#Description
I create a coupon only for one user and a one-time use coupon.
Then create two users, and both of them can use the coupon, but only one of them should be able to use the coupon.
first, create a one-time and one-user coupon code that, e.g. is aaaaa
.
the attacker has two customers accounts with names A and B.
both A and B add a product ( can be different ) to their carts and they will see a window that they can enter the aaaaa
coupon on it. they enter the coupon code on it and they should not click on `Proceed to Checkout.
after that both A and B enter the coupon then they click on Proceed to Checkout
and we see that the coupon is used twice.