From e8052b52c20dde42b20d876d4e3f5470264f932f Mon Sep 17 00:00:00 2001
From: Huyen Nguyen <25715018+huyenltnguyen@users.noreply.github.com>
Date: Wed, 11 Mar 2026 20:10:43 +0700
Subject: [PATCH] fix: race condition in concurrent delete user requests test
 (#66362)

Co-authored-by: Oliver Eyton-Williams <ojeytonwilliams@gmail.com>
---
 api/src/routes/protected/user.test.ts | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/api/src/routes/protected/user.test.ts b/api/src/routes/protected/user.test.ts
index 6eb650294c7..96802de8f42 100644
--- a/api/src/routes/protected/user.test.ts
+++ b/api/src/routes/protected/user.test.ts
@@ -530,9 +530,11 @@ describe('userRoutes', () => {
         const userCount = await fastifyTestInstance.prisma.user.count({
           where: { email: testUserData.email }
         });
+        // Both requests race: one deletes the user and returns 200. The other
+        // may get a 401 if the auth middleware queries the DB after the user has
+        // already been deleted by the first request.
         responses.forEach(response => {
-          expect(response.status).toBe(200);
-          expect(response.body).toStrictEqual({});
+          expect([200, 401]).toContain(response.status);
         });
         expect(userCount).toBe(0);
       });