1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "components/autofill/core/browser/autofill_download_manager.h"
6
7 #include <algorithm>
8 #include <tuple>
9 #include <utility>
10
11 #include "base/base64url.h"
12 #include "base/bind.h"
13 #include "base/command_line.h"
14 #include "base/location.h"
15 #include "base/logging.h"
16 #include "base/metrics/field_trial_params.h"
17 #include "base/metrics/histogram_functions.h"
18 #include "base/metrics/histogram_macros.h"
19 #include "base/numerics/ranges.h"
20 #include "base/numerics/safe_conversions.h"
21 #include "base/rand_util.h"
22 #include "base/strings/strcat.h"
23 #include "base/strings/string_number_conversions.h"
24 #include "base/strings/string_util.h"
25 #include "base/strings/stringprintf.h"
26 #include "base/threading/thread_task_runner_handle.h"
27 #include "build/build_config.h"
28 #include "components/autofill/core/browser/autofill_driver.h"
29 #include "components/autofill/core/browser/autofill_metrics.h"
30 #include "components/autofill/core/browser/form_structure.h"
31 #include "components/autofill/core/browser/logging/log_manager.h"
32 #include "components/autofill/core/browser/logging/log_protobufs.h"
33 #include "components/autofill/core/browser/proto/legacy_proto_bridge.h"
34 #include "components/autofill/core/browser/proto/server.pb.h"
35 #include "components/autofill/core/common/autofill_clock.h"
36 #include "components/autofill/core/common/autofill_features.h"
37 #include "components/autofill/core/common/autofill_internals/log_message.h"
38 #include "components/autofill/core/common/autofill_internals/logging_scope.h"
39 #include "components/autofill/core/common/autofill_prefs.h"
40 #include "components/autofill/core/common/autofill_switches.h"
41 #include "components/autofill/core/common/autofill_tick_clock.h"
42 #include "components/autofill/core/common/logging/log_buffer.h"
43 #include "components/autofill/core/common/mojom/autofill_types.mojom.h"
44 #include "components/google/core/common/google_util.h"
45 #include "components/history/core/browser/history_service.h"
46 #include "components/prefs/pref_service.h"
47 #include "components/prefs/scoped_user_pref_update.h"
48 #include "components/variations/net/variations_http_headers.h"
49 #include "net/base/load_flags.h"
50 #include "net/http/http_request_headers.h"
51 #include "net/http/http_response_headers.h"
52 #include "net/http/http_status_code.h"
53 #include "net/http/http_util.h"
54 #include "net/traffic_annotation/network_traffic_annotation.h"
55 #include "services/network/public/cpp/resource_request.h"
56 #include "services/network/public/cpp/shared_url_loader_factory.h"
57 #include "url/gurl.h"
58
59 namespace autofill {
60
61 namespace {
62
63 // The reserved identifier ranges for autofill server experiments.
64 constexpr std::pair<int, int> kAutofillExperimentRanges[] = {
65 {3312923, 3312930}, {3314208, 3314209}, {3314711, 3314712},
66 {3314445, 3314448}, {3314854, 3314883},
67 };
68
69 const size_t kMaxQueryGetSize = 1400; // 1.25 KiB
70 const size_t kAutofillDownloadManagerMaxFormCacheSize = 16;
71 const size_t kMaxFieldsPerQueryRequest = 100;
72
73 const net::BackoffEntry::Policy kAutofillBackoffPolicy = {
74 // Number of initial errors (in sequence) to ignore before applying
75 // exponential back-off rules.
76 0,
77
78 // Initial delay for exponential back-off in ms.
79 1000, // 1 second.
80
81 // Factor by which the waiting time will be multiplied.
82 2,
83
84 // Fuzzing percentage. ex: 10% will spread requests randomly
85 // between 90%-100% of the calculated time.
86 0.33, // 33%.
87
88 // Maximum amount of time we are willing to delay our request in ms.
89 30 * 1000, // 30 seconds.
90
91 // Time to keep an entry from being discarded even when it
92 // has no significant state, -1 to never discard.
93 -1,
94
95 // Don't use initial delay unless the last request was an error.
96 false,
97 };
98
99 const char kDefaultAutofillServerURL[] =
100 "https://clients1.google.com/tbproxy/af/";
101
102 // The default number of days after which to reset the registry of autofill
103 // events for which an upload has been sent.
104 constexpr base::FeatureParam<int> kAutofillUploadThrottlingPeriodInDays(
105 &features::kAutofillUploadThrottling,
106 switches::kAutofillUploadThrottlingPeriodInDays,
107 28);
108
109 // Header for API key.
110 constexpr char kGoogApiKey[] = "X-Goog-Api-Key";
111 // Header to get base64 encoded serialized proto from API for safety.
112 constexpr char kGoogEncodeResponseIfExecutable[] =
113 "X-Goog-Encode-Response-If-Executable";
114
115 constexpr char kDefaultAPIKey[] = "";
116
117 // The maximum number of attempts for a given autofill request.
118 constexpr base::FeatureParam<int> kAutofillMaxServerAttempts(
119 &features::kAutofillServerCommunication,
120 "max-attempts",
121 5);
122
123 // Returns the base URL for the autofill server.
GetAutofillServerURL()124 GURL GetAutofillServerURL() {
125 // If a valid autofill server URL is specified on the command line, then the
126 // AutofillDownlaodManager will use it, and assume that server communication
127 // is enabled.
128 const base::CommandLine& command_line =
129 *base::CommandLine::ForCurrentProcess();
130 if (command_line.HasSwitch(switches::kAutofillServerURL)) {
131 GURL url(command_line.GetSwitchValueASCII(switches::kAutofillServerURL));
132 if (url.is_valid())
133 return url;
134
135 LOG(ERROR) << "Invalid URL value for --" << switches::kAutofillServerURL
136 << ": "
137 << command_line.GetSwitchValueASCII(
138 switches::kAutofillServerURL);
139 }
140
141 // If communication is disabled, leave the autofill server URL unset.
