From c1378f5645234f066ca72de34f835381d66a7cf9 Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Sat, 9 Mar 2013 06:40:13 -0400
Subject: [PATCH] Handle certain errors in action=createaccount api module

Certain errors (user blocked, user doesn't have permission)
were causing uncaught exceptions to be thrown in this api module.
Try to check for those cases first. Also added some errors
to the possible error list.

Change-Id: Id86984ade23a818317b942de3e9cf0ccdb43fba7
---
 includes/api/ApiCreateAccount.php | 36 +++++++++++++++++++++++++++----
 1 file changed, 32 insertions(+), 4 deletions(-)

diff --git a/includes/api/ApiCreateAccount.php b/includes/api/ApiCreateAccount.php
index 3f059d6f60..55c60cce2e 100644
--- a/includes/api/ApiCreateAccount.php
+++ b/includes/api/ApiCreateAccount.php
@@ -29,6 +29,18 @@
  */
 class ApiCreateAccount extends ApiBase {
 	public function execute() {
+
+		// $loginForm->addNewaccountInternal will throw exceptions
+		// if wiki is read only (already handled by api), user is blocked or does not have rights.
+		// Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
+		$loginTitle = SpecialPage::getTitleFor( 'Userlogin' );
+		if ( !$loginTitle->userCan( 'createaccount', $this->getUser() ) ) {
+			$this->dieUsage( 'You do not have the right to create a new account', 'permdenied-createaccount' );
+		}
+		if ( $this->getUser()->isBlockedFromCreateAccount() ) {
+			$this->dieUsage( 'You cannot create a new account because you are blocked', 'blocked' );
+		}
+
 		$params = $this->extractRequestParams();
 
 		$result = array();
@@ -230,16 +242,19 @@ class ApiCreateAccount extends ApiBase {
 	}
 
 	public function getPossibleErrors() {
+		// Note the following errors aren't possible and don't need to be listed:
+		// sessionfailure, nocookiesfornew, badretype
 		$localErrors = array(
-			'wrongpassword',
+			'wrongpassword', // Actually caused by wrong domain field. Riddle me that...
 			'sorbs_create_account_reason',
 			'noname',
 			'userexists',
-			'password-name-match',
-			'password-login-forbidden',
+			'password-name-match', // from User::getPasswordValidity
+			'password-login-forbidden', // from User::getPasswordValidity
 			'noemailtitle',
 			'invalidemailaddress',
-			'externaldberror'
+			'externaldberror',
+			'acct_creation_throttle_hit',
 		);
 
 		$errors = parent::getPossibleErrors();
@@ -248,6 +263,19 @@ class ApiCreateAccount extends ApiBase {
 			$errors[] = array( 'code' => $error, 'info' => wfMessage( $error )->parse() );
 		}
 
+		$errors[] = array(
+			'code' => 'permdenied-createaccount',
+			'info' => 'You do not have the right to create a new account'
+		);
+		$errors[] = array(
+			'code' => 'blocked',
+			'info' => 'You cannot create a new account because you are blocked'
+		);
+		$errors[] = array(
+			'code' => 'aborted',
+			'info' => 'Account creation aborted by hook (info may vary)'
+		);
+
 		// 'passwordtooshort' has parameters. :(
 		global $wgMinimalPasswordLength;
 		$errors[] = array(
-- 
2.20.1