Skip to content

fix(session): resolve GET session 404 issue and add comprehensive lifecycle tests

Praveena Veeranki requested to merge session/testing into develop

MR Description:

📝 Description / Overview

This MR resolves the issue where the GET /api/v1/sessions/{session_id} endpoint returned a 404 Session not found error immediately after a successful session creation via POST /api/v1/sessions/start.

It also fixes identical transaction handling bugs in session updates, preventing manual progress updates (PATCH), session resumes, and session completions from failing to persist.

🔍 Root Cause & Fix Details

  • Root Cause: In app/crud/crud_session.py, both create_session and update_session relied on await db.flush(). This flushed queries into SQLite/Postgres inside the active transaction boundary, but never committed them. Because FastAPI starts a new AsyncSession database connection per request via get_db, any subsequent GET request ran on a separate transaction which could not see the uncommitted data.
  • Resolution: Replaced await db.flush() with await db.commit() followed by await db.refresh(session). This ensures session data is permanently persisted to the database and reloads all server-generated values (such as id, started_at, and last_active_at) before serializing the API response.

Before: image image image

After: image image image

🛠️ Changes Introduced

Backend Logic

  • [MODIFY] app/crud/crud_session.py:
    • Updated create_session to correctly commit and refresh the session object.
    • Updated update_session to commit and refresh the session object on patch updates.

Test Suite

  • [NEW] tests/test_sessions.py: Added 10 automated integration tests covering the complete session lifecycle:
    • test_start_session_creates_and_returns_session: Confirms session creation with accurate metadata.
    • test_get_session_returns_created_session: Verifies the GET endpoint retrieves the session (regression test).
    • test_get_session_not_found_for_random_uuid: Verifies 404 response on fake IDs.
    • test_get_session_forbidden_for_another_user: Validates cross-user security access (403).
    • test_update_session_progress: Confirms manual step/percentage updates via PATCH.
    • test_updated_session_persists_on_get: Assures patch updates persist on subsequent fetches.
    • test_resume_session_returns_session / test_resume_completed_session_fails: Assures resume routing and constraints work.
    • test_complete_session_without_answers_fails: Ensures validation checks for unanswered required questions.
    • test_multiple_sessions_per_user: Validates that a user can create/manage multiple independent sessions.

Verification & Test Results

Automated Integration Tests

All integration tests pass successfully in the local virtual environment:

backend/venv/bin/pytest tests/test_sessions.py tests/test_auth_phase1.py tests/test_seeds.py -v

Results:

tests/test_sessions.py::test_start_session_creates_and_returns_session PASSED
tests/test_sessions.py::test_get_session_returns_created_session PASSED
tests/test_sessions.py::test_get_session_not_found_for_random_uuid PASSED
tests/test_sessions.py::test_get_session_forbidden_for_another_user PASSED
tests/test_sessions.py::test_update_session_progress PASSED
tests/test_sessions.py::test_updated_session_persists_on_get PASSED
tests/test_sessions.py::test_resume_session_returns_session PASSED
tests/test_sessions.py::test_resume_completed_session_fails PASSED
tests/test_sessions.py::test_complete_session_without_answers_fails PASSED
tests/test_sessions.py::test_multiple_sessions_per_user PASSED

======================= 16 passed, 3 warnings in 14.22s ========================

Merge request reports