from conftest import admin_login, join_student def test_admin_state_requires_login(client): # /admin/api/state is the canonical "am I logged in" probe used by the SPA. assert client.get("/admin/api/state").status_code == 401 assert client.post("/admin/login", json={"password": "wrong"}).status_code == 401 def test_admin_state_after_login_includes_pool_meta_and_qr(client, sid): admin_login(client) response = client.get("/admin/api/state") assert response.status_code == 200 payload = response.json() assert payload["sid"] == sid assert payload["state"] == "lobby" assert payload["join_url"].endswith(f"?sid={sid}") assert payload["qr_url"].startswith("data:image/svg+xml;base64,") assert payload["pool_meta"]["question_count"] == 5 assert payload["pool_meta"]["score_fn"] == "linear_decay" def test_admin_html_served_without_auth_gate(client): # The HTML shell is unauthed; the SPA decides login vs dashboard from # the /admin/api/state response. Anything else would force a separate # /admin/login page back into the URL bar. response = client.get("/admin/") assert response.status_code == 200 assert "Quiz Admin" in response.text def test_csv_endpoint_is_admin_only_and_serves_results(client, sid): assert client.get("/admin/api/csv").status_code == 401 admin_login(client) join_student(client, sid) response = client.get("/admin/api/csv") assert response.status_code == 200 assert "student_id,name,question_idx" in response.text def test_admin_logout_clears_cookie(client): admin_login(client) assert client.get("/admin/api/state").status_code == 200 client.post("/admin/logout") assert client.get("/admin/api/state").status_code == 401 def test_admin_reset_clears_participants_and_state(client, sid): admin_login(client) join_student(client, sid, "s1", "First") join_student(client, sid, "s2", "Second") response = client.post("/admin/api/reset") assert response.status_code == 200 state = client.get("/admin/api/state").json() assert state["state"] == "lobby" assert state["current_question_idx"] is None