diff --git a/app/dashboard/views/coupon.py b/app/dashboard/views/coupon.py
index 10d3f3b5..f9918870 100644
--- a/app/dashboard/views/coupon.py
+++ b/app/dashboard/views/coupon.py
@@ -68,9 +68,14 @@ def coupon_route():
                 )
                 return redirect(request.url)
 
-            coupon.used_by_user_id = current_user.id
-            coupon.used = True
-            Session.commit()
+            updated = (
+                Session.query(Coupon)
+                .filter_by(code=code, used=False)
+                .update({"used_by_user_id": current_user.id, "used": True})
+            )
+            if updated != 1:
+                flash("Coupon is not valid", "error")
+                return redirect(request.url)
 
             manual_sub: ManualSubscription = ManualSubscription.get_by(
                 user_id=current_user.id
diff --git a/tests/dashboard/test_coupon.py b/tests/dashboard/test_coupon.py
new file mode 100644
index 00000000..9a12f6d7
--- /dev/null
+++ b/tests/dashboard/test_coupon.py
@@ -0,0 +1,20 @@
+from flask import url_for
+from app.models import Coupon
+from app.utils import random_string
+from tests.utils import login
+
+
+def test_use_coupon(flask_client):
+    user = login(flask_client)
+    code = random_string(10)
+    Coupon.create(code=code, nb_year=1, commit=True)
+
+    r = flask_client.post(
+        url_for("dashboard.coupon_route"),
+        data={"code": code},
+    )
+
+    assert r.status_code == 302
+    coupon = Coupon.get_by(code=code)
+    assert coupon.used
+    assert coupon.used_by_user_id == user.id