142 if (!base::FeatureList::IsEnabled(features::kAutofillServerCommunication))
143 return GURL();
144
145 // Server communication is enabled. If there's an autofill server url param
146 // use it, otherwise use the default.
147 const std::string autofill_server_url_str =
148 base::FeatureParam<std::string>(&features::kAutofillServerCommunication,
149 switches::kAutofillServerURL,
150 kDefaultAutofillServerURL)
151 .Get();
152
153 GURL autofill_server_url(autofill_server_url_str);
154
155 if (!autofill_server_url.is_valid()) {
156 LOG(ERROR) << "Invalid URL param for "
157 << features::kAutofillServerCommunication.name << "/"
158 << switches::kAutofillServerURL << ": "
159 << autofill_server_url_str;
160 return GURL();
161 }
162
163 return autofill_server_url;
164 }
165
GetThrottleResetPeriod()166 base::TimeDelta GetThrottleResetPeriod() {
167 return base::TimeDelta::FromDays(
168 std::max(1, kAutofillUploadThrottlingPeriodInDays.Get()));
169 }
170
171 // Returns true if |id| is within |kAutofillExperimentRanges|.
IsAutofillExperimentId(int id)172 bool IsAutofillExperimentId(int id) {
173 for (const auto& range : kAutofillExperimentRanges) {
174 if (range.first <= id && id <= range.second)
175 return true;
176 }
177 return false;
178 }
179
180 // Helper to log the HTTP |response_code| and other data received for
181 // |request_type| to UMA.
LogHttpResponseData(AutofillDownloadManager::RequestType request_type,int response_code,int net_error,base::TimeDelta request_duration)182 void LogHttpResponseData(AutofillDownloadManager::RequestType request_type,
183 int response_code,
184 int net_error,
185 base::TimeDelta request_duration) {
186 int response_or_error_code = net_error;
187 if (net_error == net::OK || net_error == net::ERR_HTTP_RESPONSE_CODE_FAILURE)
188 response_or_error_code = response_code;
189
190 switch (request_type) {
191 case AutofillDownloadManager::REQUEST_QUERY:
192 base::UmaHistogramSparse("Autofill.Query.HttpResponseOrErrorCode",
193 response_or_error_code);
194 UMA_HISTOGRAM_TIMES("Autofill.Query.RequestDuration", request_duration);
195 break;
196 case AutofillDownloadManager::REQUEST_UPLOAD:
197 base::UmaHistogramSparse("Autofill.Upload.HttpResponseOrErrorCode",
198 response_or_error_code);
199 UMA_HISTOGRAM_TIMES("Autofill.Upload.RequestDuration", request_duration);
200 break;
201 default:
202 NOTREACHED();
203 }
204 }
205
206 // Helper to log, to UMA, the |num_bytes| sent for a failing instance of
207 // |request_type|.
LogFailingPayloadSize(AutofillDownloadManager::RequestType request_type,size_t num_bytes)208 void LogFailingPayloadSize(AutofillDownloadManager::RequestType request_type,
209 size_t num_bytes) {
210 switch (request_type) {
211 case AutofillDownloadManager::REQUEST_QUERY:
212 UMA_HISTOGRAM_COUNTS_100000("Autofill.Query.FailingPayloadSize",
213 num_bytes);
214 break;
215 case AutofillDownloadManager::REQUEST_UPLOAD:
216 UMA_HISTOGRAM_COUNTS_100000("Autofill.Upload.FailingPayloadSize",
217 num_bytes);
218 break;
219 default:
220 NOTREACHED();
221 }
222 }
223
224 // Helper to log, to UMA, the |delay| caused by exponential backoff.
LogExponentialBackoffDelay(AutofillDownloadManager::RequestType request_type,base::TimeDelta delay)225 void LogExponentialBackoffDelay(
226 AutofillDownloadManager::RequestType request_type,
227 base::TimeDelta delay) {
228 switch (request_type) {
229 case AutofillDownloadManager::REQUEST_QUERY:
230 UMA_HISTOGRAM_MEDIUM_TIMES("Autofill.Query.BackoffDelay", delay);
231 break;
232 case AutofillDownloadManager::REQUEST_UPLOAD:
233 UMA_HISTOGRAM_MEDIUM_TIMES("Autofill.Upload.BackoffDelay", delay);
234 break;
235 default:
236 NOTREACHED();
237 }
238 }
239
GetNetworkTrafficAnnotation(const autofill::AutofillDownloadManager::RequestType & request_type)240 net::NetworkTrafficAnnotationTag GetNetworkTrafficAnnotation(
241 const autofill::AutofillDownloadManager::RequestType& request_type) {
242 if (request_type == autofill::AutofillDownloadManager::REQUEST_QUERY) {
243 return net::DefineNetworkTrafficAnnotation("autofill_query", R"(
244 semantics {
245 sender: "Autofill"
246 description:
247 "Chromium can automatically fill in web forms. If the feature is "
248 "enabled, Chromium will send a non-identifying description of the "
249 "form to Google's servers, which will respond with the type of "
250 "data required by each of the form's fields, if known. I.e., if a "
251 "field expects to receive a name, phone number, street address, "
252 "etc."
253 trigger: "User encounters a web form."
254 data:
255 "Hashed descriptions of the form and its fields. User data is not "
256 "sent."
257 destination: GOOGLE_OWNED_SERVICE
258 }
259 policy {
260 cookies_allowed: NO
261 setting:
262 "You can enable or disable this feature via 'Enable autofill to "
263 "fill out web forms in a single click.' in Chromium's settings "
264 "under 'Passwords and forms'. The feature is enabled by default."
