1// Copyright 2016 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5// Data models to interface with legacy Autofill API. 6 7syntax = "proto2"; 8 9option optimize_for = LITE_RUNTIME; 10 11package autofill; 12 13import "password_requirements.proto"; 14 15// Request to query field suggestions for forms in a page from legacy Autofill 16// API. 17// Next available id: 15 18message AutofillQueryContents { 19 reserved 11; // Reserved for server use. 20 required string client_version = 1; 21 repeated group Form = 2 { 22 required fixed64 signature = 3; 23 optional AutofillRandomizedFormMetadata form_metadata = 12; 24 repeated group Field = 4 { 25 required fixed32 signature = 5; 26 optional string name = 8; 27 optional string type = 9; // Control type. 28 optional AutofillRandomizedFieldMetadata field_metadata = 13; 29 } 30 } 31 repeated int64 experiments = 14; 32} 33 34// Response from Autofill query on the legacy API that gives field suggestions 35// for forms of a page in a flattened representation. The fields are returned in 36// the exact same order as filled in the request. 37// Next available id: 10 38message AutofillQueryResponseContents { 39 optional bool upload_required = 1 [deprecated = true]; 40 repeated group Field = 2 { 41 required fixed32 overall_type_prediction = 3; 42 // Detailed list of all possible predictions (including 43 // |overall_type_prediction| as the first item). 44 message FieldPrediction { 45 // The predicted field type. 46 optional fixed32 type = 1; 47 48 // True if the serverside classification believes that the field 49 // may be pre-filled with a placeholder in the value attribute. 50 optional bool may_use_prefilled_placeholder = 2; 51 } 52 repeated FieldPrediction predictions = 7; 53 54 // For fields of type NEW_PASSWORD and ACCOUNT_CREATION_PASSWORD, this may 55 // specify requirements for the generation of passwords. 56 optional PasswordRequirementsSpec password_requirements = 9; 57 } 58} 59 60// This message contains a randomized encoding of a string, where each bit 61// in the encoded string is randomly sent as either the true value seen by 62// the client, or random noise. The mapping of specific bits in the encoded 63// string back to bits in the original string is specified by the EncodingType. 64message AutofillRandomizedValue { 65 enum EncodingType { 66 // Reserved default value. Should never be sent over the wire. 67 UNSPECIFIED_ENCODING_TYPE = -1; 68 69 // This string encodes only one bit, bit N, for each byte. 70 BIT_0 = 0; 71 BIT_1 = 1; 72 BIT_2 = 2; 73 BIT_3 = 3; 74 BIT_4 = 4; 75 BIT_5 = 5; 76 BIT_6 = 6; 77 BIT_7 = 7; 78 79 // For each byte, the encoded value contains even or odd bits only. 80 EVEN_BITS = 8; 81 ODD_BITS = 9; 82 83 // The encoded value contains all of the bits. 84 ALL_BITS = 10; 85 } 86 87 // Selector denoting the source bits to which the encoded bits correspond. 88 optional EncodingType encoding_type = 1 [default = UNSPECIFIED_ENCODING_TYPE]; 89 90 // The encoded bits. Only the bits denoted by |encoding_type| are included in 91 // |encoded_bits|. 92 // 93 // BIT_K encodings: 94 // each randomized bit i in |encoded_bits| corresponds to bit k of the byte 95 // at the corresponding offset i of the original metadata value, up to 96 // i=64 (8 bytes). 97 // 98 // EVEN_BITS encoding: 99 // each randomized bit i in |encoded_bits| corresponds to bit 2*i of the 100 // original metadata value, up to i=256 (32 bytes). 101 // 102 // ODD_BITS encoding: 103 // each randomized bit i in |encoded_bits| corresponds to bit 2*i+1 of the 104 // original metadata value, up to i=256 (32 bytes). 105 // 106 // ALL_BITS encoding: 107 // each bit i in |encoded_bits| corresponds to bit i of the original 108 // metadata value, up to i=512 (64 bytes). 109 // 110 // The encoded data is generally not user data, however, it is possible that 111 // user visible metadata (like the Label for an input field) could be 112 // personalized and thus contains user data (possibly PII). For the ALL_BITS 113 // encoding, each randomized byte has a 10% probability of being encoded 1:1 114 // as the true byte seen by the client, even if some of those bits were 115 // transmitted as noise. For all of the other encodings, the encoded bits 116 // does not encode any full bytes. 117 optional bytes encoded_bits = 2; 118 119 // 32-bit checksum before randomization (passed in clear text). Note that 120 // this value may not be present; for now, it is only stored for metadata 121 // values of type FORM_URL. 122 optional fixed32 checksum = 3; 123} 124 125// Describes how the button is implemented in HTML source. Corresponds to 126// the mojo ButtonTitleType enum defined in 127// components/autofill/core/common/mojom/autofill_types.mojom.h 128enum ButtonTitleType { 129 NONE = 0; 130 BUTTON_ELEMENT_SUBMIT_TYPE = 1; // <button type='submit'> 131 BUTTON_ELEMENT_BUTTON_TYPE = 2; // <button type='button'> 132 INPUT_ELEMENT_SUBMIT_TYPE = 3; // <input type='submit'> 133 INPUT_ELEMENT_BUTTON_TYPE = 4; // <input type='button'> 134 HYPERLINK = 5; // e.g. <a class='button'> 135 DIV = 6; // e.g. <div id='submit'> 136 SPAN = 7; // e.g. <span name='btn'> 137} 138 139// The collection of autofill field metadata to be sent using randomization. 