Reject Pointer Lock requests when not in focus

Recent changes to pointer lock requests(https://crrev.com/c/2069199)
caused an error in logic which allowed requests made while not in focus
to be able to succeed. This meant that a request made while changing
focus would cause a strange state. I also added an earlier check for
focus so that we error out before reaching the browser.

Bug: 1068339
Change-Id: If706d2a693ca6a9aa2a8cf6c85ed622b429b97fc
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2138501Reviewed-by: Scott Violet <sky@chromium.org>
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Commit-Queue: James Hollyer <jameshollyer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#758382}

content/browser/pointer_lock_browsertest.cc

@@ -83,21 +83,22 @@ class MockPointerLockRenderWidgetHostView : public RenderWidgetHostViewAura {
     event_handler()->mouse_locked_unadjusted_movement_.reset();
   }
 
-  bool IsMouseLocked() override { return event_handler()->mouse_locked(); }
-
-  bool HasFocus() override { return true; }
+  bool GetIsMouseLockedUnadjustedMovementForTesting() override {
+    return IsMouseLocked() &&
+           event_handler()->mouse_locked_unadjusted_movement_;
+  }
 
   void OnWindowFocused(aura::Window* gained_focus,
                        aura::Window* lost_focus) override {
     // Ignore window focus events.
   }
 
-  bool GetIsMouseLockedUnadjustedMovementForTesting() override {
-    return IsMouseLocked() &&
-           event_handler()->mouse_locked_unadjusted_movement_;
-  }
+  bool IsMouseLocked() override { return event_handler()->mouse_locked(); }
+
+  bool HasFocus() override { return has_focus_; }
 
   RenderWidgetHostImpl* host_;
+  bool has_focus_ = true;
 };
 
 void InstallCreateHooksForPointerLockBrowserTests() {
@@ -651,6 +652,37 @@ IN_PROC_BROWSER_TEST_F(PointerLockBrowserTest, PointerLockWidgetHidden) {
   EXPECT_EQ(nullptr, web_contents()->GetMouseLockWidget());
 }
 
+#ifdef USE_AURA
+IN_PROC_BROWSER_TEST_F(PointerLockBrowserTest, PointerLockOutOfFocus) {
+  GURL main_url(embedded_test_server()->GetURL(
+      "a.com", "/cross_site_iframe_factory.html?a(b)"));
+  EXPECT_TRUE(NavigateToURL(shell(), main_url));
+
+  FrameTreeNode* root = web_contents()->GetFrameTree()->root();
+  MockPointerLockRenderWidgetHostView* root_view =
+      static_cast<MockPointerLockRenderWidgetHostView*>(
+          root->current_frame_host()->GetView());
+
+  root_view->has_focus_ = false;
+  // Request a pointer lock on the root frame's body.
+  ASSERT_TRUE(ExecJs(root, "document.body.requestPointerLock()"));
+
+  // setup promise structure to ensure request finishes.
+  EXPECT_TRUE(ExecJs(root, R"(
+        var advertisementreceivedPromise = new Promise(resolve => {
+          document.addEventListener('pointerlockerror',
+              event => {
+                resolve(true);
+              });
+        });
+      )"));
+
+  // Root frame should not have been granted pointer lock.
+  EXPECT_EQ(false,
+            EvalJs(root, "document.pointerLockElement == document.body"));
+}
+#endif
+
 // Flaky. https://crbug.com/1014324
 IN_PROC_BROWSER_TEST_F(PointerLockBrowserTestWithOptions,
                        DISABLED_PointerLockRequestUnadjustedMovement) {

content/browser/renderer_host/render_widget_host_impl.cc

@@ -2535,6 +2535,11 @@ void RenderWidgetHostImpl::RequestMouseLock(
     return;
   }
 
+  if (!view_ || !view_->HasFocus()) {
+    std::move(response).Run(blink::mojom::PointerLockResult::kWrongDocument);
+    return;
+  }
+
   request_mouse_callback_ = std::move(response);
 
   pending_mouse_lock_request_ = true;
@@ -2860,8 +2865,8 @@ bool RenderWidgetHostImpl::GotResponseToLockMouseRequest(
   }
 
   std::move(request_mouse_callback_)
-      .Run(blink::mojom::PointerLockResult::kSuccess);
-  return true;
+      .Run(blink::mojom::PointerLockResult::kWrongDocument);
+  return false;
 }
 
 void RenderWidgetHostImpl::GotResponseToKeyboardLockRequest(bool allowed) {