Use correct origin when prompting for proxy authentication.

chrome/browser/ui/login/login_handler.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_UI_LOGIN_LOGIN_HANDLER_H_
 #define CHROME_BROWSER_UI_LOGIN_LOGIN_HANDLER_H_
 
 #include <memory>
 #include <string>
 
+#include "base/gtest_prod_util.h"
 #include "base/macros.h"
 #include "base/memory/weak_ptr.h"
 #include "base/synchronization/lock.h"
 #include "components/password_manager/core/browser/password_manager.h"
 #include "content/public/browser/notification_observer.h"
 #include "content/public/browser/resource_dispatcher_host_login_delegate.h"
 #include "content/public/browser/resource_request_info.h"
 
 class GURL;
 class LoginInterstitialDelegate;
@@ skipping 107 matching lines @@
   // Notify observers that authentication is needed.
   void NotifyAuthNeeded();
 
   // Performs necessary cleanup before deletion.
   void ReleaseSoon();
 
   // Closes the native dialog.
   virtual void CloseDialog() = 0;
 
  private:
+  friend LoginHandler* CreateLoginPrompt(net::AuthChallengeInfo* auth_info,
+                                         net::URLRequest* request);
+  FRIEND_TEST_ALL_PREFIXES(LoginHandlerTest, Outputs);
+
   // Starts observing notifications from other LoginHandlers.
   void AddObservers();
 
   // Stops observing notifications from other LoginHandlers.
   void RemoveObservers();
 
   // Notify observers that authentication is supplied.
   void NotifyAuthSupplied(const base::string16& username,
                           const base::string16& password);
 
@@ skipping 11 matching lines @@
   // Cancels the auth. If |cancel_navigation| is true, the existing login
   // interstitial (if any) is closed and the pending navigation is cancelled.
   void DoCancelAuth(bool cancel_navigation);
 
   // Calls CancelAuth from the IO loop.
   void CancelAuthDeferred();
 
   // Closes the view_contents from the UI loop.
   void CloseContentsDeferred();
 
+  // Get the signon_realm under which this auth info should be stored.
+  //
+  // The format of the signon_realm for proxy auth is:
+  //     proxy-host:proxy-port/auth-realm
+  // The format of the signon_realm for server auth is:
+  //     url-scheme://url-host[:url-port]/auth-realm
+  //
+  // Be careful when changing this function, since you could make existing
+  // saved logins un-retrievable.
+  static std::string GetSignonRealm(const GURL& url,
+                                    const net::AuthChallengeInfo& auth_info);
+
+  // Helper to create a PasswordForm for PasswordManager to start looking for
+  // saved credentials.
+  static autofill::PasswordForm MakeInputForPasswordManager(
+      const GURL& url,
+      const net::AuthChallengeInfo& auth_info);
+
+  static void GetDialogStrings(const GURL& request_url,
+                               const net::AuthChallengeInfo& auth_info,
+                               base::string16* authority,
+                               base::string16* explanation);
+
+  static void ShowLoginPrompt(const GURL& request_url,
+                              net::AuthChallengeInfo* auth_info,
+                              LoginHandler* handler);
+
+  // This callback is run on the UI thread and creates a constrained window with
+  // a LoginView to prompt the user. If the prompt is triggered because of a
+  // cross origin navigation in the main frame, a blank interstitial is first
+  // created which in turn creates the LoginView. Otherwise, a LoginView is
+  // directly in this callback. In both cases, the response will be sent to

[meacer, 2016/06/16 01:12:15]

directly -> created directly

[asanka, 2016/06/16 16:25:47]

Done.

+  // LoginHandler, which then routes it to the net::URLRequest on the I/O
+  // thread.
+  static void LoginDialogCallback(const GURL& request_url,
+                                  net::AuthChallengeInfo* auth_info,
+                                  LoginHandler* handler,
+                                  bool is_main_frame);
+
   // True if we've handled auth (SetAuth or CancelAuth has been called).
   bool handled_auth_;
   mutable base::Lock handled_auth_lock_;
 
   // Who/where/what asked for the authentication.
   scoped_refptr<net::AuthChallengeInfo> auth_info_;
 
   // The request that wants login data.
   // This should only be accessed on the IO loop.
   net::URLRequest* request_;
 
   // The HttpNetworkSession |request_| is associated with.
   const net::HttpNetworkSession* http_network_session_;
 
-  // The PasswordForm sent to the PasswordManager. This is so we can refer to it
-  // when later notifying the password manager if the credentials were accepted
+  // The PasswordForm sent to the PasswordManager. This is so we can refer to

[vabr (Chromium), 2016/06/15 08:50:06]

nit: Seems like these two lines could have stayed as they were? Or at least
please reindent to use as much as possible of the available line character
limit.

[asanka, 2016/06/16 16:25:47]

Reformatted.

+  // it
+  // when later notifying the password manager if the credentials were
+  // accepted
   // or rejected.
   // This should only be accessed on the UI loop.
   autofill::PasswordForm password_form_;
 
   // Points to the password manager owned by the WebContents requesting auth.
   // This should only be accessed on the UI loop.
   password_manager::PasswordManager* password_manager_;
 
   // Cached from the net::URLRequest, in case it goes NULL on us.
   content::ResourceRequestInfo::WebContentsGetter web_contents_getter_;
@@ skipping 54 matching lines @@
 // net::URLRequest::Delegate::OnAuthRequired.  The prompt will be created
 // on the main UI thread via a call to UI loop's InvokeLater, and will send the
 // credentials back to the net::URLRequest on the calling thread.
 // A LoginHandler object (which lives on the calling thread) is returned,
 // which can be used to set or cancel authentication programmatically.  The
 // caller must invoke OnRequestCancelled() on this LoginHandler before
 // destroying the net::URLRequest.
 LoginHandler* CreateLoginPrompt(net::AuthChallengeInfo* auth_info,
                                 net::URLRequest* request);
 
-// Get the signon_realm under which the identity should be saved.
-std::string GetSignonRealm(const GURL& url,
-                           const net::AuthChallengeInfo& auth_info);
-
 #endif  // CHROME_BROWSER_UI_LOGIN_LOGIN_HANDLER_H_