blob: 741932a26366297eaf1414744b8aa781b41b0a5a [file] [log] [blame]
// Copyright 2016 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
syntax = "proto2";
option optimize_for = LITE_RUNTIME;
package autofill;
import "password_requirements.proto";
// The message is sent when a client needs to autofill forms on web pages and
// asks the server about known field types.
// Next available id: 11
message AutofillQueryContents {
required string client_version = 1;
repeated group Form = 2 {
required fixed64 signature = 3;
repeated group Field = 4 {
required fixed32 signature = 5;
optional string name = 8;
optional string type = 9; // Control type.
}
}
}
// This message is the result of an Autofill query. It holds the field type
// information.
// Next available id: 10
message AutofillQueryResponseContents {
optional bool upload_required = 1;
repeated group Field = 2 {
required fixed32 overall_type_prediction = 3;
// Detailed list of all possible predictions (including
// |overall_type_prediction| as the first item).
message FieldPrediction {
// The predicted field type.
optional fixed32 type = 1;
// True if the serverside classification believes that the field
// may be pre-filled with a placeholder in the value attribute.
optional bool may_use_prefilled_placeholder = 2;
}
repeated FieldPrediction predictions = 7;
// For fields of type NEW_PASSWORD and ACCOUNT_CREATION_PASSWORD, this may
// specify requirements for the generation of passwords.
optional PasswordRequirementsSpec password_requirements = 9;
}
}
// This message contains a randomized encoding of a string, where each bit
// in the encoded string is randomly sent as either the true value seen by
// the client, or random noise. The mapping of specific bits in the encoded
// string back to bits in the original string is specified by the EncodingType.
message AutofillRandomizedValue {
enum EncodingType {
// Reserved default value. Should never be sent over the wire.
UNSPECIFIED_ENCODING_TYPE = -1;
// This string encodes only one bit, bit N, for each byte.
BIT_0 = 0;
BIT_1 = 1;
BIT_2 = 2;
BIT_3 = 3;
BIT_4 = 4;
BIT_5 = 5;
BIT_6 = 6;
BIT_7 = 7;
// For each byte, the encoded value contains even or odd bits only.
EVEN_BITS = 8;
ODD_BITS = 9;
// The encoded value contains all of the bits.
ALL_BITS = 10;
}
// Selector denoting the source bits to which the encoded bits correspond.
optional EncodingType encoding_type = 1 [default = UNSPECIFIED_ENCODING_TYPE];
// The encoded bits. Only the bits denoted by |encoding_type| are included in
// |encoded_bits|.
//
// BIT_K encodings:
// each randomized bit i in |encoded_bits| corresponds to bit k of the byte
// at the corresponsding offset i of the original metadata value, up to
// i=64 (8 bytes).
//
// EVEN_BITS encoding:
// each randomized bit i in |encoded_bits| corresponds to bit 2*i of the
// original metadata value, up to i=256 (32 bytes).
//
// ODD_BITS encoding:
// each randomized bit i in |encoded_bits| corresponds to bit 2*i+1 of the
// original metadata value, up to i=256 (32 bytes).
//
// ALL_BITS encding:
// each bit i in |encoded_bits| corresponds to bit i of the original
// metadata value, up to i=512 (64 bytes).
//
// The encoded data is generally not user data, however, it is possible that
// user visible metadata (like the Label for an input field) could be
// personalized and thus contains user data (possibly PII). For the ALL_BITS
// encoding, each randomized byte has a 10% probability of being encoded 1:1
// as the true byte seen by the client, even if some of those bits were
// transmitted as noise. For all of the other encodings, the encoded bits
// does not encode any full bytes.
optional bytes encoded_bits = 2;
}
// The collection of autofill field metadata to be sent using randomization.
message AutofillRandomizedFormMetadata {
// Form element id. Example: <form id="XXXXXXXX">
optional AutofillRandomizedValue id = 1;
// Form element name. Example: <form name="XXXXXXXX">
optional AutofillRandomizedValue name = 2;
// Form element action. Example: <form action="XXXXXXXX">
optional AutofillRandomizedValue action = 3;
}
// The collection of autofill field metadata to be sent using randomization.
message AutofillRandomizedFieldMetadata {
// Input element id. Example: <input id="XXXXXXXX">
optional AutofillRandomizedValue id = 1;
// Input element name. Example: <input name="XXXXXXXX">
optional AutofillRandomizedValue name = 2;
// Input element type. Example: <input type="XXXXXXXX">
optional AutofillRandomizedValue type = 3;
// Input field label value seen by the user, either explicitly annotated in
// the DOM or inferred by the client.
