From c909d45fda65a7dd820ded76f8a9f8f067f518b0 Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Thu, 8 Jan 2026 05:47:21 -0300 Subject: [PATCH] comms: make guest renamer MAS-only --- services/comms/guest-name-job.yaml | 114 ++++++++++++----------------- 1 file changed, 45 insertions(+), 69 deletions(-) diff --git a/services/comms/guest-name-job.yaml b/services/comms/guest-name-job.yaml index f3ea00b..b209cf2 100644 --- a/services/comms/guest-name-job.yaml +++ b/services/comms/guest-name-job.yaml @@ -32,8 +32,6 @@ spec: env: - name: SYNAPSE_BASE value: http://othrys-synapse-matrix-synapse:8008 - - name: AUTH_BASE - value: http://matrix-authentication-service:8080 - name: MAS_ADMIN_CLIENT_ID value: 01KDXMVQBQ5JNY6SEJPZW6Z8BM - name: MAS_ADMIN_CLIENT_SECRET_FILE @@ -44,11 +42,6 @@ spec: value: http://matrix-authentication-service:8080/oauth2/token - name: SEEDER_USER value: othrys-seeder - - name: SEEDER_PASS - valueFrom: - secretKeyRef: - name: atlasbot-credentials-runtime - key: seeder-password command: - /bin/sh - -c @@ -75,13 +68,11 @@ spec: ] BASE = os.environ["SYNAPSE_BASE"] - AUTH_BASE = os.environ.get("AUTH_BASE", BASE) MAS_ADMIN_CLIENT_ID = os.environ["MAS_ADMIN_CLIENT_ID"] MAS_ADMIN_CLIENT_SECRET_FILE = os.environ["MAS_ADMIN_CLIENT_SECRET_FILE"] MAS_ADMIN_API_BASE = os.environ["MAS_ADMIN_API_BASE"].rstrip("/") MAS_TOKEN_URL = os.environ["MAS_TOKEN_URL"] SEEDER_USER = os.environ["SEEDER_USER"] - SEEDER_PASS = os.environ["SEEDER_PASS"] ROOM_ALIAS = "#othrys:live.bstein.dev" def mas_admin_token(): @@ -137,19 +128,6 @@ spec: timeout=30, ) - def login(user, password): - r = requests.post( - f"{AUTH_BASE}/_matrix/client/v3/login", - json={ - "type": "m.login.password", - "identifier": {"type": "m.id.user", "user": user}, - "password": password, - }, - timeout=30, - ) - r.raise_for_status() - return r.json()["access_token"] - def resolve_alias(token, alias): headers = {"Authorization": f"Bearer {token}"} enc = urllib.parse.quote(alias) @@ -269,25 +247,48 @@ spec: try: room_id = resolve_alias(seeder_token, ROOM_ALIAS) members, existing = room_members(seeder_token, room_id) - finally: - mas_revoke_session(admin_token, seeder_session) + users = mas_list_users(admin_token) + mas_usernames = set() + for user in users: + attrs = user.get("attributes") or {} + username = attrs.get("username") or "" + if username: + mas_usernames.add(username) + legacy_guest = attrs.get("legacy_guest") + if not username: + continue + if not (legacy_guest or needs_rename_username(username)): + continue + user_id = user_id_for_username(username) + access_token, session_id = mas_personal_session(admin_token, user["id"]) + try: + display = get_displayname(access_token, user_id) + if display and not needs_rename_display(display): + continue + new = None + for _ in range(30): + candidate = f"{random.choice(ADJ)}-{random.choice(NOUN)}" + if candidate not in existing: + new = candidate + existing.add(candidate) + break + if not new: + continue + set_displayname(access_token, room_id, user_id, new, user_id in members) + finally: + mas_revoke_session(admin_token, session_id) - users = mas_list_users(admin_token) - mas_usernames = set() - for user in users: - attrs = user.get("attributes") or {} - username = attrs.get("username") or "" - if username: - mas_usernames.add(username) - legacy_guest = attrs.get("legacy_guest") - if not username: - continue - if not (legacy_guest or needs_rename_username(username)): - continue - user_id = user_id_for_username(username) - access_token, session_id = mas_personal_session(admin_token, user["id"]) - try: - display = get_displayname(access_token, user_id) + for entry in synapse_list_users(seeder_token): + user_id = entry.get("name") or "" + if not user_id.startswith("@"): + continue + localpart = user_id.split(":", 1)[0].lstrip("@") + if localpart in mas_usernames: + continue + is_guest = entry.get("is_guest") + if not (is_guest or needs_rename_username(localpart)): + continue + display = get_displayname_admin(seeder_token, user_id) if display and not needs_rename_display(display): continue new = None @@ -299,33 +300,8 @@ spec: break if not new: continue - set_displayname(access_token, room_id, user_id, new, user_id in members) - finally: - mas_revoke_session(admin_token, session_id) - - seeder_token = login(SEEDER_USER, SEEDER_PASS) - for entry in synapse_list_users(seeder_token): - user_id = entry.get("name") or "" - if not user_id.startswith("@"): - continue - localpart = user_id.split(":", 1)[0].lstrip("@") - if localpart in mas_usernames: - continue - is_guest = entry.get("is_guest") - if not (is_guest or needs_rename_username(localpart)): - continue - display = get_displayname_admin(seeder_token, user_id) - if display and not needs_rename_display(display): - continue - new = None - for _ in range(30): - candidate = f"{random.choice(ADJ)}-{random.choice(NOUN)}" - if candidate not in existing: - new = candidate - existing.add(candidate) - break - if not new: - continue - if not set_displayname_admin(seeder_token, user_id, new): - continue + if not set_displayname_admin(seeder_token, user_id, new): + continue + finally: + mas_revoke_session(admin_token, seeder_session) PY