Phase 3: add route smoke tests for book and assignment servers

bnmnetp · claude · bnmnetp · commit 1245b286dcce · 2026-03-24T18:15:52.000-07:00
Book server (10 tests):
- Verifies all major router prefixes are registered
- Authenticated routes (bookevent, assessment, course) return 401/422
- Public routes (auth/login, books/crashtest) respond as expected

Assignment server (17 tests):
- Verifies student, instructor, and peer router prefixes are registered
- All student routes return 401/422 unauthenticated
- All instructor CRUD routes (list/get/create/update/delete assignments,
  gradebook, questions, roster) return 401/422 unauthenticated
- Peer student/instructor routes return 401/422 unauthenticated

No database required — these tests exercise route registration and auth
enforcement only, using FastAPI's TestClient.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/test/bases/rsptx/assignment_server_api/test_core.py b/test/bases/rsptx/assignment_server_api/test_core.py
@@ -1,5 +1,124 @@
-from rsptx.assignment_server_api import core
+"""
+Smoke tests for the assignment server API.
 
+Verifies route registration and that unauthenticated requests return the
+expected auth error codes (401/422), not 500. No database is required.
+"""
 
-def test_sample():
-    assert core is not None
+import pytest
+from fastapi.testclient import TestClient
+
+from rsptx.assignment_server_api.core import app
+
+
+@pytest.fixture(scope="module")
+def client():
+    with TestClient(app, raise_server_exceptions=False) as c:
+        yield c
+
+
+# ---------------------------------------------------------------------------
+# App-level
+# ---------------------------------------------------------------------------
+
+def test_app_exists():
+    assert app is not None
+
+
+def test_routes_registered():
+    paths = {r.path for r in app.routes}
+    assert any("/student" in p for p in paths)
+    assert any("/instructor" in p for p in paths)
+    assert any("/peer" in p for p in paths)
+
+
+# ---------------------------------------------------------------------------
+# /student — all routes require auth
+# ---------------------------------------------------------------------------
+
+def test_choose_assignment_unauthenticated(client):
+    resp = client.get("/student/chooseAssignment")
+    assert resp.status_code in (401, 422)
+
+
+def test_do_assignment_unauthenticated(client):
+    resp = client.get("/student/doAssignment")
+    assert resp.status_code in (401, 422)
+
+
+def test_update_submit_unauthenticated(client):
+    resp = client.post("/student/update_submit", json={})
+    assert resp.status_code in (401, 422)
+
+
+def test_studyclues_query_unauthenticated(client):
+    resp = client.post("/student/studyclues_query", json={})
+    assert resp.status_code in (401, 422)
+
+
+# ---------------------------------------------------------------------------
+# /instructor — all routes require auth + instructor role
+# ---------------------------------------------------------------------------
+
+def test_assignments_list_unauthenticated(client):
+    resp = client.get("/instructor/assignments")
+    assert resp.status_code in (401, 422)
+
+
+def test_assignment_get_unauthenticated(client):
+    resp = client.get("/instructor/assignments/1")
+    assert resp.status_code in (401, 422)
+
+
+def test_assignment_create_unauthenticated(client):
+    resp = client.post("/instructor/assignments", json={})
+    assert resp.status_code in (401, 422)
+
+
+def test_assignment_update_unauthenticated(client):
+    resp = client.put("/instructor/assignments/1", json={})
+    assert resp.status_code in (401, 422)
+
+
+def test_assignment_delete_unauthenticated(client):
+    resp = client.delete("/instructor/assignments/1")
+    assert resp.status_code in (401, 422)
+
+
+def test_gradebook_unauthenticated(client):
+    resp = client.get("/instructor/gradebook")
+    assert resp.status_code in (401, 422)
+
+
+def test_new_question_unauthenticated(client):
+    resp = client.post("/instructor/new_question", json={})
+    assert resp.status_code in (401, 422)
+
+
+def test_new_assignment_q_unauthenticated(client):
+    resp = client.post("/instructor/new_assignment_q", json={})
+    assert resp.status_code in (401, 422)
+
+
+def test_search_questions_unauthenticated(client):
+    resp = client.post("/instructor/search_questions", json={})
+    assert resp.status_code in (401, 422)
+
+
+def test_course_roster_unauthenticated(client):
+    resp = client.get("/instructor/course_roster")
+    assert resp.status_code in (401, 422)
+
+
+# ---------------------------------------------------------------------------
+# /peer — all routes require auth
+# ---------------------------------------------------------------------------
+
+def test_peer_student_unauthenticated(client):
+    resp = client.get("/peer/student")
+    assert resp.status_code in (401, 422)
+
+
+def test_peer_instructor_unauthenticated(client):
+    resp = client.get("/peer/instructor")
+    assert resp.status_code in (401, 422)
diff --git a/test/bases/rsptx/book_server_api/test_core.py b/test/bases/rsptx/book_server_api/test_core.py
@@ -1,5 +1,96 @@
-from rsptx.book_server_api import core
+"""
+Smoke tests for the book server API.
 
