From 818ad9b1211b919aa2d8d417451d126fee4424a2 Mon Sep 17 00:00:00 2001 From: Wadeck Follonier Date: Wed, 1 Nov 2023 15:28:08 +0100 Subject: [PATCH 1/2] [JENKINS-72268] Ensure "gh" is present In case of impersonation the gh variable and the usersByTokenCache could be de-sync, leading to token not able to connect. Could be related to JENKINS-72209 as well. --- .../java/org/jenkinsci/plugins/GithubAuthenticationToken.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/main/java/org/jenkinsci/plugins/GithubAuthenticationToken.java b/src/main/java/org/jenkinsci/plugins/GithubAuthenticationToken.java index 0a997f45..28462fe4 100644 --- a/src/main/java/org/jenkinsci/plugins/GithubAuthenticationToken.java +++ b/src/main/java/org/jenkinsci/plugins/GithubAuthenticationToken.java @@ -504,6 +504,9 @@ private GHMyself loadMyself(@NonNull String token) throws IOException { // Also stick into usersByIdCache (to have latest copy) String username = ghMyself.getLogin(); usersByIdCache.put(username, new GithubUser(ghMyself)); + } else { + // force creation of the gh variable, esp. in case of impersonation + getGitHub(); } } catch (IOException e) { LOGGER.log(Level.INFO, e.getMessage(), e); From b34794ce9d17e88cbb672802d3793ddf2aea946e Mon Sep 17 00:00:00 2001 From: Wadeck Follonier Date: Wed, 1 Nov 2023 16:02:17 +0100 Subject: [PATCH 2/2] Fix an exception when the authentication token is not exactly which is expected from the plugin --- .../org/jenkinsci/plugins/GithubSecurityRealm.java | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java b/src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java index 803fd1c5..a55abed5 100644 --- a/src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java +++ b/src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java @@ -753,10 +753,15 @@ public int hashCode() { @Override public GroupDetails loadGroupByGroupname(String groupName) throws UsernameNotFoundException, DataAccessException { - GithubAuthenticationToken authToken = (GithubAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); - - if(authToken == null) + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + if (authentication == null) { throw new UsernameNotFoundException("No known group: " + groupName); + } + if (!(authentication instanceof GithubAuthenticationToken)) { + throw new UserMayOrMayNotExistException("The received token is not a GitHub one"); + } + + GithubAuthenticationToken authToken = (GithubAuthenticationToken) authentication; try { int idx = groupName.indexOf(GithubOAuthGroupDetails.ORG_TEAM_SEPARATOR);