Merge branch 'automated_testing'

Author: bnmnetp

.github/workflows/test-crud.yml

@@ -0,0 +1,69 @@
+name: Tests
+
+on:
+  pull_request:
+    paths:
+      - 'components/rsptx/db/**'
+      - 'components/rsptx/configuration/**'
+      - 'components/rsptx/validation/**'
+      - 'components/rsptx/response_helpers/**'
+      - 'components/rsptx/endpoint_validators/**'
+      - 'bases/rsptx/book_server_api/**'
+      - 'bases/rsptx/assignment_server_api/**'
+      - 'test/**'
+      - '.github/workflows/test-crud.yml'
+      - 'pyproject.toml'
+
+jobs:
+  crud-tests:
+    runs-on: ubuntu-latest
+
+    services:
+      postgres:
+        image: postgres:16
+        env:
+          POSTGRES_USER: runestone
+          POSTGRES_PASSWORD: runestone
+          POSTGRES_DB: runestone_test
+        ports:
+          - 5432:5432
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    env:
+      SERVER_CONFIG: test
+      TEST_DBURL: postgresql://runestone:runestone@localhost:5432/runestone_test
+      DROP_TABLES: "Yes"
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+
+      - name: Install Poetry
+        uses: snok/install-poetry@v1
+        with:
+          virtualenvs-create: true
+          virtualenvs-in-project: true
+
+      - name: Cache Poetry virtualenv
+        uses: actions/cache@v4
+        with:
+          path: .venv
+          key: venv-${{ runner.os }}-py3.10-${{ hashFiles('pyproject.toml', 'poetry.lock') }}
+          restore-keys: |
+            venv-${{ runner.os }}-py3.10-
+
+      - name: Install dependencies
+        run: poetry install --with dev --no-interaction
+
+      - name: Run tests
+        run: |
+          poetry run pytest -v --tb=short

README.rst

@@ -17,7 +17,11 @@ If you want to do development on Runestone, or run your own server, you will nee
 
 .. image:: https://readthedocs.org/projects/runestone-monorepo/badge/?version=latest
     :target: https://runestone-monorepo.readthedocs.io/en/latest/?badge=latest
-    :alt: Documentation Status 
+    :alt: Documentation Status
+
+.. image:: https://github.com/RunestoneInteractive/rs/actions/workflows/test-crud.yml/badge.svg
+    :target: https://github.com/RunestoneInteractive/rs/actions/workflows/test-crud.yml
+    :alt: Tests
 
 Chat with us on `Discord <https://discord.gg/f3Qmbk9P3U>`_
 

pyproject.toml

@@ -104,6 +104,7 @@ standard-asyncore = "^3.13.0"
 standard-imghdr = "^3.13.0"
 standard-cgi = "^3.13.0"
 duckdb = "^1.3.2"
+tldextract = "^5.0.0"
 
 [tool.poetry.group.dev.dependencies]
 black = "~= 25.0"
@@ -175,6 +176,23 @@ exclude = [
     "bases/rsptx/library_server_api",
 ]
 
+[tool.pytest.ini_options]
+asyncio_mode = "auto"
+asyncio_default_fixture_loop_scope = "session"
+addopts = "--import-mode=importlib"
+testpaths = ["test"]
+norecursedirs = [
+    "bases/rsptx/web2py_server",
+    "bases/rsptx/interactives",
+    "bases/rsptx/dash_server_api",
+    ".venv",
+    "projects",
+    "migrations",
+    "dist",
+    "build",
+    "node_modules",
+]
+
 [tool.black]
 line-length = 88
 

