From 2643a56144df948b0094b247b8f9d31c5b870e52 Mon Sep 17 00:00:00 2001
From: Gregor Tudan <Gregor@tudan.de>
Date: Tue, 11 Oct 2022 11:35:50 +0200
Subject: [PATCH] Fix JENKINS-67807: Use system level access to fetch the
 access token (#61)

---
 .../plugin/gitea/GiteaSCMFileSystem.java       | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/main/java/org/jenkinsci/plugin/gitea/GiteaSCMFileSystem.java b/src/main/java/org/jenkinsci/plugin/gitea/GiteaSCMFileSystem.java
index 1c0e6e7..933b4fc 100644
--- a/src/main/java/org/jenkinsci/plugin/gitea/GiteaSCMFileSystem.java
+++ b/src/main/java/org/jenkinsci/plugin/gitea/GiteaSCMFileSystem.java
@@ -31,11 +31,12 @@
 import edu.umd.cs.findbugs.annotations.NonNull;
 import hudson.Extension;
 import hudson.model.Item;
+import hudson.model.Queue.Task;
 import hudson.scm.SCM;
 import hudson.scm.SCMDescriptor;
+import hudson.security.ACL;
 import java.io.IOException;
 import jenkins.authentication.tokens.api.AuthenticationTokens;
-import jenkins.model.Jenkins;
 import jenkins.scm.api.SCMFile;
 import jenkins.scm.api.SCMFileSystem;
 import jenkins.scm.api.SCMHead;
@@ -43,6 +44,7 @@
 import jenkins.scm.api.SCMSource;
 import jenkins.scm.api.SCMSourceDescriptor;
 import jenkins.scm.api.SCMSourceOwner;
+import org.acegisecurity.Authentication;
 import org.apache.commons.lang.StringUtils;
 import org.jenkinsci.plugin.gitea.client.api.Gitea;
 import org.jenkinsci.plugin.gitea.client.api.GiteaAuth;
@@ -146,20 +148,24 @@ public SCMFileSystem build(@NonNull SCMSource source, @NonNull SCMHead head, @Ch
             SCMSourceOwner owner = source.getOwner();
             String serverUrl = src.getServerUrl();
             String credentialsId = src.getCredentialsId();
-            StandardCredentials credentials = StringUtils.isBlank(credentialsId)
-                    ? null
-                    : CredentialsMatchers.firstOrNull(
+            StandardCredentials credentials = null;
+            if (!StringUtils.isBlank(credentialsId)) {
+                Authentication authentication = owner instanceof Task
+                    ? ((Task) owner).getDefaultAuthentication()
+                    : ACL.SYSTEM;
+                credentials = CredentialsMatchers.firstOrNull(
                     CredentialsProvider.lookupCredentials(
                             StandardCredentials.class,
                             owner,
-                            Jenkins.getAuthentication(),
+                            authentication,
                             URIRequirementBuilder.fromUri(serverUrl).build()
                     ),
                     CredentialsMatchers.allOf(
                             AuthenticationTokens.matcher(GiteaAuth.class),
                             CredentialsMatchers.withId(credentialsId)
                     )
-            );
+                );
+            }
             if (owner != null) {
                 CredentialsProvider.track(owner, credentials);
             }