//
// The value encountered by the client may be personalized (for example:
// "Please enter the password for foo@bar.net"). The system will learn the
// common/static prefix and determine that the personalized substring is
// noise. That said, for a given upload using the ALL_BITS encoding, each
// byte has a 10% probability or matching the original plaintext byte and
// a 1 in 10^m chance of the full m-character string being uploaded as
// plaintext. The other encodings only send partial bytes.
//
// Example: <label for="id">XXXXXXX</label>
optional AutofillRandomizedValue label = 4;
// Input field label value exposed to the user via ARIA.
// Example 1: <input aria-label="XXXXXX>
// Example 2: <div id="foo">XXXXXXX</div>
// <input aria-labelledby="foo">
optional AutofillRandomizedValue aria_label = 5;
// Input field description exposed to the user via ARIA.
// Example:
// <div id="foo">XXXXXXX</div>
// <input aria-describedby="foo">
optional AutofillRandomizedValue aria_description = 6;
// CSS class for the input element.
// Example: <input class="XXXXXXXX">
optional AutofillRandomizedValue css_class = 7;
// Placeholder text for the input element.
// Example: <input placeholder="XXXXXXXX">
optional AutofillRandomizedValue placeholder = 8;
// Hash of the initial value of the field. We want to learn if the initial
// value of this field is personalized to the user (we will learn that the
// value is noise) or if it is a placeholder in disguise (we will learn a
// constant hash).
//
// Example: <input value="VVVVVVV">
// XXXXXXXX = hash("VVVVVVV"")
optional AutofillRandomizedValue initial_value_hash = 9;
}
// This message contains information about the field types in a single form.
// It is sent by the toolbar to contribute to the field type statistics.
// Next available id: 34
message AutofillUploadContents {
required string client_version = 1;
required fixed64 form_signature = 2;
// True if the autofill feature was used to fill this form, false otherwise.
required bool autofill_used = 3;
// A string representing a bit array of what personal information items
// the user has entered in the autofill settings dialog.
// The corresponding bit is set if the user has that particular
// item entered and is not set otherwise.
required string data_present = 4;
// List of the fields in the form and their types.
repeated group Field = 5 {
// Field identification inside the current form.
required fixed32 signature = 6;
// Type of the field, e.g. what type of personal information did the user
// enter in that field before form submission. There is a predefined
// enum of types located at
// components/autofill/core/browser/field_types.h
// AutoFillFieldType
repeated fixed32 autofill_type = 7;
// The value of the name attribute on the field, if present. Otherwise, the
// value of the id attribute. See HTMLFormControlElement::nameForAutofill.
// TODO(850606): Deprecate once randomized metadata is launched.
optional string name = 8;
// The value of the autocomplete attribute on the field, if present.
// TODO(850606): Deprecate once randomized metadata is launched.
optional string autocomplete = 9;
// The type of input control for this field (e.g. text, textarea, email).
// TODO(850606): Deprecate once randomized metadata is launched.
optional string type = 10;
// The field-level metadata associated with this field, randomized.
optional AutofillRandomizedFieldMetadata randomized_field_metadata = 33;
enum PasswordGenerationType {
NO_GENERATION = 0;
AUTOMATICALLY_TRIGGERED_GENERATION_ON_SIGN_UP_FORM = 1;
AUTOMATICALLY_TRIGGERED_GENERATION_ON_CHANGE_PASSWORD_FORM = 2;
MANUALLY_TRIGGERED_GENERATION_ON_SIGN_UP_FORM = 3;
MANUALLY_TRIGGERED_GENERATION_ON_CHANGE_PASSWORD_FORM = 4;
IGNORED_GENERATION_POPUP = 5;
}
// The type of password generation, if it happened.
optional PasswordGenerationType generation_type = 17;
// The value of the class attribute on the field, if present.
// TODO(850606): Deprecate once randomized metadata is launched.
optional string css_classes = 19;
// The properties mask (i.e. whether the field was autofilled, user
// modified, etc.) See FieldPropertiesFlags.
optional uint32 properties_mask = 20;
// The value of the id attribute, if it differs from the name attribute.
// Otherwise, this field is absent.