265 chrome_policy {
266 AutoFillEnabled {
267 policy_options {mode: MANDATORY}
268 AutoFillEnabled: false
269 }
270 }
271 })");
272 }
273
274 DCHECK_EQ(request_type, autofill::AutofillDownloadManager::REQUEST_UPLOAD);
275 return net::DefineNetworkTrafficAnnotation("autofill_upload", R"(
276 semantics {
277 sender: "Autofill"
278 description:
279 "Chromium relies on crowd-sourced field type classifications to "
280 "help it automatically fill in web forms. If the feature is "
281 "enabled, Chromium will send a non-identifying description of the "
282 "form to Google's servers along with the type of data Chromium "
283 "observed being given to the form. I.e., if you entered your first "
284 "name into a form field, Chromium will 'vote' for that form field "
285 "being a first name field."
286 trigger: "User submits a web form."
287 data:
288 "Hashed descriptions of the form and its fields along with type of "
289 "data given to each field, if recognized from the user's "
290 "profile(s). User data is not sent."
291 destination: GOOGLE_OWNED_SERVICE
292 }
293 policy {
294 cookies_allowed: NO
295 setting:
296 "You can enable or disable this feature via 'Enable autofill to "
297 "fill out web forms in a single click.' in Chromium's settings "
298 "under 'Passwords and forms'. The feature is enabled by default."
299 chrome_policy {
300 AutoFillEnabled {
301 policy_options {mode: MANDATORY}
302 AutoFillEnabled: false
303 }
304 }
305 })");
306 }
307
308 size_t CountActiveFieldsInForms(const std::vector<FormStructure*>& forms) {
309 size_t active_field_count = 0;
310 for (const auto* form : forms)
311 active_field_count += form->active_field_count();
312 return active_field_count;
313 }
314
315 const char* RequestTypeToString(AutofillDownloadManager::RequestType type) {
316 switch (type) {
317 case AutofillDownloadManager::REQUEST_QUERY:
318 return "query";
319 case AutofillDownloadManager::REQUEST_UPLOAD:
320 return "upload";
321 }
322 NOTREACHED();
323 return "";
324 }
325
326 std::ostream& operator<<(std::ostream& out,
327 const autofill::AutofillQueryContents& query) {
328 out << "client_version: " << query.client_version();
329 for (const auto& form : query.form()) {
330 out << "\nForm\n signature: " << form.signature();
331 for (const auto& field : form.field()) {
332 out << "\n Field\n signature: " << field.signature();
333 if (!field.name().empty())
334 out << "\n name: " << field.name();
335 if (!field.type().empty())
336 out << "\n type: " << field.type();
337 }
338 }
339 return out;
340 }
341
342 std::ostream& operator<<(std::ostream& out,
343 const autofill::AutofillUploadContents& upload) {
344 out << "client_version: " << upload.client_version() << "\n";
345 out << "form_signature: " << upload.form_signature() << "\n";
346 out << "data_present: " << upload.data_present() << "\n";
347 out << "submission: " << upload.submission() << "\n";
348 if (upload.action_signature())
349 out << "action_signature: " << upload.action_signature() << "\n";
350 if (upload.login_form_signature())
351 out << "login_form_signature: " << upload.login_form_signature() << "\n";
352 if (!upload.form_name().empty())
353 out << "form_name: " << upload.form_name() << "\n";
354
355 for (const auto& field : upload.field()) {
356 out << "\n Field"
357 << "\n signature: " << field.signature() << "\n autofill_type: [";
358 for (int i = 0; i < field.autofill_type_size(); ++i) {
359 if (i)
360 out << ", ";
361 out << field.autofill_type(i);
362 }
363 out << "]";
364
365 out << "\n (autofill_type, validity_states): [";
366 for (const auto& type_validities : field.autofill_type_validities()) {
367 out << "(type: " << type_validities.type() << ", validities: {";
368 for (int i = 0; i < type_validities.validity_size(); ++i) {
369 if (i)
370 out << ", ";
371 out << type_validities.validity(i);
372 }
373 out << "})";
374 }
375 out << "]\n";
376 if (!field.name().empty())
377 out << "\n name: " << field.name();
378 if (!field.autocomplete().empty())
379 out << "\n autocomplete: " << field.autocomplete();
380 if (!field.type().empty())
381 out << "\n type: " << field.type();
382 if (field.generation_type())
383 out << "\n generation_type: " << field.generation_type();
384 }
385 return out;
386 }
387
388 std::string FieldTypeToString(int type) {
389 return base::StrCat(
390 {base::NumberToString(type), std::string("/"),
391 AutofillType(static_cast<ServerFieldType>(type)).ToString()});
392 }
393
394 LogBuffer& operator<<(LogBuffer& out,
395 const autofill::AutofillUploadContents& upload) {
396 if (!out.active())
397 return out;
398 out << Tag{"div"} << Attrib{"class", "form"};
399 out << Tag{"table"};
400 out << Tr{} << "client_version:" << upload.client_version();
401 out << Tr{} << "data_present:" << upload.data_present();
402 out << Tr{} << "autofill_used:" << upload.autofill_used();
403 out << Tr{} << "submission:" << upload.submission();
404 if (upload.has_submission_event()) {
405 out << Tr{}
406 << "submission_event:" << static_cast<int>(upload.submission_event());
407 }
408 if (upload.action_signature())
409 out << Tr{} << "action_signature:" << upload.action_signature();
410 if (upload.login_form_signature())
411 out << Tr{} << "login_form_signature:" << upload.login_form_signature();
412 if (!upload.form_name().empty())
413 out << Tr{} << "form_name:" << upload.form_name();
414 if (upload.has_passwords_revealed())
