webauthn: DCHECK that device callbacks don't hairpin.

Since |u2f_request_| is assigned to the result of |TryRegistration| /
|TrySign|, if the given callback is called immediately then |Cleanup|
can have run and completed before |u2f_request_| is assigned. That
leaves |AuthenticatorImpl| in an invalid state and it'll no longer
process any requests.

None of the existing callbacks do this, so this change just adds DCHECKs
to help anyone else who might hit this in the future.

Change-Id: I139a0825c6231c438dc9e469f9b188eddb6000e0
Reviewed-on: https://chromium-review.googlesource.com/961788
Commit-Queue: Balazs Engedy <engedy@chromium.org>
Reviewed-by: Balazs Engedy <engedy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#543036}

content/browser/webauth/authenticator_impl.cc

@@ -522,6 +522,10 @@ void AuthenticatorImpl::GetAssertion(
 void AuthenticatorImpl::OnRegisterResponse(
     device::U2fReturnCode status_code,
     base::Optional<device::RegisterResponseData> response_data) {
+  // If callback is called immediately, this code will call |Cleanup| before
+  // |u2f_request_| has been assigned – violating invariants.
+  DCHECK(u2f_request_) << "unsupported callback hairpin";
+
   switch (status_code) {
     case device::U2fReturnCode::CONDITIONS_NOT_SATISFIED:
       // Duplicate registration: the new credential would be created on an
@@ -590,6 +594,10 @@ void AuthenticatorImpl::OnRegisterResponseAttestationDecided(
 void AuthenticatorImpl::OnSignResponse(
     device::U2fReturnCode status_code,
     base::Optional<device::SignResponseData> response_data) {
+  // If callback is called immediately, this code will call |Cleanup| before
+  // |u2f_request_| has been assigned – violating invariants.
+  DCHECK(u2f_request_) << "unsupported callback hairpin";
+
   switch (status_code) {
     case device::U2fReturnCode::CONDITIONS_NOT_SATISFIED:
       // No authenticators contained the credential.