createaccount api action didn't handle no token and no cookie

If you made a request to action=createaccount and this was
the first time (so no account creation token had yet been
generated for you) a "nocookiesfornew" error was returned.

This is incorrect, what is supposed to happen in that
case is the api returns what token to use. This is
how users are supposed to request tokens, so the
issue is very confusing.

No release notes since this module was introduced in
this version.

Also removed sessionfailure from possible errors,
as it isn't one (that status triggers the needtoken
result).

Change-Id: Ibfc3879fa89b1e11303aef65feb45a91afc215e6

diff --git a/includes/api/ApiCreateAccount.php b/includes/api/ApiCreateAccount.php
index 7a36ce8..3f059d6 100644 (file)
--- a/includes/api/ApiCreateAccount.php
+++ b/includes/api/ApiCreateAccount.php
@@ -108,8 +108,10 @@ class ApiCreateAccount extends ApiBase {
 
                $apiResult = $this->getResult();
 
-               if( $status->hasMessage( 'sessionfailure' ) ) {
-                       // Token was incorrect, so add it to result, but don't throw an exception.
+               if( $status->hasMessage( 'sessionfailure' ) || $status->hasMessage( 'nocookiesfornew' ) ) {
+                       // Token was incorrect, so add it to result, but don't throw an exception
+                       // since not having the correct token is part of the normal
+                       // flow of events.
                        $result['token'] = LoginForm::getCreateaccountToken();
                        $result['result'] = 'needtoken';
                } elseif( !$status->isOK() ) {
@@ -230,7 +232,6 @@ class ApiCreateAccount extends ApiBase {
        public function getPossibleErrors() {
                $localErrors = array(
                        'wrongpassword',
-                       'sessionfailure',
                        'sorbs_create_account_reason',
                        'noname',
                        'userexists',