[iOS][Getaway] Prevent opening new incognito tabs when not authorized.

Adds checks and blocks opening incognito tabs when the attempt is not
authenticated and the authentication fails.

Bug: none
Change-Id: Ic7f37c1fc70306812e6b6a214e9129361927e45e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2593262
Commit-Queue: Stepan Khapugin <stkhapugin@chromium.org>
Reviewed-by: Gauthier Ambard <gambard@chromium.org>
Reviewed-by: Sergio Collazos <sczs@chromium.org>
Cr-Commit-Position: refs/heads/master@{#838100}

ios/chrome/browser/ui/bookmarks/BUILD.gn

@@ -67,8 +67,10 @@ source_set("bookmarks") {
     "//ios/chrome/browser/ui/bookmarks/cells",
     "//ios/chrome/browser/ui/commands",
     "//ios/chrome/browser/ui/elements",
+    "//ios/chrome/browser/ui/incognito_reauth:incognito_reauth_scene_agent",
     "//ios/chrome/browser/ui/keyboard",
     "//ios/chrome/browser/ui/list_model",
+    "//ios/chrome/browser/ui/main:scene_state_header",
     "//ios/chrome/browser/ui/material_components",
     "//ios/chrome/browser/ui/menu",
     "//ios/chrome/browser/ui/sharing",

ios/chrome/browser/ui/bookmarks/bookmark_home_view_controller.mm

@@ -51,7 +51,9 @@
 #import "ios/chrome/browser/ui/commands/browser_commands.h"
 #import "ios/chrome/browser/ui/commands/command_dispatcher.h"
 #import "ios/chrome/browser/ui/elements/home_waiting_view.h"
+#import "ios/chrome/browser/ui/incognito_reauth/incognito_reauth_scene_agent.h"
 #import "ios/chrome/browser/ui/keyboard/UIKeyCommand+Chrome.h"
+#import "ios/chrome/browser/ui/main/scene_state_browser_agent.h"
 #import "ios/chrome/browser/ui/material_components/utils.h"
 #import "ios/chrome/browser/ui/menu/action_factory.h"
 #import "ios/chrome/browser/ui/menu/menu_histograms.h"
@@ -713,6 +715,22 @@ std::vector<GURL> GetUrlsToOpen(const std::vector<const BookmarkNode*>& nodes) {
 - (void)openAllURLs:(std::vector<GURL>)urls
         inIncognito:(BOOL)inIncognito
              newTab:(BOOL)newTab {
+  if (base::FeatureList::IsEnabled(kIncognitoAuthentication) && inIncognito) {
+    IncognitoReauthSceneAgent* reauthAgent = [IncognitoReauthSceneAgent
+        agentFromScene:SceneStateBrowserAgent::FromBrowser(self.browser)
+                           ->GetSceneState()];
+    if (reauthAgent.authenticationRequired) {
+      __weak BookmarkHomeViewController* weakSelf = self;
+      [reauthAgent
+          authenticateIncognitoContentWithCompletionBlock:^(BOOL success) {
+            if (success) {
+              [weakSelf openAllURLs:urls inIncognito:inIncognito newTab:newTab];
+            }
+          }];
+      return;
+    }
+  }
+
   [self cacheIndexPathRow];
   [self.homeDelegate bookmarkHomeViewControllerWantsDismissal:self
                                              navigationToUrls:urls

ios/chrome/browser/ui/browser_view/browser_view_controller.mm

@@ -95,6 +95,7 @@
 #import "ios/chrome/browser/ui/image_util/image_copier.h"
 #import "ios/chrome/browser/ui/image_util/image_saver.h"
 #import "ios/chrome/browser/ui/incognito_reauth/incognito_reauth_commands.h"
+#import "ios/chrome/browser/ui/incognito_reauth/incognito_reauth_scene_agent.h"
 #import "ios/chrome/browser/ui/incognito_reauth/incognito_reauth_view.h"
 #import "ios/chrome/browser/ui/infobars/infobar_container_coordinator.h"
 #import "ios/chrome/browser/ui/infobars/infobar_feature.h"
@@ -3411,6 +3412,27 @@ NSString* const kBrowserViewControllerSnackbarCategory =
           params.append_to = kCurrentTab;
           UrlLoadingBrowserAgent::FromBrowser(self.browser)->Load(params);
         };
+
+        if (base::FeatureList::IsEnabled(kIncognitoAuthentication)) {
+          IncognitoReauthSceneAgent* reauthAgent = [IncognitoReauthSceneAgent
+              agentFromScene:SceneStateBrowserAgent::FromBrowser(self.browser)
+                                 ->GetSceneState()];
+          // Wrap the action inside of an auth check block.
+          ProceduralBlock wrappedAction = action;
+          action = ^{
+            if (reauthAgent.authenticationRequired) {
+              [reauthAgent authenticateIncognitoContentWithCompletionBlock:^(
+                               BOOL success) {
+                if (success) {
+                  wrappedAction();
+                }
+              }];
+            } else {
+              wrappedAction();
+            }
+          };
+        }
+
         [_contextMenuCoordinator addItemWithTitle:title
                                            action:action
                                             style:UIAlertActionStyleDefault];

