commands.py
Overview
The commands.py file defines CLI (Command Line Interface) commands for managing user account credentials within the InfiniFlow application. Specifically, it provides secure commands to reset a user's password and to reset a user's email address via the command line. These commands are integrated into the Flask application’s CLI subsystem, allowing administrators or support personnel to update sensitive user information outside of the web interface.
The file leverages the click library to create interactive, user-friendly CLI prompts and responses. It interacts with the user database through the UserService class, performing queries and updates on user records. Passwords are securely hashed after base64 encoding, and email reset operations include validation and duplication checks.
Detailed Components
1. reset_password Command
Purpose
Resets the password of an existing user account identified by their email.
Signature
@click.command('reset-password', help='Reset the account password.')
@click.option('--email', prompt=True, help='The email address of the account whose password you need to reset')
@click.option('--new-password', prompt=True, help='the new password.')
@click.option('--password-confirm', prompt=True, help='the new password confirm.')
def reset_password(email, new_password, password_confirm):
Parameters
email(str): The email address of the user whose password is to be reset.new_password(str): The new password entered by the user.password_confirm(str): Confirmation of the new password, to ensure correctness.
Behavior
Prompts the user for the email, new password, and password confirmation.
Checks if the new password and confirmation match. If not, displays an error and exits.
Queries the user database for the provided email.
If the user does not exist, displays an error and exits.
Encodes the new password using Base64, then generates a secure hash using
werkzeug.security.generate_password_hash.Updates the user's password hash in the database.
Displays a success message upon completion.
Usage Example
flask reset-password
# Prompts:
# Email: [email protected]
# New Password: ********
# Password Confirm: ********
2. reset_email Command
Purpose
Allows resetting the email address associated with an existing user account.
Signature
@click.command('reset-email', help='Reset the account email.')
@click.option('--email', prompt=True, help='The old email address of the account whose email you need to reset')
@click.option('--new-email', prompt=True, help='the new email.')
@click.option('--email-confirm', prompt=True, help='the new email confirm.')
def reset_email(email, new_email, email_confirm):
Parameters
email(str): The current email address of the user.new_email(str): The new email address to be set.email_confirm(str): Confirmation of the new email address.
Behavior
Prompts the user for the old email, new email, and new email confirmation.
Validates that the new email and confirmation match.
Ensures that the new email is different from the old email.
Checks if the old email exists in the user database.
Validates the new email format against a regular expression.
Checks if the new email is already registered to another user.
Updates the user's email in the database.
Displays a success message upon completion.
Usage Example
flask reset-email
# Prompts:
# Email: [email protected]
# New Email: [email protected]
# Email Confirm: [email protected]
3. register_commands(app: Flask)
Purpose
Registers the CLI commands defined in this file (reset_password and reset_email) with the Flask application instance, making them accessible via flask CLI.
Signature
def register_commands(app: Flask):
Parameters
app(Flask): An instance of the Flask application to which the CLI commands will be added.
Behavior
Adds
reset_passwordandreset_emailcommands to the Flask app’s CLI command group.
Usage Example
from commands import register_commands
from flask import Flask
app = Flask(__name__)
register_commands(app)
Important Implementation Details
Password Encoding and Hashing:
Before hashing the password, the raw password string is encoded using Base64. This step is somewhat unusual for password handling but may be intended to normalize input or add an encoding layer before hashing. The hashed password is generated using Werkzeug'sgenerate_password_hashfor secure storage.Email Validation:
The new email address is validated against a regex pattern matching common email formats. This helps avoid invalid email addresses being saved.UserService Dependency:
The file depends onUserServicefromapi.db.servicesfor querying and updating user data. It assumesUserService.query(email=...)returns a list of users matching the email, andUserService.update_user(user_id, user_dict)applies updates.CLI User Interaction:
The use ofclick.option(..., prompt=True)means that each command will interactively prompt for inputs if not provided as command arguments, improving usability in terminal environments.
Interaction with Other System Components
Flask Application:
This file’s commands are registered with the Flask app’s CLI interface, making them part of the application's management commands.User Database Layer:
Interacts with theUserServiceabstraction to query and update user records, which likely connects to a database backend.Security Utilities:
Useswerkzeug.security.generate_password_hashto hash passwords securely.CLI Framework:
Usesclickto build and manage CLI commands, handle input prompts, and output styled messages.
Visual Diagram: Class and Function Structure
flowchart TD
A[reset_password] --> B[UserService.query(email)]
A --> C[Password base64 encode]
A --> D[generate_password_hash]
A --> E[UserService.update_user(id, dict)]
A --> F[click.echo(success/failure)]
G[reset_email] --> H[UserService.query(old email)]
G --> I[Validate new email format (regex)]
G --> J[UserService.query(new email)]
G --> K[UserService.update_user(id, dict)]
G --> L[click.echo(success/failure)]
M[register_commands(app)] --> N[app.cli.add_command(reset_password)]
M --> O[app.cli.add_command(reset_email)]
Summary
The commands.py file is a utility module designed to extend the Flask application with CLI commands for user password and email management tasks. It promotes secure handling of credentials, validates input thoroughly, and integrates smoothly with the existing user service layer and Flask CLI. This file is essential for administrative workflows that require direct user account management from the command line.
End of Documentation