Add support for GetAuthCredentials (fixes issue #2718, see issue #2622).

When NetworkService is enabled requests created using CefFrame::CreateURLRequest
will call CefRequestHandler::GetAuthCredentials for the associated browser after
calling CefURLRequestClient::GetAuthCredentials if that call returns false.

BUILD.gn

@@ -407,6 +407,8 @@ static_library("libcef_static") {
     "libcef/browser/net_service/cookie_helper.h",
     "libcef/browser/net_service/cookie_manager_impl.cc",
     "libcef/browser/net_service/cookie_manager_impl.h",
+    "libcef/browser/net_service/login_delegate.cc",
+    "libcef/browser/net_service/login_delegate.h",
     "libcef/browser/net_service/proxy_url_loader_factory.cc",
     "libcef/browser/net_service/proxy_url_loader_factory.h",
     "libcef/browser/net_service/resource_handler_wrapper.cc",

include/capi/cef_request_context_capi.h

@@ -33,7 +33,7 @@
 // by hand. See the translator.README.txt file in the tools directory for
 // more information.
 //
-// $hash=59376c6298df4489ecc34f3509a8d0e77e9d97f7$
+// $hash=fdfce3e4e33a1d4e1170497d2a476f0837994060$
 //
 
 #ifndef CEF_INCLUDE_CAPI_CEF_REQUEST_CONTEXT_CAPI_H_
@@ -238,6 +238,15 @@ typedef struct _cef_request_context_t {
       struct _cef_request_context_t* self,
       struct _cef_completion_callback_t* callback);
 
+  ///
+  // Clears all HTTP authentication credentials that were added as part of
+  // handling GetAuthCredentials. If |callback| is non-NULL it will be executed
+  // on the UI thread after completion.
+  ///
+  void(CEF_CALLBACK* clear_http_auth_credentials)(
+      struct _cef_request_context_t* self,
+      struct _cef_completion_callback_t* callback);
+
   ///
   // Clears all active and idle connections that Chromium currently has. This is
   // only recommended if you have released all other CEF objects but don't yet

include/capi/cef_request_handler_capi.h

@@ -33,7 +33,7 @@
 // by hand. See the translator.README.txt file in the tools directory for
 // more information.
 //
-// $hash=fce8beb9d3e8709a512077681455cb4ef92ef76d$
+// $hash=d9c4e8591ee39bd9d8c1714c0ca2417a7d2a38ea$
 //
 
 #ifndef CEF_INCLUDE_CAPI_CEF_REQUEST_HANDLER_CAPI_H_
@@ -154,10 +154,11 @@ typedef struct _cef_request_handler_t {
 
   ///
   // Called on the IO thread when the browser needs credentials from the user.
-  // |isProxy| indicates whether the host is a proxy server. |host| contains the
-  // hostname and |port| contains the port number. |realm| is the realm of the
-  // challenge and may be NULL. |scheme| is the authentication scheme used, such
-  // as "basic" or "digest", and will be NULL if the source of the request is an
+  // |origin_url| is the origin making this authentication request. |isProxy|
+  // indicates whether the host is a proxy server. |host| contains the hostname
+  // and |port| contains the port number. |realm| is the realm of the challenge
+  // and may be NULL. |scheme| is the authentication scheme used, such as
+  // "basic" or "digest", and will be NULL if the source of the request is an
   // FTP server. Return true (1) to continue the request and call
   // cef_auth_callback_t::cont() either in this function or at a later time when
   // the authentication information is available. Return false (0) to cancel the
@@ -166,7 +167,7 @@ typedef struct _cef_request_handler_t {
   int(CEF_CALLBACK* get_auth_credentials)(
       struct _cef_request_handler_t* self,
       struct _cef_browser_t* browser,
-      struct _cef_frame_t* frame,
+      const cef_string_t* origin_url,
       int isProxy,
       const cef_string_t* host,
       int port,

include/capi/cef_urlrequest_capi.h

@@ -33,7 +33,7 @@
 // by hand. See the translator.README.txt file in the tools directory for
 // more information.
 //
-// $hash=3d31b2d1bad50deeb68a5e6318344024c2f3f5be$
+// $hash=77ac3a2aaea32b649185a58e4c2bbb13b7fe0540$
 //
 
