Make WordPress Core

Opened 7 weeks ago

Last modified 5 weeks ago

#62577 new defect (bug)

WordPress Rest API broken in 6.7.1

Reported by: doingsomewordpress's profile DoingSomeWordpress Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 6.7.1
Component: REST API Keywords: close reporter-feedback
Focuses: rest-api Cc:

Description

The rest API /?rest_route=/wp/v2/users/me
returns 502 bad gateway in 6.7.1
Downgrading to 6.6.2 fixes the issue.
All plugins are up to date in both versions.

Attachments (2)

Screenshot 2024-11-27 at 2.18.44 PM.png (230.3 KB) - added by DoingSomeWordpress 7 weeks ago.
Screenshot 2024-11-27 at 2.20.00 PM.png (231.1 KB) - added by DoingSomeWordpress 7 weeks ago.

Download all attachments as: .zip

Change History (10)

#1 @sainathpoojary
7 weeks ago

Reproduction Report

Description

This report validates whether the issue can be reproduced.

Environment

  • WordPress: 6.7.1
  • PHP: 8.1.29
  • Server: nginx/1.16.0
  • Database: mysqli (Server: 8.0.16 / Client: mysqlnd 8.1.29)
  • Browser: Chrome 131.0.0.0
  • OS: macOS
  • Theme: Twenty Twenty-Five 1.0
  • MU Plugins: None activated
  • Plugins: Test Reports 1.2.0

Actual Results

❌ Error didn't condition occurs.

Supplemental Artifacts

6.7.1:
https://utfs.io/f/PL8E4NiPUWyOGD59UKNEeschquBM6yNU3LCFxWSw4rTfmliR
6.6.1:
https://utfs.io/f/PL8E4NiPUWyOyOwTo0urklRUAJtWNBdDhG4x38K5vZL2FHcf

Last edited 7 weeks ago by sainathpoojary (previous) (diff)

#2 @antonvlasenko
7 weeks ago

  • Focuses rest-api added
  • Keywords reporter-feedback added

Reproduction Report

Environment

  • OS: macOS 14.7
  • Web Server: Apache 2.x
  • PHP: 8.3.3
  • WordPress: 6.8-alpha-59274-src
  • Browser: Safari 18.0
  • Theme: Twenty Twenty-Four
  • Active Plugins: None

Actual Results

  • ❌ The /wp/v2/users/me REST API endpoint is working.

Supplemental Artifacts

https://cldup.com/lNECoLI_tc.png

Last edited 7 weeks ago by antonvlasenko (previous) (diff)

#3 follow-up: @mayanktripathi32
7 weeks ago

  • Keywords dev-feedback needs-testing added

Reproduction Report

This report validates that the issue can be reproduced but found mixed results. I Think we need to test more.

This report validates that the issue can not be reproduced.

Environment

  • OS: macOS 14.7.1
  • PHP: 8.3
  • WordPress: 6.7.1
  • Browser: Chrome Version 130.0.6723.117 (Official Build) (arm64)
  • Theme: Twenty Twenty-Five
  • Active Plugins:
    • Gutenberg 13.2.0

Actual Results

  • Mixed: Works with postman but does not work on browser when logged in.
  • ❌ Works as expected for me.

Additional Notes

  • Worked with postman when using basic auth.
  • Worked with postman when using JWT.
  • Does not work as expected on browser.

Supplemental Artifacts

Works with postman: https://utfs.io/f/Wgl9eBAmTj29DTe5B5E9O3LjigMnKlJx2AvwtoUc0hWd7yz4
Does not work on browser (logged in) Expected Behaviour:
https://utfs.io/f/Wgl9eBAmTj295Opf5wKlb24KmM5cSCHBtOhI1wWex6krigsR

Last edited 7 weeks ago by mayanktripathi32 (previous) (diff)

#4 in reply to: ↑ 3 ; follow-up: @antonvlasenko
7 weeks ago

Replying to mayanktripathi32:

  • Does not work as expected on browser.

I believe this is expected behavior because, in this case, the REST API server doesn't know the identity of the user making the request (e.g., who /me refers to).
For the request to work, a cookie, authorization headers, or an alternative authentication method provided by a plugin must be used.
I also tested this in WP Playground, and the behavior is consistent between WordPress 6.6 and 6.7 (6.7.1 was not available at the time of testing).

#5 in reply to: ↑ 4 @mayanktripathi32
7 weeks ago

  • Keywords needs-screenshots added; dev-feedback needs-testing removed
  • Severity changed from critical to normal

Replying to antonvlasenko:

Replying to mayanktripathi32:

  • Does not work as expected on browser.

I believe this is expected behavior because, in this case, the REST API server doesn't know the identity of the user making the request (e.g., who /me refers to).
For the request to work, a cookie, authorization headers, or an alternative authentication method provided by a plugin must be used.
I also tested this in WP Playground, and the behavior is consistent between WordPress 6.6 and 6.7 (6.7.1 was not available at the time of testing).

Understood. In that case, I will update the report to works as expected in 6.7.1 ✅

@DoingSomeWordpress Could you provide us with more information regarding the error? Any logs & screenshots would be helpful.

#6 @DoingSomeWordpress
7 weeks ago

Hi, after some more testing, I realized that I was calling the REST API using an admin account. After re-testing 6.7.1 with a different Subscriber account (or any non-admin role), it works fine. However, the admin role is still returning a 502 bad gateway. This worked fine on 6.6.2.

I attached 2 screenshots to the ticket from postman. I do use the latest version of the Simple JWT Login plugin here https://wordpress.org/plugins/simple-jwt-login/ to generate the JWT token, then pass that to the /me endpoint through the Authorization header.

#7 @DoingSomeWordpress
7 weeks ago

  • Keywords reporter-feedback needs-screenshots removed

#8 @antonvlasenko
5 weeks ago

  • Keywords close reporter-feedback added

Reproduction Report

Environment

  • OS: macOS 14.7
  • Web Server: Apache 2.x
  • PHP: 8.4.1
  • WordPress: 6.7.2-alpha-59487
  • Browser: Safari 18.0
  • Theme: Twenty Twenty-Four
  • Active Plugins: Simple JWT

Actual Results

  • ❌ The ?rest_route=/wp/v2/users/me REST API endpoint is working.

Supplemental Artifacts

https://cldup.com/vQK873r3OQ.png

Additional information

I cannot reproduce this bug.

@DoingSomeWordpress
From what I understand while working on this ticket (this is my personal observation and should not be considered technical support), you need to enable auto-login and specify the JWT parameter key (such as email) in the plugin's settings in order to use the /me endpoint.
This is because your JWT token must contain user information, and existing tokens need to be refreshed if they don’t include that information.

Configuring third-party plugins is beyond the scope of Core Trac, so I’m marking this ticket as a close candidate.
Please feel free to provide any additional information that can help link this issue to WordPress Core specifically, rather than the Simple JWT plugin, so it can be addressed here. Otherwise, it’s best to contact Simple JWT plugin support.
Thank you for your understanding.

Last edited 5 weeks ago by antonvlasenko (previous) (diff)
Note: See TracTickets for help on using tickets.