASSWORD_CHECK_ANDROID_PASSWORD_CHECK_MANAGER_H_
#define CHROME_BROWSER_PASSWORD_CHECK_ANDROID_PASSWORD_CHECK_MANAGER_H_
#include <string_view>
#include "base/memory/raw_ptr.h"
#include "base/memory/scoped_refptr.h"
#include "base/memory/weak_ptr.h"
#include "base/scoped_observation.h"
#include "chrome/browser/affiliations/affiliation_service_factory.h"
#include "chrome/browser/password_check/android/password_check_ui_status.h"
#include "chrome/browser/password_entry_edit/android/credential_edit_bridge.h"
#include "chrome/browser/password_manager/account_password_store_factory.h"
#include "chrome/browser/password_manager/bulk_leak_check_service_factory.h"
#include "chrome/browser/password_manager/profile_password_store_factory.h"
#include "chrome/browser/profiles/profile.h"
#include "components/password_manager/core/browser/leak_detection/bulk_leak_check_service.h"
#include "components/password_manager/core/browser/leak_detection/bulk_leak_check_service_interface.h"
#include "components/password_manager/core/browser/ui/bulk_leak_check_service_adapter.h"
#include "components/password_manager/core/browser/ui/credential_ui_entry.h"
#include "components/password_manager/core/browser/ui/insecure_credentials_manager.h"
#include "components/password_manager/core/browser/ui/saved_passwords_presenter.h"
class PasswordCheckManager
: public password_manager::SavedPasswordsPresenter::Observer,
public password_manager::InsecureCredentialsManager::Observer,
public password_manager::BulkLeakCheckServiceInterface::Observer {
public:
class Observer {
public:
virtual ~Observer() = default;
virtual void OnSavedPasswordsFetched(int count) = 0;
virtual void OnCompromisedCredentialsChanged(int count) = 0;
virtual void OnPasswordCheckStatusChanged(
password_manager::PasswordCheckUIStatus status) = 0;
virtual void OnPasswordCheckProgressChanged(int already_processed,
int remaining_in_queue) = 0;
};
struct CompromisedCredentialForUI : password_manager::CredentialUIEntry {
explicit CompromisedCredentialForUI(
const password_manager::CredentialUIEntry& credential_entry);
CompromisedCredentialForUI(const CompromisedCredentialForUI& other);
CompromisedCredentialForUI(CompromisedCredentialForUI&& other);
CompromisedCredentialForUI& operator=(
const CompromisedCredentialForUI& other);
CompromisedCredentialForUI& operator=(CompromisedCredentialForUI&& other);
~CompromisedCredentialForUI();
std::u16string display_username;
std::u16string display_origin;
std::string package_name;
std::string change_password_url;
};
// `observer` must outlive `this`.
PasswordCheckManager(Profile* profile, Observer* observer);
~PasswordCheckManager() override;
// Requests to start the password check.
void StartCheck();
// Stops a running check.
void StopCheck();
// Called by java to retireve the timestamp of the last password check.
base::Time GetLastCheckTimestamp();
// Called by java to retrieve the number of compromised credentials. If the
// credentials haven't been fetched yet, this will return 0.
int GetCompromisedCredentialsCount() const;
// Called by java to retrieve the number of saved passwords.
// If the saved passwords haven't been fetched yet, this will return 0.
int GetSavedPasswordsCount() const;
// Called by java to retrieve the compromised credentials.
std::vector<CompromisedCredentialForUI> GetCompromisedCredentials() const;
// Called by java to update the given compromised `credential` and set its
// password to `new_password`.
void UpdateCredential(const password_manager::CredentialUIEntry& credential,
std::string_view new_password);
// Called by java to launch the edit credential UI for `credential`.
void OnEditCredential(const password_manager::CredentialUIEntry& credential,
const base::android::JavaParamRef<jobject>& context);
// Called by java to remove the given compromised `credential` and trigger a
// UI update on completion.
void RemoveCredential(const password_manager::CredentialUIEntry& credential);
// Checks if user is signed into their account to perform the check.
bool HasAccountForRequest();
// Not copyable or movable
PasswordCheckManager(const PasswordCheckManager&) = delete;
PasswordCheckManager& operator=(const PasswordCheckManager&) = delete;
PasswordCheckManager(PasswordCheckManager&&) = delete;
PasswordCheckManager& operator=(PasswordCheckManager&&) = delete;
private:
// Helps to track which preconditions are fulfilled.
enum CheckPreconditions {
// No preconditions have been fulfilled.
kNone = 0,
// Saved passwords can be accessed.
kSavedPasswordsAvailable = 1 << 0,
// Already known compromised credentials were loaded.
kKnownCredentialsFetched = 1 << 1,
// All preconditions have been fulfilled.
kAll = kSavedPasswordsAvailable | kKnownCredentialsFetched,
};
// Class remembering the state required to update the progress of an ongoing
// Password Check.
class PasswordCheckProgress {
public:
PasswordCheckProgress();
~PasswordCheckProgress();
size_t remaining_in_queue() const { return remaining_in_queue_; }
size_t already_processed() const { return already_processed_; }
// Increments the counts corresponding to `password`. Intended to be called
// for each credential that is passed to the bulk check.
void IncrementCounts(const password_manager::CredentialUIEntry& password);
// Updates the counts after a `credential` has been processed by the bulk
// check.
void OnProcessed(const password_manager::LeakCheckCredential& credential);
private:
// Count variables needed to correctly show the progress of the check to the
// user. `already_processed_` contains the number of credentials that have
// been checked already, while `remaining_in_queue_` remembers how many
// passwords still need to be checked.
