fix(invite): reject invalidated invites in getInviteInfo

Superseded invites had invalidatedAt set but status stayed 'pending',
so they passed the validity check and could still be viewed and accepted.
Add invalidatedAt != null guard to getInviteInfo.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/src/main/java/com/recipeapp/household/HouseholdService.java

@@ -183,7 +183,9 @@ public class HouseholdService {
         HouseholdInvite invite = householdInviteRepository.findByInviteCode(code)
                 .orElseThrow(() -> new ResourceNotFoundException("Invite not found or invalid"));
 
-        if ("used".equals(invite.getStatus()) || invite.getExpiresAt().isBefore(Instant.now())) {
+        if ("used".equals(invite.getStatus())
+                || invite.getInvalidatedAt() != null
+                || invite.getExpiresAt().isBefore(Instant.now())) {
             throw new ResourceNotFoundException("Invite not found or invalid");
         }
 

backend/src/test/java/com/recipeapp/household/HouseholdServiceTest.java

@@ -207,6 +207,20 @@ class HouseholdServiceTest {
                 .isInstanceOf(ResourceNotFoundException.class);
     }
 
+    @Test
+    void getInviteInfoShouldThrow404WhenInviteIsInvalidated() {
+        var owner = testUser();
+        var household = new Household("Smith family", owner);
+        var invite = new HouseholdInvite(household, "SUPERSEDED", Instant.now().plusSeconds(86400));
+        invite.setInvitedBy(owner);
+        invite.setInvalidatedAt(Instant.now()); // superseded by a new invite
+
+        when(householdInviteRepository.findByInviteCode("SUPERSEDED")).thenReturn(Optional.of(invite));
+
+        assertThatThrownBy(() -> householdService.getInviteInfo("SUPERSEDED"))
+                .isInstanceOf(ResourceNotFoundException.class);
+    }
+
     // ── acceptInvite (new: creates account + joins) ───────────────────────────
 
     @Test