140message AutofillRandomizedFormMetadata { 141 // Form element id. Example: <form id="XXXXXXXX"> 142 optional AutofillRandomizedValue id = 1; 143 144 // Form element name. Example: <form name="XXXXXXXX"> 145 optional AutofillRandomizedValue name = 2; 146 147 // Form element action. Example: <form action="XXXXXXXX"> 148 optional AutofillRandomizedValue action = 3; 149 150 // Location of form as URL. 151 optional AutofillRandomizedValue url = 4; 152 153 // Information about a button's title (sync with another ButtonTitle in this 154 // proto). 155 message ButtonTitle { 156 // Text showed on the button. 157 optional AutofillRandomizedValue title = 1; 158 159 // Describes how the button is implemented in HTML source. 160 optional ButtonTitleType type = 2; 161 } 162 // Titles of form's buttons. Example: <input type="submit" value="XXXXX"> 163 repeated ButtonTitle button_title = 5; 164 165 reserved 6; 166} 167 168// The collection of autofill field metadata to be sent using randomization. 169message AutofillRandomizedFieldMetadata { 170 // Input element id. Example: <input id="XXXXXXXX"> 171 optional AutofillRandomizedValue id = 1; 172 173 // Input element name. Example: <input name="XXXXXXXX"> 174 optional AutofillRandomizedValue name = 2; 175 176 // Input element type. Example: <input type="XXXXXXXX"> 177 optional AutofillRandomizedValue type = 3; 178 179 // Input field label value seen by the user, either explicitly annotated in 180 // the DOM or inferred by the client. 181 // 182 // The value encountered by the client may be personalized (for example: 183 // "Please enter the password for foo@bar.net"). The system will learn the 184 // common/static prefix and determine that the personalized substring is 185 // noise. That said, for a given upload using the ALL_BITS encoding, each 186 // byte has a 10% probability or matching the original plaintext byte and 187 // a 1 in 10^m chance of the full m-character string being uploaded as 188 // plaintext. The other encodings only send partial bytes. 189 // 190 // Example: <label for="id">XXXXXXX</label> 191 optional AutofillRandomizedValue label = 4; 192 193 // Input field label value exposed to the user via ARIA. 194 // Example 1: <input aria-label="XXXXXX> 195 // Example 2: <div id="foo">XXXXXXX</div> 196 // <input aria-labelledby="foo"> 197 optional AutofillRandomizedValue aria_label = 5; 198 199 // Input field description exposed to the user via ARIA. 200 // Example: 201 // <div id="foo">XXXXXXX</div> 202 // <input aria-describedby="foo"> 203 optional AutofillRandomizedValue aria_description = 6; 204 205 // CSS class for the input element. 206 // Example: <input class="XXXXXXXX"> 207 optional AutofillRandomizedValue css_class = 7; 208 209 // Placeholder text for the input element. 210 // Example: <input placeholder="XXXXXXXX"> 211 optional AutofillRandomizedValue placeholder = 8; 212 213 // Hash of the initial value of the field. We want to learn if the initial 214 // value of this field is personalized to the user (we will learn that the 215 // value is noise) or if it is a placeholder in disguise (we will learn a 216 // constant hash). 217 // 218 // Example: <input value="VVVVVVV"> 219 // XXXXXXXX = hash("VVVVVVV"") 220 optional AutofillRandomizedValue initial_value_hash = 9; 221} 222 223// This message contains information about the field types in a single form. 224// It is sent by the toolbar to contribute to the field type statistics. 225// Next available id: 41 226message AutofillUploadContents { 227 required string client_version = 1; 228 required fixed64 form_signature = 2; 229 230 // The secondary form signature is calculated based on field types instead of 231 // names and is used if the primary one is unstable, i.e. the field names 232 // change on every page load. 233 optional fixed64 secondary_form_signature = 34; 234 235 // True if the autofill feature was used to fill this form, false otherwise. 236 required bool autofill_used = 3; 237 238 // A string representing a bit array of what personal information items 239 // the user has entered in the autofill settings dialog. 240 // The corresponding bit is set if the user has that particular 241 // item entered and is not set otherwise. 242 required string data_present = 4; 243 244 // List of the fields in the form and their types. 