Add required test suite and websocket fixes

tests/test_auth.py

@@ -1,2 +1,33 @@
-def test_placeholder_auth():
-    assert True
+from fastapi import HTTPException
+
+from app import auth
+from app.config import Settings
+
+
+def test_student_cookie_signing_roundtrip():
+    settings = Settings(secret_key="secret", public_url="http://testserver")
+    token = auth.sign_student(settings, "ABC123", "s1", "Ada", "cookie-id")
+    payload = auth.loads_cookie(settings, token)
+    assert payload == {"sid": "ABC123", "student_id": "s1", "name": "Ada", "cookie_id": "cookie-id"}
+
+
+def test_tampered_cookie_rejected():
+    settings = Settings(secret_key="secret")
+    token = auth.sign_admin(settings)
+    assert auth.loads_cookie(settings, token + "tamper") is None
+
+
+def test_admin_password_success_and_failure():
+    settings = Settings(secret_key="secret", admin_password="pw")
+    assert auth.verify_admin_password(settings, "pw")
+    assert not auth.verify_admin_password(settings, "wrong")
+    assert not auth.verify_admin_password(Settings(secret_key="secret"), "pw")
+
+
+def test_serializer_requires_secret():
+    try:
+        auth.sign_admin(Settings(secret_key=None))
+    except HTTPException as exc:
+        assert exc.status_code == 500
+    else:
+        raise AssertionError("Expected missing secret to fail")