Add docstring to access_token_login_required

nationalarchives · Nov 2, 2023 · caa3c05 · caa3c05
1 parent 1275d9d
commit caa3c05
Showing 1 changed file with 29 additions and 0 deletions.
diff --git a/app/main/authorize/keycloak_login_required_decorator.py b/app/main/authorize/keycloak_login_required_decorator.py
@@ -5,6 +5,35 @@
 
 
 def access_token_login_required(view_func):
+    """
+    Decorator that checks if the user is logged in via Keycloak and has access to AYR.
+
+    This decorator is typically applied to view functions that require authentication via Keycloak
+    and access to the AYR application. It checks for the presence of an access token in the session,
+    verifies the token's validity, and checks if the user belongs to the AYR user group in Keycloak.
+
+    Args:
+        view_func (function): The view function to be wrapped.
+
+    Returns:
+        function: The wrapped view function.
+
+    If the user is not authenticated or does not have access, this decorator redirects to the login page
+    or the main index and displays a flash message accordingly.
+
+    Configuration options for Keycloak, such as the client ID, realm name, base URI, and client secret,
+    are expected to be set in the Flask application configuration.
+
+    When the application is running in testing mode and the 'FORCE_AUTHENTICATION_FOR_IN_TESTING' config
+    option is not set, the decorator allows unauthenticated access to facilitate testing.
+
+    Example:
+        @app.route('/protected')
+        @access_token_login_required
+        def protected_route():
+            return 'Access granted'
+    """
+
     @wraps(view_func)
     def decorated_view(*args, **kwargs):
         if current_app.config["TESTING"] and not current_app.config.get(