245 repeated group Field = 5 { 246 // Field identification inside the current form. 247 required fixed32 signature = 6; 248 249 // Type of the field, e.g. what type of personal information did the user 250 // enter in that field before form submission. There is a predefined 251 // enum of types located at 252 // components/autofill/core/browser/field_types.h 253 // AutoFillFieldType 254 repeated fixed32 autofill_type = 7; 255 256 // The value of the name attribute on the field, if present. Otherwise, the 257 // value of the id attribute. See HTMLFormControlElement::nameForAutofill. 258 // TODO(850606): Deprecate once randomized metadata is launched. 259 optional string name = 8; 260 261 // The value of the autocomplete attribute on the field, if present. 262 // TODO(850606): Deprecate once randomized metadata is launched. 263 optional string autocomplete = 9; 264 265 // The type of input control for this field (e.g. text, textarea, email). 266 // TODO(850606): Deprecate once randomized metadata is launched. 267 optional string type = 10; 268 269 // The field-level metadata associated with this field, randomized. 270 optional AutofillRandomizedFieldMetadata randomized_field_metadata = 33; 271 272 enum PasswordGenerationType { 273 NO_GENERATION = 0; 274 AUTOMATICALLY_TRIGGERED_GENERATION_ON_SIGN_UP_FORM = 1; 275 AUTOMATICALLY_TRIGGERED_GENERATION_ON_CHANGE_PASSWORD_FORM = 2; 276 MANUALLY_TRIGGERED_GENERATION_ON_SIGN_UP_FORM = 3; 277 MANUALLY_TRIGGERED_GENERATION_ON_CHANGE_PASSWORD_FORM = 4; 278 IGNORED_GENERATION_POPUP = 5; 279 } 280 // The type of password generation, if it happened. 281 optional PasswordGenerationType generation_type = 17; 282 283 // The value of the class attribute on the field, if present. 284 // TODO(850606): Deprecate once randomized metadata is launched. 285 optional string css_classes = 19; 286 287 // The properties mask (i.e. whether the field was autofilled, user 288 // modified, etc.) See FieldPropertiesFlags. 289 optional uint32 properties_mask = 20; 290 291 // The value of the id attribute, if it differs from the name attribute. 292 // Otherwise, this field is absent. 293 // TODO(850606): Deprecate once randomized metadata is launched. 294 optional string id = 21; 295 296 // True iff the user changed generated password. If there was no generation, 297 // the field is absent. 298 optional bool generated_password_changed = 22; 299 300 enum VoteType { 301 NO_INFORMATION = 0; 302 // A credential saved on one form (typically a signup form) was used on a 303 // login form. The vote applies to the first (signup) form. 304 CREDENTIALS_REUSED = 1; 305 // When reusing a credential, the username value is not the saved 306 // username, but another value, which appeared on the form where we saved. 307 // The correct field is voted for. 308 USERNAME_OVERWRITTEN = 2; 309 // In the save prompt, the user corrected the username value to another 310 // value from the form. The new field is voted for. 311 USERNAME_EDITED = 3; 312 // The username field was detected by the base heuristic (take the last 313 // non-password field before the first password field). The value is not 314 // used at this point. 315 BASE_HEURISTIC = 4; 316 // The username field was detected by HTML-based detector. The value is 317 // not used at this point. 318 HTML_CLASSIFIER = 5; 319 // A saved credential was used for the first time on a submitted form. The 320 // vote applies to the form being submitted. 321 FIRST_USE = 6; 322 } 323 324 // The type of password-related vote. If |autofill_type| is not a USERNAME 325 // or any PASSWORD vote, then the field is absent. This field describes the 326 // context of the vote. 327 optional VoteType vote_type = 23; 328 329 message AutofillTypeValiditiesPair { 330 // Type of the field, e.g. what type of personal data the user entered in 331 // that field before form submission. A list of all data types can be 332 // found in: 333 required int32 type = 1; 334 // The validity of the type, which is determined based on the validity of 335 // the user's profile data. A list of all validity states can be found 336 // here: components/autofill/core/browser/field_types.h 337 // The validity state of a type is used to experiment if only using valid 338 // data would result in better predictions. 339 repeated int32 validity = 2; 340 } 341 // A list of possible types for the field with their corresponding validity 342 // states based on the user's data. 343 repeated AutofillTypeValiditiesPair autofill_type_validities = 35; 344 345 // A low-entropy hash of the field's initial value before user-interactions 346 // or automatic fillings. This field is used to detect static 347 // placeholders. 348 optional uint32 initial_value_hash = 40; 349 } 350 // Signature of the form action host (e.g. Hash64Bit("example.com")). 351 optional fixed64 action_signature = 13; 352 353 // Signature of the form which is used for password generation debugging. 354 // Currently is used when password generated on a password field of a 355 // registration form is used on a password field of a login form. 356 optional fixed64 login_form_signature = 14; 357 358 // Whether a form submission event was observed. 359 optional bool submission = 15; 360 361 // The form name. 362 optional string form_name = 16; 363 364 // True if the non-obfuscated password values were shown to the user. 365 optional bool passwords_revealed = 24; 366 367 // The section of noisified data about password. 368 // Upload only one of character class attributes (|password_has_*|). Noisified 369 // length is always uploaded. 370 // Upload only when a password is saved. 371 // Used to adjust the password generator's settings to site's requirements. 372 373 // Whether the password has any lowercase letter. 374 optional bool password_has_lowercase_letter = 25; 375 376 // Deprecated since M80: Whether the password has any uppercase letter. 377 optional bool password_has_uppercase_letter = 26 [deprecated = true]; 378 379 // Deprecated since M80: Whether the password has any digit. 380 optional bool password_has_numeric = 27 [deprecated = true]; 381 382 // Whether the password has any special symbol. 383 optional bool password_has_special_symbol = 28; 384 385 // Noisified password length. 386 optional uint32 password_length = 29; 387 388 // If |password_has_special_symbol| is true, this field contains noisified 389 // information about a special symbol used in a user-created password stored 390 // in ASCII code. 391 // Otherwise, this field is unset. 392 optional uint32 password_special_symbol = 39; 393 394 // The end of the section of password attributes. 395 396 // Event observed by the password manager which indicated that the form was 397 // successfully submitted. Corresponds to |mojom::SubmissionIndicatorEvent|. 398 enum SubmissionIndicatorEvent { 399 NONE = 0; 400 HTML_FORM_SUBMISSION = 1; 401 SAME_DOCUMENT_NAVIGATION = 2; 402 XHR_SUCCEEDED = 3; 403 FRAME_DETACHED = 4; 404 DEPRECATED_MANUAL_SAVE = 5; // obsolete 405 DOM_MUTATION_AFTER_XHR = 6; 406 PROVISIONALLY_SAVED_FORM_ON_START_PROVISIONAL_LOAD = 7; 407 DEPRECATED_FILLED_FORM_ON_START_PROVISIONAL_LOAD = 8; // unused 408 DEPRECATED_FILLED_INPUT_ELEMENTS_ON_START_PROVISIONAL_LOAD = 9; // unused 409 PROBABLE_FORM_SUBMISSION = 10; 410 CHANGE_PASSWORD_FORM_CLEARED = 11; 411 } 412 413 // The type of the event that was taken as an indication that the form has 414 // been successfully submitted. 415 optional SubmissionIndicatorEvent submission_event = 30; 416 417 // The language of the page on which this form appears. 418 optional string language = 31; 419 420 // Form-level metadata observed by the client, randomized. 421 optional AutofillRandomizedFormMetadata randomized_form_metadata = 32; 422 423 // Information about a button's title (sync with another ButtonTitle in this 424 // proto). 425 message ButtonTitle { 426 // Text showed on the button. 427 optional string title = 1; 428 429 // Describes how the button is implemented in HTML source. 430 optional ButtonTitleType type = 2; 431 } 432 // Titles of form's buttons. 433 // TODO(850606): Deprecate once randomized metadata is launched. 434 repeated ButtonTitle button_title = 36; 435 436 // Whether the fields are enclosed by a <form> tag or are unowned elements. 437 optional bool has_form_tag = 37; 438 439 // Captures whether or not this upload was a candidate for throttling. 440 optional bool was_throttleable = 38; 441} 442 443// This proto contains information about the validity of each field in an 444// autofill profile. It is used to transfer the results of running the profile 445// validation pipeline on the server side to the client via ChromeSync 446// PriorityPreferences. An identical copy of this proto is maintained in 447// the server code base. 448message ProfileValidityMap { 449 // Map from autofill type to the validity of its value in the profile. 450 // 451 // Key should be one of the enum values from ServerFieldType. Values should be 452 // from the AutofillProfile::ValidityState. Plain integers are used 453 // instead of enums because proto2 treats unknown enum values as unknown 454 // fields, which is confusing when the enums are in maps. 455 map<int32, int32> field_validity_states = 1; 456} 457 458// Map from profile GUIDs to profile validity maps for that profile. Each 459// message should contain entries for all profiles from a single user. 460message UserProfileValidityMap { 461 map<string, ProfileValidityMap> profile_validity = 1; 462} 463