test/bases/conftest.py

@@ -0,0 +1,21 @@
+"""
+Shared fixtures for base-server route tests.
+
+These fixtures set up authenticated TestClients for the book and assignment
+servers by overriding the ``auth_manager`` FastAPI dependency with a lambda
+that returns the seeded ``testuser1`` object directly.
+
+Fixtures that depend on the DB (``init_test_db``) are session-scoped and
+share the single event loop used by all async tests.
+"""
+
+import pytest
+import pytest_asyncio
+
+
+@pytest_asyncio.fixture(scope="session")
+async def student_user(init_test_db):
+    """Return the seeded testuser1 AuthUserValidator (course = overview)."""
+    from rsptx.db.crud import fetch_user
+
+    return await fetch_user("testuser1")

test/bases/rsptx/assignment_server_api/conftest.py

@@ -0,0 +1,95 @@
+"""
+Assignment-server-specific test fixtures.
+
+All clients use httpx.AsyncClient + ASGITransport so the server runs in the
+same asyncio event loop as the test session, avoiding asyncpg "attached to a
+different loop" errors.
+
+``auth_assignment_client`` — authenticated as testuser1 (student).
+``instructor_user``         — a seeded instructor user with CourseInstructor row.
+``auth_instructor_client``  — auth_manager patched to return the instructor user.
+"""
+
+import datetime
+import pytest_asyncio
+import httpx
+from unittest.mock import AsyncMock, patch
+
+
+@pytest_asyncio.fixture(scope="session")
+async def auth_assignment_client(student_user):
+    """Async HTTP client for the assignment server authenticated as testuser1."""
+    from rsptx.assignment_server_api.core import app
+    from rsptx.auth.session import auth_manager
+
+    app.dependency_overrides[auth_manager] = lambda: student_user
+    transport = httpx.ASGITransport(app=app)
+    async with httpx.AsyncClient(transport=transport, base_url="http://test") as client:
+        yield client
+    app.dependency_overrides.pop(auth_manager, None)
+
+
+@pytest_asyncio.fixture(scope="session")
+async def instructor_user(init_test_db):
+    """
+    Create a test instructor user assigned to test_course_1, with a
+    CourseInstructor row so that is_instructor() returns True for real.
+    """
+    from rsptx.db.crud import (
+        create_user,
+        fetch_user,
+        fetch_course,
+        create_course_instructor,
+    )
+    from rsptx.db.models import AuthUserValidator
+
+    course = await fetch_course("test_course_1")
+
+    existing = await fetch_user("test_instructor")
+    if existing:
+        return existing
+
+    user = await create_user(
+        AuthUserValidator(
+            username="test_instructor",
+            first_name="Test",
+            last_name="Instructor",
+            password="xxx",
+            email="test_instructor@example.com",
+            course_name="test_course_1",
+            course_id=course.id,
+            donated=True,
+            active=True,
+            accept_tcp=True,
+            created_on=datetime.datetime(2020, 1, 1),
+            modified_on=datetime.datetime(2020, 1, 1),
+            registration_key="",
+            registration_id="",
+            reset_password_key="",
+        )
+    )
+    await create_course_instructor(course.id, user.id)
+    return user
+
+
+@pytest_asyncio.fixture(scope="session")
+async def auth_instructor_client(instructor_user):
+    """
+    Async HTTP client for the assignment server authenticated as test_instructor.
+
+    Some routes use @instructor_role_required() (which calls auth_manager() directly
+    inside the decorator, bypassing FastAPI DI), while others use Depends(auth_manager).
+    We cover both by:
+      1. Patching rsptx.endpoint_validators.core.auth_manager for the decorator path.
+      2. Setting app.dependency_overrides[auth_manager] for the Depends() path.
+    """
+    from rsptx.assignment_server_api.core import app
+    from rsptx.auth.session import auth_manager
+
+    mock_auth = AsyncMock(return_value=instructor_user)
+    app.dependency_overrides[auth_manager] = lambda: instructor_user
+    transport = httpx.ASGITransport(app=app)
+    with patch("rsptx.endpoint_validators.core.auth_manager", mock_auth):
+        async with httpx.AsyncClient(transport=transport, base_url="http://test") as client:
+            yield client
+    app.dependency_overrides.pop(auth_manager, None)

test/bases/rsptx/assignment_server_api/test_core.py

@@ -1,5 +1,124 @@
-from rsptx.assignment_server_api import core
+"""
+Smoke tests for the assignment server API.
 
