Phase 4: add functional route tests with real DB and fake auth

Adds authenticated end-to-end route tests for the book server and
assignment server. Uses httpx.AsyncClient + ASGITransport so all tests
share the pytest session event loop with the asyncpg connection pool,
avoiding "attached to a different loop" errors.

Book server (test/bases/rsptx/book_server_api/):
- conftest.py: auth_book_client with auth_manager dependency override
- test_rslogging.py: 6 tests for POST /logger/bookevent (page, mChoice,
  fillb, shortanswer, validation errors)

Assignment server (test/bases/rsptx/assignment_server_api/):
- conftest.py: auth_assignment_client (student), instructor_user with
  CourseInstructor DB row, auth_instructor_client patching both
  app.dependency_overrides and rsptx.endpoint_validators.core.auth_manager
- test_instructor_routes.py: 4 tests (list assignments, create, get by
  id, course roster)

test/bases/conftest.py: shared student_user fixture

CI: expand workflow path triggers to cover bases/ and all test files.

Total: 91 tests passing.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: bnmnetp

.github/workflows/test-crud.yml

@@ -7,8 +7,10 @@ on:
       - 'components/rsptx/configuration/**'
       - 'components/rsptx/validation/**'
       - 'components/rsptx/response_helpers/**'
-      - 'test/components/rsptx/db/**'
-      - 'test/conftest.py'
+      - 'components/rsptx/endpoint_validators/**'
+      - 'bases/rsptx/book_server_api/**'
+      - 'bases/rsptx/assignment_server_api/**'
+      - 'test/**'
       - '.github/workflows/test-crud.yml'
       - 'pyproject.toml'
 

test/bases/conftest.py

@@ -0,0 +1,21 @@
+"""
+Shared fixtures for base-server route tests.
+
+These fixtures set up authenticated TestClients for the book and assignment
+servers by overriding the ``auth_manager`` FastAPI dependency with a lambda
+that returns the seeded ``testuser1`` object directly.
+
+Fixtures that depend on the DB (``init_test_db``) are session-scoped and
+share the single event loop used by all async tests.
+"""
+
+import pytest
+import pytest_asyncio
+
+
+@pytest_asyncio.fixture(scope="session")
+async def student_user(init_test_db):
+    """Return the seeded testuser1 AuthUserValidator (course = overview)."""
+    from rsptx.db.crud import fetch_user
+
+    return await fetch_user("testuser1")

test/bases/rsptx/assignment_server_api/conftest.py

@@ -0,0 +1,95 @@
+"""
+Assignment-server-specific test fixtures.
+
+All clients use httpx.AsyncClient + ASGITransport so the server runs in the
+same asyncio event loop as the test session, avoiding asyncpg "attached to a
+different loop" errors.
+
+``auth_assignment_client`` — authenticated as testuser1 (student).
+``instructor_user``         — a seeded instructor user with CourseInstructor row.
+``auth_instructor_client``  — auth_manager patched to return the instructor user.
+"""
+
+import datetime
+import pytest_asyncio
+import httpx
+from unittest.mock import AsyncMock, patch
+
+
+@pytest_asyncio.fixture(scope="session")
+async def auth_assignment_client(student_user):
+    """Async HTTP client for the assignment server authenticated as testuser1."""
+    from rsptx.assignment_server_api.core import app
+    from rsptx.auth.session import auth_manager
+
+    app.dependency_overrides[auth_manager] = lambda: student_user
+    transport = httpx.ASGITransport(app=app)
+    async with httpx.AsyncClient(transport=transport, base_url="http://test") as client:
+        yield client
+    app.dependency_overrides.pop(auth_manager, None)
+
+
+@pytest_asyncio.fixture(scope="session")
+async def instructor_user(init_test_db):
+    """
+    Create a test instructor user assigned to test_course_1, with a
+    CourseInstructor row so that is_instructor() returns True for real.
+    """
+    from rsptx.db.crud import (
+        create_user,
+        fetch_user,
+        fetch_course,
+        create_course_instructor,
+    )
+    from rsptx.db.models import AuthUserValidator
+
+    course = await fetch_course("test_course_1")
+
+    existing = await fetch_user("test_instructor")
+    if existing:
+        return existing
+
+    user = await create_user(
+        AuthUserValidator(
+            username="test_instructor",
+            first_name="Test",
+            last_name="Instructor",
+            password="xxx",
+            email="test_instructor@example.com",
+            course_name="test_course_1",
+            course_id=course.id,
+            donated=True,
+            active=True,
+            accept_tcp=True,
+            created_on=datetime.datetime(2020, 1, 1),
+            modified_on=datetime.datetime(2020, 1, 1),
+            registration_key="",
+            registration_id="",
+            reset_password_key="",
+        )
+    )
+    await create_course_instructor(course.id, user.id)
+    return user
+
+
+@pytest_asyncio.fixture(scope="session")
+async def auth_instructor_client(instructor_user):
+    """
+    Async HTTP client for the assignment server authenticated as test_instructor.
+
+    Some routes use @instructor_role_required() (which calls auth_manager() directly
+    inside the decorator, bypassing FastAPI DI), while others use Depends(auth_manager).
+    We cover both by:
+      1. Patching rsptx.endpoint_validators.core.auth_manager for the decorator path.
+      2. Setting app.dependency_overrides[auth_manager] for the Depends() path.
+    """
+    from rsptx.assignment_server_api.core import app
+    from rsptx.auth.session import auth_manager
+
+    mock_auth = AsyncMock(return_value=instructor_user)
+    app.dependency_overrides[auth_manager] = lambda: instructor_user
+    transport = httpx.ASGITransport(app=app)
+    with patch("rsptx.endpoint_validators.core.auth_manager", mock_auth):
+        async with httpx.AsyncClient(transport=transport, base_url="http://test") as client:
+            yield client
+    app.dependency_overrides.pop(auth_manager, None)

