Passwords
This guide describes how to save, update, and manage passwords the user enters in a new form online.
Overview
Chromium has a built-in functionality that allows remembering the entered credentials when the user submits a new form containing username and password. The library will ask you if you’d like to save the credentials.
If you save them, the next time you load the form, the library will suggest autofill it.
The web form autofill functionality must be enabled in this case.
To access and manage all saved passwords, use PasswordStore
you can access using:
var passwordStore = profile.passwordStore();
val passwordStore = profile.passwordStore()
Saving passwords
When the user submits a new form containing username and password, the library will ask you if you’d like to save the credentials via SavePasswordCallback
. In the callback you will be prompted to save or never-save (blacklist) the password. For example:
browser.set(SavePasswordCallback.class, (params, tell) -> {
// URL of the page.
var url = params.url();
// The associated login.
var login = params.login();
if (login.equals("admin")) {
// Ignore the attempt to save the password.
tell.ignore();
} else if (url.contains("sensitive-website")) {
// Never save passwords for this URL.
tell.neverSave();
} else {
// Allow Chromium to save the password.
tell.save();
}
});
browser.register(SavePasswordCallback { params, tell ->
// URL of the page.
val url = params.url()
// The associated login.
val login = params.login()
if (login == "admin") {
// Ignore the attempt to save the password.
tell.ignore()
} else if (url.contains("sensitive-website")) {
// Never save passwords for this URL.
tell.neverSave()
} else {
// Allow Chromium to save the password.
tell.save()
}
})
If you choose to save the password, it will be added to the password store. If select “never-save”, you will mark the forms at this URL as blacklisted. The library will never suggest you to save the passwords on this web page anymore.
Updating passwords
When the user submits the previously submitted form with a new password, the library will ask you to update the saved credentials via UpdatePasswordCallback
. In this callback you will be prompted to update or ignore the new value. For example:
browser.set(UpdatePasswordCallback.class, (params, tell) -> {
// URL of the page.
var url = params.url();
// The associated login.
var login = params.login();
if (login == "admin") {
// Ignore the attempt to update the password.
tell.ignore();
} else {
// Allow Chromium to update the password.
tell.update();
}
});
browser.register(UpdatePasswordCallback { params, tell ->
// URL of the page.
val url = params.url()
// The associated login.
val login = params.login()
if (login == "admin") {
// Ignore the attempt to update the password.
tell.ignore()
} else {
// Allow Chromium to update the password.
tell.update()
}
})
Managing passwords
Each element in the password store is represented by PasswordRecord
. It contains the user’s login and URL of a web page where the form was submitted. It doesn’t store the password itself.
To read all saved and blacklisted records use:
var allRecords = passwordStore.all();
val allRecords = passwordStore.all()
To read only saved records use:
var allSavedRecords = passwordStore.allSaved();
val allSavedRecords = passwordStore.allSaved()
To read only “never-saved” (marked as blacklisted) records use:
var allNeverSavedRecords = passwordStore.allNeverSaved();
val allNeverSavedRecords = passwordStore.allNeverSaved()
To remove all records from the store use:
passwordStore.clear();
passwordStore.clear()
To remove records associated with a specific URL use:
passwordStore.removeByUrl(url);
passwordStore.removeByUrl(url)