415 out << Tr{} << "passwords_revealed:" << upload.passwords_revealed();
416 if (upload.has_has_form_tag())
417 out << Tr{} << "has_form_tag:" << upload.has_form_tag();
418
419 out << Tr{} << "form_signature:" << upload.form_signature();
420 for (const auto& field : upload.field()) {
421 out << Tr{} << Attrib{"style", "font-weight: bold"}
422 << "field_signature:" << field.signature();
423
424 std::vector<std::string> types_as_strings;
425 types_as_strings.reserve(field.autofill_type_size());
426 for (int type : field.autofill_type())
427 types_as_strings.emplace_back(FieldTypeToString(type));
428 out << Tr{} << "autofill_type:" << types_as_strings;
429
430 LogBuffer validities;
431 validities << Tag{"span"} << "[";
432 for (const auto& type_validities : field.autofill_type_validities()) {
433 validities << "(type: " << type_validities.type()
434 << ", validities: " << type_validities.validity() << ")";
435 }
436 validities << "]";
437 out << Tr{} << "validity_states" << std::move(validities);
438
439 if (!field.name().empty())
440 out << Tr{} << "name:" << field.name();
441 if (!field.autocomplete().empty())
442 out << Tr{} << "autocomplete:" << field.autocomplete();
443 if (!field.type().empty())
444 out << Tr{} << "type:" << field.type();
445 if (field.generation_type()) {
446 out << Tr{}
447 << "generation_type:" << static_cast<int>(field.generation_type());
448 }
449 }
450 out << CTag{"table"};
451 out << CTag{"div"};
452 return out;
453 }
454
455 // Returns true if an upload of |form| triggered by |form.submission_source()|
456 // can be throttled/suppressed. This is true if |prefs| indicates that this
457 // upload has already happened within the last update window. Updates |prefs|
458 // account for the upload for |form|.
459 bool CanThrottleUpload(const FormStructure& form,
460 base::TimeDelta throttle_reset_period,
461 PrefService* pref_service) {
462 // PasswordManager uploads are triggered via specific first occurrences and
463 // do not participate in the pref-service tracked throttling mechanism. Return
464 // false for these uploads.
465 if (!pref_service)
466 return false;
467
468 // If the upload event pref needs to be reset, clear it now.
469 base::Time now = AutofillClock::Now();
470 base::Time last_reset =
471 pref_service->GetTime(prefs::kAutofillUploadEventsLastResetTimestamp);
472 if ((now - last_reset) > throttle_reset_period) {
473 AutofillDownloadManager::ClearUploadHistory(pref_service);
474 }
475
476 // Get the key for the upload bucket and extract the current bitfield value.
477 static constexpr size_t kNumUploadBuckets = 1021;
478 std::string key = base::StringPrintf(
479 "%03X", static_cast<int>(form.form_signature() % kNumUploadBuckets));
480 auto* upload_events =
481 pref_service->GetDictionary(prefs::kAutofillUploadEvents);
482 auto* found = upload_events->FindKeyOfType(key, base::Value::Type::INTEGER);
483 int value = found ? found->GetInt() : 0;
484
485 // Calculate the mask we expect to be set for the form's upload bucket.
486 const int bit = static_cast<int>(form.submission_source());
487 DCHECK_LE(0, bit);
488 DCHECK_LT(bit, 32);
489 const int mask = (1 << bit);
490
491 // Check if this is the first upload for this event. If so, update the upload
492 // event pref to set the appropriate bit.
493 bool is_first_upload_for_event = ((value & mask) == 0);
494 if (is_first_upload_for_event) {
495 DictionaryPrefUpdate update(pref_service, prefs::kAutofillUploadEvents);
496 update->SetKey(std::move(key), base::Value(value | mask));
497 }
498
499 return !is_first_upload_for_event;
500 }
501
502 // Determines whether to use the API instead of the legacy server.
503 inline bool UseApi() {
504 return base::FeatureList::IsEnabled(features::kAutofillUseApi);
505 }
506
507 // Determines whether a HTTP request was successful based on its response code.
508 bool IsHttpSuccess(int response_code) {
509 return (response_code >= 200 && response_code < 300);
510 }
511
512 // Gets an upload payload for requests to the legacy server.
513 inline bool GetUploadPayloadForLegacy(const AutofillUploadContents& upload,
514 std::string* payload) {
515 return upload.SerializeToString(payload);
516 }
517
518 bool GetUploadPayloadForApi(const AutofillUploadContents& upload,
519 std::string* payload) {
520 AutofillUploadRequest upload_request;
521 *upload_request.mutable_upload() = upload;
522 return upload_request.SerializeToString(payload);
523 }
524
525 // Gets an API method URL given its type (query or upload), an optional
526 // resource ID, and the HTTP method to be used.
527 // Example usage:
528 // * GetAPIMethodUrl(REQUEST_QUERY, "1234", "GET") will return "/v1/pages/1234".
529 // * GetAPIMethodUrl(REQUEST_QUERY, "1234", "POST") will return "/v1/pages:get".
530 // * GetAPIMethodUrl(REQUEST_UPLOAD, "", "POST") will return "/v1/forms:vote".
531 std::string GetAPIMethodUrl(AutofillDownloadManager::RequestType type,
532 base::StringPiece resource_id,
533 base::StringPiece method) {
534 const char* api_method_url;
535 if (type == AutofillDownloadManager::REQUEST_QUERY) {
536 if (method == "POST") {
537 api_method_url = "/v1/pages:get";
538 } else {
539 api_method_url = "/v1/pages";
540 }
541 } else if (type == AutofillDownloadManager::REQUEST_UPLOAD) {
542 api_method_url = "/v1/forms:vote";
543 } else {
544 // This should not be reached, but we never know.