 #ifndef CEF_INCLUDE_CAPI_CEF_URLREQUEST_CAPI_H_
@@ -193,9 +193,11 @@ typedef struct _cef_urlrequest_client_t {
   // |isProxy| indicates whether the host is a proxy server. |host| contains the
   // hostname and |port| contains the port number. Return true (1) to continue
   // the request and call cef_auth_callback_t::cont() when the authentication
-  // information is available. Return false (0) to cancel the request. This
-  // function will only be called for requests initiated from the browser
-  // process.
+  // information is available. If the request has an associated browser/frame
+  // then returning false (0) will result in a call to GetAuthCredentials on the
+  // cef_request_tHandler associated with that browser, if any. Otherwise,
+  // returning false (0) will cancel the request immediately. This function will
+  // only be called for requests initiated from the browser process.
   ///
   int(CEF_CALLBACK* get_auth_credentials)(
       struct _cef_urlrequest_client_t* self,

include/cef_api_hash.h

@@ -34,7 +34,7 @@
 // implementations. See the translator.README.txt file in the tools directory
 // for more information.
 //
-// $hash=0bc0d1faa22392b4245dc6eaf56337e7847a1900$
+// $hash=467550bc7fb025b069edb9dc65988d8cb9c56fd2$
 //
 
 #ifndef CEF_INCLUDE_API_HASH_H_
@@ -47,13 +47,13 @@
 // way that may cause binary incompatibility with other builds. The universal
 // hash value will change if any platform is affected whereas the platform hash
 // values will change only if that particular platform is affected.
-#define CEF_API_HASH_UNIVERSAL "31b55dcbcf52e9f51fe423741f64e5c77e71c65a"
+#define CEF_API_HASH_UNIVERSAL "3f2fd465a9dc95ef7d645c0b3c8bdf4e26d9b26e"
 #if defined(OS_WIN)
-#define CEF_API_HASH_PLATFORM "afb8ea794d1bb0f56ba5ce1718a16e5dfd64229e"
+#define CEF_API_HASH_PLATFORM "37fc3765fe0ef3ef7542e6568e5689b3575968a8"
 #elif defined(OS_MACOSX)
-#define CEF_API_HASH_PLATFORM "e3a279cf087095495c08fd9fa88daef5dbafff3a"
+#define CEF_API_HASH_PLATFORM "dc61db096a4b62365b16d450fe4f898a9552da6a"
 #elif defined(OS_LINUX)
-#define CEF_API_HASH_PLATFORM "d25833941c670d82cff0aa0ccf47b557d6813634"
+#define CEF_API_HASH_PLATFORM "059d7243ae34aa5503c96a21ce24a673dddf4e64"
 #endif
 
 #ifdef __cplusplus

include/cef_request_context.h

@@ -249,6 +249,15 @@ class CefRequestContext : public virtual CefBaseRefCounted {
   virtual void ClearCertificateExceptions(
       CefRefPtr<CefCompletionCallback> callback) = 0;
 
+  ///
+  // Clears all HTTP authentication credentials that were added as part of
+  // handling GetAuthCredentials. If |callback| is non-NULL it will be executed
+  // on the UI thread after completion.
+  ///
+  /*--cef(optional_param=callback)--*/
+  virtual void ClearHttpAuthCredentials(
+      CefRefPtr<CefCompletionCallback> callback) = 0;
+
   ///
   // Clears all active and idle connections that Chromium currently has.
   // This is only recommended if you have released all other CEF objects but

include/cef_request_handler.h

@@ -150,18 +150,19 @@ class CefRequestHandler : public virtual CefBaseRefCounted {
 
   ///
   // Called on the IO thread when the browser needs credentials from the user.
-  // |isProxy| indicates whether the host is a proxy server. |host| contains the
-  // hostname and |port| contains the port number. |realm| is the realm of the
-  // challenge and may be empty. |scheme| is the authentication scheme used,
-  // such as "basic" or "digest", and will be empty if the source of the request
-  // is an FTP server. Return true to continue the request and call
+  // |origin_url| is the origin making this authentication request. |isProxy|
+  // indicates whether the host is a proxy server. |host| contains the hostname
+  // and |port| contains the port number. |realm| is the realm of the challenge
+  // and may be empty. |scheme| is the authentication scheme used, such as
+  // "basic" or "digest", and will be empty if the source of the request is an
+  // FTP server. Return true to continue the request and call
   // CefAuthCallback::Continue() either in this method or at a later time when
   // the authentication information is available. Return false to cancel the
   // request immediately.
   ///
   /*--cef(optional_param=realm,optional_param=scheme)--*/
   virtual bool GetAuthCredentials(CefRefPtr<CefBrowser> browser,
-                                  CefRefPtr<CefFrame> frame,
+                                  const CefString& origin_url,
                                   bool isProxy,
                                   const CefString& host,
                                   int port,