ios/chrome/browser/ui/incognito_reauth/incognito_reauth_scene_agent.h

@@ -36,6 +36,14 @@ class PrefService;
 
 - (instancetype)init NS_UNAVAILABLE;
 
+// Requests authentication and marks the scene as authenticated until the next
+// scene foregrounding.
+// The authentication will require user interaction. Upon completion, will
+// notify observers and call the completion block (passing authentication
+// result).
+- (void)authenticateIncognitoContentWithCompletionBlock:
+    (void (^)(BOOL success))completion;
+
 // Registers the prefs required for this agent.
 + (void)registerLocalState:(PrefRegistrySimple*)registry;
 

ios/chrome/browser/ui/incognito_reauth/incognito_reauth_scene_agent.mm

@@ -69,6 +69,11 @@
 }
 
 - (void)authenticateIncognitoContent {
+  [self authenticateIncognitoContentWithCompletionBlock:nil];
+}
+
+- (void)authenticateIncognitoContentWithCompletionBlock:
+    (void (^)(BOOL success))completion {
   DCHECK(self.reauthModule);
 
   if (!self.isAuthenticationRequired) {
@@ -88,6 +93,9 @@
                                       ReauthenticationResult::kSuccess);
                                  weakSelf.authenticatedSinceLastForeground =
                                      success;
+                                 if (completion) {
+                                   completion(success);
+                                 }
                                }];
 }
 

ios/chrome/browser/ui/main/scene_controller.mm

@@ -1144,6 +1144,20 @@ const char kMultiWindowOpenInNewWindowHistogram[] =
 }
 
 - (void)openURLInNewTab:(OpenNewTabCommand*)command {
+  if (base::FeatureList::IsEnabled(kIncognitoAuthentication) &&
+      command.inIncognito) {
+    IncognitoReauthSceneAgent* reauthAgent =
+        [IncognitoReauthSceneAgent agentFromScene:self.sceneState];
+    if (reauthAgent.authenticationRequired) {
+      __weak SceneController* weakSelf = self;
+      [reauthAgent
+          authenticateIncognitoContentWithCompletionBlock:^(BOOL success) {
+            [weakSelf openURLInNewTab:command];
+          }];
+      return;
+    }
+  }
+
   UrlLoadParams params =
       UrlLoadParams::InNewTab(command.URL, command.virtualURL);
   params.SetInBackground(command.inBackground);
@@ -1717,13 +1731,33 @@ const char kMultiWindowOpenInNewWindowHistogram[] =
                                dismissOmnibox:(BOOL)dismissOmnibox
                                    completion:(ProceduralBlock)completion {
   UrlLoadParams copyOfUrlLoadParams = urlLoadParams;
-  [self
-      dismissModalDialogsWithCompletion:^{
-        [self openSelectedTabInMode:targetMode
+
+  __weak SceneController* weakSelf = self;
+  void (^dismissModalsCompletion)() = ^{
+    [weakSelf openSelectedTabInMode:targetMode
                   withUrlLoadParams:copyOfUrlLoadParams
                          completion:completion];
-      }
-                         dismissOmnibox:dismissOmnibox];
+  };
+
+  // Wrap the post-dismiss-modals action with the incognito auth check.
+  if (base::FeatureList::IsEnabled(kIncognitoAuthentication) &&
+      targetMode == ApplicationModeForTabOpening::INCOGNITO) {
+    IncognitoReauthSceneAgent* reauthAgent =
+        [IncognitoReauthSceneAgent agentFromScene:self.sceneState];
+    if (reauthAgent.authenticationRequired) {
+      dismissModalsCompletion = ^{
+        [reauthAgent
+            authenticateIncognitoContentWithCompletionBlock:^(BOOL success) {
+              if (success) {
+                dismissModalsCompletion();
+              }
+            }];
+      };
+    }
+  }
+
+  [self dismissModalDialogsWithCompletion:dismissModalsCompletion
+                           dismissOmnibox:dismissOmnibox];
 }
 