545 NOTREACHED() << "Request of type " << type << " is invalid";
546 return "";
547 }
548 if (resource_id.empty()) {
549 return std::string(api_method_url);
550 }
551 return base::StrCat({api_method_url, "/", resource_id});
552 }
553
554 // Gets HTTP body payload for API POST request.
555 bool GetAPIBodyPayload(const std::string& payload,
556 AutofillDownloadManager::RequestType type,
557 std::string* output_payload) {
558 // Don't do anything for payloads not related to Query.
559 if (type != AutofillDownloadManager::REQUEST_QUERY) {
560 *output_payload = payload;
561 return true;
562 }
563 // Wrap query payload in a request proto to interface with API Query method.
564 AutofillPageResourceQueryRequest request;
565 request.set_serialized_request(payload);
566 if (!request.SerializeToString(output_payload)) {
567 return false;
568 }
569 return true;
570 }
571
572 // Gets the data payload for API Query (POST and GET).
573 bool GetAPIQueryPayload(const AutofillQueryContents& query,
574 std::string* payload) {
575 std::string serialized_query;
576 if (!CreateApiRequestFromLegacyRequest(query).SerializeToString(
577 &serialized_query)) {
578 return false;
579 }
580 base::Base64UrlEncode(serialized_query,
581 base::Base64UrlEncodePolicy::INCLUDE_PADDING, payload);
582 return true;
583 }
584
585 } // namespace
586
587 struct AutofillDownloadManager::FormRequestData {
588 std::vector<std::string> form_signatures;
589 RequestType request_type;
590 std::string payload;
591 int num_attempts = 0;
592 };
593
ScopedActiveAutofillExperiments()594 ScopedActiveAutofillExperiments::ScopedActiveAutofillExperiments() {
595 AutofillDownloadManager::ResetActiveExperiments();
596 }
597
~ScopedActiveAutofillExperiments()598 ScopedActiveAutofillExperiments::~ScopedActiveAutofillExperiments() {
599 AutofillDownloadManager::ResetActiveExperiments();
600 }
601
602 std::vector<variations::VariationID>*
603 AutofillDownloadManager::active_experiments_ = nullptr;
604
AutofillDownloadManager(AutofillDriver * driver,Observer * observer,const std::string & api_key,LogManager * log_manager)605 AutofillDownloadManager::AutofillDownloadManager(AutofillDriver* driver,
606 Observer* observer,
607 const std::string& api_key,
608 LogManager* log_manager)
609 : driver_(driver),
610 observer_(observer),
611 api_key_(api_key),
612 log_manager_(log_manager),
613 autofill_server_url_(GetAutofillServerURL()),
614 throttle_reset_period_(GetThrottleResetPeriod()),
615 max_form_cache_size_(kAutofillDownloadManagerMaxFormCacheSize),
616 loader_backoff_(&kAutofillBackoffPolicy) {
617 DCHECK(observer_);
618 }
619
AutofillDownloadManager(AutofillDriver * driver,Observer * observer)620 AutofillDownloadManager::AutofillDownloadManager(AutofillDriver* driver,
621 Observer* observer)
622 : AutofillDownloadManager(driver,
623 observer,
624 kDefaultAPIKey,
625 /*log_manager=*/nullptr) {}
626
627 AutofillDownloadManager::~AutofillDownloadManager() = default;
628
StartQueryRequest(const std::vector<FormStructure * > & forms)629 bool AutofillDownloadManager::StartQueryRequest(
630 const std::vector<FormStructure*>& forms) {
631 if (!IsEnabled())
632 return false;
633
634 // Do not send the request if it contains more fields than the server can
635 // accept.
636 if (CountActiveFieldsInForms(forms) > kMaxFieldsPerQueryRequest)
637 return false;
638
639 // Encode the query for the requested forms.
640 AutofillQueryContents query;
641 FormRequestData request_data;
642 if (!FormStructure::EncodeQueryRequest(forms, &request_data.form_signatures,
643 &query)) {
644 return false;
645 }
646
647 // The set of active autofill experiments is constant for the life of the
648 // process. We initialize and statically cache it on first use. Leaked on
649 // process termination.
650 if (active_experiments_ == nullptr)
651 InitActiveExperiments();
652
653 // Attach any active autofill experiments.
654 query.mutable_experiments()->Reserve(active_experiments_->size());
655 for (int id : *active_experiments_)
656 query.mutable_experiments()->Add(id);
657
658 // Get the query request payload.
659 std::string payload;
660 bool is_payload_serialized = UseApi() ? GetAPIQueryPayload(query, &payload)
661 : query.SerializeToString(&payload);
662 if (!is_payload_serialized) {
663 return false;
664 }
665
666 request_data.request_type = AutofillDownloadManager::REQUEST_QUERY;
667 request_data.payload = std::move(payload);
668 AutofillMetrics::LogServerQueryMetric(AutofillMetrics::QUERY_SENT);
669
670 std::string query_data;
671 if (CheckCacheForQueryRequest(request_data.form_signatures, &query_data)) {
672 DVLOG(1) << "AutofillDownloadManager: query request has been retrieved "
673 << "from the cache, form signatures: "
674 << GetCombinedSignature(request_data.form_signatures);
675 observer_->OnLoadedServerPredictions(std::move(query_data),
676 request_data.form_signatures);
677 return true;
678 }
679
680 DVLOG(1) << "Sending Autofill Query Request:\n" << query;
681
682 return StartRequest(std::move(request_data));
683 }
684
StartUploadRequest(const FormStructure & form,bool form_was_autofilled,const ServerFieldTypeSet & available_field_types,const std::string & login_form_signature,bool observed_submission,PrefService * prefs)685 bool AutofillDownloadManager::StartUploadRequest(
686 const FormStructure& form,
687 bool form_was_autofilled,
688 const ServerFieldTypeSet& available_field_types,
689 const std::string& login_form_signature,
690 bool observed_submission,
691 PrefService* prefs) {
692 if (!IsEnabled())
693 return false;
694
695 bool can_throttle_upload =
696 CanThrottleUpload(form, throttle_reset_period_, prefs);
697 bool throttling_is_enabled =
698 base::FeatureList::IsEnabled(features::kAutofillUploadThrottling);
699 bool is_small_form = form.active_field_count() < 3;
700 bool allow_upload =
701 !(can_throttle_upload && (throttling_is_enabled || is_small_form));
702 AutofillMetrics::LogUploadEvent(form.submission_source(), allow_upload);
703
704 // For debugging purposes, even throttled uploads are logged. If no log
705 // manager is active, the function can exit early for throttled uploads.
