comms: use full user IDs for MAS logins

2026-01-08 06:05:20 -03:00 · 2026-01-08 06:05:20 -03:00 · d870e97b38
commit d870e97b38
parent 4eb82811b5
6 changed files with 43 additions and 11 deletions
--- a/services/comms/atlasbot-configmap.yaml
+++ b/services/comms/atlasbot-configmap.yaml
@ -130,9 +130,10 @@ data:
            return json.loads(raw.decode()) if raw else {}

    def login() -> str:
+        login_user = normalize_user_id(USER)
        payload = {
            "type": "m.login.password",
-            "identifier": {"type": "m.id.user", "user": USER},
+            "identifier": {"type": "m.id.user", "user": login_user},
            "password": PASSWORD,
        }
        res = req("POST", "/_matrix/client/v3/login", body=payload, base=AUTH_BASE)
--- a/services/comms/atlasbot-deployment.yaml
+++ b/services/comms/atlasbot-deployment.yaml
@ -16,7 +16,7 @@ spec:
      labels:
        app: atlasbot
      annotations:
-        checksum/atlasbot-configmap: manual-atlasbot-2
+        checksum/atlasbot-configmap: manual-atlasbot-3
    spec:
      serviceAccountName: atlasbot
      nodeSelector:
--- a/services/comms/mas-local-users-ensure-job.yaml
+++ b/services/comms/mas-local-users-ensure-job.yaml
@ -65,6 +65,7 @@ spec:
              MAS_TOKEN_URL = os.environ["MAS_TOKEN_URL"]
              MAS_ADMIN_API_BASE = os.environ["MAS_ADMIN_API_BASE"].rstrip("/")
              AUTH_BASE = "http://matrix-authentication-service:8080"
+              SERVER_NAME = "live.bstein.dev"

              def admin_token():
                  with open(MAS_ADMIN_CLIENT_SECRET_FILE, "r", encoding="utf-8") as f:
@ -140,11 +141,14 @@ spec:
                  if user is None:
                      raise RuntimeError(f"failed to ensure user {username}")
                  update_password(token, user["id"], password)
+                  login_name = username
+                  if not login_name.startswith("@"):
+                      login_name = f"@{login_name}:{SERVER_NAME}"
                  r = requests.post(
                      f"{AUTH_BASE}/_matrix/client/v3/login",
                      json={
                          "type": "m.login.password",
-                          "identifier": {"type": "m.id.user", "user": username},
+                          "identifier": {"type": "m.id.user", "user": login_name},
                          "password": password,
                      },
                      timeout=30,
--- a/services/comms/pin-othrys-job.yaml
+++ b/services/comms/pin-othrys-job.yaml
@ -50,10 +50,19 @@ spec:

                  def auth(token): return {"Authorization": f"Bearer {token}"}

+                  def canon_user(user):
+                      u = (user or "").strip()
+                      if u.startswith("@") and ":" in u:
+                          return u
+                      u = u.lstrip("@")
+                      if ":" in u:
+                          return f"@{u}"
+                      return f"@{u}:live.bstein.dev"
+
                  def login(user, password):
                      r = requests.post(f"{AUTH_BASE}/_matrix/client/v3/login", json={
                          "type": "m.login.password",
-                          "identifier": {"type": "m.id.user", "user": user},
+                          "identifier": {"type": "m.id.user", "user": canon_user(user)},
                          "password": password,
                      })
                      r.raise_for_status()
--- a/services/comms/reset-othrys-room-job.yaml
+++ b/services/comms/reset-othrys-room-job.yaml
@ -78,12 +78,21 @@ spec:

              def auth(token): return {"Authorization": f"Bearer {token}"}

-              def login(user, password):
-                  r = requests.post(f"{AUTH_BASE}/_matrix/client/v3/login", json={
-                      "type": "m.login.password",
-                      "identifier": {"type": "m.id.user", "user": user},
-                      "password": password,
-                  })
+                  def canon_user(user):
+                      u = (user or "").strip()
+                      if u.startswith("@") and ":" in u:
+                          return u
+                      u = u.lstrip("@")
+                      if ":" in u:
+                          return f"@{u}"
+                      return f"@{u}:live.bstein.dev"
+
+                  def login(user, password):
+                      r = requests.post(f"{AUTH_BASE}/_matrix/client/v3/login", json={
+                          "type": "m.login.password",
+                          "identifier": {"type": "m.id.user", "user": canon_user(user)},
+                          "password": password,
+                      })
                  if r.status_code != 200:
                      raise SystemExit(f"login failed: {r.status_code} {r.text}")
                  return r.json()["access_token"]
--- a/services/comms/seed-othrys-room.yaml
+++ b/services/comms/seed-othrys-room.yaml
@ -48,10 +48,19 @@ spec:
                  BASE = os.environ["SYNAPSE_BASE"]
                  AUTH_BASE = os.environ.get("AUTH_BASE", BASE)

+                  def canon_user(user):
+                      u = (user or "").strip()
+                      if u.startswith("@") and ":" in u:
+                          return u
+                      u = u.lstrip("@")
+                      if ":" in u:
+                          return f"@{u}"
+                      return f"@{u}:live.bstein.dev"
+
                  def login(user, password):
                      r = requests.post(f"{AUTH_BASE}/_matrix/client/v3/login", json={
                          "type": "m.login.password",
-                          "identifier": {"type": "m.id.user", "user": user},
+                          "identifier": {"type": "m.id.user", "user": canon_user(user)},
                          "password": password,
                      })
                      if r.status_code != 200: