[JENKINS-73060] Fix missing authorities

[stricklerxc]

This should fix JENKINS-73060.

This updates loadByUsername2 to always use the authorities retrieved in the GithubAuthenticationToken when constructing the GithubOAuthUserDetails object. Previously, this plugin would try to load a GHUser object (either from the userByIdCache or the Github API) and would pass an empty list of authorities when the GHUser was null.

I couldn't find a logical reason for why we would need this check when we do not use the GHUser object to set the authorities. This check seems to be a carry over from when the GHUser was used in the getGrantedAuthorities method to fetch/set authorities before 99e3d13.

There's also a secondary bug here where loadUser will not make the API call to retrieve the GHUser from the Github API if gh is null (which is usually the case when the token used to construct GithubAuthenticationToken is in the usersByTokenCache). This null check shouldn't be needed due to changes introduced in #61. However, I chose not to remove this check due to possible performance degradation as seen in #256.

Testing done

We've been running this patch in our Production environment without issue since June 12. We're not seeing any performance degradation on our Jenkins instance with this patch.

Steps to Reproduce

1. Clone this project & execute mvn hpi:run

2. Install the following additional plugins:

   • Authorize Project
   • Role-based Authorization Strategy

3. Configure the Github plugin as the security realm

4. Configure Authorization to use the Role-Based Strategy

5. Assign a Github team (i.e. ORG*TEAMNAME) the default admin permission in <jenkins_url>/manage/role-strategy/assign-roles

   • Uncheck all other assignments
   • Make sure you are a part of the team you are assigning the permissions to

6. Configure Access Control for Builds to use Project default Build Authorization -> Run as User who Triggered Build

7. Create a pipeline

   Example

     pipeline {
       agent any
       stages {
         stage('Test') {
           steps { echo "Hello world!" }
         }
       }
     }

8. Navigate to the build page -> Select log out in the top right -> Hit back button -> Select Build Now

   • Build should hang for roughly 1 minute with the following error even though the user should be a member of a Github team with admin permissions on the Jenkins instance.

     '<username>' lacks permissions to run on 'Jenkins'
     

9. Install this patch

10. Navigate to the build page -> Select log out in the top right -> Hit back button -> Select Build Now

11. Issue should no longer occur

Submitter checklist

• Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
• Ensure that the pull request title represents the desired changelog entry
• Please describe what you did
• Link to relevant issues in GitHub or Jira
• Link to relevant pull requests, esp. upstream and downstream changes
• Ensure you have provided tests that demonstrate the feature works or the issue is fixed