test/bases/rsptx/assignment_server_api/test_instructor_routes.py

@@ -0,0 +1,86 @@
+"""
+Functional tests for instructor routes in the assignment server.
+
+Routes decorated with @instructor_role_required() call auth_manager() directly
+inside the decorator — not via FastAPI's Depends() — so they are tested via
+the ``auth_instructor_client`` fixture, which patches auth_manager at the
+endpoint_validators module level and uses a real instructor DB user.
+
+Tests are async functions sharing the session event loop with the asyncpg
+connection pool.
+"""
+
+import pytest
+
+pytestmark = pytest.mark.asyncio(loop_scope="session")
+
+
+# ---------------------------------------------------------------------------
+# GET /instructor/assignments
+# ---------------------------------------------------------------------------
+
+async def test_get_assignments(auth_instructor_client):
+    """Instructor can list assignments for their course."""
+    resp = await auth_instructor_client.get("/instructor/assignments")
+    assert resp.status_code == 200
+    data = resp.json()
+    assert "detail" in data
+    assert "assignments" in data["detail"]
+
+
+# ---------------------------------------------------------------------------
+# POST /instructor/assignments
+# ---------------------------------------------------------------------------
+
+async def test_create_assignment(auth_instructor_client):
+    """Instructor can create a new assignment."""
+    payload = {
+        "name": "route_test_assignment",
+        "description": "Created by route test",
+        "duedate": "2099-01-01T00:00:00",
+        "points": 10,
+        "kind": "Regular",
+        "visible": True,
+        "peer_async_visible": False,
+    }
+    resp = await auth_instructor_client.post("/instructor/assignments", json=payload)
+    assert resp.status_code == 201
+    data = resp.json()
+    assert data["detail"]["status"] == "success"
+    assert "id" in data["detail"]
+
+
+# ---------------------------------------------------------------------------
+# GET /instructor/assignments/{id}
+# ---------------------------------------------------------------------------
+
+async def test_get_assignment_by_id(auth_instructor_client):
+    """Instructor can fetch a specific assignment by id after creating one."""
+    payload = {
+        "name": "route_test_assignment_for_get",
+        "description": "For GET by id test",
+        "duedate": "2099-01-01T00:00:00",
+        "points": 5,
+        "kind": "Regular",
+        "visible": True,
+        "peer_async_visible": False,
+    }
+    create_resp = await auth_instructor_client.post("/instructor/assignments", json=payload)
+    assert create_resp.status_code == 201
+    assignment_id = create_resp.json()["detail"]["id"]
+
+    get_resp = await auth_instructor_client.get(f"/instructor/assignments/{assignment_id}")
+    assert get_resp.status_code == 200
+    data = get_resp.json()
+    assert "assignment" in data["detail"]
+    assert data["detail"]["assignment"]["id"] == assignment_id
+
+
+# ---------------------------------------------------------------------------
+# GET /instructor/course_roster
+# ---------------------------------------------------------------------------
+
+async def test_course_roster(auth_instructor_client):
+    """Instructor can retrieve the course roster."""
+    resp = await auth_instructor_client.get("/instructor/course_roster")
+    assert resp.status_code == 200

