Merge pull request #2594 from Malte2036/fix-2593-duplicate-membership-verification

fix: check whether the membershipId has been confirmed to avoid recon…

app/controllers/api/teams.php

@@ -689,6 +689,10 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status')
             throw new Exception('Invite does not belong to current user ('.$user->getAttribute('email').')', 401, Exception::TEAM_INVITE_MISMATCH);
         }
 
+        if ($membership->getAttribute('confirm') === true) {
+            throw new Exception('Membership already confirmed', 409);
+        }
+
         $membership // Attach user to team
             ->setAttribute('joined', \time())
             ->setAttribute('confirm', true)

tests/e2e/Services/Teams/TeamsBaseClient.php

@@ -348,6 +348,17 @@ trait TeamsBaseClient
 
         $this->assertEquals(400, $response['headers']['status-code']);
 
+        $response = $this->client->call(Client::METHOD_PATCH, '/teams/'.$teamUid.'/memberships/'.$membershipUid.'/status', array_merge([
+            'origin' => 'http://localhost',
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+        ]), [
+            'secret' => $secret,
+            'userId' => $userUid,
+        ]);
+
+        $this->assertEquals(409, $response['headers']['status-code']);
+
         return $data;
     }