1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
// Copyright 2023 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_SAFE_BROWSING_CHROME_PASSWORD_REUSE_DETECTION_MANAGER_CLIENT_H_
#define CHROME_BROWSER_SAFE_BROWSING_CHROME_PASSWORD_REUSE_DETECTION_MANAGER_CLIENT_H_
#include <memory>
#include <string>
#include <vector>
#include "base/memory/raw_ptr.h"
#include "chrome/browser/safe_browsing/phishy_interaction_tracker.h"
#include "components/autofill/core/browser/logging/log_manager.h"
#include "components/password_manager/core/browser/password_manager_client.h"
#include "components/safe_browsing/core/browser/password_protection/password_reuse_detection_manager.h"
#include "components/safe_browsing/core/browser/password_protection/password_reuse_detection_manager_client.h"
#include "components/signin/public/identity_manager/identity_manager.h"
#include "components/signin/public/identity_manager/primary_account_change_event.h"
#include "content/public/browser/render_widget_host.h"
#include "content/public/browser/web_contents_observer.h"
#include "content/public/browser/web_contents_user_data.h"
namespace autofill {
class LogRouter;
}
namespace safe_browsing {
class PasswordProtectionService;
}
// ChromePasswordReuseDetectionManagerClient is instantiated once per
// WebContents. It manages password reuse detection.
class ChromePasswordReuseDetectionManagerClient
: public safe_browsing::PasswordReuseDetectionManagerClient,
public content::WebContentsObserver,
public content::WebContentsUserData<
ChromePasswordReuseDetectionManagerClient>,
public content::RenderWidgetHost::InputEventObserver,
public signin::IdentityManager::Observer {
public:
ChromePasswordReuseDetectionManagerClient(
const ChromePasswordReuseDetectionManagerClient&) = delete;
ChromePasswordReuseDetectionManagerClient& operator=(
const ChromePasswordReuseDetectionManagerClient&) = delete;
~ChromePasswordReuseDetectionManagerClient() override;
static void CreateForWebContents(content::WebContents* contents);
static void CreateForProfilePickerWebContents(content::WebContents* contents);
const GURL& GetLastCommittedURL() const;
// TODO(crbug.com/40895228): This function is overridden in unit tests.
// This will be removed after the unit tests refactoring.
virtual safe_browsing::PasswordProtectionService*
GetPasswordProtectionService() const;
// PasswordReuseDetectionManagerClient implementation.
void MaybeLogPasswordReuseDetectedEvent() override;
autofill::LogManager* GetCurrentLogManager() override;
password_manager::PasswordReuseManager* GetPasswordReuseManager()
const override;
bool IsHistorySyncAccountEmail(const std::string& username) override;
bool IsPasswordFieldDetectedOnPage() override;
void CheckProtectedPasswordEntry(
password_manager::metrics_util::PasswordType reused_password_type,
const std::string& username,
const std::vector<password_manager::MatchingReusedCredential>&
matching_reused_credentials,
bool password_field_exists,
uint64_t reused_password_hash,
const std::string& domain) override;
#if BUILDFLAG(IS_ANDROID)
// Notifies `PasswordReuseDetectionManager` about passwords selected from
// AllPasswordsBottomSheet.
void OnPasswordSelected(const std::u16string& text) override;
// content::RenderWidgetHost::InputEventObserver overrides. Notifies
// OnKeyPressed events.
void OnImeTextCommittedEvent(const std::u16string& text_str) override;
void OnImeSetComposingTextEvent(const std::u16string& text_str) override;
void OnImeFinishComposingTextEvent() override;
#endif
protected:
explicit ChromePasswordReuseDetectionManagerClient(
content::WebContents* web_contents,
signin::IdentityManager* identity_manager = nullptr);
private:
friend class content::WebContentsUserData<
ChromePasswordReuseDetectionManagerClient>;
// Needed to exercise the logic of InternalOnPrimaryAccountChanged in
// unit tests.
friend class MockChromePasswordReuseDetectionManagerClient;
// content::WebContentsObserver overrides.
void WebContentsDestroyed() override;
void PrimaryPageChanged(content::Page& page) override;
void RenderFrameCreated(content::RenderFrameHost* render_frame_host) override;
void OnPaste() override;
// content::RenderWidgetHost::InputEventObserver overrides.
void OnInputEvent(const content::RenderWidgetHost& widget,
const blink::WebInputEvent&) override;
// Implements signin::IdentityManager::Observer.
void OnPrimaryAccountChanged(
const signin::PrimaryAccountChangeEvent& event_details) override;
// Attempts to save password hash if a sign-in event is detected.
void InternalOnPrimaryAccountChanged(
password_manager::PasswordManagerClient* password_manager_client,
const signin::PrimaryAccountChangeEvent& event_details);
safe_browsing::PasswordReuseDetectionManager
password_reuse_detection_manager_;
const raw_ptr<Profile> profile_;
const raw_ptr<autofill::LogRouter> log_router_;
std::unique_ptr<autofill::RoutingLogManager> log_manager_;
safe_browsing::PhishyInteractionTracker phishy_interaction_tracker_;
// This reference is only used if a sign-in via the ProfilePickerUI is
// detected. By observing the IdentityManager we can detect signin events.
raw_ptr<signin::IdentityManager> identity_manager_;
#if BUILDFLAG(IS_ANDROID)
// Last composing text from ime, this is updated when ime set composing text
// event is triggered. It is sent to password reuse detection manager and
// reset when ime finish composing text event is triggered.
std::u16string last_composing_text_;
#endif // BUILDFLAG(IS_ANDROID)
WEB_CONTENTS_USER_DATA_KEY_DECL();
};
#endif // CHROME_BROWSER_SAFE_BROWSING_CHROME_PASSWORD_REUSE_DETECTION_MANAGER_CLIENT_H_
|
