From 256f995e4fe6eb510acf495bf7e057c98243b153 Mon Sep 17 00:00:00 2001 From: Adam Wathan Date: Fri, 8 Dec 2017 13:33:24 -0500 Subject: [PATCH] 151 - Registering with an Invalid Invitation --- .../Controllers/Auth/RegisterController.php | 1 + tests/Feature/AcceptInvitationTest.php | 32 +++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php index 84006fc..c5915d8 100644 --- a/app/Http/Controllers/Auth/RegisterController.php +++ b/app/Http/Controllers/Auth/RegisterController.php @@ -12,6 +12,7 @@ class RegisterController extends Controller public function register() { $invitation = Invitation::findByCode(request('invitation_code')); + abort_if($invitation->hasBeenUsed(), 404); $user = User::create([ 'email' => request('email'), diff --git a/tests/Feature/AcceptInvitationTest.php b/tests/Feature/AcceptInvitationTest.php index c34b1df..61015c2 100644 --- a/tests/Feature/AcceptInvitationTest.php +++ b/tests/Feature/AcceptInvitationTest.php @@ -76,4 +76,36 @@ class AcceptInvitationTest extends TestCase $this->assertTrue(Hash::check('secret', $user->password)); $this->assertTrue($invitation->fresh()->user->is($user)); } + + /** @test */ + function registering_with_a_used_invitation_code() + { + $invitation = factory(Invitation::class)->create([ + 'user_id' => factory(User::class)->create(), + 'code' => 'TESTCODE1234', + ]); + $this->assertEquals(1, User::count()); + + $response = $this->post('/register', [ + 'email' => 'john@example.com', + 'password' => 'secret', + 'invitation_code' => 'TESTCODE1234', + ]); + + $response->assertStatus(404); + $this->assertEquals(1, User::count()); + } + + /** @test */ + function registering_with_an_invitation_code_that_does_not_exist() + { + $response = $this->post('/register', [ + 'email' => 'john@example.com', + 'password' => 'secret', + 'invitation_code' => 'TESTCODE1234', + ]); + + $response->assertStatus(404); + $this->assertEquals(0, User::count()); + } }