@@ -207,24 +207,28 @@ describe('getPreview + acceptInvitation', () => {
207207 }
208208 } )
209209
210- it ( 'rejects accept on email mismatch (403) and unverified email (403) ' , async ( ) => {
210+ it ( 'rejects accept on email mismatch (403)' , async ( ) => {
211211 const deps = await seed ( )
212- await deps . db . insert ( usersTable ) . values ( [
213- { id : 'inv-mismatch' , name : 'X' , email : 'wrong@x.com' , emailVerified : true } ,
214- { id : 'inv-unverified' , name : 'U' , email : 'unverified@x.com' , emailVerified : false } ,
215- ] )
212+ await deps . db . insert ( usersTable ) . values ( { id : 'inv-mismatch' , name : 'X' , email : 'wrong@x.com' , emailVerified : true } )
216213 const { api } = makeApi ( deps )
217214 const a = await api . createInvitation ( { workspaceId : 'ws-1' , email : 'target@x.com' , permissions : 'editor' , invitedByUserId : 'owner-1' , origin : ORIGIN } )
218215 if ( ! a . succeeded ) throw new Error ( 'setup' )
219216 const mismatch = await api . acceptInvitation ( { token : a . value . invitation . token , userId : 'inv-mismatch' } )
220217 expect ( mismatch . succeeded ) . toBe ( false )
221218 if ( ! mismatch . succeeded ) expect ( mismatch . status ) . toBe ( 403 )
219+ } )
222220
221+ it ( 'accepts a matching unverified invitee because the invite token proves inbox access' , async ( ) => {
222+ const deps = await seed ( )
223+ await deps . db . insert ( usersTable ) . values ( { id : 'inv-unverified' , name : 'U' , email : 'unverified@x.com' , emailVerified : false } )
224+ const { api, adds } = makeApi ( deps )
223225 const u = await api . createInvitation ( { workspaceId : 'ws-1' , email : 'unverified@x.com' , permissions : 'editor' , invitedByUserId : 'owner-1' , origin : ORIGIN } )
224226 if ( ! u . succeeded ) throw new Error ( 'setup' )
225- const unverified = await api . acceptInvitation ( { token : u . value . invitation . token , userId : 'inv-unverified' } )
226- expect ( unverified . succeeded ) . toBe ( false )
227- if ( ! unverified . succeeded ) expect ( unverified . status ) . toBe ( 403 )
227+ const accepted = await api . acceptInvitation ( { token : u . value . invitation . token , userId : 'inv-unverified' } )
228+ expect ( accepted . succeeded ) . toBe ( true )
229+ if ( accepted . succeeded ) expect ( accepted . value . workspaceId ) . toBe ( 'ws-1' )
230+ await flushMicrotasks ( )
231+ expect ( adds ) . toEqual ( [ { workspaceId : 'ws-1' , userId : 'inv-unverified' , role : 'editor' } ] )
228232 } )
229233
230234 it ( 'accepts a matching, verified invite → membership created, add sync fired, idempotent' , async ( ) => {
0 commit comments