When a person is trying to create a new account it should check for a block cookie and if such a cookie indicates the person is actively blocked (with account creation disabled), it should prevent them from creating an account (with normal autoblock treatment). If the user isn't blocked, it should allow the user to create the account as normal. It should use basically the same logic as the Editing check (https://gerrit.wikimedia.org/r/#/c/48029/).
- Can this be implemented in one place to affect desktop login, app login, and API login?
- If not, where are the different end points that would need to be targetted?
- Do we need to target all 3 endpoints if they're separate? i.e. does it makes sense to target API login?