Missing script dependency: Uncaught TypeError: wp.apiRequest is not a function

Question

Missing script dependency: Uncaught TypeError: wp.apiRequest is not a function

Closed this issue 2 years ago · 3 comments

Describe the bug

In the profile.php/users.php pages, both the TOTP and Backup Codes providers have an implicit dependency on the core 'wp-api-request' script. wp.apiRequest( is utilized for both to perform actions to generate or reset the methods. This dependency was introduced in be5c0a9#diff-e290bc16d5fdda67b5305bcbc2980a79b7fd1db9aeeb30d44e45510fbd08a751R358 and 4d3cb4f#diff-69add38e41f66d3a63f57e8b385442aeb0199b456bf9692bc5c1778d49d40057R192

Normally, the library is enqueued by WordPress core in user-edit.php as a dependency of 'application-passwords':

if ( wp_is_application_passwords_available_for_user( $user_id ) ) {
	wp_enqueue_script( 'application-passwords' );
}

Unfortunately, if a site has disabled application passwords the 'wp-api-request' is no longer enqueued and provider actions fail with no error handling: Uncaught TypeError: wp.apiRequest is not a function

Steps to Reproduce

add_filter( 'wp_is_application_passwords_available', '__return_false' );
Attempt to reset TOTP, or generate backup codes
Observe error in console.

Screenshots, screen recording, code snippet

Required code snippet to trigger bug:

/**
 * Turn off Application Passwords.
 */
add_filter( 'wp_is_application_passwords_available', '__return_false' );

Environment information

WordPress 6.1.1, plugin version 0.8.1
FF/Chrome/any
Desktop Win 11

Please confirm that you have searched existing issues in this repository.

Yes

Please confirm that you have tested with all plugins deactivated except Two-Factor.

No

Answer 1 · 2023-04-27T20:41:41.000Z

My current workaround is to enqueue the script myself on the profile.php/users.php page:

/**
 * Fix bug in Two Factor when Application Passwords are disabled.
 * 
 * @link https://github.com/WordPress/two-factor/issues/558 -- Bug report
 * 
 * @action show_user_profile
 * @action edit_user_profile
 */
function two_factor_fix_wp_api_request_dependency() {
	wp_enqueue_script( 'wp-api-request' );
}
add_action( 'show_user_profile', 'two_factor_fix_wp_api_request_dependency' );
add_action( 'edit_user_profile', 'two_factor_fix_wp_api_request_dependency' );

Answer 2 · 2023-04-28T07:33:05.000Z

Thanks for the report @dougaxe1 - this is definitely not intended and will be fixed in the next release.

Answer 3 · 2023-08-28T21:44:26.000Z

Thanks for this fix. I just needed to implement it on a new site. It took care of the issue, for now.