WooCommerce Shop Manager role "Sorry, you are not allowed to do that" error when entering auth code for TOTP

[briantetrault]

Describe the bug

Issue with shop_manager enabling TOTP. After scanning QR code and entering the 6 digit auth code to initially enable, an error occurs saying "Sorry, you are not allowed to do that".

I am using User Role Editor, and have ensured the "Edit Users" capability is indeed enabled (along with all other pertinent items). I've also ensured that the REST API is enabled for all users in it's default state. Works as it should for admin role.

Console shows error:
Failed to load resource: the server responded with a status of 403 () for /wp-json/two-factor/1.0/totp

When clicking link in console, following code appears:
{"code":"rest_no_route","message":"No route was found matching the URL and request method.","data":{"status":404}}

Hosted on Kinsta using CDN, server caching + edge caching (CloudFlare).
Tested with all plugins deactiavted besides Two Factor and WC core + defualt Twenty Twenty-Three theme.

Steps to Reproduce

1. Create new user with WooCommerce shop_manager role
2. Login as that user
3. Navigate to Users>Profile>Two-Factor Options
4. Scan QR Code
5. Enter Authentication Code
6. Click Submit

Screenshots, screen recording, code snippet

No response

Environment information

WordPress Environment

WC Version: 7.9.0
REST API Version: ✔ 7.9.0
WC Blocks Version: ✔ 10.4.6
Action Scheduler Version: ✔ 3.6.1
Log Directory Writable: ✔
WP Version: 6.2.2
WP Multisite: –
WP Memory Limit: 512 MB
WP Debug Mode: –
WP Cron: –
Language: en_US
External object cache: –

Server Environment

Server Info: nginx/1.24.0
PHP Version: 8.2.6
PHP Post Max Size: 128 MB
PHP Time Limit: 300
PHP Max Input Vars: 10000
cURL Version: 7.68.0
OpenSSL/1.1.1f

SUHOSIN Installed: –
MySQL Version: 10.5.18-MariaDB-1:10.5.18+maria~ubu2004
Max Upload Size: 128 MB
Default Timezone is UTC: ✔
fsockopen/cURL: ✔
SoapClient: ✔
DOMDocument: ✔
GZip: ✔
Multibyte String: ✔
Remote Post: ✔
Remote Get: ✔

Active Plugins (50)

Gravity Perks: by Gravity Wiz – 2.3.2
Gravity Forms: by Gravity Forms – 2.7.11
Adminimize: by Frank Bültge – 1.11.9
Advanced Database Cleaner PRO: by Younes JFR. – 3.2.2
Advanced Dynamic Pricing for WooCommerce (Pro): by AlgolPlus – 4.4.2
Advanced Shipment Tracking Pro: by zorem – 3.1
WooCommerce Enable Free Shipping on a Per Product Basis: by Patrick Rauland & eugenf – 1.0.2
GenerateBlocks Pro: by Tom Usborne – 1.6.0
GenerateBlocks: by Tom Usborne – 1.8.1
Gravity Forms Image Choices: by JetSloth – 1.4.3
GP Google Sheets: by Gravity Wiz – 1.0-beta-2.6
GP Limit Submissions: by Gravity Wiz – 1.1.11
GP Multi-page Navigation: by Gravity Wiz – 1.2.2
GP Populate Anything: by Gravity Wiz – 1.2.56
GP Premium: by Tom Usborne – 2.3.1
Gravity Forms Mailchimp Add-On: by Gravity Forms – 5.2.0
Gravity Forms Survey Add-On: by Gravity Forms – 3.8
Gravity Forms User Registration Add-On: by Gravity Forms – 5.1
GP Limit Checkboxes: by Gravity Wiz – 1.3.12
Invoice Gateway For WooCommerce: by Rymera Web Co – 1.1.2
Kadence WooCommerce Email Designer: by Kadence WP – 1.5.11
Mailchimp for WooCommerce: by Mailchimp – 3.1
Metorik Helper: by Metorik – 1.6.3
Perfmatters: by forgemedia – 2.1.3
PFD Image Assets: by – 1.0
Relevanssi: by Mikko Saari – 4.20.0
Safe SVG: by 10up – 2.1.1
Rank Math SEO: by Rank Math – 1.0.120
Simple Cloudflare Turnstile: by Elliot Sowersby
RelyWP – 1.22.1

Two Pines Custom Functions: by Two Pines LLC – 1.0
PFD Tukios API: by – 1.0
Two Factor: by Plugin Contributors – 0.8.1
User Role Editor: by Vladimir Garagulya – 4.63.3
WC Duplicate Order: by Jamie Gill – 1.7
Woo Custom Stock Status: by Softound Solutions – 1.3.7
Payment Plugins for Stripe WooCommerce: by Payment Plugins
[email protected] – 3.3.44

Variation Swatches for WooCommerce - Pro: by Emran Ahmed – 2.0.23
Variation Swatches for WooCommerce: by Emran Ahmed – 2.0.24
WooCommerce AJAX Products Filter: by BeRocket – 3.1.4.4
Checkout Field Editor for WooCommerce (Pro): by ThemeHigh – 3.5.1
WooCommerce Gravity Forms Product Add-Ons: by Element Stark – 3.5.0
WooCommerce Order Status Manager: by SkyVerge – 1.15.2
WooCommerce PayPal Payments: by WooCommerce – 2.2.0
PDF Invoices & Packing Slips for WooCommerce: by WP Overnight – 3.5.6
WooCommerce Role Based Methods: by WPBackOffice – 2.5.0
WooCommerce UPS Shipping: by WooCommerce – 3.5.1
WooCommerce - ShipStation Integration: by WooCommerce – 4.3.7
WooCommerce Smart Coupons: by StoreApps – 8.2.0
WooCommerce: by Automattic – 7.9.0
WP Mail SMTP Pro: by WP Mail SMTP – 3.8.2

Please confirm that you have searched existing issues in this repository.

Yes

Please confirm that you have tested with all plugins deactivated except Two-Factor.

Yes

[dd32]

Hello, this has been fixed via #557 but is currently pending a new release to be made - #570