bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

comms: use full user IDs for MAS logins

Browse Source
This commit is contained in:
Brad Stein 2026-01-08 06:05:20 -03:00
parent 4eb82811b5
commit d870e97b38
6 changed files with 43 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
services/comms/atlasbot-configmap.yaml
View File

@ -130,9 +130,10 @@ data:
return json.loads(raw.decode()) if raw else {} return json.loads(raw.decode()) if raw else {}
def login() -> str: def login() -> str:
login_user = normalize_user_id(USER)
payload = { payload = {
"type": "m.login.password", "type": "m.login.password",
"identifier": {"type": "m.id.user", "user": USER}, "identifier": {"type": "m.id.user", "user": login_user},
"password": PASSWORD, "password": PASSWORD,
} }
res = req("POST", "/_matrix/client/v3/login", body=payload, base=AUTH_BASE) res = req("POST", "/_matrix/client/v3/login", body=payload, base=AUTH_BASE)

2
services/comms/atlasbot-deployment.yaml
View File

@ -16,7 +16,7 @@ spec:
labels: labels:
app: atlasbot app: atlasbot
annotations: annotations:
checksum/atlasbot-configmap: manual-atlasbot-2 checksum/atlasbot-configmap: manual-atlasbot-3
spec: spec:
serviceAccountName: atlasbot serviceAccountName: atlasbot
nodeSelector: nodeSelector:

6
services/comms/mas-local-users-ensure-job.yaml
View File

@ -65,6 +65,7 @@ spec:
MAS_TOKEN_URL = os.environ["MAS_TOKEN_URL"] MAS_TOKEN_URL = os.environ["MAS_TOKEN_URL"]
MAS_ADMIN_API_BASE = os.environ["MAS_ADMIN_API_BASE"].rstrip("/") MAS_ADMIN_API_BASE = os.environ["MAS_ADMIN_API_BASE"].rstrip("/")
AUTH_BASE = "http://matrix-authentication-service:8080" AUTH_BASE = "http://matrix-authentication-service:8080"
SERVER_NAME = "live.bstein.dev"
def admin_token(): def admin_token():
with open(MAS_ADMIN_CLIENT_SECRET_FILE, "r", encoding="utf-8") as f: with open(MAS_ADMIN_CLIENT_SECRET_FILE, "r", encoding="utf-8") as f:
@ -140,11 +141,14 @@ spec:
if user is None: if user is None:
raise RuntimeError(f"failed to ensure user {username}") raise RuntimeError(f"failed to ensure user {username}")
update_password(token, user["id"], password) update_password(token, user["id"], password)
login_name = username
if not login_name.startswith("@"):
login_name = f"@{login_name}:{SERVER_NAME}"
r = requests.post( r = requests.post(
f"{AUTH_BASE}/_matrix/client/v3/login", f"{AUTH_BASE}/_matrix/client/v3/login",
json={ json={
"type": "m.login.password", "type": "m.login.password",
"identifier": {"type": "m.id.user", "user": username}, "identifier": {"type": "m.id.user", "user": login_name},
"password": password, "password": password,
}, },
timeout=30, timeout=30,

11
services/comms/pin-othrys-job.yaml
View File

@ -50,10 +50,19 @@ spec:
def auth(token): return {"Authorization": f"Bearer {token}"} def auth(token): return {"Authorization": f"Bearer {token}"}
def canon_user(user):
u = (user or "").strip()
if u.startswith("@") and ":" in u:
return u
u = u.lstrip("@")
if ":" in u:
return f"@{u}"
return f"@{u}:live.bstein.dev"
def login(user, password): def login(user, password):
r = requests.post(f"{AUTH_BASE}/_matrix/client/v3/login", json={ r = requests.post(f"{AUTH_BASE}/_matrix/client/v3/login", json={
"type": "m.login.password", "type": "m.login.password",
"identifier": {"type": "m.id.user", "user": user}, "identifier": {"type": "m.id.user", "user": canon_user(user)},
"password": password, "password": password,
}) })
r.raise_for_status() r.raise_for_status()

21
services/comms/reset-othrys-room-job.yaml
View File

@ -78,12 +78,21 @@ spec:
def auth(token): return {"Authorization": f"Bearer {token}"} def auth(token): return {"Authorization": f"Bearer {token}"}
def login(user, password): def canon_user(user):
r = requests.post(f"{AUTH_BASE}/_matrix/client/v3/login", json={ u = (user or "").strip()
"type": "m.login.password", if u.startswith("@") and ":" in u:
"identifier": {"type": "m.id.user", "user": user}, return u
"password": password, u = u.lstrip("@")
}) if ":" in u:
return f"@{u}"
return f"@{u}:live.bstein.dev"
def login(user, password):
r = requests.post(f"{AUTH_BASE}/_matrix/client/v3/login", json={
"type": "m.login.password",
"identifier": {"type": "m.id.user", "user": canon_user(user)},
"password": password,
})
if r.status_code != 200: if r.status_code != 200:
raise SystemExit(f"login failed: {r.status_code} {r.text}") raise SystemExit(f"login failed: {r.status_code} {r.text}")
return r.json()["access_token"] return r.json()["access_token"]

11
services/comms/seed-othrys-room.yaml
View File

@ -48,10 +48,19 @@ spec:
BASE = os.environ["SYNAPSE_BASE"] BASE = os.environ["SYNAPSE_BASE"]
AUTH_BASE = os.environ.get("AUTH_BASE", BASE) AUTH_BASE = os.environ.get("AUTH_BASE", BASE)
def canon_user(user):
u = (user or "").strip()
if u.startswith("@") and ":" in u:
return u
u = u.lstrip("@")
if ":" in u:
return f"@{u}"
return f"@{u}:live.bstein.dev"
def login(user, password): def login(user, password):
r = requests.post(f"{AUTH_BASE}/_matrix/client/v3/login", json={ r = requests.post(f"{AUTH_BASE}/_matrix/client/v3/login", json={
"type": "m.login.password", "type": "m.login.password",
"identifier": {"type": "m.id.user", "user": user}, "identifier": {"type": "m.id.user", "user": canon_user(user)},
"password": password, "password": password,
}) })
if r.status_code != 200: if r.status_code != 200: