Email members their git + mailbox credentials on provisioning#57
Merged
Conversation
… area + mgmt TUI
Implements M4 (Files). A fully virtual Go SFTP server (pkg/sftp + crypto/ssh,
no OS users) wired as an "sftp" subsystem on the existing :22 wish listener, so
members reach their files with their login key:
sftp files@bbs.profullstack.com # scp/rsync ride the same endpoint
Identity is the SSH key (the username is conventional/ignored). Two areas per
session: a private, quota-limited /me workspace and a single shared public file
area /public (old-school BBS file area; world-read, members-only write by
default, operator-moderated). This reverses the old NG1 "no sharing" boundary in
favour of one sanctioned, inspectable sharing surface (PRD §9.3 amended).
internal/files:
- backend.go service, layout, quota/usage, live-session registry, operator API
- fs.go per-session virtual FS; resolve() is the single security
chokepoint (area confinement + symlink-escape guard) + pkg/sftp
request handlers
- server.go subsystem handler: key auth -> member session -> request server,
with byte metering and force-disconnect
- tui.go in-BBS member browser (hub plugin "Files")
- admin.go operator management TUI: sessions, workspaces/quotas, public area
Operator console: ssh sftp@<host> (allowlist-gated; sftpadmin@/filesadmin@
aliases) — list/disconnect sessions, set per-user quotas, revoke SFTP access,
toggle public write, moderate the public area.
store: files_access (per-user quota override + revoked) and files_settings
(public-write mode) tables + methods. main.go wiring guarded by AGENTBBS_FILES
(+ AGENTBBS_FILES_QUOTA_MB, default 1 GiB). Route names reserved.
Tests (incl -race): path traversal/confinement, symlink-escape rejection,
public-write ACL, quota enforcement, usage accounting, and an end-to-end run
against a real SFTP client. Docs: docs/files.md; PRD §5.3/§5.3.1/§9.3 + README
updated.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
`agentbbs notify-creds` backfills credential emails to verified members who signed up before the git/mailbox welcome emails existed. - git (all verified): forgejo.EnsureUserReset resets each account to a fresh one-time password (must-change) and emails the web login link, username, and password. New method since the original one-time password is not recoverable for existing accounts. - mailbox (all verified): ensures the forwardemail alias and emails the address + webmail link. - Preview by default; --send executes. --git/--mail/--user filters. Refuses --send without SMTP; warns+skips when Forgejo/forwardemail are unconfigured. Also folds in the welcome-email functions (gitWelcomeEmailBody, mailWelcomeEmailBody, EnsureUser password return, provisionGit/ ensurePremium sends) that this builds on. README ops + forgejo tests. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
# Conflicts: # cmd/agentbbs/main.go # internal/auth/auth.go # internal/store/store.go
# Conflicts: # cmd/agentbbs/main.go
vu1nz Security Review0 finding(s) in PR #? No security issues found. |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
When a member's accounts are provisioned, email their verified address the info they need to actually use them — previously the generated Forgejo password was discarded, so members could never sign in to the git web UI.
Git (Forgejo / AgentGit)
forgejo.EnsureUsernow returns the generated temporary password instead of throwing it away (keptmust_change_password: true).Config.LoginURL()(…/user/login).provisionGitemails the web login link + username + one-time password on account creation. Best-effort: a mail failure is logged, never blocks BBS verification.Mail (forwardemail alias)
ensurePremiumemails the member their<name>@<mail-domain>address + webmail link right after the alias is created. (The mailbox is a forwarding alias, so there's no separate password — address + webmail link only.)Backfill:
agentbbs notify-credsAccounts created before this change got a discarded password and can't log in. New subcommand re-emails working creds to existing verified members:
EnsureUserResetcreates the account if missing, or resets an existing account's password to a fresh one-time password (PATCH/admin/users/{name}), so it always returns usable creds.--sendactually resets passwords + sends.--git/--mailnarrow scope;--user a,btargets specific members. Skips unverified/banned/no-email users. Warns (not fails) when Forgejo/forwardemail unconfigured; errors if SMTP unconfigured under--send.Testing
go build ./...,go vet,gofmt -lclean.go test ./...green (newEnsureUser/EnsureUserResettests cover create + reset paths and that the returned password matches what's sent).Notes / follow-ups
notify-creds --sendclobbers any password a member set themselves (hence preview-by-default).🤖 Generated with Claude Code