706 bool needs_logging = log_manager_ && log_manager_->IsLoggingActive();
707 if (!needs_logging && !allow_upload)
708 return false;
709
710 AutofillUploadContents upload;
711 if (!form.EncodeUploadRequest(available_field_types, form_was_autofilled,
712 login_form_signature, observed_submission,
713 &upload)) {
714 return false;
715 }
716
717 // If this upload was a candidate for throttling, tag it and make sure that
718 // any throttling sensitive features are enforced.
719 if (can_throttle_upload) {
720 upload.set_was_throttleable(true);
721
722 // Don't send randomized metadata.
723 upload.clear_randomized_form_metadata();
724 for (auto& f : *upload.mutable_field()) {
725 f.clear_randomized_field_metadata();
726 }
727 }
728
729 // Get the POST payload that contains upload data.
730 std::string payload;
731 bool is_payload = UseApi() ? GetUploadPayloadForApi(upload, &payload)
732 : GetUploadPayloadForLegacy(upload, &payload);
733 // Indicate that we could not serialize upload in the payload.
734 if (!is_payload) {
735 return false;
736 }
737
738 if (form.upload_required() == UPLOAD_NOT_REQUIRED) {
739 // If we ever need notification that upload was skipped, add it here.
740 return false;
741 }
742
743 FormRequestData request_data;
744 request_data.form_signatures.push_back(form.FormSignatureAsStr());
745 request_data.request_type = AutofillDownloadManager::REQUEST_UPLOAD;
746 request_data.payload = std::move(payload);
747
748 DVLOG(1) << "Sending Autofill Upload Request:\n" << upload;
749 if (log_manager_) {
750 log_manager_->Log() << LoggingScope::kAutofillServer
751 << LogMessage::kSendAutofillUpload << Br{}
752 << "Allow upload?: " << allow_upload << Br{}
753 << "Data: " << Br{} << upload;
754 }
755
756 if (!allow_upload)
757 return false;
758
759 return StartRequest(std::move(request_data));
760 }
761
ClearUploadHistory(PrefService * pref_service)762 void AutofillDownloadManager::ClearUploadHistory(PrefService* pref_service) {
763 if (pref_service) {
764 pref_service->ClearPref(prefs::kAutofillUploadEvents);
765 pref_service->SetTime(prefs::kAutofillUploadEventsLastResetTimestamp,
766 AutofillClock::Now());
767 }
768 }
769
GetPayloadLength(base::StringPiece payload) const770 size_t AutofillDownloadManager::GetPayloadLength(
771 base::StringPiece payload) const {
772 return payload.length();
773 }
774
GetRequestURLAndMethod(const FormRequestData & request_data) const775 std::tuple<GURL, std::string> AutofillDownloadManager::GetRequestURLAndMethod(
776 const FormRequestData& request_data) const {
777 std::string method("POST");
778 std::string query_str;
779
780 if (request_data.request_type == AutofillDownloadManager::REQUEST_QUERY) {
781 if (request_data.payload.length() <= kMaxQueryGetSize &&
782 base::FeatureList::IsEnabled(features::kAutofillCacheQueryResponses)) {
783 method = "GET";
784 std::string base64_payload;
785 base::Base64UrlEncode(request_data.payload,
786 base::Base64UrlEncodePolicy::INCLUDE_PADDING,
787 &base64_payload);
788 base::StrAppend(&query_str, {"q=", base64_payload});
789 }
790 UMA_HISTOGRAM_BOOLEAN("Autofill.Query.Method", (method == "GET") ? 0 : 1);
791 }
792
793 GURL::Replacements replacements;
794 replacements.SetQueryStr(query_str);
795
796 GURL url = autofill_server_url_
797 .Resolve(RequestTypeToString(request_data.request_type))
798 .ReplaceComponents(replacements);
799 return std::make_tuple(std::move(url), std::move(method));
800 }
801
802 std::tuple<GURL, std::string>
GetRequestURLAndMethodForApi(const FormRequestData & request_data) const803 AutofillDownloadManager::GetRequestURLAndMethodForApi(
804 const FormRequestData& request_data) const {
805 // ID of the resource to add to the API request URL. Nothing will be added if
806 // |resource_id| is empty.
807 std::string resource_id;
808 std::string method = "POST";
809
810 if (request_data.request_type == AutofillDownloadManager::REQUEST_QUERY) {
811 if (GetPayloadLength(request_data.payload) <= kMaxAPIQueryGetSize) {
812 resource_id = request_data.payload;
813 method = "GET";
814 UMA_HISTOGRAM_BOOLEAN("Autofill.Query.ApiUrlIsTooLong", false);
815 } else {
816 UMA_HISTOGRAM_BOOLEAN("Autofill.Query.ApiUrlIsTooLong", true);
817 }
818 UMA_HISTOGRAM_BOOLEAN("Autofill.Query.Method", (method == "GET") ? 0 : 1);
819 }
820
821 // Make the canonical URL to query the API, e.g.,
822 // https://autofill.googleapis.com/v1/forms/1234?alt=proto.