test/bases/rsptx/book_server_api/conftest.py

@@ -0,0 +1,27 @@
+"""
+Book-server-specific test fixtures.
+
+``auth_book_client`` provides an httpx.AsyncClient with ASGITransport so the
+book server runs in the *same* asyncio event loop as the test session.  This
+avoids the "attached to a different loop" error that occurs when TestClient
+(which spins up its own event loop) tries to reuse asyncpg connections that
+were created in the pytest session loop.
+
+All tests that use this client must be async functions.
+"""
+
+import pytest_asyncio
+import httpx
+
+
+@pytest_asyncio.fixture(scope="session")
+async def auth_book_client(student_user):
+    """Async HTTP client for the book server authenticated as testuser1."""
+    from rsptx.book_server_api.main import app
+    from rsptx.auth.session import auth_manager
+
+    app.dependency_overrides[auth_manager] = lambda: student_user
+    transport = httpx.ASGITransport(app=app)
+    async with httpx.AsyncClient(transport=transport, base_url="http://test") as client:
+        yield client
+    app.dependency_overrides.pop(auth_manager, None)

test/bases/rsptx/book_server_api/test_rslogging.py

@@ -0,0 +1,107 @@
+"""
+Functional tests for POST /logger/bookevent.
+
+Requires a running PostgreSQL instance (TEST_DBURL) with the test schema
+initialised via the ``init_test_db`` session fixture.
+
+All requests are authenticated as ``testuser1`` via the ``auth_book_client``
+fixture, which overrides the ``auth_manager`` FastAPI dependency.
+
+Tests are async functions so they share the session event loop with the
+asyncpg connection pool — using httpx.AsyncClient + ASGITransport instead
+of TestClient avoids the "attached to a different loop" error.
+"""
+
+import pytest
+
+pytestmark = pytest.mark.asyncio(loop_scope="session")
+
+COURSE = "test_course_1"
+
+
+# ---------------------------------------------------------------------------
+# helpers
+# ---------------------------------------------------------------------------
+
+def _bookevent(event, act, div_id, **extra):
+    payload = {
+        "event": event,
+        "act": act,
+        "div_id": div_id,
+        "course_name": COURSE,
+    }
+    payload.update(extra)
+    return payload
+
+
+# ---------------------------------------------------------------------------
+# /logger/bookevent
+# ---------------------------------------------------------------------------
+
+async def test_bookevent_page_view(auth_book_client):
+    """A simple page-view event is accepted and returns 2xx."""
+    resp = await auth_book_client.post(
+        "/logger/bookevent",
+        json=_bookevent("page", "view", "ch1_introduction"),
+    )
+    assert resp.status_code in (200, 201)
+
+
+async def test_bookevent_mchoice(auth_book_client):
+    """A multiple-choice answer event is accepted and returns 2xx."""
+    resp = await auth_book_client.post(
+        "/logger/bookevent",
+        json=_bookevent(
+            "mChoice",
+            "answer:A:correct",
+            "ch1_q1",
+            answer="A",
+            correct=True,
+        ),
+    )
+    assert resp.status_code in (200, 201)
+
+
+async def test_bookevent_fillb(auth_book_client):
+    """A fill-in-the-blank answer event is accepted and returns 2xx."""
+    resp = await auth_book_client.post(
+        "/logger/bookevent",
+        json=_bookevent(
+            "fillb",
+            "answer:hello:correct",
+            "ch1_q2",
+            answer="hello",
+            correct=True,
+            percent=1.0,
+        ),
+    )
+    assert resp.status_code in (200, 201)
+
+
+async def test_bookevent_shortanswer(auth_book_client):
+    """A short-answer event is accepted and returns 2xx."""
+    resp = await auth_book_client.post(
+        "/logger/bookevent",
+        json=_bookevent(
+            "shortanswer",
+            "answer:This is my answer",
+            "ch1_sa1",
+            answer="This is my answer",
+        ),
+    )
+    assert resp.status_code in (200, 201)
+
+
+async def test_bookevent_missing_required_fields(auth_book_client):
+    """A request missing required fields returns 422."""
+    resp = await auth_book_client.post(
+        "/logger/bookevent",
+        json={"event": "page"},  # missing act, div_id, course_name
+    )
+    assert resp.status_code == 422
+
+
+async def test_bookevent_empty_body(auth_book_client):
+    """An empty body returns 422."""
+    resp = await auth_book_client.post("/logger/bookevent", json={})
+    assert resp.status_code == 422