 - (void)dismissModalsAndOpenMultipleTabsInMode:

ios/chrome/browser/ui/menu/BUILD.gn

@@ -26,7 +26,10 @@ source_set("menu") {
     "resources:share",
     "//base",
     "//ios/chrome/app/strings",
+    "//ios/chrome/browser/ui:feature_flags",
     "//ios/chrome/browser/ui/commands",
+    "//ios/chrome/browser/ui/incognito_reauth:incognito_reauth_scene_agent",
+    "//ios/chrome/browser/ui/main:scene_state_header",
     "//ios/chrome/browser/ui/util",
     "//ios/chrome/browser/url_loading",
     "//ios/chrome/browser/window_activities",

ios/chrome/browser/ui/menu/action_factory.mm

@@ -7,6 +7,9 @@
 #import "base/metrics/histogram_functions.h"
 #import "ios/chrome/browser/ui/commands/application_commands.h"
 #import "ios/chrome/browser/ui/commands/command_dispatcher.h"
+#import "ios/chrome/browser/ui/incognito_reauth/incognito_reauth_scene_agent.h"
+#import "ios/chrome/browser/ui/main/scene_state_browser_agent.h"
+#include "ios/chrome/browser/ui/ui_feature_flags.h"
 #import "ios/chrome/browser/ui/util/pasteboard_util.h"
 #import "ios/chrome/browser/url_loading/url_loading_browser_agent.h"
 #import "ios/chrome/browser/url_loading/url_loading_params.h"
@@ -130,6 +133,23 @@
 }
 
 - (UIAction*)actionToOpenInNewIncognitoTabWithBlock:(ProceduralBlock)block {
+  // Wrap the block with the incognito auth check, if necessary.
+  if (base::FeatureList::IsEnabled(kIncognitoAuthentication)) {
+    IncognitoReauthSceneAgent* reauthAgent = [IncognitoReauthSceneAgent
+        agentFromScene:SceneStateBrowserAgent::FromBrowser(self.browser)
+                           ->GetSceneState()];
+    if (reauthAgent.authenticationRequired) {
+      block = ^{
+        [reauthAgent
+            authenticateIncognitoContentWithCompletionBlock:^(BOOL success) {
+              if (success && block != nullptr) {
+                block();
+              }
+            }];
+      };
+    }
+  }
+
   return [self actionWithTitle:l10n_util::GetNSString(
                                    IDS_IOS_OPEN_IN_INCOGNITO_ACTION_TITLE)
                          image:[UIImage imageNamed:@"open_in_incognito"]

ios/chrome/browser/ui/reading_list/BUILD.gn

@@ -41,11 +41,14 @@ source_set("reading_list") {
     "//ios/chrome/browser/metrics:metrics_internal",
     "//ios/chrome/browser/reading_list",
     "//ios/chrome/browser/tabs",
+    "//ios/chrome/browser/ui:feature_flags",
     "//ios/chrome/browser/ui/activity_services",
     "//ios/chrome/browser/ui/alert_coordinator",
     "//ios/chrome/browser/ui/commands",
     "//ios/chrome/browser/ui/coordinators:chrome_coordinators",
     "//ios/chrome/browser/ui/favicon",
+    "//ios/chrome/browser/ui/incognito_reauth:incognito_reauth_scene_agent",
+    "//ios/chrome/browser/ui/main:scene_state_header",
     "//ios/chrome/browser/ui/menu",
     "//ios/chrome/browser/ui/reading_list/context_menu",
     "//ios/chrome/browser/ui/reading_list/resources:distillation_fail_new",