823 GURL url = autofill_server_url_.Resolve(
824 GetAPIMethodUrl(request_data.request_type, resource_id, method));
825
826 // Add the query parameter to set the response format to a serialized proto.
827 url = net::AppendQueryParameter(url, "alt", "proto");
828
829 return std::make_tuple(std::move(url), std::move(method));
830 }
831
StartRequest(FormRequestData request_data)832 bool AutofillDownloadManager::StartRequest(FormRequestData request_data) {
833 scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory =
834 driver_->GetURLLoaderFactory();
835 DCHECK(url_loader_factory);
836
837 // Get the URL and method to use for this request.
838 std::string method;
839 GURL request_url;
840 std::tie(request_url, method) =
841 UseApi() ? GetRequestURLAndMethodForApi(request_data)
842 : GetRequestURLAndMethod(request_data);
843
844 // Track the URL length for GET queries because the URL length can be in the
845 // thousands when rich metadata is enabled.
846 if (request_data.request_type == AutofillDownloadManager::REQUEST_QUERY &&
847 method == "GET") {
848 UMA_HISTOGRAM_COUNTS_100000("Autofill.Query.GetUrlLength",
849 request_url.spec().length());
850 }
851
852 auto resource_request = std::make_unique<network::ResourceRequest>();
853 resource_request->url = request_url;
854 resource_request->credentials_mode = network::mojom::CredentialsMode::kOmit;
855 resource_request->method = method;
856
857 // On iOS we have a single, shared URLLoaderFactory provided by BrowserState.
858 // As it is shared, it is not trusted and we cannot assign trusted_params
859 // to the network request.
860 #if !defined(OS_IOS)
861 resource_request->trusted_params = network::ResourceRequest::TrustedParams();
862 resource_request->trusted_params->network_isolation_key =
863 driver_->NetworkIsolationKey();
864 #endif
865
866 // Add Chrome experiment state to the request headers.
867 variations::AppendVariationsHeaderUnknownSignedIn(
868 request_url,
869 driver_->IsIncognito() ? variations::InIncognito::kYes
870 : variations::InIncognito::kNo,
871 resource_request.get());
872
873 // Set headers specific to the API if using it.
874 if (UseApi())
875 // Encode response serialized proto in base64 for safety.
876 resource_request->headers.SetHeader(kGoogEncodeResponseIfExecutable,
877 "base64");
878
879 // Put API key in request's header if a key exists, and the endpoint is
880 // trusted by Google.
881 if (!api_key_.empty() && request_url.SchemeIs(url::kHttpsScheme) &&
882 google_util::IsGoogleAssociatedDomainUrl(request_url)) {
883 resource_request->headers.SetHeader(kGoogApiKey, api_key_);
884 }
885
886 auto simple_loader = network::SimpleURLLoader::Create(
887 std::move(resource_request),
888 GetNetworkTrafficAnnotation(request_data.request_type));
889
890 // This allows reading the error message within the API response when status
891 // is not 200 (e.g., 400). Otherwise, URL loader will not give any content in
892 // the response when there is a failure, which makes debugging hard.
893 simple_loader->SetAllowHttpErrorResults(true);
894
895 if (method == "POST") {
896 const std::string content_type =
897 UseApi() ? "application/x-protobuf" : "text/proto";
898 std::string payload;
899 if (UseApi()) {
900 if (!GetAPIBodyPayload(request_data.payload, request_data.request_type,
901 &payload)) {
902 return false;
903 }
904 } else {
905 payload = request_data.payload;
906 }
907 // Attach payload data and add data format header.
908 simple_loader->AttachStringForUpload(payload, content_type);
909 }
910
911 // Transfer ownership of the loader into url_loaders_. Temporarily hang
912 // onto the raw pointer to use it as a key and to kick off the request;
913 // transferring ownership (std::move) invalidates the |simple_loader|
914 // variable.
915 auto* raw_simple_loader = simple_loader.get();
916 url_loaders_.push_back(std::move(simple_loader));
917 raw_simple_loader->DownloadToStringOfUnboundedSizeUntilCrashAndDie(
918 url_loader_factory.get(),
919 base::BindOnce(&AutofillDownloadManager::OnSimpleLoaderComplete,
920 base::Unretained(this), std::move(--url_loaders_.end()),
921 std::move(request_data), AutofillTickClock::NowTicks()));
922 return true;
923 }
924
CacheQueryRequest(const std::vector<std::string> & forms_in_query,const std::string & query_data)925 void AutofillDownloadManager::CacheQueryRequest(
926 const std::vector<std::string>& forms_in_query,
927 const std::string& query_data) {
928 std::string signature = GetCombinedSignature(forms_in_query);
929 for (auto it = cached_forms_.begin(); it != cached_forms_.end(); ++it) {
930 if (it->first == signature) {
931 // We hit the cache, move to the first position and return.
932 std::pair<std::string, std::string> data = *it;
933 cached_forms_.erase(it);
934 cached_forms_.push_front(data);
935 return;
936 }
937 }
938 std::pair<std::string, std::string> data;
939 data.first = signature;
940 data.second = query_data;
941 cached_forms_.push_front(data);
942 while (cached_forms_.size() > max_form_cache_size_)
943 cached_forms_.pop_back();
944 }
945
CheckCacheForQueryRequest(const std::vector<std::string> & forms_in_query,std::string * query_data) const946 bool AutofillDownloadManager::CheckCacheForQueryRequest(
947 const std::vector<std::string>& forms_in_query,
948 std::string* query_data) const {
949 std::string signature = GetCombinedSignature(forms_in_query);
950 for (const auto& it : cached_forms_) {
951 if (it.first == signature) {
952 // We hit the cache, fill the data and return.
