Make token creation check that the user exists

lib/Database.php

@@ -392,6 +392,8 @@ class Database {
         // If the user isn't authorized to perform this action then throw an exception.
         if (!Arsse::$user->authorize($user, __FUNCTION__)) {
             throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
+        } elseif (!$this->userExists($user)) {
+            throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]);
         }
         // generate a token if it's not provided
         $id = $id ?? UUID::mint()->hex;

tests/cases/Database/SeriesToken.php

@@ -96,6 +96,11 @@ trait SeriesToken {
         $this->compareExpectations($state);
     }
 
+    public function testCreateATokenForAMissingUser() {
+        $this->assertException("doesNotExist", "User");
+        Arsse::$db->tokenCreate("fever.login", "jane.doe@example.biz");
+    }
+
     public function testCreateATokenWithoutAuthority() {
         Phake::when(Arsse::$user)->authorize->thenReturn(false);
         $this->assertException("notAuthorized", "User", "ExceptionAuthz");