+Verifies route registration and that unauthenticated requests return the
+expected auth error codes (401/422), not 500. No database is required.
+"""
 
-def test_sample():
-    assert core is not None
+import pytest
+from fastapi.testclient import TestClient
+
+from rsptx.assignment_server_api.core import app
+
+
+@pytest.fixture(scope="module")
+def client():
+    with TestClient(app, raise_server_exceptions=False) as c:
+        yield c
+
+
+# ---------------------------------------------------------------------------
+# App-level
+# ---------------------------------------------------------------------------
+
+def test_app_exists():
+    assert app is not None
+
+
+def test_routes_registered():
+    paths = {r.path for r in app.routes}
+    assert any("/student" in p for p in paths)
+    assert any("/instructor" in p for p in paths)
+    assert any("/peer" in p for p in paths)
+
+
+# ---------------------------------------------------------------------------
+# /student — all routes require auth
+# ---------------------------------------------------------------------------
+
+def test_choose_assignment_unauthenticated(client):
+    resp = client.get("/student/chooseAssignment")
+    assert resp.status_code in (401, 422)
+
+
+def test_do_assignment_unauthenticated(client):
+    resp = client.get("/student/doAssignment")
+    assert resp.status_code in (401, 422)
+
+
+def test_update_submit_unauthenticated(client):
+    resp = client.post("/student/update_submit", json={})
+    assert resp.status_code in (401, 422)
+
+
+def test_studyclues_query_unauthenticated(client):
+    resp = client.post("/student/studyclues_query", json={})
+    assert resp.status_code in (401, 422)
+
+
+# ---------------------------------------------------------------------------
+# /instructor — all routes require auth + instructor role
+# ---------------------------------------------------------------------------
+
+def test_assignments_list_unauthenticated(client):
+    resp = client.get("/instructor/assignments")
+    assert resp.status_code in (401, 422)
+
+
+def test_assignment_get_unauthenticated(client):
+    resp = client.get("/instructor/assignments/1")
+    assert resp.status_code in (401, 422)
+
+
+def test_assignment_create_unauthenticated(client):
+    resp = client.post("/instructor/assignments", json={})
+    assert resp.status_code in (401, 422)
+
+
+def test_assignment_update_unauthenticated(client):
+    resp = client.put("/instructor/assignments/1", json={})
+    assert resp.status_code in (401, 422)
+
+
+def test_assignment_delete_unauthenticated(client):
+    resp = client.delete("/instructor/assignments/1")
+    assert resp.status_code in (401, 422)
+
+
+def test_gradebook_unauthenticated(client):
+    resp = client.get("/instructor/gradebook")
+    assert resp.status_code in (401, 422)
+
+
+def test_new_question_unauthenticated(client):
+    resp = client.post("/instructor/new_question", json={})
+    assert resp.status_code in (401, 422)
+
+
+def test_new_assignment_q_unauthenticated(client):
+    resp = client.post("/instructor/new_assignment_q", json={})
+    assert resp.status_code in (401, 422)
+
+
+def test_search_questions_unauthenticated(client):
+    resp = client.post("/instructor/search_questions", json={})
+    assert resp.status_code in (401, 422)
+
+
+def test_course_roster_unauthenticated(client):
+    resp = client.get("/instructor/course_roster")
+    assert resp.status_code in (401, 422)
+
+
+# ---------------------------------------------------------------------------
+# /peer — all routes require auth
+# ---------------------------------------------------------------------------
+
+def test_peer_student_unauthenticated(client):
+    resp = client.get("/peer/student")
+    assert resp.status_code in (401, 422)
+
+
+def test_peer_instructor_unauthenticated(client):
+    resp = client.get("/peer/instructor")
+    assert resp.status_code in (401, 422)