quiz/tests/test_api_admin.py

from conftest import admin_login, join_student


def test_admin_state_requires_login(client):
    # /admin/api/state is the canonical "am I logged in" probe used by the SPA.
    assert client.get("/admin/api/state").status_code == 401
    assert client.post("/admin/login", json={"password": "wrong"}).status_code == 401


def test_admin_state_after_login_includes_pool_meta_and_qr(client, sid):
    admin_login(client)
    response = client.get("/admin/api/state")
    assert response.status_code == 200
    payload = response.json()
    assert payload["sid"] == sid
    assert payload["state"] == "lobby"
    assert payload["join_url"].endswith(f"?sid={sid}")
    assert payload["qr_url"].startswith("data:image/svg+xml;base64,")
    assert payload["pool_meta"]["question_count"] == 5
    assert payload["pool_meta"]["score_fn"] == "linear_decay"


def test_admin_html_served_without_auth_gate(client):
    # The HTML shell is unauthed; the SPA decides login vs dashboard from
    # the /admin/api/state response. Anything else would force a separate
    # /admin/login page back into the URL bar.
    response = client.get("/admin/")
    assert response.status_code == 200
    assert "<title>Quiz Admin</title>" in response.text


def test_csv_endpoint_is_admin_only_and_serves_results(client, sid):
    assert client.get("/admin/api/csv").status_code == 401
    admin_login(client)
    join_student(client, sid)
    response = client.get("/admin/api/csv")
    assert response.status_code == 200
    assert "student_id,name,question_idx" in response.text


def test_admin_logout_clears_cookie(client):
    admin_login(client)
    assert client.get("/admin/api/state").status_code == 200
    client.post("/admin/logout")
    assert client.get("/admin/api/state").status_code == 401


def test_admin_reset_clears_participants_and_state(client, sid):
    admin_login(client)
    join_student(client, sid, "s1", "First")
    join_student(client, sid, "s2", "Second")
    response = client.post("/admin/api/reset")
    assert response.status_code == 200
    state = client.get("/admin/api/state").json()
    assert state["state"] == "lobby"
    assert state["current_question_idx"] is None