comms: make guest renamer MAS-only

2026-01-08 05:47:21 -03:00 · 2026-01-08 05:47:21 -03:00 · c909d45fda
commit c909d45fda
parent 0fc4b299da
1 changed files with 45 additions and 69 deletions
--- a/services/comms/guest-name-job.yaml
+++ b/services/comms/guest-name-job.yaml
@ -32,8 +32,6 @@ spec:
              env:
                - name: SYNAPSE_BASE
                  value: http://othrys-synapse-matrix-synapse:8008
-                - name: AUTH_BASE
-                  value: http://matrix-authentication-service:8080
                - name: MAS_ADMIN_CLIENT_ID
                  value: 01KDXMVQBQ5JNY6SEJPZW6Z8BM
                - name: MAS_ADMIN_CLIENT_SECRET_FILE
@ -44,11 +42,6 @@ spec:
                  value: http://matrix-authentication-service:8080/oauth2/token
                - name: SEEDER_USER
                  value: othrys-seeder
-                - name: SEEDER_PASS
-                  valueFrom:
-                    secretKeyRef:
-                      name: atlasbot-credentials-runtime
-                      key: seeder-password
              command:
                - /bin/sh
                - -c
@ -75,13 +68,11 @@ spec:
                  ]

                  BASE = os.environ["SYNAPSE_BASE"]
-                  AUTH_BASE = os.environ.get("AUTH_BASE", BASE)
                  MAS_ADMIN_CLIENT_ID = os.environ["MAS_ADMIN_CLIENT_ID"]
                  MAS_ADMIN_CLIENT_SECRET_FILE = os.environ["MAS_ADMIN_CLIENT_SECRET_FILE"]
                  MAS_ADMIN_API_BASE = os.environ["MAS_ADMIN_API_BASE"].rstrip("/")
                  MAS_TOKEN_URL = os.environ["MAS_TOKEN_URL"]
                  SEEDER_USER = os.environ["SEEDER_USER"]
-                  SEEDER_PASS = os.environ["SEEDER_PASS"]
                  ROOM_ALIAS = "#othrys:live.bstein.dev"

                  def mas_admin_token():
@ -137,19 +128,6 @@ spec:
                          timeout=30,
                      )

-                  def login(user, password):
-                      r = requests.post(
-                          f"{AUTH_BASE}/_matrix/client/v3/login",
-                          json={
-                              "type": "m.login.password",
-                              "identifier": {"type": "m.id.user", "user": user},
-                              "password": password,
-                          },
-                          timeout=30,
-                      )
-                      r.raise_for_status()
-                      return r.json()["access_token"]
-
                  def resolve_alias(token, alias):
                      headers = {"Authorization": f"Bearer {token}"}
                      enc = urllib.parse.quote(alias)
@ -269,9 +247,6 @@ spec:
                  try:
                      room_id = resolve_alias(seeder_token, ROOM_ALIAS)
                      members, existing = room_members(seeder_token, room_id)
-                  finally:
-                      mas_revoke_session(admin_token, seeder_session)
-
                      users = mas_list_users(admin_token)
                      mas_usernames = set()
                      for user in users:
@ -303,7 +278,6 @@ spec:
                          finally:
                              mas_revoke_session(admin_token, session_id)

-                  seeder_token = login(SEEDER_USER, SEEDER_PASS)
                      for entry in synapse_list_users(seeder_token):
                          user_id = entry.get("name") or ""
                          if not user_id.startswith("@"):
@ -328,4 +302,6 @@ spec:
                              continue
                          if not set_displayname_admin(seeder_token, user_id, new):
                              continue
+                  finally:
+                      mas_revoke_session(admin_token, seeder_session)
                  PY