include/cef_urlrequest.h

@@ -186,8 +186,11 @@ class CefURLRequestClient : public virtual CefBaseRefCounted {
   // |isProxy| indicates whether the host is a proxy server. |host| contains the
   // hostname and |port| contains the port number. Return true to continue the
   // request and call CefAuthCallback::Continue() when the authentication
-  // information is available. Return false to cancel the request. This method
-  // will only be called for requests initiated from the browser process.
+  // information is available. If the request has an associated browser/frame
+  // then returning false will result in a call to GetAuthCredentials on the
+  // CefRequestHandler associated with that browser, if any. Otherwise,
+  // returning false will cancel the request immediately. This method will only
+  // be called for requests initiated from the browser process.
   ///
   /*--cef(optional_param=realm)--*/
   virtual bool GetAuthCredentials(bool isProxy,

libcef/browser/content_browser_client.cc

@@ -22,6 +22,7 @@
 #include "libcef/browser/media_capture_devices_dispatcher.h"
 #include "libcef/browser/net/chrome_scheme_handler.h"
 #include "libcef/browser/net/net_util.h"
+#include "libcef/browser/net_service/login_delegate.h"
 #include "libcef/browser/net_service/proxy_url_loader_factory.h"
 #include "libcef/browser/net_service/resource_request_handler_wrapper.h"
 #include "libcef/browser/plugins/plugin_service_filter.h"
@@ -113,6 +114,7 @@
 #include "extensions/common/constants.h"
 #include "extensions/common/switches.h"
 #include "mojo/public/cpp/bindings/remote.h"
+#include "net/base/auth.h"
 #include "net/ssl/ssl_cert_request_info.h"
 #include "ppapi/host/ppapi_host.h"
 #include "services/network/public/cpp/network_switches.h"
@@ -1222,6 +1224,21 @@ CefContentBrowserClient::CreateClientCertStore(
       ->CreateClientCertStore();
 }
 
+std::unique_ptr<content::LoginDelegate>
+CefContentBrowserClient::CreateLoginDelegate(
+    const net::AuthChallengeInfo& auth_info,
+    content::WebContents* web_contents,
+    const content::GlobalRequestID& request_id,
+    bool is_request_for_main_frame,
+    const GURL& url,
+    scoped_refptr<net::HttpResponseHeaders> response_headers,
+    bool first_auth_attempt,
+    LoginAuthRequiredCallback auth_required_callback) {
+  return std::make_unique<net_service::LoginDelegate>(
+      auth_info, web_contents, request_id, url,
+      std::move(auth_required_callback));
+}
+
 void CefContentBrowserClient::RegisterNonNetworkNavigationURLLoaderFactories(
     int frame_tree_node_id,
     NonNetworkURLLoaderFactoryMap* factories) {

libcef/browser/content_browser_client.h

@@ -155,10 +155,17 @@ class CefContentBrowserClient : public content::ContentBrowserClient {
       service_manager::BinderRegistry* registry,
       blink::AssociatedInterfaceRegistry* associated_registry,
       content::RenderProcessHost* render_process_host) override;
-
   std::unique_ptr<net::ClientCertStore> CreateClientCertStore(
       content::ResourceContext* resource_context) override;
-
+  std::unique_ptr<content::LoginDelegate> CreateLoginDelegate(
+      const net::AuthChallengeInfo& auth_info,
+      content::WebContents* web_contents,
+      const content::GlobalRequestID& request_id,
+      bool is_request_for_main_frame,
+      const GURL& url,
+      scoped_refptr<net::HttpResponseHeaders> response_headers,
+      bool first_auth_attempt,
+      LoginAuthRequiredCallback auth_required_callback) override;
   void RegisterNonNetworkNavigationURLLoaderFactories(
       int frame_tree_node_id,
       NonNetworkURLLoaderFactoryMap* factories) override;

libcef/browser/net/network_delegate.cc

@@ -395,13 +395,10 @@ net::NetworkDelegate::AuthRequiredResponse CefNetworkDelegate::OnAuthRequired(
     if (client.get()) {
       CefRefPtr<CefRequestHandler> handler = client->GetRequestHandler();
       if (handler.get()) {
-        CefRefPtr<CefFrame> frame =
-            net_util::GetFrameForRequest(browser->browser_info(), request);
-
         CefRefPtr<CefAuthCallbackImpl> callbackPtr(
             new CefAuthCallbackImpl(std::move(callback), credentials));
         if (handler->GetAuthCredentials(
-                browser.get(), frame, auth_info.is_proxy,
+                browser.get(), request->url().spec(), auth_info.is_proxy,
                 auth_info.challenger.host(), auth_info.challenger.port(),
                 auth_info.realm, auth_info.scheme, callbackPtr.get())) {
           request->SetUserData(