+Verifies route registration and that unauthenticated requests return the
+expected auth error codes (401/422), not 500. No database is required.
+"""
 
-def test_sample():
-    assert core is not None
+import pytest
+from fastapi.testclient import TestClient
+
+from rsptx.book_server_api.main import app
+
+
+@pytest.fixture(scope="module")
+def client():
+    with TestClient(app, raise_server_exceptions=False) as c:
+        yield c
+
+
+# ---------------------------------------------------------------------------
+# App-level
+# ---------------------------------------------------------------------------
+
+def test_app_exists():
+    assert app is not None
+
+
+def test_routes_registered():
+    paths = {r.path for r in app.routes}
+    assert any("/logger" in p for p in paths)
+    assert any("/assessment" in p for p in paths)
+    assert any("/books" in p for p in paths)
+    assert any("/course" in p for p in paths)
+    assert any("/auth" in p for p in paths)
+
+
+# ---------------------------------------------------------------------------
+# /logger — authenticated routes return 401/422
+# ---------------------------------------------------------------------------
+
+def test_bookevent_unauthenticated(client):
+    resp = client.post("/logger/bookevent", json={})
+    assert resp.status_code in (401, 422)
+
+
+# ---------------------------------------------------------------------------
+# /assessment — authenticated routes return 401/422
+# ---------------------------------------------------------------------------
+
+def test_assessment_results_unauthenticated(client):
+    resp = client.post("/assessment/results", json={})
+    assert resp.status_code in (401, 422)
+
+
+def test_assessment_gethist_unauthenticated(client):
+    resp = client.post("/assessment/gethist", json={})
+    assert resp.status_code in (401, 422)
+
+
+def test_assessment_get_latest_code_unauthenticated(client):
+    resp = client.post("/assessment/get_latest_code", json={})
+    assert resp.status_code in (401, 422)
+
+
+# ---------------------------------------------------------------------------
+# /course — authenticated routes return 401/422
+# ---------------------------------------------------------------------------
+
+def test_course_index_unauthenticated(client):
+    resp = client.get("/course/index")
+    assert resp.status_code in (401, 422)
+
+
+# ---------------------------------------------------------------------------
+# /auth — public routes are reachable (not 500)
+# ---------------------------------------------------------------------------
+
+def test_auth_login_reachable(client):
+    resp = client.get("/auth/login")
+    assert resp.status_code != 500
+
+
+def test_auth_course_students_unauthenticated(client):
+    resp = client.get("/auth/course_students")
+    assert resp.status_code in (401, 422)
+
+
+# ---------------------------------------------------------------------------
+# /books — public routes are reachable (not 500)
+# ---------------------------------------------------------------------------
+
+def test_books_crashtest_returns_500(client):
+    # /books/crashtest intentionally raises ZeroDivisionError to exercise the
+    # error handler; 500 is the correct response here.
+    resp = client.get("/books/crashtest")
+    assert resp.status_code == 500