// TODO(850606): Deprecate once randomized metadata is launched.
optional string id = 21;
// True iff the user changed generated password. If there was no generation,
// the field is absent.
optional bool generated_password_changed = 22;
enum VoteType {
NO_INFORMATION = 0;
// A credential saved on one form (typically a signup form) was used on a
// login form. The vote applies to the first (signup) form.
CREDENTIALS_REUSED = 1;
// When reusing a credential, the username value is not the saved
// username, but another value, which appeared on the form where we saved.
// The correct field is voted for.
USERNAME_OVERWRITTEN = 2;
// In the save prompt, the user corrected the username value to another
// value from the form. The new field is voted for.
USERNAME_EDITED = 3;
// The username field was detected by the base heuristic (take the last
// non-password field before the first password field). The value is not
// used at this point.
BASE_HEURISTIC = 4;
// The username field was detected by HTML-based detector. The value is
// not used at this point.
HTML_CLASSIFIER = 5;
// A saved credential was used for the first time on a submitted form. The
// vote applies to the form being submitted.
FIRST_USE = 6;
}
// The type of password-related vote. If |autofill_type| is not a USERNAME
// or any PASSWORD vote, then the field is absent. This field describes the
// context of the vote.
optional VoteType vote_type = 23;
message AutofillTypeValiditiesPair {
required fixed32 type = 1;
repeated fixed32 validity = 2;
}
repeated AutofillTypeValiditiesPair autofill_type_validities = 24;
}
// Signature of the form action host (e.g. Hash64Bit("example.com")).
optional fixed64 action_signature = 13;
// Signature of the form which is used for password generation debugging.
// Currently is used when password generated on a password field of a
// registration form is used on a password field of a login form.
optional fixed64 login_form_signature = 14;
// Whether a form submission event was observed.
optional bool submission = 15;
// The form name.
optional string form_name = 16;
// True iff the the non-obfuscated password values were shown to the user.
optional bool passwords_revealed = 24;
// The section of noisified data about password.
// Upload only one of character class attributes (|password_has_*|). Noisified
// length is always uploaded.
// Upload only when a password is saved.
// Used to adjust the password generator's settings to site's requirements.
// Whether the password has any lowercase letter.
optional bool password_has_lowercase_letter = 25;
// Whether the password has any uppercase letter.
optional bool password_has_uppercase_letter = 26;
// Whether the password has any digit.
optional bool password_has_numeric = 27;
// Whether the password has any special symbol.
optional bool password_has_special_symbol = 28;
// Noisifed password length.
optional uint32 password_length = 29;
// The end of the section of password attributes.
// Event observed by the password manager which indicated that the form was
// successfully submitted. Corresponds to
// |PasswordForm::SubmissionIndicatorEvent|.
enum SubmissionIndicatorEvent {
NONE = 0;
HTML_FORM_SUBMISSION = 1;
SAME_DOCUMENT_NAVIGATION = 2;
XHR_SUCCEEDED = 3;
FRAME_DETACHED = 4;
DEPRECATED_MANUAL_SAVE = 5; // obsolete
DOM_MUTATION_AFTER_XHR = 6;
PROVISIONALLY_SAVED_FORM_ON_START_PROVISIONAL_LOAD = 7;
DEPRECATED_FILLED_FORM_ON_START_PROVISIONAL_LOAD = 8; // unused
DEPRECATED_FILLED_INPUT_ELEMENTS_ON_START_PROVISIONAL_LOAD = 9; // unused
}
// The type of the event that was taken as an indication that the form has
// been successfully submitted.
optional SubmissionIndicatorEvent submission_event = 30;
// The language of the page on which this form appears.
optional string language = 31;
// Form-level metadata observed by the client, randomized.
optional AutofillRandomizedFormMetadata randomized_form_metadata = 32;
}
// This proto contains information about the validity of each field in an
// autofill profile. It is used to transfer the results of running the profile
// validation pipeline on the server side to the client via ChromeSync
// PriorityPreferences. An identical copy of this proto is maintained in
// the server code base.
message ProfileValidityMap {
// Map from autofill type to the validity of its value in the profile.
//
// Key should be one of the enum values from ServerFieldType. Values should be
// from the AutofillProfile::ValidityState. Plain integers are used
// instead of enums because proto2 treats unknown enum values as unknown
// fields, which is confusing when the enums are in maps.
map<fixed32, fixed32> field_validity_states = 1;
}
// Map from profile GUIDs to profile validity maps for that profile. Each
// message should contain entries for all profiles from a single user.
message UserProfileValidityMap {
map<string, ProfileValidityMap> profile_validity = 1;
}