// Since the bulk leak check tries to be as efficient as possible, it
// performs a deduplication step before starting to check passwords. In this
// step it canonicalizes each credential, and only processes the
// combinations that are unique. Since this number likely does not match the
// total number of saved passwords, we remember in `counts_` how many saved
// passwords a given canonicalized credential corresponds to.
size_t already_processed_ = 0;
size_t remaining_in_queue_ = 0;
std::map<password_manager::CanonicalizedCredential, size_t> counts_;
};
// password_manager::SavedPasswordsPresenter::Observer:
void OnSavedPasswordsChanged(
const password_manager::PasswordStoreChangeList& changes) override;
// InsecureCredentialsManager::Observer
void OnInsecureCredentialsChanged() override;
// BulkLeakCheckServiceInterface::Observer
void OnStateChanged(
password_manager::BulkLeakCheckServiceInterface::State state) override;
void OnCredentialDone(const password_manager::LeakCheckCredential& credential,
password_manager::IsLeaked is_leaked) override;
void OnBulkCheckServiceShutDown() override;
// Turns a `CredentialUIEntry` into a `CompromisedCredentialForUI`,
// getting suitable strings for all display elements (e.g. url, app name,
// app package, username, etc.).
CompromisedCredentialForUI MakeUICredential(
const password_manager::CredentialUIEntry& credential) const;
// Converts the state retrieved from the check service into a state that
// can be used by the UI to display appropriate messages.
password_manager::PasswordCheckUIStatus GetUIStatus(
password_manager::BulkLeakCheckServiceInterface::State state) const;
// Returns true if the user has their passwords available in their Google
// Account. Used to determine whether the user could use the password check
// in the account if the quota limit was reached.
bool CanUseAccountCheck() const;
// Returns true if the passed |condition| was already met.
bool IsPreconditionFulfilled(CheckPreconditions condition) const;
// Marks the passed |condition| as fulfilled and runs a check if applicable.
void FulfillPrecondition(CheckPreconditions condition);
// Resets the passed |condition| so that it's expected to happen again.
void ResetPrecondition(CheckPreconditions condition);
// Destroys the edit ui bridge.
void OnEditUIDismissed();
// Obsever being notified of UI-relevant events.
// It must outlive `this`.
raw_ptr<Observer> observer_ = nullptr;
// The profile for which the passwords are checked.
raw_ptr<Profile> profile_ = nullptr;
// Object storing the progress of a running password check.
std::unique_ptr<PasswordCheckProgress> progress_;
// Used by `insecure_credentials_manager_` to obtain the list of saved
// passwords.
password_manager::SavedPasswordsPresenter saved_passwords_presenter_{
AffiliationServiceFactory::GetForProfile(profile_),
ProfilePasswordStoreFactory::GetForProfile(
profile_,
ServiceAccessType::EXPLICIT_ACCESS),
AccountPasswordStoreFactory::GetForProfile(
profile_,
ServiceAccessType::EXPLICIT_ACCESS)};
// Used to obtain the list of insecure credentials.
password_manager::InsecureCredentialsManager insecure_credentials_manager_{
&saved_passwords_presenter_};
// Adapter used to start, monitor and stop a bulk leak check.
password_manager::BulkLeakCheckServiceAdapter
bulk_leak_check_service_adapter_{
&saved_passwords_presenter_,
BulkLeakCheckServiceFactory::GetForProfile(profile_),
profile_->GetPrefs()};
// The check can be run only of this is CheckPreconditions::kAll;
int fulfilled_preconditions_ = CheckPreconditions::kNone;
// Whether the check start was requested.
bool was_start_requested_ = false;
// Whether a check is currently running.
bool is_check_running_ = false;
// Used to open the view/edit/delete UI.
std::unique_ptr<CredentialEditBridge> credential_edit_bridge_;
// A scoped observer for `saved_passwords_presenter_`.
base::ScopedObservation<password_manager::SavedPasswordsPresenter,
password_manager::SavedPasswordsPresenter::Observer>
observed_saved_passwords_presenter_{this};
// A scoped observer for `insecure_credentials_manager_`.
base::ScopedObservation<
password_manager::InsecureCredentialsManager,
password_manager::InsecureCredentialsManager::Observer>
observed_insecure_credentials_manager_{this};
// A scoped observer for the BulkLeakCheckService.
base::ScopedObservation<
password_manager::BulkLeakCheckServiceInterface,
password_manager::BulkLeakCheckServiceInterface::Observer>
observed_bulk_leak_check_service_{this};
// Weak pointer factory for callback binding safety.
base::WeakPtrFactory<PasswordCheckManager> weak_ptr_factory_{this};
};
#endif // CHROME_BROWSER_PASSWORD_CHECK_ANDROID_PASSWORD_CHECK_MANAGER_H_
|
