tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

login-storage-api.rst (7159B)

      1 GeckoView Login Storage API
      2 ===========================
      3 
      4 Eugen Sawin <esawin@mozilla.com>
      5 
      6 December 20th, 2019
      7 
      8 Motivation
      9 ----------
     10 
     11 The current GV Autofill API provides all the essential callbacks and meta
     12 information for the implementation of autofill/login app support. It also
     13 manages the fallback to the Android ``AutofillManager``, which delegates
     14 requests to the system-wide autofill service set by the user.
     15 
     16 However, the current GV Autofill API does not leverage the complete range of
     17 Gecko heuristics that handle many autofill/login scenarios.
     18 
     19 The GV Login Storage API is meant to bridge that gap and provide an
     20 intermediate solution for Fenix to enable feature-rich autofill/login support
     21 without duplicating Gecko mechanics. As a storage-level API, it would also
     22 enable easy integration with the existing Firefox Sync AC.
     23 
     24 API Proposal A (deprecated)
     25 ---------------------------
     26 
     27 Unified Login Storage API: session delegate
     28 
     29 .. code:: java
     30 
     31  class LoginStorage {
     32      class Login {
     33          String guid;
     34          // @Fenix: currently called `hostname` in AsyncLoginsStorage.
     35          String origin;
     36          // @Fenix: currently called `formSubmitURL` in AsyncLoginsStorage
     37          String formActionOrigin;
     38          String httpRealm;
     39          String username;
     40          String password;
     41      }
     42 
     43      class Hint {
     44          // @Fenix: Automatically save the login and indicate this to the
     45          // user.
     46          int GENERATED;
     47          // @Fenix: Don’t prompt to save but allow the user to open UI to
     48          // save if they really want.
     49          int PRIVATE_MODE;
     50          // The data looks like it may be some other data (e.g. CC) entered
     51          // in a password field.
     52          // @Fenix: Don’t prompt to save but allow the user to open UI to
     53          // save if they want (e.g. in case the CC number is actually the
     54          // username for a credit card account)
     55          int LOW_CONFIDENCE;
     56          // TBD
     57      }
     58 
     59      interface Delegate {
     60          // Notify that the given login has been used for login.
     61          // @Fenix: call AsyncLoginsStorage.touch(login.guid).
     62          void onLoginUsed(Login login);
     63 
     64          // Request logins for the given domain.
     65          // @Fenix: return AsyncLoginsStorage.getByHostname(domain).
     66          GeckoResult<Login[]> onLoginRequest(String domain);
     67 
     68          // Request to save or update the given login.
     69          // The hint should help determining the appropriate user prompting
     70          // behavior.
     71          // @Fenix: Use the API from application-services/issues/1983 to
     72          // determine whether to show a Save or Update button on the
     73          // doorhanger, taking into account un/pw edits in the doorhanger.
     74          // When the user confirms the save/update,
     75          void onLoginSave(Login login, int hint);
     76 
     77          // TBD (next API iteration): handle autocomplete selection.
     78          // GeckoResult<Login> onLoginSelect(Login[] logins);
     79      }
     80  }
     81 
     82 Extension of ``GeckoSession``
     83 
     84 .. code:: java
     85 
     86  // Extending existing session class.
     87  class GeckoSession {
     88      // Set the login storage delegate for this session.
     89      void setLoginStorageDelegate(LoginStorage.Delegate delegate);
     90 
     91      LoginStorage.Delegate getLoginStorageDelegate();
     92  }
     93 
     94 API Proposal B
     95 --------------
     96 
     97 Split Login Storage API: runtime storage delegate / session prompts
     98 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     99 
    100 Split storing and prompting. Fetching and saving of logins is handled by the
    101 runtime delegate, prompting for saving and (in future) autocompletion is
    102 handled by the prompt delegate.
    103 
    104 .. code:: java
    105 
    106  class LoginStorage {
    107      class Login {
    108          String guid;
    109          // @Fenix: currently called `hostname` in AsyncLoginsStorage.
    110          String origin;
    111          // @Fenix: currently called `formSubmitURL` in AsyncLoginsStorage
    112          String formActionOrigin;
    113          String httpRealm;
    114          String username;
    115          String password;
    116      }
    117 
    118      interface Delegate {
    119          // v2
    120          // Notify that the given login has been used for login.
    121          // @Fenix: call AsyncLoginsStorage.touch(login.guid).
    122          void onLoginUsed(Login login);
    123 
    124          // Request logins for the given domain.
    125          // @Fenix: return AsyncLoginsStorage.getByHostname(domain).
    126          GeckoResult<Login[]> onLoginFetch(String domain);
    127 
    128          // Request to save or update the given login.
    129          void onLoginSave(Login login);
    130      }
    131  }
    132 
    133 Extension of ``GeckoRuntime``
    134 
    135 .. code:: java
    136 
    137  // Extending existing runtime class.
    138  class GeckoRuntime {
    139      // Set the login storage delegate for this runtime.
    140      void setLoginStorageDelegate(LoginStorage.Delegate delegate);
    141  }
    142 
    143 Extension of ``GeckoSession.PromptDelegate``
    144 
    145 .. code:: java
    146 
    147  // Extending existing prompt delegate.
    148  class GeckoSession {
    149      interface PromptDelegate {
    150          class LoginStoragePrompt extends BasePrompt {
    151              class Type {
    152                  int SAVE;
    153                  // TBD: autocomplete selection.
    154                  // int SELECT;
    155              }
    156 
    157              class Hint {
    158                  // v2
    159                  // @Fenix: Automatically save the login and indicate this
    160                  // to the user.
    161                  int GENERATED;
    162                  // @Fenix: Don’t prompt to save but allow the user to open
    163                  // UI to save if they really want.
    164                  int PRIVATE_MODE;
    165                  // The data looks like it may be some other data (e.g. CC)
    166                  // entered in a password field
    167                  // @Fenix: Don’t prompt to save but allow the user to open
    168                  // UI to save if they want (e.g. in case the CC number is
    169                  // actually the username for a credit card account)
    170                  int LOW_CONFIDENCE;
    171                  // TBD
    172              }
    173 
    174              // Type
    175              int type;
    176 
    177              // Hint
    178              // The hint should help determining the appropriate user
    179              // prompting behavior.
    180              // @Fenix: Use the API from application-services/issues/1983 to
    181              // determine whether to show a Save or Update button on the
    182              // doorhanger, taking into account un/pw edits in the
    183              // doorhanger. When the user confirms the save/update.
    184              int hint;
    185 
    186              // For SAVE, it will hold the login to be stored or updated.
    187              // For SELECT, it will hold the logins for the autocomplete
    188              // selection.
    189              Login[] logins;
    190 
    191              // Confirm SAVE prompt: the login would include a user’s edits
    192              // to what will be saved.
    193              // v2
    194              // Confirm SELECT (autocomplete) prompt by providing the
    195              // selected login.
    196              PromptResponse confirm(Login login);
    197 
    198              // Dismiss request.
    199              PromptResponse dismiss();
    200          }
    201 
    202          GeckoResult<PromptResponse> onLoginStoragePrompt(
    203              GeckoSession session,
    204              LoginStoragePrompt prompt
    205          );
    206      }
    207  }