require a preptoken in Signup

found while writing upcoming tests

Author: mjl-

api.go

@@ -181,10 +181,11 @@ func xcanonicalAddress(email string) string {
 // Signup registers a new account. We send an email for users to verify they
 // control the email address. If we already have a verified account, we send a
 // password reset instead.
-func (API) Signup(ctx context.Context, email string) {
+func (API) Signup(ctx context.Context, prepToken string, email string) {
 	reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)
 
 	xrate(ratelimitSignup, reqInfo.Request)
+	xcheckprep(reqInfo, prepToken)
 
 	email = xcanonicalAddress(email)
 	emailAddr, err := smtp.ParseAddress(email)

api.json

@@ -6,6 +6,12 @@
 			"Name": "Signup",
 			"Docs": "Signup registers a new account. We send an email for users to verify they\ncontrol the email address. If we already have a verified account, we send a\npassword reset instead.",
 			"Params": [
+				{
+					"Name": "prepToken",
+					"Typewords": [
+						"string"
+					]
+				},
 				{
 					"Name": "email",
 					"Typewords": [

api.ts

@@ -216,11 +216,11 @@ export class Client {
 	// Signup registers a new account. We send an email for users to verify they
 	// control the email address. If we already have a verified account, we send a
 	// password reset instead.
-	async Signup(email: string): Promise<void> {
+	async Signup(prepToken: string, email: string): Promise<void> {
 		const fn: string = "Signup"
-		const paramTypes: string[][] = [["string"]]
+		const paramTypes: string[][] = [["string"],["string"]]
 		const returnTypes: string[][] = []
-		const params: any[] = [email]
+		const params: any[] = [prepToken, email]
 		return await _sherpaCall(this.baseURL, this.authState, { ...this.options }, paramTypes, returnTypes, fn, params) as void
 	}
 

index.js

@@ -69,11 +69,11 @@ var api;
 		// Signup registers a new account. We send an email for users to verify they
 		// control the email address. If we already have a verified account, we send a
 		// password reset instead.
-		async Signup(email) {
+		async Signup(prepToken, email) {
 			const fn = "Signup";
-			const paramTypes = [["string"]];
+			const paramTypes = [["string"], ["string"]];
 			const returnTypes = [];
-			const params = [email];
+			const params = [prepToken, email];
 			return await _sherpaCall(this.baseURL, this.authState, { ...this.options }, paramTypes, returnTypes, fn, params);
 		}
 		// SignupEmail returns the email address for a verify token. So we can show it, and
@@ -1291,7 +1291,8 @@ const signup = (home) => {
 			e.stopPropagation();
 			e.preventDefault();
 			await check(fieldset, async () => {
-				await client.Signup(email.value.trim());
+				const prepToken = await client.Prep();
+				await client.Signup(prepToken, email.value.trim());
 				signedup(email.value.trim());
 			});
 		}, fieldset = dom.fieldset(dom.label(style({ display: 'inline' }), 'Email address', ' ', email = dom.input(attr.type('email'), attr.required(''))), ' ', dom.submitbutton('Create account')), dom.p("We'll send you an email with a confirmation link."))),

index.ts

@@ -864,7 +864,8 @@ const signup = (home: api.Home) => {
 								e.preventDefault()
 
 								await check(fieldset, async () => {
-									await client.Signup(email!.value.trim())
+									const prepToken = await client.Prep()
+									await client.Signup(prepToken, email!.value.trim())
 									signedup(email!.value.trim())
 								})
 							},