953 *query_data = it.second;
954 return true;
955 }
956 }
957 return false;
958 }
959
GetCombinedSignature(const std::vector<std::string> & forms_in_query) const960 std::string AutofillDownloadManager::GetCombinedSignature(
961 const std::vector<std::string>& forms_in_query) const {
962 size_t total_size = forms_in_query.size();
963 for (size_t i = 0; i < forms_in_query.size(); ++i)
964 total_size += forms_in_query[i].length();
965 std::string signature;
966
967 signature.reserve(total_size);
968
969 for (size_t i = 0; i < forms_in_query.size(); ++i) {
970 if (i)
971 signature.append(",");
972 signature.append(forms_in_query[i]);
973 }
974 return signature;
975 }
976
977 // static
GetMaxServerAttempts()978 int AutofillDownloadManager::GetMaxServerAttempts() {
979 // This value is constant for the life of the browser, so we cache it
980 // statically on first use to avoid re-parsing the param on each retry
981 // opportunity.
982 static const int max_attempts =
983 base::ClampToRange(kAutofillMaxServerAttempts.Get(), 1, 20);
984 return max_attempts;
985 }
986
OnSimpleLoaderComplete(std::list<std::unique_ptr<network::SimpleURLLoader>>::iterator it,FormRequestData request_data,base::TimeTicks request_start,std::unique_ptr<std::string> response_body)987 void AutofillDownloadManager::OnSimpleLoaderComplete(
988 std::list<std::unique_ptr<network::SimpleURLLoader>>::iterator it,
989 FormRequestData request_data,
990 base::TimeTicks request_start,
991 std::unique_ptr<std::string> response_body) {
992 // Move the loader out of the active loaders list.
993 std::unique_ptr<network::SimpleURLLoader> simple_loader = std::move(*it);
994 url_loaders_.erase(it);
995
996 CHECK(request_data.form_signatures.size());
997 int response_code = -1; // Invalid response code.
998 if (simple_loader->ResponseInfo() && simple_loader->ResponseInfo()->headers) {
999 response_code = simple_loader->ResponseInfo()->headers->response_code();
1000 }
1001
1002 // We define success as getting 2XX response code and having a response body.
1003 // Even if the server does not fill the response body when responding, the
1004 // corresponding response string will be at least instantiated and empty.
1005 // Having the response body a nullptr probably reflects a problem.
1006 const bool success =
1007 IsHttpSuccess(response_code) && (response_body != nullptr);
1008 loader_backoff_.InformOfRequest(success);
1009
1010 LogHttpResponseData(request_data.request_type, response_code,
1011 simple_loader->NetError(),
1012 AutofillTickClock::NowTicks() - request_start);
1013
1014 // Handle error if there is and return.
1015 if (!success) {
1016 std::string error_message =
1017 (response_body != nullptr) ? *response_body : "";
1018 DVLOG(1) << "AutofillDownloadManager: "
1019 << RequestTypeToString(request_data.request_type)
1020 << " request has failed with net error "
1021 << simple_loader->NetError() << " and HTTP response code "
1022 << response_code << " and error message from the server "
1023 << error_message;
1024
1025 observer_->OnServerRequestError(request_data.form_signatures[0],
1026 request_data.request_type, response_code);
1027
1028 LogFailingPayloadSize(request_data.request_type,
1029 request_data.payload.length());
1030
1031 // If the failure was a client error don't retry.
1032 if (response_code >= 400 && response_code <= 499)
1033 return;
1034
1035 // If we've exhausted the maximum number of attempts, don't retry.
1036 if (++request_data.num_attempts >= GetMaxServerAttempts())
1037 return;
1038
1039 base::TimeDelta backoff = loader_backoff_.GetTimeUntilRelease();
1040 LogExponentialBackoffDelay(request_data.request_type, backoff);
1041
1042 // Reschedule with the appropriate delay, ignoring return value because
1043 // payload is already well formed.
1044 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
1045 FROM_HERE,
1046 base::BindOnce(
1047 base::IgnoreResult(&AutofillDownloadManager::StartRequest),
1048 weak_factory_.GetWeakPtr(), std::move(request_data)),
1049 backoff);
1050 return;
1051 }
1052
1053 if (request_data.request_type == AutofillDownloadManager::REQUEST_QUERY) {
1054 CacheQueryRequest(request_data.form_signatures, *response_body);
1055 UMA_HISTOGRAM_BOOLEAN("Autofill.Query.WasInCache",
1056 simple_loader->LoadedFromCache());
1057 observer_->OnLoadedServerPredictions(std::move(*response_body),
1058 request_data.form_signatures);
1059 return;
1060 }
1061
1062 DCHECK_EQ(request_data.request_type, AutofillDownloadManager::REQUEST_UPLOAD);
1063 DVLOG(1) << "AutofillDownloadManager: upload request has succeeded.";
1064
1065 observer_->OnUploadedPossibleFieldTypes();
1066 }
1067
InitActiveExperiments()1068 void AutofillDownloadManager::InitActiveExperiments() {
1069 auto* variations_http_header_provider =
1070 variations::VariationsHttpHeaderProvider::GetInstance();
1071 DCHECK(variations_http_header_provider != nullptr);
1072
1073 delete active_experiments_;
1074 active_experiments_ = new std::vector<variations::VariationID>(
1075 variations_http_header_provider->GetVariationsVector(
1076 variations::GOOGLE_WEB_PROPERTIES_TRIGGER));
1077 base::EraseIf(*active_experiments_, [](variations::VariationID id) {
1078 return !IsAutofillExperimentId(id);
1079 });
1080 std::sort(active_experiments_->begin(), active_experiments_->end());
1081 }
1082
1083 // static
ResetActiveExperiments()1084 void AutofillDownloadManager::ResetActiveExperiments() {
1085 delete active_experiments_;
1086 active_experiments_ = nullptr;
1087 }
1088
1089 } // namespace autofill
1090