fix(invite): reject invalidated invites in getInviteInfo

Superseded invites had invalidatedAt set but status stayed 'pending', so they passed the validity check and could still be viewed and accepted. Add invalidatedAt != null guard to getInviteInfo. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-10 22:22:07 +02:00
parent 44fd398701
commit 0ab1ba0b1b
2 changed files with 17 additions and 1 deletions
--- a/backend/src/main/java/com/recipeapp/household/HouseholdService.java
+++ b/backend/src/main/java/com/recipeapp/household/HouseholdService.java
@@ -183,7 +183,9 @@ public class HouseholdService {
        HouseholdInvite invite = householdInviteRepository.findByInviteCode(code)
                .orElseThrow(() -> new ResourceNotFoundException("Invite not found or invalid"));

-        if ("used".equals(invite.getStatus()) || invite.getExpiresAt().isBefore(Instant.now())) {
+        if ("used".equals(invite.getStatus())
+                || invite.getInvalidatedAt() != null
+                || invite.getExpiresAt().isBefore(Instant.now())) {
            throw new ResourceNotFoundException("Invite not found or invalid");
        }