Index: src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php =================================================================== --- src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php (revision 42205) +++ src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php (working copy) @@ -501,6 +501,11 @@ $user_id = wp_insert_user( wp_slash( (array) $user ) ); if ( is_wp_error( $user_id ) ) { + + if ( in_array( $user_id->get_error_code(), array( 'existing_user_email', 'existing_user_login' ) ) ) { + $user_id->add_data( array( 'status' => 409 ) ); + } + return $user_id; } } Index: src/wp-includes/user.php =================================================================== --- src/wp-includes/user.php (revision 42205) +++ src/wp-includes/user.php (working copy) @@ -1482,8 +1482,23 @@ return new WP_Error( 'user_login_too_long', __( 'Username may not be longer than 60 characters.' ) ); } + $raw_user_email = empty( $userdata['user_email'] ) ? '' : $userdata['user_email']; + + /** + * Filters a user's email before the user is created or updated. + * + * @since 2.0.3 + * + * @param string $raw_user_email The user's email. + */ + $user_email = apply_filters( 'pre_user_email', $raw_user_email ); + if ( ! $update && username_exists( $user_login ) ) { - return new WP_Error( 'existing_user_login', __( 'Sorry, that username already exists!' ) ); + if ( email_exists( $user_email ) ) { + return new WP_Error( 'existing_user_email', __( 'Sorry, that email address is already used!' ) ); + } else { + return new WP_Error( 'existing_user_login', __( 'Sorry, that username already exists!' ) ); + } } /** @@ -1537,17 +1552,6 @@ */ $user_url = apply_filters( 'pre_user_url', $raw_user_url ); - $raw_user_email = empty( $userdata['user_email'] ) ? '' : $userdata['user_email']; - - /** - * Filters a user's email before the user is created or updated. - * - * @since 2.0.3 - * - * @param string $raw_user_email The user's email. - */ - $user_email = apply_filters( 'pre_user_email', $raw_user_email ); - /* * If there is no update, just check for `email_exists`. If there is an update, * check if current email and new email are the same, or not, and check `email_exists` Index: tests/phpunit/tests/rest-api/rest-users-controller.php =================================================================== --- tests/phpunit/tests/rest-api/rest-users-controller.php (revision 42205) +++ tests/phpunit/tests/rest-api/rest-users-controller.php (working copy) @@ -1160,6 +1160,46 @@ $this->check_add_edit_user_response( $response ); } + /*** + * @ticket 41672 + */ + public function test_json_create_user_with_existing_username_or_email() { + $this->allow_user_to_manage_multisite(); + wp_set_current_user( self::$user ); + + $params = array( + 'username' => 'testjsonuser', + 'password' => 'testjsonpassword', + 'email' => 'testjson@example.com', + ); + + $request = new WP_REST_Request( 'POST', '/wp/v2/users' ); + $request->add_header( 'content-type', 'application/json' ); + $request->set_body( wp_json_encode( $params ) ); + + $response = $this->server->dispatch( $request ); + $this->check_add_edit_user_response( $response ); + + // Make request again, expecting existing_user_email response + $response = $this->server->dispatch( $request ); + $this->assertErrorResponse( 'existing_user_email', $response, 409 ); + + // Make request again, expecting existing_user_login response + $params = array( + 'username' => 'testjsonuser', + 'password' => 'testjsonpassword', + 'email' => 'testjson1@example.com', + ); + + $request = new WP_REST_Request( 'POST', '/wp/v2/users' ); + $request->add_header( 'content-type', 'application/json' ); + $request->set_body( wp_json_encode( $params ) ); + + $response = $this->server->dispatch( $request ); + $this->assertErrorResponse( 'existing_user_login', $response, 409 ); + + } + public function test_create_user_without_permission() { wp_set_current_user( self::$editor );