ios/chrome/browser/ui/reading_list/reading_list_coordinator.mm

@@ -22,6 +22,8 @@
 #import "ios/chrome/browser/ui/activity_services/activity_params.h"
 #import "ios/chrome/browser/ui/commands/application_commands.h"
 #import "ios/chrome/browser/ui/commands/command_dispatcher.h"
+#import "ios/chrome/browser/ui/incognito_reauth/incognito_reauth_scene_agent.h"
+#import "ios/chrome/browser/ui/main/scene_state_browser_agent.h"
 #import "ios/chrome/browser/ui/menu/action_factory.h"
 #import "ios/chrome/browser/ui/menu/menu_histograms.h"
 #import "ios/chrome/browser/ui/reading_list/context_menu/reading_list_context_menu_coordinator.h"
@@ -40,6 +42,7 @@
 #import "ios/chrome/browser/ui/table_view/table_view_navigation_controller.h"
 #import "ios/chrome/browser/ui/table_view/table_view_navigation_controller_constants.h"
 #import "ios/chrome/browser/ui/table_view/table_view_presentation_controller.h"
+#include "ios/chrome/browser/ui/ui_feature_flags.h"
 #import "ios/chrome/browser/ui/util/multi_window_support.h"
 #import "ios/chrome/browser/ui/util/pasteboard_util.h"
 #import "ios/chrome/browser/url_loading/url_loading_browser_agent.h"
@@ -385,6 +388,30 @@ animationControllerForDismissedController:(UIViewController*)dismissed {
       withOfflineURL:(const GURL&)offlineURL
             inNewTab:(BOOL)newTab
            incognito:(BOOL)incognito {
+  // Only open a new incognito tab when incognito is authenticated. Prompt for
+  // auth otherwise.
+  if (base::FeatureList::IsEnabled(kIncognitoAuthentication) && incognito) {
+    IncognitoReauthSceneAgent* reauthAgent = [IncognitoReauthSceneAgent
+        agentFromScene:SceneStateBrowserAgent::FromBrowser(self.browser)
+                           ->GetSceneState()];
+    __weak ReadingListCoordinator* weakSelf = self;
+    if (reauthAgent.authenticationRequired) {
+      // Copy C++ args to call later from the block.
+      GURL copyEntryURL = GURL(entryURL);
+      GURL copyOfflineURL = GURL(offlineURL);
+      [reauthAgent
+          authenticateIncognitoContentWithCompletionBlock:^(BOOL success) {
+            if (success) {
+              [weakSelf loadEntryURL:copyEntryURL
+                      withOfflineURL:copyOfflineURL
+                            inNewTab:newTab
+                           incognito:incognito];
+            }
+          }];
+      return;
+    }
+  }
+
   DCHECK(entryURL.is_valid());
   base::RecordAction(base::UserMetricsAction("MobileReadingListOpen"));
   web::WebState* activeWebState =

ios/chrome/browser/url_loading/BUILD.gn

@@ -37,7 +37,10 @@ source_set("url_loading") {
     "//ios/chrome/browser/prerender",
     "//ios/chrome/browser/sessions",
     "//ios/chrome/browser/snapshots",
+    "//ios/chrome/browser/ui:feature_flags",
     "//ios/chrome/browser/ui/commands",
+    "//ios/chrome/browser/ui/incognito_reauth:incognito_reauth_scene_agent",
+    "//ios/chrome/browser/ui/main:scene_state_header",
     "//ios/chrome/browser/ui/ntp:util",
     "//ios/chrome/browser/web",
     "//ios/chrome/browser/web_state_list",

ios/chrome/browser/url_loading/url_loading_browser_agent.mm

@@ -14,7 +14,10 @@
 #import "ios/chrome/browser/prerender/prerender_service.h"
 #import "ios/chrome/browser/prerender/prerender_service_factory.h"
 #import "ios/chrome/browser/ui/commands/open_new_tab_command.h"
+#import "ios/chrome/browser/ui/incognito_reauth/incognito_reauth_scene_agent.h"
+#import "ios/chrome/browser/ui/main/scene_state_browser_agent.h"
 #import "ios/chrome/browser/ui/ntp/ntp_util.h"
+#include "ios/chrome/browser/ui/ui_feature_flags.h"
 #import "ios/chrome/browser/url_loading/scene_url_loading_service.h"
 #import "ios/chrome/browser/url_loading/url_loading_notifier_browser_agent.h"
 #import "ios/chrome/browser/url_loading/url_loading_params.h"
@@ -285,6 +288,15 @@ void UrlLoadingBrowserAgent::LoadUrlInNewTab(const UrlLoadParams& params) {
   DCHECK(scene_service_);
   DCHECK(delegate_);
   DCHECK(browser_);
+
+  if (base::FeatureList::IsEnabled(kIncognitoAuthentication) &&
+      params.in_incognito) {
+    IncognitoReauthSceneAgent* reauthAgent = [IncognitoReauthSceneAgent
+        agentFromScene:SceneStateBrowserAgent::FromBrowser(browser_)
+                           ->GetSceneState()];
+    DCHECK(!reauthAgent.authenticationRequired);
+  }
+
   ChromeBrowserState* browser_state = browser_->GetBrowserState();
   ChromeBrowserState* active_browser_state =
       scene_service_->GetCurrentBrowser()->GetBrowserState();