Merge pull request #2919 from coreos-inc/joseph.schorr/QS-65/retry-user

Move recaptcha check after the username check

endpoints/api/user.py

@@ -412,18 +412,6 @@ class User(ApiResource):
 
     user_data = request.get_json()
 
-    # If recaptcha is enabled, then verify the user is a human.
-    if features.RECAPTCHA:
-      recaptcha_response = user_data.get('recaptcha_response', '')
-      result = recaptcha2.verify(app.config['RECAPTCHA_SECRET_KEY'],
-                                 recaptcha_response,
-                                 request.remote_addr)
-
-      if not result['success']:
-        return {
-          'message': 'Are you a bot? If not, please revalidate the captcha.'
-        }, 400
-
     invite_code = user_data.get('invite_code', '')
     existing_user = model.user.get_nonrobot_user(user_data['username'])
     if existing_user:
@@ -443,6 +431,18 @@ class User(ApiResource):
     if not can_create_user(user_data.get('email')):
       raise request_error(message='Creation of a user account for this e-mail is disabled; please contact an administrator')
 
+    # If recaptcha is enabled, then verify the user is a human.
+    if features.RECAPTCHA:
+      recaptcha_response = user_data.get('recaptcha_response', '')
+      result = recaptcha2.verify(app.config['RECAPTCHA_SECRET_KEY'],
+                                 recaptcha_response,
+                                 request.remote_addr)
+
+      if not result['success']:
+        return {
+          'message': 'Are you a bot? If not, please revalidate the captcha.'
+        }, 400
+
     try:
       prompts = model.user.get_default_user_prompts(features)
       new_user = model.user.create_user(user_data['username'], user_data['password'],