test(core): Relax assertions for testing the maxTeamProjects quota (#15798)

2025-12-16 09:36:44 +00:00 · 2025-05-30 10:38:46 +02:00
parent 6bf2d8a4d4
commit 460bfd425c
1 changed files with 11 additions and 2 deletions
--- a/packages/cli/test/integration/project.api.test.ts
+++ b/packages/cli/test/integration/project.api.test.ts
@@ -440,7 +440,8 @@ describe('POST /projects/', () => {
 	if (!globalConfig.database.isLegacySqlite) {
 		test('should respect the quota when trying to create multiple projects in parallel (no race conditions)', async () => {
 			expect(await Container.get(ProjectRepository).count({ where: { type: 'team' } })).toBe(0);
-			testServer.license.setQuota('quota:maxTeamProjects', 3);
+			const maxTeamProjects = 3;
+			testServer.license.setQuota('quota:maxTeamProjects', maxTeamProjects);
 			const ownerUser = await createOwner();
 			const ownerAgent = testServer.authAgentFor(ownerUser);
 			await expect(
@@ -456,9 +457,17 @@ describe('POST /projects/', () => {
 				ownerAgent.post('/projects/').send({ name: 'Test Team Project 6' }),
 			]);

+			// Some of the calls above will interleave and may fail with a deadlock
+			// error on MySQL (this is not an issue on PG or MariaDB).
+			// That can lead to less projects being created than the quota allows.
+			// So we're only checking here that we didn't create more projects than
+			// are allowed instead of checking for a specific number.
+			// We only want to prevent that this endpoint is exploited. A normal user
+			// using the FE would almost never hit this and if they do they can retry
+			// the action. No need to implement rety logic in the controller.
 			await expect(
 				Container.get(ProjectRepository).count({ where: { type: 'team' } }),
-			).resolves.toBe(3);
+			).resolves.toBeLessThanOrEqual(maxTeamProjects);
 		});
 	}
 });